1 /* $NetBSD: translucent.c,v 1.3 2021/08/14 16:15:02 christos Exp $ */
2
3 /* translucent.c - translucent proxy module */
4 /* $OpenLDAP$ */
5 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
6 *
7 * Copyright 2004-2021 The OpenLDAP Foundation.
8 * Portions Copyright 2005 Symas Corporation.
9 * All rights reserved.
10 *
11 * Redistribution and use in source and binary forms, with or without
12 * modification, are permitted only as authorized by the OpenLDAP
13 * Public License.
14 *
15 * A copy of this license is available in the file LICENSE in the
16 * top-level directory of the distribution or, alternatively, at
17 * <http://www.OpenLDAP.org/license.html>.
18 */
19 /* ACKNOWLEDGEMENTS:
20 * This work was initially developed by Symas Corp. for inclusion in
21 * OpenLDAP Software. This work was sponsored by Hewlett-Packard.
22 */
23
24 #include <sys/cdefs.h>
25 __RCSID("$NetBSD: translucent.c,v 1.3 2021/08/14 16:15:02 christos Exp $");
26
27 #include "portable.h"
28
29 #ifdef SLAPD_OVER_TRANSLUCENT
30
31 #include <stdio.h>
32
33 #include <ac/string.h>
34 #include <ac/socket.h>
35
36 #include "slap.h"
37 #include "lutil.h"
38
39 #include "slap-config.h"
40
41 /* config block */
42 typedef struct translucent_info {
43 BackendDB db; /* captive backend */
44 AttributeName *local; /* valid attrs for local filters */
45 AttributeName *remote; /* valid attrs for remote filters */
46 int strict;
47 int no_glue;
48 int defer_db_open;
49 int bind_local;
50 int pwmod_local;
51 } translucent_info;
52
53 static ConfigLDAPadd translucent_ldadd;
54 static ConfigCfAdd translucent_cfadd;
55
56 static ConfigDriver translucent_cf_gen;
57
58 enum {
59 TRANS_LOCAL = 1,
60 TRANS_REMOTE
61 };
62
63 static ConfigTable translucentcfg[] = {
64 { "translucent_strict", "on|off", 1, 2, 0,
65 ARG_ON_OFF|ARG_OFFSET,
66 (void *)offsetof(translucent_info, strict),
67 "( OLcfgOvAt:14.1 NAME 'olcTranslucentStrict' "
68 "DESC 'Reveal attribute deletion constraint violations' "
69 "EQUALITY booleanMatch "
70 "SYNTAX OMsBoolean SINGLE-VALUE )", NULL, NULL },
71 { "translucent_no_glue", "on|off", 1, 2, 0,
72 ARG_ON_OFF|ARG_OFFSET,
73 (void *)offsetof(translucent_info, no_glue),
74 "( OLcfgOvAt:14.2 NAME 'olcTranslucentNoGlue' "
75 "DESC 'Disable automatic glue records for ADD and MODRDN' "
76 "EQUALITY booleanMatch "
77 "SYNTAX OMsBoolean SINGLE-VALUE )", NULL, NULL },
78 { "translucent_local", "attr[,attr...]", 1, 2, 0,
79 ARG_MAGIC|TRANS_LOCAL,
80 translucent_cf_gen,
81 "( OLcfgOvAt:14.3 NAME 'olcTranslucentLocal' "
82 "DESC 'Attributes to use in local search filter' "
83 "EQUALITY caseIgnoreMatch "
84 "SYNTAX OMsDirectoryString )", NULL, NULL },
85 { "translucent_remote", "attr[,attr...]", 1, 2, 0,
86 ARG_MAGIC|TRANS_REMOTE,
87 translucent_cf_gen,
88 "( OLcfgOvAt:14.4 NAME 'olcTranslucentRemote' "
89 "DESC 'Attributes to use in remote search filter' "
90 "EQUALITY caseIgnoreMatch "
91 "SYNTAX OMsDirectoryString )", NULL, NULL },
92 { "translucent_bind_local", "on|off", 1, 2, 0,
93 ARG_ON_OFF|ARG_OFFSET,
94 (void *)offsetof(translucent_info, bind_local),
95 "( OLcfgOvAt:14.5 NAME 'olcTranslucentBindLocal' "
96 "DESC 'Enable local bind' "
97 "EQUALITY booleanMatch "
98 "SYNTAX OMsBoolean SINGLE-VALUE)", NULL, NULL },
99 { "translucent_pwmod_local", "on|off", 1, 2, 0,
100 ARG_ON_OFF|ARG_OFFSET,
101 (void *)offsetof(translucent_info, pwmod_local),
102 "( OLcfgOvAt:14.6 NAME 'olcTranslucentPwModLocal' "
103 "DESC 'Enable local RFC 3062 Password Modify extended operation' "
104 "EQUALITY booleanMatch "
105 "SYNTAX OMsBoolean SINGLE-VALUE)", NULL, NULL },
106 { NULL, NULL, 0, 0, 0, ARG_IGNORED }
107 };
108
109 static ConfigOCs translucentocs[] = {
110 { "( OLcfgOvOc:14.1 "
111 "NAME 'olcTranslucentConfig' "
112 "DESC 'Translucent configuration' "
113 "SUP olcOverlayConfig "
114 "MAY ( olcTranslucentStrict $ olcTranslucentNoGlue $"
115 " olcTranslucentLocal $ olcTranslucentRemote $"
116 " olcTranslucentBindLocal $ olcTranslucentPwModLocal ) )",
117 Cft_Overlay, translucentcfg, NULL, translucent_cfadd },
118 { "( OLcfgOvOc:14.2 "
119 "NAME 'olcTranslucentDatabase' "
120 "DESC 'Translucent target database configuration' "
121 /* co_table is initialized in translucent_initialize() */
122 "AUXILIARY )", Cft_Misc, NULL, translucent_ldadd },
123 { NULL, 0, NULL }
124 };
125 /* for translucent_init() */
126
127 static int
translucent_ldadd_cleanup(ConfigArgs * ca)128 translucent_ldadd_cleanup( ConfigArgs *ca )
129 {
130 slap_overinst *on = ca->ca_private;
131 translucent_info *ov = on->on_bi.bi_private;
132
133 ov->defer_db_open = 0;
134 return backend_startup_one( ca->be, &ca->reply );
135 }
136
137 static int
translucent_ldadd(CfEntryInfo * cei,Entry * e,ConfigArgs * ca)138 translucent_ldadd( CfEntryInfo *cei, Entry *e, ConfigArgs *ca )
139 {
140 slap_overinst *on;
141 translucent_info *ov;
142
143 Debug(LDAP_DEBUG_TRACE, "==> translucent_ldadd\n" );
144
145 if ( cei->ce_type != Cft_Overlay || !cei->ce_bi ||
146 cei->ce_bi->bi_cf_ocs != translucentocs )
147 return LDAP_CONSTRAINT_VIOLATION;
148
149 on = (slap_overinst *)cei->ce_bi;
150 ov = on->on_bi.bi_private;
151 ca->be = &ov->db;
152 ca->ca_private = on;
153 if ( CONFIG_ONLINE_ADD( ca ))
154 config_push_cleanup( ca, translucent_ldadd_cleanup );
155 else
156 ov->defer_db_open = 0;
157
158 return LDAP_SUCCESS;
159 }
160
161 static int
translucent_cfadd(Operation * op,SlapReply * rs,Entry * e,ConfigArgs * ca)162 translucent_cfadd( Operation *op, SlapReply *rs, Entry *e, ConfigArgs *ca )
163 {
164 CfEntryInfo *cei = e->e_private;
165 slap_overinst *on = (slap_overinst *)cei->ce_bi;
166 translucent_info *ov = on->on_bi.bi_private;
167 struct berval bv;
168
169 Debug(LDAP_DEBUG_TRACE, "==> translucent_cfadd\n" );
170
171 /* FIXME: should not hardcode "olcDatabase" here */
172 bv.bv_len = snprintf( ca->cr_msg, sizeof( ca->cr_msg ),
173 "olcDatabase=" SLAP_X_ORDERED_FMT "%s",
174 0, ov->db.bd_info->bi_type );
175 if ( bv.bv_len >= sizeof( ca->cr_msg ) ) {
176 return -1;
177 }
178 bv.bv_val = ca->cr_msg;
179 ca->be = &ov->db;
180 ov->defer_db_open = 0;
181
182 /* We can only create this entry if the database is table-driven
183 */
184 if ( ov->db.bd_info->bi_cf_ocs )
185 config_build_entry( op, rs, cei, ca, &bv,
186 ov->db.bd_info->bi_cf_ocs,
187 &translucentocs[1] );
188
189 return 0;
190 }
191
192 static int
translucent_cf_gen(ConfigArgs * c)193 translucent_cf_gen( ConfigArgs *c )
194 {
195 slap_overinst *on = (slap_overinst *)c->bi;
196 translucent_info *ov = on->on_bi.bi_private;
197 AttributeName **an, *a2;
198 int i;
199
200 if ( c->type == TRANS_LOCAL )
201 an = &ov->local;
202 else
203 an = &ov->remote;
204
205 if ( c->op == SLAP_CONFIG_EMIT ) {
206 if ( !*an )
207 return 1;
208 for ( i = 0; !BER_BVISNULL(&(*an)[i].an_name); i++ ) {
209 value_add_one( &c->rvalue_vals, &(*an)[i].an_name );
210 }
211 return ( i < 1 );
212 } else if ( c->op == LDAP_MOD_DELETE ) {
213 if ( c->valx < 0 ) {
214 anlist_free( *an, 1, NULL );
215 *an = NULL;
216 } else {
217 i = c->valx;
218 ch_free( (*an)[i].an_name.bv_val );
219 do {
220 (*an)[i] = (*an)[i+1];
221 i++;
222 } while ( !BER_BVISNULL( &(*an)[i].an_name ));
223 }
224 return 0;
225 }
226 a2 = str2anlist( *an, c->argv[1], "," );
227 if ( !a2 ) {
228 snprintf( c->cr_msg, sizeof( c->cr_msg ), "%s unable to parse attribute %s",
229 c->argv[0], c->argv[1] );
230 Debug( LDAP_DEBUG_CONFIG|LDAP_DEBUG_NONE,
231 "%s: %s\n", c->log, c->cr_msg );
232 return ARG_BAD_CONF;
233 }
234 *an = a2;
235 return 0;
236 }
237
238 static slap_overinst translucent;
239
240 /*
241 ** glue_parent()
242 ** call syncrepl_add_glue() with the parent suffix;
243 **
244 */
245
246 static struct berval glue[] = { BER_BVC("top"), BER_BVC("glue"), BER_BVNULL };
247
glue_parent(Operation * op)248 void glue_parent(Operation *op) {
249 Operation nop = *op;
250 slap_overinst *on = (slap_overinst *) op->o_bd->bd_info;
251 struct berval ndn = BER_BVNULL;
252 Attribute *a;
253 Entry *e;
254 struct berval pdn;
255
256 dnParent( &op->o_req_ndn, &pdn );
257 ber_dupbv_x( &ndn, &pdn, op->o_tmpmemctx );
258
259 Debug(LDAP_DEBUG_TRACE, "=> glue_parent: fabricating glue for <%s>\n", ndn.bv_val );
260
261 e = entry_alloc();
262 e->e_id = NOID;
263 ber_dupbv(&e->e_name, &ndn);
264 ber_dupbv(&e->e_nname, &ndn);
265
266 a = attr_alloc( slap_schema.si_ad_objectClass );
267 a->a_numvals = 2;
268 a->a_vals = ch_malloc(sizeof(struct berval) * 3);
269 ber_dupbv(&a->a_vals[0], &glue[0]);
270 ber_dupbv(&a->a_vals[1], &glue[1]);
271 ber_dupbv(&a->a_vals[2], &glue[2]);
272 a->a_nvals = a->a_vals;
273 a->a_next = e->e_attrs;
274 e->e_attrs = a;
275
276 a = attr_alloc( slap_schema.si_ad_structuralObjectClass );
277 a->a_numvals = 1;
278 a->a_vals = ch_malloc(sizeof(struct berval) * 2);
279 ber_dupbv(&a->a_vals[0], &glue[1]);
280 ber_dupbv(&a->a_vals[1], &glue[2]);
281 a->a_nvals = a->a_vals;
282 a->a_next = e->e_attrs;
283 e->e_attrs = a;
284
285 nop.o_req_dn = ndn;
286 nop.o_req_ndn = ndn;
287 nop.ora_e = e;
288
289 nop.o_bd->bd_info = (BackendInfo *) on->on_info->oi_orig;
290 syncrepl_add_glue(&nop, e);
291 nop.o_bd->bd_info = (BackendInfo *) on;
292
293 op->o_tmpfree( ndn.bv_val, op->o_tmpmemctx );
294
295 return;
296 }
297
298 /*
299 ** free_attr_chain()
300 ** free only the Attribute*, not the contents;
301 **
302 */
free_attr_chain(Attribute * b)303 void free_attr_chain(Attribute *b) {
304 Attribute *a;
305 for(a=b; a; a=a->a_next) {
306 a->a_vals = NULL;
307 a->a_nvals = NULL;
308 }
309 attrs_free( b );
310 return;
311 }
312
313 /*
314 ** translucent_add()
315 ** if not bound as root, send ACCESS error;
316 ** if glue, glue_parent();
317 ** return CONTINUE;
318 **
319 */
320
translucent_add(Operation * op,SlapReply * rs)321 static int translucent_add(Operation *op, SlapReply *rs) {
322 slap_overinst *on = (slap_overinst *) op->o_bd->bd_info;
323 translucent_info *ov = on->on_bi.bi_private;
324 Debug(LDAP_DEBUG_TRACE, "==> translucent_add: %s\n",
325 op->o_req_dn.bv_val );
326 if(!be_isroot(op)) {
327 op->o_bd->bd_info = (BackendInfo *) on->on_info;
328 send_ldap_error(op, rs, LDAP_INSUFFICIENT_ACCESS,
329 "user modification of overlay database not permitted");
330 op->o_bd->bd_info = (BackendInfo *) on;
331 return(rs->sr_err);
332 }
333 if(!ov->no_glue) glue_parent(op);
334 return(SLAP_CB_CONTINUE);
335 }
336
337 /*
338 ** translucent_modrdn()
339 ** if not bound as root, send ACCESS error;
340 ** if !glue, glue_parent();
341 ** else return CONTINUE;
342 **
343 */
344
translucent_modrdn(Operation * op,SlapReply * rs)345 static int translucent_modrdn(Operation *op, SlapReply *rs) {
346 slap_overinst *on = (slap_overinst *) op->o_bd->bd_info;
347 translucent_info *ov = on->on_bi.bi_private;
348 Debug(LDAP_DEBUG_TRACE, "==> translucent_modrdn: %s -> %s\n",
349 op->o_req_dn.bv_val, op->orr_newrdn.bv_val );
350 if(!be_isroot(op)) {
351 op->o_bd->bd_info = (BackendInfo *) on->on_info;
352 send_ldap_error(op, rs, LDAP_INSUFFICIENT_ACCESS,
353 "user modification of overlay database not permitted");
354 op->o_bd->bd_info = (BackendInfo *) on;
355 return(rs->sr_err);
356 }
357 if(!ov->no_glue) {
358 op->o_tag = LDAP_REQ_ADD;
359 glue_parent(op);
360 op->o_tag = LDAP_REQ_MODRDN;
361 }
362 return(SLAP_CB_CONTINUE);
363 }
364
365 /*
366 ** translucent_delete()
367 ** if not bound as root, send ACCESS error;
368 ** else return CONTINUE;
369 **
370 */
371
translucent_delete(Operation * op,SlapReply * rs)372 static int translucent_delete(Operation *op, SlapReply *rs) {
373 slap_overinst *on = (slap_overinst *) op->o_bd->bd_info;
374 Debug(LDAP_DEBUG_TRACE, "==> translucent_delete: %s\n",
375 op->o_req_dn.bv_val );
376 if(!be_isroot(op)) {
377 op->o_bd->bd_info = (BackendInfo *) on->on_info;
378 send_ldap_error(op, rs, LDAP_INSUFFICIENT_ACCESS,
379 "user modification of overlay database not permitted");
380 op->o_bd->bd_info = (BackendInfo *) on;
381 return(rs->sr_err);
382 }
383 return(SLAP_CB_CONTINUE);
384 }
385
386 static int
translucent_tag_cb(Operation * op,SlapReply * rs)387 translucent_tag_cb( Operation *op, SlapReply *rs )
388 {
389 op->o_tag = LDAP_REQ_MODIFY;
390 op->orm_modlist = op->o_callback->sc_private;
391 rs->sr_tag = slap_req2res( op->o_tag );
392
393 return SLAP_CB_CONTINUE;
394 }
395
396 /*
397 ** translucent_modify()
398 ** modify in local backend if exists in both;
399 ** otherwise, add to local backend;
400 ** fail if not defined in captive backend;
401 **
402 */
403
translucent_modify(Operation * op,SlapReply * rs)404 static int translucent_modify(Operation *op, SlapReply *rs) {
405 SlapReply nrs = { REP_RESULT };
406
407 slap_overinst *on = (slap_overinst *) op->o_bd->bd_info;
408 translucent_info *ov = on->on_bi.bi_private;
409 Entry *e = NULL, *re = NULL;
410 Attribute *a, *ax;
411 Modifications *m, **mm;
412 BackendDB *db;
413 int del, rc, erc = 0;
414 slap_callback cb = { 0 };
415
416 Debug(LDAP_DEBUG_TRACE, "==> translucent_modify: %s\n",
417 op->o_req_dn.bv_val );
418
419 if(ov->defer_db_open) {
420 send_ldap_error(op, rs, LDAP_UNAVAILABLE,
421 "remote DB not available");
422 return(rs->sr_err);
423 }
424 /*
425 ** fetch entry from the captive backend;
426 ** if it did not exist, fail;
427 ** release it, if captive backend supports this;
428 **
429 */
430
431 db = op->o_bd;
432 op->o_bd = &ov->db;
433 ov->db.be_acl = op->o_bd->be_acl;
434 rc = ov->db.bd_info->bi_entry_get_rw(op, &op->o_req_ndn, NULL, NULL, 0, &re);
435 op->o_bd = db;
436 if(rc != LDAP_SUCCESS || re == NULL ) {
437 send_ldap_error((op), rs, LDAP_NO_SUCH_OBJECT,
438 "attempt to modify nonexistent local record");
439 return(rs->sr_err);
440 }
441 /*
442 ** fetch entry from local backend;
443 ** if it exists:
444 ** foreach Modification:
445 ** if attr not present in local:
446 ** if Mod == LDAP_MOD_DELETE:
447 ** if remote attr not present, return NO_SUCH;
448 ** if remote attr present, drop this Mod;
449 ** else force this Mod to LDAP_MOD_ADD;
450 ** return CONTINUE;
451 **
452 */
453
454 op->o_bd->bd_info = (BackendInfo *) on->on_info->oi_orig;
455 rc = be_entry_get_rw(op, &op->o_req_ndn, NULL, NULL, 0, &e);
456 op->o_bd->bd_info = (BackendInfo *) on;
457
458 if(e && rc == LDAP_SUCCESS) {
459 Debug(LDAP_DEBUG_TRACE, "=> translucent_modify: found local entry\n" );
460 for(mm = &op->orm_modlist; *mm; ) {
461 m = *mm;
462 for(a = e->e_attrs; a; a = a->a_next)
463 if(a->a_desc == m->sml_desc) break;
464 if(a) {
465 mm = &m->sml_next;
466 continue; /* found local attr */
467 }
468 if(m->sml_op == LDAP_MOD_DELETE) {
469 for(a = re->e_attrs; a; a = a->a_next)
470 if(a->a_desc == m->sml_desc) break;
471 /* not found remote attr */
472 if(!a) {
473 erc = LDAP_NO_SUCH_ATTRIBUTE;
474 goto release;
475 }
476 if(ov->strict) {
477 erc = LDAP_CONSTRAINT_VIOLATION;
478 goto release;
479 }
480 Debug(LDAP_DEBUG_TRACE,
481 "=> translucent_modify: silently dropping delete: %s\n",
482 m->sml_desc->ad_cname.bv_val );
483 *mm = m->sml_next;
484 m->sml_next = NULL;
485 slap_mods_free(m, 1);
486 continue;
487 }
488 m->sml_op = LDAP_MOD_ADD;
489 mm = &m->sml_next;
490 }
491 erc = SLAP_CB_CONTINUE;
492 release:
493 if(re) {
494 if(ov->db.bd_info->bi_entry_release_rw) {
495 op->o_bd = &ov->db;
496 ov->db.bd_info->bi_entry_release_rw(op, re, 0);
497 op->o_bd = db;
498 } else
499 entry_free(re);
500 }
501 op->o_bd->bd_info = (BackendInfo *) on->on_info->oi_orig;
502 be_entry_release_r(op, e);
503 op->o_bd->bd_info = (BackendInfo *) on;
504 if(erc == SLAP_CB_CONTINUE) {
505 return(erc);
506 } else if(erc) {
507 send_ldap_error(op, rs, erc,
508 "attempt to delete nonexistent attribute");
509 return(erc);
510 }
511 }
512
513 /* don't leak remote entry copy */
514 if(re) {
515 if(ov->db.bd_info->bi_entry_release_rw) {
516 op->o_bd = &ov->db;
517 ov->db.bd_info->bi_entry_release_rw(op, re, 0);
518 op->o_bd = db;
519 } else
520 entry_free(re);
521 }
522 /*
523 ** foreach Modification:
524 ** if MOD_ADD or MOD_REPLACE, add Attribute;
525 ** if no Modifications were suitable:
526 ** if strict, throw CONSTRAINT_VIOLATION;
527 ** else, return early SUCCESS;
528 ** fabricate Entry with new Attribute chain;
529 ** glue_parent() for this Entry;
530 ** call bi_op_add() in local backend;
531 **
532 */
533
534 Debug(LDAP_DEBUG_TRACE, "=> translucent_modify: fabricating local add\n" );
535 a = NULL;
536 for(del = 0, ax = NULL, m = op->orm_modlist; m; m = m->sml_next) {
537 Attribute atmp;
538 if(((m->sml_op & LDAP_MOD_OP) != LDAP_MOD_ADD) &&
539 ((m->sml_op & LDAP_MOD_OP) != LDAP_MOD_REPLACE)) {
540 Debug(LDAP_DEBUG_ANY,
541 "=> translucent_modify: silently dropped modification(%d): %s\n",
542 m->sml_op, m->sml_desc->ad_cname.bv_val );
543 if((m->sml_op & LDAP_MOD_OP) == LDAP_MOD_DELETE) del++;
544 continue;
545 }
546 atmp.a_desc = m->sml_desc;
547 atmp.a_vals = m->sml_values;
548 atmp.a_nvals = m->sml_nvalues ? m->sml_nvalues : atmp.a_vals;
549 atmp.a_numvals = m->sml_numvals;
550 atmp.a_flags = 0;
551 a = attr_dup( &atmp );
552 a->a_next = ax;
553 ax = a;
554 }
555
556 if(del && ov->strict) {
557 attrs_free( a );
558 send_ldap_error(op, rs, LDAP_CONSTRAINT_VIOLATION,
559 "attempt to delete attributes from local database");
560 return(rs->sr_err);
561 }
562
563 if(!ax) {
564 if(ov->strict) {
565 send_ldap_error(op, rs, LDAP_CONSTRAINT_VIOLATION,
566 "modification contained other than ADD or REPLACE");
567 return(rs->sr_err);
568 }
569 /* rs->sr_text = "no valid modification found"; */
570 rs->sr_err = LDAP_SUCCESS;
571 send_ldap_result(op, rs);
572 return(rs->sr_err);
573 }
574
575 e = entry_alloc();
576 ber_dupbv( &e->e_name, &op->o_req_dn );
577 ber_dupbv( &e->e_nname, &op->o_req_ndn );
578 e->e_attrs = a;
579
580 op->o_tag = LDAP_REQ_ADD;
581 cb.sc_response = translucent_tag_cb;
582 cb.sc_private = op->orm_modlist;
583 op->oq_add.rs_e = e;
584
585 glue_parent(op);
586
587 cb.sc_next = op->o_callback;
588 op->o_callback = &cb;
589 rc = on->on_info->oi_orig->bi_op_add(op, &nrs);
590 if ( op->ora_e == e )
591 entry_free( e );
592 op->o_callback = cb.sc_next;
593
594 return(rc);
595 }
596
translucent_compare(Operation * op,SlapReply * rs)597 static int translucent_compare(Operation *op, SlapReply *rs) {
598 slap_overinst *on = (slap_overinst *) op->o_bd->bd_info;
599 translucent_info *ov = on->on_bi.bi_private;
600 AttributeAssertion *ava = op->orc_ava;
601 Entry *e = NULL;
602 BackendDB *db;
603 int rc;
604
605 Debug(LDAP_DEBUG_TRACE, "==> translucent_compare: <%s> %s:%s\n",
606 op->o_req_dn.bv_val, ava->aa_desc->ad_cname.bv_val, ava->aa_value.bv_val);
607
608 /*
609 ** if the local backend has an entry for this attribute:
610 ** CONTINUE and let it do the compare;
611 **
612 */
613 rc = overlay_entry_get_ov(op, &op->o_req_ndn, NULL, ava->aa_desc, 0, &e, on);
614 if(rc == LDAP_SUCCESS && e) {
615 overlay_entry_release_ov(op, e, 0, on);
616 return(SLAP_CB_CONTINUE);
617 }
618
619 if(ov->defer_db_open) {
620 send_ldap_error(op, rs, LDAP_UNAVAILABLE,
621 "remote DB not available");
622 return(rs->sr_err);
623 }
624 /*
625 ** call compare() in the captive backend;
626 ** return the result;
627 **
628 */
629 db = op->o_bd;
630 op->o_bd = &ov->db;
631 ov->db.be_acl = op->o_bd->be_acl;
632 rc = ov->db.bd_info->bi_op_compare(op, rs);
633 op->o_bd = db;
634
635 return(rc);
636 }
637
translucent_pwmod(Operation * op,SlapReply * rs)638 static int translucent_pwmod(Operation *op, SlapReply *rs) {
639 SlapReply nrs = { REP_RESULT };
640 Operation nop;
641
642 slap_overinst *on = (slap_overinst *) op->o_bd->bd_info;
643 translucent_info *ov = on->on_bi.bi_private;
644 Entry *e = NULL, *re = NULL;
645 BackendDB *db;
646 int rc = 0;
647 slap_callback cb = { 0 };
648
649 if (!ov->pwmod_local) {
650 rs->sr_err = LDAP_CONSTRAINT_VIOLATION,
651 rs->sr_text = "attempt to modify password in local database";
652 return rs->sr_err;
653 }
654
655 /*
656 ** fetch entry from the captive backend;
657 ** if it did not exist, fail;
658 ** release it, if captive backend supports this;
659 **
660 */
661 db = op->o_bd;
662 op->o_bd = &ov->db;
663 ov->db.be_acl = op->o_bd->be_acl;
664 rc = ov->db.bd_info->bi_entry_get_rw(op, &op->o_req_ndn, NULL, NULL, 0, &re);
665 if(rc != LDAP_SUCCESS || re == NULL ) {
666 send_ldap_error((op), rs, LDAP_NO_SUCH_OBJECT,
667 "attempt to modify nonexistent local record");
668 return(rs->sr_err);
669 }
670 op->o_bd = db;
671 /*
672 ** fetch entry from local backend;
673 ** if it exists:
674 ** return CONTINUE;
675 */
676
677 op->o_bd->bd_info = (BackendInfo *) on->on_info->oi_orig;
678 rc = be_entry_get_rw(op, &op->o_req_ndn, NULL, NULL, 0, &e);
679 op->o_bd->bd_info = (BackendInfo *) on;
680
681 if(e && rc == LDAP_SUCCESS) {
682 if(re) {
683 if(ov->db.bd_info->bi_entry_release_rw) {
684 op->o_bd = &ov->db;
685 ov->db.bd_info->bi_entry_release_rw(op, re, 0);
686 op->o_bd = db;
687 } else {
688 entry_free(re);
689 }
690 }
691 op->o_bd->bd_info = (BackendInfo *) on->on_info->oi_orig;
692 be_entry_release_r(op, e);
693 op->o_bd->bd_info = (BackendInfo *) on;
694 return SLAP_CB_CONTINUE;
695 }
696
697 /* don't leak remote entry copy */
698 if(re) {
699 if(ov->db.bd_info->bi_entry_release_rw) {
700 op->o_bd = &ov->db;
701 ov->db.bd_info->bi_entry_release_rw(op, re, 0);
702 op->o_bd = db;
703 } else {
704 entry_free(re);
705 }
706 }
707 /*
708 ** glue_parent() for this Entry;
709 ** call bi_op_add() in local backend;
710 **
711 */
712 e = entry_alloc();
713 ber_dupbv( &e->e_name, &op->o_req_dn );
714 ber_dupbv( &e->e_nname, &op->o_req_ndn );
715 e->e_attrs = NULL;
716
717 nop = *op;
718 nop.o_tag = LDAP_REQ_ADD;
719 cb.sc_response = slap_null_cb;
720 nop.oq_add.rs_e = e;
721
722 glue_parent(&nop);
723
724 nop.o_callback = &cb;
725 rc = on->on_info->oi_orig->bi_op_add(&nop, &nrs);
726 if ( nop.ora_e == e ) {
727 entry_free( e );
728 }
729
730 if ( rc == LDAP_SUCCESS ) {
731 return SLAP_CB_CONTINUE;
732 }
733
734 return rc;
735 }
736
translucent_exop(Operation * op,SlapReply * rs)737 static int translucent_exop(Operation *op, SlapReply *rs) {
738 slap_overinst *on = (slap_overinst *) op->o_bd->bd_info;
739 translucent_info *ov = on->on_bi.bi_private;
740 const struct berval bv_exop_pwmod = BER_BVC(LDAP_EXOP_MODIFY_PASSWD);
741
742 Debug(LDAP_DEBUG_TRACE, "==> translucent_exop: %s\n",
743 op->o_req_dn.bv_val );
744
745 if(ov->defer_db_open) {
746 send_ldap_error(op, rs, LDAP_UNAVAILABLE,
747 "remote DB not available");
748 return(rs->sr_err);
749 }
750
751 if ( bvmatch( &bv_exop_pwmod, &op->ore_reqoid ) ) {
752 return translucent_pwmod( op, rs );
753 }
754
755 return SLAP_CB_CONTINUE;
756 }
757
758 /*
759 ** translucent_search_cb()
760 ** merge local data with remote data
761 **
762 ** Four cases:
763 ** 1: remote search, no local filter
764 ** merge data and send immediately
765 ** 2: remote search, with local filter
766 ** merge data and save
767 ** 3: local search, no remote filter
768 ** merge data and send immediately
769 ** 4: local search, with remote filter
770 ** check list, merge, send, delete
771 */
772
773 #define RMT_SIDE 0
774 #define LCL_SIDE 1
775 #define USE_LIST 2
776
777 typedef struct trans_ctx {
778 BackendDB *db;
779 slap_overinst *on;
780 Filter *orig;
781 TAvlnode *list;
782 int step;
783 int slimit;
784 AttributeName *attrs;
785 } trans_ctx;
786
translucent_search_cb(Operation * op,SlapReply * rs)787 static int translucent_search_cb(Operation *op, SlapReply *rs) {
788 trans_ctx *tc;
789 BackendDB *db;
790 slap_overinst *on;
791 translucent_info *ov;
792 Entry *le, *re;
793 Attribute *a, *ax, *an, *as = NULL;
794 int rc;
795 int test_f = 0;
796
797 tc = op->o_callback->sc_private;
798
799 /* Don't let the op complete while we're gathering data */
800 if ( rs->sr_type == REP_RESULT && ( tc->step & USE_LIST ))
801 return 0;
802
803 if(rs->sr_type != REP_SEARCH || !rs->sr_entry)
804 return(SLAP_CB_CONTINUE);
805
806 Debug(LDAP_DEBUG_TRACE, "==> translucent_search_cb: %s\n",
807 rs->sr_entry->e_name.bv_val );
808
809 op->ors_slimit = tc->slimit + ( tc->slimit > 0 ? 1 : 0 );
810 if ( op->ors_attrs == slap_anlist_all_attributes ) {
811 op->ors_attrs = tc->attrs;
812 rs->sr_attrs = tc->attrs;
813 rs->sr_attr_flags = slap_attr_flags( rs->sr_attrs );
814 }
815
816 on = tc->on;
817 ov = on->on_bi.bi_private;
818
819 db = op->o_bd;
820 re = NULL;
821
822 /* If we have local, get remote */
823 if ( tc->step & LCL_SIDE ) {
824 le = rs->sr_entry;
825 /* If entry is already on list, use it */
826 if ( tc->step & USE_LIST ) {
827 re = ldap_tavl_delete( &tc->list, le, entry_dn_cmp );
828 if ( re ) {
829 rs_flush_entry( op, rs, on );
830 rc = test_filter( op, re, tc->orig );
831 if ( rc == LDAP_COMPARE_TRUE ) {
832 rs->sr_flags |= REP_ENTRY_MUSTBEFREED;
833 rs->sr_entry = re;
834
835 if ( tc->slimit >= 0 && rs->sr_nentries >= tc->slimit ) {
836 return LDAP_SIZELIMIT_EXCEEDED;
837 }
838
839 return SLAP_CB_CONTINUE;
840 } else {
841 entry_free( re );
842 rs->sr_entry = NULL;
843 return 0;
844 }
845 }
846 }
847 op->o_bd = &ov->db;
848 rc = be_entry_get_rw( op, &rs->sr_entry->e_nname, NULL, NULL, 0, &re );
849 if ( rc == LDAP_SUCCESS && re ) {
850 Entry *tmp = entry_dup( re );
851 be_entry_release_r( op, re );
852 re = tmp;
853 test_f = 1;
854 }
855 } else {
856 /* Else we have remote, get local */
857 op->o_bd = tc->db;
858 le = NULL;
859 rc = overlay_entry_get_ov(op, &rs->sr_entry->e_nname, NULL, NULL, 0, &le, on);
860 if ( rc == LDAP_SUCCESS && le ) {
861 re = entry_dup( rs->sr_entry );
862 rs_flush_entry( op, rs, on );
863 } else {
864 le = NULL;
865 }
866 }
867
868 /*
869 ** if we got remote and local entry:
870 ** foreach local attr:
871 ** foreach remote attr:
872 ** if match, remote attr with local attr;
873 ** if new local, add to list;
874 ** append new local attrs to remote;
875 **
876 */
877
878 if ( re && le ) {
879 for(ax = le->e_attrs; ax; ax = ax->a_next) {
880 for(a = re->e_attrs; a; a = a->a_next) {
881 if(a->a_desc == ax->a_desc) {
882 test_f = 1;
883 if(a->a_vals != a->a_nvals)
884 ber_bvarray_free(a->a_nvals);
885 ber_bvarray_free(a->a_vals);
886 ber_bvarray_dup_x( &a->a_vals, ax->a_vals, NULL );
887 if ( ax->a_vals == ax->a_nvals ) {
888 a->a_nvals = a->a_vals;
889 } else {
890 ber_bvarray_dup_x( &a->a_nvals, ax->a_nvals, NULL );
891 }
892 break;
893 }
894 }
895 if(a) continue;
896 an = attr_dup(ax);
897 an->a_next = as;
898 as = an;
899 }
900 /* Dispose of local entry */
901 if ( tc->step & LCL_SIDE ) {
902 rs_flush_entry(op, rs, on);
903 } else {
904 overlay_entry_release_ov(op, le, 0, on);
905 }
906
907 /* literally append, so locals are always last */
908 if(as) {
909 if(re->e_attrs) {
910 for(ax = re->e_attrs; ax->a_next; ax = ax->a_next);
911 ax->a_next = as;
912 } else {
913 re->e_attrs = as;
914 }
915 }
916 /* If both filters, save entry for later */
917 if ( tc->step == (USE_LIST|RMT_SIDE) ) {
918 ldap_tavl_insert( &tc->list, re, entry_dn_cmp, ldap_avl_dup_error );
919 rs->sr_entry = NULL;
920 rc = 0;
921 } else {
922 /* send it now */
923 rs->sr_entry = re;
924 rs->sr_flags |= REP_ENTRY_MUSTBEFREED;
925 if ( test_f ) {
926 rc = test_filter( op, rs->sr_entry, tc->orig );
927 if ( rc == LDAP_COMPARE_TRUE ) {
928 rc = SLAP_CB_CONTINUE;
929 } else {
930 rc = 0;
931 }
932 } else {
933 rc = SLAP_CB_CONTINUE;
934 }
935 }
936 } else if ( le ) {
937 /* Only a local entry: remote was deleted
938 * Ought to delete the local too...
939 */
940 rc = 0;
941 } else if ( tc->step & USE_LIST ) {
942 /* Only a remote entry, but both filters:
943 * Test the complete filter
944 */
945 rc = test_filter( op, rs->sr_entry, tc->orig );
946 if ( rc == LDAP_COMPARE_TRUE ) {
947 rc = SLAP_CB_CONTINUE;
948 } else {
949 rc = 0;
950 }
951 } else {
952 /* Only a remote entry, only remote filter:
953 * just pass thru
954 */
955 rc = SLAP_CB_CONTINUE;
956 }
957
958 op->o_bd = db;
959
960 if ( rc == SLAP_CB_CONTINUE && tc->slimit >= 0 && rs->sr_nentries >= tc->slimit ) {
961 return LDAP_SIZELIMIT_EXCEEDED;
962 }
963
964 return rc;
965 }
966
967 /* Dup the filter, excluding invalid elements */
968 static Filter *
trans_filter_dup(Operation * op,Filter * f,AttributeName * an)969 trans_filter_dup(Operation *op, Filter *f, AttributeName *an)
970 {
971 Filter *n = NULL;
972
973 if ( !f )
974 return NULL;
975
976 switch( f->f_choice & SLAPD_FILTER_MASK ) {
977 case SLAPD_FILTER_COMPUTED:
978 n = op->o_tmpalloc( sizeof(Filter), op->o_tmpmemctx );
979 n->f_choice = f->f_choice;
980 n->f_result = f->f_result;
981 n->f_next = NULL;
982 break;
983
984 case LDAP_FILTER_PRESENT:
985 if ( ad_inlist( f->f_desc, an )) {
986 n = op->o_tmpalloc( sizeof(Filter), op->o_tmpmemctx );
987 n->f_choice = f->f_choice;
988 n->f_desc = f->f_desc;
989 n->f_next = NULL;
990 }
991 break;
992
993 case LDAP_FILTER_EQUALITY:
994 case LDAP_FILTER_GE:
995 case LDAP_FILTER_LE:
996 case LDAP_FILTER_APPROX:
997 case LDAP_FILTER_SUBSTRINGS:
998 case LDAP_FILTER_EXT:
999 if ( !f->f_av_desc || ad_inlist( f->f_av_desc, an )) {
1000 AttributeAssertion *nava;
1001
1002 n = op->o_tmpalloc( sizeof(Filter), op->o_tmpmemctx );
1003 n->f_choice = f->f_choice;
1004
1005 nava = op->o_tmpalloc( sizeof(AttributeAssertion), op->o_tmpmemctx );
1006 *nava = *f->f_ava;
1007 n->f_ava = nava;
1008
1009 ber_dupbv_x( &n->f_av_value, &f->f_av_value, op->o_tmpmemctx );
1010 n->f_next = NULL;
1011 }
1012 break;
1013
1014 case LDAP_FILTER_AND:
1015 case LDAP_FILTER_OR:
1016 case LDAP_FILTER_NOT: {
1017 Filter **p;
1018
1019 n = op->o_tmpalloc( sizeof(Filter), op->o_tmpmemctx );
1020 n->f_choice = f->f_choice;
1021 n->f_next = NULL;
1022
1023 for ( p = &n->f_list, f = f->f_list; f; f = f->f_next ) {
1024 *p = trans_filter_dup( op, f, an );
1025 if ( !*p )
1026 continue;
1027 p = &(*p)->f_next;
1028 }
1029 /* nothing valid in this list */
1030 if ( !n->f_list ) {
1031 op->o_tmpfree( n, op->o_tmpmemctx );
1032 return NULL;
1033 }
1034 /* Only 1 element in this list */
1035 if ((n->f_choice & SLAPD_FILTER_MASK) != LDAP_FILTER_NOT &&
1036 !n->f_list->f_next ) {
1037 f = n->f_list;
1038 *n = *f;
1039 op->o_tmpfree( f, op->o_tmpmemctx );
1040 }
1041 break;
1042 }
1043 }
1044 return n;
1045 }
1046
1047 static void
trans_filter_free(Operation * op,Filter * f)1048 trans_filter_free( Operation *op, Filter *f )
1049 {
1050 Filter *n, *p, *next;
1051
1052 f->f_choice &= SLAPD_FILTER_MASK;
1053
1054 switch( f->f_choice ) {
1055 case LDAP_FILTER_AND:
1056 case LDAP_FILTER_OR:
1057 case LDAP_FILTER_NOT:
1058 /* Free in reverse order */
1059 n = NULL;
1060 for ( p = f->f_list; p; p = next ) {
1061 next = p->f_next;
1062 p->f_next = n;
1063 n = p;
1064 }
1065 for ( p = n; p; p = next ) {
1066 next = p->f_next;
1067 trans_filter_free( op, p );
1068 }
1069 break;
1070 case LDAP_FILTER_EQUALITY:
1071 case LDAP_FILTER_GE:
1072 case LDAP_FILTER_LE:
1073 case LDAP_FILTER_APPROX:
1074 case LDAP_FILTER_SUBSTRINGS:
1075 case LDAP_FILTER_EXT:
1076 op->o_tmpfree( f->f_av_value.bv_val, op->o_tmpmemctx );
1077 op->o_tmpfree( f->f_ava, op->o_tmpmemctx );
1078 break;
1079 default:
1080 break;
1081 }
1082 op->o_tmpfree( f, op->o_tmpmemctx );
1083 }
1084
1085 static int
translucent_search_cleanup(Operation * op,SlapReply * rs)1086 translucent_search_cleanup( Operation *op, SlapReply *rs )
1087 {
1088 trans_ctx *tc = op->o_callback->sc_private;
1089
1090 op->ors_filter = tc->orig;
1091 return LDAP_SUCCESS;
1092 }
1093
1094 /*
1095 ** translucent_search()
1096 ** search via captive backend;
1097 ** override results with any local data;
1098 **
1099 */
1100
translucent_search(Operation * op,SlapReply * rs)1101 static int translucent_search(Operation *op, SlapReply *rs) {
1102 slap_overinst *on = (slap_overinst *) op->o_bd->bd_info;
1103 translucent_info *ov = on->on_bi.bi_private;
1104 slap_callback cb = { NULL, NULL, NULL, NULL };
1105 trans_ctx tc;
1106 Filter *fl, *fr;
1107 struct berval fbv;
1108 int rc = 0;
1109
1110 if ( op->o_managedsait > SLAP_CONTROL_IGNORED )
1111 return SLAP_CB_CONTINUE;
1112
1113 Debug(LDAP_DEBUG_TRACE, "==> translucent_search: <%s> %s\n",
1114 op->o_req_dn.bv_val, op->ors_filterstr.bv_val );
1115
1116 if(ov->defer_db_open) {
1117 send_ldap_error(op, rs, LDAP_UNAVAILABLE,
1118 "remote DB not available");
1119 return(rs->sr_err);
1120 }
1121
1122 fr = ov->remote ? trans_filter_dup( op, op->ors_filter, ov->remote ) : NULL;
1123 fl = ov->local ? trans_filter_dup( op, op->ors_filter, ov->local ) : NULL;
1124 cb.sc_response = (slap_response *) translucent_search_cb;
1125 cb.sc_cleanup = (slap_response *) translucent_search_cleanup;
1126 cb.sc_private = &tc;
1127
1128 ov->db.be_acl = op->o_bd->be_acl;
1129 tc.db = op->o_bd;
1130 tc.on = on;
1131 tc.orig = op->ors_filter;
1132 tc.list = NULL;
1133 tc.step = 0;
1134 tc.slimit = op->ors_slimit;
1135 tc.attrs = NULL;
1136 fbv = op->ors_filterstr;
1137
1138 if ( fr || !fl ) {
1139 Operation op2;
1140 Opheader oh;
1141
1142 op2 = *op;
1143 oh = *op->o_hdr;
1144 oh.oh_conn = op->o_conn;
1145 oh.oh_connid = op->o_connid;
1146 op2.o_bd = &ov->db;
1147 op2.o_hdr = &oh;
1148 op2.o_extra = op->o_extra;
1149 op2.o_callback = &cb;
1150
1151 tc.attrs = op->ors_attrs;
1152 op->ors_slimit = SLAP_NO_LIMIT;
1153 op->ors_attrs = slap_anlist_all_attributes;
1154 tc.step |= RMT_SIDE;
1155 if ( fl ) {
1156 tc.step |= USE_LIST;
1157 op->ors_filter = fr;
1158 filter2bv_x( op, fr, &op2.ors_filterstr );
1159 }
1160 rc = ov->db.bd_info->bi_op_search( &op2, rs );
1161 if ( op->ors_attrs == slap_anlist_all_attributes )
1162 op->ors_attrs = tc.attrs;
1163 if ( fl ) {
1164 op->o_tmpfree( op2.ors_filterstr.bv_val, op2.o_tmpmemctx );
1165 }
1166 }
1167
1168 cb.sc_next = op->o_callback;
1169 op->o_callback = &cb;
1170
1171 if ( fl && !rc ) {
1172 tc.step |= LCL_SIDE;
1173 op->ors_filter = fl;
1174 filter2bv_x( op, fl, &op->ors_filterstr );
1175 rc = overlay_op_walk( op, rs, op_search, on->on_info, on->on_next );
1176 op->o_tmpfree( op->ors_filterstr.bv_val, op->o_tmpmemctx );
1177 }
1178 op->ors_filterstr = fbv;
1179 op->o_callback = cb.sc_next;
1180 rs->sr_attrs = op->ors_attrs;
1181 rs->sr_attr_flags = slap_attr_flags( rs->sr_attrs );
1182
1183 /* Send out anything remaining on the list and finish */
1184 if ( tc.step & USE_LIST ) {
1185 if ( tc.list ) {
1186 TAvlnode *av;
1187
1188 av = ldap_tavl_end( tc.list, TAVL_DIR_LEFT );
1189 while ( av ) {
1190 rs->sr_entry = av->avl_data;
1191 if ( rc == LDAP_SUCCESS && LDAP_COMPARE_TRUE ==
1192 test_filter( op, rs->sr_entry, op->ors_filter ))
1193 {
1194 rs->sr_flags = REP_ENTRY_MUSTBEFREED;
1195 rc = send_search_entry( op, rs );
1196 } else {
1197 entry_free( rs->sr_entry );
1198 }
1199 av = ldap_tavl_next( av, TAVL_DIR_RIGHT );
1200 }
1201 ldap_tavl_free( tc.list, NULL );
1202 rs->sr_flags = 0;
1203 rs->sr_entry = NULL;
1204 }
1205 send_ldap_result( op, rs );
1206 }
1207
1208 op->ors_slimit = tc.slimit;
1209
1210 /* Free in reverse order */
1211 if ( fl )
1212 trans_filter_free( op, fl );
1213 if ( fr )
1214 trans_filter_free( op, fr );
1215
1216 return rc;
1217 }
1218
1219
1220 /*
1221 ** translucent_bind()
1222 ** pass bind request to captive backend;
1223 **
1224 */
1225
translucent_bind(Operation * op,SlapReply * rs)1226 static int translucent_bind(Operation *op, SlapReply *rs) {
1227 slap_overinst *on = (slap_overinst *) op->o_bd->bd_info;
1228 translucent_info *ov = on->on_bi.bi_private;
1229 BackendDB *db;
1230 slap_callback sc = { 0 }, *save_cb;
1231 int rc;
1232
1233 Debug(LDAP_DEBUG_TRACE, "translucent_bind: <%s> method %d\n",
1234 op->o_req_dn.bv_val, op->orb_method );
1235
1236 if(ov->defer_db_open) {
1237 send_ldap_error(op, rs, LDAP_UNAVAILABLE,
1238 "remote DB not available");
1239 return(rs->sr_err);
1240 }
1241
1242 if (ov->bind_local) {
1243 sc.sc_response = slap_null_cb;
1244 save_cb = op->o_callback;
1245 op->o_callback = ≻
1246 }
1247
1248 db = op->o_bd;
1249 op->o_bd = &ov->db;
1250 ov->db.be_acl = op->o_bd->be_acl;
1251 rc = ov->db.bd_info->bi_op_bind(op, rs);
1252 op->o_bd = db;
1253
1254 if (ov->bind_local) {
1255 op->o_callback = save_cb;
1256 if (rc != LDAP_SUCCESS) {
1257 rc = SLAP_CB_CONTINUE;
1258 }
1259 }
1260
1261 return rc;
1262 }
1263
1264 /*
1265 ** translucent_connection_destroy()
1266 ** pass disconnect notification to captive backend;
1267 **
1268 */
1269
translucent_connection_destroy(BackendDB * be,Connection * conn)1270 static int translucent_connection_destroy(BackendDB *be, Connection *conn) {
1271 slap_overinst *on = (slap_overinst *) be->bd_info;
1272 translucent_info *ov = on->on_bi.bi_private;
1273 int rc = 0;
1274
1275 Debug(LDAP_DEBUG_TRACE, "translucent_connection_destroy\n" );
1276
1277 rc = ov->db.bd_info->bi_connection_destroy(&ov->db, conn);
1278
1279 return(rc);
1280 }
1281
1282 /*
1283 ** translucent_db_config()
1284 ** pass config directives to captive backend;
1285 ** parse unrecognized directives ourselves;
1286 **
1287 */
1288
translucent_db_config(BackendDB * be,const char * fname,int lineno,int argc,char ** argv)1289 static int translucent_db_config(
1290 BackendDB *be,
1291 const char *fname,
1292 int lineno,
1293 int argc,
1294 char **argv
1295 )
1296 {
1297 slap_overinst *on = (slap_overinst *) be->bd_info;
1298 translucent_info *ov = on->on_bi.bi_private;
1299
1300 Debug(LDAP_DEBUG_TRACE, "==> translucent_db_config: %s\n",
1301 argc ? argv[0] : "" );
1302
1303 /* Something for the captive database? */
1304 if ( ov->db.bd_info && ov->db.bd_info->bi_db_config )
1305 return ov->db.bd_info->bi_db_config( &ov->db, fname, lineno,
1306 argc, argv );
1307 return SLAP_CONF_UNKNOWN;
1308 }
1309
1310 /*
1311 ** translucent_db_init()
1312 ** initialize the captive backend;
1313 **
1314 */
1315
translucent_db_init(BackendDB * be,ConfigReply * cr)1316 static int translucent_db_init(BackendDB *be, ConfigReply *cr) {
1317 slap_overinst *on = (slap_overinst *) be->bd_info;
1318 translucent_info *ov;
1319
1320 Debug(LDAP_DEBUG_TRACE, "==> translucent_db_init\n" );
1321
1322 ov = ch_calloc(1, sizeof(translucent_info));
1323 on->on_bi.bi_private = ov;
1324 ov->db = *be;
1325 ov->db.be_private = NULL;
1326 ov->defer_db_open = 1;
1327
1328 if ( !backend_db_init( "ldap", &ov->db, -1, NULL )) {
1329 Debug( LDAP_DEBUG_CONFIG, "translucent: unable to open captive back-ldap\n" );
1330 return 1;
1331 }
1332 SLAP_DBFLAGS(be) |= SLAP_DBFLAG_NO_SCHEMA_CHECK;
1333 SLAP_DBFLAGS(be) |= SLAP_DBFLAG_NOLASTMOD;
1334
1335 return 0;
1336 }
1337
1338 /*
1339 ** translucent_db_open()
1340 ** if the captive backend has an open() method, call it;
1341 **
1342 */
1343
translucent_db_open(BackendDB * be,ConfigReply * cr)1344 static int translucent_db_open(BackendDB *be, ConfigReply *cr) {
1345 slap_overinst *on = (slap_overinst *) be->bd_info;
1346 translucent_info *ov = on->on_bi.bi_private;
1347 int rc;
1348
1349 Debug(LDAP_DEBUG_TRACE, "==> translucent_db_open\n" );
1350
1351 /* need to inherit something from the original database... */
1352 ov->db.be_def_limit = be->be_def_limit;
1353 ov->db.be_limits = be->be_limits;
1354 ov->db.be_acl = be->be_acl;
1355 ov->db.be_dfltaccess = be->be_dfltaccess;
1356
1357 if ( ov->defer_db_open )
1358 return 0;
1359
1360 rc = backend_startup_one( &ov->db, cr );
1361
1362 if(rc) Debug(LDAP_DEBUG_TRACE,
1363 "translucent: bi_db_open() returned error %d\n", rc );
1364
1365 return(rc);
1366 }
1367
1368 /*
1369 ** translucent_db_close()
1370 ** if the captive backend has a close() method, call it
1371 **
1372 */
1373
1374 static int
translucent_db_close(BackendDB * be,ConfigReply * cr)1375 translucent_db_close( BackendDB *be, ConfigReply *cr )
1376 {
1377 slap_overinst *on = (slap_overinst *) be->bd_info;
1378 translucent_info *ov = on->on_bi.bi_private;
1379 int rc = 0;
1380
1381 Debug(LDAP_DEBUG_TRACE, "==> translucent_db_close\n" );
1382
1383 if ( ov && ov->db.bd_info && ov->db.bd_info->bi_db_close ) {
1384 rc = ov->db.bd_info->bi_db_close(&ov->db, NULL);
1385 }
1386
1387 return(rc);
1388 }
1389
1390 /*
1391 ** translucent_db_destroy()
1392 ** if the captive backend has a db_destroy() method, call it;
1393 ** free any config data
1394 **
1395 */
1396
1397 static int
translucent_db_destroy(BackendDB * be,ConfigReply * cr)1398 translucent_db_destroy( BackendDB *be, ConfigReply *cr )
1399 {
1400 slap_overinst *on = (slap_overinst *) be->bd_info;
1401 translucent_info *ov = on->on_bi.bi_private;
1402 int rc = 0;
1403
1404 Debug(LDAP_DEBUG_TRACE, "==> translucent_db_destroy\n" );
1405
1406 if ( ov ) {
1407 if ( ov->remote )
1408 anlist_free( ov->remote, 1, NULL );
1409 if ( ov->local )
1410 anlist_free( ov->local, 1, NULL );
1411 if ( ov->db.be_private != NULL ) {
1412 backend_stopdown_one( &ov->db );
1413 }
1414
1415 ldap_pvt_thread_mutex_destroy( &ov->db.be_pcl_mutex );
1416 ch_free(ov);
1417 on->on_bi.bi_private = NULL;
1418 }
1419
1420 return(rc);
1421 }
1422
1423 /*
1424 ** translucent_initialize()
1425 ** initialize the slap_overinst with our entry points;
1426 **
1427 */
1428
translucent_initialize()1429 int translucent_initialize() {
1430
1431 int rc;
1432
1433 /* olcDatabaseDummy is defined in slapd, and Windows
1434 will not let us initialize a struct element with a data pointer
1435 from another library, so we have to initialize this element
1436 "by hand". */
1437 translucentocs[1].co_table = olcDatabaseDummy;
1438
1439 Debug(LDAP_DEBUG_TRACE, "==> translucent_initialize\n" );
1440
1441 translucent.on_bi.bi_type = "translucent";
1442 translucent.on_bi.bi_db_init = translucent_db_init;
1443 translucent.on_bi.bi_db_config = translucent_db_config;
1444 translucent.on_bi.bi_db_open = translucent_db_open;
1445 translucent.on_bi.bi_db_close = translucent_db_close;
1446 translucent.on_bi.bi_db_destroy = translucent_db_destroy;
1447 translucent.on_bi.bi_op_bind = translucent_bind;
1448 translucent.on_bi.bi_op_add = translucent_add;
1449 translucent.on_bi.bi_op_modify = translucent_modify;
1450 translucent.on_bi.bi_op_modrdn = translucent_modrdn;
1451 translucent.on_bi.bi_op_delete = translucent_delete;
1452 translucent.on_bi.bi_op_search = translucent_search;
1453 translucent.on_bi.bi_op_compare = translucent_compare;
1454 translucent.on_bi.bi_connection_destroy = translucent_connection_destroy;
1455 translucent.on_bi.bi_extended = translucent_exop;
1456
1457 translucent.on_bi.bi_cf_ocs = translucentocs;
1458 rc = config_register_schema ( translucentcfg, translucentocs );
1459 if ( rc ) return rc;
1460
1461 return(overlay_register(&translucent));
1462 }
1463
1464 #if SLAPD_OVER_TRANSLUCENT == SLAPD_MOD_DYNAMIC && defined(PIC)
init_module(int argc,char * argv[])1465 int init_module(int argc, char *argv[]) {
1466 return translucent_initialize();
1467 }
1468 #endif
1469
1470 #endif /* SLAPD_OVER_TRANSLUCENT */
1471