X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=libraries%2Flibldap%2Fgetdn.c;h=4dd2279ee5fd0ab31748b52fb4eca7e39aa5c5cf;hb=70092b38fb23b9141a2b8414fb5a9c5200f3c12d;hp=8be043f9d667e35896be9fe427ed8016d9bf3c6c;hpb=b7be02282492de76b4d11baa418ceae996a1fee2;p=openldap diff --git a/libraries/libldap/getdn.c b/libraries/libldap/getdn.c index 8be043f9d6..4dd2279ee5 100644 --- a/libraries/libldap/getdn.c +++ b/libraries/libldap/getdn.c @@ -1,6 +1,6 @@ /* $OpenLDAP$ */ /* - * Copyright 1998-2000 The OpenLDAP Foundation, All Rights Reserved. + * Copyright 1998-2002 The OpenLDAP Foundation, All Rights Reserved. * COPYING RESTRICTIONS APPLY, see COPYRIGHT file */ /* Portions @@ -25,13 +25,10 @@ /* extension to UFN that turns trailing "dc=value" rdns in DNS style, * e.g. "ou=People,dc=openldap,dc=org" => "People, openldap.org" */ #define DC_IN_UFN -/* #define PRETTY_ESCAPE */ - -/* from libraries/libldap/schema.c */ -extern char * parse_numericoid(const char **sp, int *code, const int flags); +#define PRETTY_ESCAPE /* parsing/printing routines */ -static int str2strval( const char *str, struct berval *val, +static int str2strval( const char *str, ber_len_t stoplen, struct berval *val, const char **next, unsigned flags, unsigned *retFlags ); static int DCE2strval( const char *str, struct berval *val, const char **next, unsigned flags ); @@ -87,12 +84,15 @@ ldap_get_dn( LDAP *ld, LDAPMessage *entry ) char *dn; BerElement tmp; +#ifdef NEW_LOGGING + LDAP_LOG (( "getdn", LDAP_LEVEL_ENTRY, "ldap_get_dn\n" )); +#else Debug( LDAP_DEBUG_TRACE, "ldap_get_dn\n", 0, 0, 0 ); +#endif - if ( entry == NULL ) { - ld->ld_errno = LDAP_PARAM_ERROR; - return( NULL ); - } + assert( ld != NULL ); + assert( LDAP_VALID(ld) ); + assert( entry != NULL ); tmp = *entry->lm_ber; /* struct copy */ if ( ber_scanf( &tmp, "{a" /*}*/, &dn ) == LBER_ERROR ) { @@ -111,10 +111,14 @@ ldap_dn2ufn( LDAP_CONST char *dn ) { char *out = NULL; +#ifdef NEW_LOGGING + LDAP_LOG (( "getdn", LDAP_LEVEL_ENTRY, "ldap_dn2ufn\n" )); +#else Debug( LDAP_DEBUG_TRACE, "ldap_dn2ufn\n", 0, 0, 0 ); +#endif ( void )ldap_dn_normalize( dn, LDAP_DN_FORMAT_LDAP, - &out, LDAP_DN_FORMAT_UFN ); + &out, LDAP_DN_FORMAT_UFN ); return( out ); } @@ -130,7 +134,11 @@ ldap_explode_dn( LDAP_CONST char *dn, int notypes ) int iRDN; unsigned flag = notypes ? LDAP_DN_FORMAT_UFN : LDAP_DN_FORMAT_LDAPV3; +#ifdef NEW_LOGGING + LDAP_LOG (( "getdn", LDAP_LEVEL_ENTRY, "ldap_explode_dn\n" )); +#else Debug( LDAP_DEBUG_TRACE, "ldap_explode_dn\n", 0, 0, 0 ); +#endif if ( ldap_str2dn( dn, &tmpDN, LDAP_DN_FORMAT_LDAP ) != LDAP_SUCCESS ) { @@ -170,14 +178,18 @@ ldap_explode_rdn( LDAP_CONST char *rdn, int notypes ) const char *p; int iAVA; +#ifdef NEW_LOGGING + LDAP_LOG (( "getdn", LDAP_LEVEL_ENTRY, "ldap_explode_rdn\n" )); +#else Debug( LDAP_DEBUG_TRACE, "ldap_explode_rdn\n", 0, 0, 0 ); +#endif /* * we only parse the first rdn * FIXME: we prefer efficiency over checking if the _ENTIRE_ * dn can be parsed */ - if ( ldap_str2rdn( rdn, &tmpRDN, &p, LDAP_DN_FORMAT_LDAP ) + if ( ldap_str2rdn( rdn, &tmpRDN, (char **) &p, LDAP_DN_FORMAT_LDAP ) != LDAP_SUCCESS ) { return( NULL ); } @@ -251,7 +263,11 @@ ldap_dn2dcedn( LDAP_CONST char *dn ) { char *out = NULL; +#ifdef NEW_LOGGING + LDAP_LOG (( "getdn", LDAP_LEVEL_ENTRY, "ldap_dn2dcedn\n" )); +#else Debug( LDAP_DEBUG_TRACE, "ldap_dn2dcedn\n", 0, 0, 0 ); +#endif ( void )ldap_dn_normalize( dn, LDAP_DN_FORMAT_LDAP, &out, LDAP_DN_FORMAT_DCE ); @@ -264,7 +280,11 @@ ldap_dcedn2dn( LDAP_CONST char *dce ) { char *out = NULL; +#ifdef NEW_LOGGING + LDAP_LOG (( "getdn", LDAP_LEVEL_ENTRY, "ldap_dcedn2dn\n" )); +#else Debug( LDAP_DEBUG_TRACE, "ldap_dcedn2dn\n", 0, 0, 0 ); +#endif ( void )ldap_dn_normalize( dce, LDAP_DN_FORMAT_DCE, &out, LDAP_DN_FORMAT_LDAPV3 ); @@ -276,7 +296,11 @@ ldap_dn2ad_canonical( LDAP_CONST char *dn ) { char *out = NULL; +#ifdef NEW_LOGGING + LDAP_LOG (( "getdn", LDAP_LEVEL_ENTRY, "ldap_dn2ad_canonical\n" )); +#else Debug( LDAP_DEBUG_TRACE, "ldap_dn2ad_canonical\n", 0, 0, 0 ); +#endif ( void )ldap_dn_normalize( dn, LDAP_DN_FORMAT_LDAP, &out, LDAP_DN_FORMAT_AD_CANONICAL ); @@ -302,12 +326,17 @@ ldap_dn2ad_canonical( LDAP_CONST char *dn ) * LDAP_DN_FORMAT_AD_CANONICAL (?) */ int -ldap_dn_normalize( const char *dnin, unsigned fin, char **dnout, unsigned fout ) +ldap_dn_normalize( LDAP_CONST char *dnin, + unsigned fin, char **dnout, unsigned fout ) { int rc; LDAPDN *tmpDN = NULL; +#ifdef NEW_LOGGING + LDAP_LOG (( "getdn", LDAP_LEVEL_ENTRY, "ldap_dn_normalize\n" )); +#else Debug( LDAP_DEBUG_TRACE, "ldap_dn_normalize\n", 0, 0, 0 ); +#endif assert( dnout ); @@ -354,25 +383,21 @@ ldap_dn_normalize( const char *dnin, unsigned fin, char **dnout, unsigned fout ) */ #define LDAP_DN_ASCII_SPACE(c) \ ( (c) == ' ' || (c) == '\t' || (c) == '\n' || (c) == '\r' ) -#define LDAP_DN_ASCII_LOWER(c) ( (c) >= 'a' && (c) <= 'z' ) -#define LDAP_DN_ASCII_UPPER(c) ( (c) >= 'A' && (c) <= 'Z' ) -#define LDAP_DN_ASCII_ALPHA(c) \ - ( LDAP_DN_ASCII_LOWER(c) || LDAP_DN_ASCII_UPPER(c) ) -#define LDAP_DN_ASCII_DIGIT(c) ( (c) >= '0' && (c) <= '9' ) -#define LDAP_DN_ASCII_LCASE_HEXALPHA(c) ( (c) >= 'a' && (c) <= 'f' ) -#define LDAP_DN_ASCII_UCASE_HEXALPHA(c) ( (c) >= 'A' && (c) <= 'F' ) -#define LDAP_DN_ASCII_HEXDIGIT(c) \ - ( LDAP_DN_ASCII_DIGIT(c) \ - || LDAP_DN_ASCII_LCASE_HEXALPHA(c) \ - || LDAP_DN_ASCII_UCASE_HEXALPHA(c) ) -#define LDAP_DN_ASCII_ALNUM(c) \ - ( LDAP_DN_ASCII_ALPHA(c) || LDAP_DN_ASCII_DIGIT(c) ) +#define LDAP_DN_ASCII_LOWER(c) LDAP_LOWER(c) +#define LDAP_DN_ASCII_UPPER(c) LDAP_UPPER(c) +#define LDAP_DN_ASCII_ALPHA(c) LDAP_ALPHA(c) + +#define LDAP_DN_ASCII_DIGIT(c) LDAP_DIGIT(c) +#define LDAP_DN_ASCII_LCASE_HEXALPHA(c) LDAP_HEXLOWER(c) +#define LDAP_DN_ASCII_UCASE_HEXALPHA(c) LDAP_HEXUPPER(c) +#define LDAP_DN_ASCII_HEXDIGIT(c) LDAP_HEX(c) +#define LDAP_DN_ASCII_ALNUM(c) LDAP_ALNUM(c) #define LDAP_DN_ASCII_PRINTABLE(c) ( (c) >= ' ' && (c) <= '~' ) /* attribute type */ -#define LDAP_DN_OID_LEADCHAR(c) ( LDAP_DN_ASCII_DIGIT(c) ) -#define LDAP_DN_DESC_LEADCHAR(c) ( LDAP_DN_ASCII_ALPHA(c) ) -#define LDAP_DN_DESC_CHAR(c) ( LDAP_DN_ASCII_ALNUM(c) || (c) == '-' ) +#define LDAP_DN_OID_LEADCHAR(c) LDAP_DIGIT(c) +#define LDAP_DN_DESC_LEADCHAR(c) LDAP_ALPHA(c) +#define LDAP_DN_DESC_CHAR(c) LDAP_LDH(c) #define LDAP_DN_LANG_SEP(c) ( (c) == ';' ) #define LDAP_DN_ATTRDESC_CHAR(c) \ ( LDAP_DN_DESC_CHAR(c) || LDAP_DN_LANG_SEP(c) ) @@ -390,10 +415,12 @@ ldap_dn_normalize( const char *dnin, unsigned fin, char **dnout, unsigned fout ) #define LDAP_DN_NE(c) \ ( LDAP_DN_RDN_SEP_V2(c) || LDAP_DN_AVA_SEP(c) \ || LDAP_DN_QUOTES(c) || (c) == '<' || (c) == '>' ) +#define LDAP_DN_MAYESCAPE(c) \ + ( LDAP_DN_ESCAPE(c) || LDAP_DN_NE(c) \ + || LDAP_DN_ASCII_SPACE(c) || LDAP_DN_OCTOTHORPE(c) ) #define LDAP_DN_NEEDESCAPE(c) \ ( LDAP_DN_ESCAPE(c) || LDAP_DN_NE(c) ) -#define LDAP_DN_NEEDESCAPE_LEAD(c) \ - ( LDAP_DN_ASCII_SPACE(c) || LDAP_DN_OCTOTHORPE(c) || LDAP_DN_NE(c) ) +#define LDAP_DN_NEEDESCAPE_LEAD(c) LDAP_DN_MAYESCAPE(c) #define LDAP_DN_NEEDESCAPE_TRAIL(c) \ ( LDAP_DN_ASCII_SPACE(c) || LDAP_DN_NEEDESCAPE(c) ) #define LDAP_DN_WILLESCAPE_CHAR(c) \ @@ -540,9 +567,9 @@ ldap_avafree( LDAPAVA *ava ) #if 0 /* la_attr is now contiguous with ava, not freed separately */ - free( ava->la_attr.bv_val ); + LDAP_FREE( ava->la_attr.bv_val ); #endif - free( ava->la_value.bv_val ); + LDAP_FREE( ava->la_value.bv_val ); LDAP_FREE( ava ); } @@ -593,22 +620,51 @@ ldap_dnfree( LDAPDN *dn ) * and readable as soon as it works as expected. */ -#define TMP_SLOTS 256 +/* + * Default sizes of AVA and RDN static working arrays; if required + * the are dynamically resized. The values can be tuned in case + * of special requirements (e.g. very deep DN trees or high number + * of AVAs per RDN). + */ +#define TMP_AVA_SLOTS 8 +#define TMP_RDN_SLOTS 32 int -ldap_str2dn( const char *str, LDAPDN **dn, unsigned flags ) +ldap_str2dn( LDAP_CONST char *str, LDAPDN **dn, unsigned flags ) +{ + struct berval bv; + + assert( str ); + + bv.bv_len = strlen( str ); + bv.bv_val = (char *) str; + + return ldap_bv2dn( &bv, dn, flags ); +} + +int +ldap_bv2dn( struct berval *bv, LDAPDN **dn, unsigned flags ) { const char *p; - int rc = LDAP_INVALID_DN_SYNTAX; + int rc = LDAP_DECODING_ERROR; int nrdns = 0; LDAPDN *newDN = NULL; - LDAPRDN *newRDN = NULL, *tmpDN[TMP_SLOTS]; + LDAPRDN *newRDN = NULL, *tmpDN_[TMP_RDN_SLOTS], **tmpDN = tmpDN_; + int num_slots = TMP_RDN_SLOTS; + char *str = bv->bv_val; + char *end = str + bv->bv_len; - assert( str ); + assert( bv ); + assert( bv->bv_val ); assert( dn ); - Debug( LDAP_DEBUG_TRACE, "=> ldap_str2dn(%s,%u)\n%s", str, flags, "" ); +#ifdef NEW_LOGGING + LDAP_LOG (( "getdn", LDAP_LEVEL_ARGS, "ldap_bv2dn(%s,%u)\n%s", + str, flags, "" )); +#else + Debug( LDAP_DEBUG_TRACE, "=> ldap_bv2dn(%s,%u)\n%s", str, flags, "" ); +#endif *dn = NULL; @@ -622,14 +678,20 @@ ldap_str2dn( const char *str, LDAPDN **dn, unsigned flags ) /* unsupported in str2dn */ case LDAP_DN_FORMAT_UFN: case LDAP_DN_FORMAT_AD_CANONICAL: - return( LDAP_INVALID_DN_SYNTAX ); + return LDAP_PARAM_ERROR; + case LDAP_DN_FORMAT_LBER: default: - return( LDAP_OTHER ); + return LDAP_PARAM_ERROR; } - if ( str[ 0 ] == '\0' ) { - return( LDAP_SUCCESS ); + if ( bv->bv_len == 0 ) { + return LDAP_SUCCESS; + } + + if( memchr( bv->bv_val, '\0', bv->bv_len ) != NULL ) { + /* value must have embedded NULs */ + return LDAP_DECODING_ERROR; } p = str; @@ -643,7 +705,12 @@ ldap_str2dn( const char *str, LDAPDN **dn, unsigned flags ) goto parsing_error; } p++; - + + /* + * actually we do not want to accept by default the DCE form, + * we do not want to auto-detect it + */ +#if 0 } else if ( LDAP_DN_LDAP( flags ) ) { /* * if dn starts with '/' let's make it a DCE dn @@ -652,13 +719,16 @@ ldap_str2dn( const char *str, LDAPDN **dn, unsigned flags ) flags |= LDAP_DN_FORMAT_DCE; p++; } +#endif } - for ( ; p[ 0 ]; p++ ) { - LDAPDN *dn; + for ( ; p < end; p++ ) { int err; + struct berval tmpbv; + tmpbv.bv_len = bv->bv_len - ( p - str ); + tmpbv.bv_val = (char *)p; - err = ldap_str2rdn( p, &newRDN, &p, flags ); + err = ldap_bv2rdn( &tmpbv, &newRDN, (char **) &p, flags ); if ( err != LDAP_SUCCESS ) { goto parsing_error; } @@ -666,11 +736,11 @@ ldap_str2dn( const char *str, LDAPDN **dn, unsigned flags ) /* * We expect a rdn separator */ - if ( p[ 0 ] ) { + if ( p < end && p[ 0 ] ) { switch ( LDAP_DN_FORMAT( flags ) ) { case LDAP_DN_FORMAT_LDAPV3: if ( !LDAP_DN_RDN_SEP( p[ 0 ] ) ) { - rc = LDAP_OTHER; + rc = LDAP_DECODING_ERROR; goto parsing_error; } break; @@ -678,14 +748,14 @@ ldap_str2dn( const char *str, LDAPDN **dn, unsigned flags ) case LDAP_DN_FORMAT_LDAP: case LDAP_DN_FORMAT_LDAPV2: if ( !LDAP_DN_RDN_SEP_V2( p[ 0 ] ) ) { - rc = LDAP_OTHER; + rc = LDAP_DECODING_ERROR; goto parsing_error; } break; case LDAP_DN_FORMAT_DCE: if ( !LDAP_DN_RDN_SEP_DCE( p[ 0 ] ) ) { - rc = LDAP_OTHER; + rc = LDAP_DECODING_ERROR; goto parsing_error; } break; @@ -696,9 +766,33 @@ ldap_str2dn( const char *str, LDAPDN **dn, unsigned flags ) tmpDN[nrdns++] = newRDN; newRDN = NULL; - assert (nrdns < TMP_SLOTS); + /* + * make the static RDN array dynamically rescalable + */ + if ( nrdns == num_slots ) { + LDAPRDN **tmp; + + if ( tmpDN == tmpDN_ ) { + tmp = LDAP_MALLOC( num_slots * 2 * sizeof( LDAPRDN * ) ); + if ( tmp == NULL ) { + rc = LDAP_NO_MEMORY; + goto parsing_error; + } + AC_MEMCPY( tmp, tmpDN, num_slots * sizeof( LDAPRDN * ) ); + + } else { + tmp = LDAP_REALLOC( tmpDN, num_slots * 2 * sizeof( LDAPRDN * ) ); + if ( tmp == NULL ) { + rc = LDAP_NO_MEMORY; + goto parsing_error; + } + } + + tmpDN = tmp; + num_slots *= 2; + } - if ( p[ 0 ] == '\0' ) { + if ( p >= end || p[ 0 ] == '\0' ) { /* * the DN is over, phew */ @@ -732,12 +826,22 @@ parsing_error:; ldap_rdnfree( newRDN ); } - for (nrdns-- ;nrdns>=0; nrdns-- ) + for ( nrdns-- ;nrdns >= 0; nrdns-- ) { ldap_rdnfree( tmpDN[nrdns] ); + } return_result:; - Debug( LDAP_DEBUG_TRACE, "<= ldap_str2dn(%s,%u)=%d\n", str, flags, rc ); + if ( tmpDN != tmpDN_ ) { + LDAP_FREE( tmpDN ); + } + +#ifdef NEW_LOGGING + LDAP_LOG (( "getdn", LDAP_LEVEL_RESULTS, "<= ldap_bv2dn(%s,%u)=%d\n", + str, flags, rc )); +#else + Debug( LDAP_DEBUG_TRACE, "<= ldap_bv2dn(%s,%u)=%d\n", str, flags, rc ); +#endif *dn = newDN; return( rc ); @@ -752,12 +856,29 @@ return_result:; * corresponds to the rdn separator or to '\0' in case the string is over. */ int -ldap_str2rdn( const char *str, LDAPRDN **rdn, const char **n, unsigned flags ) +ldap_str2rdn( LDAP_CONST char *str, LDAPRDN **rdn, + char **n_in, unsigned flags ) { + struct berval bv; + + assert( str ); + assert( str[ 0 ] != '\0' ); /* FIXME: is this required? */ + + bv.bv_len = strlen( str ); + bv.bv_val = (char *) str; + + return ldap_bv2rdn( &bv, rdn, n_in, flags ); +} + +int +ldap_bv2rdn( struct berval *bv, LDAPRDN **rdn, + char **n_in, unsigned flags ) +{ + const char **n = (const char **) n_in; const char *p; int navas = 0; int state = B4AVA; - int rc = LDAP_INVALID_DN_SYNTAX; + int rc = LDAP_DECODING_ERROR; int attrTypeEncoding = LDAP_AVA_STRING, attrValueEncoding = LDAP_AVA_STRING; @@ -765,13 +886,20 @@ ldap_str2rdn( const char *str, LDAPRDN **rdn, const char **n, unsigned flags ) struct berval attrValue = { 0, NULL }; LDAPRDN *newRDN = NULL; - LDAPAVA *tmpRDN[TMP_SLOTS]; + LDAPAVA *tmpRDN_[TMP_AVA_SLOTS], **tmpRDN = tmpRDN_; + int num_slots = TMP_AVA_SLOTS; + + char *str; + ber_len_t stoplen; - assert( str ); + assert( bv ); + assert( bv->bv_len ); + assert( bv->bv_val ); assert( rdn || flags & LDAP_DN_SKIP ); assert( n ); - Debug( LDAP_DEBUG_TRACE, "=> ldap_str2rdn(%s,%u)\n%s", str, flags, "" ); + str = bv->bv_val; + stoplen = bv->bv_len; if ( rdn ) { *rdn = NULL; @@ -788,14 +916,21 @@ ldap_str2rdn( const char *str, LDAPRDN **rdn, const char **n, unsigned flags ) /* unsupported in str2dn */ case LDAP_DN_FORMAT_UFN: case LDAP_DN_FORMAT_AD_CANONICAL: - return( LDAP_INVALID_DN_SYNTAX ); + return LDAP_PARAM_ERROR; + case LDAP_DN_FORMAT_LBER: default: - return( LDAP_OTHER ); + return LDAP_PARAM_ERROR; } - if ( str[ 0 ] == '\0' ) { - return( LDAP_SUCCESS ); + if ( bv->bv_len == 0 ) { + return LDAP_SUCCESS; + + } + + if( memchr( bv->bv_val, '\0', bv->bv_len ) != NULL ) { + /* value must have embedded NULs */ + return LDAP_DECODING_ERROR; } p = str; @@ -887,7 +1022,7 @@ ldap_str2rdn( const char *str, LDAPRDN **rdn, const char **n, unsigned flags ) case B4OIDATTRTYPE: { int err = LDAP_SUCCESS; - attrType.bv_val = parse_numericoid( &p, &err, + attrType.bv_val = ldap_int_parse_numericoid( &p, &err, LDAP_SCHEMA_SKIP); if ( err != LDAP_SUCCESS ) { @@ -1044,7 +1179,12 @@ ldap_str2rdn( const char *str, LDAPRDN **rdn, const char **n, unsigned flags ) * here STRING means RFC 2253 string * FIXME: what about DCE strings? */ - state = B4STRINGVALUE; + if ( !p[ 0 ] ) { + /* empty value */ + state = GOTAVA; + } else { + state = B4STRINGVALUE; + } break; case B4BINARYVALUE: @@ -1059,7 +1199,8 @@ ldap_str2rdn( const char *str, LDAPRDN **rdn, const char **n, unsigned flags ) switch ( LDAP_DN_FORMAT( flags ) ) { case LDAP_DN_FORMAT_LDAP: case LDAP_DN_FORMAT_LDAPV3: - if ( str2strval( p, &attrValue, &p, flags, + if ( str2strval( p, stoplen - ( p - str ), + &attrValue, &p, flags, &attrValueEncoding ) ) { goto parsing_error; } @@ -1108,13 +1249,41 @@ ldap_str2rdn( const char *str, LDAPRDN **rdn, const char **n, unsigned flags ) */ ava = ldapava_new( &attrType, &attrValue, attrValueEncoding ); + if ( ava == NULL ) { rc = LDAP_NO_MEMORY; goto parsing_error; } tmpRDN[navas++] = ava; - assert(navas < TMP_SLOTS); + attrValue.bv_val = NULL; + attrValue.bv_len = 0; + + /* + * prepare room for new AVAs if needed + */ + if (navas == num_slots) { + LDAPAVA **tmp; + + if ( tmpRDN == tmpRDN_ ) { + tmp = LDAP_MALLOC( num_slots * 2 * sizeof( LDAPAVA * ) ); + if ( tmp == NULL ) { + rc = LDAP_NO_MEMORY; + goto parsing_error; + } + AC_MEMCPY( tmp, tmpRDN, num_slots * sizeof( LDAPAVA * ) ); + + } else { + tmp = LDAP_REALLOC( tmpRDN, num_slots * 2 * sizeof( LDAPAVA * ) ); + if ( tmp == NULL ) { + rc = LDAP_NO_MEMORY; + goto parsing_error; + } + } + + tmpRDN = tmp; + num_slots *= 2; + } } /* @@ -1178,24 +1347,25 @@ ldap_str2rdn( const char *str, LDAPRDN **rdn, const char **n, unsigned flags ) goto parsing_error; } } + *n = p; parsing_error:; /* They are set to NULL after they're used in an AVA */ - if ( attrType.bv_val ) { - free( attrType.bv_val ); - } if ( attrValue.bv_val ) { free( attrValue.bv_val ); } - for (navas-- ; navas>=0; navas-- ) + for ( navas-- ; navas >= 0; navas-- ) { ldap_avafree( tmpRDN[navas] ); + } return_result:; - Debug( LDAP_DEBUG_TRACE, "<= ldap_str2rdn(%*s)=%d\n", - *n - p, str, rc ); + if ( tmpRDN != tmpRDN_ ) { + LDAP_FREE( tmpRDN ); + } + if ( rdn ) { *rdn = newRDN; } @@ -1209,26 +1379,24 @@ return_result:; * '\' + HEXPAIR(p) -> unhex(p) */ static int -str2strval( const char *str, struct berval *val, const char **next, unsigned flags, unsigned *retFlags ) +str2strval( const char *str, ber_len_t stoplen, struct berval *val, const char **next, unsigned flags, unsigned *retFlags ) { - const char *p, *startPos, *endPos = NULL; - ber_len_t len, escapes, unescapes; + const char *p, *end, *startPos, *endPos = NULL; + ber_len_t len, escapes; assert( str ); assert( val ); assert( next ); *next = NULL; - - for ( startPos = p = str, escapes = 0, unescapes = 0; p[ 0 ]; p++ ) { + end = str + stoplen; + for ( startPos = p = str, escapes = 0; p < end; p++ ) { if ( LDAP_DN_ESCAPE( p[ 0 ] ) ) { p++; if ( p[ 0 ] == '\0' ) { return( 1 ); } - if ( ( p == startPos + 1 && LDAP_DN_NEEDESCAPE_LEAD( p[ 0 ] ) ) - || ( LDAP_DN_VALUE_END( p[ 1 ] ) && LDAP_DN_NEEDESCAPE_TRAIL( p[ 0 ] ) ) - || LDAP_DN_NEEDESCAPE( p[ 0 ] ) ) { + if ( LDAP_DN_MAYESCAPE( p[ 0 ] ) ) { escapes++; continue; } @@ -1255,14 +1423,18 @@ str2strval( const char *str, struct berval *val, const char **next, unsigned fla return( 1 ); } /* - * FIXME: we allow escaping + * we do not allow escaping * of chars that don't need * to and do not belong to - * HEXDIGITS (we also allow - * single hexdigit; maybe we - * shouldn't). + * HEXDIGITS */ - unescapes++; + return( 1 ); + + } else if (!LDAP_DN_ASCII_PRINTABLE( p[ 0 ] ) ) { + if ( p[ 0 ] == '\0' ) { + return( 1 ); + } + *retFlags = LDAP_AVA_NONPRINTABLE; } else if ( ( LDAP_DN_LDAP( flags ) && LDAP_DN_VALUE_END_V2( p[ 0 ] ) ) || ( LDAP_DN_LDAPV3( flags ) && LDAP_DN_VALUE_END( p[ 0 ] ) ) ) { @@ -1305,11 +1477,17 @@ str2strval( const char *str, struct berval *val, const char **next, unsigned fla /* * FIXME: test memory? */ - len = ( endPos ? endPos : p ) - startPos - escapes - unescapes; + len = ( endPos ? endPos : p ) - startPos - escapes; val->bv_len = len; - if ( escapes == 0 && unescapes == 0 ) { - val->bv_val = LDAP_STRNDUP( startPos, len ); + if ( escapes == 0 ) { + if ( *retFlags == LDAP_AVA_NONPRINTABLE ) { + val->bv_val = LDAP_MALLOC( len + 1 ); + AC_MEMCPY( val->bv_val, startPos, len ); + val->bv_val[ len ] = '\0'; + } else { + val->bv_val = LDAP_STRNDUP( startPos, len ); + } } else { ber_len_t s, d; @@ -1318,9 +1496,7 @@ str2strval( const char *str, struct berval *val, const char **next, unsigned fla for ( s = 0, d = 0; d < len; ) { if ( LDAP_DN_ESCAPE( startPos[ s ] ) ) { s++; - if ( ( s == 0 && LDAP_DN_NEEDESCAPE_LEAD( startPos[ s ] ) ) - || ( s == len - 1 && LDAP_DN_NEEDESCAPE_TRAIL( startPos[ s ] ) ) - || LDAP_DN_NEEDESCAPE( startPos[ s ] ) ) { + if ( LDAP_DN_MAYESCAPE( startPos[ s ] ) ) { val->bv_val[ d++ ] = startPos[ s++ ]; @@ -1332,12 +1508,8 @@ str2strval( const char *str, struct berval *val, const char **next, unsigned fla s += 2; } else { - /* - * we allow escaping of chars - * that do not need to - */ - val->bv_val[ d++ ] = - startPos[ s++ ]; + /* we should never get here */ + assert( 0 ); } } else { @@ -1346,7 +1518,7 @@ str2strval( const char *str, struct berval *val, const char **next, unsigned fla } val->bv_val[ d ] = '\0'; - assert( strlen( val->bv_val ) == len ); + assert( d == len ); } return( 0 ); @@ -1580,7 +1752,7 @@ quotedIA52strval( const char *str, struct berval *val, const char **next, unsign } len = endPos - startPos - escapes; - assert( len >= 0 ); + assert( endPos >= startPos + escapes ); val->bv_len = len; if ( escapes == 0 ) { val->bv_val = LDAP_STRNDUP( startPos, len ); @@ -1816,8 +1988,18 @@ strval2strlen( struct berval *val, unsigned flags, ber_len_t *len ) return( 0 ); } - for ( l = 0, p = val->bv_val; p[ 0 ]; p += cl ) { - cl = LDAP_UTF8_CHARLEN( p ); + for ( l = 0, p = val->bv_val; p < val->bv_val + val->bv_len; p += cl ) { + + /* + * escape '%x00' + */ + if ( p[ 0 ] == '\0' ) { + cl = 1; + l += 3; + continue; + } + + cl = LDAP_UTF8_CHARLEN2( p, cl ); if ( cl == 0 ) { /* illegal utf-8 char! */ return( -1 ); @@ -1826,7 +2008,7 @@ strval2strlen( struct berval *val, unsigned flags, ber_len_t *len ) ber_len_t cnt; for ( cnt = 1; cnt < cl; cnt++ ) { - if ( ( p[ cnt ] & 0x80 ) == 0x00 ) { + if ( ( p[ cnt ] & 0xc0 ) != 0x80 ) { return( -1 ); } } @@ -1836,7 +2018,11 @@ strval2strlen( struct berval *val, unsigned flags, ber_len_t *len ) || ( p == val->bv_val && LDAP_DN_NEEDESCAPE_LEAD( p[ 0 ] ) ) || ( !p[ 1 ] && LDAP_DN_NEEDESCAPE_TRAIL( p[ 0 ] ) ) ) { #ifdef PRETTY_ESCAPE +#if 0 if ( LDAP_DN_WILLESCAPE_HEX( flags, p[ 0 ] ) ) { +#else + if ( LDAP_DN_WILLESCAPE_CHAR( p[ 0 ] ) ) { +#endif /* * there might be some chars we want @@ -1885,7 +2071,26 @@ strval2str( struct berval *val, char *str, unsigned flags, ber_len_t *len ) * of the value */ for ( s = 0, d = 0, end = val->bv_len - 1; s < val->bv_len; ) { - ber_len_t cl = LDAP_UTF8_CHARLEN( &val->bv_val[ s ] ); + ber_len_t cl; + + /* + * escape '%x00' + */ + if ( val->bv_val[ s ] == '\0' ) { + cl = 1; + str[ d++ ] = '\\'; + str[ d++ ] = '0'; + str[ d++ ] = '0'; + s++; + continue; + } + + /* + * The length was checked in strval2strlen(); + * LDAP_UTF8_CHARLEN() should suffice + */ + cl = LDAP_UTF8_CHARLEN2( &val->bv_val[ s ], cl ); + assert( cl > 0 ); /* * there might be some chars we want to escape in form @@ -1893,7 +2098,11 @@ strval2str( struct berval *val, char *str, unsigned flags, ber_len_t *len ) */ if ( ( cl > 1 && !LDAP_DN_IS_PRETTY( flags ) ) #ifdef PRETTY_ESCAPE +#if 0 || LDAP_DN_WILLESCAPE_HEX( flags, val->bv_val[ s ] ) +#else + || LDAP_DN_WILLESCAPE_CHAR( val->bv_val[ s ] ) +#endif #else /* ! PRETTY_ESCAPE */ || LDAP_DN_NEEDESCAPE( val->bv_val[ s ] ) || ( d == 0 && LDAP_DN_NEEDESCAPE_LEAD( val->bv_val[ s ] ) ) @@ -2242,7 +2451,7 @@ dn2domain( LDAPDN *dn, struct berval *bv, int pos, int *iRDN ) l += ava->la_value.bv_len; } else { - AC_MEMCPY( str + ava->la_value.bv_len + 1, bv->bv_val, l); + AC_MEMCPY( str + ava->la_value.bv_len + 1, bv->bv_val + pos, l); AC_MEMCPY( str, ava->la_value.bv_val, ava->la_value.bv_len ); str[ ava->la_value.bv_len ] = '.'; @@ -2607,6 +2816,10 @@ ldap_rdn2str( LDAPRDN *rdn, char **str, unsigned flags ) assert( str ); + if((flags & LDAP_DN_FORMAT_MASK) == LDAP_DN_FORMAT_LBER) { + return LDAP_PARAM_ERROR; + } + rc = ldap_rdn2bv( rdn, &bv, flags ); *str = bv.bv_val; return rc; @@ -2635,36 +2848,36 @@ ldap_rdn2bv( LDAPRDN *rdn, struct berval *bv, unsigned flags ) switch ( LDAP_DN_FORMAT( flags ) ) { case LDAP_DN_FORMAT_LDAPV3: if ( rdn2strlen( rdn, flags, &l, strval2strlen ) ) { - return( LDAP_OTHER ); + return LDAP_DECODING_ERROR; } break; case LDAP_DN_FORMAT_LDAPV2: if ( rdn2strlen( rdn, flags, &l, strval2IA5strlen ) ) { - return( LDAP_OTHER ); + return LDAP_DECODING_ERROR; } break; case LDAP_DN_FORMAT_UFN: if ( rdn2UFNstrlen( rdn, flags, &l ) ) { - return( LDAP_OTHER ); + return LDAP_DECODING_ERROR; } break; case LDAP_DN_FORMAT_DCE: if ( rdn2DCEstrlen( rdn, flags, &l ) ) { - return( LDAP_OTHER ); + return LDAP_DECODING_ERROR; } break; case LDAP_DN_FORMAT_AD_CANONICAL: if ( rdn2ADstrlen( rdn, flags, &l ) ) { - return( LDAP_OTHER ); + return LDAP_DECODING_ERROR; } break; default: - return( LDAP_INVALID_DN_SYNTAX ); + return LDAP_PARAM_ERROR; } bv->bv_val = LDAP_MALLOC( l + 1 ); @@ -2697,18 +2910,18 @@ ldap_rdn2bv( LDAPRDN *rdn, struct berval *bv, unsigned flags ) default: /* need at least one of the previous */ - return( LDAP_OTHER ); + return LDAP_PARAM_ERROR; } if ( rc ) { ldap_memfree( bv->bv_val ); - return( LDAP_OTHER ); + return rc; } bv->bv_len = l - back; bv->bv_val[ bv->bv_len ] = '\0'; - return( LDAP_SUCCESS ); + return LDAP_SUCCESS; } /* @@ -2730,6 +2943,10 @@ int ldap_dn2str( LDAPDN *dn, char **str, unsigned flags ) assert( str ); + if((flags & LDAP_DN_FORMAT_MASK) == LDAP_DN_FORMAT_LBER) { + return LDAP_PARAM_ERROR; + } + rc = ldap_dn2bv( dn, &bv, flags ); *str = bv.bv_val; return rc; @@ -2738,7 +2955,7 @@ int ldap_dn2str( LDAPDN *dn, char **str, unsigned flags ) int ldap_dn2bv( LDAPDN *dn, struct berval *bv, unsigned flags ) { int iRDN; - int rc = LDAP_OTHER; + int rc = LDAP_ENCODING_ERROR; ber_len_t len, l; /* stringifying helpers for LDAPv3/LDAPv2 */ @@ -2746,11 +2963,15 @@ int ldap_dn2bv( LDAPDN *dn, struct berval *bv, unsigned flags ) int ( *sv2s ) ( struct berval *v, char *s, unsigned f, ber_len_t *l ); assert( bv ); - bv->bv_len = 0; bv->bv_val = NULL; +#ifdef NEW_LOGGING + LDAP_LOG (( "getdn", LDAP_LEVEL_ARGS, "=> ldap_dn2bv(%u)\n%s%s", + flags, "", "" )); +#else Debug( LDAP_DEBUG_TRACE, "=> ldap_dn2bv(%u)\n%s%s", flags, "", "" ); +#endif /* * a null dn means an empty dn string @@ -2765,13 +2986,13 @@ int ldap_dn2bv( LDAPDN *dn, struct berval *bv, unsigned flags ) case LDAP_DN_FORMAT_LDAPV3: sv2l = strval2strlen; sv2s = strval2str; - goto got_funcs; + if( 0 ) { case LDAP_DN_FORMAT_LDAPV2: - sv2l = strval2IA5strlen; - sv2s = strval2IA5str; -got_funcs: - + sv2l = strval2IA5strlen; + sv2s = strval2IA5str; + } + for ( iRDN = 0, len = 0; dn[ 0 ][ iRDN ]; iRDN++ ) { ber_len_t rdnl; LDAPRDN *rdn = dn[ 0 ][ iRDN ]; @@ -2814,7 +3035,6 @@ got_funcs: break; case LDAP_DN_FORMAT_UFN: { - /* * FIXME: quoting from RFC 1781: * @@ -2929,11 +3149,10 @@ got_funcs: #endif /* DC_IN_UFN */ rc = LDAP_SUCCESS; - break; - } - case LDAP_DN_FORMAT_DCE: + } break; + case LDAP_DN_FORMAT_DCE: for ( iRDN = 0, len = 0; dn[ 0 ][ iRDN ]; iRDN++ ) { ber_len_t rdnl; LDAPRDN *rdn = dn[ 0 ][ iRDN ]; @@ -2972,7 +3191,6 @@ got_funcs: break; case LDAP_DN_FORMAT_AD_CANONICAL: { - /* * Sort of UFN for DCE DNs: a slash ('/') separated * global->local DN with no types; strictly speaking, @@ -3029,7 +3247,7 @@ got_funcs: if ( flags & LDAP_DN_PEDANTIC ) { LDAP_FREE( bv->bv_val ); bv->bv_val = NULL; - rc = LDAP_INVALID_DN_SYNTAX; + rc = LDAP_ENCODING_ERROR; break; } @@ -3054,16 +3272,210 @@ got_funcs: bv->bv_val[ bv->bv_len ] = '\0'; rc = LDAP_SUCCESS; - break; - } + } break; default: - return( LDAP_INVALID_DN_SYNTAX ); - + return LDAP_PARAM_ERROR; } - Debug( LDAP_DEBUG_TRACE, "<= ldap_dn2bv(%s,%u)=%d\n", bv->bv_val, flags, rc ); +#ifdef NEW_LOGGING + LDAP_LOG (( "getdn", LDAP_LEVEL_RESULTS, "<= ldap_dn2bv(%s,%u)=%d\n", + bv->bv_val, flags, rc )); +#else + Debug( LDAP_DEBUG_TRACE, "<= ldap_dn2bv(%s,%u)=%d\n", + bv->bv_val, flags, rc ); +#endif + return_results:; return( rc ); } +#ifdef HAVE_TLS +#include +#include + +/* Convert a structured DN from an X.509 certificate into an LDAPV3 DN. + * x509_name must be an (X509_NAME *). If func is non-NULL, the + * constructed DN will use numeric OIDs to identify attributeTypes, + * and the func() will be invoked to rewrite the DN with the given + * flags. + * + * Otherwise the DN will use shortNames as defined in the OpenSSL + * library. + * + * It's preferable to let slapd do the OID to attributeType mapping, + * because the OpenSSL tables are known to have many typos in versions + * up to (at least) 0.9.6c. However, the LDAP client has no schema tables, + * so we're forced to use OpenSSL's mapping there. + * -- Howard Chu 2002-04-18 + */ + +int +ldap_X509dn2bv( void *x509_name, struct berval *bv, LDAPDN_rewrite_func *func, + unsigned flags ) +{ + LDAPDN *newDN; + LDAPRDN *newRDN; + LDAPAVA *newAVA, *baseAVA; + X509_NAME_ENTRY *ne; + ASN1_OBJECT *obj; + ASN1_STRING *str; + char oids[8192], *oidptr = oids, *oidbuf = NULL; + void *ptrs[2048]; + int i, j, k = 0, navas, nrdns, rc = LDAP_SUCCESS; + int set = -1; + size_t dnsize, oidrem = sizeof(oids), oidsize = 0; + int csize; + + struct berval Val; + + assert( bv ); + bv->bv_len = 0; + bv->bv_val = NULL; + + /* Get the number of AVAs. This is not necessarily the same as + * the number of RDNs. + */ + navas = X509_NAME_entry_count( x509_name ); + + /* Get the last element, to see how many RDNs there are */ + ne = X509_NAME_get_entry( x509_name, navas - 1 ); + nrdns = ne->set + 1; + + /* Allocate the DN/RDN/AVA stuff as a single block */ + dnsize = sizeof(LDAPDN) + sizeof(LDAPRDN *) * (nrdns+1); + dnsize += sizeof(LDAPRDN) * nrdns + sizeof(LDAPAVA *) * (navas+nrdns); + dnsize += sizeof(LDAPAVA) * navas; + if (dnsize > sizeof(ptrs)) { + newDN = (LDAPDN *)LDAP_MALLOC( dnsize ); + if ( newDN == NULL ) + return LDAP_NO_MEMORY; + } else { + newDN = (LDAPDN *)ptrs; + } + + newDN[0] = (LDAPRDN**)(newDN+1); + newDN[0][nrdns] = NULL; + newRDN = (LDAPRDN*)(newDN[0] + nrdns+1); + newAVA = (LDAPAVA*)(newRDN + navas + nrdns*2); + baseAVA = newAVA; + + /* Retrieve RDNs in reverse order; LDAP is backwards from X.500. */ + for ( i = nrdns - 1, j = 0; i >= 0; i-- ) { + ne = X509_NAME_get_entry( x509_name, i ); + obj = X509_NAME_ENTRY_get_object( ne ); + str = X509_NAME_ENTRY_get_data( ne ); + + /* If set changed, move to next RDN */ + if ( set != ne->set ) { + /* If this is not the first time, end the + * previous RDN and advance. + */ + if ( j > 0 ) { + newRDN[0][k] = NULL; + newRDN = (LDAPRDN*)(newRDN[0]+k+1); + } + newDN[0][j++] = newRDN; + + newRDN[0] = (LDAPAVA**)(newRDN+1); + k = 0; + set = ne->set; + } + newAVA->la_private = NULL; + newAVA->la_flags = LDAP_AVA_STRING; + + if ( !func ) { + int n = OBJ_obj2nid( obj ); + + if (n == NID_undef) + goto get_oid; + newAVA->la_attr.bv_val = (char *)OBJ_nid2sn( n ); + newAVA->la_attr.bv_len = strlen( newAVA->la_attr.bv_val ); + } else { +get_oid: newAVA->la_attr.bv_val = oidptr; + newAVA->la_attr.bv_len = OBJ_obj2txt( oidptr, oidrem, obj, 1 ); + oidptr += newAVA->la_attr.bv_len + 1; + oidrem -= newAVA->la_attr.bv_len + 1; + + /* Running out of OID buffer space? */ + if (oidrem < 128) { + if ( oidsize == 0 ) { + oidsize = sizeof(oids) * 2; + oidrem = oidsize; + oidbuf = LDAP_MALLOC( oidsize ); + if ( oidbuf == NULL ) goto nomem; + oidptr = oidbuf; + } else { + char *old = oidbuf; + oidbuf = LDAP_REALLOC( oidbuf, oidsize*2 ); + if ( oidbuf == NULL ) goto nomem; + /* Buffer moved! Fix AVA pointers */ + if ( old != oidbuf ) { + LDAPAVA *a; + long dif = oidbuf - old; + + for (a=baseAVA; a<=newAVA; a++){ + if (a->la_attr.bv_val >= old && + a->la_attr.bv_val <= (old + oidsize)) + a->la_attr.bv_val += dif; + } + } + oidptr = oidbuf + oidsize - oidrem; + oidrem += oidsize; + oidsize *= 2; + } + } + } + Val.bv_val = str->data; + Val.bv_len = str->length; + switch( str->type ) { + case V_ASN1_UNIVERSALSTRING: + /* This uses 32-bit ISO 10646-1 */ + csize = 4; goto to_utf8; + case V_ASN1_BMPSTRING: + /* This uses 16-bit ISO 10646-1 */ + csize = 2; goto to_utf8; + case V_ASN1_T61STRING: + /* This uses 8-bit, assume ISO 8859-1 */ + csize = 1; +to_utf8: rc = ldap_ucs_to_utf8s( &Val, csize, &newAVA->la_value ); + if (rc != LDAP_SUCCESS) goto nomem; + newAVA->la_flags = LDAP_AVA_NONPRINTABLE; + break; + case V_ASN1_UTF8STRING: + newAVA->la_flags = LDAP_AVA_NONPRINTABLE; + /* This is already in UTF-8 encoding */ + case V_ASN1_IA5STRING: + case V_ASN1_PRINTABLESTRING: + /* These are always 7-bit strings */ + ber_dupbv( &newAVA->la_value, &Val ); + default: + ; + } + newRDN[0][k] = newAVA; + newAVA++; + k++; + } + newRDN[0][k] = NULL; + + if ( func ) { + rc = func( newDN, flags ); + if ( rc != LDAP_SUCCESS ) + goto nomem; + } + + rc = ldap_dn2bv( newDN, bv, LDAP_DN_FORMAT_LDAPV3 ); + +nomem: + for (;baseAVA < newAVA; baseAVA++) { + LDAP_FREE( baseAVA->la_value.bv_val ); + } + + if ( oidsize != 0 ) + LDAP_FREE( oidbuf ); + if ( newDN != (LDAPDN*) ptrs ) + LDAP_FREE( newDN ); + return rc; +} +#endif /* HAVE_TLS */ +