1 /* rwmmap.c - rewrite/mapping routines */
3 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
5 * Copyright 1999-2004 The OpenLDAP Foundation.
6 * Portions Copyright 1999-2003 Howard Chu.
7 * Portions Copyright 2000-2003 Pierangelo Masarati.
10 * Redistribution and use in source and binary forms, with or without
11 * modification, are permitted only as authorized by the OpenLDAP
14 * A copy of this license is available in the file LICENSE in the
15 * top-level directory of the distribution or, alternatively, at
16 * <http://www.OpenLDAP.org/license.html>.
19 * This work was initially developed by the Howard Chu for inclusion
20 * in OpenLDAP Software and subsequently enhanced by Pierangelo
30 #include <ac/string.h>
31 #include <ac/socket.h>
36 #undef ldap_debug /* silence a warning in ldap-int.h */
37 #include "../../../libraries/libldap/ldap-int.h"
40 rwm_mapping_cmp( const void *c1, const void *c2 )
42 struct ldapmapping *map1 = (struct ldapmapping *)c1;
43 struct ldapmapping *map2 = (struct ldapmapping *)c2;
44 int rc = map1->m_src.bv_len - map2->m_src.bv_len;
50 return strcasecmp( map1->m_src.bv_val, map2->m_src.bv_val );
54 rwm_mapping_dup( void *c1, void *c2 )
56 struct ldapmapping *map1 = (struct ldapmapping *)c1;
57 struct ldapmapping *map2 = (struct ldapmapping *)c2;
58 int rc = map1->m_src.bv_len - map2->m_src.bv_len;
64 return ( ( strcasecmp( map1->m_src.bv_val, map2->m_src.bv_val ) == 0 ) ? -1 : 0 );
68 rwm_map_init( struct ldapmap *lm, struct ldapmapping **m )
70 struct ldapmapping *mapping;
78 mapping = (struct ldapmapping *)ch_calloc( 2,
79 sizeof( struct ldapmapping ) );
80 if ( mapping == NULL ) {
81 return LDAP_NO_MEMORY;
84 rc = slap_str2ad( "objectClass", &mapping->m_src_ad, &text );
85 if ( rc != LDAP_SUCCESS ) {
89 mapping->m_dst_ad = mapping->m_src_ad;
90 ber_dupbv( &mapping->m_dst, &mapping->m_src_ad->ad_cname );
91 ber_dupbv( &mapping->m_dst, &mapping->m_src );
93 mapping[1].m_src = mapping->m_src;
94 mapping[1].m_dst = mapping->m_dst;
96 avl_insert( &lm->map, (caddr_t)mapping,
97 rwm_mapping_cmp, rwm_mapping_dup );
98 avl_insert( &lm->remap, (caddr_t)&mapping[1],
99 rwm_mapping_cmp, rwm_mapping_dup );
107 rwm_mapping( struct ldapmap *map, struct berval *s, struct ldapmapping **m, int remap )
110 struct ldapmapping fmapping;
114 if ( remap == RWM_REMAP ) {
122 *m = (struct ldapmapping *)avl_find( tree, (caddr_t)&fmapping,
126 return map->drop_missing;
133 rwm_map( struct ldapmap *map, struct berval *s, struct berval *bv, int remap )
135 struct ldapmapping *mapping;
138 rwm_mapping( map, s, &mapping, remap );
139 if ( mapping != NULL ) {
140 if ( !BER_BVISNULL( &mapping->m_dst ) ) {
141 *bv = mapping->m_dst;
146 if ( !map->drop_missing ) {
152 * Map attribute names in place
156 struct ldapmap *at_map,
157 struct ldapmap *oc_map,
169 for ( i = 0; !BER_BVISNULL( &an[i].an_name ); i++ )
171 *anp = ch_malloc( ( i + 1 )* sizeof( AttributeName ) );
173 for ( i = 0, j = 0; !BER_BVISNULL( &an[i].an_name ); i++ ) {
174 struct ldapmapping *m;
175 int at_drop_missing = 0,
178 if ( an[i].an_desc ) {
180 /* FIXME: better leave as is? */
184 at_drop_missing = rwm_mapping( at_map, &an[i].an_name, &m, remap );
185 if ( at_drop_missing || ( m && BER_BVISNULL( &m->m_dst ) ) ) {
196 if ( remap == RWM_MAP ) {
197 (*anp)[j].an_name = m->m_dst;
198 (*anp)[j].an_desc = m->m_dst_ad;
200 (*anp)[j].an_name = m->m_src;
201 (*anp)[j].an_desc = m->m_src_ad;
208 } else if ( an[i].an_oc ) {
210 /* FIXME: better leave as is? */
214 oc_drop_missing = rwm_mapping( oc_map, &an[i].an_name, &m, remap );
216 if ( oc_drop_missing || ( m && BER_BVISNULL( &m->m_dst ) ) ) {
227 if ( remap == RWM_MAP ) {
228 (*anp)[j].an_name = m->m_dst;
229 (*anp)[j].an_oc = m->m_dst_oc;
231 (*anp)[j].an_name = m->m_src;
232 (*anp)[j].an_oc = m->m_src_oc;
236 at_drop_missing = rwm_mapping( at_map, &an[i].an_name, &m, remap );
238 if ( at_drop_missing || !m ) {
240 oc_drop_missing = rwm_mapping( oc_map, &an[i].an_name, &m, remap );
242 /* if both at_map and oc_map required to drop missing,
244 if ( oc_drop_missing && at_drop_missing ) {
248 /* if no oc_map mapping was found and at_map required
249 * to drop missing, then do it; otherwise, at_map wins
250 * and an is considered an attr and is left unchanged */
252 if ( at_drop_missing ) {
260 if ( BER_BVISNULL( &m->m_dst ) ) {
265 if ( remap == RWM_MAP ) {
266 (*anp)[j].an_name = m->m_dst;
267 (*anp)[j].an_oc = m->m_dst_oc;
269 (*anp)[j].an_name = m->m_src;
270 (*anp)[j].an_oc = m->m_src_oc;
276 if ( !BER_BVISNULL( &m->m_dst ) ) {
278 if ( remap == RWM_MAP ) {
279 (*anp)[j].an_name = m->m_dst;
280 (*anp)[j].an_desc = m->m_dst_ad;
282 (*anp)[j].an_name = m->m_src;
283 (*anp)[j].an_desc = m->m_src_ad;
291 if ( j == 0 && i != 0 ) {
292 memset( &(*anp)[0], 0, sizeof( AttributeName ) );
293 BER_BVSTR( &(*anp)[0].an_name, LDAP_NO_ATTRS );
295 memset( &(*anp)[j], 0, sizeof( AttributeName ) );
302 struct ldapmap *at_map,
312 *mapped_attrs = NULL;
316 for ( i = 0; !BER_BVISNULL( &an[i].an_name ); i++ ) {
320 na = (char **)ch_calloc( i + 1, sizeof( char * ) );
322 *mapped_attrs = NULL;
323 return LDAP_NO_MEMORY;
326 for ( i = j = 0; !BER_BVISNULL( &an[i].an_name ); i++ ) {
327 struct ldapmapping *m;
329 if ( rwm_mapping( at_map, &an[i].an_name, &m, remap ) ) {
333 if ( !m || ( m && !BER_BVISNULL( &m->m_dst ) ) ) {
334 na[j++] = m->m_dst.bv_val;
337 if ( j == 0 && i != 0 ) {
338 na[j++] = LDAP_NO_ATTRS;
349 AttributeDescription *ad,
350 struct berval *mapped_attr,
351 struct berval *value,
352 struct berval *mapped_value,
358 rwm_map( &dc->rwmap->rwm_at, &ad->ad_cname, mapped_attr, remap );
359 if ( BER_BVISNULL( mapped_attr ) || BER_BVISEMPTY( mapped_attr ) ) {
361 * FIXME: are we sure we need to search oc_map if at_map fails?
363 rwm_map( &dc->rwmap->rwm_oc, &ad->ad_cname, mapped_attr, remap );
364 if ( BER_BVISNULL( mapped_attr ) || BER_BVISEMPTY( mapped_attr ) )
366 *mapped_attr = ad->ad_cname;
370 if ( value == NULL ) {
374 if ( ad->ad_type->sat_syntax == slap_schema.si_syn_distinguishedName )
379 #ifdef ENABLE_REWRITE
380 fdc.ctx = "searchFilterAttrDN";
383 rc = rwm_dn_massage( &fdc, value, &vtmp, NULL );
386 if ( vtmp.bv_val != value->bv_val ) {
391 case LDAP_UNWILLING_TO_PERFORM:
397 } else if ( ad == slap_schema.si_ad_objectClass
398 || ad == slap_schema.si_ad_structuralObjectClass )
400 rwm_map( &dc->rwmap->rwm_oc, value, &vtmp, remap );
401 if ( BER_BVISNULL( &vtmp ) || BER_BVISEMPTY( &vtmp ) ) {
409 filter_escape_value( &vtmp, mapped_value );
412 ber_memfree( vtmp.bv_val );
419 rwm_int_filter_map_rewrite(
422 struct berval *fstr )
430 ber_bvfalse = BER_BVC( "(?=false)" ),
431 ber_bvtrue = BER_BVC( "(?=true)" ),
432 ber_bvundefined = BER_BVC( "(?=undefined)" ),
433 ber_bverror = BER_BVC( "(?=error)" ),
434 ber_bvunknown = BER_BVC( "(?=unknown)" ),
435 ber_bvnone = BER_BVC( "(?=none)" );
439 ber_dupbv( fstr, &ber_bvnone );
443 switch ( f->f_choice ) {
444 case LDAP_FILTER_EQUALITY:
445 if ( map_attr_value( dc, f->f_av_desc, &atmp,
446 &f->f_av_value, &vtmp, RWM_MAP ) )
451 fstr->bv_len = atmp.bv_len + vtmp.bv_len + STRLENOF( "(=)" );
452 fstr->bv_val = malloc( fstr->bv_len + 1 );
454 snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s=%s)",
455 atmp.bv_val, vtmp.bv_val );
457 ber_memfree( vtmp.bv_val );
461 if ( map_attr_value( dc, f->f_av_desc, &atmp,
462 &f->f_av_value, &vtmp, RWM_MAP ) )
467 fstr->bv_len = atmp.bv_len + vtmp.bv_len + STRLENOF( "(>=)" );
468 fstr->bv_val = malloc( fstr->bv_len + 1 );
470 snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s>=%s)",
471 atmp.bv_val, vtmp.bv_val );
473 ber_memfree( vtmp.bv_val );
477 if ( map_attr_value( dc, f->f_av_desc, &atmp,
478 &f->f_av_value, &vtmp, RWM_MAP ) )
483 fstr->bv_len = atmp.bv_len + vtmp.bv_len + STRLENOF( "(<=)" );
484 fstr->bv_val = malloc( fstr->bv_len + 1 );
486 snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s<=%s)",
487 atmp.bv_val, vtmp.bv_val );
489 ber_memfree( vtmp.bv_val );
492 case LDAP_FILTER_APPROX:
493 if ( map_attr_value( dc, f->f_av_desc, &atmp,
494 &f->f_av_value, &vtmp, RWM_MAP ) )
499 fstr->bv_len = atmp.bv_len + vtmp.bv_len + STRLENOF( "(~=)" );
500 fstr->bv_val = malloc( fstr->bv_len + 1 );
502 snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s~=%s)",
503 atmp.bv_val, vtmp.bv_val );
505 ber_memfree( vtmp.bv_val );
508 case LDAP_FILTER_SUBSTRINGS:
509 if ( map_attr_value( dc, f->f_sub_desc, &atmp,
510 NULL, NULL, RWM_MAP ) )
515 /* cannot be a DN ... */
517 fstr->bv_len = atmp.bv_len + STRLENOF( "(=*)" );
518 fstr->bv_val = malloc( fstr->bv_len + 128 );
520 snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s=*)",
523 if ( !BER_BVISNULL( &f->f_sub_initial ) ) {
526 filter_escape_value( &f->f_sub_initial, &vtmp );
528 fstr->bv_len += vtmp.bv_len;
529 fstr->bv_val = ch_realloc( fstr->bv_val, fstr->bv_len + 1 );
531 snprintf( &fstr->bv_val[len - 2], vtmp.bv_len + 3,
532 /* "(attr=" */ "%s*)",
535 ber_memfree( vtmp.bv_val );
538 if ( f->f_sub_any != NULL ) {
539 for ( i = 0; !BER_BVISNULL( &f->f_sub_any[i] ); i++ ) {
541 filter_escape_value( &f->f_sub_any[i], &vtmp );
543 fstr->bv_len += vtmp.bv_len + 1;
544 fstr->bv_val = ch_realloc( fstr->bv_val, fstr->bv_len + 1 );
546 snprintf( &fstr->bv_val[len - 1], vtmp.bv_len + 3,
547 /* "(attr=[init]*[any*]" */ "%s*)",
549 ber_memfree( vtmp.bv_val );
553 if ( !BER_BVISNULL( &f->f_sub_final ) ) {
556 filter_escape_value( &f->f_sub_final, &vtmp );
558 fstr->bv_len += vtmp.bv_len;
559 fstr->bv_val = ch_realloc( fstr->bv_val, fstr->bv_len + 1 );
561 snprintf( &fstr->bv_val[len - 1], vtmp.bv_len + 3,
562 /* "(attr=[init*][any*]" */ "%s)",
565 ber_memfree( vtmp.bv_val );
570 case LDAP_FILTER_PRESENT:
571 if ( map_attr_value( dc, f->f_desc, &atmp,
572 NULL, NULL, RWM_MAP ) )
577 fstr->bv_len = atmp.bv_len + STRLENOF( "(=*)" );
578 fstr->bv_val = malloc( fstr->bv_len + 1 );
580 snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s=*)",
584 case LDAP_FILTER_AND:
586 case LDAP_FILTER_NOT:
587 fstr->bv_len = STRLENOF( "(%)" );
588 fstr->bv_val = malloc( fstr->bv_len + 128 );
590 snprintf( fstr->bv_val, fstr->bv_len + 1, "(%c)",
591 f->f_choice == LDAP_FILTER_AND ? '&' :
592 f->f_choice == LDAP_FILTER_OR ? '|' : '!' );
594 for ( p = f->f_list; p != NULL; p = p->f_next ) {
597 if ( rwm_int_filter_map_rewrite( dc, p, &vtmp ) )
602 fstr->bv_len += vtmp.bv_len;
603 fstr->bv_val = ch_realloc( fstr->bv_val, fstr->bv_len + 1 );
605 snprintf( &fstr->bv_val[len-1], vtmp.bv_len + 2,
606 /*"("*/ "%s)", vtmp.bv_val );
608 ch_free( vtmp.bv_val );
613 case LDAP_FILTER_EXT: {
614 if ( f->f_mr_desc ) {
615 if ( map_attr_value( dc, f->f_mr_desc, &atmp,
616 &f->f_mr_value, &vtmp, RWM_MAP ) )
622 BER_BVSTR( &atmp, "" );
623 filter_escape_value( &f->f_mr_value, &vtmp );
627 fstr->bv_len = atmp.bv_len +
628 ( f->f_mr_dnattrs ? STRLENOF( ":dn" ) : 0 ) +
629 ( f->f_mr_rule_text.bv_len ? f->f_mr_rule_text.bv_len + 1 : 0 ) +
630 vtmp.bv_len + STRLENOF( "(:=)" );
631 fstr->bv_val = malloc( fstr->bv_len + 1 );
633 snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s%s%s%s:=%s)",
635 f->f_mr_dnattrs ? ":dn" : "",
636 !BER_BVISEMPTY( &f->f_mr_rule_text ) ? ":" : "",
637 !BER_BVISEMPTY( &f->f_mr_rule_text ) ? f->f_mr_rule_text.bv_val : "",
639 ber_memfree( vtmp.bv_val );
642 case SLAPD_FILTER_COMPUTED:
643 switch ( f->f_result ) {
644 case LDAP_COMPARE_FALSE:
648 case LDAP_COMPARE_TRUE:
652 case SLAPD_COMPARE_UNDEFINED:
653 tmp = ber_bvundefined;
661 ber_dupbv( fstr, &tmp );
665 ber_dupbv( fstr, &ber_bvunknown );
673 rwm_filter_map_rewrite(
676 struct berval *fstr )
682 rc = rwm_int_filter_map_rewrite( dc, f, fstr );
684 #ifdef ENABLE_REWRITE
685 if ( rc != LDAP_SUCCESS ) {
692 fdc.ctx = "searchFilter";
694 switch ( rewrite_session( fdc.rwmap->rwm_rw, fdc.ctx,
695 ( !BER_BVISEMPTY( &ftmp ) ? ftmp.bv_val : "" ),
696 fdc.conn, &fstr->bv_val )) {
697 case REWRITE_REGEXEC_OK:
698 if ( !BER_BVISNULL( fstr ) ) {
699 fstr->bv_len = strlen( fstr->bv_val );
707 LDAP_LOG( BACK_LDAP, DETAIL1,
708 "[rw] %s: \"%s\" -> \"%s\"\n",
709 dc->ctx, ftmp.bv_val, fstr->bv_val );
710 #else /* !NEW_LOGGING */
711 Debug( LDAP_DEBUG_ARGS,
712 "[rw] %s: \"%s\" -> \"%s\"\n",
713 dc->ctx, ftmp.bv_val, fstr->bv_val );
714 #endif /* !NEW_LOGGING */
718 case REWRITE_REGEXEC_UNWILLING:
720 fdc.rs->sr_err = LDAP_UNWILLING_TO_PERFORM;
721 fdc.rs->sr_text = "Operation not allowed";
723 rc = LDAP_UNWILLING_TO_PERFORM;
726 case REWRITE_REGEXEC_ERR:
728 fdc.rs->sr_err = LDAP_OTHER;
729 fdc.rs->sr_text = "Rewrite error";
735 #endif /* ENABLE_REWRITE */
740 * I don't like this much, but we need two different
741 * functions because different heap managers may be
742 * in use in back-ldap/meta to reduce the amount of
743 * calls to malloc routines, and some of the free()
744 * routines may be macros with args
752 BerVarray *pa_nvals )
754 slap_overinst *on = (slap_overinst *) op->o_bd->bd_info;
755 struct ldaprwmap *rwmap =
756 (struct ldaprwmap *)on->on_bi.bi_private;
761 struct berval dn, ndn, *pndn = NULL;
766 * Rewrite the bind dn if needed
769 #ifdef ENABLE_REWRITE
770 dc.conn = op->o_conn;
772 dc.ctx = (char *)cookie;
774 dc.tofrom = ((int *)cookie)[0];
778 for ( last = 0; !BER_BVISNULL( &a_vals[last] ); last++ );
779 if ( pa_nvals != NULL ) {
782 if ( *pa_nvals == NULL ) {
783 *pa_nvals = ch_malloc( last * sizeof(struct berval) );
784 memset( *pa_nvals, 0, last * sizeof(struct berval) );
789 for ( i = 0; !BER_BVISNULL( &a_vals[i] ); i++ ) {
792 rc = rwm_dn_massage( &dc, &a_vals[i], &dn, pndn );
794 case LDAP_UNWILLING_TO_PERFORM:
796 * FIXME: need to check if it may be considered
797 * legal to trim values when adding/modifying;
798 * it should be when searching (e.g. ACLs).
800 ch_free( a_vals[i].bv_val );
802 a_vals[i] = a_vals[last];
804 (*pa_nvals)[i] = (*pa_nvals)[last];
807 BER_BVZERO( &a_vals[last] );
809 BER_BVZERO( &(*pa_nvals)[last] );
815 if ( !BER_BVISNULL( &dn ) && dn.bv_val != a_vals[i].bv_val ) {
816 ch_free( a_vals[i].bv_val );
819 if ( !BER_BVISNULL( &(*pa_nvals)[i] ) ) {
820 ch_free( (*pa_nvals)[i].bv_val );
822 (*pa_nvals)[i] = *pndn;
828 /* leave attr untouched if massage failed */
829 if ( pa_nvals && BER_BVISNULL( &(*pa_nvals)[i] ) ) {
830 dnNormalize( 0, NULL, NULL, &a_vals[i], &(*pa_nvals)[i], NULL );
840 rwm_dnattr_result_rewrite(
847 for ( last = 0; !BER_BVISNULL( &a_vals[last] ); last++ );
850 for ( i = 0; !BER_BVISNULL( &a_vals[i] ); i++ ) {
854 rc = rwm_dn_massage( dc, &a_vals[i], &dn, NULL );
856 case LDAP_UNWILLING_TO_PERFORM:
858 * FIXME: need to check if it may be considered
859 * legal to trim values when adding/modifying;
860 * it should be when searching (e.g. ACLs).
862 LBER_FREE( &a_vals[i].bv_val );
864 a_vals[i] = a_vals[last];
866 BER_BVZERO( &a_vals[last] );
871 /* leave attr untouched if massage failed */
872 if ( !BER_BVISNULL( &dn ) && a_vals[i].bv_val != dn.bv_val ) {
873 LBER_FREE( a_vals[i].bv_val );
884 rwm_mapping_free( void *v_mapping )
886 struct ldapmapping *mapping = v_mapping;
888 if ( !BER_BVISNULL( &mapping[0].m_src ) ) {
889 ch_free( mapping[0].m_src.bv_val );
892 if ( mapping[0].m_flags & RWMMAP_F_FREE_SRC ) {
893 if ( mapping[0].m_flags & RWMMAP_F_IS_OC ) {
894 if ( mapping[0].m_src_oc ) {
895 ch_free( mapping[0].m_src_oc );
899 if ( mapping[0].m_src_ad ) {
900 ch_free( mapping[0].m_src_ad );
905 if ( !BER_BVISNULL( &mapping[0].m_dst ) ) {
906 ch_free( mapping[0].m_dst.bv_val );
909 if ( mapping[0].m_flags & RWMMAP_F_FREE_DST ) {
910 if ( mapping[0].m_flags & RWMMAP_F_IS_OC ) {
911 if ( mapping[0].m_dst_oc ) {
912 ch_free( mapping[0].m_dst_oc );
916 if ( mapping[0].m_dst_ad ) {
917 ch_free( mapping[0].m_dst_ad );
926 #endif /* SLAPD_OVER_RWM */