/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2007 The OpenLDAP Foundation.
+ * Copyright 1998-2008 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
unsigned int index_substr_any_len = SLAP_INDEX_SUBSTR_ANY_LEN_DEFAULT;
unsigned int index_substr_any_step = SLAP_INDEX_SUBSTR_ANY_STEP_DEFAULT;
+unsigned int index_intlen = SLAP_INDEX_INTLEN_DEFAULT;
+unsigned int index_intlen_strlen = SLAP_INDEX_INTLEN_STRLEN(
+ SLAP_INDEX_INTLEN_DEFAULT );
+
ldap_pvt_thread_mutex_t ad_undef_mutex;
ldap_pvt_thread_mutex_t oc_undef_mutex;
*matchp = match;
return LDAP_SUCCESS;
}
-
+
+/* 10**Chop < 256**Chopbytes and Chop > Chopbytes<<1 (for sign bit and itmp) */
+#define INDEX_INTLEN_CHOP 7
+#define INDEX_INTLEN_CHOPBYTES 3
+
+static int
+integerVal2Key(
+ struct berval *in,
+ struct berval *key,
+ struct berval *tmp,
+ void *ctx )
+{
+ /* index format:
+ * only if too large: one's complement <sign*exponent (chopped bytes)>,
+ * two's complement value (sign-extended or chopped as needed),
+ * however the top <number of exponent-bytes + 1> bits of first byte
+ * above is the inverse sign. The next bit is the sign as delimiter.
+ */
+ ber_slen_t k = index_intlen_strlen;
+ ber_len_t chop = 0;
+ unsigned signmask = ~0x7fU;
+ unsigned char lenbuf[sizeof(k) + 2], *lenp, neg = 0xff;
+ struct berval val = *in, itmp = *tmp;
+
+ if ( val.bv_val[0] != '-' ) {
+ neg = 0;
+ --k;
+ }
+
+ /* Chop least significant digits, increase length instead */
+ if ( val.bv_len > (ber_len_t) k ) {
+ chop = (val.bv_len-k+2)/INDEX_INTLEN_CHOP; /* 2 fewer digits */
+ val.bv_len -= chop * INDEX_INTLEN_CHOP; /* #digits chopped */
+ chop *= INDEX_INTLEN_CHOPBYTES; /* #bytes added */
+ }
+
+ if ( lutil_str2bin( &val, &itmp, ctx )) {
+ return LDAP_INVALID_SYNTAX;
+ }
+
+ /* Omit leading sign byte */
+ if ( itmp.bv_val[0] == neg ) {
+ itmp.bv_val++;
+ itmp.bv_len--;
+ }
+
+ k = (ber_slen_t) index_intlen - (ber_slen_t) (itmp.bv_len + chop);
+ if ( k > 0 ) {
+ assert( chop == 0 );
+ memset( key->bv_val, neg, k ); /* sign-extend */
+ } else if ( k != 0 || ((itmp.bv_val[0] ^ neg) & 0xc0) ) {
+ lenp = lenbuf + sizeof(lenbuf);
+ chop = - (ber_len_t) k;
+ do {
+ *--lenp = ((unsigned char) chop & 0xff) ^ neg;
+ signmask >>= 1;
+ } while ( (chop >>= 8) != 0 || (signmask >> 1) & (*lenp ^ neg) );
+ /* With n bytes in lenbuf, the top n+1 bits of (signmask&0xff)
+ * are 1, and the top n+2 bits of lenp[] are the sign bit. */
+ k = (lenbuf + sizeof(lenbuf)) - lenp;
+ if ( k > (ber_slen_t) index_intlen )
+ k = index_intlen;
+ memcpy( key->bv_val, lenp, k );
+ itmp.bv_len = index_intlen - k;
+ }
+ memcpy( key->bv_val + k, itmp.bv_val, itmp.bv_len );
+ key->bv_val[0] ^= (unsigned char) signmask & 0xff; /* invert sign */
+ return 0;
+}
+
+/* Index generation function */
+static int
+integerIndexer(
+ slap_mask_t use,
+ slap_mask_t flags,
+ Syntax *syntax,
+ MatchingRule *mr,
+ struct berval *prefix,
+ BerVarray values,
+ BerVarray *keysp,
+ void *ctx )
+{
+ char ibuf[64];
+ struct berval itmp;
+ BerVarray keys;
+ ber_len_t vlen;
+ int i, rc;
+ unsigned maxstrlen = index_intlen_strlen + INDEX_INTLEN_CHOP-1;
+
+ /* count the values and find max needed length */
+ vlen = 0;
+ for( i = 0; !BER_BVISNULL( &values[i] ); i++ ) {
+ if ( vlen < values[i].bv_len )
+ vlen = values[i].bv_len;
+ }
+ if ( vlen > maxstrlen )
+ vlen = maxstrlen;
+
+ /* we should have at least one value at this point */
+ assert( i > 0 );
+
+ keys = slap_sl_malloc( sizeof( struct berval ) * (i+1), ctx );
+ for ( i = 0; !BER_BVISNULL( &values[i] ); i++ ) {
+ keys[i].bv_len = index_intlen;
+ keys[i].bv_val = slap_sl_malloc( index_intlen, ctx );
+ }
+ keys[i].bv_len = 0;
+ keys[i].bv_val = NULL;
+
+ if ( vlen > sizeof(ibuf) ) {
+ itmp.bv_val = slap_sl_malloc( vlen, ctx );
+ } else {
+ itmp.bv_val = ibuf;
+ }
+ itmp.bv_len = sizeof(ibuf);
+
+ for ( i=0; !BER_BVISNULL( &values[i] ); i++ ) {
+ if ( itmp.bv_val != ibuf ) {
+ itmp.bv_len = values[i].bv_len;
+ if ( itmp.bv_len <= sizeof(ibuf) )
+ itmp.bv_len = sizeof(ibuf);
+ else if ( itmp.bv_len > maxstrlen )
+ itmp.bv_len = maxstrlen;
+ }
+ rc = integerVal2Key( &values[i], &keys[i], &itmp, ctx );
+ if ( rc )
+ goto func_leave;
+ }
+ *keysp = keys;
+func_leave:
+ if ( itmp.bv_val != ibuf ) {
+ slap_sl_free( itmp.bv_val, ctx );
+ }
+ return rc;
+}
+
+/* Index generation function */
+static int
+integerFilter(
+ slap_mask_t use,
+ slap_mask_t flags,
+ Syntax *syntax,
+ MatchingRule *mr,
+ struct berval *prefix,
+ void * assertedValue,
+ BerVarray *keysp,
+ void *ctx )
+{
+ char ibuf[64];
+ struct berval iv;
+ BerVarray keys;
+ struct berval *value;
+ int rc;
+
+ value = (struct berval *) assertedValue;
+
+ keys = slap_sl_malloc( sizeof( struct berval ) * 2, ctx );
+
+ keys[0].bv_len = index_intlen;
+ keys[0].bv_val = slap_sl_malloc( index_intlen, ctx );
+ keys[1].bv_len = 0;
+ keys[1].bv_val = NULL;
+
+ iv.bv_len = value->bv_len < index_intlen_strlen + INDEX_INTLEN_CHOP-1
+ ? value->bv_len : index_intlen_strlen + INDEX_INTLEN_CHOP-1;
+ if ( iv.bv_len > (int) sizeof(ibuf) ) {
+ iv.bv_val = slap_sl_malloc( iv.bv_len, ctx );
+ } else {
+ iv.bv_val = ibuf;
+ iv.bv_len = sizeof(ibuf);
+ }
+
+ rc = integerVal2Key( value, keys, &iv, ctx );
+ if ( rc == 0 )
+ *keysp = keys;
+
+ if ( iv.bv_val != ibuf ) {
+ slap_sl_free( iv.bv_val, ctx );
+ }
+ return rc;
+}
+
static int
countryStringValidate(
Syntax *syntax,
} else {
/* Parse GSER format */
- int havesn=0,haveissuer=0;
+ int havesn = 0, haveissuer = 0, numdquotes = 0;
struct berval x = *in;
struct berval ni;
x.bv_val++;
for( ; (x.bv_val[0] == ' ') && x.bv_len; x.bv_val++, x.bv_len--) {
/* empty */;
}
-
+
+ /* For backward compatibility, this part is optional */
+ if( !strncasecmp( x.bv_val, "rdnSequence:", STRLENOF("rdnSequence:"))) {
+ x.bv_val += STRLENOF("rdnSequence:");
+ x.bv_len -= STRLENOF("rdnSequence:");
+ }
+
if( x.bv_val[0] != '"' ) return LDAP_INVALID_SYNTAX;
x.bv_val++; x.bv_len--;
STRLENOF("serialNumber")) == 0 )
{
/* parse serialNumber */
- int neg=0;
+ int neg = 0;
+ char first = '\0';
+ int extra = 0;
+
x.bv_val += STRLENOF("serialNumber");
x.bv_len -= STRLENOF("serialNumber");
}
if ( sn->bv_val[0] == '0' && ( sn->bv_val[1] == 'x' ||
- sn->bv_val[1] == 'X' )) {
+ sn->bv_val[1] == 'X' ))
+ {
is_hex = 1;
+ first = sn->bv_val[2];
+ extra = 2;
+
+ sn->bv_len += STRLENOF("0x");
for( ; sn->bv_len < x.bv_len; sn->bv_len++ ) {
if ( !ASCII_HEX( sn->bv_val[sn->bv_len] )) break;
}
+
} else if ( sn->bv_val[0] == '\'' ) {
+ first = sn->bv_val[1];
+ extra = 3;
+
+ sn->bv_len += STRLENOF("'");
+
for( ; sn->bv_len < x.bv_len; sn->bv_len++ ) {
if ( !ASCII_HEX( sn->bv_val[sn->bv_len] )) break;
}
if ( sn->bv_val[sn->bv_len] == '\'' &&
- sn->bv_val[sn->bv_len+1] == 'H' )
+ sn->bv_val[sn->bv_len + 1] == 'H' )
+ {
+ sn->bv_len += STRLENOF("'H");
is_hex = 1;
- else
+
+ } else {
return LDAP_INVALID_SYNTAX;
- sn->bv_len += 2;
+ }
+
} else {
+ first = sn->bv_val[0];
for( ; sn->bv_len < x.bv_len; sn->bv_len++ ) {
if ( !ASCII_DIGIT( sn->bv_val[sn->bv_len] )) break;
}
}
if (!( sn->bv_len > neg )) return LDAP_INVALID_SYNTAX;
- if (( sn->bv_len > 1+neg ) && ( sn->bv_val[neg] == '0' )) {
+ if (( sn->bv_len > extra+1+neg ) && ( first == '0' )) {
return LDAP_INVALID_SYNTAX;
}
for( ; (x.bv_val[0] == ' ') && x.bv_len; x.bv_val++, x.bv_len--) {
/* empty */;
}
-
+
+ /* For backward compatibility, this part is optional */
+ if( !strncasecmp( x.bv_val, "rdnSequence:", STRLENOF("rdnSequence:"))) {
+ x.bv_val += STRLENOF("rdnSequence:");
+ x.bv_len -= STRLENOF("rdnSequence:");
+ }
+
if( x.bv_val[0] != '"' ) return LDAP_INVALID_SYNTAX;
x.bv_val++; x.bv_len--;
}
if ( is->bv_val[is->bv_len+1] == '"' ) {
/* double dquote */
+ numdquotes++;
is->bv_len+=2;
continue;
}
/* should have no characters left... */
if( x.bv_len ) return LDAP_INVALID_SYNTAX;
- ber_dupbv_x( &ni, is, ctx );
- *is = ni;
+ if ( numdquotes == 0 ) {
+ ber_dupbv_x( &ni, is, ctx );
+ } else {
+ ber_int_t src, dst;
- /* need to handle double dquotes here */
+ ni.bv_len = is->bv_len - numdquotes;
+ ni.bv_val = ber_memalloc_x( ni.bv_len + 1, ctx );
+ for ( src = 0, dst = 0; src < is->bv_len; src++, dst++ ) {
+ if ( is->bv_val[src] == '"' ) {
+ src++;
+ }
+ ni.bv_val[dst] = is->bv_val[src];
+ }
+ ni.bv_val[dst] = '\0';
+ }
+
+ *is = ni;
}
+
return 0;
}
if( rc ) return LDAP_INVALID_SYNTAX;
/* make room from sn + "$" */
- out->bv_len = STRLENOF("{ serialNumber , issuer \"\" }")
+ out->bv_len = STRLENOF("{ serialNumber , issuer rdnSequence:\"\" }")
+ sn.bv_len + ni.bv_len;
out->bv_val = slap_sl_malloc( out->bv_len + 1, ctx );
AC_MEMCPY( &out->bv_val[n], sn.bv_val, sn.bv_len );
n += sn.bv_len;
- AC_MEMCPY( &out->bv_val[n], ", issuer \"", STRLENOF(", issuer \""));
- n += STRLENOF(", issuer \"");
+ AC_MEMCPY( &out->bv_val[n], ", issuer rdnSequence:\"", STRLENOF(", issuer rdnSequence:\""));
+ n += STRLENOF(", issuer rdnSequence:\"");
AC_MEMCPY( &out->bv_val[n], ni.bv_val, ni.bv_len );
n += ni.bv_len;
char sbuf[64], *stmp = sbuf;
int rc;
ber_len_t n;
- int is_hex = 0;
assert( in != NULL );
assert( out != NULL );
}
sn2.bv_val = stmp;
sn2.bv_len = sn.bv_len;
- if ( lutil_str2bin( &sn, &sn2 )) {
+ if ( lutil_str2bin( &sn, &sn2, ctx )) {
rc = LDAP_INVALID_SYNTAX;
- goto leave;
+ goto func_leave;
}
/* make room for sn + "$" */
- out->bv_len = STRLENOF( "{ serialNumber , issuer \"\" }" )
+ out->bv_len = STRLENOF( "{ serialNumber , issuer rdnSequence:\"\" }" )
+ ( sn2.bv_len * 2 + 3 ) + ni.bv_len;
out->bv_val = slap_sl_malloc( out->bv_len + 1, ctx );
out->bv_len = 0;
slap_sl_free( ni.bv_val, ctx );
rc = LDAP_OTHER;
- goto leave;
+ goto func_leave;
}
n = 0;
AC_MEMCPY( &out->bv_val[n], sn.bv_val, sn.bv_len );
{
int j;
- unsigned char *v = sn2.bv_val;
+ unsigned char *v = (unsigned char *)sn2.bv_val;
out->bv_val[n++] = '\'';
for ( j = 0; j < sn2.bv_len; j++ ) {
- sprintf( &out->bv_val[n], "%02x", v[j] );
+ snprintf( &out->bv_val[n], out->bv_len - n + 1,
+ "%02X", v[j] );
n += 2;
}
out->bv_val[n++] = '\'';
out->bv_val[n++] = 'H';
}
- AC_MEMCPY( &out->bv_val[n], ", issuer \"", STRLENOF( ", issuer \"" ));
- n += STRLENOF( ", issuer \"" );
+ AC_MEMCPY( &out->bv_val[n], ", issuer rdnSequence:\"", STRLENOF( ", issuer rdnSequence:\"" ));
+ n += STRLENOF( ", issuer rdnSequence:\"" );
AC_MEMCPY( &out->bv_val[n], ni.bv_val, ni.bv_len );
n += ni.bv_len;
Debug( LDAP_DEBUG_TRACE, "<<< serialNumberAndIssuerNormalize: <%s>\n",
out->bv_val, 0, 0 );
-leave:
+func_leave:
if ( stmp != sbuf )
slap_sl_free( stmp, ctx );
slap_sl_free( ni.bv_val, ctx );
sptr = serial;
*sptr++ = '\'';
for ( i = 0; i<len; i++ ) {
- sprintf( sptr, "%02x", ptr[i] );
+ sprintf( sptr, "%02X", ptr[i] );
sptr += 2;
}
*sptr++ = '\'';
rc = dnX509normalize( &bvdn, &issuer_dn );
if( rc != LDAP_SUCCESS ) goto done;
- normalized->bv_len = STRLENOF( "{ serialNumber , issuer \"\" }" )
+ normalized->bv_len = STRLENOF( "{ serialNumber , issuer rdnSequence:\"\" }" )
+ seriallen + issuer_dn.bv_len;
normalized->bv_val = ch_malloc(normalized->bv_len+1);
AC_MEMCPY(p, serial, seriallen);
p += seriallen;
- AC_MEMCPY(p, ", issuer \"", STRLENOF( ", issuer \"" ));
- p += STRLENOF( ", issuer \"" );
+ AC_MEMCPY(p, ", issuer rdnSequence:\"", STRLENOF( ", issuer rdnSequence:\"" ));
+ p += STRLENOF( ", issuer rdnSequence:\"" );
AC_MEMCPY(p, issuer_dn.bv_val, issuer_dn.bv_len);
p += issuer_dn.bv_len;
return hexValidate( NULL, &bv );
}
+/* Normalize a CSN in OpenLDAP 2.1 format */
+static int
+csnNormalize21(
+ slap_mask_t usage,
+ Syntax *syntax,
+ MatchingRule *mr,
+ struct berval *val,
+ struct berval *normalized,
+ void *ctx )
+{
+ struct berval gt, cnt, sid, mod;
+ struct berval bv;
+ char buf[ STRLENOF( "YYYYmmddHHMMSS.uuuuuuZ#SSSSSS#SID#ssssss" ) + 1 ];
+ char *ptr;
+ int i;
+
+ assert( SLAP_MR_IS_VALUE_OF_SYNTAX( usage ) != 0 );
+ assert( !BER_BVISEMPTY( val ) );
+
+ gt = *val;
+
+ ptr = ber_bvchr( >, '#' );
+ if ( ptr == NULL || ptr - gt.bv_val == gt.bv_len ) {
+ return LDAP_INVALID_SYNTAX;
+ }
+
+ gt.bv_len = ptr - gt.bv_val;
+ if ( gt.bv_len != STRLENOF( "YYYYmmddHH:MM:SSZ" ) ) {
+ return LDAP_INVALID_SYNTAX;
+ }
+
+ if ( gt.bv_val[ 10 ] != ':' || gt.bv_val[ 13 ] != ':' ) {
+ return LDAP_INVALID_SYNTAX;
+ }
+
+ cnt.bv_val = ptr + 1;
+ cnt.bv_len = val->bv_len - ( cnt.bv_val - val->bv_val );
+
+ ptr = ber_bvchr( &cnt, '#' );
+ if ( ptr == NULL || ptr - val->bv_val == val->bv_len ) {
+ return LDAP_INVALID_SYNTAX;
+ }
+
+ cnt.bv_len = ptr - cnt.bv_val;
+ if ( cnt.bv_len != STRLENOF( "0x0000" ) ) {
+ return LDAP_INVALID_SYNTAX;
+ }
+
+ if ( strncmp( cnt.bv_val, "0x", STRLENOF( "0x" ) ) != 0 ) {
+ return LDAP_INVALID_SYNTAX;
+ }
+
+ cnt.bv_val += STRLENOF( "0x" );
+ cnt.bv_len -= STRLENOF( "0x" );
+
+ sid.bv_val = ptr + 1;
+ sid.bv_len = val->bv_len - ( sid.bv_val - val->bv_val );
+
+ ptr = ber_bvchr( &sid, '#' );
+ if ( ptr == NULL || ptr - val->bv_val == val->bv_len ) {
+ return LDAP_INVALID_SYNTAX;
+ }
+
+ sid.bv_len = ptr - sid.bv_val;
+ if ( sid.bv_len != STRLENOF( "0" ) ) {
+ return LDAP_INVALID_SYNTAX;
+ }
+
+ mod.bv_val = ptr + 1;
+ mod.bv_len = val->bv_len - ( mod.bv_val - val->bv_val );
+ if ( mod.bv_len != STRLENOF( "0000" ) ) {
+ return LDAP_INVALID_SYNTAX;
+ }
+
+ bv.bv_len = STRLENOF( "YYYYmmddHHMMSS.uuuuuuZ#SSSSSS#SID#ssssss" );
+ bv.bv_val = buf;
+
+ ptr = bv.bv_val;
+ ptr = lutil_strncopy( ptr, gt.bv_val, STRLENOF( "YYYYmmddHH" ) );
+ ptr = lutil_strncopy( ptr, >.bv_val[ STRLENOF( "YYYYmmddHH:" ) ],
+ STRLENOF( "MM" ) );
+ ptr = lutil_strncopy( ptr, >.bv_val[ STRLENOF( "YYYYmmddHH:MM:" ) ],
+ STRLENOF( "SS" ) );
+ ptr = lutil_strcopy( ptr, ".000000Z#00" );
+ ptr = lutil_strncopy( ptr, cnt.bv_val, cnt.bv_len );
+ *ptr++ = '#';
+ *ptr++ = '0';
+ *ptr++ = '0';
+ *ptr++ = sid.bv_val[ 0 ];
+ *ptr++ = '#';
+ *ptr++ = '0';
+ *ptr++ = '0';
+ for ( i = 0; i < mod.bv_len; i++ ) {
+ *ptr++ = TOLOWER( mod.bv_val[ i ] );
+ }
+ *ptr = '\0';
+
+ assert( ptr - bv.bv_val == bv.bv_len );
+
+ if ( csnValidate( syntax, &bv ) != LDAP_SUCCESS ) {
+ return LDAP_INVALID_SYNTAX;
+ }
+
+ ber_dupbv_x( normalized, &bv, ctx );
+
+ return LDAP_SUCCESS;
+}
+
/* Normalize a CSN in OpenLDAP 2.3 format */
static int
csnNormalize23(
void *ctx )
{
struct berval gt, cnt, sid, mod;
+ struct berval bv;
+ char buf[ STRLENOF( "YYYYmmddHHMMSS.uuuuuuZ#SSSSSS#SID#ssssss" ) + 1 ];
char *ptr;
int i;
}
gt.bv_len = ptr - gt.bv_val;
- assert( gt.bv_len == STRLENOF( "YYYYmmddHHMMSSZ" ) );
+ if ( gt.bv_len != STRLENOF( "YYYYmmddHHMMSSZ" ) ) {
+ return LDAP_INVALID_SYNTAX;
+ }
cnt.bv_val = ptr + 1;
cnt.bv_len = val->bv_len - ( cnt.bv_val - val->bv_val );
}
cnt.bv_len = ptr - cnt.bv_val;
- assert( cnt.bv_len == STRLENOF( "000000" ) );
+ if ( cnt.bv_len != STRLENOF( "000000" ) ) {
+ return LDAP_INVALID_SYNTAX;
+ }
sid.bv_val = ptr + 1;
sid.bv_len = val->bv_len - ( sid.bv_val - val->bv_val );
}
sid.bv_len = ptr - sid.bv_val;
- assert( sid.bv_len == STRLENOF( "00" ) );
+ if ( sid.bv_len != STRLENOF( "00" ) ) {
+ return LDAP_INVALID_SYNTAX;
+ }
mod.bv_val = ptr + 1;
mod.bv_len = val->bv_len - ( mod.bv_val - val->bv_val );
- assert( mod.bv_len == STRLENOF( "000000" ) );
+ if ( mod.bv_len != STRLENOF( "000000" ) ) {
+ return LDAP_INVALID_SYNTAX;
+ }
- normalized->bv_len = STRLENOF( "YYYYmmddHHMMSS.uuuuuuZ#SSSSSS#SID#ssssss" );
- normalized->bv_val = ber_memalloc_x( normalized->bv_len + 1, ctx );
+ bv.bv_len = STRLENOF( "YYYYmmddHHMMSS.uuuuuuZ#SSSSSS#SID#ssssss" );
+ bv.bv_val = buf;
- ptr = normalized->bv_val;
+ ptr = bv.bv_val;
ptr = lutil_strncopy( ptr, gt.bv_val, gt.bv_len - 1 );
ptr = lutil_strcopy( ptr, ".000000Z#" );
ptr = lutil_strncopy( ptr, cnt.bv_val, cnt.bv_len );
}
*ptr = '\0';
- assert( ptr - normalized->bv_val == normalized->bv_len );
+ assert( ptr - bv.bv_val == bv.bv_len );
+ if ( csnValidate( syntax, &bv ) != LDAP_SUCCESS ) {
+ return LDAP_INVALID_SYNTAX;
+ }
+
+ ber_dupbv_x( normalized, &bv, ctx );
return LDAP_SUCCESS;
}
return csnNormalize23( usage, syntax, mr, val, normalized, ctx );
}
- assert( val->bv_len == STRLENOF( "YYYYmmddHHMMSS.uuuuuuZ#SSSSSS#SID#ssssss" ) );
+ if ( val->bv_len == STRLENOF( "YYYYmmddHH:MM:SSZ#0xSSSS#I#ssss" ) ) {
+ /* Openldap 2.1 */
+
+ return csnNormalize21( usage, syntax, mr, val, normalized, ctx );
+ }
+
+ if ( val->bv_len != STRLENOF( "YYYYmmddHHMMSS.uuuuuuZ#SSSSSS#SID#ssssss" ) ) {
+ return LDAP_INVALID_SYNTAX;
+ }
ptr = ber_bvchr( val, '#' );
if ( ptr == NULL || ptr - val->bv_val == val->bv_len ) {
return LDAP_INVALID_SYNTAX;
}
- assert( ptr - val->bv_val == STRLENOF( "YYYYmmddHHMMSS.uuuuuuZ" ) );
+ if ( ptr - val->bv_val != STRLENOF( "YYYYmmddHHMMSS.uuuuuuZ" ) ) {
+ return LDAP_INVALID_SYNTAX;
+ }
cnt.bv_val = ptr + 1;
cnt.bv_len = val->bv_len - ( cnt.bv_val - val->bv_val );
return LDAP_INVALID_SYNTAX;
}
- assert( ptr - cnt.bv_val == STRLENOF( "000000" ) );
+ if ( ptr - cnt.bv_val != STRLENOF( "000000" ) ) {
+ return LDAP_INVALID_SYNTAX;
+ }
sid.bv_val = ptr + 1;
sid.bv_len = val->bv_len - ( sid.bv_val - val->bv_val );
}
sid.bv_len = ptr - sid.bv_val;
- assert( sid.bv_len == STRLENOF( "000" ) );
+ if ( sid.bv_len != STRLENOF( "000" ) ) {
+ return LDAP_INVALID_SYNTAX;
+ }
mod.bv_val = ptr + 1;
mod.bv_len = val->bv_len - ( mod.bv_val - val->bv_val );
- assert( mod.bv_len == STRLENOF( "000000" ) );
+ if ( mod.bv_len != STRLENOF( "000000" ) ) {
+ return LDAP_INVALID_SYNTAX;
+ }
ber_dupbv_x( normalized, val, ctx );
if( val->bv_len < 3 ) return LDAP_INVALID_SYNTAX;
- if( val->bv_val[0] != '(' /*')'*/ &&
- val->bv_val[0] != '{' /*'}'*/ )
+ if( ! ( val->bv_val[0] == '(' /*')'*/
+ && val->bv_val[val->bv_len - 1] == /*'('*/ ')' )
+ && ! ( val->bv_val[0] == '{' /*'}'*/
+ && val->bv_val[val->bv_len - 1] == /*'('*/ '}' ) )
{
return LDAP_INVALID_SYNTAX;
}
/* grab next word */
comp.bv_val = &val->bv_val[len];
- len = val->bv_len - len;
+ len = val->bv_len - len - STRLENOF(/*"{"*/ "}");
for( comp.bv_len = 0;
!ASCII_SPACE(comp.bv_val[comp.bv_len]) && comp.bv_len < len;
comp.bv_len++ )
{"( 2.5.13.14 NAME 'integerMatch' "
"SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )",
- SLAP_MR_EQUALITY | SLAP_MR_EXT, NULL,
+ SLAP_MR_EQUALITY | SLAP_MR_EXT | SLAP_MR_ORDERED_INDEX, NULL,
NULL, NULL, integerMatch,
- octetStringIndexer, octetStringFilter,
+ integerIndexer, integerFilter,
NULL },
{"( 2.5.13.15 NAME 'integerOrderingMatch' "
"SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )",
- SLAP_MR_ORDERING, NULL,
+ SLAP_MR_ORDERING | SLAP_MR_ORDERED_INDEX, NULL,
NULL, NULL, integerMatch,
NULL, NULL,
"integerMatch" },
projects / openldap / blobdiff