fix DN_SEPARATOR() and clarify its use

d40e5a36 · Pierangelo Masarati · b34cf024 · d40e5a36 · d40e5a36 · d40e5a36
Commit d40e5a36 authored May 07, 2004 by Pierangelo Masarati
--- a/servers/slapd/acl.c
+++ b/servers/slapd/acl.c
@@ -551,7 +551,7 @@ acl_get(
 						continue;

 					if ( patlen > 0 ) {
-						if ( !NDN_SEPARATOR( e->e_ndn[dnlen - patlen - 1] ) )
+						if ( !DN_SEPARATOR( e->e_ndn[dnlen - patlen - 1] ) )
 							continue;
 						sep = 1;
 					}
@@ -561,13 +561,13 @@ acl_get(
 						continue;

 				} else if ( a->acl_dn_style == ACL_STYLE_SUBTREE ) {
-					if ( dnlen > patlen && !NDN_SEPARATOR( e->e_ndn[dnlen - patlen - 1] ) )
+					if ( dnlen > patlen && !DN_SEPARATOR( e->e_ndn[dnlen - patlen - 1] ) )
 						continue;

 				} else if ( a->acl_dn_style == ACL_STYLE_CHILDREN ) {
 					if ( dnlen <= patlen )
 						continue;
-					if ( !NDN_SEPARATOR( e->e_ndn[dnlen - patlen - 1] ) )
+					if ( !DN_SEPARATOR( e->e_ndn[dnlen - patlen - 1] ) )
 						continue;
 				}

@@ -652,7 +652,7 @@ acl_get(
 					} else if ( a->acl_dn_style == ACL_STYLE_ONE ) {
 						int rdnlen = -1;
 	
-						if ( !NDN_SEPARATOR( val->bv_val[vdnlen - patlen - 1] ) )
+						if ( !DN_SEPARATOR( val->bv_val[vdnlen - patlen - 1] ) )
 							continue;
 	
 						rdnlen = dn_rdnlen( NULL, val );
@@ -660,14 +660,14 @@ acl_get(
 							continue;
 	
 					} else if ( a->acl_dn_style == ACL_STYLE_SUBTREE ) {
-						if ( vdnlen > patlen && !NDN_SEPARATOR( val->bv_val[vdnlen - patlen - 1] ) )
+						if ( vdnlen > patlen && !DN_SEPARATOR( val->bv_val[vdnlen - patlen - 1] ) )
 							continue;
 	
 					} else if ( a->acl_dn_style == ACL_STYLE_CHILDREN ) {
 						if ( vdnlen <= patlen )
 							continue;
 	
-						if ( !NDN_SEPARATOR( val->bv_val[vdnlen - patlen - 1] ) )
+						if ( !DN_SEPARATOR( val->bv_val[vdnlen - patlen - 1] ) )
 							continue;
 					}
 	
@@ -880,7 +880,7 @@ acl_mask(
 						goto dn_match_cleanup;
 					}

-					if ( !NDN_SEPARATOR( op->o_ndn.bv_val[odnlen - patlen - 1] ) ) {
+					if ( !DN_SEPARATOR( op->o_ndn.bv_val[odnlen - patlen - 1] ) ) {
 						goto dn_match_cleanup;
 					}

@@ -890,7 +890,7 @@ acl_mask(
 					}

 				} else if ( b->a_dn_style == ACL_STYLE_SUBTREE ) {
-					if ( odnlen > patlen && !NDN_SEPARATOR( op->o_ndn.bv_val[odnlen - patlen - 1] ) ) {
+					if ( odnlen > patlen && !DN_SEPARATOR( op->o_ndn.bv_val[odnlen - patlen - 1] ) ) {
 						goto dn_match_cleanup;
 					}

@@ -899,7 +899,7 @@ acl_mask(
 						goto dn_match_cleanup;
 					}

-					if ( !NDN_SEPARATOR( op->o_ndn.bv_val[odnlen - patlen - 1] ) ) {
+					if ( !DN_SEPARATOR( op->o_ndn.bv_val[odnlen - patlen - 1] ) ) {
 						goto dn_match_cleanup;
 					}
 				}

--- a/servers/slapd/aclparse.c
+++ b/servers/slapd/aclparse.c
@@ -196,7 +196,7 @@ check_scope( BackendDB *be, AccessControl *a )
 				int	rdnlen = -1, sep = 0;

 				if ( patlen > 0 ) {
-					if ( !NDN_SEPARATOR( dn.bv_val[ dn.bv_len - patlen - 1 ] ) )
+					if ( !DN_SEPARATOR( dn.bv_val[ dn.bv_len - patlen - 1 ] ) )
 						return ACL_SCOPE_ERR;
 					sep = 1;
 				}
@@ -227,7 +227,7 @@ check_scope( BackendDB *be, AccessControl *a )
 			break;
 		}

-		if ( dn.bv_len < patlen && !NDN_SEPARATOR( a->acl_dn_pat.bv_val[ patlen -dn.bv_len - 1 ] ) ) {
+		if ( dn.bv_len < patlen && !DN_SEPARATOR( a->acl_dn_pat.bv_val[ patlen -dn.bv_len - 1 ] ) ) {
 			return ACL_SCOPE_ERR;
 		}


--- a/servers/slapd/back-bdb/cache.c
+++ b/servers/slapd/back-bdb/cache.c
@@ -336,9 +336,9 @@ bdb_cache_find_ndn(

 		/* Advance to next lower RDN */
 		for (ptr = ei.bei_nrdn.bv_val - 2; ptr > ndn->bv_val
-			&& !NDN_SEPARATOR(*ptr); ptr--) /* empty */;
+			&& !DN_SEPARATOR(*ptr); ptr--) /* empty */;
 		if ( ptr >= ndn->bv_val ) {
-			if (NDN_SEPARATOR(*ptr)) ptr++;
+			if (DN_SEPARATOR(*ptr)) ptr++;
 			ei.bei_nrdn.bv_len = ei.bei_nrdn.bv_val - ptr - 1;
 			ei.bei_nrdn.bv_val = ptr;
 		}

--- a/servers/slapd/back-ldap/suffixmassage.c
+++ b/servers/slapd/back-ldap/suffixmassage.c
@@ -134,11 +134,10 @@ ldap_back_dn_massage(
 		if ( diff < 0 ) {
 			/* alias is longer than dn */
 			continue;
-		} else if ( diff > 0 && ( !NDN_SEPARATOR(dn->bv_val[diff-1]))) {
-			/* FIXME: should use DN_SEPARATOR() instead of
-			 * NDN_SEPARATOR(), but the latter may fail if
-			 * an escaped ';' is present */
-			/* boundary is not at a DN separator */
+		} else if ( diff > 0 && ( !DN_SEPARATOR(dn->bv_val[diff-1]))) {
+			/* FIXME: DN_SEPARATOR() is intended to work
+			 * on a normalized/pretty DN, so that ';'
+			 * is never used as a DN separator */
 			continue;
 			/* At a DN Separator */
 		}

--- a/servers/slapd/back-meta/search.c
+++ b/servers/slapd/back-meta/search.c
@@ -749,7 +749,7 @@ is_one_level_rdn(
 )
 {
 	for ( ; from--; ) {
-		if ( NDN_SEPARATOR( rdn[ from ] ) ) {
+		if ( DN_SEPARATOR( rdn[ from ] ) ) {
 			return 0;
 		}
 	}

--- a/servers/slapd/backend.c
+++ b/servers/slapd/backend.c
@@ -670,7 +670,7 @@ select_backend(
 			 * need not look at escaping
 			 */
 			if ( len && len < dnlen &&
-				!NDN_SEPARATOR( dn->bv_val[(dnlen-len)-1] ))
+				!DN_SEPARATOR( dn->bv_val[(dnlen-len)-1] ))
 			{
 				continue;
 			}

--- a/servers/slapd/dn.c
+++ b/servers/slapd/dn.c
@@ -690,7 +690,7 @@ dnParent(
 		return;
 	}

-	assert( NDN_SEPARATOR( p[ 0 ] ) );
+	assert( DN_SEPARATOR( p[ 0 ] ) );
 	p++;

 	assert( ATTR_LEADCHAR( p[ 0 ] ) );
@@ -882,7 +882,7 @@ dnIsSuffix(
 	}

 	/* no rdn separator or escaped rdn separator */
-	if ( d > 1 && !NDN_SEPARATOR( dn->bv_val[ d - 1 ] ) ) {
+	if ( d > 1 && !DN_SEPARATOR( dn->bv_val[ d - 1 ] ) ) {
 		return 0;
 	}


--- a/servers/slapd/limits.c
+++ b/servers/slapd/limits.c
@@ -163,7 +163,7 @@ limits_get(
 				}
 			} else {
 				/* check for unescaped rdn separator */
-				if ( !NDN_SEPARATOR( ndn->bv_val[d-1] ) ) {
+				if ( !DN_SEPARATOR( ndn->bv_val[d-1] ) ) {
 					break;
 				}
 			}

--- a/servers/slapd/overlays/rwmdn.c
+++ b/servers/slapd/overlays/rwmdn.c
@@ -138,11 +138,10 @@ rwm_dn_massage(
 		if ( diff < 0 ) {
 			/* alias is longer than dn */
 			continue;
-		} else if ( diff > 0 && ( !NDN_SEPARATOR(dn->bv_val[diff-1]))) {
-			/* FIXME: should use DN_SEPARATOR() instead of
-			 * NDN_SEPARATOR(), but the latter may fail if
-			 * an escaped ';' is present */
-			/* boundary is not at a DN separator */
+		} else if ( diff > 0 && ( !DN_SEPARATOR(dn->bv_val[diff-1]))) {
+			/* FIXME: DN_SEPARATOR() is intended to work
+			 * on a normalized/pretty DN, so that ';'
+			 * is never used as a DN separator */
 			continue;
 			/* At a DN Separator */
 		}

--- a/servers/slapd/slap.h
+++ b/servers/slapd/slap.h
@@ -133,8 +133,10 @@ LDAP_BEGIN_DECL
 	|| (c) == '(' || (c) == ')' || !ASCII_PRINTABLE(c) )

 #define DN_ESCAPE(c)	((c) == SLAP_ESCAPE_CHAR)
-#define NDN_SEPARATOR(c)	((c) == ',')
-#define DN_SEPARATOR(c)	(NDN_SEPARATOR(c) || (c) == ';')
+/* NOTE: for consistency, this macro must only operate
+ * on normalized/pretty DN, such that ';' is never used
+ * as RDN separator, and all occurrences of ';' must be escaped */
+#define DN_SEPARATOR(c)	((c) == ',')
 #define RDN_ATTRTYPEANDVALUE_SEPARATOR(c) ((c) == '+') /* RFC 2253 */
 #define RDN_SEPARATOR(c) (DN_SEPARATOR(c) || RDN_ATTRTYPEANDVALUE_SEPARATOR(c))
 #define RDN_NEEDSESCAPE(c)	((c) == '\\' || (c) == '"')