-/*
- * Copyright 1998-2001 The OpenLDAP Foundation, All Rights Reserved.
- * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
+/* $OpenLDAP$ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2001, Pierangelo Masarati, All rights reserved. <ando@sys-net.it>
+ * Copyright 1999-2005 The OpenLDAP Foundation.
+ * Portions Copyright 2001-2003 Pierangelo Masarati.
+ * Portions Copyright 1999-2003 Howard Chu.
+ * All rights reserved.
*
- * This work has been developed to fulfill the requirements
- * of SysNet s.n.c. <http:www.sys-net.it> and it has been donated
- * to the OpenLDAP Foundation in the hope that it may be useful
- * to the Open Source community, but WITHOUT ANY WARRANTY.
- *
- * Permission is granted to anyone to use this software for any purpose
- * on any computer system, and to alter it and redistribute it, subject
- * to the following restrictions:
- *
- * 1. The author and SysNet s.n.c. are not responsible for the consequences
- * of use of this software, no matter how awful, even if they arise from
- * flaws in it.
- *
- * 2. The origin of this software must not be misrepresented, either by
- * explicit claim or by omission. Since few users ever read sources,
- * credits should appear in the documentation.
- *
- * 3. Altered versions must be plainly marked as such, and must not be
- * misrepresented as being the original software. Since few users
- * ever read sources, credits should appear in the documentation.
- * SysNet s.n.c. cannot be responsible for the consequences of the
- * alterations.
- *
- * 4. This notice may not be removed or altered.
- *
- *
- * This software is based on the backend back-ldap, implemented
- * by Howard Chu <hyc@highlandsun.com>, and modified by Mark Valence
- * <kurash@sassafras.com>, Pierangelo Masarati <ando@sys-net.it> and other
- * contributors. The contribution of the original software to the present
- * implementation is acknowledged in this copyright statement.
- *
- * A special acknowledgement goes to Howard for the overall architecture
- * (and for borrowing large pieces of code), and to Mark, who implemented
- * from scratch the attribute/objectclass mapping.
- *
- * The original copyright statement follows.
- *
- * Copyright 1999, Howard Chu, All rights reserved. <hyc@highlandsun.com>
- *
- * Permission is granted to anyone to use this software for any purpose
- * on any computer system, and to alter it and redistribute it, subject
- * to the following restrictions:
- *
- * 1. The author is not responsible for the consequences of use of this
- * software, no matter how awful, even if they arise from flaws in it.
- *
- * 2. The origin of this software must not be misrepresented, either by
- * explicit claim or by omission. Since few users ever read sources,
- * credits should appear in the documentation.
- *
- * 3. Altered versions must be plainly marked as such, and must not be
- * misrepresented as being the original software. Since few users
- * ever read sources, credits should appear in the
- * documentation.
- *
- * 4. This notice may not be removed or altered.
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
*
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was initially developed by the Howard Chu for inclusion
+ * in OpenLDAP Software and subsequently enhanced by Pierangelo
+ * Masarati.
*/
#include "portable.h"
#include "slap.h"
#include "../back-ldap/back-ldap.h"
#include "back-meta.h"
-
+#include "lutil.h"
/* return 0 IFF op_dn is a value in group_at (member) attribute
* of entry with gr_dn AND that entry has an objectClass
Connection *conn,
Operation *op,
Entry *target,
- const char *gr_ndn,
- const char *op_ndn,
+ struct berval *gr_ndn,
+ struct berval *op_ndn,
ObjectClass *group_oc,
AttributeDescription *group_at
)
struct metainfo *li = ( struct metainfo * )be->be_private;
int rc = 1, candidate;
Attribute *attr;
- struct berval bv;
-
AttributeDescription *ad_objectClass = slap_schema.si_ad_objectClass;
LDAPMessage *result;
char *gattr[ 2 ];
- char *filter;
- LDAP *ld;
- char *mop_ndn, *mgr_ndn;
+ char *filter = NULL, *ptr;
+ LDAP *ld = NULL;
+ struct berval mop_ndn = BER_BVNULL, mgr_ndn = BER_BVNULL;
- char *group_oc_name = NULL;
- char *group_at_name = group_at->ad_cname->bv_val;
+ struct berval group_oc_name = BER_BVNULL;
+ struct berval group_at_name = group_at->ad_cname;
if ( group_oc->soc_names && group_oc->soc_names[ 0 ] ) {
- group_oc_name = group_oc->soc_names[ 0 ];
+ group_oc_name.bv_val = group_oc->soc_names[ 0 ];
} else {
- group_oc_name = group_oc->soc_oid;
+ group_oc_name.bv_val = group_oc->soc_oid;
}
- if ( target != NULL && strcmp( target->e_ndn, gr_ndn ) == 0 ) {
+ if ( group_oc_name.bv_val ) {
+ group_oc_name.bv_len = strlen( group_oc_name.bv_val );
+ }
+
+ if ( target != NULL && dn_match( &target->e_nname, gr_ndn ) ) {
/* we already have a copy of the entry */
/* attribute and objectclass mapping has already been done */
/*
* Now we can check for the group objectClass value
*/
- if ( !is_entry_objectclass( target, group_oc ) ) {
+ if ( !is_entry_objectclass( target, group_oc, 0 ) ) {
return 1;
}
*/
attr = attr_find( target->e_attrs, group_at );
if ( attr != NULL ) {
- bv.bv_val = ( char * )op_ndn;
- bv.bv_len = strlen( op_ndn );
- rc = value_find( group_at, attr->a_vals, &bv );
+ rc = value_find_ex( group_at,
+ SLAP_MR_ASSERTED_VALUE_NORMALIZED_MATCH,
+ attr->a_vals, op_ndn );
if ( rc != LDAP_SUCCESS ) {
return 1;
}
} /* else: do the search */
candidate = meta_back_select_unique_candidate( li, gr_ndn );
- if ( candidate == -1 ) {
- return 1;
+ if ( candidate == META_TARGET_NONE ) {
+ goto cleanup;
}
/*
* Rewrite the op ndn if needed
*/
switch ( rewrite_session( li->targets[ candidate ]->rwinfo, "bindDn",
- op_ndn, conn, &mop_ndn ) ) {
+ op_ndn->bv_val, conn, &mop_ndn.bv_val ) ) {
case REWRITE_REGEXEC_OK:
- if ( mop_ndn == NULL ) {
- mop_ndn = ( char * )op_ndn;
+ if ( mop_ndn.bv_val != NULL && mop_ndn.bv_val[ 0 ] != '\0' ) {
+ mop_ndn.bv_len = strlen( mop_ndn.bv_val );
+ } else {
+ mop_ndn = *op_ndn;
}
-#ifdef NEW_LOGGING
- LDAP_LOG(( "backend", LDAP_LEVEL_DETAIL1,
- "[rw] bindDn (op ndn in group):"
- \"%s\" -> \"%s\"\n",
- op_ndn, mop_ndn ));
-#else /* !NEW_LOGGING */
Debug( LDAP_DEBUG_ARGS,
"rw> bindDn (op ndn in group):"
" \"%s\" -> \"%s\"\n%s",
- op_ndn, mop_ndn, "" );
-#endif /* !NEW_LOGGING */
+ op_ndn->bv_val, mop_ndn.bv_val, "" );
break;
case REWRITE_REGEXEC_UNWILLING:
*/
switch ( rewrite_session( li->targets[ candidate ]->rwinfo,
"searchBase",
- gr_ndn, conn, &mgr_ndn ) ) {
+ gr_ndn->bv_val, conn, &mgr_ndn.bv_val ) ) {
case REWRITE_REGEXEC_OK:
- if ( mgr_ndn == NULL ) {
- mgr_ndn = ( char * )gr_ndn;
+ if ( mgr_ndn.bv_val != NULL && mgr_ndn.bv_val[ 0 ] != '\0' ) {
+ mgr_ndn.bv_len = strlen( mgr_ndn.bv_val );
+ } else {
+ mgr_ndn = *gr_ndn;
}
-#ifdef NEW_LOGGING
- LDAP_LOG(( "backend", LDAP_LEVEL_DETAIL1,
- "[rw] searchBase (gr ndn in group):"
- " \"%s\" -> \"%s\"\n",
- gr_ndn, mgr_ndn ));
-#else /* !NEW_LOGGING */
Debug( LDAP_DEBUG_ARGS,
"rw> searchBase (gr ndn in group):"
" \"%s\" -> \"%s\"\n%s",
- gr_ndn, mgr_ndn, "" );
-#endif /* !NEW_LOGGING */
+ gr_ndn->bv_val, mgr_ndn.bv_val, "" );
break;
case REWRITE_REGEXEC_UNWILLING:
/* continues to next case */
case REWRITE_REGEXEC_ERR:
- return 1;
+ goto cleanup;
}
- group_oc_name = ldap_back_map( &li->targets[ candidate ]->oc_map,
- group_oc_name, 0 );
- if ( group_oc_name == NULL ) {
- return 1;
+ ldap_back_map( &li->targets[ candidate ]->oc_map,
+ &group_oc_name, &group_oc_name, BACKLDAP_MAP );
+ if ( group_oc_name.bv_val == NULL || group_oc_name.bv_val[0] == '\0' ) {
+ goto cleanup;
}
- group_at_name = ldap_back_map( &li->targets[ candidate ]->at_map,
- group_at_name, 0 );
- if ( group_at_name == NULL ) {
- return 1;
+ ldap_back_map( &li->targets[ candidate ]->at_map,
+ &group_at_name, &group_at_name, BACKLDAP_MAP );
+ if ( group_at_name.bv_val == NULL || group_at_name.bv_val[0] == '\0' ) {
+ goto cleanup;
}
filter = ch_malloc( sizeof( "(&(objectclass=)(=))" )
- + strlen( group_oc_name )
- + strlen( group_at_name )
- + strlen( mop_ndn ) + 1 );
+ + group_oc_name.bv_len
+ + group_at_name.bv_len
+ + mop_ndn.bv_len + 1 );
if ( filter == NULL ) {
goto cleanup;
}
goto cleanup;
}
- rc = ldap_bind_s( ld, li->targets[ candidate ]->binddn,
- li->targets[ candidate ]->bindpw, LDAP_AUTH_SIMPLE );
+ rc = ldap_bind_s( ld, li->targets[ candidate ]->binddn.bv_val,
+ li->targets[ candidate ]->bindpw.bv_val,
+ LDAP_AUTH_SIMPLE );
if ( rc != LDAP_SUCCESS ) {
goto cleanup;
}
- strcpy( filter, "(&(objectclass=" );
- strcat( filter, group_oc_name );
- strcat( filter, ")(" );
- strcat( filter, group_at_name );
- strcat( filter, "=" );
- strcat( filter, mop_ndn );
- strcat( filter, "))" );
+ ptr = lutil_strcopy( filter, "(&(objectclass=" );
+ ptr = lutil_strcopy( ptr , group_oc_name.bv_val );
+ ptr = lutil_strcopy( ptr , ")(" );
+ ptr = lutil_strcopy( ptr , group_at_name.bv_val );
+ ptr = lutil_strcopy( ptr , "=" );
+ ptr = lutil_strcopy( ptr , mop_ndn.bv_val );
+ strcpy( ptr , "))" );
gattr[ 0 ] = "objectclass";
gattr[ 1 ] = NULL;
rc = 1;
- if ( ldap_search_ext_s( ld, mgr_ndn, LDAP_SCOPE_BASE, filter,
+ if ( ldap_search_ext_s( ld, mgr_ndn.bv_val, LDAP_SCOPE_BASE, filter,
gattr, 0, NULL, NULL, LDAP_NO_LIMIT,
LDAP_NO_LIMIT, &result ) == LDAP_SUCCESS ) {
if ( ldap_first_entry( ld, result ) != NULL ) {
ldap_msgfree( result );
}
-cleanup:
+cleanup:;
if ( ld != NULL ) {
ldap_unbind( ld );
}
if ( filter != NULL ) {
ch_free( filter );
}
- if ( mop_ndn != op_ndn ) {
- free( mop_ndn );
+ if ( mop_ndn.bv_val != op_ndn->bv_val ) {
+ free( mop_ndn.bv_val );
}
- if ( mgr_ndn != gr_ndn ) {
- free( mgr_ndn );
+ if ( mgr_ndn.bv_val != gr_ndn->bv_val ) {
+ free( mgr_ndn.bv_val );
}
return rc;
projects / openldap / blobdiff