1 /* $NetBSD: op.c,v 1.3 2021/08/14 16:15:01 christos Exp $ */
2
3 /* op.c - relay backend operations */
4 /* $OpenLDAP$ */
5 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
6 *
7 * Copyright 2004-2021 The OpenLDAP Foundation.
8 * Portions Copyright 2004 Pierangelo Masarati.
9 * All rights reserved.
10 *
11 * Redistribution and use in source and binary forms, with or without
12 * modification, are permitted only as authorized by the OpenLDAP
13 * Public License.
14 *
15 * A copy of this license is available in the file LICENSE in the
16 * top-level directory of the distribution or, alternatively, at
17 * <http://www.OpenLDAP.org/license.html>.
18 */
19 /* ACKNOWLEDGEMENTS:
20 * This work was initially developed by Pierangelo Masarati for inclusion
21 * in OpenLDAP Software.
22 */
23
24 #include <sys/cdefs.h>
25 __RCSID("$NetBSD: op.c,v 1.3 2021/08/14 16:15:01 christos Exp $");
26
27 #include "portable.h"
28
29 #include <stdio.h>
30
31 #include "slap.h"
32 #include "back-relay.h"
33
34 /* Results when no real database (.rf_bd) or operation handler (.rf_op) */
35 static const struct relay_fail_modes_s {
36 slap_mask_t rf_bd, rf_op;
37 #define RB_ERR_MASK 0x0000FFFFU /* bitmask for default return value */
38 #define RB_BDERR 0x80000000U /* use .rf_bd's default return value */
39 #define RB_OPERR 0x40000000U /* set rs->sr_err = .rf_op return value */
40 #define RB_REF 0x20000000U /* use default_referral if available */
41 #define RB_SEND 0x10000000U /* send result; RB_??ERR is also set */
42 #define RB_SENDREF 0/*unused*/ /* like RB_SEND when referral found */
43 #define RB_NO_BIND (RB_OPERR | LDAP_INVALID_CREDENTIALS)
44 #define RB_NOT_SUPP (RB_OPERR | LDAP_UNWILLING_TO_PERFORM)
45 #define RB_NO_OBJ (RB_REF | LDAP_NO_SUCH_OBJECT)
46 #define RB_CHK_REF (RB_REF | RB_SENDREF | LDAP_SUCCESS)
47 } relay_fail_modes[relay_op_last] = {
48 /* .rf_bd is unused when zero, otherwise both fields have RB_BDERR */
49 # define RB_OP(b, o) { (b) | RB_BD2ERR(b), (o) | RB_BD2ERR(b) }
50 # define RB_BD2ERR(b) ((b) ? RB_BDERR : 0)
51 /* indexed by slap_operation_t: */
52 RB_OP(RB_NO_BIND|RB_SEND, RB_NO_BIND |RB_SEND), /* Bind */
53 RB_OP(0, LDAP_SUCCESS), /* Unbind: unused */
54 RB_OP(RB_NO_OBJ |RB_SEND, RB_NOT_SUPP |RB_SEND), /* Search */
55 RB_OP(RB_NO_OBJ |RB_SEND, SLAP_CB_CONTINUE), /* Compare */
56 RB_OP(RB_NO_OBJ |RB_SEND, RB_NOT_SUPP |RB_SEND), /* Modify */
57 RB_OP(RB_NO_OBJ |RB_SEND, RB_NOT_SUPP |RB_SEND), /* Modrdn */
58 RB_OP(RB_NO_OBJ |RB_SEND, RB_NOT_SUPP |RB_SEND), /* Add */
59 RB_OP(RB_NO_OBJ |RB_SEND, RB_NOT_SUPP |RB_SEND), /* Delete */
60 RB_OP(0, LDAP_SUCCESS), /* Abandon:unused */
61 RB_OP(RB_NO_OBJ, RB_NOT_SUPP), /* Extended */
62 RB_OP(0, SLAP_CB_CONTINUE), /* Cancel: unused */
63 RB_OP(0, LDAP_SUCCESS), /* operational */
64 RB_OP(RB_CHK_REF, LDAP_SUCCESS), /* chk_referrals:unused*/
65 RB_OP(0, SLAP_CB_CONTINUE),/* chk_controls:unused */
66 /* additional relay_operation_t indexes from back-relay.h: */
67 RB_OP(0, 0/*unused*/), /* entry_get = op_last */
68 RB_OP(0, 0/*unused*/), /* entry_release */
69 RB_OP(0, 0/*unused*/), /* has_subordinates */
70 };
71
72 /*
73 * Callbacks: Caller changed op->o_bd from Relay to underlying
74 * BackendDB. sc_response sets it to Relay BackendDB, sc_cleanup puts
75 * back underlying BackendDB. Caller will restore Relay BackendDB.
76 */
77
78 typedef struct relay_callback {
79 slap_callback rcb_sc;
80 BackendDB *rcb_bd;
81 } relay_callback;
82
83 static int
relay_back_cleanup_cb(Operation * op,SlapReply * rs)84 relay_back_cleanup_cb( Operation *op, SlapReply *rs )
85 {
86 op->o_bd = ((relay_callback *) op->o_callback)->rcb_bd;
87 return SLAP_CB_CONTINUE;
88 }
89
90 static int
relay_back_response_cb(Operation * op,SlapReply * rs)91 relay_back_response_cb( Operation *op, SlapReply *rs )
92 {
93 relay_callback *rcb = (relay_callback *) op->o_callback;
94
95 rcb->rcb_sc.sc_cleanup = relay_back_cleanup_cb;
96 rcb->rcb_bd = op->o_bd;
97 op->o_bd = op->o_callback->sc_private;
98 return SLAP_CB_CONTINUE;
99 }
100
101 #define relay_back_add_cb( rcb, op ) { \
102 (rcb)->rcb_sc.sc_next = (op)->o_callback; \
103 (rcb)->rcb_sc.sc_response = relay_back_response_cb; \
104 (rcb)->rcb_sc.sc_cleanup = 0; \
105 (rcb)->rcb_sc.sc_writewait = 0; \
106 (rcb)->rcb_sc.sc_private = (op)->o_bd; \
107 (op)->o_callback = (slap_callback *) (rcb); \
108 }
109
110 #define relay_back_remove_cb( rcb, op ) { \
111 slap_callback **sc = &(op)->o_callback; \
112 for ( ;; sc = &(*sc)->sc_next ) \
113 if ( *sc == (slap_callback *) (rcb) ) { \
114 *sc = (*sc)->sc_next; break; \
115 } else if ( *sc == NULL ) break; \
116 }
117
118 /*
119 * Select the backend database with the operation's DN. On failure,
120 * set/send results depending on operation type <which>'s fail_modes.
121 */
122 static BackendDB *
relay_back_select_backend(Operation * op,SlapReply * rs,int which)123 relay_back_select_backend( Operation *op, SlapReply *rs, int which )
124 {
125 OpExtra *oex;
126 char *key = (char *) op->o_bd->be_private;
127 BackendDB *bd = ((relay_back_info *) key)->ri_bd;
128 slap_mask_t fail_mode = relay_fail_modes[which].rf_bd;
129 int useDN = 0, rc = ( fail_mode & RB_ERR_MASK );
130
131 if ( bd == NULL && !BER_BVISNULL( &op->o_req_ndn ) ) {
132 useDN = 1;
133 bd = select_backend( &op->o_req_ndn, 1 );
134 }
135
136 if ( bd != NULL ) {
137 key += which; /* <relay, op type> key from RELAY_WRAP_OP() */
138 LDAP_SLIST_FOREACH( oex, &op->o_extra, oe_next ) {
139 if ( oex->oe_key == key )
140 break;
141 }
142 if ( oex == NULL ) {
143 return bd;
144 }
145
146 Debug( LDAP_DEBUG_ANY,
147 "%s: back-relay for DN=\"%s\" would call self.\n",
148 op->o_log_prefix, op->o_req_dn.bv_val );
149
150 } else if ( useDN && ( fail_mode & RB_REF ) && default_referral ) {
151 rc = LDAP_REFERRAL;
152
153 /* if we set sr_err to LDAP_REFERRAL, we must provide one */
154 rs->sr_ref = referral_rewrite(
155 default_referral, NULL, &op->o_req_dn,
156 op->o_tag == LDAP_REQ_SEARCH ?
157 op->ors_scope : LDAP_SCOPE_DEFAULT );
158 if ( rs->sr_ref != NULL ) {
159 rs->sr_flags |= REP_REF_MUSTBEFREED;
160 } else {
161 rs->sr_ref = default_referral;
162 }
163
164 if ( fail_mode & RB_SENDREF )
165 fail_mode = (RB_BDERR | RB_SEND);
166 }
167
168 if ( fail_mode & RB_BDERR ) {
169 rs->sr_err = rc;
170 if ( fail_mode & RB_SEND ) {
171 send_ldap_result( op, rs );
172 }
173 }
174
175 return NULL;
176 }
177
178 /*
179 * Forward <act> on <op> to database <bd>, with <relay, op type>-specific
180 * key in op->o_extra so relay_back_select_backend() can catch recursion.
181 */
182 #define RELAY_WRAP_OP( op, bd, which, act ) { \
183 OpExtraDB wrap_oex; \
184 BackendDB *const wrap_bd = (op)->o_bd; \
185 wrap_oex.oe_db = wrap_bd; \
186 wrap_oex.oe.oe_key = (char *) wrap_bd->be_private + (which); \
187 LDAP_SLIST_INSERT_HEAD( &(op)->o_extra, &wrap_oex.oe, oe_next ); \
188 (op)->o_bd = (bd); \
189 act; \
190 (op)->o_bd = wrap_bd; \
191 LDAP_SLIST_REMOVE( &(op)->o_extra, &wrap_oex.oe, OpExtra, oe_next ); \
192 }
193
194 /*
195 * Forward backend function #<which> on <op> to operation DN's database
196 * like RELAY_WRAP_OP, after setting up callbacks. If no database or no
197 * backend function, set/send results depending on <which>'s fail_modes.
198 */
199 static int
relay_back_op(Operation * op,SlapReply * rs,int which)200 relay_back_op( Operation *op, SlapReply *rs, int which )
201 {
202 BackendDB *bd;
203 BackendInfo *bi;
204 slap_mask_t fail_mode = relay_fail_modes[which].rf_op;
205 int rc = ( fail_mode & RB_ERR_MASK );
206
207 bd = relay_back_select_backend( op, rs, which );
208 if ( bd == NULL ) {
209 if ( fail_mode & RB_BDERR )
210 return rs->sr_err; /* sr_err was set above */
211
212 } else if ( (&( bi = bd->bd_info )->bi_op_bind)[which] ) {
213 relay_callback rcb;
214
215 relay_back_add_cb( &rcb, op );
216 RELAY_WRAP_OP( op, bd, which, {
217 rc = (&bi->bi_op_bind)[which]( op, rs );
218 });
219 relay_back_remove_cb( &rcb, op );
220 if ( which == op_bind && rc == LDAP_SUCCESS )
221 op->o_bd = bd;
222
223 } else if ( fail_mode & RB_OPERR ) {
224 rs->sr_err = rc;
225 if ( rc == LDAP_UNWILLING_TO_PERFORM ) {
226 rs->sr_text = "operation not supported within naming context";
227 }
228
229 if ( fail_mode & RB_SEND ) {
230 send_ldap_result( op, rs );
231 }
232 }
233
234 return rc;
235 }
236
237
238 int
relay_back_op_bind(Operation * op,SlapReply * rs)239 relay_back_op_bind( Operation *op, SlapReply *rs )
240 {
241 /* allow rootdn as a means to auth without the need to actually
242 * contact the proxied DSA */
243 switch ( be_rootdn_bind( op, rs ) ) {
244 case SLAP_CB_CONTINUE:
245 break;
246
247 default:
248 return rs->sr_err;
249 }
250
251 return relay_back_op( op, rs, op_bind );
252 }
253
254 #define RELAY_DEFOP(func, which) \
255 int func( Operation *op, SlapReply *rs ) \
256 { return relay_back_op( op, rs, which ); }
257
RELAY_DEFOP(relay_back_op_search,op_search)258 RELAY_DEFOP( relay_back_op_search, op_search )
259 RELAY_DEFOP( relay_back_op_compare, op_compare )
260 RELAY_DEFOP( relay_back_op_modify, op_modify )
261 RELAY_DEFOP( relay_back_op_modrdn, op_modrdn )
262 RELAY_DEFOP( relay_back_op_add, op_add )
263 RELAY_DEFOP( relay_back_op_delete, op_delete )
264 RELAY_DEFOP( relay_back_op_extended, op_extended )
265 RELAY_DEFOP( relay_back_operational, op_aux_operational )
266
267 /* Abandon, Cancel, Unbind and some DN-less calls like be_connection_init
268 * need no extra handling: slapd already calls them for all databases.
269 */
270
271
272 int
273 relay_back_entry_release_rw( Operation *op, Entry *e, int rw )
274 {
275 BackendDB *bd;
276 int rc = LDAP_UNWILLING_TO_PERFORM;
277
278 bd = relay_back_select_backend( op, NULL, relay_op_entry_release );
279 if ( bd && bd->be_release ) {
280 RELAY_WRAP_OP( op, bd, relay_op_entry_release, {
281 rc = bd->be_release( op, e, rw );
282 });
283 } else if ( e->e_private == NULL ) {
284 entry_free( e );
285 rc = LDAP_SUCCESS;
286 }
287
288 return rc;
289 }
290
291 int
relay_back_entry_get_rw(Operation * op,struct berval * ndn,ObjectClass * oc,AttributeDescription * at,int rw,Entry ** e)292 relay_back_entry_get_rw( Operation *op, struct berval *ndn,
293 ObjectClass *oc, AttributeDescription *at, int rw, Entry **e )
294 {
295 BackendDB *bd;
296 int rc = LDAP_NO_SUCH_OBJECT;
297
298 bd = relay_back_select_backend( op, NULL, relay_op_entry_get );
299 if ( bd && bd->be_fetch ) {
300 RELAY_WRAP_OP( op, bd, relay_op_entry_get, {
301 rc = bd->be_fetch( op, ndn, oc, at, rw, e );
302 });
303 }
304
305 return rc;
306 }
307
308 #if 0 /* Give the RB_SENDREF flag a nonzero value if implementing this */
309 /*
310 * NOTE: even the existence of this function is questionable: we cannot
311 * pass the bi_chk_referrals() call thru the rwm overlay because there
312 * is no way to rewrite the req_dn back; but then relay_back_chk_referrals()
313 * is passing the target database a DN that likely does not belong to its
314 * naming context... mmmh.
315 */
316 RELAY_DEFOP( relay_back_chk_referrals, op_aux_chk_referrals )
317 #endif /*0*/
318
319 int
relay_back_has_subordinates(Operation * op,Entry * e,int * hasSubs)320 relay_back_has_subordinates( Operation *op, Entry *e, int *hasSubs )
321 {
322 BackendDB *bd;
323 int rc = LDAP_OTHER;
324
325 bd = relay_back_select_backend( op, NULL, relay_op_has_subordinates );
326 if ( bd && bd->be_has_subordinates ) {
327 RELAY_WRAP_OP( op, bd, relay_op_has_subordinates, {
328 rc = bd->be_has_subordinates( op, e, hasSubs );
329 });
330 }
331
332 return rc;
333 }
334
335
336 /*
337 * FIXME: must implement tools as well
338 */
339