2 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
4 * Copyright 1999-2007 The OpenLDAP Foundation.
5 * Portions Copyright 2001-2003 Pierangelo Masarati.
6 * Portions Copyright 1999-2003 Howard Chu.
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted only as authorized by the OpenLDAP
13 * A copy of this license is available in the file LICENSE in the
14 * top-level directory of the distribution or, alternatively, at
15 * <http://www.OpenLDAP.org/license.html>.
18 * This work was initially developed by the Howard Chu for inclusion
19 * in OpenLDAP Software and subsequently enhanced by Pierangelo
27 #include <ac/string.h>
28 #include <ac/socket.h>
32 #include "../back-ldap/back-ldap.h"
33 #undef ldap_debug /* silence a warning in ldap-int.h */
34 #include "../../../libraries/libldap/ldap-int.h"
35 #include "back-meta.h"
46 mt = ch_calloc( sizeof( metatarget_t ), 1 );
48 mt->mt_rwmap.rwm_rw = rewrite_info_init( REWRITE_MODE_USE_DEFAULT );
49 if ( mt->mt_rwmap.rwm_rw == NULL ) {
55 * the filter rewrite as a string must be disabled
56 * by default; it can be re-enabled by adding rules;
57 * this creates an empty rewriteContext
59 rargv[ 0 ] = "rewriteContext";
60 rargv[ 1 ] = "searchFilter";
62 rewrite_parse( mt->mt_rwmap.rwm_rw, "<suffix massage>", 1, 2, rargv );
64 rargv[ 0 ] = "rewriteContext";
65 rargv[ 1 ] = "default";
67 rewrite_parse( mt->mt_rwmap.rwm_rw, "<suffix massage>", 1, 2, rargv );
69 ldap_pvt_thread_mutex_init( &mt->mt_uri_mutex );
71 mt->mt_idassert_mode = LDAP_BACK_IDASSERT_LEGACY;
72 mt->mt_idassert_authmethod = LDAP_AUTH_NONE;
73 mt->mt_idassert_tls = SB_TLS_DEFAULT;
75 /* by default, use proxyAuthz control on each operation */
76 mt->mt_idassert_flags = LDAP_BACK_AUTH_PRESCRIPTIVE;
84 check_true_false( char *str )
86 if ( strcasecmp( str, "true" ) == 0 || strcasecmp( str, "yes" ) == 0 ) {
90 if ( strcasecmp( str, "false" ) == 0 || strcasecmp( str, "no" ) == 0 ) {
107 metainfo_t *mi = ( metainfo_t * )be->be_private;
109 assert( mi != NULL );
111 /* URI of server to query */
112 if ( strcasecmp( argv[ 0 ], "uri" ) == 0 ) {
113 int i = mi->mi_ntargets;
124 Debug( LDAP_DEBUG_ANY,
125 "%s: line %d: missing URI "
126 "in \"uri <protocol>://<server>[:port]/<naming context>\" line\n",
131 if ( be->be_nsuffix == NULL ) {
132 Debug( LDAP_DEBUG_ANY,
133 "%s: line %d: the suffix must be defined before any target.\n",
140 mi->mi_targets = ( metatarget_t ** )ch_realloc( mi->mi_targets,
141 sizeof( metatarget_t * ) * mi->mi_ntargets );
142 if ( mi->mi_targets == NULL ) {
143 Debug( LDAP_DEBUG_ANY,
144 "%s: line %d: out of memory while storing server name"
145 " in \"uri <protocol>://<server>[:port]/<naming context>\" line\n",
150 if ( meta_back_new_target( &mi->mi_targets[ i ] ) != 0 ) {
151 Debug( LDAP_DEBUG_ANY,
152 "%s: line %d: unable to init server"
153 " in \"uri <protocol>://<server>[:port]/<naming context>\" line\n",
158 mt = mi->mi_targets[ i ];
160 mt->mt_rebind_f = mi->mi_rebind_f;
161 mt->mt_urllist_f = mi->mi_urllist_f;
162 mt->mt_urllist_p = mt;
164 mt->mt_nretries = mi->mi_nretries;
165 mt->mt_quarantine = mi->mi_quarantine;
166 if ( META_BACK_QUARANTINE( mi ) ) {
167 ldap_pvt_thread_mutex_init( &mt->mt_quarantine_mutex );
169 mt->mt_flags = mi->mi_flags;
170 mt->mt_version = mi->mi_version;
171 mt->mt_network_timeout = mi->mi_network_timeout;
172 mt->mt_bind_timeout = mi->mi_bind_timeout;
173 for ( c = 0; c < SLAP_OP_LAST; c++ ) {
174 mt->mt_timeout[ c ] = mi->mi_timeout[ c ];
177 for ( c = 1; c < argc; c++ ) {
178 char **tmpuris = ldap_str2charray( argv[ c ], "\t" );
180 if ( tmpuris == NULL ) {
181 Debug( LDAP_DEBUG_ANY,
182 "%s: line %d: unable to parse URIs #%d"
183 " in \"uri <protocol>://<server>[:port]/<naming context>\" line\n",
184 fname, lineno, c - 1 );
192 ldap_charray_merge( &uris, tmpuris );
193 ldap_charray_free( tmpuris );
197 for ( c = 0; uris[ c ] != NULL; c++ ) {
202 if ( ldap_url_parselist_ext( &ludp, uris[ c ], "\t",
203 LDAP_PVT_URL_PARSE_NONE ) != LDAP_SUCCESS
204 || ludp->lud_next != NULL )
206 Debug( LDAP_DEBUG_ANY,
207 "%s: line %d: unable to parse URI #%d"
208 " in \"uri <protocol>://<server>[:port]/<naming context>\" line\n",
216 * uri MUST have the <dn> part!
218 if ( ludp->lud_dn == NULL ) {
219 Debug( LDAP_DEBUG_ANY,
220 "%s: line %d: missing <naming context> "
221 " in \"uri <protocol>://<server>[:port]/<naming context>\" line\n",
227 * copies and stores uri and suffix
229 ber_str2bv( ludp->lud_dn, 0, 0, &dn );
230 rc = dnPrettyNormal( NULL, &dn, &mt->mt_psuffix,
231 &mt->mt_nsuffix, NULL );
232 if ( rc != LDAP_SUCCESS ) {
233 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
234 "target \"%s\" DN is invalid\n",
235 fname, lineno, argv[ 1 ] );
239 ludp->lud_dn[ 0 ] = '\0';
241 switch ( ludp->lud_scope ) {
242 case LDAP_SCOPE_DEFAULT:
243 mt->mt_scope = LDAP_SCOPE_SUBTREE;
246 case LDAP_SCOPE_SUBTREE:
247 case LDAP_SCOPE_SUBORDINATE:
248 mt->mt_scope = ludp->lud_scope;
252 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
253 "invalid scope for target \"%s\"\n",
254 fname, lineno, argv[ 1 ] );
259 /* check all, to apply the scope check on the first one */
260 if ( ludp->lud_dn != NULL && ludp->lud_dn[ 0 ] != '\0' ) {
261 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
262 "multiple URIs must have "
270 ldap_memfree( uris[ c ] );
271 uris[ c ] = ldap_url_list2urls( ludp );
272 ldap_free_urllist( ludp );
275 mt->mt_uri = ldap_charray2str( uris, " " );
276 ldap_charray_free( uris );
277 if ( mt->mt_uri == NULL) {
278 Debug( LDAP_DEBUG_ANY, "%s: line %d: no memory?\n",
284 * uri MUST be a branch of suffix!
286 for ( c = 0; !BER_BVISNULL( &be->be_nsuffix[ c ] ); c++ ) {
287 if ( dnIsSuffix( &mt->mt_nsuffix, &be->be_nsuffix[ c ] ) ) {
292 if ( BER_BVISNULL( &be->be_nsuffix[ c ] ) ) {
293 Debug( LDAP_DEBUG_ANY,
294 "%s: line %d: <naming context> of URI must be within the naming context of this database.\n",
299 /* subtree-exclude */
300 } else if ( strcasecmp( argv[ 0 ], "subtree-exclude" ) == 0 ) {
301 int i = mi->mi_ntargets - 1;
302 struct berval dn, ndn;
305 Debug( LDAP_DEBUG_ANY,
306 "%s: line %d: need \"uri\" directive first\n",
313 Debug( LDAP_DEBUG_ANY,
314 "%s: line %d: missing DN in \"subtree-exclude <DN>\" line\n",
322 Debug( LDAP_DEBUG_ANY,
323 "%s: line %d: too many args in \"subtree-exclude <DN>\" line\n",
328 ber_str2bv( argv[ 1 ], 0, 0, &dn );
329 if ( dnNormalize( 0, NULL, NULL, &dn, &ndn, NULL )
332 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
333 "subtree-exclude DN=\"%s\" is invalid\n",
334 fname, lineno, argv[ 1 ] );
338 if ( !dnIsSuffix( &ndn, &mi->mi_targets[ i ]->mt_nsuffix ) ) {
339 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
340 "subtree-exclude DN=\"%s\" "
341 "must be subtree of target\n",
342 fname, lineno, argv[ 1 ] );
343 ber_memfree( ndn.bv_val );
347 if ( mi->mi_targets[ i ]->mt_subtree_exclude != NULL ) {
350 for ( j = 0; !BER_BVISNULL( &mi->mi_targets[ i ]->mt_subtree_exclude[ j ] ); j++ )
352 if ( dnIsSuffix( &mi->mi_targets[ i ]->mt_subtree_exclude[ j ], &ndn ) ) {
353 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
354 "subtree-exclude DN=\"%s\" "
355 "is suffix of another subtree-exclude\n",
356 fname, lineno, argv[ 1 ] );
357 /* reject, because it might be superior
358 * to more than one subtree-exclude */
359 ber_memfree( ndn.bv_val );
362 } else if ( dnIsSuffix( &ndn, &mi->mi_targets[ i ]->mt_subtree_exclude[ j ] ) ) {
363 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
364 "another subtree-exclude is suffix of "
365 "subtree-exclude DN=\"%s\"\n",
366 fname, lineno, argv[ 1 ] );
367 ber_memfree( ndn.bv_val );
373 ber_bvarray_add( &mi->mi_targets[ i ]->mt_subtree_exclude, &ndn );
375 /* default target directive */
376 } else if ( strcasecmp( argv[ 0 ], "default-target" ) == 0 ) {
377 int i = mi->mi_ntargets - 1;
381 Debug( LDAP_DEBUG_ANY,
382 "%s: line %d: \"default-target\" alone need be"
383 " inside a \"uri\" directive\n",
387 mi->mi_defaulttarget = i;
390 if ( strcasecmp( argv[ 1 ], "none" ) == 0 ) {
392 Debug( LDAP_DEBUG_ANY,
393 "%s: line %d: \"default-target none\""
394 " should go before uri definitions\n",
397 mi->mi_defaulttarget = META_DEFAULT_TARGET_NONE;
401 if ( lutil_atoi( &mi->mi_defaulttarget, argv[ 1 ] ) != 0
402 || mi->mi_defaulttarget < 0
403 || mi->mi_defaulttarget >= i - 1 )
405 Debug( LDAP_DEBUG_ANY,
406 "%s: line %d: illegal target number %d\n",
407 fname, lineno, mi->mi_defaulttarget );
413 /* ttl of dn cache */
414 } else if ( strcasecmp( argv[ 0 ], "dncache-ttl" ) == 0 ) {
416 Debug( LDAP_DEBUG_ANY,
417 "%s: line %d: missing ttl in \"dncache-ttl <ttl>\" line\n",
422 if ( strcasecmp( argv[ 1 ], "forever" ) == 0 ) {
423 mi->mi_cache.ttl = META_DNCACHE_FOREVER;
425 } else if ( strcasecmp( argv[ 1 ], "disabled" ) == 0 ) {
426 mi->mi_cache.ttl = META_DNCACHE_DISABLED;
431 if ( lutil_parse_time( argv[ 1 ], &t ) != 0 ) {
432 Debug( LDAP_DEBUG_ANY,
433 "%s: line %d: unable to parse ttl \"%s\" in \"dncache-ttl <ttl>\" line\n",
434 fname, lineno, argv[ 1 ] );
437 mi->mi_cache.ttl = (time_t)t;
440 /* network timeout when connecting to ldap servers */
441 } else if ( strcasecmp( argv[ 0 ], "network-timeout" ) == 0 ) {
443 time_t *tp = mi->mi_ntargets ?
444 &mi->mi_targets[ mi->mi_ntargets - 1 ]->mt_network_timeout
445 : &mi->mi_network_timeout;
448 Debug( LDAP_DEBUG_ANY,
449 "%s: line %d: missing network timeout in \"network-timeout <seconds>\" line\n",
454 if ( lutil_parse_time( argv[ 1 ], &t ) ) {
455 Debug( LDAP_DEBUG_ANY,
456 "%s: line %d: unable to parse timeout \"%s\" in \"network-timeout <seconds>\" line\n",
457 fname, lineno, argv[ 1 ] );
464 /* idle timeout when connecting to ldap servers */
465 } else if ( strcasecmp( argv[ 0 ], "idle-timeout" ) == 0 ) {
470 Debug( LDAP_DEBUG_ANY,
471 "%s: line %d: missing timeout value in \"idle-timeout <seconds>\" line\n",
477 Debug( LDAP_DEBUG_ANY,
478 "%s: line %d: extra cruft after timeout value in \"idle-timeout <seconds>\" line\n",
483 if ( lutil_parse_time( argv[ 1 ], &t ) ) {
484 Debug( LDAP_DEBUG_ANY,
485 "%s: line %d: unable to parse timeout \"%s\" in \"idle-timeout <seconds>\" line\n",
486 fname, lineno, argv[ 1 ] );
491 mi->mi_idle_timeout = (time_t)t;
494 } else if ( strcasecmp( argv[ 0 ], "conn-ttl" ) == 0 ) {
499 Debug( LDAP_DEBUG_ANY,
500 "%s: line %d: missing ttl value in \"conn-ttl <seconds>\" line\n",
506 Debug( LDAP_DEBUG_ANY,
507 "%s: line %d: extra cruft after ttl value in \"conn-ttl <seconds>\" line\n",
512 if ( lutil_parse_time( argv[ 1 ], &t ) ) {
513 Debug( LDAP_DEBUG_ANY,
514 "%s: line %d: unable to parse ttl \"%s\" in \"conn-ttl <seconds>\" line\n",
515 fname, lineno, argv[ 1 ] );
520 mi->mi_conn_ttl = (time_t)t;
522 /* bind timeout when connecting to ldap servers */
523 } else if ( strcasecmp( argv[ 0 ], "bind-timeout" ) == 0 ) {
525 struct timeval *tp = mi->mi_ntargets ?
526 &mi->mi_targets[ mi->mi_ntargets - 1 ]->mt_bind_timeout
527 : &mi->mi_bind_timeout;
531 Debug( LDAP_DEBUG_ANY,
532 "%s: line %d: missing timeout value in \"bind-timeout <microseconds>\" line\n",
538 Debug( LDAP_DEBUG_ANY,
539 "%s: line %d: extra cruft after timeout value in \"bind-timeout <microseconds>\" line\n",
544 if ( lutil_atoul( &t, argv[ 1 ] ) != 0 ) {
545 Debug( LDAP_DEBUG_ANY,
546 "%s: line %d: unable to parse timeout \"%s\" in \"bind-timeout <microseconds>\" line\n",
547 fname, lineno, argv[ 1 ] );
552 tp->tv_sec = t/1000000;
553 tp->tv_usec = t%1000000;
555 /* name to use for meta_back_group */
556 } else if ( strcasecmp( argv[ 0 ], "acl-authcDN" ) == 0
557 || strcasecmp( argv[ 0 ], "binddn" ) == 0 )
559 int i = mi->mi_ntargets - 1;
563 Debug( LDAP_DEBUG_ANY,
564 "%s: line %d: need \"uri\" directive first\n",
570 Debug( LDAP_DEBUG_ANY,
571 "%s: line %d: missing name in \"binddn <name>\" line\n",
576 if ( strcasecmp( argv[ 0 ], "binddn" ) == 0 ) {
577 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
578 "\"binddn\" statement is deprecated; "
579 "use \"acl-authcDN\" instead\n",
581 /* FIXME: some day we'll need to throw an error */
584 ber_str2bv( argv[ 1 ], 0, 0, &dn );
585 if ( dnNormalize( 0, NULL, NULL, &dn, &mi->mi_targets[ i ]->mt_binddn,
586 NULL ) != LDAP_SUCCESS )
588 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
589 "bind DN '%s' is invalid\n",
590 fname, lineno, argv[ 1 ] );
594 /* password to use for meta_back_group */
595 } else if ( strcasecmp( argv[ 0 ], "acl-passwd" ) == 0
596 || strcasecmp( argv[ 0 ], "bindpw" ) == 0 )
598 int i = mi->mi_ntargets - 1;
601 Debug( LDAP_DEBUG_ANY,
602 "%s: line %d: need \"uri\" directive first\n",
608 Debug( LDAP_DEBUG_ANY,
609 "%s: line %d: missing password in \"bindpw <password>\" line\n",
614 if ( strcasecmp( argv[ 0 ], "bindpw" ) == 0 ) {
615 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
616 "\"bindpw\" statement is deprecated; "
617 "use \"acl-passwd\" instead\n",
619 /* FIXME: some day we'll need to throw an error */
622 ber_str2bv( argv[ 1 ], 0L, 1, &mi->mi_targets[ i ]->mt_bindpw );
624 /* save bind creds for referral rebinds? */
625 } else if ( strcasecmp( argv[ 0 ], "rebind-as-user" ) == 0 ) {
627 Debug( LDAP_DEBUG_ANY,
628 "%s: line %d: \"rebind-as-user {NO|yes}\" takes 1 argument.\n",
634 Debug( LDAP_DEBUG_ANY,
635 "%s: line %d: deprecated use of \"rebind-as-user {FALSE|true}\" with no arguments.\n",
637 mi->mi_flags |= LDAP_BACK_F_SAVECRED;
640 switch ( check_true_false( argv[ 1 ] ) ) {
642 mi->mi_flags &= ~LDAP_BACK_F_SAVECRED;
646 mi->mi_flags |= LDAP_BACK_F_SAVECRED;
650 Debug( LDAP_DEBUG_ANY,
651 "%s: line %d: \"rebind-as-user {FALSE|true}\" unknown argument \"%s\".\n",
652 fname, lineno, argv[ 1 ] );
657 } else if ( strcasecmp( argv[ 0 ], "chase-referrals" ) == 0 ) {
658 unsigned *flagsp = mi->mi_ntargets ?
659 &mi->mi_targets[ mi->mi_ntargets - 1 ]->mt_flags
663 Debug( LDAP_DEBUG_ANY,
664 "%s: line %d: \"chase-referrals {TRUE|false}\" needs 1 argument.\n",
669 /* this is the default; we add it because the default might change... */
670 switch ( check_true_false( argv[ 1 ] ) ) {
672 *flagsp |= LDAP_BACK_F_CHASE_REFERRALS;
676 *flagsp &= ~LDAP_BACK_F_CHASE_REFERRALS;
680 Debug( LDAP_DEBUG_ANY,
681 "%s: line %d: \"chase-referrals {TRUE|false}\": unknown argument \"%s\".\n",
682 fname, lineno, argv[ 1 ] );
686 } else if ( strcasecmp( argv[ 0 ], "tls" ) == 0 ) {
687 unsigned *flagsp = mi->mi_ntargets ?
688 &mi->mi_targets[ mi->mi_ntargets - 1 ]->mt_flags
692 Debug( LDAP_DEBUG_ANY,
693 "%s: line %d: \"tls <what>\" needs 1 argument.\n",
699 if ( strcasecmp( argv[ 1 ], "start" ) == 0 ) {
700 *flagsp |= ( LDAP_BACK_F_USE_TLS | LDAP_BACK_F_TLS_CRITICAL );
703 } else if ( strcasecmp( argv[ 1 ], "try-start" ) == 0 ) {
704 *flagsp &= ~LDAP_BACK_F_TLS_CRITICAL;
705 *flagsp |= LDAP_BACK_F_USE_TLS;
707 /* propagate start tls */
708 } else if ( strcasecmp( argv[ 1 ], "propagate" ) == 0 ) {
709 *flagsp |= ( LDAP_BACK_F_PROPAGATE_TLS | LDAP_BACK_F_TLS_CRITICAL );
712 } else if ( strcasecmp( argv[ 1 ], "try-propagate" ) == 0 ) {
713 *flagsp &= ~LDAP_BACK_F_TLS_CRITICAL;
714 *flagsp |= LDAP_BACK_F_PROPAGATE_TLS;
717 Debug( LDAP_DEBUG_ANY,
718 "%s: line %d: \"tls <what>\": unknown argument \"%s\".\n",
719 fname, lineno, argv[ 1 ] );
723 } else if ( strcasecmp( argv[ 0 ], "t-f-support" ) == 0 ) {
724 unsigned *flagsp = mi->mi_ntargets ?
725 &mi->mi_targets[ mi->mi_ntargets - 1 ]->mt_flags
729 Debug( LDAP_DEBUG_ANY,
730 "%s: line %d: \"t-f-support {FALSE|true|discover}\" needs 1 argument.\n",
735 switch ( check_true_false( argv[ 1 ] ) ) {
737 *flagsp &= ~LDAP_BACK_F_T_F_MASK2;
741 *flagsp |= LDAP_BACK_F_T_F;
745 if ( strcasecmp( argv[ 1 ], "discover" ) == 0 ) {
746 *flagsp |= LDAP_BACK_F_T_F_DISCOVER;
749 Debug( LDAP_DEBUG_ANY,
750 "%s: line %d: unknown value \"%s\" for \"t-f-support {no|yes|discover}\".\n",
751 fname, lineno, argv[ 1 ] );
758 } else if ( strcasecmp( argv[ 0 ], "onerr" ) == 0 ) {
760 Debug( LDAP_DEBUG_ANY,
761 "%s: line %d: \"onerr {CONTINUE|report|stop}\" takes 1 argument\n",
766 if ( strcasecmp( argv[ 1 ], "continue" ) == 0 ) {
767 mi->mi_flags &= ~META_BACK_F_ONERR_MASK;
769 } else if ( strcasecmp( argv[ 1 ], "stop" ) == 0 ) {
770 mi->mi_flags |= META_BACK_F_ONERR_STOP;
772 } else if ( strcasecmp( argv[ 1 ], "report" ) == 0 ) {
773 mi->mi_flags |= META_BACK_F_ONERR_REPORT;
776 Debug( LDAP_DEBUG_ANY,
777 "%s: line %d: \"onerr {CONTINUE|report|stop}\": invalid arg \"%s\".\n",
778 fname, lineno, argv[ 1 ] );
783 } else if ( strcasecmp( argv[ 0 ], "pseudoroot-bind-defer" ) == 0
784 || strcasecmp( argv[ 0 ], "root-bind-defer" ) == 0 )
787 Debug( LDAP_DEBUG_ANY,
788 "%s: line %d: \"[pseudo]root-bind-defer {FALSE|true}\" takes 1 argument\n",
793 switch ( check_true_false( argv[ 1 ] ) ) {
795 mi->mi_flags &= ~META_BACK_F_DEFER_ROOTDN_BIND;
799 mi->mi_flags |= META_BACK_F_DEFER_ROOTDN_BIND;
803 Debug( LDAP_DEBUG_ANY,
804 "%s: line %d: \"[pseudo]root-bind-defer {FALSE|true}\": invalid arg \"%s\".\n",
805 fname, lineno, argv[ 1 ] );
810 } else if ( strcasecmp( argv[ 0 ], "single-conn" ) == 0 ) {
812 Debug( LDAP_DEBUG_ANY,
813 "%s: line %d: \"single-conn {FALSE|true}\" takes 1 argument\n",
818 if ( mi->mi_ntargets > 0 ) {
819 Debug( LDAP_DEBUG_ANY,
820 "%s: line %d: \"single-conn\" must appear before target definitions\n",
825 switch ( check_true_false( argv[ 1 ] ) ) {
827 mi->mi_flags &= ~LDAP_BACK_F_SINGLECONN;
831 mi->mi_flags |= LDAP_BACK_F_SINGLECONN;
835 Debug( LDAP_DEBUG_ANY,
836 "%s: line %d: \"single-conn {FALSE|true}\": invalid arg \"%s\".\n",
837 fname, lineno, argv[ 1 ] );
841 /* use-temporaries? */
842 } else if ( strcasecmp( argv[ 0 ], "use-temporary-conn" ) == 0 ) {
844 Debug( LDAP_DEBUG_ANY,
845 "%s: line %d: \"use-temporary-conn {FALSE|true}\" takes 1 argument\n",
850 if ( mi->mi_ntargets > 0 ) {
851 Debug( LDAP_DEBUG_ANY,
852 "%s: line %d: \"use-temporary-conn\" must appear before target definitions\n",
857 switch ( check_true_false( argv[ 1 ] ) ) {
859 mi->mi_flags &= ~LDAP_BACK_F_USE_TEMPORARIES;
863 mi->mi_flags |= LDAP_BACK_F_USE_TEMPORARIES;
867 Debug( LDAP_DEBUG_ANY,
868 "%s: line %d: \"use-temporary-conn {FALSE|true}\": invalid arg \"%s\".\n",
869 fname, lineno, argv[ 1 ] );
873 /* privileged connections pool max size ? */
874 } else if ( strcasecmp( argv[ 0 ], "conn-pool-max" ) == 0 ) {
876 Debug( LDAP_DEBUG_ANY,
877 "%s: line %d: \"conn-pool-max <n>\" takes 1 argument\n",
882 if ( mi->mi_ntargets > 0 ) {
883 Debug( LDAP_DEBUG_ANY,
884 "%s: line %d: \"conn-pool-max\" must appear before target definitions\n",
889 if ( lutil_atoi( &mi->mi_conn_priv_max, argv[1] )
890 || mi->mi_conn_priv_max < LDAP_BACK_CONN_PRIV_MIN
891 || mi->mi_conn_priv_max > LDAP_BACK_CONN_PRIV_MAX )
893 Debug( LDAP_DEBUG_ANY,
894 "%s: line %d: \"conn-pool-max <n>\": invalid arg \"%s\".\n",
895 fname, lineno, argv[ 1 ] );
899 } else if ( strcasecmp( argv[ 0 ], "cancel" ) == 0 ) {
901 unsigned *flagsp = mi->mi_ntargets ?
902 &mi->mi_targets[ mi->mi_ntargets - 1 ]->mt_flags
906 Debug( LDAP_DEBUG_ANY,
907 "%s: line %d: \"cancel {abandon|ignore|exop}\" takes 1 argument\n",
912 if ( strcasecmp( argv[ 1 ], "abandon" ) == 0 ) {
913 flag = LDAP_BACK_F_CANCEL_ABANDON;
915 } else if ( strcasecmp( argv[ 1 ], "ignore" ) == 0 ) {
916 flag = LDAP_BACK_F_CANCEL_IGNORE;
918 } else if ( strcasecmp( argv[ 1 ], "exop" ) == 0 ) {
919 flag = LDAP_BACK_F_CANCEL_EXOP;
921 } else if ( strcasecmp( argv[ 1 ], "exop-discover" ) == 0 ) {
922 flag = LDAP_BACK_F_CANCEL_EXOP_DISCOVER;
925 Debug( LDAP_DEBUG_ANY,
926 "%s: line %d: \"cancel {abandon|ignore|exop[-discover]}\": unknown mode \"%s\" \n",
927 fname, lineno, argv[ 1 ] );
931 *flagsp &= ~LDAP_BACK_F_CANCEL_MASK2;
934 } else if ( strcasecmp( argv[ 0 ], "timeout" ) == 0 ) {
936 time_t *tv = mi->mi_ntargets ?
937 mi->mi_targets[ mi->mi_ntargets - 1 ]->mt_timeout
942 Debug( LDAP_DEBUG_ANY,
943 "%s: line %d: \"timeout [{add|bind|delete|modify|modrdn}=]<val> [...]\" takes at least 1 argument\n",
948 for ( c = 1; c < argc; c++ ) {
952 sep = strchr( argv[ c ], '=' );
954 size_t len = sep - argv[ c ];
956 if ( strncasecmp( argv[ c ], "bind", len ) == 0 ) {
957 t = &tv[ SLAP_OP_BIND ];
958 /* unbind makes little sense */
959 } else if ( strncasecmp( argv[ c ], "add", len ) == 0 ) {
960 t = &tv[ SLAP_OP_ADD ];
961 } else if ( strncasecmp( argv[ c ], "delete", len ) == 0 ) {
962 t = &tv[ SLAP_OP_DELETE ];
963 } else if ( strncasecmp( argv[ c ], "modrdn", len ) == 0 ) {
964 t = &tv[ SLAP_OP_MODRDN ];
965 } else if ( strncasecmp( argv[ c ], "modify", len ) == 0 ) {
966 t = &tv[ SLAP_OP_MODIFY ];
967 } else if ( strncasecmp( argv[ c ], "compare", len ) == 0 ) {
968 t = &tv[ SLAP_OP_COMPARE ];
969 } else if ( strncasecmp( argv[ c ], "search", len ) == 0 ) {
970 t = &tv[ SLAP_OP_SEARCH ];
971 /* abandon makes little sense */
972 #if 0 /* not implemented yet */
973 } else if ( strncasecmp( argv[ c ], "extended", len ) == 0 ) {
974 t = &tv[ SLAP_OP_EXTENDED ];
977 char buf[ SLAP_TEXT_BUFLEN ];
978 snprintf( buf, sizeof( buf ),
979 "unknown/unhandled operation \"%s\" for timeout #%d",
981 Debug( LDAP_DEBUG_ANY,
982 "%s: line %d: %s.\n",
983 fname, lineno, buf );
992 if ( lutil_parse_time( sep, &val ) != 0 ) {
993 Debug( LDAP_DEBUG_ANY,
994 "%s: line %d: unable to parse value \"%s\" for timeout.\n",
995 fname, lineno, sep );
1005 for ( i = 0; i < SLAP_OP_LAST; i++ ) {
1006 tv[ i ] = (time_t)val;
1011 /* name to use as pseudo-root dn */
1012 } else if ( strcasecmp( argv[ 0 ], "pseudorootdn" ) == 0 ) {
1013 int i = mi->mi_ntargets - 1;
1016 Debug( LDAP_DEBUG_ANY,
1017 "%s: line %d: need \"uri\" directive first\n",
1023 Debug( LDAP_DEBUG_ANY,
1024 "%s: line %d: missing name in \"pseudorootdn <name>\" line\n",
1030 * exact replacement:
1033 idassert-bind bindmethod=simple
1034 binddn=<pseudorootdn>
1035 credentials=<pseudorootpw>
1037 flags=non-prescriptive
1038 idassert-authzFrom "dn:<rootdn>"
1040 * so that only when authc'd as <rootdn> the proxying occurs
1041 * rebinding as the <pseudorootdn> without proxyAuthz.
1044 Debug( LDAP_DEBUG_ANY,
1045 "%s: line %d: \"pseudorootdn\", \"pseudorootpw\" are no longer supported; "
1046 "use \"idassert-bind\" and \"idassert-authzFrom\" instead.\n",
1050 char binddn[ SLAP_TEXT_BUFLEN ];
1053 "bindmethod=simple",
1056 "flags=non-prescriptive",
1062 if ( BER_BVISNULL( &be->be_rootndn ) ) {
1063 Debug( LDAP_DEBUG_ANY, "%s: line %d: \"pseudorootpw\": \"rootdn\" must be defined first.\n",
1068 if ( snprintf( binddn, sizeof( binddn ), "binddn=%s", argv[ 1 ] ) >= sizeof( binddn ) ) {
1069 Debug( LDAP_DEBUG_ANY, "%s: line %d: \"pseudorootdn\" too long.\n",
1073 cargv[ 2 ] = binddn;
1075 rc = slap_idassert_parse_cf( fname, lineno, cargc, cargv, &mi->mi_targets[ mi->mi_ntargets - 1 ]->mt_idassert );
1079 if ( mi->mi_targets[ mi->mi_ntargets - 1 ]->mt_idassert_authz != NULL ) {
1080 Debug( LDAP_DEBUG_ANY, "%s: line %d: \"idassert-authzFrom\" already defined (discarded).\n",
1082 ber_bvarray_free( mi->mi_targets[ mi->mi_ntargets - 1 ]->mt_idassert_authz );
1083 mi->mi_targets[ mi->mi_ntargets - 1 ]->mt_idassert_authz = NULL;
1086 assert( !BER_BVISNULL( &mi->mi_targets[ mi->mi_ntargets - 1 ]->mt_idassert_authcDN ) );
1088 bv.bv_len = STRLENOF( "dn:" ) + be->be_rootndn.bv_len;
1089 bv.bv_val = ber_memalloc( bv.bv_len + 1 );
1090 AC_MEMCPY( bv.bv_val, "dn:", STRLENOF( "dn:" ) );
1091 AC_MEMCPY( &bv.bv_val[ STRLENOF( "dn:" ) ], be->be_rootndn.bv_val, be->be_rootndn.bv_len + 1 );
1093 ber_bvarray_add( &mi->mi_targets[ mi->mi_ntargets - 1 ]->mt_idassert_authz, &bv );
1099 /* password to use as pseudo-root */
1100 } else if ( strcasecmp( argv[ 0 ], "pseudorootpw" ) == 0 ) {
1101 int i = mi->mi_ntargets - 1;
1104 Debug( LDAP_DEBUG_ANY,
1105 "%s: line %d: need \"uri\" directive first\n",
1111 Debug( LDAP_DEBUG_ANY,
1112 "%s: line %d: missing password in \"pseudorootpw <password>\" line\n",
1117 Debug( LDAP_DEBUG_ANY,
1118 "%s: line %d: \"pseudorootdn\", \"pseudorootpw\" are no longer supported; "
1119 "use \"idassert-bind\" and \"idassert-authzFrom\" instead.\n",
1122 if ( BER_BVISNULL( &mi->mi_targets[ i ]->mt_idassert_authcDN ) ) {
1123 Debug( LDAP_DEBUG_ANY, "%s: line %d: \"pseudorootpw\": \"pseudorootdn\" must be defined first.\n",
1128 if ( !BER_BVISNULL( &mi->mi_targets[ i ]->mt_idassert_passwd ) ) {
1129 memset( mi->mi_targets[ i ]->mt_idassert_passwd.bv_val, 0,
1130 mi->mi_targets[ i ]->mt_idassert_passwd.bv_len );
1131 ber_memfree( mi->mi_targets[ i ]->mt_idassert_passwd.bv_val );
1133 ber_str2bv( argv[ 1 ], 0, 1, &mi->mi_targets[ i ]->mt_idassert_passwd );
1136 } else if ( strcasecmp( argv[ 0 ], "idassert-bind" ) == 0 ) {
1137 if ( mi->mi_ntargets == 0 ) {
1138 Debug( LDAP_DEBUG_ANY,
1139 "%s: line %d: \"idassert-bind\" "
1140 "must appear inside a target specification.\n",
1145 return slap_idassert_parse_cf( fname, lineno, argc, argv, &mi->mi_targets[ mi->mi_ntargets - 1 ]->mt_idassert );
1147 /* idassert-authzFrom */
1148 } else if ( strcasecmp( argv[ 0 ], "idassert-authzFrom" ) == 0 ) {
1149 if ( mi->mi_ntargets == 0 ) {
1150 Debug( LDAP_DEBUG_ANY,
1151 "%s: line %d: \"idassert-bind\" "
1152 "must appear inside a target specification.\n",
1162 Debug( LDAP_DEBUG_ANY,
1163 "%s: line %d: missing <id> in \"idassert-authzFrom <id>\".\n",
1168 Debug( LDAP_DEBUG_ANY,
1169 "%s: line %d: extra cruft after <id> in \"idassert-authzFrom <id>\".\n",
1174 return slap_idassert_authzfrom_parse_cf( fname, lineno, argv[ 1 ], &mi->mi_targets[ mi->mi_ntargets - 1 ]->mt_idassert );
1177 } else if ( strcasecmp( argv[ 0 ], "quarantine" ) == 0 ) {
1178 char buf[ SLAP_TEXT_BUFLEN ] = { '\0' };
1179 slap_retry_info_t *ri = mi->mi_ntargets ?
1180 &mi->mi_targets[ mi->mi_ntargets - 1 ]->mt_quarantine
1181 : &mi->mi_quarantine;
1183 if ( ( mi->mi_ntargets == 0 && META_BACK_QUARANTINE( mi ) )
1184 || ( mi->mi_ntargets > 0 && META_BACK_TGT_QUARANTINE( mi->mi_targets[ mi->mi_ntargets - 1 ] ) ) )
1186 Debug( LDAP_DEBUG_ANY,
1187 "%s: line %d: quarantine already defined.\n",
1197 Debug( LDAP_DEBUG_ANY,
1198 "%s: line %d: missing arg in \"quarantine <pattern list>\".\n",
1203 Debug( LDAP_DEBUG_ANY,
1204 "%s: line %d: extra cruft after \"quarantine <pattern list>\".\n",
1209 if ( ri != &mi->mi_quarantine ) {
1210 ri->ri_interval = NULL;
1214 if ( mi->mi_ntargets > 0 && !META_BACK_QUARANTINE( mi ) ) {
1215 ldap_pvt_thread_mutex_init( &mi->mi_targets[ mi->mi_ntargets - 1 ]->mt_quarantine_mutex );
1218 if ( slap_retry_info_parse( argv[ 1 ], ri, buf, sizeof( buf ) ) ) {
1219 Debug( LDAP_DEBUG_ANY,
1220 "%s line %d: %s.\n",
1221 fname, lineno, buf );
1225 if ( mi->mi_ntargets ) {
1226 mi->mi_flags |= LDAP_BACK_F_QUARANTINE;
1229 mi->mi_targets[ mi->mi_ntargets - 1 ]->mt_flags |= LDAP_BACK_F_QUARANTINE;
1232 #ifdef SLAP_CONTROL_X_SESSION_TRACKING
1233 /* session tracking request */
1234 } else if ( strcasecmp( argv[ 0 ], "session-tracking-request" ) == 0 ) {
1235 unsigned *flagsp = mi->mi_ntargets ?
1236 &mi->mi_targets[ mi->mi_ntargets - 1 ]->mt_flags
1240 Debug( LDAP_DEBUG_ANY,
1241 "%s: line %d: \"session-tracking-request {TRUE|false}\" needs 1 argument.\n",
1246 /* this is the default; we add it because the default might change... */
1247 switch ( check_true_false( argv[ 1 ] ) ) {
1249 *flagsp |= LDAP_BACK_F_ST_REQUEST;
1253 *flagsp &= ~LDAP_BACK_F_ST_REQUEST;
1257 Debug( LDAP_DEBUG_ANY,
1258 "%s: line %d: \"session-tracking-request {TRUE|false}\": unknown argument \"%s\".\n",
1259 fname, lineno, argv[ 1 ] );
1262 #endif /* SLAP_CONTROL_X_SESSION_TRACKING */
1265 } else if ( strcasecmp( argv[ 0 ], "suffixmassage" ) == 0 ) {
1267 int i = mi->mi_ntargets - 1, c, rc;
1268 struct berval dn, nvnc, pvnc, nrnc, prnc;
1271 Debug( LDAP_DEBUG_ANY,
1272 "%s: line %d: need \"uri\" directive first\n",
1280 * suffixmassage <suffix> <massaged suffix>
1282 * the <suffix> field must be defined as a valid suffix
1283 * (or suffixAlias?) for the current database;
1284 * the <massaged suffix> shouldn't have already been
1285 * defined as a valid suffix or suffixAlias for the
1289 Debug( LDAP_DEBUG_ANY,
1290 "%s: line %d: syntax is \"suffixMassage <suffix> <massaged suffix>\"\n",
1295 ber_str2bv( argv[ 1 ], 0, 0, &dn );
1296 if ( dnPrettyNormal( NULL, &dn, &pvnc, &nvnc, NULL ) != LDAP_SUCCESS ) {
1297 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
1298 "suffix \"%s\" is invalid\n",
1299 fname, lineno, argv[ 1 ] );
1303 for ( c = 0; !BER_BVISNULL( &be->be_nsuffix[ c ] ); c++ ) {
1304 if ( dnIsSuffix( &nvnc, &be->be_nsuffix[ 0 ] ) ) {
1309 if ( BER_BVISNULL( &be->be_nsuffix[ c ] ) ) {
1310 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
1311 "%s: line %d: <suffix> \"%s\" must be within the database naming context, in "
1312 "\"suffixMassage <suffix> <massaged suffix>\"\n",
1313 fname, lineno, pvnc.bv_val );
1314 free( pvnc.bv_val );
1315 free( nvnc.bv_val );
1319 ber_str2bv( argv[ 2 ], 0, 0, &dn );
1320 if ( dnPrettyNormal( NULL, &dn, &prnc, &nrnc, NULL ) != LDAP_SUCCESS ) {
1321 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
1322 "massaged suffix \"%s\" is invalid\n",
1323 fname, lineno, argv[ 2 ] );
1324 free( pvnc.bv_val );
1325 free( nvnc.bv_val );
1329 tmp_bd = select_backend( &nrnc, 0 );
1330 if ( tmp_bd != NULL && tmp_bd->be_private == be->be_private ) {
1331 Debug( LDAP_DEBUG_ANY,
1332 "%s: line %d: warning: <massaged suffix> \"%s\" resolves to this database, in "
1333 "\"suffixMassage <suffix> <massaged suffix>\"\n",
1334 fname, lineno, prnc.bv_val );
1338 * The suffix massaging is emulated by means of the
1339 * rewrite capabilities
1341 rc = suffix_massage_config( mi->mi_targets[ i ]->mt_rwmap.rwm_rw,
1342 &pvnc, &nvnc, &prnc, &nrnc );
1344 free( pvnc.bv_val );
1345 free( nvnc.bv_val );
1346 free( prnc.bv_val );
1347 free( nrnc.bv_val );
1351 /* rewrite stuff ... */
1352 } else if ( strncasecmp( argv[ 0 ], "rewrite", 7 ) == 0 ) {
1353 int i = mi->mi_ntargets - 1;
1356 Debug( LDAP_DEBUG_ANY, "%s: line %d: \"rewrite\" "
1357 "statement outside target definition.\n",
1362 return rewrite_parse( mi->mi_targets[ i ]->mt_rwmap.rwm_rw,
1363 fname, lineno, argc, argv );
1365 /* objectclass/attribute mapping */
1366 } else if ( strcasecmp( argv[ 0 ], "map" ) == 0 ) {
1367 int i = mi->mi_ntargets - 1;
1370 Debug( LDAP_DEBUG_ANY,
1371 "%s: line %d: need \"uri\" directive first\n",
1376 return ldap_back_map_config( &mi->mi_targets[ i ]->mt_rwmap.rwm_oc,
1377 &mi->mi_targets[ i ]->mt_rwmap.rwm_at,
1378 fname, lineno, argc, argv );
1380 } else if ( strcasecmp( argv[ 0 ], "nretries" ) == 0 ) {
1381 int i = mi->mi_ntargets - 1;
1382 int nretries = META_RETRY_UNDEFINED;
1385 Debug( LDAP_DEBUG_ANY,
1386 "%s: line %d: need value in \"nretries <value>\"\n",
1391 if ( strcasecmp( argv[ 1 ], "forever" ) == 0 ) {
1392 nretries = META_RETRY_FOREVER;
1394 } else if ( strcasecmp( argv[ 1 ], "never" ) == 0 ) {
1395 nretries = META_RETRY_NEVER;
1398 if ( lutil_atoi( &nretries, argv[ 1 ] ) != 0 ) {
1399 Debug( LDAP_DEBUG_ANY,
1400 "%s: line %d: unable to parse value \"%s\" in \"nretries <value>\"\n",
1401 fname, lineno, argv[ 1 ] );
1407 mi->mi_nretries = nretries;
1410 mi->mi_targets[ i ]->mt_nretries = nretries;
1413 } else if ( strcasecmp( argv[ 0 ], "protocol-version" ) == 0 ) {
1414 int *version = mi->mi_ntargets ?
1415 &mi->mi_targets[ mi->mi_ntargets - 1 ]->mt_version
1419 Debug( LDAP_DEBUG_ANY,
1420 "%s: line %d: need value in \"protocol-version <version>\"\n",
1425 if ( lutil_atoi( version, argv[ 1 ] ) != 0 ) {
1426 Debug( LDAP_DEBUG_ANY,
1427 "%s: line %d: unable to parse version \"%s\" in \"protocol-version <version>\"\n",
1428 fname, lineno, argv[ 1 ] );
1432 if ( *version != 0 && ( *version < LDAP_VERSION_MIN || *version > LDAP_VERSION_MAX ) ) {
1433 Debug( LDAP_DEBUG_ANY,
1434 "%s: line %d: unsupported version \"%s\" in \"protocol-version <version>\"\n",
1435 fname, lineno, argv[ 1 ] );
1441 return SLAP_CONF_UNKNOWN;
1447 ldap_back_map_config(
1448 struct ldapmap *oc_map,
1449 struct ldapmap *at_map,
1455 struct ldapmap *map;
1456 struct ldapmapping *mapping;
1460 if ( argc < 3 || argc > 4 ) {
1461 Debug( LDAP_DEBUG_ANY,
1462 "%s: line %d: syntax is \"map {objectclass | attribute} [<local> | *] {<foreign> | *}\"\n",
1467 if ( strcasecmp( argv[ 1 ], "objectclass" ) == 0 ) {
1471 } else if ( strcasecmp( argv[ 1 ], "attribute" ) == 0 ) {
1475 Debug( LDAP_DEBUG_ANY, "%s: line %d: syntax is "
1476 "\"map {objectclass | attribute} [<local> | *] "
1477 "{<foreign> | *}\"\n",
1482 if ( strcmp( argv[ 2 ], "*" ) == 0 ) {
1483 if ( argc < 4 || strcmp( argv[ 3 ], "*" ) == 0 ) {
1484 map->drop_missing = ( argc < 4 );
1485 goto success_return;
1487 src = dst = argv[ 3 ];
1489 } else if ( argc < 4 ) {
1495 dst = ( strcmp( argv[ 3 ], "*" ) == 0 ? src : argv[ 3 ] );
1498 if ( ( map == at_map )
1499 && ( strcasecmp( src, "objectclass" ) == 0
1500 || strcasecmp( dst, "objectclass" ) == 0 ) )
1502 Debug( LDAP_DEBUG_ANY,
1503 "%s: line %d: objectclass attribute cannot be mapped\n",
1507 mapping = (struct ldapmapping *)ch_calloc( 2,
1508 sizeof(struct ldapmapping) );
1509 if ( mapping == NULL ) {
1510 Debug( LDAP_DEBUG_ANY,
1511 "%s: line %d: out of memory\n",
1515 ber_str2bv( src, 0, 1, &mapping[ 0 ].src );
1516 ber_str2bv( dst, 0, 1, &mapping[ 0 ].dst );
1517 mapping[ 1 ].src = mapping[ 0 ].dst;
1518 mapping[ 1 ].dst = mapping[ 0 ].src;
1524 if ( src[ 0 ] != '\0' ) {
1525 if ( oc_bvfind( &mapping[ 0 ].src ) == NULL ) {
1526 Debug( LDAP_DEBUG_ANY,
1527 "%s: line %d: warning, source objectClass '%s' "
1528 "should be defined in schema\n",
1529 fname, lineno, src );
1532 * FIXME: this should become an err
1538 if ( oc_bvfind( &mapping[ 0 ].dst ) == NULL ) {
1539 Debug( LDAP_DEBUG_ANY,
1540 "%s: line %d: warning, destination objectClass '%s' "
1541 "is not defined in schema\n",
1542 fname, lineno, dst );
1546 const char *text = NULL;
1547 AttributeDescription *ad = NULL;
1549 if ( src[ 0 ] != '\0' ) {
1550 rc = slap_bv2ad( &mapping[ 0 ].src, &ad, &text );
1551 if ( rc != LDAP_SUCCESS ) {
1552 Debug( LDAP_DEBUG_ANY,
1553 "%s: line %d: warning, source attributeType '%s' "
1554 "should be defined in schema\n",
1555 fname, lineno, src );
1558 * FIXME: this should become an err
1561 * we create a fake "proxied" ad
1565 rc = slap_bv2undef_ad( &mapping[ 0 ].src,
1566 &ad, &text, SLAP_AD_PROXIED );
1567 if ( rc != LDAP_SUCCESS ) {
1568 char buf[ SLAP_TEXT_BUFLEN ];
1570 snprintf( buf, sizeof( buf ),
1571 "source attributeType \"%s\": %d (%s)",
1572 src, rc, text ? text : "" );
1573 Debug( LDAP_DEBUG_ANY,
1574 "%s: line %d: %s\n",
1575 fname, lineno, buf );
1583 rc = slap_bv2ad( &mapping[ 0 ].dst, &ad, &text );
1584 if ( rc != LDAP_SUCCESS ) {
1585 Debug( LDAP_DEBUG_ANY,
1586 "%s: line %d: warning, destination attributeType '%s' "
1587 "is not defined in schema\n",
1588 fname, lineno, dst );
1591 * we create a fake "proxied" ad
1595 rc = slap_bv2undef_ad( &mapping[ 0 ].dst,
1596 &ad, &text, SLAP_AD_PROXIED );
1597 if ( rc != LDAP_SUCCESS ) {
1598 char buf[ SLAP_TEXT_BUFLEN ];
1600 snprintf( buf, sizeof( buf ),
1601 "source attributeType \"%s\": %d (%s)\n",
1602 dst, rc, text ? text : "" );
1603 Debug( LDAP_DEBUG_ANY,
1604 "%s: line %d: %s\n",
1605 fname, lineno, buf );
1611 if ( (src[ 0 ] != '\0' && avl_find( map->map, (caddr_t)&mapping[ 0 ], mapping_cmp ) != NULL)
1612 || avl_find( map->remap, (caddr_t)&mapping[ 1 ], mapping_cmp ) != NULL)
1614 Debug( LDAP_DEBUG_ANY,
1615 "%s: line %d: duplicate mapping found.\n",
1620 if ( src[ 0 ] != '\0' ) {
1621 avl_insert( &map->map, (caddr_t)&mapping[ 0 ],
1622 mapping_cmp, mapping_dup );
1624 avl_insert( &map->remap, (caddr_t)&mapping[ 1 ],
1625 mapping_cmp, mapping_dup );
1628 if ( !is_oc && map->map == NULL ) {
1629 /* only init if required */
1630 ldap_back_map_init( map, &mapping );
1637 ch_free( mapping[ 0 ].src.bv_val );
1638 ch_free( mapping[ 0 ].dst.bv_val );
1646 #ifdef ENABLE_REWRITE
1648 suffix_massage_regexize( const char *s )
1654 if ( s[ 0 ] == '\0' ) {
1655 return ch_strdup( "^(.+)$" );
1659 ( r = strchr( p, ',' ) ) != NULL;
1663 res = ch_calloc( sizeof( char ),
1665 + STRLENOF( "((.+),)?" )
1666 + STRLENOF( "[ ]?" ) * i
1667 + STRLENOF( "$" ) + 1 );
1669 ptr = lutil_strcopy( res, "((.+),)?" );
1671 ( r = strchr( p, ',' ) ) != NULL;
1673 ptr = lutil_strncopy( ptr, p, r - p + 1 );
1674 ptr = lutil_strcopy( ptr, "[ ]?" );
1676 if ( r[ 1 ] == ' ' ) {
1680 ptr = lutil_strcopy( ptr, p );
1689 suffix_massage_patternize( const char *s, const char *p )
1696 if ( s[ 0 ] == '\0' ) {
1700 res = ch_calloc( sizeof( char ), len + STRLENOF( "%1" ) + 1 );
1701 if ( res == NULL ) {
1705 ptr = lutil_strcopy( res, ( p[ 0 ] == '\0' ? "%2" : "%1" ) );
1706 if ( s[ 0 ] == '\0' ) {
1710 lutil_strcopy( ptr, p );
1716 suffix_massage_config(
1717 struct rewrite_info *info,
1718 struct berval *pvnc,
1719 struct berval *nvnc,
1720 struct berval *prnc,
1727 rargv[ 0 ] = "rewriteEngine";
1730 rewrite_parse( info, "<suffix massage>", ++line, 2, rargv );
1732 rargv[ 0 ] = "rewriteContext";
1733 rargv[ 1 ] = "default";
1735 rewrite_parse( info, "<suffix massage>", ++line, 2, rargv );
1737 rargv[ 0 ] = "rewriteRule";
1738 rargv[ 1 ] = suffix_massage_regexize( pvnc->bv_val );
1739 rargv[ 2 ] = suffix_massage_patternize( pvnc->bv_val, prnc->bv_val );
1742 rewrite_parse( info, "<suffix massage>", ++line, 4, rargv );
1743 ch_free( rargv[ 1 ] );
1744 ch_free( rargv[ 2 ] );
1746 if ( BER_BVISEMPTY( pvnc ) ) {
1747 rargv[ 0 ] = "rewriteRule";
1749 rargv[ 2 ] = prnc->bv_val;
1752 rewrite_parse( info, "<suffix massage>", ++line, 4, rargv );
1755 rargv[ 0 ] = "rewriteContext";
1756 rargv[ 1 ] = "searchEntryDN";
1758 rewrite_parse( info, "<suffix massage>", ++line, 2, rargv );
1760 rargv[ 0 ] = "rewriteRule";
1761 rargv[ 1 ] = suffix_massage_regexize( prnc->bv_val );
1762 rargv[ 2 ] = suffix_massage_patternize( prnc->bv_val, pvnc->bv_val );
1765 rewrite_parse( info, "<suffix massage>", ++line, 4, rargv );
1766 ch_free( rargv[ 1 ] );
1767 ch_free( rargv[ 2 ] );
1769 if ( BER_BVISEMPTY( prnc ) ) {
1770 rargv[ 0 ] = "rewriteRule";
1772 rargv[ 2 ] = pvnc->bv_val;
1775 rewrite_parse( info, "<suffix massage>", ++line, 4, rargv );
1778 /* backward compatibility */
1779 rargv[ 0 ] = "rewriteContext";
1780 rargv[ 1 ] = "searchResult";
1781 rargv[ 2 ] = "alias";
1782 rargv[ 3 ] = "searchEntryDN";
1784 rewrite_parse( info, "<suffix massage>", ++line, 4, rargv );
1786 rargv[ 0 ] = "rewriteContext";
1787 rargv[ 1 ] = "matchedDN";
1788 rargv[ 2 ] = "alias";
1789 rargv[ 3 ] = "searchEntryDN";
1791 rewrite_parse( info, "<suffix massage>", ++line, 4, rargv );
1793 rargv[ 0 ] = "rewriteContext";
1794 rargv[ 1 ] = "searchAttrDN";
1795 rargv[ 2 ] = "alias";
1796 rargv[ 3 ] = "searchEntryDN";
1798 rewrite_parse( info, "<suffix massage>", ++line, 4, rargv );
1800 /* NOTE: this corresponds to #undef'ining RWM_REFERRAL_REWRITE;
1801 * see servers/slapd/overlays/rwm.h for details */
1802 rargv[ 0 ] = "rewriteContext";
1803 rargv[ 1 ] = "referralAttrDN";
1805 rewrite_parse( info, "<suffix massage>", ++line, 2, rargv );
1807 rargv[ 0 ] = "rewriteContext";
1808 rargv[ 1 ] = "referralDN";
1810 rewrite_parse( info, "<suffix massage>", ++line, 2, rargv );
1814 #endif /* ENABLE_REWRITE */