Skip to content
GitLab
Projects
Groups
Snippets
/
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Sign in / Register
Toggle navigation
Menu
Open sidebar
David Barchiesi
OpenLDAP
Commits
1cff7c3b
Commit
1cff7c3b
authored
Nov 07, 2020
by
David Barchiesi
Browse files
ITS#9442 Add negregex constraint type for not allowing values based on a regex.
parent
26d5fdc8
Pipeline
#1383
passed with stage
in 33 minutes and 23 seconds
Changes
2
Pipelines
2
Hide whitespace changes
Inline
Side-by-side
doc/man/man5/slapo-constraint.5
View file @
1cff7c3b
...
...
@@ -35,8 +35,9 @@ directive.
.B constraint_attribute <attribute_name>[,...] <type> <value> [<extra> [...]]
Specifies the constraint which should apply to the comma-separated
attribute list named as the first parameter.
Five
types of constraint are currently supported -
Six
types of constraint are currently supported -
.BR regex ,
.BR negregex ,
.BR size ,
.BR count ,
.BR uri ,
...
...
@@ -45,6 +46,8 @@ and
The parameter following the
.B regex
or
.B negregex
type is a Unix style regular expression (See
.BR regex (7)
). The parameter following the
...
...
@@ -104,6 +107,7 @@ overlay constraint
constraint_attribute jpegPhoto size 131072
constraint_attribute userPassword count 3
constraint_attribute mail regex ^[[:alnum:]]+@mydomain.com$
constraint_attribute mail negregex ^[[:alnum:]]+@notallowed.com$
constraint_attribute title uri
ldap:///dc=catalog,dc=example,dc=com?title?sub?(objectClass=titleCatalog)
constraint_attribute cn,sn,givenName set
...
...
@@ -115,7 +119,9 @@ constraint_attribute cn,sn,givenName set
A specification like the above would reject any
.B mail
attribute which did not look like
.BR "<alpha-numeric string>@mydomain.com" .
.BR "<alpha-numeric string>@mydomain.com"
or that looks like
.BR "<alpha-numeric string>@notallowed.com" .
It would also reject any
.B title
attribute whose values were not listed in the
...
...
servers/slapd/overlays/constraint.c
View file @
1cff7c3b
...
...
@@ -40,6 +40,7 @@
*/
#define REGEX_STR "regex"
#define NEG_REGEX_STR "negregex"
#define URI_STR "uri"
#define SET_STR "set"
#define SIZE_STR "size"
...
...
@@ -79,6 +80,7 @@ enum {
CONSTRAINT_COUNT
,
CONSTRAINT_SIZE
,
CONSTRAINT_REGEX
,
CONSTRAINT_NEG_REGEX
,
CONSTRAINT_SET
,
CONSTRAINT_URI
,
};
...
...
@@ -86,7 +88,7 @@ enum {
static
ConfigDriver
constraint_cf_gen
;
static
ConfigTable
constraintcfg
[]
=
{
{
"constraint_attribute"
,
"attribute[list]> (regex|uri|set|size|count) <value> [<restrict URI>]"
,
{
"constraint_attribute"
,
"attribute[list]> (regex|
negregex|
uri|set|size|count) <value> [<restrict URI>]"
,
4
,
0
,
0
,
ARG_MAGIC
|
CONSTRAINT_ATTRIBUTE
,
constraint_cf_gen
,
"( OLcfgOvAt:13.1 NAME 'olcConstraintAttribute' "
"DESC 'constraint for list of attributes' "
...
...
@@ -177,6 +179,10 @@ constraint_cf_gen( ConfigArgs *c )
tstr
=
REGEX_STR
;
quotes
=
1
;
break
;
case
CONSTRAINT_NEG_REGEX
:
tstr
=
NEG_REGEX_STR
;
quotes
=
1
;
break
;
case
CONSTRAINT_SET
:
tstr
=
SET_STR
;
quotes
=
1
;
...
...
@@ -296,10 +302,12 @@ constraint_cf_gen( ConfigArgs *c )
}
}
if
(
strcasecmp
(
c
->
argv
[
2
],
REGEX_STR
)
==
0
)
{
int
is_regex
=
strcasecmp
(
c
->
argv
[
2
],
REGEX_STR
)
==
0
;
int
is_neg_regex
=
strcasecmp
(
c
->
argv
[
2
],
NEG_REGEX_STR
)
==
0
;
if
(
is_regex
||
is_neg_regex
)
{
int
err
;
ap
.
type
=
CONSTRAINT
_REGEX
;
ap
.
type
=
is_regex
?
CONSTRAINT_REGEX
:
CONSTRAINT_NEG
_REGEX
;
ap
.
re
=
ch_malloc
(
sizeof
(
regex_t
)
);
if
((
err
=
regcomp
(
ap
.
re
,
c
->
argv
[
3
],
REG_EXTENDED
))
!=
0
)
{
...
...
@@ -598,6 +606,10 @@ constraint_violation( constraint *c, struct berval *bv, Operation *op )
if
(
regexec
(
c
->
re
,
bv
->
bv_val
,
0
,
NULL
,
0
)
==
REG_NOMATCH
)
return
LDAP_CONSTRAINT_VIOLATION
;
/* regular expression violation */
break
;
case
CONSTRAINT_NEG_REGEX
:
if
(
regexec
(
c
->
re
,
bv
->
bv_val
,
0
,
NULL
,
0
)
!=
REG_NOMATCH
)
return
LDAP_CONSTRAINT_VIOLATION
;
/* regular expression violation */
break
;
case
CONSTRAINT_URI
:
{
Operation
nop
=
*
op
;
slap_overinst
*
on
=
(
slap_overinst
*
)
op
->
o_bd
->
bd_info
;
...
...
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment