xref: /netbsd-src/external/bsd/openldap/dist/servers/slapd/back-relay/op.c (revision bdc22b2e01993381dcefeff2bc9b56ca75a4235c) 
1 /*	$NetBSD: op.c,v 1.1.1.6 2018/02/06 01:53:18 christos Exp $	*/
2 
3 /* op.c - relay backend operations */
4 /* $OpenLDAP$ */
5 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
6  *
7  * Copyright 2004-2017 The OpenLDAP Foundation.
8  * Portions Copyright 2004 Pierangelo Masarati.
9  * All rights reserved.
10  *
11  * Redistribution and use in source and binary forms, with or without
12  * modification, are permitted only as authorized by the OpenLDAP
13  * Public License.
14  *
15  * A copy of this license is available in the file LICENSE in the
16  * top-level directory of the distribution or, alternatively, at
17  * <http://www.OpenLDAP.org/license.html>.
18  */
19 /* ACKNOWLEDGEMENTS:
20  * This work was initially developed by Pierangelo Masarati for inclusion
21  * in OpenLDAP Software.
22  */
23 
24 #include <sys/cdefs.h>
25 __RCSID("$NetBSD: op.c,v 1.1.1.6 2018/02/06 01:53:18 christos Exp $");
26 
27 #include "portable.h"
28 
29 #include <stdio.h>
30 
31 #include "slap.h"
32 #include "back-relay.h"
33 
34 /* Results when no real database (.rf_bd) or operation handler (.rf_op) */
35 static const struct relay_fail_modes_s {
36 	slap_mask_t	rf_bd, rf_op;
37 #define RB_ERR_MASK	0x0000FFFFU /* bitmask for default return value */
38 #define RB_BDERR	0x80000000U /* use .rf_bd's default return value */
39 #define RB_OPERR	0x40000000U /* set rs->sr_err = .rf_op return value */
40 #define RB_REF		0x20000000U /* use default_referral if available */
41 #define RB_SEND		0x10000000U /* send result; RB_??ERR is also set */
42 #define RB_SENDREF	0/*unused*/ /* like RB_SEND when referral found */
43 #define RB_NO_BIND	(RB_OPERR | LDAP_INVALID_CREDENTIALS)
44 #define RB_NOT_SUPP	(RB_OPERR | LDAP_UNWILLING_TO_PERFORM)
45 #define RB_NO_OBJ	(RB_REF | LDAP_NO_SUCH_OBJECT)
46 #define RB_CHK_REF	(RB_REF | RB_SENDREF | LDAP_SUCCESS)
47 } relay_fail_modes[relay_op_last] = {
48 	/* .rf_bd is unused when zero, otherwise both fields have RB_BDERR */
49 #	define RB_OP(b, o)	{ (b) | RB_BD2ERR(b), (o) | RB_BD2ERR(b) }
50 #	define RB_BD2ERR(b)	((b) ? RB_BDERR : 0)
51 	/* indexed by slap_operation_t: */
52 	RB_OP(RB_NO_BIND|RB_SEND, RB_NO_BIND  |RB_SEND), /* Bind           */
53 	RB_OP(0,                  LDAP_SUCCESS),         /* Unbind: unused */
54 	RB_OP(RB_NO_OBJ |RB_SEND, RB_NOT_SUPP |RB_SEND), /* Search         */
55 	RB_OP(RB_NO_OBJ |RB_SEND, SLAP_CB_CONTINUE),     /* Compare        */
56 	RB_OP(RB_NO_OBJ |RB_SEND, RB_NOT_SUPP |RB_SEND), /* Modify         */
57 	RB_OP(RB_NO_OBJ |RB_SEND, RB_NOT_SUPP |RB_SEND), /* Modrdn         */
58 	RB_OP(RB_NO_OBJ |RB_SEND, RB_NOT_SUPP |RB_SEND), /* Add            */
59 	RB_OP(RB_NO_OBJ |RB_SEND, RB_NOT_SUPP |RB_SEND), /* Delete         */
60 	RB_OP(0,                  LDAP_SUCCESS),         /* Abandon:unused */
61 	RB_OP(RB_NO_OBJ,          RB_NOT_SUPP),          /* Extended       */
62 	RB_OP(0,                  SLAP_CB_CONTINUE),     /* Cancel: unused */
63 	RB_OP(0,                  LDAP_SUCCESS),    /* operational         */
64 	RB_OP(RB_CHK_REF,         LDAP_SUCCESS),    /* chk_referrals:unused*/
65 	RB_OP(0,                  SLAP_CB_CONTINUE),/* chk_controls:unused */
66 	/* additional relay_operation_t indexes from back-relay.h: */
67 	RB_OP(0,                  0/*unused*/),     /* entry_get = op_last */
68 	RB_OP(0,                  0/*unused*/),     /* entry_release       */
69 	RB_OP(0,                  0/*unused*/),     /* has_subordinates    */
70 };
71 
72 /*
73  * Callbacks: Caller changed op->o_bd from Relay to underlying
74  * BackendDB.  sc_response sets it to Relay BackendDB, sc_cleanup puts
75  * back underlying BackendDB.  Caller will restore Relay BackendDB.
76  */
77 
78 typedef struct relay_callback {
79 	slap_callback rcb_sc;
80 	BackendDB *rcb_bd;
81 } relay_callback;
82 
83 static int
84 relay_back_cleanup_cb( Operation *op, SlapReply *rs )
85 {
86 	op->o_bd = ((relay_callback *) op->o_callback)->rcb_bd;
87 	return SLAP_CB_CONTINUE;
88 }
89 
90 static int
91 relay_back_response_cb( Operation *op, SlapReply *rs )
92 {
93 	relay_callback	*rcb = (relay_callback *) op->o_callback;
94 
95 	rcb->rcb_sc.sc_cleanup = relay_back_cleanup_cb;
96 	rcb->rcb_bd = op->o_bd;
97 	op->o_bd = op->o_callback->sc_private;
98 	return SLAP_CB_CONTINUE;
99 }
100 
101 #define relay_back_add_cb( rcb, op ) {				\
102 		(rcb)->rcb_sc.sc_next = (op)->o_callback;	\
103 		(rcb)->rcb_sc.sc_response = relay_back_response_cb; \
104 		(rcb)->rcb_sc.sc_cleanup = 0;			\
105 		(rcb)->rcb_sc.sc_writewait = 0;			\
106 		(rcb)->rcb_sc.sc_private = (op)->o_bd;		\
107 		(op)->o_callback = (slap_callback *) (rcb);	\
108 }
109 
110 #define relay_back_remove_cb( rcb, op ) {			\
111 		slap_callback	**sc = &(op)->o_callback;	\
112 		for ( ;; sc = &(*sc)->sc_next )			\
113 			if ( *sc == (slap_callback *) (rcb) ) {	\
114 				*sc = (*sc)->sc_next; break;	\
115 			} else if ( *sc == NULL ) break;	\
116 }
117 
118 /*
119  * Select the backend database with the operation's DN.  On failure,
120  * set/send results depending on operation type <which>'s fail_modes.
121  */
122 static BackendDB *
123 relay_back_select_backend( Operation *op, SlapReply *rs, int which )
124 {
125 	OpExtra		*oex;
126 	char		*key = (char *) op->o_bd->be_private;
127 	BackendDB	*bd  = ((relay_back_info *) key)->ri_bd;
128 	slap_mask_t	fail_mode = relay_fail_modes[which].rf_bd;
129 	int		useDN = 0, rc = ( fail_mode & RB_ERR_MASK );
130 
131 	if ( bd == NULL && !BER_BVISNULL( &op->o_req_ndn ) ) {
132 		useDN = 1;
133 		bd = select_backend( &op->o_req_ndn, 1 );
134 	}
135 
136 	if ( bd != NULL ) {
137 		key += which; /* <relay, op type> key from RELAY_WRAP_OP() */
138 		LDAP_SLIST_FOREACH( oex, &op->o_extra, oe_next ) {
139 			if ( oex->oe_key == key )
140 				break;
141 		}
142 		if ( oex == NULL ) {
143 			return bd;
144 		}
145 
146 		Debug( LDAP_DEBUG_ANY,
147 			"%s: back-relay for DN=\"%s\" would call self.\n",
148 			op->o_log_prefix, op->o_req_dn.bv_val, 0 );
149 
150 	} else if ( useDN && ( fail_mode & RB_REF ) && default_referral ) {
151 		rc = LDAP_REFERRAL;
152 
153 		/* if we set sr_err to LDAP_REFERRAL, we must provide one */
154 		rs->sr_ref = referral_rewrite(
155 			default_referral, NULL, &op->o_req_dn,
156 			op->o_tag == LDAP_REQ_SEARCH ?
157 			op->ors_scope : LDAP_SCOPE_DEFAULT );
158 		if ( rs->sr_ref != NULL ) {
159 			rs->sr_flags |= REP_REF_MUSTBEFREED;
160 		} else {
161 			rs->sr_ref = default_referral;
162 		}
163 
164 		if ( fail_mode & RB_SENDREF )
165 			fail_mode = (RB_BDERR | RB_SEND);
166 	}
167 
168 	if ( fail_mode & RB_BDERR ) {
169 		rs->sr_err = rc;
170 		if ( fail_mode & RB_SEND ) {
171 			send_ldap_result( op, rs );
172 		}
173 	}
174 
175 	return NULL;
176 }
177 
178 /*
179  * Forward <act> on <op> to database <bd>, with <relay, op type>-specific
180  * key in op->o_extra so relay_back_select_backend() can catch recursion.
181  */
182 #define RELAY_WRAP_OP( op, bd, which, act ) { \
183 	OpExtraDB wrap_oex; \
184 	BackendDB *const wrap_bd = (op)->o_bd; \
185 	wrap_oex.oe_db = wrap_bd; \
186 	wrap_oex.oe.oe_key = (char *) wrap_bd->be_private + (which); \
187 	LDAP_SLIST_INSERT_HEAD( &(op)->o_extra, &wrap_oex.oe, oe_next ); \
188 	(op)->o_bd = (bd); \
189 	act; \
190 	(op)->o_bd = wrap_bd; \
191 	LDAP_SLIST_REMOVE( &(op)->o_extra, &wrap_oex.oe, OpExtra, oe_next ); \
192 }
193 
194 /*
195  * Forward backend function #<which> on <op> to operation DN's database
196  * like RELAY_WRAP_OP, after setting up callbacks. If no database or no
197  * backend function, set/send results depending on <which>'s fail_modes.
198  */
199 static int
200 relay_back_op( Operation *op, SlapReply *rs, int which )
201 {
202 	BackendDB	*bd;
203 	BI_op_bind	*func;
204 	slap_mask_t	fail_mode = relay_fail_modes[which].rf_op;
205 	int		rc = ( fail_mode & RB_ERR_MASK );
206 
207 	bd = relay_back_select_backend( op, rs, which );
208 	if ( bd == NULL ) {
209 		if ( fail_mode & RB_BDERR )
210 			return rs->sr_err;	/* sr_err was set above */
211 
212 	} else if ( (func = (&bd->be_bind)[which]) != 0 ) {
213 		relay_callback	rcb;
214 
215 		relay_back_add_cb( &rcb, op );
216 		RELAY_WRAP_OP( op, bd, which, {
217 			rc = func( op, rs );
218 		});
219 		relay_back_remove_cb( &rcb, op );
220 
221 	} else if ( fail_mode & RB_OPERR ) {
222 		rs->sr_err = rc;
223 		if ( rc == LDAP_UNWILLING_TO_PERFORM ) {
224 			rs->sr_text = "operation not supported within naming context";
225 		}
226 
227 		if ( fail_mode & RB_SEND ) {
228 			send_ldap_result( op, rs );
229 		}
230 	}
231 
232 	return rc;
233 }
234 
235 
236 int
237 relay_back_op_bind( Operation *op, SlapReply *rs )
238 {
239 	/* allow rootdn as a means to auth without the need to actually
240  	 * contact the proxied DSA */
241 	switch ( be_rootdn_bind( op, rs ) ) {
242 	case SLAP_CB_CONTINUE:
243 		break;
244 
245 	default:
246 		return rs->sr_err;
247 	}
248 
249 	return relay_back_op( op, rs, op_bind );
250 }
251 
252 #define RELAY_DEFOP(func, which) \
253 	int func( Operation *op, SlapReply *rs ) \
254 	{ return relay_back_op( op, rs, which ); }
255 
256 RELAY_DEFOP( relay_back_op_search,		op_search )
257 RELAY_DEFOP( relay_back_op_compare,		op_compare )
258 RELAY_DEFOP( relay_back_op_modify,		op_modify )
259 RELAY_DEFOP( relay_back_op_modrdn,		op_modrdn )
260 RELAY_DEFOP( relay_back_op_add,			op_add )
261 RELAY_DEFOP( relay_back_op_delete,		op_delete )
262 RELAY_DEFOP( relay_back_op_extended,	op_extended )
263 RELAY_DEFOP( relay_back_operational,	op_aux_operational )
264 
265 /* Abandon, Cancel, Unbind and some DN-less calls like be_connection_init
266  * need no extra handling:  slapd already calls them for all databases.
267  */
268 
269 
270 int
271 relay_back_entry_release_rw( Operation *op, Entry *e, int rw )
272 {
273 	BackendDB		*bd;
274 	int			rc = LDAP_UNWILLING_TO_PERFORM;
275 
276 	bd = relay_back_select_backend( op, NULL, relay_op_entry_release );
277 	if ( bd && bd->be_release ) {
278 		RELAY_WRAP_OP( op, bd, relay_op_entry_release, {
279 			rc = bd->be_release( op, e, rw );
280 		});
281 	} else if ( e->e_private == NULL ) {
282 		entry_free( e );
283 		rc = LDAP_SUCCESS;
284 	}
285 
286 	return rc;
287 }
288 
289 int
290 relay_back_entry_get_rw( Operation *op, struct berval *ndn,
291 	ObjectClass *oc, AttributeDescription *at, int rw, Entry **e )
292 {
293 	BackendDB		*bd;
294 	int			rc = LDAP_NO_SUCH_OBJECT;
295 
296 	bd = relay_back_select_backend( op, NULL, relay_op_entry_get );
297 	if ( bd && bd->be_fetch ) {
298 		RELAY_WRAP_OP( op, bd, relay_op_entry_get, {
299 			rc = bd->be_fetch( op, ndn, oc, at, rw, e );
300 		});
301 	}
302 
303 	return rc;
304 }
305 
306 #if 0 /* Give the RB_SENDREF flag a nonzero value if implementing this */
307 /*
308  * NOTE: even the existence of this function is questionable: we cannot
309  * pass the bi_chk_referrals() call thru the rwm overlay because there
310  * is no way to rewrite the req_dn back; but then relay_back_chk_referrals()
311  * is passing the target database a DN that likely does not belong to its
312  * naming context... mmmh.
313  */
314 RELAY_DEFOP( relay_back_chk_referrals, op_aux_chk_referrals )
315 #endif /*0*/
316 
317 int
318 relay_back_has_subordinates( Operation *op, Entry *e, int *hasSubs )
319 {
320 	BackendDB		*bd;
321 	int			rc = LDAP_OTHER;
322 
323 	bd = relay_back_select_backend( op, NULL, relay_op_has_subordinates );
324 	if ( bd && bd->be_has_subordinates ) {
325 		RELAY_WRAP_OP( op, bd, relay_op_has_subordinates, {
326 			rc = bd->be_has_subordinates( op, e, hasSubs );
327 		});
328 	}
329 
330 	return rc;
331 }
332 
333 
334 /*
335  * FIXME: must implement tools as well
336  */
337