Back to index

openldap  2.4.31
op.c
Go to the documentation of this file.
00001 /* op.c - relay backend operations */
00002 /* $OpenLDAP$ */
00003 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
00004  *
00005  * Copyright 2004-2012 The OpenLDAP Foundation.
00006  * Portions Copyright 2004 Pierangelo Masarati.
00007  * All rights reserved.
00008  *
00009  * Redistribution and use in source and binary forms, with or without
00010  * modification, are permitted only as authorized by the OpenLDAP
00011  * Public License.
00012  *
00013  * A copy of this license is available in the file LICENSE in the
00014  * top-level directory of the distribution or, alternatively, at
00015  * <http://www.OpenLDAP.org/license.html>.
00016  */
00017 /* ACKNOWLEDGEMENTS:
00018  * This work was initially developed by Pierangelo Masarati for inclusion
00019  * in OpenLDAP Software.
00020  */
00021 
00022 #include "portable.h"
00023 
00024 #include <stdio.h>
00025 
00026 #include "slap.h"
00027 #include "back-relay.h"
00028 
00029 /* Results when no real database (.rf_bd) or operation handler (.rf_op) */
00030 static const struct relay_fail_modes_s {
00031        slap_mask_t   rf_bd, rf_op;
00032 #define RB_ERR_MASK  0x0000FFFFU /* bitmask for default return value */
00033 #define RB_BDERR     0x80000000U /* use .rf_bd's default return value */
00034 #define RB_OPERR     0x40000000U /* set rs->sr_err = .rf_op return value */
00035 #define RB_REF              0x20000000U /* use default_referral if available */
00036 #define RB_SEND             0x10000000U /* send result; RB_??ERR is also set */
00037 #define RB_SENDREF   0/*unused*/ /* like RB_SEND when referral found */
00038 #define RB_NO_BIND   (RB_OPERR | LDAP_INVALID_CREDENTIALS)
00039 #define RB_NOT_SUPP  (RB_OPERR | LDAP_UNWILLING_TO_PERFORM)
00040 #define RB_NO_OBJ    (RB_REF | LDAP_NO_SUCH_OBJECT)
00041 #define RB_CHK_REF   (RB_REF | RB_SENDREF | LDAP_SUCCESS)
00042 } relay_fail_modes[relay_op_last] = {
00043        /* .rf_bd is unused when zero, otherwise both fields have RB_BDERR */
00044 #      define RB_OP(b, o)   { (b) | RB_BD2ERR(b), (o) | RB_BD2ERR(b) }
00045 #      define RB_BD2ERR(b)  ((b) ? RB_BDERR : 0)
00046        /* indexed by slap_operation_t: */
00047        RB_OP(RB_NO_BIND|RB_SEND, RB_NO_BIND  |RB_SEND), /* Bind           */
00048        RB_OP(0,                  LDAP_SUCCESS),         /* Unbind: unused */
00049        RB_OP(RB_NO_OBJ |RB_SEND, RB_NOT_SUPP |RB_SEND), /* Search         */
00050        RB_OP(RB_NO_OBJ |RB_SEND, SLAP_CB_CONTINUE),     /* Compare        */
00051        RB_OP(RB_NO_OBJ |RB_SEND, RB_NOT_SUPP |RB_SEND), /* Modify         */
00052        RB_OP(RB_NO_OBJ |RB_SEND, RB_NOT_SUPP |RB_SEND), /* Modrdn         */
00053        RB_OP(RB_NO_OBJ |RB_SEND, RB_NOT_SUPP |RB_SEND), /* Add            */
00054        RB_OP(RB_NO_OBJ |RB_SEND, RB_NOT_SUPP |RB_SEND), /* Delete         */
00055        RB_OP(0,                  LDAP_SUCCESS),         /* Abandon:unused */
00056        RB_OP(RB_NO_OBJ,          RB_NOT_SUPP),          /* Extended       */
00057        RB_OP(0,                  SLAP_CB_CONTINUE),     /* Cancel: unused */
00058        RB_OP(0,                  LDAP_SUCCESS),    /* operational         */
00059        RB_OP(RB_CHK_REF,         LDAP_SUCCESS),    /* chk_referrals:unused*/
00060        RB_OP(0,                  SLAP_CB_CONTINUE),/* chk_controls:unused */
00061        /* additional relay_operation_t indexes from back-relay.h: */
00062        RB_OP(0,                  0/*unused*/),     /* entry_get = op_last */
00063        RB_OP(0,                  0/*unused*/),     /* entry_release       */
00064        RB_OP(0,                  0/*unused*/),     /* has_subordinates    */
00065 };
00066 
00067 /*
00068  * Callbacks: Caller changed op->o_bd from Relay to underlying
00069  * BackendDB.  sc_response sets it to Relay BackendDB, sc_cleanup puts
00070  * back underlying BackendDB.  Caller will restore Relay BackendDB.
00071  */
00072 
00073 typedef struct relay_callback {
00074        slap_callback rcb_sc;
00075        BackendDB *rcb_bd;
00076 } relay_callback;
00077 
00078 static int
00079 relay_back_cleanup_cb( Operation *op, SlapReply *rs )
00080 {
00081        op->o_bd = ((relay_callback *) op->o_callback)->rcb_bd;
00082        return SLAP_CB_CONTINUE;
00083 }
00084 
00085 static int
00086 relay_back_response_cb( Operation *op, SlapReply *rs )
00087 {
00088        relay_callback       *rcb = (relay_callback *) op->o_callback;
00089 
00090        rcb->rcb_sc.sc_cleanup = relay_back_cleanup_cb;
00091        rcb->rcb_bd = op->o_bd;
00092        op->o_bd = op->o_callback->sc_private;
00093        return SLAP_CB_CONTINUE;
00094 }
00095 
00096 #define relay_back_add_cb( rcb, op ) {                         \
00097               (rcb)->rcb_sc.sc_next = (op)->o_callback; \
00098               (rcb)->rcb_sc.sc_response = relay_back_response_cb; \
00099               (rcb)->rcb_sc.sc_cleanup = 0;                    \
00100               (rcb)->rcb_sc.sc_private = (op)->o_bd;           \
00101               (op)->o_callback = (slap_callback *) (rcb);      \
00102 }
00103 
00104 #define relay_back_remove_cb( rcb, op ) {               \
00105               slap_callback **sc = &(op)->o_callback;   \
00106               for ( ;; sc = &(*sc)->sc_next )                  \
00107                      if ( *sc == (slap_callback *) (rcb) ) {   \
00108                             *sc = (*sc)->sc_next; break;       \
00109                      } else if ( *sc == NULL ) break;   \
00110 }
00111 
00112 /*
00113  * Select the backend database with the operation's DN.  On failure,
00114  * set/send results depending on operation type <which>'s fail_modes.
00115  */
00116 static BackendDB *
00117 relay_back_select_backend( Operation *op, SlapReply *rs, int which )
00118 {
00119        OpExtra              *oex;
00120        char          *key = (char *) op->o_bd->be_private;
00121        BackendDB     *bd  = ((relay_back_info *) key)->ri_bd;
00122        slap_mask_t   fail_mode = relay_fail_modes[which].rf_bd;
00123        int           useDN = 0, rc = ( fail_mode & RB_ERR_MASK );
00124 
00125        if ( bd == NULL && !BER_BVISNULL( &op->o_req_ndn ) ) {
00126               useDN = 1;
00127               bd = select_backend( &op->o_req_ndn, 1 );
00128        }
00129 
00130        if ( bd != NULL ) {
00131               key += which; /* <relay, op type> key from RELAY_WRAP_OP() */
00132               LDAP_SLIST_FOREACH( oex, &op->o_extra, oe_next ) {
00133                      if ( oex->oe_key == key )
00134                             break;
00135               }
00136               if ( oex == NULL ) {
00137                      return bd;
00138               }
00139 
00140               Debug( LDAP_DEBUG_ANY,
00141                      "%s: back-relay for DN=\"%s\" would call self.\n",
00142                      op->o_log_prefix, op->o_req_dn.bv_val, 0 );
00143 
00144        } else if ( useDN && ( fail_mode & RB_REF ) && default_referral ) {
00145               rc = LDAP_REFERRAL;
00146 
00147               /* if we set sr_err to LDAP_REFERRAL, we must provide one */
00148               rs->sr_ref = referral_rewrite(
00149                      default_referral, NULL, &op->o_req_dn,
00150                      op->o_tag == LDAP_REQ_SEARCH ?
00151                      op->ors_scope : LDAP_SCOPE_DEFAULT );
00152               if ( rs->sr_ref != NULL ) {
00153                      rs->sr_flags |= REP_REF_MUSTBEFREED;
00154               } else {
00155                      rs->sr_ref = default_referral;
00156               }
00157 
00158               if ( fail_mode & RB_SENDREF )
00159                      fail_mode = (RB_BDERR | RB_SEND);
00160        }
00161 
00162        if ( fail_mode & RB_BDERR ) {
00163               rs->sr_err = rc;
00164               if ( fail_mode & RB_SEND ) {
00165                      send_ldap_result( op, rs );
00166               }
00167        }
00168 
00169        return NULL;
00170 }
00171 
00172 /*
00173  * Forward <act> on <op> to database <bd>, with <relay, op type>-specific
00174  * key in op->o_extra so relay_back_select_backend() can catch recursion.
00175  */
00176 #define RELAY_WRAP_OP( op, bd, which, act ) { \
00177        OpExtraDB wrap_oex; \
00178        BackendDB *const wrap_bd = (op)->o_bd; \
00179        wrap_oex.oe_db = wrap_bd; \
00180        wrap_oex.oe.oe_key = (char *) wrap_bd->be_private + (which); \
00181        LDAP_SLIST_INSERT_HEAD( &(op)->o_extra, &wrap_oex.oe, oe_next ); \
00182        (op)->o_bd = (bd); \
00183        act; \
00184        (op)->o_bd = wrap_bd; \
00185        LDAP_SLIST_REMOVE( &(op)->o_extra, &wrap_oex.oe, OpExtra, oe_next ); \
00186 }
00187 
00188 /*
00189  * Forward backend function #<which> on <op> to operation DN's database
00190  * like RELAY_WRAP_OP, after setting up callbacks. If no database or no
00191  * backend function, set/send results depending on <which>'s fail_modes.
00192  */
00193 static int
00194 relay_back_op( Operation *op, SlapReply *rs, int which )
00195 {
00196        BackendDB     *bd;
00197        BI_op_bind    *func;
00198        slap_mask_t   fail_mode = relay_fail_modes[which].rf_op;
00199        int           rc = ( fail_mode & RB_ERR_MASK );
00200 
00201        bd = relay_back_select_backend( op, rs, which );
00202        if ( bd == NULL ) {
00203               if ( fail_mode & RB_BDERR )
00204                      return rs->sr_err;   /* sr_err was set above */
00205 
00206        } else if ( (func = (&bd->be_bind)[which]) != 0 ) {
00207               relay_callback       rcb;
00208 
00209               relay_back_add_cb( &rcb, op );
00210               RELAY_WRAP_OP( op, bd, which, {
00211                      rc = func( op, rs );
00212               });
00213               relay_back_remove_cb( &rcb, op );
00214 
00215        } else if ( fail_mode & RB_OPERR ) {
00216               rs->sr_err = rc;
00217               if ( rc == LDAP_UNWILLING_TO_PERFORM ) {
00218                      rs->sr_text = "operation not supported within naming context";
00219               }
00220 
00221               if ( fail_mode & RB_SEND ) {
00222                      send_ldap_result( op, rs );
00223               }
00224        }
00225 
00226        return rc;
00227 }
00228 
00229 
00230 int
00231 relay_back_op_bind( Operation *op, SlapReply *rs )
00232 {
00233        /* allow rootdn as a means to auth without the need to actually
00234         * contact the proxied DSA */
00235        switch ( be_rootdn_bind( op, rs ) ) {
00236        case SLAP_CB_CONTINUE:
00237               break;
00238 
00239        default:
00240               return rs->sr_err;
00241        }
00242 
00243        return relay_back_op( op, rs, op_bind );
00244 }
00245 
00246 #define RELAY_DEFOP(func, which) \
00247        int func( Operation *op, SlapReply *rs ) \
00248        { return relay_back_op( op, rs, which ); }
00249 
00250 RELAY_DEFOP( relay_back_op_search,        op_search )
00251 RELAY_DEFOP( relay_back_op_compare,              op_compare )
00252 RELAY_DEFOP( relay_back_op_modify,        op_modify )
00253 RELAY_DEFOP( relay_back_op_modrdn,        op_modrdn )
00254 RELAY_DEFOP( relay_back_op_add,                  op_add )
00255 RELAY_DEFOP( relay_back_op_delete,        op_delete )
00256 RELAY_DEFOP( relay_back_op_extended,      op_extended )
00257 RELAY_DEFOP( relay_back_operational,      op_aux_operational )
00258 
00259 /* Abandon, Cancel, Unbind and some DN-less calls like be_connection_init
00260  * need no extra handling:  slapd already calls them for all databases.
00261  */
00262 
00263 
00264 int
00265 relay_back_entry_release_rw( Operation *op, Entry *e, int rw )
00266 {
00267        BackendDB            *bd;
00268        int                  rc = LDAP_UNWILLING_TO_PERFORM;
00269 
00270        bd = relay_back_select_backend( op, NULL, relay_op_entry_release );
00271        if ( bd && bd->be_release ) {
00272               RELAY_WRAP_OP( op, bd, relay_op_entry_release, {
00273                      rc = bd->be_release( op, e, rw );
00274               });
00275        } else if ( e->e_private == NULL ) {
00276               entry_free( e );
00277               rc = LDAP_SUCCESS;
00278        }
00279 
00280        return rc;
00281 }
00282 
00283 int
00284 relay_back_entry_get_rw( Operation *op, struct berval *ndn,
00285        ObjectClass *oc, AttributeDescription *at, int rw, Entry **e )
00286 {
00287        BackendDB            *bd;
00288        int                  rc = LDAP_NO_SUCH_OBJECT;
00289 
00290        bd = relay_back_select_backend( op, NULL, relay_op_entry_get );
00291        if ( bd && bd->be_fetch ) {
00292               RELAY_WRAP_OP( op, bd, relay_op_entry_get, {
00293                      rc = bd->be_fetch( op, ndn, oc, at, rw, e );
00294               });
00295        }
00296 
00297        return rc;
00298 }
00299 
00300 #if 0 /* Give the RB_SENDREF flag a nonzero value if implementing this */
00301 /*
00302  * NOTE: even the existence of this function is questionable: we cannot
00303  * pass the bi_chk_referrals() call thru the rwm overlay because there
00304  * is no way to rewrite the req_dn back; but then relay_back_chk_referrals()
00305  * is passing the target database a DN that likely does not belong to its
00306  * naming context... mmmh.
00307  */
00308 RELAY_DEFOP( relay_back_chk_referrals, op_aux_chk_referrals )
00309 #endif /*0*/
00310 
00311 int
00312 relay_back_has_subordinates( Operation *op, Entry *e, int *hasSubs )
00313 {
00314        BackendDB            *bd;
00315        int                  rc = LDAP_OTHER;
00316 
00317        bd = relay_back_select_backend( op, NULL, relay_op_has_subordinates );
00318        if ( bd && bd->be_has_subordinates ) {
00319               RELAY_WRAP_OP( op, bd, relay_op_has_subordinates, {
00320                      rc = bd->be_has_subordinates( op, e, hasSubs );
00321               });
00322        }
00323 
00324        return rc;
00325 }
00326 
00327 
00328 /*
00329  * FIXME: must implement tools as well
00330  */