1 /* translucent.c - translucent proxy module */
3 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
5 * Copyright 2004-2006 The OpenLDAP Foundation.
6 * Portions Copyright 2005 Symas Corporation.
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted only as authorized by the OpenLDAP
13 * A copy of this license is available in the file LICENSE in the
14 * top-level directory of the distribution or, alternatively, at
15 * <http://www.OpenLDAP.org/license.html>.
18 * This work was initially developed by Symas Corp. for inclusion in
19 * OpenLDAP Software. This work was sponsored by Hewlett-Packard.
24 #ifdef SLAPD_OVER_TRANSLUCENT
28 #include <ac/string.h>
29 #include <ac/socket.h>
36 typedef struct translucent_configuration {
41 } translucent_configuration;
43 /* stack of captive backends */
45 typedef struct overlay_stack {
46 BackendInfo *info; /* captive backend */
47 void *private; /* local backend_private */
48 translucent_configuration *config; /* our_private: configuration */
51 /* for translucent_init() */
53 static slap_overinst translucent;
57 ** call syncrepl_add_glue() with the parent suffix;
61 static struct berval glue[] = { BER_BVC("top"), BER_BVC("glue"), BER_BVNULL };
63 void glue_parent(Operation *op) {
65 slap_overinst *on = (slap_overinst *) op->o_bd->bd_info;
66 struct berval ndn = BER_BVNULL;
71 dnParent( &op->o_req_ndn, &pdn );
72 ber_dupbv_x( &ndn, &pdn, op->o_tmpmemctx );
74 Debug(LDAP_DEBUG_TRACE, "=> glue_parent: fabricating glue for <%s>\n", ndn.bv_val, 0, 0);
76 e = ch_calloc(1, sizeof(Entry));
78 ber_dupbv(&e->e_name, &ndn);
79 ber_dupbv(&e->e_nname, &ndn);
81 a = ch_calloc(1, sizeof(Attribute));
82 a->a_desc = slap_schema.si_ad_objectClass;
83 a->a_vals = ch_malloc(sizeof(struct berval) * 3);
84 ber_dupbv(&a->a_vals[0], &glue[0]);
85 ber_dupbv(&a->a_vals[1], &glue[1]);
86 ber_dupbv(&a->a_vals[2], &glue[2]);
87 a->a_nvals = a->a_vals;
88 a->a_next = e->e_attrs;
91 a = ch_calloc(1, sizeof(Attribute));
92 a->a_desc = slap_schema.si_ad_structuralObjectClass;
93 a->a_vals = ch_malloc(sizeof(struct berval) * 2);
94 ber_dupbv(&a->a_vals[0], &glue[1]);
95 ber_dupbv(&a->a_vals[1], &glue[2]);
96 a->a_nvals = a->a_vals;
97 a->a_next = e->e_attrs;
103 nop.o_bd->bd_info = (BackendInfo *) on->on_info->oi_orig;
105 syncrepl_add_glue(&nop, e);
107 op->o_tmpfree( ndn.bv_val, op->o_tmpmemctx );
117 BerVarray dup_bervarray(BerVarray b) {
120 for(len = 0; b[len].bv_val; len++);
121 nb = ch_malloc((len+1) * sizeof(BerValue));
122 for(i = 0; i < len; i++) ber_dupbv(&nb[i], &b[i]);
123 nb[len].bv_val = NULL;
130 ** free only the Attribute*, not the contents;
133 void free_attr_chain(Attribute *a) {
144 ** if not bound as root, send ACCESS error;
145 ** if config.glue, glue_parent();
150 static int translucent_add(Operation *op, SlapReply *rs) {
151 slap_overinst *on = (slap_overinst *) op->o_bd->bd_info;
152 overlay_stack *ov = on->on_bi.bi_private;
153 Debug(LDAP_DEBUG_TRACE, "==> translucent_add: %s\n",
154 op->o_req_dn.bv_val, 0, 0);
156 op->o_bd->bd_info = (BackendInfo *) on->on_info;
157 send_ldap_error(op, rs, LDAP_INSUFFICIENT_ACCESS,
158 "user modification of overlay database not permitted");
161 if(!ov->config->glue) glue_parent(op);
162 return(SLAP_CB_CONTINUE);
166 ** translucent_modrdn()
167 ** if not bound as root, send ACCESS error;
168 ** if !config.glue, glue_parent();
169 ** else return CONTINUE;
173 static int translucent_modrdn(Operation *op, SlapReply *rs) {
174 slap_overinst *on = (slap_overinst *) op->o_bd->bd_info;
175 overlay_stack *ov = on->on_bi.bi_private;
176 Debug(LDAP_DEBUG_TRACE, "==> translucent_modrdn: %s -> %s\n",
177 op->o_req_dn.bv_val, op->orr_newrdn.bv_val, 0);
179 op->o_bd->bd_info = (BackendInfo *) on->on_info;
180 send_ldap_error(op, rs, LDAP_INSUFFICIENT_ACCESS,
181 "user modification of overlay database not permitted");
184 if(!ov->config->glue) glue_parent(op);
185 return(SLAP_CB_CONTINUE);
189 ** translucent_delete()
190 ** if not bound as root, send ACCESS error;
191 ** else return CONTINUE;
195 static int translucent_delete(Operation *op, SlapReply *rs) {
196 slap_overinst *on = (slap_overinst *) op->o_bd->bd_info;
197 Debug(LDAP_DEBUG_TRACE, "==> translucent_delete: %s\n",
198 op->o_req_dn.bv_val, 0, 0);
200 op->o_bd->bd_info = (BackendInfo *) on->on_info;
201 send_ldap_error(op, rs, LDAP_INSUFFICIENT_ACCESS,
202 "user modification of overlay database not permitted");
205 return(SLAP_CB_CONTINUE);
209 translucent_tag_cb( Operation *op, SlapReply *rs )
211 op->o_tag = (ber_tag_t)op->o_callback->sc_private;
212 rs->sr_tag = slap_req2res( op->o_tag );
214 return SLAP_CB_CONTINUE;
218 ** translucent_modify()
219 ** modify in local backend if exists in both;
220 ** otherwise, add to local backend;
221 ** fail if not defined in captive backend;
225 static int translucent_modify(Operation *op, SlapReply *rs) {
226 SlapReply nrs = { REP_RESULT };
229 slap_overinst *on = (slap_overinst *) op->o_bd->bd_info;
230 overlay_stack *ov = on->on_bi.bi_private;
231 void *private = op->o_bd->be_private;
232 Entry ne, *e = NULL, *re = NULL;
234 Modifications *m, *mm;
235 int del, rc, erc = 0;
236 slap_callback cb = { 0 };
238 Debug(LDAP_DEBUG_TRACE, "==> translucent_modify: %s\n",
239 op->o_req_dn.bv_val, 0, 0);
242 ** fetch entry from the captive backend;
243 ** if it did not exist, fail;
244 ** release it, if captive backend supports this;
248 op->o_bd->bd_info = (BackendInfo *) on->on_info;
249 op->o_bd->be_private = ov->private;
250 rc = ov->info->bi_entry_get_rw(op, &op->o_req_ndn, NULL, NULL, 0, &re);
251 op->o_bd->be_private = private;
253 /* if(ov->config->no_add && (!re || rc != LDAP_SUCCESS)) */
254 if(rc != LDAP_SUCCESS || re == NULL ) {
255 send_ldap_error(op, rs, LDAP_NO_SUCH_OBJECT,
256 "attempt to modify nonexistent local record");
261 ** fetch entry from local backend;
263 ** foreach Modification:
264 ** if attr not present in local:
265 ** if Mod == LDAP_MOD_DELETE:
266 ** if remote attr not present, return NO_SUCH;
267 ** if remote attr present, drop this Mod;
268 ** else force this Mod to LDAP_MOD_ADD;
273 rc = be_entry_get_rw(op, &op->o_req_ndn, NULL, NULL, 0, &e);
275 if(e && rc == LDAP_SUCCESS) {
276 Debug(LDAP_DEBUG_TRACE, "=> translucent_modify: found local entry\n", 0, 0, 0);
277 for(m = op->orm_modlist; m; m = m->sml_next) {
278 for(a = e->e_attrs; a; a = a->a_next)
279 if(a->a_desc == m->sml_desc) break;
280 if(a) continue; /* found local attr */
281 if(m->sml_op == LDAP_MOD_DELETE) {
282 for(a = re->e_attrs; a; a = a->a_next)
283 if(a->a_desc == m->sml_desc) break;
284 /* not found remote attr */
286 erc = LDAP_NO_SUCH_ATTRIBUTE;
289 if(ov->config->strict) {
290 erc = LDAP_CONSTRAINT_VIOLATION;
293 Debug(LDAP_DEBUG_TRACE,
294 "=> translucent_modify: silently dropping delete: %s\n",
295 m->sml_desc->ad_cname.bv_val, 0, 0);
296 for(mm = op->orm_modlist; mm->sml_next != m; mm = mm->sml_next);
297 mm->sml_next = m->sml_next;
300 mm->sml_next = NULL; /* hack */
301 slap_mods_free(mm, 1);
304 m->sml_op = LDAP_MOD_ADD;
306 erc = SLAP_CB_CONTINUE;
309 op->o_bd->be_private = ov->private;
310 if(ov->info->bi_entry_release_rw)
311 ov->info->bi_entry_release_rw(op, re, 0);
314 op->o_bd->be_private = private;
316 be_entry_release_r(op, e);
317 if(erc == SLAP_CB_CONTINUE) {
318 op->o_bd->bd_info = (BackendInfo *) on;
321 send_ldap_error(op, rs, erc,
322 "attempt to delete nonexistent attribute");
327 /* don't leak remote entry copy */
329 op->o_bd->be_private = ov->private;
330 if(ov->info->bi_entry_release_rw)
331 ov->info->bi_entry_release_rw(op, re, 0);
334 op->o_bd->be_private = private;
337 ** foreach Modification:
338 ** if MOD_ADD or MOD_REPLACE, add Attribute;
339 ** if no Modifications were suitable:
340 ** if config.strict, throw CONSTRAINT_VIOLATION;
341 ** else, return early SUCCESS;
342 ** fabricate Entry with new Attribute chain;
343 ** glue_parent() for this Entry;
344 ** call bi_op_add() in local backend;
348 Debug(LDAP_DEBUG_TRACE, "=> translucent_modify: fabricating local add\n", 0, 0, 0);
350 for(del = 0, ax = NULL, m = op->orm_modlist; m; m = m->sml_next) {
351 if(((m->sml_op & LDAP_MOD_OP) != LDAP_MOD_ADD) &&
352 ((m->sml_op & LDAP_MOD_OP) != LDAP_MOD_REPLACE)) {
353 Debug(LDAP_DEBUG_ANY,
354 "=> translucent_modify: silently dropped modification(%d): %s\n",
355 m->sml_op, m->sml_desc->ad_cname.bv_val, 0);
356 if((m->sml_op & LDAP_MOD_OP) == LDAP_MOD_DELETE) del++;
359 a = ch_calloc(1, sizeof(Attribute));
360 a->a_desc = m->sml_desc;
361 a->a_vals = m->sml_values;
362 a->a_nvals = m->sml_nvalues;
367 if(del && ov->config->strict) {
369 send_ldap_error(op, rs, LDAP_CONSTRAINT_VIOLATION,
370 "attempt to delete attributes from local database");
375 if(ov->config->strict) {
376 send_ldap_error(op, rs, LDAP_CONSTRAINT_VIOLATION,
377 "modification contained other than ADD or REPLACE");
380 op->o_bd->bd_info = (BackendInfo *) on;
381 /* rs->sr_text = "no valid modification found"; */
382 rs->sr_err = LDAP_SUCCESS;
383 send_ldap_result(op, rs);
388 ne.e_name = op->o_req_dn;
389 ne.e_nname = op->o_req_ndn;
393 ne.e_bv.bv_val = NULL;
396 nop.o_tag = LDAP_REQ_ADD;
397 nop.oq_add.rs_e = ≠
399 op->o_bd->bd_info = (BackendInfo *) on;
402 cb.sc_response = translucent_tag_cb;
403 cb.sc_private = (void *)LDAP_REQ_MODIFY;
404 cb.sc_next = nop.o_callback;
405 nop.o_callback = &cb;
406 rc = on->on_info->oi_orig->bi_op_add(&nop, &nrs);
412 static int translucent_compare(Operation *op, SlapReply *rs) {
413 slap_overinst *on = (slap_overinst *) op->o_bd->bd_info;
414 overlay_stack *ov = on->on_bi.bi_private;
415 void *private = op->o_bd->be_private;
417 AttributeAssertion *ava = op->orc_ava;
421 Debug(LDAP_DEBUG_TRACE, "==> translucent_compare: <%s> %s:%s\n",
422 op->o_req_dn.bv_val, ava->aa_desc->ad_cname.bv_val, ava->aa_value.bv_val);
425 ** if the local backend has an entry for this attribute:
426 ** CONTINUE and let it do the compare;
430 op->o_bd->bd_info = (BackendInfo *) on->on_info;
431 rc = be_entry_get_rw(op, &op->o_req_ndn, NULL, ava->aa_desc, 0, &e);
432 if(e && rc == LDAP_SUCCESS) {
433 be_entry_release_r(op, e);
434 op->o_bd->bd_info = (BackendInfo *) on;
435 return(SLAP_CB_CONTINUE);
439 ** call compare() in the captive backend;
440 ** return the result;
444 op->o_bd->be_private = ov->private;
445 rc = ov->info->bi_op_compare(op, rs);
446 op->o_bd->be_private = private;
447 op->o_bd->bd_info = (BackendInfo *) on;
452 ** translucent_search_cb()
453 ** merge local data with the search result
457 static int translucent_search_cb(Operation *op, SlapReply *rs) {
459 Entry *e, *re = NULL;
460 Attribute *a, *ax, *an, *as = NULL;
464 if(!op || !rs || rs->sr_type != REP_SEARCH || !rs->sr_entry)
465 return(SLAP_CB_CONTINUE);
467 Debug(LDAP_DEBUG_TRACE, "==> tranclucent_search_cb: %s\n",
468 rs->sr_entry->e_name.bv_val, 0, 0);
470 on = (slap_overinst *) op->o_bd->bd_info;
471 op->o_bd->bd_info = (BackendInfo *) on->on_info;
473 private = op->o_bd->be_private;
474 op->o_bd->be_private = op->o_callback->sc_private;
476 rc = be_entry_get_rw(op, &rs->sr_entry->e_nname, NULL, NULL, 0, &e);
479 ** if we got an entry from local backend:
480 ** make a copy of this search result;
481 ** foreach local attr:
482 ** foreach search result attr:
483 ** if match, result attr with local attr;
484 ** if new local, add to list;
485 ** append new local attrs to search result;
489 if(e && rc == LDAP_SUCCESS) {
490 re = entry_dup(rs->sr_entry);
491 for(ax = e->e_attrs; ax; ax = ax->a_next) {
493 if(is_at_operational(ax->a_desc->ad_type)) continue;
495 for(a = re->e_attrs; a; a = a->a_next) {
496 if(a->a_desc == ax->a_desc) {
497 if(a->a_vals != a->a_nvals)
498 ber_bvarray_free(a->a_nvals);
499 ber_bvarray_free(a->a_vals);
500 a->a_vals = dup_bervarray(ax->a_vals);
501 a->a_nvals = (ax->a_vals == ax->a_nvals) ?
502 a->a_vals : dup_bervarray(ax->a_nvals);
511 be_entry_release_r(op, e);
513 /* literally append, so locals are always last */
516 for(ax = re->e_attrs; ax->a_next; ax = ax->a_next);
523 rs->sr_flags |= REP_ENTRY_MUSTBEFREED;
526 op->o_bd->be_private = private;
527 op->o_bd->bd_info = (BackendInfo *) on;
529 return(SLAP_CB_CONTINUE);
533 ** translucent_search()
534 ** search via captive backend;
535 ** override results with any local data;
539 static int translucent_search(Operation *op, SlapReply *rs) {
542 slap_overinst *on = (slap_overinst *) op->o_bd->bd_info;
543 slap_callback cb = { NULL, NULL, NULL, NULL };
544 overlay_stack *ov = on->on_bi.bi_private;
545 void *private = op->o_bd->be_private;
548 Debug(LDAP_DEBUG_TRACE, "==> translucent_search: <%s> %s\n",
549 op->o_req_dn.bv_val, op->ors_filterstr.bv_val, 0);
550 cb.sc_response = (slap_response *) translucent_search_cb;
551 cb.sc_private = private;
553 cb.sc_next = nop.o_callback;
554 nop.o_callback = &cb;
556 op->o_bd->be_private = ov->private;
557 rc = ov->info->bi_op_search(&nop, rs);
558 op->o_bd->be_private = private;
565 ** translucent_bind()
566 ** pass bind request to captive backend;
570 static int translucent_bind(Operation *op, SlapReply *rs) {
571 slap_overinst *on = (slap_overinst *) op->o_bd->bd_info;
572 overlay_stack *ov = on->on_bi.bi_private;
573 void *private = op->o_bd->be_private;
576 Debug(LDAP_DEBUG_TRACE, "translucent_bind: <%s> method %d\n",
577 op->o_req_dn.bv_val, op->orb_method, 0);
579 op->o_bd->be_private = ov->private;
580 rc = ov->info->bi_op_bind(op, rs);
581 op->o_bd->be_private = private;
587 ** translucent_connection_destroy()
588 ** pass disconnect notification to captive backend;
592 static int translucent_connection_destroy(BackendDB *be, Connection *conn) {
593 slap_overinst *on = (slap_overinst *) be->bd_info;
594 overlay_stack *ov = on->on_bi.bi_private;
595 void *private = be->be_private;
598 Debug(LDAP_DEBUG_TRACE, "translucent_connection_destroy\n", 0, 0, 0);
600 be->be_private = ov->private;
601 rc = ov->info->bi_connection_destroy(be, conn);
602 be->be_private = private;
608 ** translucent_db_config()
609 ** pass config directives to captive backend;
610 ** parse unrecognized directives ourselves;
614 static int translucent_db_config(
622 slap_overinst *on = (slap_overinst *) be->bd_info;
623 overlay_stack *ov = on->on_bi.bi_private;
624 void *private = be->be_private;
625 void *be_cf_ocs = be->be_cf_ocs;
628 /* "this should never happen" */
630 fprintf(stderr, "fatal: captive backend not initialized");
634 be->be_private = ov->private;
635 be->be_cf_ocs = ov->info->bi_cf_ocs;
636 rc = ov->info->bi_db_config ? ov->info->bi_db_config(be, fname, lineno, argc, argv) : 0;
637 be->be_private = private;
638 be->be_cf_ocs = be_cf_ocs;
640 /* pass okay or error up, SLAP_CONF_UNKNOWN might be ours */
641 if(rc == 0 || rc == 1) return(rc);
644 if(!strcasecmp(*argv, "translucent_strict")) {
645 ov->config->strict++;
646 } else if(!strcasecmp(*argv, "translucent_no_add")) {
647 ov->config->no_add++;
648 } else if(!strcasecmp(*argv, "translucent_no_glue")) {
650 } else if(!strcasecmp(*argv, "translucent_debug")) {
652 ov->config->debug = 0xFFFF;
654 } else if(argc == 2) {
655 if ( lutil_atoi( &ov->config->debug, argv[1]) != 0 ) {
656 fprintf(stderr, "%s: line %d: unable to parse debug \"%s\"\n",
657 fname, lineno, argv[1]);
662 fprintf(stderr, "%s: line %d: too many arguments (%d) to debug\n",
663 fname, lineno, argc);
667 fprintf(stderr, "%s: line %d: unknown keyword %s\n",
668 fname, lineno, *argv);
669 rc = SLAP_CONF_UNKNOWN;
675 ** translucent_db_init()
676 ** initialize the captive backend;
680 static int translucent_db_init(BackendDB *be) {
681 slap_overinst *on = (slap_overinst *) be->bd_info;
682 void *private = be->be_private;
686 Debug(LDAP_DEBUG_TRACE, "==> translucent_init\n", 0, 0, 0);
688 ov = ch_calloc(1, sizeof(overlay_stack));
689 ov->config = ch_calloc(1, sizeof(translucent_configuration));
690 ov->info = backend_info("ldap");
693 Debug(LDAP_DEBUG_ANY, "translucent: backend_info failed!\n", 0, 0, 0);
697 /* forcibly disable schema checking on the local backend */
698 SLAP_DBFLAGS(be) |= SLAP_DBFLAG_NO_SCHEMA_CHECK;
700 be->be_private = NULL;
701 rc = ov->info->bi_db_init ? ov->info->bi_db_init(be) : 0;
703 if(rc) Debug(LDAP_DEBUG_TRACE,
704 "translucent: bi_db_init() returned error %d\n", rc, 0, 0);
706 ov->private = be->be_private;
707 be->be_private = private;
708 on->on_bi.bi_private = ov;
713 ** translucent_db_open()
714 ** if the captive backend has an open() method, call it;
718 static int translucent_db_open(BackendDB *be) {
719 slap_overinst *on = (slap_overinst *) be->bd_info;
720 overlay_stack *ov = on->on_bi.bi_private;
721 void *private = be->be_private;
724 /* "should never happen" */
726 Debug(LDAP_DEBUG_ANY, "translucent_open() called with bad ov->info\n", 0, 0, 0);
730 Debug(LDAP_DEBUG_TRACE, "translucent_open\n", 0, 0, 0);
732 be->be_private = ov->private;
733 rc = ov->info->bi_db_open ? ov->info->bi_db_open(be) : 0;
734 be->be_private = private;
736 if(rc) Debug(LDAP_DEBUG_TRACE,
737 "translucent: bi_db_open() returned error %d\n", rc, 0, 0);
743 ** translucent_db_close()
744 ** if the captive backend has a close() method, call it;
745 ** free any config data;
749 static int translucent_db_close(BackendDB *be) {
750 slap_overinst *on = (slap_overinst *) be->bd_info;
751 overlay_stack *ov = on->on_bi.bi_private;
755 void *private = be->be_private;
757 be->be_private = ov->private;
758 rc = (ov->info && ov->info->bi_db_close) ? ov->info->bi_db_close(be) : 0;
759 be->be_private = private;
760 if(ov->config) ch_free(ov->config);
768 ** translucent_db_destroy()
769 ** if the captive backend has a db_destroy() method, call it
773 static int translucent_db_destroy(BackendDB *be) {
774 slap_overinst *on = (slap_overinst *) be->bd_info;
775 overlay_stack *ov = on->on_bi.bi_private;
779 void *private = be->be_private;
781 be->be_private = ov->private;
782 rc = (ov->info && ov->info->bi_db_destroy) ? ov->info->bi_db_destroy(be) : 0;
783 be->be_private = private;
785 on->on_bi.bi_private = NULL;
792 ** translucent_initialize()
793 ** initialize the slap_overinst with our entry points;
797 int translucent_initialize() {
799 translucent.on_bi.bi_type = "translucent";
800 translucent.on_bi.bi_db_init = translucent_db_init;
801 translucent.on_bi.bi_db_config = translucent_db_config;
802 translucent.on_bi.bi_db_open = translucent_db_open;
803 translucent.on_bi.bi_db_close = translucent_db_close;
804 translucent.on_bi.bi_db_destroy = translucent_db_destroy;
805 translucent.on_bi.bi_op_bind = translucent_bind;
806 translucent.on_bi.bi_op_add = translucent_add;
807 translucent.on_bi.bi_op_modify = translucent_modify;
808 translucent.on_bi.bi_op_modrdn = translucent_modrdn;
809 translucent.on_bi.bi_op_delete = translucent_delete;
810 translucent.on_bi.bi_op_search = translucent_search;
811 translucent.on_bi.bi_op_compare = translucent_compare;
812 translucent.on_bi.bi_connection_destroy = translucent_connection_destroy;
814 return(overlay_register(&translucent));
817 #if SLAPD_OVER_TRANSLUCENT == SLAPD_MOD_DYNAMIC && defined(PIC)
818 int init_module(int argc, char *argv[]) {
819 return translucent_initialize();
823 #endif /* SLAPD_OVER_TRANSLUCENT */