X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=servers%2Fslapd%2Fdn.c;h=c3669d64067967f7c2bcad40ff39c223bac0760d;hb=384f23f59d4f586c82d2626dde5ebf72518e73be;hp=a74aa428326eab569c3bda3f14e67f33e905b075;hpb=d611a4b49a00238ed32ae84c68f27c6a0ef2273a;p=openldap
diff --git a/servers/slapd/dn.c b/servers/slapd/dn.c
index a74aa42832..c3669d6406 100644
--- a/servers/slapd/dn.c
+++ b/servers/slapd/dn.c
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software .
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -34,7 +34,6 @@
#include
#include "slap.h"
-#include "ldap_pvt.h" /* must be after slap.h, to get ldap_bv2dn_x() & co */
#include "lutil.h"
/*
@@ -54,32 +53,46 @@
#define AVA_PRIVATE( ava ) ( ( AttributeDescription * )(ava)->la_private )
+int slap_DN_strict = SLAP_AD_NOINSERT;
+
static int
LDAPRDN_validate( LDAPRDN rdn )
{
int iAVA;
int rc;
- assert( rdn );
+ assert( rdn != NULL );
for ( iAVA = 0; rdn[ iAVA ]; iAVA++ ) {
LDAPAVA *ava = rdn[ iAVA ];
AttributeDescription *ad;
slap_syntax_validate_func *validate = NULL;
- assert( ava );
+ assert( ava != NULL );
if ( ( ad = AVA_PRIVATE( ava ) ) == NULL ) {
const char *text = NULL;
rc = slap_bv2ad( &ava->la_attr, &ad, &text );
if ( rc != LDAP_SUCCESS ) {
- return LDAP_INVALID_SYNTAX;
+ rc = slap_bv2undef_ad( &ava->la_attr,
+ &ad, &text,
+ SLAP_AD_PROXIED|slap_DN_strict );
+ if ( rc != LDAP_SUCCESS ) {
+ return LDAP_INVALID_SYNTAX;
+ }
}
ava->la_private = ( void * )ad;
}
+ /*
+ * Do not allow X-ORDERED 'VALUES' naming attributes
+ */
+ if ( ad->ad_type->sat_flags & SLAP_AT_ORDERED_VAL ) {
+ return LDAP_INVALID_SYNTAX;
+ }
+
/*
* Replace attr oid/name with the canonical name
*/
@@ -113,50 +126,12 @@ LDAPDN_validate( LDAPDN dn )
int iRDN;
int rc;
- assert( dn );
+ assert( dn != NULL );
for ( iRDN = 0; dn[ iRDN ]; iRDN++ ) {
- LDAPRDN rdn = dn[ iRDN ];
- int iAVA;
-
- assert( rdn );
-
- for ( iAVA = 0; rdn[ iAVA ]; iAVA++ ) {
- LDAPAVA *ava = rdn[ iAVA ];
- AttributeDescription *ad;
- slap_syntax_validate_func *validate = NULL;
-
- assert( ava );
-
- if ( ( ad = AVA_PRIVATE( ava ) ) == NULL ) {
- const char *text = NULL;
-
- rc = slap_bv2ad( &ava->la_attr, &ad, &text );
- if ( rc != LDAP_SUCCESS ) {
- return LDAP_INVALID_SYNTAX;
- }
-
- ava->la_private = ( void * )ad;
- }
-
- /*
- * Replace attr oid/name with the canonical name
- */
- ava->la_attr = ad->ad_cname;
-
- validate = ad->ad_type->sat_syntax->ssyn_validate;
-
- if ( validate ) {
- /*
- * validate value by validate function
- */
- rc = ( *validate )( ad->ad_type->sat_syntax,
- &ava->la_value );
-
- if ( rc != LDAP_SUCCESS ) {
- return LDAP_INVALID_SYNTAX;
- }
- }
+ rc = LDAPRDN_validate( dn[ iRDN ] );
+ if ( rc != LDAP_SUCCESS ) {
+ return rc;
}
}
@@ -174,7 +149,7 @@ dnValidate(
int rc;
LDAPDN dn = NULL;
- assert( in );
+ assert( in != NULL );
if ( in->bv_len == 0 ) {
return LDAP_SUCCESS;
@@ -212,7 +187,7 @@ rdnValidate(
LDAPRDN rdn;
char* p;
- assert( in );
+ assert( in != NULL );
if ( in->bv_len == 0 ) {
return LDAP_SUCCESS;
@@ -253,81 +228,62 @@ rdnValidate(
* Note: the sorting can be slightly improved by sorting first
* by attribute type length, then by alphabetical order.
*
- * uses a linear search; should be fine since the number of AVAs in
+ * uses an insertion sort; should be fine since the number of AVAs in
* a RDN should be limited.
*/
-static void
-AVA_Sort( LDAPRDN rdn, int iAVA )
+static int
+AVA_Sort( LDAPRDN rdn, int nAVAs )
{
+ LDAPAVA *ava_i;
int i;
- LDAPAVA *ava_in = rdn[ iAVA ];
- assert( rdn );
- assert( ava_in );
-
- for ( i = 0; i < iAVA; i++ ) {
- LDAPAVA *ava = rdn[ i ];
- int a, j;
+ assert( rdn != NULL );
- assert( ava );
+ for ( i = 1; i < nAVAs; i++ ) {
+ LDAPAVA *ava_j;
+ int j;
- a = strcmp( ava_in->la_attr.bv_val, ava->la_attr.bv_val );
+ ava_i = rdn[ i ];
+ for ( j = i-1; j >=0; j-- ) {
+ int a;
- if ( a > 0 ) {
- break;
- }
+ ava_j = rdn[ j ];
+ a = strcmp( ava_i->la_attr.bv_val, ava_j->la_attr.bv_val );
- while ( a == 0 ) {
- int v, d;
+ if ( a == 0 ) {
+ int d;
- d = ava_in->la_value.bv_len - ava->la_value.bv_len;
+ d = ava_i->la_value.bv_len - ava_j->la_value.bv_len;
- v = memcmp( ava_in->la_value.bv_val,
- ava->la_value.bv_val,
- d <= 0 ? ava_in->la_value.bv_len
- : ava->la_value.bv_len );
+ a = memcmp( ava_i->la_value.bv_val,
+ ava_j->la_value.bv_val,
+ d <= 0 ? ava_i->la_value.bv_len
+ : ava_j->la_value.bv_len );
- if ( v == 0 && d != 0 ) {
- v = d;
+ if ( a == 0 ) {
+ a = d;
+ }
}
+ /* Duplicates are not allowed */
+ if ( a == 0 )
+ return LDAP_INVALID_DN_SYNTAX;
- if ( v <= 0 ) {
- /*
- * got it!
- */
+ if ( a > 0 )
break;
- }
- if ( ++i == iAVA ) {
- /*
- * already sorted
- */
- return;
- }
-
- ava = rdn[ i ];
- a = strcmp( ava_in->la_attr.bv_val,
- ava->la_attr.bv_val );
- }
-
- /*
- * move ahead
- */
- for ( j = iAVA; j > i; j-- ) {
- rdn[ j ] = rdn[ j - 1 ];
+ rdn[ j+1 ] = rdn[ j ];
}
- rdn[ i ] = ava_in;
-
- return;
+ rdn[ j+1 ] = ava_i;
}
+ return LDAP_SUCCESS;
}
static int
LDAPRDN_rewrite( LDAPRDN rdn, unsigned flags, void *ctx )
{
- int rc;
- int iAVA;
+ int rc, iAVA, do_sort = 0;
+
for ( iAVA = 0; rdn[ iAVA ]; iAVA++ ) {
LDAPAVA *ava = rdn[ iAVA ];
AttributeDescription *ad;
@@ -336,16 +292,20 @@ LDAPRDN_rewrite( LDAPRDN rdn, unsigned flags, void *ctx )
slap_syntax_transform_func *transf = NULL;
MatchingRule *mr = NULL;
struct berval bv = BER_BVNULL;
- int do_sort = 0;
- assert( ava );
+ assert( ava != NULL );
if ( ( ad = AVA_PRIVATE( ava ) ) == NULL ) {
const char *text = NULL;
rc = slap_bv2ad( &ava->la_attr, &ad, &text );
if ( rc != LDAP_SUCCESS ) {
- return LDAP_INVALID_SYNTAX;
+ rc = slap_bv2undef_ad( &ava->la_attr,
+ &ad, &text,
+ SLAP_AD_PROXIED|slap_DN_strict );
+ if ( rc != LDAP_SUCCESS ) {
+ return LDAP_INVALID_SYNTAX;
+ }
}
ava->la_private = ( void * )ad;
@@ -363,6 +323,10 @@ LDAPRDN_rewrite( LDAPRDN rdn, unsigned flags, void *ctx )
return LDAP_INVALID_SYNTAX;
}
+ /* Do not allow X-ORDERED 'VALUES' naming attributes */
+ } else if( ad->ad_type->sat_flags & SLAP_AT_ORDERED_VAL ) {
+ return LDAP_INVALID_SYNTAX;
+
/* AVA is binary encoded, don't muck with it */
} else if( flags & SLAP_LDAPDN_PRETTY ) {
transf = ad->ad_type->sat_syntax->ssyn_pretty;
@@ -372,7 +336,9 @@ LDAPRDN_rewrite( LDAPRDN rdn, unsigned flags, void *ctx )
} else { /* normalization */
validf = ad->ad_type->sat_syntax->ssyn_validate;
mr = ad->ad_type->sat_equality;
- if( mr ) normf = mr->smr_normalize;
+ if( mr && (!( mr->smr_usage & SLAP_MR_MUTATION_NORMALIZER ))) {
+ normf = mr->smr_normalize;
+ }
}
if ( validf ) {
@@ -429,10 +395,14 @@ LDAPRDN_rewrite( LDAPRDN rdn, unsigned flags, void *ctx )
ava->la_value = bv;
ava->la_flags |= LDAP_AVA_FREE_VALUE;
}
+ }
+ rc = LDAP_SUCCESS;
- if( do_sort ) AVA_Sort( rdn, iAVA );
+ if ( do_sort ) {
+ rc = AVA_Sort( rdn, iAVA );
}
- return LDAP_SUCCESS;
+
+ return rc;
}
/*
@@ -445,117 +415,12 @@ LDAPDN_rewrite( LDAPDN dn, unsigned flags, void *ctx )
int iRDN;
int rc;
- assert( dn );
+ assert( dn != NULL );
for ( iRDN = 0; dn[ iRDN ]; iRDN++ ) {
- LDAPRDN rdn = dn[ iRDN ];
- int iAVA;
-
- assert( rdn );
-
- for ( iAVA = 0; rdn[ iAVA ]; iAVA++ ) {
- LDAPAVA *ava = rdn[ iAVA ];
- AttributeDescription *ad;
- slap_syntax_validate_func *validf = NULL;
- slap_mr_normalize_func *normf = NULL;
- slap_syntax_transform_func *transf = NULL;
- MatchingRule *mr = NULL;
- struct berval bv = BER_BVNULL;
- int do_sort = 0;
-
- assert( ava );
-
- if ( ( ad = AVA_PRIVATE( ava ) ) == NULL ) {
- const char *text = NULL;
-
- rc = slap_bv2ad( &ava->la_attr, &ad, &text );
- if ( rc != LDAP_SUCCESS ) {
- return LDAP_INVALID_SYNTAX;
- }
-
- ava->la_private = ( void * )ad;
- do_sort = 1;
- }
-
- /*
- * Replace attr oid/name with the canonical name
- */
- ava->la_attr = ad->ad_cname;
-
- if( ava->la_flags & LDAP_AVA_BINARY ) {
- if( ava->la_value.bv_len == 0 ) {
- /* BER encoding is empty */
- return LDAP_INVALID_SYNTAX;
- }
-
- /* AVA is binary encoded, don't muck with it */
- } else if( flags & SLAP_LDAPDN_PRETTY ) {
- transf = ad->ad_type->sat_syntax->ssyn_pretty;
- if( !transf ) {
- validf = ad->ad_type->sat_syntax->ssyn_validate;
- }
- } else { /* normalization */
- validf = ad->ad_type->sat_syntax->ssyn_validate;
- mr = ad->ad_type->sat_equality;
- if( mr ) normf = mr->smr_normalize;
- }
-
- if ( validf ) {
- /* validate value before normalization */
- rc = ( *validf )( ad->ad_type->sat_syntax,
- ava->la_value.bv_len
- ? &ava->la_value
- : (struct berval *) &slap_empty_bv );
-
- if ( rc != LDAP_SUCCESS ) {
- return LDAP_INVALID_SYNTAX;
- }
- }
-
- if ( transf ) {
- /*
- * transform value by pretty function
- * if value is empty, use empty_bv
- */
- rc = ( *transf )( ad->ad_type->sat_syntax,
- ava->la_value.bv_len
- ? &ava->la_value
- : (struct berval *) &slap_empty_bv,
- &bv, ctx );
-
- if ( rc != LDAP_SUCCESS ) {
- return LDAP_INVALID_SYNTAX;
- }
- }
-
- if ( normf ) {
- /*
- * normalize value
- * if value is empty, use empty_bv
- */
- rc = ( *normf )(
- SLAP_MR_VALUE_OF_ASSERTION_SYNTAX,
- ad->ad_type->sat_syntax,
- mr,
- ava->la_value.bv_len
- ? &ava->la_value
- : (struct berval *) &slap_empty_bv,
- &bv, ctx );
-
- if ( rc != LDAP_SUCCESS ) {
- return LDAP_INVALID_SYNTAX;
- }
- }
-
-
- if( bv.bv_val ) {
- if ( ava->la_flags & LDAP_AVA_FREE_VALUE )
- ber_memfree_x( ava->la_value.bv_val, ctx );
- ava->la_value = bv;
- ava->la_flags |= LDAP_AVA_FREE_VALUE;
- }
-
- if( do_sort ) AVA_Sort( rdn, iAVA );
+ rc = LDAPRDN_rewrite( dn[ iRDN ], flags, ctx );
+ if ( rc != LDAP_SUCCESS ) {
+ return rc;
}
}
@@ -571,10 +436,10 @@ dnNormalize(
struct berval *out,
void *ctx)
{
- assert( val );
- assert( out );
+ assert( val != NULL );
+ assert( out != NULL );
- Debug( LDAP_DEBUG_TRACE, ">>> dnNormalize: <%s>\n", val->bv_val, 0, 0 );
+ Debug( LDAP_DEBUG_TRACE, ">>> dnNormalize: <%s>\n", val->bv_val ? val->bv_val : "", 0, 0 );
if ( val->bv_len != 0 ) {
LDAPDN dn = NULL;
@@ -613,7 +478,7 @@ dnNormalize(
ber_dupbv_x( out, val, ctx );
}
- Debug( LDAP_DEBUG_TRACE, "<<< dnNormalize: <%s>\n", out->bv_val, 0, 0 );
+ Debug( LDAP_DEBUG_TRACE, "<<< dnNormalize: <%s>\n", out->bv_val ? out->bv_val : "", 0, 0 );
return LDAP_SUCCESS;
}
@@ -627,10 +492,10 @@ rdnNormalize(
struct berval *out,
void *ctx)
{
- assert( val );
- assert( out );
+ assert( val != NULL );
+ assert( out != NULL );
- Debug( LDAP_DEBUG_TRACE, ">>> dnNormalize: <%s>\n", val->bv_val, 0, 0 );
+ Debug( LDAP_DEBUG_TRACE, ">>> dnNormalize: <%s>\n", val->bv_val ? val->bv_val : "", 0, 0 );
if ( val->bv_len != 0 ) {
LDAPRDN rdn = NULL;
int rc;
@@ -671,7 +536,7 @@ rdnNormalize(
ber_dupbv_x( out, val, ctx );
}
- Debug( LDAP_DEBUG_TRACE, "<<< dnNormalize: <%s>\n", out->bv_val, 0, 0 );
+ Debug( LDAP_DEBUG_TRACE, "<<< dnNormalize: <%s>\n", out->bv_val ? out->bv_val : "", 0, 0 );
return LDAP_SUCCESS;
}
@@ -683,10 +548,10 @@ dnPretty(
struct berval *out,
void *ctx)
{
- assert( val );
- assert( out );
+ assert( val != NULL );
+ assert( out != NULL );
- Debug( LDAP_DEBUG_TRACE, ">>> dnPretty: <%s>\n", val->bv_val, 0, 0 );
+ Debug( LDAP_DEBUG_TRACE, ">>> dnPretty: <%s>\n", val->bv_val ? val->bv_val : "", 0, 0 );
if ( val->bv_len == 0 ) {
ber_dupbv_x( out, val, ctx );
@@ -728,7 +593,7 @@ dnPretty(
}
}
- Debug( LDAP_DEBUG_TRACE, "<<< dnPretty: <%s>\n", out->bv_val, 0, 0 );
+ Debug( LDAP_DEBUG_TRACE, "<<< dnPretty: <%s>\n", out->bv_val ? out->bv_val : "", 0, 0 );
return LDAP_SUCCESS;
}
@@ -740,10 +605,10 @@ rdnPretty(
struct berval *out,
void *ctx)
{
- assert( val );
- assert( out );
+ assert( val != NULL );
+ assert( out != NULL );
- Debug( LDAP_DEBUG_TRACE, ">>> dnPretty: <%s>\n", val->bv_val, 0, 0 );
+ Debug( LDAP_DEBUG_TRACE, ">>> rdnPretty: <%s>\n", val->bv_val ? val->bv_val : "", 0, 0 );
if ( val->bv_len == 0 ) {
ber_dupbv_x( out, val, ctx );
@@ -787,7 +652,7 @@ rdnPretty(
}
}
- Debug( LDAP_DEBUG_TRACE, "<<< dnPretty: <%s>\n", out->bv_val, 0, 0 );
+ Debug( LDAP_DEBUG_TRACE, "<<< dnPretty: <%s>\n", out->bv_val ? out->bv_val : "", 0, 0 );
return LDAP_SUCCESS;
}
@@ -801,12 +666,12 @@ dnPrettyNormalDN(
int flags,
void *ctx )
{
- assert( val );
- assert( dn );
+ assert( val != NULL );
+ assert( dn != NULL );
Debug( LDAP_DEBUG_TRACE, ">>> dn%sDN: <%s>\n",
flags == SLAP_LDAPDN_PRETTY ? "Pretty" : "Normal",
- val->bv_val, 0 );
+ val->bv_val ? val->bv_val : "", 0 );
if ( val->bv_len == 0 ) {
return LDAP_SUCCESS;
@@ -853,11 +718,11 @@ dnPrettyNormal(
struct berval *normal,
void *ctx)
{
- Debug( LDAP_DEBUG_TRACE, ">>> dnPrettyNormal: <%s>\n", val->bv_val, 0, 0 );
+ Debug( LDAP_DEBUG_TRACE, ">>> dnPrettyNormal: <%s>\n", val->bv_val ? val->bv_val : "", 0, 0 );
- assert( val );
- assert( pretty );
- assert( normal );
+ assert( val != NULL );
+ assert( pretty != NULL );
+ assert( normal != NULL );
if ( val->bv_len == 0 ) {
ber_dupbv_x( pretty, val, ctx );
@@ -921,7 +786,8 @@ dnPrettyNormal(
}
Debug( LDAP_DEBUG_TRACE, "<<< dnPrettyNormal: <%s>, <%s>\n",
- pretty->bv_val, normal->bv_val, 0 );
+ pretty->bv_val ? pretty->bv_val : "",
+ normal->bv_val ? normal->bv_val : "", 0 );
return LDAP_SUCCESS;
}
@@ -941,9 +807,9 @@ dnMatch(
int match;
struct berval *asserted = (struct berval *) assertedValue;
- assert( matchp );
- assert( value );
- assert( assertedValue );
+ assert( matchp != NULL );
+ assert( value != NULL );
+ assert( assertedValue != NULL );
assert( !BER_BVISNULL( value ) );
assert( !BER_BVISNULL( asserted ) );
@@ -958,7 +824,109 @@ dnMatch(
match, value->bv_val, asserted->bv_val );
*matchp = match;
- return( LDAP_SUCCESS );
+ return LDAP_SUCCESS;
+}
+
+/*
+ * dnRelativeMatch routine
+ */
+int
+dnRelativeMatch(
+ int *matchp,
+ slap_mask_t flags,
+ Syntax *syntax,
+ MatchingRule *mr,
+ struct berval *value,
+ void *assertedValue )
+{
+ int match;
+ struct berval *asserted = (struct berval *) assertedValue;
+
+ assert( matchp != NULL );
+ assert( value != NULL );
+ assert( assertedValue != NULL );
+ assert( !BER_BVISNULL( value ) );
+ assert( !BER_BVISNULL( asserted ) );
+
+ if( mr == slap_schema.si_mr_dnSubtreeMatch ) {
+ if( asserted->bv_len > value->bv_len ) {
+ match = -1;
+ } else if ( asserted->bv_len == value->bv_len ) {
+ match = memcmp( value->bv_val, asserted->bv_val,
+ value->bv_len );
+ } else {
+ if( DN_SEPARATOR(
+ value->bv_val[value->bv_len - asserted->bv_len - 1] ))
+ {
+ match = memcmp(
+ &value->bv_val[value->bv_len - asserted->bv_len],
+ asserted->bv_val,
+ asserted->bv_len );
+ } else {
+ match = 1;
+ }
+ }
+
+ *matchp = match;
+ return LDAP_SUCCESS;
+ }
+
+ if( mr == slap_schema.si_mr_dnSuperiorMatch ) {
+ asserted = value;
+ value = (struct berval *) assertedValue;
+ mr = slap_schema.si_mr_dnSubordinateMatch;
+ }
+
+ if( mr == slap_schema.si_mr_dnSubordinateMatch ) {
+ if( asserted->bv_len >= value->bv_len ) {
+ match = -1;
+ } else {
+ if( DN_SEPARATOR(
+ value->bv_val[value->bv_len - asserted->bv_len - 1] ))
+ {
+ match = memcmp(
+ &value->bv_val[value->bv_len - asserted->bv_len],
+ asserted->bv_val,
+ asserted->bv_len );
+ } else {
+ match = 1;
+ }
+ }
+
+ *matchp = match;
+ return LDAP_SUCCESS;
+ }
+
+ if( mr == slap_schema.si_mr_dnOneLevelMatch ) {
+ if( asserted->bv_len >= value->bv_len ) {
+ match = -1;
+ } else {
+ if( DN_SEPARATOR(
+ value->bv_val[value->bv_len - asserted->bv_len - 1] ))
+ {
+ match = memcmp(
+ &value->bv_val[value->bv_len - asserted->bv_len],
+ asserted->bv_val,
+ asserted->bv_len );
+
+ if( !match ) {
+ struct berval rdn;
+ rdn.bv_val = value->bv_val;
+ rdn.bv_len = value->bv_len - asserted->bv_len - 1;
+ match = dnIsOneLevelRDN( &rdn ) ? 0 : 1;
+ }
+ } else {
+ match = 1;
+ }
+ }
+
+ *matchp = match;
+ return LDAP_SUCCESS;
+ }
+
+ /* should not be reachable */
+ assert( 0 );
+ return LDAP_OTHER;
}
int
@@ -973,9 +941,9 @@ rdnMatch(
int match;
struct berval *asserted = (struct berval *) assertedValue;
- assert( matchp );
- assert( value );
- assert( assertedValue );
+ assert( matchp != NULL );
+ assert( value != NULL );
+ assert( assertedValue != NULL );
match = value->bv_len - asserted->bv_len;
@@ -988,8 +956,7 @@ rdnMatch(
match, value->bv_val, asserted->bv_val );
*matchp = match;
-
- return( LDAP_SUCCESS );
+ return LDAP_SUCCESS;
}
@@ -997,6 +964,10 @@ rdnMatch(
* dnParent - dn's parent, in-place
* note: the incoming dn is assumed to be normalized/prettyfied,
* so that escaped rdn/ava separators are in '\'+hexpair form
+ *
+ * note: "dn" and "pdn" can point to the same berval;
+ * beware that, in this case, the pointer to the original buffer
+ * will get lost.
*/
void
dnParent(
@@ -1005,7 +976,7 @@ dnParent(
{
char *p;
- p = strchr( dn->bv_val, ',' );
+ p = ber_bvchr( dn, ',' );
/* one-level dn */
if ( p == NULL ) {
@@ -1018,8 +989,35 @@ dnParent(
p++;
assert( ATTR_LEADCHAR( p[ 0 ] ) );
- pdn->bv_val = p;
pdn->bv_len = dn->bv_len - (p - dn->bv_val);
+ pdn->bv_val = p;
+
+ return;
+}
+
+/*
+ * dnRdn - dn's rdn, in-place
+ * note: the incoming dn is assumed to be normalized/prettyfied,
+ * so that escaped rdn/ava separators are in '\'+hexpair form
+ */
+void
+dnRdn(
+ struct berval *dn,
+ struct berval *rdn )
+{
+ char *p;
+
+ *rdn = *dn;
+ p = ber_bvchr( dn, ',' );
+
+ /* one-level dn */
+ if ( p == NULL ) {
+ return;
+ }
+
+ assert( DN_SEPARATOR( p[ 0 ] ) );
+ assert( ATTR_LEADCHAR( p[ 1 ] ) );
+ rdn->bv_len = p - dn->bv_val;
return;
}
@@ -1034,8 +1032,8 @@ dnExtractRdn(
const char *p;
int rc;
- assert( dn );
- assert( rdn );
+ assert( dn != NULL );
+ assert( rdn != NULL );
if( dn->bv_len == 0 ) {
return LDAP_OTHER;
@@ -1046,27 +1044,24 @@ dnExtractRdn(
return rc;
}
- rc = ldap_rdn2bv_x( tmpRDN, rdn, LDAP_DN_FORMAT_LDAPV3 | LDAP_DN_PRETTY, ctx );
+ rc = ldap_rdn2bv_x( tmpRDN, rdn, LDAP_DN_FORMAT_LDAPV3 | LDAP_DN_PRETTY,
+ ctx );
ldap_rdnfree_x( tmpRDN, ctx );
- if ( rc != LDAP_SUCCESS ) {
- return rc;
- }
-
- return LDAP_SUCCESS;
+ return rc;
}
/*
* We can assume the input is a prettied or normalized DN
*/
-int
+ber_len_t
dn_rdnlen(
Backend *be,
struct berval *dn_in )
{
const char *p;
- assert( dn_in );
+ assert( dn_in != NULL );
if ( dn_in == NULL ) {
return 0;
@@ -1080,9 +1075,9 @@ dn_rdnlen(
return 0;
}
- p = strchr( dn_in->bv_val, ',' );
+ p = ber_bvchr( dn_in, ',' );
- return p ? p - dn_in->bv_val : dn_in->bv_len;
+ return p ? (ber_len_t) (p - dn_in->bv_val) : dn_in->bv_len;
}
@@ -1104,7 +1099,7 @@ rdn_validate( struct berval *rdn )
{
return LDAP_INVALID_SYNTAX;
}
- return strchr( rdn->bv_val, ',' ) == NULL
+ return ber_bvchr( rdn, ',' ) == NULL
? LDAP_SUCCESS : LDAP_INVALID_SYNTAX;
#else
@@ -1152,7 +1147,7 @@ rdn_validate( struct berval *rdn )
/* build_new_dn:
*
- * Used by ldbm/bdb2 back_modrdn to create the new dn of entries being
+ * Used by back-bdb back_modrdn to create the new dn of entries being
* renamed.
*
* new_dn = parent (p_dn) + separator + rdn (newrdn) + null.
@@ -1167,14 +1162,14 @@ build_new_dn( struct berval * new_dn,
char *ptr;
if ( parent_dn == NULL || parent_dn->bv_len == 0 ) {
- ber_dupbv( new_dn, newrdn );
+ ber_dupbv_x( new_dn, newrdn, memctx );
return;
}
new_dn->bv_len = parent_dn->bv_len + newrdn->bv_len + 1;
new_dn->bv_val = (char *) slap_sl_malloc( new_dn->bv_len + 1, memctx );
- ptr = lutil_strcopy( new_dn->bv_val, newrdn->bv_val );
+ ptr = lutil_strncopy( new_dn->bv_val, newrdn->bv_val, newrdn->bv_len );
*ptr++ = ',';
strcpy( ptr, parent_dn->bv_val );
}
@@ -1191,8 +1186,8 @@ dnIsSuffix(
{
int d = dn->bv_len - suffix->bv_len;
- assert( dn );
- assert( suffix );
+ assert( dn != NULL );
+ assert( suffix != NULL );
/* empty suffix matches any dn */
if ( suffix->bv_len == 0 ) {
@@ -1232,6 +1227,21 @@ dnIsOneLevelRDN( struct berval *rdn )
}
#ifdef HAVE_TLS
+static SLAP_CERT_MAP_FN *DNX509PeerNormalizeCertMap = NULL;
+#endif
+
+int register_certificate_map_function(SLAP_CERT_MAP_FN *fn)
+{
+#ifdef HAVE_TLS
+ if ( DNX509PeerNormalizeCertMap == NULL ) {
+ DNX509PeerNormalizeCertMap = fn;
+ return 0;
+ }
+#endif
+
+ return -1;
+}
+
/*
* Convert an X.509 DN into a normalized LDAP DN
*/
@@ -1242,19 +1252,29 @@ dnX509normalize( void *x509_name, struct berval *out )
int rc = ldap_X509dn2bv( x509_name, out, LDAPDN_rewrite, 0 );
Debug( LDAP_DEBUG_TRACE,
- "dnX509Normalize: <%s>\n", out->bv_val, 0, 0 );
+ "dnX509Normalize: <%s> (%d)\n",
+ BER_BVISNULL( out ) ? "(null)" : out->bv_val, rc, 0 );
return rc;
}
+#ifdef HAVE_TLS
/*
* Get the TLS session's peer's DN into a normalized LDAP DN
*/
int
dnX509peerNormalize( void *ssl, struct berval *dn )
{
+ int rc = LDAP_INVALID_CREDENTIALS;
- return ldap_pvt_tls_get_peer_dn( ssl, dn,
- (LDAPDN_rewrite_dummy *)LDAPDN_rewrite, 0 );
+ if ( DNX509PeerNormalizeCertMap != NULL )
+ rc = (*DNX509PeerNormalizeCertMap)( ssl, dn );
+
+ if ( rc != LDAP_SUCCESS ) {
+ rc = ldap_pvt_tls_get_peer_dn( ssl, dn,
+ (LDAPDN_rewrite_dummy *)LDAPDN_rewrite, 0 );
+ }
+
+ return rc;
}
#endif