1 /* rwm.c - rewrite/remap operations */
3 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
5 * Copyright 2003-2005 The OpenLDAP Foundation.
6 * Portions Copyright 2003 Pierangelo Masarati.
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted only as authorized by the OpenLDAP
13 * A copy of this license is available in the file LICENSE in the
14 * top-level directory of the distribution or, alternatively, at
15 * <http://www.OpenLDAP.org/license.html>.
24 #include <ac/string.h>
30 rwm_op_dn_massage( Operation *op, SlapReply *rs, void *cookie )
32 slap_overinst *on = (slap_overinst *) op->o_bd->bd_info;
33 struct ldaprwmap *rwmap =
34 (struct ldaprwmap *)on->on_bi.bi_private;
36 struct berval dn = BER_BVNULL,
42 * Rewrite the dn if needed
48 dc.ctx = (char *)cookie;
49 #else /* ! ENABLE_REWRITE */
50 dc.tofrom = ((int *)cookie)[0];
52 #endif /* ! ENABLE_REWRITE */
54 /* NOTE: in those cases where only the ndn is available,
55 * and the caller sets op->o_req_dn = op->o_req_ndn,
56 * only rewrite the op->o_req_ndn and use it as
57 * op->o_req_dn as well */
59 if ( op->o_req_dn.bv_val != op->o_req_ndn.bv_val ) {
61 rc = rwm_dn_massage_pretty_normalize( &dc, &op->o_req_dn, &dn, &ndn );
63 rc = rwm_dn_massage_normalize( &dc, &op->o_req_ndn, &ndn );
66 if ( rc != LDAP_SUCCESS ) {
70 if ( ( op->o_req_dn.bv_val != op->o_req_ndn.bv_val && dn.bv_val == op->o_req_dn.bv_val )
71 || ndn.bv_val == op->o_req_ndn.bv_val )
76 if ( op->o_req_dn.bv_val != op->o_req_ndn.bv_val ) {
77 op->o_tmpfree( op->o_req_dn.bv_val, op->o_tmpmemctx );
82 op->o_tmpfree( op->o_req_ndn.bv_val, op->o_tmpmemctx );
89 rwm_op_add( Operation *op, SlapReply *rs )
91 slap_overinst *on = (slap_overinst *) op->o_bd->bd_info;
92 struct ldaprwmap *rwmap =
93 (struct ldaprwmap *)on->on_bi.bi_private;
97 Attribute **ap = NULL;
98 char *olddn = op->o_req_dn.bv_val;
101 #ifdef ENABLE_REWRITE
102 rc = rwm_op_dn_massage( op, rs, "addDN" );
103 #else /* ! ENABLE_REWRITE */
105 rc = rwm_op_dn_massage( op, rs, &rc );
106 #endif /* ! ENABLE_REWRITE */
107 if ( rc != LDAP_SUCCESS ) {
108 op->o_bd->bd_info = (BackendInfo *)on->on_info;
109 send_ldap_error( op, rs, rc, "addDN massage error" );
113 if ( olddn != op->o_req_dn.bv_val ) {
114 ch_free( op->ora_e->e_name.bv_val );
115 ch_free( op->ora_e->e_nname.bv_val );
117 ber_dupbv( &op->ora_e->e_name, &op->o_req_dn );
118 ber_dupbv( &op->ora_e->e_nname, &op->o_req_ndn );
121 /* Count number of attributes in entry */
122 isupdate = be_shadow_update( op );
123 for ( i = 0, ap = &op->oq_add.rs_e->e_attrs; *ap; ) {
126 if ( (*ap)->a_desc == slap_schema.si_ad_objectClass ||
127 (*ap)->a_desc == slap_schema.si_ad_structuralObjectClass )
131 for ( last = 0; !BER_BVISNULL( &(*ap)->a_vals[ last ] ); last++ )
134 for ( j = 0; !BER_BVISNULL( &(*ap)->a_vals[ j ] ); j++ ) {
135 struct ldapmapping *mapping = NULL;
137 ( void )rwm_mapping( &rwmap->rwm_oc, &(*ap)->a_vals[ j ],
139 if ( mapping == NULL ) {
140 if ( rwmap->rwm_at.drop_missing ) {
141 /* FIXME: we allow to remove objectClasses as well;
142 * if the resulting entry is inconsistent, that's
143 * the relayed database's business...
145 ch_free( (*ap)->a_vals[ j ].bv_val );
147 (*ap)->a_vals[ j ] = (*ap)->a_vals[ last ];
149 BER_BVZERO( &(*ap)->a_vals[ last ] );
155 ch_free( (*ap)->a_vals[ j ].bv_val );
156 ber_dupbv( &(*ap)->a_vals[ j ], &mapping->m_dst );
160 } else if ( !isupdate && (*ap)->a_desc->ad_type->sat_no_user_mod ) {
164 struct ldapmapping *mapping = NULL;
166 ( void )rwm_mapping( &rwmap->rwm_at, &(*ap)->a_desc->ad_cname,
168 if ( mapping == NULL ) {
169 if ( rwmap->rwm_at.drop_missing ) {
174 if ( (*ap)->a_desc->ad_type->sat_syntax == slap_schema.si_syn_distinguishedName
175 || ( mapping != NULL && mapping->m_dst_ad->ad_type->sat_syntax == slap_schema.si_syn_distinguishedName ) )
178 * FIXME: rewrite could fail; in this case
179 * the operation should give up, right?
181 #ifdef ENABLE_REWRITE
182 rc = rwm_dnattr_rewrite( op, rs, "addAttrDN",
184 (*ap)->a_nvals ? &(*ap)->a_nvals : NULL );
185 #else /* ! ENABLE_REWRITE */
187 rc = rwm_dnattr_rewrite( op, rs, &rc, (*ap)->a_vals,
188 (*ap)->a_nvals ? &(*ap)->a_nvals : NULL );
189 #endif /* ! ENABLE_REWRITE */
194 } else if ( (*ap)->a_desc == slap_schema.si_ad_ref ) {
195 #ifdef ENABLE_REWRITE
196 rc = rwm_referral_rewrite( op, rs, "referralAttrDN",
198 (*ap)->a_nvals ? &(*ap)->a_nvals : NULL );
199 #else /* ! ENABLE_REWRITE */
201 rc = rwm_referral_rewrite( op, rs, &rc, (*ap)->a_vals,
202 (*ap)->a_nvals ? &(*ap)->a_nvals : NULL );
203 #endif /* ! ENABLE_REWRITE */
204 if ( rc != LDAP_SUCCESS ) {
209 if ( mapping != NULL ) {
210 assert( mapping->m_dst_ad );
211 (*ap)->a_desc = mapping->m_dst_ad;
220 /* FIXME: leaking attribute/values? */
227 /* TODO: map attribute types, values of DN-valued attributes ... */
228 return SLAP_CB_CONTINUE;
232 rwm_op_bind( Operation *op, SlapReply *rs )
234 slap_overinst *on = (slap_overinst *) op->o_bd->bd_info;
235 struct ldaprwmap *rwmap =
236 (struct ldaprwmap *)on->on_bi.bi_private;
239 #ifdef ENABLE_REWRITE
240 ( void )rewrite_session_delete( rwmap->rwm_rw, op->o_conn );
241 ( void )rewrite_session_init( rwmap->rwm_rw, op->o_conn );
243 rc = rwm_op_dn_massage( op, rs, "bindDN" );
244 #else /* ! ENABLE_REWRITE */
246 rc = rwm_op_dn_massage( op, rs, &rc );
247 #endif /* ! ENABLE_REWRITE */
248 if ( rc != LDAP_SUCCESS ) {
249 op->o_bd->bd_info = (BackendInfo *)on->on_info;
250 send_ldap_error( op, rs, rc, "bindDN massage error" );
254 return SLAP_CB_CONTINUE;
258 rwm_op_unbind( Operation *op, SlapReply *rs )
260 slap_overinst *on = (slap_overinst *) op->o_bd->bd_info;
261 struct ldaprwmap *rwmap =
262 (struct ldaprwmap *)on->on_bi.bi_private;
264 #ifdef ENABLE_REWRITE
265 rewrite_session_delete( rwmap->rwm_rw, op->o_conn );
266 #endif /* ENABLE_REWRITE */
268 return SLAP_CB_CONTINUE;
272 rwm_op_compare( Operation *op, SlapReply *rs )
274 slap_overinst *on = (slap_overinst *) op->o_bd->bd_info;
275 struct ldaprwmap *rwmap =
276 (struct ldaprwmap *)on->on_bi.bi_private;
279 struct berval mapped_at = BER_BVNULL,
280 mapped_vals[2] = { BER_BVNULL, BER_BVNULL };
282 #ifdef ENABLE_REWRITE
283 rc = rwm_op_dn_massage( op, rs, "compareDN" );
284 #else /* ! ENABLE_REWRITE */
286 rc = rwm_op_dn_massage( op, rs, &rc );
287 #endif /* ! ENABLE_REWRITE */
288 if ( rc != LDAP_SUCCESS ) {
289 op->o_bd->bd_info = (BackendInfo *)on->on_info;
290 send_ldap_error( op, rs, rc, "compareDN massage error" );
294 /* if the attribute is an objectClass, try to remap its value */
295 if ( op->orc_ava->aa_desc == slap_schema.si_ad_objectClass
296 || op->orc_ava->aa_desc == slap_schema.si_ad_structuralObjectClass )
298 rwm_map( &rwmap->rwm_oc, &op->orc_ava->aa_value,
299 &mapped_vals[0], RWM_MAP );
300 if ( BER_BVISNULL( &mapped_vals[0] ) || BER_BVISEMPTY( &mapped_vals[0] ) )
302 op->o_bd->bd_info = (BackendInfo *)on->on_info;
303 send_ldap_error( op, rs, LDAP_OTHER, "compare objectClass map error" );
306 } else if ( mapped_vals[0].bv_val != op->orc_ava->aa_value.bv_val ) {
307 free( op->orc_ava->aa_value.bv_val );
308 op->orc_ava->aa_value = mapped_vals[0];
310 mapped_at = op->orc_ava->aa_desc->ad_cname;
313 struct ldapmapping *mapping = NULL;
314 AttributeDescription *ad = op->orc_ava->aa_desc;
316 ( void )rwm_mapping( &rwmap->rwm_at, &op->orc_ava->aa_desc->ad_cname,
318 if ( mapping == NULL ) {
319 if ( rwmap->rwm_at.drop_missing ) {
320 op->o_bd->bd_info = (BackendInfo *)on->on_info;
321 send_ldap_error( op, rs, LDAP_OTHER, "compare attributeType map error" );
326 assert( mapping->m_dst_ad );
327 ad = mapping->m_dst_ad;
330 if ( op->orc_ava->aa_desc->ad_type->sat_syntax == slap_schema.si_syn_distinguishedName
331 || ( mapping != NULL && mapping->m_dst_ad->ad_type->sat_syntax == slap_schema.si_syn_distinguishedName ) )
333 struct berval *mapped_valsp[2];
335 mapped_valsp[0] = &mapped_vals[0];
336 mapped_valsp[1] = &mapped_vals[1];
338 mapped_vals[0] = op->orc_ava->aa_value;
340 #ifdef ENABLE_REWRITE
341 rc = rwm_dnattr_rewrite( op, rs, "compareAttrDN", NULL, mapped_valsp );
342 #else /* ! ENABLE_REWRITE */
344 rc = rwm_dnattr_rewrite( op, rs, &rc, NULL, mapped_valsp );
345 #endif /* ! ENABLE_REWRITE */
347 if ( rc != LDAP_SUCCESS ) {
348 op->o_bd->bd_info = (BackendInfo *)on->on_info;
349 send_ldap_error( op, rs, rc, "compareAttrDN massage error" );
353 op->orc_ava->aa_value = mapped_vals[0];
355 op->orc_ava->aa_desc = ad;
358 return SLAP_CB_CONTINUE;
362 rwm_op_delete( Operation *op, SlapReply *rs )
364 slap_overinst *on = (slap_overinst *) op->o_bd->bd_info;
367 #ifdef ENABLE_REWRITE
368 rc = rwm_op_dn_massage( op, rs, "deleteDN" );
369 #else /* ! ENABLE_REWRITE */
371 rc = rwm_op_dn_massage( op, rs, &rc );
372 #endif /* ! ENABLE_REWRITE */
373 if ( rc != LDAP_SUCCESS ) {
374 op->o_bd->bd_info = (BackendInfo *)on->on_info;
375 send_ldap_error( op, rs, rc, "deleteDN massage error" );
379 return SLAP_CB_CONTINUE;
383 rwm_op_modify( Operation *op, SlapReply *rs )
385 slap_overinst *on = (slap_overinst *) op->o_bd->bd_info;
386 struct ldaprwmap *rwmap =
387 (struct ldaprwmap *)on->on_bi.bi_private;
393 #ifdef ENABLE_REWRITE
394 rc = rwm_op_dn_massage( op, rs, "modifyDN" );
395 #else /* ! ENABLE_REWRITE */
397 rc = rwm_op_dn_massage( op, rs, &rc );
398 #endif /* ! ENABLE_REWRITE */
399 if ( rc != LDAP_SUCCESS ) {
400 op->o_bd->bd_info = (BackendInfo *)on->on_info;
401 send_ldap_error( op, rs, rc, "modifyDN massage error" );
405 isupdate = be_shadow_update( op );
406 for ( mlp = &op->oq_modify.rs_modlist; *mlp; ) {
409 struct ldapmapping *mapping = NULL;
411 if ( (*mlp)->sml_desc == slap_schema.si_ad_objectClass
412 || (*mlp)->sml_desc == slap_schema.si_ad_structuralObjectClass )
416 } else if ( !isupdate && (*mlp)->sml_desc->ad_type->sat_no_user_mod ) {
422 drop_missing = rwm_mapping( &rwmap->rwm_at,
423 &(*mlp)->sml_desc->ad_cname,
425 if ( drop_missing || ( mapping != NULL && BER_BVISNULL( &mapping->m_dst ) ) )
431 if ( (*mlp)->sml_values != NULL ) {
435 for ( last = 0; !BER_BVISNULL( &(*mlp)->sml_values[ last ] ); last++ )
439 for ( j = 0; !BER_BVISNULL( &(*mlp)->sml_values[ j ] ); j++ ) {
440 struct ldapmapping *oc_mapping = NULL;
442 ( void )rwm_mapping( &rwmap->rwm_oc, &(*mlp)->sml_values[ j ],
443 &oc_mapping, RWM_MAP );
444 if ( oc_mapping == NULL ) {
445 if ( rwmap->rwm_at.drop_missing ) {
446 /* FIXME: we allow to remove objectClasses as well;
447 * if the resulting entry is inconsistent, that's
448 * the relayed database's business...
450 ch_free( (*mlp)->sml_values[ j ].bv_val );
452 (*mlp)->sml_values[ j ] = (*mlp)->sml_values[ last ];
454 BER_BVZERO( &(*mlp)->sml_values[ last ] );
460 ch_free( (*mlp)->sml_values[ j ].bv_val );
461 ber_dupbv( &(*mlp)->sml_values[ j ], &oc_mapping->m_dst );
466 if ( (*mlp)->sml_desc->ad_type->sat_syntax == slap_schema.si_syn_distinguishedName
467 || ( mapping != NULL && mapping->m_dst_ad->ad_type->sat_syntax == slap_schema.si_syn_distinguishedName ) )
469 #ifdef ENABLE_REWRITE
470 rc = rwm_dnattr_rewrite( op, rs, "modifyAttrDN",
472 (*mlp)->sml_nvalues ? &(*mlp)->sml_nvalues : NULL );
473 #else /* ! ENABLE_REWRITE */
475 rc = rwm_dnattr_rewrite( op, rs, &rc,
477 (*mlp)->sml_nvalues ? &(*mlp)->sml_nvalues : NULL );
478 #endif /* ! ENABLE_REWRITE */
480 } else if ( (*mlp)->sml_desc == slap_schema.si_ad_ref ) {
481 #ifdef ENABLE_REWRITE
482 rc = rwm_referral_rewrite( op, rs,
485 (*mlp)->sml_nvalues ? &(*mlp)->sml_nvalues : NULL );
486 #else /* ! ENABLE_REWRITE */
488 rc = rwm_referral_rewrite( op, rs, &rc,
490 (*mlp)->sml_nvalues ? &(*mlp)->sml_nvalues : NULL );
491 #endif /* ! ENABLE_REWRITE */
492 if ( rc != LDAP_SUCCESS ) {
497 if ( rc != LDAP_SUCCESS ) {
504 if ( mapping != NULL ) {
505 /* use new attribute description */
506 assert( mapping->m_dst_ad );
507 (*mlp)->sml_desc = mapping->m_dst_ad;
510 mlp = &(*mlp)->sml_next;
515 *mlp = (*mlp)->sml_next;
516 slap_mod_free( &ml->sml_mod, 0 );
520 return SLAP_CB_CONTINUE;
524 rwm_op_modrdn( Operation *op, SlapReply *rs )
526 slap_overinst *on = (slap_overinst *) op->o_bd->bd_info;
527 struct ldaprwmap *rwmap =
528 (struct ldaprwmap *)on->on_bi.bi_private;
532 if ( op->orr_newSup ) {
534 struct berval nnewSup = BER_BVNULL;
535 struct berval newSup = BER_BVNULL;
538 * Rewrite the new superior, if defined and required
541 #ifdef ENABLE_REWRITE
542 dc.conn = op->o_conn;
544 dc.ctx = "newSuperiorDN";
545 #else /* ! ENABLE_REWRITE */
548 #endif /* ! ENABLE_REWRITE */
549 newSup = *op->orr_newSup;
550 nnewSup = *op->orr_nnewSup;
551 rc = rwm_dn_massage_pretty_normalize( &dc, op->orr_newSup, &newSup, &nnewSup );
552 if ( rc != LDAP_SUCCESS ) {
553 op->o_bd->bd_info = (BackendInfo *)on->on_info;
554 send_ldap_error( op, rs, rc, "newSuperiorDN massage error" );
558 if ( op->orr_newSup->bv_val != newSup.bv_val ) {
559 op->o_tmpfree( op->orr_newSup->bv_val, op->o_tmpmemctx );
560 op->o_tmpfree( op->orr_nnewSup->bv_val, op->o_tmpmemctx );
561 *op->orr_newSup = newSup;
562 *op->orr_nnewSup = nnewSup;
567 * Rewrite the dn, if needed
569 #ifdef ENABLE_REWRITE
570 rc = rwm_op_dn_massage( op, rs, "renameDN" );
571 #else /* ! ENABLE_REWRITE */
573 rc = rwm_op_dn_massage( op, rs, &rc );
574 #endif /* ! ENABLE_REWRITE */
575 if ( rc != LDAP_SUCCESS ) {
576 op->o_bd->bd_info = (BackendInfo *)on->on_info;
577 send_ldap_error( op, rs, rc, "renameDN massage error" );
581 /* TODO: rewrite newRDN, attribute types,
582 * values of DN-valued attributes ... */
583 return SLAP_CB_CONTINUE;
586 static slap_callback *rwm_cb;
593 ber_memfree_x( data, NULL );
596 static slap_callback *
597 rwm_callback_get( Operation *op )
601 if ( op->o_threadctx ) {
602 ldap_pvt_thread_pool_getkey( op->o_threadctx,
603 rwm_keyfree, &data, NULL );
608 if ( data == NULL ) {
609 data = ber_memalloc( sizeof( slap_callback ) );
610 if ( op->o_threadctx ) {
611 ldap_pvt_thread_pool_setkey( op->o_threadctx,
612 rwm_keyfree, data, rwm_keyfree );
615 rwm_cb = (slap_callback *)data;
619 return (slap_callback *)data;
623 rwm_swap_attrs( Operation *op, SlapReply *rs )
625 slap_callback *cb = op->o_callback;
626 AttributeName *an = (AttributeName *)cb->sc_private;
630 return SLAP_CB_CONTINUE;
634 rwm_op_search( Operation *op, SlapReply *rs )
636 slap_overinst *on = (slap_overinst *) op->o_bd->bd_info;
637 struct ldaprwmap *rwmap =
638 (struct ldaprwmap *)on->on_bi.bi_private;
643 struct berval fstr = BER_BVNULL;
646 slap_callback *cb = NULL;
647 AttributeName *an = NULL;
651 #ifdef ENABLE_REWRITE
652 rc = rwm_op_dn_massage( op, rs, "searchDN" );
653 #else /* ! ENABLE_REWRITE */
655 rc = rwm_op_dn_massage( op, rs, &rc );
656 #endif /* ! ENABLE_REWRITE */
657 if ( rc != LDAP_SUCCESS ) {
658 text = "searchDN massage error";
663 * Rewrite the dn if needed
666 #ifdef ENABLE_REWRITE
667 dc.conn = op->o_conn;
669 dc.ctx = "searchFilterAttrDN";
670 #else /* ! ENABLE_REWRITE */
673 #endif /* ! ENABLE_REWRITE */
675 rc = rwm_filter_map_rewrite( &dc, op->ors_filter, &fstr );
676 if ( rc != LDAP_SUCCESS ) {
677 text = "searchFilter/searchFilterAttrDN massage error";
681 f = str2filter_x( op, fstr.bv_val );
684 text = "massaged filter parse error";
688 if ( !BER_BVISNULL( &op->ors_filterstr ) ) {
689 ch_free( op->ors_filterstr.bv_val );
692 if( op->ors_filter ) {
693 filter_free_x( op, op->ors_filter );
697 op->ors_filterstr = fstr;
699 rc = rwm_map_attrnames( &rwmap->rwm_at, &rwmap->rwm_oc,
700 op->ors_attrs, &an, RWM_MAP );
701 if ( rc != LDAP_SUCCESS ) {
702 text = "attribute list mapping error";
706 cb = rwm_callback_get( op );
708 cb->sc_response = rwm_swap_attrs;
709 cb->sc_cleanup = NULL;
710 cb->sc_private = (void *)op->ors_attrs;
711 cb->sc_next = op->o_callback;
716 return SLAP_CB_CONTINUE;
724 filter_free_x( op, f );
727 if ( !BER_BVISNULL( &fstr ) ) {
728 ch_free( fstr.bv_val );
731 op->o_bd->bd_info = (BackendInfo *)on->on_info;
732 send_ldap_error( op, rs, rc, text );
739 rwm_extended( Operation *op, SlapReply *rs )
741 slap_overinst *on = (slap_overinst *) op->o_bd->bd_info;
744 #ifdef ENABLE_REWRITE
745 rc = rwm_op_dn_massage( op, rs, "extendedDN" );
746 #else /* ! ENABLE_REWRITE */
748 rc = rwm_op_dn_massage( op, rs, &rc );
749 #endif /* ! ENABLE_REWRITE */
750 if ( rc != LDAP_SUCCESS ) {
751 op->o_bd->bd_info = (BackendInfo *)on->on_info;
752 send_ldap_error( op, rs, rc, "extendedDN massage error" );
756 /* TODO: rewrite/map extended data ? ... */
757 return SLAP_CB_CONTINUE;
761 rwm_matched( Operation *op, SlapReply *rs )
763 slap_overinst *on = (slap_overinst *) op->o_bd->bd_info;
764 struct ldaprwmap *rwmap =
765 (struct ldaprwmap *)on->on_bi.bi_private;
767 struct berval dn, mdn;
771 if ( rs->sr_matched == NULL ) {
772 return SLAP_CB_CONTINUE;
776 #ifdef ENABLE_REWRITE
777 dc.conn = op->o_conn;
779 dc.ctx = "matchedDN";
780 #else /* ! ENABLE_REWRITE */
783 #endif /* ! ENABLE_REWRITE */
784 ber_str2bv( rs->sr_matched, 0, 0, &dn );
786 rc = rwm_dn_massage_pretty( &dc, &dn, &mdn );
787 if ( rc != LDAP_SUCCESS ) {
789 rs->sr_text = "Rewrite error";
793 if ( mdn.bv_val != dn.bv_val ) {
794 if ( rs->sr_flags & REP_MATCHED_MUSTBEFREED ) {
795 ch_free( (void *)rs->sr_matched );
798 rs->sr_flags |= REP_MATCHED_MUSTBEFREED;
800 rs->sr_matched = mdn.bv_val;
803 return SLAP_CB_CONTINUE;
807 rwm_attrs( Operation *op, SlapReply *rs, Attribute** a_first, int stripEntryDN )
809 slap_overinst *on = (slap_overinst *) op->o_bd->bd_info;
810 struct ldaprwmap *rwmap =
811 (struct ldaprwmap *)on->on_bi.bi_private;
819 * Rewrite the dn attrs, if needed
822 #ifdef ENABLE_REWRITE
823 dc.conn = op->o_conn;
825 #else /* ! ENABLE_REWRITE */
828 #endif /* ! ENABLE_REWRITE */
830 /* FIXME: the entries are in the remote mapping form;
831 * so we need to select those attributes we are willing
832 * to return, and remap them accordingly */
834 /* FIXME: in principle, one could map an attribute
835 * on top of another, which already exists.
836 * As such, in the end there might exist more than
837 * one instance of an attribute.
838 * We should at least check if this occurs, and issue
839 * an error (because multiple instances of attrs in
840 * response are not valid), or merge the values (what
841 * about duplicate values?) */
842 isupdate = be_shadow_update( op );
843 for ( ap = a_first; *ap; ) {
844 struct ldapmapping *mapping = NULL;
849 if ( SLAP_OPATTRS( rs->sr_attr_flags ) && is_at_operational( (*ap)->a_desc->ad_type ) )
854 if ( op->ors_attrs != NULL &&
855 !SLAP_USERATTRS( rs->sr_attr_flags ) &&
856 !ad_inlist( (*ap)->a_desc, op->ors_attrs ) )
861 drop_missing = rwm_mapping( &rwmap->rwm_at,
862 &(*ap)->a_desc->ad_cname, &mapping, RWM_REMAP );
863 if ( drop_missing || ( mapping != NULL && BER_BVISEMPTY( &mapping->m_dst ) ) )
868 if ( mapping != NULL ) {
869 (*ap)->a_desc = mapping->m_dst_ad;
873 if ( (*ap)->a_desc == slap_schema.si_ad_entryDN ) {
874 if ( stripEntryDN ) {
875 /* will be generated by frontend */
879 } else if ( !isupdate
880 && (*ap)->a_desc->ad_type->sat_no_user_mod
881 && (*ap)->a_desc->ad_type != slap_schema.si_at_undefined )
886 for ( last = 0; !BER_BVISNULL( &(*ap)->a_vals[last] ); last++ )
890 /* empty? leave it in place because of attrsonly and vlv */
895 if ( (*ap)->a_desc == slap_schema.si_ad_objectClass
896 || (*ap)->a_desc == slap_schema.si_ad_structuralObjectClass )
900 for ( bv = (*ap)->a_vals; !BER_BVISNULL( bv ); bv++ ) {
901 struct berval mapped;
903 rwm_map( &rwmap->rwm_oc, &bv[0], &mapped, RWM_REMAP );
904 if ( BER_BVISNULL( &mapped ) || BER_BVISEMPTY( &mapped ) ) {
905 ch_free( bv[0].bv_val );
906 BER_BVZERO( &bv[0] );
907 if ( &(*ap)->a_vals[last] > &bv[0] ) {
908 bv[0] = (*ap)->a_vals[last];
909 BER_BVZERO( &(*ap)->a_vals[last] );
914 } else if ( mapped.bv_val != bv[0].bv_val ) {
916 * FIXME: after LBER_FREEing
917 * the value is replaced by
920 ch_free( bv[0].bv_val );
921 ber_dupbv( &bv[0], &mapped );
926 * It is necessary to try to rewrite attributes with
927 * dn syntax because they might be used in ACLs as
928 * members of groups; since ACLs are applied to the
929 * rewritten stuff, no dn-based subject clause could
930 * be used at the ldap backend side (see
931 * http://www.OpenLDAP.org/faq/data/cache/452.html)
932 * The problem can be overcome by moving the dn-based
933 * ACLs to the target directory server, and letting
934 * everything pass thru the ldap backend. */
935 /* FIXME: handle distinguishedName-like syntaxes, like
936 * nameAndOptionalUID */
937 } else if ( (*ap)->a_desc->ad_type->sat_syntax == slap_schema.si_syn_distinguishedName
938 || ( mapping != NULL && mapping->m_src_ad->ad_type->sat_syntax == slap_schema.si_syn_distinguishedName ) )
940 #ifdef ENABLE_REWRITE
941 dc.ctx = "searchAttrDN";
942 #endif /* ENABLE_REWRITE */
943 rc = rwm_dnattr_result_rewrite( &dc, (*ap)->a_vals );
944 if ( rc != LDAP_SUCCESS ) {
948 } else if ( (*ap)->a_desc == slap_schema.si_ad_ref ) {
949 #ifdef ENABLE_REWRITE
950 dc.ctx = "searchAttrDN";
951 #endif /* ENABLE_REWRITE */
952 rc = rwm_referral_result_rewrite( &dc, (*ap)->a_vals );
953 if ( rc != LDAP_SUCCESS ) {
958 if ( mapping != NULL ) {
959 /* rewrite the attribute description */
960 assert( mapping->m_dst_ad );
961 (*ap)->a_desc = mapping->m_dst_ad;
979 rwm_send_entry( Operation *op, SlapReply *rs )
981 slap_overinst *on = (slap_overinst *) op->o_bd->bd_info;
982 struct ldaprwmap *rwmap =
983 (struct ldaprwmap *)on->on_bi.bi_private;
987 struct berval dn = BER_BVNULL,
992 assert( rs->sr_entry );
995 * Rewrite the dn of the result, if needed
998 #ifdef ENABLE_REWRITE
999 dc.conn = op->o_conn;
1001 dc.ctx = "searchEntryDN";
1002 #else /* ! ENABLE_REWRITE */
1005 #endif /* ! ENABLE_REWRITE */
1008 flags = rs->sr_flags;
1009 if ( !( rs->sr_flags & REP_ENTRY_MODIFIABLE ) ) {
1010 /* FIXME: all we need to duplicate are:
1013 * - attributes that are requested
1014 * - no values if attrsonly is set
1019 rc = LDAP_NO_MEMORY;
1023 flags |= ( REP_ENTRY_MODIFIABLE | REP_ENTRY_MUSTBEFREED );
1027 * Note: this may fail if the target host(s) schema differs
1028 * from the one known to the meta, and a DN with unknown
1029 * attributes is returned.
1033 rc = rwm_dn_massage_pretty_normalize( &dc, &e->e_name, &dn, &ndn );
1034 if ( rc != LDAP_SUCCESS ) {
1039 if ( e->e_name.bv_val != dn.bv_val ) {
1040 ch_free( e->e_name.bv_val );
1041 ch_free( e->e_nname.bv_val );
1047 /* TODO: map entry attribute types, objectclasses
1048 * and dn-valued attribute values */
1050 /* FIXME: the entries are in the remote mapping form;
1051 * so we need to select those attributes we are willing
1052 * to return, and remap them accordingly */
1053 (void)rwm_attrs( op, rs, &e->e_attrs, 1 );
1056 if ( rs->sr_operational_attrs ) {
1057 (void)rwm_attrs( op, rs, &rs->sr_operational_attrs, 0 );
1062 rs->sr_flags = flags;
1064 return SLAP_CB_CONTINUE;
1067 if ( e != NULL && e != rs->sr_entry ) {
1068 if ( e->e_name.bv_val == dn.bv_val ) {
1069 BER_BVZERO( &e->e_name );
1072 if ( e->e_nname.bv_val == ndn.bv_val ) {
1073 BER_BVZERO( &e->e_nname );
1079 if ( !BER_BVISNULL( &dn ) ) {
1080 ch_free( dn.bv_val );
1083 if ( !BER_BVISNULL( &ndn ) ) {
1084 ch_free( ndn.bv_val );
1091 rwm_operational( Operation *op, SlapReply *rs )
1093 /* FIXME: the entries are in the remote mapping form;
1094 * so we need to select those attributes we are willing
1095 * to return, and remap them accordingly */
1096 if ( rs->sr_operational_attrs ) {
1097 rwm_attrs( op, rs, &rs->sr_operational_attrs, 1 );
1100 return SLAP_CB_CONTINUE;
1104 /* don't use this; it cannot be reverted, and leaves op->o_req_dn
1105 * rewritten for subsequent operations; fine for plain suffixmassage,
1106 * but destroys everything else */
1108 rwm_chk_referrals( Operation *op, SlapReply *rs )
1110 slap_overinst *on = (slap_overinst *) op->o_bd->bd_info;
1113 #ifdef ENABLE_REWRITE
1114 rc = rwm_op_dn_massage( op, rs, "referralCheckDN" );
1115 #else /* ! ENABLE_REWRITE */
1117 rc = rwm_op_dn_massage( op, rs, &rc );
1118 #endif /* ! ENABLE_REWRITE */
1119 if ( rc != LDAP_SUCCESS ) {
1120 op->o_bd->bd_info = (BackendInfo *)on->on_info;
1121 send_ldap_error( op, rs, rc, "referralCheckDN massage error" );
1125 return SLAP_CB_CONTINUE;
1138 #ifdef ENABLE_REWRITE
1139 slap_overinst *on = (slap_overinst *) be->bd_info;
1140 struct ldaprwmap *rwmap =
1141 (struct ldaprwmap *)on->on_bi.bi_private;
1143 return rewrite_parse( rwmap->rwm_rw,
1144 fname, lineno, argc, argv );
1146 #else /* !ENABLE_REWRITE */
1147 fprintf( stderr, "%s: line %d: rewrite capabilities "
1148 "are not enabled\n", fname, lineno );
1149 #endif /* !ENABLE_REWRITE */
1155 rwm_suffixmassage_config(
1163 slap_overinst *on = (slap_overinst *) be->bd_info;
1164 struct ldaprwmap *rwmap =
1165 (struct ldaprwmap *)on->on_bi.bi_private;
1167 struct berval bvnc, nvnc, pvnc, brnc, nrnc, prnc;
1169 #ifdef ENABLE_REWRITE
1171 #endif /* ENABLE_REWRITE */
1176 * suffixmassage [<suffix>] <massaged suffix>
1178 * the [<suffix>] field must be defined as a valid suffix
1179 * for the current database;
1180 * the <massaged suffix> shouldn't have already been
1181 * defined as a valid suffix for the current server
1184 if ( be->be_suffix == NULL ) {
1185 fprintf( stderr, "%s: line %d: "
1186 " \"suffixMassage [<suffix>]"
1187 " <massaged suffix>\" without "
1188 "<suffix> part requires database "
1189 "suffix be defined first.\n",
1193 bvnc = be->be_suffix[ 0 ];
1196 } else if ( argc == 3 ) {
1197 ber_str2bv( argv[ 1 ], 0, 0, &bvnc );
1201 fprintf( stderr, "%s: line %d: syntax is"
1202 " \"suffixMassage [<suffix>]"
1203 " <massaged suffix>\"\n",
1208 if ( dnPrettyNormal( NULL, &bvnc, &pvnc, &nvnc, NULL ) != LDAP_SUCCESS ) {
1209 fprintf( stderr, "%s: line %d: suffix DN %s is invalid\n",
1210 fname, lineno, bvnc.bv_val );
1214 ber_str2bv( argv[ massaged ], 0, 0, &brnc );
1215 if ( dnPrettyNormal( NULL, &brnc, &prnc, &nrnc, NULL ) != LDAP_SUCCESS ) {
1216 fprintf( stderr, "%s: line %d: suffix DN %s is invalid\n",
1217 fname, lineno, brnc.bv_val );
1218 free( nvnc.bv_val );
1219 free( pvnc.bv_val );
1223 #ifdef ENABLE_REWRITE
1225 * The suffix massaging is emulated
1226 * by means of the rewrite capabilities
1228 rc = rwm_suffix_massage_config( rwmap->rwm_rw,
1229 &pvnc, &nvnc, &prnc, &nrnc );
1230 free( nvnc.bv_val );
1231 free( pvnc.bv_val );
1232 free( nrnc.bv_val );
1233 free( prnc.bv_val );
1237 #else /* !ENABLE_REWRITE */
1238 ber_bvarray_add( &rwmap->rwm_suffix_massage, &pvnc );
1239 ber_bvarray_add( &rwmap->rwm_suffix_massage, &nvnc );
1241 ber_bvarray_add( &rwmap->rwm_suffix_massage, &prnc );
1242 ber_bvarray_add( &rwmap->rwm_suffix_massage, &nrnc );
1243 #endif /* !ENABLE_REWRITE */
1257 slap_overinst *on = (slap_overinst *) be->bd_info;
1258 struct ldaprwmap *rwmap =
1259 (struct ldaprwmap *)on->on_bi.bi_private;
1261 /* objectclass/attribute mapping */
1262 return rwm_map_config( &rwmap->rwm_oc,
1264 fname, lineno, argc, argv );
1268 rwm_response( Operation *op, SlapReply *rs )
1270 slap_overinst *on = (slap_overinst *)op->o_bd->bd_info;
1271 struct ldaprwmap *rwmap =
1272 (struct ldaprwmap *)on->on_bi.bi_private;
1276 if ( op->o_tag == LDAP_REQ_SEARCH && rs->sr_type == REP_SEARCH ) {
1277 return rwm_send_entry( op, rs );
1280 switch( op->o_tag ) {
1281 case LDAP_REQ_SEARCH:
1282 /* Note: the operation attrs are remapped */
1283 if ( rs->sr_type == REP_RESULT
1284 && op->ors_attrs != NULL
1285 && op->ors_attrs != rs->sr_attrs )
1287 ch_free( op->ors_attrs );
1288 op->ors_attrs = rs->sr_attrs;
1294 case LDAP_REQ_DELETE:
1295 case LDAP_REQ_MODRDN:
1296 case LDAP_REQ_MODIFY:
1297 case LDAP_REQ_COMPARE:
1298 case LDAP_REQ_EXTENDED:
1303 * Rewrite the dn of the referrals, if needed
1306 #ifdef ENABLE_REWRITE
1307 dc.conn = op->o_conn;
1309 dc.ctx = "referralDN";
1310 #else /* ! ENABLE_REWRITE */
1313 #endif /* ! ENABLE_REWRITE */
1314 rc = rwm_referral_result_rewrite( &dc, rs->sr_ref );
1315 if ( rc != LDAP_SUCCESS ) {
1320 rc = rwm_matched( op, rs );
1324 rc = SLAP_CB_CONTINUE;
1340 slap_overinst *on = (slap_overinst *) be->bd_info;
1341 struct ldaprwmap *rwmap =
1342 (struct ldaprwmap *)on->on_bi.bi_private;
1347 if ( strncasecmp( argv[ 0 ], "rwm-", STRLENOF( "rwm-" ) ) == 0 ) {
1349 argv[ 0 ] = &argv0[ STRLENOF( "rwm-" ) ];
1352 if ( strncasecmp( argv[0], "rewrite", STRLENOF("rewrite") ) == 0 ) {
1353 rc = rwm_rw_config( be, fname, lineno, argc, argv );
1355 } else if ( strcasecmp( argv[0], "map" ) == 0 ) {
1356 rc = rwm_m_config( be, fname, lineno, argc, argv );
1358 } else if ( strcasecmp( argv[0], "suffixmassage" ) == 0 ) {
1359 rc = rwm_suffixmassage_config( be, fname, lineno, argc, argv );
1361 } else if ( strcasecmp( argv[0], "t-f-support" ) == 0 ) {
1364 "%s: line %d: \"t-f-support {no|yes|discover}\" needs 1 argument.\n",
1369 if ( strcasecmp( argv[ 1 ], "no" ) == 0 ) {
1370 rwmap->rwm_flags &= ~(RWM_F_SUPPORT_T_F|RWM_F_SUPPORT_T_F_DISCOVER);
1372 } else if ( strcasecmp( argv[ 1 ], "yes" ) == 0 ) {
1373 rwmap->rwm_flags |= RWM_F_SUPPORT_T_F;
1376 /* TODO: not implemented yet */
1377 } else if ( strcasecmp( argv[ 1 ], "discover" ) == 0 ) {
1378 rwmap->rwm_flags |= RWM_F_SUPPORT_T_F_DISCOVER;
1383 "%s: line %d: unknown value \"%s\" for \"t-f-support {no|yes|discover}\".\n",
1384 fname, lineno, argv[ 1 ] );
1389 rc = SLAP_CONF_UNKNOWN;
1404 slap_overinst *on = (slap_overinst *) be->bd_info;
1405 struct ldapmapping *mapping = NULL;
1406 struct ldaprwmap *rwmap;
1408 rwmap = (struct ldaprwmap *)ch_malloc(sizeof(struct ldaprwmap));
1409 memset(rwmap, 0, sizeof(struct ldaprwmap));
1411 #ifdef ENABLE_REWRITE
1412 rwmap->rwm_rw = rewrite_info_init( REWRITE_MODE_USE_DEFAULT );
1413 if ( rwmap->rwm_rw == NULL ) {
1421 /* this rewriteContext by default must be null;
1422 * rules can be added if required */
1423 rargv[ 0 ] = "rewriteContext";
1424 rargv[ 1 ] = "searchFilter";
1426 rewrite_parse( rwmap->rwm_rw, "<suffix massage>", 1, 2, rargv );
1428 rargv[ 0 ] = "rewriteContext";
1429 rargv[ 1 ] = "default";
1431 rewrite_parse( rwmap->rwm_rw, "<suffix massage>", 2, 2, rargv );
1434 #endif /* ENABLE_REWRITE */
1436 if ( rwm_map_init( &rwmap->rwm_oc, &mapping ) != LDAP_SUCCESS ||
1437 rwm_map_init( &rwmap->rwm_at, &mapping ) != LDAP_SUCCESS )
1442 on->on_bi.bi_private = (void *)rwmap;
1452 slap_overinst *on = (slap_overinst *) be->bd_info;
1455 if ( on->on_bi.bi_private ) {
1456 struct ldaprwmap *rwmap =
1457 (struct ldaprwmap *)on->on_bi.bi_private;
1459 #ifdef ENABLE_REWRITE
1460 if (rwmap->rwm_rw) {
1461 rewrite_info_delete( &rwmap->rwm_rw );
1463 #else /* !ENABLE_REWRITE */
1464 if ( rwmap->rwm_suffix_massage ) {
1465 ber_bvarray_free( rwmap->rwm_suffix_massage );
1467 #endif /* !ENABLE_REWRITE */
1469 avl_free( rwmap->rwm_oc.remap, NULL );
1470 avl_free( rwmap->rwm_oc.map, rwm_mapping_free );
1471 avl_free( rwmap->rwm_at.remap, NULL );
1472 avl_free( rwmap->rwm_at.map, rwm_mapping_free );
1478 static slap_overinst rwm = { { NULL } };
1483 memset( &rwm, 0, sizeof( slap_overinst ) );
1485 rwm.on_bi.bi_type = "rwm";
1487 rwm.on_bi.bi_db_init = rwm_db_init;
1488 rwm.on_bi.bi_db_config = rwm_db_config;
1489 rwm.on_bi.bi_db_destroy = rwm_db_destroy;
1491 rwm.on_bi.bi_op_bind = rwm_op_bind;
1492 rwm.on_bi.bi_op_search = rwm_op_search;
1493 rwm.on_bi.bi_op_compare = rwm_op_compare;
1494 rwm.on_bi.bi_op_modify = rwm_op_modify;
1495 rwm.on_bi.bi_op_modrdn = rwm_op_modrdn;
1496 rwm.on_bi.bi_op_add = rwm_op_add;
1497 rwm.on_bi.bi_op_delete = rwm_op_delete;
1498 rwm.on_bi.bi_op_unbind = rwm_op_unbind;
1499 rwm.on_bi.bi_extended = rwm_extended;
1501 rwm.on_bi.bi_operational = rwm_operational;
1502 rwm.on_bi.bi_chk_referrals = 0 /* rwm_chk_referrals */ ;
1504 rwm.on_response = rwm_response;
1506 return overlay_register( &rwm );
1509 #if SLAPD_OVER_RWM == SLAPD_MOD_DYNAMIC
1511 init_module( int argc, char *argv[] )
1515 #endif /* SLAPD_OVER_RWM == SLAPD_MOD_DYNAMIC */
1517 #endif /* SLAPD_OVER_RWM */