Commit bc9a9286 authored by Quanah Gibson-Mount's avatar Quanah Gibson-Mount
Browse files

ITS#6740 - Always enable rewrite

parent 1f4d4c95
......@@ -268,7 +268,6 @@ OL_ARG_ENABLE(cleartext,[ --enable-cleartext enable cleartext passwords], y
OL_ARG_ENABLE(crypt,[ --enable-crypt enable crypt(3) passwords], no)dnl
OL_ARG_ENABLE(spasswd,[ --enable-spasswd enable (Cyrus) SASL password verification], no)dnl
OL_ARG_ENABLE(modules,[ --enable-modules enable dynamic module support], no)dnl
OL_ARG_ENABLE(rewrite,[ --enable-rewrite enable DN rewriting in back-ldap and rwm overlay], auto)dnl
OL_ARG_ENABLE(rlookups,[ --enable-rlookups enable reverse lookups of client hostnames], no)dnl
OL_ARG_ENABLE(slapi,[ --enable-slapi enable SLAPI support (experimental)], no)dnl
OL_ARG_ENABLE(slp,[ --enable-slp enable SLPv2 support], no)dnl
......@@ -439,9 +438,6 @@ if test $ol_enable_slapd = no ; then
if test $ol_enable_aci != no ; then
AC_MSG_WARN([slapd disabled, ignoring --enable-aci argument])
fi
if test $ol_enable_rewrite = yes ; then
AC_MSG_WARN([slapd disabled, ignoring --enable-rewrite argument])
fi
dnl overlays
case "$ol_enable_overlays" in yes | mod)
AC_MSG_WARN([slapd disabled, ignoring --enable-overlays argument])
......@@ -465,8 +461,6 @@ if test $ol_enable_slapd = no ; then
ol_enable_aci=no
ol_enable_wrappers=no
ol_enable_rewrite=no
elif test $ol_enable_modules != yes &&
test $ol_enable_dnssrv = no &&
test $ol_enable_ldap = no &&
......@@ -524,7 +518,6 @@ SLAPD_LIBS=
BUILD_SLAPD=no
BUILD_REWRITE=no
BUILD_THREAD=no
BUILD_SLAPI=no
......@@ -2571,7 +2564,6 @@ fi
if test "$ol_enable_meta" != no ; then
BUILD_SLAPD=yes
BUILD_META=$ol_enable_meta
BUILD_REWRITE=yes
if test "$ol_enable_meta" = mod ; then
SLAPD_DYNAMIC_BACKENDS="$SLAPD_DYNAMIC_BACKENDS back-meta"
MFLAG=SLAPD_MOD_DYNAMIC
......@@ -2585,7 +2577,6 @@ fi
if test "$ol_enable_asyncmeta" != no ; then
BUILD_SLAPD=yes
BUILD_ASYNCMETA=$ol_enable_asyncmeta
BUILD_REWRITE=yes
if test "$ol_enable_asyncmeta" = mod ; then
SLAPD_DYNAMIC_BACKENDS="$SLAPD_DYNAMIC_BACKENDS back-asyncmeta"
MFLAG=SLAPD_MOD_DYNAMIC
......@@ -2889,7 +2880,6 @@ if test "$ol_enable_retcode" != no ; then
fi
if test "$ol_enable_rwm" != no ; then
BUILD_REWRITE=yes
BUILD_RWM=$ol_enable_rwm
if test "$ol_enable_rwm" = mod ; then
MFLAG=SLAPD_MOD_DYNAMIC
......@@ -2973,11 +2963,6 @@ if test "$ol_enable_valsort" != no ; then
AC_DEFINE_UNQUOTED(SLAPD_OVER_VALSORT,$MFLAG,[define for Value Sorting overlay])
fi
if test "$ol_enable_rewrite" != no ; then
AC_DEFINE(ENABLE_REWRITE,1,[define to enable rewriting in back-ldap and back-meta])
BUILD_REWRITE=yes
fi
if test "$ol_enable_slapi" != no ; then
AC_DEFINE(ENABLE_SLAPI,1,[define to enable slapi library])
BUILD_SLAPI=yes
......@@ -3004,7 +2989,6 @@ AC_SUBST(WITH_SASL)
AC_SUBST(WITH_TLS)
AC_SUBST(WITH_MODULES_ENABLED)
AC_SUBST(WITH_ACI_ENABLED)
AC_SUBST(BUILD_REWRITE)
AC_SUBST(BUILD_THREAD)
AC_SUBST(BUILD_LIBS_DYNAMIC)
......
......@@ -60,13 +60,7 @@ struct ldaprwmap {
/*
* DN rewriting
*/
#ifdef ENABLE_REWRITE
struct rewrite_info *rwm_rw;
#else /* !ENABLE_REWRITE */
/* some time the suffix massaging without librewrite
* will be disabled */
BerVarray rwm_suffix_massage;
#endif /* !ENABLE_REWRITE */
BerVarray rwm_bva_rewrite;
/*
......@@ -81,14 +75,9 @@ struct ldaprwmap {
typedef struct dncookie {
struct metatarget_t *target;
#ifdef ENABLE_REWRITE
Connection *conn;
char *ctx;
SlapReply *rs;
#else
int normalized;
int tofrom;
#endif
} dncookie;
int ldap_back_dn_massage(dncookie *dc, struct berval *dn,
......@@ -133,14 +122,12 @@ ldap_back_filter_map_rewrite(
void *memctx );
/* suffix massaging by means of librewrite */
#ifdef ENABLE_REWRITE
extern int
suffix_massage_config( struct rewrite_info *info,
struct berval *pvnc,
struct berval *nvnc,
struct berval *prnc,
struct berval *nrnc );
#endif /* ENABLE_REWRITE */
extern int
ldap_back_referral_result_rewrite(
dncookie *dc,
......
......@@ -3200,7 +3200,6 @@ error_return:;
}
#ifdef ENABLE_REWRITE
static char *
suffix_massage_regexize( const char *s )
{
......@@ -3368,5 +3367,3 @@ suffix_massage_config(
return 0;
}
#endif /* ENABLE_REWRITE */
......@@ -280,9 +280,7 @@ map_attr_value(
{
dncookie fdc = *dc;
#ifdef ENABLE_REWRITE
fdc.ctx = "searchFilterAttrDN";
#endif
switch ( ldap_back_dn_massage( &fdc, value, &vtmp ) ) {
case LDAP_SUCCESS:
......@@ -684,7 +682,6 @@ ldap_back_filter_map_rewrite(
rc = ldap_back_int_filter_map_rewrite( dc, f, fstr, remap, memctx );
#ifdef ENABLE_REWRITE
if ( rc != LDAP_SUCCESS ) {
return rc;
}
......@@ -741,7 +738,6 @@ ldap_back_filter_map_rewrite(
ch_free( fstr->bv_val );
*fstr = ftmp;
}
#endif /* ENABLE_REWRITE */
return rc;
}
......
......@@ -1289,12 +1289,7 @@ really_bad:;
continue;
}
#ifdef ENABLE_REWRITE
dc.ctx = "referralDN";
#else /* ! ENABLE_REWRITE */
dc.tofrom = 0;
dc.normalized = 0;
#endif /* ! ENABLE_REWRITE */
/* FIXME: merge all and return at the end */
......
......@@ -58,7 +58,6 @@
#include "../back-ldap/back-ldap.h"
#include "back-meta.h"
#ifdef ENABLE_REWRITE
int
ldap_back_dn_massage(
dncookie *dc,
......@@ -109,85 +108,3 @@ ldap_back_dn_massage(
return rc;
}
#else
/*
* ldap_back_dn_massage
*
* Aliases the suffix; based on suffix_alias (servers/slapd/suffixalias.c).
*/
int
ldap_back_dn_massage(
dncookie *dc,
struct berval *odn,
struct berval *res
)
{
int i, src, dst;
struct berval pretty = {0,NULL}, *dn = odn;
assert( res != NULL );
if ( dn == NULL ) {
res->bv_val = NULL;
res->bv_len = 0;
return 0;
}
if ( dc->target->mt_rwmap.rwm_suffix_massage == NULL ) {
*res = *dn;
return 0;
}
if ( dc->tofrom ) {
src = 0 + dc->normalized;
dst = 2 + dc->normalized;
} else {
src = 2 + dc->normalized;
dst = 0 + dc->normalized;
/* DN from remote server may be in arbitrary form.
* Pretty it so we can parse reliably.
*/
dnPretty( NULL, dn, &pretty, NULL );
if (pretty.bv_val) dn = &pretty;
}
for ( i = 0;
dc->target->mt_rwmap.rwm_suffix_massage[i].bv_val != NULL;
i += 4 ) {
int aliasLength = dc->target->mt_rwmap.rwm_suffix_massage[i+src].bv_len;
int diff = dn->bv_len - aliasLength;
if ( diff < 0 ) {
/* alias is longer than dn */
continue;
} else if ( diff > 0 && ( !DN_SEPARATOR(dn->bv_val[diff-1]))) {
/* boundary is not at a DN separator */
continue;
/* At a DN Separator */
}
if ( !strcmp( dc->target->mt_rwmap.rwm_suffix_massage[i+src].bv_val, &dn->bv_val[diff] ) ) {
res->bv_len = diff + dc->target->mt_rwmap.rwm_suffix_massage[i+dst].bv_len;
res->bv_val = ch_malloc( res->bv_len + 1 );
strncpy( res->bv_val, dn->bv_val, diff );
strcpy( &res->bv_val[diff], dc->target->mt_rwmap.rwm_suffix_massage[i+dst].bv_val );
Debug( LDAP_DEBUG_ARGS,
"ldap_back_dn_massage:"
" converted \"%s\" to \"%s\"\n",
BER_BVISNULL( dn ) ? "" : dn->bv_val,
BER_BVISNULL( res ) ? "" : res->bv_val );
break;
}
}
if (pretty.bv_val) {
ch_free(pretty.bv_val);
dn = odn;
}
/* Nothing matched, just return the original DN */
if (res->bv_val == NULL) {
*res = *dn;
}
return 0;
}
#endif /* !ENABLE_REWRITE */
......@@ -331,11 +331,7 @@ static ConfigTable config_back_cf_table[] = {
"SYNTAX OMsDirectoryString X-ORDERED 'VALUES' )",
NULL, NULL },
{ "authid-rewrite", "rewrite", 2, 0, STRLENOF( "authid-rewrite" ),
#ifdef SLAP_AUTH_REWRITE
ARG_MAGIC|CFG_REWRITE, &config_generic,
#else
ARG_IGNORED, NULL,
#endif
"( OLcfgGlAt:6 NAME 'olcAuthIDRewrite' "
"EQUALITY caseIgnoreMatch "
"SYNTAX OMsDirectoryString X-ORDERED 'VALUES' )", NULL, NULL },
......@@ -1396,11 +1392,9 @@ config_generic(ConfigArgs *c) {
if ( !c->rvalue_vals ) rc = 1;
break;
#endif
#ifdef SLAP_AUTH_REWRITE
case CFG_REWRITE:
rc = slap_sasl_rewrite_unparse( &c->rvalue_vals );
break;
#endif
default:
rc = 1;
}
......@@ -1473,11 +1467,9 @@ config_generic(ConfigArgs *c) {
rc = slap_sasl_regexp_delete( c->valx );
break;
#ifdef SLAP_AUTH_REWRITE
case CFG_REWRITE:
rc = slap_sasl_rewrite_delete( c->valx );
break;
#endif /* SLAP_AUTH_REWRITE */
case CFG_SALT:
ch_free( passwd_salt );
......@@ -2426,7 +2418,6 @@ sortval_reject:
break;
#endif
#ifdef SLAP_AUTH_REWRITE
case CFG_REWRITE: {
int rc;
......@@ -2441,7 +2432,6 @@ sortval_reject:
}
return rc;
}
#endif
default:
......
......@@ -24,10 +24,6 @@
#ifndef RWM_H
#define RWM_H
#ifndef ENABLE_REWRITE
#error "librewrite must be enabled!"
#endif /* ENABLE_REWRITE */
/* String rewrite library */
#include "rewrite.h"
......
......@@ -1719,7 +1719,6 @@ LDAP_SLAPD_F (int) slap_sasl_regexp_config LDAP_P((
LDAP_SLAPD_F (void) slap_sasl_regexp_unparse LDAP_P(( BerVarray *bva ));
LDAP_SLAPD_F (int) slap_sasl_setpolicy LDAP_P(( const char * ));
LDAP_SLAPD_F (const char *) slap_sasl_getpolicy LDAP_P(( void ));
#ifdef SLAP_AUTH_REWRITE
LDAP_SLAPD_F (int) slap_sasl_rewrite_config LDAP_P((
const char *fname,
int lineno,
......@@ -1728,7 +1727,6 @@ LDAP_SLAPD_F (int) slap_sasl_rewrite_config LDAP_P((
int valx ));
LDAP_SLAPD_F (int) slap_sasl_rewrite_delete LDAP_P(( int valx ));
LDAP_SLAPD_F (int) slap_sasl_rewrite_unparse LDAP_P(( BerVarray *bva ));
#endif /* SLAP_AUTH_REWRITE */
LDAP_SLAPD_F (void) slap_sasl_regexp_destroy LDAP_P(( void ));
LDAP_SLAPD_F (int) slap_sasl_regexp_delete LDAP_P(( int valx ));
LDAP_SLAPD_F (int) authzValidate LDAP_P((
......
......@@ -28,9 +28,7 @@
#include "slap.h"
#ifdef ENABLE_REWRITE
#include <rewrite.h>
#endif
#ifdef HAVE_CYRUS_SASL
# ifdef HAVE_SASL_SASL_H
......@@ -1012,8 +1010,6 @@ static int chk_sasl(
#endif /* HAVE_CYRUS_SASL */
#ifdef ENABLE_REWRITE
typedef struct slapd_map_data {
struct berval base;
struct berval filter;
......@@ -1234,7 +1230,6 @@ static const rewrite_mapper slapd_mapper = {
slapd_rw_apply,
slapd_rw_destroy
};
#endif
int slap_sasl_init( void )
{
......@@ -1247,9 +1242,7 @@ int slap_sasl_init( void )
};
#endif
#ifdef ENABLE_REWRITE
rewrite_mapper_register( &slapd_mapper );
#endif
#ifdef HAVE_CYRUS_SASL
#ifdef HAVE_SASL_VERSION
......
......@@ -70,21 +70,15 @@
typedef struct sasl_regexp {
char *sr_match; /* regexp match pattern */
char *sr_replace; /* regexp replace pattern */
#ifndef SLAP_AUTH_REWRITE
regex_t sr_workspace; /* workspace for regexp engine */
int sr_offset[SASLREGEX_REPLACE+2]; /* offsets of $1,$2... in *replace */
#endif
} SaslRegexp_t;
static int nSaslRegexp = 0;
static SaslRegexp_t *SaslRegexp = NULL;
#ifdef SLAP_AUTH_REWRITE
#include "rewrite.h"
struct rewrite_info *sasl_rwinfo = NULL;
#define AUTHID_CONTEXT "authid"
static BerVarray authz_rewrites = NULL;
#endif /* SLAP_AUTH_REWRITE */
/* What SASL proxy authorization policies are allowed? */
#define SASL_AUTHZ_NONE 0x00
......@@ -1246,43 +1240,6 @@ done:
return( rc );
}
#ifndef SLAP_AUTH_REWRITE
static int slap_sasl_rx_off(char *rep, int *off)
{
const char *c;
int n;
/* Precompile replace pattern. Find the $<n> placeholders */
off[0] = -2;
n = 1;
for ( c = rep; *c; c++ ) {
if ( *c == '\\' && c[1] ) {
c++;
continue;
}
if ( *c == '$' ) {
if ( n == SASLREGEX_REPLACE ) {
Debug( LDAP_DEBUG_ANY,
"SASL replace pattern %s has too many $n "
"placeholders (max %d)\n",
rep, SASLREGEX_REPLACE );
return( LDAP_OTHER );
}
off[n] = c - rep;
n++;
}
}
/* Final placeholder, after the last $n */
off[n] = c - rep;
n++;
off[n] = -1;
return( LDAP_SUCCESS );
}
#endif /* ! SLAP_AUTH_REWRITE */
#ifdef SLAP_AUTH_REWRITE
static int slap_sasl_rewrite_config_argv(
const char *fname,
int lineno,
......@@ -1530,7 +1487,6 @@ out:
return rc;
}
#endif /* SLAP_AUTH_REWRITE */
int slap_sasl_regexp_config( const char *match, const char *replace, int valx )
{
......@@ -1541,7 +1497,6 @@ int slap_sasl_regexp_config( const char *match, const char *replace, int valx )
if ( valx < 0 || valx > nSaslRegexp )
valx = nSaslRegexp;
#ifdef SLAP_AUTH_REWRITE
for ( i = 0; i < valx; i++) {
rc = slap_sasl_regexp_rewrite_config( &rw, "sasl-regexp", 0,
SaslRegexp[i].sr_match,
......@@ -1552,18 +1507,6 @@ int slap_sasl_regexp_config( const char *match, const char *replace, int valx )
rc = slap_sasl_regexp_rewrite_config( &rw, "sasl-regexp", 0,
match, replace, AUTHID_CONTEXT );
#else /* ! SLAP_AUTH_REWRITE */
/* Precompile matching pattern */
rc = regcomp( &sr.sr_workspace, match, REG_EXTENDED|REG_ICASE );
if ( rc ) {
Debug( LDAP_DEBUG_ANY,
"SASL match pattern %s could not be compiled by regexp engine\n",
match );
return( LDAP_OTHER );
}
rc = slap_sasl_rx_off( replace, sr.sr_offset );
#endif /* ! SLAP_AUTH_REWRITE */
if ( rc == LDAP_SUCCESS ) {
SaslRegexp = (SaslRegexp_t *) ch_realloc( (char *) SaslRegexp,
......@@ -1579,7 +1522,6 @@ int slap_sasl_regexp_config( const char *match, const char *replace, int valx )
nSaslRegexp++;
#ifdef SLAP_AUTH_REWRITE
for ( i = valx + 1; i < nSaslRegexp; i++ ) {
rc = slap_sasl_regexp_rewrite_config( &rw, "sasl-regexp", 0,
SaslRegexp[i].sr_match,
......@@ -1592,7 +1534,6 @@ int slap_sasl_regexp_config( const char *match, const char *replace, int valx )
sasl_rwinfo = rw;
} else {
rewrite_info_delete( &rw );
#endif
}
return rc;
......@@ -1603,9 +1544,6 @@ slap_sasl_regexp_destroy_one( int n )
{
ch_free( SaslRegexp[ n ].sr_match );
ch_free( SaslRegexp[ n ].sr_replace );
#ifndef SLAP_AUTH_REWRITE
regfree( &SaslRegexp[ n ].sr_workspace );
#endif /* ! SLAP_AUTH_REWRITE */
}
void
......@@ -1623,9 +1561,7 @@ slap_sasl_regexp_destroy( void )
nSaslRegexp = 0;
}
#ifdef SLAP_AUTH_REWRITE
slap_sasl_rewrite_destroy();
#endif /* SLAP_AUTH_REWRITE */
}
int slap_sasl_regexp_delete( int valx )
......@@ -1646,7 +1582,6 @@ int slap_sasl_regexp_delete( int valx )
SaslRegexp[ i ] = SaslRegexp[ i + 1 ];
}
#ifdef SLAP_AUTH_REWRITE
slap_sasl_rewrite_destroy();
for ( i = 0; i < nSaslRegexp; i++ ) {
rc = slap_sasl_regexp_rewrite_config( &sasl_rwinfo, "sasl-regexp", 0,
......@@ -1655,7 +1590,6 @@ int slap_sasl_regexp_delete( int valx )
AUTHID_CONTEXT );
assert( rc == 0 );
}
#endif /* SLAP_AUTH_REWRITE */
}
return rc;
......@@ -1689,60 +1623,6 @@ void slap_sasl_regexp_unparse( BerVarray *out )
*out = bva;
}
#ifndef SLAP_AUTH_REWRITE
/* Perform replacement on regexp matches */
static void slap_sasl_rx_exp(
const char *rep,
const int *off,
regmatch_t *str,
const char *saslname,
struct berval *out,
void *ctx )
{
int i, n, len, insert;
/* Get the total length of the final URI */
n=1;
len = 0;
while( off[n] >= 0 ) {
/* Len of next section from replacement string (x,y,z above) */
len += off[n] - off[n-1] - 2;
if( off[n+1] < 0)
break;
/* Len of string from saslname that matched next $i (b,d above) */
i = rep[ off[n] + 1 ] - '0';
len += str[i].rm_eo - str[i].rm_so;
n++;
}
out->bv_val = slap_sl_malloc( len + 1, ctx );
out->bv_len = len;
/* Fill in URI with replace string, replacing $i as we go */
n=1;
insert = 0;
while( off[n] >= 0) {
/* Paste in next section from replacement string (x,y,z above) */
len = off[n] - off[n-1] - 2;
strncpy( out->bv_val+insert, rep + off[n-1] + 2, len);
insert += len;
if( off[n+1] < 0)
break;
/* Paste in string from saslname that matched next $i (b,d above) */
i = rep[ off[n] + 1 ] - '0';
len = str[i].rm_eo - str[i].rm_so;
strncpy( out->bv_val+insert, saslname + str[i].rm_so, len );
insert += len;
n++;
}
out->bv_val[insert] = '\0';
}
#endif /* ! SLAP_AUTH_REWRITE */
/* Take the passed in SASL name and attempt to convert it into an
LDAP URI to find the matching LDAP entry, using the pattern matching
strings given in the saslregexp config file directive(s) */
......@@ -1750,7 +1630,6 @@ static void slap_sasl_rx_exp(
static int slap_authz_regexp( struct berval *in, struct berval *out,
int flags, void *ctx )
{
#ifdef SLAP_AUTH_REWRITE
const char *context = AUTHID_CONTEXT;
if ( sasl_rwinfo == NULL || BER_BVISNULL( in ) ) {
......@@ -1783,44 +1662,6 @@ static int slap_authz_regexp( struct berval *in, struct berval *out,
return 0;
}
#else /* ! SLAP_AUTH_REWRITE */
char *saslname = in->bv_val;
SaslRegexp_t *reg;
regmatch_t sr_strings[SASLREGEX_REPLACE]; /* strings matching $1,$2 ... */
int i;
memset( out, 0, sizeof( *out ) );
Debug( LDAP_DEBUG_TRACE, "slap_authz_regexp: converting SASL name %s\n",
saslname );
if (( saslname == NULL ) || ( nSaslRegexp == 0 )) {
return( 0 );
}
/* Match the normalized SASL name to the saslregexp patterns */
for( reg = SaslRegexp,i=0; i<nSaslRegexp; i++,reg++ ) {
if ( regexec( &reg->sr_workspace, saslname, SASLREGEX_REPLACE,
sr_strings, 0) == 0 )
break;
}
if( i >= nSaslRegexp ) return( 0 );
/*
* The match pattern may have been of the form "a(b.*)c(d.*)e" and the
* replace pattern of the form "x$1y$2z". The returned string needs
* to replace the $1,$2 with the strings that matched (b.*) and (d.*)
*/
slap_sasl_rx_exp( reg->sr_replace, reg->sr_offset,