1 /* rwm.c - rewrite/remap operations */
3 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
5 * Copyright 2003-2008 The OpenLDAP Foundation.
6 * Portions Copyright 2003 Pierangelo Masarati.
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted only as authorized by the OpenLDAP
13 * A copy of this license is available in the file LICENSE in the
14 * top-level directory of the distribution or, alternatively, at
15 * <http://www.OpenLDAP.org/license.html>.
24 #include <ac/string.h>
31 typedef struct rwm_op_state {
37 AttributeName *mapped_attrs;
42 rwm_db_destroy( BackendDB *be, ConfigReply *cr );
44 typedef struct rwm_op_cb {
50 rwm_op_cleanup( Operation *op, SlapReply *rs )
52 slap_callback *cb = op->o_callback;
53 rwm_op_state *ros = cb->sc_private;
55 if ( rs->sr_type == REP_RESULT || rs->sr_type == REP_EXTENDED ||
56 op->o_abandon || rs->sr_err == SLAPD_ABANDON ) {
58 op->o_req_dn = ros->ro_dn;
59 op->o_req_ndn = ros->ro_ndn;
61 if ( !BER_BVISNULL( &ros->r_dn )
62 && ros->r_dn.bv_val != ros->r_ndn.bv_val )
64 ch_free( ros->r_dn.bv_val );
65 BER_BVZERO( &ros->r_dn );
68 if ( !BER_BVISNULL( &ros->r_ndn ) ) {
69 ch_free( ros->r_ndn.bv_val );
70 BER_BVZERO( &ros->r_ndn );
73 switch( ros->r_tag ) {
74 case LDAP_REQ_COMPARE:
75 if ( op->orc_ava->aa_value.bv_val != ros->orc_ava->aa_value.bv_val )
76 op->o_tmpfree( op->orc_ava->aa_value.bv_val, op->o_tmpmemctx );
77 op->orc_ava = ros->orc_ava;
80 slap_mods_free( op->orm_modlist, 1 );
81 op->orm_modlist = ros->orm_modlist;
84 if ( op->orr_newSup != ros->orr_newSup ) {
85 ch_free( op->orr_newSup->bv_val );
86 ch_free( op->orr_nnewSup->bv_val );
87 op->o_tmpfree( op->orr_newSup, op->o_tmpmemctx );
88 op->o_tmpfree( op->orr_nnewSup, op->o_tmpmemctx );
89 op->orr_newSup = ros->orr_newSup;
90 op->orr_nnewSup = ros->orr_nnewSup;
94 ch_free( ros->mapped_attrs );
95 filter_free_x( op, op->ors_filter );
96 ch_free( op->ors_filterstr.bv_val );
97 op->ors_attrs = ros->ors_attrs;
98 op->ors_filter = ros->ors_filter;
99 op->ors_filterstr = ros->ors_filterstr;
101 case LDAP_REQ_EXTENDED:
102 if ( op->ore_reqdata != ros->ore_reqdata ) {
103 ber_bvfree( op->ore_reqdata );
104 op->ore_reqdata = ros->ore_reqdata;
108 if ( rs->sr_err == LDAP_SUCCESS ) {
110 ldap_pvt_thread_mutex_lock( &op->o_conn->c_mutex );
111 /* too late, c_mutex released */
112 fprintf( stderr, "*** DN: \"%s\" => \"%s\"\n",
113 op->o_conn->c_ndn.bv_val,
114 op->o_req_ndn.bv_val );
115 ber_bvreplace( &op->o_conn->c_ndn,
117 ldap_pvt_thread_mutex_unlock( &op->o_conn->c_mutex );
123 op->o_callback = op->o_callback->sc_next;
124 op->o_tmpfree( cb, op->o_tmpmemctx );
127 return SLAP_CB_CONTINUE;
131 rwm_callback_get( Operation *op, SlapReply *rs )
133 rwm_op_cb *roc = NULL;
135 roc = op->o_tmpalloc( sizeof( struct rwm_op_cb ), op->o_tmpmemctx );
136 roc->cb.sc_cleanup = rwm_op_cleanup;
137 roc->cb.sc_response = NULL;
138 roc->cb.sc_next = op->o_callback;
139 roc->cb.sc_private = &roc->ros;
140 roc->ros.r_tag = op->o_tag;
141 roc->ros.ro_dn = op->o_req_dn;
142 roc->ros.ro_ndn = op->o_req_ndn;
143 roc->ros.o_request = op->o_request;
144 BER_BVZERO( &roc->ros.r_dn );
145 BER_BVZERO( &roc->ros.r_ndn );
152 rwm_op_dn_massage( Operation *op, SlapReply *rs, void *cookie,
155 slap_overinst *on = (slap_overinst *) op->o_bd->bd_info;
156 struct ldaprwmap *rwmap =
157 (struct ldaprwmap *)on->on_bi.bi_private;
159 struct berval dn = BER_BVNULL,
165 * Rewrite the dn if needed
168 dc.conn = op->o_conn;
170 dc.ctx = (char *)cookie;
172 /* NOTE: in those cases where only the ndn is available,
173 * and the caller sets op->o_req_dn = op->o_req_ndn,
174 * only rewrite the op->o_req_ndn and use it as
175 * op->o_req_dn as well */
177 if ( op->o_req_dn.bv_val != op->o_req_ndn.bv_val ) {
179 rc = rwm_dn_massage_pretty_normalize( &dc, &op->o_req_dn, &dn, &ndn );
181 rc = rwm_dn_massage_normalize( &dc, &op->o_req_ndn, &ndn );
184 if ( rc != LDAP_SUCCESS ) {
188 if ( ( op->o_req_dn.bv_val != op->o_req_ndn.bv_val && dn.bv_val == op->o_req_dn.bv_val )
189 || ndn.bv_val == op->o_req_ndn.bv_val )
194 if ( op->o_req_dn.bv_val != op->o_req_ndn.bv_val ) {
207 rwm_op_add( Operation *op, SlapReply *rs )
209 slap_overinst *on = (slap_overinst *) op->o_bd->bd_info;
210 struct ldaprwmap *rwmap =
211 (struct ldaprwmap *)on->on_bi.bi_private;
215 Attribute **ap = NULL;
216 char *olddn = op->o_req_dn.bv_val;
219 rwm_op_cb *roc = rwm_callback_get( op, rs );
221 rc = rwm_op_dn_massage( op, rs, "addDN", &roc->ros );
222 if ( rc != LDAP_SUCCESS ) {
223 op->o_bd->bd_info = (BackendInfo *)on->on_info;
224 send_ldap_error( op, rs, rc, "addDN massage error" );
228 if ( olddn != op->o_req_dn.bv_val ) {
229 ber_bvreplace( &op->ora_e->e_name, &op->o_req_dn );
230 ber_bvreplace( &op->ora_e->e_nname, &op->o_req_ndn );
233 /* Count number of attributes in entry */
234 isupdate = be_shadow_update( op );
235 for ( i = 0, ap = &op->oq_add.rs_e->e_attrs; *ap; ) {
238 if ( (*ap)->a_desc == slap_schema.si_ad_objectClass ||
239 (*ap)->a_desc == slap_schema.si_ad_structuralObjectClass )
243 last = (*ap)->a_numvals - 1;
244 for ( j = 0; !BER_BVISNULL( &(*ap)->a_vals[ j ] ); j++ ) {
245 struct ldapmapping *mapping = NULL;
247 ( void )rwm_mapping( &rwmap->rwm_oc, &(*ap)->a_vals[ j ],
249 if ( mapping == NULL ) {
250 if ( rwmap->rwm_at.drop_missing ) {
251 /* FIXME: we allow to remove objectClasses as well;
252 * if the resulting entry is inconsistent, that's
253 * the relayed database's business...
255 ch_free( (*ap)->a_vals[ j ].bv_val );
257 (*ap)->a_vals[ j ] = (*ap)->a_vals[ last ];
259 BER_BVZERO( &(*ap)->a_vals[ last ] );
266 ch_free( (*ap)->a_vals[ j ].bv_val );
267 ber_dupbv( &(*ap)->a_vals[ j ], &mapping->m_dst );
271 } else if ( !isupdate && !get_relax( op ) && (*ap)->a_desc->ad_type->sat_no_user_mod )
276 struct ldapmapping *mapping = NULL;
278 ( void )rwm_mapping( &rwmap->rwm_at, &(*ap)->a_desc->ad_cname,
280 if ( mapping == NULL ) {
281 if ( rwmap->rwm_at.drop_missing ) {
286 if ( (*ap)->a_desc->ad_type->sat_syntax == slap_schema.si_syn_distinguishedName
287 || ( mapping != NULL && mapping->m_dst_ad->ad_type->sat_syntax == slap_schema.si_syn_distinguishedName ) )
290 * FIXME: rewrite could fail; in this case
291 * the operation should give up, right?
293 rc = rwm_dnattr_rewrite( op, rs, "addAttrDN",
295 (*ap)->a_nvals ? &(*ap)->a_nvals : NULL );
300 } else if ( (*ap)->a_desc == slap_schema.si_ad_ref ) {
301 rc = rwm_referral_rewrite( op, rs, "referralAttrDN",
303 (*ap)->a_nvals ? &(*ap)->a_nvals : NULL );
304 if ( rc != LDAP_SUCCESS ) {
309 if ( mapping != NULL ) {
310 assert( mapping->m_dst_ad != NULL );
311 (*ap)->a_desc = mapping->m_dst_ad;
320 /* FIXME: leaking attribute/values? */
327 op->o_callback = &roc->cb;
329 return SLAP_CB_CONTINUE;
333 rwm_conn_init( BackendDB *be, Connection *conn )
335 slap_overinst *on = (slap_overinst *) be->bd_info;
336 struct ldaprwmap *rwmap =
337 (struct ldaprwmap *)on->on_bi.bi_private;
339 ( void )rewrite_session_init( rwmap->rwm_rw, conn );
341 return SLAP_CB_CONTINUE;
345 rwm_conn_destroy( BackendDB *be, Connection *conn )
347 slap_overinst *on = (slap_overinst *) be->bd_info;
348 struct ldaprwmap *rwmap =
349 (struct ldaprwmap *)on->on_bi.bi_private;
351 ( void )rewrite_session_delete( rwmap->rwm_rw, conn );
353 return SLAP_CB_CONTINUE;
357 rwm_op_bind( Operation *op, SlapReply *rs )
359 slap_overinst *on = (slap_overinst *) op->o_bd->bd_info;
362 rwm_op_cb *roc = rwm_callback_get( op, rs );
364 rc = rwm_op_dn_massage( op, rs, "bindDN", &roc->ros );
365 if ( rc != LDAP_SUCCESS ) {
366 op->o_bd->bd_info = (BackendInfo *)on->on_info;
367 send_ldap_error( op, rs, rc, "bindDN massage error" );
371 overlay_callback_after_backover( op, &roc->cb, 1 );
373 return SLAP_CB_CONTINUE;
377 rwm_op_unbind( Operation *op, SlapReply *rs )
379 slap_overinst *on = (slap_overinst *) op->o_bd->bd_info;
380 struct ldaprwmap *rwmap =
381 (struct ldaprwmap *)on->on_bi.bi_private;
383 rewrite_session_delete( rwmap->rwm_rw, op->o_conn );
385 return SLAP_CB_CONTINUE;
389 rwm_op_compare( Operation *op, SlapReply *rs )
391 slap_overinst *on = (slap_overinst *) op->o_bd->bd_info;
392 struct ldaprwmap *rwmap =
393 (struct ldaprwmap *)on->on_bi.bi_private;
396 struct berval mapped_vals[2] = { BER_BVNULL, BER_BVNULL };
398 rwm_op_cb *roc = rwm_callback_get( op, rs );
400 rc = rwm_op_dn_massage( op, rs, "compareDN", &roc->ros );
401 if ( rc != LDAP_SUCCESS ) {
402 op->o_bd->bd_info = (BackendInfo *)on->on_info;
403 send_ldap_error( op, rs, rc, "compareDN massage error" );
407 /* if the attribute is an objectClass, try to remap its value */
408 if ( op->orc_ava->aa_desc == slap_schema.si_ad_objectClass
409 || op->orc_ava->aa_desc == slap_schema.si_ad_structuralObjectClass )
411 rwm_map( &rwmap->rwm_oc, &op->orc_ava->aa_value,
412 &mapped_vals[0], RWM_MAP );
413 if ( BER_BVISNULL( &mapped_vals[0] ) || BER_BVISEMPTY( &mapped_vals[0] ) )
415 op->o_bd->bd_info = (BackendInfo *)on->on_info;
416 send_ldap_error( op, rs, LDAP_OTHER, "compare objectClass map error" );
419 } else if ( mapped_vals[0].bv_val != op->orc_ava->aa_value.bv_val ) {
420 ber_dupbv_x( &op->orc_ava->aa_value, &mapped_vals[0],
425 struct ldapmapping *mapping = NULL;
426 AttributeDescription *ad = op->orc_ava->aa_desc;
428 ( void )rwm_mapping( &rwmap->rwm_at, &op->orc_ava->aa_desc->ad_cname,
430 if ( mapping == NULL ) {
431 if ( rwmap->rwm_at.drop_missing ) {
432 op->o_bd->bd_info = (BackendInfo *)on->on_info;
433 send_ldap_error( op, rs, LDAP_OTHER, "compare attributeType map error" );
438 assert( mapping->m_dst_ad != NULL );
439 ad = mapping->m_dst_ad;
442 if ( op->orc_ava->aa_desc->ad_type->sat_syntax == slap_schema.si_syn_distinguishedName
443 || ( mapping != NULL && mapping->m_dst_ad->ad_type->sat_syntax == slap_schema.si_syn_distinguishedName ) )
445 struct berval *mapped_valsp[2];
447 mapped_valsp[0] = &mapped_vals[0];
448 mapped_valsp[1] = &mapped_vals[1];
450 mapped_vals[0] = op->orc_ava->aa_value;
452 rc = rwm_dnattr_rewrite( op, rs, "compareAttrDN", NULL, mapped_valsp );
454 if ( rc != LDAP_SUCCESS ) {
455 op->o_bd->bd_info = (BackendInfo *)on->on_info;
456 send_ldap_error( op, rs, rc, "compareAttrDN massage error" );
460 if ( mapped_vals[ 0 ].bv_val != op->orc_ava->aa_value.bv_val ) {
461 /* NOTE: if we get here, rwm_dnattr_rewrite()
462 * already freed the old value, so now
464 ber_dupbv_x( &op->orc_ava->aa_value, &mapped_vals[0],
466 ber_memfree_x( mapped_vals[ 0 ].bv_val, NULL );
469 op->orc_ava->aa_desc = ad;
472 op->o_callback = &roc->cb;
474 return SLAP_CB_CONTINUE;
478 rwm_op_delete( Operation *op, SlapReply *rs )
480 slap_overinst *on = (slap_overinst *) op->o_bd->bd_info;
483 rwm_op_cb *roc = rwm_callback_get( op, rs );
485 rc = rwm_op_dn_massage( op, rs, "deleteDN", &roc->ros );
486 if ( rc != LDAP_SUCCESS ) {
487 op->o_bd->bd_info = (BackendInfo *)on->on_info;
488 send_ldap_error( op, rs, rc, "deleteDN massage error" );
492 op->o_callback = &roc->cb;
494 return SLAP_CB_CONTINUE;
498 rwm_op_modify( Operation *op, SlapReply *rs )
500 slap_overinst *on = (slap_overinst *) op->o_bd->bd_info;
501 struct ldaprwmap *rwmap =
502 (struct ldaprwmap *)on->on_bi.bi_private;
508 rwm_op_cb *roc = rwm_callback_get( op, rs );
510 rc = rwm_op_dn_massage( op, rs, "modifyDN", &roc->ros );
511 if ( rc != LDAP_SUCCESS ) {
512 op->o_bd->bd_info = (BackendInfo *)on->on_info;
513 send_ldap_error( op, rs, rc, "modifyDN massage error" );
517 isupdate = be_shadow_update( op );
518 for ( mlp = &op->orm_modlist; *mlp; ) {
520 Modifications *ml = *mlp;
521 struct ldapmapping *mapping = NULL;
523 /* ml points to a temporary mod until needs duplication */
524 if ( ml->sml_desc == slap_schema.si_ad_objectClass
525 || ml->sml_desc == slap_schema.si_ad_structuralObjectClass )
529 } else if ( !isupdate && !get_relax( op ) && ml->sml_desc->ad_type->sat_no_user_mod )
531 ml = ch_malloc( sizeof( Modifications ) );
533 if ( (*mlp)->sml_values ) {
534 ber_bvarray_dup_x( &ml->sml_values, (*mlp)->sml_values, NULL );
535 if ( (*mlp)->sml_nvalues ) {
536 ber_bvarray_dup_x( &ml->sml_nvalues, (*mlp)->sml_nvalues, NULL );
545 drop_missing = rwm_mapping( &rwmap->rwm_at,
546 &ml->sml_desc->ad_cname,
548 if ( drop_missing || ( mapping != NULL && BER_BVISNULL( &mapping->m_dst ) ) )
554 /* duplicate the modlist */
555 ml = ch_malloc( sizeof( Modifications ));
559 if ( ml->sml_values != NULL ) {
563 for ( num = 0; !BER_BVISNULL( &ml->sml_values[ num ] ); num++ )
566 bva = ch_malloc( (num+1) * sizeof( struct berval ));
567 for (i=0; i<num; i++)
568 ber_dupbv( &bva[i], &ml->sml_values[i] );
569 BER_BVZERO( &bva[i] );
570 ml->sml_values = bva;
572 if ( ml->sml_nvalues ) {
573 bva = ch_malloc( (num+1) * sizeof( struct berval ));
574 for (i=0; i<num; i++)
575 ber_dupbv( &bva[i], &ml->sml_nvalues[i] );
576 BER_BVZERO( &bva[i] );
577 ml->sml_nvalues = bva;
585 for ( j = 0; !BER_BVISNULL( &ml->sml_values[ j ] ); j++ ) {
586 struct ldapmapping *oc_mapping = NULL;
588 ( void )rwm_mapping( &rwmap->rwm_oc, &ml->sml_values[ j ],
589 &oc_mapping, RWM_MAP );
590 if ( oc_mapping == NULL ) {
591 if ( rwmap->rwm_at.drop_missing ) {
592 /* FIXME: we allow to remove objectClasses as well;
593 * if the resulting entry is inconsistent, that's
594 * the relayed database's business...
597 ch_free( ml->sml_values[ j ].bv_val );
598 ml->sml_values[ j ] = ml->sml_values[ last ];
600 BER_BVZERO( &ml->sml_values[ last ] );
606 ch_free( ml->sml_values[ j ].bv_val );
607 ber_dupbv( &ml->sml_values[ j ], &oc_mapping->m_dst );
612 if ( ml->sml_desc->ad_type->sat_syntax == slap_schema.si_syn_distinguishedName
613 || ( mapping != NULL && mapping->m_dst_ad->ad_type->sat_syntax == slap_schema.si_syn_distinguishedName ) )
615 rc = rwm_dnattr_rewrite( op, rs, "modifyAttrDN",
617 ml->sml_nvalues ? &ml->sml_nvalues : NULL );
619 } else if ( ml->sml_desc == slap_schema.si_ad_ref ) {
620 rc = rwm_referral_rewrite( op, rs,
623 ml->sml_nvalues ? &ml->sml_nvalues : NULL );
624 if ( rc != LDAP_SUCCESS ) {
629 if ( rc != LDAP_SUCCESS ) {
636 if ( mapping != NULL ) {
637 /* use new attribute description */
638 assert( mapping->m_dst_ad != NULL );
639 ml->sml_desc = mapping->m_dst_ad;
647 *mlp = (*mlp)->sml_next;
648 slap_mod_free( &ml->sml_mod, 0 );
652 op->o_callback = &roc->cb;
654 return SLAP_CB_CONTINUE;
658 rwm_op_modrdn( Operation *op, SlapReply *rs )
660 slap_overinst *on = (slap_overinst *) op->o_bd->bd_info;
661 struct ldaprwmap *rwmap =
662 (struct ldaprwmap *)on->on_bi.bi_private;
666 rwm_op_cb *roc = rwm_callback_get( op, rs );
668 if ( op->orr_newSup ) {
670 struct berval nnewSup = BER_BVNULL;
671 struct berval newSup = BER_BVNULL;
674 * Rewrite the new superior, if defined and required
677 dc.conn = op->o_conn;
679 dc.ctx = "newSuperiorDN";
680 newSup = *op->orr_newSup;
681 nnewSup = *op->orr_nnewSup;
682 rc = rwm_dn_massage_pretty_normalize( &dc, op->orr_newSup, &newSup, &nnewSup );
683 if ( rc != LDAP_SUCCESS ) {
684 op->o_bd->bd_info = (BackendInfo *)on->on_info;
685 send_ldap_error( op, rs, rc, "newSuperiorDN massage error" );
689 if ( op->orr_newSup->bv_val != newSup.bv_val ) {
690 op->orr_newSup = op->o_tmpalloc( sizeof( struct berval ),
692 op->orr_nnewSup = op->o_tmpalloc( sizeof( struct berval ),
694 *op->orr_newSup = newSup;
695 *op->orr_nnewSup = nnewSup;
700 * Rewrite the dn, if needed
702 rc = rwm_op_dn_massage( op, rs, "renameDN", &roc->ros );
703 if ( rc != LDAP_SUCCESS ) {
704 op->o_bd->bd_info = (BackendInfo *)on->on_info;
705 send_ldap_error( op, rs, rc, "renameDN massage error" );
706 if ( op->orr_newSup != roc->ros.orr_newSup ) {
707 ch_free( op->orr_newSup->bv_val );
708 ch_free( op->orr_nnewSup->bv_val );
709 op->o_tmpfree( op->orr_newSup, op->o_tmpmemctx );
710 op->o_tmpfree( op->orr_nnewSup, op->o_tmpmemctx );
711 op->orr_newSup = roc->ros.orr_newSup;
712 op->orr_nnewSup = roc->ros.orr_nnewSup;
717 /* TODO: rewrite newRDN, attribute types,
718 * values of DN-valued attributes ... */
720 op->o_callback = &roc->cb;
722 return SLAP_CB_CONTINUE;
727 rwm_swap_attrs( Operation *op, SlapReply *rs )
729 slap_callback *cb = op->o_callback;
730 rwm_op_state *ros = cb->sc_private;
732 rs->sr_attrs = ros->ors_attrs;
734 /* other overlays might have touched op->ors_attrs,
735 * so we restore the original version here, otherwise
736 * attribute-mapping might fail */
737 op->ors_attrs = ros->mapped_attrs;
739 return SLAP_CB_CONTINUE;
743 rwm_op_search( Operation *op, SlapReply *rs )
745 slap_overinst *on = (slap_overinst *) op->o_bd->bd_info;
746 struct ldaprwmap *rwmap =
747 (struct ldaprwmap *)on->on_bi.bi_private;
752 struct berval fstr = BER_BVNULL;
755 AttributeName *an = NULL;
759 rwm_op_cb *roc = rwm_callback_get( op, rs );
761 rc = rewrite_session_var_set( rwmap->rwm_rw, op->o_conn,
762 "searchFilter", op->ors_filterstr.bv_val );
763 if ( rc == LDAP_SUCCESS )
764 rc = rwm_op_dn_massage( op, rs, "searchDN", &roc->ros );
765 if ( rc != LDAP_SUCCESS ) {
766 text = "searchDN massage error";
771 * Rewrite the dn if needed
774 dc.conn = op->o_conn;
776 dc.ctx = "searchFilterAttrDN";
778 rc = rwm_filter_map_rewrite( op, &dc, op->ors_filter, &fstr );
779 if ( rc != LDAP_SUCCESS ) {
780 text = "searchFilter/searchFilterAttrDN massage error";
784 f = str2filter_x( op, fstr.bv_val );
787 text = "massaged filter parse error";
792 op->ors_filterstr = fstr;
794 rc = rwm_map_attrnames( &rwmap->rwm_at, &rwmap->rwm_oc,
795 op->ors_attrs, &an, RWM_MAP );
796 if ( rc != LDAP_SUCCESS ) {
797 text = "attribute list mapping error";
802 /* store the mapped Attributes for later usage, in
803 * the case that other overlays change op->ors_attrs */
804 roc->ros.mapped_attrs = an;
805 roc->cb.sc_response = rwm_swap_attrs;
807 op->o_callback = &roc->cb;
809 return SLAP_CB_CONTINUE;
817 filter_free_x( op, f );
820 if ( !BER_BVISNULL( &fstr ) ) {
821 ch_free( fstr.bv_val );
824 op->oq_search = roc->ros.oq_search;
826 op->o_bd->bd_info = (BackendInfo *)on->on_info;
827 send_ldap_error( op, rs, rc, text );
834 rwm_exop_passwd( Operation *op, SlapReply *rs )
836 slap_overinst *on = (slap_overinst *) op->o_bd->bd_info;
840 struct berval id = BER_BVNULL,
843 BerElement *ber = NULL;
845 if ( !BER_BVISNULL( &op->o_req_ndn ) ) {
849 if ( !SLAP_ISGLOBALOVERLAY( op->o_bd ) ) {
850 rs->sr_err = LDAP_OTHER;
854 rs->sr_err = slap_passwd_parse( op->ore_reqdata, &id,
855 &pwold, &pwnew, &rs->sr_text );
856 if ( rs->sr_err != LDAP_SUCCESS ) {
860 if ( !BER_BVISNULL( &id ) ) {
861 char idNul = id.bv_val[id.bv_len];
862 id.bv_val[id.bv_len] = '\0';
863 rs->sr_err = dnPrettyNormal( NULL, &id, &op->o_req_dn,
864 &op->o_req_ndn, op->o_tmpmemctx );
865 id.bv_val[id.bv_len] = idNul;
866 if ( rs->sr_err != LDAP_SUCCESS ) {
867 rs->sr_text = "Invalid DN";
872 ber_dupbv_x( &op->o_req_dn, &op->o_dn, op->o_tmpmemctx );
873 ber_dupbv_x( &op->o_req_ndn, &op->o_ndn, op->o_tmpmemctx );
876 roc = rwm_callback_get( op, rs );
878 rc = rwm_op_dn_massage( op, rs, "extendedDN", &roc->ros );
879 if ( rc != LDAP_SUCCESS ) {
880 op->o_bd->bd_info = (BackendInfo *)on->on_info;
881 send_ldap_error( op, rs, rc, "extendedDN massage error" );
885 ber = ber_alloc_t( LBER_USE_DER );
887 rs->sr_err = LDAP_OTHER;
888 rs->sr_text = "No memory";
891 ber_printf( ber, "{" );
892 if ( !BER_BVISNULL( &id )) {
893 ber_printf( ber, "tO", LDAP_TAG_EXOP_MODIFY_PASSWD_ID,
896 if ( !BER_BVISNULL( &pwold )) {
897 ber_printf( ber, "tO", LDAP_TAG_EXOP_MODIFY_PASSWD_OLD, &pwold );
899 if ( !BER_BVISNULL( &pwnew )) {
900 ber_printf( ber, "tO", LDAP_TAG_EXOP_MODIFY_PASSWD_NEW, &pwnew );
902 ber_printf( ber, "N}" );
903 ber_flatten( ber, &op->ore_reqdata );
906 op->o_callback = &roc->cb;
908 return SLAP_CB_CONTINUE;
913 BI_op_extended *extended;
915 { BER_BVC(LDAP_EXOP_MODIFY_PASSWD), rwm_exop_passwd },
920 rwm_extended( Operation *op, SlapReply *rs )
922 slap_overinst *on = (slap_overinst *) op->o_bd->bd_info;
928 for ( i = 0; exop_table[i].extended != NULL; i++ ) {
929 if ( bvmatch( &exop_table[i].oid, &op->oq_extended.rs_reqoid ) )
931 rc = exop_table[i].extended( op, rs );
936 case SLAP_CB_CONTINUE:
941 send_ldap_result( op, rs );
948 roc = rwm_callback_get( op, rs );
950 rc = rwm_op_dn_massage( op, rs, "extendedDN", &roc->ros );
951 if ( rc != LDAP_SUCCESS ) {
952 op->o_bd->bd_info = (BackendInfo *)on->on_info;
953 send_ldap_error( op, rs, rc, "extendedDN massage error" );
957 /* TODO: rewrite/map extended data ? ... */
958 op->o_callback = &roc->cb;
960 return SLAP_CB_CONTINUE;
964 rwm_matched( Operation *op, SlapReply *rs )
966 slap_overinst *on = (slap_overinst *) op->o_bd->bd_info;
967 struct ldaprwmap *rwmap =
968 (struct ldaprwmap *)on->on_bi.bi_private;
970 struct berval dn, mdn;
974 if ( rs->sr_matched == NULL ) {
975 return SLAP_CB_CONTINUE;
979 dc.conn = op->o_conn;
981 dc.ctx = "matchedDN";
982 ber_str2bv( rs->sr_matched, 0, 0, &dn );
984 rc = rwm_dn_massage_pretty( &dc, &dn, &mdn );
985 if ( rc != LDAP_SUCCESS ) {
987 rs->sr_text = "Rewrite error";
991 if ( mdn.bv_val != dn.bv_val ) {
992 if ( rs->sr_flags & REP_MATCHED_MUSTBEFREED ) {
993 ch_free( (void *)rs->sr_matched );
996 rs->sr_flags |= REP_MATCHED_MUSTBEFREED;
998 rs->sr_matched = mdn.bv_val;
1001 return SLAP_CB_CONTINUE;
1005 rwm_attrs( Operation *op, SlapReply *rs, Attribute** a_first, int stripEntryDN )
1007 slap_overinst *on = (slap_overinst *) op->o_bd->bd_info;
1008 struct ldaprwmap *rwmap =
1009 (struct ldaprwmap *)on->on_bi.bi_private;
1015 int check_duplicate_attrs = 0;
1018 * Rewrite the dn attrs, if needed
1021 dc.conn = op->o_conn;
1024 /* FIXME: the entries are in the remote mapping form;
1025 * so we need to select those attributes we are willing
1026 * to return, and remap them accordingly */
1028 /* FIXME: in principle, one could map an attribute
1029 * on top of another, which already exists.
1030 * As such, in the end there might exist more than
1031 * one instance of an attribute.
1032 * We should at least check if this occurs, and issue
1033 * an error (because multiple instances of attrs in
1034 * response are not valid), or merge the values (what
1035 * about duplicate values?) */
1036 isupdate = be_shadow_update( op );
1037 for ( ap = a_first; *ap; ) {
1038 struct ldapmapping *mapping = NULL;
1043 if ( SLAP_OPATTRS( rs->sr_attr_flags ) && is_at_operational( (*ap)->a_desc->ad_type ) )
1048 if ( op->ors_attrs != NULL &&
1049 !SLAP_USERATTRS( rs->sr_attr_flags ) &&
1050 !ad_inlist( (*ap)->a_desc, op->ors_attrs ) )
1055 drop_missing = rwm_mapping( &rwmap->rwm_at,
1056 &(*ap)->a_desc->ad_cname, &mapping, RWM_REMAP );
1057 if ( drop_missing || ( mapping != NULL && BER_BVISEMPTY( &mapping->m_dst ) ) )
1061 if ( mapping != NULL ) {
1062 assert( mapping->m_dst_ad != NULL );
1064 /* try to normalize mapped Attributes if the original
1065 * AttributeType was not normalized */
1066 if ( (!(*ap)->a_desc->ad_type->sat_equality ||
1067 !(*ap)->a_desc->ad_type->sat_equality->smr_normalize) &&
1068 mapping->m_dst_ad->ad_type->sat_equality &&
1069 mapping->m_dst_ad->ad_type->sat_equality->smr_normalize )
1071 if ((rwmap->rwm_flags & RWM_F_NORMALIZE_MAPPED_ATTRS))
1075 last = (*ap)->a_numvals;
1078 (*ap)->a_nvals = ch_malloc( (last+1) * sizeof(struct berval) );
1080 for ( i = 0; !BER_BVISNULL( &(*ap)->a_vals[i]); i++ ) {
1083 * check that each value is valid per syntax
1084 * and pretty if appropriate
1086 rc = mapping->m_dst_ad->ad_type->sat_equality->smr_normalize(
1087 SLAP_MR_VALUE_OF_ATTRIBUTE_SYNTAX,
1088 mapping->m_dst_ad->ad_type->sat_syntax,
1089 mapping->m_dst_ad->ad_type->sat_equality,
1090 &(*ap)->a_vals[i], &(*ap)->a_nvals[i],
1093 if ( rc != LDAP_SUCCESS ) {
1094 BER_BVZERO( &(*ap)->a_nvals[i] );
1097 BER_BVZERO( &(*ap)->a_nvals[i] );
1101 assert( (*ap)->a_nvals == (*ap)->a_vals );
1102 (*ap)->a_nvals = NULL;
1103 ber_bvarray_dup_x( &(*ap)->a_nvals, (*ap)->a_vals, NULL );
1107 /* rewrite the attribute description */
1108 (*ap)->a_desc = mapping->m_dst_ad;
1110 /* will need to check for duplicate attrs */
1111 check_duplicate_attrs++;
1115 if ( (*ap)->a_desc == slap_schema.si_ad_entryDN ) {
1116 if ( stripEntryDN ) {
1117 /* will be generated by frontend */
1121 } else if ( !isupdate
1123 && (*ap)->a_desc->ad_type->sat_no_user_mod
1124 && (*ap)->a_desc->ad_type != slap_schema.si_at_undefined )
1129 if ( last == -1 ) { /* not yet counted */
1130 last = (*ap)->a_numvals;
1134 /* empty? leave it in place because of attrsonly and vlv */
1139 if ( (*ap)->a_desc == slap_schema.si_ad_objectClass
1140 || (*ap)->a_desc == slap_schema.si_ad_structuralObjectClass )
1144 for ( bv = (*ap)->a_vals; !BER_BVISNULL( bv ); bv++ ) {
1145 struct berval mapped;
1147 rwm_map( &rwmap->rwm_oc, &bv[0], &mapped, RWM_REMAP );
1148 if ( BER_BVISNULL( &mapped ) || BER_BVISEMPTY( &mapped ) ) {
1150 ch_free( bv[0].bv_val );
1151 BER_BVZERO( &bv[0] );
1152 if ( &(*ap)->a_vals[last] > &bv[0] ) {
1153 bv[0] = (*ap)->a_vals[last];
1154 BER_BVZERO( &(*ap)->a_vals[last] );
1159 } else if ( mapped.bv_val != bv[0].bv_val ) {
1162 for ( i = 0; !BER_BVISNULL( &(*ap)->a_vals[ i ] ); i++ ) {
1163 if ( &(*ap)->a_vals[ i ] == bv ) {
1167 if ( ber_bvstrcasecmp( &mapped, &(*ap)->a_vals[ i ] ) == 0 ) {
1172 if ( !BER_BVISNULL( &(*ap)->a_vals[ i ] ) ) {
1177 * FIXME: after LBER_FREEing
1178 * the value is replaced by
1179 * ch_alloc'ed memory
1181 ber_bvreplace( &bv[0], &mapped );
1183 /* FIXME: will need to check
1184 * if the structuralObjectClass
1190 * It is necessary to try to rewrite attributes with
1191 * dn syntax because they might be used in ACLs as
1192 * members of groups; since ACLs are applied to the
1193 * rewritten stuff, no dn-based subject clause could
1194 * be used at the ldap backend side (see
1195 * http://www.OpenLDAP.org/faq/data/cache/452.html)
1196 * The problem can be overcome by moving the dn-based
1197 * ACLs to the target directory server, and letting
1198 * everything pass thru the ldap backend. */
1199 /* FIXME: handle distinguishedName-like syntaxes, like
1200 * nameAndOptionalUID */
1201 } else if ( (*ap)->a_desc->ad_type->sat_syntax == slap_schema.si_syn_distinguishedName
1202 || ( mapping != NULL && mapping->m_src_ad->ad_type->sat_syntax == slap_schema.si_syn_distinguishedName ) )
1204 dc.ctx = "searchAttrDN";
1205 rc = rwm_dnattr_result_rewrite( &dc, (*ap)->a_vals );
1206 if ( rc != LDAP_SUCCESS ) {
1210 } else if ( (*ap)->a_desc == slap_schema.si_ad_ref ) {
1211 dc.ctx = "searchAttrDN";
1212 rc = rwm_referral_result_rewrite( &dc, (*ap)->a_vals );
1213 if ( rc != LDAP_SUCCESS ) {
1220 ap = &(*ap)->a_next;
1225 *ap = (*ap)->a_next;
1230 /* only check if some mapping occurred */
1231 if ( check_duplicate_attrs ) {
1232 for ( ap = a_first; *ap != NULL; ap = &(*ap)->a_next ) {
1235 for ( tap = &(*ap)->a_next; *tap != NULL; ) {
1236 if ( (*tap)->a_desc == (*ap)->a_desc ) {
1238 Modification mod = { 0 };
1239 const char *text = NULL;
1240 char textbuf[ SLAP_TEXT_BUFLEN ];
1241 Attribute *next = (*tap)->a_next;
1243 BER_BVSTR( &e.e_name, "" );
1244 BER_BVSTR( &e.e_nname, "" );
1246 mod.sm_op = LDAP_MOD_ADD;
1247 mod.sm_desc = (*ap)->a_desc;
1248 mod.sm_type = mod.sm_desc->ad_cname;
1249 mod.sm_numvals = (*tap)->a_numvals;
1250 mod.sm_values = (*tap)->a_vals;
1251 if ( (*tap)->a_nvals != (*tap)->a_vals ) {
1252 mod.sm_nvalues = (*tap)->a_nvals;
1255 (void)modify_add_values( &e, &mod,
1257 &text, textbuf, sizeof( textbuf ) );
1259 /* should not insert new attrs! */
1260 assert( e.e_attrs == *ap );
1266 tap = &(*tap)->a_next;
1276 rwm_send_entry( Operation *op, SlapReply *rs )
1278 slap_overinst *on = (slap_overinst *) op->o_bd->bd_info;
1279 struct ldaprwmap *rwmap =
1280 (struct ldaprwmap *)on->on_bi.bi_private;
1284 struct berval dn = BER_BVNULL,
1289 assert( rs->sr_entry != NULL );
1292 * Rewrite the dn of the result, if needed
1295 dc.conn = op->o_conn;
1297 dc.ctx = "searchEntryDN";
1300 flags = rs->sr_flags;
1301 if ( !( rs->sr_flags & REP_ENTRY_MODIFIABLE ) ) {
1302 /* FIXME: all we need to duplicate are:
1305 * - attributes that are requested
1306 * - no values if attrsonly is set
1311 rc = LDAP_NO_MEMORY;
1315 flags &= ~REP_ENTRY_MUSTRELEASE;
1316 flags |= ( REP_ENTRY_MODIFIABLE | REP_ENTRY_MUSTBEFREED );
1320 * Note: this may fail if the target host(s) schema differs
1321 * from the one known to the meta, and a DN with unknown
1322 * attributes is returned.
1326 rc = rwm_dn_massage_pretty_normalize( &dc, &e->e_name, &dn, &ndn );
1327 if ( rc != LDAP_SUCCESS ) {
1332 if ( e->e_name.bv_val != dn.bv_val ) {
1333 ch_free( e->e_name.bv_val );
1334 ch_free( e->e_nname.bv_val );
1340 /* TODO: map entry attribute types, objectclasses
1341 * and dn-valued attribute values */
1343 /* FIXME: the entries are in the remote mapping form;
1344 * so we need to select those attributes we are willing
1345 * to return, and remap them accordingly */
1346 (void)rwm_attrs( op, rs, &e->e_attrs, 1 );
1348 if ( rs->sr_flags & REP_ENTRY_MUSTRELEASE ) {
1349 be_entry_release_rw( op, rs->sr_entry, 0 );
1353 rs->sr_flags = flags;
1355 return SLAP_CB_CONTINUE;
1358 if ( e != NULL && e != rs->sr_entry ) {
1359 if ( e->e_name.bv_val == dn.bv_val ) {
1360 BER_BVZERO( &e->e_name );
1363 if ( e->e_nname.bv_val == ndn.bv_val ) {
1364 BER_BVZERO( &e->e_nname );
1370 if ( !BER_BVISNULL( &dn ) ) {
1371 ch_free( dn.bv_val );
1374 if ( !BER_BVISNULL( &ndn ) ) {
1375 ch_free( ndn.bv_val );
1382 rwm_operational( Operation *op, SlapReply *rs )
1384 /* FIXME: the entries are in the remote mapping form;
1385 * so we need to select those attributes we are willing
1386 * to return, and remap them accordingly */
1387 if ( rs->sr_operational_attrs ) {
1388 rwm_attrs( op, rs, &rs->sr_operational_attrs, 1 );
1391 return SLAP_CB_CONTINUE;
1395 /* don't use this; it cannot be reverted, and leaves op->o_req_dn
1396 * rewritten for subsequent operations; fine for plain suffixmassage,
1397 * but destroys everything else */
1399 rwm_chk_referrals( Operation *op, SlapReply *rs )
1401 slap_overinst *on = (slap_overinst *) op->o_bd->bd_info;
1404 rc = rwm_op_dn_massage( op, rs, "referralCheckDN" );
1405 if ( rc != LDAP_SUCCESS ) {
1406 op->o_bd->bd_info = (BackendInfo *)on->on_info;
1407 send_ldap_error( op, rs, rc, "referralCheckDN massage error" );
1411 return SLAP_CB_CONTINUE;
1423 slap_overinst *on = (slap_overinst *) be->bd_info;
1424 struct ldaprwmap *rwmap =
1425 (struct ldaprwmap *)on->on_bi.bi_private;
1427 return rewrite_parse( rwmap->rwm_rw,
1428 fname, lineno, argc, argv );
1434 rwm_suffixmassage_config(
1441 slap_overinst *on = (slap_overinst *) be->bd_info;
1442 struct ldaprwmap *rwmap =
1443 (struct ldaprwmap *)on->on_bi.bi_private;
1445 struct berval bvnc, nvnc, pvnc, brnc, nrnc, prnc;
1452 * suffixmassage [<suffix>] <massaged suffix>
1454 * the [<suffix>] field must be defined as a valid suffix
1455 * for the current database;
1456 * the <massaged suffix> shouldn't have already been
1457 * defined as a valid suffix for the current server
1460 if ( be->be_suffix == NULL ) {
1461 fprintf( stderr, "%s: line %d: "
1462 " \"suffixMassage [<suffix>]"
1463 " <massaged suffix>\" without "
1464 "<suffix> part requires database "
1465 "suffix be defined first.\n",
1469 bvnc = be->be_suffix[ 0 ];
1472 } else if ( argc == 3 ) {
1473 ber_str2bv( argv[ 1 ], 0, 0, &bvnc );
1477 fprintf( stderr, "%s: line %d: syntax is"
1478 " \"suffixMassage [<suffix>]"
1479 " <massaged suffix>\"\n",
1484 if ( dnPrettyNormal( NULL, &bvnc, &pvnc, &nvnc, NULL ) != LDAP_SUCCESS ) {
1485 fprintf( stderr, "%s: line %d: suffix DN %s is invalid\n",
1486 fname, lineno, bvnc.bv_val );
1490 ber_str2bv( argv[ massaged ], 0, 0, &brnc );
1491 if ( dnPrettyNormal( NULL, &brnc, &prnc, &nrnc, NULL ) != LDAP_SUCCESS ) {
1492 fprintf( stderr, "%s: line %d: suffix DN %s is invalid\n",
1493 fname, lineno, brnc.bv_val );
1494 free( nvnc.bv_val );
1495 free( pvnc.bv_val );
1500 * The suffix massaging is emulated
1501 * by means of the rewrite capabilities
1503 rc = rwm_suffix_massage_config( rwmap->rwm_rw,
1504 &pvnc, &nvnc, &prnc, &nrnc );
1505 free( nvnc.bv_val );
1506 free( pvnc.bv_val );
1507 free( nrnc.bv_val );
1508 free( prnc.bv_val );
1521 slap_overinst *on = (slap_overinst *) be->bd_info;
1522 struct ldaprwmap *rwmap =
1523 (struct ldaprwmap *)on->on_bi.bi_private;
1525 /* objectclass/attribute mapping */
1526 return rwm_map_config( &rwmap->rwm_oc,
1528 fname, lineno, argc, argv );
1532 rwm_response( Operation *op, SlapReply *rs )
1534 slap_overinst *on = (slap_overinst *)op->o_bd->bd_info;
1535 struct ldaprwmap *rwmap =
1536 (struct ldaprwmap *)on->on_bi.bi_private;
1540 if ( op->o_tag == LDAP_REQ_SEARCH && rs->sr_type == REP_SEARCH ) {
1541 return rwm_send_entry( op, rs );
1544 switch( op->o_tag ) {
1545 case LDAP_REQ_SEARCH:
1548 case LDAP_REQ_DELETE:
1549 case LDAP_REQ_MODRDN:
1550 case LDAP_REQ_MODIFY:
1551 case LDAP_REQ_COMPARE:
1552 case LDAP_REQ_EXTENDED:
1557 * Rewrite the dn of the referrals, if needed
1560 dc.conn = op->o_conn;
1562 dc.ctx = "referralDN";
1563 rc = rwm_referral_result_rewrite( &dc, rs->sr_ref );
1564 if ( rc != LDAP_SUCCESS ) {
1569 rc = rwm_matched( op, rs );
1573 rc = SLAP_CB_CONTINUE;
1588 slap_overinst *on = (slap_overinst *) be->bd_info;
1589 struct ldaprwmap *rwmap =
1590 (struct ldaprwmap *)on->on_bi.bi_private;
1595 if ( strncasecmp( argv[ 0 ], "rwm-", STRLENOF( "rwm-" ) ) == 0 ) {
1597 argv[ 0 ] = &argv0[ STRLENOF( "rwm-" ) ];
1600 if ( strncasecmp( argv[0], "rewrite", STRLENOF("rewrite") ) == 0 ) {
1601 rc = rwm_rw_config( be, fname, lineno, argc, argv );
1603 } else if ( strcasecmp( argv[0], "map" ) == 0 ) {
1604 rc = rwm_m_config( be, fname, lineno, argc, argv );
1606 } else if ( strcasecmp( argv[0], "suffixmassage" ) == 0 ) {
1607 rc = rwm_suffixmassage_config( be, fname, lineno, argc, argv );
1609 } else if ( strcasecmp( argv[0], "t-f-support" ) == 0 ) {
1612 "%s: line %d: \"t-f-support {no|yes|discover}\" needs 1 argument.\n",
1617 if ( strcasecmp( argv[ 1 ], "no" ) == 0 ) {
1618 rwmap->rwm_flags &= ~(RWM_F_SUPPORT_T_F_MASK2);
1620 } else if ( strcasecmp( argv[ 1 ], "yes" ) == 0 ) {
1621 rwmap->rwm_flags |= RWM_F_SUPPORT_T_F;
1623 /* TODO: not implemented yet */
1624 } else if ( strcasecmp( argv[ 1 ], "discover" ) == 0 ) {
1626 "%s: line %d: \"discover\" not supported yet "
1627 "in \"t-f-support {no|yes|discover}\".\n",
1631 rwmap->rwm_flags |= RWM_F_SUPPORT_T_F_DISCOVER;
1636 "%s: line %d: unknown value \"%s\" for \"t-f-support {no|yes|discover}\".\n",
1637 fname, lineno, argv[ 1 ] );
1641 } else if ( strcasecmp( argv[0], "normalize-mapped-attrs" ) == 0 ) {
1644 "%s: line %d: \"normalize-mapped-attrs {no|yes}\" needs 1 argument.\n",
1649 if ( strcasecmp( argv[ 1 ], "no" ) == 0 ) {
1650 rwmap->rwm_flags &= ~(RWM_F_NORMALIZE_MAPPED_ATTRS);
1652 } else if ( strcasecmp( argv[ 1 ], "yes" ) == 0 ) {
1653 rwmap->rwm_flags |= RWM_F_NORMALIZE_MAPPED_ATTRS;
1657 rc = SLAP_CONF_UNKNOWN;
1668 * dynamic configuration...
1674 RWM_CF_SUFFIXMASSAGE,
1679 RWM_CF_NORMALIZE_MAPPED,
1684 static slap_verbmasks t_f_mode[] = {
1685 { BER_BVC( "yes" ), RWM_F_SUPPORT_T_F },
1686 { BER_BVC( "discover" ), RWM_F_SUPPORT_T_F_DISCOVER },
1687 { BER_BVC( "no" ), RWM_F_NONE },
1691 static ConfigDriver rwm_cf_gen;
1693 static ConfigTable rwmcfg[] = {
1694 { "rwm-rewrite", "rewrite",
1695 2, 0, STRLENOF("rwm-rewrite"),
1696 ARG_MAGIC|ARG_QUOTE|RWM_CF_REWRITE, rwm_cf_gen,
1697 "( OLcfgOvAt:16.1 NAME 'olcRwmRewrite' "
1698 "DESC 'Rewrites strings' "
1699 "EQUALITY caseIgnoreMatch "
1700 "SYNTAX OMsDirectoryString "
1701 "X-ORDERED 'VALUES' )",
1704 { "rwm-suffixmassage", "[virtual]> <real",
1705 2, 3, 0, ARG_MAGIC|RWM_CF_SUFFIXMASSAGE, rwm_cf_gen,
1708 { "rwm-t-f-support", "true|false|discover",
1709 2, 2, 0, ARG_MAGIC|RWM_CF_T_F_SUPPORT, rwm_cf_gen,
1710 "( OLcfgOvAt:16.2 NAME 'olcRwmTFSupport' "
1711 "DESC 'Absolute filters support' "
1712 "SYNTAX OMsDirectoryString "
1716 { "rwm-map", "{objectClass|attribute}",
1717 2, 4, 0, ARG_MAGIC|RWM_CF_MAP, rwm_cf_gen,
1718 "( OLcfgOvAt:16.3 NAME 'olcRwmMap' "
1719 "DESC 'maps attributes/objectClasses' "
1720 "SYNTAX OMsDirectoryString "
1721 "X-ORDERED 'VALUES' )",
1724 { "rwm-normalize-mapped-attrs", "true|false",
1725 2, 2, 0, ARG_MAGIC|ARG_ON_OFF|RWM_CF_NORMALIZE_MAPPED, rwm_cf_gen,
1726 "( OLcfgOvAt:16.4 NAME 'olcRwmNormalizeMapped' "
1727 "DESC 'Normalize mapped attributes/objectClasses' "
1728 "SYNTAX OMsBoolean "
1732 { NULL, NULL, 0, 0, 0, ARG_IGNORED }
1735 static ConfigOCs rwmocs[] = {
1736 { "( OLcfgOvOc:16.1 "
1737 "NAME 'olcRwmConfig' "
1738 "DESC 'Rewrite/remap configuration' "
1739 "SUP olcOverlayConfig "
1742 "olcRwmTFSupport $ "
1744 "olcRwmNormalizeMapped "
1746 Cft_Overlay, rwmcfg, NULL, NULL },
1751 slap_rewrite_unparse( BerVarray in, BerVarray *out )
1754 BerVarray bva = NULL;
1755 char ibuf[32], *ptr;
1758 assert( in != NULL );
1760 for ( i = 0; !BER_BVISNULL( &in[i] ); i++ )
1769 bva = ch_malloc( ( i + 1 ) * sizeof(struct berval) );
1770 BER_BVZERO( &bva[ 0 ] );
1772 for ( i = 0; !BER_BVISNULL( &in[i] ); i++ ) {
1773 idx.bv_len = snprintf( idx.bv_val, sizeof( ibuf ), "{%d}", i );
1774 if ( idx.bv_len >= sizeof( ibuf ) ) {
1775 ber_bvarray_free( bva );
1779 bva[i].bv_len = idx.bv_len + in[i].bv_len;
1780 bva[i].bv_val = ch_malloc( bva[i].bv_len + 1 );
1781 ptr = lutil_strcopy( bva[i].bv_val, ibuf );
1782 ptr = lutil_strcopy( ptr, in[i].bv_val );
1784 BER_BVZERO( &bva[ i + 1 ] );
1791 rwm_cf_gen( ConfigArgs *c )
1793 slap_overinst *on = (slap_overinst *)c->bi;
1794 struct ldaprwmap *rwmap =
1795 (struct ldaprwmap *)on->on_bi.bi_private;
1804 if ( c->op == SLAP_CONFIG_EMIT ) {
1805 struct berval bv = BER_BVNULL;
1807 switch ( c->type ) {
1808 case RWM_CF_REWRITE:
1809 if ( rwmap->rwm_bva_rewrite == NULL ) {
1813 slap_rewrite_unparse( rwmap->rwm_bva_rewrite, &c->rvalue_vals );
1814 if ( !c->rvalue_vals ) {
1820 case RWM_CF_T_F_SUPPORT:
1821 enum_to_verb( t_f_mode, (rwmap->rwm_flags & RWM_F_SUPPORT_T_F_MASK2), &bv );
1822 if ( BER_BVISNULL( &bv ) ) {
1823 /* there's something wrong... */
1828 value_add_one( &c->rvalue_vals, &bv );
1833 if ( rwmap->rwm_bva_map == NULL ) {
1837 value_add( &c->rvalue_vals, rwmap->rwm_bva_map );
1841 case RWM_CF_NORMALIZE_MAPPED:
1842 c->value_int = ( rwmap->rwm_flags & RWM_F_NORMALIZE_MAPPED_ATTRS );
1852 } else if ( c->op == LDAP_MOD_DELETE ) {
1853 switch ( c->type ) {
1854 case RWM_CF_REWRITE:
1855 if ( c->valx >= 0 ) {
1856 /* single modification is not allowed */
1859 } else if ( rwmap->rwm_rw != NULL ) {
1860 rewrite_info_delete( &rwmap->rwm_rw );
1861 assert( rwmap->rwm_rw == NULL );
1863 ber_bvarray_free( rwmap->rwm_bva_rewrite );
1864 rwmap->rwm_bva_rewrite = NULL;
1868 case RWM_CF_T_F_SUPPORT:
1869 rwmap->rwm_flags &= ~RWM_F_SUPPORT_T_F_MASK2;
1873 if ( c->valx >= 0 ) {
1874 /* single modification is not allowed */
1878 avl_free( rwmap->rwm_oc.remap, rwm_mapping_dst_free );
1879 avl_free( rwmap->rwm_oc.map, rwm_mapping_free );
1880 avl_free( rwmap->rwm_at.remap, rwm_mapping_dst_free );
1881 avl_free( rwmap->rwm_at.map, rwm_mapping_free );
1883 rwmap->rwm_oc.remap = NULL;
1884 rwmap->rwm_oc.map = NULL;
1885 rwmap->rwm_at.remap = NULL;
1886 rwmap->rwm_at.map = NULL;
1888 ber_bvarray_free( rwmap->rwm_bva_map );
1889 rwmap->rwm_bva_map = NULL;
1893 case RWM_CF_NORMALIZE_MAPPED:
1894 rwmap->rwm_flags &= ~RWM_F_NORMALIZE_MAPPED_ATTRS;
1903 switch ( c->type ) {
1904 case RWM_CF_REWRITE:
1905 argv0 = c->argv[ 0 ];
1906 c->argv[ 0 ] += STRLENOF( "rwm-" );
1907 rc = rwm_rw_config( &db, c->fname, c->lineno, c->argc, c->argv );
1908 c->argv[ 0 ] = argv0;
1916 line = ldap_charray2str( c->argv, "\" \"" );
1917 if ( line != NULL ) {
1918 int len = strlen( c->argv[ 0 ] );
1920 ber_str2bv( line, 0, 0, &bv );
1921 AC_MEMCPY( &bv.bv_val[ len ], &bv.bv_val[ len + 1 ],
1922 bv.bv_len - ( len + 1 ) );
1923 bv.bv_val[ bv.bv_len - 1 ] = '"';
1924 ber_bvarray_add( &rwmap->rwm_bva_rewrite, &bv );
1929 case RWM_CF_SUFFIXMASSAGE:
1930 argv0 = c->argv[ 0 ];
1931 c->argv[ 0 ] += STRLENOF( "rwm-" );
1932 rc = rwm_suffixmassage_config( &db, c->fname, c->lineno, c->argc, c->argv );
1933 c->argv[ 0 ] = argv0;
1941 /* FIXME: not optimal; in fact, this keeps track
1942 * of the fact that a set of rules was added
1943 * using the rwm-suffixmassage shortcut, but the
1944 * rules are not clarified */
1946 line = ldap_charray2str( c->argv, "\" \"" );
1947 if ( line != NULL ) {
1948 int len = strlen( c->argv[ 0 ] );
1950 ber_str2bv( line, 0, 0, &bv );
1951 AC_MEMCPY( &bv.bv_val[ len ], &bv.bv_val[ len + 1 ],
1952 bv.bv_len - ( len + 1 ) );
1953 bv.bv_val[ bv.bv_len - 1 ] = '"';
1954 ber_bvarray_add( &rwmap->rwm_bva_rewrite, &bv );
1959 case RWM_CF_T_F_SUPPORT:
1960 rc = verb_to_mask( c->argv[ 1 ], t_f_mode );
1961 if ( BER_BVISNULL( &t_f_mode[ rc ].word ) ) {
1965 rwmap->rwm_flags &= ~RWM_F_SUPPORT_T_F_MASK2;
1966 rwmap->rwm_flags |= t_f_mode[ rc ].mask;
1971 argv0 = c->argv[ 0 ];
1972 c->argv[ 0 ] += STRLENOF( "rwm-" );
1973 rc = rwm_m_config( &db, c->fname, c->lineno, c->argc, c->argv );
1974 c->argv[ 0 ] = argv0;
1982 line = ldap_charray2str( &c->argv[ 1 ], " " );
1983 if ( line != NULL ) {
1984 ber_str2bv( line, 0, 0, &bv );
1985 ber_bvarray_add( &rwmap->rwm_bva_map, &bv );
1990 case RWM_CF_NORMALIZE_MAPPED:
1991 if ( c->value_int ) {
1992 rwmap->rwm_flags |= RWM_F_NORMALIZE_MAPPED_ATTRS;
1994 rwmap->rwm_flags &= ~RWM_F_NORMALIZE_MAPPED_ATTRS;
2011 slap_overinst *on = (slap_overinst *) be->bd_info;
2012 struct ldaprwmap *rwmap;
2016 rwmap = (struct ldaprwmap *)ch_calloc( 1, sizeof( struct ldaprwmap ) );
2018 rwmap->rwm_rw = rewrite_info_init( REWRITE_MODE_USE_DEFAULT );
2019 if ( rwmap->rwm_rw == NULL ) {
2024 /* this rewriteContext by default must be null;
2025 * rules can be added if required */
2026 rargv[ 0 ] = "rewriteContext";
2027 rargv[ 1 ] = "searchFilter";
2029 rewrite_parse( rwmap->rwm_rw, "<suffix massage>", 1, 2, rargv );
2031 rargv[ 0 ] = "rewriteContext";
2032 rargv[ 1 ] = "default";
2034 rewrite_parse( rwmap->rwm_rw, "<suffix massage>", 2, 2, rargv );
2037 on->on_bi.bi_private = (void *)rwmap;
2040 (void)rwm_db_destroy( be, NULL );
2051 slap_overinst *on = (slap_overinst *) be->bd_info;
2054 if ( on->on_bi.bi_private ) {
2055 struct ldaprwmap *rwmap =
2056 (struct ldaprwmap *)on->on_bi.bi_private;
2058 if ( rwmap->rwm_rw ) {
2059 rewrite_info_delete( &rwmap->rwm_rw );
2060 ber_bvarray_free( rwmap->rwm_bva_rewrite );
2063 avl_free( rwmap->rwm_oc.remap, rwm_mapping_dst_free );
2064 avl_free( rwmap->rwm_oc.map, rwm_mapping_free );
2065 avl_free( rwmap->rwm_at.remap, rwm_mapping_dst_free );
2066 avl_free( rwmap->rwm_at.map, rwm_mapping_free );
2067 ber_bvarray_free( rwmap->rwm_bva_map );
2075 static slap_overinst rwm = { { NULL } };
2077 #if SLAPD_OVER_RWM == SLAPD_MOD_DYNAMIC
2079 #endif /* SLAPD_OVER_RWM == SLAPD_MOD_DYNAMIC */
2081 rwm_initialize( void )
2085 /* Make sure we don't exceed the bits reserved for userland */
2086 config_check_userland( RWM_CF_LAST );
2088 memset( &rwm, 0, sizeof( slap_overinst ) );
2090 rwm.on_bi.bi_type = "rwm";
2091 rwm.on_bi.bi_flags =
2092 SLAPO_BFLAG_SINGLE |
2095 rwm.on_bi.bi_db_init = rwm_db_init;
2096 rwm.on_bi.bi_db_config = rwm_db_config;
2097 rwm.on_bi.bi_db_destroy = rwm_db_destroy;
2099 rwm.on_bi.bi_op_bind = rwm_op_bind;
2100 rwm.on_bi.bi_op_search = rwm_op_search;
2101 rwm.on_bi.bi_op_compare = rwm_op_compare;
2102 rwm.on_bi.bi_op_modify = rwm_op_modify;
2103 rwm.on_bi.bi_op_modrdn = rwm_op_modrdn;
2104 rwm.on_bi.bi_op_add = rwm_op_add;
2105 rwm.on_bi.bi_op_delete = rwm_op_delete;
2106 rwm.on_bi.bi_op_unbind = rwm_op_unbind;
2107 rwm.on_bi.bi_extended = rwm_extended;
2109 rwm.on_bi.bi_operational = rwm_operational;
2110 rwm.on_bi.bi_chk_referrals = 0 /* rwm_chk_referrals */ ;
2112 rwm.on_bi.bi_connection_init = rwm_conn_init;
2113 rwm.on_bi.bi_connection_destroy = rwm_conn_destroy;
2115 rwm.on_response = rwm_response;
2117 rwm.on_bi.bi_cf_ocs = rwmocs;
2119 rc = config_register_schema( rwmcfg, rwmocs );
2124 return overlay_register( &rwm );
2127 #if SLAPD_OVER_RWM == SLAPD_MOD_DYNAMIC
2129 init_module( int argc, char *argv[] )
2131 return rwm_initialize();
2133 #endif /* SLAPD_OVER_RWM == SLAPD_MOD_DYNAMIC */
2135 #endif /* SLAPD_OVER_RWM */
projects / openldap / blob