1 /* chain.c - chain LDAP operations */
3 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
5 * Copyright 2003-2004 The OpenLDAP Foundation.
6 * Portions Copyright 2003 Howard Chu.
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted only as authorized by the OpenLDAP
13 * A copy of this license is available in the file LICENSE in the
14 * top-level directory of the distribution or, alternatively, at
15 * <http://www.OpenLDAP.org/license.html>.
18 * This work was initially developed by the Howard Chu for inclusion
19 * in OpenLDAP Software.
24 #if defined(SLAPD_LDAP)
26 #ifdef SLAPD_OVER_CHAIN
30 #include <ac/string.h>
31 #include <ac/socket.h>
34 #include "../back-ldap/back-ldap.h"
36 static BackendInfo *lback;
39 ldap_chain_chk_referrals( Operation *op, SlapReply *rs )
45 ldap_chain_response( Operation *op, SlapReply *rs )
47 slap_overinst *on = (slap_overinst *) op->o_bd->bd_info;
48 void *private = op->o_bd->be_private;
49 slap_callback *sc = op->o_callback;
50 LDAPControl **prev = op->o_ctrls;
51 LDAPControl **ctrls = NULL, authz;
52 int i, nctrls, rc = 0;
53 int cache = op->o_do_not_cache;
56 struct berval ndn = op->o_ndn;
58 struct ldapinfo li, *lip = (struct ldapinfo *)on->on_bi.bi_private;
60 if ( rs->sr_err != LDAP_REFERRAL && rs->sr_type != REP_SEARCHREF )
61 return SLAP_CB_CONTINUE;
66 op->o_callback = NULL;
68 if ( lip->url == NULL ) {
70 op->o_bd->be_private = &li;
72 if ( rs->sr_type != REP_SEARCHREF ) {
76 /* parse reference and use proto://[host][:port]/ only */
77 rc = ldap_url_parse_ext( ref[0].bv_val, &srv );
78 if ( rc != LDAP_SUCCESS) {
83 /* remove DN essentially because later on
84 * ldap_initialize() will parse the URL
85 * as a comma-separated URL list */
86 save_dn = srv->lud_dn;
88 li.url = ldap_url_desc2str( srv );
89 if ( li.url == NULL ) {
91 srv->lud_dn = save_dn;
92 ldap_free_urldesc( srv );
96 srv->lud_dn = save_dn;
97 ldap_free_urldesc( srv );
101 op->o_bd->be_private = on->on_bi.bi_private;
104 /* Chaining is performed by a privileged user on behalf
105 * of a normal user, using the ProxyAuthz control. However,
106 * Binds are done separately, on an anonymous session.
108 if ( op->o_tag != LDAP_REQ_BIND ) {
109 for (i=0; prev && prev[i]; i++);
112 /* Add an extra NULL slot */
115 ctrls = op->o_tmpalloc((i+1)*sizeof(LDAPControl *),
117 for (i=0; i <nctrls; i++)
119 ctrls[nctrls] = &authz;
120 ctrls[nctrls+1] = NULL;
121 authz.ldctl_oid = LDAP_CONTROL_PROXY_AUTHZ;
122 authz.ldctl_iscritical = 1;
123 authz.ldctl_value = op->o_dn;
124 if ( op->o_dn.bv_len ) {
125 authzid = op->o_tmpalloc( op->o_dn.bv_len + sizeof("dn:") - 1,
127 strcpy(authzid, "dn:");
128 strcpy(authzid + sizeof("dn:") - 1, op->o_dn.bv_val);
129 authz.ldctl_value.bv_len = op->o_dn.bv_len + sizeof("dn:") - 1;
130 authz.ldctl_value.bv_val = authzid;
133 op->o_ndn = op->o_bd->be_rootndn;
136 switch( op->o_tag ) {
137 case LDAP_REQ_BIND: {
138 struct berval rndn = op->o_req_ndn;
139 Connection *conn = op->o_conn;
141 op->o_req_ndn = slap_empty_bv;
144 rc = lback->bi_op_bind( op, rs );
145 op->o_req_ndn = rndn;
150 rc = lback->bi_op_add( op, rs );
152 case LDAP_REQ_DELETE:
153 rc = lback->bi_op_delete( op, rs );
155 case LDAP_REQ_MODRDN:
156 rc = lback->bi_op_modrdn( op, rs );
158 case LDAP_REQ_MODIFY:
159 rc = lback->bi_op_modify( op, rs );
161 case LDAP_REQ_COMPARE:
162 rc = lback->bi_op_compare( op, rs );
164 case LDAP_REQ_SEARCH:
165 if ( rs->sr_type == REP_SEARCHREF ) {
166 struct berval *curr = ref,
168 ondn = op->o_req_ndn;
170 rs->sr_type = REP_SEARCH;
172 /* copy the private info because we need to modify it */
173 for ( ; curr[0].bv_val; curr++ ) {
176 /* parse reference and use proto://[host][:port]/ only */
177 rc = ldap_url_parse_ext( curr[0].bv_val, &srv );
178 if ( rc != LDAP_SUCCESS) {
181 goto end_of_searchref;
184 ber_str2bv(srv->lud_dn, 0, 0, &op->o_req_dn);
185 op->o_req_ndn = op->o_req_dn;
187 /* remove DN essentially because later on
188 * ldap_initialize() will parse the URL
189 * as a comma-separated URL list */
191 li.url = ldap_url_desc2str( srv );
192 if ( li.url == NULL ) {
194 srv->lud_dn = op->o_req_dn.bv_val;
195 ldap_free_urldesc( srv );
197 goto end_of_searchref;
200 /* FIXME: should we also copy filter and scope?
201 * according to RFC3296, no */
203 rc = lback->bi_op_search( op, rs );
205 ldap_memfree( li.url );
208 srv->lud_dn = op->o_req_dn.bv_val;
209 ldap_free_urldesc( srv );
214 goto end_of_searchref;
220 op->o_req_ndn = ondn;
221 rs->sr_type = REP_SEARCHREF;
224 rc = lback->bi_op_search( op, rs );
227 case LDAP_REQ_EXTENDED:
228 rc = lback->bi_extended( op, rs );
231 rc = SLAP_CB_CONTINUE;
234 op->o_do_not_cache = cache;
236 op->o_bd->be_private = private;
239 if ( ctrls ) op->o_tmpfree( ctrls, op->o_tmpmemctx );
240 if ( authzid ) op->o_tmpfree( authzid, op->o_tmpmemctx );
242 if ( lip->url == NULL && li.url ) {
243 ldap_memfree( li.url );
249 static int ldap_chain_config(
257 slap_overinst *on = (slap_overinst *) be->bd_info;
258 void *private = be->be_private;
262 be->be_private = on->on_bi.bi_private;
263 if ( strncasecmp( argv[ 0 ], "chain-", sizeof( "chain-" ) - 1 ) == 0 ) {
265 argv[ 0 ] = &argv[ 0 ][ sizeof( "chain-" ) - 1 ];
267 rc = lback->bi_db_config( be, fname, lineno, argc, argv );
272 be->be_private = private;
276 static int ldap_chain_init(
280 slap_overinst *on = (slap_overinst *) be->bd_info;
281 void *private = be->be_private;
284 be->be_private = NULL;
285 rc = lback->bi_db_init( be );
286 on->on_bi.bi_private = be->be_private;
287 be->be_private = private;
292 static int ldap_chain_destroy(
296 slap_overinst *on = (slap_overinst *) be->bd_info;
297 void *private = be->be_private;
300 be->be_private = on->on_bi.bi_private;
301 rc = lback->bi_db_destroy( be );
302 on->on_bi.bi_private = be->be_private;
303 be->be_private = private;
307 static slap_overinst ldapchain;
311 lback = backend_info("ldap");
313 if ( !lback ) return -1;
315 ldapchain.on_bi.bi_type = "chain";
316 ldapchain.on_bi.bi_db_init = ldap_chain_init;
317 ldapchain.on_bi.bi_db_config = ldap_chain_config;
318 ldapchain.on_bi.bi_db_destroy = ldap_chain_destroy;
319 ldapchain.on_response = ldap_chain_response;
321 ldapchain.on_bi.bi_chk_referrals = ldap_chain_chk_referrals;
323 return overlay_register( &ldapchain );
326 #if SLAPD_OVER_CHAIN == SLAPD_MOD_DYNAMIC
327 int init_module(int argc, char *argv[]) {
330 #endif /* SLAPD_OVER_CHAIN == SLAPD_MOD_DYNAMIC */
332 #endif /* SLAPD_OVER_CHAIN */
334 #endif /* ! defined(SLAPD_LDAP) */