+ /*
+ * LDAPv2 allows the attribute value to be quoted;
+ * also, IA5 values are expected, in principle
+ */
+ if ( LDAP_DN_LDAPV2( flags ) || LDAP_DN_LDAP( flags ) ) {
+ if ( LDAP_DN_QUOTES( p[ 0 ] ) ) {
+ p++;
+ state = B4IA5VALUEQUOTED;
+ break;
+ }
+
+ if ( LDAP_DN_LDAPV2( flags ) ) {
+ state = B4IA5VALUE;
+ break;
+ }
+ }
+
+ /*
+ * here STRING means RFC 2253 string
+ * FIXME: what about DCE strings?
+ */
+ if ( !p[ 0 ] ) {
+ /* empty value */
+ state = GOTAVA;
+ } else {
+ state = B4STRINGVALUE;
+ }
+ break;
+
+ case B4BINARYVALUE:
+ if ( hexstr2binval( p, &attrValue, &p, flags ) ) {
+ goto parsing_error;
+ }
+
+ state = GOTAVA;
+ break;
+
+ case B4STRINGVALUE:
+ switch ( LDAP_DN_FORMAT( flags ) ) {
+ case LDAP_DN_FORMAT_LDAP:
+ case LDAP_DN_FORMAT_LDAPV3:
+ if ( str2strval( p, &attrValue, &p, flags,
+ &attrValueEncoding ) ) {
+ goto parsing_error;
+ }
+ break;
+
+ case LDAP_DN_FORMAT_DCE:
+ if ( DCE2strval( p, &attrValue, &p, flags ) ) {
+ goto parsing_error;
+ }
+ break;
+
+ default:
+ assert( 0 );
+ }
+
+ state = GOTAVA;
+ break;
+
+ case B4IA5VALUE:
+ if ( IA52strval( p, &attrValue, &p, flags ) ) {
+ goto parsing_error;
+ }
+
+ state = GOTAVA;
+ break;
+
+ case B4IA5VALUEQUOTED:
+
+ /* lead quote already stripped */
+ if ( quotedIA52strval( p, &attrValue,
+ &p, flags ) ) {
+ goto parsing_error;
+ }
+
+ state = GOTAVA;
+ break;
+
+ case GOTAVA: {
+ int rdnsep = 0;
+
+ if ( !( flags & LDAP_DN_SKIP ) ) {
+ LDAPAVA *ava;
+
+ /*
+ * we accept empty values
+ */
+ ava = ldapava_new( &attrType, &attrValue,
+ attrValueEncoding );
+
+ if ( ava == NULL ) {
+ rc = LDAP_NO_MEMORY;
+ goto parsing_error;
+ }
+ tmpRDN[navas++] = ava;
+
+ attrValue.bv_val = NULL;
+ attrValue.bv_len = 0;
+
+ /*
+ * prepare room for new AVAs if needed
+ */
+ if (navas == num_slots) {
+ LDAPAVA **tmp;
+
+ if ( tmpRDN == tmpRDN_ ) {
+ tmp = LDAP_MALLOC( num_slots * 2 * sizeof( LDAPAVA * ) );
+ if ( tmp == NULL ) {
+ rc = LDAP_NO_MEMORY;
+ goto parsing_error;
+ }
+ AC_MEMCPY( tmp, tmpRDN, num_slots * sizeof( LDAPAVA * ) );
+
+ } else {
+ tmp = LDAP_REALLOC( tmpRDN, num_slots * 2 * sizeof( LDAPAVA * ) );
+ if ( tmp == NULL ) {
+ rc = LDAP_NO_MEMORY;
+ goto parsing_error;
+ }
+ }
+
+ tmpRDN = tmp;
+ num_slots *= 2;
+ }
+ }
+
+ /*
+ * if we got an AVA separator ('+', or ',' for DCE )
+ * we expect a new AVA for this RDN; otherwise
+ * we add the RDN to the DN
+ */
+ switch ( LDAP_DN_FORMAT( flags ) ) {
+ case LDAP_DN_FORMAT_LDAP:
+ case LDAP_DN_FORMAT_LDAPV3:
+ case LDAP_DN_FORMAT_LDAPV2:
+ if ( !LDAP_DN_AVA_SEP( p[ 0 ] ) ) {
+ rdnsep = 1;
+ }
+ break;
+
+ case LDAP_DN_FORMAT_DCE:
+ if ( !LDAP_DN_AVA_SEP_DCE( p[ 0 ] ) ) {
+ rdnsep = 1;
+ }
+ break;
+ }
+
+ if ( rdnsep ) {
+ /*
+ * the RDN is over, phew
+ */
+ *n = p;
+ if ( !( flags & LDAP_DN_SKIP ) ) {
+ newRDN = (LDAPRDN *)LDAP_MALLOC( sizeof(LDAPRDN)
+ + sizeof(LDAPAVA *) * (navas+1) );
+ if ( newRDN == NULL ) {
+ rc = LDAP_NO_MEMORY;
+ goto parsing_error;
+ } else {
+ int i;
+
+ newRDN[0] = (LDAPAVA**)(newRDN+1);
+
+ for (i=0; i<navas; i++)
+ newRDN[0][i] = tmpRDN[i];
+ newRDN[0][i] = NULL;
+ }
+
+ }
+ rc = LDAP_SUCCESS;
+ goto return_result;
+ }
+
+ /* they should have been used in an AVA */
+ attrType.bv_val = NULL;
+ attrValue.bv_val = NULL;
+
+ p++;
+ state = B4AVA;
+ break;
+ }
+
+ default:
+ assert( 0 );
+ goto parsing_error;
+ }
+ }
+ *n = p;
+
+parsing_error:;
+ /* They are set to NULL after they're used in an AVA */
+
+ if ( attrValue.bv_val ) {
+ free( attrValue.bv_val );
+ }
+
+ for ( navas-- ; navas >= 0; navas-- ) {
+ ldap_avafree( tmpRDN[navas] );
+ }
+
+return_result:;
+
+ if ( tmpRDN != tmpRDN_ ) {
+ LDAP_FREE( tmpRDN );
+ }
+
+#if 0
+ Debug( LDAP_DEBUG_TRACE, "<= ldap_str2rdn(%*s)=%d\n",
+ p - str, str, rc );
+#endif
+
+ if ( rdn ) {
+ *rdn = newRDN;
+ }
+
+ return( rc );
+}
+
+/*
+ * reads in a UTF-8 string value, unescaping stuff:
+ * '\' + LDAP_DN_NEEDESCAPE(c) -> 'c'
+ * '\' + HEXPAIR(p) -> unhex(p)
+ */
+static int
+str2strval( const char *str, struct berval *val, const char **next, unsigned flags, unsigned *retFlags )
+{
+ const char *p, *startPos, *endPos = NULL;
+ ber_len_t len, escapes;
+
+ assert( str );
+ assert( val );
+ assert( next );
+
+ *next = NULL;
+
+ for ( startPos = p = str, escapes = 0; p[ 0 ]; p++ ) {
+ if ( LDAP_DN_ESCAPE( p[ 0 ] ) ) {
+ p++;
+ if ( p[ 0 ] == '\0' ) {
+ return( 1 );
+ }
+ if ( LDAP_DN_MAYESCAPE( p[ 0 ] ) ) {
+ escapes++;
+ continue;
+ }
+
+ if ( LDAP_DN_HEXPAIR( p ) ) {
+ char c;
+
+ hexstr2bin( p, &c );
+ escapes += 2;
+
+ if ( !LDAP_DN_ASCII_PRINTABLE( c ) ) {
+
+ /*
+ * we assume the string is UTF-8
+ */
+ *retFlags = LDAP_AVA_NONPRINTABLE;
+ }
+ p++;
+
+ continue;
+ }
+
+ if ( LDAP_DN_PEDANTIC & flags ) {
+ return( 1 );
+ }
+ /*
+ * we do not allow escaping
+ * of chars that don't need
+ * to and do not belong to
+ * HEXDIGITS
+ */
+ return( 1 );
+
+ } else if (!LDAP_DN_ASCII_PRINTABLE( p[ 0 ] ) ) {
+ *retFlags = LDAP_AVA_NONPRINTABLE;
+
+ } else if ( ( LDAP_DN_LDAP( flags ) && LDAP_DN_VALUE_END_V2( p[ 0 ] ) )
+ || ( LDAP_DN_LDAPV3( flags ) && LDAP_DN_VALUE_END( p[ 0 ] ) ) ) {
+ break;
+
+ } else if ( LDAP_DN_NEEDESCAPE( p[ 0 ] ) ) {
+ /*
+ * FIXME: maybe we can add
+ * escapes if not pedantic?
+ */
+ return( 1 );
+ }
+ }
+
+ /*
+ * we do allow unescaped spaces at the end
+ * of the value only in non-pedantic mode
+ */
+ if ( p > startPos + 1 && LDAP_DN_ASCII_SPACE( p[ -1 ] ) &&
+ !LDAP_DN_ESCAPE( p[ -2 ] ) ) {
+ if ( flags & LDAP_DN_PEDANTIC ) {
+ return( 1 );
+ }
+
+ /* strip trailing (unescaped) spaces */
+ for ( endPos = p - 1;
+ endPos > startPos + 1 &&
+ LDAP_DN_ASCII_SPACE( endPos[ -1 ] ) &&
+ !LDAP_DN_ESCAPE( endPos[ -2 ] );
+ endPos-- ) {
+ /* no op */
+ }
+ }
+
+ *next = p;
+ if ( flags & LDAP_DN_SKIP ) {
+ return( 0 );
+ }
+
+ /*
+ * FIXME: test memory?
+ */
+ len = ( endPos ? endPos : p ) - startPos - escapes;
+ val->bv_len = len;
+
+ if ( escapes == 0 ) {
+ val->bv_val = LDAP_STRNDUP( startPos, len );
+
+ } else {
+ ber_len_t s, d;
+
+ val->bv_val = LDAP_MALLOC( len + 1 );
+ for ( s = 0, d = 0; d < len; ) {
+ if ( LDAP_DN_ESCAPE( startPos[ s ] ) ) {
+ s++;
+ if ( LDAP_DN_MAYESCAPE( startPos[ s ] ) ) {
+ val->bv_val[ d++ ] =
+ startPos[ s++ ];
+
+ } else if ( LDAP_DN_HEXPAIR( &startPos[ s ] ) ) {
+ char c;
+
+ hexstr2bin( &startPos[ s ], &c );
+ val->bv_val[ d++ ] = c;
+ s += 2;
+
+ } else {
+ /* we should never get here */
+ assert( 0 );
+ }
+
+ } else {
+ val->bv_val[ d++ ] = startPos[ s++ ];
+ }
+ }
+
+ val->bv_val[ d ] = '\0';
+ assert( d == len );
+ }
+
+ return( 0 );
+}
+
+static int
+DCE2strval( const char *str, struct berval *val, const char **next, unsigned flags )
+{
+ const char *p, *startPos, *endPos = NULL;
+ ber_len_t len, escapes;
+
+ assert( str );
+ assert( val );
+ assert( next );
+
+ *next = NULL;
+
+ for ( startPos = p = str, escapes = 0; p[ 0 ]; p++ ) {
+ if ( LDAP_DN_ESCAPE_DCE( p[ 0 ] ) ) {
+ p++;
+ if ( LDAP_DN_NEEDESCAPE_DCE( p[ 0 ] ) ) {
+ escapes++;
+
+ } else {
+ return( 1 );
+ }
+
+ } else if ( LDAP_DN_VALUE_END_DCE( p[ 0 ] ) ) {
+ break;
+ }
+
+ /*
+ * FIXME: can we accept anything else? I guess we need
+ * to stop if a value is not legal
+ */
+ }
+
+ /*
+ * (unescaped) trailing spaces are trimmed must be silently ignored;
+ * so we eat them
+ */
+ if ( p > startPos + 1 && LDAP_DN_ASCII_SPACE( p[ -1 ] ) &&
+ !LDAP_DN_ESCAPE( p[ -2 ] ) ) {
+ if ( flags & LDAP_DN_PEDANTIC ) {
+ return( 1 );
+ }
+
+ /* strip trailing (unescaped) spaces */
+ for ( endPos = p - 1;
+ endPos > startPos + 1 &&
+ LDAP_DN_ASCII_SPACE( endPos[ -1 ] ) &&
+ !LDAP_DN_ESCAPE( endPos[ -2 ] );
+ endPos-- ) {
+ /* no op */
+ }
+ }
+
+ *next = p;
+ if ( flags & LDAP_DN_SKIP ) {
+ return( 0 );
+ }
+
+ len = ( endPos ? endPos : p ) - startPos - escapes;
+ val->bv_len = len;
+ if ( escapes == 0 ){
+ val->bv_val = LDAP_STRNDUP( startPos, len );
+
+ } else {
+ ber_len_t s, d;
+
+ val->bv_val = LDAP_MALLOC( len + 1 );
+ for ( s = 0, d = 0; d < len; ) {
+ /*
+ * This point is reached only if escapes
+ * are properly used, so all we need to
+ * do is eat them
+ */
+ if ( LDAP_DN_ESCAPE_DCE( startPos[ s ] ) ) {
+ s++;
+
+ }
+ val->bv_val[ d++ ] = startPos[ s++ ];
+ }
+ val->bv_val[ d ] = '\0';
+ assert( strlen( val->bv_val ) == len );
+ }
+
+ return( 0 );
+}
+
+static int
+IA52strval( const char *str, struct berval *val, const char **next, unsigned flags )
+{
+ const char *p, *startPos, *endPos = NULL;
+ ber_len_t len, escapes;
+
+ assert( str );
+ assert( val );
+ assert( next );
+
+ *next = NULL;
+
+ /*
+ * LDAPv2 (RFC 1779)
+ */
+
+ for ( startPos = p = str, escapes = 0; p[ 0 ]; p++ ) {
+ if ( LDAP_DN_ESCAPE( p[ 0 ] ) ) {
+ p++;
+ if ( p[ 0 ] == '\0' ) {
+ return( 1 );
+ }
+
+ if ( !LDAP_DN_NEEDESCAPE( p[ 0 ] )
+ && ( LDAP_DN_PEDANTIC & flags ) ) {
+ return( 1 );
+ }
+ escapes++;
+
+ } else if ( LDAP_DN_VALUE_END_V2( p[ 0 ] ) ) {
+ break;
+ }
+
+ /*
+ * FIXME: can we accept anything else? I guess we need
+ * to stop if a value is not legal
+ */
+ }
+
+ /* strip trailing (unescaped) spaces */
+ for ( endPos = p;
+ endPos > startPos + 1 &&
+ LDAP_DN_ASCII_SPACE( endPos[ -1 ] ) &&
+ !LDAP_DN_ESCAPE( endPos[ -2 ] );
+ endPos-- ) {
+ /* no op */
+ }
+
+ *next = p;
+ if ( flags & LDAP_DN_SKIP ) {
+ return( 0 );
+ }
+
+ len = ( endPos ? endPos : p ) - startPos - escapes;
+ val->bv_len = len;
+ if ( escapes == 0 ) {
+ val->bv_val = LDAP_STRNDUP( startPos, len );
+
+ } else {
+ ber_len_t s, d;
+
+ val->bv_val = LDAP_MALLOC( len + 1 );
+ for ( s = 0, d = 0; d < len; ) {
+ if ( LDAP_DN_ESCAPE( startPos[ s ] ) ) {
+ s++;
+ }
+ val->bv_val[ d++ ] = startPos[ s++ ];
+ }
+ val->bv_val[ d ] = '\0';
+ assert( strlen( val->bv_val ) == len );
+ }
+
+ return( 0 );
+}
+
+static int
+quotedIA52strval( const char *str, struct berval *val, const char **next, unsigned flags )
+{
+ const char *p, *startPos, *endPos = NULL;
+ ber_len_t len;
+ unsigned escapes = 0;
+
+ assert( str );
+ assert( val );
+ assert( next );
+
+ *next = NULL;
+
+ /* initial quote already eaten */
+ for ( startPos = p = str; p[ 0 ]; p++ ) {
+ /*
+ * According to RFC 1779, the quoted value can
+ * contain escaped as well as unescaped special values;
+ * as a consequence we tolerate escaped values
+ * (e.g. '"\,"' -> '\,') and escape unescaped specials
+ * (e.g. '","' -> '\,').
+ */
+ if ( LDAP_DN_ESCAPE( p[ 0 ] ) ) {
+ if ( p[ 1 ] == '\0' ) {
+ return( 1 );
+ }
+ p++;
+
+ if ( !LDAP_DN_V2_PAIR( p[ 0 ] )
+ && ( LDAP_DN_PEDANTIC & flags ) ) {
+ /*
+ * do we allow to escape normal chars?
+ * LDAPv2 does not allow any mechanism
+ * for escaping chars with '\' and hex
+ * pair
+ */
+ return( 1 );
+ }
+ escapes++;
+
+ } else if ( LDAP_DN_QUOTES( p[ 0 ] ) ) {
+ endPos = p;
+ /* eat closing quotes */
+ p++;
+ break;
+ }
+
+ /*
+ * FIXME: can we accept anything else? I guess we need
+ * to stop if a value is not legal
+ */
+ }
+
+ if ( endPos == NULL ) {
+ return( 1 );
+ }
+
+ /* Strip trailing (unescaped) spaces */
+ for ( ; p[ 0 ] && LDAP_DN_ASCII_SPACE( p[ 0 ] ); p++ ) {
+ /* no op */
+ }
+
+ *next = p;
+ if ( flags & LDAP_DN_SKIP ) {
+ return( 0 );
+ }
+
+ len = endPos - startPos - escapes;
+ assert( len >= 0 );
+ val->bv_len = len;
+ if ( escapes == 0 ) {
+ val->bv_val = LDAP_STRNDUP( startPos, len );
+
+ } else {
+ ber_len_t s, d;
+
+ val->bv_val = LDAP_MALLOC( len + 1 );
+ val->bv_len = len;
+
+ for ( s = d = 0; d < len; ) {
+ if ( LDAP_DN_ESCAPE( str[ s ] ) ) {
+ s++;
+ }
+ val->bv_val[ d++ ] = str[ s++ ];
+ }
+ val->bv_val[ d ] = '\0';
+ assert( strlen( val->bv_val ) == len );
+ }
+
+ return( 0 );
+}
+
+static int
+hexstr2bin( const char *str, char *c )
+{
+ char c1, c2;
+
+ assert( str );
+ assert( c );
+
+ c1 = str[ 0 ];
+ c2 = str[ 1 ];
+
+ if ( LDAP_DN_ASCII_DIGIT( c1 ) ) {
+ *c = c1 - '0';
+
+ } else {
+ if ( LDAP_DN_ASCII_UCASE_HEXALPHA( c1 ) ) {
+ *c = c1 - 'A' + 10;
+ } else {
+ assert( LDAP_DN_ASCII_LCASE_HEXALPHA( c1 ) );
+ *c = c1 - 'a' + 10;
+ }
+ }
+
+ *c <<= 4;
+
+ if ( LDAP_DN_ASCII_DIGIT( c2 ) ) {
+ *c += c2 - '0';
+
+ } else {
+ if ( LDAP_DN_ASCII_UCASE_HEXALPHA( c2 ) ) {
+ *c += c2 - 'A' + 10;
+ } else {
+ assert( LDAP_DN_ASCII_LCASE_HEXALPHA( c2 ) );
+ *c += c2 - 'a' + 10;
+ }
+ }
+
+ return( 0 );
+}
+
+static int
+hexstr2binval( const char *str, struct berval *val, const char **next, unsigned flags )
+{
+ const char *p, *startPos, *endPos = NULL;
+ ber_len_t len;
+ ber_len_t s, d;
+
+ assert( str );
+ assert( val );
+ assert( next );
+
+ *next = NULL;
+
+ for ( startPos = p = str; p[ 0 ]; p += 2 ) {
+ switch ( LDAP_DN_FORMAT( flags ) ) {
+ case LDAP_DN_FORMAT_LDAPV3:
+ if ( LDAP_DN_VALUE_END( p[ 0 ] ) ) {
+ goto end_of_value;
+ }
+ break;
+
+ case LDAP_DN_FORMAT_LDAP:
+ case LDAP_DN_FORMAT_LDAPV2:
+ if ( LDAP_DN_VALUE_END_V2( p[ 0 ] ) ) {
+ goto end_of_value;
+ }
+ break;
+
+ case LDAP_DN_FORMAT_DCE:
+ if ( LDAP_DN_VALUE_END_DCE( p[ 0 ] ) ) {
+ goto end_of_value;
+ }
+ break;
+ }
+
+ if ( LDAP_DN_ASCII_SPACE( p[ 0 ] ) ) {
+ if ( flags & LDAP_DN_PEDANTIC ) {
+ return( 1 );
+ }
+ endPos = p;
+
+ for ( ; p[ 0 ]; p++ ) {
+ switch ( LDAP_DN_FORMAT( flags ) ) {
+ case LDAP_DN_FORMAT_LDAPV3:
+ if ( LDAP_DN_VALUE_END( p[ 0 ] ) ) {
+ goto end_of_value;
+ }
+ break;
+
+ case LDAP_DN_FORMAT_LDAP:
+ case LDAP_DN_FORMAT_LDAPV2:
+ if ( LDAP_DN_VALUE_END_V2( p[ 0 ] ) ) {
+ goto end_of_value;
+ }
+ break;
+
+ case LDAP_DN_FORMAT_DCE:
+ if ( LDAP_DN_VALUE_END_DCE( p[ 0 ] ) ) {
+ goto end_of_value;
+ }
+ break;
+ }
+ }
+ break;
+ }
+
+ if ( !LDAP_DN_HEXPAIR( p ) ) {
+ return( 1 );
+ }
+ }
+
+end_of_value:;
+
+ *next = p;
+ if ( flags & LDAP_DN_SKIP ) {
+ return( 0 );
+ }
+
+ len = ( ( endPos ? endPos : p ) - startPos ) / 2;
+ /* must be even! */
+ assert( 2 * len == (ber_len_t) (( endPos ? endPos : p ) - startPos ));
+
+ val->bv_len = len;
+ val->bv_val = LDAP_MALLOC( len + 1 );
+ if ( val->bv_val == NULL ) {
+ return( LDAP_NO_MEMORY );
+ }
+
+ for ( s = 0, d = 0; d < len; s += 2, d++ ) {
+ char c;
+
+ hexstr2bin( &startPos[ s ], &c );
+
+ val->bv_val[ d ] = c;
+ }
+
+ val->bv_val[ d ] = '\0';
+
+ return( 0 );
+}
+
+/*
+ * convert a byte in a hexadecimal pair
+ */
+static int
+byte2hexpair( const char *val, char *pair )
+{
+ static const char hexdig[] = "0123456789ABCDEF";
+
+ assert( val );
+ assert( pair );
+
+ /*
+ * we assume the string has enough room for the hex encoding
+ * of the value
+ */
+
+ pair[ 0 ] = hexdig[ 0x0f & ( val[ 0 ] >> 4 ) ];
+ pair[ 1 ] = hexdig[ 0x0f & val[ 0 ] ];
+
+ return( 0 );
+}
+
+/*
+ * convert a binary value in hexadecimal pairs
+ */
+static int
+binval2hexstr( struct berval *val, char *str )
+{
+ ber_len_t s, d;
+
+ assert( val );
+ assert( str );
+
+ if ( val->bv_len == 0 ) {
+ return( 0 );
+ }
+
+ /*
+ * we assume the string has enough room for the hex encoding
+ * of the value
+ */
+
+ for ( s = 0, d = 0; s < val->bv_len; s++, d += 2 ) {
+ byte2hexpair( &val->bv_val[ s ], &str[ d ] );
+ }
+
+ return( 0 );
+}
+
+/*
+ * Length of the string representation, accounting for escaped hex
+ * of UTF-8 chars
+ */
+static int
+strval2strlen( struct berval *val, unsigned flags, ber_len_t *len )
+{
+ ber_len_t l, cl = 1;
+ char *p;
+ int escaped_byte_len = LDAP_DN_IS_PRETTY( flags ) ? 1 : 3;
+#ifdef PRETTY_ESCAPE
+ int escaped_ascii_len = LDAP_DN_IS_PRETTY( flags ) ? 2 : 3;
+#endif /* PRETTY_ESCAPE */
+
+ assert( val );
+ assert( len );
+
+ *len = 0;
+ if ( val->bv_len == 0 ) {
+ return( 0 );
+ }
+
+ for ( l = 0, p = val->bv_val; p < val->bv_val + val->bv_len; p += cl ) {
+
+ /*
+ * escape '%x00'
+ */
+ if ( p[ 0 ] == '\0' ) {
+ cl = 1;
+ l += 3;
+ continue;
+ }
+
+ cl = LDAP_UTF8_CHARLEN2( p, cl );
+ if ( cl == 0 ) {
+ /* illegal utf-8 char! */
+ return( -1 );
+
+ } else if ( cl > 1 ) {
+ ber_len_t cnt;
+
+ for ( cnt = 1; cnt < cl; cnt++ ) {
+ if ( ( p[ cnt ] & 0xc0 ) != 0x80 ) {
+ return( -1 );
+ }
+ }
+ l += escaped_byte_len * cl;
+
+ } else if ( LDAP_DN_NEEDESCAPE( p[ 0 ] )
+ || ( p == val->bv_val && LDAP_DN_NEEDESCAPE_LEAD( p[ 0 ] ) )
+ || ( !p[ 1 ] && LDAP_DN_NEEDESCAPE_TRAIL( p[ 0 ] ) ) ) {
+#ifdef PRETTY_ESCAPE
+#if 0
+ if ( LDAP_DN_WILLESCAPE_HEX( flags, p[ 0 ] ) ) {
+#else
+ if ( LDAP_DN_WILLESCAPE_CHAR( p[ 0 ] ) ) {
+#endif
+
+ /*
+ * there might be some chars we want
+ * to escape in form of a couple
+ * of hexdigits for optimization purposes
+ */
+ l += 3;
+
+ } else {
+ l += escaped_ascii_len;
+ }
+#else /* ! PRETTY_ESCAPE */
+ l += 3;
+#endif /* ! PRETTY_ESCAPE */
+
+ } else {
+ l++;
+ }
+ }
+
+ *len = l;
+
+ return( 0 );
+}
+
+/*
+ * convert to string representation, escaping with hex the UTF-8 stuff;
+ * assume the destination has enough room for escaping
+ */
+static int
+strval2str( struct berval *val, char *str, unsigned flags, ber_len_t *len )
+{
+ ber_len_t s, d, end;
+
+ assert( val );
+ assert( str );
+ assert( len );
+
+ if ( val->bv_len == 0 ) {
+ *len = 0;
+ return( 0 );
+ }
+
+ /*
+ * we assume the string has enough room for the hex encoding
+ * of the value
+ */
+ for ( s = 0, d = 0, end = val->bv_len - 1; s < val->bv_len; ) {
+ ber_len_t cl;
+
+ /*
+ * escape '%x00'
+ */
+ if ( val->bv_val[ s ] == '\0' ) {
+ cl = 1;
+ str[ d++ ] = '\\';
+ str[ d++ ] = '0';
+ str[ d++ ] = '0';
+ s++;
+ continue;
+ }
+
+ /*
+ * The length was checked in strval2strlen();
+ * LDAP_UTF8_CHARLEN() should suffice
+ */
+ cl = LDAP_UTF8_CHARLEN2( &val->bv_val[ s ], cl );
+ assert( cl > 0 );
+
+ /*
+ * there might be some chars we want to escape in form
+ * of a couple of hexdigits for optimization purposes
+ */
+ if ( ( cl > 1 && !LDAP_DN_IS_PRETTY( flags ) )
+#ifdef PRETTY_ESCAPE
+#if 0
+ || LDAP_DN_WILLESCAPE_HEX( flags, val->bv_val[ s ] )
+#else
+ || LDAP_DN_WILLESCAPE_CHAR( val->bv_val[ s ] )
+#endif
+#else /* ! PRETTY_ESCAPE */
+ || LDAP_DN_NEEDESCAPE( val->bv_val[ s ] )
+ || ( d == 0 && LDAP_DN_NEEDESCAPE_LEAD( val->bv_val[ s ] ) )
+ || ( s == end && LDAP_DN_NEEDESCAPE_TRAIL( val->bv_val[ s ] ) )
+
+#endif /* ! PRETTY_ESCAPE */
+ ) {
+ for ( ; cl--; ) {
+ str[ d++ ] = '\\';
+ byte2hexpair( &val->bv_val[ s ], &str[ d ] );
+ s++;
+ d += 2;
+ }
+
+ } else if ( cl > 1 ) {
+ for ( ; cl--; ) {
+ str[ d++ ] = val->bv_val[ s++ ];
+ }
+
+ } else {
+#ifdef PRETTY_ESCAPE
+ if ( LDAP_DN_NEEDESCAPE( val->bv_val[ s ] )
+ || ( d == 0 && LDAP_DN_NEEDESCAPE_LEAD( val->bv_val[ s ] ) )
+ || ( s == end && LDAP_DN_NEEDESCAPE_TRAIL( val->bv_val[ s ] ) ) ) {
+ str[ d++ ] = '\\';
+ if ( !LDAP_DN_IS_PRETTY( flags ) ) {
+ byte2hexpair( &val->bv_val[ s ], &str[ d ] );
+ s++;
+ d += 2;
+ continue;
+ }
+ }
+#endif /* PRETTY_ESCAPE */
+ str[ d++ ] = val->bv_val[ s++ ];
+ }
+ }
+
+ *len = d;
+
+ return( 0 );
+}
+
+/*
+ * Length of the IA5 string representation (no UTF-8 allowed)
+ */
+static int
+strval2IA5strlen( struct berval *val, unsigned flags, ber_len_t *len )
+{
+ ber_len_t l;
+ char *p;
+
+ assert( val );
+ assert( len );
+
+ *len = 0;
+ if ( val->bv_len == 0 ) {
+ return( 0 );
+ }
+
+ if ( flags & LDAP_AVA_NONPRINTABLE ) {
+ /*
+ * Turn value into a binary encoded BER
+ */
+ return( -1 );
+
+ } else {
+ for ( l = 0, p = val->bv_val; p[ 0 ]; p++ ) {
+ if ( LDAP_DN_NEEDESCAPE( p[ 0 ] )
+ || ( p == val->bv_val && LDAP_DN_NEEDESCAPE_LEAD( p[ 0 ] ) )
+ || ( !p[ 1 ] && LDAP_DN_NEEDESCAPE_TRAIL( p[ 0 ] ) ) ) {
+ l += 2;
+
+ } else {
+ l++;
+ }
+ }
+ }
+
+ *len = l;
+
+ return( 0 );
+}
+
+/*
+ * convert to string representation (np UTF-8)
+ * assume the destination has enough room for escaping
+ */
+static int
+strval2IA5str( struct berval *val, char *str, unsigned flags, ber_len_t *len )
+{
+ ber_len_t s, d, end;
+
+ assert( val );
+ assert( str );
+ assert( len );
+
+ if ( val->bv_len == 0 ) {
+ *len = 0;
+ return( 0 );
+ }
+
+ if ( flags & LDAP_AVA_NONPRINTABLE ) {
+ /*
+ * Turn value into a binary encoded BER
+ */
+ *len = 0;
+ return( -1 );
+
+ } else {
+ /*
+ * we assume the string has enough room for the hex encoding
+ * of the value
+ */
+
+ for ( s = 0, d = 0, end = val->bv_len - 1; s < val->bv_len; ) {
+ if ( LDAP_DN_NEEDESCAPE( val->bv_val[ s ] )
+ || ( s == 0 && LDAP_DN_NEEDESCAPE_LEAD( val->bv_val[ s ] ) )
+ || ( s == end && LDAP_DN_NEEDESCAPE_TRAIL( val->bv_val[ s ] ) ) ) {
+ str[ d++ ] = '\\';
+ }
+ str[ d++ ] = val->bv_val[ s++ ];
+ }
+ }
+
+ *len = d;
+
+ return( 0 );
+}
+
+/*
+ * Length of the (supposedly) DCE string representation,
+ * accounting for escaped hex of UTF-8 chars
+ */
+static int
+strval2DCEstrlen( struct berval *val, unsigned flags, ber_len_t *len )
+{
+ ber_len_t l;
+ char *p;
+
+ assert( val );
+ assert( len );
+
+ *len = 0;
+ if ( val->bv_len == 0 ) {
+ return( 0 );
+ }
+
+ if ( flags & LDAP_AVA_NONPRINTABLE ) {
+ /*
+ * FIXME: Turn the value into a binary encoded BER?
+ */
+ return( -1 );
+
+ } else {
+ for ( l = 0, p = val->bv_val; p[ 0 ]; p++ ) {
+ if ( LDAP_DN_NEEDESCAPE_DCE( p[ 0 ] ) ) {
+ l += 2;
+
+ } else {
+ l++;
+ }
+ }
+ }
+
+ *len = l;
+
+ return( 0 );
+}
+
+/*
+ * convert to (supposedly) DCE string representation,
+ * escaping with hex the UTF-8 stuff;
+ * assume the destination has enough room for escaping
+ */
+static int
+strval2DCEstr( struct berval *val, char *str, unsigned flags, ber_len_t *len )
+{
+ ber_len_t s, d;
+
+ assert( val );
+ assert( str );
+ assert( len );
+
+ if ( val->bv_len == 0 ) {
+ *len = 0;
+ return( 0 );
+ }
+
+ if ( flags & LDAP_AVA_NONPRINTABLE ) {
+ /*
+ * FIXME: Turn the value into a binary encoded BER?
+ */
+ *len = 0;
+ return( -1 );
+
+ } else {
+
+ /*
+ * we assume the string has enough room for the hex encoding
+ * of the value
+ */
+
+ for ( s = 0, d = 0; s < val->bv_len; ) {
+ if ( LDAP_DN_NEEDESCAPE_DCE( val->bv_val[ s ] ) ) {
+ str[ d++ ] = '\\';
+ }
+ str[ d++ ] = val->bv_val[ s++ ];
+ }
+ }
+
+ *len = d;
+
+ return( 0 );
+}
+
+/*
+ * Length of the (supposedly) AD canonical string representation,
+ * accounting for escaped hex of UTF-8 chars
+ */
+static int
+strval2ADstrlen( struct berval *val, unsigned flags, ber_len_t *len )
+{
+ ber_len_t l;
+ char *p;
+
+ assert( val );
+ assert( len );
+
+ *len = 0;
+ if ( val->bv_len == 0 ) {
+ return( 0 );
+ }
+
+ if ( flags & LDAP_AVA_NONPRINTABLE ) {
+ /*
+ * FIXME: Turn the value into a binary encoded BER?
+ */
+ return( -1 );
+
+ } else {
+ for ( l = 0, p = val->bv_val; p[ 0 ]; p++ ) {
+ if ( LDAP_DN_NEEDESCAPE_AD( p[ 0 ] ) ) {
+ l += 2;
+
+ } else {
+ l++;
+ }
+ }
+ }
+
+ *len = l;
+
+ return( 0 );
+}
+
+/*
+ * convert to (supposedly) AD string representation,
+ * escaping with hex the UTF-8 stuff;
+ * assume the destination has enough room for escaping
+ */
+static int
+strval2ADstr( struct berval *val, char *str, unsigned flags, ber_len_t *len )
+{
+ ber_len_t s, d;
+
+ assert( val );
+ assert( str );
+ assert( len );
+
+ if ( val->bv_len == 0 ) {
+ *len = 0;
+ return( 0 );
+ }
+
+ if ( flags & LDAP_AVA_NONPRINTABLE ) {
+ /*
+ * FIXME: Turn the value into a binary encoded BER?
+ */
+ *len = 0;
+ return( -1 );
+
+ } else {
+
+ /*
+ * we assume the string has enough room for the hex encoding
+ * of the value
+ */
+
+ for ( s = 0, d = 0; s < val->bv_len; ) {
+ if ( LDAP_DN_NEEDESCAPE_AD( val->bv_val[ s ] ) ) {
+ str[ d++ ] = '\\';
+ }
+ str[ d++ ] = val->bv_val[ s++ ];
+ }
+ }
+
+ *len = d;
+
+ return( 0 );
+}
+
+/*
+ * If the DN is terminated by single-AVA RDNs with attribute type of "dc",
+ * the first part of the AD representation of the DN is written in DNS
+ * form, i.e. dot separated domain name components (as suggested
+ * by Luke Howard, http://www.padl.com/~lukeh)
+ */
+static int
+dn2domain( LDAPDN *dn, struct berval *bv, int pos, int *iRDN )
+{
+ int i;
+ int domain = 0, first = 1;
+ ber_len_t l = 1; /* we move the null also */
+ char *str;
+
+ /* we are guaranteed there's enough memory in str */
+
+ /* sanity */
+ assert( dn );
+ assert( bv );
+ assert( iRDN );
+ assert( *iRDN >= 0 );
+
+ str = bv->bv_val + pos;
+
+ for ( i = *iRDN; i >= 0; i-- ) {
+ LDAPRDN *rdn;
+ LDAPAVA *ava;
+
+ assert( dn[ 0 ][ i ] );
+ rdn = dn[ 0 ][ i ];
+
+ assert( rdn[ 0 ][ 0 ] );
+ ava = rdn[ 0 ][ 0 ];
+
+ if ( !LDAP_DN_IS_RDN_DC( rdn ) ) {
+ break;
+ }
+
+ domain = 1;
+
+ if ( first ) {
+ first = 0;
+ AC_MEMCPY( str, ava->la_value.bv_val,
+ ava->la_value.bv_len + 1);
+ l += ava->la_value.bv_len;
+
+ } else {
+ AC_MEMCPY( str + ava->la_value.bv_len + 1, bv->bv_val + pos, l);
+ AC_MEMCPY( str, ava->la_value.bv_val,
+ ava->la_value.bv_len );
+ str[ ava->la_value.bv_len ] = '.';
+ l += ava->la_value.bv_len + 1;
+ }
+ }
+
+ *iRDN = i;
+ bv->bv_len = pos + l - 1;
+
+ return( domain );
+}
+
+static int
+rdn2strlen( LDAPRDN *rdn, unsigned flags, ber_len_t *len,
+ int ( *s2l )( struct berval *v, unsigned f, ber_len_t *l ) )
+{
+ int iAVA;
+ ber_len_t l = 0;
+
+ *len = 0;
+
+ for ( iAVA = 0; rdn[ 0 ][ iAVA ]; iAVA++ ) {
+ LDAPAVA *ava = rdn[ 0 ][ iAVA ];
+
+ /* len(type) + '=' + '+' | ',' */
+ l += ava->la_attr.bv_len + 2;
+
+ if ( ava->la_flags & LDAP_AVA_BINARY ) {
+ /* octothorpe + twice the length */
+ l += 1 + 2 * ava->la_value.bv_len;
+
+ } else {
+ ber_len_t vl;
+ unsigned f = flags | ava->la_flags;
+
+ if ( ( *s2l )( &ava->la_value, f, &vl ) ) {
+ return( -1 );
+ }
+ l += vl;
+ }
+ }
+
+ *len = l;
+
+ return( 0 );
+}
+
+static int
+rdn2str( LDAPRDN *rdn, char *str, unsigned flags, ber_len_t *len,
+ int ( *s2s ) ( struct berval *v, char * s, unsigned f, ber_len_t *l ) )
+{
+ int iAVA;
+ ber_len_t l = 0;
+
+ for ( iAVA = 0; rdn[ 0 ][ iAVA ]; iAVA++ ) {
+ LDAPAVA *ava = rdn[ 0 ][ iAVA ];
+
+ AC_MEMCPY( &str[ l ], ava->la_attr.bv_val,
+ ava->la_attr.bv_len );
+ l += ava->la_attr.bv_len;
+
+ str[ l++ ] = '=';
+
+ if ( ava->la_flags & LDAP_AVA_BINARY ) {
+ str[ l++ ] = '#';
+ if ( binval2hexstr( &ava->la_value, &str[ l ] ) ) {
+ return( -1 );
+ }
+ l += 2 * ava->la_value.bv_len;
+
+ } else {
+ ber_len_t vl;
+ unsigned f = flags | ava->la_flags;
+
+ if ( ( *s2s )( &ava->la_value, &str[ l ], f, &vl ) ) {
+ return( -1 );
+ }
+ l += vl;
+ }
+ str[ l++ ] = ( rdn[ 0 ][ iAVA + 1 ] ? '+' : ',' );
+ }
+
+ *len = l;
+
+ return( 0 );
+}
+
+static int
+rdn2DCEstrlen( LDAPRDN *rdn, unsigned flags, ber_len_t *len )
+{
+ int iAVA;
+ ber_len_t l = 0;
+
+ *len = 0;
+
+ for ( iAVA = 0; rdn[ 0 ][ iAVA ]; iAVA++ ) {
+ LDAPAVA *ava = rdn[ 0 ][ iAVA ];
+
+ /* len(type) + '=' + ',' | '/' */
+ l += ava->la_attr.bv_len + 2;
+
+ switch ( ava->la_flags ) {
+ case LDAP_AVA_BINARY:
+ /* octothorpe + twice the length */
+ l += 1 + 2 * ava->la_value.bv_len;
+ break;
+
+ case LDAP_AVA_STRING: {
+ ber_len_t vl;
+ unsigned f = flags | ava->la_flags;
+
+ if ( strval2DCEstrlen( &ava->la_value, f, &vl ) ) {
+ return( -1 );
+ }
+ l += vl;
+ break;
+ }
+
+ default:
+ return( -1 );
+ }
+ }
+
+ *len = l;
+
+ return( 0 );
+}
+
+static int
+rdn2DCEstr( LDAPRDN *rdn, char *str, unsigned flags, ber_len_t *len, int first )
+{
+ int iAVA;
+ ber_len_t l = 0;
+
+ for ( iAVA = 0; rdn[ 0 ][ iAVA ]; iAVA++ ) {
+ LDAPAVA *ava = rdn[ 0 ][ iAVA ];
+
+ if ( first ) {
+ first = 0;
+ } else {
+ str[ l++ ] = ( iAVA ? ',' : '/' );
+ }
+
+ AC_MEMCPY( &str[ l ], ava->la_attr.bv_val,
+ ava->la_attr.bv_len );
+ l += ava->la_attr.bv_len;
+
+ str[ l++ ] = '=';
+
+ switch ( ava->la_flags ) {
+ case LDAP_AVA_BINARY:
+ str[ l++ ] = '#';
+ if ( binval2hexstr( &ava->la_value, &str[ l ] ) ) {
+ return( -1 );
+ }
+ l += 2 * ava->la_value.bv_len;
+ break;
+
+ case LDAP_AVA_STRING: {
+ ber_len_t vl;
+ unsigned f = flags | ava->la_flags;
+
+ if ( strval2DCEstr( &ava->la_value, &str[ l ], f, &vl ) ) {
+ return( -1 );
+ }
+ l += vl;
+ break;
+ }
+
+ default:
+ return( -1 );
+ }
+ }
+
+ *len = l;
+
+ return( 0 );
+}
+
+static int
+rdn2UFNstrlen( LDAPRDN *rdn, unsigned flags, ber_len_t *len )
+{
+ int iAVA;
+ ber_len_t l = 0;
+
+ assert( rdn );
+ assert( len );
+
+ *len = 0;
+
+ for ( iAVA = 0; rdn[ 0 ][ iAVA ]; iAVA++ ) {
+ LDAPAVA *ava = rdn[ 0 ][ iAVA ];
+
+ /* ' + ' | ', ' */
+ l += ( rdn[ 0 ][ iAVA + 1 ] ? 3 : 2 );
+
+ /* FIXME: are binary values allowed in UFN? */
+ if ( ava->la_flags & LDAP_AVA_BINARY ) {
+ /* octothorpe + twice the value */
+ l += 1 + 2 * ava->la_value.bv_len;
+
+ } else {
+ ber_len_t vl;
+ unsigned f = flags | ava->la_flags;
+
+ if ( strval2strlen( &ava->la_value, f, &vl ) ) {
+ return( -1 );
+ }
+ l += vl;
+ }
+ }
+
+ *len = l;
+
+ return( 0 );
+}
+
+static int
+rdn2UFNstr( LDAPRDN *rdn, char *str, unsigned flags, ber_len_t *len )
+{
+ int iAVA;
+ ber_len_t l = 0;
+
+ for ( iAVA = 0; rdn[ 0 ][ iAVA ]; iAVA++ ) {
+ LDAPAVA *ava = rdn[ 0 ][ iAVA ];
+
+ if ( ava->la_flags & LDAP_AVA_BINARY ) {
+ str[ l++ ] = '#';
+ if ( binval2hexstr( &ava->la_value, &str[ l ] ) ) {
+ return( -1 );
+ }
+ l += 2 * ava->la_value.bv_len;
+
+ } else {
+ ber_len_t vl;
+ unsigned f = flags | ava->la_flags;
+
+ if ( strval2str( &ava->la_value, &str[ l ], f, &vl ) ) {
+ return( -1 );
+ }
+ l += vl;
+ }
+
+ if ( rdn[ 0 ][ iAVA + 1 ]) {
+ AC_MEMCPY( &str[ l ], " + ", 3 );
+ l += 3;
+
+ } else {
+ AC_MEMCPY( &str[ l ], ", ", 2 );
+ l += 2;
+ }
+ }
+
+ *len = l;
+
+ return( 0 );
+}
+
+static int
+rdn2ADstrlen( LDAPRDN *rdn, unsigned flags, ber_len_t *len )
+{
+ int iAVA;
+ ber_len_t l = 0;
+
+ assert( rdn );
+ assert( len );
+
+ *len = 0;
+
+ for ( iAVA = 0; rdn[ 0 ][ iAVA ]; iAVA++ ) {
+ LDAPAVA *ava = rdn[ 0 ][ iAVA ];
+
+ /* ',' | '/' */
+ l++;
+
+ /* FIXME: are binary values allowed in UFN? */
+ switch ( ava->la_flags ) {
+ case LDAP_AVA_BINARY:
+ /* octothorpe + twice the value */
+ l += 1 + 2 * ava->la_value.bv_len;
+ break;
+
+ case LDAP_AVA_STRING: {
+ ber_len_t vl;
+ unsigned f = flags | ava->la_flags;
+
+ if ( strval2ADstrlen( &ava->la_value, f, &vl ) ) {
+ return( -1 );
+ }
+ l += vl;
+ break;
+ }
+
+ default:
+ return( -1 );
+ }
+ }
+
+ *len = l;
+
+ return( 0 );
+}
+
+static int
+rdn2ADstr( LDAPRDN *rdn, char *str, unsigned flags, ber_len_t *len, int first )
+{
+ int iAVA;
+ ber_len_t l = 0;
+
+ for ( iAVA = 0; rdn[ 0 ][ iAVA ]; iAVA++ ) {
+ LDAPAVA *ava = rdn[ 0 ][ iAVA ];
+
+ if ( first ) {
+ first = 0;
+ } else {
+ str[ l++ ] = ( iAVA ? ',' : '/' );
+ }
+
+ switch ( ava->la_flags ) {
+ case LDAP_AVA_BINARY:
+ str[ l++ ] = '#';
+ if ( binval2hexstr( &ava->la_value, &str[ l ] ) ) {
+ return( -1 );
+ }
+ l += 2 * ava->la_value.bv_len;
+ break;
+
+ case LDAP_AVA_STRING: {
+ ber_len_t vl;
+ unsigned f = flags | ava->la_flags;
+
+ if ( strval2ADstr( &ava->la_value, &str[ l ], f, &vl ) ) {
+ return( -1 );
+ }
+ l += vl;
+ break;
+ }
+
+ default:
+ return( -1 );
+ }
+ }
+
+ *len = l;
+
+ return( 0 );
+}
+
+/*
+ * ldap_rdn2str
+ *
+ * Returns in str a string representation of rdn based on flags.
+ * There is some duplication of code between this and ldap_dn2str;
+ * this is wanted to reduce the allocation of temporary buffers.
+ */
+int
+ldap_rdn2str( LDAPRDN *rdn, char **str, unsigned flags )
+{
+ struct berval bv;
+ int rc;
+
+ assert( str );
+
+ if((flags & LDAP_DN_FORMAT_MASK) == LDAP_DN_FORMAT_LBER) {
+ return LDAP_PARAM_ERROR;
+ }
+
+ rc = ldap_rdn2bv( rdn, &bv, flags );
+ *str = bv.bv_val;
+ return rc;
+}
+
+int
+ldap_rdn2bv( LDAPRDN *rdn, struct berval *bv, unsigned flags )
+{
+ int rc, back;
+ ber_len_t l;
+
+ assert( bv );
+
+ bv->bv_len = 0;
+ bv->bv_val = NULL;
+
+ if ( rdn == NULL ) {
+ bv->bv_val = LDAP_STRDUP( "" );
+ return( LDAP_SUCCESS );
+ }
+
+ /*
+ * This routine wastes "back" bytes at the end of the string
+ */
+
+ switch ( LDAP_DN_FORMAT( flags ) ) {
+ case LDAP_DN_FORMAT_LDAPV3:
+ if ( rdn2strlen( rdn, flags, &l, strval2strlen ) ) {
+ return LDAP_DECODING_ERROR;
+ }
+ break;
+
+ case LDAP_DN_FORMAT_LDAPV2:
+ if ( rdn2strlen( rdn, flags, &l, strval2IA5strlen ) ) {
+ return LDAP_DECODING_ERROR;
+ }
+ break;
+
+ case LDAP_DN_FORMAT_UFN:
+ if ( rdn2UFNstrlen( rdn, flags, &l ) ) {
+ return LDAP_DECODING_ERROR;
+ }
+ break;
+
+ case LDAP_DN_FORMAT_DCE:
+ if ( rdn2DCEstrlen( rdn, flags, &l ) ) {
+ return LDAP_DECODING_ERROR;
+ }
+ break;
+
+ case LDAP_DN_FORMAT_AD_CANONICAL:
+ if ( rdn2ADstrlen( rdn, flags, &l ) ) {
+ return LDAP_DECODING_ERROR;
+ }
+ break;
+
+ default:
+ return( LDAP_PARAM_ERROR );
+ }
+
+ bv->bv_val = LDAP_MALLOC( l + 1 );
+
+ switch ( LDAP_DN_FORMAT( flags ) ) {
+ case LDAP_DN_FORMAT_LDAPV3:
+ rc = rdn2str( rdn, bv->bv_val, flags, &l, strval2str );
+ back = 1;
+ break;
+
+ case LDAP_DN_FORMAT_LDAPV2:
+ rc = rdn2str( rdn, bv->bv_val, flags, &l, strval2IA5str );
+ back = 1;
+ break;
+
+ case LDAP_DN_FORMAT_UFN:
+ rc = rdn2UFNstr( rdn, bv->bv_val, flags, &l );
+ back = 2;
+ break;
+
+ case LDAP_DN_FORMAT_DCE:
+ rc = rdn2DCEstr( rdn, bv->bv_val, flags, &l, 1 );
+ back = 0;
+ break;
+
+ case LDAP_DN_FORMAT_AD_CANONICAL:
+ rc = rdn2ADstr( rdn, bv->bv_val, flags, &l, 1 );
+ back = 0;
+ break;
+
+ default:
+ /* need at least one of the previous */
+ return LDAP_PARAM_ERROR;
+ }
+
+ if ( rc ) {
+ ldap_memfree( bv->bv_val );
+ return rc;
+ }
+
+ bv->bv_len = l - back;
+ bv->bv_val[ bv->bv_len ] = '\0';
+
+ return LDAP_SUCCESS;
+}
+
+/*
+ * Very bulk implementation; many optimizations can be performed
+ * - a NULL dn results in an empty string ""
+ *
+ * FIXME: doubts
+ * a) what do we do if a UTF-8 string must be converted in LDAPv2?
+ * we must encode it in binary form ('#' + HEXPAIRs)
+ * b) does DCE/AD support UTF-8?
+ * no clue; don't think so.
+ * c) what do we do when binary values must be converted in UTF/DCE/AD?
+ * use binary encoded BER
+ */
+int ldap_dn2str( LDAPDN *dn, char **str, unsigned flags )
+{
+ struct berval bv;
+ int rc;
+
+ assert( str );
+
+ if((flags & LDAP_DN_FORMAT_MASK) == LDAP_DN_FORMAT_LBER) {
+ return LDAP_PARAM_ERROR;
+ }
+
+ rc = ldap_dn2bv( dn, &bv, flags );
+ *str = bv.bv_val;
+ return rc;
+}
+
+int ldap_dn2bv( LDAPDN *dn, struct berval *bv, unsigned flags )
+{
+ int iRDN;
+ int rc = LDAP_ENCODING_ERROR;
+ ber_len_t len, l;
+
+ /* stringifying helpers for LDAPv3/LDAPv2 */
+ int ( *sv2l ) ( struct berval *v, unsigned f, ber_len_t *l );
+ int ( *sv2s ) ( struct berval *v, char *s, unsigned f, ber_len_t *l );
+
+ assert( bv );
+ bv->bv_len = 0;
+ bv->bv_val = NULL;
+
+ Debug( LDAP_DEBUG_TRACE, "=> ldap_dn2bv(%u)\n%s%s", flags, "", "" );
+
+ /*
+ * a null dn means an empty dn string
+ * FIXME: better raise an error?
+ */
+ if ( dn == NULL ) {
+ bv->bv_val = LDAP_STRDUP( "" );
+ return( LDAP_SUCCESS );
+ }
+
+ switch ( LDAP_DN_FORMAT( flags ) ) {
+ case LDAP_DN_FORMAT_LDAPV3:
+ sv2l = strval2strlen;
+ sv2s = strval2str;
+
+ if( 0 ) {
+ case LDAP_DN_FORMAT_LDAPV2:
+ sv2l = strval2IA5strlen;
+ sv2s = strval2IA5str;
+ }
+
+ for ( iRDN = 0, len = 0; dn[ 0 ][ iRDN ]; iRDN++ ) {
+ ber_len_t rdnl;
+ LDAPRDN *rdn = dn[ 0 ][ iRDN ];
+
+ if ( rdn2strlen( rdn, flags, &rdnl, sv2l ) ) {
+ goto return_results;
+ }
+
+ len += rdnl;
+ }
+
+ if ( ( bv->bv_val = LDAP_MALLOC( len + 1 ) ) == NULL ) {
+ rc = LDAP_NO_MEMORY;
+ break;
+ }
+
+ for ( l = 0, iRDN = 0; dn[ 0 ][ iRDN ]; iRDN++ ) {
+ ber_len_t rdnl;
+ LDAPRDN *rdn = dn[ 0 ][ iRDN ];
+
+ if ( rdn2str( rdn, &bv->bv_val[ l ], flags,
+ &rdnl, sv2s ) ) {
+ LDAP_FREE( bv->bv_val );
+ bv->bv_val = NULL;
+ goto return_results;
+ }
+ l += rdnl;
+ }
+
+ assert( l == len );
+
+ /*
+ * trim the last ',' (the allocated memory
+ * is one byte longer than required)
+ */
+ bv->bv_len = len - 1;
+ bv->bv_val[ bv->bv_len ] = '\0';
+
+ rc = LDAP_SUCCESS;
+ break;
+
+ case LDAP_DN_FORMAT_UFN: {
+ /*
+ * FIXME: quoting from RFC 1781:
+ *
+ To take a distinguished name, and generate a name of this format with
+ attribute types omitted, the following steps are followed.
+
+ 1. If the first attribute is of type CommonName, the type may be
+ omitted.
+
+ 2. If the last attribute is of type Country, the type may be
+ omitted.
+
+ 3. If the last attribute is of type Country, the last
+ Organisation attribute may have the type omitted.
+
+ 4. All attributes of type OrganisationalUnit may have the type
+ omitted, unless they are after an Organisation attribute or
+ the first attribute is of type OrganisationalUnit.
+
+ * this should be the pedantic implementation.
+ *
+ * Here the standard implementation reflects
+ * the one historically provided by OpenLDAP
+ * (and UMIch, I presume), with the variant
+ * of spaces and plusses (' + ') separating
+ * rdn components.
+ *
+ * A non-standard but nice implementation could
+ * be to turn the final "dc" attributes into a
+ * dot-separated domain.
+ *
+ * Other improvements could involve the use of
+ * friendly country names and so.
+ */
+#ifdef DC_IN_UFN
+ int leftmost_dc = -1;
+ int last_iRDN = -1;
+#endif /* DC_IN_UFN */
+
+ for ( iRDN = 0, len = 0; dn[ 0 ][ iRDN ]; iRDN++ ) {
+ ber_len_t rdnl;
+ LDAPRDN *rdn = dn[ 0 ][ iRDN ];
+
+ if ( rdn2UFNstrlen( rdn, flags, &rdnl ) ) {
+ goto return_results;
+ }
+ len += rdnl;
+
+#ifdef DC_IN_UFN
+ if ( LDAP_DN_IS_RDN_DC( rdn ) ) {
+ if ( leftmost_dc == -1 ) {
+ leftmost_dc = iRDN;
+ }
+ } else {
+ leftmost_dc = -1;
+ }
+#endif /* DC_IN_UFN */
+ }
+
+ if ( ( bv->bv_val = LDAP_MALLOC( len + 1 ) ) == NULL ) {
+ rc = LDAP_NO_MEMORY;
+ break;
+ }
+
+#ifdef DC_IN_UFN
+ if ( leftmost_dc == -1 ) {
+#endif /* DC_IN_UFN */
+ for ( l = 0, iRDN = 0; dn[ 0 ][ iRDN ]; iRDN++ ) {
+ ber_len_t vl;
+ LDAPRDN *rdn = dn[ 0 ][ iRDN ];
+
+ if ( rdn2UFNstr( rdn, &bv->bv_val[ l ],
+ flags, &vl ) ) {
+ LDAP_FREE( bv->bv_val );
+ bv->bv_val = NULL;
+ goto return_results;
+ }
+ l += vl;
+ }
+
+ /*
+ * trim the last ', ' (the allocated memory
+ * is two bytes longer than required)
+ */
+ bv->bv_len = len - 2;
+ bv->bv_val[ bv->bv_len ] = '\0';
+#ifdef DC_IN_UFN
+ } else {
+ last_iRDN = iRDN - 1;
+
+ for ( l = 0, iRDN = 0; iRDN < leftmost_dc; iRDN++ ) {
+ ber_len_t vl;
+ LDAPRDN *rdn = dn[ 0 ][ iRDN ];
+
+ if ( rdn2UFNstr( rdn, &bv->bv_val[ l ],
+ flags, &vl ) ) {
+ LDAP_FREE( bv->bv_val );
+ bv->bv_val = NULL;
+ goto return_results;
+ }
+ l += vl;
+ }
+
+ if ( !dn2domain( dn, bv, l, &last_iRDN ) ) {
+ LDAP_FREE( bv->bv_val );
+ bv->bv_val = NULL;
+ goto return_results;
+ }
+
+ /* the string is correctly terminated by dn2domain */
+ }
+#endif /* DC_IN_UFN */
+
+ rc = LDAP_SUCCESS;
+
+ } break;
+
+ case LDAP_DN_FORMAT_DCE:
+ for ( iRDN = 0, len = 0; dn[ 0 ][ iRDN ]; iRDN++ ) {
+ ber_len_t rdnl;
+ LDAPRDN *rdn = dn[ 0 ][ iRDN ];
+
+ if ( rdn2DCEstrlen( rdn, flags, &rdnl ) ) {
+ goto return_results;
+ }
+
+ len += rdnl;
+ }
+
+ if ( ( bv->bv_val = LDAP_MALLOC( len + 1 ) ) == NULL ) {
+ rc = LDAP_NO_MEMORY;
+ break;
+ }
+
+ for ( l = 0; iRDN--; ) {
+ ber_len_t rdnl;
+ LDAPRDN *rdn = dn[ 0 ][ iRDN ];
+
+ if ( rdn2DCEstr( rdn, &bv->bv_val[ l ], flags,
+ &rdnl, 0 ) ) {
+ LDAP_FREE( bv->bv_val );
+ bv->bv_val = NULL;
+ goto return_results;
+ }
+ l += rdnl;
+ }
+
+ assert( l == len );
+
+ bv->bv_len = len;
+ bv->bv_val[ bv->bv_len ] = '\0';
+
+ rc = LDAP_SUCCESS;
+ break;
+
+ case LDAP_DN_FORMAT_AD_CANONICAL: {
+ /*
+ * Sort of UFN for DCE DNs: a slash ('/') separated
+ * global->local DN with no types; strictly speaking,
+ * the naming context should be a domain, which is
+ * written in DNS-style, e.g. dot-deparated.
+ *
+ * Example:
+ *
+ * "givenName=Bill+sn=Gates,ou=People,dc=microsoft,dc=com"
+ *
+ * will read
+ *
+ * "microsoft.com/People/Bill,Gates"
+ */
+ for ( iRDN = 0, len = -1; dn[ 0 ][ iRDN ]; iRDN++ ) {
+ ber_len_t rdnl;
+ LDAPRDN *rdn = dn[ 0 ][ iRDN ];
+
+ if ( rdn2ADstrlen( rdn, flags, &rdnl ) ) {
+ goto return_results;
+ }
+
+ len += rdnl;
+ }
+
+ if ( ( bv->bv_val = LDAP_MALLOC( len + 1 ) ) == NULL ) {
+ rc = LDAP_NO_MEMORY;
+ break;
+ }
+
+ iRDN--;
+ if ( iRDN && dn2domain( dn, bv, 0, &iRDN ) ) {
+ for ( l = bv->bv_len; iRDN >= 0 ; iRDN-- ) {
+ ber_len_t rdnl;
+ LDAPRDN *rdn = dn[ 0 ][ iRDN ];
+
+ if ( rdn2ADstr( rdn, &bv->bv_val[ l ],
+ flags, &rdnl, 0 ) ) {
+ LDAP_FREE( bv->bv_val );
+ bv->bv_val = NULL;
+ goto return_results;
+ }
+ l += rdnl;
+ }
+
+ } else {
+ int first = 1;
+
+ /*
+ * Strictly speaking, AD canonical requires
+ * a DN to be in the form "..., dc=smtg",
+ * i.e. terminated by a domain component
+ */
+ if ( flags & LDAP_DN_PEDANTIC ) {
+ LDAP_FREE( bv->bv_val );
+ bv->bv_val = NULL;
+ rc = LDAP_ENCODING_ERROR;
+ break;
+ }
+
+ for ( l = 0; iRDN >= 0 ; iRDN-- ) {
+ ber_len_t rdnl;
+ LDAPRDN *rdn = dn[ 0 ][ iRDN ];
+
+ if ( rdn2ADstr( rdn, &bv->bv_val[ l ],
+ flags, &rdnl, first ) ) {
+ LDAP_FREE( bv->bv_val );
+ bv->bv_val = NULL;
+ goto return_results;
+ }
+ if ( first ) {
+ first = 0;
+ }
+ l += rdnl;
+ }
+ }
+
+ bv->bv_len = len;
+ bv->bv_val[ bv->bv_len ] = '\0';
+
+ rc = LDAP_SUCCESS;
+ } break;
+
+ default:
+ return LDAP_PARAM_ERROR;
+ }
+
+ Debug( LDAP_DEBUG_TRACE, "<= ldap_dn2bv(%s,%u)=%d\n",
+ bv->bv_val, flags, rc );
+
+return_results:;
+ return( rc );