X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=servers%2Fslapd%2Fdn.c;h=9143096db475b98be61ff3a66789be0832ab2bca;hb=10ef5cf2fd090506ae9ef4079c422ef7a7fa21ca;hp=54a4a61e8ab60e636d5fddc85e28d6cd74abfc95;hpb=763c0de59b423f88b8a0f2aa362fe6c37b4007b6;p=openldap
diff --git a/servers/slapd/dn.c b/servers/slapd/dn.c
index 54a4a61e8a..9143096db4 100644
--- a/servers/slapd/dn.c
+++ b/servers/slapd/dn.c
@@ -1,8 +1,27 @@
/* dn.c - routines for dealing with distinguished names */
/* $OpenLDAP$ */
-/*
- * Copyright 1998-2000 The OpenLDAP Foundation, All Rights Reserved.
- * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
+/* This work is part of OpenLDAP Software .
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * .
+ */
+/* Portions Copyright (c) 1995 Regents of the University of Michigan.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms are permitted
+ * provided that this notice is preserved and that due credit is given
+ * to the University of Michigan at Ann Arbor. The name of the University
+ * may not be used to endorse or promote products derived from this
+ * software without specific prior written permission. This software
+ * is provided ``as is'' without express or implied warranty.
*/
#include "portable.h"
@@ -14,11 +33,8 @@
#include
#include
-#include "ldap_pvt.h"
-
#include "slap.h"
-
-#define SLAP_LDAPDN_PRETTY 0x1
+#include "lutil.h"
/*
* The DN syntax-related functions take advantage of the dn representation
@@ -37,37 +53,96 @@
#define AVA_PRIVATE( ava ) ( ( AttributeDescription * )(ava)->la_private )
+static int
+LDAPRDN_validate( LDAPRDN rdn )
+{
+ int iAVA;
+ int rc;
+
+ assert( rdn != NULL );
+
+ for ( iAVA = 0; rdn[ iAVA ]; iAVA++ ) {
+ LDAPAVA *ava = rdn[ iAVA ];
+ AttributeDescription *ad;
+ slap_syntax_validate_func *validate = NULL;
+
+ assert( ava != NULL );
+
+ if ( ( ad = AVA_PRIVATE( ava ) ) == NULL ) {
+ const char *text = NULL;
+
+ rc = slap_bv2ad( &ava->la_attr, &ad, &text );
+ if ( rc != LDAP_SUCCESS ) {
+ rc = slap_bv2undef_ad( &ava->la_attr,
+ &ad, &text,
+ SLAP_AD_PROXIED|SLAP_AD_NOINSERT );
+ if ( rc != LDAP_SUCCESS ) {
+ return LDAP_INVALID_SYNTAX;
+ }
+ }
+
+ ava->la_private = ( void * )ad;
+ }
+
+ /*
+ * Replace attr oid/name with the canonical name
+ */
+ ava->la_attr = ad->ad_cname;
+
+ validate = ad->ad_type->sat_syntax->ssyn_validate;
+
+ if ( validate ) {
+ /*
+ * validate value by validate function
+ */
+ rc = ( *validate )( ad->ad_type->sat_syntax,
+ &ava->la_value );
+
+ if ( rc != LDAP_SUCCESS ) {
+ return LDAP_INVALID_SYNTAX;
+ }
+ }
+ }
+
+ return LDAP_SUCCESS;
+}
+
/*
* In-place, schema-aware validation of the
* structural representation of a distinguished name.
*/
static int
-LDAPDN_validate( LDAPDN *dn )
+LDAPDN_validate( LDAPDN dn )
{
int iRDN;
int rc;
- assert( dn );
+ assert( dn != NULL );
- for ( iRDN = 0; dn[ 0 ][ iRDN ]; iRDN++ ) {
- LDAPRDN *rdn = dn[ 0 ][ iRDN ];
+ for ( iRDN = 0; dn[ iRDN ]; iRDN++ ) {
+ LDAPRDN rdn = dn[ iRDN ];
int iAVA;
- assert( rdn );
+ assert( rdn != NULL );
- for ( iAVA = 0; rdn[ 0 ][ iAVA ]; iAVA++ ) {
- LDAPAVA *ava = rdn[ 0 ][ iAVA ];
+ for ( iAVA = 0; rdn[ iAVA ]; iAVA++ ) {
+ LDAPAVA *ava = rdn[ iAVA ];
AttributeDescription *ad;
slap_syntax_validate_func *validate = NULL;
- assert( ava );
+ assert( ava != NULL );
if ( ( ad = AVA_PRIVATE( ava ) ) == NULL ) {
const char *text = NULL;
rc = slap_bv2ad( &ava->la_attr, &ad, &text );
if ( rc != LDAP_SUCCESS ) {
- return LDAP_INVALID_SYNTAX;
+ rc = slap_bv2undef_ad( &ava->la_attr,
+ &ad, &text,
+ SLAP_AD_PROXIED|SLAP_AD_NOINSERT );
+ if ( rc != LDAP_SUCCESS ) {
+ return LDAP_INVALID_SYNTAX;
+ }
}
ava->la_private = ( void * )ad;
@@ -106,31 +181,76 @@ dnValidate(
struct berval *in )
{
int rc;
- LDAPDN *dn = NULL;
+ LDAPDN dn = NULL;
- assert( in );
+ assert( in != NULL );
if ( in->bv_len == 0 ) {
- return( LDAP_SUCCESS );
+ return LDAP_SUCCESS;
+
+ } else if ( in->bv_len > SLAP_LDAPDN_MAXLEN ) {
+ return LDAP_INVALID_SYNTAX;
}
- rc = ldap_str2dn( in->bv_val, &dn, LDAP_DN_FORMAT_LDAP );
+ rc = ldap_bv2dn( in, &dn, LDAP_DN_FORMAT_LDAP );
+ if ( rc != LDAP_SUCCESS ) {
+ return LDAP_INVALID_SYNTAX;
+ }
+
+ assert( strlen( in->bv_val ) == in->bv_len );
/*
* Schema-aware validate
*/
- if ( rc == LDAP_SUCCESS ) {
- rc = LDAPDN_validate( dn );
- ldap_dnfree( dn );
+ rc = LDAPDN_validate( dn );
+ ldap_dnfree( dn );
+
+ if ( rc != LDAP_SUCCESS ) {
+ return LDAP_INVALID_SYNTAX;
}
-
+
+ return LDAP_SUCCESS;
+}
+
+int
+rdnValidate(
+ Syntax *syntax,
+ struct berval *in )
+{
+ int rc;
+ LDAPRDN rdn;
+ char* p;
+
+ assert( in != NULL );
+ if ( in->bv_len == 0 ) {
+ return LDAP_SUCCESS;
+
+ } else if ( in->bv_len > SLAP_LDAPDN_MAXLEN ) {
+ return LDAP_INVALID_SYNTAX;
+ }
+
+ rc = ldap_bv2rdn_x( in , &rdn, (char **) &p,
+ LDAP_DN_FORMAT_LDAP, NULL);
+ if ( rc != LDAP_SUCCESS ) {
+ return LDAP_INVALID_SYNTAX;
+ }
+
+ assert( strlen( in->bv_val ) == in->bv_len );
+
+ /*
+ * Schema-aware validate
+ */
+ rc = LDAPRDN_validate( rdn );
+ ldap_rdnfree( rdn );
+
if ( rc != LDAP_SUCCESS ) {
- return( LDAP_INVALID_SYNTAX );
+ return LDAP_INVALID_SYNTAX;
}
- return( LDAP_SUCCESS );
+ return LDAP_SUCCESS;
}
+
/*
* AVA sorting inside a RDN
*
@@ -139,73 +259,180 @@ dnValidate(
* (use memcmp, which implies alphabetical order in case of IA5 value;
* this should guarantee the repeatability of the operation).
*
- * uses a linear search; should be fine since the number of AVAs in
+ * Note: the sorting can be slightly improved by sorting first
+ * by attribute type length, then by alphabetical order.
+ *
+ * uses an insertion sort; should be fine since the number of AVAs in
* a RDN should be limited.
*/
-static void
-AVA_Sort( LDAPRDN *rdn, int iAVA )
+static int
+AVA_Sort( LDAPRDN rdn, int nAVAs )
{
+ LDAPAVA *ava_i;
int i;
- LDAPAVA *ava_in = rdn[ 0 ][ iAVA ];
- assert( rdn );
- assert( ava_in );
-
- for ( i = 0; i < iAVA; i++ ) {
- LDAPAVA *ava = rdn[ 0 ][ i ];
- int a, j;
+ assert( rdn != NULL );
- assert( ava );
+ for ( i = 1; i < nAVAs; i++ ) {
+ LDAPAVA *ava_j;
+ int j;
- a = strcmp( ava_in->la_attr.bv_val, ava->la_attr.bv_val );
+ ava_i = rdn[ i ];
+ for ( j = i-1; j >=0; j-- ) {
+ int a;
- if ( a > 0 ) {
- break;
- }
+ ava_j = rdn[ j ];
+ a = strcmp( ava_i->la_attr.bv_val, ava_j->la_attr.bv_val );
- while ( a == 0 ) {
- int v, d;
+ if ( a == 0 ) {
+ int d;
- d = ava_in->la_value.bv_len - ava->la_value.bv_len;
+ d = ava_i->la_value.bv_len - ava_j->la_value.bv_len;
- v = memcmp( ava_in->la_value.bv_val,
- ava->la_value.bv_val,
- d <= 0 ? ava_in->la_value.bv_len
- : ava->la_value.bv_len );
+ a = memcmp( ava_i->la_value.bv_val,
+ ava_j->la_value.bv_val,
+ d <= 0 ? ava_i->la_value.bv_len
+ : ava_j->la_value.bv_len );
- if ( v == 0 && d != 0 ) {
- v = d;
+ if ( a == 0 ) {
+ a = d;
+ }
}
+ /* Duplicates are not allowed */
+ if ( a == 0 )
+ return LDAP_INVALID_DN_SYNTAX;
- if ( v <= 0 ) {
- /*
- * got it!
- */
+ if ( a > 0 )
break;
+
+ rdn[ j+1 ] = rdn[ j ];
+ }
+ rdn[ j+1 ] = ava_i;
+ }
+ return LDAP_SUCCESS;
+}
+
+static int
+LDAPRDN_rewrite( LDAPRDN rdn, unsigned flags, void *ctx )
+{
+
+ int rc, iAVA, do_sort = 0;
+
+ for ( iAVA = 0; rdn[ iAVA ]; iAVA++ ) {
+ LDAPAVA *ava = rdn[ iAVA ];
+ AttributeDescription *ad;
+ slap_syntax_validate_func *validf = NULL;
+ slap_mr_normalize_func *normf = NULL;
+ slap_syntax_transform_func *transf = NULL;
+ MatchingRule *mr = NULL;
+ struct berval bv = BER_BVNULL;
+
+ assert( ava != NULL );
+
+ if ( ( ad = AVA_PRIVATE( ava ) ) == NULL ) {
+ const char *text = NULL;
+
+ rc = slap_bv2ad( &ava->la_attr, &ad, &text );
+ if ( rc != LDAP_SUCCESS ) {
+ rc = slap_bv2undef_ad( &ava->la_attr,
+ &ad, &text,
+ SLAP_AD_PROXIED|SLAP_AD_NOINSERT );
+ if ( rc != LDAP_SUCCESS ) {
+ return LDAP_INVALID_SYNTAX;
+ }
}
+
+ ava->la_private = ( void * )ad;
+ do_sort = 1;
+ }
- if ( ++i == iAVA ) {
- /*
- * already sorted
- */
- return;
+ /*
+ * Replace attr oid/name with the canonical name
+ */
+ ava->la_attr = ad->ad_cname;
+
+ if( ava->la_flags & LDAP_AVA_BINARY ) {
+ if( ava->la_value.bv_len == 0 ) {
+ /* BER encoding is empty */
+ return LDAP_INVALID_SYNTAX;
}
- ava = rdn[ 0 ][ i ];
- a = strcmp( ava_in->la_value.bv_val,
- ava->la_value.bv_val );
+ /* AVA is binary encoded, don't muck with it */
+ } else if( flags & SLAP_LDAPDN_PRETTY ) {
+ transf = ad->ad_type->sat_syntax->ssyn_pretty;
+ if( !transf ) {
+ validf = ad->ad_type->sat_syntax->ssyn_validate;
+ }
+ } else { /* normalization */
+ validf = ad->ad_type->sat_syntax->ssyn_validate;
+ mr = ad->ad_type->sat_equality;
+ if( mr && (!( mr->smr_usage & SLAP_MR_MUTATION_NORMALIZER ))) {
+ normf = mr->smr_normalize;
+ }
}
- /*
- * move ahead
- */
- for ( j = iAVA; j > i; j-- ) {
- rdn[ 0 ][ j ] = rdn[ 0 ][ j - 1 ];
+ if ( validf ) {
+ /* validate value before normalization */
+ rc = ( *validf )( ad->ad_type->sat_syntax,
+ ava->la_value.bv_len
+ ? &ava->la_value
+ : (struct berval *) &slap_empty_bv );
+
+ if ( rc != LDAP_SUCCESS ) {
+ return LDAP_INVALID_SYNTAX;
+ }
}
- rdn[ 0 ][ i ] = ava_in;
- return;
+ if ( transf ) {
+ /*
+ * transform value by pretty function
+ * if value is empty, use empty_bv
+ */
+ rc = ( *transf )( ad->ad_type->sat_syntax,
+ ava->la_value.bv_len
+ ? &ava->la_value
+ : (struct berval *) &slap_empty_bv,
+ &bv, ctx );
+
+ if ( rc != LDAP_SUCCESS ) {
+ return LDAP_INVALID_SYNTAX;
+ }
+ }
+
+ if ( normf ) {
+ /*
+ * normalize value
+ * if value is empty, use empty_bv
+ */
+ rc = ( *normf )(
+ SLAP_MR_VALUE_OF_ASSERTION_SYNTAX,
+ ad->ad_type->sat_syntax,
+ mr,
+ ava->la_value.bv_len
+ ? &ava->la_value
+ : (struct berval *) &slap_empty_bv,
+ &bv, ctx );
+
+ if ( rc != LDAP_SUCCESS ) {
+ return LDAP_INVALID_SYNTAX;
+ }
+ }
+
+
+ if( bv.bv_val ) {
+ if ( ava->la_flags & LDAP_AVA_FREE_VALUE )
+ ber_memfree_x( ava->la_value.bv_val, ctx );
+ ava->la_value = bv;
+ ava->la_flags |= LDAP_AVA_FREE_VALUE;
+ }
}
+ rc = LDAP_SUCCESS;
+
+ if ( do_sort ) {
+ rc = AVA_Sort( rdn, iAVA );
+ }
+
+ return rc;
}
/*
@@ -213,35 +440,42 @@ AVA_Sort( LDAPRDN *rdn, int iAVA )
* structural representation of a distinguished name.
*/
static int
-LDAPDN_rewrite( LDAPDN *dn, unsigned flags )
+LDAPDN_rewrite( LDAPDN dn, unsigned flags, void *ctx )
{
int iRDN;
int rc;
- assert( dn );
+ assert( dn != NULL );
- for ( iRDN = 0; dn[ 0 ][ iRDN ]; iRDN++ ) {
- LDAPRDN *rdn = dn[ 0 ][ iRDN ];
+ for ( iRDN = 0; dn[ iRDN ]; iRDN++ ) {
+ LDAPRDN rdn = dn[ iRDN ];
int iAVA;
- assert( rdn );
+ assert( rdn != NULL );
- for ( iAVA = 0; rdn[ 0 ][ iAVA ]; iAVA++ ) {
- LDAPAVA *ava = rdn[ 0 ][ iAVA ];
+ for ( iAVA = 0; rdn[ iAVA ]; iAVA++ ) {
+ LDAPAVA *ava = rdn[ iAVA ];
AttributeDescription *ad;
+ slap_syntax_validate_func *validf = NULL;
+ slap_mr_normalize_func *normf = NULL;
slap_syntax_transform_func *transf = NULL;
- MatchingRule *mr;
- struct berval bv = { 0, NULL };
+ MatchingRule *mr = NULL;
+ struct berval bv = BER_BVNULL;
int do_sort = 0;
- assert( ava );
+ assert( ava != NULL );
if ( ( ad = AVA_PRIVATE( ava ) ) == NULL ) {
const char *text = NULL;
rc = slap_bv2ad( &ava->la_attr, &ad, &text );
if ( rc != LDAP_SUCCESS ) {
- return LDAP_INVALID_SYNTAX;
+ rc = slap_bv2undef_ad( &ava->la_attr,
+ &ad, &text,
+ SLAP_AD_PROXIED|SLAP_AD_NOINSERT );
+ if ( rc != LDAP_SUCCESS ) {
+ return LDAP_INVALID_SYNTAX;
+ }
}
ava->la_private = ( void * )ad;
@@ -253,38 +487,79 @@ LDAPDN_rewrite( LDAPDN *dn, unsigned flags )
*/
ava->la_attr = ad->ad_cname;
- if( flags & SLAP_LDAPDN_PRETTY ) {
+ if( ava->la_flags & LDAP_AVA_BINARY ) {
+ if( ava->la_value.bv_len == 0 ) {
+ /* BER encoding is empty */
+ return LDAP_INVALID_SYNTAX;
+ }
+
+ /* AVA is binary encoded, don't muck with it */
+ } else if( flags & SLAP_LDAPDN_PRETTY ) {
transf = ad->ad_type->sat_syntax->ssyn_pretty;
- mr = NULL;
- } else {
- transf = ad->ad_type->sat_syntax->ssyn_normalize;
+ if( !transf ) {
+ validf = ad->ad_type->sat_syntax->ssyn_validate;
+ }
+ } else { /* normalization */
+ validf = ad->ad_type->sat_syntax->ssyn_validate;
mr = ad->ad_type->sat_equality;
+ if( mr && (!( mr->smr_usage & SLAP_MR_MUTATION_NORMALIZER ))) {
+ normf = mr->smr_normalize;
+ }
+ }
+
+ if ( validf ) {
+ /* validate value before normalization */
+ rc = ( *validf )( ad->ad_type->sat_syntax,
+ ava->la_value.bv_len
+ ? &ava->la_value
+ : (struct berval *) &slap_empty_bv );
+
+ if ( rc != LDAP_SUCCESS ) {
+ return LDAP_INVALID_SYNTAX;
+ }
}
if ( transf ) {
/*
- * transform value by normalize/pretty function
+ * transform value by pretty function
+ * if value is empty, use empty_bv
*/
rc = ( *transf )( ad->ad_type->sat_syntax,
- &ava->la_value, &bv );
+ ava->la_value.bv_len
+ ? &ava->la_value
+ : (struct berval *) &slap_empty_bv,
+ &bv, ctx );
if ( rc != LDAP_SUCCESS ) {
return LDAP_INVALID_SYNTAX;
}
}
- if( mr && ( mr->smr_usage & SLAP_MR_DN_FOLD ) ) {
- char *s = bv.bv_val;
-
- ber_str2bv( UTF8normalize( bv.bv_val ? &bv
- : &ava->la_value, LDAP_UTF8_CASEFOLD ),
- 0, 0, &bv );
- free( s );
+ if ( normf ) {
+ /*
+ * normalize value
+ * if value is empty, use empty_bv
+ */
+ rc = ( *normf )(
+ SLAP_MR_VALUE_OF_ASSERTION_SYNTAX,
+ ad->ad_type->sat_syntax,
+ mr,
+ ava->la_value.bv_len
+ ? &ava->la_value
+ : (struct berval *) &slap_empty_bv,
+ &bv, ctx );
+
+ if ( rc != LDAP_SUCCESS ) {
+ return LDAP_INVALID_SYNTAX;
+ }
}
+
if( bv.bv_val ) {
- free( ava->la_value.bv_val );
+ if ( ava->la_flags & LDAP_AVA_FREE_VALUE )
+ ber_memfree_x( ava->la_value.bv_val, ctx );
ava->la_value = bv;
+ ava->la_flags |= LDAP_AVA_FREE_VALUE;
}
if( do_sort ) AVA_Sort( rdn, iAVA );
@@ -294,72 +569,113 @@ LDAPDN_rewrite( LDAPDN *dn, unsigned flags )
return LDAP_SUCCESS;
}
-/*
- * dn normalize routine
- */
int
dnNormalize(
- Syntax *syntax,
- struct berval *val,
- struct berval **normalized )
+ slap_mask_t use,
+ Syntax *syntax,
+ MatchingRule *mr,
+ struct berval *val,
+ struct berval *out,
+ void *ctx)
{
- struct berval *out;
- int rc;
+ assert( val != NULL );
+ assert( out != NULL );
- assert( normalized && *normalized == NULL );
+ Debug( LDAP_DEBUG_TRACE, ">>> dnNormalize: <%s>\n", val->bv_val, 0, 0 );
- out = ch_malloc( sizeof( struct berval ) );
- rc = dnNormalize2( syntax, val, out );
- if ( rc != LDAP_SUCCESS )
- free( out );
- else
- *normalized = out;
- return rc;
+ if ( val->bv_len != 0 ) {
+ LDAPDN dn = NULL;
+ int rc;
+
+ /*
+ * Go to structural representation
+ */
+ rc = ldap_bv2dn_x( val, &dn, LDAP_DN_FORMAT_LDAP, ctx );
+ if ( rc != LDAP_SUCCESS ) {
+ return LDAP_INVALID_SYNTAX;
+ }
+
+ assert( strlen( val->bv_val ) == val->bv_len );
+
+ /*
+ * Schema-aware rewrite
+ */
+ if ( LDAPDN_rewrite( dn, 0, ctx ) != LDAP_SUCCESS ) {
+ ldap_dnfree_x( dn, ctx );
+ return LDAP_INVALID_SYNTAX;
+ }
+
+ /*
+ * Back to string representation
+ */
+ rc = ldap_dn2bv_x( dn, out,
+ LDAP_DN_FORMAT_LDAPV3 | LDAP_DN_PRETTY, ctx );
+
+ ldap_dnfree_x( dn, ctx );
+
+ if ( rc != LDAP_SUCCESS ) {
+ return LDAP_INVALID_SYNTAX;
+ }
+ } else {
+ ber_dupbv_x( out, val, ctx );
+ }
+
+ Debug( LDAP_DEBUG_TRACE, "<<< dnNormalize: <%s>\n", out->bv_val, 0, 0 );
+
+ return LDAP_SUCCESS;
}
int
-dnNormalize2(
- Syntax *syntax,
- struct berval *val,
- struct berval *out )
+rdnNormalize(
+ slap_mask_t use,
+ Syntax *syntax,
+ MatchingRule *mr,
+ struct berval *val,
+ struct berval *out,
+ void *ctx)
{
- assert( val );
- assert( out );
+ assert( val != NULL );
+ assert( out != NULL );
Debug( LDAP_DEBUG_TRACE, ">>> dnNormalize: <%s>\n", val->bv_val, 0, 0 );
-
if ( val->bv_len != 0 ) {
- LDAPDN *dn = NULL;
+ LDAPRDN rdn = NULL;
int rc;
+ char* p;
/*
* Go to structural representation
*/
- rc = ldap_str2dn( val->bv_val, &dn, LDAP_DN_FORMAT_LDAP );
+ rc = ldap_bv2rdn_x( val , &rdn, (char **) &p,
+ LDAP_DN_FORMAT_LDAP, ctx);
+
if ( rc != LDAP_SUCCESS ) {
return LDAP_INVALID_SYNTAX;
}
+ assert( strlen( val->bv_val ) == val->bv_len );
+
/*
* Schema-aware rewrite
*/
- if ( LDAPDN_rewrite( dn, 0 ) != LDAP_SUCCESS ) {
- ldap_dnfree( dn );
+ if ( LDAPRDN_rewrite( rdn, 0, ctx ) != LDAP_SUCCESS ) {
+ ldap_rdnfree_x( rdn, ctx );
return LDAP_INVALID_SYNTAX;
}
/*
* Back to string representation
*/
- rc = ldap_dn2bv( dn, out, LDAP_DN_FORMAT_LDAPV3 );
+ rc = ldap_rdn2bv_x( rdn, out,
+ LDAP_DN_FORMAT_LDAPV3 | LDAP_DN_PRETTY, ctx );
- ldap_dnfree( dn );
+ ldap_rdnfree_x( rdn, ctx );
if ( rc != LDAP_SUCCESS ) {
return LDAP_INVALID_SYNTAX;
}
} else {
- ber_dupbv( out, val );
+ ber_dupbv_x( out, val, ctx );
}
Debug( LDAP_DEBUG_TRACE, "<<< dnNormalize: <%s>\n", out->bv_val, 0, 0 );
@@ -367,55 +683,100 @@ dnNormalize2(
return LDAP_SUCCESS;
}
-/*
- * dn "pretty"ing routine
- */
int
dnPretty(
Syntax *syntax,
struct berval *val,
- struct berval **pretty)
+ struct berval *out,
+ void *ctx)
{
- struct berval *out;
- int rc;
+ assert( val != NULL );
+ assert( out != NULL );
- assert( pretty && *pretty == NULL );
+ Debug( LDAP_DEBUG_TRACE, ">>> dnPretty: <%s>\n", val->bv_val, 0, 0 );
- out = ch_malloc( sizeof( struct berval ) );
- rc = dnPretty2( syntax, val, out );
- if ( rc != LDAP_SUCCESS )
- free( out );
- else
- *pretty = out;
- return rc;
+ if ( val->bv_len == 0 ) {
+ ber_dupbv_x( out, val, ctx );
+
+ } else if ( val->bv_len > SLAP_LDAPDN_MAXLEN ) {
+ return LDAP_INVALID_SYNTAX;
+
+ } else {
+ LDAPDN dn = NULL;
+ int rc;
+
+ /* FIXME: should be liberal in what we accept */
+ rc = ldap_bv2dn_x( val, &dn, LDAP_DN_FORMAT_LDAP, ctx );
+ if ( rc != LDAP_SUCCESS ) {
+ return LDAP_INVALID_SYNTAX;
+ }
+
+ assert( strlen( val->bv_val ) == val->bv_len );
+
+ /*
+ * Schema-aware rewrite
+ */
+ if ( LDAPDN_rewrite( dn, SLAP_LDAPDN_PRETTY, ctx ) != LDAP_SUCCESS ) {
+ ldap_dnfree_x( dn, ctx );
+ return LDAP_INVALID_SYNTAX;
+ }
+
+ /* FIXME: not sure why the default isn't pretty */
+ /* RE: the default is the form that is used as
+ * an internal representation; the pretty form
+ * is a variant */
+ rc = ldap_dn2bv_x( dn, out,
+ LDAP_DN_FORMAT_LDAPV3 | LDAP_DN_PRETTY, ctx );
+
+ ldap_dnfree_x( dn, ctx );
+
+ if ( rc != LDAP_SUCCESS ) {
+ return LDAP_INVALID_SYNTAX;
+ }
+ }
+
+ Debug( LDAP_DEBUG_TRACE, "<<< dnPretty: <%s>\n", out->bv_val, 0, 0 );
+
+ return LDAP_SUCCESS;
}
int
-dnPretty2(
+rdnPretty(
Syntax *syntax,
struct berval *val,
- struct berval *out)
+ struct berval *out,
+ void *ctx)
{
- assert( val );
- assert( out );
+ assert( val != NULL );
+ assert( out != NULL );
Debug( LDAP_DEBUG_TRACE, ">>> dnPretty: <%s>\n", val->bv_val, 0, 0 );
- if ( val->bv_len != 0 ) {
- LDAPDN *dn = NULL;
+ if ( val->bv_len == 0 ) {
+ ber_dupbv_x( out, val, ctx );
+
+ } else if ( val->bv_len > SLAP_LDAPDN_MAXLEN ) {
+ return LDAP_INVALID_SYNTAX;
+
+ } else {
+ LDAPRDN rdn = NULL;
int rc;
+ char* p;
/* FIXME: should be liberal in what we accept */
- rc = ldap_str2dn( val->bv_val, &dn, LDAP_DN_FORMAT_LDAP );
+ rc = ldap_bv2rdn_x( val , &rdn, (char **) &p,
+ LDAP_DN_FORMAT_LDAP, ctx);
if ( rc != LDAP_SUCCESS ) {
return LDAP_INVALID_SYNTAX;
}
+ assert( strlen( val->bv_val ) == val->bv_len );
+
/*
* Schema-aware rewrite
*/
- if ( LDAPDN_rewrite( dn, SLAP_LDAPDN_PRETTY ) != LDAP_SUCCESS ) {
- ldap_dnfree( dn );
+ if ( LDAPRDN_rewrite( rdn, SLAP_LDAPDN_PRETTY, ctx ) != LDAP_SUCCESS ) {
+ ldap_rdnfree_x( rdn, ctx );
return LDAP_INVALID_SYNTAX;
}
@@ -423,16 +784,14 @@ dnPretty2(
/* RE: the default is the form that is used as
* an internal representation; the pretty form
* is a variant */
- rc = ldap_dn2bv( dn, out,
- LDAP_DN_FORMAT_LDAPV3 | LDAP_DN_PRETTY );
+ rc = ldap_rdn2bv_x( rdn, out,
+ LDAP_DN_FORMAT_LDAPV3 | LDAP_DN_PRETTY, ctx );
- ldap_dnfree( dn );
+ ldap_rdnfree_x( rdn, ctx );
if ( rc != LDAP_SUCCESS ) {
return LDAP_INVALID_SYNTAX;
}
- } else {
- ber_dupbv( out, val );
}
Debug( LDAP_DEBUG_TRACE, "<<< dnPretty: <%s>\n", out->bv_val, 0, 0 );
@@ -440,6 +799,56 @@ dnPretty2(
return LDAP_SUCCESS;
}
+
+int
+dnPrettyNormalDN(
+ Syntax *syntax,
+ struct berval *val,
+ LDAPDN *dn,
+ int flags,
+ void *ctx )
+{
+ assert( val != NULL );
+ assert( dn != NULL );
+
+ Debug( LDAP_DEBUG_TRACE, ">>> dn%sDN: <%s>\n",
+ flags == SLAP_LDAPDN_PRETTY ? "Pretty" : "Normal",
+ val->bv_val, 0 );
+
+ if ( val->bv_len == 0 ) {
+ return LDAP_SUCCESS;
+
+ } else if ( val->bv_len > SLAP_LDAPDN_MAXLEN ) {
+ return LDAP_INVALID_SYNTAX;
+
+ } else {
+ int rc;
+
+ /* FIXME: should be liberal in what we accept */
+ rc = ldap_bv2dn_x( val, dn, LDAP_DN_FORMAT_LDAP, ctx );
+ if ( rc != LDAP_SUCCESS ) {
+ return LDAP_INVALID_SYNTAX;
+ }
+
+ assert( strlen( val->bv_val ) == val->bv_len );
+
+ /*
+ * Schema-aware rewrite
+ */
+ if ( LDAPDN_rewrite( *dn, flags, ctx ) != LDAP_SUCCESS ) {
+ ldap_dnfree_x( *dn, ctx );
+ *dn = NULL;
+ return LDAP_INVALID_SYNTAX;
+ }
+ }
+
+ Debug( LDAP_DEBUG_TRACE, "<<< dn%sDN\n",
+ flags == SLAP_LDAPDN_PRETTY ? "Pretty" : "Normal",
+ 0, 0 );
+
+ return LDAP_SUCCESS;
+}
+
/*
* Combination of both dnPretty and dnNormalize
*/
@@ -448,16 +857,25 @@ dnPrettyNormal(
Syntax *syntax,
struct berval *val,
struct berval *pretty,
- struct berval *normal)
+ struct berval *normal,
+ void *ctx)
{
Debug( LDAP_DEBUG_TRACE, ">>> dnPrettyNormal: <%s>\n", val->bv_val, 0, 0 );
- assert( val );
- assert( pretty );
- assert( normal );
+ assert( val != NULL );
+ assert( pretty != NULL );
+ assert( normal != NULL );
- if ( val->bv_len != 0 ) {
- LDAPDN *dn = NULL;
+ if ( val->bv_len == 0 ) {
+ ber_dupbv_x( pretty, val, ctx );
+ ber_dupbv_x( normal, val, ctx );
+
+ } else if ( val->bv_len > SLAP_LDAPDN_MAXLEN ) {
+ /* too big */
+ return LDAP_INVALID_SYNTAX;
+
+ } else {
+ LDAPDN dn = NULL;
int rc;
pretty->bv_val = NULL;
@@ -466,47 +884,47 @@ dnPrettyNormal(
normal->bv_len = 0;
/* FIXME: should be liberal in what we accept */
- rc = ldap_str2dn( val->bv_val, &dn, LDAP_DN_FORMAT_LDAP );
+ rc = ldap_bv2dn_x( val, &dn, LDAP_DN_FORMAT_LDAP, ctx );
if ( rc != LDAP_SUCCESS ) {
return LDAP_INVALID_SYNTAX;
}
+ assert( strlen( val->bv_val ) == val->bv_len );
+
/*
* Schema-aware rewrite
*/
- if ( LDAPDN_rewrite( dn, SLAP_LDAPDN_PRETTY ) != LDAP_SUCCESS ) {
- ldap_dnfree( dn );
+ if ( LDAPDN_rewrite( dn, SLAP_LDAPDN_PRETTY, ctx ) != LDAP_SUCCESS ) {
+ ldap_dnfree_x( dn, ctx );
return LDAP_INVALID_SYNTAX;
}
- rc = ldap_dn2bv( dn, pretty,
- LDAP_DN_FORMAT_LDAPV3 | LDAP_DN_PRETTY );
+ rc = ldap_dn2bv_x( dn, pretty,
+ LDAP_DN_FORMAT_LDAPV3 | LDAP_DN_PRETTY, ctx );
if ( rc != LDAP_SUCCESS ) {
- ldap_dnfree( dn );
+ ldap_dnfree_x( dn, ctx );
return LDAP_INVALID_SYNTAX;
}
- if ( LDAPDN_rewrite( dn, 0 ) != LDAP_SUCCESS ) {
- ldap_dnfree( dn );
- free( pretty->bv_val );
+ if ( LDAPDN_rewrite( dn, 0, ctx ) != LDAP_SUCCESS ) {
+ ldap_dnfree_x( dn, ctx );
+ ber_memfree_x( pretty->bv_val, ctx );
pretty->bv_val = NULL;
pretty->bv_len = 0;
return LDAP_INVALID_SYNTAX;
}
- rc = ldap_dn2bv( dn, normal, LDAP_DN_FORMAT_LDAPV3 );
+ rc = ldap_dn2bv_x( dn, normal,
+ LDAP_DN_FORMAT_LDAPV3 | LDAP_DN_PRETTY, ctx );
- ldap_dnfree( dn );
+ ldap_dnfree_x( dn, ctx );
if ( rc != LDAP_SUCCESS ) {
- free( pretty->bv_val );
+ ber_memfree_x( pretty->bv_val, ctx );
pretty->bv_val = NULL;
pretty->bv_len = 0;
return LDAP_INVALID_SYNTAX;
}
- } else {
- ber_dupbv( pretty, val );
- ber_dupbv( normal, val );
}
Debug( LDAP_DEBUG_TRACE, "<<< dnPrettyNormal: <%s>, <%s>\n",
@@ -530,221 +948,261 @@ dnMatch(
int match;
struct berval *asserted = (struct berval *) assertedValue;
- assert( matchp );
- assert( value );
- assert( assertedValue );
+ assert( matchp != NULL );
+ assert( value != NULL );
+ assert( assertedValue != NULL );
+ assert( !BER_BVISNULL( value ) );
+ assert( !BER_BVISNULL( asserted ) );
match = value->bv_len - asserted->bv_len;
if ( match == 0 ) {
- match = strcmp( value->bv_val, asserted->bv_val );
+ match = memcmp( value->bv_val, asserted->bv_val,
+ value->bv_len );
}
-#ifdef NEW_LOGGING
- LDAP_LOG(( "schema", LDAP_LEVEL_ENTRY,
- "dnMatch: %d\n %s\n %s\n", match,
- value->bv_val, asserted->bv_val ));
-#else
Debug( LDAP_DEBUG_ARGS, "dnMatch %d\n\t\"%s\"\n\t\"%s\"\n",
match, value->bv_val, asserted->bv_val );
-#endif
*matchp = match;
- return( LDAP_SUCCESS );
+ return LDAP_SUCCESS;
}
-#ifdef SLAP_DN_MIGRATION
/*
- * these routines are provided for migration purposes only!
- * dn_validate is deprecated in favor of dnValidate
- * dn_normalize is deprecated in favor of dnNormalize
- * strcmp/strcasecmp for DNs is deprecated in favor of dnMatch
- *
- * other routines are likewise deprecated but may not yet have
- * replacement functions.
+ * dnRelativeMatch routine
*/
-
-/*
- * dn_validate - validate and compress dn. the dn is
- * compressed in place are returned if valid.
- * Deprecated in favor of dnValidate()
- */
-char *
-dn_validate( char *dn )
+int
+dnRelativeMatch(
+ int *matchp,
+ slap_mask_t flags,
+ Syntax *syntax,
+ MatchingRule *mr,
+ struct berval *value,
+ void *assertedValue )
{
- struct berval val;
- struct berval *pretty = NULL;
- int rc;
-
- if ( dn == NULL || dn[0] == '\0' ) {
- return dn;
- }
+ int match;
+ struct berval *asserted = (struct berval *) assertedValue;
- val.bv_val = dn;
- val.bv_len = strlen( dn );
+ assert( matchp != NULL );
+ assert( value != NULL );
+ assert( assertedValue != NULL );
+ assert( !BER_BVISNULL( value ) );
+ assert( !BER_BVISNULL( asserted ) );
+
+ if( mr == slap_schema.si_mr_dnSubtreeMatch ) {
+ if( asserted->bv_len > value->bv_len ) {
+ match = -1;
+ } else if ( asserted->bv_len == value->bv_len ) {
+ match = memcmp( value->bv_val, asserted->bv_val,
+ value->bv_len );
+ } else {
+ if( DN_SEPARATOR(
+ value->bv_val[value->bv_len - asserted->bv_len - 1] ))
+ {
+ match = memcmp(
+ &value->bv_val[value->bv_len - asserted->bv_len],
+ asserted->bv_val,
+ asserted->bv_len );
+ } else {
+ match = 1;
+ }
+ }
- rc = dnPretty( NULL, &val, &pretty );
- if ( rc != LDAP_SUCCESS ) {
- return NULL;
+ *matchp = match;
+ return LDAP_SUCCESS;
}
- if ( val.bv_len < pretty->bv_len ) {
- ber_bvfree( pretty );
- return NULL;
+ if( mr == slap_schema.si_mr_dnSuperiorMatch ) {
+ asserted = value;
+ value = (struct berval *) assertedValue;
+ mr = slap_schema.si_mr_dnSubordinateMatch;
}
- AC_MEMCPY( dn, pretty->bv_val, pretty->bv_len + 1 );
- ber_bvfree( pretty );
+ if( mr == slap_schema.si_mr_dnSubordinateMatch ) {
+ if( asserted->bv_len >= value->bv_len ) {
+ match = -1;
+ } else {
+ if( DN_SEPARATOR(
+ value->bv_val[value->bv_len - asserted->bv_len - 1] ))
+ {
+ match = memcmp(
+ &value->bv_val[value->bv_len - asserted->bv_len],
+ asserted->bv_val,
+ asserted->bv_len );
+ } else {
+ match = 1;
+ }
+ }
- return dn;
-}
+ *matchp = match;
+ return LDAP_SUCCESS;
+ }
-/*
- * dn_normalize - put dn into a canonical form suitable for storing
- * in a hash database. this involves normalizing the case as well as
- * the format. the dn is normalized in place as well as returned if valid.
- * Deprecated in favor of dnNormalize()
- */
-char *
-dn_normalize( char *dn )
-{
- struct berval val;
- struct berval *normalized = NULL;
- int rc;
+ if( mr == slap_schema.si_mr_dnOneLevelMatch ) {
+ if( asserted->bv_len >= value->bv_len ) {
+ match = -1;
+ } else {
+ if( DN_SEPARATOR(
+ value->bv_val[value->bv_len - asserted->bv_len - 1] ))
+ {
+ match = memcmp(
+ &value->bv_val[value->bv_len - asserted->bv_len],
+ asserted->bv_val,
+ asserted->bv_len );
+
+ if( !match ) {
+ struct berval rdn;
+ rdn.bv_val = value->bv_val;
+ rdn.bv_len = value->bv_len - asserted->bv_len - 1;
+ match = dnIsOneLevelRDN( &rdn ) ? 0 : 1;
+ }
+ } else {
+ match = 1;
+ }
+ }
- if ( dn == NULL || dn[0] == '\0' ) {
- return dn;
+ *matchp = match;
+ return LDAP_SUCCESS;
}
- val.bv_val = dn;
- val.bv_len = strlen( dn );
+ /* should not be reachable */
+ assert( 0 );
+ return LDAP_OTHER;
+}
- rc = dnNormalize( NULL, &val, &normalized );
- if ( rc != LDAP_SUCCESS ) {
- return NULL;
- }
+int
+rdnMatch(
+ int *matchp,
+ slap_mask_t flags,
+ Syntax *syntax,
+ MatchingRule *mr,
+ struct berval *value,
+ void *assertedValue )
+{
+ int match;
+ struct berval *asserted = (struct berval *) assertedValue;
+
+ assert( matchp != NULL );
+ assert( value != NULL );
+ assert( assertedValue != NULL );
+
+ match = value->bv_len - asserted->bv_len;
- if ( val.bv_len < normalized->bv_len ) {
- ber_bvfree( normalized );
- return NULL;
+ if ( match == 0 ) {
+ match = memcmp( value->bv_val, asserted->bv_val,
+ value->bv_len );
}
- AC_MEMCPY( dn, normalized->bv_val, normalized->bv_len + 1 );
- ber_bvfree( normalized );
+ Debug( LDAP_DEBUG_ARGS, "rdnMatch %d\n\t\"%s\"\n\t\"%s\"\n",
+ match, value->bv_val, asserted->bv_val );
- return dn;
+ *matchp = match;
+ return LDAP_SUCCESS;
}
+
/*
* dnParent - dn's parent, in-place
+ * note: the incoming dn is assumed to be normalized/prettyfied,
+ * so that escaped rdn/ava separators are in '\'+hexpair form
+ *
+ * note: "dn" and "pdn" can point to the same berval;
+ * beware that, in this case, the pointer to the original buffer
+ * will get lost.
*/
-int
+void
dnParent(
- const char *dn,
- const char **pdn )
+ struct berval *dn,
+ struct berval *pdn )
{
- const char *p;
- int rc;
+ char *p;
- rc = ldap_str2rdn( dn, NULL, &p, LDAP_DN_FORMAT_LDAP | LDAP_DN_SKIP );
- if ( rc != LDAP_SUCCESS ) {
- return rc;
- }
+ p = ber_bvchr( dn, ',' );
- /* Parent is root */
- if (*p == '\0') {
- *pdn = "";
- return LDAP_SUCCESS;
+ /* one-level dn */
+ if ( p == NULL ) {
+ pdn->bv_len = 0;
+ pdn->bv_val = dn->bv_val + dn->bv_len;
+ return;
}
assert( DN_SEPARATOR( p[ 0 ] ) );
p++;
- while ( ASCII_SPACE( p[ 0 ] ) ) {
- p++;
- }
-
- *pdn = p;
+ assert( ATTR_LEADCHAR( p[ 0 ] ) );
+ pdn->bv_len = dn->bv_len - (p - dn->bv_val);
+ pdn->bv_val = p;
- return LDAP_SUCCESS;
+ return;
}
/*
- * dn_parent - return the dn's parent, in-place
- * FIXME: should be replaced by dnParent()
+ * dnRdn - dn's rdn, in-place
+ * note: the incoming dn is assumed to be normalized/prettyfied,
+ * so that escaped rdn/ava separators are in '\'+hexpair form
*/
-char *
-dn_parent(
- Backend *be,
- const char *dn )
+void
+dnRdn(
+ struct berval *dn,
+ struct berval *rdn )
{
- const char *pdn;
+ char *p;
- if ( dn == NULL ) {
- return NULL;
- }
+ *rdn = *dn;
+ p = ber_bvchr( dn, ',' );
- while ( dn[ 0 ] != '\0' && ASCII_SPACE( dn[ 0 ] ) ) {
- dn++;
- }
-
- if ( dn[ 0 ] == '\0' ) {
- return NULL;
+ /* one-level dn */
+ if ( p == NULL ) {
+ return;
}
- if ( be != NULL && be_issuffix( be, dn ) ) {
- return NULL;
- }
+ assert( DN_SEPARATOR( p[ 0 ] ) );
+ assert( ATTR_LEADCHAR( p[ 1 ] ) );
+ rdn->bv_len = p - dn->bv_val;
- if ( dnParent( dn, &pdn ) != LDAP_SUCCESS ) {
- return NULL;
- }
-
- return ( char * )pdn;
+ return;
}
int
dnExtractRdn(
struct berval *dn,
- struct berval *rdn )
+ struct berval *rdn,
+ void *ctx )
{
- LDAPRDN *tmpRDN;
+ LDAPRDN tmpRDN;
const char *p;
int rc;
- assert( dn );
- assert( rdn );
+ assert( dn != NULL );
+ assert( rdn != NULL );
if( dn->bv_len == 0 ) {
return LDAP_OTHER;
}
- rc = ldap_str2rdn( dn->bv_val, &tmpRDN, &p, LDAP_DN_FORMAT_LDAP );
+ rc = ldap_bv2rdn_x( dn, &tmpRDN, (char **)&p, LDAP_DN_FORMAT_LDAP, ctx );
if ( rc != LDAP_SUCCESS ) {
return rc;
}
- rc = ldap_rdn2bv( tmpRDN, rdn, LDAP_DN_FORMAT_LDAPV3 );
- ldap_rdnfree( tmpRDN );
- if ( rc != LDAP_SUCCESS ) {
- return rc;
- }
+ rc = ldap_rdn2bv_x( tmpRDN, rdn, LDAP_DN_FORMAT_LDAPV3 | LDAP_DN_PRETTY,
+ ctx );
- return LDAP_SUCCESS;
+ ldap_rdnfree_x( tmpRDN, ctx );
+ return rc;
}
/*
- * FIXME: should be replaced by dnExtractRdn() (together with dn_rdn)
+ * We can assume the input is a prettied or normalized DN
*/
-int
+ber_len_t
dn_rdnlen(
Backend *be,
struct berval *dn_in )
{
- int rc;
const char *p;
- assert( dn_in );
+ assert( dn_in != NULL );
if ( dn_in == NULL ) {
return 0;
@@ -754,189 +1212,13 @@ dn_rdnlen(
return 0;
}
- if ( be != NULL && be_issuffix( be, dn_in->bv_val ) ) {
+ if ( be != NULL && be_issuffix( be, dn_in ) ) {
return 0;
}
- rc = ldap_str2rdn( dn_in->bv_val, NULL, &p,
- LDAP_DN_FORMAT_LDAP | LDAP_DN_SKIP );
- if ( rc != LDAP_SUCCESS ) {
- return 0;
- }
+ p = ber_bvchr( dn_in, ',' );
- return p - dn_in->bv_val;
-}
-
-/*
- * FIXME: should be replaced by dnExtractRdn() (together with dn_rdnlen)
- */
-char * dn_rdn(
- Backend *be,
- struct berval *dn_in )
-{
- struct berval rdn;
-
- assert( dn_in );
-
- if ( dn_in == NULL ) {
- return NULL;
- }
-
- if ( !dn_in->bv_len ) {
- return NULL;
- }
-
- if ( be != NULL && be_issuffix( be, dn_in->bv_val ) ) {
- return NULL;
- }
-
- if ( dnExtractRdn( dn_in, &rdn ) != LDAP_SUCCESS ) {
- return NULL;
- }
-
- return rdn.bv_val;
-}
-
-/*
- * dn_issuffix - tells whether suffix is a suffix of dn.
- * Both dn and suffix must be normalized.
- * deprecated in favor of dnIsSuffix()
- */
-int
-dn_issuffix(
- const char *dn,
- const char *suffix
-)
-{
- struct berval bvdn, bvsuffix;
-
- assert( dn );
- assert( suffix );
-
- bvdn.bv_val = (char *) dn;
- bvdn.bv_len = strlen( dn );
- bvsuffix.bv_val = (char *) suffix;
- bvsuffix.bv_len = strlen( suffix );
-
- return dnIsSuffix( &bvdn, &bvsuffix );
-}
-
-/* rdn_attr_type:
- *
- * Given a string (i.e. an rdn) of the form:
- * "attribute_type = attribute_value"
- * this function returns the type of an attribute, that is the
- * string "attribute_type" which is placed in newly allocated
- * memory. The returned string will be null-terminated.
- *
- * Deprecated
- */
-
-char * rdn_attr_type( const char * s )
-{
- char **attrs = NULL, **values = NULL, *retval;
-
- if ( rdn_attrs( s, &attrs, &values ) != LDAP_SUCCESS ) {
- return NULL;
- }
-
- retval = ch_strdup( attrs[ 0 ] );
-
- charray_free( attrs );
- charray_free( values );
-
- return retval;
-}
-
-
-/* rdn_attr_value:
- *
- * Given a string (i.e. an rdn) of the form:
- * "attribute_type = attribute_value"
- * this function returns "attribute_type" which is placed in newly allocated
- * memory. The returned string will be null-terminated and may contain
- * spaces (i.e. "John Doe\0").
- *
- * Deprecated
- */
-
-char *
-rdn_attr_value( const char * rdn )
-{
- char **values = NULL, *retval;
-
- if ( rdn_attrs( rdn, NULL, &values ) != LDAP_SUCCESS ) {
- return NULL;
- }
-
- retval = ch_strdup( values[ 0 ] );
-
- charray_free( values );
-
- return retval;
-}
-
-
-/* rdn_attrs:
- *
- * Given a string (i.e. an rdn) of the form:
- * "attribute_type=attribute_value[+attribute_type=attribute_value[...]]"
- * this function stores the types of the attributes in ptypes, that is the
- * array of strings "attribute_type" which is placed in newly allocated
- * memory, and the values of the attributes in pvalues, that is the
- * array of strings "attribute_value" which is placed in newly allocated
- * memory. Returns 0 on success, -1 on failure.
- *
- * note: got part of the code from dn_validate
- *
- * Deprecated; directly use LDAPRDN from ldap_str2rdn
- */
-int
-rdn_attrs( const char * rdn, char ***types, char ***values)
-{
- LDAPRDN *tmpRDN;
- const char *p;
- int iAVA;
- int rc;
-
- assert( rdn );
- assert( values );
- assert( *values == NULL );
- assert( types == NULL || *types == NULL );
-
- rc = ldap_str2rdn( rdn, &tmpRDN, &p, LDAP_DN_FORMAT_LDAP );
- if ( rc != LDAP_SUCCESS ) {
- return rc;
- }
-
-#if 0
- /*
- * FIXME: should we complain if the rdn is actually a dn?
- */
- if ( p[ 0 ] != '\0' ) {
- ldap_rdnfree( tmpRDN );
- return LDAP_INVALID_DN_SYNTAX;
- }
-#endif
-
- for ( iAVA = 0; tmpRDN[ 0 ][ iAVA ]; iAVA++ ) {
- LDAPAVA *ava = tmpRDN[ 0 ][ iAVA ];
-
- assert( ava );
- assert( ava->la_attr.bv_val );
- assert( ava->la_value.bv_val );
-
- if ( types ) {
- charray_add_n( types, ava->la_attr.bv_val,
- ava->la_attr.bv_len );
- }
- charray_add_n( values, ava->la_value.bv_val,
- ava->la_value.bv_len );
- }
-
- ldap_rdnfree( tmpRDN );
-
- return LDAP_SUCCESS;
+ return p ? p - dn_in->bv_val : dn_in->bv_len;
}
@@ -946,18 +1228,19 @@ rdn_attrs( const char * rdn, char ***types, char ***values)
* LDAP_INVALID_SYNTAX otherwise (including a sequence of rdns)
*/
int
-rdnValidate( struct berval *rdn )
+rdn_validate( struct berval *rdn )
{
#if 1
/* Major cheat!
* input is a pretty or normalized DN
* hence, we can just search for ','
*/
- if( rdn == NULL || rdn->bv_len == 0 ) {
+ if( rdn == NULL || rdn->bv_len == 0 ||
+ rdn->bv_len > SLAP_LDAPDN_MAXLEN )
+ {
return LDAP_INVALID_SYNTAX;
}
-
- return strchr( rdn->bv_val, ',' ) == NULL
+ return ber_bvchr( rdn, ',' ) == NULL
? LDAP_SUCCESS : LDAP_INVALID_SYNTAX;
#else
@@ -975,7 +1258,7 @@ rdnValidate( struct berval *rdn )
/*
* must be parsable
*/
- rc = ldap_str2rdn( rdn, &RDN, &p, LDAP_DN_FORMAT_LDAP );
+ rc = ldap_bv2rdn( rdn, &RDN, (char **)&p, LDAP_DN_FORMAT_LDAP );
if ( rc != LDAP_SUCCESS ) {
return 0;
}
@@ -1014,24 +1297,24 @@ rdnValidate( struct berval *rdn )
void
build_new_dn( struct berval * new_dn,
struct berval * parent_dn,
- struct berval * newrdn )
+ struct berval * newrdn,
+ void *memctx )
{
char *ptr;
- if ( parent_dn == NULL ) {
+ if ( parent_dn == NULL || parent_dn->bv_len == 0 ) {
ber_dupbv( new_dn, newrdn );
return;
}
new_dn->bv_len = parent_dn->bv_len + newrdn->bv_len + 1;
- new_dn->bv_val = (char *) ch_malloc( new_dn->bv_len + 1 );
+ new_dn->bv_val = (char *) slap_sl_malloc( new_dn->bv_len + 1, memctx );
- ptr = slap_strcopy( new_dn->bv_val, newrdn->bv_val );
+ ptr = lutil_strncopy( new_dn->bv_val, newrdn->bv_val, newrdn->bv_len );
*ptr++ = ',';
strcpy( ptr, parent_dn->bv_val );
}
-#endif /* SLAP_DN_MIGRATION */
/*
* dnIsSuffix - tells whether suffix is a suffix of dn.
@@ -1044,8 +1327,8 @@ dnIsSuffix(
{
int d = dn->bv_len - suffix->bv_len;
- assert( dn );
- assert( suffix );
+ assert( dn != NULL );
+ assert( suffix != NULL );
/* empty suffix matches any dn */
if ( suffix->bv_len == 0 ) {
@@ -1058,8 +1341,7 @@ dnIsSuffix(
}
/* no rdn separator or escaped rdn separator */
- if ( d > 1 && ( !DN_SEPARATOR( dn->bv_val[ d - 1 ] )
- || DN_ESCAPE( dn->bv_val[ d - 2 ] ) ) ) {
+ if ( d > 1 && !DN_SEPARATOR( dn->bv_val[ d - 1 ] ) ) {
return 0;
}
@@ -1071,3 +1353,69 @@ dnIsSuffix(
/* compare */
return( strcmp( dn->bv_val + d, suffix->bv_val ) == 0 );
}
+
+int
+dnIsOneLevelRDN( struct berval *rdn )
+{
+ ber_len_t len = rdn->bv_len;
+ for ( ; len--; ) {
+ if ( DN_SEPARATOR( rdn->bv_val[ len ] ) ) {
+ return 0;
+ }
+ }
+
+ return 1;
+}
+
+#ifdef HAVE_TLS
+static SLAP_CERT_MAP_FN *DNX509PeerNormalizeCertMap = NULL;
+#endif
+
+int register_certificate_map_function(SLAP_CERT_MAP_FN *fn)
+{
+#ifdef HAVE_TLS
+ if ( DNX509PeerNormalizeCertMap == NULL ) {
+ DNX509PeerNormalizeCertMap = fn;
+ return 0;
+ }
+#endif
+
+ return -1;
+}
+
+#ifdef HAVE_TLS
+/*
+ * Convert an X.509 DN into a normalized LDAP DN
+ */
+int
+dnX509normalize( void *x509_name, struct berval *out )
+{
+ /* Invoke the LDAP library's converter with our schema-rewriter */
+ int rc = ldap_X509dn2bv( x509_name, out, LDAPDN_rewrite, 0 );
+
+ Debug( LDAP_DEBUG_TRACE,
+ "dnX509Normalize: <%s> (%d)\n",
+ BER_BVISNULL( out ) ? "(null)" : out->bv_val, rc, 0 );
+
+ return rc;
+}
+
+/*
+ * Get the TLS session's peer's DN into a normalized LDAP DN
+ */
+int
+dnX509peerNormalize( void *ssl, struct berval *dn )
+{
+ int rc = LDAP_INVALID_CREDENTIALS;
+
+ if ( DNX509PeerNormalizeCertMap != NULL )
+ rc = (*DNX509PeerNormalizeCertMap)( ssl, dn );
+
+ if ( rc != LDAP_SUCCESS ) {
+ rc = ldap_pvt_tls_get_peer_dn( ssl, dn,
+ (LDAPDN_rewrite_dummy *)LDAPDN_rewrite, 0 );
+ }
+
+ return rc;
+}
+#endif