Back to index

openldap  2.4.31
translucent.c
Go to the documentation of this file.
00001 /* translucent.c - translucent proxy module */
00002 /* $OpenLDAP$ */
00003 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
00004  *
00005  * Copyright 2004-2012 The OpenLDAP Foundation.
00006  * Portions Copyright 2005 Symas Corporation.
00007  * All rights reserved.
00008  *
00009  * Redistribution and use in source and binary forms, with or without
00010  * modification, are permitted only as authorized by the OpenLDAP
00011  * Public License.
00012  *
00013  * A copy of this license is available in the file LICENSE in the
00014  * top-level directory of the distribution or, alternatively, at
00015  * <http://www.OpenLDAP.org/license.html>.
00016  */
00017 /* ACKNOWLEDGEMENTS:
00018  * This work was initially developed by Symas Corp. for inclusion in
00019  * OpenLDAP Software.  This work was sponsored by Hewlett-Packard.
00020  */
00021 
00022 #include "portable.h"
00023 
00024 #ifdef SLAPD_OVER_TRANSLUCENT
00025 
00026 #include <stdio.h>
00027 
00028 #include <ac/string.h>
00029 #include <ac/socket.h>
00030 
00031 #include "slap.h"
00032 #include "lutil.h"
00033 
00034 #include "config.h"
00035 
00036 /* config block */
00037 typedef struct translucent_info {
00038        BackendDB db;               /* captive backend */
00039        AttributeName *local;       /* valid attrs for local filters */
00040        AttributeName *remote;      /* valid attrs for remote filters */
00041        int strict;
00042        int no_glue;
00043        int defer_db_open;
00044        int bind_local;
00045        int pwmod_local;
00046 } translucent_info;
00047 
00048 static ConfigLDAPadd translucent_ldadd;
00049 static ConfigCfAdd translucent_cfadd;
00050 
00051 static ConfigDriver translucent_cf_gen;
00052 
00053 enum {
00054        TRANS_LOCAL = 1,
00055        TRANS_REMOTE
00056 };
00057 
00058 static ConfigTable translucentcfg[] = {
00059        { "translucent_strict", "on|off", 1, 2, 0,
00060          ARG_ON_OFF|ARG_OFFSET,
00061          (void *)offsetof(translucent_info, strict),
00062          "( OLcfgOvAt:14.1 NAME 'olcTranslucentStrict' "
00063          "DESC 'Reveal attribute deletion constraint violations' "
00064          "SYNTAX OMsBoolean SINGLE-VALUE )", NULL, NULL },
00065        { "translucent_no_glue", "on|off", 1, 2, 0,
00066          ARG_ON_OFF|ARG_OFFSET,
00067          (void *)offsetof(translucent_info, no_glue),
00068          "( OLcfgOvAt:14.2 NAME 'olcTranslucentNoGlue' "
00069          "DESC 'Disable automatic glue records for ADD and MODRDN' "
00070          "SYNTAX OMsBoolean SINGLE-VALUE )", NULL, NULL },
00071        { "translucent_local", "attr[,attr...]", 1, 2, 0,
00072          ARG_MAGIC|TRANS_LOCAL,
00073          translucent_cf_gen,
00074          "( OLcfgOvAt:14.3 NAME 'olcTranslucentLocal' "
00075          "DESC 'Attributes to use in local search filter' "
00076          "SYNTAX OMsDirectoryString )", NULL, NULL },
00077        { "translucent_remote", "attr[,attr...]", 1, 2, 0,
00078          ARG_MAGIC|TRANS_REMOTE,
00079          translucent_cf_gen,
00080          "( OLcfgOvAt:14.4 NAME 'olcTranslucentRemote' "
00081          "DESC 'Attributes to use in remote search filter' "
00082          "SYNTAX OMsDirectoryString )", NULL, NULL },
00083        { "translucent_bind_local", "on|off", 1, 2, 0,
00084          ARG_ON_OFF|ARG_OFFSET,
00085          (void *)offsetof(translucent_info, bind_local),
00086          "( OLcfgOvAt:14.5 NAME 'olcTranslucentBindLocal' "
00087          "DESC 'Enable local bind' "
00088          "SYNTAX OMsBoolean SINGLE-VALUE)", NULL, NULL },
00089        { "translucent_pwmod_local", "on|off", 1, 2, 0,
00090          ARG_ON_OFF|ARG_OFFSET,
00091          (void *)offsetof(translucent_info, pwmod_local),
00092          "( OLcfgOvAt:14.6 NAME 'olcTranslucentPwModLocal' "
00093          "DESC 'Enable local RFC 3062 Password Modify extended operation' "
00094          "SYNTAX OMsBoolean SINGLE-VALUE)", NULL, NULL },
00095        { NULL, NULL, 0, 0, 0, ARG_IGNORED }
00096 };
00097 
00098 static ConfigOCs translucentocs[] = {
00099        { "( OLcfgOvOc:14.1 "
00100          "NAME 'olcTranslucentConfig' "
00101          "DESC 'Translucent configuration' "
00102          "SUP olcOverlayConfig "
00103          "MAY ( olcTranslucentStrict $ olcTranslucentNoGlue $"
00104          " olcTranslucentLocal $ olcTranslucentRemote $"
00105          " olcTranslucentBindLocal $ olcTranslucentPwModLocal ) )",
00106          Cft_Overlay, translucentcfg, NULL, translucent_cfadd },
00107        { "( OLcfgOvOc:14.2 "
00108          "NAME 'olcTranslucentDatabase' "
00109          "DESC 'Translucent target database configuration' "
00110          "AUXILIARY )", Cft_Misc, olcDatabaseDummy, translucent_ldadd },
00111        { NULL, 0, NULL }
00112 };
00113 /* for translucent_init() */
00114 
00115 static int
00116 translucent_ldadd_cleanup( ConfigArgs *ca )
00117 {
00118        slap_overinst *on = ca->ca_private;
00119        translucent_info *ov = on->on_bi.bi_private;
00120 
00121        ov->defer_db_open = 0;
00122        return backend_startup_one( ca->be, &ca->reply );
00123 }
00124 
00125 static int
00126 translucent_ldadd( CfEntryInfo *cei, Entry *e, ConfigArgs *ca )
00127 {
00128        slap_overinst *on;
00129        translucent_info *ov;
00130 
00131        Debug(LDAP_DEBUG_TRACE, "==> translucent_ldadd\n", 0, 0, 0);
00132 
00133        if ( cei->ce_type != Cft_Overlay || !cei->ce_bi ||
00134             cei->ce_bi->bi_cf_ocs != translucentocs )
00135               return LDAP_CONSTRAINT_VIOLATION;
00136 
00137        on = (slap_overinst *)cei->ce_bi;
00138        ov = on->on_bi.bi_private;
00139        ca->be = &ov->db;
00140        ca->ca_private = on;
00141        if ( CONFIG_ONLINE_ADD( ca ))
00142               ca->cleanup = translucent_ldadd_cleanup;
00143        else
00144               ov->defer_db_open = 0;
00145 
00146        return LDAP_SUCCESS;
00147 }
00148 
00149 static int
00150 translucent_cfadd( Operation *op, SlapReply *rs, Entry *e, ConfigArgs *ca )
00151 {
00152        CfEntryInfo *cei = e->e_private;
00153        slap_overinst *on = (slap_overinst *)cei->ce_bi;
00154        translucent_info *ov = on->on_bi.bi_private;
00155        struct berval bv;
00156 
00157        Debug(LDAP_DEBUG_TRACE, "==> translucent_cfadd\n", 0, 0, 0);
00158 
00159        /* FIXME: should not hardcode "olcDatabase" here */
00160        bv.bv_len = snprintf( ca->cr_msg, sizeof( ca->cr_msg ),
00161               "olcDatabase=" SLAP_X_ORDERED_FMT "%s",
00162               0, ov->db.bd_info->bi_type );
00163        if ( bv.bv_len >= sizeof( ca->cr_msg ) ) {
00164               return -1;
00165        }
00166        bv.bv_val = ca->cr_msg;
00167        ca->be = &ov->db;
00168        ov->defer_db_open = 0;
00169 
00170        /* We can only create this entry if the database is table-driven
00171         */
00172        if ( ov->db.bd_info->bi_cf_ocs )
00173               config_build_entry( op, rs, cei, ca, &bv,
00174                                 ov->db.bd_info->bi_cf_ocs,
00175                                 &translucentocs[1] );
00176 
00177        return 0;
00178 }
00179 
00180 static int
00181 translucent_cf_gen( ConfigArgs *c )
00182 {
00183        slap_overinst *on = (slap_overinst *)c->bi;
00184        translucent_info *ov = on->on_bi.bi_private;
00185        AttributeName **an, *a2;
00186        int i;
00187 
00188        if ( c->type == TRANS_LOCAL )
00189               an = &ov->local;
00190        else
00191               an = &ov->remote;
00192 
00193        if ( c->op == SLAP_CONFIG_EMIT ) {
00194               if ( !*an )
00195                      return 1;
00196               for ( i = 0; !BER_BVISNULL(&(*an)[i].an_name); i++ ) {
00197                      value_add_one( &c->rvalue_vals, &(*an)[i].an_name );
00198               }
00199               return ( i < 1 );
00200        } else if ( c->op == LDAP_MOD_DELETE ) {
00201               if ( c->valx < 0 ) {
00202                      anlist_free( *an, 1, NULL );
00203                      *an = NULL;
00204               } else {
00205                      i = c->valx;
00206                      ch_free( (*an)[i].an_name.bv_val );
00207                      do {
00208                             (*an)[i] = (*an)[i+1];
00209                             i++;
00210                      } while ( !BER_BVISNULL( &(*an)[i].an_name ));
00211               }
00212               return 0;
00213        }
00214        a2 = str2anlist( *an, c->argv[1], "," );
00215        if ( !a2 ) {
00216               snprintf( c->cr_msg, sizeof( c->cr_msg ), "%s unable to parse attribute %s",
00217                      c->argv[0], c->argv[1] );
00218               Debug( LDAP_DEBUG_CONFIG|LDAP_DEBUG_NONE,
00219                      "%s: %s\n", c->log, c->cr_msg, 0 );
00220               return ARG_BAD_CONF;
00221        }
00222        *an = a2;
00223        return 0;
00224 }
00225 
00226 static slap_overinst translucent;
00227 
00228 /*
00229 ** glue_parent()
00230 **     call syncrepl_add_glue() with the parent suffix;
00231 **
00232 */
00233 
00234 static struct berval glue[] = { BER_BVC("top"), BER_BVC("glue"), BER_BVNULL };
00235 
00236 void glue_parent(Operation *op) {
00237        Operation nop = *op;
00238        slap_overinst *on = (slap_overinst *) op->o_bd->bd_info;
00239        struct berval ndn = BER_BVNULL;
00240        Attribute *a;
00241        Entry *e;
00242        struct berval pdn;
00243 
00244        dnParent( &op->o_req_ndn, &pdn );
00245        ber_dupbv_x( &ndn, &pdn, op->o_tmpmemctx );
00246 
00247        Debug(LDAP_DEBUG_TRACE, "=> glue_parent: fabricating glue for <%s>\n", ndn.bv_val, 0, 0);
00248 
00249        e = entry_alloc();
00250        e->e_id = NOID;
00251        ber_dupbv(&e->e_name, &ndn);
00252        ber_dupbv(&e->e_nname, &ndn);
00253 
00254        a = attr_alloc( slap_schema.si_ad_objectClass );
00255        a->a_numvals = 2;
00256        a->a_vals = ch_malloc(sizeof(struct berval) * 3);
00257        ber_dupbv(&a->a_vals[0], &glue[0]);
00258        ber_dupbv(&a->a_vals[1], &glue[1]);
00259        ber_dupbv(&a->a_vals[2], &glue[2]);
00260        a->a_nvals = a->a_vals;
00261        a->a_next = e->e_attrs;
00262        e->e_attrs = a;
00263 
00264        a = attr_alloc( slap_schema.si_ad_structuralObjectClass );
00265        a->a_numvals = 1;
00266        a->a_vals = ch_malloc(sizeof(struct berval) * 2);
00267        ber_dupbv(&a->a_vals[0], &glue[1]);
00268        ber_dupbv(&a->a_vals[1], &glue[2]);
00269        a->a_nvals = a->a_vals;
00270        a->a_next = e->e_attrs;
00271        e->e_attrs = a;
00272 
00273        nop.o_req_dn = ndn;
00274        nop.o_req_ndn = ndn;
00275        nop.ora_e = e;
00276 
00277        nop.o_bd->bd_info = (BackendInfo *) on->on_info->oi_orig;
00278        syncrepl_add_glue(&nop, e);
00279        nop.o_bd->bd_info = (BackendInfo *) on;
00280 
00281        op->o_tmpfree( ndn.bv_val, op->o_tmpmemctx );
00282 
00283        return;
00284 }
00285 
00286 /*
00287 ** free_attr_chain()
00288 **     free only the Attribute*, not the contents;
00289 **
00290 */
00291 void free_attr_chain(Attribute *b) {
00292        Attribute *a;
00293        for(a=b; a; a=a->a_next) {
00294               a->a_vals = NULL;
00295               a->a_nvals = NULL;
00296        }
00297        attrs_free( b );
00298        return;
00299 }
00300 
00301 /*
00302 ** translucent_add()
00303 **     if not bound as root, send ACCESS error;
00304 **     if glue, glue_parent();
00305 **     return CONTINUE;
00306 **
00307 */
00308 
00309 static int translucent_add(Operation *op, SlapReply *rs) {
00310        slap_overinst *on = (slap_overinst *) op->o_bd->bd_info;
00311        translucent_info *ov = on->on_bi.bi_private;
00312        Debug(LDAP_DEBUG_TRACE, "==> translucent_add: %s\n",
00313               op->o_req_dn.bv_val, 0, 0);
00314        if(!be_isroot(op)) {
00315               op->o_bd->bd_info = (BackendInfo *) on->on_info;
00316               send_ldap_error(op, rs, LDAP_INSUFFICIENT_ACCESS,
00317                      "user modification of overlay database not permitted");
00318               op->o_bd->bd_info = (BackendInfo *) on;
00319               return(rs->sr_err);
00320        }
00321        if(!ov->no_glue) glue_parent(op);
00322        return(SLAP_CB_CONTINUE);
00323 }
00324 
00325 /*
00326 ** translucent_modrdn()
00327 **     if not bound as root, send ACCESS error;
00328 **     if !glue, glue_parent();
00329 **     else return CONTINUE;
00330 **
00331 */
00332 
00333 static int translucent_modrdn(Operation *op, SlapReply *rs) {
00334        slap_overinst *on = (slap_overinst *) op->o_bd->bd_info;
00335        translucent_info *ov = on->on_bi.bi_private;
00336        Debug(LDAP_DEBUG_TRACE, "==> translucent_modrdn: %s -> %s\n",
00337               op->o_req_dn.bv_val, op->orr_newrdn.bv_val, 0);
00338        if(!be_isroot(op)) {
00339               op->o_bd->bd_info = (BackendInfo *) on->on_info;
00340               send_ldap_error(op, rs, LDAP_INSUFFICIENT_ACCESS,
00341                      "user modification of overlay database not permitted");
00342               op->o_bd->bd_info = (BackendInfo *) on;
00343               return(rs->sr_err);
00344        }
00345        if(!ov->no_glue) {
00346               op->o_tag = LDAP_REQ_ADD;
00347               glue_parent(op);
00348               op->o_tag = LDAP_REQ_MODRDN;
00349        }
00350        return(SLAP_CB_CONTINUE);
00351 }
00352 
00353 /*
00354 ** translucent_delete()
00355 **     if not bound as root, send ACCESS error;
00356 **     else return CONTINUE;
00357 **
00358 */
00359 
00360 static int translucent_delete(Operation *op, SlapReply *rs) {
00361        slap_overinst *on = (slap_overinst *) op->o_bd->bd_info;
00362        Debug(LDAP_DEBUG_TRACE, "==> translucent_delete: %s\n",
00363               op->o_req_dn.bv_val, 0, 0);
00364        if(!be_isroot(op)) {
00365               op->o_bd->bd_info = (BackendInfo *) on->on_info;
00366               send_ldap_error(op, rs, LDAP_INSUFFICIENT_ACCESS,
00367                      "user modification of overlay database not permitted");
00368               op->o_bd->bd_info = (BackendInfo *) on;
00369               return(rs->sr_err);
00370        }
00371        return(SLAP_CB_CONTINUE);
00372 }
00373 
00374 static int
00375 translucent_tag_cb( Operation *op, SlapReply *rs )
00376 {
00377        op->o_tag = LDAP_REQ_MODIFY;
00378        op->orm_modlist = op->o_callback->sc_private;
00379        rs->sr_tag = slap_req2res( op->o_tag );
00380 
00381        return SLAP_CB_CONTINUE;
00382 }
00383 
00384 /*
00385 ** translucent_modify()
00386 **     modify in local backend if exists in both;
00387 **     otherwise, add to local backend;
00388 **     fail if not defined in captive backend;
00389 **
00390 */
00391 
00392 static int translucent_modify(Operation *op, SlapReply *rs) {
00393        SlapReply nrs = { REP_RESULT };
00394 
00395        slap_overinst *on = (slap_overinst *) op->o_bd->bd_info;
00396        translucent_info *ov = on->on_bi.bi_private;
00397        Entry *e = NULL, *re = NULL;
00398        Attribute *a, *ax;
00399        Modifications *m, **mm;
00400        BackendDB *db;
00401        int del, rc, erc = 0;
00402        slap_callback cb = { 0 };
00403 
00404        Debug(LDAP_DEBUG_TRACE, "==> translucent_modify: %s\n",
00405               op->o_req_dn.bv_val, 0, 0);
00406 
00407        if(ov->defer_db_open) {
00408               send_ldap_error(op, rs, LDAP_UNAVAILABLE,
00409                      "remote DB not available");
00410               return(rs->sr_err);
00411        }
00412 /*
00413 ** fetch entry from the captive backend;
00414 ** if it did not exist, fail;
00415 ** release it, if captive backend supports this;
00416 **
00417 */
00418 
00419        db = op->o_bd;
00420        op->o_bd = &ov->db;
00421        ov->db.be_acl = op->o_bd->be_acl;
00422        rc = ov->db.bd_info->bi_entry_get_rw(op, &op->o_req_ndn, NULL, NULL, 0, &re);
00423        if(rc != LDAP_SUCCESS || re == NULL ) {
00424               send_ldap_error((op), rs, LDAP_NO_SUCH_OBJECT,
00425                      "attempt to modify nonexistent local record");
00426               return(rs->sr_err);
00427        }
00428        op->o_bd = db;
00429 /*
00430 ** fetch entry from local backend;
00431 ** if it exists:
00432 **     foreach Modification:
00433 **         if attr not present in local:
00434 **            if Mod == LDAP_MOD_DELETE:
00435 **                if remote attr not present, return NO_SUCH;
00436 **                if remote attr present, drop this Mod;
00437 **            else force this Mod to LDAP_MOD_ADD;
00438 **     return CONTINUE;
00439 **
00440 */
00441 
00442        op->o_bd->bd_info = (BackendInfo *) on->on_info;
00443        rc = be_entry_get_rw(op, &op->o_req_ndn, NULL, NULL, 0, &e);
00444        op->o_bd->bd_info = (BackendInfo *) on;
00445 
00446        if(e && rc == LDAP_SUCCESS) {
00447               Debug(LDAP_DEBUG_TRACE, "=> translucent_modify: found local entry\n", 0, 0, 0);
00448               for(mm = &op->orm_modlist; *mm; ) {
00449                      m = *mm;
00450                      for(a = e->e_attrs; a; a = a->a_next)
00451                             if(a->a_desc == m->sml_desc) break;
00452                      if(a) {
00453                             mm = &m->sml_next;
00454                             continue;            /* found local attr */
00455                      }
00456                      if(m->sml_op == LDAP_MOD_DELETE) {
00457                             for(a = re->e_attrs; a; a = a->a_next)
00458                                    if(a->a_desc == m->sml_desc) break;
00459                             /* not found remote attr */
00460                             if(!a) {
00461                                    erc = LDAP_NO_SUCH_ATTRIBUTE;
00462                                    goto release;
00463                             }
00464                             if(ov->strict) {
00465                                    erc = LDAP_CONSTRAINT_VIOLATION;
00466                                    goto release;
00467                             }
00468                             Debug(LDAP_DEBUG_TRACE,
00469                                    "=> translucent_modify: silently dropping delete: %s\n",
00470                                    m->sml_desc->ad_cname.bv_val, 0, 0);
00471                             *mm = m->sml_next;
00472                             m->sml_next = NULL;
00473                             slap_mods_free(m, 1);
00474                             continue;
00475                      }
00476                      m->sml_op = LDAP_MOD_ADD;
00477                      mm = &m->sml_next;
00478               }
00479               erc = SLAP_CB_CONTINUE;
00480 release:
00481               if(re) {
00482                      if(ov->db.bd_info->bi_entry_release_rw) {
00483                             op->o_bd = &ov->db;
00484                             ov->db.bd_info->bi_entry_release_rw(op, re, 0);
00485                             op->o_bd = db;
00486                      } else
00487                             entry_free(re);
00488               }
00489               op->o_bd->bd_info = (BackendInfo *) on->on_info;
00490               be_entry_release_r(op, e);
00491               op->o_bd->bd_info = (BackendInfo *) on;
00492               if(erc == SLAP_CB_CONTINUE) {
00493                      return(erc);
00494               } else if(erc) {
00495                      send_ldap_error(op, rs, erc,
00496                             "attempt to delete nonexistent attribute");
00497                      return(erc);
00498               }
00499        }
00500 
00501        /* don't leak remote entry copy */
00502        if(re) {
00503               if(ov->db.bd_info->bi_entry_release_rw) {
00504                      op->o_bd = &ov->db;
00505                      ov->db.bd_info->bi_entry_release_rw(op, re, 0);
00506                      op->o_bd = db;
00507               } else
00508                      entry_free(re);
00509        }
00510 /*
00511 ** foreach Modification:
00512 **     if MOD_ADD or MOD_REPLACE, add Attribute;
00513 ** if no Modifications were suitable:
00514 **     if strict, throw CONSTRAINT_VIOLATION;
00515 **     else, return early SUCCESS;
00516 ** fabricate Entry with new Attribute chain;
00517 ** glue_parent() for this Entry;
00518 ** call bi_op_add() in local backend;
00519 **
00520 */
00521 
00522        Debug(LDAP_DEBUG_TRACE, "=> translucent_modify: fabricating local add\n", 0, 0, 0);
00523        a = NULL;
00524        for(del = 0, ax = NULL, m = op->orm_modlist; m; m = m->sml_next) {
00525               Attribute atmp;
00526               if(((m->sml_op & LDAP_MOD_OP) != LDAP_MOD_ADD) &&
00527                  ((m->sml_op & LDAP_MOD_OP) != LDAP_MOD_REPLACE)) {
00528                      Debug(LDAP_DEBUG_ANY,
00529                             "=> translucent_modify: silently dropped modification(%d): %s\n",
00530                             m->sml_op, m->sml_desc->ad_cname.bv_val, 0);
00531                      if((m->sml_op & LDAP_MOD_OP) == LDAP_MOD_DELETE) del++;
00532                      continue;
00533               }
00534               atmp.a_desc = m->sml_desc;
00535               atmp.a_vals = m->sml_values;
00536               atmp.a_nvals = m->sml_nvalues ? m->sml_nvalues : atmp.a_vals;
00537               atmp.a_numvals = m->sml_numvals;
00538               atmp.a_flags = 0;
00539               a = attr_dup( &atmp );
00540               a->a_next  = ax;
00541               ax = a;
00542        }
00543 
00544        if(del && ov->strict) {
00545               attrs_free( a );
00546               send_ldap_error(op, rs, LDAP_CONSTRAINT_VIOLATION,
00547                      "attempt to delete attributes from local database");
00548               return(rs->sr_err);
00549        }
00550 
00551        if(!ax) {
00552               if(ov->strict) {
00553                      send_ldap_error(op, rs, LDAP_CONSTRAINT_VIOLATION,
00554                             "modification contained other than ADD or REPLACE");
00555                      return(rs->sr_err);
00556               }
00557               /* rs->sr_text = "no valid modification found"; */
00558               rs->sr_err = LDAP_SUCCESS;
00559               send_ldap_result(op, rs);
00560               return(rs->sr_err);
00561        }
00562 
00563        e = entry_alloc();
00564        ber_dupbv( &e->e_name, &op->o_req_dn );
00565        ber_dupbv( &e->e_nname, &op->o_req_ndn );
00566        e->e_attrs = a;
00567 
00568        op->o_tag     = LDAP_REQ_ADD;
00569        cb.sc_response = translucent_tag_cb;
00570        cb.sc_private = op->orm_modlist;
00571        op->oq_add.rs_e      = e;
00572 
00573        glue_parent(op);
00574 
00575        cb.sc_next = op->o_callback;
00576        op->o_callback = &cb;
00577        rc = on->on_info->oi_orig->bi_op_add(op, &nrs);
00578        if ( op->ora_e == e )
00579               entry_free( e );
00580        op->o_callback = cb.sc_next;
00581 
00582        return(rc);
00583 }
00584 
00585 static int translucent_compare(Operation *op, SlapReply *rs) {
00586        slap_overinst *on = (slap_overinst *) op->o_bd->bd_info;
00587        translucent_info *ov = on->on_bi.bi_private;
00588        AttributeAssertion *ava = op->orc_ava;
00589        Entry *e = NULL;
00590        BackendDB *db;
00591        int rc;
00592 
00593        Debug(LDAP_DEBUG_TRACE, "==> translucent_compare: <%s> %s:%s\n",
00594               op->o_req_dn.bv_val, ava->aa_desc->ad_cname.bv_val, ava->aa_value.bv_val);
00595 
00596 /*
00597 ** if the local backend has an entry for this attribute:
00598 **     CONTINUE and let it do the compare;
00599 **
00600 */
00601        rc = overlay_entry_get_ov(op, &op->o_req_ndn, NULL, ava->aa_desc, 0, &e, on);
00602        if(rc == LDAP_SUCCESS && e) {
00603               overlay_entry_release_ov(op, e, 0, on);
00604               return(SLAP_CB_CONTINUE);
00605        }
00606 
00607        if(ov->defer_db_open) {
00608               send_ldap_error(op, rs, LDAP_UNAVAILABLE,
00609                      "remote DB not available");
00610               return(rs->sr_err);
00611        }
00612 /*
00613 ** call compare() in the captive backend;
00614 ** return the result;
00615 **
00616 */
00617        db = op->o_bd;
00618        op->o_bd = &ov->db;
00619        ov->db.be_acl = op->o_bd->be_acl;
00620        rc = ov->db.bd_info->bi_op_compare(op, rs);
00621        op->o_bd = db;
00622 
00623        return(rc);
00624 }
00625 
00626 static int translucent_pwmod(Operation *op, SlapReply *rs) {
00627        SlapReply nrs = { REP_RESULT };
00628        Operation nop;
00629 
00630        slap_overinst *on = (slap_overinst *) op->o_bd->bd_info;
00631        translucent_info *ov = on->on_bi.bi_private;
00632        Entry *e = NULL, *re = NULL;
00633        BackendDB *db;
00634        int rc = 0;
00635        slap_callback cb = { 0 };
00636 
00637        if (!ov->pwmod_local) {
00638               rs->sr_err = LDAP_CONSTRAINT_VIOLATION,
00639               rs->sr_text = "attempt to modify password in local database";
00640               return rs->sr_err;
00641        }
00642 
00643 /*
00644 ** fetch entry from the captive backend;
00645 ** if it did not exist, fail;
00646 ** release it, if captive backend supports this;
00647 **
00648 */
00649        db = op->o_bd;
00650        op->o_bd = &ov->db;
00651        ov->db.be_acl = op->o_bd->be_acl;
00652        rc = ov->db.bd_info->bi_entry_get_rw(op, &op->o_req_ndn, NULL, NULL, 0, &re);
00653        if(rc != LDAP_SUCCESS || re == NULL ) {
00654               send_ldap_error((op), rs, LDAP_NO_SUCH_OBJECT,
00655                      "attempt to modify nonexistent local record");
00656               return(rs->sr_err);
00657        }
00658        op->o_bd = db;
00659 /*
00660 ** fetch entry from local backend;
00661 ** if it exists:
00662 **     return CONTINUE;
00663 */
00664 
00665        op->o_bd->bd_info = (BackendInfo *) on->on_info;
00666        rc = be_entry_get_rw(op, &op->o_req_ndn, NULL, NULL, 0, &e);
00667        op->o_bd->bd_info = (BackendInfo *) on;
00668 
00669        if(e && rc == LDAP_SUCCESS) {
00670               if(re) {
00671                      if(ov->db.bd_info->bi_entry_release_rw) {
00672                             op->o_bd = &ov->db;
00673                             ov->db.bd_info->bi_entry_release_rw(op, re, 0);
00674                             op->o_bd = db;
00675                      } else {
00676                             entry_free(re);
00677                      }
00678               }
00679               op->o_bd->bd_info = (BackendInfo *) on->on_info;
00680               be_entry_release_r(op, e);
00681               op->o_bd->bd_info = (BackendInfo *) on;
00682               return SLAP_CB_CONTINUE;
00683        }
00684 
00685        /* don't leak remote entry copy */
00686        if(re) {
00687               if(ov->db.bd_info->bi_entry_release_rw) {
00688                      op->o_bd = &ov->db;
00689                      ov->db.bd_info->bi_entry_release_rw(op, re, 0);
00690                      op->o_bd = db;
00691               } else {
00692                      entry_free(re);
00693               }
00694        }
00695 /*
00696 ** glue_parent() for this Entry;
00697 ** call bi_op_add() in local backend;
00698 **
00699 */
00700        e = entry_alloc();
00701        ber_dupbv( &e->e_name, &op->o_req_dn );
00702        ber_dupbv( &e->e_nname, &op->o_req_ndn );
00703        e->e_attrs = NULL;
00704 
00705        nop = *op;
00706        nop.o_tag = LDAP_REQ_ADD;
00707        cb.sc_response = slap_null_cb;
00708        nop.oq_add.rs_e      = e;
00709 
00710        glue_parent(&nop);
00711 
00712        nop.o_callback = &cb;
00713        rc = on->on_info->oi_orig->bi_op_add(&nop, &nrs);
00714        if ( nop.ora_e == e ) {
00715               entry_free( e );
00716        }
00717 
00718        if ( rc == LDAP_SUCCESS ) {
00719               return SLAP_CB_CONTINUE;
00720        }
00721 
00722        return rc;
00723 }
00724 
00725 static int translucent_exop(Operation *op, SlapReply *rs) {
00726        slap_overinst *on = (slap_overinst *) op->o_bd->bd_info;
00727        translucent_info *ov = on->on_bi.bi_private;
00728        const struct berval bv_exop_pwmod = BER_BVC(LDAP_EXOP_MODIFY_PASSWD);
00729 
00730        Debug(LDAP_DEBUG_TRACE, "==> translucent_exop: %s\n",
00731               op->o_req_dn.bv_val, 0, 0);
00732 
00733        if(ov->defer_db_open) {
00734               send_ldap_error(op, rs, LDAP_UNAVAILABLE,
00735                      "remote DB not available");
00736               return(rs->sr_err);
00737        }
00738 
00739        if ( bvmatch( &bv_exop_pwmod, &op->ore_reqoid ) ) {
00740               return translucent_pwmod( op, rs );
00741        }
00742 
00743        return SLAP_CB_CONTINUE;
00744 }
00745 
00746 /*
00747 ** translucent_search_cb()
00748 **     merge local data with remote data
00749 **
00750 ** Four cases:
00751 ** 1: remote search, no local filter
00752 **     merge data and send immediately
00753 ** 2: remote search, with local filter
00754 **     merge data and save
00755 ** 3: local search, no remote filter
00756 **     merge data and send immediately
00757 ** 4: local search, with remote filter
00758 **     check list, merge, send, delete
00759 */
00760 
00761 #define       RMT_SIDE      0
00762 #define       LCL_SIDE      1
00763 #define       USE_LIST      2
00764 
00765 typedef struct trans_ctx {
00766        BackendDB *db;
00767        slap_overinst *on;
00768        Filter *orig;
00769        Avlnode *list;
00770        int step;
00771        int slimit;
00772        AttributeName *attrs;
00773 } trans_ctx;
00774 
00775 static int translucent_search_cb(Operation *op, SlapReply *rs) {
00776        trans_ctx *tc;
00777        BackendDB *db;
00778        slap_overinst *on;
00779        translucent_info *ov;
00780        Entry *le, *re;
00781        Attribute *a, *ax, *an, *as = NULL;
00782        int rc;
00783        int test_f = 0;
00784 
00785        tc = op->o_callback->sc_private;
00786 
00787        /* Don't let the op complete while we're gathering data */
00788        if ( rs->sr_type == REP_RESULT && ( tc->step & USE_LIST ))
00789               return 0;
00790 
00791        if(!op || !rs || rs->sr_type != REP_SEARCH || !rs->sr_entry)
00792               return(SLAP_CB_CONTINUE);
00793 
00794        Debug(LDAP_DEBUG_TRACE, "==> translucent_search_cb: %s\n",
00795               rs->sr_entry->e_name.bv_val, 0, 0);
00796 
00797        op->ors_slimit = tc->slimit + ( tc->slimit > 0 ? 1 : 0 );
00798        if ( op->ors_attrs == slap_anlist_all_attributes ) {
00799               op->ors_attrs = tc->attrs;
00800               rs->sr_attrs = tc->attrs;
00801               rs->sr_attr_flags = slap_attr_flags( rs->sr_attrs );
00802        }
00803 
00804        on = tc->on;
00805        ov = on->on_bi.bi_private;
00806 
00807        db = op->o_bd;
00808        re = NULL;
00809 
00810        /* If we have local, get remote */
00811        if ( tc->step & LCL_SIDE ) {
00812               le = rs->sr_entry;
00813               /* If entry is already on list, use it */
00814               if ( tc->step & USE_LIST ) {
00815                      re = tavl_delete( &tc->list, le, entry_dn_cmp );
00816                      if ( re ) {
00817                             rs_flush_entry( op, rs, on );
00818                             rc = test_filter( op, re, tc->orig );
00819                             if ( rc == LDAP_COMPARE_TRUE ) {
00820                                    rs->sr_flags |= REP_ENTRY_MUSTBEFREED;
00821                                    rs->sr_entry = re;
00822 
00823                                    if ( tc->slimit >= 0 && rs->sr_nentries >= tc->slimit ) {
00824                                           return LDAP_SIZELIMIT_EXCEEDED;
00825                                    }
00826 
00827                                    return SLAP_CB_CONTINUE;
00828                             } else {
00829                                    entry_free( re );
00830                                    rs->sr_entry = NULL;
00831                                    return 0;
00832                             }
00833                      }
00834               }
00835               op->o_bd = &ov->db;
00836               rc = be_entry_get_rw( op, &rs->sr_entry->e_nname, NULL, NULL, 0, &re );
00837               if ( rc == LDAP_SUCCESS && re ) {
00838                      Entry *tmp = entry_dup( re );
00839                      be_entry_release_r( op, re );
00840                      re = tmp;
00841                      test_f = 1;
00842               }
00843        } else {
00844        /* Else we have remote, get local */
00845               op->o_bd = tc->db;
00846               le = NULL;
00847               rc = overlay_entry_get_ov(op, &rs->sr_entry->e_nname, NULL, NULL, 0, &le, on);
00848               if ( rc == LDAP_SUCCESS && le ) {
00849                      re = entry_dup( rs->sr_entry );
00850                      rs_flush_entry( op, rs, on );
00851               } else {
00852                      le = NULL;
00853               }
00854        }
00855 
00856 /*
00857 ** if we got remote and local entry:
00858 **     foreach local attr:
00859 **            foreach remote attr:
00860 **                   if match, remote attr with local attr;
00861 **                   if new local, add to list;
00862 **     append new local attrs to remote;
00863 **
00864 */
00865 
00866        if ( re && le ) {
00867               for(ax = le->e_attrs; ax; ax = ax->a_next) {
00868                      for(a = re->e_attrs; a; a = a->a_next) {
00869                             if(a->a_desc == ax->a_desc) {
00870                                    test_f = 1;
00871                                    if(a->a_vals != a->a_nvals)
00872                                           ber_bvarray_free(a->a_nvals);
00873                                    ber_bvarray_free(a->a_vals);
00874                                    ber_bvarray_dup_x( &a->a_vals, ax->a_vals, NULL );
00875                                    if ( ax->a_vals == ax->a_nvals ) {
00876                                           a->a_nvals = a->a_vals;
00877                                    } else {
00878                                           ber_bvarray_dup_x( &a->a_nvals, ax->a_nvals, NULL );
00879                                    }
00880                                    break;
00881                             }
00882                      }
00883                      if(a) continue;
00884                      an = attr_dup(ax);
00885                      an->a_next = as;
00886                      as = an;
00887               }
00888               /* Dispose of local entry */
00889               if ( tc->step & LCL_SIDE ) {
00890                      rs_flush_entry(op, rs, on);
00891               } else {
00892                      overlay_entry_release_ov(op, le, 0, on);
00893               }
00894 
00895               /* literally append, so locals are always last */
00896               if(as) {
00897                      if(re->e_attrs) {
00898                             for(ax = re->e_attrs; ax->a_next; ax = ax->a_next);
00899                             ax->a_next = as;
00900                      } else {
00901                             re->e_attrs = as;
00902                      }
00903               }
00904               /* If both filters, save entry for later */
00905               if ( tc->step == (USE_LIST|RMT_SIDE) ) {
00906                      tavl_insert( &tc->list, re, entry_dn_cmp, avl_dup_error );
00907                      rs->sr_entry = NULL;
00908                      rc = 0;
00909               } else {
00910               /* send it now */
00911                      rs->sr_entry = re;
00912                      rs->sr_flags |= REP_ENTRY_MUSTBEFREED;
00913                      if ( test_f ) {
00914                             rc = test_filter( op, rs->sr_entry, tc->orig );
00915                             if ( rc == LDAP_COMPARE_TRUE ) {
00916                                    rc = SLAP_CB_CONTINUE;
00917                             } else {
00918                                    rc = 0;
00919                             }
00920                      } else {
00921                             rc = SLAP_CB_CONTINUE;
00922                      }
00923               }
00924        } else if ( le ) {
00925        /* Only a local entry: remote was deleted
00926         * Ought to delete the local too...
00927         */
00928               rc = 0;
00929        } else if ( tc->step & USE_LIST ) {
00930        /* Only a remote entry, but both filters:
00931         * Test the complete filter
00932         */
00933               rc = test_filter( op, rs->sr_entry, tc->orig );
00934               if ( rc == LDAP_COMPARE_TRUE ) {
00935                      rc = SLAP_CB_CONTINUE;
00936               } else {
00937                      rc = 0;
00938               }
00939        } else {
00940        /* Only a remote entry, only remote filter:
00941         * just pass thru
00942         */
00943               rc = SLAP_CB_CONTINUE;
00944        }
00945 
00946        op->o_bd = db;
00947 
00948        if ( rc == SLAP_CB_CONTINUE && tc->slimit >= 0 && rs->sr_nentries >= tc->slimit ) {
00949               return LDAP_SIZELIMIT_EXCEEDED;
00950        }
00951 
00952        return rc;
00953 }
00954 
00955 /* Dup the filter, excluding invalid elements */
00956 static Filter *
00957 trans_filter_dup(Operation *op, Filter *f, AttributeName *an)
00958 {
00959        Filter *n = NULL;
00960 
00961        if ( !f )
00962               return NULL;
00963 
00964        switch( f->f_choice & SLAPD_FILTER_MASK ) {
00965        case SLAPD_FILTER_COMPUTED:
00966               n = op->o_tmpalloc( sizeof(Filter), op->o_tmpmemctx );
00967               n->f_choice = f->f_choice;
00968               n->f_result = f->f_result;
00969               n->f_next = NULL;
00970               break;
00971 
00972        case LDAP_FILTER_PRESENT:
00973               if ( ad_inlist( f->f_desc, an )) {
00974                      n = op->o_tmpalloc( sizeof(Filter), op->o_tmpmemctx );
00975                      n->f_choice = f->f_choice;
00976                      n->f_desc = f->f_desc;
00977                      n->f_next = NULL;
00978               }
00979               break;
00980 
00981        case LDAP_FILTER_EQUALITY:
00982        case LDAP_FILTER_GE:
00983        case LDAP_FILTER_LE:
00984        case LDAP_FILTER_APPROX:
00985        case LDAP_FILTER_SUBSTRINGS:
00986        case LDAP_FILTER_EXT:
00987               if ( !f->f_av_desc || ad_inlist( f->f_av_desc, an )) {
00988                      n = op->o_tmpalloc( sizeof(Filter), op->o_tmpmemctx );
00989                      n->f_choice = f->f_choice;
00990                      n->f_ava = f->f_ava;
00991                      n->f_next = NULL;
00992               }
00993               break;
00994 
00995        case LDAP_FILTER_AND:
00996        case LDAP_FILTER_OR:
00997        case LDAP_FILTER_NOT: {
00998               Filter **p;
00999 
01000               n = op->o_tmpalloc( sizeof(Filter), op->o_tmpmemctx );
01001               n->f_choice = f->f_choice;
01002               n->f_next = NULL;
01003 
01004               for ( p = &n->f_list, f = f->f_list; f; f = f->f_next ) {
01005                      *p = trans_filter_dup( op, f, an );
01006                      if ( !*p )
01007                             continue;
01008                      p = &(*p)->f_next;
01009               }
01010               /* nothing valid in this list */
01011               if ( !n->f_list ) {
01012                      op->o_tmpfree( n, op->o_tmpmemctx );
01013                      return NULL;
01014               }
01015               /* Only 1 element in this list */
01016               if ((n->f_choice & SLAPD_FILTER_MASK) != LDAP_FILTER_NOT &&
01017                      !n->f_list->f_next ) {
01018                      f = n->f_list;
01019                      *n = *f;
01020                      op->o_tmpfree( f, op->o_tmpmemctx );
01021               }
01022               break;
01023        }
01024        }
01025        return n;
01026 }
01027 
01028 static void
01029 trans_filter_free( Operation *op, Filter *f )
01030 {
01031        Filter *n, *p, *next;
01032 
01033        f->f_choice &= SLAPD_FILTER_MASK;
01034 
01035        switch( f->f_choice ) {
01036        case LDAP_FILTER_AND:
01037        case LDAP_FILTER_OR:
01038        case LDAP_FILTER_NOT:
01039               /* Free in reverse order */
01040               n = NULL;
01041               for ( p = f->f_list; p; p = next ) {
01042                      next = p->f_next;
01043                      p->f_next = n;
01044                      n = p;
01045               }
01046               for ( p = n; p; p = next ) {
01047                      next = p->f_next;
01048                      trans_filter_free( op, p );
01049               }
01050               break;
01051        default:
01052               break;
01053        }
01054        op->o_tmpfree( f, op->o_tmpmemctx );
01055 }
01056 
01057 /*
01058 ** translucent_search()
01059 **     search via captive backend;
01060 **     override results with any local data;
01061 **
01062 */
01063 
01064 static int translucent_search(Operation *op, SlapReply *rs) {
01065        slap_overinst *on = (slap_overinst *) op->o_bd->bd_info;
01066        translucent_info *ov = on->on_bi.bi_private;
01067        slap_callback cb = { NULL, NULL, NULL, NULL };
01068        trans_ctx tc;
01069        Filter *fl, *fr;
01070        struct berval fbv;
01071        int rc = 0;
01072 
01073        Debug(LDAP_DEBUG_TRACE, "==> translucent_search: <%s> %s\n",
01074               op->o_req_dn.bv_val, op->ors_filterstr.bv_val, 0);
01075 
01076        if(ov->defer_db_open) {
01077               send_ldap_error(op, rs, LDAP_UNAVAILABLE,
01078                      "remote DB not available");
01079               return(rs->sr_err);
01080        }
01081 
01082        fr = ov->remote ? trans_filter_dup( op, op->ors_filter, ov->remote ) : NULL;
01083        fl = ov->local ? trans_filter_dup( op, op->ors_filter, ov->local ) : NULL;
01084        cb.sc_response = (slap_response *) translucent_search_cb;
01085        cb.sc_private = &tc;
01086        cb.sc_next = op->o_callback;
01087 
01088        ov->db.be_acl = op->o_bd->be_acl;
01089        tc.db = op->o_bd;
01090        tc.on = on;
01091        tc.orig = op->ors_filter;
01092        tc.list = NULL;
01093        tc.step = 0;
01094        tc.slimit = op->ors_slimit;
01095        tc.attrs = NULL;
01096        fbv = op->ors_filterstr;
01097 
01098        op->o_callback = &cb;
01099 
01100        if ( fr || !fl ) {
01101               tc.attrs = op->ors_attrs;
01102               op->ors_slimit = SLAP_NO_LIMIT;
01103               op->ors_attrs = slap_anlist_all_attributes;
01104               op->o_bd = &ov->db;
01105               tc.step |= RMT_SIDE;
01106               if ( fl ) {
01107                      tc.step |= USE_LIST;
01108                      op->ors_filter = fr;
01109                      filter2bv_x( op, fr, &op->ors_filterstr );
01110               }
01111               rc = ov->db.bd_info->bi_op_search(op, rs);
01112               op->ors_attrs = tc.attrs;
01113               op->o_bd = tc.db;
01114               if ( fl ) {
01115                      op->o_tmpfree( op->ors_filterstr.bv_val, op->o_tmpmemctx );
01116               }
01117        }
01118        if ( fl && !rc ) {
01119               tc.step |= LCL_SIDE;
01120               op->ors_filter = fl;
01121               filter2bv_x( op, fl, &op->ors_filterstr );
01122               rc = overlay_op_walk( op, rs, op_search, on->on_info, on->on_next );
01123               op->o_tmpfree( op->ors_filterstr.bv_val, op->o_tmpmemctx );
01124        }
01125        op->ors_filterstr = fbv;
01126        op->ors_filter = tc.orig;
01127        op->o_callback = cb.sc_next;
01128        rs->sr_attrs = op->ors_attrs;
01129        rs->sr_attr_flags = slap_attr_flags( rs->sr_attrs );
01130 
01131        /* Send out anything remaining on the list and finish */
01132        if ( tc.step & USE_LIST ) {
01133               if ( tc.list ) {
01134                      Avlnode *av;
01135 
01136                      av = tavl_end( tc.list, TAVL_DIR_LEFT );
01137                      while ( av ) {
01138                             rs->sr_entry = av->avl_data;
01139                             if ( rc == LDAP_SUCCESS && LDAP_COMPARE_TRUE ==
01140                                    test_filter( op, rs->sr_entry, op->ors_filter ))
01141                             {
01142                                    rs->sr_flags = REP_ENTRY_MUSTBEFREED;
01143                                    rc = send_search_entry( op, rs );
01144                             } else {
01145                                    entry_free( rs->sr_entry );
01146                             }
01147                             av = tavl_next( av, TAVL_DIR_RIGHT );
01148                      }
01149                      tavl_free( tc.list, NULL );
01150                      rs->sr_flags = 0;
01151                      rs->sr_entry = NULL;
01152               }
01153               send_ldap_result( op, rs );
01154        }
01155 
01156        op->ors_slimit = tc.slimit;
01157 
01158        /* Free in reverse order */
01159        if ( fl )
01160               trans_filter_free( op, fl );
01161        if ( fr )
01162               trans_filter_free( op, fr );
01163 
01164        return rc;
01165 }
01166 
01167 
01168 /*
01169 ** translucent_bind()
01170 **     pass bind request to captive backend;
01171 **
01172 */
01173 
01174 static int translucent_bind(Operation *op, SlapReply *rs) {
01175        slap_overinst *on = (slap_overinst *) op->o_bd->bd_info;
01176        translucent_info *ov = on->on_bi.bi_private;
01177        BackendDB *db;
01178        slap_callback sc = { 0 }, *save_cb;
01179        int rc;
01180 
01181        Debug(LDAP_DEBUG_TRACE, "translucent_bind: <%s> method %d\n",
01182               op->o_req_dn.bv_val, op->orb_method, 0);
01183 
01184        if(ov->defer_db_open) {
01185               send_ldap_error(op, rs, LDAP_UNAVAILABLE,
01186                      "remote DB not available");
01187               return(rs->sr_err);
01188        }
01189 
01190        if (ov->bind_local) {
01191               sc.sc_response = slap_null_cb;
01192               save_cb = op->o_callback;
01193               op->o_callback = &sc;
01194        }
01195 
01196        db = op->o_bd;
01197        op->o_bd = &ov->db;
01198        ov->db.be_acl = op->o_bd->be_acl;
01199        rc = ov->db.bd_info->bi_op_bind(op, rs);
01200        op->o_bd = db;
01201 
01202        if (ov->bind_local) {
01203               op->o_callback = save_cb;
01204               if (rc != LDAP_SUCCESS) {
01205                      rc = SLAP_CB_CONTINUE;
01206               }
01207        }
01208 
01209        return rc;
01210 }
01211 
01212 /*
01213 ** translucent_connection_destroy()
01214 **     pass disconnect notification to captive backend;
01215 **
01216 */
01217 
01218 static int translucent_connection_destroy(BackendDB *be, Connection *conn) {
01219        slap_overinst *on = (slap_overinst *) be->bd_info;
01220        translucent_info *ov = on->on_bi.bi_private;
01221        int rc = 0;
01222 
01223        Debug(LDAP_DEBUG_TRACE, "translucent_connection_destroy\n", 0, 0, 0);
01224 
01225        rc = ov->db.bd_info->bi_connection_destroy(&ov->db, conn);
01226 
01227        return(rc);
01228 }
01229 
01230 /*
01231 ** translucent_db_config()
01232 **     pass config directives to captive backend;
01233 **     parse unrecognized directives ourselves;
01234 **
01235 */
01236 
01237 static int translucent_db_config(
01238        BackendDB     *be,
01239        const char    *fname,
01240        int           lineno,
01241        int           argc,
01242        char          **argv
01243 )
01244 {
01245        slap_overinst *on = (slap_overinst *) be->bd_info;
01246        translucent_info *ov = on->on_bi.bi_private;
01247 
01248        Debug(LDAP_DEBUG_TRACE, "==> translucent_db_config: %s\n",
01249              argc ? argv[0] : "", 0, 0);
01250 
01251        /* Something for the captive database? */
01252        if ( ov->db.bd_info && ov->db.bd_info->bi_db_config )
01253               return ov->db.bd_info->bi_db_config( &ov->db, fname, lineno,
01254                      argc, argv );
01255        return SLAP_CONF_UNKNOWN;
01256 }
01257 
01258 /*
01259 ** translucent_db_init()
01260 **     initialize the captive backend;
01261 **
01262 */
01263 
01264 static int translucent_db_init(BackendDB *be, ConfigReply *cr) {
01265        slap_overinst *on = (slap_overinst *) be->bd_info;
01266        translucent_info *ov;
01267 
01268        Debug(LDAP_DEBUG_TRACE, "==> translucent_db_init\n", 0, 0, 0);
01269 
01270        ov = ch_calloc(1, sizeof(translucent_info));
01271        on->on_bi.bi_private = ov;
01272        ov->db = *be;
01273        ov->db.be_private = NULL;
01274        ov->defer_db_open = 1;
01275 
01276        if ( !backend_db_init( "ldap", &ov->db, -1, NULL )) {
01277               Debug( LDAP_DEBUG_CONFIG, "translucent: unable to open captive back-ldap\n", 0, 0, 0);
01278               return 1;
01279        }
01280        SLAP_DBFLAGS(be) |= SLAP_DBFLAG_NO_SCHEMA_CHECK;
01281        SLAP_DBFLAGS(be) |= SLAP_DBFLAG_NOLASTMOD;
01282 
01283        return 0;
01284 }
01285 
01286 /*
01287 ** translucent_db_open()
01288 **     if the captive backend has an open() method, call it;
01289 **
01290 */
01291 
01292 static int translucent_db_open(BackendDB *be, ConfigReply *cr) {
01293        slap_overinst *on = (slap_overinst *) be->bd_info;
01294        translucent_info *ov = on->on_bi.bi_private;
01295        int rc;
01296 
01297        Debug(LDAP_DEBUG_TRACE, "==> translucent_db_open\n", 0, 0, 0);
01298 
01299        /* need to inherit something from the original database... */
01300        ov->db.be_def_limit = be->be_def_limit;
01301        ov->db.be_limits = be->be_limits;
01302        ov->db.be_acl = be->be_acl;
01303        ov->db.be_dfltaccess = be->be_dfltaccess;
01304 
01305        if ( ov->defer_db_open )
01306               return 0;
01307 
01308        rc = backend_startup_one( &ov->db, cr );
01309 
01310        if(rc) Debug(LDAP_DEBUG_TRACE,
01311               "translucent: bi_db_open() returned error %d\n", rc, 0, 0);
01312 
01313        return(rc);
01314 }
01315 
01316 /*
01317 ** translucent_db_close()
01318 **     if the captive backend has a close() method, call it
01319 **
01320 */
01321 
01322 static int
01323 translucent_db_close( BackendDB *be, ConfigReply *cr )
01324 {
01325        slap_overinst *on = (slap_overinst *) be->bd_info;
01326        translucent_info *ov = on->on_bi.bi_private;
01327        int rc = 0;
01328 
01329        Debug(LDAP_DEBUG_TRACE, "==> translucent_db_close\n", 0, 0, 0);
01330 
01331        if ( ov && ov->db.bd_info && ov->db.bd_info->bi_db_close ) {
01332               rc = ov->db.bd_info->bi_db_close(&ov->db, NULL);
01333        }
01334 
01335        return(rc);
01336 }
01337 
01338 /*
01339 ** translucent_db_destroy()
01340 **     if the captive backend has a db_destroy() method, call it;
01341 **     free any config data
01342 **
01343 */
01344 
01345 static int
01346 translucent_db_destroy( BackendDB *be, ConfigReply *cr )
01347 {
01348        slap_overinst *on = (slap_overinst *) be->bd_info;
01349        translucent_info *ov = on->on_bi.bi_private;
01350        int rc = 0;
01351 
01352        Debug(LDAP_DEBUG_TRACE, "==> translucent_db_destroy\n", 0, 0, 0);
01353 
01354        if ( ov ) {
01355               if ( ov->remote )
01356                      anlist_free( ov->remote, 1, NULL );
01357               if ( ov->local )
01358                      anlist_free( ov->local, 1, NULL );
01359               if ( ov->db.be_private != NULL ) {
01360                      backend_stopdown_one( &ov->db );
01361               }
01362 
01363               ldap_pvt_thread_mutex_destroy( &ov->db.be_pcl_mutex );
01364               ch_free(ov);
01365               on->on_bi.bi_private = NULL;
01366        }
01367 
01368        return(rc);
01369 }
01370 
01371 /*
01372 ** translucent_initialize()
01373 **     initialize the slap_overinst with our entry points;
01374 **
01375 */
01376 
01377 int translucent_initialize() {
01378 
01379        int rc;
01380 
01381        Debug(LDAP_DEBUG_TRACE, "==> translucent_initialize\n", 0, 0, 0);
01382 
01383        translucent.on_bi.bi_type   = "translucent";
01384        translucent.on_bi.bi_db_init       = translucent_db_init;
01385        translucent.on_bi.bi_db_config     = translucent_db_config;
01386        translucent.on_bi.bi_db_open       = translucent_db_open;
01387        translucent.on_bi.bi_db_close      = translucent_db_close;
01388        translucent.on_bi.bi_db_destroy    = translucent_db_destroy;
01389        translucent.on_bi.bi_op_bind       = translucent_bind;
01390        translucent.on_bi.bi_op_add = translucent_add;
01391        translucent.on_bi.bi_op_modify     = translucent_modify;
01392        translucent.on_bi.bi_op_modrdn     = translucent_modrdn;
01393        translucent.on_bi.bi_op_delete     = translucent_delete;
01394        translucent.on_bi.bi_op_search     = translucent_search;
01395        translucent.on_bi.bi_op_compare    = translucent_compare;
01396        translucent.on_bi.bi_connection_destroy = translucent_connection_destroy;
01397        translucent.on_bi.bi_extended      = translucent_exop;
01398 
01399        translucent.on_bi.bi_cf_ocs = translucentocs;
01400        rc = config_register_schema ( translucentcfg, translucentocs );
01401        if ( rc ) return rc;
01402 
01403        return(overlay_register(&translucent));
01404 }
01405 
01406 #if SLAPD_OVER_TRANSLUCENT == SLAPD_MOD_DYNAMIC && defined(PIC)
01407 int init_module(int argc, char *argv[]) {
01408        return translucent_initialize();
01409 }
01410 #endif
01411 
01412 #endif /* SLAPD_OVER_TRANSLUCENT */