diff options
| author | Noriko Hosoi <nhosoi@redhat.com> | 2010-04-26 11:03:52 -0700 |
|---|---|---|
| committer | Noriko Hosoi <nhosoi@redhat.com> | 2010-04-26 11:03:52 -0700 |
| commit | 78c50664d6421cc5d0836bb03820680dc2cb7acf (patch) | |
| tree | 20fcfadad9057617daa0b159216f0a92006969f5 /ldap/servers/slapd/compare.c | |
| parent | 4754291972668c37559a8f68d75ac6f8c477efb8 (diff) | |
| download | ds-78c50664d6421cc5d0836bb03820680dc2cb7acf.tar.gz ds-78c50664d6421cc5d0836bb03820680dc2cb7acf.tar.xz ds-78c50664d6421cc5d0836bb03820680dc2cb7acf.zip | |
Update to New DN Format
Fix Description:
. adding slapi_dn_normalize_ext and its siblings to normalize/validate
invalid DNs; deprecating slapi_dn_normalize and its siblings. (dn.c)
. replacing slapi_dn_normalize with new corresponding functions.
. normalizing hardcoded DNs (e.g., removing spaces around ',')
. setting correct DN syntax to nsslapd-suffix, nsslapd-ldapiautodnsuffix,
costemplatedn, nsslapd-changelogsuffix, nsBaseDN, nsBindDN
. if nsslapd-dn-validate-strict is enabled, incoming DN is examined and
rejected if it is invalid. Once approved, the DN is normalized.
. fixing compiler warnings and typos.
See also:
http://directory.fedoraproject.org/wiki/Upgrade_to_New_DN_Format
Related bugs:
Bug 199923 - subtree search fails to find items under a db containing special
characters
Bug 567968 - subtree/user level password policy created using 389-ds-console
doesn't work.
Bug 570107 - The import of LDIFs with base-64 encoded DNs fails, modrdn with
non-ASCII new rdn incorrect
Bug 570962 - ns-inactivate.pl does not work
Bug 572785 - DN syntax: old style of DN <type>="<DN>",<the_rest> is not
correctly normalized
Bug 573060 - DN normalizer: ESC HEX HEX is not normalized
Bug 574167 - An escaped space at the end of the RDN value is not handled
correctly
Diffstat (limited to 'ldap/servers/slapd/compare.c')
| -rw-r--r-- | ldap/servers/slapd/compare.c | 31 |
1 files changed, 29 insertions, 2 deletions
diff --git a/ldap/servers/slapd/compare.c b/ldap/servers/slapd/compare.c index 5a0256ba..578d826a 100644 --- a/ldap/servers/slapd/compare.c +++ b/ldap/servers/slapd/compare.c @@ -65,7 +65,9 @@ void do_compare( Slapi_PBlock *pb ) { BerElement *ber = pb->pb_op->o_ber; + char *rawdn = NULL; char *dn = NULL; + size_t len = 0; struct ava ava = {0}; Slapi_Backend *be = NULL; int err; @@ -94,15 +96,40 @@ do_compare( Slapi_PBlock *pb ) * } */ - if ( ber_scanf( ber, "{a{ao}}", &dn, &ava.ava_type, + if ( ber_scanf( ber, "{a{ao}}", &rawdn, &ava.ava_type, &ava.ava_value ) == LBER_ERROR ) { LDAPDebug( LDAP_DEBUG_ANY, "ber_scanf failed (op=Compare; params=DN,Type,Value)\n", 0, 0, 0 ); send_ldap_result( pb, LDAP_PROTOCOL_ERROR, NULL, NULL, 0, - NULL ); + NULL ); goto free_and_return; } + /* Check if we should be performing strict validation. */ + if (config_get_dn_validate_strict()) { + /* check that the dn is formatted correctly */ + err = slapi_dn_syntax_check(pb, rawdn, 1); + if (err) { /* syntax check failed */ + op_shared_log_error_access(pb, "CMP", + rawdn?rawdn:"", "strict: invalid dn"); + send_ldap_result(pb, LDAP_INVALID_DN_SYNTAX, + NULL, "invalid dn", 0, NULL); + slapi_ch_free((void **) &rawdn); + return; + } + } + err = slapi_dn_normalize_ext(rawdn, 0, &dn, &len); + if (err < 0) { + op_shared_log_error_access(pb, "CMP", rawdn?rawdn:"", "invalid dn"); + send_ldap_result(pb, LDAP_INVALID_DN_SYNTAX, + NULL, "invalid dn", 0, NULL); + slapi_ch_free((void **) &rawdn); + return; + } else if (err > 0) { /* if rc == 0, rawdn is passed in */ + slapi_ch_free((void **) &rawdn); + } else { /* rc == 0; rawdn is passed in; not null terminated */ + *(dn + len) = '\0'; + } /* * in LDAPv3 there can be optional control extensions on * the end of an LDAPMessage. we need to read them in and |