1 /* map.c - ldap backend mapping routines */
3 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
5 * Copyright 1998-2005 The OpenLDAP Foundation.
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted only as authorized by the OpenLDAP
12 * A copy of this license is available in the file LICENSE in the
13 * top-level directory of the distribution or, alternatively, at
14 * <http://www.OpenLDAP.org/license.html>.
17 * This work was initially developed by the Howard Chu for inclusion
18 * in OpenLDAP Software and subsequently enhanced by Pierangelo
21 /* This is an altered version */
23 * Copyright 1999, Howard Chu, All rights reserved. <hyc@highlandsun.com>
25 * Permission is granted to anyone to use this software for any purpose
26 * on any computer system, and to alter it and redistribute it, subject
27 * to the following restrictions:
29 * 1. The author is not responsible for the consequences of use of this
30 * software, no matter how awful, even if they arise from flaws in it.
32 * 2. The origin of this software must not be misrepresented, either by
33 * explicit claim or by omission. Since few users ever read sources,
34 * credits should appear in the documentation.
36 * 3. Altered versions must be plainly marked as such, and must not be
37 * misrepresented as being the original software. Since few users
38 * ever read sources, credits should appear in the documentation.
40 * 4. This notice may not be removed or altered.
44 * Copyright 2000, Pierangelo Masarati, All rights reserved. <ando@sys-net.it>
46 * This software is being modified by Pierangelo Masarati.
47 * The previously reported conditions apply to the modified code as well.
48 * Changes in the original code are highlighted where required.
49 * Credits for the original code go to the author, Howard Chu.
56 #include <ac/string.h>
57 #include <ac/socket.h>
60 #include "../back-ldap/back-ldap.h"
61 #include "back-meta.h"
63 #undef ldap_debug /* silence a warning in ldap-int.h */
64 #include "../../../libraries/libldap/ldap-int.h"
67 mapping_cmp ( const void *c1, const void *c2 )
69 struct ldapmapping *map1 = (struct ldapmapping *)c1;
70 struct ldapmapping *map2 = (struct ldapmapping *)c2;
71 int rc = map1->src.bv_len - map2->src.bv_len;
73 return ( strcasecmp( map1->src.bv_val, map2->src.bv_val ) );
77 mapping_dup ( void *c1, void *c2 )
79 struct ldapmapping *map1 = (struct ldapmapping *)c1;
80 struct ldapmapping *map2 = (struct ldapmapping *)c2;
82 return ( ( strcasecmp( map1->src.bv_val, map2->src.bv_val ) == 0 ) ? -1 : 0 );
86 ldap_back_map_init ( struct ldapmap *lm, struct ldapmapping **m )
88 struct ldapmapping *mapping;
94 mapping = (struct ldapmapping *)ch_calloc( 2,
95 sizeof( struct ldapmapping ) );
96 if ( mapping == NULL ) {
100 ber_str2bv( "objectclass", sizeof("objectclass")-1, 1, &mapping->src);
101 ber_dupbv( &mapping->dst, &mapping->src );
102 mapping[1].src = mapping->src;
103 mapping[1].dst = mapping->dst;
105 avl_insert( &lm->map, (caddr_t)mapping,
106 mapping_cmp, mapping_dup );
107 avl_insert( &lm->remap, (caddr_t)&mapping[1],
108 mapping_cmp, mapping_dup );
113 ldap_back_mapping ( struct ldapmap *map, struct berval *s, struct ldapmapping **m,
117 struct ldapmapping fmapping;
121 if ( remap == BACKLDAP_REMAP ) {
128 *m = (struct ldapmapping *)avl_find( tree, (caddr_t)&fmapping, mapping_cmp );
130 return map->drop_missing;
137 ldap_back_map ( struct ldapmap *map, struct berval *s, struct berval *bv,
140 struct ldapmapping *mapping;
143 ( void )ldap_back_mapping( map, s, &mapping, remap );
144 if ( mapping != NULL ) {
145 if ( !BER_BVISNULL( &mapping->dst ) ) {
151 if ( !map->drop_missing ) {
158 struct ldapmap *at_map,
166 struct berval mapped;
169 *mapped_attrs = NULL;
173 for ( i = 0; !BER_BVISNULL( &an[i].an_name ); i++ )
176 na = (char **)ch_calloc( i + 1, sizeof(char *) );
178 *mapped_attrs = NULL;
179 return LDAP_NO_MEMORY;
182 for ( i = j = 0; !BER_BVISNULL( &an[i].an_name ); i++ ) {
183 ldap_back_map( at_map, &an[i].an_name, &mapped, remap );
184 if ( !BER_BVISNULL( &mapped ) && !BER_BVISEMPTY( &mapped ) ) {
185 na[j++] = mapped.bv_val;
188 if ( j == 0 && i != 0 ) {
189 na[j++] = LDAP_NO_ATTRS;
200 AttributeDescription *ad,
201 struct berval *mapped_attr,
202 struct berval *value,
203 struct berval *mapped_value,
209 ldap_back_map( &dc->target->mt_rwmap.rwm_at, &ad->ad_cname, mapped_attr, remap );
210 if ( BER_BVISNULL( mapped_attr ) || BER_BVISEMPTY( mapped_attr ) ) {
212 * FIXME: are we sure we need to search oc_map if at_map fails?
214 ldap_back_map( &dc->target->mt_rwmap.rwm_oc, &ad->ad_cname, mapped_attr, remap );
215 if ( BER_BVISNULL( mapped_attr ) || BER_BVISEMPTY( mapped_attr ) ) {
216 *mapped_attr = ad->ad_cname;
220 if ( value == NULL ) {
224 if ( ad->ad_type->sat_syntax == slap_schema.si_syn_distinguishedName )
228 #ifdef ENABLE_REWRITE
229 fdc.ctx = "searchFilterAttrDN";
232 switch ( ldap_back_dn_massage( &fdc, value, &vtmp ) ) {
234 if ( vtmp.bv_val != value->bv_val ) {
239 case LDAP_UNWILLING_TO_PERFORM:
246 } else if ( ad == slap_schema.si_ad_objectClass || ad == slap_schema.si_ad_structuralObjectClass ) {
247 ldap_back_map( &dc->target->mt_rwmap.rwm_oc, value, &vtmp, remap );
248 if ( BER_BVISNULL( &vtmp ) || BER_BVISEMPTY( &vtmp ) ) {
256 filter_escape_value( &vtmp, mapped_value );
259 ber_memfree( vtmp.bv_val );
266 ldap_back_int_filter_map_rewrite(
279 ber_str2bv( "No filter!", STRLENOF( "No filter!" ), 1, fstr );
283 switch ( f->f_choice ) {
284 case LDAP_FILTER_EQUALITY:
285 if ( map_attr_value( dc, f->f_av_desc, &atmp,
286 &f->f_av_value, &vtmp, remap ) )
291 fstr->bv_len = atmp.bv_len + vtmp.bv_len
292 + ( sizeof("(=)") - 1 );
293 fstr->bv_val = malloc( fstr->bv_len + 1 );
295 snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s=%s)",
296 atmp.bv_val, vtmp.bv_val );
298 ber_memfree( vtmp.bv_val );
302 if ( map_attr_value( dc, f->f_av_desc, &atmp,
303 &f->f_av_value, &vtmp, remap ) )
308 fstr->bv_len = atmp.bv_len + vtmp.bv_len
309 + ( sizeof("(>=)") - 1 );
310 fstr->bv_val = malloc( fstr->bv_len + 1 );
312 snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s>=%s)",
313 atmp.bv_val, vtmp.bv_val );
315 ber_memfree( vtmp.bv_val );
319 if ( map_attr_value( dc, f->f_av_desc, &atmp,
320 &f->f_av_value, &vtmp, remap ) )
325 fstr->bv_len = atmp.bv_len + vtmp.bv_len
326 + ( sizeof("(<=)") - 1 );
327 fstr->bv_val = malloc( fstr->bv_len + 1 );
329 snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s<=%s)",
330 atmp.bv_val, vtmp.bv_val );
332 ber_memfree( vtmp.bv_val );
335 case LDAP_FILTER_APPROX:
336 if ( map_attr_value( dc, f->f_av_desc, &atmp,
337 &f->f_av_value, &vtmp, remap ) )
342 fstr->bv_len = atmp.bv_len + vtmp.bv_len
343 + ( sizeof("(~=)") - 1 );
344 fstr->bv_val = malloc( fstr->bv_len + 1 );
346 snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s~=%s)",
347 atmp.bv_val, vtmp.bv_val );
349 ber_memfree( vtmp.bv_val );
352 case LDAP_FILTER_SUBSTRINGS:
353 if ( map_attr_value( dc, f->f_sub_desc, &atmp,
354 NULL, NULL, remap ) )
359 /* cannot be a DN ... */
361 fstr->bv_len = atmp.bv_len + ( STRLENOF( "(=*)" ) );
362 fstr->bv_val = malloc( fstr->bv_len + 128 ); /* FIXME: why 128 ? */
364 snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s=*)",
367 if ( !BER_BVISNULL( &f->f_sub_initial ) ) {
370 filter_escape_value( &f->f_sub_initial, &vtmp );
372 fstr->bv_len += vtmp.bv_len;
373 fstr->bv_val = ch_realloc( fstr->bv_val, fstr->bv_len + 1 );
375 snprintf( &fstr->bv_val[len - 2], vtmp.bv_len + 3,
376 /* "(attr=" */ "%s*)",
379 ber_memfree( vtmp.bv_val );
382 if ( f->f_sub_any != NULL ) {
383 for ( i = 0; !BER_BVISNULL( &f->f_sub_any[i] ); i++ ) {
385 filter_escape_value( &f->f_sub_any[i], &vtmp );
387 fstr->bv_len += vtmp.bv_len + 1;
388 fstr->bv_val = ch_realloc( fstr->bv_val, fstr->bv_len + 1 );
390 snprintf( &fstr->bv_val[len - 1], vtmp.bv_len + 3,
391 /* "(attr=[init]*[any*]" */ "%s*)",
393 ber_memfree( vtmp.bv_val );
397 if ( !BER_BVISNULL( &f->f_sub_final ) ) {
400 filter_escape_value( &f->f_sub_final, &vtmp );
402 fstr->bv_len += vtmp.bv_len;
403 fstr->bv_val = ch_realloc( fstr->bv_val, fstr->bv_len + 1 );
405 snprintf( &fstr->bv_val[len - 1], vtmp.bv_len + 3,
406 /* "(attr=[init*][any*]" */ "%s)",
409 ber_memfree( vtmp.bv_val );
414 case LDAP_FILTER_PRESENT:
415 if ( map_attr_value( dc, f->f_desc, &atmp,
416 NULL, NULL, remap ) )
421 fstr->bv_len = atmp.bv_len + ( STRLENOF( "(=*)" ) );
422 fstr->bv_val = malloc( fstr->bv_len + 1 );
424 snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s=*)",
428 case LDAP_FILTER_AND:
430 case LDAP_FILTER_NOT:
431 fstr->bv_len = STRLENOF( "(%)" );
432 fstr->bv_val = malloc( fstr->bv_len + 128 ); /* FIXME: why 128? */
434 snprintf( fstr->bv_val, fstr->bv_len + 1, "(%c)",
435 f->f_choice == LDAP_FILTER_AND ? '&' :
436 f->f_choice == LDAP_FILTER_OR ? '|' : '!' );
438 for ( p = f->f_list; p != NULL; p = p->f_next ) {
441 if ( ldap_back_int_filter_map_rewrite( dc, p, &vtmp, remap ) )
446 fstr->bv_len += vtmp.bv_len;
447 fstr->bv_val = ch_realloc( fstr->bv_val, fstr->bv_len + 1 );
449 snprintf( &fstr->bv_val[len-1], vtmp.bv_len + 2,
450 /*"("*/ "%s)", vtmp.bv_val );
452 ch_free( vtmp.bv_val );
457 case LDAP_FILTER_EXT:
458 if ( f->f_mr_desc ) {
459 if ( map_attr_value( dc, f->f_mr_desc, &atmp,
460 &f->f_mr_value, &vtmp, remap ) )
466 BER_BVSTR( &atmp, "" );
467 filter_escape_value( &f->f_mr_value, &vtmp );
470 /* FIXME: cleanup (less ?: operators...) */
471 fstr->bv_len = atmp.bv_len +
472 ( f->f_mr_dnattrs ? STRLENOF( ":dn" ) : 0 ) +
473 ( !BER_BVISEMPTY( &f->f_mr_rule_text ) ? f->f_mr_rule_text.bv_len + 1 : 0 ) +
474 vtmp.bv_len + ( STRLENOF( "(:=)" ) );
475 fstr->bv_val = malloc( fstr->bv_len + 1 );
477 snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s%s%s%s:=%s)",
479 f->f_mr_dnattrs ? ":dn" : "",
480 !BER_BVISEMPTY( &f->f_mr_rule_text ) ? ":" : "",
481 !BER_BVISEMPTY( &f->f_mr_rule_text ) ? f->f_mr_rule_text.bv_val : "",
483 ber_memfree( vtmp.bv_val );
486 case SLAPD_FILTER_COMPUTED: {
489 switch ( f->f_result ) {
490 case LDAP_COMPARE_FALSE:
491 if ( dc->target->mt_flags & LDAP_BACK_F_SUPPORT_T_F ) {
492 BER_BVSTR( &bv, "(|)" );
497 /* FIXME: treat UNDEFINED as FALSE */
498 case SLAPD_COMPARE_UNDEFINED:
499 /* better than nothing... */
500 BER_BVSTR( &bv, "(!(objectClass=*))" );
503 case LDAP_COMPARE_TRUE:
504 if ( dc->target->mt_flags & LDAP_BACK_F_SUPPORT_T_F ) {
505 BER_BVSTR( &bv, "(&)" );
509 /* better than nothing... */
510 BER_BVSTR( &bv, "(objectClass=*)" );
514 BER_BVSTR( &bv, "(?=error)" );
518 ber_dupbv( fstr, &bv );
522 ber_str2bv( "(?=unknown)", STRLENOF( "(?=unknown)" ), 1, fstr );
530 ldap_back_filter_map_rewrite(
539 static char *dmy = "";
541 rc = ldap_back_int_filter_map_rewrite( dc, f, fstr, remap );
543 #ifdef ENABLE_REWRITE
544 if ( rc != LDAP_SUCCESS ) {
551 fdc.ctx = "searchFilter";
553 switch ( rewrite_session( fdc.target->mt_rwmap.rwm_rw, fdc.ctx,
554 ( !BER_BVISEMPTY( &ftmp ) ? ftmp.bv_val : dmy ),
555 fdc.conn, &fstr->bv_val ) )
557 case REWRITE_REGEXEC_OK:
558 if ( !BER_BVISNULL( fstr ) ) {
559 fstr->bv_len = strlen( fstr->bv_val );
564 Debug( LDAP_DEBUG_ARGS,
565 "[rw] %s: \"%s\" -> \"%s\"\n",
566 fdc.ctx, BER_BVISNULL( &ftmp ) ? "" : ftmp.bv_val,
567 BER_BVISNULL( fstr ) ? "" : fstr->bv_val );
571 case REWRITE_REGEXEC_UNWILLING:
573 fdc.rs->sr_err = LDAP_UNWILLING_TO_PERFORM;
574 fdc.rs->sr_text = "Operation not allowed";
576 rc = LDAP_UNWILLING_TO_PERFORM;
579 case REWRITE_REGEXEC_ERR:
581 fdc.rs->sr_err = LDAP_OTHER;
582 fdc.rs->sr_text = "Rewrite error";
588 if ( fstr->bv_val == dmy ) {
591 #endif /* ENABLE_REWRITE */
597 ldap_back_referral_result_rewrite(
604 assert( dc != NULL );
605 assert( a_vals != NULL );
607 for ( last = 0; !BER_BVISNULL( &a_vals[ last ] ); last++ )
611 for ( i = 0; !BER_BVISNULL( &a_vals[ i ] ); i++ ) {
617 rc = ldap_url_parse( a_vals[ i ].bv_val, &ludp );
618 if ( rc != LDAP_URL_SUCCESS ) {
619 /* leave attr untouched if massage failed */
623 /* FIXME: URLs like "ldap:///dc=suffix" if passed
624 * thru ldap_url_parse() and ldap_url_desc2str()
625 * get rewritten as "ldap:///dc=suffix??base";
626 * we don't want this to occur... */
627 if ( ludp->lud_scope == LDAP_SCOPE_BASE ) {
628 ludp->lud_scope = LDAP_SCOPE_DEFAULT;
631 ber_str2bv( ludp->lud_dn, 0, 0, &olddn );
633 rc = ldap_back_dn_massage( dc, &olddn, &dn );
635 case LDAP_UNWILLING_TO_PERFORM:
637 * FIXME: need to check if it may be considered
638 * legal to trim values when adding/modifying;
639 * it should be when searching (e.g. ACLs).
641 LBER_FREE( a_vals[ i ].bv_val );
643 a_vals[ i ] = a_vals[ last ];
645 BER_BVZERO( &a_vals[ last ] );
651 /* leave attr untouched if massage failed */
652 if ( !BER_BVISNULL( &dn ) && olddn.bv_val != dn.bv_val )
656 ludp->lud_dn = dn.bv_val;
657 newurl = ldap_url_desc2str( ludp );
658 if ( newurl == NULL ) {
659 /* FIXME: leave attr untouched
660 * even if ldap_url_desc2str failed...
665 LBER_FREE( a_vals[ i ].bv_val );
666 ber_str2bv( newurl, 0, 1, &a_vals[ i ] );
668 ludp->lud_dn = olddn.bv_val;
673 ldap_free_urldesc( ludp );
680 * I don't like this much, but we need two different
681 * functions because different heap managers may be
682 * in use in back-ldap/meta to reduce the amount of
683 * calls to malloc routines, and some of the free()
684 * routines may be macros with args
695 assert( a_vals != NULL );
697 for ( last = 0; !BER_BVISNULL( &a_vals[last] ); last++ )
701 for ( i = 0; !BER_BVISNULL( &a_vals[i] ); i++ ) {
702 switch ( ldap_back_dn_massage( dc, &a_vals[i], &bv ) ) {
703 case LDAP_UNWILLING_TO_PERFORM:
705 * FIXME: need to check if it may be considered
706 * legal to trim values when adding/modifying;
707 * it should be when searching (e.g. ACLs).
709 ch_free( a_vals[i].bv_val );
711 a_vals[i] = a_vals[last];
713 BER_BVZERO( &a_vals[last] );
718 /* leave attr untouched if massage failed */
719 if ( !BER_BVISNULL( &bv ) && bv.bv_val != a_vals[i].bv_val ) {
720 ch_free( a_vals[i].bv_val );
731 ldap_dnattr_result_rewrite(
739 assert( a_vals != NULL );
741 for ( last = 0; !BER_BVISNULL( &a_vals[last] ); last++ )
745 for ( i = 0; !BER_BVISNULL( &a_vals[i] ); i++ ) {
746 switch ( ldap_back_dn_massage( dc, &a_vals[i], &bv ) ) {
747 case LDAP_UNWILLING_TO_PERFORM:
749 * FIXME: need to check if it may be considered
750 * legal to trim values when adding/modifying;
751 * it should be when searching (e.g. ACLs).
753 LBER_FREE( a_vals[i].bv_val );
755 a_vals[i] = a_vals[last];
757 BER_BVZERO( &a_vals[last] );
762 /* leave attr untouched if massage failed */
763 if ( !BER_BVISNULL( &bv ) && a_vals[i].bv_val != bv.bv_val ) {
764 LBER_FREE( a_vals[i].bv_val );
projects / openldap / blob