1 /* rwm.c - rewrite/remap operations */
3 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
5 * Copyright 2003-2005 The OpenLDAP Foundation.
6 * Portions Copyright 2003 Pierangelo Masarati.
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted only as authorized by the OpenLDAP
13 * A copy of this license is available in the file LICENSE in the
14 * top-level directory of the distribution or, alternatively, at
15 * <http://www.OpenLDAP.org/license.html>.
24 #include <ac/string.h>
30 rwm_op_dn_massage( Operation *op, SlapReply *rs, void *cookie )
32 slap_overinst *on = (slap_overinst *) op->o_bd->bd_info;
33 struct ldaprwmap *rwmap =
34 (struct ldaprwmap *)on->on_bi.bi_private;
36 struct berval dn = BER_BVNULL,
42 * Rewrite the dn if needed
48 dc.ctx = (char *)cookie;
49 #else /* ! ENABLE_REWRITE */
50 dc.tofrom = ((int *)cookie)[0];
52 #endif /* ! ENABLE_REWRITE */
54 /* NOTE: in those cases where only the ndn is available,
55 * and the caller sets op->o_req_dn = op->o_req_ndn,
56 * only rewrite the op->o_req_ndn and use it as
57 * op->o_req_dn as well */
59 if ( op->o_req_dn.bv_val != op->o_req_ndn.bv_val ) {
61 rc = rwm_dn_massage_pretty_normalize( &dc, &op->o_req_dn, &dn, &ndn );
63 rc = rwm_dn_massage_normalize( &dc, &op->o_req_ndn, &ndn );
66 if ( rc != LDAP_SUCCESS ) {
70 if ( ( op->o_req_dn.bv_val != op->o_req_ndn.bv_val && dn.bv_val == op->o_req_dn.bv_val )
71 || ndn.bv_val == op->o_req_ndn.bv_val )
76 if ( op->o_req_dn.bv_val != op->o_req_ndn.bv_val ) {
77 op->o_tmpfree( op->o_req_dn.bv_val, op->o_tmpmemctx );
82 op->o_tmpfree( op->o_req_ndn.bv_val, op->o_tmpmemctx );
89 rwm_op_add( Operation *op, SlapReply *rs )
91 slap_overinst *on = (slap_overinst *) op->o_bd->bd_info;
92 struct ldaprwmap *rwmap =
93 (struct ldaprwmap *)on->on_bi.bi_private;
97 Attribute **ap = NULL;
98 char *olddn = op->o_req_dn.bv_val;
101 #ifdef ENABLE_REWRITE
102 rc = rwm_op_dn_massage( op, rs, "addDN" );
103 #else /* ! ENABLE_REWRITE */
105 rc = rwm_op_dn_massage( op, rs, &rc );
106 #endif /* ! ENABLE_REWRITE */
107 if ( rc != LDAP_SUCCESS ) {
108 op->o_bd->bd_info = (BackendInfo *)on->on_info;
109 send_ldap_error( op, rs, rc, "addDN massage error" );
113 if ( olddn != op->o_req_dn.bv_val ) {
114 ber_bvreplace( &op->ora_e->e_name, &op->o_req_dn );
115 ber_bvreplace( &op->ora_e->e_nname, &op->o_req_ndn );
118 /* Count number of attributes in entry */
119 isupdate = be_shadow_update( op );
120 for ( i = 0, ap = &op->oq_add.rs_e->e_attrs; *ap; ) {
123 if ( (*ap)->a_desc == slap_schema.si_ad_objectClass ||
124 (*ap)->a_desc == slap_schema.si_ad_structuralObjectClass )
128 for ( last = 0; !BER_BVISNULL( &(*ap)->a_vals[ last ] ); last++ )
131 for ( j = 0; !BER_BVISNULL( &(*ap)->a_vals[ j ] ); j++ ) {
132 struct ldapmapping *mapping = NULL;
134 ( void )rwm_mapping( &rwmap->rwm_oc, &(*ap)->a_vals[ j ],
136 if ( mapping == NULL ) {
137 if ( rwmap->rwm_at.drop_missing ) {
138 /* FIXME: we allow to remove objectClasses as well;
139 * if the resulting entry is inconsistent, that's
140 * the relayed database's business...
142 ch_free( (*ap)->a_vals[ j ].bv_val );
144 (*ap)->a_vals[ j ] = (*ap)->a_vals[ last ];
146 BER_BVZERO( &(*ap)->a_vals[ last ] );
152 ch_free( (*ap)->a_vals[ j ].bv_val );
153 ber_dupbv( &(*ap)->a_vals[ j ], &mapping->m_dst );
157 } else if ( !isupdate && (*ap)->a_desc->ad_type->sat_no_user_mod ) {
161 struct ldapmapping *mapping = NULL;
163 ( void )rwm_mapping( &rwmap->rwm_at, &(*ap)->a_desc->ad_cname,
165 if ( mapping == NULL ) {
166 if ( rwmap->rwm_at.drop_missing ) {
171 if ( (*ap)->a_desc->ad_type->sat_syntax == slap_schema.si_syn_distinguishedName
172 || ( mapping != NULL && mapping->m_dst_ad->ad_type->sat_syntax == slap_schema.si_syn_distinguishedName ) )
175 * FIXME: rewrite could fail; in this case
176 * the operation should give up, right?
178 #ifdef ENABLE_REWRITE
179 rc = rwm_dnattr_rewrite( op, rs, "addAttrDN",
181 (*ap)->a_nvals ? &(*ap)->a_nvals : NULL );
182 #else /* ! ENABLE_REWRITE */
184 rc = rwm_dnattr_rewrite( op, rs, &rc, (*ap)->a_vals,
185 (*ap)->a_nvals ? &(*ap)->a_nvals : NULL );
186 #endif /* ! ENABLE_REWRITE */
191 } else if ( (*ap)->a_desc == slap_schema.si_ad_ref ) {
192 #ifdef ENABLE_REWRITE
193 rc = rwm_referral_rewrite( op, rs, "referralAttrDN",
195 (*ap)->a_nvals ? &(*ap)->a_nvals : NULL );
196 #else /* ! ENABLE_REWRITE */
198 rc = rwm_referral_rewrite( op, rs, &rc, (*ap)->a_vals,
199 (*ap)->a_nvals ? &(*ap)->a_nvals : NULL );
200 #endif /* ! ENABLE_REWRITE */
201 if ( rc != LDAP_SUCCESS ) {
206 if ( mapping != NULL ) {
207 assert( mapping->m_dst_ad != NULL );
208 (*ap)->a_desc = mapping->m_dst_ad;
217 /* FIXME: leaking attribute/values? */
224 /* TODO: map attribute types, values of DN-valued attributes ... */
225 return SLAP_CB_CONTINUE;
228 #ifdef ENABLE_REWRITE
230 rwm_conn_init( BackendDB *be, Connection *conn )
232 slap_overinst *on = (slap_overinst *) be->bd_info;
233 struct ldaprwmap *rwmap =
234 (struct ldaprwmap *)on->on_bi.bi_private;
236 ( void )rewrite_session_init( rwmap->rwm_rw, conn );
238 return SLAP_CB_CONTINUE;
242 rwm_conn_destroy( BackendDB *be, Connection *conn )
244 slap_overinst *on = (slap_overinst *) be->bd_info;
245 struct ldaprwmap *rwmap =
246 (struct ldaprwmap *)on->on_bi.bi_private;
248 ( void )rewrite_session_delete( rwmap->rwm_rw, conn );
250 return SLAP_CB_CONTINUE;
252 #endif /* ENABLE_REWRITE */
255 rwm_op_bind( Operation *op, SlapReply *rs )
257 slap_overinst *on = (slap_overinst *) op->o_bd->bd_info;
260 #ifdef ENABLE_REWRITE
261 rc = rwm_op_dn_massage( op, rs, "bindDN" );
262 #else /* ! ENABLE_REWRITE */
264 rc = rwm_op_dn_massage( op, rs, &rc );
265 #endif /* ! ENABLE_REWRITE */
266 if ( rc != LDAP_SUCCESS ) {
267 op->o_bd->bd_info = (BackendInfo *)on->on_info;
268 send_ldap_error( op, rs, rc, "bindDN massage error" );
272 return SLAP_CB_CONTINUE;
276 rwm_op_unbind( Operation *op, SlapReply *rs )
278 slap_overinst *on = (slap_overinst *) op->o_bd->bd_info;
279 struct ldaprwmap *rwmap =
280 (struct ldaprwmap *)on->on_bi.bi_private;
282 #ifdef ENABLE_REWRITE
283 rewrite_session_delete( rwmap->rwm_rw, op->o_conn );
284 #endif /* ENABLE_REWRITE */
286 return SLAP_CB_CONTINUE;
290 rwm_op_compare( Operation *op, SlapReply *rs )
292 slap_overinst *on = (slap_overinst *) op->o_bd->bd_info;
293 struct ldaprwmap *rwmap =
294 (struct ldaprwmap *)on->on_bi.bi_private;
297 struct berval mapped_at = BER_BVNULL,
298 mapped_vals[2] = { BER_BVNULL, BER_BVNULL };
300 #ifdef ENABLE_REWRITE
301 rc = rwm_op_dn_massage( op, rs, "compareDN" );
302 #else /* ! ENABLE_REWRITE */
304 rc = rwm_op_dn_massage( op, rs, &rc );
305 #endif /* ! ENABLE_REWRITE */
306 if ( rc != LDAP_SUCCESS ) {
307 op->o_bd->bd_info = (BackendInfo *)on->on_info;
308 send_ldap_error( op, rs, rc, "compareDN massage error" );
312 /* if the attribute is an objectClass, try to remap its value */
313 if ( op->orc_ava->aa_desc == slap_schema.si_ad_objectClass
314 || op->orc_ava->aa_desc == slap_schema.si_ad_structuralObjectClass )
316 rwm_map( &rwmap->rwm_oc, &op->orc_ava->aa_value,
317 &mapped_vals[0], RWM_MAP );
318 if ( BER_BVISNULL( &mapped_vals[0] ) || BER_BVISEMPTY( &mapped_vals[0] ) )
320 op->o_bd->bd_info = (BackendInfo *)on->on_info;
321 send_ldap_error( op, rs, LDAP_OTHER, "compare objectClass map error" );
324 } else if ( mapped_vals[0].bv_val != op->orc_ava->aa_value.bv_val ) {
325 ber_bvreplace_x( &op->orc_ava->aa_value, &mapped_vals[0], op->o_tmpmemctx );
327 mapped_at = op->orc_ava->aa_desc->ad_cname;
330 struct ldapmapping *mapping = NULL;
331 AttributeDescription *ad = op->orc_ava->aa_desc;
333 ( void )rwm_mapping( &rwmap->rwm_at, &op->orc_ava->aa_desc->ad_cname,
335 if ( mapping == NULL ) {
336 if ( rwmap->rwm_at.drop_missing ) {
337 op->o_bd->bd_info = (BackendInfo *)on->on_info;
338 send_ldap_error( op, rs, LDAP_OTHER, "compare attributeType map error" );
343 assert( mapping->m_dst_ad != NULL );
344 ad = mapping->m_dst_ad;
347 if ( op->orc_ava->aa_desc->ad_type->sat_syntax == slap_schema.si_syn_distinguishedName
348 || ( mapping != NULL && mapping->m_dst_ad->ad_type->sat_syntax == slap_schema.si_syn_distinguishedName ) )
350 struct berval *mapped_valsp[2];
352 mapped_valsp[0] = &mapped_vals[0];
353 mapped_valsp[1] = &mapped_vals[1];
355 mapped_vals[0] = op->orc_ava->aa_value;
357 #ifdef ENABLE_REWRITE
358 rc = rwm_dnattr_rewrite( op, rs, "compareAttrDN", NULL, mapped_valsp );
359 #else /* ! ENABLE_REWRITE */
361 rc = rwm_dnattr_rewrite( op, rs, &rc, NULL, mapped_valsp );
362 #endif /* ! ENABLE_REWRITE */
364 if ( rc != LDAP_SUCCESS ) {
365 op->o_bd->bd_info = (BackendInfo *)on->on_info;
366 send_ldap_error( op, rs, rc, "compareAttrDN massage error" );
370 if ( mapped_vals[ 0 ].bv_val != op->orc_ava->aa_value.bv_val ) {
371 /* NOTE: if we get here, rwm_dnattr_rewrite()
372 * already freed the old value, so now
374 ber_dupbv_x( &op->orc_ava->aa_value, &mapped_vals[0],
376 ber_memfree_x( mapped_vals[ 0 ].bv_val, NULL );
379 op->orc_ava->aa_desc = ad;
382 return SLAP_CB_CONTINUE;
386 rwm_op_delete( Operation *op, SlapReply *rs )
388 slap_overinst *on = (slap_overinst *) op->o_bd->bd_info;
391 #ifdef ENABLE_REWRITE
392 rc = rwm_op_dn_massage( op, rs, "deleteDN" );
393 #else /* ! ENABLE_REWRITE */
395 rc = rwm_op_dn_massage( op, rs, &rc );
396 #endif /* ! ENABLE_REWRITE */
397 if ( rc != LDAP_SUCCESS ) {
398 op->o_bd->bd_info = (BackendInfo *)on->on_info;
399 send_ldap_error( op, rs, rc, "deleteDN massage error" );
403 return SLAP_CB_CONTINUE;
407 rwm_op_modify( Operation *op, SlapReply *rs )
409 slap_overinst *on = (slap_overinst *) op->o_bd->bd_info;
410 struct ldaprwmap *rwmap =
411 (struct ldaprwmap *)on->on_bi.bi_private;
417 #ifdef ENABLE_REWRITE
418 rc = rwm_op_dn_massage( op, rs, "modifyDN" );
419 #else /* ! ENABLE_REWRITE */
421 rc = rwm_op_dn_massage( op, rs, &rc );
422 #endif /* ! ENABLE_REWRITE */
423 if ( rc != LDAP_SUCCESS ) {
424 op->o_bd->bd_info = (BackendInfo *)on->on_info;
425 send_ldap_error( op, rs, rc, "modifyDN massage error" );
429 isupdate = be_shadow_update( op );
430 for ( mlp = &op->oq_modify.rs_modlist; *mlp; ) {
433 struct ldapmapping *mapping = NULL;
435 if ( (*mlp)->sml_desc == slap_schema.si_ad_objectClass
436 || (*mlp)->sml_desc == slap_schema.si_ad_structuralObjectClass )
440 } else if ( !isupdate && (*mlp)->sml_desc->ad_type->sat_no_user_mod ) {
446 drop_missing = rwm_mapping( &rwmap->rwm_at,
447 &(*mlp)->sml_desc->ad_cname,
449 if ( drop_missing || ( mapping != NULL && BER_BVISNULL( &mapping->m_dst ) ) )
455 if ( (*mlp)->sml_values != NULL ) {
459 for ( last = 0; !BER_BVISNULL( &(*mlp)->sml_values[ last ] ); last++ )
463 for ( j = 0; !BER_BVISNULL( &(*mlp)->sml_values[ j ] ); j++ ) {
464 struct ldapmapping *oc_mapping = NULL;
466 ( void )rwm_mapping( &rwmap->rwm_oc, &(*mlp)->sml_values[ j ],
467 &oc_mapping, RWM_MAP );
468 if ( oc_mapping == NULL ) {
469 if ( rwmap->rwm_at.drop_missing ) {
470 /* FIXME: we allow to remove objectClasses as well;
471 * if the resulting entry is inconsistent, that's
472 * the relayed database's business...
474 ch_free( (*mlp)->sml_values[ j ].bv_val );
476 (*mlp)->sml_values[ j ] = (*mlp)->sml_values[ last ];
478 BER_BVZERO( &(*mlp)->sml_values[ last ] );
484 ch_free( (*mlp)->sml_values[ j ].bv_val );
485 ber_dupbv( &(*mlp)->sml_values[ j ], &oc_mapping->m_dst );
490 if ( (*mlp)->sml_desc->ad_type->sat_syntax == slap_schema.si_syn_distinguishedName
491 || ( mapping != NULL && mapping->m_dst_ad->ad_type->sat_syntax == slap_schema.si_syn_distinguishedName ) )
493 #ifdef ENABLE_REWRITE
494 rc = rwm_dnattr_rewrite( op, rs, "modifyAttrDN",
496 (*mlp)->sml_nvalues ? &(*mlp)->sml_nvalues : NULL );
497 #else /* ! ENABLE_REWRITE */
499 rc = rwm_dnattr_rewrite( op, rs, &rc,
501 (*mlp)->sml_nvalues ? &(*mlp)->sml_nvalues : NULL );
502 #endif /* ! ENABLE_REWRITE */
504 } else if ( (*mlp)->sml_desc == slap_schema.si_ad_ref ) {
505 #ifdef ENABLE_REWRITE
506 rc = rwm_referral_rewrite( op, rs,
509 (*mlp)->sml_nvalues ? &(*mlp)->sml_nvalues : NULL );
510 #else /* ! ENABLE_REWRITE */
512 rc = rwm_referral_rewrite( op, rs, &rc,
514 (*mlp)->sml_nvalues ? &(*mlp)->sml_nvalues : NULL );
515 #endif /* ! ENABLE_REWRITE */
516 if ( rc != LDAP_SUCCESS ) {
521 if ( rc != LDAP_SUCCESS ) {
528 if ( mapping != NULL ) {
529 /* use new attribute description */
530 assert( mapping->m_dst_ad != NULL );
531 (*mlp)->sml_desc = mapping->m_dst_ad;
534 mlp = &(*mlp)->sml_next;
539 *mlp = (*mlp)->sml_next;
540 slap_mod_free( &ml->sml_mod, 0 );
544 return SLAP_CB_CONTINUE;
548 rwm_op_modrdn( Operation *op, SlapReply *rs )
550 slap_overinst *on = (slap_overinst *) op->o_bd->bd_info;
551 struct ldaprwmap *rwmap =
552 (struct ldaprwmap *)on->on_bi.bi_private;
556 if ( op->orr_newSup ) {
558 struct berval nnewSup = BER_BVNULL;
559 struct berval newSup = BER_BVNULL;
562 * Rewrite the new superior, if defined and required
565 #ifdef ENABLE_REWRITE
566 dc.conn = op->o_conn;
568 dc.ctx = "newSuperiorDN";
569 #else /* ! ENABLE_REWRITE */
572 #endif /* ! ENABLE_REWRITE */
573 newSup = *op->orr_newSup;
574 nnewSup = *op->orr_nnewSup;
575 rc = rwm_dn_massage_pretty_normalize( &dc, op->orr_newSup, &newSup, &nnewSup );
576 if ( rc != LDAP_SUCCESS ) {
577 op->o_bd->bd_info = (BackendInfo *)on->on_info;
578 send_ldap_error( op, rs, rc, "newSuperiorDN massage error" );
582 if ( op->orr_newSup->bv_val != newSup.bv_val ) {
583 op->o_tmpfree( op->orr_newSup->bv_val, op->o_tmpmemctx );
584 op->o_tmpfree( op->orr_nnewSup->bv_val, op->o_tmpmemctx );
585 *op->orr_newSup = newSup;
586 *op->orr_nnewSup = nnewSup;
591 * Rewrite the dn, if needed
593 #ifdef ENABLE_REWRITE
594 rc = rwm_op_dn_massage( op, rs, "renameDN" );
595 #else /* ! ENABLE_REWRITE */
597 rc = rwm_op_dn_massage( op, rs, &rc );
598 #endif /* ! ENABLE_REWRITE */
599 if ( rc != LDAP_SUCCESS ) {
600 op->o_bd->bd_info = (BackendInfo *)on->on_info;
601 send_ldap_error( op, rs, rc, "renameDN massage error" );
605 /* TODO: rewrite newRDN, attribute types,
606 * values of DN-valued attributes ... */
607 return SLAP_CB_CONTINUE;
610 static slap_callback rwm_cb;
617 ber_memfree_x( data, NULL );
620 static slap_callback *
621 rwm_callback_get( Operation *op )
625 if ( op->o_threadctx == NULL ) {
629 ldap_pvt_thread_pool_getkey( op->o_threadctx,
630 rwm_keyfree, &data, NULL );
631 if ( data == NULL ) {
632 data = ch_calloc( sizeof( slap_callback ), 1 );
633 ldap_pvt_thread_pool_setkey( op->o_threadctx,
634 rwm_keyfree, data, rwm_keyfree );
637 return (slap_callback *)data;
641 rwm_swap_attrs( Operation *op, SlapReply *rs )
643 slap_callback *cb = op->o_callback;
644 AttributeName *an = (AttributeName *)cb->sc_private;
648 return SLAP_CB_CONTINUE;
652 rwm_op_search( Operation *op, SlapReply *rs )
654 slap_overinst *on = (slap_overinst *) op->o_bd->bd_info;
655 struct ldaprwmap *rwmap =
656 (struct ldaprwmap *)on->on_bi.bi_private;
661 struct berval fstr = BER_BVNULL;
664 slap_callback *cb = NULL;
665 AttributeName *an = NULL;
669 #ifdef ENABLE_REWRITE
670 rc = rwm_op_dn_massage( op, rs, "searchDN" );
671 #else /* ! ENABLE_REWRITE */
673 rc = rwm_op_dn_massage( op, rs, &rc );
674 #endif /* ! ENABLE_REWRITE */
675 if ( rc != LDAP_SUCCESS ) {
676 text = "searchDN massage error";
681 * Rewrite the dn if needed
684 #ifdef ENABLE_REWRITE
685 dc.conn = op->o_conn;
687 dc.ctx = "searchFilterAttrDN";
688 #else /* ! ENABLE_REWRITE */
691 #endif /* ! ENABLE_REWRITE */
693 rc = rwm_filter_map_rewrite( &dc, op->ors_filter, &fstr );
694 if ( rc != LDAP_SUCCESS ) {
695 text = "searchFilter/searchFilterAttrDN massage error";
699 f = str2filter_x( op, fstr.bv_val );
702 text = "massaged filter parse error";
706 if ( !BER_BVISNULL( &op->ors_filterstr ) ) {
707 ch_free( op->ors_filterstr.bv_val );
710 if( op->ors_filter ) {
711 filter_free_x( op, op->ors_filter );
715 op->ors_filterstr = fstr;
717 rc = rwm_map_attrnames( &rwmap->rwm_at, &rwmap->rwm_oc,
718 op->ors_attrs, &an, RWM_MAP );
719 if ( rc != LDAP_SUCCESS ) {
720 text = "attribute list mapping error";
724 cb = rwm_callback_get( op );
726 cb->sc_response = rwm_swap_attrs;
727 cb->sc_cleanup = NULL;
728 cb->sc_private = (void *)op->ors_attrs;
729 cb->sc_next = op->o_callback;
734 return SLAP_CB_CONTINUE;
742 filter_free_x( op, f );
745 if ( !BER_BVISNULL( &fstr ) ) {
746 ch_free( fstr.bv_val );
749 op->o_bd->bd_info = (BackendInfo *)on->on_info;
750 send_ldap_error( op, rs, rc, text );
757 rwm_extended( Operation *op, SlapReply *rs )
759 slap_overinst *on = (slap_overinst *) op->o_bd->bd_info;
762 #ifdef ENABLE_REWRITE
763 rc = rwm_op_dn_massage( op, rs, "extendedDN" );
764 #else /* ! ENABLE_REWRITE */
766 rc = rwm_op_dn_massage( op, rs, &rc );
767 #endif /* ! ENABLE_REWRITE */
768 if ( rc != LDAP_SUCCESS ) {
769 op->o_bd->bd_info = (BackendInfo *)on->on_info;
770 send_ldap_error( op, rs, rc, "extendedDN massage error" );
774 /* TODO: rewrite/map extended data ? ... */
775 return SLAP_CB_CONTINUE;
779 rwm_matched( Operation *op, SlapReply *rs )
781 slap_overinst *on = (slap_overinst *) op->o_bd->bd_info;
782 struct ldaprwmap *rwmap =
783 (struct ldaprwmap *)on->on_bi.bi_private;
785 struct berval dn, mdn;
789 if ( rs->sr_matched == NULL ) {
790 return SLAP_CB_CONTINUE;
794 #ifdef ENABLE_REWRITE
795 dc.conn = op->o_conn;
797 dc.ctx = "matchedDN";
798 #else /* ! ENABLE_REWRITE */
801 #endif /* ! ENABLE_REWRITE */
802 ber_str2bv( rs->sr_matched, 0, 0, &dn );
804 rc = rwm_dn_massage_pretty( &dc, &dn, &mdn );
805 if ( rc != LDAP_SUCCESS ) {
807 rs->sr_text = "Rewrite error";
811 if ( mdn.bv_val != dn.bv_val ) {
812 if ( rs->sr_flags & REP_MATCHED_MUSTBEFREED ) {
813 ch_free( (void *)rs->sr_matched );
816 rs->sr_flags |= REP_MATCHED_MUSTBEFREED;
818 rs->sr_matched = mdn.bv_val;
821 return SLAP_CB_CONTINUE;
825 rwm_attrs( Operation *op, SlapReply *rs, Attribute** a_first, int stripEntryDN )
827 slap_overinst *on = (slap_overinst *) op->o_bd->bd_info;
828 struct ldaprwmap *rwmap =
829 (struct ldaprwmap *)on->on_bi.bi_private;
837 * Rewrite the dn attrs, if needed
840 #ifdef ENABLE_REWRITE
841 dc.conn = op->o_conn;
843 #else /* ! ENABLE_REWRITE */
846 #endif /* ! ENABLE_REWRITE */
848 /* FIXME: the entries are in the remote mapping form;
849 * so we need to select those attributes we are willing
850 * to return, and remap them accordingly */
852 /* FIXME: in principle, one could map an attribute
853 * on top of another, which already exists.
854 * As such, in the end there might exist more than
855 * one instance of an attribute.
856 * We should at least check if this occurs, and issue
857 * an error (because multiple instances of attrs in
858 * response are not valid), or merge the values (what
859 * about duplicate values?) */
860 isupdate = be_shadow_update( op );
861 for ( ap = a_first; *ap; ) {
862 struct ldapmapping *mapping = NULL;
867 if ( SLAP_OPATTRS( rs->sr_attr_flags ) && is_at_operational( (*ap)->a_desc->ad_type ) )
872 if ( op->ors_attrs != NULL &&
873 !SLAP_USERATTRS( rs->sr_attr_flags ) &&
874 !ad_inlist( (*ap)->a_desc, op->ors_attrs ) )
879 drop_missing = rwm_mapping( &rwmap->rwm_at,
880 &(*ap)->a_desc->ad_cname, &mapping, RWM_REMAP );
881 if ( drop_missing || ( mapping != NULL && BER_BVISEMPTY( &mapping->m_dst ) ) )
886 if ( mapping != NULL ) {
887 (*ap)->a_desc = mapping->m_dst_ad;
891 if ( (*ap)->a_desc == slap_schema.si_ad_entryDN ) {
892 if ( stripEntryDN ) {
893 /* will be generated by frontend */
897 } else if ( !isupdate
898 && (*ap)->a_desc->ad_type->sat_no_user_mod
899 && (*ap)->a_desc->ad_type != slap_schema.si_at_undefined )
904 for ( last = 0; !BER_BVISNULL( &(*ap)->a_vals[last] ); last++ )
908 /* empty? leave it in place because of attrsonly and vlv */
913 if ( (*ap)->a_desc == slap_schema.si_ad_objectClass
914 || (*ap)->a_desc == slap_schema.si_ad_structuralObjectClass )
918 for ( bv = (*ap)->a_vals; !BER_BVISNULL( bv ); bv++ ) {
919 struct berval mapped;
921 rwm_map( &rwmap->rwm_oc, &bv[0], &mapped, RWM_REMAP );
922 if ( BER_BVISNULL( &mapped ) || BER_BVISEMPTY( &mapped ) ) {
923 ch_free( bv[0].bv_val );
924 BER_BVZERO( &bv[0] );
925 if ( &(*ap)->a_vals[last] > &bv[0] ) {
926 bv[0] = (*ap)->a_vals[last];
927 BER_BVZERO( &(*ap)->a_vals[last] );
932 } else if ( mapped.bv_val != bv[0].bv_val ) {
934 * FIXME: after LBER_FREEing
935 * the value is replaced by
938 ber_bvreplace( &bv[0], &mapped );
943 * It is necessary to try to rewrite attributes with
944 * dn syntax because they might be used in ACLs as
945 * members of groups; since ACLs are applied to the
946 * rewritten stuff, no dn-based subject clause could
947 * be used at the ldap backend side (see
948 * http://www.OpenLDAP.org/faq/data/cache/452.html)
949 * The problem can be overcome by moving the dn-based
950 * ACLs to the target directory server, and letting
951 * everything pass thru the ldap backend. */
952 /* FIXME: handle distinguishedName-like syntaxes, like
953 * nameAndOptionalUID */
954 } else if ( (*ap)->a_desc->ad_type->sat_syntax == slap_schema.si_syn_distinguishedName
955 || ( mapping != NULL && mapping->m_src_ad->ad_type->sat_syntax == slap_schema.si_syn_distinguishedName ) )
957 #ifdef ENABLE_REWRITE
958 dc.ctx = "searchAttrDN";
959 #endif /* ENABLE_REWRITE */
960 rc = rwm_dnattr_result_rewrite( &dc, (*ap)->a_vals );
961 if ( rc != LDAP_SUCCESS ) {
965 } else if ( (*ap)->a_desc == slap_schema.si_ad_ref ) {
966 #ifdef ENABLE_REWRITE
967 dc.ctx = "searchAttrDN";
968 #endif /* ENABLE_REWRITE */
969 rc = rwm_referral_result_rewrite( &dc, (*ap)->a_vals );
970 if ( rc != LDAP_SUCCESS ) {
975 if ( mapping != NULL ) {
976 /* rewrite the attribute description */
977 assert( mapping->m_dst_ad != NULL );
978 (*ap)->a_desc = mapping->m_dst_ad;
996 rwm_send_entry( Operation *op, SlapReply *rs )
998 slap_overinst *on = (slap_overinst *) op->o_bd->bd_info;
999 struct ldaprwmap *rwmap =
1000 (struct ldaprwmap *)on->on_bi.bi_private;
1004 struct berval dn = BER_BVNULL,
1009 assert( rs->sr_entry != NULL );
1012 * Rewrite the dn of the result, if needed
1015 #ifdef ENABLE_REWRITE
1016 dc.conn = op->o_conn;
1018 dc.ctx = "searchEntryDN";
1019 #else /* ! ENABLE_REWRITE */
1022 #endif /* ! ENABLE_REWRITE */
1025 flags = rs->sr_flags;
1026 if ( !( rs->sr_flags & REP_ENTRY_MODIFIABLE ) ) {
1027 /* FIXME: all we need to duplicate are:
1030 * - attributes that are requested
1031 * - no values if attrsonly is set
1036 rc = LDAP_NO_MEMORY;
1040 flags |= ( REP_ENTRY_MODIFIABLE | REP_ENTRY_MUSTBEFREED );
1044 * Note: this may fail if the target host(s) schema differs
1045 * from the one known to the meta, and a DN with unknown
1046 * attributes is returned.
1050 rc = rwm_dn_massage_pretty_normalize( &dc, &e->e_name, &dn, &ndn );
1051 if ( rc != LDAP_SUCCESS ) {
1056 if ( e->e_name.bv_val != dn.bv_val ) {
1057 ch_free( e->e_name.bv_val );
1058 ch_free( e->e_nname.bv_val );
1064 /* TODO: map entry attribute types, objectclasses
1065 * and dn-valued attribute values */
1067 /* FIXME: the entries are in the remote mapping form;
1068 * so we need to select those attributes we are willing
1069 * to return, and remap them accordingly */
1070 (void)rwm_attrs( op, rs, &e->e_attrs, 1 );
1073 if ( rs->sr_operational_attrs ) {
1074 (void)rwm_attrs( op, rs, &rs->sr_operational_attrs, 0 );
1079 rs->sr_flags = flags;
1081 return SLAP_CB_CONTINUE;
1084 if ( e != NULL && e != rs->sr_entry ) {
1085 if ( e->e_name.bv_val == dn.bv_val ) {
1086 BER_BVZERO( &e->e_name );
1089 if ( e->e_nname.bv_val == ndn.bv_val ) {
1090 BER_BVZERO( &e->e_nname );
1096 if ( !BER_BVISNULL( &dn ) ) {
1097 ch_free( dn.bv_val );
1100 if ( !BER_BVISNULL( &ndn ) ) {
1101 ch_free( ndn.bv_val );
1108 rwm_operational( Operation *op, SlapReply *rs )
1110 /* FIXME: the entries are in the remote mapping form;
1111 * so we need to select those attributes we are willing
1112 * to return, and remap them accordingly */
1113 if ( rs->sr_operational_attrs ) {
1114 rwm_attrs( op, rs, &rs->sr_operational_attrs, 1 );
1117 return SLAP_CB_CONTINUE;
1121 /* don't use this; it cannot be reverted, and leaves op->o_req_dn
1122 * rewritten for subsequent operations; fine for plain suffixmassage,
1123 * but destroys everything else */
1125 rwm_chk_referrals( Operation *op, SlapReply *rs )
1127 slap_overinst *on = (slap_overinst *) op->o_bd->bd_info;
1130 #ifdef ENABLE_REWRITE
1131 rc = rwm_op_dn_massage( op, rs, "referralCheckDN" );
1132 #else /* ! ENABLE_REWRITE */
1134 rc = rwm_op_dn_massage( op, rs, &rc );
1135 #endif /* ! ENABLE_REWRITE */
1136 if ( rc != LDAP_SUCCESS ) {
1137 op->o_bd->bd_info = (BackendInfo *)on->on_info;
1138 send_ldap_error( op, rs, rc, "referralCheckDN massage error" );
1142 return SLAP_CB_CONTINUE;
1155 #ifdef ENABLE_REWRITE
1156 slap_overinst *on = (slap_overinst *) be->bd_info;
1157 struct ldaprwmap *rwmap =
1158 (struct ldaprwmap *)on->on_bi.bi_private;
1160 return rewrite_parse( rwmap->rwm_rw,
1161 fname, lineno, argc, argv );
1163 #else /* !ENABLE_REWRITE */
1164 fprintf( stderr, "%s: line %d: rewrite capabilities "
1165 "are not enabled\n", fname, lineno );
1166 #endif /* !ENABLE_REWRITE */
1172 rwm_suffixmassage_config(
1180 slap_overinst *on = (slap_overinst *) be->bd_info;
1181 struct ldaprwmap *rwmap =
1182 (struct ldaprwmap *)on->on_bi.bi_private;
1184 struct berval bvnc, nvnc, pvnc, brnc, nrnc, prnc;
1186 #ifdef ENABLE_REWRITE
1188 #endif /* ENABLE_REWRITE */
1193 * suffixmassage [<suffix>] <massaged suffix>
1195 * the [<suffix>] field must be defined as a valid suffix
1196 * for the current database;
1197 * the <massaged suffix> shouldn't have already been
1198 * defined as a valid suffix for the current server
1201 if ( be->be_suffix == NULL ) {
1202 fprintf( stderr, "%s: line %d: "
1203 " \"suffixMassage [<suffix>]"
1204 " <massaged suffix>\" without "
1205 "<suffix> part requires database "
1206 "suffix be defined first.\n",
1210 bvnc = be->be_suffix[ 0 ];
1213 } else if ( argc == 3 ) {
1214 ber_str2bv( argv[ 1 ], 0, 0, &bvnc );
1218 fprintf( stderr, "%s: line %d: syntax is"
1219 " \"suffixMassage [<suffix>]"
1220 " <massaged suffix>\"\n",
1225 if ( dnPrettyNormal( NULL, &bvnc, &pvnc, &nvnc, NULL ) != LDAP_SUCCESS ) {
1226 fprintf( stderr, "%s: line %d: suffix DN %s is invalid\n",
1227 fname, lineno, bvnc.bv_val );
1231 ber_str2bv( argv[ massaged ], 0, 0, &brnc );
1232 if ( dnPrettyNormal( NULL, &brnc, &prnc, &nrnc, NULL ) != LDAP_SUCCESS ) {
1233 fprintf( stderr, "%s: line %d: suffix DN %s is invalid\n",
1234 fname, lineno, brnc.bv_val );
1235 free( nvnc.bv_val );
1236 free( pvnc.bv_val );
1240 #ifdef ENABLE_REWRITE
1242 * The suffix massaging is emulated
1243 * by means of the rewrite capabilities
1245 rc = rwm_suffix_massage_config( rwmap->rwm_rw,
1246 &pvnc, &nvnc, &prnc, &nrnc );
1247 free( nvnc.bv_val );
1248 free( pvnc.bv_val );
1249 free( nrnc.bv_val );
1250 free( prnc.bv_val );
1254 #else /* !ENABLE_REWRITE */
1255 ber_bvarray_add( &rwmap->rwm_suffix_massage, &pvnc );
1256 ber_bvarray_add( &rwmap->rwm_suffix_massage, &nvnc );
1258 ber_bvarray_add( &rwmap->rwm_suffix_massage, &prnc );
1259 ber_bvarray_add( &rwmap->rwm_suffix_massage, &nrnc );
1260 #endif /* !ENABLE_REWRITE */
1274 slap_overinst *on = (slap_overinst *) be->bd_info;
1275 struct ldaprwmap *rwmap =
1276 (struct ldaprwmap *)on->on_bi.bi_private;
1278 /* objectclass/attribute mapping */
1279 return rwm_map_config( &rwmap->rwm_oc,
1281 fname, lineno, argc, argv );
1285 rwm_response( Operation *op, SlapReply *rs )
1287 slap_overinst *on = (slap_overinst *)op->o_bd->bd_info;
1288 struct ldaprwmap *rwmap =
1289 (struct ldaprwmap *)on->on_bi.bi_private;
1293 if ( op->o_tag == LDAP_REQ_SEARCH && rs->sr_type == REP_SEARCH ) {
1294 return rwm_send_entry( op, rs );
1297 switch( op->o_tag ) {
1298 case LDAP_REQ_SEARCH:
1299 /* Note: the operation attrs are remapped */
1300 if ( rs->sr_type == REP_RESULT
1301 && op->ors_attrs != NULL
1302 && op->ors_attrs != rs->sr_attrs )
1304 ch_free( op->ors_attrs );
1305 op->ors_attrs = rs->sr_attrs;
1311 case LDAP_REQ_DELETE:
1312 case LDAP_REQ_MODRDN:
1313 case LDAP_REQ_MODIFY:
1314 case LDAP_REQ_COMPARE:
1315 case LDAP_REQ_EXTENDED:
1320 * Rewrite the dn of the referrals, if needed
1323 #ifdef ENABLE_REWRITE
1324 dc.conn = op->o_conn;
1326 dc.ctx = "referralDN";
1327 #else /* ! ENABLE_REWRITE */
1330 #endif /* ! ENABLE_REWRITE */
1331 rc = rwm_referral_result_rewrite( &dc, rs->sr_ref );
1332 if ( rc != LDAP_SUCCESS ) {
1337 rc = rwm_matched( op, rs );
1341 rc = SLAP_CB_CONTINUE;
1357 slap_overinst *on = (slap_overinst *) be->bd_info;
1358 struct ldaprwmap *rwmap =
1359 (struct ldaprwmap *)on->on_bi.bi_private;
1364 if ( strncasecmp( argv[ 0 ], "rwm-", STRLENOF( "rwm-" ) ) == 0 ) {
1366 argv[ 0 ] = &argv0[ STRLENOF( "rwm-" ) ];
1369 if ( strncasecmp( argv[0], "rewrite", STRLENOF("rewrite") ) == 0 ) {
1370 rc = rwm_rw_config( be, fname, lineno, argc, argv );
1372 } else if ( strcasecmp( argv[0], "map" ) == 0 ) {
1373 rc = rwm_m_config( be, fname, lineno, argc, argv );
1375 } else if ( strcasecmp( argv[0], "suffixmassage" ) == 0 ) {
1376 rc = rwm_suffixmassage_config( be, fname, lineno, argc, argv );
1378 } else if ( strcasecmp( argv[0], "t-f-support" ) == 0 ) {
1381 "%s: line %d: \"t-f-support {no|yes|discover}\" needs 1 argument.\n",
1386 if ( strcasecmp( argv[ 1 ], "no" ) == 0 ) {
1387 rwmap->rwm_flags &= ~(RWM_F_SUPPORT_T_F|RWM_F_SUPPORT_T_F_DISCOVER);
1389 } else if ( strcasecmp( argv[ 1 ], "yes" ) == 0 ) {
1390 rwmap->rwm_flags |= RWM_F_SUPPORT_T_F;
1393 /* TODO: not implemented yet */
1394 } else if ( strcasecmp( argv[ 1 ], "discover" ) == 0 ) {
1395 rwmap->rwm_flags |= RWM_F_SUPPORT_T_F_DISCOVER;
1400 "%s: line %d: unknown value \"%s\" for \"t-f-support {no|yes|discover}\".\n",
1401 fname, lineno, argv[ 1 ] );
1406 rc = SLAP_CONF_UNKNOWN;
1421 slap_overinst *on = (slap_overinst *) be->bd_info;
1422 struct ldapmapping *mapping = NULL;
1423 struct ldaprwmap *rwmap;
1424 #ifdef ENABLE_REWRITE
1426 #endif /* ENABLE_REWRITE */
1428 rwmap = (struct ldaprwmap *)ch_calloc( 1, sizeof( struct ldaprwmap ) );
1430 #ifdef ENABLE_REWRITE
1431 rwmap->rwm_rw = rewrite_info_init( REWRITE_MODE_USE_DEFAULT );
1432 if ( rwmap->rwm_rw == NULL ) {
1437 /* this rewriteContext by default must be null;
1438 * rules can be added if required */
1439 rargv[ 0 ] = "rewriteContext";
1440 rargv[ 1 ] = "searchFilter";
1442 rewrite_parse( rwmap->rwm_rw, "<suffix massage>", 1, 2, rargv );
1444 rargv[ 0 ] = "rewriteContext";
1445 rargv[ 1 ] = "default";
1447 rewrite_parse( rwmap->rwm_rw, "<suffix massage>", 2, 2, rargv );
1448 #endif /* ENABLE_REWRITE */
1450 if ( rwm_map_init( &rwmap->rwm_oc, &mapping ) != LDAP_SUCCESS ||
1451 rwm_map_init( &rwmap->rwm_at, &mapping ) != LDAP_SUCCESS )
1456 on->on_bi.bi_private = (void *)rwmap;
1466 slap_overinst *on = (slap_overinst *) be->bd_info;
1469 if ( on->on_bi.bi_private ) {
1470 struct ldaprwmap *rwmap =
1471 (struct ldaprwmap *)on->on_bi.bi_private;
1473 #ifdef ENABLE_REWRITE
1474 if (rwmap->rwm_rw) {
1475 rewrite_info_delete( &rwmap->rwm_rw );
1477 #else /* !ENABLE_REWRITE */
1478 if ( rwmap->rwm_suffix_massage ) {
1479 ber_bvarray_free( rwmap->rwm_suffix_massage );
1481 #endif /* !ENABLE_REWRITE */
1483 avl_free( rwmap->rwm_oc.remap, NULL );
1484 avl_free( rwmap->rwm_oc.map, rwm_mapping_free );
1485 avl_free( rwmap->rwm_at.remap, NULL );
1486 avl_free( rwmap->rwm_at.map, rwm_mapping_free );
1494 static slap_overinst rwm = { { NULL } };
1499 memset( &rwm, 0, sizeof( slap_overinst ) );
1501 rwm.on_bi.bi_type = "rwm";
1503 rwm.on_bi.bi_db_init = rwm_db_init;
1504 rwm.on_bi.bi_db_config = rwm_db_config;
1505 rwm.on_bi.bi_db_destroy = rwm_db_destroy;
1507 rwm.on_bi.bi_op_bind = rwm_op_bind;
1508 rwm.on_bi.bi_op_search = rwm_op_search;
1509 rwm.on_bi.bi_op_compare = rwm_op_compare;
1510 rwm.on_bi.bi_op_modify = rwm_op_modify;
1511 rwm.on_bi.bi_op_modrdn = rwm_op_modrdn;
1512 rwm.on_bi.bi_op_add = rwm_op_add;
1513 rwm.on_bi.bi_op_delete = rwm_op_delete;
1514 rwm.on_bi.bi_op_unbind = rwm_op_unbind;
1515 rwm.on_bi.bi_extended = rwm_extended;
1517 rwm.on_bi.bi_operational = rwm_operational;
1518 rwm.on_bi.bi_chk_referrals = 0 /* rwm_chk_referrals */ ;
1520 #ifdef ENABLE_REWRITE
1521 rwm.on_bi.bi_connection_init = rwm_conn_init;
1522 rwm.on_bi.bi_connection_destroy = rwm_conn_destroy;
1523 #endif /* ENABLE_REWRITE */
1525 rwm.on_response = rwm_response;
1527 return overlay_register( &rwm );
1530 #if SLAPD_OVER_RWM == SLAPD_MOD_DYNAMIC
1532 init_module( int argc, char *argv[] )
1536 #endif /* SLAPD_OVER_RWM == SLAPD_MOD_DYNAMIC */
1538 #endif /* SLAPD_OVER_RWM */