Fix memory leak.

[openldap] / servers / slapd / schema_init.c

diff --git a/servers/slapd/schema_init.c b/servers/slapd/schema_init.c
index ddc92abb7292fc871706c1bc60f6bbb6dd9f7db4..4ad571a850b8fe1ee2650d07e9a79a023c1b2beb 100644 (file)
--- a/servers/slapd/schema_init.c
+++ b/servers/slapd/schema_init.c
@@ -16,7 +16,92 @@
 #include "slap.h"
 #include "ldap_pvt.h"
 
-#define berValidate blobValidate
+static int
+dnValidate(
+       Syntax *syntax,
+       struct berval *in )
+{
+       int rc;
+       char *dn;
+
+       if( in->bv_len == 0 ) return LDAP_SUCCESS;
+
+       dn = ch_strdup( in->bv_val );
+
+       rc = dn_validate( dn ) == NULL
+               ? LDAP_INVALID_SYNTAX : LDAP_SUCCESS;
+
+       ch_free( dn );
+       return rc;
+}
+
+static int
+dnNormalize(
+       Syntax *syntax,
+       struct berval *val,
+       struct berval **normalized )
+{
+       struct berval *out = ber_bvdup( val );
+
+       if( out->bv_len != 0 ) {
+               char *dn;
+#ifdef USE_DN_NORMALIZE
+               dn = dn_normalize( out->bv_val );
+#else
+               dn = dn_validate( out->bv_val );
+#endif
+
+               if( dn == NULL ) {
+                       ber_bvfree( out );
+                       return LDAP_INVALID_SYNTAX;
+               }
+
+               out->bv_val = dn;
+               out->bv_len = strlen( dn );
+       }
+
+       *normalized = out;
+       return LDAP_SUCCESS;
+}
+
+static int
+dnMatch(
+       int *matchp,
+       unsigned use,
+       Syntax *syntax,
+       MatchingRule *mr,
+       struct berval *value,
+       void *assertedValue )
+{
+       int match;
+       struct berval *asserted = (struct berval *) assertedValue;
+       
+       match = value->bv_len - asserted->bv_len;
+
+       if( match == 0 ) {
+#ifdef USE_DN_NORMALIZE
+               match = strcmp( value->bv_val, asserted->bv_val );
+#else
+               match = strcasecmp( value->bv_val, asserted->bv_val );
+#endif
+       }
+
+       Debug( LDAP_DEBUG_ARGS, "dnMatch %d\n\t\"%s\"\n\t\"%s\"\n",
+           match, value->bv_val, asserted->bv_val );
+
+       *matchp = match;
+       return LDAP_SUCCESS;
+}
+       
+static int
+inValidate(
+       Syntax *syntax,
+       struct berval *in )
+{
+       /* any value allowed */
+       return LDAP_OTHER;
+}
+
 static int
 blobValidate(
        Syntax *syntax,
@@ -26,6 +111,8 @@ blobValidate(
        return LDAP_SUCCESS;
 }
 
+#define berValidate blobValidate
+
 static int
 UTF8StringValidate(
        Syntax *syntax,
@@ -251,7 +338,7 @@ IA5StringNormalize(
                /* EMPTY */  ;
        }
 
-       if( *p ) {
+       if( *p != '\0' ) {
                ch_free( newval );
                return LDAP_INVALID_SYNTAX;
        }
@@ -315,6 +402,125 @@ caseExactIA5Match(
        return LDAP_SUCCESS;
 }
 
+#ifdef SLAPD_SCHEMA_NOT_COMPAT
+static int
+caseExactIA5SubstringsMatch(
+       int *matchp,
+       unsigned use,
+       Syntax *syntax,
+       MatchingRule *mr,
+       struct berval *value,
+       void *assertedValue )
+{
+       int match = 0;
+       SubstringsAssertion *sub = assertedValue;
+       struct berval left = *value;
+       int i;
+       ber_len_t inlen=0;
+
+       if( sub->sa_initial ) {
+               inlen += sub->sa_initial->bv_len;
+       }
+       if( sub->sa_any ) {
+               for(i=0; sub->sa_any[i]; i++) {
+                       inlen += sub->sa_final->bv_len;
+               }
+       }
+       if( sub->sa_final ) {
+               inlen += sub->sa_final->bv_len;
+       }
+
+       if( inlen > value->bv_len ) {
+               match = 1;
+               goto done;
+       }
+
+       if( sub->sa_initial ) {
+               match = strncmp( sub->sa_initial->bv_val, left.bv_val,
+                       sub->sa_initial->bv_len );
+
+               if( match != 0 ) {
+                       goto done;
+               }
+
+               left.bv_val += sub->sa_initial->bv_len;
+               left.bv_len -= sub->sa_initial->bv_len;
+               inlen -= sub->sa_initial->bv_len;
+       }
+
+       if( sub->sa_final ) {
+               match = strncmp( sub->sa_final->bv_val,
+                       &left.bv_val[left.bv_len - sub->sa_final->bv_len],
+                       sub->sa_final->bv_len );
+
+               if( match != 0 ) {
+                       goto done;
+               }
+
+               left.bv_len -= sub->sa_final->bv_len;
+               inlen -= sub->sa_initial->bv_len;
+       }
+
+       if( sub->sa_any ) {
+               for(i=0; sub->sa_any[i]; i++) {
+                       ber_len_t idx;
+                       char *p;
+
+retry:
+                       if( inlen < left.bv_len ) {
+                               /* not enough length */
+                               match = 1;
+                               goto done;
+                       }
+
+                       if( sub->sa_any[i]->bv_len == 0 ) {
+                               continue;
+                       }
+
+                       p = strchr( left.bv_val, *sub->sa_any[i]->bv_val );
+
+                       if( p == NULL ) {
+                               match = 1;
+                               goto done;
+                       }
+
+                       idx = p - left.bv_val;
+                       assert( idx < left.bv_len );
+
+                       if( idx >= left.bv_len ) {
+                               /* this shouldn't happen */
+                               return LDAP_OTHER;
+                       }
+
+                       left.bv_val = p;
+                       left.bv_len -= idx;
+
+                       if( sub->sa_any[i]->bv_len > left.bv_len ) {
+                               /* not enough left */
+                               match = 1;
+                               goto done;
+                       }
+
+                       match = strncmp( left.bv_val,
+                               sub->sa_any[i]->bv_val,
+                               sub->sa_any[i]->bv_len );
+
+
+                       if( match != 0 ) {
+                               goto retry;
+                       }
+
+                       left.bv_val += sub->sa_any[i]->bv_len;
+                       left.bv_len -= sub->sa_any[i]->bv_len;
+               }
+       }
+
+done:
+       *matchp = match;
+       return LDAP_SUCCESS;
+}
+#endif
+
 static int
 caseIgnoreIA5Match(
        int *match,
@@ -329,19 +535,189 @@ caseIgnoreIA5Match(
        return LDAP_SUCCESS;
 }
 
+#ifdef SLAPD_SCHEMA_NOT_COMPAT
+static char *strcasechr( const char *str, int c )
+{
+       char *lower = strchr( str, TOLOWER(c) );
+       char *upper = strchr( str, TOUPPER(c) );
+
+       if( lower && upper ) {
+               return lower < upper ? lower : upper;
+       } else if ( lower ) {
+               return lower;
+       } else {
+               return upper;
+       }
+}
+
 static int
-objectClassMatch(
-       int *match,
+caseIgnoreIA5SubstringsMatch(
+       int *matchp,
        unsigned use,
        Syntax *syntax,
        MatchingRule *mr,
        struct berval *value,
        void *assertedValue )
 {
-       ObjectClass *oc = oc_find( value->bv_val );
-       ObjectClass *asserted = oc_find( ((struct berval *) assertedValue)->bv_val );
+       int match = 0;
+       SubstringsAssertion *sub = assertedValue;
+       struct berval left = *value;
+       int i;
+       ber_len_t inlen=0;
+
+       if( sub->sa_initial ) {
+               inlen += sub->sa_initial->bv_len;
+       }
+       if( sub->sa_any ) {
+               for(i=0; sub->sa_any[i]; i++) {
+                       inlen += sub->sa_final->bv_len;
+               }
+       }
+       if( sub->sa_final ) {
+               inlen += sub->sa_final->bv_len;
+       }
+
+       if( inlen > value->bv_len ) {
+               match = 1;
+               goto done;
+       }
+
+       if( sub->sa_initial ) {
+               match = strncasecmp( sub->sa_initial->bv_val, left.bv_val,
+                       sub->sa_initial->bv_len );
+
+               if( match != 0 ) {
+                       goto done;
+               }
+
+               left.bv_val += sub->sa_initial->bv_len;
+               left.bv_len -= sub->sa_initial->bv_len;
+       }
+
+       if( sub->sa_final ) {
+               match = strncasecmp( sub->sa_final->bv_val,
+                       &left.bv_val[left.bv_len - sub->sa_final->bv_len],
+                       sub->sa_final->bv_len );
+
+               if( match != 0 ) {
+                       goto done;
+               }
+
+               left.bv_len -= sub->sa_final->bv_len;
+       }
+
+       if( sub->sa_any ) {
+               for(i=0; sub->sa_any[i]; i++) {
+                       ber_len_t idx;
+                       char *p;
+
+retry:
+                       if( inlen < left.bv_len ) {
+                               /* not enough length */
+                               match = 1;
+                               goto done;
+                       }
+
+                       if( sub->sa_any[i]->bv_len == 0 ) {
+                               continue;
+                       }
+
+                       p = strcasechr( left.bv_val, *sub->sa_any[i]->bv_val );
+
+                       if( p == NULL ) {
+                               match = 1;
+                               goto done;
+                       }
+
+                       idx = p - left.bv_val;
+                       assert( idx < left.bv_len );
+
+                       if( idx >= left.bv_len ) {
+                               /* this shouldn't happen */
+                               return LDAP_OTHER;
+                       }
+
+                       left.bv_val = p;
+                       left.bv_len -= idx;
+
+                       if( sub->sa_any[i]->bv_len > left.bv_len ) {
+                               /* not enough left */
+                               match = 1;
+                               goto done;
+                       }
+
+                       match = strncasecmp( left.bv_val,
+                               sub->sa_any[i]->bv_val,
+                               sub->sa_any[i]->bv_len );
+
+
+                       if( match != 0 ) {
+                               goto retry;
+                       }
+
+                       left.bv_val += sub->sa_any[i]->bv_len;
+                       left.bv_len -= sub->sa_any[i]->bv_len;
+               }
+       }
+
+done:
+       *matchp = match;
+       return LDAP_SUCCESS;
+}
+#endif
+
+static int
+NumericStringNormalize(
+       Syntax *syntax,
+       struct berval *val,
+       struct berval **normalized )
+{
+       /* similiar to IA5StringNormalize except removes all spaces */
+       struct berval *newval;
+       char *p, *q;
+
+       newval = ch_malloc( sizeof( struct berval ) );
+
+       p = val->bv_val;
+
+       /* Ignore initial whitespace */
+       while ( isspace( *p++ ) ) {
+               /* EMPTY */  ;
+       }
+
+       if( *p != '\0' ) {
+               ch_free( newval );
+               return LDAP_INVALID_SYNTAX;
+       }
+
+       newval->bv_val = ch_strdup( p );
+       p = q = newval->bv_val;
+
+       while ( *p ) {
+               if ( isspace( *p ) ) {
+                       /* Ignore whitespace */
+                       p++;
+               } else {
+                       *q++ = *p++;
+               }
+       }
+
+       assert( *newval->bv_val );
+       assert( newval->bv_val < p );
+       assert( p <= q );
+
+       /* cannot start with a space */
+       assert( !isspace(*newval->bv_val) );
+
+       /* cannot end with a space */
+       assert( !isspace( q[-1] ) );
+
+       /* null terminate */
+       *q = '\0';
+
+       newval->bv_len = q - newval->bv_val;
+       *normalized = newval;
 
-       *match = ( oc == NULL || oc != asserted );
        return LDAP_SUCCESS;
 }
 
@@ -357,6 +733,7 @@ struct syntax_defs_rec {
 #endif
 };
 
+#define X_HIDE "X-HIDE 'TRUE' "
 #define X_BINARY "X-BINARY-TRANSFER-REQUIRED 'TRUE' "
 #define X_NOT_H_R "X-NOT-HUMAN-READABLE 'TRUE' "
 
@@ -386,8 +763,8 @@ struct syntax_defs_rec syntax_defs[] = {
                SLAP_SYNTAX_BINARY|SLAP_SYNTAX_BER, berValidate, NULL, NULL},
        {"( 1.3.6.1.4.1.1466.115.121.1.11 DESC 'Country String' )",
                0, NULL, NULL, NULL},
-       {"( 1.3.6.1.4.1.1466.115.121.1.12 DESC 'DN' )",
-               0, blobValidate, NULL, NULL},
+       {"( 1.3.6.1.4.1.1466.115.121.1.12 DESC 'Distinguished Name' )",
+               0, dnValidate, dnNormalize, NULL},
        {"( 1.3.6.1.4.1.1466.115.121.1.13 DESC 'Data Quality' )",
                0, NULL, NULL, NULL},
        {"( 1.3.6.1.4.1.1466.115.121.1.14 DESC 'Delivery Method' )",
@@ -433,7 +810,7 @@ struct syntax_defs_rec syntax_defs[] = {
        {"( 1.3.6.1.4.1.1466.115.121.1.35 DESC 'Name Form Description' )",
                0, NULL, NULL, NULL},
        {"( 1.3.6.1.4.1.1466.115.121.1.36 DESC 'Numeric String' )",
-               0, NULL, NULL, NULL},
+               0, IA5StringValidate, NumericStringNormalize, NULL},
        {"( 1.3.6.1.4.1.1466.115.121.1.37 DESC 'Object Class Description' )",
                0, NULL, NULL, NULL},
        {"( 1.3.6.1.4.1.1466.115.121.1.38 DESC 'OID' )",
@@ -473,8 +850,14 @@ struct syntax_defs_rec syntax_defs[] = {
                0, NULL, NULL, NULL},
 
        /* OpenLDAP Experimental Syntaxes */
-       {"( " SLAPD_OID_ACI_SYNTAX " DESC 'OpenLDAP Experimental ACI' )",
+       {"( 1.3.6.1.4.1.4203.666.2.1 DESC 'OpenLDAP Experimental ACI' )",
                0, NULL, NULL, NULL},
+       {"( 1.3.6.1.4.1.4203.666.2.2 DESC 'OpenLDAP authPassword' )",
+               0, NULL, NULL, NULL},
+       {"( 1.3.6.1.4.1.4203.666.2.3 DESC 'OpenLDAP void' " X_HIDE ")" ,
+               SLAP_SYNTAX_HIDE, inValidate, NULL, NULL},
+       {"( 1.3.6.1.4.1.4203.666.2.4 DESC 'OpenLDAP DN' " X_HIDE ")" ,
+               SLAP_SYNTAX_HIDE, inValidate, NULL, NULL},
 
        {NULL, 0, NULL, NULL, NULL}
 };
@@ -515,19 +898,21 @@ struct mrule_defs_rec {
  * 2.5.13.44   attributeIntegrityMatch
  */
 
+#ifndef SLAPD_SCHEMA_NOT_COMPAT
+#define caseIgnoreIA5SubstringsMatch NULL
+#define caseExactIA5SubstringsMatch NULL
+#endif
+
 /* recycled matching functions */
 #define caseIgnoreMatch caseIgnoreIA5Match
+#define caseIgnoreOrderingMatch caseIgnoreMatch
+#define caseIgnoreSubstringsMatch caseIgnoreIA5SubstringsMatch
 #define caseExactMatch caseExactIA5Match
+#define caseExactOrderingMatch caseExactMatch
+#define caseExactSubstringsMatch caseExactIA5SubstringsMatch
 
 /* unimplemented matching functions */
 #define objectIdentifierMatch NULL
-#define distinguishedNameMatch NULL
-#define caseIgnoreOrderingMatch NULL
-#define caseIgnoreSubstringsMatch NULL
-#define caseExactOrderingMatch NULL
-#define caseExactSubstringsMatch NULL
-#define numericStringMatch NULL
-#define numericStringSubstringsMatch NULL
 #define caseIgnoreListMatch NULL
 #define caseIgnoreListSubstringsMatch NULL
 #define integerMatch NULL
@@ -542,7 +927,9 @@ struct mrule_defs_rec {
 #define generalizedTimeOrderingMatch NULL
 #define integerFirstComponentMatch NULL
 #define objectIdentifierFirstComponentMatch NULL
-#define caseIgnoreIA5SubstringsMatch NULL
+
+#define OpenLDAPaciMatch NULL
+#define authPasswordMatch NULL
 
 struct mrule_defs_rec mrule_defs[] = {
        {"( 2.5.13.0 NAME 'objectIdentifierMatch' "
@@ -553,7 +940,7 @@ struct mrule_defs_rec mrule_defs[] = {
        {"( 2.5.13.1 NAME 'distinguishedNameMatch' "
                "SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )",
                SLAP_MR_EQUALITY | SLAP_MR_EXT,
-               NULL, NULL, distinguishedNameMatch, NULL, NULL},
+               NULL, NULL, dnMatch, NULL, NULL},
 
        {"( 2.5.13.2 NAME 'caseIgnoreMatch' "
                "SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )",
@@ -589,12 +976,12 @@ struct mrule_defs_rec mrule_defs[] = {
        {"( 2.5.13.8 NAME 'numericStringMatch' "
                "SYNTAX 1.3.6.1.4.1.1466.115.121.1.36 )",
                SLAP_MR_EQUALITY | SLAP_MR_EXT,
-               NULL, NULL, numericStringMatch, NULL, NULL},
+               NULL, NULL, caseIgnoreIA5Match, NULL, NULL},
 
        {"( 2.5.13.10 NAME 'numericStringSubstringsMatch' "
                "SYNTAX 1.3.6.1.4.1.1466.115.121.1.58 )",
                SLAP_MR_SUBSTR | SLAP_MR_EXT,
-               NULL, NULL, numericStringSubstringsMatch, NULL, NULL},
+               NULL, NULL, caseIgnoreIA5SubstringsMatch, NULL, NULL},
 
        {"( 2.5.13.11 NAME 'caseIgnoreListMatch' "
                "SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 )",
@@ -681,11 +1068,19 @@ struct mrule_defs_rec mrule_defs[] = {
                SLAP_MR_SUBSTR,
                NULL, NULL, caseIgnoreIA5SubstringsMatch, NULL, NULL},
 
+       {"( 1.3.6.1.4.1.4203.666.4.1 NAME 'authPasswordMatch' "
+               "SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 )",
+               SLAP_MR_EQUALITY,
+               NULL, NULL, authPasswordMatch, NULL, NULL},
+
+       {"( 1.3.6.1.4.1.4203.666.4.2 NAME 'OpenLDAPaciMatch' "
+               "SYNTAX 1.3.6.1.4.1.4203.666.2.1 )",
+               SLAP_MR_EQUALITY,
+               NULL, NULL, OpenLDAPaciMatch, NULL, NULL},
+
        {NULL, SLAP_MR_NONE, NULL, NULL, NULL}
 };
 
-static int schema_init_done = 0;
-
 int
 schema_init( void )
 {
@@ -742,135 +1137,3 @@ schema_init( void )
        schema_init_done = 1;
        return LDAP_SUCCESS;
 }
-
-#ifdef SLAPD_SCHEMA_NOT_COMPAT
-struct slap_internal_schema slap_schema;
-
-struct slap_schema_oc_map {
-       char *ssom_name;
-       size_t ssom_offset;
-} oc_map[] = {
-       { "alias", offsetof(struct slap_internal_schema, si_oc_alias) },
-       { "referral", offsetof(struct slap_internal_schema, si_oc_referral) },
-       { NULL, 0 }
-};
-
-struct slap_schema_ad_map {
-       char *ssam_name;
-       slap_mr_match_func *ssam_match;
-       size_t ssam_offset;
-} ad_map[] = {
-       { "objectClass", objectClassMatch,
-               offsetof(struct slap_internal_schema, si_ad_objectClass) },
-
-       { "creatorsName", NULL,
-               offsetof(struct slap_internal_schema, si_ad_creatorsName) },
-       { "createTimestamp", NULL,
-               offsetof(struct slap_internal_schema, si_ad_createTimestamp) },
-       { "modifiersName", NULL,
-               offsetof(struct slap_internal_schema, si_ad_modifiersName) },
-       { "modifyTimestamp", NULL,
-               offsetof(struct slap_internal_schema, si_ad_modifyTimestamp) },
-
-       { "subschemaSubentry", NULL,
-               offsetof(struct slap_internal_schema, si_ad_subschemaSubentry) },
-
-       { "namingContexts", NULL,
-               offsetof(struct slap_internal_schema, si_ad_namingContexts) },
-       { "supportedControl", NULL,
-               offsetof(struct slap_internal_schema, si_ad_supportedControl) },
-       { "supportedExtension", NULL,
-               offsetof(struct slap_internal_schema, si_ad_supportedExtension) },
-       { "supportedLDAPVersion", NULL,
-               offsetof(struct slap_internal_schema, si_ad_supportedLDAPVersion) },
-#ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND
-       { "supportedACIMechanisms", NULL,
-               offsetof(struct slap_internal_schema, si_ad_supportedACIMechanisms) },
-
-#endif
-       { "supportedSASLMechanisms", NULL,
-               offsetof(struct slap_internal_schema, si_ad_supportedSASLMechanisms) },
-
-       { "attributeTypes", NULL,
-               offsetof(struct slap_internal_schema, si_ad_attributeTypes) },
-       { "ldapSyntaxes", NULL,
-               offsetof(struct slap_internal_schema, si_ad_ldapSyntaxes) },
-       { "matchingRules", NULL,
-               offsetof(struct slap_internal_schema, si_ad_matchingRules) },
-       { "objectClasses", NULL,
-               offsetof(struct slap_internal_schema, si_ad_objectClasses) },
-
-       { "ref", NULL,
-               offsetof(struct slap_internal_schema, si_ad_ref) },
-
-       { "entry", NULL,
-               offsetof(struct slap_internal_schema, si_ad_entry) },
-       { "children", NULL,
-               offsetof(struct slap_internal_schema, si_ad_children) },
-
-       { "userPassword", NULL,
-               offsetof(struct slap_internal_schema, si_ad_userPassword) },
-       { "authPassword", NULL,
-               offsetof(struct slap_internal_schema, si_ad_authPassword) },
-#ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND
-       { "krbName", NULL,
-               offsetof(struct slap_internal_schema, si_ad_krbName) },
-#endif
-
-       { NULL, NULL, 0 }
-};
-
-#endif
-
-int
-schema_prep( void )
-{
-#ifdef SLAPD_SCHEMA_NOT_COMPAT
-       int i;
-#endif
-       /* we should only be called once after schema_init() was called */
-       assert( schema_init_done == 1 );
-
-#ifdef SLAPD_SCHEMA_NOT_COMPAT
-       for( i=0; oc_map[i].ssom_name; i++ ) {
-               ObjectClass ** ocp = (ObjectClass **)
-                       &(((char *) &slap_schema)[oc_map[i].ssom_offset]);
-
-               *ocp = oc_find( oc_map[i].ssom_name );
-
-               if( *ocp == NULL ) {
-                       fprintf( stderr,
-                               "No objectClass \"%s\" defined in schema\n",
-                               oc_map[i].ssom_name );
-                       return LDAP_OBJECT_CLASS_VIOLATION;
-               }
-       }
-
-       for( i=0; ad_map[i].ssam_name; i++ ) {
-               int rc;
-               const char *text;
-
-               AttributeDescription ** adp = (AttributeDescription **)
-                       &(((char *) &slap_schema)[ad_map[i].ssam_offset]);
-
-               *adp = NULL;
-
-               rc = slap_str2ad( ad_map[i].ssam_name, adp, &text );
-
-               if( rc != LDAP_SUCCESS ) {
-                       fprintf( stderr,
-                               "No attribute \"%s\" defined in schema\n",
-                               ad_map[i].ssam_name );
-                       return rc;
-               }
-
-               if( ad_map[i].ssam_match ) {
-                       /* install custom matching routine */
-                       (*adp)->ad_type->sat_equality->smr_match = ad_map[i].ssam_match;
-               }
-       }
-#endif
-
-       ++schema_init_done;
-       return LDAP_SUCCESS;
-}