1 /* rwm.c - rewrite/remap operations */
3 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
5 * Copyright 2003-2005 The OpenLDAP Foundation.
6 * Portions Copyright 2003 Pierangelo Masarati.
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted only as authorized by the OpenLDAP
13 * A copy of this license is available in the file LICENSE in the
14 * top-level directory of the distribution or, alternatively, at
15 * <http://www.OpenLDAP.org/license.html>.
24 #include <ac/string.h>
30 rwm_op_dn_massage( Operation *op, SlapReply *rs, void *cookie )
32 slap_overinst *on = (slap_overinst *) op->o_bd->bd_info;
33 struct ldaprwmap *rwmap =
34 (struct ldaprwmap *)on->on_bi.bi_private;
36 struct berval dn = BER_BVNULL,
42 * Rewrite the dn if needed
48 dc.ctx = (char *)cookie;
49 #else /* ! ENABLE_REWRITE */
50 dc.tofrom = ((int *)cookie)[0];
52 #endif /* ! ENABLE_REWRITE */
54 /* NOTE: in those cases where only the ndn is available,
55 * and the caller sets op->o_req_dn = op->o_req_ndn,
56 * only rewrite the op->o_req_ndn and use it as
57 * op->o_req_dn as well */
59 if ( op->o_req_dn.bv_val != op->o_req_ndn.bv_val ) {
61 rc = rwm_dn_massage_pretty_normalize( &dc, &op->o_req_dn, &dn, &ndn );
63 rc = rwm_dn_massage_normalize( &dc, &op->o_req_ndn, &ndn );
66 if ( rc != LDAP_SUCCESS ) {
70 if ( ( op->o_req_dn.bv_val != op->o_req_ndn.bv_val && dn.bv_val == op->o_req_dn.bv_val )
71 || ndn.bv_val == op->o_req_ndn.bv_val )
76 op->o_tmpfree( op->o_req_ndn.bv_val, op->o_tmpmemctx );
78 if ( op->o_req_dn.bv_val != op->o_req_ndn.bv_val ) {
79 op->o_tmpfree( op->o_req_dn.bv_val, op->o_tmpmemctx );
89 rwm_op_add( Operation *op, SlapReply *rs )
91 slap_overinst *on = (slap_overinst *) op->o_bd->bd_info;
92 struct ldaprwmap *rwmap =
93 (struct ldaprwmap *)on->on_bi.bi_private;
97 Attribute **ap = NULL;
98 char *olddn = op->o_req_dn.bv_val;
101 #ifdef ENABLE_REWRITE
102 rc = rwm_op_dn_massage( op, rs, "addDN" );
103 #else /* ! ENABLE_REWRITE */
105 rc = rwm_op_dn_massage( op, rs, &rc );
106 #endif /* ! ENABLE_REWRITE */
107 if ( rc != LDAP_SUCCESS ) {
108 op->o_bd->bd_info = (BackendInfo *)on->on_info;
109 send_ldap_error( op, rs, rc, "addDN massage error" );
113 if ( olddn != op->o_req_dn.bv_val ) {
114 ch_free( op->ora_e->e_name.bv_val );
115 ch_free( op->ora_e->e_nname.bv_val );
117 ber_dupbv( &op->ora_e->e_name, &op->o_req_dn );
118 ber_dupbv( &op->ora_e->e_nname, &op->o_req_ndn );
121 /* Count number of attributes in entry */
122 isupdate = be_shadow_update( op );
123 for ( i = 0, ap = &op->oq_add.rs_e->e_attrs; *ap; ) {
124 struct berval mapped;
127 if ( (*ap)->a_desc == slap_schema.si_ad_objectClass ||
128 (*ap)->a_desc == slap_schema.si_ad_structuralObjectClass )
132 for ( last = 0; !BER_BVISNULL( &(*ap)->a_vals[ last ] ); last++ )
135 for ( j = 0; !BER_BVISNULL( &(*ap)->a_vals[ j ] ); j++ ) {
136 struct ldapmapping *mapping = NULL;
138 ( void )rwm_mapping( &rwmap->rwm_oc, &(*ap)->a_vals[ j ],
140 if ( mapping == NULL ) {
141 if ( rwmap->rwm_at.drop_missing ) {
142 /* FIXME: we allow to remove objectClasses as well;
143 * if the resulting entry is inconsistent, that's
144 * the relayed database's business...
146 ch_free( (*ap)->a_vals[ j ].bv_val );
148 (*ap)->a_vals[ j ] = (*ap)->a_vals[ last ];
150 BER_BVZERO( &(*ap)->a_vals[ last ] );
156 ch_free( (*ap)->a_vals[ j ].bv_val );
157 ber_dupbv( &(*ap)->a_vals[ j ], &mapping->m_dst );
161 } else if ( !isupdate && (*ap)->a_desc->ad_type->sat_no_user_mod ) {
165 struct ldapmapping *mapping = NULL;
167 ( void )rwm_mapping( &rwmap->rwm_at, &(*ap)->a_desc->ad_cname,
169 if ( mapping == NULL ) {
170 if ( rwmap->rwm_at.drop_missing ) {
175 (*ap)->a_desc = mapping->m_dst_ad;
178 if ( (*ap)->a_desc->ad_type->sat_syntax
179 == slap_schema.si_syn_distinguishedName )
182 * FIXME: rewrite could fail; in this case
183 * the operation should give up, right?
185 #ifdef ENABLE_REWRITE
186 rc = rwm_dnattr_rewrite( op, rs, "addAttrDN",
188 (*ap)->a_nvals ? &(*ap)->a_nvals : NULL );
189 #else /* ! ENABLE_REWRITE */
191 rc = rwm_dnattr_rewrite( op, rs, &rc, (*ap)->a_vals,
192 (*ap)->a_nvals ? &(*ap)->a_nvals : NULL );
193 #endif /* ! ENABLE_REWRITE */
198 } else if ( (*ap)->a_desc == slap_schema.si_ad_ref ) {
199 #ifdef ENABLE_REWRITE
200 rc = rwm_referral_rewrite( op, rs, "referralAttrDN",
202 (*ap)->a_nvals ? &(*ap)->a_nvals : NULL );
203 #else /* ! ENABLE_REWRITE */
205 rc = rwm_referral_rewrite( op, rs, &rc, (*ap)->a_vals,
206 (*ap)->a_nvals ? &(*ap)->a_nvals : NULL );
207 #endif /* ! ENABLE_REWRITE */
208 if ( rc != LDAP_SUCCESS ) {
219 /* FIXME: leaking attribute/values? */
226 /* TODO: map attribute types, values of DN-valued attributes ... */
227 return SLAP_CB_CONTINUE;
231 rwm_op_bind( Operation *op, SlapReply *rs )
233 slap_overinst *on = (slap_overinst *) op->o_bd->bd_info;
234 struct ldaprwmap *rwmap =
235 (struct ldaprwmap *)on->on_bi.bi_private;
238 #ifdef ENABLE_REWRITE
239 ( void )rewrite_session_delete( rwmap->rwm_rw, op->o_conn );
240 ( void )rewrite_session_init( rwmap->rwm_rw, op->o_conn );
242 rc = rwm_op_dn_massage( op, rs, "bindDN" );
243 #else /* ! ENABLE_REWRITE */
245 rc = rwm_op_dn_massage( op, rs, &rc );
246 #endif /* ! ENABLE_REWRITE */
247 if ( rc != LDAP_SUCCESS ) {
248 op->o_bd->bd_info = (BackendInfo *)on->on_info;
249 send_ldap_error( op, rs, rc, "bindDN massage error" );
253 return SLAP_CB_CONTINUE;
257 rwm_op_unbind( Operation *op, SlapReply *rs )
259 slap_overinst *on = (slap_overinst *) op->o_bd->bd_info;
260 struct ldaprwmap *rwmap =
261 (struct ldaprwmap *)on->on_bi.bi_private;
263 #ifdef ENABLE_REWRITE
264 rewrite_session_delete( rwmap->rwm_rw, op->o_conn );
265 #endif /* ENABLE_REWRITE */
267 return SLAP_CB_CONTINUE;
271 rwm_op_compare( Operation *op, SlapReply *rs )
273 slap_overinst *on = (slap_overinst *) op->o_bd->bd_info;
274 struct ldaprwmap *rwmap =
275 (struct ldaprwmap *)on->on_bi.bi_private;
278 struct berval mapped_at = BER_BVNULL,
279 mapped_vals[2] = { BER_BVNULL, BER_BVNULL };
281 #ifdef ENABLE_REWRITE
282 rc = rwm_op_dn_massage( op, rs, "compareDN" );
283 #else /* ! ENABLE_REWRITE */
285 rc = rwm_op_dn_massage( op, rs, &rc );
286 #endif /* ! ENABLE_REWRITE */
287 if ( rc != LDAP_SUCCESS ) {
288 op->o_bd->bd_info = (BackendInfo *)on->on_info;
289 send_ldap_error( op, rs, rc, "compareDN massage error" );
293 /* if the attribute is an objectClass, try to remap its value */
294 if ( op->orc_ava->aa_desc == slap_schema.si_ad_objectClass
295 || op->orc_ava->aa_desc == slap_schema.si_ad_structuralObjectClass )
297 rwm_map( &rwmap->rwm_oc, &op->orc_ava->aa_value,
298 &mapped_vals[0], RWM_MAP );
299 if ( BER_BVISNULL( &mapped_vals[0] ) || BER_BVISEMPTY( &mapped_vals[0] ) )
301 op->o_bd->bd_info = (BackendInfo *)on->on_info;
302 send_ldap_error( op, rs, LDAP_OTHER, "compare objectClass map error" );
305 } else if ( mapped_vals[0].bv_val != op->orc_ava->aa_value.bv_val ) {
306 free( op->orc_ava->aa_value.bv_val );
307 op->orc_ava->aa_value = mapped_vals[0];
309 mapped_at = op->orc_ava->aa_desc->ad_cname;
312 struct ldapmapping *mapping = NULL;
313 AttributeDescription *ad = op->orc_ava->aa_desc;
315 ( void )rwm_mapping( &rwmap->rwm_at, &op->orc_ava->aa_desc->ad_cname,
317 if ( mapping == NULL ) {
318 if ( rwmap->rwm_at.drop_missing ) {
319 op->o_bd->bd_info = (BackendInfo *)on->on_info;
320 send_ldap_error( op, rs, LDAP_OTHER, "compare attributeType map error" );
325 ad = mapping->m_dst_ad;
328 if ( op->orc_ava->aa_desc->ad_type->sat_syntax == slap_schema.si_syn_distinguishedName )
330 struct berval *mapped_valsp[2];
332 mapped_valsp[0] = &mapped_vals[0];
333 mapped_valsp[1] = &mapped_vals[1];
335 mapped_vals[0] = op->orc_ava->aa_value;
337 #ifdef ENABLE_REWRITE
338 rc = rwm_dnattr_rewrite( op, rs, "compareAttrDN", NULL, mapped_valsp );
339 #else /* ! ENABLE_REWRITE */
341 rc = rwm_dnattr_rewrite( op, rs, &rc, NULL, mapped_valsp );
342 #endif /* ! ENABLE_REWRITE */
344 if ( rc != LDAP_SUCCESS ) {
345 op->o_bd->bd_info = (BackendInfo *)on->on_info;
346 send_ldap_error( op, rs, rc, "compareAttrDN massage error" );
350 op->orc_ava->aa_value = mapped_vals[0];
352 op->orc_ava->aa_desc = ad;
355 return SLAP_CB_CONTINUE;
359 rwm_op_delete( Operation *op, SlapReply *rs )
361 slap_overinst *on = (slap_overinst *) op->o_bd->bd_info;
364 #ifdef ENABLE_REWRITE
365 rc = rwm_op_dn_massage( op, rs, "deleteDN" );
366 #else /* ! ENABLE_REWRITE */
368 rc = rwm_op_dn_massage( op, rs, &rc );
369 #endif /* ! ENABLE_REWRITE */
370 if ( rc != LDAP_SUCCESS ) {
371 op->o_bd->bd_info = (BackendInfo *)on->on_info;
372 send_ldap_error( op, rs, rc, "deleteDN massage error" );
376 return SLAP_CB_CONTINUE;
380 rwm_op_modify( Operation *op, SlapReply *rs )
382 slap_overinst *on = (slap_overinst *) op->o_bd->bd_info;
383 struct ldaprwmap *rwmap =
384 (struct ldaprwmap *)on->on_bi.bi_private;
390 #ifdef ENABLE_REWRITE
391 rc = rwm_op_dn_massage( op, rs, "modifyDN" );
392 #else /* ! ENABLE_REWRITE */
394 rc = rwm_op_dn_massage( op, rs, &rc );
395 #endif /* ! ENABLE_REWRITE */
396 if ( rc != LDAP_SUCCESS ) {
397 op->o_bd->bd_info = (BackendInfo *)on->on_info;
398 send_ldap_error( op, rs, rc, "modifyDN massage error" );
402 isupdate = be_shadow_update( op );
403 for ( mlp = &op->oq_modify.rs_modlist; *mlp; ) {
407 if ( (*mlp)->sml_desc == slap_schema.si_ad_objectClass
408 || (*mlp)->sml_desc == slap_schema.si_ad_structuralObjectClass )
412 } else if ( !isupdate && (*mlp)->sml_desc->ad_type->sat_no_user_mod ) {
416 struct ldapmapping *m;
419 drop_missing = rwm_mapping( &rwmap->rwm_at, &(*mlp)->sml_desc->ad_cname, &m, RWM_MAP );
420 if ( drop_missing || ( m != NULL && BER_BVISNULL( &m->m_dst ) ) )
426 /* use new attribute description */
427 assert( m->m_dst_ad );
428 (*mlp)->sml_desc = m->m_dst_ad;
432 if ( (*mlp)->sml_values != NULL ) {
436 for ( last = 0; !BER_BVISNULL( &(*mlp)->sml_values[ last ] ); last++ )
440 for ( j = 0; !BER_BVISNULL( &(*mlp)->sml_values[ j ] ); j++ ) {
441 struct ldapmapping *mapping = NULL;
443 ( void )rwm_mapping( &rwmap->rwm_oc, &(*mlp)->sml_values[ j ],
445 if ( mapping == NULL ) {
446 if ( rwmap->rwm_at.drop_missing ) {
447 /* FIXME: we allow to remove objectClasses as well;
448 * if the resulting entry is inconsistent, that's
449 * the relayed database's business...
451 ch_free( (*mlp)->sml_values[ j ].bv_val );
453 (*mlp)->sml_values[ j ] = (*mlp)->sml_values[ last ];
455 BER_BVZERO( &(*mlp)->sml_values[ last ] );
461 ch_free( (*mlp)->sml_values[ j ].bv_val );
462 ber_dupbv( &(*mlp)->sml_values[ j ], &mapping->m_dst );
467 if ( (*mlp)->sml_desc->ad_type->sat_syntax ==
468 slap_schema.si_syn_distinguishedName )
470 #ifdef ENABLE_REWRITE
471 rc = rwm_dnattr_rewrite( op, rs, "modifyAttrDN",
473 (*mlp)->sml_nvalues ? &(*mlp)->sml_nvalues : NULL );
474 #else /* ! ENABLE_REWRITE */
476 rc = rwm_dnattr_rewrite( op, rs, &rc,
478 (*mlp)->sml_nvalues ? &(*mlp)->sml_nvalues : NULL );
479 #endif /* ! ENABLE_REWRITE */
481 } else if ( (*mlp)->sml_desc == slap_schema.si_ad_ref ) {
482 #ifdef ENABLE_REWRITE
483 rc = rwm_referral_rewrite( op, rs,
486 (*mlp)->sml_nvalues ? &(*mlp)->sml_nvalues : NULL );
487 #else /* ! ENABLE_REWRITE */
489 rc = rwm_referral_rewrite( op, rs, &rc,
491 (*mlp)->sml_nvalues ? &(*mlp)->sml_nvalues : NULL );
492 #endif /* ! ENABLE_REWRITE */
493 if ( rc != LDAP_SUCCESS ) {
498 if ( rc != LDAP_SUCCESS ) {
505 mlp = &(*mlp)->sml_next;
510 *mlp = (*mlp)->sml_next;
511 slap_mod_free( &ml->sml_mod, 0 );
515 /* TODO: rewrite attribute types, values of DN-valued attributes ... */
516 return SLAP_CB_CONTINUE;
520 rwm_op_modrdn( Operation *op, SlapReply *rs )
522 slap_overinst *on = (slap_overinst *) op->o_bd->bd_info;
523 struct ldaprwmap *rwmap =
524 (struct ldaprwmap *)on->on_bi.bi_private;
528 if ( op->orr_newSup ) {
530 struct berval nnewSup = BER_BVNULL;
531 struct berval newSup = BER_BVNULL;
534 * Rewrite the new superior, if defined and required
537 #ifdef ENABLE_REWRITE
538 dc.conn = op->o_conn;
540 dc.ctx = "newSuperiorDN";
541 #else /* ! ENABLE_REWRITE */
544 #endif /* ! ENABLE_REWRITE */
545 newSup = *op->orr_newSup;
546 nnewSup = *op->orr_nnewSup;
547 rc = rwm_dn_massage_pretty_normalize( &dc, op->orr_newSup, &newSup, &nnewSup );
548 if ( rc != LDAP_SUCCESS ) {
549 op->o_bd->bd_info = (BackendInfo *)on->on_info;
550 send_ldap_error( op, rs, rc, "newSuperiorDN massage error" );
554 if ( op->orr_newSup->bv_val != newSup.bv_val ) {
555 op->o_tmpfree( op->orr_newSup->bv_val, op->o_tmpmemctx );
556 op->o_tmpfree( op->orr_nnewSup->bv_val, op->o_tmpmemctx );
557 *op->orr_newSup = newSup;
558 *op->orr_nnewSup = nnewSup;
563 * Rewrite the dn, if needed
565 #ifdef ENABLE_REWRITE
566 rc = rwm_op_dn_massage( op, rs, "renameDN" );
567 #else /* ! ENABLE_REWRITE */
569 rc = rwm_op_dn_massage( op, rs, &rc );
570 #endif /* ! ENABLE_REWRITE */
571 if ( rc != LDAP_SUCCESS ) {
572 op->o_bd->bd_info = (BackendInfo *)on->on_info;
573 send_ldap_error( op, rs, rc, "renameDN massage error" );
577 /* TODO: rewrite newRDN, attribute types,
578 * values of DN-valued attributes ... */
579 return SLAP_CB_CONTINUE;
583 rwm_swap_attrs( Operation *op, SlapReply *rs )
585 slap_callback *cb = op->o_callback;
586 AttributeName *an = (AttributeName *)cb->sc_private;
590 return SLAP_CB_CONTINUE;
593 static int rwm_freeself( Operation *op, SlapReply *rs )
595 if ( op->o_tag == LDAP_REQ_SEARCH && rs->sr_type == REP_RESULT ) {
596 assert( op->o_callback );
598 op->o_tmpfree( op->o_callback, op->o_tmpmemctx );
599 op->o_callback = NULL;
602 return SLAP_CB_CONTINUE;
606 rwm_op_search( Operation *op, SlapReply *rs )
608 slap_overinst *on = (slap_overinst *) op->o_bd->bd_info;
609 struct ldaprwmap *rwmap =
610 (struct ldaprwmap *)on->on_bi.bi_private;
615 struct berval fstr = BER_BVNULL;
619 AttributeName *an = NULL;
623 #ifdef ENABLE_REWRITE
624 rc = rwm_op_dn_massage( op, rs, "searchDN" );
625 #else /* ! ENABLE_REWRITE */
627 rc = rwm_op_dn_massage( op, rs, &rc );
628 #endif /* ! ENABLE_REWRITE */
629 if ( rc != LDAP_SUCCESS ) {
630 text = "searchDN massage error";
635 * Rewrite the dn if needed
638 #ifdef ENABLE_REWRITE
639 dc.conn = op->o_conn;
641 dc.ctx = "searchFilterAttrDN";
642 #else /* ! ENABLE_REWRITE */
645 #endif /* ! ENABLE_REWRITE */
647 rc = rwm_filter_map_rewrite( &dc, op->ors_filter, &fstr );
648 if ( rc != LDAP_SUCCESS ) {
649 text = "searchFilter/searchFilterAttrDN massage error";
653 f = str2filter_x( op, fstr.bv_val );
656 text = "massaged filter parse error";
660 if ( !BER_BVISNULL( &op->ors_filterstr ) ) {
661 ch_free( op->ors_filterstr.bv_val );
664 if( op->ors_filter ) {
665 filter_free_x( op, op->ors_filter );
669 op->ors_filterstr = fstr;
671 rc = rwm_map_attrnames( &rwmap->rwm_at, &rwmap->rwm_oc,
672 op->ors_attrs, &an, RWM_MAP );
673 if ( rc != LDAP_SUCCESS ) {
674 text = "attribute list mapping error";
678 cb = (slap_callback *) op->o_tmpcalloc( sizeof( slap_callback ),
679 1, op->o_tmpmemctx );
685 cb->sc_response = rwm_swap_attrs;
686 cb->sc_cleanup = rwm_freeself;
687 cb->sc_private = (void *)op->ors_attrs;
688 cb->sc_next = op->o_callback;
693 return SLAP_CB_CONTINUE;
701 filter_free_x( op, f );
704 if ( !BER_BVISNULL( &fstr ) ) {
705 ch_free( fstr.bv_val );
708 op->o_bd->bd_info = (BackendInfo *)on->on_info;
709 send_ldap_error( op, rs, rc, text );
716 rwm_extended( Operation *op, SlapReply *rs )
718 slap_overinst *on = (slap_overinst *) op->o_bd->bd_info;
721 #ifdef ENABLE_REWRITE
722 rc = rwm_op_dn_massage( op, rs, "extendedDN" );
723 #else /* ! ENABLE_REWRITE */
725 rc = rwm_op_dn_massage( op, rs, &rc );
726 #endif /* ! ENABLE_REWRITE */
727 if ( rc != LDAP_SUCCESS ) {
728 op->o_bd->bd_info = (BackendInfo *)on->on_info;
729 send_ldap_error( op, rs, rc, "extendedDN massage error" );
733 /* TODO: rewrite/map extended data ? ... */
734 return SLAP_CB_CONTINUE;
738 rwm_matched( Operation *op, SlapReply *rs )
740 slap_overinst *on = (slap_overinst *) op->o_bd->bd_info;
741 struct ldaprwmap *rwmap =
742 (struct ldaprwmap *)on->on_bi.bi_private;
744 struct berval dn, mdn;
748 if ( rs->sr_matched == NULL ) {
749 return SLAP_CB_CONTINUE;
753 #ifdef ENABLE_REWRITE
754 dc.conn = op->o_conn;
756 dc.ctx = "matchedDN";
757 #else /* ! ENABLE_REWRITE */
760 #endif /* ! ENABLE_REWRITE */
761 ber_str2bv( rs->sr_matched, 0, 0, &dn );
763 rc = rwm_dn_massage_pretty( &dc, &dn, &mdn );
764 if ( rc != LDAP_SUCCESS ) {
766 rs->sr_text = "Rewrite error";
770 if ( mdn.bv_val != dn.bv_val ) {
771 if ( rs->sr_flags & REP_MATCHED_MUSTBEFREED ) {
772 ch_free( (void *)rs->sr_matched );
775 rs->sr_flags |= REP_MATCHED_MUSTBEFREED;
777 rs->sr_matched = mdn.bv_val;
780 return SLAP_CB_CONTINUE;
784 rwm_attrs( Operation *op, SlapReply *rs, Attribute** a_first )
786 slap_overinst *on = (slap_overinst *) op->o_bd->bd_info;
787 struct ldaprwmap *rwmap =
788 (struct ldaprwmap *)on->on_bi.bi_private;
796 * Rewrite the dn attrs, if needed
799 #ifdef ENABLE_REWRITE
800 dc.conn = op->o_conn;
802 #else /* ! ENABLE_REWRITE */
805 #endif /* ! ENABLE_REWRITE */
807 /* FIXME: the entries are in the remote mapping form;
808 * so we need to select those attributes we are willing
809 * to return, and remap them accordingly */
811 /* FIXME: in principle, one could map an attribute
812 * on top of another, which already exists.
813 * As such, in the end there might exist more than
814 * one instance of an attribute.
815 * We should at least check if this occurs, and issue
816 * an error (because multiple instances of attrs in
817 * response are not valid), or merge the values (what
818 * about duplicate values?) */
819 isupdate = be_shadow_update( op );
820 for ( ap = a_first; *ap; ) {
821 struct ldapmapping *m;
826 if ( SLAP_OPATTRS( rs->sr_attr_flags ) && is_at_operational( (*ap)->a_desc->ad_type ) )
830 } else if ( op->ors_attrs != NULL &&
831 !SLAP_USERATTRS( rs->sr_attr_flags ) &&
832 !ad_inlist( (*ap)->a_desc, op->ors_attrs ) )
837 if ( !isupdate && (*ap)->a_desc->ad_type->sat_no_user_mod
838 && (*ap)->a_desc->ad_type != slap_schema.si_at_undefined )
843 drop_missing = rwm_mapping( &rwmap->rwm_at,
844 &(*ap)->a_desc->ad_cname, &m, RWM_REMAP );
845 if ( drop_missing || ( m != NULL && BER_BVISEMPTY( &m->m_dst ) ) ) {
849 for ( last = 0; !BER_BVISNULL( &(*ap)->a_vals[last] ); last++ )
853 /* empty? for now, we leave it in place */
858 if ( (*ap)->a_desc == slap_schema.si_ad_objectClass
859 || (*ap)->a_desc == slap_schema.si_ad_structuralObjectClass )
863 for ( bv = (*ap)->a_vals; !BER_BVISNULL( bv ); bv++ ) {
864 struct berval mapped;
866 rwm_map( &rwmap->rwm_oc, &bv[0], &mapped, RWM_REMAP );
867 if ( BER_BVISNULL( &mapped ) || BER_BVISEMPTY( &mapped ) ) {
868 ch_free( bv[0].bv_val );
869 BER_BVZERO( &bv[0] );
870 if ( &(*ap)->a_vals[last] > &bv[0] ) {
871 bv[0] = (*ap)->a_vals[last];
872 BER_BVZERO( &(*ap)->a_vals[last] );
877 } else if ( mapped.bv_val != bv[0].bv_val ) {
879 * FIXME: after LBER_FREEing
880 * the value is replaced by
883 ch_free( bv[0].bv_val );
884 ber_dupbv( &bv[0], &mapped );
889 * It is necessary to try to rewrite attributes with
890 * dn syntax because they might be used in ACLs as
891 * members of groups; since ACLs are applied to the
892 * rewritten stuff, no dn-based subject clause could
893 * be used at the ldap backend side (see
894 * http://www.OpenLDAP.org/faq/data/cache/452.html)
895 * The problem can be overcome by moving the dn-based
896 * ACLs to the target directory server, and letting
897 * everything pass thru the ldap backend. */
898 /* FIXME: handle distinguishedName-like syntaxes, like
899 * nameAndOptionalUID */
900 } else if ( (*ap)->a_desc->ad_type->sat_syntax ==
901 slap_schema.si_syn_distinguishedName )
903 #ifdef ENABLE_REWRITE
904 dc.ctx = "searchAttrDN";
905 #endif /* ENABLE_REWRITE */
906 rc = rwm_dnattr_result_rewrite( &dc, (*ap)->a_vals );
907 if ( rc != LDAP_SUCCESS ) {
911 } else if ( (*ap)->a_desc == slap_schema.si_ad_ref ) {
912 #ifdef ENABLE_REWRITE
913 dc.ctx = "searchAttrDN";
914 #endif /* ENABLE_REWRITE */
915 rc = rwm_referral_result_rewrite( &dc, (*ap)->a_vals );
916 if ( rc != LDAP_SUCCESS ) {
922 /* rewrite the attribute description */
923 assert( m->m_dst_ad );
924 (*ap)->a_desc = m->m_dst_ad;
942 rwm_send_entry( Operation *op, SlapReply *rs )
944 slap_overinst *on = (slap_overinst *) op->o_bd->bd_info;
945 struct ldaprwmap *rwmap =
946 (struct ldaprwmap *)on->on_bi.bi_private;
950 struct berval dn = BER_BVNULL,
955 assert( rs->sr_entry );
958 * Rewrite the dn of the result, if needed
961 #ifdef ENABLE_REWRITE
962 dc.conn = op->o_conn;
964 dc.ctx = "searchEntryDN";
965 #else /* ! ENABLE_REWRITE */
968 #endif /* ! ENABLE_REWRITE */
971 flags = rs->sr_flags;
972 if ( !( rs->sr_flags & REP_ENTRY_MODIFIABLE ) ) {
973 /* FIXME: all we need to duplicate are:
976 * - attributes that are requested
977 * - no values if attrsonly is set
986 flags |= ( REP_ENTRY_MODIFIABLE | REP_ENTRY_MUSTBEFREED );
990 * Note: this may fail if the target host(s) schema differs
991 * from the one known to the meta, and a DN with unknown
992 * attributes is returned.
996 rc = rwm_dn_massage_pretty_normalize( &dc, &e->e_name, &dn, &ndn );
997 if ( rc != LDAP_SUCCESS ) {
1002 if ( e->e_name.bv_val != dn.bv_val ) {
1003 ch_free( e->e_name.bv_val );
1004 ch_free( e->e_nname.bv_val );
1010 /* TODO: map entry attribute types, objectclasses
1011 * and dn-valued attribute values */
1013 /* FIXME: the entries are in the remote mapping form;
1014 * so we need to select those attributes we are willing
1015 * to return, and remap them accordingly */
1016 (void)rwm_attrs( op, rs, &e->e_attrs );
1019 rs->sr_flags = flags;
1021 return SLAP_CB_CONTINUE;
1024 if ( !BER_BVISNULL( &dn ) ) {
1025 ch_free( dn.bv_val );
1028 if ( !BER_BVISNULL( &ndn ) ) {
1029 ch_free( ndn.bv_val );
1032 if ( e != NULL && e != rs->sr_entry ) {
1040 rwm_operational( Operation *op, SlapReply *rs )
1042 /* FIXME: the entries are in the remote mapping form;
1043 * so we need to select those attributes we are willing
1044 * to return, and remap them accordingly */
1045 if ( rs->sr_operational_attrs ) {
1046 rwm_attrs( op, rs, &rs->sr_operational_attrs );
1049 return SLAP_CB_CONTINUE;
1053 /* don't use this; it cannot be reverted, and leaves op->o_req_dn
1054 * rewritten for subsequent operations; fine for plain suffixmassage,
1055 * but destroys everything else */
1057 rwm_chk_referrals( Operation *op, SlapReply *rs )
1059 slap_overinst *on = (slap_overinst *) op->o_bd->bd_info;
1062 #ifdef ENABLE_REWRITE
1063 rc = rwm_op_dn_massage( op, rs, "referralCheckDN" );
1064 #else /* ! ENABLE_REWRITE */
1066 rc = rwm_op_dn_massage( op, rs, &rc );
1067 #endif /* ! ENABLE_REWRITE */
1068 if ( rc != LDAP_SUCCESS ) {
1069 op->o_bd->bd_info = (BackendInfo *)on->on_info;
1070 send_ldap_error( op, rs, rc, "referralCheckDN massage error" );
1074 return SLAP_CB_CONTINUE;
1087 #ifdef ENABLE_REWRITE
1088 slap_overinst *on = (slap_overinst *) be->bd_info;
1089 struct ldaprwmap *rwmap =
1090 (struct ldaprwmap *)on->on_bi.bi_private;
1092 return rewrite_parse( rwmap->rwm_rw,
1093 fname, lineno, argc, argv );
1095 #else /* !ENABLE_REWRITE */
1096 fprintf( stderr, "%s: line %d: rewrite capabilities "
1097 "are not enabled\n", fname, lineno );
1098 #endif /* !ENABLE_REWRITE */
1104 rwm_suffixmassage_config(
1112 slap_overinst *on = (slap_overinst *) be->bd_info;
1113 struct ldaprwmap *rwmap =
1114 (struct ldaprwmap *)on->on_bi.bi_private;
1116 struct berval bvnc, nvnc, pvnc, brnc, nrnc, prnc;
1118 #ifdef ENABLE_REWRITE
1120 #endif /* ENABLE_REWRITE */
1125 * suffixmassage [<suffix>] <massaged suffix>
1127 * the [<suffix>] field must be defined as a valid suffix
1128 * for the current database;
1129 * the <massaged suffix> shouldn't have already been
1130 * defined as a valid suffix for the current server
1133 if ( be->be_suffix == NULL ) {
1134 fprintf( stderr, "%s: line %d: "
1135 " \"suffixMassage [<suffix>]"
1136 " <massaged suffix>\" without "
1137 "<suffix> part requires database "
1138 "suffix be defined first.\n",
1142 bvnc = be->be_suffix[ 0 ];
1145 } else if ( argc == 3 ) {
1146 ber_str2bv( argv[ 1 ], 0, 0, &bvnc );
1150 fprintf( stderr, "%s: line %d: syntax is"
1151 " \"suffixMassage [<suffix>]"
1152 " <massaged suffix>\"\n",
1157 if ( dnPrettyNormal( NULL, &bvnc, &pvnc, &nvnc, NULL ) != LDAP_SUCCESS ) {
1158 fprintf( stderr, "%s: line %d: suffix DN %s is invalid\n",
1159 fname, lineno, bvnc.bv_val );
1163 ber_str2bv( argv[ massaged ], 0, 0, &brnc );
1164 if ( dnPrettyNormal( NULL, &brnc, &prnc, &nrnc, NULL ) != LDAP_SUCCESS ) {
1165 fprintf( stderr, "%s: line %d: suffix DN %s is invalid\n",
1166 fname, lineno, brnc.bv_val );
1167 free( nvnc.bv_val );
1168 free( pvnc.bv_val );
1172 #ifdef ENABLE_REWRITE
1174 * The suffix massaging is emulated
1175 * by means of the rewrite capabilities
1177 rc = rwm_suffix_massage_config( rwmap->rwm_rw,
1178 &pvnc, &nvnc, &prnc, &nrnc );
1179 free( nvnc.bv_val );
1180 free( pvnc.bv_val );
1181 free( nrnc.bv_val );
1182 free( prnc.bv_val );
1186 #else /* !ENABLE_REWRITE */
1187 ber_bvarray_add( &rwmap->rwm_suffix_massage, &pvnc );
1188 ber_bvarray_add( &rwmap->rwm_suffix_massage, &nvnc );
1190 ber_bvarray_add( &rwmap->rwm_suffix_massage, &prnc );
1191 ber_bvarray_add( &rwmap->rwm_suffix_massage, &nrnc );
1192 #endif /* !ENABLE_REWRITE */
1206 slap_overinst *on = (slap_overinst *) be->bd_info;
1207 struct ldaprwmap *rwmap =
1208 (struct ldaprwmap *)on->on_bi.bi_private;
1210 /* objectclass/attribute mapping */
1211 return rwm_map_config( &rwmap->rwm_oc,
1213 fname, lineno, argc, argv );
1217 rwm_response( Operation *op, SlapReply *rs )
1219 slap_overinst *on = (slap_overinst *)op->o_bd->bd_info;
1220 struct ldaprwmap *rwmap =
1221 (struct ldaprwmap *)on->on_bi.bi_private;
1225 if ( op->o_tag == LDAP_REQ_SEARCH && rs->sr_type == REP_SEARCH ) {
1226 return rwm_send_entry( op, rs );
1229 switch( op->o_tag ) {
1230 case LDAP_REQ_SEARCH:
1231 /* Note: the operation attrs are remapped */
1232 if ( op->ors_attrs != NULL && op->ors_attrs != rs->sr_attrs )
1234 ch_free( op->ors_attrs );
1235 op->ors_attrs = rs->sr_attrs;
1241 case LDAP_REQ_DELETE:
1242 case LDAP_REQ_MODRDN:
1243 case LDAP_REQ_MODIFY:
1244 case LDAP_REQ_COMPARE:
1245 case LDAP_REQ_EXTENDED:
1250 * Rewrite the dn of the referrals, if needed
1253 #ifdef ENABLE_REWRITE
1254 dc.conn = op->o_conn;
1256 dc.ctx = "referralDN";
1257 #else /* ! ENABLE_REWRITE */
1260 #endif /* ! ENABLE_REWRITE */
1261 rc = rwm_referral_result_rewrite( &dc, rs->sr_ref );
1262 if ( rc != LDAP_SUCCESS ) {
1267 rc = rwm_matched( op, rs );
1271 rc = SLAP_CB_CONTINUE;
1290 if ( strncasecmp( argv[ 0 ], "rwm-", STRLENOF( "rwm-" ) ) == 0 ) {
1292 argv[ 0 ] = &argv0[ STRLENOF( "rwm-" ) ];
1295 if ( strncasecmp( argv[0], "rewrite", STRLENOF("rewrite") ) == 0 ) {
1296 rc = rwm_rw_config( be, fname, lineno, argc, argv );
1298 } else if ( strcasecmp( argv[0], "map" ) == 0 ) {
1299 rc = rwm_m_config( be, fname, lineno, argc, argv );
1301 } else if ( strcasecmp( argv[0], "suffixmassage" ) == 0 ) {
1302 rc = rwm_suffixmassage_config( be, fname, lineno, argc, argv );
1305 rc = SLAP_CONF_UNKNOWN;
1320 slap_overinst *on = (slap_overinst *) be->bd_info;
1321 struct ldapmapping *mapping = NULL;
1322 struct ldaprwmap *rwmap;
1324 rwmap = (struct ldaprwmap *)ch_malloc(sizeof(struct ldaprwmap));
1325 memset(rwmap, 0, sizeof(struct ldaprwmap));
1327 #ifdef ENABLE_REWRITE
1328 rwmap->rwm_rw = rewrite_info_init( REWRITE_MODE_USE_DEFAULT );
1329 if ( rwmap->rwm_rw == NULL ) {
1337 /* this rewriteContext by default must be null;
1338 * rules can be added if required */
1339 rargv[ 0 ] = "rewriteContext";
1340 rargv[ 1 ] = "searchFilter";
1342 rewrite_parse( rwmap->rwm_rw, "<suffix massage>", 1, 2, rargv );
1344 rargv[ 0 ] = "rewriteContext";
1345 rargv[ 1 ] = "default";
1347 rewrite_parse( rwmap->rwm_rw, "<suffix massage>", 2, 2, rargv );
1350 #endif /* ENABLE_REWRITE */
1352 if ( rwm_map_init( &rwmap->rwm_oc, &mapping ) != LDAP_SUCCESS ||
1353 rwm_map_init( &rwmap->rwm_at, &mapping ) != LDAP_SUCCESS )
1358 on->on_bi.bi_private = (void *)rwmap;
1368 slap_overinst *on = (slap_overinst *) be->bd_info;
1371 if ( on->on_bi.bi_private ) {
1372 struct ldaprwmap *rwmap =
1373 (struct ldaprwmap *)on->on_bi.bi_private;
1375 #ifdef ENABLE_REWRITE
1376 if (rwmap->rwm_rw) {
1377 rewrite_info_delete( &rwmap->rwm_rw );
1379 #else /* !ENABLE_REWRITE */
1380 if ( rwmap->rwm_suffix_massage ) {
1381 ber_bvarray_free( rwmap->rwm_suffix_massage );
1383 #endif /* !ENABLE_REWRITE */
1385 avl_free( rwmap->rwm_oc.remap, NULL );
1386 avl_free( rwmap->rwm_oc.map, rwm_mapping_free );
1387 avl_free( rwmap->rwm_at.remap, NULL );
1388 avl_free( rwmap->rwm_at.map, rwm_mapping_free );
1394 static slap_overinst rwm = { { NULL } };
1399 memset( &rwm, 0, sizeof( slap_overinst ) );
1401 rwm.on_bi.bi_type = "rwm";
1403 rwm.on_bi.bi_db_init = rwm_db_init;
1404 rwm.on_bi.bi_db_config = rwm_db_config;
1405 rwm.on_bi.bi_db_destroy = rwm_db_destroy;
1407 rwm.on_bi.bi_op_bind = rwm_op_bind;
1408 rwm.on_bi.bi_op_search = rwm_op_search;
1409 rwm.on_bi.bi_op_compare = rwm_op_compare;
1410 rwm.on_bi.bi_op_modify = rwm_op_modify;
1411 rwm.on_bi.bi_op_modrdn = rwm_op_modrdn;
1412 rwm.on_bi.bi_op_add = rwm_op_add;
1413 rwm.on_bi.bi_op_delete = rwm_op_delete;
1414 rwm.on_bi.bi_op_unbind = rwm_op_unbind;
1415 rwm.on_bi.bi_extended = rwm_extended;
1417 rwm.on_bi.bi_operational = rwm_operational;
1418 rwm.on_bi.bi_chk_referrals = 0 /* rwm_chk_referrals */ ;
1420 rwm.on_response = rwm_response;
1422 return overlay_register( &rwm );
1425 #if SLAPD_OVER_RWM == SLAPD_MOD_DYNAMIC
1427 init_module( int argc, char *argv[] )
1431 #endif /* SLAPD_OVER_RWM == SLAPD_MOD_DYNAMIC */
1433 #endif /* SLAPD_OVER_RWM */