1 /* translucent.c - translucent proxy module */
3 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
5 * Copyright 2004-2006 The OpenLDAP Foundation.
6 * Portions Copyright 2005 Symas Corporation.
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted only as authorized by the OpenLDAP
13 * A copy of this license is available in the file LICENSE in the
14 * top-level directory of the distribution or, alternatively, at
15 * <http://www.OpenLDAP.org/license.html>.
18 * This work was initially developed by Symas Corp. for inclusion in
19 * OpenLDAP Software. This work was sponsored by Hewlett-Packard.
24 #ifdef SLAPD_OVER_TRANSLUCENT
28 #include <ac/string.h>
29 #include <ac/socket.h>
36 typedef struct translucent_configuration {
41 } translucent_configuration;
43 /* stack of captive backends */
45 typedef struct overlay_stack {
46 BackendInfo *info; /* captive backend */
47 void *private; /* local backend_private */
48 translucent_configuration *config; /* our_private: configuration */
51 /* for translucent_init() */
53 static slap_overinst translucent;
57 ** call syncrepl_add_glue() with the parent suffix;
61 static struct berval glue[] = { BER_BVC("top"), BER_BVC("glue"), BER_BVNULL };
63 void glue_parent(Operation *op) {
65 slap_overinst *on = (slap_overinst *) op->o_bd->bd_info;
66 struct berval ndn = BER_BVNULL;
71 dnParent( &op->o_req_ndn, &pdn );
72 ber_dupbv_x( &ndn, &pdn, op->o_tmpmemctx );
74 Debug(LDAP_DEBUG_TRACE, "=> glue_parent: fabricating glue for <%s>\n", ndn.bv_val, 0, 0);
76 e = ch_calloc(1, sizeof(Entry));
78 ber_dupbv(&e->e_name, &ndn);
79 ber_dupbv(&e->e_nname, &ndn);
81 a = ch_calloc(1, sizeof(Attribute));
82 a->a_desc = slap_schema.si_ad_objectClass;
83 a->a_vals = ch_malloc(sizeof(struct berval) * 3);
84 ber_dupbv(&a->a_vals[0], &glue[0]);
85 ber_dupbv(&a->a_vals[1], &glue[1]);
86 ber_dupbv(&a->a_vals[2], &glue[2]);
87 a->a_nvals = a->a_vals;
88 a->a_next = e->e_attrs;
91 a = ch_calloc(1, sizeof(Attribute));
92 a->a_desc = slap_schema.si_ad_structuralObjectClass;
93 a->a_vals = ch_malloc(sizeof(struct berval) * 2);
94 ber_dupbv(&a->a_vals[0], &glue[1]);
95 ber_dupbv(&a->a_vals[1], &glue[2]);
96 a->a_nvals = a->a_vals;
97 a->a_next = e->e_attrs;
103 nop.o_bd->bd_info = (BackendInfo *) on->on_info->oi_orig;
105 syncrepl_add_glue(&nop, e);
107 op->o_tmpfree( ndn.bv_val, op->o_tmpmemctx );
117 BerVarray dup_bervarray(BerVarray b) {
120 for(len = 0; b[len].bv_val; len++);
121 nb = ch_malloc((len+1) * sizeof(BerValue));
122 for(i = 0; i < len; i++) ber_dupbv(&nb[i], &b[i]);
123 nb[len].bv_val = NULL;
130 ** free only the Attribute*, not the contents;
133 void free_attr_chain(Attribute *a) {
144 ** if not bound as root, send ACCESS error;
145 ** if config.glue, glue_parent();
150 static int translucent_add(Operation *op, SlapReply *rs) {
151 slap_overinst *on = (slap_overinst *) op->o_bd->bd_info;
152 overlay_stack *ov = on->on_bi.bi_private;
153 Debug(LDAP_DEBUG_TRACE, "==> translucent_add: %s\n",
154 op->o_req_dn.bv_val, 0, 0);
156 op->o_bd->bd_info = (BackendInfo *) on->on_info;
157 send_ldap_error(op, rs, LDAP_INSUFFICIENT_ACCESS,
158 "user modification of overlay database not permitted");
161 if(!ov->config->glue) glue_parent(op);
162 return(SLAP_CB_CONTINUE);
166 ** translucent_modrdn()
167 ** if not bound as root, send ACCESS error;
168 ** if !config.glue, glue_parent();
169 ** else return CONTINUE;
173 static int translucent_modrdn(Operation *op, SlapReply *rs) {
174 slap_overinst *on = (slap_overinst *) op->o_bd->bd_info;
175 overlay_stack *ov = on->on_bi.bi_private;
176 Debug(LDAP_DEBUG_TRACE, "==> translucent_modrdn: %s -> %s\n",
177 op->o_req_dn.bv_val, op->orr_newrdn.bv_val, 0);
179 op->o_bd->bd_info = (BackendInfo *) on->on_info;
180 send_ldap_error(op, rs, LDAP_INSUFFICIENT_ACCESS,
181 "user modification of overlay database not permitted");
184 if(!ov->config->glue) glue_parent(op);
185 return(SLAP_CB_CONTINUE);
189 ** translucent_delete()
190 ** if not bound as root, send ACCESS error;
191 ** else return CONTINUE;
195 static int translucent_delete(Operation *op, SlapReply *rs) {
196 slap_overinst *on = (slap_overinst *) op->o_bd->bd_info;
197 Debug(LDAP_DEBUG_TRACE, "==> translucent_delete: %s\n",
198 op->o_req_dn.bv_val, 0, 0);
200 op->o_bd->bd_info = (BackendInfo *) on->on_info;
201 send_ldap_error(op, rs, LDAP_INSUFFICIENT_ACCESS,
202 "user modification of overlay database not permitted");
205 return(SLAP_CB_CONTINUE);
209 translucent_tag_cb( Operation *op, SlapReply *rs )
211 op->o_tag = LDAP_REQ_MODIFY;
212 op->orm_modlist = op->o_callback->sc_private;
213 rs->sr_tag = slap_req2res( op->o_tag );
215 return SLAP_CB_CONTINUE;
219 ** translucent_modify()
220 ** modify in local backend if exists in both;
221 ** otherwise, add to local backend;
222 ** fail if not defined in captive backend;
226 static int translucent_modify(Operation *op, SlapReply *rs) {
227 SlapReply nrs = { REP_RESULT };
230 slap_overinst *on = (slap_overinst *) op->o_bd->bd_info;
231 overlay_stack *ov = on->on_bi.bi_private;
232 void *private = op->o_bd->be_private;
233 Entry ne, *e = NULL, *re = NULL;
235 Modifications *m, *mm;
236 int del, rc, erc = 0;
237 slap_callback cb = { 0 };
239 Debug(LDAP_DEBUG_TRACE, "==> translucent_modify: %s\n",
240 op->o_req_dn.bv_val, 0, 0);
243 ** fetch entry from the captive backend;
244 ** if it did not exist, fail;
245 ** release it, if captive backend supports this;
249 op->o_bd->bd_info = (BackendInfo *) on->on_info;
250 op->o_bd->be_private = ov->private;
251 rc = ov->info->bi_entry_get_rw(op, &op->o_req_ndn, NULL, NULL, 0, &re);
252 op->o_bd->be_private = private;
254 /* if(ov->config->no_add && (!re || rc != LDAP_SUCCESS)) */
255 if(rc != LDAP_SUCCESS || re == NULL ) {
256 send_ldap_error(op, rs, LDAP_NO_SUCH_OBJECT,
257 "attempt to modify nonexistent local record");
262 ** fetch entry from local backend;
264 ** foreach Modification:
265 ** if attr not present in local:
266 ** if Mod == LDAP_MOD_DELETE:
267 ** if remote attr not present, return NO_SUCH;
268 ** if remote attr present, drop this Mod;
269 ** else force this Mod to LDAP_MOD_ADD;
274 rc = be_entry_get_rw(op, &op->o_req_ndn, NULL, NULL, 0, &e);
276 if(e && rc == LDAP_SUCCESS) {
277 Debug(LDAP_DEBUG_TRACE, "=> translucent_modify: found local entry\n", 0, 0, 0);
278 for(m = op->orm_modlist; m; m = m->sml_next) {
279 for(a = e->e_attrs; a; a = a->a_next)
280 if(a->a_desc == m->sml_desc) break;
281 if(a) continue; /* found local attr */
282 if(m->sml_op == LDAP_MOD_DELETE) {
283 for(a = re->e_attrs; a; a = a->a_next)
284 if(a->a_desc == m->sml_desc) break;
285 /* not found remote attr */
287 erc = LDAP_NO_SUCH_ATTRIBUTE;
290 if(ov->config->strict) {
291 erc = LDAP_CONSTRAINT_VIOLATION;
294 Debug(LDAP_DEBUG_TRACE,
295 "=> translucent_modify: silently dropping delete: %s\n",
296 m->sml_desc->ad_cname.bv_val, 0, 0);
297 for(mm = op->orm_modlist; mm->sml_next != m; mm = mm->sml_next);
298 mm->sml_next = m->sml_next;
301 mm->sml_next = NULL; /* hack */
302 slap_mods_free(mm, 1);
305 m->sml_op = LDAP_MOD_ADD;
307 erc = SLAP_CB_CONTINUE;
310 op->o_bd->be_private = ov->private;
311 if(ov->info->bi_entry_release_rw)
312 ov->info->bi_entry_release_rw(op, re, 0);
315 op->o_bd->be_private = private;
317 be_entry_release_r(op, e);
318 if(erc == SLAP_CB_CONTINUE) {
319 op->o_bd->bd_info = (BackendInfo *) on;
322 send_ldap_error(op, rs, erc,
323 "attempt to delete nonexistent attribute");
328 /* don't leak remote entry copy */
330 op->o_bd->be_private = ov->private;
331 if(ov->info->bi_entry_release_rw)
332 ov->info->bi_entry_release_rw(op, re, 0);
335 op->o_bd->be_private = private;
338 ** foreach Modification:
339 ** if MOD_ADD or MOD_REPLACE, add Attribute;
340 ** if no Modifications were suitable:
341 ** if config.strict, throw CONSTRAINT_VIOLATION;
342 ** else, return early SUCCESS;
343 ** fabricate Entry with new Attribute chain;
344 ** glue_parent() for this Entry;
345 ** call bi_op_add() in local backend;
349 Debug(LDAP_DEBUG_TRACE, "=> translucent_modify: fabricating local add\n", 0, 0, 0);
351 for(del = 0, ax = NULL, m = op->orm_modlist; m; m = m->sml_next) {
352 if(((m->sml_op & LDAP_MOD_OP) != LDAP_MOD_ADD) &&
353 ((m->sml_op & LDAP_MOD_OP) != LDAP_MOD_REPLACE)) {
354 Debug(LDAP_DEBUG_ANY,
355 "=> translucent_modify: silently dropped modification(%d): %s\n",
356 m->sml_op, m->sml_desc->ad_cname.bv_val, 0);
357 if((m->sml_op & LDAP_MOD_OP) == LDAP_MOD_DELETE) del++;
360 a = ch_calloc(1, sizeof(Attribute));
361 a->a_desc = m->sml_desc;
362 a->a_vals = m->sml_values;
363 a->a_nvals = m->sml_nvalues;
368 if(del && ov->config->strict) {
370 send_ldap_error(op, rs, LDAP_CONSTRAINT_VIOLATION,
371 "attempt to delete attributes from local database");
376 if(ov->config->strict) {
377 send_ldap_error(op, rs, LDAP_CONSTRAINT_VIOLATION,
378 "modification contained other than ADD or REPLACE");
381 op->o_bd->bd_info = (BackendInfo *) on;
382 /* rs->sr_text = "no valid modification found"; */
383 rs->sr_err = LDAP_SUCCESS;
384 send_ldap_result(op, rs);
389 ne.e_name = op->o_req_dn;
390 ne.e_nname = op->o_req_ndn;
394 ne.e_bv.bv_val = NULL;
397 nop.o_tag = LDAP_REQ_ADD;
398 nop.oq_add.rs_e = ≠
400 op->o_bd->bd_info = (BackendInfo *) on;
403 cb.sc_response = translucent_tag_cb;
404 cb.sc_private = op->orm_modlist;
405 cb.sc_next = nop.o_callback;
406 nop.o_callback = &cb;
407 rc = on->on_info->oi_orig->bi_op_add(&nop, &nrs);
413 static int translucent_compare(Operation *op, SlapReply *rs) {
414 slap_overinst *on = (slap_overinst *) op->o_bd->bd_info;
415 overlay_stack *ov = on->on_bi.bi_private;
416 void *private = op->o_bd->be_private;
418 AttributeAssertion *ava = op->orc_ava;
422 Debug(LDAP_DEBUG_TRACE, "==> translucent_compare: <%s> %s:%s\n",
423 op->o_req_dn.bv_val, ava->aa_desc->ad_cname.bv_val, ava->aa_value.bv_val);
426 ** if the local backend has an entry for this attribute:
427 ** CONTINUE and let it do the compare;
431 op->o_bd->bd_info = (BackendInfo *) on->on_info;
432 rc = be_entry_get_rw(op, &op->o_req_ndn, NULL, ava->aa_desc, 0, &e);
433 if(e && rc == LDAP_SUCCESS) {
434 be_entry_release_r(op, e);
435 op->o_bd->bd_info = (BackendInfo *) on;
436 return(SLAP_CB_CONTINUE);
440 ** call compare() in the captive backend;
441 ** return the result;
445 op->o_bd->be_private = ov->private;
446 rc = ov->info->bi_op_compare(op, rs);
447 op->o_bd->be_private = private;
448 op->o_bd->bd_info = (BackendInfo *) on;
453 ** translucent_search_cb()
454 ** merge local data with the search result
458 static int translucent_search_cb(Operation *op, SlapReply *rs) {
460 Entry *e, *re = NULL;
461 Attribute *a, *ax, *an, *as = NULL;
465 if(!op || !rs || rs->sr_type != REP_SEARCH || !rs->sr_entry)
466 return(SLAP_CB_CONTINUE);
468 Debug(LDAP_DEBUG_TRACE, "==> tranclucent_search_cb: %s\n",
469 rs->sr_entry->e_name.bv_val, 0, 0);
471 on = (slap_overinst *) op->o_bd->bd_info;
472 op->o_bd->bd_info = (BackendInfo *) on->on_info;
474 private = op->o_bd->be_private;
475 op->o_bd->be_private = op->o_callback->sc_private;
477 rc = be_entry_get_rw(op, &rs->sr_entry->e_nname, NULL, NULL, 0, &e);
480 ** if we got an entry from local backend:
481 ** make a copy of this search result;
482 ** foreach local attr:
483 ** foreach search result attr:
484 ** if match, result attr with local attr;
485 ** if new local, add to list;
486 ** append new local attrs to search result;
490 if(e && rc == LDAP_SUCCESS) {
491 re = entry_dup(rs->sr_entry);
492 for(ax = e->e_attrs; ax; ax = ax->a_next) {
494 if(is_at_operational(ax->a_desc->ad_type)) continue;
496 for(a = re->e_attrs; a; a = a->a_next) {
497 if(a->a_desc == ax->a_desc) {
498 if(a->a_vals != a->a_nvals)
499 ber_bvarray_free(a->a_nvals);
500 ber_bvarray_free(a->a_vals);
501 a->a_vals = dup_bervarray(ax->a_vals);
502 a->a_nvals = (ax->a_vals == ax->a_nvals) ?
503 a->a_vals : dup_bervarray(ax->a_nvals);
512 be_entry_release_r(op, e);
514 /* literally append, so locals are always last */
517 for(ax = re->e_attrs; ax->a_next; ax = ax->a_next);
524 rs->sr_flags |= REP_ENTRY_MUSTBEFREED;
527 op->o_bd->be_private = private;
528 op->o_bd->bd_info = (BackendInfo *) on;
530 return(SLAP_CB_CONTINUE);
534 ** translucent_search()
535 ** search via captive backend;
536 ** override results with any local data;
540 static int translucent_search(Operation *op, SlapReply *rs) {
543 slap_overinst *on = (slap_overinst *) op->o_bd->bd_info;
544 slap_callback cb = { NULL, NULL, NULL, NULL };
545 overlay_stack *ov = on->on_bi.bi_private;
546 void *private = op->o_bd->be_private;
549 Debug(LDAP_DEBUG_TRACE, "==> translucent_search: <%s> %s\n",
550 op->o_req_dn.bv_val, op->ors_filterstr.bv_val, 0);
551 cb.sc_response = (slap_response *) translucent_search_cb;
552 cb.sc_private = private;
554 cb.sc_next = nop.o_callback;
555 nop.o_callback = &cb;
557 op->o_bd->be_private = ov->private;
558 rc = ov->info->bi_op_search(&nop, rs);
559 op->o_bd->be_private = private;
566 ** translucent_bind()
567 ** pass bind request to captive backend;
571 static int translucent_bind(Operation *op, SlapReply *rs) {
572 slap_overinst *on = (slap_overinst *) op->o_bd->bd_info;
573 overlay_stack *ov = on->on_bi.bi_private;
574 void *private = op->o_bd->be_private;
577 Debug(LDAP_DEBUG_TRACE, "translucent_bind: <%s> method %d\n",
578 op->o_req_dn.bv_val, op->orb_method, 0);
580 op->o_bd->be_private = ov->private;
581 rc = ov->info->bi_op_bind(op, rs);
582 op->o_bd->be_private = private;
588 ** translucent_connection_destroy()
589 ** pass disconnect notification to captive backend;
593 static int translucent_connection_destroy(BackendDB *be, Connection *conn) {
594 slap_overinst *on = (slap_overinst *) be->bd_info;
595 overlay_stack *ov = on->on_bi.bi_private;
596 void *private = be->be_private;
599 Debug(LDAP_DEBUG_TRACE, "translucent_connection_destroy\n", 0, 0, 0);
601 be->be_private = ov->private;
602 rc = ov->info->bi_connection_destroy(be, conn);
603 be->be_private = private;
609 ** translucent_db_config()
610 ** pass config directives to captive backend;
611 ** parse unrecognized directives ourselves;
615 static int translucent_db_config(
623 slap_overinst *on = (slap_overinst *) be->bd_info;
624 overlay_stack *ov = on->on_bi.bi_private;
625 void *private = be->be_private;
626 void *be_cf_ocs = be->be_cf_ocs;
629 /* "this should never happen" */
631 fprintf(stderr, "fatal: captive backend not initialized");
635 be->be_private = ov->private;
636 be->be_cf_ocs = ov->info->bi_cf_ocs;
637 rc = ov->info->bi_db_config ? ov->info->bi_db_config(be, fname, lineno, argc, argv) : 0;
638 be->be_private = private;
639 be->be_cf_ocs = be_cf_ocs;
641 /* pass okay or error up, SLAP_CONF_UNKNOWN might be ours */
642 if(rc == 0 || rc == 1) return(rc);
645 if(!strcasecmp(*argv, "translucent_strict")) {
646 ov->config->strict++;
647 } else if(!strcasecmp(*argv, "translucent_no_add")) {
648 ov->config->no_add++;
649 } else if(!strcasecmp(*argv, "translucent_no_glue")) {
651 } else if(!strcasecmp(*argv, "translucent_debug")) {
653 ov->config->debug = 0xFFFF;
655 } else if(argc == 2) {
656 if ( lutil_atoi( &ov->config->debug, argv[1]) != 0 ) {
657 fprintf(stderr, "%s: line %d: unable to parse debug \"%s\"\n",
658 fname, lineno, argv[1]);
663 fprintf(stderr, "%s: line %d: too many arguments (%d) to debug\n",
664 fname, lineno, argc);
668 fprintf(stderr, "%s: line %d: unknown keyword %s\n",
669 fname, lineno, *argv);
670 rc = SLAP_CONF_UNKNOWN;
676 ** translucent_db_init()
677 ** initialize the captive backend;
681 static int translucent_db_init(BackendDB *be) {
682 slap_overinst *on = (slap_overinst *) be->bd_info;
683 void *private = be->be_private;
687 Debug(LDAP_DEBUG_TRACE, "==> translucent_init\n", 0, 0, 0);
689 ov = ch_calloc(1, sizeof(overlay_stack));
690 ov->config = ch_calloc(1, sizeof(translucent_configuration));
691 ov->info = backend_info("ldap");
695 Debug(LDAP_DEBUG_ANY, "translucent: backend_info failed!\n", 0, 0, 0);
699 /* forcibly disable schema checking on the local backend */
700 SLAP_DBFLAGS(be) |= SLAP_DBFLAG_NO_SCHEMA_CHECK;
702 be->be_private = NULL;
703 rc = ov->info->bi_db_init ? ov->info->bi_db_init(be) : 0;
705 if(rc) Debug(LDAP_DEBUG_TRACE,
706 "translucent: bi_db_init() returned error %d\n", rc, 0, 0);
708 ov->private = be->be_private;
709 be->be_private = private;
710 on->on_bi.bi_private = ov;
715 ** translucent_db_open()
716 ** if the captive backend has an open() method, call it;
720 static int translucent_db_open(BackendDB *be) {
721 slap_overinst *on = (slap_overinst *) be->bd_info;
722 overlay_stack *ov = on->on_bi.bi_private;
723 void *private = be->be_private;
726 /* "should never happen" */
728 Debug(LDAP_DEBUG_ANY, "translucent_open() called with bad ov->info\n", 0, 0, 0);
732 Debug(LDAP_DEBUG_TRACE, "translucent_open\n", 0, 0, 0);
734 be->be_private = ov->private;
735 rc = ov->info->bi_db_open ? ov->info->bi_db_open(be) : 0;
736 be->be_private = private;
738 if(rc) Debug(LDAP_DEBUG_TRACE,
739 "translucent: bi_db_open() returned error %d\n", rc, 0, 0);
745 ** translucent_db_close()
746 ** if the captive backend has a close() method, call it;
747 ** free any config data;
751 static int translucent_db_close(BackendDB *be) {
752 slap_overinst *on = (slap_overinst *) be->bd_info;
753 overlay_stack *ov = on->on_bi.bi_private;
757 void *private = be->be_private;
759 be->be_private = ov->private;
760 rc = (ov->info && ov->info->bi_db_close) ? ov->info->bi_db_close(be) : 0;
761 be->be_private = private;
762 if(ov->config) ch_free(ov->config);
770 ** translucent_db_destroy()
771 ** if the captive backend has a db_destroy() method, call it
775 static int translucent_db_destroy(BackendDB *be) {
776 slap_overinst *on = (slap_overinst *) be->bd_info;
777 overlay_stack *ov = on->on_bi.bi_private;
781 void *private = be->be_private;
783 be->be_private = ov->private;
784 rc = (ov->info && ov->info->bi_db_destroy) ? ov->info->bi_db_destroy(be) : 0;
785 be->be_private = private;
787 on->on_bi.bi_private = NULL;
794 ** translucent_initialize()
795 ** initialize the slap_overinst with our entry points;
799 int translucent_initialize() {
801 translucent.on_bi.bi_type = "translucent";
802 translucent.on_bi.bi_db_init = translucent_db_init;
803 translucent.on_bi.bi_db_config = translucent_db_config;
804 translucent.on_bi.bi_db_open = translucent_db_open;
805 translucent.on_bi.bi_db_close = translucent_db_close;
806 translucent.on_bi.bi_db_destroy = translucent_db_destroy;
807 translucent.on_bi.bi_op_bind = translucent_bind;
808 translucent.on_bi.bi_op_add = translucent_add;
809 translucent.on_bi.bi_op_modify = translucent_modify;
810 translucent.on_bi.bi_op_modrdn = translucent_modrdn;
811 translucent.on_bi.bi_op_delete = translucent_delete;
812 translucent.on_bi.bi_op_search = translucent_search;
813 translucent.on_bi.bi_op_compare = translucent_compare;
814 translucent.on_bi.bi_connection_destroy = translucent_connection_destroy;
816 return(overlay_register(&translucent));
819 #if SLAPD_OVER_TRANSLUCENT == SLAPD_MOD_DYNAMIC && defined(PIC)
820 int init_module(int argc, char *argv[]) {
821 return translucent_initialize();
825 #endif /* SLAPD_OVER_TRANSLUCENT */