diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-27 11:11:40 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-27 11:11:40 +0000 |
commit | 7731832751ab9f3c6ddeb66f186d3d7fa1934a6d (patch) | |
tree | e91015872543a59be2aad26c2fea02e41b57005d /servers/slapd/back-relay | |
parent | Initial commit. (diff) | |
download | openldap-7731832751ab9f3c6ddeb66f186d3d7fa1934a6d.tar.xz openldap-7731832751ab9f3c6ddeb66f186d3d7fa1934a6d.zip |
Adding upstream version 2.4.57+dfsg.upstream/2.4.57+dfsgupstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'servers/slapd/back-relay')
-rw-r--r-- | servers/slapd/back-relay/Makefile.in | 41 | ||||
-rw-r--r-- | servers/slapd/back-relay/README | 83 | ||||
-rw-r--r-- | servers/slapd/back-relay/back-relay.h | 49 | ||||
-rw-r--r-- | servers/slapd/back-relay/init.c | 254 | ||||
-rw-r--r-- | servers/slapd/back-relay/op.c | 331 | ||||
-rw-r--r-- | servers/slapd/back-relay/proto-back-relay.h | 52 |
6 files changed, 810 insertions, 0 deletions
diff --git a/servers/slapd/back-relay/Makefile.in b/servers/slapd/back-relay/Makefile.in new file mode 100644 index 0000000..15100af --- /dev/null +++ b/servers/slapd/back-relay/Makefile.in @@ -0,0 +1,41 @@ +# Makefile.in for back-relay +# $OpenLDAP$ +## This work is part of OpenLDAP Software <http://www.openldap.org/>. +## +## Copyright 1998-2021 The OpenLDAP Foundation. +## All rights reserved. +## +## Redistribution and use in source and binary forms, with or without +## modification, are permitted only as authorized by the OpenLDAP +## Public License. +## +## A copy of this license is available in the file LICENSE in the +## top-level directory of the distribution or, alternatively, at +## <http://www.OpenLDAP.org/license.html>. + +SRCS = init.c op.c +OBJS = init.lo op.lo + +LDAP_INCDIR= ../../../include +LDAP_LIBDIR= ../../../libraries + +BUILD_OPT = "--enable-relay" +BUILD_MOD = @BUILD_RELAY@ + +mod_DEFS = -DSLAPD_IMPORT +MOD_DEFS = $(@BUILD_RELAY@_DEFS) + +shared_LDAP_LIBS = $(LDAP_LIBLDAP_R_LA) $(LDAP_LIBLBER_LA) +NT_LINK_LIBS = -L.. -lslapd $(@BUILD_LIBS_DYNAMIC@_LDAP_LIBS) $(REWRITE) +UNIX_LINK_LIBS = $(@BUILD_LIBS_DYNAMIC@_LDAP_LIBS) $(REWRITE) + +LIBBASE = back_relay + +XINCPATH = -I.. -I$(srcdir)/.. +XDEFS = $(MODULES_CPPFLAGS) + +all-local-lib: ../.backend + +../.backend: lib$(LIBBASE).a + @touch $@ + diff --git a/servers/slapd/back-relay/README b/servers/slapd/back-relay/README new file mode 100644 index 0000000..81f152c --- /dev/null +++ b/servers/slapd/back-relay/README @@ -0,0 +1,83 @@ +Relay backend sets up a relay virtual database that allows +to access other databases in the same instance of slapd +through different naming contexts and remapping attribute +values. + +The DN rewrite, filter rewrite and attributeType/objectClass +mapping is done by means of the rewrite-remap overlay. + +The database containing the real naming context can be +explicitly selected by means of the "relay" directive, +which must contain the naming context of the target +database. This also causes the rewrite-remap overlay +to be automatically instantiated. If the optional keyword +"massage" is present, the rewrite-remap overlay is +automatically configured to map the virtual to the real +naming context and vice-versa. + +Otherwise, the rewrite-remap overlay must be explicitly +instantiated, by using the "overlay" directive, as +illustrated below. This allows much more freedom in target +database selection and DN rewriting. + +If the "relay" directive is not present, the backend is +not bound to a single target database; on the contrary, +the target database is selected on a per-operation basis. + +This allows, for instance, to relay one database for +authentication and anotheir for search/modify, or allows +to use one target for persons and another for groups +and so on. + +To summarize: the "relay" directive: +- explicitly bounds the database to a single database + holding the real naming context; +- automatically instantiates the rewrite-remap overlay; +- automatically configures the naming context massaging + if the optional "massage" keyword is added + +If the "relay" directive is not used, the rewrite-remap +overlay must be explicitly instantiated and the massaging +must be configured, either by using the "suffixmassage" +directive, or by issuing more sophisticate rewrite +instructions. + +AttributeType/objectClass mapping must be explicitly +required. + +Note that the rewrite-remap overlay is not complete nor +production- ready yet. +Examples are given of all the suggested usages. + +# automatically massage from virtual to real naming context +database relay +suffix "dc=virtual,dc=naming,dc=context" +relay "dc=real,dc=naming,dc=context" massage + +# explicitly massage (same as above) +database relay +suffix "dc=virtual,dc=naming,dc=context" +relay "dc=real,dc=naming,dc=context" +suffixmassage "dc=virtual,dc=naming,dc=context" \ + "dc=real,dc=naming,dc=context" + +# explicitly massage (same as above, but dynamic backend resolution) +database relay +suffix "dc=virtual,dc=naming,dc=context" +overlay rewrite-remap +suffixmassage "dc=virtual,dc=naming,dc=context" \ + "dc=real,dc=naming,dc=context" + +# old fashioned suffixalias, applied also to DN-valued attributes +# from virtual to real naming context, but not the reverse... +database relay +suffix "dc=virtual,dc=naming,dc=context" +relay "dc=real,dc=naming,dc=context" +rewriteContext default +rewriteRule "(.*)dc=virtual,dc=naming,dc=context$" \ + "$1dc=real,dc=naming,dc=context" +rewriteContext searchFilter +rewriteContext searchResult +rewriteContext searchResultAttrDN +rewriteContext matchedDN + diff --git a/servers/slapd/back-relay/back-relay.h b/servers/slapd/back-relay/back-relay.h new file mode 100644 index 0000000..0a0a9bc --- /dev/null +++ b/servers/slapd/back-relay/back-relay.h @@ -0,0 +1,49 @@ +/* back-relay.h - relay backend header file */ +/* $OpenLDAP$ */ +/* This work is part of OpenLDAP Software <http://www.openldap.org/>. + * + * Copyright 2004-2021 The OpenLDAP Foundation. + * Portions Copyright 2004 Pierangelo Masarati. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted only as authorized by the OpenLDAP + * Public License. + * + * A copy of this license is available in the file LICENSE in the + * top-level directory of the distribution or, alternatively, at + * <http://www.OpenLDAP.org/license.html>. + */ +/* ACKNOWLEDGEMENTS: + * This work was initially developed by Pierangelo Masarati for inclusion + * in OpenLDAP Software. + */ + +#ifndef SLAPD_RELAY_H +#define SLAPD_RELAY_H + +#include "proto-back-relay.h" + +LDAP_BEGIN_DECL + +typedef enum relay_operation_e { + relay_op_entry_get = op_last, + relay_op_entry_release, + relay_op_has_subordinates, + relay_op_last +} relay_operation_t; + +typedef struct relay_back_info { + BackendDB *ri_bd; + struct berval ri_realsuffix; + int ri_massage; +} relay_back_info; + +/* Pad relay_back_info if needed to create valid OpExtra key addresses */ +#define RELAY_INFO_SIZE \ + (sizeof(relay_back_info) > (size_t) relay_op_last ? \ + sizeof(relay_back_info) : (size_t) relay_op_last ) + +LDAP_END_DECL + +#endif /* SLAPD_RELAY_H */ diff --git a/servers/slapd/back-relay/init.c b/servers/slapd/back-relay/init.c new file mode 100644 index 0000000..4e18381 --- /dev/null +++ b/servers/slapd/back-relay/init.c @@ -0,0 +1,254 @@ +/* init.c - initialize relay backend */ +/* $OpenLDAP$ */ +/* This work is part of OpenLDAP Software <http://www.openldap.org/>. + * + * Copyright 2004-2021 The OpenLDAP Foundation. + * Portions Copyright 2004 Pierangelo Masarati. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted only as authorized by the OpenLDAP + * Public License. + * + * A copy of this license is available in the file LICENSE in the + * top-level directory of the distribution or, alternatively, at + * <http://www.OpenLDAP.org/license.html>. + */ +/* ACKNOWLEDGEMENTS: + * This work was initially developed by Pierangelo Masarati for inclusion + * in OpenLDAP Software. + */ + +#include "portable.h" + +#include <stdio.h> +#include <ac/string.h> + +#include "slap.h" +#include "config.h" +#include "back-relay.h" + +static ConfigDriver relay_back_cf; + +static ConfigTable relaycfg[] = { + { "relay", "relay", 2, 2, 0, + ARG_MAGIC|ARG_DN|ARG_QUOTE, + relay_back_cf, "( OLcfgDbAt:5.1 " + "NAME 'olcRelay' " + "DESC 'Relay DN' " + "SYNTAX OMsDN " + "SINGLE-VALUE )", + NULL, NULL }, + { NULL } +}; + +static ConfigOCs relayocs[] = { + { "( OLcfgDbOc:5.1 " + "NAME 'olcRelayConfig' " + "DESC 'Relay backend configuration' " + "SUP olcDatabaseConfig " + "MAY ( olcRelay " + ") )", + Cft_Database, relaycfg}, + { NULL, 0, NULL } +}; + +static int +relay_back_cf( ConfigArgs *c ) +{ + relay_back_info *ri = ( relay_back_info * )c->be->be_private; + int rc = 0; + + if ( c->op == SLAP_CONFIG_EMIT ) { + if ( ri != NULL && !BER_BVISNULL( &ri->ri_realsuffix ) ) { + value_add_one( &c->rvalue_vals, &ri->ri_realsuffix ); + return 0; + } + return 1; + + } else if ( c->op == LDAP_MOD_DELETE ) { + if ( !BER_BVISNULL( &ri->ri_realsuffix ) ) { + ch_free( ri->ri_realsuffix.bv_val ); + BER_BVZERO( &ri->ri_realsuffix ); + ri->ri_bd = NULL; + return 0; + } + return 1; + + } else { + BackendDB *bd; + + assert( ri != NULL ); + assert( BER_BVISNULL( &ri->ri_realsuffix ) ); + + if ( c->be->be_nsuffix == NULL ) { + snprintf( c->cr_msg, sizeof( c->cr_msg), + "\"relay\" directive " + "must appear after \"suffix\"" ); + Log2( LDAP_DEBUG_ANY, LDAP_LEVEL_ERR, + "%s: %s.\n", c->log, c->cr_msg ); + rc = 1; + goto relay_done; + } + + if ( !BER_BVISNULL( &c->be->be_nsuffix[ 1 ] ) ) { + snprintf( c->cr_msg, sizeof( c->cr_msg), + "relaying of multiple suffix " + "database not supported" ); + Log2( LDAP_DEBUG_ANY, LDAP_LEVEL_ERR, + "%s: %s.\n", c->log, c->cr_msg ); + rc = 1; + goto relay_done; + } + + bd = select_backend( &c->value_ndn, 1 ); + if ( bd == NULL ) { + snprintf( c->cr_msg, sizeof( c->cr_msg), + "cannot find database " + "of relay dn \"%s\" " + "in \"olcRelay <dn>\"\n", + c->value_dn.bv_val ); + Log2( LDAP_DEBUG_CONFIG, LDAP_LEVEL_ERR, + "%s: %s.\n", c->log, c->cr_msg ); + + } else if ( bd->be_private == c->be->be_private ) { + snprintf( c->cr_msg, sizeof( c->cr_msg), + "relay dn \"%s\" would call self " + "in \"relay <dn>\" line\n", + c->value_dn.bv_val ); + Log2( LDAP_DEBUG_ANY, LDAP_LEVEL_ERR, + "%s: %s.\n", c->log, c->cr_msg ); + rc = 1; + goto relay_done; + } + + ri->ri_realsuffix = c->value_ndn; + BER_BVZERO( &c->value_ndn ); + +relay_done:; + ch_free( c->value_dn.bv_val ); + ch_free( c->value_ndn.bv_val ); + } + + return rc; +} + +int +relay_back_initialize( BackendInfo *bi ) +{ + bi->bi_init = 0; + bi->bi_open = 0; + bi->bi_config = 0; + bi->bi_close = 0; + bi->bi_destroy = 0; + + bi->bi_db_init = relay_back_db_init; + bi->bi_db_config = config_generic_wrapper; + bi->bi_db_open = relay_back_db_open; +#if 0 + bi->bi_db_close = relay_back_db_close; +#endif + bi->bi_db_destroy = relay_back_db_destroy; + + bi->bi_op_bind = relay_back_op_bind; + bi->bi_op_search = relay_back_op_search; + bi->bi_op_compare = relay_back_op_compare; + bi->bi_op_modify = relay_back_op_modify; + bi->bi_op_modrdn = relay_back_op_modrdn; + bi->bi_op_add = relay_back_op_add; + bi->bi_op_delete = relay_back_op_delete; + bi->bi_extended = relay_back_op_extended; + bi->bi_entry_release_rw = relay_back_entry_release_rw; + bi->bi_entry_get_rw = relay_back_entry_get_rw; + bi->bi_operational = relay_back_operational; + bi->bi_has_subordinates = relay_back_has_subordinates; + + bi->bi_cf_ocs = relayocs; + + return config_register_schema( relaycfg, relayocs ); +} + +int +relay_back_db_init( Backend *be, ConfigReply *cr) +{ + relay_back_info *ri; + + be->be_private = NULL; + + ri = (relay_back_info *) ch_calloc( 1, RELAY_INFO_SIZE ); + if ( ri == NULL ) { + return -1; + } + + ri->ri_bd = NULL; + BER_BVZERO( &ri->ri_realsuffix ); + ri->ri_massage = 0; + + be->be_cf_ocs = be->bd_info->bi_cf_ocs; + + be->be_private = (void *)ri; + + return 0; +} + +int +relay_back_db_open( Backend *be, ConfigReply *cr ) +{ + relay_back_info *ri = (relay_back_info *)be->be_private; + + assert( ri != NULL ); + + if ( !BER_BVISNULL( &ri->ri_realsuffix ) ) { + ri->ri_bd = select_backend( &ri->ri_realsuffix, 1 ); + + /* must be there: it was during config! */ + if ( ri->ri_bd == NULL ) { + snprintf( cr->msg, sizeof( cr->msg), + "cannot find database " + "of relay dn \"%s\" " + "in \"olcRelay <dn>\"\n", + ri->ri_realsuffix.bv_val ); + Log1( LDAP_DEBUG_ANY, LDAP_LEVEL_ERR, + "relay_back_db_open: %s.\n", cr->msg ); + + return 1; + } + + /* inherit controls */ + AC_MEMCPY( be->bd_self->be_ctrls, ri->ri_bd->be_ctrls, sizeof( be->be_ctrls ) ); + + } else { + /* inherit all? */ + AC_MEMCPY( be->bd_self->be_ctrls, frontendDB->be_ctrls, sizeof( be->be_ctrls ) ); + } + + return 0; +} + +int +relay_back_db_close( Backend *be, ConfigReply *cr ) +{ + return 0; +} + +int +relay_back_db_destroy( Backend *be, ConfigReply *cr) +{ + relay_back_info *ri = (relay_back_info *)be->be_private; + + if ( ri ) { + if ( !BER_BVISNULL( &ri->ri_realsuffix ) ) { + ch_free( ri->ri_realsuffix.bv_val ); + } + ch_free( ri ); + } + + return 0; +} + +#if SLAPD_RELAY == SLAPD_MOD_DYNAMIC + +/* conditionally define the init_module() function */ +SLAP_BACKEND_INIT_MODULE( relay ) + +#endif /* SLAPD_RELAY == SLAPD_MOD_DYNAMIC */ diff --git a/servers/slapd/back-relay/op.c b/servers/slapd/back-relay/op.c new file mode 100644 index 0000000..37112ae --- /dev/null +++ b/servers/slapd/back-relay/op.c @@ -0,0 +1,331 @@ +/* op.c - relay backend operations */ +/* $OpenLDAP$ */ +/* This work is part of OpenLDAP Software <http://www.openldap.org/>. + * + * Copyright 2004-2021 The OpenLDAP Foundation. + * Portions Copyright 2004 Pierangelo Masarati. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted only as authorized by the OpenLDAP + * Public License. + * + * A copy of this license is available in the file LICENSE in the + * top-level directory of the distribution or, alternatively, at + * <http://www.OpenLDAP.org/license.html>. + */ +/* ACKNOWLEDGEMENTS: + * This work was initially developed by Pierangelo Masarati for inclusion + * in OpenLDAP Software. + */ + +#include "portable.h" + +#include <stdio.h> + +#include "slap.h" +#include "back-relay.h" + +/* Results when no real database (.rf_bd) or operation handler (.rf_op) */ +static const struct relay_fail_modes_s { + slap_mask_t rf_bd, rf_op; +#define RB_ERR_MASK 0x0000FFFFU /* bitmask for default return value */ +#define RB_BDERR 0x80000000U /* use .rf_bd's default return value */ +#define RB_OPERR 0x40000000U /* set rs->sr_err = .rf_op return value */ +#define RB_REF 0x20000000U /* use default_referral if available */ +#define RB_SEND 0x10000000U /* send result; RB_??ERR is also set */ +#define RB_SENDREF 0/*unused*/ /* like RB_SEND when referral found */ +#define RB_NO_BIND (RB_OPERR | LDAP_INVALID_CREDENTIALS) +#define RB_NOT_SUPP (RB_OPERR | LDAP_UNWILLING_TO_PERFORM) +#define RB_NO_OBJ (RB_REF | LDAP_NO_SUCH_OBJECT) +#define RB_CHK_REF (RB_REF | RB_SENDREF | LDAP_SUCCESS) +} relay_fail_modes[relay_op_last] = { + /* .rf_bd is unused when zero, otherwise both fields have RB_BDERR */ +# define RB_OP(b, o) { (b) | RB_BD2ERR(b), (o) | RB_BD2ERR(b) } +# define RB_BD2ERR(b) ((b) ? RB_BDERR : 0) + /* indexed by slap_operation_t: */ + RB_OP(RB_NO_BIND|RB_SEND, RB_NO_BIND |RB_SEND), /* Bind */ + RB_OP(0, LDAP_SUCCESS), /* Unbind: unused */ + RB_OP(RB_NO_OBJ |RB_SEND, RB_NOT_SUPP |RB_SEND), /* Search */ + RB_OP(RB_NO_OBJ |RB_SEND, SLAP_CB_CONTINUE), /* Compare */ + RB_OP(RB_NO_OBJ |RB_SEND, RB_NOT_SUPP |RB_SEND), /* Modify */ + RB_OP(RB_NO_OBJ |RB_SEND, RB_NOT_SUPP |RB_SEND), /* Modrdn */ + RB_OP(RB_NO_OBJ |RB_SEND, RB_NOT_SUPP |RB_SEND), /* Add */ + RB_OP(RB_NO_OBJ |RB_SEND, RB_NOT_SUPP |RB_SEND), /* Delete */ + RB_OP(0, LDAP_SUCCESS), /* Abandon:unused */ + RB_OP(RB_NO_OBJ, RB_NOT_SUPP), /* Extended */ + RB_OP(0, SLAP_CB_CONTINUE), /* Cancel: unused */ + RB_OP(0, LDAP_SUCCESS), /* operational */ + RB_OP(RB_CHK_REF, LDAP_SUCCESS), /* chk_referrals:unused*/ + RB_OP(0, SLAP_CB_CONTINUE),/* chk_controls:unused */ + /* additional relay_operation_t indexes from back-relay.h: */ + RB_OP(0, 0/*unused*/), /* entry_get = op_last */ + RB_OP(0, 0/*unused*/), /* entry_release */ + RB_OP(0, 0/*unused*/), /* has_subordinates */ +}; + +/* + * Callbacks: Caller changed op->o_bd from Relay to underlying + * BackendDB. sc_response sets it to Relay BackendDB, sc_cleanup puts + * back underlying BackendDB. Caller will restore Relay BackendDB. + */ + +typedef struct relay_callback { + slap_callback rcb_sc; + BackendDB *rcb_bd; +} relay_callback; + +static int +relay_back_cleanup_cb( Operation *op, SlapReply *rs ) +{ + op->o_bd = ((relay_callback *) op->o_callback)->rcb_bd; + return SLAP_CB_CONTINUE; +} + +static int +relay_back_response_cb( Operation *op, SlapReply *rs ) +{ + relay_callback *rcb = (relay_callback *) op->o_callback; + + rcb->rcb_sc.sc_cleanup = relay_back_cleanup_cb; + rcb->rcb_bd = op->o_bd; + op->o_bd = op->o_callback->sc_private; + return SLAP_CB_CONTINUE; +} + +#define relay_back_add_cb( rcb, op ) { \ + (rcb)->rcb_sc.sc_next = (op)->o_callback; \ + (rcb)->rcb_sc.sc_response = relay_back_response_cb; \ + (rcb)->rcb_sc.sc_cleanup = 0; \ + (rcb)->rcb_sc.sc_writewait = 0; \ + (rcb)->rcb_sc.sc_private = (op)->o_bd; \ + (op)->o_callback = (slap_callback *) (rcb); \ +} + +#define relay_back_remove_cb( rcb, op ) { \ + slap_callback **sc = &(op)->o_callback; \ + for ( ;; sc = &(*sc)->sc_next ) \ + if ( *sc == (slap_callback *) (rcb) ) { \ + *sc = (*sc)->sc_next; break; \ + } else if ( *sc == NULL ) break; \ +} + +/* + * Select the backend database with the operation's DN. On failure, + * set/send results depending on operation type <which>'s fail_modes. + */ +static BackendDB * +relay_back_select_backend( Operation *op, SlapReply *rs, int which ) +{ + OpExtra *oex; + char *key = (char *) op->o_bd->be_private; + BackendDB *bd = ((relay_back_info *) key)->ri_bd; + slap_mask_t fail_mode = relay_fail_modes[which].rf_bd; + int useDN = 0, rc = ( fail_mode & RB_ERR_MASK ); + + if ( bd == NULL && !BER_BVISNULL( &op->o_req_ndn ) ) { + useDN = 1; + bd = select_backend( &op->o_req_ndn, 1 ); + } + + if ( bd != NULL ) { + key += which; /* <relay, op type> key from RELAY_WRAP_OP() */ + LDAP_SLIST_FOREACH( oex, &op->o_extra, oe_next ) { + if ( oex->oe_key == key ) + break; + } + if ( oex == NULL ) { + return bd; + } + + Debug( LDAP_DEBUG_ANY, + "%s: back-relay for DN=\"%s\" would call self.\n", + op->o_log_prefix, op->o_req_dn.bv_val, 0 ); + + } else if ( useDN && ( fail_mode & RB_REF ) && default_referral ) { + rc = LDAP_REFERRAL; + + /* if we set sr_err to LDAP_REFERRAL, we must provide one */ + rs->sr_ref = referral_rewrite( + default_referral, NULL, &op->o_req_dn, + op->o_tag == LDAP_REQ_SEARCH ? + op->ors_scope : LDAP_SCOPE_DEFAULT ); + if ( rs->sr_ref != NULL ) { + rs->sr_flags |= REP_REF_MUSTBEFREED; + } else { + rs->sr_ref = default_referral; + } + + if ( fail_mode & RB_SENDREF ) + fail_mode = (RB_BDERR | RB_SEND); + } + + if ( fail_mode & RB_BDERR ) { + rs->sr_err = rc; + if ( fail_mode & RB_SEND ) { + send_ldap_result( op, rs ); + } + } + + return NULL; +} + +/* + * Forward <act> on <op> to database <bd>, with <relay, op type>-specific + * key in op->o_extra so relay_back_select_backend() can catch recursion. + */ +#define RELAY_WRAP_OP( op, bd, which, act ) { \ + OpExtraDB wrap_oex; \ + BackendDB *const wrap_bd = (op)->o_bd; \ + wrap_oex.oe_db = wrap_bd; \ + wrap_oex.oe.oe_key = (char *) wrap_bd->be_private + (which); \ + LDAP_SLIST_INSERT_HEAD( &(op)->o_extra, &wrap_oex.oe, oe_next ); \ + (op)->o_bd = (bd); \ + act; \ + (op)->o_bd = wrap_bd; \ + LDAP_SLIST_REMOVE( &(op)->o_extra, &wrap_oex.oe, OpExtra, oe_next ); \ +} + +/* + * Forward backend function #<which> on <op> to operation DN's database + * like RELAY_WRAP_OP, after setting up callbacks. If no database or no + * backend function, set/send results depending on <which>'s fail_modes. + */ +static int +relay_back_op( Operation *op, SlapReply *rs, int which ) +{ + BackendDB *bd; + BI_op_bind *func; + slap_mask_t fail_mode = relay_fail_modes[which].rf_op; + int rc = ( fail_mode & RB_ERR_MASK ); + + bd = relay_back_select_backend( op, rs, which ); + if ( bd == NULL ) { + if ( fail_mode & RB_BDERR ) + return rs->sr_err; /* sr_err was set above */ + + } else if ( (func = (&bd->be_bind)[which]) != 0 ) { + relay_callback rcb; + + relay_back_add_cb( &rcb, op ); + RELAY_WRAP_OP( op, bd, which, { + rc = func( op, rs ); + }); + relay_back_remove_cb( &rcb, op ); + + } else if ( fail_mode & RB_OPERR ) { + rs->sr_err = rc; + if ( rc == LDAP_UNWILLING_TO_PERFORM ) { + rs->sr_text = "operation not supported within naming context"; + } + + if ( fail_mode & RB_SEND ) { + send_ldap_result( op, rs ); + } + } + + return rc; +} + + +int +relay_back_op_bind( Operation *op, SlapReply *rs ) +{ + /* allow rootdn as a means to auth without the need to actually + * contact the proxied DSA */ + switch ( be_rootdn_bind( op, rs ) ) { + case SLAP_CB_CONTINUE: + break; + + default: + return rs->sr_err; + } + + return relay_back_op( op, rs, op_bind ); +} + +#define RELAY_DEFOP(func, which) \ + int func( Operation *op, SlapReply *rs ) \ + { return relay_back_op( op, rs, which ); } + +RELAY_DEFOP( relay_back_op_search, op_search ) +RELAY_DEFOP( relay_back_op_compare, op_compare ) +RELAY_DEFOP( relay_back_op_modify, op_modify ) +RELAY_DEFOP( relay_back_op_modrdn, op_modrdn ) +RELAY_DEFOP( relay_back_op_add, op_add ) +RELAY_DEFOP( relay_back_op_delete, op_delete ) +RELAY_DEFOP( relay_back_op_extended, op_extended ) +RELAY_DEFOP( relay_back_operational, op_aux_operational ) + +/* Abandon, Cancel, Unbind and some DN-less calls like be_connection_init + * need no extra handling: slapd already calls them for all databases. + */ + + +int +relay_back_entry_release_rw( Operation *op, Entry *e, int rw ) +{ + BackendDB *bd; + int rc = LDAP_UNWILLING_TO_PERFORM; + + bd = relay_back_select_backend( op, NULL, relay_op_entry_release ); + if ( bd && bd->be_release ) { + RELAY_WRAP_OP( op, bd, relay_op_entry_release, { + rc = bd->be_release( op, e, rw ); + }); + } else if ( e->e_private == NULL ) { + entry_free( e ); + rc = LDAP_SUCCESS; + } + + return rc; +} + +int +relay_back_entry_get_rw( Operation *op, struct berval *ndn, + ObjectClass *oc, AttributeDescription *at, int rw, Entry **e ) +{ + BackendDB *bd; + int rc = LDAP_NO_SUCH_OBJECT; + + bd = relay_back_select_backend( op, NULL, relay_op_entry_get ); + if ( bd && bd->be_fetch ) { + RELAY_WRAP_OP( op, bd, relay_op_entry_get, { + rc = bd->be_fetch( op, ndn, oc, at, rw, e ); + }); + } + + return rc; +} + +#if 0 /* Give the RB_SENDREF flag a nonzero value if implementing this */ +/* + * NOTE: even the existence of this function is questionable: we cannot + * pass the bi_chk_referrals() call thru the rwm overlay because there + * is no way to rewrite the req_dn back; but then relay_back_chk_referrals() + * is passing the target database a DN that likely does not belong to its + * naming context... mmmh. + */ +RELAY_DEFOP( relay_back_chk_referrals, op_aux_chk_referrals ) +#endif /*0*/ + +int +relay_back_has_subordinates( Operation *op, Entry *e, int *hasSubs ) +{ + BackendDB *bd; + int rc = LDAP_OTHER; + + bd = relay_back_select_backend( op, NULL, relay_op_has_subordinates ); + if ( bd && bd->be_has_subordinates ) { + RELAY_WRAP_OP( op, bd, relay_op_has_subordinates, { + rc = bd->be_has_subordinates( op, e, hasSubs ); + }); + } + + return rc; +} + + +/* + * FIXME: must implement tools as well + */ diff --git a/servers/slapd/back-relay/proto-back-relay.h b/servers/slapd/back-relay/proto-back-relay.h new file mode 100644 index 0000000..5ed71aa --- /dev/null +++ b/servers/slapd/back-relay/proto-back-relay.h @@ -0,0 +1,52 @@ +/* proto-back-relay.h - relay backend header file */ +/* $OpenLDAP$ */ +/* This work is part of OpenLDAP Software <http://www.openldap.org/>. + * + * Copyright 2004-2021 The OpenLDAP Foundation. + * Portions Copyright 2004 Pierangelo Masarati. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted only as authorized by the OpenLDAP + * Public License. + * + * A copy of this license is available in file LICENSE in the + * top-level directory of the distribution or, alternatively, at + * <http://www.OpenLDAP.org/license.html>. + */ +/* ACKNOWLEDGEMENTS: + * This work was initially developed by Pierangelo Masarati for inclusion + * in OpenLDAP Software. + */ + +#ifndef PROTO_BACK_RELAY +#define PROTO_BACK_RELAY + +#include <ldap_cdefs.h> + +LDAP_BEGIN_DECL + +extern BI_init relay_back_initialize; + +extern BI_db_init relay_back_db_init; +extern BI_db_open relay_back_db_open; +extern BI_db_close relay_back_db_close; +extern BI_db_destroy relay_back_db_destroy; + +extern BI_op_bind relay_back_op_bind; +extern BI_op_search relay_back_op_search; +extern BI_op_compare relay_back_op_compare; +extern BI_op_modify relay_back_op_modify; +extern BI_op_modrdn relay_back_op_modrdn; +extern BI_op_add relay_back_op_add; +extern BI_op_delete relay_back_op_delete; +extern BI_op_extended relay_back_op_extended; +extern BI_entry_release_rw relay_back_entry_release_rw; +extern BI_entry_get_rw relay_back_entry_get_rw; +extern BI_operational relay_back_operational; +extern BI_has_subordinates relay_back_has_subordinates; + +LDAP_END_DECL + +#endif /* PROTO_BACK_RELAY */ + |