[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: DN with semicolon does not work

I think what we really need to do is to make sure that
are only called with normalized DNs.  Once that is done, then
the difference between these macros is moot.

I don't think a semi should appear in either a pretty nor a normalized
DN.  And if truely an arbitrary DN string, then neither macro is safe
to use.

Maybe we need to add
        assert( (c) != ';' )
in a few places to figure out how ';' are getting through to


At 05:12 PM 5/6/2004, Pierangelo Masarati wrote:

>> That's what I mean with "naive"; the DN_SEPARATOR() macro was probably
>> intended as a generic macro and not to be used for that purpose.  I
>> suggest properly escaped semicolons to be left in "pretty" form; it is
>> guaranteed that a normalized DN will only use commas as rdn separators.
>> The ndn exploration in back-bdb should be done with LDAP_DN_RDN_SEP() as
>> defined in libraries/libldap/getdn.c (moved to an appropriate header as
>> well as those macros that should not be deemed private) instead of
>> DN_SEPARATOR() as defined in slap.h, which is inappropriate for a
>> normalized DN.
>I temporarily fixed the problem in HEAD; a more complete fix would require
>moving DN parsing macros from libraries/libldap/getdn.c to a header, and
>replace those macros in servers/slapd/slap.h that are duplicate.
>I also note that the smae problem may potentially occur in all places
>where slapd uses the DN_SEPARATOR() macro (e.g. in ACLs, in limits, in
>backend selection and more) so I modified that code as well, and I'm about
>to commit this.
>Pierangelo Masarati
>    SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax: +390382476497