]> git.sur5r.net Git - openldap/blob - servers/slapd/overlays/rwm.c
Sync with HEAD in prep for 2.3.3beta
[openldap] / servers / slapd / overlays / rwm.c
1 /* rwm.c - rewrite/remap operations */
2 /* $OpenLDAP$ */
3 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
4  *
5  * Copyright 2003-2005 The OpenLDAP Foundation.
6  * Portions Copyright 2003 Pierangelo Masarati.
7  * All rights reserved.
8  *
9  * Redistribution and use in source and binary forms, with or without
10  * modification, are permitted only as authorized by the OpenLDAP
11  * Public License.
12  *
13  * A copy of this license is available in the file LICENSE in the
14  * top-level directory of the distribution or, alternatively, at
15  * <http://www.OpenLDAP.org/license.html>.
16  */
17
18 #include "portable.h"
19
20 #ifdef SLAPD_OVER_RWM
21
22 #include <stdio.h>
23
24 #include <ac/string.h>
25
26 #include "slap.h"
27 #include "rwm.h"
28
29 static int
30 rwm_op_dn_massage( Operation *op, SlapReply *rs, void *cookie )
31 {
32         slap_overinst           *on = (slap_overinst *) op->o_bd->bd_info;
33         struct ldaprwmap        *rwmap = 
34                         (struct ldaprwmap *)on->on_bi.bi_private;
35
36         struct berval           dn = BER_BVNULL,
37                                 ndn = BER_BVNULL;
38         int                     rc = 0;
39         dncookie                dc;
40
41         /*
42          * Rewrite the dn if needed
43          */
44         dc.rwmap = rwmap;
45 #ifdef ENABLE_REWRITE
46         dc.conn = op->o_conn;
47         dc.rs = rs;
48         dc.ctx = (char *)cookie;
49 #else /* ! ENABLE_REWRITE */
50         dc.tofrom = ((int *)cookie)[0];
51         dc.normalized = 0;
52 #endif /* ! ENABLE_REWRITE */
53
54         /* NOTE: in those cases where only the ndn is available,
55          * and the caller sets op->o_req_dn = op->o_req_ndn,
56          * only rewrite the op->o_req_ndn and use it as 
57          * op->o_req_dn as well */
58         ndn = op->o_req_ndn;
59         if ( op->o_req_dn.bv_val != op->o_req_ndn.bv_val ) {
60                 dn = op->o_req_dn;
61                 rc = rwm_dn_massage_pretty_normalize( &dc, &op->o_req_dn, &dn, &ndn );
62         } else {
63                 rc = rwm_dn_massage_normalize( &dc, &op->o_req_ndn, &ndn );
64         }
65
66         if ( rc != LDAP_SUCCESS ) {
67                 return rc;
68         }
69
70         if ( ( op->o_req_dn.bv_val != op->o_req_ndn.bv_val && dn.bv_val == op->o_req_dn.bv_val )
71                         || ndn.bv_val == op->o_req_ndn.bv_val )
72         {
73                 return LDAP_SUCCESS;
74         }
75
76         if ( op->o_req_dn.bv_val != op->o_req_ndn.bv_val ) {
77                 op->o_tmpfree( op->o_req_dn.bv_val, op->o_tmpmemctx );
78                 op->o_req_dn = dn;
79         } else {
80                 op->o_req_dn = ndn;
81         }
82         op->o_tmpfree( op->o_req_ndn.bv_val, op->o_tmpmemctx );
83         op->o_req_ndn = ndn;
84
85         return LDAP_SUCCESS;
86 }
87
88 static int
89 rwm_op_add( Operation *op, SlapReply *rs )
90 {
91         slap_overinst           *on = (slap_overinst *) op->o_bd->bd_info;
92         struct ldaprwmap        *rwmap = 
93                         (struct ldaprwmap *)on->on_bi.bi_private;
94
95         int                     rc,
96                                 i;
97         Attribute               **ap = NULL;
98         char                    *olddn = op->o_req_dn.bv_val;
99         int                     isupdate;
100
101 #ifdef ENABLE_REWRITE
102         rc = rwm_op_dn_massage( op, rs, "addDN" );
103 #else /* ! ENABLE_REWRITE */
104         rc = 1;
105         rc = rwm_op_dn_massage( op, rs, &rc );
106 #endif /* ! ENABLE_REWRITE */
107         if ( rc != LDAP_SUCCESS ) {
108                 op->o_bd->bd_info = (BackendInfo *)on->on_info;
109                 send_ldap_error( op, rs, rc, "addDN massage error" );
110                 return -1;
111         }
112
113         if ( olddn != op->o_req_dn.bv_val ) {
114                 ch_free( op->ora_e->e_name.bv_val );
115                 ch_free( op->ora_e->e_nname.bv_val );
116
117                 ber_dupbv( &op->ora_e->e_name, &op->o_req_dn );
118                 ber_dupbv( &op->ora_e->e_nname, &op->o_req_ndn );
119         }
120
121         /* Count number of attributes in entry */ 
122         isupdate = be_shadow_update( op );
123         for ( i = 0, ap = &op->oq_add.rs_e->e_attrs; *ap; ) {
124                 Attribute       *a;
125
126                 if ( (*ap)->a_desc == slap_schema.si_ad_objectClass ||
127                                 (*ap)->a_desc == slap_schema.si_ad_structuralObjectClass )
128                 {
129                         int             j, last;
130
131                         for ( last = 0; !BER_BVISNULL( &(*ap)->a_vals[ last ] ); last++ )
132                                         /* count values */ ;
133                         last--;
134                         for ( j = 0; !BER_BVISNULL( &(*ap)->a_vals[ j ] ); j++ ) {
135                                 struct ldapmapping      *mapping = NULL;
136
137                                 ( void )rwm_mapping( &rwmap->rwm_oc, &(*ap)->a_vals[ j ],
138                                                 &mapping, RWM_MAP );
139                                 if ( mapping == NULL ) {
140                                         if ( rwmap->rwm_at.drop_missing ) {
141                                                 /* FIXME: we allow to remove objectClasses as well;
142                                                  * if the resulting entry is inconsistent, that's
143                                                  * the relayed database's business...
144                                                  */
145                                                 ch_free( (*ap)->a_vals[ j ].bv_val );
146                                                 if ( last > j ) {
147                                                         (*ap)->a_vals[ j ] = (*ap)->a_vals[ last ];
148                                                 }
149                                                 BER_BVZERO( &(*ap)->a_vals[ last ] );
150                                                 last--;
151                                                 j--;
152                                         }
153
154                                 } else {
155                                         ch_free( (*ap)->a_vals[ j ].bv_val );
156                                         ber_dupbv( &(*ap)->a_vals[ j ], &mapping->m_dst );
157                                 }
158                         }
159
160                 } else if ( !isupdate && (*ap)->a_desc->ad_type->sat_no_user_mod ) {
161                         goto next_attr;
162
163                 } else {
164                         struct ldapmapping      *mapping = NULL;
165
166                         ( void )rwm_mapping( &rwmap->rwm_at, &(*ap)->a_desc->ad_cname,
167                                         &mapping, RWM_MAP );
168                         if ( mapping == NULL ) {
169                                 if ( rwmap->rwm_at.drop_missing ) {
170                                         goto cleanup_attr;
171                                 }
172                         }
173
174                         if ( (*ap)->a_desc->ad_type->sat_syntax == slap_schema.si_syn_distinguishedName
175                                         || ( mapping != NULL && mapping->m_dst_ad->ad_type->sat_syntax == slap_schema.si_syn_distinguishedName ) )
176                         {
177                                 /*
178                                  * FIXME: rewrite could fail; in this case
179                                  * the operation should give up, right?
180                                  */
181 #ifdef ENABLE_REWRITE
182                                 rc = rwm_dnattr_rewrite( op, rs, "addAttrDN",
183                                                 (*ap)->a_vals,
184                                                 (*ap)->a_nvals ? &(*ap)->a_nvals : NULL );
185 #else /* ! ENABLE_REWRITE */
186                                 rc = 1;
187                                 rc = rwm_dnattr_rewrite( op, rs, &rc, (*ap)->a_vals,
188                                                 (*ap)->a_nvals ? &(*ap)->a_nvals : NULL );
189 #endif /* ! ENABLE_REWRITE */
190                                 if ( rc ) {
191                                         goto cleanup_attr;
192                                 }
193
194                         } else if ( (*ap)->a_desc == slap_schema.si_ad_ref ) {
195 #ifdef ENABLE_REWRITE
196                                 rc = rwm_referral_rewrite( op, rs, "referralAttrDN",
197                                                 (*ap)->a_vals,
198                                                 (*ap)->a_nvals ? &(*ap)->a_nvals : NULL );
199 #else /* ! ENABLE_REWRITE */
200                                 rc = 1;
201                                 rc = rwm_referral_rewrite( op, rs, &rc, (*ap)->a_vals,
202                                                 (*ap)->a_nvals ? &(*ap)->a_nvals : NULL );
203 #endif /* ! ENABLE_REWRITE */
204                                 if ( rc != LDAP_SUCCESS ) {
205                                         goto cleanup_attr;
206                                 }
207                         }
208                 
209                         if ( mapping != NULL ) {
210                                 assert( mapping->m_dst_ad );
211                                 (*ap)->a_desc = mapping->m_dst_ad;
212                         }
213                 }
214
215 next_attr:;
216                 ap = &(*ap)->a_next;
217                 continue;
218
219 cleanup_attr:;
220                 /* FIXME: leaking attribute/values? */
221                 a = *ap;
222
223                 *ap = (*ap)->a_next;
224                 attr_free( a );
225         }
226
227         /* TODO: map attribute types, values of DN-valued attributes ... */
228         return SLAP_CB_CONTINUE;
229 }
230
231 static int
232 rwm_op_bind( Operation *op, SlapReply *rs )
233 {
234         slap_overinst           *on = (slap_overinst *) op->o_bd->bd_info;
235         struct ldaprwmap        *rwmap = 
236                         (struct ldaprwmap *)on->on_bi.bi_private;
237         int                     rc;
238
239 #ifdef ENABLE_REWRITE
240         ( void )rewrite_session_delete( rwmap->rwm_rw, op->o_conn );
241         ( void )rewrite_session_init( rwmap->rwm_rw, op->o_conn );
242
243         rc = rwm_op_dn_massage( op, rs, "bindDN" );
244 #else /* ! ENABLE_REWRITE */
245         rc = 1;
246         rc = rwm_op_dn_massage( op, rs, &rc );
247 #endif /* ! ENABLE_REWRITE */
248         if ( rc != LDAP_SUCCESS ) {
249                 op->o_bd->bd_info = (BackendInfo *)on->on_info;
250                 send_ldap_error( op, rs, rc, "bindDN massage error" );
251                 return -1;
252         }
253
254         return SLAP_CB_CONTINUE;
255 }
256
257 static int
258 rwm_op_unbind( Operation *op, SlapReply *rs )
259 {
260         slap_overinst           *on = (slap_overinst *) op->o_bd->bd_info;
261         struct ldaprwmap        *rwmap = 
262                         (struct ldaprwmap *)on->on_bi.bi_private;
263
264 #ifdef ENABLE_REWRITE
265         rewrite_session_delete( rwmap->rwm_rw, op->o_conn );
266 #endif /* ENABLE_REWRITE */
267
268         return SLAP_CB_CONTINUE;
269 }
270
271 static int
272 rwm_op_compare( Operation *op, SlapReply *rs )
273 {
274         slap_overinst           *on = (slap_overinst *) op->o_bd->bd_info;
275         struct ldaprwmap        *rwmap = 
276                         (struct ldaprwmap *)on->on_bi.bi_private;
277
278         int                     rc;
279         struct berval           mapped_at = BER_BVNULL,
280                                 mapped_vals[2] = { BER_BVNULL, BER_BVNULL };
281
282 #ifdef ENABLE_REWRITE
283         rc = rwm_op_dn_massage( op, rs, "compareDN" );
284 #else /* ! ENABLE_REWRITE */
285         rc = 1;
286         rc = rwm_op_dn_massage( op, rs, &rc );
287 #endif /* ! ENABLE_REWRITE */
288         if ( rc != LDAP_SUCCESS ) {
289                 op->o_bd->bd_info = (BackendInfo *)on->on_info;
290                 send_ldap_error( op, rs, rc, "compareDN massage error" );
291                 return -1;
292         }
293
294         /* if the attribute is an objectClass, try to remap its value */
295         if ( op->orc_ava->aa_desc == slap_schema.si_ad_objectClass
296                         || op->orc_ava->aa_desc == slap_schema.si_ad_structuralObjectClass )
297         {
298                 rwm_map( &rwmap->rwm_oc, &op->orc_ava->aa_value,
299                                 &mapped_vals[0], RWM_MAP );
300                 if ( BER_BVISNULL( &mapped_vals[0] ) || BER_BVISEMPTY( &mapped_vals[0] ) )
301                 {
302                         op->o_bd->bd_info = (BackendInfo *)on->on_info;
303                         send_ldap_error( op, rs, LDAP_OTHER, "compare objectClass map error" );
304                         return -1;
305
306                 } else if ( mapped_vals[0].bv_val != op->orc_ava->aa_value.bv_val ) {
307                         free( op->orc_ava->aa_value.bv_val );
308                         op->orc_ava->aa_value = mapped_vals[0];
309                 }
310                 mapped_at = op->orc_ava->aa_desc->ad_cname;
311
312         } else {
313                 struct ldapmapping      *mapping = NULL;
314                 AttributeDescription    *ad = op->orc_ava->aa_desc;
315
316                 ( void )rwm_mapping( &rwmap->rwm_at, &op->orc_ava->aa_desc->ad_cname,
317                                 &mapping, RWM_MAP );
318                 if ( mapping == NULL ) {
319                         if ( rwmap->rwm_at.drop_missing ) {
320                                 op->o_bd->bd_info = (BackendInfo *)on->on_info;
321                                 send_ldap_error( op, rs, LDAP_OTHER, "compare attributeType map error" );
322                                 return -1;
323                         }
324
325                 } else {
326                         assert( mapping->m_dst_ad );
327                         ad = mapping->m_dst_ad;
328                 }
329
330                 if ( op->orc_ava->aa_desc->ad_type->sat_syntax == slap_schema.si_syn_distinguishedName
331                                 || ( mapping != NULL && mapping->m_dst_ad->ad_type->sat_syntax == slap_schema.si_syn_distinguishedName ) )
332                 {
333                         struct berval   *mapped_valsp[2];
334                         
335                         mapped_valsp[0] = &mapped_vals[0];
336                         mapped_valsp[1] = &mapped_vals[1];
337
338                         mapped_vals[0] = op->orc_ava->aa_value;
339
340 #ifdef ENABLE_REWRITE
341                         rc = rwm_dnattr_rewrite( op, rs, "compareAttrDN", NULL, mapped_valsp );
342 #else /* ! ENABLE_REWRITE */
343                         rc = 1;
344                         rc = rwm_dnattr_rewrite( op, rs, &rc, NULL, mapped_valsp );
345 #endif /* ! ENABLE_REWRITE */
346
347                         if ( rc != LDAP_SUCCESS ) {
348                                 op->o_bd->bd_info = (BackendInfo *)on->on_info;
349                                 send_ldap_error( op, rs, rc, "compareAttrDN massage error" );
350                                 return -1;
351                         }
352
353                         op->orc_ava->aa_value = mapped_vals[0];
354                 }
355                 op->orc_ava->aa_desc = ad;
356         }
357
358         return SLAP_CB_CONTINUE;
359 }
360
361 static int
362 rwm_op_delete( Operation *op, SlapReply *rs )
363 {
364         slap_overinst           *on = (slap_overinst *) op->o_bd->bd_info;
365         int                     rc;
366
367 #ifdef ENABLE_REWRITE
368         rc = rwm_op_dn_massage( op, rs, "deleteDN" );
369 #else /* ! ENABLE_REWRITE */
370         rc = 1;
371         rc = rwm_op_dn_massage( op, rs, &rc );
372 #endif /* ! ENABLE_REWRITE */
373         if ( rc != LDAP_SUCCESS ) {
374                 op->o_bd->bd_info = (BackendInfo *)on->on_info;
375                 send_ldap_error( op, rs, rc, "deleteDN massage error" );
376                 return -1;
377         }
378
379         return SLAP_CB_CONTINUE;
380 }
381
382 static int
383 rwm_op_modify( Operation *op, SlapReply *rs )
384 {
385         slap_overinst           *on = (slap_overinst *) op->o_bd->bd_info;
386         struct ldaprwmap        *rwmap = 
387                         (struct ldaprwmap *)on->on_bi.bi_private;
388
389         int                     isupdate;
390         Modifications           **mlp;
391         int                     rc;
392
393 #ifdef ENABLE_REWRITE
394         rc = rwm_op_dn_massage( op, rs, "modifyDN" );
395 #else /* ! ENABLE_REWRITE */
396         rc = 1;
397         rc = rwm_op_dn_massage( op, rs, &rc );
398 #endif /* ! ENABLE_REWRITE */
399         if ( rc != LDAP_SUCCESS ) {
400                 op->o_bd->bd_info = (BackendInfo *)on->on_info;
401                 send_ldap_error( op, rs, rc, "modifyDN massage error" );
402                 return -1;
403         }
404
405         isupdate = be_shadow_update( op );
406         for ( mlp = &op->oq_modify.rs_modlist; *mlp; ) {
407                 int                     is_oc = 0;
408                 Modifications           *ml;
409                 struct ldapmapping      *mapping = NULL;
410
411                 if ( (*mlp)->sml_desc == slap_schema.si_ad_objectClass 
412                                 || (*mlp)->sml_desc == slap_schema.si_ad_structuralObjectClass )
413                 {
414                         is_oc = 1;
415
416                 } else if ( !isupdate && (*mlp)->sml_desc->ad_type->sat_no_user_mod  ) {
417                         goto next_mod;
418
419                 } else {
420                         int                     drop_missing;
421
422                         drop_missing = rwm_mapping( &rwmap->rwm_at,
423                                         &(*mlp)->sml_desc->ad_cname,
424                                         &mapping, RWM_MAP );
425                         if ( drop_missing || ( mapping != NULL && BER_BVISNULL( &mapping->m_dst ) ) )
426                         {
427                                 goto cleanup_mod;
428                         }
429                 }
430
431                 if ( (*mlp)->sml_values != NULL ) {
432                         if ( is_oc ) {
433                                 int     last, j;
434
435                                 for ( last = 0; !BER_BVISNULL( &(*mlp)->sml_values[ last ] ); last++ )
436                                         /* count values */ ;
437                                 last--;
438
439                                 for ( j = 0; !BER_BVISNULL( &(*mlp)->sml_values[ j ] ); j++ ) {
440                                         struct ldapmapping      *oc_mapping = NULL;
441                 
442                                         ( void )rwm_mapping( &rwmap->rwm_oc, &(*mlp)->sml_values[ j ],
443                                                         &oc_mapping, RWM_MAP );
444                                         if ( oc_mapping == NULL ) {
445                                                 if ( rwmap->rwm_at.drop_missing ) {
446                                                         /* FIXME: we allow to remove objectClasses as well;
447                                                          * if the resulting entry is inconsistent, that's
448                                                          * the relayed database's business...
449                                                          */
450                                                         ch_free( (*mlp)->sml_values[ j ].bv_val );
451                                                         if ( last > j ) {
452                                                                 (*mlp)->sml_values[ j ] = (*mlp)->sml_values[ last ];
453                                                         }
454                                                         BER_BVZERO( &(*mlp)->sml_values[ last ] );
455                                                         last--;
456                                                         j--;
457                                                 }
458         
459                                         } else {
460                                                 ch_free( (*mlp)->sml_values[ j ].bv_val );
461                                                 ber_dupbv( &(*mlp)->sml_values[ j ], &oc_mapping->m_dst );
462                                         }
463                                 }
464
465                         } else {
466                                 if ( (*mlp)->sml_desc->ad_type->sat_syntax == slap_schema.si_syn_distinguishedName
467                                                 || ( mapping != NULL && mapping->m_dst_ad->ad_type->sat_syntax == slap_schema.si_syn_distinguishedName ) )
468                                 {
469 #ifdef ENABLE_REWRITE
470                                         rc = rwm_dnattr_rewrite( op, rs, "modifyAttrDN",
471                                                         (*mlp)->sml_values,
472                                                         (*mlp)->sml_nvalues ? &(*mlp)->sml_nvalues : NULL );
473 #else /* ! ENABLE_REWRITE */
474                                         rc = 1;
475                                         rc = rwm_dnattr_rewrite( op, rs, &rc, 
476                                                         (*mlp)->sml_values,
477                                                         (*mlp)->sml_nvalues ? &(*mlp)->sml_nvalues : NULL );
478 #endif /* ! ENABLE_REWRITE */
479
480                                 } else if ( (*mlp)->sml_desc == slap_schema.si_ad_ref ) {
481 #ifdef ENABLE_REWRITE
482                                         rc = rwm_referral_rewrite( op, rs,
483                                                         "referralAttrDN",
484                                                         (*mlp)->sml_values,
485                                                         (*mlp)->sml_nvalues ? &(*mlp)->sml_nvalues : NULL );
486 #else /* ! ENABLE_REWRITE */
487                                         rc = 1;
488                                         rc = rwm_referral_rewrite( op, rs, &rc,
489                                                         (*mlp)->sml_values,
490                                                         (*mlp)->sml_nvalues ? &(*mlp)->sml_nvalues : NULL );
491 #endif /* ! ENABLE_REWRITE */
492                                         if ( rc != LDAP_SUCCESS ) {
493                                                 goto cleanup_mod;
494                                         }
495                                 }
496
497                                 if ( rc != LDAP_SUCCESS ) {
498                                         goto cleanup_mod;
499                                 }
500                         }
501                 }
502
503 next_mod:;
504                 if ( mapping != NULL ) {
505                         /* use new attribute description */
506                         assert( mapping->m_dst_ad );
507                         (*mlp)->sml_desc = mapping->m_dst_ad;
508                 }
509
510                 mlp = &(*mlp)->sml_next;
511                 continue;
512
513 cleanup_mod:;
514                 ml = *mlp;
515                 *mlp = (*mlp)->sml_next;
516                 slap_mod_free( &ml->sml_mod, 0 );
517                 free( ml );
518         }
519
520         return SLAP_CB_CONTINUE;
521 }
522
523 static int
524 rwm_op_modrdn( Operation *op, SlapReply *rs )
525 {
526         slap_overinst           *on = (slap_overinst *) op->o_bd->bd_info;
527         struct ldaprwmap        *rwmap = 
528                         (struct ldaprwmap *)on->on_bi.bi_private;
529         
530         int                     rc;
531
532         if ( op->orr_newSup ) {
533                 dncookie        dc;
534                 struct berval   nnewSup = BER_BVNULL;
535                 struct berval   newSup = BER_BVNULL;
536
537                 /*
538                  * Rewrite the new superior, if defined and required
539                  */
540                 dc.rwmap = rwmap;
541 #ifdef ENABLE_REWRITE
542                 dc.conn = op->o_conn;
543                 dc.rs = rs;
544                 dc.ctx = "newSuperiorDN";
545 #else /* ! ENABLE_REWRITE */
546                 dc.tofrom = 0;
547                 dc.normalized = 0;
548 #endif /* ! ENABLE_REWRITE */
549                 newSup = *op->orr_newSup;
550                 nnewSup = *op->orr_nnewSup;
551                 rc = rwm_dn_massage_pretty_normalize( &dc, op->orr_newSup, &newSup, &nnewSup );
552                 if ( rc != LDAP_SUCCESS ) {
553                         op->o_bd->bd_info = (BackendInfo *)on->on_info;
554                         send_ldap_error( op, rs, rc, "newSuperiorDN massage error" );
555                         return -1;
556                 }
557
558                 if ( op->orr_newSup->bv_val != newSup.bv_val ) {
559                         op->o_tmpfree( op->orr_newSup->bv_val, op->o_tmpmemctx );
560                         op->o_tmpfree( op->orr_nnewSup->bv_val, op->o_tmpmemctx );
561                         *op->orr_newSup = newSup;
562                         *op->orr_nnewSup = nnewSup;
563                 }
564         }
565
566         /*
567          * Rewrite the dn, if needed
568          */
569 #ifdef ENABLE_REWRITE
570         rc = rwm_op_dn_massage( op, rs, "renameDN" );
571 #else /* ! ENABLE_REWRITE */
572         rc = 1;
573         rc = rwm_op_dn_massage( op, rs, &rc );
574 #endif /* ! ENABLE_REWRITE */
575         if ( rc != LDAP_SUCCESS ) {
576                 op->o_bd->bd_info = (BackendInfo *)on->on_info;
577                 send_ldap_error( op, rs, rc, "renameDN massage error" );
578                 return -1;
579         }
580
581         /* TODO: rewrite newRDN, attribute types, 
582          * values of DN-valued attributes ... */
583         return SLAP_CB_CONTINUE;
584 }
585
586 static int
587 rwm_swap_attrs( Operation *op, SlapReply *rs )
588 {
589         slap_callback   *cb = op->o_callback;
590         AttributeName   *an = (AttributeName *)cb->sc_private;
591
592         rs->sr_attrs = an;
593         
594         return SLAP_CB_CONTINUE;
595 }
596
597 static int rwm_freeself( Operation *op, SlapReply *rs )
598 {
599         if ( op->o_tag == LDAP_REQ_SEARCH && rs->sr_type == REP_RESULT ) {
600                 assert( op->o_callback );
601
602                 op->o_tmpfree( op->o_callback, op->o_tmpmemctx );
603                 op->o_callback = NULL;
604         }
605
606         return SLAP_CB_CONTINUE;
607 }
608
609 static int
610 rwm_op_search( Operation *op, SlapReply *rs )
611 {
612         slap_overinst           *on = (slap_overinst *) op->o_bd->bd_info;
613         struct ldaprwmap        *rwmap = 
614                         (struct ldaprwmap *)on->on_bi.bi_private;
615
616         int                     rc;
617         dncookie                dc;
618
619         struct berval           fstr = BER_BVNULL;
620         Filter                  *f = NULL;
621
622         slap_callback           *cb;
623         AttributeName           *an = NULL;
624
625         char                    *text = NULL;
626
627 #ifdef ENABLE_REWRITE
628         rc = rwm_op_dn_massage( op, rs, "searchDN" );
629 #else /* ! ENABLE_REWRITE */
630         rc = 1;
631         rc = rwm_op_dn_massage( op, rs, &rc );
632 #endif /* ! ENABLE_REWRITE */
633         if ( rc != LDAP_SUCCESS ) {
634                 text = "searchDN massage error";
635                 goto error_return;
636         }
637
638         /*
639          * Rewrite the dn if needed
640          */
641         dc.rwmap = rwmap;
642 #ifdef ENABLE_REWRITE
643         dc.conn = op->o_conn;
644         dc.rs = rs;
645         dc.ctx = "searchFilterAttrDN";
646 #else /* ! ENABLE_REWRITE */
647         dc.tofrom = 0;
648         dc.normalized = 0;
649 #endif /* ! ENABLE_REWRITE */
650
651         rc = rwm_filter_map_rewrite( &dc, op->ors_filter, &fstr );
652         if ( rc != LDAP_SUCCESS ) {
653                 text = "searchFilter/searchFilterAttrDN massage error";
654                 goto error_return;
655         }
656
657         f = str2filter_x( op, fstr.bv_val );
658
659         if ( f == NULL ) {
660                 text = "massaged filter parse error";
661                 goto error_return;
662         }
663
664         if ( !BER_BVISNULL( &op->ors_filterstr ) ) {
665                 ch_free( op->ors_filterstr.bv_val );
666         }
667
668         if( op->ors_filter ) {
669                 filter_free_x( op, op->ors_filter );
670         }
671
672         op->ors_filter = f;
673         op->ors_filterstr = fstr;
674
675         rc = rwm_map_attrnames( &rwmap->rwm_at, &rwmap->rwm_oc,
676                         op->ors_attrs, &an, RWM_MAP );
677         if ( rc != LDAP_SUCCESS ) {
678                 text = "attribute list mapping error";
679                 goto error_return;
680         }
681
682         cb = (slap_callback *) op->o_tmpcalloc( sizeof( slap_callback ),
683                         1, op->o_tmpmemctx );
684         if ( cb == NULL ) {
685                 rc = LDAP_NO_MEMORY;
686                 goto error_return;
687         }
688
689         cb->sc_response = rwm_swap_attrs;
690         cb->sc_cleanup = rwm_freeself;
691         cb->sc_private = (void *)op->ors_attrs;
692         cb->sc_next = op->o_callback;
693
694         op->o_callback = cb;
695         op->ors_attrs = an;
696
697         return SLAP_CB_CONTINUE;
698
699 error_return:;
700         if ( an != NULL ) {
701                 ch_free( an );
702         }
703
704         if ( f != NULL ) {
705                 filter_free_x( op, f );
706         }
707
708         if ( !BER_BVISNULL( &fstr ) ) {
709                 ch_free( fstr.bv_val );
710         }
711
712         op->o_bd->bd_info = (BackendInfo *)on->on_info;
713         send_ldap_error( op, rs, rc, text );
714
715         return -1;
716
717 }
718
719 static int
720 rwm_extended( Operation *op, SlapReply *rs )
721 {
722         slap_overinst           *on = (slap_overinst *) op->o_bd->bd_info;
723         int                     rc;
724
725 #ifdef ENABLE_REWRITE
726         rc = rwm_op_dn_massage( op, rs, "extendedDN" );
727 #else /* ! ENABLE_REWRITE */
728         rc = 1;
729         rc = rwm_op_dn_massage( op, rs, &rc );
730 #endif /* ! ENABLE_REWRITE */
731         if ( rc != LDAP_SUCCESS ) {
732                 op->o_bd->bd_info = (BackendInfo *)on->on_info;
733                 send_ldap_error( op, rs, rc, "extendedDN massage error" );
734                 return -1;
735         }
736
737         /* TODO: rewrite/map extended data ? ... */
738         return SLAP_CB_CONTINUE;
739 }
740
741 static int
742 rwm_matched( Operation *op, SlapReply *rs )
743 {
744         slap_overinst           *on = (slap_overinst *) op->o_bd->bd_info;
745         struct ldaprwmap        *rwmap = 
746                         (struct ldaprwmap *)on->on_bi.bi_private;
747
748         struct berval           dn, mdn;
749         dncookie                dc;
750         int                     rc;
751
752         if ( rs->sr_matched == NULL ) {
753                 return SLAP_CB_CONTINUE;
754         }
755
756         dc.rwmap = rwmap;
757 #ifdef ENABLE_REWRITE
758         dc.conn = op->o_conn;
759         dc.rs = rs;
760         dc.ctx = "matchedDN";
761 #else /* ! ENABLE_REWRITE */
762         dc.tofrom = 0;
763         dc.normalized = 0;
764 #endif /* ! ENABLE_REWRITE */
765         ber_str2bv( rs->sr_matched, 0, 0, &dn );
766         mdn = dn;
767         rc = rwm_dn_massage_pretty( &dc, &dn, &mdn );
768         if ( rc != LDAP_SUCCESS ) {
769                 rs->sr_err = rc;
770                 rs->sr_text = "Rewrite error";
771                 return 1;
772         }
773
774         if ( mdn.bv_val != dn.bv_val ) {
775                 if ( rs->sr_flags & REP_MATCHED_MUSTBEFREED ) {
776                         ch_free( (void *)rs->sr_matched );
777
778                 } else {
779                         rs->sr_flags |= REP_MATCHED_MUSTBEFREED;
780                 }
781                 rs->sr_matched = mdn.bv_val;
782         }
783         
784         return SLAP_CB_CONTINUE;
785 }
786
787 static int
788 rwm_attrs( Operation *op, SlapReply *rs, Attribute** a_first, int stripEntryDN )
789 {
790         slap_overinst           *on = (slap_overinst *) op->o_bd->bd_info;
791         struct ldaprwmap        *rwmap = 
792                         (struct ldaprwmap *)on->on_bi.bi_private;
793
794         dncookie                dc;
795         int                     rc;
796         Attribute               **ap;
797         int                     isupdate;
798
799         /*
800          * Rewrite the dn attrs, if needed
801          */
802         dc.rwmap = rwmap;
803 #ifdef ENABLE_REWRITE
804         dc.conn = op->o_conn;
805         dc.rs = NULL; 
806 #else /* ! ENABLE_REWRITE */
807         dc.tofrom = 0;
808         dc.normalized = 0;
809 #endif /* ! ENABLE_REWRITE */
810
811         /* FIXME: the entries are in the remote mapping form;
812          * so we need to select those attributes we are willing
813          * to return, and remap them accordingly */
814
815         /* FIXME: in principle, one could map an attribute
816          * on top of another, which already exists.
817          * As such, in the end there might exist more than
818          * one instance of an attribute.
819          * We should at least check if this occurs, and issue
820          * an error (because multiple instances of attrs in 
821          * response are not valid), or merge the values (what
822          * about duplicate values?) */
823         isupdate = be_shadow_update( op );
824         for ( ap = a_first; *ap; ) {
825                 struct ldapmapping      *mapping = NULL;
826                 int                     drop_missing;
827                 int                     last;
828                 Attribute               *a;
829
830                 if ( SLAP_OPATTRS( rs->sr_attr_flags ) && is_at_operational( (*ap)->a_desc->ad_type ) )
831                 {
832                         /* go on */ ;
833                         
834                 } else {
835                         if ( op->ors_attrs != NULL && 
836                                         !SLAP_USERATTRS( rs->sr_attr_flags ) &&
837                                         !ad_inlist( (*ap)->a_desc, op->ors_attrs ) )
838                         {
839                                 goto cleanup_attr;
840                         }
841
842                         drop_missing = rwm_mapping( &rwmap->rwm_at,
843                                         &(*ap)->a_desc->ad_cname, &mapping, RWM_REMAP );
844                         if ( drop_missing || ( mapping != NULL && BER_BVISEMPTY( &mapping->m_dst ) ) )
845                         {
846                                 goto cleanup_attr;
847                         }
848
849                         if ( mapping != NULL ) {
850                                 (*ap)->a_desc = mapping->m_dst_ad;
851                         }
852                 }
853
854                 if ( (*ap)->a_desc == slap_schema.si_ad_entryDN ) {
855                         if ( stripEntryDN ) {
856                                 /* will be generated by frontend */
857                                 goto cleanup_attr;
858                         }
859                         
860                 } else if ( !isupdate
861                         && (*ap)->a_desc->ad_type->sat_no_user_mod 
862                         && (*ap)->a_desc->ad_type != slap_schema.si_at_undefined )
863                 {
864                         goto next_attr;
865                 }
866
867                 for ( last = 0; !BER_BVISNULL( &(*ap)->a_vals[last] ); last++ )
868                         /* just count */ ;
869
870                 if ( last == 0 ) {
871                         /* empty? for now, we leave it in place */
872                         goto next_attr;
873                 }
874                 last--;
875
876                 if ( (*ap)->a_desc == slap_schema.si_ad_objectClass
877                                 || (*ap)->a_desc == slap_schema.si_ad_structuralObjectClass )
878                 {
879                         struct berval   *bv;
880                         
881                         for ( bv = (*ap)->a_vals; !BER_BVISNULL( bv ); bv++ ) {
882                                 struct berval   mapped;
883
884                                 rwm_map( &rwmap->rwm_oc, &bv[0], &mapped, RWM_REMAP );
885                                 if ( BER_BVISNULL( &mapped ) || BER_BVISEMPTY( &mapped ) ) {
886                                         ch_free( bv[0].bv_val );
887                                         BER_BVZERO( &bv[0] );
888                                         if ( &(*ap)->a_vals[last] > &bv[0] ) {
889                                                 bv[0] = (*ap)->a_vals[last];
890                                                 BER_BVZERO( &(*ap)->a_vals[last] );
891                                         }
892                                         last--;
893                                         bv--;
894
895                                 } else if ( mapped.bv_val != bv[0].bv_val ) {
896                                         /*
897                                          * FIXME: after LBER_FREEing
898                                          * the value is replaced by
899                                          * ch_alloc'ed memory
900                                          */
901                                         ch_free( bv[0].bv_val );
902                                         ber_dupbv( &bv[0], &mapped );
903                                 }
904                         }
905
906                 /*
907                  * It is necessary to try to rewrite attributes with
908                  * dn syntax because they might be used in ACLs as
909                  * members of groups; since ACLs are applied to the
910                  * rewritten stuff, no dn-based subject clause could
911                  * be used at the ldap backend side (see
912                  * http://www.OpenLDAP.org/faq/data/cache/452.html)
913                  * The problem can be overcome by moving the dn-based
914                  * ACLs to the target directory server, and letting
915                  * everything pass thru the ldap backend. */
916                 /* FIXME: handle distinguishedName-like syntaxes, like
917                  * nameAndOptionalUID */
918                 } else if ( (*ap)->a_desc->ad_type->sat_syntax == slap_schema.si_syn_distinguishedName
919                                 || ( mapping != NULL && mapping->m_src_ad->ad_type->sat_syntax == slap_schema.si_syn_distinguishedName ) )
920                 {
921 #ifdef ENABLE_REWRITE
922                         dc.ctx = "searchAttrDN";
923 #endif /* ENABLE_REWRITE */
924                         rc = rwm_dnattr_result_rewrite( &dc, (*ap)->a_vals );
925                         if ( rc != LDAP_SUCCESS ) {
926                                 goto cleanup_attr;
927                         }
928
929                 } else if ( (*ap)->a_desc == slap_schema.si_ad_ref ) {
930 #ifdef ENABLE_REWRITE
931                         dc.ctx = "searchAttrDN";
932 #endif /* ENABLE_REWRITE */
933                         rc = rwm_referral_result_rewrite( &dc, (*ap)->a_vals );
934                         if ( rc != LDAP_SUCCESS ) {
935                                 goto cleanup_attr;
936                         }
937                 }
938
939                 if ( mapping != NULL ) {
940                         /* rewrite the attribute description */
941                         assert( mapping->m_dst_ad );
942                         (*ap)->a_desc = mapping->m_dst_ad;
943                 }
944
945 next_attr:;
946                 ap = &(*ap)->a_next;
947                 continue;
948
949 cleanup_attr:;
950                 a = *ap;
951                 *ap = (*ap)->a_next;
952
953                 attr_free( a );
954         }
955
956         return 0;
957 }
958
959 static int
960 rwm_send_entry( Operation *op, SlapReply *rs )
961 {
962         slap_overinst           *on = (slap_overinst *) op->o_bd->bd_info;
963         struct ldaprwmap        *rwmap = 
964                         (struct ldaprwmap *)on->on_bi.bi_private;
965
966         Entry                   *e = NULL;
967         int                     flags;
968         struct berval           dn = BER_BVNULL,
969                                 ndn = BER_BVNULL;
970         dncookie                dc;
971         int                     rc;
972
973         assert( rs->sr_entry );
974
975         /*
976          * Rewrite the dn of the result, if needed
977          */
978         dc.rwmap = rwmap;
979 #ifdef ENABLE_REWRITE
980         dc.conn = op->o_conn;
981         dc.rs = NULL; 
982         dc.ctx = "searchEntryDN";
983 #else /* ! ENABLE_REWRITE */
984         dc.tofrom = 0;
985         dc.normalized = 0;
986 #endif /* ! ENABLE_REWRITE */
987
988         e = rs->sr_entry;
989         flags = rs->sr_flags;
990         if ( !( rs->sr_flags & REP_ENTRY_MODIFIABLE ) ) {
991                 /* FIXME: all we need to duplicate are:
992                  * - dn
993                  * - ndn
994                  * - attributes that are requested
995                  * - no values if attrsonly is set
996                  */
997
998                 e = entry_dup( e );
999                 if ( e == NULL ) {
1000                         rc = LDAP_NO_MEMORY;
1001                         goto fail;
1002                 }
1003
1004                 flags |= ( REP_ENTRY_MODIFIABLE | REP_ENTRY_MUSTBEFREED );
1005         }
1006
1007         /*
1008          * Note: this may fail if the target host(s) schema differs
1009          * from the one known to the meta, and a DN with unknown
1010          * attributes is returned.
1011          */
1012         dn = e->e_name;
1013         ndn = e->e_nname;
1014         rc = rwm_dn_massage_pretty_normalize( &dc, &e->e_name, &dn, &ndn );
1015         if ( rc != LDAP_SUCCESS ) {
1016                 rc = 1;
1017                 goto fail;
1018         }
1019
1020         if ( e->e_name.bv_val != dn.bv_val ) {
1021                 ch_free( e->e_name.bv_val );
1022                 ch_free( e->e_nname.bv_val );
1023
1024                 e->e_name = dn;
1025                 e->e_nname = ndn;
1026         }
1027
1028         /* TODO: map entry attribute types, objectclasses 
1029          * and dn-valued attribute values */
1030
1031         /* FIXME: the entries are in the remote mapping form;
1032          * so we need to select those attributes we are willing
1033          * to return, and remap them accordingly */
1034         (void)rwm_attrs( op, rs, &e->e_attrs, 1 );
1035
1036 #if 0
1037         if ( rs->sr_operational_attrs ) {
1038                 (void)rwm_attrs( op, rs, &rs->sr_operational_attrs, 0 );
1039         }
1040 #endif
1041
1042         rs->sr_entry = e;
1043         rs->sr_flags = flags;
1044
1045         return SLAP_CB_CONTINUE;
1046
1047 fail:;
1048         if ( !BER_BVISNULL( &dn ) ) {
1049                 ch_free( dn.bv_val );
1050         }
1051
1052         if ( !BER_BVISNULL( &ndn ) ) {
1053                 ch_free( ndn.bv_val );
1054         }
1055
1056         if ( e != NULL && e != rs->sr_entry ) {
1057                 entry_free( e );
1058         }
1059
1060         return rc;
1061 }
1062
1063 static int
1064 rwm_operational( Operation *op, SlapReply *rs )
1065 {
1066         /* FIXME: the entries are in the remote mapping form;
1067          * so we need to select those attributes we are willing
1068          * to return, and remap them accordingly */
1069         if ( rs->sr_operational_attrs ) {
1070                 rwm_attrs( op, rs, &rs->sr_operational_attrs, 1 );
1071         }
1072
1073         return SLAP_CB_CONTINUE;
1074 }
1075
1076 #if 0
1077 /* don't use this; it cannot be reverted, and leaves op->o_req_dn
1078  * rewritten for subsequent operations; fine for plain suffixmassage,
1079  * but destroys everything else */
1080 static int
1081 rwm_chk_referrals( Operation *op, SlapReply *rs )
1082 {
1083         slap_overinst           *on = (slap_overinst *) op->o_bd->bd_info;
1084         int                     rc;
1085
1086 #ifdef ENABLE_REWRITE
1087         rc = rwm_op_dn_massage( op, rs, "referralCheckDN" );
1088 #else /* ! ENABLE_REWRITE */
1089         rc = 1;
1090         rc = rwm_op_dn_massage( op, rs, &rc );
1091 #endif /* ! ENABLE_REWRITE */
1092         if ( rc != LDAP_SUCCESS ) {
1093                 op->o_bd->bd_info = (BackendInfo *)on->on_info;
1094                 send_ldap_error( op, rs, rc, "referralCheckDN massage error" );
1095                 return -1;
1096         }
1097
1098         return SLAP_CB_CONTINUE;
1099 }
1100 #endif
1101
1102 static int
1103 rwm_rw_config(
1104     BackendDB   *be,
1105     const char  *fname,
1106     int         lineno,
1107     int         argc,
1108     char        **argv
1109 )
1110 {
1111 #ifdef ENABLE_REWRITE
1112         slap_overinst           *on = (slap_overinst *) be->bd_info;
1113         struct ldaprwmap        *rwmap = 
1114                         (struct ldaprwmap *)on->on_bi.bi_private;
1115
1116         return rewrite_parse( rwmap->rwm_rw,
1117                                 fname, lineno, argc, argv );
1118
1119 #else /* !ENABLE_REWRITE */
1120         fprintf( stderr, "%s: line %d: rewrite capabilities "
1121                         "are not enabled\n", fname, lineno );
1122 #endif /* !ENABLE_REWRITE */
1123                 
1124         return 0;
1125 }
1126
1127 static int
1128 rwm_suffixmassage_config(
1129     BackendDB   *be,
1130     const char  *fname,
1131     int         lineno,
1132     int         argc,
1133     char        **argv
1134 )
1135 {
1136         slap_overinst           *on = (slap_overinst *) be->bd_info;
1137         struct ldaprwmap        *rwmap = 
1138                         (struct ldaprwmap *)on->on_bi.bi_private;
1139
1140         struct berval           bvnc, nvnc, pvnc, brnc, nrnc, prnc;
1141         int                     massaged;
1142 #ifdef ENABLE_REWRITE
1143         int                     rc;
1144 #endif /* ENABLE_REWRITE */
1145                 
1146         /*
1147          * syntax:
1148          * 
1149          *      suffixmassage [<suffix>] <massaged suffix>
1150          *
1151          * the [<suffix>] field must be defined as a valid suffix
1152          * for the current database;
1153          * the <massaged suffix> shouldn't have already been
1154          * defined as a valid suffix for the current server
1155          */
1156         if ( argc == 2 ) {
1157                 if ( be->be_suffix == NULL ) {
1158                         fprintf( stderr, "%s: line %d: "
1159                                        " \"suffixMassage [<suffix>]"
1160                                        " <massaged suffix>\" without "
1161                                        "<suffix> part requires database "
1162                                        "suffix be defined first.\n",
1163                                 fname, lineno );
1164                         return 1;
1165                 }
1166                 bvnc = be->be_suffix[ 0 ];
1167                 massaged = 1;
1168
1169         } else if ( argc == 3 ) {
1170                 ber_str2bv( argv[ 1 ], 0, 0, &bvnc );
1171                 massaged = 2;
1172
1173         } else  {
1174                 fprintf( stderr, "%s: line %d: syntax is"
1175                                " \"suffixMassage [<suffix>]"
1176                                " <massaged suffix>\"\n",
1177                         fname, lineno );
1178                 return 1;
1179         }
1180
1181         if ( dnPrettyNormal( NULL, &bvnc, &pvnc, &nvnc, NULL ) != LDAP_SUCCESS ) {
1182                 fprintf( stderr, "%s: line %d: suffix DN %s is invalid\n",
1183                         fname, lineno, bvnc.bv_val );
1184                 return 1;
1185         }
1186
1187         ber_str2bv( argv[ massaged ], 0, 0, &brnc );
1188         if ( dnPrettyNormal( NULL, &brnc, &prnc, &nrnc, NULL ) != LDAP_SUCCESS ) {
1189                 fprintf( stderr, "%s: line %d: suffix DN %s is invalid\n",
1190                                 fname, lineno, brnc.bv_val );
1191                 free( nvnc.bv_val );
1192                 free( pvnc.bv_val );
1193                 return 1;
1194         }
1195
1196 #ifdef ENABLE_REWRITE
1197         /*
1198          * The suffix massaging is emulated 
1199          * by means of the rewrite capabilities
1200          */
1201         rc = rwm_suffix_massage_config( rwmap->rwm_rw,
1202                         &pvnc, &nvnc, &prnc, &nrnc );
1203         free( nvnc.bv_val );
1204         free( pvnc.bv_val );
1205         free( nrnc.bv_val );
1206         free( prnc.bv_val );
1207
1208         return( rc );
1209
1210 #else /* !ENABLE_REWRITE */
1211         ber_bvarray_add( &rwmap->rwm_suffix_massage, &pvnc );
1212         ber_bvarray_add( &rwmap->rwm_suffix_massage, &nvnc );
1213                 
1214         ber_bvarray_add( &rwmap->rwm_suffix_massage, &prnc );
1215         ber_bvarray_add( &rwmap->rwm_suffix_massage, &nrnc );
1216 #endif /* !ENABLE_REWRITE */
1217
1218         return 0;
1219 }
1220
1221 static int
1222 rwm_m_config(
1223     BackendDB   *be,
1224     const char  *fname,
1225     int         lineno,
1226     int         argc,
1227     char        **argv
1228 )
1229 {
1230         slap_overinst           *on = (slap_overinst *) be->bd_info;
1231         struct ldaprwmap        *rwmap = 
1232                         (struct ldaprwmap *)on->on_bi.bi_private;
1233
1234         /* objectclass/attribute mapping */
1235         return rwm_map_config( &rwmap->rwm_oc,
1236                         &rwmap->rwm_at,
1237                         fname, lineno, argc, argv );
1238 }
1239
1240 static int
1241 rwm_response( Operation *op, SlapReply *rs )
1242 {
1243         slap_overinst           *on = (slap_overinst *)op->o_bd->bd_info;
1244         struct ldaprwmap        *rwmap = 
1245                         (struct ldaprwmap *)on->on_bi.bi_private;
1246
1247         int             rc;
1248
1249         if ( op->o_tag == LDAP_REQ_SEARCH && rs->sr_type == REP_SEARCH ) {
1250                 return rwm_send_entry( op, rs );
1251         }
1252
1253         switch( op->o_tag ) {
1254         case LDAP_REQ_SEARCH:
1255                 /* Note: the operation attrs are remapped */
1256                 if ( rs->sr_type == REP_RESULT
1257                                 && op->ors_attrs != NULL
1258                                 && op->ors_attrs != rs->sr_attrs )
1259                 {
1260                         ch_free( op->ors_attrs );
1261                         op->ors_attrs = rs->sr_attrs;
1262                 }
1263                 /* fall thru */
1264
1265         case LDAP_REQ_BIND:
1266         case LDAP_REQ_ADD:
1267         case LDAP_REQ_DELETE:
1268         case LDAP_REQ_MODRDN:
1269         case LDAP_REQ_MODIFY:
1270         case LDAP_REQ_COMPARE:
1271         case LDAP_REQ_EXTENDED:
1272                 if ( rs->sr_ref ) {
1273                         dncookie                dc;
1274
1275                         /*
1276                          * Rewrite the dn of the referrals, if needed
1277                          */
1278                         dc.rwmap = rwmap;
1279 #ifdef ENABLE_REWRITE
1280                         dc.conn = op->o_conn;
1281                         dc.rs = NULL; 
1282                         dc.ctx = "referralDN";
1283 #else /* ! ENABLE_REWRITE */
1284                         dc.tofrom = 0;
1285                         dc.normalized = 0;
1286 #endif /* ! ENABLE_REWRITE */
1287                         rc = rwm_referral_result_rewrite( &dc, rs->sr_ref );
1288                         if ( rc != LDAP_SUCCESS ) {
1289                                 rc = 1;
1290                                 break;
1291                         }
1292                 }
1293                 rc = rwm_matched( op, rs );
1294                 break;
1295
1296         default:
1297                 rc = SLAP_CB_CONTINUE;
1298                 break;
1299         }
1300
1301         return rc;
1302 }
1303
1304 static int
1305 rwm_db_config(
1306     BackendDB   *be,
1307     const char  *fname,
1308     int         lineno,
1309     int         argc,
1310     char        **argv
1311 )
1312 {
1313         slap_overinst           *on = (slap_overinst *) be->bd_info;
1314         struct ldaprwmap        *rwmap = 
1315                         (struct ldaprwmap *)on->on_bi.bi_private;
1316
1317         int             rc = 0;
1318         char            *argv0 = NULL;
1319
1320         if ( strncasecmp( argv[ 0 ], "rwm-", STRLENOF( "rwm-" ) ) == 0 ) {
1321                 argv0 = argv[ 0 ];
1322                 argv[ 0 ] = &argv0[ STRLENOF( "rwm-" ) ];
1323         }
1324
1325         if ( strncasecmp( argv[0], "rewrite", STRLENOF("rewrite") ) == 0 ) {
1326                 rc = rwm_rw_config( be, fname, lineno, argc, argv );
1327
1328         } else if ( strcasecmp( argv[0], "map" ) == 0 ) {
1329                 rc = rwm_m_config( be, fname, lineno, argc, argv );
1330
1331         } else if ( strcasecmp( argv[0], "suffixmassage" ) == 0 ) {
1332                 rc = rwm_suffixmassage_config( be, fname, lineno, argc, argv );
1333
1334         } else if ( strcasecmp( argv[0], "t-f-support" ) == 0 ) {
1335                 if ( argc != 2 ) {
1336                         fprintf( stderr,
1337                 "%s: line %d: \"t-f-support {no|yes|discover}\" needs 1 argument.\n",
1338                                         fname, lineno );
1339                         return( 1 );
1340                 }
1341
1342                 if ( strcasecmp( argv[ 1 ], "no" ) == 0 ) {
1343                         rwmap->rwm_flags &= ~(RWM_F_SUPPORT_T_F|RWM_F_SUPPORT_T_F_DISCOVER);
1344
1345                 } else if ( strcasecmp( argv[ 1 ], "yes" ) == 0 ) {
1346                         rwmap->rwm_flags |= RWM_F_SUPPORT_T_F;
1347
1348 #if 0
1349                 /* TODO: not implemented yet */
1350                 } else if ( strcasecmp( argv[ 1 ], "discover" ) == 0 ) {
1351                         rwmap->rwm_flags |= RWM_F_SUPPORT_T_F_DISCOVER;
1352 #endif
1353
1354                 } else {
1355                         fprintf( stderr,
1356         "%s: line %d: unknown value \"%s\" for \"t-f-support {no|yes|discover}\".\n",
1357                                 fname, lineno, argv[ 1 ] );
1358                         return 1;
1359                 }
1360
1361         } else {
1362                 rc = SLAP_CONF_UNKNOWN;
1363         }
1364
1365         if ( argv0 ) {
1366                 argv[ 0 ] = argv0;
1367         }
1368
1369         return rc;
1370 }
1371
1372 static int
1373 rwm_db_init(
1374         BackendDB *be
1375 )
1376 {
1377         slap_overinst           *on = (slap_overinst *) be->bd_info;
1378         struct ldapmapping      *mapping = NULL;
1379         struct ldaprwmap        *rwmap;
1380
1381         rwmap = (struct ldaprwmap *)ch_malloc(sizeof(struct ldaprwmap));
1382         memset(rwmap, 0, sizeof(struct ldaprwmap));
1383
1384 #ifdef ENABLE_REWRITE
1385         rwmap->rwm_rw = rewrite_info_init( REWRITE_MODE_USE_DEFAULT );
1386         if ( rwmap->rwm_rw == NULL ) {
1387                 ch_free( rwmap );
1388                 return -1;
1389         }
1390
1391         {
1392                 char    *rargv[3];
1393
1394                 /* this rewriteContext by default must be null;
1395                  * rules can be added if required */
1396                 rargv[ 0 ] = "rewriteContext";
1397                 rargv[ 1 ] = "searchFilter";
1398                 rargv[ 2 ] = NULL;
1399                 rewrite_parse( rwmap->rwm_rw, "<suffix massage>", 1, 2, rargv );
1400
1401                 rargv[ 0 ] = "rewriteContext";
1402                 rargv[ 1 ] = "default";
1403                 rargv[ 2 ] = NULL;
1404                 rewrite_parse( rwmap->rwm_rw, "<suffix massage>", 2, 2, rargv );
1405         }
1406         
1407 #endif /* ENABLE_REWRITE */
1408
1409         if ( rwm_map_init( &rwmap->rwm_oc, &mapping ) != LDAP_SUCCESS ||
1410                         rwm_map_init( &rwmap->rwm_at, &mapping ) != LDAP_SUCCESS )
1411         {
1412                 return 1;
1413         }
1414
1415         on->on_bi.bi_private = (void *)rwmap;
1416
1417         return 0;
1418 }
1419
1420 static int
1421 rwm_db_destroy(
1422         BackendDB *be
1423 )
1424 {
1425         slap_overinst   *on = (slap_overinst *) be->bd_info;
1426         int             rc = 0;
1427
1428         if ( on->on_bi.bi_private ) {
1429                 struct ldaprwmap        *rwmap = 
1430                         (struct ldaprwmap *)on->on_bi.bi_private;
1431
1432 #ifdef ENABLE_REWRITE
1433                 if (rwmap->rwm_rw) {
1434                         rewrite_info_delete( &rwmap->rwm_rw );
1435                 }
1436 #else /* !ENABLE_REWRITE */
1437                 if ( rwmap->rwm_suffix_massage ) {
1438                         ber_bvarray_free( rwmap->rwm_suffix_massage );
1439                 }
1440 #endif /* !ENABLE_REWRITE */
1441
1442                 avl_free( rwmap->rwm_oc.remap, NULL );
1443                 avl_free( rwmap->rwm_oc.map, rwm_mapping_free );
1444                 avl_free( rwmap->rwm_at.remap, NULL );
1445                 avl_free( rwmap->rwm_at.map, rwm_mapping_free );
1446         }
1447
1448         return rc;
1449 }
1450
1451 static slap_overinst rwm = { { NULL } };
1452
1453 int
1454 rwm_init(void)
1455 {
1456         memset( &rwm, 0, sizeof( slap_overinst ) );
1457
1458         rwm.on_bi.bi_type = "rwm";
1459
1460         rwm.on_bi.bi_db_init = rwm_db_init;
1461         rwm.on_bi.bi_db_config = rwm_db_config;
1462         rwm.on_bi.bi_db_destroy = rwm_db_destroy;
1463
1464         rwm.on_bi.bi_op_bind = rwm_op_bind;
1465         rwm.on_bi.bi_op_search = rwm_op_search;
1466         rwm.on_bi.bi_op_compare = rwm_op_compare;
1467         rwm.on_bi.bi_op_modify = rwm_op_modify;
1468         rwm.on_bi.bi_op_modrdn = rwm_op_modrdn;
1469         rwm.on_bi.bi_op_add = rwm_op_add;
1470         rwm.on_bi.bi_op_delete = rwm_op_delete;
1471         rwm.on_bi.bi_op_unbind = rwm_op_unbind;
1472         rwm.on_bi.bi_extended = rwm_extended;
1473
1474         rwm.on_bi.bi_operational = rwm_operational;
1475         rwm.on_bi.bi_chk_referrals = 0 /* rwm_chk_referrals */ ;
1476
1477         rwm.on_response = rwm_response;
1478
1479         return overlay_register( &rwm );
1480 }
1481
1482 #if SLAPD_OVER_RWM == SLAPD_MOD_DYNAMIC
1483 int
1484 init_module( int argc, char *argv[] )
1485 {
1486         return rwm_init();
1487 }
1488 #endif /* SLAPD_OVER_RWM == SLAPD_MOD_DYNAMIC */
1489
1490 #endif /* SLAPD_OVER_RWM */