From d7bdb8cb2499737d97393aae24de9a183a2d229a Mon Sep 17 00:00:00 2001
From: Pierangelo Masarati <ando@openldap.org>
Date: Sat, 13 Nov 2004 12:15:40 +0000
Subject: [PATCH] disable referral rewrite in default suffix massage
---
doc/man/man5/slapo-rwm.5 | 8 ++-
servers/slapd/overlays/rwm.c | 100 ++++++++++++++++---------------
servers/slapd/overlays/rwm.h | 7 ++-
servers/slapd/overlays/rwmconf.c | 13 ++++
servers/slapd/overlays/rwmdn.c | 4 +-
servers/slapd/overlays/rwmmap.c | 10 ++--
6 files changed, 82 insertions(+), 60 deletions(-)
diff --git a/doc/man/man5/slapo-rwm.5 b/doc/man/man5/slapo-rwm.5
index fb4338130b..4fc074f311 100644
--- a/doc/man/man5/slapo-rwm.5
+++ b/doc/man/man5/slapo-rwm.5
@@ -299,9 +299,11 @@ searchFilterAttrDN search
compareDN compare
compareAttrDN compare AVA
addDN add
-addAttrDN add AVA (including "ref")
+addAttrDN add AVA (DN portion of "ref" excluded)
modifyDN modify
-modifyAttrDN modify AVA (including "ref")
+modifyAttrDN modify AVA (DN portion of "ref" excluded)
+referralAttrDN add/modify DN portion of referrals
+ (default to none)
modrDN modrdn
newSuperiorDN modrdn
deleteDN delete
@@ -321,7 +323,7 @@ searchAttrDN search AVA (only if defined; defaults
matchedDN all ops (only if applicable; defaults
to searchEntryDN)
referralDN all ops (only if applicable; defaults
- to searchEntryDN)
+ to none)
.fi
.RE
.LP
diff --git a/servers/slapd/overlays/rwm.c b/servers/slapd/overlays/rwm.c
index f1bf2fdce7..13a66e1d89 100644
--- a/servers/slapd/overlays/rwm.c
+++ b/servers/slapd/overlays/rwm.c
@@ -47,10 +47,10 @@ rwm_op_dn_massage( Operation *op, SlapReply *rs, void *cookie )
dc.conn = op->o_conn;
dc.rs = rs;
dc.ctx = (char *)cookie;
-#else
+#else /* ! ENABLE_REWRITE */
dc.tofrom = ((int *)cookie)[0];
dc.normalized = 0;
-#endif
+#endif /* ! ENABLE_REWRITE */
/* NOTE: in those cases where only the ndn is available,
* and the caller sets op->o_req_dn = op->o_req_ndn,
@@ -96,10 +96,10 @@ rwm_add( Operation *op, SlapReply *rs )
#ifdef ENABLE_REWRITE
rc = rwm_op_dn_massage( op, rs, "addDN" );
-#else
+#else /* ! ENABLE_REWRITE */
rc = 1;
rc = rwm_op_dn_massage( op, rs, &rc );
-#endif
+#endif /* ! ENABLE_REWRITE */
if ( rc != LDAP_SUCCESS ) {
op->o_bd->bd_info = (BackendInfo *)on->on_info;
send_ldap_error( op, rs, rc, "addDN massage error" );
@@ -140,25 +140,25 @@ rwm_add( Operation *op, SlapReply *rs )
rc = rwm_dnattr_rewrite( op, rs, "addAttrDN",
(*ap)->a_vals,
(*ap)->a_nvals ? &(*ap)->a_nvals : NULL );
-#else
+#else /* ! ENABLE_REWRITE */
rc = 1;
rc = rwm_dnattr_rewrite( op, rs, &rc, (*ap)->a_vals,
(*ap)->a_nvals ? &(*ap)->a_nvals : NULL );
-#endif
+#endif /* ! ENABLE_REWRITE */
if ( rc ) {
goto cleanup_attr;
}
} else if ( (*ap)->a_desc == slap_schema.si_ad_ref ) {
#ifdef ENABLE_REWRITE
- rc = rwm_referral_rewrite( op, rs, "addAttrDN",
+ rc = rwm_referral_rewrite( op, rs, "referralAttrDN",
(*ap)->a_vals,
(*ap)->a_nvals ? &(*ap)->a_nvals : NULL );
-#else
+#else /* ! ENABLE_REWRITE */
rc = 1;
rc = rwm_referral_rewrite( op, rs, &rc, (*ap)->a_vals,
(*ap)->a_nvals ? &(*ap)->a_nvals : NULL );
-#endif
+#endif /* ! ENABLE_REWRITE */
if ( rc != LDAP_SUCCESS ) {
goto cleanup_attr;
}
@@ -194,10 +194,10 @@ rwm_bind( Operation *op, SlapReply *rs )
( void )rewrite_session_init( rwmap->rwm_rw, op->o_conn );
rc = rwm_op_dn_massage( op, rs, "bindDN" );
-#else
+#else /* ! ENABLE_REWRITE */
rc = 1;
rc = rwm_op_dn_massage( op, rs, &rc );
-#endif
+#endif /* ! ENABLE_REWRITE */
if ( rc != LDAP_SUCCESS ) {
op->o_bd->bd_info = (BackendInfo *)on->on_info;
send_ldap_error( op, rs, rc, "bindDN massage error" );
@@ -216,7 +216,7 @@ rwm_unbind( Operation *op, SlapReply *rs )
#ifdef ENABLE_REWRITE
rewrite_session_delete( rwmap->rwm_rw, op->o_conn );
-#endif
+#endif /* ENABLE_REWRITE */
return SLAP_CB_CONTINUE;
}
@@ -234,10 +234,10 @@ rwm_compare( Operation *op, SlapReply *rs )
#ifdef ENABLE_REWRITE
rc = rwm_op_dn_massage( op, rs, "compareDN" );
-#else
+#else /* ! ENABLE_REWRITE */
rc = 1;
rc = rwm_op_dn_massage( op, rs, &rc );
-#endif
+#endif /* ! ENABLE_REWRITE */
if ( rc != LDAP_SUCCESS ) {
op->o_bd->bd_info = (BackendInfo *)on->on_info;
send_ldap_error( op, rs, rc, "compareDN massage error" );
@@ -282,10 +282,10 @@ rwm_compare( Operation *op, SlapReply *rs )
#ifdef ENABLE_REWRITE
rc = rwm_dnattr_rewrite( op, rs, "compareAttrDN", NULL, mapped_valsp );
-#else
+#else /* ! ENABLE_REWRITE */
rc = 1;
rc = rwm_dnattr_rewrite( op, rs, &rc, NULL, mapped_valsp );
-#endif
+#endif /* ! ENABLE_REWRITE */
if ( rc != LDAP_SUCCESS ) {
op->o_bd->bd_info = (BackendInfo *)on->on_info;
@@ -308,10 +308,10 @@ rwm_delete( Operation *op, SlapReply *rs )
#ifdef ENABLE_REWRITE
rc = rwm_op_dn_massage( op, rs, "deleteDN" );
-#else
+#else /* ! ENABLE_REWRITE */
rc = 1;
rc = rwm_op_dn_massage( op, rs, &rc );
-#endif
+#endif /* ! ENABLE_REWRITE */
if ( rc != LDAP_SUCCESS ) {
op->o_bd->bd_info = (BackendInfo *)on->on_info;
send_ldap_error( op, rs, rc, "deleteDN massage error" );
@@ -333,10 +333,10 @@ rwm_modify( Operation *op, SlapReply *rs )
#ifdef ENABLE_REWRITE
rc = rwm_op_dn_massage( op, rs, "modifyDN" );
-#else
+#else /* ! ENABLE_REWRITE */
rc = 1;
rc = rwm_op_dn_massage( op, rs, &rc );
-#endif
+#endif /* ! ENABLE_REWRITE */
if ( rc != LDAP_SUCCESS ) {
op->o_bd->bd_info = (BackendInfo *)on->on_info;
send_ldap_error( op, rs, rc, "modifyDN massage error" );
@@ -414,23 +414,25 @@ rwm_modify( Operation *op, SlapReply *rs )
rc = rwm_dnattr_rewrite( op, rs, "modifyAttrDN",
(*mlp)->sml_values,
(*mlp)->sml_nvalues ? &(*mlp)->sml_nvalues : NULL );
-#else
+#else /* ! ENABLE_REWRITE */
rc = 1;
rc = rwm_dnattr_rewrite( op, rs, &rc,
(*mlp)->sml_values,
(*mlp)->sml_nvalues ? &(*mlp)->sml_nvalues : NULL );
-#endif
+#endif /* ! ENABLE_REWRITE */
+
} else if ( (*mlp)->sml_desc == slap_schema.si_ad_ref ) {
#ifdef ENABLE_REWRITE
- rc = rwm_referral_rewrite( op, rs, "modifyAttrDN",
+ rc = rwm_referral_rewrite( op, rs,
+ "referralAttrDN",
(*mlp)->sml_values,
(*mlp)->sml_nvalues ? &(*mlp)->sml_nvalues : NULL );
-#else
+#else /* ! ENABLE_REWRITE */
rc = 1;
rc = rwm_referral_rewrite( op, rs, &rc,
(*mlp)->sml_values,
(*mlp)->sml_nvalues ? &(*mlp)->sml_nvalues : NULL );
-#endif
+#endif /* ! ENABLE_REWRITE */
if ( rc != LDAP_SUCCESS ) {
goto cleanup_mod;
}
@@ -479,10 +481,10 @@ rwm_modrdn( Operation *op, SlapReply *rs )
dc.conn = op->o_conn;
dc.rs = rs;
dc.ctx = "newSuperiorDN";
-#else
+#else /* ! ENABLE_REWRITE */
dc.tofrom = 0;
dc.normalized = 0;
-#endif
+#endif /* ! ENABLE_REWRITE */
rc = rwm_dn_massage( &dc, op->orr_newSup, &newSup, &nnewSup );
if ( rc != LDAP_SUCCESS ) {
op->o_bd->bd_info = (BackendInfo *)on->on_info;
@@ -503,10 +505,10 @@ rwm_modrdn( Operation *op, SlapReply *rs )
*/
#ifdef ENABLE_REWRITE
rc = rwm_op_dn_massage( op, rs, "renameDN" );
-#else
+#else /* ! ENABLE_REWRITE */
rc = 1;
rc = rwm_op_dn_massage( op, rs, &rc );
-#endif
+#endif /* ! ENABLE_REWRITE */
if ( rc != LDAP_SUCCESS ) {
op->o_bd->bd_info = (BackendInfo *)on->on_info;
send_ldap_error( op, rs, rc, "renameDN massage error" );
@@ -560,10 +562,10 @@ rwm_search( Operation *op, SlapReply *rs )
#ifdef ENABLE_REWRITE
rc = rwm_op_dn_massage( op, rs, "searchDN" );
-#else
+#else /* ! ENABLE_REWRITE */
rc = 1;
rc = rwm_op_dn_massage( op, rs, &rc );
-#endif
+#endif /* ! ENABLE_REWRITE */
if ( rc != LDAP_SUCCESS ) {
text = "searchDN massage error";
goto error_return;
@@ -577,10 +579,10 @@ rwm_search( Operation *op, SlapReply *rs )
dc.conn = op->o_conn;
dc.rs = rs;
dc.ctx = "searchFilterAttrDN";
-#else
+#else /* ! ENABLE_REWRITE */
dc.tofrom = 0;
dc.normalized = 0;
-#endif
+#endif /* ! ENABLE_REWRITE */
rc = rwm_filter_map_rewrite( &dc, op->ors_filter, &fstr );
if ( rc != LDAP_SUCCESS ) {
@@ -658,10 +660,10 @@ rwm_extended( Operation *op, SlapReply *rs )
#ifdef ENABLE_REWRITE
rc = rwm_op_dn_massage( op, rs, "extendedDN" );
-#else
+#else /* ! ENABLE_REWRITE */
rc = 1;
rc = rwm_op_dn_massage( op, rs, &rc );
-#endif
+#endif /* ! ENABLE_REWRITE */
if ( rc != LDAP_SUCCESS ) {
op->o_bd->bd_info = (BackendInfo *)on->on_info;
send_ldap_error( op, rs, rc, "extendedDN massage error" );
@@ -692,10 +694,10 @@ rwm_matched( Operation *op, SlapReply *rs )
dc.conn = op->o_conn;
dc.rs = rs;
dc.ctx = "matchedDN";
-#else
+#else /* ! ENABLE_REWRITE */
dc.tofrom = 0;
dc.normalized = 0;
-#endif
+#endif /* ! ENABLE_REWRITE */
ber_str2bv( rs->sr_matched, 0, 0, &dn );
rc = rwm_dn_massage( &dc, &dn, &mdn, NULL );
if ( rc != LDAP_SUCCESS ) {
@@ -735,10 +737,10 @@ rwm_attrs( Operation *op, SlapReply *rs, Attribute** a_first )
#ifdef ENABLE_REWRITE
dc.conn = op->o_conn;
dc.rs = NULL;
-#else
+#else /* ! ENABLE_REWRITE */
dc.tofrom = 0;
dc.normalized = 0;
-#endif
+#endif /* ! ENABLE_REWRITE */
/* FIXME: the entries are in the remote mapping form;
* so we need to select those attributes we are willing
@@ -835,7 +837,7 @@ rwm_attrs( Operation *op, SlapReply *rs, Attribute** a_first )
{
#ifdef ENABLE_REWRITE
dc.ctx = "searchAttrDN";
-#endif
+#endif /* ENABLE_REWRITE */
rc = rwm_dnattr_result_rewrite( &dc, (*ap)->a_vals );
if ( rc != LDAP_SUCCESS ) {
goto cleanup_attr;
@@ -844,7 +846,7 @@ rwm_attrs( Operation *op, SlapReply *rs, Attribute** a_first )
} else if ( (*ap)->a_desc == slap_schema.si_ad_ref ) {
#ifdef ENABLE_REWRITE
dc.ctx = "searchAttrDN";
-#endif
+#endif /* ENABLE_REWRITE */
rc = rwm_referral_result_rewrite( &dc, (*ap)->a_vals );
if ( rc != LDAP_SUCCESS ) {
goto cleanup_attr;
@@ -895,10 +897,10 @@ rwm_send_entry( Operation *op, SlapReply *rs )
dc.conn = op->o_conn;
dc.rs = NULL;
dc.ctx = "searchEntryDN";
-#else
+#else /* ! ENABLE_REWRITE */
dc.tofrom = 0;
dc.normalized = 0;
-#endif
+#endif /* ! ENABLE_REWRITE */
e = rs->sr_entry;
flags = rs->sr_flags;
@@ -1143,10 +1145,10 @@ rwm_response( Operation *op, SlapReply *rs )
dc.conn = op->o_conn;
dc.rs = NULL;
dc.ctx = "referralDN";
-#else
+#else /* ! ENABLE_REWRITE */
dc.tofrom = 0;
dc.normalized = 0;
-#endif
+#endif /* ! ENABLE_REWRITE */
rc = rwm_referral_result_rewrite( &dc, rs->sr_ref );
if ( rc != LDAP_SUCCESS ) {
rc = 1;
@@ -1285,7 +1287,7 @@ static slap_overinst rwm = { { NULL } };
int
rwm_init(void)
{
- memset( &rwm, 0, sizeof(slap_overinst) );
+ memset( &rwm, 0, sizeof( slap_overinst ) );
rwm.on_bi.bi_type = "rwm";
rwm.on_bi.bi_db_init = rwm_over_init;
@@ -1309,9 +1311,11 @@ rwm_init(void)
}
#if SLAPD_OVER_RWM == SLAPD_MOD_DYNAMIC
-int init_module(int argc, char *argv[]) {
+int
+init_module( int argc, char *argv[] )
+{
return rwm_init();
}
-#endif
+#endif /* SLAPD_OVER_RWM == SLAPD_MOD_DYNAMIC */
#endif /* SLAPD_OVER_RWM */
diff --git a/servers/slapd/overlays/rwm.h b/servers/slapd/overlays/rwm.h
index 3bdee4f656..4b01146498 100644
--- a/servers/slapd/overlays/rwm.h
+++ b/servers/slapd/overlays/rwm.h
@@ -31,6 +31,9 @@
LDAP_BEGIN_DECL
+/* define to enable referral DN massage by default */
+#undef RWM_REFERRAL_REWRITE
+
struct ldapmap {
int drop_missing;
@@ -87,10 +90,10 @@ typedef struct dncookie {
Connection *conn;
char *ctx;
SlapReply *rs;
-#else
+#else /* !ENABLE_REWRITE */
int normalized;
int tofrom;
-#endif
+#endif /* !ENABLE_REWRITE */
} dncookie;
int rwm_dn_massage( dncookie *dc, struct berval *in,
diff --git a/servers/slapd/overlays/rwmconf.c b/servers/slapd/overlays/rwmconf.c
index f252298826..ba20bc35a7 100644
--- a/servers/slapd/overlays/rwmconf.c
+++ b/servers/slapd/overlays/rwmconf.c
@@ -338,12 +338,25 @@ rwm_suffix_massage_config(
rargv[ 4 ] = NULL;
rewrite_parse( info, "<suffix massage>", ++line, 4, rargv );
+#ifdef RWM_REFERRAL_REWRITE
+ /* FIXME: we don't want this on by default, do we? */
rargv[ 0 ] = "rewriteContext";
rargv[ 1 ] = "referralDN";
rargv[ 2 ] = "alias";
rargv[ 3 ] = "searchEntryDN";
rargv[ 4 ] = NULL;
rewrite_parse( info, "<suffix massage>", ++line, 4, rargv );
+#else /* ! RWM_REFERRAL_REWRITE */
+ rargv[ 0 ] = "rewriteContext";
+ rargv[ 1 ] = "referralAttrDN";
+ rargv[ 2 ] = NULL;
+ rewrite_parse( info, "<suffix massage>", ++line, 2, rargv );
+
+ rargv[ 0 ] = "rewriteContext";
+ rargv[ 1 ] = "referralDN";
+ rargv[ 2 ] = NULL;
+ rewrite_parse( info, "<suffix massage>", ++line, 2, rargv );
+#endif /* ! RWM_REFERRAL_REWRITE */
rargv[ 0 ] = "rewriteContext";
rargv[ 1 ] = "searchAttrDN";
diff --git a/servers/slapd/overlays/rwmdn.c b/servers/slapd/overlays/rwmdn.c
index e867ce9361..bcf5f6a28a 100644
--- a/servers/slapd/overlays/rwmdn.c
+++ b/servers/slapd/overlays/rwmdn.c
@@ -116,7 +116,7 @@ rwm_dn_massage(
return rc;
}
-#else
+#else /* ! ENABLE_REWRITE */
/*
* rwm_dn_massage
*
@@ -258,6 +258,6 @@ rwm_dn_massage(
return LDAP_SUCCESS;
}
-#endif /* !ENABLE_REWRITE */
+#endif /* ! ENABLE_REWRITE */
#endif /* SLAPD_OVER_RWM */
diff --git a/servers/slapd/overlays/rwmmap.c b/servers/slapd/overlays/rwmmap.c
index a390a37116..3a29f3ed21 100644
--- a/servers/slapd/overlays/rwmmap.c
+++ b/servers/slapd/overlays/rwmmap.c
@@ -386,7 +386,7 @@ map_attr_value(
#ifdef ENABLE_REWRITE
fdc.ctx = "searchFilterAttrDN";
-#endif
+#endif /* ENABLE_REWRITE */
rc = rwm_dn_massage( &fdc, value, NULL, &vtmp );
switch ( rc ) {
@@ -773,10 +773,10 @@ rwm_referral_rewrite(
dc.conn = op->o_conn;
dc.rs = rs;
dc.ctx = (char *)cookie;
-#else
+#else /* ! ENABLE_REWRITE */
dc.tofrom = ((int *)cookie)[0];
dc.normalized = 0;
-#endif
+#endif /* ! ENABLE_REWRITE */
for ( last = 0; !BER_BVISNULL( &a_vals[last] ); last++ );
if ( pa_nvals != NULL ) {
@@ -922,10 +922,10 @@ rwm_dnattr_rewrite(
dc.conn = op->o_conn;
dc.rs = rs;
dc.ctx = (char *)cookie;
-#else
+#else /* ! ENABLE_REWRITE */
dc.tofrom = ((int *)cookie)[0];
dc.normalized = 0;
-#endif
+#endif /* ! ENABLE_REWRITE */
for ( last = 0; !BER_BVISNULL( &in[last] ); last++ );
if ( pa_nvals != NULL ) {
--
GitLab