Commit 1cff7c3b authored by David Barchiesi's avatar David Barchiesi
Browse files

ITS#9442 Add negregex constraint type for not allowing values based on a regex.

parent 26d5fdc8
Pipeline #1383 passed with stage
in 33 minutes and 23 seconds
...@@ -35,8 +35,9 @@ directive. ...@@ -35,8 +35,9 @@ directive.
.B constraint_attribute <attribute_name>[,...] <type> <value> [<extra> [...]] .B constraint_attribute <attribute_name>[,...] <type> <value> [<extra> [...]]
Specifies the constraint which should apply to the comma-separated Specifies the constraint which should apply to the comma-separated
attribute list named as the first parameter. attribute list named as the first parameter.
Five types of constraint are currently supported - Six types of constraint are currently supported -
.BR regex , .BR regex ,
.BR negregex ,
.BR size , .BR size ,
.BR count , .BR count ,
.BR uri , .BR uri ,
...@@ -45,6 +46,8 @@ and ...@@ -45,6 +46,8 @@ and
The parameter following the The parameter following the
.B regex .B regex
or
.B negregex
type is a Unix style regular expression (See type is a Unix style regular expression (See
.BR regex (7) .BR regex (7)
). The parameter following the ). The parameter following the
...@@ -104,6 +107,7 @@ overlay constraint ...@@ -104,6 +107,7 @@ overlay constraint
constraint_attribute jpegPhoto size 131072 constraint_attribute jpegPhoto size 131072
constraint_attribute userPassword count 3 constraint_attribute userPassword count 3
constraint_attribute mail regex ^[[:alnum:]]+@mydomain.com$ constraint_attribute mail regex ^[[:alnum:]]+@mydomain.com$
constraint_attribute mail negregex ^[[:alnum:]]+@notallowed.com$
constraint_attribute title uri constraint_attribute title uri
ldap:///dc=catalog,dc=example,dc=com?title?sub?(objectClass=titleCatalog) ldap:///dc=catalog,dc=example,dc=com?title?sub?(objectClass=titleCatalog)
constraint_attribute cn,sn,givenName set constraint_attribute cn,sn,givenName set
...@@ -115,7 +119,9 @@ constraint_attribute cn,sn,givenName set ...@@ -115,7 +119,9 @@ constraint_attribute cn,sn,givenName set
A specification like the above would reject any A specification like the above would reject any
.B mail .B mail
attribute which did not look like attribute which did not look like
.BR "<alpha-numeric string>@mydomain.com" . .BR "<alpha-numeric string>@mydomain.com"
or that looks like
.BR "<alpha-numeric string>@notallowed.com" .
It would also reject any It would also reject any
.B title .B title
attribute whose values were not listed in the attribute whose values were not listed in the
......
...@@ -40,6 +40,7 @@ ...@@ -40,6 +40,7 @@
*/ */
#define REGEX_STR "regex" #define REGEX_STR "regex"
#define NEG_REGEX_STR "negregex"
#define URI_STR "uri" #define URI_STR "uri"
#define SET_STR "set" #define SET_STR "set"
#define SIZE_STR "size" #define SIZE_STR "size"
...@@ -79,6 +80,7 @@ enum { ...@@ -79,6 +80,7 @@ enum {
CONSTRAINT_COUNT, CONSTRAINT_COUNT,
CONSTRAINT_SIZE, CONSTRAINT_SIZE,
CONSTRAINT_REGEX, CONSTRAINT_REGEX,
CONSTRAINT_NEG_REGEX,
CONSTRAINT_SET, CONSTRAINT_SET,
CONSTRAINT_URI, CONSTRAINT_URI,
}; };
...@@ -86,7 +88,7 @@ enum { ...@@ -86,7 +88,7 @@ enum {
static ConfigDriver constraint_cf_gen; static ConfigDriver constraint_cf_gen;
static ConfigTable constraintcfg[] = { static ConfigTable constraintcfg[] = {
{ "constraint_attribute", "attribute[list]> (regex|uri|set|size|count) <value> [<restrict URI>]", { "constraint_attribute", "attribute[list]> (regex|negregex|uri|set|size|count) <value> [<restrict URI>]",
4, 0, 0, ARG_MAGIC | CONSTRAINT_ATTRIBUTE, constraint_cf_gen, 4, 0, 0, ARG_MAGIC | CONSTRAINT_ATTRIBUTE, constraint_cf_gen,
"( OLcfgOvAt:13.1 NAME 'olcConstraintAttribute' " "( OLcfgOvAt:13.1 NAME 'olcConstraintAttribute' "
"DESC 'constraint for list of attributes' " "DESC 'constraint for list of attributes' "
...@@ -177,6 +179,10 @@ constraint_cf_gen( ConfigArgs *c ) ...@@ -177,6 +179,10 @@ constraint_cf_gen( ConfigArgs *c )
tstr = REGEX_STR; tstr = REGEX_STR;
quotes = 1; quotes = 1;
break; break;
case CONSTRAINT_NEG_REGEX:
tstr = NEG_REGEX_STR;
quotes = 1;
break;
case CONSTRAINT_SET: case CONSTRAINT_SET:
tstr = SET_STR; tstr = SET_STR;
quotes = 1; quotes = 1;
...@@ -296,10 +302,12 @@ constraint_cf_gen( ConfigArgs *c ) ...@@ -296,10 +302,12 @@ constraint_cf_gen( ConfigArgs *c )
} }
} }
if ( strcasecmp( c->argv[2], REGEX_STR ) == 0) { int is_regex = strcasecmp( c->argv[2], REGEX_STR ) == 0;
int is_neg_regex = strcasecmp( c->argv[2], NEG_REGEX_STR ) == 0;
if ( is_regex || is_neg_regex ) {
int err; int err;
ap.type = CONSTRAINT_REGEX; ap.type = is_regex ? CONSTRAINT_REGEX : CONSTRAINT_NEG_REGEX;
ap.re = ch_malloc( sizeof(regex_t) ); ap.re = ch_malloc( sizeof(regex_t) );
if ((err = regcomp( ap.re, if ((err = regcomp( ap.re,
c->argv[3], REG_EXTENDED )) != 0) { c->argv[3], REG_EXTENDED )) != 0) {
...@@ -598,6 +606,10 @@ constraint_violation( constraint *c, struct berval *bv, Operation *op ) ...@@ -598,6 +606,10 @@ constraint_violation( constraint *c, struct berval *bv, Operation *op )
if (regexec(c->re, bv->bv_val, 0, NULL, 0) == REG_NOMATCH) if (regexec(c->re, bv->bv_val, 0, NULL, 0) == REG_NOMATCH)
return LDAP_CONSTRAINT_VIOLATION; /* regular expression violation */ return LDAP_CONSTRAINT_VIOLATION; /* regular expression violation */
break; break;
case CONSTRAINT_NEG_REGEX:
if (regexec(c->re, bv->bv_val, 0, NULL, 0) != REG_NOMATCH)
return LDAP_CONSTRAINT_VIOLATION; /* regular expression violation */
break;
case CONSTRAINT_URI: { case CONSTRAINT_URI: {
Operation nop = *op; Operation nop = *op;
slap_overinst *on = (slap_overinst *) op->o_bd->bd_info; slap_overinst *on = (slap_overinst *) op->o_bd->bd_info;
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment