search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
No empty .Rs/.Re
[netbsd-mini2440.git] / external / bsd / openldap / dist / libraries / libldap / getdn.c
blob24087f604269b8d20f3f6af01fdb0901a31edeac
1 /* $OpenLDAP: pkg/ldap/libraries/libldap/getdn.c,v 1.130.2.3 2008/02/11 23:26:41 kurt Exp $ */
2 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
3 *
4 * Copyright 1998-2008 The OpenLDAP Foundation.
5 * All rights reserved.
6 *
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted only as authorized by the OpenLDAP
9 * Public License.
10 *
11 * A copy of this license is available in the file LICENSE in the
12 * top-level directory of the distribution or, alternatively, at
13 * <http://www.OpenLDAP.org/license.html>.
14 */
15 /* Portions Copyright (c) 1994 Regents of the University of Michigan.
16 * All rights reserved.
17 */
18
19 #include "portable.h"
20
21 #include <stdio.h>
22
23 #include <ac/stdlib.h>
24 #include <ac/socket.h>
25 #include <ac/string.h>
26 #include <ac/time.h>
27
28 #include "ldap-int.h"
29 #include "ldap_schema.h"
30
31 /* extension to UFN that turns trailing "dc=value" rdns in DNS style,
32 * e.g. "ou=People,dc=openldap,dc=org" => "People, openldap.org" */
33 #define DC_IN_UFN
34
35 /* parsing/printing routines */
36 static int str2strval( const char *str, ber_len_t stoplen, struct berval *val,
37 const char **next, unsigned flags, int *retFlags, void *ctx );
38 static int DCE2strval( const char *str, struct berval *val,
39 const char **next, unsigned flags, void *ctx );
40 static int IA52strval( const char *str, struct berval *val,
41 const char **next, unsigned flags, void *ctx );
42 static int quotedIA52strval( const char *str, struct berval *val,
43 const char **next, unsigned flags, void *ctx );
44 static int hexstr2binval( const char *str, struct berval *val,
45 const char **next, unsigned flags, void *ctx );
46 static int hexstr2bin( const char *str, char *c );
47 static int byte2hexpair( const char *val, char *pair );
48 static int binval2hexstr( struct berval *val, char *str );
49 static int strval2strlen( struct berval *val, unsigned flags,
50 ber_len_t *len );
51 static int strval2str( struct berval *val, char *str, unsigned flags,
52 ber_len_t *len );
53 static int strval2IA5strlen( struct berval *val, unsigned flags,
54 ber_len_t *len );
55 static int strval2IA5str( struct berval *val, char *str, unsigned flags,
56 ber_len_t *len );
57 static int strval2DCEstrlen( struct berval *val, unsigned flags,
58 ber_len_t *len );
59 static int strval2DCEstr( struct berval *val, char *str, unsigned flags,
60 ber_len_t *len );
61 static int strval2ADstrlen( struct berval *val, unsigned flags,
62 ber_len_t *len );
63 static int strval2ADstr( struct berval *val, char *str, unsigned flags,
64 ber_len_t *len );
65 static int dn2domain( LDAPDN dn, struct berval *bv, int pos, int *iRDN );
66
67 /* AVA helpers */
68 static LDAPAVA * ldapava_new(
69 const struct berval *attr, const struct berval *val, unsigned flags, void *ctx );
70
71 /* Higher level helpers */
72 static int rdn2strlen( LDAPRDN rdn, unsigned flags, ber_len_t *len,
73 int ( *s2l )( struct berval *, unsigned, ber_len_t * ) );
74 static int rdn2str( LDAPRDN rdn, char *str, unsigned flags, ber_len_t *len,
75 int ( *s2s )( struct berval *, char *, unsigned, ber_len_t * ));
76 static int rdn2UFNstrlen( LDAPRDN rdn, unsigned flags, ber_len_t *len );
77 static int rdn2UFNstr( LDAPRDN rdn, char *str, unsigned flags, ber_len_t *len );
78 static int rdn2DCEstrlen( LDAPRDN rdn, unsigned flags, ber_len_t *len );
79 static int rdn2DCEstr( LDAPRDN rdn, char *str, unsigned flag, ber_len_t *len, int first );
80 static int rdn2ADstrlen( LDAPRDN rdn, unsigned flags, ber_len_t *len );
81 static int rdn2ADstr( LDAPRDN rdn, char *str, unsigned flags, ber_len_t *len, int first );
82
83 /*
84 * RFC 1823 ldap_get_dn
85 */
86 char *
87 ldap_get_dn( LDAP *ld, LDAPMessage *entry )
88 {
89 char *dn;
90 BerElement tmp;
91
92 Debug( LDAP_DEBUG_TRACE, "ldap_get_dn\n", 0, 0, 0 );
93
94 assert( ld != NULL );
95 assert( LDAP_VALID(ld) );
96 assert( entry != NULL );
97
98 tmp = *entry->lm_ber; /* struct copy */
99 if ( ber_scanf( &tmp, "{a" /*}*/, &dn ) == LBER_ERROR ) {
100 ld->ld_errno = LDAP_DECODING_ERROR;
101 return( NULL );
102 }
103
104 return( dn );
105 }
106
107 int
108 ldap_get_dn_ber( LDAP *ld, LDAPMessage *entry, BerElement **berout,
109 BerValue *dn )
110 {
111 BerElement tmp, *ber;
112 ber_len_t len = 0;
113 int rc = LDAP_SUCCESS;
114
115 Debug( LDAP_DEBUG_TRACE, "ldap_get_dn_ber\n", 0, 0, 0 );
116
117 assert( ld != NULL );
118 assert( LDAP_VALID(ld) );
119 assert( entry != NULL );
120 assert( dn != NULL );
121
122 dn->bv_val = NULL;
123 dn->bv_len = 0;
124
125 if ( berout ) {
126 *berout = NULL;
127 ber = ldap_alloc_ber_with_options( ld );
128 if( ber == NULL ) {
129 return LDAP_NO_MEMORY;
130 }
131 *berout = ber;
132 } else {
133 ber = &tmp;
134 }
135
136 *ber = *entry->lm_ber; /* struct copy */
137 if ( ber_scanf( ber, "{ml{" /*}*/, dn, &len ) == LBER_ERROR ) {
138 rc = ld->ld_errno = LDAP_DECODING_ERROR;
139 }
140 if ( rc == LDAP_SUCCESS ) {
141 /* set the length to avoid overrun */
142 rc = ber_set_option( ber, LBER_OPT_REMAINING_BYTES, &len );
143 if( rc != LBER_OPT_SUCCESS ) {
144 rc = ld->ld_errno = LDAP_LOCAL_ERROR;
145 }
146 }
147 if ( rc != LDAP_SUCCESS && berout ) {
148 ber_free( ber, 0 );
149 *berout = NULL;
150 }
151 return rc;
152 }
153
154 /*
155 * RFC 1823 ldap_dn2ufn
156 */
157 char *
158 ldap_dn2ufn( LDAP_CONST char *dn )
159 {
160 char *out = NULL;
161
162 Debug( LDAP_DEBUG_TRACE, "ldap_dn2ufn\n", 0, 0, 0 );
163
164 ( void )ldap_dn_normalize( dn, LDAP_DN_FORMAT_LDAP,
165 &out, LDAP_DN_FORMAT_UFN );
166
167 return( out );
168 }
169
170 /*
171 * RFC 1823 ldap_explode_dn
172 */
173 char **
174 ldap_explode_dn( LDAP_CONST char *dn, int notypes )
175 {
176 LDAPDN tmpDN;
177 char **values = NULL;
178 int iRDN;
179 unsigned flag = notypes ? LDAP_DN_FORMAT_UFN : LDAP_DN_FORMAT_LDAPV3;
180
181 Debug( LDAP_DEBUG_TRACE, "ldap_explode_dn\n", 0, 0, 0 );
182
183 if ( ldap_str2dn( dn, &tmpDN, LDAP_DN_FORMAT_LDAP )
184 != LDAP_SUCCESS ) {
185 return NULL;
186 }
187
188 if( tmpDN == NULL ) {
189 values = LDAP_MALLOC( sizeof( char * ) );
190 if( values == NULL ) return NULL;
191
192 values[0] = NULL;
193 return values;
194 }
195
196 for ( iRDN = 0; tmpDN[ iRDN ]; iRDN++ );
197
198 values = LDAP_MALLOC( sizeof( char * ) * ( 1 + iRDN ) );
199 if ( values == NULL ) {
200 ldap_dnfree( tmpDN );
201 return NULL;
202 }
203
204 for ( iRDN = 0; tmpDN[ iRDN ]; iRDN++ ) {
205 ldap_rdn2str( tmpDN[ iRDN ], &values[ iRDN ], flag );
206 }
207 ldap_dnfree( tmpDN );
208 values[ iRDN ] = NULL;
209
210 return values;
211 }
212
213 char **
214 ldap_explode_rdn( LDAP_CONST char *rdn, int notypes )
215 {
216 LDAPRDN tmpRDN;
217 char **values = NULL;
218 const char *p;
219 int iAVA;
220
221 Debug( LDAP_DEBUG_TRACE, "ldap_explode_rdn\n", 0, 0, 0 );
222
223 /*
224 * we only parse the first rdn
225 * FIXME: we prefer efficiency over checking if the _ENTIRE_
226 * dn can be parsed
227 */
228 if ( ldap_str2rdn( rdn, &tmpRDN, (char **) &p, LDAP_DN_FORMAT_LDAP )
229 != LDAP_SUCCESS ) {
230 return( NULL );
231 }
232
233 for ( iAVA = 0; tmpRDN[ iAVA ]; iAVA++ ) ;
234 values = LDAP_MALLOC( sizeof( char * ) * ( 1 + iAVA ) );
235 if ( values == NULL ) {
236 ldap_rdnfree( tmpRDN );
237 return( NULL );
238 }
239
240 for ( iAVA = 0; tmpRDN[ iAVA ]; iAVA++ ) {
241 ber_len_t l = 0, vl, al = 0;
242 char *str;
243 LDAPAVA *ava = tmpRDN[ iAVA ];
244
245 if ( ava->la_flags & LDAP_AVA_BINARY ) {
246 vl = 1 + 2 * ava->la_value.bv_len;
247
248 } else {
249 if ( strval2strlen( &ava->la_value,
250 ava->la_flags, &vl ) ) {
251 goto error_return;
252 }
253 }
254
255 if ( !notypes ) {
256 al = ava->la_attr.bv_len;
257 l = vl + ava->la_attr.bv_len + 1;
258
259 str = LDAP_MALLOC( l + 1 );
260 AC_MEMCPY( str, ava->la_attr.bv_val,
261 ava->la_attr.bv_len );
262 str[ al++ ] = '=';
263
264 } else {
265 l = vl;
266 str = LDAP_MALLOC( l + 1 );
267 }
268
269 if ( ava->la_flags & LDAP_AVA_BINARY ) {
270 str[ al++ ] = '#';
271 if ( binval2hexstr( &ava->la_value, &str[ al ] ) ) {
272 goto error_return;
273 }
274
275 } else {
276 if ( strval2str( &ava->la_value, &str[ al ],
277 ava->la_flags, &vl ) ) {
278 goto error_return;
279 }
280 }
281
282 str[ l ] = '\0';
283 values[ iAVA ] = str;
284 }
285 values[ iAVA ] = NULL;
286
287 ldap_rdnfree( tmpRDN );
288
289 return( values );
290
291 error_return:;
292 LBER_VFREE( values );
293 ldap_rdnfree( tmpRDN );
294 return( NULL );
295 }
296
297 char *
298 ldap_dn2dcedn( LDAP_CONST char *dn )
299 {
300 char *out = NULL;
301
302 Debug( LDAP_DEBUG_TRACE, "ldap_dn2dcedn\n", 0, 0, 0 );
303
304 ( void )ldap_dn_normalize( dn, LDAP_DN_FORMAT_LDAP,
305 &out, LDAP_DN_FORMAT_DCE );
306
307 return( out );
308 }
309
310 char *
311 ldap_dcedn2dn( LDAP_CONST char *dce )
312 {
313 char *out = NULL;
314
315 Debug( LDAP_DEBUG_TRACE, "ldap_dcedn2dn\n", 0, 0, 0 );
316
317 ( void )ldap_dn_normalize( dce, LDAP_DN_FORMAT_DCE, &out, LDAP_DN_FORMAT_LDAPV3 );
318
319 return( out );
320 }
321
322 char *
323 ldap_dn2ad_canonical( LDAP_CONST char *dn )
324 {
325 char *out = NULL;
326
327 Debug( LDAP_DEBUG_TRACE, "ldap_dn2ad_canonical\n", 0, 0, 0 );
328
329 ( void )ldap_dn_normalize( dn, LDAP_DN_FORMAT_LDAP,
330 &out, LDAP_DN_FORMAT_AD_CANONICAL );
331
332 return( out );
333 }
334
335 /*
336 * function that changes the string representation of dnin
337 * from ( fin & LDAP_DN_FORMAT_MASK ) to ( fout & LDAP_DN_FORMAT_MASK )
338 *
339 * fin can be one of:
340 * LDAP_DN_FORMAT_LDAP (RFC 4514 liberal, plus some RFC 1779)
341 * LDAP_DN_FORMAT_LDAPV3 (RFC 4514)
342 * LDAP_DN_FORMAT_LDAPV2 (RFC 1779)
343 * LDAP_DN_FORMAT_DCE (?)
344 *
345 * fout can be any of the above except
346 * LDAP_DN_FORMAT_LDAP
347 * plus:
348 * LDAP_DN_FORMAT_UFN (RFC 1781, partial and with extensions)
349 * LDAP_DN_FORMAT_AD_CANONICAL (?)
350 */
351 int
352 ldap_dn_normalize( LDAP_CONST char *dnin,
353 unsigned fin, char **dnout, unsigned fout )
354 {
355 int rc;
356 LDAPDN tmpDN = NULL;
357
358 Debug( LDAP_DEBUG_TRACE, "ldap_dn_normalize\n", 0, 0, 0 );
359
360 assert( dnout != NULL );
361
362 *dnout = NULL;
363
364 if ( dnin == NULL ) {
365 return( LDAP_SUCCESS );
366 }
367
368 rc = ldap_str2dn( dnin , &tmpDN, fin );
369 if ( rc != LDAP_SUCCESS ) {
370 return( rc );
371 }
372
373 rc = ldap_dn2str( tmpDN, dnout, fout );
374
375 ldap_dnfree( tmpDN );
376
377 return( rc );
378 }
379
380 /* States */
381 #define B4AVA 0x0000
382
383 /* #define B4ATTRTYPE 0x0001 */
384 #define B4OIDATTRTYPE 0x0002
385 #define B4STRINGATTRTYPE 0x0003
386
387 #define B4AVAEQUALS 0x0100
388 #define B4AVASEP 0x0200
389 #define B4RDNSEP 0x0300
390 #define GOTAVA 0x0400
391
392 #define B4ATTRVALUE 0x0010
393 #define B4STRINGVALUE 0x0020
394 #define B4IA5VALUEQUOTED 0x0030
395 #define B4IA5VALUE 0x0040
396 #define B4BINARYVALUE 0x0050
397
398 /*
399 * Helpers (mostly from slap.h)
400 * c is assumed to Unicode in an ASCII compatible format (UTF-8)
401 * Macros assume "C" Locale (ASCII)
402 */
403 #define LDAP_DN_ASCII_SPACE(c) \
404 ( (c) == ' ' || (c) == '\t' || (c) == '\n' || (c) == '\r' )
405 #define LDAP_DN_ASCII_LOWER(c) LDAP_LOWER(c)
406 #define LDAP_DN_ASCII_UPPER(c) LDAP_UPPER(c)
407 #define LDAP_DN_ASCII_ALPHA(c) LDAP_ALPHA(c)
408
409 #define LDAP_DN_ASCII_DIGIT(c) LDAP_DIGIT(c)
410 #define LDAP_DN_ASCII_LCASE_HEXALPHA(c) LDAP_HEXLOWER(c)
411 #define LDAP_DN_ASCII_UCASE_HEXALPHA(c) LDAP_HEXUPPER(c)
412 #define LDAP_DN_ASCII_HEXDIGIT(c) LDAP_HEX(c)
413 #define LDAP_DN_ASCII_ALNUM(c) LDAP_ALNUM(c)
414 #define LDAP_DN_ASCII_PRINTABLE(c) ( (c) >= ' ' && (c) <= '~' )
415
416 /* attribute type */
417 #define LDAP_DN_OID_LEADCHAR(c) LDAP_DIGIT(c)
418 #define LDAP_DN_DESC_LEADCHAR(c) LDAP_ALPHA(c)
419 #define LDAP_DN_DESC_CHAR(c) LDAP_LDH(c)
420 #define LDAP_DN_LANG_SEP(c) ( (c) == ';' )
421 #define LDAP_DN_ATTRDESC_CHAR(c) \
422 ( LDAP_DN_DESC_CHAR(c) || LDAP_DN_LANG_SEP(c) )
423
424 /* special symbols */
425 #define LDAP_DN_AVA_EQUALS(c) ( (c) == '=' )
426 #define LDAP_DN_AVA_SEP(c) ( (c) == '+' )
427 #define LDAP_DN_RDN_SEP(c) ( (c) == ',' )
428 #define LDAP_DN_RDN_SEP_V2(c) ( LDAP_DN_RDN_SEP(c) || (c) == ';' )
429 #define LDAP_DN_OCTOTHORPE(c) ( (c) == '#' )
430 #define LDAP_DN_QUOTES(c) ( (c) == '\"' )
431 #define LDAP_DN_ESCAPE(c) ( (c) == '\\' )
432 #define LDAP_DN_VALUE_END(c) \
433 ( LDAP_DN_RDN_SEP(c) || LDAP_DN_AVA_SEP(c) )
434
435 /* NOTE: according to RFC 4514, '=' can be escaped and treated as special,
436 * i.e. escaped both as "\<hexpair>" and * as "\=", but it is treated as
437 * a regular char, i.e. it can also appear as '='.
438 *
439 * As such, in 2.2 we used to allow reading unescaped '=', but we always
440 * produced escaped '\3D'; this changes since 2.3, if compatibility issues
441 * do not arise
442 */
443 #define LDAP_DN_NE(c) \
444 ( LDAP_DN_RDN_SEP_V2(c) || LDAP_DN_AVA_SEP(c) \
445 || LDAP_DN_QUOTES(c) \
446 || (c) == '<' || (c) == '>' )
447 #define LDAP_DN_MAYESCAPE(c) \
448 ( LDAP_DN_ESCAPE(c) || LDAP_DN_NE(c) \
449 || LDAP_DN_AVA_EQUALS(c) \
450 || LDAP_DN_ASCII_SPACE(c) || LDAP_DN_OCTOTHORPE(c) )
451 #define LDAP_DN_SHOULDESCAPE(c) ( LDAP_DN_AVA_EQUALS(c) )
452
453 #define LDAP_DN_NEEDESCAPE(c) \
454 ( LDAP_DN_ESCAPE(c) || LDAP_DN_NE(c) )
455 #define LDAP_DN_NEEDESCAPE_LEAD(c) LDAP_DN_MAYESCAPE(c)
456 #define LDAP_DN_NEEDESCAPE_TRAIL(c) \
457 ( LDAP_DN_ASCII_SPACE(c) || LDAP_DN_NEEDESCAPE(c) )
458 #define LDAP_DN_WILLESCAPE_CHAR(c) \
459 ( LDAP_DN_RDN_SEP(c) || LDAP_DN_AVA_SEP(c) || LDAP_DN_ESCAPE(c) )
460 #define LDAP_DN_IS_PRETTY(f) ( (f) & LDAP_DN_PRETTY )
461 #define LDAP_DN_WILLESCAPE_HEX(f, c) \
462 ( ( !LDAP_DN_IS_PRETTY( f ) ) && LDAP_DN_WILLESCAPE_CHAR(c) )
463
464 /* LDAPv2 */
465 #define LDAP_DN_VALUE_END_V2(c) \
466 ( LDAP_DN_RDN_SEP_V2(c) || LDAP_DN_AVA_SEP(c) )
467 /* RFC 1779 */
468 #define LDAP_DN_V2_SPECIAL(c) \
469 ( LDAP_DN_RDN_SEP_V2(c) || LDAP_DN_AVA_EQUALS(c) \
470 || LDAP_DN_AVA_SEP(c) || (c) == '<' || (c) == '>' \
471 || LDAP_DN_OCTOTHORPE(c) )
472 #define LDAP_DN_V2_PAIR(c) \
473 ( LDAP_DN_V2_SPECIAL(c) || LDAP_DN_ESCAPE(c) || LDAP_DN_QUOTES(c) )
474
475 /*
476 * DCE (mostly from Luke Howard and IBM implementation for AIX)
477 *
478 * From: "Application Development Guide - Directory Services" (FIXME: add link?)
479 * Here escapes and valid chars for GDS are considered; as soon as more
480 * specific info is found, the macros will be updated.
481 *
482 * Chars: 'a'-'z', 'A'-'Z', '0'-'9',
483 * '.', ':', ',', ''', '+', '-', '=', '(', ')', '?', '/', ' '.
484 *
485 * Metachars: '/', ',', '=', '\'.
486 *
487 * the '\' is used to escape other metachars.
488 *
489 * Assertion: '='
490 * RDN separator: '/'
491 * AVA separator: ','
492 *
493 * Attribute types must start with alphabetic chars and can contain
494 * alphabetic chars and digits (FIXME: no '-'?). OIDs are allowed.
495 */
496 #define LDAP_DN_RDN_SEP_DCE(c) ( (c) == '/' )
497 #define LDAP_DN_AVA_SEP_DCE(c) ( (c) == ',' )
498 #define LDAP_DN_ESCAPE_DCE(c) ( LDAP_DN_ESCAPE(c) )
499 #define LDAP_DN_VALUE_END_DCE(c) \
500 ( LDAP_DN_RDN_SEP_DCE(c) || LDAP_DN_AVA_SEP_DCE(c) )
501 #define LDAP_DN_NEEDESCAPE_DCE(c) \
502 ( LDAP_DN_VALUE_END_DCE(c) || LDAP_DN_AVA_EQUALS(c) )
503
504 /* AD Canonical */
505 #define LDAP_DN_RDN_SEP_AD(c) ( (c) == '/' )
506 #define LDAP_DN_ESCAPE_AD(c) ( LDAP_DN_ESCAPE(c) )
507 #define LDAP_DN_AVA_SEP_AD(c) ( (c) == ',' ) /* assume same as DCE */
508 #define LDAP_DN_VALUE_END_AD(c) \
509 ( LDAP_DN_RDN_SEP_AD(c) || LDAP_DN_AVA_SEP_AD(c) )
510 #define LDAP_DN_NEEDESCAPE_AD(c) \
511 ( LDAP_DN_VALUE_END_AD(c) || LDAP_DN_AVA_EQUALS(c) )
512
513 /* generics */
514 #define LDAP_DN_HEXPAIR(s) \
515 ( LDAP_DN_ASCII_HEXDIGIT((s)[0]) && LDAP_DN_ASCII_HEXDIGIT((s)[1]) )
516 /* better look at the AttributeDescription? */
517
518 /* FIXME: no composite rdn or non-"dc" types, right?
519 * (what about "dc" in OID form?) */
520 /* FIXME: we do not allow binary values in domain, right? */
521 /* NOTE: use this macro only when ABSOLUTELY SURE rdn IS VALID! */
522 /* NOTE: don't use strcasecmp() as it is locale specific! */
523 #define LDAP_DC_ATTR "dc"
524 #define LDAP_DC_ATTRU "DC"
525 #define LDAP_DN_IS_RDN_DC( r ) \
526 ( (r) && (r)[0] && !(r)[1] \
527 && ((r)[0]->la_flags & LDAP_AVA_STRING) \
528 && ((r)[0]->la_attr.bv_len == 2) \
529 && (((r)[0]->la_attr.bv_val[0] == LDAP_DC_ATTR[0]) \
530 || ((r)[0]->la_attr.bv_val[0] == LDAP_DC_ATTRU[0])) \
531 && (((r)[0]->la_attr.bv_val[1] == LDAP_DC_ATTR[1]) \
532 || ((r)[0]->la_attr.bv_val[1] == LDAP_DC_ATTRU[1])))
533
534 /* Composite rules */
535 #define LDAP_DN_ALLOW_ONE_SPACE(f) \
536 ( LDAP_DN_LDAPV2(f) \
537 || !( (f) & LDAP_DN_P_NOSPACEAFTERRDN ) )
538 #define LDAP_DN_ALLOW_SPACES(f) \
539 ( LDAP_DN_LDAPV2(f) \
540 || !( (f) & ( LDAP_DN_P_NOLEADTRAILSPACES | LDAP_DN_P_NOSPACEAFTERRDN ) ) )
541 #define LDAP_DN_LDAP(f) \
542 ( ( (f) & LDAP_DN_FORMAT_MASK ) == LDAP_DN_FORMAT_LDAP )
543 #define LDAP_DN_LDAPV3(f) \
544 ( ( (f) & LDAP_DN_FORMAT_MASK ) == LDAP_DN_FORMAT_LDAPV3 )
545 #define LDAP_DN_LDAPV2(f) \
546 ( ( (f) & LDAP_DN_FORMAT_MASK ) == LDAP_DN_FORMAT_LDAPV2 )
547 #define LDAP_DN_DCE(f) \
548 ( ( (f) & LDAP_DN_FORMAT_MASK ) == LDAP_DN_FORMAT_DCE )
549 #define LDAP_DN_UFN(f) \
550 ( ( (f) & LDAP_DN_FORMAT_MASK ) == LDAP_DN_FORMAT_UFN )
551 #define LDAP_DN_ADC(f) \
552 ( ( (f) & LDAP_DN_FORMAT_MASK ) == LDAP_DN_FORMAT_AD_CANONICAL )
553 #define LDAP_DN_FORMAT(f) ( (f) & LDAP_DN_FORMAT_MASK )
554
555 /*
556 * LDAPAVA helpers (will become part of the API for operations
557 * on structural representations of DNs).
558 */
559 static LDAPAVA *
560 ldapava_new( const struct berval *attr, const struct berval *val,
561 unsigned flags, void *ctx )
562 {
563 LDAPAVA *ava;
564
565 assert( attr != NULL );
566 assert( val != NULL );
567
568 ava = LDAP_MALLOCX( sizeof( LDAPAVA ) + attr->bv_len + 1, ctx );
569
570 if ( ava ) {
571 ava->la_attr.bv_len = attr->bv_len;
572 ava->la_attr.bv_val = (char *)(ava+1);
573 AC_MEMCPY( ava->la_attr.bv_val, attr->bv_val, attr->bv_len );
574 ava->la_attr.bv_val[attr->bv_len] = '\0';
575
576 ava->la_value = *val;
577 ava->la_flags = flags | LDAP_AVA_FREE_VALUE;
578
579 ava->la_private = NULL;
580 }
581
582 return( ava );
583 }
584
585 void
586 ldapava_free( LDAPAVA *ava, void *ctx )
587 {
588 assert( ava != NULL );
589
590 #if 0
591 /* ava's private must be freed by caller
592 * (at present let's skip this check because la_private
593 * basically holds static data) */
594 assert( ava->la_private == NULL );
595 #endif
596
597 if (ava->la_flags & LDAP_AVA_FREE_VALUE)
598 LDAP_FREEX( ava->la_value.bv_val, ctx );
599
600 LDAP_FREEX( ava, ctx );
601 }
602
603 void
604 ldap_rdnfree( LDAPRDN rdn )
605 {
606 ldap_rdnfree_x( rdn, NULL );
607 }
608
609 void
610 ldap_rdnfree_x( LDAPRDN rdn, void *ctx )
611 {
612 int iAVA;
613
614 if ( rdn == NULL ) {
615 return;
616 }
617
618 for ( iAVA = 0; rdn[ iAVA ]; iAVA++ ) {
619 ldapava_free( rdn[ iAVA ], ctx );
620 }
621
622 LDAP_FREEX( rdn, ctx );
623 }
624
625 void
626 ldap_dnfree( LDAPDN dn )
627 {
628 ldap_dnfree_x( dn, NULL );
629 }
630
631 void
632 ldap_dnfree_x( LDAPDN dn, void *ctx )
633 {
634 int iRDN;
635
636 if ( dn == NULL ) {
637 return;
638 }
639
640 for ( iRDN = 0; dn[ iRDN ]; iRDN++ ) {
641 ldap_rdnfree_x( dn[ iRDN ], ctx );
642 }
643
644 LDAP_FREEX( dn, ctx );
645 }
646
647 /*
648 * Converts a string representation of a DN (in LDAPv3, LDAPv2 or DCE)
649 * into a structural representation of the DN, by separating attribute
650 * types and values encoded in the more appropriate form, which is
651 * string or OID for attribute types and binary form of the BER encoded
652 * value or Unicode string. Formats different from LDAPv3 are parsed
653 * according to their own rules and turned into the more appropriate
654 * form according to LDAPv3.
655 *
656 * NOTE: I realize the code is getting spaghettish; it is rather
657 * experimental and will hopefully turn into something more simple
658 * and readable as soon as it works as expected.
659 */
660
661 /*
662 * Default sizes of AVA and RDN static working arrays; if required
663 * the are dynamically resized. The values can be tuned in case
664 * of special requirements (e.g. very deep DN trees or high number
665 * of AVAs per RDN).
666 */
667 #define TMP_AVA_SLOTS 8
668 #define TMP_RDN_SLOTS 32
669
670 int
671 ldap_str2dn( LDAP_CONST char *str, LDAPDN *dn, unsigned flags )
672 {
673 struct berval bv;
674
675 assert( str != NULL );
676
677 bv.bv_len = strlen( str );
678 bv.bv_val = (char *) str;
679
680 return ldap_bv2dn_x( &bv, dn, flags, NULL );
681 }
682
683 int
684 ldap_bv2dn( struct berval *bv, LDAPDN *dn, unsigned flags )
685 {
686 return ldap_bv2dn_x( bv, dn, flags, NULL );
687 }
688
689 int
690 ldap_bv2dn_x( struct berval *bvin, LDAPDN *dn, unsigned flags, void *ctx )
691 {
692 const char *p;
693 int rc = LDAP_DECODING_ERROR;
694 int nrdns = 0;
695
696 LDAPDN newDN = NULL;
697 LDAPRDN newRDN = NULL, tmpDN_[TMP_RDN_SLOTS], *tmpDN = tmpDN_;
698 int num_slots = TMP_RDN_SLOTS;
699 char *str, *end;
700 struct berval bvtmp, *bv = &bvtmp;
701
702 assert( bvin != NULL );
703 assert( bvin->bv_val != NULL );
704 assert( dn != NULL );
705
706 *bv = *bvin;
707 str = bv->bv_val;
708 end = str + bv->bv_len;
709
710 Debug( LDAP_DEBUG_ARGS, "=> ldap_bv2dn(%s,%u)\n", str, flags, 0 );
711
712 *dn = NULL;
713
714 switch ( LDAP_DN_FORMAT( flags ) ) {
715 case LDAP_DN_FORMAT_LDAP:
716 case LDAP_DN_FORMAT_LDAPV3:
717 case LDAP_DN_FORMAT_DCE:
718 break;
719
720 /* allow DN enclosed in brackets */
721 case LDAP_DN_FORMAT_LDAPV2:
722 if ( str[0] == '<' ) {
723 if ( bv->bv_len < 2 || end[ -1 ] != '>' ) {
724 rc = LDAP_DECODING_ERROR;
725 goto parsing_error;
726 }
727 bv->bv_val++;
728 bv->bv_len -= 2;
729 str++;
730 end--;
731 }
732 break;
733
734 /* unsupported in str2dn */
735 case LDAP_DN_FORMAT_UFN:
736 case LDAP_DN_FORMAT_AD_CANONICAL:
737 return LDAP_PARAM_ERROR;
738
739 case LDAP_DN_FORMAT_LBER:
740 default:
741 return LDAP_PARAM_ERROR;
742 }
743
744 if ( bv->bv_len == 0 ) {
745 return LDAP_SUCCESS;
746 }
747
748 if( memchr( bv->bv_val, '\0', bv->bv_len ) != NULL ) {
749 /* value must have embedded NULs */
750 return LDAP_DECODING_ERROR;
751 }
752
753 p = str;
754 if ( LDAP_DN_DCE( flags ) ) {
755
756 /*
757 * (from Luke Howard: thnx) A RDN separator is required
758 * at the beginning of an (absolute) DN.
759 */
760 if ( !LDAP_DN_RDN_SEP_DCE( p[ 0 ] ) ) {
761 goto parsing_error;
762 }
763 p++;
764
765 /*
766 * actually we do not want to accept by default the DCE form,
767 * we do not want to auto-detect it
768 */
769 #if 0
770 } else if ( LDAP_DN_LDAP( flags ) ) {
771 /*
772 * if dn starts with '/' let's make it a DCE dn
773 */
774 if ( LDAP_DN_RDN_SEP_DCE( p[ 0 ] ) ) {
775 flags |= LDAP_DN_FORMAT_DCE;
776 p++;
777 }
778 #endif
779 }
780
781 for ( ; p < end; p++ ) {
782 int err;
783 struct berval tmpbv;
784 tmpbv.bv_len = bv->bv_len - ( p - str );
785 tmpbv.bv_val = (char *)p;
786
787 err = ldap_bv2rdn_x( &tmpbv, &newRDN, (char **) &p, flags,ctx);
788 if ( err != LDAP_SUCCESS ) {
789 goto parsing_error;
790 }
791
792 /*
793 * We expect a rdn separator
794 */
795 if ( p < end && p[ 0 ] ) {
796 switch ( LDAP_DN_FORMAT( flags ) ) {
797 case LDAP_DN_FORMAT_LDAPV3:
798 if ( !LDAP_DN_RDN_SEP( p[ 0 ] ) ) {
799 rc = LDAP_DECODING_ERROR;
800 goto parsing_error;
801 }
802 break;
803
804 case LDAP_DN_FORMAT_LDAP:
805 case LDAP_DN_FORMAT_LDAPV2:
806 if ( !LDAP_DN_RDN_SEP_V2( p[ 0 ] ) ) {
807 rc = LDAP_DECODING_ERROR;
808 goto parsing_error;
809 }
810 break;
811
812 case LDAP_DN_FORMAT_DCE:
813 if ( !LDAP_DN_RDN_SEP_DCE( p[ 0 ] ) ) {
814 rc = LDAP_DECODING_ERROR;
815 goto parsing_error;
816 }
817 break;
818 }
819 }
820
821
822 tmpDN[nrdns++] = newRDN;
823 newRDN = NULL;
824
825 /*
826 * make the static RDN array dynamically rescalable
827 */
828 if ( nrdns == num_slots ) {
829 LDAPRDN *tmp;
830
831 if ( tmpDN == tmpDN_ ) {
832 tmp = LDAP_MALLOCX( num_slots * 2 * sizeof( LDAPRDN * ), ctx );
833 if ( tmp == NULL ) {
834 rc = LDAP_NO_MEMORY;
835 goto parsing_error;
836 }
837 AC_MEMCPY( tmp, tmpDN, num_slots * sizeof( LDAPRDN * ) );
838
839 } else {
840 tmp = LDAP_REALLOCX( tmpDN, num_slots * 2 * sizeof( LDAPRDN * ), ctx );
841 if ( tmp == NULL ) {
842 rc = LDAP_NO_MEMORY;
843 goto parsing_error;
844 }
845 }
846
847 tmpDN = tmp;
848 num_slots *= 2;
849 }
850
851 if ( p >= end || p[ 0 ] == '\0' ) {
852 /*
853 * the DN is over, phew
854 */
855 newDN = (LDAPDN)LDAP_MALLOCX( sizeof(LDAPRDN *) * (nrdns+1), ctx );
856 if ( newDN == NULL ) {
857 rc = LDAP_NO_MEMORY;
858 goto parsing_error;
859 } else {
860 int i;
861
862 if ( LDAP_DN_DCE( flags ) ) {
863 /* add in reversed order */
864 for ( i=0; i<nrdns; i++ )
865 newDN[i] = tmpDN[nrdns-1-i];
866 } else {
867 for ( i=0; i<nrdns; i++ )
868 newDN[i] = tmpDN[i];
869 }
870 newDN[nrdns] = NULL;
871 rc = LDAP_SUCCESS;
872 }
873 goto return_result;
874 }
875 }
876
877 parsing_error:;
878 if ( newRDN ) {
879 ldap_rdnfree_x( newRDN, ctx );
880 }
881
882 for ( nrdns-- ;nrdns >= 0; nrdns-- ) {
883 ldap_rdnfree_x( tmpDN[nrdns], ctx );
884 }
885
886 return_result:;
887
888 if ( tmpDN != tmpDN_ ) {
889 LDAP_FREEX( tmpDN, ctx );
890 }
891
892 Debug( LDAP_DEBUG_ARGS, "<= ldap_bv2dn(%s)=%d %s\n", str, rc,
893 rc ? ldap_err2string( rc ) : "" );
894 *dn = newDN;
895
896 return( rc );
897 }
898
899 /*
900 * ldap_str2rdn
901 *
902 * Parses a relative DN according to flags up to a rdn separator
903 * or to the end of str.
904 * Returns the rdn and a pointer to the string continuation, which
905 * corresponds to the rdn separator or to '\0' in case the string is over.
906 */
907 int
908 ldap_str2rdn( LDAP_CONST char *str, LDAPRDN *rdn,
909 char **n_in, unsigned flags )
910 {
911 struct berval bv;
912
913 assert( str != NULL );
914 assert( str[ 0 ] != '\0' ); /* FIXME: is this required? */
915
916 bv.bv_len = strlen( str );
917 bv.bv_val = (char *) str;
918
919 return ldap_bv2rdn_x( &bv, rdn, n_in, flags, NULL );
920 }
921
922 int
923 ldap_bv2rdn( struct berval *bv, LDAPRDN *rdn,
924 char **n_in, unsigned flags )
925 {
926 return ldap_bv2rdn_x( bv, rdn, n_in, flags, NULL );
927 }
928
929 int
930 ldap_bv2rdn_x( struct berval *bv, LDAPRDN *rdn,
931 char **n_in, unsigned flags, void *ctx )
932 {
933 const char **n = (const char **) n_in;
934 const char *p;
935 int navas = 0;
936 int state = B4AVA;
937 int rc = LDAP_DECODING_ERROR;
938 int attrTypeEncoding = LDAP_AVA_STRING,
939 attrValueEncoding = LDAP_AVA_STRING;
940
941 struct berval attrType = BER_BVNULL;
942 struct berval attrValue = BER_BVNULL;
943
944 LDAPRDN newRDN = NULL;
945 LDAPAVA *tmpRDN_[TMP_AVA_SLOTS], **tmpRDN = tmpRDN_;
946 int num_slots = TMP_AVA_SLOTS;
947
948 char *str;
949 ber_len_t stoplen;
950
951 assert( bv != NULL );
952 assert( bv->bv_len != 0 );
953 assert( bv->bv_val != NULL );
954 assert( rdn || flags & LDAP_DN_SKIP );
955 assert( n != NULL );
956
957 str = bv->bv_val;
958 stoplen = bv->bv_len;
959
960 if ( rdn ) {
961 *rdn = NULL;
962 }
963 *n = NULL;
964
965 switch ( LDAP_DN_FORMAT( flags ) ) {
966 case LDAP_DN_FORMAT_LDAP:
967 case LDAP_DN_FORMAT_LDAPV3:
968 case LDAP_DN_FORMAT_LDAPV2:
969 case LDAP_DN_FORMAT_DCE:
970 break;
971
972 /* unsupported in str2dn */
973 case LDAP_DN_FORMAT_UFN:
974 case LDAP_DN_FORMAT_AD_CANONICAL:
975 return LDAP_PARAM_ERROR;
976
977 case LDAP_DN_FORMAT_LBER:
978 default:
979 return LDAP_PARAM_ERROR;
980 }
981
982 if ( bv->bv_len == 0 ) {
983 return LDAP_SUCCESS;
984
985 }
986
987 if( memchr( bv->bv_val, '\0', bv->bv_len ) != NULL ) {
988 /* value must have embedded NULs */
989 return LDAP_DECODING_ERROR;
990 }
991
992 p = str;
993 for ( ; p[ 0 ] || state == GOTAVA; ) {
994
995 /*
996 * The parser in principle advances one token a time,
997 * or toggles state if preferable.
998 */
999 switch (state) {
1000
1001 /*
1002 * an AttributeType can be encoded as:
1003 * - its string representation; in detail, implementations
1004 * MUST recognize AttributeType string type names listed
1005 * in Section 3 of RFC 4514, and MAY recognize other names.
1006 * - its numeric OID (a dotted decimal string)
1007 */
1008 case B4AVA:
1009 if ( LDAP_DN_ASCII_SPACE( p[ 0 ] ) ) {
1010 if ( !LDAP_DN_ALLOW_ONE_SPACE( flags ) ) {
1011 /* error */
1012 goto parsing_error;
1013 }
1014 p++;
1015 }
1016
1017 if ( LDAP_DN_ASCII_SPACE( p[ 0 ] ) ) {
1018 if ( !LDAP_DN_ALLOW_SPACES( flags ) ) {
1019 /* error */
1020 goto parsing_error;
1021 }
1022
1023 /* whitespace is allowed (and trimmed) */
1024 p++;
1025 while ( p[ 0 ] && LDAP_DN_ASCII_SPACE( p[ 0 ] ) ) {
1026 p++;
1027 }
1028
1029 if ( !p[ 0 ] ) {
1030 /* error: we expected an AVA */
1031 goto parsing_error;
1032 }
1033 }
1034
1035 /* oid */
1036 if ( LDAP_DN_OID_LEADCHAR( p[ 0 ] ) ) {
1037 state = B4OIDATTRTYPE;
1038 break;
1039 }
1040
1041 /* else must be alpha */
1042 if ( !LDAP_DN_DESC_LEADCHAR( p[ 0 ] ) ) {
1043 goto parsing_error;
1044 }
1045
1046 /* LDAPv2 "oid." prefix */
1047 if ( LDAP_DN_LDAPV2( flags ) ) {
1048 /*
1049 * to be overly pedantic, we only accept
1050 * "OID." or "oid."
1051 */
1052 if ( flags & LDAP_DN_PEDANTIC ) {
1053 if ( !strncmp( p, "OID.", 4 )
1054 || !strncmp( p, "oid.", 4 ) ) {
1055 p += 4;
1056 state = B4OIDATTRTYPE;
1057 break;
1058 }
1059 } else {
1060 if ( !strncasecmp( p, "oid.", 4 ) ) {
1061 p += 4;
1062 state = B4OIDATTRTYPE;
1063 break;
1064 }
1065 }
1066 }
1067
1068 state = B4STRINGATTRTYPE;
1069 break;
1070
1071 case B4OIDATTRTYPE: {
1072 int err = LDAP_SUCCESS;
1073
1074 attrType.bv_val = ldap_int_parse_numericoid( &p, &err,
1075 LDAP_SCHEMA_SKIP);
1076
1077 if ( err != LDAP_SUCCESS ) {
1078 goto parsing_error;
1079 }
1080 attrType.bv_len = p - attrType.bv_val;
1081
1082 attrTypeEncoding = LDAP_AVA_BINARY;
1083
1084 state = B4AVAEQUALS;
1085 break;
1086 }
1087
1088 case B4STRINGATTRTYPE: {
1089 const char *startPos, *endPos = NULL;
1090 ber_len_t len;
1091
1092 /*
1093 * the starting char has been found to be
1094 * a LDAP_DN_DESC_LEADCHAR so we don't re-check it
1095 * FIXME: DCE attr types seem to have a more
1096 * restrictive syntax (no '-' ...)
1097 */
1098 for ( startPos = p++; p[ 0 ]; p++ ) {
1099 if ( LDAP_DN_DESC_CHAR( p[ 0 ] ) ) {
1100 continue;
1101 }
1102
1103 if ( LDAP_DN_LANG_SEP( p[ 0 ] ) ) {
1104
1105 /*
1106 * RFC 4514 explicitly does not allow attribute
1107 * description options, such as language tags.
1108 */
1109 if ( flags & LDAP_DN_PEDANTIC ) {
1110 goto parsing_error;
1111 }
1112
1113 /*
1114 * we trim ';' and following lang
1115 * and so from attribute types
1116 */
1117 endPos = p;
1118 for ( ; LDAP_DN_ATTRDESC_CHAR( p[ 0 ] )
1119 || LDAP_DN_LANG_SEP( p[ 0 ] ); p++ ) {
1120 /* no op */ ;
1121 }
1122 break;
1123 }
1124 break;
1125 }
1126
1127 len = ( endPos ? endPos : p ) - startPos;
1128 if ( len == 0 ) {
1129 goto parsing_error;
1130 }
1131
1132 attrTypeEncoding = LDAP_AVA_STRING;
1133
1134 /*
1135 * here we need to decide whether to use it as is
1136 * or turn it in OID form; as a consequence, we
1137 * need to decide whether to binary encode the value
1138 */
1139
1140 state = B4AVAEQUALS;
1141
1142 if ( flags & LDAP_DN_SKIP ) {
1143 break;
1144 }
1145
1146 attrType.bv_val = (char *)startPos;
1147 attrType.bv_len = len;
1148
1149 break;
1150 }
1151
1152 case B4AVAEQUALS:
1153 /* spaces may not be allowed */
1154 if ( LDAP_DN_ASCII_SPACE( p[ 0 ] ) ) {
1155 if ( !LDAP_DN_ALLOW_SPACES( flags ) ) {
1156 goto parsing_error;
1157 }
1158
1159 /* trim spaces */
1160 for ( p++; LDAP_DN_ASCII_SPACE( p[ 0 ] ); p++ ) {
1161 /* no op */
1162 }
1163 }
1164
1165 /* need equal sign */
1166 if ( !LDAP_DN_AVA_EQUALS( p[ 0 ] ) ) {
1167 goto parsing_error;
1168 }
1169 p++;
1170
1171 /* spaces may not be allowed */
1172 if ( LDAP_DN_ASCII_SPACE( p[ 0 ] ) ) {
1173 if ( !LDAP_DN_ALLOW_SPACES( flags ) ) {
1174 goto parsing_error;
1175 }
1176
1177 /* trim spaces */
1178 for ( p++; LDAP_DN_ASCII_SPACE( p[ 0 ] ); p++ ) {
1179 /* no op */
1180 }
1181 }
1182
1183 /*
1184 * octothorpe means a BER encoded value will follow
1185 * FIXME: I don't think DCE will allow it
1186 */
1187 if ( LDAP_DN_OCTOTHORPE( p[ 0 ] ) ) {
1188 p++;
1189 attrValueEncoding = LDAP_AVA_BINARY;
1190 state = B4BINARYVALUE;
1191 break;
1192 }
1193
1194 /* STRING value expected */
1195
1196 /*
1197 * if we're pedantic, an attribute type in OID form
1198 * SHOULD imply a BER encoded attribute value; we
1199 * should at least issue a warning
1200 */
1201 if ( ( flags & LDAP_DN_PEDANTIC )
1202 && ( attrTypeEncoding == LDAP_AVA_BINARY ) ) {
1203 /* OID attrType SHOULD use binary encoding */
1204 goto parsing_error;
1205 }
1206
1207 attrValueEncoding = LDAP_AVA_STRING;
1208
1209 /*
1210 * LDAPv2 allows the attribute value to be quoted;
1211 * also, IA5 values are expected, in principle
1212 */
1213 if ( LDAP_DN_LDAPV2( flags ) || LDAP_DN_LDAP( flags ) ) {
1214 if ( LDAP_DN_QUOTES( p[ 0 ] ) ) {
1215 p++;
1216 state = B4IA5VALUEQUOTED;
1217 break;
1218 }
1219
1220 if ( LDAP_DN_LDAPV2( flags ) ) {
1221 state = B4IA5VALUE;
1222 break;
1223 }
1224 }
1225
1226 /*
1227 * here STRING means RFC 4514 string
1228 * FIXME: what about DCE strings?
1229 */
1230 if ( !p[ 0 ] ) {
1231 /* empty value */
1232 state = GOTAVA;
1233 } else {
1234 state = B4STRINGVALUE;
1235 }
1236 break;
1237
1238 case B4BINARYVALUE:
1239 if ( hexstr2binval( p, &attrValue, &p, flags, ctx ) ) {
1240 goto parsing_error;
1241 }
1242
1243 state = GOTAVA;
1244 break;
1245
1246 case B4STRINGVALUE:
1247 switch ( LDAP_DN_FORMAT( flags ) ) {
1248 case LDAP_DN_FORMAT_LDAP:
1249 case LDAP_DN_FORMAT_LDAPV3:
1250 if ( str2strval( p, stoplen - ( p - str ),
1251 &attrValue, &p, flags,
1252 &attrValueEncoding, ctx ) ) {
1253 goto parsing_error;
1254 }
1255 break;
1256
1257 case LDAP_DN_FORMAT_DCE:
1258 if ( DCE2strval( p, &attrValue, &p, flags, ctx ) ) {
1259 goto parsing_error;
1260 }
1261 break;
1262
1263 default:
1264 assert( 0 );
1265 }
1266
1267 state = GOTAVA;
1268 break;
1269
1270 case B4IA5VALUE:
1271 if ( IA52strval( p, &attrValue, &p, flags, ctx ) ) {
1272 goto parsing_error;
1273 }
1274
1275 state = GOTAVA;
1276 break;
1277
1278 case B4IA5VALUEQUOTED:
1279
1280 /* lead quote already stripped */
1281 if ( quotedIA52strval( p, &attrValue,
1282 &p, flags, ctx ) ) {
1283 goto parsing_error;
1284 }
1285
1286 state = GOTAVA;
1287 break;
1288
1289 case GOTAVA: {
1290 int rdnsep = 0;
1291
1292 if ( !( flags & LDAP_DN_SKIP ) ) {
1293 LDAPAVA *ava;
1294
1295 /*
1296 * we accept empty values
1297 */
1298 ava = ldapava_new( &attrType, &attrValue,
1299 attrValueEncoding, ctx );
1300 if ( ava == NULL ) {
1301 rc = LDAP_NO_MEMORY;
1302 goto parsing_error;
1303 }
1304 tmpRDN[navas++] = ava;
1305
1306 attrValue.bv_val = NULL;
1307 attrValue.bv_len = 0;
1308
1309 /*
1310 * prepare room for new AVAs if needed
1311 */
1312 if (navas == num_slots) {
1313 LDAPAVA **tmp;
1314
1315 if ( tmpRDN == tmpRDN_ ) {
1316 tmp = LDAP_MALLOCX( num_slots * 2 * sizeof( LDAPAVA * ), ctx );
1317 if ( tmp == NULL ) {
1318 rc = LDAP_NO_MEMORY;
1319 goto parsing_error;
1320 }
1321 AC_MEMCPY( tmp, tmpRDN, num_slots * sizeof( LDAPAVA * ) );
1322
1323 } else {
1324 tmp = LDAP_REALLOCX( tmpRDN, num_slots * 2 * sizeof( LDAPAVA * ), ctx );
1325 if ( tmp == NULL ) {
1326 rc = LDAP_NO_MEMORY;
1327 goto parsing_error;
1328 }
1329 }
1330
1331 tmpRDN = tmp;
1332 num_slots *= 2;
1333 }
1334 }
1335
1336 /*
1337 * if we got an AVA separator ('+', or ',' for DCE )
1338 * we expect a new AVA for this RDN; otherwise
1339 * we add the RDN to the DN
1340 */
1341 switch ( LDAP_DN_FORMAT( flags ) ) {
1342 case LDAP_DN_FORMAT_LDAP:
1343 case LDAP_DN_FORMAT_LDAPV3:
1344 case LDAP_DN_FORMAT_LDAPV2:
1345 if ( !LDAP_DN_AVA_SEP( p[ 0 ] ) ) {
1346 rdnsep = 1;
1347 }
1348 break;
1349
1350 case LDAP_DN_FORMAT_DCE:
1351 if ( !LDAP_DN_AVA_SEP_DCE( p[ 0 ] ) ) {
1352 rdnsep = 1;
1353 }
1354 break;
1355 }
1356
1357 if ( rdnsep ) {
1358 /*
1359 * the RDN is over, phew
1360 */
1361 *n = p;
1362 if ( !( flags & LDAP_DN_SKIP ) ) {
1363 newRDN = (LDAPRDN)LDAP_MALLOCX(
1364 sizeof(LDAPAVA) * (navas+1), ctx );
1365 if ( newRDN == NULL ) {
1366 rc = LDAP_NO_MEMORY;
1367 goto parsing_error;
1368 } else {
1369 AC_MEMCPY( newRDN, tmpRDN, sizeof(LDAPAVA *) * navas);
1370 newRDN[navas] = NULL;
1371 }
1372
1373 }
1374 rc = LDAP_SUCCESS;
1375 goto return_result;
1376 }
1377
1378 /* they should have been used in an AVA */
1379 attrType.bv_val = NULL;
1380 attrValue.bv_val = NULL;
1381
1382 p++;
1383 state = B4AVA;
1384 break;
1385 }
1386
1387 default:
1388 assert( 0 );
1389 goto parsing_error;
1390 }
1391 }
1392 *n = p;
1393
1394 parsing_error:;
1395 /* They are set to NULL after they're used in an AVA */
1396
1397 if ( attrValue.bv_val ) {
1398 LDAP_FREEX( attrValue.bv_val, ctx );
1399 }
1400
1401 for ( navas-- ; navas >= 0; navas-- ) {
1402 ldapava_free( tmpRDN[navas], ctx );
1403 }
1404
1405 return_result:;
1406
1407 if ( tmpRDN != tmpRDN_ ) {
1408 LDAP_FREEX( tmpRDN, ctx );
1409 }
1410
1411 if ( rdn ) {
1412 *rdn = newRDN;
1413 }
1414
1415 return( rc );
1416 }
1417
1418 /*
1419 * reads in a UTF-8 string value, unescaping stuff:
1420 * '\' + LDAP_DN_NEEDESCAPE(c) -> 'c'
1421 * '\' + HEXPAIR(p) -> unhex(p)
1422 */
1423 static int
1424 str2strval( const char *str, ber_len_t stoplen, struct berval *val, const char **next, unsigned flags, int *retFlags, void *ctx )
1425 {
1426 const char *p, *end, *startPos, *endPos = NULL;
1427 ber_len_t len, escapes;
1428
1429 assert( str != NULL );
1430 assert( val != NULL );
1431 assert( next != NULL );
1432
1433 *next = NULL;
1434 end = str + stoplen;
1435 for ( startPos = p = str, escapes = 0; p < end; p++ ) {
1436 if ( LDAP_DN_ESCAPE( p[ 0 ] ) ) {
1437 p++;
1438 if ( p[ 0 ] == '\0' ) {
1439 return( 1 );
1440 }
1441 if ( LDAP_DN_MAYESCAPE( p[ 0 ] ) ) {
1442 escapes++;
1443 continue;
1444 }
1445
1446 if ( LDAP_DN_HEXPAIR( p ) ) {
1447 char c;
1448
1449 hexstr2bin( p, &c );
1450 escapes += 2;
1451
1452 if ( !LDAP_DN_ASCII_PRINTABLE( c ) ) {
1453
1454 /*
1455 * we assume the string is UTF-8
1456 */
1457 *retFlags = LDAP_AVA_NONPRINTABLE;
1458 }
1459 p++;
1460
1461 continue;
1462 }
1463
1464 if ( LDAP_DN_PEDANTIC & flags ) {
1465 return( 1 );
1466 }
1467 /*
1468 * we do not allow escaping
1469 * of chars that don't need
1470 * to and do not belong to
1471 * HEXDIGITS
1472 */
1473 return( 1 );
1474
1475 } else if ( !LDAP_DN_ASCII_PRINTABLE( p[ 0 ] ) ) {
1476 if ( p[ 0 ] == '\0' ) {
1477 return( 1 );
1478 }
1479 *retFlags = LDAP_AVA_NONPRINTABLE;
1480
1481 } else if ( ( LDAP_DN_LDAP( flags ) && LDAP_DN_VALUE_END_V2( p[ 0 ] ) )
1482 || ( LDAP_DN_LDAPV3( flags ) && LDAP_DN_VALUE_END( p[ 0 ] ) ) ) {
1483 break;
1484
1485 } else if ( LDAP_DN_NEEDESCAPE( p[ 0 ] ) ) {
1486 /*
1487 * FIXME: maybe we can add
1488 * escapes if not pedantic?
1489 */
1490 return( 1 );
1491 }
1492 }
1493
1494 /*
1495 * we do allow unescaped spaces at the end
1496 * of the value only in non-pedantic mode
1497 */
1498 if ( p > startPos + 1 && LDAP_DN_ASCII_SPACE( p[ -1 ] ) &&
1499 !LDAP_DN_ESCAPE( p[ -2 ] ) ) {
1500 if ( flags & LDAP_DN_PEDANTIC ) {
1501 return( 1 );
1502 }
1503
1504 /* strip trailing (unescaped) spaces */
1505 for ( endPos = p - 1;
1506 endPos > startPos + 1 &&
1507 LDAP_DN_ASCII_SPACE( endPos[ -1 ] ) &&
1508 !LDAP_DN_ESCAPE( endPos[ -2 ] );
1509 endPos-- ) {
1510 /* no op */
1511 }
1512 }
1513
1514 *next = p;
1515 if ( flags & LDAP_DN_SKIP ) {
1516 return( 0 );
1517 }
1518
1519 /*
1520 * FIXME: test memory?
1521 */
1522 len = ( endPos ? endPos : p ) - startPos - escapes;
1523 val->bv_len = len;
1524
1525 if ( escapes == 0 ) {
1526 if ( *retFlags & LDAP_AVA_NONPRINTABLE ) {
1527 val->bv_val = LDAP_MALLOCX( len + 1, ctx );
1528 AC_MEMCPY( val->bv_val, startPos, len );
1529 val->bv_val[ len ] = '\0';
1530 } else {
1531 val->bv_val = LDAP_STRNDUPX( startPos, len, ctx );
1532 }
1533
1534 } else {
1535 ber_len_t s, d;
1536
1537 val->bv_val = LDAP_MALLOCX( len + 1, ctx );
1538 for ( s = 0, d = 0; d < len; ) {
1539 if ( LDAP_DN_ESCAPE( startPos[ s ] ) ) {
1540 s++;
1541 if ( LDAP_DN_MAYESCAPE( startPos[ s ] ) ) {
1542 val->bv_val[ d++ ] =
1543 startPos[ s++ ];
1544
1545 } else if ( LDAP_DN_HEXPAIR( &startPos[ s ] ) ) {
1546 char c;
1547
1548 hexstr2bin( &startPos[ s ], &c );
1549 val->bv_val[ d++ ] = c;
1550 s += 2;
1551
1552 } else {
1553 /* we should never get here */
1554 assert( 0 );
1555 }
1556
1557 } else {
1558 val->bv_val[ d++ ] = startPos[ s++ ];
1559 }
1560 }
1561
1562 val->bv_val[ d ] = '\0';
1563 assert( d == len );
1564 }
1565
1566 return( 0 );
1567 }
1568
1569 static int
1570 DCE2strval( const char *str, struct berval *val, const char **next, unsigned flags, void *ctx )
1571 {
1572 const char *p, *startPos, *endPos = NULL;
1573 ber_len_t len, escapes;
1574
1575 assert( str != NULL );
1576 assert( val != NULL );
1577 assert( next != NULL );
1578
1579 *next = NULL;
1580
1581 for ( startPos = p = str, escapes = 0; p[ 0 ]; p++ ) {
1582 if ( LDAP_DN_ESCAPE_DCE( p[ 0 ] ) ) {
1583 p++;
1584 if ( LDAP_DN_NEEDESCAPE_DCE( p[ 0 ] ) ) {
1585 escapes++;
1586
1587 } else {
1588 return( 1 );
1589 }
1590
1591 } else if ( LDAP_DN_VALUE_END_DCE( p[ 0 ] ) ) {
1592 break;
1593 }
1594
1595 /*
1596 * FIXME: can we accept anything else? I guess we need
1597 * to stop if a value is not legal
1598 */
1599 }
1600
1601 /*
1602 * (unescaped) trailing spaces are trimmed must be silently ignored;
1603 * so we eat them
1604 */
1605 if ( p > startPos + 1 && LDAP_DN_ASCII_SPACE( p[ -1 ] ) &&
1606 !LDAP_DN_ESCAPE( p[ -2 ] ) ) {
1607 if ( flags & LDAP_DN_PEDANTIC ) {
1608 return( 1 );
1609 }
1610
1611 /* strip trailing (unescaped) spaces */
1612 for ( endPos = p - 1;
1613 endPos > startPos + 1 &&
1614 LDAP_DN_ASCII_SPACE( endPos[ -1 ] ) &&
1615 !LDAP_DN_ESCAPE( endPos[ -2 ] );
1616 endPos-- ) {
1617 /* no op */
1618 }
1619 }
1620
1621 *next = p;
1622 if ( flags & LDAP_DN_SKIP ) {
1623 return( 0 );
1624 }
1625
1626 len = ( endPos ? endPos : p ) - startPos - escapes;
1627 val->bv_len = len;
1628 if ( escapes == 0 ){
1629 val->bv_val = LDAP_STRNDUPX( startPos, len, ctx );
1630
1631 } else {
1632 ber_len_t s, d;
1633
1634 val->bv_val = LDAP_MALLOCX( len + 1, ctx );
1635 for ( s = 0, d = 0; d < len; ) {
1636 /*
1637 * This point is reached only if escapes
1638 * are properly used, so all we need to
1639 * do is eat them
1640 */
1641 if ( LDAP_DN_ESCAPE_DCE( startPos[ s ] ) ) {
1642 s++;
1643
1644 }
1645 val->bv_val[ d++ ] = startPos[ s++ ];
1646 }
1647 val->bv_val[ d ] = '\0';
1648 assert( strlen( val->bv_val ) == len );
1649 }
1650
1651 return( 0 );
1652 }
1653
1654 static int
1655 IA52strval( const char *str, struct berval *val, const char **next, unsigned flags, void *ctx )
1656 {
1657 const char *p, *startPos, *endPos = NULL;
1658 ber_len_t len, escapes;
1659
1660 assert( str != NULL );
1661 assert( val != NULL );
1662 assert( next != NULL );
1663
1664 *next = NULL;
1665
1666 /*
1667 * LDAPv2 (RFC 1779)
1668 */
1669
1670 for ( startPos = p = str, escapes = 0; p[ 0 ]; p++ ) {
1671 if ( LDAP_DN_ESCAPE( p[ 0 ] ) ) {
1672 p++;
1673 if ( p[ 0 ] == '\0' ) {
1674 return( 1 );
1675 }
1676
1677 if ( !LDAP_DN_NEEDESCAPE( p[ 0 ] )
1678 && ( LDAP_DN_PEDANTIC & flags ) ) {
1679 return( 1 );
1680 }
1681 escapes++;
1682
1683 } else if ( LDAP_DN_VALUE_END_V2( p[ 0 ] ) ) {
1684 break;
1685 }
1686
1687 /*
1688 * FIXME: can we accept anything else? I guess we need
1689 * to stop if a value is not legal
1690 */
1691 }
1692
1693 /* strip trailing (unescaped) spaces */
1694 for ( endPos = p;
1695 endPos > startPos + 1 &&
1696 LDAP_DN_ASCII_SPACE( endPos[ -1 ] ) &&
1697 !LDAP_DN_ESCAPE( endPos[ -2 ] );
1698 endPos-- ) {
1699 /* no op */
1700 }
1701
1702 *next = p;
1703 if ( flags & LDAP_DN_SKIP ) {
1704 return( 0 );
1705 }
1706
1707 len = ( endPos ? endPos : p ) - startPos - escapes;
1708 val->bv_len = len;
1709 if ( escapes == 0 ) {
1710 val->bv_val = LDAP_STRNDUPX( startPos, len, ctx );
1711
1712 } else {
1713 ber_len_t s, d;
1714
1715 val->bv_val = LDAP_MALLOCX( len + 1, ctx );
1716 for ( s = 0, d = 0; d < len; ) {
1717 if ( LDAP_DN_ESCAPE( startPos[ s ] ) ) {
1718 s++;
1719 }
1720 val->bv_val[ d++ ] = startPos[ s++ ];
1721 }
1722 val->bv_val[ d ] = '\0';
1723 assert( strlen( val->bv_val ) == len );
1724 }
1725
1726 return( 0 );
1727 }
1728
1729 static int
1730 quotedIA52strval( const char *str, struct berval *val, const char **next, unsigned flags, void *ctx )
1731 {
1732 const char *p, *startPos, *endPos = NULL;
1733 ber_len_t len;
1734 unsigned escapes = 0;
1735
1736 assert( str != NULL );
1737 assert( val != NULL );
1738 assert( next != NULL );
1739
1740 *next = NULL;
1741
1742 /* initial quote already eaten */
1743 for ( startPos = p = str; p[ 0 ]; p++ ) {
1744 /*
1745 * According to RFC 1779, the quoted value can
1746 * contain escaped as well as unescaped special values;
1747 * as a consequence we tolerate escaped values
1748 * (e.g. '"\,"' -> '\,') and escape unescaped specials
1749 * (e.g. '","' -> '\,').
1750 */
1751 if ( LDAP_DN_ESCAPE( p[ 0 ] ) ) {
1752 if ( p[ 1 ] == '\0' ) {
1753 return( 1 );
1754 }
1755 p++;
1756
1757 if ( !LDAP_DN_V2_PAIR( p[ 0 ] )
1758 && ( LDAP_DN_PEDANTIC & flags ) ) {
1759 /*
1760 * do we allow to escape normal chars?
1761 * LDAPv2 does not allow any mechanism
1762 * for escaping chars with '\' and hex
1763 * pair
1764 */
1765 return( 1 );
1766 }
1767 escapes++;
1768
1769 } else if ( LDAP_DN_QUOTES( p[ 0 ] ) ) {
1770 endPos = p;
1771 /* eat closing quotes */
1772 p++;
1773 break;
1774 }
1775
1776 /*
1777 * FIXME: can we accept anything else? I guess we need
1778 * to stop if a value is not legal
1779 */
1780 }
1781
1782 if ( endPos == NULL ) {
1783 return( 1 );
1784 }
1785
1786 /* Strip trailing (unescaped) spaces */
1787 for ( ; p[ 0 ] && LDAP_DN_ASCII_SPACE( p[ 0 ] ); p++ ) {
1788 /* no op */
1789 }
1790
1791 *next = p;
1792 if ( flags & LDAP_DN_SKIP ) {
1793 return( 0 );
1794 }
1795
1796 len = endPos - startPos - escapes;
1797 assert( endPos >= startPos + escapes );
1798 val->bv_len = len;
1799 if ( escapes == 0 ) {
1800 val->bv_val = LDAP_STRNDUPX( startPos, len, ctx );
1801
1802 } else {
1803 ber_len_t s, d;
1804
1805 val->bv_val = LDAP_MALLOCX( len + 1, ctx );
1806 val->bv_len = len;
1807
1808 for ( s = d = 0; d < len; ) {
1809 if ( LDAP_DN_ESCAPE( str[ s ] ) ) {
1810 s++;
1811 }
1812 val->bv_val[ d++ ] = str[ s++ ];
1813 }
1814 val->bv_val[ d ] = '\0';
1815 assert( strlen( val->bv_val ) == len );
1816 }
1817
1818 return( 0 );
1819 }
1820
1821 static int
1822 hexstr2bin( const char *str, char *c )
1823 {
1824 char c1, c2;
1825
1826 assert( str != NULL );
1827 assert( c != NULL );
1828
1829 c1 = str[ 0 ];
1830 c2 = str[ 1 ];
1831
1832 if ( LDAP_DN_ASCII_DIGIT( c1 ) ) {
1833 *c = c1 - '0';
1834
1835 } else {
1836 if ( LDAP_DN_ASCII_UCASE_HEXALPHA( c1 ) ) {
1837 *c = c1 - 'A' + 10;
1838 } else {
1839 assert( LDAP_DN_ASCII_LCASE_HEXALPHA( c1 ) );
1840 *c = c1 - 'a' + 10;
1841 }
1842 }
1843
1844 *c <<= 4;
1845
1846 if ( LDAP_DN_ASCII_DIGIT( c2 ) ) {
1847 *c += c2 - '0';
1848
1849 } else {
1850 if ( LDAP_DN_ASCII_UCASE_HEXALPHA( c2 ) ) {
1851 *c += c2 - 'A' + 10;
1852 } else {
1853 assert( LDAP_DN_ASCII_LCASE_HEXALPHA( c2 ) );
1854 *c += c2 - 'a' + 10;
1855 }
1856 }
1857
1858 return( 0 );
1859 }
1860
1861 static int
1862 hexstr2binval( const char *str, struct berval *val, const char **next, unsigned flags, void *ctx )
1863 {
1864 const char *p, *startPos, *endPos = NULL;
1865 ber_len_t len;
1866 ber_len_t s, d;
1867
1868 assert( str != NULL );
1869 assert( val != NULL );
1870 assert( next != NULL );
1871
1872 *next = NULL;
1873
1874 for ( startPos = p = str; p[ 0 ]; p += 2 ) {
1875 switch ( LDAP_DN_FORMAT( flags ) ) {
1876 case LDAP_DN_FORMAT_LDAPV3:
1877 if ( LDAP_DN_VALUE_END( p[ 0 ] ) ) {
1878 goto end_of_value;
1879 }
1880 break;
1881
1882 case LDAP_DN_FORMAT_LDAP:
1883 case LDAP_DN_FORMAT_LDAPV2:
1884 if ( LDAP_DN_VALUE_END_V2( p[ 0 ] ) ) {
1885 goto end_of_value;
1886 }
1887 break;
1888
1889 case LDAP_DN_FORMAT_DCE:
1890 if ( LDAP_DN_VALUE_END_DCE( p[ 0 ] ) ) {
1891 goto end_of_value;
1892 }
1893 break;
1894 }
1895
1896 if ( LDAP_DN_ASCII_SPACE( p[ 0 ] ) ) {
1897 if ( flags & LDAP_DN_PEDANTIC ) {
1898 return( 1 );
1899 }
1900 endPos = p;
1901
1902 for ( ; p[ 0 ]; p++ ) {
1903 switch ( LDAP_DN_FORMAT( flags ) ) {
1904 case LDAP_DN_FORMAT_LDAPV3:
1905 if ( LDAP_DN_VALUE_END( p[ 0 ] ) ) {
1906 goto end_of_value;
1907 }
1908 break;
1909
1910 case LDAP_DN_FORMAT_LDAP:
1911 case LDAP_DN_FORMAT_LDAPV2:
1912 if ( LDAP_DN_VALUE_END_V2( p[ 0 ] ) ) {
1913 goto end_of_value;
1914 }
1915 break;
1916
1917 case LDAP_DN_FORMAT_DCE:
1918 if ( LDAP_DN_VALUE_END_DCE( p[ 0 ] ) ) {
1919 goto end_of_value;
1920 }
1921 break;
1922 }
1923 }
1924 break;
1925 }
1926
1927 if ( !LDAP_DN_HEXPAIR( p ) ) {
1928 return( 1 );
1929 }
1930 }
1931
1932 end_of_value:;
1933
1934 *next = p;
1935 if ( flags & LDAP_DN_SKIP ) {
1936 return( 0 );
1937 }
1938
1939 len = ( ( endPos ? endPos : p ) - startPos ) / 2;
1940 /* must be even! */
1941 assert( 2 * len == (ber_len_t) (( endPos ? endPos : p ) - startPos ));
1942
1943 val->bv_len = len;
1944 val->bv_val = LDAP_MALLOCX( len + 1, ctx );
1945 if ( val->bv_val == NULL ) {
1946 return( LDAP_NO_MEMORY );
1947 }
1948
1949 for ( s = 0, d = 0; d < len; s += 2, d++ ) {
1950 char c;
1951
1952 hexstr2bin( &startPos[ s ], &c );
1953
1954 val->bv_val[ d ] = c;
1955 }
1956
1957 val->bv_val[ d ] = '\0';
1958
1959 return( 0 );
1960 }
1961
1962 /*
1963 * convert a byte in a hexadecimal pair
1964 */
1965 static int
1966 byte2hexpair( const char *val, char *pair )
1967 {
1968 static const char hexdig[] = "0123456789ABCDEF";
1969
1970 assert( val != NULL );
1971 assert( pair != NULL );
1972
1973 /*
1974 * we assume the string has enough room for the hex encoding
1975 * of the value
1976 */
1977
1978 pair[ 0 ] = hexdig[ 0x0f & ( val[ 0 ] >> 4 ) ];
1979 pair[ 1 ] = hexdig[ 0x0f & val[ 0 ] ];
1980
1981 return( 0 );
1982 }
1983
1984 /*
1985 * convert a binary value in hexadecimal pairs
1986 */
1987 static int
1988 binval2hexstr( struct berval *val, char *str )
1989 {
1990 ber_len_t s, d;
1991
1992 assert( val != NULL );
1993 assert( str != NULL );
1994
1995 if ( val->bv_len == 0 ) {
1996 return( 0 );
1997 }
1998
1999 /*
2000 * we assume the string has enough room for the hex encoding
2001 * of the value
2002 */
2003
2004 for ( s = 0, d = 0; s < val->bv_len; s++, d += 2 ) {
2005 byte2hexpair( &val->bv_val[ s ], &str[ d ] );
2006 }
2007
2008 return( 0 );
2009 }
2010
2011 /*
2012 * Length of the string representation, accounting for escaped hex
2013 * of UTF-8 chars
2014 */
2015 static int
2016 strval2strlen( struct berval *val, unsigned flags, ber_len_t *len )
2017 {
2018 ber_len_t l, cl = 1;
2019 char *p, *end;
2020 int escaped_byte_len = LDAP_DN_IS_PRETTY( flags ) ? 1 : 3;
2021 #ifdef PRETTY_ESCAPE
2022 int escaped_ascii_len = LDAP_DN_IS_PRETTY( flags ) ? 2 : 3;
2023 #endif /* PRETTY_ESCAPE */
2024
2025 assert( val != NULL );
2026 assert( len != NULL );
2027
2028 *len = 0;
2029 if ( val->bv_len == 0 ) {
2030 return( 0 );
2031 }
2032
2033 end = val->bv_val + val->bv_len - 1;
2034 for ( l = 0, p = val->bv_val; p <= end; p += cl ) {
2035
2036 /*
2037 * escape '%x00'
2038 */
2039 if ( p[ 0 ] == '\0' ) {
2040 cl = 1;
2041 l += 3;
2042 continue;
2043 }
2044
2045 cl = LDAP_UTF8_CHARLEN2( p, cl );
2046 if ( cl == 0 ) {
2047 /* illegal utf-8 char! */
2048 return( -1 );
2049
2050 } else if ( cl > 1 ) {
2051 ber_len_t cnt;
2052
2053 for ( cnt = 1; cnt < cl; cnt++ ) {
2054 if ( ( p[ cnt ] & 0xc0 ) != 0x80 ) {
2055 return( -1 );
2056 }
2057 }
2058 l += escaped_byte_len * cl;
2059
2060 } else if ( LDAP_DN_NEEDESCAPE( p[ 0 ] )
2061 || LDAP_DN_SHOULDESCAPE( p[ 0 ] )
2062 || ( p == val->bv_val && LDAP_DN_NEEDESCAPE_LEAD( p[ 0 ] ) )
2063 || ( p == end && LDAP_DN_NEEDESCAPE_TRAIL( p[ 0 ] ) ) ) {
2064 #ifdef PRETTY_ESCAPE
2065 #if 0
2066 if ( LDAP_DN_WILLESCAPE_HEX( flags, p[ 0 ] ) ) {
2067 #else
2068 if ( LDAP_DN_WILLESCAPE_CHAR( p[ 0 ] ) ) {
2069 #endif
2070
2071 /*
2072 * there might be some chars we want
2073 * to escape in form of a couple
2074 * of hexdigits for optimization purposes
2075 */
2076 l += 3;
2077
2078 } else {
2079 l += escaped_ascii_len;
2080 }
2081 #else /* ! PRETTY_ESCAPE */
2082 l += 3;
2083 #endif /* ! PRETTY_ESCAPE */
2084
2085 } else {
2086 l++;
2087 }
2088 }
2089
2090 *len = l;
2091
2092 return( 0 );
2093 }
2094
2095 /*
2096 * convert to string representation, escaping with hex the UTF-8 stuff;
2097 * assume the destination has enough room for escaping
2098 */
2099 static int
2100 strval2str( struct berval *val, char *str, unsigned flags, ber_len_t *len )
2101 {
2102 ber_len_t s, d, end;
2103
2104 assert( val != NULL );
2105 assert( str != NULL );
2106 assert( len != NULL );
2107
2108 if ( val->bv_len == 0 ) {
2109 *len = 0;
2110 return( 0 );
2111 }
2112
2113 /*
2114 * we assume the string has enough room for the hex encoding
2115 * of the value
2116 */
2117 for ( s = 0, d = 0, end = val->bv_len - 1; s < val->bv_len; ) {
2118 ber_len_t cl;
2119
2120 /*
2121 * escape '%x00'
2122 */
2123 if ( val->bv_val[ s ] == '\0' ) {
2124 cl = 1;
2125 str[ d++ ] = '\\';
2126 str[ d++ ] = '0';
2127 str[ d++ ] = '0';
2128 s++;
2129 continue;
2130 }
2131
2132 /*
2133 * The length was checked in strval2strlen();
2134 * LDAP_UTF8_CHARLEN() should suffice
2135 */
2136 cl = LDAP_UTF8_CHARLEN2( &val->bv_val[ s ], cl );
2137 assert( cl > 0 );
2138
2139 /*
2140 * there might be some chars we want to escape in form
2141 * of a couple of hexdigits for optimization purposes
2142 */
2143 if ( ( cl > 1 && !LDAP_DN_IS_PRETTY( flags ) )
2144 #ifdef PRETTY_ESCAPE
2145 #if 0
2146 || LDAP_DN_WILLESCAPE_HEX( flags, val->bv_val[ s ] )
2147 #else
2148 || LDAP_DN_WILLESCAPE_CHAR( val->bv_val[ s ] )
2149 #endif
2150 #else /* ! PRETTY_ESCAPE */
2151 || LDAP_DN_NEEDESCAPE( val->bv_val[ s ] )
2152 || LDAP_DN_SHOULDESCAPE( val->bv_val[ s ] )
2153 || ( d == 0 && LDAP_DN_NEEDESCAPE_LEAD( val->bv_val[ s ] ) )
2154 || ( s == end && LDAP_DN_NEEDESCAPE_TRAIL( val->bv_val[ s ] ) )
2155
2156 #endif /* ! PRETTY_ESCAPE */
2157 ) {
2158 for ( ; cl--; ) {
2159 str[ d++ ] = '\\';
2160 byte2hexpair( &val->bv_val[ s ], &str[ d ] );
2161 s++;
2162 d += 2;
2163 }
2164
2165 } else if ( cl > 1 ) {
2166 for ( ; cl--; ) {
2167 str[ d++ ] = val->bv_val[ s++ ];
2168 }
2169
2170 } else {
2171 #ifdef PRETTY_ESCAPE
2172 if ( LDAP_DN_NEEDESCAPE( val->bv_val[ s ] )
2173 || LDAP_DN_SHOULDESCAPE( val->bv_val[ s ] )
2174 || ( d == 0 && LDAP_DN_NEEDESCAPE_LEAD( val->bv_val[ s ] ) )
2175 || ( s == end && LDAP_DN_NEEDESCAPE_TRAIL( val->bv_val[ s ] ) ) ) {
2176 str[ d++ ] = '\\';
2177 if ( !LDAP_DN_IS_PRETTY( flags ) ) {
2178 byte2hexpair( &val->bv_val[ s ], &str[ d ] );
2179 s++;
2180 d += 2;
2181 continue;
2182 }
2183 }
2184 #endif /* PRETTY_ESCAPE */
2185 str[ d++ ] = val->bv_val[ s++ ];
2186 }
2187 }
2188
2189 *len = d;
2190
2191 return( 0 );
2192 }
2193
2194 /*
2195 * Length of the IA5 string representation (no UTF-8 allowed)
2196 */
2197 static int
2198 strval2IA5strlen( struct berval *val, unsigned flags, ber_len_t *len )
2199 {
2200 ber_len_t l;
2201 char *p;
2202
2203 assert( val != NULL );
2204 assert( len != NULL );
2205
2206 *len = 0;
2207 if ( val->bv_len == 0 ) {
2208 return( 0 );
2209 }
2210
2211 if ( flags & LDAP_AVA_NONPRINTABLE ) {
2212 /*
2213 * Turn value into a binary encoded BER
2214 */
2215 return( -1 );
2216
2217 } else {
2218 for ( l = 0, p = val->bv_val; p[ 0 ]; p++ ) {
2219 if ( LDAP_DN_NEEDESCAPE( p[ 0 ] )
2220 || LDAP_DN_SHOULDESCAPE( p[ 0 ] )
2221 || ( p == val->bv_val && LDAP_DN_NEEDESCAPE_LEAD( p[ 0 ] ) )
2222 || ( !p[ 1 ] && LDAP_DN_NEEDESCAPE_TRAIL( p[ 0 ] ) ) ) {
2223 l += 2;
2224
2225 } else {
2226 l++;
2227 }
2228 }
2229 }
2230
2231 *len = l;
2232
2233 return( 0 );
2234 }
2235
2236 /*
2237 * convert to string representation (np UTF-8)
2238 * assume the destination has enough room for escaping
2239 */
2240 static int
2241 strval2IA5str( struct berval *val, char *str, unsigned flags, ber_len_t *len )
2242 {
2243 ber_len_t s, d, end;
2244
2245 assert( val != NULL );
2246 assert( str != NULL );
2247 assert( len != NULL );
2248
2249 if ( val->bv_len == 0 ) {
2250 *len = 0;
2251 return( 0 );
2252 }
2253
2254 if ( flags & LDAP_AVA_NONPRINTABLE ) {
2255 /*
2256 * Turn value into a binary encoded BER
2257 */
2258 *len = 0;
2259 return( -1 );
2260
2261 } else {
2262 /*
2263 * we assume the string has enough room for the hex encoding
2264 * of the value
2265 */
2266
2267 for ( s = 0, d = 0, end = val->bv_len - 1; s < val->bv_len; ) {
2268 if ( LDAP_DN_NEEDESCAPE( val->bv_val[ s ] )
2269 || LDAP_DN_SHOULDESCAPE( val->bv_val[ s ] )
2270 || ( s == 0 && LDAP_DN_NEEDESCAPE_LEAD( val->bv_val[ s ] ) )
2271 || ( s == end && LDAP_DN_NEEDESCAPE_TRAIL( val->bv_val[ s ] ) ) ) {
2272 str[ d++ ] = '\\';
2273 }
2274 str[ d++ ] = val->bv_val[ s++ ];
2275 }
2276 }
2277
2278 *len = d;
2279
2280 return( 0 );
2281 }
2282
2283 /*
2284 * Length of the (supposedly) DCE string representation,
2285 * accounting for escaped hex of UTF-8 chars
2286 */
2287 static int
2288 strval2DCEstrlen( struct berval *val, unsigned flags, ber_len_t *len )
2289 {
2290 ber_len_t l;
2291 char *p;
2292
2293 assert( val != NULL );
2294 assert( len != NULL );
2295
2296 *len = 0;
2297 if ( val->bv_len == 0 ) {
2298 return( 0 );
2299 }
2300
2301 if ( flags & LDAP_AVA_NONPRINTABLE ) {
2302 /*
2303 * FIXME: Turn the value into a binary encoded BER?
2304 */
2305 return( -1 );
2306
2307 } else {
2308 for ( l = 0, p = val->bv_val; p[ 0 ]; p++ ) {
2309 if ( LDAP_DN_NEEDESCAPE_DCE( p[ 0 ] ) ) {
2310 l += 2;
2311
2312 } else {
2313 l++;
2314 }
2315 }
2316 }
2317
2318 *len = l;
2319
2320 return( 0 );
2321 }
2322
2323 /*
2324 * convert to (supposedly) DCE string representation,
2325 * escaping with hex the UTF-8 stuff;
2326 * assume the destination has enough room for escaping
2327 */
2328 static int
2329 strval2DCEstr( struct berval *val, char *str, unsigned flags, ber_len_t *len )
2330 {
2331 ber_len_t s, d;
2332
2333 assert( val != NULL );
2334 assert( str != NULL );
2335 assert( len != NULL );
2336
2337 if ( val->bv_len == 0 ) {
2338 *len = 0;
2339 return( 0 );
2340 }
2341
2342 if ( flags & LDAP_AVA_NONPRINTABLE ) {
2343 /*
2344 * FIXME: Turn the value into a binary encoded BER?
2345 */
2346 *len = 0;
2347 return( -1 );
2348
2349 } else {
2350
2351 /*
2352 * we assume the string has enough room for the hex encoding
2353 * of the value
2354 */
2355
2356 for ( s = 0, d = 0; s < val->bv_len; ) {
2357 if ( LDAP_DN_NEEDESCAPE_DCE( val->bv_val[ s ] ) ) {
2358 str[ d++ ] = '\\';
2359 }
2360 str[ d++ ] = val->bv_val[ s++ ];
2361 }
2362 }
2363
2364 *len = d;
2365
2366 return( 0 );
2367 }
2368
2369 /*
2370 * Length of the (supposedly) AD canonical string representation,
2371 * accounting for chars that need to be escaped
2372 */
2373 static int
2374 strval2ADstrlen( struct berval *val, unsigned flags, ber_len_t *len )
2375 {
2376 ber_len_t l, cl;
2377 char *p;
2378
2379 assert( val != NULL );
2380 assert( len != NULL );
2381
2382 *len = 0;
2383 if ( val->bv_len == 0 ) {
2384 return( 0 );
2385 }
2386
2387 for ( l = 0, p = val->bv_val; p[ 0 ]; p += cl ) {
2388 cl = LDAP_UTF8_CHARLEN2( p, cl );
2389 if ( cl == 0 ) {
2390 /* illegal utf-8 char */
2391 return -1;
2392 } else if ( (cl == 1) && LDAP_DN_NEEDESCAPE_AD( p[ 0 ] ) ) {
2393 l += 2;
2394 } else {
2395 l += cl;
2396 }
2397 }
2398
2399 *len = l;
2400
2401 return( 0 );
2402 }
2403
2404 /*
2405 * convert to (supposedly) AD string representation,
2406 * assume the destination has enough room for escaping
2407 */
2408 static int
2409 strval2ADstr( struct berval *val, char *str, unsigned flags, ber_len_t *len )
2410 {
2411 ber_len_t s, d, cl;
2412
2413 assert( val != NULL );
2414 assert( str != NULL );
2415 assert( len != NULL );
2416
2417 if ( val->bv_len == 0 ) {
2418 *len = 0;
2419 return( 0 );
2420 }
2421
2422 /*
2423 * we assume the string has enough room for the escaping
2424 * of the value
2425 */
2426
2427 for ( s = 0, d = 0; s < val->bv_len; ) {
2428 cl = LDAP_UTF8_CHARLEN2( val->bv_val+s, cl );
2429 if ( cl == 0 ) {
2430 /* illegal utf-8 char */
2431 return -1;
2432 } else if ( (cl == 1) && LDAP_DN_NEEDESCAPE_AD(val->bv_val[ s ]) ) {
2433 str[ d++ ] = '\\';
2434 }
2435 for (; cl--;) {
2436 str[ d++ ] = val->bv_val[ s++ ];
2437 }
2438 }
2439
2440 *len = d;
2441
2442 return( 0 );
2443 }
2444
2445 /*
2446 * If the DN is terminated by single-AVA RDNs with attribute type of "dc",
2447 * the first part of the AD representation of the DN is written in DNS
2448 * form, i.e. dot separated domain name components (as suggested
2449 * by Luke Howard, http://www.padl.com/~lukeh)
2450 */
2451 static int
2452 dn2domain( LDAPDN dn, struct berval *bv, int pos, int *iRDN )
2453 {
2454 int i;
2455 int domain = 0, first = 1;
2456 ber_len_t l = 1; /* we move the null also */
2457 char *str;
2458
2459 /* we are guaranteed there's enough memory in str */
2460
2461 /* sanity */
2462 assert( dn != NULL );
2463 assert( bv != NULL );
2464 assert( iRDN != NULL );
2465 assert( *iRDN >= 0 );
2466
2467 str = bv->bv_val + pos;
2468
2469 for ( i = *iRDN; i >= 0; i-- ) {
2470 LDAPRDN rdn;
2471 LDAPAVA *ava;
2472
2473 assert( dn[ i ] != NULL );
2474 rdn = dn[ i ];
2475
2476 assert( rdn[ 0 ] != NULL );
2477 ava = rdn[ 0 ];
2478
2479 if ( !LDAP_DN_IS_RDN_DC( rdn ) ) {
2480 break;
2481 }
2482
2483 domain = 1;
2484
2485 if ( first ) {
2486 first = 0;
2487 AC_MEMCPY( str, ava->la_value.bv_val,
2488 ava->la_value.bv_len + 1);
2489 l += ava->la_value.bv_len;
2490
2491 } else {
2492 AC_MEMCPY( str + ava->la_value.bv_len + 1, bv->bv_val + pos, l);
2493 AC_MEMCPY( str, ava->la_value.bv_val,
2494 ava->la_value.bv_len );
2495 str[ ava->la_value.bv_len ] = '.';
2496 l += ava->la_value.bv_len + 1;
2497 }
2498 }
2499
2500 *iRDN = i;
2501 bv->bv_len = pos + l - 1;
2502
2503 return( domain );
2504 }
2505
2506 static int
2507 rdn2strlen( LDAPRDN rdn, unsigned flags, ber_len_t *len,
2508 int ( *s2l )( struct berval *v, unsigned f, ber_len_t *l ) )
2509 {
2510 int iAVA;
2511 ber_len_t l = 0;
2512
2513 *len = 0;
2514
2515 for ( iAVA = 0; rdn[ iAVA ]; iAVA++ ) {
2516 LDAPAVA *ava = rdn[ iAVA ];
2517
2518 /* len(type) + '=' + '+' | ',' */
2519 l += ava->la_attr.bv_len + 2;
2520
2521 if ( ava->la_flags & LDAP_AVA_BINARY ) {
2522 /* octothorpe + twice the length */
2523 l += 1 + 2 * ava->la_value.bv_len;
2524
2525 } else {
2526 ber_len_t vl;
2527 unsigned f = flags | ava->la_flags;
2528
2529 if ( ( *s2l )( &ava->la_value, f, &vl ) ) {
2530 return( -1 );
2531 }
2532 l += vl;
2533 }
2534 }
2535
2536 *len = l;
2537
2538 return( 0 );
2539 }
2540
2541 static int
2542 rdn2str( LDAPRDN rdn, char *str, unsigned flags, ber_len_t *len,
2543 int ( *s2s ) ( struct berval *v, char * s, unsigned f, ber_len_t *l ) )
2544 {
2545 int iAVA;
2546 ber_len_t l = 0;
2547
2548 for ( iAVA = 0; rdn[ iAVA ]; iAVA++ ) {
2549 LDAPAVA *ava = rdn[ iAVA ];
2550
2551 AC_MEMCPY( &str[ l ], ava->la_attr.bv_val,
2552 ava->la_attr.bv_len );
2553 l += ava->la_attr.bv_len;
2554
2555 str[ l++ ] = '=';
2556
2557 if ( ava->la_flags & LDAP_AVA_BINARY ) {
2558 str[ l++ ] = '#';
2559 if ( binval2hexstr( &ava->la_value, &str[ l ] ) ) {
2560 return( -1 );
2561 }
2562 l += 2 * ava->la_value.bv_len;
2563
2564 } else {
2565 ber_len_t vl;
2566 unsigned f = flags | ava->la_flags;
2567
2568 if ( ( *s2s )( &ava->la_value, &str[ l ], f, &vl ) ) {
2569 return( -1 );
2570 }
2571 l += vl;
2572 }
2573 str[ l++ ] = ( rdn[ iAVA + 1] ? '+' : ',' );
2574 }
2575
2576 *len = l;
2577
2578 return( 0 );
2579 }
2580
2581 static int
2582 rdn2DCEstrlen( LDAPRDN rdn, unsigned flags, ber_len_t *len )
2583 {
2584 int iAVA;
2585 ber_len_t l = 0;
2586
2587 *len = 0;
2588
2589 for ( iAVA = 0; rdn[ iAVA ]; iAVA++ ) {
2590 LDAPAVA *ava = rdn[ iAVA ];
2591
2592 /* len(type) + '=' + ',' | '/' */
2593 l += ava->la_attr.bv_len + 2;
2594
2595 if ( ava->la_flags & LDAP_AVA_BINARY ) {
2596 /* octothorpe + twice the length */
2597 l += 1 + 2 * ava->la_value.bv_len;
2598 } else {
2599 ber_len_t vl;
2600 unsigned f = flags | ava->la_flags;
2601
2602 if ( strval2DCEstrlen( &ava->la_value, f, &vl ) ) {
2603 return( -1 );
2604 }
2605 l += vl;
2606 }
2607 }
2608
2609 *len = l;
2610
2611 return( 0 );
2612 }
2613
2614 static int
2615 rdn2DCEstr( LDAPRDN rdn, char *str, unsigned flags, ber_len_t *len, int first )
2616 {
2617 int iAVA;
2618 ber_len_t l = 0;
2619
2620 for ( iAVA = 0; rdn[ iAVA ]; iAVA++ ) {
2621 LDAPAVA *ava = rdn[ iAVA ];
2622
2623 if ( first ) {
2624 first = 0;
2625 } else {
2626 str[ l++ ] = ( iAVA ? ',' : '/' );
2627 }
2628
2629 AC_MEMCPY( &str[ l ], ava->la_attr.bv_val,
2630 ava->la_attr.bv_len );
2631 l += ava->la_attr.bv_len;
2632
2633 str[ l++ ] = '=';
2634
2635 if ( ava->la_flags & LDAP_AVA_BINARY ) {
2636 str[ l++ ] = '#';
2637 if ( binval2hexstr( &ava->la_value, &str[ l ] ) ) {
2638 return( -1 );
2639 }
2640 l += 2 * ava->la_value.bv_len;
2641 } else {
2642 ber_len_t vl;
2643 unsigned f = flags | ava->la_flags;
2644
2645 if ( strval2DCEstr( &ava->la_value, &str[ l ], f, &vl ) ) {
2646 return( -1 );
2647 }
2648 l += vl;
2649 }
2650 }
2651
2652 *len = l;
2653
2654 return( 0 );
2655 }
2656
2657 static int
2658 rdn2UFNstrlen( LDAPRDN rdn, unsigned flags, ber_len_t *len )
2659 {
2660 int iAVA;
2661 ber_len_t l = 0;
2662
2663 assert( rdn != NULL );
2664 assert( len != NULL );
2665
2666 *len = 0;
2667
2668 for ( iAVA = 0; rdn[ iAVA ]; iAVA++ ) {
2669 LDAPAVA *ava = rdn[ iAVA ];
2670
2671 /* ' + ' | ', ' */
2672 l += ( rdn[ iAVA + 1 ] ? 3 : 2 );
2673
2674 /* FIXME: are binary values allowed in UFN? */
2675 if ( ava->la_flags & LDAP_AVA_BINARY ) {
2676 /* octothorpe + twice the value */
2677 l += 1 + 2 * ava->la_value.bv_len;
2678
2679 } else {
2680 ber_len_t vl;
2681 unsigned f = flags | ava->la_flags;
2682
2683 if ( strval2strlen( &ava->la_value, f, &vl ) ) {
2684 return( -1 );
2685 }
2686 l += vl;
2687 }
2688 }
2689
2690 *len = l;
2691
2692 return( 0 );
2693 }
2694
2695 static int
2696 rdn2UFNstr( LDAPRDN rdn, char *str, unsigned flags, ber_len_t *len )
2697 {
2698 int iAVA;
2699 ber_len_t l = 0;
2700
2701 for ( iAVA = 0; rdn[ iAVA ]; iAVA++ ) {
2702 LDAPAVA *ava = rdn[ iAVA ];
2703
2704 if ( ava->la_flags & LDAP_AVA_BINARY ) {
2705 str[ l++ ] = '#';
2706 if ( binval2hexstr( &ava->la_value, &str[ l ] ) ) {
2707 return( -1 );
2708 }
2709 l += 2 * ava->la_value.bv_len;
2710
2711 } else {
2712 ber_len_t vl;
2713 unsigned f = flags | ava->la_flags;
2714
2715 if ( strval2str( &ava->la_value, &str[ l ], f, &vl ) ) {
2716 return( -1 );
2717 }
2718 l += vl;
2719 }
2720
2721 if ( rdn[ iAVA + 1 ] ) {
2722 AC_MEMCPY( &str[ l ], " + ", 3 );
2723 l += 3;
2724
2725 } else {
2726 AC_MEMCPY( &str[ l ], ", ", 2 );
2727 l += 2;
2728 }
2729 }
2730
2731 *len = l;
2732
2733 return( 0 );
2734 }
2735
2736 static int
2737 rdn2ADstrlen( LDAPRDN rdn, unsigned flags, ber_len_t *len )
2738 {
2739 int iAVA;
2740 ber_len_t l = 0;
2741
2742 assert( rdn != NULL );
2743 assert( len != NULL );
2744
2745 *len = 0;
2746
2747 for ( iAVA = 0; rdn[ iAVA ]; iAVA++ ) {
2748 LDAPAVA *ava = rdn[ iAVA ];
2749
2750 /* ',' | '/' */
2751 l++;
2752
2753 /* FIXME: are binary values allowed in UFN? */
2754 if ( ava->la_flags & LDAP_AVA_BINARY ) {
2755 /* octothorpe + twice the value */
2756 l += 1 + 2 * ava->la_value.bv_len;
2757 } else {
2758 ber_len_t vl;
2759 unsigned f = flags | ava->la_flags;
2760
2761 if ( strval2ADstrlen( &ava->la_value, f, &vl ) ) {
2762 return( -1 );
2763 }
2764 l += vl;
2765 }
2766 }
2767
2768 *len = l;
2769
2770 return( 0 );
2771 }
2772
2773 static int
2774 rdn2ADstr( LDAPRDN rdn, char *str, unsigned flags, ber_len_t *len, int first )
2775 {
2776 int iAVA;
2777 ber_len_t l = 0;
2778
2779 for ( iAVA = 0; rdn[ iAVA ]; iAVA++ ) {
2780 LDAPAVA *ava = rdn[ iAVA ];
2781
2782 if ( first ) {
2783 first = 0;
2784 } else {
2785 str[ l++ ] = ( iAVA ? ',' : '/' );
2786 }
2787
2788 if ( ava->la_flags & LDAP_AVA_BINARY ) {
2789 str[ l++ ] = '#';
2790 if ( binval2hexstr( &ava->la_value, &str[ l ] ) ) {
2791 return( -1 );
2792 }
2793 l += 2 * ava->la_value.bv_len;
2794 } else {
2795 ber_len_t vl;
2796 unsigned f = flags | ava->la_flags;
2797
2798 if ( strval2ADstr( &ava->la_value, &str[ l ], f, &vl ) ) {
2799 return( -1 );
2800 }
2801 l += vl;
2802 }
2803 }
2804
2805 *len = l;
2806
2807 return( 0 );
2808 }
2809
2810 /*
2811 * ldap_rdn2str
2812 *
2813 * Returns in str a string representation of rdn based on flags.
2814 * There is some duplication of code between this and ldap_dn2str;
2815 * this is wanted to reduce the allocation of temporary buffers.
2816 */
2817 int
2818 ldap_rdn2str( LDAPRDN rdn, char **str, unsigned flags )
2819 {
2820 struct berval bv;
2821 int rc;
2822
2823 assert( str != NULL );
2824
2825 if((flags & LDAP_DN_FORMAT_MASK) == LDAP_DN_FORMAT_LBER) {
2826 return LDAP_PARAM_ERROR;
2827 }
2828
2829 rc = ldap_rdn2bv_x( rdn, &bv, flags, NULL );
2830 *str = bv.bv_val;
2831 return rc;
2832 }
2833
2834 int
2835 ldap_rdn2bv( LDAPRDN rdn, struct berval *bv, unsigned flags )
2836 {
2837 return ldap_rdn2bv_x( rdn, bv, flags, NULL );
2838 }
2839
2840 int
2841 ldap_rdn2bv_x( LDAPRDN rdn, struct berval *bv, unsigned flags, void *ctx )
2842 {
2843 int rc, back;
2844 ber_len_t l;
2845
2846 assert( bv != NULL );
2847
2848 bv->bv_len = 0;
2849 bv->bv_val = NULL;
2850
2851 if ( rdn == NULL ) {
2852 bv->bv_val = LDAP_STRDUPX( "", ctx );
2853 return( LDAP_SUCCESS );
2854 }
2855
2856 /*
2857 * This routine wastes "back" bytes at the end of the string
2858 */
2859
2860 switch ( LDAP_DN_FORMAT( flags ) ) {
2861 case LDAP_DN_FORMAT_LDAPV3:
2862 if ( rdn2strlen( rdn, flags, &l, strval2strlen ) ) {
2863 return LDAP_DECODING_ERROR;
2864 }
2865 break;
2866
2867 case LDAP_DN_FORMAT_LDAPV2:
2868 if ( rdn2strlen( rdn, flags, &l, strval2IA5strlen ) ) {
2869 return LDAP_DECODING_ERROR;
2870 }
2871 break;
2872
2873 case LDAP_DN_FORMAT_UFN:
2874 if ( rdn2UFNstrlen( rdn, flags, &l ) ) {
2875 return LDAP_DECODING_ERROR;
2876 }
2877 break;
2878
2879 case LDAP_DN_FORMAT_DCE:
2880 if ( rdn2DCEstrlen( rdn, flags, &l ) ) {
2881 return LDAP_DECODING_ERROR;
2882 }
2883 break;
2884
2885 case LDAP_DN_FORMAT_AD_CANONICAL:
2886 if ( rdn2ADstrlen( rdn, flags, &l ) ) {
2887 return LDAP_DECODING_ERROR;
2888 }
2889 break;
2890
2891 default:
2892 return LDAP_PARAM_ERROR;
2893 }
2894
2895 bv->bv_val = LDAP_MALLOCX( l + 1, ctx );
2896
2897 switch ( LDAP_DN_FORMAT( flags ) ) {
2898 case LDAP_DN_FORMAT_LDAPV3:
2899 rc = rdn2str( rdn, bv->bv_val, flags, &l, strval2str );
2900 back = 1;
2901 break;
2902
2903 case LDAP_DN_FORMAT_LDAPV2:
2904 rc = rdn2str( rdn, bv->bv_val, flags, &l, strval2IA5str );
2905 back = 1;
2906 break;
2907
2908 case LDAP_DN_FORMAT_UFN:
2909 rc = rdn2UFNstr( rdn, bv->bv_val, flags, &l );
2910 back = 2;
2911 break;
2912
2913 case LDAP_DN_FORMAT_DCE:
2914 rc = rdn2DCEstr( rdn, bv->bv_val, flags, &l, 1 );
2915 back = 0;
2916 break;
2917
2918 case LDAP_DN_FORMAT_AD_CANONICAL:
2919 rc = rdn2ADstr( rdn, bv->bv_val, flags, &l, 1 );
2920 back = 0;
2921 break;
2922
2923 default:
2924 /* need at least one of the previous */
2925 return LDAP_PARAM_ERROR;
2926 }
2927
2928 if ( rc ) {
2929 LDAP_FREEX( bv->bv_val, ctx );
2930 return rc;
2931 }
2932
2933 bv->bv_len = l - back;
2934 bv->bv_val[ bv->bv_len ] = '\0';
2935
2936 return LDAP_SUCCESS;
2937 }
2938
2939 /*
2940 * Very bulk implementation; many optimizations can be performed
2941 * - a NULL dn results in an empty string ""
2942 *
2943 * FIXME: doubts
2944 * a) what do we do if a UTF-8 string must be converted in LDAPv2?
2945 * we must encode it in binary form ('#' + HEXPAIRs)
2946 * b) does DCE/AD support UTF-8?
2947 * no clue; don't think so.
2948 * c) what do we do when binary values must be converted in UTF/DCE/AD?
2949 * use binary encoded BER
2950 */
2951 int ldap_dn2str( LDAPDN dn, char **str, unsigned flags )
2952 {
2953 struct berval bv;
2954 int rc;
2955
2956 assert( str != NULL );
2957
2958 if((flags & LDAP_DN_FORMAT_MASK) == LDAP_DN_FORMAT_LBER) {
2959 return LDAP_PARAM_ERROR;
2960 }
2961
2962 rc = ldap_dn2bv_x( dn, &bv, flags, NULL );
2963 *str = bv.bv_val;
2964 return rc;
2965 }
2966
2967 int ldap_dn2bv( LDAPDN dn, struct berval *bv, unsigned flags )
2968 {
2969 return ldap_dn2bv_x( dn, bv, flags, NULL );
2970 }
2971
2972 int ldap_dn2bv_x( LDAPDN dn, struct berval *bv, unsigned flags, void *ctx )
2973 {
2974 int iRDN;
2975 int rc = LDAP_ENCODING_ERROR;
2976 ber_len_t len, l;
2977
2978 /* stringifying helpers for LDAPv3/LDAPv2 */
2979 int ( *sv2l ) ( struct berval *v, unsigned f, ber_len_t *l );
2980 int ( *sv2s ) ( struct berval *v, char *s, unsigned f, ber_len_t *l );
2981
2982 assert( bv != NULL );
2983 bv->bv_len = 0;
2984 bv->bv_val = NULL;
2985
2986 Debug( LDAP_DEBUG_ARGS, "=> ldap_dn2bv(%u)\n", flags, 0, 0 );
2987
2988 /*
2989 * a null dn means an empty dn string
2990 * FIXME: better raise an error?
2991 */
2992 if ( dn == NULL ) {
2993 bv->bv_val = LDAP_STRDUPX( "", ctx );
2994 return( LDAP_SUCCESS );
2995 }
2996
2997 switch ( LDAP_DN_FORMAT( flags ) ) {
2998 case LDAP_DN_FORMAT_LDAPV3:
2999 sv2l = strval2strlen;
3000 sv2s = strval2str;
3001
3002 if( 0 ) {
3003 case LDAP_DN_FORMAT_LDAPV2:
3004 sv2l = strval2IA5strlen;
3005 sv2s = strval2IA5str;
3006 }
3007
3008 for ( iRDN = 0, len = 0; dn[ iRDN ]; iRDN++ ) {
3009 ber_len_t rdnl;
3010 if ( rdn2strlen( dn[ iRDN ], flags, &rdnl, sv2l ) ) {
3011 goto return_results;
3012 }
3013
3014 len += rdnl;
3015 }
3016
3017 if ( ( bv->bv_val = LDAP_MALLOCX( len + 1, ctx ) ) == NULL ) {
3018 rc = LDAP_NO_MEMORY;
3019 break;
3020 }
3021
3022 for ( l = 0, iRDN = 0; dn[ iRDN ]; iRDN++ ) {
3023 ber_len_t rdnl;
3024
3025 if ( rdn2str( dn[ iRDN ], &bv->bv_val[ l ], flags,
3026 &rdnl, sv2s ) ) {
3027 LDAP_FREEX( bv->bv_val, ctx );
3028 bv->bv_val = NULL;
3029 goto return_results;
3030 }
3031 l += rdnl;
3032 }
3033
3034 assert( l == len );
3035
3036 /*
3037 * trim the last ',' (the allocated memory
3038 * is one byte longer than required)
3039 */
3040 bv->bv_len = len - 1;
3041 bv->bv_val[ bv->bv_len ] = '\0';
3042
3043 rc = LDAP_SUCCESS;
3044 break;
3045
3046 case LDAP_DN_FORMAT_UFN: {
3047 /*
3048 * FIXME: quoting from RFC 1781:
3049 *
3050 To take a distinguished name, and generate a name of this format with
3051 attribute types omitted, the following steps are followed.
3052
3053 1. If the first attribute is of type CommonName, the type may be
3054 omitted.
3055
3056 2. If the last attribute is of type Country, the type may be
3057 omitted.
3058
3059 3. If the last attribute is of type Country, the last
3060 Organisation attribute may have the type omitted.
3061
3062 4. All attributes of type OrganisationalUnit may have the type
3063 omitted, unless they are after an Organisation attribute or
3064 the first attribute is of type OrganisationalUnit.
3065
3066 * this should be the pedantic implementation.
3067 *
3068 * Here the standard implementation reflects
3069 * the one historically provided by OpenLDAP
3070 * (and UMIch, I presume), with the variant
3071 * of spaces and plusses (' + ') separating
3072 * rdn components.
3073 *
3074 * A non-standard but nice implementation could
3075 * be to turn the final "dc" attributes into a
3076 * dot-separated domain.
3077 *
3078 * Other improvements could involve the use of
3079 * friendly country names and so.
3080 */
3081 #ifdef DC_IN_UFN
3082 int leftmost_dc = -1;
3083 int last_iRDN = -1;
3084 #endif /* DC_IN_UFN */
3085
3086 for ( iRDN = 0, len = 0; dn[ iRDN ]; iRDN++ ) {
3087 ber_len_t rdnl;
3088
3089 if ( rdn2UFNstrlen( dn[ iRDN ], flags, &rdnl ) ) {
3090 goto return_results;
3091 }
3092 len += rdnl;
3093
3094 #ifdef DC_IN_UFN
3095 if ( LDAP_DN_IS_RDN_DC( dn[ iRDN ] ) ) {
3096 if ( leftmost_dc == -1 ) {
3097 leftmost_dc = iRDN;
3098 }
3099 } else {
3100 leftmost_dc = -1;
3101 }
3102 #endif /* DC_IN_UFN */
3103 }
3104
3105 if ( ( bv->bv_val = LDAP_MALLOCX( len + 1, ctx ) ) == NULL ) {
3106 rc = LDAP_NO_MEMORY;
3107 break;
3108 }
3109
3110 #ifdef DC_IN_UFN
3111 if ( leftmost_dc == -1 ) {
3112 #endif /* DC_IN_UFN */
3113 for ( l = 0, iRDN = 0; dn[ iRDN ]; iRDN++ ) {
3114 ber_len_t vl;
3115
3116 if ( rdn2UFNstr( dn[ iRDN ], &bv->bv_val[ l ],
3117 flags, &vl ) ) {
3118 LDAP_FREEX( bv->bv_val, ctx );
3119 bv->bv_val = NULL;
3120 goto return_results;
3121 }
3122 l += vl;
3123 }
3124
3125 /*
3126 * trim the last ', ' (the allocated memory
3127 * is two bytes longer than required)
3128 */
3129 bv->bv_len = len - 2;
3130 bv->bv_val[ bv->bv_len ] = '\0';
3131 #ifdef DC_IN_UFN
3132 } else {
3133 last_iRDN = iRDN - 1;
3134
3135 for ( l = 0, iRDN = 0; iRDN < leftmost_dc; iRDN++ ) {
3136 ber_len_t vl;
3137
3138 if ( rdn2UFNstr( dn[ iRDN ], &bv->bv_val[ l ],
3139 flags, &vl ) ) {
3140 LDAP_FREEX( bv->bv_val, ctx );
3141 bv->bv_val = NULL;
3142 goto return_results;
3143 }
3144 l += vl;
3145 }
3146
3147 if ( !dn2domain( dn, bv, l, &last_iRDN ) ) {
3148 LDAP_FREEX( bv->bv_val, ctx );
3149 bv->bv_val = NULL;
3150 goto return_results;
3151 }
3152
3153 /* the string is correctly terminated by dn2domain */
3154 }
3155 #endif /* DC_IN_UFN */
3156
3157 rc = LDAP_SUCCESS;
3158
3159 } break;
3160
3161 case LDAP_DN_FORMAT_DCE:
3162 for ( iRDN = 0, len = 0; dn[ iRDN ]; iRDN++ ) {
3163 ber_len_t rdnl;
3164 if ( rdn2DCEstrlen( dn[ iRDN ], flags, &rdnl ) ) {
3165 goto return_results;
3166 }
3167
3168 len += rdnl;
3169 }
3170
3171 if ( ( bv->bv_val = LDAP_MALLOCX( len + 1, ctx ) ) == NULL ) {
3172 rc = LDAP_NO_MEMORY;
3173 break;
3174 }
3175
3176 for ( l = 0; iRDN--; ) {
3177 ber_len_t rdnl;
3178
3179 if ( rdn2DCEstr( dn[ iRDN ], &bv->bv_val[ l ], flags,
3180 &rdnl, 0 ) ) {
3181 LDAP_FREEX( bv->bv_val, ctx );
3182 bv->bv_val = NULL;
3183 goto return_results;
3184 }
3185 l += rdnl;
3186 }
3187
3188 assert( l == len );
3189
3190 bv->bv_len = len;
3191 bv->bv_val[ bv->bv_len ] = '\0';
3192
3193 rc = LDAP_SUCCESS;
3194 break;
3195
3196 case LDAP_DN_FORMAT_AD_CANONICAL: {
3197 int trailing_slash = 1;
3198
3199 /*
3200 * Sort of UFN for DCE DNs: a slash ('/') separated
3201 * global->local DN with no types; strictly speaking,
3202 * the naming context should be a domain, which is
3203 * written in DNS-style, e.g. dot-deparated.
3204 *
3205 * Example:
3206 *
3207 * "givenName=Bill+sn=Gates,ou=People,dc=microsoft,dc=com"
3208 *
3209 * will read
3210 *
3211 * "microsoft.com/People/Bill,Gates"
3212 */
3213 for ( iRDN = 0, len = -1; dn[ iRDN ]; iRDN++ ) {
3214 ber_len_t rdnl;
3215
3216 if ( rdn2ADstrlen( dn[ iRDN ], flags, &rdnl ) ) {
3217 goto return_results;
3218 }
3219
3220 len += rdnl;
3221 }
3222
3223 /* reserve room for trailing '/' in case the DN
3224 * is exactly a domain */
3225 if ( ( bv->bv_val = LDAP_MALLOCX( len + 1 + 1, ctx ) ) == NULL )
3226 {
3227 rc = LDAP_NO_MEMORY;
3228 break;
3229 }
3230
3231 iRDN--;
3232 if ( iRDN && dn2domain( dn, bv, 0, &iRDN ) != 0 ) {
3233 for ( l = bv->bv_len; iRDN >= 0 ; iRDN-- ) {
3234 ber_len_t rdnl;
3235
3236 trailing_slash = 0;
3237
3238 if ( rdn2ADstr( dn[ iRDN ], &bv->bv_val[ l ],
3239 flags, &rdnl, 0 ) ) {
3240 LDAP_FREEX( bv->bv_val, ctx );
3241 bv->bv_val = NULL;
3242 goto return_results;
3243 }
3244 l += rdnl;
3245 }
3246
3247 } else {
3248 int first = 1;
3249
3250 /*
3251 * Strictly speaking, AD canonical requires
3252 * a DN to be in the form "..., dc=smtg",
3253 * i.e. terminated by a domain component
3254 */
3255 if ( flags & LDAP_DN_PEDANTIC ) {
3256 LDAP_FREEX( bv->bv_val, ctx );
3257 bv->bv_val = NULL;
3258 rc = LDAP_ENCODING_ERROR;
3259 break;
3260 }
3261
3262 for ( l = 0; iRDN >= 0 ; iRDN-- ) {
3263 ber_len_t rdnl;
3264
3265 if ( rdn2ADstr( dn[ iRDN ], &bv->bv_val[ l ],
3266 flags, &rdnl, first ) ) {
3267 LDAP_FREEX( bv->bv_val, ctx );
3268 bv->bv_val = NULL;
3269 goto return_results;
3270 }
3271 if ( first ) {
3272 first = 0;
3273 }
3274 l += rdnl;
3275 }
3276 }
3277
3278 if ( trailing_slash ) {
3279 /* the DN is exactly a domain -- need a trailing
3280 * slash; room was reserved in advance */
3281 bv->bv_val[ len ] = '/';
3282 len++;
3283 }
3284
3285 bv->bv_len = len;
3286 bv->bv_val[ bv->bv_len ] = '\0';
3287
3288 rc = LDAP_SUCCESS;
3289 } break;
3290
3291 default:
3292 return LDAP_PARAM_ERROR;
3293 }
3294
3295 Debug( LDAP_DEBUG_ARGS, "<= ldap_dn2bv(%s)=%d %s\n",
3296 bv->bv_val, rc, rc ? ldap_err2string( rc ) : "" );
3297
3298 return_results:;
3299 return( rc );
3300 }
3301
NetBSD on the FriendlyARM MINI2440