X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=servers%2Fslapd%2Fdn.c;h=509adb76e3ac3272a8c6bfda8706b6bdcda4a01f;hb=3c5068bc1fa84fc5daf1e50d4f1a929cec91b7e9;hp=05832ecd97f1d3d4c83f6b5a6d7176cd0e05054f;hpb=9129a2f7eeb1d82b4d4de7fed0bf2b3472193879;p=openldap diff --git a/servers/slapd/dn.c b/servers/slapd/dn.c index 05832ecd97..509adb76e3 100644 --- a/servers/slapd/dn.c +++ b/servers/slapd/dn.c @@ -2,7 +2,7 @@ /* $OpenLDAP$ */ /* This work is part of OpenLDAP Software . * - * Copyright 1998-2005 The OpenLDAP Foundation. + * Copyright 1998-2007 The OpenLDAP Foundation. * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -53,6 +53,8 @@ #define AVA_PRIVATE( ava ) ( ( AttributeDescription * )(ava)->la_private ) +int slap_DN_strict = SLAP_AD_NOINSERT; + static int LDAPRDN_validate( LDAPRDN rdn ) { @@ -75,7 +77,7 @@ LDAPRDN_validate( LDAPRDN rdn ) if ( rc != LDAP_SUCCESS ) { rc = slap_bv2undef_ad( &ava->la_attr, &ad, &text, - SLAP_AD_PROXIED|SLAP_AD_NOINSERT ); + SLAP_AD_PROXIED|slap_DN_strict ); if ( rc != LDAP_SUCCESS ) { return LDAP_INVALID_SYNTAX; } @@ -84,6 +86,13 @@ LDAPRDN_validate( LDAPRDN rdn ) ava->la_private = ( void * )ad; } + /* + * Do not allow X-ORDERED 'VALUES' naming attributes + */ + if ( ad->ad_type->sat_flags & SLAP_AT_ORDERED_VAL ) { + return LDAP_INVALID_SYNTAX; + } + /* * Replace attr oid/name with the canonical name */ @@ -120,52 +129,9 @@ LDAPDN_validate( LDAPDN dn ) assert( dn != NULL ); for ( iRDN = 0; dn[ iRDN ]; iRDN++ ) { - LDAPRDN rdn = dn[ iRDN ]; - int iAVA; - - assert( rdn != NULL ); - - for ( iAVA = 0; rdn[ iAVA ]; iAVA++ ) { - LDAPAVA *ava = rdn[ iAVA ]; - AttributeDescription *ad; - slap_syntax_validate_func *validate = NULL; - - assert( ava != NULL ); - - if ( ( ad = AVA_PRIVATE( ava ) ) == NULL ) { - const char *text = NULL; - - rc = slap_bv2ad( &ava->la_attr, &ad, &text ); - if ( rc != LDAP_SUCCESS ) { - rc = slap_bv2undef_ad( &ava->la_attr, - &ad, &text, - SLAP_AD_PROXIED|SLAP_AD_NOINSERT ); - if ( rc != LDAP_SUCCESS ) { - return LDAP_INVALID_SYNTAX; - } - } - - ava->la_private = ( void * )ad; - } - - /* - * Replace attr oid/name with the canonical name - */ - ava->la_attr = ad->ad_cname; - - validate = ad->ad_type->sat_syntax->ssyn_validate; - - if ( validate ) { - /* - * validate value by validate function - */ - rc = ( *validate )( ad->ad_type->sat_syntax, - &ava->la_value ); - - if ( rc != LDAP_SUCCESS ) { - return LDAP_INVALID_SYNTAX; - } - } + rc = LDAPRDN_validate( dn[ iRDN ] ); + if ( rc != LDAP_SUCCESS ) { + return rc; } } @@ -356,7 +322,7 @@ LDAPRDN_rewrite( LDAPRDN rdn, unsigned flags, void *ctx ) if ( rc != LDAP_SUCCESS ) { rc = slap_bv2undef_ad( &ava->la_attr, &ad, &text, - SLAP_AD_PROXIED|SLAP_AD_NOINSERT ); + SLAP_AD_PROXIED|slap_DN_strict ); if ( rc != LDAP_SUCCESS ) { return LDAP_INVALID_SYNTAX; } @@ -377,6 +343,10 @@ LDAPRDN_rewrite( LDAPRDN rdn, unsigned flags, void *ctx ) return LDAP_INVALID_SYNTAX; } + /* Do not allow X-ORDERED 'VALUES' naming attributes */ + } else if( ad->ad_type->sat_flags & SLAP_AT_ORDERED_VAL ) { + return LDAP_INVALID_SYNTAX; + /* AVA is binary encoded, don't muck with it */ } else if( flags & SLAP_LDAPDN_PRETTY ) { transf = ad->ad_type->sat_syntax->ssyn_pretty; @@ -386,7 +356,9 @@ LDAPRDN_rewrite( LDAPRDN rdn, unsigned flags, void *ctx ) } else { /* normalization */ validf = ad->ad_type->sat_syntax->ssyn_validate; mr = ad->ad_type->sat_equality; - if( mr ) normf = mr->smr_normalize; + if( mr && (!( mr->smr_usage & SLAP_MR_MUTATION_NORMALIZER ))) { + normf = mr->smr_normalize; + } } if ( validf ) { @@ -462,119 +434,9 @@ LDAPDN_rewrite( LDAPDN dn, unsigned flags, void *ctx ) assert( dn != NULL ); for ( iRDN = 0; dn[ iRDN ]; iRDN++ ) { - LDAPRDN rdn = dn[ iRDN ]; - int iAVA; - - assert( rdn != NULL ); - - for ( iAVA = 0; rdn[ iAVA ]; iAVA++ ) { - LDAPAVA *ava = rdn[ iAVA ]; - AttributeDescription *ad; - slap_syntax_validate_func *validf = NULL; - slap_mr_normalize_func *normf = NULL; - slap_syntax_transform_func *transf = NULL; - MatchingRule *mr = NULL; - struct berval bv = BER_BVNULL; - int do_sort = 0; - - assert( ava != NULL ); - - if ( ( ad = AVA_PRIVATE( ava ) ) == NULL ) { - const char *text = NULL; - - rc = slap_bv2ad( &ava->la_attr, &ad, &text ); - if ( rc != LDAP_SUCCESS ) { - rc = slap_bv2undef_ad( &ava->la_attr, - &ad, &text, - SLAP_AD_PROXIED|SLAP_AD_NOINSERT ); - if ( rc != LDAP_SUCCESS ) { - return LDAP_INVALID_SYNTAX; - } - } - - ava->la_private = ( void * )ad; - do_sort = 1; - } - - /* - * Replace attr oid/name with the canonical name - */ - ava->la_attr = ad->ad_cname; - - if( ava->la_flags & LDAP_AVA_BINARY ) { - if( ava->la_value.bv_len == 0 ) { - /* BER encoding is empty */ - return LDAP_INVALID_SYNTAX; - } - - /* AVA is binary encoded, don't muck with it */ - } else if( flags & SLAP_LDAPDN_PRETTY ) { - transf = ad->ad_type->sat_syntax->ssyn_pretty; - if( !transf ) { - validf = ad->ad_type->sat_syntax->ssyn_validate; - } - } else { /* normalization */ - validf = ad->ad_type->sat_syntax->ssyn_validate; - mr = ad->ad_type->sat_equality; - if( mr ) normf = mr->smr_normalize; - } - - if ( validf ) { - /* validate value before normalization */ - rc = ( *validf )( ad->ad_type->sat_syntax, - ava->la_value.bv_len - ? &ava->la_value - : (struct berval *) &slap_empty_bv ); - - if ( rc != LDAP_SUCCESS ) { - return LDAP_INVALID_SYNTAX; - } - } - - if ( transf ) { - /* - * transform value by pretty function - * if value is empty, use empty_bv - */ - rc = ( *transf )( ad->ad_type->sat_syntax, - ava->la_value.bv_len - ? &ava->la_value - : (struct berval *) &slap_empty_bv, - &bv, ctx ); - - if ( rc != LDAP_SUCCESS ) { - return LDAP_INVALID_SYNTAX; - } - } - - if ( normf ) { - /* - * normalize value - * if value is empty, use empty_bv - */ - rc = ( *normf )( - SLAP_MR_VALUE_OF_ASSERTION_SYNTAX, - ad->ad_type->sat_syntax, - mr, - ava->la_value.bv_len - ? &ava->la_value - : (struct berval *) &slap_empty_bv, - &bv, ctx ); - - if ( rc != LDAP_SUCCESS ) { - return LDAP_INVALID_SYNTAX; - } - } - - - if( bv.bv_val ) { - if ( ava->la_flags & LDAP_AVA_FREE_VALUE ) - ber_memfree_x( ava->la_value.bv_val, ctx ); - ava->la_value = bv; - ava->la_flags |= LDAP_AVA_FREE_VALUE; - } - - if( do_sort ) AVA_Sort( rdn, iAVA ); + rc = LDAPRDN_rewrite( dn[ iRDN ], flags, ctx ); + if ( rc != LDAP_SUCCESS ) { + return rc; } } @@ -1129,7 +991,7 @@ dnParent( { char *p; - p = strchr( dn->bv_val, ',' ); + p = ber_bvchr( dn, ',' ); /* one-level dn */ if ( p == NULL ) { @@ -1161,7 +1023,7 @@ dnRdn( char *p; *rdn = *dn; - p = strchr( dn->bv_val, ',' ); + p = ber_bvchr( dn, ',' ); /* one-level dn */ if ( p == NULL ) { @@ -1228,7 +1090,7 @@ dn_rdnlen( return 0; } - p = strchr( dn_in->bv_val, ',' ); + p = ber_bvchr( dn_in, ',' ); return p ? p - dn_in->bv_val : dn_in->bv_len; } @@ -1252,7 +1114,7 @@ rdn_validate( struct berval *rdn ) { return LDAP_INVALID_SYNTAX; } - return strchr( rdn->bv_val, ',' ) == NULL + return ber_bvchr( rdn, ',' ) == NULL ? LDAP_SUCCESS : LDAP_INVALID_SYNTAX; #else @@ -1300,7 +1162,7 @@ rdn_validate( struct berval *rdn ) /* build_new_dn: * - * Used by ldbm/bdb2 back_modrdn to create the new dn of entries being + * Used by back-bdb back_modrdn to create the new dn of entries being * renamed. * * new_dn = parent (p_dn) + separator + rdn (newrdn) + null. @@ -1315,7 +1177,7 @@ build_new_dn( struct berval * new_dn, char *ptr; if ( parent_dn == NULL || parent_dn->bv_len == 0 ) { - ber_dupbv( new_dn, newrdn ); + ber_dupbv_x( new_dn, newrdn, memctx ); return; } @@ -1406,7 +1268,8 @@ dnX509normalize( void *x509_name, struct berval *out ) int rc = ldap_X509dn2bv( x509_name, out, LDAPDN_rewrite, 0 ); Debug( LDAP_DEBUG_TRACE, - "dnX509Normalize: <%s>\n", out->bv_val, 0, 0 ); + "dnX509Normalize: <%s> (%d)\n", + BER_BVISNULL( out ) ? "(null)" : out->bv_val, rc, 0 ); return rc; }