/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1999-2005 The OpenLDAP Foundation.
+ * Copyright 1999-2009 The OpenLDAP Foundation.
* Portions Copyright 1999-2003 Howard Chu.
* Portions Copyright 2000-2003 Pierangelo Masarati.
* All rights reserved.
return LDAP_NO_MEMORY;
}
- /* FIXME: I don't think this is needed any more... */
+ /* NOTE: this is needed to make sure that
+ * rwm-map attribute *
+ * does not filter out all attributes including objectClass */
rc = slap_str2ad( "objectClass", &mapping[0].m_src_ad, &text );
if ( rc != LDAP_SUCCESS ) {
+ ch_free( mapping );
return rc;
}
Avlnode *tree;
struct ldapmapping fmapping;
+ if ( map == NULL ) {
+ return 0;
+ }
+
assert( m != NULL );
+ /* let special attrnames slip through (ITS#5760) */
+ if ( bvmatch( s, slap_bv_no_attrs )
+ || bvmatch( s, slap_bv_all_user_attrs )
+ || bvmatch( s, slap_bv_all_operational_attrs ) )
+ {
+ *m = NULL;
+ return 0;
+ }
+
if ( remap == RWM_REMAP ) {
tree = map->remap;
{
struct ldapmapping *mapping;
+ /* map->map may be NULL when mapping is configured,
+ * but map->remap can't */
+ if ( map->remap == NULL ) {
+ *bv = *s;
+ return;
+ }
+
BER_BVZERO( bv );
( void )rwm_mapping( map, s, &mapping, remap );
if ( mapping != NULL ) {
*/
int
rwm_map_attrnames(
- struct ldapmap *at_map,
- struct ldapmap *oc_map,
- AttributeName *an,
- AttributeName **anp,
- int remap
-)
+ struct ldapmap *at_map,
+ struct ldapmap *oc_map,
+ AttributeName *an,
+ AttributeName **anp,
+ int remap )
{
int i, j;
at_drop_missing = rwm_mapping( at_map, &an[i].an_name, &m, remap );
if ( at_drop_missing || !m ) {
-
oc_drop_missing = rwm_mapping( oc_map, &an[i].an_name, &m, remap );
/* if both at_map and oc_map required to drop missing,
if ( j == 0 && i != 0 ) {
memset( &(*anp)[0], 0, sizeof( AttributeName ) );
- BER_BVSTR( &(*anp)[0].an_name, LDAP_NO_ATTRS );
+ (*anp)[0].an_name = *slap_bv_no_attrs;
+ j = 1;
}
memset( &(*anp)[j], 0, sizeof( AttributeName ) );
int
rwm_map_attrs(
- struct ldapmap *at_map,
- AttributeName *an,
- int remap,
- char ***mapped_attrs
-)
+ struct ldapmap *at_map,
+ AttributeName *an,
+ int remap,
+ char ***mapped_attrs )
{
int i, j;
char **na;
return LDAP_SUCCESS;
}
- for ( i = 0; !BER_BVISNULL( &an[ i ].an_name ); i++ ) {
- /* */
- }
+ for ( i = 0; !BER_BVISNULL( &an[ i ].an_name ); i++ )
+ /* count'em */ ;
na = (char **)ch_calloc( i + 1, sizeof( char * ) );
if ( na == NULL ) {
static int
map_attr_value(
- dncookie *dc,
- AttributeDescription **adp,
- struct berval *mapped_attr,
- struct berval *value,
- struct berval *mapped_value,
- int remap )
+ dncookie *dc,
+ AttributeDescription **adp,
+ struct berval *mapped_attr,
+ struct berval *value,
+ struct berval *mapped_value,
+ int remap )
{
struct berval vtmp = BER_BVNULL;
int freeval = 0;
dncookie fdc = *dc;
int rc;
-#ifdef ENABLE_REWRITE
fdc.ctx = "searchFilterAttrDN";
-#endif /* ENABLE_REWRITE */
vtmp = *value;
rc = rwm_dn_massage_normalize( &fdc, value, &vtmp );
return -1;
}
+ } else if ( ad->ad_type->sat_equality->smr_usage & SLAP_MR_MUTATION_NORMALIZER ) {
+ if ( ad->ad_type->sat_equality->smr_normalize(
+ (SLAP_MR_DENORMALIZE|SLAP_MR_VALUE_OF_ASSERTION_SYNTAX),
+ NULL, NULL, value, &vtmp, NULL ) )
+ {
+ return -1;
+ }
+ freeval = 1;
+
} else if ( ad == slap_schema.si_ad_objectClass
|| ad == slap_schema.si_ad_structuralObjectClass )
{
static int
rwm_int_filter_map_rewrite(
- dncookie *dc,
- Filter *f,
- struct berval *fstr )
+ Operation *op,
+ dncookie *dc,
+ Filter *f,
+ struct berval *fstr )
{
int i;
Filter *p;
+ AttributeDescription *ad;
struct berval atmp,
vtmp,
- tmp;
+ *tmp;
static struct berval
/* better than nothing... */
ber_bvfalse = BER_BVC( "(!(objectClass=*))" ),
ber_bvnone = BER_BVC( "(?=none)" );
ber_len_t len;
+ assert( fstr != NULL );
+ BER_BVZERO( fstr );
+
if ( f == NULL ) {
ber_dupbv( fstr, &ber_bvnone );
- return -1;
+ return LDAP_OTHER;
+ }
+
+ if ( f->f_choice & SLAPD_FILTER_UNDEFINED ) {
+ goto computed;
}
- switch ( f->f_choice ) {
+ switch ( f->f_choice & SLAPD_FILTER_MASK ) {
case LDAP_FILTER_EQUALITY:
- if ( map_attr_value( dc, &f->f_av_desc, &atmp,
+ ad = f->f_av_desc;
+ if ( map_attr_value( dc, &ad, &atmp,
&f->f_av_value, &vtmp, RWM_MAP ) )
{
- return -1;
+ goto computed;
}
fstr->bv_len = atmp.bv_len + vtmp.bv_len + STRLENOF( "(=)" );
fstr->bv_val = ch_malloc( fstr->bv_len + 1 );
snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s=%s)",
- atmp.bv_val, vtmp.bv_val );
+ atmp.bv_val, vtmp.bv_len ? vtmp.bv_val : "" );
ch_free( vtmp.bv_val );
break;
case LDAP_FILTER_GE:
- if ( map_attr_value( dc, &f->f_av_desc, &atmp,
+ ad = f->f_av_desc;
+ if ( map_attr_value( dc, &ad, &atmp,
&f->f_av_value, &vtmp, RWM_MAP ) )
{
- return -1;
+ goto computed;
}
fstr->bv_len = atmp.bv_len + vtmp.bv_len + STRLENOF( "(>=)" );
fstr->bv_val = ch_malloc( fstr->bv_len + 1 );
snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s>=%s)",
- atmp.bv_val, vtmp.bv_val );
+ atmp.bv_val, vtmp.bv_len ? vtmp.bv_val : "" );
ch_free( vtmp.bv_val );
break;
case LDAP_FILTER_LE:
- if ( map_attr_value( dc, &f->f_av_desc, &atmp,
+ ad = f->f_av_desc;
+ if ( map_attr_value( dc, &ad, &atmp,
&f->f_av_value, &vtmp, RWM_MAP ) )
{
- return -1;
+ goto computed;
}
fstr->bv_len = atmp.bv_len + vtmp.bv_len + STRLENOF( "(<=)" );
fstr->bv_val = ch_malloc( fstr->bv_len + 1 );
snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s<=%s)",
- atmp.bv_val, vtmp.bv_val );
+ atmp.bv_val, vtmp.bv_len ? vtmp.bv_val : "" );
ch_free( vtmp.bv_val );
break;
case LDAP_FILTER_APPROX:
- if ( map_attr_value( dc, &f->f_av_desc, &atmp,
+ ad = f->f_av_desc;
+ if ( map_attr_value( dc, &ad, &atmp,
&f->f_av_value, &vtmp, RWM_MAP ) )
{
- return -1;
+ goto computed;
}
fstr->bv_len = atmp.bv_len + vtmp.bv_len + STRLENOF( "(~=)" );
fstr->bv_val = ch_malloc( fstr->bv_len + 1 );
snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s~=%s)",
- atmp.bv_val, vtmp.bv_val );
+ atmp.bv_val, vtmp.bv_len ? vtmp.bv_val : "" );
ch_free( vtmp.bv_val );
break;
case LDAP_FILTER_SUBSTRINGS:
- if ( map_attr_value( dc, &f->f_sub_desc, &atmp,
+ ad = f->f_sub_desc;
+ if ( map_attr_value( dc, &ad, &atmp,
NULL, NULL, RWM_MAP ) )
{
- return -1;
+ goto computed;
}
/* cannot be a DN ... */
snprintf( &fstr->bv_val[len - 2], vtmp.bv_len + 3,
/* "(attr=" */ "%s*)",
- vtmp.bv_val );
+ vtmp.bv_len ? vtmp.bv_val : "" );
ch_free( vtmp.bv_val );
}
snprintf( &fstr->bv_val[len - 1], vtmp.bv_len + 3,
/* "(attr=[init]*[any*]" */ "%s*)",
- vtmp.bv_val );
+ vtmp.bv_len ? vtmp.bv_val : "" );
ch_free( vtmp.bv_val );
}
}
snprintf( &fstr->bv_val[len - 1], vtmp.bv_len + 3,
/* "(attr=[init*][any*]" */ "%s)",
- vtmp.bv_val );
+ vtmp.bv_len ? vtmp.bv_val : "" );
ch_free( vtmp.bv_val );
}
break;
case LDAP_FILTER_PRESENT:
- if ( map_attr_value( dc, &f->f_desc, &atmp,
+ ad = f->f_desc;
+ if ( map_attr_value( dc, &ad, &atmp,
NULL, NULL, RWM_MAP ) )
{
- return -1;
+ goto computed;
}
fstr->bv_len = atmp.bv_len + STRLENOF( "(=*)" );
f->f_choice == LDAP_FILTER_OR ? '|' : '!' );
for ( p = f->f_list; p != NULL; p = p->f_next ) {
+ int rc;
+
len = fstr->bv_len;
- if ( rwm_int_filter_map_rewrite( dc, p, &vtmp ) )
- {
- return -1;
+ rc = rwm_int_filter_map_rewrite( op, dc, p, &vtmp );
+ if ( rc != LDAP_SUCCESS ) {
+ return rc;
}
fstr->bv_len += vtmp.bv_len;
fstr->bv_val = ch_realloc( fstr->bv_val, fstr->bv_len + 1 );
snprintf( &fstr->bv_val[len-1], vtmp.bv_len + 2,
- /*"("*/ "%s)", vtmp.bv_val );
+ /*"("*/ "%s)", vtmp.bv_len ? vtmp.bv_val : "" );
ch_free( vtmp.bv_val );
}
case LDAP_FILTER_EXT: {
if ( f->f_mr_desc ) {
- if ( map_attr_value( dc, &f->f_mr_desc, &atmp,
+ ad = f->f_mr_desc;
+ if ( map_attr_value( dc, &ad, &atmp,
&f->f_mr_value, &vtmp, RWM_MAP ) )
{
- return -1;
+ goto computed;
}
} else {
f->f_mr_dnattrs ? ":dn" : "",
!BER_BVISEMPTY( &f->f_mr_rule_text ) ? ":" : "",
!BER_BVISEMPTY( &f->f_mr_rule_text ) ? f->f_mr_rule_text.bv_val : "",
- vtmp.bv_val );
+ vtmp.bv_len ? vtmp.bv_val : "" );
ch_free( vtmp.bv_val );
break;
}
+ case -1:
+computed:;
+ filter_free_x( op, f, 0 );
+ f->f_choice = SLAPD_FILTER_COMPUTED;
+ f->f_result = SLAPD_COMPARE_UNDEFINED;
+ /* fallthru */
+
case SLAPD_FILTER_COMPUTED:
switch ( f->f_result ) {
case LDAP_COMPARE_FALSE:
+ /* FIXME: treat UNDEFINED as FALSE */
+ case SLAPD_COMPARE_UNDEFINED:
if ( dc->rwmap->rwm_flags & RWM_F_SUPPORT_T_F ) {
- tmp = ber_bvtf_false;
+ tmp = &ber_bvtf_false;
break;
}
- /* fallthru */
-
- case SLAPD_COMPARE_UNDEFINED:
- tmp = ber_bvfalse;
+ tmp = &ber_bvfalse;
break;
case LDAP_COMPARE_TRUE:
if ( dc->rwmap->rwm_flags & RWM_F_SUPPORT_T_F ) {
- tmp = ber_bvtf_true;
- } else {
- tmp = ber_bvtrue;
+ tmp = &ber_bvtf_true;
+ break;
}
+ tmp = &ber_bvtrue;
break;
default:
- tmp = ber_bverror;
+ tmp = &ber_bverror;
break;
}
- ber_dupbv( fstr, &tmp );
+ ber_dupbv( fstr, tmp );
break;
default:
break;
}
- return 0;
+ return LDAP_SUCCESS;
}
int
rwm_filter_map_rewrite(
- dncookie *dc,
- Filter *f,
- struct berval *fstr )
+ Operation *op,
+ dncookie *dc,
+ Filter *f,
+ struct berval *fstr )
{
int rc;
dncookie fdc;
struct berval ftmp;
- rc = rwm_int_filter_map_rewrite( dc, f, fstr );
+ rc = rwm_int_filter_map_rewrite( op, dc, f, fstr );
-#ifdef ENABLE_REWRITE
if ( rc != 0 ) {
- return LDAP_OTHER;
+ return rc;
}
fdc = *dc;
case REWRITE_REGEXEC_OK:
if ( !BER_BVISNULL( fstr ) ) {
fstr->bv_len = strlen( fstr->bv_val );
- ch_free( ftmp.bv_val );
+ if ( fstr->bv_val != ftmp.bv_val ) {
+ ch_free( ftmp.bv_val );
+ }
} else {
*fstr = ftmp;
break;
}
-#endif /* ENABLE_REWRITE */
return rc;
}
* Rewrite the dn if needed
*/
dc.rwmap = rwmap;
-#ifdef ENABLE_REWRITE
dc.conn = op->o_conn;
dc.rs = rs;
dc.ctx = (char *)cookie;
-#else /* ! ENABLE_REWRITE */
- dc.tofrom = ((int *)cookie)[0];
- dc.normalized = 0;
-#endif /* ! ENABLE_REWRITE */
for ( last = 0; !BER_BVISNULL( &a_vals[last] ); last++ )
;
* Rewrite the dn if needed
*/
dc.rwmap = rwmap;
-#ifdef ENABLE_REWRITE
dc.conn = op->o_conn;
dc.rs = rs;
dc.ctx = (char *)cookie;
-#else /* ! ENABLE_REWRITE */
- dc.tofrom = ((int *)cookie)[0];
- dc.normalized = 0;
-#endif /* ! ENABLE_REWRITE */
for ( last = 0; !BER_BVISNULL( &in[last] ); last++ );
last--;
int
rwm_referral_result_rewrite(
dncookie *dc,
- BerVarray a_vals
-)
+ BerVarray a_vals )
{
int i, last;
int
rwm_dnattr_result_rewrite(
dncookie *dc,
- BerVarray a_vals
-)
+ BerVarray a_vals,
+ BerVarray a_nvals )
{
int i, last;
last--;
for ( i = 0; !BER_BVISNULL( &a_vals[i] ); i++ ) {
- struct berval dn;
+ struct berval pdn, ndn = BER_BVNULL;
int rc;
- dn = a_vals[i];
- rc = rwm_dn_massage_pretty( dc, &a_vals[i], &dn );
+ pdn = a_vals[i];
+ rc = rwm_dn_massage_pretty_normalize( dc, &a_vals[i], &pdn, &ndn );
switch ( rc ) {
case LDAP_UNWILLING_TO_PERFORM:
/*
* legal to trim values when adding/modifying;
* it should be when searching (e.g. ACLs).
*/
+ assert( a_vals[i].bv_val != a_nvals[i].bv_val );
ch_free( a_vals[i].bv_val );
+ ch_free( a_nvals[i].bv_val );
if ( last > i ) {
a_vals[i] = a_vals[last];
+ a_nvals[i] = a_nvals[last];
}
BER_BVZERO( &a_vals[last] );
+ BER_BVZERO( &a_nvals[last] );
last--;
break;
default:
/* leave attr untouched if massage failed */
- if ( !BER_BVISNULL( &dn ) && a_vals[i].bv_val != dn.bv_val ) {
+ if ( !BER_BVISNULL( &pdn ) && a_vals[i].bv_val != pdn.bv_val ) {
ch_free( a_vals[i].bv_val );
- a_vals[i] = dn;
+ a_vals[i] = pdn;
+ }
+ if ( !BER_BVISNULL( &ndn ) && a_nvals[i].bv_val != ndn.bv_val ) {
+ ch_free( a_nvals[i].bv_val );
+ a_nvals[i] = ndn;
}
break;
}
return 0;
}
+void
+rwm_mapping_dst_free( void *v_mapping )
+{
+ struct ldapmapping *mapping = v_mapping;
+
+ if ( BER_BVISEMPTY( &mapping[0].m_dst ) ) {
+ rwm_mapping_free( &mapping[ -1 ] );
+ }
+}
+
void
rwm_mapping_free( void *v_mapping )
{