X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=servers%2Fslapd%2Fbackover.c;h=3ffd18828508066aff7add1f0da3246b26808a82;hb=672f8ef3f39ed6008c1ff267847e32de59c5eeaf;hp=43299c1e0689019dbc1150401ee681e142892c66;hpb=0fe40e4ebdf0f1be5e96c5b7ad445bd2ec58d157;p=openldap diff --git a/servers/slapd/backover.c b/servers/slapd/backover.c index 43299c1e06..3ffd188285 100644 --- a/servers/slapd/backover.c +++ b/servers/slapd/backover.c @@ -2,7 +2,7 @@ /* $OpenLDAP$ */ /* This work is part of OpenLDAP Software . * - * Copyright 2003-2004 The OpenLDAP Foundation. + * Copyright 2003-2006 The OpenLDAP Foundation. * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -25,10 +25,16 @@ #define SLAPD_TOOLS #include "slap.h" +#include "config.h" static slap_overinst *overlays; -enum db_which { db_open = 0, db_close, db_destroy }; +enum db_which { + db_open = 0, + db_close, + db_destroy, + db_last +}; static int over_db_func( @@ -71,10 +77,13 @@ over_db_config( slap_overinfo *oi = be->bd_info->bi_private; slap_overinst *on = oi->oi_list; BackendInfo *bi_orig = be->bd_info; + struct ConfigOCs *be_cf_ocs = be->be_cf_ocs; + ConfigArgs ca = {0}; int rc = 0; if ( oi->oi_orig->bi_db_config ) { be->bd_info = oi->oi_orig; + be->be_cf_ocs = oi->oi_orig->bi_cf_ocs; rc = oi->oi_orig->bi_db_config( be, fname, lineno, argc, argv ); @@ -123,8 +132,27 @@ over_db_config( if ( rc != SLAP_CONF_UNKNOWN ) return rc; } + ca.argv = argv; + ca.argc = argc; + ca.fname = fname; + ca.lineno = lineno; + ca.be = be; + snprintf( ca.log, sizeof( ca.log ), "%s: line %d", + ca.fname, ca.lineno ); + for (; on; on=on->on_next) { - if (on->on_bi.bi_db_config) { + rc = SLAP_CONF_UNKNOWN; + if (on->on_bi.bi_cf_ocs) { + ConfigTable *ct; + ca.bi = &on->on_bi; + ct = config_find_keyword( on->on_bi.bi_cf_ocs->co_table, &ca ); + if ( ct ) { + rc = config_add_vals( ct, &ca ); + if ( rc != SLAP_CONF_UNKNOWN ) + break; + } + } + if (on->on_bi.bi_db_config && rc == SLAP_CONF_UNKNOWN) { be->bd_info = &on->on_bi; rc = on->on_bi.bi_db_config( be, fname, lineno, argc, argv ); @@ -132,6 +160,8 @@ over_db_config( } } be->bd_info = bi_orig; + be->be_cf_ocs = be_cf_ocs; + return rc; } @@ -180,10 +210,13 @@ over_db_destroy( rc = over_db_func( be, db_destroy ); - for (next = on->on_next; on; on=next) { - next = on->on_next; - free( on ); + if ( on ) { + for (next = on->on_next; on; on=next) { + next = on->on_next; + free( on ); + } } + free( oi ); return rc; } @@ -209,32 +242,226 @@ over_back_response ( Operation *op, SlapReply *rs ) return rc; } -enum op_which { - op_bind = 0, - op_unbind, - op_search, - op_compare, - op_modify, - op_modrdn, - op_add, - op_delete, - op_abandon, - op_cancel, - op_extended, - op_aux_operational, - op_aux_chk_referrals, - op_last -}; +static int +over_access_allowed( + Operation *op, + Entry *e, + AttributeDescription *desc, + struct berval *val, + slap_access_t access, + AccessControlState *state, + slap_mask_t *maskp ) +{ + slap_overinfo *oi; + slap_overinst *on; + BackendInfo *bi; + BackendDB *be = op->o_bd, db; + int rc = SLAP_CB_CONTINUE; + + /* FIXME: used to happen for instance during abandon + * when global overlays are used... */ + assert( op->o_bd != NULL ); + + bi = op->o_bd->bd_info; + /* Were we invoked on the frontend? */ + if ( !bi->bi_access_allowed ) { + oi = frontendDB->bd_info->bi_private; + } else { + oi = op->o_bd->bd_info->bi_private; + } + on = oi->oi_list; + + for ( ; on; on = on->on_next ) { + if ( on->on_bi.bi_access_allowed ) { + /* NOTE: do not copy the structure until required */ + if ( !SLAP_ISOVERLAY( op->o_bd ) ) { + db = *op->o_bd; + db.be_flags |= SLAP_DBFLAG_OVERLAY; + op->o_bd = &db; + } + + op->o_bd->bd_info = (BackendInfo *)on; + rc = on->on_bi.bi_access_allowed( op, e, + desc, val, access, state, maskp ); + if ( rc != SLAP_CB_CONTINUE ) break; + } + } + + if ( rc == SLAP_CB_CONTINUE ) { + BI_access_allowed *bi_access_allowed; + + /* if the database structure was changed, o_bd points to a + * copy of the structure; put the original bd_info in place */ + if ( SLAP_ISOVERLAY( op->o_bd ) ) { + op->o_bd->bd_info = oi->oi_orig; + } + + if ( oi->oi_orig->bi_access_allowed ) { + bi_access_allowed = oi->oi_orig->bi_access_allowed; + } else { + bi_access_allowed = slap_access_allowed; + } + + rc = bi_access_allowed( op, e, + desc, val, access, state, maskp ); + } + /* should not fall thru this far without anything happening... */ + if ( rc == SLAP_CB_CONTINUE ) { + /* access not allowed */ + rc = 0; + } + + op->o_bd = be; + op->o_bd->bd_info = bi; + + return rc; +} + +static int +over_acl_group( + Operation *op, + Entry *e, + struct berval *gr_ndn, + struct berval *op_ndn, + ObjectClass *group_oc, + AttributeDescription *group_at ) +{ + slap_overinfo *oi; + slap_overinst *on; + BackendInfo *bi = op->o_bd->bd_info; + BackendDB *be = op->o_bd, db; + int rc = SLAP_CB_CONTINUE; + + /* FIXME: used to happen for instance during abandon + * when global overlays are used... */ + assert( op->o_bd != NULL ); + + oi = op->o_bd->bd_info->bi_private; + on = oi->oi_list; + + for ( ; on; on = on->on_next ) { + if ( on->on_bi.bi_acl_group ) { + /* NOTE: do not copy the structure until required */ + if ( !SLAP_ISOVERLAY( op->o_bd ) ) { + db = *op->o_bd; + db.be_flags |= SLAP_DBFLAG_OVERLAY; + op->o_bd = &db; + } + + op->o_bd->bd_info = (BackendInfo *)on; + rc = on->on_bi.bi_acl_group( op, e, + gr_ndn, op_ndn, group_oc, group_at ); + if ( rc != SLAP_CB_CONTINUE ) break; + } + } + + if ( rc == SLAP_CB_CONTINUE ) { + BI_acl_group *bi_acl_group; + + /* if the database structure was changed, o_bd points to a + * copy of the structure; put the original bd_info in place */ + if ( SLAP_ISOVERLAY( op->o_bd ) ) { + op->o_bd->bd_info = oi->oi_orig; + } + + if ( oi->oi_orig->bi_acl_group ) { + bi_acl_group = oi->oi_orig->bi_acl_group; + } else { + bi_acl_group = backend_group; + } + + rc = bi_acl_group( op, e, + gr_ndn, op_ndn, group_oc, group_at ); + } + /* should not fall thru this far without anything happening... */ + if ( rc == SLAP_CB_CONTINUE ) { + /* access not allowed */ + rc = 0; + } + + op->o_bd = be; + op->o_bd->bd_info = bi; + + return rc; +} + +static int +over_acl_attribute( + Operation *op, + Entry *target, + struct berval *entry_ndn, + AttributeDescription *entry_at, + BerVarray *vals, + slap_access_t access ) +{ + slap_overinfo *oi; + slap_overinst *on; + BackendInfo *bi = op->o_bd->bd_info; + BackendDB *be = op->o_bd, db; + int rc = SLAP_CB_CONTINUE; + + /* FIXME: used to happen for instance during abandon + * when global overlays are used... */ + assert( op->o_bd != NULL ); + + oi = op->o_bd->bd_info->bi_private; + on = oi->oi_list; + + for ( ; on; on = on->on_next ) { + if ( on->on_bi.bi_acl_attribute ) { + /* NOTE: do not copy the structure until required */ + if ( !SLAP_ISOVERLAY( op->o_bd ) ) { + db = *op->o_bd; + db.be_flags |= SLAP_DBFLAG_OVERLAY; + op->o_bd = &db; + } + + op->o_bd->bd_info = (BackendInfo *)on; + rc = on->on_bi.bi_acl_attribute( op, target, + entry_ndn, entry_at, vals, access ); + if ( rc != SLAP_CB_CONTINUE ) break; + } + } + + if ( rc == SLAP_CB_CONTINUE ) { + BI_acl_attribute *bi_acl_attribute; + + /* if the database structure was changed, o_bd points to a + * copy of the structure; put the original bd_info in place */ + if ( SLAP_ISOVERLAY( op->o_bd ) ) { + op->o_bd->bd_info = oi->oi_orig; + } + + if ( oi->oi_orig->bi_acl_attribute ) { + bi_acl_attribute = oi->oi_orig->bi_acl_attribute; + } else { + bi_acl_attribute = backend_attribute; + } + + rc = bi_acl_attribute( op, target, + entry_ndn, entry_at, vals, access ); + } + /* should not fall thru this far without anything happening... */ + if ( rc == SLAP_CB_CONTINUE ) { + /* access not allowed */ + rc = 0; + } + + op->o_bd = be; + op->o_bd->bd_info = bi; + + return rc; +} /* * default return code in case of missing backend function * and overlay stack returning SLAP_CB_CONTINUE */ -static int op_rc[] = { +static int op_rc[ op_last ] = { LDAP_UNWILLING_TO_PERFORM, /* bind */ LDAP_UNWILLING_TO_PERFORM, /* unbind */ LDAP_UNWILLING_TO_PERFORM, /* search */ - LDAP_UNWILLING_TO_PERFORM, /* compare */ + SLAP_CB_CONTINUE, /* compare; pass to frontend */ LDAP_UNWILLING_TO_PERFORM, /* modify */ LDAP_UNWILLING_TO_PERFORM, /* modrdn */ LDAP_UNWILLING_TO_PERFORM, /* add */ @@ -243,27 +470,72 @@ static int op_rc[] = { LDAP_UNWILLING_TO_PERFORM, /* cancel */ LDAP_UNWILLING_TO_PERFORM, /* extended */ LDAP_SUCCESS, /* aux_operational */ - LDAP_SUCCESS /* aux_chk_referrals */ + LDAP_SUCCESS, /* aux_chk_referrals */ + SLAP_CB_CONTINUE /* aux_chk_controls; pass to frontend */ }; +int overlay_op_walk( + Operation *op, + SlapReply *rs, + slap_operation_t which, + slap_overinfo *oi, + slap_overinst *on +) +{ + BI_op_bind **func; + int rc = SLAP_CB_CONTINUE; + + for (; on; on=on->on_next ) { + func = &on->on_bi.bi_op_bind; + if ( func[which] ) { + op->o_bd->bd_info = (BackendInfo *)on; + rc = func[which]( op, rs ); + if ( rc != SLAP_CB_CONTINUE ) break; + } + } + + func = &oi->oi_orig->bi_op_bind; + if ( func[which] && rc == SLAP_CB_CONTINUE ) { + op->o_bd->bd_info = oi->oi_orig; + rc = func[which]( op, rs ); + } + /* should not fall thru this far without anything happening... */ + if ( rc == SLAP_CB_CONTINUE ) { + rc = op_rc[ which ]; + } + + /* The underlying backend didn't handle the request, make sure + * overlay cleanup is processed. + */ + if ( rc == LDAP_UNWILLING_TO_PERFORM ) { + slap_callback *sc_next; + for ( ; op->o_callback && op->o_callback->sc_response != + over_back_response; op->o_callback = sc_next ) { + sc_next = op->o_callback->sc_next; + if ( op->o_callback->sc_cleanup ) { + op->o_callback->sc_cleanup( op, rs ); + } + } + } + return rc; +} + static int over_op_func( Operation *op, SlapReply *rs, - enum op_which which + slap_operation_t which ) { slap_overinfo *oi; slap_overinst *on; - BI_op_bind **func; BackendDB *be = op->o_bd, db; slap_callback cb = {NULL, over_back_response, NULL, NULL}; int rc = SLAP_CB_CONTINUE; - if ( op->o_bd == NULL ) { - /* FIXME: happens for instance during abandon... */ - return 0; - } + /* FIXME: used to happen for instance during abandon + * when global overlays are used... */ + assert( op->o_bd != NULL ); oi = op->o_bd->bd_info->bi_private; on = oi->oi_list; @@ -277,24 +549,8 @@ over_op_func( cb.sc_private = oi; op->o_callback = &cb; - for (; on; on=on->on_next ) { - func = &on->on_bi.bi_op_bind; - if ( func[which] ) { - db.bd_info = (BackendInfo *)on; - rc = func[which]( op, rs ); - if ( rc != SLAP_CB_CONTINUE ) break; - } - } + rc = overlay_op_walk( op, rs, which, oi, on ); - func = &oi->oi_orig->bi_op_bind; - if ( func[which] && rc == SLAP_CB_CONTINUE ) { - db.bd_info = oi->oi_orig; - rc = func[which]( op, rs ); - } - /* should not fall thru this far without anything happening... */ - if ( rc == SLAP_CB_CONTINUE ) { - rc = op_rc[ which ]; - } op->o_bd = be; op->o_callback = cb.sc_next; return rc; @@ -378,11 +634,152 @@ over_aux_chk_referrals( Operation *op, SlapReply *rs ) return over_op_func( op, rs, op_aux_chk_referrals ); } +static int +over_aux_chk_controls( Operation *op, SlapReply *rs ) +{ + return over_op_func( op, rs, op_aux_chk_controls ); +} + +enum conn_which { + conn_init = 0, + conn_destroy, + conn_last +}; + +static int +over_connection_func( + BackendDB *bd, + Connection *conn, + enum conn_which which +) +{ + slap_overinfo *oi; + slap_overinst *on; + BackendDB db; + int rc = SLAP_CB_CONTINUE; + BI_connection_init **func; + + /* FIXME: used to happen for instance during abandon + * when global overlays are used... */ + assert( bd != NULL ); + + oi = bd->bd_info->bi_private; + on = oi->oi_list; + + if ( !SLAP_ISOVERLAY( bd ) ) { + db = *bd; + db.be_flags |= SLAP_DBFLAG_OVERLAY; + bd = &db; + } + + for ( ; on; on = on->on_next ) { + func = &on->on_bi.bi_connection_init; + if ( func[ which ] ) { + bd->bd_info = (BackendInfo *)on; + rc = func[ which ]( bd, conn ); + if ( rc != SLAP_CB_CONTINUE ) break; + } + } + + func = &oi->oi_orig->bi_connection_init; + if ( func[ which ] && rc == SLAP_CB_CONTINUE ) { + bd->bd_info = oi->oi_orig; + rc = func[ which ]( bd, conn ); + } + /* should not fall thru this far without anything happening... */ + if ( rc == SLAP_CB_CONTINUE ) { + rc = LDAP_UNWILLING_TO_PERFORM; + } + + return rc; +} + +static int +over_connection_init( + BackendDB *bd, + Connection *conn +) +{ + return over_connection_func( bd, conn, conn_init ); +} + +static int +over_connection_destroy( + BackendDB *bd, + Connection *conn +) +{ + return over_connection_func( bd, conn, conn_destroy ); +} + int overlay_register( slap_overinst *on ) { + slap_overinst *tmp; + + /* FIXME: check for duplicates? */ + for ( tmp = overlays; tmp != NULL; tmp = tmp->on_next ) { + if ( strcmp( on->on_bi.bi_type, tmp->on_bi.bi_type ) == 0 ) { + Debug( LDAP_DEBUG_ANY, + "overlay_register(\"%s\"): " + "name already in use.\n", + on->on_bi.bi_type, 0, 0 ); + return -1; + } + + if ( on->on_bi.bi_obsolete_names != NULL ) { + int i; + + for ( i = 0; on->on_bi.bi_obsolete_names[ i ] != NULL; i++ ) { + if ( strcmp( on->on_bi.bi_obsolete_names[ i ], tmp->on_bi.bi_type ) == 0 ) { + Debug( LDAP_DEBUG_ANY, + "overlay_register(\"%s\"): " + "obsolete name \"%s\" already in use " + "by overlay \"%s\".\n", + on->on_bi.bi_type, + on->on_bi.bi_obsolete_names[ i ], + tmp->on_bi.bi_type ); + return -1; + } + } + } + + if ( tmp->on_bi.bi_obsolete_names != NULL ) { + int i; + + for ( i = 0; tmp->on_bi.bi_obsolete_names[ i ] != NULL; i++ ) { + int j; + + if ( strcmp( on->on_bi.bi_type, tmp->on_bi.bi_obsolete_names[ i ] ) == 0 ) { + Debug( LDAP_DEBUG_ANY, + "overlay_register(\"%s\"): " + "name already in use " + "as obsolete by overlay \"%s\".\n", + on->on_bi.bi_type, + tmp->on_bi.bi_obsolete_names[ i ], 0 ); + return -1; + } + + if ( on->on_bi.bi_obsolete_names != NULL ) { + for ( j = 0; on->on_bi.bi_obsolete_names[ j ] != NULL; j++ ) { + if ( strcmp( on->on_bi.bi_obsolete_names[ j ], tmp->on_bi.bi_obsolete_names[ i ] ) == 0 ) { + Debug( LDAP_DEBUG_ANY, + "overlay_register(\"%s\"): " + "obsolete name \"%s\" already in use " + "as obsolete by overlay \"%s\".\n", + on->on_bi.bi_type, + on->on_bi.bi_obsolete_names[ j ], + tmp->on_bi.bi_type ); + return -1; + } + } + } + } + } + } + on->on_next = overlays; overlays = on; return 0; @@ -390,8 +787,8 @@ overlay_register( /* * iterator on registered overlays; overlay_next( NULL ) returns the first - * overlay; * subsequent calls with the previously returned value allow to - * iterate * over the entire list; returns NULL when no more overlays are + * overlay; subsequent calls with the previously returned value allow to + * iterate over the entire list; returns NULL when no more overlays are * registered. */ @@ -417,14 +814,30 @@ overlay_find( const char *over_type ) { slap_overinst *on = overlays; - assert( over_type ); + assert( over_type != NULL ); for ( ; on; on = on->on_next ) { if ( strcmp( on->on_bi.bi_type, over_type ) == 0 ) { - break; + goto foundit; + } + + if ( on->on_bi.bi_obsolete_names != NULL ) { + int i; + + for ( i = 0; on->on_bi.bi_obsolete_names[ i ] != NULL; i++ ) { + if ( strcmp( on->on_bi.bi_obsolete_names[ i ], over_type ) == 0 ) { + Debug( LDAP_DEBUG_ANY, + "overlay_find(\"%s\"): " + "obsolete name for \"%s\".\n", + on->on_bi.bi_obsolete_names[ i ], + on->on_bi.bi_type, 0 ); + goto foundit; + } + } } } +foundit:; return on; } @@ -452,7 +865,7 @@ overlay_is_inst( BackendDB *be, const char *over_type ) { slap_overinst *on; - assert( be ); + assert( be != NULL ); if ( !overlay_is_over( be ) ) { return 0; @@ -468,6 +881,60 @@ overlay_is_inst( BackendDB *be, const char *over_type ) return 0; } +int +overlay_register_control( BackendDB *be, const char *oid ) +{ + int gotit = 0; + int cid; + + if ( slap_find_control_id( oid, &cid ) == LDAP_CONTROL_NOT_FOUND ) { + return -1; + } + + if ( SLAP_ISGLOBALOVERLAY( be ) ) { + BackendDB *bd; + + /* add to all backends... */ + LDAP_STAILQ_FOREACH( bd, &backendDB, be_next ) { + if ( be == bd ) { + gotit = 1; + } + + bd->be_ctrls[ cid ] = 1; + bd->be_ctrls[ SLAP_MAX_CIDS ] = 1; + } + + } + + if ( !gotit ) { + be->be_ctrls[ cid ] = 1; + be->be_ctrls[ SLAP_MAX_CIDS ] = 1; + } + + return 0; +} + +void +overlay_destroy_one( BackendDB *be, slap_overinst *on ) +{ + slap_overinfo *oi = on->on_info; + slap_overinst **oidx; + + for ( oidx = &oi->oi_list; *oidx; oidx = &(*oidx)->on_next ) { + if ( *oidx == on ) { + *oidx = on->on_next; + if ( on->on_bi.bi_db_destroy ) { + BackendInfo *bi_orig = be->bd_info; + be->bd_info = (BackendInfo *)on; + on->on_bi.bi_db_destroy( be ); + be->bd_info = bi_orig; + } + free( on ); + break; + } + } +} + /* add an overlay to a particular backend. */ int overlay_config( BackendDB *be, const char *ov ) @@ -486,9 +953,35 @@ overlay_config( BackendDB *be, const char *ov ) * overlay info structure */ if ( !overlay_is_over( be ) ) { + int isglobal = 0; + + /* NOTE: the first time a global overlay is configured, + * frontendDB gets this flag; it is used later by overlays + * to determine if they're stacked on top of the frontendDB */ + if ( be->bd_info == frontendDB->bd_info || SLAP_ISGLOBALOVERLAY( be ) ) { + isglobal = 1; + if ( on->on_bi.bi_flags & SLAPO_BFLAG_DBONLY ) { + Debug( LDAP_DEBUG_ANY, "overlay_config(): " + "overlay \"%s\" cannot be global.\n", + ov, 0, 0 ); + return 1; + } + + } else if ( on->on_bi.bi_flags & SLAPO_BFLAG_GLOBONLY ) { + Debug( LDAP_DEBUG_ANY, "overlay_config(): " + "overlay \"%s\" can only be global.\n", + ov, 0, 0 ); + return 1; + } + oi = ch_malloc( sizeof( slap_overinfo ) ); oi->oi_orig = be->bd_info; oi->oi_bi = *be->bd_info; + oi->oi_origdb = be; + + if ( isglobal ) { + SLAP_DBFLAGS( be ) |= SLAP_DBFLAG_GLOBAL_OVERLAY; + } /* Save a pointer to ourself in bi_private. */ @@ -524,14 +1017,26 @@ overlay_config( BackendDB *be, const char *ov ) */ bi->bi_operational = over_aux_operational; bi->bi_chk_referrals = over_aux_chk_referrals; + bi->bi_chk_controls = over_aux_chk_controls; + + /* these have specific arglists */ + bi->bi_access_allowed = over_access_allowed; + bi->bi_acl_group = over_acl_group; + bi->bi_acl_attribute = over_acl_attribute; + + bi->bi_connection_init = over_connection_init; + bi->bi_connection_destroy = over_connection_destroy; be->bd_info = bi; } else { if ( overlay_is_inst( be, ov ) ) { Debug( LDAP_DEBUG_ANY, "overlay_config(): " - "warning, overlay \"%s\" " - "already in list\n", ov, 0, 0 ); + "overlay \"%s\" already in list\n", + ov, 0, 0 ); + if ( SLAPO_SINGLE( be ) ) { + return 1; + } } oi = be->bd_info->bi_private; @@ -548,9 +1053,15 @@ overlay_config( BackendDB *be, const char *ov ) /* Any initialization needed? */ if ( on->on_bi.bi_db_init ) { + int rc; be->bd_info = (BackendInfo *)on2; - on2->on_bi.bi_db_init( be ); + rc = on2->on_bi.bi_db_init( be ); be->bd_info = (BackendInfo *)oi; + if ( rc ) { + oi->oi_list = on2->on_next; + ch_free( on2 ); + return rc; + } } return 0;