X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=servers%2Fslapd%2Fdn.c;h=647468d92bffc5ba5804596c44278e2870f6b271;hb=e3b1020e7558dff26d8c87ebb2746f197775c24f;hp=d2308d99676963cf71b2817a80e39ef018810d48;hpb=ef607e65d7be94c2be1389f505a9b4b9a8f37615;p=openldap diff --git a/servers/slapd/dn.c b/servers/slapd/dn.c index d2308d9967..647468d92b 100644 --- a/servers/slapd/dn.c +++ b/servers/slapd/dn.c @@ -1,7 +1,7 @@ /* dn.c - routines for dealing with distinguished names */ /* $OpenLDAP$ */ /* - * Copyright 1998-2002 The OpenLDAP Foundation, All Rights Reserved. + * Copyright 1998-2003 The OpenLDAP Foundation, All Rights Reserved. * COPYING RESTRICTIONS APPLY, see COPYRIGHT file */ @@ -18,11 +18,7 @@ #include "slap.h" -const struct berval slap_empty_bv = { 0, "" }; - -#define SLAP_LDAPDN_PRETTY 0x1 - -#define SLAP_LDAPDN_MAXLEN 8192 +#include "lutil.h" /* * The DN syntax-related functions take advantage of the dn representation @@ -242,8 +238,12 @@ LDAPDN_rewrite( LDAPDN *dn, unsigned flags ) for ( iAVA = 0; rdn[ 0 ][ iAVA ]; iAVA++ ) { LDAPAVA *ava = rdn[ 0 ][ iAVA ]; AttributeDescription *ad; + slap_syntax_validate_func *validf = NULL; +#ifdef SLAP_NVALUES + slap_mr_normalize_func *normf = NULL; +#endif slap_syntax_transform_func *transf = NULL; - MatchingRule *mr; + MatchingRule *mr = NULL; struct berval bv = { 0, NULL }; int do_sort = 0; @@ -268,20 +268,40 @@ LDAPDN_rewrite( LDAPDN *dn, unsigned flags ) if( ava->la_flags & LDAP_AVA_BINARY ) { /* AVA is binary encoded, don't muck with it */ - transf = NULL; - mr = NULL; - } else if( flags & SLAP_LDAPDN_PRETTY ) { transf = ad->ad_type->sat_syntax->ssyn_pretty; - mr = NULL; - } else { - transf = ad->ad_type->sat_syntax->ssyn_normalize; + if( !transf ) { + validf = ad->ad_type->sat_syntax->ssyn_validate; + } + } else { /* normalization */ + validf = ad->ad_type->sat_syntax->ssyn_validate; mr = ad->ad_type->sat_equality; +#ifdef SLAP_NVALUES + if( mr ) normf = mr->smr_normalize; +#else + transf = ad->ad_type->sat_syntax->ssyn_normalize; +#endif + } + + if ( validf ) { + /* validate value before normalization */ + rc = ( *validf )( ad->ad_type->sat_syntax, + ava->la_value.bv_len + ? &ava->la_value + : (struct berval *) &slap_empty_bv ); + + if ( rc != LDAP_SUCCESS ) { + return LDAP_INVALID_SYNTAX; + } } if ( transf ) { /* +#ifdef SLAP_NVALUES + * transform value by pretty function +#else * transform value by normalize/pretty function +#endif * if value is empty, use empty_bv */ rc = ( *transf )( ad->ad_type->sat_syntax, @@ -295,6 +315,27 @@ LDAPDN_rewrite( LDAPDN *dn, unsigned flags ) } } +#ifdef SLAP_NVALUES + if ( normf ) { + /* + * normalize value + * if value is empty, use empty_bv + */ + rc = ( *normf )( + 0, + ad->ad_type->sat_syntax, + mr, + ava->la_value.bv_len + ? &ava->la_value + : (struct berval *) &slap_empty_bv, + &bv ); + + if ( rc != LDAP_SUCCESS ) { + return LDAP_INVALID_SYNTAX; + } + } + +#else if( mr && ( mr->smr_usage & SLAP_MR_DN_FOLD ) ) { char *s = bv.bv_val; @@ -304,6 +345,7 @@ LDAPDN_rewrite( LDAPDN *dn, unsigned flags ) } free( s ); } +#endif if( bv.bv_val ) { free( ava->la_value.bv_val ); @@ -317,34 +359,20 @@ LDAPDN_rewrite( LDAPDN *dn, unsigned flags ) return LDAP_SUCCESS; } -/* - * dn normalize routine - */ int +#ifdef SLAP_NVALUES dnNormalize( - Syntax *syntax, - struct berval *val, - struct berval **normalized ) -{ - struct berval *out; - int rc; - - assert( normalized && *normalized == NULL ); - - out = ch_malloc( sizeof( struct berval ) ); - rc = dnNormalize2( syntax, val, out ); - if ( rc != LDAP_SUCCESS ) - free( out ); - else - *normalized = out; - return rc; -} - -int -dnNormalize2( - Syntax *syntax, - struct berval *val, - struct berval *out ) + slap_mask_t use, + Syntax *syntax, + MatchingRule *mr, + struct berval *val, + struct berval *out ) +#else +dnNormalize( + Syntax *syntax, + struct berval *val, + struct berval *out ) +#endif { assert( val ); assert( out ); @@ -376,7 +404,8 @@ dnNormalize2( /* * Back to string representation */ - rc = ldap_dn2bv( dn, out, LDAP_DN_FORMAT_LDAPV3 ); + rc = ldap_dn2bv( dn, out, + LDAP_DN_FORMAT_LDAPV3 | LDAP_DN_PRETTY ); ldap_dnfree( dn ); @@ -392,6 +421,7 @@ dnNormalize2( return LDAP_SUCCESS; } +#if 0 /* * dn "pretty"ing routine */ @@ -414,6 +444,7 @@ dnPretty( *pretty = out; return rc; } +#endif int dnPretty2( @@ -424,7 +455,11 @@ dnPretty2( assert( val ); assert( out ); +#ifdef NEW_LOGGING + LDAP_LOG( OPERATION, ARGS, ">>> dnPretty: <%s>\n", val->bv_val, 0, 0 ); +#else Debug( LDAP_DEBUG_TRACE, ">>> dnPretty: <%s>\n", val->bv_val, 0, 0 ); +#endif if ( val->bv_len == 0 ) { ber_dupbv( out, val ); @@ -471,6 +506,60 @@ dnPretty2( return LDAP_SUCCESS; } +int +dnPrettyNormalDN( + Syntax *syntax, + struct berval *val, + LDAPDN **dn, + int flags ) +{ + assert( val ); + assert( dn ); + +#ifdef NEW_LOGGING + LDAP_LOG( OPERATION, ARGS, ">>> dn%sDN: <%s>\n", + flags == SLAP_LDAPDN_PRETTY ? "Pretty" : "Normal", + val->bv_val, 0 ); +#else + Debug( LDAP_DEBUG_TRACE, ">>> dn%sDN: <%s>\n", + flags == SLAP_LDAPDN_PRETTY ? "Pretty" : "Normal", + val->bv_val, 0 ); +#endif + + if ( val->bv_len == 0 ) { + return LDAP_SUCCESS; + + } else if ( val->bv_len > SLAP_LDAPDN_MAXLEN ) { + return LDAP_INVALID_SYNTAX; + + } else { + int rc; + + /* FIXME: should be liberal in what we accept */ + rc = ldap_bv2dn( val, dn, LDAP_DN_FORMAT_LDAP ); + if ( rc != LDAP_SUCCESS ) { + return LDAP_INVALID_SYNTAX; + } + + assert( strlen( val->bv_val ) == val->bv_len ); + + /* + * Schema-aware rewrite + */ + if ( LDAPDN_rewrite( *dn, flags ) != LDAP_SUCCESS ) { + ldap_dnfree( *dn ); + *dn = NULL; + return LDAP_INVALID_SYNTAX; + } + } + + Debug( LDAP_DEBUG_TRACE, "<<< dn%sDN\n", + flags == SLAP_LDAPDN_PRETTY ? "Pretty" : "Normal", + 0, 0 ); + + return LDAP_SUCCESS; +} + /* * Combination of both dnPretty and dnNormalize */ @@ -481,7 +570,11 @@ dnPrettyNormal( struct berval *pretty, struct berval *normal) { +#ifdef NEW_LOGGING + LDAP_LOG ( OPERATION, ENTRY, ">>> dnPrettyNormal: <%s>\n", val->bv_val, 0, 0 ); +#else Debug( LDAP_DEBUG_TRACE, ">>> dnPrettyNormal: <%s>\n", val->bv_val, 0, 0 ); +#endif assert( val ); assert( pretty ); @@ -536,7 +629,8 @@ dnPrettyNormal( return LDAP_INVALID_SYNTAX; } - rc = ldap_dn2bv( dn, normal, LDAP_DN_FORMAT_LDAPV3 ); + rc = ldap_dn2bv( dn, normal, + LDAP_DN_FORMAT_LDAPV3 | LDAP_DN_PRETTY ); ldap_dnfree( dn ); if ( rc != LDAP_SUCCESS ) { @@ -547,8 +641,13 @@ dnPrettyNormal( } } +#ifdef NEW_LOGGING + LDAP_LOG (OPERATION, RESULTS, "<<< dnPrettyNormal: <%s>, <%s>\n", + pretty->bv_val, normal->bv_val, 0 ); +#else Debug( LDAP_DEBUG_TRACE, "<<< dnPrettyNormal: <%s>, <%s>\n", pretty->bv_val, normal->bv_val, 0 ); +#endif return LDAP_SUCCESS; } @@ -580,9 +679,8 @@ dnMatch( } #ifdef NEW_LOGGING - LDAP_LOG(( "schema", LDAP_LEVEL_ENTRY, - "dnMatch: %d\n %s\n %s\n", match, - value->bv_val, asserted->bv_val )); + LDAP_LOG( CONFIG, ENTRY, "dnMatch: %d\n %s\n %s\n", + match, value->bv_val, asserted->bv_val ); #else Debug( LDAP_DEBUG_ARGS, "dnMatch %d\n\t\"%s\"\n\t\"%s\"\n", match, value->bv_val, asserted->bv_val ); @@ -609,7 +707,8 @@ dnParent( /* one-level dn */ if ( p == NULL ) { - *pdn = slap_empty_bv; + pdn->bv_len = 0; + pdn->bv_val = dn->bv_val + dn->bv_len; return; } @@ -644,7 +743,8 @@ dnExtractRdn( return rc; } - rc = ldap_rdn2bv( tmpRDN, rdn, LDAP_DN_FORMAT_LDAPV3 ); + rc = ldap_rdn2bv( tmpRDN, rdn, LDAP_DN_FORMAT_LDAPV3 | LDAP_DN_PRETTY ); + ldap_rdnfree( tmpRDN ); if ( rc != LDAP_SUCCESS ) { return rc; @@ -771,7 +871,7 @@ build_new_dn( struct berval * new_dn, new_dn->bv_len = parent_dn->bv_len + newrdn->bv_len + 1; new_dn->bv_val = (char *) ch_malloc( new_dn->bv_len + 1 ); - ptr = slap_strcopy( new_dn->bv_val, newrdn->bv_val ); + ptr = lutil_strcopy( new_dn->bv_val, newrdn->bv_val ); *ptr++ = ','; strcpy( ptr, parent_dn->bv_val ); } @@ -814,3 +914,25 @@ dnIsSuffix( /* compare */ return( strcmp( dn->bv_val + d, suffix->bv_val ) == 0 ); } + +#ifdef HAVE_TLS +/* + * Convert an X.509 DN into a normalized LDAP DN + */ +int +dnX509normalize( void *x509_name, struct berval *out ) +{ + /* Invoke the LDAP library's converter with our schema-rewriter */ + return ldap_X509dn2bv( x509_name, out, LDAPDN_rewrite, 0 ); +} + +/* + * Get the TLS session's peer's DN into a normalized LDAP DN + */ +int +dnX509peerNormalize( void *ssl, struct berval *dn ) +{ + + return ldap_pvt_tls_get_peer_dn( ssl, dn, (LDAPDN_rewrite_dummy *)LDAPDN_rewrite, 0 ); +} +#endif