2 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
4 * Copyright 1999-2006 The OpenLDAP Foundation.
5 * Portions Copyright 2001-2003 Pierangelo Masarati.
6 * Portions Copyright 1999-2003 Howard Chu.
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted only as authorized by the OpenLDAP
13 * A copy of this license is available in the file LICENSE in the
14 * top-level directory of the distribution or, alternatively, at
15 * <http://www.OpenLDAP.org/license.html>.
18 * This work was initially developed by the Howard Chu for inclusion
19 * in OpenLDAP Software and subsequently enhanced by Pierangelo
27 #include <ac/string.h>
28 #include <ac/socket.h>
32 #include "../back-ldap/back-ldap.h"
33 #undef ldap_debug /* silence a warning in ldap-int.h */
34 #include "../../../libraries/libldap/ldap-int.h"
35 #include "back-meta.h"
41 struct ldapmapping *mapping;
47 mt = ch_calloc( sizeof( metatarget_t ), 1 );
49 mt->mt_rwmap.rwm_rw = rewrite_info_init( REWRITE_MODE_USE_DEFAULT );
50 if ( mt->mt_rwmap.rwm_rw == NULL ) {
57 * the filter rewrite as a string must be disabled
58 * by default; it can be re-enabled by adding rules;
59 * this creates an empty rewriteContext
61 rargv[ 0 ] = "rewriteContext";
62 rargv[ 1 ] = "searchFilter";
64 rewrite_parse( mt->mt_rwmap.rwm_rw, "<suffix massage>", 1, 2, rargv );
66 rargv[ 0 ] = "rewriteContext";
67 rargv[ 1 ] = "default";
69 rewrite_parse( mt->mt_rwmap.rwm_rw, "<suffix massage>", 1, 2, rargv );
71 ldap_back_map_init( &mt->mt_rwmap.rwm_at, &mapping );
73 ldap_pvt_thread_mutex_init( &mt->mt_uri_mutex );
75 mt->mt_idassert_mode = LDAP_BACK_IDASSERT_LEGACY;
76 mt->mt_idassert_authmethod = LDAP_AUTH_NONE;
77 mt->mt_idassert_tls = SB_TLS_DEFAULT;
79 /* by default, use proxyAuthz control on each operation */
80 mt->mt_idassert_flags = LDAP_BACK_AUTH_PRESCRIPTIVE;
88 check_true_false( char *str )
90 if ( strcasecmp( str, "true" ) == 0 || strcasecmp( str, "yes" ) == 0 ) {
94 if ( strcasecmp( str, "false" ) == 0 || strcasecmp( str, "no" ) == 0 ) {
111 metainfo_t *mi = ( metainfo_t * )be->be_private;
113 assert( mi != NULL );
115 /* URI of server to query */
116 if ( strcasecmp( argv[ 0 ], "uri" ) == 0 ) {
117 int i = mi->mi_ntargets;
120 #endif /* uncomment if uri MUST be a branch of suffix */
121 LDAPURLDesc *ludp, *tmpludp;
130 Debug( LDAP_DEBUG_ANY,
131 "%s: line %d: missing URI "
132 "in \"uri <protocol>://<server>[:port]/<naming context>\" line\n",
140 Debug( LDAP_DEBUG_ANY,
141 "%s: line %d: too many args "
142 "in \"uri <protocol>://<server>[:port]/<naming context>\" line\n",
147 if ( be->be_nsuffix == NULL ) {
148 Debug( LDAP_DEBUG_ANY,
149 "%s: line %d: the suffix must be defined before any target.\n",
156 mi->mi_targets = ( metatarget_t ** )ch_realloc( mi->mi_targets,
157 sizeof( metatarget_t * ) * mi->mi_ntargets );
158 if ( mi->mi_targets == NULL ) {
159 Debug( LDAP_DEBUG_ANY,
160 "%s: line %d: out of memory while storing server name"
161 " in \"uri <protocol>://<server>[:port]/<naming context>\" line\n",
166 if ( meta_back_new_target( &mi->mi_targets[ i ] ) != 0 ) {
167 Debug( LDAP_DEBUG_ANY,
168 "%s: line %d: unable to init server"
169 " in \"uri <protocol>://<server>[:port]/<naming context>\" line\n",
174 mt = mi->mi_targets[ i ];
176 mt->mt_rebind_f = mi->mi_rebind_f;
177 mt->mt_urllist_f = mi->mi_urllist_f;
178 mt->mt_urllist_p = mt;
180 mt->mt_nretries = mi->mi_nretries;
181 mt->mt_quarantine = mi->mi_quarantine;
182 if ( META_BACK_QUARANTINE( mi ) ) {
183 ldap_pvt_thread_mutex_init( &mt->mt_quarantine_mutex );
185 mt->mt_flags = mi->mi_flags;
186 mt->mt_version = mi->mi_version;
187 mt->mt_network_timeout = mi->mi_network_timeout;
188 mt->mt_bind_timeout = mi->mi_bind_timeout;
189 for ( c = 0; c < SLAP_OP_LAST; c++ ) {
190 mt->mt_timeout[ c ] = mi->mi_timeout[ c ];
196 if ( ldap_url_parselist_ext( &ludp, argv[ 1 ], "\t",
197 LDAP_PVT_URL_PARSE_NONE ) != LDAP_SUCCESS )
199 Debug( LDAP_DEBUG_ANY,
200 "%s: line %d: unable to parse URI"
201 " in \"uri <protocol>://<server>[:port]/<naming context>\" line\n",
207 * uri MUST have the <dn> part!
209 if ( ludp->lud_dn == NULL ) {
210 Debug( LDAP_DEBUG_ANY,
211 "%s: line %d: missing <naming context> "
212 " in \"uri <protocol>://<server>[:port]/<naming context>\" line\n",
216 } else if ( ludp->lud_dn[ 0 ] == '\0' ) {
219 for ( j = 0; !BER_BVISNULL( &be->be_nsuffix[ j ] ); j++ ) {
220 if ( BER_BVISEMPTY( &be->be_nsuffix[ j ] ) ) {
225 if ( BER_BVISNULL( &be->be_nsuffix[ j ] ) ) {
226 Debug( LDAP_DEBUG_ANY,
227 "%s: line %d: missing <naming context> "
228 " in \"uri <protocol>://<server>[:port]/<naming context>\" line\n",
235 * copies and stores uri and suffix
237 ber_str2bv( ludp->lud_dn, 0, 0, &dn );
238 rc = dnPrettyNormal( NULL, &dn, &mt->mt_psuffix,
239 &mt->mt_nsuffix, NULL );
240 if( rc != LDAP_SUCCESS ) {
241 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
242 "target \"%s\" DN is invalid\n",
243 fname, lineno, argv[ 1 ] );
247 ludp->lud_dn[ 0 ] = '\0';
249 switch ( ludp->lud_scope ) {
250 case LDAP_SCOPE_DEFAULT:
251 mt->mt_scope = LDAP_SCOPE_SUBTREE;
254 case LDAP_SCOPE_SUBTREE:
255 case LDAP_SCOPE_SUBORDINATE:
256 mt->mt_scope = ludp->lud_scope;
260 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
261 "invalid scope for target \"%s\"\n",
262 fname, lineno, argv[ 1 ] );
266 /* check all, to apply the scope check on the first one */
267 for ( tmpludp = ludp; tmpludp; tmpludp = tmpludp->lud_next ) {
268 if ( tmpludp->lud_dn != NULL && tmpludp->lud_dn[ 0 ] != '\0' ) {
269 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
270 "multiple URIs must have "
278 mt->mt_uri = ldap_url_list2urls( ludp );
279 ldap_free_urllist( ludp );
280 if ( mt->mt_uri == NULL) {
281 Debug( LDAP_DEBUG_ANY, "%s: line %d: no memory?\n",
287 * uri MUST be a branch of suffix!
289 #if 0 /* too strict a constraint */
290 if ( select_backend( &mt->mt_nsuffix, 0, 0 ) != be ) {
291 Debug( LDAP_DEBUG_ANY,
292 "%s: line %d: <naming context> of URI does not refer to current backend"
293 " in \"uri <protocol>://<server>[:port]/<naming context>\" line\n",
299 * uri MUST be a branch of a suffix!
301 if ( select_backend( &mt->mt_nsuffix, 0, 0 ) == NULL ) {
302 Debug( LDAP_DEBUG_ANY,
303 "%s: line %d: <naming context> of URI does not resolve to a backend"
304 " in \"uri <protocol>://<server>[:port]/<naming context>\" line\n",
310 /* subtree-exclude */
311 } else if ( strcasecmp( argv[ 0 ], "subtree-exclude" ) == 0 ) {
312 int i = mi->mi_ntargets - 1;
313 struct berval dn, ndn;
316 Debug( LDAP_DEBUG_ANY,
317 "%s: line %d: need \"uri\" directive first\n",
324 Debug( LDAP_DEBUG_ANY,
325 "%s: line %d: missing DN in \"subtree-exclude <DN>\" line\n",
333 Debug( LDAP_DEBUG_ANY,
334 "%s: line %d: too many args in \"subtree-exclude <DN>\" line\n",
339 ber_str2bv( argv[ 1 ], 0, 0, &dn );
340 if ( dnNormalize( 0, NULL, NULL, &dn, &ndn, NULL )
343 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
344 "subtree-exclude DN=\"%s\" is invalid\n",
345 fname, lineno, argv[ 1 ] );
349 if ( !dnIsSuffix( &ndn, &mi->mi_targets[ i ]->mt_nsuffix ) ) {
350 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
351 "subtree-exclude DN=\"%s\" "
352 "must be subtree of target\n",
353 fname, lineno, argv[ 1 ] );
354 ber_memfree( ndn.bv_val );
358 if ( mi->mi_targets[ i ]->mt_subtree_exclude != NULL ) {
361 for ( j = 0; !BER_BVISNULL( &mi->mi_targets[ i ]->mt_subtree_exclude[ j ] ); j++ )
363 if ( dnIsSuffix( &mi->mi_targets[ i ]->mt_subtree_exclude[ j ], &ndn ) ) {
364 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
365 "subtree-exclude DN=\"%s\" "
366 "is suffix of another subtree-exclude\n",
367 fname, lineno, argv[ 1 ] );
368 /* reject, because it might be superior
369 * to more than one subtree-exclude */
370 ber_memfree( ndn.bv_val );
373 } else if ( dnIsSuffix( &ndn, &mi->mi_targets[ i ]->mt_subtree_exclude[ j ] ) ) {
374 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
375 "another subtree-exclude is suffix of "
376 "subtree-exclude DN=\"%s\"\n",
377 fname, lineno, argv[ 1 ] );
378 ber_memfree( ndn.bv_val );
384 ber_bvarray_add( &mi->mi_targets[ i ]->mt_subtree_exclude, &ndn );
386 /* default target directive */
387 } else if ( strcasecmp( argv[ 0 ], "default-target" ) == 0 ) {
388 int i = mi->mi_ntargets - 1;
392 Debug( LDAP_DEBUG_ANY,
393 "%s: line %d: \"default-target\" alone need be"
394 " inside a \"uri\" directive\n",
398 mi->mi_defaulttarget = i;
401 if ( strcasecmp( argv[ 1 ], "none" ) == 0 ) {
403 Debug( LDAP_DEBUG_ANY,
404 "%s: line %d: \"default-target none\""
405 " should go before uri definitions\n",
408 mi->mi_defaulttarget = META_DEFAULT_TARGET_NONE;
412 if ( lutil_atoi( &mi->mi_defaulttarget, argv[ 1 ] ) != 0
413 || mi->mi_defaulttarget < 0
414 || mi->mi_defaulttarget >= i - 1 )
416 Debug( LDAP_DEBUG_ANY,
417 "%s: line %d: illegal target number %d\n",
418 fname, lineno, mi->mi_defaulttarget );
424 /* ttl of dn cache */
425 } else if ( strcasecmp( argv[ 0 ], "dncache-ttl" ) == 0 ) {
427 Debug( LDAP_DEBUG_ANY,
428 "%s: line %d: missing ttl in \"dncache-ttl <ttl>\" line\n",
433 if ( strcasecmp( argv[ 1 ], "forever" ) == 0 ) {
434 mi->mi_cache.ttl = META_DNCACHE_FOREVER;
436 } else if ( strcasecmp( argv[ 1 ], "disabled" ) == 0 ) {
437 mi->mi_cache.ttl = META_DNCACHE_DISABLED;
442 if ( lutil_parse_time( argv[ 1 ], &t ) != 0 ) {
443 Debug( LDAP_DEBUG_ANY,
444 "%s: line %d: unable to parse ttl \"%s\" in \"dncache-ttl <ttl>\" line\n",
445 fname, lineno, argv[ 1 ] );
448 mi->mi_cache.ttl = (time_t)t;
451 /* network timeout when connecting to ldap servers */
452 } else if ( strcasecmp( argv[ 0 ], "network-timeout" ) == 0 ) {
454 time_t *tp = mi->mi_ntargets ?
455 &mi->mi_targets[ mi->mi_ntargets - 1 ]->mt_network_timeout
456 : &mi->mi_network_timeout;
459 Debug( LDAP_DEBUG_ANY,
460 "%s: line %d: missing network timeout in \"network-timeout <seconds>\" line\n",
465 if ( lutil_parse_time( argv[ 1 ], &t ) ) {
466 Debug( LDAP_DEBUG_ANY,
467 "%s: line %d: unable to parse timeout \"%s\" in \"network-timeout <seconds>\" line\n",
468 fname, lineno, argv[ 1 ] );
475 /* idle timeout when connecting to ldap servers */
476 } else if ( strcasecmp( argv[ 0 ], "idle-timeout" ) == 0 ) {
481 Debug( LDAP_DEBUG_ANY,
482 "%s: line %d: missing timeout value in \"idle-timeout <seconds>\" line\n",
488 Debug( LDAP_DEBUG_ANY,
489 "%s: line %d: extra cruft after timeout value in \"idle-timeout <seconds>\" line\n",
494 if ( lutil_parse_time( argv[ 1 ], &t ) ) {
495 Debug( LDAP_DEBUG_ANY,
496 "%s: line %d: unable to parse timeout \"%s\" in \"idle-timeout <seconds>\" line\n",
497 fname, lineno, argv[ 1 ] );
502 mi->mi_idle_timeout = (time_t)t;
505 } else if ( strcasecmp( argv[ 0 ], "conn-ttl" ) == 0 ) {
510 Debug( LDAP_DEBUG_ANY,
511 "%s: line %d: missing ttl value in \"conn-ttl <seconds>\" line\n",
517 Debug( LDAP_DEBUG_ANY,
518 "%s: line %d: extra cruft after ttl value in \"conn-ttl <seconds>\" line\n",
523 if ( lutil_parse_time( argv[ 1 ], &t ) ) {
524 Debug( LDAP_DEBUG_ANY,
525 "%s: line %d: unable to parse ttl \"%s\" in \"conn-ttl <seconds>\" line\n",
526 fname, lineno, argv[ 1 ] );
531 mi->mi_conn_ttl = (time_t)t;
533 /* bind timeout when connecting to ldap servers */
534 } else if ( strcasecmp( argv[ 0 ], "bind-timeout" ) == 0 ) {
536 struct timeval *tp = mi->mi_ntargets ?
537 &mi->mi_targets[ mi->mi_ntargets - 1 ]->mt_bind_timeout
538 : &mi->mi_bind_timeout;
542 Debug( LDAP_DEBUG_ANY,
543 "%s: line %d: missing timeout value in \"bind-timeout <microseconds>\" line\n",
549 Debug( LDAP_DEBUG_ANY,
550 "%s: line %d: extra cruft after timeout value in \"bind-timeout <microseconds>\" line\n",
555 if ( lutil_atoul( &t, argv[ 1 ] ) != 0 ) {
556 Debug( LDAP_DEBUG_ANY,
557 "%s: line %d: unable to parse timeout \"%s\" in \"bind-timeout <microseconds>\" line\n",
558 fname, lineno, argv[ 1 ] );
563 tp->tv_sec = t/1000000;
564 tp->tv_usec = t%1000000;
566 /* name to use for meta_back_group */
567 } else if ( strcasecmp( argv[ 0 ], "acl-authcDN" ) == 0
568 || strcasecmp( argv[ 0 ], "binddn" ) == 0 )
570 int i = mi->mi_ntargets - 1;
574 Debug( LDAP_DEBUG_ANY,
575 "%s: line %d: need \"uri\" directive first\n",
581 Debug( LDAP_DEBUG_ANY,
582 "%s: line %d: missing name in \"binddn <name>\" line\n",
587 if ( strcasecmp( argv[ 0 ], "binddn" ) == 0 ) {
588 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
589 "\"binddn\" statement is deprecated; "
590 "use \"acl-authcDN\" instead\n",
592 /* FIXME: some day we'll need to throw an error */
595 ber_str2bv( argv[ 1 ], 0, 0, &dn );
596 if ( dnNormalize( 0, NULL, NULL, &dn, &mi->mi_targets[ i ]->mt_binddn,
597 NULL ) != LDAP_SUCCESS )
599 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
600 "bind DN '%s' is invalid\n",
601 fname, lineno, argv[ 1 ] );
605 /* password to use for meta_back_group */
606 } else if ( strcasecmp( argv[ 0 ], "acl-passwd" ) == 0
607 || strcasecmp( argv[ 0 ], "bindpw" ) == 0 )
609 int i = mi->mi_ntargets - 1;
612 Debug( LDAP_DEBUG_ANY,
613 "%s: line %d: need \"uri\" directive first\n",
619 Debug( LDAP_DEBUG_ANY,
620 "%s: line %d: missing password in \"bindpw <password>\" line\n",
625 if ( strcasecmp( argv[ 0 ], "bindpw" ) == 0 ) {
626 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
627 "\"bindpw\" statement is deprecated; "
628 "use \"acl-passwd\" instead\n",
630 /* FIXME: some day we'll need to throw an error */
633 ber_str2bv( argv[ 1 ], 0L, 1, &mi->mi_targets[ i ]->mt_bindpw );
635 /* save bind creds for referral rebinds? */
636 } else if ( strcasecmp( argv[ 0 ], "rebind-as-user" ) == 0 ) {
638 Debug( LDAP_DEBUG_ANY,
639 "%s: line %d: \"rebind-as-user {NO|yes}\" takes 1 argument.\n",
645 Debug( LDAP_DEBUG_ANY,
646 "%s: line %d: deprecated use of \"rebind-as-user {FALSE|true}\" with no arguments.\n",
648 mi->mi_flags |= LDAP_BACK_F_SAVECRED;
651 switch ( check_true_false( argv[ 1 ] ) ) {
653 mi->mi_flags &= ~LDAP_BACK_F_SAVECRED;
657 mi->mi_flags |= LDAP_BACK_F_SAVECRED;
661 Debug( LDAP_DEBUG_ANY,
662 "%s: line %d: \"rebind-as-user {FALSE|true}\" unknown argument \"%s\".\n",
663 fname, lineno, argv[ 1 ] );
668 } else if ( strcasecmp( argv[ 0 ], "chase-referrals" ) == 0 ) {
669 unsigned *flagsp = mi->mi_ntargets ?
670 &mi->mi_targets[ mi->mi_ntargets - 1 ]->mt_flags
674 Debug( LDAP_DEBUG_ANY,
675 "%s: line %d: \"chase-referrals {TRUE|false}\" needs 1 argument.\n",
680 /* this is the default; we add it because the default might change... */
681 switch ( check_true_false( argv[ 1 ] ) ) {
683 *flagsp |= LDAP_BACK_F_CHASE_REFERRALS;
687 *flagsp &= ~LDAP_BACK_F_CHASE_REFERRALS;
691 Debug( LDAP_DEBUG_ANY,
692 "%s: line %d: \"chase-referrals {TRUE|false}\": unknown argument \"%s\".\n",
693 fname, lineno, argv[ 1 ] );
697 } else if ( strcasecmp( argv[ 0 ], "tls" ) == 0 ) {
698 unsigned *flagsp = mi->mi_ntargets ?
699 &mi->mi_targets[ mi->mi_ntargets - 1 ]->mt_flags
703 Debug( LDAP_DEBUG_ANY,
704 "%s: line %d: \"tls <what>\" needs 1 argument.\n",
710 if ( strcasecmp( argv[ 1 ], "start" ) == 0 ) {
711 *flagsp |= ( LDAP_BACK_F_USE_TLS | LDAP_BACK_F_TLS_CRITICAL );
714 } else if ( strcasecmp( argv[ 1 ], "try-start" ) == 0 ) {
715 *flagsp &= ~LDAP_BACK_F_TLS_CRITICAL;
716 *flagsp |= LDAP_BACK_F_USE_TLS;
718 /* propagate start tls */
719 } else if ( strcasecmp( argv[ 1 ], "propagate" ) == 0 ) {
720 *flagsp |= ( LDAP_BACK_F_PROPAGATE_TLS | LDAP_BACK_F_TLS_CRITICAL );
723 } else if ( strcasecmp( argv[ 1 ], "try-propagate" ) == 0 ) {
724 *flagsp &= ~LDAP_BACK_F_TLS_CRITICAL;
725 *flagsp |= LDAP_BACK_F_PROPAGATE_TLS;
728 Debug( LDAP_DEBUG_ANY,
729 "%s: line %d: \"tls <what>\": unknown argument \"%s\".\n",
730 fname, lineno, argv[ 1 ] );
734 } else if ( strcasecmp( argv[ 0 ], "t-f-support" ) == 0 ) {
735 unsigned *flagsp = mi->mi_ntargets ?
736 &mi->mi_targets[ mi->mi_ntargets - 1 ]->mt_flags
740 Debug( LDAP_DEBUG_ANY,
741 "%s: line %d: \"t-f-support {FALSE|true|discover}\" needs 1 argument.\n",
746 switch ( check_true_false( argv[ 1 ] ) ) {
748 *flagsp &= ~LDAP_BACK_F_T_F_MASK2;
752 *flagsp |= LDAP_BACK_F_T_F;
756 if ( strcasecmp( argv[ 1 ], "discover" ) == 0 ) {
757 *flagsp |= LDAP_BACK_F_T_F_DISCOVER;
760 Debug( LDAP_DEBUG_ANY,
761 "%s: line %d: unknown value \"%s\" for \"t-f-support {no|yes|discover}\".\n",
762 fname, lineno, argv[ 1 ] );
769 } else if ( strcasecmp( argv[ 0 ], "onerr" ) == 0 ) {
771 Debug( LDAP_DEBUG_ANY,
772 "%s: line %d: \"onerr {CONTINUE|stop}\" takes 1 argument\n",
777 if ( strcasecmp( argv[ 1 ], "continue" ) == 0 ) {
778 mi->mi_flags &= ~META_BACK_F_ONERR_STOP;
780 } else if ( strcasecmp( argv[ 1 ], "stop" ) == 0 ) {
781 mi->mi_flags |= META_BACK_F_ONERR_STOP;
784 Debug( LDAP_DEBUG_ANY,
785 "%s: line %d: \"onerr {CONTINUE|stop}\": invalid arg \"%s\".\n",
786 fname, lineno, argv[ 1 ] );
791 } else if ( strcasecmp( argv[ 0 ], "pseudoroot-bind-defer" ) == 0
792 || strcasecmp( argv[ 0 ], "root-bind-defer" ) == 0 )
795 Debug( LDAP_DEBUG_ANY,
796 "%s: line %d: \"[pseudo]root-bind-defer {FALSE|true}\" takes 1 argument\n",
801 switch ( check_true_false( argv[ 1 ] ) ) {
803 mi->mi_flags &= ~META_BACK_F_DEFER_ROOTDN_BIND;
807 mi->mi_flags |= META_BACK_F_DEFER_ROOTDN_BIND;
811 Debug( LDAP_DEBUG_ANY,
812 "%s: line %d: \"[pseudo]root-bind-defer {FALSE|true}\": invalid arg \"%s\".\n",
813 fname, lineno, argv[ 1 ] );
818 } else if ( strcasecmp( argv[ 0 ], "single-conn" ) == 0 ) {
820 Debug( LDAP_DEBUG_ANY,
821 "%s: line %d: \"single-conn {FALSE|true}\" takes 1 argument\n",
826 if ( mi->mi_ntargets > 0 ) {
827 Debug( LDAP_DEBUG_ANY,
828 "%s: line %d: \"single-conn\" must appear before target definitions\n",
833 switch ( check_true_false( argv[ 1 ] ) ) {
835 mi->mi_flags &= ~LDAP_BACK_F_SINGLECONN;
839 mi->mi_flags |= LDAP_BACK_F_SINGLECONN;
843 Debug( LDAP_DEBUG_ANY,
844 "%s: line %d: \"single-conn {FALSE|true}\": invalid arg \"%s\".\n",
845 fname, lineno, argv[ 1 ] );
849 } else if ( strcasecmp( argv[ 0 ], "cancel" ) == 0 ) {
851 unsigned *flagsp = mi->mi_ntargets ?
852 &mi->mi_targets[ mi->mi_ntargets - 1 ]->mt_flags
856 Debug( LDAP_DEBUG_ANY,
857 "%s: line %d: \"cancel {abandon|ignore|exop}\" takes 1 argument\n",
862 if ( strcasecmp( argv[ 1 ], "abandon" ) == 0 ) {
863 flag = LDAP_BACK_F_CANCEL_ABANDON;
865 } else if ( strcasecmp( argv[ 1 ], "ignore" ) == 0 ) {
866 flag = LDAP_BACK_F_CANCEL_IGNORE;
868 } else if ( strcasecmp( argv[ 1 ], "exop" ) == 0 ) {
869 flag = LDAP_BACK_F_CANCEL_EXOP;
871 } else if ( strcasecmp( argv[ 1 ], "exop-discover" ) == 0 ) {
872 flag = LDAP_BACK_F_CANCEL_EXOP_DISCOVER;
875 Debug( LDAP_DEBUG_ANY,
876 "%s: line %d: \"cancel {abandon|ignore|exop[-discover]}\": unknown mode \"%s\" \n",
877 fname, lineno, argv[ 1 ] );
881 *flagsp &= ~LDAP_BACK_F_CANCEL_MASK2;
884 } else if ( strcasecmp( argv[ 0 ], "timeout" ) == 0 ) {
886 time_t *tv = mi->mi_ntargets ?
887 mi->mi_targets[ mi->mi_ntargets - 1 ]->mt_timeout
892 Debug( LDAP_DEBUG_ANY,
893 "%s: line %d: \"timeout [{add|bind|delete|modify|modrdn}=]<val> [...]\" takes at least 1 argument\n",
898 for ( c = 1; c < argc; c++ ) {
902 sep = strchr( argv[ c ], '=' );
904 size_t len = sep - argv[ c ];
906 if ( strncasecmp( argv[ c ], "bind", len ) == 0 ) {
907 t = &tv[ SLAP_OP_BIND ];
908 /* unbind makes little sense */
909 } else if ( strncasecmp( argv[ c ], "add", len ) == 0 ) {
910 t = &tv[ SLAP_OP_ADD ];
911 } else if ( strncasecmp( argv[ c ], "delete", len ) == 0 ) {
912 t = &tv[ SLAP_OP_DELETE ];
913 } else if ( strncasecmp( argv[ c ], "modrdn", len ) == 0 ) {
914 t = &tv[ SLAP_OP_MODRDN ];
915 } else if ( strncasecmp( argv[ c ], "modify", len ) == 0 ) {
916 t = &tv[ SLAP_OP_MODIFY ];
917 } else if ( strncasecmp( argv[ c ], "compare", len ) == 0 ) {
918 t = &tv[ SLAP_OP_COMPARE ];
919 #if 0 /* uses timelimit instead */
920 } else if ( strncasecmp( argv[ c ], "search", len ) == 0 ) {
921 t = &tv[ SLAP_OP_SEARCH ];
923 /* abandon makes little sense */
924 #if 0 /* not implemented yet */
925 } else if ( strncasecmp( argv[ c ], "extended", len ) == 0 ) {
926 t = &tv[ SLAP_OP_EXTENDED ];
929 char buf[ SLAP_TEXT_BUFLEN ];
930 snprintf( buf, sizeof( buf ),
931 "unknown/unhandled operation \"%s\" for timeout #%d",
933 Debug( LDAP_DEBUG_ANY,
934 "%s: line %d: %s.\n",
935 fname, lineno, buf );
944 if ( lutil_parse_time( sep, &val ) != 0 ) {
945 Debug( LDAP_DEBUG_ANY,
946 "%s: line %d: unable to parse value \"%s\" for timeout.\n",
947 fname, lineno, sep );
957 for ( i = 0; i < SLAP_OP_LAST; i++ ) {
958 tv[ i ] = (time_t)val;
963 /* name to use as pseudo-root dn */
964 } else if ( strcasecmp( argv[ 0 ], "pseudorootdn" ) == 0 ) {
965 int i = mi->mi_ntargets - 1;
968 Debug( LDAP_DEBUG_ANY,
969 "%s: line %d: need \"uri\" directive first\n",
975 Debug( LDAP_DEBUG_ANY,
976 "%s: line %d: missing name in \"pseudorootdn <name>\" line\n",
985 idassert-bind bindmethod=simple
986 binddn=<pseudorootdn>
987 credentials=<pseudorootpw>
989 flags=non-prescriptive
990 idassert-authzFrom "dn:<rootdn>"
992 * so that only when authc'd as <rootdn> the proxying occurs
993 * rebinding as the <pseudorootdn> without proxyAuthz.
996 Debug( LDAP_DEBUG_ANY,
997 "%s: line %d: \"pseudorootdn\", \"pseudorootpw\" are no longer supported; "
998 "use \"idassert-bind\" and \"idassert-authzFrom\" instead.\n",
1002 char binddn[ SLAP_TEXT_BUFLEN ];
1005 "bindmethod=simple",
1008 "flags=non-prescriptive",
1014 if ( BER_BVISNULL( &be->be_rootndn ) ) {
1015 Debug( LDAP_DEBUG_ANY, "%s: line %d: \"pseudorootpw\": \"rootdn\" must be defined first.\n",
1020 if ( snprintf( binddn, sizeof( binddn ), "binddn=%s", argv[ 1 ] ) >= sizeof( binddn ) ) {
1021 Debug( LDAP_DEBUG_ANY, "%s: line %d: \"pseudorootdn\" too long.\n",
1025 cargv[ 2 ] = binddn;
1027 rc = slap_idassert_parse_cf( fname, lineno, cargc, cargv, &mi->mi_targets[ mi->mi_ntargets - 1 ]->mt_idassert );
1031 if ( mi->mi_targets[ mi->mi_ntargets - 1 ]->mt_idassert_authz != NULL ) {
1032 Debug( LDAP_DEBUG_ANY, "%s: line %d: \"idassert-authzFrom\" already defined (discarded).\n",
1034 ber_bvarray_free( mi->mi_targets[ mi->mi_ntargets - 1 ]->mt_idassert_authz );
1035 mi->mi_targets[ mi->mi_ntargets - 1 ]->mt_idassert_authz = NULL;
1038 assert( !BER_BVISNULL( &mi->mi_targets[ mi->mi_ntargets - 1 ]->mt_idassert_authcDN ) );
1040 bv.bv_len = STRLENOF( "dn:" ) + be->be_rootndn.bv_len;
1041 bv.bv_val = ber_memalloc( bv.bv_len + 1 );
1042 AC_MEMCPY( bv.bv_val, "dn:", STRLENOF( "dn:" ) );
1043 AC_MEMCPY( &bv.bv_val[ STRLENOF( "dn:" ) ], be->be_rootndn.bv_val, be->be_rootndn.bv_len + 1 );
1045 ber_bvarray_add( &mi->mi_targets[ mi->mi_ntargets - 1 ]->mt_idassert_authz, &bv );
1051 /* password to use as pseudo-root */
1052 } else if ( strcasecmp( argv[ 0 ], "pseudorootpw" ) == 0 ) {
1053 int i = mi->mi_ntargets - 1;
1056 Debug( LDAP_DEBUG_ANY,
1057 "%s: line %d: need \"uri\" directive first\n",
1063 Debug( LDAP_DEBUG_ANY,
1064 "%s: line %d: missing password in \"pseudorootpw <password>\" line\n",
1069 Debug( LDAP_DEBUG_ANY,
1070 "%s: line %d: \"pseudorootdn\", \"pseudorootpw\" are no longer supported; "
1071 "use \"idassert-bind\" and \"idassert-authzFrom\" instead.\n",
1074 if ( BER_BVISNULL( &mi->mi_targets[ i ]->mt_idassert_authcDN ) ) {
1075 Debug( LDAP_DEBUG_ANY, "%s: line %d: \"pseudorootpw\": \"pseudorootdn\" must be defined first.\n",
1080 if ( !BER_BVISNULL( &mi->mi_targets[ i ]->mt_idassert_passwd ) ) {
1081 memset( mi->mi_targets[ i ]->mt_idassert_passwd.bv_val, 0,
1082 mi->mi_targets[ i ]->mt_idassert_passwd.bv_len );
1083 ber_memfree( mi->mi_targets[ i ]->mt_idassert_passwd.bv_val );
1085 ber_str2bv( argv[ 1 ], 0, 1, &mi->mi_targets[ i ]->mt_idassert_passwd );
1088 } else if ( strcasecmp( argv[ 0 ], "idassert-bind" ) == 0 ) {
1089 if ( mi->mi_ntargets == 0 ) {
1090 Debug( LDAP_DEBUG_ANY,
1091 "%s: line %d: \"idassert-bind\" "
1092 "must appear inside a target specification.\n",
1097 return slap_idassert_parse_cf( fname, lineno, argc, argv, &mi->mi_targets[ mi->mi_ntargets - 1 ]->mt_idassert );
1099 /* idassert-authzFrom */
1100 } else if ( strcasecmp( argv[ 0 ], "idassert-authzFrom" ) == 0 ) {
1101 if ( mi->mi_ntargets == 0 ) {
1102 Debug( LDAP_DEBUG_ANY,
1103 "%s: line %d: \"idassert-bind\" "
1104 "must appear inside a target specification.\n",
1114 Debug( LDAP_DEBUG_ANY,
1115 "%s: line %d: missing <id> in \"idassert-authzFrom <id>\".\n",
1120 Debug( LDAP_DEBUG_ANY,
1121 "%s: line %d: extra cruft after <id> in \"idassert-authzFrom <id>\".\n",
1126 return slap_idassert_authzfrom_parse_cf( fname, lineno, argv[ 1 ], &mi->mi_targets[ mi->mi_ntargets - 1 ]->mt_idassert );
1129 } else if ( strcasecmp( argv[ 0 ], "quarantine" ) == 0 ) {
1130 char buf[ SLAP_TEXT_BUFLEN ] = { '\0' };
1131 slap_retry_info_t *ri = mi->mi_ntargets ?
1132 &mi->mi_targets[ mi->mi_ntargets - 1 ]->mt_quarantine
1133 : &mi->mi_quarantine;
1135 if ( ( mi->mi_ntargets == 0 && META_BACK_QUARANTINE( mi ) )
1136 || ( mi->mi_ntargets > 0 && META_BACK_TGT_QUARANTINE( mi->mi_targets[ mi->mi_ntargets - 1 ] ) ) )
1138 Debug( LDAP_DEBUG_ANY,
1139 "%s: line %d: quarantine already defined.\n",
1149 Debug( LDAP_DEBUG_ANY,
1150 "%s: line %d: missing arg in \"quarantine <pattern list>\".\n",
1155 Debug( LDAP_DEBUG_ANY,
1156 "%s: line %d: extra cruft after \"quarantine <pattern list>\".\n",
1161 if ( ri != &mi->mi_quarantine ) {
1162 ri->ri_interval = NULL;
1166 if ( mi->mi_ntargets > 0 && !META_BACK_QUARANTINE( mi ) ) {
1167 ldap_pvt_thread_mutex_init( &mi->mi_targets[ mi->mi_ntargets - 1 ]->mt_quarantine_mutex );
1170 if ( slap_retry_info_parse( argv[ 1 ], ri, buf, sizeof( buf ) ) ) {
1171 Debug( LDAP_DEBUG_ANY,
1172 "%s line %d: %s.\n",
1173 fname, lineno, buf );
1178 } else if ( strcasecmp( argv[ 0 ], "suffixmassage" ) == 0 ) {
1180 int i = mi->mi_ntargets - 1, rc;
1181 struct berval dn, nvnc, pvnc, nrnc, prnc;
1184 Debug( LDAP_DEBUG_ANY,
1185 "%s: line %d: need \"uri\" directive first\n",
1193 * suffixmassage <suffix> <massaged suffix>
1195 * the <suffix> field must be defined as a valid suffix
1196 * (or suffixAlias?) for the current database;
1197 * the <massaged suffix> shouldn't have already been
1198 * defined as a valid suffix or suffixAlias for the
1202 Debug( LDAP_DEBUG_ANY,
1203 "%s: line %d: syntax is \"suffixMassage <suffix> <massaged suffix>\"\n",
1208 ber_str2bv( argv[ 1 ], 0, 0, &dn );
1209 if ( dnPrettyNormal( NULL, &dn, &pvnc, &nvnc, NULL ) != LDAP_SUCCESS ) {
1210 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
1211 "suffix '%s' is invalid\n",
1212 fname, lineno, argv[ 1 ] );
1216 tmp_be = select_backend( &nvnc, 0, 0 );
1217 if ( tmp_be != NULL && tmp_be != be ) {
1218 Debug( LDAP_DEBUG_ANY,
1219 "%s: line %d: suffix already in use by another backend in"
1220 " \"suffixMassage <suffix> <massaged suffix>\"\n",
1222 free( pvnc.bv_val );
1223 free( nvnc.bv_val );
1227 ber_str2bv( argv[ 2 ], 0, 0, &dn );
1228 if ( dnPrettyNormal( NULL, &dn, &prnc, &nrnc, NULL ) != LDAP_SUCCESS ) {
1229 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
1230 "massaged suffix '%s' is invalid\n",
1231 fname, lineno, argv[ 2 ] );
1232 free( pvnc.bv_val );
1233 free( nvnc.bv_val );
1238 tmp_be = select_backend( &nrnc, 0, 0 );
1239 if ( tmp_be != NULL ) {
1240 Debug( LDAP_DEBUG_ANY,
1241 "%s: line %d: massaged suffix already in use by another backend in"
1242 " \"suffixMassage <suffix> <massaged suffix>\"\n",
1244 free( pvnc.bv_val );
1245 free( nvnc.bv_val );
1246 free( prnc.bv_val );
1247 free( nrnc.bv_val );
1253 * The suffix massaging is emulated by means of the
1254 * rewrite capabilities
1255 * FIXME: no extra rewrite capabilities should be added
1258 rc = suffix_massage_config( mi->mi_targets[ i ]->mt_rwmap.rwm_rw,
1259 &pvnc, &nvnc, &prnc, &nrnc );
1261 free( pvnc.bv_val );
1262 free( nvnc.bv_val );
1263 free( prnc.bv_val );
1264 free( nrnc.bv_val );
1268 /* rewrite stuff ... */
1269 } else if ( strncasecmp( argv[ 0 ], "rewrite", 7 ) == 0 ) {
1270 int i = mi->mi_ntargets - 1;
1273 Debug( LDAP_DEBUG_ANY, "%s: line %d: \"rewrite\" "
1274 "statement outside target definition.\n",
1279 return rewrite_parse( mi->mi_targets[ i ]->mt_rwmap.rwm_rw,
1280 fname, lineno, argc, argv );
1282 /* objectclass/attribute mapping */
1283 } else if ( strcasecmp( argv[ 0 ], "map" ) == 0 ) {
1284 int i = mi->mi_ntargets - 1;
1287 Debug( LDAP_DEBUG_ANY,
1288 "%s: line %d: need \"uri\" directive first\n",
1293 return ldap_back_map_config( &mi->mi_targets[ i ]->mt_rwmap.rwm_oc,
1294 &mi->mi_targets[ i ]->mt_rwmap.rwm_at,
1295 fname, lineno, argc, argv );
1297 } else if ( strcasecmp( argv[ 0 ], "nretries" ) == 0 ) {
1298 int i = mi->mi_ntargets - 1;
1299 int nretries = META_RETRY_UNDEFINED;
1302 Debug( LDAP_DEBUG_ANY,
1303 "%s: line %d: need value in \"nretries <value>\"\n",
1308 if ( strcasecmp( argv[ 1 ], "forever" ) == 0 ) {
1309 nretries = META_RETRY_FOREVER;
1311 } else if ( strcasecmp( argv[ 1 ], "never" ) == 0 ) {
1312 nretries = META_RETRY_NEVER;
1315 if ( lutil_atoi( &nretries, argv[ 1 ] ) != 0 ) {
1316 Debug( LDAP_DEBUG_ANY,
1317 "%s: line %d: unable to parse value \"%s\" in \"nretries <value>\"\n",
1318 fname, lineno, argv[ 1 ] );
1324 mi->mi_nretries = nretries;
1327 mi->mi_targets[ i ]->mt_nretries = nretries;
1330 } else if ( strcasecmp( argv[ 0 ], "protocol-version" ) == 0 ) {
1331 int *version = mi->mi_ntargets ?
1332 &mi->mi_targets[ mi->mi_ntargets - 1 ]->mt_version
1336 Debug( LDAP_DEBUG_ANY,
1337 "%s: line %d: need value in \"protocol-version <version>\"\n",
1342 if ( lutil_atoi( version, argv[ 1 ] ) != 0 ) {
1343 Debug( LDAP_DEBUG_ANY,
1344 "%s: line %d: unable to parse version \"%s\" in \"protocol-version <version>\"\n",
1345 fname, lineno, argv[ 1 ] );
1349 if ( *version != 0 && ( *version < LDAP_VERSION_MIN || *version > LDAP_VERSION_MAX ) ) {
1350 Debug( LDAP_DEBUG_ANY,
1351 "%s: line %d: unsupported version \"%s\" in \"protocol-version <version>\"\n",
1352 fname, lineno, argv[ 1 ] );
1358 return SLAP_CONF_UNKNOWN;
1364 ldap_back_map_config(
1365 struct ldapmap *oc_map,
1366 struct ldapmap *at_map,
1372 struct ldapmap *map;
1373 struct ldapmapping *mapping;
1377 if ( argc < 3 || argc > 4 ) {
1378 Debug( LDAP_DEBUG_ANY,
1379 "%s: line %d: syntax is \"map {objectclass | attribute} [<local> | *] {<foreign> | *}\"\n",
1384 if ( strcasecmp( argv[ 1 ], "objectclass" ) == 0 ) {
1388 } else if ( strcasecmp( argv[ 1 ], "attribute" ) == 0 ) {
1392 Debug( LDAP_DEBUG_ANY, "%s: line %d: syntax is "
1393 "\"map {objectclass | attribute} [<local> | *] "
1394 "{<foreign> | *}\"\n",
1399 if ( strcmp( argv[ 2 ], "*" ) == 0 ) {
1400 if ( argc < 4 || strcmp( argv[ 3 ], "*" ) == 0 ) {
1401 map->drop_missing = ( argc < 4 );
1404 src = dst = argv[ 3 ];
1406 } else if ( argc < 4 ) {
1412 dst = ( strcmp( argv[ 3 ], "*" ) == 0 ? src : argv[ 3 ] );
1415 if ( ( map == at_map )
1416 && ( strcasecmp( src, "objectclass" ) == 0
1417 || strcasecmp( dst, "objectclass" ) == 0 ) )
1419 Debug( LDAP_DEBUG_ANY,
1420 "%s: line %d: objectclass attribute cannot be mapped\n",
1424 mapping = (struct ldapmapping *)ch_calloc( 2,
1425 sizeof(struct ldapmapping) );
1426 if ( mapping == NULL ) {
1427 Debug( LDAP_DEBUG_ANY,
1428 "%s: line %d: out of memory\n",
1432 ber_str2bv( src, 0, 1, &mapping[ 0 ].src );
1433 ber_str2bv( dst, 0, 1, &mapping[ 0 ].dst );
1434 mapping[ 1 ].src = mapping[ 0 ].dst;
1435 mapping[ 1 ].dst = mapping[ 0 ].src;
1441 if ( src[ 0 ] != '\0' ) {
1442 if ( oc_bvfind( &mapping[ 0 ].src ) == NULL ) {
1443 Debug( LDAP_DEBUG_ANY,
1444 "%s: line %d: warning, source objectClass '%s' "
1445 "should be defined in schema\n",
1446 fname, lineno, src );
1449 * FIXME: this should become an err
1455 if ( oc_bvfind( &mapping[ 0 ].dst ) == NULL ) {
1456 Debug( LDAP_DEBUG_ANY,
1457 "%s: line %d: warning, destination objectClass '%s' "
1458 "is not defined in schema\n",
1459 fname, lineno, dst );
1463 const char *text = NULL;
1464 AttributeDescription *ad = NULL;
1466 if ( src[ 0 ] != '\0' ) {
1467 rc = slap_bv2ad( &mapping[ 0 ].src, &ad, &text );
1468 if ( rc != LDAP_SUCCESS ) {
1469 Debug( LDAP_DEBUG_ANY,
1470 "%s: line %d: warning, source attributeType '%s' "
1471 "should be defined in schema\n",
1472 fname, lineno, src );
1475 * FIXME: this should become an err
1478 * we create a fake "proxied" ad
1482 rc = slap_bv2undef_ad( &mapping[ 0 ].src,
1483 &ad, &text, SLAP_AD_PROXIED );
1484 if ( rc != LDAP_SUCCESS ) {
1485 char buf[ SLAP_TEXT_BUFLEN ];
1487 snprintf( buf, sizeof( buf ),
1488 "source attributeType \"%s\": %d (%s)",
1489 src, rc, text ? text : "" );
1490 Debug( LDAP_DEBUG_ANY,
1491 "%s: line %d: %s\n",
1492 fname, lineno, buf );
1500 rc = slap_bv2ad( &mapping[ 0 ].dst, &ad, &text );
1501 if ( rc != LDAP_SUCCESS ) {
1502 Debug( LDAP_DEBUG_ANY,
1503 "%s: line %d: warning, destination attributeType '%s' "
1504 "is not defined in schema\n",
1505 fname, lineno, dst );
1508 * we create a fake "proxied" ad
1512 rc = slap_bv2undef_ad( &mapping[ 0 ].dst,
1513 &ad, &text, SLAP_AD_PROXIED );
1514 if ( rc != LDAP_SUCCESS ) {
1515 char buf[ SLAP_TEXT_BUFLEN ];
1517 snprintf( buf, sizeof( buf ),
1518 "source attributeType \"%s\": %d (%s)\n",
1519 dst, rc, text ? text : "" );
1520 Debug( LDAP_DEBUG_ANY,
1521 "%s: line %d: %s\n",
1522 fname, lineno, buf );
1528 if ( (src[ 0 ] != '\0' && avl_find( map->map, (caddr_t)&mapping[ 0 ], mapping_cmp ) != NULL)
1529 || avl_find( map->remap, (caddr_t)&mapping[ 1 ], mapping_cmp ) != NULL)
1531 Debug( LDAP_DEBUG_ANY,
1532 "%s: line %d: duplicate mapping found.\n",
1537 if ( src[ 0 ] != '\0' ) {
1538 avl_insert( &map->map, (caddr_t)&mapping[ 0 ],
1539 mapping_cmp, mapping_dup );
1541 avl_insert( &map->remap, (caddr_t)&mapping[ 1 ],
1542 mapping_cmp, mapping_dup );
1548 ch_free( mapping[ 0 ].src.bv_val );
1549 ch_free( mapping[ 0 ].dst.bv_val );
1557 #ifdef ENABLE_REWRITE
1559 suffix_massage_regexize( const char *s )
1565 if ( s[ 0 ] == '\0' ) {
1566 return ch_strdup( "^(.+)$" );
1570 ( r = strchr( p, ',' ) ) != NULL;
1574 res = ch_calloc( sizeof( char ),
1576 + STRLENOF( "((.+),)?" )
1577 + STRLENOF( "[ ]?" ) * i
1578 + STRLENOF( "$" ) + 1 );
1580 ptr = lutil_strcopy( res, "((.+),)?" );
1582 ( r = strchr( p, ',' ) ) != NULL;
1584 ptr = lutil_strncopy( ptr, p, r - p + 1 );
1585 ptr = lutil_strcopy( ptr, "[ ]?" );
1587 if ( r[ 1 ] == ' ' ) {
1591 ptr = lutil_strcopy( ptr, p );
1600 suffix_massage_patternize( const char *s, const char *p )
1607 if ( s[ 0 ] == '\0' ) {
1611 res = ch_calloc( sizeof( char ), len + STRLENOF( "%1" ) + 1 );
1612 if ( res == NULL ) {
1616 ptr = lutil_strcopy( res, ( p[ 0 ] == '\0' ? "%2" : "%1" ) );
1617 if ( s[ 0 ] == '\0' ) {
1621 lutil_strcopy( ptr, p );
1627 suffix_massage_config(
1628 struct rewrite_info *info,
1629 struct berval *pvnc,
1630 struct berval *nvnc,
1631 struct berval *prnc,
1638 rargv[ 0 ] = "rewriteEngine";
1641 rewrite_parse( info, "<suffix massage>", ++line, 2, rargv );
1643 rargv[ 0 ] = "rewriteContext";
1644 rargv[ 1 ] = "default";
1646 rewrite_parse( info, "<suffix massage>", ++line, 2, rargv );
1648 rargv[ 0 ] = "rewriteRule";
1649 rargv[ 1 ] = suffix_massage_regexize( pvnc->bv_val );
1650 rargv[ 2 ] = suffix_massage_patternize( pvnc->bv_val, prnc->bv_val );
1653 rewrite_parse( info, "<suffix massage>", ++line, 4, rargv );
1654 ch_free( rargv[ 1 ] );
1655 ch_free( rargv[ 2 ] );
1657 if ( BER_BVISEMPTY( pvnc ) ) {
1658 rargv[ 0 ] = "rewriteRule";
1660 rargv[ 2 ] = prnc->bv_val;
1663 rewrite_parse( info, "<suffix massage>", ++line, 4, rargv );
1666 rargv[ 0 ] = "rewriteContext";
1667 rargv[ 1 ] = "searchEntryDN";
1669 rewrite_parse( info, "<suffix massage>", ++line, 2, rargv );
1671 rargv[ 0 ] = "rewriteRule";
1672 rargv[ 1 ] = suffix_massage_regexize( prnc->bv_val );
1673 rargv[ 2 ] = suffix_massage_patternize( prnc->bv_val, pvnc->bv_val );
1676 rewrite_parse( info, "<suffix massage>", ++line, 4, rargv );
1677 ch_free( rargv[ 1 ] );
1678 ch_free( rargv[ 2 ] );
1680 if ( BER_BVISEMPTY( prnc ) ) {
1681 rargv[ 0 ] = "rewriteRule";
1683 rargv[ 2 ] = pvnc->bv_val;
1686 rewrite_parse( info, "<suffix massage>", ++line, 4, rargv );
1689 /* backward compatibility */
1690 rargv[ 0 ] = "rewriteContext";
1691 rargv[ 1 ] = "searchResult";
1692 rargv[ 2 ] = "alias";
1693 rargv[ 3 ] = "searchEntryDN";
1695 rewrite_parse( info, "<suffix massage>", ++line, 4, rargv );
1697 rargv[ 0 ] = "rewriteContext";
1698 rargv[ 1 ] = "matchedDN";
1699 rargv[ 2 ] = "alias";
1700 rargv[ 3 ] = "searchEntryDN";
1702 rewrite_parse( info, "<suffix massage>", ++line, 4, rargv );
1704 rargv[ 0 ] = "rewriteContext";
1705 rargv[ 1 ] = "searchAttrDN";
1706 rargv[ 2 ] = "alias";
1707 rargv[ 3 ] = "searchEntryDN";
1709 rewrite_parse( info, "<suffix massage>", ++line, 4, rargv );
1711 /* NOTE: this corresponds to #undef'ining RWM_REFERRAL_REWRITE;
1712 * see servers/slapd/overlays/rwm.h for details */
1713 rargv[ 0 ] = "rewriteContext";
1714 rargv[ 1 ] = "referralAttrDN";
1716 rewrite_parse( info, "<suffix massage>", ++line, 2, rargv );
1718 rargv[ 0 ] = "rewriteContext";
1719 rargv[ 1 ] = "referralDN";
1721 rewrite_parse( info, "<suffix massage>", ++line, 2, rargv );
1725 #endif /* ENABLE_REWRITE */