X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=servers%2Fslapd%2Foverlays%2Frwmmap.c;h=e8a630cce6c57d115d33778ccbe478bf365412c7;hb=bc97f801bfd87b715ff1324b5219dc33301d25c0;hp=9d79679be31ccc694c49d70f784e5e74b5bb1e0b;hpb=22bd2667ce0b627bf6c07d88c82d66ae82a4de13;p=openldap diff --git a/servers/slapd/overlays/rwmmap.c b/servers/slapd/overlays/rwmmap.c index 9d79679be3..e8a630cce6 100644 --- a/servers/slapd/overlays/rwmmap.c +++ b/servers/slapd/overlays/rwmmap.c @@ -2,7 +2,7 @@ /* $OpenLDAP$ */ /* This work is part of OpenLDAP Software . * - * Copyright 1999-2004 The OpenLDAP Foundation. + * Copyright 1999-2005 The OpenLDAP Foundation. * Portions Copyright 1999-2003 Howard Chu. * Portions Copyright 2000-2003 Pierangelo Masarati. * All rights reserved. @@ -78,9 +78,10 @@ rwm_map_init( struct ldapmap *lm, struct ldapmapping **m ) mapping = (struct ldapmapping *)ch_calloc( 2, sizeof( struct ldapmapping ) ); if ( mapping == NULL ) { - return; + return LDAP_NO_MEMORY; } + /* FIXME: I don't think this is needed any more... */ rc = slap_str2ad( "objectClass", &mapping->m_src_ad, &text ); if ( rc != LDAP_SUCCESS ) { return rc; @@ -135,7 +136,7 @@ rwm_map( struct ldapmap *map, struct berval *s, struct berval *bv, int remap ) struct ldapmapping *mapping; BER_BVZERO( bv ); - rwm_mapping( map, s, &mapping, remap ); + ( void )rwm_mapping( map, s, &mapping, remap ); if ( mapping != NULL ) { if ( !BER_BVISNULL( &mapping->m_dst ) ) { *bv = mapping->m_dst; @@ -162,6 +163,10 @@ rwm_map_attrnames( { int i, j; + assert( anp ); + + *anp = NULL; + if ( an == NULL ) { return LDAP_SUCCESS; } @@ -169,6 +174,9 @@ rwm_map_attrnames( for ( i = 0; !BER_BVISNULL( &an[i].an_name ); i++ ) /* just count */ ; *anp = ch_malloc( ( i + 1 )* sizeof( AttributeName ) ); + if ( *anp == NULL ) { + return LDAP_NO_MEMORY; + } for ( i = 0, j = 0; !BER_BVISNULL( &an[i].an_name ); i++ ) { struct ldapmapping *m; @@ -313,105 +321,120 @@ rwm_map_attrs( return LDAP_SUCCESS; } - for ( i = 0; !BER_BVISNULL( &an[i].an_name ); i++ ) { + for ( i = 0; !BER_BVISNULL( &an[ i ].an_name ); i++ ) { /* */ } na = (char **)ch_calloc( i + 1, sizeof( char * ) ); - if (na == NULL) { + if ( na == NULL ) { *mapped_attrs = NULL; return LDAP_NO_MEMORY; } for ( i = j = 0; !BER_BVISNULL( &an[i].an_name ); i++ ) { - struct ldapmapping *m; + struct ldapmapping *mapping; - if ( rwm_mapping( at_map, &an[i].an_name, &m, remap ) ) { + if ( rwm_mapping( at_map, &an[i].an_name, &mapping, remap ) ) { continue; } - if ( !m || ( m && !BER_BVISNULL( &m->m_dst ) ) ) { - na[j++] = m->m_dst.bv_val; + if ( !mapping ) { + na[ j++ ] = an[ i ].an_name.bv_val; + + } else if ( !BER_BVISNULL( &mapping->m_dst ) ) { + na[ j++ ] = mapping->m_dst.bv_val; } } + if ( j == 0 && i != 0 ) { - na[j++] = LDAP_NO_ATTRS; + na[ j++ ] = LDAP_NO_ATTRS; } - na[j] = NULL; + + na[ j ] = NULL; *mapped_attrs = na; + return LDAP_SUCCESS; } static int map_attr_value( dncookie *dc, - AttributeDescription *ad, + AttributeDescription **adp, struct berval *mapped_attr, struct berval *value, struct berval *mapped_value, int remap ) { - struct berval vtmp; + struct berval vtmp = BER_BVNULL; int freeval = 0; + AttributeDescription *ad = *adp; + struct ldapmapping *mapping = NULL; - rwm_map( &dc->rwmap->rwm_at, &ad->ad_cname, mapped_attr, remap ); - if ( BER_BVISNULL( mapped_attr ) || BER_BVISEMPTY( mapped_attr ) ) { - /* - * FIXME: are we sure we need to search oc_map if at_map fails? - */ - rwm_map( &dc->rwmap->rwm_oc, &ad->ad_cname, mapped_attr, remap ); - if ( BER_BVISNULL( mapped_attr ) || BER_BVISEMPTY( mapped_attr ) ) - { - *mapped_attr = ad->ad_cname; + rwm_mapping( &dc->rwmap->rwm_at, &ad->ad_cname, &mapping, remap ); + if ( mapping == NULL ) { + if ( dc->rwmap->rwm_at.drop_missing ) { + return -1; } - } - if ( value == NULL ) { - return 0; + *mapped_attr = ad->ad_cname; + + } else { + *mapped_attr = mapping->m_dst; } - if ( ad->ad_type->sat_syntax == slap_schema.si_syn_distinguishedName ) - { - dncookie fdc = *dc; - int rc; + if ( value != NULL ) { + assert( mapped_value != NULL ); + + if ( ad->ad_type->sat_syntax == slap_schema.si_syn_distinguishedName + || ( mapping != NULL && mapping->m_dst_ad->ad_type->sat_syntax == slap_schema.si_syn_distinguishedName ) ) + { + dncookie fdc = *dc; + int rc; #ifdef ENABLE_REWRITE - fdc.ctx = "searchFilterAttrDN"; -#endif + fdc.ctx = "searchFilterAttrDN"; +#endif /* ENABLE_REWRITE */ - rc = rwm_dn_massage( &fdc, value, &vtmp, NULL ); - switch ( rc ) { - case LDAP_SUCCESS: - if ( vtmp.bv_val != value->bv_val ) { - freeval = 1; - } - break; + vtmp = *value; + rc = rwm_dn_massage_normalize( &fdc, value, &vtmp ); + switch ( rc ) { + case LDAP_SUCCESS: + if ( vtmp.bv_val != value->bv_val ) { + freeval = 1; + } + break; - case LDAP_UNWILLING_TO_PERFORM: - case LDAP_OTHER: - default: - return -1; - } + case LDAP_UNWILLING_TO_PERFORM: + case LDAP_OTHER: + default: + return -1; + } - } else if ( ad == slap_schema.si_ad_objectClass - || ad == slap_schema.si_ad_structuralObjectClass ) - { - rwm_map( &dc->rwmap->rwm_oc, value, &vtmp, remap ); - if ( BER_BVISNULL( &vtmp ) || BER_BVISEMPTY( &vtmp ) ) { + } else if ( ad == slap_schema.si_ad_objectClass + || ad == slap_schema.si_ad_structuralObjectClass ) + { + rwm_map( &dc->rwmap->rwm_oc, value, &vtmp, remap ); + if ( BER_BVISNULL( &vtmp ) || BER_BVISEMPTY( &vtmp ) ) { + vtmp = *value; + } + + } else { vtmp = *value; } - - } else { - vtmp = *value; - } - filter_escape_value( &vtmp, mapped_value ); + filter_escape_value( &vtmp, mapped_value ); - if ( freeval ) { - ber_memfree( vtmp.bv_val ); + if ( freeval ) { + ch_free( vtmp.bv_val ); + } } + if ( mapping != NULL ) { + assert( mapping->m_dst_ad != NULL ); + *adp = mapping->m_dst_ad; + } + return 0; } @@ -442,71 +465,71 @@ rwm_int_filter_map_rewrite( switch ( f->f_choice ) { case LDAP_FILTER_EQUALITY: - if ( map_attr_value( dc, f->f_av_desc, &atmp, + if ( map_attr_value( dc, &f->f_av_desc, &atmp, &f->f_av_value, &vtmp, RWM_MAP ) ) { return -1; } fstr->bv_len = atmp.bv_len + vtmp.bv_len + STRLENOF( "(=)" ); - fstr->bv_val = malloc( fstr->bv_len + 1 ); + fstr->bv_val = ch_malloc( fstr->bv_len + 1 ); snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s=%s)", atmp.bv_val, vtmp.bv_val ); - ber_memfree( vtmp.bv_val ); + ch_free( vtmp.bv_val ); break; case LDAP_FILTER_GE: - if ( map_attr_value( dc, f->f_av_desc, &atmp, + if ( map_attr_value( dc, &f->f_av_desc, &atmp, &f->f_av_value, &vtmp, RWM_MAP ) ) { return -1; } fstr->bv_len = atmp.bv_len + vtmp.bv_len + STRLENOF( "(>=)" ); - fstr->bv_val = malloc( fstr->bv_len + 1 ); + fstr->bv_val = ch_malloc( fstr->bv_len + 1 ); snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s>=%s)", atmp.bv_val, vtmp.bv_val ); - ber_memfree( vtmp.bv_val ); + ch_free( vtmp.bv_val ); break; case LDAP_FILTER_LE: - if ( map_attr_value( dc, f->f_av_desc, &atmp, + if ( map_attr_value( dc, &f->f_av_desc, &atmp, &f->f_av_value, &vtmp, RWM_MAP ) ) { return -1; } fstr->bv_len = atmp.bv_len + vtmp.bv_len + STRLENOF( "(<=)" ); - fstr->bv_val = malloc( fstr->bv_len + 1 ); + fstr->bv_val = ch_malloc( fstr->bv_len + 1 ); snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s<=%s)", atmp.bv_val, vtmp.bv_val ); - ber_memfree( vtmp.bv_val ); + ch_free( vtmp.bv_val ); break; case LDAP_FILTER_APPROX: - if ( map_attr_value( dc, f->f_av_desc, &atmp, + if ( map_attr_value( dc, &f->f_av_desc, &atmp, &f->f_av_value, &vtmp, RWM_MAP ) ) { return -1; } fstr->bv_len = atmp.bv_len + vtmp.bv_len + STRLENOF( "(~=)" ); - fstr->bv_val = malloc( fstr->bv_len + 1 ); + fstr->bv_val = ch_malloc( fstr->bv_len + 1 ); snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s~=%s)", atmp.bv_val, vtmp.bv_val ); - ber_memfree( vtmp.bv_val ); + ch_free( vtmp.bv_val ); break; case LDAP_FILTER_SUBSTRINGS: - if ( map_attr_value( dc, f->f_sub_desc, &atmp, + if ( map_attr_value( dc, &f->f_sub_desc, &atmp, NULL, NULL, RWM_MAP ) ) { return -1; @@ -515,7 +538,7 @@ rwm_int_filter_map_rewrite( /* cannot be a DN ... */ fstr->bv_len = atmp.bv_len + STRLENOF( "(=*)" ); - fstr->bv_val = malloc( fstr->bv_len + 128 ); + fstr->bv_val = ch_malloc( fstr->bv_len + 128 ); snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s=*)", atmp.bv_val ); @@ -532,7 +555,7 @@ rwm_int_filter_map_rewrite( /* "(attr=" */ "%s*)", vtmp.bv_val ); - ber_memfree( vtmp.bv_val ); + ch_free( vtmp.bv_val ); } if ( f->f_sub_any != NULL ) { @@ -546,7 +569,7 @@ rwm_int_filter_map_rewrite( snprintf( &fstr->bv_val[len - 1], vtmp.bv_len + 3, /* "(attr=[init]*[any*]" */ "%s*)", vtmp.bv_val ); - ber_memfree( vtmp.bv_val ); + ch_free( vtmp.bv_val ); } } @@ -562,20 +585,20 @@ rwm_int_filter_map_rewrite( /* "(attr=[init*][any*]" */ "%s)", vtmp.bv_val ); - ber_memfree( vtmp.bv_val ); + ch_free( vtmp.bv_val ); } break; case LDAP_FILTER_PRESENT: - if ( map_attr_value( dc, f->f_desc, &atmp, + if ( map_attr_value( dc, &f->f_desc, &atmp, NULL, NULL, RWM_MAP ) ) { return -1; } fstr->bv_len = atmp.bv_len + STRLENOF( "(=*)" ); - fstr->bv_val = malloc( fstr->bv_len + 1 ); + fstr->bv_val = ch_malloc( fstr->bv_len + 1 ); snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s=*)", atmp.bv_val ); @@ -585,7 +608,7 @@ rwm_int_filter_map_rewrite( case LDAP_FILTER_OR: case LDAP_FILTER_NOT: fstr->bv_len = STRLENOF( "(%)" ); - fstr->bv_val = malloc( fstr->bv_len + 128 ); + fstr->bv_val = ch_malloc( fstr->bv_len + 128 ); snprintf( fstr->bv_val, fstr->bv_len + 1, "(%c)", f->f_choice == LDAP_FILTER_AND ? '&' : @@ -612,7 +635,7 @@ rwm_int_filter_map_rewrite( case LDAP_FILTER_EXT: { if ( f->f_mr_desc ) { - if ( map_attr_value( dc, f->f_mr_desc, &atmp, + if ( map_attr_value( dc, &f->f_mr_desc, &atmp, &f->f_mr_value, &vtmp, RWM_MAP ) ) { return -1; @@ -628,7 +651,7 @@ rwm_int_filter_map_rewrite( ( f->f_mr_dnattrs ? STRLENOF( ":dn" ) : 0 ) + ( f->f_mr_rule_text.bv_len ? f->f_mr_rule_text.bv_len + 1 : 0 ) + vtmp.bv_len + STRLENOF( "(:=)" ); - fstr->bv_val = malloc( fstr->bv_len + 1 ); + fstr->bv_val = ch_malloc( fstr->bv_len + 1 ); snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s%s%s%s:=%s)", atmp.bv_val, @@ -636,8 +659,9 @@ rwm_int_filter_map_rewrite( !BER_BVISEMPTY( &f->f_mr_rule_text ) ? ":" : "", !BER_BVISEMPTY( &f->f_mr_rule_text ) ? f->f_mr_rule_text.bv_val : "", vtmp.bv_val ); - ber_memfree( vtmp.bv_val ); - } break; + ch_free( vtmp.bv_val ); + break; + } case SLAPD_FILTER_COMPUTED: switch ( f->f_result ) { @@ -693,25 +717,20 @@ rwm_filter_map_rewrite( switch ( rewrite_session( fdc.rwmap->rwm_rw, fdc.ctx, ( !BER_BVISEMPTY( &ftmp ) ? ftmp.bv_val : "" ), - fdc.conn, &fstr->bv_val )) { + fdc.conn, &fstr->bv_val ) ) + { case REWRITE_REGEXEC_OK: if ( !BER_BVISNULL( fstr ) ) { fstr->bv_len = strlen( fstr->bv_val ); - free( ftmp.bv_val ); + ch_free( ftmp.bv_val ); } else { *fstr = ftmp; } -#ifdef NEW_LOGGING - LDAP_LOG( BACK_LDAP, DETAIL1, - "[rw] %s: \"%s\" -> \"%s\"\n", - dc->ctx, ftmp.bv_val, fstr->bv_val ); -#else /* !NEW_LOGGING */ Debug( LDAP_DEBUG_ARGS, "[rw] %s: \"%s\" -> \"%s\"\n", - dc->ctx, ftmp.bv_val, fstr->bv_val ); -#endif /* !NEW_LOGGING */ + fdc.ctx, ftmp.bv_val, fstr->bv_val ); rc = LDAP_SUCCESS; break; @@ -744,7 +763,7 @@ rwm_filter_map_rewrite( * routines may be macros with args */ int -rwm_dnattr_rewrite( +rwm_referral_rewrite( Operation *op, SlapReply *rs, void *cookie, @@ -758,38 +777,69 @@ rwm_dnattr_rewrite( int i, last; dncookie dc; - struct berval dn, ndn, *pndn = NULL; + struct berval dn = BER_BVNULL, + ndn = BER_BVNULL; assert( a_vals ); /* - * Rewrite the bind dn if needed + * Rewrite the dn if needed */ dc.rwmap = rwmap; #ifdef ENABLE_REWRITE dc.conn = op->o_conn; dc.rs = rs; dc.ctx = (char *)cookie; -#else +#else /* ! ENABLE_REWRITE */ dc.tofrom = ((int *)cookie)[0]; dc.normalized = 0; -#endif +#endif /* ! ENABLE_REWRITE */ - for ( last = 0; !BER_BVISNULL( &a_vals[last] ); last++ ); + for ( last = 0; !BER_BVISNULL( &a_vals[last] ); last++ ) + ; + last--; + if ( pa_nvals != NULL ) { - pndn = &ndn; - if ( *pa_nvals == NULL ) { - *pa_nvals = ch_malloc( last * sizeof(struct berval) ); - memset( *pa_nvals, 0, last * sizeof(struct berval) ); + *pa_nvals = ch_malloc( ( last + 2 ) * sizeof(struct berval) ); + memset( *pa_nvals, 0, ( last + 2 ) * sizeof(struct berval) ); } } - last--; for ( i = 0; !BER_BVISNULL( &a_vals[i] ); i++ ) { + struct berval olddn, oldval; int rc; + LDAPURLDesc *ludp; + + oldval = a_vals[i]; + rc = ldap_url_parse( oldval.bv_val, &ludp ); + if ( rc != LDAP_URL_SUCCESS ) { + /* leave attr untouched if massage failed */ + if ( pa_nvals && BER_BVISNULL( &(*pa_nvals)[i] ) ) { + ber_dupbv( &(*pa_nvals)[i], &oldval ); + } + continue; + } + + /* FIXME: URLs like "ldap:///dc=suffix" if passed + * thru ldap_url_parse() and ldap_url_desc2str() + * get rewritten as "ldap:///dc=suffix??base"; + * we don't want this to occur... */ + if ( ludp->lud_scope == LDAP_SCOPE_BASE ) { + ludp->lud_scope = LDAP_SCOPE_DEFAULT; + } + + ber_str2bv( ludp->lud_dn, 0, 0, &olddn ); + + dn = olddn; + if ( pa_nvals ) { + ndn = olddn; + rc = rwm_dn_massage_pretty_normalize( &dc, &olddn, + &dn, &ndn ); + } else { + rc = rwm_dn_massage_pretty( &dc, &olddn, &dn ); + } - rc = rwm_dn_massage( &dc, &a_vals[i], &dn, pndn ); switch ( rc ) { case LDAP_UNWILLING_TO_PERFORM: /* @@ -812,21 +862,182 @@ rwm_dnattr_rewrite( break; case LDAP_SUCCESS: - if ( !BER_BVISNULL( &dn ) && dn.bv_val != a_vals[i].bv_val ) { - ch_free( a_vals[i].bv_val ); - a_vals[i] = dn; + if ( !BER_BVISNULL( &dn ) && dn.bv_val != olddn.bv_val ) { + char *newurl; + + ludp->lud_dn = dn.bv_val; + newurl = ldap_url_desc2str( ludp ); + ludp->lud_dn = olddn.bv_val; + ch_free( dn.bv_val ); + if ( newurl == NULL ) { + /* FIXME: leave attr untouched + * even if ldap_url_desc2str failed... + */ + break; + } + + ber_str2bv( newurl, 0, 1, &a_vals[i] ); + LDAP_FREE( newurl ); + if ( pa_nvals ) { + ludp->lud_dn = ndn.bv_val; + newurl = ldap_url_desc2str( ludp ); + ludp->lud_dn = olddn.bv_val; + ch_free( ndn.bv_val ); + if ( newurl == NULL ) { + /* FIXME: leave attr untouched + * even if ldap_url_desc2str failed... + */ + ch_free( a_vals[i].bv_val ); + a_vals[i] = oldval; + break; + } + if ( !BER_BVISNULL( &(*pa_nvals)[i] ) ) { ch_free( (*pa_nvals)[i].bv_val ); } - (*pa_nvals)[i] = *pndn; + ber_str2bv( newurl, 0, 1, &(*pa_nvals)[i] ); + LDAP_FREE( newurl ); } + + ch_free( oldval.bv_val ); + ludp->lud_dn = olddn.bv_val; } break; default: /* leave attr untouched if massage failed */ if ( pa_nvals && BER_BVISNULL( &(*pa_nvals)[i] ) ) { + ber_dupbv( &(*pa_nvals)[i], &a_vals[i] ); + } + break; + } + ldap_free_urldesc( ludp ); + } + + return 0; +} + +/* + * I don't like this much, but we need two different + * functions because different heap managers may be + * in use in back-ldap/meta to reduce the amount of + * calls to malloc routines, and some of the free() + * routines may be macros with args + */ +int +rwm_dnattr_rewrite( + Operation *op, + SlapReply *rs, + void *cookie, + BerVarray a_vals, + BerVarray *pa_nvals ) +{ + slap_overinst *on = (slap_overinst *) op->o_bd->bd_info; + struct ldaprwmap *rwmap = + (struct ldaprwmap *)on->on_bi.bi_private; + + int i, last; + + dncookie dc; + struct berval dn = BER_BVNULL, + ndn = BER_BVNULL; + BerVarray in; + + if ( a_vals ) { + in = a_vals; + + } else { + if ( pa_nvals == NULL || *pa_nvals == NULL ) { + return LDAP_OTHER; + } + in = *pa_nvals; + } + + /* + * Rewrite the dn if needed + */ + dc.rwmap = rwmap; +#ifdef ENABLE_REWRITE + dc.conn = op->o_conn; + dc.rs = rs; + dc.ctx = (char *)cookie; +#else /* ! ENABLE_REWRITE */ + dc.tofrom = ((int *)cookie)[0]; + dc.normalized = 0; +#endif /* ! ENABLE_REWRITE */ + + for ( last = 0; !BER_BVISNULL( &in[last] ); last++ ); + last--; + if ( pa_nvals != NULL ) { + if ( *pa_nvals == NULL ) { + *pa_nvals = ch_malloc( ( last + 2 ) * sizeof(struct berval) ); + memset( *pa_nvals, 0, ( last + 2 ) * sizeof(struct berval) ); + } + } + + for ( i = 0; !BER_BVISNULL( &in[i] ); i++ ) { + int rc; + + if ( a_vals ) { + dn = in[i]; + if ( pa_nvals ) { + ndn = (*pa_nvals)[i]; + rc = rwm_dn_massage_pretty_normalize( &dc, &in[i], &dn, &ndn ); + } else { + rc = rwm_dn_massage_pretty( &dc, &in[i], &dn ); + } + } else { + ndn = in[i]; + rc = rwm_dn_massage_normalize( &dc, &in[i], &ndn ); + } + + switch ( rc ) { + case LDAP_UNWILLING_TO_PERFORM: + /* + * FIXME: need to check if it may be considered + * legal to trim values when adding/modifying; + * it should be when searching (e.g. ACLs). + */ + ch_free( in[i].bv_val ); + if (last > i ) { + in[i] = in[last]; + if ( a_vals && pa_nvals ) { + (*pa_nvals)[i] = (*pa_nvals)[last]; + } + } + BER_BVZERO( &in[last] ); + if ( a_vals && pa_nvals ) { + BER_BVZERO( &(*pa_nvals)[last] ); + } + last--; + break; + + case LDAP_SUCCESS: + if ( a_vals ) { + if ( !BER_BVISNULL( &dn ) && dn.bv_val != a_vals[i].bv_val ) { + ch_free( a_vals[i].bv_val ); + a_vals[i] = dn; + + if ( pa_nvals ) { + if ( !BER_BVISNULL( &(*pa_nvals)[i] ) ) { + ch_free( (*pa_nvals)[i].bv_val ); + } + (*pa_nvals)[i] = ndn; + } + } + + } else { + if ( !BER_BVISNULL( &ndn ) && ndn.bv_val != (*pa_nvals)[i].bv_val ) { + ch_free( (*pa_nvals)[i].bv_val ); + (*pa_nvals)[i] = ndn; + } + } + break; + + default: + /* leave attr untouched if massage failed */ + if ( a_vals && pa_nvals && BER_BVISNULL( &(*pa_nvals)[i] ) ) { dnNormalize( 0, NULL, NULL, &a_vals[i], &(*pa_nvals)[i], NULL ); } break; @@ -836,6 +1047,84 @@ rwm_dnattr_rewrite( return 0; } +int +rwm_referral_result_rewrite( + dncookie *dc, + BerVarray a_vals +) +{ + int i, last; + + for ( last = 0; !BER_BVISNULL( &a_vals[last] ); last++ ); + last--; + + for ( i = 0; !BER_BVISNULL( &a_vals[i] ); i++ ) { + struct berval dn, olddn; + int rc; + LDAPURLDesc *ludp; + + rc = ldap_url_parse( a_vals[i].bv_val, &ludp ); + if ( rc != LDAP_URL_SUCCESS ) { + /* leave attr untouched if massage failed */ + continue; + } + + /* FIXME: URLs like "ldap:///dc=suffix" if passed + * thru ldap_url_parse() and ldap_url_desc2str() + * get rewritten as "ldap:///dc=suffix??base"; + * we don't want this to occur... */ + if ( ludp->lud_scope == LDAP_SCOPE_BASE ) { + ludp->lud_scope = LDAP_SCOPE_DEFAULT; + } + + ber_str2bv( ludp->lud_dn, 0, 0, &olddn ); + + dn = olddn; + rc = rwm_dn_massage_pretty( dc, &olddn, &dn ); + switch ( rc ) { + case LDAP_UNWILLING_TO_PERFORM: + /* + * FIXME: need to check if it may be considered + * legal to trim values when adding/modifying; + * it should be when searching (e.g. ACLs). + */ + ch_free( a_vals[i].bv_val ); + if ( last > i ) { + a_vals[i] = a_vals[last]; + } + BER_BVZERO( &a_vals[last] ); + last--; + i--; + break; + + default: + /* leave attr untouched if massage failed */ + if ( !BER_BVISNULL( &dn ) && olddn.bv_val != dn.bv_val ) { + char *newurl; + + ludp->lud_dn = dn.bv_val; + newurl = ldap_url_desc2str( ludp ); + if ( newurl == NULL ) { + /* FIXME: leave attr untouched + * even if ldap_url_desc2str failed... + */ + break; + } + + ch_free( a_vals[i].bv_val ); + ber_str2bv( newurl, 0, 1, &a_vals[i] ); + LDAP_FREE( newurl ); + ludp->lud_dn = olddn.bv_val; + } + break; + } + + ldap_free_urldesc( ludp ); + } + + return 0; +} + int rwm_dnattr_result_rewrite( dncookie *dc, @@ -851,7 +1140,8 @@ rwm_dnattr_result_rewrite( struct berval dn; int rc; - rc = rwm_dn_massage( dc, &a_vals[i], &dn, NULL ); + dn = a_vals[i]; + rc = rwm_dn_massage_pretty( dc, &a_vals[i], &dn ); switch ( rc ) { case LDAP_UNWILLING_TO_PERFORM: /* @@ -859,7 +1149,7 @@ rwm_dnattr_result_rewrite( * legal to trim values when adding/modifying; * it should be when searching (e.g. ACLs). */ - LBER_FREE( &a_vals[i].bv_val ); + ch_free( a_vals[i].bv_val ); if ( last > i ) { a_vals[i] = a_vals[last]; } @@ -870,7 +1160,7 @@ rwm_dnattr_result_rewrite( default: /* leave attr untouched if massage failed */ if ( !BER_BVISNULL( &dn ) && a_vals[i].bv_val != dn.bv_val ) { - LBER_FREE( a_vals[i].bv_val ); + ch_free( a_vals[i].bv_val ); a_vals[i] = dn; } break;