All DN attrs are massaged, whether or not ENABLE_REWRITE is defined.
Use "dnAttr" rewriteContext for Add, Compare, & Modify.
Fixed ldap_back_compare.
struct berval mapped;
struct berval mdn = { 0, NULL };
ber_int_t msgid;
+ dncookie dc;
#ifdef NEW_LOGGING
LDAP_LOG( BACK_LDAP, ENTRY, "ldap_back_add: %s\n", op->o_req_dn.bv_val, 0, 0 );
/*
* Rewrite the add dn, if needed
*/
+ dc.li = li;
#ifdef ENABLE_REWRITE
- switch (rewrite_session( li->rwinfo, "addDn", op->o_req_dn.bv_val, op->o_conn,
- &mdn.bv_val )) {
- case REWRITE_REGEXEC_OK:
- if ( mdn.bv_val != NULL && mdn.bv_val[ 0 ] != '\0' ) {
- mdn.bv_len = strlen( mdn.bv_val );
- } else {
- mdn = op->o_req_dn;
- }
-#ifdef NEW_LOGGING
- LDAP_LOG( BACK_LDAP, DETAIL1,
- "[rw] addDn: \"%s\" -> \"%s\"\n", op->o_req_dn.bv_val, mdn.bv_val, 0 );
-#else /* !NEW_LOGGING */
- Debug( LDAP_DEBUG_ARGS, "rw> addDn: \"%s\" -> \"%s\"\n%s",
- op->o_req_dn.bv_val, mdn.bv_val, "" );
-#endif /* !NEW_LOGGING */
- break;
-
- case REWRITE_REGEXEC_UNWILLING:
- send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM,
- "Operation not allowed" );
- return( -1 );
-
- case REWRITE_REGEXEC_ERR:
- send_ldap_error( op, rs, LDAP_OTHER,
- "Rewrite error" );
- return( -1 );
+ dc.conn = op->o_conn;
+ dc.rs = rs;
+ dc.ctx = "addDn";
+#else
+ dc.tofrom = 1;
+ dc.normalized = 0;
+#endif
+ if ( ldap_back_dn_massage( &dc, &op->o_req_dn, &mdn ) ) {
+ send_ldap_result( op, rs );
+ return -1;
}
-#else /* !ENABLE_REWRITE */
- ldap_back_dn_massage( li, &op->o_req_dn, &mdn, 0, 1 );
-#endif /* !ENABLE_REWRITE */
/* Count number of attributes in entry */
for (i = 1, a = op->oq_add.rs_e->e_attrs; a; i++, a = a->a_next)
attrs = (LDAPMod **)ch_malloc(sizeof(LDAPMod *)*i);
for (i=0, a=op->oq_add.rs_e->e_attrs; a; a=a->a_next) {
- /*
- * lastmod should always be <off>, so that
- * creation/modification operational attrs
- * of the target directory are used, if available
- */
-#if 0
- if ( !strcasecmp( a->a_desc->ad_cname.bv_val,
- slap_schema.si_ad_creatorsName->ad_cname.bv_val )
- || !strcasecmp( a->a_desc->ad_cname.bv_val,
- slap_schema.si_ad_createTimestamp->ad_cname.bv_val )
- || !strcasecmp( a->a_desc->ad_cname.bv_val,
- slap_schema.si_ad_modifiersName->ad_cname.bv_val )
- || !strcasecmp( a->a_desc->ad_cname.bv_val,
- slap_schema.si_ad_modifyTimestamp->ad_cname.bv_val )
- ) {
- continue;
- }
-#endif
-
if ( a->a_desc->ad_type->sat_no_user_mod ) {
continue;
}
attrs[i]->mod_op = LDAP_MOD_BVALUES;
attrs[i]->mod_type = mapped.bv_val;
-#ifdef ENABLE_REWRITE
- /*
- * FIXME: dn-valued attrs should be rewritten
- * to allow their use in ACLs at back-ldap level.
- */
- if ( strcmp( a->a_desc->ad_type->sat_syntax->ssyn_oid,
- SLAPD_DN_SYNTAX ) == 0 ) {
+ if ( a->a_desc->ad_type->sat_syntax ==
+ slap_schema.si_syn_distinguishedName ) {
/*
* FIXME: rewrite could fail; in this case
* the operation should give up, right?
*/
- (void)ldap_dnattr_rewrite( li->rwinfo, a->a_vals, op->o_conn );
+ (void)ldap_dnattr_rewrite( &dc, a->a_vals );
}
-#endif /* ENABLE_REWRITE */
for (j=0; a->a_vals[j].bv_val; j++);
attrs[i]->mod_vals.modv_bvals = ch_malloc((j+1)*sizeof(struct berval *));
return ldap_back_op_result( lc, op, rs, msgid, 1 ) != LDAP_SUCCESS;
}
-#ifdef ENABLE_REWRITE
int
ldap_dnattr_rewrite(
- struct rewrite_info *rwinfo,
- BerVarray a_vals,
- void *cookie
+ dncookie *dc,
+ BerVarray a_vals
)
{
- char *mattr;
-
+ struct berval bv;
+
+#ifdef ENABLE_REWRITE
+ dc->ctx="dnAttr";
+#endif
for ( ; a_vals->bv_val != NULL; a_vals++ ) {
- switch ( rewrite_session( rwinfo, "bindDn", a_vals->bv_val,
- cookie, &mattr )) {
- case REWRITE_REGEXEC_OK:
- if ( mattr == NULL ) {
- /* no substitution */
- continue;
- }
-#ifdef NEW_LOGGING
- LDAP_LOG( BACK_LDAP, DETAIL1,
- "[rw] bindDn (in add of dn-valued"
- " attr): \"%s\" -> \"%s\"\n", a_vals->bv_val, mattr, 0 );
-#else /* !NEW_LOGGING */
- Debug( LDAP_DEBUG_ARGS,
- "rw> bindDn (in add of dn-valued attr):"
- " \"%s\" -> \"%s\"\n%s",
- a_vals->bv_val, mattr, "" );
-#endif /* !NEW_LOGGING */
+ ldap_back_dn_massage( dc, a_vals, &bv );
- /*
- * FIXME: replacing server-allocated memory
- * (ch_malloc) with librewrite allocated memory
- * (malloc)
- */
+ /* leave attr untouched if massage failed */
+ if ( bv.bv_val && bv.bv_val != a_vals->bv_val ) {
ch_free( a_vals->bv_val );
- a_vals->bv_val = mattr;
- a_vals->bv_len = strlen( mattr );
-
- break;
-
- case REWRITE_REGEXEC_UNWILLING:
-
- case REWRITE_REGEXEC_ERR:
- /*
- * FIXME: better give up,
- * skip the attribute
- * or leave it untouched?
- */
- break;
+ *a_vals = bv;
}
}
return 0;
}
-#endif /* ENABLE_REWRITE */
-
ber_int_t msgid, int sendok);
int back_ldap_LTX_init_module(int argc, char *argv[]);
-void ldap_back_dn_massage(struct ldapinfo *li, struct berval *dn,
- struct berval *res, int normalized, int tofrom);
+/* Whatever context ldap_back_dn_massage needs... */
+typedef struct dncookie {
+ struct ldapinfo *li;
+#ifdef ENABLE_REWRITE
+ Connection *conn;
+ char *ctx;
+ SlapReply *rs;
+#else
+ int normalized;
+ int tofrom;
+#endif
+} dncookie;
+
+int ldap_back_dn_massage(dncookie *dc, struct berval *dn,
+ struct berval *res);
extern int ldap_back_conn_cmp( const void *c1, const void *c2);
extern int ldap_back_conn_dup( void *c1, void *c2 );
extern int suffix_massage_config( struct rewrite_info *info,
struct berval *pvnc, struct berval *nvnc,
struct berval *prnc, struct berval *nrnc);
-extern int ldap_dnattr_rewrite( struct rewrite_info *rwinfo, BerVarray a_vals, void *cookie );
#endif /* ENABLE_REWRITE */
+extern int ldap_dnattr_rewrite( dncookie *dc, BerVarray a_vals );
LDAP_END_DECL
struct berval mdn = { 0, NULL };
int rc = 0;
ber_int_t msgid;
+ dncookie dc;
lc = ldap_back_getconn(op, rs);
if ( !lc ) {
/*
* Rewrite the bind dn if needed
*/
+ dc.li = li;
#ifdef ENABLE_REWRITE
- switch ( rewrite_session( li->rwinfo, "bindDn",
- op->o_req_dn.bv_val,
- op->o_conn, &mdn.bv_val ) ) {
- case REWRITE_REGEXEC_OK:
- if ( mdn.bv_val == NULL ) {
- mdn = op->o_req_dn;
- } else {
- mdn.bv_len = strlen( mdn.bv_val );
- }
-
-#ifdef NEW_LOGGING
- LDAP_LOG( BACK_LDAP, DETAIL1,
- "[rw] bindDn: \"%s\" -> \"%s\"\n",
- op->o_req_dn.bv_val, mdn.bv_val, 0 );
-#else /* !NEW_LOGGING */
- Debug( LDAP_DEBUG_ARGS, "rw> bindDn: \"%s\" -> \"%s\"\n",
- op->o_req_dn.bv_val, mdn.bv_val, 0 );
-#endif /* !NEW_LOGGING */
- break;
-
- case REWRITE_REGEXEC_UNWILLING:
- send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM,
- "Operation not allowed" );
- return( -1 );
-
- case REWRITE_REGEXEC_ERR:
- send_ldap_error( op, rs, LDAP_OTHER,
- "Rewrite error" );
- return( -1 );
+ dc.conn = op->o_conn;
+ dc.rs = rs;
+ dc.ctx = "bindDn";
+#else
+ dc.tofrom = 1;
+ dc.normalized = 0;
+#endif
+ if ( ldap_back_dn_massage( &dc, &op->o_req_dn, &mdn ) ) {
+ send_ldap_result( op, rs );
+ return -1;
}
-#else /* !ENABLE_REWRITE */
- ldap_back_dn_massage( li, &op->o_req_dn, &mdn, 0, 1 );
-#endif /* !ENABLE_REWRITE */
if ( lc->bound_dn.bv_val ) {
ch_free( lc->bound_dn.bv_val );
/* Looks like we didn't get a bind. Open a new session... */
if (!lc) {
- int vers = op->o_conn->c_protocol;
+ int vers = op->o_protocol;
rs->sr_err = ldap_initialize(&ld, li->url);
if (rs->sr_err != LDAP_SUCCESS) {
if (rs->sr_text == NULL) {
rs->sr_text = "ldap_initialize() failed";
}
- send_ldap_result( op, rs );
+ if (op->o_conn) send_ldap_result( op, rs );
rs->sr_text = NULL;
return( NULL );
}
} else {
lc->cred.bv_len = 0;
lc->cred.bv_val = NULL;
+ lc->bound_dn.bv_val = NULL;
+ lc->bound_dn.bv_len = 0;
if ( op->o_conn->c_dn.bv_len != 0
&& ( op->o_bd == op->o_conn->c_authz_backend ) ) {
+ dncookie dc;
+ struct berval bv;
+
/*
* Rewrite the bind dn if needed
*/
-#ifdef ENABLE_REWRITE
- lc->bound_dn.bv_val = NULL;
- lc->bound_dn.bv_len = 0;
- switch ( rewrite_session( li->rwinfo, "bindDn",
- op->o_conn->c_dn.bv_val,
- op->o_conn,
- &lc->bound_dn.bv_val ) ) {
- case REWRITE_REGEXEC_OK:
- if ( lc->bound_dn.bv_val == NULL ) {
- ber_dupbv( &lc->bound_dn,
- &op->o_conn->c_dn );
- } else {
- lc->bound_dn.bv_len = strlen( lc->bound_dn.bv_val );
- }
-#ifdef NEW_LOGGING
- LDAP_LOG( BACK_LDAP, DETAIL1,
- "[rw] bindDn: \"%s\" ->"
- " \"%s\"\n",
- op->o_conn->c_dn.bv_val,
- lc->bound_dn.bv_val, 0 );
-#else /* !NEW_LOGGING */
- Debug( LDAP_DEBUG_ARGS,
- "rw> bindDn: \"%s\" ->"
- " \"%s\"\n",
- op->o_conn->c_dn.bv_val,
- lc->bound_dn.bv_val, 0 );
-#endif /* !NEW_LOGGING */
- break;
-
- case REWRITE_REGEXEC_UNWILLING:
- send_ldap_error( op, rs,
- LDAP_UNWILLING_TO_PERFORM,
- "Operation not allowed" );
- return( NULL );
-
- case REWRITE_REGEXEC_ERR:
- send_ldap_error( op, rs,
- LDAP_OTHER,
- "Rewrite error" );
- return( NULL );
+ dc.li = li;
+#ifdef ENABLE_REWRITE
+ dc.conn = op->o_conn;
+ dc.rs = rs;
+ dc.ctx = "bindDn";
+#else
+ dc.tofrom = 1;
+ dc.normalized = 0;
+#endif
+
+ if ( ldap_back_dn_massage( &dc, &op->o_conn->c_dn, &bv ) ) {
+ if (op->o_conn) send_ldap_result( op, rs );
+ return NULL;
}
-#else /* !ENABLE_REWRITE */
- struct berval bv;
- ldap_back_dn_massage( li, &op->o_conn->c_dn, &bv, 0, 1 );
if ( bv.bv_val == op->o_conn->c_dn.bv_val ) {
ber_dupbv( &lc->bound_dn, &bv );
} else {
lc->bound_dn = bv;
}
-#endif /* !ENABLE_REWRITE */
-
- } else {
- lc->bound_dn.bv_val = NULL;
- lc->bound_dn.bv_len = 0;
}
}
/* Err could be -1 in case a duplicate ldapconn is inserted */
if ( rs->sr_err != 0 ) {
ldap_back_conn_free( lc );
- send_ldap_error( op, rs, LDAP_OTHER,
- "internal server error" );
+ if (op->o_conn) {
+ send_ldap_error( op, rs, LDAP_OTHER,
+ "internal server error" );
+ }
return( NULL );
}
} else {
rs->sr_err = ldap_back_map_result(rs);
/* internal ops must not reply to client */
- if ( op->o_conn && !op->o_do_not_cache ) {
+ if ( op->o_conn && !op->o_do_not_cache && match ) {
+ struct berval dn, mdn;
+ dncookie dc;
+
+ dc.li = li;
#ifdef ENABLE_REWRITE
- if (match) {
-
- switch(rewrite_session(li->rwinfo, "matchedDn", match, op->o_conn,
- (char **)&rs->sr_matched)) {
- case REWRITE_REGEXEC_OK:
- if (!rs->sr_matched) rs->sr_matched = match; break;
- case REWRITE_REGEXEC_UNWILLING:
- case REWRITE_REGEXEC_ERR:
- break;
- }
- }
+ dc.conn = op->o_conn;
+ dc.rs = rs;
+ dc.ctx = "matchedDn";
#else
- struct berval dn, mdn;
- if (match) {
- ber_str2bv(match, 0, 0, &dn);
- ldap_back_dn_massage(li, &dn, &mdn, 0, 0);
- rs->sr_matched = mdn.bv_val;
- }
+ dc.tofrom = 0;
+ dc.normalized = 0;
#endif
+ ber_str2bv(match, 0, 0, &dn);
+ ldap_back_dn_massage(&dc, &dn, &mdn);
+ rs->sr_matched = mdn.bv_val;
+
}
}
if (op->o_conn && (sendok || rs->sr_err != LDAP_SUCCESS)) {
{
struct ldapinfo *li = (struct ldapinfo *) op->o_bd->be_private;
struct ldapconn *lc;
- struct berval mapped_oc, mapped_at;
+ struct berval mapped_at, mapped_val;
struct berval mdn = { 0, NULL };
ber_int_t msgid;
+ int freeval = 0;
+ dncookie dc;
lc = ldap_back_getconn(op, rs);
if (!lc || !ldap_back_dobind( lc, op, rs ) ) {
/*
* Rewrite the compare dn, if needed
*/
+ dc.li = li;
#ifdef ENABLE_REWRITE
- switch ( rewrite_session( li->rwinfo, "compareDn", op->o_req_dn.bv_val, op->o_conn, &mdn.bv_val ) ) {
- case REWRITE_REGEXEC_OK:
- if ( mdn.bv_val == NULL ) {
- mdn.bv_val = ( char * )op->o_req_dn.bv_val;
- }
-#ifdef NEW_LOGGING
- LDAP_LOG( BACK_LDAP, DETAIL1,
- "[rw] compareDn: \"%s\" -> \"%s\"\n", op->o_req_dn.bv_val, mdn.bv_val, 0 );
-#else /* !NEW_LOGGING */
- Debug( LDAP_DEBUG_ARGS, "rw> compareDn: \"%s\" -> \"%s\"\n%s",
- op->o_req_dn.bv_val, mdn.bv_val, "" );
-#endif /* !NEW_LOGGING */
- break;
-
- case REWRITE_REGEXEC_UNWILLING:
- send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM,
- "Operation not allowed" );
- return( -1 );
-
- case REWRITE_REGEXEC_ERR:
- send_ldap_error( op, rs, LDAP_OTHER,
- "Rewrite error" );
- return( -1 );
+ dc.conn = op->o_conn;
+ dc.rs = rs;
+ dc.ctx = "compareDn";
+#else
+ dc.tofrom = 1;
+ dc.normalized = 0;
+#endif
+ if ( ldap_back_dn_massage( &dc, &op->o_req_dn, &mdn ) ) {
+ send_ldap_result( op, rs );
+ return -1;
}
-#else /* !ENABLE_REWRITE */
- ldap_back_dn_massage( li, &op->o_req_dn, &mdn, 0, 1 );
- if ( mdn.bv_val == NULL ) {
- return -1;
- }
-#endif /* !ENABLE_REWRITE */
if ( op->oq_compare.rs_ava->aa_desc == slap_schema.si_ad_objectClass ) {
- ldap_back_map(&li->oc_map, &op->oq_compare.rs_ava->aa_desc->ad_cname, &mapped_oc,
+ ldap_back_map(&li->oc_map, &op->orc_ava->aa_value, &mapped_val,
BACKLDAP_MAP);
- if (mapped_oc.bv_val == NULL || mapped_oc.bv_val[0] == '\0') {
+ if (mapped_val.bv_val == NULL || mapped_val.bv_val[0] == '\0') {
return( -1 );
}
-
+ mapped_at = op->orc_ava->aa_desc->ad_cname;
} else {
- ldap_back_map(&li->at_map, &op->oq_compare.rs_ava->aa_value, &mapped_at,
+ ldap_back_map(&li->at_map, &op->orc_ava->aa_desc->ad_cname, &mapped_at,
BACKLDAP_MAP);
if (mapped_at.bv_val == NULL || mapped_at.bv_val[0] == '\0') {
return( -1 );
}
+ if (op->orc_ava->aa_desc->ad_type->sat_syntax == slap_schema.si_syn_distinguishedName ) {
+#ifdef ENABLE_REWRITE
+ dc.ctx = "dnAttr";
+#endif
+ ldap_back_dn_massage( &dc, &op->orc_ava->aa_value, &mapped_val );
+ if (mapped_val.bv_val == NULL || mapped_val.bv_val[0] == '\0') {
+ mapped_val = op->orc_ava->aa_value;
+ }
+ }
}
- rs->sr_err = ldap_compare_ext( lc->ld, mdn.bv_val, mapped_oc.bv_val,
- &mapped_at, op->o_ctrls, NULL, &msgid );
+ rs->sr_err = ldap_compare_ext( lc->ld, mdn.bv_val, mapped_at.bv_val,
+ &mapped_val, op->o_ctrls, NULL, &msgid );
if ( mdn.bv_val != op->o_req_dn.bv_val ) {
free( mdn.bv_val );
struct ldapinfo *li = (struct ldapinfo *) op->o_bd->be_private;
struct ldapconn *lc;
ber_int_t msgid;
+ dncookie dc;
struct berval mdn = { 0, NULL };
/*
* Rewrite the request dn, if needed
*/
+ dc.li = li;
#ifdef ENABLE_REWRITE
- switch ( rewrite_session( li->rwinfo, "deleteDn", op->o_req_dn.bv_val, op->o_conn, &mdn.bv_val ) ) {
- case REWRITE_REGEXEC_OK:
- if ( mdn.bv_val == NULL ) {
- mdn.bv_val = ( char * )op->o_req_dn.bv_val;
- }
-#ifdef NEW_LOGGING
- LDAP_LOG( BACK_LDAP, DETAIL1,
- "[rw] deleteDn: \"%s\" -> \"%s\"\n", op->o_req_dn.bv_val, mdn.bv_val, 0 );
-#else /* !NEW_LOGGING */
- Debug( LDAP_DEBUG_ARGS, "rw> deleteDn: \"%s\" -> \"%s\"\n%s",
- op->o_req_dn.bv_val, mdn.bv_val, "" );
-#endif /* !NEW_LOGGING */
- break;
-
- case REWRITE_REGEXEC_UNWILLING:
- send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM,
- "Operation not allowed" );
- return( -1 );
-
- case REWRITE_REGEXEC_ERR:
- send_ldap_error( op, rs, LDAP_OTHER,
- "Rewrite error" );
- return( -1 );
+ dc.conn = op->o_conn;
+ dc.rs = rs;
+ dc.ctx = "deleteDn";
+#else
+ dc.tofrom = 1;
+ dc.normalized = 0;
+#endif
+ if ( ldap_back_dn_massage( &dc, &op->o_req_dn, &mdn ) ) {
+ send_ldap_result( op, rs );
+ return -1;
}
-#else /* !ENABLE_REWRITE */
- ldap_back_dn_massage( li, &op->o_req_dn, &mdn, 0, 1 );
-#endif /* !ENABLE_REWRITE */
rs->sr_err = ldap_delete_ext( lc->ld, mdn.bv_val, op->o_ctrls,
NULL, &msgid );
LDAPMessage *res;
ber_int_t msgid;
int rc;
+ dncookie dc;
lc = ldap_back_getconn(op, rs);
if (!lc || !ldap_back_dobind(lc, op, rs) ) {
return LDAP_UNWILLING_TO_PERFORM;
}
if (id.bv_len) {
+ dc.li = li;
#ifdef ENABLE_REWRITE
- switch ( rewrite_session( li->rwinfo, "modifyPwd", dn.bv_val, op->o_conn, &mdn.bv_val ) ) {
- case REWRITE_REGEXEC_OK:
- if ( mdn.bv_val == NULL ) {
- mdn.bv_val = dn.bv_val;
- }
- mdn.bv_len = strlen(mdn.bv_val);
-#ifdef NEW_LOGGING
- LDAP_LOG( BACK_LDAP, DETAIL1,
- "[rw] modifyPwd: \"%s\" -> \"%s\"\n", dn.bv_val, mdn.bv_val, 0 );
-#else /* !NEW_LOGGING */
- Debug( LDAP_DEBUG_ARGS, "rw> modifyPwd: \"%s\" -> \"%s\"\n%s",
- dn.bv_val, mdn.bv_val, "" );
-#endif /* !NEW_LOGGING */
- break;
-
- case REWRITE_REGEXEC_UNWILLING:
- send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM,
- "Operation not allowed" );
- return( -1 );
-
- case REWRITE_REGEXEC_ERR:
- send_ldap_error( op, rs, LDAP_OTHER,
- "Rewrite error" );
- return( -1 );
+ dc.conn = op->o_conn;
+ dc.rs = rs;
+ dc.ctx = "modifyPwd";
+#else
+ dc.tofrom = 1;
+ dc.normalized = 0;
+#endif
+ if ( ldap_back_dn_massage( &dc, &dn, &mdn ) ) {
+ send_ldap_result( op, rs );
+ return -1;
}
-#else /* !ENABLE_REWRITE */
- ldap_back_dn_massage( li, &dn, &mdn, 0, 1 );
-#endif /* !ENABLE_REWRITE */
}
rc = ldap_passwd(lc->ld, id.bv_len ? &mdn : NULL, old.bv_len ? &old : NULL,
li->be = be;
be->be_private = li;
+ be->be_flags |= SLAP_BFLAG_NOLASTMOD;
return 0;
}
struct berval mapped;
struct berval mdn = { 0, NULL };
ber_int_t msgid;
+ dncookie dc;
lc = ldap_back_getconn(op, rs);
if ( !lc || !ldap_back_dobind( lc, op, rs ) ) {
/*
* Rewrite the modify dn, if needed
*/
+ dc.li = li;
#ifdef ENABLE_REWRITE
- switch ( rewrite_session( li->rwinfo, "modifyDn", op->o_req_dn.bv_val, op->o_conn, &mdn.bv_val ) ) {
- case REWRITE_REGEXEC_OK:
- if ( mdn.bv_val == NULL ) {
- mdn.bv_val = ( char * )op->o_req_dn.bv_val;
- }
-#ifdef NEW_LOGGING
- LDAP_LOG( BACK_LDAP, DETAIL1,
- "[rw] modifyDn: \"%s\" -> \"%s\"\n", op->o_req_dn.bv_val, mdn.bv_val, 0 );
-#else /* !NEW_LOGGING */
- Debug( LDAP_DEBUG_ARGS, "rw> modifyDn: \"%s\" -> \"%s\"\n%s",
- op->o_req_dn.bv_val, mdn.bv_val, "" );
-#endif /* !NEW_LOGGING */
- break;
-
- case REWRITE_REGEXEC_UNWILLING:
- send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM,
- "Operation not allowed" );
- return( -1 );
-
- case REWRITE_REGEXEC_ERR:
- send_ldap_error( op, rs, LDAP_OTHER,
- "Rewrite error" );
- return( -1 );
+ dc.conn = op->o_conn;
+ dc.rs = rs;
+ dc.ctx = "modifyDn";
+#else
+ dc.tofrom = 1;
+ dc.normalized = 0;
+#endif
+ if ( ldap_back_dn_massage( &dc, &op->o_req_dn, &mdn ) ) {
+ send_ldap_result( op, rs );
+ return -1;
}
-#else /* !ENABLE_REWRITE */
- ldap_back_dn_massage( li, &op->o_req_dn, &mdn, 0, 1 );
-#endif /* !ENABLE_REWRITE */
for (i=0, ml=op->oq_modify.rs_modlist; ml; i++,ml=ml->sml_next)
;
mods[i].mod_op = ml->sml_op | LDAP_MOD_BVALUES;
mods[i].mod_type = mapped.bv_val;
-#ifdef ENABLE_REWRITE
- /*
- * FIXME: dn-valued attrs should be rewritten
- * to allow their use in ACLs at the back-ldap
- * level.
- */
- if ( strcmp( ml->sml_desc->ad_type->sat_syntax->ssyn_oid,
- SLAPD_DN_SYNTAX ) == 0 ) {
- ldap_dnattr_rewrite( li->rwinfo,
- ml->sml_bvalues, op->o_conn );
+ if ( ml->sml_desc->ad_type->sat_syntax ==
+ slap_schema.si_syn_distinguishedName ) {
+ ldap_dnattr_rewrite( &dc, ml->sml_bvalues );
}
-#endif /* ENABLE_REWRITE */
if ( ml->sml_bvalues != NULL ) {
for (j = 0; ml->sml_bvalues[j].bv_val; j++);
struct ldapinfo *li = (struct ldapinfo *) op->o_bd->be_private;
struct ldapconn *lc;
ber_int_t msgid;
+ dncookie dc;
struct berval mdn = { 0, NULL }, mnewSuperior = { 0, NULL };
return( -1 );
}
- if (op->oq_modrdn.rs_newSup) {
+ dc.li = li;
+#ifdef ENABLE_REWRITE
+ dc.conn = op->o_conn;
+ dc.rs = rs;
+#else
+ dc.tofrom = 1;
+ dc.normalized = 0;
+#endif
+ if (op->orr_newSup) {
int version = LDAP_VERSION3;
ldap_set_option( lc->ld, LDAP_OPT_PROTOCOL_VERSION, &version);
* Rewrite the new superior, if defined and required
*/
#ifdef ENABLE_REWRITE
- switch ( rewrite_session( li->rwinfo, "newSuperiorDn",
- op->oq_modrdn.rs_newSup->bv_val, op->o_conn, &mnewSuperior.bv_val ) ) {
- case REWRITE_REGEXEC_OK:
- if ( mnewSuperior.bv_val == NULL ) {
- mnewSuperior.bv_val = ( char * )op->oq_modrdn.rs_newSup->bv_val;
- }
-#ifdef NEW_LOGGING
- LDAP_LOG( BACK_LDAP, DETAIL1,
- "[rw] newSuperiorDn:" " \"%s\" -> \"%s\"\n",
- op->oq_modrdn.rs_newSup->bv_val, mnewSuperior.bv_val, 0 );
-#else /* !NEW_LOGGING */
- Debug( LDAP_DEBUG_ARGS, "rw> newSuperiorDn:"
- " \"%s\" -> \"%s\"\n%s",
- op->oq_modrdn.rs_newSup->bv_val, mnewSuperior.bv_val, "" );
-#endif /* !NEW_LOGGING */
- break;
-
- case REWRITE_REGEXEC_UNWILLING:
- send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM,
- "Operation not allowed" );
- return( -1 );
-
- case REWRITE_REGEXEC_ERR:
- send_ldap_error( op, rs, LDAP_OTHER,
- "Rewrite error" );
- return( -1 );
+ dc.ctx = "newSuperiorDn";
+#endif
+ if ( ldap_back_dn_massage( &dc, op->orr_newSup,
+ &mnewSuperior ) ) {
+ send_ldap_result( op, rs );
+ return -1;
}
-#else /* !ENABLE_REWRITE */
- ldap_back_dn_massage( li, op->oq_modrdn.rs_newSup, &mnewSuperior, 0, 1 );
- if ( mnewSuperior.bv_val == NULL ) {
- return( -1 );
- }
-#endif /* !ENABLE_REWRITE */
}
-#ifdef ENABLE_REWRITE
/*
* Rewrite the modrdn dn, if required
*/
- switch ( rewrite_session( li->rwinfo, "modrDn", op->o_req_dn.bv_val, op->o_conn, &mdn.bv_val ) ) {
- case REWRITE_REGEXEC_OK:
- if ( mdn.bv_val == NULL ) {
- mdn.bv_val = ( char * )op->o_req_dn.bv_val;
- }
-#ifdef NEW_LOGGING
- LDAP_LOG( BACK_LDAP, DETAIL1,
- "[rw] modrDn: \"%s\" -> \"%s\"\n", op->o_req_dn.bv_val, mdn.bv_val, 0 );
-#else /* !NEW_LOGGING */
- Debug( LDAP_DEBUG_ARGS, "rw> modrDn: \"%s\" -> \"%s\"\n%s",
- op->o_req_dn.bv_val, mdn.bv_val, "" );
-#endif /* !NEW_LOGGING */
- break;
-
- case REWRITE_REGEXEC_UNWILLING:
- send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM,
- "Operation not allowed" );
- return( -1 );
-
- case REWRITE_REGEXEC_ERR:
- send_ldap_error( op, rs, LDAP_OTHER,
- "Rewrite error" );
- return( -1 );
+#ifdef ENABLE_REWRITE
+ dc.ctx = "modrDn";
+#endif
+ if ( ldap_back_dn_massage( &dc, &op->o_req_dn, &mdn ) ) {
+ send_ldap_result( op, rs );
+ return -1;
}
-#else /* !ENABLE_REWRITE */
- ldap_back_dn_massage( li, &op->o_req_dn, &mdn, 0, 1 );
-#endif /* !ENABLE_REWRITE */
rs->sr_err = ldap_rename( lc->ld, mdn.bv_val,
- op->oq_modrdn.rs_newrdn.bv_val, mnewSuperior.bv_val,
- op->oq_modrdn.rs_deleteoldrdn, op->o_ctrls,
+ op->orr_newrdn.bv_val, mnewSuperior.bv_val,
+ op->orr_deleteoldrdn, op->o_ctrls,
NULL, &msgid );
if ( mdn.bv_val != op->o_req_dn.bv_val ) {
struct berval mfilter = { 0, NULL };
struct slap_limits_set *limit = NULL;
int isroot = 0;
+ dncookie dc;
lc = ldap_back_getconn(op, rs);
if ( !lc ) {
/*
* Rewrite the search base, if required
*/
+ dc.li = li;
#ifdef ENABLE_REWRITE
- switch ( rewrite_session( li->rwinfo, "searchBase",
- op->o_req_dn.bv_val, op->o_conn, &mbase.bv_val ) ) {
- case REWRITE_REGEXEC_OK:
- if ( mbase.bv_val == NULL ) {
- mbase = op->o_req_dn;
- } else {
- mbase.bv_len = strlen( mbase.bv_val );
- }
-#ifdef NEW_LOGGING
- LDAP_LOG( BACK_LDAP, DETAIL1,
- "[rw] searchBase: \"%s\" -> \"%s\"\n",
- op->o_req_dn.bv_val, mbase.bv_val, 0 );
-#else /* !NEW_LOGGING */
- Debug( LDAP_DEBUG_ARGS, "rw> searchBase: \"%s\" -> \"%s\"\n%s",
- op->o_req_dn.bv_val, mbase.bv_val, "" );
-#endif /* !NEW_LOGGING */
- break;
-
- case REWRITE_REGEXEC_UNWILLING:
- rs->sr_err = LDAP_UNWILLING_TO_PERFORM;
- rs->sr_text = "Operation not allowed";
- rc = -1;
- goto finish;
-
- case REWRITE_REGEXEC_ERR:
- rs->sr_err = LDAP_OTHER;
- rs->sr_text = "Rewrite error";
- rc = -1;
- goto finish;
+ dc.conn = op->o_conn;
+ dc.rs = rs;
+ dc.ctx = "searchBase";
+#else
+ dc.tofrom = 1;
+ dc.normalized = 0;
+#endif
+ if ( ldap_back_dn_massage( &dc, &op->o_req_dn, &mbase ) ) {
+ send_ldap_result( op, rs );
+ return -1;
}
-#else /* !ENABLE_REWRITE */
- ldap_back_dn_massage( li, &op->o_req_dn, &mbase, 0, 1 );
-#endif /* !ENABLE_REWRITE */
-
#ifdef ENABLE_REWRITE
rc = ldap_back_filter_map_rewrite_( li->rwinfo, op->o_conn,
&li->at_map, &li->oc_map, op->oq_search.rs_filter, &mfilter,
if (rc == -1)
goto fail;
-#ifdef ENABLE_REWRITE
/*
* Rewrite the matched portion of the search base, if required
*/
- if ( match != NULL ) {
- switch ( rewrite_session( li->rwinfo, "matchedDn",
- match, op->o_conn, (char **)&rs->sr_matched ) ) {
- case REWRITE_REGEXEC_OK:
- if ( rs->sr_matched == NULL ) {
- rs->sr_matched = ( char * )match;
- }
-#ifdef NEW_LOGGING
- LDAP_LOG( BACK_LDAP, DETAIL1,
- "[rw] matchedDn:" " \"%s\" -> \"%s\"\n", match, rs->sr_matched, 0 );
-#else /* !NEW_LOGGING */
- Debug( LDAP_DEBUG_ARGS, "rw> matchedDn:"
- " \"%s\" -> \"%s\"\n%s",
- match, rs->sr_matched, "" );
-#endif /* !NEW_LOGGING */
- break;
-
- case REWRITE_REGEXEC_UNWILLING:
-
- case REWRITE_REGEXEC_ERR:
- /* FIXME: no error, but no matched ... */
- rs->sr_matched = NULL;
- break;
- }
- }
-#else /* !ENABLE_REWRITE */
if ( match != NULL ) {
struct berval dn, mdn;
+#ifdef ENABLE_REWRITE
+ dc.ctx = "matchedDn";
+#else
+ dc.tofrom = 0;
+ dc.normalized = 0;
+#endif
ber_str2bv(match, 0, 0, &dn);
- ldap_back_dn_massage(li, &dn, &mdn, 0, 0);
+ ldap_back_dn_massage(&dc, &dn, &mdn);
rs->sr_matched = mdn.bv_val;
}
-#endif /* !ENABLE_REWRITE */
if ( rs->sr_v2ref ) {
rs->sr_err = LDAP_REFERRAL;
}
int last;
int private = flags & LDAP_BUILD_ENTRY_PRIVATE;
int normalize = flags & LDAP_BUILD_ENTRY_NORMALIZE;
+ dncookie dc;
/* safe assumptions ... */
assert( ent );
if ( ber_scanf( &ber, "{m{", bdn ) == LBER_ERROR ) {
return LDAP_DECODING_ERROR;
}
-#ifdef ENABLE_REWRITE
/*
* Rewrite the dn of the result, if needed
*/
- switch ( rewrite_session( li->rwinfo, "searchResult",
- bdn->bv_val, op->o_conn,
- &ent->e_name.bv_val ) ) {
- case REWRITE_REGEXEC_OK:
- if ( ent->e_name.bv_val == NULL ) {
- ent->e_name = *bdn;
- } else {
-#ifdef NEW_LOGGING
- LDAP_LOG( BACK_LDAP, DETAIL1,
- "[rw] searchResult: \"%s\"" " -> \"%s\"\n",
- bdn->bv_val, ent->e_dn, 0 );
-#else /* !NEW_LOGGING */
- Debug( LDAP_DEBUG_ARGS, "rw> searchResult: \"%s\""
- " -> \"%s\"\n%s", bdn->bv_val, ent->e_dn, "" );
-#endif /* !NEW_LOGGING */
- ent->e_name.bv_len = strlen( ent->e_name.bv_val );
- }
- break;
-
- case REWRITE_REGEXEC_ERR:
- case REWRITE_REGEXEC_UNWILLING:
+ dc.li = li;
+#ifdef ENABLE_REWRITE
+ dc.conn = op->o_conn;
+ dc.rs = NULL;
+ dc.ctx = "searchResult";
+#else
+ dc.tofrom = 0;
+ dc.normalized = 0;
+#endif
+ if ( ldap_back_dn_massage( &dc, bdn, &ent->e_name ) ) {
return LDAP_OTHER;
}
-#else /* !ENABLE_REWRITE */
- ldap_back_dn_massage( li, bdn, &ent->e_name, 0, 0 );
-#endif /* !ENABLE_REWRITE */
/*
* Note: this may fail if the target host(s) schema differs
* ACLs to the target directory server, and letting
* everything pass thru the ldap backend.
*/
- } else if ( strcmp( attr->a_desc->ad_type->sat_syntax->ssyn_oid,
- SLAPD_DN_SYNTAX ) == 0 ) {
+ } else if ( attr->a_desc->ad_type->sat_syntax ==
+ slap_schema.si_syn_distinguishedName ) {
for ( bv = attr->a_vals; bv->bv_val; bv++ ) {
- struct berval newval;
+ struct berval newval = {0,NULL};
-#ifdef ENABLE_REWRITE
- switch ( rewrite_session( li->rwinfo,
- "searchResult",
- bv->bv_val,
- op->o_conn,
- &newval.bv_val )) {
- case REWRITE_REGEXEC_OK:
- /* left as is */
- if ( newval.bv_val == NULL ) {
- break;
- }
- newval.bv_len = strlen( newval.bv_val );
-#ifdef NEW_LOGGING
- LDAP_LOG( BACK_LDAP, DETAIL1,
- "[rw] searchResult on attr=%s: \"%s\" -> \"%s\"\n",
- attr->a_desc->ad_type->sat_cname.bv_val,
- bv->bv_val, newval.bv_val );
-#else /* !NEW_LOGGING */
- Debug( LDAP_DEBUG_ARGS,
- "rw> searchResult on attr=%s: \"%s\" -> \"%s\"\n",
- attr->a_desc->ad_type->sat_cname.bv_val,
- bv->bv_val, newval.bv_val );
-#endif /* !NEW_LOGGING */
- free( bv->bv_val );
- *bv = newval;
- break;
-
- case REWRITE_REGEXEC_UNWILLING:
- LBER_FREE(bv->bv_val);
- bv->bv_val = NULL;
- if (--last < 0)
- goto next_attr;
- *bv = attr->a_vals[last];
- attr->a_vals[last].bv_val = NULL;
- bv--;
- break;
-
- case REWRITE_REGEXEC_ERR:
- /*
- * FIXME: better give up,
- * skip the attribute
- * or leave it untouched?
- */
- break;
- }
-#else /* !ENABLE_REWRITE */
- ldap_back_dn_massage( li, bv, &newval, 0, 0 );
- if ( bv->bv_val != newval.bv_val ) {
+ ldap_back_dn_massage( &dc, bv, &newval );
+ if ( newval.bv_val && bv->bv_val != newval.bv_val ) {
LBER_FREE( bv->bv_val );
+ *bv = newval;
}
- *bv = newval;
-#endif /* !ENABLE_REWRITE */
}
}
char *filter = NULL;
Connection *oconn;
SlapReply rs;
+ dncookie dc;
/* Tell getconn this is a privileged op */
is_oc = op->o_do_not_cache;
/*
* Rewrite the search base, if required
*/
+ dc.li = li;
#ifdef ENABLE_REWRITE
- switch ( rewrite_session( li->rwinfo, "searchBase",
- ndn->bv_val, op->o_conn, &mdn.bv_val ) ) {
- case REWRITE_REGEXEC_OK:
- if ( mdn.bv_val == NULL ) {
- mdn = *ndn;
- } else {
- mdn.bv_len = strlen( mdn.bv_val );
- }
-
-#ifdef NEW_LOGGING
- LDAP_LOG( BACK_LDAP, DETAIL1,
- "[rw] searchBase: \"%s\" -> \"%s\"\n",
- ndn->bv_val, mdn.bv_val, 0 );
-#else /* !NEW_LOGGING */
- Debug( LDAP_DEBUG_ARGS, "rw> searchBase: \"%s\" -> \"%s\"\n",
- ndn->bv_val, mdn.bv_val, 0 );
-#endif /* !NEW_LOGGING */
- break;
-
- case REWRITE_REGEXEC_UNWILLING:
- case REWRITE_REGEXEC_ERR:
+ dc.conn = op->o_conn;
+ dc.rs = &rs;
+ dc.ctx = "searchBase";
+#else
+ dc.tofrom = 1;
+ dc.normalized = 1;
+#endif
+ if ( ldap_back_dn_massage( &dc, ndn, &mdn ) ) {
return 1;
}
-#else /* !ENABLE_REWRITE */
- ldap_back_dn_massage( li, ndn, &mdn, 0, 1 );
-#endif /* !ENABLE_REWRITE */
-
ldap_back_map(&li->at_map, &at->ad_cname, &mapped, BACKLDAP_MAP);
if (mapped.bv_val == NULL || mapped.bv_val[0] == '\0') {
rc = 1;
#include "portable.h"
-#ifndef ENABLE_REWRITE
-
#include <stdio.h>
#include <ac/socket.h>
#include "slap.h"
#include "back-ldap.h"
+#ifdef ENABLE_REWRITE
+int
+ldap_back_dn_massage(
+ dncookie *dc,
+ struct berval *dn,
+ struct berval *res
+)
+{
+ int rc = 0;
+
+ switch (rewrite_session( dc->li->rwinfo, dc->ctx, dn->bv_val, dc->conn,
+ &res->bv_val )) {
+ case REWRITE_REGEXEC_OK:
+ if ( res->bv_val != NULL && res->bv_val[ 0 ] != '\0' ) {
+ res->bv_len = strlen( res->bv_val );
+ } else {
+ *res = *dn;
+ }
+#ifdef NEW_LOGGING
+ LDAP_LOG( BACK_LDAP, DETAIL1,
+ "[rw] %s: \"%s\" -> \"%s\"\n", dc->ctx, dn->bv_val, res->bv_val );
+#else /* !NEW_LOGGING */
+ Debug( LDAP_DEBUG_ARGS,
+ "[rw] %s: \"%s\" -> \"%s\"\n", dc->ctx, dn->bv_val, res->bv_val );
+#endif /* !NEW_LOGGING */
+ break;
+
+ case REWRITE_REGEXEC_UNWILLING:
+ if ( dc->rs ) {
+ dc->rs->sr_err = LDAP_UNWILLING_TO_PERFORM;
+ dc->rs->sr_text = "Operation not allowed";
+ }
+ rc = -1;
+ break;
+
+ case REWRITE_REGEXEC_ERR:
+ if ( dc->rs ) {
+ dc->rs->sr_err = LDAP_OTHER;
+ dc->rs->sr_text = "Rewrite error";
+ }
+ rc = -1;
+ break;
+ }
+ return rc;
+}
+
+#else
/*
* ldap_back_dn_massage
*
* Aliases the suffix; based on suffix_alias (servers/slapd/suffixalias.c).
*/
-void
+int
ldap_back_dn_massage(
- struct ldapinfo *li,
+ dncookie *dc,
struct berval *dn,
- struct berval *res,
- int normalized,
- int tofrom
+ struct berval *res
)
{
int i, src, dst;
+ struct berval pretty = {0,NULL};
assert( res );
- if ( dn == NULL ) {
+ if ( dn == NULL ) {
res->bv_val = NULL;
res->bv_len = 0;
- return;
+ return 0;
}
- if ( li == NULL || li->suffix_massage == NULL ) {
+ if ( dc->li == NULL || dc->li->suffix_massage == NULL ) {
*res = *dn;
- return;
+ return 0;
}
- if ( tofrom ) {
- src = 0 + normalized;
- dst = 2 + normalized;
+ if ( dc->tofrom ) {
+ src = 0 + dc->normalized;
+ dst = 2 + dc->normalized;
} else {
- src = 2 + normalized;
- dst = 0 + normalized;
+ src = 2 + dc->normalized;
+ dst = 0 + dc->normalized;
+ /* DN from remote server may be in arbitrary form.
+ * Pretty it so we can parse reliably.
+ */
+ dnPretty2( NULL, dn, &pretty );
+ if (pretty.bv_val) dn = &pretty;
}
- for ( i = 0;
- li->suffix_massage[i].bv_val != NULL;
- i += 4 ) {
- int aliasLength = li->suffix_massage[i+src].bv_len;
- int diff = dn->bv_len - aliasLength;
+ for ( i = 0;
+ dc->li->suffix_massage[i].bv_val != NULL;
+ i += 4 ) {
+ int aliasLength = dc->li->suffix_massage[i+src].bv_len;
+ int diff = dn->bv_len - aliasLength;
- if ( diff < 0 ) {
- /* alias is longer than dn */
- continue;
- } else if ( diff > 0 ) {
- if ( normalized && ( ! DN_SEPARATOR(dn->bv_val[diff-1]) ) ) {
- /* boundary is not at a DN separator */
- continue;
- }
- /* At a DN Separator */
- /* XXX or an escaped separator... oh well */
- }
+ if ( diff < 0 ) {
+ /* alias is longer than dn */
+ continue;
+ } else if ( diff > 0 && ( !DN_SEPARATOR(dn->bv_val[diff-1]))) {
+ /* boundary is not at a DN separator */
+ continue;
+ /* At a DN Separator */
+ }
- if ( !strcmp( li->suffix_massage[i+src].bv_val, &dn->bv_val[diff] ) ) {
- res->bv_len = diff + li->suffix_massage[i+dst].bv_len;
- res->bv_val = ch_malloc( res->bv_len + 1 );
- strncpy( res->bv_val, dn->bv_val, diff );
- strcpy( &res->bv_val[diff], li->suffix_massage[i+dst].bv_val );
+ if ( !strcmp( dc->li->suffix_massage[i+src].bv_val, &dn->bv_val[diff] ) ) {
+ res->bv_len = diff + dc->li->suffix_massage[i+dst].bv_len;
+ res->bv_val = ch_malloc( res->bv_len + 1 );
+ strncpy( res->bv_val, dn->bv_val, diff );
+ strcpy( &res->bv_val[diff], dc->li->suffix_massage[i+dst].bv_val );
#ifdef NEW_LOGGING
LDAP_LOG ( BACK_LDAP, ARGS,
"ldap_back_dn_massage: converted \"%s\" to \"%s\"\n",
dn->bv_val, res->bv_val, 0 );
#else
- Debug( LDAP_DEBUG_ARGS,
- "ldap_back_dn_massage:"
+ Debug( LDAP_DEBUG_ARGS,
+ "ldap_back_dn_massage:"
" converted \"%s\" to \"%s\"\n",
- dn->bv_val, res->bv_val, 0 );
+ dn->bv_val, res->bv_val, 0 );
#endif
- break;
- }
- }
+ break;
+ }
+ }
+ /* Nothing matched, just return the original DN */
+ if (res->bv_val == NULL) {
+ *res = *dn;
+ }
+ if (pretty.bv_val) {
+ ch_free(pretty.bv_val);
+ }
- return;
+ return 0;
}
#endif /* !ENABLE_REWRITE */
projects / openldap / commitdiff