From cd8e154e4f8d1af93bc5cc8fb406523daea57592 Mon Sep 17 00:00:00 2001
From: Pierangelo Masarati <ando@openldap.org>
Date: Wed, 17 Mar 2004 22:37:59 +0000
Subject: [PATCH] works in most cases ...

---
 servers/slapd/back-relay/README             |  39 ++++++-
 servers/slapd/back-relay/back-relay.h       |   2 +-
 servers/slapd/back-relay/config.c           |  44 ++++----
 servers/slapd/back-relay/init.c             |  27 ++---
 servers/slapd/back-relay/op.c               | 110 ++++++++++----------
 servers/slapd/back-relay/proto-back-relay.h |   2 +-
 6 files changed, 115 insertions(+), 109 deletions(-)

diff --git a/servers/slapd/back-relay/README b/servers/slapd/back-relay/README
index 36f64e9582..81f152c53c 100644
--- a/servers/slapd/back-relay/README
+++ b/servers/slapd/back-relay/README
@@ -13,8 +13,7 @@ database.  This also causes the rewrite-remap overlay
 to be automatically instantiated.  If the optional keyword 
 "massage" is present, the rewrite-remap overlay is 
 automatically configured to map the virtual to the real 
-naming context and vice-versa; in this case, the "suffix" 
-directive must precede the "relay" directive.
+naming context and vice-versa.
 
 Otherwise, the rewrite-remap overlay must be explicitly
 instantiated, by using the "overlay" directive, as 
@@ -26,10 +25,30 @@ not bound to a single target database; on the contrary,
 the target database is selected on a per-operation basis.
 
 This allows, for instance, to relay one database for 
-authentication and anothe for search/modify, or allows
+authentication and anotheir for search/modify, or allows
 to use one target for persons and another for groups
 and so on.
 
+To summarize: the "relay" directive:
+- explicitly bounds the database to a single database 
+  holding the real naming context;
+- automatically instantiates the rewrite-remap overlay;
+- automatically configures the naming context massaging
+  if the optional "massage" keyword is added
+
+If the "relay" directive is not used, the rewrite-remap
+overlay must be explicitly instantiated and the massaging
+must be configured, either by using the "suffixmassage"
+directive, or by issuing more sophisticate rewrite 
+instructions.
+
+AttributeType/objectClass mapping must be explicitly
+required.
+
+Note that the rewrite-remap overlay is not complete nor 
+production- ready yet.
+Examples are given of all the suggested usages. 
+
 # automatically massage from virtual to real naming context
 database	relay
 suffix		"dc=virtual,dc=naming,dc=context"
@@ -38,6 +57,13 @@ relay		"dc=real,dc=naming,dc=context" massage
 # explicitly massage (same as above)
 database	relay
 suffix		"dc=virtual,dc=naming,dc=context"
+relay		"dc=real,dc=naming,dc=context"
+suffixmassage	"dc=virtual,dc=naming,dc=context" \
+			"dc=real,dc=naming,dc=context"
+
+# explicitly massage (same as above, but dynamic backend resolution)
+database	relay
+suffix		"dc=virtual,dc=naming,dc=context"
 overlay		rewrite-remap
 suffixmassage	"dc=virtual,dc=naming,dc=context" \
 			"dc=real,dc=naming,dc=context"
@@ -46,9 +72,12 @@ suffixmassage	"dc=virtual,dc=naming,dc=context" \
 # from virtual to real naming context, but not the reverse...
 database	relay
 suffix		"dc=virtual,dc=naming,dc=context"
-overlay		rewrite-remap
-rewriteEngine	on
+relay		"dc=real,dc=naming,dc=context"
 rewriteContext	default
 rewriteRule	"(.*)dc=virtual,dc=naming,dc=context$" \
 			"$1dc=real,dc=naming,dc=context"
+rewriteContext	searchFilter
+rewriteContext	searchResult
+rewriteContext	searchResultAttrDN
+rewriteContext	matchedDN
 
diff --git a/servers/slapd/back-relay/back-relay.h b/servers/slapd/back-relay/back-relay.h
index d62474ea33..9e447a7448 100644
--- a/servers/slapd/back-relay/back-relay.h
+++ b/servers/slapd/back-relay/back-relay.h
@@ -1,7 +1,7 @@
 /* back-relay.h - relay backend header file */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1999-2004 The OpenLDAP Foundation.
+ * Copyright 2004 The OpenLDAP Foundation.
  * Portions Copyright 2004 Pierangelo Masarati.
  * All rights reserved.
  *
diff --git a/servers/slapd/back-relay/config.c b/servers/slapd/back-relay/config.c
index f02a85e3a7..ba1d3da544 100644
--- a/servers/slapd/back-relay/config.c
+++ b/servers/slapd/back-relay/config.c
@@ -1,7 +1,7 @@
 /* config.c - relay backend configuration file routine */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2003-2004 The OpenLDAP Foundation.
+ * Copyright 2004 The OpenLDAP Foundation.
  * Portions Copyright 2004 Pierangelo Masarati.
  * All rights reserved.
  *
@@ -66,7 +66,8 @@ relay_back_db_config(
 		rc = dnPrettyNormal( NULL, &dn, &pdn, &ndn, NULL );
 		if ( rc != LDAP_SUCCESS ) {
 			fprintf( stderr, "%s: line %d: "
-					"relay dn \"%s\" is invalid\n",
+					"relay dn \"%s\" is invalid "
+					"in \"relay <dn> [massage]\" line\n",
 					fname, lineno, argv[ 1 ] );
 			return 1;
 		}
@@ -75,13 +76,15 @@ relay_back_db_config(
 		if ( bd == NULL ) {
 			fprintf( stderr, "%s: line %d: "
 					"cannot find database "
-					"of relay dn \"%s\"\n",
+					"of relay dn \"%s\" "
+					"in \"relay <dn> [massage]\" line\n",
 					fname, lineno, argv[ 1 ] );
 			return 1;
 
 		} else if ( bd == be ) {
 			fprintf( stderr, "%s: line %d: "
-					"relay dn \"%s\" would call self\n",
+					"relay dn \"%s\" would call self "
+					"in \"relay <dn> [massage]\" line\n",
 					fname, lineno, pdn.bv_val );
 			return 1;
 		}
@@ -91,24 +94,26 @@ relay_back_db_config(
 		if ( overlay_config( be, "rewrite-remap" ) ) {
 			fprintf( stderr, "%s: line %d: unable to install "
 					"rewrite-remap overlay "
-					"in back-relay\n",
+					"in back-relay "
+					"in \"relay <dn> [massage]\" line\n",
 					fname, lineno );
 			return 1;
 		}
 
-#if 0
-		{
+		if ( argc == 3 ) {
 			char	*cargv[ 4 ];
 
-			cargv[ 0 ] = "overlay";
-			cargv[ 1 ] = "rewrite-remap";
-			cargv[ 2 ] = NULL;
-
-			be->be_config( be, fname, lineno, 2, cargv ); 
+			if ( strcmp( argv[2], "massage" ) != 0 ) {
+				fprintf( stderr, "%s: line %d: "
+					"unknown directive \"%s\" "
+					"in \"relay <dn> [massage]\" line\n",
+					fname, lineno, argv[2] );
+				return 1;
+			}
 
 			cargv[ 0 ] = "suffixmassage";
 			cargv[ 1 ] = be->be_suffix[0].bv_val;
-			cargv[ 2 ] = ri->ri_bd->be_suffix[0].bv_val;
+			cargv[ 2 ] = pdn.bv_val;
 			cargv[ 3 ] = NULL;
 
 			if ( be->be_config( be, fname, lineno, 3, cargv ) ) {
@@ -116,18 +121,7 @@ relay_back_db_config(
 			}
 		}
 
-		if ( argc == 3 ) {
-			if ( strcmp( argv[2], "massage" ) ) {
-				fprintf( stderr, "%s: line %d: "
-					"unknown directive \"%s\" "
-					"in \"relay <dn> [massage]\" line\n",
-					fname, lineno, argv[2] );
-				return 1;
-			}
-
-			ri->ri_massage = 1;
-		}
-#endif
+		ch_free( pdn.bv_val );
 
 	/* anything else */
 	} else {
diff --git a/servers/slapd/back-relay/init.c b/servers/slapd/back-relay/init.c
index 66631c2e60..3122858fd6 100644
--- a/servers/slapd/back-relay/init.c
+++ b/servers/slapd/back-relay/init.c
@@ -1,7 +1,7 @@
 /* init.c - initialize relay backend */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2003-2004 The OpenLDAP Foundation.
+ * Copyright 2004 The OpenLDAP Foundation.
  * Portions Copyright 2004 Pierangelo Masarati.
  * All rights reserved.
  *
@@ -110,29 +110,10 @@ relay_back_db_open( Backend *be )
 
 	if ( ri->ri_realsuffix.bv_val != NULL ) {
 		ri->ri_bd = select_backend( &ri->ri_realsuffix, 0, 1 );
+		/* must be there: it was during config! */
 		assert( ri->ri_bd );
 	}
 
-#if 0
-	if ( ri->ri_massage ) {
-		char	*argv[ 4 ];
-
-		if ( be->be_suffix[0].bv_val == NULL ) {
-			fprintf( stderr, "suffix must be defined to require suffix massage\n" );
-			return 1;
-		}
-
-		argv[ 0 ] = "suffixmassage";
-		argv[ 1 ] = be->be_suffix[0].bv_val;
-		argv[ 2 ] = ri->ri_bd->be_suffix[0].bv_val;
-		argv[ 3 ] = NULL;
-
-		if ( be->be_config( be, "back-relay", 1, 3, argv ) ) {
-			return 1;
-		}
-	}
-#endif
-
 	return 0;
 }
 
@@ -148,8 +129,12 @@ relay_back_db_destroy( Backend *be )
 	relay_back_info		*ri = (relay_back_info *)be->be_private;
 
 	if ( ri ) {
+		if ( ri->ri_realsuffix.bv_val ) {
+			ch_free( ri->ri_realsuffix.bv_val );
+		}
 		ch_free( ri );
 	}
 
 	return 0;
 }
+
diff --git a/servers/slapd/back-relay/op.c b/servers/slapd/back-relay/op.c
index 868c381033..d2137d339c 100644
--- a/servers/slapd/back-relay/op.c
+++ b/servers/slapd/back-relay/op.c
@@ -1,7 +1,7 @@
 /* op.c - relay backend operations */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2003-2004 The OpenLDAP Foundation.
+ * Copyright 2004 The OpenLDAP Foundation.
  * Portions Copyright 2004 Pierangelo Masarati.
  * All rights reserved.
  *
@@ -37,6 +37,16 @@ relay_back_swap_bd( struct slap_op *op, struct slap_rep *rs )
 	return SLAP_CB_CONTINUE;
 }
 
+static void
+relay_back_add_cb( slap_callback *cb, struct slap_op *op )
+{
+		cb->sc_next = op->o_callback;
+		cb->sc_response = relay_back_swap_bd;
+		cb->sc_cleanup = relay_back_swap_bd;
+		cb->sc_private = op->o_bd;
+		op->o_callback = cb;
+}
+
 static BackendDB *
 relay_back_select_backend( struct slap_op *op, struct slap_rep *rs, int err )
 {
@@ -95,11 +105,16 @@ relay_back_op_bind( struct slap_op *op, struct slap_rep *rs )
 
 	if ( bd->be_bind ) {
 		BackendDB	*be = op->o_bd;
+		slap_callback	cb;
+
+		relay_back_add_cb( &cb, op );
 
 		op->o_bd = bd;
 		rc = ( bd->be_bind )( op, rs );
 		op->o_bd = be;
 
+		op->o_callback = op->o_callback->sc_next;
+
 	} else {
 		send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM,
 				"operation not supported "
@@ -125,15 +140,13 @@ relay_back_op_unbind( struct slap_op *op, struct slap_rep *rs )
 		BackendDB	*be = op->o_bd;
 		slap_callback	cb;
 
-		cb.sc_next = op->o_callback;
-		cb.sc_response = relay_back_swap_bd;
-		cb.sc_cleanup = relay_back_swap_bd;
-		cb.sc_private = op->o_bd;
-		op->o_callback = &cb;
+		relay_back_add_cb( &cb, op );
 
 		op->o_bd = bd;
 		rc = ( bd->be_unbind )( op, rs );
 		op->o_bd = be;
+
+		op->o_callback = op->o_callback->sc_next;
 	}
 
 	return 0;
@@ -155,16 +168,14 @@ relay_back_op_search( struct slap_op *op, struct slap_rep *rs )
 		BackendDB	*be = op->o_bd;
 		slap_callback	cb;
 
-		cb.sc_next = op->o_callback;
-		cb.sc_response = relay_back_swap_bd;
-		cb.sc_cleanup = relay_back_swap_bd;
-		cb.sc_private = op->o_bd;
-		op->o_callback = &cb;
+		relay_back_add_cb( &cb, op );
 
 		op->o_bd = bd;
 		rc = ( bd->be_search )( op, rs );
 		op->o_bd = be;
 
+		op->o_callback = op->o_callback->sc_next;
+
 	} else {
 		send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM,
 				"operation not supported "
@@ -190,16 +201,14 @@ relay_back_op_compare( struct slap_op *op, struct slap_rep *rs )
 		BackendDB	*be = op->o_bd;
 		slap_callback	cb;
 
-		cb.sc_next = op->o_callback;
-		cb.sc_response = relay_back_swap_bd;
-		cb.sc_cleanup = relay_back_swap_bd;
-		cb.sc_private = op->o_bd;
-		op->o_callback = &cb;
+		relay_back_add_cb( &cb, op );
 
 		op->o_bd = bd;
 		rc = ( bd->be_compare )( op, rs );
 		op->o_bd = be;
 
+		op->o_callback = op->o_callback->sc_next;
+
 	} else {
 		send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM,
 				"operation not supported "
@@ -225,16 +234,14 @@ relay_back_op_modify( struct slap_op *op, struct slap_rep *rs )
 		BackendDB	*be = op->o_bd;
 		slap_callback	cb;
 
-		cb.sc_next = op->o_callback;
-		cb.sc_response = relay_back_swap_bd;
-		cb.sc_cleanup = relay_back_swap_bd;
-		cb.sc_private = op->o_bd;
-		op->o_callback = &cb;
+		relay_back_add_cb( &cb, op );
 
 		op->o_bd = bd;
 		rc = ( bd->be_modify )( op, rs );
 		op->o_bd = be;
 
+		op->o_callback = op->o_callback->sc_next;
+
 	} else {
 		send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM,
 				"operation not supported "
@@ -260,16 +267,14 @@ relay_back_op_modrdn( struct slap_op *op, struct slap_rep *rs )
 		BackendDB	*be = op->o_bd;
 		slap_callback	cb;
 
-		cb.sc_next = op->o_callback;
-		cb.sc_response = relay_back_swap_bd;
-		cb.sc_cleanup = relay_back_swap_bd;
-		cb.sc_private = op->o_bd;
-		op->o_callback = &cb;
+		relay_back_add_cb( &cb, op );
 
 		op->o_bd = bd;
 		rc = ( bd->be_modrdn )( op, rs );
 		op->o_bd = be;
 
+		op->o_callback = op->o_callback->sc_next;
+
 	} else {
 		send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM,
 				"operation not supported "
@@ -295,16 +300,14 @@ relay_back_op_add( struct slap_op *op, struct slap_rep *rs )
 		BackendDB	*be = op->o_bd;
 		slap_callback	cb;
 
-		cb.sc_next = op->o_callback;
-		cb.sc_response = relay_back_swap_bd;
-		cb.sc_cleanup = relay_back_swap_bd;
-		cb.sc_private = op->o_bd;
-		op->o_callback = &cb;
+		relay_back_add_cb( &cb, op );
 
 		op->o_bd = bd;
 		rc = ( bd->be_add )( op, rs );
 		op->o_bd = be;
 
+		op->o_callback = op->o_callback->sc_next;
+
 	} else {
 		send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM,
 				"operation not supported "
@@ -330,15 +333,13 @@ relay_back_op_delete( struct slap_op *op, struct slap_rep *rs )
 		BackendDB	*be = op->o_bd;
 		slap_callback	cb;
 
-		cb.sc_next = op->o_callback;
-		cb.sc_response = relay_back_swap_bd;
-		cb.sc_cleanup = relay_back_swap_bd;
-		cb.sc_private = op->o_bd;
-		op->o_callback = &cb;
+		relay_back_add_cb( &cb, op );
 
 		op->o_bd = bd;
 		rc = ( bd->be_delete )( op, rs );
 		op->o_bd = be;
+
+		op->o_callback = op->o_callback->sc_next;
 	}
 
 	return rc;
@@ -360,16 +361,14 @@ relay_back_op_abandon( struct slap_op *op, struct slap_rep *rs )
 		BackendDB	*be = op->o_bd;
 		slap_callback	cb;
 
-		cb.sc_next = op->o_callback;
-		cb.sc_response = relay_back_swap_bd;
-		cb.sc_cleanup = relay_back_swap_bd;
-		cb.sc_private = op->o_bd;
-		op->o_callback = &cb;
+		relay_back_add_cb( &cb, op );
 
 		op->o_bd = bd;
 		rc = ( bd->be_abandon )( op, rs );
 		op->o_bd = be;
 
+		op->o_callback = op->o_callback->sc_next;
+
 	} else {
 		send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM,
 				"operation not supported "
@@ -395,16 +394,14 @@ relay_back_op_cancel( struct slap_op *op, struct slap_rep *rs )
 		BackendDB	*be = op->o_bd;
 		slap_callback	cb;
 
-		cb.sc_next = op->o_callback;
-		cb.sc_response = relay_back_swap_bd;
-		cb.sc_cleanup = relay_back_swap_bd;
-		cb.sc_private = op->o_bd;
-		op->o_callback = &cb;
+		relay_back_add_cb( &cb, op );
 
 		op->o_bd = bd;
 		rc = ( bd->be_cancel )( op, rs );
 		op->o_bd = be;
 
+		op->o_callback = op->o_callback->sc_next;
+
 	} else {
 		send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM,
 				"operation not supported "
@@ -430,16 +427,14 @@ relay_back_op_extended( struct slap_op *op, struct slap_rep *rs )
 		BackendDB	*be = op->o_bd;
 		slap_callback	cb;
 
-		cb.sc_next = op->o_callback;
-		cb.sc_response = relay_back_swap_bd;
-		cb.sc_cleanup = relay_back_swap_bd;
-		cb.sc_private = op->o_bd;
-		op->o_callback = &cb;
+		relay_back_add_cb( &cb, op );
 
 		op->o_bd = bd;
 		rc = ( bd->be_extended )( op, rs );
 		op->o_bd = be;
 
+		op->o_callback = op->o_callback->sc_next;
+
 	} else {
 		send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM,
 				"operation not supported "
@@ -520,15 +515,13 @@ relay_back_chk_referrals( struct slap_op *op, struct slap_rep *rs )
 		BackendDB	*be = op->o_bd;
 		slap_callback	cb;
 
-		cb.sc_next = op->o_callback;
-		cb.sc_response = relay_back_swap_bd;
-		cb.sc_cleanup = relay_back_swap_bd;
-		cb.sc_private = op->o_bd;
-		op->o_callback = &cb;
+		relay_back_add_cb( &cb, op );
 
 		op->o_bd = bd;
 		rc = ( bd->be_chk_referrals )( op, rs );
 		op->o_bd = be;
+
+		op->o_callback = op->o_callback->sc_next;
 	}
 
 	return rc;
@@ -553,10 +546,15 @@ relay_back_operational( struct slap_op *op, struct slap_rep *rs,
 
 	if ( bd->be_operational ) {
 		BackendDB	*be = op->o_bd;
+		slap_callback	cb;
+
+		relay_back_add_cb( &cb, op );
 
 		op->o_bd = bd;
 		rc = ( bd->be_operational )( op, rs, opattrs, ap );
 		op->o_bd = be;
+
+		op->o_callback = op->o_callback->sc_next;
 	}
 
 	return rc;
diff --git a/servers/slapd/back-relay/proto-back-relay.h b/servers/slapd/back-relay/proto-back-relay.h
index 3fd023e12b..afaba21bf1 100644
--- a/servers/slapd/back-relay/proto-back-relay.h
+++ b/servers/slapd/back-relay/proto-back-relay.h
@@ -1,6 +1,6 @@
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2001-2004 The OpenLDAP Foundation.
+ * Copyright 2004 The OpenLDAP Foundation.
  * Portions Copyright 2004 Pierangelo Masarati.
  * All rights reserved.
  *
-- 
2.39.5