2 * Copyright (c) 1998 Will Ballantyne, ITSD, Government of BC
5 * Redistribution and use in source and binary forms are permitted
6 * provided that this notice is preserved and that due credit is given
7 * to ITSD, Government of BC. The name of ITSD
8 * may not be used to endorse or promote products derived from this
9 * software without specific prior written permission. This software
10 * is provided ``as is'' without express or implied warranty.
17 #include <ac/socket.h> /* Get struct sockaddr for slap.h */
19 #include "back-bdb2.h"
20 #include "proto-back-bdb2.h"
23 * given an alias object, dereference it to its end point.
24 * Entry returned has reader lock or is NULL. Starting entry is not released.
26 Entry *bdb2i_derefAlias_r ( BackendDB *be,
31 /* to free cache entries */
32 struct ldbminfo *li = (struct ldbminfo *) be->be_private;
39 if (!e) return NULL; /* be sure we have a starting entry */
41 Debug( LDAP_DEBUG_TRACE, "<= checking for alias for dn %s\n", e->e_dn, 0, 0 );
44 * try to deref fully, up to a maximum depth. If the max depth exceeded
48 ( ( a = attr_find( e->e_attrs, "aliasedobjectname" ) ) != NULL) &&
49 ( depth < be->be_maxDerefDepth );
54 * make sure there is a defined aliasedobjectname.
55 * can only have one value so just use first value (0) in the attr list.
57 if (a->a_vals[0] && a->a_vals[0]->bv_val) {
60 Debug( LDAP_DEBUG_TRACE, "<= %s is an alias for %s\n",
61 e->e_dn, a->a_vals[0]->bv_val, 0 );
62 newDN = ch_strdup (a->a_vals[0]->bv_val);
63 oldDN = ch_strdup (e->e_ndn);
66 * release past lock if not original
68 if ( (depth > 0) && e ) {
69 bdb2i_cache_return_entry_r(&li->li_cache, e);
72 /* make sure new and old DN are not same to avoid loops */
73 dn_normalize_case (newDN);
74 if ( strcmp (newDN, oldDN) == 0 ) {
76 Debug( LDAP_DEBUG_TRACE,
77 "<= %s alias is same as current %s\n",
79 send_ldap_result( conn, op, LDAP_ALIAS_PROBLEM, "",
86 /* make sure new and original are not same to avoid deadlocks */
87 if ( strcmp (newDN, origDN->e_ndn) == 0 ) {
88 Debug( LDAP_DEBUG_TRACE,
89 "<= %s alias is same as original %s\n",
90 oldDN, origDN->e_ndn, 0 );
91 send_ldap_result( conn, op, LDAP_ALIAS_PROBLEM, "",
99 * ok, so what happens if there is an alias in the DN of a dereferenced
102 if ( (e = bdb2i_dn2entry_r( be, newDN, &matched )) == NULL ) {
104 /* could not deref return error */
105 Debug( LDAP_DEBUG_TRACE,
106 "<= %s is a dangling alias to %s\n",
108 send_ldap_result( conn, op, LDAP_ALIAS_DEREF_PROBLEM, "",
111 if(matched != NULL) free(matched);
122 * there was an aliasedobjectname defined but no data.
123 * this can't happen, right?
125 Debug( LDAP_DEBUG_TRACE,
126 "<= %s has no data in aliasedobjectname attribute\n",
127 (e && e->e_dn) ? e->e_dn : "(null)", 0, 0 );
128 send_ldap_result( conn, op, LDAP_ALIAS_PROBLEM, "",
129 "Alias missing aliasedobjectname" );
135 * warn if we pulled out due to exceeding the maximum deref depth
137 if ( depth >= be->be_maxDerefDepth ) {
138 Debug( LDAP_DEBUG_TRACE,
139 "<= deref(\"%s\") exceeded maximum deref depth (%d) at \"%s\"\n",
140 origDN->e_dn ? origDN->e_dn : "(null)",
141 be->be_maxDerefDepth,
142 (e && e->e_ndn) ? e->e_ndn : "(null)");
143 send_ldap_result( conn, op, LDAP_ALIAS_DEREF_PROBLEM, "",
144 "Maximum alias dereference depth exceeded" );
151 * given a DN fully deref it and return the real DN or original DN if it fails
152 * This involves finding the last matched part then reconstructing forward
154 * ou=MyOU,o=MyAliasedOrg,c=MyCountry where o=MyAliasedOrg is an alias for o=MyOrg
155 * loop starts with newDN = ou=MyOU,o=MyAliasedOrg,c=MyCountry
156 * dn2entry_r on newDN gives null entry and o=MyAliasedOrg,c=MyCountry matched
157 * dn2entry_r on matched gives o=MyAliasedOrg,c=MyCountry entry
158 * remainder is ou=MyOU
159 * dereferencing o=MyAliasedOrg,c=MyCountry yields entry o=MyOrg,c=MyCountry
160 * release lock on o=MyAliasedOrg,c=MyCountry entry
161 * reconstructed dn is ou=MyOU,o=MyOrg,c=MyCountry
162 * release lock on o=MyOrg,c=MyCountry entry
164 char *bdb2i_derefDN ( BackendDB *be,
170 struct ldbminfo *li = (struct ldbminfo *) be->be_private;
178 if (!dn) return NULL;
180 Debug( LDAP_DEBUG_TRACE,
181 "<= dereferencing dn: \"%s\"\n",
184 newDN = ch_strdup ( dn );
186 /* while we don't have a matched dn, deref the DN */
188 ( (eMatched = bdb2i_dn2entry_r( be, newDN, &matched )) == NULL) &&
189 (depth < be->be_maxDerefDepth);
192 if ((matched != NULL) && *matched) {
196 * make sure there actually is an entry for the matched part
198 if ( (eMatched = bdb2i_dn2entry_r( be, matched, &submatch )) != NULL) {
199 char *remainder; /* part before the aliased part */
200 int rlen = strlen(newDN) - strlen(matched);
202 Debug( LDAP_DEBUG_TRACE, "<= matched %s\n", matched, 0, 0 );
204 remainder = ch_malloc (rlen + 1);
205 strncpy ( remainder, newDN, rlen );
206 remainder[rlen] = '\0';
208 Debug( LDAP_DEBUG_TRACE, "<= remainder %s\n", remainder, 0, 0 );
210 if ((eNew = bdb2i_derefAlias_r( be, conn, op, eMatched )) == NULL) {
218 bdb2i_cache_return_entry_r(&li->li_cache, eMatched);
220 break; /* no associated entry, dont deref */
224 Debug( LDAP_DEBUG_TRACE, "<= l&g we have %s vs %s \n", matched, eNew->e_dn, 0 );
226 i = strcasecmp (matched, eNew->e_dn);
227 /* free reader lock */
228 bdb2i_cache_return_entry_r(&li->li_cache, eNew);
234 /* newDN same as old so not an alias, no need to go further */
239 bdb2i_cache_return_entry_r(&li->li_cache, eMatched);
245 * we have dereferenced the aliased part so put
246 * the new dn together
249 newDN = ch_malloc (strlen(eMatched->e_dn) + rlen + 1);
250 strcpy (newDN, remainder);
251 strcat (newDN, eMatched->e_dn);
252 Debug( LDAP_DEBUG_TRACE, "<= expanded to %s\n", newDN, 0, 0 );
256 /* free reader lock */
257 bdb2i_cache_return_entry_r(&li->li_cache, eMatched);
260 if(submatch != NULL) free(submatch);
261 break; /* there was no entry for the matched part */
265 break; /* there was no matched part */
269 /* release lock if a match terminated the loop, there should be no
270 * outstanding locks at this point
272 if(eMatched != NULL) {
273 /* free reader lock */
274 bdb2i_cache_return_entry_r(&li->li_cache, eMatched);
278 * the final part of the DN might be an alias so try to dereference it.
279 * e.g. if we had started with dn = o=MyAliasedOrg,c=MyCountry the dn would match
280 * and the above loop complete but we would still be left with an aliased DN.
282 if ( (eNew = bdb2i_dn2entry_r( be, newDN, &matched )) != NULL) {
283 if ((eDeref = bdb2i_derefAlias_r( be, conn, op, eNew )) != NULL) {
285 newDN = ch_strdup (eDeref->e_dn);
286 /* free reader lock */
287 bdb2i_cache_return_entry_r(&li->li_cache, eDeref);
289 /* free reader lock */
290 bdb2i_cache_return_entry_r(&li->li_cache, eNew);
292 if (matched != NULL) free(matched);
295 * warn if we exceeded the max depth as the resulting DN may not be dereferenced
297 if (depth >= be->be_maxDerefDepth) {
299 Debug( LDAP_DEBUG_TRACE,
300 "<= max deref depth exceeded in derefDN for \"%s\", result \"%s\"\n",
305 Debug( LDAP_DEBUG_TRACE,
306 "<= max deref depth exceeded in derefDN for \"%s\", result NULL\n",
309 send_ldap_result( conn, op, LDAP_ALIAS_DEREF_PROBLEM, "",
310 "Maximum alias dereference depth exceeded for base" );
314 newDN = ch_strdup ( dn );
317 Debug( LDAP_DEBUG_TRACE, "<= returning deref DN of \"%s\"\n", newDN, 0, 0 );