X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;ds=sidebyside;f=servers%2Fslapd%2Fdn.c;h=647468d92bffc5ba5804596c44278e2870f6b271;hb=e3b1020e7558dff26d8c87ebb2746f197775c24f;hp=52cbb6e8be93aabf48df95a86c9d2fc86c5db80b;hpb=bc1cd9514938a3deb121c0b8afe5ee2c4dab5113;p=openldap diff --git a/servers/slapd/dn.c b/servers/slapd/dn.c index 52cbb6e8be..647468d92b 100644 --- a/servers/slapd/dn.c +++ b/servers/slapd/dn.c @@ -1,7 +1,7 @@ /* dn.c - routines for dealing with distinguished names */ /* $OpenLDAP$ */ /* - * Copyright 1998-2002 The OpenLDAP Foundation, All Rights Reserved. + * Copyright 1998-2003 The OpenLDAP Foundation, All Rights Reserved. * COPYING RESTRICTIONS APPLY, see COPYRIGHT file */ @@ -18,7 +18,7 @@ #include "slap.h" -#define SLAP_LDAPDN_PRETTY 0x1 +#include "lutil.h" /* * The DN syntax-related functions take advantage of the dn representation @@ -111,24 +111,30 @@ dnValidate( assert( in ); if ( in->bv_len == 0 ) { - return( LDAP_SUCCESS ); + return LDAP_SUCCESS; + + } else if ( in->bv_len > SLAP_LDAPDN_MAXLEN ) { + return LDAP_INVALID_SYNTAX; + } + + rc = ldap_bv2dn( in, &dn, LDAP_DN_FORMAT_LDAP ); + if ( rc != LDAP_SUCCESS ) { + return LDAP_INVALID_SYNTAX; } - rc = ldap_str2dn( in->bv_val, &dn, LDAP_DN_FORMAT_LDAP ); + assert( strlen( in->bv_val ) == in->bv_len ); /* * Schema-aware validate */ - if ( rc == LDAP_SUCCESS ) { - rc = LDAPDN_validate( dn ); - ldap_dnfree( dn ); - } - + rc = LDAPDN_validate( dn ); + ldap_dnfree( dn ); + if ( rc != LDAP_SUCCESS ) { - return( LDAP_INVALID_SYNTAX ); + return LDAP_INVALID_SYNTAX; } - return( LDAP_SUCCESS ); + return LDAP_SUCCESS; } /* @@ -139,6 +145,9 @@ dnValidate( * (use memcmp, which implies alphabetical order in case of IA5 value; * this should guarantee the repeatability of the operation). * + * Note: the sorting can be slightly improved by sorting first + * by attribute type length, then by alphabetical order. + * * uses a linear search; should be fine since the number of AVAs in * a RDN should be limited. */ @@ -192,8 +201,8 @@ AVA_Sort( LDAPRDN *rdn, int iAVA ) } ava = rdn[ 0 ][ i ]; - a = strcmp( ava_in->la_value.bv_val, - ava->la_value.bv_val ); + a = strcmp( ava_in->la_attr.bv_val, + ava->la_attr.bv_val ); } /* @@ -229,8 +238,12 @@ LDAPDN_rewrite( LDAPDN *dn, unsigned flags ) for ( iAVA = 0; rdn[ 0 ][ iAVA ]; iAVA++ ) { LDAPAVA *ava = rdn[ 0 ][ iAVA ]; AttributeDescription *ad; + slap_syntax_validate_func *validf = NULL; +#ifdef SLAP_NVALUES + slap_mr_normalize_func *normf = NULL; +#endif slap_syntax_transform_func *transf = NULL; - MatchingRule *mr; + MatchingRule *mr = NULL; struct berval bv = { 0, NULL }; int do_sort = 0; @@ -253,34 +266,86 @@ LDAPDN_rewrite( LDAPDN *dn, unsigned flags ) */ ava->la_attr = ad->ad_cname; - if( flags & SLAP_LDAPDN_PRETTY ) { + if( ava->la_flags & LDAP_AVA_BINARY ) { + /* AVA is binary encoded, don't muck with it */ + } else if( flags & SLAP_LDAPDN_PRETTY ) { transf = ad->ad_type->sat_syntax->ssyn_pretty; - mr = NULL; - } else { - transf = ad->ad_type->sat_syntax->ssyn_normalize; + if( !transf ) { + validf = ad->ad_type->sat_syntax->ssyn_validate; + } + } else { /* normalization */ + validf = ad->ad_type->sat_syntax->ssyn_validate; mr = ad->ad_type->sat_equality; +#ifdef SLAP_NVALUES + if( mr ) normf = mr->smr_normalize; +#else + transf = ad->ad_type->sat_syntax->ssyn_normalize; +#endif + } + + if ( validf ) { + /* validate value before normalization */ + rc = ( *validf )( ad->ad_type->sat_syntax, + ava->la_value.bv_len + ? &ava->la_value + : (struct berval *) &slap_empty_bv ); + + if ( rc != LDAP_SUCCESS ) { + return LDAP_INVALID_SYNTAX; + } } if ( transf ) { /* +#ifdef SLAP_NVALUES + * transform value by pretty function +#else * transform value by normalize/pretty function +#endif + * if value is empty, use empty_bv */ rc = ( *transf )( ad->ad_type->sat_syntax, - &ava->la_value, &bv ); + ava->la_value.bv_len + ? &ava->la_value + : (struct berval *) &slap_empty_bv, + &bv ); if ( rc != LDAP_SUCCESS ) { return LDAP_INVALID_SYNTAX; } } +#ifdef SLAP_NVALUES + if ( normf ) { + /* + * normalize value + * if value is empty, use empty_bv + */ + rc = ( *normf )( + 0, + ad->ad_type->sat_syntax, + mr, + ava->la_value.bv_len + ? &ava->la_value + : (struct berval *) &slap_empty_bv, + &bv ); + + if ( rc != LDAP_SUCCESS ) { + return LDAP_INVALID_SYNTAX; + } + } + +#else if( mr && ( mr->smr_usage & SLAP_MR_DN_FOLD ) ) { char *s = bv.bv_val; - ber_str2bv( UTF8normalize( bv.bv_val ? &bv - : &ava->la_value, LDAP_UTF8_CASEFOLD ), - 0, 0, &bv ); + if ( UTF8bvnormalize( &bv, &bv, + LDAP_UTF8_CASEFOLD ) == NULL ) { + return LDAP_INVALID_SYNTAX; + } free( s ); } +#endif if( bv.bv_val ) { free( ava->la_value.bv_val ); @@ -294,34 +359,20 @@ LDAPDN_rewrite( LDAPDN *dn, unsigned flags ) return LDAP_SUCCESS; } -/* - * dn normalize routine - */ int +#ifdef SLAP_NVALUES dnNormalize( - Syntax *syntax, - struct berval *val, - struct berval **normalized ) -{ - struct berval *out; - int rc; - - assert( normalized && *normalized == NULL ); - - out = ch_malloc( sizeof( struct berval ) ); - rc = dnNormalize2( syntax, val, out ); - if ( rc != LDAP_SUCCESS ) - free( out ); - else - *normalized = out; - return rc; -} - -int -dnNormalize2( - Syntax *syntax, - struct berval *val, - struct berval *out ) + slap_mask_t use, + Syntax *syntax, + MatchingRule *mr, + struct berval *val, + struct berval *out ) +#else +dnNormalize( + Syntax *syntax, + struct berval *val, + struct berval *out ) +#endif { assert( val ); assert( out ); @@ -335,11 +386,13 @@ dnNormalize2( /* * Go to structural representation */ - rc = ldap_str2dn( val->bv_val, &dn, LDAP_DN_FORMAT_LDAP ); + rc = ldap_bv2dn( val, &dn, LDAP_DN_FORMAT_LDAP ); if ( rc != LDAP_SUCCESS ) { return LDAP_INVALID_SYNTAX; } + assert( strlen( val->bv_val ) == val->bv_len ); + /* * Schema-aware rewrite */ @@ -351,7 +404,8 @@ dnNormalize2( /* * Back to string representation */ - rc = ldap_dn2bv( dn, out, LDAP_DN_FORMAT_LDAPV3 ); + rc = ldap_dn2bv( dn, out, + LDAP_DN_FORMAT_LDAPV3 | LDAP_DN_PRETTY ); ldap_dnfree( dn ); @@ -367,6 +421,7 @@ dnNormalize2( return LDAP_SUCCESS; } +#if 0 /* * dn "pretty"ing routine */ @@ -389,6 +444,7 @@ dnPretty( *pretty = out; return rc; } +#endif int dnPretty2( @@ -399,18 +455,30 @@ dnPretty2( assert( val ); assert( out ); +#ifdef NEW_LOGGING + LDAP_LOG( OPERATION, ARGS, ">>> dnPretty: <%s>\n", val->bv_val, 0, 0 ); +#else Debug( LDAP_DEBUG_TRACE, ">>> dnPretty: <%s>\n", val->bv_val, 0, 0 ); +#endif - if ( val->bv_len != 0 ) { + if ( val->bv_len == 0 ) { + ber_dupbv( out, val ); + + } else if ( val->bv_len > SLAP_LDAPDN_MAXLEN ) { + return LDAP_INVALID_SYNTAX; + + } else { LDAPDN *dn = NULL; int rc; /* FIXME: should be liberal in what we accept */ - rc = ldap_str2dn( val->bv_val, &dn, LDAP_DN_FORMAT_LDAP ); + rc = ldap_bv2dn( val, &dn, LDAP_DN_FORMAT_LDAP ); if ( rc != LDAP_SUCCESS ) { return LDAP_INVALID_SYNTAX; } + assert( strlen( val->bv_val ) == val->bv_len ); + /* * Schema-aware rewrite */ @@ -431,8 +499,6 @@ dnPretty2( if ( rc != LDAP_SUCCESS ) { return LDAP_INVALID_SYNTAX; } - } else { - ber_dupbv( out, val ); } Debug( LDAP_DEBUG_TRACE, "<<< dnPretty: <%s>\n", out->bv_val, 0, 0 ); @@ -440,6 +506,60 @@ dnPretty2( return LDAP_SUCCESS; } +int +dnPrettyNormalDN( + Syntax *syntax, + struct berval *val, + LDAPDN **dn, + int flags ) +{ + assert( val ); + assert( dn ); + +#ifdef NEW_LOGGING + LDAP_LOG( OPERATION, ARGS, ">>> dn%sDN: <%s>\n", + flags == SLAP_LDAPDN_PRETTY ? "Pretty" : "Normal", + val->bv_val, 0 ); +#else + Debug( LDAP_DEBUG_TRACE, ">>> dn%sDN: <%s>\n", + flags == SLAP_LDAPDN_PRETTY ? "Pretty" : "Normal", + val->bv_val, 0 ); +#endif + + if ( val->bv_len == 0 ) { + return LDAP_SUCCESS; + + } else if ( val->bv_len > SLAP_LDAPDN_MAXLEN ) { + return LDAP_INVALID_SYNTAX; + + } else { + int rc; + + /* FIXME: should be liberal in what we accept */ + rc = ldap_bv2dn( val, dn, LDAP_DN_FORMAT_LDAP ); + if ( rc != LDAP_SUCCESS ) { + return LDAP_INVALID_SYNTAX; + } + + assert( strlen( val->bv_val ) == val->bv_len ); + + /* + * Schema-aware rewrite + */ + if ( LDAPDN_rewrite( *dn, flags ) != LDAP_SUCCESS ) { + ldap_dnfree( *dn ); + *dn = NULL; + return LDAP_INVALID_SYNTAX; + } + } + + Debug( LDAP_DEBUG_TRACE, "<<< dn%sDN\n", + flags == SLAP_LDAPDN_PRETTY ? "Pretty" : "Normal", + 0, 0 ); + + return LDAP_SUCCESS; +} + /* * Combination of both dnPretty and dnNormalize */ @@ -450,13 +570,25 @@ dnPrettyNormal( struct berval *pretty, struct berval *normal) { +#ifdef NEW_LOGGING + LDAP_LOG ( OPERATION, ENTRY, ">>> dnPrettyNormal: <%s>\n", val->bv_val, 0, 0 ); +#else Debug( LDAP_DEBUG_TRACE, ">>> dnPrettyNormal: <%s>\n", val->bv_val, 0, 0 ); +#endif assert( val ); assert( pretty ); assert( normal ); - if ( val->bv_len != 0 ) { + if ( val->bv_len == 0 ) { + ber_dupbv( pretty, val ); + ber_dupbv( normal, val ); + + } else if ( val->bv_len > SLAP_LDAPDN_MAXLEN ) { + /* too big */ + return LDAP_INVALID_SYNTAX; + + } else { LDAPDN *dn = NULL; int rc; @@ -466,11 +598,13 @@ dnPrettyNormal( normal->bv_len = 0; /* FIXME: should be liberal in what we accept */ - rc = ldap_str2dn( val->bv_val, &dn, LDAP_DN_FORMAT_LDAP ); + rc = ldap_bv2dn( val, &dn, LDAP_DN_FORMAT_LDAP ); if ( rc != LDAP_SUCCESS ) { return LDAP_INVALID_SYNTAX; } + assert( strlen( val->bv_val ) == val->bv_len ); + /* * Schema-aware rewrite */ @@ -495,7 +629,8 @@ dnPrettyNormal( return LDAP_INVALID_SYNTAX; } - rc = ldap_dn2bv( dn, normal, LDAP_DN_FORMAT_LDAPV3 ); + rc = ldap_dn2bv( dn, normal, + LDAP_DN_FORMAT_LDAPV3 | LDAP_DN_PRETTY ); ldap_dnfree( dn ); if ( rc != LDAP_SUCCESS ) { @@ -504,13 +639,15 @@ dnPrettyNormal( pretty->bv_len = 0; return LDAP_INVALID_SYNTAX; } - } else { - ber_dupbv( pretty, val ); - ber_dupbv( normal, val ); } +#ifdef NEW_LOGGING + LDAP_LOG (OPERATION, RESULTS, "<<< dnPrettyNormal: <%s>, <%s>\n", + pretty->bv_val, normal->bv_val, 0 ); +#else Debug( LDAP_DEBUG_TRACE, "<<< dnPrettyNormal: <%s>, <%s>\n", pretty->bv_val, normal->bv_val, 0 ); +#endif return LDAP_SUCCESS; } @@ -537,13 +674,13 @@ dnMatch( match = value->bv_len - asserted->bv_len; if ( match == 0 ) { - match = strcmp( value->bv_val, asserted->bv_val ); + match = memcmp( value->bv_val, asserted->bv_val, + value->bv_len ); } #ifdef NEW_LOGGING - LDAP_LOG(( "schema", LDAP_LEVEL_ENTRY, - "dnMatch: %d\n %s\n %s\n", match, - value->bv_val, asserted->bv_val )); + LDAP_LOG( CONFIG, ENTRY, "dnMatch: %d\n %s\n %s\n", + match, value->bv_val, asserted->bv_val ); #else Debug( LDAP_DEBUG_ARGS, "dnMatch %d\n\t\"%s\"\n\t\"%s\"\n", match, value->bv_val, asserted->bv_val ); @@ -553,154 +690,36 @@ dnMatch( return( LDAP_SUCCESS ); } -#ifdef SLAP_DN_MIGRATION -/* - * these routines are provided for migration purposes only! - * dn_validate is deprecated in favor of dnValidate - * dn_normalize is deprecated in favor of dnNormalize - * strcmp/strcasecmp for DNs is deprecated in favor of dnMatch - * - * other routines are likewise deprecated but may not yet have - * replacement functions. - */ - -/* - * dn_validate - validate and compress dn. the dn is - * compressed in place are returned if valid. - * Deprecated in favor of dnValidate() - */ -char * -dn_validate( char *dn ) -{ - struct berval val; - struct berval *pretty = NULL; - int rc; - - if ( dn == NULL || dn[0] == '\0' ) { - return dn; - } - - val.bv_val = dn; - val.bv_len = strlen( dn ); - - rc = dnPretty( NULL, &val, &pretty ); - if ( rc != LDAP_SUCCESS ) { - return NULL; - } - - if ( val.bv_len < pretty->bv_len ) { - ber_bvfree( pretty ); - return NULL; - } - - AC_MEMCPY( dn, pretty->bv_val, pretty->bv_len + 1 ); - ber_bvfree( pretty ); - - return dn; -} - -/* - * dn_normalize - put dn into a canonical form suitable for storing - * in a hash database. this involves normalizing the case as well as - * the format. the dn is normalized in place as well as returned if valid. - * Deprecated in favor of dnNormalize() - */ -char * -dn_normalize( char *dn ) -{ - struct berval val; - struct berval *normalized = NULL; - int rc; - - if ( dn == NULL || dn[0] == '\0' ) { - return dn; - } - - val.bv_val = dn; - val.bv_len = strlen( dn ); - - rc = dnNormalize( NULL, &val, &normalized ); - if ( rc != LDAP_SUCCESS ) { - return NULL; - } - - if ( val.bv_len < normalized->bv_len ) { - ber_bvfree( normalized ); - return NULL; - } - - AC_MEMCPY( dn, normalized->bv_val, normalized->bv_len + 1 ); - ber_bvfree( normalized ); - - return dn; -} - /* * dnParent - dn's parent, in-place + * + * note: the incoming dn is assumed to be normalized/prettyfied, + * so that escaped rdn/ava separators are in '\'+hexpair form */ -int +void dnParent( - const char *dn, - const char **pdn ) + struct berval *dn, + struct berval *pdn ) { - const char *p; - int rc; + char *p; - rc = ldap_str2rdn( dn, NULL, & (char *) p, LDAP_DN_FORMAT_LDAP | LDAP_DN_SKIP ); - if ( rc != LDAP_SUCCESS ) { - return rc; - } + p = strchr( dn->bv_val, ',' ); - /* Parent is root */ - if (*p == '\0') { - *pdn = ""; - return LDAP_SUCCESS; + /* one-level dn */ + if ( p == NULL ) { + pdn->bv_len = 0; + pdn->bv_val = dn->bv_val + dn->bv_len; + return; } assert( DN_SEPARATOR( p[ 0 ] ) ); p++; - while ( ASCII_SPACE( p[ 0 ] ) ) { - p++; - } - - *pdn = p; - - return LDAP_SUCCESS; -} - -/* - * dn_parent - return the dn's parent, in-place - * FIXME: should be replaced by dnParent() - */ -char * -dn_parent( - Backend *be, - const char *dn ) -{ - const char *pdn; - - if ( dn == NULL ) { - return NULL; - } - - while ( dn[ 0 ] != '\0' && ASCII_SPACE( dn[ 0 ] ) ) { - dn++; - } - - if ( dn[ 0 ] == '\0' ) { - return NULL; - } + assert( ATTR_LEADCHAR( p[ 0 ] ) ); + pdn->bv_val = p; + pdn->bv_len = dn->bv_len - (p - dn->bv_val); - if ( be != NULL && be_issuffix( be, dn ) ) { - return NULL; - } - - if ( dnParent( dn, &pdn ) != LDAP_SUCCESS ) { - return NULL; - } - - return ( char * )pdn; + return; } int @@ -719,12 +738,13 @@ dnExtractRdn( return LDAP_OTHER; } - rc = ldap_str2rdn( dn->bv_val, &tmpRDN, &(char *)p, LDAP_DN_FORMAT_LDAP ); + rc = ldap_bv2rdn( dn, &tmpRDN, (char **)&p, LDAP_DN_FORMAT_LDAP ); if ( rc != LDAP_SUCCESS ) { return rc; } - rc = ldap_rdn2bv( tmpRDN, rdn, LDAP_DN_FORMAT_LDAPV3 ); + rc = ldap_rdn2bv( tmpRDN, rdn, LDAP_DN_FORMAT_LDAPV3 | LDAP_DN_PRETTY ); + ldap_rdnfree( tmpRDN ); if ( rc != LDAP_SUCCESS ) { return rc; @@ -734,14 +754,13 @@ dnExtractRdn( } /* - * FIXME: should be replaced by dnExtractRdn() (together with dn_rdn) + * We can assume the input is a prettied or normalized DN */ int dn_rdnlen( Backend *be, struct berval *dn_in ) { - int rc; const char *p; assert( dn_in ); @@ -754,189 +773,13 @@ dn_rdnlen( return 0; } - if ( be != NULL && be_issuffix( be, dn_in->bv_val ) ) { + if ( be != NULL && be_issuffix( be, dn_in ) ) { return 0; } - rc = ldap_str2rdn( dn_in->bv_val, NULL, &(char *)p, - LDAP_DN_FORMAT_LDAP | LDAP_DN_SKIP ); - if ( rc != LDAP_SUCCESS ) { - return 0; - } + p = strchr( dn_in->bv_val, ',' ); - return p - dn_in->bv_val; -} - -/* - * FIXME: should be replaced by dnExtractRdn() (together with dn_rdnlen) - */ -char * dn_rdn( - Backend *be, - struct berval *dn_in ) -{ - struct berval rdn; - - assert( dn_in ); - - if ( dn_in == NULL ) { - return NULL; - } - - if ( !dn_in->bv_len ) { - return NULL; - } - - if ( be != NULL && be_issuffix( be, dn_in->bv_val ) ) { - return NULL; - } - - if ( dnExtractRdn( dn_in, &rdn ) != LDAP_SUCCESS ) { - return NULL; - } - - return rdn.bv_val; -} - -/* - * dn_issuffix - tells whether suffix is a suffix of dn. - * Both dn and suffix must be normalized. - * deprecated in favor of dnIsSuffix() - */ -int -dn_issuffix( - const char *dn, - const char *suffix -) -{ - struct berval bvdn, bvsuffix; - - assert( dn ); - assert( suffix ); - - bvdn.bv_val = (char *) dn; - bvdn.bv_len = strlen( dn ); - bvsuffix.bv_val = (char *) suffix; - bvsuffix.bv_len = strlen( suffix ); - - return dnIsSuffix( &bvdn, &bvsuffix ); -} - -/* rdn_attr_type: - * - * Given a string (i.e. an rdn) of the form: - * "attribute_type = attribute_value" - * this function returns the type of an attribute, that is the - * string "attribute_type" which is placed in newly allocated - * memory. The returned string will be null-terminated. - * - * Deprecated - */ - -char * rdn_attr_type( const char * s ) -{ - char **attrs = NULL, **values = NULL, *retval; - - if ( rdn_attrs( s, &attrs, &values ) != LDAP_SUCCESS ) { - return NULL; - } - - retval = ch_strdup( attrs[ 0 ] ); - - charray_free( attrs ); - charray_free( values ); - - return retval; -} - - -/* rdn_attr_value: - * - * Given a string (i.e. an rdn) of the form: - * "attribute_type = attribute_value" - * this function returns "attribute_type" which is placed in newly allocated - * memory. The returned string will be null-terminated and may contain - * spaces (i.e. "John Doe\0"). - * - * Deprecated - */ - -char * -rdn_attr_value( const char * rdn ) -{ - char **values = NULL, *retval; - - if ( rdn_attrs( rdn, NULL, &values ) != LDAP_SUCCESS ) { - return NULL; - } - - retval = ch_strdup( values[ 0 ] ); - - charray_free( values ); - - return retval; -} - - -/* rdn_attrs: - * - * Given a string (i.e. an rdn) of the form: - * "attribute_type=attribute_value[+attribute_type=attribute_value[...]]" - * this function stores the types of the attributes in ptypes, that is the - * array of strings "attribute_type" which is placed in newly allocated - * memory, and the values of the attributes in pvalues, that is the - * array of strings "attribute_value" which is placed in newly allocated - * memory. Returns 0 on success, -1 on failure. - * - * note: got part of the code from dn_validate - * - * Deprecated; directly use LDAPRDN from ldap_str2rdn - */ -int -rdn_attrs( const char * rdn, char ***types, char ***values) -{ - LDAPRDN *tmpRDN; - const char *p; - int iAVA; - int rc; - - assert( rdn ); - assert( values ); - assert( *values == NULL ); - assert( types == NULL || *types == NULL ); - - rc = ldap_str2rdn( rdn, &tmpRDN, &(char *)p, LDAP_DN_FORMAT_LDAP ); - if ( rc != LDAP_SUCCESS ) { - return rc; - } - -#if 0 - /* - * FIXME: should we complain if the rdn is actually a dn? - */ - if ( p[ 0 ] != '\0' ) { - ldap_rdnfree( tmpRDN ); - return LDAP_INVALID_DN_SYNTAX; - } -#endif - - for ( iAVA = 0; tmpRDN[ 0 ][ iAVA ]; iAVA++ ) { - LDAPAVA *ava = tmpRDN[ 0 ][ iAVA ]; - - assert( ava ); - assert( ava->la_attr.bv_val ); - assert( ava->la_value.bv_val ); - - if ( types ) { - charray_add_n( types, ava->la_attr.bv_val, - ava->la_attr.bv_len ); - } - charray_add_n( values, ava->la_value.bv_val, - ava->la_value.bv_len ); - } - - ldap_rdnfree( tmpRDN ); - - return LDAP_SUCCESS; + return p ? p - dn_in->bv_val : dn_in->bv_len; } @@ -953,7 +796,9 @@ rdnValidate( struct berval *rdn ) * input is a pretty or normalized DN * hence, we can just search for ',' */ - if( rdn == NULL || rdn->bv_len == 0 ) { + if( rdn == NULL || rdn->bv_len == 0 || + rdn->bv_len > SLAP_LDAPDN_MAXLEN ) + { return LDAP_INVALID_SYNTAX; } @@ -975,7 +820,7 @@ rdnValidate( struct berval *rdn ) /* * must be parsable */ - rc = ldap_str2rdn( rdn, &RDN, &p, LDAP_DN_FORMAT_LDAP ); + rc = ldap_bv2rdn( rdn, &RDN, (char **)&p, LDAP_DN_FORMAT_LDAP ); if ( rc != LDAP_SUCCESS ) { return 0; } @@ -1026,12 +871,11 @@ build_new_dn( struct berval * new_dn, new_dn->bv_len = parent_dn->bv_len + newrdn->bv_len + 1; new_dn->bv_val = (char *) ch_malloc( new_dn->bv_len + 1 ); - ptr = slap_strcopy( new_dn->bv_val, newrdn->bv_val ); + ptr = lutil_strcopy( new_dn->bv_val, newrdn->bv_val ); *ptr++ = ','; strcpy( ptr, parent_dn->bv_val ); } -#endif /* SLAP_DN_MIGRATION */ /* * dnIsSuffix - tells whether suffix is a suffix of dn. @@ -1058,8 +902,7 @@ dnIsSuffix( } /* no rdn separator or escaped rdn separator */ - if ( d > 1 && ( !DN_SEPARATOR( dn->bv_val[ d - 1 ] ) - || DN_ESCAPE( dn->bv_val[ d - 2 ] ) ) ) { + if ( d > 1 && !DN_SEPARATOR( dn->bv_val[ d - 1 ] ) ) { return 0; } @@ -1071,3 +914,25 @@ dnIsSuffix( /* compare */ return( strcmp( dn->bv_val + d, suffix->bv_val ) == 0 ); } + +#ifdef HAVE_TLS +/* + * Convert an X.509 DN into a normalized LDAP DN + */ +int +dnX509normalize( void *x509_name, struct berval *out ) +{ + /* Invoke the LDAP library's converter with our schema-rewriter */ + return ldap_X509dn2bv( x509_name, out, LDAPDN_rewrite, 0 ); +} + +/* + * Get the TLS session's peer's DN into a normalized LDAP DN + */ +int +dnX509peerNormalize( void *ssl, struct berval *dn ) +{ + + return ldap_pvt_tls_get_peer_dn( ssl, dn, (LDAPDN_rewrite_dummy *)LDAPDN_rewrite, 0 ); +} +#endif