2 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
4 * Copyright 1999-2006 The OpenLDAP Foundation.
5 * Portions Copyright 2001-2003 Pierangelo Masarati.
6 * Portions Copyright 1999-2003 Howard Chu.
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted only as authorized by the OpenLDAP
13 * A copy of this license is available in the file LICENSE in the
14 * top-level directory of the distribution or, alternatively, at
15 * <http://www.OpenLDAP.org/license.html>.
18 * This work was initially developed by the Howard Chu for inclusion
19 * in OpenLDAP Software and subsequently enhanced by Pierangelo
27 #include <ac/string.h>
28 #include <ac/socket.h>
32 #include "../back-ldap/back-ldap.h"
33 #undef ldap_debug /* silence a warning in ldap-int.h */
34 #include "../../../libraries/libldap/ldap-int.h"
35 #include "back-meta.h"
41 struct ldapmapping *mapping;
47 mt = ch_calloc( sizeof( metatarget_t ), 1 );
49 mt->mt_rwmap.rwm_rw = rewrite_info_init( REWRITE_MODE_USE_DEFAULT );
50 if ( mt->mt_rwmap.rwm_rw == NULL ) {
57 * the filter rewrite as a string must be disabled
58 * by default; it can be re-enabled by adding rules;
59 * this creates an empty rewriteContext
61 rargv[ 0 ] = "rewriteContext";
62 rargv[ 1 ] = "searchFilter";
64 rewrite_parse( mt->mt_rwmap.rwm_rw, "<suffix massage>", 1, 2, rargv );
66 rargv[ 0 ] = "rewriteContext";
67 rargv[ 1 ] = "default";
69 rewrite_parse( mt->mt_rwmap.rwm_rw, "<suffix massage>", 1, 2, rargv );
71 ldap_back_map_init( &mt->mt_rwmap.rwm_at, &mapping );
73 ldap_pvt_thread_mutex_init( &mt->mt_uri_mutex );
81 check_true_false( char *str )
83 if ( strcasecmp( str, "true" ) == 0 || strcasecmp( str, "yes" ) == 0 ) {
87 if ( strcasecmp( str, "false" ) == 0 || strcasecmp( str, "no" ) == 0 ) {
104 metainfo_t *mi = ( metainfo_t * )be->be_private;
106 assert( mi != NULL );
108 /* URI of server to query */
109 if ( strcasecmp( argv[ 0 ], "uri" ) == 0 ) {
110 int i = mi->mi_ntargets;
113 #endif /* uncomment if uri MUST be a branch of suffix */
114 LDAPURLDesc *ludp, *tmpludp;
123 Debug( LDAP_DEBUG_ANY,
124 "%s: line %d: missing URI "
125 "in \"uri <protocol>://<server>[:port]/<naming context>\" line\n",
133 Debug( LDAP_DEBUG_ANY,
134 "%s: line %d: too many args "
135 "in \"uri <protocol>://<server>[:port]/<naming context>\" line\n",
140 if ( be->be_nsuffix == NULL ) {
141 Debug( LDAP_DEBUG_ANY,
142 "%s: line %d: the suffix must be defined before any target.\n",
149 mi->mi_targets = ( metatarget_t ** )ch_realloc( mi->mi_targets,
150 sizeof( metatarget_t * ) * mi->mi_ntargets );
151 if ( mi->mi_targets == NULL ) {
152 Debug( LDAP_DEBUG_ANY,
153 "%s: line %d: out of memory while storing server name"
154 " in \"uri <protocol>://<server>[:port]/<naming context>\" line\n",
159 if ( meta_back_new_target( &mi->mi_targets[ i ] ) != 0 ) {
160 Debug( LDAP_DEBUG_ANY,
161 "%s: line %d: unable to init server"
162 " in \"uri <protocol>://<server>[:port]/<naming context>\" line\n",
167 mt = mi->mi_targets[ i ];
169 mt->mt_rebind_f = mi->mi_rebind_f;
170 mt->mt_urllist_f = mi->mi_urllist_f;
171 mt->mt_urllist_p = mt;
173 mt->mt_nretries = mi->mi_nretries;
174 mt->mt_quarantine = mi->mi_quarantine;
175 mt->mt_flags = mi->mi_flags;
176 mt->mt_version = mi->mi_version;
177 mt->mt_network_timeout = mi->mi_network_timeout;
178 mt->mt_bind_timeout = mi->mi_bind_timeout;
179 for ( c = 0; c < LDAP_BACK_OP_LAST; c++ ) {
180 mt->mt_timeout[ c ] = mi->mi_timeout[ c ];
186 if ( ldap_url_parselist_ext( &ludp, argv[ 1 ], "\t",
187 LDAP_PVT_URL_PARSE_NONE ) != LDAP_SUCCESS )
189 Debug( LDAP_DEBUG_ANY,
190 "%s: line %d: unable to parse URI"
191 " in \"uri <protocol>://<server>[:port]/<naming context>\" line\n",
197 * uri MUST have the <dn> part!
199 if ( ludp->lud_dn == NULL ) {
200 Debug( LDAP_DEBUG_ANY,
201 "%s: line %d: missing <naming context> "
202 " in \"uri <protocol>://<server>[:port]/<naming context>\" line\n",
206 } else if ( ludp->lud_dn[ 0 ] == '\0' ) {
209 for ( j = 0; !BER_BVISNULL( &be->be_nsuffix[ j ] ); j++ ) {
210 if ( BER_BVISEMPTY( &be->be_nsuffix[ j ] ) ) {
215 if ( BER_BVISNULL( &be->be_nsuffix[ j ] ) ) {
216 Debug( LDAP_DEBUG_ANY,
217 "%s: line %d: missing <naming context> "
218 " in \"uri <protocol>://<server>[:port]/<naming context>\" line\n",
225 * copies and stores uri and suffix
227 ber_str2bv( ludp->lud_dn, 0, 0, &dn );
228 rc = dnPrettyNormal( NULL, &dn, &mt->mt_psuffix,
229 &mt->mt_nsuffix, NULL );
230 if( rc != LDAP_SUCCESS ) {
231 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
232 "target \"%s\" DN is invalid\n",
233 fname, lineno, argv[ 1 ] );
237 ludp->lud_dn[ 0 ] = '\0';
239 switch ( ludp->lud_scope ) {
240 case LDAP_SCOPE_DEFAULT:
241 mt->mt_scope = LDAP_SCOPE_SUBTREE;
244 case LDAP_SCOPE_SUBTREE:
245 case LDAP_SCOPE_SUBORDINATE:
246 mt->mt_scope = ludp->lud_scope;
250 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
251 "invalid scope for target \"%s\"\n",
252 fname, lineno, argv[ 1 ] );
256 /* check all, to apply the scope check on the first one */
257 for ( tmpludp = ludp; tmpludp; tmpludp = tmpludp->lud_next ) {
258 if ( tmpludp->lud_dn != NULL && tmpludp->lud_dn[ 0 ] != '\0' ) {
259 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
260 "multiple URIs must have "
268 mt->mt_uri = ldap_url_list2urls( ludp );
269 ldap_free_urllist( ludp );
270 if ( mt->mt_uri == NULL) {
271 Debug( LDAP_DEBUG_ANY, "%s: line %d: no memory?\n",
277 * uri MUST be a branch of suffix!
279 #if 0 /* too strict a constraint */
280 if ( select_backend( &mt->mt_nsuffix, 0, 0 ) != be ) {
281 Debug( LDAP_DEBUG_ANY,
282 "%s: line %d: <naming context> of URI does not refer to current backend"
283 " in \"uri <protocol>://<server>[:port]/<naming context>\" line\n",
289 * uri MUST be a branch of a suffix!
291 if ( select_backend( &mt->mt_nsuffix, 0, 0 ) == NULL ) {
292 Debug( LDAP_DEBUG_ANY,
293 "%s: line %d: <naming context> of URI does not resolve to a backend"
294 " in \"uri <protocol>://<server>[:port]/<naming context>\" line\n",
300 /* subtree-exclude */
301 } else if ( strcasecmp( argv[ 0 ], "subtree-exclude" ) == 0 ) {
302 int i = mi->mi_ntargets - 1;
303 struct berval dn, ndn;
306 Debug( LDAP_DEBUG_ANY,
307 "%s: line %d: need \"uri\" directive first\n",
314 Debug( LDAP_DEBUG_ANY,
315 "%s: line %d: missing DN in \"subtree-exclude <DN>\" line\n",
323 Debug( LDAP_DEBUG_ANY,
324 "%s: line %d: too many args in \"subtree-exclude <DN>\" line\n",
329 ber_str2bv( argv[ 1 ], 0, 0, &dn );
330 if ( dnNormalize( 0, NULL, NULL, &dn, &ndn, NULL )
333 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
334 "subtree-exclude DN=\"%s\" is invalid\n",
335 fname, lineno, argv[ 1 ] );
339 if ( !dnIsSuffix( &ndn, &mi->mi_targets[ i ]->mt_nsuffix ) ) {
340 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
341 "subtree-exclude DN=\"%s\" "
342 "must be subtree of target\n",
343 fname, lineno, argv[ 1 ] );
344 ber_memfree( ndn.bv_val );
348 if ( mi->mi_targets[ i ]->mt_subtree_exclude != NULL ) {
351 for ( j = 0; !BER_BVISNULL( &mi->mi_targets[ i ]->mt_subtree_exclude[ j ] ); j++ )
353 if ( dnIsSuffix( &mi->mi_targets[ i ]->mt_subtree_exclude[ j ], &ndn ) ) {
354 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
355 "subtree-exclude DN=\"%s\" "
356 "is suffix of another subtree-exclude\n",
357 fname, lineno, argv[ 1 ] );
358 /* reject, because it might be superior
359 * to more than one subtree-exclude */
360 ber_memfree( ndn.bv_val );
363 } else if ( dnIsSuffix( &ndn, &mi->mi_targets[ i ]->mt_subtree_exclude[ j ] ) ) {
364 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
365 "another subtree-exclude is suffix of "
366 "subtree-exclude DN=\"%s\"\n",
367 fname, lineno, argv[ 1 ] );
368 ber_memfree( ndn.bv_val );
374 ber_bvarray_add( &mi->mi_targets[ i ]->mt_subtree_exclude, &ndn );
376 /* default target directive */
377 } else if ( strcasecmp( argv[ 0 ], "default-target" ) == 0 ) {
378 int i = mi->mi_ntargets - 1;
382 Debug( LDAP_DEBUG_ANY,
383 "%s: line %d: \"default-target\" alone need be"
384 " inside a \"uri\" directive\n",
388 mi->mi_defaulttarget = i;
391 if ( strcasecmp( argv[ 1 ], "none" ) == 0 ) {
393 Debug( LDAP_DEBUG_ANY,
394 "%s: line %d: \"default-target none\""
395 " should go before uri definitions\n",
398 mi->mi_defaulttarget = META_DEFAULT_TARGET_NONE;
402 if ( lutil_atoi( &mi->mi_defaulttarget, argv[ 1 ] ) != 0
403 || mi->mi_defaulttarget < 0
404 || mi->mi_defaulttarget >= i - 1 )
406 Debug( LDAP_DEBUG_ANY,
407 "%s: line %d: illegal target number %d\n",
408 fname, lineno, mi->mi_defaulttarget );
414 /* ttl of dn cache */
415 } else if ( strcasecmp( argv[ 0 ], "dncache-ttl" ) == 0 ) {
417 Debug( LDAP_DEBUG_ANY,
418 "%s: line %d: missing ttl in \"dncache-ttl <ttl>\" line\n",
423 if ( strcasecmp( argv[ 1 ], "forever" ) == 0 ) {
424 mi->mi_cache.ttl = META_DNCACHE_FOREVER;
426 } else if ( strcasecmp( argv[ 1 ], "disabled" ) == 0 ) {
427 mi->mi_cache.ttl = META_DNCACHE_DISABLED;
432 if ( lutil_parse_time( argv[ 1 ], &t ) != 0 ) {
433 Debug( LDAP_DEBUG_ANY,
434 "%s: line %d: unable to parse ttl \"%s\" in \"dncache-ttl <ttl>\" line\n",
435 fname, lineno, argv[ 1 ] );
438 mi->mi_cache.ttl = (time_t)t;
441 /* network timeout when connecting to ldap servers */
442 } else if ( strcasecmp( argv[ 0 ], "network-timeout" ) == 0 ) {
444 time_t *tp = mi->mi_ntargets ?
445 &mi->mi_targets[ mi->mi_ntargets - 1 ]->mt_network_timeout
446 : &mi->mi_network_timeout;
449 Debug( LDAP_DEBUG_ANY,
450 "%s: line %d: missing network timeout in \"network-timeout <seconds>\" line\n",
455 if ( lutil_parse_time( argv[ 1 ], &t ) ) {
456 Debug( LDAP_DEBUG_ANY,
457 "%s: line %d: unable to parse timeout \"%s\" in \"network-timeout <seconds>\" line\n",
458 fname, lineno, argv[ 1 ] );
465 /* idle timeout when connecting to ldap servers */
466 } else if ( strcasecmp( argv[ 0 ], "idle-timeout" ) == 0 ) {
471 Debug( LDAP_DEBUG_ANY,
472 "%s: line %d: missing timeout value in \"idle-timeout <seconds>\" line\n",
478 Debug( LDAP_DEBUG_ANY,
479 "%s: line %d: extra cruft after timeout value in \"idle-timeout <seconds>\" line\n",
484 if ( lutil_parse_time( argv[ 1 ], &t ) ) {
485 Debug( LDAP_DEBUG_ANY,
486 "%s: line %d: unable to parse timeout \"%s\" in \"idle-timeout <seconds>\" line\n",
487 fname, lineno, argv[ 1 ] );
492 mi->mi_idle_timeout = (time_t)t;
495 } else if ( strcasecmp( argv[ 0 ], "conn-ttl" ) == 0 ) {
500 Debug( LDAP_DEBUG_ANY,
501 "%s: line %d: missing ttl value in \"conn-ttl <seconds>\" line\n",
507 Debug( LDAP_DEBUG_ANY,
508 "%s: line %d: extra cruft after ttl value in \"conn-ttl <seconds>\" line\n",
513 if ( lutil_parse_time( argv[ 1 ], &t ) ) {
514 Debug( LDAP_DEBUG_ANY,
515 "%s: line %d: unable to parse ttl \"%s\" in \"conn-ttl <seconds>\" line\n",
516 fname, lineno, argv[ 1 ] );
521 mi->mi_conn_ttl = (time_t)t;
523 /* bind timeout when connecting to ldap servers */
524 } else if ( strcasecmp( argv[ 0 ], "bind-timeout" ) == 0 ) {
526 struct timeval *tp = mi->mi_ntargets ?
527 &mi->mi_targets[ mi->mi_ntargets - 1 ]->mt_bind_timeout
528 : &mi->mi_bind_timeout;
532 Debug( LDAP_DEBUG_ANY,
533 "%s: line %d: missing timeout value in \"bind-timeout <microseconds>\" line\n",
539 Debug( LDAP_DEBUG_ANY,
540 "%s: line %d: extra cruft after timeout value in \"bind-timeout <microseconds>\" line\n",
545 if ( lutil_atoul( &t, argv[ 1 ] ) != 0 ) {
546 Debug( LDAP_DEBUG_ANY,
547 "%s: line %d: unable to parse timeout \"%s\" in \"bind-timeout <microseconds>\" line\n",
548 fname, lineno, argv[ 1 ] );
553 tp->tv_sec = t/1000000;
554 tp->tv_usec = t%1000000;
556 /* name to use for meta_back_group */
557 } else if ( strcasecmp( argv[ 0 ], "acl-authcDN" ) == 0
558 || strcasecmp( argv[ 0 ], "binddn" ) == 0 )
560 int i = mi->mi_ntargets - 1;
564 Debug( LDAP_DEBUG_ANY,
565 "%s: line %d: need \"uri\" directive first\n",
571 Debug( LDAP_DEBUG_ANY,
572 "%s: line %d: missing name in \"binddn <name>\" line\n",
577 if ( strcasecmp( argv[ 0 ], "binddn" ) == 0 ) {
578 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
579 "\"binddn\" statement is deprecated; "
580 "use \"acl-authcDN\" instead\n",
582 /* FIXME: some day we'll need to throw an error */
585 ber_str2bv( argv[ 1 ], 0, 0, &dn );
586 if ( dnNormalize( 0, NULL, NULL, &dn, &mi->mi_targets[ i ]->mt_binddn,
587 NULL ) != LDAP_SUCCESS )
589 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
590 "bind DN '%s' is invalid\n",
591 fname, lineno, argv[ 1 ] );
595 /* password to use for meta_back_group */
596 } else if ( strcasecmp( argv[ 0 ], "acl-passwd" ) == 0
597 || strcasecmp( argv[ 0 ], "bindpw" ) == 0 )
599 int i = mi->mi_ntargets - 1;
602 Debug( LDAP_DEBUG_ANY,
603 "%s: line %d: need \"uri\" directive first\n",
609 Debug( LDAP_DEBUG_ANY,
610 "%s: line %d: missing password in \"bindpw <password>\" line\n",
615 if ( strcasecmp( argv[ 0 ], "bindpw" ) == 0 ) {
616 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
617 "\"bindpw\" statement is deprecated; "
618 "use \"acl-passwd\" instead\n",
620 /* FIXME: some day we'll need to throw an error */
623 ber_str2bv( argv[ 1 ], 0L, 1, &mi->mi_targets[ i ]->mt_bindpw );
625 /* save bind creds for referral rebinds? */
626 } else if ( strcasecmp( argv[ 0 ], "rebind-as-user" ) == 0 ) {
628 Debug( LDAP_DEBUG_ANY,
629 "%s: line %d: \"rebind-as-user {NO|yes}\" takes 1 argument.\n",
635 Debug( LDAP_DEBUG_ANY,
636 "%s: line %d: deprecated use of \"rebind-as-user {FALSE|true}\" with no arguments.\n",
638 mi->mi_flags |= LDAP_BACK_F_SAVECRED;
641 switch ( check_true_false( argv[ 1 ] ) ) {
643 mi->mi_flags &= ~LDAP_BACK_F_SAVECRED;
647 mi->mi_flags |= LDAP_BACK_F_SAVECRED;
651 Debug( LDAP_DEBUG_ANY,
652 "%s: line %d: \"rebind-as-user {FALSE|true}\" unknown argument \"%s\".\n",
653 fname, lineno, argv[ 1 ] );
658 } else if ( strcasecmp( argv[ 0 ], "chase-referrals" ) == 0 ) {
659 unsigned *flagsp = mi->mi_ntargets ?
660 &mi->mi_targets[ mi->mi_ntargets - 1 ]->mt_flags
664 Debug( LDAP_DEBUG_ANY,
665 "%s: line %d: \"chase-referrals {TRUE|false}\" needs 1 argument.\n",
670 /* this is the default; we add it because the default might change... */
671 switch ( check_true_false( argv[ 1 ] ) ) {
673 *flagsp |= LDAP_BACK_F_CHASE_REFERRALS;
677 *flagsp &= ~LDAP_BACK_F_CHASE_REFERRALS;
681 Debug( LDAP_DEBUG_ANY,
682 "%s: line %d: \"chase-referrals {TRUE|false}\": unknown argument \"%s\".\n",
683 fname, lineno, argv[ 1 ] );
687 } else if ( strcasecmp( argv[ 0 ], "tls" ) == 0 ) {
688 unsigned *flagsp = mi->mi_ntargets ?
689 &mi->mi_targets[ mi->mi_ntargets - 1 ]->mt_flags
693 Debug( LDAP_DEBUG_ANY,
694 "%s: line %d: \"tls <what>\" needs 1 argument.\n",
700 if ( strcasecmp( argv[ 1 ], "start" ) == 0 ) {
701 *flagsp |= ( LDAP_BACK_F_USE_TLS | LDAP_BACK_F_TLS_CRITICAL );
704 } else if ( strcasecmp( argv[ 1 ], "try-start" ) == 0 ) {
705 *flagsp &= ~LDAP_BACK_F_TLS_CRITICAL;
706 *flagsp |= LDAP_BACK_F_USE_TLS;
708 /* propagate start tls */
709 } else if ( strcasecmp( argv[ 1 ], "propagate" ) == 0 ) {
710 *flagsp |= ( LDAP_BACK_F_PROPAGATE_TLS | LDAP_BACK_F_TLS_CRITICAL );
713 } else if ( strcasecmp( argv[ 1 ], "try-propagate" ) == 0 ) {
714 *flagsp &= ~LDAP_BACK_F_TLS_CRITICAL;
715 *flagsp |= LDAP_BACK_F_PROPAGATE_TLS;
718 Debug( LDAP_DEBUG_ANY,
719 "%s: line %d: \"tls <what>\": unknown argument \"%s\".\n",
720 fname, lineno, argv[ 1 ] );
724 } else if ( strcasecmp( argv[ 0 ], "t-f-support" ) == 0 ) {
725 unsigned *flagsp = mi->mi_ntargets ?
726 &mi->mi_targets[ mi->mi_ntargets - 1 ]->mt_flags
730 Debug( LDAP_DEBUG_ANY,
731 "%s: line %d: \"t-f-support {FALSE|true|discover}\" needs 1 argument.\n",
736 switch ( check_true_false( argv[ 1 ] ) ) {
738 *flagsp &= ~LDAP_BACK_F_T_F_MASK2;
742 *flagsp |= LDAP_BACK_F_T_F;
746 if ( strcasecmp( argv[ 1 ], "discover" ) == 0 ) {
747 *flagsp |= LDAP_BACK_F_T_F_DISCOVER;
750 Debug( LDAP_DEBUG_ANY,
751 "%s: line %d: unknown value \"%s\" for \"t-f-support {no|yes|discover}\".\n",
752 fname, lineno, argv[ 1 ] );
759 } else if ( strcasecmp( argv[ 0 ], "onerr" ) == 0 ) {
761 Debug( LDAP_DEBUG_ANY,
762 "%s: line %d: \"onerr {CONTINUE|stop}\" takes 1 argument\n",
767 if ( strcasecmp( argv[ 1 ], "continue" ) == 0 ) {
768 mi->mi_flags &= ~META_BACK_F_ONERR_STOP;
770 } else if ( strcasecmp( argv[ 1 ], "stop" ) == 0 ) {
771 mi->mi_flags |= META_BACK_F_ONERR_STOP;
774 Debug( LDAP_DEBUG_ANY,
775 "%s: line %d: \"onerr {CONTINUE|stop}\": invalid arg \"%s\".\n",
776 fname, lineno, argv[ 1 ] );
781 } else if ( strcasecmp( argv[ 0 ], "pseudoroot-bind-defer" ) == 0 ) {
783 Debug( LDAP_DEBUG_ANY,
784 "%s: line %d: \"pseudoroot-bind-defer {FALSE|true}\" takes 1 argument\n",
789 switch ( check_true_false( argv[ 1 ] ) ) {
791 mi->mi_flags &= ~META_BACK_F_DEFER_ROOTDN_BIND;
795 mi->mi_flags |= META_BACK_F_DEFER_ROOTDN_BIND;
799 Debug( LDAP_DEBUG_ANY,
800 "%s: line %d: \"pseudoroot-bind-defer {FALSE|true}\": invalid arg \"%s\".\n",
801 fname, lineno, argv[ 1 ] );
806 } else if ( strcasecmp( argv[ 0 ], "single-conn" ) == 0 ) {
808 Debug( LDAP_DEBUG_ANY,
809 "%s: line %d: \"single-conn {FALSE|true}\" takes 1 argument\n",
814 if ( mi->mi_ntargets > 0 ) {
815 Debug( LDAP_DEBUG_ANY,
816 "%s: line %d: \"single-conn\" must appear before target definitions\n",
821 switch ( check_true_false( argv[ 1 ] ) ) {
823 mi->mi_flags &= ~LDAP_BACK_F_SINGLECONN;
827 mi->mi_flags |= LDAP_BACK_F_SINGLECONN;
831 Debug( LDAP_DEBUG_ANY,
832 "%s: line %d: \"single-conn {FALSE|true}\": invalid arg \"%s\".\n",
833 fname, lineno, argv[ 1 ] );
837 } else if ( strcasecmp( argv[ 0 ], "cancel" ) == 0 ) {
839 unsigned *flagsp = mi->mi_ntargets ?
840 &mi->mi_targets[ mi->mi_ntargets - 1 ]->mt_flags
844 Debug( LDAP_DEBUG_ANY,
845 "%s: line %d: \"cancel {abandon|ignore|exop}\" takes 1 argument\n",
850 if ( strcasecmp( argv[ 1 ], "abandon" ) == 0 ) {
851 flag = LDAP_BACK_F_CANCEL_ABANDON;
853 } else if ( strcasecmp( argv[ 1 ], "ignore" ) == 0 ) {
854 flag = LDAP_BACK_F_CANCEL_IGNORE;
856 } else if ( strcasecmp( argv[ 1 ], "exop" ) == 0 ) {
857 flag = LDAP_BACK_F_CANCEL_EXOP;
859 } else if ( strcasecmp( argv[ 1 ], "exop-discover" ) == 0 ) {
860 flag = LDAP_BACK_F_CANCEL_EXOP_DISCOVER;
863 Debug( LDAP_DEBUG_ANY,
864 "%s: line %d: \"cancel {abandon|ignore|exop[-discover]}\": unknown mode \"%s\" \n",
865 fname, lineno, argv[ 1 ] );
869 *flagsp &= ~LDAP_BACK_F_CANCEL_MASK2;
872 } else if ( strcasecmp( argv[ 0 ], "timeout" ) == 0 ) {
874 time_t *tv = mi->mi_ntargets ?
875 mi->mi_targets[ mi->mi_ntargets - 1 ]->mt_timeout
880 Debug( LDAP_DEBUG_ANY,
881 "%s: line %d: \"timeout [{add|delete|modify|modrdn}=]<val> [...]\" takes at least 1 argument\n",
886 for ( c = 1; c < argc; c++ ) {
890 sep = strchr( argv[ c ], '=' );
892 size_t len = sep - argv[ c ];
894 if ( strncasecmp( argv[ c ], "add", len ) == 0 ) {
895 t = &tv[ LDAP_BACK_OP_ADD ];
896 } else if ( strncasecmp( argv[ c ], "delete", len ) == 0 ) {
897 t = &tv[ LDAP_BACK_OP_DELETE ];
898 } else if ( strncasecmp( argv[ c ], "modify", len ) == 0 ) {
899 t = &tv[ LDAP_BACK_OP_MODIFY ];
900 } else if ( strncasecmp( argv[ c ], "modrdn", len ) == 0 ) {
901 t = &tv[ LDAP_BACK_OP_MODRDN ];
903 char buf[ SLAP_TEXT_BUFLEN ];
904 snprintf( buf, sizeof( buf ),
905 "unknown operation \"%s\" for timeout #%d",
907 Debug( LDAP_DEBUG_ANY,
908 "%s: line %d: %s.\n",
909 fname, lineno, buf );
918 if ( lutil_parse_time( sep, &val ) != 0 ) {
919 Debug( LDAP_DEBUG_ANY,
920 "%s: line %d: unable to parse value \"%s\" for timeout.\n",
921 fname, lineno, sep );
931 for ( i = 0; i < LDAP_BACK_OP_LAST; i++ ) {
932 tv[ i ] = (time_t)val;
937 /* name to use as pseudo-root dn */
938 } else if ( strcasecmp( argv[ 0 ], "pseudorootdn" ) == 0 ) {
939 int i = mi->mi_ntargets - 1;
943 Debug( LDAP_DEBUG_ANY,
944 "%s: line %d: need \"uri\" directive first\n",
950 Debug( LDAP_DEBUG_ANY,
951 "%s: line %d: missing name in \"pseudorootdn <name>\" line\n",
956 dn.bv_val = argv[ 1 ];
957 dn.bv_len = strlen( argv[ 1 ] );
958 if ( dnNormalize( 0, NULL, NULL, &dn,
959 &mi->mi_targets[ i ]->mt_pseudorootdn, NULL ) != LDAP_SUCCESS )
961 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
962 "pseudoroot DN '%s' is invalid\n",
963 fname, lineno, argv[ 1 ] );
967 /* password to use as pseudo-root */
968 } else if ( strcasecmp( argv[ 0 ], "pseudorootpw" ) == 0 ) {
969 int i = mi->mi_ntargets - 1;
972 Debug( LDAP_DEBUG_ANY,
973 "%s: line %d: need \"uri\" directive first\n",
979 Debug( LDAP_DEBUG_ANY,
980 "%s: line %d: missing password in \"pseudorootpw <password>\" line\n",
984 ber_str2bv( argv[ 1 ], 0L, 1, &mi->mi_targets[ i ]->mt_pseudorootpw );
987 } else if ( strcasecmp( argv[ 0 ], "quarantine" ) == 0 ) {
988 char buf[ SLAP_TEXT_BUFLEN ] = { '\0' };
989 slap_retry_info_t *ri = mi->mi_ntargets ?
990 &mi->mi_targets[ mi->mi_ntargets - 1 ]->mt_quarantine
991 : &mi->mi_quarantine;
993 if ( META_BACK_QUARANTINE( mi ) ) {
994 Debug( LDAP_DEBUG_ANY,
995 "%s: line %d: quarantine already defined.\n",
1005 Debug( LDAP_DEBUG_ANY,
1006 "%s: line %d: missing arg in \"quarantine <pattern list>\".\n",
1011 Debug( LDAP_DEBUG_ANY,
1012 "%s: line %d: extra cruft after \"quarantine <pattern list>\".\n",
1017 if ( ri != &mi->mi_quarantine ) {
1018 ri->ri_interval = NULL;
1022 if ( slap_retry_info_parse( argv[ 1 ], ri, buf, sizeof( buf ) ) ) {
1023 Debug( LDAP_DEBUG_ANY,
1024 "%s line %d: %s.\n",
1025 fname, lineno, buf );
1030 } else if ( strcasecmp( argv[ 0 ], "suffixmassage" ) == 0 ) {
1032 int i = mi->mi_ntargets - 1, rc;
1033 struct berval dn, nvnc, pvnc, nrnc, prnc;
1036 Debug( LDAP_DEBUG_ANY,
1037 "%s: line %d: need \"uri\" directive first\n",
1045 * suffixmassage <suffix> <massaged suffix>
1047 * the <suffix> field must be defined as a valid suffix
1048 * (or suffixAlias?) for the current database;
1049 * the <massaged suffix> shouldn't have already been
1050 * defined as a valid suffix or suffixAlias for the
1054 Debug( LDAP_DEBUG_ANY,
1055 "%s: line %d: syntax is \"suffixMassage <suffix> <massaged suffix>\"\n",
1060 ber_str2bv( argv[ 1 ], 0, 0, &dn );
1061 if ( dnPrettyNormal( NULL, &dn, &pvnc, &nvnc, NULL ) != LDAP_SUCCESS ) {
1062 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
1063 "suffix '%s' is invalid\n",
1064 fname, lineno, argv[ 1 ] );
1068 tmp_be = select_backend( &nvnc, 0, 0 );
1069 if ( tmp_be != NULL && tmp_be != be ) {
1070 Debug( LDAP_DEBUG_ANY,
1071 "%s: line %d: suffix already in use by another backend in"
1072 " \"suffixMassage <suffix> <massaged suffix>\"\n",
1074 free( pvnc.bv_val );
1075 free( nvnc.bv_val );
1079 ber_str2bv( argv[ 2 ], 0, 0, &dn );
1080 if ( dnPrettyNormal( NULL, &dn, &prnc, &nrnc, NULL ) != LDAP_SUCCESS ) {
1081 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
1082 "massaged suffix '%s' is invalid\n",
1083 fname, lineno, argv[ 2 ] );
1084 free( pvnc.bv_val );
1085 free( nvnc.bv_val );
1090 tmp_be = select_backend( &nrnc, 0, 0 );
1091 if ( tmp_be != NULL ) {
1092 Debug( LDAP_DEBUG_ANY,
1093 "%s: line %d: massaged suffix already in use by another backend in"
1094 " \"suffixMassage <suffix> <massaged suffix>\"\n",
1096 free( pvnc.bv_val );
1097 free( nvnc.bv_val );
1098 free( prnc.bv_val );
1099 free( nrnc.bv_val );
1105 * The suffix massaging is emulated by means of the
1106 * rewrite capabilities
1107 * FIXME: no extra rewrite capabilities should be added
1110 rc = suffix_massage_config( mi->mi_targets[ i ]->mt_rwmap.rwm_rw,
1111 &pvnc, &nvnc, &prnc, &nrnc );
1113 free( pvnc.bv_val );
1114 free( nvnc.bv_val );
1115 free( prnc.bv_val );
1116 free( nrnc.bv_val );
1120 /* rewrite stuff ... */
1121 } else if ( strncasecmp( argv[ 0 ], "rewrite", 7 ) == 0 ) {
1122 int i = mi->mi_ntargets - 1;
1125 Debug( LDAP_DEBUG_ANY, "%s: line %d: \"rewrite\" "
1126 "statement outside target definition.\n",
1131 return rewrite_parse( mi->mi_targets[ i ]->mt_rwmap.rwm_rw,
1132 fname, lineno, argc, argv );
1134 /* objectclass/attribute mapping */
1135 } else if ( strcasecmp( argv[ 0 ], "map" ) == 0 ) {
1136 int i = mi->mi_ntargets - 1;
1139 Debug( LDAP_DEBUG_ANY,
1140 "%s: line %d: need \"uri\" directive first\n",
1145 return ldap_back_map_config( &mi->mi_targets[ i ]->mt_rwmap.rwm_oc,
1146 &mi->mi_targets[ i ]->mt_rwmap.rwm_at,
1147 fname, lineno, argc, argv );
1149 } else if ( strcasecmp( argv[ 0 ], "nretries" ) == 0 ) {
1150 int i = mi->mi_ntargets - 1;
1151 int nretries = META_RETRY_UNDEFINED;
1154 Debug( LDAP_DEBUG_ANY,
1155 "%s: line %d: need value in \"nretries <value>\"\n",
1160 if ( strcasecmp( argv[ 1 ], "forever" ) == 0 ) {
1161 nretries = META_RETRY_FOREVER;
1163 } else if ( strcasecmp( argv[ 1 ], "never" ) == 0 ) {
1164 nretries = META_RETRY_NEVER;
1167 if ( lutil_atoi( &nretries, argv[ 1 ] ) != 0 ) {
1168 Debug( LDAP_DEBUG_ANY,
1169 "%s: line %d: unable to parse value \"%s\" in \"nretries <value>\"\n",
1170 fname, lineno, argv[ 1 ] );
1176 mi->mi_nretries = nretries;
1179 mi->mi_targets[ i ]->mt_nretries = nretries;
1182 } else if ( strcasecmp( argv[ 0 ], "protocol-version" ) == 0 ) {
1183 int *version = mi->mi_ntargets ?
1184 &mi->mi_targets[ mi->mi_ntargets - 1 ]->mt_version
1188 Debug( LDAP_DEBUG_ANY,
1189 "%s: line %d: need value in \"protocol-version <version>\"\n",
1194 if ( lutil_atoi( version, argv[ 1 ] ) != 0 ) {
1195 Debug( LDAP_DEBUG_ANY,
1196 "%s: line %d: unable to parse version \"%s\" in \"protocol-version <version>\"\n",
1197 fname, lineno, argv[ 1 ] );
1201 if ( *version != 0 && ( *version < LDAP_VERSION_MIN || *version > LDAP_VERSION_MAX ) ) {
1202 Debug( LDAP_DEBUG_ANY,
1203 "%s: line %d: unsupported version \"%s\" in \"protocol-version <version>\"\n",
1204 fname, lineno, argv[ 1 ] );
1210 return SLAP_CONF_UNKNOWN;
1216 ldap_back_map_config(
1217 struct ldapmap *oc_map,
1218 struct ldapmap *at_map,
1224 struct ldapmap *map;
1225 struct ldapmapping *mapping;
1229 if ( argc < 3 || argc > 4 ) {
1230 Debug( LDAP_DEBUG_ANY,
1231 "%s: line %d: syntax is \"map {objectclass | attribute} [<local> | *] {<foreign> | *}\"\n",
1236 if ( strcasecmp( argv[ 1 ], "objectclass" ) == 0 ) {
1240 } else if ( strcasecmp( argv[ 1 ], "attribute" ) == 0 ) {
1244 Debug( LDAP_DEBUG_ANY, "%s: line %d: syntax is "
1245 "\"map {objectclass | attribute} [<local> | *] "
1246 "{<foreign> | *}\"\n",
1251 if ( strcmp( argv[ 2 ], "*" ) == 0 ) {
1252 if ( argc < 4 || strcmp( argv[ 3 ], "*" ) == 0 ) {
1253 map->drop_missing = ( argc < 4 );
1256 src = dst = argv[ 3 ];
1258 } else if ( argc < 4 ) {
1264 dst = ( strcmp( argv[ 3 ], "*" ) == 0 ? src : argv[ 3 ] );
1267 if ( ( map == at_map )
1268 && ( strcasecmp( src, "objectclass" ) == 0
1269 || strcasecmp( dst, "objectclass" ) == 0 ) )
1271 Debug( LDAP_DEBUG_ANY,
1272 "%s: line %d: objectclass attribute cannot be mapped\n",
1276 mapping = (struct ldapmapping *)ch_calloc( 2,
1277 sizeof(struct ldapmapping) );
1278 if ( mapping == NULL ) {
1279 Debug( LDAP_DEBUG_ANY,
1280 "%s: line %d: out of memory\n",
1284 ber_str2bv( src, 0, 1, &mapping[ 0 ].src );
1285 ber_str2bv( dst, 0, 1, &mapping[ 0 ].dst );
1286 mapping[ 1 ].src = mapping[ 0 ].dst;
1287 mapping[ 1 ].dst = mapping[ 0 ].src;
1293 if ( src[ 0 ] != '\0' ) {
1294 if ( oc_bvfind( &mapping[ 0 ].src ) == NULL ) {
1295 Debug( LDAP_DEBUG_ANY,
1296 "%s: line %d: warning, source objectClass '%s' "
1297 "should be defined in schema\n",
1298 fname, lineno, src );
1301 * FIXME: this should become an err
1307 if ( oc_bvfind( &mapping[ 0 ].dst ) == NULL ) {
1308 Debug( LDAP_DEBUG_ANY,
1309 "%s: line %d: warning, destination objectClass '%s' "
1310 "is not defined in schema\n",
1311 fname, lineno, dst );
1315 const char *text = NULL;
1316 AttributeDescription *ad = NULL;
1318 if ( src[ 0 ] != '\0' ) {
1319 rc = slap_bv2ad( &mapping[ 0 ].src, &ad, &text );
1320 if ( rc != LDAP_SUCCESS ) {
1321 Debug( LDAP_DEBUG_ANY,
1322 "%s: line %d: warning, source attributeType '%s' "
1323 "should be defined in schema\n",
1324 fname, lineno, src );
1327 * FIXME: this should become an err
1330 * we create a fake "proxied" ad
1334 rc = slap_bv2undef_ad( &mapping[ 0 ].src,
1335 &ad, &text, SLAP_AD_PROXIED );
1336 if ( rc != LDAP_SUCCESS ) {
1337 char buf[ SLAP_TEXT_BUFLEN ];
1339 snprintf( buf, sizeof( buf ),
1340 "source attributeType \"%s\": %d (%s)",
1341 src, rc, text ? text : "" );
1342 Debug( LDAP_DEBUG_ANY,
1343 "%s: line %d: %s\n",
1344 fname, lineno, buf );
1352 rc = slap_bv2ad( &mapping[ 0 ].dst, &ad, &text );
1353 if ( rc != LDAP_SUCCESS ) {
1354 Debug( LDAP_DEBUG_ANY,
1355 "%s: line %d: warning, destination attributeType '%s' "
1356 "is not defined in schema\n",
1357 fname, lineno, dst );
1360 * we create a fake "proxied" ad
1364 rc = slap_bv2undef_ad( &mapping[ 0 ].dst,
1365 &ad, &text, SLAP_AD_PROXIED );
1366 if ( rc != LDAP_SUCCESS ) {
1367 char buf[ SLAP_TEXT_BUFLEN ];
1369 snprintf( buf, sizeof( buf ),
1370 "source attributeType \"%s\": %d (%s)\n",
1371 dst, rc, text ? text : "" );
1372 Debug( LDAP_DEBUG_ANY,
1373 "%s: line %d: %s\n",
1374 fname, lineno, buf );
1380 if ( (src[ 0 ] != '\0' && avl_find( map->map, (caddr_t)&mapping[ 0 ], mapping_cmp ) != NULL)
1381 || avl_find( map->remap, (caddr_t)&mapping[ 1 ], mapping_cmp ) != NULL)
1383 Debug( LDAP_DEBUG_ANY,
1384 "%s: line %d: duplicate mapping found.\n",
1389 if ( src[ 0 ] != '\0' ) {
1390 avl_insert( &map->map, (caddr_t)&mapping[ 0 ],
1391 mapping_cmp, mapping_dup );
1393 avl_insert( &map->remap, (caddr_t)&mapping[ 1 ],
1394 mapping_cmp, mapping_dup );
1400 ch_free( mapping[ 0 ].src.bv_val );
1401 ch_free( mapping[ 0 ].dst.bv_val );
1409 #ifdef ENABLE_REWRITE
1411 suffix_massage_regexize( const char *s )
1417 if ( s[ 0 ] == '\0' ) {
1418 return ch_strdup( "^(.+)$" );
1422 ( r = strchr( p, ',' ) ) != NULL;
1426 res = ch_calloc( sizeof( char ),
1428 + STRLENOF( "((.+),)?" )
1429 + STRLENOF( "[ ]?" ) * i
1430 + STRLENOF( "$" ) + 1 );
1432 ptr = lutil_strcopy( res, "((.+),)?" );
1434 ( r = strchr( p, ',' ) ) != NULL;
1436 ptr = lutil_strncopy( ptr, p, r - p + 1 );
1437 ptr = lutil_strcopy( ptr, "[ ]?" );
1439 if ( r[ 1 ] == ' ' ) {
1443 ptr = lutil_strcopy( ptr, p );
1452 suffix_massage_patternize( const char *s, const char *p )
1459 if ( s[ 0 ] == '\0' ) {
1463 res = ch_calloc( sizeof( char ), len + STRLENOF( "%1" ) + 1 );
1464 if ( res == NULL ) {
1468 ptr = lutil_strcopy( res, ( p[ 0 ] == '\0' ? "%2" : "%1" ) );
1469 if ( s[ 0 ] == '\0' ) {
1473 lutil_strcopy( ptr, p );
1479 suffix_massage_config(
1480 struct rewrite_info *info,
1481 struct berval *pvnc,
1482 struct berval *nvnc,
1483 struct berval *prnc,
1490 rargv[ 0 ] = "rewriteEngine";
1493 rewrite_parse( info, "<suffix massage>", ++line, 2, rargv );
1495 rargv[ 0 ] = "rewriteContext";
1496 rargv[ 1 ] = "default";
1498 rewrite_parse( info, "<suffix massage>", ++line, 2, rargv );
1500 rargv[ 0 ] = "rewriteRule";
1501 rargv[ 1 ] = suffix_massage_regexize( pvnc->bv_val );
1502 rargv[ 2 ] = suffix_massage_patternize( pvnc->bv_val, prnc->bv_val );
1505 rewrite_parse( info, "<suffix massage>", ++line, 4, rargv );
1506 ch_free( rargv[ 1 ] );
1507 ch_free( rargv[ 2 ] );
1509 if ( BER_BVISEMPTY( pvnc ) ) {
1510 rargv[ 0 ] = "rewriteRule";
1512 rargv[ 2 ] = prnc->bv_val;
1515 rewrite_parse( info, "<suffix massage>", ++line, 4, rargv );
1518 rargv[ 0 ] = "rewriteContext";
1519 rargv[ 1 ] = "searchEntryDN";
1521 rewrite_parse( info, "<suffix massage>", ++line, 2, rargv );
1523 rargv[ 0 ] = "rewriteRule";
1524 rargv[ 1 ] = suffix_massage_regexize( prnc->bv_val );
1525 rargv[ 2 ] = suffix_massage_patternize( prnc->bv_val, pvnc->bv_val );
1528 rewrite_parse( info, "<suffix massage>", ++line, 4, rargv );
1529 ch_free( rargv[ 1 ] );
1530 ch_free( rargv[ 2 ] );
1532 if ( BER_BVISEMPTY( prnc ) ) {
1533 rargv[ 0 ] = "rewriteRule";
1535 rargv[ 2 ] = pvnc->bv_val;
1538 rewrite_parse( info, "<suffix massage>", ++line, 4, rargv );
1541 /* backward compatibility */
1542 rargv[ 0 ] = "rewriteContext";
1543 rargv[ 1 ] = "searchResult";
1544 rargv[ 2 ] = "alias";
1545 rargv[ 3 ] = "searchEntryDN";
1547 rewrite_parse( info, "<suffix massage>", ++line, 4, rargv );
1549 rargv[ 0 ] = "rewriteContext";
1550 rargv[ 1 ] = "matchedDN";
1551 rargv[ 2 ] = "alias";
1552 rargv[ 3 ] = "searchEntryDN";
1554 rewrite_parse( info, "<suffix massage>", ++line, 4, rargv );
1556 rargv[ 0 ] = "rewriteContext";
1557 rargv[ 1 ] = "searchAttrDN";
1558 rargv[ 2 ] = "alias";
1559 rargv[ 3 ] = "searchEntryDN";
1561 rewrite_parse( info, "<suffix massage>", ++line, 4, rargv );
1563 /* NOTE: this corresponds to #undef'ining RWM_REFERRAL_REWRITE;
1564 * see servers/slapd/overlays/rwm.h for details */
1565 rargv[ 0 ] = "rewriteContext";
1566 rargv[ 1 ] = "referralAttrDN";
1568 rewrite_parse( info, "<suffix massage>", ++line, 2, rargv );
1570 rargv[ 0 ] = "rewriteContext";
1571 rargv[ 1 ] = "referralDN";
1573 rewrite_parse( info, "<suffix massage>", ++line, 2, rargv );
1577 #endif /* ENABLE_REWRITE */