]> git.sur5r.net Git - openldap/blob - servers/slapd/overlays/translucent.c
ITS#5187
[openldap] / servers / slapd / overlays / translucent.c
1 /* translucent.c - translucent proxy module */
2 /* $OpenLDAP$ */
3 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
4  *
5  * Copyright 2004-2007 The OpenLDAP Foundation.
6  * Portions Copyright 2005 Symas Corporation.
7  * All rights reserved.
8  *
9  * Redistribution and use in source and binary forms, with or without
10  * modification, are permitted only as authorized by the OpenLDAP
11  * Public License.
12  *
13  * A copy of this license is available in the file LICENSE in the
14  * top-level directory of the distribution or, alternatively, at
15  * <http://www.OpenLDAP.org/license.html>.
16  */
17 /* ACKNOWLEDGEMENTS:
18  * This work was initially developed by Symas Corp. for inclusion in
19  * OpenLDAP Software.  This work was sponsored by Hewlett-Packard.
20  */
21
22 #include "portable.h"
23
24 #ifdef SLAPD_OVER_TRANSLUCENT
25
26 #include <stdio.h>
27
28 #include <ac/string.h>
29 #include <ac/socket.h>
30
31 #include "slap.h"
32 #include "lutil.h"
33
34 #include "config.h"
35
36 /* config block */
37 typedef struct translucent_info {
38         BackendDB db;                   /* captive backend */
39         int strict;
40         int no_glue;
41         int defer_db_open;
42 } translucent_info;
43
44 static ConfigLDAPadd translucent_ldadd;
45 static ConfigCfAdd translucent_cfadd;
46
47 static ConfigTable translucentcfg[] = {
48         { "translucent_strict", "on|off", 1, 2, 0,
49           ARG_ON_OFF|ARG_OFFSET,
50           (void *)offsetof(translucent_info, strict),
51           "( OLcfgOvAt:14.1 NAME 'olcTranslucentStrict' "
52           "DESC 'Reveal attribute deletion constraint violations' "
53           "SYNTAX OMsBoolean SINGLE-VALUE )", NULL, NULL },
54         { "translucent_no_glue", "on|off", 1, 2, 0,
55           ARG_ON_OFF|ARG_OFFSET,
56           (void *)offsetof(translucent_info, no_glue),
57           "( OLcfgOvAt:14.2 NAME 'olcTranslucentNoGlue' "
58           "DESC 'Disable automatic glue records for ADD and MODRDN' "
59           "SYNTAX OMsBoolean SINGLE-VALUE )", NULL, NULL },
60         { NULL, NULL, 0, 0, 0, ARG_IGNORED }
61 };
62
63 static ConfigTable transdummy[] = {
64         { "", "", 0, 0, 0, ARG_IGNORED,
65                 NULL, "( OLcfgGlAt:13 NAME 'olcDatabase' "
66                         "DESC 'The backend type for a database instance' "
67                         "SUP olcBackend SINGLE-VALUE X-ORDERED 'SIBLINGS' )", NULL, NULL },
68         { NULL, NULL, 0, 0, 0, ARG_IGNORED }
69 };
70
71 static ConfigOCs translucentocs[] = {
72         { "( OLcfgOvOc:14.1 "
73           "NAME 'olcTranslucentConfig' "
74           "DESC 'Translucent configuration' "
75           "SUP olcOverlayConfig "
76           "MAY ( olcTranslucentStrict $ olcTranslucentNoGlue ) )",
77           Cft_Overlay, translucentcfg, NULL, translucent_cfadd },
78         { "( OLcfgOvOc:14.2 "
79           "NAME 'olcTranslucentDatabase' "
80           "DESC 'Translucent target database configuration' "
81           "AUXILIARY )", Cft_Misc, transdummy, translucent_ldadd },
82         { NULL, 0, NULL }
83 };
84 /* for translucent_init() */
85
86 static int
87 translucent_ldadd_cleanup( ConfigArgs *ca )
88 {
89         slap_overinst *on = ca->private;
90         translucent_info *ov = on->on_bi.bi_private;
91
92         ov->defer_db_open = 0;
93         return backend_startup_one( ca->be, &ca->reply );
94 }
95
96 static int
97 translucent_ldadd( CfEntryInfo *cei, Entry *e, ConfigArgs *ca )
98 {
99         slap_overinst *on;
100         translucent_info *ov;
101
102         Debug(LDAP_DEBUG_TRACE, "==> translucent_ldadd\n", 0, 0, 0);
103
104         if ( cei->ce_type != Cft_Overlay || !cei->ce_bi ||
105              cei->ce_bi->bi_cf_ocs != translucentocs )
106                 return LDAP_CONSTRAINT_VIOLATION;
107
108         on = (slap_overinst *)cei->ce_bi;
109         ov = on->on_bi.bi_private;
110         ca->be = &ov->db;
111         ca->private = on;
112         if ( CONFIG_ONLINE_ADD( ca ))
113                 ca->cleanup = translucent_ldadd_cleanup;
114         else
115                 ov->defer_db_open = 0;
116
117         return LDAP_SUCCESS;
118 }
119
120 static int
121 translucent_cfadd( Operation *op, SlapReply *rs, Entry *e, ConfigArgs *ca )
122 {
123         CfEntryInfo *cei = e->e_private;
124         slap_overinst *on = (slap_overinst *)cei->ce_bi;
125         translucent_info *ov = on->on_bi.bi_private;
126         struct berval bv;
127
128         Debug(LDAP_DEBUG_TRACE, "==> translucent_cfadd\n", 0, 0, 0);
129
130         /* FIXME: should not hardcode "olcDatabase" here */
131         bv.bv_len = sprintf( ca->cr_msg, "olcDatabase=%s",
132                              ov->db.bd_info->bi_type );
133         bv.bv_val = ca->cr_msg;
134         ca->be = &ov->db;
135         ov->defer_db_open = 0;
136
137         /* We can only create this entry if the database is table-driven
138          */
139         if ( ov->db.bd_info->bi_cf_ocs )
140                 config_build_entry( op, rs, cei, ca, &bv,
141                                     ov->db.bd_info->bi_cf_ocs,
142                                     &translucentocs[1] );
143
144         return 0;
145 }
146
147 static slap_overinst translucent;
148
149 /*
150 ** glue_parent()
151 **      call syncrepl_add_glue() with the parent suffix;
152 **
153 */
154
155 static struct berval glue[] = { BER_BVC("top"), BER_BVC("glue"), BER_BVNULL };
156
157 void glue_parent(Operation *op) {
158         Operation nop = *op;
159         slap_overinst *on = (slap_overinst *) op->o_bd->bd_info;
160         struct berval ndn = BER_BVNULL;
161         Attribute *a;
162         Entry *e;
163         struct berval   pdn;
164
165         dnParent( &op->o_req_ndn, &pdn );
166         ber_dupbv_x( &ndn, &pdn, op->o_tmpmemctx );
167
168         Debug(LDAP_DEBUG_TRACE, "=> glue_parent: fabricating glue for <%s>\n", ndn.bv_val, 0, 0);
169
170         e = entry_alloc();
171         e->e_id = NOID;
172         ber_dupbv(&e->e_name, &ndn);
173         ber_dupbv(&e->e_nname, &ndn);
174
175         a = attr_alloc( slap_schema.si_ad_objectClass );
176         a->a_numvals = 2;
177         a->a_vals = ch_malloc(sizeof(struct berval) * 3);
178         ber_dupbv(&a->a_vals[0], &glue[0]);
179         ber_dupbv(&a->a_vals[1], &glue[1]);
180         ber_dupbv(&a->a_vals[2], &glue[2]);
181         a->a_nvals = a->a_vals;
182         a->a_next = e->e_attrs;
183         e->e_attrs = a;
184
185         a = attr_alloc( slap_schema.si_ad_structuralObjectClass );
186         a->a_numvals = 1;
187         a->a_vals = ch_malloc(sizeof(struct berval) * 2);
188         ber_dupbv(&a->a_vals[0], &glue[1]);
189         ber_dupbv(&a->a_vals[1], &glue[2]);
190         a->a_nvals = a->a_vals;
191         a->a_next = e->e_attrs;
192         e->e_attrs = a;
193
194         nop.o_req_dn = ndn;
195         nop.o_req_ndn = ndn;
196         nop.ora_e = e;
197
198         nop.o_bd->bd_info = (BackendInfo *) on->on_info->oi_orig;
199         syncrepl_add_glue(&nop, e);
200         nop.o_bd->bd_info = (BackendInfo *) on;
201
202         op->o_tmpfree( ndn.bv_val, op->o_tmpmemctx );
203
204         return;
205 }
206
207 /*
208 ** dup_bervarray()
209 **      copy a BerVarray;
210 */
211
212 BerVarray dup_bervarray(BerVarray b) {
213         int i, len;
214         BerVarray nb;
215         for(len = 0; b[len].bv_val; len++);
216         nb = ch_malloc((len+1) * sizeof(BerValue));
217         for(i = 0; i < len; i++) ber_dupbv(&nb[i], &b[i]);
218         nb[len].bv_val = NULL;
219         nb[len].bv_len = 0;
220         return(nb);
221 }
222
223 /*
224 ** free_attr_chain()
225 **      free only the Attribute*, not the contents;
226 **
227 */
228 void free_attr_chain(Attribute *b) {
229         Attribute *a;
230         for(a=b; a; a=a->a_next) {
231                 a->a_vals = NULL;
232                 a->a_nvals = NULL;
233         }
234         attrs_free( b );
235         return;
236 }
237
238 /*
239 ** translucent_add()
240 **      if not bound as root, send ACCESS error;
241 **      if glue, glue_parent();
242 **      return CONTINUE;
243 **
244 */
245
246 static int translucent_add(Operation *op, SlapReply *rs) {
247         slap_overinst *on = (slap_overinst *) op->o_bd->bd_info;
248         translucent_info *ov = on->on_bi.bi_private;
249         Debug(LDAP_DEBUG_TRACE, "==> translucent_add: %s\n",
250                 op->o_req_dn.bv_val, 0, 0);
251         if(!be_isroot(op)) {
252                 op->o_bd->bd_info = (BackendInfo *) on->on_info;
253                 send_ldap_error(op, rs, LDAP_INSUFFICIENT_ACCESS,
254                         "user modification of overlay database not permitted");
255                 op->o_bd->bd_info = (BackendInfo *) on;
256                 return(rs->sr_err);
257         }
258         if(!ov->no_glue) glue_parent(op);
259         return(SLAP_CB_CONTINUE);
260 }
261
262 /*
263 ** translucent_modrdn()
264 **      if not bound as root, send ACCESS error;
265 **      if !glue, glue_parent();
266 **      else return CONTINUE;
267 **
268 */
269
270 static int translucent_modrdn(Operation *op, SlapReply *rs) {
271         slap_overinst *on = (slap_overinst *) op->o_bd->bd_info;
272         translucent_info *ov = on->on_bi.bi_private;
273         Debug(LDAP_DEBUG_TRACE, "==> translucent_modrdn: %s -> %s\n",
274                 op->o_req_dn.bv_val, op->orr_newrdn.bv_val, 0);
275         if(!be_isroot(op)) {
276                 op->o_bd->bd_info = (BackendInfo *) on->on_info;
277                 send_ldap_error(op, rs, LDAP_INSUFFICIENT_ACCESS,
278                         "user modification of overlay database not permitted");
279                 op->o_bd->bd_info = (BackendInfo *) on;
280                 return(rs->sr_err);
281         }
282         if(!ov->no_glue) {
283                 op->o_tag = LDAP_REQ_ADD;
284                 glue_parent(op);
285                 op->o_tag = LDAP_REQ_MODRDN;
286         }
287         return(SLAP_CB_CONTINUE);
288 }
289
290 /*
291 ** translucent_delete()
292 **      if not bound as root, send ACCESS error;
293 **      else return CONTINUE;
294 **
295 */
296
297 static int translucent_delete(Operation *op, SlapReply *rs) {
298         slap_overinst *on = (slap_overinst *) op->o_bd->bd_info;
299         Debug(LDAP_DEBUG_TRACE, "==> translucent_delete: %s\n",
300                 op->o_req_dn.bv_val, 0, 0);
301         if(!be_isroot(op)) {
302                 op->o_bd->bd_info = (BackendInfo *) on->on_info;
303                 send_ldap_error(op, rs, LDAP_INSUFFICIENT_ACCESS,
304                         "user modification of overlay database not permitted");
305                 op->o_bd->bd_info = (BackendInfo *) on;
306                 return(rs->sr_err);
307         }
308         return(SLAP_CB_CONTINUE);
309 }
310
311 static int
312 translucent_tag_cb( Operation *op, SlapReply *rs )
313 {
314         op->o_tag = LDAP_REQ_MODIFY;
315         op->orm_modlist = op->o_callback->sc_private;
316         rs->sr_tag = slap_req2res( op->o_tag );
317
318         return SLAP_CB_CONTINUE;
319 }
320
321 /*
322 ** translucent_modify()
323 **      modify in local backend if exists in both;
324 **      otherwise, add to local backend;
325 **      fail if not defined in captive backend;
326 **
327 */
328
329 static int translucent_modify(Operation *op, SlapReply *rs) {
330         SlapReply nrs = { REP_RESULT };
331
332         slap_overinst *on = (slap_overinst *) op->o_bd->bd_info;
333         translucent_info *ov = on->on_bi.bi_private;
334         Entry *e = NULL, *re = NULL;
335         Attribute *a, *ax;
336         Modifications *m, **mm;
337         BackendDB *db;
338         int del, rc, erc = 0;
339         slap_callback cb = { 0 };
340
341         Debug(LDAP_DEBUG_TRACE, "==> translucent_modify: %s\n",
342                 op->o_req_dn.bv_val, 0, 0);
343
344         if(ov->defer_db_open) {
345                 send_ldap_error(op, rs, LDAP_UNAVAILABLE,
346                         "remote DB not available");
347                 return(rs->sr_err);
348         }
349 /*
350 ** fetch entry from the captive backend;
351 ** if it did not exist, fail;
352 ** release it, if captive backend supports this;
353 **
354 */
355
356         db = op->o_bd;
357         op->o_bd = &ov->db;
358         rc = ov->db.bd_info->bi_entry_get_rw(op, &op->o_req_ndn, NULL, NULL, 0, &re);
359         if(rc != LDAP_SUCCESS || re == NULL ) {
360                 send_ldap_error((op), rs, LDAP_NO_SUCH_OBJECT,
361                         "attempt to modify nonexistent local record");
362                 return(rs->sr_err);
363         }
364         op->o_bd = db;
365 /*
366 ** fetch entry from local backend;
367 ** if it exists:
368 **      foreach Modification:
369 **          if attr not present in local:
370 **              if Mod == LDAP_MOD_DELETE:
371 **                  if remote attr not present, return NO_SUCH;
372 **                  if remote attr present, drop this Mod;
373 **              else force this Mod to LDAP_MOD_ADD;
374 **      return CONTINUE;
375 **
376 */
377
378         op->o_bd->bd_info = (BackendInfo *) on->on_info;
379         rc = be_entry_get_rw(op, &op->o_req_ndn, NULL, NULL, 0, &e);
380         op->o_bd->bd_info = (BackendInfo *) on;
381
382         if(e && rc == LDAP_SUCCESS) {
383                 Debug(LDAP_DEBUG_TRACE, "=> translucent_modify: found local entry\n", 0, 0, 0);
384                 for(mm = &op->orm_modlist; *mm; ) {
385                         m = *mm;
386                         for(a = e->e_attrs; a; a = a->a_next)
387                                 if(a->a_desc == m->sml_desc) break;
388                         if(a) {
389                                 mm = &m->sml_next;
390                                 continue;               /* found local attr */
391                         }
392                         if(m->sml_op == LDAP_MOD_DELETE) {
393                                 for(a = re->e_attrs; a; a = a->a_next)
394                                         if(a->a_desc == m->sml_desc) break;
395                                 /* not found remote attr */
396                                 if(!a) {
397                                         erc = LDAP_NO_SUCH_ATTRIBUTE;
398                                         goto release;
399                                 }
400                                 if(ov->strict) {
401                                         erc = LDAP_CONSTRAINT_VIOLATION;
402                                         goto release;
403                                 }
404                                 Debug(LDAP_DEBUG_TRACE,
405                                         "=> translucent_modify: silently dropping delete: %s\n",
406                                         m->sml_desc->ad_cname.bv_val, 0, 0);
407                                 *mm = m->sml_next;
408                                 m->sml_next = NULL;
409                                 slap_mods_free(m, 1);
410                                 continue;
411                         }
412                         m->sml_op = LDAP_MOD_ADD;
413                         mm = &m->sml_next;
414                 }
415                 erc = SLAP_CB_CONTINUE;
416 release:
417                 if(re) {
418                         if(ov->db.bd_info->bi_entry_release_rw) {
419                                 op->o_bd = &ov->db;
420                                 ov->db.bd_info->bi_entry_release_rw(op, re, 0);
421                                 op->o_bd = db;
422                         } else
423                                 entry_free(re);
424                 }
425                 op->o_bd->bd_info = (BackendInfo *) on->on_info;
426                 be_entry_release_r(op, e);
427                 op->o_bd->bd_info = (BackendInfo *) on;
428                 if(erc == SLAP_CB_CONTINUE) {
429                         return(erc);
430                 } else if(erc) {
431                         send_ldap_error(op, rs, erc,
432                                 "attempt to delete nonexistent attribute");
433                         return(erc);
434                 }
435         }
436
437         /* don't leak remote entry copy */
438         if(re) {
439                 if(ov->db.bd_info->bi_entry_release_rw) {
440                         op->o_bd = &ov->db;
441                         ov->db.bd_info->bi_entry_release_rw(op, re, 0);
442                         op->o_bd = db;
443                 } else
444                         entry_free(re);
445         }
446 /*
447 ** foreach Modification:
448 **      if MOD_ADD or MOD_REPLACE, add Attribute;
449 ** if no Modifications were suitable:
450 **      if strict, throw CONSTRAINT_VIOLATION;
451 **      else, return early SUCCESS;
452 ** fabricate Entry with new Attribute chain;
453 ** glue_parent() for this Entry;
454 ** call bi_op_add() in local backend;
455 **
456 */
457
458         Debug(LDAP_DEBUG_TRACE, "=> translucent_modify: fabricating local add\n", 0, 0, 0);
459         a = NULL;
460         for(del = 0, ax = NULL, m = op->orm_modlist; m; m = m->sml_next) {
461                 Attribute atmp;
462                 if(((m->sml_op & LDAP_MOD_OP) != LDAP_MOD_ADD) &&
463                    ((m->sml_op & LDAP_MOD_OP) != LDAP_MOD_REPLACE)) {
464                         Debug(LDAP_DEBUG_ANY,
465                                 "=> translucent_modify: silently dropped modification(%d): %s\n",
466                                 m->sml_op, m->sml_desc->ad_cname.bv_val, 0);
467                         if((m->sml_op & LDAP_MOD_OP) == LDAP_MOD_DELETE) del++;
468                         continue;
469                 }
470                 atmp.a_desc = m->sml_desc;
471                 atmp.a_vals = m->sml_values;
472                 atmp.a_nvals = m->sml_nvalues ? m->sml_nvalues : atmp.a_vals;
473                 atmp.a_numvals = m->sml_numvals;
474                 atmp.a_flags = 0;
475                 a = attr_dup( &atmp );
476                 a->a_next  = ax;
477                 ax = a;
478         }
479
480         if(del && ov->strict) {
481                 attrs_free( a );
482                 send_ldap_error(op, rs, LDAP_CONSTRAINT_VIOLATION,
483                         "attempt to delete attributes from local database");
484                 return(rs->sr_err);
485         }
486
487         if(!ax) {
488                 if(ov->strict) {
489                         send_ldap_error(op, rs, LDAP_CONSTRAINT_VIOLATION,
490                                 "modification contained other than ADD or REPLACE");
491                         return(rs->sr_err);
492                 }
493                 /* rs->sr_text = "no valid modification found"; */
494                 rs->sr_err = LDAP_SUCCESS;
495                 send_ldap_result(op, rs);
496                 return(rs->sr_err);
497         }
498
499         e = entry_alloc();
500         ber_dupbv( &e->e_name, &op->o_req_dn );
501         ber_dupbv( &e->e_nname, &op->o_req_ndn );
502         e->e_attrs = a;
503
504         op->o_tag       = LDAP_REQ_ADD;
505         cb.sc_response = translucent_tag_cb;
506         cb.sc_private = op->orm_modlist;
507         op->oq_add.rs_e = e;
508
509         glue_parent(op);
510
511         cb.sc_next = op->o_callback;
512         op->o_callback = &cb;
513         rc = on->on_info->oi_orig->bi_op_add(op, &nrs);
514         if ( op->ora_e == e )
515                 entry_free( e );
516
517         return(rc);
518 }
519
520 static int translucent_compare(Operation *op, SlapReply *rs) {
521         slap_overinst *on = (slap_overinst *) op->o_bd->bd_info;
522         translucent_info *ov = on->on_bi.bi_private;
523         AttributeAssertion *ava = op->orc_ava;
524         Entry *e;
525         BackendDB *db;
526         int rc;
527
528         Debug(LDAP_DEBUG_TRACE, "==> translucent_compare: <%s> %s:%s\n",
529                 op->o_req_dn.bv_val, ava->aa_desc->ad_cname.bv_val, ava->aa_value.bv_val);
530
531 /*
532 ** if the local backend has an entry for this attribute:
533 **      CONTINUE and let it do the compare;
534 **
535 */
536         rc = overlay_entry_get_ov(op, &op->o_req_ndn, NULL, ava->aa_desc, 0, &e, on);
537         if(e && rc == LDAP_SUCCESS) {
538                 overlay_entry_release_ov(op, e, 0, on);
539                 return(SLAP_CB_CONTINUE);
540         }
541
542         if(ov->defer_db_open) {
543                 send_ldap_error(op, rs, LDAP_UNAVAILABLE,
544                         "remote DB not available");
545                 return(rs->sr_err);
546         }
547 /*
548 ** call compare() in the captive backend;
549 ** return the result;
550 **
551 */
552         db = op->o_bd;
553         op->o_bd = &ov->db;
554         op->o_callback = NULL;
555         rc = ov->db.bd_info->bi_op_compare(op, rs);
556         op->o_bd = db;
557
558         return(rc);
559 }
560
561 /*
562 ** translucent_search_cb()
563 **      merge local data with the search result
564 **
565 */
566
567 static int translucent_search_cb(Operation *op, SlapReply *rs) {
568         BackendDB *db;
569         slap_overinst *on;
570         Entry *e, *re = NULL;
571         Attribute *a, *ax, *an, *as = NULL;
572         int rc;
573
574         if(!op || !rs || rs->sr_type != REP_SEARCH || !rs->sr_entry)
575                 return(SLAP_CB_CONTINUE);
576
577         Debug(LDAP_DEBUG_TRACE, "==> translucent_search_cb: %s\n",
578                 rs->sr_entry->e_name.bv_val, 0, 0);
579
580         db = op->o_bd;
581         op->o_bd = op->o_callback->sc_private;
582         on = (slap_overinst *) op->o_bd->bd_info;
583
584         rc = overlay_entry_get_ov(op, &rs->sr_entry->e_nname, NULL, NULL, 0, &e, on);
585
586 /*
587 ** if we got an entry from local backend:
588 **      make a copy of this search result;
589 **      foreach local attr:
590 **              foreach search result attr:
591 **                      if match, result attr with local attr;
592 **                      if new local, add to list;
593 **      append new local attrs to search result;
594 **
595 */
596
597         if(e && rc == LDAP_SUCCESS) {
598                 re = entry_dup(rs->sr_entry);
599                 for(ax = e->e_attrs; ax; ax = ax->a_next) {
600 #if 0
601                         if(is_at_operational(ax->a_desc->ad_type)) continue;
602 #endif
603                         for(a = re->e_attrs; a; a = a->a_next) {
604                                 if(a->a_desc == ax->a_desc) {
605                                         if(a->a_vals != a->a_nvals)
606                                                 ber_bvarray_free(a->a_nvals);
607                                         ber_bvarray_free(a->a_vals);
608                                         a->a_vals = dup_bervarray(ax->a_vals);
609                                         a->a_nvals = (ax->a_vals == ax->a_nvals) ?
610                                                 a->a_vals : dup_bervarray(ax->a_nvals);
611                                         break;
612                                 }
613                         }
614                         if(a) continue;
615                         an = attr_dup(ax);
616                         an->a_next = as;
617                         as = an;
618                 }
619                 overlay_entry_release_ov(op, e, 0, on);
620
621                 /* literally append, so locals are always last */
622                 if(as) {
623                         if(re->e_attrs) {
624                                 for(ax = re->e_attrs; ax->a_next; ax = ax->a_next);
625                                 ax->a_next = as;
626                         } else {
627                                 re->e_attrs = as;
628                         }
629                 }
630                 rs->sr_entry = re;
631                 rs->sr_flags |= REP_ENTRY_MUSTBEFREED;
632         }
633
634         op->o_bd = db;
635         return(SLAP_CB_CONTINUE);
636 }
637
638 /*
639 ** translucent_search()
640 **      search via captive backend;
641 **      override results with any local data;
642 **
643 */
644
645 static int translucent_search(Operation *op, SlapReply *rs) {
646         slap_overinst *on = (slap_overinst *) op->o_bd->bd_info;
647         translucent_info *ov = on->on_bi.bi_private;
648         slap_callback cb = { NULL, NULL, NULL, NULL };
649         int rc;
650
651         Debug(LDAP_DEBUG_TRACE, "==> translucent_search: <%s> %s\n",
652                 op->o_req_dn.bv_val, op->ors_filterstr.bv_val, 0);
653
654         if(ov->defer_db_open) {
655                 send_ldap_error(op, rs, LDAP_UNAVAILABLE,
656                         "remote DB not available");
657                 return(rs->sr_err);
658         }
659         cb.sc_response = (slap_response *) translucent_search_cb;
660         cb.sc_private = op->o_bd;
661         cb.sc_next = op->o_callback;
662
663         op->o_callback = &cb;
664         op->o_bd = &ov->db;
665         rc = ov->db.bd_info->bi_op_search(op, rs);
666         op->o_bd = cb.sc_private;
667
668         return rc;
669 }
670
671
672 /*
673 ** translucent_bind()
674 **      pass bind request to captive backend;
675 **
676 */
677
678 static int translucent_bind(Operation *op, SlapReply *rs) {
679         slap_overinst *on = (slap_overinst *) op->o_bd->bd_info;
680         translucent_info *ov = on->on_bi.bi_private;
681         BackendDB *db;
682         int rc;
683
684         Debug(LDAP_DEBUG_TRACE, "translucent_bind: <%s> method %d\n",
685                 op->o_req_dn.bv_val, op->orb_method, 0);
686
687         if(ov->defer_db_open) {
688                 send_ldap_error(op, rs, LDAP_UNAVAILABLE,
689                         "remote DB not available");
690                 return(rs->sr_err);
691         }
692         db = op->o_bd;
693         op->o_bd = &ov->db;
694         rc = ov->db.bd_info->bi_op_bind(op, rs);
695         op->o_bd = db;
696         return rc;
697 }
698
699 /*
700 ** translucent_connection_destroy()
701 **      pass disconnect notification to captive backend;
702 **
703 */
704
705 static int translucent_connection_destroy(BackendDB *be, Connection *conn) {
706         slap_overinst *on = (slap_overinst *) be->bd_info;
707         translucent_info *ov = on->on_bi.bi_private;
708         int rc = 0;
709
710         Debug(LDAP_DEBUG_TRACE, "translucent_connection_destroy\n", 0, 0, 0);
711
712         rc = ov->db.bd_info->bi_connection_destroy(&ov->db, conn);
713
714         return(rc);
715 }
716
717 /*
718 ** translucent_db_config()
719 **      pass config directives to captive backend;
720 **      parse unrecognized directives ourselves;
721 **
722 */
723
724 static int translucent_db_config(
725         BackendDB       *be,
726         const char      *fname,
727         int             lineno,
728         int             argc,
729         char            **argv
730 )
731 {
732         slap_overinst *on = (slap_overinst *) be->bd_info;
733         translucent_info *ov = on->on_bi.bi_private;
734
735         Debug(LDAP_DEBUG_TRACE, "==> translucent_db_config: %s\n",
736               argc ? argv[0] : "", 0, 0);
737
738         /* Something for the captive database? */
739         if ( ov->db.bd_info && ov->db.bd_info->bi_db_config )
740                 return ov->db.bd_info->bi_db_config( &ov->db, fname, lineno,
741                         argc, argv );
742         return SLAP_CONF_UNKNOWN;
743 }
744
745 /*
746 ** translucent_db_init()
747 **      initialize the captive backend;
748 **
749 */
750
751 static int translucent_db_init(BackendDB *be, ConfigReply *cr) {
752         slap_overinst *on = (slap_overinst *) be->bd_info;
753         translucent_info *ov;
754
755         Debug(LDAP_DEBUG_TRACE, "==> translucent_db_init\n", 0, 0, 0);
756
757         ov = ch_calloc(1, sizeof(translucent_info));
758         on->on_bi.bi_private = ov;
759         ov->db = *be;
760         ov->db.be_private = NULL;
761         ov->db.be_pcl_mutexp = &ov->db.be_pcl_mutex;
762         ov->defer_db_open = 1;
763
764         if ( !backend_db_init( "ldap", &ov->db, -1, NULL )) {
765                 Debug( LDAP_DEBUG_CONFIG, "translucent: unable to open captive back-ldap\n", 0, 0, 0);
766                 return 1;
767         }
768         SLAP_DBFLAGS(be) |= SLAP_DBFLAG_NO_SCHEMA_CHECK;
769         SLAP_DBFLAGS(be) |= SLAP_DBFLAG_NOLASTMOD;
770
771         return 0;
772 }
773
774 /*
775 ** translucent_db_open()
776 **      if the captive backend has an open() method, call it;
777 **
778 */
779
780 static int translucent_db_open(BackendDB *be, ConfigReply *cr) {
781         slap_overinst *on = (slap_overinst *) be->bd_info;
782         translucent_info *ov = on->on_bi.bi_private;
783         int rc;
784
785         Debug(LDAP_DEBUG_TRACE, "==> translucent_db_open\n", 0, 0, 0);
786
787         /* need to inherit something from the original database... */
788         ov->db.be_def_limit = be->be_def_limit;
789         ov->db.be_limits = be->be_limits;
790         ov->db.be_acl = be->be_acl;
791         ov->db.be_dfltaccess = be->be_dfltaccess;
792
793         if ( ov->defer_db_open )
794                 return 0;
795
796         rc = backend_startup_one( &ov->db, NULL );
797
798         if(rc) Debug(LDAP_DEBUG_TRACE,
799                 "translucent: bi_db_open() returned error %d\n", rc, 0, 0);
800
801         return(rc);
802 }
803
804 /*
805 ** translucent_db_close()
806 **      if the captive backend has a close() method, call it;
807 **      free any config data;
808 **
809 */
810
811 static int
812 translucent_db_close( BackendDB *be, ConfigReply *cr )
813 {
814         slap_overinst *on = (slap_overinst *) be->bd_info;
815         translucent_info *ov = on->on_bi.bi_private;
816         int rc = 0;
817
818         Debug(LDAP_DEBUG_TRACE, "==> translucent_db_close\n", 0, 0, 0);
819
820         if ( ov && ov->db.bd_info && ov->db.bd_info->bi_db_close ) {
821                 rc = ov->db.bd_info->bi_db_close(&ov->db, NULL);
822         }
823
824         return(rc);
825 }
826
827 /*
828 ** translucent_db_destroy()
829 **      if the captive backend has a db_destroy() method, call it
830 **
831 */
832
833 static int
834 translucent_db_destroy( BackendDB *be, ConfigReply *cr )
835 {
836         slap_overinst *on = (slap_overinst *) be->bd_info;
837         translucent_info *ov = on->on_bi.bi_private;
838         int rc = 0;
839
840         Debug(LDAP_DEBUG_TRACE, "==> translucent_db_destroy\n", 0, 0, 0);
841
842         if ( ov ) {
843                 if ( ov->db.be_private != NULL ) {
844                         backend_stopdown_one( &ov->db );
845                 }
846
847                 ch_free(ov);
848                 on->on_bi.bi_private = NULL;
849         }
850
851         return(rc);
852 }
853
854 /*
855 ** translucent_initialize()
856 **      initialize the slap_overinst with our entry points;
857 **
858 */
859
860 int translucent_initialize() {
861
862         int rc;
863
864         Debug(LDAP_DEBUG_TRACE, "==> translucent_initialize\n", 0, 0, 0);
865
866         translucent.on_bi.bi_type       = "translucent";
867         translucent.on_bi.bi_db_init    = translucent_db_init;
868         translucent.on_bi.bi_db_config  = translucent_db_config;
869         translucent.on_bi.bi_db_open    = translucent_db_open;
870         translucent.on_bi.bi_db_close   = translucent_db_close;
871         translucent.on_bi.bi_db_destroy = translucent_db_destroy;
872         translucent.on_bi.bi_op_bind    = translucent_bind;
873         translucent.on_bi.bi_op_add     = translucent_add;
874         translucent.on_bi.bi_op_modify  = translucent_modify;
875         translucent.on_bi.bi_op_modrdn  = translucent_modrdn;
876         translucent.on_bi.bi_op_delete  = translucent_delete;
877         translucent.on_bi.bi_op_search  = translucent_search;
878         translucent.on_bi.bi_op_compare = translucent_compare;
879         translucent.on_bi.bi_connection_destroy = translucent_connection_destroy;
880
881         translucent.on_bi.bi_cf_ocs = translucentocs;
882         rc = config_register_schema ( translucentcfg, translucentocs );
883         if ( rc ) return rc;
884
885         return(overlay_register(&translucent));
886 }
887
888 #if SLAPD_OVER_TRANSLUCENT == SLAPD_MOD_DYNAMIC && defined(PIC)
889 int init_module(int argc, char *argv[]) {
890         return translucent_initialize();
891 }
892 #endif
893
894 #endif /* SLAPD_OVER_TRANSLUCENT */