Commit 0799f585 authored by David Barchiesi's avatar David Barchiesi Committed by Quanah Gibson-Mount
Browse files

ITS#9442 Add negregex constraint type for not allowing values based on a regex.

parent fe7b161b
Pipeline #1411 passed with stage
in 27 minutes and 24 seconds
......@@ -35,8 +35,9 @@ directive.
.B constraint_attribute <attribute_name>[,...] <type> <value> [<extra> [...]]
Specifies the constraint which should apply to the comma-separated
attribute list named as the first parameter.
Five types of constraint are currently supported -
Six types of constraint are currently supported -
.BR regex ,
.BR negregex ,
.BR size ,
.BR count ,
.BR uri ,
......@@ -45,6 +46,8 @@ and
The parameter following the
.B regex
or
.B negregex
type is a Unix style regular expression (See
.BR regex (7)
). The parameter following the
......@@ -104,6 +107,7 @@ overlay constraint
constraint_attribute jpegPhoto size 131072
constraint_attribute userPassword count 3
constraint_attribute mail regex ^[[:alnum:]]+@mydomain.com$
constraint_attribute mail negregex ^[[:alnum:]]+@notallowed.com$
constraint_attribute title uri
ldap:///dc=catalog,dc=example,dc=com?title?sub?(objectClass=titleCatalog)
constraint_attribute cn,sn,givenName set
......@@ -115,7 +119,9 @@ constraint_attribute cn,sn,givenName set
A specification like the above would reject any
.B mail
attribute which did not look like
.BR "<alpha-numeric string>@mydomain.com" .
.BR "<alpha-numeric string>@mydomain.com"
or that looks like
.BR "<alpha-numeric string>@notallowed.com" .
It would also reject any
.B title
attribute whose values were not listed in the
......
......@@ -40,6 +40,7 @@
*/
#define REGEX_STR "regex"
#define NEG_REGEX_STR "negregex"
#define URI_STR "uri"
#define SET_STR "set"
#define SIZE_STR "size"
......@@ -79,6 +80,7 @@ enum {
CONSTRAINT_COUNT,
CONSTRAINT_SIZE,
CONSTRAINT_REGEX,
CONSTRAINT_NEG_REGEX,
CONSTRAINT_SET,
CONSTRAINT_URI,
};
......@@ -86,7 +88,7 @@ enum {
static ConfigDriver constraint_cf_gen;
static ConfigTable constraintcfg[] = {
{ "constraint_attribute", "attribute[list]> (regex|uri|set|size|count) <value> [<restrict URI>]",
{ "constraint_attribute", "attribute[list]> (regex|negregex|uri|set|size|count) <value> [<restrict URI>]",
4, 0, 0, ARG_MAGIC | CONSTRAINT_ATTRIBUTE, constraint_cf_gen,
"( OLcfgOvAt:13.1 NAME 'olcConstraintAttribute' "
"DESC 'constraint for list of attributes' "
......@@ -177,6 +179,10 @@ constraint_cf_gen( ConfigArgs *c )
tstr = REGEX_STR;
quotes = 1;
break;
case CONSTRAINT_NEG_REGEX:
tstr = NEG_REGEX_STR;
quotes = 1;
break;
case CONSTRAINT_SET:
tstr = SET_STR;
quotes = 1;
......@@ -296,10 +302,12 @@ constraint_cf_gen( ConfigArgs *c )
}
}
if ( strcasecmp( c->argv[2], REGEX_STR ) == 0) {
int is_regex = strcasecmp( c->argv[2], REGEX_STR ) == 0;
int is_neg_regex = strcasecmp( c->argv[2], NEG_REGEX_STR ) == 0;
if ( is_regex || is_neg_regex ) {
int err;
ap.type = CONSTRAINT_REGEX;
ap.type = is_regex ? CONSTRAINT_REGEX : CONSTRAINT_NEG_REGEX;
ap.re = ch_malloc( sizeof(regex_t) );
if ((err = regcomp( ap.re,
c->argv[3], REG_EXTENDED )) != 0) {
......@@ -598,6 +606,10 @@ constraint_violation( constraint *c, struct berval *bv, Operation *op )
if (regexec(c->re, bv->bv_val, 0, NULL, 0) == REG_NOMATCH)
return LDAP_CONSTRAINT_VIOLATION; /* regular expression violation */
break;
case CONSTRAINT_NEG_REGEX:
if (regexec(c->re, bv->bv_val, 0, NULL, 0) != REG_NOMATCH)
return LDAP_CONSTRAINT_VIOLATION; /* regular expression violation */
break;
case CONSTRAINT_URI: {
Operation nop = *op;
slap_overinst *on = (slap_overinst *) op->o_bd->bd_info;
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment