[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: DN with semicolon does not work

To: ando@sys-net.it
Subject: Re: DN with semicolon does not work
From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
Date: Thu, 06 May 2004 17:49:39 -0700
Cc: <michael@stroeder.com>, <openldap-devel@OpenLDAP.org>
In-reply-to: <62300.81.72.89.40.1083887586.squirrel@webmail.sys-net.it>
References: <4099E8C1.8000702@stroeder.com> <6.0.1.1.0.20040506120712.02c909b0@127.0.0.1> <61170.81.72.89.40.1083874965.squirrel@webmail.sys-net.it> <6.0.1.1.0.20040506133952.02c63340@127.0.0.1> <62300.81.72.89.40.1083887586.squirrel@webmail.sys-net.it>

At 04:53 PM 5/6/2004, Pierangelo Masarati wrote:

>> At 01:22 PM 5/6/2004, Pierangelo Masarati wrote:
>>>The error is in back-bdb/cache.c:339 where a DN is "naively"
>>>explored stopping at a DN_SEAPARTOR();
>>
>> Exploring normalized or unnormalized DN?  The latter should
>> never be natively explored.
>
>normalized, but explored with an inappropriate test; see below.
>
>>
>>>the ';' is a valid
>>>rdn separator, and, even in normalized mode, it is not escaped.
>>>I see two solutions: use LDAPDN routines to run thru the DN,
>>>or always expair escape ';' in DN.
>>
>> In normalized DNs, the semis in values should be hex escaped
>> and the RDN separator should be a comma.
>
>That's what I mean with "naive"; the DN_SEPARATOR() macro was probably
>intended as a generic macro and not to be used for that purpose.

Using DN_SEPARATOR() on an unnormalized DN is not wise, but
I don't see any problem with using the macro on a normalized DN
as the ';' should never appear in a normalized DN.

It seems to me that the bug here is not with DN_SEPARATOR() but
with its input.

It seems to me that changing DN_SEPARATOR() just causes the real
bug to be further masked:  ndn was not properly normalized.

>I suggest properly escaped semicolons to be left in "pretty" form;
>it is guaranteed that a normalized DN will only use commas as rdn separators. 

The pretty form should guarantee this as well.

>The ndn exploration in back-bdb should be done with LDAP_DN_RDN_SEP() as
>defined in libraries/libldap/getdn.c (moved to an appropriate header as
>well as those macros that should not be deemed private) instead of
>DN_SEPARATOR() as defined in slap.h, which is inappropriate for a
>normalized DN.

I don't understand this statement.  Use of DN_SEPARATOR is approrpiate
for use on a normalized DN as a normalized DN cannot ever contain ';'.
The || (c) == ';' part should never be TRUE, and therefore should be
irrelevant.

Kurt


>p.
>
>>
>>
>>
>>
>>>p.
>>>
>>>> I suggest you hack one of the test scripts to demonstrate
>>>> the problem and then file an ITS.
>>>>
>>>> At 12:26 AM 5/6/2004, Michael Ströder wrote:
>>>>>HI!
>>>>>
>>>>>It seems it's not possible to add an entry containing a correctly
>>>>> escaped semicolon and read it afterwards. Instead noSuchObject is
>>>>> returned. Tested with OPENLDAP_REL_ENG_2_2.
>>>>>
>>>>>The very same operations work with other LDAP servers.
>>>>>
>>>>>Ciao, Michael.
>>>
>>>
>>>--
>>>Pierangelo Masarati
>>>mailto:pierangelo.masarati@sys-net.it
>>>
>>>
>>>
>>>
>>>    SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax:
>>> +390382476497
>
>
>-- 
>Pierangelo Masarati
>mailto:pierangelo.masarati@sys-net.it
>
>
>
>
>    SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax: +390382476497

References:
- DN with semicolon does not work
  - From: Michael Ströder <michael@stroeder.com>
- Re: DN with semicolon does not work
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
- Re: DN with semicolon does not work
  - From: "Pierangelo Masarati" <ando@sys-net.it>
- Re: DN with semicolon does not work
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
- Re: DN with semicolon does not work
  - From: "Pierangelo Masarati" <ando@sys-net.it>

Prev by Date: Re: DN with semicolon does not work
Next by Date: Re: DN with semicolon does not work
Index(es):
- Chronological
- Thread