1 /* op.c - relay backend operations */
3 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
5 * Copyright 2004-2009 The OpenLDAP Foundation.
6 * Portions Copyright 2004 Pierangelo Masarati.
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted only as authorized by the OpenLDAP
13 * A copy of this license is available in the file LICENSE in the
14 * top-level directory of the distribution or, alternatively, at
15 * <http://www.OpenLDAP.org/license.html>.
18 * This work was initially developed by Pierangelo Masarati for inclusion
19 * in OpenLDAP Software.
27 #include "back-relay.h"
29 /* Results when no real database (.rf_bd) or operation handler (.rf_op) */
30 static const struct relay_fail_modes_s {
31 slap_mask_t rf_bd, rf_op;
32 #define RB_ERR_MASK 0x0000FFFFU /* bitmask for default return value */
33 #define RB_BDERR 0x80000000U /* use .rf_bd's default return value */
34 #define RB_OPERR 0x40000000U /* set rs->sr_err = .rf_op return value */
35 #define RB_REF 0x20000000U /* use default_referral if available */
36 #define RB_SEND 0x10000000U /* send result; RB_??ERR is also set */
37 #define RB_SENDREF 0/*unused*/ /* like RB_SEND when referral found */
38 #define RB_NO_BIND (RB_OPERR | LDAP_INVALID_CREDENTIALS)
39 #define RB_NOT_SUPP (RB_OPERR | LDAP_UNWILLING_TO_PERFORM)
40 #define RB_NO_OBJ (RB_REF | LDAP_NO_SUCH_OBJECT)
41 #define RB_CHK_REF (RB_REF | RB_SENDREF | LDAP_SUCCESS)
42 } relay_fail_modes[relay_op_last] = {
43 /* .rf_bd is unused when zero, otherwise both fields have RB_BDERR */
44 # define RB_OP(b, o) { (b) | RB_BD2ERR(b), (o) | RB_BD2ERR(b) }
45 # define RB_BD2ERR(b) ((b) ? RB_BDERR : 0)
46 /* indexed by slap_operation_t: */
47 RB_OP(RB_NO_BIND|RB_SEND, RB_NO_BIND |RB_SEND), /* Bind */
48 RB_OP(0, LDAP_SUCCESS), /* Unbind: unused */
49 RB_OP(RB_NO_OBJ |RB_SEND, RB_NOT_SUPP |RB_SEND), /* Search */
50 RB_OP(RB_NO_OBJ |RB_SEND, SLAP_CB_CONTINUE), /* Compare */
51 RB_OP(RB_NO_OBJ |RB_SEND, RB_NOT_SUPP |RB_SEND), /* Modify */
52 RB_OP(RB_NO_OBJ |RB_SEND, RB_NOT_SUPP |RB_SEND), /* Modrdn */
53 RB_OP(RB_NO_OBJ |RB_SEND, RB_NOT_SUPP |RB_SEND), /* Add */
54 RB_OP(RB_NO_OBJ |RB_SEND, RB_NOT_SUPP |RB_SEND), /* Delete */
55 RB_OP(0, LDAP_SUCCESS), /* Abandon:unused */
56 RB_OP(RB_NO_OBJ, RB_NOT_SUPP), /* Extended */
57 RB_OP(0, SLAP_CB_CONTINUE), /* Cancel: unused */
58 RB_OP(0, LDAP_SUCCESS), /* operational */
59 RB_OP(RB_CHK_REF, LDAP_SUCCESS), /* chk_referrals:unused*/
60 RB_OP(0, SLAP_CB_CONTINUE),/* chk_controls:unused */
61 /* additional relay_operation_t indexes from back-relay.h: */
62 RB_OP(0, 0/*unused*/), /* entry_get = op_last */
63 RB_OP(0, 0/*unused*/), /* entry_release */
64 RB_OP(0, 0/*unused*/), /* has_subordinates */
68 * Callbacks: Caller set op->o_bd to underlying BackendDB and sc_private
69 * to Relay BackendDB. sc_response swaps them, sc_cleanup swaps them back.
72 relay_back_swap_bd( Operation *op, SlapReply *rs )
74 slap_callback *cb = op->o_callback;
75 BackendDB *be = op->o_bd;
77 op->o_bd = cb->sc_private;
80 return SLAP_CB_CONTINUE;
83 #define relay_back_add_cb( cb, op ) \
85 (cb)->sc_next = (op)->o_callback; \
86 (cb)->sc_response = relay_back_swap_bd; \
87 (cb)->sc_cleanup = relay_back_swap_bd; \
88 (cb)->sc_private = (op)->o_bd; \
89 (op)->o_callback = (cb); \
93 * Select the backend database with the operation's DN. On failure,
94 * set/send results depending on operation type <which>'s fail_modes.
97 relay_back_select_backend( Operation *op, SlapReply *rs, int which )
100 char *key = (char *) op->o_bd->be_private;
101 BackendDB *bd = ((relay_back_info *) key)->ri_bd;
102 slap_mask_t fail_mode = relay_fail_modes[which].rf_bd;
103 int useDN = 0, rc = ( fail_mode & RB_ERR_MASK );
105 if ( bd == NULL && !BER_BVISNULL( &op->o_req_ndn ) ) {
107 bd = select_backend( &op->o_req_ndn, 1 );
111 key += which; /* <relay, op type> key from RELAY_WRAP_OP() */
112 LDAP_SLIST_FOREACH( oex, &op->o_extra, oe_next ) {
113 if ( oex->oe_key == key )
121 Debug( LDAP_DEBUG_ANY,
122 "%s: back-relay for DN=\"%s\" would call self.\n",
123 op->o_log_prefix, op->o_req_dn.bv_val, 0 );
125 } else if ( useDN && ( fail_mode & RB_REF ) && default_referral ) {
128 /* if we set sr_err to LDAP_REFERRAL, we must provide one */
129 rs->sr_ref = referral_rewrite(
130 default_referral, NULL, &op->o_req_dn,
131 op->o_tag == LDAP_REQ_SEARCH ?
132 op->ors_scope : LDAP_SCOPE_DEFAULT );
133 if ( rs->sr_ref != NULL ) {
134 rs->sr_flags |= REP_REF_MUSTBEFREED;
136 rs->sr_ref = default_referral;
139 if ( fail_mode & RB_SENDREF )
140 fail_mode = (RB_BDERR | RB_SEND);
143 if ( fail_mode & RB_BDERR ) {
145 if ( fail_mode & RB_SEND ) {
146 send_ldap_result( op, rs );
154 * Forward <act> on <op> to database <bd>, with <relay, op type>-specific
155 * key in op->o_extra so relay_back_select_backend() can catch recursion.
157 #define RELAY_WRAP_OP( op, bd, which, act ) { \
158 OpExtraDB wrap_oex; \
159 BackendDB *const wrap_bd = (op)->o_bd; \
160 wrap_oex.oe_db = wrap_bd; \
161 wrap_oex.oe.oe_key = (char *) wrap_bd->be_private + (which); \
162 LDAP_SLIST_INSERT_HEAD( &(op)->o_extra, &wrap_oex.oe, oe_next ); \
165 (op)->o_bd = wrap_bd; \
166 LDAP_SLIST_REMOVE( &(op)->o_extra, &wrap_oex.oe, OpExtra, oe_next ); \
170 * Forward backend function #<which> on <op> to operation DN's database
171 * like RELAY_WRAP_OP, after setting up callbacks. If no database or no
172 * backend function, set/send results depending on <which>'s fail_modes.
175 relay_back_op( Operation *op, SlapReply *rs, int which )
179 slap_mask_t fail_mode = relay_fail_modes[which].rf_op;
180 int rc = ( fail_mode & RB_ERR_MASK );
182 bd = relay_back_select_backend( op, rs, which );
184 if ( fail_mode & RB_BDERR )
185 return rs->sr_err; /* sr_err was set above */
187 } else if ( (func = (&bd->be_bind)[which]) != 0 ) {
190 relay_back_add_cb( &cb, op );
192 RELAY_WRAP_OP( op, bd, which, {
196 if ( op->o_callback == &cb ) {
197 op->o_callback = op->o_callback->sc_next;
200 } else if ( fail_mode & RB_OPERR ) {
202 if ( rc == LDAP_UNWILLING_TO_PERFORM ) {
203 rs->sr_text = "operation not supported within naming context";
206 if ( fail_mode & RB_SEND ) {
207 send_ldap_result( op, rs );
216 relay_back_op_bind( Operation *op, SlapReply *rs )
218 /* allow rootdn as a means to auth without the need to actually
219 * contact the proxied DSA */
220 switch ( be_rootdn_bind( op, rs ) ) {
221 case SLAP_CB_CONTINUE:
228 return relay_back_op( op, rs, op_bind );
231 #define RELAY_DEFOP(func, which) \
232 int func( Operation *op, SlapReply *rs ) \
233 { return relay_back_op( op, rs, which ); }
235 RELAY_DEFOP( relay_back_op_search, op_search )
236 RELAY_DEFOP( relay_back_op_compare, op_compare )
237 RELAY_DEFOP( relay_back_op_modify, op_modify )
238 RELAY_DEFOP( relay_back_op_modrdn, op_modrdn )
239 RELAY_DEFOP( relay_back_op_add, op_add )
240 RELAY_DEFOP( relay_back_op_delete, op_delete )
241 RELAY_DEFOP( relay_back_op_extended, op_extended )
242 RELAY_DEFOP( relay_back_operational, op_aux_operational )
244 /* Abandon, Cancel, Unbind and some DN-less calls like be_connection_init
245 * need no extra handling: slapd already calls them for all databases.
250 relay_back_entry_release_rw( Operation *op, Entry *e, int rw )
253 int rc = LDAP_UNWILLING_TO_PERFORM;
255 bd = relay_back_select_backend( op, NULL, relay_op_entry_release );
256 if ( bd && bd->be_release ) {
257 RELAY_WRAP_OP( op, bd, relay_op_entry_release, {
258 rc = bd->be_release( op, e, rw );
260 } else if ( e->e_private == NULL ) {
269 relay_back_entry_get_rw( Operation *op, struct berval *ndn,
270 ObjectClass *oc, AttributeDescription *at, int rw, Entry **e )
273 int rc = LDAP_NO_SUCH_OBJECT;
275 bd = relay_back_select_backend( op, NULL, relay_op_entry_get );
276 if ( bd && bd->be_fetch ) {
277 RELAY_WRAP_OP( op, bd, relay_op_entry_get, {
278 rc = bd->be_fetch( op, ndn, oc, at, rw, e );
287 * NOTE: even the existence of this function is questionable: we cannot
288 * pass the bi_chk_referrals() call thru the rwm overlay because there
289 * is no way to rewrite the req_dn back; but then relay_back_chk_referrals()
290 * is passing the target database a DN that likely does not belong to its
291 * naming context... mmmh.
293 RELAY_DEFOP( relay_back_chk_referrals, op_aux_chk_referrals )
297 relay_back_has_subordinates( Operation *op, Entry *e, int *hasSubs )
302 bd = relay_back_select_backend( op, NULL, relay_op_has_subordinates );
303 if ( bd && bd->be_has_subordinates ) {
304 RELAY_WRAP_OP( op, bd, relay_op_has_subordinates, {
305 rc = bd->be_has_subordinates( op, e, hasSubs );
314 * FIXME: must implement tools as well