X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=servers%2Fslapd%2Fdn.c;h=148d8155e9756adda8cd41f9053395a96af96769;hb=1fbbc1181152a32c1b9b82342ad6d63034ec7fbb;hp=3ba5acff7ac4a8ffc05a68c02b35a626060c761d;hpb=6ebe49f1b648756bfb976bf1bb5afb013ff13536;p=openldap

diff --git a/servers/slapd/dn.c b/servers/slapd/dn.c
index 3ba5acff7a..148d8155e9 100644
--- a/servers/slapd/dn.c
+++ b/servers/slapd/dn.c
@@ -1,7 +1,7 @@
 /* dn.c - routines for dealing with distinguished names */
 /* $OpenLDAP$ */
 /*
- * Copyright 1998-2002 The OpenLDAP Foundation, All Rights Reserved.
+ * Copyright 1998-2003 The OpenLDAP Foundation, All Rights Reserved.
  * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
  */
 
@@ -18,11 +18,9 @@
 
 #include "slap.h"
 
-const struct berval slap_empty_bv = { 0, "" };
-
-#define SLAP_LDAPDN_PRETTY 0x1
+#include "lutil.h"
 
-#define SLAP_LDAPDN_MAXLEN 8192
+const struct berval slap_empty_bv = { 0, "" };
 
 /*
  * The DN syntax-related functions take advantage of the dn representation
@@ -132,11 +130,13 @@ dnValidate(
 	 * Schema-aware validate
 	 */
 	rc = LDAPDN_validate( dn );
-	if ( rc == LDAP_SUCCESS ) {
-		ldap_dnfree( dn );
+	ldap_dnfree( dn );
+
+	if ( rc != LDAP_SUCCESS ) {
+		return LDAP_INVALID_SYNTAX;
 	}
-	
-	return LDAP_INVALID_SYNTAX;
+
+	return LDAP_SUCCESS;
 }
 
 /*
@@ -240,6 +240,7 @@ LDAPDN_rewrite( LDAPDN *dn, unsigned flags )
 		for ( iAVA = 0; rdn[ 0 ][ iAVA ]; iAVA++ ) {
 			LDAPAVA			*ava = rdn[ 0 ][ iAVA ];
 			AttributeDescription	*ad;
+			slap_syntax_validate_func *validf = NULL;
 			slap_syntax_transform_func *transf = NULL;
 			MatchingRule *mr;
 			struct berval		bv = { 0, NULL };
@@ -266,17 +267,31 @@ LDAPDN_rewrite( LDAPDN *dn, unsigned flags )
 
 			if( ava->la_flags & LDAP_AVA_BINARY ) {
 				/* AVA is binary encoded, don't muck with it */
+				validf = NULL;
 				transf = NULL;
 				mr = NULL;
-
 			} else if( flags & SLAP_LDAPDN_PRETTY ) {
+				validf = NULL;
 				transf = ad->ad_type->sat_syntax->ssyn_pretty;
 				mr = NULL;
 			} else {
+				validf = ad->ad_type->sat_syntax->ssyn_validate;
 				transf = ad->ad_type->sat_syntax->ssyn_normalize;
 				mr = ad->ad_type->sat_equality;
 			}
 
+			if ( validf ) {
+				/* validate value before normalization */
+				rc = ( *validf )( ad->ad_type->sat_syntax,
+					ava->la_value.bv_len
+						? &ava->la_value
+						: (struct berval *) &slap_empty_bv );
+
+				if ( rc != LDAP_SUCCESS ) {
+					return LDAP_INVALID_SYNTAX;
+				}
+			}
+
 			if ( transf ) {
 				/*
 			 	 * transform value by normalize/pretty function
@@ -296,9 +311,10 @@ LDAPDN_rewrite( LDAPDN *dn, unsigned flags )
 			if( mr && ( mr->smr_usage & SLAP_MR_DN_FOLD ) ) {
 				char *s = bv.bv_val;
 
-				ber_str2bv( UTF8normalize( bv.bv_val ? &bv
-					: &ava->la_value, LDAP_UTF8_CASEFOLD ),
-					0, 0, &bv );
+				if ( UTF8bvnormalize( &bv, &bv, 
+						LDAP_UTF8_CASEFOLD ) == NULL ) {
+					return LDAP_INVALID_SYNTAX;
+				}
 				free( s );
 			}
 
@@ -373,7 +389,8 @@ dnNormalize2(
 		/*
 		 * Back to string representation
 		 */
-		rc = ldap_dn2bv( dn, out, LDAP_DN_FORMAT_LDAPV3 );
+		rc = ldap_dn2bv( dn, out,
+			LDAP_DN_FORMAT_LDAPV3 | LDAP_DN_PRETTY );
 
 		ldap_dnfree( dn );
 
@@ -421,7 +438,11 @@ dnPretty2(
 	assert( val );
 	assert( out );
 
+#ifdef NEW_LOGGING
+	LDAP_LOG( OPERATION, ARGS, ">>> dnPretty: <%s>\n", val->bv_val, 0, 0 );
+#else
 	Debug( LDAP_DEBUG_TRACE, ">>> dnPretty: <%s>\n", val->bv_val, 0, 0 );
+#endif
 
 	if ( val->bv_len == 0 ) {
 		ber_dupbv( out, val );
@@ -468,6 +489,60 @@ dnPretty2(
 	return LDAP_SUCCESS;
 }
 
+int
+dnPrettyNormalDN(
+	Syntax *syntax,
+	struct berval *val,
+	LDAPDN **dn,
+	int flags )
+{
+	assert( val );
+	assert( dn );
+
+#ifdef NEW_LOGGING
+	LDAP_LOG( OPERATION, ARGS, ">>> dn%sDN: <%s>\n", 
+			flags == SLAP_LDAPDN_PRETTY ? "Pretty" : "Normal", 
+			val->bv_val, 0 );
+#else
+	Debug( LDAP_DEBUG_TRACE, ">>> dn%sDN: <%s>\n", 
+			flags == SLAP_LDAPDN_PRETTY ? "Pretty" : "Normal", 
+			val->bv_val, 0 );
+#endif
+
+	if ( val->bv_len == 0 ) {
+		return LDAP_SUCCESS;
+
+	} else if ( val->bv_len > SLAP_LDAPDN_MAXLEN ) {
+		return LDAP_INVALID_SYNTAX;
+
+	} else {
+		int		rc;
+
+		/* FIXME: should be liberal in what we accept */
+		rc = ldap_bv2dn( val, dn, LDAP_DN_FORMAT_LDAP );
+		if ( rc != LDAP_SUCCESS ) {
+			return LDAP_INVALID_SYNTAX;
+		}
+
+		assert( strlen( val->bv_val ) == val->bv_len );
+
+		/*
+		 * Schema-aware rewrite
+		 */
+		if ( LDAPDN_rewrite( *dn, flags ) != LDAP_SUCCESS ) {
+			ldap_dnfree( *dn );
+			*dn = NULL;
+			return LDAP_INVALID_SYNTAX;
+		}
+	}
+
+	Debug( LDAP_DEBUG_TRACE, "<<< dn%sDN\n", 
+			flags == SLAP_LDAPDN_PRETTY ? "Pretty" : "Normal",
+			0, 0 );
+
+	return LDAP_SUCCESS;
+}
+
 /*
  * Combination of both dnPretty and dnNormalize
  */
@@ -478,7 +553,11 @@ dnPrettyNormal(
 	struct berval *pretty,
 	struct berval *normal)
 {
+#ifdef NEW_LOGGING
+	LDAP_LOG ( OPERATION, ENTRY, ">>> dnPrettyNormal: <%s>\n", val->bv_val, 0, 0 );
+#else
 	Debug( LDAP_DEBUG_TRACE, ">>> dnPrettyNormal: <%s>\n", val->bv_val, 0, 0 );
+#endif
 
 	assert( val );
 	assert( pretty );
@@ -533,7 +612,8 @@ dnPrettyNormal(
 			return LDAP_INVALID_SYNTAX;
 		}
 
-		rc = ldap_dn2bv( dn, normal, LDAP_DN_FORMAT_LDAPV3 );
+		rc = ldap_dn2bv( dn, normal,
+			LDAP_DN_FORMAT_LDAPV3 | LDAP_DN_PRETTY );
 
 		ldap_dnfree( dn );
 		if ( rc != LDAP_SUCCESS ) {
@@ -544,8 +624,13 @@ dnPrettyNormal(
 		}
 	}
 
+#ifdef NEW_LOGGING
+	LDAP_LOG (OPERATION, RESULTS, "<<< dnPrettyNormal: <%s>, <%s>\n",
+		pretty->bv_val, normal->bv_val, 0  );
+#else
 	Debug( LDAP_DEBUG_TRACE, "<<< dnPrettyNormal: <%s>, <%s>\n",
 		pretty->bv_val, normal->bv_val, 0 );
+#endif
 
 	return LDAP_SUCCESS;
 }
@@ -572,13 +657,13 @@ dnMatch(
 	match = value->bv_len - asserted->bv_len;
 
 	if ( match == 0 ) {
-		match = strcmp( value->bv_val, asserted->bv_val );
+		match = memcmp( value->bv_val, asserted->bv_val, 
+				value->bv_len );
 	}
 
 #ifdef NEW_LOGGING
-	LDAP_LOG(( "schema", LDAP_LEVEL_ENTRY,
-		"dnMatch: %d\n    %s\n    %s\n", match,
-		value->bv_val, asserted->bv_val ));
+	LDAP_LOG( CONFIG, ENTRY, "dnMatch: %d\n    %s\n    %s\n", 
+		match, value->bv_val, asserted->bv_val  );
 #else
 	Debug( LDAP_DEBUG_ARGS, "dnMatch %d\n\t\"%s\"\n\t\"%s\"\n",
 		match, value->bv_val, asserted->bv_val );
@@ -605,7 +690,8 @@ dnParent(
 
 	/* one-level dn */
 	if ( p == NULL ) {
-		*pdn = slap_empty_bv;
+		pdn->bv_len = 0;
+		pdn->bv_val = dn->bv_val + dn->bv_len;
 		return;
 	}
 
@@ -640,7 +726,8 @@ dnExtractRdn(
 		return rc;
 	}
 
-	rc = ldap_rdn2bv( tmpRDN, rdn, LDAP_DN_FORMAT_LDAPV3 );
+	rc = ldap_rdn2bv( tmpRDN, rdn, LDAP_DN_FORMAT_LDAPV3 | LDAP_DN_PRETTY );
+
 	ldap_rdnfree( tmpRDN );
 	if ( rc != LDAP_SUCCESS ) {
 		return rc;
@@ -767,7 +854,7 @@ build_new_dn( struct berval * new_dn,
 	new_dn->bv_len = parent_dn->bv_len + newrdn->bv_len + 1;
 	new_dn->bv_val = (char *) ch_malloc( new_dn->bv_len + 1 );
 
-	ptr = slap_strcopy( new_dn->bv_val, newrdn->bv_val );
+	ptr = lutil_strcopy( new_dn->bv_val, newrdn->bv_val );
 	*ptr++ = ',';
 	strcpy( ptr, parent_dn->bv_val );
 }
@@ -810,3 +897,25 @@ dnIsSuffix(
 	/* compare */
 	return( strcmp( dn->bv_val + d, suffix->bv_val ) == 0 );
 }
+
+#ifdef HAVE_TLS
+/*
+ * Convert an X.509 DN into a normalized LDAP DN
+ */
+int
+dnX509normalize( void *x509_name, struct berval *out )
+{
+	/* Invoke the LDAP library's converter with our schema-rewriter */
+	return ldap_X509dn2bv( x509_name, out, LDAPDN_rewrite, 0 );
+}
+
+/*
+ * Get the TLS session's peer's DN into a normalized LDAP DN
+ */
+int
+dnX509peerNormalize( void *ssl, struct berval *dn )
+{
+
+	return ldap_pvt_tls_get_peer_dn( ssl, dn, (LDAPDN_rewrite_dummy *)LDAPDN_rewrite, 0 );
+}
+#endif