From: Pierangelo Masarati Date: Sat, 10 Jul 2004 10:48:41 +0000 (+0000) Subject: allow unescaped equals, according to draft-ietf-ldapbis-dn (ITS#3229) X-Git-Tag: OPENDLAP_REL_ENG_2_2_MP~95 X-Git-Url: https://git.sur5r.net/?a=commitdiff_plain;h=8e5d04d2a81825b14fe65852a24a427132d05d14;p=openldap allow unescaped equals, according to draft-ietf-ldapbis-dn (ITS#3229) --- diff --git a/libraries/libldap/getdn.c b/libraries/libldap/getdn.c index ce18cab9d3..1516a1d66e 100644 --- a/libraries/libldap/getdn.c +++ b/libraries/libldap/getdn.c @@ -471,6 +471,26 @@ ldap_dn_normalize( LDAP_CONST char *dnin, #define LDAP_DN_ESCAPE(c) ( (c) == '\\' ) #define LDAP_DN_VALUE_END(c) \ ( LDAP_DN_RDN_SEP(c) || LDAP_DN_AVA_SEP(c) ) + +/* NOTE: according to draft-ietf-ldapbis-dn, '=' can be escaped + * and treated as special, i.e. escaped both as "\" and + * as "\=", but it is treated as a regular char, i.e. it can also + * appear as '='. + * + * As such, we currently choose to allow reading unescaped '=', + * but we always produce escaped '\3D'; this may change in the + * future, if compatibility issues do not arise */ +#ifdef LDAP_DEVEL +#define LDAP_DN_NE(c) \ + ( LDAP_DN_RDN_SEP_V2(c) || LDAP_DN_AVA_SEP(c) \ + || LDAP_DN_QUOTES(c) \ + || (c) == '<' || (c) == '>' ) +#define LDAP_DN_MAYESCAPE(c) \ + ( LDAP_DN_ESCAPE(c) || LDAP_DN_NE(c) \ + || LDAP_DN_AVA_EQUALS(c) \ + || LDAP_DN_ASCII_SPACE(c) || LDAP_DN_OCTOTHORPE(c) ) +#define LDAP_DN_SHOULDESCAPE(c) ( LDAP_DN_AVA_EQUALS(c) ) +#else /* ! LDAP_DEVEL */ #define LDAP_DN_NE(c) \ ( LDAP_DN_RDN_SEP_V2(c) || LDAP_DN_AVA_SEP(c) \ || LDAP_DN_AVA_EQUALS(c) || LDAP_DN_QUOTES(c) \ @@ -478,6 +498,9 @@ ldap_dn_normalize( LDAP_CONST char *dnin, #define LDAP_DN_MAYESCAPE(c) \ ( LDAP_DN_ESCAPE(c) || LDAP_DN_NE(c) \ || LDAP_DN_ASCII_SPACE(c) || LDAP_DN_OCTOTHORPE(c) ) +#define LDAP_DN_SHOULDESCAPE(c) ( 0 ) +#endif /* ! LDAP_DEVEL */ + #define LDAP_DN_NEEDESCAPE(c) \ ( LDAP_DN_ESCAPE(c) || LDAP_DN_NE(c) ) #define LDAP_DN_NEEDESCAPE_LEAD(c) LDAP_DN_MAYESCAPE(c) @@ -1517,7 +1540,7 @@ str2strval( const char *str, ber_len_t stoplen, struct berval *val, const char * */ return( 1 ); - } else if (!LDAP_DN_ASCII_PRINTABLE( p[ 0 ] ) ) { + } else if ( !LDAP_DN_ASCII_PRINTABLE( p[ 0 ] ) ) { if ( p[ 0 ] == '\0' ) { return( 1 ); } @@ -2102,6 +2125,7 @@ strval2strlen( struct berval *val, unsigned flags, ber_len_t *len ) l += escaped_byte_len * cl; } else if ( LDAP_DN_NEEDESCAPE( p[ 0 ] ) + || LDAP_DN_SHOULDESCAPE( p[ 0 ] ) || ( p == val->bv_val && LDAP_DN_NEEDESCAPE_LEAD( p[ 0 ] ) ) || ( !p[ 1 ] && LDAP_DN_NEEDESCAPE_TRAIL( p[ 0 ] ) ) ) { #ifdef PRETTY_ESCAPE @@ -2192,6 +2216,7 @@ strval2str( struct berval *val, char *str, unsigned flags, ber_len_t *len ) #endif #else /* ! PRETTY_ESCAPE */ || LDAP_DN_NEEDESCAPE( val->bv_val[ s ] ) + || LDAP_DN_SHOULDESCAPE( val->bv_val[ s ] ) || ( d == 0 && LDAP_DN_NEEDESCAPE_LEAD( val->bv_val[ s ] ) ) || ( s == end && LDAP_DN_NEEDESCAPE_TRAIL( val->bv_val[ s ] ) ) @@ -2212,6 +2237,7 @@ strval2str( struct berval *val, char *str, unsigned flags, ber_len_t *len ) } else { #ifdef PRETTY_ESCAPE if ( LDAP_DN_NEEDESCAPE( val->bv_val[ s ] ) + || LDAP_DN_SHOULDESCAPE( val->bv_val[ s ] ) || ( d == 0 && LDAP_DN_NEEDESCAPE_LEAD( val->bv_val[ s ] ) ) || ( s == end && LDAP_DN_NEEDESCAPE_TRAIL( val->bv_val[ s ] ) ) ) { str[ d++ ] = '\\'; @@ -2258,6 +2284,7 @@ strval2IA5strlen( struct berval *val, unsigned flags, ber_len_t *len ) } else { for ( l = 0, p = val->bv_val; p[ 0 ]; p++ ) { if ( LDAP_DN_NEEDESCAPE( p[ 0 ] ) + || LDAP_DN_SHOULDESCAPE( p[ 0 ] ) || ( p == val->bv_val && LDAP_DN_NEEDESCAPE_LEAD( p[ 0 ] ) ) || ( !p[ 1 ] && LDAP_DN_NEEDESCAPE_TRAIL( p[ 0 ] ) ) ) { l += 2; @@ -2306,6 +2333,7 @@ strval2IA5str( struct berval *val, char *str, unsigned flags, ber_len_t *len ) for ( s = 0, d = 0, end = val->bv_len - 1; s < val->bv_len; ) { if ( LDAP_DN_NEEDESCAPE( val->bv_val[ s ] ) + || LDAP_DN_SHOULDESCAPE( val->bv_val[ s ] ) || ( s == 0 && LDAP_DN_NEEDESCAPE_LEAD( val->bv_val[ s ] ) ) || ( s == end && LDAP_DN_NEEDESCAPE_TRAIL( val->bv_val[ s ] ) ) ) { str[ d++ ] = '\\'; diff --git a/tests/data/dn.out b/tests/data/dn.out index 9283cadd62..85bf04e49e 100644 --- a/tests/data/dn.out +++ b/tests/data/dn.out @@ -41,6 +41,14 @@ description: CN=\23John Smith\20,DC=example,DC=net description: CN=\#John Smith\ ,DC=example,DC=net description: CN=Lu\C4\8Di\C4\87 +dn: cn=Unescaped Equals,ou=LDAPv3,dc=example,dc=com +objectClass: groupOfNames +cn: Unescaped Equals +member: cn=Unescaped Equals,ou=LDAPv3,dc=example,dc=com +member: cn=A*x\3Db is a linear algebra problem,ou=LDAPv3,dc=example,dc=com +description: cn=A*x=b is a linear algebra problem,ou=LDAPv3,dc=example,dc=com + // unescaped EQUALS + dn: ou=LDAPv2,dc=example,dc=com objectClass: organizationalUnit ou: LDAPv2 diff --git a/tests/data/test-dn.ldif b/tests/data/test-dn.ldif index 625173f465..74c66ab3f1 100644 --- a/tests/data/test-dn.ldif +++ b/tests/data/test-dn.ldif @@ -56,6 +56,13 @@ member: 1.1.1= description: 1.3.6.1.4.1.1466.0=#04024869,DC=example,DC=com description: 1.1.1= +dn: cn=Unescaped Equals,ou=LDAPv3,dc=example,dc=com +objectClass: groupOfNames +cn: Unescaped Equals +member: cn=Unescaped Equals,ou=LDAPv3,dc=example,dc=com +member: cn=A*x=b is a linear algebra problem,ou=LDAPv3,dc=example,dc=com +description: cn=A*x=b is a linear algebra problem,ou=LDAPv3,dc=example,dc=com // unescaped EQUALS + dn: cn=Must Fail 1,ou=Groups,dc=example,dc=com objectClass: groupOfNames cn: Must Fail 1