DB_RMW flag to dn2id and id2entry

[openldap] / servers / slapd / dn.c

diff --git a/servers/slapd/dn.c b/servers/slapd/dn.c
index 24b7c73ff7abb72d41d87f2eaa3c97dfa17b171a..75a349b4333dfecf05e838aad623154e6e47c670 100644 (file)
--- a/servers/slapd/dn.c
+++ b/servers/slapd/dn.c
@@ -242,6 +242,7 @@ LDAPDN_rewrite( LDAPDN *dn, unsigned flags )
                for ( iAVA = 0; rdn[ 0 ][ iAVA ]; iAVA++ ) {
                        LDAPAVA                 *ava = rdn[ 0 ][ iAVA ];
                        AttributeDescription    *ad;
+                       slap_syntax_validate_func *validf = NULL;
                        slap_syntax_transform_func *transf = NULL;
                        MatchingRule *mr;
                        struct berval           bv = { 0, NULL };
@@ -268,17 +269,31 @@ LDAPDN_rewrite( LDAPDN *dn, unsigned flags )
 
                        if( ava->la_flags & LDAP_AVA_BINARY ) {
                                /* AVA is binary encoded, don't muck with it */
+                               validf = NULL;
                                transf = NULL;
                                mr = NULL;
-
                        } else if( flags & SLAP_LDAPDN_PRETTY ) {
+                               validf = NULL;
                                transf = ad->ad_type->sat_syntax->ssyn_pretty;
                                mr = NULL;
                        } else {
+                               validf = ad->ad_type->sat_syntax->ssyn_validate;
                                transf = ad->ad_type->sat_syntax->ssyn_normalize;
                                mr = ad->ad_type->sat_equality;
                        }
 
+                       if ( validf ) {
+                               /* validate value before normalization */
+                               rc = ( *validf )( ad->ad_type->sat_syntax,
+                                       ava->la_value.bv_len
+                                               ? &ava->la_value
+                                               : (struct berval *) &slap_empty_bv );
+
+                               if ( rc != LDAP_SUCCESS ) {
+                                       return LDAP_INVALID_SYNTAX;
+                               }
+                       }
+
                        if ( transf ) {
                                /*
                                 * transform value by normalize/pretty function
@@ -298,9 +313,10 @@ LDAPDN_rewrite( LDAPDN *dn, unsigned flags )
                        if( mr && ( mr->smr_usage & SLAP_MR_DN_FOLD ) ) {
                                char *s = bv.bv_val;
 
-                               ber_str2bv( UTF8normalize( bv.bv_val ? &bv
-                                       : &ava->la_value, LDAP_UTF8_CASEFOLD ),
-                                       0, 0, &bv );
+                               if ( UTF8bvnormalize( &bv, &bv, 
+                                               LDAP_UTF8_CASEFOLD ) == NULL ) {
+                                       return LDAP_INVALID_SYNTAX;
+                               }
                                free( s );
                        }
 
@@ -608,7 +624,8 @@ dnParent(
 
        /* one-level dn */
        if ( p == NULL ) {
-               *pdn = slap_empty_bv;
+               pdn->bv_len = 0;
+               pdn->bv_val = dn->bv_val + dn->bv_len;
                return;
        }
 
@@ -813,3 +830,25 @@ dnIsSuffix(
        /* compare */
        return( strcmp( dn->bv_val + d, suffix->bv_val ) == 0 );
 }
+
+#ifdef HAVE_TLS
+/*
+ * Convert an X.509 DN into a normalized LDAP DN
+ */
+int
+dnX509normalize( void *x509_name, struct berval *out )
+{
+       /* Invoke the LDAP library's converter with our schema-rewriter */
+       return ldap_X509dn2bv( x509_name, out, LDAPDN_rewrite, 0 );
+}
+
+/*
+ * Get the TLS session's peer's DN into a normalized LDAP DN
+ */
+int
+dnX509peerNormalize( void *ssl, struct berval *dn )
+{
+
+       return ldap_pvt_tls_get_peer_dn( ssl, dn, (LDAPDN_rewrite_dummy *)LDAPDN_rewrite, 0 );
+}
+#endif