summaryrefslogtreecommitdiff
path: root/source4/lib/ldb/ldb_map
diff options
context:
space:
mode:
Diffstat (limited to 'source4/lib/ldb/ldb_map')
-rw-r--r--source4/lib/ldb/ldb_map/ldb_map.c450
-rw-r--r--source4/lib/ldb/ldb_map/ldb_map.h81
2 files changed, 485 insertions, 46 deletions
diff --git a/source4/lib/ldb/ldb_map/ldb_map.c b/source4/lib/ldb/ldb_map/ldb_map.c
index 39bab2c4c6..4006ccbbd7 100644
--- a/source4/lib/ldb/ldb_map/ldb_map.c
+++ b/source4/lib/ldb/ldb_map/ldb_map.c
@@ -27,38 +27,391 @@
#include "lib/ldb/include/ldb_private.h"
#include "lib/ldb/ldb_map/ldb_map.h"
+/* TODO:
+ * - objectclass hint in ldb_map_attribute
+ * for use when multiple remote attributes (independant of each other)
+ * map to one local attribute. E.g.: (uid, gidNumber) -> unixName
+ */
+
struct map_private {
- struct ldb_map_mappings *mappings;
+ const struct ldb_map_mappings *mappings;
+ const char *last_err_string;
};
-static struct ldb_dn *ldb_map_dn(struct ldb_module *module, const struct ldb_dn *dn)
+/* find an attribute by the local name */
+static const struct ldb_map_attribute *map_find_attr_local(struct ldb_module *module, const char *attr)
{
- /* FIXME */
+ struct map_private *privdat = module->private_data;
+ int i;
+ for (i = 0; privdat->mappings->attribute_maps[i]; i++) {
+ if (!strcmp(privdat->mappings->attribute_maps[i]->local_name, attr))
+ return privdat->mappings->attribute_maps[i];
+ }
+
return NULL;
}
-static char *ldb_map_expression(struct ldb_module *module, const char *expr)
+/* find an attribute by the remote name */
+static const struct ldb_map_attribute *map_find_attr_remote(struct ldb_module *module, const char *attr)
{
- /* FIXME */
+ struct map_private *privdat = module->private_data;
+ int i;
+ for (i = 0; privdat->mappings->attribute_maps[i]; i++) {
+ if (privdat->mappings->attribute_maps[i]->type != MAP_RENAME &&
+ privdat->mappings->attribute_maps[i]->type != MAP_CONVERT)
+ continue;
+
+ if (!strcmp(privdat->mappings->attribute_maps[i]->u.rename.remote_name, attr))
+ return privdat->mappings->attribute_maps[i];
+ }
+
return NULL;
}
+static struct ldb_parse_tree *ldb_map_parse_tree(struct ldb_module *module, const struct ldb_parse_tree *tree)
+{
+ int i;
+ const struct ldb_map_attribute *attr;
+ struct ldb_parse_tree *new_tree = talloc_memdup(module, tree, sizeof(*tree));
+
+ /* Find attr in question and:
+ * - if it has a convert_operator function, run that
+ * - otherwise, replace attr name with required[0] */
+
+ if (tree->operation == LDB_OP_AND ||
+ tree->operation == LDB_OP_OR) {
+ for (i = 0; i < tree->u.list.num_elements; i++) {
+ new_tree->u.list.elements[i] = ldb_map_parse_tree(module, tree->u.list.elements[i]);
+ }
+
+ return new_tree;
+ }
+
+ if (tree->operation == LDB_OP_NOT) {
+ new_tree->u.isnot.child = ldb_map_parse_tree(module, tree->u.isnot.child);
+ return new_tree;
+ }
+
+ /* tree->operation is LDB_OP_EQUALITY, LDB_OP_SUBSTRING, LDB_OP_GREATER,
+ * LDB_OP_LESS, LDB_OP_APPROX, LDB_OP_PRESENT or LDB_OP_EXTENDED
+ *
+ * (all have attr as the first element)
+ */
+
+ attr = map_find_attr_local(module, tree->u.equality.attr);
+
+ if (!attr) {
+ DEBUG(0, ("Unable to find local attribute '%s', leaving as is", tree->u.equality.attr));
+ return new_tree;
+ }
+
+ if (attr->type == MAP_IGNORE)
+ return NULL;
+
+ if (attr->convert_operator) {
+ /* Run convert_operator */
+ talloc_free(new_tree);
+ new_tree = attr->convert_operator(module, tree);
+ } else {
+ new_tree->u.equality.attr = talloc_strdup(new_tree, attr->u.rename.remote_name);
+ }
+
+ return new_tree;
+}
+
+/* Remote DN -> Local DN */
+static struct ldb_dn *map_remote_dn(struct ldb_module *module, const struct ldb_dn *dn)
+{
+ struct ldb_dn *newdn;
+ int i;
+
+ newdn = talloc_memdup(module, dn, sizeof(*dn));
+ if (!newdn)
+ return NULL;
+
+ newdn->components = talloc_memdup(newdn, dn->components, sizeof(struct ldb_dn_component) * newdn->comp_num);
+
+ if (!newdn->components)
+ return NULL;
+
+ /* For each rdn, map the attribute name and possibly the
+ * complete rdn */
+
+ for (i = 0; i < dn->comp_num; i++) {
+ const struct ldb_map_attribute *attr = map_find_attr_remote(module, dn->components[i].name);
+
+ /* Unknown attribute - leave this dn as is and hope the best... */
+ if (!attr)
+ continue;
+
+ if (attr->type == MAP_IGNORE) {
+ DEBUG(0, ("Local MAP_IGNORE attribute '%s' used in DN!", dn->components[i].name));
+ talloc_free(newdn);
+ return NULL;
+ }
+
+ if (attr->type == MAP_GENERATE) {
+ DEBUG(0, ("Local MAP_GENERATE attribute '%s' used in DN!", dn->components[i].name));
+ talloc_free(newdn);
+
+ return NULL;
+ }
+
+ if (attr->type == MAP_CONVERT) {
+ struct ldb_message_element elm, *newelm;
+ struct ldb_val vals[1] = { dn->components[i].value };
+ elm.flags = 0;
+ elm.name = attr->u.convert.remote_name;
+ elm.num_values = 1;
+ elm.values = vals;
+
+ newelm = attr->u.convert.convert_remote(module, attr->local_name, &elm);
+
+ newdn->components[i].name = talloc_strdup(module, newelm->name);
+ newdn->components[i].value = newelm->values[0];
+ } else if (attr->type == MAP_RENAME) {
+ newdn->components[i].name = talloc_strdup(module, attr->local_name);
+ }
+ }
+ return newdn;
+}
+
+/* Local DN -> Remote DN */
+static struct ldb_dn *map_local_dn(struct ldb_module *module, const struct ldb_dn *dn)
+{ struct ldb_dn *newdn;
+ int i;
+ struct ldb_parse_tree eqtree, *new_eqtree;
+
+ newdn = talloc_memdup(module, dn, sizeof(*dn));
+ if (!newdn)
+ return NULL;
+
+ newdn->components = talloc_memdup(newdn, dn->components, sizeof(struct ldb_dn_component) * newdn->comp_num);
+
+ if (!newdn->components)
+ return NULL;
+
+ /* For each rdn, map the attribute name and possibly the
+ * complete rdn using an equality convert_operator call */
+
+ for (i = 0; i < dn->comp_num; i++) {
+ const struct ldb_map_attribute *attr = map_find_attr_local(module, dn->components[i].name);
+
+ /* Unknown attribute - leave this dn as is and hope the best... */
+ if (!attr)
+ continue;
+
+ if (attr->type == MAP_IGNORE) {
+ DEBUG(0, ("Local MAP_IGNORE attribute '%s' used in DN!", dn->components[i].name));
+ talloc_free(newdn);
+ return NULL;
+ }
+
+ if (attr->type == MAP_GENERATE) {
+ DEBUG(0, ("Local MAP_GENERATE attribute '%s' used in DN!", dn->components[i].name));
+ talloc_free(newdn);
+
+ return NULL;
+ }
+
+ /* Simple rename/convert only */
+ if (attr->convert_operator) {
+ /* Fancy stuff */
+ eqtree.operation = LDB_OP_EQUALITY;
+ eqtree.u.equality.attr = dn->components[i].name;
+ eqtree.u.equality.value = dn->components[i].value;
+
+ new_eqtree = ldb_map_parse_tree(module, &eqtree);
+
+ /* Silently continue for now */
+ if (!new_eqtree) {
+ DEBUG(0, ("Unable to convert RDN for attribute %s\n", dn->components[i].name));
+ continue;
+ }
+
+ newdn->components[i].name = new_eqtree->u.equality.attr;
+ newdn->components[i].value = new_eqtree->u.equality.value;
+ } else if (attr->type == MAP_CONVERT) {
+ struct ldb_message_element elm, *newelm;
+ struct ldb_val vals[1] = { dn->components[i].value };
+ elm.flags = 0;
+ elm.name = attr->local_name;
+ elm.num_values = 1;
+ elm.values = vals;
+
+ newelm = attr->u.convert.convert_local(module, attr->u.convert.remote_name, &elm);
+
+ newdn->components[i].name = talloc_strdup(module, newelm->name);
+ newdn->components[i].value = newelm->values[0];
+ } else if (attr->type == MAP_RENAME) {
+ newdn->components[i].name = talloc_strdup(module, attr->u.rename.remote_name);
+ }
+ }
+
+ return newdn;
+}
+
+
+
+/* Loop over ldb_map_attribute array and add remote_names */
static const char **ldb_map_attrs(struct ldb_module *module, const char *const attrs[])
{
- /* FIXME */
+ int i;
+ const char **ret;
+ int ar_size = 0, last_element = 0;
+
+ /* Start with good guess of number of elements */
+ for (i = 0; attrs[i]; i++);
+
+ ret = talloc_array(module, const char *, i);
+ ar_size = i;
+
+ for (i = 0; attrs[i]; i++) {
+ int j;
+ const struct ldb_map_attribute *attr = map_find_attr_local(module, attrs[i]);
+
+ if (!attr) {
+ DEBUG(0, ("Local attribute '%s' does not have a definition!\n", attrs[i]));
+ continue;
+ }
+
+ switch (attr->type)
+ {
+ case MAP_IGNORE: break;
+ case MAP_KEEP:
+ if (last_element >= ar_size) {
+ ret = talloc_realloc(module, ret, const char *, ar_size+1);
+ ar_size++;
+ }
+ ret[last_element] = attr->local_name;
+ last_element++;
+ break;
+
+ case MAP_RENAME:
+ case MAP_CONVERT:
+ if (last_element >= ar_size) {
+ ret = talloc_realloc(module, ret, const char *, ar_size+1);
+ ar_size++;
+ }
+ ret[last_element] = attr->u.rename.remote_name;
+ last_element++;
+ break;
+
+ case MAP_GENERATE:
+ /* Add remote_names[] for this attribute to the list of
+ * attributes to request from the remote server */
+ for (j = 0; attr->u.generate.remote_names[j]; j++) {
+ if (last_element >= ar_size) {
+ ret = talloc_realloc(module, ret, const char *, ar_size+1);
+ ar_size++;
+ }
+ ret[last_element] = attr->u.generate.remote_names[j];
+ last_element++;
+ }
+ break;
+ }
+ }
+
return NULL;
}
-static struct ldb_message *ldb_map_message_incoming(struct ldb_module *module, const struct ldb_message *mi)
+static struct ldb_message *ldb_map_message_incoming(struct ldb_module *module, const char * const*attrs, const struct ldb_message *mi)
{
- /* FIXME */
- return NULL;
+ int i;
+ struct ldb_message *msg = talloc_zero(module, struct ldb_message);
+ struct ldb_message_element *elm, *oldelm;
+
+ msg->dn = map_remote_dn(module, mi->dn);
+
+ /* Loop over attrs, find in ldb_map_attribute array and
+ * run generate() */
+
+ for (i = 0; attrs[i]; i++) {
+ const struct ldb_map_attribute *attr = map_find_attr_local(module, attrs[i]);
+
+ if (!attr) {
+ DEBUG(0, ("Unable to find local attribute '%s' when generating incoming message", attrs[i]));
+ continue;
+ }
+
+ switch (attr->type) {
+ case MAP_IGNORE:break;
+ case MAP_RENAME:
+ oldelm = ldb_msg_find_element(mi, attr->u.rename.remote_name);
+ elm = talloc_memdup(msg, oldelm, sizeof(*oldelm));
+ elm->name = talloc_strdup(elm, attr->local_name);
+
+ ldb_msg_add(module->ldb, msg, elm, 0);
+ break;
+
+ case MAP_CONVERT:
+ oldelm = ldb_msg_find_element(mi, attr->u.rename.remote_name);
+ elm = attr->u.convert.convert_local(msg, attr->local_name, oldelm);
+
+ ldb_msg_add(module->ldb, msg, elm, 0);
+ break;
+
+ case MAP_KEEP:
+ ldb_msg_add(module->ldb, msg, ldb_msg_find_element(mi, attr->local_name), 0);
+ break;
+
+ case MAP_GENERATE:
+ elm = attr->u.generate.generate_local(msg, attr->local_name, mi);
+ ldb_msg_add(module->ldb, msg, elm, 0);
+ break;
+ default:
+ DEBUG(0, ("Unknown attr->type for %s", attr->local_name));
+ break;
+ }
+ }
+
+ return msg;
}
-static struct ldb_message *ldb_map_message_outgoing(struct ldb_module *module, const struct ldb_message *mi)
+static struct ldb_message *ldb_map_message_outgoing(struct ldb_module *module, const struct ldb_message *mo)
{
- /* FIXME */
- return NULL;
+ struct ldb_message *msg = talloc_zero(module, struct ldb_message);
+ struct ldb_message_element *elm;
+ int i;
+
+ msg->private_data = mo->private_data;
+
+ msg->dn = map_local_dn(module, mo->dn);
+
+ /* Loop over mi and call generate_remote for each attribute */
+ for (i = 0; i < mo->num_elements; i++) {
+ const struct ldb_map_attribute *attr = map_find_attr_local(module, mo->elements[i].name);
+
+ if (!attr) {
+ DEBUG(0, ("Undefined local attribute '%s', ignoring\n", mo->elements[i].name));
+ continue;
+ }
+
+ switch (attr->type) {
+ case MAP_IGNORE: break;
+ case MAP_RENAME:
+ elm = talloc_memdup(msg, &msg->elements[i], sizeof(*elm));
+ elm->name = talloc_strdup(elm, attr->u.rename.remote_name);
+
+ ldb_msg_add(module->ldb, msg, elm, 0);
+ break;
+
+ case MAP_CONVERT:
+ elm = attr->u.convert.convert_remote(msg, attr->local_name, &msg->elements[i]);
+ ldb_msg_add(module->ldb, msg, elm, 0);
+ break;
+
+ case MAP_KEEP:
+ ldb_msg_add(module->ldb, msg, &msg->elements[i], 0);
+ break;
+
+ case MAP_GENERATE:
+ attr->u.generate.generate_remote(attr->local_name, mo, msg);
+ break;
+ }
+ }
+
+ return msg;
}
/*
@@ -69,8 +422,8 @@ static int map_rename(struct ldb_module *module, const struct ldb_dn *olddn, con
struct ldb_dn *n_olddn, *n_newdn;
int ret;
- n_olddn = ldb_map_dn(module, olddn);
- n_newdn = ldb_map_dn(module, newdn);
+ n_olddn = map_local_dn(module, olddn);
+ n_newdn = map_local_dn(module, newdn);
ret = ldb_next_rename_record(module, n_olddn, n_newdn);
@@ -88,7 +441,7 @@ static int map_delete(struct ldb_module *module, const struct ldb_dn *dn)
struct ldb_dn *newdn;
int ret;
- newdn = ldb_map_dn(module, dn);
+ newdn = map_local_dn(module, dn);
ret = ldb_next_delete_record(module, newdn);
@@ -97,38 +450,58 @@ static int map_delete(struct ldb_module *module, const struct ldb_dn *dn)
return ret;
}
-
/*
- search for matching records
+ search for matching records using a ldb_parse_tree
*/
-static int map_search(struct ldb_module *module, const struct ldb_dn *base,
- enum ldb_scope scope, const char *expression,
- const char * const *attrs, struct ldb_message ***res)
+static int map_search_bytree(struct ldb_module *module, const struct ldb_dn *base,
+ enum ldb_scope scope, struct ldb_parse_tree *tree,
+ const char * const *attrs, struct ldb_message ***res)
{
- char *newexpr;
int ret;
const char **newattrs;
+ struct ldb_parse_tree *new_tree;
struct ldb_dn *new_base;
struct ldb_message **newres;
int i;
- newexpr = ldb_map_expression(module, expression);
+ new_tree = ldb_map_parse_tree(module, tree);
newattrs = ldb_map_attrs(module, attrs);
- new_base = ldb_map_dn(module, base);
+ new_base = map_local_dn(module, base);
- ret = ldb_next_search(module, new_base, scope, newexpr, newattrs, &newres);
+ ret = ldb_next_search_bytree(module, new_base, scope, new_tree, newattrs, &newres);
talloc_free(new_base);
- talloc_free(newexpr);
+ talloc_free(new_tree);
talloc_free(newattrs);
for (i = 0; i < ret; i++) {
- *res[i] = ldb_map_message_incoming(module, newres[i]);
+ *res[i] = ldb_map_message_incoming(module, attrs, newres[i]);
talloc_free(newres[i]);
}
return ret;
}
+/*
+ search for matching records
+*/
+static int map_search(struct ldb_module *module, const struct ldb_dn *base,
+ enum ldb_scope scope, const char *expression,
+ const char * const *attrs, struct ldb_message ***res)
+{
+ struct map_private *map = module->private_data;
+ struct ldb_parse_tree *tree;
+ int ret;
+
+ tree = ldb_parse_tree(map, expression);
+ if (tree == NULL) {
+ map->last_err_string = "expression parse failed";
+ return -1;
+ }
+
+ ret = map_search_bytree(module, base, scope, tree, attrs, res);
+ talloc_free(tree);
+ return ret;
+}
/*
add a record
@@ -146,25 +519,7 @@ static int map_add(struct ldb_module *module, const struct ldb_message *msg)
}
-/*
- search for matching records using a ldb_parse_tree
-*/
-static int map_search_bytree(struct ldb_module *module, const struct ldb_dn *base,
- enum ldb_scope scope, struct ldb_parse_tree *tree,
- const char * const *attrs, struct ldb_message ***res)
-{
- struct map_private *privdat = module->private_data;
- char *expression;
- int ret;
- expression = ldb_filter_from_tree(privdat, tree);
- if (expression == NULL) {
- return -1;
- }
- ret = map_search(module, base, scope, expression, attrs, res);
- talloc_free(expression);
- return ret;
-}
/*
modify a record
@@ -196,6 +551,11 @@ static int map_unlock(struct ldb_module *module, const char *lockname)
*/
static const char *map_errstring(struct ldb_module *module)
{
+ struct map_private *map = module->private_data;
+
+ if (map->last_err_string)
+ return map->last_err_string;
+
return ldb_next_errstring(module);
}
@@ -213,7 +573,7 @@ static const struct ldb_module_ops map_ops = {
};
/* the init function */
-struct ldb_module *ldb_map_init(struct ldb_context *ldb, struct ldb_map_mappings *mappings, const char *options[])
+struct ldb_module *ldb_map_init(struct ldb_context *ldb, const struct ldb_map_mappings *mappings, const char *options[])
{
struct ldb_module *ctx;
struct map_private *data;
diff --git a/source4/lib/ldb/ldb_map/ldb_map.h b/source4/lib/ldb/ldb_map/ldb_map.h
index 3ebf2fa9d1..da3198429d 100644
--- a/source4/lib/ldb/ldb_map/ldb_map.h
+++ b/source4/lib/ldb/ldb_map/ldb_map.h
@@ -25,9 +25,88 @@
#ifndef __LDB_MAP_H__
#define __LDB_MAP_H__
-struct ldb_map_mappings
+/* ldb_map is a skeleton LDB module that can be used for any other modules
+ * that need to map attributes.
+ *
+ * The term 'remote' in this header refers to the connection where the
+ * original schema is used on while 'local' means the local connection
+ * that any upper layers will use.
+ *
+ * All local attributes will have to have a definition. Not all remote
+ * attributes need a definition as LDB is a lot less stricter then LDAP
+ * (in other words, sending unknown attributes to an LDAP server hurts us,
+ * returning too much attributes in ldb_search() doesn't)
+ */
+
+struct ldb_map_attribute
{
+ const char *local_name; /* local name */
+
+ enum {
+ MAP_IGNORE, /* Ignore this local attribute. Doesn't exist remotely. */
+ MAP_KEEP, /* Keep as is */
+ MAP_RENAME, /* Simply rename the attribute. Name changes, data is the same */
+ MAP_CONVERT, /* Rename + convert data */
+ MAP_GENERATE /* Use generate function for generating new name/data.
+ Used for generating attributes based on
+ multiple remote attributes. */
+ } type;
+
+ /* if set, will be called for expressions that contain this attribute */
+ struct ldb_parse_tree *(*convert_operator) (TALLOC_CTX *ctx, const struct ldb_parse_tree *);
+
+ union {
+ struct {
+ const char *remote_name;
+ } rename;
+
+ struct {
+ const char *remote_name;
+ struct ldb_message_element *(*convert_local) (
+ TALLOC_CTX *ctx,
+ const char *remote_attr,
+ const struct ldb_message_element *);
+
+ struct ldb_message_element *(*convert_remote) (
+ TALLOC_CTX *ctx,
+ const char *local_attr,
+ const struct ldb_message_element *);
+ } convert;
+
+ struct {
+ /* Generate the local attribute from remote message */
+ struct ldb_message_element *(*generate_local) (
+ TALLOC_CTX *ctx,
+ const char *attr,
+ const struct ldb_message *remote);
+
+ /* Update remote message with information from local message */
+ void (*generate_remote) (
+ const char *local_attr,
+ const struct ldb_message *local,
+ struct ldb_message *remote);
+
+ /* Name(s) for this attribute on the remote server. This is an array since
+ * one local attribute's data can be split up into several attributes
+ * remotely */
+ const char *remote_names[];
+ } generate;
+ } u;
};
+struct ldb_map_objectclass
+{
+ const char *local_name;
+ const char *remote_name;
+};
+
+/* Base ldb_map struct. Fill this in to create a mapping backend */
+struct ldb_map_mappings
+{
+ const char *name;
+ const struct ldb_map_attribute *attribute_maps[];
+};
+
+
#endif /* __LDB_MAP_H__ */