use dnPretty instead of dn_pretty

servers/slapd/add.c

@@ -35,7 +35,7 @@ do_add( Connection *conn, Operation *op )
 {
 	BerElement	*ber = op->o_ber;
 	char		*last;
-	struct berval dn;
+	struct berval dn = { 0, NULL };
 	ber_len_t	len;
 	ber_tag_t	tag;
 	Entry		*e;
@@ -79,30 +79,58 @@ do_add( Connection *conn, Operation *op )
 	}
 
 	e = (Entry *) ch_calloc( 1, sizeof(Entry) );
-
-	e->e_dn = dn_pretty( dn.bv_val );
-	e->e_ndn = dn_normalize( dn.bv_val );
+	e->e_dn = NULL;
+	e->e_ndn = NULL;
 	e->e_attrs = NULL;
 	e->e_private = NULL;
 
-	if ( e->e_ndn == NULL ) {
+	{
+		struct berval *pdn;
+		rc = dnPretty( NULL, &dn, &pdn );
+
+		if( rc != LDAP_SUCCESS ) {
 #ifdef NEW_LOGGING
-		LDAP_LOG(( "operation", LDAP_LEVEL_ERR,
-			"do_add: conn %d	 invalid dn (%s)\n", conn->c_connid,
-			dn.bv_val ));
+			LDAP_LOG(( "operation", LDAP_LEVEL_ERR,
+				"do_add: conn %d invalid dn (%s)\n", conn->c_connid,
+				dn.bv_val ));
 #else
-		Debug( LDAP_DEBUG_ANY, "do_add: invalid dn (%s)\n", dn.bv_val, 0, 0 );
+			Debug( LDAP_DEBUG_ANY, "do_add: invalid dn (%s)\n", dn.bv_val, 0, 0 );
 #endif
-		send_ldap_result( conn, op, rc = LDAP_INVALID_DN_SYNTAX, NULL,
-		    "invalid DN", NULL, NULL );
-		goto done;
+			send_ldap_result( conn, op, rc = LDAP_INVALID_DN_SYNTAX, NULL,
+			    "invalid DN", NULL, NULL );
+			goto done;
+		}
+
+		e->e_dn = pdn->bv_val;
+		free( pdn );
+	}
+
+	{
+		struct berval *ndn;
+		rc = dnNormalize( NULL, &dn, &ndn );
+
+		if( rc != LDAP_SUCCESS ) {
+#ifdef NEW_LOGGING
+			LDAP_LOG(( "operation", LDAP_LEVEL_ERR,
+				"do_add: conn %d invalid dn (%s)\n", conn->c_connid,
+				dn.bv_val ));
+#else
+			Debug( LDAP_DEBUG_ANY, "do_add: invalid dn (%s)\n", dn.bv_val, 0, 0 );
+#endif
+			send_ldap_result( conn, op, rc = LDAP_INVALID_DN_SYNTAX, NULL,
+			    "invalid DN", NULL, NULL );
+			goto done;
+		}
+
+		e->e_ndn = ndn->bv_val;
+		free( ndn );
 	}
 
 #ifdef NEW_LOGGING
 	LDAP_LOG(( "operation", LDAP_LEVEL_ARGS,
-		"do_add: conn %d  ndn (%s)\n", conn->c_connid, e->e_ndn ));
+		"do_add: conn %d  dn (%s)\n", conn->c_connid, e->e_dn ));
 #else
-	Debug( LDAP_DEBUG_ARGS, "do_add: ndn (%s)\n", e->e_ndn, 0, 0 );
+	Debug( LDAP_DEBUG_ARGS, "do_add: dn (%s)\n", e->e_dn, 0, 0 );
 #endif
 
 	/* get the attrs */
@@ -132,8 +160,8 @@ do_add( Connection *conn, Operation *op )
 		if ( mod->ml_bvalues == NULL ) {
 #ifdef NEW_LOGGING
 			LDAP_LOG(( "operation", LDAP_LEVEL_INFO,
-				   "do_add: conn %d	 no values for type %s\n",
-				   conn->c_connid, mod->ml_type ));
+				"do_add: conn %d	 no values for type %s\n",
+				conn->c_connid, mod->ml_type ));
 #else
 			Debug( LDAP_DEBUG_ANY, "no values for type %s\n",
 				mod->ml_type, 0, 0 );
@@ -152,7 +180,7 @@ do_add( Connection *conn, Operation *op )
 	if ( ber_scanf( ber, /*{*/ "}") == LBER_ERROR ) {
 #ifdef NEW_LOGGING
 		LDAP_LOG(( "operation", LDAP_LEVEL_ERR,
-			   "do_add: conn %d	 ber_scanf failed\n", conn->c_connid ));
+			"do_add: conn %d ber_scanf failed\n", conn->c_connid ));
 #else
 		Debug( LDAP_DEBUG_ANY, "do_add: ber_scanf failed\n", 0, 0, 0 );
 #endif
@@ -165,7 +193,7 @@ do_add( Connection *conn, Operation *op )
 	if( (rc = get_ctrls( conn, op, 1 )) != LDAP_SUCCESS ) {
 #ifdef NEW_LOGGING
 		LDAP_LOG(( "operation", LDAP_LEVEL_INFO,
-			   "do_add: conn %d	 get_ctrls failed\n", conn->c_connid ));
+			"do_add: conn %d get_ctrls failed\n", conn->c_connid ));
 #else
 		Debug( LDAP_DEBUG_ANY, "do_add: get_ctrls failed\n", 0, 0, 0 );
 #endif
@@ -179,7 +207,7 @@ do_add( Connection *conn, Operation *op )
 	}
 
 	Statslog( LDAP_DEBUG_STATS, "conn=%ld op=%d ADD dn=\"%s\"\n",
-	    op->o_connid, op->o_opid, e->e_ndn, 0, 0 );
+	    op->o_connid, op->o_opid, e->e_dn, 0, 0 );
 
 	if( e->e_ndn == NULL || *e->e_ndn == '\0' ) {
 		/* protocolError may be a more appropriate error */
@@ -190,7 +218,6 @@ do_add( Connection *conn, Operation *op )
 
 #if defined( SLAPD_SCHEMA_DN )
 	} else if ( strcasecmp( e->e_ndn, SLAPD_SCHEMA_DN ) == 0 ) {
-		/* protocolError may be a more appropriate error */
 		send_ldap_result( conn, op, rc = LDAP_ALREADY_EXISTS,
 			NULL, "subschema subentry already exists",
 			NULL, NULL );
@@ -320,6 +347,8 @@ do_add( Connection *conn, Operation *op )
 	}
 
 done:
+	free( dn.bv_val );
+
 	if( modlist != NULL ) {
 		slap_modlist_free( modlist );
 	}

servers/slapd/bind.c

@@ -33,17 +33,18 @@ do_bind(
     Operation	*op
 )
 {
-	BerElement	*ber = op->o_ber;
-	ber_int_t		version;
+	BerElement *ber = op->o_ber;
+	ber_int_t version;
 	ber_tag_t method;
-	char		*mech;
+	char *mech = NULL;
 	struct berval dn = { 0, NULL };
-	char *ndn;
-	ber_tag_t	tag;
-	int			rc = LDAP_SUCCESS;
-	const char	*text;
-	struct berval	cred;
-	Backend		*be;
+	struct berval *pdn = NULL;
+	struct berval *ndn = NULL;
+	ber_tag_t tag;
+	int	rc = LDAP_SUCCESS;
+	const char *text;
+	struct berval cred = { 0, NULL };
+	Backend *be;
 
 #ifdef NEW_LOGGING
 	LDAP_LOG(( "operation", LDAP_LEVEL_ENTRY,
@@ -52,10 +53,6 @@ do_bind(
 	Debug( LDAP_DEBUG_TRACE, "do_bind\n", 0, 0, 0 );
 #endif
 
-	ndn = NULL;
-	mech = NULL;
-	cred.bv_val = NULL;
-
 	/*
 	 * Force to connection to "anonymous" until bind succeeds.
 	 */
@@ -152,9 +149,23 @@ do_bind(
 		goto cleanup;
 	} 
 
-	ndn = ch_strdup( dn.bv_val );
+	rc = dnPretty( NULL, &dn, &pdn );
+	if ( rc != LDAP_SUCCESS ) {
+#ifdef NEW_LOGGING
+		LDAP_LOG(( "operation", LDAP_LEVEL_INFO,
+			"do_bind: conn %d  invalid dn (%s)\n",
+			conn->c_connid, dn.bv_val ));
+#else
+		Debug( LDAP_DEBUG_ANY, "bind: invalid dn (%s)\n",
+			dn.bv_val, 0, 0 );
+#endif
+		send_ldap_result( conn, op, rc = LDAP_INVALID_DN_SYNTAX, NULL,
+		    "invalid DN", NULL, NULL );
+		goto cleanup;
+	}
 
-	if ( dn_normalize( ndn ) == NULL ) {
+	rc = dnNormalize( NULL, &dn, &ndn );
+	if ( rc != LDAP_SUCCESS ) {
 #ifdef NEW_LOGGING
 		LDAP_LOG(( "operation", LDAP_LEVEL_INFO,
 			"do_bind: conn %d  invalid dn (%s)\n",
@@ -172,27 +183,28 @@ do_bind(
 #ifdef NEW_LOGGING
 		LDAP_LOG(( "operation",	 LDAP_LEVEL_DETAIL1,
 			"do_sasl_bind: conn %d  dn (%s) mech %s\n", conn->c_connid,
-			dn.bv_val, mech ));
+			pdn->bv_val, mech ));
 #else
 		Debug( LDAP_DEBUG_TRACE, "do_sasl_bind: dn (%s) mech %s\n",
-			dn.bv_val, mech, NULL );
+			pdn->bv_val, mech, NULL );
 #endif
+
 	} else {
 #ifdef NEW_LOGGING
 		LDAP_LOG(( "operation", LDAP_LEVEL_DETAIL1,
 			"do_bind: conn %d  version=%ld dn=\"%s\" method=%ld\n",
 			conn->c_connid, (unsigned long) version,
-			dn.bv_val, (unsigned long)method ));
+			pdn->bv_val, (unsigned long)method ));
 #else
 		Debug( LDAP_DEBUG_TRACE,
 			"do_bind: version=%ld dn=\"%s\" method=%ld\n",
 			(unsigned long) version,
-			dn.bv_val, (unsigned long) method );
+			pdn->bv_val, (unsigned long) method );
 #endif
 	}
 
 	Statslog( LDAP_DEBUG_STATS, "conn=%ld op=%d BIND dn=\"%s\" method=%ld\n",
-	    op->o_connid, op->o_opid, ndn, (unsigned long) method, 0 );
+	    op->o_connid, op->o_opid, pdn->bv_val, (unsigned long) method, 0 );
 
 	if ( version < LDAP_VERSION_MIN || version > LDAP_VERSION_MAX ) {
 #ifdef NEW_LOGGING
@@ -277,7 +289,9 @@ do_bind(
 		ldap_pvt_thread_mutex_unlock( &conn->c_mutex );
 
 		edn = NULL;
-		rc = slap_sasl_bind( conn, op, dn.bv_val, ndn, &cred, &edn, &ssf );
+		rc = slap_sasl_bind( conn, op,
+			pdn->bv_val, ndn->bv_val,
+			&cred, &edn, &ssf );
 
 		ldap_pvt_thread_mutex_lock( &conn->c_mutex );
 		if( rc == LDAP_SUCCESS ) {
@@ -331,7 +345,7 @@ do_bind(
 
 	if ( method == LDAP_AUTH_SIMPLE ) {
 		/* accept "anonymous" binds */
-		if ( cred.bv_len == 0 || ndn == NULL || *ndn == '\0' ) {
+		if ( cred.bv_len == 0 || ndn->bv_len == 0 ) {
 			rc = LDAP_SUCCESS;
 			text = NULL;
 
@@ -341,7 +355,7 @@ do_bind(
 				/* cred is not empty, disallow */
 				rc = LDAP_INVALID_CREDENTIALS;
 
-			} else if ( ndn != NULL && *ndn != '\0' &&
+			} else if ( ndn->bv_len &&
 				!( global_allows & SLAP_ALLOW_BIND_ANON_DN ))
 			{
 				/* DN is not empty, disallow */
@@ -437,10 +451,10 @@ do_bind(
 	 * if we don't hold it.
 	 */
 
-	if ( (be = select_backend( ndn, 0, 0 )) == NULL ) {
+	if ( (be = select_backend( ndn->bv_val, 0, 0 )) == NULL ) {
 		if ( default_referral ) {
 			struct berval **ref = referral_rewrite( default_referral,
-				NULL, dn.bv_val, LDAP_SCOPE_DEFAULT );
+				NULL, pdn->bv_val, LDAP_SCOPE_DEFAULT );
 
 			send_ldap_result( conn, op, rc = LDAP_REFERRAL,
 				NULL, NULL, ref ? ref : default_referral, NULL );
@@ -472,15 +486,17 @@ do_bind(
 		char *edn = NULL;
 
 		/* deref suffix alias if appropriate */
-		ndn = suffix_alias( be, ndn );
+		ndn->bv_val = suffix_alias( be, ndn->bv_val );
+		ndn->bv_len = strlen( ndn->bv_val );
 
-		ret = (*be->be_bind)( be, conn, op, dn.bv_val, ndn,
+		ret = (*be->be_bind)( be, conn, op,
+			pdn->bv_val, ndn->bv_val,
 			method, &cred, &edn );
 
 		if ( ret == 0 ) {
 			ldap_pvt_thread_mutex_lock( &conn->c_mutex );
 
-			conn->c_cdn = dn.bv_val;
+			conn->c_cdn = pdn->bv_val;
 			dn.bv_val = NULL;
 			dn.bv_len = 0;
 
@@ -489,8 +505,9 @@ do_bind(
 			} else {
 				conn->c_dn = ch_strdup( conn->c_cdn );
 			}
-			conn->c_ndn = ndn;
-			ndn = NULL;
+			conn->c_ndn = ndn->bv_val;
+			ndn->bv_val = NULL;
+			ndn->bv_len = 0;
 
 			if( conn->c_dn != NULL ) {
 				ber_len_t max = sockbuf_max_incoming;
@@ -503,7 +520,8 @@ do_bind(
 				"do_bind: conn %d  v%d bind: \"%s\" to \"%s\" \n",
 				conn->c_connid, version, conn->c_cdn, conn->c_dn ));
 #else
-			Debug( LDAP_DEBUG_TRACE, "do_bind: v%d bind: \"%s\" to \"%s\"\n",
+			Debug( LDAP_DEBUG_TRACE,
+				"do_bind: v%d bind: \"%s\" to \"%s\"\n",
 				version, conn->c_cdn, conn->c_dn );
 #endif
 
@@ -519,13 +537,17 @@ do_bind(
 
 	} else {
 		send_ldap_result( conn, op, rc = LDAP_UNWILLING_TO_PERFORM,
-			NULL, "operation not supported within namingContext", NULL, NULL );
+			NULL, "operation not supported within namingContext",
+			NULL, NULL );
 	}
 
 cleanup:
 	free( dn.bv_val );
+	if( pdn != NULL ) {
+		ber_bvfree( pdn );
+	}
 	if( ndn != NULL ) {
-		free( ndn );
+		ber_bvfree( ndn );
 	}
 	if ( mech != NULL ) {
 		free( mech );

servers/slapd/compare.c

@@ -37,9 +37,10 @@ do_compare(
 {
 	Entry *entry = NULL;
 	struct berval dn = { 0, NULL };
-	char *ndn = NULL;
-	struct berval desc;
-	struct berval value;
+	struct berval *pdn = NULL;
+	struct berval *ndn = NULL;
+	struct berval desc = { 0, NULL };
+	struct berval value = { 0, NULL };
 	struct berval *nvalue;
 	AttributeAssertion ava;
 	Backend	*be;
@@ -48,8 +49,6 @@ do_compare(
 	int manageDSAit;
 
 	ava.aa_desc = NULL;
-	desc.bv_val = NULL;
-	value.bv_val = NULL;
 
 #ifdef NEW_LOGGING
 	LDAP_LOG(( "operation", LDAP_LEVEL_ENTRY,
@@ -117,9 +116,23 @@ do_compare(
 		goto cleanup;
 	} 
 
-	ndn = ch_strdup( dn.bv_val );
+	rc = dnPretty( NULL, &dn, &pdn );
+	if( rc != LDAP_SUCCESS ) {
+#ifdef NEW_LOGGING
+		LDAP_LOG(( "operation", LDAP_LEVEL_INFO,
+			"do_compare: conn %d  invalid dn (%s)\n",
+			conn->c_connid, dn.bv_val ));
+#else
+		Debug( LDAP_DEBUG_ANY,
+			"do_compare: invalid dn (%s)\n", dn.bv_val, 0, 0 );
+#endif
+		send_ldap_result( conn, op, rc = LDAP_INVALID_DN_SYNTAX, NULL,
+		    "invalid DN", NULL, NULL );
+		goto cleanup;
+	}
 
-	if( dn_normalize( ndn ) == NULL ) {
+	rc = dnNormalize( NULL, &dn, &ndn );
+	if( rc != LDAP_SUCCESS ) {
 #ifdef NEW_LOGGING
 		LDAP_LOG(( "operation", LDAP_LEVEL_INFO,
 			"do_compare: conn %d  invalid dn (%s)\n",
@@ -147,20 +160,20 @@ do_compare(
 
 	ava.aa_value = nvalue;
 
-	if( strcasecmp( ndn, LDAP_ROOT_DSE ) == 0 ) {
+	if( strcasecmp( ndn->bv_val, LDAP_ROOT_DSE ) == 0 ) {
 #ifdef NEW_LOGGING
 		LDAP_LOG(( "operation", LDAP_LEVEL_ARGS,
 			"do_compare: conn %d  dn (%s) attr(%s) value (%s)\n",
-			conn->c_connid, dn.bv_val, ava.aa_desc->ad_cname.bv_val,
-			ava.aa_value->bv_val ));
+			conn->c_connid, pdn->bv_val,
+			ava.aa_desc->ad_cname.bv_val, ava.aa_value->bv_val ));
 #else
 		Debug( LDAP_DEBUG_ARGS, "do_compare: dn (%s) attr (%s) value (%s)\n",
-			dn.bv_val, ava.aa_desc->ad_cname.bv_val, ava.aa_value->bv_val );
+			pdn->bv_val, ava.aa_desc->ad_cname.bv_val, ava.aa_value->bv_val );
 #endif
 
 		Statslog( LDAP_DEBUG_STATS,
 			"conn=%ld op=%d CMP dn=\"%s\" attr=\"%s\"\n",
-			op->o_connid, op->o_opid, dn.bv_val,
+			op->o_connid, op->o_opid, pdn->bv_val,
 			ava.aa_desc->ad_cname.bv_val, 0 );
 
 		rc = backend_check_restrictions( NULL, conn, op, NULL, &text ) ;
@@ -175,20 +188,20 @@ do_compare(
 			goto cleanup;
 		}
 
-	} else if ( strcasecmp( ndn, SLAPD_SCHEMA_DN ) == 0 ) {
+	} else if ( strcasecmp( ndn->bv_val, SLAPD_SCHEMA_DN ) == 0 ) {
 #ifdef NEW_LOGGING
 		LDAP_LOG(( "operation", LDAP_LEVEL_ARGS,
 			"do_compare: conn %d  dn (%s) attr(%s) value (%s)\n",
-			conn->c_connid, dn.bv_val, ava.aa_desc->ad_cname.bv_val,
+			conn->c_connid, pdn->bv_val, ava.aa_desc->ad_cname.bv_val,
 			ava.aa_value->bv_val ));
 #else
 		Debug( LDAP_DEBUG_ARGS, "do_compare: dn (%s) attr (%s) value (%s)\n",
-			dn.bv_val, ava.aa_desc->ad_cname.bv_val, ava.aa_value->bv_val );
+			pdn->bv_val, ava.aa_desc->ad_cname.bv_val, ava.aa_value->bv_val );
 #endif
 
 		Statslog( LDAP_DEBUG_STATS,
 			"conn=%ld op=%d CMP dn=\"%s\" attr=\"%s\"\n",
-			op->o_connid, op->o_opid, dn.bv_val,
+			op->o_connid, op->o_opid, pdn->bv_val,
 			ava.aa_desc->ad_cname.bv_val, 0 );
 
 		rc = backend_check_restrictions( NULL, conn, op, NULL, &text ) ;
@@ -226,9 +239,9 @@ do_compare(
 	 * appropriate one, or send a referral to our "referral server"
 	 * if we don't hold it.
 	 */
-	if ( (be = select_backend( ndn, manageDSAit, 0 )) == NULL ) {
+	if ( (be = select_backend( ndn->bv_val, manageDSAit, 0 )) == NULL ) {
 		struct berval **ref = referral_rewrite( default_referral,
-			NULL, dn.bv_val, LDAP_SCOPE_DEFAULT );
+			NULL, pdn->bv_val, LDAP_SCOPE_DEFAULT );
 
 		send_ldap_result( conn, op, rc = LDAP_REFERRAL,
 			NULL, NULL, ref ? ref : default_referral, NULL );
@@ -247,7 +260,7 @@ do_compare(
 	}
 
 	/* check for referrals */
-	rc = backend_check_referrals( be, conn, op, dn.bv_val, ndn );
+	rc = backend_check_referrals( be, conn, op, pdn->bv_val, ndn->bv_val );
 	if ( rc != LDAP_SUCCESS ) {
 		goto cleanup;
 	}
@@ -255,30 +268,34 @@ do_compare(
 #ifdef NEW_LOGGING
 	LDAP_LOG(( "operation", LDAP_LEVEL_ARGS,
 		"do_compare: conn %d	 dn (%s) attr(%s) value (%s)\n",
-		conn->c_connid, dn.bv_val, ava.aa_desc->ad_cname.bv_val,
+		conn->c_connid, pdn->bv_val, ava.aa_desc->ad_cname.bv_val,
 		ava.aa_value->bv_val ));
 #else
 	Debug( LDAP_DEBUG_ARGS, "do_compare: dn (%s) attr (%s) value (%s)\n",
-	    dn.bv_val, ava.aa_desc->ad_cname.bv_val, ava.aa_value->bv_val );
+	    pdn->bv_val, ava.aa_desc->ad_cname.bv_val, ava.aa_value->bv_val );
 #endif
 
 	Statslog( LDAP_DEBUG_STATS, "conn=%ld op=%d CMP dn=\"%s\" attr=\"%s\"\n",
-	    op->o_connid, op->o_opid, dn, ava.aa_desc->ad_cname.bv_val, 0 );
+	    op->o_connid, op->o_opid, pdn->bv_val,
+		ava.aa_desc->ad_cname.bv_val, 0 );
 
 
 	/* deref suffix alias if appropriate */
-	ndn = suffix_alias( be, ndn );
+	ndn->bv_val = suffix_alias( be, ndn->bv_val );
+	ndn->bv_len = strlen( ndn->bv_val );
 
 	if ( be->be_compare ) {
-		(*be->be_compare)( be, conn, op, dn.bv_val, ndn, &ava );
+		(*be->be_compare)( be, conn, op, pdn->bv_val, ndn->bv_val, &ava );
 	} else {
 		send_ldap_result( conn, op, rc = LDAP_UNWILLING_TO_PERFORM,
-			NULL, "operation not supported within namingContext", NULL, NULL );
+			NULL, "operation not supported within namingContext",
+			NULL, NULL );
 	}
 
 cleanup:
 	free( dn.bv_val );
-	free( ndn );
+	ber_bvfree( pdn );
+	ber_bvfree( ndn );
 	free( desc.bv_val );
 	free( value.bv_val );
 

servers/slapd/config.c

@@ -953,9 +953,6 @@ read_config( const char *fname )
 
 				}
 				charray_add( &be->be_suffix, dn );
-#ifndef USE_LDAP_DN_PARSING
-				(void) ldap_pvt_str2upper( dn );
-#else /* USE_LDAP_DN_PARSING */
 				if ( dn_normalize( dn ) == NULL ) {
 #ifdef NEW_LOGGING
 					LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
@@ -970,7 +967,6 @@ read_config( const char *fname )
 					free( dn );
 					return 1;
 				}
-#endif /* USE_LDAP_DN_PARSING */
 				ber_bvecadd( &be->be_nsuffix, ber_bvstr( dn ) );
 			}
 

servers/slapd/delete.c

@@ -32,7 +32,8 @@ do_delete(
 )
 {
 	struct berval dn = { 0, NULL };
-	char *ndn = NULL;
+	struct berval *ndn = NULL;
+	struct berval *pdn = NULL;
 	const char *text;
 	Backend	*be;
 	int rc;
@@ -73,23 +74,37 @@ do_delete(
 		goto cleanup;
 	} 
 
-	ndn = ch_strdup( dn.bv_val );
-
-	if(	dn_normalize( ndn ) == NULL ) {
+	rc = dnPretty( NULL, &dn, &pdn );
+	if( rc != LDAP_SUCCESS ) {
 #ifdef NEW_LOGGING
-		LDAP_LOG(( "operation", LDAP_LEVEL_ERR,
-			"do_delete: conn %d  invalid dn (%s).\n",
+		LDAP_LOG(( "operation", LDAP_LEVEL_INFO,
+			"do_delete: conn %d  invalid dn (%s)\n",
 			conn->c_connid, dn.bv_val ));
 #else
-		Debug( LDAP_DEBUG_ANY, "do_delete: invalid dn (%s)\n",
-			dn.bv_val, 0, 0 );
+		Debug( LDAP_DEBUG_ANY,
+			"do_delete: invalid dn (%s)\n", dn.bv_val, 0, 0 );
 #endif
 		send_ldap_result( conn, op, rc = LDAP_INVALID_DN_SYNTAX, NULL,
 		    "invalid DN", NULL, NULL );
 		goto cleanup;
 	}
 
-	if( *ndn == '\0' ) {
+	rc = dnNormalize( NULL, &dn, &ndn );
+	if( rc != LDAP_SUCCESS ) {
+#ifdef NEW_LOGGING
+		LDAP_LOG(( "operation", LDAP_LEVEL_INFO,
+			"do_delete: conn %d  invalid dn (%s)\n",
+			conn->c_connid, dn.bv_val ));
+#else
+		Debug( LDAP_DEBUG_ANY,
+			"do_delete: invalid dn (%s)\n", dn.bv_val, 0, 0 );
+#endif
+		send_ldap_result( conn, op, rc = LDAP_INVALID_DN_SYNTAX, NULL,
+		    "invalid DN", NULL, NULL );
+		goto cleanup;
+	}
+
+	if( ndn->bv_len == 0 ) {
 #ifdef NEW_LOGGING
 		LDAP_LOG(( "operation", LDAP_LEVEL_INFO, "do_delete: conn %d: "
 			"Attempt to delete root DSE.\n", conn->c_connid ));
@@ -102,7 +117,8 @@ do_delete(
 		goto cleanup;
 
 #ifdef SLAPD_SCHEMA_DN
-	} else if ( strcasecmp( ndn, SLAPD_SCHEMA_DN ) == 0 ) {
+
+	} else if ( strcasecmp( ndn->bv_val, SLAPD_SCHEMA_DN ) == 0 ) {
 #ifdef NEW_LOGGING
 		LDAP_LOG(( "operation", LDAP_LEVEL_INFO, "do_delete: conn %d: "
 			"Attempt to delete subschema subentry.\n", conn->c_connid ));
@@ -118,7 +134,7 @@ do_delete(
 	}
 
 	Statslog( LDAP_DEBUG_STATS, "conn=%ld op=%d DEL dn=\"%s\"\n",
-		op->o_connid, op->o_opid, dn.bv_val, 0, 0 );
+		op->o_connid, op->o_opid, pdn->bv_val, 0, 0 );
 
 	manageDSAit = get_manageDSAit( op );
 
@@ -127,9 +143,9 @@ do_delete(
 	 * appropriate one, or send a referral to our "referral server"
 	 * if we don't hold it.
 	 */
-	if ( (be = select_backend( ndn, manageDSAit, 0 )) == NULL ) {
+	if ( (be = select_backend( ndn->bv_val, manageDSAit, 0 )) == NULL ) {
 		struct berval **ref = referral_rewrite( default_referral,
-			NULL, dn.bv_val, LDAP_SCOPE_DEFAULT );
+			NULL, pdn->bv_val, LDAP_SCOPE_DEFAULT );
 
 		send_ldap_result( conn, op, rc = LDAP_REFERRAL,
 			NULL, NULL, ref ? ref : default_referral, NULL );
@@ -147,13 +163,14 @@ do_delete(
 	}
 
 	/* check for referrals */
-	rc = backend_check_referrals( be, conn, op, dn.bv_val, ndn );
+	rc = backend_check_referrals( be, conn, op, pdn->bv_val, ndn->bv_val );
 	if ( rc != LDAP_SUCCESS ) {
 		goto cleanup;
 	}
 
 	/* deref suffix alias if appropriate */
-	ndn = suffix_alias( be, ndn );
+	ndn->bv_val = suffix_alias( be, ndn->bv_val );
+	ndn->bv_len = strlen( ndn->bv_val );
 
 	/*
 	 * do the delete if 1 && (2 || 3)
@@ -168,12 +185,12 @@ do_delete(
 		if ( be->be_update_ndn == NULL || repl_user )
 #endif
 		{
-			if ( (*be->be_delete)( be, conn, op, dn.bv_val, ndn ) == 0 ) {
+			if ( (*be->be_delete)( be, conn, op, pdn->bv_val, ndn->bv_val ) == 0 ) {
 #ifdef SLAPD_MULTIMASTER
 				if (be->be_update_ndn == NULL || !repl_user )
 #endif
 				{
-					replog( be, op, dn.bv_val, ndn, NULL );
+					replog( be, op, pdn->bv_val, ndn->bv_val, NULL );
 				}
 			}
 #ifndef SLAPD_MULTIMASTER
@@ -181,7 +198,7 @@ do_delete(
 			struct berval **defref = be->be_update_refs
 				? be->be_update_refs : default_referral;
 			struct berval **ref = referral_rewrite( default_referral,
-				NULL, dn.bv_val, LDAP_SCOPE_DEFAULT );
+				NULL, pdn->bv_val, LDAP_SCOPE_DEFAULT );
 
 			send_ldap_result( conn, op, rc = LDAP_REFERRAL, NULL, NULL,
 				ref ? ref : defref, NULL );
@@ -196,7 +213,8 @@ do_delete(
 	}
 
 cleanup:
-	if( ndn != NULL ) free( ndn );
 	free( dn.bv_val );
+	if( pdn != NULL ) ber_bvfree( pdn );
+	if( ndn != NULL ) ber_bvfree( ndn );
 	return rc;
 }

servers/slapd/dn.c

@@ -28,6 +28,7 @@
 #define INQUOTEDVALUE	7
 #define B4SEPARATOR		8
 
+#if 0
 /*
  * dn_pretty - "pretty" the DN
  */
@@ -44,6 +45,7 @@ char *dn_pretty( const char *dn_in )
 	if( dn_out == NULL ) free( dn );
 	return dn_out;
 }
+#endif
 
 /*
  * dn_validate - validate and compress dn.  the dn is
@@ -53,7 +55,6 @@ char *dn_pretty( const char *dn_in )
 char *
 dn_validate( char *dn_in )
 {
-#ifdef USE_LDAP_DN_PARSING
 	struct berval	val, *normalized;
 	int		rc;
 
@@ -78,164 +79,6 @@ dn_validate( char *dn_in )
 	ber_bvfree( normalized );
 
 	return( dn_in );
-	
-#else /* !USE_LDAP_DN_PARSING */
-	char	*d, *s;
-	int	state, gotesc;
-	char	*dn = dn_in;
-
-	gotesc = 0;
-	state = B4LEADTYPE;
-	for ( d = s = dn; *s; s++ ) {
-		switch ( state ) {
-		case B4LEADTYPE:
-		case B4TYPE:
-			if ( OID_LEADCHAR(*s) ) {
-				state = INOIDTYPE;
-				*d++ = *s;
-			} else if ( ATTR_LEADCHAR(*s) ) {
-				state = INKEYTYPE;
-				*d++ = *s;
-			} else if ( ! ASCII_SPACE( *s ) ) {
-				dn = NULL;
-				state = INKEYTYPE;
-				*d++ = *s;
-			}
-			break;
-
-		case INOIDTYPE:
-			if ( OID_CHAR(*s) ) {
-				*d++ = *s;
-			} else if ( *s == '=' ) {
-				state = B4VALUE;
-				*d++ = *s;
-			} else if ( ASCII_SPACE( *s ) ) {
-				state = B4EQUAL;
-			} else {
-				dn = NULL;
-				*d++ = *s;
-			}
-			break;
-
-		case INKEYTYPE:
-			if ( ATTR_CHAR(*s) ) {
-				*d++ = *s;
-			} else if ( *s == '=' ) {
-				state = B4VALUE;
-				*d++ = *s;
-			} else if ( ASCII_SPACE( *s ) ) {
-				state = B4EQUAL;
-			} else {
-				dn = NULL;
-				*d++ = *s;
-			}
-			break;
-
-		case B4EQUAL:
-			if ( *s == '=' ) {
-				state = B4VALUE;
-				*d++ = *s;
-			} else if ( ! ASCII_SPACE( *s ) ) {
-				/* not a valid dn - but what can we do here? */
-				*d++ = *s;
-				dn = NULL;
-			}
-			break;
-
-		case B4VALUE:
-			if ( *s == '"' ) {
-				state = INQUOTEDVALUE;
-				*d++ = *s;
-			} else if ( ! ASCII_SPACE( *s ) ) {
-				state = INVALUE;
-				*d++ = *s;
-			}
-			break;
-
-		case INVALUE:
-			if ( !gotesc && RDN_SEPARATOR( *s ) ) {
-				while ( ASCII_SPACE( *(d - 1) ) )
-					d--;
-				state = B4TYPE;
-				if ( *s == '+' ) {
-					*d++ = *s;
-				} else {
-					*d++ = ',';
-				}
-			} else if ( gotesc && !RDN_NEEDSESCAPE( *s ) &&
-				!RDN_SEPARATOR( *s ) )
-			{
-				*--d = *s;
-				d++;
-			} else if( !ASCII_SPACE( *s ) || !ASCII_SPACE( *(d - 1) ) ) {
-				*d++ = *s;
-			}
-			break;
-
-		case INQUOTEDVALUE:
-			if ( !gotesc && *s == '"' ) {
-				state = B4SEPARATOR;
-				*d++ = *s;
-			} else if ( gotesc && !RDN_NEEDSESCAPE( *s ) ) {
-				*--d = *s;
-				d++;
-			} else if( !ASCII_SPACE( *s ) || !ASCII_SPACE( *(d - 1) ) ) {
-				*d++ = *s;
-			}
-			break;
-
-		case B4SEPARATOR:
-			if ( RDN_SEPARATOR( *s ) ) {
-				state = B4TYPE;
-				*d++ = *s;
-			} else if ( !ASCII_SPACE( *s ) ) {
-				dn = NULL;
-			}
-			break;
-
-		default:
-			dn = NULL;
-#ifdef NEW_LOGGING
-			LDAP_LOG(( "operation", LDAP_LEVEL_ERR,
-				"dn_validate: unknown state %d for dn \"%s\".\n",
-				state, dn_in ));
-#else
-			Debug( LDAP_DEBUG_ANY,
-				"dn_validate - unknown state %d\n", state, 0, 0 );
-#endif
-			break;
-		}
-
-		if ( *s == '\\' ) {
-			gotesc = 1;
-		} else {
-			gotesc = 0;
-		}
-	}
-
-	/* trim trailing spaces */
-	while( d > dn_in && ASCII_SPACE( *(d-1) ) ) {
-		--d;
-	}
-	*d = '\0';
-
-	if( gotesc ) {
-		/* shouldn't be left in escape */
-		dn = NULL;
-	}
-
-	/* check end state */
-	switch( state ) {
-	case B4LEADTYPE:	/* looking for first type */
-	case B4SEPARATOR:	/* looking for separator */
-	case INVALUE:		/* inside value */
-		break;
-	default:
-		dn = NULL;
-	}
-
-	return( dn );
-#endif /* !USE_LDAP_DN_PARSING */
 }
 
 /*
@@ -247,7 +90,6 @@ dn_validate( char *dn_in )
 char *
 dn_normalize( char *dn )
 {
-#ifdef USE_LDAP_DN_PARSING
 	struct berval	val, *normalized;
 	int		rc;
 
@@ -272,26 +114,6 @@ dn_normalize( char *dn )
 	ber_bvfree( normalized );
 
 	return( dn );
-	
-#else /* !USE_LDAP_DN_PARSING */
-	char *out;
-	struct berval *bvdn, *nbvdn;
-
-	out = NULL;
-	bvdn = ber_bvstr( dn );
-	
-	if ( dnNormalize( NULL, bvdn, &nbvdn ) == LDAP_SUCCESS ) {
-		if ( nbvdn->bv_len <= bvdn->bv_len ) {
-			out = dn;
-			strcpy( out, nbvdn->bv_val );
-		}
-		ber_bvfree( nbvdn );
-	}
-	bvdn->bv_val = NULL; /* prevent bvfree from freeing dn */
-	ber_bvfree( bvdn );
-
-	return( out );
-#endif /* !USE_LDAP_DN_PARSING */
 }
 
 int

servers/slapd/entry.c

@@ -41,6 +41,7 @@ str2entry( char *s )
 {
 	int rc;
 	Entry		*e;
+	ber_len_t	dnlen;
 	char		*type;
 	struct berval value;
 	struct berval	*vals[2];
@@ -115,26 +116,48 @@ str2entry( char *s )
 		}
 
 		if ( strcasecmp( type, "dn" ) == 0 ) {
+			struct berval *pdn;
+
 			free( type );
 
 			if ( e->e_dn != NULL ) {
 #ifdef NEW_LOGGING
 				LDAP_LOG(( "operation", LDAP_LEVEL_DETAIL1, "str2entry: "
-					"entry %ld has multiple dns \"%s\" and \"%s\" "
-					"(second ignored)\n",
-					(long) e->e_id, e->e_dn, value.bv_val != NULL ? value.bv_val : "" ));
+					"entry %ld has multiple dns \"%s\" and \"%s\"\n",
+					(long) e->e_id, e->e_dn,
+					value.bv_val != NULL ? value.bv_val : "" ));
 #else
 				Debug( LDAP_DEBUG_ANY, "str2entry: "
-					"entry %ld has multiple dns \"%s\" and \"%s\" "
-					"(second ignored)\n",
+					"entry %ld has multiple dns \"%s\" and \"%s\"\n",
 				    (long) e->e_id, e->e_dn,
 					value.bv_val != NULL ? value.bv_val : "" );
 #endif
 				if( value.bv_val != NULL ) free( value.bv_val );
-				continue;
+				entry_free( e );
+				return NULL;
 			}
 
-			e->e_dn = value.bv_val != NULL ? value.bv_val : ch_strdup( "" );
+			rc = dnPretty( NULL, &value, &pdn );
+			if( rc != LDAP_SUCCESS ) {
+#ifdef NEW_LOGGING
+				LDAP_LOG(( "operation", LDAP_LEVEL_DETAIL1, "str2entry: "
+					"entry %ld has invalid DN \"%s\"\n",
+					(long) e->e_id,
+					pdn->bv_val ? pdn->bv_val : "" ));
+#else
+				Debug( LDAP_DEBUG_ANY, "str2entry: "
+					"entry %ld has invalid DN \"%s\"\n",
+					(long) e->e_id,
+					pdn->bv_val ? pdn->bv_val : "", 0 );
+#endif
+				if( value.bv_val != NULL ) free( value.bv_val );
+				entry_free( e );
+				return NULL;
+			}
+
+			e->e_dn = pdn->bv_val != NULL ? pdn->bv_val : ch_strdup( "" );
+			dnlen = pdn->bv_len;
+			free( pdn );
 			continue;
 		}
 
@@ -158,7 +181,6 @@ str2entry( char *s )
 			}
 
 			rc = slap_str2undef_ad( type, &ad, &text );
-
 			if( rc != LDAP_SUCCESS ) {
 #ifdef NEW_LOGGING
 				LDAP_LOG(( "operation", LDAP_LEVEL_DETAIL1,
@@ -266,24 +288,32 @@ str2entry( char *s )
 	}
 
 	/* generate normalized dn */
-	e->e_ndn = e->e_dn;
-	e->e_dn = dn_pretty( e->e_dn );
+	{
+		struct berval dn;
+		struct berval *ndn;
 
-	if( e->e_dn == NULL ) {
+		dn.bv_val = e->e_dn;
+		dn.bv_len = dnlen;
+
+		rc = dnNormalize( NULL, &dn, &ndn );
+
+		if( rc != LDAP_SUCCESS ) {
 #ifdef NEW_LOGGING
-		LDAP_LOG(( "operation", LDAP_LEVEL_INFO,
-			   "str2entry:  entry %ld has invalid dn: %s\n",
-				(long) e->e_id, e->e_ndn ));
+			LDAP_LOG(( "operation", LDAP_LEVEL_INFO,
+				   "str2entry:  entry %ld has invalid dn: %s\n",
+					(long) e->e_id, e->e_ndn ));
 #else
-		Debug( LDAP_DEBUG_ANY,
-			"str2entry: entry %ld has invalid dn: %s\n",
-		    (long) e->e_id, e->e_ndn, 0 );
+			Debug( LDAP_DEBUG_ANY,
+				"str2entry: entry %ld has invalid dn: %s\n",
+			    (long) e->e_id, e->e_ndn, 0 );
 #endif
-		entry_free( e );
-		return( NULL );
-	}
+			entry_free( e );
+			return NULL;
+		}
 
-	(void) dn_normalize( e->e_ndn );
+		e->e_ndn = ndn->bv_val;
+		free( ndn );
+	}
 
 #ifdef NEW_LOGGING
 	LDAP_LOG(( "operation", LDAP_LEVEL_DETAIL2,

servers/slapd/modify.c

@@ -34,7 +34,8 @@ do_modify(
     Operation	*op )
 {
 	struct berval dn = { 0, NULL };
-	char *ndn = NULL;
+	struct berval *pdn = NULL;
+	struct berval *ndn = NULL;
 	char		*last;
 	ber_tag_t	tag;
 	ber_len_t	len;
@@ -176,24 +177,37 @@ do_modify(
 		goto cleanup;
 	}
 
-	ndn = ch_strdup( dn.bv_val );
-
-	if(	dn_normalize( ndn ) == NULL ) {
+	rc = dnPretty( NULL, &dn, &pdn );
+	if( rc != LDAP_SUCCESS ) {
 #ifdef NEW_LOGGING
-		LDAP_LOG(( "operation", LDAP_LEVEL_ERR,
-			"do_modify: invalid dn (%s)\n", dn.bv_val ));
+		LDAP_LOG(( "operation", LDAP_LEVEL_INFO,
+			"do_modify: conn %d  invalid dn (%s)\n",
+			conn->c_connid, dn.bv_val ));
 #else
 		Debug( LDAP_DEBUG_ANY,
-			"do_modify: invalid dn (%s)\n",
-			dn.bv_val, 0, 0 );
+			"do_modify: invalid dn (%s)\n", dn.bv_val, 0, 0 );
 #endif
-
 		send_ldap_result( conn, op, rc = LDAP_INVALID_DN_SYNTAX, NULL,
 		    "invalid DN", NULL, NULL );
 		goto cleanup;
 	}
 
-	if( *ndn == '\0' ) {
+	rc = dnNormalize( NULL, &dn, &ndn );
+	if( rc != LDAP_SUCCESS ) {
+#ifdef NEW_LOGGING
+		LDAP_LOG(( "operation", LDAP_LEVEL_INFO,
+			"do_modify: conn %d  invalid dn (%s)\n",
+			conn->c_connid, dn.bv_val ));
+#else
+		Debug( LDAP_DEBUG_ANY,
+			"do_modify: invalid dn (%s)\n", dn.bv_val, 0, 0 );
+#endif
+		send_ldap_result( conn, op, rc = LDAP_INVALID_DN_SYNTAX, NULL,
+		    "invalid DN", NULL, NULL );
+		goto cleanup;
+	}
+
+	if( ndn->bv_len == 0 ) {
 #ifdef NEW_LOGGING
 		LDAP_LOG(( "operation", LDAP_LEVEL_ERR,
 			"do_modify: attempt to modify root DSE.\n" ));
@@ -206,7 +220,7 @@ do_modify(
 		goto cleanup;
 
 #if defined( SLAPD_SCHEMA_DN )
-	} else if ( strcasecmp( ndn, SLAPD_SCHEMA_DN ) == 0 ) {
+	} else if ( strcasecmp( ndn->bv_val, SLAPD_SCHEMA_DN ) == 0 ) {
 #ifdef NEW_LOGGING
 		LDAP_LOG(( "operation", LDAP_LEVEL_ERR,
 			"do_modify: attempt to modify subschema subentry.\n" ));
@@ -283,9 +297,9 @@ do_modify(
 	 * appropriate one, or send a referral to our "referral server"
 	 * if we don't hold it.
 	 */
-	if ( (be = select_backend( ndn, manageDSAit, 0 )) == NULL ) {
+	if ( (be = select_backend( ndn->bv_val, manageDSAit, 0 )) == NULL ) {
 		struct berval **ref = referral_rewrite( default_referral,
-			NULL, dn.bv_val, LDAP_SCOPE_DEFAULT );
+			NULL, pdn->bv_val, LDAP_SCOPE_DEFAULT );
 
 		send_ldap_result( conn, op, rc = LDAP_REFERRAL,
 			NULL, NULL, ref ? ref : default_referral, NULL );
@@ -303,13 +317,14 @@ do_modify(
 	}
 
 	/* check for referrals */
-	rc = backend_check_referrals( be, conn, op, dn.bv_val, ndn );
+	rc = backend_check_referrals( be, conn, op, pdn->bv_val, ndn->bv_val );
 	if ( rc != LDAP_SUCCESS ) {
 		goto cleanup;
 	}
 
 	/* deref suffix alias if appropriate */
-	ndn = suffix_alias( be, ndn );
+	ndn->bv_val = suffix_alias( be, ndn->bv_val );
+	ndn->bv_len = strlen( ndn->bv_val );
 
 	/*
 	 * do the modify if 1 && (2 || 3)
@@ -362,13 +377,13 @@ do_modify(
 				}
 			}
 
-			if ( (*be->be_modify)( be, conn, op, dn.bv_val, ndn, mods ) == 0
+			if ( (*be->be_modify)( be, conn, op, pdn->bv_val, ndn->bv_val, mods ) == 0
 #ifdef SLAPD_MULTIMASTER
 				&& !repl_user
 #endif
 			) {
 				/* but we log only the ones not from a replicator user */
-				replog( be, op, dn.bv_val, ndn, mods );
+				replog( be, op, pdn->bv_val, ndn->bv_val, mods );
 			}
 
 #ifndef SLAPD_MULTIMASTER
@@ -377,7 +392,7 @@ do_modify(
 			struct berval **defref = be->be_update_refs
 				? be->be_update_refs : default_referral;
 			struct berval **ref = referral_rewrite( defref,
-				NULL, dn.bv_val, LDAP_SCOPE_DEFAULT );
+				NULL, pdn->bv_val, LDAP_SCOPE_DEFAULT );
 
 			send_ldap_result( conn, op, rc = LDAP_REFERRAL, NULL, NULL,
 				ref ? ref : defref, NULL );
@@ -387,12 +402,14 @@ do_modify(
 		}
 	} else {
 		send_ldap_result( conn, op, rc = LDAP_UNWILLING_TO_PERFORM,
-		    NULL, "operation not supported within namingContext", NULL, NULL );
+		    NULL, "operation not supported within namingContext",
+			NULL, NULL );
 	}
 
 cleanup:
 	free( dn.bv_val );
-	if( ndn != NULL ) free( ndn );
+	if( pdn != NULL ) ber_bvfree( pdn );
+	if( ndn != NULL ) ber_bvfree( ndn );
 	if ( modlist != NULL )
 		slap_modlist_free( modlist );
 	if ( mods != NULL )

servers/slapd/proto-slap.h

@@ -325,7 +325,6 @@ LDAP_SLAPD_F (void) connection_internal_close( Connection *conn );
  * dn.c
  */
 
-LDAP_SLAPD_F (char *) dn_pretty LDAP_P(( const char *dn ));
 LDAP_SLAPD_F (char *) dn_validate LDAP_P(( char *dn ));
 LDAP_SLAPD_F (char *) dn_normalize LDAP_P(( char *dn ));
 LDAP_SLAPD_F (int) dn_match LDAP_P(( const char *val, const char *asserted ));
@@ -752,14 +751,20 @@ LDAP_SLAPD_F( int ) mods_structural_class(
 LDAP_SLAPD_F (int) schema_init LDAP_P((void));
 LDAP_SLAPD_F (int) schema_prep LDAP_P((void));
 
+LDAP_SLAPD_F (int) dnValidate LDAP_P((
+	Syntax *syntax, 
+	struct berval *val ));
+
 LDAP_SLAPD_F (int) dnNormalize LDAP_P((
 	Syntax *syntax, 
 	struct berval *val, 
 	struct berval **normalized ));
+
 LDAP_SLAPD_F (int) dnPretty LDAP_P(( 
 	Syntax *syntax, 
 	struct berval *val, 
-	struct berval **normalized ));
+	struct berval **pretty ));
+
 LDAP_SLAPD_F (int) dnMatch LDAP_P(( 
 	int *matchp, 
 	slap_mask_t flags, 

servers/slapd/schema_init.c

@@ -32,11 +32,7 @@
 
 /* unimplemented pretters */
 #define integerPretty					NULL
-#ifndef USE_LDAP_DN_PARSING
-#	define dnPretty						NULL
-#else
-#	define SLAP_LDAPDN_PRETTY 0x1
-#endif /* !USE_LDAP_DN_PARSING */
+#define SLAP_LDAPDN_PRETTY 0x1
 
 /* recycled matching routines */
 #define bitStringMatch					octetStringMatch
@@ -221,8 +217,6 @@ int octetStringFilter(
 	return LDAP_SUCCESS;
 }
 
-#ifdef USE_LDAP_DN_PARSING
-
 /*
  * The DN syntax-related functions take advantage of the dn representation
  * handling functions ldap_str2dn/ldap_dn2str.  The latter are not schema-
@@ -304,7 +298,7 @@ LDAPDN_validate( LDAPDN *dn )
 /*
  * dn validate routine
  */
-static int
+int
 dnValidate(
 	Syntax *syntax,
 	struct berval *in )
@@ -661,103 +655,6 @@ dnMatch(
 	return( LDAP_SUCCESS );
 }
 
-#else /* !USE_LDAP_DN_PARSING */
-
-static int
-dnValidate(
-	Syntax *syntax,
-	struct berval *in )
-{
-	int rc;
-	char *dn;
-
-	if( in->bv_len == 0 ) return LDAP_SUCCESS;
-
-	dn = ch_strdup( in->bv_val );
-
-	if( dn == NULL ) {
-		return LDAP_INVALID_SYNTAX;
-
-	} else if ( strlen( in->bv_val ) != in->bv_len ) {
-		rc = LDAP_INVALID_SYNTAX;
-
-	} else if ( dn_validate( dn ) == NULL ) {
-		rc = LDAP_INVALID_SYNTAX;
-
-	} else {
-		rc = LDAP_SUCCESS;
-	}
-
-	ch_free( dn );
-	return rc;
-}
-
-int
-dnNormalize(
-	Syntax *syntax,
-	struct berval *val,
-	struct berval **normalized )
-{
-	struct berval *out;
-
-	if ( val->bv_len != 0 ) {
-		char *dn;
-		out = ber_bvstr( UTF8normalize( val, UTF8_CASEFOLD ) );
-
-		dn = dn_validate( out->bv_val );
-
-		if( dn == NULL ) {
-			ber_bvfree( out );
-			return LDAP_INVALID_SYNTAX;
-		}
-
-		out->bv_val = dn;
-		out->bv_len = strlen( dn );
-	} else {
-		out = ber_bvdup( val );
-	}
-
-	*normalized = out;
-	return LDAP_SUCCESS;
-}
-
-int
-dnMatch(
-	int *matchp,
-	slap_mask_t flags,
-	Syntax *syntax,
-	MatchingRule *mr,
-	struct berval *value,
-	void *assertedValue )
-{
-	int match;
-	struct berval *asserted = (struct berval *) assertedValue;
-	
-	match = value->bv_len - asserted->bv_len;
-
-	if( match == 0 ) {
-#ifdef USE_DN_NORMALIZE
-		match = strcmp( value->bv_val, asserted->bv_val );
-#else
-		match = strcasecmp( value->bv_val, asserted->bv_val );
-#endif
-	}
-
-#ifdef NEW_LOGGING
-	LDAP_LOG(( "schema", LDAP_LEVEL_ENTRY,
-		"dnMatch: %d\n    %s\n    %s\n", match,
-		value->bv_val, asserted->bv_val ));
-#else
-	Debug( LDAP_DEBUG_ARGS, "dnMatch %d\n\t\"%s\"\n\t\"%s\"\n",
-		match, value->bv_val, asserted->bv_val );
-#endif
-
-
-	*matchp = match;
-	return LDAP_SUCCESS;
-}
-
-#endif /* !USE_LDAP_DN_PARSING */
 
 static int
 nameUIDValidate(

servers/slapd/search.c

@@ -34,7 +34,9 @@ do_search(
 	ber_int_t	scope, deref, attrsonly;
 	ber_int_t	sizelimit, timelimit;
 	struct berval base = { 0, NULL };
-	char		*nbase = NULL, *fstr = NULL;
+	struct berval *pbase = NULL;
+	struct berval *nbase = NULL;
+	char		*fstr = NULL;
 	Filter		*filter = NULL;
 	char		**attrs = NULL;
 	Backend		*be;
@@ -107,14 +109,37 @@ do_search(
 		goto return_results;
 	}
 
-	nbase = ch_strdup( base.bv_val );
-
-	if( dn_normalize( nbase ) == NULL ) {
-		send_ldap_result( conn, op, rc = LDAP_INVALID_DN_SYNTAX,
-			NULL, "invalid DN", NULL, NULL );
+	rc = dnPretty( NULL, &base, &pbase );
+	if( rc != LDAP_SUCCESS ) {
+#ifdef NEW_LOGGING
+		LDAP_LOG(( "operation", LDAP_LEVEL_INFO,
+			"do_search: conn %d  invalid dn (%s)\n",
+			conn->c_connid, base.bv_val ));
+#else
+		Debug( LDAP_DEBUG_ANY,
+			"do_search: invalid dn (%s)\n", base.bv_val, 0, 0 );
+#endif
+		send_ldap_result( conn, op, rc = LDAP_INVALID_DN_SYNTAX, NULL,
+		    "invalid DN", NULL, NULL );
 		goto return_results;
 	}
 
+	rc = dnNormalize( NULL, &base, &nbase );
+	if( rc != LDAP_SUCCESS ) {
+#ifdef NEW_LOGGING
+		LDAP_LOG(( "operation", LDAP_LEVEL_INFO,
+			"do_searc: conn %d  invalid dn (%s)\n",
+			conn->c_connid, base.bv_val ));
+#else
+		Debug( LDAP_DEBUG_ANY,
+			"do_search: invalid dn (%s)\n", base.bv_val, 0, 0 );
+#endif
+		send_ldap_result( conn, op, rc = LDAP_INVALID_DN_SYNTAX, NULL,
+		    "invalid DN", NULL, NULL );
+		goto return_results;
+	}
+
+
 #ifdef NEW_LOGGING
 	LDAP_LOG(( "operation", LDAP_LEVEL_ARGS,
 		"do_search \"%s\" %d %d %d %d %d\n", base.bv_val, scope,
@@ -196,14 +221,14 @@ do_search(
 
 	Statslog( LDAP_DEBUG_STATS,
 	    "conn=%ld op=%d SRCH base=\"%s\" scope=%d filter=\"%s\"\n",
-	    op->o_connid, op->o_opid, base.bv_val, scope, fstr );
+	    op->o_connid, op->o_opid, pbase->bv_val, scope, fstr );
 
 	manageDSAit = get_manageDSAit( op );
 
 	if ( scope == LDAP_SCOPE_BASE ) {
 		Entry *entry = NULL;
 
-		if ( strcasecmp( nbase, LDAP_ROOT_DSE ) == 0 ) {
+		if ( strcasecmp( nbase->bv_val, LDAP_ROOT_DSE ) == 0 ) {
 #ifdef LDAP_CONNECTIONLESS
 			/* Ignore LDAPv2 CLDAP DSE queries */
 			if (op->o_protocol==LDAP_VERSION2 && conn->c_is_udp) {
@@ -222,7 +247,7 @@ do_search(
 		}
 
 #if defined( SLAPD_SCHEMA_DN )
-		else if ( strcasecmp( nbase, SLAPD_SCHEMA_DN ) == 0 ) {
+		else if ( strcasecmp( nbase->bv_val, SLAPD_SCHEMA_DN ) == 0 ) {
 			/* check restrictions */
 			rc = backend_check_restrictions( NULL, conn, op, NULL, &text ) ;
 			if( rc != LDAP_SUCCESS ) {
@@ -257,12 +282,13 @@ do_search(
 		}
 	}
 
-	if( nbase[0] == '\0' && default_search_nbase != NULL ) {
+	if( nbase->bv_len == 0 && default_search_nbase != NULL ) {
 		ch_free( base.bv_val );
-		ch_free( nbase );
+		ch_free( nbase->bv_val );
 		base.bv_val = ch_strdup( default_search_base );
 		base.bv_len = strlen( default_search_nbase );
-		nbase = ch_strdup( default_search_nbase );
+		nbase->bv_val = ch_strdup( default_search_nbase );
+		nbase->bv_len = strlen( default_search_nbase );
 	}
 
 	/*
@@ -270,9 +296,9 @@ do_search(
 	 * appropriate one, or send a referral to our "referral server"
 	 * if we don't hold it.
 	 */
-	if ( (be = select_backend( nbase, manageDSAit, 1 )) == NULL ) {
+	if ( (be = select_backend( nbase->bv_val, manageDSAit, 1 )) == NULL ) {
 		struct berval **ref = referral_rewrite( default_referral,
-			NULL, base.bv_val, scope );
+			NULL, pbase->bv_val, scope );
 
 		send_ldap_result( conn, op, rc = LDAP_REFERRAL,
 			NULL, NULL, ref ? ref : default_referral, NULL );
@@ -290,17 +316,18 @@ do_search(
 	}
 
 	/* check for referrals */
-	rc = backend_check_referrals( be, conn, op, base.bv_val, nbase );
+	rc = backend_check_referrals( be, conn, op, pbase->bv_val, nbase->bv_val );
 	if ( rc != LDAP_SUCCESS ) {
 		goto return_results;
 	}
 
 	/* deref the base if needed */
-	nbase = suffix_alias( be, nbase );
+	nbase->bv_val = suffix_alias( be, nbase->bv_val );
+	nbase->bv_len = strlen( nbase->bv_val );
 
 	/* actually do the search and send the result(s) */
 	if ( be->be_search ) {
-		(*be->be_search)( be, conn, op, base.bv_val, nbase,
+		(*be->be_search)( be, conn, op, pbase->bv_val, nbase->bv_val,
 			scope, deref, sizelimit,
 		    timelimit, filter, fstr, attrs, attrsonly );
 	} else {
@@ -310,7 +337,9 @@ do_search(
 
 return_results:;
 	free( base.bv_val );
-	if( nbase != NULL) free( nbase );
+	if( pbase != NULL) ber_bvfree( pbase );
+	if( nbase != NULL) ber_bvfree( nbase );
+
 	if( fstr != NULL) free( fstr );
 	if( filter != NULL) filter_free( filter );
 	if ( attrs != NULL ) {

servers/slapd/slap.h

@@ -8,8 +8,6 @@
 #ifndef _SLAP_H_
 #define _SLAP_H_
 
-#define USE_LDAP_DN_PARSING
-
 #include "ldap_defaults.h"
 
 #include <stdio.h>