1 /* dn.c - routines for dealing with distinguished names */
4 * Copyright 1998-2002 The OpenLDAP Foundation, All Rights Reserved.
5 * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
13 #include <ac/socket.h>
14 #include <ac/string.h>
21 const struct berval slap_empty_bv = { 0, "" };
23 #define SLAP_LDAPDN_PRETTY 0x1
25 #define SLAP_LDAPDN_MAXLEN 8192
28 * The DN syntax-related functions take advantage of the dn representation
29 * handling functions ldap_str2dn/ldap_dn2str. The latter are not schema-
30 * aware, so the attributes and their values need be validated (and possibly
31 * normalized). In the current implementation the required validation/nor-
32 * malization/"pretty"ing are done on newly created DN structural represen-
33 * tations; however the idea is to move towards DN handling in structural
34 * representation instead of the current string representation. To this
35 * purpose, we need to do only the required operations and keep track of
36 * what has been done to minimize their impact on performances.
38 * Developers are strongly encouraged to use this feature, to speed-up
42 #define AVA_PRIVATE( ava ) ( ( AttributeDescription * )(ava)->la_private )
45 * In-place, schema-aware validation of the
46 * structural representation of a distinguished name.
49 LDAPDN_validate( LDAPDN *dn )
56 for ( iRDN = 0; dn[ 0 ][ iRDN ]; iRDN++ ) {
57 LDAPRDN *rdn = dn[ 0 ][ iRDN ];
62 for ( iAVA = 0; rdn[ 0 ][ iAVA ]; iAVA++ ) {
63 LDAPAVA *ava = rdn[ 0 ][ iAVA ];
64 AttributeDescription *ad;
65 slap_syntax_validate_func *validate = NULL;
69 if ( ( ad = AVA_PRIVATE( ava ) ) == NULL ) {
70 const char *text = NULL;
72 rc = slap_bv2ad( &ava->la_attr, &ad, &text );
73 if ( rc != LDAP_SUCCESS ) {
74 return LDAP_INVALID_SYNTAX;
77 ava->la_private = ( void * )ad;
81 * Replace attr oid/name with the canonical name
83 ava->la_attr = ad->ad_cname;
85 validate = ad->ad_type->sat_syntax->ssyn_validate;
89 * validate value by validate function
91 rc = ( *validate )( ad->ad_type->sat_syntax,
94 if ( rc != LDAP_SUCCESS ) {
95 return LDAP_INVALID_SYNTAX;
105 * dn validate routine
117 if ( in->bv_len == 0 ) {
120 } else if ( in->bv_len > SLAP_LDAPDN_MAXLEN ) {
121 return LDAP_INVALID_SYNTAX;
124 rc = ldap_bv2dn( in, &dn, LDAP_DN_FORMAT_LDAP );
125 if ( rc != LDAP_SUCCESS ) {
126 return LDAP_INVALID_SYNTAX;
129 assert( strlen( in->bv_val ) == in->bv_len );
132 * Schema-aware validate
134 rc = LDAPDN_validate( dn );
137 if ( rc != LDAP_SUCCESS ) {
138 return LDAP_INVALID_SYNTAX;
145 * AVA sorting inside a RDN
147 * rule: sort attributeTypes in alphabetical order; in case of multiple
148 * occurrences of the same attributeType, sort values in byte order
149 * (use memcmp, which implies alphabetical order in case of IA5 value;
150 * this should guarantee the repeatability of the operation).
152 * Note: the sorting can be slightly improved by sorting first
153 * by attribute type length, then by alphabetical order.
155 * uses a linear search; should be fine since the number of AVAs in
156 * a RDN should be limited.
159 AVA_Sort( LDAPRDN *rdn, int iAVA )
162 LDAPAVA *ava_in = rdn[ 0 ][ iAVA ];
167 for ( i = 0; i < iAVA; i++ ) {
168 LDAPAVA *ava = rdn[ 0 ][ i ];
173 a = strcmp( ava_in->la_attr.bv_val, ava->la_attr.bv_val );
182 d = ava_in->la_value.bv_len - ava->la_value.bv_len;
184 v = memcmp( ava_in->la_value.bv_val,
185 ava->la_value.bv_val,
186 d <= 0 ? ava_in->la_value.bv_len
187 : ava->la_value.bv_len );
189 if ( v == 0 && d != 0 ) {
208 a = strcmp( ava_in->la_attr.bv_val,
209 ava->la_attr.bv_val );
215 for ( j = iAVA; j > i; j-- ) {
216 rdn[ 0 ][ j ] = rdn[ 0 ][ j - 1 ];
218 rdn[ 0 ][ i ] = ava_in;
225 * In-place, schema-aware normalization / "pretty"ing of the
226 * structural representation of a distinguished name.
229 LDAPDN_rewrite( LDAPDN *dn, unsigned flags )
236 for ( iRDN = 0; dn[ 0 ][ iRDN ]; iRDN++ ) {
237 LDAPRDN *rdn = dn[ 0 ][ iRDN ];
242 for ( iAVA = 0; rdn[ 0 ][ iAVA ]; iAVA++ ) {
243 LDAPAVA *ava = rdn[ 0 ][ iAVA ];
244 AttributeDescription *ad;
245 slap_syntax_transform_func *transf = NULL;
247 struct berval bv = { 0, NULL };
252 if ( ( ad = AVA_PRIVATE( ava ) ) == NULL ) {
253 const char *text = NULL;
255 rc = slap_bv2ad( &ava->la_attr, &ad, &text );
256 if ( rc != LDAP_SUCCESS ) {
257 return LDAP_INVALID_SYNTAX;
260 ava->la_private = ( void * )ad;
265 * Replace attr oid/name with the canonical name
267 ava->la_attr = ad->ad_cname;
269 if( ava->la_flags & LDAP_AVA_BINARY ) {
270 /* AVA is binary encoded, don't muck with it */
274 } else if( flags & SLAP_LDAPDN_PRETTY ) {
275 transf = ad->ad_type->sat_syntax->ssyn_pretty;
278 transf = ad->ad_type->sat_syntax->ssyn_normalize;
279 mr = ad->ad_type->sat_equality;
284 * transform value by normalize/pretty function
285 * if value is empty, use empty_bv
287 rc = ( *transf )( ad->ad_type->sat_syntax,
290 : (struct berval *) &slap_empty_bv,
293 if ( rc != LDAP_SUCCESS ) {
294 return LDAP_INVALID_SYNTAX;
298 if( mr && ( mr->smr_usage & SLAP_MR_DN_FOLD ) ) {
301 if ( UTF8bvnormalize( &bv, &bv,
302 LDAP_UTF8_CASEFOLD ) == NULL ) {
303 return LDAP_INVALID_SYNTAX;
309 free( ava->la_value.bv_val );
313 if( do_sort ) AVA_Sort( rdn, iAVA );
321 * dn normalize routine
327 struct berval **normalized )
332 assert( normalized && *normalized == NULL );
334 out = ch_malloc( sizeof( struct berval ) );
335 rc = dnNormalize2( syntax, val, out );
336 if ( rc != LDAP_SUCCESS )
352 Debug( LDAP_DEBUG_TRACE, ">>> dnNormalize: <%s>\n", val->bv_val, 0, 0 );
354 if ( val->bv_len != 0 ) {
359 * Go to structural representation
361 rc = ldap_bv2dn( val, &dn, LDAP_DN_FORMAT_LDAP );
362 if ( rc != LDAP_SUCCESS ) {
363 return LDAP_INVALID_SYNTAX;
366 assert( strlen( val->bv_val ) == val->bv_len );
369 * Schema-aware rewrite
371 if ( LDAPDN_rewrite( dn, 0 ) != LDAP_SUCCESS ) {
373 return LDAP_INVALID_SYNTAX;
377 * Back to string representation
379 rc = ldap_dn2bv( dn, out, LDAP_DN_FORMAT_LDAPV3 );
383 if ( rc != LDAP_SUCCESS ) {
384 return LDAP_INVALID_SYNTAX;
387 ber_dupbv( out, val );
390 Debug( LDAP_DEBUG_TRACE, "<<< dnNormalize: <%s>\n", out->bv_val, 0, 0 );
396 * dn "pretty"ing routine
402 struct berval **pretty)
407 assert( pretty && *pretty == NULL );
409 out = ch_malloc( sizeof( struct berval ) );
410 rc = dnPretty2( syntax, val, out );
411 if ( rc != LDAP_SUCCESS )
427 Debug( LDAP_DEBUG_TRACE, ">>> dnPretty: <%s>\n", val->bv_val, 0, 0 );
429 if ( val->bv_len == 0 ) {
430 ber_dupbv( out, val );
432 } else if ( val->bv_len > SLAP_LDAPDN_MAXLEN ) {
433 return LDAP_INVALID_SYNTAX;
439 /* FIXME: should be liberal in what we accept */
440 rc = ldap_bv2dn( val, &dn, LDAP_DN_FORMAT_LDAP );
441 if ( rc != LDAP_SUCCESS ) {
442 return LDAP_INVALID_SYNTAX;
445 assert( strlen( val->bv_val ) == val->bv_len );
448 * Schema-aware rewrite
450 if ( LDAPDN_rewrite( dn, SLAP_LDAPDN_PRETTY ) != LDAP_SUCCESS ) {
452 return LDAP_INVALID_SYNTAX;
455 /* FIXME: not sure why the default isn't pretty */
456 /* RE: the default is the form that is used as
457 * an internal representation; the pretty form
459 rc = ldap_dn2bv( dn, out,
460 LDAP_DN_FORMAT_LDAPV3 | LDAP_DN_PRETTY );
464 if ( rc != LDAP_SUCCESS ) {
465 return LDAP_INVALID_SYNTAX;
469 Debug( LDAP_DEBUG_TRACE, "<<< dnPretty: <%s>\n", out->bv_val, 0, 0 );
475 * Combination of both dnPretty and dnNormalize
481 struct berval *pretty,
482 struct berval *normal)
484 Debug( LDAP_DEBUG_TRACE, ">>> dnPrettyNormal: <%s>\n", val->bv_val, 0, 0 );
490 if ( val->bv_len == 0 ) {
491 ber_dupbv( pretty, val );
492 ber_dupbv( normal, val );
494 } else if ( val->bv_len > SLAP_LDAPDN_MAXLEN ) {
496 return LDAP_INVALID_SYNTAX;
502 pretty->bv_val = NULL;
503 normal->bv_val = NULL;
507 /* FIXME: should be liberal in what we accept */
508 rc = ldap_bv2dn( val, &dn, LDAP_DN_FORMAT_LDAP );
509 if ( rc != LDAP_SUCCESS ) {
510 return LDAP_INVALID_SYNTAX;
513 assert( strlen( val->bv_val ) == val->bv_len );
516 * Schema-aware rewrite
518 if ( LDAPDN_rewrite( dn, SLAP_LDAPDN_PRETTY ) != LDAP_SUCCESS ) {
520 return LDAP_INVALID_SYNTAX;
523 rc = ldap_dn2bv( dn, pretty,
524 LDAP_DN_FORMAT_LDAPV3 | LDAP_DN_PRETTY );
526 if ( rc != LDAP_SUCCESS ) {
528 return LDAP_INVALID_SYNTAX;
531 if ( LDAPDN_rewrite( dn, 0 ) != LDAP_SUCCESS ) {
533 free( pretty->bv_val );
534 pretty->bv_val = NULL;
536 return LDAP_INVALID_SYNTAX;
539 rc = ldap_dn2bv( dn, normal, LDAP_DN_FORMAT_LDAPV3 );
542 if ( rc != LDAP_SUCCESS ) {
543 free( pretty->bv_val );
544 pretty->bv_val = NULL;
546 return LDAP_INVALID_SYNTAX;
550 Debug( LDAP_DEBUG_TRACE, "<<< dnPrettyNormal: <%s>, <%s>\n",
551 pretty->bv_val, normal->bv_val, 0 );
565 struct berval *value,
566 void *assertedValue )
569 struct berval *asserted = (struct berval *) assertedValue;
573 assert( assertedValue );
575 match = value->bv_len - asserted->bv_len;
578 match = memcmp( value->bv_val, asserted->bv_val,
583 LDAP_LOG(( "schema", LDAP_LEVEL_ENTRY,
584 "dnMatch: %d\n %s\n %s\n", match,
585 value->bv_val, asserted->bv_val ));
587 Debug( LDAP_DEBUG_ARGS, "dnMatch %d\n\t\"%s\"\n\t\"%s\"\n",
588 match, value->bv_val, asserted->bv_val );
592 return( LDAP_SUCCESS );
596 * dnParent - dn's parent, in-place
598 * note: the incoming dn is assumed to be normalized/prettyfied,
599 * so that escaped rdn/ava separators are in '\'+hexpair form
608 p = strchr( dn->bv_val, ',' );
612 *pdn = slap_empty_bv;
616 assert( DN_SEPARATOR( p[ 0 ] ) );
619 assert( ATTR_LEADCHAR( p[ 0 ] ) );
621 pdn->bv_len = dn->bv_len - (p - dn->bv_val);
638 if( dn->bv_len == 0 ) {
642 rc = ldap_bv2rdn( dn, &tmpRDN, (char **)&p, LDAP_DN_FORMAT_LDAP );
643 if ( rc != LDAP_SUCCESS ) {
647 rc = ldap_rdn2bv( tmpRDN, rdn, LDAP_DN_FORMAT_LDAPV3 );
648 ldap_rdnfree( tmpRDN );
649 if ( rc != LDAP_SUCCESS ) {
657 * We can assume the input is a prettied or normalized DN
662 struct berval *dn_in )
668 if ( dn_in == NULL ) {
672 if ( !dn_in->bv_len ) {
676 if ( be != NULL && be_issuffix( be, dn_in ) ) {
680 p = strchr( dn_in->bv_val, ',' );
682 return p ? p - dn_in->bv_val : dn_in->bv_len;
688 * LDAP_SUCCESS if rdn is a legal rdn;
689 * LDAP_INVALID_SYNTAX otherwise (including a sequence of rdns)
692 rdnValidate( struct berval *rdn )
696 * input is a pretty or normalized DN
697 * hence, we can just search for ','
699 if( rdn == NULL || rdn->bv_len == 0 ||
700 rdn->bv_len > SLAP_LDAPDN_MAXLEN )
702 return LDAP_INVALID_SYNTAX;
705 return strchr( rdn->bv_val, ',' ) == NULL
706 ? LDAP_SUCCESS : LDAP_INVALID_SYNTAX;
709 LDAPRDN *RDN, **DN[ 2 ] = { &RDN, NULL };
716 if ( rdn == NULL || rdn == '\0' ) {
723 rc = ldap_bv2rdn( rdn, &RDN, (char **)&p, LDAP_DN_FORMAT_LDAP );
724 if ( rc != LDAP_SUCCESS ) {
731 if ( p[ 0 ] != '\0' ) {
736 * Schema-aware validate
738 if ( rc == LDAP_SUCCESS ) {
739 rc = LDAPDN_validate( DN );
744 * Must validate (there's a repeated parsing ...)
746 return ( rc == LDAP_SUCCESS );
753 * Used by ldbm/bdb2 back_modrdn to create the new dn of entries being
756 * new_dn = parent (p_dn) + separator + rdn (newrdn) + null.
760 build_new_dn( struct berval * new_dn,
761 struct berval * parent_dn,
762 struct berval * newrdn )
766 if ( parent_dn == NULL ) {
767 ber_dupbv( new_dn, newrdn );
771 new_dn->bv_len = parent_dn->bv_len + newrdn->bv_len + 1;
772 new_dn->bv_val = (char *) ch_malloc( new_dn->bv_len + 1 );
774 ptr = slap_strcopy( new_dn->bv_val, newrdn->bv_val );
776 strcpy( ptr, parent_dn->bv_val );
781 * dnIsSuffix - tells whether suffix is a suffix of dn.
782 * Both dn and suffix must be normalized.
786 const struct berval *dn,
787 const struct berval *suffix )
789 int d = dn->bv_len - suffix->bv_len;
794 /* empty suffix matches any dn */
795 if ( suffix->bv_len == 0 ) {
799 /* suffix longer than dn */
804 /* no rdn separator or escaped rdn separator */
805 if ( d > 1 && !DN_SEPARATOR( dn->bv_val[ d - 1 ] ) ) {
809 /* no possible match or malformed dn */
815 return( strcmp( dn->bv_val + d, suffix->bv_val ) == 0 );
projects / openldap / blob