1 /* config.c - ldap backend configuration file routine */
4 * Copyright 1998-2002 The OpenLDAP Foundation, All Rights Reserved.
5 * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
7 /* This is an altered version */
9 * Copyright 1999, Howard Chu, All rights reserved. <hyc@highlandsun.com>
11 * Permission is granted to anyone to use this software for any purpose
12 * on any computer system, and to alter it and redistribute it, subject
13 * to the following restrictions:
15 * 1. The author is not responsible for the consequences of use of this
16 * software, no matter how awful, even if they arise from flaws in it.
18 * 2. The origin of this software must not be misrepresented, either by
19 * explicit claim or by omission. Since few users ever read sources,
20 * credits should appear in the documentation.
22 * 3. Altered versions must be plainly marked as such, and must not be
23 * misrepresented as being the original software. Since few users
24 * ever read sources, credits should appear in the documentation.
26 * 4. This notice may not be removed or altered.
30 * Copyright 2000, Pierangelo Masarati, All rights reserved. <ando@sys-net.it>
32 * This software is being modified by Pierangelo Masarati.
33 * The previously reported conditions apply to the modified code as well.
34 * Changes in the original code are highlighted where required.
35 * Credits for the original code go to the author, Howard Chu.
42 #include <ac/string.h>
43 #include <ac/socket.h>
46 #include "back-ldap.h"
57 struct ldapinfo *li = (struct ldapinfo *) be->be_private;
60 fprintf( stderr, "%s: line %d: ldap backend info is null!\n",
65 /* server address to query (depricated, use "uri" directive) */
66 if ( strcasecmp( argv[0], "server" ) == 0 ) {
69 "%s: line %d: missing address in \"server <address>\" line\n",
75 li->url = ch_calloc(strlen(argv[1]) + 9, sizeof(char));
76 if (li->url != NULL) {
77 strcpy(li->url, "ldap://");
78 strcat(li->url, argv[1]);
82 /* URI of server to query (preferred over "server" directive) */
83 } else if ( strcasecmp( argv[0], "uri" ) == 0 ) {
86 "%s: line %d: missing address in \"uri <address>\" line\n",
92 li->url = ch_strdup(argv[1]);
94 /* name to use for ldap_back_group */
95 } else if ( strcasecmp( argv[0], "binddn" ) == 0 ) {
98 "%s: line %d: missing name in \"binddn <name>\" line\n",
102 li->binddn = ch_strdup(argv[1]);
104 /* password to use for ldap_back_group */
105 } else if ( strcasecmp( argv[0], "bindpw" ) == 0 ) {
108 "%s: line %d: missing password in \"bindpw <password>\" line\n",
112 li->bindpw = ch_strdup(argv[1]);
114 /* save bind creds for referral rebinds? */
115 } else if ( strcasecmp( argv[0], "rebind-as-user" ) == 0 ) {
118 "%s: line %d: rebind-as-user takes no arguments\n",
125 } else if ( strcasecmp( argv[0], "suffixmassage" ) == 0 ) {
127 struct berval bvnc, *nvnc = NULL, *pvnc = NULL,
128 brnc, *nrnc = NULL, *prnc = NULL;
129 #ifdef ENABLE_REWRITE
131 #endif /* ENABLE_REWRITE */
136 * suffixmassage <suffix> <massaged suffix>
138 * the <suffix> field must be defined as a valid suffix
139 * (or suffixAlias?) for the current database;
140 * the <massaged suffix> shouldn't have already been
141 * defined as a valid suffix or suffixAlias for the
145 fprintf( stderr, "%s: line %d: syntax is"
146 " \"suffixMassage <suffix>"
147 " <massaged suffix>\"\n",
152 ber_str2bv( argv[1], 0, 0, &bvnc );
153 pvnc = (struct berval *)ber_memalloc( sizeof( struct berval ) );
154 nvnc = (struct berval *)ber_memalloc( sizeof( struct berval ) );
155 if ( dnPrettyNormal( NULL, &bvnc, pvnc, nvnc ) != LDAP_SUCCESS ) {
156 fprintf( stderr, "%s: line %d: suffix DN %s is invalid\n",
157 fname, lineno, bvnc.bv_val );
160 tmp_be = select_backend( nvnc, 0, 0 );
161 if ( tmp_be != NULL && tmp_be != be ) {
162 fprintf( stderr, "%s: line %d: suffix already in use"
163 " by another backend in"
164 " \"suffixMassage <suffix>"
165 " <massaged suffix>\"\n",
172 ber_str2bv( argv[2], 0, 0, &brnc );
173 prnc = (struct berval *)ber_memalloc( sizeof( struct berval ) );
174 nrnc = (struct berval *)ber_memalloc( sizeof( struct berval ) );
175 if ( dnPrettyNormal( NULL, &brnc, prnc, nrnc ) != LDAP_SUCCESS ) {
176 fprintf( stderr, "%s: line %d: suffix DN %s is invalid\n",
177 fname, lineno, brnc.bv_val );
184 tmp_be = select_backend( &nrnc, 0, 0 );
185 if ( tmp_be != NULL ) {
186 fprintf( stderr, "%s: line %d: massaged suffix"
187 " already in use by another backend in"
188 " \"suffixMassage <suffix>"
189 " <massaged suffix>\"\n",
199 #ifdef ENABLE_REWRITE
201 * The suffix massaging is emulated by means of the
202 * rewrite capabilities
203 * FIXME: no extra rewrite capabilities should be added
206 rc = suffix_massage_config( li->rwinfo, pvnc, nvnc, prnc, nrnc );
215 #else /* !ENABLE_REWRITE */
216 ber_bvarray_add( &li->suffix_massage, pvnc );
217 ber_bvarray_add( &li->suffix_massage, nvnc );
219 ber_bvarray_add( &li->suffix_massage, prnc );
220 ber_bvarray_add( &li->suffix_massage, nrnc );
221 #endif /* !ENABLE_REWRITE */
223 /* rewrite stuff ... */
224 } else if ( strncasecmp( argv[0], "rewrite", 7 ) == 0 ) {
225 #ifdef ENABLE_REWRITE
226 return rewrite_parse( li->rwinfo, fname, lineno, argc, argv );
228 #else /* !ENABLE_REWRITE */
229 fprintf( stderr, "%s: line %d: rewrite capabilities "
230 "are not enabled\n", fname, lineno );
231 #endif /* !ENABLE_REWRITE */
233 /* objectclass/attribute mapping */
234 } else if ( strcasecmp( argv[0], "map" ) == 0 ) {
236 struct ldapmapping *mapping;
239 if ( argc < 3 || argc > 4 ) {
241 "%s: line %d: syntax is \"map {objectclass | attribute} {<source> | *} [<dest> | *]\"\n",
246 if ( strcasecmp( argv[1], "objectclass" ) == 0 ) {
248 } else if ( strcasecmp( argv[1], "attribute" ) == 0 ) {
251 fprintf( stderr, "%s: line %d: syntax is "
252 "\"map {objectclass | attribute} {<source> | *} "
258 if ( strcasecmp( argv[2], "*" ) != 0 ) {
262 else if ( strcasecmp( argv[3], "*" ) == 0 )
268 map->drop_missing = 1;
271 if ( strcasecmp( argv[3], "*" ) == 0 ) {
272 map->drop_missing = 0;
280 if ( ( map == &li->at_map )
281 && ( strcasecmp( src, "objectclass" ) == 0
282 || strcasecmp( dst, "objectclass" ) == 0 ) )
285 "%s: line %d: objectclass attribute cannot be mapped\n",
289 mapping = (struct ldapmapping *)ch_calloc( 2,
290 sizeof(struct ldapmapping) );
291 if ( mapping == NULL ) {
293 "%s: line %d: out of memory\n",
297 ber_str2bv( src, 0, 1, &mapping->src );
298 ber_str2bv( dst, 0, 1, &mapping->dst );
300 mapping[1].src = mapping->dst;
301 mapping[1].dst = mapping->src;
303 mapping[1].src = mapping->src;
304 mapping[1].dst = mapping->dst;
307 if ( avl_find( map->map, (caddr_t)mapping, mapping_cmp ) != NULL ||
308 avl_find( map->remap, (caddr_t)&mapping[1], mapping_cmp ) != NULL)
311 "%s: line %d: duplicate mapping found (ignored)\n",
316 avl_insert( &map->map, (caddr_t)mapping,
317 mapping_cmp, mapping_dup );
318 avl_insert( &map->remap, (caddr_t)&mapping[1],
319 mapping_cmp, mapping_dup );
323 fprintf( stderr, "%s: line %d: unknown directive \"%s\" "
324 "in ldap database definition (ignored)\n",
325 fname, lineno, argv[0] );
330 #ifdef ENABLE_REWRITE
332 suffix_massage_regexize( const char *s )
339 ( r = strchr( p, ',' ) ) != NULL;
343 res = ch_calloc( sizeof( char ), strlen( s ) + 4 + 4*i + 1 );
345 ptr = slap_strcopy( res, "(.*)" );
347 ( r = strchr( p, ',' ) ) != NULL;
349 ptr = slap_strncopy( ptr, p, r - p + 1 );
350 ptr = slap_strcopy( ptr, "[ ]?" );
352 if ( r[ 1 ] == ' ' ) {
356 slap_strcopy( ptr, p );
362 suffix_massage_patternize( const char *s )
369 res = ch_calloc( sizeof( char ), len + sizeof( "%1" ) );
375 strcpy( res + sizeof( "%1" ) - 1, s );
381 suffix_massage_config(
382 struct rewrite_info *info,
392 rargv[ 0 ] = "rewriteEngine";
395 rewrite_parse( info, "<suffix massage>", ++line, 2, rargv );
397 rargv[ 0 ] = "rewriteContext";
398 rargv[ 1 ] = "default";
400 rewrite_parse( info, "<suffix massage>", ++line, 2, rargv );
402 rargv[ 0 ] = "rewriteRule";
403 rargv[ 1 ] = suffix_massage_regexize( pvnc->bv_val );
404 rargv[ 2 ] = suffix_massage_patternize( prnc->bv_val );
407 rewrite_parse( info, "<suffix massage>", ++line, 4, rargv );
408 ch_free( rargv[ 1 ] );
409 ch_free( rargv[ 2 ] );
411 rargv[ 0 ] = "rewriteContext";
412 rargv[ 1 ] = "searchResult";
414 rewrite_parse( info, "<suffix massage>", ++line, 2, rargv );
416 rargv[ 0 ] = "rewriteRule";
417 rargv[ 1 ] = suffix_massage_regexize( prnc->bv_val );
418 rargv[ 2 ] = suffix_massage_patternize( pvnc->bv_val );
421 rewrite_parse( info, "<suffix massage>", ++line, 4, rargv );
422 ch_free( rargv[ 1 ] );
423 ch_free( rargv[ 2 ] );
426 * the filter should be rewritten as
429 * "(.*)member=([^)]+),o=Foo Bar,[ ]?c=US(.*)"
430 * "%1member=%2,dc=example,dc=com%3"
432 * where "o=Foo Bar, c=US" is the virtual naming context,
433 * and "dc=example, dc=com" is the real naming context
435 rargv[ 0 ] = "rewriteContext";
436 rargv[ 1 ] = "searchFilter";
438 rewrite_parse( info, "<suffix massage>", ++line, 2, rargv );
440 #if 1 /* rewrite filters */
443 * Note: this is far more optimistic than desirable:
444 * for any AVA value ending with the virtual naming
445 * context the terminal part will be replaced by the
446 * real naming context; a better solution would be to
447 * walk the filter looking for DN-valued attributes,
448 * and only rewrite those that require rewriting
450 char vbuf[LDAP_FILT_MAXSIZ], rbuf[LDAP_FILT_MAXSIZ];
452 snprintf( vbuf, sizeof( vbuf ), "(.*)%s\\)(.*)", nvnc->bv_val );
453 snprintf( rbuf, sizeof( rbuf ), "%%1%s)%%2", nrnc->bv_val );
455 rargv[ 0 ] = "rewriteRule";
460 rewrite_parse( info, "<suffix massage>", ++line, 4, rargv );
462 #endif /* rewrite filters */
464 #if 0 /* "matched" is not normalized */
465 rargv[ 0 ] = "rewriteContext";
466 rargv[ 1 ] = "matchedDn";
467 rargv[ 2 ] = "alias";
468 rargv[ 3 ] = "searchResult";
470 rewrite_parse( info, "<suffix massage>", ++line, 4, rargv );
471 #else /* normalize "matched" */
472 rargv[ 0 ] = "rewriteContext";
473 rargv[ 1 ] = "matchedDn";
475 rewrite_parse( info, "<suffix massage>", ++line, 2, rargv );
477 rargv[ 0 ] = "rewriteRule";
478 rargv[ 1 ] = suffix_massage_regexize( prnc->bv_val );
479 rargv[ 2 ] = suffix_massage_patternize( nvnc->bv_val );
482 rewrite_parse( info, "<suffix massage>", ++line, 4, rargv );
483 ch_free( rargv[ 1 ] );
484 ch_free( rargv[ 2 ] );
485 #endif /* normalize "matched" */
489 #endif /* ENABLE_REWRITE */
projects / openldap / blob