summaryrefslogtreecommitdiffstats
path: root/servers/slapd/back-relay
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-27 11:11:40 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-27 11:11:40 +0000
commit7731832751ab9f3c6ddeb66f186d3d7fa1934a6d (patch)
treee91015872543a59be2aad26c2fea02e41b57005d /servers/slapd/back-relay
parentInitial commit. (diff)
downloadopenldap-7731832751ab9f3c6ddeb66f186d3d7fa1934a6d.tar.xz
openldap-7731832751ab9f3c6ddeb66f186d3d7fa1934a6d.zip
Adding upstream version 2.4.57+dfsg.upstream/2.4.57+dfsgupstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'servers/slapd/back-relay')
-rw-r--r--servers/slapd/back-relay/Makefile.in41
-rw-r--r--servers/slapd/back-relay/README83
-rw-r--r--servers/slapd/back-relay/back-relay.h49
-rw-r--r--servers/slapd/back-relay/init.c254
-rw-r--r--servers/slapd/back-relay/op.c331
-rw-r--r--servers/slapd/back-relay/proto-back-relay.h52
6 files changed, 810 insertions, 0 deletions
diff --git a/servers/slapd/back-relay/Makefile.in b/servers/slapd/back-relay/Makefile.in
new file mode 100644
index 0000000..15100af
--- /dev/null
+++ b/servers/slapd/back-relay/Makefile.in
@@ -0,0 +1,41 @@
+# Makefile.in for back-relay
+# $OpenLDAP$
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2021 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+
+SRCS = init.c op.c
+OBJS = init.lo op.lo
+
+LDAP_INCDIR= ../../../include
+LDAP_LIBDIR= ../../../libraries
+
+BUILD_OPT = "--enable-relay"
+BUILD_MOD = @BUILD_RELAY@
+
+mod_DEFS = -DSLAPD_IMPORT
+MOD_DEFS = $(@BUILD_RELAY@_DEFS)
+
+shared_LDAP_LIBS = $(LDAP_LIBLDAP_R_LA) $(LDAP_LIBLBER_LA)
+NT_LINK_LIBS = -L.. -lslapd $(@BUILD_LIBS_DYNAMIC@_LDAP_LIBS) $(REWRITE)
+UNIX_LINK_LIBS = $(@BUILD_LIBS_DYNAMIC@_LDAP_LIBS) $(REWRITE)
+
+LIBBASE = back_relay
+
+XINCPATH = -I.. -I$(srcdir)/..
+XDEFS = $(MODULES_CPPFLAGS)
+
+all-local-lib: ../.backend
+
+../.backend: lib$(LIBBASE).a
+ @touch $@
+
diff --git a/servers/slapd/back-relay/README b/servers/slapd/back-relay/README
new file mode 100644
index 0000000..81f152c
--- /dev/null
+++ b/servers/slapd/back-relay/README
@@ -0,0 +1,83 @@
+Relay backend sets up a relay virtual database that allows
+to access other databases in the same instance of slapd
+through different naming contexts and remapping attribute
+values.
+
+The DN rewrite, filter rewrite and attributeType/objectClass
+mapping is done by means of the rewrite-remap overlay.
+
+The database containing the real naming context can be
+explicitly selected by means of the "relay" directive,
+which must contain the naming context of the target
+database. This also causes the rewrite-remap overlay
+to be automatically instantiated. If the optional keyword
+"massage" is present, the rewrite-remap overlay is
+automatically configured to map the virtual to the real
+naming context and vice-versa.
+
+Otherwise, the rewrite-remap overlay must be explicitly
+instantiated, by using the "overlay" directive, as
+illustrated below. This allows much more freedom in target
+database selection and DN rewriting.
+
+If the "relay" directive is not present, the backend is
+not bound to a single target database; on the contrary,
+the target database is selected on a per-operation basis.
+
+This allows, for instance, to relay one database for
+authentication and anotheir for search/modify, or allows
+to use one target for persons and another for groups
+and so on.
+
+To summarize: the "relay" directive:
+- explicitly bounds the database to a single database
+ holding the real naming context;
+- automatically instantiates the rewrite-remap overlay;
+- automatically configures the naming context massaging
+ if the optional "massage" keyword is added
+
+If the "relay" directive is not used, the rewrite-remap
+overlay must be explicitly instantiated and the massaging
+must be configured, either by using the "suffixmassage"
+directive, or by issuing more sophisticate rewrite
+instructions.
+
+AttributeType/objectClass mapping must be explicitly
+required.
+
+Note that the rewrite-remap overlay is not complete nor
+production- ready yet.
+Examples are given of all the suggested usages.
+
+# automatically massage from virtual to real naming context
+database relay
+suffix "dc=virtual,dc=naming,dc=context"
+relay "dc=real,dc=naming,dc=context" massage
+
+# explicitly massage (same as above)
+database relay
+suffix "dc=virtual,dc=naming,dc=context"
+relay "dc=real,dc=naming,dc=context"
+suffixmassage "dc=virtual,dc=naming,dc=context" \
+ "dc=real,dc=naming,dc=context"
+
+# explicitly massage (same as above, but dynamic backend resolution)
+database relay
+suffix "dc=virtual,dc=naming,dc=context"
+overlay rewrite-remap
+suffixmassage "dc=virtual,dc=naming,dc=context" \
+ "dc=real,dc=naming,dc=context"
+
+# old fashioned suffixalias, applied also to DN-valued attributes
+# from virtual to real naming context, but not the reverse...
+database relay
+suffix "dc=virtual,dc=naming,dc=context"
+relay "dc=real,dc=naming,dc=context"
+rewriteContext default
+rewriteRule "(.*)dc=virtual,dc=naming,dc=context$" \
+ "$1dc=real,dc=naming,dc=context"
+rewriteContext searchFilter
+rewriteContext searchResult
+rewriteContext searchResultAttrDN
+rewriteContext matchedDN
+
diff --git a/servers/slapd/back-relay/back-relay.h b/servers/slapd/back-relay/back-relay.h
new file mode 100644
index 0000000..0a0a9bc
--- /dev/null
+++ b/servers/slapd/back-relay/back-relay.h
@@ -0,0 +1,49 @@
+/* back-relay.h - relay backend header file */
+/* $OpenLDAP$ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 2004-2021 The OpenLDAP Foundation.
+ * Portions Copyright 2004 Pierangelo Masarati.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was initially developed by Pierangelo Masarati for inclusion
+ * in OpenLDAP Software.
+ */
+
+#ifndef SLAPD_RELAY_H
+#define SLAPD_RELAY_H
+
+#include "proto-back-relay.h"
+
+LDAP_BEGIN_DECL
+
+typedef enum relay_operation_e {
+ relay_op_entry_get = op_last,
+ relay_op_entry_release,
+ relay_op_has_subordinates,
+ relay_op_last
+} relay_operation_t;
+
+typedef struct relay_back_info {
+ BackendDB *ri_bd;
+ struct berval ri_realsuffix;
+ int ri_massage;
+} relay_back_info;
+
+/* Pad relay_back_info if needed to create valid OpExtra key addresses */
+#define RELAY_INFO_SIZE \
+ (sizeof(relay_back_info) > (size_t) relay_op_last ? \
+ sizeof(relay_back_info) : (size_t) relay_op_last )
+
+LDAP_END_DECL
+
+#endif /* SLAPD_RELAY_H */
diff --git a/servers/slapd/back-relay/init.c b/servers/slapd/back-relay/init.c
new file mode 100644
index 0000000..4e18381
--- /dev/null
+++ b/servers/slapd/back-relay/init.c
@@ -0,0 +1,254 @@
+/* init.c - initialize relay backend */
+/* $OpenLDAP$ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 2004-2021 The OpenLDAP Foundation.
+ * Portions Copyright 2004 Pierangelo Masarati.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was initially developed by Pierangelo Masarati for inclusion
+ * in OpenLDAP Software.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+#include <ac/string.h>
+
+#include "slap.h"
+#include "config.h"
+#include "back-relay.h"
+
+static ConfigDriver relay_back_cf;
+
+static ConfigTable relaycfg[] = {
+ { "relay", "relay", 2, 2, 0,
+ ARG_MAGIC|ARG_DN|ARG_QUOTE,
+ relay_back_cf, "( OLcfgDbAt:5.1 "
+ "NAME 'olcRelay' "
+ "DESC 'Relay DN' "
+ "SYNTAX OMsDN "
+ "SINGLE-VALUE )",
+ NULL, NULL },
+ { NULL }
+};
+
+static ConfigOCs relayocs[] = {
+ { "( OLcfgDbOc:5.1 "
+ "NAME 'olcRelayConfig' "
+ "DESC 'Relay backend configuration' "
+ "SUP olcDatabaseConfig "
+ "MAY ( olcRelay "
+ ") )",
+ Cft_Database, relaycfg},
+ { NULL, 0, NULL }
+};
+
+static int
+relay_back_cf( ConfigArgs *c )
+{
+ relay_back_info *ri = ( relay_back_info * )c->be->be_private;
+ int rc = 0;
+
+ if ( c->op == SLAP_CONFIG_EMIT ) {
+ if ( ri != NULL && !BER_BVISNULL( &ri->ri_realsuffix ) ) {
+ value_add_one( &c->rvalue_vals, &ri->ri_realsuffix );
+ return 0;
+ }
+ return 1;
+
+ } else if ( c->op == LDAP_MOD_DELETE ) {
+ if ( !BER_BVISNULL( &ri->ri_realsuffix ) ) {
+ ch_free( ri->ri_realsuffix.bv_val );
+ BER_BVZERO( &ri->ri_realsuffix );
+ ri->ri_bd = NULL;
+ return 0;
+ }
+ return 1;
+
+ } else {
+ BackendDB *bd;
+
+ assert( ri != NULL );
+ assert( BER_BVISNULL( &ri->ri_realsuffix ) );
+
+ if ( c->be->be_nsuffix == NULL ) {
+ snprintf( c->cr_msg, sizeof( c->cr_msg),
+ "\"relay\" directive "
+ "must appear after \"suffix\"" );
+ Log2( LDAP_DEBUG_ANY, LDAP_LEVEL_ERR,
+ "%s: %s.\n", c->log, c->cr_msg );
+ rc = 1;
+ goto relay_done;
+ }
+
+ if ( !BER_BVISNULL( &c->be->be_nsuffix[ 1 ] ) ) {
+ snprintf( c->cr_msg, sizeof( c->cr_msg),
+ "relaying of multiple suffix "
+ "database not supported" );
+ Log2( LDAP_DEBUG_ANY, LDAP_LEVEL_ERR,
+ "%s: %s.\n", c->log, c->cr_msg );
+ rc = 1;
+ goto relay_done;
+ }
+
+ bd = select_backend( &c->value_ndn, 1 );
+ if ( bd == NULL ) {
+ snprintf( c->cr_msg, sizeof( c->cr_msg),
+ "cannot find database "
+ "of relay dn \"%s\" "
+ "in \"olcRelay <dn>\"\n",
+ c->value_dn.bv_val );
+ Log2( LDAP_DEBUG_CONFIG, LDAP_LEVEL_ERR,
+ "%s: %s.\n", c->log, c->cr_msg );
+
+ } else if ( bd->be_private == c->be->be_private ) {
+ snprintf( c->cr_msg, sizeof( c->cr_msg),
+ "relay dn \"%s\" would call self "
+ "in \"relay <dn>\" line\n",
+ c->value_dn.bv_val );
+ Log2( LDAP_DEBUG_ANY, LDAP_LEVEL_ERR,
+ "%s: %s.\n", c->log, c->cr_msg );
+ rc = 1;
+ goto relay_done;
+ }
+
+ ri->ri_realsuffix = c->value_ndn;
+ BER_BVZERO( &c->value_ndn );
+
+relay_done:;
+ ch_free( c->value_dn.bv_val );
+ ch_free( c->value_ndn.bv_val );
+ }
+
+ return rc;
+}
+
+int
+relay_back_initialize( BackendInfo *bi )
+{
+ bi->bi_init = 0;
+ bi->bi_open = 0;
+ bi->bi_config = 0;
+ bi->bi_close = 0;
+ bi->bi_destroy = 0;
+
+ bi->bi_db_init = relay_back_db_init;
+ bi->bi_db_config = config_generic_wrapper;
+ bi->bi_db_open = relay_back_db_open;
+#if 0
+ bi->bi_db_close = relay_back_db_close;
+#endif
+ bi->bi_db_destroy = relay_back_db_destroy;
+
+ bi->bi_op_bind = relay_back_op_bind;
+ bi->bi_op_search = relay_back_op_search;
+ bi->bi_op_compare = relay_back_op_compare;
+ bi->bi_op_modify = relay_back_op_modify;
+ bi->bi_op_modrdn = relay_back_op_modrdn;
+ bi->bi_op_add = relay_back_op_add;
+ bi->bi_op_delete = relay_back_op_delete;
+ bi->bi_extended = relay_back_op_extended;
+ bi->bi_entry_release_rw = relay_back_entry_release_rw;
+ bi->bi_entry_get_rw = relay_back_entry_get_rw;
+ bi->bi_operational = relay_back_operational;
+ bi->bi_has_subordinates = relay_back_has_subordinates;
+
+ bi->bi_cf_ocs = relayocs;
+
+ return config_register_schema( relaycfg, relayocs );
+}
+
+int
+relay_back_db_init( Backend *be, ConfigReply *cr)
+{
+ relay_back_info *ri;
+
+ be->be_private = NULL;
+
+ ri = (relay_back_info *) ch_calloc( 1, RELAY_INFO_SIZE );
+ if ( ri == NULL ) {
+ return -1;
+ }
+
+ ri->ri_bd = NULL;
+ BER_BVZERO( &ri->ri_realsuffix );
+ ri->ri_massage = 0;
+
+ be->be_cf_ocs = be->bd_info->bi_cf_ocs;
+
+ be->be_private = (void *)ri;
+
+ return 0;
+}
+
+int
+relay_back_db_open( Backend *be, ConfigReply *cr )
+{
+ relay_back_info *ri = (relay_back_info *)be->be_private;
+
+ assert( ri != NULL );
+
+ if ( !BER_BVISNULL( &ri->ri_realsuffix ) ) {
+ ri->ri_bd = select_backend( &ri->ri_realsuffix, 1 );
+
+ /* must be there: it was during config! */
+ if ( ri->ri_bd == NULL ) {
+ snprintf( cr->msg, sizeof( cr->msg),
+ "cannot find database "
+ "of relay dn \"%s\" "
+ "in \"olcRelay <dn>\"\n",
+ ri->ri_realsuffix.bv_val );
+ Log1( LDAP_DEBUG_ANY, LDAP_LEVEL_ERR,
+ "relay_back_db_open: %s.\n", cr->msg );
+
+ return 1;
+ }
+
+ /* inherit controls */
+ AC_MEMCPY( be->bd_self->be_ctrls, ri->ri_bd->be_ctrls, sizeof( be->be_ctrls ) );
+
+ } else {
+ /* inherit all? */
+ AC_MEMCPY( be->bd_self->be_ctrls, frontendDB->be_ctrls, sizeof( be->be_ctrls ) );
+ }
+
+ return 0;
+}
+
+int
+relay_back_db_close( Backend *be, ConfigReply *cr )
+{
+ return 0;
+}
+
+int
+relay_back_db_destroy( Backend *be, ConfigReply *cr)
+{
+ relay_back_info *ri = (relay_back_info *)be->be_private;
+
+ if ( ri ) {
+ if ( !BER_BVISNULL( &ri->ri_realsuffix ) ) {
+ ch_free( ri->ri_realsuffix.bv_val );
+ }
+ ch_free( ri );
+ }
+
+ return 0;
+}
+
+#if SLAPD_RELAY == SLAPD_MOD_DYNAMIC
+
+/* conditionally define the init_module() function */
+SLAP_BACKEND_INIT_MODULE( relay )
+
+#endif /* SLAPD_RELAY == SLAPD_MOD_DYNAMIC */
diff --git a/servers/slapd/back-relay/op.c b/servers/slapd/back-relay/op.c
new file mode 100644
index 0000000..37112ae
--- /dev/null
+++ b/servers/slapd/back-relay/op.c
@@ -0,0 +1,331 @@
+/* op.c - relay backend operations */
+/* $OpenLDAP$ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 2004-2021 The OpenLDAP Foundation.
+ * Portions Copyright 2004 Pierangelo Masarati.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was initially developed by Pierangelo Masarati for inclusion
+ * in OpenLDAP Software.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include "slap.h"
+#include "back-relay.h"
+
+/* Results when no real database (.rf_bd) or operation handler (.rf_op) */
+static const struct relay_fail_modes_s {
+ slap_mask_t rf_bd, rf_op;
+#define RB_ERR_MASK 0x0000FFFFU /* bitmask for default return value */
+#define RB_BDERR 0x80000000U /* use .rf_bd's default return value */
+#define RB_OPERR 0x40000000U /* set rs->sr_err = .rf_op return value */
+#define RB_REF 0x20000000U /* use default_referral if available */
+#define RB_SEND 0x10000000U /* send result; RB_??ERR is also set */
+#define RB_SENDREF 0/*unused*/ /* like RB_SEND when referral found */
+#define RB_NO_BIND (RB_OPERR | LDAP_INVALID_CREDENTIALS)
+#define RB_NOT_SUPP (RB_OPERR | LDAP_UNWILLING_TO_PERFORM)
+#define RB_NO_OBJ (RB_REF | LDAP_NO_SUCH_OBJECT)
+#define RB_CHK_REF (RB_REF | RB_SENDREF | LDAP_SUCCESS)
+} relay_fail_modes[relay_op_last] = {
+ /* .rf_bd is unused when zero, otherwise both fields have RB_BDERR */
+# define RB_OP(b, o) { (b) | RB_BD2ERR(b), (o) | RB_BD2ERR(b) }
+# define RB_BD2ERR(b) ((b) ? RB_BDERR : 0)
+ /* indexed by slap_operation_t: */
+ RB_OP(RB_NO_BIND|RB_SEND, RB_NO_BIND |RB_SEND), /* Bind */
+ RB_OP(0, LDAP_SUCCESS), /* Unbind: unused */
+ RB_OP(RB_NO_OBJ |RB_SEND, RB_NOT_SUPP |RB_SEND), /* Search */
+ RB_OP(RB_NO_OBJ |RB_SEND, SLAP_CB_CONTINUE), /* Compare */
+ RB_OP(RB_NO_OBJ |RB_SEND, RB_NOT_SUPP |RB_SEND), /* Modify */
+ RB_OP(RB_NO_OBJ |RB_SEND, RB_NOT_SUPP |RB_SEND), /* Modrdn */
+ RB_OP(RB_NO_OBJ |RB_SEND, RB_NOT_SUPP |RB_SEND), /* Add */
+ RB_OP(RB_NO_OBJ |RB_SEND, RB_NOT_SUPP |RB_SEND), /* Delete */
+ RB_OP(0, LDAP_SUCCESS), /* Abandon:unused */
+ RB_OP(RB_NO_OBJ, RB_NOT_SUPP), /* Extended */
+ RB_OP(0, SLAP_CB_CONTINUE), /* Cancel: unused */
+ RB_OP(0, LDAP_SUCCESS), /* operational */
+ RB_OP(RB_CHK_REF, LDAP_SUCCESS), /* chk_referrals:unused*/
+ RB_OP(0, SLAP_CB_CONTINUE),/* chk_controls:unused */
+ /* additional relay_operation_t indexes from back-relay.h: */
+ RB_OP(0, 0/*unused*/), /* entry_get = op_last */
+ RB_OP(0, 0/*unused*/), /* entry_release */
+ RB_OP(0, 0/*unused*/), /* has_subordinates */
+};
+
+/*
+ * Callbacks: Caller changed op->o_bd from Relay to underlying
+ * BackendDB. sc_response sets it to Relay BackendDB, sc_cleanup puts
+ * back underlying BackendDB. Caller will restore Relay BackendDB.
+ */
+
+typedef struct relay_callback {
+ slap_callback rcb_sc;
+ BackendDB *rcb_bd;
+} relay_callback;
+
+static int
+relay_back_cleanup_cb( Operation *op, SlapReply *rs )
+{
+ op->o_bd = ((relay_callback *) op->o_callback)->rcb_bd;
+ return SLAP_CB_CONTINUE;
+}
+
+static int
+relay_back_response_cb( Operation *op, SlapReply *rs )
+{
+ relay_callback *rcb = (relay_callback *) op->o_callback;
+
+ rcb->rcb_sc.sc_cleanup = relay_back_cleanup_cb;
+ rcb->rcb_bd = op->o_bd;
+ op->o_bd = op->o_callback->sc_private;
+ return SLAP_CB_CONTINUE;
+}
+
+#define relay_back_add_cb( rcb, op ) { \
+ (rcb)->rcb_sc.sc_next = (op)->o_callback; \
+ (rcb)->rcb_sc.sc_response = relay_back_response_cb; \
+ (rcb)->rcb_sc.sc_cleanup = 0; \
+ (rcb)->rcb_sc.sc_writewait = 0; \
+ (rcb)->rcb_sc.sc_private = (op)->o_bd; \
+ (op)->o_callback = (slap_callback *) (rcb); \
+}
+
+#define relay_back_remove_cb( rcb, op ) { \
+ slap_callback **sc = &(op)->o_callback; \
+ for ( ;; sc = &(*sc)->sc_next ) \
+ if ( *sc == (slap_callback *) (rcb) ) { \
+ *sc = (*sc)->sc_next; break; \
+ } else if ( *sc == NULL ) break; \
+}
+
+/*
+ * Select the backend database with the operation's DN. On failure,
+ * set/send results depending on operation type <which>'s fail_modes.
+ */
+static BackendDB *
+relay_back_select_backend( Operation *op, SlapReply *rs, int which )
+{
+ OpExtra *oex;
+ char *key = (char *) op->o_bd->be_private;
+ BackendDB *bd = ((relay_back_info *) key)->ri_bd;
+ slap_mask_t fail_mode = relay_fail_modes[which].rf_bd;
+ int useDN = 0, rc = ( fail_mode & RB_ERR_MASK );
+
+ if ( bd == NULL && !BER_BVISNULL( &op->o_req_ndn ) ) {
+ useDN = 1;
+ bd = select_backend( &op->o_req_ndn, 1 );
+ }
+
+ if ( bd != NULL ) {
+ key += which; /* <relay, op type> key from RELAY_WRAP_OP() */
+ LDAP_SLIST_FOREACH( oex, &op->o_extra, oe_next ) {
+ if ( oex->oe_key == key )
+ break;
+ }
+ if ( oex == NULL ) {
+ return bd;
+ }
+
+ Debug( LDAP_DEBUG_ANY,
+ "%s: back-relay for DN=\"%s\" would call self.\n",
+ op->o_log_prefix, op->o_req_dn.bv_val, 0 );
+
+ } else if ( useDN && ( fail_mode & RB_REF ) && default_referral ) {
+ rc = LDAP_REFERRAL;
+
+ /* if we set sr_err to LDAP_REFERRAL, we must provide one */
+ rs->sr_ref = referral_rewrite(
+ default_referral, NULL, &op->o_req_dn,
+ op->o_tag == LDAP_REQ_SEARCH ?
+ op->ors_scope : LDAP_SCOPE_DEFAULT );
+ if ( rs->sr_ref != NULL ) {
+ rs->sr_flags |= REP_REF_MUSTBEFREED;
+ } else {
+ rs->sr_ref = default_referral;
+ }
+
+ if ( fail_mode & RB_SENDREF )
+ fail_mode = (RB_BDERR | RB_SEND);
+ }
+
+ if ( fail_mode & RB_BDERR ) {
+ rs->sr_err = rc;
+ if ( fail_mode & RB_SEND ) {
+ send_ldap_result( op, rs );
+ }
+ }
+
+ return NULL;
+}
+
+/*
+ * Forward <act> on <op> to database <bd>, with <relay, op type>-specific
+ * key in op->o_extra so relay_back_select_backend() can catch recursion.
+ */
+#define RELAY_WRAP_OP( op, bd, which, act ) { \
+ OpExtraDB wrap_oex; \
+ BackendDB *const wrap_bd = (op)->o_bd; \
+ wrap_oex.oe_db = wrap_bd; \
+ wrap_oex.oe.oe_key = (char *) wrap_bd->be_private + (which); \
+ LDAP_SLIST_INSERT_HEAD( &(op)->o_extra, &wrap_oex.oe, oe_next ); \
+ (op)->o_bd = (bd); \
+ act; \
+ (op)->o_bd = wrap_bd; \
+ LDAP_SLIST_REMOVE( &(op)->o_extra, &wrap_oex.oe, OpExtra, oe_next ); \
+}
+
+/*
+ * Forward backend function #<which> on <op> to operation DN's database
+ * like RELAY_WRAP_OP, after setting up callbacks. If no database or no
+ * backend function, set/send results depending on <which>'s fail_modes.
+ */
+static int
+relay_back_op( Operation *op, SlapReply *rs, int which )
+{
+ BackendDB *bd;
+ BI_op_bind *func;
+ slap_mask_t fail_mode = relay_fail_modes[which].rf_op;
+ int rc = ( fail_mode & RB_ERR_MASK );
+
+ bd = relay_back_select_backend( op, rs, which );
+ if ( bd == NULL ) {
+ if ( fail_mode & RB_BDERR )
+ return rs->sr_err; /* sr_err was set above */
+
+ } else if ( (func = (&bd->be_bind)[which]) != 0 ) {
+ relay_callback rcb;
+
+ relay_back_add_cb( &rcb, op );
+ RELAY_WRAP_OP( op, bd, which, {
+ rc = func( op, rs );
+ });
+ relay_back_remove_cb( &rcb, op );
+
+ } else if ( fail_mode & RB_OPERR ) {
+ rs->sr_err = rc;
+ if ( rc == LDAP_UNWILLING_TO_PERFORM ) {
+ rs->sr_text = "operation not supported within naming context";
+ }
+
+ if ( fail_mode & RB_SEND ) {
+ send_ldap_result( op, rs );
+ }
+ }
+
+ return rc;
+}
+
+
+int
+relay_back_op_bind( Operation *op, SlapReply *rs )
+{
+ /* allow rootdn as a means to auth without the need to actually
+ * contact the proxied DSA */
+ switch ( be_rootdn_bind( op, rs ) ) {
+ case SLAP_CB_CONTINUE:
+ break;
+
+ default:
+ return rs->sr_err;
+ }
+
+ return relay_back_op( op, rs, op_bind );
+}
+
+#define RELAY_DEFOP(func, which) \
+ int func( Operation *op, SlapReply *rs ) \
+ { return relay_back_op( op, rs, which ); }
+
+RELAY_DEFOP( relay_back_op_search, op_search )
+RELAY_DEFOP( relay_back_op_compare, op_compare )
+RELAY_DEFOP( relay_back_op_modify, op_modify )
+RELAY_DEFOP( relay_back_op_modrdn, op_modrdn )
+RELAY_DEFOP( relay_back_op_add, op_add )
+RELAY_DEFOP( relay_back_op_delete, op_delete )
+RELAY_DEFOP( relay_back_op_extended, op_extended )
+RELAY_DEFOP( relay_back_operational, op_aux_operational )
+
+/* Abandon, Cancel, Unbind and some DN-less calls like be_connection_init
+ * need no extra handling: slapd already calls them for all databases.
+ */
+
+
+int
+relay_back_entry_release_rw( Operation *op, Entry *e, int rw )
+{
+ BackendDB *bd;
+ int rc = LDAP_UNWILLING_TO_PERFORM;
+
+ bd = relay_back_select_backend( op, NULL, relay_op_entry_release );
+ if ( bd && bd->be_release ) {
+ RELAY_WRAP_OP( op, bd, relay_op_entry_release, {
+ rc = bd->be_release( op, e, rw );
+ });
+ } else if ( e->e_private == NULL ) {
+ entry_free( e );
+ rc = LDAP_SUCCESS;
+ }
+
+ return rc;
+}
+
+int
+relay_back_entry_get_rw( Operation *op, struct berval *ndn,
+ ObjectClass *oc, AttributeDescription *at, int rw, Entry **e )
+{
+ BackendDB *bd;
+ int rc = LDAP_NO_SUCH_OBJECT;
+
+ bd = relay_back_select_backend( op, NULL, relay_op_entry_get );
+ if ( bd && bd->be_fetch ) {
+ RELAY_WRAP_OP( op, bd, relay_op_entry_get, {
+ rc = bd->be_fetch( op, ndn, oc, at, rw, e );
+ });
+ }
+
+ return rc;
+}
+
+#if 0 /* Give the RB_SENDREF flag a nonzero value if implementing this */
+/*
+ * NOTE: even the existence of this function is questionable: we cannot
+ * pass the bi_chk_referrals() call thru the rwm overlay because there
+ * is no way to rewrite the req_dn back; but then relay_back_chk_referrals()
+ * is passing the target database a DN that likely does not belong to its
+ * naming context... mmmh.
+ */
+RELAY_DEFOP( relay_back_chk_referrals, op_aux_chk_referrals )
+#endif /*0*/
+
+int
+relay_back_has_subordinates( Operation *op, Entry *e, int *hasSubs )
+{
+ BackendDB *bd;
+ int rc = LDAP_OTHER;
+
+ bd = relay_back_select_backend( op, NULL, relay_op_has_subordinates );
+ if ( bd && bd->be_has_subordinates ) {
+ RELAY_WRAP_OP( op, bd, relay_op_has_subordinates, {
+ rc = bd->be_has_subordinates( op, e, hasSubs );
+ });
+ }
+
+ return rc;
+}
+
+
+/*
+ * FIXME: must implement tools as well
+ */
diff --git a/servers/slapd/back-relay/proto-back-relay.h b/servers/slapd/back-relay/proto-back-relay.h
new file mode 100644
index 0000000..5ed71aa
--- /dev/null
+++ b/servers/slapd/back-relay/proto-back-relay.h
@@ -0,0 +1,52 @@
+/* proto-back-relay.h - relay backend header file */
+/* $OpenLDAP$ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 2004-2021 The OpenLDAP Foundation.
+ * Portions Copyright 2004 Pierangelo Masarati.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was initially developed by Pierangelo Masarati for inclusion
+ * in OpenLDAP Software.
+ */
+
+#ifndef PROTO_BACK_RELAY
+#define PROTO_BACK_RELAY
+
+#include <ldap_cdefs.h>
+
+LDAP_BEGIN_DECL
+
+extern BI_init relay_back_initialize;
+
+extern BI_db_init relay_back_db_init;
+extern BI_db_open relay_back_db_open;
+extern BI_db_close relay_back_db_close;
+extern BI_db_destroy relay_back_db_destroy;
+
+extern BI_op_bind relay_back_op_bind;
+extern BI_op_search relay_back_op_search;
+extern BI_op_compare relay_back_op_compare;
+extern BI_op_modify relay_back_op_modify;
+extern BI_op_modrdn relay_back_op_modrdn;
+extern BI_op_add relay_back_op_add;
+extern BI_op_delete relay_back_op_delete;
+extern BI_op_extended relay_back_op_extended;
+extern BI_entry_release_rw relay_back_entry_release_rw;
+extern BI_entry_get_rw relay_back_entry_get_rw;
+extern BI_operational relay_back_operational;
+extern BI_has_subordinates relay_back_has_subordinates;
+
+LDAP_END_DECL
+
+#endif /* PROTO_BACK_RELAY */
+