From 67ed3982fb78a0eb0712c7980aa0a6e51d58ca2d Mon Sep 17 00:00:00 2001
From: Pierangelo Masarati <ando@openldap.org>
Date: Thu, 6 Dec 2001 11:50:17 +0000
Subject: [PATCH] now dnValidate loops thru each value; added private member to
 LDAPAVA to hold the attribute description

---
 include/ldap.h              |  2 +
 libraries/libldap/getdn.c   |  2 +
 servers/slapd/schema_init.c | 81 ++++++++++++++++++++++++++++++++++---
 3 files changed, 79 insertions(+), 6 deletions(-)

diff --git a/include/ldap.h b/include/ldap.h
index 9572a67aa1..e6d1481d4c 100644
--- a/include/ldap.h
+++ b/include/ldap.h
@@ -1171,6 +1171,8 @@ typedef struct ldap_ava {
 #define LDAP_AVA_STRING		0x0000U
 #define LDAP_AVA_BINARY		0x0001U
 #define LDAP_AVA_NONPRINTABLE	0x0002U
+
+	void *la_private;
 } LDAPAVA;
 
 typedef LDAPAVA** LDAPRDN;
diff --git a/libraries/libldap/getdn.c b/libraries/libldap/getdn.c
index 986557abfc..764695e491 100644
--- a/libraries/libldap/getdn.c
+++ b/libraries/libldap/getdn.c
@@ -753,6 +753,8 @@ ldapava_new( const struct berval *attr, const struct berval *val,
 	ava->la_value = ( struct berval * )val;
 	ava->la_flags = flags;
 
+	ava->la_private = NULL;
+
 	return( ava );
 }
 
diff --git a/servers/slapd/schema_init.c b/servers/slapd/schema_init.c
index 8437777e12..5a717d6935 100644
--- a/servers/slapd/schema_init.c
+++ b/servers/slapd/schema_init.c
@@ -223,6 +223,66 @@ int octetStringFilter(
 }
 
 #ifdef USE_LDAP_DN_PARSING
+
+#define	AVA_PRIVATE( ava ) ( ( AttributeDescription * )(ava)->la_private )
+
+/*
+ * In-place, schema-aware validation of the
+ * structural representation of a distinguished name.
+ */
+static int
+LDAPDN_validate( LDAPDN *dn )
+{
+	int 		iRDN;
+	int 		rc;
+
+	assert( dn );
+
+	for ( iRDN = 0; dn[ iRDN ]; iRDN++ ) {
+		LDAPRDN		*rdn = dn[ iRDN ][ 0 ];
+		int		iAVA;
+
+		for ( iAVA = 0; rdn[ iAVA ]; iAVA++ ) {
+			LDAPAVA			*ava = rdn[ iAVA ][ 0 ];
+			AttributeDescription	*ad;
+			slap_syntax_validate_func *validate = NULL;
+			
+			if ( ( ad = AVA_PRIVATE( ava ) ) == NULL ) {
+				const char	*text = NULL;
+
+				rc = slap_bv2ad( ava->la_attr, &ad, &text );
+				if ( rc != LDAP_SUCCESS ) {
+					return LDAP_INVALID_SYNTAX;
+				}
+
+				ava->la_private = ( void * )ad;
+			}
+
+			/* 
+			 * Replace attr oid/name with the canonical name
+			 */
+			ber_bvfree( ava->la_attr );
+			ava->la_attr = ber_bvdup( &ad->ad_cname );
+
+			validate = ad->ad_type->sat_syntax->ssyn_validate;
+
+			if ( validate ) {
+				/*
+			 	 * validate value by validate function
+				 */
+				rc = ( *validate )( ad->ad_type->sat_syntax,
+					ava->la_value );
+			
+				if ( rc != LDAP_SUCCESS ) {
+					return LDAP_INVALID_SYNTAX;
+				}
+			}
+		}
+	}
+
+	return LDAP_SUCCESS;
+}
+
 static int
 dnValidate(
 	Syntax *syntax,
@@ -238,8 +298,12 @@ dnValidate(
 	rc = ldap_str2dn( in->bv_val, &dn, LDAP_DN_FORMAT_LDAP );
 
 	/*
-	 * Fixme: should we also validate each DN component?
+	 * Schema-aware validate
 	 */
+	if ( rc == LDAP_SUCCESS ) {
+		rc = LDAPDN_validate( dn );
+	}
+	
 	ldapava_free_dn( dn );
 	
 	if ( rc != LDAP_SUCCESS ) {
@@ -328,15 +392,20 @@ LDAPDN_rewrite( LDAPDN *dn, unsigned flags )
 
 		for ( iAVA = 0; rdn[ iAVA ]; iAVA++ ) {
 			LDAPAVA			*ava = rdn[ iAVA ][ 0 ];
-			AttributeDescription	*ad = NULL;
-			const char		*text = NULL;
+			AttributeDescription	*ad;
 			slap_syntax_transform_func *transf = NULL;
 			MatchingRule *mr;
 			struct berval		*bv = NULL;
 
-			rc = slap_bv2ad( ava->la_attr, &ad, &text );
-			if ( rc != LDAP_SUCCESS ) {
-				return LDAP_INVALID_SYNTAX;
+			if ( ( ad = AVA_PRIVATE( ava ) ) == NULL ) {
+				const char	*text = NULL;
+
+				rc = slap_bv2ad( ava->la_attr, &ad, &text );
+				if ( rc != LDAP_SUCCESS ) {
+					return LDAP_INVALID_SYNTAX;
+				}
+				
+				ava->la_private = ( void * )ad;
 			}
 
 			/* 
-- 
2.39.5