2 * Copyright (c) 1998 Will Ballantyne, ITSD, Government of BC
5 * Redistribution and use in source and binary forms are permitted
6 * provided that this notice is preserved and that due credit is given
7 * to ITSD, Government of BC. The name of ITSD
8 * may not be used to endorse or promote products derived from this
9 * software without specific prior written permission. This software
10 * is provided ``as is'' without express or implied warranty.
17 #include <ac/socket.h> /* Get struct sockaddr for slap.h */
19 #include "back-ldbm.h"
20 #include "proto-back-ldbm.h"
23 * given an alias object, dereference it to its end point.
24 * entry returned has reader lock
26 Entry *derefAlias_r ( Backend *be,
36 Debug( LDAP_DEBUG_TRACE, "<= checking for alias for dn %s\n", e->e_dn, 0, 0 );
39 * try to deref fully, up to a maximum depth. If the max depth exceeded
43 ( ( a = attr_find( e->e_attrs, "aliasedobjectname" ) ) != NULL) &&
44 ( depth < be->be_maxDerefDepth );
49 * make sure there is a defined aliasedobjectname.
50 * can only have one value so just use first value (0) in the attr list.
52 if (a->a_vals[0] && a->a_vals[0]->bv_val) {
55 Debug( LDAP_DEBUG_TRACE, "<= %s is an alias for %s\n",
56 e->e_dn, a->a_vals[0]->bv_val, 0 );
57 newDN = ch_strdup (a->a_vals[0]->bv_val);
58 oldDN = ch_strdup (e->e_dn);
61 * ok, so what happens if there is an alias in the DN of a dereferenced
64 if ( (e = dn2entry_r( be, newDN, &matched )) == NULL ) {
66 /* could not deref return error */
67 Debug( LDAP_DEBUG_TRACE,
68 "<= %s is a dangling alias to %s\n",
70 send_ldap_result( conn, op, LDAP_ALIAS_PROBLEM, "",
73 if(matched != NULL) free(matched);
80 * there was an aliasedobjectname defined but no data.
81 * this can't happen, right?
83 Debug( LDAP_DEBUG_TRACE,
84 "<= %s has no data in aliasedobjectname attribute\n",
86 send_ldap_result( conn, op, LDAP_ALIAS_PROBLEM, "",
87 "Alias missing aliasedobjectname" );
92 * warn if we pulled out due to exceeding the maximum deref depth
94 if ( depth >= be->be_maxDerefDepth ) {
95 Debug( LDAP_DEBUG_TRACE,
96 "<= %s exceeded maximum deref depth %d\n",
97 e->e_dn, be->be_maxDerefDepth, 0 );
98 send_ldap_result( conn, op, LDAP_ALIAS_PROBLEM, "",
99 "Maximum alias dereference depth exceeded" );
106 * given a DN fully deref it and return the real DN or original DN if it fails
108 char *derefDN ( Backend *be,
114 struct ldbminfo *li = (struct ldbminfo *) be->be_private;
123 Debug( LDAP_DEBUG_TRACE,
124 "<= dereferencing dn: \"%s\"\n",
127 newDN = ch_strdup ( dn );
129 /* while we don't have a matched dn, deref the DN */
131 ( (eMatched = dn2entry_r( be, newDN, &matched )) == NULL) &&
132 (depth < be->be_maxDerefDepth);
135 if ((matched != NULL) && *matched) {
139 * make sure there actually is an entry for the matched part
141 if ( (eMatched = dn2entry_r( be, matched, &submatch )) != NULL) {
142 char *remainder; /* part before the aliased part */
143 int rlen = strlen(newDN) - strlen(matched);
145 Debug( LDAP_DEBUG_TRACE, "<= matched %s\n", matched, 0, 0 );
147 remainder = ch_malloc (rlen + 1);
148 strncpy ( remainder, newDN, rlen );
149 remainder[rlen] = '\0';
151 Debug( LDAP_DEBUG_TRACE, "<= remainder %s\n", remainder, 0, 0 );
153 if ((eNew = derefAlias_r( be, conn, op, eMatched )) == NULL) {
160 break; /* no associated entry, dont deref */
164 Debug( LDAP_DEBUG_TRACE, "<= l&g we have %s vs %s \n", matched, eNew->e_dn, 0 );
166 i = strcasecmp (matched, eNew->e_dn);
167 /* free reader lock */
168 cache_return_entry_r(&li->li_cache, eNew);
170 /* newDN same as old so not an alias, no need to go further */
180 * we have dereferenced the aliased part so put
181 * the new dn together
184 newDN = ch_malloc (strlen(eMatched->e_dn) + rlen + 1);
185 strcpy (newDN, remainder);
186 strcat (newDN, eMatched->e_dn);
187 Debug( LDAP_DEBUG_TRACE, "<= expanded to %s\n", newDN, 0, 0 );
193 /* free reader lock */
194 cache_return_entry_r(&li->li_cache, eMatched);
197 if(submatch != NULL) free(submatch);
198 break; /* there was no entry for the matched part */
202 break; /* there was no matched part */
206 if(eMatched != NULL) {
207 /* free reader lock */
208 cache_return_entry_r(&li->li_cache, eMatched);
212 * the final part of the DN might be an alias
213 * so try to dereference it.
215 if ( (eNew = dn2entry_r( be, newDN, &matched )) != NULL) {
216 if ((eDeref = derefAlias_r( be, conn, op, eNew )) != NULL) {
218 newDN = ch_strdup (eDeref->e_dn);
219 /* free reader lock */
220 cache_return_entry_r(&li->li_cache, eDeref);
222 /* free reader lock */
223 cache_return_entry_r(&li->li_cache, eNew);
227 * warn if we exceeded the max depth as the resulting DN may not be dereferenced
229 if (depth >= be->be_maxDerefDepth) {
230 Debug( LDAP_DEBUG_TRACE,
231 "<= max deref depth exceeded in derefDN for \"%s\", result \"%s\"\n",
233 send_ldap_result( conn, op, LDAP_ALIAS_PROBLEM, "",
234 "Maximum alias dereference depth exceeded for base" );
238 newDN = ch_strdup ( dn );
241 Debug( LDAP_DEBUG_TRACE, "<= returning deref DN of \"%s\"\n", newDN, 0, 0 );
242 if (matched != NULL) free(matched);