/* dn.c - routines for dealing with distinguished names */
/* $OpenLDAP$ */
/*
- * Copyright 1998-2000 The OpenLDAP Foundation, All Rights Reserved.
+ * Copyright 1998-2003 The OpenLDAP Foundation, All Rights Reserved.
* COPYING RESTRICTIONS APPLY, see COPYRIGHT file
*/
#include <ac/string.h>
#include <ac/time.h>
-#include "ldap_pvt.h"
-
#include "slap.h"
-
-#define SLAP_LDAPDN_PRETTY 0x1
+#include "ldap_pvt.h" /* must be after slap.h, to get ldap_bv2dn_x() & co */
+#include "lutil.h"
/*
* The DN syntax-related functions take advantage of the dn representation
* structural representation of a distinguished name.
*/
static int
-LDAPDN_validate( LDAPDN *dn )
+LDAPDN_validate( LDAPDN dn )
{
int iRDN;
int rc;
assert( dn );
for ( iRDN = 0; dn[ iRDN ]; iRDN++ ) {
- LDAPRDN *rdn = dn[ iRDN ][ 0 ];
+ LDAPRDN rdn = dn[ iRDN ];
int iAVA;
assert( rdn );
for ( iAVA = 0; rdn[ iAVA ]; iAVA++ ) {
- LDAPAVA *ava = rdn[ iAVA ][ 0 ];
+ LDAPAVA *ava = rdn[ iAVA ];
AttributeDescription *ad;
slap_syntax_validate_func *validate = NULL;
if ( ( ad = AVA_PRIVATE( ava ) ) == NULL ) {
const char *text = NULL;
- rc = slap_bv2ad( ava->la_attr, &ad, &text );
+ rc = slap_bv2ad( &ava->la_attr, &ad, &text );
if ( rc != LDAP_SUCCESS ) {
return LDAP_INVALID_SYNTAX;
}
/*
* Replace attr oid/name with the canonical name
*/
- ber_bvfree( ava->la_attr );
- ava->la_attr = ber_bvdup( &ad->ad_cname );
+ ava->la_attr = ad->ad_cname;
validate = ad->ad_type->sat_syntax->ssyn_validate;
* validate value by validate function
*/
rc = ( *validate )( ad->ad_type->sat_syntax,
- ava->la_value );
+ &ava->la_value );
if ( rc != LDAP_SUCCESS ) {
return LDAP_INVALID_SYNTAX;
struct berval *in )
{
int rc;
- LDAPDN *dn = NULL;
+ LDAPDN dn = NULL;
assert( in );
if ( in->bv_len == 0 ) {
- return( LDAP_SUCCESS );
+ return LDAP_SUCCESS;
+
+ } else if ( in->bv_len > SLAP_LDAPDN_MAXLEN ) {
+ return LDAP_INVALID_SYNTAX;
+ }
+
+ rc = ldap_bv2dn( in, &dn, LDAP_DN_FORMAT_LDAP );
+ if ( rc != LDAP_SUCCESS ) {
+ return LDAP_INVALID_SYNTAX;
}
- rc = ldap_str2dn( in->bv_val, &dn, LDAP_DN_FORMAT_LDAP );
+ assert( strlen( in->bv_val ) == in->bv_len );
/*
* Schema-aware validate
*/
- if ( rc == LDAP_SUCCESS ) {
- rc = LDAPDN_validate( dn );
- }
-
+ rc = LDAPDN_validate( dn );
ldap_dnfree( dn );
-
+
if ( rc != LDAP_SUCCESS ) {
- return( LDAP_INVALID_SYNTAX );
+ return LDAP_INVALID_SYNTAX;
}
- return( LDAP_SUCCESS );
+ return LDAP_SUCCESS;
}
/*
* (use memcmp, which implies alphabetical order in case of IA5 value;
* this should guarantee the repeatability of the operation).
*
+ * Note: the sorting can be slightly improved by sorting first
+ * by attribute type length, then by alphabetical order.
+ *
* uses a linear search; should be fine since the number of AVAs in
* a RDN should be limited.
*/
static void
-AVA_Sort( LDAPRDN *rdn, int iAVA )
+AVA_Sort( LDAPRDN rdn, int iAVA )
{
int i;
- LDAPAVA *ava_in = rdn[ iAVA ][ 0 ];
+ LDAPAVA *ava_in = rdn[ iAVA ];
assert( rdn );
assert( ava_in );
for ( i = 0; i < iAVA; i++ ) {
- LDAPAVA *ava = rdn[ i ][ 0 ];
+ LDAPAVA *ava = rdn[ i ];
int a, j;
assert( ava );
- a = strcmp( ava_in->la_attr->bv_val, ava->la_attr->bv_val );
+ a = strcmp( ava_in->la_attr.bv_val, ava->la_attr.bv_val );
if ( a > 0 ) {
break;
while ( a == 0 ) {
int v, d;
- d = ava_in->la_value->bv_len - ava->la_value->bv_len;
+ d = ava_in->la_value.bv_len - ava->la_value.bv_len;
- v = memcmp( ava_in->la_value->bv_val,
- ava->la_value->bv_val,
- d <= 0 ? ava_in->la_value->bv_len
- : ava->la_value->bv_len );
+ v = memcmp( ava_in->la_value.bv_val,
+ ava->la_value.bv_val,
+ d <= 0 ? ava_in->la_value.bv_len
+ : ava->la_value.bv_len );
if ( v == 0 && d != 0 ) {
v = d;
return;
}
- ava = rdn[ i ][ 0 ];
- a = strcmp( ava_in->la_value->bv_val,
- ava->la_value->bv_val );
+ ava = rdn[ i ];
+ a = strcmp( ava_in->la_attr.bv_val,
+ ava->la_attr.bv_val );
}
/*
* move ahead
*/
for ( j = iAVA; j > i; j-- ) {
- rdn[ j ][ 0 ] = rdn[ j - 1 ][ 0 ];
+ rdn[ j ] = rdn[ j - 1 ];
}
- rdn[ i ][ 0 ] = ava_in;
+ rdn[ i ] = ava_in;
return;
}
* structural representation of a distinguished name.
*/
static int
-LDAPDN_rewrite( LDAPDN *dn, unsigned flags )
+LDAPDN_rewrite( LDAPDN dn, unsigned flags, void *ctx )
{
int iRDN;
int rc;
assert( dn );
for ( iRDN = 0; dn[ iRDN ]; iRDN++ ) {
- LDAPRDN *rdn = dn[ iRDN ][ 0 ];
+ LDAPRDN rdn = dn[ iRDN ];
int iAVA;
assert( rdn );
for ( iAVA = 0; rdn[ iAVA ]; iAVA++ ) {
- LDAPAVA *ava = rdn[ iAVA ][ 0 ];
+ LDAPAVA *ava = rdn[ iAVA ];
AttributeDescription *ad;
+ slap_syntax_validate_func *validf = NULL;
+ slap_mr_normalize_func *normf = NULL;
slap_syntax_transform_func *transf = NULL;
- MatchingRule *mr;
- struct berval *bv = NULL;
+ MatchingRule *mr = NULL;
+ struct berval bv = { 0, NULL };
+ int do_sort = 0;
assert( ava );
if ( ( ad = AVA_PRIVATE( ava ) ) == NULL ) {
const char *text = NULL;
- rc = slap_bv2ad( ava->la_attr, &ad, &text );
+ rc = slap_bv2ad( &ava->la_attr, &ad, &text );
if ( rc != LDAP_SUCCESS ) {
return LDAP_INVALID_SYNTAX;
}
ava->la_private = ( void * )ad;
+ do_sort = 1;
}
/*
* Replace attr oid/name with the canonical name
*/
- ber_bvfree( ava->la_attr );
- ava->la_attr = ber_bvdup( &ad->ad_cname );
+ ava->la_attr = ad->ad_cname;
+
+ if( ava->la_flags & LDAP_AVA_BINARY ) {
+ if( ava->la_value.bv_len == 0 ) {
+ /* BER encoding is empty */
+ return LDAP_INVALID_SYNTAX;
+ }
- if( flags & SLAP_LDAPDN_PRETTY ) {
+ /* AVA is binary encoded, don't muck with it */
+ } else if( flags & SLAP_LDAPDN_PRETTY ) {
transf = ad->ad_type->sat_syntax->ssyn_pretty;
- mr = NULL;
- } else {
- transf = ad->ad_type->sat_syntax->ssyn_normalize;
+ if( !transf ) {
+ validf = ad->ad_type->sat_syntax->ssyn_validate;
+ }
+ } else { /* normalization */
+ validf = ad->ad_type->sat_syntax->ssyn_validate;
mr = ad->ad_type->sat_equality;
+ if( mr ) normf = mr->smr_normalize;
+ }
+
+ if ( validf ) {
+ /* validate value before normalization */
+ rc = ( *validf )( ad->ad_type->sat_syntax,
+ ava->la_value.bv_len
+ ? &ava->la_value
+ : (struct berval *) &slap_empty_bv );
+
+ if ( rc != LDAP_SUCCESS ) {
+ return LDAP_INVALID_SYNTAX;
+ }
}
if ( transf ) {
/*
- * transform value by normalize/pretty function
+ * transform value by pretty function
+ * if value is empty, use empty_bv
*/
rc = ( *transf )( ad->ad_type->sat_syntax,
- ava->la_value, &bv );
+ ava->la_value.bv_len
+ ? &ava->la_value
+ : (struct berval *) &slap_empty_bv,
+ &bv, ctx );
if ( rc != LDAP_SUCCESS ) {
return LDAP_INVALID_SYNTAX;
}
}
- if( mr && ( mr->smr_usage & SLAP_MR_DN_FOLD ) ) {
- struct berval *s = bv;
-
- bv = ber_bvstr( UTF8normalize( bv ? bv : ava->la_value,
- UTF8_CASEFOLD ) );
-
- ber_bvfree( s );
+ if ( normf ) {
+ /*
+ * normalize value
+ * if value is empty, use empty_bv
+ */
+ rc = ( *normf )(
+ SLAP_MR_VALUE_OF_ASSERTION_SYNTAX,
+ ad->ad_type->sat_syntax,
+ mr,
+ ava->la_value.bv_len
+ ? &ava->la_value
+ : (struct berval *) &slap_empty_bv,
+ &bv, ctx );
+
+ if ( rc != LDAP_SUCCESS ) {
+ return LDAP_INVALID_SYNTAX;
+ }
}
- if( bv ) {
- ber_bvfree( ava->la_value );
+
+ if( bv.bv_val ) {
+ if ( ava->la_flags & LDAP_AVA_FREE_VALUE )
+ ber_memfree_x( ava->la_value.bv_val, ctx );
ava->la_value = bv;
+ ava->la_flags |= LDAP_AVA_FREE_VALUE;
}
- AVA_Sort( rdn, iAVA );
+ if( do_sort ) AVA_Sort( rdn, iAVA );
}
}
return LDAP_SUCCESS;
}
-/*
- * dn normalize routine
- */
int
dnNormalize(
- Syntax *syntax,
- struct berval *val,
- struct berval **normalized )
+ slap_mask_t use,
+ Syntax *syntax,
+ MatchingRule *mr,
+ struct berval *val,
+ struct berval *out,
+ void *ctx)
{
- struct berval *out = NULL;
+ assert( val );
+ assert( out );
Debug( LDAP_DEBUG_TRACE, ">>> dnNormalize: <%s>\n", val->bv_val, 0, 0 );
- assert( val );
- assert( normalized );
-
if ( val->bv_len != 0 ) {
- LDAPDN *dn = NULL;
- char *dn_out = NULL;
+ LDAPDN dn = NULL;
int rc;
/*
* Go to structural representation
*/
- rc = ldap_str2dn( val->bv_val, &dn, LDAP_DN_FORMAT_LDAP );
+ rc = ldap_bv2dn_x( val, &dn, LDAP_DN_FORMAT_LDAP, ctx );
if ( rc != LDAP_SUCCESS ) {
return LDAP_INVALID_SYNTAX;
}
+ assert( strlen( val->bv_val ) == val->bv_len );
+
/*
* Schema-aware rewrite
*/
- if ( LDAPDN_rewrite( dn, 0 ) != LDAP_SUCCESS ) {
- ldap_dnfree( dn );
+ if ( LDAPDN_rewrite( dn, 0, ctx ) != LDAP_SUCCESS ) {
+ ldap_dnfree_x( dn, ctx );
return LDAP_INVALID_SYNTAX;
}
/*
* Back to string representation
*/
- rc = ldap_dn2str( dn, &dn_out, LDAP_DN_FORMAT_LDAPV3 );
+ rc = ldap_dn2bv_x( dn, out,
+ LDAP_DN_FORMAT_LDAPV3 | LDAP_DN_PRETTY, ctx );
- ldap_dnfree( dn );
+ ldap_dnfree_x( dn, ctx );
if ( rc != LDAP_SUCCESS ) {
return LDAP_INVALID_SYNTAX;
}
-
- out = ber_bvstr( dn_out );
-
} else {
- out = ber_bvdup( val );
+ ber_dupbv_x( out, val, ctx );
}
Debug( LDAP_DEBUG_TRACE, "<<< dnNormalize: <%s>\n", out->bv_val, 0, 0 );
- *normalized = out;
-
return LDAP_SUCCESS;
}
-/*
- * dn "pretty"ing routine
- */
int
dnPretty(
Syntax *syntax,
struct berval *val,
- struct berval **pretty)
+ struct berval *out,
+ void *ctx)
{
- struct berval *out = NULL;
+ assert( val );
+ assert( out );
+#ifdef NEW_LOGGING
+ LDAP_LOG( OPERATION, ARGS, ">>> dnPretty: <%s>\n", val->bv_val, 0, 0 );
+#else
Debug( LDAP_DEBUG_TRACE, ">>> dnPretty: <%s>\n", val->bv_val, 0, 0 );
+#endif
- assert( val );
- assert( pretty );
+ if ( val->bv_len == 0 ) {
+ ber_dupbv_x( out, val, ctx );
- if ( val->bv_len != 0 ) {
- LDAPDN *dn = NULL;
- char *dn_out = NULL;
+ } else if ( val->bv_len > SLAP_LDAPDN_MAXLEN ) {
+ return LDAP_INVALID_SYNTAX;
+
+ } else {
+ LDAPDN dn = NULL;
int rc;
/* FIXME: should be liberal in what we accept */
- rc = ldap_str2dn( val->bv_val, &dn, LDAP_DN_FORMAT_LDAP );
+ rc = ldap_bv2dn_x( val, &dn, LDAP_DN_FORMAT_LDAP, ctx );
if ( rc != LDAP_SUCCESS ) {
return LDAP_INVALID_SYNTAX;
}
+ assert( strlen( val->bv_val ) == val->bv_len );
+
/*
* Schema-aware rewrite
*/
- if ( LDAPDN_rewrite( dn, SLAP_LDAPDN_PRETTY ) != LDAP_SUCCESS ) {
- ldap_dnfree( dn );
+ if ( LDAPDN_rewrite( dn, SLAP_LDAPDN_PRETTY, ctx ) != LDAP_SUCCESS ) {
+ ldap_dnfree_x( dn, ctx );
return LDAP_INVALID_SYNTAX;
}
/* RE: the default is the form that is used as
* an internal representation; the pretty form
* is a variant */
- rc = ldap_dn2str( dn, &dn_out,
- LDAP_DN_FORMAT_LDAPV3 | LDAP_DN_PRETTY );
+ rc = ldap_dn2bv_x( dn, out,
+ LDAP_DN_FORMAT_LDAPV3 | LDAP_DN_PRETTY, ctx );
- ldap_dnfree( dn );
+ ldap_dnfree_x( dn, ctx );
if ( rc != LDAP_SUCCESS ) {
return LDAP_INVALID_SYNTAX;
}
-
- out = ber_bvstr( dn_out );
-
- } else {
- out = ber_bvdup( val );
}
+#ifdef NEW_LOGGING
+ LDAP_LOG( OPERATION, ARGS, "<<< dnPretty: <%s>\n", out->bv_val, 0, 0 );
+#else
Debug( LDAP_DEBUG_TRACE, "<<< dnPretty: <%s>\n", out->bv_val, 0, 0 );
-
- *pretty = out;
+#endif
return LDAP_SUCCESS;
}
-/*
- * dnMatch routine
- *
- * note: uses exact string match (strcmp) because it is supposed to work
- * on normalized DNs.
- */
int
-dnMatch(
- int *matchp,
- slap_mask_t flags,
+dnPrettyNormalDN(
Syntax *syntax,
- MatchingRule *mr,
- struct berval *value,
- void *assertedValue )
+ struct berval *val,
+ LDAPDN *dn,
+ int flags,
+ void *ctx )
{
- int match;
- struct berval *asserted = (struct berval *) assertedValue;
-
- assert( matchp );
- assert( value );
- assert( assertedValue );
-
- match = value->bv_len - asserted->bv_len;
-
- if ( match == 0 ) {
- match = strcmp( value->bv_val, asserted->bv_val );
- }
+ assert( val );
+ assert( dn );
#ifdef NEW_LOGGING
- LDAP_LOG(( "schema", LDAP_LEVEL_ENTRY,
- "dnMatch: %d\n %s\n %s\n", match,
- value->bv_val, asserted->bv_val ));
+ LDAP_LOG( OPERATION, ARGS, ">>> dn%sDN: <%s>\n",
+ flags == SLAP_LDAPDN_PRETTY ? "Pretty" : "Normal",
+ val->bv_val, 0 );
#else
- Debug( LDAP_DEBUG_ARGS, "dnMatch %d\n\t\"%s\"\n\t\"%s\"\n",
- match, value->bv_val, asserted->bv_val );
+ Debug( LDAP_DEBUG_TRACE, ">>> dn%sDN: <%s>\n",
+ flags == SLAP_LDAPDN_PRETTY ? "Pretty" : "Normal",
+ val->bv_val, 0 );
#endif
- *matchp = match;
- return( LDAP_SUCCESS );
-}
-
-#ifdef SLAP_DN_MIGRATION
-/*
- * these routines are provided for migration purposes only!
- * dn_validate is deprecated in favor of dnValidate
- * dn_normalize is deprecated in favor of dnNormalize
- * strcmp/strcasecmp for DNs is deprecated in favor of dnMatch
- *
- * other routines are likewise deprecated but may not yet have
- * replacement functions.
- */
-
-/*
- * dn_validate - validate and compress dn. the dn is
- * compressed in place are returned if valid.
- * Deprecated in favor of dnValidate()
- */
-char *
-dn_validate( char *dn )
-{
- struct berval val, *pretty;
- int rc;
-
- if ( dn == NULL || dn[0] == '\0' ) {
- return dn;
- }
-
- val.bv_val = dn;
- val.bv_len = strlen( dn );
-
- rc = dnPretty( NULL, &val, &pretty );
- if ( rc != LDAP_SUCCESS ) {
- return NULL;
- }
-
- if ( val.bv_len < pretty->bv_len ) {
- ber_bvfree( pretty );
- return NULL;
- }
-
- AC_MEMCPY( dn, pretty->bv_val, pretty->bv_len + 1 );
- ber_bvfree( pretty );
-
- return dn;
-}
+ if ( val->bv_len == 0 ) {
+ return LDAP_SUCCESS;
-/*
- * dn_normalize - put dn into a canonical form suitable for storing
- * in a hash database. this involves normalizing the case as well as
- * the format. the dn is normalized in place as well as returned if valid.
- * Deprecated in favor of dnNormalize()
- */
-char *
-dn_normalize( char *dn )
-{
- struct berval val, *normalized;
- int rc;
+ } else if ( val->bv_len > SLAP_LDAPDN_MAXLEN ) {
+ return LDAP_INVALID_SYNTAX;
- if ( dn == NULL || dn[0] == '\0' ) {
- return dn;
- }
+ } else {
+ int rc;
- val.bv_val = dn;
- val.bv_len = strlen( dn );
+ /* FIXME: should be liberal in what we accept */
+ rc = ldap_bv2dn_x( val, dn, LDAP_DN_FORMAT_LDAP, ctx );
+ if ( rc != LDAP_SUCCESS ) {
+ return LDAP_INVALID_SYNTAX;
+ }
- rc = dnNormalize( NULL, &val, &normalized );
- if ( rc != LDAP_SUCCESS ) {
- return NULL;
- }
+ assert( strlen( val->bv_val ) == val->bv_len );
- if ( val.bv_len < normalized->bv_len ) {
- ber_bvfree( normalized );
- return NULL;
+ /*
+ * Schema-aware rewrite
+ */
+ if ( LDAPDN_rewrite( *dn, flags, ctx ) != LDAP_SUCCESS ) {
+ ldap_dnfree_x( *dn, ctx );
+ *dn = NULL;
+ return LDAP_INVALID_SYNTAX;
+ }
}
- AC_MEMCPY( dn, normalized->bv_val, normalized->bv_len + 1 );
- ber_bvfree( normalized );
+ Debug( LDAP_DEBUG_TRACE, "<<< dn%sDN\n",
+ flags == SLAP_LDAPDN_PRETTY ? "Pretty" : "Normal",
+ 0, 0 );
- return dn;
+ return LDAP_SUCCESS;
}
-
/*
- * dn_parent - return the dn's parent, in-place
+ * Combination of both dnPretty and dnNormalize
*/
-char *
-dn_parent(
- Backend *be,
- const char *dn )
+int
+dnPrettyNormal(
+ Syntax *syntax,
+ struct berval *val,
+ struct berval *pretty,
+ struct berval *normal,
+ void *ctx)
{
- const char *s;
- int inquote;
+#ifdef NEW_LOGGING
+ LDAP_LOG ( OPERATION, ENTRY, ">>> dnPrettyNormal: <%s>\n", val->bv_val, 0, 0 );
+#else
+ Debug( LDAP_DEBUG_TRACE, ">>> dnPrettyNormal: <%s>\n", val->bv_val, 0, 0 );
+#endif
- if( dn == NULL ) {
- return NULL;
- }
+ assert( val );
+ assert( pretty );
+ assert( normal );
- while(*dn != '\0' && ASCII_SPACE(*dn)) {
- dn++;
- }
+ if ( val->bv_len == 0 ) {
+ ber_dupbv_x( pretty, val, ctx );
+ ber_dupbv_x( normal, val, ctx );
- if( *dn == '\0' ) {
- return NULL;
- }
+ } else if ( val->bv_len > SLAP_LDAPDN_MAXLEN ) {
+ /* too big */
+ return LDAP_INVALID_SYNTAX;
- if ( be != NULL && be_issuffix( be, dn ) ) {
- return NULL;
- }
+ } else {
+ LDAPDN dn = NULL;
+ int rc;
- /*
- * assume it is an X.500-style name, which looks like
- * foo=bar,sha=baz,...
- */
+ pretty->bv_val = NULL;
+ normal->bv_val = NULL;
+ pretty->bv_len = 0;
+ normal->bv_len = 0;
- inquote = 0;
- for ( s = dn; *s; s++ ) {
- if ( *s == '\\' ) {
- if ( *(s + 1) ) {
- s++;
- }
- continue;
- }
- if ( inquote ) {
- if ( *s == '"' ) {
- inquote = 0;
- }
- } else {
- if ( *s == '"' ) {
- inquote = 1;
- } else if ( DN_SEPARATOR( *s ) ) {
- return (char *)s + 1;
- }
+ /* FIXME: should be liberal in what we accept */
+ rc = ldap_bv2dn_x( val, &dn, LDAP_DN_FORMAT_LDAP, ctx );
+ if ( rc != LDAP_SUCCESS ) {
+ return LDAP_INVALID_SYNTAX;
}
- }
- return "";
-}
-
-int dn_rdnlen(
- Backend *be,
- const char *dn_in )
-{
- char *s;
- int inquote;
+ assert( strlen( val->bv_val ) == val->bv_len );
- if( dn_in == NULL ) {
- return 0;
- }
+ /*
+ * Schema-aware rewrite
+ */
+ if ( LDAPDN_rewrite( dn, SLAP_LDAPDN_PRETTY, ctx ) != LDAP_SUCCESS ) {
+ ldap_dnfree_x( dn, ctx );
+ return LDAP_INVALID_SYNTAX;
+ }
- while(*dn_in && ASCII_SPACE(*dn_in)) {
- dn_in++;
- }
+ rc = ldap_dn2bv_x( dn, pretty,
+ LDAP_DN_FORMAT_LDAPV3 | LDAP_DN_PRETTY, ctx );
- if( *dn_in == '\0' ) {
- return( 0 );
- }
+ if ( rc != LDAP_SUCCESS ) {
+ ldap_dnfree_x( dn, ctx );
+ return LDAP_INVALID_SYNTAX;
+ }
- if ( be != NULL && be_issuffix( be, dn_in ) ) {
- return( 0 );
- }
+ if ( LDAPDN_rewrite( dn, 0, ctx ) != LDAP_SUCCESS ) {
+ ldap_dnfree_x( dn, ctx );
+ ber_memfree_x( pretty->bv_val, ctx );
+ pretty->bv_val = NULL;
+ pretty->bv_len = 0;
+ return LDAP_INVALID_SYNTAX;
+ }
- inquote = 0;
+ rc = ldap_dn2bv_x( dn, normal,
+ LDAP_DN_FORMAT_LDAPV3 | LDAP_DN_PRETTY, ctx );
- for ( s = (char *)dn_in; *s; s++ ) {
- if ( *s == '\\' ) {
- if ( *(s + 1) ) {
- s++;
- }
- continue;
- }
- if ( inquote ) {
- if ( *s == '"' ) {
- inquote = 0;
- }
- } else {
- if ( *s == '"' ) {
- inquote = 1;
- } else if ( DN_SEPARATOR( *s ) ) {
- break;
- }
+ ldap_dnfree_x( dn, ctx );
+ if ( rc != LDAP_SUCCESS ) {
+ ber_memfree_x( pretty->bv_val, ctx );
+ pretty->bv_val = NULL;
+ pretty->bv_len = 0;
+ return LDAP_INVALID_SYNTAX;
}
}
- return( s - dn_in );
-}
-
-char * dn_rdn(
- Backend *be,
- const char *dn_in )
-{
- char *rdn;
- int i = dn_rdnlen( be, dn_in );
-
- rdn = ch_malloc( i + 1 );
- strncpy(rdn, dn_in, i);
- rdn[i] = '\0';
- return rdn;
-}
-
-/*
- * return a charray of all subtrees to which the DN resides in
- */
-char **dn_subtree(
- Backend *be,
- const char *dn )
-{
- char **subtree = NULL;
-
- do {
- charray_add( &subtree, dn );
-
- dn = dn_parent( be, dn );
-
- } while ( dn != NULL );
+#ifdef NEW_LOGGING
+ LDAP_LOG (OPERATION, RESULTS, "<<< dnPrettyNormal: <%s>, <%s>\n",
+ pretty->bv_val, normal->bv_val, 0 );
+#else
+ Debug( LDAP_DEBUG_TRACE, "<<< dnPrettyNormal: <%s>, <%s>\n",
+ pretty->bv_val, normal->bv_val, 0 );
+#endif
- return subtree;
+ return LDAP_SUCCESS;
}
/*
- * dn_issuffix - tells whether suffix is a suffix of dn.
- * Both dn and suffix must be normalized.
- * deprecated in favor of dnIsSuffix()
+ * dnMatch routine
*/
int
-dn_issuffix(
- const char *dn,
- const char *suffix
-)
+dnMatch(
+ int *matchp,
+ slap_mask_t flags,
+ Syntax *syntax,
+ MatchingRule *mr,
+ struct berval *value,
+ void *assertedValue )
{
- struct berval bvdn, bvsuffix;
+ int match;
+ struct berval *asserted = (struct berval *) assertedValue;
- assert( dn );
- assert( suffix );
+ assert( matchp );
+ assert( value );
+ assert( assertedValue );
+
+ match = value->bv_len - asserted->bv_len;
- bvdn.bv_val = (char *) dn;
- bvdn.bv_len = strlen( dn );
- bvsuffix.bv_val = (char *) suffix;
- bvsuffix.bv_len = strlen( suffix );
+ if ( match == 0 ) {
+ match = memcmp( value->bv_val, asserted->bv_val,
+ value->bv_len );
+ }
+
+#ifdef NEW_LOGGING
+ LDAP_LOG( CONFIG, ENTRY, "dnMatch: %d\n %s\n %s\n",
+ match, value->bv_val, asserted->bv_val );
+#else
+ Debug( LDAP_DEBUG_ARGS, "dnMatch %d\n\t\"%s\"\n\t\"%s\"\n",
+ match, value->bv_val, asserted->bv_val );
+#endif
- return dnIsSuffix( &bvdn, &bvsuffix );
+ *matchp = match;
+ return( LDAP_SUCCESS );
}
/*
- * get_next_substring(), rdn_attr_type(), rdn_attr_value(), and
- * build_new_dn().
- *
- * Copyright 1999, Juan C. Gomez, All rights reserved.
- * This software is not subject to any license of Silicon Graphics
- * Inc. or Purdue University.
- *
- * Redistribution and use in source and binary forms are permitted
- * without restriction or fee of any kind as long as this notice
- * is preserved.
- *
- */
-
-/* get_next_substring:
+ * dnParent - dn's parent, in-place
*
- * Gets next substring in s, using d (or the end of the string '\0') as a
- * string delimiter, and places it in a duplicated memory space. Leading
- * spaces are ignored. String s **must** be null-terminated.
+ * note: the incoming dn is assumed to be normalized/prettyfied,
+ * so that escaped rdn/ava separators are in '\'+hexpair form
*/
-
-static char *
-get_next_substring( const char * s, char d )
+void
+dnParent(
+ struct berval *dn,
+ struct berval *pdn )
{
+ char *p;
- char *str, *r;
-
- r = str = ch_malloc( strlen(s) + 1 );
+ p = strchr( dn->bv_val, ',' );
- /* Skip leading spaces */
-
- while ( *s && ASCII_SPACE(*s) ) {
- s++;
+ /* one-level dn */
+ if ( p == NULL ) {
+ pdn->bv_len = 0;
+ pdn->bv_val = dn->bv_val + dn->bv_len;
+ return;
}
-
- /* Copy word */
- while ( *s && (*s != d) ) {
+ assert( DN_SEPARATOR( p[ 0 ] ) );
+ p++;
- /* Don't stop when you see trailing spaces may be a multi-word
- * string, i.e. name=John Doe!
- */
+ assert( ATTR_LEADCHAR( p[ 0 ] ) );
+ pdn->bv_val = p;
+ pdn->bv_len = dn->bv_len - (p - dn->bv_val);
- *str++ = *s++;
- }
-
- *str = '\0';
-
- return r;
-
+ return;
}
-
-/* rdn_attr_type:
- *
- * Given a string (i.e. an rdn) of the form:
- * "attribute_type = attribute_value"
- * this function returns the type of an attribute, that is the
- * string "attribute_type" which is placed in newly allocated
- * memory. The returned string will be null-terminated.
- */
-
-char * rdn_attr_type( const char * s )
+int
+dnExtractRdn(
+ struct berval *dn,
+ struct berval *rdn,
+ void *ctx )
{
- return get_next_substring( s, '=' );
-}
+ LDAPRDN tmpRDN;
+ const char *p;
+ int rc;
+ assert( dn );
+ assert( rdn );
-/* rdn_attr_value:
- *
- * Given a string (i.e. an rdn) of the form:
- * "attribute_type = attribute_value"
- * this function returns "attribute_type" which is placed in newly allocated
- * memory. The returned string will be null-terminated and may contain
- * spaces (i.e. "John Doe\0").
- */
+ if( dn->bv_len == 0 ) {
+ return LDAP_OTHER;
+ }
-char *
-rdn_attr_value( const char * rdn )
-{
+ rc = ldap_bv2rdn_x( dn, &tmpRDN, (char **)&p, LDAP_DN_FORMAT_LDAP, ctx );
+ if ( rc != LDAP_SUCCESS ) {
+ return rc;
+ }
- const char *str;
+ rc = ldap_rdn2bv_x( tmpRDN, rdn, LDAP_DN_FORMAT_LDAPV3 | LDAP_DN_PRETTY, ctx );
- if ( (str = strchr( rdn, '=' )) != NULL ) {
- return get_next_substring(++str, '\0');
+ ldap_rdnfree_x( tmpRDN, ctx );
+ if ( rc != LDAP_SUCCESS ) {
+ return rc;
}
- return NULL;
-
+ return LDAP_SUCCESS;
}
-
-/* rdn_attrs:
- *
- * Given a string (i.e. an rdn) of the form:
- * "attribute_type=attribute_value[+attribute_type=attribute_value[...]]"
- * this function stores the types of the attributes in ptypes, that is the
- * array of strings "attribute_type" which is placed in newly allocated
- * memory, and the values of the attributes in pvalues, that is the
- * array of strings "attribute_value" which is placed in newly allocated
- * memory. Returns 0 on success, -1 on failure.
- *
- * note: got part of the code from dn_validate
+/*
+ * We can assume the input is a prettied or normalized DN
*/
-
-int
-rdn_attrs( const char * rdn_in, char ***ptypes, char ***pvalues)
+int
+dn_rdnlen(
+ Backend *be,
+ struct berval *dn_in )
{
- char **parts, **p;
+ const char *p;
- *ptypes = NULL;
- *pvalues = NULL;
+ assert( dn_in );
- /*
- * explode the rdn in parts
- */
- parts = ldap_explode_rdn( rdn_in, 0 );
+ if ( dn_in == NULL ) {
+ return 0;
+ }
- if ( parts == NULL ) {
- return( -1 );
+ if ( !dn_in->bv_len ) {
+ return 0;
}
- for ( p = parts; p[0]; p++ ) {
- char *s, *e, *d;
-
- /* split each rdn part in type value */
- s = strchr( p[0], '=' );
- if ( s == NULL ) {
- charray_free( *ptypes );
- charray_free( *pvalues );
- charray_free( parts );
- return( -1 );
- }
-
- /* type should be fine */
- charray_add_n( ptypes, p[0], ( s-p[0] ) );
-
- /* value needs to be unescaped
- * (maybe this should be moved to ldap_explode_rdn?) */
- for ( e = d = s + 1; e[0]; e++ ) {
- if ( *e != '\\' ) {
- *d++ = *e;
- }
- }
- d[0] = '\0';
- charray_add( pvalues, s + 1 );
+ if ( be != NULL && be_issuffix( be, dn_in ) ) {
+ return 0;
}
- /* free array */
- charray_free( parts );
+ p = strchr( dn_in->bv_val, ',' );
- return( 0 );
+ return p ? p - dn_in->bv_val : dn_in->bv_len;
}
-/* rdn_validate:
- *
- * 1 if rdn is a legal rdn;
- * 0 otherwise (including a sequence of rdns)
+/* rdnValidate:
*
- * note: got it from dn_rdn; it should be rewritten
- * according to dn_validate
+ * LDAP_SUCCESS if rdn is a legal rdn;
+ * LDAP_INVALID_SYNTAX otherwise (including a sequence of rdns)
*/
int
-rdn_validate( const char * rdn )
+rdnValidate( struct berval *rdn )
{
- int inquote;
-
- if ( rdn == NULL ) {
- return( 0 );
+#if 1
+ /* Major cheat!
+ * input is a pretty or normalized DN
+ * hence, we can just search for ','
+ */
+ if( rdn == NULL || rdn->bv_len == 0 ||
+ rdn->bv_len > SLAP_LDAPDN_MAXLEN )
+ {
+ return LDAP_INVALID_SYNTAX;
}
- if ( strchr( rdn, '=' ) == NULL ) {
- return( 0 );
- }
+ return strchr( rdn->bv_val, ',' ) == NULL
+ ? LDAP_SUCCESS : LDAP_INVALID_SYNTAX;
+
+#else
+ LDAPRDN *RDN, **DN[ 2 ] = { &RDN, NULL };
+ const char *p;
+ int rc;
- while ( *rdn && ASCII_SPACE( *rdn ) ) {
- rdn++;
+ /*
+ * must be non-empty
+ */
+ if ( rdn == NULL || rdn == '\0' ) {
+ return 0;
}
- if( *rdn == '\0' ) {
- return( 0 );
+ /*
+ * must be parsable
+ */
+ rc = ldap_bv2rdn( rdn, &RDN, (char **)&p, LDAP_DN_FORMAT_LDAP );
+ if ( rc != LDAP_SUCCESS ) {
+ return 0;
}
- inquote = 0;
+ /*
+ * Must be one-level
+ */
+ if ( p[ 0 ] != '\0' ) {
+ return 0;
+ }
- for ( ; *rdn; rdn++ ) {
- if ( *rdn == '\\' ) {
- if ( *(rdn + 1) ) {
- rdn++;
- }
- continue;
- }
- if ( inquote ) {
- if ( *rdn == '"' ) {
- inquote = 0;
- }
- } else {
- if ( *rdn == '"' ) {
- inquote = 1;
- } else if ( DN_SEPARATOR( *rdn ) ) {
- return( 0 );
- }
- }
+ /*
+ * Schema-aware validate
+ */
+ if ( rc == LDAP_SUCCESS ) {
+ rc = LDAPDN_validate( DN );
}
+ ldap_rdnfree( RDN );
- return( 1 );
+ /*
+ * Must validate (there's a repeated parsing ...)
+ */
+ return ( rc == LDAP_SUCCESS );
+#endif
}
* Used by ldbm/bdb2 back_modrdn to create the new dn of entries being
* renamed.
*
- * new_dn = parent (p_dn) + separator(s) + rdn (newrdn) + null.
+ * new_dn = parent (p_dn) + separator + rdn (newrdn) + null.
*/
void
-build_new_dn( char ** new_dn,
- const char *e_dn,
- const char * p_dn,
- const char * newrdn )
+build_new_dn( struct berval * new_dn,
+ struct berval * parent_dn,
+ struct berval * newrdn,
+ void *memctx )
{
+ char *ptr;
- if ( p_dn == NULL ) {
- *new_dn = ch_strdup( newrdn );
+ if ( parent_dn == NULL ) {
+ ber_dupbv( new_dn, newrdn );
return;
}
- *new_dn = (char *) ch_malloc( strlen( p_dn ) + strlen( newrdn ) + 3 );
+ new_dn->bv_len = parent_dn->bv_len + newrdn->bv_len + 1;
+ new_dn->bv_val = (char *) sl_malloc( new_dn->bv_len + 1, memctx );
- strcpy( *new_dn, newrdn );
- strcat( *new_dn, "," );
- strcat( *new_dn, p_dn );
+ ptr = lutil_strcopy( new_dn->bv_val, newrdn->bv_val );
+ *ptr++ = ',';
+ strcpy( ptr, parent_dn->bv_val );
}
-#endif /* SLAP_DN_MIGRATION */
/*
* dnIsSuffix - tells whether suffix is a suffix of dn.
}
/* no rdn separator or escaped rdn separator */
- if ( d > 1 && ( !DN_SEPARATOR( dn->bv_val[ d - 1 ] )
- || DN_ESCAPE( dn->bv_val[ d - 2 ] ) ) ) {
+ if ( d > 1 && !DN_SEPARATOR( dn->bv_val[ d - 1 ] ) ) {
return 0;
}
/* compare */
return( strcmp( dn->bv_val + d, suffix->bv_val ) == 0 );
}
+
+#ifdef HAVE_TLS
+/*
+ * Convert an X.509 DN into a normalized LDAP DN
+ */
+int
+dnX509normalize( void *x509_name, struct berval *out )
+{
+ /* Invoke the LDAP library's converter with our schema-rewriter */
+ int rc = ldap_X509dn2bv( x509_name, out, LDAPDN_rewrite, 0 );
+
+ Debug( LDAP_DEBUG_TRACE,
+ "dnX509Normalize: <%s>\n", out->bv_val, 0, 0 );
+
+ return rc;
+}
+
+/*
+ * Get the TLS session's peer's DN into a normalized LDAP DN
+ */
+int
+dnX509peerNormalize( void *ssl, struct berval *dn )
+{
+
+ return ldap_pvt_tls_get_peer_dn( ssl, dn, (LDAPDN_rewrite_dummy *)LDAPDN_rewrite, 0 );
+}
+#endif