/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2007 The OpenLDAP Foundation.
+ * Copyright 1998-2008 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
unsigned int index_substr_any_step = SLAP_INDEX_SUBSTR_ANY_STEP_DEFAULT;
unsigned int index_intlen = SLAP_INDEX_INTLEN_DEFAULT;
+unsigned int index_intlen_strlen = SLAP_INDEX_INTLEN_STRLEN(
+ SLAP_INDEX_INTLEN_DEFAULT );
ldap_pvt_thread_mutex_t ad_undef_mutex;
ldap_pvt_thread_mutex_t oc_undef_mutex;
return LDAP_SUCCESS;
}
+/* 10**Chop < 256**Chopbytes and Chop > Chopbytes<<1 (for sign bit and itmp) */
+#define INDEX_INTLEN_CHOP 7
+#define INDEX_INTLEN_CHOPBYTES 3
+
static int
integerVal2Key(
- struct berval *val,
+ struct berval *in,
struct berval *key,
- struct berval *tmp
-)
+ struct berval *tmp,
+ void *ctx )
{
- struct berval iv;
- int neg;
+ /* index format:
+ * only if too large: one's complement <sign*exponent (chopped bytes)>,
+ * two's complement value (sign-extended or chopped as needed),
+ * however the top <number of exponent-bytes + 1> bits of first byte
+ * above is the inverse sign. The next bit is the sign as delimiter.
+ */
+ ber_slen_t k = index_intlen_strlen;
+ ber_len_t chop = 0;
+ unsigned signmask = ~0x7fU;
+ unsigned char lenbuf[sizeof(k) + 2], *lenp, neg = 0xff;
+ struct berval val = *in, itmp = *tmp;
- iv = *tmp;
- if ( lutil_str2bin( val, &iv )) {
- return LDAP_INVALID_SYNTAX;
+ if ( val.bv_val[0] != '-' ) {
+ neg = 0;
+ --k;
}
- neg = iv.bv_val[0] & 0x80;
-
- /* Omit leading 0 pad byte */
- if ( !iv.bv_val[0] ) {
- iv.bv_val++;
- iv.bv_len--;
+ /* Chop least significant digits, increase length instead */
+ if ( val.bv_len > (ber_len_t) k ) {
+ chop = (val.bv_len-k+2)/INDEX_INTLEN_CHOP; /* 2 fewer digits */
+ val.bv_len -= chop * INDEX_INTLEN_CHOP; /* #digits chopped */
+ chop *= INDEX_INTLEN_CHOPBYTES; /* #bytes added */
}
- /* If too small, sign-extend */
- if ( iv.bv_len < index_intlen ) {
- int j, k, pad;
- key->bv_val[0] = index_intlen;
- k = index_intlen - iv.bv_len + 1;
- if ( neg )
- pad = 0xff;
- else
- pad = 0;
- for ( j=1; j<k; j++)
- key->bv_val[j] = pad;
- for ( j = 0; j<iv.bv_len; j++ )
- key->bv_val[j+k] = iv.bv_val[j];
- } else {
- key->bv_val[0] = iv.bv_len;
- memcpy( key->bv_val+1, iv.bv_val, index_intlen );
- }
- if ( neg ) {
- key->bv_val[0] = -key->bv_val[0];
+ if ( lutil_str2bin( &val, &itmp, ctx )) {
+ return LDAP_INVALID_SYNTAX;
}
- /* convert signed to unsigned */
- key->bv_val[0] ^= 0x80;
+
+ /* Omit leading sign byte */
+ if ( itmp.bv_val[0] == neg ) {
+ itmp.bv_val++;
+ itmp.bv_len--;
+ }
+
+ k = (ber_slen_t) index_intlen - (ber_slen_t) (itmp.bv_len + chop);
+ if ( k > 0 ) {
+ assert( chop == 0 );
+ memset( key->bv_val, neg, k ); /* sign-extend */
+ } else if ( k != 0 || ((itmp.bv_val[0] ^ neg) & 0xc0) ) {
+ lenp = lenbuf + sizeof(lenbuf);
+ chop = - (ber_len_t) k;
+ do {
+ *--lenp = ((unsigned char) chop & 0xff) ^ neg;
+ signmask >>= 1;
+ } while ( (chop >>= 8) != 0 || (signmask >> 1) & (*lenp ^ neg) );
+ /* With n bytes in lenbuf, the top n+1 bits of (signmask&0xff)
+ * are 1, and the top n+2 bits of lenp[] are the sign bit. */
+ k = (lenbuf + sizeof(lenbuf)) - lenp;
+ if ( k > (ber_slen_t) index_intlen )
+ k = index_intlen;
+ memcpy( key->bv_val, lenp, k );
+ itmp.bv_len = index_intlen - k;
+ }
+ memcpy( key->bv_val + k, itmp.bv_val, itmp.bv_len );
+ key->bv_val[0] ^= (unsigned char) signmask & 0xff; /* invert sign */
return 0;
}
void *ctx )
{
char ibuf[64];
- struct berval iv, itmp;
+ struct berval itmp;
BerVarray keys;
+ ber_len_t vlen;
int i, rc;
+ unsigned maxstrlen = index_intlen_strlen + INDEX_INTLEN_CHOP-1;
- for( i=0; !BER_BVISNULL( &values[i] ); i++ ) {
- /* just count them */
+ /* count the values and find max needed length */
+ vlen = 0;
+ for( i = 0; !BER_BVISNULL( &values[i] ); i++ ) {
+ if ( vlen < values[i].bv_len )
+ vlen = values[i].bv_len;
}
+ if ( vlen > maxstrlen )
+ vlen = maxstrlen;
/* we should have at least one value at this point */
assert( i > 0 );
keys = slap_sl_malloc( sizeof( struct berval ) * (i+1), ctx );
for ( i = 0; !BER_BVISNULL( &values[i] ); i++ ) {
- keys[i].bv_len = index_intlen+1;
- keys[i].bv_val = slap_sl_malloc( index_intlen+1, ctx );
+ keys[i].bv_len = index_intlen;
+ keys[i].bv_val = slap_sl_malloc( index_intlen, ctx );
}
keys[i].bv_len = 0;
keys[i].bv_val = NULL;
- itmp.bv_val = ibuf;
+ if ( vlen > sizeof(ibuf) ) {
+ itmp.bv_val = slap_sl_malloc( vlen, ctx );
+ } else {
+ itmp.bv_val = ibuf;
+ }
itmp.bv_len = sizeof(ibuf);
for ( i=0; !BER_BVISNULL( &values[i] ); i++ ) {
- if ( values[i].bv_len > itmp.bv_len ) {
+ if ( itmp.bv_val != ibuf ) {
itmp.bv_len = values[i].bv_len;
- if ( itmp.bv_val == ibuf ) {
- itmp.bv_val = slap_sl_malloc( itmp.bv_len, ctx );
- } else {
- itmp.bv_val = slap_sl_realloc( itmp.bv_val, itmp.bv_len, ctx );
- }
+ if ( itmp.bv_len <= sizeof(ibuf) )
+ itmp.bv_len = sizeof(ibuf);
+ else if ( itmp.bv_len > maxstrlen )
+ itmp.bv_len = maxstrlen;
}
- iv = itmp;
- rc = integerVal2Key( &values[i], &keys[i], &iv );
+ rc = integerVal2Key( &values[i], &keys[i], &itmp, ctx );
if ( rc )
- goto leave;
+ goto func_leave;
}
*keysp = keys;
-leave:
+func_leave:
if ( itmp.bv_val != ibuf ) {
slap_sl_free( itmp.bv_val, ctx );
}
keys = slap_sl_malloc( sizeof( struct berval ) * 2, ctx );
- keys[0].bv_len = index_intlen + 1;
- keys[0].bv_val = slap_sl_malloc( index_intlen+1, ctx );
+ keys[0].bv_len = index_intlen;
+ keys[0].bv_val = slap_sl_malloc( index_intlen, ctx );
+ keys[1].bv_len = 0;
+ keys[1].bv_val = NULL;
- if ( value->bv_len > sizeof( ibuf )) {
- iv.bv_val = slap_sl_malloc( value->bv_len, ctx );
- iv.bv_len = value->bv_len;
+ iv.bv_len = value->bv_len < index_intlen_strlen + INDEX_INTLEN_CHOP-1
+ ? value->bv_len : index_intlen_strlen + INDEX_INTLEN_CHOP-1;
+ if ( iv.bv_len > (int) sizeof(ibuf) ) {
+ iv.bv_val = slap_sl_malloc( iv.bv_len, ctx );
} else {
iv.bv_val = ibuf;
iv.bv_len = sizeof(ibuf);
}
- rc = integerVal2Key( value, keys, &iv );
+ rc = integerVal2Key( value, keys, &iv, ctx );
if ( rc == 0 )
*keysp = keys;
} else {
/* Parse GSER format */
- int havesn=0,haveissuer=0;
+ int havesn = 0, haveissuer = 0, numdquotes = 0;
struct berval x = *in;
struct berval ni;
x.bv_val++;
STRLENOF("serialNumber")) == 0 )
{
/* parse serialNumber */
- int neg=0;
+ int neg = 0;
+ char first = '\0';
+ int extra = 0;
+
x.bv_val += STRLENOF("serialNumber");
x.bv_len -= STRLENOF("serialNumber");
}
if ( sn->bv_val[0] == '0' && ( sn->bv_val[1] == 'x' ||
- sn->bv_val[1] == 'X' )) {
+ sn->bv_val[1] == 'X' ))
+ {
is_hex = 1;
+ first = sn->bv_val[2];
+ extra = 2;
+
+ sn->bv_len += STRLENOF("0x");
for( ; sn->bv_len < x.bv_len; sn->bv_len++ ) {
if ( !ASCII_HEX( sn->bv_val[sn->bv_len] )) break;
}
+
} else if ( sn->bv_val[0] == '\'' ) {
+ first = sn->bv_val[1];
+ extra = 3;
+
+ sn->bv_len += STRLENOF("'");
+
for( ; sn->bv_len < x.bv_len; sn->bv_len++ ) {
if ( !ASCII_HEX( sn->bv_val[sn->bv_len] )) break;
}
if ( sn->bv_val[sn->bv_len] == '\'' &&
- sn->bv_val[sn->bv_len+1] == 'H' )
+ sn->bv_val[sn->bv_len + 1] == 'H' )
+ {
+ sn->bv_len += STRLENOF("'H");
is_hex = 1;
- else
+
+ } else {
return LDAP_INVALID_SYNTAX;
- sn->bv_len += 2;
+ }
+
} else {
+ first = sn->bv_val[0];
for( ; sn->bv_len < x.bv_len; sn->bv_len++ ) {
if ( !ASCII_DIGIT( sn->bv_val[sn->bv_len] )) break;
}
}
if (!( sn->bv_len > neg )) return LDAP_INVALID_SYNTAX;
- if (( sn->bv_len > 1+neg ) && ( sn->bv_val[neg] == '0' )) {
+ if (( sn->bv_len > extra+1+neg ) && ( first == '0' )) {
return LDAP_INVALID_SYNTAX;
}
}
if ( is->bv_val[is->bv_len+1] == '"' ) {
/* double dquote */
+ numdquotes++;
is->bv_len+=2;
continue;
}
/* should have no characters left... */
if( x.bv_len ) return LDAP_INVALID_SYNTAX;
- ber_dupbv_x( &ni, is, ctx );
- *is = ni;
+ if ( numdquotes == 0 ) {
+ ber_dupbv_x( &ni, is, ctx );
+ } else {
+ ber_int_t src, dst;
- /* need to handle double dquotes here */
+ ni.bv_len = is->bv_len - numdquotes;
+ ni.bv_val = ber_memalloc_x( ni.bv_len + 1, ctx );
+ for ( src = 0, dst = 0; src < is->bv_len; src++, dst++ ) {
+ if ( is->bv_val[src] == '"' ) {
+ src++;
+ }
+ ni.bv_val[dst] = is->bv_val[src];
+ }
+ ni.bv_val[dst] = '\0';
+ }
+
+ *is = ni;
}
+
return 0;
}
}
sn2.bv_val = stmp;
sn2.bv_len = sn.bv_len;
- if ( lutil_str2bin( &sn, &sn2 )) {
+ if ( lutil_str2bin( &sn, &sn2, ctx )) {
rc = LDAP_INVALID_SYNTAX;
- goto leave;
+ goto func_leave;
}
/* make room for sn + "$" */
out->bv_len = 0;
slap_sl_free( ni.bv_val, ctx );
rc = LDAP_OTHER;
- goto leave;
+ goto func_leave;
}
n = 0;
Debug( LDAP_DEBUG_TRACE, "<<< serialNumberAndIssuerNormalize: <%s>\n",
out->bv_val, 0, 0 );
-leave:
+func_leave:
if ( stmp != sbuf )
slap_sl_free( stmp, ctx );
slap_sl_free( ni.bv_val, ctx );
return hexValidate( NULL, &bv );
}
+/* Normalize a CSN in OpenLDAP 2.1 format */
+static int
+csnNormalize21(
+ slap_mask_t usage,
+ Syntax *syntax,
+ MatchingRule *mr,
+ struct berval *val,
+ struct berval *normalized,
+ void *ctx )
+{
+ struct berval gt, cnt, sid, mod;
+ struct berval bv;
+ char buf[ STRLENOF( "YYYYmmddHHMMSS.uuuuuuZ#SSSSSS#SID#ssssss" ) + 1 ];
+ char *ptr;
+ int i;
+
+ assert( SLAP_MR_IS_VALUE_OF_SYNTAX( usage ) != 0 );
+ assert( !BER_BVISEMPTY( val ) );
+
+ gt = *val;
+
+ ptr = ber_bvchr( >, '#' );
+ if ( ptr == NULL || ptr - gt.bv_val == gt.bv_len ) {
+ return LDAP_INVALID_SYNTAX;
+ }
+
+ gt.bv_len = ptr - gt.bv_val;
+ if ( gt.bv_len != STRLENOF( "YYYYmmddHH:MM:SSZ" ) ) {
+ return LDAP_INVALID_SYNTAX;
+ }
+
+ if ( gt.bv_val[ 10 ] != ':' || gt.bv_val[ 13 ] != ':' ) {
+ return LDAP_INVALID_SYNTAX;
+ }
+
+ cnt.bv_val = ptr + 1;
+ cnt.bv_len = val->bv_len - ( cnt.bv_val - val->bv_val );
+
+ ptr = ber_bvchr( &cnt, '#' );
+ if ( ptr == NULL || ptr - val->bv_val == val->bv_len ) {
+ return LDAP_INVALID_SYNTAX;
+ }
+
+ cnt.bv_len = ptr - cnt.bv_val;
+ if ( cnt.bv_len != STRLENOF( "0x0000" ) ) {
+ return LDAP_INVALID_SYNTAX;
+ }
+
+ if ( strncmp( cnt.bv_val, "0x", STRLENOF( "0x" ) ) != 0 ) {
+ return LDAP_INVALID_SYNTAX;
+ }
+
+ cnt.bv_val += STRLENOF( "0x" );
+ cnt.bv_len -= STRLENOF( "0x" );
+
+ sid.bv_val = ptr + 1;
+ sid.bv_len = val->bv_len - ( sid.bv_val - val->bv_val );
+
+ ptr = ber_bvchr( &sid, '#' );
+ if ( ptr == NULL || ptr - val->bv_val == val->bv_len ) {
+ return LDAP_INVALID_SYNTAX;
+ }
+
+ sid.bv_len = ptr - sid.bv_val;
+ if ( sid.bv_len != STRLENOF( "0" ) ) {
+ return LDAP_INVALID_SYNTAX;
+ }
+
+ mod.bv_val = ptr + 1;
+ mod.bv_len = val->bv_len - ( mod.bv_val - val->bv_val );
+ if ( mod.bv_len != STRLENOF( "0000" ) ) {
+ return LDAP_INVALID_SYNTAX;
+ }
+
+ bv.bv_len = STRLENOF( "YYYYmmddHHMMSS.uuuuuuZ#SSSSSS#SID#ssssss" );
+ bv.bv_val = buf;
+
+ ptr = bv.bv_val;
+ ptr = lutil_strncopy( ptr, gt.bv_val, STRLENOF( "YYYYmmddHH" ) );
+ ptr = lutil_strncopy( ptr, >.bv_val[ STRLENOF( "YYYYmmddHH:" ) ],
+ STRLENOF( "MM" ) );
+ ptr = lutil_strncopy( ptr, >.bv_val[ STRLENOF( "YYYYmmddHH:MM:" ) ],
+ STRLENOF( "SS" ) );
+ ptr = lutil_strcopy( ptr, ".000000Z#00" );
+ ptr = lutil_strncopy( ptr, cnt.bv_val, cnt.bv_len );
+ *ptr++ = '#';
+ *ptr++ = '0';
+ *ptr++ = '0';
+ *ptr++ = sid.bv_val[ 0 ];
+ *ptr++ = '#';
+ *ptr++ = '0';
+ *ptr++ = '0';
+ for ( i = 0; i < mod.bv_len; i++ ) {
+ *ptr++ = TOLOWER( mod.bv_val[ i ] );
+ }
+ *ptr = '\0';
+
+ assert( ptr - bv.bv_val == bv.bv_len );
+
+ if ( csnValidate( syntax, &bv ) != LDAP_SUCCESS ) {
+ return LDAP_INVALID_SYNTAX;
+ }
+
+ ber_dupbv_x( normalized, &bv, ctx );
+
+ return LDAP_SUCCESS;
+}
+
/* Normalize a CSN in OpenLDAP 2.3 format */
static int
csnNormalize23(
void *ctx )
{
struct berval gt, cnt, sid, mod;
+ struct berval bv;
+ char buf[ STRLENOF( "YYYYmmddHHMMSS.uuuuuuZ#SSSSSS#SID#ssssss" ) + 1 ];
char *ptr;
int i;
}
gt.bv_len = ptr - gt.bv_val;
- assert( gt.bv_len == STRLENOF( "YYYYmmddHHMMSSZ" ) );
+ if ( gt.bv_len != STRLENOF( "YYYYmmddHHMMSSZ" ) ) {
+ return LDAP_INVALID_SYNTAX;
+ }
cnt.bv_val = ptr + 1;
cnt.bv_len = val->bv_len - ( cnt.bv_val - val->bv_val );
}
cnt.bv_len = ptr - cnt.bv_val;
- assert( cnt.bv_len == STRLENOF( "000000" ) );
+ if ( cnt.bv_len != STRLENOF( "000000" ) ) {
+ return LDAP_INVALID_SYNTAX;
+ }
sid.bv_val = ptr + 1;
sid.bv_len = val->bv_len - ( sid.bv_val - val->bv_val );
}
sid.bv_len = ptr - sid.bv_val;
- assert( sid.bv_len == STRLENOF( "00" ) );
+ if ( sid.bv_len != STRLENOF( "00" ) ) {
+ return LDAP_INVALID_SYNTAX;
+ }
mod.bv_val = ptr + 1;
mod.bv_len = val->bv_len - ( mod.bv_val - val->bv_val );
- assert( mod.bv_len == STRLENOF( "000000" ) );
+ if ( mod.bv_len != STRLENOF( "000000" ) ) {
+ return LDAP_INVALID_SYNTAX;
+ }
- normalized->bv_len = STRLENOF( "YYYYmmddHHMMSS.uuuuuuZ#SSSSSS#SID#ssssss" );
- normalized->bv_val = ber_memalloc_x( normalized->bv_len + 1, ctx );
+ bv.bv_len = STRLENOF( "YYYYmmddHHMMSS.uuuuuuZ#SSSSSS#SID#ssssss" );
+ bv.bv_val = buf;
- ptr = normalized->bv_val;
+ ptr = bv.bv_val;
ptr = lutil_strncopy( ptr, gt.bv_val, gt.bv_len - 1 );
ptr = lutil_strcopy( ptr, ".000000Z#" );
ptr = lutil_strncopy( ptr, cnt.bv_val, cnt.bv_len );
}
*ptr = '\0';
- assert( ptr - normalized->bv_val == normalized->bv_len );
+ assert( ptr - bv.bv_val == bv.bv_len );
+ if ( csnValidate( syntax, &bv ) != LDAP_SUCCESS ) {
+ return LDAP_INVALID_SYNTAX;
+ }
+
+ ber_dupbv_x( normalized, &bv, ctx );
return LDAP_SUCCESS;
}
return csnNormalize23( usage, syntax, mr, val, normalized, ctx );
}
- assert( val->bv_len == STRLENOF( "YYYYmmddHHMMSS.uuuuuuZ#SSSSSS#SID#ssssss" ) );
+ if ( val->bv_len == STRLENOF( "YYYYmmddHH:MM:SSZ#0xSSSS#I#ssss" ) ) {
+ /* Openldap 2.1 */
+
+ return csnNormalize21( usage, syntax, mr, val, normalized, ctx );
+ }
+
+ if ( val->bv_len != STRLENOF( "YYYYmmddHHMMSS.uuuuuuZ#SSSSSS#SID#ssssss" ) ) {
+ return LDAP_INVALID_SYNTAX;
+ }
ptr = ber_bvchr( val, '#' );
if ( ptr == NULL || ptr - val->bv_val == val->bv_len ) {
return LDAP_INVALID_SYNTAX;
}
- assert( ptr - val->bv_val == STRLENOF( "YYYYmmddHHMMSS.uuuuuuZ" ) );
+ if ( ptr - val->bv_val != STRLENOF( "YYYYmmddHHMMSS.uuuuuuZ" ) ) {
+ return LDAP_INVALID_SYNTAX;
+ }
cnt.bv_val = ptr + 1;
cnt.bv_len = val->bv_len - ( cnt.bv_val - val->bv_val );
return LDAP_INVALID_SYNTAX;
}
- assert( ptr - cnt.bv_val == STRLENOF( "000000" ) );
+ if ( ptr - cnt.bv_val != STRLENOF( "000000" ) ) {
+ return LDAP_INVALID_SYNTAX;
+ }
sid.bv_val = ptr + 1;
sid.bv_len = val->bv_len - ( sid.bv_val - val->bv_val );
}
sid.bv_len = ptr - sid.bv_val;
- assert( sid.bv_len == STRLENOF( "000" ) );
+ if ( sid.bv_len != STRLENOF( "000" ) ) {
+ return LDAP_INVALID_SYNTAX;
+ }
mod.bv_val = ptr + 1;
mod.bv_len = val->bv_len - ( mod.bv_val - val->bv_val );
- assert( mod.bv_len == STRLENOF( "000000" ) );
+ if ( mod.bv_len != STRLENOF( "000000" ) ) {
+ return LDAP_INVALID_SYNTAX;
+ }
ber_dupbv_x( normalized, val, ctx );
if( val->bv_len < 3 ) return LDAP_INVALID_SYNTAX;
- if( val->bv_val[0] != '(' /*')'*/ &&
- val->bv_val[0] != '{' /*'}'*/ )
+ if( ! ( val->bv_val[0] == '(' /*')'*/
+ && val->bv_val[val->bv_len - 1] == /*'('*/ ')' )
+ && ! ( val->bv_val[0] == '{' /*'}'*/
+ && val->bv_val[val->bv_len - 1] == /*'('*/ '}' ) )
{
return LDAP_INVALID_SYNTAX;
}
/* grab next word */
comp.bv_val = &val->bv_val[len];
- len = val->bv_len - len;
+ len = val->bv_len - len - STRLENOF(/*"{"*/ "}");
for( comp.bv_len = 0;
!ASCII_SPACE(comp.bv_val[comp.bv_len]) && comp.bv_len < len;
comp.bv_len++ )
projects / openldap / blobdiff