X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=servers%2Fslapd%2Fdn.c;h=24bc185ff5376d1ab4aab97ddf3ff12948740920;hb=5631f25839a4a83521993639a96909267ea7bce6;hp=6702e8dc18816938c6e106dfdc6ca184257aa2f2;hpb=d40e5a365ab412c15c5fcd6c1687ed38217c152d;p=openldap
diff --git a/servers/slapd/dn.c b/servers/slapd/dn.c
index 6702e8dc18..24bc185ff5 100644
--- a/servers/slapd/dn.c
+++ b/servers/slapd/dn.c
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software .
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -34,7 +34,6 @@
#include
#include "slap.h"
-#include "ldap_pvt.h" /* must be after slap.h, to get ldap_bv2dn_x() & co */
#include "lutil.h"
/*
@@ -54,6 +53,55 @@
#define AVA_PRIVATE( ava ) ( ( AttributeDescription * )(ava)->la_private )
+static int
+LDAPRDN_validate( LDAPRDN rdn )
+{
+ int iAVA;
+ int rc;
+
+ assert( rdn != NULL );
+
+ for ( iAVA = 0; rdn[ iAVA ]; iAVA++ ) {
+ LDAPAVA *ava = rdn[ iAVA ];
+ AttributeDescription *ad;
+ slap_syntax_validate_func *validate = NULL;
+
+ assert( ava != NULL );
+
+ if ( ( ad = AVA_PRIVATE( ava ) ) == NULL ) {
+ const char *text = NULL;
+
+ rc = slap_bv2ad( &ava->la_attr, &ad, &text );
+ if ( rc != LDAP_SUCCESS ) {
+ return LDAP_INVALID_SYNTAX;
+ }
+
+ ava->la_private = ( void * )ad;
+ }
+
+ /*
+ * Replace attr oid/name with the canonical name
+ */
+ ava->la_attr = ad->ad_cname;
+
+ validate = ad->ad_type->sat_syntax->ssyn_validate;
+
+ if ( validate ) {
+ /*
+ * validate value by validate function
+ */
+ rc = ( *validate )( ad->ad_type->sat_syntax,
+ &ava->la_value );
+
+ if ( rc != LDAP_SUCCESS ) {
+ return LDAP_INVALID_SYNTAX;
+ }
+ }
+ }
+
+ return LDAP_SUCCESS;
+}
+
/*
* In-place, schema-aware validation of the
* structural representation of a distinguished name.
@@ -64,20 +112,20 @@ LDAPDN_validate( LDAPDN dn )
int iRDN;
int rc;
- assert( dn );
+ assert( dn != NULL );
for ( iRDN = 0; dn[ iRDN ]; iRDN++ ) {
LDAPRDN rdn = dn[ iRDN ];
int iAVA;
- assert( rdn );
+ assert( rdn != NULL );
for ( iAVA = 0; rdn[ iAVA ]; iAVA++ ) {
LDAPAVA *ava = rdn[ iAVA ];
AttributeDescription *ad;
slap_syntax_validate_func *validate = NULL;
- assert( ava );
+ assert( ava != NULL );
if ( ( ad = AVA_PRIVATE( ava ) ) == NULL ) {
const char *text = NULL;
@@ -125,7 +173,7 @@ dnValidate(
int rc;
LDAPDN dn = NULL;
- assert( in );
+ assert( in != NULL );
if ( in->bv_len == 0 ) {
return LDAP_SUCCESS;
@@ -154,6 +202,45 @@ dnValidate(
return LDAP_SUCCESS;
}
+int
+rdnValidate(
+ Syntax *syntax,
+ struct berval *in )
+{
+ int rc;
+ LDAPRDN rdn;
+ char* p;
+
+ assert( in != NULL );
+ if ( in->bv_len == 0 ) {
+ return LDAP_SUCCESS;
+
+ } else if ( in->bv_len > SLAP_LDAPDN_MAXLEN ) {
+ return LDAP_INVALID_SYNTAX;
+ }
+
+ rc = ldap_bv2rdn_x( in , &rdn, (char **) &p,
+ LDAP_DN_FORMAT_LDAP, NULL);
+ if ( rc != LDAP_SUCCESS ) {
+ return LDAP_INVALID_SYNTAX;
+ }
+
+ assert( strlen( in->bv_val ) == in->bv_len );
+
+ /*
+ * Schema-aware validate
+ */
+ rc = LDAPRDN_validate( rdn );
+ ldap_rdnfree( rdn );
+
+ if ( rc != LDAP_SUCCESS ) {
+ return LDAP_INVALID_SYNTAX;
+ }
+
+ return LDAP_SUCCESS;
+}
+
+
/*
* AVA sorting inside a RDN
*
@@ -174,14 +261,14 @@ AVA_Sort( LDAPRDN rdn, int iAVA )
int i;
LDAPAVA *ava_in = rdn[ iAVA ];
- assert( rdn );
- assert( ava_in );
+ assert( rdn != NULL );
+ assert( ava_in != NULL );
for ( i = 0; i < iAVA; i++ ) {
LDAPAVA *ava = rdn[ i ];
int a, j;
- assert( ava );
+ assert( ava != NULL );
a = strcmp( ava_in->la_attr.bv_val, ava->la_attr.bv_val );
@@ -234,6 +321,119 @@ AVA_Sort( LDAPRDN rdn, int iAVA )
}
}
+static int
+LDAPRDN_rewrite( LDAPRDN rdn, unsigned flags, void *ctx )
+{
+
+ int rc;
+ int iAVA;
+ for ( iAVA = 0; rdn[ iAVA ]; iAVA++ ) {
+ LDAPAVA *ava = rdn[ iAVA ];
+ AttributeDescription *ad;
+ slap_syntax_validate_func *validf = NULL;
+ slap_mr_normalize_func *normf = NULL;
+ slap_syntax_transform_func *transf = NULL;
+ MatchingRule *mr = NULL;
+ struct berval bv = BER_BVNULL;
+ int do_sort = 0;
+
+ assert( ava != NULL );
+
+ if ( ( ad = AVA_PRIVATE( ava ) ) == NULL ) {
+ const char *text = NULL;
+
+ rc = slap_bv2ad( &ava->la_attr, &ad, &text );
+ if ( rc != LDAP_SUCCESS ) {
+ return LDAP_INVALID_SYNTAX;
+ }
+
+ ava->la_private = ( void * )ad;
+ do_sort = 1;
+ }
+
+ /*
+ * Replace attr oid/name with the canonical name
+ */
+ ava->la_attr = ad->ad_cname;
+
+ if( ava->la_flags & LDAP_AVA_BINARY ) {
+ if( ava->la_value.bv_len == 0 ) {
+ /* BER encoding is empty */
+ return LDAP_INVALID_SYNTAX;
+ }
+
+ /* AVA is binary encoded, don't muck with it */
+ } else if( flags & SLAP_LDAPDN_PRETTY ) {
+ transf = ad->ad_type->sat_syntax->ssyn_pretty;
+ if( !transf ) {
+ validf = ad->ad_type->sat_syntax->ssyn_validate;
+ }
+ } else { /* normalization */
+ validf = ad->ad_type->sat_syntax->ssyn_validate;
+ mr = ad->ad_type->sat_equality;
+ if( mr ) normf = mr->smr_normalize;
+ }
+
+ if ( validf ) {
+ /* validate value before normalization */
+ rc = ( *validf )( ad->ad_type->sat_syntax,
+ ava->la_value.bv_len
+ ? &ava->la_value
+ : (struct berval *) &slap_empty_bv );
+
+ if ( rc != LDAP_SUCCESS ) {
+ return LDAP_INVALID_SYNTAX;
+ }
+ }
+
+ if ( transf ) {
+ /*
+ * transform value by pretty function
+ * if value is empty, use empty_bv
+ */
+ rc = ( *transf )( ad->ad_type->sat_syntax,
+ ava->la_value.bv_len
+ ? &ava->la_value
+ : (struct berval *) &slap_empty_bv,
+ &bv, ctx );
+
+ if ( rc != LDAP_SUCCESS ) {
+ return LDAP_INVALID_SYNTAX;
+ }
+ }
+
+ if ( normf ) {
+ /*
+ * normalize value
+ * if value is empty, use empty_bv
+ */
+ rc = ( *normf )(
+ SLAP_MR_VALUE_OF_ASSERTION_SYNTAX,
+ ad->ad_type->sat_syntax,
+ mr,
+ ava->la_value.bv_len
+ ? &ava->la_value
+ : (struct berval *) &slap_empty_bv,
+ &bv, ctx );
+
+ if ( rc != LDAP_SUCCESS ) {
+ return LDAP_INVALID_SYNTAX;
+ }
+ }
+
+
+ if( bv.bv_val ) {
+ if ( ava->la_flags & LDAP_AVA_FREE_VALUE )
+ ber_memfree_x( ava->la_value.bv_val, ctx );
+ ava->la_value = bv;
+ ava->la_flags |= LDAP_AVA_FREE_VALUE;
+ }
+
+ if( do_sort ) AVA_Sort( rdn, iAVA );
+ }
+ return LDAP_SUCCESS;
+}
+
/*
* In-place, schema-aware normalization / "pretty"ing of the
* structural representation of a distinguished name.
@@ -244,13 +444,13 @@ LDAPDN_rewrite( LDAPDN dn, unsigned flags, void *ctx )
int iRDN;
int rc;
- assert( dn );
+ assert( dn != NULL );
for ( iRDN = 0; dn[ iRDN ]; iRDN++ ) {
LDAPRDN rdn = dn[ iRDN ];
int iAVA;
- assert( rdn );
+ assert( rdn != NULL );
for ( iAVA = 0; rdn[ iAVA ]; iAVA++ ) {
LDAPAVA *ava = rdn[ iAVA ];
@@ -262,7 +462,7 @@ LDAPDN_rewrite( LDAPDN dn, unsigned flags, void *ctx )
struct berval bv = BER_BVNULL;
int do_sort = 0;
- assert( ava );
+ assert( ava != NULL );
if ( ( ad = AVA_PRIVATE( ava ) ) == NULL ) {
const char *text = NULL;
@@ -370,8 +570,8 @@ dnNormalize(
struct berval *out,
void *ctx)
{
- assert( val );
- assert( out );
+ assert( val != NULL );
+ assert( out != NULL );
Debug( LDAP_DEBUG_TRACE, ">>> dnNormalize: <%s>\n", val->bv_val, 0, 0 );
@@ -417,6 +617,64 @@ dnNormalize(
return LDAP_SUCCESS;
}
+int
+rdnNormalize(
+ slap_mask_t use,
+ Syntax *syntax,
+ MatchingRule *mr,
+ struct berval *val,
+ struct berval *out,
+ void *ctx)
+{
+ assert( val != NULL );
+ assert( out != NULL );
+
+ Debug( LDAP_DEBUG_TRACE, ">>> dnNormalize: <%s>\n", val->bv_val, 0, 0 );
+ if ( val->bv_len != 0 ) {
+ LDAPRDN rdn = NULL;
+ int rc;
+ char* p;
+
+ /*
+ * Go to structural representation
+ */
+ rc = ldap_bv2rdn_x( val , &rdn, (char **) &p,
+ LDAP_DN_FORMAT_LDAP, ctx);
+
+ if ( rc != LDAP_SUCCESS ) {
+ return LDAP_INVALID_SYNTAX;
+ }
+
+ assert( strlen( val->bv_val ) == val->bv_len );
+
+ /*
+ * Schema-aware rewrite
+ */
+ if ( LDAPRDN_rewrite( rdn, 0, ctx ) != LDAP_SUCCESS ) {
+ ldap_rdnfree_x( rdn, ctx );
+ return LDAP_INVALID_SYNTAX;
+ }
+
+ /*
+ * Back to string representation
+ */
+ rc = ldap_rdn2bv_x( rdn, out,
+ LDAP_DN_FORMAT_LDAPV3 | LDAP_DN_PRETTY, ctx );
+
+ ldap_rdnfree_x( rdn, ctx );
+
+ if ( rc != LDAP_SUCCESS ) {
+ return LDAP_INVALID_SYNTAX;
+ }
+ } else {
+ ber_dupbv_x( out, val, ctx );
+ }
+
+ Debug( LDAP_DEBUG_TRACE, "<<< dnNormalize: <%s>\n", out->bv_val, 0, 0 );
+
+ return LDAP_SUCCESS;
+}
+
int
dnPretty(
Syntax *syntax,
@@ -424,14 +682,10 @@ dnPretty(
struct berval *out,
void *ctx)
{
- assert( val );
- assert( out );
+ assert( val != NULL );
+ assert( out != NULL );
-#ifdef NEW_LOGGING
- LDAP_LOG( OPERATION, ARGS, ">>> dnPretty: <%s>\n", val->bv_val, 0, 0 );
-#else
Debug( LDAP_DEBUG_TRACE, ">>> dnPretty: <%s>\n", val->bv_val, 0, 0 );
-#endif
if ( val->bv_len == 0 ) {
ber_dupbv_x( out, val, ctx );
@@ -473,15 +727,71 @@ dnPretty(
}
}
-#ifdef NEW_LOGGING
- LDAP_LOG( OPERATION, ARGS, "<<< dnPretty: <%s>\n", out->bv_val, 0, 0 );
-#else
Debug( LDAP_DEBUG_TRACE, "<<< dnPretty: <%s>\n", out->bv_val, 0, 0 );
-#endif
return LDAP_SUCCESS;
}
+int
+rdnPretty(
+ Syntax *syntax,
+ struct berval *val,
+ struct berval *out,
+ void *ctx)
+{
+ assert( val != NULL );
+ assert( out != NULL );
+
+ Debug( LDAP_DEBUG_TRACE, ">>> dnPretty: <%s>\n", val->bv_val, 0, 0 );
+
+ if ( val->bv_len == 0 ) {
+ ber_dupbv_x( out, val, ctx );
+
+ } else if ( val->bv_len > SLAP_LDAPDN_MAXLEN ) {
+ return LDAP_INVALID_SYNTAX;
+
+ } else {
+ LDAPRDN rdn = NULL;
+ int rc;
+ char* p;
+
+ /* FIXME: should be liberal in what we accept */
+ rc = ldap_bv2rdn_x( val , &rdn, (char **) &p,
+ LDAP_DN_FORMAT_LDAP, ctx);
+ if ( rc != LDAP_SUCCESS ) {
+ return LDAP_INVALID_SYNTAX;
+ }
+
+ assert( strlen( val->bv_val ) == val->bv_len );
+
+ /*
+ * Schema-aware rewrite
+ */
+ if ( LDAPRDN_rewrite( rdn, SLAP_LDAPDN_PRETTY, ctx ) != LDAP_SUCCESS ) {
+ ldap_rdnfree_x( rdn, ctx );
+ return LDAP_INVALID_SYNTAX;
+ }
+
+ /* FIXME: not sure why the default isn't pretty */
+ /* RE: the default is the form that is used as
+ * an internal representation; the pretty form
+ * is a variant */
+ rc = ldap_rdn2bv_x( rdn, out,
+ LDAP_DN_FORMAT_LDAPV3 | LDAP_DN_PRETTY, ctx );
+
+ ldap_rdnfree_x( rdn, ctx );
+
+ if ( rc != LDAP_SUCCESS ) {
+ return LDAP_INVALID_SYNTAX;
+ }
+ }
+
+ Debug( LDAP_DEBUG_TRACE, "<<< dnPretty: <%s>\n", out->bv_val, 0, 0 );
+
+ return LDAP_SUCCESS;
+}
+
+
int
dnPrettyNormalDN(
Syntax *syntax,
@@ -490,18 +800,12 @@ dnPrettyNormalDN(
int flags,
void *ctx )
{
- assert( val );
- assert( dn );
+ assert( val != NULL );
+ assert( dn != NULL );
-#ifdef NEW_LOGGING
- LDAP_LOG( OPERATION, ARGS, ">>> dn%sDN: <%s>\n",
- flags == SLAP_LDAPDN_PRETTY ? "Pretty" : "Normal",
- val->bv_val, 0 );
-#else
Debug( LDAP_DEBUG_TRACE, ">>> dn%sDN: <%s>\n",
flags == SLAP_LDAPDN_PRETTY ? "Pretty" : "Normal",
val->bv_val, 0 );
-#endif
if ( val->bv_len == 0 ) {
return LDAP_SUCCESS;
@@ -548,15 +852,11 @@ dnPrettyNormal(
struct berval *normal,
void *ctx)
{
-#ifdef NEW_LOGGING
- LDAP_LOG ( OPERATION, ENTRY, ">>> dnPrettyNormal: <%s>\n", val->bv_val, 0, 0 );
-#else
Debug( LDAP_DEBUG_TRACE, ">>> dnPrettyNormal: <%s>\n", val->bv_val, 0, 0 );
-#endif
- assert( val );
- assert( pretty );
- assert( normal );
+ assert( val != NULL );
+ assert( pretty != NULL );
+ assert( normal != NULL );
if ( val->bv_len == 0 ) {
ber_dupbv_x( pretty, val, ctx );
@@ -619,13 +919,8 @@ dnPrettyNormal(
}
}
-#ifdef NEW_LOGGING
- LDAP_LOG (OPERATION, RESULTS, "<<< dnPrettyNormal: <%s>, <%s>\n",
- pretty->bv_val, normal->bv_val, 0 );
-#else
Debug( LDAP_DEBUG_TRACE, "<<< dnPrettyNormal: <%s>, <%s>\n",
pretty->bv_val, normal->bv_val, 0 );
-#endif
return LDAP_SUCCESS;
}
@@ -645,9 +940,11 @@ dnMatch(
int match;
struct berval *asserted = (struct berval *) assertedValue;
- assert( matchp );
- assert( value );
- assert( assertedValue );
+ assert( matchp != NULL );
+ assert( value != NULL );
+ assert( assertedValue != NULL );
+ assert( !BER_BVISNULL( value ) );
+ assert( !BER_BVISNULL( asserted ) );
match = value->bv_len - asserted->bv_len;
@@ -656,23 +953,154 @@ dnMatch(
value->bv_len );
}
-#ifdef NEW_LOGGING
- LDAP_LOG( CONFIG, ENTRY, "dnMatch: %d\n %s\n %s\n",
- match, value->bv_val, asserted->bv_val );
-#else
Debug( LDAP_DEBUG_ARGS, "dnMatch %d\n\t\"%s\"\n\t\"%s\"\n",
match, value->bv_val, asserted->bv_val );
-#endif
*matchp = match;
- return( LDAP_SUCCESS );
+ return LDAP_SUCCESS;
+}
+
+/*
+ * dnRelativeMatch routine
+ */
+int
+dnRelativeMatch(
+ int *matchp,
+ slap_mask_t flags,
+ Syntax *syntax,
+ MatchingRule *mr,
+ struct berval *value,
+ void *assertedValue )
+{
+ int match;
+ struct berval *asserted = (struct berval *) assertedValue;
+
+ assert( matchp != NULL );
+ assert( value != NULL );
+ assert( assertedValue != NULL );
+ assert( !BER_BVISNULL( value ) );
+ assert( !BER_BVISNULL( asserted ) );
+
+ if( mr == slap_schema.si_mr_dnSubtreeMatch ) {
+ if( asserted->bv_len > value->bv_len ) {
+ match = -1;
+ } else if ( asserted->bv_len == value->bv_len ) {
+ match = memcmp( value->bv_val, asserted->bv_val,
+ value->bv_len );
+ } else {
+ if( DN_SEPARATOR(
+ value->bv_val[value->bv_len - asserted->bv_len - 1] ))
+ {
+ match = memcmp(
+ &value->bv_val[value->bv_len - asserted->bv_len],
+ asserted->bv_val,
+ asserted->bv_len );
+ } else {
+ return 1;
+ }
+ }
+
+ *matchp = match;
+ return LDAP_SUCCESS;
+ }
+
+ if( mr == slap_schema.si_mr_dnSuperiorMatch ) {
+ asserted = value;
+ value = (struct berval *) assertedValue;
+ mr = slap_schema.si_mr_dnSubordinateMatch;
+ }
+
+ if( mr == slap_schema.si_mr_dnSubordinateMatch ) {
+ if( asserted->bv_len >= value->bv_len ) {
+ match = -1;
+ } else {
+ if( DN_SEPARATOR(
+ value->bv_val[value->bv_len - asserted->bv_len - 1] ))
+ {
+ match = memcmp(
+ &value->bv_val[value->bv_len - asserted->bv_len],
+ asserted->bv_val,
+ asserted->bv_len );
+ } else {
+ return 1;
+ }
+ }
+
+ *matchp = match;
+ return LDAP_SUCCESS;
+ }
+
+ if( mr == slap_schema.si_mr_dnOneLevelMatch ) {
+ if( asserted->bv_len >= value->bv_len ) {
+ match = -1;
+ } else {
+ if( DN_SEPARATOR(
+ value->bv_val[value->bv_len - asserted->bv_len - 1] ))
+ {
+ match = memcmp(
+ &value->bv_val[value->bv_len - asserted->bv_len],
+ asserted->bv_val,
+ asserted->bv_len );
+
+ if( !match ) {
+ struct berval rdn;
+ rdn.bv_val = value->bv_val;
+ rdn.bv_len = value->bv_len - asserted->bv_len - 1;
+ match = dnIsOneLevelRDN( &rdn ) ? 0 : 1;
+ }
+ } else {
+ return 1;
+ }
+ }
+
+ *matchp = match;
+ return LDAP_SUCCESS;
+ }
+
+ /* should not be reachable */
+ assert( 0 );
+ return LDAP_OTHER;
+}
+
+int
+rdnMatch(
+ int *matchp,
+ slap_mask_t flags,
+ Syntax *syntax,
+ MatchingRule *mr,
+ struct berval *value,
+ void *assertedValue )
+{
+ int match;
+ struct berval *asserted = (struct berval *) assertedValue;
+
+ assert( matchp != NULL );
+ assert( value != NULL );
+ assert( assertedValue != NULL );
+
+ match = value->bv_len - asserted->bv_len;
+
+ if ( match == 0 ) {
+ match = memcmp( value->bv_val, asserted->bv_val,
+ value->bv_len );
+ }
+
+ Debug( LDAP_DEBUG_ARGS, "rdnMatch %d\n\t\"%s\"\n\t\"%s\"\n",
+ match, value->bv_val, asserted->bv_val );
+
+ *matchp = match;
+ return LDAP_SUCCESS;
}
+
/*
* dnParent - dn's parent, in-place
- *
* note: the incoming dn is assumed to be normalized/prettyfied,
* so that escaped rdn/ava separators are in '\'+hexpair form
+ *
+ * note: "dn" and "pdn" can point to the same berval;
+ * beware that, in this case, the pointer to the original buffer
+ * will get lost.
*/
void
dnParent(
@@ -694,8 +1122,35 @@ dnParent(
p++;
assert( ATTR_LEADCHAR( p[ 0 ] ) );
- pdn->bv_val = p;
pdn->bv_len = dn->bv_len - (p - dn->bv_val);
+ pdn->bv_val = p;
+
+ return;
+}
+
+/*
+ * dnRdn - dn's rdn, in-place
+ * note: the incoming dn is assumed to be normalized/prettyfied,
+ * so that escaped rdn/ava separators are in '\'+hexpair form
+ */
+void
+dnRdn(
+ struct berval *dn,
+ struct berval *rdn )
+{
+ char *p;
+
+ *rdn = *dn;
+ p = strchr( dn->bv_val, ',' );
+
+ /* one-level dn */
+ if ( p == NULL ) {
+ return;
+ }
+
+ assert( DN_SEPARATOR( p[ 0 ] ) );
+ assert( ATTR_LEADCHAR( p[ 1 ] ) );
+ rdn->bv_len = p - dn->bv_val;
return;
}
@@ -710,8 +1165,8 @@ dnExtractRdn(
const char *p;
int rc;
- assert( dn );
- assert( rdn );
+ assert( dn != NULL );
+ assert( rdn != NULL );
if( dn->bv_len == 0 ) {
return LDAP_OTHER;
@@ -722,14 +1177,11 @@ dnExtractRdn(
return rc;
}
- rc = ldap_rdn2bv_x( tmpRDN, rdn, LDAP_DN_FORMAT_LDAPV3 | LDAP_DN_PRETTY, ctx );
+ rc = ldap_rdn2bv_x( tmpRDN, rdn, LDAP_DN_FORMAT_LDAPV3 | LDAP_DN_PRETTY,
+ ctx );
ldap_rdnfree_x( tmpRDN, ctx );
- if ( rc != LDAP_SUCCESS ) {
- return rc;
- }
-
- return LDAP_SUCCESS;
+ return rc;
}
/*
@@ -742,7 +1194,7 @@ dn_rdnlen(
{
const char *p;
- assert( dn_in );
+ assert( dn_in != NULL );
if ( dn_in == NULL ) {
return 0;
@@ -768,7 +1220,7 @@ dn_rdnlen(
* LDAP_INVALID_SYNTAX otherwise (including a sequence of rdns)
*/
int
-rdnValidate( struct berval *rdn )
+rdn_validate( struct berval *rdn )
{
#if 1
/* Major cheat!
@@ -780,7 +1232,6 @@ rdnValidate( struct berval *rdn )
{
return LDAP_INVALID_SYNTAX;
}
-
return strchr( rdn->bv_val, ',' ) == NULL
? LDAP_SUCCESS : LDAP_INVALID_SYNTAX;
@@ -851,7 +1302,7 @@ build_new_dn( struct berval * new_dn,
new_dn->bv_len = parent_dn->bv_len + newrdn->bv_len + 1;
new_dn->bv_val = (char *) slap_sl_malloc( new_dn->bv_len + 1, memctx );
- ptr = lutil_strcopy( new_dn->bv_val, newrdn->bv_val );
+ ptr = lutil_strncopy( new_dn->bv_val, newrdn->bv_val, newrdn->bv_len );
*ptr++ = ',';
strcpy( ptr, parent_dn->bv_val );
}
@@ -868,8 +1319,8 @@ dnIsSuffix(
{
int d = dn->bv_len - suffix->bv_len;
- assert( dn );
- assert( suffix );
+ assert( dn != NULL );
+ assert( suffix != NULL );
/* empty suffix matches any dn */
if ( suffix->bv_len == 0 ) {
@@ -895,6 +1346,35 @@ dnIsSuffix(
return( strcmp( dn->bv_val + d, suffix->bv_val ) == 0 );
}
+int
+dnIsOneLevelRDN( struct berval *rdn )
+{
+ ber_len_t len = rdn->bv_len;
+ for ( ; len--; ) {
+ if ( DN_SEPARATOR( rdn->bv_val[ len ] ) ) {
+ return 0;
+ }
+ }
+
+ return 1;
+}
+
+#ifdef HAVE_TLS
+static SLAP_CERT_MAP_FN *DNX509PeerNormalizeCertMap = NULL;
+#endif
+
+int register_certificate_map_function(SLAP_CERT_MAP_FN *fn)
+{
+#ifdef HAVE_TLS
+ if ( DNX509PeerNormalizeCertMap == NULL ) {
+ DNX509PeerNormalizeCertMap = fn;
+ return 0;
+ }
+#endif
+
+ return -1;
+}
+
#ifdef HAVE_TLS
/*
* Convert an X.509 DN into a normalized LDAP DN
@@ -917,7 +1397,16 @@ dnX509normalize( void *x509_name, struct berval *out )
int
dnX509peerNormalize( void *ssl, struct berval *dn )
{
+ int rc = LDAP_INVALID_CREDENTIALS;
+
+ if ( DNX509PeerNormalizeCertMap != NULL )
+ rc = (*DNX509PeerNormalizeCertMap)( ssl, dn );
- return ldap_pvt_tls_get_peer_dn( ssl, dn, (LDAPDN_rewrite_dummy *)LDAPDN_rewrite, 0 );
+ if ( rc != LDAP_SUCCESS ) {
+ rc = ldap_pvt_tls_get_peer_dn( ssl, dn,
+ (LDAPDN_rewrite_dummy *)LDAPDN_rewrite, 0 );
+ }
+
+ return rc;
}
#endif