/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1999-2006 The OpenLDAP Foundation.
+ * Copyright 1999-2012 The OpenLDAP Foundation.
* Portions Copyright 1999-2003 Howard Chu.
* Portions Copyright 2000-2003 Pierangelo Masarati.
* All rights reserved.
return LDAP_NO_MEMORY;
}
- /* FIXME: I don't think this is needed any more... */
+ /* NOTE: this is needed to make sure that
+ * rwm-map attribute *
+ * does not filter out all attributes including objectClass */
rc = slap_str2ad( "objectClass", &mapping[0].m_src_ad, &text );
if ( rc != LDAP_SUCCESS ) {
ch_free( mapping );
assert( m != NULL );
+ /* let special attrnames slip through (ITS#5760) */
+ if ( bvmatch( s, slap_bv_no_attrs )
+ || bvmatch( s, slap_bv_all_user_attrs )
+ || bvmatch( s, slap_bv_all_operational_attrs ) )
+ {
+ *m = NULL;
+ return 0;
+ }
+
if ( remap == RWM_REMAP ) {
tree = map->remap;
{
struct ldapmapping *mapping;
+ /* map->map may be NULL when mapping is configured,
+ * but map->remap can't */
+ if ( map->remap == NULL ) {
+ *bv = *s;
+ return;
+ }
+
BER_BVZERO( bv );
( void )rwm_mapping( map, s, &mapping, remap );
if ( mapping != NULL ) {
*/
int
rwm_map_attrnames(
+ Operation *op,
struct ldapmap *at_map,
struct ldapmap *oc_map,
AttributeName *an,
AttributeName **anp,
int remap )
{
- int i, j;
+ int i, j, x;
assert( anp != NULL );
*anp = NULL;
- if ( an == NULL ) {
+ if ( an == NULL && op->o_bd->be_extra_anlist == NULL ) {
return LDAP_SUCCESS;
}
- for ( i = 0; !BER_BVISNULL( &an[i].an_name ); i++ )
- /* just count */ ;
- *anp = ch_malloc( ( i + 1 )* sizeof( AttributeName ) );
+ i = 0;
+ if ( an != NULL ) {
+ for ( i = 0; !BER_BVISNULL( &an[i].an_name ); i++ )
+ /* just count */ ;
+ }
+
+ x = 0;
+ if ( op->o_bd->be_extra_anlist ) {
+ for ( ; !BER_BVISNULL( &op->o_bd->be_extra_anlist[x].an_name ); x++ )
+ /* just count */ ;
+ }
+
+ assert( i > 0 || x > 0 );
+ *anp = op->o_tmpcalloc( ( i + x + 1 ), sizeof( AttributeName ),
+ op->o_tmpmemctx );
if ( *anp == NULL ) {
return LDAP_NO_MEMORY;
}
}
}
- if ( j == 0 && i != 0 ) {
+ if ( op->o_bd->be_extra_anlist != NULL ) {
+ /* we assume be_extra_anlist are already mapped */
+ for ( x = 0; !BER_BVISNULL( &op->o_bd->be_extra_anlist[x].an_name ); x++ ) {
+ BER_BVZERO( &(*anp)[j].an_name );
+ if ( op->o_bd->be_extra_anlist[x].an_desc &&
+ ad_inlist( op->o_bd->be_extra_anlist[x].an_desc, *anp ) )
+ {
+ continue;
+ }
+
+ (*anp)[j] = op->o_bd->be_extra_anlist[x];
+ j++;
+ }
+ }
+
+ if ( j == 0 && ( i != 0 || x != 0 ) ) {
memset( &(*anp)[0], 0, sizeof( AttributeName ) );
- BER_BVSTR( &(*anp)[0].an_name, LDAP_NO_ATTRS );
+ (*anp)[0].an_name = *slap_bv_no_attrs;
j = 1;
}
memset( &(*anp)[j], 0, sizeof( AttributeName ) );
return LDAP_SUCCESS;
}
+#if 0 /* unused! */
int
rwm_map_attrs(
struct ldapmap *at_map,
return LDAP_SUCCESS;
}
+#endif
static int
map_attr_value(
struct berval *mapped_attr,
struct berval *value,
struct berval *mapped_value,
- int remap )
+ int remap,
+ void *memctx )
{
struct berval vtmp = BER_BVNULL;
int freeval = 0;
dncookie fdc = *dc;
int rc;
-#ifdef ENABLE_REWRITE
fdc.ctx = "searchFilterAttrDN";
-#endif /* ENABLE_REWRITE */
vtmp = *value;
rc = rwm_dn_massage_normalize( &fdc, value, &vtmp );
return -1;
}
+ } else if ( ad->ad_type->sat_equality &&
+ ( ad->ad_type->sat_equality->smr_usage & SLAP_MR_MUTATION_NORMALIZER ) )
+ {
+ if ( ad->ad_type->sat_equality->smr_normalize(
+ (SLAP_MR_DENORMALIZE|SLAP_MR_VALUE_OF_ASSERTION_SYNTAX),
+ NULL, NULL, value, &vtmp, memctx ) )
+ {
+ return -1;
+ }
+ freeval = 2;
+
} else if ( ad == slap_schema.si_ad_objectClass
|| ad == slap_schema.si_ad_structuralObjectClass )
{
vtmp = *value;
}
- filter_escape_value( &vtmp, mapped_value );
+ filter_escape_value_x( &vtmp, mapped_value, memctx );
- if ( freeval ) {
+ switch ( freeval ) {
+ case 1:
ch_free( vtmp.bv_val );
+ break;
+
+ case 2:
+ ber_memfree_x( vtmp.bv_val, memctx );
+ break;
}
}
BER_BVZERO( fstr );
if ( f == NULL ) {
- ber_dupbv( fstr, &ber_bvnone );
+ ber_dupbv_x( fstr, &ber_bvnone, op->o_tmpmemctx );
return LDAP_OTHER;
}
- switch ( f->f_choice ) {
+#if 0
+ /* ITS#6814: give the caller a chance to use undefined filters */
+ if ( f->f_choice & SLAPD_FILTER_UNDEFINED ) {
+ goto computed;
+ }
+#endif
+
+ switch ( f->f_choice & SLAPD_FILTER_MASK ) {
case LDAP_FILTER_EQUALITY:
ad = f->f_av_desc;
if ( map_attr_value( dc, &ad, &atmp,
- &f->f_av_value, &vtmp, RWM_MAP ) )
+ &f->f_av_value, &vtmp, RWM_MAP, op->o_tmpmemctx ) )
{
goto computed;
}
fstr->bv_len = atmp.bv_len + vtmp.bv_len + STRLENOF( "(=)" );
- fstr->bv_val = ch_malloc( fstr->bv_len + 1 );
+ fstr->bv_val = op->o_tmpalloc( fstr->bv_len + 1, op->o_tmpmemctx );
snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s=%s)",
- atmp.bv_val, vtmp.bv_val );
+ atmp.bv_val, vtmp.bv_len ? vtmp.bv_val : "" );
- ch_free( vtmp.bv_val );
+ op->o_tmpfree( vtmp.bv_val, op->o_tmpmemctx );
break;
case LDAP_FILTER_GE:
ad = f->f_av_desc;
if ( map_attr_value( dc, &ad, &atmp,
- &f->f_av_value, &vtmp, RWM_MAP ) )
+ &f->f_av_value, &vtmp, RWM_MAP, op->o_tmpmemctx ) )
{
goto computed;
}
fstr->bv_len = atmp.bv_len + vtmp.bv_len + STRLENOF( "(>=)" );
- fstr->bv_val = ch_malloc( fstr->bv_len + 1 );
+ fstr->bv_val = op->o_tmpalloc( fstr->bv_len + 1, op->o_tmpmemctx );
snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s>=%s)",
- atmp.bv_val, vtmp.bv_val );
+ atmp.bv_val, vtmp.bv_len ? vtmp.bv_val : "" );
- ch_free( vtmp.bv_val );
+ op->o_tmpfree( vtmp.bv_val, op->o_tmpmemctx );
break;
case LDAP_FILTER_LE:
ad = f->f_av_desc;
if ( map_attr_value( dc, &ad, &atmp,
- &f->f_av_value, &vtmp, RWM_MAP ) )
+ &f->f_av_value, &vtmp, RWM_MAP, op->o_tmpmemctx ) )
{
goto computed;
}
fstr->bv_len = atmp.bv_len + vtmp.bv_len + STRLENOF( "(<=)" );
- fstr->bv_val = ch_malloc( fstr->bv_len + 1 );
+ fstr->bv_val = op->o_tmpalloc( fstr->bv_len + 1, op->o_tmpmemctx );
snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s<=%s)",
- atmp.bv_val, vtmp.bv_val );
+ atmp.bv_val, vtmp.bv_len ? vtmp.bv_val : "" );
- ch_free( vtmp.bv_val );
+ op->o_tmpfree( vtmp.bv_val, op->o_tmpmemctx );
break;
case LDAP_FILTER_APPROX:
ad = f->f_av_desc;
if ( map_attr_value( dc, &ad, &atmp,
- &f->f_av_value, &vtmp, RWM_MAP ) )
+ &f->f_av_value, &vtmp, RWM_MAP, op->o_tmpmemctx ) )
{
goto computed;
}
fstr->bv_len = atmp.bv_len + vtmp.bv_len + STRLENOF( "(~=)" );
- fstr->bv_val = ch_malloc( fstr->bv_len + 1 );
+ fstr->bv_val = op->o_tmpalloc( fstr->bv_len + 1, op->o_tmpmemctx );
snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s~=%s)",
- atmp.bv_val, vtmp.bv_val );
+ atmp.bv_val, vtmp.bv_len ? vtmp.bv_val : "" );
- ch_free( vtmp.bv_val );
+ op->o_tmpfree( vtmp.bv_val, op->o_tmpmemctx );
break;
case LDAP_FILTER_SUBSTRINGS:
ad = f->f_sub_desc;
if ( map_attr_value( dc, &ad, &atmp,
- NULL, NULL, RWM_MAP ) )
+ NULL, NULL, RWM_MAP, op->o_tmpmemctx ) )
{
goto computed;
}
/* cannot be a DN ... */
fstr->bv_len = atmp.bv_len + STRLENOF( "(=*)" );
- fstr->bv_val = ch_malloc( fstr->bv_len + 128 );
+ fstr->bv_val = op->o_tmpalloc( fstr->bv_len + 128, op->o_tmpmemctx );
snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s=*)",
atmp.bv_val );
if ( !BER_BVISNULL( &f->f_sub_initial ) ) {
len = fstr->bv_len;
- filter_escape_value( &f->f_sub_initial, &vtmp );
+ filter_escape_value_x( &f->f_sub_initial, &vtmp, op->o_tmpmemctx );
fstr->bv_len += vtmp.bv_len;
- fstr->bv_val = ch_realloc( fstr->bv_val, fstr->bv_len + 1 );
+ fstr->bv_val = op->o_tmprealloc( fstr->bv_val, fstr->bv_len + 1,
+ op->o_tmpmemctx );
snprintf( &fstr->bv_val[len - 2], vtmp.bv_len + 3,
/* "(attr=" */ "%s*)",
- vtmp.bv_val );
+ vtmp.bv_len ? vtmp.bv_val : "" );
- ch_free( vtmp.bv_val );
+ op->o_tmpfree( vtmp.bv_val, op->o_tmpmemctx );
}
if ( f->f_sub_any != NULL ) {
for ( i = 0; !BER_BVISNULL( &f->f_sub_any[i] ); i++ ) {
len = fstr->bv_len;
- filter_escape_value( &f->f_sub_any[i], &vtmp );
+ filter_escape_value_x( &f->f_sub_any[i], &vtmp,
+ op->o_tmpmemctx );
fstr->bv_len += vtmp.bv_len + 1;
- fstr->bv_val = ch_realloc( fstr->bv_val, fstr->bv_len + 1 );
+ fstr->bv_val = op->o_tmprealloc( fstr->bv_val, fstr->bv_len + 1,
+ op->o_tmpmemctx );
snprintf( &fstr->bv_val[len - 1], vtmp.bv_len + 3,
/* "(attr=[init]*[any*]" */ "%s*)",
- vtmp.bv_val );
- ch_free( vtmp.bv_val );
+ vtmp.bv_len ? vtmp.bv_val : "" );
+ op->o_tmpfree( vtmp.bv_val, op->o_tmpmemctx );
}
}
if ( !BER_BVISNULL( &f->f_sub_final ) ) {
len = fstr->bv_len;
- filter_escape_value( &f->f_sub_final, &vtmp );
+ filter_escape_value_x( &f->f_sub_final, &vtmp, op->o_tmpmemctx );
fstr->bv_len += vtmp.bv_len;
- fstr->bv_val = ch_realloc( fstr->bv_val, fstr->bv_len + 1 );
+ fstr->bv_val = op->o_tmprealloc( fstr->bv_val, fstr->bv_len + 1,
+ op->o_tmpmemctx );
snprintf( &fstr->bv_val[len - 1], vtmp.bv_len + 3,
/* "(attr=[init*][any*]" */ "%s)",
- vtmp.bv_val );
+ vtmp.bv_len ? vtmp.bv_val : "" );
- ch_free( vtmp.bv_val );
+ op->o_tmpfree( vtmp.bv_val, op->o_tmpmemctx );
}
break;
case LDAP_FILTER_PRESENT:
ad = f->f_desc;
if ( map_attr_value( dc, &ad, &atmp,
- NULL, NULL, RWM_MAP ) )
+ NULL, NULL, RWM_MAP, op->o_tmpmemctx ) )
{
goto computed;
}
fstr->bv_len = atmp.bv_len + STRLENOF( "(=*)" );
- fstr->bv_val = ch_malloc( fstr->bv_len + 1 );
+ fstr->bv_val = op->o_tmpalloc( fstr->bv_len + 1, op->o_tmpmemctx );
snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s=*)",
atmp.bv_val );
case LDAP_FILTER_OR:
case LDAP_FILTER_NOT:
fstr->bv_len = STRLENOF( "(%)" );
- fstr->bv_val = ch_malloc( fstr->bv_len + 128 );
+ fstr->bv_val = op->o_tmpalloc( fstr->bv_len + 128, op->o_tmpmemctx );
snprintf( fstr->bv_val, fstr->bv_len + 1, "(%c)",
f->f_choice == LDAP_FILTER_AND ? '&' :
}
fstr->bv_len += vtmp.bv_len;
- fstr->bv_val = ch_realloc( fstr->bv_val, fstr->bv_len + 1 );
+ fstr->bv_val = op->o_tmprealloc( fstr->bv_val, fstr->bv_len + 1,
+ op->o_tmpmemctx );
snprintf( &fstr->bv_val[len-1], vtmp.bv_len + 2,
- /*"("*/ "%s)", vtmp.bv_val );
+ /*"("*/ "%s)", vtmp.bv_len ? vtmp.bv_val : "" );
- ch_free( vtmp.bv_val );
+ op->o_tmpfree( vtmp.bv_val, op->o_tmpmemctx );
}
break;
if ( f->f_mr_desc ) {
ad = f->f_mr_desc;
if ( map_attr_value( dc, &ad, &atmp,
- &f->f_mr_value, &vtmp, RWM_MAP ) )
+ &f->f_mr_value, &vtmp, RWM_MAP, op->o_tmpmemctx ) )
{
goto computed;
}
} else {
BER_BVSTR( &atmp, "" );
- filter_escape_value( &f->f_mr_value, &vtmp );
+ filter_escape_value_x( &f->f_mr_value, &vtmp, op->o_tmpmemctx );
}
( f->f_mr_dnattrs ? STRLENOF( ":dn" ) : 0 ) +
( f->f_mr_rule_text.bv_len ? f->f_mr_rule_text.bv_len + 1 : 0 ) +
vtmp.bv_len + STRLENOF( "(:=)" );
- fstr->bv_val = ch_malloc( fstr->bv_len + 1 );
+ fstr->bv_val = op->o_tmpalloc( fstr->bv_len + 1, op->o_tmpmemctx );
snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s%s%s%s:=%s)",
atmp.bv_val,
f->f_mr_dnattrs ? ":dn" : "",
!BER_BVISEMPTY( &f->f_mr_rule_text ) ? ":" : "",
!BER_BVISEMPTY( &f->f_mr_rule_text ) ? f->f_mr_rule_text.bv_val : "",
- vtmp.bv_val );
- ch_free( vtmp.bv_val );
+ vtmp.bv_len ? vtmp.bv_val : "" );
+ op->o_tmpfree( vtmp.bv_val, op->o_tmpmemctx );
break;
}
- case 0:
+ case -1:
computed:;
- filter_free_x( op, f );
+ filter_free_x( op, f, 0 );
f->f_choice = SLAPD_FILTER_COMPUTED;
f->f_result = SLAPD_COMPARE_UNDEFINED;
/* fallthru */
break;
}
- ber_dupbv( fstr, tmp );
+ ber_dupbv_x( fstr, tmp, op->o_tmpmemctx );
break;
default:
- ber_dupbv( fstr, &ber_bvunknown );
+ ber_dupbv_x( fstr, &ber_bvunknown, op->o_tmpmemctx );
break;
}
rc = rwm_int_filter_map_rewrite( op, dc, f, fstr );
-#ifdef ENABLE_REWRITE
if ( rc != 0 ) {
return rc;
}
case REWRITE_REGEXEC_OK:
if ( !BER_BVISNULL( fstr ) ) {
fstr->bv_len = strlen( fstr->bv_val );
- ch_free( ftmp.bv_val );
} else {
*fstr = ftmp;
Debug( LDAP_DEBUG_ARGS,
"[rw] %s: \"%s\" -> \"%s\"\n",
fdc.ctx, ftmp.bv_val, fstr->bv_val );
+ if ( fstr->bv_val != ftmp.bv_val ) {
+ ber_bvreplace_x( &ftmp, fstr, op->o_tmpmemctx );
+ ch_free( fstr->bv_val );
+ *fstr = ftmp;
+ }
rc = LDAP_SUCCESS;
break;
fdc.rs->sr_err = LDAP_UNWILLING_TO_PERFORM;
fdc.rs->sr_text = "Operation not allowed";
}
+ op->o_tmpfree( ftmp.bv_val, op->o_tmpmemctx );
rc = LDAP_UNWILLING_TO_PERFORM;
break;
fdc.rs->sr_err = LDAP_OTHER;
fdc.rs->sr_text = "Rewrite error";
}
+ op->o_tmpfree( ftmp.bv_val, op->o_tmpmemctx );
rc = LDAP_OTHER;
break;
}
-#endif /* ENABLE_REWRITE */
return rc;
}
* Rewrite the dn if needed
*/
dc.rwmap = rwmap;
-#ifdef ENABLE_REWRITE
dc.conn = op->o_conn;
dc.rs = rs;
dc.ctx = (char *)cookie;
-#else /* ! ENABLE_REWRITE */
- dc.tofrom = ((int *)cookie)[0];
- dc.normalized = 0;
-#endif /* ! ENABLE_REWRITE */
for ( last = 0; !BER_BVISNULL( &a_vals[last] ); last++ )
;
}
ber_str2bv( newurl, 0, 1, &a_vals[i] );
- LDAP_FREE( newurl );
+ ber_memfree( newurl );
if ( pa_nvals ) {
ludp->lud_dn = ndn.bv_val;
ch_free( (*pa_nvals)[i].bv_val );
}
ber_str2bv( newurl, 0, 1, &(*pa_nvals)[i] );
- LDAP_FREE( newurl );
+ ber_memfree( newurl );
}
ch_free( oldval.bv_val );
* Rewrite the dn if needed
*/
dc.rwmap = rwmap;
-#ifdef ENABLE_REWRITE
dc.conn = op->o_conn;
dc.rs = rs;
dc.ctx = (char *)cookie;
-#else /* ! ENABLE_REWRITE */
- dc.tofrom = ((int *)cookie)[0];
- dc.normalized = 0;
-#endif /* ! ENABLE_REWRITE */
for ( last = 0; !BER_BVISNULL( &in[last] ); last++ );
last--;
ch_free( a_vals[i].bv_val );
ber_str2bv( newurl, 0, 1, &a_vals[i] );
- LDAP_FREE( newurl );
+ ber_memfree( newurl );
ludp->lud_dn = olddn.bv_val;
}
break;
int
rwm_dnattr_result_rewrite(
dncookie *dc,
- BerVarray a_vals )
+ BerVarray a_vals,
+ BerVarray a_nvals )
{
int i, last;
last--;
for ( i = 0; !BER_BVISNULL( &a_vals[i] ); i++ ) {
- struct berval dn;
+ struct berval pdn, ndn = BER_BVNULL;
int rc;
- dn = a_vals[i];
- rc = rwm_dn_massage_pretty( dc, &a_vals[i], &dn );
+ pdn = a_vals[i];
+ rc = rwm_dn_massage_pretty_normalize( dc, &a_vals[i], &pdn, &ndn );
switch ( rc ) {
case LDAP_UNWILLING_TO_PERFORM:
/*
* legal to trim values when adding/modifying;
* it should be when searching (e.g. ACLs).
*/
+ assert( a_vals[i].bv_val != a_nvals[i].bv_val );
ch_free( a_vals[i].bv_val );
+ ch_free( a_nvals[i].bv_val );
if ( last > i ) {
a_vals[i] = a_vals[last];
+ a_nvals[i] = a_nvals[last];
}
BER_BVZERO( &a_vals[last] );
+ BER_BVZERO( &a_nvals[last] );
last--;
break;
default:
/* leave attr untouched if massage failed */
- if ( !BER_BVISNULL( &dn ) && a_vals[i].bv_val != dn.bv_val ) {
+ if ( !BER_BVISNULL( &pdn ) && a_vals[i].bv_val != pdn.bv_val ) {
ch_free( a_vals[i].bv_val );
- a_vals[i] = dn;
+ a_vals[i] = pdn;
+ }
+ if ( !BER_BVISNULL( &ndn ) && a_nvals[i].bv_val != ndn.bv_val ) {
+ ch_free( a_nvals[i].bv_val );
+ a_nvals[i] = ndn;
}
break;
}