static int
LDAPRDN_validate( LDAPRDN rdn )
{
int iAVA;
int rc;
assert( rdn != NULL );
for ( iAVA = 0; rdn[ iAVA ]; iAVA++ ) {
LDAPAVA *ava = rdn[ iAVA ];
AttributeDescription *ad;
slap_syntax_validate_func *validate = NULL;
assert( ava != NULL );
if ( ( ad = AVA_PRIVATE( ava ) ) == NULL ) {
const char *text = NULL;
rc = slap_bv2ad( &ava->la_attr, &ad, &text );
if ( rc != LDAP_SUCCESS ) {
rc = slap_bv2undef_ad( &ava->la_attr,
&ad, &text,
SLAP_AD_PROXIED|slap_DN_strict );
if ( rc != LDAP_SUCCESS ) {
return LDAP_INVALID_SYNTAX;
}
}
ava->la_private = ( void * )ad;
}
/*
* Do not allow X-ORDERED 'VALUES' naming attributes
*/
if ( ad->ad_type->sat_flags & SLAP_AT_ORDERED_VAL ) {
return LDAP_INVALID_SYNTAX;
}
/*
* Replace attr oid/name with the canonical name
*/
ava->la_attr = ad->ad_cname;
validate = ad->ad_type->sat_syntax->ssyn_validate;
if ( validate ) {
/*
* validate value by validate function
*/
rc = ( *validate )( ad->ad_type->sat_syntax,
&ava->la_value );
if ( rc != LDAP_SUCCESS ) {
return LDAP_INVALID_SYNTAX;
}
}
}
return LDAP_SUCCESS;
}
int mdb_ad_read( struct mdb_info *mdb, MDB_txn *txn )
{
int i, rc;
MDB_cursor *mc;
MDB_val key, data;
struct berval bdata;
const char *text;
AttributeDescription *ad;
rc = mdb_cursor_open( txn, mdb->mi_ad2id, &mc );
if ( rc ) {
Debug( LDAP_DEBUG_ANY,
"mdb_ad_read: cursor_open failed %s(%d)\n",
mdb_strerror(rc), rc, 0);
return rc;
}
/* our array is 1-based, an index of 0 means no data */
i = mdb->mi_numads+1;
key.mv_size = sizeof(int);
key.mv_data = &i;
rc = mdb_cursor_get( mc, &key, &data, MDB_SET );
while ( rc == MDB_SUCCESS ) {
bdata.bv_len = data.mv_size;
bdata.bv_val = data.mv_data;
ad = NULL;
rc = slap_bv2ad( &bdata, &ad, &text );
if ( rc ) {
rc = slap_bv2undef_ad( &bdata, &mdb->mi_ads[i], &text, 0 );
} else {
if ( ad->ad_index >= MDB_MAXADS ) {
Debug( LDAP_DEBUG_ANY,
"mdb_adb_read: too many AttributeDescriptions in use\n",
0, 0, 0 );
return LDAP_OTHER;
}
mdb->mi_adxs[ad->ad_index] = i;
mdb->mi_ads[i] = ad;
}
i++;
rc = mdb_cursor_get( mc, &key, &data, MDB_NEXT );
}
mdb->mi_numads = i-1;
done:
if ( rc == MDB_NOTFOUND )
rc = 0;
mdb_cursor_close( mc );
return rc;
}
int slap_str2undef_ad(
const char *str,
AttributeDescription **ad,
const char **text,
unsigned flags )
{
struct berval bv;
bv.bv_val = (char *) str;
bv.bv_len = strlen( str );
return slap_bv2undef_ad( &bv, ad, text, flags );
}
int
do_search(
Operation *op, /* info about the op to which we're responding */
SlapReply *rs /* all the response data we'll send */ )
{
struct berval base = BER_BVNULL;
ber_len_t siz, off, i;
Debug( LDAP_DEBUG_TRACE, "%s do_search\n",
op->o_log_prefix, 0, 0 );
/*
* Parse the search request. It looks like this:
*
* SearchRequest := [APPLICATION 3] SEQUENCE {
* baseObject DistinguishedName,
* scope ENUMERATED {
* baseObject (0),
* singleLevel (1),
* wholeSubtree (2),
* subordinate (3) -- OpenLDAP extension
* },
* derefAliases ENUMERATED {
* neverDerefaliases (0),
* derefInSearching (1),
* derefFindingBaseObj (2),
* alwaysDerefAliases (3)
* },
* sizelimit INTEGER (0 .. 65535),
* timelimit INTEGER (0 .. 65535),
* attrsOnly BOOLEAN,
* filter Filter,
* attributes SEQUENCE OF AttributeType
* }
*/
/* baseObject, scope, derefAliases, sizelimit, timelimit, attrsOnly */
if ( ber_scanf( op->o_ber, "{miiiib" /*}*/,
&base, &op->ors_scope, &op->ors_deref, &op->ors_slimit,
&op->ors_tlimit, &op->ors_attrsonly ) == LBER_ERROR )
{
send_ldap_discon( op, rs, LDAP_PROTOCOL_ERROR, "decoding error" );
rs->sr_err = SLAPD_DISCONNECT;
goto return_results;
}
if ( op->ors_tlimit < 0 || op->ors_tlimit > SLAP_MAX_LIMIT ) {
send_ldap_error( op, rs, LDAP_PROTOCOL_ERROR, "invalid time limit" );
goto return_results;
}
if ( op->ors_slimit < 0 || op->ors_slimit > SLAP_MAX_LIMIT ) {
send_ldap_error( op, rs, LDAP_PROTOCOL_ERROR, "invalid size limit" );
goto return_results;
}
switch( op->ors_scope ) {
case LDAP_SCOPE_BASE:
case LDAP_SCOPE_ONELEVEL:
case LDAP_SCOPE_SUBTREE:
case LDAP_SCOPE_SUBORDINATE:
break;
default:
send_ldap_error( op, rs, LDAP_PROTOCOL_ERROR, "invalid scope" );
goto return_results;
}
switch( op->ors_deref ) {
case LDAP_DEREF_NEVER:
case LDAP_DEREF_FINDING:
case LDAP_DEREF_SEARCHING:
case LDAP_DEREF_ALWAYS:
break;
default:
send_ldap_error( op, rs, LDAP_PROTOCOL_ERROR, "invalid deref" );
goto return_results;
}
rs->sr_err = dnPrettyNormal( NULL, &base, &op->o_req_dn, &op->o_req_ndn, op->o_tmpmemctx );
if( rs->sr_err != LDAP_SUCCESS ) {
Debug( LDAP_DEBUG_ANY, "%s do_search: invalid dn: \"%s\"\n",
op->o_log_prefix, base.bv_val, 0 );
send_ldap_error( op, rs, LDAP_INVALID_DN_SYNTAX, "invalid DN" );
goto return_results;
}
Debug( LDAP_DEBUG_ARGS, "SRCH \"%s\" %d %d",
base.bv_val, op->ors_scope, op->ors_deref );
Debug( LDAP_DEBUG_ARGS, " %d %d %d\n",
op->ors_slimit, op->ors_tlimit, op->ors_attrsonly);
/* filter - returns a "normalized" version */
rs->sr_err = get_filter( op, op->o_ber, &op->ors_filter, &rs->sr_text );
if( rs->sr_err != LDAP_SUCCESS ) {
if( rs->sr_err == SLAPD_DISCONNECT ) {
rs->sr_err = LDAP_PROTOCOL_ERROR;
send_ldap_disconnect( op, rs );
rs->sr_err = SLAPD_DISCONNECT;
} else {
send_ldap_result( op, rs );
}
goto return_results;
}
filter2bv_x( op, op->ors_filter, &op->ors_filterstr );
Debug( LDAP_DEBUG_ARGS, " filter: %s\n",
!BER_BVISEMPTY( &op->ors_filterstr ) ? op->ors_filterstr.bv_val : "empty", 0, 0 );
/* attributes */
siz = sizeof(AttributeName);
off = offsetof(AttributeName,an_name);
if ( ber_scanf( op->o_ber, "{M}}", &op->ors_attrs, &siz, off ) == LBER_ERROR ) {
send_ldap_discon( op, rs, LDAP_PROTOCOL_ERROR, "decoding attrs error" );
rs->sr_err = SLAPD_DISCONNECT;
goto return_results;
}
for ( i=0; i<siz; i++ ) {
const char *dummy; /* ignore msgs from bv2ad */
op->ors_attrs[i].an_desc = NULL;
op->ors_attrs[i].an_oc = NULL;
op->ors_attrs[i].an_flags = 0;
if ( slap_bv2ad( &op->ors_attrs[i].an_name,
&op->ors_attrs[i].an_desc, &dummy ) != LDAP_SUCCESS )
{
if ( slap_bv2undef_ad( &op->ors_attrs[i].an_name,
&op->ors_attrs[i].an_desc, &dummy,
SLAP_AD_PROXIED|SLAP_AD_NOINSERT ) )
{
struct berval *bv = &op->ors_attrs[i].an_name;
/* RFC 4511 LDAPv3: All User Attributes */
if ( bvmatch( bv, slap_bv_all_user_attrs ) ) {
continue;
}
/* RFC 3673 LDAPv3: All Operational Attributes */
if ( bvmatch( bv, slap_bv_all_operational_attrs ) ) {
continue;
}
/* RFC 4529 LDAP: Requesting Attributes by Object Class */
if ( bv->bv_len > 1 && bv->bv_val[0] == '@' ) {
/* FIXME: check if remaining is valid oc name? */
continue;
}
/* add more "exceptions" to RFC 4511 4.5.1.8. */
/* invalid attribute description? remove */
if ( ad_keystring( bv ) ) {
/* NOTE: parsed in-place, don't modify;
* rather add "1.1", which must be ignored */
BER_BVSTR( &op->ors_attrs[i].an_name, LDAP_NO_ATTRS );
}
/* otherwise leave in place... */
}
}
}
if( get_ctrls( op, rs, 1 ) != LDAP_SUCCESS ) {
Debug( LDAP_DEBUG_ANY, "%s do_search: get_ctrls failed\n",
op->o_log_prefix, 0, 0 );
goto return_results;
}
Debug( LDAP_DEBUG_ARGS, " attrs:", 0, 0, 0 );
if ( siz != 0 ) {
for ( i = 0; i<siz; i++ ) {
Debug( LDAP_DEBUG_ARGS, " %s", op->ors_attrs[i].an_name.bv_val, 0, 0 );
}
}
Debug( LDAP_DEBUG_ARGS, "\n", 0, 0, 0 );
if ( StatslogTest( LDAP_DEBUG_STATS ) ) {
char abuf[BUFSIZ/2], *ptr = abuf;
unsigned len = 0, alen;
sprintf(abuf, "scope=%d deref=%d", op->ors_scope, op->ors_deref);
Statslog( LDAP_DEBUG_STATS,
"%s SRCH base=\"%s\" %s filter=\"%s\"\n",
op->o_log_prefix, op->o_req_dn.bv_val, abuf,
op->ors_filterstr.bv_val, 0 );
for ( i = 0; i<siz; i++ ) {
alen = op->ors_attrs[i].an_name.bv_len;
if (alen >= sizeof(abuf)) {
alen = sizeof(abuf)-1;
}
if (len && (len + 1 + alen >= sizeof(abuf))) {
Statslog( LDAP_DEBUG_STATS, "%s SRCH attr=%s\n",
op->o_log_prefix, abuf, 0, 0, 0 );
len = 0;
ptr = abuf;
}
if (len) {
*ptr++ = ' ';
len++;
}
ptr = lutil_strncopy(ptr, op->ors_attrs[i].an_name.bv_val, alen);
len += alen;
*ptr = '\0';
}
if (len) {
Statslog( LDAP_DEBUG_STATS, "%s SRCH attr=%s\n",
op->o_log_prefix, abuf, 0, 0, 0 );
}
}
op->o_bd = frontendDB;
rs->sr_err = frontendDB->be_search( op, rs );
return_results:;
if ( !BER_BVISNULL( &op->o_req_dn ) ) {
slap_sl_free( op->o_req_dn.bv_val, op->o_tmpmemctx );
}
if ( !BER_BVISNULL( &op->o_req_ndn ) ) {
slap_sl_free( op->o_req_ndn.bv_val, op->o_tmpmemctx );
}
if ( !BER_BVISNULL( &op->ors_filterstr ) ) {
op->o_tmpfree( op->ors_filterstr.bv_val, op->o_tmpmemctx );
}
if ( op->ors_filter != NULL) {
filter_free_x( op, op->ors_filter, 1 );
}
if ( op->ors_attrs != NULL ) {
op->o_tmpfree( op->ors_attrs, op->o_tmpmemctx );
}
return rs->sr_err;
}
int
rwm_map_config(
struct ldapmap *oc_map,
struct ldapmap *at_map,
const char *fname,
int lineno,
int argc,
char **argv )
{
struct ldapmap *map;
struct ldapmapping *mapping;
char *src, *dst;
int is_oc = 0;
int rc = 0;
if ( argc < 3 || argc > 4 ) {
Debug( LDAP_DEBUG_ANY,
"%s: line %d: syntax is \"map {objectclass | attribute} [<local> | *] {<foreign> | *}\"\n",
fname, lineno, 0 );
return 1;
}
if ( strcasecmp( argv[1], "objectclass" ) == 0 ) {
map = oc_map;
is_oc = 1;
} else if ( strcasecmp( argv[1], "attribute" ) == 0 ) {
map = at_map;
} else {
Debug( LDAP_DEBUG_ANY, "%s: line %d: syntax is "
"\"map {objectclass | attribute} [<local> | *] "
"{<foreign> | *}\"\n",
fname, lineno, 0 );
return 1;
}
if ( !is_oc && map->map == NULL ) {
/* only init if required */
if ( rwm_map_init( map, &mapping ) != LDAP_SUCCESS ) {
return 1;
}
}
if ( strcmp( argv[2], "*" ) == 0 ) {
if ( argc < 4 || strcmp( argv[3], "*" ) == 0 ) {
map->drop_missing = ( argc < 4 );
goto success_return;
}
src = dst = argv[3];
} else if ( argc < 4 ) {
src = "";
dst = argv[2];
} else {
src = argv[2];
dst = ( strcmp( argv[3], "*" ) == 0 ? src : argv[3] );
}
if ( ( map == at_map )
&& ( strcasecmp( src, "objectclass" ) == 0
|| strcasecmp( dst, "objectclass" ) == 0 ) )
{
Debug( LDAP_DEBUG_ANY,
"%s: line %d: objectclass attribute cannot be mapped\n",
fname, lineno, 0 );
return 1;
}
mapping = (struct ldapmapping *)ch_calloc( 2,
sizeof(struct ldapmapping) );
if ( mapping == NULL ) {
Debug( LDAP_DEBUG_ANY,
"%s: line %d: out of memory\n",
fname, lineno, 0 );
return 1;
}
ber_str2bv( src, 0, 1, &mapping[0].m_src );
ber_str2bv( dst, 0, 1, &mapping[0].m_dst );
mapping[1].m_src = mapping[0].m_dst;
mapping[1].m_dst = mapping[0].m_src;
mapping[0].m_flags = RWMMAP_F_NONE;
mapping[1].m_flags = RWMMAP_F_NONE;
/*
* schema check
*/
if ( is_oc ) {
if ( src[0] != '\0' ) {
mapping[0].m_src_oc = oc_bvfind( &mapping[0].m_src );
if ( mapping[0].m_src_oc == NULL ) {
Debug( LDAP_DEBUG_ANY,
"%s: line %d: warning, source objectClass '%s' "
"should be defined in schema\n",
fname, lineno, src );
/*
* FIXME: this should become an err
*/
mapping[0].m_src_oc = ch_malloc( sizeof( ObjectClass ) );
memset( mapping[0].m_src_oc, 0, sizeof( ObjectClass ) );
mapping[0].m_src_oc->soc_cname = mapping[0].m_src;
mapping[0].m_flags |= RWMMAP_F_FREE_SRC;
}
mapping[1].m_dst_oc = mapping[0].m_src_oc;
}
mapping[0].m_dst_oc = oc_bvfind( &mapping[0].m_dst );
if ( mapping[0].m_dst_oc == NULL ) {
Debug( LDAP_DEBUG_ANY,
"%s: line %d: warning, destination objectClass '%s' "
"is not defined in schema\n",
fname, lineno, dst );
mapping[0].m_dst_oc = oc_bvfind_undef( &mapping[0].m_dst );
if ( mapping[0].m_dst_oc == NULL ) {
Debug( LDAP_DEBUG_ANY, "%s: line %d: unable to mimic destination objectClass '%s'\n",
fname, lineno, dst );
goto error_return;
}
}
mapping[1].m_src_oc = mapping[0].m_dst_oc;
mapping[0].m_flags |= RWMMAP_F_IS_OC;
mapping[1].m_flags |= RWMMAP_F_IS_OC;
} else {
int rc;
const char *text = NULL;
if ( src[0] != '\0' ) {
rc = slap_bv2ad( &mapping[0].m_src,
&mapping[0].m_src_ad, &text );
if ( rc != LDAP_SUCCESS ) {
Debug( LDAP_DEBUG_ANY,
"%s: line %d: warning, source attributeType '%s' "
"should be defined in schema\n",
fname, lineno, src );
/*
* we create a fake "proxied" ad
* and add it here.
*/
rc = slap_bv2undef_ad( &mapping[0].m_src,
&mapping[0].m_src_ad, &text,
SLAP_AD_PROXIED );
if ( rc != LDAP_SUCCESS ) {
char prefix[1024];
snprintf( prefix, sizeof(prefix),
"%s: line %d: source attributeType '%s': %d",
fname, lineno, src, rc );
Debug( LDAP_DEBUG_ANY, "%s (%s)\n",
prefix, text ? text : "null", 0 );
goto error_return;
}
}
mapping[1].m_dst_ad = mapping[0].m_src_ad;
}
rc = slap_bv2ad( &mapping[0].m_dst, &mapping[0].m_dst_ad, &text );
if ( rc != LDAP_SUCCESS ) {
Debug( LDAP_DEBUG_ANY,
"%s: line %d: warning, destination attributeType '%s' "
"is not defined in schema\n",
fname, lineno, dst );
rc = slap_bv2undef_ad( &mapping[0].m_dst,
&mapping[0].m_dst_ad, &text,
SLAP_AD_PROXIED );
if ( rc != LDAP_SUCCESS ) {
char prefix[1024];
snprintf( prefix, sizeof(prefix),
"%s: line %d: destination attributeType '%s': %d",
fname, lineno, dst, rc );
Debug( LDAP_DEBUG_ANY, "%s (%s)\n",
prefix, text ? text : "null", 0 );
goto error_return;
}
}
mapping[1].m_src_ad = mapping[0].m_dst_ad;
}
if ( ( src[0] != '\0' && avl_find( map->map, (caddr_t)mapping, rwm_mapping_cmp ) != NULL)
|| avl_find( map->remap, (caddr_t)&mapping[1], rwm_mapping_cmp ) != NULL)
{
Debug( LDAP_DEBUG_ANY,
"%s: line %d: duplicate mapping found.\n",
fname, lineno, 0 );
/* FIXME: free stuff */
goto error_return;
}
if ( src[0] != '\0' ) {
avl_insert( &map->map, (caddr_t)&mapping[0],
rwm_mapping_cmp, rwm_mapping_dup );
}
avl_insert( &map->remap, (caddr_t)&mapping[1],
rwm_mapping_cmp, rwm_mapping_dup );
success_return:;
return rc;
error_return:;
if ( mapping ) {
rwm_mapping_free( mapping );
}
return 1;
}
int
get_filter(
Operation *op,
BerElement *ber,
Filter **filt,
const char **text )
{
ber_tag_t tag;
ber_len_t len;
int err;
Filter f;
Debug( LDAP_DEBUG_FILTER, "begin get_filter\n", 0, 0, 0 );
/*
* A filter looks like this coming in:
* Filter ::= CHOICE {
* and [0] SET OF Filter,
* or [1] SET OF Filter,
* not [2] Filter,
* equalityMatch [3] AttributeValueAssertion,
* substrings [4] SubstringFilter,
* greaterOrEqual [5] AttributeValueAssertion,
* lessOrEqual [6] AttributeValueAssertion,
* present [7] AttributeType,
* approxMatch [8] AttributeValueAssertion,
* extensibleMatch [9] MatchingRuleAssertion
* }
*
* SubstringFilter ::= SEQUENCE {
* type AttributeType,
* SEQUENCE OF CHOICE {
* initial [0] IA5String,
* any [1] IA5String,
* final [2] IA5String
* }
* }
*
* MatchingRuleAssertion ::= SEQUENCE {
* matchingRule [1] MatchingRuleId OPTIONAL,
* type [2] AttributeDescription OPTIONAL,
* matchValue [3] AssertionValue,
* dnAttributes [4] BOOLEAN DEFAULT FALSE
* }
*
*/
tag = ber_peek_tag( ber, &len );
if( tag == LBER_ERROR ) {
*text = "error decoding filter";
return SLAPD_DISCONNECT;
}
err = LDAP_SUCCESS;
f.f_next = NULL;
f.f_choice = tag;
switch ( f.f_choice ) {
case LDAP_FILTER_EQUALITY:
Debug( LDAP_DEBUG_FILTER, "EQUALITY\n", 0, 0, 0 );
err = get_ava( op, ber, &f, SLAP_MR_EQUALITY, text );
if ( err != LDAP_SUCCESS ) {
break;
}
assert( f.f_ava != NULL );
break;
case LDAP_FILTER_SUBSTRINGS:
Debug( LDAP_DEBUG_FILTER, "SUBSTRINGS\n", 0, 0, 0 );
err = get_ssa( op, ber, &f, text );
if( err != LDAP_SUCCESS ) {
break;
}
assert( f.f_sub != NULL );
break;
case LDAP_FILTER_GE:
Debug( LDAP_DEBUG_FILTER, "GE\n", 0, 0, 0 );
err = get_ava( op, ber, &f, SLAP_MR_ORDERING, text );
if ( err != LDAP_SUCCESS ) {
break;
}
assert( f.f_ava != NULL );
break;
case LDAP_FILTER_LE:
Debug( LDAP_DEBUG_FILTER, "LE\n", 0, 0, 0 );
err = get_ava( op, ber, &f, SLAP_MR_ORDERING, text );
if ( err != LDAP_SUCCESS ) {
break;
}
assert( f.f_ava != NULL );
break;
case LDAP_FILTER_PRESENT: {
struct berval type;
Debug( LDAP_DEBUG_FILTER, "PRESENT\n", 0, 0, 0 );
if ( ber_scanf( ber, "m", &type ) == LBER_ERROR ) {
err = SLAPD_DISCONNECT;
*text = "error decoding filter";
break;
}
f.f_desc = NULL;
err = slap_bv2ad( &type, &f.f_desc, text );
if( err != LDAP_SUCCESS ) {
f.f_choice |= SLAPD_FILTER_UNDEFINED;
err = slap_bv2undef_ad( &type, &f.f_desc, text,
SLAP_AD_PROXIED|SLAP_AD_NOINSERT );
if ( err != LDAP_SUCCESS ) {
/* unrecognized attribute description or other error */
Debug( LDAP_DEBUG_ANY,
"get_filter: conn %lu unknown attribute "
"type=%s (%d)\n",
op->o_connid, type.bv_val, err );
err = LDAP_SUCCESS;
f.f_desc = slap_bv2tmp_ad( &type, op->o_tmpmemctx );
}
*text = NULL;
}
assert( f.f_desc != NULL );
} break;
case LDAP_FILTER_APPROX:
Debug( LDAP_DEBUG_FILTER, "APPROX\n", 0, 0, 0 );
err = get_ava( op, ber, &f, SLAP_MR_EQUALITY_APPROX, text );
if ( err != LDAP_SUCCESS ) {
break;
}
assert( f.f_ava != NULL );
break;
case LDAP_FILTER_AND:
Debug( LDAP_DEBUG_FILTER, "AND\n", 0, 0, 0 );
err = get_filter_list( op, ber, &f.f_and, text );
if ( err != LDAP_SUCCESS ) {
break;
}
if ( f.f_and == NULL ) {
f.f_choice = SLAPD_FILTER_COMPUTED;
f.f_result = LDAP_COMPARE_TRUE;
}
/* no assert - list could be empty */
break;
case LDAP_FILTER_OR:
Debug( LDAP_DEBUG_FILTER, "OR\n", 0, 0, 0 );
err = get_filter_list( op, ber, &f.f_or, text );
if ( err != LDAP_SUCCESS ) {
break;
}
if ( f.f_or == NULL ) {
f.f_choice = SLAPD_FILTER_COMPUTED;
f.f_result = LDAP_COMPARE_FALSE;
}
/* no assert - list could be empty */
break;
case LDAP_FILTER_NOT:
Debug( LDAP_DEBUG_FILTER, "NOT\n", 0, 0, 0 );
(void) ber_skip_tag( ber, &len );
err = get_filter( op, ber, &f.f_not, text );
if ( err != LDAP_SUCCESS ) {
break;
}
assert( f.f_not != NULL );
if ( f.f_not->f_choice == SLAPD_FILTER_COMPUTED ) {
int fresult = f.f_not->f_result;
f.f_choice = SLAPD_FILTER_COMPUTED;
op->o_tmpfree( f.f_not, op->o_tmpmemctx );
f.f_not = NULL;
switch( fresult ) {
case LDAP_COMPARE_TRUE:
f.f_result = LDAP_COMPARE_FALSE;
break;
case LDAP_COMPARE_FALSE:
f.f_result = LDAP_COMPARE_TRUE;
break;
default: ;
/* (!Undefined) is Undefined */
}
}
break;
case LDAP_FILTER_EXT:
Debug( LDAP_DEBUG_FILTER, "EXTENSIBLE\n", 0, 0, 0 );
err = get_mra( op, ber, &f, text );
if ( err != LDAP_SUCCESS ) {
break;
}
assert( f.f_mra != NULL );
break;
default:
(void) ber_scanf( ber, "x" ); /* skip the element */
Debug( LDAP_DEBUG_ANY, "get_filter: unknown filter type=%lu\n",
f.f_choice, 0, 0 );
f.f_choice = SLAPD_FILTER_COMPUTED;
f.f_result = SLAPD_COMPARE_UNDEFINED;
break;
}
if( err != LDAP_SUCCESS && err != SLAPD_DISCONNECT ) {
/* ignore error */
*text = NULL;
f.f_choice = SLAPD_FILTER_COMPUTED;
f.f_result = SLAPD_COMPARE_UNDEFINED;
err = LDAP_SUCCESS;
}
if ( err == LDAP_SUCCESS ) {
*filt = op->o_tmpalloc( sizeof(f), op->o_tmpmemctx );
**filt = f;
}
Debug( LDAP_DEBUG_FILTER, "end get_filter %d\n", err, 0, 0 );
return( err );
}
static int
asyncmeta_send_entry(
Operation *op,
SlapReply *rs,
a_metaconn_t *mc,
int target,
LDAPMessage *e )
{
a_metainfo_t *mi = mc->mc_info;
struct berval a, mapped = BER_BVNULL;
int check_sorted_attrs = 0;
Entry ent = {0};
BerElement ber = *ldap_get_message_ber( e );
Attribute *attr, **attrp;
struct berval bdn,
dn = BER_BVNULL;
const char *text;
a_dncookie dc;
ber_len_t len;
int rc;
void *mem_mark;
mem_mark = slap_sl_mark( op->o_tmpmemctx );
ber_set_option( &ber, LBER_OPT_BER_MEMCTX, &op->o_tmpmemctx );
if ( ber_scanf( &ber, "l{", &len ) == LBER_ERROR ) {
return LDAP_DECODING_ERROR;
}
if ( ber_set_option( &ber, LBER_OPT_REMAINING_BYTES, &len ) != LBER_OPT_SUCCESS ) {
return LDAP_OTHER;
}
if ( ber_scanf( &ber, "m{", &bdn ) == LBER_ERROR ) {
return LDAP_DECODING_ERROR;
}
/*
* Rewrite the dn of the result, if needed
*/
dc.op = op;
dc.target = mi->mi_targets[ target ];
dc.memctx = op->o_tmpmemctx;
dc.to_from = MASSAGE_REP;
asyncmeta_dn_massage( &dc, &bdn, &dn );
/*
* Note: this may fail if the target host(s) schema differs
* from the one known to the meta, and a DN with unknown
* attributes is returned.
*
* FIXME: should we log anything, or delegate to dnNormalize?
*/
rc = dnPrettyNormal( NULL, &dn, &ent.e_name, &ent.e_nname,
op->o_tmpmemctx );
if ( dn.bv_val != bdn.bv_val ) {
op->o_tmpfree( dn.bv_val, op->o_tmpmemctx );
}
BER_BVZERO( &dn );
if ( rc != LDAP_SUCCESS ) {
Debug( LDAP_DEBUG_ANY,
"%s asyncmeta_send_entry(\"%s\"): "
"invalid DN syntax\n",
op->o_log_prefix, ent.e_name.bv_val );
rc = LDAP_INVALID_DN_SYNTAX;
goto done;
}
/*
* cache dn
*/
if ( mi->mi_cache.ttl != META_DNCACHE_DISABLED ) {
( void )asyncmeta_dncache_update_entry( &mi->mi_cache,
&ent.e_nname, target );
}
attrp = &ent.e_attrs;
while ( ber_scanf( &ber, "{m", &a ) != LBER_ERROR ) {
int last = 0;
slap_syntax_validate_func *validate;
slap_syntax_transform_func *pretty;
if ( ber_pvt_ber_remaining( &ber ) < 0 ) {
Debug( LDAP_DEBUG_ANY,
"%s asyncmeta_send_entry(\"%s\"): "
"unable to parse attr \"%s\".\n",
op->o_log_prefix, ent.e_name.bv_val, a.bv_val );
rc = LDAP_OTHER;
goto done;
}
if ( ber_pvt_ber_remaining( &ber ) == 0 ) {
break;
}
attr = op->o_tmpcalloc( 1, sizeof(Attribute), op->o_tmpmemctx );
if ( slap_bv2ad( &a, &attr->a_desc, &text )
!= LDAP_SUCCESS) {
if ( slap_bv2undef_ad( &a, &attr->a_desc, &text,
SLAP_AD_PROXIED ) != LDAP_SUCCESS )
{
Debug(LDAP_DEBUG_ANY,
"%s meta_send_entry(\"%s\"): " "slap_bv2undef_ad(%s): %s\n",
op->o_log_prefix, ent.e_name.bv_val,
mapped.bv_val, text );
( void )ber_scanf( &ber, "x" /* [W] */ );
op->o_tmpfree( attr, op->o_tmpmemctx );
continue;
}
}
if ( attr->a_desc->ad_type->sat_flags & SLAP_AT_SORTED_VAL )
check_sorted_attrs = 1;
/* no subschemaSubentry */
if ( attr->a_desc == slap_schema.si_ad_subschemaSubentry
|| attr->a_desc == slap_schema.si_ad_entryDN )
{
/*
* We eat target's subschemaSubentry because
* a search for this value is likely not
* to resolve to the appropriate backend;
* later, the local subschemaSubentry is
* added.
*
* We also eat entryDN because the frontend
* will reattach it without checking if already
* present...
*/
( void )ber_scanf( &ber, "x" /* [W] */ );
op->o_tmpfree( attr, op->o_tmpmemctx );
continue;
}
if ( ber_scanf( &ber, "[W]", &attr->a_vals ) == LBER_ERROR
|| attr->a_vals == NULL )
{
attr->a_vals = (struct berval *)&slap_dummy_bv;
} else {
for ( last = 0; !BER_BVISNULL( &attr->a_vals[ last ] ); ++last )
;
}
attr->a_numvals = last;
validate = attr->a_desc->ad_type->sat_syntax->ssyn_validate;
pretty = attr->a_desc->ad_type->sat_syntax->ssyn_pretty;
if ( !validate && !pretty ) {
ber_bvarray_free_x( attr->a_vals, op->o_tmpmemctx );
op->o_tmpfree( attr, op->o_tmpmemctx );
goto next_attr;
}
/*
* It is necessary to try to rewrite attributes with
* dn syntax because they might be used in ACLs as
* members of groups; since ACLs are applied to the
* rewritten stuff, no dn-based subecj clause could
* be used at the ldap backend side (see
* http://www.OpenLDAP.org/faq/data/cache/452.html)
* The problem can be overcome by moving the dn-based
* ACLs to the target directory server, and letting
* everything pass thru the ldap backend.
*/
{
int i;
if ( attr->a_desc->ad_type->sat_syntax ==
slap_schema.si_syn_distinguishedName )
{
asyncmeta_dnattr_result_rewrite( &dc, attr->a_vals );
} else if ( attr->a_desc == slap_schema.si_ad_ref ) {
asyncmeta_referral_result_rewrite( &dc, attr->a_vals );
}
for ( i = 0; i < last; i++ ) {
struct berval pval;
int rc;
if ( pretty ) {
rc = ordered_value_pretty( attr->a_desc,
&attr->a_vals[i], &pval, op->o_tmpmemctx );
} else {
rc = ordered_value_validate( attr->a_desc,
&attr->a_vals[i], 0 );
}
if ( rc ) {
ber_memfree_x( attr->a_vals[i].bv_val, op->o_tmpmemctx );
if ( --last == i ) {
BER_BVZERO( &attr->a_vals[ i ] );
break;
}
attr->a_vals[i] = attr->a_vals[last];
BER_BVZERO( &attr->a_vals[last] );
i--;
continue;
}
if ( pretty ) {
ber_memfree_x( attr->a_vals[i].bv_val, op->o_tmpmemctx );
attr->a_vals[i] = pval;
}
}
if ( last == 0 && attr->a_vals != &slap_dummy_bv ) {
ber_bvarray_free_x( attr->a_vals, op->o_tmpmemctx );
op->o_tmpfree( attr, op->o_tmpmemctx );
goto next_attr;
}
}
if ( last && attr->a_desc->ad_type->sat_equality &&
attr->a_desc->ad_type->sat_equality->smr_normalize )
{
int i;
attr->a_nvals = op->o_tmpalloc( ( last + 1 ) * sizeof( struct berval ), op->o_tmpmemctx );
for ( i = 0; i<last; i++ ) {
/* if normalizer fails, drop this value */
if ( ordered_value_normalize(
SLAP_MR_VALUE_OF_ATTRIBUTE_SYNTAX,
attr->a_desc,
attr->a_desc->ad_type->sat_equality,
&attr->a_vals[i], &attr->a_nvals[i],
op->o_tmpmemctx )) {
ber_memfree_x( attr->a_vals[i].bv_val, op->o_tmpmemctx );
if ( --last == i ) {
BER_BVZERO( &attr->a_vals[ i ] );
break;
}
attr->a_vals[i] = attr->a_vals[last];
BER_BVZERO( &attr->a_vals[last] );
i--;
}
}
BER_BVZERO( &attr->a_nvals[i] );
if ( last == 0 ) {
ber_bvarray_free_x( attr->a_vals, op->o_tmpmemctx );
ber_bvarray_free_x( attr->a_nvals, op->o_tmpmemctx );
op->o_tmpfree( attr, op->o_tmpmemctx );
goto next_attr;
}
} else {
attr->a_nvals = attr->a_vals;
}
attr->a_numvals = last;
*attrp = attr;
attrp = &attr->a_next;
next_attr:;
}
/* Check for sorted attributes */
if ( check_sorted_attrs ) {
for ( attr = ent.e_attrs; attr; attr = attr->a_next ) {
if ( attr->a_desc->ad_type->sat_flags & SLAP_AT_SORTED_VAL ) {
while ( attr->a_numvals > 1 ) {
int i;
int rc = slap_sort_vals( (Modifications *)attr, &text, &i, op->o_tmpmemctx );
if ( rc != LDAP_TYPE_OR_VALUE_EXISTS )
break;
/* Strip duplicate values */
if ( attr->a_nvals != attr->a_vals )
ber_memfree_x( attr->a_nvals[i].bv_val, op->o_tmpmemctx );
ber_memfree_x( attr->a_vals[i].bv_val, op->o_tmpmemctx );
attr->a_numvals--;
if ( (unsigned)i < attr->a_numvals ) {
attr->a_vals[i] = attr->a_vals[attr->a_numvals];
if ( attr->a_nvals != attr->a_vals )
attr->a_nvals[i] = attr->a_nvals[attr->a_numvals];
}
BER_BVZERO(&attr->a_vals[attr->a_numvals]);
if ( attr->a_nvals != attr->a_vals )
BER_BVZERO(&attr->a_nvals[attr->a_numvals]);
}
attr->a_flags |= SLAP_ATTR_SORTED_VALS;
}
}
}
Debug( LDAP_DEBUG_TRACE,
"%s asyncmeta_send_entry(\"%s\"): "
".\n",
op->o_log_prefix, ent.e_name.bv_val );
ldap_get_entry_controls( mc->mc_conns[target].msc_ldr,
e, &rs->sr_ctrls );
rs->sr_entry = &ent;
rs->sr_attrs = op->ors_attrs;
rs->sr_operational_attrs = NULL;
rs->sr_flags = mi->mi_targets[ target ]->mt_rep_flags;
rs->sr_err = LDAP_SUCCESS;
rc = send_search_entry( op, rs );
switch ( rc ) {
case LDAP_UNAVAILABLE:
rc = LDAP_OTHER;
break;
}
done:;
if ( rs->sr_ctrls != NULL ) {
ldap_controls_free( rs->sr_ctrls );
rs->sr_ctrls = NULL;
}
#if 0
while ( ent.e_attrs ) {
attr = ent.e_attrs;
ent.e_attrs = attr->a_next;
if ( attr->a_nvals != attr->a_vals )
ber_bvarray_free_x( attr->a_nvals, op->o_tmpmemctx );
ber_bvarray_free_x( attr->a_vals, op->o_tmpmemctx );
op->o_tmpfree( attr, op->o_tmpmemctx );
}
if (ent.e_name.bv_val != NULL) {
op->o_tmpfree( ent.e_name.bv_val, op->o_tmpmemctx );
}
if (ent.e_nname.bv_val != NULL) {
op->o_tmpfree( ent.e_nname.bv_val, op->o_tmpmemctx );
}
if (rs->sr_entry && rs->sr_entry != &ent) {
entry_free( rs->sr_entry );
}
#endif
slap_sl_release( mem_mark, op->o_tmpmemctx );
rs->sr_entry = NULL;
rs->sr_attrs = NULL;
return rc;
}
/*
* Do basic attribute type checking and syntax validation.
*/
int slap_mods_check(
Operation *op,
Modifications *ml,
const char **text,
char *textbuf,
size_t textlen,
void *ctx )
{
int rc;
for( ; ml != NULL; ml = ml->sml_next ) {
AttributeDescription *ad = NULL;
/* convert to attribute description */
if ( ml->sml_desc == NULL ) {
rc = slap_bv2ad( &ml->sml_type, &ml->sml_desc, text );
if( rc != LDAP_SUCCESS ) {
if ( get_no_schema_check( op )) {
rc = slap_bv2undef_ad( &ml->sml_type, &ml->sml_desc,
text, 0 );
}
}
if( rc != LDAP_SUCCESS ) {
snprintf( textbuf, textlen, "%s: %s",
ml->sml_type.bv_val, *text );
*text = textbuf;
return rc;
}
}
ad = ml->sml_desc;
if( slap_syntax_is_binary( ad->ad_type->sat_syntax )
&& !slap_ad_is_binary( ad ))
{
/* attribute requires binary transfer */
snprintf( textbuf, textlen,
"%s: requires ;binary transfer",
ml->sml_type.bv_val );
*text = textbuf;
return LDAP_UNDEFINED_TYPE;
}
if( !slap_syntax_is_binary( ad->ad_type->sat_syntax )
&& slap_ad_is_binary( ad ))
{
/* attribute does not require binary transfer */
snprintf( textbuf, textlen,
"%s: disallows ;binary transfer",
ml->sml_type.bv_val );
*text = textbuf;
return LDAP_UNDEFINED_TYPE;
}
if( slap_ad_is_tag_range( ad )) {
/* attribute requires binary transfer */
snprintf( textbuf, textlen,
"%s: inappropriate use of tag range option",
ml->sml_type.bv_val );
*text = textbuf;
return LDAP_UNDEFINED_TYPE;
}
#if 0
if ( is_at_obsolete( ad->ad_type ) &&
(( ml->sml_op != LDAP_MOD_REPLACE &&
ml->sml_op != LDAP_MOD_DELETE ) ||
ml->sml_values != NULL ))
{
/*
* attribute is obsolete,
* only allow replace/delete with no values
*/
snprintf( textbuf, textlen,
"%s: attribute is obsolete",
ml->sml_type.bv_val );
*text = textbuf;
return LDAP_CONSTRAINT_VIOLATION;
}
#endif
if ( ml->sml_op == LDAP_MOD_INCREMENT &&
#ifdef SLAPD_REAL_SYNTAX
!is_at_syntax( ad->ad_type, SLAPD_REAL_SYNTAX ) &&
#endif
!is_at_syntax( ad->ad_type, SLAPD_INTEGER_SYNTAX ) )
{
/*
* attribute values must be INTEGER or REAL
*/
snprintf( textbuf, textlen,
"%s: attribute syntax inappropriate for increment",
ml->sml_type.bv_val );
*text = textbuf;
return LDAP_CONSTRAINT_VIOLATION;
}
/*
* check values
*/
if( ml->sml_values != NULL ) {
ber_len_t nvals;
slap_syntax_validate_func *validate =
ad->ad_type->sat_syntax->ssyn_validate;
slap_syntax_transform_func *pretty =
ad->ad_type->sat_syntax->ssyn_pretty;
if( !pretty && !validate ) {
*text = "no validator for syntax";
snprintf( textbuf, textlen,
"%s: no validator for syntax %s",
ml->sml_type.bv_val,
ad->ad_type->sat_syntax->ssyn_oid );
*text = textbuf;
return LDAP_INVALID_SYNTAX;
}
/*
* check that each value is valid per syntax
* and pretty if appropriate
*/
for ( nvals = 0; !BER_BVISNULL( &ml->sml_values[nvals] ); nvals++ ) {
struct berval pval;
if ( pretty ) {
rc = ordered_value_pretty( ad,
&ml->sml_values[nvals], &pval, ctx );
} else {
rc = ordered_value_validate( ad,
&ml->sml_values[nvals], ml->sml_op );
}
if( rc != 0 ) {
snprintf( textbuf, textlen,
"%s: value #%ld invalid per syntax",
ml->sml_type.bv_val, (long) nvals );
*text = textbuf;
return LDAP_INVALID_SYNTAX;
}
if( pretty ) {
ber_memfree_x( ml->sml_values[nvals].bv_val, ctx );
ml->sml_values[nvals] = pval;
}
}
ml->sml_values[nvals].bv_len = 0;
ml->sml_numvals = nvals;
/*
* a rough single value check... an additional check is needed
* to catch add of single value to existing single valued attribute
*/
if ((ml->sml_op == LDAP_MOD_ADD || ml->sml_op == LDAP_MOD_REPLACE)
&& nvals > 1 && is_at_single_value( ad->ad_type ))
{
snprintf( textbuf, textlen,
"%s: multiple values provided",
ml->sml_type.bv_val );
*text = textbuf;
return LDAP_CONSTRAINT_VIOLATION;
}
/* if the type has a normalizer, generate the
* normalized values. otherwise leave them NULL.
*
* this is different from the rule for attributes
* in an entry - in an attribute list, the normalized
* value is set equal to the non-normalized value
* when there is no normalizer.
*/
if( nvals && ad->ad_type->sat_equality &&
ad->ad_type->sat_equality->smr_normalize )
{
ml->sml_nvalues = ber_memalloc_x(
(nvals+1)*sizeof(struct berval), ctx );
for ( nvals = 0; !BER_BVISNULL( &ml->sml_values[nvals] ); nvals++ ) {
rc = ordered_value_normalize(
SLAP_MR_VALUE_OF_ATTRIBUTE_SYNTAX,
ad,
ad->ad_type->sat_equality,
&ml->sml_values[nvals], &ml->sml_nvalues[nvals], ctx );
if ( rc ) {
Debug( LDAP_DEBUG_ANY,
"<= str2entry NULL (ssyn_normalize %d)\n",
rc, 0, 0 );
snprintf( textbuf, textlen,
"%s: value #%ld normalization failed",
ml->sml_type.bv_val, (long) nvals );
*text = textbuf;
BER_BVZERO( &ml->sml_nvalues[nvals] );
return rc;
}
}
BER_BVZERO( &ml->sml_nvalues[nvals] );
}
/* check for duplicates, but ignore Deletes.
*/
if( nvals > 1 && ml->sml_op != LDAP_MOD_DELETE ) {
int i;
rc = slap_sort_vals( ml, text, &i, ctx );
if ( rc == LDAP_TYPE_OR_VALUE_EXISTS ) {
/* value exists already */
snprintf( textbuf, textlen,
"%s: value #%d provided more than once",
ml->sml_desc->ad_cname.bv_val, i );
*text = textbuf;
}
if ( rc )
return rc;
}
} else {
ml->sml_numvals = 0;
}
}
return LDAP_SUCCESS;
}
static int
LDAPRDN_rewrite( LDAPRDN rdn, unsigned flags, void *ctx )
{
int rc, iAVA, do_sort = 0;
for ( iAVA = 0; rdn[ iAVA ]; iAVA++ ) {
LDAPAVA *ava = rdn[ iAVA ];
AttributeDescription *ad;
slap_syntax_validate_func *validf = NULL;
slap_mr_normalize_func *normf = NULL;
slap_syntax_transform_func *transf = NULL;
MatchingRule *mr = NULL;
struct berval bv = BER_BVNULL;
assert( ava != NULL );
if ( ( ad = AVA_PRIVATE( ava ) ) == NULL ) {
const char *text = NULL;
rc = slap_bv2ad( &ava->la_attr, &ad, &text );
if ( rc != LDAP_SUCCESS ) {
rc = slap_bv2undef_ad( &ava->la_attr,
&ad, &text,
SLAP_AD_PROXIED|slap_DN_strict );
if ( rc != LDAP_SUCCESS ) {
return LDAP_INVALID_SYNTAX;
}
}
ava->la_private = ( void * )ad;
do_sort = 1;
}
/*
* Replace attr oid/name with the canonical name
*/
ava->la_attr = ad->ad_cname;
if( ava->la_flags & LDAP_AVA_BINARY ) {
/* AVA is binary encoded, not supported */
return LDAP_INVALID_SYNTAX;
/* Do not allow X-ORDERED 'VALUES' naming attributes */
} else if( ad->ad_type->sat_flags & SLAP_AT_ORDERED_VAL ) {
return LDAP_INVALID_SYNTAX;
} else if( flags & SLAP_LDAPDN_PRETTY ) {
transf = ad->ad_type->sat_syntax->ssyn_pretty;
if( !transf ) {
validf = ad->ad_type->sat_syntax->ssyn_validate;
}
} else { /* normalization */
validf = ad->ad_type->sat_syntax->ssyn_validate;
mr = ad->ad_type->sat_equality;
if( mr && (!( mr->smr_usage & SLAP_MR_MUTATION_NORMALIZER ))) {
normf = mr->smr_normalize;
}
}
if ( validf ) {
/* validate value before normalization */
rc = ( *validf )( ad->ad_type->sat_syntax,
ava->la_value.bv_len
? &ava->la_value
: (struct berval *) &slap_empty_bv );
if ( rc != LDAP_SUCCESS ) {
return LDAP_INVALID_SYNTAX;
}
}
if ( transf ) {
/*
* transform value by pretty function
* if value is empty, use empty_bv
*/
rc = ( *transf )( ad->ad_type->sat_syntax,
ava->la_value.bv_len
? &ava->la_value
: (struct berval *) &slap_empty_bv,
&bv, ctx );
if ( rc != LDAP_SUCCESS ) {
return LDAP_INVALID_SYNTAX;
}
}
if ( normf ) {
/*
* normalize value
* if value is empty, use empty_bv
*/
rc = ( *normf )(
SLAP_MR_VALUE_OF_ASSERTION_SYNTAX,
ad->ad_type->sat_syntax,
mr,
ava->la_value.bv_len
? &ava->la_value
: (struct berval *) &slap_empty_bv,
&bv, ctx );
if ( rc != LDAP_SUCCESS ) {
return LDAP_INVALID_SYNTAX;
}
}
if( bv.bv_val ) {
if ( ava->la_flags & LDAP_AVA_FREE_VALUE )
ber_memfree_x( ava->la_value.bv_val, ctx );
ava->la_value = bv;
ava->la_flags |= LDAP_AVA_FREE_VALUE;
}
/* reject empty values */
if (!ava->la_value.bv_len) {
return LDAP_INVALID_SYNTAX;
}
}
rc = LDAP_SUCCESS;
if ( do_sort ) {
rc = AVA_Sort( rdn, iAVA );
}
return rc;
}
int
do_compare(
Operation *op,
SlapReply *rs )
{
struct berval dn = BER_BVNULL;
struct berval desc = BER_BVNULL;
struct berval value = BER_BVNULL;
AttributeAssertion ava = ATTRIBUTEASSERTION_INIT;
Debug( LDAP_DEBUG_TRACE, "%s do_compare\n",
op->o_log_prefix, 0, 0 );
/*
* Parse the compare request. It looks like this:
*
* CompareRequest := [APPLICATION 14] SEQUENCE {
* entry DistinguishedName,
* ava SEQUENCE {
* type AttributeType,
* value AttributeValue
* }
* }
*/
if ( ber_scanf( op->o_ber, "{m" /*}*/, &dn ) == LBER_ERROR ) {
Debug( LDAP_DEBUG_ANY, "%s do_compare: ber_scanf failed\n",
op->o_log_prefix, 0, 0 );
send_ldap_discon( op, rs, LDAP_PROTOCOL_ERROR, "decoding error" );
return SLAPD_DISCONNECT;
}
if ( ber_scanf( op->o_ber, "{mm}", &desc, &value ) == LBER_ERROR ) {
Debug( LDAP_DEBUG_ANY, "%s do_compare: get ava failed\n",
op->o_log_prefix, 0, 0 );
send_ldap_discon( op, rs, LDAP_PROTOCOL_ERROR, "decoding error" );
return SLAPD_DISCONNECT;
}
if ( ber_scanf( op->o_ber, /*{*/ "}" ) == LBER_ERROR ) {
Debug( LDAP_DEBUG_ANY, "%s do_compare: ber_scanf failed\n",
op->o_log_prefix, 0, 0 );
send_ldap_discon( op, rs, LDAP_PROTOCOL_ERROR, "decoding error" );
return SLAPD_DISCONNECT;
}
if( get_ctrls( op, rs, 1 ) != LDAP_SUCCESS ) {
Debug( LDAP_DEBUG_ANY, "%s do_compare: get_ctrls failed\n",
op->o_log_prefix, 0, 0 );
goto cleanup;
}
rs->sr_err = dnPrettyNormal( NULL, &dn, &op->o_req_dn, &op->o_req_ndn,
op->o_tmpmemctx );
if( rs->sr_err != LDAP_SUCCESS ) {
Debug( LDAP_DEBUG_ANY, "%s do_compare: invalid dn (%s)\n",
op->o_log_prefix, dn.bv_val, 0 );
send_ldap_error( op, rs, LDAP_INVALID_DN_SYNTAX, "invalid DN" );
goto cleanup;
}
Statslog( LDAP_DEBUG_STATS,
"%s CMP dn=\"%s\" attr=\"%s\"\n",
op->o_log_prefix, op->o_req_dn.bv_val,
desc.bv_val, 0, 0 );
rs->sr_err = slap_bv2ad( &desc, &ava.aa_desc, &rs->sr_text );
if( rs->sr_err != LDAP_SUCCESS ) {
rs->sr_err = slap_bv2undef_ad( &desc, &ava.aa_desc,
&rs->sr_text,
SLAP_AD_PROXIED|SLAP_AD_NOINSERT );
if( rs->sr_err != LDAP_SUCCESS ) {
send_ldap_result( op, rs );
goto cleanup;
}
}
rs->sr_err = asserted_value_validate_normalize( ava.aa_desc,
ava.aa_desc->ad_type->sat_equality,
SLAP_MR_EQUALITY|SLAP_MR_VALUE_OF_ASSERTION_SYNTAX,
&value, &ava.aa_value, &rs->sr_text, op->o_tmpmemctx );
if( rs->sr_err != LDAP_SUCCESS ) {
send_ldap_result( op, rs );
goto cleanup;
}
op->orc_ava = &ava;
Debug( LDAP_DEBUG_ARGS,
"do_compare: dn (%s) attr (%s) value (%s)\n",
op->o_req_dn.bv_val,
ava.aa_desc->ad_cname.bv_val, ava.aa_value.bv_val );
op->o_bd = frontendDB;
rs->sr_err = frontendDB->be_compare( op, rs );
cleanup:;
op->o_tmpfree( op->o_req_dn.bv_val, op->o_tmpmemctx );
op->o_tmpfree( op->o_req_ndn.bv_val, op->o_tmpmemctx );
if ( !BER_BVISNULL( &ava.aa_value ) ) {
op->o_tmpfree( ava.aa_value.bv_val, op->o_tmpmemctx );
}
return rs->sr_err;
}
int entry_decode(EntryHeader *eh, Entry **e)
#endif
{
int i, j, nattrs, nvals ALLOW_UNUSED;
int rc;
Attribute *a;
Entry *x;
const char *text;
AttributeDescription *ad;
unsigned char *ptr = (unsigned char *)eh->bv.bv_val;
BerVarray bptr;
nattrs = eh->nattrs;
nvals = eh->nvals;
x = entry_alloc();
x->e_attrs = attrs_alloc( nattrs );
ptr = (unsigned char *)eh->data;
i = entry_getlen(&ptr);
x->e_name.bv_val = (char *) ptr;
x->e_name.bv_len = i;
ptr += i+1;
i = entry_getlen(&ptr);
x->e_nname.bv_val = (char *) ptr;
x->e_nname.bv_len = i;
ptr += i+1;
Debug( LDAP_DEBUG_TRACE,
"entry_decode: \"%s\"\n",
x->e_dn );
x->e_bv = eh->bv;
a = x->e_attrs;
bptr = (BerVarray)eh->bv.bv_val;
while ((i = entry_getlen(&ptr))) {
struct berval bv;
bv.bv_len = i;
bv.bv_val = (char *) ptr;
ad = NULL;
rc = slap_bv2ad( &bv, &ad, &text );
if( rc != LDAP_SUCCESS ) {
Debug( LDAP_DEBUG_TRACE,
"<= entry_decode: str2ad(%s): %s\n", ptr, text );
rc = slap_bv2undef_ad( &bv, &ad, &text, 0 );
if( rc != LDAP_SUCCESS ) {
Debug( LDAP_DEBUG_ANY,
"<= entry_decode: slap_str2undef_ad(%s): %s\n",
ptr, text );
return rc;
}
}
ptr += i + 1;
a->a_desc = ad;
a->a_flags = SLAP_ATTR_DONT_FREE_DATA | SLAP_ATTR_DONT_FREE_VALS;
j = entry_getlen(&ptr);
a->a_numvals = j;
a->a_vals = bptr;
while (j) {
i = entry_getlen(&ptr);
bptr->bv_len = i;
bptr->bv_val = (char *)ptr;
ptr += i+1;
bptr++;
j--;
}
bptr->bv_val = NULL;
bptr->bv_len = 0;
bptr++;
j = entry_getlen(&ptr);
if (j) {
a->a_nvals = bptr;
while (j) {
i = entry_getlen(&ptr);
bptr->bv_len = i;
bptr->bv_val = (char *)ptr;
ptr += i+1;
bptr++;
j--;
}
bptr->bv_val = NULL;
bptr->bv_len = 0;
bptr++;
} else {
a->a_nvals = a->a_vals;
}
/* FIXME: This is redundant once a sorted entry is saved into the DB */
if ( a->a_desc->ad_type->sat_flags & SLAP_AT_SORTED_VAL ) {
rc = slap_sort_vals( (Modifications *)a, &text, &j, NULL );
if ( rc == LDAP_SUCCESS ) {
a->a_flags |= SLAP_ATTR_SORTED_VALS;
} else if ( rc == LDAP_TYPE_OR_VALUE_EXISTS ) {
/* should never happen */
Debug( LDAP_DEBUG_ANY,
"entry_decode: attributeType %s value #%d provided more than once\n",
a->a_desc->ad_cname.bv_val, j );
return rc;
}
}
a = a->a_next;
nattrs--;
if ( !nattrs )
break;
}
Debug(LDAP_DEBUG_TRACE, "<= entry_decode(%s)\n",
x->e_dn );
*e = x;
return 0;
}
Entry *
str2entry2( char *s, int checkvals )
{
int rc;
Entry *e;
struct berval *type, *vals, *nvals;
char *freeval;
AttributeDescription *ad, *ad_prev;
const char *text;
char *next;
int attr_cnt;
int i, lines;
Attribute ahead, *atail;
/*
* LDIF is used as the string format.
* An entry looks like this:
*
* dn: <dn>\n
* [<attr>:[:] <value>\n]
* [<tab><continuedvalue>\n]*
* ...
*
* If a double colon is used after a type, it means the
* following value is encoded as a base 64 string. This
* happens if the value contains a non-printing character
* or newline.
*/
Debug( LDAP_DEBUG_TRACE, "=> str2entry: \"%s\"\n",
s ? s : "NULL" );
e = entry_alloc();
if( e == NULL ) {
Debug( LDAP_DEBUG_ANY,
"<= str2entry NULL (entry allocation failed)\n" );
return( NULL );
}
/* initialize entry */
e->e_id = NOID;
/* dn + attributes */
atail = &ahead;
ahead.a_next = NULL;
ad = NULL;
ad_prev = NULL;
attr_cnt = 0;
next = s;
lines = ldif_countlines( s );
type = ch_calloc( 1, (lines+1)*3*sizeof(struct berval)+lines );
vals = type+lines+1;
nvals = vals+lines+1;
freeval = (char *)(nvals+lines+1);
i = -1;
/* parse into individual values, record DN */
while ( (s = ldif_getline( &next )) != NULL ) {
int freev;
if ( *s == '\n' || *s == '\0' ) {
break;
}
i++;
if (i >= lines) {
Debug( LDAP_DEBUG_TRACE,
"<= str2entry ran past end of entry\n" );
goto fail;
}
rc = ldif_parse_line2( s, type+i, vals+i, &freev );
freeval[i] = freev;
if ( rc ) {
Debug( LDAP_DEBUG_TRACE,
"<= str2entry NULL (parse_line)\n" );
continue;
}
if ( bvcasematch( &type[i], &dn_bv ) ) {
if ( e->e_dn != NULL ) {
Debug( LDAP_DEBUG_ANY, "str2entry: "
"entry %ld has multiple DNs \"%s\" and \"%s\"\n",
(long) e->e_id, e->e_dn, vals[i].bv_val );
goto fail;
}
rc = dnPrettyNormal( NULL, &vals[i], &e->e_name, &e->e_nname, NULL );
if( rc != LDAP_SUCCESS ) {
Debug( LDAP_DEBUG_ANY, "str2entry: "
"entry %ld has invalid DN \"%s\"\n",
(long) e->e_id, vals[i].bv_val );
goto fail;
}
if ( freeval[i] ) free( vals[i].bv_val );
vals[i].bv_val = NULL;
i--;
continue;
}
}
lines = i+1;
/* check to make sure there was a dn: line */
if ( BER_BVISNULL( &e->e_name )) {
Debug( LDAP_DEBUG_ANY, "str2entry: entry %ld has no dn\n",
(long) e->e_id );
goto fail;
}
/* Make sure all attributes with multiple values are contiguous */
if ( checkvals ) {
int j, k;
struct berval bv;
int fv;
for (i=0; i<lines; i++) {
for ( j=i+1; j<lines; j++ ) {
if ( bvcasematch( type+i, type+j )) {
/* out of order, move intervening attributes down */
if ( j != i+1 ) {
bv = vals[j];
fv = freeval[j];
for ( k=j; k>i; k-- ) {
type[k] = type[k-1];
vals[k] = vals[k-1];
freeval[k] = freeval[k-1];
}
k++;
type[k] = type[i];
vals[k] = bv;
freeval[k] = fv;
}
i++;
}
}
}
}
if ( lines > 0 ) {
for ( i=0; i<=lines; i++ ) {
ad_prev = ad;
if ( !ad || ( i<lines && !bvcasematch( type+i, &ad->ad_cname ))) {
ad = NULL;
rc = slap_bv2ad( type+i, &ad, &text );
if( rc != LDAP_SUCCESS ) {
int wtool = ( slapMode & (SLAP_TOOL_MODE|SLAP_TOOL_READONLY) ) == SLAP_TOOL_MODE;
Debug( wtool ? LDAP_DEBUG_ANY : LDAP_DEBUG_TRACE,
"<= str2entry: str2ad(%s): %s\n", type[i].bv_val, text );
if( wtool ) {
goto fail;
}
rc = slap_bv2undef_ad( type+i, &ad, &text, 0 );
if( rc != LDAP_SUCCESS ) {
Debug( LDAP_DEBUG_ANY,
"<= str2entry: slap_str2undef_ad(%s): %s\n",
type[i].bv_val, text );
goto fail;
}
}
/* require ';binary' when appropriate (ITS#5071) */
if ( slap_syntax_is_binary( ad->ad_type->sat_syntax ) && !slap_ad_is_binary( ad ) ) {
Debug( LDAP_DEBUG_ANY,
"str2entry: attributeType %s #%d: "
"needs ';binary' transfer as per syntax %s\n",
ad->ad_cname.bv_val, 0,
ad->ad_type->sat_syntax->ssyn_oid );
goto fail;
}
}
if (( ad_prev && ad != ad_prev ) || ( i == lines )) {
int j, k;
atail->a_next = attr_alloc( NULL );
atail = atail->a_next;
atail->a_flags = 0;
atail->a_numvals = attr_cnt;
atail->a_desc = ad_prev;
atail->a_vals = ch_malloc( (attr_cnt + 1) * sizeof(struct berval));
if( ad_prev->ad_type->sat_equality &&
ad_prev->ad_type->sat_equality->smr_normalize )
atail->a_nvals = ch_malloc( (attr_cnt + 1) * sizeof(struct berval));
else
atail->a_nvals = NULL;
k = i - attr_cnt;
for ( j=0; j<attr_cnt; j++ ) {
if ( freeval[k] )
atail->a_vals[j] = vals[k];
else
ber_dupbv( atail->a_vals+j, &vals[k] );
vals[k].bv_val = NULL;
if ( atail->a_nvals ) {
atail->a_nvals[j] = nvals[k];
nvals[k].bv_val = NULL;
}
k++;
}
BER_BVZERO( &atail->a_vals[j] );
if ( atail->a_nvals ) {
BER_BVZERO( &atail->a_nvals[j] );
} else {
atail->a_nvals = atail->a_vals;
}
attr_cnt = 0;
/* FIXME: we only need this when migrating from an unsorted DB */
if ( atail->a_desc->ad_type->sat_flags & SLAP_AT_SORTED_VAL ) {
rc = slap_sort_vals( (Modifications *)atail, &text, &j, NULL );
if ( rc == LDAP_SUCCESS ) {
atail->a_flags |= SLAP_ATTR_SORTED_VALS;
} else if ( rc == LDAP_TYPE_OR_VALUE_EXISTS ) {
Debug( LDAP_DEBUG_ANY,
"str2entry: attributeType %s value #%d provided more than once\n",
atail->a_desc->ad_cname.bv_val, j );
goto fail;
}
}
if ( i == lines ) break;
}
if ( BER_BVISNULL( &vals[i] ) ) {
Debug( LDAP_DEBUG_ANY,
"str2entry: attributeType %s #%d: "
"no value\n",
ad->ad_cname.bv_val, attr_cnt );
goto fail;
}
if ( ad->ad_type->sat_equality &&
ad->ad_type->sat_equality->smr_normalize )
{
rc = ordered_value_normalize(
SLAP_MR_VALUE_OF_ATTRIBUTE_SYNTAX,
ad,
ad->ad_type->sat_equality,
&vals[i], &nvals[i], NULL );
if ( rc ) {
Debug( LDAP_DEBUG_ANY,
"<= str2entry NULL (smr_normalize %s %d)\n", ad->ad_cname.bv_val, rc );
goto fail;
}
}
attr_cnt++;
}
}
free( type );
atail->a_next = NULL;
e->e_attrs = ahead.a_next;
Debug(LDAP_DEBUG_TRACE, "<= str2entry(%s) -> 0x%lx\n",
e->e_dn, (unsigned long) e );
return( e );
fail:
for ( i=0; i<lines; i++ ) {
if ( freeval[i] ) free( vals[i].bv_val );
free( nvals[i].bv_val );
}
free( type );
entry_free( e );
return NULL;
}
int
get_mra(
Operation *op,
BerElement *ber,
Filter *f,
const char **text )
{
int rc;
ber_tag_t tag, rtag;
ber_len_t length;
struct berval type = BER_BVNULL;
struct berval value = BER_BVNULL;
struct berval rule_text = BER_BVNULL;
MatchingRuleAssertion ma = { 0 };
#ifdef LDAP_COMP_MATCH
AttributeAliasing* aa = NULL;
#endif
rtag = ber_scanf( ber, "{t" /*"}"*/, &tag );
if( rtag == LBER_ERROR ) {
Debug( LDAP_DEBUG_ANY, " get_mra ber_scanf\n", 0, 0, 0 );
*text = "Error parsing matching rule assertion";
return SLAPD_DISCONNECT;
}
if ( tag == LDAP_FILTER_EXT_OID ) {
rtag = ber_scanf( ber, "m", &rule_text );
if ( rtag == LBER_ERROR ) {
Debug( LDAP_DEBUG_ANY, " get_mra ber_scanf for mr\n", 0, 0, 0 );
*text = "Error parsing matching rule in matching rule assertion";
return SLAPD_DISCONNECT;
}
rtag = ber_scanf( ber, "t", &tag );
if( rtag == LBER_ERROR ) {
Debug( LDAP_DEBUG_ANY, " get_mra ber_scanf\n", 0, 0, 0 );
*text = "Error parsing matching rule assertion";
return SLAPD_DISCONNECT;
}
}
if ( tag == LDAP_FILTER_EXT_TYPE ) {
rtag = ber_scanf( ber, "m", &type );
if ( rtag == LBER_ERROR ) {
Debug( LDAP_DEBUG_ANY, " get_mra ber_scanf for ad\n", 0, 0, 0 );
*text = "Error parsing attribute description in matching rule assertion";
return SLAPD_DISCONNECT;
}
rtag = ber_scanf( ber, "t", &tag );
if( rtag == LBER_ERROR ) {
Debug( LDAP_DEBUG_ANY, " get_mra ber_scanf\n", 0, 0, 0 );
*text = "Error parsing matching rule assertion";
return SLAPD_DISCONNECT;
}
}
if ( tag != LDAP_FILTER_EXT_VALUE ) {
Debug( LDAP_DEBUG_ANY, " get_mra ber_scanf missing value\n", 0, 0, 0 );
*text = "Missing value in matching rule assertion";
return SLAPD_DISCONNECT;
}
rtag = ber_scanf( ber, "m", &value );
if( rtag == LBER_ERROR ) {
Debug( LDAP_DEBUG_ANY, " get_mra ber_scanf\n", 0, 0, 0 );
*text = "Error decoding value in matching rule assertion";
return SLAPD_DISCONNECT;
}
tag = ber_peek_tag( ber, &length );
if ( tag == LDAP_FILTER_EXT_DNATTRS ) {
rtag = ber_scanf( ber, /*"{"*/ "b}", &ma.ma_dnattrs );
} else {
rtag = ber_scanf( ber, /*"{"*/ "}" );
}
if( rtag == LBER_ERROR ) {
Debug( LDAP_DEBUG_ANY, " get_mra ber_scanf\n", 0, 0, 0 );
*text = "Error decoding dnattrs matching rule assertion";
return SLAPD_DISCONNECT;
}
if( type.bv_val != NULL ) {
rc = slap_bv2ad( &type, &ma.ma_desc, text );
if( rc != LDAP_SUCCESS ) {
f->f_choice |= SLAPD_FILTER_UNDEFINED;
rc = slap_bv2undef_ad( &type, &ma.ma_desc, text,
SLAP_AD_PROXIED|SLAP_AD_NOINSERT );
if( rc != LDAP_SUCCESS ) {
ma.ma_desc = slap_bv2tmp_ad( &type, op->o_tmpmemctx );
rc = LDAP_SUCCESS;
}
}
}
if( rule_text.bv_val != NULL ) {
ma.ma_rule = mr_bvfind( &rule_text );
if( ma.ma_rule == NULL ) {
*text = "matching rule not recognized";
return LDAP_INAPPROPRIATE_MATCHING;
}
}
if ( ma.ma_rule == NULL ) {
/*
* Need either type or rule ...
*/
if ( ma.ma_desc == NULL ) {
*text = "no matching rule or type";
return LDAP_INAPPROPRIATE_MATCHING;
}
if ( ma.ma_desc->ad_type->sat_equality != NULL &&
ma.ma_desc->ad_type->sat_equality->smr_usage & SLAP_MR_EXT )
{
/* no matching rule was provided, use the attribute's
equality rule if it supports extensible matching. */
ma.ma_rule = ma.ma_desc->ad_type->sat_equality;
} else {
*text = "no appropriate rule to use for type";
return LDAP_INAPPROPRIATE_MATCHING;
}
}
if ( ma.ma_desc != NULL ) {
if( !mr_usable_with_at( ma.ma_rule, ma.ma_desc->ad_type ) ) {
*text = "matching rule use with this attribute not appropriate";
return LDAP_INAPPROPRIATE_MATCHING;
}
}
/*
* Normalize per matching rule
*/
rc = asserted_value_validate_normalize( ma.ma_desc,
ma.ma_rule,
SLAP_MR_EXT|SLAP_MR_VALUE_OF_ASSERTION_SYNTAX,
&value, &ma.ma_value, text, op->o_tmpmemctx );
if( rc != LDAP_SUCCESS ) return rc;
#ifdef LDAP_COMP_MATCH
/* Check If this attribute is aliased */
if ( is_aliased_attribute && ma.ma_desc && ( aa = is_aliased_attribute ( ma.ma_desc ) ) ) {
rc = get_aliased_filter ( op, &ma, aa, text );
if ( rc != LDAP_SUCCESS ) return rc;
}
else if ( ma.ma_rule && ma.ma_rule->smr_usage & SLAP_MR_COMPONENT ) {
/* Matching Rule for Component Matching */
rc = get_comp_filter( op, &ma.ma_value, &ma.ma_cf, text );
if ( rc != LDAP_SUCCESS ) return rc;
}
#endif
length = sizeof(ma);
/* Append rule_text to end of struct */
if (rule_text.bv_val) length += rule_text.bv_len + 1;
f->f_mra = op->o_tmpalloc( length, op->o_tmpmemctx );
*f->f_mra = ma;
if (rule_text.bv_val) {
f->f_mra->ma_rule_text.bv_len = rule_text.bv_len;
f->f_mra->ma_rule_text.bv_val = (char *)(f->f_mra+1);
AC_MEMCPY(f->f_mra->ma_rule_text.bv_val, rule_text.bv_val,
rule_text.bv_len+1);
}
return LDAP_SUCCESS;
}
int ad_inlist(
AttributeDescription *desc,
AttributeName *attrs )
{
if (! attrs ) return 0;
for( ; attrs->an_name.bv_val; attrs++ ) {
AttributeType *a;
ObjectClass *oc;
if ( attrs->an_desc ) {
int lr;
if ( desc == attrs->an_desc ) {
return 1;
}
/*
* EXTENSION: if requested description is preceeded by
* a '-' character, do not match on subtypes.
*/
if ( attrs->an_name.bv_val[0] == '-' ) {
continue;
}
/* Is this a subtype of the requested attr? */
for (a = desc->ad_type; a; a=a->sat_sup) {
if ( a == attrs->an_desc->ad_type )
break;
}
if ( !a ) {
continue;
}
/* Does desc support all the requested flags? */
lr = desc->ad_tags.bv_len ? SLAP_DESC_TAG_RANGE : 0;
if(( attrs->an_desc->ad_flags & (desc->ad_flags | lr))
!= attrs->an_desc->ad_flags ) {
continue;
}
/* Do the descs have compatible tags? */
if ( attrs->an_desc->ad_tags.bv_len == 0 ) {
return 1;
}
if ( desc->ad_tags.bv_len == 0) {
continue;
}
if ( is_ad_subtags( &desc->ad_tags,
&attrs->an_desc->ad_tags ) ) {
return 1;
}
continue;
}
if ( ber_bvccmp( &attrs->an_name, '*' ) ) {
if ( !is_at_operational( desc->ad_type ) ) {
return 1;
}
continue;
}
if ( ber_bvccmp( &attrs->an_name, '+' ) ) {
if ( is_at_operational( desc->ad_type ) ) {
return 1;
}
continue;
}
/*
* EXTENSION: see if requested description is @objectClass
* if so, return attributes which the class requires/allows
* else if requested description is !objectClass, return
* attributes which the class does not require/allow
*/
if ( !( attrs->an_flags & SLAP_AN_OCINITED )) {
if( attrs->an_name.bv_val ) {
switch( attrs->an_name.bv_val[0] ) {
case '@': /* @objectClass */
case '+': /* +objectClass (deprecated) */
case '!': { /* exclude */
struct berval ocname;
ocname.bv_len = attrs->an_name.bv_len - 1;
ocname.bv_val = &attrs->an_name.bv_val[1];
oc = oc_bvfind( &ocname );
if ( oc && attrs->an_name.bv_val[0] == '!' ) {
attrs->an_flags |= SLAP_AN_OCEXCLUDE;
} else {
attrs->an_flags &= ~SLAP_AN_OCEXCLUDE;
}
} break;
default: /* old (deprecated) way */
oc = oc_bvfind( &attrs->an_name );
}
attrs->an_oc = oc;
}
attrs->an_flags |= SLAP_AN_OCINITED;
}
oc = attrs->an_oc;
if( oc != NULL ) {
if ( attrs->an_flags & SLAP_AN_OCEXCLUDE ) {
if ( oc == slap_schema.si_oc_extensibleObject ) {
/* extensibleObject allows the return of anything */
return 0;
}
if( oc->soc_required ) {
/* allow return of required attributes */
int i;
for ( i = 0; oc->soc_required[i] != NULL; i++ ) {
for (a = desc->ad_type; a; a=a->sat_sup) {
if ( a == oc->soc_required[i] ) {
return 0;
}
}
}
}
if( oc->soc_allowed ) {
/* allow return of allowed attributes */
int i;
for ( i = 0; oc->soc_allowed[i] != NULL; i++ ) {
for (a = desc->ad_type; a; a=a->sat_sup) {
if ( a == oc->soc_allowed[i] ) {
return 0;
}
}
}
}
return 1;
}
if ( oc == slap_schema.si_oc_extensibleObject ) {
/* extensibleObject allows the return of anything */
return 1;
}
if( oc->soc_required ) {
/* allow return of required attributes */
int i;
for ( i = 0; oc->soc_required[i] != NULL; i++ ) {
for (a = desc->ad_type; a; a=a->sat_sup) {
if ( a == oc->soc_required[i] ) {
return 1;
}
}
}
}
if( oc->soc_allowed ) {
/* allow return of allowed attributes */
int i;
for ( i = 0; oc->soc_allowed[i] != NULL; i++ ) {
for (a = desc->ad_type; a; a=a->sat_sup) {
if ( a == oc->soc_allowed[i] ) {
return 1;
}
}
}
}
} else {
const char *text;
/* give it a chance of being retrieved by a proxy... */
(void)slap_bv2undef_ad( &attrs->an_name,
&attrs->an_desc, &text,
SLAP_AD_PROXIED|SLAP_AD_NOINSERT );
}
}
return 0;
}
static int
ldap_build_entry(
Operation *op,
LDAPMessage *e,
Entry *ent,
struct berval *bdn )
{
struct berval a;
BerElement ber = *ldap_get_message_ber( e );
Attribute *attr, **attrp;
const char *text;
int last;
char *lastb;
ber_len_t len;
/* safe assumptions ... */
assert( ent != NULL );
BER_BVZERO( &ent->e_bv );
if ( ber_scanf( &ber, "{m", bdn ) == LBER_ERROR ) {
return LDAP_DECODING_ERROR;
}
/*
* Note: this may fail if the target host(s) schema differs
* from the one known to the meta, and a DN with unknown
* attributes is returned.
*
* FIXME: should we log anything, or delegate to dnNormalize?
*/
/* Note: if the distinguished values or the naming attributes
* change, should we massage them as well?
*/
if ( dnPrettyNormal( NULL, bdn, &ent->e_name, &ent->e_nname,
op->o_tmpmemctx ) != LDAP_SUCCESS )
{
return LDAP_INVALID_DN_SYNTAX;
}
ent->e_attrs = NULL;
if ( ber_first_element( &ber, &len, &lastb ) != LBER_SEQUENCE ) {
return LDAP_SUCCESS;
}
attrp = &ent->e_attrs;
while ( ber_next_element( &ber, &len, lastb ) == LBER_SEQUENCE &&
ber_scanf( &ber, "{m", &a ) != LBER_ERROR ) {
int i;
slap_syntax_validate_func *validate;
slap_syntax_transform_func *pretty;
attr = attr_alloc( NULL );
if ( attr == NULL ) {
return LDAP_OTHER;
}
if ( slap_bv2ad( &a, &attr->a_desc, &text )
!= LDAP_SUCCESS )
{
if ( slap_bv2undef_ad( &a, &attr->a_desc, &text,
SLAP_AD_PROXIED ) != LDAP_SUCCESS )
{
Debug( LDAP_DEBUG_ANY,
"%s ldap_build_entry: "
"slap_bv2undef_ad(%s): %s\n",
op->o_log_prefix, a.bv_val, text );
( void )ber_scanf( &ber, "x" /* [W] */ );
attr_free( attr );
continue;
}
}
/* no subschemaSubentry */
if ( attr->a_desc == slap_schema.si_ad_subschemaSubentry
|| attr->a_desc == slap_schema.si_ad_entryDN )
{
/*
* We eat target's subschemaSubentry because
* a search for this value is likely not
* to resolve to the appropriate backend;
* later, the local subschemaSubentry is
* added.
*
* We also eat entryDN because the frontend
* will reattach it without checking if already
* present...
*/
( void )ber_scanf( &ber, "x" /* [W] */ );
attr_free( attr );
continue;
}
if ( ber_scanf( &ber, "[W]", &attr->a_vals ) == LBER_ERROR
|| attr->a_vals == NULL )
{
/*
* Note: attr->a_vals can be null when using
* values result filter
*/
attr->a_vals = (struct berval *)&slap_dummy_bv;
}
validate = attr->a_desc->ad_type->sat_syntax->ssyn_validate;
pretty = attr->a_desc->ad_type->sat_syntax->ssyn_pretty;
if ( !validate && !pretty ) {
attr->a_nvals = NULL;
attr_free( attr );
goto next_attr;
}
for ( i = 0; !BER_BVISNULL( &attr->a_vals[i] ); i++ ) ;
last = i;
/*
* check that each value is valid per syntax
* and pretty if appropriate
*/
for ( i = 0; i<last; i++ ) {
struct berval pval;
int rc;
if ( pretty ) {
rc = ordered_value_pretty( attr->a_desc,
&attr->a_vals[i], &pval, NULL );
} else {
rc = ordered_value_validate( attr->a_desc,
&attr->a_vals[i], 0 );
}
if ( rc != LDAP_SUCCESS ) {
ObjectClass *oc;
/* check if, by chance, it's an undefined objectClass */
if ( attr->a_desc == slap_schema.si_ad_objectClass &&
( oc = oc_bvfind_undef( &attr->a_vals[i] ) ) != NULL )
{
ber_dupbv( &pval, &oc->soc_cname );
rc = LDAP_SUCCESS;
} else {
ber_memfree( attr->a_vals[i].bv_val );
if ( --last == i ) {
BER_BVZERO( &attr->a_vals[i] );
break;
}
attr->a_vals[i] = attr->a_vals[last];
BER_BVZERO( &attr->a_vals[last] );
i--;
}
}
if ( rc == LDAP_SUCCESS && pretty ) {
ber_memfree( attr->a_vals[i].bv_val );
attr->a_vals[i] = pval;
}
}
attr->a_numvals = last = i;
if ( last == 0 && attr->a_vals != &slap_dummy_bv ) {
attr->a_nvals = NULL;
attr_free( attr );
goto next_attr;
}
if ( last && attr->a_desc->ad_type->sat_equality &&
attr->a_desc->ad_type->sat_equality->smr_normalize )
{
attr->a_nvals = ch_malloc( ( last + 1 )*sizeof( struct berval ) );
for ( i = 0; i < last; i++ ) {
int rc;
rc = ordered_value_normalize(
SLAP_MR_VALUE_OF_ATTRIBUTE_SYNTAX,
attr->a_desc,
attr->a_desc->ad_type->sat_equality,
&attr->a_vals[i], &attr->a_nvals[i],
NULL );
if ( rc != LDAP_SUCCESS ) {
ber_memfree( attr->a_vals[i].bv_val );
if ( --last == i ) {
BER_BVZERO( &attr->a_vals[i] );
break;
}
attr->a_vals[i] = attr->a_vals[last];
BER_BVZERO( &attr->a_vals[last] );
i--;
}
}
BER_BVZERO( &attr->a_nvals[i] );
if ( last == 0 ) {
attr_free( attr );
goto next_attr;
}
} else {
attr->a_nvals = attr->a_vals;
}
attr->a_numvals = last;
/* Handle sorted vals, strip dups but keep the attr */
if ( attr->a_desc->ad_type->sat_flags & SLAP_AT_SORTED_VAL ) {
while ( attr->a_numvals > 1 ) {
int rc = slap_sort_vals( (Modifications *)attr, &text, &i, op->o_tmpmemctx );
if ( rc != LDAP_TYPE_OR_VALUE_EXISTS )
break;
/* Strip duplicate values */
if ( attr->a_nvals != attr->a_vals )
ber_memfree( attr->a_nvals[i].bv_val );
ber_memfree( attr->a_vals[i].bv_val );
attr->a_numvals--;
assert( i >= 0 );
if ( (unsigned)i < attr->a_numvals ) {
attr->a_vals[i] = attr->a_vals[attr->a_numvals];
if ( attr->a_nvals != attr->a_vals )
attr->a_nvals[i] = attr->a_nvals[attr->a_numvals];
}
BER_BVZERO(&attr->a_vals[attr->a_numvals]);
if ( attr->a_nvals != attr->a_vals )
BER_BVZERO(&attr->a_nvals[attr->a_numvals]);
}
attr->a_flags |= SLAP_ATTR_SORTED_VALS;
}
*attrp = attr;
attrp = &attr->a_next;
next_attr:;
}
return LDAP_SUCCESS;
}
int
get_ava(
Operation *op,
BerElement *ber,
Filter *f,
unsigned usage,
const char **text )
{
int rc;
ber_tag_t rtag;
struct berval type, value;
AttributeAssertion *aa;
#ifdef LDAP_COMP_MATCH
AttributeAliasing* a_alias = NULL;
#endif
rtag = ber_scanf( ber, "{mm}", &type, &value );
if( rtag == LBER_ERROR ) {
Debug( LDAP_DEBUG_ANY, " get_ava ber_scanf\n", 0, 0, 0 );
*text = "Error decoding attribute value assertion";
return SLAPD_DISCONNECT;
}
aa = op->o_tmpalloc( sizeof( AttributeAssertion ), op->o_tmpmemctx );
aa->aa_desc = NULL;
aa->aa_value.bv_val = NULL;
#ifdef LDAP_COMP_MATCH
aa->aa_cf = NULL;
#endif
rc = slap_bv2ad( &type, &aa->aa_desc, text );
if( rc != LDAP_SUCCESS ) {
f->f_choice |= SLAPD_FILTER_UNDEFINED;
*text = NULL;
rc = slap_bv2undef_ad( &type, &aa->aa_desc, text,
SLAP_AD_PROXIED|SLAP_AD_NOINSERT );
if( rc != LDAP_SUCCESS ) {
Debug( LDAP_DEBUG_FILTER,
"get_ava: unknown attributeType %s\n", type.bv_val, 0, 0 );
aa->aa_desc = slap_bv2tmp_ad( &type, op->o_tmpmemctx );
ber_dupbv_x( &aa->aa_value, &value, op->o_tmpmemctx );
f->f_ava = aa;
return LDAP_SUCCESS;
}
}
rc = asserted_value_validate_normalize(
aa->aa_desc, ad_mr(aa->aa_desc, usage),
usage, &value, &aa->aa_value, text, op->o_tmpmemctx );
if( rc != LDAP_SUCCESS ) {
f->f_choice |= SLAPD_FILTER_UNDEFINED;
Debug( LDAP_DEBUG_FILTER,
"get_ava: illegal value for attributeType %s\n", type.bv_val, 0, 0 );
ber_dupbv_x( &aa->aa_value, &value, op->o_tmpmemctx );
*text = NULL;
rc = LDAP_SUCCESS;
}
#ifdef LDAP_COMP_MATCH
if( is_aliased_attribute ) {
a_alias = is_aliased_attribute ( aa->aa_desc );
if ( a_alias ) {
rc = get_aliased_filter_aa ( op, aa, a_alias, text );
if( rc != LDAP_SUCCESS ) {
Debug( LDAP_DEBUG_FILTER,
"get_ava: Invalid Attribute Aliasing\n", 0, 0, 0 );
return rc;
}
}
}
#endif
f->f_ava = aa;
return LDAP_SUCCESS;
}