]> git.sur5r.net Git - openldap/blobdiff - servers/slapd/overlays/rwm.c
Better fix for #3671
[openldap] / servers / slapd / overlays / rwm.c
index fff8d57ce25d611088961552fc2591f216b28ea8..b696e379427ac3b434ef4325fc62cb6fca642405 100644 (file)
@@ -96,6 +96,7 @@ rwm_op_add( Operation *op, SlapReply *rs )
                                i;
        Attribute               **ap = NULL;
        char                    *olddn = op->o_req_dn.bv_val;
+       int                     isupdate;
 
 #ifdef ENABLE_REWRITE
        rc = rwm_op_dn_massage( op, rs, "addDN" );
@@ -118,56 +119,99 @@ rwm_op_add( Operation *op, SlapReply *rs )
        }
 
        /* Count number of attributes in entry */ 
+       isupdate = be_shadow_update( op );
        for ( i = 0, ap = &op->oq_add.rs_e->e_attrs; *ap; ) {
-               struct berval   mapped;
                Attribute       *a;
 
-               if ( (*ap)->a_desc->ad_type->sat_no_user_mod ) {
+               if ( (*ap)->a_desc == slap_schema.si_ad_objectClass ||
+                               (*ap)->a_desc == slap_schema.si_ad_structuralObjectClass )
+               {
+                       int             j, last;
+
+                       for ( last = 0; !BER_BVISNULL( &(*ap)->a_vals[ last ] ); last++ )
+                                       /* count values */ ;
+                       last--;
+                       for ( j = 0; !BER_BVISNULL( &(*ap)->a_vals[ j ] ); j++ ) {
+                               struct ldapmapping      *mapping = NULL;
+
+                               ( void )rwm_mapping( &rwmap->rwm_oc, &(*ap)->a_vals[ j ],
+                                               &mapping, RWM_MAP );
+                               if ( mapping == NULL ) {
+                                       if ( rwmap->rwm_at.drop_missing ) {
+                                               /* FIXME: we allow to remove objectClasses as well;
+                                                * if the resulting entry is inconsistent, that's
+                                                * the relayed database's business...
+                                                */
+                                               ch_free( (*ap)->a_vals[ j ].bv_val );
+                                               if ( last > j ) {
+                                                       (*ap)->a_vals[ j ] = (*ap)->a_vals[ last ];
+                                               }
+                                               BER_BVZERO( &(*ap)->a_vals[ last ] );
+                                               last--;
+                                               j--;
+                                       }
+
+                               } else {
+                                       ch_free( (*ap)->a_vals[ j ].bv_val );
+                                       ber_dupbv( &(*ap)->a_vals[ j ], &mapping->m_dst );
+                               }
+                       }
+
+               } else if ( !isupdate && (*ap)->a_desc->ad_type->sat_no_user_mod ) {
                        goto next_attr;
-               }
 
-               rwm_map( &rwmap->rwm_at, &(*ap)->a_desc->ad_cname,
-                               &mapped, RWM_MAP );
-               if ( BER_BVISNULL( &mapped ) || BER_BVISEMPTY( &mapped ) ) {
-                       goto cleanup_attr;
-               }
+               } else {
+                       struct ldapmapping      *mapping = NULL;
 
-               if ( (*ap)->a_desc->ad_type->sat_syntax
-                               == slap_schema.si_syn_distinguishedName )
-               {
-                       /*
-                        * FIXME: rewrite could fail; in this case
-                        * the operation should give up, right?
-                        */
+                       ( void )rwm_mapping( &rwmap->rwm_at, &(*ap)->a_desc->ad_cname,
+                                       &mapping, RWM_MAP );
+                       if ( mapping == NULL ) {
+                               if ( rwmap->rwm_at.drop_missing ) {
+                                       goto cleanup_attr;
+                               }
+                       }
+
+                       if ( (*ap)->a_desc->ad_type->sat_syntax == slap_schema.si_syn_distinguishedName
+                                       || ( mapping != NULL && mapping->m_dst_ad->ad_type->sat_syntax == slap_schema.si_syn_distinguishedName ) )
+                       {
+                               /*
+                                * FIXME: rewrite could fail; in this case
+                                * the operation should give up, right?
+                                */
 #ifdef ENABLE_REWRITE
-                       rc = rwm_dnattr_rewrite( op, rs, "addAttrDN",
-                                       (*ap)->a_vals,
-                                       (*ap)->a_nvals ? &(*ap)->a_nvals : NULL );
+                               rc = rwm_dnattr_rewrite( op, rs, "addAttrDN",
+                                               (*ap)->a_vals,
+                                               (*ap)->a_nvals ? &(*ap)->a_nvals : NULL );
 #else /* ! ENABLE_REWRITE */
-                       rc = 1;
-                       rc = rwm_dnattr_rewrite( op, rs, &rc, (*ap)->a_vals,
-                                       (*ap)->a_nvals ? &(*ap)->a_nvals : NULL );
+                               rc = 1;
+                               rc = rwm_dnattr_rewrite( op, rs, &rc, (*ap)->a_vals,
+                                               (*ap)->a_nvals ? &(*ap)->a_nvals : NULL );
 #endif /* ! ENABLE_REWRITE */
-                       if ( rc ) {
-                               goto cleanup_attr;
-                       }
+                               if ( rc ) {
+                                       goto cleanup_attr;
+                               }
 
-               } else if ( (*ap)->a_desc == slap_schema.si_ad_ref ) {
+                       } else if ( (*ap)->a_desc == slap_schema.si_ad_ref ) {
 #ifdef ENABLE_REWRITE
-                       rc = rwm_referral_rewrite( op, rs, "referralAttrDN",
-                                       (*ap)->a_vals,
-                                       (*ap)->a_nvals ? &(*ap)->a_nvals : NULL );
+                               rc = rwm_referral_rewrite( op, rs, "referralAttrDN",
+                                               (*ap)->a_vals,
+                                               (*ap)->a_nvals ? &(*ap)->a_nvals : NULL );
 #else /* ! ENABLE_REWRITE */
-                       rc = 1;
-                       rc = rwm_referral_rewrite( op, rs, &rc, (*ap)->a_vals,
-                                       (*ap)->a_nvals ? &(*ap)->a_nvals : NULL );
+                               rc = 1;
+                               rc = rwm_referral_rewrite( op, rs, &rc, (*ap)->a_vals,
+                                               (*ap)->a_nvals ? &(*ap)->a_nvals : NULL );
 #endif /* ! ENABLE_REWRITE */
-                       if ( rc != LDAP_SUCCESS ) {
-                               goto cleanup_attr;
+                               if ( rc != LDAP_SUCCESS ) {
+                                       goto cleanup_attr;
+                               }
+                       }
+               
+                       if ( mapping != NULL ) {
+                               assert( mapping->m_dst_ad );
+                               (*ap)->a_desc = mapping->m_dst_ad;
                        }
                }
 
-
 next_attr:;
                ap = &(*ap)->a_next;
                continue;
@@ -279,10 +323,12 @@ rwm_op_compare( Operation *op, SlapReply *rs )
                        }
 
                } else {
+                       assert( mapping->m_dst_ad );
                        ad = mapping->m_dst_ad;
                }
 
-               if ( op->orc_ava->aa_desc->ad_type->sat_syntax == slap_schema.si_syn_distinguishedName )
+               if ( op->orc_ava->aa_desc->ad_type->sat_syntax == slap_schema.si_syn_distinguishedName
+                               || ( mapping != NULL && mapping->m_dst_ad->ad_type->sat_syntax == slap_schema.si_syn_distinguishedName ) )
                {
                        struct berval   *mapped_valsp[2];
                        
@@ -340,6 +386,7 @@ rwm_op_modify( Operation *op, SlapReply *rs )
        struct ldaprwmap        *rwmap = 
                        (struct ldaprwmap *)on->on_bi.bi_private;
 
+       int                     isupdate;
        Modifications           **mlp;
        int                     rc;
 
@@ -355,72 +402,69 @@ rwm_op_modify( Operation *op, SlapReply *rs )
                return -1;
        }
 
+       isupdate = be_shadow_update( op );
        for ( mlp = &op->oq_modify.rs_modlist; *mlp; ) {
-               int             is_oc = 0;
-               Modifications   *ml;
-
-               if ( (*mlp)->sml_desc->ad_type->sat_no_user_mod  ) {
-                       goto next_mod;
-               }
+               int                     is_oc = 0;
+               Modifications           *ml;
+               struct ldapmapping      *mapping = NULL;
 
                if ( (*mlp)->sml_desc == slap_schema.si_ad_objectClass 
-                               || (*mlp)->sml_desc == slap_schema.si_ad_structuralObjectClass ) {
+                               || (*mlp)->sml_desc == slap_schema.si_ad_structuralObjectClass )
+               {
                        is_oc = 1;
 
+               } else if ( !isupdate && (*mlp)->sml_desc->ad_type->sat_no_user_mod  ) {
+                       goto next_mod;
+
                } else {
-                       struct ldapmapping      *m;
                        int                     drop_missing;
 
-                       drop_missing = rwm_mapping( &rwmap->rwm_at, &(*mlp)->sml_desc->ad_cname, &m, RWM_MAP );
-                       if ( drop_missing || ( m != NULL && BER_BVISNULL( &m->m_dst ) ) )
+                       drop_missing = rwm_mapping( &rwmap->rwm_at,
+                                       &(*mlp)->sml_desc->ad_cname,
+                                       &mapping, RWM_MAP );
+                       if ( drop_missing || ( mapping != NULL && BER_BVISNULL( &mapping->m_dst ) ) )
                        {
                                goto cleanup_mod;
                        }
-
-                       if ( m ) {
-                               /* use new attribute description */
-                               assert( m->m_dst_ad );
-                               (*mlp)->sml_desc = m->m_dst_ad;
-                       }
                }
 
                if ( (*mlp)->sml_values != NULL ) {
                        if ( is_oc ) {
                                int     last, j;
 
-                               for ( last = 0; !BER_BVISNULL( &(*mlp)->sml_values[last] ); last++ )
+                               for ( last = 0; !BER_BVISNULL( &(*mlp)->sml_values[ last ] ); last++ )
                                        /* count values */ ;
                                last--;
 
-                               for ( j = 0; !BER_BVISNULL( &(*mlp)->sml_values[j] ); j++ ) {
-                                       struct berval   mapped = BER_BVNULL;
-
-                                       rwm_map( &rwmap->rwm_oc,
-                                                       &(*mlp)->sml_values[j],
-                                                       &mapped, RWM_MAP );
-                                       if ( BER_BVISNULL( &mapped ) || BER_BVISEMPTY( &mapped ) ) {
-                                               /* FIXME: we allow to remove objectClasses as well;
-                                                * if the resulting entry is inconsistent, that's
-                                                * the relayed database's business...
-                                                */
-#if 0
-                                               goto cleanup_mod;
-#endif
-                                               if ( last > j ) {
-                                                       (*mlp)->sml_values[j] = (*mlp)->sml_values[last];
-                                                       BER_BVZERO( &(*mlp)->sml_values[last] );
+                               for ( j = 0; !BER_BVISNULL( &(*mlp)->sml_values[ j ] ); j++ ) {
+                                       struct ldapmapping      *oc_mapping = NULL;
+               
+                                       ( void )rwm_mapping( &rwmap->rwm_oc, &(*mlp)->sml_values[ j ],
+                                                       &oc_mapping, RWM_MAP );
+                                       if ( oc_mapping == NULL ) {
+                                               if ( rwmap->rwm_at.drop_missing ) {
+                                                       /* FIXME: we allow to remove objectClasses as well;
+                                                        * if the resulting entry is inconsistent, that's
+                                                        * the relayed database's business...
+                                                        */
+                                                       ch_free( (*mlp)->sml_values[ j ].bv_val );
+                                                       if ( last > j ) {
+                                                               (*mlp)->sml_values[ j ] = (*mlp)->sml_values[ last ];
+                                                       }
+                                                       BER_BVZERO( &(*mlp)->sml_values[ last ] );
+                                                       last--;
+                                                       j--;
                                                }
-                                               last--;
-
+       
                                        } else {
-                                               ch_free( (*mlp)->sml_values[j].bv_val );
-                                               ber_dupbv( &(*mlp)->sml_values[j], &mapped );
+                                               ch_free( (*mlp)->sml_values[ j ].bv_val );
+                                               ber_dupbv( &(*mlp)->sml_values[ j ], &oc_mapping->m_dst );
                                        }
                                }
 
                        } else {
-                               if ( (*mlp)->sml_desc->ad_type->sat_syntax ==
-                                               slap_schema.si_syn_distinguishedName )
+                               if ( (*mlp)->sml_desc->ad_type->sat_syntax == slap_schema.si_syn_distinguishedName
+                                               || ( mapping != NULL && mapping->m_dst_ad->ad_type->sat_syntax == slap_schema.si_syn_distinguishedName ) )
                                {
 #ifdef ENABLE_REWRITE
                                        rc = rwm_dnattr_rewrite( op, rs, "modifyAttrDN",
@@ -457,6 +501,12 @@ rwm_op_modify( Operation *op, SlapReply *rs )
                }
 
 next_mod:;
+               if ( mapping != NULL ) {
+                       /* use new attribute description */
+                       assert( mapping->m_dst_ad );
+                       (*mlp)->sml_desc = mapping->m_dst_ad;
+               }
+
                mlp = &(*mlp)->sml_next;
                continue;
 
@@ -467,7 +517,6 @@ cleanup_mod:;
                free( ml );
        }
 
-       /* TODO: rewrite attribute types, values of DN-valued attributes ... */
        return SLAP_CB_CONTINUE;
 }
 
@@ -736,7 +785,7 @@ rwm_matched( Operation *op, SlapReply *rs )
 }
 
 static int
-rwm_attrs( Operation *op, SlapReply *rs, Attribute** a_first )
+rwm_attrs( Operation *op, SlapReply *rs, Attribute** a_first, int stripEntryDN )
 {
        slap_overinst           *on = (slap_overinst *) op->o_bd->bd_info;
        struct ldaprwmap        *rwmap = 
@@ -745,6 +794,7 @@ rwm_attrs( Operation *op, SlapReply *rs, Attribute** a_first )
        dncookie                dc;
        int                     rc;
        Attribute               **ap;
+       int                     isupdate;
 
        /*
         * Rewrite the dn attrs, if needed
@@ -770,8 +820,9 @@ rwm_attrs( Operation *op, SlapReply *rs, Attribute** a_first )
         * an error (because multiple instances of attrs in 
         * response are not valid), or merge the values (what
         * about duplicate values?) */
+       isupdate = be_shadow_update( op );
        for ( ap = a_first; *ap; ) {
-               struct ldapmapping      *m;
+               struct ldapmapping      *mapping = NULL;
                int                     drop_missing;
                int                     last;
                Attribute               *a;
@@ -780,25 +831,39 @@ rwm_attrs( Operation *op, SlapReply *rs, Attribute** a_first )
                {
                        /* go on */ ;
                        
-               } else if ( op->ors_attrs != NULL && 
-                               !SLAP_USERATTRS( rs->sr_attr_flags ) && 
-                               !ad_inlist( (*ap)->a_desc, op->ors_attrs ) )
-               {
-                       goto cleanup_attr;
+               } else {
+                       if ( op->ors_attrs != NULL && 
+                                       !SLAP_USERATTRS( rs->sr_attr_flags ) &&
+                                       !ad_inlist( (*ap)->a_desc, op->ors_attrs ) )
+                       {
+                               goto cleanup_attr;
+                       }
+
+                       drop_missing = rwm_mapping( &rwmap->rwm_at,
+                                       &(*ap)->a_desc->ad_cname, &mapping, RWM_REMAP );
+                       if ( drop_missing || ( mapping != NULL && BER_BVISEMPTY( &mapping->m_dst ) ) )
+                       {
+                               goto cleanup_attr;
+                       }
+
+                       if ( mapping != NULL ) {
+                               (*ap)->a_desc = mapping->m_dst_ad;
+                       }
                }
 
-               if ( (*ap)->a_desc->ad_type->sat_no_user_mod 
+               if ( (*ap)->a_desc == slap_schema.si_ad_entryDN ) {
+                       if ( stripEntryDN ) {
+                               /* will be generated by frontend */
+                               goto cleanup_attr;
+                       }
+                       
+               } else if ( !isupdate
+                       && (*ap)->a_desc->ad_type->sat_no_user_mod 
                        && (*ap)->a_desc->ad_type != slap_schema.si_at_undefined )
                {
                        goto next_attr;
                }
 
-               drop_missing = rwm_mapping( &rwmap->rwm_at,
-                               &(*ap)->a_desc->ad_cname, &m, RWM_REMAP );
-               if ( drop_missing || ( m != NULL && BER_BVISEMPTY( &m->m_dst ) ) ) {
-                       goto cleanup_attr;
-               }
-
                for ( last = 0; !BER_BVISNULL( &(*ap)->a_vals[last] ); last++ )
                        /* just count */ ;
 
@@ -850,8 +915,8 @@ rwm_attrs( Operation *op, SlapReply *rs, Attribute** a_first )
                 * everything pass thru the ldap backend. */
                /* FIXME: handle distinguishedName-like syntaxes, like
                 * nameAndOptionalUID */
-               } else if ( (*ap)->a_desc->ad_type->sat_syntax ==
-                               slap_schema.si_syn_distinguishedName )
+               } else if ( (*ap)->a_desc->ad_type->sat_syntax == slap_schema.si_syn_distinguishedName
+                               || ( mapping != NULL && mapping->m_src_ad->ad_type->sat_syntax == slap_schema.si_syn_distinguishedName ) )
                {
 #ifdef ENABLE_REWRITE
                        dc.ctx = "searchAttrDN";
@@ -871,10 +936,10 @@ rwm_attrs( Operation *op, SlapReply *rs, Attribute** a_first )
                        }
                }
 
-               if ( m != NULL ) {
+               if ( mapping != NULL ) {
                        /* rewrite the attribute description */
-                       assert( m->m_dst_ad );
-                       (*ap)->a_desc = m->m_dst_ad;
+                       assert( mapping->m_dst_ad );
+                       (*ap)->a_desc = mapping->m_dst_ad;
                }
 
 next_attr:;
@@ -966,7 +1031,13 @@ rwm_send_entry( Operation *op, SlapReply *rs )
        /* FIXME: the entries are in the remote mapping form;
         * so we need to select those attributes we are willing
         * to return, and remap them accordingly */
-       (void)rwm_attrs( op, rs, &e->e_attrs );
+       (void)rwm_attrs( op, rs, &e->e_attrs, 1 );
+
+#if 0
+       if ( rs->sr_operational_attrs ) {
+               (void)rwm_attrs( op, rs, &rs->sr_operational_attrs, 0 );
+       }
+#endif
 
        rs->sr_entry = e;
        rs->sr_flags = flags;
@@ -996,7 +1067,7 @@ rwm_operational( Operation *op, SlapReply *rs )
         * so we need to select those attributes we are willing
         * to return, and remap them accordingly */
        if ( rs->sr_operational_attrs ) {
-               rwm_attrs( op, rs, &rs->sr_operational_attrs );
+               rwm_attrs( op, rs, &rs->sr_operational_attrs, 1 );
        }
 
        return SLAP_CB_CONTINUE;
@@ -1182,7 +1253,9 @@ rwm_response( Operation *op, SlapReply *rs )
        switch( op->o_tag ) {
        case LDAP_REQ_SEARCH:
                /* Note: the operation attrs are remapped */
-               if ( op->ors_attrs != NULL && op->ors_attrs != rs->sr_attrs )
+               if ( rs->sr_type == REP_RESULT
+                               && op->ors_attrs != NULL
+                               && op->ors_attrs != rs->sr_attrs )
                {
                        ch_free( op->ors_attrs );
                        op->ors_attrs = rs->sr_attrs;