2 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
4 * Copyright 1999-2006 The OpenLDAP Foundation.
5 * Portions Copyright 2001-2003 Pierangelo Masarati.
6 * Portions Copyright 1999-2003 Howard Chu.
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted only as authorized by the OpenLDAP
13 * A copy of this license is available in the file LICENSE in the
14 * top-level directory of the distribution or, alternatively, at
15 * <http://www.OpenLDAP.org/license.html>.
18 * This work was initially developed by the Howard Chu for inclusion
19 * in OpenLDAP Software and subsequently enhanced by Pierangelo
27 #include <ac/string.h>
28 #include <ac/socket.h>
32 #include "../back-ldap/back-ldap.h"
33 #undef ldap_debug /* silence a warning in ldap-int.h */
34 #include "../../../libraries/libldap/ldap-int.h"
35 #include "back-meta.h"
41 struct ldapmapping *mapping;
44 memset( mt, 0, sizeof( metatarget_t ) );
46 mt->mt_rwmap.rwm_rw = rewrite_info_init( REWRITE_MODE_USE_DEFAULT );
47 if ( mt->mt_rwmap.rwm_rw == NULL ) {
53 * the filter rewrite as a string must be disabled
54 * by default; it can be re-enabled by adding rules;
55 * this creates an empty rewriteContext
57 rargv[ 0 ] = "rewriteContext";
58 rargv[ 1 ] = "searchFilter";
60 rewrite_parse( mt->mt_rwmap.rwm_rw, "<suffix massage>", 1, 2, rargv );
62 rargv[ 0 ] = "rewriteContext";
63 rargv[ 1 ] = "default";
65 rewrite_parse( mt->mt_rwmap.rwm_rw, "<suffix massage>", 1, 2, rargv );
67 ldap_back_map_init( &mt->mt_rwmap.rwm_at, &mapping );
73 check_true_false( char *str )
75 if ( strcasecmp( str, "true" ) == 0 || strcasecmp( str, "yes" ) == 0 ) {
79 if ( strcasecmp( str, "false" ) == 0 || strcasecmp( str, "no" ) == 0 ) {
96 metainfo_t *mi = ( metainfo_t * )be->be_private;
100 /* URI of server to query */
101 if ( strcasecmp( argv[ 0 ], "uri" ) == 0 ) {
102 int i = mi->mi_ntargets;
105 #endif /* uncomment if uri MUST be a branch of suffix */
106 LDAPURLDesc *ludp, *tmpludp;
113 Debug( LDAP_DEBUG_ANY,
114 "%s: line %d: missing URI "
115 "in \"uri <protocol>://<server>[:port]/<naming context>\" line\n",
123 Debug( LDAP_DEBUG_ANY,
124 "%s: line %d: too many args "
125 "in \"uri <protocol>://<server>[:port]/<naming context>\" line\n",
130 if ( be->be_nsuffix == NULL ) {
131 Debug( LDAP_DEBUG_ANY,
132 "%s: line %d: the suffix must be defined before any target.\n",
139 mi->mi_targets = ( metatarget_t * )ch_realloc( mi->mi_targets,
140 sizeof( metatarget_t ) * mi->mi_ntargets );
141 if ( mi->mi_targets == NULL ) {
142 Debug( LDAP_DEBUG_ANY,
143 "%s: line %d: out of memory while storing server name"
144 " in \"uri <protocol>://<server>[:port]/<naming context>\" line\n",
149 if ( meta_back_new_target( &mi->mi_targets[ i ] ) != 0 ) {
150 Debug( LDAP_DEBUG_ANY,
151 "%s: line %d: unable to init server"
152 " in \"uri <protocol>://<server>[:port]/<naming context>\" line\n",
157 mi->mi_targets[ i ].mt_nretries = mi->mi_nretries;
158 mi->mi_targets[ i ].mt_flags = mi->mi_flags;
159 mi->mi_targets[ i ].mt_version = mi->mi_version;
160 mi->mi_targets[ i ].mt_network_timeout = mi->mi_network_timeout;
161 mi->mi_targets[ i ].mt_conn_ttl = mi->mi_conn_ttl;
162 mi->mi_targets[ i ].mt_idle_timeout = mi->mi_idle_timeout;
163 mi->mi_targets[ i ].mt_bind_timeout = mi->mi_bind_timeout;
164 for ( c = 0; c < LDAP_BACK_OP_LAST; c++ ) {
165 mi->mi_targets[ i ].mt_timeout[ c ] = mi->mi_timeout[ c ];
171 if ( ldap_url_parselist_ext( &ludp, argv[ 1 ], "\t" ) != LDAP_SUCCESS ) {
172 Debug( LDAP_DEBUG_ANY,
173 "%s: line %d: unable to parse URI"
174 " in \"uri <protocol>://<server>[:port]/<naming context>\" line\n",
180 * uri MUST have the <dn> part!
182 if ( ludp->lud_dn == NULL ) {
183 Debug( LDAP_DEBUG_ANY,
184 "%s: line %d: missing <naming context> "
185 " in \"uri <protocol>://<server>[:port]/<naming context>\" line\n",
189 } else if ( ludp->lud_dn[ 0 ] == '\0' ) {
192 for ( j = 0; !BER_BVISNULL( &be->be_nsuffix[ j ] ); j++ ) {
193 if ( BER_BVISEMPTY( &be->be_nsuffix[ j ] ) ) {
198 if ( BER_BVISNULL( &be->be_nsuffix[ j ] ) ) {
199 Debug( LDAP_DEBUG_ANY,
200 "%s: line %d: missing <naming context> "
201 " in \"uri <protocol>://<server>[:port]/<naming context>\" line\n",
208 * copies and stores uri and suffix
210 ber_str2bv( ludp->lud_dn, 0, 0, &dn );
211 rc = dnPrettyNormal( NULL, &dn, &mi->mi_targets[ i ].mt_psuffix,
212 &mi->mi_targets[ i ].mt_nsuffix, NULL );
213 if( rc != LDAP_SUCCESS ) {
214 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
215 "target \"%s\" DN is invalid\n",
216 fname, lineno, argv[ 1 ] );
220 ludp->lud_dn[ 0 ] = '\0';
222 switch ( ludp->lud_scope ) {
223 case LDAP_SCOPE_DEFAULT:
224 mi->mi_targets[ i ].mt_scope = LDAP_SCOPE_SUBTREE;
227 case LDAP_SCOPE_SUBTREE:
228 case LDAP_SCOPE_SUBORDINATE:
229 mi->mi_targets[ i ].mt_scope = ludp->lud_scope;
233 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
234 "invalid scope for target \"%s\"\n",
235 fname, lineno, argv[ 1 ] );
239 /* check all, to apply the scope check on the first one */
240 for ( tmpludp = ludp; tmpludp; tmpludp = tmpludp->lud_next ) {
241 if ( tmpludp->lud_dn != NULL && tmpludp->lud_dn[ 0 ] != '\0' ) {
242 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
243 "multiple URIs must have "
251 mi->mi_targets[ i ].mt_uri = ldap_url_list2urls( ludp );
252 ldap_free_urllist( ludp );
253 if ( mi->mi_targets[ i ].mt_uri == NULL) {
254 Debug( LDAP_DEBUG_ANY, "%s: line %d: no memory?\n",
260 * uri MUST be a branch of suffix!
262 #if 0 /* too strict a constraint */
263 if ( select_backend( &mi->mi_targets[ i ].suffix, 0, 0 ) != be ) {
264 Debug( LDAP_DEBUG_ANY,
265 "%s: line %d: <naming context> of URI does not refer to current backend"
266 " in \"uri <protocol>://<server>[:port]/<naming context>\" line\n",
272 * uri MUST be a branch of a suffix!
274 if ( select_backend( &mi->mi_targets[ i ].mt_nsuffix, 0, 0 ) == NULL ) {
275 Debug( LDAP_DEBUG_ANY,
276 "%s: line %d: <naming context> of URI does not resolve to a backend"
277 " in \"uri <protocol>://<server>[:port]/<naming context>\" line\n",
283 /* subtree-exclude */
284 } else if ( strcasecmp( argv[ 0 ], "subtree-exclude" ) == 0 ) {
285 int i = mi->mi_ntargets - 1;
286 struct berval dn, ndn;
289 Debug( LDAP_DEBUG_ANY,
290 "%s: line %d: need \"uri\" directive first\n",
297 Debug( LDAP_DEBUG_ANY,
298 "%s: line %d: missing DN in \"subtree-exclude <DN>\" line\n",
306 Debug( LDAP_DEBUG_ANY,
307 "%s: line %d: too many args in \"subtree-exclude <DN>\" line\n",
312 ber_str2bv( argv[ 1 ], 0, 0, &dn );
313 if ( dnNormalize( 0, NULL, NULL, &dn, &ndn, NULL )
316 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
317 "subtree-exclude DN=\"%s\" is invalid\n",
318 fname, lineno, argv[ 1 ] );
322 if ( !dnIsSuffix( &ndn, &mi->mi_targets[ i ].mt_nsuffix ) ) {
323 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
324 "subtree-exclude DN=\"%s\" "
325 "must be subtree of target\n",
326 fname, lineno, argv[ 1 ] );
327 ber_memfree( ndn.bv_val );
331 if ( mi->mi_targets[ i ].mt_subtree_exclude != NULL ) {
334 for ( j = 0; !BER_BVISNULL( &mi->mi_targets[ i ].mt_subtree_exclude[ j ] ); j++ )
336 if ( dnIsSuffix( &mi->mi_targets[ i ].mt_subtree_exclude[ j ], &ndn ) ) {
337 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
338 "subtree-exclude DN=\"%s\" "
339 "is suffix of another subtree-exclude\n",
340 fname, lineno, argv[ 1 ] );
341 /* reject, because it might be superior
342 * to more than one subtree-exclude */
343 ber_memfree( ndn.bv_val );
346 } else if ( dnIsSuffix( &ndn, &mi->mi_targets[ i ].mt_subtree_exclude[ j ] ) ) {
347 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
348 "another subtree-exclude is suffix of "
349 "subtree-exclude DN=\"%s\"\n",
350 fname, lineno, argv[ 1 ] );
351 ber_memfree( ndn.bv_val );
357 ber_bvarray_add( &mi->mi_targets[ i ].mt_subtree_exclude, &ndn );
359 /* default target directive */
360 } else if ( strcasecmp( argv[ 0 ], "default-target" ) == 0 ) {
361 int i = mi->mi_ntargets - 1;
365 Debug( LDAP_DEBUG_ANY,
366 "%s: line %d: \"default-target\" alone need be"
367 " inside a \"uri\" directive\n",
371 mi->mi_defaulttarget = i;
374 if ( strcasecmp( argv[ 1 ], "none" ) == 0 ) {
376 Debug( LDAP_DEBUG_ANY,
377 "%s: line %d: \"default-target none\""
378 " should go before uri definitions\n",
381 mi->mi_defaulttarget = META_DEFAULT_TARGET_NONE;
385 if ( lutil_atoi( &mi->mi_defaulttarget, argv[ 1 ] ) != 0
386 || mi->mi_defaulttarget < 0
387 || mi->mi_defaulttarget >= i - 1 )
389 Debug( LDAP_DEBUG_ANY,
390 "%s: line %d: illegal target number %d\n",
391 fname, lineno, mi->mi_defaulttarget );
397 /* ttl of dn cache */
398 } else if ( strcasecmp( argv[ 0 ], "dncache-ttl" ) == 0 ) {
400 Debug( LDAP_DEBUG_ANY,
401 "%s: line %d: missing ttl in \"dncache-ttl <ttl>\" line\n",
406 if ( strcasecmp( argv[ 1 ], "forever" ) == 0 ) {
407 mi->mi_cache.ttl = META_DNCACHE_FOREVER;
409 } else if ( strcasecmp( argv[ 1 ], "disabled" ) == 0 ) {
410 mi->mi_cache.ttl = META_DNCACHE_DISABLED;
415 if ( lutil_parse_time( argv[ 1 ], &t ) != 0 ) {
416 Debug( LDAP_DEBUG_ANY,
417 "%s: line %d: unable to parse ttl \"%s\" in \"dncache-ttl <ttl>\" line\n",
418 fname, lineno, argv[ 1 ] );
421 mi->mi_cache.ttl = (time_t)t;
424 /* network timeout when connecting to ldap servers */
425 } else if ( strcasecmp( argv[ 0 ], "network-timeout" ) == 0 ) {
427 time_t *tp = mi->mi_ntargets ?
428 &mi->mi_targets[ mi->mi_ntargets - 1 ].mt_network_timeout
429 : &mi->mi_network_timeout;
432 Debug( LDAP_DEBUG_ANY,
433 "%s: line %d: missing network timeout in \"network-timeout <seconds>\" line\n",
438 if ( lutil_parse_time( argv[ 1 ], &t ) ) {
439 Debug( LDAP_DEBUG_ANY,
440 "%s: line %d: unable to parse timeout \"%s\" in \"network-timeout <seconds>\" line\n",
441 fname, lineno, argv[ 1 ] );
448 /* idle timeout when connecting to ldap servers */
449 } else if ( strcasecmp( argv[ 0 ], "idle-timeout" ) == 0 ) {
451 time_t *tp = mi->mi_ntargets ?
452 &mi->mi_targets[ mi->mi_ntargets - 1 ].mt_idle_timeout
453 : &mi->mi_idle_timeout;
457 Debug( LDAP_DEBUG_ANY,
458 "%s: line %d: missing timeout value in \"idle-timeout <seconds>\" line\n",
464 Debug( LDAP_DEBUG_ANY,
465 "%s: line %d: extra cruft after timeout value in \"idle-timeout <seconds>\" line\n",
470 if ( lutil_parse_time( argv[ 1 ], &t ) ) {
471 Debug( LDAP_DEBUG_ANY,
472 "%s: line %d: unable to parse timeout \"%s\" in \"idle-timeout <seconds>\" line\n",
473 fname, lineno, argv[ 1 ] );
481 } else if ( strcasecmp( argv[ 0 ], "conn-ttl" ) == 0 ) {
483 time_t *tp = mi->mi_ntargets ?
484 &mi->mi_targets[ mi->mi_ntargets - 1 ].mt_conn_ttl
489 Debug( LDAP_DEBUG_ANY,
490 "%s: line %d: missing ttl value in \"conn-ttl <seconds>\" line\n",
496 Debug( LDAP_DEBUG_ANY,
497 "%s: line %d: extra cruft after ttl value in \"conn-ttl <seconds>\" line\n",
502 if ( lutil_parse_time( argv[ 1 ], &t ) ) {
503 Debug( LDAP_DEBUG_ANY,
504 "%s: line %d: unable to parse ttl \"%s\" in \"conn-ttl <seconds>\" line\n",
505 fname, lineno, argv[ 1 ] );
512 /* bind timeout when connecting to ldap servers */
513 } else if ( strcasecmp( argv[ 0 ], "bind-timeout" ) == 0 ) {
515 struct timeval *tp = mi->mi_ntargets ?
516 &mi->mi_targets[ mi->mi_ntargets - 1 ].mt_bind_timeout
517 : &mi->mi_bind_timeout;
521 Debug( LDAP_DEBUG_ANY,
522 "%s: line %d: missing timeout value in \"bind-timeout <microseconds>\" line\n",
528 Debug( LDAP_DEBUG_ANY,
529 "%s: line %d: extra cruft after timeout value in \"bind-timeout <microseconds>\" line\n",
534 if ( lutil_atoul( &t, argv[ 1 ] ) != 0 ) {
535 Debug( LDAP_DEBUG_ANY,
536 "%s: line %d: unable to parse timeout \"%s\" in \"bind-timeout <microseconds>\" line\n",
537 fname, lineno, argv[ 1 ] );
542 tp->tv_sec = t/1000000;
543 tp->tv_usec = t%1000000;
545 /* name to use for meta_back_group */
546 } else if ( strcasecmp( argv[ 0 ], "acl-authcDN" ) == 0
547 || strcasecmp( argv[ 0 ], "binddn" ) == 0 )
549 int i = mi->mi_ntargets - 1;
553 Debug( LDAP_DEBUG_ANY,
554 "%s: line %d: need \"uri\" directive first\n",
560 Debug( LDAP_DEBUG_ANY,
561 "%s: line %d: missing name in \"binddn <name>\" line\n",
566 if ( strcasecmp( argv[ 0 ], "binddn" ) == 0 ) {
567 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
568 "\"binddn\" statement is deprecated; "
569 "use \"acl-authcDN\" instead\n",
571 /* FIXME: some day we'll need to throw an error */
574 ber_str2bv( argv[ 1 ], 0, 0, &dn );
575 if ( dnNormalize( 0, NULL, NULL, &dn, &mi->mi_targets[ i ].mt_binddn,
576 NULL ) != LDAP_SUCCESS )
578 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
579 "bind DN '%s' is invalid\n",
580 fname, lineno, argv[ 1 ] );
584 /* password to use for meta_back_group */
585 } else if ( strcasecmp( argv[ 0 ], "acl-passwd" ) == 0
586 || strcasecmp( argv[ 0 ], "bindpw" ) == 0 )
588 int i = mi->mi_ntargets - 1;
591 Debug( LDAP_DEBUG_ANY,
592 "%s: line %d: need \"uri\" directive first\n",
598 Debug( LDAP_DEBUG_ANY,
599 "%s: line %d: missing password in \"bindpw <password>\" line\n",
604 if ( strcasecmp( argv[ 0 ], "bindpw" ) == 0 ) {
605 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
606 "\"bindpw\" statement is deprecated; "
607 "use \"acl-passwd\" instead\n",
609 /* FIXME: some day we'll need to throw an error */
612 ber_str2bv( argv[ 1 ], 0L, 1, &mi->mi_targets[ i ].mt_bindpw );
614 /* save bind creds for referral rebinds? */
615 } else if ( strcasecmp( argv[ 0 ], "rebind-as-user" ) == 0 ) {
617 Debug( LDAP_DEBUG_ANY,
618 "%s: line %d: \"rebind-as-user {NO|yes}\" takes 1 argument.\n",
624 Debug( LDAP_DEBUG_ANY,
625 "%s: line %d: deprecated use of \"rebind-as-user {FALSE|true}\" with no arguments.\n",
627 mi->mi_flags |= LDAP_BACK_F_SAVECRED;
630 switch ( check_true_false( argv[ 1 ] ) ) {
632 mi->mi_flags &= ~LDAP_BACK_F_SAVECRED;
636 mi->mi_flags |= LDAP_BACK_F_SAVECRED;
640 Debug( LDAP_DEBUG_ANY,
641 "%s: line %d: \"rebind-as-user {FALSE|true}\" unknown argument \"%s\".\n",
642 fname, lineno, argv[ 1 ] );
647 } else if ( strcasecmp( argv[ 0 ], "chase-referrals" ) == 0 ) {
648 unsigned *flagsp = mi->mi_ntargets ?
649 &mi->mi_targets[ mi->mi_ntargets - 1 ].mt_flags
653 Debug( LDAP_DEBUG_ANY,
654 "%s: line %d: \"chase-referrals {TRUE|false}\" needs 1 argument.\n",
659 /* this is the default; we add it because the default might change... */
660 switch ( check_true_false( argv[ 1 ] ) ) {
662 *flagsp |= LDAP_BACK_F_CHASE_REFERRALS;
666 *flagsp &= ~LDAP_BACK_F_CHASE_REFERRALS;
670 Debug( LDAP_DEBUG_ANY,
671 "%s: line %d: \"chase-referrals {TRUE|false}\": unknown argument \"%s\".\n",
672 fname, lineno, argv[ 1 ] );
676 } else if ( strcasecmp( argv[ 0 ], "tls" ) == 0 ) {
677 unsigned *flagsp = mi->mi_ntargets ?
678 &mi->mi_targets[ mi->mi_ntargets - 1 ].mt_flags
682 Debug( LDAP_DEBUG_ANY,
683 "%s: line %d: \"tls <what>\" needs 1 argument.\n",
689 if ( strcasecmp( argv[ 1 ], "start" ) == 0 ) {
690 *flagsp |= ( LDAP_BACK_F_USE_TLS | LDAP_BACK_F_TLS_CRITICAL );
693 } else if ( strcasecmp( argv[ 1 ], "try-start" ) == 0 ) {
694 *flagsp &= ~LDAP_BACK_F_TLS_CRITICAL;
695 *flagsp |= LDAP_BACK_F_USE_TLS;
697 /* propagate start tls */
698 } else if ( strcasecmp( argv[ 1 ], "propagate" ) == 0 ) {
699 *flagsp |= ( LDAP_BACK_F_PROPAGATE_TLS | LDAP_BACK_F_TLS_CRITICAL );
702 } else if ( strcasecmp( argv[ 1 ], "try-propagate" ) == 0 ) {
703 *flagsp &= ~LDAP_BACK_F_TLS_CRITICAL;
704 *flagsp |= LDAP_BACK_F_PROPAGATE_TLS;
707 Debug( LDAP_DEBUG_ANY,
708 "%s: line %d: \"tls <what>\": unknown argument \"%s\".\n",
709 fname, lineno, argv[ 1 ] );
713 } else if ( strcasecmp( argv[ 0 ], "t-f-support" ) == 0 ) {
714 unsigned *flagsp = mi->mi_ntargets ?
715 &mi->mi_targets[ mi->mi_ntargets - 1 ].mt_flags
719 Debug( LDAP_DEBUG_ANY,
720 "%s: line %d: \"t-f-support {FALSE|true|discover}\" needs 1 argument.\n",
725 switch ( check_true_false( argv[ 1 ] ) ) {
727 *flagsp &= ~(LDAP_BACK_F_SUPPORT_T_F|LDAP_BACK_F_SUPPORT_T_F_DISCOVER);
731 *flagsp |= LDAP_BACK_F_SUPPORT_T_F;
735 if ( strcasecmp( argv[ 1 ], "discover" ) == 0 ) {
736 *flagsp |= LDAP_BACK_F_SUPPORT_T_F_DISCOVER;
739 Debug( LDAP_DEBUG_ANY,
740 "%s: line %d: unknown value \"%s\" for \"t-f-support {no|yes|discover}\".\n",
741 fname, lineno, argv[ 1 ] );
748 } else if ( strcasecmp( argv[ 0 ], "onerr" ) == 0 ) {
750 Debug( LDAP_DEBUG_ANY,
751 "%s: line %d: \"onerr {CONTINUE|stop}\" takes 1 argument\n",
756 if ( strcasecmp( argv[ 1 ], "continue" ) == 0 ) {
757 mi->mi_flags &= ~META_BACK_F_ONERR_STOP;
759 } else if ( strcasecmp( argv[ 1 ], "stop" ) == 0 ) {
760 mi->mi_flags |= META_BACK_F_ONERR_STOP;
763 Debug( LDAP_DEBUG_ANY,
764 "%s: line %d: \"onerr {CONTINUE|stop}\": invalid arg \"%s\".\n",
765 fname, lineno, argv[ 1 ] );
770 } else if ( strcasecmp( argv[ 0 ], "pseudoroot-bind-defer" ) == 0 ) {
772 Debug( LDAP_DEBUG_ANY,
773 "%s: line %d: \"pseudoroot-bind-defer {FALSE|true}\" takes 1 argument\n",
778 switch ( check_true_false( argv[ 1 ] ) ) {
780 mi->mi_flags &= ~META_BACK_F_DEFER_ROOTDN_BIND;
784 mi->mi_flags |= META_BACK_F_DEFER_ROOTDN_BIND;
788 Debug( LDAP_DEBUG_ANY,
789 "%s: line %d: \"pseudoroot-bind-defer {FALSE|true}\": invalid arg \"%s\".\n",
790 fname, lineno, argv[ 1 ] );
794 } else if ( strcasecmp( argv[ 0 ], "timeout" ) == 0 ) {
796 time_t *tv = mi->mi_ntargets ?
797 mi->mi_targets[ mi->mi_ntargets - 1 ].mt_timeout
802 Debug( LDAP_DEBUG_ANY,
803 "%s: line %d: \"timeout [{add|delete|modify|modrdn}=]<val> [...]\" takes at least 1 argument\n",
808 for ( c = 1; c < argc; c++ ) {
812 sep = strchr( argv[ c ], '=' );
814 size_t len = sep - argv[ c ];
816 if ( strncasecmp( argv[ c ], "add", len ) == 0 ) {
817 t = &tv[ LDAP_BACK_OP_ADD ];
818 } else if ( strncasecmp( argv[ c ], "delete", len ) == 0 ) {
819 t = &tv[ LDAP_BACK_OP_DELETE ];
820 } else if ( strncasecmp( argv[ c ], "modify", len ) == 0 ) {
821 t = &tv[ LDAP_BACK_OP_MODIFY ];
822 } else if ( strncasecmp( argv[ c ], "modrdn", len ) == 0 ) {
823 t = &tv[ LDAP_BACK_OP_MODRDN ];
825 char buf[ SLAP_TEXT_BUFLEN ];
826 snprintf( buf, sizeof( buf ),
827 "unknown operation \"%s\" for timeout #%d",
829 Debug( LDAP_DEBUG_ANY,
830 "%s: line %d: %s.\n",
831 fname, lineno, buf );
840 if ( lutil_parse_time( sep, &val ) != 0 ) {
841 Debug( LDAP_DEBUG_ANY,
842 "%s: line %d: unable to parse value \"%s\" for timeout.\n",
843 fname, lineno, sep );
853 for ( i = 0; i < LDAP_BACK_OP_LAST; i++ ) {
854 tv[ i ] = (time_t)val;
859 /* name to use as pseudo-root dn */
860 } else if ( strcasecmp( argv[ 0 ], "pseudorootdn" ) == 0 ) {
861 int i = mi->mi_ntargets - 1;
865 Debug( LDAP_DEBUG_ANY,
866 "%s: line %d: need \"uri\" directive first\n",
872 Debug( LDAP_DEBUG_ANY,
873 "%s: line %d: missing name in \"pseudorootdn <name>\" line\n",
878 dn.bv_val = argv[ 1 ];
879 dn.bv_len = strlen( argv[ 1 ] );
880 if ( dnNormalize( 0, NULL, NULL, &dn,
881 &mi->mi_targets[ i ].mt_pseudorootdn, NULL ) != LDAP_SUCCESS )
883 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
884 "pseudoroot DN '%s' is invalid\n",
885 fname, lineno, argv[ 1 ] );
889 /* password to use as pseudo-root */
890 } else if ( strcasecmp( argv[ 0 ], "pseudorootpw" ) == 0 ) {
891 int i = mi->mi_ntargets - 1;
894 Debug( LDAP_DEBUG_ANY,
895 "%s: line %d: need \"uri\" directive first\n",
901 Debug( LDAP_DEBUG_ANY,
902 "%s: line %d: missing password in \"pseudorootpw <password>\" line\n",
906 ber_str2bv( argv[ 1 ], 0L, 1, &mi->mi_targets[ i ].mt_pseudorootpw );
909 } else if ( strcasecmp( argv[ 0 ], "suffixmassage" ) == 0 ) {
911 int i = mi->mi_ntargets - 1, rc;
912 struct berval dn, nvnc, pvnc, nrnc, prnc;
915 Debug( LDAP_DEBUG_ANY,
916 "%s: line %d: need \"uri\" directive first\n",
924 * suffixmassage <suffix> <massaged suffix>
926 * the <suffix> field must be defined as a valid suffix
927 * (or suffixAlias?) for the current database;
928 * the <massaged suffix> shouldn't have already been
929 * defined as a valid suffix or suffixAlias for the
933 Debug( LDAP_DEBUG_ANY,
934 "%s: line %d: syntax is \"suffixMassage <suffix> <massaged suffix>\"\n",
939 ber_str2bv( argv[ 1 ], 0, 0, &dn );
940 if ( dnPrettyNormal( NULL, &dn, &pvnc, &nvnc, NULL ) != LDAP_SUCCESS ) {
941 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
942 "suffix '%s' is invalid\n",
943 fname, lineno, argv[ 1 ] );
947 tmp_be = select_backend( &nvnc, 0, 0 );
948 if ( tmp_be != NULL && tmp_be != be ) {
949 Debug( LDAP_DEBUG_ANY,
950 "%s: line %d: suffix already in use by another backend in"
951 " \"suffixMassage <suffix> <massaged suffix>\"\n",
958 ber_str2bv( argv[ 2 ], 0, 0, &dn );
959 if ( dnPrettyNormal( NULL, &dn, &prnc, &nrnc, NULL ) != LDAP_SUCCESS ) {
960 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
961 "massaged suffix '%s' is invalid\n",
962 fname, lineno, argv[ 2 ] );
969 tmp_be = select_backend( &nrnc, 0, 0 );
970 if ( tmp_be != NULL ) {
971 Debug( LDAP_DEBUG_ANY,
972 "%s: line %d: massaged suffix already in use by another backend in"
973 " \"suffixMassage <suffix> <massaged suffix>\"\n",
984 * The suffix massaging is emulated by means of the
985 * rewrite capabilities
986 * FIXME: no extra rewrite capabilities should be added
989 rc = suffix_massage_config( mi->mi_targets[ i ].mt_rwmap.rwm_rw,
990 &pvnc, &nvnc, &prnc, &nrnc );
999 /* rewrite stuff ... */
1000 } else if ( strncasecmp( argv[ 0 ], "rewrite", 7 ) == 0 ) {
1001 int i = mi->mi_ntargets - 1;
1004 Debug( LDAP_DEBUG_ANY, "%s: line %d: \"rewrite\" "
1005 "statement outside target definition.\n",
1010 return rewrite_parse( mi->mi_targets[ i ].mt_rwmap.rwm_rw,
1011 fname, lineno, argc, argv );
1013 /* objectclass/attribute mapping */
1014 } else if ( strcasecmp( argv[ 0 ], "map" ) == 0 ) {
1015 int i = mi->mi_ntargets - 1;
1018 Debug( LDAP_DEBUG_ANY,
1019 "%s: line %d: need \"uri\" directive first\n",
1024 return ldap_back_map_config( &mi->mi_targets[ i ].mt_rwmap.rwm_oc,
1025 &mi->mi_targets[ i ].mt_rwmap.rwm_at,
1026 fname, lineno, argc, argv );
1028 } else if ( strcasecmp( argv[ 0 ], "nretries" ) == 0 ) {
1029 int i = mi->mi_ntargets - 1;
1030 int nretries = META_RETRY_UNDEFINED;
1033 Debug( LDAP_DEBUG_ANY,
1034 "%s: line %d: need value in \"nretries <value>\"\n",
1039 if ( strcasecmp( argv[ 1 ], "forever" ) == 0 ) {
1040 nretries = META_RETRY_FOREVER;
1042 } else if ( strcasecmp( argv[ 1 ], "never" ) == 0 ) {
1043 nretries = META_RETRY_NEVER;
1046 if ( lutil_atoi( &nretries, argv[ 1 ] ) != 0 ) {
1047 Debug( LDAP_DEBUG_ANY,
1048 "%s: line %d: unable to parse value \"%s\" in \"nretries <value>\"\n",
1049 fname, lineno, argv[ 1 ] );
1055 mi->mi_nretries = nretries;
1058 mi->mi_targets[ i ].mt_nretries = nretries;
1063 return SLAP_CONF_UNKNOWN;
1069 ldap_back_map_config(
1070 struct ldapmap *oc_map,
1071 struct ldapmap *at_map,
1077 struct ldapmap *map;
1078 struct ldapmapping *mapping;
1082 if ( argc < 3 || argc > 4 ) {
1083 Debug( LDAP_DEBUG_ANY,
1084 "%s: line %d: syntax is \"map {objectclass | attribute} [<local> | *] {<foreign> | *}\"\n",
1089 if ( strcasecmp( argv[ 1 ], "objectclass" ) == 0 ) {
1093 } else if ( strcasecmp( argv[ 1 ], "attribute" ) == 0 ) {
1097 Debug( LDAP_DEBUG_ANY, "%s: line %d: syntax is "
1098 "\"map {objectclass | attribute} [<local> | *] "
1099 "{<foreign> | *}\"\n",
1104 if ( strcmp( argv[ 2 ], "*" ) == 0 ) {
1105 if ( argc < 4 || strcmp( argv[ 3 ], "*" ) == 0 ) {
1106 map->drop_missing = ( argc < 4 );
1109 src = dst = argv[ 3 ];
1111 } else if ( argc < 4 ) {
1117 dst = ( strcmp( argv[ 3 ], "*" ) == 0 ? src : argv[ 3 ] );
1120 if ( ( map == at_map )
1121 && ( strcasecmp( src, "objectclass" ) == 0
1122 || strcasecmp( dst, "objectclass" ) == 0 ) )
1124 Debug( LDAP_DEBUG_ANY,
1125 "%s: line %d: objectclass attribute cannot be mapped\n",
1129 mapping = (struct ldapmapping *)ch_calloc( 2,
1130 sizeof(struct ldapmapping) );
1131 if ( mapping == NULL ) {
1132 Debug( LDAP_DEBUG_ANY,
1133 "%s: line %d: out of memory\n",
1137 ber_str2bv( src, 0, 1, &mapping[ 0 ].src );
1138 ber_str2bv( dst, 0, 1, &mapping[ 0 ].dst );
1139 mapping[ 1 ].src = mapping[ 0 ].dst;
1140 mapping[ 1 ].dst = mapping[ 0 ].src;
1146 if ( src[ 0 ] != '\0' ) {
1147 if ( oc_bvfind( &mapping[ 0 ].src ) == NULL ) {
1148 Debug( LDAP_DEBUG_ANY,
1149 "%s: line %d: warning, source objectClass '%s' "
1150 "should be defined in schema\n",
1151 fname, lineno, src );
1154 * FIXME: this should become an err
1160 if ( oc_bvfind( &mapping[ 0 ].dst ) == NULL ) {
1161 Debug( LDAP_DEBUG_ANY,
1162 "%s: line %d: warning, destination objectClass '%s' "
1163 "is not defined in schema\n",
1164 fname, lineno, dst );
1168 const char *text = NULL;
1169 AttributeDescription *ad = NULL;
1171 if ( src[ 0 ] != '\0' ) {
1172 rc = slap_bv2ad( &mapping[ 0 ].src, &ad, &text );
1173 if ( rc != LDAP_SUCCESS ) {
1174 Debug( LDAP_DEBUG_ANY,
1175 "%s: line %d: warning, source attributeType '%s' "
1176 "should be defined in schema\n",
1177 fname, lineno, src );
1180 * FIXME: this should become an err
1183 * we create a fake "proxied" ad
1187 rc = slap_bv2undef_ad( &mapping[ 0 ].src,
1188 &ad, &text, SLAP_AD_PROXIED );
1189 if ( rc != LDAP_SUCCESS ) {
1190 char buf[ SLAP_TEXT_BUFLEN ];
1192 snprintf( buf, sizeof( buf ),
1193 "source attributeType \"%s\": %d (%s)",
1194 src, rc, text ? text : "" );
1195 Debug( LDAP_DEBUG_ANY,
1196 "%s: line %d: %s\n",
1197 fname, lineno, buf );
1205 rc = slap_bv2ad( &mapping[ 0 ].dst, &ad, &text );
1206 if ( rc != LDAP_SUCCESS ) {
1207 Debug( LDAP_DEBUG_ANY,
1208 "%s: line %d: warning, destination attributeType '%s' "
1209 "is not defined in schema\n",
1210 fname, lineno, dst );
1213 * we create a fake "proxied" ad
1217 rc = slap_bv2undef_ad( &mapping[ 0 ].dst,
1218 &ad, &text, SLAP_AD_PROXIED );
1219 if ( rc != LDAP_SUCCESS ) {
1220 char buf[ SLAP_TEXT_BUFLEN ];
1222 snprintf( buf, sizeof( buf ),
1223 "source attributeType \"%s\": %d (%s)\n",
1224 dst, rc, text ? text : "" );
1225 Debug( LDAP_DEBUG_ANY,
1226 "%s: line %d: %s\n",
1227 fname, lineno, buf );
1233 if ( (src[ 0 ] != '\0' && avl_find( map->map, (caddr_t)&mapping[ 0 ], mapping_cmp ) != NULL)
1234 || avl_find( map->remap, (caddr_t)&mapping[ 1 ], mapping_cmp ) != NULL)
1236 Debug( LDAP_DEBUG_ANY,
1237 "%s: line %d: duplicate mapping found.\n",
1242 if ( src[ 0 ] != '\0' ) {
1243 avl_insert( &map->map, (caddr_t)&mapping[ 0 ],
1244 mapping_cmp, mapping_dup );
1246 avl_insert( &map->remap, (caddr_t)&mapping[ 1 ],
1247 mapping_cmp, mapping_dup );
1253 ch_free( mapping[ 0 ].src.bv_val );
1254 ch_free( mapping[ 0 ].dst.bv_val );
1262 #ifdef ENABLE_REWRITE
1264 suffix_massage_regexize( const char *s )
1270 if ( s[ 0 ] == '\0' ) {
1271 return ch_strdup( "^(.+)$" );
1275 ( r = strchr( p, ',' ) ) != NULL;
1279 res = ch_calloc( sizeof( char ),
1281 + STRLENOF( "((.+),)?" )
1282 + STRLENOF( "[ ]?" ) * i
1283 + STRLENOF( "$" ) + 1 );
1285 ptr = lutil_strcopy( res, "((.+),)?" );
1287 ( r = strchr( p, ',' ) ) != NULL;
1289 ptr = lutil_strncopy( ptr, p, r - p + 1 );
1290 ptr = lutil_strcopy( ptr, "[ ]?" );
1292 if ( r[ 1 ] == ' ' ) {
1296 ptr = lutil_strcopy( ptr, p );
1305 suffix_massage_patternize( const char *s, const char *p )
1312 if ( s[ 0 ] == '\0' ) {
1316 res = ch_calloc( sizeof( char ), len + STRLENOF( "%1" ) + 1 );
1317 if ( res == NULL ) {
1321 ptr = lutil_strcopy( res, ( p[ 0 ] == '\0' ? "%2" : "%1" ) );
1322 if ( s[ 0 ] == '\0' ) {
1326 lutil_strcopy( ptr, p );
1332 suffix_massage_config(
1333 struct rewrite_info *info,
1334 struct berval *pvnc,
1335 struct berval *nvnc,
1336 struct berval *prnc,
1343 rargv[ 0 ] = "rewriteEngine";
1346 rewrite_parse( info, "<suffix massage>", ++line, 2, rargv );
1348 rargv[ 0 ] = "rewriteContext";
1349 rargv[ 1 ] = "default";
1351 rewrite_parse( info, "<suffix massage>", ++line, 2, rargv );
1353 rargv[ 0 ] = "rewriteRule";
1354 rargv[ 1 ] = suffix_massage_regexize( pvnc->bv_val );
1355 rargv[ 2 ] = suffix_massage_patternize( pvnc->bv_val, prnc->bv_val );
1358 rewrite_parse( info, "<suffix massage>", ++line, 4, rargv );
1359 ch_free( rargv[ 1 ] );
1360 ch_free( rargv[ 2 ] );
1362 if ( BER_BVISEMPTY( pvnc ) ) {
1363 rargv[ 0 ] = "rewriteRule";
1365 rargv[ 2 ] = prnc->bv_val;
1368 rewrite_parse( info, "<suffix massage>", ++line, 4, rargv );
1371 rargv[ 0 ] = "rewriteContext";
1372 rargv[ 1 ] = "searchEntryDN";
1374 rewrite_parse( info, "<suffix massage>", ++line, 2, rargv );
1376 rargv[ 0 ] = "rewriteRule";
1377 rargv[ 1 ] = suffix_massage_regexize( prnc->bv_val );
1378 rargv[ 2 ] = suffix_massage_patternize( prnc->bv_val, pvnc->bv_val );
1381 rewrite_parse( info, "<suffix massage>", ++line, 4, rargv );
1382 ch_free( rargv[ 1 ] );
1383 ch_free( rargv[ 2 ] );
1385 if ( BER_BVISEMPTY( prnc ) ) {
1386 rargv[ 0 ] = "rewriteRule";
1388 rargv[ 2 ] = pvnc->bv_val;
1391 rewrite_parse( info, "<suffix massage>", ++line, 4, rargv );
1394 /* backward compatibility */
1395 rargv[ 0 ] = "rewriteContext";
1396 rargv[ 1 ] = "searchResult";
1397 rargv[ 2 ] = "alias";
1398 rargv[ 3 ] = "searchEntryDN";
1400 rewrite_parse( info, "<suffix massage>", ++line, 4, rargv );
1402 rargv[ 0 ] = "rewriteContext";
1403 rargv[ 1 ] = "matchedDN";
1404 rargv[ 2 ] = "alias";
1405 rargv[ 3 ] = "searchEntryDN";
1407 rewrite_parse( info, "<suffix massage>", ++line, 4, rargv );
1409 rargv[ 0 ] = "rewriteContext";
1410 rargv[ 1 ] = "searchAttrDN";
1411 rargv[ 2 ] = "alias";
1412 rargv[ 3 ] = "searchEntryDN";
1414 rewrite_parse( info, "<suffix massage>", ++line, 4, rargv );
1416 /* NOTE: this corresponds to #undef'ining RWM_REFERRAL_REWRITE;
1417 * see servers/slapd/overlays/rwm.h for details */
1418 rargv[ 0 ] = "rewriteContext";
1419 rargv[ 1 ] = "referralAttrDN";
1421 rewrite_parse( info, "<suffix massage>", ++line, 2, rargv );
1423 rargv[ 0 ] = "rewriteContext";
1424 rargv[ 1 ] = "referralDN";
1426 rewrite_parse( info, "<suffix massage>", ++line, 2, rargv );
1430 #endif /* ENABLE_REWRITE */
projects / openldap / blob