/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2014 The OpenLDAP Foundation.
+ * Copyright 1998-2017 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
return LDAP_SUCCESS;
}
+/* accept a PKCS#8 private key */
+static int
+privateKeyValidate(
+ Syntax *syntax,
+ struct berval *val )
+{
+ BerElementBuffer berbuf;
+ BerElement *ber = (BerElement *)&berbuf;
+ ber_tag_t tag;
+ ber_len_t len;
+ ber_int_t version;
+
+ ber_init2( ber, val, LBER_USE_DER );
+ tag = ber_skip_tag( ber, &len ); /* Sequence */
+ if ( tag != LBER_SEQUENCE ) return LDAP_INVALID_SYNTAX;
+ tag = ber_peek_tag( ber, &len );
+ if ( tag != LBER_INTEGER ) return LDAP_INVALID_SYNTAX;
+ tag = ber_get_int( ber, &version );
+ tag = ber_skip_tag( ber, &len ); /* AlgorithmIdentifier */
+ if ( tag != LBER_SEQUENCE ) return LDAP_INVALID_SYNTAX;
+ ber_skip_data( ber, len );
+ tag = ber_skip_tag( ber, &len ); /* PrivateKey */
+ if ( tag != LBER_OCTETSTRING ) return LDAP_INVALID_SYNTAX;
+ ber_skip_data( ber, len );
+ tag = ber_skip_tag( ber, &len );
+ if ( tag == LBER_SET ) { /* Optional Attributes */
+ ber_skip_data( ber, len );
+ tag = ber_skip_tag( ber, &len );
+ }
+
+ /* Must be at end now */
+ if ( len || tag != LBER_DEFAULT ) return LDAP_INVALID_SYNTAX;
+ return LDAP_SUCCESS;
+}
+
int
octetStringMatch(
int *matchp,
Syntax *syntax,
struct berval *in )
{
- ber_len_t count;
int len;
- unsigned char *u = (unsigned char *)in->bv_val;
+ unsigned char *u = (unsigned char *)in->bv_val, *end = in->bv_val + in->bv_len;
if( BER_BVISEMPTY( in ) && syntax == slap_schema.si_syn_directoryString ) {
/* directory strings cannot be empty */
return LDAP_INVALID_SYNTAX;
}
- for( count = in->bv_len; count > 0; count -= len, u += len ) {
+ for( ; u < end; u += len ) {
/* get the length indicated by the first byte */
len = LDAP_UTF8_CHARLEN2( u, len );
if( LDAP_UTF8_OFFSET( (char *)u ) != len ) return LDAP_INVALID_SYNTAX;
}
- if( count != 0 ) {
+ if( u > end ) {
return LDAP_INVALID_SYNTAX;
}
itmp.bv_len = maxstrlen;
}
rc = integerVal2Key( &values[i], &keys[i], &itmp, ctx );
- if ( rc )
+ if ( rc ) {
+ slap_sl_free( keys, ctx );
goto func_leave;
+ }
}
*keysp = keys;
func_leave:
}
rc = integerVal2Key( value, keys, &iv, ctx );
- if ( rc == 0 )
- *keysp = keys;
if ( iv.bv_val != ibuf ) {
slap_sl_free( iv.bv_val, ctx );
}
+
+ if ( rc == 0 )
+ *keysp = keys;
+ else
+ slap_sl_free( keys, ctx );
+
return rc;
}
}
if ( is->bv_val[is->bv_len+1] == '"' ) {
/* double dquote */
+ numdquotes++;
is->bv_len += 2;
continue;
}
}
if ( is->bv_val[is->bv_len+1] == '"' ) {
/* double dquote */
+ numdquotes++;
is->bv_len += 2;
continue;
}
}
if ( is->bv_val[is->bv_len + 1] == '"' ) {
/* double dquote */
+ numdquotes++;
is->bv_len += 2;
continue;
}
{"( 1.3.6.1.4.1.4203.666.2.7 DESC 'OpenLDAP authz' )",
SLAP_SYNTAX_HIDE, NULL, authzValidate, authzPretty},
+ /* PKCS#8 Private Keys for X.509 certificates */
+ {"( 1.3.6.1.4.1.4203.666.2.13 DESC 'OpenLDAP privateKey' )",
+ SLAP_SYNTAX_BINARY|SLAP_SYNTAX_BER, NULL, privateKeyValidate, NULL},
{NULL, 0, NULL, NULL, NULL}
};
NULL, NULL,
NULL},
+ {"( 1.3.6.1.4.1.4203.666.4.13 NAME 'privateKeyMatch' "
+ "SYNTAX 1.3.6.1.4.1.4203.666.2.13 )", /* OpenLDAP privateKey */
+ SLAP_MR_HIDE | SLAP_MR_EQUALITY, NULL,
+ NULL, NULL, octetStringMatch,
+ NULL, NULL,
+ NULL},
+
{NULL, SLAP_MR_NONE, NULL,
NULL, NULL, NULL, NULL, NULL,
NULL }