/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
ava->la_private = ( void * )ad;
}
+ /*
+ * Do not allow X-ORDERED 'VALUES' naming attributes
+ */
+ if ( ad->ad_type->sat_flags & SLAP_AT_ORDERED_VAL ) {
+ return LDAP_INVALID_SYNTAX;
+ }
+
/*
* Replace attr oid/name with the canonical name
*/
assert( dn != NULL );
for ( iRDN = 0; dn[ iRDN ]; iRDN++ ) {
- LDAPRDN rdn = dn[ iRDN ];
- int iAVA;
-
- assert( rdn != NULL );
-
- for ( iAVA = 0; rdn[ iAVA ]; iAVA++ ) {
- LDAPAVA *ava = rdn[ iAVA ];
- AttributeDescription *ad;
- slap_syntax_validate_func *validate = NULL;
-
- assert( ava != NULL );
-
- if ( ( ad = AVA_PRIVATE( ava ) ) == NULL ) {
- const char *text = NULL;
-
- rc = slap_bv2ad( &ava->la_attr, &ad, &text );
- if ( rc != LDAP_SUCCESS ) {
- rc = slap_bv2undef_ad( &ava->la_attr,
- &ad, &text,
- SLAP_AD_PROXIED|slap_DN_strict );
- if ( rc != LDAP_SUCCESS ) {
- return LDAP_INVALID_SYNTAX;
- }
- }
-
- ava->la_private = ( void * )ad;
- }
-
- /*
- * Replace attr oid/name with the canonical name
- */
- ava->la_attr = ad->ad_cname;
-
- validate = ad->ad_type->sat_syntax->ssyn_validate;
-
- if ( validate ) {
- /*
- * validate value by validate function
- */
- rc = ( *validate )( ad->ad_type->sat_syntax,
- &ava->la_value );
-
- if ( rc != LDAP_SUCCESS ) {
- return LDAP_INVALID_SYNTAX;
- }
- }
+ rc = LDAPRDN_validate( dn[ iRDN ] );
+ if ( rc != LDAP_SUCCESS ) {
+ return rc;
}
}
* Note: the sorting can be slightly improved by sorting first
* by attribute type length, then by alphabetical order.
*
- * uses a linear search; should be fine since the number of AVAs in
+ * uses an insertion sort; should be fine since the number of AVAs in
* a RDN should be limited.
*/
-static void
-AVA_Sort( LDAPRDN rdn, int iAVA )
+static int
+AVA_Sort( LDAPRDN rdn, int nAVAs )
{
+ LDAPAVA *ava_i;
int i;
- LDAPAVA *ava_in = rdn[ iAVA ];
assert( rdn != NULL );
- assert( ava_in != NULL );
-
- for ( i = 0; i < iAVA; i++ ) {
- LDAPAVA *ava = rdn[ i ];
- int a, j;
- assert( ava != NULL );
+ for ( i = 1; i < nAVAs; i++ ) {
+ LDAPAVA *ava_j;
+ int j;
- a = strcmp( ava_in->la_attr.bv_val, ava->la_attr.bv_val );
+ ava_i = rdn[ i ];
+ for ( j = i-1; j >=0; j-- ) {
+ int a;
- if ( a > 0 ) {
- break;
- }
+ ava_j = rdn[ j ];
+ a = strcmp( ava_i->la_attr.bv_val, ava_j->la_attr.bv_val );
- while ( a == 0 ) {
- int v, d;
+ if ( a == 0 ) {
+ int d;
- d = ava_in->la_value.bv_len - ava->la_value.bv_len;
+ d = ava_i->la_value.bv_len - ava_j->la_value.bv_len;
- v = memcmp( ava_in->la_value.bv_val,
- ava->la_value.bv_val,
- d <= 0 ? ava_in->la_value.bv_len
- : ava->la_value.bv_len );
+ a = memcmp( ava_i->la_value.bv_val,
+ ava_j->la_value.bv_val,
+ d <= 0 ? ava_i->la_value.bv_len
+ : ava_j->la_value.bv_len );
- if ( v == 0 && d != 0 ) {
- v = d;
+ if ( a == 0 ) {
+ a = d;
+ }
}
+ /* Duplicates are not allowed */
+ if ( a == 0 )
+ return LDAP_INVALID_DN_SYNTAX;
- if ( v <= 0 ) {
- /*
- * got it!
- */
+ if ( a > 0 )
break;
- }
-
- if ( ++i == iAVA ) {
- /*
- * already sorted
- */
- return;
- }
-
- ava = rdn[ i ];
- a = strcmp( ava_in->la_attr.bv_val,
- ava->la_attr.bv_val );
- }
- /*
- * move ahead
- */
- for ( j = iAVA; j > i; j-- ) {
- rdn[ j ] = rdn[ j - 1 ];
+ rdn[ j+1 ] = rdn[ j ];
}
- rdn[ i ] = ava_in;
-
- return;
+ rdn[ j+1 ] = ava_i;
}
+ return LDAP_SUCCESS;
}
static int
LDAPRDN_rewrite( LDAPRDN rdn, unsigned flags, void *ctx )
{
- int rc;
- int iAVA;
+ int rc, iAVA, do_sort = 0;
+
for ( iAVA = 0; rdn[ iAVA ]; iAVA++ ) {
LDAPAVA *ava = rdn[ iAVA ];
AttributeDescription *ad;
slap_syntax_transform_func *transf = NULL;
MatchingRule *mr = NULL;
struct berval bv = BER_BVNULL;
- int do_sort = 0;
assert( ava != NULL );
return LDAP_INVALID_SYNTAX;
}
+ /* Do not allow X-ORDERED 'VALUES' naming attributes */
+ } else if( ad->ad_type->sat_flags & SLAP_AT_ORDERED_VAL ) {
+ return LDAP_INVALID_SYNTAX;
+
/* AVA is binary encoded, don't muck with it */
} else if( flags & SLAP_LDAPDN_PRETTY ) {
transf = ad->ad_type->sat_syntax->ssyn_pretty;
ava->la_value = bv;
ava->la_flags |= LDAP_AVA_FREE_VALUE;
}
+ }
+ rc = LDAP_SUCCESS;
- if( do_sort ) AVA_Sort( rdn, iAVA );
+ if ( do_sort ) {
+ rc = AVA_Sort( rdn, iAVA );
}
- return LDAP_SUCCESS;
+
+ return rc;
}
/*
assert( dn != NULL );
for ( iRDN = 0; dn[ iRDN ]; iRDN++ ) {
- LDAPRDN rdn = dn[ iRDN ];
- int iAVA;
-
- assert( rdn != NULL );
-
- for ( iAVA = 0; rdn[ iAVA ]; iAVA++ ) {
- LDAPAVA *ava = rdn[ iAVA ];
- AttributeDescription *ad;
- slap_syntax_validate_func *validf = NULL;
- slap_mr_normalize_func *normf = NULL;
- slap_syntax_transform_func *transf = NULL;
- MatchingRule *mr = NULL;
- struct berval bv = BER_BVNULL;
- int do_sort = 0;
-
- assert( ava != NULL );
-
- if ( ( ad = AVA_PRIVATE( ava ) ) == NULL ) {
- const char *text = NULL;
-
- rc = slap_bv2ad( &ava->la_attr, &ad, &text );
- if ( rc != LDAP_SUCCESS ) {
- rc = slap_bv2undef_ad( &ava->la_attr,
- &ad, &text,
- SLAP_AD_PROXIED|slap_DN_strict );
- if ( rc != LDAP_SUCCESS ) {
- return LDAP_INVALID_SYNTAX;
- }
- }
-
- ava->la_private = ( void * )ad;
- do_sort = 1;
- }
-
- /*
- * Replace attr oid/name with the canonical name
- */
- ava->la_attr = ad->ad_cname;
-
- if( ava->la_flags & LDAP_AVA_BINARY ) {
- if( ava->la_value.bv_len == 0 ) {
- /* BER encoding is empty */
- return LDAP_INVALID_SYNTAX;
- }
-
- /* AVA is binary encoded, don't muck with it */
- } else if( flags & SLAP_LDAPDN_PRETTY ) {
- transf = ad->ad_type->sat_syntax->ssyn_pretty;
- if( !transf ) {
- validf = ad->ad_type->sat_syntax->ssyn_validate;
- }
- } else { /* normalization */
- validf = ad->ad_type->sat_syntax->ssyn_validate;
- mr = ad->ad_type->sat_equality;
- if( mr && (!( mr->smr_usage & SLAP_MR_MUTATION_NORMALIZER ))) {
- normf = mr->smr_normalize;
- }
- }
-
- if ( validf ) {
- /* validate value before normalization */
- rc = ( *validf )( ad->ad_type->sat_syntax,
- ava->la_value.bv_len
- ? &ava->la_value
- : (struct berval *) &slap_empty_bv );
-
- if ( rc != LDAP_SUCCESS ) {
- return LDAP_INVALID_SYNTAX;
- }
- }
-
- if ( transf ) {
- /*
- * transform value by pretty function
- * if value is empty, use empty_bv
- */
- rc = ( *transf )( ad->ad_type->sat_syntax,
- ava->la_value.bv_len
- ? &ava->la_value
- : (struct berval *) &slap_empty_bv,
- &bv, ctx );
-
- if ( rc != LDAP_SUCCESS ) {
- return LDAP_INVALID_SYNTAX;
- }
- }
-
- if ( normf ) {
- /*
- * normalize value
- * if value is empty, use empty_bv
- */
- rc = ( *normf )(
- SLAP_MR_VALUE_OF_ASSERTION_SYNTAX,
- ad->ad_type->sat_syntax,
- mr,
- ava->la_value.bv_len
- ? &ava->la_value
- : (struct berval *) &slap_empty_bv,
- &bv, ctx );
-
- if ( rc != LDAP_SUCCESS ) {
- return LDAP_INVALID_SYNTAX;
- }
- }
-
-
- if( bv.bv_val ) {
- if ( ava->la_flags & LDAP_AVA_FREE_VALUE )
- ber_memfree_x( ava->la_value.bv_val, ctx );
- ava->la_value = bv;
- ava->la_flags |= LDAP_AVA_FREE_VALUE;
- }
-
- if( do_sort ) AVA_Sort( rdn, iAVA );
+ rc = LDAPRDN_rewrite( dn[ iRDN ], flags, ctx );
+ if ( rc != LDAP_SUCCESS ) {
+ return rc;
}
}
return -1;
}
-#ifdef HAVE_TLS
/*
* Convert an X.509 DN into a normalized LDAP DN
*/
int rc = ldap_X509dn2bv( x509_name, out, LDAPDN_rewrite, 0 );
Debug( LDAP_DEBUG_TRACE,
- "dnX509Normalize: <%s>\n", out->bv_val, 0, 0 );
+ "dnX509Normalize: <%s> (%d)\n",
+ BER_BVISNULL( out ) ? "(null)" : out->bv_val, rc, 0 );
return rc;
}
+#ifdef HAVE_TLS
/*
* Get the TLS session's peer's DN into a normalized LDAP DN
*/
projects / openldap / blobdiff