1 /* dn.c - routines for dealing with distinguished names */
3 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
5 * Copyright 1998-2007 The OpenLDAP Foundation.
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted only as authorized by the OpenLDAP
12 * A copy of this license is available in the file LICENSE in the
13 * top-level directory of the distribution or, alternatively, at
14 * <http://www.OpenLDAP.org/license.html>.
16 /* Portions Copyright (c) 1995 Regents of the University of Michigan.
17 * All rights reserved.
19 * Redistribution and use in source and binary forms are permitted
20 * provided that this notice is preserved and that due credit is given
21 * to the University of Michigan at Ann Arbor. The name of the University
22 * may not be used to endorse or promote products derived from this
23 * software without specific prior written permission. This software
24 * is provided ``as is'' without express or implied warranty.
32 #include <ac/socket.h>
33 #include <ac/string.h>
40 * The DN syntax-related functions take advantage of the dn representation
41 * handling functions ldap_str2dn/ldap_dn2str. The latter are not schema-
42 * aware, so the attributes and their values need be validated (and possibly
43 * normalized). In the current implementation the required validation/nor-
44 * malization/"pretty"ing are done on newly created DN structural represen-
45 * tations; however the idea is to move towards DN handling in structural
46 * representation instead of the current string representation. To this
47 * purpose, we need to do only the required operations and keep track of
48 * what has been done to minimize their impact on performances.
50 * Developers are strongly encouraged to use this feature, to speed-up
54 #define AVA_PRIVATE( ava ) ( ( AttributeDescription * )(ava)->la_private )
57 LDAPRDN_validate( LDAPRDN rdn )
62 assert( rdn != NULL );
64 for ( iAVA = 0; rdn[ iAVA ]; iAVA++ ) {
65 LDAPAVA *ava = rdn[ iAVA ];
66 AttributeDescription *ad;
67 slap_syntax_validate_func *validate = NULL;
69 assert( ava != NULL );
71 if ( ( ad = AVA_PRIVATE( ava ) ) == NULL ) {
72 const char *text = NULL;
74 rc = slap_bv2ad( &ava->la_attr, &ad, &text );
75 if ( rc != LDAP_SUCCESS ) {
76 rc = slap_bv2undef_ad( &ava->la_attr,
78 SLAP_AD_PROXIED|SLAP_AD_NOINSERT );
79 if ( rc != LDAP_SUCCESS ) {
80 return LDAP_INVALID_SYNTAX;
84 ava->la_private = ( void * )ad;
88 * Replace attr oid/name with the canonical name
90 ava->la_attr = ad->ad_cname;
92 validate = ad->ad_type->sat_syntax->ssyn_validate;
96 * validate value by validate function
98 rc = ( *validate )( ad->ad_type->sat_syntax,
101 if ( rc != LDAP_SUCCESS ) {
102 return LDAP_INVALID_SYNTAX;
111 * In-place, schema-aware validation of the
112 * structural representation of a distinguished name.
115 LDAPDN_validate( LDAPDN dn )
120 assert( dn != NULL );
122 for ( iRDN = 0; dn[ iRDN ]; iRDN++ ) {
123 LDAPRDN rdn = dn[ iRDN ];
126 assert( rdn != NULL );
128 for ( iAVA = 0; rdn[ iAVA ]; iAVA++ ) {
129 LDAPAVA *ava = rdn[ iAVA ];
130 AttributeDescription *ad;
131 slap_syntax_validate_func *validate = NULL;
133 assert( ava != NULL );
135 if ( ( ad = AVA_PRIVATE( ava ) ) == NULL ) {
136 const char *text = NULL;
138 rc = slap_bv2ad( &ava->la_attr, &ad, &text );
139 if ( rc != LDAP_SUCCESS ) {
140 rc = slap_bv2undef_ad( &ava->la_attr,
142 SLAP_AD_PROXIED|SLAP_AD_NOINSERT );
143 if ( rc != LDAP_SUCCESS ) {
144 return LDAP_INVALID_SYNTAX;
148 ava->la_private = ( void * )ad;
152 * Replace attr oid/name with the canonical name
154 ava->la_attr = ad->ad_cname;
156 validate = ad->ad_type->sat_syntax->ssyn_validate;
160 * validate value by validate function
162 rc = ( *validate )( ad->ad_type->sat_syntax,
165 if ( rc != LDAP_SUCCESS ) {
166 return LDAP_INVALID_SYNTAX;
176 * dn validate routine
186 assert( in != NULL );
188 if ( in->bv_len == 0 ) {
191 } else if ( in->bv_len > SLAP_LDAPDN_MAXLEN ) {
192 return LDAP_INVALID_SYNTAX;
195 rc = ldap_bv2dn( in, &dn, LDAP_DN_FORMAT_LDAP );
196 if ( rc != LDAP_SUCCESS ) {
197 return LDAP_INVALID_SYNTAX;
200 assert( strlen( in->bv_val ) == in->bv_len );
203 * Schema-aware validate
205 rc = LDAPDN_validate( dn );
208 if ( rc != LDAP_SUCCESS ) {
209 return LDAP_INVALID_SYNTAX;
224 assert( in != NULL );
225 if ( in->bv_len == 0 ) {
228 } else if ( in->bv_len > SLAP_LDAPDN_MAXLEN ) {
229 return LDAP_INVALID_SYNTAX;
232 rc = ldap_bv2rdn_x( in , &rdn, (char **) &p,
233 LDAP_DN_FORMAT_LDAP, NULL);
234 if ( rc != LDAP_SUCCESS ) {
235 return LDAP_INVALID_SYNTAX;
238 assert( strlen( in->bv_val ) == in->bv_len );
241 * Schema-aware validate
243 rc = LDAPRDN_validate( rdn );
246 if ( rc != LDAP_SUCCESS ) {
247 return LDAP_INVALID_SYNTAX;
255 * AVA sorting inside a RDN
257 * rule: sort attributeTypes in alphabetical order; in case of multiple
258 * occurrences of the same attributeType, sort values in byte order
259 * (use memcmp, which implies alphabetical order in case of IA5 value;
260 * this should guarantee the repeatability of the operation).
262 * Note: the sorting can be slightly improved by sorting first
263 * by attribute type length, then by alphabetical order.
265 * uses a linear search; should be fine since the number of AVAs in
266 * a RDN should be limited.
269 AVA_Sort( LDAPRDN rdn, int iAVA )
272 LDAPAVA *ava_in = rdn[ iAVA ];
274 assert( rdn != NULL );
275 assert( ava_in != NULL );
277 for ( i = 0; i < iAVA; i++ ) {
278 LDAPAVA *ava = rdn[ i ];
281 assert( ava != NULL );
283 a = strcmp( ava_in->la_attr.bv_val, ava->la_attr.bv_val );
292 d = ava_in->la_value.bv_len - ava->la_value.bv_len;
294 v = memcmp( ava_in->la_value.bv_val,
295 ava->la_value.bv_val,
296 d <= 0 ? ava_in->la_value.bv_len
297 : ava->la_value.bv_len );
299 if ( v == 0 && d != 0 ) {
318 a = strcmp( ava_in->la_attr.bv_val,
319 ava->la_attr.bv_val );
325 for ( j = iAVA; j > i; j-- ) {
326 rdn[ j ] = rdn[ j - 1 ];
335 LDAPRDN_rewrite( LDAPRDN rdn, unsigned flags, void *ctx )
340 for ( iAVA = 0; rdn[ iAVA ]; iAVA++ ) {
341 LDAPAVA *ava = rdn[ iAVA ];
342 AttributeDescription *ad;
343 slap_syntax_validate_func *validf = NULL;
344 slap_mr_normalize_func *normf = NULL;
345 slap_syntax_transform_func *transf = NULL;
346 MatchingRule *mr = NULL;
347 struct berval bv = BER_BVNULL;
350 assert( ava != NULL );
352 if ( ( ad = AVA_PRIVATE( ava ) ) == NULL ) {
353 const char *text = NULL;
355 rc = slap_bv2ad( &ava->la_attr, &ad, &text );
356 if ( rc != LDAP_SUCCESS ) {
357 rc = slap_bv2undef_ad( &ava->la_attr,
359 SLAP_AD_PROXIED|SLAP_AD_NOINSERT );
360 if ( rc != LDAP_SUCCESS ) {
361 return LDAP_INVALID_SYNTAX;
365 ava->la_private = ( void * )ad;
370 * Replace attr oid/name with the canonical name
372 ava->la_attr = ad->ad_cname;
374 if( ava->la_flags & LDAP_AVA_BINARY ) {
375 if( ava->la_value.bv_len == 0 ) {
376 /* BER encoding is empty */
377 return LDAP_INVALID_SYNTAX;
380 /* AVA is binary encoded, don't muck with it */
381 } else if( flags & SLAP_LDAPDN_PRETTY ) {
382 transf = ad->ad_type->sat_syntax->ssyn_pretty;
384 validf = ad->ad_type->sat_syntax->ssyn_validate;
386 } else { /* normalization */
387 validf = ad->ad_type->sat_syntax->ssyn_validate;
388 mr = ad->ad_type->sat_equality;
389 if( mr && (!( mr->smr_usage & SLAP_MR_MUTATION_NORMALIZER ))) {
390 normf = mr->smr_normalize;
395 /* validate value before normalization */
396 rc = ( *validf )( ad->ad_type->sat_syntax,
399 : (struct berval *) &slap_empty_bv );
401 if ( rc != LDAP_SUCCESS ) {
402 return LDAP_INVALID_SYNTAX;
408 * transform value by pretty function
409 * if value is empty, use empty_bv
411 rc = ( *transf )( ad->ad_type->sat_syntax,
414 : (struct berval *) &slap_empty_bv,
417 if ( rc != LDAP_SUCCESS ) {
418 return LDAP_INVALID_SYNTAX;
425 * if value is empty, use empty_bv
428 SLAP_MR_VALUE_OF_ASSERTION_SYNTAX,
429 ad->ad_type->sat_syntax,
433 : (struct berval *) &slap_empty_bv,
436 if ( rc != LDAP_SUCCESS ) {
437 return LDAP_INVALID_SYNTAX;
443 if ( ava->la_flags & LDAP_AVA_FREE_VALUE )
444 ber_memfree_x( ava->la_value.bv_val, ctx );
446 ava->la_flags |= LDAP_AVA_FREE_VALUE;
449 if( do_sort ) AVA_Sort( rdn, iAVA );
455 * In-place, schema-aware normalization / "pretty"ing of the
456 * structural representation of a distinguished name.
459 LDAPDN_rewrite( LDAPDN dn, unsigned flags, void *ctx )
464 assert( dn != NULL );
466 for ( iRDN = 0; dn[ iRDN ]; iRDN++ ) {
467 LDAPRDN rdn = dn[ iRDN ];
470 assert( rdn != NULL );
472 for ( iAVA = 0; rdn[ iAVA ]; iAVA++ ) {
473 LDAPAVA *ava = rdn[ iAVA ];
474 AttributeDescription *ad;
475 slap_syntax_validate_func *validf = NULL;
476 slap_mr_normalize_func *normf = NULL;
477 slap_syntax_transform_func *transf = NULL;
478 MatchingRule *mr = NULL;
479 struct berval bv = BER_BVNULL;
482 assert( ava != NULL );
484 if ( ( ad = AVA_PRIVATE( ava ) ) == NULL ) {
485 const char *text = NULL;
487 rc = slap_bv2ad( &ava->la_attr, &ad, &text );
488 if ( rc != LDAP_SUCCESS ) {
489 rc = slap_bv2undef_ad( &ava->la_attr,
491 SLAP_AD_PROXIED|SLAP_AD_NOINSERT );
492 if ( rc != LDAP_SUCCESS ) {
493 return LDAP_INVALID_SYNTAX;
497 ava->la_private = ( void * )ad;
502 * Replace attr oid/name with the canonical name
504 ava->la_attr = ad->ad_cname;
506 if( ava->la_flags & LDAP_AVA_BINARY ) {
507 if( ava->la_value.bv_len == 0 ) {
508 /* BER encoding is empty */
509 return LDAP_INVALID_SYNTAX;
512 /* AVA is binary encoded, don't muck with it */
513 } else if( flags & SLAP_LDAPDN_PRETTY ) {
514 transf = ad->ad_type->sat_syntax->ssyn_pretty;
516 validf = ad->ad_type->sat_syntax->ssyn_validate;
518 } else { /* normalization */
519 validf = ad->ad_type->sat_syntax->ssyn_validate;
520 mr = ad->ad_type->sat_equality;
521 if( mr && (!( mr->smr_usage & SLAP_MR_MUTATION_NORMALIZER ))) {
522 normf = mr->smr_normalize;
527 /* validate value before normalization */
528 rc = ( *validf )( ad->ad_type->sat_syntax,
531 : (struct berval *) &slap_empty_bv );
533 if ( rc != LDAP_SUCCESS ) {
534 return LDAP_INVALID_SYNTAX;
540 * transform value by pretty function
541 * if value is empty, use empty_bv
543 rc = ( *transf )( ad->ad_type->sat_syntax,
546 : (struct berval *) &slap_empty_bv,
549 if ( rc != LDAP_SUCCESS ) {
550 return LDAP_INVALID_SYNTAX;
557 * if value is empty, use empty_bv
560 SLAP_MR_VALUE_OF_ASSERTION_SYNTAX,
561 ad->ad_type->sat_syntax,
565 : (struct berval *) &slap_empty_bv,
568 if ( rc != LDAP_SUCCESS ) {
569 return LDAP_INVALID_SYNTAX;
575 if ( ava->la_flags & LDAP_AVA_FREE_VALUE )
576 ber_memfree_x( ava->la_value.bv_val, ctx );
578 ava->la_flags |= LDAP_AVA_FREE_VALUE;
581 if( do_sort ) AVA_Sort( rdn, iAVA );
597 assert( val != NULL );
598 assert( out != NULL );
600 Debug( LDAP_DEBUG_TRACE, ">>> dnNormalize: <%s>\n", val->bv_val, 0, 0 );
602 if ( val->bv_len != 0 ) {
607 * Go to structural representation
609 rc = ldap_bv2dn_x( val, &dn, LDAP_DN_FORMAT_LDAP, ctx );
610 if ( rc != LDAP_SUCCESS ) {
611 return LDAP_INVALID_SYNTAX;
614 assert( strlen( val->bv_val ) == val->bv_len );
617 * Schema-aware rewrite
619 if ( LDAPDN_rewrite( dn, 0, ctx ) != LDAP_SUCCESS ) {
620 ldap_dnfree_x( dn, ctx );
621 return LDAP_INVALID_SYNTAX;
625 * Back to string representation
627 rc = ldap_dn2bv_x( dn, out,
628 LDAP_DN_FORMAT_LDAPV3 | LDAP_DN_PRETTY, ctx );
630 ldap_dnfree_x( dn, ctx );
632 if ( rc != LDAP_SUCCESS ) {
633 return LDAP_INVALID_SYNTAX;
636 ber_dupbv_x( out, val, ctx );
639 Debug( LDAP_DEBUG_TRACE, "<<< dnNormalize: <%s>\n", out->bv_val, 0, 0 );
653 assert( val != NULL );
654 assert( out != NULL );
656 Debug( LDAP_DEBUG_TRACE, ">>> dnNormalize: <%s>\n", val->bv_val, 0, 0 );
657 if ( val->bv_len != 0 ) {
663 * Go to structural representation
665 rc = ldap_bv2rdn_x( val , &rdn, (char **) &p,
666 LDAP_DN_FORMAT_LDAP, ctx);
668 if ( rc != LDAP_SUCCESS ) {
669 return LDAP_INVALID_SYNTAX;
672 assert( strlen( val->bv_val ) == val->bv_len );
675 * Schema-aware rewrite
677 if ( LDAPRDN_rewrite( rdn, 0, ctx ) != LDAP_SUCCESS ) {
678 ldap_rdnfree_x( rdn, ctx );
679 return LDAP_INVALID_SYNTAX;
683 * Back to string representation
685 rc = ldap_rdn2bv_x( rdn, out,
686 LDAP_DN_FORMAT_LDAPV3 | LDAP_DN_PRETTY, ctx );
688 ldap_rdnfree_x( rdn, ctx );
690 if ( rc != LDAP_SUCCESS ) {
691 return LDAP_INVALID_SYNTAX;
694 ber_dupbv_x( out, val, ctx );
697 Debug( LDAP_DEBUG_TRACE, "<<< dnNormalize: <%s>\n", out->bv_val, 0, 0 );
709 assert( val != NULL );
710 assert( out != NULL );
712 Debug( LDAP_DEBUG_TRACE, ">>> dnPretty: <%s>\n", val->bv_val, 0, 0 );
714 if ( val->bv_len == 0 ) {
715 ber_dupbv_x( out, val, ctx );
717 } else if ( val->bv_len > SLAP_LDAPDN_MAXLEN ) {
718 return LDAP_INVALID_SYNTAX;
724 /* FIXME: should be liberal in what we accept */
725 rc = ldap_bv2dn_x( val, &dn, LDAP_DN_FORMAT_LDAP, ctx );
726 if ( rc != LDAP_SUCCESS ) {
727 return LDAP_INVALID_SYNTAX;
730 assert( strlen( val->bv_val ) == val->bv_len );
733 * Schema-aware rewrite
735 if ( LDAPDN_rewrite( dn, SLAP_LDAPDN_PRETTY, ctx ) != LDAP_SUCCESS ) {
736 ldap_dnfree_x( dn, ctx );
737 return LDAP_INVALID_SYNTAX;
740 /* FIXME: not sure why the default isn't pretty */
741 /* RE: the default is the form that is used as
742 * an internal representation; the pretty form
744 rc = ldap_dn2bv_x( dn, out,
745 LDAP_DN_FORMAT_LDAPV3 | LDAP_DN_PRETTY, ctx );
747 ldap_dnfree_x( dn, ctx );
749 if ( rc != LDAP_SUCCESS ) {
750 return LDAP_INVALID_SYNTAX;
754 Debug( LDAP_DEBUG_TRACE, "<<< dnPretty: <%s>\n", out->bv_val, 0, 0 );
766 assert( val != NULL );
767 assert( out != NULL );
769 Debug( LDAP_DEBUG_TRACE, ">>> dnPretty: <%s>\n", val->bv_val, 0, 0 );
771 if ( val->bv_len == 0 ) {
772 ber_dupbv_x( out, val, ctx );
774 } else if ( val->bv_len > SLAP_LDAPDN_MAXLEN ) {
775 return LDAP_INVALID_SYNTAX;
782 /* FIXME: should be liberal in what we accept */
783 rc = ldap_bv2rdn_x( val , &rdn, (char **) &p,
784 LDAP_DN_FORMAT_LDAP, ctx);
785 if ( rc != LDAP_SUCCESS ) {
786 return LDAP_INVALID_SYNTAX;
789 assert( strlen( val->bv_val ) == val->bv_len );
792 * Schema-aware rewrite
794 if ( LDAPRDN_rewrite( rdn, SLAP_LDAPDN_PRETTY, ctx ) != LDAP_SUCCESS ) {
795 ldap_rdnfree_x( rdn, ctx );
796 return LDAP_INVALID_SYNTAX;
799 /* FIXME: not sure why the default isn't pretty */
800 /* RE: the default is the form that is used as
801 * an internal representation; the pretty form
803 rc = ldap_rdn2bv_x( rdn, out,
804 LDAP_DN_FORMAT_LDAPV3 | LDAP_DN_PRETTY, ctx );
806 ldap_rdnfree_x( rdn, ctx );
808 if ( rc != LDAP_SUCCESS ) {
809 return LDAP_INVALID_SYNTAX;
813 Debug( LDAP_DEBUG_TRACE, "<<< dnPretty: <%s>\n", out->bv_val, 0, 0 );
827 assert( val != NULL );
828 assert( dn != NULL );
830 Debug( LDAP_DEBUG_TRACE, ">>> dn%sDN: <%s>\n",
831 flags == SLAP_LDAPDN_PRETTY ? "Pretty" : "Normal",
834 if ( val->bv_len == 0 ) {
837 } else if ( val->bv_len > SLAP_LDAPDN_MAXLEN ) {
838 return LDAP_INVALID_SYNTAX;
843 /* FIXME: should be liberal in what we accept */
844 rc = ldap_bv2dn_x( val, dn, LDAP_DN_FORMAT_LDAP, ctx );
845 if ( rc != LDAP_SUCCESS ) {
846 return LDAP_INVALID_SYNTAX;
849 assert( strlen( val->bv_val ) == val->bv_len );
852 * Schema-aware rewrite
854 if ( LDAPDN_rewrite( *dn, flags, ctx ) != LDAP_SUCCESS ) {
855 ldap_dnfree_x( *dn, ctx );
857 return LDAP_INVALID_SYNTAX;
861 Debug( LDAP_DEBUG_TRACE, "<<< dn%sDN\n",
862 flags == SLAP_LDAPDN_PRETTY ? "Pretty" : "Normal",
869 * Combination of both dnPretty and dnNormalize
875 struct berval *pretty,
876 struct berval *normal,
879 Debug( LDAP_DEBUG_TRACE, ">>> dnPrettyNormal: <%s>\n", val->bv_val, 0, 0 );
881 assert( val != NULL );
882 assert( pretty != NULL );
883 assert( normal != NULL );
885 if ( val->bv_len == 0 ) {
886 ber_dupbv_x( pretty, val, ctx );
887 ber_dupbv_x( normal, val, ctx );
889 } else if ( val->bv_len > SLAP_LDAPDN_MAXLEN ) {
891 return LDAP_INVALID_SYNTAX;
897 pretty->bv_val = NULL;
898 normal->bv_val = NULL;
902 /* FIXME: should be liberal in what we accept */
903 rc = ldap_bv2dn_x( val, &dn, LDAP_DN_FORMAT_LDAP, ctx );
904 if ( rc != LDAP_SUCCESS ) {
905 return LDAP_INVALID_SYNTAX;
908 assert( strlen( val->bv_val ) == val->bv_len );
911 * Schema-aware rewrite
913 if ( LDAPDN_rewrite( dn, SLAP_LDAPDN_PRETTY, ctx ) != LDAP_SUCCESS ) {
914 ldap_dnfree_x( dn, ctx );
915 return LDAP_INVALID_SYNTAX;
918 rc = ldap_dn2bv_x( dn, pretty,
919 LDAP_DN_FORMAT_LDAPV3 | LDAP_DN_PRETTY, ctx );
921 if ( rc != LDAP_SUCCESS ) {
922 ldap_dnfree_x( dn, ctx );
923 return LDAP_INVALID_SYNTAX;
926 if ( LDAPDN_rewrite( dn, 0, ctx ) != LDAP_SUCCESS ) {
927 ldap_dnfree_x( dn, ctx );
928 ber_memfree_x( pretty->bv_val, ctx );
929 pretty->bv_val = NULL;
931 return LDAP_INVALID_SYNTAX;
934 rc = ldap_dn2bv_x( dn, normal,
935 LDAP_DN_FORMAT_LDAPV3 | LDAP_DN_PRETTY, ctx );
937 ldap_dnfree_x( dn, ctx );
938 if ( rc != LDAP_SUCCESS ) {
939 ber_memfree_x( pretty->bv_val, ctx );
940 pretty->bv_val = NULL;
942 return LDAP_INVALID_SYNTAX;
946 Debug( LDAP_DEBUG_TRACE, "<<< dnPrettyNormal: <%s>, <%s>\n",
947 pretty->bv_val, normal->bv_val, 0 );
961 struct berval *value,
962 void *assertedValue )
965 struct berval *asserted = (struct berval *) assertedValue;
967 assert( matchp != NULL );
968 assert( value != NULL );
969 assert( assertedValue != NULL );
970 assert( !BER_BVISNULL( value ) );
971 assert( !BER_BVISNULL( asserted ) );
973 match = value->bv_len - asserted->bv_len;
976 match = memcmp( value->bv_val, asserted->bv_val,
980 Debug( LDAP_DEBUG_ARGS, "dnMatch %d\n\t\"%s\"\n\t\"%s\"\n",
981 match, value->bv_val, asserted->bv_val );
988 * dnRelativeMatch routine
996 struct berval *value,
997 void *assertedValue )
1000 struct berval *asserted = (struct berval *) assertedValue;
1002 assert( matchp != NULL );
1003 assert( value != NULL );
1004 assert( assertedValue != NULL );
1005 assert( !BER_BVISNULL( value ) );
1006 assert( !BER_BVISNULL( asserted ) );
1008 if( mr == slap_schema.si_mr_dnSubtreeMatch ) {
1009 if( asserted->bv_len > value->bv_len ) {
1011 } else if ( asserted->bv_len == value->bv_len ) {
1012 match = memcmp( value->bv_val, asserted->bv_val,
1016 value->bv_val[value->bv_len - asserted->bv_len - 1] ))
1019 &value->bv_val[value->bv_len - asserted->bv_len],
1028 return LDAP_SUCCESS;
1031 if( mr == slap_schema.si_mr_dnSuperiorMatch ) {
1033 value = (struct berval *) assertedValue;
1034 mr = slap_schema.si_mr_dnSubordinateMatch;
1037 if( mr == slap_schema.si_mr_dnSubordinateMatch ) {
1038 if( asserted->bv_len >= value->bv_len ) {
1042 value->bv_val[value->bv_len - asserted->bv_len - 1] ))
1045 &value->bv_val[value->bv_len - asserted->bv_len],
1054 return LDAP_SUCCESS;
1057 if( mr == slap_schema.si_mr_dnOneLevelMatch ) {
1058 if( asserted->bv_len >= value->bv_len ) {
1062 value->bv_val[value->bv_len - asserted->bv_len - 1] ))
1065 &value->bv_val[value->bv_len - asserted->bv_len],
1071 rdn.bv_val = value->bv_val;
1072 rdn.bv_len = value->bv_len - asserted->bv_len - 1;
1073 match = dnIsOneLevelRDN( &rdn ) ? 0 : 1;
1081 return LDAP_SUCCESS;
1084 /* should not be reachable */
1095 struct berval *value,
1096 void *assertedValue )
1099 struct berval *asserted = (struct berval *) assertedValue;
1101 assert( matchp != NULL );
1102 assert( value != NULL );
1103 assert( assertedValue != NULL );
1105 match = value->bv_len - asserted->bv_len;
1108 match = memcmp( value->bv_val, asserted->bv_val,
1112 Debug( LDAP_DEBUG_ARGS, "rdnMatch %d\n\t\"%s\"\n\t\"%s\"\n",
1113 match, value->bv_val, asserted->bv_val );
1116 return LDAP_SUCCESS;
1121 * dnParent - dn's parent, in-place
1122 * note: the incoming dn is assumed to be normalized/prettyfied,
1123 * so that escaped rdn/ava separators are in '\'+hexpair form
1125 * note: "dn" and "pdn" can point to the same berval;
1126 * beware that, in this case, the pointer to the original buffer
1132 struct berval *pdn )
1136 p = ber_bvchr( dn, ',' );
1141 pdn->bv_val = dn->bv_val + dn->bv_len;
1145 assert( DN_SEPARATOR( p[ 0 ] ) );
1148 assert( ATTR_LEADCHAR( p[ 0 ] ) );
1149 pdn->bv_len = dn->bv_len - (p - dn->bv_val);
1156 * dnRdn - dn's rdn, in-place
1157 * note: the incoming dn is assumed to be normalized/prettyfied,
1158 * so that escaped rdn/ava separators are in '\'+hexpair form
1163 struct berval *rdn )
1168 p = ber_bvchr( dn, ',' );
1175 assert( DN_SEPARATOR( p[ 0 ] ) );
1176 assert( ATTR_LEADCHAR( p[ 1 ] ) );
1177 rdn->bv_len = p - dn->bv_val;
1192 assert( dn != NULL );
1193 assert( rdn != NULL );
1195 if( dn->bv_len == 0 ) {
1199 rc = ldap_bv2rdn_x( dn, &tmpRDN, (char **)&p, LDAP_DN_FORMAT_LDAP, ctx );
1200 if ( rc != LDAP_SUCCESS ) {
1204 rc = ldap_rdn2bv_x( tmpRDN, rdn, LDAP_DN_FORMAT_LDAPV3 | LDAP_DN_PRETTY,
1207 ldap_rdnfree_x( tmpRDN, ctx );
1212 * We can assume the input is a prettied or normalized DN
1217 struct berval *dn_in )
1221 assert( dn_in != NULL );
1223 if ( dn_in == NULL ) {
1227 if ( !dn_in->bv_len ) {
1231 if ( be != NULL && be_issuffix( be, dn_in ) ) {
1235 p = ber_bvchr( dn_in, ',' );
1237 return p ? p - dn_in->bv_val : dn_in->bv_len;
1243 * LDAP_SUCCESS if rdn is a legal rdn;
1244 * LDAP_INVALID_SYNTAX otherwise (including a sequence of rdns)
1247 rdn_validate( struct berval *rdn )
1251 * input is a pretty or normalized DN
1252 * hence, we can just search for ','
1254 if( rdn == NULL || rdn->bv_len == 0 ||
1255 rdn->bv_len > SLAP_LDAPDN_MAXLEN )
1257 return LDAP_INVALID_SYNTAX;
1259 return ber_bvchr( rdn, ',' ) == NULL
1260 ? LDAP_SUCCESS : LDAP_INVALID_SYNTAX;
1263 LDAPRDN *RDN, **DN[ 2 ] = { &RDN, NULL };
1270 if ( rdn == NULL || rdn == '\0' ) {
1277 rc = ldap_bv2rdn( rdn, &RDN, (char **)&p, LDAP_DN_FORMAT_LDAP );
1278 if ( rc != LDAP_SUCCESS ) {
1285 if ( p[ 0 ] != '\0' ) {
1290 * Schema-aware validate
1292 if ( rc == LDAP_SUCCESS ) {
1293 rc = LDAPDN_validate( DN );
1295 ldap_rdnfree( RDN );
1298 * Must validate (there's a repeated parsing ...)
1300 return ( rc == LDAP_SUCCESS );
1307 * Used by ldbm/bdb2 back_modrdn to create the new dn of entries being
1310 * new_dn = parent (p_dn) + separator + rdn (newrdn) + null.
1314 build_new_dn( struct berval * new_dn,
1315 struct berval * parent_dn,
1316 struct berval * newrdn,
1321 if ( parent_dn == NULL || parent_dn->bv_len == 0 ) {
1322 ber_dupbv( new_dn, newrdn );
1326 new_dn->bv_len = parent_dn->bv_len + newrdn->bv_len + 1;
1327 new_dn->bv_val = (char *) slap_sl_malloc( new_dn->bv_len + 1, memctx );
1329 ptr = lutil_strncopy( new_dn->bv_val, newrdn->bv_val, newrdn->bv_len );
1331 strcpy( ptr, parent_dn->bv_val );
1336 * dnIsSuffix - tells whether suffix is a suffix of dn.
1337 * Both dn and suffix must be normalized.
1341 const struct berval *dn,
1342 const struct berval *suffix )
1344 int d = dn->bv_len - suffix->bv_len;
1346 assert( dn != NULL );
1347 assert( suffix != NULL );
1349 /* empty suffix matches any dn */
1350 if ( suffix->bv_len == 0 ) {
1354 /* suffix longer than dn */
1359 /* no rdn separator or escaped rdn separator */
1360 if ( d > 1 && !DN_SEPARATOR( dn->bv_val[ d - 1 ] ) ) {
1364 /* no possible match or malformed dn */
1370 return( strcmp( dn->bv_val + d, suffix->bv_val ) == 0 );
1374 dnIsOneLevelRDN( struct berval *rdn )
1376 ber_len_t len = rdn->bv_len;
1378 if ( DN_SEPARATOR( rdn->bv_val[ len ] ) ) {
1387 static SLAP_CERT_MAP_FN *DNX509PeerNormalizeCertMap = NULL;
1390 int register_certificate_map_function(SLAP_CERT_MAP_FN *fn)
1393 if ( DNX509PeerNormalizeCertMap == NULL ) {
1394 DNX509PeerNormalizeCertMap = fn;
1404 * Convert an X.509 DN into a normalized LDAP DN
1407 dnX509normalize( void *x509_name, struct berval *out )
1409 /* Invoke the LDAP library's converter with our schema-rewriter */
1410 int rc = ldap_X509dn2bv( x509_name, out, LDAPDN_rewrite, 0 );
1412 Debug( LDAP_DEBUG_TRACE,
1413 "dnX509Normalize: <%s> (%d)\n",
1414 BER_BVISNULL( out ) ? "(null)" : out->bv_val, rc, 0 );
1420 * Get the TLS session's peer's DN into a normalized LDAP DN
1423 dnX509peerNormalize( void *ssl, struct berval *dn )
1425 int rc = LDAP_INVALID_CREDENTIALS;
1427 if ( DNX509PeerNormalizeCertMap != NULL )
1428 rc = (*DNX509PeerNormalizeCertMap)( ssl, dn );
1430 if ( rc != LDAP_SUCCESS ) {
1431 rc = ldap_pvt_tls_get_peer_dn( ssl, dn,
1432 (LDAPDN_rewrite_dummy *)LDAPDN_rewrite, 0 );
projects / openldap / blob