1 /* map.c - ldap backend mapping routines */
3 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
5 * Copyright 2016-2018 The OpenLDAP Foundation.
6 * Portions Copyright 2016 Symas Corporation.
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted only as authorized by the OpenLDAP
13 * A copy of this license is available in the file LICENSE in the
14 * top-level directory of the distribution or, alternatively, at
15 * <http://www.OpenLDAP.org/license.html>.
19 * This work was developed by Symas Corporation
20 * based on back-meta module for inclusion in OpenLDAP Software.
21 * This work was sponsored by Ericsson. */
23 /* This is an altered version */
25 * Copyright 1999, Howard Chu, All rights reserved. <hyc@highlandsun.com>
27 * Permission is granted to anyone to use this software for any purpose
28 * on any computer system, and to alter it and redistribute it, subject
29 * to the following restrictions:
31 * 1. The author is not responsible for the consequences of use of this
32 * software, no matter how awful, even if they arise from flaws in it.
34 * 2. The origin of this software must not be misrepresented, either by
35 * explicit claim or by omission. Since few users ever read sources,
36 * credits should appear in the documentation.
38 * 3. Altered versions must be plainly marked as such, and must not be
39 * misrepresented as being the original software. Since few users
40 * ever read sources, credits should appear in the documentation.
42 * 4. This notice may not be removed or altered.
46 * Copyright 2016, Symas Corporation
48 * This is based on the back-meta/map.c version by Pierangelo Masarati.
49 * The previously reported conditions apply to the modified code as well.
50 * Changes in the original code are highlighted where required.
51 * Credits for the original code go to the author, Howard Chu.
58 #include <ac/string.h>
59 #include <ac/socket.h>
63 #include "../back-ldap/back-ldap.h"
64 #include "back-asyncmeta.h"
67 asyncmeta_mapping_cmp ( const void *c1, const void *c2 )
69 struct ldapmapping *map1 = (struct ldapmapping *)c1;
70 struct ldapmapping *map2 = (struct ldapmapping *)c2;
71 int rc = map1->src.bv_len - map2->src.bv_len;
73 return ( strcasecmp( map1->src.bv_val, map2->src.bv_val ) );
77 asyncmeta_mapping_dup ( void *c1, void *c2 )
79 struct ldapmapping *map1 = (struct ldapmapping *)c1;
80 struct ldapmapping *map2 = (struct ldapmapping *)c2;
82 return ( ( strcasecmp( map1->src.bv_val, map2->src.bv_val ) == 0 ) ? -1 : 0 );
86 asyncmeta_map_init ( struct ldapmap *lm, struct ldapmapping **m )
88 struct ldapmapping *mapping;
94 mapping = (struct ldapmapping *)ch_calloc( 2,
95 sizeof( struct ldapmapping ) );
96 if ( mapping == NULL ) {
100 ber_str2bv( "objectclass", STRLENOF("objectclass"), 1, &mapping[0].src);
101 ber_dupbv( &mapping[0].dst, &mapping[0].src );
102 mapping[1].src = mapping[0].src;
103 mapping[1].dst = mapping[0].dst;
105 avl_insert( &lm->map, (caddr_t)&mapping[0],
106 asyncmeta_mapping_cmp, asyncmeta_mapping_dup );
107 avl_insert( &lm->remap, (caddr_t)&mapping[1],
108 asyncmeta_mapping_cmp, asyncmeta_mapping_dup );
113 asyncmeta_mapping ( struct ldapmap *map, struct berval *s, struct ldapmapping **m,
117 struct ldapmapping fmapping;
121 /* let special attrnames slip through (ITS#5760) */
122 if ( bvmatch( s, slap_bv_no_attrs )
123 || bvmatch( s, slap_bv_all_user_attrs )
124 || bvmatch( s, slap_bv_all_operational_attrs ) )
130 if ( remap == BACKLDAP_REMAP ) {
138 *m = (struct ldapmapping *)avl_find( tree, (caddr_t)&fmapping, asyncmeta_mapping_cmp );
140 return map->drop_missing;
147 asyncmeta_map ( struct ldapmap *map, struct berval *s, struct berval *bv,
150 struct ldapmapping *mapping;
153 /* map->map may be NULL when mapping is configured,
154 * but map->remap can't */
155 if ( map->remap == NULL ) {
161 drop_missing = asyncmeta_mapping( map, s, &mapping, remap );
162 if ( mapping != NULL ) {
163 if ( !BER_BVISNULL( &mapping->dst ) ) {
169 if ( !drop_missing ) {
177 struct ldapmap *at_map,
180 char ***mapped_attrs )
184 struct berval mapped;
186 if ( an == NULL && op->o_bd->be_extra_anlist == NULL ) {
187 *mapped_attrs = NULL;
193 for ( ; !BER_BVISNULL( &an[i].an_name ); i++ )
198 if ( op->o_bd->be_extra_anlist != NULL ) {
199 for ( ; !BER_BVISNULL( &op->o_bd->be_extra_anlist[x].an_name ); x++ )
203 assert( i > 0 || x > 0 );
205 na = (char **)ber_memcalloc_x( i + x + 1, sizeof(char *), op->o_tmpmemctx );
207 *mapped_attrs = NULL;
208 return LDAP_NO_MEMORY;
213 for ( i = 0; !BER_BVISNULL( &an[i].an_name ); i++ ) {
214 asyncmeta_map( at_map, &an[i].an_name, &mapped, remap );
215 if ( !BER_BVISNULL( &mapped ) && !BER_BVISEMPTY( &mapped ) ) {
216 na[j++] = mapped.bv_val;
222 for ( x = 0; !BER_BVISNULL( &op->o_bd->be_extra_anlist[x].an_name ); x++ ) {
223 if ( op->o_bd->be_extra_anlist[x].an_desc &&
224 ad_inlist( op->o_bd->be_extra_anlist[x].an_desc, an ) )
229 asyncmeta_map( at_map, &op->o_bd->be_extra_anlist[x].an_name, &mapped, remap );
230 if ( !BER_BVISNULL( &mapped ) && !BER_BVISEMPTY( &mapped ) ) {
231 na[j++] = mapped.bv_val;
236 if ( j == 0 && ( i > 0 || x > 0 ) ) {
237 na[j++] = LDAP_NO_ATTRS;
249 AttributeDescription *ad,
250 struct berval *mapped_attr,
251 struct berval *value,
252 struct berval *mapped_value,
259 asyncmeta_map( &dc->target->mt_rwmap.rwm_at, &ad->ad_cname, mapped_attr, remap );
260 if ( BER_BVISNULL( mapped_attr ) || BER_BVISEMPTY( mapped_attr ) ) {
263 * FIXME: are we sure we need to search oc_map if at_map fails?
265 asyncmeta_map( &dc->target->mt_rwmap.rwm_oc, &ad->ad_cname, mapped_attr, remap );
266 if ( BER_BVISNULL( mapped_attr ) || BER_BVISEMPTY( mapped_attr ) ) {
267 *mapped_attr = ad->ad_cname;
270 if ( dc->target->mt_rwmap.rwm_at.drop_missing ) {
274 *mapped_attr = ad->ad_cname;
277 if ( value == NULL ) {
281 if ( ad->ad_type->sat_syntax == slap_schema.si_syn_distinguishedName )
283 a_dncookie fdc = *dc;
285 fdc.ctx = "searchFilterAttrDN";
287 switch ( asyncmeta_dn_massage( &fdc, value, &vtmp ) ) {
289 if ( vtmp.bv_val != value->bv_val ) {
294 case LDAP_UNWILLING_TO_PERFORM:
301 } else if ( ad->ad_type->sat_equality &&
302 ad->ad_type->sat_equality->smr_usage & SLAP_MR_MUTATION_NORMALIZER )
304 if ( ad->ad_type->sat_equality->smr_normalize(
305 (SLAP_MR_DENORMALIZE|SLAP_MR_VALUE_OF_ASSERTION_SYNTAX),
306 NULL, NULL, value, &vtmp, memctx ) )
312 } else if ( ad == slap_schema.si_ad_objectClass || ad == slap_schema.si_ad_structuralObjectClass ) {
313 asyncmeta_map( &dc->target->mt_rwmap.rwm_oc, value, &vtmp, remap );
314 if ( BER_BVISNULL( &vtmp ) || BER_BVISEMPTY( &vtmp ) ) {
322 filter_escape_value_x( &vtmp, mapped_value, memctx );
326 ber_memfree( vtmp.bv_val );
329 ber_memfree_x( vtmp.bv_val, memctx );
337 asyncmeta_int_filter_map_rewrite(
350 /* better than nothing... */
351 ber_bvfalse = BER_BVC( "(!(objectClass=*))" ),
352 ber_bvtf_false = BER_BVC( "(|)" ),
353 /* better than nothing... */
354 ber_bvtrue = BER_BVC( "(objectClass=*)" ),
355 ber_bvtf_true = BER_BVC( "(&)" ),
357 /* no longer needed; preserved for completeness */
358 ber_bvundefined = BER_BVC( "(?=undefined)" ),
360 ber_bverror = BER_BVC( "(?=error)" ),
361 ber_bvunknown = BER_BVC( "(?=unknown)" ),
362 ber_bvnone = BER_BVC( "(?=none)" );
365 assert( fstr != NULL );
369 ber_dupbv_x( fstr, &ber_bvnone, memctx );
373 switch ( ( f->f_choice & SLAPD_FILTER_MASK ) ) {
374 case LDAP_FILTER_EQUALITY:
375 if ( map_attr_value( dc, f->f_av_desc, &atmp,
376 &f->f_av_value, &vtmp, remap, memctx ) )
381 fstr->bv_len = atmp.bv_len + vtmp.bv_len
382 + ( sizeof("(=)") - 1 );
383 fstr->bv_val = ber_memalloc_x( fstr->bv_len + 1, memctx );
385 snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s=%s)",
386 atmp.bv_val, vtmp.bv_len ? vtmp.bv_val : "" );
388 ber_memfree_x( vtmp.bv_val, memctx );
392 if ( map_attr_value( dc, f->f_av_desc, &atmp,
393 &f->f_av_value, &vtmp, remap, memctx ) )
398 fstr->bv_len = atmp.bv_len + vtmp.bv_len
399 + ( sizeof("(>=)") - 1 );
400 fstr->bv_val = ber_memalloc_x( fstr->bv_len + 1, memctx );
402 snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s>=%s)",
403 atmp.bv_val, vtmp.bv_len ? vtmp.bv_val : "" );
405 ber_memfree_x( vtmp.bv_val, memctx );
409 if ( map_attr_value( dc, f->f_av_desc, &atmp,
410 &f->f_av_value, &vtmp, remap, memctx ) )
415 fstr->bv_len = atmp.bv_len + vtmp.bv_len
416 + ( sizeof("(<=)") - 1 );
417 fstr->bv_val = ber_memalloc_x( fstr->bv_len + 1, memctx );
419 snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s<=%s)",
420 atmp.bv_val, vtmp.bv_len ? vtmp.bv_val : "" );
422 ber_memfree_x( vtmp.bv_val, memctx );
425 case LDAP_FILTER_APPROX:
426 if ( map_attr_value( dc, f->f_av_desc, &atmp,
427 &f->f_av_value, &vtmp, remap, memctx ) )
432 fstr->bv_len = atmp.bv_len + vtmp.bv_len
433 + ( sizeof("(~=)") - 1 );
434 fstr->bv_val = ber_memalloc_x( fstr->bv_len + 1, memctx );
436 snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s~=%s)",
437 atmp.bv_val, vtmp.bv_len ? vtmp.bv_val : "" );
439 ber_memfree_x( vtmp.bv_val, memctx );
442 case LDAP_FILTER_SUBSTRINGS:
443 if ( map_attr_value( dc, f->f_sub_desc, &atmp,
444 NULL, NULL, remap, memctx ) )
449 /* cannot be a DN ... */
451 fstr->bv_len = atmp.bv_len + ( STRLENOF( "(=*)" ) );
452 fstr->bv_val = ber_memalloc_x( fstr->bv_len + 128, memctx ); /* FIXME: why 128 ? */
454 snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s=*)",
457 if ( !BER_BVISNULL( &f->f_sub_initial ) ) {
460 filter_escape_value_x( &f->f_sub_initial, &vtmp, memctx );
462 fstr->bv_len += vtmp.bv_len;
463 fstr->bv_val = ber_memrealloc_x( fstr->bv_val, fstr->bv_len + 1, memctx );
465 snprintf( &fstr->bv_val[len - 2], vtmp.bv_len + 3,
466 /* "(attr=" */ "%s*)",
467 vtmp.bv_len ? vtmp.bv_val : "" );
469 ber_memfree_x( vtmp.bv_val, memctx );
472 if ( f->f_sub_any != NULL ) {
473 for ( i = 0; !BER_BVISNULL( &f->f_sub_any[i] ); i++ ) {
475 filter_escape_value_x( &f->f_sub_any[i], &vtmp, memctx );
477 fstr->bv_len += vtmp.bv_len + 1;
478 fstr->bv_val = ber_memrealloc_x( fstr->bv_val, fstr->bv_len + 1, memctx );
480 snprintf( &fstr->bv_val[len - 1], vtmp.bv_len + 3,
481 /* "(attr=[init]*[any*]" */ "%s*)",
482 vtmp.bv_len ? vtmp.bv_val : "" );
483 ber_memfree_x( vtmp.bv_val, memctx );
487 if ( !BER_BVISNULL( &f->f_sub_final ) ) {
490 filter_escape_value_x( &f->f_sub_final, &vtmp, memctx );
492 fstr->bv_len += vtmp.bv_len;
493 fstr->bv_val = ber_memrealloc_x( fstr->bv_val, fstr->bv_len + 1, memctx );
495 snprintf( &fstr->bv_val[len - 1], vtmp.bv_len + 3,
496 /* "(attr=[init*][any*]" */ "%s)",
497 vtmp.bv_len ? vtmp.bv_val : "" );
499 ber_memfree_x( vtmp.bv_val, memctx );
504 case LDAP_FILTER_PRESENT:
505 if ( map_attr_value( dc, f->f_desc, &atmp,
506 NULL, NULL, remap, memctx ) )
511 fstr->bv_len = atmp.bv_len + ( STRLENOF( "(=*)" ) );
512 fstr->bv_val = ber_memalloc_x( fstr->bv_len + 1, memctx );
514 snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s=*)",
518 case LDAP_FILTER_AND:
520 case LDAP_FILTER_NOT:
521 fstr->bv_len = STRLENOF( "(%)" );
522 fstr->bv_val = ber_memalloc_x( fstr->bv_len + 128, memctx ); /* FIXME: why 128? */
524 snprintf( fstr->bv_val, fstr->bv_len + 1, "(%c)",
525 f->f_choice == LDAP_FILTER_AND ? '&' :
526 f->f_choice == LDAP_FILTER_OR ? '|' : '!' );
528 for ( p = f->f_list; p != NULL; p = p->f_next ) {
533 rc = asyncmeta_int_filter_map_rewrite( dc, p, &vtmp, remap, memctx );
534 if ( rc != LDAP_SUCCESS ) {
538 fstr->bv_len += vtmp.bv_len;
539 fstr->bv_val = ber_memrealloc_x( fstr->bv_val, fstr->bv_len + 1, memctx );
541 snprintf( &fstr->bv_val[len-1], vtmp.bv_len + 2,
542 /*"("*/ "%s)", vtmp.bv_len ? vtmp.bv_val : "" );
544 ber_memfree_x( vtmp.bv_val, memctx );
549 case LDAP_FILTER_EXT:
550 if ( f->f_mr_desc ) {
551 if ( map_attr_value( dc, f->f_mr_desc, &atmp,
552 &f->f_mr_value, &vtmp, remap, memctx ) )
558 BER_BVSTR( &atmp, "" );
559 filter_escape_value_x( &f->f_mr_value, &vtmp, memctx );
562 /* FIXME: cleanup (less ?: operators...) */
563 fstr->bv_len = atmp.bv_len +
564 ( f->f_mr_dnattrs ? STRLENOF( ":dn" ) : 0 ) +
565 ( !BER_BVISEMPTY( &f->f_mr_rule_text ) ? f->f_mr_rule_text.bv_len + 1 : 0 ) +
566 vtmp.bv_len + ( STRLENOF( "(:=)" ) );
567 fstr->bv_val = ber_memalloc_x( fstr->bv_len + 1, memctx );
569 snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s%s%s%s:=%s)",
571 f->f_mr_dnattrs ? ":dn" : "",
572 !BER_BVISEMPTY( &f->f_mr_rule_text ) ? ":" : "",
573 !BER_BVISEMPTY( &f->f_mr_rule_text ) ? f->f_mr_rule_text.bv_val : "",
574 vtmp.bv_len ? vtmp.bv_val : "" );
575 ber_memfree_x( vtmp.bv_val, memctx );
578 case SLAPD_FILTER_COMPUTED:
579 switch ( f->f_result ) {
580 /* FIXME: treat UNDEFINED as FALSE */
581 case SLAPD_COMPARE_UNDEFINED:
583 if ( META_BACK_TGT_NOUNDEFFILTER( dc->target ) ) {
584 return LDAP_COMPARE_FALSE;
588 case LDAP_COMPARE_FALSE:
589 if ( META_BACK_TGT_T_F( dc->target ) ) {
590 tmp = &ber_bvtf_false;
596 case LDAP_COMPARE_TRUE:
597 if ( META_BACK_TGT_T_F( dc->target ) ) {
598 tmp = &ber_bvtf_true;
610 ber_dupbv_x( fstr, tmp, memctx );
614 ber_dupbv_x( fstr, &ber_bvunknown, memctx );
622 asyncmeta_filter_map_rewrite(
632 static char *dmy = "";
634 rc = asyncmeta_int_filter_map_rewrite( dc, f, fstr, remap, memctx );
636 if ( rc != LDAP_SUCCESS ) {
643 fdc.ctx = "searchFilter";
645 switch ( rewrite_session( fdc.target->mt_rwmap.rwm_rw, fdc.ctx,
646 ( !BER_BVISEMPTY( &ftmp ) ? ftmp.bv_val : dmy ),
647 fdc.conn, &fstr->bv_val ) )
649 case REWRITE_REGEXEC_OK:
650 if ( !BER_BVISNULL( fstr ) ) {
651 fstr->bv_len = strlen( fstr->bv_val );
656 Debug( LDAP_DEBUG_ARGS,
657 "[rw] %s: \"%s\" -> \"%s\"\n",
658 fdc.ctx, BER_BVISNULL( &ftmp ) ? "" : ftmp.bv_val,
659 BER_BVISNULL( fstr ) ? "" : fstr->bv_val );
663 case REWRITE_REGEXEC_UNWILLING:
665 fdc.rs->sr_err = LDAP_UNWILLING_TO_PERFORM;
666 fdc.rs->sr_text = "Operation not allowed";
668 rc = LDAP_UNWILLING_TO_PERFORM;
671 case REWRITE_REGEXEC_ERR:
673 fdc.rs->sr_err = LDAP_OTHER;
674 fdc.rs->sr_text = "Rewrite error";
680 if ( fstr->bv_val == dmy ) {
683 } else if ( fstr->bv_val != ftmp.bv_val ) {
684 /* NOTE: need to realloc mapped filter on slab
685 * and free the original one, until librewrite
688 ber_dupbv_x( &ftmp, fstr, memctx );
689 ch_free( fstr->bv_val );
697 asyncmeta_referral_result_rewrite(
705 assert( dc != NULL );
706 assert( a_vals != NULL );
708 for ( last = 0; !BER_BVISNULL( &a_vals[ last ] ); last++ )
712 for ( i = 0; !BER_BVISNULL( &a_vals[ i ] ); i++ ) {
718 rc = ldap_url_parse( a_vals[ i ].bv_val, &ludp );
719 if ( rc != LDAP_URL_SUCCESS ) {
720 /* leave attr untouched if massage failed */
724 /* FIXME: URLs like "ldap:///dc=suffix" if passed
725 * thru ldap_url_parse() and ldap_url_desc2str()
726 * get rewritten as "ldap:///dc=suffix??base";
727 * we don't want this to occur... */
728 if ( ludp->lud_scope == LDAP_SCOPE_BASE ) {
729 ludp->lud_scope = LDAP_SCOPE_DEFAULT;
732 ber_str2bv( ludp->lud_dn, 0, 0, &olddn );
734 rc = asyncmeta_dn_massage( dc, &olddn, &dn );
736 case LDAP_UNWILLING_TO_PERFORM:
738 * FIXME: need to check if it may be considered
739 * legal to trim values when adding/modifying;
740 * it should be when searching (e.g. ACLs).
742 ber_memfree( a_vals[ i ].bv_val );
744 a_vals[ i ] = a_vals[ last ];
746 BER_BVZERO( &a_vals[ last ] );
752 /* leave attr untouched if massage failed */
753 if ( !BER_BVISNULL( &dn ) && olddn.bv_val != dn.bv_val )
757 ludp->lud_dn = dn.bv_val;
758 newurl = ldap_url_desc2str( ludp );
760 if ( newurl == NULL ) {
761 /* FIXME: leave attr untouched
762 * even if ldap_url_desc2str failed...
767 ber_memfree_x( a_vals[ i ].bv_val, memctx );
768 ber_str2bv_x( newurl, 0, 1, &a_vals[ i ], memctx );
769 ber_memfree( newurl );
770 ludp->lud_dn = olddn.bv_val;
775 ldap_free_urldesc( ludp );
782 * I don't like this much, but we need two different
783 * functions because different heap managers may be
784 * in use in back-ldap/meta to reduce the amount of
785 * calls to malloc routines, and some of the free()
786 * routines may be macros with args
789 asyncmeta_dnattr_rewrite(
797 assert( a_vals != NULL );
799 for ( last = 0; !BER_BVISNULL( &a_vals[last] ); last++ )
803 for ( i = 0; !BER_BVISNULL( &a_vals[i] ); i++ ) {
804 switch ( asyncmeta_dn_massage( dc, &a_vals[i], &bv ) ) {
805 case LDAP_UNWILLING_TO_PERFORM:
807 * FIXME: need to check if it may be considered
808 * legal to trim values when adding/modifying;
809 * it should be when searching (e.g. ACLs).
811 ch_free( a_vals[i].bv_val );
813 a_vals[i] = a_vals[last];
815 BER_BVZERO( &a_vals[last] );
820 /* leave attr untouched if massage failed */
821 if ( !BER_BVISNULL( &bv ) && bv.bv_val != a_vals[i].bv_val ) {
822 ch_free( a_vals[i].bv_val );
833 asyncmeta_dnattr_result_rewrite(
841 assert( a_vals != NULL );
843 for ( last = 0; !BER_BVISNULL( &a_vals[last] ); last++ )
847 for ( i = 0; !BER_BVISNULL( &a_vals[i] ); i++ ) {
848 switch ( asyncmeta_dn_massage( dc, &a_vals[i], &bv ) ) {
849 case LDAP_UNWILLING_TO_PERFORM:
851 * FIXME: need to check if it may be considered
852 * legal to trim values when adding/modifying;
853 * it should be when searching (e.g. ACLs).
855 ber_memfree( a_vals[i].bv_val );
857 a_vals[i] = a_vals[last];
859 BER_BVZERO( &a_vals[last] );
864 /* leave attr untouched if massage failed */
865 if ( !BER_BVISNULL( &bv ) && a_vals[i].bv_val != bv.bv_val ) {
866 ber_memfree( a_vals[i].bv_val );
projects / openldap / blob