now dnValidate loops thru each value; added private member to LDAPAVA to hold the...

diff --git a/include/ldap.h b/include/ldap.h
index 9572a67aa12798ebf471ff7a24e906cd680e411e..e6d1481d4c872c03e56c6ca19879c61a4a46b2f8 100644 (file)
--- a/include/ldap.h
+++ b/include/ldap.h
@@ -1171,6 +1171,8 @@ typedef struct ldap_ava {
 #define LDAP_AVA_STRING                0x0000U
 #define LDAP_AVA_BINARY                0x0001U
 #define LDAP_AVA_NONPRINTABLE  0x0002U
+
+       void *la_private;
 } LDAPAVA;
 
 typedef LDAPAVA** LDAPRDN;

diff --git a/libraries/libldap/getdn.c b/libraries/libldap/getdn.c
index 986557abfc6dc466a28154562dfdc76152b0c94b..764695e49131c5902a167823cd6c5418ec1d4266 100644 (file)
--- a/libraries/libldap/getdn.c
+++ b/libraries/libldap/getdn.c
@@ -753,6 +753,8 @@ ldapava_new( const struct berval *attr, const struct berval *val,
        ava->la_value = ( struct berval * )val;
        ava->la_flags = flags;
 
+       ava->la_private = NULL;
+
        return( ava );
 }
 

diff --git a/servers/slapd/schema_init.c b/servers/slapd/schema_init.c
index 8437777e12722ed44d77784a3079b37862fca325..5a717d6935937c28e24800f20c2c8a576cecbb67 100644 (file)
--- a/servers/slapd/schema_init.c
+++ b/servers/slapd/schema_init.c
@@ -223,6 +223,66 @@ int octetStringFilter(
 }
 
 #ifdef USE_LDAP_DN_PARSING
+
+#define        AVA_PRIVATE( ava ) ( ( AttributeDescription * )(ava)->la_private )
+
+/*
+ * In-place, schema-aware validation of the
+ * structural representation of a distinguished name.
+ */
+static int
+LDAPDN_validate( LDAPDN *dn )
+{
+       int             iRDN;
+       int             rc;
+
+       assert( dn );
+
+       for ( iRDN = 0; dn[ iRDN ]; iRDN++ ) {
+               LDAPRDN         *rdn = dn[ iRDN ][ 0 ];
+               int             iAVA;
+
+               for ( iAVA = 0; rdn[ iAVA ]; iAVA++ ) {
+                       LDAPAVA                 *ava = rdn[ iAVA ][ 0 ];
+                       AttributeDescription    *ad;
+                       slap_syntax_validate_func *validate = NULL;
+                       
+                       if ( ( ad = AVA_PRIVATE( ava ) ) == NULL ) {
+                               const char      *text = NULL;
+
+                               rc = slap_bv2ad( ava->la_attr, &ad, &text );
+                               if ( rc != LDAP_SUCCESS ) {
+                                       return LDAP_INVALID_SYNTAX;
+                               }
+
+                               ava->la_private = ( void * )ad;
+                       }
+
+                       /* 
+                        * Replace attr oid/name with the canonical name
+                        */
+                       ber_bvfree( ava->la_attr );
+                       ava->la_attr = ber_bvdup( &ad->ad_cname );
+
+                       validate = ad->ad_type->sat_syntax->ssyn_validate;
+
+                       if ( validate ) {
+                               /*
+                                * validate value by validate function
+                                */
+                               rc = ( *validate )( ad->ad_type->sat_syntax,
+                                       ava->la_value );
+                       
+                               if ( rc != LDAP_SUCCESS ) {
+                                       return LDAP_INVALID_SYNTAX;
+                               }
+                       }
+               }
+       }
+
+       return LDAP_SUCCESS;
+}
+
 static int
 dnValidate(
        Syntax *syntax,
@@ -238,8 +298,12 @@ dnValidate(
        rc = ldap_str2dn( in->bv_val, &dn, LDAP_DN_FORMAT_LDAP );
 
        /*
-        * Fixme: should we also validate each DN component?
+        * Schema-aware validate
         */
+       if ( rc == LDAP_SUCCESS ) {
+               rc = LDAPDN_validate( dn );
+       }
+       
        ldapava_free_dn( dn );
        
        if ( rc != LDAP_SUCCESS ) {
@@ -328,15 +392,20 @@ LDAPDN_rewrite( LDAPDN *dn, unsigned flags )
 
                for ( iAVA = 0; rdn[ iAVA ]; iAVA++ ) {
                        LDAPAVA                 *ava = rdn[ iAVA ][ 0 ];
-                       AttributeDescription    *ad = NULL;
-                       const char              *text = NULL;
+                       AttributeDescription    *ad;
                        slap_syntax_transform_func *transf = NULL;
                        MatchingRule *mr;
                        struct berval           *bv = NULL;
 
-                       rc = slap_bv2ad( ava->la_attr, &ad, &text );
-                       if ( rc != LDAP_SUCCESS ) {
-                               return LDAP_INVALID_SYNTAX;
+                       if ( ( ad = AVA_PRIVATE( ava ) ) == NULL ) {
+                               const char      *text = NULL;
+
+                               rc = slap_bv2ad( ava->la_attr, &ad, &text );
+                               if ( rc != LDAP_SUCCESS ) {
+                                       return LDAP_INVALID_SYNTAX;
+                               }
+                               
+                               ava->la_private = ( void * )ad;
                        }
 
                        /*