]> git.sur5r.net Git - openldap/blob - servers/slapd/ad.c
Referrals should not (except in special cases) be
[openldap] / servers / slapd / ad.c
1 /* ad.c - routines for dealing with attribute descriptions */
2 /* $OpenLDAP$ */
3 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
4  *
5  * Copyright 1998-2004 The OpenLDAP Foundation.
6  * All rights reserved.
7  *
8  * Redistribution and use in source and binary forms, with or without
9  * modification, are permitted only as authorized by the OpenLDAP
10  * Public License.
11  *
12  * A copy of this license is available in the file LICENSE in the
13  * top-level directory of the distribution or, alternatively, at
14  * <http://www.OpenLDAP.org/license.html>.
15  */
16
17 #include "portable.h"
18
19 #include <stdio.h>
20
21 #include <ac/ctype.h>
22 #include <ac/errno.h>
23 #include <ac/socket.h>
24 #include <ac/string.h>
25 #include <ac/time.h>
26
27 #include "ldap_pvt.h"
28 #include "slap.h"
29 #include "lutil.h"
30
31 static AttributeName anlist_no_attrs[] = {
32         { BER_BVC( LDAP_NO_ATTRS ), NULL, 0, NULL },
33         { BER_BVNULL, NULL, 0, NULL }
34 };
35
36 static AttributeName anlist_all_user_attributes[] = {
37         { BER_BVC( LDAP_ALL_USER_ATTRIBUTES ), NULL, 0, NULL },
38         { BER_BVNULL, NULL, 0, NULL }
39 };
40
41 static AttributeName anlist_all_operational_attributes[] = {
42         { BER_BVC( LDAP_ALL_OPERATIONAL_ATTRIBUTES ), NULL, 0, NULL },
43         { BER_BVNULL, NULL, 0, NULL }
44 };
45
46 static AttributeName anlist_all_attributes[] = {
47         { BER_BVC( LDAP_ALL_USER_ATTRIBUTES ), NULL, 0, NULL },
48         { BER_BVC( LDAP_ALL_OPERATIONAL_ATTRIBUTES ), NULL, 0, NULL },
49         { BER_BVNULL, NULL, 0, NULL }
50 };
51
52 AttributeName *slap_anlist_no_attrs = anlist_no_attrs;
53 AttributeName *slap_anlist_all_user_attributes = anlist_all_user_attributes;
54 AttributeName *slap_anlist_all_operational_attributes = anlist_all_operational_attributes;
55 AttributeName *slap_anlist_all_attributes = anlist_all_attributes;
56
57 typedef struct Attr_option {
58         struct berval name;     /* option name or prefix */
59         int           prefix;   /* NAME is a tag and range prefix */
60 } Attr_option;
61
62 static Attr_option lang_option = { { sizeof("lang-")-1, "lang-" }, 1 };
63
64 /* Options sorted by name, and number of options */
65 static Attr_option *options = &lang_option;
66 static int option_count = 1;
67
68 static Attr_option *ad_find_option_definition( const char *opt, int optlen );
69
70 static int ad_keystring(
71         struct berval *bv )
72 {
73         ber_len_t i;
74
75         if( !AD_LEADCHAR( bv->bv_val[0] ) ) {
76                 return 1;
77         }
78
79         for( i=1; i<bv->bv_len; i++ ) {
80                 if( !AD_CHAR( bv->bv_val[i] ) ) {
81                         return 1;
82                 }
83         }
84         return 0;
85 }
86
87 void ad_destroy( AttributeDescription *ad )
88 {
89         AttributeDescription *n;
90
91         for (; ad != NULL; ad = n) {
92                 n = ad->ad_next;
93                 ldap_memfree( ad );
94         }
95 }
96
97 /* Is there an AttributeDescription for this type that uses these tags? */
98 AttributeDescription * ad_find_tags(
99         AttributeType *type,
100         struct berval *tags )
101 {
102         AttributeDescription *ad;
103
104         ldap_pvt_thread_mutex_lock( &type->sat_ad_mutex );
105         for (ad = type->sat_ad; ad; ad=ad->ad_next)
106         {
107                 if (ad->ad_tags.bv_len == tags->bv_len &&
108                         !strcasecmp(ad->ad_tags.bv_val, tags->bv_val))
109                         break;
110         }
111         ldap_pvt_thread_mutex_unlock( &type->sat_ad_mutex );
112         return ad;
113 }
114
115 int slap_str2ad(
116         const char *str,
117         AttributeDescription **ad,
118         const char **text )
119 {
120         struct berval bv;
121         bv.bv_val = (char *) str;
122         bv.bv_len = strlen( str );
123
124         return slap_bv2ad( &bv, ad, text );
125 }
126
127 static char *strchrlen(
128         const char *p, 
129         const char ch, 
130         int *len )
131 {
132         int i;
133
134         for( i=0; p[i]; i++ ) {
135                 if( p[i] == ch ) {
136                         *len = i;
137                         return (char *) &p[i];
138                 }
139         }
140
141         *len = i;
142         return NULL;
143 }
144
145 int slap_bv2ad(
146         struct berval *bv,
147         AttributeDescription **ad,
148         const char **text )
149 {
150         int rtn = LDAP_UNDEFINED_TYPE;
151         AttributeDescription desc, *d2;
152         char *name, *options;
153         char *opt, *next;
154         int ntags;
155         int tagslen;
156
157         /* hardcoded limits for speed */
158 #define MAX_TAGGING_OPTIONS 128
159         struct berval tags[MAX_TAGGING_OPTIONS+1];
160 #define MAX_TAGS_LEN 1024
161         char tagbuf[MAX_TAGS_LEN];
162
163         assert( ad != NULL );
164         assert( *ad == NULL ); /* temporary */
165
166         if( bv == NULL || BER_BVISNULL( bv ) || BER_BVISEMPTY( bv ) ) {
167                 *text = "empty AttributeDescription";
168                 return rtn;
169         }
170
171         /* make sure description is IA5 */
172         if( ad_keystring( bv ) ) {
173                 *text = "AttributeDescription contains inappropriate characters";
174                 return rtn;
175         }
176
177         /* find valid base attribute type; parse in place */
178         memset( &desc, 0, sizeof( desc ));
179         desc.ad_cname = *bv;
180         name = bv->bv_val;
181         options = strchr(name, ';');
182         if( options != NULL ) {
183                 desc.ad_cname.bv_len = options - name;
184         }
185         desc.ad_type = at_bvfind( &desc.ad_cname );
186         if( desc.ad_type == NULL ) {
187                 *text = "attribute type undefined";
188                 return rtn;
189         }
190
191         if( is_at_operational( desc.ad_type ) && options != NULL ) {
192                 *text = "operational attribute with options undefined";
193                 return rtn;
194         }
195
196         /*
197          * parse options in place
198          */
199         ntags = 0;
200         memset( tags, 0, sizeof( tags ));
201         tagslen = 0;
202
203         for( opt=options; opt != NULL; opt=next ) {
204                 int optlen;
205                 opt++; 
206                 next = strchrlen( opt, ';', &optlen );
207
208                 if( optlen == 0 ) {
209                         *text = "zero length option is invalid";
210                         return rtn;
211                 
212                 } else if ( optlen == sizeof("binary")-1 &&
213                         strncasecmp( opt, "binary", sizeof("binary")-1 ) == 0 )
214                 {
215                         /* binary option */
216                         if( slap_ad_is_binary( &desc ) ) {
217                                 *text = "option \"binary\" specified multiple times";
218                                 return rtn;
219                         }
220
221                         if( !slap_syntax_is_binary( desc.ad_type->sat_syntax )) {
222                                 /* not stored in binary, disallow option */
223                                 *text = "option \"binary\" not supported with type";
224                                 return rtn;
225                         }
226
227                         desc.ad_flags |= SLAP_DESC_BINARY;
228                         continue;
229
230                 } else if ( ad_find_option_definition( opt, optlen ) ) {
231                         int i;
232
233                         if( opt[optlen-1] == '-' ) {
234                                 desc.ad_flags |= SLAP_DESC_TAG_RANGE;
235                         }
236
237                         if( ntags >= MAX_TAGGING_OPTIONS ) {
238                                 *text = "too many tagging options";
239                                 return rtn;
240                         }
241
242                         /*
243                          * tags should be presented in sorted order,
244                          * so run the array in reverse.
245                          */
246                         for( i=ntags-1; i>=0; i-- ) {
247                                 int rc;
248
249                                 rc = strncasecmp( opt, tags[i].bv_val,
250                                         (unsigned) optlen < tags[i].bv_len
251                                                 ? optlen : tags[i].bv_len );
252
253                                 if( rc == 0 && (unsigned)optlen == tags[i].bv_len ) {
254                                         /* duplicate (ignore) */
255                                         goto done;
256
257                                 } else if ( rc > 0 ||
258                                         ( rc == 0 && (unsigned)optlen > tags[i].bv_len ))
259                                 {
260                                         AC_MEMCPY( &tags[i+2], &tags[i+1],
261                                                 (ntags-i-1)*sizeof(struct berval) );
262                                         tags[i+1].bv_val = opt;
263                                         tags[i+1].bv_len = optlen;
264                                         goto done;
265                                 }
266                         }
267
268                         if( ntags ) {
269                                 AC_MEMCPY( &tags[1], &tags[0],
270                                         ntags*sizeof(struct berval) );
271                         }
272                         tags[0].bv_val = opt;
273                         tags[0].bv_len = optlen;
274
275 done:;
276                         tagslen += optlen + 1;
277                         ntags++;
278
279                 } else {
280                         *text = "unrecognized option";
281                         return rtn;
282                 }
283         }
284
285         if( ntags > 0 ) {
286                 int i;
287
288                 if( tagslen > MAX_TAGS_LEN ) {
289                         *text = "tagging options too long";
290                         return rtn;
291                 }
292
293                 desc.ad_tags.bv_val = tagbuf;
294                 tagslen = 0;
295
296                 for( i=0; i<ntags; i++ ) {
297                         AC_MEMCPY( &desc.ad_tags.bv_val[tagslen],
298                                 tags[i].bv_val, tags[i].bv_len );
299
300                         tagslen += tags[i].bv_len;
301                         desc.ad_tags.bv_val[tagslen++] = ';';
302                 }
303
304                 desc.ad_tags.bv_val[--tagslen] = '\0';
305                 desc.ad_tags.bv_len = tagslen;
306         }
307
308         /* see if a matching description is already cached */
309         for (d2 = desc.ad_type->sat_ad; d2; d2=d2->ad_next) {
310                 if( d2->ad_flags != desc.ad_flags ) {
311                         continue;
312                 }
313                 if( d2->ad_tags.bv_len != desc.ad_tags.bv_len ) {
314                         continue;
315                 }
316                 if( d2->ad_tags.bv_len == 0 ) {
317                         break;
318                 }
319                 if( strncasecmp( d2->ad_tags.bv_val, desc.ad_tags.bv_val,
320                         desc.ad_tags.bv_len ) == 0 )
321                 {
322                         break;
323                 }
324         }
325
326         /* Not found, add new one */
327         while (d2 == NULL) {
328                 size_t dlen = 0;
329                 ldap_pvt_thread_mutex_lock( &desc.ad_type->sat_ad_mutex );
330                 /* check again now that we've locked */
331                 for (d2 = desc.ad_type->sat_ad; d2; d2=d2->ad_next) {
332                         if (d2->ad_flags != desc.ad_flags)
333                                 continue;
334                         if (d2->ad_tags.bv_len != desc.ad_tags.bv_len)
335                                 continue;
336                         if (d2->ad_tags.bv_len == 0)
337                                 break;
338                         if (strncasecmp(d2->ad_tags.bv_val, desc.ad_tags.bv_val,
339                                 desc.ad_tags.bv_len) == 0)
340                                 break;
341                 }
342                 if (d2) {
343                         ldap_pvt_thread_mutex_unlock( &desc.ad_type->sat_ad_mutex );
344                         break;
345                 }
346
347                 /* Allocate a single contiguous block. If there are no
348                  * options, we just need space for the AttrDesc structure.
349                  * Otherwise, we need to tack on the full name length +
350                  * options length, + maybe tagging options length again.
351                  */
352                 if (desc.ad_tags.bv_len || desc.ad_flags != SLAP_DESC_NONE) {
353                         dlen = desc.ad_type->sat_cname.bv_len + 1;
354                         if (desc.ad_tags.bv_len) {
355                                 dlen += 1+desc.ad_tags.bv_len;
356                         }
357                         if( slap_ad_is_binary( &desc ) ) {
358                                 dlen += sizeof(";binary")+desc.ad_tags.bv_len;
359                         }
360                 }
361
362                 d2 = ch_malloc(sizeof(AttributeDescription) + dlen);
363                 d2->ad_next = NULL;
364                 d2->ad_type = desc.ad_type;
365                 d2->ad_flags = desc.ad_flags;
366                 d2->ad_cname.bv_len = desc.ad_type->sat_cname.bv_len;
367                 d2->ad_tags.bv_len = desc.ad_tags.bv_len;
368
369                 if (dlen == 0) {
370                         d2->ad_cname.bv_val = d2->ad_type->sat_cname.bv_val;
371                         d2->ad_tags.bv_val = NULL;
372                 } else {
373                         char *cp, *op, *lp;
374                         int j;
375                         d2->ad_cname.bv_val = (char *)(d2+1);
376                         strcpy(d2->ad_cname.bv_val, d2->ad_type->sat_cname.bv_val);
377                         cp = d2->ad_cname.bv_val + d2->ad_cname.bv_len;
378                         if( slap_ad_is_binary( &desc ) ) {
379                                 op = cp;
380                                 lp = NULL;
381                                 if( desc.ad_tags.bv_len ) {
382                                         lp = desc.ad_tags.bv_val;
383                                         while( strncasecmp(lp, "binary", sizeof("binary")-1) < 0
384                                                && (lp = strchr( lp, ';' )) != NULL )
385                                                 ++lp;
386                                         if( lp != desc.ad_tags.bv_val ) {
387                                                 *cp++ = ';';
388                                                 j = (lp
389                                                      ? lp - desc.ad_tags.bv_val - 1
390                                                      : strlen( desc.ad_tags.bv_val ));
391                                                 cp = lutil_strncopy(cp, desc.ad_tags.bv_val, j);
392                                         }
393                                 }
394                                 cp = lutil_strcopy(cp, ";binary");
395                                 if( lp != NULL ) {
396                                         *cp++ = ';';
397                                         cp = lutil_strcopy(cp, lp);
398                                 }
399                                 d2->ad_cname.bv_len = cp - d2->ad_cname.bv_val;
400                                 if( desc.ad_tags.bv_len )
401                                         ldap_pvt_str2lower(op);
402                                 j = 1;
403                         } else {
404                                 j = 0;
405                         }
406                         if( desc.ad_tags.bv_len ) {
407                                 lp = d2->ad_cname.bv_val + d2->ad_cname.bv_len + j;
408                                 if ( j == 0 )
409                                         *lp++ = ';';
410                                 d2->ad_tags.bv_val = lp;
411                                 strcpy(lp, desc.ad_tags.bv_val);
412                                 ldap_pvt_str2lower(lp);
413                                 if( j == 0 )
414                                         d2->ad_cname.bv_len += 1 + desc.ad_tags.bv_len;
415                         }
416                 }
417                 /* Add new desc to list. We always want the bare Desc with
418                  * no options to stay at the head of the list, assuming
419                  * that one will be used most frequently.
420                  */
421                 if (desc.ad_type->sat_ad == NULL || dlen == 0) {
422                         d2->ad_next = desc.ad_type->sat_ad;
423                         desc.ad_type->sat_ad = d2;
424                 } else {
425                         d2->ad_next = desc.ad_type->sat_ad->ad_next;
426                         desc.ad_type->sat_ad->ad_next = d2;
427                 }
428                 ldap_pvt_thread_mutex_unlock( &desc.ad_type->sat_ad_mutex );
429         }
430
431         if( *ad == NULL ) {
432                 *ad = d2;
433         } else {
434                 **ad = *d2;
435         }
436
437         return LDAP_SUCCESS;
438 }
439
440 static int is_ad_subtags(
441         struct berval *subtagsbv, 
442         struct berval *suptagsbv )
443 {
444         const char *suptags, *supp, *supdelimp;
445         const char *subtags, *subp, *subdelimp;
446         int  suplen, sublen;
447
448         subtags =subtagsbv->bv_val;
449         suptags =suptagsbv->bv_val;
450
451         for( supp=suptags ; supp; supp=supdelimp ) {
452                 supdelimp = strchrlen( supp, ';', &suplen );
453                 if( supdelimp ) supdelimp++;
454
455                 for( subp=subtags ; subp; subp=subdelimp ) {
456                         subdelimp = strchrlen( subp, ';', &sublen );
457                         if( subdelimp ) subdelimp++;
458
459                         if ( suplen > sublen
460                                  ? ( suplen-1 == sublen && supp[suplen-1] == '-'
461                                          && strncmp( supp, subp, sublen ) == 0 )
462                                  : ( ( suplen == sublen || supp[suplen-1] == '-' )
463                                          && strncmp( supp, subp, suplen ) == 0 ) )
464                         {
465                                 goto match;
466                         }
467                 }
468
469                 return 0;
470 match:;
471         }
472         return 1;
473 }
474
475 int is_ad_subtype(
476         AttributeDescription *sub,
477         AttributeDescription *super
478 )
479 {
480         AttributeType *a;
481         int lr;
482
483         for ( a = sub->ad_type; a; a=a->sat_sup ) {
484                 if ( a == super->ad_type ) break;
485         }
486         if( !a ) {
487                 return 0;
488         }
489
490         /* ensure sub does support all flags of super */
491         lr = sub->ad_tags.bv_len ? SLAP_DESC_TAG_RANGE : 0;
492         if(( super->ad_flags & ( sub->ad_flags | lr )) != super->ad_flags ) {
493                 return 0;
494         }
495
496         /* check for tagging options */
497         if ( super->ad_tags.bv_len == 0 )
498                 return 1;
499         if ( sub->ad_tags.bv_len == 0 )
500                 return 0;
501
502         return is_ad_subtags( &sub->ad_tags, &super->ad_tags );
503 }
504
505 int ad_inlist(
506         AttributeDescription *desc,
507         AttributeName *attrs )
508 {
509         if (! attrs ) return 0;
510
511         for( ; attrs->an_name.bv_val; attrs++ ) {
512                 AttributeType *a;
513                 ObjectClass *oc;
514                 int rc;
515                 
516                 if ( attrs->an_desc ) {
517                         int lr;
518
519                         if ( desc == attrs->an_desc ) {
520                                 return 1;
521                         }
522
523                         /*
524                          * EXTENSION: if requested description is preceeded by
525                          * a '-' character, do not match on subtypes.
526                          */
527                         if ( attrs->an_name.bv_val[0] == '-' ) {
528                                 continue;
529                         }
530                         
531                         /* Is this a subtype of the requested attr? */
532                         for (a = desc->ad_type; a; a=a->sat_sup) {
533                                 if ( a == attrs->an_desc->ad_type )
534                                         break;
535                         }
536                         if ( !a ) {
537                                 continue;
538                         }
539                         /* Does desc support all the requested flags? */
540                         lr = desc->ad_tags.bv_len ? SLAP_DESC_TAG_RANGE : 0;
541                         if(( attrs->an_desc->ad_flags & (desc->ad_flags | lr))
542                                 != attrs->an_desc->ad_flags ) {
543                                 continue;
544                         }
545                         /* Do the descs have compatible tags? */
546                         if ( attrs->an_desc->ad_tags.bv_len == 0 ) {
547                                 return 1;
548                         }
549                         if ( desc->ad_tags.bv_len == 0) {
550                                 continue;
551                         }
552                         if ( is_ad_subtags( &desc->ad_tags,
553                                 &attrs->an_desc->ad_tags ) ) {
554                                 return 1;
555                         }
556                         continue;
557                 }
558
559                 /*
560                  * EXTENSION: see if requested description is @objectClass
561                  * if so, return attributes which the class requires/allows
562                  * else if requested description is !objectClass, return
563                  * attributes which the class does not require/allow
564                  */
565                 oc = attrs->an_oc;
566                 if( oc == NULL && attrs->an_name.bv_val ) {
567                         switch( attrs->an_name.bv_val[0] ) {
568                         case '@': /* @objectClass */
569                         case '+': /* +objectClass (deprecated) */
570                         case '!': { /* exclude */
571                                         struct berval ocname;
572                                         ocname.bv_len = attrs->an_name.bv_len - 1;
573                                         ocname.bv_val = &attrs->an_name.bv_val[1];
574                                         oc = oc_bvfind( &ocname );
575                                         attrs->an_oc_exclude = 0;
576                                         if ( oc && attrs->an_name.bv_val[0] == '!' ) {
577                                                 attrs->an_oc_exclude = 1;
578                                         }
579                                 } break;
580
581                         default: /* old (deprecated) way */
582                                 oc = oc_bvfind( &attrs->an_name );
583                         }
584                         attrs->an_oc = oc;
585                 }
586                 if( oc != NULL ) {
587                         if ( attrs->an_oc_exclude ) {
588                                 int gotit = 0;
589
590                                 if ( oc == slap_schema.si_oc_extensibleObject ) {
591                                         /* extensibleObject allows the return of anything */
592                                         return 0;
593                                 }
594
595                                 if( oc->soc_required ) {
596                                         /* allow return of required attributes */
597                                         int i;
598                                 
599                                         for ( i = 0; oc->soc_required[i] != NULL; i++ ) {
600                                                 for (a = desc->ad_type; a; a=a->sat_sup) {
601                                                         if ( a == oc->soc_required[i] ) {
602                                                                 return 0;
603                                                         }
604                                                 }
605                                         }
606                                 }
607
608                                 if( oc->soc_allowed ) {
609                                         /* allow return of allowed attributes */
610                                         int i;
611                                         for ( i = 0; oc->soc_allowed[i] != NULL; i++ ) {
612                                                 for (a = desc->ad_type; a; a=a->sat_sup) {
613                                                         if ( a == oc->soc_allowed[i] ) {
614                                                                 return 0;
615                                                         }
616                                                 }
617                                         }
618                                 }
619
620                                 return 1;
621                         }
622                         
623                         if ( oc == slap_schema.si_oc_extensibleObject ) {
624                                 /* extensibleObject allows the return of anything */
625                                 return 1;
626                         }
627
628                         if( oc->soc_required ) {
629                                 /* allow return of required attributes */
630                                 int i;
631                                 
632                                 for ( i = 0; oc->soc_required[i] != NULL; i++ ) {
633                                         for (a = desc->ad_type; a; a=a->sat_sup) {
634                                                 if ( a == oc->soc_required[i] ) {
635                                                         return 1;
636                                                 }
637                                         }
638                                 }
639                         }
640
641                         if( oc->soc_allowed ) {
642                                 /* allow return of allowed attributes */
643                                 int i;
644                                 for ( i = 0; oc->soc_allowed[i] != NULL; i++ ) {
645                                         for (a = desc->ad_type; a; a=a->sat_sup) {
646                                                 if ( a == oc->soc_allowed[i] ) {
647                                                         return 1;
648                                                 }
649                                         }
650                                 }
651                         }
652
653                 } else {
654                         /* short-circuit this search next time around */
655                         if (!slap_schema.si_at_undefined->sat_ad) {
656                                 const char *text;
657                                 slap_bv2undef_ad(&attrs->an_name,
658                                         &attrs->an_desc, &text);
659                         } else {
660                                 attrs->an_desc =
661                                         slap_schema.si_at_undefined->sat_ad;
662                         }
663                 }
664         }
665
666         return 0;
667 }
668
669
670 int slap_str2undef_ad(
671         const char *str,
672         AttributeDescription **ad,
673         const char **text )
674 {
675         struct berval bv;
676         bv.bv_val = (char *) str;
677         bv.bv_len = strlen( str );
678
679         return slap_bv2undef_ad( &bv, ad, text );
680 }
681
682 int slap_bv2undef_ad(
683         struct berval *bv,
684         AttributeDescription **ad,
685         const char **text )
686 {
687         AttributeDescription *desc;
688
689         assert( ad != NULL );
690
691         if( bv == NULL || bv->bv_len == 0 ) {
692                 *text = "empty AttributeDescription";
693                 return LDAP_UNDEFINED_TYPE;
694         }
695
696         /* make sure description is IA5 */
697         if( ad_keystring( bv ) ) {
698                 *text = "AttributeDescription contains inappropriate characters";
699                 return LDAP_UNDEFINED_TYPE;
700         }
701
702         for( desc = slap_schema.si_at_undefined->sat_ad; desc;
703                 desc=desc->ad_next ) 
704         {
705                 if( desc->ad_cname.bv_len == bv->bv_len &&
706                     !strcasecmp( desc->ad_cname.bv_val, bv->bv_val ))
707                 {
708                         break;
709                 }
710         }
711         
712         if( !desc ) {
713                 desc = ch_malloc(sizeof(AttributeDescription) + 1 +
714                         bv->bv_len);
715                 
716                 desc->ad_flags = SLAP_DESC_NONE;
717                 desc->ad_tags.bv_val = NULL;
718                 desc->ad_tags.bv_len = 0;
719
720                 desc->ad_cname.bv_len = bv->bv_len;
721                 desc->ad_cname.bv_val = (char *)(desc+1);
722                 strcpy(desc->ad_cname.bv_val, bv->bv_val);
723
724                 /* canonical to upper case */
725                 ldap_pvt_str2upper( desc->ad_cname.bv_val );
726
727                 desc->ad_type = slap_schema.si_at_undefined;
728                 desc->ad_next = desc->ad_type->sat_ad;
729                 desc->ad_type->sat_ad = desc;
730         }
731
732         if( !*ad ) {
733                 *ad = desc;
734         } else {
735                 **ad = *desc;
736         }
737
738         return LDAP_SUCCESS;
739 }
740
741 int
742 an_find(
743     AttributeName *a,
744     struct berval *s
745 )
746 {
747         if( a == NULL ) return 0;
748
749         for ( ; a->an_name.bv_val; a++ ) {
750                 if ( a->an_name.bv_len != s->bv_len) continue;
751                 if ( strcasecmp( s->bv_val, a->an_name.bv_val ) == 0 ) {
752                         return( 1 );
753                 }
754         }
755
756         return( 0 );
757 }
758
759 /*
760  * Convert a delimited string into a list of AttributeNames; add
761  * on to an existing list if it was given.  If the string is not
762  * a valid attribute name, if a '-' is prepended it is skipped
763  * and the remaining name is tried again; if a '@' (or '+') is
764  * prepended, an objectclass name is searched instead; if a '!'
765  * is prepended, the objectclass name is negated.
766  * 
767  * NOTE: currently, if a valid attribute name is not found, the
768  * same string is also checked as valid objectclass name; however,
769  * this behavior is deprecated.
770  */
771 AttributeName *
772 str2anlist( AttributeName *an, char *in, const char *brkstr )
773 {
774         char    *str;
775         char    *s;
776         char    *lasts;
777         int     i, j;
778         const char *text;
779         AttributeName *anew;
780
781         /* find last element in list */
782         for (i = 0; an && an[i].an_name.bv_val; i++);
783         
784         /* protect the input string from strtok */
785         str = ch_strdup( in );
786
787         /* Count words in string */
788         j=1;
789         for ( s = str; *s; s++ ) {
790                 if ( strchr( brkstr, *s ) != NULL ) {
791                         j++;
792                 }
793         }
794
795         an = ch_realloc( an, ( i + j + 1 ) * sizeof( AttributeName ) );
796         anew = an + i;
797         for ( s = ldap_pvt_strtok( str, brkstr, &lasts );
798                 s != NULL;
799                 s = ldap_pvt_strtok( NULL, brkstr, &lasts ) )
800         {
801                 anew->an_desc = NULL;
802                 anew->an_oc = NULL;
803                 anew->an_oc_exclude = 0;
804                 ber_str2bv(s, 0, 1, &anew->an_name);
805                 slap_bv2ad(&anew->an_name, &anew->an_desc, &text);
806                 if ( !anew->an_desc ) {
807                         switch( anew->an_name.bv_val[0] ) {
808                         case '-': {
809                                         struct berval adname;
810                                         adname.bv_len = anew->an_name.bv_len - 1;
811                                         adname.bv_val = &anew->an_name.bv_val[1];
812                                         slap_bv2ad(&adname, &anew->an_desc, &text);
813                                         if ( !anew->an_desc ) {
814                                                 free( an );
815                                                 /*
816                                                  * overwrites input string
817                                                  * on error!
818                                                  */
819                                                 strcpy( in, s );
820                                                 return NULL;
821                                         }
822                                 } break;
823
824                         case '@':
825                         case '+': /* (deprecated) */
826                         case '!': {
827                                         struct berval ocname;
828                                         ocname.bv_len = anew->an_name.bv_len - 1;
829                                         ocname.bv_val = &anew->an_name.bv_val[1];
830                                         anew->an_oc = oc_bvfind( &ocname );
831                                         if ( !anew->an_oc ) {
832                                                 free( an );
833                                                 /*
834                                                  * overwrites input string
835                                                  * on error!
836                                                  */
837                                                 strcpy( in, s );
838                                                 return NULL;
839                                         }
840
841                                         if ( anew->an_name.bv_val[0] == '!' ) {
842                                                 anew->an_oc_exclude = 1;
843                                         }
844                                 } break;
845
846                         default:
847                                 /* old (deprecated) way */
848                                 anew->an_oc = oc_bvfind( &anew->an_name );
849                                 if ( !anew->an_oc ) {
850                                         free( an );
851                                         /* overwrites input string on error! */
852                                         strcpy( in, s );
853                                         return NULL;
854                                 }
855                         }
856                 }
857                 anew++;
858         }
859
860         anew->an_name.bv_val = NULL;
861         free( str );
862         return( an );
863 }
864
865
866 /* Define an attribute option. */
867 int
868 ad_define_option( const char *name, const char *fname, int lineno )
869 {
870         int i;
871         unsigned int optlen;
872
873         if ( options == &lang_option ) {
874                 options = NULL;
875                 option_count = 0;
876         }
877         if ( name == NULL )
878                 return 0;
879
880         optlen = 0;
881         do {
882                 if ( !DESC_CHAR( name[optlen] ) ) {
883 #ifdef NEW_LOGGING
884                         LDAP_LOG( CONFIG, CRIT,
885                                   "%s: line %d: illegal option name \"%s\"\n",
886                                   fname, lineno, name );
887 #else
888                         Debug( LDAP_DEBUG_ANY,
889                                "%s: line %d: illegal option name \"%s\"\n",
890                                     fname, lineno, name );
891 #endif
892                         return 1;
893                 }
894         } while ( name[++optlen] );
895
896         options = ch_realloc( options,
897                 (option_count+1) * sizeof(Attr_option) );
898
899         if ( strcasecmp( name, "binary" ) == 0
900              || ad_find_option_definition( name, optlen ) ) {
901 #ifdef NEW_LOGGING
902                 LDAP_LOG( CONFIG, CRIT,
903                           "%s: line %d: option \"%s\" is already defined\n",
904                           fname, lineno, name );
905 #else
906                 Debug( LDAP_DEBUG_ANY,
907                        "%s: line %d: option \"%s\" is already defined\n",
908                        fname, lineno, name );
909 #endif
910                 return 1;
911         }
912
913         for ( i = option_count; i; --i ) {
914                 if ( strcasecmp( name, options[i-1].name.bv_val ) >= 0 )
915                         break;
916                 options[i] = options[i-1];
917         }
918
919         options[i].name.bv_val = ch_strdup( name );
920         options[i].name.bv_len = optlen;
921         options[i].prefix = (name[optlen-1] == '-');
922
923         if ( i != option_count &&
924              options[i].prefix &&
925              optlen < options[i+1].name.bv_len &&
926              strncasecmp( name, options[i+1].name.bv_val, optlen ) == 0 ) {
927 #ifdef NEW_LOGGING
928                         LDAP_LOG( CONFIG, CRIT,
929                                   "%s: line %d: option \"%s\" overrides previous option\n",
930                                   fname, lineno, name );
931 #else
932                         Debug( LDAP_DEBUG_ANY,
933                                "%s: line %d: option \"%s\" overrides previous option\n",
934                                     fname, lineno, name );
935 #endif
936                         return 1;
937         }
938
939         option_count++;
940         return 0;
941 }
942
943 /* Find the definition of the option name or prefix matching the arguments */
944 static Attr_option *
945 ad_find_option_definition( const char *opt, int optlen )
946 {
947         int top = 0, bot = option_count;
948         while ( top < bot ) {
949                 int mid = (top + bot) / 2;
950                 int mlen = options[mid].name.bv_len;
951                 char *mname = options[mid].name.bv_val;
952                 int j;
953                 if ( optlen < mlen ) {
954                         j = strncasecmp( opt, mname, optlen ) - 1;
955                 } else {
956                         j = strncasecmp( opt, mname, mlen );
957                         if ( j==0 && (optlen==mlen || options[mid].prefix) )
958                                 return &options[mid];
959                 }
960                 if ( j < 0 )
961                         bot = mid;
962                 else
963                         top = mid + 1;
964         }
965         return NULL;
966 }
967
968 MatchingRule *ad_mr(
969         AttributeDescription *ad,
970         unsigned usage )
971 {
972         switch( usage & SLAP_MR_TYPE_MASK ) {
973         case SLAP_MR_NONE:
974         case SLAP_MR_EQUALITY:
975                 return ad->ad_type->sat_equality;
976                 break;
977         case SLAP_MR_ORDERING:
978                 return ad->ad_type->sat_ordering;
979                 break;
980         case SLAP_MR_SUBSTR:
981                 return ad->ad_type->sat_substr;
982                 break;
983         case SLAP_MR_EXT:
984         default:
985                 assert( 0 /* ad_mr: bad usage */);
986         }
987         return NULL;
988 }