slap_mask_t
slap_attr_flags( AttributeName *an )
{
slap_mask_t flags = SLAP_ATTRS_UNDEFINED;
if ( an == NULL ) {
flags |= ( SLAP_OPATTRS_NO | SLAP_USERATTRS_YES );
} else {
flags |= an_find( an, slap_bv_all_operational_attrs )
? SLAP_OPATTRS_YES : SLAP_OPATTRS_NO;
flags |= an_find( an, slap_bv_all_user_attrs )
? SLAP_USERATTRS_YES : SLAP_USERATTRS_NO;
}
return flags;
}
int
backsql_id2entry( backsql_srch_info *bsi, backsql_entryID *eid )
{
Operation *op = bsi->bsi_op;
backsql_info *bi = (backsql_info *)op->o_bd->be_private;
int i;
int rc;
Debug( LDAP_DEBUG_TRACE, "==>backsql_id2entry()\n", 0, 0, 0 );
assert( bsi->bsi_e != NULL );
memset( bsi->bsi_e, 0, sizeof( Entry ) );
if ( bi->sql_baseObject && BACKSQL_IS_BASEOBJECT_ID( &eid->eid_id ) ) {
Entry *e;
e = entry_dup( bi->sql_baseObject );
if ( e == NULL ) {
return LDAP_NO_MEMORY;
}
*bsi->bsi_e = *e;
free( e );
goto done;
}
ber_dupbv_x( &bsi->bsi_e->e_name, &eid->eid_dn, op->o_tmpmemctx );
ber_dupbv_x( &bsi->bsi_e->e_nname, &eid->eid_ndn, op->o_tmpmemctx );
bsi->bsi_e->e_attrs = NULL;
bsi->bsi_e->e_private = NULL;
if ( eid->eid_oc == NULL ) {
eid->eid_oc = backsql_id2oc( bsi->bsi_op->o_bd->be_private,
eid->eid_oc_id );
}
bsi->bsi_oc = eid->eid_oc;
bsi->bsi_c_eid = eid;
#ifndef BACKSQL_ARBITRARY_KEY
/* FIXME: unused */
bsi->bsi_e->e_id = eid->eid_id;
#endif /* ! BACKSQL_ARBITRARY_KEY */
rc = attr_merge_normalize_one( bsi->bsi_e,
slap_schema.si_ad_objectClass,
&bsi->bsi_oc->bom_oc->soc_cname,
bsi->bsi_op->o_tmpmemctx );
if ( rc != LDAP_SUCCESS ) {
backsql_entry_clean( op, bsi->bsi_e );
return rc;
}
if ( bsi->bsi_attrs == NULL || ( bsi->bsi_flags & BSQL_SF_ALL_USER ) )
{
Debug( LDAP_DEBUG_TRACE, "backsql_id2entry(): "
"retrieving all attributes\n", 0, 0, 0 );
avl_apply( bsi->bsi_oc->bom_attrs, backsql_get_attr_vals,
bsi, 0, AVL_INORDER );
} else {
Debug( LDAP_DEBUG_TRACE, "backsql_id2entry(): "
"custom attribute list\n", 0, 0, 0 );
for ( i = 0; !BER_BVISNULL( &bsi->bsi_attrs[ i ].an_name ); i++ ) {
backsql_at_map_rec **vat;
AttributeName *an = &bsi->bsi_attrs[ i ];
int j;
/* if one of the attributes listed here is
* a subtype of another, it must be ignored,
* because subtypes are already dealt with
* by backsql_supad2at()
*/
for ( j = 0; !BER_BVISNULL( &bsi->bsi_attrs[ j ].an_name ); j++ ) {
/* skip self */
if ( j == i ) {
continue;
}
/* skip subtypes */
if ( is_at_subtype( an->an_desc->ad_type,
bsi->bsi_attrs[ j ].an_desc->ad_type ) )
{
goto next;
}
}
rc = backsql_supad2at( bsi->bsi_oc, an->an_desc, &vat );
if ( rc != 0 || vat == NULL ) {
Debug( LDAP_DEBUG_TRACE, "backsql_id2entry(): "
"attribute \"%s\" is not defined "
"for objectlass \"%s\"\n",
an->an_name.bv_val,
BACKSQL_OC_NAME( bsi->bsi_oc ), 0 );
continue;
}
for ( j = 0; vat[j]; j++ ) {
backsql_get_attr_vals( vat[j], bsi );
}
ch_free( vat );
next:;
}
}
if ( bsi->bsi_flags & BSQL_SF_RETURN_ENTRYUUID ) {
Attribute *a_entryUUID,
**ap;
a_entryUUID = backsql_operational_entryUUID( bi, eid );
if ( a_entryUUID != NULL ) {
for ( ap = &bsi->bsi_e->e_attrs;
*ap;
ap = &(*ap)->a_next );
*ap = a_entryUUID;
}
}
if ( ( bsi->bsi_flags & BSQL_SF_ALL_OPER )
|| an_find( bsi->bsi_attrs, slap_bv_all_operational_attrs )
|| an_find( bsi->bsi_attrs, &slap_schema.si_ad_structuralObjectClass->ad_cname ) )
{
ObjectClass *soc = NULL;
if ( BACKSQL_CHECK_SCHEMA( bi ) ) {
Attribute *a;
const char *text = NULL;
char textbuf[ 1024 ];
size_t textlen = sizeof( textbuf );
struct berval bv[ 2 ],
*nvals;
int rc = LDAP_SUCCESS;
a = attr_find( bsi->bsi_e->e_attrs,
slap_schema.si_ad_objectClass );
if ( a != NULL ) {
nvals = a->a_nvals;
} else {
bv[ 0 ] = bsi->bsi_oc->bom_oc->soc_cname;
BER_BVZERO( &bv[ 1 ] );
nvals = bv;
}
rc = structural_class( nvals, &soc, NULL,
&text, textbuf, textlen, op->o_tmpmemctx );
if ( rc != LDAP_SUCCESS ) {
Debug( LDAP_DEBUG_TRACE, "backsql_id2entry(%s): "
"structural_class() failed %d (%s)\n",
bsi->bsi_e->e_name.bv_val,
rc, text ? text : "" );
backsql_entry_clean( op, bsi->bsi_e );
return rc;
}
if ( !bvmatch( &soc->soc_cname, &bsi->bsi_oc->bom_oc->soc_cname ) ) {
if ( !is_object_subclass( bsi->bsi_oc->bom_oc, soc ) ) {
Debug( LDAP_DEBUG_TRACE, "backsql_id2entry(%s): "
"computed structuralObjectClass %s "
"does not match objectClass %s associated "
"to entry\n",
bsi->bsi_e->e_name.bv_val, soc->soc_cname.bv_val,
bsi->bsi_oc->bom_oc->soc_cname.bv_val );
backsql_entry_clean( op, bsi->bsi_e );
return rc;
}
Debug( LDAP_DEBUG_TRACE, "backsql_id2entry(%s): "
"computed structuralObjectClass %s "
"is subclass of objectClass %s associated "
"to entry\n",
bsi->bsi_e->e_name.bv_val, soc->soc_cname.bv_val,
bsi->bsi_oc->bom_oc->soc_cname.bv_val );
}
} else {
soc = bsi->bsi_oc->bom_oc;
}
rc = attr_merge_normalize_one( bsi->bsi_e,
slap_schema.si_ad_structuralObjectClass,
&soc->soc_cname,
bsi->bsi_op->o_tmpmemctx );
if ( rc != LDAP_SUCCESS ) {
backsql_entry_clean( op, bsi->bsi_e );
return rc;
}
}
done:;
Debug( LDAP_DEBUG_TRACE, "<==backsql_id2entry()\n", 0, 0, 0 );
return LDAP_SUCCESS;
}
static int
dynlist_prepare_entry( Operation *op, SlapReply *rs, dynlist_info_t *dli )
{
Attribute *a, *id = NULL;
slap_callback cb;
Operation o = *op;
SlapReply r = { REP_SEARCH };
struct berval *url;
Entry *e;
slap_mask_t e_flags;
int opattrs,
userattrs;
dynlist_sc_t dlc = { 0 };
dynlist_map_t *dlm;
a = attrs_find( rs->sr_entry->e_attrs, dli->dli_ad );
if ( a == NULL ) {
/* FIXME: error? */
return SLAP_CB_CONTINUE;
}
#ifndef SLAP_OPATTRS
opattrs = ( rs->sr_attrs == NULL ) ? 0 : an_find( rs->sr_attrs, &AllOper );
userattrs = ( rs->sr_attrs == NULL ) ? 1 : an_find( rs->sr_attrs, &AllUser );
#else /* SLAP_OPATTRS */
opattrs = SLAP_OPATTRS( rs->sr_attr_flags );
userattrs = SLAP_USERATTRS( rs->sr_attr_flags );
#endif /* SLAP_OPATTRS */
/* Don't generate member list if it wasn't requested */
for ( dlm = dli->dli_dlm; dlm; dlm = dlm->dlm_next ) {
if ( userattrs ||
ad_inlist( dlm->dlm_member_ad, rs->sr_attrs ) )
break;
}
if ( dli->dli_dlm && !dlm )
return SLAP_CB_CONTINUE;
if ( ad_dgIdentity && ( id = attrs_find( rs->sr_entry->e_attrs, ad_dgIdentity ))) {
Attribute *authz = NULL;
/* if not rootdn and dgAuthz is present,
* check if user can be authorized as dgIdentity */
if ( ad_dgAuthz && !BER_BVISEMPTY( &id->a_nvals[0] ) && !be_isroot( op )
&& ( authz = attrs_find( rs->sr_entry->e_attrs, ad_dgAuthz ) ) )
{
if ( slap_sasl_matches( op, authz->a_nvals,
&o.o_ndn, &o.o_ndn ) != LDAP_SUCCESS )
{
return SLAP_CB_CONTINUE;
}
}
o.o_dn = id->a_vals[0];
o.o_ndn = id->a_nvals[0];
o.o_groups = NULL;
}
if ( !( rs->sr_flags & REP_ENTRY_MODIFIABLE ) ) {
e = entry_dup( rs->sr_entry );
} else {
e = rs->sr_entry;
}
e_flags = rs->sr_flags | ( REP_ENTRY_MODIFIABLE | REP_ENTRY_MUSTBEFREED );
dlc.dlc_e = e;
dlc.dlc_dli = dli;
cb.sc_private = &dlc;
cb.sc_response = dynlist_sc_update;
cb.sc_cleanup = NULL;
cb.sc_next = NULL;
o.o_callback = &cb;
o.ors_deref = LDAP_DEREF_NEVER;
o.ors_limit = NULL;
o.ors_tlimit = SLAP_NO_LIMIT;
o.ors_slimit = SLAP_NO_LIMIT;
for ( url = a->a_nvals; !BER_BVISNULL( url ); url++ ) {
LDAPURLDesc *lud = NULL;
int i, j;
struct berval dn;
int rc;
dynlist_map_t *dlm;
BER_BVZERO( &o.o_req_dn );
BER_BVZERO( &o.o_req_ndn );
o.ors_filter = NULL;
o.ors_attrs = NULL;
BER_BVZERO( &o.ors_filterstr );
if ( ldap_url_parse( url->bv_val, &lud ) != LDAP_URL_SUCCESS ) {
/* FIXME: error? */
continue;
}
if ( lud->lud_host != NULL ) {
/* FIXME: host not allowed; reject as illegal? */
Debug( LDAP_DEBUG_ANY, "dynlist_prepare_entry(\"%s\"): "
"illegal URI \"%s\"\n",
e->e_name.bv_val, url->bv_val, 0 );
goto cleanup;
}
if ( lud->lud_dn == NULL ) {
/* note that an empty base is not honored in terms
* of defaultSearchBase, because select_backend()
* is not aware of the defaultSearchBase option;
* this can be useful in case of a database serving
* the empty suffix */
BER_BVSTR( &dn, "" );
} else {
ber_str2bv( lud->lud_dn, 0, 0, &dn );
}
rc = dnPrettyNormal( NULL, &dn, &o.o_req_dn, &o.o_req_ndn, op->o_tmpmemctx );
if ( rc != LDAP_SUCCESS ) {
/* FIXME: error? */
goto cleanup;
}
o.ors_scope = lud->lud_scope;
for ( dlm = dli->dli_dlm; dlm; dlm = dlm->dlm_next ) {
if ( dlm->dlm_mapped_ad != NULL ) {
break;
}
}
if ( dli->dli_dlm && !dlm ) {
/* if ( lud->lud_attrs != NULL ),
* the URL should be ignored */
o.ors_attrs = slap_anlist_no_attrs;
} else if ( lud->lud_attrs == NULL ) {
o.ors_attrs = rs->sr_attrs;
} else {
for ( i = 0; lud->lud_attrs[i]; i++)
/* just count */ ;
o.ors_attrs = op->o_tmpcalloc( i + 1, sizeof( AttributeName ), op->o_tmpmemctx );
for ( i = 0, j = 0; lud->lud_attrs[i]; i++) {
const char *text = NULL;
ber_str2bv( lud->lud_attrs[i], 0, 0, &o.ors_attrs[j].an_name );
o.ors_attrs[j].an_desc = NULL;
(void)slap_bv2ad( &o.ors_attrs[j].an_name, &o.ors_attrs[j].an_desc, &text );
/* FIXME: ignore errors... */
if ( rs->sr_attrs == NULL ) {
if ( o.ors_attrs[j].an_desc != NULL &&
is_at_operational( o.ors_attrs[j].an_desc->ad_type ) )
{
continue;
}
} else {
if ( o.ors_attrs[j].an_desc != NULL &&
is_at_operational( o.ors_attrs[j].an_desc->ad_type ) )
{
if ( !opattrs && !ad_inlist( o.ors_attrs[j].an_desc, rs->sr_attrs ) )
{
continue;
}
} else {
if ( !userattrs &&
o.ors_attrs[j].an_desc != NULL &&
!ad_inlist( o.ors_attrs[j].an_desc, rs->sr_attrs ) )
{
continue;
}
}
}
j++;
}
if ( j == 0 ) {
goto cleanup;
}
BER_BVZERO( &o.ors_attrs[j].an_name );
}
if ( lud->lud_filter == NULL ) {
ber_dupbv_x( &o.ors_filterstr,
&dli->dli_default_filter, op->o_tmpmemctx );
} else {
struct berval flt;
ber_str2bv( lud->lud_filter, 0, 0, &flt );
if ( dynlist_make_filter( op, &flt, &o.ors_filterstr ) ) {
/* error */
goto cleanup;
}
}
o.ors_filter = str2filter_x( op, o.ors_filterstr.bv_val );
if ( o.ors_filter == NULL ) {
goto cleanup;
}
o.o_bd = select_backend( &o.o_req_ndn, 1 );
if ( o.o_bd && o.o_bd->be_search ) {
#ifdef SLAP_OPATTRS
r.sr_attr_flags = slap_attr_flags( o.ors_attrs );
#endif /* SLAP_OPATTRS */
(void)o.o_bd->be_search( &o, &r );
}
cleanup:;
if ( id ) {
slap_op_groups_free( &o );
}
if ( o.ors_filter ) {
filter_free_x( &o, o.ors_filter );
}
if ( o.ors_attrs && o.ors_attrs != rs->sr_attrs
&& o.ors_attrs != slap_anlist_no_attrs )
{
op->o_tmpfree( o.ors_attrs, op->o_tmpmemctx );
}
if ( !BER_BVISNULL( &o.o_req_dn ) ) {
op->o_tmpfree( o.o_req_dn.bv_val, op->o_tmpmemctx );
}
if ( !BER_BVISNULL( &o.o_req_ndn ) ) {
op->o_tmpfree( o.o_req_ndn.bv_val, op->o_tmpmemctx );
}
assert( BER_BVISNULL( &o.ors_filterstr )
|| o.ors_filterstr.bv_val != lud->lud_filter );
op->o_tmpfree( o.ors_filterstr.bv_val, op->o_tmpmemctx );
ldap_free_urldesc( lud );
}
rs->sr_entry = e;
rs->sr_flags = e_flags;
return SLAP_CB_CONTINUE;
}
static int
dynlist_sc_update( Operation *op, SlapReply *rs )
{
Entry *e;
Attribute *a;
int opattrs,
userattrs;
AccessControlState acl_state = ACL_STATE_INIT;
dynlist_sc_t *dlc;
dynlist_map_t *dlm;
if ( rs->sr_type != REP_SEARCH ) {
return 0;
}
dlc = (dynlist_sc_t *)op->o_callback->sc_private;
e = dlc->dlc_e;
assert( e != NULL );
assert( rs->sr_entry != NULL );
/* test access to entry */
if ( !access_allowed( op, rs->sr_entry, slap_schema.si_ad_entry,
NULL, ACL_READ, NULL ) )
{
goto done;
}
for ( dlm = dlc->dlc_dli->dli_dlm; dlm; dlm = dlm->dlm_next ) {
if (dlm->dlm_mapped_ad != NULL)
continue;
/* if access allowed, try to add values, emulating permissive
* control to silently ignore duplicates */
if ( access_allowed( op, rs->sr_entry, slap_schema.si_ad_entry,
NULL, ACL_READ, NULL ) )
{
Modification mod;
const char *text = NULL;
char textbuf[1024];
struct berval vals[ 2 ], nvals[ 2 ];
vals[ 0 ] = rs->sr_entry->e_name;
BER_BVZERO( &vals[ 1 ] );
nvals[ 0 ] = rs->sr_entry->e_nname;
BER_BVZERO( &nvals[ 1 ] );
mod.sm_op = LDAP_MOD_ADD;
mod.sm_desc = dlm->dlm_member_ad;
mod.sm_type = dlm->dlm_member_ad->ad_cname;
mod.sm_values = vals;
mod.sm_nvalues = nvals;
mod.sm_numvals = 1;
(void)modify_add_values( e, &mod, /* permissive */ 1,
&text, textbuf, sizeof( textbuf ) );
}
goto done;
}
#ifndef SLAP_OPATTRS
opattrs = ( rs->sr_attrs == NULL ) ? 0 : an_find( rs->sr_attrs, &AllOper );
userattrs = ( rs->sr_attrs == NULL ) ? 1 : an_find( rs->sr_attrs, &AllUser );
#else /* SLAP_OPATTRS */
opattrs = SLAP_OPATTRS( rs->sr_attr_flags );
userattrs = SLAP_USERATTRS( rs->sr_attr_flags );
#endif /* SLAP_OPATTRS */
for ( a = rs->sr_entry->e_attrs; a != NULL; a = a->a_next ) {
BerVarray vals, nvals = NULL;
int i, j,
is_oc = a->a_desc == slap_schema.si_ad_objectClass;
/* if attribute is not requested, skip it */
if ( rs->sr_attrs == NULL ) {
if ( is_at_operational( a->a_desc->ad_type ) ) {
continue;
}
} else {
if ( is_at_operational( a->a_desc->ad_type ) ) {
if ( !opattrs && !ad_inlist( a->a_desc, rs->sr_attrs ) )
{
continue;
}
} else {
if ( !userattrs && !ad_inlist( a->a_desc, rs->sr_attrs ) )
{
continue;
}
}
}
/* test access to attribute */
if ( op->ors_attrsonly ) {
if ( !access_allowed( op, rs->sr_entry, a->a_desc, NULL,
ACL_READ, &acl_state ) )
{
continue;
}
}
/* single-value check: keep first only */
if ( is_at_single_value( a->a_desc->ad_type ) ) {
if ( attr_find( e->e_attrs, a->a_desc ) != NULL ) {
continue;
}
}
/* test access to attribute */
i = a->a_numvals;
vals = op->o_tmpalloc( ( i + 1 ) * sizeof( struct berval ), op->o_tmpmemctx );
if ( a->a_nvals != a->a_vals ) {
nvals = op->o_tmpalloc( ( i + 1 ) * sizeof( struct berval ), op->o_tmpmemctx );
}
for ( i = 0, j = 0; !BER_BVISNULL( &a->a_vals[i] ); i++ ) {
if ( is_oc ) {
ObjectClass *soc = oc_bvfind( &a->a_vals[i] );
if ( soc->soc_kind == LDAP_SCHEMA_STRUCTURAL ) {
continue;
}
}
if ( access_allowed( op, rs->sr_entry, a->a_desc,
&a->a_nvals[i], ACL_READ, &acl_state ) )
{
vals[j] = a->a_vals[i];
if ( nvals ) {
nvals[j] = a->a_nvals[i];
}
j++;
}
}
/* if access allowed, try to add values, emulating permissive
* control to silently ignore duplicates */
if ( j != 0 ) {
Modification mod;
const char *text = NULL;
char textbuf[1024];
dynlist_map_t *dlm;
AttributeDescription *ad;
BER_BVZERO( &vals[j] );
if ( nvals ) {
BER_BVZERO( &nvals[j] );
}
ad = a->a_desc;
for ( dlm = dlc->dlc_dli->dli_dlm; dlm; dlm = dlm->dlm_next ) {
if ( dlm->dlm_member_ad == a->a_desc ) {
ad = dlm->dlm_mapped_ad;
break;
}
}
mod.sm_op = LDAP_MOD_ADD;
mod.sm_desc = ad;
mod.sm_type = ad->ad_cname;
mod.sm_values = vals;
mod.sm_nvalues = nvals;
mod.sm_numvals = j;
(void)modify_add_values( e, &mod, /* permissive */ 1,
&text, textbuf, sizeof( textbuf ) );
}
op->o_tmpfree( vals, op->o_tmpmemctx );
if ( nvals ) {
op->o_tmpfree( nvals, op->o_tmpmemctx );
}
}
done:;
if ( rs->sr_flags & REP_ENTRY_MUSTBEFREED ) {
entry_free( rs->sr_entry );
rs->sr_entry = NULL;
rs->sr_flags ^= REP_ENTRY_MUSTBEFREED;
}
return 0;
}
