search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Patrick Welche <prlw1@cam.ac.uk>
[netbsd-mini2440.git] / external / bsd / openldap / dist / servers / slapd / dn.c
blobb10434922f9a9713eccc11b2a094e02e5062d12d
1 /* dn.c - routines for dealing with distinguished names */
2 /* $OpenLDAP: pkg/ldap/servers/slapd/dn.c,v 1.182.2.8 2008/02/11 23:26:44 kurt Exp $ */
3 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
4 *
5 * Copyright 1998-2008 The OpenLDAP Foundation.
6 * All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted only as authorized by the OpenLDAP
10 * Public License.
11 *
12 * A copy of this license is available in the file LICENSE in the
13 * top-level directory of the distribution or, alternatively, at
14 * <http://www.OpenLDAP.org/license.html>.
15 */
16 /* Portions Copyright (c) 1995 Regents of the University of Michigan.
17 * All rights reserved.
18 *
19 * Redistribution and use in source and binary forms are permitted
20 * provided that this notice is preserved and that due credit is given
21 * to the University of Michigan at Ann Arbor. The name of the University
22 * may not be used to endorse or promote products derived from this
23 * software without specific prior written permission. This software
24 * is provided ``as is'' without express or implied warranty.
25 */
26
27 #include "portable.h"
28
29 #include <stdio.h>
30
31 #include <ac/ctype.h>
32 #include <ac/socket.h>
33 #include <ac/string.h>
34 #include <ac/time.h>
35
36 #include "slap.h"
37 #include "lutil.h"
38
39 /*
40 * The DN syntax-related functions take advantage of the dn representation
41 * handling functions ldap_str2dn/ldap_dn2str. The latter are not schema-
42 * aware, so the attributes and their values need be validated (and possibly
43 * normalized). In the current implementation the required validation/nor-
44 * malization/"pretty"ing are done on newly created DN structural represen-
45 * tations; however the idea is to move towards DN handling in structural
46 * representation instead of the current string representation. To this
47 * purpose, we need to do only the required operations and keep track of
48 * what has been done to minimize their impact on performances.
49 *
50 * Developers are strongly encouraged to use this feature, to speed-up
51 * its stabilization.
52 */
53
54 #define AVA_PRIVATE( ava ) ( ( AttributeDescription * )(ava)->la_private )
55
56 int slap_DN_strict = SLAP_AD_NOINSERT;
57
58 static int
59 LDAPRDN_validate( LDAPRDN rdn )
60 {
61 int iAVA;
62 int rc;
63
64 assert( rdn != NULL );
65
66 for ( iAVA = 0; rdn[ iAVA ]; iAVA++ ) {
67 LDAPAVA *ava = rdn[ iAVA ];
68 AttributeDescription *ad;
69 slap_syntax_validate_func *validate = NULL;
70
71 assert( ava != NULL );
72
73 if ( ( ad = AVA_PRIVATE( ava ) ) == NULL ) {
74 const char *text = NULL;
75
76 rc = slap_bv2ad( &ava->la_attr, &ad, &text );
77 if ( rc != LDAP_SUCCESS ) {
78 rc = slap_bv2undef_ad( &ava->la_attr,
79 &ad, &text,
80 SLAP_AD_PROXIED|slap_DN_strict );
81 if ( rc != LDAP_SUCCESS ) {
82 return LDAP_INVALID_SYNTAX;
83 }
84 }
85
86 ava->la_private = ( void * )ad;
87 }
88
89 /*
90 * Do not allow X-ORDERED 'VALUES' naming attributes
91 */
92 if ( ad->ad_type->sat_flags & SLAP_AT_ORDERED_VAL ) {
93 return LDAP_INVALID_SYNTAX;
94 }
95
96 /*
97 * Replace attr oid/name with the canonical name
98 */
99 ava->la_attr = ad->ad_cname;
100
101 validate = ad->ad_type->sat_syntax->ssyn_validate;
102
103 if ( validate ) {
104 /*
105 * validate value by validate function
106 */
107 rc = ( *validate )( ad->ad_type->sat_syntax,
108 &ava->la_value );
109
110 if ( rc != LDAP_SUCCESS ) {
111 return LDAP_INVALID_SYNTAX;
112 }
113 }
114 }
115
116 return LDAP_SUCCESS;
117 }
118
119 /*
120 * In-place, schema-aware validation of the
121 * structural representation of a distinguished name.
122 */
123 static int
124 LDAPDN_validate( LDAPDN dn )
125 {
126 int iRDN;
127 int rc;
128
129 assert( dn != NULL );
130
131 for ( iRDN = 0; dn[ iRDN ]; iRDN++ ) {
132 rc = LDAPRDN_validate( dn[ iRDN ] );
133 if ( rc != LDAP_SUCCESS ) {
134 return rc;
135 }
136 }
137
138 return LDAP_SUCCESS;
139 }
140
141 /*
142 * dn validate routine
143 */
144 int
145 dnValidate(
146 Syntax *syntax,
147 struct berval *in )
148 {
149 int rc;
150 LDAPDN dn = NULL;
151
152 assert( in != NULL );
153
154 if ( in->bv_len == 0 ) {
155 return LDAP_SUCCESS;
156
157 } else if ( in->bv_len > SLAP_LDAPDN_MAXLEN ) {
158 return LDAP_INVALID_SYNTAX;
159 }
160
161 rc = ldap_bv2dn( in, &dn, LDAP_DN_FORMAT_LDAP );
162 if ( rc != LDAP_SUCCESS ) {
163 return LDAP_INVALID_SYNTAX;
164 }
165
166 assert( strlen( in->bv_val ) == in->bv_len );
167
168 /*
169 * Schema-aware validate
170 */
171 rc = LDAPDN_validate( dn );
172 ldap_dnfree( dn );
173
174 if ( rc != LDAP_SUCCESS ) {
175 return LDAP_INVALID_SYNTAX;
176 }
177
178 return LDAP_SUCCESS;
179 }
180
181 int
182 rdnValidate(
183 Syntax *syntax,
184 struct berval *in )
185 {
186 int rc;
187 LDAPRDN rdn;
188 char* p;
189
190 assert( in != NULL );
191 if ( in->bv_len == 0 ) {
192 return LDAP_SUCCESS;
193
194 } else if ( in->bv_len > SLAP_LDAPDN_MAXLEN ) {
195 return LDAP_INVALID_SYNTAX;
196 }
197
198 rc = ldap_bv2rdn_x( in , &rdn, (char **) &p,
199 LDAP_DN_FORMAT_LDAP, NULL);
200 if ( rc != LDAP_SUCCESS ) {
201 return LDAP_INVALID_SYNTAX;
202 }
203
204 assert( strlen( in->bv_val ) == in->bv_len );
205
206 /*
207 * Schema-aware validate
208 */
209 rc = LDAPRDN_validate( rdn );
210 ldap_rdnfree( rdn );
211
212 if ( rc != LDAP_SUCCESS ) {
213 return LDAP_INVALID_SYNTAX;
214 }
215
216 return LDAP_SUCCESS;
217 }
218
219
220 /*
221 * AVA sorting inside a RDN
222 *
223 * rule: sort attributeTypes in alphabetical order; in case of multiple
224 * occurrences of the same attributeType, sort values in byte order
225 * (use memcmp, which implies alphabetical order in case of IA5 value;
226 * this should guarantee the repeatability of the operation).
227 *
228 * Note: the sorting can be slightly improved by sorting first
229 * by attribute type length, then by alphabetical order.
230 *
231 * uses an insertion sort; should be fine since the number of AVAs in
232 * a RDN should be limited.
233 */
234 static int
235 AVA_Sort( LDAPRDN rdn, int nAVAs )
236 {
237 LDAPAVA *ava_i;
238 int i;
239
240 assert( rdn != NULL );
241
242 for ( i = 1; i < nAVAs; i++ ) {
243 LDAPAVA *ava_j;
244 int j;
245
246 ava_i = rdn[ i ];
247 for ( j = i-1; j >=0; j-- ) {
248 int a;
249
250 ava_j = rdn[ j ];
251 a = strcmp( ava_i->la_attr.bv_val, ava_j->la_attr.bv_val );
252
253 if ( a == 0 ) {
254 int d;
255
256 d = ava_i->la_value.bv_len - ava_j->la_value.bv_len;
257
258 a = memcmp( ava_i->la_value.bv_val,
259 ava_j->la_value.bv_val,
260 d <= 0 ? ava_i->la_value.bv_len
261 : ava_j->la_value.bv_len );
262
263 if ( a == 0 ) {
264 a = d;
265 }
266 }
267 /* Duplicates are not allowed */
268 if ( a == 0 )
269 return LDAP_INVALID_DN_SYNTAX;
270
271 if ( a > 0 )
272 break;
273
274 rdn[ j+1 ] = rdn[ j ];
275 }
276 rdn[ j+1 ] = ava_i;
277 }
278 return LDAP_SUCCESS;
279 }
280
281 static int
282 LDAPRDN_rewrite( LDAPRDN rdn, unsigned flags, void *ctx )
283 {
284
285 int rc, iAVA, do_sort = 0;
286
287 for ( iAVA = 0; rdn[ iAVA ]; iAVA++ ) {
288 LDAPAVA *ava = rdn[ iAVA ];
289 AttributeDescription *ad;
290 slap_syntax_validate_func *validf = NULL;
291 slap_mr_normalize_func *normf = NULL;
292 slap_syntax_transform_func *transf = NULL;
293 MatchingRule *mr = NULL;
294 struct berval bv = BER_BVNULL;
295
296 assert( ava != NULL );
297
298 if ( ( ad = AVA_PRIVATE( ava ) ) == NULL ) {
299 const char *text = NULL;
300
301 rc = slap_bv2ad( &ava->la_attr, &ad, &text );
302 if ( rc != LDAP_SUCCESS ) {
303 rc = slap_bv2undef_ad( &ava->la_attr,
304 &ad, &text,
305 SLAP_AD_PROXIED|slap_DN_strict );
306 if ( rc != LDAP_SUCCESS ) {
307 return LDAP_INVALID_SYNTAX;
308 }
309 }
310
311 ava->la_private = ( void * )ad;
312 do_sort = 1;
313 }
314
315 /*
316 * Replace attr oid/name with the canonical name
317 */
318 ava->la_attr = ad->ad_cname;
319
320 if( ava->la_flags & LDAP_AVA_BINARY ) {
321 if( ava->la_value.bv_len == 0 ) {
322 /* BER encoding is empty */
323 return LDAP_INVALID_SYNTAX;
324 }
325
326 /* Do not allow X-ORDERED 'VALUES' naming attributes */
327 } else if( ad->ad_type->sat_flags & SLAP_AT_ORDERED_VAL ) {
328 return LDAP_INVALID_SYNTAX;
329
330 /* AVA is binary encoded, don't muck with it */
331 } else if( flags & SLAP_LDAPDN_PRETTY ) {
332 transf = ad->ad_type->sat_syntax->ssyn_pretty;
333 if( !transf ) {
334 validf = ad->ad_type->sat_syntax->ssyn_validate;
335 }
336 } else { /* normalization */
337 validf = ad->ad_type->sat_syntax->ssyn_validate;
338 mr = ad->ad_type->sat_equality;
339 if( mr && (!( mr->smr_usage & SLAP_MR_MUTATION_NORMALIZER ))) {
340 normf = mr->smr_normalize;
341 }
342 }
343
344 if ( validf ) {
345 /* validate value before normalization */
346 rc = ( *validf )( ad->ad_type->sat_syntax,
347 ava->la_value.bv_len
348 ? &ava->la_value
349 : (struct berval *) &slap_empty_bv );
350
351 if ( rc != LDAP_SUCCESS ) {
352 return LDAP_INVALID_SYNTAX;
353 }
354 }
355
356 if ( transf ) {
357 /*
358 * transform value by pretty function
359 * if value is empty, use empty_bv
360 */
361 rc = ( *transf )( ad->ad_type->sat_syntax,
362 ava->la_value.bv_len
363 ? &ava->la_value
364 : (struct berval *) &slap_empty_bv,
365 &bv, ctx );
366
367 if ( rc != LDAP_SUCCESS ) {
368 return LDAP_INVALID_SYNTAX;
369 }
370 }
371
372 if ( normf ) {
373 /*
374 * normalize value
375 * if value is empty, use empty_bv
376 */
377 rc = ( *normf )(
378 SLAP_MR_VALUE_OF_ASSERTION_SYNTAX,
379 ad->ad_type->sat_syntax,
380 mr,
381 ava->la_value.bv_len
382 ? &ava->la_value
383 : (struct berval *) &slap_empty_bv,
384 &bv, ctx );
385
386 if ( rc != LDAP_SUCCESS ) {
387 return LDAP_INVALID_SYNTAX;
388 }
389 }
390
391
392 if( bv.bv_val ) {
393 if ( ava->la_flags & LDAP_AVA_FREE_VALUE )
394 ber_memfree_x( ava->la_value.bv_val, ctx );
395 ava->la_value = bv;
396 ava->la_flags |= LDAP_AVA_FREE_VALUE;
397 }
398 }
399 rc = LDAP_SUCCESS;
400
401 if ( do_sort ) {
402 rc = AVA_Sort( rdn, iAVA );
403 }
404
405 return rc;
406 }
407
408 /*
409 * In-place, schema-aware normalization / "pretty"ing of the
410 * structural representation of a distinguished name.
411 */
412 static int
413 LDAPDN_rewrite( LDAPDN dn, unsigned flags, void *ctx )
414 {
415 int iRDN;
416 int rc;
417
418 assert( dn != NULL );
419
420 for ( iRDN = 0; dn[ iRDN ]; iRDN++ ) {
421 rc = LDAPRDN_rewrite( dn[ iRDN ], flags, ctx );
422 if ( rc != LDAP_SUCCESS ) {
423 return rc;
424 }
425 }
426
427 return LDAP_SUCCESS;
428 }
429
430 int
431 dnNormalize(
432 slap_mask_t use,
433 Syntax *syntax,
434 MatchingRule *mr,
435 struct berval *val,
436 struct berval *out,
437 void *ctx)
438 {
439 assert( val != NULL );
440 assert( out != NULL );
441
442 Debug( LDAP_DEBUG_TRACE, ">>> dnNormalize: <%s>\n", val->bv_val ? val->bv_val : "", 0, 0 );
443
444 if ( val->bv_len != 0 ) {
445 LDAPDN dn = NULL;
446 int rc;
447
448 /*
449 * Go to structural representation
450 */
451 rc = ldap_bv2dn_x( val, &dn, LDAP_DN_FORMAT_LDAP, ctx );
452 if ( rc != LDAP_SUCCESS ) {
453 return LDAP_INVALID_SYNTAX;
454 }
455
456 assert( strlen( val->bv_val ) == val->bv_len );
457
458 /*
459 * Schema-aware rewrite
460 */
461 if ( LDAPDN_rewrite( dn, 0, ctx ) != LDAP_SUCCESS ) {
462 ldap_dnfree_x( dn, ctx );
463 return LDAP_INVALID_SYNTAX;
464 }
465
466 /*
467 * Back to string representation
468 */
469 rc = ldap_dn2bv_x( dn, out,
470 LDAP_DN_FORMAT_LDAPV3 | LDAP_DN_PRETTY, ctx );
471
472 ldap_dnfree_x( dn, ctx );
473
474 if ( rc != LDAP_SUCCESS ) {
475 return LDAP_INVALID_SYNTAX;
476 }
477 } else {
478 ber_dupbv_x( out, val, ctx );
479 }
480
481 Debug( LDAP_DEBUG_TRACE, "<<< dnNormalize: <%s>\n", out->bv_val ? out->bv_val : "", 0, 0 );
482
483 return LDAP_SUCCESS;
484 }
485
486 int
487 rdnNormalize(
488 slap_mask_t use,
489 Syntax *syntax,
490 MatchingRule *mr,
491 struct berval *val,
492 struct berval *out,
493 void *ctx)
494 {
495 assert( val != NULL );
496 assert( out != NULL );
497
498 Debug( LDAP_DEBUG_TRACE, ">>> dnNormalize: <%s>\n", val->bv_val ? val->bv_val : "", 0, 0 );
499 if ( val->bv_len != 0 ) {
500 LDAPRDN rdn = NULL;
501 int rc;
502 char* p;
503
504 /*
505 * Go to structural representation
506 */
507 rc = ldap_bv2rdn_x( val , &rdn, (char **) &p,
508 LDAP_DN_FORMAT_LDAP, ctx);
509
510 if ( rc != LDAP_SUCCESS ) {
511 return LDAP_INVALID_SYNTAX;
512 }
513
514 assert( strlen( val->bv_val ) == val->bv_len );
515
516 /*
517 * Schema-aware rewrite
518 */
519 if ( LDAPRDN_rewrite( rdn, 0, ctx ) != LDAP_SUCCESS ) {
520 ldap_rdnfree_x( rdn, ctx );
521 return LDAP_INVALID_SYNTAX;
522 }
523
524 /*
525 * Back to string representation
526 */
527 rc = ldap_rdn2bv_x( rdn, out,
528 LDAP_DN_FORMAT_LDAPV3 | LDAP_DN_PRETTY, ctx );
529
530 ldap_rdnfree_x( rdn, ctx );
531
532 if ( rc != LDAP_SUCCESS ) {
533 return LDAP_INVALID_SYNTAX;
534 }
535 } else {
536 ber_dupbv_x( out, val, ctx );
537 }
538
539 Debug( LDAP_DEBUG_TRACE, "<<< dnNormalize: <%s>\n", out->bv_val ? out->bv_val : "", 0, 0 );
540
541 return LDAP_SUCCESS;
542 }
543
544 int
545 dnPretty(
546 Syntax *syntax,
547 struct berval *val,
548 struct berval *out,
549 void *ctx)
550 {
551 assert( val != NULL );
552 assert( out != NULL );
553
554 Debug( LDAP_DEBUG_TRACE, ">>> dnPretty: <%s>\n", val->bv_val ? val->bv_val : "", 0, 0 );
555
556 if ( val->bv_len == 0 ) {
557 ber_dupbv_x( out, val, ctx );
558
559 } else if ( val->bv_len > SLAP_LDAPDN_MAXLEN ) {
560 return LDAP_INVALID_SYNTAX;
561
562 } else {
563 LDAPDN dn = NULL;
564 int rc;
565
566 /* FIXME: should be liberal in what we accept */
567 rc = ldap_bv2dn_x( val, &dn, LDAP_DN_FORMAT_LDAP, ctx );
568 if ( rc != LDAP_SUCCESS ) {
569 return LDAP_INVALID_SYNTAX;
570 }
571
572 assert( strlen( val->bv_val ) == val->bv_len );
573
574 /*
575 * Schema-aware rewrite
576 */
577 if ( LDAPDN_rewrite( dn, SLAP_LDAPDN_PRETTY, ctx ) != LDAP_SUCCESS ) {
578 ldap_dnfree_x( dn, ctx );
579 return LDAP_INVALID_SYNTAX;
580 }
581
582 /* FIXME: not sure why the default isn't pretty */
583 /* RE: the default is the form that is used as
584 * an internal representation; the pretty form
585 * is a variant */
586 rc = ldap_dn2bv_x( dn, out,
587 LDAP_DN_FORMAT_LDAPV3 | LDAP_DN_PRETTY, ctx );
588
589 ldap_dnfree_x( dn, ctx );
590
591 if ( rc != LDAP_SUCCESS ) {
592 return LDAP_INVALID_SYNTAX;
593 }
594 }
595
596 Debug( LDAP_DEBUG_TRACE, "<<< dnPretty: <%s>\n", out->bv_val ? out->bv_val : "", 0, 0 );
597
598 return LDAP_SUCCESS;
599 }
600
601 int
602 rdnPretty(
603 Syntax *syntax,
604 struct berval *val,
605 struct berval *out,
606 void *ctx)
607 {
608 assert( val != NULL );
609 assert( out != NULL );
610
611 Debug( LDAP_DEBUG_TRACE, ">>> rdnPretty: <%s>\n", val->bv_val ? val->bv_val : "", 0, 0 );
612
613 if ( val->bv_len == 0 ) {
614 ber_dupbv_x( out, val, ctx );
615
616 } else if ( val->bv_len > SLAP_LDAPDN_MAXLEN ) {
617 return LDAP_INVALID_SYNTAX;
618
619 } else {
620 LDAPRDN rdn = NULL;
621 int rc;
622 char* p;
623
624 /* FIXME: should be liberal in what we accept */
625 rc = ldap_bv2rdn_x( val , &rdn, (char **) &p,
626 LDAP_DN_FORMAT_LDAP, ctx);
627 if ( rc != LDAP_SUCCESS ) {
628 return LDAP_INVALID_SYNTAX;
629 }
630
631 assert( strlen( val->bv_val ) == val->bv_len );
632
633 /*
634 * Schema-aware rewrite
635 */
636 if ( LDAPRDN_rewrite( rdn, SLAP_LDAPDN_PRETTY, ctx ) != LDAP_SUCCESS ) {
637 ldap_rdnfree_x( rdn, ctx );
638 return LDAP_INVALID_SYNTAX;
639 }
640
641 /* FIXME: not sure why the default isn't pretty */
642 /* RE: the default is the form that is used as
643 * an internal representation; the pretty form
644 * is a variant */
645 rc = ldap_rdn2bv_x( rdn, out,
646 LDAP_DN_FORMAT_LDAPV3 | LDAP_DN_PRETTY, ctx );
647
648 ldap_rdnfree_x( rdn, ctx );
649
650 if ( rc != LDAP_SUCCESS ) {
651 return LDAP_INVALID_SYNTAX;
652 }
653 }
654
655 Debug( LDAP_DEBUG_TRACE, "<<< dnPretty: <%s>\n", out->bv_val ? out->bv_val : "", 0, 0 );
656
657 return LDAP_SUCCESS;
658 }
659
660
661 int
662 dnPrettyNormalDN(
663 Syntax *syntax,
664 struct berval *val,
665 LDAPDN *dn,
666 int flags,
667 void *ctx )
668 {
669 assert( val != NULL );
670 assert( dn != NULL );
671
672 Debug( LDAP_DEBUG_TRACE, ">>> dn%sDN: <%s>\n",
673 flags == SLAP_LDAPDN_PRETTY ? "Pretty" : "Normal",
674 val->bv_val ? val->bv_val : "", 0 );
675
676 if ( val->bv_len == 0 ) {
677 return LDAP_SUCCESS;
678
679 } else if ( val->bv_len > SLAP_LDAPDN_MAXLEN ) {
680 return LDAP_INVALID_SYNTAX;
681
682 } else {
683 int rc;
684
685 /* FIXME: should be liberal in what we accept */
686 rc = ldap_bv2dn_x( val, dn, LDAP_DN_FORMAT_LDAP, ctx );
687 if ( rc != LDAP_SUCCESS ) {
688 return LDAP_INVALID_SYNTAX;
689 }
690
691 assert( strlen( val->bv_val ) == val->bv_len );
692
693 /*
694 * Schema-aware rewrite
695 */
696 if ( LDAPDN_rewrite( *dn, flags, ctx ) != LDAP_SUCCESS ) {
697 ldap_dnfree_x( *dn, ctx );
698 *dn = NULL;
699 return LDAP_INVALID_SYNTAX;
700 }
701 }
702
703 Debug( LDAP_DEBUG_TRACE, "<<< dn%sDN\n",
704 flags == SLAP_LDAPDN_PRETTY ? "Pretty" : "Normal",
705 0, 0 );
706
707 return LDAP_SUCCESS;
708 }
709
710 /*
711 * Combination of both dnPretty and dnNormalize
712 */
713 int
714 dnPrettyNormal(
715 Syntax *syntax,
716 struct berval *val,
717 struct berval *pretty,
718 struct berval *normal,
719 void *ctx)
720 {
721 Debug( LDAP_DEBUG_TRACE, ">>> dnPrettyNormal: <%s>\n", val->bv_val ? val->bv_val : "", 0, 0 );
722
723 assert( val != NULL );
724 assert( pretty != NULL );
725 assert( normal != NULL );
726
727 if ( val->bv_len == 0 ) {
728 ber_dupbv_x( pretty, val, ctx );
729 ber_dupbv_x( normal, val, ctx );
730
731 } else if ( val->bv_len > SLAP_LDAPDN_MAXLEN ) {
732 /* too big */
733 return LDAP_INVALID_SYNTAX;
734
735 } else {
736 LDAPDN dn = NULL;
737 int rc;
738
739 pretty->bv_val = NULL;
740 normal->bv_val = NULL;
741 pretty->bv_len = 0;
742 normal->bv_len = 0;
743
744 /* FIXME: should be liberal in what we accept */
745 rc = ldap_bv2dn_x( val, &dn, LDAP_DN_FORMAT_LDAP, ctx );
746 if ( rc != LDAP_SUCCESS ) {
747 return LDAP_INVALID_SYNTAX;
748 }
749
750 assert( strlen( val->bv_val ) == val->bv_len );
751
752 /*
753 * Schema-aware rewrite
754 */
755 if ( LDAPDN_rewrite( dn, SLAP_LDAPDN_PRETTY, ctx ) != LDAP_SUCCESS ) {
756 ldap_dnfree_x( dn, ctx );
757 return LDAP_INVALID_SYNTAX;
758 }
759
760 rc = ldap_dn2bv_x( dn, pretty,
761 LDAP_DN_FORMAT_LDAPV3 | LDAP_DN_PRETTY, ctx );
762
763 if ( rc != LDAP_SUCCESS ) {
764 ldap_dnfree_x( dn, ctx );
765 return LDAP_INVALID_SYNTAX;
766 }
767
768 if ( LDAPDN_rewrite( dn, 0, ctx ) != LDAP_SUCCESS ) {
769 ldap_dnfree_x( dn, ctx );
770 ber_memfree_x( pretty->bv_val, ctx );
771 pretty->bv_val = NULL;
772 pretty->bv_len = 0;
773 return LDAP_INVALID_SYNTAX;
774 }
775
776 rc = ldap_dn2bv_x( dn, normal,
777 LDAP_DN_FORMAT_LDAPV3 | LDAP_DN_PRETTY, ctx );
778
779 ldap_dnfree_x( dn, ctx );
780 if ( rc != LDAP_SUCCESS ) {
781 ber_memfree_x( pretty->bv_val, ctx );
782 pretty->bv_val = NULL;
783 pretty->bv_len = 0;
784 return LDAP_INVALID_SYNTAX;
785 }
786 }
787
788 Debug( LDAP_DEBUG_TRACE, "<<< dnPrettyNormal: <%s>, <%s>\n",
789 pretty->bv_val ? pretty->bv_val : "",
790 normal->bv_val ? normal->bv_val : "", 0 );
791
792 return LDAP_SUCCESS;
793 }
794
795 /*
796 * dnMatch routine
797 */
798 int
799 dnMatch(
800 int *matchp,
801 slap_mask_t flags,
802 Syntax *syntax,
803 MatchingRule *mr,
804 struct berval *value,
805 void *assertedValue )
806 {
807 int match;
808 struct berval *asserted = (struct berval *) assertedValue;
809
810 assert( matchp != NULL );
811 assert( value != NULL );
812 assert( assertedValue != NULL );
813 assert( !BER_BVISNULL( value ) );
814 assert( !BER_BVISNULL( asserted ) );
815
816 match = value->bv_len - asserted->bv_len;
817
818 if ( match == 0 ) {
819 match = memcmp( value->bv_val, asserted->bv_val,
820 value->bv_len );
821 }
822
823 Debug( LDAP_DEBUG_ARGS, "dnMatch %d\n\t\"%s\"\n\t\"%s\"\n",
824 match, value->bv_val, asserted->bv_val );
825
826 *matchp = match;
827 return LDAP_SUCCESS;
828 }
829
830 /*
831 * dnRelativeMatch routine
832 */
833 int
834 dnRelativeMatch(
835 int *matchp,
836 slap_mask_t flags,
837 Syntax *syntax,
838 MatchingRule *mr,
839 struct berval *value,
840 void *assertedValue )
841 {
842 int match;
843 struct berval *asserted = (struct berval *) assertedValue;
844
845 assert( matchp != NULL );
846 assert( value != NULL );
847 assert( assertedValue != NULL );
848 assert( !BER_BVISNULL( value ) );
849 assert( !BER_BVISNULL( asserted ) );
850
851 if( mr == slap_schema.si_mr_dnSubtreeMatch ) {
852 if( asserted->bv_len > value->bv_len ) {
853 match = -1;
854 } else if ( asserted->bv_len == value->bv_len ) {
855 match = memcmp( value->bv_val, asserted->bv_val,
856 value->bv_len );
857 } else {
858 if( DN_SEPARATOR(
859 value->bv_val[value->bv_len - asserted->bv_len - 1] ))
860 {
861 match = memcmp(
862 &value->bv_val[value->bv_len - asserted->bv_len],
863 asserted->bv_val,
864 asserted->bv_len );
865 } else {
866 match = 1;
867 }
868 }
869
870 *matchp = match;
871 return LDAP_SUCCESS;
872 }
873
874 if( mr == slap_schema.si_mr_dnSuperiorMatch ) {
875 asserted = value;
876 value = (struct berval *) assertedValue;
877 mr = slap_schema.si_mr_dnSubordinateMatch;
878 }
879
880 if( mr == slap_schema.si_mr_dnSubordinateMatch ) {
881 if( asserted->bv_len >= value->bv_len ) {
882 match = -1;
883 } else {
884 if( DN_SEPARATOR(
885 value->bv_val[value->bv_len - asserted->bv_len - 1] ))
886 {
887 match = memcmp(
888 &value->bv_val[value->bv_len - asserted->bv_len],
889 asserted->bv_val,
890 asserted->bv_len );
891 } else {
892 match = 1;
893 }
894 }
895
896 *matchp = match;
897 return LDAP_SUCCESS;
898 }
899
900 if( mr == slap_schema.si_mr_dnOneLevelMatch ) {
901 if( asserted->bv_len >= value->bv_len ) {
902 match = -1;
903 } else {
904 if( DN_SEPARATOR(
905 value->bv_val[value->bv_len - asserted->bv_len - 1] ))
906 {
907 match = memcmp(
908 &value->bv_val[value->bv_len - asserted->bv_len],
909 asserted->bv_val,
910 asserted->bv_len );
911
912 if( !match ) {
913 struct berval rdn;
914 rdn.bv_val = value->bv_val;
915 rdn.bv_len = value->bv_len - asserted->bv_len - 1;
916 match = dnIsOneLevelRDN( &rdn ) ? 0 : 1;
917 }
918 } else {
919 match = 1;
920 }
921 }
922
923 *matchp = match;
924 return LDAP_SUCCESS;
925 }
926
927 /* should not be reachable */
928 assert( 0 );
929 return LDAP_OTHER;
930 }
931
932 int
933 rdnMatch(
934 int *matchp,
935 slap_mask_t flags,
936 Syntax *syntax,
937 MatchingRule *mr,
938 struct berval *value,
939 void *assertedValue )
940 {
941 int match;
942 struct berval *asserted = (struct berval *) assertedValue;
943
944 assert( matchp != NULL );
945 assert( value != NULL );
946 assert( assertedValue != NULL );
947
948 match = value->bv_len - asserted->bv_len;
949
950 if ( match == 0 ) {
951 match = memcmp( value->bv_val, asserted->bv_val,
952 value->bv_len );
953 }
954
955 Debug( LDAP_DEBUG_ARGS, "rdnMatch %d\n\t\"%s\"\n\t\"%s\"\n",
956 match, value->bv_val, asserted->bv_val );
957
958 *matchp = match;
959 return LDAP_SUCCESS;
960 }
961
962
963 /*
964 * dnParent - dn's parent, in-place
965 * note: the incoming dn is assumed to be normalized/prettyfied,
966 * so that escaped rdn/ava separators are in '\'+hexpair form
967 *
968 * note: "dn" and "pdn" can point to the same berval;
969 * beware that, in this case, the pointer to the original buffer
970 * will get lost.
971 */
972 void
973 dnParent(
974 struct berval *dn,
975 struct berval *pdn )
976 {
977 char *p;
978
979 p = ber_bvchr( dn, ',' );
980
981 /* one-level dn */
982 if ( p == NULL ) {
983 pdn->bv_len = 0;
984 pdn->bv_val = dn->bv_val + dn->bv_len;
985 return;
986 }
987
988 assert( DN_SEPARATOR( p[ 0 ] ) );
989 p++;
990
991 assert( ATTR_LEADCHAR( p[ 0 ] ) );
992 pdn->bv_len = dn->bv_len - (p - dn->bv_val);
993 pdn->bv_val = p;
994
995 return;
996 }
997
998 /*
999 * dnRdn - dn's rdn, in-place
1000 * note: the incoming dn is assumed to be normalized/prettyfied,
1001 * so that escaped rdn/ava separators are in '\'+hexpair form
1002 */
1003 void
1004 dnRdn(
1005 struct berval *dn,
1006 struct berval *rdn )
1007 {
1008 char *p;
1009
1010 *rdn = *dn;
1011 p = ber_bvchr( dn, ',' );
1012
1013 /* one-level dn */
1014 if ( p == NULL ) {
1015 return;
1016 }
1017
1018 assert( DN_SEPARATOR( p[ 0 ] ) );
1019 assert( ATTR_LEADCHAR( p[ 1 ] ) );
1020 rdn->bv_len = p - dn->bv_val;
1021
1022 return;
1023 }
1024
1025 int
1026 dnExtractRdn(
1027 struct berval *dn,
1028 struct berval *rdn,
1029 void *ctx )
1030 {
1031 LDAPRDN tmpRDN;
1032 const char *p;
1033 int rc;
1034
1035 assert( dn != NULL );
1036 assert( rdn != NULL );
1037
1038 if( dn->bv_len == 0 ) {
1039 return LDAP_OTHER;
1040 }
1041
1042 rc = ldap_bv2rdn_x( dn, &tmpRDN, (char **)&p, LDAP_DN_FORMAT_LDAP, ctx );
1043 if ( rc != LDAP_SUCCESS ) {
1044 return rc;
1045 }
1046
1047 rc = ldap_rdn2bv_x( tmpRDN, rdn, LDAP_DN_FORMAT_LDAPV3 | LDAP_DN_PRETTY,
1048 ctx );
1049
1050 ldap_rdnfree_x( tmpRDN, ctx );
1051 return rc;
1052 }
1053
1054 /*
1055 * We can assume the input is a prettied or normalized DN
1056 */
1057 ber_len_t
1058 dn_rdnlen(
1059 Backend *be,
1060 struct berval *dn_in )
1061 {
1062 const char *p;
1063
1064 assert( dn_in != NULL );
1065
1066 if ( dn_in == NULL ) {
1067 return 0;
1068 }
1069
1070 if ( !dn_in->bv_len ) {
1071 return 0;
1072 }
1073
1074 if ( be != NULL && be_issuffix( be, dn_in ) ) {
1075 return 0;
1076 }
1077
1078 p = ber_bvchr( dn_in, ',' );
1079
1080 return p ? p - dn_in->bv_val : dn_in->bv_len;
1081 }
1082
1083
1084 /* rdnValidate:
1085 *
1086 * LDAP_SUCCESS if rdn is a legal rdn;
1087 * LDAP_INVALID_SYNTAX otherwise (including a sequence of rdns)
1088 */
1089 int
1090 rdn_validate( struct berval *rdn )
1091 {
1092 #if 1
1093 /* Major cheat!
1094 * input is a pretty or normalized DN
1095 * hence, we can just search for ','
1096 */
1097 if( rdn == NULL || rdn->bv_len == 0 ||
1098 rdn->bv_len > SLAP_LDAPDN_MAXLEN )
1099 {
1100 return LDAP_INVALID_SYNTAX;
1101 }
1102 return ber_bvchr( rdn, ',' ) == NULL
1103 ? LDAP_SUCCESS : LDAP_INVALID_SYNTAX;
1104
1105 #else
1106 LDAPRDN *RDN, **DN[ 2 ] = { &RDN, NULL };
1107 const char *p;
1108 int rc;
1109
1110 /*
1111 * must be non-empty
1112 */
1113 if ( rdn == NULL || rdn == '\0' ) {
1114 return 0;
1115 }
1116
1117 /*
1118 * must be parsable
1119 */
1120 rc = ldap_bv2rdn( rdn, &RDN, (char **)&p, LDAP_DN_FORMAT_LDAP );
1121 if ( rc != LDAP_SUCCESS ) {
1122 return 0;
1123 }
1124
1125 /*
1126 * Must be one-level
1127 */
1128 if ( p[ 0 ] != '\0' ) {
1129 return 0;
1130 }
1131
1132 /*
1133 * Schema-aware validate
1134 */
1135 if ( rc == LDAP_SUCCESS ) {
1136 rc = LDAPDN_validate( DN );
1137 }
1138 ldap_rdnfree( RDN );
1139
1140 /*
1141 * Must validate (there's a repeated parsing ...)
1142 */
1143 return ( rc == LDAP_SUCCESS );
1144 #endif
1145 }
1146
1147
1148 /* build_new_dn:
1149 *
1150 * Used by back-bdb back_modrdn to create the new dn of entries being
1151 * renamed.
1152 *
1153 * new_dn = parent (p_dn) + separator + rdn (newrdn) + null.
1154 */
1155
1156 void
1157 build_new_dn( struct berval * new_dn,
1158 struct berval * parent_dn,
1159 struct berval * newrdn,
1160 void *memctx )
1161 {
1162 char *ptr;
1163
1164 if ( parent_dn == NULL || parent_dn->bv_len == 0 ) {
1165 ber_dupbv_x( new_dn, newrdn, memctx );
1166 return;
1167 }
1168
1169 new_dn->bv_len = parent_dn->bv_len + newrdn->bv_len + 1;
1170 new_dn->bv_val = (char *) slap_sl_malloc( new_dn->bv_len + 1, memctx );
1171
1172 ptr = lutil_strncopy( new_dn->bv_val, newrdn->bv_val, newrdn->bv_len );
1173 *ptr++ = ',';
1174 strcpy( ptr, parent_dn->bv_val );
1175 }
1176
1177
1178 /*
1179 * dnIsSuffix - tells whether suffix is a suffix of dn.
1180 * Both dn and suffix must be normalized.
1181 */
1182 int
1183 dnIsSuffix(
1184 const struct berval *dn,
1185 const struct berval *suffix )
1186 {
1187 int d = dn->bv_len - suffix->bv_len;
1188
1189 assert( dn != NULL );
1190 assert( suffix != NULL );
1191
1192 /* empty suffix matches any dn */
1193 if ( suffix->bv_len == 0 ) {
1194 return 1;
1195 }
1196
1197 /* suffix longer than dn */
1198 if ( d < 0 ) {
1199 return 0;
1200 }
1201
1202 /* no rdn separator or escaped rdn separator */
1203 if ( d > 1 && !DN_SEPARATOR( dn->bv_val[ d - 1 ] ) ) {
1204 return 0;
1205 }
1206
1207 /* no possible match or malformed dn */
1208 if ( d == 1 ) {
1209 return 0;
1210 }
1211
1212 /* compare */
1213 return( strcmp( dn->bv_val + d, suffix->bv_val ) == 0 );
1214 }
1215
1216 int
1217 dnIsOneLevelRDN( struct berval *rdn )
1218 {
1219 ber_len_t len = rdn->bv_len;
1220 for ( ; len--; ) {
1221 if ( DN_SEPARATOR( rdn->bv_val[ len ] ) ) {
1222 return 0;
1223 }
1224 }
1225
1226 return 1;
1227 }
1228
1229 #ifdef HAVE_TLS
1230 static SLAP_CERT_MAP_FN *DNX509PeerNormalizeCertMap = NULL;
1231 #endif
1232
1233 int register_certificate_map_function(SLAP_CERT_MAP_FN *fn)
1234 {
1235 #ifdef HAVE_TLS
1236 if ( DNX509PeerNormalizeCertMap == NULL ) {
1237 DNX509PeerNormalizeCertMap = fn;
1238 return 0;
1239 }
1240 #endif
1241
1242 return -1;
1243 }
1244
1245 /*
1246 * Convert an X.509 DN into a normalized LDAP DN
1247 */
1248 int
1249 dnX509normalize( void *x509_name, struct berval *out )
1250 {
1251 /* Invoke the LDAP library's converter with our schema-rewriter */
1252 int rc = ldap_X509dn2bv( x509_name, out, LDAPDN_rewrite, 0 );
1253
1254 Debug( LDAP_DEBUG_TRACE,
1255 "dnX509Normalize: <%s> (%d)\n",
1256 BER_BVISNULL( out ) ? "(null)" : out->bv_val, rc, 0 );
1257
1258 return rc;
1259 }
1260
1261 #ifdef HAVE_TLS
1262 /*
1263 * Get the TLS session's peer's DN into a normalized LDAP DN
1264 */
1265 int
1266 dnX509peerNormalize( void *ssl, struct berval *dn )
1267 {
1268 int rc = LDAP_INVALID_CREDENTIALS;
1269
1270 if ( DNX509PeerNormalizeCertMap != NULL )
1271 rc = (*DNX509PeerNormalizeCertMap)( ssl, dn );
1272
1273 if ( rc != LDAP_SUCCESS ) {
1274 rc = ldap_pvt_tls_get_peer_dn( ssl, dn,
1275 (LDAPDN_rewrite_dummy *)LDAPDN_rewrite, 0 );
1276 }
1277
1278 return rc;
1279 }
1280 #endif
NetBSD on the FriendlyARM MINI2440