1 /* map.c - ldap backend mapping routines */
3 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
5 * Copyright 1998-2003 The OpenLDAP Foundation.
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted only as authorized by the OpenLDAP
12 * A copy of this license is available in the file LICENSE in the
13 * top-level directory of the distribution or, alternatively, at
14 * <http://www.OpenLDAP.org/license.html>.
17 * This work was initially developed by the Howard Chu for inclusion
18 * in OpenLDAP Software and subsequently enhanced by Pierangelo
21 /* This is an altered version */
23 * Copyright 1999, Howard Chu, All rights reserved. <hyc@highlandsun.com>
25 * Permission is granted to anyone to use this software for any purpose
26 * on any computer system, and to alter it and redistribute it, subject
27 * to the following restrictions:
29 * 1. The author is not responsible for the consequences of use of this
30 * software, no matter how awful, even if they arise from flaws in it.
32 * 2. The origin of this software must not be misrepresented, either by
33 * explicit claim or by omission. Since few users ever read sources,
34 * credits should appear in the documentation.
36 * 3. Altered versions must be plainly marked as such, and must not be
37 * misrepresented as being the original software. Since few users
38 * ever read sources, credits should appear in the documentation.
40 * 4. This notice may not be removed or altered.
44 * Copyright 2000, Pierangelo Masarati, All rights reserved. <ando@sys-net.it>
46 * This software is being modified by Pierangelo Masarati.
47 * The previously reported conditions apply to the modified code as well.
48 * Changes in the original code are highlighted where required.
49 * Credits for the original code go to the author, Howard Chu.
56 #include <ac/string.h>
57 #include <ac/socket.h>
60 #include "../back-ldap/back-ldap.h"
61 #include "back-meta.h"
63 #undef ldap_debug /* silence a warning in ldap-int.h */
64 #include "../../../libraries/libldap/ldap-int.h"
67 mapping_cmp ( const void *c1, const void *c2 )
69 struct ldapmapping *map1 = (struct ldapmapping *)c1;
70 struct ldapmapping *map2 = (struct ldapmapping *)c2;
71 int rc = map1->src.bv_len - map2->src.bv_len;
73 return ( strcasecmp(map1->src.bv_val, map2->src.bv_val) );
77 mapping_dup ( void *c1, void *c2 )
79 struct ldapmapping *map1 = (struct ldapmapping *)c1;
80 struct ldapmapping *map2 = (struct ldapmapping *)c2;
82 return( ( strcasecmp(map1->src.bv_val, map2->src.bv_val) == 0 ) ? -1 : 0 );
86 ldap_back_map_init ( struct ldapmap *lm, struct ldapmapping **m )
88 struct ldapmapping *mapping;
94 mapping = (struct ldapmapping *)ch_calloc( 2,
95 sizeof( struct ldapmapping ) );
96 if ( mapping == NULL ) {
100 ber_str2bv( "objectclass", sizeof("objectclass")-1, 1, &mapping->src);
101 ber_dupbv( &mapping->dst, &mapping->src );
102 mapping[1].src = mapping->src;
103 mapping[1].dst = mapping->dst;
105 avl_insert( &lm->map, (caddr_t)mapping,
106 mapping_cmp, mapping_dup );
107 avl_insert( &lm->remap, (caddr_t)&mapping[1],
108 mapping_cmp, mapping_dup );
113 ldap_back_map ( struct ldapmap *map, struct berval *s, struct berval *bv,
117 struct ldapmapping *mapping, fmapping;
119 if (remap == BACKLDAP_REMAP)
127 mapping = (struct ldapmapping *)avl_find( tree, (caddr_t)&fmapping, mapping_cmp );
128 if (mapping != NULL) {
129 if ( mapping->dst.bv_val )
134 if (!map->drop_missing)
142 struct ldapmap *at_map,
150 struct berval mapped;
153 *mapped_attrs = NULL;
157 for (i = 0; an[i].an_name.bv_val; i++) {
161 na = (char **)ch_calloc( i + 1, sizeof(char *) );
163 *mapped_attrs = NULL;
164 return LDAP_NO_MEMORY;
167 for (i = j = 0; an[i].an_name.bv_val; i++) {
168 ldap_back_map(at_map, &an[i].an_name, &mapped, remap);
169 if (mapped.bv_val != NULL && mapped.bv_val != '\0')
170 na[j++] = mapped.bv_val;
172 if (j == 0 && i != 0)
173 na[j++] = LDAP_NO_ATTRS;
183 AttributeDescription *ad,
184 struct berval *mapped_attr,
185 struct berval *value,
186 struct berval *mapped_value,
192 ldap_back_map( &dc->rwmap->rwm_at, &ad->ad_cname, mapped_attr, remap );
193 if ( mapped_attr->bv_val == NULL || mapped_attr->bv_val[0] == '\0') {
195 * FIXME: are we sure we need to search oc_map if at_map fails?
197 ldap_back_map( &dc->rwmap->rwm_oc, &ad->ad_cname, mapped_attr, remap );
198 if ( mapped_attr->bv_val == NULL || mapped_attr->bv_val[0] == '\0' ) {
199 *mapped_attr = ad->ad_cname;
203 if ( value == NULL ) {
207 if ( ad->ad_type->sat_syntax == slap_schema.si_syn_distinguishedName )
211 #ifdef ENABLE_REWRITE
212 fdc.ctx = "searchFilterAttrDN";
215 switch ( ldap_back_dn_massage( &fdc, value, &vtmp ) ) {
217 if ( vtmp.bv_val != value->bv_val ) {
222 case LDAP_UNWILLING_TO_PERFORM:
229 } else if ( ad == slap_schema.si_ad_objectClass || ad == slap_schema.si_ad_structuralObjectClass ) {
230 ldap_back_map( &dc->rwmap->rwm_oc, value, &vtmp, remap );
231 if ( vtmp.bv_val == NULL || vtmp.bv_val[0] == '\0' ) {
239 filter_escape_value( &vtmp, mapped_value );
242 ber_memfree( vtmp.bv_val );
249 ldap_back_int_filter_map_rewrite(
262 ber_str2bv( "No filter!", sizeof("No filter!")-1, 1, fstr );
266 switch ( f->f_choice ) {
267 case LDAP_FILTER_EQUALITY:
268 if ( map_attr_value( dc, f->f_av_desc, &atmp,
269 &f->f_av_value, &vtmp, remap ) )
274 fstr->bv_len = atmp.bv_len + vtmp.bv_len
275 + ( sizeof("(=)") - 1 );
276 fstr->bv_val = malloc( fstr->bv_len + 1 );
278 snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s=%s)",
279 atmp.bv_val, vtmp.bv_val );
281 ber_memfree( vtmp.bv_val );
285 if ( map_attr_value( dc, f->f_av_desc, &atmp,
286 &f->f_av_value, &vtmp, remap ) )
291 fstr->bv_len = atmp.bv_len + vtmp.bv_len
292 + ( sizeof("(>=)") - 1 );
293 fstr->bv_val = malloc( fstr->bv_len + 1 );
295 snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s>=%s)",
296 atmp.bv_val, vtmp.bv_val );
298 ber_memfree( vtmp.bv_val );
302 if ( map_attr_value( dc, f->f_av_desc, &atmp,
303 &f->f_av_value, &vtmp, remap ) )
308 fstr->bv_len = atmp.bv_len + vtmp.bv_len
309 + ( sizeof("(<=)") - 1 );
310 fstr->bv_val = malloc( fstr->bv_len + 1 );
312 snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s<=%s)",
313 atmp.bv_val, vtmp.bv_val );
315 ber_memfree( vtmp.bv_val );
318 case LDAP_FILTER_APPROX:
319 if ( map_attr_value( dc, f->f_av_desc, &atmp,
320 &f->f_av_value, &vtmp, remap ) )
325 fstr->bv_len = atmp.bv_len + vtmp.bv_len
326 + ( sizeof("(~=)") - 1 );
327 fstr->bv_val = malloc( fstr->bv_len + 1 );
329 snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s~=%s)",
330 atmp.bv_val, vtmp.bv_val );
332 ber_memfree( vtmp.bv_val );
335 case LDAP_FILTER_SUBSTRINGS:
336 if ( map_attr_value( dc, f->f_sub_desc, &atmp,
337 NULL, NULL, remap ) )
342 /* cannot be a DN ... */
344 fstr->bv_len = atmp.bv_len + ( sizeof("(=*)") - 1 );
345 fstr->bv_val = malloc( fstr->bv_len + 128 );
347 snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s=*)",
350 if ( f->f_sub_initial.bv_val != NULL ) {
353 filter_escape_value( &f->f_sub_initial, &vtmp );
355 fstr->bv_len += vtmp.bv_len;
356 fstr->bv_val = ch_realloc( fstr->bv_val, fstr->bv_len + 1 );
358 snprintf( &fstr->bv_val[len - 2], vtmp.bv_len + 3,
359 /* "(attr=" */ "%s*)",
362 ber_memfree( vtmp.bv_val );
365 if ( f->f_sub_any != NULL ) {
366 for ( i = 0; f->f_sub_any[i].bv_val != NULL; i++ ) {
368 filter_escape_value( &f->f_sub_any[i], &vtmp );
370 fstr->bv_len += vtmp.bv_len + 1;
371 fstr->bv_val = ch_realloc( fstr->bv_val, fstr->bv_len + 1 );
373 snprintf( &fstr->bv_val[len - 1], vtmp.bv_len + 3,
374 /* "(attr=[init]*[any*]" */ "%s*)",
376 ber_memfree( vtmp.bv_val );
380 if ( f->f_sub_final.bv_val != NULL ) {
383 filter_escape_value( &f->f_sub_final, &vtmp );
385 fstr->bv_len += vtmp.bv_len;
386 fstr->bv_val = ch_realloc( fstr->bv_val, fstr->bv_len + 1 );
388 snprintf( &fstr->bv_val[len - 1], vtmp.bv_len + 3,
389 /* "(attr=[init*][any*]" */ "%s)",
392 ber_memfree( vtmp.bv_val );
397 case LDAP_FILTER_PRESENT:
398 if ( map_attr_value( dc, f->f_desc, &atmp,
399 NULL, NULL, remap ) )
404 fstr->bv_len = atmp.bv_len + ( sizeof("(=*)") - 1 );
405 fstr->bv_val = malloc( fstr->bv_len + 1 );
407 snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s=*)",
411 case LDAP_FILTER_AND:
413 case LDAP_FILTER_NOT:
414 fstr->bv_len = sizeof("(%)") - 1;
415 fstr->bv_val = malloc( fstr->bv_len + 128 );
417 snprintf( fstr->bv_val, fstr->bv_len + 1, "(%c)",
418 f->f_choice == LDAP_FILTER_AND ? '&' :
419 f->f_choice == LDAP_FILTER_OR ? '|' : '!' );
421 for ( p = f->f_list; p != NULL; p = p->f_next ) {
424 if ( ldap_back_int_filter_map_rewrite( dc, p, &vtmp, remap ) )
429 fstr->bv_len += vtmp.bv_len;
430 fstr->bv_val = ch_realloc( fstr->bv_val, fstr->bv_len + 1 );
432 snprintf( &fstr->bv_val[len-1], vtmp.bv_len + 2,
433 /*"("*/ "%s)", vtmp.bv_val );
435 ch_free( vtmp.bv_val );
440 case LDAP_FILTER_EXT: {
441 if ( f->f_mr_desc ) {
442 if ( map_attr_value( dc, f->f_mr_desc, &atmp,
443 &f->f_mr_value, &vtmp, remap ) )
452 filter_escape_value( &f->f_mr_value, &vtmp );
456 fstr->bv_len = atmp.bv_len +
457 ( f->f_mr_dnattrs ? sizeof(":dn")-1 : 0 ) +
458 ( f->f_mr_rule_text.bv_len ? f->f_mr_rule_text.bv_len+1 : 0 ) +
459 vtmp.bv_len + ( sizeof("(:=)") - 1 );
460 fstr->bv_val = malloc( fstr->bv_len + 1 );
462 snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s%s%s%s:=%s)",
464 f->f_mr_dnattrs ? ":dn" : "",
465 f->f_mr_rule_text.bv_len ? ":" : "",
466 f->f_mr_rule_text.bv_len ? f->f_mr_rule_text.bv_val : "",
468 ber_memfree( vtmp.bv_val );
471 case SLAPD_FILTER_COMPUTED:
472 switch ( f->f_result ) {
473 case LDAP_COMPARE_FALSE:
474 ber_str2bv( "(?=false)", STRLENOF( "(?=false)" ), 1, fstr );
476 case LDAP_COMPARE_TRUE:
477 ber_str2bv( "(?=true)", STRLENOF( "(?=true)" ), 1, fstr );
479 case SLAPD_COMPARE_UNDEFINED:
480 ber_str2bv( "(?=undefined)", STRLENOF( "(?=undefined)" ), 1, fstr );
483 ber_str2bv( "(?=error)", STRLENOF( "(?=error)" ), 1, fstr );
489 ber_str2bv( "(?=unknown)", STRLENOF( "(?=unknown)" ), 1, fstr );
497 ldap_back_filter_map_rewrite(
507 rc = ldap_back_int_filter_map_rewrite( dc, f, fstr, remap );
509 #ifdef ENABLE_REWRITE
510 if ( rc != LDAP_SUCCESS ) {
517 fdc.ctx = "searchFilter";
519 switch ( rewrite_session( fdc.rwmap->rwm_rw, fdc.ctx,
520 ( !BER_BVISEMPTY( &ftmp ) ? ftmp.bv_val : "" ),
521 fdc.conn, &fstr->bv_val ) )
523 case REWRITE_REGEXEC_OK:
524 if ( !BER_BVISNULL( fstr ) ) {
525 fstr->bv_len = strlen( fstr->bv_val );
529 Debug( LDAP_DEBUG_ARGS,
530 "[rw] %s: \"%s\" -> \"%s\"\n",
531 fdc.ctx, ftmp.bv_val, fstr->bv_val );
535 case REWRITE_REGEXEC_UNWILLING:
537 fdc.rs->sr_err = LDAP_UNWILLING_TO_PERFORM;
538 fdc.rs->sr_text = "Operation not allowed";
540 rc = LDAP_UNWILLING_TO_PERFORM;
543 case REWRITE_REGEXEC_ERR:
545 fdc.rs->sr_err = LDAP_OTHER;
546 fdc.rs->sr_text = "Rewrite error";
551 #endif /* ENABLE_REWRITE */
557 ldap_back_referral_result_rewrite(
567 for ( last = 0; !BER_BVISNULL( &a_vals[ last ] ); last++ )
571 for ( i = 0; !BER_BVISNULL( &a_vals[ i ] ); i++ ) {
572 struct berval dn, olddn;
576 rc = ldap_url_parse( a_vals[ i ].bv_val, &ludp );
577 if ( rc != LDAP_URL_SUCCESS ) {
578 /* leave attr untouched if massage failed */
582 ber_str2bv( ludp->lud_dn, 0, 0, &olddn );
584 rc = ldap_back_dn_massage( dc, &olddn, &dn );
586 case LDAP_UNWILLING_TO_PERFORM:
588 * FIXME: need to check if it may be considered
589 * legal to trim values when adding/modifying;
590 * it should be when searching (e.g. ACLs).
592 LBER_FREE( a_vals[ i ].bv_val );
594 a_vals[ i ] = a_vals[ last ];
596 BER_BVZERO( &a_vals[ last ] );
602 /* leave attr untouched if massage failed */
603 if ( !BER_BVISNULL( &dn ) && olddn.bv_val != dn.bv_val )
607 ludp->lud_dn = dn.bv_val;
608 newurl = ldap_url_desc2str( ludp );
609 if ( newurl == NULL ) {
610 /* FIXME: leave attr untouched
611 * even if ldap_url_desc2str failed... */
615 LBER_FREE( a_vals[ i ].bv_val );
616 ber_str2bv( newurl, 0, 1, &a_vals[ i ] );
618 ludp->lud_dn = olddn.bv_val;
623 ldap_free_urldesc( ludp );
630 * I don't like this much, but we need two different
631 * functions because different heap managers may be
632 * in use in back-ldap/meta to reduce the amount of
633 * calls to malloc routines, and some of the free()
634 * routines may be macros with args
645 for ( last = 0; a_vals[last].bv_val != NULL; last++ );
648 for ( i = 0; a_vals[i].bv_val != NULL; i++ ) {
649 switch ( ldap_back_dn_massage( dc, &a_vals[i], &bv ) ) {
650 case LDAP_UNWILLING_TO_PERFORM:
652 * FIXME: need to check if it may be considered
653 * legal to trim values when adding/modifying;
654 * it should be when searching (e.g. ACLs).
656 ch_free( a_vals[i].bv_val );
658 a_vals[i] = a_vals[last];
660 a_vals[last].bv_len = 0;
661 a_vals[last].bv_val = NULL;
666 /* leave attr untouched if massage failed */
667 if ( bv.bv_val && bv.bv_val != a_vals[i].bv_val ) {
668 ch_free( a_vals[i].bv_val );
679 ldap_dnattr_result_rewrite(
687 for ( last = 0; a_vals[last].bv_val; last++ );
690 for ( i = 0; a_vals[i].bv_val; i++ ) {
691 switch ( ldap_back_dn_massage( dc, &a_vals[i], &bv ) ) {
692 case LDAP_UNWILLING_TO_PERFORM:
694 * FIXME: need to check if it may be considered
695 * legal to trim values when adding/modifying;
696 * it should be when searching (e.g. ACLs).
698 LBER_FREE( a_vals[i].bv_val );
700 a_vals[i] = a_vals[last];
702 BER_BVZERO( &a_vals[last] );
707 /* leave attr untouched if massage failed */
708 if ( bv.bv_val && a_vals[i].bv_val != bv.bv_val ) {
709 LBER_FREE( a_vals[i].bv_val );
projects / openldap / blob