X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=servers%2Fslapd%2Fschema_init.c;h=4c38db139b7a65a0b56e365e4cdeff4b3e575a54;hb=f33c7d1ee616fed606d163c9b4b3b60fd1852b84;hp=a80f99e3bca9ca08981fabfabd57a77f18e9a0e8;hpb=011eb3a27c0589428c700793157f5a748fb05655;p=openldap diff --git a/servers/slapd/schema_init.c b/servers/slapd/schema_init.c index a80f99e3bc..4c38db139b 100644 --- a/servers/slapd/schema_init.c +++ b/servers/slapd/schema_init.c @@ -2,7 +2,7 @@ /* $OpenLDAP$ */ /* This work is part of OpenLDAP Software . * - * Copyright 1998-2014 The OpenLDAP Foundation. + * Copyright 1998-2017 The OpenLDAP Foundation. * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -593,6 +593,28 @@ attributeCertificateValidate( Syntax *syntax, struct berval *in ) return LDAP_SUCCESS; } +/* accept an OpenSSL-compatible private key */ +static int +privateKeyValidate( + Syntax *syntax, + struct berval *val ) +{ + BerElementBuffer berbuf; + BerElement *ber = (BerElement *)&berbuf; + ber_tag_t tag; + ber_len_t len; + ber_int_t version; + + ber_init2( ber, val, LBER_USE_DER ); + tag = ber_skip_tag( ber, &len ); /* Sequence */ + if ( tag != LBER_SEQUENCE ) return LDAP_INVALID_SYNTAX; + tag = ber_peek_tag( ber, &len ); + if ( tag != LBER_INTEGER ) return LDAP_INVALID_SYNTAX; + tag = ber_get_int( ber, &version ); + /* the rest varies for RSA, DSA, EC, PKCS#8 */ + return LDAP_SUCCESS; +} + int octetStringMatch( int *matchp, @@ -1780,16 +1802,15 @@ UTF8StringValidate( Syntax *syntax, struct berval *in ) { - ber_len_t count; int len; - unsigned char *u = (unsigned char *)in->bv_val; + unsigned char *u = (unsigned char *)in->bv_val, *end = in->bv_val + in->bv_len; if( BER_BVISEMPTY( in ) && syntax == slap_schema.si_syn_directoryString ) { /* directory strings cannot be empty */ return LDAP_INVALID_SYNTAX; } - for( count = in->bv_len; count > 0; count -= len, u += len ) { + for( ; u < end; u += len ) { /* get the length indicated by the first byte */ len = LDAP_UTF8_CHARLEN2( u, len ); @@ -1827,7 +1848,7 @@ UTF8StringValidate( if( LDAP_UTF8_OFFSET( (char *)u ) != len ) return LDAP_INVALID_SYNTAX; } - if( count != 0 ) { + if( u > end ) { return LDAP_INVALID_SYNTAX; } @@ -2681,8 +2702,10 @@ integerIndexer( itmp.bv_len = maxstrlen; } rc = integerVal2Key( &values[i], &keys[i], &itmp, ctx ); - if ( rc ) + if ( rc ) { + slap_sl_free( keys, ctx ); goto func_leave; + } } *keysp = keys; func_leave: @@ -2729,12 +2752,16 @@ integerFilter( } rc = integerVal2Key( value, keys, &iv, ctx ); - if ( rc == 0 ) - *keysp = keys; if ( iv.bv_val != ibuf ) { slap_sl_free( iv.bv_val, ctx ); } + + if ( rc == 0 ) + *keysp = keys; + else + slap_sl_free( keys, ctx ); + return rc; } @@ -3310,6 +3337,7 @@ serialNumberAndIssuerCheck( } if ( is->bv_val[is->bv_len+1] == '"' ) { /* double dquote */ + numdquotes++; is->bv_len += 2; continue; } @@ -3887,6 +3915,7 @@ issuerAndThisUpdateCheck( } if ( is->bv_val[is->bv_len+1] == '"' ) { /* double dquote */ + numdquotes++; is->bv_len += 2; continue; } @@ -4429,6 +4458,7 @@ serialNumberAndIssuerSerialCheck( } if ( is->bv_val[is->bv_len + 1] == '"' ) { /* double dquote */ + numdquotes++; is->bv_len += 2; continue; } @@ -6356,6 +6386,9 @@ static slap_syntax_defs_rec syntax_defs[] = { {"( 1.3.6.1.4.1.4203.666.2.7 DESC 'OpenLDAP authz' )", SLAP_SYNTAX_HIDE, NULL, authzValidate, authzPretty}, + /* OpenSSL-compatible Private Keys for X.509 certificates */ + {"( 1.3.6.1.4.1.4203.666.2.13 DESC 'OpenLDAP privateKey' )", + SLAP_SYNTAX_BINARY|SLAP_SYNTAX_BER, NULL, privateKeyValidate, NULL}, {NULL, 0, NULL, NULL, NULL} }; @@ -6843,6 +6876,13 @@ static slap_mrule_defs_rec mrule_defs[] = { NULL, NULL, NULL}, + {"( 1.3.6.1.4.1.4203.666.4.13 NAME 'privateKeyMatch' " + "SYNTAX 1.3.6.1.4.1.4203.666.2.13 )", /* OpenLDAP privateKey */ + SLAP_MR_HIDE | SLAP_MR_EQUALITY, NULL, + NULL, NULL, octetStringMatch, + NULL, NULL, + NULL}, + {NULL, SLAP_MR_NONE, NULL, NULL, NULL, NULL, NULL, NULL, NULL }