static int LDAPRDN_validate( LDAPRDN rdn ) { int iAVA; int rc; assert( rdn != NULL ); for ( iAVA = 0; rdn[ iAVA ]; iAVA++ ) { LDAPAVA *ava = rdn[ iAVA ]; AttributeDescription *ad; slap_syntax_validate_func *validate = NULL; assert( ava != NULL ); if ( ( ad = AVA_PRIVATE( ava ) ) == NULL ) { const char *text = NULL; rc = slap_bv2ad( &ava->la_attr, &ad, &text ); if ( rc != LDAP_SUCCESS ) { rc = slap_bv2undef_ad( &ava->la_attr, &ad, &text, SLAP_AD_PROXIED|slap_DN_strict ); if ( rc != LDAP_SUCCESS ) { return LDAP_INVALID_SYNTAX; } } ava->la_private = ( void * )ad; } /* * Do not allow X-ORDERED 'VALUES' naming attributes */ if ( ad->ad_type->sat_flags & SLAP_AT_ORDERED_VAL ) { return LDAP_INVALID_SYNTAX; } /* * Replace attr oid/name with the canonical name */ ava->la_attr = ad->ad_cname; validate = ad->ad_type->sat_syntax->ssyn_validate; if ( validate ) { /* * validate value by validate function */ rc = ( *validate )( ad->ad_type->sat_syntax, &ava->la_value ); if ( rc != LDAP_SUCCESS ) { return LDAP_INVALID_SYNTAX; } } } return LDAP_SUCCESS; }
/* * In-place, schema-aware validation of the * structural representation of a distinguished name. */ static int LDAPDN_validate( LDAPDN *dn ) { int iRDN; int rc; assert( dn ); for ( iRDN = 0; dn[ 0 ][ iRDN ]; iRDN++ ) { LDAPRDN *rdn = dn[ 0 ][ iRDN ]; int iAVA; assert( rdn ); for ( iAVA = 0; rdn[ 0 ][ iAVA ]; iAVA++ ) { LDAPAVA *ava = rdn[ 0 ][ iAVA ]; AttributeDescription *ad; slap_syntax_validate_func *validate = NULL; assert( ava ); if ( ( ad = AVA_PRIVATE( ava ) ) == NULL ) { const char *text = NULL; rc = slap_bv2ad( &ava->la_attr, &ad, &text ); if ( rc != LDAP_SUCCESS ) { return LDAP_INVALID_SYNTAX; } ava->la_private = ( void * )ad; } /* * Replace attr oid/name with the canonical name */ ava->la_attr = ad->ad_cname; validate = ad->ad_type->sat_syntax->ssyn_validate; if ( validate ) { /* * validate value by validate function */ rc = ( *validate )( ad->ad_type->sat_syntax, &ava->la_value ); if ( rc != LDAP_SUCCESS ) { return LDAP_INVALID_SYNTAX; } } } } return LDAP_SUCCESS; }
static int LDAPRDN_rewrite( LDAPRDN rdn, unsigned flags, void *ctx ) { int rc, iAVA, do_sort = 0; for ( iAVA = 0; rdn[ iAVA ]; iAVA++ ) { LDAPAVA *ava = rdn[ iAVA ]; AttributeDescription *ad; slap_syntax_validate_func *validf = NULL; slap_mr_normalize_func *normf = NULL; slap_syntax_transform_func *transf = NULL; MatchingRule *mr = NULL; struct berval bv = BER_BVNULL; assert( ava != NULL ); if ( ( ad = AVA_PRIVATE( ava ) ) == NULL ) { const char *text = NULL; rc = slap_bv2ad( &ava->la_attr, &ad, &text ); if ( rc != LDAP_SUCCESS ) { rc = slap_bv2undef_ad( &ava->la_attr, &ad, &text, SLAP_AD_PROXIED|slap_DN_strict ); if ( rc != LDAP_SUCCESS ) { return LDAP_INVALID_SYNTAX; } } ava->la_private = ( void * )ad; do_sort = 1; } /* * Replace attr oid/name with the canonical name */ ava->la_attr = ad->ad_cname; if( ava->la_flags & LDAP_AVA_BINARY ) { /* AVA is binary encoded, not supported */ return LDAP_INVALID_SYNTAX; /* Do not allow X-ORDERED 'VALUES' naming attributes */ } else if( ad->ad_type->sat_flags & SLAP_AT_ORDERED_VAL ) { return LDAP_INVALID_SYNTAX; } else if( flags & SLAP_LDAPDN_PRETTY ) { transf = ad->ad_type->sat_syntax->ssyn_pretty; if( !transf ) { validf = ad->ad_type->sat_syntax->ssyn_validate; } } else { /* normalization */ validf = ad->ad_type->sat_syntax->ssyn_validate; mr = ad->ad_type->sat_equality; if( mr && (!( mr->smr_usage & SLAP_MR_MUTATION_NORMALIZER ))) { normf = mr->smr_normalize; } } if ( validf ) { /* validate value before normalization */ rc = ( *validf )( ad->ad_type->sat_syntax, ava->la_value.bv_len ? &ava->la_value : (struct berval *) &slap_empty_bv ); if ( rc != LDAP_SUCCESS ) { return LDAP_INVALID_SYNTAX; } } if ( transf ) { /* * transform value by pretty function * if value is empty, use empty_bv */ rc = ( *transf )( ad->ad_type->sat_syntax, ava->la_value.bv_len ? &ava->la_value : (struct berval *) &slap_empty_bv, &bv, ctx ); if ( rc != LDAP_SUCCESS ) { return LDAP_INVALID_SYNTAX; } } if ( normf ) { /* * normalize value * if value is empty, use empty_bv */ rc = ( *normf )( SLAP_MR_VALUE_OF_ASSERTION_SYNTAX, ad->ad_type->sat_syntax, mr, ava->la_value.bv_len ? &ava->la_value : (struct berval *) &slap_empty_bv, &bv, ctx ); if ( rc != LDAP_SUCCESS ) { return LDAP_INVALID_SYNTAX; } } if( bv.bv_val ) { if ( ava->la_flags & LDAP_AVA_FREE_VALUE ) ber_memfree_x( ava->la_value.bv_val, ctx ); ava->la_value = bv; ava->la_flags |= LDAP_AVA_FREE_VALUE; } /* reject empty values */ if (!ava->la_value.bv_len) { return LDAP_INVALID_SYNTAX; } } rc = LDAP_SUCCESS; if ( do_sort ) { rc = AVA_Sort( rdn, iAVA ); } return rc; }
/* * In-place, schema-aware normalization / "pretty"ing of the * structural representation of a distinguished name. */ static int LDAPDN_rewrite( LDAPDN *dn, unsigned flags ) { int iRDN; int rc; assert( dn ); for ( iRDN = 0; dn[ 0 ][ iRDN ]; iRDN++ ) { LDAPRDN *rdn = dn[ 0 ][ iRDN ]; int iAVA; assert( rdn ); for ( iAVA = 0; rdn[ 0 ][ iAVA ]; iAVA++ ) { LDAPAVA *ava = rdn[ 0 ][ iAVA ]; AttributeDescription *ad; slap_syntax_validate_func *validf = NULL; slap_syntax_transform_func *transf = NULL; MatchingRule *mr; struct berval bv = { 0, NULL }; int do_sort = 0; assert( ava ); if ( ( ad = AVA_PRIVATE( ava ) ) == NULL ) { const char *text = NULL; rc = slap_bv2ad( &ava->la_attr, &ad, &text ); if ( rc != LDAP_SUCCESS ) { return LDAP_INVALID_SYNTAX; } ava->la_private = ( void * )ad; do_sort = 1; } /* * Replace attr oid/name with the canonical name */ ava->la_attr = ad->ad_cname; if( ava->la_flags & LDAP_AVA_BINARY ) { if( ava->la_value.bv_len == 0 ) { /* BER encoding is empty */ return LDAP_INVALID_SYNTAX; } /* AVA is binary encoded, don't muck with it */ validf = NULL; transf = NULL; mr = NULL; } else if( flags & SLAP_LDAPDN_PRETTY ) { validf = NULL; transf = ad->ad_type->sat_syntax->ssyn_pretty; mr = NULL; } else { validf = ad->ad_type->sat_syntax->ssyn_validate; transf = ad->ad_type->sat_syntax->ssyn_normalize; mr = ad->ad_type->sat_equality; } if ( validf ) { /* validate value before normalization */ rc = ( *validf )( ad->ad_type->sat_syntax, ava->la_value.bv_len ? &ava->la_value : (struct berval *) &slap_empty_bv ); if ( rc != LDAP_SUCCESS ) { return LDAP_INVALID_SYNTAX; } } if ( transf ) { /* * transform value by normalize/pretty function * if value is empty, use empty_bv */ rc = ( *transf )( ad->ad_type->sat_syntax, ava->la_value.bv_len ? &ava->la_value : (struct berval *) &slap_empty_bv, &bv ); if ( rc != LDAP_SUCCESS ) { return LDAP_INVALID_SYNTAX; } } if( mr && ( mr->smr_usage & SLAP_MR_DN_FOLD ) ) { char *s = bv.bv_val; if ( UTF8bvnormalize( &bv, &bv, LDAP_UTF8_CASEFOLD ) == NULL ) { return LDAP_INVALID_SYNTAX; } free( s ); } if( bv.bv_val ) { free( ava->la_value.bv_val ); ava->la_value = bv; } if( do_sort ) AVA_Sort( rdn, iAVA ); } } return LDAP_SUCCESS; }