some ldap_str2dn overhead.
e->e_attrs = NULL;
e->e_private = NULL;
- {
- struct berval *pdn = NULL;
- rc = dnPretty( NULL, &dn, &pdn );
+ rc = dnPrettyNormal( NULL, &dn, &e->e_name, &e->e_nname );
- if( rc != LDAP_SUCCESS ) {
-#ifdef NEW_LOGGING
- LDAP_LOG(( "operation", LDAP_LEVEL_ERR,
- "do_add: conn %d invalid dn (%s)\n", conn->c_connid,
- dn.bv_val ));
-#else
- Debug( LDAP_DEBUG_ANY, "do_add: invalid dn (%s)\n", dn.bv_val, 0, 0 );
-#endif
- send_ldap_result( conn, op, rc = LDAP_INVALID_DN_SYNTAX, NULL,
- "invalid DN", NULL, NULL );
- goto done;
- }
-
- e->e_name = *pdn;
- free( pdn );
- }
-
- {
- struct berval *ndn = NULL;
- rc = dnNormalize( NULL, &dn, &ndn );
-
- if( rc != LDAP_SUCCESS ) {
+ if( rc != LDAP_SUCCESS ) {
#ifdef NEW_LOGGING
- LDAP_LOG(( "operation", LDAP_LEVEL_ERR,
- "do_add: conn %d invalid dn (%s)\n", conn->c_connid,
+ LDAP_LOG(( "operation", LDAP_LEVEL_ERR,
+ "do_add: conn %d invalid dn (%s)\n", conn->c_connid,
dn.bv_val ));
#else
- Debug( LDAP_DEBUG_ANY, "do_add: invalid dn (%s)\n", dn.bv_val, 0, 0 );
+ Debug( LDAP_DEBUG_ANY, "do_add: invalid dn (%s)\n", dn.bv_val, 0, 0 );
#endif
- send_ldap_result( conn, op, rc = LDAP_INVALID_DN_SYNTAX, NULL,
+ send_ldap_result( conn, op, rc = LDAP_INVALID_DN_SYNTAX, NULL,
"invalid DN", NULL, NULL );
- goto done;
- }
-
- e->e_nname = *ndn;
- free( ndn );
+ goto done;
}
#ifdef NEW_LOGGING
ber_tag_t method;
char *mech = NULL;
struct berval dn = { 0, NULL };
- struct berval *pdn = NULL;
- struct berval *ndn = NULL;
+ struct berval pdn = { 0, NULL };
+ struct berval ndn = { 0, NULL };
ber_tag_t tag;
int rc = LDAP_SUCCESS;
const char *text;
goto cleanup;
}
- rc = dnPretty( NULL, &dn, &pdn );
- if ( rc != LDAP_SUCCESS ) {
-#ifdef NEW_LOGGING
- LDAP_LOG(( "operation", LDAP_LEVEL_INFO,
- "do_bind: conn %d invalid dn (%s)\n",
- conn->c_connid, dn.bv_val ));
-#else
- Debug( LDAP_DEBUG_ANY, "bind: invalid dn (%s)\n",
- dn.bv_val, 0, 0 );
-#endif
- send_ldap_result( conn, op, rc = LDAP_INVALID_DN_SYNTAX, NULL,
- "invalid DN", NULL, NULL );
- goto cleanup;
- }
-
- rc = dnNormalize( NULL, &dn, &ndn );
+ rc = dnPrettyNormal( NULL, &dn, &pdn, &ndn );
if ( rc != LDAP_SUCCESS ) {
#ifdef NEW_LOGGING
LDAP_LOG(( "operation", LDAP_LEVEL_INFO,
#ifdef NEW_LOGGING
LDAP_LOG(( "operation", LDAP_LEVEL_DETAIL1,
"do_sasl_bind: conn %d dn (%s) mech %s\n", conn->c_connid,
- pdn->bv_val, mech ));
+ pdn.bv_val, mech ));
#else
Debug( LDAP_DEBUG_TRACE, "do_sasl_bind: dn (%s) mech %s\n",
- pdn->bv_val, mech, NULL );
+ pdn.bv_val, mech, NULL );
#endif
} else {
LDAP_LOG(( "operation", LDAP_LEVEL_DETAIL1,
"do_bind: conn %d version=%ld dn=\"%s\" method=%ld\n",
conn->c_connid, (unsigned long) version,
- pdn->bv_val, (unsigned long)method ));
+ pdn.bv_val, (unsigned long)method ));
#else
Debug( LDAP_DEBUG_TRACE,
"do_bind: version=%ld dn=\"%s\" method=%ld\n",
(unsigned long) version,
- pdn->bv_val, (unsigned long) method );
+ pdn.bv_val, (unsigned long) method );
#endif
}
Statslog( LDAP_DEBUG_STATS, "conn=%ld op=%d BIND dn=\"%s\" method=%ld\n",
- op->o_connid, op->o_opid, pdn->bv_val, (unsigned long) method, 0 );
+ op->o_connid, op->o_opid, pdn.bv_val, (unsigned long) method, 0 );
if ( version < LDAP_VERSION_MIN || version > LDAP_VERSION_MAX ) {
#ifdef NEW_LOGGING
edn = NULL;
rc = slap_sasl_bind( conn, op,
- pdn, ndn,
+ &pdn, &ndn,
&cred, &edn, &ssf );
ldap_pvt_thread_mutex_lock( &conn->c_mutex );
if ( method == LDAP_AUTH_SIMPLE ) {
/* accept "anonymous" binds */
- if ( cred.bv_len == 0 || ndn->bv_len == 0 ) {
+ if ( cred.bv_len == 0 || ndn.bv_len == 0 ) {
rc = LDAP_SUCCESS;
text = NULL;
/* cred is not empty, disallow */
rc = LDAP_INVALID_CREDENTIALS;
- } else if ( ndn->bv_len &&
+ } else if ( ndn.bv_len &&
!( global_allows & SLAP_ALLOW_BIND_ANON_DN ))
{
/* DN is not empty, disallow */
#ifdef NEW_LOGGING
LDAP_LOG(( "operation", LDAP_LEVEL_INFO,
"do_bind: conn %d v%d simple bind(%s) disallowed\n",
- conn->c_connid, version, ndn ));
+ conn->c_connid, version, ndn.bv_val ));
#else
Debug( LDAP_DEBUG_TRACE,
"do_bind: v%d simple bind(%s) disallowed\n",
- version, ndn, 0 );
+ version, ndn.bv_val, 0 );
#endif
goto cleanup;
}
* if we don't hold it.
*/
- if ( (be = select_backend( ndn, 0, 0 )) == NULL ) {
+ if ( (be = select_backend( &ndn, 0, 0 )) == NULL ) {
if ( default_referral ) {
struct berval **ref = referral_rewrite( default_referral,
- NULL, pdn, LDAP_SCOPE_DEFAULT );
+ NULL, &pdn, LDAP_SCOPE_DEFAULT );
send_ldap_result( conn, op, rc = LDAP_REFERRAL,
NULL, NULL, ref ? ref : default_referral, NULL );
struct berval edn = { 0, NULL };
/* deref suffix alias if appropriate */
- suffix_alias( be, ndn );
+ suffix_alias( be, &ndn );
ret = (*be->be_bind)( be, conn, op,
- pdn, ndn, method, &cred, &edn );
+ &pdn, &ndn, method, &cred, &edn );
if ( ret == 0 ) {
ldap_pvt_thread_mutex_lock( &conn->c_mutex );
if(edn.bv_len) {
conn->c_dn = edn;
} else {
- conn->c_dn.bv_val = ch_strdup( pdn->bv_val );
- conn->c_dn.bv_len = pdn->bv_len;
+ ber_dupbv( &conn->c_dn, &pdn );
}
- conn->c_cdn = pdn->bv_val;
- pdn->bv_val = NULL;
- pdn->bv_len = 0;
+ conn->c_cdn = pdn.bv_val;
+ pdn.bv_val = NULL;
+ pdn.bv_len = 0;
- conn->c_ndn = *ndn;
- ndn->bv_val = NULL;
- ndn->bv_len = 0;
+ conn->c_ndn = ndn;
+ ndn.bv_val = NULL;
+ ndn.bv_len = 0;
if( conn->c_dn.bv_len != 0 ) {
ber_len_t max = sockbuf_max_incoming;
cleanup:
free( dn.bv_val );
- if( pdn != NULL ) {
- ber_bvfree( pdn );
+ if( pdn.bv_val != NULL ) {
+ free( pdn.bv_val );
}
- if( ndn != NULL ) {
- ber_bvfree( ndn );
+ if( ndn.bv_val != NULL ) {
+ free( ndn.bv_val );
}
if ( mech != NULL ) {
free( mech );
return LDAP_SUCCESS;
}
+/*
+ * Combination of both dnPretty and dnNormalize
+ */
+int
+dnPrettyNormal(
+ Syntax *syntax,
+ struct berval *val,
+ struct berval *pretty,
+ struct berval *normal)
+{
+ Debug( LDAP_DEBUG_TRACE, ">>> dnPrettyNormal: <%s>\n", val->bv_val, 0, 0 );
+
+ assert( val );
+ assert( pretty );
+ assert( normal );
+
+ if ( val->bv_len != 0 ) {
+ LDAPDN *dn = NULL;
+ char *dn_out = NULL;
+ int rc;
+
+ pretty->bv_val = NULL;
+ normal->bv_val = NULL;
+ pretty->bv_len = 0;
+ normal->bv_len = 0;
+
+ /* FIXME: should be liberal in what we accept */
+ rc = ldap_str2dn( val->bv_val, &dn, LDAP_DN_FORMAT_LDAP );
+ if ( rc != LDAP_SUCCESS ) {
+ return LDAP_INVALID_SYNTAX;
+ }
+
+ /*
+ * Schema-aware rewrite
+ */
+ if ( LDAPDN_rewrite( dn, SLAP_LDAPDN_PRETTY ) != LDAP_SUCCESS ) {
+ ldap_dnfree( dn );
+ return LDAP_INVALID_SYNTAX;
+ }
+
+ rc = ldap_dn2str( dn, &dn_out,
+ LDAP_DN_FORMAT_LDAPV3 | LDAP_DN_PRETTY );
+
+ if ( rc != LDAP_SUCCESS ) {
+ ldap_dnfree( dn );
+ return LDAP_INVALID_SYNTAX;
+ }
+
+ ber_str2bv( dn_out, 0, 0, pretty );
+
+ if ( LDAPDN_rewrite( dn, 0 ) != LDAP_SUCCESS ) {
+ ldap_dnfree( dn );
+ free( pretty->bv_val );
+ pretty->bv_val = NULL;
+ pretty->bv_len = 0;
+ return LDAP_INVALID_SYNTAX;
+ }
+
+ rc = ldap_dn2str( dn, &dn_out, LDAP_DN_FORMAT_LDAPV3 );
+
+ ldap_dnfree( dn );
+ if ( rc != LDAP_SUCCESS ) {
+ free( pretty->bv_val );
+ pretty->bv_val = NULL;
+ pretty->bv_len = 0;
+ return LDAP_INVALID_SYNTAX;
+ }
+
+ ber_str2bv( dn_out, 0, 0, normal );
+ } else {
+ ber_dupbv( pretty, val );
+ ber_dupbv( normal, val );
+ }
+
+ Debug( LDAP_DEBUG_TRACE, "<<< dnPrettyNormal: <%s>, <%s>\n",
+ pretty->bv_val, normal->bv_val, 0 );
+
+ return LDAP_SUCCESS;
+}
+
/*
* dnMatch routine
*/
struct berval *val,
struct berval **pretty ));
+LDAP_SLAPD_F (int) dnPrettyNormal LDAP_P((
+ Syntax *syntax,
+ struct berval *val,
+ struct berval *pretty,
+ struct berval *normal ));
+
LDAP_SLAPD_F (int) dnMatch LDAP_P((
int *matchp,
slap_mask_t flags,
ber_int_t scope, deref, attrsonly;
ber_int_t sizelimit, timelimit;
struct berval base = { 0, NULL };
- struct berval *pbase = NULL;
- struct berval *nbase = NULL;
+ struct berval pbase = { 0, NULL };
+ struct berval nbase = { 0, NULL };
struct berval fstr = { 0, NULL };
Filter *filter = NULL;
struct berval **attrs = NULL;
goto return_results;
}
- rc = dnPretty( NULL, &base, &pbase );
+ rc = dnPrettyNormal( NULL, &base, &pbase, &nbase );
if( rc != LDAP_SUCCESS ) {
#ifdef NEW_LOGGING
LDAP_LOG(( "operation", LDAP_LEVEL_INFO,
goto return_results;
}
- rc = dnNormalize( NULL, &base, &nbase );
- if( rc != LDAP_SUCCESS ) {
-#ifdef NEW_LOGGING
- LDAP_LOG(( "operation", LDAP_LEVEL_INFO,
- "do_searc: conn %d invalid dn (%s)\n",
- conn->c_connid, base.bv_val ));
-#else
- Debug( LDAP_DEBUG_ANY,
- "do_search: invalid dn (%s)\n", base.bv_val, 0, 0 );
-#endif
- send_ldap_result( conn, op, rc = LDAP_INVALID_DN_SYNTAX, NULL,
- "invalid DN", NULL, NULL );
- goto return_results;
- }
-
-
#ifdef NEW_LOGGING
LDAP_LOG(( "operation", LDAP_LEVEL_ARGS,
"do_search \"%s\" %d %d %d %d %d\n", base.bv_val, scope,
Statslog( LDAP_DEBUG_STATS,
"conn=%ld op=%d SRCH base=\"%s\" scope=%d filter=\"%s\"\n",
- op->o_connid, op->o_opid, pbase->bv_val, scope, fstr.bv_val );
+ op->o_connid, op->o_opid, pbase.bv_val, scope, fstr.bv_val );
manageDSAit = get_manageDSAit( op );
if ( scope == LDAP_SCOPE_BASE ) {
Entry *entry = NULL;
- if ( strcasecmp( nbase->bv_val, LDAP_ROOT_DSE ) == 0 ) {
+ if ( strcasecmp( nbase.bv_val, LDAP_ROOT_DSE ) == 0 ) {
#ifdef LDAP_CONNECTIONLESS
/* Ignore LDAPv2 CLDAP DSE queries */
if (op->o_protocol==LDAP_VERSION2 && conn->c_is_udp) {
}
#if defined( SLAPD_SCHEMA_DN )
- else if ( strcasecmp( nbase->bv_val, SLAPD_SCHEMA_DN ) == 0 ) {
+ else if ( strcasecmp( nbase.bv_val, SLAPD_SCHEMA_DN ) == 0 ) {
/* check restrictions */
rc = backend_check_restrictions( NULL, conn, op, NULL, &text ) ;
if( rc != LDAP_SUCCESS ) {
}
}
- if( !nbase->bv_len && default_search_nbase.bv_len ) {
- ch_free( base.bv_val );
- ch_free( nbase->bv_val );
+ if( !nbase.bv_len && default_search_nbase.bv_len ) {
+ ch_free( pbase.bv_val );
+ ch_free( nbase.bv_val );
- base.bv_val = ch_strdup( default_search_base.bv_val );
- base.bv_len = default_search_base.bv_len;
- nbase->bv_val = ch_strdup( default_search_nbase.bv_val );
- nbase->bv_len = default_search_nbase.bv_len;
+ ber_dupbv( &pbase, &default_search_base );
+ ber_dupbv( &nbase, &default_search_nbase );
}
/*
* appropriate one, or send a referral to our "referral server"
* if we don't hold it.
*/
- if ( (be = select_backend( nbase, manageDSAit, 1 )) == NULL ) {
+ if ( (be = select_backend( &nbase, manageDSAit, 1 )) == NULL ) {
struct berval **ref = referral_rewrite( default_referral,
- NULL, pbase, scope );
+ NULL, &pbase, scope );
send_ldap_result( conn, op, rc = LDAP_REFERRAL,
NULL, NULL, ref ? ref : default_referral, NULL );
}
/* check for referrals */
- rc = backend_check_referrals( be, conn, op, pbase, nbase );
+ rc = backend_check_referrals( be, conn, op, &pbase, &nbase );
if ( rc != LDAP_SUCCESS ) {
goto return_results;
}
/* deref the base if needed */
- suffix_alias( be, nbase );
+ suffix_alias( be, &nbase );
/* actually do the search and send the result(s) */
if ( be->be_search ) {
- (*be->be_search)( be, conn, op, pbase, nbase,
+ (*be->be_search)( be, conn, op, &pbase, &nbase,
scope, deref, sizelimit,
timelimit, filter, fstr.bv_val, attrs, attrsonly );
} else {
return_results:;
free( base.bv_val );
- if( pbase != NULL) ber_bvfree( pbase );
- if( nbase != NULL) ber_bvfree( nbase );
+ if( pbase.bv_val != NULL) free( pbase.bv_val );
+ if( nbase.bv_val != NULL) free( nbase.bv_val );
if( fstr.bv_val != NULL) free( fstr.bv_val );
if( filter != NULL) filter_free( filter );
projects / openldap / commitdiff