Commit 68c5f6fa authored by Howard Chu's avatar Howard Chu
Browse files

Cleanup ENABLE_REWRITE ifdefs, put into a new ldap_back_dn_massage().

All DN attrs are massaged, whether or not ENABLE_REWRITE is defined.
Use "dnAttr" rewriteContext for Add, Compare, & Modify.
Fixed ldap_back_compare.
parent 45d77aea
...@@ -58,6 +58,7 @@ ldap_back_add( ...@@ -58,6 +58,7 @@ ldap_back_add(
struct berval mapped; struct berval mapped;
struct berval mdn = { 0, NULL }; struct berval mdn = { 0, NULL };
ber_int_t msgid; ber_int_t msgid;
dncookie dc;
#ifdef NEW_LOGGING #ifdef NEW_LOGGING
LDAP_LOG( BACK_LDAP, ENTRY, "ldap_back_add: %s\n", op->o_req_dn.bv_val, 0, 0 ); LDAP_LOG( BACK_LDAP, ENTRY, "ldap_back_add: %s\n", op->o_req_dn.bv_val, 0, 0 );
...@@ -73,37 +74,19 @@ ldap_back_add( ...@@ -73,37 +74,19 @@ ldap_back_add(
/* /*
* Rewrite the add dn, if needed * Rewrite the add dn, if needed
*/ */
dc.li = li;
#ifdef ENABLE_REWRITE #ifdef ENABLE_REWRITE
switch (rewrite_session( li->rwinfo, "addDn", op->o_req_dn.bv_val, op->o_conn, dc.conn = op->o_conn;
&mdn.bv_val )) { dc.rs = rs;
case REWRITE_REGEXEC_OK: dc.ctx = "addDn";
if ( mdn.bv_val != NULL && mdn.bv_val[ 0 ] != '\0' ) { #else
mdn.bv_len = strlen( mdn.bv_val ); dc.tofrom = 1;
} else { dc.normalized = 0;
mdn = op->o_req_dn; #endif
} if ( ldap_back_dn_massage( &dc, &op->o_req_dn, &mdn ) ) {
#ifdef NEW_LOGGING send_ldap_result( op, rs );
LDAP_LOG( BACK_LDAP, DETAIL1, return -1;
"[rw] addDn: \"%s\" -> \"%s\"\n", op->o_req_dn.bv_val, mdn.bv_val, 0 );
#else /* !NEW_LOGGING */
Debug( LDAP_DEBUG_ARGS, "rw> addDn: \"%s\" -> \"%s\"\n%s",
op->o_req_dn.bv_val, mdn.bv_val, "" );
#endif /* !NEW_LOGGING */
break;
case REWRITE_REGEXEC_UNWILLING:
send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM,
"Operation not allowed" );
return( -1 );
case REWRITE_REGEXEC_ERR:
send_ldap_error( op, rs, LDAP_OTHER,
"Rewrite error" );
return( -1 );
} }
#else /* !ENABLE_REWRITE */
ldap_back_dn_massage( li, &op->o_req_dn, &mdn, 0, 1 );
#endif /* !ENABLE_REWRITE */
/* Count number of attributes in entry */ /* Count number of attributes in entry */
for (i = 1, a = op->oq_add.rs_e->e_attrs; a; i++, a = a->a_next) for (i = 1, a = op->oq_add.rs_e->e_attrs; a; i++, a = a->a_next)
...@@ -113,25 +96,6 @@ ldap_back_add( ...@@ -113,25 +96,6 @@ ldap_back_add(
attrs = (LDAPMod **)ch_malloc(sizeof(LDAPMod *)*i); attrs = (LDAPMod **)ch_malloc(sizeof(LDAPMod *)*i);
for (i=0, a=op->oq_add.rs_e->e_attrs; a; a=a->a_next) { for (i=0, a=op->oq_add.rs_e->e_attrs; a; a=a->a_next) {
/*
* lastmod should always be <off>, so that
* creation/modification operational attrs
* of the target directory are used, if available
*/
#if 0
if ( !strcasecmp( a->a_desc->ad_cname.bv_val,
slap_schema.si_ad_creatorsName->ad_cname.bv_val )
|| !strcasecmp( a->a_desc->ad_cname.bv_val,
slap_schema.si_ad_createTimestamp->ad_cname.bv_val )
|| !strcasecmp( a->a_desc->ad_cname.bv_val,
slap_schema.si_ad_modifiersName->ad_cname.bv_val )
|| !strcasecmp( a->a_desc->ad_cname.bv_val,
slap_schema.si_ad_modifyTimestamp->ad_cname.bv_val )
) {
continue;
}
#endif
if ( a->a_desc->ad_type->sat_no_user_mod ) { if ( a->a_desc->ad_type->sat_no_user_mod ) {
continue; continue;
} }
...@@ -150,20 +114,14 @@ ldap_back_add( ...@@ -150,20 +114,14 @@ ldap_back_add(
attrs[i]->mod_op = LDAP_MOD_BVALUES; attrs[i]->mod_op = LDAP_MOD_BVALUES;
attrs[i]->mod_type = mapped.bv_val; attrs[i]->mod_type = mapped.bv_val;
#ifdef ENABLE_REWRITE if ( a->a_desc->ad_type->sat_syntax ==
/* slap_schema.si_syn_distinguishedName ) {
* FIXME: dn-valued attrs should be rewritten
* to allow their use in ACLs at back-ldap level.
*/
if ( strcmp( a->a_desc->ad_type->sat_syntax->ssyn_oid,
SLAPD_DN_SYNTAX ) == 0 ) {
/* /*
* FIXME: rewrite could fail; in this case * FIXME: rewrite could fail; in this case
* the operation should give up, right? * the operation should give up, right?
*/ */
(void)ldap_dnattr_rewrite( li->rwinfo, a->a_vals, op->o_conn ); (void)ldap_dnattr_rewrite( &dc, a->a_vals );
} }
#endif /* ENABLE_REWRITE */
for (j=0; a->a_vals[j].bv_val; j++); for (j=0; a->a_vals[j].bv_val; j++);
attrs[i]->mod_vals.modv_bvals = ch_malloc((j+1)*sizeof(struct berval *)); attrs[i]->mod_vals.modv_bvals = ch_malloc((j+1)*sizeof(struct berval *));
...@@ -188,59 +146,26 @@ ldap_back_add( ...@@ -188,59 +146,26 @@ ldap_back_add(
return ldap_back_op_result( lc, op, rs, msgid, 1 ) != LDAP_SUCCESS; return ldap_back_op_result( lc, op, rs, msgid, 1 ) != LDAP_SUCCESS;
} }
#ifdef ENABLE_REWRITE
int int
ldap_dnattr_rewrite( ldap_dnattr_rewrite(
struct rewrite_info *rwinfo, dncookie *dc,
BerVarray a_vals, BerVarray a_vals
void *cookie
) )
{ {
char *mattr; struct berval bv;
#ifdef ENABLE_REWRITE
dc->ctx="dnAttr";
#endif
for ( ; a_vals->bv_val != NULL; a_vals++ ) { for ( ; a_vals->bv_val != NULL; a_vals++ ) {
switch ( rewrite_session( rwinfo, "bindDn", a_vals->bv_val, ldap_back_dn_massage( dc, a_vals, &bv );
cookie, &mattr )) {
case REWRITE_REGEXEC_OK:
if ( mattr == NULL ) {
/* no substitution */
continue;
}
#ifdef NEW_LOGGING
LDAP_LOG( BACK_LDAP, DETAIL1,
"[rw] bindDn (in add of dn-valued"
" attr): \"%s\" -> \"%s\"\n", a_vals->bv_val, mattr, 0 );
#else /* !NEW_LOGGING */
Debug( LDAP_DEBUG_ARGS,
"rw> bindDn (in add of dn-valued attr):"
" \"%s\" -> \"%s\"\n%s",
a_vals->bv_val, mattr, "" );
#endif /* !NEW_LOGGING */
/* /* leave attr untouched if massage failed */
* FIXME: replacing server-allocated memory if ( bv.bv_val && bv.bv_val != a_vals->bv_val ) {
* (ch_malloc) with librewrite allocated memory
* (malloc)
*/
ch_free( a_vals->bv_val ); ch_free( a_vals->bv_val );
a_vals->bv_val = mattr; *a_vals = bv;
a_vals->bv_len = strlen( mattr );
break;
case REWRITE_REGEXEC_UNWILLING:
case REWRITE_REGEXEC_ERR:
/*
* FIXME: better give up,
* skip the attribute
* or leave it untouched?
*/
break;
} }
} }
return 0; return 0;
} }
#endif /* ENABLE_REWRITE */
...@@ -98,8 +98,21 @@ int ldap_back_op_result(struct ldapconn *lc, Operation *op, SlapReply *rs, ...@@ -98,8 +98,21 @@ int ldap_back_op_result(struct ldapconn *lc, Operation *op, SlapReply *rs,
ber_int_t msgid, int sendok); ber_int_t msgid, int sendok);
int back_ldap_LTX_init_module(int argc, char *argv[]); int back_ldap_LTX_init_module(int argc, char *argv[]);
void ldap_back_dn_massage(struct ldapinfo *li, struct berval *dn, /* Whatever context ldap_back_dn_massage needs... */
struct berval *res, int normalized, int tofrom); typedef struct dncookie {
struct ldapinfo *li;
#ifdef ENABLE_REWRITE
Connection *conn;
char *ctx;
SlapReply *rs;
#else
int normalized;
int tofrom;
#endif
} dncookie;
int ldap_back_dn_massage(dncookie *dc, struct berval *dn,
struct berval *res);
extern int ldap_back_conn_cmp( const void *c1, const void *c2); extern int ldap_back_conn_cmp( const void *c1, const void *c2);
extern int ldap_back_conn_dup( void *c1, void *c2 ); extern int ldap_back_conn_dup( void *c1, void *c2 );
...@@ -157,8 +170,8 @@ ldap_back_filter_map_rewrite_( ...@@ -157,8 +170,8 @@ ldap_back_filter_map_rewrite_(
extern int suffix_massage_config( struct rewrite_info *info, extern int suffix_massage_config( struct rewrite_info *info,
struct berval *pvnc, struct berval *nvnc, struct berval *pvnc, struct berval *nvnc,
struct berval *prnc, struct berval *nrnc); struct berval *prnc, struct berval *nrnc);
extern int ldap_dnattr_rewrite( struct rewrite_info *rwinfo, BerVarray a_vals, void *cookie );
#endif /* ENABLE_REWRITE */ #endif /* ENABLE_REWRITE */
extern int ldap_dnattr_rewrite( dncookie *dc, BerVarray a_vals );
LDAP_END_DECL LDAP_END_DECL
......
...@@ -62,6 +62,7 @@ ldap_back_bind( ...@@ -62,6 +62,7 @@ ldap_back_bind(
struct berval mdn = { 0, NULL }; struct berval mdn = { 0, NULL };
int rc = 0; int rc = 0;
ber_int_t msgid; ber_int_t msgid;
dncookie dc;
lc = ldap_back_getconn(op, rs); lc = ldap_back_getconn(op, rs);
if ( !lc ) { if ( !lc ) {
...@@ -71,40 +72,19 @@ ldap_back_bind( ...@@ -71,40 +72,19 @@ ldap_back_bind(
/* /*
* Rewrite the bind dn if needed * Rewrite the bind dn if needed
*/ */
dc.li = li;
#ifdef ENABLE_REWRITE #ifdef ENABLE_REWRITE
switch ( rewrite_session( li->rwinfo, "bindDn", dc.conn = op->o_conn;
op->o_req_dn.bv_val, dc.rs = rs;
op->o_conn, &mdn.bv_val ) ) { dc.ctx = "bindDn";
case REWRITE_REGEXEC_OK: #else
if ( mdn.bv_val == NULL ) { dc.tofrom = 1;
mdn = op->o_req_dn; dc.normalized = 0;
} else { #endif
mdn.bv_len = strlen( mdn.bv_val ); if ( ldap_back_dn_massage( &dc, &op->o_req_dn, &mdn ) ) {
} send_ldap_result( op, rs );
return -1;
#ifdef NEW_LOGGING
LDAP_LOG( BACK_LDAP, DETAIL1,
"[rw] bindDn: \"%s\" -> \"%s\"\n",
op->o_req_dn.bv_val, mdn.bv_val, 0 );
#else /* !NEW_LOGGING */
Debug( LDAP_DEBUG_ARGS, "rw> bindDn: \"%s\" -> \"%s\"\n",
op->o_req_dn.bv_val, mdn.bv_val, 0 );
#endif /* !NEW_LOGGING */
break;
case REWRITE_REGEXEC_UNWILLING:
send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM,
"Operation not allowed" );
return( -1 );
case REWRITE_REGEXEC_ERR:
send_ldap_error( op, rs, LDAP_OTHER,
"Rewrite error" );
return( -1 );
} }
#else /* !ENABLE_REWRITE */
ldap_back_dn_massage( li, &op->o_req_dn, &mdn, 0, 1 );
#endif /* !ENABLE_REWRITE */
if ( lc->bound_dn.bv_val ) { if ( lc->bound_dn.bv_val ) {
ch_free( lc->bound_dn.bv_val ); ch_free( lc->bound_dn.bv_val );
...@@ -276,7 +256,7 @@ ldap_back_getconn(Operation *op, SlapReply *rs) ...@@ -276,7 +256,7 @@ ldap_back_getconn(Operation *op, SlapReply *rs)
/* Looks like we didn't get a bind. Open a new session... */ /* Looks like we didn't get a bind. Open a new session... */
if (!lc) { if (!lc) {
int vers = op->o_conn->c_protocol; int vers = op->o_protocol;
rs->sr_err = ldap_initialize(&ld, li->url); rs->sr_err = ldap_initialize(&ld, li->url);
if (rs->sr_err != LDAP_SUCCESS) { if (rs->sr_err != LDAP_SUCCESS) {
...@@ -284,7 +264,7 @@ ldap_back_getconn(Operation *op, SlapReply *rs) ...@@ -284,7 +264,7 @@ ldap_back_getconn(Operation *op, SlapReply *rs)
if (rs->sr_text == NULL) { if (rs->sr_text == NULL) {
rs->sr_text = "ldap_initialize() failed"; rs->sr_text = "ldap_initialize() failed";
} }
send_ldap_result( op, rs ); if (op->o_conn) send_ldap_result( op, rs );
rs->sr_text = NULL; rs->sr_text = NULL;
return( NULL ); return( NULL );
} }
...@@ -320,67 +300,37 @@ ldap_back_getconn(Operation *op, SlapReply *rs) ...@@ -320,67 +300,37 @@ ldap_back_getconn(Operation *op, SlapReply *rs)
} else { } else {
lc->cred.bv_len = 0; lc->cred.bv_len = 0;
lc->cred.bv_val = NULL; lc->cred.bv_val = NULL;
lc->bound_dn.bv_val = NULL;
lc->bound_dn.bv_len = 0;
if ( op->o_conn->c_dn.bv_len != 0 if ( op->o_conn->c_dn.bv_len != 0
&& ( op->o_bd == op->o_conn->c_authz_backend ) ) { && ( op->o_bd == op->o_conn->c_authz_backend ) ) {
dncookie dc;
struct berval bv;
/* /*
* Rewrite the bind dn if needed * Rewrite the bind dn if needed
*/ */
#ifdef ENABLE_REWRITE dc.li = li;
lc->bound_dn.bv_val = NULL; #ifdef ENABLE_REWRITE
lc->bound_dn.bv_len = 0; dc.conn = op->o_conn;
switch ( rewrite_session( li->rwinfo, "bindDn", dc.rs = rs;
op->o_conn->c_dn.bv_val, dc.ctx = "bindDn";
op->o_conn, #else
&lc->bound_dn.bv_val ) ) { dc.tofrom = 1;
case REWRITE_REGEXEC_OK: dc.normalized = 0;
if ( lc->bound_dn.bv_val == NULL ) { #endif
ber_dupbv( &lc->bound_dn,
&op->o_conn->c_dn ); if ( ldap_back_dn_massage( &dc, &op->o_conn->c_dn, &bv ) ) {
} else { if (op->o_conn) send_ldap_result( op, rs );
lc->bound_dn.bv_len = strlen( lc->bound_dn.bv_val ); return NULL;
}
#ifdef NEW_LOGGING
LDAP_LOG( BACK_LDAP, DETAIL1,
"[rw] bindDn: \"%s\" ->"
" \"%s\"\n",
op->o_conn->c_dn.bv_val,
lc->bound_dn.bv_val, 0 );
#else /* !NEW_LOGGING */
Debug( LDAP_DEBUG_ARGS,
"rw> bindDn: \"%s\" ->"
" \"%s\"\n",
op->o_conn->c_dn.bv_val,
lc->bound_dn.bv_val, 0 );
#endif /* !NEW_LOGGING */
break;
case REWRITE_REGEXEC_UNWILLING:
send_ldap_error( op, rs,
LDAP_UNWILLING_TO_PERFORM,
"Operation not allowed" );
return( NULL );
case REWRITE_REGEXEC_ERR:
send_ldap_error( op, rs,
LDAP_OTHER,
"Rewrite error" );
return( NULL );
} }
#else /* !ENABLE_REWRITE */
struct berval bv;
ldap_back_dn_massage( li, &op->o_conn->c_dn, &bv, 0, 1 );
if ( bv.bv_val == op->o_conn->c_dn.bv_val ) { if ( bv.bv_val == op->o_conn->c_dn.bv_val ) {
ber_dupbv( &lc->bound_dn, &bv ); ber_dupbv( &lc->bound_dn, &bv );
} else { } else {
lc->bound_dn = bv; lc->bound_dn = bv;
} }
#endif /* !ENABLE_REWRITE */
} else {
lc->bound_dn.bv_val = NULL;
lc->bound_dn.bv_len = 0;
} }
} }
...@@ -408,8 +358,10 @@ ldap_back_getconn(Operation *op, SlapReply *rs) ...@@ -408,8 +358,10 @@ ldap_back_getconn(Operation *op, SlapReply *rs)
/* Err could be -1 in case a duplicate ldapconn is inserted */ /* Err could be -1 in case a duplicate ldapconn is inserted */
if ( rs->sr_err != 0 ) { if ( rs->sr_err != 0 ) {
ldap_back_conn_free( lc ); ldap_back_conn_free( lc );
send_ldap_error( op, rs, LDAP_OTHER, if (op->o_conn) {
"internal server error" ); send_ldap_error( op, rs, LDAP_OTHER,
"internal server error" );
}
return( NULL ); return( NULL );
} }
} else { } else {
...@@ -546,27 +498,23 @@ ldap_back_op_result(struct ldapconn *lc, Operation *op, SlapReply *rs, ...@@ -546,27 +498,23 @@ ldap_back_op_result(struct ldapconn *lc, Operation *op, SlapReply *rs,
rs->sr_err = ldap_back_map_result(rs); rs->sr_err = ldap_back_map_result(rs);
/* internal ops must not reply to client */ /* internal ops must not reply to client */
if ( op->o_conn && !op->o_do_not_cache ) { if ( op->o_conn && !op->o_do_not_cache && match ) {
struct berval dn, mdn;
dncookie dc;
dc.li = li;
#ifdef ENABLE_REWRITE #ifdef ENABLE_REWRITE
if (match) { dc.conn = op->o_conn;
dc.rs = rs;
switch(rewrite_session(li->rwinfo, "matchedDn", match, op->o_conn, dc.ctx = "matchedDn";
(char **)&rs->sr_matched)) {
case REWRITE_REGEXEC_OK:
if (!rs->sr_matched) rs->sr_matched = match; break;
case REWRITE_REGEXEC_UNWILLING:
case REWRITE_REGEXEC_ERR:
break;
}
}
#else #else
struct berval dn, mdn; dc.tofrom = 0;
if (match) { dc.normalized = 0;
ber_str2bv(match, 0, 0, &dn);
ldap_back_dn_massage(li, &dn, &mdn, 0, 0);
rs->sr_matched = mdn.bv_val;
}
#endif #endif
ber_str2bv(match, 0, 0, &dn);
ldap_back_dn_massage(&dc, &dn, &mdn);
rs->sr_matched = mdn.bv_val;
} }
} }
if (op->o_conn && (sendok || rs->sr_err != LDAP_SUCCESS)) { if (op->o_conn && (sendok || rs->sr_err != LDAP_SUCCESS)) {
......
...@@ -52,9 +52,11 @@ ldap_back_compare( ...@@ -52,9 +52,11 @@ ldap_back_compare(
{ {
struct ldapinfo *li = (struct ldapinfo *) op->o_bd->be_private; struct ldapinfo *li = (struct ldapinfo *) op->o_bd->be_private;
struct ldapconn *lc; struct ldapconn *lc;
struct berval mapped_oc, mapped_at; struct berval mapped_at, mapped_val;
struct berval mdn = { 0, NULL }; struct berval mdn = { 0, NULL };
ber_int_t msgid; ber_int_t msgid;
int freeval = 0;
dncookie dc;
lc = ldap_back_getconn(op, rs); lc = ldap_back_getconn(op, rs);
if (!lc || !ldap_back_dobind( lc, op, rs ) ) { if (!lc || !ldap_back_dobind( lc, op, rs ) ) {
...@@ -64,55 +66,46 @@ ldap_back_compare( ...@@ -64,55 +66,46 @@ ldap_back_compare(
/* /*
* Rewrite the compare dn, if needed * Rewrite the compare dn, if needed
*/ */
dc.li = li;
#ifdef ENABLE_REWRITE #ifdef ENABLE_REWRITE
switch ( rewrite_session( li->rwinfo, "compareDn", op->o_req_dn.bv_val, op->o_conn, &mdn.bv_val ) ) { dc.conn = op->o_conn;
case REWRITE_REGEXEC_OK: dc.rs = rs;
if ( mdn.bv_val == NULL ) { dc.ctx = "compareDn";
mdn.bv_val = ( char * )op->o_req_dn.bv_val; #else
} dc.tofrom = 1;
#ifdef NEW_LOGGING dc.normalized = 0;
LDAP_LOG( BACK_LDAP, DETAIL1, #endif
"[rw] compareDn: \"%s\" -> \"%s\"\n", op->o_req_dn.bv_val, mdn.bv_val, 0 ); if ( ldap_back_dn_massage( &dc, &op->o_req_dn, &mdn ) ) {
#else /* !NEW_LOGGING */ send_ldap_result( op, rs );
Debug( LDAP_DEBUG_ARGS, "rw> compareDn: \"%s\" -> \"%s\"\n%s", return -1;
op->o_req_dn.bv_val, mdn.bv_val, "" );
#endif /* !NEW_LOGGING */
break;
case REWRITE_REGEXEC_UNWILLING:
send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM,
"Operation not allowed" );
return( -1 );
case REWRITE_REGEXEC_ERR:
send_ldap_error( op, rs, LDAP_OTHER,
"Rewrite error" );
return( -1 );
} }
#else /* !ENABLE_REWRITE */
ldap_back_dn_massage( li, &op->o_req_dn, &mdn, 0, 1 );
if ( mdn.bv_val == NULL ) {
return -1;
}
#endif /* !ENABLE_REWRITE */
if ( op->oq_compare.rs_ava->aa_desc == slap_schema.si_ad_objectClass ) { if ( op->oq_compare.rs_ava->aa_desc == slap_schema.si_ad_objectClass ) {
ldap_back_map(&li->oc_map, &op->oq_compare.rs_ava->aa_desc->ad_cname, &mapped_oc, ldap_back_map(&li->oc_map, &op->orc_ava->aa_value, &mapped_val,
BACKLDAP_MAP); BACKLDAP_MAP);
if (mapped_oc.bv_val == NULL || mapped_oc.bv_val[0] == '\0') { if (mapped_val.bv_val == NULL || mapped_val.bv_val[0] == '\0') {
return( -1 ); return( -1 );
} }
mapped_at = op->orc_ava->aa_desc->ad_cname;
} else { } else {
ldap_back_map(&li->at_map, &op->oq_compare.rs_ava->aa_value, &mapped_at, ldap_back_map(&li->at_map, &op->orc_ava->aa_desc->ad_cname, &mapped_at,
BACKLDAP_MAP); BACKLDAP_MAP);
if (mapped_at.bv_val == NULL || mapped_at.bv_val[0] == '\0') { if (mapped_at.bv_val == NULL || mapped_at.bv_val[0] == '\0') {
return( -1 ); return( -1 );
} }