1 /* rwm.c - rewrite/remap operations */
3 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
5 * Copyright 2003-2005 The OpenLDAP Foundation.
6 * Portions Copyright 2003 Pierangelo Masarati.
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted only as authorized by the OpenLDAP
13 * A copy of this license is available in the file LICENSE in the
14 * top-level directory of the distribution or, alternatively, at
15 * <http://www.OpenLDAP.org/license.html>.
24 #include <ac/string.h>
30 rwm_op_dn_massage( Operation *op, SlapReply *rs, void *cookie )
32 slap_overinst *on = (slap_overinst *) op->o_bd->bd_info;
33 struct ldaprwmap *rwmap =
34 (struct ldaprwmap *)on->on_bi.bi_private;
36 struct berval dn = BER_BVNULL,
42 * Rewrite the dn if needed
48 dc.ctx = (char *)cookie;
49 #else /* ! ENABLE_REWRITE */
50 dc.tofrom = ((int *)cookie)[0];
52 #endif /* ! ENABLE_REWRITE */
54 /* NOTE: in those cases where only the ndn is available,
55 * and the caller sets op->o_req_dn = op->o_req_ndn,
56 * only rewrite the op->o_req_ndn and use it as
57 * op->o_req_dn as well */
59 if ( op->o_req_dn.bv_val != op->o_req_ndn.bv_val ) {
61 rc = rwm_dn_massage_pretty_normalize( &dc, &op->o_req_dn, &dn, &ndn );
63 rc = rwm_dn_massage_normalize( &dc, &op->o_req_ndn, &ndn );
66 if ( rc != LDAP_SUCCESS ) {
70 if ( ( op->o_req_dn.bv_val != op->o_req_ndn.bv_val && dn.bv_val == op->o_req_dn.bv_val )
71 || ndn.bv_val == op->o_req_ndn.bv_val )
76 op->o_tmpfree( op->o_req_ndn.bv_val, op->o_tmpmemctx );
78 if ( op->o_req_dn.bv_val != op->o_req_ndn.bv_val ) {
79 op->o_tmpfree( op->o_req_dn.bv_val, op->o_tmpmemctx );
89 rwm_op_add( Operation *op, SlapReply *rs )
91 slap_overinst *on = (slap_overinst *) op->o_bd->bd_info;
92 struct ldaprwmap *rwmap =
93 (struct ldaprwmap *)on->on_bi.bi_private;
97 Attribute **ap = NULL;
98 char *olddn = op->o_req_dn.bv_val;
101 #ifdef ENABLE_REWRITE
102 rc = rwm_op_dn_massage( op, rs, "addDN" );
103 #else /* ! ENABLE_REWRITE */
105 rc = rwm_op_dn_massage( op, rs, &rc );
106 #endif /* ! ENABLE_REWRITE */
107 if ( rc != LDAP_SUCCESS ) {
108 op->o_bd->bd_info = (BackendInfo *)on->on_info;
109 send_ldap_error( op, rs, rc, "addDN massage error" );
113 if ( olddn != op->o_req_dn.bv_val ) {
114 ch_free( op->ora_e->e_name.bv_val );
115 ch_free( op->ora_e->e_nname.bv_val );
117 ber_dupbv( &op->ora_e->e_name, &op->o_req_dn );
118 ber_dupbv( &op->ora_e->e_nname, &op->o_req_ndn );
121 /* Count number of attributes in entry */
122 isupdate = be_shadow_update( op );
123 for ( i = 0, ap = &op->oq_add.rs_e->e_attrs; *ap; ) {
124 struct berval mapped;
127 if ( !isupdate && (*ap)->a_desc->ad_type->sat_no_user_mod ) {
131 rwm_map( &rwmap->rwm_at, &(*ap)->a_desc->ad_cname,
133 if ( BER_BVISNULL( &mapped ) || BER_BVISEMPTY( &mapped ) ) {
137 if ( (*ap)->a_desc->ad_type->sat_syntax
138 == slap_schema.si_syn_distinguishedName )
141 * FIXME: rewrite could fail; in this case
142 * the operation should give up, right?
144 #ifdef ENABLE_REWRITE
145 rc = rwm_dnattr_rewrite( op, rs, "addAttrDN",
147 (*ap)->a_nvals ? &(*ap)->a_nvals : NULL );
148 #else /* ! ENABLE_REWRITE */
150 rc = rwm_dnattr_rewrite( op, rs, &rc, (*ap)->a_vals,
151 (*ap)->a_nvals ? &(*ap)->a_nvals : NULL );
152 #endif /* ! ENABLE_REWRITE */
157 } else if ( (*ap)->a_desc == slap_schema.si_ad_ref ) {
158 #ifdef ENABLE_REWRITE
159 rc = rwm_referral_rewrite( op, rs, "referralAttrDN",
161 (*ap)->a_nvals ? &(*ap)->a_nvals : NULL );
162 #else /* ! ENABLE_REWRITE */
164 rc = rwm_referral_rewrite( op, rs, &rc, (*ap)->a_vals,
165 (*ap)->a_nvals ? &(*ap)->a_nvals : NULL );
166 #endif /* ! ENABLE_REWRITE */
167 if ( rc != LDAP_SUCCESS ) {
178 /* FIXME: leaking attribute/values? */
185 /* TODO: map attribute types, values of DN-valued attributes ... */
186 return SLAP_CB_CONTINUE;
190 rwm_op_bind( Operation *op, SlapReply *rs )
192 slap_overinst *on = (slap_overinst *) op->o_bd->bd_info;
193 struct ldaprwmap *rwmap =
194 (struct ldaprwmap *)on->on_bi.bi_private;
197 #ifdef ENABLE_REWRITE
198 ( void )rewrite_session_delete( rwmap->rwm_rw, op->o_conn );
199 ( void )rewrite_session_init( rwmap->rwm_rw, op->o_conn );
201 rc = rwm_op_dn_massage( op, rs, "bindDN" );
202 #else /* ! ENABLE_REWRITE */
204 rc = rwm_op_dn_massage( op, rs, &rc );
205 #endif /* ! ENABLE_REWRITE */
206 if ( rc != LDAP_SUCCESS ) {
207 op->o_bd->bd_info = (BackendInfo *)on->on_info;
208 send_ldap_error( op, rs, rc, "bindDN massage error" );
212 return SLAP_CB_CONTINUE;
216 rwm_op_unbind( Operation *op, SlapReply *rs )
218 slap_overinst *on = (slap_overinst *) op->o_bd->bd_info;
219 struct ldaprwmap *rwmap =
220 (struct ldaprwmap *)on->on_bi.bi_private;
222 #ifdef ENABLE_REWRITE
223 rewrite_session_delete( rwmap->rwm_rw, op->o_conn );
224 #endif /* ENABLE_REWRITE */
226 return SLAP_CB_CONTINUE;
230 rwm_op_compare( Operation *op, SlapReply *rs )
232 slap_overinst *on = (slap_overinst *) op->o_bd->bd_info;
233 struct ldaprwmap *rwmap =
234 (struct ldaprwmap *)on->on_bi.bi_private;
237 struct berval mapped_at = BER_BVNULL,
238 mapped_vals[2] = { BER_BVNULL, BER_BVNULL };
240 #ifdef ENABLE_REWRITE
241 rc = rwm_op_dn_massage( op, rs, "compareDN" );
242 #else /* ! ENABLE_REWRITE */
244 rc = rwm_op_dn_massage( op, rs, &rc );
245 #endif /* ! ENABLE_REWRITE */
246 if ( rc != LDAP_SUCCESS ) {
247 op->o_bd->bd_info = (BackendInfo *)on->on_info;
248 send_ldap_error( op, rs, rc, "compareDN massage error" );
252 /* if the attribute is an objectClass, try to remap its value */
253 if ( op->orc_ava->aa_desc == slap_schema.si_ad_objectClass
254 || op->orc_ava->aa_desc == slap_schema.si_ad_structuralObjectClass )
256 rwm_map( &rwmap->rwm_oc, &op->orc_ava->aa_value,
257 &mapped_vals[0], RWM_MAP );
258 if ( BER_BVISNULL( &mapped_vals[0] ) || BER_BVISEMPTY( &mapped_vals[0] ) )
260 op->o_bd->bd_info = (BackendInfo *)on->on_info;
261 send_ldap_error( op, rs, LDAP_OTHER, "compare objectClass map error" );
264 } else if ( mapped_vals[0].bv_val != op->orc_ava->aa_value.bv_val ) {
265 free( op->orc_ava->aa_value.bv_val );
266 op->orc_ava->aa_value = mapped_vals[0];
268 mapped_at = op->orc_ava->aa_desc->ad_cname;
271 struct ldapmapping *mapping = NULL;
272 AttributeDescription *ad = op->orc_ava->aa_desc;
274 ( void )rwm_mapping( &rwmap->rwm_at, &op->orc_ava->aa_desc->ad_cname,
276 if ( mapping == NULL ) {
277 if ( rwmap->rwm_at.drop_missing ) {
278 op->o_bd->bd_info = (BackendInfo *)on->on_info;
279 send_ldap_error( op, rs, LDAP_OTHER, "compare attributeType map error" );
284 ad = mapping->m_dst_ad;
287 if ( op->orc_ava->aa_desc->ad_type->sat_syntax == slap_schema.si_syn_distinguishedName )
289 struct berval *mapped_valsp[2];
291 mapped_valsp[0] = &mapped_vals[0];
292 mapped_valsp[1] = &mapped_vals[1];
294 mapped_vals[0] = op->orc_ava->aa_value;
296 #ifdef ENABLE_REWRITE
297 rc = rwm_dnattr_rewrite( op, rs, "compareAttrDN", NULL, mapped_valsp );
298 #else /* ! ENABLE_REWRITE */
300 rc = rwm_dnattr_rewrite( op, rs, &rc, NULL, mapped_valsp );
301 #endif /* ! ENABLE_REWRITE */
303 if ( rc != LDAP_SUCCESS ) {
304 op->o_bd->bd_info = (BackendInfo *)on->on_info;
305 send_ldap_error( op, rs, rc, "compareAttrDN massage error" );
309 op->orc_ava->aa_value = mapped_vals[0];
311 op->orc_ava->aa_desc = ad;
314 return SLAP_CB_CONTINUE;
318 rwm_op_delete( Operation *op, SlapReply *rs )
320 slap_overinst *on = (slap_overinst *) op->o_bd->bd_info;
323 #ifdef ENABLE_REWRITE
324 rc = rwm_op_dn_massage( op, rs, "deleteDN" );
325 #else /* ! ENABLE_REWRITE */
327 rc = rwm_op_dn_massage( op, rs, &rc );
328 #endif /* ! ENABLE_REWRITE */
329 if ( rc != LDAP_SUCCESS ) {
330 op->o_bd->bd_info = (BackendInfo *)on->on_info;
331 send_ldap_error( op, rs, rc, "deleteDN massage error" );
335 return SLAP_CB_CONTINUE;
339 rwm_op_modify( Operation *op, SlapReply *rs )
341 slap_overinst *on = (slap_overinst *) op->o_bd->bd_info;
342 struct ldaprwmap *rwmap =
343 (struct ldaprwmap *)on->on_bi.bi_private;
349 #ifdef ENABLE_REWRITE
350 rc = rwm_op_dn_massage( op, rs, "modifyDN" );
351 #else /* ! ENABLE_REWRITE */
353 rc = rwm_op_dn_massage( op, rs, &rc );
354 #endif /* ! ENABLE_REWRITE */
355 if ( rc != LDAP_SUCCESS ) {
356 op->o_bd->bd_info = (BackendInfo *)on->on_info;
357 send_ldap_error( op, rs, rc, "modifyDN massage error" );
361 isupdate = be_shadow_update( op );
362 for ( mlp = &op->oq_modify.rs_modlist; *mlp; ) {
366 if ( !isupdate && (*mlp)->sml_desc->ad_type->sat_no_user_mod ) {
370 if ( (*mlp)->sml_desc == slap_schema.si_ad_objectClass
371 || (*mlp)->sml_desc == slap_schema.si_ad_structuralObjectClass ) {
375 struct ldapmapping *m;
378 drop_missing = rwm_mapping( &rwmap->rwm_at, &(*mlp)->sml_desc->ad_cname, &m, RWM_MAP );
379 if ( drop_missing || ( m != NULL && BER_BVISNULL( &m->m_dst ) ) )
385 /* use new attribute description */
386 assert( m->m_dst_ad );
387 (*mlp)->sml_desc = m->m_dst_ad;
391 if ( (*mlp)->sml_values != NULL ) {
395 for ( last = 0; !BER_BVISNULL( &(*mlp)->sml_values[last] ); last++ )
399 for ( j = 0; !BER_BVISNULL( &(*mlp)->sml_values[j] ); j++ ) {
400 struct berval mapped = BER_BVNULL;
402 rwm_map( &rwmap->rwm_oc,
403 &(*mlp)->sml_values[j],
405 if ( BER_BVISNULL( &mapped ) || BER_BVISEMPTY( &mapped ) ) {
406 /* FIXME: we allow to remove objectClasses as well;
407 * if the resulting entry is inconsistent, that's
408 * the relayed database's business...
414 (*mlp)->sml_values[j] = (*mlp)->sml_values[last];
415 BER_BVZERO( &(*mlp)->sml_values[last] );
420 ch_free( (*mlp)->sml_values[j].bv_val );
421 ber_dupbv( &(*mlp)->sml_values[j], &mapped );
426 if ( (*mlp)->sml_desc->ad_type->sat_syntax ==
427 slap_schema.si_syn_distinguishedName )
429 #ifdef ENABLE_REWRITE
430 rc = rwm_dnattr_rewrite( op, rs, "modifyAttrDN",
432 (*mlp)->sml_nvalues ? &(*mlp)->sml_nvalues : NULL );
433 #else /* ! ENABLE_REWRITE */
435 rc = rwm_dnattr_rewrite( op, rs, &rc,
437 (*mlp)->sml_nvalues ? &(*mlp)->sml_nvalues : NULL );
438 #endif /* ! ENABLE_REWRITE */
440 } else if ( (*mlp)->sml_desc == slap_schema.si_ad_ref ) {
441 #ifdef ENABLE_REWRITE
442 rc = rwm_referral_rewrite( op, rs,
445 (*mlp)->sml_nvalues ? &(*mlp)->sml_nvalues : NULL );
446 #else /* ! ENABLE_REWRITE */
448 rc = rwm_referral_rewrite( op, rs, &rc,
450 (*mlp)->sml_nvalues ? &(*mlp)->sml_nvalues : NULL );
451 #endif /* ! ENABLE_REWRITE */
452 if ( rc != LDAP_SUCCESS ) {
457 if ( rc != LDAP_SUCCESS ) {
464 mlp = &(*mlp)->sml_next;
469 *mlp = (*mlp)->sml_next;
470 slap_mod_free( &ml->sml_mod, 0 );
474 /* TODO: rewrite attribute types, values of DN-valued attributes ... */
475 return SLAP_CB_CONTINUE;
479 rwm_op_modrdn( Operation *op, SlapReply *rs )
481 slap_overinst *on = (slap_overinst *) op->o_bd->bd_info;
482 struct ldaprwmap *rwmap =
483 (struct ldaprwmap *)on->on_bi.bi_private;
487 if ( op->orr_newSup ) {
489 struct berval nnewSup = BER_BVNULL;
490 struct berval newSup = BER_BVNULL;
493 * Rewrite the new superior, if defined and required
496 #ifdef ENABLE_REWRITE
497 dc.conn = op->o_conn;
499 dc.ctx = "newSuperiorDN";
500 #else /* ! ENABLE_REWRITE */
503 #endif /* ! ENABLE_REWRITE */
504 newSup = *op->orr_newSup;
505 nnewSup = *op->orr_nnewSup;
506 rc = rwm_dn_massage_pretty_normalize( &dc, op->orr_newSup, &newSup, &nnewSup );
507 if ( rc != LDAP_SUCCESS ) {
508 op->o_bd->bd_info = (BackendInfo *)on->on_info;
509 send_ldap_error( op, rs, rc, "newSuperiorDN massage error" );
513 if ( op->orr_newSup->bv_val != newSup.bv_val ) {
514 op->o_tmpfree( op->orr_newSup->bv_val, op->o_tmpmemctx );
515 op->o_tmpfree( op->orr_nnewSup->bv_val, op->o_tmpmemctx );
516 *op->orr_newSup = newSup;
517 *op->orr_nnewSup = nnewSup;
522 * Rewrite the dn, if needed
524 #ifdef ENABLE_REWRITE
525 rc = rwm_op_dn_massage( op, rs, "renameDN" );
526 #else /* ! ENABLE_REWRITE */
528 rc = rwm_op_dn_massage( op, rs, &rc );
529 #endif /* ! ENABLE_REWRITE */
530 if ( rc != LDAP_SUCCESS ) {
531 op->o_bd->bd_info = (BackendInfo *)on->on_info;
532 send_ldap_error( op, rs, rc, "renameDN massage error" );
536 /* TODO: rewrite newRDN, attribute types,
537 * values of DN-valued attributes ... */
538 return SLAP_CB_CONTINUE;
542 rwm_swap_attrs( Operation *op, SlapReply *rs )
544 slap_callback *cb = op->o_callback;
545 AttributeName *an = (AttributeName *)cb->sc_private;
549 return SLAP_CB_CONTINUE;
552 static int rwm_freeself( Operation *op, SlapReply *rs )
554 if ( op->o_tag == LDAP_REQ_SEARCH && rs->sr_type == REP_RESULT ) {
555 assert( op->o_callback );
557 op->o_tmpfree( op->o_callback, op->o_tmpmemctx );
558 op->o_callback = NULL;
561 return SLAP_CB_CONTINUE;
565 rwm_op_search( Operation *op, SlapReply *rs )
567 slap_overinst *on = (slap_overinst *) op->o_bd->bd_info;
568 struct ldaprwmap *rwmap =
569 (struct ldaprwmap *)on->on_bi.bi_private;
574 struct berval fstr = BER_BVNULL;
578 AttributeName *an = NULL;
582 #ifdef ENABLE_REWRITE
583 rc = rwm_op_dn_massage( op, rs, "searchDN" );
584 #else /* ! ENABLE_REWRITE */
586 rc = rwm_op_dn_massage( op, rs, &rc );
587 #endif /* ! ENABLE_REWRITE */
588 if ( rc != LDAP_SUCCESS ) {
589 text = "searchDN massage error";
594 * Rewrite the dn if needed
597 #ifdef ENABLE_REWRITE
598 dc.conn = op->o_conn;
600 dc.ctx = "searchFilterAttrDN";
601 #else /* ! ENABLE_REWRITE */
604 #endif /* ! ENABLE_REWRITE */
606 rc = rwm_filter_map_rewrite( &dc, op->ors_filter, &fstr );
607 if ( rc != LDAP_SUCCESS ) {
608 text = "searchFilter/searchFilterAttrDN massage error";
612 f = str2filter_x( op, fstr.bv_val );
615 text = "massaged filter parse error";
619 if ( !BER_BVISNULL( &op->ors_filterstr ) ) {
620 ch_free( op->ors_filterstr.bv_val );
623 if( op->ors_filter ) {
624 filter_free_x( op, op->ors_filter );
628 op->ors_filterstr = fstr;
630 rc = rwm_map_attrnames( &rwmap->rwm_at, &rwmap->rwm_oc,
631 op->ors_attrs, &an, RWM_MAP );
632 if ( rc != LDAP_SUCCESS ) {
633 text = "attribute list mapping error";
637 cb = (slap_callback *) op->o_tmpcalloc( sizeof( slap_callback ),
638 1, op->o_tmpmemctx );
644 cb->sc_response = rwm_swap_attrs;
645 cb->sc_cleanup = rwm_freeself;
646 cb->sc_private = (void *)op->ors_attrs;
647 cb->sc_next = op->o_callback;
652 return SLAP_CB_CONTINUE;
660 filter_free_x( op, f );
663 if ( !BER_BVISNULL( &fstr ) ) {
664 ch_free( fstr.bv_val );
667 op->o_bd->bd_info = (BackendInfo *)on->on_info;
668 send_ldap_error( op, rs, rc, text );
675 rwm_extended( Operation *op, SlapReply *rs )
677 slap_overinst *on = (slap_overinst *) op->o_bd->bd_info;
680 #ifdef ENABLE_REWRITE
681 rc = rwm_op_dn_massage( op, rs, "extendedDN" );
682 #else /* ! ENABLE_REWRITE */
684 rc = rwm_op_dn_massage( op, rs, &rc );
685 #endif /* ! ENABLE_REWRITE */
686 if ( rc != LDAP_SUCCESS ) {
687 op->o_bd->bd_info = (BackendInfo *)on->on_info;
688 send_ldap_error( op, rs, rc, "extendedDN massage error" );
692 /* TODO: rewrite/map extended data ? ... */
693 return SLAP_CB_CONTINUE;
697 rwm_matched( Operation *op, SlapReply *rs )
699 slap_overinst *on = (slap_overinst *) op->o_bd->bd_info;
700 struct ldaprwmap *rwmap =
701 (struct ldaprwmap *)on->on_bi.bi_private;
703 struct berval dn, mdn;
707 if ( rs->sr_matched == NULL ) {
708 return SLAP_CB_CONTINUE;
712 #ifdef ENABLE_REWRITE
713 dc.conn = op->o_conn;
715 dc.ctx = "matchedDN";
716 #else /* ! ENABLE_REWRITE */
719 #endif /* ! ENABLE_REWRITE */
720 ber_str2bv( rs->sr_matched, 0, 0, &dn );
722 rc = rwm_dn_massage_pretty( &dc, &dn, &mdn );
723 if ( rc != LDAP_SUCCESS ) {
725 rs->sr_text = "Rewrite error";
729 if ( mdn.bv_val != dn.bv_val ) {
730 if ( rs->sr_flags & REP_MATCHED_MUSTBEFREED ) {
731 ch_free( (void *)rs->sr_matched );
734 rs->sr_flags |= REP_MATCHED_MUSTBEFREED;
736 rs->sr_matched = mdn.bv_val;
739 return SLAP_CB_CONTINUE;
743 rwm_attrs( Operation *op, SlapReply *rs, Attribute** a_first )
745 slap_overinst *on = (slap_overinst *) op->o_bd->bd_info;
746 struct ldaprwmap *rwmap =
747 (struct ldaprwmap *)on->on_bi.bi_private;
755 * Rewrite the dn attrs, if needed
758 #ifdef ENABLE_REWRITE
759 dc.conn = op->o_conn;
761 #else /* ! ENABLE_REWRITE */
764 #endif /* ! ENABLE_REWRITE */
766 /* FIXME: the entries are in the remote mapping form;
767 * so we need to select those attributes we are willing
768 * to return, and remap them accordingly */
770 /* FIXME: in principle, one could map an attribute
771 * on top of another, which already exists.
772 * As such, in the end there might exist more than
773 * one instance of an attribute.
774 * We should at least check if this occurs, and issue
775 * an error (because multiple instances of attrs in
776 * response are not valid), or merge the values (what
777 * about duplicate values?) */
778 isupdate = be_shadow_update( op );
779 for ( ap = a_first; *ap; ) {
780 struct ldapmapping *m;
785 if ( SLAP_OPATTRS( rs->sr_attr_flags ) && is_at_operational( (*ap)->a_desc->ad_type ) )
789 } else if ( op->ors_attrs != NULL &&
790 !SLAP_USERATTRS( rs->sr_attr_flags ) &&
791 !ad_inlist( (*ap)->a_desc, op->ors_attrs ) )
796 if ( !isupdate && (*ap)->a_desc->ad_type->sat_no_user_mod
797 && (*ap)->a_desc->ad_type != slap_schema.si_at_undefined )
802 drop_missing = rwm_mapping( &rwmap->rwm_at,
803 &(*ap)->a_desc->ad_cname, &m, RWM_REMAP );
804 if ( drop_missing || ( m != NULL && BER_BVISEMPTY( &m->m_dst ) ) ) {
808 for ( last = 0; !BER_BVISNULL( &(*ap)->a_vals[last] ); last++ )
812 /* empty? for now, we leave it in place */
817 if ( (*ap)->a_desc == slap_schema.si_ad_objectClass
818 || (*ap)->a_desc == slap_schema.si_ad_structuralObjectClass )
822 for ( bv = (*ap)->a_vals; !BER_BVISNULL( bv ); bv++ ) {
823 struct berval mapped;
825 rwm_map( &rwmap->rwm_oc, &bv[0], &mapped, RWM_REMAP );
826 if ( BER_BVISNULL( &mapped ) || BER_BVISEMPTY( &mapped ) ) {
827 ch_free( bv[0].bv_val );
828 BER_BVZERO( &bv[0] );
829 if ( &(*ap)->a_vals[last] > &bv[0] ) {
830 bv[0] = (*ap)->a_vals[last];
831 BER_BVZERO( &(*ap)->a_vals[last] );
836 } else if ( mapped.bv_val != bv[0].bv_val ) {
838 * FIXME: after LBER_FREEing
839 * the value is replaced by
842 ch_free( bv[0].bv_val );
843 ber_dupbv( &bv[0], &mapped );
848 * It is necessary to try to rewrite attributes with
849 * dn syntax because they might be used in ACLs as
850 * members of groups; since ACLs are applied to the
851 * rewritten stuff, no dn-based subject clause could
852 * be used at the ldap backend side (see
853 * http://www.OpenLDAP.org/faq/data/cache/452.html)
854 * The problem can be overcome by moving the dn-based
855 * ACLs to the target directory server, and letting
856 * everything pass thru the ldap backend. */
857 /* FIXME: handle distinguishedName-like syntaxes, like
858 * nameAndOptionalUID */
859 } else if ( (*ap)->a_desc->ad_type->sat_syntax ==
860 slap_schema.si_syn_distinguishedName )
862 #ifdef ENABLE_REWRITE
863 dc.ctx = "searchAttrDN";
864 #endif /* ENABLE_REWRITE */
865 rc = rwm_dnattr_result_rewrite( &dc, (*ap)->a_vals );
866 if ( rc != LDAP_SUCCESS ) {
870 } else if ( (*ap)->a_desc == slap_schema.si_ad_ref ) {
871 #ifdef ENABLE_REWRITE
872 dc.ctx = "searchAttrDN";
873 #endif /* ENABLE_REWRITE */
874 rc = rwm_referral_result_rewrite( &dc, (*ap)->a_vals );
875 if ( rc != LDAP_SUCCESS ) {
881 /* rewrite the attribute description */
882 assert( m->m_dst_ad );
883 (*ap)->a_desc = m->m_dst_ad;
901 rwm_send_entry( Operation *op, SlapReply *rs )
903 slap_overinst *on = (slap_overinst *) op->o_bd->bd_info;
904 struct ldaprwmap *rwmap =
905 (struct ldaprwmap *)on->on_bi.bi_private;
909 struct berval dn = BER_BVNULL,
914 assert( rs->sr_entry );
917 * Rewrite the dn of the result, if needed
920 #ifdef ENABLE_REWRITE
921 dc.conn = op->o_conn;
923 dc.ctx = "searchEntryDN";
924 #else /* ! ENABLE_REWRITE */
927 #endif /* ! ENABLE_REWRITE */
930 flags = rs->sr_flags;
931 if ( !( rs->sr_flags & REP_ENTRY_MODIFIABLE ) ) {
932 /* FIXME: all we need to duplicate are:
935 * - attributes that are requested
936 * - no values if attrsonly is set
945 flags |= ( REP_ENTRY_MODIFIABLE | REP_ENTRY_MUSTBEFREED );
949 * Note: this may fail if the target host(s) schema differs
950 * from the one known to the meta, and a DN with unknown
951 * attributes is returned.
955 rc = rwm_dn_massage_pretty_normalize( &dc, &e->e_name, &dn, &ndn );
956 if ( rc != LDAP_SUCCESS ) {
961 if ( e->e_name.bv_val != dn.bv_val ) {
962 ch_free( e->e_name.bv_val );
963 ch_free( e->e_nname.bv_val );
969 /* TODO: map entry attribute types, objectclasses
970 * and dn-valued attribute values */
972 /* FIXME: the entries are in the remote mapping form;
973 * so we need to select those attributes we are willing
974 * to return, and remap them accordingly */
975 (void)rwm_attrs( op, rs, &e->e_attrs );
978 rs->sr_flags = flags;
980 return SLAP_CB_CONTINUE;
983 if ( !BER_BVISNULL( &dn ) ) {
984 ch_free( dn.bv_val );
987 if ( !BER_BVISNULL( &ndn ) ) {
988 ch_free( ndn.bv_val );
991 if ( e != NULL && e != rs->sr_entry ) {
999 rwm_operational( Operation *op, SlapReply *rs )
1001 /* FIXME: the entries are in the remote mapping form;
1002 * so we need to select those attributes we are willing
1003 * to return, and remap them accordingly */
1004 if ( rs->sr_operational_attrs ) {
1005 rwm_attrs( op, rs, &rs->sr_operational_attrs );
1008 return SLAP_CB_CONTINUE;
1012 /* don't use this; it cannot be reverted, and leaves op->o_req_dn
1013 * rewritten for subsequent operations; fine for plain suffixmassage,
1014 * but destroys everything else */
1016 rwm_chk_referrals( Operation *op, SlapReply *rs )
1018 slap_overinst *on = (slap_overinst *) op->o_bd->bd_info;
1021 #ifdef ENABLE_REWRITE
1022 rc = rwm_op_dn_massage( op, rs, "referralCheckDN" );
1023 #else /* ! ENABLE_REWRITE */
1025 rc = rwm_op_dn_massage( op, rs, &rc );
1026 #endif /* ! ENABLE_REWRITE */
1027 if ( rc != LDAP_SUCCESS ) {
1028 op->o_bd->bd_info = (BackendInfo *)on->on_info;
1029 send_ldap_error( op, rs, rc, "referralCheckDN massage error" );
1033 return SLAP_CB_CONTINUE;
1046 #ifdef ENABLE_REWRITE
1047 slap_overinst *on = (slap_overinst *) be->bd_info;
1048 struct ldaprwmap *rwmap =
1049 (struct ldaprwmap *)on->on_bi.bi_private;
1051 return rewrite_parse( rwmap->rwm_rw,
1052 fname, lineno, argc, argv );
1054 #else /* !ENABLE_REWRITE */
1055 fprintf( stderr, "%s: line %d: rewrite capabilities "
1056 "are not enabled\n", fname, lineno );
1057 #endif /* !ENABLE_REWRITE */
1063 rwm_suffixmassage_config(
1071 slap_overinst *on = (slap_overinst *) be->bd_info;
1072 struct ldaprwmap *rwmap =
1073 (struct ldaprwmap *)on->on_bi.bi_private;
1075 struct berval bvnc, nvnc, pvnc, brnc, nrnc, prnc;
1077 #ifdef ENABLE_REWRITE
1079 #endif /* ENABLE_REWRITE */
1084 * suffixmassage [<suffix>] <massaged suffix>
1086 * the [<suffix>] field must be defined as a valid suffix
1087 * for the current database;
1088 * the <massaged suffix> shouldn't have already been
1089 * defined as a valid suffix for the current server
1092 if ( be->be_suffix == NULL ) {
1093 fprintf( stderr, "%s: line %d: "
1094 " \"suffixMassage [<suffix>]"
1095 " <massaged suffix>\" without "
1096 "<suffix> part requires database "
1097 "suffix be defined first.\n",
1101 bvnc = be->be_suffix[ 0 ];
1104 } else if ( argc == 3 ) {
1105 ber_str2bv( argv[ 1 ], 0, 0, &bvnc );
1109 fprintf( stderr, "%s: line %d: syntax is"
1110 " \"suffixMassage [<suffix>]"
1111 " <massaged suffix>\"\n",
1116 if ( dnPrettyNormal( NULL, &bvnc, &pvnc, &nvnc, NULL ) != LDAP_SUCCESS ) {
1117 fprintf( stderr, "%s: line %d: suffix DN %s is invalid\n",
1118 fname, lineno, bvnc.bv_val );
1122 ber_str2bv( argv[ massaged ], 0, 0, &brnc );
1123 if ( dnPrettyNormal( NULL, &brnc, &prnc, &nrnc, NULL ) != LDAP_SUCCESS ) {
1124 fprintf( stderr, "%s: line %d: suffix DN %s is invalid\n",
1125 fname, lineno, brnc.bv_val );
1126 free( nvnc.bv_val );
1127 free( pvnc.bv_val );
1131 #ifdef ENABLE_REWRITE
1133 * The suffix massaging is emulated
1134 * by means of the rewrite capabilities
1136 rc = rwm_suffix_massage_config( rwmap->rwm_rw,
1137 &pvnc, &nvnc, &prnc, &nrnc );
1138 free( nvnc.bv_val );
1139 free( pvnc.bv_val );
1140 free( nrnc.bv_val );
1141 free( prnc.bv_val );
1145 #else /* !ENABLE_REWRITE */
1146 ber_bvarray_add( &rwmap->rwm_suffix_massage, &pvnc );
1147 ber_bvarray_add( &rwmap->rwm_suffix_massage, &nvnc );
1149 ber_bvarray_add( &rwmap->rwm_suffix_massage, &prnc );
1150 ber_bvarray_add( &rwmap->rwm_suffix_massage, &nrnc );
1151 #endif /* !ENABLE_REWRITE */
1165 slap_overinst *on = (slap_overinst *) be->bd_info;
1166 struct ldaprwmap *rwmap =
1167 (struct ldaprwmap *)on->on_bi.bi_private;
1169 /* objectclass/attribute mapping */
1170 return rwm_map_config( &rwmap->rwm_oc,
1172 fname, lineno, argc, argv );
1176 rwm_response( Operation *op, SlapReply *rs )
1178 slap_overinst *on = (slap_overinst *)op->o_bd->bd_info;
1179 struct ldaprwmap *rwmap =
1180 (struct ldaprwmap *)on->on_bi.bi_private;
1184 if ( op->o_tag == LDAP_REQ_SEARCH && rs->sr_type == REP_SEARCH ) {
1185 return rwm_send_entry( op, rs );
1188 switch( op->o_tag ) {
1189 case LDAP_REQ_SEARCH:
1190 /* Note: the operation attrs are remapped */
1191 if ( op->ors_attrs != NULL && op->ors_attrs != rs->sr_attrs )
1193 ch_free( op->ors_attrs );
1194 op->ors_attrs = rs->sr_attrs;
1200 case LDAP_REQ_DELETE:
1201 case LDAP_REQ_MODRDN:
1202 case LDAP_REQ_MODIFY:
1203 case LDAP_REQ_COMPARE:
1204 case LDAP_REQ_EXTENDED:
1209 * Rewrite the dn of the referrals, if needed
1212 #ifdef ENABLE_REWRITE
1213 dc.conn = op->o_conn;
1215 dc.ctx = "referralDN";
1216 #else /* ! ENABLE_REWRITE */
1219 #endif /* ! ENABLE_REWRITE */
1220 rc = rwm_referral_result_rewrite( &dc, rs->sr_ref );
1221 if ( rc != LDAP_SUCCESS ) {
1226 rc = rwm_matched( op, rs );
1230 rc = SLAP_CB_CONTINUE;
1249 if ( strncasecmp( argv[ 0 ], "rwm-", STRLENOF( "rwm-" ) ) == 0 ) {
1251 argv[ 0 ] = &argv0[ STRLENOF( "rwm-" ) ];
1254 if ( strncasecmp( argv[0], "rewrite", STRLENOF("rewrite") ) == 0 ) {
1255 rc = rwm_rw_config( be, fname, lineno, argc, argv );
1257 } else if ( strcasecmp( argv[0], "map" ) == 0 ) {
1258 rc = rwm_m_config( be, fname, lineno, argc, argv );
1260 } else if ( strcasecmp( argv[0], "suffixmassage" ) == 0 ) {
1261 rc = rwm_suffixmassage_config( be, fname, lineno, argc, argv );
1264 rc = SLAP_CONF_UNKNOWN;
1279 slap_overinst *on = (slap_overinst *) be->bd_info;
1280 struct ldapmapping *mapping = NULL;
1281 struct ldaprwmap *rwmap;
1283 rwmap = (struct ldaprwmap *)ch_malloc(sizeof(struct ldaprwmap));
1284 memset(rwmap, 0, sizeof(struct ldaprwmap));
1286 #ifdef ENABLE_REWRITE
1287 rwmap->rwm_rw = rewrite_info_init( REWRITE_MODE_USE_DEFAULT );
1288 if ( rwmap->rwm_rw == NULL ) {
1296 /* this rewriteContext by default must be null;
1297 * rules can be added if required */
1298 rargv[ 0 ] = "rewriteContext";
1299 rargv[ 1 ] = "searchFilter";
1301 rewrite_parse( rwmap->rwm_rw, "<suffix massage>", 1, 2, rargv );
1303 rargv[ 0 ] = "rewriteContext";
1304 rargv[ 1 ] = "default";
1306 rewrite_parse( rwmap->rwm_rw, "<suffix massage>", 2, 2, rargv );
1309 #endif /* ENABLE_REWRITE */
1311 if ( rwm_map_init( &rwmap->rwm_oc, &mapping ) != LDAP_SUCCESS ||
1312 rwm_map_init( &rwmap->rwm_at, &mapping ) != LDAP_SUCCESS )
1317 on->on_bi.bi_private = (void *)rwmap;
1327 slap_overinst *on = (slap_overinst *) be->bd_info;
1330 if ( on->on_bi.bi_private ) {
1331 struct ldaprwmap *rwmap =
1332 (struct ldaprwmap *)on->on_bi.bi_private;
1334 #ifdef ENABLE_REWRITE
1335 if (rwmap->rwm_rw) {
1336 rewrite_info_delete( &rwmap->rwm_rw );
1338 #else /* !ENABLE_REWRITE */
1339 if ( rwmap->rwm_suffix_massage ) {
1340 ber_bvarray_free( rwmap->rwm_suffix_massage );
1342 #endif /* !ENABLE_REWRITE */
1344 avl_free( rwmap->rwm_oc.remap, NULL );
1345 avl_free( rwmap->rwm_oc.map, rwm_mapping_free );
1346 avl_free( rwmap->rwm_at.remap, NULL );
1347 avl_free( rwmap->rwm_at.map, rwm_mapping_free );
1353 static slap_overinst rwm = { { NULL } };
1358 memset( &rwm, 0, sizeof( slap_overinst ) );
1360 rwm.on_bi.bi_type = "rwm";
1362 rwm.on_bi.bi_db_init = rwm_db_init;
1363 rwm.on_bi.bi_db_config = rwm_db_config;
1364 rwm.on_bi.bi_db_destroy = rwm_db_destroy;
1366 rwm.on_bi.bi_op_bind = rwm_op_bind;
1367 rwm.on_bi.bi_op_search = rwm_op_search;
1368 rwm.on_bi.bi_op_compare = rwm_op_compare;
1369 rwm.on_bi.bi_op_modify = rwm_op_modify;
1370 rwm.on_bi.bi_op_modrdn = rwm_op_modrdn;
1371 rwm.on_bi.bi_op_add = rwm_op_add;
1372 rwm.on_bi.bi_op_delete = rwm_op_delete;
1373 rwm.on_bi.bi_op_unbind = rwm_op_unbind;
1374 rwm.on_bi.bi_extended = rwm_extended;
1376 rwm.on_bi.bi_operational = rwm_operational;
1377 rwm.on_bi.bi_chk_referrals = 0 /* rwm_chk_referrals */ ;
1379 rwm.on_response = rwm_response;
1381 return overlay_register( &rwm );
1384 #if SLAPD_OVER_RWM == SLAPD_MOD_DYNAMIC
1386 init_module( int argc, char *argv[] )
1390 #endif /* SLAPD_OVER_RWM == SLAPD_MOD_DYNAMIC */
1392 #endif /* SLAPD_OVER_RWM */
projects / openldap / blob