summaryrefslogtreecommitdiffstats
path: root/servers/slapd/back-meta/init.c
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-27 11:11:40 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-27 11:11:40 +0000
commit7731832751ab9f3c6ddeb66f186d3d7fa1934a6d (patch)
treee91015872543a59be2aad26c2fea02e41b57005d /servers/slapd/back-meta/init.c
parentInitial commit. (diff)
downloadopenldap-1a00339458686feff01d4a8e157da4800292a9af.tar.xz
openldap-1a00339458686feff01d4a8e157da4800292a9af.zip
Adding upstream version 2.4.57+dfsg.upstream/2.4.57+dfsgupstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'servers/slapd/back-meta/init.c')
-rw-r--r--servers/slapd/back-meta/init.c475
1 files changed, 475 insertions, 0 deletions
diff --git a/servers/slapd/back-meta/init.c b/servers/slapd/back-meta/init.c
new file mode 100644
index 0000000..3c405b3
--- /dev/null
+++ b/servers/slapd/back-meta/init.c
@@ -0,0 +1,475 @@
+/* $OpenLDAP$ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1999-2021 The OpenLDAP Foundation.
+ * Portions Copyright 2001-2003 Pierangelo Masarati.
+ * Portions Copyright 1999-2003 Howard Chu.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <ac/string.h>
+#include <ac/socket.h>
+
+#include "slap.h"
+#include "config.h"
+#include "../back-ldap/back-ldap.h"
+#include "back-meta.h"
+
+int
+meta_back_open(
+ BackendInfo *bi )
+{
+ /* FIXME: need to remove the pagedResults, and likely more... */
+ bi->bi_controls = slap_known_controls;
+
+ return 0;
+}
+
+int
+meta_back_initialize(
+ BackendInfo *bi )
+{
+ bi->bi_flags =
+#if 0
+ /* this is not (yet) set essentially because back-meta does not
+ * directly support extended operations... */
+#ifdef LDAP_DYNAMIC_OBJECTS
+ /* this is set because all the support a proxy has to provide
+ * is the capability to forward the refresh exop, and to
+ * pass thru entries that contain the dynamicObject class
+ * and the entryTtl attribute */
+ SLAP_BFLAG_DYNAMIC |
+#endif /* LDAP_DYNAMIC_OBJECTS */
+#endif
+
+ /* back-meta recognizes RFC4525 increment;
+ * let the remote server complain, if needed (ITS#5912) */
+ SLAP_BFLAG_INCREMENT;
+
+ bi->bi_open = meta_back_open;
+ bi->bi_config = 0;
+ bi->bi_close = 0;
+ bi->bi_destroy = 0;
+
+ bi->bi_db_init = meta_back_db_init;
+ bi->bi_db_config = config_generic_wrapper;
+ bi->bi_db_open = meta_back_db_open;
+ bi->bi_db_close = 0;
+ bi->bi_db_destroy = meta_back_db_destroy;
+
+ bi->bi_op_bind = meta_back_bind;
+ bi->bi_op_unbind = 0;
+ bi->bi_op_search = meta_back_search;
+ bi->bi_op_compare = meta_back_compare;
+ bi->bi_op_modify = meta_back_modify;
+ bi->bi_op_modrdn = meta_back_modrdn;
+ bi->bi_op_add = meta_back_add;
+ bi->bi_op_delete = meta_back_delete;
+ bi->bi_op_abandon = 0;
+
+ bi->bi_extended = 0;
+
+ bi->bi_chk_referrals = 0;
+
+ bi->bi_connection_init = 0;
+ bi->bi_connection_destroy = meta_back_conn_destroy;
+
+ return meta_back_init_cf( bi );
+}
+
+int
+meta_back_db_init(
+ Backend *be,
+ ConfigReply *cr)
+{
+ metainfo_t *mi;
+ int i;
+ BackendInfo *bi;
+
+ bi = backend_info( "ldap" );
+ if ( !bi || !bi->bi_extra ) {
+ Debug( LDAP_DEBUG_ANY,
+ "meta_back_db_init: needs back-ldap\n",
+ 0, 0, 0 );
+ return 1;
+ }
+
+ mi = ch_calloc( 1, sizeof( metainfo_t ) );
+ if ( mi == NULL ) {
+ return -1;
+ }
+
+ /* set default flags */
+ mi->mi_flags =
+ META_BACK_F_DEFER_ROOTDN_BIND
+ | META_BACK_F_PROXYAUTHZ_ALWAYS
+ | META_BACK_F_PROXYAUTHZ_ANON
+ | META_BACK_F_PROXYAUTHZ_NOANON;
+
+ /*
+ * At present the default is no default target;
+ * this may change
+ */
+ mi->mi_defaulttarget = META_DEFAULT_TARGET_NONE;
+ mi->mi_bind_timeout.tv_sec = 0;
+ mi->mi_bind_timeout.tv_usec = META_BIND_TIMEOUT;
+
+ mi->mi_rebind_f = meta_back_default_rebind;
+ mi->mi_urllist_f = meta_back_default_urllist;
+
+ ldap_pvt_thread_mutex_init( &mi->mi_conninfo.lai_mutex );
+ ldap_pvt_thread_mutex_init( &mi->mi_cache.mutex );
+
+ /* safe default */
+ mi->mi_nretries = META_RETRY_DEFAULT;
+ mi->mi_version = LDAP_VERSION3;
+
+ for ( i = LDAP_BACK_PCONN_FIRST; i < LDAP_BACK_PCONN_LAST; i++ ) {
+ mi->mi_conn_priv[ i ].mic_num = 0;
+ LDAP_TAILQ_INIT( &mi->mi_conn_priv[ i ].mic_priv );
+ }
+ mi->mi_conn_priv_max = LDAP_BACK_CONN_PRIV_DEFAULT;
+
+ mi->mi_ldap_extra = (ldap_extra_t *)bi->bi_extra;
+
+ be->be_private = mi;
+ be->be_cf_ocs = be->bd_info->bi_cf_ocs;
+
+ return 0;
+}
+
+int
+meta_target_finish(
+ metainfo_t *mi,
+ metatarget_t *mt,
+ const char *log,
+ char *msg,
+ size_t msize
+)
+{
+ slap_bindconf sb = { BER_BVNULL };
+ struct berval mapped;
+ int rc;
+
+ ber_str2bv( mt->mt_uri, 0, 0, &sb.sb_uri );
+ sb.sb_version = mt->mt_version;
+ sb.sb_method = LDAP_AUTH_SIMPLE;
+ BER_BVSTR( &sb.sb_binddn, "" );
+
+ if ( META_BACK_TGT_T_F_DISCOVER( mt ) ) {
+ rc = slap_discover_feature( &sb,
+ slap_schema.si_ad_supportedFeatures->ad_cname.bv_val,
+ LDAP_FEATURE_ABSOLUTE_FILTERS );
+ if ( rc == LDAP_COMPARE_TRUE ) {
+ mt->mt_flags |= LDAP_BACK_F_T_F;
+ }
+ }
+
+ if ( META_BACK_TGT_CANCEL_DISCOVER( mt ) ) {
+ rc = slap_discover_feature( &sb,
+ slap_schema.si_ad_supportedExtension->ad_cname.bv_val,
+ LDAP_EXOP_CANCEL );
+ if ( rc == LDAP_COMPARE_TRUE ) {
+ mt->mt_flags |= LDAP_BACK_F_CANCEL_EXOP;
+ }
+ }
+
+ if ( !( mt->mt_idassert_flags & LDAP_BACK_AUTH_OVERRIDE )
+ || mt->mt_idassert_authz != NULL )
+ {
+ mi->mi_flags &= ~META_BACK_F_PROXYAUTHZ_ALWAYS;
+ }
+
+ if ( ( mt->mt_idassert_flags & LDAP_BACK_AUTH_AUTHZ_ALL )
+ && !( mt->mt_idassert_flags & LDAP_BACK_AUTH_PRESCRIPTIVE ) )
+ {
+ snprintf( msg, msize,
+ "%s: inconsistent idassert configuration "
+ "(likely authz=\"*\" used with \"non-prescriptive\" flag)",
+ log );
+ Debug( LDAP_DEBUG_ANY, "%s (target %s)\n",
+ msg, mt->mt_uri, 0 );
+ return 1;
+ }
+
+ if ( !( mt->mt_idassert_flags & LDAP_BACK_AUTH_AUTHZ_ALL ) )
+ {
+ mi->mi_flags &= ~META_BACK_F_PROXYAUTHZ_ANON;
+ }
+
+ if ( ( mt->mt_idassert_flags & LDAP_BACK_AUTH_PRESCRIPTIVE ) )
+ {
+ mi->mi_flags &= ~META_BACK_F_PROXYAUTHZ_NOANON;
+ }
+
+ BER_BVZERO( &mapped );
+ ldap_back_map( &mt->mt_rwmap.rwm_at,
+ &slap_schema.si_ad_entryDN->ad_cname, &mapped,
+ BACKLDAP_REMAP );
+ if ( BER_BVISNULL( &mapped ) || mapped.bv_val[0] == '\0' ) {
+ mt->mt_rep_flags |= REP_NO_ENTRYDN;
+ }
+
+ BER_BVZERO( &mapped );
+ ldap_back_map( &mt->mt_rwmap.rwm_at,
+ &slap_schema.si_ad_subschemaSubentry->ad_cname, &mapped,
+ BACKLDAP_REMAP );
+ if ( BER_BVISNULL( &mapped ) || mapped.bv_val[0] == '\0' ) {
+ mt->mt_rep_flags |= REP_NO_SUBSCHEMA;
+ }
+
+ return 0;
+}
+
+int
+meta_back_db_open(
+ Backend *be,
+ ConfigReply *cr )
+{
+ metainfo_t *mi = (metainfo_t *)be->be_private;
+ char msg[SLAP_TEXT_BUFLEN];
+
+ int i, rc;
+
+ if ( mi->mi_ntargets == 0 ) {
+ /* Dynamically added, nothing to check here until
+ * some targets get added
+ */
+ if ( slapMode & SLAP_SERVER_RUNNING )
+ return 0;
+
+ Debug( LDAP_DEBUG_ANY,
+ "meta_back_db_open: no targets defined\n",
+ 0, 0, 0 );
+ return 1;
+ }
+
+ for ( i = 0; i < mi->mi_ntargets; i++ ) {
+ metatarget_t *mt = mi->mi_targets[ i ];
+
+ if ( meta_target_finish( mi, mt,
+ "meta_back_db_open", msg, sizeof( msg )))
+ return 1;
+ }
+
+ return 0;
+}
+
+/*
+ * meta_back_conn_free()
+ *
+ * actually frees a connection; the reference count must be 0,
+ * and it must not (or no longer) be in the cache.
+ */
+void
+meta_back_conn_free(
+ void *v_mc )
+{
+ metaconn_t *mc = v_mc;
+ int ntargets;
+
+ assert( mc != NULL );
+ assert( mc->mc_refcnt == 0 );
+
+ /* at least one must be present... */
+ ntargets = mc->mc_info->mi_ntargets;
+ assert( ntargets > 0 );
+
+ for ( ; ntargets--; ) {
+ (void)meta_clear_one_candidate( NULL, mc, ntargets );
+ }
+
+ if ( !BER_BVISNULL( &mc->mc_local_ndn ) ) {
+ free( mc->mc_local_ndn.bv_val );
+ }
+
+ free( mc );
+}
+
+static void
+mapping_free(
+ void *v_mapping )
+{
+ struct ldapmapping *mapping = v_mapping;
+ ch_free( mapping->src.bv_val );
+ ch_free( mapping->dst.bv_val );
+ ch_free( mapping );
+}
+
+static void
+mapping_dst_free(
+ void *v_mapping )
+{
+ struct ldapmapping *mapping = v_mapping;
+
+ if ( BER_BVISEMPTY( &mapping->dst ) ) {
+ mapping_free( &mapping[ -1 ] );
+ }
+}
+
+void
+meta_back_map_free( struct ldapmap *lm )
+{
+ avl_free( lm->remap, mapping_dst_free );
+ avl_free( lm->map, mapping_free );
+ lm->remap = NULL;
+ lm->map = NULL;
+}
+
+static void
+target_free(
+ metatarget_t *mt )
+{
+ if ( mt->mt_uri ) {
+ free( mt->mt_uri );
+ ldap_pvt_thread_mutex_destroy( &mt->mt_uri_mutex );
+ }
+ if ( mt->mt_subtree ) {
+ meta_subtree_destroy( mt->mt_subtree );
+ mt->mt_subtree = NULL;
+ }
+ if ( mt->mt_filter ) {
+ meta_filter_destroy( mt->mt_filter );
+ mt->mt_filter = NULL;
+ }
+ if ( !BER_BVISNULL( &mt->mt_psuffix ) ) {
+ free( mt->mt_psuffix.bv_val );
+ }
+ if ( !BER_BVISNULL( &mt->mt_nsuffix ) ) {
+ free( mt->mt_nsuffix.bv_val );
+ }
+ if ( !BER_BVISNULL( &mt->mt_binddn ) ) {
+ free( mt->mt_binddn.bv_val );
+ }
+ if ( !BER_BVISNULL( &mt->mt_bindpw ) ) {
+ free( mt->mt_bindpw.bv_val );
+ }
+ if ( !BER_BVISNULL( &mt->mt_idassert_authcID ) ) {
+ ch_free( mt->mt_idassert_authcID.bv_val );
+ }
+ if ( !BER_BVISNULL( &mt->mt_idassert_authcDN ) ) {
+ ch_free( mt->mt_idassert_authcDN.bv_val );
+ }
+ if ( !BER_BVISNULL( &mt->mt_idassert_passwd ) ) {
+ ch_free( mt->mt_idassert_passwd.bv_val );
+ }
+ if ( !BER_BVISNULL( &mt->mt_idassert_authzID ) ) {
+ ch_free( mt->mt_idassert_authzID.bv_val );
+ }
+ if ( !BER_BVISNULL( &mt->mt_idassert_sasl_mech ) ) {
+ ch_free( mt->mt_idassert_sasl_mech.bv_val );
+ }
+ if ( !BER_BVISNULL( &mt->mt_idassert_sasl_realm ) ) {
+ ch_free( mt->mt_idassert_sasl_realm.bv_val );
+ }
+ if ( mt->mt_idassert_authz != NULL ) {
+ ber_bvarray_free( mt->mt_idassert_authz );
+ }
+ if ( mt->mt_rwmap.rwm_rw ) {
+ rewrite_info_delete( &mt->mt_rwmap.rwm_rw );
+ if ( mt->mt_rwmap.rwm_bva_rewrite )
+ ber_bvarray_free( mt->mt_rwmap.rwm_bva_rewrite );
+ }
+ meta_back_map_free( &mt->mt_rwmap.rwm_oc );
+ meta_back_map_free( &mt->mt_rwmap.rwm_at );
+ ber_bvarray_free( mt->mt_rwmap.rwm_bva_map );
+
+ free( mt );
+}
+
+int
+meta_back_db_destroy(
+ Backend *be,
+ ConfigReply *cr )
+{
+ metainfo_t *mi;
+
+ if ( be->be_private ) {
+ int i;
+
+ mi = ( metainfo_t * )be->be_private;
+
+ /*
+ * Destroy the connection tree
+ */
+ ldap_pvt_thread_mutex_lock( &mi->mi_conninfo.lai_mutex );
+
+ if ( mi->mi_conninfo.lai_tree ) {
+ avl_free( mi->mi_conninfo.lai_tree, meta_back_conn_free );
+ }
+ for ( i = LDAP_BACK_PCONN_FIRST; i < LDAP_BACK_PCONN_LAST; i++ ) {
+ while ( !LDAP_TAILQ_EMPTY( &mi->mi_conn_priv[ i ].mic_priv ) ) {
+ metaconn_t *mc = LDAP_TAILQ_FIRST( &mi->mi_conn_priv[ i ].mic_priv );
+
+ LDAP_TAILQ_REMOVE( &mi->mi_conn_priv[ i ].mic_priv, mc, mc_q );
+ meta_back_conn_free( mc );
+ }
+ }
+
+ /*
+ * Destroy the per-target stuff (assuming there's at
+ * least one ...)
+ */
+ if ( mi->mi_targets != NULL ) {
+ for ( i = 0; i < mi->mi_ntargets; i++ ) {
+ metatarget_t *mt = mi->mi_targets[ i ];
+
+ if ( META_BACK_TGT_QUARANTINE( mt ) ) {
+ if ( mt->mt_quarantine.ri_num != mi->mi_quarantine.ri_num )
+ {
+ mi->mi_ldap_extra->retry_info_destroy( &mt->mt_quarantine );
+ }
+
+ ldap_pvt_thread_mutex_destroy( &mt->mt_quarantine_mutex );
+ }
+
+ target_free( mt );
+ }
+
+ free( mi->mi_targets );
+ }
+
+ ldap_pvt_thread_mutex_lock( &mi->mi_cache.mutex );
+ if ( mi->mi_cache.tree ) {
+ avl_free( mi->mi_cache.tree, meta_dncache_free );
+ }
+
+ ldap_pvt_thread_mutex_unlock( &mi->mi_cache.mutex );
+ ldap_pvt_thread_mutex_destroy( &mi->mi_cache.mutex );
+
+ ldap_pvt_thread_mutex_unlock( &mi->mi_conninfo.lai_mutex );
+ ldap_pvt_thread_mutex_destroy( &mi->mi_conninfo.lai_mutex );
+
+ if ( mi->mi_candidates != NULL ) {
+ ber_memfree_x( mi->mi_candidates, NULL );
+ }
+
+ if ( META_BACK_QUARANTINE( mi ) ) {
+ mi->mi_ldap_extra->retry_info_destroy( &mi->mi_quarantine );
+ }
+ }
+
+ free( be->be_private );
+ return 0;
+}
+
+#if SLAPD_META == SLAPD_MOD_DYNAMIC
+
+/* conditionally define the init_module() function */
+SLAP_BACKEND_INIT_MODULE( meta )
+
+#endif /* SLAPD_META == SLAPD_MOD_DYNAMIC */
+
+