From 292c575c1f8de2757524ffee9ea68229bbfcd733 Mon Sep 17 00:00:00 2001 From: Howard Chu Date: Fri, 28 Dec 2001 07:27:15 +0000 Subject: [PATCH] Added dnPrettyNormal, do both Pretty and Normalize at once to save some ldap_str2dn overhead. --- servers/slapd/add.c | 41 ++++--------------- servers/slapd/bind.c | 72 +++++++++++++--------------------- servers/slapd/dn.c | 80 ++++++++++++++++++++++++++++++++++++++ servers/slapd/proto-slap.h | 6 +++ servers/slapd/search.c | 54 +++++++++---------------- 5 files changed, 139 insertions(+), 114 deletions(-) diff --git a/servers/slapd/add.c b/servers/slapd/add.c index fe8cfed67a..4138104897 100644 --- a/servers/slapd/add.c +++ b/servers/slapd/add.c @@ -86,46 +86,19 @@ do_add( Connection *conn, Operation *op ) e->e_attrs = NULL; e->e_private = NULL; - { - struct berval *pdn = NULL; - rc = dnPretty( NULL, &dn, &pdn ); + rc = dnPrettyNormal( NULL, &dn, &e->e_name, &e->e_nname ); - if( rc != LDAP_SUCCESS ) { -#ifdef NEW_LOGGING - LDAP_LOG(( "operation", LDAP_LEVEL_ERR, - "do_add: conn %d invalid dn (%s)\n", conn->c_connid, - dn.bv_val )); -#else - Debug( LDAP_DEBUG_ANY, "do_add: invalid dn (%s)\n", dn.bv_val, 0, 0 ); -#endif - send_ldap_result( conn, op, rc = LDAP_INVALID_DN_SYNTAX, NULL, - "invalid DN", NULL, NULL ); - goto done; - } - - e->e_name = *pdn; - free( pdn ); - } - - { - struct berval *ndn = NULL; - rc = dnNormalize( NULL, &dn, &ndn ); - - if( rc != LDAP_SUCCESS ) { + if( rc != LDAP_SUCCESS ) { #ifdef NEW_LOGGING - LDAP_LOG(( "operation", LDAP_LEVEL_ERR, - "do_add: conn %d invalid dn (%s)\n", conn->c_connid, + LDAP_LOG(( "operation", LDAP_LEVEL_ERR, + "do_add: conn %d invalid dn (%s)\n", conn->c_connid, dn.bv_val )); #else - Debug( LDAP_DEBUG_ANY, "do_add: invalid dn (%s)\n", dn.bv_val, 0, 0 ); + Debug( LDAP_DEBUG_ANY, "do_add: invalid dn (%s)\n", dn.bv_val, 0, 0 ); #endif - send_ldap_result( conn, op, rc = LDAP_INVALID_DN_SYNTAX, NULL, + send_ldap_result( conn, op, rc = LDAP_INVALID_DN_SYNTAX, NULL, "invalid DN", NULL, NULL ); - goto done; - } - - e->e_nname = *ndn; - free( ndn ); + goto done; } #ifdef NEW_LOGGING diff --git a/servers/slapd/bind.c b/servers/slapd/bind.c index 2d51bf2f57..7a8d3b6e78 100644 --- a/servers/slapd/bind.c +++ b/servers/slapd/bind.c @@ -38,8 +38,8 @@ do_bind( ber_tag_t method; char *mech = NULL; struct berval dn = { 0, NULL }; - struct berval *pdn = NULL; - struct berval *ndn = NULL; + struct berval pdn = { 0, NULL }; + struct berval ndn = { 0, NULL }; ber_tag_t tag; int rc = LDAP_SUCCESS; const char *text; @@ -151,22 +151,7 @@ do_bind( goto cleanup; } - rc = dnPretty( NULL, &dn, &pdn ); - if ( rc != LDAP_SUCCESS ) { -#ifdef NEW_LOGGING - LDAP_LOG(( "operation", LDAP_LEVEL_INFO, - "do_bind: conn %d invalid dn (%s)\n", - conn->c_connid, dn.bv_val )); -#else - Debug( LDAP_DEBUG_ANY, "bind: invalid dn (%s)\n", - dn.bv_val, 0, 0 ); -#endif - send_ldap_result( conn, op, rc = LDAP_INVALID_DN_SYNTAX, NULL, - "invalid DN", NULL, NULL ); - goto cleanup; - } - - rc = dnNormalize( NULL, &dn, &ndn ); + rc = dnPrettyNormal( NULL, &dn, &pdn, &ndn ); if ( rc != LDAP_SUCCESS ) { #ifdef NEW_LOGGING LDAP_LOG(( "operation", LDAP_LEVEL_INFO, @@ -185,10 +170,10 @@ do_bind( #ifdef NEW_LOGGING LDAP_LOG(( "operation", LDAP_LEVEL_DETAIL1, "do_sasl_bind: conn %d dn (%s) mech %s\n", conn->c_connid, - pdn->bv_val, mech )); + pdn.bv_val, mech )); #else Debug( LDAP_DEBUG_TRACE, "do_sasl_bind: dn (%s) mech %s\n", - pdn->bv_val, mech, NULL ); + pdn.bv_val, mech, NULL ); #endif } else { @@ -196,17 +181,17 @@ do_bind( LDAP_LOG(( "operation", LDAP_LEVEL_DETAIL1, "do_bind: conn %d version=%ld dn=\"%s\" method=%ld\n", conn->c_connid, (unsigned long) version, - pdn->bv_val, (unsigned long)method )); + pdn.bv_val, (unsigned long)method )); #else Debug( LDAP_DEBUG_TRACE, "do_bind: version=%ld dn=\"%s\" method=%ld\n", (unsigned long) version, - pdn->bv_val, (unsigned long) method ); + pdn.bv_val, (unsigned long) method ); #endif } Statslog( LDAP_DEBUG_STATS, "conn=%ld op=%d BIND dn=\"%s\" method=%ld\n", - op->o_connid, op->o_opid, pdn->bv_val, (unsigned long) method, 0 ); + op->o_connid, op->o_opid, pdn.bv_val, (unsigned long) method, 0 ); if ( version < LDAP_VERSION_MIN || version > LDAP_VERSION_MAX ) { #ifdef NEW_LOGGING @@ -292,7 +277,7 @@ do_bind( edn = NULL; rc = slap_sasl_bind( conn, op, - pdn, ndn, + &pdn, &ndn, &cred, &edn, &ssf ); ldap_pvt_thread_mutex_lock( &conn->c_mutex ); @@ -350,7 +335,7 @@ do_bind( if ( method == LDAP_AUTH_SIMPLE ) { /* accept "anonymous" binds */ - if ( cred.bv_len == 0 || ndn->bv_len == 0 ) { + if ( cred.bv_len == 0 || ndn.bv_len == 0 ) { rc = LDAP_SUCCESS; text = NULL; @@ -360,7 +345,7 @@ do_bind( /* cred is not empty, disallow */ rc = LDAP_INVALID_CREDENTIALS; - } else if ( ndn->bv_len && + } else if ( ndn.bv_len && !( global_allows & SLAP_ALLOW_BIND_ANON_DN )) { /* DN is not empty, disallow */ @@ -402,11 +387,11 @@ do_bind( #ifdef NEW_LOGGING LDAP_LOG(( "operation", LDAP_LEVEL_INFO, "do_bind: conn %d v%d simple bind(%s) disallowed\n", - conn->c_connid, version, ndn )); + conn->c_connid, version, ndn.bv_val )); #else Debug( LDAP_DEBUG_TRACE, "do_bind: v%d simple bind(%s) disallowed\n", - version, ndn, 0 ); + version, ndn.bv_val, 0 ); #endif goto cleanup; } @@ -456,10 +441,10 @@ do_bind( * if we don't hold it. */ - if ( (be = select_backend( ndn, 0, 0 )) == NULL ) { + if ( (be = select_backend( &ndn, 0, 0 )) == NULL ) { if ( default_referral ) { struct berval **ref = referral_rewrite( default_referral, - NULL, pdn, LDAP_SCOPE_DEFAULT ); + NULL, &pdn, LDAP_SCOPE_DEFAULT ); send_ldap_result( conn, op, rc = LDAP_REFERRAL, NULL, NULL, ref ? ref : default_referral, NULL ); @@ -491,10 +476,10 @@ do_bind( struct berval edn = { 0, NULL }; /* deref suffix alias if appropriate */ - suffix_alias( be, ndn ); + suffix_alias( be, &ndn ); ret = (*be->be_bind)( be, conn, op, - pdn, ndn, method, &cred, &edn ); + &pdn, &ndn, method, &cred, &edn ); if ( ret == 0 ) { ldap_pvt_thread_mutex_lock( &conn->c_mutex ); @@ -502,16 +487,15 @@ do_bind( if(edn.bv_len) { conn->c_dn = edn; } else { - conn->c_dn.bv_val = ch_strdup( pdn->bv_val ); - conn->c_dn.bv_len = pdn->bv_len; + ber_dupbv( &conn->c_dn, &pdn ); } - conn->c_cdn = pdn->bv_val; - pdn->bv_val = NULL; - pdn->bv_len = 0; + conn->c_cdn = pdn.bv_val; + pdn.bv_val = NULL; + pdn.bv_len = 0; - conn->c_ndn = *ndn; - ndn->bv_val = NULL; - ndn->bv_len = 0; + conn->c_ndn = ndn; + ndn.bv_val = NULL; + ndn.bv_len = 0; if( conn->c_dn.bv_len != 0 ) { ber_len_t max = sockbuf_max_incoming; @@ -547,11 +531,11 @@ do_bind( cleanup: free( dn.bv_val ); - if( pdn != NULL ) { - ber_bvfree( pdn ); + if( pdn.bv_val != NULL ) { + free( pdn.bv_val ); } - if( ndn != NULL ) { - ber_bvfree( ndn ); + if( ndn.bv_val != NULL ) { + free( ndn.bv_val ); } if ( mech != NULL ) { free( mech ); diff --git a/servers/slapd/dn.c b/servers/slapd/dn.c index 95382c8f24..588fc4a1eb 100644 --- a/servers/slapd/dn.c +++ b/servers/slapd/dn.c @@ -419,6 +419,86 @@ dnPretty( return LDAP_SUCCESS; } +/* + * Combination of both dnPretty and dnNormalize + */ +int +dnPrettyNormal( + Syntax *syntax, + struct berval *val, + struct berval *pretty, + struct berval *normal) +{ + Debug( LDAP_DEBUG_TRACE, ">>> dnPrettyNormal: <%s>\n", val->bv_val, 0, 0 ); + + assert( val ); + assert( pretty ); + assert( normal ); + + if ( val->bv_len != 0 ) { + LDAPDN *dn = NULL; + char *dn_out = NULL; + int rc; + + pretty->bv_val = NULL; + normal->bv_val = NULL; + pretty->bv_len = 0; + normal->bv_len = 0; + + /* FIXME: should be liberal in what we accept */ + rc = ldap_str2dn( val->bv_val, &dn, LDAP_DN_FORMAT_LDAP ); + if ( rc != LDAP_SUCCESS ) { + return LDAP_INVALID_SYNTAX; + } + + /* + * Schema-aware rewrite + */ + if ( LDAPDN_rewrite( dn, SLAP_LDAPDN_PRETTY ) != LDAP_SUCCESS ) { + ldap_dnfree( dn ); + return LDAP_INVALID_SYNTAX; + } + + rc = ldap_dn2str( dn, &dn_out, + LDAP_DN_FORMAT_LDAPV3 | LDAP_DN_PRETTY ); + + if ( rc != LDAP_SUCCESS ) { + ldap_dnfree( dn ); + return LDAP_INVALID_SYNTAX; + } + + ber_str2bv( dn_out, 0, 0, pretty ); + + if ( LDAPDN_rewrite( dn, 0 ) != LDAP_SUCCESS ) { + ldap_dnfree( dn ); + free( pretty->bv_val ); + pretty->bv_val = NULL; + pretty->bv_len = 0; + return LDAP_INVALID_SYNTAX; + } + + rc = ldap_dn2str( dn, &dn_out, LDAP_DN_FORMAT_LDAPV3 ); + + ldap_dnfree( dn ); + if ( rc != LDAP_SUCCESS ) { + free( pretty->bv_val ); + pretty->bv_val = NULL; + pretty->bv_len = 0; + return LDAP_INVALID_SYNTAX; + } + + ber_str2bv( dn_out, 0, 0, normal ); + } else { + ber_dupbv( pretty, val ); + ber_dupbv( normal, val ); + } + + Debug( LDAP_DEBUG_TRACE, "<<< dnPrettyNormal: <%s>, <%s>\n", + pretty->bv_val, normal->bv_val, 0 ); + + return LDAP_SUCCESS; +} + /* * dnMatch routine */ diff --git a/servers/slapd/proto-slap.h b/servers/slapd/proto-slap.h index 1f9e392408..71d78ca13c 100644 --- a/servers/slapd/proto-slap.h +++ b/servers/slapd/proto-slap.h @@ -362,6 +362,12 @@ LDAP_SLAPD_F (int) dnPretty LDAP_P(( struct berval *val, struct berval **pretty )); +LDAP_SLAPD_F (int) dnPrettyNormal LDAP_P(( + Syntax *syntax, + struct berval *val, + struct berval *pretty, + struct berval *normal )); + LDAP_SLAPD_F (int) dnMatch LDAP_P(( int *matchp, slap_mask_t flags, diff --git a/servers/slapd/search.c b/servers/slapd/search.c index f8de23a687..31779e7963 100644 --- a/servers/slapd/search.c +++ b/servers/slapd/search.c @@ -34,8 +34,8 @@ do_search( ber_int_t scope, deref, attrsonly; ber_int_t sizelimit, timelimit; struct berval base = { 0, NULL }; - struct berval *pbase = NULL; - struct berval *nbase = NULL; + struct berval pbase = { 0, NULL }; + struct berval nbase = { 0, NULL }; struct berval fstr = { 0, NULL }; Filter *filter = NULL; struct berval **attrs = NULL; @@ -109,7 +109,7 @@ do_search( goto return_results; } - rc = dnPretty( NULL, &base, &pbase ); + rc = dnPrettyNormal( NULL, &base, &pbase, &nbase ); if( rc != LDAP_SUCCESS ) { #ifdef NEW_LOGGING LDAP_LOG(( "operation", LDAP_LEVEL_INFO, @@ -124,22 +124,6 @@ do_search( goto return_results; } - rc = dnNormalize( NULL, &base, &nbase ); - if( rc != LDAP_SUCCESS ) { -#ifdef NEW_LOGGING - LDAP_LOG(( "operation", LDAP_LEVEL_INFO, - "do_searc: conn %d invalid dn (%s)\n", - conn->c_connid, base.bv_val )); -#else - Debug( LDAP_DEBUG_ANY, - "do_search: invalid dn (%s)\n", base.bv_val, 0, 0 ); -#endif - send_ldap_result( conn, op, rc = LDAP_INVALID_DN_SYNTAX, NULL, - "invalid DN", NULL, NULL ); - goto return_results; - } - - #ifdef NEW_LOGGING LDAP_LOG(( "operation", LDAP_LEVEL_ARGS, "do_search \"%s\" %d %d %d %d %d\n", base.bv_val, scope, @@ -221,14 +205,14 @@ do_search( Statslog( LDAP_DEBUG_STATS, "conn=%ld op=%d SRCH base=\"%s\" scope=%d filter=\"%s\"\n", - op->o_connid, op->o_opid, pbase->bv_val, scope, fstr.bv_val ); + op->o_connid, op->o_opid, pbase.bv_val, scope, fstr.bv_val ); manageDSAit = get_manageDSAit( op ); if ( scope == LDAP_SCOPE_BASE ) { Entry *entry = NULL; - if ( strcasecmp( nbase->bv_val, LDAP_ROOT_DSE ) == 0 ) { + if ( strcasecmp( nbase.bv_val, LDAP_ROOT_DSE ) == 0 ) { #ifdef LDAP_CONNECTIONLESS /* Ignore LDAPv2 CLDAP DSE queries */ if (op->o_protocol==LDAP_VERSION2 && conn->c_is_udp) { @@ -247,7 +231,7 @@ do_search( } #if defined( SLAPD_SCHEMA_DN ) - else if ( strcasecmp( nbase->bv_val, SLAPD_SCHEMA_DN ) == 0 ) { + else if ( strcasecmp( nbase.bv_val, SLAPD_SCHEMA_DN ) == 0 ) { /* check restrictions */ rc = backend_check_restrictions( NULL, conn, op, NULL, &text ) ; if( rc != LDAP_SUCCESS ) { @@ -282,14 +266,12 @@ do_search( } } - if( !nbase->bv_len && default_search_nbase.bv_len ) { - ch_free( base.bv_val ); - ch_free( nbase->bv_val ); + if( !nbase.bv_len && default_search_nbase.bv_len ) { + ch_free( pbase.bv_val ); + ch_free( nbase.bv_val ); - base.bv_val = ch_strdup( default_search_base.bv_val ); - base.bv_len = default_search_base.bv_len; - nbase->bv_val = ch_strdup( default_search_nbase.bv_val ); - nbase->bv_len = default_search_nbase.bv_len; + ber_dupbv( &pbase, &default_search_base ); + ber_dupbv( &nbase, &default_search_nbase ); } /* @@ -297,9 +279,9 @@ do_search( * appropriate one, or send a referral to our "referral server" * if we don't hold it. */ - if ( (be = select_backend( nbase, manageDSAit, 1 )) == NULL ) { + if ( (be = select_backend( &nbase, manageDSAit, 1 )) == NULL ) { struct berval **ref = referral_rewrite( default_referral, - NULL, pbase, scope ); + NULL, &pbase, scope ); send_ldap_result( conn, op, rc = LDAP_REFERRAL, NULL, NULL, ref ? ref : default_referral, NULL ); @@ -317,17 +299,17 @@ do_search( } /* check for referrals */ - rc = backend_check_referrals( be, conn, op, pbase, nbase ); + rc = backend_check_referrals( be, conn, op, &pbase, &nbase ); if ( rc != LDAP_SUCCESS ) { goto return_results; } /* deref the base if needed */ - suffix_alias( be, nbase ); + suffix_alias( be, &nbase ); /* actually do the search and send the result(s) */ if ( be->be_search ) { - (*be->be_search)( be, conn, op, pbase, nbase, + (*be->be_search)( be, conn, op, &pbase, &nbase, scope, deref, sizelimit, timelimit, filter, fstr.bv_val, attrs, attrsonly ); } else { @@ -337,8 +319,8 @@ do_search( return_results:; free( base.bv_val ); - if( pbase != NULL) ber_bvfree( pbase ); - if( nbase != NULL) ber_bvfree( nbase ); + if( pbase.bv_val != NULL) free( pbase.bv_val ); + if( nbase.bv_val != NULL) free( nbase.bv_val ); if( fstr.bv_val != NULL) free( fstr.bv_val ); if( filter != NULL) filter_free( filter ); -- 2.39.5