Menu
▾
▴
Re: utility functions for handling Distinguished Names
|
From: Graham B. <gb...@po...> - 2002-04-23 20:27:59
|
On Tue, Apr 23, 2002 at 10:07:09PM +0200, Norbert Klasen wrote:
> As long as we do not want to make canonical_dn schema aware, I think it
> should be enough for canonical_dn to encode AttributeTypes of the
> dotted-decimal form as #xxxx. Additional attriubte types can be specified
> by the (renamed) ber parameter.
>
> One question that remains is whether and how ldap_explode_dn should mark
> values exploded from #xxxx. (BTW do such things really occur in DNs?) I
> would argue that there is no need for this:
I did that by storing as a ref, but your patch seems to have removed it again.
I will be leaving that in there.
> - Only AttributeValues which are of a type which does not have a string
> representation defined for it are encoded as #xxxx. [RFC2253]
> - "clients MUST NOT assume that an unrecognized syntax is a string
> representation" [RFC2252]
> So an application that supports attribute types without a string
> representation will know how to handle their values and therefore needs no
> extra help by perl-ldap.
>
> Attached patch to perl-ldap-0.25_01:
> - additional comments and documentation
> - renamed binary parameter in canonical_dn to ber
> - canonical_dn uses ldap_explode_dn reverse functionality
> - #xxxx encode dotted-decimal attribute types
> - don't use refs for #xxxx values
Why ?
> - handling of empty DNs
>
> --- Util.pm-0.25_01 Tue Apr 23 20:35:04 2002
> +++ Util.pm Tue Apr 23 21:16:17 2002
> @@ -231,8 +231,8 @@
> sub canonical_dn($%) {
> - my $dn = shift or return '';
> + my $dn = shift;
> + return $dn unless $dn; # empty DN or undef
$dn = "0" ?
This should be return $dn unless $dn and length $dn;
> my %opt = @_;
>
> # create array of hash representation
> my @rdns;
> if ( ref $dn eq 'ARRAY' ) {
> - @rdns = @{$dn};
> + @rdns = $opt{reverse} ? reverse @{$dn} : @{$dn};
> } else {
> - @rdns = ldap_explode_dn( $dn ) or return undef; #error condition
> + @rdns = ldap_explode_dn( $dn, reverse => $opt{reverse} );
Does it really make sense for ldap_explode_dn todo the reverse ?
> - if ( ref($val) ) {
> - $val = '#' . unpack("H*", $$val);
> - }
I do not understand why you are taking this out ????
> - elsif ( $binary{lc $_} ) {
> - # escape binary attributes as #hexpair*
> + if ( $ber{lc $_} || $_ =~ /\d+(?:\.\d+)*/ ) {
This is wring, you cannot #xxx encode anything that was not
originally encoded that way. As such I dont see the point of the
ber parameter.
> + # escape unknown attribute types as #hexpair*
> $val = '#' . unpack("H*", $val);
> - #$val =~ s/(.)/sprintf("%02x",ord($1))/eg;
> - #$val = '#'.$val;
> } else {
> #escape insecure characters and optionally MBCs
> if ( $opt{mbcescape} ) {
> @@ -355,7 +356,7 @@
> "\\20" x length $1/xeg;
> }
>
> sub ldap_explode_dn($%) {
> - my $dn = shift or return;
> + my @emptydn = (); #empty DN array for scalar context
> + my $dn = shift;
> + return wantarray ? [] : \@emptydn if $dn eq '';
This does not make sense. You are returning a scalar ref
when wantarray is true. Did you mean
return wantarray ? () : [] if $dn eq '';
> my %opt = @_;
>
> my (@dn, %rdn);
> + $dn =~ s/^<(.*)>$/$1/; #remove brackets
why ? where is it defined that DNs have <> brackets ?
> while (
> $dn =~ /\G(?:
> \s*
> @@ -459,9 +481,9 @@
> }
>
> if ( $val =~ s/^#// ) {
> - # unescape hex sequence
> - (my $tmp = $val) =~ s/([0-9a-fA-F]{2})/chr(hex($1))/eg;
> - $val = \$tmp;
> + # unescape hex encoded BER value
> + $val = pack("H*", $val);
This is wrong, canonical_dn needs to know when to generate #xxx
and when not to. And you cannot depend on the attribute name
for that.
Graham.
|
