X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=servers%2Fslapd%2Foverlays%2Ftranslucent.c;h=92d9a211517b2f9d65ac73a18a5624b37edee06c;hb=8bdfd2edbb7a09f5bfe96b2bca043680f731237a;hp=3fde2b1e77154c1ba7ebcc7c3e320716d66785bd;hpb=3974bb0e4413cf1a9be25c0bd8904227c590419b;p=openldap diff --git a/servers/slapd/overlays/translucent.c b/servers/slapd/overlays/translucent.c index 3fde2b1e77..92d9a21151 100644 --- a/servers/slapd/overlays/translucent.c +++ b/servers/slapd/overlays/translucent.c @@ -2,7 +2,7 @@ /* $OpenLDAP$ */ /* This work is part of OpenLDAP Software . * - * Copyright 2004-2006 The OpenLDAP Foundation. + * Copyright 2004-2009 The OpenLDAP Foundation. * Portions Copyright 2005 Symas Corporation. * All rights reserved. * @@ -31,24 +31,195 @@ #include "slap.h" #include "lutil.h" -/* config block */ +#include "config.h" -typedef struct translucent_configuration { - int debug; +/* config block */ +typedef struct translucent_info { + BackendDB db; /* captive backend */ + AttributeName *local; /* valid attrs for local filters */ + AttributeName *remote; /* valid attrs for remote filters */ int strict; - int no_add; - int glue; -} translucent_configuration; + int no_glue; + int defer_db_open; + int bind_local; + int pwmod_local; +} translucent_info; + +static ConfigLDAPadd translucent_ldadd; +static ConfigCfAdd translucent_cfadd; + +static ConfigDriver translucent_cf_gen; + +enum { + TRANS_LOCAL = 1, + TRANS_REMOTE +}; + +static ConfigTable translucentcfg[] = { + { "translucent_strict", "on|off", 1, 2, 0, + ARG_ON_OFF|ARG_OFFSET, + (void *)offsetof(translucent_info, strict), + "( OLcfgOvAt:14.1 NAME 'olcTranslucentStrict' " + "DESC 'Reveal attribute deletion constraint violations' " + "SYNTAX OMsBoolean SINGLE-VALUE )", NULL, NULL }, + { "translucent_no_glue", "on|off", 1, 2, 0, + ARG_ON_OFF|ARG_OFFSET, + (void *)offsetof(translucent_info, no_glue), + "( OLcfgOvAt:14.2 NAME 'olcTranslucentNoGlue' " + "DESC 'Disable automatic glue records for ADD and MODRDN' " + "SYNTAX OMsBoolean SINGLE-VALUE )", NULL, NULL }, + { "translucent_local", "attr[,attr...]", 1, 2, 0, + ARG_MAGIC|TRANS_LOCAL, + translucent_cf_gen, + "( OLcfgOvAt:14.3 NAME 'olcTranslucentLocal' " + "DESC 'Attributes to use in local search filter' " + "SYNTAX OMsDirectoryString )", NULL, NULL }, + { "translucent_remote", "attr[,attr...]", 1, 2, 0, + ARG_MAGIC|TRANS_REMOTE, + translucent_cf_gen, + "( OLcfgOvAt:14.4 NAME 'olcTranslucentRemote' " + "DESC 'Attributes to use in remote search filter' " + "SYNTAX OMsDirectoryString )", NULL, NULL }, + { "translucent_bind_local", "on|off", 1, 2, 0, + ARG_ON_OFF|ARG_OFFSET, + (void *)offsetof(translucent_info, bind_local), + "( OLcfgOvAt:14.5 NAME 'olcTranslucentBindLocal' " + "DESC 'Enable local bind' " + "SYNTAX OMsBoolean SINGLE-VALUE)", NULL, NULL }, + { "translucent_pwmod_local", "on|off", 1, 2, 0, + ARG_ON_OFF|ARG_OFFSET, + (void *)offsetof(translucent_info, pwmod_local), + "( OLcfgOvAt:14.6 NAME 'olcTranslucentPwModLocal' " + "DESC 'Enable local RFC 3062 Password Modify extended operation' " + "SYNTAX OMsBoolean SINGLE-VALUE)", NULL, NULL }, + { NULL, NULL, 0, 0, 0, ARG_IGNORED } +}; + +static ConfigOCs translucentocs[] = { + { "( OLcfgOvOc:14.1 " + "NAME 'olcTranslucentConfig' " + "DESC 'Translucent configuration' " + "SUP olcOverlayConfig " + "MAY ( olcTranslucentStrict $ olcTranslucentNoGlue $" + " olcTranslucentLocal $ olcTranslucentRemote $" + " olcTranslucentBindLocal $ olcTranslucentPwModLocal ) )", + Cft_Overlay, translucentcfg, NULL, translucent_cfadd }, + { "( OLcfgOvOc:14.2 " + "NAME 'olcTranslucentDatabase' " + "DESC 'Translucent target database configuration' " + "AUXILIARY )", Cft_Misc, olcDatabaseDummy, translucent_ldadd }, + { NULL, 0, NULL } +}; +/* for translucent_init() */ -/* stack of captive backends */ +static int +translucent_ldadd_cleanup( ConfigArgs *ca ) +{ + slap_overinst *on = ca->ca_private; + translucent_info *ov = on->on_bi.bi_private; -typedef struct overlay_stack { - BackendInfo *info; /* captive backend */ - void *private; /* local backend_private */ - translucent_configuration *config; /* our_private: configuration */ -} overlay_stack; + ov->defer_db_open = 0; + return backend_startup_one( ca->be, &ca->reply ); +} -/* for translucent_init() */ +static int +translucent_ldadd( CfEntryInfo *cei, Entry *e, ConfigArgs *ca ) +{ + slap_overinst *on; + translucent_info *ov; + + Debug(LDAP_DEBUG_TRACE, "==> translucent_ldadd\n", 0, 0, 0); + + if ( cei->ce_type != Cft_Overlay || !cei->ce_bi || + cei->ce_bi->bi_cf_ocs != translucentocs ) + return LDAP_CONSTRAINT_VIOLATION; + + on = (slap_overinst *)cei->ce_bi; + ov = on->on_bi.bi_private; + ca->be = &ov->db; + ca->ca_private = on; + if ( CONFIG_ONLINE_ADD( ca )) + ca->cleanup = translucent_ldadd_cleanup; + else + ov->defer_db_open = 0; + + return LDAP_SUCCESS; +} + +static int +translucent_cfadd( Operation *op, SlapReply *rs, Entry *e, ConfigArgs *ca ) +{ + CfEntryInfo *cei = e->e_private; + slap_overinst *on = (slap_overinst *)cei->ce_bi; + translucent_info *ov = on->on_bi.bi_private; + struct berval bv; + + Debug(LDAP_DEBUG_TRACE, "==> translucent_cfadd\n", 0, 0, 0); + + /* FIXME: should not hardcode "olcDatabase" here */ + bv.bv_len = snprintf( ca->cr_msg, sizeof( ca->cr_msg ), + "olcDatabase=%s", ov->db.bd_info->bi_type ); + if ( bv.bv_len >= sizeof( ca->cr_msg ) ) { + return -1; + } + bv.bv_val = ca->cr_msg; + ca->be = &ov->db; + ov->defer_db_open = 0; + + /* We can only create this entry if the database is table-driven + */ + if ( ov->db.bd_info->bi_cf_ocs ) + config_build_entry( op, rs, cei, ca, &bv, + ov->db.bd_info->bi_cf_ocs, + &translucentocs[1] ); + + return 0; +} + +static int +translucent_cf_gen( ConfigArgs *c ) +{ + slap_overinst *on = (slap_overinst *)c->bi; + translucent_info *ov = on->on_bi.bi_private; + AttributeName **an, *a2; + int i; + + if ( c->type == TRANS_LOCAL ) + an = &ov->local; + else + an = &ov->remote; + + if ( c->op == SLAP_CONFIG_EMIT ) { + if ( !*an ) + return 1; + for ( i = 0; !BER_BVISNULL(&(*an)[i].an_name); i++ ) { + value_add_one( &c->rvalue_vals, &(*an)[i].an_name ); + } + return ( i < 1 ); + } else if ( c->op == LDAP_MOD_DELETE ) { + if ( c->valx < 0 ) { + anlist_free( *an, 1, NULL ); + *an = NULL; + } else { + i = c->valx; + ch_free( (*an)[i].an_name.bv_val ); + do { + (*an)[i] = (*an)[i+1]; + } while ( !BER_BVISNULL( &(*an)[i].an_name )); + } + return 0; + } + a2 = str2anlist( *an, c->argv[1], "," ); + if ( !a2 ) { + snprintf( c->cr_msg, sizeof( c->cr_msg ), "%s unable to parse attribute %s", + c->argv[0], c->argv[1] ); + Debug( LDAP_DEBUG_CONFIG|LDAP_DEBUG_NONE, + "%s: %s\n", c->log, c->cr_msg, 0 ); + return ARG_BAD_CONF; + } + *an = a2; + return 0; +} static slap_overinst translucent; @@ -73,13 +244,13 @@ void glue_parent(Operation *op) { Debug(LDAP_DEBUG_TRACE, "=> glue_parent: fabricating glue for <%s>\n", ndn.bv_val, 0, 0); - e = ch_calloc(1, sizeof(Entry)); + e = entry_alloc(); e->e_id = NOID; ber_dupbv(&e->e_name, &ndn); ber_dupbv(&e->e_nname, &ndn); - a = ch_calloc(1, sizeof(Attribute)); - a->a_desc = slap_schema.si_ad_objectClass; + a = attr_alloc( slap_schema.si_ad_objectClass ); + a->a_numvals = 2; a->a_vals = ch_malloc(sizeof(struct berval) * 3); ber_dupbv(&a->a_vals[0], &glue[0]); ber_dupbv(&a->a_vals[1], &glue[1]); @@ -88,8 +259,8 @@ void glue_parent(Operation *op) { a->a_next = e->e_attrs; e->e_attrs = a; - a = ch_calloc(1, sizeof(Attribute)); - a->a_desc = slap_schema.si_ad_structuralObjectClass; + a = attr_alloc( slap_schema.si_ad_structuralObjectClass ); + a->a_numvals = 1; a->a_vals = ch_malloc(sizeof(struct berval) * 2); ber_dupbv(&a->a_vals[0], &glue[1]); ber_dupbv(&a->a_vals[1], &glue[2]); @@ -100,9 +271,10 @@ void glue_parent(Operation *op) { nop.o_req_dn = ndn; nop.o_req_ndn = ndn; nop.ora_e = e; - nop.o_bd->bd_info = (BackendInfo *) on->on_info->oi_orig; + nop.o_bd->bd_info = (BackendInfo *) on->on_info->oi_orig; syncrepl_add_glue(&nop, e); + nop.o_bd->bd_info = (BackendInfo *) on; op->o_tmpfree( ndn.bv_val, op->o_tmpmemctx ); @@ -130,58 +302,65 @@ BerVarray dup_bervarray(BerVarray b) { ** free only the Attribute*, not the contents; ** */ -void free_attr_chain(Attribute *a) { - Attribute *ax; - for(; a; a = ax) { - ax = a->a_next; - ch_free(a); +void free_attr_chain(Attribute *b) { + Attribute *a; + for(a=b; a; a=a->a_next) { + a->a_vals = NULL; + a->a_nvals = NULL; } + attrs_free( b ); return; } /* ** translucent_add() ** if not bound as root, send ACCESS error; -** if config.glue, glue_parent(); +** if glue, glue_parent(); ** return CONTINUE; ** */ static int translucent_add(Operation *op, SlapReply *rs) { slap_overinst *on = (slap_overinst *) op->o_bd->bd_info; - overlay_stack *ov = on->on_bi.bi_private; + translucent_info *ov = on->on_bi.bi_private; Debug(LDAP_DEBUG_TRACE, "==> translucent_add: %s\n", op->o_req_dn.bv_val, 0, 0); if(!be_isroot(op)) { op->o_bd->bd_info = (BackendInfo *) on->on_info; send_ldap_error(op, rs, LDAP_INSUFFICIENT_ACCESS, "user modification of overlay database not permitted"); + op->o_bd->bd_info = (BackendInfo *) on; return(rs->sr_err); } - if(!ov->config->glue) glue_parent(op); + if(!ov->no_glue) glue_parent(op); return(SLAP_CB_CONTINUE); } /* ** translucent_modrdn() ** if not bound as root, send ACCESS error; -** if !config.glue, glue_parent(); +** if !glue, glue_parent(); ** else return CONTINUE; ** */ static int translucent_modrdn(Operation *op, SlapReply *rs) { slap_overinst *on = (slap_overinst *) op->o_bd->bd_info; - overlay_stack *ov = on->on_bi.bi_private; + translucent_info *ov = on->on_bi.bi_private; Debug(LDAP_DEBUG_TRACE, "==> translucent_modrdn: %s -> %s\n", op->o_req_dn.bv_val, op->orr_newrdn.bv_val, 0); if(!be_isroot(op)) { op->o_bd->bd_info = (BackendInfo *) on->on_info; send_ldap_error(op, rs, LDAP_INSUFFICIENT_ACCESS, "user modification of overlay database not permitted"); + op->o_bd->bd_info = (BackendInfo *) on; return(rs->sr_err); } - if(!ov->config->glue) glue_parent(op); + if(!ov->no_glue) { + op->o_tag = LDAP_REQ_ADD; + glue_parent(op); + op->o_tag = LDAP_REQ_MODRDN; + } return(SLAP_CB_CONTINUE); } @@ -200,6 +379,7 @@ static int translucent_delete(Operation *op, SlapReply *rs) { op->o_bd->bd_info = (BackendInfo *) on->on_info; send_ldap_error(op, rs, LDAP_INSUFFICIENT_ACCESS, "user modification of overlay database not permitted"); + op->o_bd->bd_info = (BackendInfo *) on; return(rs->sr_err); } return(SLAP_CB_CONTINUE); @@ -208,7 +388,8 @@ static int translucent_delete(Operation *op, SlapReply *rs) { static int translucent_tag_cb( Operation *op, SlapReply *rs ) { - op->o_tag = (ber_tag_t)op->o_callback->sc_private; + op->o_tag = LDAP_REQ_MODIFY; + op->orm_modlist = op->o_callback->sc_private; rs->sr_tag = slap_req2res( op->o_tag ); return SLAP_CB_CONTINUE; @@ -224,20 +405,24 @@ translucent_tag_cb( Operation *op, SlapReply *rs ) static int translucent_modify(Operation *op, SlapReply *rs) { SlapReply nrs = { REP_RESULT }; - Operation nop = *op; slap_overinst *on = (slap_overinst *) op->o_bd->bd_info; - overlay_stack *ov = on->on_bi.bi_private; - void *private = op->o_bd->be_private; - Entry ne, *e = NULL, *re = NULL; + translucent_info *ov = on->on_bi.bi_private; + Entry *e = NULL, *re = NULL; Attribute *a, *ax; - Modifications *m, *mm; + Modifications *m, **mm; + BackendDB *db; int del, rc, erc = 0; slap_callback cb = { 0 }; Debug(LDAP_DEBUG_TRACE, "==> translucent_modify: %s\n", op->o_req_dn.bv_val, 0, 0); + if(ov->defer_db_open) { + send_ldap_error(op, rs, LDAP_UNAVAILABLE, + "remote DB not available"); + return(rs->sr_err); + } /* ** fetch entry from the captive backend; ** if it did not exist, fail; @@ -245,18 +430,16 @@ static int translucent_modify(Operation *op, SlapReply *rs) { ** */ - op->o_bd->bd_info = (BackendInfo *) on->on_info; - op->o_bd->be_private = ov->private; - rc = ov->info->bi_entry_get_rw(op, &op->o_req_ndn, NULL, NULL, 0, &re); - op->o_bd->be_private = private; - - /* if(ov->config->no_add && (!re || rc != LDAP_SUCCESS)) */ + db = op->o_bd; + op->o_bd = &ov->db; + ov->db.be_acl = op->o_bd->be_acl; + rc = ov->db.bd_info->bi_entry_get_rw(op, &op->o_req_ndn, NULL, NULL, 0, &re); if(rc != LDAP_SUCCESS || re == NULL ) { - send_ldap_error(op, rs, LDAP_NO_SUCH_OBJECT, + send_ldap_error((op), rs, LDAP_NO_SUCH_OBJECT, "attempt to modify nonexistent local record"); return(rs->sr_err); } - + op->o_bd = db; /* ** fetch entry from local backend; ** if it exists: @@ -270,14 +453,20 @@ static int translucent_modify(Operation *op, SlapReply *rs) { ** */ + op->o_bd->bd_info = (BackendInfo *) on->on_info; rc = be_entry_get_rw(op, &op->o_req_ndn, NULL, NULL, 0, &e); + op->o_bd->bd_info = (BackendInfo *) on; if(e && rc == LDAP_SUCCESS) { Debug(LDAP_DEBUG_TRACE, "=> translucent_modify: found local entry\n", 0, 0, 0); - for(m = op->orm_modlist; m; m = m->sml_next) { + for(mm = &op->orm_modlist; *mm; ) { + m = *mm; for(a = e->e_attrs; a; a = a->a_next) if(a->a_desc == m->sml_desc) break; - if(a) continue; /* found local attr */ + if(a) { + mm = &m->sml_next; + continue; /* found local attr */ + } if(m->sml_op == LDAP_MOD_DELETE) { for(a = re->e_attrs; a; a = a->a_next) if(a->a_desc == m->sml_desc) break; @@ -286,36 +475,35 @@ static int translucent_modify(Operation *op, SlapReply *rs) { erc = LDAP_NO_SUCH_ATTRIBUTE; goto release; } - if(ov->config->strict) { + if(ov->strict) { erc = LDAP_CONSTRAINT_VIOLATION; goto release; } Debug(LDAP_DEBUG_TRACE, "=> translucent_modify: silently dropping delete: %s\n", m->sml_desc->ad_cname.bv_val, 0, 0); - for(mm = op->orm_modlist; mm->sml_next != m; mm = mm->sml_next); - mm->sml_next = m->sml_next; - mm = m; - m = m->sml_next; - mm->sml_next = NULL; /* hack */ - slap_mods_free(mm, 1); - if(m) continue; + *mm = m->sml_next; + m->sml_next = NULL; + slap_mods_free(m, 1); + continue; } m->sml_op = LDAP_MOD_ADD; + mm = &m->sml_next; } erc = SLAP_CB_CONTINUE; release: if(re) { - op->o_bd->be_private = ov->private; - if(ov->info->bi_entry_release_rw) - ov->info->bi_entry_release_rw(op, re, 0); - else + if(ov->db.bd_info->bi_entry_release_rw) { + op->o_bd = &ov->db; + ov->db.bd_info->bi_entry_release_rw(op, re, 0); + op->o_bd = db; + } else entry_free(re); - op->o_bd->be_private = private; } + op->o_bd->bd_info = (BackendInfo *) on->on_info; be_entry_release_r(op, e); + op->o_bd->bd_info = (BackendInfo *) on; if(erc == SLAP_CB_CONTINUE) { - op->o_bd->bd_info = (BackendInfo *) on; return(erc); } else if(erc) { send_ldap_error(op, rs, erc, @@ -326,18 +514,18 @@ release: /* don't leak remote entry copy */ if(re) { - op->o_bd->be_private = ov->private; - if(ov->info->bi_entry_release_rw) - ov->info->bi_entry_release_rw(op, re, 0); - else + if(ov->db.bd_info->bi_entry_release_rw) { + op->o_bd = &ov->db; + ov->db.bd_info->bi_entry_release_rw(op, re, 0); + op->o_bd = db; + } else entry_free(re); - op->o_bd->be_private = private; } /* ** foreach Modification: ** if MOD_ADD or MOD_REPLACE, add Attribute; ** if no Modifications were suitable: -** if config.strict, throw CONSTRAINT_VIOLATION; +** if strict, throw CONSTRAINT_VIOLATION; ** else, return early SUCCESS; ** fabricate Entry with new Attribute chain; ** glue_parent() for this Entry; @@ -348,6 +536,7 @@ release: Debug(LDAP_DEBUG_TRACE, "=> translucent_modify: fabricating local add\n", 0, 0, 0); a = NULL; for(del = 0, ax = NULL, m = op->orm_modlist; m; m = m->sml_next) { + Attribute atmp; if(((m->sml_op & LDAP_MOD_OP) != LDAP_MOD_ADD) && ((m->sml_op & LDAP_MOD_OP) != LDAP_MOD_REPLACE)) { Debug(LDAP_DEBUG_ANY, @@ -356,66 +545,63 @@ release: if((m->sml_op & LDAP_MOD_OP) == LDAP_MOD_DELETE) del++; continue; } - a = ch_calloc(1, sizeof(Attribute)); - a->a_desc = m->sml_desc; - a->a_vals = m->sml_values; - a->a_nvals = m->sml_nvalues; + atmp.a_desc = m->sml_desc; + atmp.a_vals = m->sml_values; + atmp.a_nvals = m->sml_nvalues ? m->sml_nvalues : atmp.a_vals; + atmp.a_numvals = m->sml_numvals; + atmp.a_flags = 0; + a = attr_dup( &atmp ); a->a_next = ax; ax = a; } - if(del && ov->config->strict) { - free_attr_chain(a); + if(del && ov->strict) { + attrs_free( a ); send_ldap_error(op, rs, LDAP_CONSTRAINT_VIOLATION, "attempt to delete attributes from local database"); return(rs->sr_err); } if(!ax) { - if(ov->config->strict) { + if(ov->strict) { send_ldap_error(op, rs, LDAP_CONSTRAINT_VIOLATION, "modification contained other than ADD or REPLACE"); return(rs->sr_err); } - op->o_bd->bd_info = (BackendInfo *) on; /* rs->sr_text = "no valid modification found"; */ rs->sr_err = LDAP_SUCCESS; send_ldap_result(op, rs); return(rs->sr_err); } - ne.e_id = NOID; - ne.e_name = op->o_req_dn; - ne.e_nname = op->o_req_ndn; - ne.e_attrs = a; - ne.e_ocflags = 0; - ne.e_bv.bv_len = 0; - ne.e_bv.bv_val = NULL; - ne.e_private = NULL; + e = entry_alloc(); + ber_dupbv( &e->e_name, &op->o_req_dn ); + ber_dupbv( &e->e_nname, &op->o_req_ndn ); + e->e_attrs = a; - nop.o_tag = LDAP_REQ_ADD; - nop.oq_add.rs_e = ≠ + op->o_tag = LDAP_REQ_ADD; + cb.sc_response = translucent_tag_cb; + cb.sc_private = op->orm_modlist; + op->oq_add.rs_e = e; - op->o_bd->bd_info = (BackendInfo *) on; - glue_parent(&nop); + glue_parent(op); - cb.sc_response = translucent_tag_cb; - cb.sc_private = (void *)LDAP_REQ_MODIFY; - cb.sc_next = nop.o_callback; - nop.o_callback = &cb; - rc = on->on_info->oi_orig->bi_op_add(&nop, &nrs); - free_attr_chain(a); + cb.sc_next = op->o_callback; + op->o_callback = &cb; + rc = on->on_info->oi_orig->bi_op_add(op, &nrs); + if ( op->ora_e == e ) + entry_free( e ); + op->o_callback = cb.sc_next; return(rc); } static int translucent_compare(Operation *op, SlapReply *rs) { slap_overinst *on = (slap_overinst *) op->o_bd->bd_info; - overlay_stack *ov = on->on_bi.bi_private; - void *private = op->o_bd->be_private; - + translucent_info *ov = on->on_bi.bi_private; AttributeAssertion *ava = op->orc_ava; Entry *e; + BackendDB *db; int rc; Debug(LDAP_DEBUG_TRACE, "==> translucent_compare: <%s> %s:%s\n", @@ -425,73 +611,276 @@ static int translucent_compare(Operation *op, SlapReply *rs) { ** if the local backend has an entry for this attribute: ** CONTINUE and let it do the compare; ** +*/ + rc = overlay_entry_get_ov(op, &op->o_req_ndn, NULL, ava->aa_desc, 0, &e, on); + if(rc == LDAP_SUCCESS && e) { + overlay_entry_release_ov(op, e, 0, on); + return(SLAP_CB_CONTINUE); + } + + if(ov->defer_db_open) { + send_ldap_error(op, rs, LDAP_UNAVAILABLE, + "remote DB not available"); + return(rs->sr_err); + } +/* +** call compare() in the captive backend; +** return the result; +** +*/ + db = op->o_bd; + op->o_bd = &ov->db; + ov->db.be_acl = op->o_bd->be_acl; + rc = ov->db.bd_info->bi_op_compare(op, rs); + op->o_bd = db; + + return(rc); +} + +static int translucent_pwmod(Operation *op, SlapReply *rs) { + SlapReply nrs = { REP_RESULT }; + Operation nop; + + slap_overinst *on = (slap_overinst *) op->o_bd->bd_info; + translucent_info *ov = on->on_bi.bi_private; + const struct berval bv_exop_pwmod = BER_BVC(LDAP_EXOP_MODIFY_PASSWD); + Entry *e = NULL, *re = NULL; + BackendDB *db; + int rc = 0; + slap_callback cb = { 0 }; + + if (!ov->pwmod_local) { + rs->sr_err = LDAP_CONSTRAINT_VIOLATION, + rs->sr_text = "attempt to modify password in local database"; + return rs->sr_err; + } + +/* +** fetch entry from the captive backend; +** if it did not exist, fail; +** release it, if captive backend supports this; +** +*/ + db = op->o_bd; + op->o_bd = &ov->db; + ov->db.be_acl = op->o_bd->be_acl; + rc = ov->db.bd_info->bi_entry_get_rw(op, &op->o_req_ndn, NULL, NULL, 0, &re); + if(rc != LDAP_SUCCESS || re == NULL ) { + send_ldap_error((op), rs, LDAP_NO_SUCH_OBJECT, + "attempt to modify nonexistent local record"); + return(rs->sr_err); + } + op->o_bd = db; +/* +** fetch entry from local backend; +** if it exists: +** return CONTINUE; */ op->o_bd->bd_info = (BackendInfo *) on->on_info; - rc = be_entry_get_rw(op, &op->o_req_ndn, NULL, ava->aa_desc, 0, &e); + rc = be_entry_get_rw(op, &op->o_req_ndn, NULL, NULL, 0, &e); + op->o_bd->bd_info = (BackendInfo *) on; + if(e && rc == LDAP_SUCCESS) { + if(re) { + if(ov->db.bd_info->bi_entry_release_rw) { + op->o_bd = &ov->db; + ov->db.bd_info->bi_entry_release_rw(op, re, 0); + op->o_bd = db; + } else { + entry_free(re); + } + } + op->o_bd->bd_info = (BackendInfo *) on->on_info; be_entry_release_r(op, e); op->o_bd->bd_info = (BackendInfo *) on; - return(SLAP_CB_CONTINUE); + return SLAP_CB_CONTINUE; } + /* don't leak remote entry copy */ + if(re) { + if(ov->db.bd_info->bi_entry_release_rw) { + op->o_bd = &ov->db; + ov->db.bd_info->bi_entry_release_rw(op, re, 0); + op->o_bd = db; + } else { + entry_free(re); + } + } /* -** call compare() in the captive backend; -** return the result; +** glue_parent() for this Entry; +** call bi_op_add() in local backend; ** */ + e = entry_alloc(); + ber_dupbv( &e->e_name, &op->o_req_dn ); + ber_dupbv( &e->e_nname, &op->o_req_ndn ); + e->e_attrs = NULL; - op->o_bd->be_private = ov->private; - rc = ov->info->bi_op_compare(op, rs); - op->o_bd->be_private = private; - op->o_bd->bd_info = (BackendInfo *) on; - return(rc); + nop = *op; + nop.o_tag = LDAP_REQ_ADD; + cb.sc_response = slap_null_cb; + nop.oq_add.rs_e = e; + + glue_parent(&nop); + + nop.o_callback = &cb; + rc = on->on_info->oi_orig->bi_op_add(&nop, &nrs); + if ( nop.ora_e == e ) { + entry_free( e ); + } + + if ( rc == LDAP_SUCCESS ) { + return SLAP_CB_CONTINUE; + } + + return rc; +} + +static int translucent_exop(Operation *op, SlapReply *rs) { + SlapReply nrs = { REP_RESULT }; + + slap_overinst *on = (slap_overinst *) op->o_bd->bd_info; + translucent_info *ov = on->on_bi.bi_private; + const struct berval bv_exop_pwmod = BER_BVC(LDAP_EXOP_MODIFY_PASSWD); + + Debug(LDAP_DEBUG_TRACE, "==> translucent_exop: %s\n", + op->o_req_dn.bv_val, 0, 0); + + if(ov->defer_db_open) { + send_ldap_error(op, rs, LDAP_UNAVAILABLE, + "remote DB not available"); + return(rs->sr_err); + } + + if ( bvmatch( &bv_exop_pwmod, &op->ore_reqoid ) ) { + return translucent_pwmod( op, rs ); + } + + return SLAP_CB_CONTINUE; } /* ** translucent_search_cb() -** merge local data with the search result +** merge local data with remote data ** +** Four cases: +** 1: remote search, no local filter +** merge data and send immediately +** 2: remote search, with local filter +** merge data and save +** 3: local search, no remote filter +** merge data and send immediately +** 4: local search, with remote filter +** check list, merge, send, delete */ +#define RMT_SIDE 0 +#define LCL_SIDE 1 +#define USE_LIST 2 + +typedef struct trans_ctx { + BackendDB *db; + slap_overinst *on; + Filter *orig; + Avlnode *list; + int step; +} trans_ctx; + static int translucent_search_cb(Operation *op, SlapReply *rs) { + trans_ctx *tc; + BackendDB *db; slap_overinst *on; - Entry *e, *re = NULL; + translucent_info *ov; + Entry *le, *re; Attribute *a, *ax, *an, *as = NULL; - void *private; int rc; + int test_f = 0; + + tc = op->o_callback->sc_private; + + /* Don't let the op complete while we're gathering data */ + if ( rs->sr_type == REP_RESULT && ( tc->step & USE_LIST )) + return 0; if(!op || !rs || rs->sr_type != REP_SEARCH || !rs->sr_entry) return(SLAP_CB_CONTINUE); - Debug(LDAP_DEBUG_TRACE, "==> tranclucent_search_cb: %s\n", + Debug(LDAP_DEBUG_TRACE, "==> translucent_search_cb: %s\n", rs->sr_entry->e_name.bv_val, 0, 0); - on = (slap_overinst *) op->o_bd->bd_info; - op->o_bd->bd_info = (BackendInfo *) on->on_info; - - private = op->o_bd->be_private; - op->o_bd->be_private = op->o_callback->sc_private; - - rc = be_entry_get_rw(op, &rs->sr_entry->e_nname, NULL, NULL, 0, &e); + on = tc->on; + ov = on->on_bi.bi_private; + + db = op->o_bd; + re = NULL; + + /* If we have local, get remote */ + if ( tc->step & LCL_SIDE ) { + le = rs->sr_entry; + /* If entry is already on list, use it */ + if ( tc->step & USE_LIST ) { + re = tavl_delete( &tc->list, le, entry_dn_cmp ); + if ( re ) { + if ( rs->sr_flags & REP_ENTRY_MUSTRELEASE ) { + rs->sr_flags ^= REP_ENTRY_MUSTRELEASE; + overlay_entry_release_ov( op, rs->sr_entry, 0, on ); + } + if ( rs->sr_flags & REP_ENTRY_MUSTBEFREED ) { + rs->sr_flags ^= REP_ENTRY_MUSTBEFREED; + entry_free( rs->sr_entry ); + } + rc = test_filter( op, re, tc->orig ); + if ( rc == LDAP_COMPARE_TRUE ) { + rs->sr_flags |= REP_ENTRY_MUSTBEFREED; + rs->sr_entry = re; + return SLAP_CB_CONTINUE; + } else { + entry_free( re ); + rs->sr_entry = NULL; + return 0; + } + } + } + op->o_bd = &ov->db; + rc = be_entry_get_rw( op, &rs->sr_entry->e_nname, NULL, NULL, 0, &re ); + if ( rc == LDAP_SUCCESS && re ) { + Entry *tmp = entry_dup( re ); + be_entry_release_r( op, re ); + re = tmp; + test_f = 1; + } + } else { + /* Else we have remote, get local */ + op->o_bd = tc->db; + rc = overlay_entry_get_ov(op, &rs->sr_entry->e_nname, NULL, NULL, 0, &le, on); + if ( rc == LDAP_SUCCESS && le ) { + re = entry_dup( rs->sr_entry ); + if ( rs->sr_flags & REP_ENTRY_MUSTRELEASE ) { + rs->sr_flags ^= REP_ENTRY_MUSTRELEASE; + overlay_entry_release_ov( op, rs->sr_entry, 0, on ); + } + if ( rs->sr_flags & REP_ENTRY_MUSTBEFREED ) { + rs->sr_flags ^= REP_ENTRY_MUSTBEFREED; + entry_free( rs->sr_entry ); + } + } else { + le = NULL; + } + } /* -** if we got an entry from local backend: -** make a copy of this search result; +** if we got remote and local entry: ** foreach local attr: -** foreach search result attr: -** if match, result attr with local attr; +** foreach remote attr: +** if match, remote attr with local attr; ** if new local, add to list; -** append new local attrs to search result; +** append new local attrs to remote; ** */ - if(e && rc == LDAP_SUCCESS) { - re = entry_dup(rs->sr_entry); - for(ax = e->e_attrs; ax; ax = ax->a_next) { -#if 0 - if(is_at_operational(ax->a_desc->ad_type)) continue; -#endif + if ( re && le ) { + for(ax = le->e_attrs; ax; ax = ax->a_next) { for(a = re->e_attrs; a; a = a->a_next) { if(a->a_desc == ax->a_desc) { if(a->a_vals != a->a_nvals) @@ -508,7 +897,19 @@ static int translucent_search_cb(Operation *op, SlapReply *rs) { an->a_next = as; as = an; } - be_entry_release_r(op, e); + /* Dispose of local entry */ + if ( tc->step & LCL_SIDE ) { + if ( rs->sr_flags & REP_ENTRY_MUSTRELEASE ) { + rs->sr_flags ^= REP_ENTRY_MUSTRELEASE; + overlay_entry_release_ov( op, rs->sr_entry, 0, on ); + } + if ( rs->sr_flags & REP_ENTRY_MUSTBEFREED ) { + rs->sr_flags ^= REP_ENTRY_MUSTBEFREED; + entry_free( rs->sr_entry ); + } + } else { + overlay_entry_release_ov(op, le, 0, on); + } /* literally append, so locals are always last */ if(as) { @@ -519,14 +920,152 @@ static int translucent_search_cb(Operation *op, SlapReply *rs) { re->e_attrs = as; } } - rs->sr_entry = re; - rs->sr_flags |= REP_ENTRY_MUSTBEFREED; + /* If both filters, save entry for later */ + if ( tc->step == (USE_LIST|RMT_SIDE) ) { + tavl_insert( &tc->list, re, entry_dn_cmp, avl_dup_error ); + rs->sr_entry = NULL; + rc = 0; + } else { + /* send it now */ + rs->sr_entry = re; + rs->sr_flags |= REP_ENTRY_MUSTBEFREED; + if ( test_f ) { + rc = test_filter( op, rs->sr_entry, tc->orig ); + if ( rc == LDAP_COMPARE_TRUE ) { + rc = SLAP_CB_CONTINUE; + } else { + rc = 0; + } + } else { + rc = SLAP_CB_CONTINUE; + } + } + } else if ( le ) { + /* Only a local entry: remote was deleted + * Ought to delete the local too... + */ + rc = 0; + } else if ( tc->step & USE_LIST ) { + /* Only a remote entry, but both filters: + * Test the complete filter + */ + rc = test_filter( op, rs->sr_entry, tc->orig ); + if ( rc == LDAP_COMPARE_TRUE ) { + rc = SLAP_CB_CONTINUE; + } else { + rc = 0; + } + } else { + /* Only a remote entry, only remote filter: + * just pass thru + */ + rc = SLAP_CB_CONTINUE; } - op->o_bd->be_private = private; - op->o_bd->bd_info = (BackendInfo *) on; + op->o_bd = db; + return rc; +} - return(SLAP_CB_CONTINUE); +/* Dup the filter, excluding invalid elements */ +static Filter * +trans_filter_dup(Operation *op, Filter *f, AttributeName *an) +{ + Filter *n = NULL; + + if ( !f ) + return NULL; + + switch( f->f_choice & SLAPD_FILTER_MASK ) { + case SLAPD_FILTER_COMPUTED: + n = op->o_tmpalloc( sizeof(Filter), op->o_tmpmemctx ); + n->f_choice = f->f_choice; + n->f_result = f->f_result; + n->f_next = NULL; + break; + + case LDAP_FILTER_PRESENT: + if ( ad_inlist( f->f_desc, an )) { + n = op->o_tmpalloc( sizeof(Filter), op->o_tmpmemctx ); + n->f_choice = f->f_choice; + n->f_desc = f->f_desc; + n->f_next = NULL; + } + break; + + case LDAP_FILTER_EQUALITY: + case LDAP_FILTER_GE: + case LDAP_FILTER_LE: + case LDAP_FILTER_APPROX: + case LDAP_FILTER_SUBSTRINGS: + case LDAP_FILTER_EXT: + if ( !f->f_av_desc || ad_inlist( f->f_av_desc, an )) { + n = op->o_tmpalloc( sizeof(Filter), op->o_tmpmemctx ); + n->f_choice = f->f_choice; + n->f_ava = f->f_ava; + n->f_next = NULL; + } + break; + + case LDAP_FILTER_AND: + case LDAP_FILTER_OR: + case LDAP_FILTER_NOT: { + Filter **p; + + n = op->o_tmpalloc( sizeof(Filter), op->o_tmpmemctx ); + n->f_choice = f->f_choice; + n->f_next = NULL; + + for ( p = &n->f_list, f = f->f_list; f; f = f->f_next ) { + *p = trans_filter_dup( op, f, an ); + if ( !*p ) + continue; + p = &(*p)->f_next; + } + /* nothing valid in this list */ + if ( !n->f_list ) { + op->o_tmpfree( n, op->o_tmpmemctx ); + return NULL; + } + /* Only 1 element in this list */ + if ((n->f_choice & SLAPD_FILTER_MASK) != LDAP_FILTER_NOT && + !n->f_list->f_next ) { + f = n->f_list; + *n = *f; + op->o_tmpfree( f, op->o_tmpmemctx ); + } + break; + } + } + return n; +} + +static void +trans_filter_free( Operation *op, Filter *f ) +{ + Filter *n, *p, *next; + + f->f_choice &= SLAPD_FILTER_MASK; + + switch( f->f_choice ) { + case LDAP_FILTER_AND: + case LDAP_FILTER_OR: + case LDAP_FILTER_NOT: + /* Free in reverse order */ + n = NULL; + for ( p = f->f_list; p; p = next ) { + next = p->f_next; + p->f_next = n; + n = p; + } + for ( p = n; p; p = next ) { + next = p->f_next; + trans_filter_free( op, p ); + } + break; + default: + break; + } + op->o_tmpfree( f, op->o_tmpmemctx ); } /* @@ -537,27 +1076,94 @@ static int translucent_search_cb(Operation *op, SlapReply *rs) { */ static int translucent_search(Operation *op, SlapReply *rs) { - Operation nop = *op; - slap_overinst *on = (slap_overinst *) op->o_bd->bd_info; + translucent_info *ov = on->on_bi.bi_private; slap_callback cb = { NULL, NULL, NULL, NULL }; - overlay_stack *ov = on->on_bi.bi_private; - void *private = op->o_bd->be_private; - int rc; + trans_ctx tc; + Filter *fl, *fr; + struct berval fbv; + int rc = 0; Debug(LDAP_DEBUG_TRACE, "==> translucent_search: <%s> %s\n", op->o_req_dn.bv_val, op->ors_filterstr.bv_val, 0); - cb.sc_response = (slap_response *) translucent_search_cb; - cb.sc_private = private; - cb.sc_next = nop.o_callback; - nop.o_callback = &cb; + if(ov->defer_db_open) { + send_ldap_error(op, rs, LDAP_UNAVAILABLE, + "remote DB not available"); + return(rs->sr_err); + } - op->o_bd->be_private = ov->private; - rc = ov->info->bi_op_search(&nop, rs); - op->o_bd->be_private = private; + fr = ov->remote ? trans_filter_dup( op, op->ors_filter, ov->remote ) : NULL; + fl = ov->local ? trans_filter_dup( op, op->ors_filter, ov->local ) : NULL; + cb.sc_response = (slap_response *) translucent_search_cb; + cb.sc_private = &tc; + cb.sc_next = op->o_callback; + + ov->db.be_acl = op->o_bd->be_acl; + tc.db = op->o_bd; + tc.on = on; + tc.orig = op->ors_filter; + tc.list = NULL; + tc.step = 0; + fbv = op->ors_filterstr; + + op->o_callback = &cb; + + if ( fr || !fl ) { + op->o_bd = &ov->db; + tc.step |= RMT_SIDE; + if ( fl ) { + tc.step |= USE_LIST; + op->ors_filter = fr; + filter2bv_x( op, fr, &op->ors_filterstr ); + } + rc = ov->db.bd_info->bi_op_search(op, rs); + op->o_bd = tc.db; + if ( fl ) { + op->o_tmpfree( op->ors_filterstr.bv_val, op->o_tmpmemctx ); + } + } + if ( fl && !rc ) { + tc.step |= LCL_SIDE; + op->ors_filter = fl; + filter2bv_x( op, fl, &op->ors_filterstr ); + rc = overlay_op_walk( op, rs, op_search, on->on_info, on->on_next ); + op->o_tmpfree( op->ors_filterstr.bv_val, op->o_tmpmemctx ); + } + op->ors_filterstr = fbv; + op->ors_filter = tc.orig; + op->o_callback = cb.sc_next; + /* Send out anything remaining on the list and finish */ + if ( tc.step & USE_LIST ) { + if ( tc.list ) { + Avlnode *av; + + av = tavl_end( tc.list, TAVL_DIR_LEFT ); + while ( av ) { + rs->sr_entry = av->avl_data; + rc = test_filter( op, rs->sr_entry, op->ors_filter ); + if ( rc == LDAP_COMPARE_TRUE ) { + rs->sr_flags = REP_ENTRY_MUSTBEFREED; + rc = send_search_entry( op, rs ); + if ( rc ) break; + } else { + entry_free( rs->sr_entry ); + } + av = tavl_next( av, TAVL_DIR_RIGHT ); + } + tavl_free( tc.list, NULL ); + rs->sr_entry = NULL; + } + send_ldap_result( op, rs ); + } - return(rs->sr_err); + /* Free in reverse order */ + if ( fl ) + trans_filter_free( op, fl ); + if ( fr ) + trans_filter_free( op, fr ); + + return rc; } @@ -569,16 +1175,56 @@ static int translucent_search(Operation *op, SlapReply *rs) { static int translucent_bind(Operation *op, SlapReply *rs) { slap_overinst *on = (slap_overinst *) op->o_bd->bd_info; - overlay_stack *ov = on->on_bi.bi_private; - void *private = op->o_bd->be_private; - int rc = 0; + translucent_info *ov = on->on_bi.bi_private; + BackendDB *db; + slap_callback sc = { 0 }, *save_cb; + int rc; Debug(LDAP_DEBUG_TRACE, "translucent_bind: <%s> method %d\n", op->o_req_dn.bv_val, op->orb_method, 0); - op->o_bd->be_private = ov->private; - rc = ov->info->bi_op_bind(op, rs); - op->o_bd->be_private = private; + if(ov->defer_db_open) { + send_ldap_error(op, rs, LDAP_UNAVAILABLE, + "remote DB not available"); + return(rs->sr_err); + } + + if (ov->bind_local) { + sc.sc_response = slap_null_cb; + save_cb = op->o_callback; + op->o_callback = ≻ + } + + db = op->o_bd; + op->o_bd = &ov->db; + ov->db.be_acl = op->o_bd->be_acl; + rc = ov->db.bd_info->bi_op_bind(op, rs); + op->o_bd = db; + + if (ov->bind_local) { + op->o_callback = save_cb; + if (rc != LDAP_SUCCESS) { + rc = SLAP_CB_CONTINUE; + } + } + + return rc; +} + +/* +** translucent_connection_destroy() +** pass disconnect notification to captive backend; +** +*/ + +static int translucent_connection_destroy(BackendDB *be, Connection *conn) { + slap_overinst *on = (slap_overinst *) be->bd_info; + translucent_info *ov = on->on_bi.bi_private; + int rc = 0; + + Debug(LDAP_DEBUG_TRACE, "translucent_connection_destroy\n", 0, 0, 0); + + rc = ov->db.bd_info->bi_connection_destroy(&ov->db, conn); return(rc); } @@ -599,55 +1245,16 @@ static int translucent_db_config( ) { slap_overinst *on = (slap_overinst *) be->bd_info; - overlay_stack *ov = on->on_bi.bi_private; - void *private = be->be_private; - void *be_cf_ocs = be->be_cf_ocs; - int rc; + translucent_info *ov = on->on_bi.bi_private; - /* "this should never happen" */ - if(!ov->info) { - fprintf(stderr, "fatal: captive backend not initialized"); - return(1); - } - - be->be_private = ov->private; - be->be_cf_ocs = ov->info->bi_cf_ocs; - rc = ov->info->bi_db_config ? ov->info->bi_db_config(be, fname, lineno, argc, argv) : 0; - be->be_private = private; - be->be_cf_ocs = be_cf_ocs; - - /* pass okay or error up, SLAP_CONF_UNKNOWN might be ours */ - if(rc == 0 || rc == 1) return(rc); - - rc = 0; - if(!strcasecmp(*argv, "translucent_strict")) { - ov->config->strict++; - } else if(!strcasecmp(*argv, "translucent_no_add")) { - ov->config->no_add++; - } else if(!strcasecmp(*argv, "translucent_no_glue")) { - ov->config->glue++; - } else if(!strcasecmp(*argv, "translucent_debug")) { - if(argc == 1) { - ov->config->debug = 0xFFFF; - rc = 0; - } else if(argc == 2) { - if ( lutil_atoi( &ov->config->debug, argv[1]) != 0 ) { - fprintf(stderr, "%s: line %d: unable to parse debug \"%s\"\n", - fname, lineno, argv[1]); - return 1; - } - rc = 0; - } else { - fprintf(stderr, "%s: line %d: too many arguments (%d) to debug\n", - fname, lineno, argc); - rc = 1; - } - } else { - fprintf(stderr, "%s: line %d: unknown keyword %s\n", - fname, lineno, *argv); - rc = SLAP_CONF_UNKNOWN; - } - return(rc); + Debug(LDAP_DEBUG_TRACE, "==> translucent_db_config: %s\n", + argc ? argv[0] : "", 0, 0); + + /* Something for the captive database? */ + if ( ov->db.bd_info && ov->db.bd_info->bi_db_config ) + return ov->db.bd_info->bi_db_config( &ov->db, fname, lineno, + argc, argv ); + return SLAP_CONF_UNKNOWN; } /* @@ -656,36 +1263,26 @@ static int translucent_db_config( ** */ -static int translucent_db_init(BackendDB *be) { +static int translucent_db_init(BackendDB *be, ConfigReply *cr) { slap_overinst *on = (slap_overinst *) be->bd_info; - void *private = be->be_private; - overlay_stack *ov; - int rc; + translucent_info *ov; - Debug(LDAP_DEBUG_TRACE, "==> translucent_init\n", 0, 0, 0); + Debug(LDAP_DEBUG_TRACE, "==> translucent_db_init\n", 0, 0, 0); - ov = ch_calloc(1, sizeof(overlay_stack)); - ov->config = ch_calloc(1, sizeof(translucent_configuration)); - ov->info = backend_info("ldap"); + ov = ch_calloc(1, sizeof(translucent_info)); + on->on_bi.bi_private = ov; + ov->db = *be; + ov->db.be_private = NULL; + ov->defer_db_open = 1; - if(!ov->info) { - Debug(LDAP_DEBUG_ANY, "translucent: backend_info failed!\n", 0, 0, 0); - return(1); + if ( !backend_db_init( "ldap", &ov->db, -1, NULL )) { + Debug( LDAP_DEBUG_CONFIG, "translucent: unable to open captive back-ldap\n", 0, 0, 0); + return 1; } - - /* forcibly disable schema checking on the local backend */ SLAP_DBFLAGS(be) |= SLAP_DBFLAG_NO_SCHEMA_CHECK; + SLAP_DBFLAGS(be) |= SLAP_DBFLAG_NOLASTMOD; - be->be_private = NULL; - rc = ov->info->bi_db_init ? ov->info->bi_db_init(be) : 0; - - if(rc) Debug(LDAP_DEBUG_TRACE, - "translucent: bi_db_init() returned error %d\n", rc, 0, 0); - - ov->private = be->be_private; - be->be_private = private; - on->on_bi.bi_private = ov; - return(rc); + return 0; } /* @@ -694,23 +1291,23 @@ static int translucent_db_init(BackendDB *be) { ** */ -static int translucent_db_open(BackendDB *be) { +static int translucent_db_open(BackendDB *be, ConfigReply *cr) { slap_overinst *on = (slap_overinst *) be->bd_info; - overlay_stack *ov = on->on_bi.bi_private; - void *private = be->be_private; + translucent_info *ov = on->on_bi.bi_private; int rc; - /* "should never happen" */ - if(!ov->info) { - Debug(LDAP_DEBUG_ANY, "translucent_open() called with bad ov->info\n", 0, 0, 0); - return(LDAP_OTHER); - } + Debug(LDAP_DEBUG_TRACE, "==> translucent_db_open\n", 0, 0, 0); + + /* need to inherit something from the original database... */ + ov->db.be_def_limit = be->be_def_limit; + ov->db.be_limits = be->be_limits; + ov->db.be_acl = be->be_acl; + ov->db.be_dfltaccess = be->be_dfltaccess; - Debug(LDAP_DEBUG_TRACE, "translucent_open\n", 0, 0, 0); + if ( ov->defer_db_open ) + return 0; - be->be_private = ov->private; - rc = ov->info->bi_db_open ? ov->info->bi_db_open(be) : 0; - be->be_private = private; + rc = backend_startup_one( &ov->db, cr ); if(rc) Debug(LDAP_DEBUG_TRACE, "translucent: bi_db_open() returned error %d\n", rc, 0, 0); @@ -720,24 +1317,21 @@ static int translucent_db_open(BackendDB *be) { /* ** translucent_db_close() -** if the captive backend has a close() method, call it; -** free any config data; +** if the captive backend has a close() method, call it ** */ -static int translucent_db_close(BackendDB *be) { +static int +translucent_db_close( BackendDB *be, ConfigReply *cr ) +{ slap_overinst *on = (slap_overinst *) be->bd_info; - overlay_stack *ov = on->on_bi.bi_private; + translucent_info *ov = on->on_bi.bi_private; int rc = 0; - if ( ov ) { - void *private = be->be_private; + Debug(LDAP_DEBUG_TRACE, "==> translucent_db_close\n", 0, 0, 0); - be->be_private = ov->private; - rc = (ov->info && ov->info->bi_db_close) ? ov->info->bi_db_close(be) : 0; - be->be_private = private; - if(ov->config) ch_free(ov->config); - ov->config = NULL; + if ( ov && ov->db.bd_info && ov->db.bd_info->bi_db_close ) { + rc = ov->db.bd_info->bi_db_close(&ov->db, NULL); } return(rc); @@ -745,21 +1339,29 @@ static int translucent_db_close(BackendDB *be) { /* ** translucent_db_destroy() -** if the captive backend has a db_destroy() method, call it +** if the captive backend has a db_destroy() method, call it; +** free any config data ** */ -static int translucent_db_destroy(BackendDB *be) { +static int +translucent_db_destroy( BackendDB *be, ConfigReply *cr ) +{ slap_overinst *on = (slap_overinst *) be->bd_info; - overlay_stack *ov = on->on_bi.bi_private; + translucent_info *ov = on->on_bi.bi_private; int rc = 0; + Debug(LDAP_DEBUG_TRACE, "==> translucent_db_destroy\n", 0, 0, 0); + if ( ov ) { - void *private = be->be_private; + if ( ov->remote ) + anlist_free( ov->remote, 1, NULL ); + if ( ov->local ) + anlist_free( ov->local, 1, NULL ); + if ( ov->db.be_private != NULL ) { + backend_stopdown_one( &ov->db ); + } - be->be_private = ov->private; - rc = (ov->info && ov->info->bi_db_destroy) ? ov->info->bi_db_destroy(be) : 0; - be->be_private = private; ch_free(ov); on->on_bi.bi_private = NULL; } @@ -775,6 +1377,10 @@ static int translucent_db_destroy(BackendDB *be) { int translucent_initialize() { + int rc; + + Debug(LDAP_DEBUG_TRACE, "==> translucent_initialize\n", 0, 0, 0); + translucent.on_bi.bi_type = "translucent"; translucent.on_bi.bi_db_init = translucent_db_init; translucent.on_bi.bi_db_config = translucent_db_config; @@ -788,6 +1394,12 @@ int translucent_initialize() { translucent.on_bi.bi_op_delete = translucent_delete; translucent.on_bi.bi_op_search = translucent_search; translucent.on_bi.bi_op_compare = translucent_compare; + translucent.on_bi.bi_connection_destroy = translucent_connection_destroy; + translucent.on_bi.bi_extended = translucent_exop; + + translucent.on_bi.bi_cf_ocs = translucentocs; + rc = config_register_schema ( translucentcfg, translucentocs ); + if ( rc ) return rc; return(overlay_register(&translucent)); } @@ -799,4 +1411,3 @@ int init_module(int argc, char *argv[]) { #endif #endif /* SLAPD_OVER_TRANSLUCENT */ -