1 /* map.c - ldap backend mapping routines */
3 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
5 * Copyright 1998-2005 The OpenLDAP Foundation.
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted only as authorized by the OpenLDAP
12 * A copy of this license is available in the file LICENSE in the
13 * top-level directory of the distribution or, alternatively, at
14 * <http://www.OpenLDAP.org/license.html>.
17 * This work was initially developed by the Howard Chu for inclusion
18 * in OpenLDAP Software and subsequently enhanced by Pierangelo
21 /* This is an altered version */
23 * Copyright 1999, Howard Chu, All rights reserved. <hyc@highlandsun.com>
25 * Permission is granted to anyone to use this software for any purpose
26 * on any computer system, and to alter it and redistribute it, subject
27 * to the following restrictions:
29 * 1. The author is not responsible for the consequences of use of this
30 * software, no matter how awful, even if they arise from flaws in it.
32 * 2. The origin of this software must not be misrepresented, either by
33 * explicit claim or by omission. Since few users ever read sources,
34 * credits should appear in the documentation.
36 * 3. Altered versions must be plainly marked as such, and must not be
37 * misrepresented as being the original software. Since few users
38 * ever read sources, credits should appear in the documentation.
40 * 4. This notice may not be removed or altered.
44 * Copyright 2000, Pierangelo Masarati, All rights reserved. <ando@sys-net.it>
46 * This software is being modified by Pierangelo Masarati.
47 * The previously reported conditions apply to the modified code as well.
48 * Changes in the original code are highlighted where required.
49 * Credits for the original code go to the author, Howard Chu.
56 #include <ac/string.h>
57 #include <ac/socket.h>
60 #include "../back-ldap/back-ldap.h"
61 #include "back-meta.h"
63 #undef ldap_debug /* silence a warning in ldap-int.h */
64 #include "../../../libraries/libldap/ldap-int.h"
67 mapping_cmp ( const void *c1, const void *c2 )
69 struct ldapmapping *map1 = (struct ldapmapping *)c1;
70 struct ldapmapping *map2 = (struct ldapmapping *)c2;
71 int rc = map1->src.bv_len - map2->src.bv_len;
73 return ( strcasecmp( map1->src.bv_val, map2->src.bv_val ) );
77 mapping_dup ( void *c1, void *c2 )
79 struct ldapmapping *map1 = (struct ldapmapping *)c1;
80 struct ldapmapping *map2 = (struct ldapmapping *)c2;
82 return ( ( strcasecmp( map1->src.bv_val, map2->src.bv_val ) == 0 ) ? -1 : 0 );
86 ldap_back_map_init ( struct ldapmap *lm, struct ldapmapping **m )
88 struct ldapmapping *mapping;
94 mapping = (struct ldapmapping *)ch_calloc( 2,
95 sizeof( struct ldapmapping ) );
96 if ( mapping == NULL ) {
100 ber_str2bv( "objectclass", sizeof("objectclass")-1, 1, &mapping->src);
101 ber_dupbv( &mapping->dst, &mapping->src );
102 mapping[1].src = mapping->src;
103 mapping[1].dst = mapping->dst;
105 avl_insert( &lm->map, (caddr_t)mapping,
106 mapping_cmp, mapping_dup );
107 avl_insert( &lm->remap, (caddr_t)&mapping[1],
108 mapping_cmp, mapping_dup );
113 ldap_back_map ( struct ldapmap *map, struct berval *s, struct berval *bv,
117 struct ldapmapping *mapping, fmapping;
119 if ( remap == BACKLDAP_REMAP ) {
127 mapping = (struct ldapmapping *)avl_find( tree, (caddr_t)&fmapping, mapping_cmp );
128 if ( mapping != NULL ) {
129 if ( !BER_BVISNULL( &mapping->dst ) ) {
135 if ( !map->drop_missing ) {
144 struct ldapmap *at_map,
152 struct berval mapped;
155 *mapped_attrs = NULL;
159 for ( i = 0; !BER_BVISNULL( &an[i].an_name ); i++ )
162 na = (char **)ch_calloc( i + 1, sizeof(char *) );
164 *mapped_attrs = NULL;
165 return LDAP_NO_MEMORY;
168 for ( i = j = 0; !BER_BVISNULL( &an[i].an_name ); i++ ) {
169 ldap_back_map( at_map, &an[i].an_name, &mapped, remap );
170 if ( !BER_BVISNULL( &mapped ) && !BER_BVISEMPTY( &mapped ) ) {
171 na[j++] = mapped.bv_val;
174 if ( j == 0 && i != 0 ) {
175 na[j++] = LDAP_NO_ATTRS;
186 AttributeDescription *ad,
187 struct berval *mapped_attr,
188 struct berval *value,
189 struct berval *mapped_value,
195 ldap_back_map( &dc->rwmap->rwm_at, &ad->ad_cname, mapped_attr, remap );
196 if ( BER_BVISNULL( mapped_attr ) || BER_BVISEMPTY( mapped_attr ) ) {
198 * FIXME: are we sure we need to search oc_map if at_map fails?
200 ldap_back_map( &dc->rwmap->rwm_oc, &ad->ad_cname, mapped_attr, remap );
201 if ( BER_BVISNULL( mapped_attr ) || BER_BVISEMPTY( mapped_attr ) ) {
202 *mapped_attr = ad->ad_cname;
206 if ( value == NULL ) {
210 if ( ad->ad_type->sat_syntax == slap_schema.si_syn_distinguishedName )
214 #ifdef ENABLE_REWRITE
215 fdc.ctx = "searchFilterAttrDN";
218 switch ( ldap_back_dn_massage( &fdc, value, &vtmp ) ) {
220 if ( vtmp.bv_val != value->bv_val ) {
225 case LDAP_UNWILLING_TO_PERFORM:
232 } else if ( ad == slap_schema.si_ad_objectClass || ad == slap_schema.si_ad_structuralObjectClass ) {
233 ldap_back_map( &dc->rwmap->rwm_oc, value, &vtmp, remap );
234 if ( BER_BVISNULL( &vtmp ) || BER_BVISEMPTY( &vtmp ) ) {
242 filter_escape_value( &vtmp, mapped_value );
245 ber_memfree( vtmp.bv_val );
252 ldap_back_int_filter_map_rewrite(
265 ber_str2bv( "No filter!", sizeof("No filter!")-1, 1, fstr );
269 switch ( f->f_choice ) {
270 case LDAP_FILTER_EQUALITY:
271 if ( map_attr_value( dc, f->f_av_desc, &atmp,
272 &f->f_av_value, &vtmp, remap ) )
277 fstr->bv_len = atmp.bv_len + vtmp.bv_len
278 + ( sizeof("(=)") - 1 );
279 fstr->bv_val = malloc( fstr->bv_len + 1 );
281 snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s=%s)",
282 atmp.bv_val, vtmp.bv_val );
284 ber_memfree( vtmp.bv_val );
288 if ( map_attr_value( dc, f->f_av_desc, &atmp,
289 &f->f_av_value, &vtmp, remap ) )
294 fstr->bv_len = atmp.bv_len + vtmp.bv_len
295 + ( sizeof("(>=)") - 1 );
296 fstr->bv_val = malloc( fstr->bv_len + 1 );
298 snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s>=%s)",
299 atmp.bv_val, vtmp.bv_val );
301 ber_memfree( vtmp.bv_val );
305 if ( map_attr_value( dc, f->f_av_desc, &atmp,
306 &f->f_av_value, &vtmp, remap ) )
311 fstr->bv_len = atmp.bv_len + vtmp.bv_len
312 + ( sizeof("(<=)") - 1 );
313 fstr->bv_val = malloc( fstr->bv_len + 1 );
315 snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s<=%s)",
316 atmp.bv_val, vtmp.bv_val );
318 ber_memfree( vtmp.bv_val );
321 case LDAP_FILTER_APPROX:
322 if ( map_attr_value( dc, f->f_av_desc, &atmp,
323 &f->f_av_value, &vtmp, remap ) )
328 fstr->bv_len = atmp.bv_len + vtmp.bv_len
329 + ( sizeof("(~=)") - 1 );
330 fstr->bv_val = malloc( fstr->bv_len + 1 );
332 snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s~=%s)",
333 atmp.bv_val, vtmp.bv_val );
335 ber_memfree( vtmp.bv_val );
338 case LDAP_FILTER_SUBSTRINGS:
339 if ( map_attr_value( dc, f->f_sub_desc, &atmp,
340 NULL, NULL, remap ) )
345 /* cannot be a DN ... */
347 fstr->bv_len = atmp.bv_len + ( STRLENOF( "(=*)" ) );
348 fstr->bv_val = malloc( fstr->bv_len + 128 ); /* FIXME: why 128 ? */
350 snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s=*)",
353 if ( !BER_BVISNULL( &f->f_sub_initial ) ) {
356 filter_escape_value( &f->f_sub_initial, &vtmp );
358 fstr->bv_len += vtmp.bv_len;
359 fstr->bv_val = ch_realloc( fstr->bv_val, fstr->bv_len + 1 );
361 snprintf( &fstr->bv_val[len - 2], vtmp.bv_len + 3,
362 /* "(attr=" */ "%s*)",
365 ber_memfree( vtmp.bv_val );
368 if ( f->f_sub_any != NULL ) {
369 for ( i = 0; !BER_BVISNULL( &f->f_sub_any[i] ); i++ ) {
371 filter_escape_value( &f->f_sub_any[i], &vtmp );
373 fstr->bv_len += vtmp.bv_len + 1;
374 fstr->bv_val = ch_realloc( fstr->bv_val, fstr->bv_len + 1 );
376 snprintf( &fstr->bv_val[len - 1], vtmp.bv_len + 3,
377 /* "(attr=[init]*[any*]" */ "%s*)",
379 ber_memfree( vtmp.bv_val );
383 if ( !BER_BVISNULL( &f->f_sub_final ) ) {
386 filter_escape_value( &f->f_sub_final, &vtmp );
388 fstr->bv_len += vtmp.bv_len;
389 fstr->bv_val = ch_realloc( fstr->bv_val, fstr->bv_len + 1 );
391 snprintf( &fstr->bv_val[len - 1], vtmp.bv_len + 3,
392 /* "(attr=[init*][any*]" */ "%s)",
395 ber_memfree( vtmp.bv_val );
400 case LDAP_FILTER_PRESENT:
401 if ( map_attr_value( dc, f->f_desc, &atmp,
402 NULL, NULL, remap ) )
407 fstr->bv_len = atmp.bv_len + ( STRLENOF( "(=*)" ) );
408 fstr->bv_val = malloc( fstr->bv_len + 1 );
410 snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s=*)",
414 case LDAP_FILTER_AND:
416 case LDAP_FILTER_NOT:
417 fstr->bv_len = STRLENOF( "(%)" );
418 fstr->bv_val = malloc( fstr->bv_len + 128 ); /* FIXME: why 128? */
420 snprintf( fstr->bv_val, fstr->bv_len + 1, "(%c)",
421 f->f_choice == LDAP_FILTER_AND ? '&' :
422 f->f_choice == LDAP_FILTER_OR ? '|' : '!' );
424 for ( p = f->f_list; p != NULL; p = p->f_next ) {
427 if ( ldap_back_int_filter_map_rewrite( dc, p, &vtmp, remap ) )
432 fstr->bv_len += vtmp.bv_len;
433 fstr->bv_val = ch_realloc( fstr->bv_val, fstr->bv_len + 1 );
435 snprintf( &fstr->bv_val[len-1], vtmp.bv_len + 2,
436 /*"("*/ "%s)", vtmp.bv_val );
438 ch_free( vtmp.bv_val );
443 case LDAP_FILTER_EXT: {
444 if ( f->f_mr_desc ) {
445 if ( map_attr_value( dc, f->f_mr_desc, &atmp,
446 &f->f_mr_value, &vtmp, remap ) )
452 BER_BVSTR( &atmp, "" );
453 filter_escape_value( &f->f_mr_value, &vtmp );
456 /* FIXME: cleanup (less ?: operators...) */
457 fstr->bv_len = atmp.bv_len +
458 ( f->f_mr_dnattrs ? STRLENOF( ":dn" ) : 0 ) +
459 ( !BER_BVISEMPTY( &f->f_mr_rule_text ) ? f->f_mr_rule_text.bv_len + 1 : 0 ) +
460 vtmp.bv_len + ( STRLENOF( "(:=)" ) );
461 fstr->bv_val = malloc( fstr->bv_len + 1 );
463 snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s%s%s%s:=%s)",
465 f->f_mr_dnattrs ? ":dn" : "",
466 !BER_BVISEMPTY( &f->f_mr_rule_text ) ? ":" : "",
467 !BER_BVISEMPTY( &f->f_mr_rule_text ) ? f->f_mr_rule_text.bv_val : "",
469 ber_memfree( vtmp.bv_val );
472 case SLAPD_FILTER_COMPUTED:
473 switch ( f->f_result ) {
474 case LDAP_COMPARE_FALSE:
475 ber_str2bv( "(?=false)", STRLENOF( "(?=false)" ), 1, fstr );
477 case LDAP_COMPARE_TRUE:
478 ber_str2bv( "(?=true)", STRLENOF( "(?=true)" ), 1, fstr );
480 case SLAPD_COMPARE_UNDEFINED:
481 ber_str2bv( "(?=undefined)", STRLENOF( "(?=undefined)" ), 1, fstr );
484 ber_str2bv( "(?=error)", STRLENOF( "(?=error)" ), 1, fstr );
490 ber_str2bv( "(?=unknown)", STRLENOF( "(?=unknown)" ), 1, fstr );
498 ldap_back_filter_map_rewrite(
508 rc = ldap_back_int_filter_map_rewrite( dc, f, fstr, remap );
510 #ifdef ENABLE_REWRITE
511 if ( rc != LDAP_SUCCESS ) {
518 fdc.ctx = "searchFilter";
520 switch ( rewrite_session( fdc.rwmap->rwm_rw, fdc.ctx,
521 ( !BER_BVISEMPTY( &ftmp ) ? ftmp.bv_val : "" ),
522 fdc.conn, &fstr->bv_val ) )
524 case REWRITE_REGEXEC_OK:
525 if ( !BER_BVISNULL( fstr ) ) {
526 fstr->bv_len = strlen( fstr->bv_val );
531 Debug( LDAP_DEBUG_ARGS,
532 "[rw] %s: \"%s\" -> \"%s\"\n",
533 fdc.ctx, ftmp.bv_val, fstr->bv_val );
537 case REWRITE_REGEXEC_UNWILLING:
539 fdc.rs->sr_err = LDAP_UNWILLING_TO_PERFORM;
540 fdc.rs->sr_text = "Operation not allowed";
542 rc = LDAP_UNWILLING_TO_PERFORM;
545 case REWRITE_REGEXEC_ERR:
547 fdc.rs->sr_err = LDAP_OTHER;
548 fdc.rs->sr_text = "Rewrite error";
553 #endif /* ENABLE_REWRITE */
559 ldap_back_referral_result_rewrite(
569 for ( last = 0; !BER_BVISNULL( &a_vals[ last ] ); last++ )
573 for ( i = 0; !BER_BVISNULL( &a_vals[ i ] ); i++ ) {
574 struct berval dn, olddn;
578 rc = ldap_url_parse( a_vals[ i ].bv_val, &ludp );
579 if ( rc != LDAP_URL_SUCCESS ) {
580 /* leave attr untouched if massage failed */
584 /* FIXME: URLs like "ldap:///dc=suffix" if passed
585 * thru ldap_url_parse() and ldap_url_desc2str()
586 * get rewritten as "ldap:///dc=suffix??base";
587 * we don't want this to occur... */
588 if ( ludp->lud_scope == LDAP_SCOPE_BASE ) {
589 ludp->lud_scope = LDAP_SCOPE_DEFAULT;
592 ber_str2bv( ludp->lud_dn, 0, 0, &olddn );
594 rc = ldap_back_dn_massage( dc, &olddn, &dn );
596 case LDAP_UNWILLING_TO_PERFORM:
598 * FIXME: need to check if it may be considered
599 * legal to trim values when adding/modifying;
600 * it should be when searching (e.g. ACLs).
602 LBER_FREE( a_vals[ i ].bv_val );
604 a_vals[ i ] = a_vals[ last ];
606 BER_BVZERO( &a_vals[ last ] );
612 /* leave attr untouched if massage failed */
613 if ( !BER_BVISNULL( &dn ) && olddn.bv_val != dn.bv_val )
617 ludp->lud_dn = dn.bv_val;
618 newurl = ldap_url_desc2str( ludp );
619 if ( newurl == NULL ) {
620 /* FIXME: leave attr untouched
621 * even if ldap_url_desc2str failed...
626 LBER_FREE( a_vals[ i ].bv_val );
627 ber_str2bv( newurl, 0, 1, &a_vals[ i ] );
629 ludp->lud_dn = olddn.bv_val;
634 ldap_free_urldesc( ludp );
641 * I don't like this much, but we need two different
642 * functions because different heap managers may be
643 * in use in back-ldap/meta to reduce the amount of
644 * calls to malloc routines, and some of the free()
645 * routines may be macros with args
656 assert( a_vals != NULL );
658 for ( last = 0; !BER_BVISNULL( &a_vals[last] ); last++ )
662 for ( i = 0; !BER_BVISNULL( &a_vals[i] ); i++ ) {
663 switch ( ldap_back_dn_massage( dc, &a_vals[i], &bv ) ) {
664 case LDAP_UNWILLING_TO_PERFORM:
666 * FIXME: need to check if it may be considered
667 * legal to trim values when adding/modifying;
668 * it should be when searching (e.g. ACLs).
670 ch_free( a_vals[i].bv_val );
672 a_vals[i] = a_vals[last];
674 BER_BVZERO( &a_vals[last] );
679 /* leave attr untouched if massage failed */
680 if ( !BER_BVISNULL( &bv ) && bv.bv_val != a_vals[i].bv_val ) {
681 ch_free( a_vals[i].bv_val );
692 ldap_dnattr_result_rewrite(
700 assert( a_vals != NULL );
702 for ( last = 0; !BER_BVISNULL( &a_vals[last] ); last++ )
706 for ( i = 0; !BER_BVISNULL( &a_vals[i] ); i++ ) {
707 switch ( ldap_back_dn_massage( dc, &a_vals[i], &bv ) ) {
708 case LDAP_UNWILLING_TO_PERFORM:
710 * FIXME: need to check if it may be considered
711 * legal to trim values when adding/modifying;
712 * it should be when searching (e.g. ACLs).
714 LBER_FREE( a_vals[i].bv_val );
716 a_vals[i] = a_vals[last];
718 BER_BVZERO( &a_vals[last] );
723 /* leave attr untouched if massage failed */
724 if ( !BER_BVISNULL( &bv ) && a_vals[i].bv_val != bv.bv_val ) {
725 LBER_FREE( a_vals[i].bv_val );