2 * Copyright (c) 1998 Will Ballantyne, ITSD, Government of BC
5 * Redistribution and use in source and binary forms are permitted
6 * provided that this notice is preserved and that due credit is given
7 * to ITSD, Government of BC. The name of ITSD
8 * may not be used to endorse or promote products derived from this
9 * software without specific prior written permission. This software
10 * is provided ``as is'' without express or implied warranty.
16 #include "back-ldbm.h"
17 #include "proto-back-ldbm.h"
20 * given an alias object, dereference it to its end point.
21 * entry returned has reader lock
23 Entry *derefAlias_r ( Backend *be,
33 Debug( LDAP_DEBUG_TRACE, "<= checking for alias for dn %s\n", e->e_dn, 0, 0 );
36 * try to deref fully, up to a maximum depth. If the max depth exceeded
40 ( ( a = attr_find( e->e_attrs, "aliasedobjectname" ) ) != NULL) &&
41 ( depth < be->be_maxDerefDepth );
46 * make sure there is a defined aliasedobjectname.
47 * can only have one value so just use first value (0) in the attr list.
49 if (a->a_vals[0] && a->a_vals[0]->bv_val) {
52 Debug( LDAP_DEBUG_TRACE, "<= %s is an alias for %s\n",
53 e->e_dn, a->a_vals[0]->bv_val, 0 );
54 newDN = strdup (a->a_vals[0]->bv_val);
55 oldDN = strdup (e->e_dn);
58 * ok, so what happens if there is an alias in the DN of a dereferenced
61 if ( (e = dn2entry_r( be, newDN, &matched )) == NULL ) {
63 /* could not deref return error */
64 Debug( LDAP_DEBUG_TRACE,
65 "<= %s is a dangling alias to %s\n",
67 send_ldap_result( conn, op, LDAP_ALIAS_PROBLEM, "",
70 if(matched != NULL) free(matched);
77 * there was an aliasedobjectname defined but no data.
78 * this can't happen, right?
80 Debug( LDAP_DEBUG_TRACE,
81 "<= %s has no data in aliasedobjectname attribute\n",
83 send_ldap_result( conn, op, LDAP_ALIAS_PROBLEM, "",
84 "Alias missing aliasedobjectname" );
89 * warn if we pulled out due to exceeding the maximum deref depth
91 if ( depth >= be->be_maxDerefDepth ) {
92 Debug( LDAP_DEBUG_TRACE,
93 "<= %s exceeded maximum deref depth %d\n",
94 e->e_dn, be->be_maxDerefDepth, 0 );
95 send_ldap_result( conn, op, LDAP_ALIAS_PROBLEM, "",
96 "Maximum alias dereference depth exceeded" );
103 * given a DN fully deref it and return the real DN or original DN if it fails
105 char *derefDN ( Backend *be,
111 struct ldbminfo *li = (struct ldbminfo *) be->be_private;
120 Debug( LDAP_DEBUG_TRACE,
121 "<= dereferencing dn %s\n",
124 newDN = strdup ( dn );
126 /* while we don't have a matched dn, deref the DN */
128 ( (eMatched = dn2entry_r( be, newDN, &matched )) == NULL) &&
129 (depth < be->be_maxDerefDepth);
132 /* free reader lock */
133 cache_return_entry_r(&li->li_cache, eMatched);
139 * make sure there actually is an entry for the matched part
141 if ( (eMatched = dn2entry_r( be, matched, &submatch )) != NULL) {
142 char *remainder; /* part before the aliased part */
143 int rlen = strlen(newDN) - strlen(matched);
145 Debug( LDAP_DEBUG_TRACE, "<= matched %s\n", matched, 0, 0 );
147 remainder = ch_malloc (rlen + 1);
148 strncpy ( remainder, newDN, rlen );
149 remainder[rlen] = '\0';
151 Debug( LDAP_DEBUG_TRACE, "<= remainder %s\n", remainder, 0, 0 );
153 if ((eNew = derefAlias_r( be, conn, op, eMatched )) == NULL) {
157 break; /* no associated entry, dont deref */
161 Debug( LDAP_DEBUG_TRACE, "<= l&g we have %s vs %s \n", matched, eNew->e_dn, 0 );
163 if (!strcasecmp (matched, eNew->e_dn)) {
164 /* newDN same as old so not an alias, no need to go further */
172 * we have dereferenced the aliased part so put
173 * the new dn together
178 newDN = ch_malloc (strlen(eMatched->e_dn) + rlen + 1);
179 strcpy (newDN, remainder);
180 strcat (newDN, eMatched->e_dn);
181 Debug( LDAP_DEBUG_TRACE, "<= expanded to %s\n", newDN, 0, 0 );
185 /* free reader lock */
186 cache_return_entry_r(&li->li_cache, eNew);
188 /* free reader lock */
189 cache_return_entry_r(&li->li_cache, eMatched);
192 if(submatch != NULL) free(submatch);
193 break; /* there was no entry for the matched part */
197 break; /* there was no matched part */
202 * the final part of the DN might be an alias
203 * so try to dereference it.
205 if ( (eNew = dn2entry_r( be, newDN, &matched )) != NULL) {
206 if ((eDeref = derefAlias_r( be, conn, op, eNew )) != NULL) {
208 newDN = strdup (eDeref->e_dn);
209 /* free reader lock */
210 cache_return_entry_r(&li->li_cache, eDeref);
212 /* free reader lock */
213 cache_return_entry_r(&li->li_cache, eNew);
217 * warn if we exceeded the max depth as the resulting DN may not be dereferenced
219 if (depth >= be->be_maxDerefDepth) {
220 Debug( LDAP_DEBUG_TRACE,
221 "<= max deref depth exceeded in derefDN for %s, result %s\n",
223 send_ldap_result( conn, op, LDAP_ALIAS_PROBLEM, "",
224 "Maximum alias dereference depth exceeded for base" );
227 Debug( LDAP_DEBUG_TRACE, "<= returning deref DN of %s\n", newDN, 0, 0 );