for ( iAVA = 0; rdn[ 0 ][ iAVA ]; iAVA++ ) {
LDAPAVA *ava = rdn[ 0 ][ iAVA ];
AttributeDescription *ad;
+ slap_syntax_validate_func *validf = NULL;
slap_syntax_transform_func *transf = NULL;
MatchingRule *mr;
struct berval bv = { 0, NULL };
if( ava->la_flags & LDAP_AVA_BINARY ) {
/* AVA is binary encoded, don't muck with it */
+ validf = NULL;
transf = NULL;
mr = NULL;
-
} else if( flags & SLAP_LDAPDN_PRETTY ) {
+ validf = NULL;
transf = ad->ad_type->sat_syntax->ssyn_pretty;
mr = NULL;
} else {
+ validf = ad->ad_type->sat_syntax->ssyn_validate;
transf = ad->ad_type->sat_syntax->ssyn_normalize;
mr = ad->ad_type->sat_equality;
}
+ if ( validf ) {
+ /* validate value before normalization */
+ rc = ( *validf )( ad->ad_type->sat_syntax,
+ ava->la_value.bv_len
+ ? &ava->la_value
+ : (struct berval *) &slap_empty_bv );
+
+ if ( rc != LDAP_SUCCESS ) {
+ return LDAP_INVALID_SYNTAX;
+ }
+ }
+
if ( transf ) {
/*
* transform value by normalize/pretty function
if( mr && ( mr->smr_usage & SLAP_MR_DN_FOLD ) ) {
char *s = bv.bv_val;
- ber_str2bv( UTF8normalize( bv.bv_val ? &bv
- : &ava->la_value, LDAP_UTF8_CASEFOLD ),
- 0, 0, &bv );
+ if ( UTF8bvnormalize( &bv, &bv,
+ LDAP_UTF8_CASEFOLD ) == NULL ) {
+ return LDAP_INVALID_SYNTAX;
+ }
free( s );
}
/* one-level dn */
if ( p == NULL ) {
- *pdn = slap_empty_bv;
+ pdn->bv_len = 0;
+ pdn->bv_val = dn->bv_val + dn->bv_len;
return;
}
/* compare */
return( strcmp( dn->bv_val + d, suffix->bv_val ) == 0 );
}
+
+#ifdef HAVE_TLS
+/*
+ * Convert an X.509 DN into a normalized LDAP DN
+ */
+int
+dnX509normalize( void *x509_name, struct berval *out )
+{
+ /* Invoke the LDAP library's converter with our schema-rewriter */
+ return ldap_X509dn2bv( x509_name, out, LDAPDN_rewrite, 0 );
+}
+
+/*
+ * Get the TLS session's peer's DN into a normalized LDAP DN
+ */
+int
+dnX509peerNormalize( void *ssl, struct berval *dn )
+{
+
+ return ldap_pvt_tls_get_peer_dn( ssl, dn, (LDAPDN_rewrite_dummy *)LDAPDN_rewrite, 0 );
+}
+#endif