ITS#2919 move OpenLDAPtime to OpenLDAPperson

[openldap] / servers / slapd / dn.c

diff --git a/servers/slapd/dn.c b/servers/slapd/dn.c
index c45e6917efe7f729bccd5064b1517d5fa6b62876..6ed1b0cda032e9a15af34ea0547824779e2a15ea 100644 (file)
--- a/servers/slapd/dn.c
+++ b/servers/slapd/dn.c
@@ -2,7 +2,7 @@
 /* $OpenLDAP$ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -34,7 +34,6 @@
 #include <ac/time.h>
 
 #include "slap.h"
-#include "ldap_pvt.h" /* must be after slap.h, to get ldap_bv2dn_x() & co */
 #include "lutil.h"
 
 /*
@@ -1126,6 +1125,33 @@ dnParent(
        return;
 }
 
+/*
+ * dnRdn - dn's rdn, in-place
+ * note: the incoming dn is assumed to be normalized/prettyfied,
+ * so that escaped rdn/ava separators are in '\'+hexpair form
+ */
+void
+dnRdn( 
+       struct berval   *dn, 
+       struct berval   *rdn )
+{
+       char    *p;
+
+       *rdn = *dn;
+       p = strchr( dn->bv_val, ',' );
+
+       /* one-level dn */
+       if ( p == NULL ) {
+               return;
+       }
+
+       assert( DN_SEPARATOR( p[ 0 ] ) );
+       assert( ATTR_LEADCHAR( p[ 1 ] ) );
+       rdn->bv_len = p - dn->bv_val;
+
+       return;
+}
+
 int
 dnExtractRdn( 
        struct berval   *dn, 
@@ -1273,7 +1299,7 @@ build_new_dn( struct berval * new_dn,
        new_dn->bv_len = parent_dn->bv_len + newrdn->bv_len + 1;
        new_dn->bv_val = (char *) slap_sl_malloc( new_dn->bv_len + 1, memctx );
 
-       ptr = lutil_strcopy( new_dn->bv_val, newrdn->bv_val );
+       ptr = lutil_strncopy( new_dn->bv_val, newrdn->bv_val, newrdn->bv_len );
        *ptr++ = ',';
        strcpy( ptr, parent_dn->bv_val );
 }
@@ -1330,6 +1356,22 @@ dnIsOneLevelRDN( struct berval *rdn )
        return 1;
 }
 
+#ifdef HAVE_TLS
+static SLAP_CERT_MAP_FN *DNX509PeerNormalizeCertMap = NULL;
+#endif
+
+int register_certificate_map_function(SLAP_CERT_MAP_FN *fn)
+{
+#ifdef HAVE_TLS
+       if ( DNX509PeerNormalizeCertMap == NULL ) {
+               DNX509PeerNormalizeCertMap = fn;
+               return 0;
+       }
+#endif
+
+       return -1;
+}
+
 #ifdef HAVE_TLS
 /*
  * Convert an X.509 DN into a normalized LDAP DN
@@ -1352,7 +1394,16 @@ dnX509normalize( void *x509_name, struct berval *out )
 int
 dnX509peerNormalize( void *ssl, struct berval *dn )
 {
-       return ldap_pvt_tls_get_peer_dn( ssl, dn,
-               (LDAPDN_rewrite_dummy *)LDAPDN_rewrite, 0 );
+       int rc = LDAP_INVALID_CREDENTIALS;
+
+       if ( DNX509PeerNormalizeCertMap != NULL )
+               rc = (*DNX509PeerNormalizeCertMap)( ssl, dn );
+
+       if ( rc != LDAP_SUCCESS ) {
+               rc = ldap_pvt_tls_get_peer_dn( ssl, dn,
+                       (LDAPDN_rewrite_dummy *)LDAPDN_rewrite, 0 );
+       }
+
+       return rc;
 }
 #endif