2 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
4 * Copyright 1999-2006 The OpenLDAP Foundation.
5 * Portions Copyright 2001-2003 Pierangelo Masarati.
6 * Portions Copyright 1999-2003 Howard Chu.
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted only as authorized by the OpenLDAP
13 * A copy of this license is available in the file LICENSE in the
14 * top-level directory of the distribution or, alternatively, at
15 * <http://www.OpenLDAP.org/license.html>.
18 * This work was initially developed by the Howard Chu for inclusion
19 * in OpenLDAP Software and subsequently enhanced by Pierangelo
27 #include <ac/string.h>
28 #include <ac/socket.h>
32 #include "../back-ldap/back-ldap.h"
33 #undef ldap_debug /* silence a warning in ldap-int.h */
34 #include "../../../libraries/libldap/ldap-int.h"
35 #include "back-meta.h"
46 mt = ch_calloc( sizeof( metatarget_t ), 1 );
48 mt->mt_rwmap.rwm_rw = rewrite_info_init( REWRITE_MODE_USE_DEFAULT );
49 if ( mt->mt_rwmap.rwm_rw == NULL ) {
55 * the filter rewrite as a string must be disabled
56 * by default; it can be re-enabled by adding rules;
57 * this creates an empty rewriteContext
59 rargv[ 0 ] = "rewriteContext";
60 rargv[ 1 ] = "searchFilter";
62 rewrite_parse( mt->mt_rwmap.rwm_rw, "<suffix massage>", 1, 2, rargv );
64 rargv[ 0 ] = "rewriteContext";
65 rargv[ 1 ] = "default";
67 rewrite_parse( mt->mt_rwmap.rwm_rw, "<suffix massage>", 1, 2, rargv );
69 ldap_pvt_thread_mutex_init( &mt->mt_uri_mutex );
71 mt->mt_idassert_mode = LDAP_BACK_IDASSERT_LEGACY;
72 mt->mt_idassert_authmethod = LDAP_AUTH_NONE;
73 mt->mt_idassert_tls = SB_TLS_DEFAULT;
75 /* by default, use proxyAuthz control on each operation */
76 mt->mt_idassert_flags = LDAP_BACK_AUTH_PRESCRIPTIVE;
84 check_true_false( char *str )
86 if ( strcasecmp( str, "true" ) == 0 || strcasecmp( str, "yes" ) == 0 ) {
90 if ( strcasecmp( str, "false" ) == 0 || strcasecmp( str, "no" ) == 0 ) {
107 metainfo_t *mi = ( metainfo_t * )be->be_private;
109 assert( mi != NULL );
111 /* URI of server to query */
112 if ( strcasecmp( argv[ 0 ], "uri" ) == 0 ) {
113 int i = mi->mi_ntargets;
116 #endif /* uncomment if uri MUST be a branch of suffix */
117 LDAPURLDesc *ludp, *tmpludp;
126 Debug( LDAP_DEBUG_ANY,
127 "%s: line %d: missing URI "
128 "in \"uri <protocol>://<server>[:port]/<naming context>\" line\n",
136 Debug( LDAP_DEBUG_ANY,
137 "%s: line %d: too many args "
138 "in \"uri <protocol>://<server>[:port]/<naming context>\" line\n",
143 if ( be->be_nsuffix == NULL ) {
144 Debug( LDAP_DEBUG_ANY,
145 "%s: line %d: the suffix must be defined before any target.\n",
152 mi->mi_targets = ( metatarget_t ** )ch_realloc( mi->mi_targets,
153 sizeof( metatarget_t * ) * mi->mi_ntargets );
154 if ( mi->mi_targets == NULL ) {
155 Debug( LDAP_DEBUG_ANY,
156 "%s: line %d: out of memory while storing server name"
157 " in \"uri <protocol>://<server>[:port]/<naming context>\" line\n",
162 if ( meta_back_new_target( &mi->mi_targets[ i ] ) != 0 ) {
163 Debug( LDAP_DEBUG_ANY,
164 "%s: line %d: unable to init server"
165 " in \"uri <protocol>://<server>[:port]/<naming context>\" line\n",
170 mt = mi->mi_targets[ i ];
172 mt->mt_rebind_f = mi->mi_rebind_f;
173 mt->mt_urllist_f = mi->mi_urllist_f;
174 mt->mt_urllist_p = mt;
176 mt->mt_nretries = mi->mi_nretries;
177 mt->mt_quarantine = mi->mi_quarantine;
178 if ( META_BACK_QUARANTINE( mi ) ) {
179 ldap_pvt_thread_mutex_init( &mt->mt_quarantine_mutex );
181 mt->mt_flags = mi->mi_flags;
182 mt->mt_version = mi->mi_version;
183 mt->mt_network_timeout = mi->mi_network_timeout;
184 mt->mt_bind_timeout = mi->mi_bind_timeout;
185 for ( c = 0; c < SLAP_OP_LAST; c++ ) {
186 mt->mt_timeout[ c ] = mi->mi_timeout[ c ];
192 if ( ldap_url_parselist_ext( &ludp, argv[ 1 ], "\t",
193 LDAP_PVT_URL_PARSE_NONE ) != LDAP_SUCCESS )
195 Debug( LDAP_DEBUG_ANY,
196 "%s: line %d: unable to parse URI"
197 " in \"uri <protocol>://<server>[:port]/<naming context>\" line\n",
203 * uri MUST have the <dn> part!
205 if ( ludp->lud_dn == NULL ) {
206 Debug( LDAP_DEBUG_ANY,
207 "%s: line %d: missing <naming context> "
208 " in \"uri <protocol>://<server>[:port]/<naming context>\" line\n",
212 } else if ( ludp->lud_dn[ 0 ] == '\0' ) {
215 for ( j = 0; !BER_BVISNULL( &be->be_nsuffix[ j ] ); j++ ) {
216 if ( BER_BVISEMPTY( &be->be_nsuffix[ j ] ) ) {
221 if ( BER_BVISNULL( &be->be_nsuffix[ j ] ) ) {
222 Debug( LDAP_DEBUG_ANY,
223 "%s: line %d: missing <naming context> "
224 " in \"uri <protocol>://<server>[:port]/<naming context>\" line\n",
231 * copies and stores uri and suffix
233 ber_str2bv( ludp->lud_dn, 0, 0, &dn );
234 rc = dnPrettyNormal( NULL, &dn, &mt->mt_psuffix,
235 &mt->mt_nsuffix, NULL );
236 if( rc != LDAP_SUCCESS ) {
237 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
238 "target \"%s\" DN is invalid\n",
239 fname, lineno, argv[ 1 ] );
243 ludp->lud_dn[ 0 ] = '\0';
245 switch ( ludp->lud_scope ) {
246 case LDAP_SCOPE_DEFAULT:
247 mt->mt_scope = LDAP_SCOPE_SUBTREE;
250 case LDAP_SCOPE_SUBTREE:
251 case LDAP_SCOPE_SUBORDINATE:
252 mt->mt_scope = ludp->lud_scope;
256 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
257 "invalid scope for target \"%s\"\n",
258 fname, lineno, argv[ 1 ] );
262 /* check all, to apply the scope check on the first one */
263 for ( tmpludp = ludp; tmpludp; tmpludp = tmpludp->lud_next ) {
264 if ( tmpludp->lud_dn != NULL && tmpludp->lud_dn[ 0 ] != '\0' ) {
265 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
266 "multiple URIs must have "
274 mt->mt_uri = ldap_url_list2urls( ludp );
275 ldap_free_urllist( ludp );
276 if ( mt->mt_uri == NULL) {
277 Debug( LDAP_DEBUG_ANY, "%s: line %d: no memory?\n",
283 * uri MUST be a branch of suffix!
285 #if 0 /* too strict a constraint */
286 if ( select_backend( &mt->mt_nsuffix, 0, 0 ) != be ) {
287 Debug( LDAP_DEBUG_ANY,
288 "%s: line %d: <naming context> of URI does not refer to current backend"
289 " in \"uri <protocol>://<server>[:port]/<naming context>\" line\n",
295 * uri MUST be a branch of a suffix!
297 if ( select_backend( &mt->mt_nsuffix, 0, 0 ) == NULL ) {
298 Debug( LDAP_DEBUG_ANY,
299 "%s: line %d: <naming context> of URI does not resolve to a backend"
300 " in \"uri <protocol>://<server>[:port]/<naming context>\" line\n",
306 /* subtree-exclude */
307 } else if ( strcasecmp( argv[ 0 ], "subtree-exclude" ) == 0 ) {
308 int i = mi->mi_ntargets - 1;
309 struct berval dn, ndn;
312 Debug( LDAP_DEBUG_ANY,
313 "%s: line %d: need \"uri\" directive first\n",
320 Debug( LDAP_DEBUG_ANY,
321 "%s: line %d: missing DN in \"subtree-exclude <DN>\" line\n",
329 Debug( LDAP_DEBUG_ANY,
330 "%s: line %d: too many args in \"subtree-exclude <DN>\" line\n",
335 ber_str2bv( argv[ 1 ], 0, 0, &dn );
336 if ( dnNormalize( 0, NULL, NULL, &dn, &ndn, NULL )
339 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
340 "subtree-exclude DN=\"%s\" is invalid\n",
341 fname, lineno, argv[ 1 ] );
345 if ( !dnIsSuffix( &ndn, &mi->mi_targets[ i ]->mt_nsuffix ) ) {
346 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
347 "subtree-exclude DN=\"%s\" "
348 "must be subtree of target\n",
349 fname, lineno, argv[ 1 ] );
350 ber_memfree( ndn.bv_val );
354 if ( mi->mi_targets[ i ]->mt_subtree_exclude != NULL ) {
357 for ( j = 0; !BER_BVISNULL( &mi->mi_targets[ i ]->mt_subtree_exclude[ j ] ); j++ )
359 if ( dnIsSuffix( &mi->mi_targets[ i ]->mt_subtree_exclude[ j ], &ndn ) ) {
360 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
361 "subtree-exclude DN=\"%s\" "
362 "is suffix of another subtree-exclude\n",
363 fname, lineno, argv[ 1 ] );
364 /* reject, because it might be superior
365 * to more than one subtree-exclude */
366 ber_memfree( ndn.bv_val );
369 } else if ( dnIsSuffix( &ndn, &mi->mi_targets[ i ]->mt_subtree_exclude[ j ] ) ) {
370 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
371 "another subtree-exclude is suffix of "
372 "subtree-exclude DN=\"%s\"\n",
373 fname, lineno, argv[ 1 ] );
374 ber_memfree( ndn.bv_val );
380 ber_bvarray_add( &mi->mi_targets[ i ]->mt_subtree_exclude, &ndn );
382 /* default target directive */
383 } else if ( strcasecmp( argv[ 0 ], "default-target" ) == 0 ) {
384 int i = mi->mi_ntargets - 1;
388 Debug( LDAP_DEBUG_ANY,
389 "%s: line %d: \"default-target\" alone need be"
390 " inside a \"uri\" directive\n",
394 mi->mi_defaulttarget = i;
397 if ( strcasecmp( argv[ 1 ], "none" ) == 0 ) {
399 Debug( LDAP_DEBUG_ANY,
400 "%s: line %d: \"default-target none\""
401 " should go before uri definitions\n",
404 mi->mi_defaulttarget = META_DEFAULT_TARGET_NONE;
408 if ( lutil_atoi( &mi->mi_defaulttarget, argv[ 1 ] ) != 0
409 || mi->mi_defaulttarget < 0
410 || mi->mi_defaulttarget >= i - 1 )
412 Debug( LDAP_DEBUG_ANY,
413 "%s: line %d: illegal target number %d\n",
414 fname, lineno, mi->mi_defaulttarget );
420 /* ttl of dn cache */
421 } else if ( strcasecmp( argv[ 0 ], "dncache-ttl" ) == 0 ) {
423 Debug( LDAP_DEBUG_ANY,
424 "%s: line %d: missing ttl in \"dncache-ttl <ttl>\" line\n",
429 if ( strcasecmp( argv[ 1 ], "forever" ) == 0 ) {
430 mi->mi_cache.ttl = META_DNCACHE_FOREVER;
432 } else if ( strcasecmp( argv[ 1 ], "disabled" ) == 0 ) {
433 mi->mi_cache.ttl = META_DNCACHE_DISABLED;
438 if ( lutil_parse_time( argv[ 1 ], &t ) != 0 ) {
439 Debug( LDAP_DEBUG_ANY,
440 "%s: line %d: unable to parse ttl \"%s\" in \"dncache-ttl <ttl>\" line\n",
441 fname, lineno, argv[ 1 ] );
444 mi->mi_cache.ttl = (time_t)t;
447 /* network timeout when connecting to ldap servers */
448 } else if ( strcasecmp( argv[ 0 ], "network-timeout" ) == 0 ) {
450 time_t *tp = mi->mi_ntargets ?
451 &mi->mi_targets[ mi->mi_ntargets - 1 ]->mt_network_timeout
452 : &mi->mi_network_timeout;
455 Debug( LDAP_DEBUG_ANY,
456 "%s: line %d: missing network timeout in \"network-timeout <seconds>\" line\n",
461 if ( lutil_parse_time( argv[ 1 ], &t ) ) {
462 Debug( LDAP_DEBUG_ANY,
463 "%s: line %d: unable to parse timeout \"%s\" in \"network-timeout <seconds>\" line\n",
464 fname, lineno, argv[ 1 ] );
471 /* idle timeout when connecting to ldap servers */
472 } else if ( strcasecmp( argv[ 0 ], "idle-timeout" ) == 0 ) {
477 Debug( LDAP_DEBUG_ANY,
478 "%s: line %d: missing timeout value in \"idle-timeout <seconds>\" line\n",
484 Debug( LDAP_DEBUG_ANY,
485 "%s: line %d: extra cruft after timeout value in \"idle-timeout <seconds>\" line\n",
490 if ( lutil_parse_time( argv[ 1 ], &t ) ) {
491 Debug( LDAP_DEBUG_ANY,
492 "%s: line %d: unable to parse timeout \"%s\" in \"idle-timeout <seconds>\" line\n",
493 fname, lineno, argv[ 1 ] );
498 mi->mi_idle_timeout = (time_t)t;
501 } else if ( strcasecmp( argv[ 0 ], "conn-ttl" ) == 0 ) {
506 Debug( LDAP_DEBUG_ANY,
507 "%s: line %d: missing ttl value in \"conn-ttl <seconds>\" line\n",
513 Debug( LDAP_DEBUG_ANY,
514 "%s: line %d: extra cruft after ttl value in \"conn-ttl <seconds>\" line\n",
519 if ( lutil_parse_time( argv[ 1 ], &t ) ) {
520 Debug( LDAP_DEBUG_ANY,
521 "%s: line %d: unable to parse ttl \"%s\" in \"conn-ttl <seconds>\" line\n",
522 fname, lineno, argv[ 1 ] );
527 mi->mi_conn_ttl = (time_t)t;
529 /* bind timeout when connecting to ldap servers */
530 } else if ( strcasecmp( argv[ 0 ], "bind-timeout" ) == 0 ) {
532 struct timeval *tp = mi->mi_ntargets ?
533 &mi->mi_targets[ mi->mi_ntargets - 1 ]->mt_bind_timeout
534 : &mi->mi_bind_timeout;
538 Debug( LDAP_DEBUG_ANY,
539 "%s: line %d: missing timeout value in \"bind-timeout <microseconds>\" line\n",
545 Debug( LDAP_DEBUG_ANY,
546 "%s: line %d: extra cruft after timeout value in \"bind-timeout <microseconds>\" line\n",
551 if ( lutil_atoul( &t, argv[ 1 ] ) != 0 ) {
552 Debug( LDAP_DEBUG_ANY,
553 "%s: line %d: unable to parse timeout \"%s\" in \"bind-timeout <microseconds>\" line\n",
554 fname, lineno, argv[ 1 ] );
559 tp->tv_sec = t/1000000;
560 tp->tv_usec = t%1000000;
562 /* name to use for meta_back_group */
563 } else if ( strcasecmp( argv[ 0 ], "acl-authcDN" ) == 0
564 || strcasecmp( argv[ 0 ], "binddn" ) == 0 )
566 int i = mi->mi_ntargets - 1;
570 Debug( LDAP_DEBUG_ANY,
571 "%s: line %d: need \"uri\" directive first\n",
577 Debug( LDAP_DEBUG_ANY,
578 "%s: line %d: missing name in \"binddn <name>\" line\n",
583 if ( strcasecmp( argv[ 0 ], "binddn" ) == 0 ) {
584 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
585 "\"binddn\" statement is deprecated; "
586 "use \"acl-authcDN\" instead\n",
588 /* FIXME: some day we'll need to throw an error */
591 ber_str2bv( argv[ 1 ], 0, 0, &dn );
592 if ( dnNormalize( 0, NULL, NULL, &dn, &mi->mi_targets[ i ]->mt_binddn,
593 NULL ) != LDAP_SUCCESS )
595 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
596 "bind DN '%s' is invalid\n",
597 fname, lineno, argv[ 1 ] );
601 /* password to use for meta_back_group */
602 } else if ( strcasecmp( argv[ 0 ], "acl-passwd" ) == 0
603 || strcasecmp( argv[ 0 ], "bindpw" ) == 0 )
605 int i = mi->mi_ntargets - 1;
608 Debug( LDAP_DEBUG_ANY,
609 "%s: line %d: need \"uri\" directive first\n",
615 Debug( LDAP_DEBUG_ANY,
616 "%s: line %d: missing password in \"bindpw <password>\" line\n",
621 if ( strcasecmp( argv[ 0 ], "bindpw" ) == 0 ) {
622 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
623 "\"bindpw\" statement is deprecated; "
624 "use \"acl-passwd\" instead\n",
626 /* FIXME: some day we'll need to throw an error */
629 ber_str2bv( argv[ 1 ], 0L, 1, &mi->mi_targets[ i ]->mt_bindpw );
631 /* save bind creds for referral rebinds? */
632 } else if ( strcasecmp( argv[ 0 ], "rebind-as-user" ) == 0 ) {
634 Debug( LDAP_DEBUG_ANY,
635 "%s: line %d: \"rebind-as-user {NO|yes}\" takes 1 argument.\n",
641 Debug( LDAP_DEBUG_ANY,
642 "%s: line %d: deprecated use of \"rebind-as-user {FALSE|true}\" with no arguments.\n",
644 mi->mi_flags |= LDAP_BACK_F_SAVECRED;
647 switch ( check_true_false( argv[ 1 ] ) ) {
649 mi->mi_flags &= ~LDAP_BACK_F_SAVECRED;
653 mi->mi_flags |= LDAP_BACK_F_SAVECRED;
657 Debug( LDAP_DEBUG_ANY,
658 "%s: line %d: \"rebind-as-user {FALSE|true}\" unknown argument \"%s\".\n",
659 fname, lineno, argv[ 1 ] );
664 } else if ( strcasecmp( argv[ 0 ], "chase-referrals" ) == 0 ) {
665 unsigned *flagsp = mi->mi_ntargets ?
666 &mi->mi_targets[ mi->mi_ntargets - 1 ]->mt_flags
670 Debug( LDAP_DEBUG_ANY,
671 "%s: line %d: \"chase-referrals {TRUE|false}\" needs 1 argument.\n",
676 /* this is the default; we add it because the default might change... */
677 switch ( check_true_false( argv[ 1 ] ) ) {
679 *flagsp |= LDAP_BACK_F_CHASE_REFERRALS;
683 *flagsp &= ~LDAP_BACK_F_CHASE_REFERRALS;
687 Debug( LDAP_DEBUG_ANY,
688 "%s: line %d: \"chase-referrals {TRUE|false}\": unknown argument \"%s\".\n",
689 fname, lineno, argv[ 1 ] );
693 } else if ( strcasecmp( argv[ 0 ], "tls" ) == 0 ) {
694 unsigned *flagsp = mi->mi_ntargets ?
695 &mi->mi_targets[ mi->mi_ntargets - 1 ]->mt_flags
699 Debug( LDAP_DEBUG_ANY,
700 "%s: line %d: \"tls <what>\" needs 1 argument.\n",
706 if ( strcasecmp( argv[ 1 ], "start" ) == 0 ) {
707 *flagsp |= ( LDAP_BACK_F_USE_TLS | LDAP_BACK_F_TLS_CRITICAL );
710 } else if ( strcasecmp( argv[ 1 ], "try-start" ) == 0 ) {
711 *flagsp &= ~LDAP_BACK_F_TLS_CRITICAL;
712 *flagsp |= LDAP_BACK_F_USE_TLS;
714 /* propagate start tls */
715 } else if ( strcasecmp( argv[ 1 ], "propagate" ) == 0 ) {
716 *flagsp |= ( LDAP_BACK_F_PROPAGATE_TLS | LDAP_BACK_F_TLS_CRITICAL );
719 } else if ( strcasecmp( argv[ 1 ], "try-propagate" ) == 0 ) {
720 *flagsp &= ~LDAP_BACK_F_TLS_CRITICAL;
721 *flagsp |= LDAP_BACK_F_PROPAGATE_TLS;
724 Debug( LDAP_DEBUG_ANY,
725 "%s: line %d: \"tls <what>\": unknown argument \"%s\".\n",
726 fname, lineno, argv[ 1 ] );
730 } else if ( strcasecmp( argv[ 0 ], "t-f-support" ) == 0 ) {
731 unsigned *flagsp = mi->mi_ntargets ?
732 &mi->mi_targets[ mi->mi_ntargets - 1 ]->mt_flags
736 Debug( LDAP_DEBUG_ANY,
737 "%s: line %d: \"t-f-support {FALSE|true|discover}\" needs 1 argument.\n",
742 switch ( check_true_false( argv[ 1 ] ) ) {
744 *flagsp &= ~LDAP_BACK_F_T_F_MASK2;
748 *flagsp |= LDAP_BACK_F_T_F;
752 if ( strcasecmp( argv[ 1 ], "discover" ) == 0 ) {
753 *flagsp |= LDAP_BACK_F_T_F_DISCOVER;
756 Debug( LDAP_DEBUG_ANY,
757 "%s: line %d: unknown value \"%s\" for \"t-f-support {no|yes|discover}\".\n",
758 fname, lineno, argv[ 1 ] );
765 } else if ( strcasecmp( argv[ 0 ], "onerr" ) == 0 ) {
767 Debug( LDAP_DEBUG_ANY,
768 "%s: line %d: \"onerr {CONTINUE|report|stop}\" takes 1 argument\n",
773 if ( strcasecmp( argv[ 1 ], "continue" ) == 0 ) {
774 mi->mi_flags &= ~META_BACK_F_ONERR_MASK;
776 } else if ( strcasecmp( argv[ 1 ], "stop" ) == 0 ) {
777 mi->mi_flags |= META_BACK_F_ONERR_STOP;
779 } else if ( strcasecmp( argv[ 1 ], "report" ) == 0 ) {
780 mi->mi_flags |= META_BACK_F_ONERR_REPORT;
783 Debug( LDAP_DEBUG_ANY,
784 "%s: line %d: \"onerr {CONTINUE|report|stop}\": invalid arg \"%s\".\n",
785 fname, lineno, argv[ 1 ] );
790 } else if ( strcasecmp( argv[ 0 ], "pseudoroot-bind-defer" ) == 0
791 || strcasecmp( argv[ 0 ], "root-bind-defer" ) == 0 )
794 Debug( LDAP_DEBUG_ANY,
795 "%s: line %d: \"[pseudo]root-bind-defer {FALSE|true}\" takes 1 argument\n",
800 switch ( check_true_false( argv[ 1 ] ) ) {
802 mi->mi_flags &= ~META_BACK_F_DEFER_ROOTDN_BIND;
806 mi->mi_flags |= META_BACK_F_DEFER_ROOTDN_BIND;
810 Debug( LDAP_DEBUG_ANY,
811 "%s: line %d: \"[pseudo]root-bind-defer {FALSE|true}\": invalid arg \"%s\".\n",
812 fname, lineno, argv[ 1 ] );
817 } else if ( strcasecmp( argv[ 0 ], "single-conn" ) == 0 ) {
819 Debug( LDAP_DEBUG_ANY,
820 "%s: line %d: \"single-conn {FALSE|true}\" takes 1 argument\n",
825 if ( mi->mi_ntargets > 0 ) {
826 Debug( LDAP_DEBUG_ANY,
827 "%s: line %d: \"single-conn\" must appear before target definitions\n",
832 switch ( check_true_false( argv[ 1 ] ) ) {
834 mi->mi_flags &= ~LDAP_BACK_F_SINGLECONN;
838 mi->mi_flags |= LDAP_BACK_F_SINGLECONN;
842 Debug( LDAP_DEBUG_ANY,
843 "%s: line %d: \"single-conn {FALSE|true}\": invalid arg \"%s\".\n",
844 fname, lineno, argv[ 1 ] );
848 /* use-temporaries? */
849 } else if ( strcasecmp( argv[ 0 ], "use-temporary-conn" ) == 0 ) {
851 Debug( LDAP_DEBUG_ANY,
852 "%s: line %d: \"use-temporary-conn {FALSE|true}\" takes 1 argument\n",
857 if ( mi->mi_ntargets > 0 ) {
858 Debug( LDAP_DEBUG_ANY,
859 "%s: line %d: \"use-temporary-conn\" must appear before target definitions\n",
864 switch ( check_true_false( argv[ 1 ] ) ) {
866 mi->mi_flags &= ~LDAP_BACK_F_USE_TEMPORARIES;
870 mi->mi_flags |= LDAP_BACK_F_USE_TEMPORARIES;
874 Debug( LDAP_DEBUG_ANY,
875 "%s: line %d: \"use-temporary-conn {FALSE|true}\": invalid arg \"%s\".\n",
876 fname, lineno, argv[ 1 ] );
880 } else if ( strcasecmp( argv[ 0 ], "cancel" ) == 0 ) {
882 unsigned *flagsp = mi->mi_ntargets ?
883 &mi->mi_targets[ mi->mi_ntargets - 1 ]->mt_flags
887 Debug( LDAP_DEBUG_ANY,
888 "%s: line %d: \"cancel {abandon|ignore|exop}\" takes 1 argument\n",
893 if ( strcasecmp( argv[ 1 ], "abandon" ) == 0 ) {
894 flag = LDAP_BACK_F_CANCEL_ABANDON;
896 } else if ( strcasecmp( argv[ 1 ], "ignore" ) == 0 ) {
897 flag = LDAP_BACK_F_CANCEL_IGNORE;
899 } else if ( strcasecmp( argv[ 1 ], "exop" ) == 0 ) {
900 flag = LDAP_BACK_F_CANCEL_EXOP;
902 } else if ( strcasecmp( argv[ 1 ], "exop-discover" ) == 0 ) {
903 flag = LDAP_BACK_F_CANCEL_EXOP_DISCOVER;
906 Debug( LDAP_DEBUG_ANY,
907 "%s: line %d: \"cancel {abandon|ignore|exop[-discover]}\": unknown mode \"%s\" \n",
908 fname, lineno, argv[ 1 ] );
912 *flagsp &= ~LDAP_BACK_F_CANCEL_MASK2;
915 } else if ( strcasecmp( argv[ 0 ], "timeout" ) == 0 ) {
917 time_t *tv = mi->mi_ntargets ?
918 mi->mi_targets[ mi->mi_ntargets - 1 ]->mt_timeout
923 Debug( LDAP_DEBUG_ANY,
924 "%s: line %d: \"timeout [{add|bind|delete|modify|modrdn}=]<val> [...]\" takes at least 1 argument\n",
929 for ( c = 1; c < argc; c++ ) {
933 sep = strchr( argv[ c ], '=' );
935 size_t len = sep - argv[ c ];
937 if ( strncasecmp( argv[ c ], "bind", len ) == 0 ) {
938 t = &tv[ SLAP_OP_BIND ];
939 /* unbind makes little sense */
940 } else if ( strncasecmp( argv[ c ], "add", len ) == 0 ) {
941 t = &tv[ SLAP_OP_ADD ];
942 } else if ( strncasecmp( argv[ c ], "delete", len ) == 0 ) {
943 t = &tv[ SLAP_OP_DELETE ];
944 } else if ( strncasecmp( argv[ c ], "modrdn", len ) == 0 ) {
945 t = &tv[ SLAP_OP_MODRDN ];
946 } else if ( strncasecmp( argv[ c ], "modify", len ) == 0 ) {
947 t = &tv[ SLAP_OP_MODIFY ];
948 } else if ( strncasecmp( argv[ c ], "compare", len ) == 0 ) {
949 t = &tv[ SLAP_OP_COMPARE ];
950 #if 0 /* uses timelimit instead */
951 } else if ( strncasecmp( argv[ c ], "search", len ) == 0 ) {
952 t = &tv[ SLAP_OP_SEARCH ];
954 /* abandon makes little sense */
955 #if 0 /* not implemented yet */
956 } else if ( strncasecmp( argv[ c ], "extended", len ) == 0 ) {
957 t = &tv[ SLAP_OP_EXTENDED ];
960 char buf[ SLAP_TEXT_BUFLEN ];
961 snprintf( buf, sizeof( buf ),
962 "unknown/unhandled operation \"%s\" for timeout #%d",
964 Debug( LDAP_DEBUG_ANY,
965 "%s: line %d: %s.\n",
966 fname, lineno, buf );
975 if ( lutil_parse_time( sep, &val ) != 0 ) {
976 Debug( LDAP_DEBUG_ANY,
977 "%s: line %d: unable to parse value \"%s\" for timeout.\n",
978 fname, lineno, sep );
988 for ( i = 0; i < SLAP_OP_LAST; i++ ) {
989 tv[ i ] = (time_t)val;
994 /* name to use as pseudo-root dn */
995 } else if ( strcasecmp( argv[ 0 ], "pseudorootdn" ) == 0 ) {
996 int i = mi->mi_ntargets - 1;
999 Debug( LDAP_DEBUG_ANY,
1000 "%s: line %d: need \"uri\" directive first\n",
1006 Debug( LDAP_DEBUG_ANY,
1007 "%s: line %d: missing name in \"pseudorootdn <name>\" line\n",
1013 * exact replacement:
1016 idassert-bind bindmethod=simple
1017 binddn=<pseudorootdn>
1018 credentials=<pseudorootpw>
1020 flags=non-prescriptive
1021 idassert-authzFrom "dn:<rootdn>"
1023 * so that only when authc'd as <rootdn> the proxying occurs
1024 * rebinding as the <pseudorootdn> without proxyAuthz.
1027 Debug( LDAP_DEBUG_ANY,
1028 "%s: line %d: \"pseudorootdn\", \"pseudorootpw\" are no longer supported; "
1029 "use \"idassert-bind\" and \"idassert-authzFrom\" instead.\n",
1033 char binddn[ SLAP_TEXT_BUFLEN ];
1036 "bindmethod=simple",
1039 "flags=non-prescriptive",
1045 if ( BER_BVISNULL( &be->be_rootndn ) ) {
1046 Debug( LDAP_DEBUG_ANY, "%s: line %d: \"pseudorootpw\": \"rootdn\" must be defined first.\n",
1051 if ( snprintf( binddn, sizeof( binddn ), "binddn=%s", argv[ 1 ] ) >= sizeof( binddn ) ) {
1052 Debug( LDAP_DEBUG_ANY, "%s: line %d: \"pseudorootdn\" too long.\n",
1056 cargv[ 2 ] = binddn;
1058 rc = slap_idassert_parse_cf( fname, lineno, cargc, cargv, &mi->mi_targets[ mi->mi_ntargets - 1 ]->mt_idassert );
1062 if ( mi->mi_targets[ mi->mi_ntargets - 1 ]->mt_idassert_authz != NULL ) {
1063 Debug( LDAP_DEBUG_ANY, "%s: line %d: \"idassert-authzFrom\" already defined (discarded).\n",
1065 ber_bvarray_free( mi->mi_targets[ mi->mi_ntargets - 1 ]->mt_idassert_authz );
1066 mi->mi_targets[ mi->mi_ntargets - 1 ]->mt_idassert_authz = NULL;
1069 assert( !BER_BVISNULL( &mi->mi_targets[ mi->mi_ntargets - 1 ]->mt_idassert_authcDN ) );
1071 bv.bv_len = STRLENOF( "dn:" ) + be->be_rootndn.bv_len;
1072 bv.bv_val = ber_memalloc( bv.bv_len + 1 );
1073 AC_MEMCPY( bv.bv_val, "dn:", STRLENOF( "dn:" ) );
1074 AC_MEMCPY( &bv.bv_val[ STRLENOF( "dn:" ) ], be->be_rootndn.bv_val, be->be_rootndn.bv_len + 1 );
1076 ber_bvarray_add( &mi->mi_targets[ mi->mi_ntargets - 1 ]->mt_idassert_authz, &bv );
1082 /* password to use as pseudo-root */
1083 } else if ( strcasecmp( argv[ 0 ], "pseudorootpw" ) == 0 ) {
1084 int i = mi->mi_ntargets - 1;
1087 Debug( LDAP_DEBUG_ANY,
1088 "%s: line %d: need \"uri\" directive first\n",
1094 Debug( LDAP_DEBUG_ANY,
1095 "%s: line %d: missing password in \"pseudorootpw <password>\" line\n",
1100 Debug( LDAP_DEBUG_ANY,
1101 "%s: line %d: \"pseudorootdn\", \"pseudorootpw\" are no longer supported; "
1102 "use \"idassert-bind\" and \"idassert-authzFrom\" instead.\n",
1105 if ( BER_BVISNULL( &mi->mi_targets[ i ]->mt_idassert_authcDN ) ) {
1106 Debug( LDAP_DEBUG_ANY, "%s: line %d: \"pseudorootpw\": \"pseudorootdn\" must be defined first.\n",
1111 if ( !BER_BVISNULL( &mi->mi_targets[ i ]->mt_idassert_passwd ) ) {
1112 memset( mi->mi_targets[ i ]->mt_idassert_passwd.bv_val, 0,
1113 mi->mi_targets[ i ]->mt_idassert_passwd.bv_len );
1114 ber_memfree( mi->mi_targets[ i ]->mt_idassert_passwd.bv_val );
1116 ber_str2bv( argv[ 1 ], 0, 1, &mi->mi_targets[ i ]->mt_idassert_passwd );
1119 } else if ( strcasecmp( argv[ 0 ], "idassert-bind" ) == 0 ) {
1120 if ( mi->mi_ntargets == 0 ) {
1121 Debug( LDAP_DEBUG_ANY,
1122 "%s: line %d: \"idassert-bind\" "
1123 "must appear inside a target specification.\n",
1128 return slap_idassert_parse_cf( fname, lineno, argc, argv, &mi->mi_targets[ mi->mi_ntargets - 1 ]->mt_idassert );
1130 /* idassert-authzFrom */
1131 } else if ( strcasecmp( argv[ 0 ], "idassert-authzFrom" ) == 0 ) {
1132 if ( mi->mi_ntargets == 0 ) {
1133 Debug( LDAP_DEBUG_ANY,
1134 "%s: line %d: \"idassert-bind\" "
1135 "must appear inside a target specification.\n",
1145 Debug( LDAP_DEBUG_ANY,
1146 "%s: line %d: missing <id> in \"idassert-authzFrom <id>\".\n",
1151 Debug( LDAP_DEBUG_ANY,
1152 "%s: line %d: extra cruft after <id> in \"idassert-authzFrom <id>\".\n",
1157 return slap_idassert_authzfrom_parse_cf( fname, lineno, argv[ 1 ], &mi->mi_targets[ mi->mi_ntargets - 1 ]->mt_idassert );
1160 } else if ( strcasecmp( argv[ 0 ], "quarantine" ) == 0 ) {
1161 char buf[ SLAP_TEXT_BUFLEN ] = { '\0' };
1162 slap_retry_info_t *ri = mi->mi_ntargets ?
1163 &mi->mi_targets[ mi->mi_ntargets - 1 ]->mt_quarantine
1164 : &mi->mi_quarantine;
1166 if ( ( mi->mi_ntargets == 0 && META_BACK_QUARANTINE( mi ) )
1167 || ( mi->mi_ntargets > 0 && META_BACK_TGT_QUARANTINE( mi->mi_targets[ mi->mi_ntargets - 1 ] ) ) )
1169 Debug( LDAP_DEBUG_ANY,
1170 "%s: line %d: quarantine already defined.\n",
1180 Debug( LDAP_DEBUG_ANY,
1181 "%s: line %d: missing arg in \"quarantine <pattern list>\".\n",
1186 Debug( LDAP_DEBUG_ANY,
1187 "%s: line %d: extra cruft after \"quarantine <pattern list>\".\n",
1192 if ( ri != &mi->mi_quarantine ) {
1193 ri->ri_interval = NULL;
1197 if ( mi->mi_ntargets > 0 && !META_BACK_QUARANTINE( mi ) ) {
1198 ldap_pvt_thread_mutex_init( &mi->mi_targets[ mi->mi_ntargets - 1 ]->mt_quarantine_mutex );
1201 if ( slap_retry_info_parse( argv[ 1 ], ri, buf, sizeof( buf ) ) ) {
1202 Debug( LDAP_DEBUG_ANY,
1203 "%s line %d: %s.\n",
1204 fname, lineno, buf );
1209 } else if ( strcasecmp( argv[ 0 ], "suffixmassage" ) == 0 ) {
1211 int i = mi->mi_ntargets - 1, rc;
1212 struct berval dn, nvnc, pvnc, nrnc, prnc;
1215 Debug( LDAP_DEBUG_ANY,
1216 "%s: line %d: need \"uri\" directive first\n",
1224 * suffixmassage <suffix> <massaged suffix>
1226 * the <suffix> field must be defined as a valid suffix
1227 * (or suffixAlias?) for the current database;
1228 * the <massaged suffix> shouldn't have already been
1229 * defined as a valid suffix or suffixAlias for the
1233 Debug( LDAP_DEBUG_ANY,
1234 "%s: line %d: syntax is \"suffixMassage <suffix> <massaged suffix>\"\n",
1239 ber_str2bv( argv[ 1 ], 0, 0, &dn );
1240 if ( dnPrettyNormal( NULL, &dn, &pvnc, &nvnc, NULL ) != LDAP_SUCCESS ) {
1241 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
1242 "suffix '%s' is invalid\n",
1243 fname, lineno, argv[ 1 ] );
1247 tmp_be = select_backend( &nvnc, 0, 0 );
1248 if ( tmp_be != NULL && tmp_be != be ) {
1249 Debug( LDAP_DEBUG_ANY,
1250 "%s: line %d: suffix already in use by another backend in"
1251 " \"suffixMassage <suffix> <massaged suffix>\"\n",
1253 free( pvnc.bv_val );
1254 free( nvnc.bv_val );
1258 ber_str2bv( argv[ 2 ], 0, 0, &dn );
1259 if ( dnPrettyNormal( NULL, &dn, &prnc, &nrnc, NULL ) != LDAP_SUCCESS ) {
1260 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
1261 "massaged suffix '%s' is invalid\n",
1262 fname, lineno, argv[ 2 ] );
1263 free( pvnc.bv_val );
1264 free( nvnc.bv_val );
1269 tmp_be = select_backend( &nrnc, 0, 0 );
1270 if ( tmp_be != NULL ) {
1271 Debug( LDAP_DEBUG_ANY,
1272 "%s: line %d: massaged suffix already in use by another backend in"
1273 " \"suffixMassage <suffix> <massaged suffix>\"\n",
1275 free( pvnc.bv_val );
1276 free( nvnc.bv_val );
1277 free( prnc.bv_val );
1278 free( nrnc.bv_val );
1284 * The suffix massaging is emulated by means of the
1285 * rewrite capabilities
1286 * FIXME: no extra rewrite capabilities should be added
1289 rc = suffix_massage_config( mi->mi_targets[ i ]->mt_rwmap.rwm_rw,
1290 &pvnc, &nvnc, &prnc, &nrnc );
1292 free( pvnc.bv_val );
1293 free( nvnc.bv_val );
1294 free( prnc.bv_val );
1295 free( nrnc.bv_val );
1299 /* rewrite stuff ... */
1300 } else if ( strncasecmp( argv[ 0 ], "rewrite", 7 ) == 0 ) {
1301 int i = mi->mi_ntargets - 1;
1304 Debug( LDAP_DEBUG_ANY, "%s: line %d: \"rewrite\" "
1305 "statement outside target definition.\n",
1310 return rewrite_parse( mi->mi_targets[ i ]->mt_rwmap.rwm_rw,
1311 fname, lineno, argc, argv );
1313 /* objectclass/attribute mapping */
1314 } else if ( strcasecmp( argv[ 0 ], "map" ) == 0 ) {
1315 int i = mi->mi_ntargets - 1;
1318 Debug( LDAP_DEBUG_ANY,
1319 "%s: line %d: need \"uri\" directive first\n",
1324 return ldap_back_map_config( &mi->mi_targets[ i ]->mt_rwmap.rwm_oc,
1325 &mi->mi_targets[ i ]->mt_rwmap.rwm_at,
1326 fname, lineno, argc, argv );
1328 } else if ( strcasecmp( argv[ 0 ], "nretries" ) == 0 ) {
1329 int i = mi->mi_ntargets - 1;
1330 int nretries = META_RETRY_UNDEFINED;
1333 Debug( LDAP_DEBUG_ANY,
1334 "%s: line %d: need value in \"nretries <value>\"\n",
1339 if ( strcasecmp( argv[ 1 ], "forever" ) == 0 ) {
1340 nretries = META_RETRY_FOREVER;
1342 } else if ( strcasecmp( argv[ 1 ], "never" ) == 0 ) {
1343 nretries = META_RETRY_NEVER;
1346 if ( lutil_atoi( &nretries, argv[ 1 ] ) != 0 ) {
1347 Debug( LDAP_DEBUG_ANY,
1348 "%s: line %d: unable to parse value \"%s\" in \"nretries <value>\"\n",
1349 fname, lineno, argv[ 1 ] );
1355 mi->mi_nretries = nretries;
1358 mi->mi_targets[ i ]->mt_nretries = nretries;
1361 } else if ( strcasecmp( argv[ 0 ], "protocol-version" ) == 0 ) {
1362 int *version = mi->mi_ntargets ?
1363 &mi->mi_targets[ mi->mi_ntargets - 1 ]->mt_version
1367 Debug( LDAP_DEBUG_ANY,
1368 "%s: line %d: need value in \"protocol-version <version>\"\n",
1373 if ( lutil_atoi( version, argv[ 1 ] ) != 0 ) {
1374 Debug( LDAP_DEBUG_ANY,
1375 "%s: line %d: unable to parse version \"%s\" in \"protocol-version <version>\"\n",
1376 fname, lineno, argv[ 1 ] );
1380 if ( *version != 0 && ( *version < LDAP_VERSION_MIN || *version > LDAP_VERSION_MAX ) ) {
1381 Debug( LDAP_DEBUG_ANY,
1382 "%s: line %d: unsupported version \"%s\" in \"protocol-version <version>\"\n",
1383 fname, lineno, argv[ 1 ] );
1389 return SLAP_CONF_UNKNOWN;
1395 ldap_back_map_config(
1396 struct ldapmap *oc_map,
1397 struct ldapmap *at_map,
1403 struct ldapmap *map;
1404 struct ldapmapping *mapping;
1408 if ( argc < 3 || argc > 4 ) {
1409 Debug( LDAP_DEBUG_ANY,
1410 "%s: line %d: syntax is \"map {objectclass | attribute} [<local> | *] {<foreign> | *}\"\n",
1415 if ( strcasecmp( argv[ 1 ], "objectclass" ) == 0 ) {
1419 } else if ( strcasecmp( argv[ 1 ], "attribute" ) == 0 ) {
1423 Debug( LDAP_DEBUG_ANY, "%s: line %d: syntax is "
1424 "\"map {objectclass | attribute} [<local> | *] "
1425 "{<foreign> | *}\"\n",
1430 if ( strcmp( argv[ 2 ], "*" ) == 0 ) {
1431 if ( argc < 4 || strcmp( argv[ 3 ], "*" ) == 0 ) {
1432 map->drop_missing = ( argc < 4 );
1433 goto success_return;
1435 src = dst = argv[ 3 ];
1437 } else if ( argc < 4 ) {
1443 dst = ( strcmp( argv[ 3 ], "*" ) == 0 ? src : argv[ 3 ] );
1446 if ( ( map == at_map )
1447 && ( strcasecmp( src, "objectclass" ) == 0
1448 || strcasecmp( dst, "objectclass" ) == 0 ) )
1450 Debug( LDAP_DEBUG_ANY,
1451 "%s: line %d: objectclass attribute cannot be mapped\n",
1455 mapping = (struct ldapmapping *)ch_calloc( 2,
1456 sizeof(struct ldapmapping) );
1457 if ( mapping == NULL ) {
1458 Debug( LDAP_DEBUG_ANY,
1459 "%s: line %d: out of memory\n",
1463 ber_str2bv( src, 0, 1, &mapping[ 0 ].src );
1464 ber_str2bv( dst, 0, 1, &mapping[ 0 ].dst );
1465 mapping[ 1 ].src = mapping[ 0 ].dst;
1466 mapping[ 1 ].dst = mapping[ 0 ].src;
1472 if ( src[ 0 ] != '\0' ) {
1473 if ( oc_bvfind( &mapping[ 0 ].src ) == NULL ) {
1474 Debug( LDAP_DEBUG_ANY,
1475 "%s: line %d: warning, source objectClass '%s' "
1476 "should be defined in schema\n",
1477 fname, lineno, src );
1480 * FIXME: this should become an err
1486 if ( oc_bvfind( &mapping[ 0 ].dst ) == NULL ) {
1487 Debug( LDAP_DEBUG_ANY,
1488 "%s: line %d: warning, destination objectClass '%s' "
1489 "is not defined in schema\n",
1490 fname, lineno, dst );
1494 const char *text = NULL;
1495 AttributeDescription *ad = NULL;
1497 if ( src[ 0 ] != '\0' ) {
1498 rc = slap_bv2ad( &mapping[ 0 ].src, &ad, &text );
1499 if ( rc != LDAP_SUCCESS ) {
1500 Debug( LDAP_DEBUG_ANY,
1501 "%s: line %d: warning, source attributeType '%s' "
1502 "should be defined in schema\n",
1503 fname, lineno, src );
1506 * FIXME: this should become an err
1509 * we create a fake "proxied" ad
1513 rc = slap_bv2undef_ad( &mapping[ 0 ].src,
1514 &ad, &text, SLAP_AD_PROXIED );
1515 if ( rc != LDAP_SUCCESS ) {
1516 char buf[ SLAP_TEXT_BUFLEN ];
1518 snprintf( buf, sizeof( buf ),
1519 "source attributeType \"%s\": %d (%s)",
1520 src, rc, text ? text : "" );
1521 Debug( LDAP_DEBUG_ANY,
1522 "%s: line %d: %s\n",
1523 fname, lineno, buf );
1531 rc = slap_bv2ad( &mapping[ 0 ].dst, &ad, &text );
1532 if ( rc != LDAP_SUCCESS ) {
1533 Debug( LDAP_DEBUG_ANY,
1534 "%s: line %d: warning, destination attributeType '%s' "
1535 "is not defined in schema\n",
1536 fname, lineno, dst );
1539 * we create a fake "proxied" ad
1543 rc = slap_bv2undef_ad( &mapping[ 0 ].dst,
1544 &ad, &text, SLAP_AD_PROXIED );
1545 if ( rc != LDAP_SUCCESS ) {
1546 char buf[ SLAP_TEXT_BUFLEN ];
1548 snprintf( buf, sizeof( buf ),
1549 "source attributeType \"%s\": %d (%s)\n",
1550 dst, rc, text ? text : "" );
1551 Debug( LDAP_DEBUG_ANY,
1552 "%s: line %d: %s\n",
1553 fname, lineno, buf );
1559 if ( (src[ 0 ] != '\0' && avl_find( map->map, (caddr_t)&mapping[ 0 ], mapping_cmp ) != NULL)
1560 || avl_find( map->remap, (caddr_t)&mapping[ 1 ], mapping_cmp ) != NULL)
1562 Debug( LDAP_DEBUG_ANY,
1563 "%s: line %d: duplicate mapping found.\n",
1568 if ( src[ 0 ] != '\0' ) {
1569 avl_insert( &map->map, (caddr_t)&mapping[ 0 ],
1570 mapping_cmp, mapping_dup );
1572 avl_insert( &map->remap, (caddr_t)&mapping[ 1 ],
1573 mapping_cmp, mapping_dup );
1576 if ( !is_oc && map->map == NULL ) {
1577 /* only init if required */
1578 ldap_back_map_init( map, &mapping );
1585 ch_free( mapping[ 0 ].src.bv_val );
1586 ch_free( mapping[ 0 ].dst.bv_val );
1594 #ifdef ENABLE_REWRITE
1596 suffix_massage_regexize( const char *s )
1602 if ( s[ 0 ] == '\0' ) {
1603 return ch_strdup( "^(.+)$" );
1607 ( r = strchr( p, ',' ) ) != NULL;
1611 res = ch_calloc( sizeof( char ),
1613 + STRLENOF( "((.+),)?" )
1614 + STRLENOF( "[ ]?" ) * i
1615 + STRLENOF( "$" ) + 1 );
1617 ptr = lutil_strcopy( res, "((.+),)?" );
1619 ( r = strchr( p, ',' ) ) != NULL;
1621 ptr = lutil_strncopy( ptr, p, r - p + 1 );
1622 ptr = lutil_strcopy( ptr, "[ ]?" );
1624 if ( r[ 1 ] == ' ' ) {
1628 ptr = lutil_strcopy( ptr, p );
1637 suffix_massage_patternize( const char *s, const char *p )
1644 if ( s[ 0 ] == '\0' ) {
1648 res = ch_calloc( sizeof( char ), len + STRLENOF( "%1" ) + 1 );
1649 if ( res == NULL ) {
1653 ptr = lutil_strcopy( res, ( p[ 0 ] == '\0' ? "%2" : "%1" ) );
1654 if ( s[ 0 ] == '\0' ) {
1658 lutil_strcopy( ptr, p );
1664 suffix_massage_config(
1665 struct rewrite_info *info,
1666 struct berval *pvnc,
1667 struct berval *nvnc,
1668 struct berval *prnc,
1675 rargv[ 0 ] = "rewriteEngine";
1678 rewrite_parse( info, "<suffix massage>", ++line, 2, rargv );
1680 rargv[ 0 ] = "rewriteContext";
1681 rargv[ 1 ] = "default";
1683 rewrite_parse( info, "<suffix massage>", ++line, 2, rargv );
1685 rargv[ 0 ] = "rewriteRule";
1686 rargv[ 1 ] = suffix_massage_regexize( pvnc->bv_val );
1687 rargv[ 2 ] = suffix_massage_patternize( pvnc->bv_val, prnc->bv_val );
1690 rewrite_parse( info, "<suffix massage>", ++line, 4, rargv );
1691 ch_free( rargv[ 1 ] );
1692 ch_free( rargv[ 2 ] );
1694 if ( BER_BVISEMPTY( pvnc ) ) {
1695 rargv[ 0 ] = "rewriteRule";
1697 rargv[ 2 ] = prnc->bv_val;
1700 rewrite_parse( info, "<suffix massage>", ++line, 4, rargv );
1703 rargv[ 0 ] = "rewriteContext";
1704 rargv[ 1 ] = "searchEntryDN";
1706 rewrite_parse( info, "<suffix massage>", ++line, 2, rargv );
1708 rargv[ 0 ] = "rewriteRule";
1709 rargv[ 1 ] = suffix_massage_regexize( prnc->bv_val );
1710 rargv[ 2 ] = suffix_massage_patternize( prnc->bv_val, pvnc->bv_val );
1713 rewrite_parse( info, "<suffix massage>", ++line, 4, rargv );
1714 ch_free( rargv[ 1 ] );
1715 ch_free( rargv[ 2 ] );
1717 if ( BER_BVISEMPTY( prnc ) ) {
1718 rargv[ 0 ] = "rewriteRule";
1720 rargv[ 2 ] = pvnc->bv_val;
1723 rewrite_parse( info, "<suffix massage>", ++line, 4, rargv );
1726 /* backward compatibility */
1727 rargv[ 0 ] = "rewriteContext";
1728 rargv[ 1 ] = "searchResult";
1729 rargv[ 2 ] = "alias";
1730 rargv[ 3 ] = "searchEntryDN";
1732 rewrite_parse( info, "<suffix massage>", ++line, 4, rargv );
1734 rargv[ 0 ] = "rewriteContext";
1735 rargv[ 1 ] = "matchedDN";
1736 rargv[ 2 ] = "alias";
1737 rargv[ 3 ] = "searchEntryDN";
1739 rewrite_parse( info, "<suffix massage>", ++line, 4, rargv );
1741 rargv[ 0 ] = "rewriteContext";
1742 rargv[ 1 ] = "searchAttrDN";
1743 rargv[ 2 ] = "alias";
1744 rargv[ 3 ] = "searchEntryDN";
1746 rewrite_parse( info, "<suffix massage>", ++line, 4, rargv );
1748 /* NOTE: this corresponds to #undef'ining RWM_REFERRAL_REWRITE;
1749 * see servers/slapd/overlays/rwm.h for details */
1750 rargv[ 0 ] = "rewriteContext";
1751 rargv[ 1 ] = "referralAttrDN";
1753 rewrite_parse( info, "<suffix massage>", ++line, 2, rargv );
1755 rargv[ 0 ] = "rewriteContext";
1756 rargv[ 1 ] = "referralDN";
1758 rewrite_parse( info, "<suffix massage>", ++line, 2, rargv );
1762 #endif /* ENABLE_REWRITE */