1 /* rwmmap.c - rewrite/mapping routines */
3 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
5 * Copyright 1999-2004 The OpenLDAP Foundation.
6 * Portions Copyright 1999-2003 Howard Chu.
7 * Portions Copyright 2000-2003 Pierangelo Masarati.
10 * Redistribution and use in source and binary forms, with or without
11 * modification, are permitted only as authorized by the OpenLDAP
14 * A copy of this license is available in the file LICENSE in the
15 * top-level directory of the distribution or, alternatively, at
16 * <http://www.OpenLDAP.org/license.html>.
19 * This work was initially developed by the Howard Chu for inclusion
20 * in OpenLDAP Software and subsequently enhanced by Pierangelo
30 #include <ac/string.h>
31 #include <ac/socket.h>
36 #undef ldap_debug /* silence a warning in ldap-int.h */
37 #include "../../../libraries/libldap/ldap-int.h"
40 rwm_mapping_cmp( const void *c1, const void *c2 )
42 struct ldapmapping *map1 = (struct ldapmapping *)c1;
43 struct ldapmapping *map2 = (struct ldapmapping *)c2;
44 int rc = map1->m_src.bv_len - map2->m_src.bv_len;
48 return strcasecmp( map1->m_src.bv_val, map2->m_src.bv_val );
52 rwm_mapping_dup( void *c1, void *c2 )
54 struct ldapmapping *map1 = (struct ldapmapping *)c1;
55 struct ldapmapping *map2 = (struct ldapmapping *)c2;
56 int rc = map1->m_src.bv_len - map2->m_src.bv_len;
62 return ( ( strcasecmp( map1->m_src.bv_val, map2->m_src.bv_val ) == 0 ) ? -1 : 0 );
66 rwm_map_init( struct ldapmap *lm, struct ldapmapping **m )
68 struct ldapmapping *mapping;
74 mapping = (struct ldapmapping *)ch_calloc( 2,
75 sizeof( struct ldapmapping ) );
76 if ( mapping == NULL ) {
80 ber_str2bv( "objectClass", sizeof("objectClass") - 1, 1,
82 ber_dupbv( &mapping->m_dst, &mapping->m_src );
83 mapping[1].m_src = mapping->m_src;
84 mapping[1].m_dst = mapping->m_dst;
86 avl_insert( &lm->map, (caddr_t)mapping,
87 rwm_mapping_cmp, rwm_mapping_dup );
88 avl_insert( &lm->remap, (caddr_t)&mapping[1],
89 rwm_mapping_cmp, rwm_mapping_dup );
94 rwm_map( struct ldapmap *map, struct berval *s, struct berval *bv, int remap )
97 struct ldapmapping *mapping, fmapping;
99 if (remap == RWM_REMAP) {
108 mapping = (struct ldapmapping *)avl_find( tree, (caddr_t)&fmapping,
110 if ( mapping != NULL ) {
111 if ( mapping->m_dst.bv_val ) {
112 *bv = mapping->m_dst;
117 if ( !map->drop_missing ) {
126 struct ldapmap *at_map,
134 struct berval mapped;
137 *mapped_attrs = NULL;
141 for ( i = 0; an[i].an_name.bv_val; i++ ) {
145 na = (char **)ch_calloc( i + 1, sizeof( char * ) );
147 *mapped_attrs = NULL;
148 return LDAP_NO_MEMORY;
151 for ( i = j = 0; an[i].an_name.bv_val; i++ ) {
152 rwm_map( at_map, &an[i].an_name, &mapped, remap );
153 if ( mapped.bv_val != NULL && mapped.bv_val != '\0' ) {
154 na[j++] = mapped.bv_val;
157 if ( j == 0 && i != 0 ) {
158 na[j++] = LDAP_NO_ATTRS;
169 AttributeDescription *ad,
170 struct berval *mapped_attr,
171 struct berval *value,
172 struct berval *mapped_value,
178 rwm_map( &dc->rwmap->rwm_at, &ad->ad_cname, mapped_attr, remap );
179 if ( mapped_attr->bv_val == NULL || mapped_attr->bv_val[0] == '\0') {
181 * FIXME: are we sure we need to search oc_map if at_map fails?
183 rwm_map( &dc->rwmap->rwm_oc, &ad->ad_cname, mapped_attr,
185 if ( mapped_attr->bv_val == NULL
186 || mapped_attr->bv_val[0] == '\0' )
188 *mapped_attr = ad->ad_cname;
192 if ( value == NULL ) {
196 if ( ad->ad_type->sat_syntax == slap_schema.si_syn_distinguishedName )
200 #ifdef ENABLE_REWRITE
201 fdc.ctx = "searchFilterAttrDN";
204 switch ( rwm_dn_massage( &fdc, value, &vtmp ) ) {
206 if ( vtmp.bv_val != value->bv_val ) {
211 case LDAP_UNWILLING_TO_PERFORM:
218 } else if ( ad == slap_schema.si_ad_objectClass
219 || ad == slap_schema.si_ad_structuralObjectClass )
221 rwm_map( &dc->rwmap->rwm_oc, value, &vtmp, remap );
222 if ( vtmp.bv_val == NULL || vtmp.bv_val[0] == '\0' ) {
230 filter_escape_value( &vtmp, mapped_value );
233 ber_memfree( vtmp.bv_val );
240 rwm_int_filter_map_rewrite(
252 ber_bvfalse = BER_BVC( "(?=false)" ),
253 ber_bvtrue = BER_BVC( "(?=true)" ),
254 ber_bvundefined = BER_BVC( "(?=undefined)" ),
255 ber_bverror = BER_BVC( "(?=error)" ),
256 ber_bvunknown = BER_BVC( "(?=unknown)" ),
257 ber_bvnone = BER_BVC( "(?=none)" );
261 ber_dupbv( fstr, &ber_bvnone );
265 switch ( f->f_choice ) {
266 case LDAP_FILTER_EQUALITY:
267 if ( map_attr_value( dc, f->f_av_desc, &atmp,
268 &f->f_av_value, &vtmp, remap ) )
273 fstr->bv_len = atmp.bv_len + vtmp.bv_len
274 + ( sizeof( "(=)" ) - 1 );
275 fstr->bv_val = malloc( fstr->bv_len + 1 );
277 snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s=%s)",
278 atmp.bv_val, vtmp.bv_val );
280 ber_memfree( vtmp.bv_val );
284 if ( map_attr_value( dc, f->f_av_desc, &atmp,
285 &f->f_av_value, &vtmp, remap ) )
290 fstr->bv_len = atmp.bv_len + vtmp.bv_len
291 + ( sizeof( "(>=)" ) - 1 );
292 fstr->bv_val = malloc( fstr->bv_len + 1 );
294 snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s>=%s)",
295 atmp.bv_val, vtmp.bv_val );
297 ber_memfree( vtmp.bv_val );
301 if ( map_attr_value( dc, f->f_av_desc, &atmp,
302 &f->f_av_value, &vtmp, remap ) )
307 fstr->bv_len = atmp.bv_len + vtmp.bv_len
308 + ( sizeof( "(<=)" ) - 1 );
309 fstr->bv_val = malloc( fstr->bv_len + 1 );
311 snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s<=%s)",
312 atmp.bv_val, vtmp.bv_val );
314 ber_memfree( vtmp.bv_val );
317 case LDAP_FILTER_APPROX:
318 if ( map_attr_value( dc, f->f_av_desc, &atmp,
319 &f->f_av_value, &vtmp, remap ) )
324 fstr->bv_len = atmp.bv_len + vtmp.bv_len
325 + ( sizeof( "(~=)" ) - 1 );
326 fstr->bv_val = malloc( fstr->bv_len + 1 );
328 snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s~=%s)",
329 atmp.bv_val, vtmp.bv_val );
331 ber_memfree( vtmp.bv_val );
334 case LDAP_FILTER_SUBSTRINGS:
335 if ( map_attr_value( dc, f->f_sub_desc, &atmp,
336 NULL, NULL, remap ) )
341 /* cannot be a DN ... */
343 fstr->bv_len = atmp.bv_len + ( sizeof( "(=*)" ) - 1 );
344 fstr->bv_val = malloc( fstr->bv_len + 128 );
346 snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s=*)",
349 if ( f->f_sub_initial.bv_val != NULL ) {
352 filter_escape_value( &f->f_sub_initial, &vtmp );
354 fstr->bv_len += vtmp.bv_len;
355 fstr->bv_val = ch_realloc( fstr->bv_val, fstr->bv_len + 1 );
357 snprintf( &fstr->bv_val[len - 2], vtmp.bv_len + 3,
358 /* "(attr=" */ "%s*)",
361 ber_memfree( vtmp.bv_val );
364 if ( f->f_sub_any != NULL ) {
365 for ( i = 0; f->f_sub_any[i].bv_val != NULL; i++ ) {
367 filter_escape_value( &f->f_sub_any[i], &vtmp );
369 fstr->bv_len += vtmp.bv_len + 1;
370 fstr->bv_val = ch_realloc( fstr->bv_val, fstr->bv_len + 1 );
372 snprintf( &fstr->bv_val[len - 1], vtmp.bv_len + 3,
373 /* "(attr=[init]*[any*]" */ "%s*)",
375 ber_memfree( vtmp.bv_val );
379 if ( f->f_sub_final.bv_val != NULL ) {
382 filter_escape_value( &f->f_sub_final, &vtmp );
384 fstr->bv_len += vtmp.bv_len;
385 fstr->bv_val = ch_realloc( fstr->bv_val, fstr->bv_len + 1 );
387 snprintf( &fstr->bv_val[len - 1], vtmp.bv_len + 3,
388 /* "(attr=[init*][any*]" */ "%s)",
391 ber_memfree( vtmp.bv_val );
396 case LDAP_FILTER_PRESENT:
397 if ( map_attr_value( dc, f->f_desc, &atmp,
398 NULL, NULL, remap ) )
403 fstr->bv_len = atmp.bv_len + ( sizeof( "(=*)" ) - 1 );
404 fstr->bv_val = malloc( fstr->bv_len + 1 );
406 snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s=*)",
410 case LDAP_FILTER_AND:
412 case LDAP_FILTER_NOT:
413 fstr->bv_len = sizeof( "(%)" ) - 1;
414 fstr->bv_val = malloc( fstr->bv_len + 128 );
416 snprintf( fstr->bv_val, fstr->bv_len + 1, "(%c)",
417 f->f_choice == LDAP_FILTER_AND ? '&' :
418 f->f_choice == LDAP_FILTER_OR ? '|' : '!' );
420 for ( p = f->f_list; p != NULL; p = p->f_next ) {
423 if ( rwm_int_filter_map_rewrite( dc, p, &vtmp, remap ) )
428 fstr->bv_len += vtmp.bv_len;
429 fstr->bv_val = ch_realloc( fstr->bv_val, fstr->bv_len + 1 );
431 snprintf( &fstr->bv_val[len-1], vtmp.bv_len + 2,
432 /*"("*/ "%s)", vtmp.bv_val );
434 ch_free( vtmp.bv_val );
439 case LDAP_FILTER_EXT: {
440 if ( f->f_mr_desc ) {
441 if ( map_attr_value( dc, f->f_mr_desc, &atmp,
442 &f->f_mr_value, &vtmp, remap ) )
451 filter_escape_value( &f->f_mr_value, &vtmp );
455 fstr->bv_len = atmp.bv_len +
456 ( f->f_mr_dnattrs ? sizeof( ":dn" ) - 1 : 0 ) +
457 ( f->f_mr_rule_text.bv_len ? f->f_mr_rule_text.bv_len + 1 : 0 ) +
458 vtmp.bv_len + ( sizeof( "(:=)" ) - 1 );
459 fstr->bv_val = malloc( fstr->bv_len + 1 );
461 snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s%s%s%s:=%s)",
463 f->f_mr_dnattrs ? ":dn" : "",
464 f->f_mr_rule_text.bv_len ? ":" : "",
465 f->f_mr_rule_text.bv_len ? f->f_mr_rule_text.bv_val : "",
467 ber_memfree( vtmp.bv_val );
470 case SLAPD_FILTER_COMPUTED:
471 switch ( f->f_result ) {
472 case LDAP_COMPARE_FALSE:
476 case LDAP_COMPARE_TRUE:
480 case SLAPD_COMPARE_UNDEFINED:
481 tmp = ber_bvundefined;
489 ber_dupbv( fstr, &tmp );
493 ber_dupbv( fstr, &ber_bvunknown );
501 rwm_filter_map_rewrite(
511 rc = rwm_int_filter_map_rewrite( dc, f, fstr, remap );
513 #ifdef ENABLE_REWRITE
514 if ( rc != LDAP_SUCCESS ) {
521 fdc.ctx = "searchFilter";
523 switch ( rewrite_session( fdc.rwmap->rwm_rw, fdc.ctx,
524 ( ftmp.bv_len ? ftmp.bv_val : "" ),
525 fdc.conn, &fstr->bv_val )) {
526 case REWRITE_REGEXEC_OK:
527 if ( fstr->bv_val != NULL ) {
528 fstr->bv_len = strlen( fstr->bv_val );
535 LDAP_LOG( BACK_LDAP, DETAIL1,
536 "[rw] %s: \"%s\" -> \"%s\"\n",
537 dc->ctx, ftmp.bv_val, fstr->bv_val );
538 #else /* !NEW_LOGGING */
539 Debug( LDAP_DEBUG_ARGS,
540 "[rw] %s: \"%s\" -> \"%s\"\n",
541 dc->ctx, ftmp.bv_val, fstr->bv_val );
542 #endif /* !NEW_LOGGING */
546 case REWRITE_REGEXEC_UNWILLING:
548 fdc.rs->sr_err = LDAP_UNWILLING_TO_PERFORM;
549 fdc.rs->sr_text = "Operation not allowed";
551 rc = LDAP_UNWILLING_TO_PERFORM;
554 case REWRITE_REGEXEC_ERR:
556 fdc.rs->sr_err = LDAP_OTHER;
557 fdc.rs->sr_text = "Rewrite error";
563 #endif /* ENABLE_REWRITE */
568 * I don't like this much, but we need two different
569 * functions because different heap managers may be
570 * in use in back-ldap/meta to reduce the amount of
571 * calls to malloc routines, and some of the free()
572 * routines may be macros with args
582 slap_overinst *on = (slap_overinst *) op->o_bd->bd_info;
583 struct ldaprwmap *rwmap =
584 (struct ldaprwmap *)on->on_bi.bi_private;
592 * Rewrite the bind dn if needed
595 #ifdef ENABLE_REWRITE
596 dc.conn = op->o_conn;
598 dc.ctx = (char *)cookie;
600 dc.tofrom = ((int *)cookie)[0];
604 for ( last = 0; a_vals[last].bv_val != NULL; last++ );
607 for ( i = 0; a_vals[i].bv_val != NULL; i++ ) {
608 switch ( rwm_dn_massage( &dc, &a_vals[i], &bv ) ) {
609 case LDAP_UNWILLING_TO_PERFORM:
611 * FIXME: need to check if it may be considered
612 * legal to trim values when adding/modifying;
613 * it should be when searching (e.g. ACLs).
615 ch_free( a_vals[i].bv_val );
617 a_vals[i] = a_vals[last];
619 a_vals[last].bv_len = 0;
620 a_vals[last].bv_val = NULL;
625 /* leave attr untouched if massage failed */
626 if ( bv.bv_val && bv.bv_val != a_vals[i].bv_val ) {
627 ch_free( a_vals[i].bv_val );
638 rwm_dnattr_result_rewrite(
646 for ( last = 0; a_vals[last].bv_val; last++ );
649 for ( i = 0; a_vals[i].bv_val; i++ ) {
650 switch ( rwm_dn_massage( dc, &a_vals[i], &bv ) ) {
651 case LDAP_UNWILLING_TO_PERFORM:
653 * FIXME: need to check if it may be considered
654 * legal to trim values when adding/modifying;
655 * it should be when searching (e.g. ACLs).
657 LBER_FREE( &a_vals[i].bv_val );
659 a_vals[i] = a_vals[last];
661 a_vals[last].bv_val = NULL;
662 a_vals[last].bv_len = 0;
667 /* leave attr untouched if massage failed */
668 if ( bv.bv_val && a_vals[i].bv_val != bv.bv_val ) {
669 LBER_FREE( a_vals[i].bv_val );
680 rwm_mapping_free( void *v_mapping )
682 struct ldapmapping *mapping = v_mapping;
684 if ( mapping[0].m_src.bv_val ) {
685 ch_free( mapping[0].m_src.bv_val );
688 if ( mapping[0].m_flags & RWMMAP_F_FREE_SRC ) {
689 if ( mapping[0].m_flags & RWMMAP_F_IS_OC ) {
690 if ( mapping[0].m_src_oc ) {
691 ch_free( mapping[0].m_src_oc );
695 if ( mapping[0].m_src_ad ) {
696 ch_free( mapping[0].m_src_ad );
701 if ( mapping[0].m_dst.bv_val ) {
702 ch_free( mapping[0].m_dst.bv_val );
705 if ( mapping[0].m_flags & RWMMAP_F_FREE_DST ) {
706 if ( mapping[0].m_flags & RWMMAP_F_IS_OC ) {
707 if ( mapping[0].m_dst_oc ) {
708 ch_free( mapping[0].m_dst_oc );
712 if ( mapping[0].m_dst_ad ) {
713 ch_free( mapping[0].m_dst_ad );
722 #endif /* SLAPD_OVER_RWM */