1 /* rwm.c - rewrite/remap operations */
3 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
5 * Copyright 2003-2004 The OpenLDAP Foundation.
6 * Portions Copyright 2003 Pierangelo Masarati.
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted only as authorized by the OpenLDAP
13 * A copy of this license is available in the file LICENSE in the
14 * top-level directory of the distribution or, alternatively, at
15 * <http://www.OpenLDAP.org/license.html>.
24 #include <ac/string.h>
30 rwm_op_dn_massage( Operation *op, SlapReply *rs, void *cookie )
32 slap_overinst *on = (slap_overinst *) op->o_bd->bd_info;
33 struct ldaprwmap *rwmap =
34 (struct ldaprwmap *)on->on_bi.bi_private;
36 struct berval dn = BER_BVNULL,
43 * Rewrite the dn if needed
49 dc.ctx = (char *)cookie;
50 #else /* ! ENABLE_REWRITE */
51 dc.tofrom = ((int *)cookie)[0];
53 #endif /* ! ENABLE_REWRITE */
55 /* NOTE: in those cases where only the ndn is available,
56 * and the caller sets op->o_req_dn = op->o_req_ndn,
57 * only rewrite the op->o_req_ndn and use it as
58 * op->o_req_dn as well */
59 if ( op->o_req_dn.bv_val != op->o_req_ndn.bv_val ) {
63 rc = rwm_dn_massage( &dc, &op->o_req_dn, dnp, &ndn );
64 if ( rc != LDAP_SUCCESS ) {
68 if ( ( dnp && dn.bv_val == op->o_req_dn.bv_val ) ||
69 ( !dnp && ndn.bv_val == op->o_req_ndn.bv_val ) ) {
73 op->o_tmpfree( op->o_req_ndn.bv_val, op->o_tmpmemctx );
75 op->o_tmpfree( op->o_req_dn.bv_val, op->o_tmpmemctx );
86 rwm_op_add( Operation *op, SlapReply *rs )
88 slap_overinst *on = (slap_overinst *) op->o_bd->bd_info;
89 struct ldaprwmap *rwmap =
90 (struct ldaprwmap *)on->on_bi.bi_private;
94 Attribute **ap = NULL;
95 char *olddn = op->o_req_dn.bv_val;
98 rc = rwm_op_dn_massage( op, rs, "addDN" );
99 #else /* ! ENABLE_REWRITE */
101 rc = rwm_op_dn_massage( op, rs, &rc );
102 #endif /* ! ENABLE_REWRITE */
103 if ( rc != LDAP_SUCCESS ) {
104 op->o_bd->bd_info = (BackendInfo *)on->on_info;
105 send_ldap_error( op, rs, rc, "addDN massage error" );
109 if ( olddn != op->o_req_dn.bv_val ) {
110 ch_free( op->ora_e->e_name.bv_val );
111 ch_free( op->ora_e->e_nname.bv_val );
113 ber_dupbv( &op->ora_e->e_name, &op->o_req_dn );
114 ber_dupbv( &op->ora_e->e_nname, &op->o_req_ndn );
117 /* Count number of attributes in entry */
118 for ( i = 0, ap = &op->oq_add.rs_e->e_attrs; *ap; ) {
119 struct berval mapped;
122 if ( (*ap)->a_desc->ad_type->sat_no_user_mod ) {
126 rwm_map( &rwmap->rwm_at, &(*ap)->a_desc->ad_cname,
128 if ( BER_BVISNULL( &mapped ) || BER_BVISEMPTY( &mapped ) ) {
132 if ( (*ap)->a_desc->ad_type->sat_syntax
133 == slap_schema.si_syn_distinguishedName )
136 * FIXME: rewrite could fail; in this case
137 * the operation should give up, right?
139 #ifdef ENABLE_REWRITE
140 rc = rwm_dnattr_rewrite( op, rs, "addAttrDN",
142 (*ap)->a_nvals ? &(*ap)->a_nvals : NULL );
143 #else /* ! ENABLE_REWRITE */
145 rc = rwm_dnattr_rewrite( op, rs, &rc, (*ap)->a_vals,
146 (*ap)->a_nvals ? &(*ap)->a_nvals : NULL );
147 #endif /* ! ENABLE_REWRITE */
152 } else if ( (*ap)->a_desc == slap_schema.si_ad_ref ) {
153 #ifdef ENABLE_REWRITE
154 rc = rwm_referral_rewrite( op, rs, "referralAttrDN",
156 (*ap)->a_nvals ? &(*ap)->a_nvals : NULL );
157 #else /* ! ENABLE_REWRITE */
159 rc = rwm_referral_rewrite( op, rs, &rc, (*ap)->a_vals,
160 (*ap)->a_nvals ? &(*ap)->a_nvals : NULL );
161 #endif /* ! ENABLE_REWRITE */
162 if ( rc != LDAP_SUCCESS ) {
173 /* FIXME: leaking attribute/values? */
180 /* TODO: map attribute types, values of DN-valued attributes ... */
181 return SLAP_CB_CONTINUE;
185 rwm_op_bind( Operation *op, SlapReply *rs )
187 slap_overinst *on = (slap_overinst *) op->o_bd->bd_info;
188 struct ldaprwmap *rwmap =
189 (struct ldaprwmap *)on->on_bi.bi_private;
192 #ifdef ENABLE_REWRITE
193 ( void )rewrite_session_delete( rwmap->rwm_rw, op->o_conn );
194 ( void )rewrite_session_init( rwmap->rwm_rw, op->o_conn );
196 rc = rwm_op_dn_massage( op, rs, "bindDN" );
197 #else /* ! ENABLE_REWRITE */
199 rc = rwm_op_dn_massage( op, rs, &rc );
200 #endif /* ! ENABLE_REWRITE */
201 if ( rc != LDAP_SUCCESS ) {
202 op->o_bd->bd_info = (BackendInfo *)on->on_info;
203 send_ldap_error( op, rs, rc, "bindDN massage error" );
207 return SLAP_CB_CONTINUE;
211 rwm_op_unbind( Operation *op, SlapReply *rs )
213 slap_overinst *on = (slap_overinst *) op->o_bd->bd_info;
214 struct ldaprwmap *rwmap =
215 (struct ldaprwmap *)on->on_bi.bi_private;
217 #ifdef ENABLE_REWRITE
218 rewrite_session_delete( rwmap->rwm_rw, op->o_conn );
219 #endif /* ENABLE_REWRITE */
221 return SLAP_CB_CONTINUE;
225 rwm_op_compare( Operation *op, SlapReply *rs )
227 slap_overinst *on = (slap_overinst *) op->o_bd->bd_info;
228 struct ldaprwmap *rwmap =
229 (struct ldaprwmap *)on->on_bi.bi_private;
232 struct berval mapped_at = BER_BVNULL,
233 mapped_vals[2] = { BER_BVNULL, BER_BVNULL };
235 #ifdef ENABLE_REWRITE
236 rc = rwm_op_dn_massage( op, rs, "compareDN" );
237 #else /* ! ENABLE_REWRITE */
239 rc = rwm_op_dn_massage( op, rs, &rc );
240 #endif /* ! ENABLE_REWRITE */
241 if ( rc != LDAP_SUCCESS ) {
242 op->o_bd->bd_info = (BackendInfo *)on->on_info;
243 send_ldap_error( op, rs, rc, "compareDN massage error" );
247 /* if the attribute is an objectClass, try to remap its value */
248 if ( op->orc_ava->aa_desc == slap_schema.si_ad_objectClass
249 || op->orc_ava->aa_desc == slap_schema.si_ad_structuralObjectClass )
251 rwm_map( &rwmap->rwm_oc, &op->orc_ava->aa_value,
252 &mapped_vals[0], RWM_MAP );
253 if ( BER_BVISNULL( &mapped_vals[0] ) || BER_BVISEMPTY( &mapped_vals[0] ) )
255 op->o_bd->bd_info = (BackendInfo *)on->on_info;
256 send_ldap_error( op, rs, LDAP_OTHER, "compare objectClass map error" );
259 } else if ( mapped_vals[0].bv_val != op->orc_ava->aa_value.bv_val ) {
260 free( op->orc_ava->aa_value.bv_val );
261 op->orc_ava->aa_value = mapped_vals[0];
263 mapped_at = op->orc_ava->aa_desc->ad_cname;
266 struct ldapmapping *mapping = NULL;
267 AttributeDescription *ad = op->orc_ava->aa_desc;
269 ( void )rwm_mapping( &rwmap->rwm_at, &op->orc_ava->aa_desc->ad_cname,
271 if ( mapping == NULL ) {
272 if ( rwmap->rwm_at.drop_missing ) {
273 op->o_bd->bd_info = (BackendInfo *)on->on_info;
274 send_ldap_error( op, rs, LDAP_OTHER, "compare attributeType map error" );
279 ad = mapping->m_dst_ad;
282 if ( op->orc_ava->aa_desc->ad_type->sat_syntax == slap_schema.si_syn_distinguishedName )
284 struct berval *mapped_valsp[2];
286 mapped_valsp[0] = &mapped_vals[0];
287 mapped_valsp[1] = &mapped_vals[1];
289 mapped_vals[0] = op->orc_ava->aa_value;
291 #ifdef ENABLE_REWRITE
292 rc = rwm_dnattr_rewrite( op, rs, "compareAttrDN", NULL, mapped_valsp );
293 #else /* ! ENABLE_REWRITE */
295 rc = rwm_dnattr_rewrite( op, rs, &rc, NULL, mapped_valsp );
296 #endif /* ! ENABLE_REWRITE */
298 if ( rc != LDAP_SUCCESS ) {
299 op->o_bd->bd_info = (BackendInfo *)on->on_info;
300 send_ldap_error( op, rs, rc, "compareAttrDN massage error" );
304 op->orc_ava->aa_value = mapped_vals[0];
306 op->orc_ava->aa_desc = ad;
309 return SLAP_CB_CONTINUE;
313 rwm_op_delete( Operation *op, SlapReply *rs )
315 slap_overinst *on = (slap_overinst *) op->o_bd->bd_info;
318 #ifdef ENABLE_REWRITE
319 rc = rwm_op_dn_massage( op, rs, "deleteDN" );
320 #else /* ! ENABLE_REWRITE */
322 rc = rwm_op_dn_massage( op, rs, &rc );
323 #endif /* ! ENABLE_REWRITE */
324 if ( rc != LDAP_SUCCESS ) {
325 op->o_bd->bd_info = (BackendInfo *)on->on_info;
326 send_ldap_error( op, rs, rc, "deleteDN massage error" );
330 return SLAP_CB_CONTINUE;
334 rwm_op_modify( Operation *op, SlapReply *rs )
336 slap_overinst *on = (slap_overinst *) op->o_bd->bd_info;
337 struct ldaprwmap *rwmap =
338 (struct ldaprwmap *)on->on_bi.bi_private;
343 #ifdef ENABLE_REWRITE
344 rc = rwm_op_dn_massage( op, rs, "modifyDN" );
345 #else /* ! ENABLE_REWRITE */
347 rc = rwm_op_dn_massage( op, rs, &rc );
348 #endif /* ! ENABLE_REWRITE */
349 if ( rc != LDAP_SUCCESS ) {
350 op->o_bd->bd_info = (BackendInfo *)on->on_info;
351 send_ldap_error( op, rs, rc, "modifyDN massage error" );
355 for ( mlp = &op->oq_modify.rs_modlist; *mlp; ) {
359 if ( (*mlp)->sml_desc->ad_type->sat_no_user_mod ) {
363 if ( (*mlp)->sml_desc == slap_schema.si_ad_objectClass
364 || (*mlp)->sml_desc == slap_schema.si_ad_structuralObjectClass ) {
368 struct ldapmapping *m;
371 drop_missing = rwm_mapping( &rwmap->rwm_at, &(*mlp)->sml_desc->ad_cname, &m, RWM_MAP );
372 if ( drop_missing || ( m != NULL && BER_BVISNULL( &m->m_dst ) ) )
378 /* use new attribute description */
379 assert( m->m_dst_ad );
380 (*mlp)->sml_desc = m->m_dst_ad;
384 if ( (*mlp)->sml_values != NULL ) {
388 for ( last = 0; !BER_BVISNULL( &(*mlp)->sml_values[last] ); last++ )
392 for ( j = 0; !BER_BVISNULL( &(*mlp)->sml_values[j] ); j++ ) {
393 struct berval mapped = BER_BVNULL;
395 rwm_map( &rwmap->rwm_oc,
396 &(*mlp)->sml_values[j],
398 if ( BER_BVISNULL( &mapped ) || BER_BVISEMPTY( &mapped ) ) {
399 /* FIXME: we allow to remove objectClasses as well;
400 * if the resulting entry is inconsistent, that's
401 * the relayed database's business...
407 (*mlp)->sml_values[j] = (*mlp)->sml_values[last];
408 BER_BVZERO( &(*mlp)->sml_values[last] );
413 ch_free( (*mlp)->sml_values[j].bv_val );
414 ber_dupbv( &(*mlp)->sml_values[j], &mapped );
419 if ( (*mlp)->sml_desc->ad_type->sat_syntax ==
420 slap_schema.si_syn_distinguishedName )
422 #ifdef ENABLE_REWRITE
423 rc = rwm_dnattr_rewrite( op, rs, "modifyAttrDN",
425 (*mlp)->sml_nvalues ? &(*mlp)->sml_nvalues : NULL );
426 #else /* ! ENABLE_REWRITE */
428 rc = rwm_dnattr_rewrite( op, rs, &rc,
430 (*mlp)->sml_nvalues ? &(*mlp)->sml_nvalues : NULL );
431 #endif /* ! ENABLE_REWRITE */
433 } else if ( (*mlp)->sml_desc == slap_schema.si_ad_ref ) {
434 #ifdef ENABLE_REWRITE
435 rc = rwm_referral_rewrite( op, rs,
438 (*mlp)->sml_nvalues ? &(*mlp)->sml_nvalues : NULL );
439 #else /* ! ENABLE_REWRITE */
441 rc = rwm_referral_rewrite( op, rs, &rc,
443 (*mlp)->sml_nvalues ? &(*mlp)->sml_nvalues : NULL );
444 #endif /* ! ENABLE_REWRITE */
445 if ( rc != LDAP_SUCCESS ) {
450 if ( rc != LDAP_SUCCESS ) {
457 mlp = &(*mlp)->sml_next;
462 *mlp = (*mlp)->sml_next;
463 slap_mod_free( &ml->sml_mod, 0 );
467 /* TODO: rewrite attribute types, values of DN-valued attributes ... */
468 return SLAP_CB_CONTINUE;
472 rwm_op_modrdn( Operation *op, SlapReply *rs )
474 slap_overinst *on = (slap_overinst *) op->o_bd->bd_info;
475 struct ldaprwmap *rwmap =
476 (struct ldaprwmap *)on->on_bi.bi_private;
480 if ( op->orr_newSup ) {
482 struct berval nnewSup = BER_BVNULL;
483 struct berval newSup = BER_BVNULL;
486 * Rewrite the new superior, if defined and required
489 #ifdef ENABLE_REWRITE
490 dc.conn = op->o_conn;
492 dc.ctx = "newSuperiorDN";
493 #else /* ! ENABLE_REWRITE */
496 #endif /* ! ENABLE_REWRITE */
497 rc = rwm_dn_massage( &dc, op->orr_newSup, &newSup, &nnewSup );
498 if ( rc != LDAP_SUCCESS ) {
499 op->o_bd->bd_info = (BackendInfo *)on->on_info;
500 send_ldap_error( op, rs, rc, "newSuperiorDN massage error" );
504 if ( op->orr_newSup->bv_val != newSup.bv_val ) {
505 op->o_tmpfree( op->orr_newSup->bv_val, op->o_tmpmemctx );
506 op->o_tmpfree( op->orr_nnewSup->bv_val, op->o_tmpmemctx );
507 *op->orr_newSup = newSup;
508 *op->orr_nnewSup = nnewSup;
513 * Rewrite the dn, if needed
515 #ifdef ENABLE_REWRITE
516 rc = rwm_op_dn_massage( op, rs, "renameDN" );
517 #else /* ! ENABLE_REWRITE */
519 rc = rwm_op_dn_massage( op, rs, &rc );
520 #endif /* ! ENABLE_REWRITE */
521 if ( rc != LDAP_SUCCESS ) {
522 op->o_bd->bd_info = (BackendInfo *)on->on_info;
523 send_ldap_error( op, rs, rc, "renameDN massage error" );
527 /* TODO: rewrite newRDN, attribute types,
528 * values of DN-valued attributes ... */
529 return SLAP_CB_CONTINUE;
533 rwm_swap_attrs( Operation *op, SlapReply *rs )
535 slap_callback *cb = op->o_callback;
536 AttributeName *an = (AttributeName *)cb->sc_private;
540 return SLAP_CB_CONTINUE;
543 static int rwm_freeself( Operation *op, SlapReply *rs )
545 if ( op->o_tag == LDAP_REQ_SEARCH && rs->sr_type == REP_RESULT ) {
546 assert( op->o_callback );
548 op->o_tmpfree( op->o_callback, op->o_tmpmemctx );
549 op->o_callback = NULL;
552 return SLAP_CB_CONTINUE;
556 rwm_op_search( Operation *op, SlapReply *rs )
558 slap_overinst *on = (slap_overinst *) op->o_bd->bd_info;
559 struct ldaprwmap *rwmap =
560 (struct ldaprwmap *)on->on_bi.bi_private;
565 struct berval fstr = BER_BVNULL;
569 AttributeName *an = NULL;
573 #ifdef ENABLE_REWRITE
574 rc = rwm_op_dn_massage( op, rs, "searchDN" );
575 #else /* ! ENABLE_REWRITE */
577 rc = rwm_op_dn_massage( op, rs, &rc );
578 #endif /* ! ENABLE_REWRITE */
579 if ( rc != LDAP_SUCCESS ) {
580 text = "searchDN massage error";
585 * Rewrite the dn if needed
588 #ifdef ENABLE_REWRITE
589 dc.conn = op->o_conn;
591 dc.ctx = "searchFilterAttrDN";
592 #else /* ! ENABLE_REWRITE */
595 #endif /* ! ENABLE_REWRITE */
597 rc = rwm_filter_map_rewrite( &dc, op->ors_filter, &fstr );
598 if ( rc != LDAP_SUCCESS ) {
599 text = "searchFilter/searchFilterAttrDN massage error";
603 f = str2filter_x( op, fstr.bv_val );
606 text = "massaged filter parse error";
610 if ( !BER_BVISNULL( &op->ors_filterstr ) ) {
611 ch_free( op->ors_filterstr.bv_val );
614 if( op->ors_filter ) {
615 filter_free_x( op, op->ors_filter );
619 op->ors_filterstr = fstr;
621 rc = rwm_map_attrnames( &rwmap->rwm_at, &rwmap->rwm_oc,
622 op->ors_attrs, &an, RWM_MAP );
623 if ( rc != LDAP_SUCCESS ) {
624 text = "attribute list mapping error";
628 cb = (slap_callback *) op->o_tmpcalloc( sizeof( slap_callback ),
629 1, op->o_tmpmemctx );
635 cb->sc_response = rwm_swap_attrs;
636 cb->sc_cleanup = rwm_freeself;
637 cb->sc_private = (void *)op->ors_attrs;
638 cb->sc_next = op->o_callback;
643 return SLAP_CB_CONTINUE;
651 filter_free_x( op, f );
654 if ( !BER_BVISNULL( &fstr ) ) {
655 ch_free( fstr.bv_val );
658 op->o_bd->bd_info = (BackendInfo *)on->on_info;
659 send_ldap_error( op, rs, rc, text );
666 rwm_extended( Operation *op, SlapReply *rs )
668 slap_overinst *on = (slap_overinst *) op->o_bd->bd_info;
671 #ifdef ENABLE_REWRITE
672 rc = rwm_op_dn_massage( op, rs, "extendedDN" );
673 #else /* ! ENABLE_REWRITE */
675 rc = rwm_op_dn_massage( op, rs, &rc );
676 #endif /* ! ENABLE_REWRITE */
677 if ( rc != LDAP_SUCCESS ) {
678 op->o_bd->bd_info = (BackendInfo *)on->on_info;
679 send_ldap_error( op, rs, rc, "extendedDN massage error" );
683 /* TODO: rewrite/map extended data ? ... */
684 return SLAP_CB_CONTINUE;
688 rwm_matched( Operation *op, SlapReply *rs )
690 slap_overinst *on = (slap_overinst *) op->o_bd->bd_info;
691 struct ldaprwmap *rwmap =
692 (struct ldaprwmap *)on->on_bi.bi_private;
694 struct berval dn, mdn;
698 if ( rs->sr_matched == NULL ) {
699 return SLAP_CB_CONTINUE;
703 #ifdef ENABLE_REWRITE
704 dc.conn = op->o_conn;
706 dc.ctx = "matchedDN";
707 #else /* ! ENABLE_REWRITE */
710 #endif /* ! ENABLE_REWRITE */
711 ber_str2bv( rs->sr_matched, 0, 0, &dn );
712 rc = rwm_dn_massage( &dc, &dn, &mdn, NULL );
713 if ( rc != LDAP_SUCCESS ) {
715 rs->sr_text = "Rewrite error";
719 if ( mdn.bv_val != dn.bv_val ) {
720 if ( rs->sr_flags & REP_MATCHED_MUSTBEFREED ) {
721 ch_free( (void *)rs->sr_matched );
724 rs->sr_flags |= REP_MATCHED_MUSTBEFREED;
726 rs->sr_matched = mdn.bv_val;
729 return SLAP_CB_CONTINUE;
733 rwm_attrs( Operation *op, SlapReply *rs, Attribute** a_first )
735 slap_overinst *on = (slap_overinst *) op->o_bd->bd_info;
736 struct ldaprwmap *rwmap =
737 (struct ldaprwmap *)on->on_bi.bi_private;
744 * Rewrite the dn attrs, if needed
747 #ifdef ENABLE_REWRITE
748 dc.conn = op->o_conn;
750 #else /* ! ENABLE_REWRITE */
753 #endif /* ! ENABLE_REWRITE */
755 /* FIXME: the entries are in the remote mapping form;
756 * so we need to select those attributes we are willing
757 * to return, and remap them accordingly */
759 /* FIXME: in principle, one could map an attribute
760 * on top of another, which already exists.
761 * As such, in the end there might exist more than
762 * one instance of an attribute.
763 * We should at least check if this occurs, and issue
764 * an error (because multiple instances of attrs in
765 * response are not valid), or merge the values (what
766 * about duplicate values?) */
767 for ( ap = a_first; *ap; ) {
768 struct ldapmapping *m;
773 if ( SLAP_OPATTRS( rs->sr_attr_flags ) && is_at_operational( (*ap)->a_desc->ad_type ) )
777 } else if ( op->ors_attrs != NULL &&
778 !SLAP_USERATTRS( rs->sr_attr_flags ) &&
779 !ad_inlist( (*ap)->a_desc, op->ors_attrs ) )
784 if ( (*ap)->a_desc->ad_type->sat_no_user_mod
785 && (*ap)->a_desc->ad_type != slap_schema.si_at_undefined )
790 drop_missing = rwm_mapping( &rwmap->rwm_at,
791 &(*ap)->a_desc->ad_cname, &m, RWM_REMAP );
792 if ( drop_missing || ( m != NULL && BER_BVISEMPTY( &m->m_dst ) ) ) {
796 for ( last = 0; !BER_BVISNULL( &(*ap)->a_vals[last] ); last++ )
800 /* empty? for now, we leave it in place */
805 if ( (*ap)->a_desc == slap_schema.si_ad_objectClass
806 || (*ap)->a_desc == slap_schema.si_ad_structuralObjectClass )
810 for ( bv = (*ap)->a_vals; !BER_BVISNULL( bv ); bv++ ) {
811 struct berval mapped;
813 rwm_map( &rwmap->rwm_oc, &bv[0], &mapped, RWM_REMAP );
814 if ( BER_BVISNULL( &mapped ) || BER_BVISEMPTY( &mapped ) ) {
815 ch_free( bv[0].bv_val );
816 BER_BVZERO( &bv[0] );
817 if ( &(*ap)->a_vals[last] > &bv[0] ) {
818 bv[0] = (*ap)->a_vals[last];
819 BER_BVZERO( &(*ap)->a_vals[last] );
824 } else if ( mapped.bv_val != bv[0].bv_val ) {
826 * FIXME: after LBER_FREEing
827 * the value is replaced by
830 ch_free( bv[0].bv_val );
831 ber_dupbv( &bv[0], &mapped );
836 * It is necessary to try to rewrite attributes with
837 * dn syntax because they might be used in ACLs as
838 * members of groups; since ACLs are applied to the
839 * rewritten stuff, no dn-based subject clause could
840 * be used at the ldap backend side (see
841 * http://www.OpenLDAP.org/faq/data/cache/452.html)
842 * The problem can be overcome by moving the dn-based
843 * ACLs to the target directory server, and letting
844 * everything pass thru the ldap backend. */
845 /* FIXME: handle distinguishedName-like syntaxes, like
846 * nameAndOptionalUID */
847 } else if ( (*ap)->a_desc->ad_type->sat_syntax ==
848 slap_schema.si_syn_distinguishedName )
850 #ifdef ENABLE_REWRITE
851 dc.ctx = "searchAttrDN";
852 #endif /* ENABLE_REWRITE */
853 rc = rwm_dnattr_result_rewrite( &dc, (*ap)->a_vals );
854 if ( rc != LDAP_SUCCESS ) {
858 } else if ( (*ap)->a_desc == slap_schema.si_ad_ref ) {
859 #ifdef ENABLE_REWRITE
860 dc.ctx = "searchAttrDN";
861 #endif /* ENABLE_REWRITE */
862 rc = rwm_referral_result_rewrite( &dc, (*ap)->a_vals );
863 if ( rc != LDAP_SUCCESS ) {
869 /* rewrite the attribute description */
870 assert( m->m_dst_ad );
871 (*ap)->a_desc = m->m_dst_ad;
889 rwm_send_entry( Operation *op, SlapReply *rs )
891 slap_overinst *on = (slap_overinst *) op->o_bd->bd_info;
892 struct ldaprwmap *rwmap =
893 (struct ldaprwmap *)on->on_bi.bi_private;
897 struct berval dn = BER_BVNULL,
902 assert( rs->sr_entry );
905 * Rewrite the dn of the result, if needed
908 #ifdef ENABLE_REWRITE
909 dc.conn = op->o_conn;
911 dc.ctx = "searchEntryDN";
912 #else /* ! ENABLE_REWRITE */
915 #endif /* ! ENABLE_REWRITE */
918 flags = rs->sr_flags;
919 if ( !( rs->sr_flags & REP_ENTRY_MODIFIABLE ) ) {
920 /* FIXME: all we need to duplicate are:
923 * - attributes that are requested
924 * - no values if attrsonly is set
933 flags |= ( REP_ENTRY_MODIFIABLE | REP_ENTRY_MUSTBEFREED );
937 * Note: this may fail if the target host(s) schema differs
938 * from the one known to the meta, and a DN with unknown
939 * attributes is returned.
941 rc = rwm_dn_massage( &dc, &e->e_name, &dn, &ndn );
942 if ( rc != LDAP_SUCCESS ) {
947 if ( e->e_name.bv_val != dn.bv_val ) {
948 ch_free( e->e_name.bv_val );
949 ch_free( e->e_nname.bv_val );
955 /* TODO: map entry attribute types, objectclasses
956 * and dn-valued attribute values */
958 /* FIXME: the entries are in the remote mapping form;
959 * so we need to select those attributes we are willing
960 * to return, and remap them accordingly */
961 (void)rwm_attrs( op, rs, &e->e_attrs );
964 rs->sr_flags = flags;
966 return SLAP_CB_CONTINUE;
969 if ( !BER_BVISNULL( &dn ) ) {
970 ch_free( dn.bv_val );
973 if ( !BER_BVISNULL( &ndn ) ) {
974 ch_free( ndn.bv_val );
977 if ( e != NULL && e != rs->sr_entry ) {
985 rwm_operational( Operation *op, SlapReply *rs )
987 /* FIXME: the entries are in the remote mapping form;
988 * so we need to select those attributes we are willing
989 * to return, and remap them accordingly */
990 if ( rs->sr_operational_attrs ) {
991 rwm_attrs( op, rs, &rs->sr_operational_attrs );
994 return SLAP_CB_CONTINUE;
998 /* don't use this; it cannot be reverted, and leaves op->o_req_dn
999 * rewritten for subsequent operations; fine for plain suffixmassage,
1000 * but destroys everything else */
1002 rwm_chk_referrals( Operation *op, SlapReply *rs )
1004 slap_overinst *on = (slap_overinst *) op->o_bd->bd_info;
1007 #ifdef ENABLE_REWRITE
1008 rc = rwm_op_dn_massage( op, rs, "referralCheckDN" );
1009 #else /* ! ENABLE_REWRITE */
1011 rc = rwm_op_dn_massage( op, rs, &rc );
1012 #endif /* ! ENABLE_REWRITE */
1013 if ( rc != LDAP_SUCCESS ) {
1014 op->o_bd->bd_info = (BackendInfo *)on->on_info;
1015 send_ldap_error( op, rs, rc, "referralCheckDN massage error" );
1019 return SLAP_CB_CONTINUE;
1032 #ifdef ENABLE_REWRITE
1033 slap_overinst *on = (slap_overinst *) be->bd_info;
1034 struct ldaprwmap *rwmap =
1035 (struct ldaprwmap *)on->on_bi.bi_private;
1037 return rewrite_parse( rwmap->rwm_rw,
1038 fname, lineno, argc, argv );
1040 #else /* !ENABLE_REWRITE */
1041 fprintf( stderr, "%s: line %d: rewrite capabilities "
1042 "are not enabled\n", fname, lineno );
1043 #endif /* !ENABLE_REWRITE */
1049 rwm_suffixmassage_config(
1057 slap_overinst *on = (slap_overinst *) be->bd_info;
1058 struct ldaprwmap *rwmap =
1059 (struct ldaprwmap *)on->on_bi.bi_private;
1061 struct berval bvnc, nvnc, pvnc, brnc, nrnc, prnc;
1063 #ifdef ENABLE_REWRITE
1065 #endif /* ENABLE_REWRITE */
1070 * suffixmassage [<suffix>] <massaged suffix>
1072 * the [<suffix>] field must be defined as a valid suffix
1073 * for the current database;
1074 * the <massaged suffix> shouldn't have already been
1075 * defined as a valid suffix for the current server
1078 if ( be->be_suffix == NULL ) {
1079 fprintf( stderr, "%s: line %d: "
1080 " \"suffixMassage [<suffix>]"
1081 " <massaged suffix>\" without "
1082 "<suffix> part requires database "
1083 "suffix be defined first.\n",
1087 bvnc = be->be_suffix[ 0 ];
1090 } else if ( argc == 3 ) {
1091 ber_str2bv( argv[ 1 ], 0, 0, &bvnc );
1095 fprintf( stderr, "%s: line %d: syntax is"
1096 " \"suffixMassage [<suffix>]"
1097 " <massaged suffix>\"\n",
1102 if ( dnPrettyNormal( NULL, &bvnc, &pvnc, &nvnc, NULL ) != LDAP_SUCCESS ) {
1103 fprintf( stderr, "%s: line %d: suffix DN %s is invalid\n",
1104 fname, lineno, bvnc.bv_val );
1108 ber_str2bv( argv[ massaged ], 0, 0, &brnc );
1109 if ( dnPrettyNormal( NULL, &brnc, &prnc, &nrnc, NULL ) != LDAP_SUCCESS ) {
1110 fprintf( stderr, "%s: line %d: suffix DN %s is invalid\n",
1111 fname, lineno, brnc.bv_val );
1112 free( nvnc.bv_val );
1113 free( pvnc.bv_val );
1117 #ifdef ENABLE_REWRITE
1119 * The suffix massaging is emulated
1120 * by means of the rewrite capabilities
1122 rc = rwm_suffix_massage_config( rwmap->rwm_rw,
1123 &pvnc, &nvnc, &prnc, &nrnc );
1124 free( nvnc.bv_val );
1125 free( pvnc.bv_val );
1126 free( nrnc.bv_val );
1127 free( prnc.bv_val );
1131 #else /* !ENABLE_REWRITE */
1132 ber_bvarray_add( &rwmap->rwm_suffix_massage, &pvnc );
1133 ber_bvarray_add( &rwmap->rwm_suffix_massage, &nvnc );
1135 ber_bvarray_add( &rwmap->rwm_suffix_massage, &prnc );
1136 ber_bvarray_add( &rwmap->rwm_suffix_massage, &nrnc );
1137 #endif /* !ENABLE_REWRITE */
1151 slap_overinst *on = (slap_overinst *) be->bd_info;
1152 struct ldaprwmap *rwmap =
1153 (struct ldaprwmap *)on->on_bi.bi_private;
1155 /* objectclass/attribute mapping */
1156 return rwm_map_config( &rwmap->rwm_oc,
1158 fname, lineno, argc, argv );
1162 rwm_response( Operation *op, SlapReply *rs )
1164 slap_overinst *on = (slap_overinst *)op->o_bd->bd_info;
1165 struct ldaprwmap *rwmap =
1166 (struct ldaprwmap *)on->on_bi.bi_private;
1170 if ( op->o_tag == LDAP_REQ_SEARCH && rs->sr_type == REP_SEARCH ) {
1171 return rwm_send_entry( op, rs );
1174 switch( op->o_tag ) {
1175 case LDAP_REQ_SEARCH:
1176 /* Note: the operation attrs are remapped */
1177 if ( op->ors_attrs != NULL && op->ors_attrs != rs->sr_attrs )
1179 ch_free( op->ors_attrs );
1180 op->ors_attrs = rs->sr_attrs;
1186 case LDAP_REQ_DELETE:
1187 case LDAP_REQ_MODRDN:
1188 case LDAP_REQ_MODIFY:
1189 case LDAP_REQ_COMPARE:
1190 case LDAP_REQ_EXTENDED:
1195 * Rewrite the dn of the referrals, if needed
1198 #ifdef ENABLE_REWRITE
1199 dc.conn = op->o_conn;
1201 dc.ctx = "referralDN";
1202 #else /* ! ENABLE_REWRITE */
1205 #endif /* ! ENABLE_REWRITE */
1206 rc = rwm_referral_result_rewrite( &dc, rs->sr_ref );
1207 if ( rc != LDAP_SUCCESS ) {
1212 rc = rwm_matched( op, rs );
1216 rc = SLAP_CB_CONTINUE;
1235 if ( strncasecmp( argv[ 0 ], "rwm-", STRLENOF( "rwm-" ) ) == 0 ) {
1237 argv[ 0 ] = &argv0[ STRLENOF( "rwm-" ) ];
1240 if ( strncasecmp( argv[0], "rewrite", STRLENOF("rewrite") ) == 0 ) {
1241 rc = rwm_rw_config( be, fname, lineno, argc, argv );
1243 } else if ( strcasecmp( argv[0], "map" ) == 0 ) {
1244 rc = rwm_m_config( be, fname, lineno, argc, argv );
1246 } else if ( strcasecmp( argv[0], "suffixmassage" ) == 0 ) {
1247 rc = rwm_suffixmassage_config( be, fname, lineno, argc, argv );
1250 rc = SLAP_CONF_UNKNOWN;
1265 slap_overinst *on = (slap_overinst *) be->bd_info;
1266 struct ldapmapping *mapping = NULL;
1267 struct ldaprwmap *rwmap;
1269 rwmap = (struct ldaprwmap *)ch_malloc(sizeof(struct ldaprwmap));
1270 memset(rwmap, 0, sizeof(struct ldaprwmap));
1272 #ifdef ENABLE_REWRITE
1273 rwmap->rwm_rw = rewrite_info_init( REWRITE_MODE_USE_DEFAULT );
1274 if ( rwmap->rwm_rw == NULL ) {
1282 /* this rewriteContext by default must be null;
1283 * rules can be added if required */
1284 rargv[ 0 ] = "rewriteContext";
1285 rargv[ 1 ] = "searchFilter";
1287 rewrite_parse( rwmap->rwm_rw, "<suffix massage>", 1, 2, rargv );
1289 rargv[ 0 ] = "rewriteContext";
1290 rargv[ 1 ] = "default";
1292 rewrite_parse( rwmap->rwm_rw, "<suffix massage>", 2, 2, rargv );
1295 #endif /* ENABLE_REWRITE */
1297 if ( rwm_map_init( &rwmap->rwm_oc, &mapping ) != LDAP_SUCCESS ||
1298 rwm_map_init( &rwmap->rwm_at, &mapping ) != LDAP_SUCCESS )
1303 on->on_bi.bi_private = (void *)rwmap;
1313 slap_overinst *on = (slap_overinst *) be->bd_info;
1316 if ( on->on_bi.bi_private ) {
1317 struct ldaprwmap *rwmap =
1318 (struct ldaprwmap *)on->on_bi.bi_private;
1320 #ifdef ENABLE_REWRITE
1321 if (rwmap->rwm_rw) {
1322 rewrite_info_delete( &rwmap->rwm_rw );
1324 #else /* !ENABLE_REWRITE */
1325 if ( rwmap->rwm_suffix_massage ) {
1326 ber_bvarray_free( rwmap->rwm_suffix_massage );
1328 #endif /* !ENABLE_REWRITE */
1330 avl_free( rwmap->rwm_oc.remap, NULL );
1331 avl_free( rwmap->rwm_oc.map, rwm_mapping_free );
1332 avl_free( rwmap->rwm_at.remap, NULL );
1333 avl_free( rwmap->rwm_at.map, rwm_mapping_free );
1339 static slap_overinst rwm = { { NULL } };
1344 memset( &rwm, 0, sizeof( slap_overinst ) );
1346 rwm.on_bi.bi_type = "rwm";
1348 rwm.on_bi.bi_db_init = rwm_db_init;
1349 rwm.on_bi.bi_db_config = rwm_db_config;
1350 rwm.on_bi.bi_db_destroy = rwm_db_destroy;
1352 rwm.on_bi.bi_op_bind = rwm_op_bind;
1353 rwm.on_bi.bi_op_search = rwm_op_search;
1354 rwm.on_bi.bi_op_compare = rwm_op_compare;
1355 rwm.on_bi.bi_op_modify = rwm_op_modify;
1356 rwm.on_bi.bi_op_modrdn = rwm_op_modrdn;
1357 rwm.on_bi.bi_op_add = rwm_op_add;
1358 rwm.on_bi.bi_op_delete = rwm_op_delete;
1359 rwm.on_bi.bi_op_unbind = rwm_op_unbind;
1360 rwm.on_bi.bi_extended = rwm_extended;
1362 rwm.on_bi.bi_operational = rwm_operational;
1363 rwm.on_bi.bi_chk_referrals = 0 /* rwm_chk_referrals */ ;
1365 rwm.on_response = rwm_response;
1367 return overlay_register( &rwm );
1370 #if SLAPD_OVER_RWM == SLAPD_MOD_DYNAMIC
1372 init_module( int argc, char *argv[] )
1376 #endif /* SLAPD_OVER_RWM == SLAPD_MOD_DYNAMIC */
1378 #endif /* SLAPD_OVER_RWM */