Skip to content
GitLab
Commit 68c5f6fa authored by Howard Chu's avatar Howard Chu
Browse files

Cleanup ENABLE_REWRITE ifdefs, put into a new ldap_back_dn_massage(). 

All DN attrs are massaged, whether or not ENABLE_REWRITE is defined.
Use "dnAttr" rewriteContext for Add, Compare, & Modify.
Fixed ldap_back_compare.
parent 45d77aea
Hide whitespace changes
Inline Side-by-side
servers/slapd/back-ldap/add.c
View file @ 68c5f6fa
......@@ -58,6 +58,7 @@ ldap_back_add(
struct berval mapped;
struct berval mdn = { 0, NULL };
ber_int_t msgid;
dncookie dc;
#ifdef NEW_LOGGING
LDAP_LOG( BACK_LDAP, ENTRY, "ldap_back_add: %s\n", op->o_req_dn.bv_val, 0, 0 );
......@@ -73,37 +74,19 @@ ldap_back_add(
/*
* Rewrite the add dn, if needed
*/
dc.li = li;
#ifdef ENABLE_REWRITE
switch (rewrite_session( li->rwinfo, "addDn", op->o_req_dn.bv_val, op->o_conn,
&mdn.bv_val )) {
case REWRITE_REGEXEC_OK:
if ( mdn.bv_val != NULL && mdn.bv_val[ 0 ] != '\0' ) {
mdn.bv_len = strlen( mdn.bv_val );
} else {
mdn = op->o_req_dn;
}
#ifdef NEW_LOGGING
LDAP_LOG( BACK_LDAP, DETAIL1,
"[rw] addDn: \"%s\" -> \"%s\"\n", op->o_req_dn.bv_val, mdn.bv_val, 0 );
#else /* !NEW_LOGGING */
Debug( LDAP_DEBUG_ARGS, "rw> addDn: \"%s\" -> \"%s\"\n%s",
op->o_req_dn.bv_val, mdn.bv_val, "" );
#endif /* !NEW_LOGGING */
break;
case REWRITE_REGEXEC_UNWILLING:
send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM,
"Operation not allowed" );
return( -1 );
case REWRITE_REGEXEC_ERR:
send_ldap_error( op, rs, LDAP_OTHER,
"Rewrite error" );
return( -1 );
dc.conn = op->o_conn;
dc.rs = rs;
dc.ctx = "addDn";
#else
dc.tofrom = 1;
dc.normalized = 0;
#endif
if ( ldap_back_dn_massage( &dc, &op->o_req_dn, &mdn ) ) {
send_ldap_result( op, rs );
return -1;
}
#else /* !ENABLE_REWRITE */
ldap_back_dn_massage( li, &op->o_req_dn, &mdn, 0, 1 );
#endif /* !ENABLE_REWRITE */
/* Count number of attributes in entry */
for (i = 1, a = op->oq_add.rs_e->e_attrs; a; i++, a = a->a_next)
......@@ -113,25 +96,6 @@ ldap_back_add(
attrs = (LDAPMod **)ch_malloc(sizeof(LDAPMod *)*i);
for (i=0, a=op->oq_add.rs_e->e_attrs; a; a=a->a_next) {
/*
* lastmod should always be <off>, so that
* creation/modification operational attrs
* of the target directory are used, if available
*/
#if 0
if ( !strcasecmp( a->a_desc->ad_cname.bv_val,
slap_schema.si_ad_creatorsName->ad_cname.bv_val )
|| !strcasecmp( a->a_desc->ad_cname.bv_val,
slap_schema.si_ad_createTimestamp->ad_cname.bv_val )
|| !strcasecmp( a->a_desc->ad_cname.bv_val,
slap_schema.si_ad_modifiersName->ad_cname.bv_val )
|| !strcasecmp( a->a_desc->ad_cname.bv_val,
slap_schema.si_ad_modifyTimestamp->ad_cname.bv_val )
) {
continue;
}
#endif
if ( a->a_desc->ad_type->sat_no_user_mod ) {
continue;
}
......@@ -150,20 +114,14 @@ ldap_back_add(
attrs[i]->mod_op = LDAP_MOD_BVALUES;
attrs[i]->mod_type = mapped.bv_val;
#ifdef ENABLE_REWRITE
/*
* FIXME: dn-valued attrs should be rewritten
* to allow their use in ACLs at back-ldap level.
*/
if ( strcmp( a->a_desc->ad_type->sat_syntax->ssyn_oid,
SLAPD_DN_SYNTAX ) == 0 ) {
if ( a->a_desc->ad_type->sat_syntax ==
slap_schema.si_syn_distinguishedName ) {
/*
* FIXME: rewrite could fail; in this case
* the operation should give up, right?
*/
(void)ldap_dnattr_rewrite( li->rwinfo, a->a_vals, op->o_conn );
(void)ldap_dnattr_rewrite( &dc, a->a_vals );
}
#endif /* ENABLE_REWRITE */
for (j=0; a->a_vals[j].bv_val; j++);
attrs[i]->mod_vals.modv_bvals = ch_malloc((j+1)*sizeof(struct berval *));
......@@ -188,59 +146,26 @@ ldap_back_add(
return ldap_back_op_result( lc, op, rs, msgid, 1 ) != LDAP_SUCCESS;
}
#ifdef ENABLE_REWRITE
int
ldap_dnattr_rewrite(
struct rewrite_info *rwinfo,
BerVarray a_vals,
void *cookie
dncookie *dc,
BerVarray a_vals
)
{
char *mattr;
struct berval bv;
#ifdef ENABLE_REWRITE
dc->ctx="dnAttr";
#endif
for ( ; a_vals->bv_val != NULL; a_vals++ ) {
switch ( rewrite_session( rwinfo, "bindDn", a_vals->bv_val,
cookie, &mattr )) {
case REWRITE_REGEXEC_OK:
if ( mattr == NULL ) {
/* no substitution */
continue;
}
#ifdef NEW_LOGGING
LDAP_LOG( BACK_LDAP, DETAIL1,
"[rw] bindDn (in add of dn-valued"
" attr): \"%s\" -> \"%s\"\n", a_vals->bv_val, mattr, 0 );
#else /* !NEW_LOGGING */
Debug( LDAP_DEBUG_ARGS,
"rw> bindDn (in add of dn-valued attr):"
" \"%s\" -> \"%s\"\n%s",
a_vals->bv_val, mattr, "" );
#endif /* !NEW_LOGGING */
ldap_back_dn_massage( dc, a_vals, &bv );
/*
* FIXME: replacing server-allocated memory
* (ch_malloc) with librewrite allocated memory
* (malloc)
*/
/* leave attr untouched if massage failed */
if ( bv.bv_val && bv.bv_val != a_vals->bv_val ) {
ch_free( a_vals->bv_val );
a_vals->bv_val = mattr;
a_vals->bv_len = strlen( mattr );
break;
case REWRITE_REGEXEC_UNWILLING:
case REWRITE_REGEXEC_ERR:
/*
* FIXME: better give up,
* skip the attribute
* or leave it untouched?
*/
break;
*a_vals = bv;
}
}
return 0;
}
#endif /* ENABLE_REWRITE */
servers/slapd/back-ldap/back-ldap.h
View file @ 68c5f6fa
......@@ -98,8 +98,21 @@ int ldap_back_op_result(struct ldapconn *lc, Operation *op, SlapReply *rs,
ber_int_t msgid, int sendok);
int back_ldap_LTX_init_module(int argc, char *argv[]);
void ldap_back_dn_massage(struct ldapinfo *li, struct berval *dn,
struct berval *res, int normalized, int tofrom);
/* Whatever context ldap_back_dn_massage needs... */
typedef struct dncookie {
struct ldapinfo *li;
#ifdef ENABLE_REWRITE
Connection *conn;
char *ctx;
SlapReply *rs;
#else
int normalized;
int tofrom;
#endif
} dncookie;
int ldap_back_dn_massage(dncookie *dc, struct berval *dn,
struct berval *res);
extern int ldap_back_conn_cmp( const void *c1, const void *c2);
extern int ldap_back_conn_dup( void *c1, void *c2 );
......@@ -157,8 +170,8 @@ ldap_back_filter_map_rewrite_(
extern int suffix_massage_config( struct rewrite_info *info,
struct berval *pvnc, struct berval *nvnc,
struct berval *prnc, struct berval *nrnc);
extern int ldap_dnattr_rewrite( struct rewrite_info *rwinfo, BerVarray a_vals, void *cookie );
#endif /* ENABLE_REWRITE */
extern int ldap_dnattr_rewrite( dncookie *dc, BerVarray a_vals );
LDAP_END_DECL
......
servers/slapd/back-ldap/bind.c
View file @ 68c5f6fa
......@@ -62,6 +62,7 @@ ldap_back_bind(
struct berval mdn = { 0, NULL };
int rc = 0;
ber_int_t msgid;
dncookie dc;
lc = ldap_back_getconn(op, rs);
if ( !lc ) {
......@@ -71,40 +72,19 @@ ldap_back_bind(
/*
* Rewrite the bind dn if needed
*/
dc.li = li;
#ifdef ENABLE_REWRITE
switch ( rewrite_session( li->rwinfo, "bindDn",
op->o_req_dn.bv_val,
op->o_conn, &mdn.bv_val ) ) {
case REWRITE_REGEXEC_OK:
if ( mdn.bv_val == NULL ) {
mdn = op->o_req_dn;
} else {
mdn.bv_len = strlen( mdn.bv_val );
}
#ifdef NEW_LOGGING
LDAP_LOG( BACK_LDAP, DETAIL1,
"[rw] bindDn: \"%s\" -> \"%s\"\n",
op->o_req_dn.bv_val, mdn.bv_val, 0 );
#else /* !NEW_LOGGING */
Debug( LDAP_DEBUG_ARGS, "rw> bindDn: \"%s\" -> \"%s\"\n",
op->o_req_dn.bv_val, mdn.bv_val, 0 );
#endif /* !NEW_LOGGING */
break;
case REWRITE_REGEXEC_UNWILLING:
send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM,
"Operation not allowed" );
return( -1 );
case REWRITE_REGEXEC_ERR:
send_ldap_error( op, rs, LDAP_OTHER,
"Rewrite error" );
return( -1 );
dc.conn = op->o_conn;
dc.rs = rs;
dc.ctx = "bindDn";
#else
dc.tofrom = 1;
dc.normalized = 0;
#endif
if ( ldap_back_dn_massage( &dc, &op->o_req_dn, &mdn ) ) {
send_ldap_result( op, rs );
return -1;
}
#else /* !ENABLE_REWRITE */
ldap_back_dn_massage( li, &op->o_req_dn, &mdn, 0, 1 );
#endif /* !ENABLE_REWRITE */
if ( lc->bound_dn.bv_val ) {
ch_free( lc->bound_dn.bv_val );
......@@ -276,7 +256,7 @@ ldap_back_getconn(Operation *op, SlapReply *rs)
/* Looks like we didn't get a bind. Open a new session... */
if (!lc) {
int vers = op->o_conn->c_protocol;
int vers = op->o_protocol;
rs->sr_err = ldap_initialize(&ld, li->url);
if (rs->sr_err != LDAP_SUCCESS) {
......@@ -284,7 +264,7 @@ ldap_back_getconn(Operation *op, SlapReply *rs)
if (rs->sr_text == NULL) {
rs->sr_text = "ldap_initialize() failed";
}
send_ldap_result( op, rs );
if (op->o_conn) send_ldap_result( op, rs );
rs->sr_text = NULL;
return( NULL );
}
......@@ -320,67 +300,37 @@ ldap_back_getconn(Operation *op, SlapReply *rs)
} else {
lc->cred.bv_len = 0;
lc->cred.bv_val = NULL;
lc->bound_dn.bv_val = NULL;
lc->bound_dn.bv_len = 0;
if ( op->o_conn->c_dn.bv_len != 0
&& ( op->o_bd == op->o_conn->c_authz_backend ) ) {
dncookie dc;
struct berval bv;
/*
* Rewrite the bind dn if needed
*/
#ifdef ENABLE_REWRITE
lc->bound_dn.bv_val = NULL;
lc->bound_dn.bv_len = 0;
switch ( rewrite_session( li->rwinfo, "bindDn",
op->o_conn->c_dn.bv_val,
op->o_conn,
&lc->bound_dn.bv_val ) ) {
case REWRITE_REGEXEC_OK:
if ( lc->bound_dn.bv_val == NULL ) {
ber_dupbv( &lc->bound_dn,
&op->o_conn->c_dn );
} else {
lc->bound_dn.bv_len = strlen( lc->bound_dn.bv_val );
}
#ifdef NEW_LOGGING
LDAP_LOG( BACK_LDAP, DETAIL1,
"[rw] bindDn: \"%s\" ->"
" \"%s\"\n",
op->o_conn->c_dn.bv_val,
lc->bound_dn.bv_val, 0 );
#else /* !NEW_LOGGING */
Debug( LDAP_DEBUG_ARGS,
"rw> bindDn: \"%s\" ->"
" \"%s\"\n",
op->o_conn->c_dn.bv_val,
lc->bound_dn.bv_val, 0 );
#endif /* !NEW_LOGGING */
break;
case REWRITE_REGEXEC_UNWILLING:
send_ldap_error( op, rs,
LDAP_UNWILLING_TO_PERFORM,
"Operation not allowed" );
return( NULL );
case REWRITE_REGEXEC_ERR:
send_ldap_error( op, rs,
LDAP_OTHER,
"Rewrite error" );
return( NULL );
dc.li = li;
#ifdef ENABLE_REWRITE
dc.conn = op->o_conn;
dc.rs = rs;
dc.ctx = "bindDn";
#else
dc.tofrom = 1;
dc.normalized = 0;
#endif
if ( ldap_back_dn_massage( &dc, &op->o_conn->c_dn, &bv ) ) {
if (op->o_conn) send_ldap_result( op, rs );
return NULL;
}
#else /* !ENABLE_REWRITE */
struct berval bv;
ldap_back_dn_massage( li, &op->o_conn->c_dn, &bv, 0, 1 );
if ( bv.bv_val == op->o_conn->c_dn.bv_val ) {
ber_dupbv( &lc->bound_dn, &bv );
} else {
lc->bound_dn = bv;
}
#endif /* !ENABLE_REWRITE */
} else {
lc->bound_dn.bv_val = NULL;
lc->bound_dn.bv_len = 0;
}
}
......@@ -408,8 +358,10 @@ ldap_back_getconn(Operation *op, SlapReply *rs)
/* Err could be -1 in case a duplicate ldapconn is inserted */
if ( rs->sr_err != 0 ) {
ldap_back_conn_free( lc );
send_ldap_error( op, rs, LDAP_OTHER,
"internal server error" );
if (op->o_conn) {
send_ldap_error( op, rs, LDAP_OTHER,
"internal server error" );
}
return( NULL );
}
} else {
......@@ -546,27 +498,23 @@ ldap_back_op_result(struct ldapconn *lc, Operation *op, SlapReply *rs,
rs->sr_err = ldap_back_map_result(rs);
/* internal ops must not reply to client */
if ( op->o_conn && !op->o_do_not_cache ) {
if ( op->o_conn && !op->o_do_not_cache && match ) {
struct berval dn, mdn;
dncookie dc;
dc.li = li;
#ifdef ENABLE_REWRITE
if (match) {
switch(rewrite_session(li->rwinfo, "matchedDn", match, op->o_conn,
(char **)&rs->sr_matched)) {
case REWRITE_REGEXEC_OK:
if (!rs->sr_matched) rs->sr_matched = match; break;
case REWRITE_REGEXEC_UNWILLING:
case REWRITE_REGEXEC_ERR:
break;
}
}
dc.conn = op->o_conn;
dc.rs = rs;
dc.ctx = "matchedDn";
#else
struct berval dn, mdn;
if (match) {
ber_str2bv(match, 0, 0, &dn);
ldap_back_dn_massage(li, &dn, &mdn, 0, 0);
rs->sr_matched = mdn.bv_val;
}
dc.tofrom = 0;
dc.normalized = 0;
#endif
ber_str2bv(match, 0, 0, &dn);
ldap_back_dn_massage(&dc, &dn, &mdn);
rs->sr_matched = mdn.bv_val;
}
}
if (op->o_conn && (sendok || rs->sr_err != LDAP_SUCCESS)) {
......
servers/slapd/back-ldap/compare.c
View file @ 68c5f6fa
......@@ -52,9 +52,11 @@ ldap_back_compare(
{
struct ldapinfo *li = (struct ldapinfo *) op->o_bd->be_private;
struct ldapconn *lc;
struct berval mapped_oc, mapped_at;
struct berval mapped_at, mapped_val;
struct berval mdn = { 0, NULL };
ber_int_t msgid;
int freeval = 0;
dncookie dc;
lc = ldap_back_getconn(op, rs);
if (!lc || !ldap_back_dobind( lc, op, rs ) ) {
......@@ -64,55 +66,46 @@ ldap_back_compare(
/*
* Rewrite the compare dn, if needed
*/
dc.li = li;
#ifdef ENABLE_REWRITE
switch ( rewrite_session( li->rwinfo, "compareDn", op->o_req_dn.bv_val, op->o_conn, &mdn.bv_val ) ) {
case REWRITE_REGEXEC_OK:
if ( mdn.bv_val == NULL ) {
mdn.bv_val = ( char * )op->o_req_dn.bv_val;
}
#ifdef NEW_LOGGING
LDAP_LOG( BACK_LDAP, DETAIL1,
"[rw] compareDn: \"%s\" -> \"%s\"\n", op->o_req_dn.bv_val, mdn.bv_val, 0 );
#else /* !NEW_LOGGING */
Debug( LDAP_DEBUG_ARGS, "rw> compareDn: \"%s\" -> \"%s\"\n%s",
op->o_req_dn.bv_val, mdn.bv_val, "" );
#endif /* !NEW_LOGGING */
break;
case REWRITE_REGEXEC_UNWILLING:
send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM,
"Operation not allowed" );
return( -1 );
case REWRITE_REGEXEC_ERR:
send_ldap_error( op, rs, LDAP_OTHER,
"Rewrite error" );
return( -1 );
dc.conn = op->o_conn;
dc.rs = rs;
dc.ctx = "compareDn";
#else
dc.tofrom = 1;
dc.normalized = 0;
#endif
if ( ldap_back_dn_massage( &dc, &op->o_req_dn, &mdn ) ) {
send_ldap_result( op, rs );
return -1;
}
#else /* !ENABLE_REWRITE */
ldap_back_dn_massage( li, &op->o_req_dn, &mdn, 0, 1 );
if ( mdn.bv_val == NULL ) {
return -1;
}
#endif /* !ENABLE_REWRITE */
if ( op->oq_compare.rs_ava->aa_desc == slap_schema.si_ad_objectClass ) {
ldap_back_map(&li->oc_map, &op->oq_compare.rs_ava->aa_desc->ad_cname, &mapped_oc,
ldap_back_map(&li->oc_map, &op->orc_ava->aa_value, &mapped_val,
BACKLDAP_MAP);
if (mapped_oc.bv_val == NULL || mapped_oc.bv_val[0] == '\0') {
if (mapped_val.bv_val == NULL || mapped_val.bv_val[0] == '\0') {
return( -1 );
}
mapped_at = op->orc_ava->aa_desc->ad_cname;
} else {
ldap_back_map(&li->at_map, &op->oq_compare.rs_ava->aa_value, &mapped_at,
ldap_back_map(&li->at_map, &op->orc_ava->aa_desc->ad_cname, &mapped_at,
BACKLDAP_MAP);
if (mapped_at.bv_val == NULL || mapped_at.bv_val[0] == '\0') {
return( -1 );
}
if (op->orc_ava->aa_desc->ad_type->sat_syntax == slap_schema.si_syn_distinguishedName ) {
#ifdef ENABLE_REWRITE
dc.ctx = "dnAttr";
#endif
ldap_back_dn_massage( &dc, &op->orc_ava->aa_value, &mapped_val );
if (mapped_val.bv_val == NULL || mapped_val.bv_val[0] == '\0') {
mapped_val = op->orc_ava->aa_value;
}
}
}
rs->sr_err = ldap_compare_ext( lc->ld, mdn.bv_val, mapped_oc.bv_val,
&mapped_at, op->o_ctrls, NULL, &msgid );
rs->sr_err = ldap_compare_ext( lc->ld, mdn.bv_val, mapped_at.bv_val,
&mapped_val, op->o_ctrls, NULL, &msgid );
if ( mdn.bv_val != op->o_req_dn.bv_val ) {
free( mdn.bv_val );
......
servers/slapd/back-ldap/delete.c
View file @ 68c5f6fa
......@@ -53,6 +53,7 @@ ldap_back_delete(
struct ldapinfo *li = (struct ldapinfo *) op->o_bd->be_private;
struct ldapconn *lc;
ber_int_t msgid;
dncookie dc;
struct berval mdn = { 0, NULL };
......@@ -65,34 +66,19 @@ ldap_back_delete(
/*
* Rewrite the request dn, if needed
*/
dc.li = li;
#ifdef ENABLE_REWRITE
switch ( rewrite_session( li->rwinfo, "deleteDn", op->o_req_dn.bv_val, op->o_conn, &mdn.bv_val ) ) {
case REWRITE_REGEXEC_OK:
if ( mdn.bv_val == NULL ) {
mdn.bv_val = ( char * )op->o_req_dn.bv_val;
}
#ifdef NEW_LOGGING
LDAP_LOG( BACK_LDAP, DETAIL1,
"[rw] deleteDn: \"%s\" -> \"%s\"\n", op->o_req_dn.bv_val, mdn.bv_val, 0 );
#else /* !NEW_LOGGING */
Debug( LDAP_DEBUG_ARGS, "rw> deleteDn: \"%s\" -> \"%s\"\n%s",
op->o_req_dn.bv_val, mdn.bv_val, "" );
#endif /* !NEW_LOGGING */
break;
case REWRITE_REGEXEC_UNWILLING:
send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM,
"Operation not allowed" );
return( -1 );
case REWRITE_REGEXEC_ERR:
send_ldap_error( op, rs, LDAP_OTHER,
"Rewrite error" );
return( -1 );
dc.conn = op->o_conn;
dc.rs = rs;
dc.ctx = "deleteDn";
#else
dc.tofrom = 1;
dc.normalized = 0;
#endif
if ( ldap_back_dn_massage( &dc, &op->o_req_dn, &mdn ) ) {
send_ldap_result( op, rs );
return -1;
}
#else /* !ENABLE_REWRITE */
ldap_back_dn_massage( li, &op->o_req_dn, &mdn, 0, 1 );
#endif /* !ENABLE_REWRITE */
rs->sr_err = ldap_delete_ext( lc->ld, mdn.bv_val, op->o_ctrls,
NULL, &msgid );
......
servers/slapd/back-ldap/extended.c
View file @ 68c5f6fa
......@@ -55,6 +55,7 @@ ldap_back_exop_passwd(
LDAPMessage *res;
ber_int_t msgid;
int rc;
dncookie dc;
lc = ldap_back_getconn(op, rs);
if (!lc || !ldap_back_dobind(lc, op, rs) ) {
......@@ -84,35 +85,19 @@ ldap_back_exop_passwd(
return LDAP_UNWILLING_TO_PERFORM;
}
if (id.bv_len) {
dc.li = li;
#ifdef ENABLE_REWRITE
switch ( rewrite_session( li->rwinfo, "modifyPwd", dn.bv_val, op->o_conn, &mdn.bv_val ) ) {
case REWRITE_REGEXEC_OK:
if ( mdn.bv_val == NULL ) {
mdn.bv_val = dn.bv_val;
}
mdn.bv_len = strlen(mdn.bv_val);
#ifdef NEW_LOGGING
LDAP_LOG( BACK_LDAP, DETAIL1,
"[rw] modifyPwd: \"%s\" -> \"%s\"\n", dn.bv_val, mdn.bv_val, 0 );
#else /* !NEW_LOGGING */
Debug( LDAP_DEBUG_ARGS, "rw> modifyPwd: \"%s\" -> \"%s\"\n%s",
dn.bv_val, mdn.bv_val, "" );
#endif /* !NEW_LOGGING */