/* schema_init.c - init builtin schema */
/* $OpenLDAP$ */
/*
- * Copyright 1998-2002 The OpenLDAP Foundation, All Rights Reserved.
+ * Copyright 1998-2003 The OpenLDAP Foundation, All Rights Reserved.
* COPYING RESTRICTIONS APPLY, see COPYRIGHT file
*/
return LDAP_SUCCESS;
}
+static int
+octetStringOrderingMatch(
+ int *matchp,
+ slap_mask_t flags,
+ Syntax *syntax,
+ MatchingRule *mr,
+ struct berval *value,
+ void *assertedValue )
+{
+ ber_len_t v_len = value->bv_len;
+ ber_len_t av_len = ((struct berval *) assertedValue)->bv_len;
+ int match = memcmp( value->bv_val,
+ ((struct berval *) assertedValue)->bv_val,
+ (v_len < av_len ? v_len : av_len) );
+ if( match == 0 )
+ match = v_len - av_len;
+ *matchp = match;
+ return LDAP_SUCCESS;
+}
+
/* Index generation function */
int octetStringIndexer(
slap_mask_t use,
return LDAP_SUCCESS;
}
-static int
-bitStringNormalize(
- Syntax *syntax,
- struct berval *val,
- struct berval *normalized )
-{
- /*
- * A normalized bitString is has no extaneous (leading) zero bits.
- * That is, '00010'B is normalized to '10'B
- * However, as a special case, '0'B requires no normalization.
- */
- char *p;
-
- /* start at the first bit */
- p = &val->bv_val[1];
-
- /* Find the first non-zero bit */
- while ( *p == '0' ) p++;
-
- if( *p == '\'' ) {
- /* no non-zero bits */
- ber_str2bv( "\'0\'B", sizeof("\'0\'B") - 1, 1, normalized );
- goto done;
- }
-
- normalized->bv_val = ch_malloc( val->bv_len + 1 );
-
- normalized->bv_val[0] = '\'';
- normalized->bv_len = 1;
-
- for( ; *p != '\0'; p++ ) {
- normalized->bv_val[normalized->bv_len++] = *p;
- }
-
- normalized->bv_val[normalized->bv_len] = '\0';
-
-done:
- return LDAP_SUCCESS;
-}
-
static int
nameUIDValidate(
Syntax *syntax,
ber_dupbv( &out, val );
if( out.bv_len != 0 ) {
- struct berval uidin = { 0, NULL };
- struct berval uidout = { 0, NULL };
+ struct berval uid = { 0, NULL };
if( out.bv_val[out.bv_len-1] == 'B'
&& out.bv_val[out.bv_len-2] == '\'' )
{
/* assume presence of optional UID */
- uidin.bv_val = strrchr( out.bv_val, '#' );
+ uid.bv_val = strrchr( out.bv_val, '#' );
- if( uidin.bv_val == NULL ) {
+ if( uid.bv_val == NULL ) {
free( out.bv_val );
return LDAP_INVALID_SYNTAX;
}
- uidin.bv_len = out.bv_len - (uidin.bv_val - out.bv_val);
- out.bv_len -= uidin.bv_len--;
+ uid.bv_len = out.bv_len - (uid.bv_val - out.bv_val);
+ out.bv_len -= uid.bv_len--;
/* temporarily trim the UID */
- *(uidin.bv_val++) = '\0';
-
- rc = bitStringNormalize( syntax, &uidin, &uidout );
-
- if( rc != LDAP_SUCCESS ) {
- free( out.bv_val );
- return LDAP_INVALID_SYNTAX;
- }
+ *(uid.bv_val++) = '\0';
}
-#ifdef USE_DN_NORMALIZE
rc = dnNormalize2( NULL, &out, normalized );
-#else
- rc = dnPretty2( NULL, &out, normalized );
-#endif
if( rc != LDAP_SUCCESS ) {
free( out.bv_val );
- free( uidout.bv_val );
return LDAP_INVALID_SYNTAX;
}
- if( uidout.bv_len ) {
+ if( uid.bv_len ) {
normalized->bv_val = ch_realloc( normalized->bv_val,
- normalized->bv_len + uidout.bv_len + sizeof("#") );
+ normalized->bv_len + uid.bv_len + sizeof("#") );
/* insert the separator */
normalized->bv_val[normalized->bv_len++] = '#';
/* append the UID */
AC_MEMCPY( &normalized->bv_val[normalized->bv_len],
- uidout.bv_val, uidout.bv_len );
- normalized->bv_len += uidout.bv_len;
+ uid.bv_val, uid.bv_len );
+ normalized->bv_len += uid.bv_len;
/* terminate */
normalized->bv_val[normalized->bv_len] = '\0';
SubstringsAssertion *nsa;
int i;
- nsa = (SubstringsAssertion *)ch_calloc( 1, sizeof(SubstringsAssertion) );
+ nsa = (SubstringsAssertion *)SLAP_CALLOC( 1, sizeof(SubstringsAssertion) );
if( nsa == NULL ) {
return NULL;
}
/* empty */
}
nsa->sa_any = (struct berval *)
- ch_malloc( (i + 1) * sizeof(struct berval) );
+ SLAP_MALLOC( (i + 1) * sizeof(struct berval) );
+ if( nsa->sa_any == NULL ) {
+ goto err;
+ }
for( i=0; sa->sa_any[i].bv_val != NULL; i++ ) {
UTF8bvnormalize( &sa->sa_any[i], &nsa->sa_any[i],
int rc = LDAP_SUCCESS;
int match;
struct berval *asserted = (struct berval *) assertedValue;
- ber_len_t i;
+ ber_len_t i, j;
struct berval oid;
if( value->bv_len == 0 || value->bv_val[0] != '(' /*')'*/ ) {
/* grab next word */
oid.bv_val = &value->bv_val[i];
- oid.bv_len = value->bv_len - i;
- for( i=1; ASCII_SPACE(value->bv_val[i]) && i < oid.bv_len; i++ ) {
+ j = value->bv_len - i;
+ for( i=0; !ASCII_SPACE(oid.bv_val[i]) && i < j; i++ ) {
/* empty */
}
oid.bv_len = i;
match, value->bv_val, asserted->bv_val );
#endif
-
if( rc == LDAP_SUCCESS ) *matchp = match;
return rc;
}
/* safe to assume integers are NUL terminated? */
lValue = strtoul(value->bv_val, NULL, 10);
- if(( lValue == LONG_MIN || lValue == LONG_MAX) && errno == ERANGE )
+ if(( lValue == LONG_MIN || lValue == LONG_MAX) && errno == ERANGE ) {
return LDAP_CONSTRAINT_VIOLATION;
+ }
lAssertedValue = strtol(((struct berval *)assertedValue)->bv_val, NULL, 10);
- if(( lAssertedValue == LONG_MIN || lAssertedValue == LONG_MAX) && errno == ERANGE )
+ if(( lAssertedValue == LONG_MIN || lAssertedValue == LONG_MAX)
+ && errno == ERANGE )
+ {
return LDAP_CONSTRAINT_VIOLATION;
+ }
*matchp = (lValue & lAssertedValue) ? 0 : 1;
return LDAP_SUCCESS;
/* safe to assume integers are NUL terminated? */
lValue = strtoul(value->bv_val, NULL, 10);
- if(( lValue == LONG_MIN || lValue == LONG_MAX) && errno == ERANGE )
+ if(( lValue == LONG_MIN || lValue == LONG_MAX) && errno == ERANGE ) {
return LDAP_CONSTRAINT_VIOLATION;
+ }
lAssertedValue = strtol(((struct berval *)assertedValue)->bv_val, NULL, 10);
- if(( lAssertedValue == LONG_MIN || lAssertedValue == LONG_MAX) && errno == ERANGE )
+ if(( lAssertedValue == LONG_MIN || lAssertedValue == LONG_MAX)
+ && errno == ERANGE )
+ {
return LDAP_CONSTRAINT_VIOLATION;
+ }
*matchp = (lValue | lAssertedValue) ? 0 : -1;
return LDAP_SUCCESS;
#ifdef HAVE_TLS
#include <openssl/x509.h>
#include <openssl/err.h>
-char digit[] = "0123456789";
/*
* Next function returns a string representation of a ASN1_INTEGER.
{
char buf[256];
char *p;
+ static char digit[] = "0123456789";
/* We work backwards, make it fill from the end of buf */
p = buf + sizeof(buf) - 1;
return NULL;
}
*--p = digit[carry];
- if (copy[base] == 0)
- base++;
+
+ if (copy[base] == 0) base++;
}
free(copy);
}
X509_free(xcert);
return LDAP_INVALID_SYNTAX;
}
- if ( dnX509normalize(X509_get_issuer_name(xcert), &issuer_dn ) != LDAP_SUCCESS ) {
+ if ( dnX509normalize(X509_get_issuer_name(xcert), &issuer_dn )
+ != LDAP_SUCCESS )
+ {
X509_free(xcert);
ber_memfree(serial.bv_val);
return LDAP_INVALID_SYNTAX;
begin = assertion->bv_val;
end = assertion->bv_val+assertion->bv_len-1;
- for (p=begin; p<=end && *p != '$'; p++)
- ;
- if ( p > end )
- return LDAP_INVALID_SYNTAX;
+ for (p=begin; p<=end && *p != '$'; p++) /* empty */ ;
+ if ( p > end ) return LDAP_INVALID_SYNTAX;
- /* p now points at the $ sign, now use begin and end to delimit the
- serial number */
- while (ASCII_SPACE(*begin))
- begin++;
+ /* p now points at the $ sign, now use
+ * begin and end to delimit the serial number
+ */
+ while (ASCII_SPACE(*begin)) begin++;
end = p-1;
- while (ASCII_SPACE(*end))
- end--;
+ while (ASCII_SPACE(*end)) end--;
+
+ if( end <= begin ) return LDAP_INVALID_SYNTAX;
bv.bv_len = end-begin+1;
bv.bv_val = begin;
ber_dupbv(serial, &bv);
/* now extract the issuer, remember p was at the dollar sign */
- if ( issuer_dn ) {
- begin = p+1;
- end = assertion->bv_val+assertion->bv_len-1;
- while (ASCII_SPACE(*begin))
- begin++;
- /* should we trim spaces at the end too? is it safe always? */
+ begin = p+1;
+ end = assertion->bv_val+assertion->bv_len-1;
+ while (ASCII_SPACE(*begin)) begin++;
+ /* should we trim spaces at the end too? is it safe always? no, no */
+ if( end <= begin ) return LDAP_INVALID_SYNTAX;
+
+ if ( issuer_dn ) {
bv.bv_len = end-begin+1;
bv.bv_val = begin;
+
dnNormalize2( NULL, &bv, issuer_dn );
}
X509_free(xcert);
serial_and_issuer_parse(assertedValue,
- &asserted_serial,
- &asserted_issuer_dn);
+ &asserted_serial, &asserted_issuer_dn);
ret = integerMatch(
matchp,
asn1_integer2str(xcert->cert_info->serialNumber, &serial);
X509_free(xcert);
integerNormalize( slap_schema.si_syn_integer,
- &serial,
- &keys[i] );
+ &serial, &keys[i] );
ber_memfree(serial.bv_val);
#ifdef NEW_LOGGING
LDAP_LOG( CONFIG, ENTRY,
{
BerVarray keys;
struct berval asserted_serial;
+ int ret;
- serial_and_issuer_parse(assertedValue,
- &asserted_serial,
- NULL);
+ ret = serial_and_issuer_parse( assertedValue, &asserted_serial, NULL );
+ if( ret != LDAP_SUCCESS ) return ret;
keys = ch_malloc( sizeof( struct berval ) * 2 );
integerNormalize( syntax, &asserted_serial, &keys[0] );
X_NOT_H_R ")",
SLAP_SYNTAX_BER, berValidate, NULL, NULL},
{"( 1.3.6.1.4.1.1466.115.121.1.6 DESC 'Bit String' )",
- 0, bitStringValidate, bitStringNormalize, NULL },
+ 0, bitStringValidate, NULL, NULL },
{"( 1.3.6.1.4.1.1466.115.121.1.7 DESC 'Boolean' )",
0, booleanValidate, NULL, NULL},
{"( 1.3.6.1.4.1.1466.115.121.1.8 DESC 'Certificate' "
* Chadwick in private mail.
*/
{"( 1.2.826.0.1.3344810.7.1 DESC 'Serial Number and Issuer' )",
- 0, NULL, NULL, NULL},
+ 0, UTF8StringValidate, NULL, NULL},
#endif
/* OpenLDAP Experimental Syntaxes */
#ifdef HAVE_TLS
char *certificateExactMatchSyntaxes[] = {
- "1.3.6.1.4.1.1466.115.121.1.8", NULL };
+ "1.3.6.1.4.1.1466.115.121.1.8" /* certificate */,
+ NULL
+};
#endif
+char *directoryStringSyntaxes[] = {
+ "1.3.6.1.4.1.1466.115.121.1.44" /* printableString */,
+ NULL
+};
+char *integerFirstComponentMatchSyntaxes[] = {
+ "1.3.6.1.4.1.1466.115.121.1.27" /* INTEGER */,
+ "1.3.6.1.4.1.1466.115.121.1.17" /* ditStructureRuleDescription */,
+ NULL
+};
+char *objectIdentifierFirstComponentMatchSyntaxes[] = {
+ "1.3.6.1.4.1.1466.115.121.1.38" /* OID */,
+ "1.3.6.1.4.1.1466.115.121.1.3" /* attributeTypeDescription */,
+ "1.3.6.1.4.1.1466.115.121.1.16" /* ditContentRuleDescription */,
+ "1.3.6.1.4.1.1466.115.121.1.54" /* ldapSyntaxDescription */,
+ "1.3.6.1.4.1.1466.115.121.1.30" /* matchingRuleDescription */,
+ "1.3.6.1.4.1.1466.115.121.1.31" /* matchingRuleUseDescription */,
+ "1.3.6.1.4.1.1466.115.121.1.35" /* nameFormDescription */,
+ "1.3.6.1.4.1.1466.115.121.1.37" /* objectClassDescription */,
+ NULL
+};
/*
* Other matching rules in X.520 that we do not use (yet):
*
* 2.5.13.9 numericStringOrderingMatch
- * 2.5.13.18 octetStringOrderingMatch
* 2.5.13.19 octetStringSubstringsMatch
* 2.5.13.25 uTCTimeMatch
* 2.5.13.26 uTCTimeOrderingMatch
{"( 2.5.13.2 NAME 'caseIgnoreMatch' "
"SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )",
- SLAP_MR_EQUALITY | SLAP_MR_EXT | SLAP_MR_DN_FOLD, NULL,
+ SLAP_MR_EQUALITY | SLAP_MR_EXT | SLAP_MR_DN_FOLD,
+ directoryStringSyntaxes,
NULL, NULL,
caseIgnoreMatch, caseExactIgnoreIndexer, caseExactIgnoreFilter,
directoryStringApproxMatchOID },
{"( 2.5.13.3 NAME 'caseIgnoreOrderingMatch' "
"SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )",
- SLAP_MR_ORDERING, NULL,
+ SLAP_MR_ORDERING, directoryStringSyntaxes,
NULL, NULL,
caseIgnoreOrderingMatch, NULL, NULL,
NULL},
{"( 2.5.13.5 NAME 'caseExactMatch' "
"SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )",
- SLAP_MR_EQUALITY | SLAP_MR_EXT, NULL,
+ SLAP_MR_EQUALITY | SLAP_MR_EXT, directoryStringSyntaxes,
NULL, NULL,
caseExactMatch, caseExactIgnoreIndexer, caseExactIgnoreFilter,
directoryStringApproxMatchOID },
{"( 2.5.13.6 NAME 'caseExactOrderingMatch' "
"SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )",
- SLAP_MR_ORDERING, NULL,
+ SLAP_MR_ORDERING, directoryStringSyntaxes,
NULL, NULL,
caseExactOrderingMatch, NULL, NULL,
NULL},
{"( 2.5.13.7 NAME 'caseExactSubstringsMatch' "
"SYNTAX 1.3.6.1.4.1.1466.115.121.1.58 )",
- SLAP_MR_SUBSTR, NULL,
+ SLAP_MR_SUBSTR, directoryStringSyntaxes,
NULL, NULL,
caseExactIgnoreSubstringsMatch,
caseExactIgnoreSubstringsIndexer,
octetStringMatch, octetStringIndexer, octetStringFilter,
NULL},
+ {"( 2.5.13.18 NAME 'octetStringOrderingMatch' "
+ "SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 )",
+ SLAP_MR_ORDERING, NULL,
+ NULL, NULL,
+ octetStringOrderingMatch, NULL, NULL,
+ NULL},
+
{"( 2.5.13.20 NAME 'telephoneNumberMatch' "
"SYNTAX 1.3.6.1.4.1.1466.115.121.1.50 )",
SLAP_MR_EQUALITY | SLAP_MR_EXT | SLAP_MR_DN_FOLD, NULL,
{"( 2.5.13.29 NAME 'integerFirstComponentMatch' "
"SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )",
- SLAP_MR_EQUALITY | SLAP_MR_EXT, NULL,
+ SLAP_MR_EQUALITY | SLAP_MR_EXT, integerFirstComponentMatchSyntaxes,
NULL, NULL,
integerFirstComponentMatch, NULL, NULL,
NULL},
{"( 2.5.13.30 NAME 'objectIdentifierFirstComponentMatch' "
"SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 )",
- SLAP_MR_EQUALITY | SLAP_MR_EXT, NULL,
+ SLAP_MR_EQUALITY | SLAP_MR_EXT,
+ objectIdentifierFirstComponentMatchSyntaxes,
NULL, NULL,
objectIdentifierFirstComponentMatch, NULL, NULL,
NULL},
projects / openldap / blobdiff