1 /* translucent.c - translucent proxy module */
3 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
5 * Copyright 2004-2007 The OpenLDAP Foundation.
6 * Portions Copyright 2005 Symas Corporation.
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted only as authorized by the OpenLDAP
13 * A copy of this license is available in the file LICENSE in the
14 * top-level directory of the distribution or, alternatively, at
15 * <http://www.OpenLDAP.org/license.html>.
18 * This work was initially developed by Symas Corp. for inclusion in
19 * OpenLDAP Software. This work was sponsored by Hewlett-Packard.
24 #ifdef SLAPD_OVER_TRANSLUCENT
28 #include <ac/string.h>
29 #include <ac/socket.h>
36 typedef struct translucent_configuration {
41 } translucent_configuration;
43 /* stack of captive backends */
45 typedef struct overlay_stack {
46 BackendInfo *info; /* captive backend */
47 void *private; /* local backend_private */
48 translucent_configuration *config; /* our_private: configuration */
51 /* for translucent_init() */
53 static slap_overinst translucent;
57 ** call syncrepl_add_glue() with the parent suffix;
61 static struct berval glue[] = { BER_BVC("top"), BER_BVC("glue"), BER_BVNULL };
63 void glue_parent(Operation *op) {
65 slap_overinst *on = (slap_overinst *) op->o_bd->bd_info;
66 struct berval ndn = BER_BVNULL;
71 dnParent( &op->o_req_ndn, &pdn );
72 ber_dupbv_x( &ndn, &pdn, op->o_tmpmemctx );
74 Debug(LDAP_DEBUG_TRACE, "=> glue_parent: fabricating glue for <%s>\n", ndn.bv_val, 0, 0);
76 e = ch_calloc(1, sizeof(Entry));
78 ber_dupbv(&e->e_name, &ndn);
79 ber_dupbv(&e->e_nname, &ndn);
81 a = ch_calloc(1, sizeof(Attribute));
82 a->a_desc = slap_schema.si_ad_objectClass;
83 a->a_vals = ch_malloc(sizeof(struct berval) * 3);
84 ber_dupbv(&a->a_vals[0], &glue[0]);
85 ber_dupbv(&a->a_vals[1], &glue[1]);
86 ber_dupbv(&a->a_vals[2], &glue[2]);
87 a->a_nvals = a->a_vals;
88 a->a_next = e->e_attrs;
91 a = ch_calloc(1, sizeof(Attribute));
92 a->a_desc = slap_schema.si_ad_structuralObjectClass;
93 a->a_vals = ch_malloc(sizeof(struct berval) * 2);
94 ber_dupbv(&a->a_vals[0], &glue[1]);
95 ber_dupbv(&a->a_vals[1], &glue[2]);
96 a->a_nvals = a->a_vals;
97 a->a_next = e->e_attrs;
103 nop.o_bd->bd_info = (BackendInfo *) on->on_info->oi_orig;
105 syncrepl_add_glue(&nop, e);
107 op->o_tmpfree( ndn.bv_val, op->o_tmpmemctx );
117 BerVarray dup_bervarray(BerVarray b) {
120 for(len = 0; b[len].bv_val; len++);
121 nb = ch_malloc((len+1) * sizeof(BerValue));
122 for(i = 0; i < len; i++) ber_dupbv(&nb[i], &b[i]);
123 nb[len].bv_val = NULL;
130 ** free only the Attribute*, not the contents;
133 void free_attr_chain(Attribute *a) {
144 ** if not bound as root, send ACCESS error;
145 ** if config.glue, glue_parent();
150 static int translucent_add(Operation *op, SlapReply *rs) {
151 slap_overinst *on = (slap_overinst *) op->o_bd->bd_info;
152 overlay_stack *ov = on->on_bi.bi_private;
153 Debug(LDAP_DEBUG_TRACE, "==> translucent_add: %s\n",
154 op->o_req_dn.bv_val, 0, 0);
156 op->o_bd->bd_info = (BackendInfo *) on->on_info;
157 send_ldap_error(op, rs, LDAP_INSUFFICIENT_ACCESS,
158 "user modification of overlay database not permitted");
161 if(!ov->config->glue) glue_parent(op);
162 return(SLAP_CB_CONTINUE);
166 ** translucent_modrdn()
167 ** if not bound as root, send ACCESS error;
168 ** if !config.glue, glue_parent();
169 ** else return CONTINUE;
173 static int translucent_modrdn(Operation *op, SlapReply *rs) {
174 slap_overinst *on = (slap_overinst *) op->o_bd->bd_info;
175 overlay_stack *ov = on->on_bi.bi_private;
176 Debug(LDAP_DEBUG_TRACE, "==> translucent_modrdn: %s -> %s\n",
177 op->o_req_dn.bv_val, op->orr_newrdn.bv_val, 0);
179 op->o_bd->bd_info = (BackendInfo *) on->on_info;
180 send_ldap_error(op, rs, LDAP_INSUFFICIENT_ACCESS,
181 "user modification of overlay database not permitted");
184 if(!ov->config->glue) glue_parent(op);
185 return(SLAP_CB_CONTINUE);
189 ** translucent_delete()
190 ** if not bound as root, send ACCESS error;
191 ** else return CONTINUE;
195 static int translucent_delete(Operation *op, SlapReply *rs) {
196 slap_overinst *on = (slap_overinst *) op->o_bd->bd_info;
197 Debug(LDAP_DEBUG_TRACE, "==> translucent_delete: %s\n",
198 op->o_req_dn.bv_val, 0, 0);
200 op->o_bd->bd_info = (BackendInfo *) on->on_info;
201 send_ldap_error(op, rs, LDAP_INSUFFICIENT_ACCESS,
202 "user modification of overlay database not permitted");
205 return(SLAP_CB_CONTINUE);
209 translucent_tag_cb( Operation *op, SlapReply *rs )
211 op->o_tag = LDAP_REQ_MODIFY;
212 op->orm_modlist = op->o_callback->sc_private;
213 rs->sr_tag = slap_req2res( op->o_tag );
215 return SLAP_CB_CONTINUE;
219 ** translucent_modify()
220 ** modify in local backend if exists in both;
221 ** otherwise, add to local backend;
222 ** fail if not defined in captive backend;
226 static int translucent_modify(Operation *op, SlapReply *rs) {
227 SlapReply nrs = { REP_RESULT };
230 slap_overinst *on = (slap_overinst *) op->o_bd->bd_info;
231 overlay_stack *ov = on->on_bi.bi_private;
232 void *private = op->o_bd->be_private;
233 Entry ne, *e = NULL, *re = NULL;
235 Modifications *m, **mm;
236 int del, rc, erc = 0;
237 slap_callback cb = { 0 };
239 Debug(LDAP_DEBUG_TRACE, "==> translucent_modify: %s\n",
240 op->o_req_dn.bv_val, 0, 0);
243 ** fetch entry from the captive backend;
244 ** if it did not exist, fail;
245 ** release it, if captive backend supports this;
249 op->o_bd->bd_info = (BackendInfo *) on->on_info;
250 op->o_bd->be_private = ov->private;
251 rc = ov->info->bi_entry_get_rw(op, &op->o_req_ndn, NULL, NULL, 0, &re);
252 op->o_bd->be_private = private;
254 /* if(ov->config->no_add && (!re || rc != LDAP_SUCCESS)) */
255 if(rc != LDAP_SUCCESS || re == NULL ) {
256 send_ldap_error(op, rs, LDAP_NO_SUCH_OBJECT,
257 "attempt to modify nonexistent local record");
262 ** fetch entry from local backend;
264 ** foreach Modification:
265 ** if attr not present in local:
266 ** if Mod == LDAP_MOD_DELETE:
267 ** if remote attr not present, return NO_SUCH;
268 ** if remote attr present, drop this Mod;
269 ** else force this Mod to LDAP_MOD_ADD;
274 rc = be_entry_get_rw(op, &op->o_req_ndn, NULL, NULL, 0, &e);
276 if(e && rc == LDAP_SUCCESS) {
277 Debug(LDAP_DEBUG_TRACE, "=> translucent_modify: found local entry\n", 0, 0, 0);
278 for(mm = &op->orm_modlist; *mm; ) {
280 for(a = e->e_attrs; a; a = a->a_next)
281 if(a->a_desc == m->sml_desc) break;
284 continue; /* found local attr */
286 if(m->sml_op == LDAP_MOD_DELETE) {
287 for(a = re->e_attrs; a; a = a->a_next)
288 if(a->a_desc == m->sml_desc) break;
289 /* not found remote attr */
291 erc = LDAP_NO_SUCH_ATTRIBUTE;
294 if(ov->config->strict) {
295 erc = LDAP_CONSTRAINT_VIOLATION;
298 Debug(LDAP_DEBUG_TRACE,
299 "=> translucent_modify: silently dropping delete: %s\n",
300 m->sml_desc->ad_cname.bv_val, 0, 0);
303 slap_mods_free(m, 1);
306 m->sml_op = LDAP_MOD_ADD;
309 erc = SLAP_CB_CONTINUE;
312 op->o_bd->be_private = ov->private;
313 if(ov->info->bi_entry_release_rw)
314 ov->info->bi_entry_release_rw(op, re, 0);
317 op->o_bd->be_private = private;
319 be_entry_release_r(op, e);
320 if(erc == SLAP_CB_CONTINUE) {
321 op->o_bd->bd_info = (BackendInfo *) on;
324 send_ldap_error(op, rs, erc,
325 "attempt to delete nonexistent attribute");
330 /* don't leak remote entry copy */
332 op->o_bd->be_private = ov->private;
333 if(ov->info->bi_entry_release_rw)
334 ov->info->bi_entry_release_rw(op, re, 0);
337 op->o_bd->be_private = private;
340 ** foreach Modification:
341 ** if MOD_ADD or MOD_REPLACE, add Attribute;
342 ** if no Modifications were suitable:
343 ** if config.strict, throw CONSTRAINT_VIOLATION;
344 ** else, return early SUCCESS;
345 ** fabricate Entry with new Attribute chain;
346 ** glue_parent() for this Entry;
347 ** call bi_op_add() in local backend;
351 Debug(LDAP_DEBUG_TRACE, "=> translucent_modify: fabricating local add\n", 0, 0, 0);
353 for(del = 0, ax = NULL, m = op->orm_modlist; m; m = m->sml_next) {
354 if(((m->sml_op & LDAP_MOD_OP) != LDAP_MOD_ADD) &&
355 ((m->sml_op & LDAP_MOD_OP) != LDAP_MOD_REPLACE)) {
356 Debug(LDAP_DEBUG_ANY,
357 "=> translucent_modify: silently dropped modification(%d): %s\n",
358 m->sml_op, m->sml_desc->ad_cname.bv_val, 0);
359 if((m->sml_op & LDAP_MOD_OP) == LDAP_MOD_DELETE) del++;
362 a = ch_calloc(1, sizeof(Attribute));
363 a->a_desc = m->sml_desc;
364 a->a_vals = m->sml_values;
365 a->a_nvals = m->sml_nvalues ? m->sml_nvalues : a->a_vals;
370 if(del && ov->config->strict) {
372 send_ldap_error(op, rs, LDAP_CONSTRAINT_VIOLATION,
373 "attempt to delete attributes from local database");
378 if(ov->config->strict) {
379 send_ldap_error(op, rs, LDAP_CONSTRAINT_VIOLATION,
380 "modification contained other than ADD or REPLACE");
383 op->o_bd->bd_info = (BackendInfo *) on;
384 /* rs->sr_text = "no valid modification found"; */
385 rs->sr_err = LDAP_SUCCESS;
386 send_ldap_result(op, rs);
391 ne.e_name = op->o_req_dn;
392 ne.e_nname = op->o_req_ndn;
396 ne.e_bv.bv_val = NULL;
399 nop.o_tag = LDAP_REQ_ADD;
400 nop.oq_add.rs_e = ≠
402 op->o_bd->bd_info = (BackendInfo *) on;
405 cb.sc_response = translucent_tag_cb;
406 cb.sc_private = op->orm_modlist;
407 cb.sc_next = nop.o_callback;
408 nop.o_callback = &cb;
409 rc = on->on_info->oi_orig->bi_op_add(&nop, &nrs);
415 static int translucent_compare(Operation *op, SlapReply *rs) {
416 slap_overinst *on = (slap_overinst *) op->o_bd->bd_info;
417 overlay_stack *ov = on->on_bi.bi_private;
418 void *private = op->o_bd->be_private;
420 AttributeAssertion *ava = op->orc_ava;
424 Debug(LDAP_DEBUG_TRACE, "==> translucent_compare: <%s> %s:%s\n",
425 op->o_req_dn.bv_val, ava->aa_desc->ad_cname.bv_val, ava->aa_value.bv_val);
428 ** if the local backend has an entry for this attribute:
429 ** CONTINUE and let it do the compare;
433 op->o_bd->bd_info = (BackendInfo *) on->on_info;
434 rc = be_entry_get_rw(op, &op->o_req_ndn, NULL, ava->aa_desc, 0, &e);
435 if(e && rc == LDAP_SUCCESS) {
436 be_entry_release_r(op, e);
437 op->o_bd->bd_info = (BackendInfo *) on;
438 return(SLAP_CB_CONTINUE);
442 ** call compare() in the captive backend;
443 ** return the result;
447 op->o_bd->be_private = ov->private;
448 rc = ov->info->bi_op_compare(op, rs);
449 op->o_bd->be_private = private;
450 op->o_bd->bd_info = (BackendInfo *) on;
455 ** translucent_search_cb()
456 ** merge local data with the search result
460 static int translucent_search_cb(Operation *op, SlapReply *rs) {
462 Entry *e, *re = NULL;
463 Attribute *a, *ax, *an, *as = NULL;
467 if(!op || !rs || rs->sr_type != REP_SEARCH || !rs->sr_entry)
468 return(SLAP_CB_CONTINUE);
470 Debug(LDAP_DEBUG_TRACE, "==> tranclucent_search_cb: %s\n",
471 rs->sr_entry->e_name.bv_val, 0, 0);
473 on = (slap_overinst *) op->o_bd->bd_info;
474 op->o_bd->bd_info = (BackendInfo *) on->on_info;
476 private = op->o_bd->be_private;
477 op->o_bd->be_private = op->o_callback->sc_private;
479 rc = be_entry_get_rw(op, &rs->sr_entry->e_nname, NULL, NULL, 0, &e);
482 ** if we got an entry from local backend:
483 ** make a copy of this search result;
484 ** foreach local attr:
485 ** foreach search result attr:
486 ** if match, result attr with local attr;
487 ** if new local, add to list;
488 ** append new local attrs to search result;
492 if(e && rc == LDAP_SUCCESS) {
493 re = entry_dup(rs->sr_entry);
494 for(ax = e->e_attrs; ax; ax = ax->a_next) {
496 if(is_at_operational(ax->a_desc->ad_type)) continue;
498 for(a = re->e_attrs; a; a = a->a_next) {
499 if(a->a_desc == ax->a_desc) {
500 if(a->a_vals != a->a_nvals)
501 ber_bvarray_free(a->a_nvals);
502 ber_bvarray_free(a->a_vals);
503 a->a_vals = dup_bervarray(ax->a_vals);
504 a->a_nvals = (ax->a_vals == ax->a_nvals) ?
505 a->a_vals : dup_bervarray(ax->a_nvals);
514 be_entry_release_r(op, e);
516 /* literally append, so locals are always last */
519 for(ax = re->e_attrs; ax->a_next; ax = ax->a_next);
526 rs->sr_flags |= REP_ENTRY_MUSTBEFREED;
529 op->o_bd->be_private = private;
530 op->o_bd->bd_info = (BackendInfo *) on;
532 return(SLAP_CB_CONTINUE);
536 ** translucent_search()
537 ** search via captive backend;
538 ** override results with any local data;
542 static int translucent_search(Operation *op, SlapReply *rs) {
545 slap_overinst *on = (slap_overinst *) op->o_bd->bd_info;
546 slap_callback cb = { NULL, NULL, NULL, NULL };
547 overlay_stack *ov = on->on_bi.bi_private;
548 void *private = op->o_bd->be_private;
551 Debug(LDAP_DEBUG_TRACE, "==> translucent_search: <%s> %s\n",
552 op->o_req_dn.bv_val, op->ors_filterstr.bv_val, 0);
553 cb.sc_response = (slap_response *) translucent_search_cb;
554 cb.sc_private = private;
556 cb.sc_next = nop.o_callback;
557 nop.o_callback = &cb;
559 op->o_bd->be_private = ov->private;
560 rc = ov->info->bi_op_search(&nop, rs);
561 op->o_bd->be_private = private;
568 ** translucent_bind()
569 ** pass bind request to captive backend;
573 static int translucent_bind(Operation *op, SlapReply *rs) {
574 slap_overinst *on = (slap_overinst *) op->o_bd->bd_info;
575 overlay_stack *ov = on->on_bi.bi_private;
576 void *private = op->o_bd->be_private;
579 Debug(LDAP_DEBUG_TRACE, "translucent_bind: <%s> method %d\n",
580 op->o_req_dn.bv_val, op->orb_method, 0);
582 op->o_bd->be_private = ov->private;
583 rc = ov->info->bi_op_bind(op, rs);
584 op->o_bd->be_private = private;
590 ** translucent_connection_destroy()
591 ** pass disconnect notification to captive backend;
595 static int translucent_connection_destroy(BackendDB *be, Connection *conn) {
596 slap_overinst *on = (slap_overinst *) be->bd_info;
597 overlay_stack *ov = on->on_bi.bi_private;
598 void *private = be->be_private;
601 Debug(LDAP_DEBUG_TRACE, "translucent_connection_destroy\n", 0, 0, 0);
603 be->be_private = ov->private;
604 rc = ov->info->bi_connection_destroy(be, conn);
605 be->be_private = private;
611 ** translucent_db_config()
612 ** pass config directives to captive backend;
613 ** parse unrecognized directives ourselves;
617 static int translucent_db_config(
625 slap_overinst *on = (slap_overinst *) be->bd_info;
626 overlay_stack *ov = on->on_bi.bi_private;
627 void *private = be->be_private;
628 void *be_cf_ocs = be->be_cf_ocs;
631 /* "this should never happen" */
633 fprintf(stderr, "fatal: captive backend not initialized");
637 be->be_private = ov->private;
638 be->be_cf_ocs = ov->info->bi_cf_ocs;
639 rc = ov->info->bi_db_config ? ov->info->bi_db_config(be, fname, lineno, argc, argv) : 0;
640 be->be_private = private;
641 be->be_cf_ocs = be_cf_ocs;
643 /* pass okay or error up, SLAP_CONF_UNKNOWN might be ours */
644 if(rc == 0 || rc == 1) return(rc);
647 if(!strcasecmp(*argv, "translucent_strict")) {
648 ov->config->strict++;
649 } else if(!strcasecmp(*argv, "translucent_no_add")) {
650 ov->config->no_add++;
651 } else if(!strcasecmp(*argv, "translucent_no_glue")) {
653 } else if(!strcasecmp(*argv, "translucent_debug")) {
655 ov->config->debug = 0xFFFF;
657 } else if(argc == 2) {
658 if ( lutil_atoi( &ov->config->debug, argv[1]) != 0 ) {
659 fprintf(stderr, "%s: line %d: unable to parse debug \"%s\"\n",
660 fname, lineno, argv[1]);
665 fprintf(stderr, "%s: line %d: too many arguments (%d) to debug\n",
666 fname, lineno, argc);
670 fprintf(stderr, "%s: line %d: unknown keyword %s\n",
671 fname, lineno, *argv);
672 rc = SLAP_CONF_UNKNOWN;
678 ** translucent_db_init()
679 ** initialize the captive backend;
683 static int translucent_db_init(BackendDB *be) {
684 slap_overinst *on = (slap_overinst *) be->bd_info;
685 void *private = be->be_private;
689 Debug(LDAP_DEBUG_TRACE, "==> translucent_init\n", 0, 0, 0);
691 ov = ch_calloc(1, sizeof(overlay_stack));
692 ov->config = ch_calloc(1, sizeof(translucent_configuration));
693 ov->info = backend_info("ldap");
696 Debug(LDAP_DEBUG_ANY, "translucent: backend_info failed!\n", 0, 0, 0);
700 /* forcibly disable schema checking on the local backend */
701 SLAP_DBFLAGS(be) |= SLAP_DBFLAG_NO_SCHEMA_CHECK;
703 be->be_private = NULL;
704 rc = ov->info->bi_db_init ? ov->info->bi_db_init(be) : 0;
706 if(rc) Debug(LDAP_DEBUG_TRACE,
707 "translucent: bi_db_init() returned error %d\n", rc, 0, 0);
709 ov->private = be->be_private;
710 be->be_private = private;
711 on->on_bi.bi_private = ov;
716 ** translucent_db_open()
717 ** if the captive backend has an open() method, call it;
721 static int translucent_db_open(BackendDB *be) {
722 slap_overinst *on = (slap_overinst *) be->bd_info;
723 overlay_stack *ov = on->on_bi.bi_private;
724 void *private = be->be_private;
727 /* "should never happen" */
729 Debug(LDAP_DEBUG_ANY, "translucent_open() called with bad ov->info\n", 0, 0, 0);
733 Debug(LDAP_DEBUG_TRACE, "translucent_open\n", 0, 0, 0);
735 be->be_private = ov->private;
736 rc = ov->info->bi_db_open ? ov->info->bi_db_open(be) : 0;
737 be->be_private = private;
739 if(rc) Debug(LDAP_DEBUG_TRACE,
740 "translucent: bi_db_open() returned error %d\n", rc, 0, 0);
746 ** translucent_db_close()
747 ** if the captive backend has a close() method, call it;
748 ** free any config data;
752 static int translucent_db_close(BackendDB *be) {
753 slap_overinst *on = (slap_overinst *) be->bd_info;
754 overlay_stack *ov = on->on_bi.bi_private;
758 void *private = be->be_private;
760 be->be_private = ov->private;
761 rc = (ov->info && ov->info->bi_db_close) ? ov->info->bi_db_close(be) : 0;
762 be->be_private = private;
763 if(ov->config) ch_free(ov->config);
771 ** translucent_db_destroy()
772 ** if the captive backend has a db_destroy() method, call it
776 static int translucent_db_destroy(BackendDB *be) {
777 slap_overinst *on = (slap_overinst *) be->bd_info;
778 overlay_stack *ov = on->on_bi.bi_private;
782 void *private = be->be_private;
784 be->be_private = ov->private;
785 rc = (ov->info && ov->info->bi_db_destroy) ? ov->info->bi_db_destroy(be) : 0;
786 be->be_private = private;
788 on->on_bi.bi_private = NULL;
795 ** translucent_initialize()
796 ** initialize the slap_overinst with our entry points;
800 int translucent_initialize() {
802 translucent.on_bi.bi_type = "translucent";
803 translucent.on_bi.bi_db_init = translucent_db_init;
804 translucent.on_bi.bi_db_config = translucent_db_config;
805 translucent.on_bi.bi_db_open = translucent_db_open;
806 translucent.on_bi.bi_db_close = translucent_db_close;
807 translucent.on_bi.bi_db_destroy = translucent_db_destroy;
808 translucent.on_bi.bi_op_bind = translucent_bind;
809 translucent.on_bi.bi_op_add = translucent_add;
810 translucent.on_bi.bi_op_modify = translucent_modify;
811 translucent.on_bi.bi_op_modrdn = translucent_modrdn;
812 translucent.on_bi.bi_op_delete = translucent_delete;
813 translucent.on_bi.bi_op_search = translucent_search;
814 translucent.on_bi.bi_op_compare = translucent_compare;
815 translucent.on_bi.bi_connection_destroy = translucent_connection_destroy;
817 return(overlay_register(&translucent));
820 #if SLAPD_OVER_TRANSLUCENT == SLAPD_MOD_DYNAMIC && defined(PIC)
821 int init_module(int argc, char *argv[]) {
822 return translucent_initialize();
826 #endif /* SLAPD_OVER_TRANSLUCENT */