February 2012 - 389-commits - Fedora Mailing-Lists

by Richard Allen Megginson

ldaputil.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) New commits: commit c29e5960117cade33f0ecc99aa588a30ea1e5cc8 Author: Rich Megginson <rmeggins(a)redhat.com> Date: Fri Feb 3 15:03:52 2012 -0700 Ticket #281 - TLS not working with latest openldap https://fedorahosted.org/389/ticket/281 Resolves: Ticket #281 Bug Description: TLS not working with latest openldap Reviewed by: nhosoi (Thanks!) Branch: master Fix Description: Be sure to call ldap_set_option(ld, LDAP_OPT_X_TLS_NEWCTX, &val); last after setting all of the other TLS options. Platforms tested: RHEL6 x86_64, Fedora 16 Flag Day: no Doc impact: no diff --git a/ldaputil.c b/ldaputil.c index 686627b..36c8f5b 100644 --- a/ldaputil.c +++ b/ldaputil.c @@ -239,10 +239,6 @@ dsgw_init_ldap( LDAP **ldp, LDAPFiltDesc **lfdpp, int skipac, int skipauthwarnin #endif /* !USE_OPENLDAP */ #if defined(USE_OPENLDAP) - if ((ret = ldap_set_option(*ldp, LDAP_OPT_X_TLS_NEWCTX, &optval))) { - dsgw_error( DSGW_ERR_SSLINIT, "new security context", - DSGW_ERROPT_EXIT, 0, NULL ); - } if ((ret = ldap_set_option(*ldp, LDAP_OPT_X_TLS_REQUIRE_CERT, &ssl_strength))) { dsgw_error( DSGW_ERR_SSLINIT, "require cert option", DSGW_ERROPT_EXIT, 0, NULL ); @@ -259,6 +255,10 @@ dsgw_init_ldap( LDAP **ldp, LDAPFiltDesc **lfdpp, int skipac, int skipauthwarnin 0, NULL ); } #endif /* LDAP_OPT_X_TLS_PROTOCOL_MIN */ + if ((ret = ldap_set_option(*ldp, LDAP_OPT_X_TLS_NEWCTX, &optval))) { + dsgw_error( DSGW_ERR_SSLINIT, "new security context", + DSGW_ERROPT_EXIT, 0, NULL ); + } #else /* !USE_OPENLDAP */ if ((ret = ldapssl_set_strength(*ldp, ssl_strength)) || (ret = ldapssl_set_option(*ldp, SSL_ENABLE_SSL2, PR_FALSE)) ||

12 years, 3 months

1
0
0 / 0

lib/libadmin

by Richard Allen Megginson

lib/libadmin/util.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) New commits: commit b579d9201af8fdcb7cba1e5543fa314481667fdd Author: Rich Megginson <rmeggins(a)redhat.com> Date: Fri Feb 3 15:02:23 2012 -0700 Ticket #281 - TLS not working with latest openldap https://fedorahosted.org/389/ticket/281 Resolves: Ticket #281 Bug Description: TLS not working with latest openldap Reviewed by: nhosoi (Thanks!) Branch: master Fix Description: Be sure to call ldap_set_option(ld, LDAP_OPT_X_TLS_NEWCTX, &val); last after setting all of the other TLS options. Platforms tested: RHEL6 x86_64, Fedora 16 Flag Day: no Doc impact: no diff --git a/lib/libadmin/util.c b/lib/libadmin/util.c index c5689a6..21fbde8 100644 --- a/lib/libadmin/util.c +++ b/lib/libadmin/util.c @@ -1577,12 +1577,6 @@ util_ldap_init( #endif /* !USE_OPENLDAP */ #if defined(USE_OPENLDAP) - if ((rc = ldap_set_option(ld, LDAP_OPT_X_TLS_NEWCTX, &optval))) { -#ifdef DEBUG - fprintf(stderr, "util_ldap_init: " - "failed: unable to create new TLS context\n"); -#endif - } if ((rc = ldap_set_option(ld, LDAP_OPT_X_TLS_REQUIRE_CERT, &ssl_strength))) { #ifdef DEBUG fprintf(stderr, "util_ldap_init: " @@ -1605,6 +1599,12 @@ util_ldap_init( #endif } #endif /* LDAP_OPT_X_TLS_PROTOCOL_MIN */ + if ((rc = ldap_set_option(ld, LDAP_OPT_X_TLS_NEWCTX, &optval))) { +#ifdef DEBUG + fprintf(stderr, "util_ldap_init: " + "failed: unable to create new TLS context\n"); +#endif + } #else /* !USE_OPENLDAP */ if ((rc = ldapssl_set_strength(myld, ssl_strength)) || (rc = ldapssl_set_option(myld, SSL_ENABLE_SSL2, PR_FALSE)) ||

12 years, 3 months

1
0
0 / 0

ldap/servers

by Richard Allen Megginson

ldap/servers/slapd/back-ldbm/ldbm_attr.c | 1 + 1 file changed, 1 insertion(+) New commits: commit ad9dd30e782cf8316161f0c98f8074aca33c3ae8 Author: Rich Megginson <rmeggins(a)redhat.com> Date: Fri Feb 3 14:16:41 2012 -0700 coverity 12488 Resource leak In attr_index_config(): Leak of memory or pointers to system resources need to free "a" in case of error return Reviewed by: nhosoi (Thanks!) diff --git a/ldap/servers/slapd/back-ldbm/ldbm_attr.c b/ldap/servers/slapd/back-ldbm/ldbm_attr.c index 63be423..7433ec7 100644 --- a/ldap/servers/slapd/back-ldbm/ldbm_attr.c +++ b/ldap/servers/slapd/back-ldbm/ldbm_attr.c @@ -248,6 +248,7 @@ attr_index_config( if(hasIndexType == 0){ /* indexType missing, error out */ LDAPDebug(LDAP_DEBUG_ANY, "attr_index_config: Missing index type\n", 0, 0, 0); + attrinfo_delete(&a); return; } }

12 years, 3 months

1
0
0 / 0

ldap/servers

by Richard Allen Megginson

ldap/servers/slapd/ldaputil.c | 8 ++++---- ldap/servers/slapd/tools/ldclt/ldapfct.c | 14 +++++++------- 2 files changed, 11 insertions(+), 11 deletions(-) New commits: commit 3d2f151f5ea4beb614194ea3aafc1b320511a2a3 Author: Rich Megginson <rmeggins(a)redhat.com> Date: Fri Feb 3 13:16:20 2012 -0700 Ticket #281 - TLS not working with latest openldap https://fedorahosted.org/389/ticket/281 Resolves: Ticket #281 Bug Description: TLS not working with latest openldap Reviewed by: nhosoi (Thanks!) Branch: master Fix Description: Be sure to call ldap_set_option(ld, LDAP_OPT_X_TLS_NEWCTX, &val); last after setting all of the other TLS options. Platforms tested: RHEL6 x86_64, Fedora 16 Flag Day: no Doc impact: no diff --git a/ldap/servers/slapd/ldaputil.c b/ldap/servers/slapd/ldaputil.c index 7901432..10d7907 100644 --- a/ldap/servers/slapd/ldaputil.c +++ b/ldap/servers/slapd/ldaputil.c @@ -814,10 +814,6 @@ slapi_ldap_init_ext( } #if defined(USE_OPENLDAP) - if ((rc = ldap_set_option(ld, LDAP_OPT_X_TLS_NEWCTX, &optval))) { - slapi_log_error(SLAPI_LOG_FATAL, "slapi_ldap_init_ext", - "failed: unable to create new TLS context\n"); - } if ((rc = ldap_set_option(ld, LDAP_OPT_X_TLS_REQUIRE_CERT, &ssl_strength))) { slapi_log_error(SLAPI_LOG_FATAL, "slapi_ldap_init_ext", "failed: unable to set REQUIRE_CERT option to %d\n", ssl_strength); @@ -835,6 +831,10 @@ slapi_ldap_init_ext( "failed: unable to set minimum TLS protocol level to SSL3\n"); } #endif /* LDAP_OPT_X_TLS_PROTOCOL_MIN */ + if ((rc = ldap_set_option(ld, LDAP_OPT_X_TLS_NEWCTX, &optval))) { + slapi_log_error(SLAPI_LOG_FATAL, "slapi_ldap_init_ext", + "failed: unable to create new TLS context\n"); + } #else /* !USE_OPENLDAP */ if ((rc = ldapssl_set_strength(myld, ssl_strength)) || (rc = ldapssl_set_option(myld, SSL_ENABLE_SSL2, PR_FALSE)) || diff --git a/ldap/servers/slapd/tools/ldclt/ldapfct.c b/ldap/servers/slapd/tools/ldclt/ldapfct.c index 6e66764..0e8a2fb 100644 --- a/ldap/servers/slapd/tools/ldclt/ldapfct.c +++ b/ldap/servers/slapd/tools/ldclt/ldapfct.c @@ -749,13 +749,6 @@ connectToLDAP(thread_context *tttctx, const char *bufBindDN, const char *bufPass for the hostname, so have to defeat fqdn checking in cn of subject of server cert */ int ssl_strength = LDAP_OPT_X_TLS_NEVER; char *certdir = ldclt_dirname(mctx.certfile); - if ((ret = ldap_set_option(ld, LDAP_OPT_X_TLS_NEWCTX, &optval))) { - printf ("ldclt[%d]: T%03d: Cannot ldap_set_option(ld, LDAP_OPT_X_TLS_NEWCTX), errno=%d ldaperror=%d:%s\n", - mctx.pid, thrdNum, errno, ret, my_ldap_err2string(ret)); - fflush (stdout); - free(certdir); - goto done; - } if ((ret = ldap_set_option(ld, LDAP_OPT_X_TLS_REQUIRE_CERT, &ssl_strength))) { printf ("ldclt[%d]: T%03d: Cannot ldap_set_option(ld, LDAP_OPT_X_TLS_REQUIRE_CERT), errno=%d ldaperror=%d:%s\n", mctx.pid, thrdNum, errno, ret, my_ldap_err2string(ret)); @@ -776,6 +769,13 @@ connectToLDAP(thread_context *tttctx, const char *bufBindDN, const char *bufPass free(certdir); goto done; } + if ((ret = ldap_set_option(ld, LDAP_OPT_X_TLS_NEWCTX, &optval))) { + printf ("ldclt[%d]: T%03d: Cannot ldap_set_option(ld, LDAP_OPT_X_TLS_NEWCTX), errno=%d ldaperror=%d:%s\n", + mctx.pid, thrdNum, errno, ret, my_ldap_err2string(ret)); + fflush (stdout); + free(certdir); + goto done; + } free(certdir); } #else /* !USE_OPENLDAP */

12 years, 3 months

1
0
0 / 0

ldap/servers

by Richard Allen Megginson

ldap/servers/plugins/collation/orfilter.c | 19 ++++++-------- ldap/servers/plugins/replication/repl5_agmt.c | 12 ++------ ldap/servers/plugins/syntaxes/string.c | 6 +--- ldap/servers/slapd/filter.c | 10 ++----- ldap/servers/slapd/slapi-plugin.h | 35 ++++++++++++++++++++++++++ ldap/servers/slapd/value.c | 12 ++++++++ 6 files changed, 64 insertions(+), 30 deletions(-) New commits: commit e8578ca99a527a1962e48b0080bf0f0361d5a91e Author: Rich Megginson <rmeggins(a)redhat.com> Date: Fri Feb 3 09:51:46 2012 -0700 Ticket #280 - extensible binary filters do not work https://fedorahosted.org/389/ticket/280 Resolves: Ticket #280 Bug Description: extensible binary filters do not work Reviewed by: nkinder (Thanks!) Branch: master Fix Description: The code was using strdup to copy the value when dup'ing the filter. We already had code that copied the contents of binary bervals, so I just put slapi wrappers around them and created and documented two new slapi functions - slapi_ber_bvcpy and slapi_ber_bvdone. I found a few places that were manually copying the contents of bervals and replaced them with slapi_ber_bvcpy and slapi_ber_bvdone. With this code the filter, I18n, and index tests pass at 100%. Platforms tested: RHEL6 x86_64, Fedora 16 Flag Day: yes - slapi-plugin.h change Doc impact: yes - two new slapi functions diff --git a/ldap/servers/plugins/collation/orfilter.c b/ldap/servers/plugins/collation/orfilter.c index d947e02..2293baf 100644 --- a/ldap/servers/plugins/collation/orfilter.c +++ b/ldap/servers/plugins/collation/orfilter.c @@ -347,12 +347,7 @@ slapi_ch_bvdup0 (struct berval* val) { auto struct berval* result = (struct berval*) slapi_ch_malloc (sizeof (struct berval)); - result->bv_len = val->bv_len; - result->bv_val = slapi_ch_malloc (result->bv_len + 1); - if (result->bv_len > 0) { - memcpy (result->bv_val, val->bv_val, result->bv_len); - } - result->bv_val[result->bv_len] = '\0'; + slapi_ber_bvcpy(result, val); return result; } @@ -398,12 +393,9 @@ ss_filter_values (struct berval* pattern, int* query_op) } if (n == 2) { /* no wildcards in pattern */ auto struct berval** pvec = (struct berval**) slapi_ch_malloc (sizeof (struct berval*) * 2); - auto struct berval* pv = (struct berval*) slapi_ch_malloc (sizeof (struct berval)); + auto struct berval* pv = slapi_ch_bvdup(pattern); pvec[0] = pv; pvec[1] = NULL; - pv->bv_len = pattern->bv_len; - pv->bv_val = slapi_ch_malloc (pv->bv_len); - memcpy (pv->bv_val, pattern->bv_val, pv->bv_len); ss_unescape (pv); *query_op = SLAPI_OP_EQUAL; return pvec; @@ -448,6 +440,13 @@ ss_filter_key (indexer_t* ix, struct berval* val) vals[1] = NULL; keys = ix->ix_index (ix, vals, NULL); if (keys && keys[0]) { + /* why +1 in the len? you need the +1 to old the trailing NULL, + to guard against someone accidentally doing a strcmp or + other str function, but a bvcmp is going to use the bv_len + which includes the trailing NULL which the value being + compared against might not have - not only are bervals + not guaranteed to be properly NULL terminated, but they + also contain binary data - see slapi_ber_bvcpy() */ key->bv_len = keys[0]->bv_len + 1; key->bv_val = slapi_ch_malloc (key->bv_len); memcpy (key->bv_val, keys[0]->bv_val, keys[0]->bv_len); diff --git a/ldap/servers/plugins/replication/repl5_agmt.c b/ldap/servers/plugins/replication/repl5_agmt.c index f1f114b..1d9affa 100644 --- a/ldap/servers/plugins/replication/repl5_agmt.c +++ b/ldap/servers/plugins/replication/repl5_agmt.c @@ -292,10 +292,7 @@ agmt_new_from_entry(Slapi_Entry *e) const struct berval *bv = slapi_value_get_berval(sval); if (NULL != bv) { - ra->creds->bv_val = slapi_ch_malloc(bv->bv_len + 1); - memcpy(ra->creds->bv_val, bv->bv_val, bv->bv_len); - ra->creds->bv_len = bv->bv_len; - ra->creds->bv_val[bv->bv_len] = '\0'; /* be safe */ + slapi_ber_bvcpy(ra->creds, bv); } } } @@ -1007,8 +1004,7 @@ agmt_set_credentials_from_entry(Repl_Agmt *ra, const Slapi_Entry *e) PR_ASSERT(NULL != ra); slapi_entry_attr_find(e, type_nsds5ReplicaCredentials, &sattr); PR_Lock(ra->lock); - slapi_ch_free((void **)&ra->creds->bv_val); - ra->creds->bv_len = 0; + slapi_ber_bvdone(ra->creds); if (NULL != sattr) { Slapi_Value *sval = NULL; @@ -1016,9 +1012,7 @@ agmt_set_credentials_from_entry(Repl_Agmt *ra, const Slapi_Entry *e) if (NULL != sval) { const struct berval *bv = slapi_value_get_berval(sval); - ra->creds->bv_val = slapi_ch_calloc(1, bv->bv_len + 1); - memcpy(ra->creds->bv_val, bv->bv_val, bv->bv_len); - ra->creds->bv_len = bv->bv_len; + slapi_ber_bvcpy(ra->creds, bv); } } /* If no credentials set, set to zero-length string */ diff --git a/ldap/servers/plugins/syntaxes/string.c b/ldap/servers/plugins/syntaxes/string.c index 80a1a46..5c78d6a 100644 --- a/ldap/servers/plugins/syntaxes/string.c +++ b/ldap/servers/plugins/syntaxes/string.c @@ -76,13 +76,11 @@ string_filter_ava( struct berval *bvfilter, Slapi_Value **bvals, int syntax, if (syntax & SYNTAX_NORM_FILT) { pbvfilter_norm = bvfilter; /* already normalized */ } else { - bvfilter_norm.bv_val = slapi_ch_malloc( bvfilter->bv_len + 1 ); - SAFEMEMCPY( bvfilter_norm.bv_val, bvfilter->bv_val, bvfilter->bv_len ); - bvfilter_norm.bv_val[bvfilter->bv_len] = '\0'; + slapi_ber_bvcpy(&bvfilter_norm, bvfilter); /* 3rd arg: 1 - trim leading blanks */ value_normalize_ext( bvfilter_norm.bv_val, syntax, 1, &alt ); if (alt) { - slapi_ch_free_string(&bvfilter_norm.bv_val); + slapi_ber_bvdone(&bvfilter_norm); bvfilter_norm.bv_val = alt; alt = NULL; } diff --git a/ldap/servers/slapd/filter.c b/ldap/servers/slapd/filter.c index 36bd419..ae87e5c 100644 --- a/ldap/servers/slapd/filter.c +++ b/ldap/servers/slapd/filter.c @@ -698,10 +698,7 @@ slapi_filter_dup(Slapi_Filter *f) case LDAP_FILTER_LE: case LDAP_FILTER_APPROX: out->f_ava.ava_type = slapi_ch_strdup(f->f_ava.ava_type); - out->f_ava.ava_value.bv_val = slapi_ch_malloc(f->f_ava.ava_value.bv_len+1); - memcpy(out->f_ava.ava_value.bv_val,f->f_ava.ava_value.bv_val,f->f_ava.ava_value.bv_len); - out->f_ava.ava_value.bv_val[f->f_ava.ava_value.bv_len] = 0; /* terminate */ - out->f_ava.ava_value.bv_len = f->f_ava.ava_value.bv_len; + slapi_ber_bvcpy(&out->f_ava.ava_value, &f->f_ava.ava_value); break; case LDAP_FILTER_SUBSTRINGS: @@ -733,8 +730,7 @@ slapi_filter_dup(Slapi_Filter *f) case LDAP_FILTER_EXTENDED: out->f_mr_oid = slapi_ch_strdup(f->f_mr_oid); out->f_mr_type = slapi_ch_strdup(f->f_mr_type); - out->f_mr_value.bv_val = slapi_ch_strdup(f->f_mr_value.bv_val); - out->f_mr_value.bv_len = f->f_mr_value.bv_len; + slapi_ber_bvcpy(&out->f_mr_value, &f->f_mr_value); out->f_mr_dnAttrs = f->f_mr_dnAttrs; if (f->f_mr.mrf_match) { int rc = plugin_mr_filter_create(&out->f_mr); @@ -796,7 +792,7 @@ slapi_filter_free( struct slapi_filter *f, int recurse ) case LDAP_FILTER_EXTENDED: slapi_ch_free((void**)&f->f_mr_oid); slapi_ch_free((void**)&f->f_mr_type); - slapi_ch_free((void **)&f->f_mr_value.bv_val ); + slapi_ber_bvdone(&f->f_mr_value); if (f->f_mr.mrf_destroy != NULL) { Slapi_PBlock pb; pblock_init (&pb); diff --git a/ldap/servers/slapd/slapi-plugin.h b/ldap/servers/slapd/slapi-plugin.h index ce68e76..36683a4 100644 --- a/ldap/servers/slapd/slapi-plugin.h +++ b/ldap/servers/slapd/slapi-plugin.h @@ -4468,6 +4468,41 @@ size_t slapi_value_get_length(const Slapi_Value *value); */ int slapi_value_compare(const Slapi_Attr *a,const Slapi_Value *v1,const Slapi_Value *v2); +/** + * Free and initialize the contents of the berval without freeing the + * struct berval * itself. This is useful when you use struct berval + * which are allocated on the stack e.g. + * \code + * struct berval bv = {0, NULL}; + * slapi_ber_bvcpy(&bv, someotherbvp); + * // use bv + * slapi_ber_bvdone(&bv); + * \endcode + * You must only call slapi_ber_bvdone() if the bv_val member has been + * allocated with malloc() or is NULL. + * + * \param bvp A struct berval * you want to free the contents of + * \return \c void + */ +void slapi_ber_bvdone(struct berval *bvp); + +/** + * Copy the contents of the berval without allocating a new struct berval* + * This is useful when you use struct berval which are allocated on the stack e.g. + * \code + * struct berval bv = {0, NULL}; + * slapi_ber_bvcpy(&bv, someotherbvp); + * // use bv + * slapi_ber_bvdone(&bv); + * \endcode + * The bvs source berval to copy from can either be allocated on the heap + * or the stack. + * + * \param bvd A struct berval * you want copy to + * \param bvs A struct berval * you want to copy from + * \return \c void + */ +void slapi_ber_bvcpy(struct berval *bvd, const struct berval *bvs); /* * Valueset functions. diff --git a/ldap/servers/slapd/value.c b/ldap/servers/slapd/value.c index 1edfe79..30301e2 100644 --- a/ldap/servers/slapd/value.c +++ b/ldap/servers/slapd/value.c @@ -78,6 +78,18 @@ static void ber_bvcpy(struct berval *bvd, const struct berval *bvs) return; } +void +slapi_ber_bvdone(struct berval *bvp) +{ + ber_bvdone(bvp); +} + +void +slapi_ber_bvcpy(struct berval *bvd, const struct berval *bvs) +{ + ber_bvcpy(bvd, bvs); +} + /* <=========================== Slapi_Value ==========================> */ #ifdef VALUE_DEBUG

12 years, 3 months

1
0
0 / 0

ldap/servers

by Richard Allen Megginson

ldap/servers/plugins/syntaxes/ces.c | 10 ++--- ldap/servers/plugins/syntaxes/cis.c | 26 +++++++------- ldap/servers/plugins/syntaxes/syntax.h | 1 ldap/servers/plugins/syntaxes/syntax_common.c | 1 ldap/servers/slapd/filter.c | 9 ++--- ldap/servers/slapd/pblock.c | 12 ++++++ ldap/servers/slapd/plugin_syntax.c | 46 ++++++++++++++++++++++++-- ldap/servers/slapd/slap.h | 2 + ldap/servers/slapd/slapi-plugin.h | 35 +++++++++++++++++++ 9 files changed, 117 insertions(+), 25 deletions(-) New commits: commit 7b03c971dd25cc3c3b873c30915e2fcef63cba30 Author: Rich Megginson <rmeggins(a)redhat.com> Date: Thu Feb 2 20:53:49 2012 -0700 Ticket #279 - filter normalization does not use matching rules https://fedorahosted.org/389/ticket/279 Resolves: Ticket #279 Bug Description: filter normalization does not use matching rules Reviewed by: nhosoi (Thanks!) Branch: master Fix Description: When normalizing the values in a filter, the normalization must take into account the type of filter being used, and the matching rules associated with the attribute, corresponding to the type of filter. Added a mr_normalize function for matching rules. This is primarily needed by the cis and ces associated matching rules, for the case where the normalization function provided by the syntax is different than the one associated with the matching rule. For example, Directory String (cis) by default uses a case insensitive normalization function, but if you are using a caseExact matching rule you must use a case sensitive normalization function. Added the new function slapi_attr_value_normalize_ext() to allow passing in the type of search filter to normalize for. Platforms tested: RHEL6 x86_64 Flag Day: yes - plugin structure size change Doc impact: yes - document the new function diff --git a/ldap/servers/plugins/syntaxes/ces.c b/ldap/servers/plugins/syntaxes/ces.c index 626cb7c..ee1b012 100644 --- a/ldap/servers/plugins/syntaxes/ces.c +++ b/ldap/servers/plugins/syntaxes/ces.c @@ -121,7 +121,7 @@ IA5STRING_SYNTAX_OID, 0, caseExactIA5Match_syntaxes}, /* matching rule desc */ {"caseExactIA5Match-mr", VENDOR, DS_PACKAGE_VERSION, "caseExactIA5Match matching rule plugin"}, /* plugin desc */ caseExactIA5Match_names, /* matching rule name/oid/aliases */ NULL, NULL, ces_filter_ava, NULL, ces_values2keys, - ces_assertion2keys_ava, NULL, ces_compare}, + ces_assertion2keys_ava, NULL, ces_compare, ces_normalize}, {{"2.5.13.5", NULL, "caseExactMatch", "The caseExactMatch rule compares an assertion value of the Directory " "String syntax to an attribute value of a syntax (e.g., the Directory " "String, Printable String, Country String, or Telephone Number syntax) " @@ -141,7 +141,7 @@ DIRSTRING_SYNTAX_OID, 0, dirStringCompat_syntaxes}, /* matching rule desc */ {"caseExactMatch-mr", VENDOR, DS_PACKAGE_VERSION, "caseExactMatch matching rule plugin"}, /* plugin desc */ caseExactMatch_names, /* matching rule name/oid/aliases */ NULL, NULL, ces_filter_ava, NULL, ces_values2keys, - ces_assertion2keys_ava, NULL, ces_compare}, + ces_assertion2keys_ava, NULL, ces_compare, ces_normalize}, {{"2.5.13.6", NULL, "caseExactOrderingMatch", "The caseExactOrderingMatch rule compares an assertion value of the " "Directory String syntax to an attribute value of a syntax (e.g., the " "Directory String, Printable String, Country String, or Telephone " @@ -159,7 +159,7 @@ DIRSTRING_SYNTAX_OID, 0, dirStringCompat_syntaxes}, /* matching rule desc */ {"caseExactOrderingMatch-mr", VENDOR, DS_PACKAGE_VERSION, "caseExactOrderingMatch matching rule plugin"}, /* plugin desc */ caseExactOrderingMatch_names, /* matching rule name/oid/aliases */ NULL, NULL, ces_filter_ava, NULL, ces_values2keys, - ces_assertion2keys_ava, NULL, ces_compare}, + ces_assertion2keys_ava, NULL, ces_compare, ces_normalize}, {{"2.5.13.7", NULL, "caseExactSubstringsMatch", "The caseExactSubstringsMatch rule compares an assertion value of the " "Substring Assertion syntax to an attribute value of a syntax (e.g., " "the Directory String, Printable String, Country String, or Telephone " @@ -182,7 +182,7 @@ DIRSTRING_SYNTAX_OID, 0, dirStringCompat_syntaxes}, /* matching rule desc */ {"caseExactSubstringsMatch-mr", VENDOR, DS_PACKAGE_VERSION, "caseExactSubstringsMatch matching rule plugin"}, /* plugin desc */ caseExactSubstringsMatch_names, /* matching rule name/oid/aliases */ NULL, NULL, NULL, ces_filter_sub, ces_values2keys, - NULL, ces_assertion2keys_sub, ces_compare}, + NULL, ces_assertion2keys_sub, ces_compare, ces_normalize}, {{CASEEXACTIA5SUBSTRINGSMATCH_OID, NULL, "caseExactIA5SubstringsMatch", "The caseExactIA5SubstringsMatch rule compares an assertion value of the " "Substring Assertion syntax to an attribute value of a syntax (e.g., " "the IA5 syntax) whose corresponding ASN.1 type is IA5 String or " @@ -204,7 +204,7 @@ DIRSTRING_SYNTAX_OID, 0, dirStringCompat_syntaxes}, /* matching rule desc */ {"caseExactIA5SubstringsMatch-mr", VENDOR, DS_PACKAGE_VERSION, "caseExactIA5SubstringsMatch matching rule plugin"}, /* plugin desc */ caseExactIA5SubstringsMatch_names, /* matching rule name/oid/aliases */ NULL, NULL, NULL, ces_filter_sub, ces_values2keys, - NULL, ces_assertion2keys_sub, ces_compare} + NULL, ces_assertion2keys_sub, ces_compare, ces_normalize} }; static size_t mr_plugin_table_size = sizeof(mr_plugin_table)/sizeof(mr_plugin_table[0]); diff --git a/ldap/servers/plugins/syntaxes/cis.c b/ldap/servers/plugins/syntaxes/cis.c index c914fd6..ead290f 100644 --- a/ldap/servers/plugins/syntaxes/cis.c +++ b/ldap/servers/plugins/syntaxes/cis.c @@ -215,14 +215,14 @@ static struct mr_plugin_def mr_plugin_table[] = { {"generalizedTimeMatch-mr", VENDOR, DS_PACKAGE_VERSION, "generalizedTimeMatch matching rule plugin"}, /* plugin desc */ generalizedTimeMatch_names, /* matching rule name/oid/aliases */ NULL, NULL, cis_filter_ava, NULL, cis_values2keys, - cis_assertion2keys_ava, NULL, cis_compare}, + cis_assertion2keys_ava, NULL, cis_compare, cis_normalize}, {{GENERALIZEDTIMEORDERINGMATCH_OID, NULL /* no alias? */, "generalizedTimeOrderingMatch", "The rule evaluates to TRUE if and only if the attribute value represents a universal coordinated time that is earlier than the universal coordinated time represented by the assertion value.", GENERALIZEDTIME_SYNTAX_OID, 0 /* not obsolete */, NULL /* no other syntaxes supported */ }, {"generalizedTimeOrderingMatch-mr", VENDOR, DS_PACKAGE_VERSION, "generalizedTimeOrderingMatch matching rule plugin"}, /* plugin desc */ generalizedTimeOrderingMatch_names, /* matching rule name/oid/aliases */ NULL, NULL, cis_filter_ava, NULL, cis_values2keys, - cis_assertion2keys_ava, NULL, cis_compare}, + cis_assertion2keys_ava, NULL, cis_compare, cis_normalize}, /* strictly speaking, boolean is case sensitive */ {{"2.5.13.13", NULL, "booleanMatch", "The booleanMatch rule compares an assertion value of the Boolean " "syntax to an attribute value of a syntax (e.g., the Boolean syntax) " @@ -232,7 +232,7 @@ static struct mr_plugin_def mr_plugin_table[] = { {"booleanMatch-mr", VENDOR, DS_PACKAGE_VERSION, "booleanMatch matching rule plugin"}, /* plugin desc */ booleanMatch_names, /* matching rule name/oid/aliases */ NULL, NULL, cis_filter_ava, NULL, cis_values2keys, - cis_assertion2keys_ava, NULL, cis_compare}, + cis_assertion2keys_ava, NULL, cis_compare, cis_normalize}, {{"1.3.6.1.4.1.1466.109.114.2", NULL, "caseIgnoreIA5Match", "The caseIgnoreIA5Match rule compares an assertion value of the IA5 " "String syntax to an attribute value of a syntax (e.g., the IA5 String " "syntax) whose corresponding ASN.1 type is IA5String. " @@ -247,7 +247,7 @@ static struct mr_plugin_def mr_plugin_table[] = { {"caseIgnoreIA5Match-mr", VENDOR, DS_PACKAGE_VERSION, "caseIgnoreIA5Match matching rule plugin"}, /* plugin desc */ caseIgnoreIA5Match_names, /* matching rule name/oid/aliases */ NULL, NULL, cis_filter_ava, NULL, cis_values2keys, - cis_assertion2keys_ava, NULL, cis_compare}, + cis_assertion2keys_ava, NULL, cis_compare, cis_normalize}, {{"1.3.6.1.4.1.1466.109.114.3", NULL, "caseIgnoreIA5SubstringsMatch", "The caseIgnoreIA5SubstringsMatch rule compares an assertion value of " "the Substring Assertion syntax to an attribute value of a syntax " "(e.g., the IA5 String syntax) whose corresponding ASN.1 type is " @@ -268,7 +268,7 @@ static struct mr_plugin_def mr_plugin_table[] = { {"caseIgnoreIA5SubstringsMatch-mr", VENDOR, DS_PACKAGE_VERSION, "caseIgnoreIA5SubstringsMatch matching rule plugin"}, /* plugin desc */ caseIgnoreIA5SubstringsMatch_names, /* matching rule name/oid/aliases */ NULL, NULL, NULL, cis_filter_sub, cis_values2keys, - NULL, cis_assertion2keys_sub, NULL}, + NULL, cis_assertion2keys_sub, NULL, cis_normalize}, {{"2.5.13.2", NULL, "caseIgnoreMatch", "The caseIgnoreMatch rule compares an assertion value of the Directory " "String syntax to an attribute value of a syntax (e.g., the Directory " "String, Printable String, Country String, or Telephone Number syntax) " @@ -285,7 +285,7 @@ static struct mr_plugin_def mr_plugin_table[] = { {"caseIgnoreMatch-mr", VENDOR, DS_PACKAGE_VERSION, "caseIgnoreMatch matching rule plugin"}, /* plugin desc */ caseIgnoreMatch_names, /* matching rule name/oid/aliases */ NULL, NULL, cis_filter_ava, NULL, cis_values2keys, - cis_assertion2keys_ava, NULL, cis_compare}, + cis_assertion2keys_ava, NULL, cis_compare, cis_normalize}, {{"2.5.13.3", NULL, "caseIgnoreOrderingMatch", "The caseIgnoreOrderingMatch rule compares an assertion value of the " "Directory String syntax to an attribute value of a syntax (e.g., the " "Directory String, Printable String, Country String, or Telephone " @@ -302,7 +302,7 @@ static struct mr_plugin_def mr_plugin_table[] = { {"caseIgnoreOrderingMatch-mr", VENDOR, DS_PACKAGE_VERSION, "caseIgnoreOrderingMatch matching rule plugin"}, /* plugin desc */ caseIgnoreOrderingMatch_names, /* matching rule name/oid/aliases */ NULL, NULL, cis_filter_ava, NULL, cis_values2keys, - cis_assertion2keys_ava, NULL, cis_compare}, + cis_assertion2keys_ava, NULL, cis_compare, cis_normalize}, {{"2.5.13.4", NULL, "caseIgnoreSubstringsMatch", "The caseIgnoreSubstringsMatch rule compares an assertion value of the " "Substring Assertion syntax to an attribute value of a syntax (e.g., " "the Directory String, Printable String, Country String, or Telephone " @@ -324,7 +324,7 @@ static struct mr_plugin_def mr_plugin_table[] = { {"caseIgnoreSubstringsMatch-mr", VENDOR, DS_PACKAGE_VERSION, "caseIgnoreSubstringsMatch matching rule plugin"}, /* plugin desc */ caseIgnoreSubstringsMatch_names, /* matching rule name/oid/aliases */ NULL, NULL, NULL, cis_filter_sub, cis_values2keys, - NULL, cis_assertion2keys_sub, cis_compare}, + NULL, cis_assertion2keys_sub, cis_compare, cis_normalize}, {{"2.5.13.11", NULL, "caseIgnoreListMatch", "The caseIgnoreListMatch rule compares an assertion value that is a " "sequence of strings to an attribute value of a syntax (e.g., the " "Postal Address syntax) whose corresponding ASN.1 type is a SEQUENCE " @@ -344,7 +344,7 @@ static struct mr_plugin_def mr_plugin_table[] = { {"caseIgnoreListMatch-mr", VENDOR, DS_PACKAGE_VERSION, "caseIgnoreListMatch matching rule plugin"}, /* plugin desc */ caseIgnoreListMatch_names, /* matching rule name/oid/aliases */ NULL, NULL, cis_filter_ava, NULL, cis_values2keys, - cis_assertion2keys_ava, NULL, cis_compare}, + cis_assertion2keys_ava, NULL, cis_compare, cis_normalize}, {{"2.5.13.12", NULL, "caseIgnoreListSubstringsMatch", "The caseIgnoreListSubstringsMatch rule compares an assertion value of " "the Substring Assertion syntax to an attribute value of a syntax " "(e.g., the Postal Address syntax) whose corresponding ASN.1 type is a " @@ -363,7 +363,7 @@ static struct mr_plugin_def mr_plugin_table[] = { {"caseIgnoreListSubstringsMatch-mr", VENDOR, DS_PACKAGE_VERSION, "caseIgnoreListSubstringsMatch matching rule plugin"}, /* plugin desc */ caseIgnoreListSubstringsMatch_names, /* matching rule name/oid/aliases */ NULL, NULL, NULL, cis_filter_sub, cis_values2keys, - NULL, cis_assertion2keys_sub, cis_compare}, + NULL, cis_assertion2keys_sub, cis_compare, cis_normalize}, {{"2.5.13.0", NULL, "objectIdentifierMatch", "The objectIdentifierMatch rule compares an assertion value of the OID " "syntax to an attribute value of a syntax (e.g., the OID syntax) whose " "corresponding ASN.1 type is OBJECT IDENTIFIER. " @@ -379,7 +379,7 @@ OID_SYNTAX_OID, 0, NULL /* OID syntax only for now */}, /* matching rule desc */ {"objectIdentifierMatch-mr", VENDOR, DS_PACKAGE_VERSION, "objectIdentifierMatch matching rule plugin"}, /* plugin desc */ objectIdentifierMatch_names, /* matching rule name/oid/aliases */ NULL, NULL, cis_filter_ava, NULL, cis_values2keys, - cis_assertion2keys_ava, NULL, cis_compare}, + cis_assertion2keys_ava, NULL, cis_compare, cis_normalize}, {{"2.5.13.31", NULL, "directoryStringFirstComponentMatch", "The directoryStringFirstComponentMatch rule compares an assertion " "value of the Directory String syntax to an attribute value of a " "syntax whose corresponding ASN.1 type is a SEQUENCE with a mandatory " @@ -393,7 +393,7 @@ OID_SYNTAX_OID, 0, NULL /* OID syntax only for now */}, /* matching rule desc */ {"directoryStringFirstComponentMatch-mr", VENDOR, DS_PACKAGE_VERSION, "directoryStringFirstComponentMatch matching rule plugin"}, /* plugin desc */ directoryStringFirstComponentMatch_names, /* matching rule name/oid/aliases */ NULL, NULL, cis_filter_ava, NULL, cis_values2keys, - cis_assertion2keys_ava, NULL, NULL}, + cis_assertion2keys_ava, NULL, NULL, cis_normalize}, {{"2.5.13.30", NULL, "objectIdentifierFirstComponentMatch", "The objectIdentifierFirstComponentMatch rule compares an assertion " "value of the OID syntax to an attribute value of a syntax (e.g., the " @@ -411,7 +411,7 @@ OID_SYNTAX_OID, 0, NULL /* OID syntax only for now */}, /* matching rule desc */ {"objectIdentifierFirstComponentMatch-mr", VENDOR, DS_PACKAGE_VERSION, "objectIdentifierFirstComponentMatch matching rule plugin"}, /* plugin desc */ objectIdentifierFirstComponentMatch_names, /* matching rule name/oid/aliases */ NULL, NULL, cis_filter_ava, NULL, cis_values2keys, - cis_assertion2keys_ava, NULL, NULL} + cis_assertion2keys_ava, NULL, NULL, cis_normalize} }; static size_t mr_plugin_table_size = sizeof(mr_plugin_table)/sizeof(mr_plugin_table[0]); diff --git a/ldap/servers/plugins/syntaxes/syntax.h b/ldap/servers/plugins/syntaxes/syntax.h index e0fee81..04ce70a 100644 --- a/ldap/servers/plugins/syntaxes/syntax.h +++ b/ldap/servers/plugins/syntaxes/syntax.h @@ -143,6 +143,7 @@ struct mr_plugin_def { IFP mr_assertion2keys_ava; /* SLAPI_PLUGIN_MR_ASSERTION2KEYS_AVA */ IFP mr_assertion2keys_sub; /* SLAPI_PLUGIN_MR_ASSERTION2KEYS_SUB */ IFP mr_compare; /* SLAPI_PLUGIN_MR_COMPARE - only for ORDERING */ + VFPV mr_normalize; }; int syntax_register_matching_rule_plugins(struct mr_plugin_def mr_plugin_table[], size_t mr_plugin_table_size, IFP matching_rule_plugin_init); diff --git a/ldap/servers/plugins/syntaxes/syntax_common.c b/ldap/servers/plugins/syntaxes/syntax_common.c index 713d9a0..f206949 100644 --- a/ldap/servers/plugins/syntaxes/syntax_common.c +++ b/ldap/servers/plugins/syntaxes/syntax_common.c @@ -100,6 +100,7 @@ syntax_matching_rule_plugin_init( rc |= slapi_pblock_set(pb, SLAPI_PLUGIN_MR_ASSERTION2KEYS_SUB, mrpd->mr_assertion2keys_sub); rc |= slapi_pblock_set(pb, SLAPI_PLUGIN_MR_NAMES, mrpd->mr_names); rc |= slapi_pblock_set(pb, SLAPI_PLUGIN_MR_COMPARE, mrpd->mr_compare); + rc |= slapi_pblock_set(pb, SLAPI_PLUGIN_MR_NORMALIZE, mrpd->mr_normalize); break; } } diff --git a/ldap/servers/slapd/filter.c b/ldap/servers/slapd/filter.c index f7028dc..36bd419 100644 --- a/ldap/servers/slapd/filter.c +++ b/ldap/servers/slapd/filter.c @@ -1056,7 +1056,8 @@ filter_normalize_ava( struct slapi_filter *f, PRBool norm_values ) char *newval = NULL; /* NOTE: assumes ava->ava_value.bv_val is NULL terminated - get_ava/ber_scanf 'o' will NULL terminate the string by default */ - slapi_attr_value_normalize(NULL, NULL, ava->ava_type, ava->ava_value.bv_val, 1, &newval); + slapi_attr_value_normalize_ext(NULL, NULL, ava->ava_type, + ava->ava_value.bv_val, 1, &newval, f->f_choice); if (newval && (newval != ava->ava_value.bv_val)) { slapi_ch_free_string(&ava->ava_value.bv_val); ava->ava_value.bv_val = newval; @@ -1086,7 +1087,7 @@ filter_normalize_subfilt( struct slapi_filter *f, PRBool norm_values ) int ii; slapi_attr_init(&attr, sf->sf_type); - slapi_attr_value_normalize(NULL, &attr, NULL, sf->sf_initial, 1, &newval); + slapi_attr_value_normalize_ext(NULL, &attr, NULL, sf->sf_initial, 1, &newval, f->f_choice); if (newval && (newval != sf->sf_initial)) { slapi_ch_free_string(&sf->sf_initial); sf->sf_initial = newval; @@ -1094,7 +1095,7 @@ filter_normalize_subfilt( struct slapi_filter *f, PRBool norm_values ) for (ii = 0; sf->sf_any && sf->sf_any[ii]; ++ii) { newval = NULL; /* do not trim spaces of sf_any values - see string_filter_sub() */ - slapi_attr_value_normalize(NULL, &attr, NULL, sf->sf_any[ii], 0, &newval); + slapi_attr_value_normalize_ext(NULL, &attr, NULL, sf->sf_any[ii], 0, &newval, f->f_choice); if (newval && (newval != sf->sf_any[ii])) { slapi_ch_free_string(&sf->sf_any[ii]); sf->sf_any[ii] = newval; @@ -1102,7 +1103,7 @@ filter_normalize_subfilt( struct slapi_filter *f, PRBool norm_values ) } newval = NULL; /* do not trim spaces of sf_final values - see string_filter_sub() */ - slapi_attr_value_normalize(NULL, &attr, NULL, sf->sf_final, 0, &newval); + slapi_attr_value_normalize_ext(NULL, &attr, NULL, sf->sf_final, 0, &newval, f->f_choice); if (newval && (newval != sf->sf_final)) { slapi_ch_free_string(&sf->sf_final); sf->sf_final = newval; diff --git a/ldap/servers/slapd/pblock.c b/ldap/servers/slapd/pblock.c index 86e0451..79d96f0 100644 --- a/ldap/servers/slapd/pblock.c +++ b/ldap/servers/slapd/pblock.c @@ -1595,6 +1595,12 @@ slapi_pblock_get( Slapi_PBlock *pblock, int arg, void *value ) } (*(IFP *)value) = pblock->pb_plugin->plg_mr_compare; break; + case SLAPI_PLUGIN_MR_NORMALIZE: + if ( pblock->pb_plugin->plg_type != SLAPI_PLUGIN_MATCHINGRULE ) { + return( -1 ); + } + (*(VFPV *)value) = pblock->pb_plugin->plg_mr_normalize; + break; /* seq arguments */ case SLAPI_SEQ_TYPE: @@ -3157,6 +3163,12 @@ slapi_pblock_set( Slapi_PBlock *pblock, int arg, void *value ) } pblock->pb_plugin->plg_mr_compare = (IFP) value; break; + case SLAPI_PLUGIN_MR_NORMALIZE: + if ( pblock->pb_plugin->plg_type != SLAPI_PLUGIN_MATCHINGRULE ) { + return( -1 ); + } + pblock->pb_plugin->plg_mr_normalize = (VFPV) value; + break; /* seq arguments */ case SLAPI_SEQ_TYPE: diff --git a/ldap/servers/slapd/plugin_syntax.c b/ldap/servers/slapd/plugin_syntax.c index 9e98b61..0438ceb 100644 --- a/ldap/servers/slapd/plugin_syntax.c +++ b/ldap/servers/slapd/plugin_syntax.c @@ -929,13 +929,14 @@ slapi_attr_assertion2keys_sub( /* JCM SLOW FUNCTION */ } void -slapi_attr_value_normalize( +slapi_attr_value_normalize_ext( Slapi_PBlock *pb, const Slapi_Attr *sattr, /* if sattr is NULL, type must be attr type name */ const char *type, char *val, int trim_spaces, - char **retval + char **retval, + unsigned long filter_type ) { Slapi_Attr myattr; @@ -944,7 +945,33 @@ slapi_attr_value_normalize( if (!sattr) { sattr = slapi_attr_init(&myattr, type); } - norm_fn = sattr->a_plugin->plg_syntax_normalize; + + /* use the filter type to determine which matching rule to use */ + switch (filter_type) { + case LDAP_FILTER_GE: + case LDAP_FILTER_LE: + if (sattr->a_mr_ord_plugin) { + norm_fn = sattr->a_mr_ord_plugin->plg_mr_normalize; + } + break; + case LDAP_FILTER_EQUALITY: + if (sattr->a_mr_eq_plugin) { + norm_fn = sattr->a_mr_eq_plugin->plg_mr_normalize; + } + break; + case LDAP_FILTER_SUBSTRINGS: + if (sattr->a_mr_sub_plugin) { + norm_fn = sattr->a_mr_sub_plugin->plg_mr_normalize; + } + break; + default: + break; + } + + if (!norm_fn) { + /* no matching rule specific normalizer specified - use syntax default */ + norm_fn = sattr->a_plugin->plg_syntax_normalize; + } if (norm_fn) { (*norm_fn)(pb, val, trim_spaces, retval); } @@ -953,3 +980,16 @@ slapi_attr_value_normalize( } return; } + +void +slapi_attr_value_normalize( + Slapi_PBlock *pb, + const Slapi_Attr *sattr, /* if sattr is NULL, type must be attr type name */ + const char *type, + char *val, + int trim_spaces, + char **retval +) +{ + return slapi_attr_value_normalize_ext(pb, sattr, type, val, trim_spaces, retval, 0); +} diff --git a/ldap/servers/slapd/slap.h b/ldap/servers/slapd/slap.h index c6d342c..b855ff0 100644 --- a/ldap/servers/slapd/slap.h +++ b/ldap/servers/slapd/slap.h @@ -1036,6 +1036,7 @@ struct slapdplugin { int plg_un_mr_flags; char **plg_un_mr_names; IFP plg_un_mr_compare; /* only for ORDERING */ + VFPV plg_un_mr_normalize; } plg_un_mr; #define plg_mr_filter_create plg_un.plg_un_mr.plg_un_mr_filter_create #define plg_mr_indexer_create plg_un.plg_un_mr.plg_un_mr_indexer_create @@ -1047,6 +1048,7 @@ struct slapdplugin { #define plg_mr_flags plg_un.plg_un_mr.plg_un_mr_flags #define plg_mr_names plg_un.plg_un_mr.plg_un_mr_names #define plg_mr_compare plg_un.plg_un_mr.plg_un_mr_compare +#define plg_mr_normalize plg_un.plg_un_mr.plg_un_mr_normalize /* syntax plugin structure */ struct plg_un_syntax_struct { diff --git a/ldap/servers/slapd/slapi-plugin.h b/ldap/servers/slapd/slapi-plugin.h index e684fe0..ce68e76 100644 --- a/ldap/servers/slapd/slapi-plugin.h +++ b/ldap/servers/slapd/slapi-plugin.h @@ -5306,6 +5306,40 @@ void slapi_attr_value_normalize( char **retval ); +/** + * Normalize the given value using the matching rule associated with the + * given attribute and given filter type. It will attempt to normalize + * the value in place. If it cannot, it will return the normalized value + * in retval. If trim_spaces is true, whitepace characters will be trimmed + * from the ends of the string. If sattr is NULL, the type will be used to look + * up the attribute syntax. If sattr is not NULL, type is ignored. If + * retval is set, the caller is responsible for freeing it. The filter_type + * corresponds to the matching rule to use - LDAP_FILTER_GE or LDAP_FILTER_LE + * will use the ORDERING matching rule normalization function - LDAP_FILTER_EQUALITY + * will use the EQUALITY matching rule normalization function - LDAP_FILTER_SUBSTRINGS + * will use the SUBSTRINGS matching rule normalization function. If the given + * filter_type is 0, or some other value other than specified above, or there is no + * matching rule corresponding to the given filter type, the default normalization + * function provided by the attribute syntax will be used. + * + * \param pb Slapi_PBlock to use + * \param sattr attribute to get the syntax from + * \param type attribute to get the syntax from if sattr is NULL + * \param val value to normalize in place - must be NULL terminated + * \param trim_spaces trim whitespace from ends of string + * \param retval if value could not be normalized in place, this is the malloc'd memory containg the new value - caller must free + * \param filter_type one of the values specified above, or 0 + */ +void slapi_attr_value_normalize_ext( + Slapi_PBlock *pb, + const Slapi_Attr *sattr, /* if sattr is NULL, type must be attr type name */ + const char *type, + char *val, + int trim_spaces, + char **retval, + unsigned long filter_type +); + /* * internal operation and plugin callback routines */ @@ -6287,6 +6321,7 @@ typedef struct slapi_plugindesc { #define SLAPI_PLUGIN_MR_FLAGS 623 #define SLAPI_PLUGIN_MR_NAMES 624 #define SLAPI_PLUGIN_MR_COMPARE 625 +#define SLAPI_PLUGIN_MR_NORMALIZE 626 /* Defined values of SLAPI_PLUGIN_MR_QUERY_OPERATOR: */ #define SLAPI_OP_LESS 1

12 years, 3 months

1
0
0 / 0

ldap/servers

by Noriko Hosoi

ldap/servers/plugins/bitwise/bitwise.c | 3 ++- ldap/servers/plugins/syntaxes/bitstring.c | 14 ++++++++------ ldap/servers/plugins/syntaxes/ces.c | 11 +++++++---- ldap/servers/plugins/syntaxes/cis.c | 11 +++++++---- ldap/servers/plugins/syntaxes/deliverymethod.c | 11 +++++++---- ldap/servers/plugins/syntaxes/dn.c | 9 ++++++--- ldap/servers/plugins/syntaxes/facsimile.c | 11 +++++++---- ldap/servers/plugins/syntaxes/guide.c | 11 +++++++---- ldap/servers/plugins/syntaxes/int.c | 9 ++++++--- ldap/servers/plugins/syntaxes/nameoptuid.c | 11 +++++++---- ldap/servers/plugins/syntaxes/numericstring.c | 9 ++++++--- ldap/servers/plugins/syntaxes/sicis.c | 11 +++++++---- ldap/servers/plugins/syntaxes/string.c | 17 +++++++++++------ ldap/servers/plugins/syntaxes/tel.c | 11 +++++++---- ldap/servers/plugins/syntaxes/teletex.c | 11 +++++++---- ldap/servers/plugins/syntaxes/telex.c | 9 ++++++--- ldap/servers/slapd/plugin_mr.c | 8 ++++---- ldap/servers/slapd/search.c | 3 +++ 18 files changed, 115 insertions(+), 65 deletions(-) New commits: commit c08e8772cbff27451ec807a077a65e6058da7f94 Author: Noriko Hosoi <nhosoi(a)jiji.usersys.redhat.com> Date: Thu Feb 2 14:14:15 2012 -0800 Trac Ticket #275 - Invalid read reported by valgrind https://fedorahosted.org/389/ticket/275 Fix description: Since the matching rule type could be normalized and the original string could be freed in filter_normalize_ext, the type needs to have a duplicated string (bitwise.c, plugin_mr.c). Filter_ava functions and filter_sub functions in the syntax plugins need to check if the passed pblock is NULL or not before accessing it. diff --git a/ldap/servers/plugins/bitwise/bitwise.c b/ldap/servers/plugins/bitwise/bitwise.c index 190e26d..4672541 100644 --- a/ldap/servers/plugins/bitwise/bitwise.c +++ b/ldap/servers/plugins/bitwise/bitwise.c @@ -69,7 +69,7 @@ static struct bitwise_match_cb * new_bitwise_match_cb(char *type, struct berval *val) { struct bitwise_match_cb *bmc = (struct bitwise_match_cb *)slapi_ch_calloc(1, sizeof(struct bitwise_match_cb)); - bmc->type = type; + bmc->type = slapi_ch_strdup(type); bmc->val = val; return bmc; @@ -78,6 +78,7 @@ new_bitwise_match_cb(char *type, struct berval *val) static void delete_bitwise_match_cb(struct bitwise_match_cb *bmc) { + slapi_ch_free_string(&bmc->type); slapi_ch_free((void **)&bmc); } diff --git a/ldap/servers/plugins/syntaxes/bitstring.c b/ldap/servers/plugins/syntaxes/bitstring.c index 2366ffd..15e946b 100644 --- a/ldap/servers/plugins/syntaxes/bitstring.c +++ b/ldap/servers/plugins/syntaxes/bitstring.c @@ -153,17 +153,19 @@ bitstring_filter_ava( struct berval *bvfilter, Slapi_Value **bvals, int ftype, - Slapi_Value **retVal + Slapi_Value **retVal ) { int filter_normalized = 0; int syntax = SYNTAX_CES; - slapi_pblock_get( pb, SLAPI_PLUGIN_SYNTAX_FILTER_NORMALIZED, &filter_normalized ); - if (filter_normalized) { - syntax |= SYNTAX_NORM_FILT; + if (pb) { + slapi_pblock_get( pb, SLAPI_PLUGIN_SYNTAX_FILTER_NORMALIZED, + &filter_normalized ); + if (filter_normalized) { + syntax |= SYNTAX_NORM_FILT; + } } - return( string_filter_ava( bvfilter, bvals, syntax, - ftype, retVal ) ); + return( string_filter_ava( bvfilter, bvals, syntax, ftype, retVal ) ); } diff --git a/ldap/servers/plugins/syntaxes/ces.c b/ldap/servers/plugins/syntaxes/ces.c index 0571836..626cb7c 100644 --- a/ldap/servers/plugins/syntaxes/ces.c +++ b/ldap/servers/plugins/syntaxes/ces.c @@ -297,14 +297,17 @@ ces_filter_ava( struct berval *bvfilter, Slapi_Value **bvals, int ftype, - Slapi_Value **retVal + Slapi_Value **retVal ) { int filter_normalized = 0; int syntax = SYNTAX_CES; - slapi_pblock_get( pb, SLAPI_PLUGIN_SYNTAX_FILTER_NORMALIZED, &filter_normalized ); - if (filter_normalized) { - syntax |= SYNTAX_NORM_FILT; + if (pb) { + slapi_pblock_get( pb, SLAPI_PLUGIN_SYNTAX_FILTER_NORMALIZED, + &filter_normalized ); + if (filter_normalized) { + syntax |= SYNTAX_NORM_FILT; + } } return( string_filter_ava( bvfilter, bvals, syntax, ftype, retVal) ); diff --git a/ldap/servers/plugins/syntaxes/cis.c b/ldap/servers/plugins/syntaxes/cis.c index 71e7a7c..c914fd6 100644 --- a/ldap/servers/plugins/syntaxes/cis.c +++ b/ldap/servers/plugins/syntaxes/cis.c @@ -561,14 +561,17 @@ cis_filter_ava( struct berval *bvfilter, Slapi_Value **bvals, int ftype, - Slapi_Value **retVal + Slapi_Value **retVal ) { int filter_normalized = 0; int syntax = SYNTAX_CIS; - slapi_pblock_get( pb, SLAPI_PLUGIN_SYNTAX_FILTER_NORMALIZED, &filter_normalized ); - if (filter_normalized) { - syntax |= SYNTAX_NORM_FILT; + if (pb) { + slapi_pblock_get( pb, SLAPI_PLUGIN_SYNTAX_FILTER_NORMALIZED, + &filter_normalized ); + if (filter_normalized) { + syntax |= SYNTAX_NORM_FILT; + } } return( string_filter_ava( bvfilter, bvals, syntax, ftype, retVal ) ); diff --git a/ldap/servers/plugins/syntaxes/deliverymethod.c b/ldap/servers/plugins/syntaxes/deliverymethod.c index 99ee59a..a763874 100644 --- a/ldap/servers/plugins/syntaxes/deliverymethod.c +++ b/ldap/servers/plugins/syntaxes/deliverymethod.c @@ -118,14 +118,17 @@ delivery_filter_ava( struct berval *bvfilter, Slapi_Value **bvals, int ftype, - Slapi_Value **retVal + Slapi_Value **retVal ) { int filter_normalized = 0; int syntax = SYNTAX_CIS; - slapi_pblock_get( pb, SLAPI_PLUGIN_SYNTAX_FILTER_NORMALIZED, &filter_normalized ); - if (filter_normalized) { - syntax |= SYNTAX_NORM_FILT; + if (pb) { + slapi_pblock_get( pb, SLAPI_PLUGIN_SYNTAX_FILTER_NORMALIZED, + &filter_normalized ); + if (filter_normalized) { + syntax |= SYNTAX_NORM_FILT; + } } return( string_filter_ava( bvfilter, bvals, syntax, ftype, retVal ) ); diff --git a/ldap/servers/plugins/syntaxes/dn.c b/ldap/servers/plugins/syntaxes/dn.c index bcf951a..37c1fba 100644 --- a/ldap/servers/plugins/syntaxes/dn.c +++ b/ldap/servers/plugins/syntaxes/dn.c @@ -153,9 +153,12 @@ dn_filter_ava( Slapi_PBlock *pb, struct berval *bvfilter, { int filter_normalized = 0; int syntax = SYNTAX_CIS | SYNTAX_DN; - slapi_pblock_get( pb, SLAPI_PLUGIN_SYNTAX_FILTER_NORMALIZED, &filter_normalized ); - if (filter_normalized) { - syntax |= SYNTAX_NORM_FILT; + if (pb) { + slapi_pblock_get( pb, SLAPI_PLUGIN_SYNTAX_FILTER_NORMALIZED, + &filter_normalized ); + if (filter_normalized) { + syntax |= SYNTAX_NORM_FILT; + } } return( string_filter_ava( bvfilter, bvals, syntax, ftype, retVal ) ); } diff --git a/ldap/servers/plugins/syntaxes/facsimile.c b/ldap/servers/plugins/syntaxes/facsimile.c index 21db4b1..cb57f1e 100644 --- a/ldap/servers/plugins/syntaxes/facsimile.c +++ b/ldap/servers/plugins/syntaxes/facsimile.c @@ -118,14 +118,17 @@ facsimile_filter_ava( struct berval *bvfilter, Slapi_Value **bvals, int ftype, - Slapi_Value **retVal + Slapi_Value **retVal ) { int filter_normalized = 0; int syntax = SYNTAX_CIS; - slapi_pblock_get( pb, SLAPI_PLUGIN_SYNTAX_FILTER_NORMALIZED, &filter_normalized ); - if (filter_normalized) { - syntax |= SYNTAX_NORM_FILT; + if (pb) { + slapi_pblock_get( pb, SLAPI_PLUGIN_SYNTAX_FILTER_NORMALIZED, + &filter_normalized ); + if (filter_normalized) { + syntax |= SYNTAX_NORM_FILT; + } } return( string_filter_ava( bvfilter, bvals, syntax, ftype, retVal ) ); diff --git a/ldap/servers/plugins/syntaxes/guide.c b/ldap/servers/plugins/syntaxes/guide.c index 3222083..a870c87 100644 --- a/ldap/servers/plugins/syntaxes/guide.c +++ b/ldap/servers/plugins/syntaxes/guide.c @@ -165,14 +165,17 @@ guide_filter_ava( struct berval *bvfilter, Slapi_Value **bvals, int ftype, - Slapi_Value **retVal + Slapi_Value **retVal ) { int filter_normalized = 0; int syntax = SYNTAX_CIS; - slapi_pblock_get( pb, SLAPI_PLUGIN_SYNTAX_FILTER_NORMALIZED, &filter_normalized ); - if (filter_normalized) { - syntax |= SYNTAX_NORM_FILT; + if (pb) { + slapi_pblock_get( pb, SLAPI_PLUGIN_SYNTAX_FILTER_NORMALIZED, + &filter_normalized ); + if (filter_normalized) { + syntax |= SYNTAX_NORM_FILT; + } } return( string_filter_ava( bvfilter, bvals, syntax, ftype, retVal ) ); diff --git a/ldap/servers/plugins/syntaxes/int.c b/ldap/servers/plugins/syntaxes/int.c index e8b8817..e6fc09c 100644 --- a/ldap/servers/plugins/syntaxes/int.c +++ b/ldap/servers/plugins/syntaxes/int.c @@ -167,9 +167,12 @@ int_filter_ava( Slapi_PBlock *pb, struct berval *bvfilter, { int filter_normalized = 0; int syntax = SYNTAX_INT | SYNTAX_CES; - slapi_pblock_get( pb, SLAPI_PLUGIN_SYNTAX_FILTER_NORMALIZED, &filter_normalized ); - if (filter_normalized) { - syntax |= SYNTAX_NORM_FILT; + if (pb) { + slapi_pblock_get( pb, SLAPI_PLUGIN_SYNTAX_FILTER_NORMALIZED, + &filter_normalized ); + if (filter_normalized) { + syntax |= SYNTAX_NORM_FILT; + } } return( string_filter_ava( bvfilter, bvals, syntax, ftype, retVal ) ); diff --git a/ldap/servers/plugins/syntaxes/nameoptuid.c b/ldap/servers/plugins/syntaxes/nameoptuid.c index b5a615e..e6341e1 100644 --- a/ldap/servers/plugins/syntaxes/nameoptuid.c +++ b/ldap/servers/plugins/syntaxes/nameoptuid.c @@ -158,14 +158,17 @@ nameoptuid_filter_ava( struct berval *bvfilter, Slapi_Value **bvals, int ftype, - Slapi_Value **retVal + Slapi_Value **retVal ) { int filter_normalized = 0; int syntax = SYNTAX_CIS | SYNTAX_DN; - slapi_pblock_get( pb, SLAPI_PLUGIN_SYNTAX_FILTER_NORMALIZED, &filter_normalized ); - if (filter_normalized) { - syntax |= SYNTAX_NORM_FILT; + if (pb) { + slapi_pblock_get( pb, SLAPI_PLUGIN_SYNTAX_FILTER_NORMALIZED, + &filter_normalized ); + if (filter_normalized) { + syntax |= SYNTAX_NORM_FILT; + } } return( string_filter_ava( bvfilter, bvals, syntax, ftype, retVal ) ); diff --git a/ldap/servers/plugins/syntaxes/numericstring.c b/ldap/servers/plugins/syntaxes/numericstring.c index 4da67a6..93528fb 100644 --- a/ldap/servers/plugins/syntaxes/numericstring.c +++ b/ldap/servers/plugins/syntaxes/numericstring.c @@ -173,9 +173,12 @@ numstr_filter_ava( Slapi_PBlock *pb, struct berval *bvfilter, { int filter_normalized = 0; int syntax = SYNTAX_SI | SYNTAX_CES; - slapi_pblock_get( pb, SLAPI_PLUGIN_SYNTAX_FILTER_NORMALIZED, &filter_normalized ); - if (filter_normalized) { - syntax |= SYNTAX_NORM_FILT; + if (pb) { + slapi_pblock_get( pb, SLAPI_PLUGIN_SYNTAX_FILTER_NORMALIZED, + &filter_normalized ); + if (filter_normalized) { + syntax |= SYNTAX_NORM_FILT; + } } return( string_filter_ava( bvfilter, bvals, syntax, ftype, retVal ) ); diff --git a/ldap/servers/plugins/syntaxes/sicis.c b/ldap/servers/plugins/syntaxes/sicis.c index 3608d2c..74074b9 100644 --- a/ldap/servers/plugins/syntaxes/sicis.c +++ b/ldap/servers/plugins/syntaxes/sicis.c @@ -121,14 +121,17 @@ sicis_filter_ava( struct berval *bvfilter, Slapi_Value **bvals, int ftype, - Slapi_Value **retVal + Slapi_Value **retVal ) { int filter_normalized = 0; int syntax = SYNTAX_SI | SYNTAX_CIS; - slapi_pblock_get( pb, SLAPI_PLUGIN_SYNTAX_FILTER_NORMALIZED, &filter_normalized ); - if (filter_normalized) { - syntax |= SYNTAX_NORM_FILT; + if (pb) { + slapi_pblock_get( pb, SLAPI_PLUGIN_SYNTAX_FILTER_NORMALIZED, + &filter_normalized ); + if (filter_normalized) { + syntax |= SYNTAX_NORM_FILT; + } } return( string_filter_ava( bvfilter, bvals, syntax, ftype, retVal ) ); diff --git a/ldap/servers/plugins/syntaxes/string.c b/ldap/servers/plugins/syntaxes/string.c index 3840c2e..80a1a46 100644 --- a/ldap/servers/plugins/syntaxes/string.c +++ b/ldap/servers/plugins/syntaxes/string.c @@ -236,9 +236,10 @@ string_filter_sub( Slapi_PBlock *pb, char *initial, char **any, char *final, int free_re = 1; struct subfilt *sf = NULL; - LDAPDebug( LDAP_DEBUG_FILTER, "=> string_filter_sub\n", - 0, 0, 0 ); - slapi_pblock_get( pb, SLAPI_OPERATION, &op ); + LDAPDebug( LDAP_DEBUG_FILTER, "=> string_filter_sub\n", 0, 0, 0 ); + if (pb) { + slapi_pblock_get( pb, SLAPI_OPERATION, &op ); + } if (NULL != op) { slapi_pblock_get( pb, SLAPI_SEARCH_TIMELIMIT, &timelimit ); slapi_pblock_get( pb, SLAPI_OPINITIATED_TIME, &optime ); @@ -251,8 +252,10 @@ string_filter_sub( Slapi_PBlock *pb, char *initial, char **any, char *final, */ time_up = ( timelimit==-1 ? -1 : optime + timelimit); - slapi_pblock_get( pb, SLAPI_PLUGIN_SYNTAX_FILTER_NORMALIZED, &filter_normalized ); - slapi_pblock_get( pb, SLAPI_PLUGIN_SYNTAX_FILTER_DATA, &sf ); + if (pb) { + slapi_pblock_get( pb, SLAPI_PLUGIN_SYNTAX_FILTER_NORMALIZED, &filter_normalized ); + slapi_pblock_get( pb, SLAPI_PLUGIN_SYNTAX_FILTER_DATA, &sf ); + } if ( sf ) { re = (Slapi_Regex *)sf->sf_private; if ( re ) { @@ -757,7 +760,9 @@ string_assertion2keys_sub( char *oaltfinal = NULL; int anysize = 0; - slapi_pblock_get(pb, SLAPI_SYNTAX_SUBSTRLENS, &substrlens); + if (pb) { + slapi_pblock_get(pb, SLAPI_SYNTAX_SUBSTRLENS, &substrlens); + } if (NULL == substrlens) { substrlens = localsublens; diff --git a/ldap/servers/plugins/syntaxes/tel.c b/ldap/servers/plugins/syntaxes/tel.c index 65b6ddd..b1e7da5 100644 --- a/ldap/servers/plugins/syntaxes/tel.c +++ b/ldap/servers/plugins/syntaxes/tel.c @@ -179,14 +179,17 @@ tel_filter_ava( struct berval *bvfilter, Slapi_Value **bvals, int ftype, - Slapi_Value **retVal + Slapi_Value **retVal ) { int filter_normalized = 0; int syntax = SYNTAX_TEL | SYNTAX_CIS; - slapi_pblock_get( pb, SLAPI_PLUGIN_SYNTAX_FILTER_NORMALIZED, &filter_normalized ); - if (filter_normalized) { - syntax |= SYNTAX_NORM_FILT; + if (pb) { + slapi_pblock_get( pb, SLAPI_PLUGIN_SYNTAX_FILTER_NORMALIZED, + &filter_normalized ); + if (filter_normalized) { + syntax |= SYNTAX_NORM_FILT; + } } return( string_filter_ava( bvfilter, bvals, syntax, ftype, retVal ) ); diff --git a/ldap/servers/plugins/syntaxes/teletex.c b/ldap/servers/plugins/syntaxes/teletex.c index 3e328a9..b70a193 100644 --- a/ldap/servers/plugins/syntaxes/teletex.c +++ b/ldap/servers/plugins/syntaxes/teletex.c @@ -118,14 +118,17 @@ teletex_filter_ava( struct berval *bvfilter, Slapi_Value **bvals, int ftype, - Slapi_Value **retVal + Slapi_Value **retVal ) { int filter_normalized = 0; int syntax = SYNTAX_CIS; - slapi_pblock_get( pb, SLAPI_PLUGIN_SYNTAX_FILTER_NORMALIZED, &filter_normalized ); - if (filter_normalized) { - syntax |= SYNTAX_NORM_FILT; + if (pb) { + slapi_pblock_get( pb, SLAPI_PLUGIN_SYNTAX_FILTER_NORMALIZED, + &filter_normalized ); + if (filter_normalized) { + syntax |= SYNTAX_NORM_FILT; + } } return( string_filter_ava( bvfilter, bvals, syntax, ftype, retVal ) ); diff --git a/ldap/servers/plugins/syntaxes/telex.c b/ldap/servers/plugins/syntaxes/telex.c index 6803810..1254f88 100644 --- a/ldap/servers/plugins/syntaxes/telex.c +++ b/ldap/servers/plugins/syntaxes/telex.c @@ -122,9 +122,12 @@ telex_filter_ava( { int filter_normalized = 0; int syntax = SYNTAX_CIS; - slapi_pblock_get( pb, SLAPI_PLUGIN_SYNTAX_FILTER_NORMALIZED, &filter_normalized ); - if (filter_normalized) { - syntax |= SYNTAX_NORM_FILT; + if (pb) { + slapi_pblock_get( pb, SLAPI_PLUGIN_SYNTAX_FILTER_NORMALIZED, + &filter_normalized ); + if (filter_normalized) { + syntax |= SYNTAX_NORM_FILT; + } } return( string_filter_ava( bvfilter, bvals, syntax, ftype, retVal ) ); diff --git a/ldap/servers/slapd/plugin_mr.c b/ldap/servers/slapd/plugin_mr.c index 12dece7..ff962ef 100644 --- a/ldap/servers/slapd/plugin_mr.c +++ b/ldap/servers/slapd/plugin_mr.c @@ -59,7 +59,7 @@ struct mr_private { below are not used */ const struct slapdplugin *pi; /* our plugin */ const char *oid; /* orig oid */ - const char *type; /* orig type from filter */ + char *type; /* orig type from filter */ const struct berval *value; /* orig value from filter */ int ftype; /* filter type */ int op; /* query op type */ @@ -244,7 +244,7 @@ mr_private_new(const struct slapdplugin *pi, const char *oid, const char *type, mrpriv = (struct mr_private *)slapi_ch_calloc(1, sizeof(struct mr_private)); mrpriv->pi = pi; mrpriv->oid = oid; /* should be consistent for lifetime of usage - no copy necessary */ - mrpriv->type = type; /* should be consistent for lifetime of usage - no copy necessary */ + mrpriv->type = slapi_ch_strdup(type); /* should be consistent for lifetime of usage - copy it since it could be normalized in filter_normalize_ext */ mrpriv->value = value; /* should be consistent for lifetime of usage - no copy necessary */ mrpriv->ftype = ftype; mrpriv->op = op; @@ -271,7 +271,7 @@ mr_private_done(struct mr_private *mrpriv) if (mrpriv) { mrpriv->pi = NULL; mrpriv->oid = NULL; - mrpriv->type = NULL; + slapi_ch_free_string(&mrpriv->type); mrpriv->value = NULL; mrpriv->ftype = 0; mrpriv->op = 0; @@ -388,7 +388,7 @@ default_mr_filter_match(void *obj, Slapi_Entry *e, Slapi_Attr *attr) for (; (rc == -1) && (attr != NULL); slapi_entry_next_attr(e, attr, &attr)) { char* type = NULL; if (!slapi_attr_get_type (attr, &type) && type != NULL && - !slapi_attr_type_cmp (mrpriv->type, type, 2/*match subtypes*/)) { + !slapi_attr_type_cmp ((const char *)mrpriv->type, type, 2/*match subtypes*/)) { Slapi_Value **vals = attr_get_present_values(attr); #ifdef SUPPORT_MR_SUBSTRING_MATCHING if (mrpriv->ftype == LDAP_FILTER_SUBSTRINGS) { diff --git a/ldap/servers/slapd/search.c b/ldap/servers/slapd/search.c index 5beb8ce..df3f7ef 100644 --- a/ldap/servers/slapd/search.c +++ b/ldap/servers/slapd/search.c @@ -81,6 +81,7 @@ do_search( Slapi_PBlock *pb ) int rc = -1; int strict = 0; int minssf_exclude_rootdse = 0; + int filter_normalized = 0; LDAPDebug( LDAP_DEBUG_TRACE, "do_search\n", 0, 0, 0 ); @@ -386,6 +387,8 @@ do_search( Slapi_PBlock *pb ) slapi_pblock_set( pb, SLAPI_SEARCH_SCOPE, &scope ); slapi_pblock_set( pb, SLAPI_SEARCH_DEREF, &deref ); slapi_pblock_set( pb, SLAPI_SEARCH_FILTER, filter ); + slapi_pblock_set( pb, SLAPI_PLUGIN_SYNTAX_FILTER_NORMALIZED, + &filter_normalized ); slapi_pblock_set( pb, SLAPI_SEARCH_STRFILTER, fstr ); slapi_pblock_set( pb, SLAPI_SEARCH_ATTRS, attrs ); slapi_pblock_set( pb, SLAPI_SEARCH_GERATTRS, gerattrs );

12 years, 3 months

1
0
0 / 0

ldap/servers

by Richard Allen Megginson

ldap/servers/slapd/mapping_tree.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) New commits: commit 43ec9daa67ff67be5c42c280d831fd8ad54be0d8 Author: Rich Megginson <rmeggins(a)redhat.com> Date: Thu Feb 2 16:20:02 2012 -0700 Ticket #277 - cannot set repl referrals or state https://fedorahosted.org/389/ticket/277 Resolves: Ticket #277 Bug Description: cannot set repl referrals or state Reviewed by: nhosoi (Thanks!) Branch: master Fix Description: Use slapi_sdn_get_udn(root) to get the raw DN string to pass to slapi_create_dn_string - will save a normalization if root is not normalized. Platforms tested: RHEL6 x86_64 Flag Day: no Doc impact: no diff --git a/ldap/servers/slapd/mapping_tree.c b/ldap/servers/slapd/mapping_tree.c index c14c5db..e8e414f 100644 --- a/ldap/servers/slapd/mapping_tree.c +++ b/ldap/servers/slapd/mapping_tree.c @@ -2910,7 +2910,7 @@ slapi_get_mapping_tree_node_configdn (const Slapi_DN *root) /* This function converts the old DN style to the new one. */ dn = slapi_create_dn_string("cn=\"%s\",%s", - slapi_sdn_get_ndn(root), MAPPING_TREE_BASE_DN); + slapi_sdn_get_udn(root), MAPPING_TREE_BASE_DN); if (NULL == dn) { LDAPDebug1Arg(LDAP_DEBUG_ANY, "slapi_get_mapping_tree_node_configdn: " @@ -2937,7 +2937,7 @@ slapi_get_mapping_tree_node_configsdn (const Slapi_DN *root) /* This function converts the old DN style to the new one. */ dn = slapi_create_dn_string("cn=\"%s\",%s", - slapi_sdn_get_dn(root), MAPPING_TREE_BASE_DN); + slapi_sdn_get_udn(root), MAPPING_TREE_BASE_DN); if (NULL == dn) { LDAPDebug1Arg(LDAP_DEBUG_ANY, "slapi_get_mapping_tree_node_configsdn: "

12 years, 3 months

1
0
0 / 0

ldap/servers

by Richard Allen Megginson

ldap/servers/slapd/schema.c | 5 +++++ 1 file changed, 5 insertions(+) New commits: commit b4c3983cad8e6c0e47494bcbd98466d4a274a1db Author: Rich Megginson <rmeggins(a)redhat.com> Date: Thu Feb 2 15:54:27 2012 -0700 Ticket #278 - Schema replication update failed: Invalid syntax https://fedorahosted.org/389/ticket/278 Resolves: Ticket #278 Bug Description: Schema replication update failed: Invalid syntax Reviewed by: nkinder (Thanks!) Branch: master Fix Description: Schema replication apparently either sends everything or re-reads everything. unhashed#user#password is an invalid attribute name - # is not allowed in an attribute name. The fix is to explicitly allow this particular attribute name. Platforms tested: RHEL6 x86_64 Flag Day: no Doc impact: no diff --git a/ldap/servers/slapd/schema.c b/ldap/servers/slapd/schema.c index f5bc0c2..5f1438b 100644 --- a/ldap/servers/slapd/schema.c +++ b/ldap/servers/slapd/schema.c @@ -3644,6 +3644,11 @@ schema_check_name(char *name, PRBool isAttribute, char *errorbuf, return 0; } + if (!strcasecmp(name, PSEUDO_ATTR_UNHASHEDUSERPASSWORD)) { + /* explicitly allow this badly named attribute */ + return 1; + } + /* attribute names must begin with a letter */ if ( (isascii (name[0]) == 0) || (isalpha (name[0]) == 0)) { if ( (strlen(name) + 80) < BUFSIZ ) {

12 years, 3 months

1
0
0 / 0

ldap/servers

by Richard Allen Megginson

ldap/servers/slapd/mapping_tree.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) New commits: commit bbb41398a57f6ac1daf9828943768e720cc70245 Author: Rich Megginson <rmeggins(a)redhat.com> Date: Thu Feb 2 09:38:49 2012 -0700 Ticket #277 - cannot set repl referrals or state https://fedorahosted.org/389/ticket/277 Resolves: Ticket #277 Bug Description: cannot set repl referrals or state Reviewed by: nkinder (Thanks!) Branch: master Fix Description: Need to create a normalized DN string using slapi_create_dn_string rather than a raw unnormalized DN string with slapi_ch_smprintf. The code was using the unnorm string to perform the internal search and modify operations, and the modify code was expecting a normalized DN string instead. The search code was normalizing the DN, but the comment in the function suggested that it was supposed to return a normalized DN string. Platforms tested: RHEL6 x86_64 Flag Day: no Doc impact: no diff --git a/ldap/servers/slapd/mapping_tree.c b/ldap/servers/slapd/mapping_tree.c index b2db9fe..c14c5db 100644 --- a/ldap/servers/slapd/mapping_tree.c +++ b/ldap/servers/slapd/mapping_tree.c @@ -2909,8 +2909,8 @@ slapi_get_mapping_tree_node_configdn (const Slapi_DN *root) return NULL; /* This function converts the old DN style to the new one. */ - dn = slapi_ch_smprintf("cn=\"%s\",%s", - slapi_sdn_get_ndn(root), MAPPING_TREE_BASE_DN); + dn = slapi_create_dn_string("cn=\"%s\",%s", + slapi_sdn_get_ndn(root), MAPPING_TREE_BASE_DN); if (NULL == dn) { LDAPDebug1Arg(LDAP_DEBUG_ANY, "slapi_get_mapping_tree_node_configdn: " @@ -2936,8 +2936,8 @@ slapi_get_mapping_tree_node_configsdn (const Slapi_DN *root) return NULL; /* This function converts the old DN style to the new one. */ - dn = slapi_ch_smprintf("cn=\"%s\",%s", - slapi_sdn_get_dn(root), MAPPING_TREE_BASE_DN); + dn = slapi_create_dn_string("cn=\"%s\",%s", + slapi_sdn_get_dn(root), MAPPING_TREE_BASE_DN); if (NULL == dn) { LDAPDebug1Arg(LDAP_DEBUG_ANY, "slapi_get_mapping_tree_node_configsdn: "

12 years, 3 months

1
0
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

389-commits February 2012