]> git.sur5r.net Git - openldap/blobdiff - servers/slapd/schema_init.c
ITS#6152 bits.
[openldap] / servers / slapd / schema_init.c
index 28f2498a422c51b65f2382912fbdab0d4db93b54..253cf9790ea152bcfd6dd48ebe49332602ab92fa 100644 (file)
@@ -2,7 +2,7 @@
 /* $OpenLDAP$ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -156,8 +156,8 @@ enum {
 
 enum {
        SLAP_X509_OPT_C_VERSION         = SLAP_X509_OPTION + 0,
-       SLAP_X509_OPT_C_ISSUERUNIQUEID  = SLAP_X509_OPTION + 1,
-       SLAP_X509_OPT_C_SUBJECTUNIQUEID = SLAP_X509_OPTION + 2,
+       SLAP_X509_OPT_C_ISSUERUNIQUEID  = LBER_CLASS_CONTEXT + 1,
+       SLAP_X509_OPT_C_SUBJECTUNIQUEID = LBER_CLASS_CONTEXT + 2,
        SLAP_X509_OPT_C_EXTENSIONS      = SLAP_X509_OPTION + 3
 };
 
@@ -319,10 +319,11 @@ certificateListValidate( Syntax *syntax, struct berval *in )
                        tag = ber_skip_tag( ber, &len );
                }
        }
-       /* Optional Extensions */
+       /* Optional Extensions - Sequence of Sequence */
        if ( tag == SLAP_X509_OPT_CL_CRLEXTENSIONS ) { /* ? */
+               ber_len_t seqlen;
                if ( version != SLAP_X509_V2 ) return LDAP_INVALID_SYNTAX;
-               tag = ber_skip_tag( ber, &len );
+               tag = ber_peek_tag( ber, &seqlen );
                if ( tag != LBER_SEQUENCE ) return LDAP_INVALID_SYNTAX;
                ber_skip_data( ber, len );
                tag = ber_skip_tag( ber, &len );
@@ -388,7 +389,7 @@ attributeCertificateValidate( Syntax *syntax, struct berval *in )
        if ( tag != LBER_SEQUENCE ) return LDAP_INVALID_SYNTAX;
        ber_skip_data( ber, len );
 
-       ber_peek_tag( ber, &len );
+       tag = ber_peek_tag( ber, &len );
 
        if ( tag == LBER_BITSTRING ) {  /* issuerUniqueID */
                tag = ber_skip_tag( ber, &len );
@@ -1105,12 +1106,7 @@ bitStringValidate(
   ...
       
  *
- * Note: normalization strips any leading "0"s, unless the
- * bit string is exactly "'0'B", so the normalized example,
- * in slapd, would result in
- * 
- * 1.3.6.1.4.1.1466.0=#04024869,o=test,c=gb#'101'B
- * 
+ * Note:
  * RFC 4514 clarifies that SHARP, i.e. "#", doesn't have to
  * be escaped except when at the beginning of a value, the
  * definition of Name and Optional UID appears to be flawed,
@@ -1134,11 +1130,11 @@ bitStringValidate(
  *
  * in fact "com#'1'B" is a valid IA5 string.
  *
- * As a consequence, current slapd code assumes that the
- * presence of portions of a BitString at the end of the string 
- * representation of a NameAndOptionalUID means a BitString
- * is expected, and cause an error otherwise.  This is quite
- * arbitrary, and might change in the future.
+ * As a consequence, current slapd code takes the presence of
+ * #<valid BitString> at the end of the string representation
+ * of a NameAndOptionalUID to mean this is indeed a BitString.
+ * This is quite arbitrary - it has changed the past and might
+ * change in the future.
  */
 
 
@@ -1209,7 +1205,8 @@ nameUIDPretty(
 
                        if ( rc == LDAP_SUCCESS ) {
                                ber_dupbv_x( &dnval, val, ctx );
-                               dnval.bv_len -= uidval.bv_len + 1;
+                               uidval.bv_val--;
+                               dnval.bv_len -= ++uidval.bv_len;
                                dnval.bv_val[dnval.bv_len] = '\0';
 
                        } else {
@@ -1226,36 +1223,18 @@ nameUIDPretty(
                }
 
                if( !BER_BVISNULL( &uidval ) ) {
-                       int     i, c, got1;
                        char    *tmp;
 
                        tmp = slap_sl_realloc( out->bv_val, out->bv_len 
-                               + STRLENOF( "#" ) + uidval.bv_len + 1,
+                               + uidval.bv_len + 1,
                                ctx );
                        if( tmp == NULL ) {
                                ber_memfree_x( out->bv_val, ctx );
                                return LDAP_OTHER;
                        }
                        out->bv_val = tmp;
-                       out->bv_val[out->bv_len++] = '#';
-                       out->bv_val[out->bv_len++] = '\'';
-
-                       got1 = uidval.bv_len < sizeof("'0'B"); 
-                       for( i = 1; i < uidval.bv_len - 2; i++ ) {
-                               c = uidval.bv_val[i];
-                               switch(c) {
-                                       case '0':
-                                               if( got1 ) out->bv_val[out->bv_len++] = c;
-                                               break;
-                                       case '1':
-                                               got1 = 1;
-                                               out->bv_val[out->bv_len++] = c;
-                                               break;
-                               }
-                       }
-
-                       out->bv_val[out->bv_len++] = '\'';
-                       out->bv_val[out->bv_len++] = 'B';
+                       memcpy( out->bv_val + out->bv_len, uidval.bv_val, uidval.bv_len );
+                       out->bv_len += uidval.bv_len;
                        out->bv_val[out->bv_len] = '\0';
                }
        }
@@ -2836,6 +2815,7 @@ UUIDNormalize(
 
                } else {
                        slap_sl_free( normalized->bv_val, ctx );
+                       BER_BVZERO( normalized );
                        return LDAP_INVALID_SYNTAX;
                }
 
@@ -4385,8 +4365,8 @@ serialNumberAndIssuerSerialCheck(
                ber_dupbv_x( &ni, is, ctx );
 
        } else {
-               ber_int_t src, dst;
-               
+               ber_len_t src, dst;
+
                ni.bv_len = is->bv_len - numdquotes;
                ni.bv_val = ber_memalloc_x( ni.bv_len + 1, ctx );
                for ( src = 0, dst = 0; src < is->bv_len; src++, dst++ ) {
@@ -6647,7 +6627,7 @@ static slap_mrule_defs_rec mrule_defs[] = {
        {"( 1.3.6.1.4.1.4203.666.11.2.3 NAME 'CSNOrderingMatch' "
                "SYNTAX 1.3.6.1.4.1.4203.666.11.2.1 )",
                SLAP_MR_HIDE | SLAP_MR_ORDERING | SLAP_MR_ORDERED_INDEX, NULL,
-               NULL, NULL, csnOrderingMatch,
+               NULL, csnNormalize, csnOrderingMatch,
                NULL, NULL,
                "CSNMatch" },