From: Howard Chu Date: Fri, 7 Aug 2015 01:49:33 +0000 (+0100) Subject: More filter mapping X-Git-Url: https://git.sur5r.net/?a=commitdiff_plain;h=523f989d8fcb0ff6571dc2d799c077e8bd2e96b0;p=openldap More filter mapping Was only handling (objectclass=)(=bar). Now handles (objectclass=)(=bar) too. --- diff --git a/contrib/slapd-modules/adremap/adremap.c b/contrib/slapd-modules/adremap/adremap.c index de337e7fbd..874b21384a 100644 --- a/contrib/slapd-modules/adremap/adremap.c +++ b/contrib/slapd-modules/adremap/adremap.c @@ -362,21 +362,30 @@ static adremap_dnv *adremap_filter( slap_overinst *on = (slap_overinst *)op->o_bd->bd_info; Filter *f = op->ors_filter; adremap_dnv *ad = NULL; + int fextra = 0; /* Do we need to munge the filter? First see if it's of * the form (&(objectClass=)...) + * or of (&(&(objectClass=)...)...) */ - if (f->f_choice == LDAP_FILTER_AND && f->f_and && - f->f_and->f_choice == LDAP_FILTER_EQUALITY && - f->f_and->f_av_desc == slap_schema.si_ad_objectClass) { - struct berval bv = f->f_and->f_av_value; + if (f->f_choice == LDAP_FILTER_AND && f->f_and) { + struct berval bv; + if (f->f_and->f_choice == LDAP_FILTER_EQUALITY && + f->f_and->f_av_desc == slap_schema.si_ad_objectClass) { + bv = f->f_and->f_av_value; + } else if (f->f_and->f_choice == LDAP_FILTER_AND && + f->f_and->f_and && + f->f_and->f_and->f_choice == LDAP_FILTER_EQUALITY) { + fextra = 1; + bv = f->f_and->f_and->f_av_value; + } for (ad = ai->ai_dnv; ad; ad = ad->ad_next) { if (!ber_bvstrcasecmp( &bv, &ad->ad_mapgrp->soc_cname )) { /* Now check to see if next element is (=foo) */ - Filter *fn = f->f_and->f_next; + Filter *fn = f->f_and->f_next, *fnew; if (fn && fn->f_choice == LDAP_FILTER_EQUALITY && fn->f_av_desc == ad->ad_newattr) { - Filter fr[3], *fnew; + Filter fr[3]; AttributeAssertion aa[2] = {0}; Operation op2; slap_callback cb = {0}; @@ -454,15 +463,39 @@ static adremap_dnv *adremap_filter( f->f_ava = op->o_tmpcalloc(1, sizeof(AttributeAssertion), op->o_tmpmemctx); f->f_av_desc = ad->ad_dnattr; f->f_av_value = dn; - f->f_next = fn->f_next; + } else { + /* Build a new filter of form + * (&(objectclass=)(...)) + */ + fn = f->f_and; + f = op->o_tmpalloc(sizeof(Filter), op->o_tmpmemctx); + f->f_choice = LDAP_FILTER_AND; + fnew = f; + f->f_next = NULL; - fn->f_next = NULL; - filter_free_x(op, op->ors_filter, 1); - op->o_tmpfree(op->ors_filterstr.bv_val, op->o_tmpmemctx); - op->ors_filter = fnew; - filter2bv_x(op, op->ors_filter, &op->ors_filterstr); - break; + f->f_and = op->o_tmpalloc(sizeof(Filter), op->o_tmpmemctx); + f = f->f_and; + f->f_choice = LDAP_FILTER_EQUALITY; + f->f_ava = op->o_tmpcalloc(1, sizeof(AttributeAssertion), op->o_tmpmemctx); + f->f_av_desc = slap_schema.si_ad_objectClass; + ber_dupbv_x(&f->f_av_value, &ad->ad_group->soc_cname, op->o_tmpmemctx); } + f->f_next = fn->f_next; + fn->f_next = NULL; + if (fextra) { + f = op->o_tmpalloc(sizeof(Filter), op->o_tmpmemctx); + f->f_choice = LDAP_FILTER_AND; + f->f_and = fnew->f_and; + f->f_next = f->f_and->f_next; + f->f_and->f_next = op->ors_filter->f_and->f_and->f_next; + op->ors_filter->f_and->f_and->f_next = NULL; + fnew->f_and = f; + } + filter_free_x(op, op->ors_filter, 1); + op->o_tmpfree(op->ors_filterstr.bv_val, op->o_tmpmemctx); + op->ors_filter = fnew; + filter2bv_x(op, op->ors_filter, &op->ors_filterstr); + break; } } } @@ -496,7 +529,7 @@ adremap_search( op->o_callback = cb; ctx = cb->sc_private; ctx->on = on; - if (ad) { /* see if we need to remap a search attr */ + if (ad && op->ors_attrs) { /* see if we need to remap a search attr */ int i; for (i=0; op->ors_attrs[i].an_name.bv_val; i++) { if (op->ors_attrs[i].an_desc == ad->ad_newattr) {