#include "portable.h"
#include <stdio.h>
+#ifdef HAVE_LIMITS_H
#include <limits.h>
+#endif
#include <ac/ctype.h>
#include <ac/errno.h>
#define HASH_Update(c,buf,len) lutil_HASHUpdate(c,buf,len)
#define HASH_Final(d,c) lutil_HASHFinal(d,c)
-#define OpenLDAPaciMatch NULL
-
/* approx matching rules */
#define directoryStringApproxMatchOID "1.3.6.1.4.1.4203.666.4.4"
#define directoryStringApproxMatch approxMatch
#define csnIndexer generalizedTimeIndexer
#define csnFilter generalizedTimeFilter
+#ifdef SLAP_AUTHZ_SYNTAX
+/* FIXME: temporary */
+#define authzMatch octetStringMatch
+#endif /* SLAP_AUTHZ_SYNTAX */
+
unsigned int index_substr_if_minlen = SLAP_INDEX_SUBSTR_IF_MINLEN_DEFAULT;
unsigned int index_substr_if_maxlen = SLAP_INDEX_SUBSTR_IF_MAXLEN_DEFAULT;
unsigned int index_substr_any_len = SLAP_INDEX_SUBSTR_ANY_LEN_DEFAULT;
unsigned int index_substr_any_step = SLAP_INDEX_SUBSTR_ANY_STEP_DEFAULT;
+ldap_pvt_thread_mutex_t ad_undef_mutex;
+ldap_pvt_thread_mutex_t oc_undef_mutex;
+
static int
inValidate(
Syntax *syntax,
#define certificateValidate sequenceValidate
#endif
-static int
+int
octetStringMatch(
int *matchp,
slap_mask_t flags,
BerVarray *keysp,
void *ctx )
{
- ber_len_t i, j, len, nkeys;
+ ber_len_t i, nkeys;
size_t slen, mlen;
BerVarray keys;
{
SubstringsAssertion *sa;
char pre;
- ber_len_t len, max, nkeys = 0;
+ ber_len_t nkeys = 0;
size_t slen, mlen, klen;
BerVarray keys;
HASH_CONTEXT HASHcontext;
struct berval *out,
void *ctx )
{
- assert( val );
- assert( out );
+ assert( val != NULL );
+ assert( out != NULL );
Debug( LDAP_DEBUG_TRACE, ">>> nameUIDPretty: <%s>\n", val->bv_val, 0, 0 );
struct berval *asserted = (struct berval *) assertedValue;
struct berval assertedDN = *asserted;
struct berval assertedUID = BER_BVNULL;
- struct berval valueDN = BER_BVNULL;
+ struct berval valueDN = *value;
struct berval valueUID = BER_BVNULL;
+ int approx = ((flags & SLAP_MR_EQUALITY_APPROX) == SLAP_MR_EQUALITY_APPROX);
if ( !BER_BVISEMPTY( asserted ) ) {
assertedUID.bv_val = strrchr( assertedDN.bv_val, '#' );
}
if ( !BER_BVISEMPTY( value ) ) {
- valueDN = *value;
valueUID.bv_val = strrchr( valueDN.bv_val, '#' );
if ( !BER_BVISNULL( &valueUID ) ) {
*matchp = match;
return LDAP_SUCCESS;
}
+
+ } else if ( !approx && valueUID.bv_len ) {
+ match = -1;
+ *matchp = match;
+ return LDAP_SUCCESS;
+
+ } else if ( !approx && assertedUID.bv_len ) {
+ match = 1;
+ *matchp = match;
+ return LDAP_SUCCESS;
}
return dnMatch( matchp, flags, syntax, mr, &valueDN, &assertedDN );
}
+static int
+uniqueMemberIndexer(
+ slap_mask_t use,
+ slap_mask_t flags,
+ Syntax *syntax,
+ MatchingRule *mr,
+ struct berval *prefix,
+ BerVarray values,
+ BerVarray *keysp,
+ void *ctx )
+{
+ BerVarray dnvalues;
+ int rc;
+ int i;
+ for( i=0; !BER_BVISNULL( &values[i] ); i++ ) {
+ /* just count them */
+ }
+ assert( i > 0 );
+
+ dnvalues = slap_sl_malloc( sizeof( struct berval ) * (i+1), ctx );
+
+ for( i=0; !BER_BVISNULL( &values[i] ); i++ ) {
+ struct berval assertedDN = values[i];
+ struct berval assertedUID = BER_BVNULL;
+
+ if ( !BER_BVISEMPTY( &assertedDN ) ) {
+ assertedUID.bv_val = strrchr( assertedDN.bv_val, '#' );
+ if ( !BER_BVISNULL( &assertedUID ) ) {
+ assertedUID.bv_val++;
+ assertedUID.bv_len = assertedDN.bv_len
+ - ( assertedUID.bv_val - assertedDN.bv_val );
+
+ if ( bitStringValidate( NULL, &assertedUID ) == LDAP_SUCCESS ) {
+ assertedDN.bv_len -= assertedUID.bv_len + 1;
+
+ } else {
+ BER_BVZERO( &assertedUID );
+ }
+ }
+ }
+
+ dnvalues[i] = assertedDN;
+ }
+ BER_BVZERO( &dnvalues[i] );
+
+ rc = octetStringIndexer( use, flags, syntax, mr, prefix,
+ dnvalues, keysp, ctx );
+
+ slap_sl_free( dnvalues, ctx );
+ return rc;
+}
+
+static int
+uniqueMemberFilter(
+ slap_mask_t use,
+ slap_mask_t flags,
+ Syntax *syntax,
+ MatchingRule *mr,
+ struct berval *prefix,
+ void * assertedValue,
+ BerVarray *keysp,
+ void *ctx )
+{
+ struct berval *asserted = (struct berval *) assertedValue;
+ struct berval assertedDN = *asserted;
+ struct berval assertedUID = BER_BVNULL;
+
+ if ( !BER_BVISEMPTY( asserted ) ) {
+ assertedUID.bv_val = strrchr( assertedDN.bv_val, '#' );
+ if ( !BER_BVISNULL( &assertedUID ) ) {
+ assertedUID.bv_val++;
+ assertedUID.bv_len = assertedDN.bv_len
+ - ( assertedUID.bv_val - assertedDN.bv_val );
+
+ if ( bitStringValidate( NULL, &assertedUID ) == LDAP_SUCCESS ) {
+ assertedDN.bv_len -= assertedUID.bv_len + 1;
+
+ } else {
+ BER_BVZERO( &assertedUID );
+ }
+ }
+ }
+
+ return octetStringFilter( use, flags, syntax, mr, prefix,
+ &assertedDN, keysp, ctx );
+}
+
+
/*
* Handling boolean syntax and matching is quite rigid.
* A more flexible approach would be to allow a variety
return LDAP_SUCCESS;
}
-static int
+int
numericoidValidate(
Syntax *syntax,
struct berval *in )
return LDAP_CONSTRAINT_VIOLATION;
}
- *matchp = (lValue & lAssertedValue) ? 0 : 1;
+ *matchp = ((lValue & lAssertedValue) == lAssertedValue) ? 0 : 1;
return LDAP_SUCCESS;
}
return LDAP_CONSTRAINT_VIOLATION;
}
- *matchp = (lValue | lAssertedValue) ? 0 : -1;
+ *matchp = ((lValue & lAssertedValue) != 0) ? 0 : -1;
return LDAP_SUCCESS;
}
struct berval *in )
{
int rc;
- int state;
ber_len_t n;
struct berval sn, i;
if( in->bv_len < 3 ) return LDAP_INVALID_SYNTAX;
void *ctx )
{
int rc;
- int state;
ber_len_t n;
struct berval sn, i, newi;
- assert( val );
- assert( out );
+ assert( val != NULL );
+ assert( out != NULL );
Debug( LDAP_DEBUG_TRACE, ">>> serialNumberAndIssuerPretty: <%s>\n",
val->bv_val, 0, 0 );
out->bv_len = sn.bv_len + newi.bv_len + 1;
out->bv_val = slap_sl_realloc( newi.bv_val, out->bv_len + 1, ctx );
- if( BER_BVISNULL( out ) ) {
+ if( out->bv_val == NULL ) {
+ out->bv_len = 0;
slap_sl_free( newi.bv_val, ctx );
return LDAP_OTHER;
}
/* push issuer over */
- AC_MEMCPY( &out->bv_val[sn.bv_len+1], newi.bv_val, newi.bv_len );
+ AC_MEMCPY( &out->bv_val[sn.bv_len+1], out->bv_val, newi.bv_len );
/* insert sn and "$" */
AC_MEMCPY( out->bv_val, sn.bv_val, sn.bv_len );
out->bv_val[sn.bv_len] = '$';
void *ctx )
{
int rc;
- int state;
ber_len_t n;
struct berval sn, i, newi;
- assert( val );
- assert( out );
+ assert( val != NULL );
+ assert( out != NULL );
Debug( LDAP_DEBUG_TRACE, ">>> serialNumberAndIssuerNormalize: <%s>\n",
val->bv_val, 0, 0 );
out->bv_len = sn.bv_len + newi.bv_len + 1;
out->bv_val = slap_sl_realloc( newi.bv_val, out->bv_len + 1, ctx );
- if( BER_BVISNULL( out ) ) {
+ if( out->bv_val == NULL ) {
+ out->bv_len = 0;
slap_sl_free( newi.bv_val, ctx );
return LDAP_OTHER;
}
/* push issuer over */
- AC_MEMCPY( &out->bv_val[sn.bv_len+1], newi.bv_val, newi.bv_len );
+ AC_MEMCPY( &out->bv_val[sn.bv_len+1], out->bv_val, newi.bv_len );
/* insert sn and "$" */
AC_MEMCPY( out->bv_val, sn.bv_val, sn.bv_len );
out->bv_val[sn.bv_len] = '$';
void *ctx )
{
int i, j;
- size_t slen, mlen;
BerVarray keys;
char tmp[5];
BerValue bvtmp; /* 40 bit index */
serialNumberAndIssuerValidate,
serialNumberAndIssuerPretty},
-#ifdef SLAPD_ACI_ENABLED
- /* OpenLDAP Experimental Syntaxes */
- {"( 1.3.6.1.4.1.4203.666.2.1 DESC 'OpenLDAP Experimental ACI' )",
- SLAP_SYNTAX_HIDE,
- UTF8StringValidate /* THIS WILL CHANGE FOR NEW ACI SYNTAX */,
- NULL},
-#endif
-
#ifdef SLAPD_AUTHPASSWD
/* needs updating */
{"( 1.3.6.1.4.1.4203.666.2.2 DESC 'OpenLDAP authPassword' )",
/* OpenLDAP Void Syntax */
{"( 1.3.6.1.4.1.4203.1.1.1 DESC 'OpenLDAP void' )" ,
SLAP_SYNTAX_HIDE, inValidate, NULL},
+
+#ifdef SLAP_AUTHZ_SYNTAX
+ /* FIXME: OID is unused, but not registered yet */
+ {"( 1.3.6.1.4.1.4203.666.2.7 DESC 'OpenLDAP authz' )",
+ SLAP_SYNTAX_HIDE, authzValidate, authzPretty},
+#endif /* SLAP_AUTHZ_SYNTAX */
+
{NULL, 0, NULL, NULL}
};
"SYNTAX 1.3.6.1.4.1.1466.115.121.1.34 )",
SLAP_MR_EQUALITY | SLAP_MR_EXT, NULL,
NULL, uniqueMemberNormalize, uniqueMemberMatch,
- NULL, NULL,
+ uniqueMemberIndexer, uniqueMemberFilter,
NULL },
{"( 2.5.13.24 NAME 'protocolInformationMatch' "
NULL},
#endif
-#ifdef SLAPD_ACI_ENABLED
- {"( 1.3.6.1.4.1.4203.666.4.2 NAME 'OpenLDAPaciMatch' "
- "SYNTAX 1.3.6.1.4.1.4203.666.2.1 )",
- SLAP_MR_HIDE | SLAP_MR_EQUALITY, NULL,
- NULL, NULL, OpenLDAPaciMatch,
- NULL, NULL,
- NULL},
-#endif
-
{"( 1.2.840.113556.1.4.803 NAME 'integerBitAndMatch' "
"SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )",
SLAP_MR_EXT, NULL,
NULL, NULL,
"CSNMatch" },
+#ifdef SLAP_AUTHZ_SYNTAX
+ /* FIXME: OID is unused, but not registered yet */
+ {"( 1.3.6.1.4.1.4203.666.4.12 NAME 'authzMatch' "
+ "SYNTAX 1.3.6.1.4.1.4203.666.2.7 )",
+ SLAP_MR_HIDE | SLAP_MR_EQUALITY, NULL,
+ NULL, authzNormalize, authzMatch,
+ NULL, NULL,
+ NULL},
+#endif /* SLAP_AUTHZ_SYNTAX */
+
{NULL, SLAP_MR_NONE, NULL,
NULL, NULL, NULL, NULL, NULL,
NULL }
mr_destroy();
mru_destroy();
syn_destroy();
+
+ ldap_pvt_thread_mutex_destroy( &ad_undef_mutex );
+ ldap_pvt_thread_mutex_destroy( &oc_undef_mutex );
}
projects / openldap / blobdiff