X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=servers%2Fslapd%2Fschema_init.c;h=69c93f270d9306d9f68f9b55d49b2d4d2fa5c38b;hb=01c38dd6ea7f02cfdc9f77f9299771a4ef6ce968;hp=505a375c519f2c83cd83a11e45edad2d13c9681b;hpb=474dfbc8fd75aed0376695ccc2f8c092a7a1bc6f;p=openldap diff --git a/servers/slapd/schema_init.c b/servers/slapd/schema_init.c index 505a375c51..69c93f270d 100644 --- a/servers/slapd/schema_init.c +++ b/servers/slapd/schema_init.c @@ -2,7 +2,7 @@ /* $OpenLDAP$ */ /* This work is part of OpenLDAP Software . * - * Copyright 1998-2005 The OpenLDAP Foundation. + * Copyright 1998-2006 The OpenLDAP Foundation. * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -67,10 +67,8 @@ #define csnIndexer generalizedTimeIndexer #define csnFilter generalizedTimeFilter -#ifdef SLAP_AUTHZ_SYNTAX /* FIXME: temporary */ #define authzMatch octetStringMatch -#endif /* SLAP_AUTHZ_SYNTAX */ unsigned int index_substr_if_minlen = SLAP_INDEX_SUBSTR_IF_MINLEN_DEFAULT; unsigned int index_substr_if_maxlen = SLAP_INDEX_SUBSTR_IF_MAXLEN_DEFAULT; @@ -712,11 +710,14 @@ bitStringValidate( return LDAP_INVALID_SYNTAX; } - /* - * RFC 2252 section 6.3 Bit String - * bitstring = "'" *binary-digit "'B" - * binary-digit = "0" / "1" - * example: '0101111101'B + /* RFC 4517 Section 3.3.2 Bit String: + * BitString = SQUOTE *binary-digit SQUOTE "B" + * binary-digit = "0" / "1" + * + * where SQUOTE [RFC4512] is + * SQUOTE = %x27 ; single quote ("'") + * + * Example: '0101111101'B */ if( in->bv_val[0] != '\'' || @@ -736,39 +737,7 @@ bitStringValidate( } /* - * Syntax is [RFC2252]: - * - -6.3. Bit String - - ( 1.3.6.1.4.1.1466.115.121.1.6 DESC 'Bit String' ) - - Values in this syntax are encoded according to the following BNF: - - bitstring = "'" *binary-digit "'B" - - binary-digit = "0" / "1" - - ... - -6.21. Name And Optional UID - - ( 1.3.6.1.4.1.1466.115.121.1.34 DESC 'Name And Optional UID' ) - - Values in this syntax are encoded according to the following BNF: - - NameAndOptionalUID = DistinguishedName [ "#" bitstring ] - - Although the '#' character may occur in a string representation of a - distinguished name, no additional special quoting is done. This - syntax has been added subsequent to RFC 1778. - - Example: - - 1.3.6.1.4.1.1466.0=#04024869,O=Test,C=GB#'0101'B - - * - * draft-ietf-ldapbis-syntaxes-xx.txt says: + * Syntaxes from RFC 4517 * 3.3.2. Bit String @@ -826,7 +795,7 @@ bitStringValidate( [X.520]. * - * draft-ietf-ldapbis-models-xx.txt [MODELS] says: + * RFC 4512 says: * 1.4. Common ABNF Productions @@ -844,11 +813,11 @@ bitStringValidate( * * 1.3.6.1.4.1.1466.0=#04024869,o=test,c=gb#'101'B * - * Since draft-ietf-ldapbis-dn-xx.txt clarifies that SHARP, - * i.e. "#", doesn't have to be escaped except when at the - * beginning of a value, the definition of Name and Optional - * UID appears to be flawed, because there is no clear means - * to determine whether the UID part is present or not. + * RFC 4514 clarifies that SHARP, i.e. "#", doesn't have to + * be escaped except when at the beginning of a value, the + * definition of Name and Optional UID appears to be flawed, + * because there is no clear means to determine whether the + * UID part is present or not. * * Example: * @@ -1010,7 +979,7 @@ uniqueMemberNormalize( struct berval out; int rc; - assert( SLAP_MR_IS_VALUE_OF_SYNTAX( usage )); + assert( SLAP_MR_IS_VALUE_OF_SYNTAX( usage ) != 0 ); ber_dupbv_x( &out, val, ctx ); if ( BER_BVISEMPTY( &out ) ) { @@ -1294,7 +1263,7 @@ Summary: TelephoneNumber subset subset i + ignore all spaces and "-" - See draft-ietf-ldapbis-strpro for details (once published). + See RFC 4518 for details. Directory String - @@ -1423,7 +1392,7 @@ UTF8StringNormalize( int flags; int i, wasspace; - assert( SLAP_MR_IS_VALUE_OF_SYNTAX( use )); + assert( SLAP_MR_IS_VALUE_OF_SYNTAX( use ) != 0 ); if( BER_BVISNULL( val ) ) { /* assume we're dealing with a syntax (e.g., UTF8String) @@ -1854,7 +1823,7 @@ telephoneNumberNormalize( { char *p, *q; - assert( SLAP_MR_IS_VALUE_OF_SYNTAX( usage )); + assert( SLAP_MR_IS_VALUE_OF_SYNTAX( usage ) != 0 ); /* validator should have refused an empty string */ assert( !BER_BVISEMPTY( val ) ); @@ -2101,11 +2070,12 @@ IA5StringNormalize( void *ctx ) { char *p, *q; - int casefold = !SLAP_MR_ASSOCIATED(mr, slap_schema.si_mr_caseExactIA5Match); + int casefold = !SLAP_MR_ASSOCIATED( mr, + slap_schema.si_mr_caseExactIA5Match ); assert( !BER_BVISEMPTY( val ) ); - assert( SLAP_MR_IS_VALUE_OF_SYNTAX( use )); + assert( SLAP_MR_IS_VALUE_OF_SYNTAX( use ) != 0 ); p = val->bv_val; @@ -2188,6 +2158,56 @@ UUIDValidate( } static int +UUIDPretty( + Syntax *syntax, + struct berval *in, + struct berval *out, + void *ctx ) +{ + int i; + int rc=LDAP_INVALID_SYNTAX; + + assert( in != NULL ); + assert( out != NULL ); + + if( in->bv_len != 36 ) return LDAP_INVALID_SYNTAX; + + out->bv_len = 36; + out->bv_val = slap_sl_malloc( out->bv_len + 1, ctx ); + + for( i=0; i<36; i++ ) { + switch(i) { + case 8: + case 13: + case 18: + case 23: + if( in->bv_val[i] != '-' ) { + goto handle_error; + } + out->bv_val[i] = '-'; + break; + + default: + if( !ASCII_HEX( in->bv_val[i]) ) { + goto handle_error; + } + out->bv_val[i] = TOLOWER( in->bv_val[i] ); + } + } + + rc = LDAP_SUCCESS; + out->bv_val[ out->bv_len ] = '\0'; + + if( 0 ) { +handle_error: + slap_sl_free( out->bv_val, ctx ); + out->bv_val = NULL; + } + + return rc; +} + +int UUIDNormalize( slap_mask_t usage, Syntax *syntax, @@ -2304,16 +2324,11 @@ numericStringNormalize( * Integer conversion macros that will use the largest available * type. */ -#if defined(HAVE_STRTOLL) && defined(LLONG_MAX) \ - && defined(LLONG_MIN) && defined(HAVE_LONG_LONG) +#if defined(HAVE_STRTOLL) && defined(HAVE_LONG_LONG) # define SLAP_STRTOL(n,e,b) strtoll(n,e,b) -# define SLAP_LONG_MAX LLONG_MAX -# define SLAP_LONG_MIN LLONG_MIN # define SLAP_LONG long long #else # define SLAP_STRTOL(n,e,b) strtol(n,e,b) -# define SLAP_LONG_MAX LONG_MAX -# define SLAP_LONG_MIN LONG_MIN # define SLAP_LONG long #endif /* HAVE_STRTOLL ... */ @@ -2328,18 +2343,17 @@ integerBitAndMatch( { SLAP_LONG lValue, lAssertedValue; + errno = 0; /* safe to assume integers are NUL terminated? */ lValue = SLAP_STRTOL(value->bv_val, NULL, 10); - if(( lValue == SLAP_LONG_MIN || lValue == SLAP_LONG_MAX) && - errno == ERANGE ) + if( errno == ERANGE ) { return LDAP_CONSTRAINT_VIOLATION; } lAssertedValue = SLAP_STRTOL(((struct berval *)assertedValue)->bv_val, NULL, 10); - if(( lAssertedValue == SLAP_LONG_MIN || lAssertedValue == SLAP_LONG_MAX ) && - errno == ERANGE ) + if( errno == ERANGE ) { return LDAP_CONSTRAINT_VIOLATION; } @@ -2359,18 +2373,17 @@ integerBitOrMatch( { SLAP_LONG lValue, lAssertedValue; + errno = 0; /* safe to assume integers are NUL terminated? */ lValue = SLAP_STRTOL(value->bv_val, NULL, 10); - if(( lValue == SLAP_LONG_MIN || lValue == SLAP_LONG_MAX ) && - errno == ERANGE ) + if( errno == ERANGE ) { return LDAP_CONSTRAINT_VIOLATION; } lAssertedValue = SLAP_STRTOL( ((struct berval *)assertedValue)->bv_val, NULL, 10); - if(( lAssertedValue == SLAP_LONG_MIN || lAssertedValue == SLAP_LONG_MAX ) && - errno == ERANGE ) + if( errno == ERANGE ) { return LDAP_CONSTRAINT_VIOLATION; } @@ -2387,94 +2400,522 @@ serialNumberAndIssuerValidate( int rc; ber_len_t n; struct berval sn, i; + + Debug( LDAP_DEBUG_TRACE, ">>> serialNumberAndIssuerValidate: <%s>\n", + in->bv_val, 0, 0 ); + if( in->bv_len < 3 ) return LDAP_INVALID_SYNTAX; - i.bv_val = ber_bvchr( in, '$' ); - if( BER_BVISNULL( &i ) ) return LDAP_INVALID_SYNTAX; + if( in->bv_val[0] != '{' && in->bv_val[in->bv_len-1] != '}' ) { + /* Parse old format */ + i.bv_val = ber_bvchr( in, '$' ); + if( BER_BVISNULL( &i ) ) return LDAP_INVALID_SYNTAX; + + sn.bv_val = in->bv_val; + sn.bv_len = i.bv_val - in->bv_val; + + i.bv_val++; + i.bv_len = in->bv_len - (sn.bv_len + 1); - sn.bv_val = in->bv_val; - sn.bv_len = i.bv_val - in->bv_val; + /* eat leading zeros */ + for( n=0; n < (sn.bv_len-1); n++ ) { + if( sn.bv_val[n] != '0' ) break; + } + sn.bv_val += n; + sn.bv_len -= n; + + for( n=0; n < sn.bv_len; n++ ) { + if( !ASCII_DIGIT(sn.bv_val[n]) ) return LDAP_INVALID_SYNTAX; + } - i.bv_val++; - i.bv_len = in->bv_len - (sn.bv_len + 1); + } else { + /* Parse GSER format */ + int havesn=0,haveissuer=0; + struct berval x = *in; + x.bv_val++; + x.bv_len-=2; + + /* eat leading spaces */ + for( ; (x.bv_val[0] == ' ') && x.bv_len; x.bv_val++, x.bv_len--) { + /* empty */; + } - /* validate serial number (strict for now) */ - for( n=0; n < sn.bv_len; n++ ) { - if( !ASCII_DIGIT(sn.bv_val[n]) ) return LDAP_INVALID_SYNTAX; + if ( x.bv_len < STRLENOF("serialNumber 0,issuer \"\"")) { + return LDAP_INVALID_SYNTAX; + } + + /* should be at issuer or serialNumber NamedValue */ + if( strncasecmp( x.bv_val, "issuer", STRLENOF("issuer")) == 0 ) { + /* parse issuer */ + x.bv_val += STRLENOF("issuer"); + x.bv_len -= STRLENOF("issuer"); + + if( x.bv_val[0] != ' ' ) return LDAP_INVALID_SYNTAX; + x.bv_val++; x.bv_len--; + + /* eat leading spaces */ + for( ; (x.bv_val[0] == ' ') && x.bv_len; x.bv_val++, x.bv_len--) { + /* empty */; + } + + if( x.bv_val[0] != '"' ) return LDAP_INVALID_SYNTAX; + x.bv_val++; x.bv_len--; + + i.bv_val = x.bv_val; + i.bv_len = 0; + + for( ; i.bv_len < x.bv_len; ) { + if ( i.bv_val[i.bv_len] != '"' ) { + i.bv_len++; + continue; + } + if ( i.bv_val[i.bv_len+1] == '"' ) { + /* double dquote */ + i.bv_len+=2; + continue; + } + break; + } + x.bv_val += i.bv_len+1; + x.bv_len -= i.bv_len+1; + + if ( x.bv_len < STRLENOF(",serialNumber 0")) { + return LDAP_INVALID_SYNTAX; + } + + haveissuer++; + + } else if( strncasecmp( x.bv_val, "serialNumber", + STRLENOF("serialNumber")) == 0 ) + { + /* parse serialNumber */ + int neg=0; + x.bv_val += STRLENOF("serialNumber"); + x.bv_len -= STRLENOF("serialNumber"); + + if( x.bv_val[0] != ' ' ) return LDAP_INVALID_SYNTAX; + x.bv_val++; x.bv_len--; + + /* eat leading spaces */ + for( ; (x.bv_val[0] == ' ') && x.bv_len; x.bv_val++, x.bv_len--) { + /* empty */; + } + + sn.bv_val = x.bv_val; + sn.bv_len = 0; + + if( sn.bv_val[0] == '-' ) { + neg++; + sn.bv_len++; + } + + for( ; sn.bv_len < x.bv_len; sn.bv_len++ ) { + if ( !ASCII_DIGIT( sn.bv_val[sn.bv_len] )) break; + } + + if (!( sn.bv_len > neg )) return LDAP_INVALID_SYNTAX; + if (( sn.bv_len > 1+neg ) && ( sn.bv_val[neg] == '0' )) { + return LDAP_INVALID_SYNTAX; + } + + x.bv_val += sn.bv_len; x.bv_len -= sn.bv_len; + + if ( x.bv_len < STRLENOF( ",issuer \"\"" )) { + return LDAP_INVALID_SYNTAX; + } + + havesn++; + + } else return LDAP_INVALID_SYNTAX; + + if( x.bv_val[0] != ',' ) return LDAP_INVALID_SYNTAX; + x.bv_val++; x.bv_len--; + + /* eat spaces */ + for( ; (x.bv_val[0] == ' ') && x.bv_len; x.bv_val++, x.bv_len--) { + /* empty */; + } + + /* should be at remaining NamedValue */ + if( !haveissuer && (strncasecmp( x.bv_val, "issuer", + STRLENOF("issuer" )) == 0 )) + { + /* parse issuer */ + x.bv_val += STRLENOF("issuer"); + x.bv_len -= STRLENOF("issuer"); + + if( x.bv_val[0] != ' ' ) return LDAP_INVALID_SYNTAX; + x.bv_val++; x.bv_len--; + + /* eat leading spaces */ + for( ; (x.bv_val[0] == ' ') && x.bv_len; x.bv_val++, x.bv_len--) { + /* empty */; + } + + if( x.bv_val[0] != '"' ) return LDAP_INVALID_SYNTAX; + x.bv_val++; x.bv_len--; + + i.bv_val = x.bv_val; + i.bv_len = 0; + + for( ; i.bv_len < x.bv_len; ) { + if ( i.bv_val[i.bv_len] != '"' ) { + i.bv_len++; + continue; + } + if ( i.bv_val[i.bv_len+1] == '"' ) { + /* double dquote */ + i.bv_len+=2; + continue; + } + break; + } + x.bv_val += i.bv_len+1; + x.bv_len -= i.bv_len+1; + + } else if( !havesn && (strncasecmp( x.bv_val, "serialNumber", + STRLENOF("serialNumber")) == 0 )) + { + /* parse serialNumber */ + int neg=0; + x.bv_val += STRLENOF("serialNumber"); + x.bv_len -= STRLENOF("serialNumber"); + + if( x.bv_val[0] != ' ' ) return LDAP_INVALID_SYNTAX; + x.bv_val++; x.bv_len--; + + /* eat leading spaces */ + for( ; (x.bv_val[0] == ' ') && x.bv_len ; x.bv_val++, x.bv_len--) { + /* empty */; + } + + if( x.bv_val[0] != ' ' ) return LDAP_INVALID_SYNTAX; + x.bv_val++; x.bv_len--; + + sn.bv_val = x.bv_val; + sn.bv_len = 0; + + if( sn.bv_val[0] == '-' ) { + neg++; + sn.bv_len++; + } + + for( ; sn.bv_len < x.bv_len; sn.bv_len++ ) { + if ( !ASCII_DIGIT( sn.bv_val[sn.bv_len] )) break; + } + + if (!( sn.bv_len > neg )) return LDAP_INVALID_SYNTAX; + if (( sn.bv_len > 1+neg ) && ( sn.bv_val[neg] == '0' )) { + return LDAP_INVALID_SYNTAX; + } + + x.bv_val += sn.bv_len; + x.bv_len -= sn.bv_len; + + } else return LDAP_INVALID_SYNTAX; + + /* eat trailing spaces */ + for( ; (x.bv_val[0] == ' ') && x.bv_len; x.bv_val++, x.bv_len--) { + /* empty */; + } + + /* should have no characters left... */ + if( x.bv_len ) return LDAP_INVALID_SYNTAX; } - /* validate DN */ + /* validate DN -- doesn't handle double dquote */ rc = dnValidate( NULL, &i ); if( rc ) return LDAP_INVALID_SYNTAX; + Debug( LDAP_DEBUG_TRACE, "<<< serialNumberAndIssuerValidate: OKAY\n", + in->bv_val, 0, 0 ); return LDAP_SUCCESS; } int serialNumberAndIssuerPretty( Syntax *syntax, - struct berval *val, + struct berval *in, struct berval *out, void *ctx ) { int rc; ber_len_t n; - struct berval sn, i, newi; + struct berval sn, i, ni; - assert( val != NULL ); + assert( in != NULL ); assert( out != NULL ); Debug( LDAP_DEBUG_TRACE, ">>> serialNumberAndIssuerPretty: <%s>\n", - val->bv_val, 0, 0 ); + in->bv_val, 0, 0 ); - if( val->bv_len < 3 ) return LDAP_INVALID_SYNTAX; + if( in->bv_len < 3 ) return LDAP_INVALID_SYNTAX; + + if( in->bv_val[0] != '{' && in->bv_val[in->bv_len-1] != '}' ) { + /* Parse old format */ + i.bv_val = ber_bvchr( in, '$' ); + if( BER_BVISNULL( &i ) ) return LDAP_INVALID_SYNTAX; + + sn.bv_val = in->bv_val; + sn.bv_len = i.bv_val - in->bv_val; + + i.bv_val++; + i.bv_len = in->bv_len - (sn.bv_len + 1); + + /* eat leading zeros */ + for( n=0; n < (sn.bv_len-1); n++ ) { + if( sn.bv_val[n] != '0' ) break; + } + sn.bv_val += n; + sn.bv_len -= n; + + for( n=0; n < sn.bv_len; n++ ) { + if( !ASCII_DIGIT(sn.bv_val[n]) ) return LDAP_INVALID_SYNTAX; + } + + } else { + /* Parse GSER format */ + int havesn=0,haveissuer=0; + struct berval x = *in; + x.bv_val++; + x.bv_len-=2; + + /* eat leading spaces */ + for( ; (x.bv_val[0] == ' ') && x.bv_len; x.bv_val++, x.bv_len--) { + /* empty */; + } + + if ( x.bv_len < STRLENOF("serialNumber 0,issuer \"\"")) { + return LDAP_INVALID_SYNTAX; + } + + /* should be at issuer or serialNumber NamedValue */ + if( strncasecmp( x.bv_val, "issuer", STRLENOF("issuer")) == 0 ) { + /* parse issuer */ + x.bv_val += STRLENOF("issuer"); + x.bv_len -= STRLENOF("issuer"); + + if( x.bv_val[0] != ' ' ) return LDAP_INVALID_SYNTAX; + x.bv_val++; x.bv_len--; + + /* eat leading spaces */ + for( ; (x.bv_val[0] == ' ') && x.bv_len; x.bv_val++, x.bv_len--) { + /* empty */; + } + + if( x.bv_val[0] != '"' ) return LDAP_INVALID_SYNTAX; + x.bv_val++; x.bv_len--; + + i.bv_val = x.bv_val; + i.bv_len = 0; + + for( ; i.bv_len < x.bv_len; ) { + if ( i.bv_val[i.bv_len] != '"' ) { + i.bv_len++; + continue; + } + if ( i.bv_val[i.bv_len+1] == '"' ) { + /* double dquote */ + i.bv_len+=2; + continue; + } + break; + } + x.bv_val += i.bv_len+1; + x.bv_len -= i.bv_len+1; + + if ( x.bv_len < STRLENOF(",serialNumber 0")) { + return LDAP_INVALID_SYNTAX; + } + + haveissuer++; + + } else if( strncasecmp( x.bv_val, "serialNumber", + STRLENOF("serialNumber")) == 0 ) + { + /* parse serialNumber */ + int neg=0; + x.bv_val += STRLENOF("serialNumber"); + x.bv_len -= STRLENOF("serialNumber"); + + if( x.bv_val[0] != ' ' ) return LDAP_INVALID_SYNTAX; + x.bv_val++; x.bv_len--; + + /* eat leading spaces */ + for( ; (x.bv_val[0] == ' ') && x.bv_len; x.bv_val++, x.bv_len--) { + /* empty */; + } + + sn.bv_val = x.bv_val; + sn.bv_len = 0; + + if( sn.bv_val[0] == '-' ) { + neg++; + sn.bv_len++; + } + + for( ; sn.bv_len < x.bv_len; sn.bv_len++ ) { + if ( !ASCII_DIGIT( sn.bv_val[sn.bv_len] )) break; + } + + if (!( sn.bv_len > neg )) return LDAP_INVALID_SYNTAX; + if (( sn.bv_len > 1+neg ) && ( sn.bv_val[neg] == '0' )) { + return LDAP_INVALID_SYNTAX; + } + + x.bv_val += sn.bv_len; x.bv_len -= sn.bv_len; + + if ( x.bv_len < STRLENOF( ",issuer \"\"" )) { + return LDAP_INVALID_SYNTAX; + } + + havesn++; + + } else return LDAP_INVALID_SYNTAX; + + if( x.bv_val[0] != ',' ) return LDAP_INVALID_SYNTAX; + x.bv_val++; x.bv_len--; + + /* eat spaces */ + for( ; (x.bv_val[0] == ' ') && x.bv_len; x.bv_val++, x.bv_len--) { + /* empty */; + } + + /* should be at remaining NamedValue */ + if( !haveissuer && (strncasecmp( x.bv_val, "issuer", + STRLENOF("issuer" )) == 0 )) + { + /* parse issuer */ + x.bv_val += STRLENOF("issuer"); + x.bv_len -= STRLENOF("issuer"); + + if( x.bv_val[0] != ' ' ) return LDAP_INVALID_SYNTAX; + x.bv_val++; x.bv_len--; + + /* eat leading spaces */ + for( ; (x.bv_val[0] == ' ') && x.bv_len; x.bv_val++, x.bv_len--) { + /* empty */; + } + + if( x.bv_val[0] != '"' ) return LDAP_INVALID_SYNTAX; + x.bv_val++; x.bv_len--; + + i.bv_val = x.bv_val; + i.bv_len = 0; + + for( ; i.bv_len < x.bv_len; ) { + if ( i.bv_val[i.bv_len] != '"' ) { + i.bv_len++; + continue; + } + if ( i.bv_val[i.bv_len+1] == '"' ) { + /* double dquote */ + i.bv_len+=2; + continue; + } + break; + } + x.bv_val += i.bv_len+1; + x.bv_len -= i.bv_len+1; + + } else if( !havesn && (strncasecmp( x.bv_val, "serialNumber", + STRLENOF("serialNumber")) == 0 )) + { + /* parse serialNumber */ + int neg=0; + x.bv_val += STRLENOF("serialNumber"); + x.bv_len -= STRLENOF("serialNumber"); - i.bv_val = ber_bvchr( val, '$' ); - if( BER_BVISNULL( &i ) ) return LDAP_INVALID_SYNTAX; + if( x.bv_val[0] != ' ' ) return LDAP_INVALID_SYNTAX; + x.bv_val++; x.bv_len--; - sn.bv_val = val->bv_val; - sn.bv_len = i.bv_val - val->bv_val; + /* eat leading spaces */ + for( ; (x.bv_val[0] == ' ') && x.bv_len ; x.bv_val++, x.bv_len--) { + /* empty */; + } + + sn.bv_val = x.bv_val; + sn.bv_len = 0; + + if( sn.bv_val[0] == '-' ) { + neg++; + sn.bv_len++; + } - i.bv_val++; - i.bv_len = val->bv_len - (sn.bv_len + 1); + for( ; sn.bv_len < x.bv_len; sn.bv_len++ ) { + if ( !ASCII_DIGIT( sn.bv_val[sn.bv_len] )) break; + } - /* eat leading zeros */ - for( n=0; n < (sn.bv_len-1); n++ ) { - if( sn.bv_val[n] != '0' ) break; + if (!( sn.bv_len > neg )) return LDAP_INVALID_SYNTAX; + if (( sn.bv_len > 1+neg ) && ( sn.bv_val[neg] == '0' )) { + return LDAP_INVALID_SYNTAX; + } + + x.bv_val += sn.bv_len; + x.bv_len -= sn.bv_len; + + } else return LDAP_INVALID_SYNTAX; + + /* eat trailing spaces */ + for( ; (x.bv_val[0] == ' ') && x.bv_len; x.bv_val++, x.bv_len--) { + /* empty */; + } + + /* should have no characters left... */ + if( x.bv_len ) return LDAP_INVALID_SYNTAX; + + ber_dupbv_x( &ni, &i, ctx ); + i = ni; + + /* need to handle double dquotes here */ } - sn.bv_val += n; - sn.bv_len -= n; - for( n=0; n < sn.bv_len; n++ ) { - if( !ASCII_DIGIT(sn.bv_val[n]) ) return LDAP_INVALID_SYNTAX; + rc = dnPretty( syntax, &i, &ni, ctx ); + + if( in->bv_val[0] == '{' && in->bv_val[in->bv_len-1] == '}' ) { + slap_sl_free( i.bv_val, ctx ); } - /* pretty DN */ - rc = dnPretty( syntax, &i, &newi, ctx ); if( rc ) return LDAP_INVALID_SYNTAX; /* make room from sn + "$" */ - out->bv_len = sn.bv_len + newi.bv_len + 1; - out->bv_val = slap_sl_realloc( newi.bv_val, out->bv_len + 1, ctx ); + out->bv_len = STRLENOF("{ serialNumber , issuer \"\" }") + + sn.bv_len + ni.bv_len; + out->bv_val = slap_sl_malloc( out->bv_len + 1, ctx ); if( out->bv_val == NULL ) { out->bv_len = 0; - slap_sl_free( newi.bv_val, ctx ); + slap_sl_free( ni.bv_val, ctx ); return LDAP_OTHER; } - /* push issuer over */ - AC_MEMCPY( &out->bv_val[sn.bv_len+1], out->bv_val, newi.bv_len ); - /* insert sn and "$" */ - AC_MEMCPY( out->bv_val, sn.bv_val, sn.bv_len ); - out->bv_val[sn.bv_len] = '$'; - /* terminate */ - out->bv_val[out->bv_len] = '\0'; + n = 0; + AC_MEMCPY( &out->bv_val[n], "{ serialNumber ", + STRLENOF("{ serialNumber ")); + n = STRLENOF("{ serialNumber "); + + AC_MEMCPY( &out->bv_val[n], sn.bv_val, sn.bv_len ); + n += sn.bv_len; + + AC_MEMCPY( &out->bv_val[n], ", issuer \"", STRLENOF(", issuer \"")); + n += STRLENOF(", issuer \""); + + AC_MEMCPY( &out->bv_val[n], ni.bv_val, ni.bv_len ); + n += ni.bv_len; + + AC_MEMCPY( &out->bv_val[n], "\" }", STRLENOF("\" }")); + n += STRLENOF("\" }"); + + out->bv_val[n] = '\0'; + + assert( n == out->bv_len ); Debug( LDAP_DEBUG_TRACE, "<<< serialNumberAndIssuerPretty: <%s>\n", out->bv_val, 0, 0 ); - return LDAP_SUCCESS; + slap_sl_free( ni.bv_val, ctx ); + + return LDAP_SUCCESS; } /* @@ -2488,70 +2929,287 @@ serialNumberAndIssuerNormalize( slap_mask_t usage, Syntax *syntax, MatchingRule *mr, - struct berval *val, + struct berval *in, struct berval *out, void *ctx ) { int rc; ber_len_t n; - struct berval sn, i, newi; + struct berval sn, i, ni; - assert( val != NULL ); + assert( in != NULL ); assert( out != NULL ); Debug( LDAP_DEBUG_TRACE, ">>> serialNumberAndIssuerNormalize: <%s>\n", - val->bv_val, 0, 0 ); + in->bv_val, 0, 0 ); - if( val->bv_len < 3 ) return LDAP_INVALID_SYNTAX; + if( in->bv_len < 3 ) return LDAP_INVALID_SYNTAX; - i.bv_val = ber_bvchr( val, '$' ); - if( BER_BVISNULL( &i ) ) return LDAP_INVALID_SYNTAX; + if( in->bv_val[0] != '{' && in->bv_val[in->bv_len-1] != '}' ) { + /* Parse old format */ + i.bv_val = ber_bvchr( in, '$' ); + if( BER_BVISNULL( &i ) ) return LDAP_INVALID_SYNTAX; - sn.bv_val = val->bv_val; - sn.bv_len = i.bv_val - val->bv_val; + sn.bv_val = in->bv_val; + sn.bv_len = i.bv_val - in->bv_val; - i.bv_val++; - i.bv_len = val->bv_len - (sn.bv_len + 1); + i.bv_val++; + i.bv_len = in->bv_len - (sn.bv_len + 1); - /* eat leading zeros */ - for( n=0; n < (sn.bv_len-1); n++ ) { - if( sn.bv_val[n] != '0' ) break; - } - sn.bv_val += n; - sn.bv_len -= n; + /* eat leading zeros */ + for( n=0; n < (sn.bv_len-1); n++ ) { + if( sn.bv_val[n] != '0' ) break; + } + sn.bv_val += n; + sn.bv_len -= n; + + for( n=0; n < sn.bv_len; n++ ) { + if( !ASCII_DIGIT(sn.bv_val[n]) ) return LDAP_INVALID_SYNTAX; + } - for( n=0; n < sn.bv_len; n++ ) { - if( !ASCII_DIGIT(sn.bv_val[n]) ) { + } else { + /* Parse GSER format */ + int havesn=0,haveissuer=0; + struct berval x = *in; + x.bv_val++; + x.bv_len-=2; + + /* eat leading spaces */ + for( ; (x.bv_val[0] == ' ') && x.bv_len; x.bv_val++, x.bv_len--) { + /* empty */; + } + + if ( x.bv_len < STRLENOF("serialNumber 0,issuer \"\"")) { return LDAP_INVALID_SYNTAX; } + + /* should be at issuer or serialNumber NamedValue */ + if( strncasecmp( x.bv_val, "issuer", STRLENOF("issuer")) == 0 ) { + /* parse issuer */ + x.bv_val += STRLENOF("issuer"); + x.bv_len -= STRLENOF("issuer"); + + if( x.bv_val[0] != ' ' ) return LDAP_INVALID_SYNTAX; + x.bv_val++; x.bv_len--; + + /* eat leading spaces */ + for( ; (x.bv_val[0] == ' ') && x.bv_len; x.bv_val++, x.bv_len--) { + /* empty */; + } + + if( x.bv_val[0] != '"' ) return LDAP_INVALID_SYNTAX; + x.bv_val++; x.bv_len--; + + i.bv_val = x.bv_val; + i.bv_len = 0; + + for( ; i.bv_len < x.bv_len; ) { + if ( i.bv_val[i.bv_len] != '"' ) { + i.bv_len++; + continue; + } + if ( i.bv_val[i.bv_len+1] == '"' ) { + /* double dquote */ + i.bv_len+=2; + continue; + } + break; + } + x.bv_val += i.bv_len+1; + x.bv_len -= i.bv_len+1; + + if ( x.bv_len < STRLENOF(",serialNumber 0")) { + return LDAP_INVALID_SYNTAX; + } + + haveissuer++; + + } else if( strncasecmp( x.bv_val, "serialNumber", + STRLENOF("serialNumber")) == 0 ) + { + /* parse serialNumber */ + int neg=0; + x.bv_val += STRLENOF("serialNumber"); + x.bv_len -= STRLENOF("serialNumber"); + + if( x.bv_val[0] != ' ' ) return LDAP_INVALID_SYNTAX; + x.bv_val++; x.bv_len--; + + /* eat leading spaces */ + for( ; (x.bv_val[0] == ' ') && x.bv_len; x.bv_val++, x.bv_len--) { + /* empty */; + } + + sn.bv_val = x.bv_val; + sn.bv_len = 0; + + if( sn.bv_val[0] == '-' ) { + neg++; + sn.bv_len++; + } + + for( ; sn.bv_len < x.bv_len; sn.bv_len++ ) { + if ( !ASCII_DIGIT( sn.bv_val[sn.bv_len] )) break; + } + + if (!( sn.bv_len > neg )) return LDAP_INVALID_SYNTAX; + if (( sn.bv_len > 1+neg ) && ( sn.bv_val[neg] == '0' )) { + return LDAP_INVALID_SYNTAX; + } + + x.bv_val += sn.bv_len; x.bv_len -= sn.bv_len; + + if ( x.bv_len < STRLENOF( ",issuer \"\"" )) { + return LDAP_INVALID_SYNTAX; + } + + havesn++; + + } else return LDAP_INVALID_SYNTAX; + + if( x.bv_val[0] != ',' ) return LDAP_INVALID_SYNTAX; + x.bv_val++; x.bv_len--; + + /* eat spaces */ + for( ; (x.bv_val[0] == ' ') && x.bv_len; x.bv_val++, x.bv_len--) { + /* empty */; + } + + /* should be at remaining NamedValue */ + if( !haveissuer && (strncasecmp( x.bv_val, "issuer", + STRLENOF("issuer" )) == 0 )) + { + /* parse issuer */ + x.bv_val += STRLENOF("issuer"); + x.bv_len -= STRLENOF("issuer"); + + if( x.bv_val[0] != ' ' ) return LDAP_INVALID_SYNTAX; + x.bv_val++; x.bv_len--; + + /* eat leading spaces */ + for( ; (x.bv_val[0] == ' ') && x.bv_len; x.bv_val++, x.bv_len--) { + /* empty */; + } + + if( x.bv_val[0] != '"' ) return LDAP_INVALID_SYNTAX; + x.bv_val++; x.bv_len--; + + i.bv_val = x.bv_val; + i.bv_len = 0; + + for( ; i.bv_len < x.bv_len; ) { + if ( i.bv_val[i.bv_len] != '"' ) { + i.bv_len++; + continue; + } + if ( i.bv_val[i.bv_len+1] == '"' ) { + /* double dquote */ + i.bv_len+=2; + continue; + } + break; + } + x.bv_val += i.bv_len+1; + x.bv_len -= i.bv_len+1; + + } else if( !havesn && (strncasecmp( x.bv_val, "serialNumber", + STRLENOF("serialNumber")) == 0 )) + { + /* parse serialNumber */ + int neg=0; + x.bv_val += STRLENOF("serialNumber"); + x.bv_len -= STRLENOF("serialNumber"); + + if( x.bv_val[0] != ' ' ) return LDAP_INVALID_SYNTAX; + x.bv_val++; x.bv_len--; + + /* eat leading spaces */ + for( ; (x.bv_val[0] == ' ') && x.bv_len ; x.bv_val++, x.bv_len--) { + /* empty */; + } + + sn.bv_val = x.bv_val; + sn.bv_len = 0; + + if( sn.bv_val[0] == '-' ) { + neg++; + sn.bv_len++; + } + + for( ; sn.bv_len < x.bv_len; sn.bv_len++ ) { + if ( !ASCII_DIGIT( sn.bv_val[sn.bv_len] )) break; + } + + if (!( sn.bv_len > neg )) return LDAP_INVALID_SYNTAX; + if (( sn.bv_len > 1+neg ) && ( sn.bv_val[neg] == '0' )) { + return LDAP_INVALID_SYNTAX; + } + + x.bv_val += sn.bv_len; + x.bv_len -= sn.bv_len; + + } else return LDAP_INVALID_SYNTAX; + + /* eat trailing spaces */ + for( ; (x.bv_val[0] == ' ') && x.bv_len; x.bv_val++, x.bv_len--) { + /* empty */; + } + + /* should have no characters left... */ + if( x.bv_len ) return LDAP_INVALID_SYNTAX; + + ber_dupbv_x( &ni, &i, ctx ); + i = ni; + + /* need to handle double dquotes here */ + } + + rc = dnNormalize( usage, syntax, mr, &i, &ni, ctx ); + + if( in->bv_val[0] == '{' && in->bv_val[in->bv_len-1] == '}' ) { + slap_sl_free( i.bv_val, ctx ); } - /* pretty DN */ - rc = dnNormalize( usage, syntax, mr, &i, &newi, ctx ); if( rc ) return LDAP_INVALID_SYNTAX; /* make room from sn + "$" */ - out->bv_len = sn.bv_len + newi.bv_len + 1; - out->bv_val = slap_sl_realloc( newi.bv_val, out->bv_len + 1, ctx ); + out->bv_len = STRLENOF( "{ serialNumber , issuer \"\" }" ) + + sn.bv_len + ni.bv_len; + out->bv_val = slap_sl_malloc( out->bv_len + 1, ctx ); if( out->bv_val == NULL ) { out->bv_len = 0; - slap_sl_free( newi.bv_val, ctx ); + slap_sl_free( ni.bv_val, ctx ); return LDAP_OTHER; } - /* push issuer over */ - AC_MEMCPY( &out->bv_val[sn.bv_len+1], out->bv_val, newi.bv_len ); - /* insert sn and "$" */ - AC_MEMCPY( out->bv_val, sn.bv_val, sn.bv_len ); - out->bv_val[sn.bv_len] = '$'; - /* terminate */ - out->bv_val[out->bv_len] = '\0'; + n = 0; + AC_MEMCPY( &out->bv_val[n], "{ serialNumber ", + STRLENOF( "{ serialNumber " )); + n = STRLENOF( "{ serialNumber " ); + + AC_MEMCPY( &out->bv_val[n], sn.bv_val, sn.bv_len ); + n += sn.bv_len; + + AC_MEMCPY( &out->bv_val[n], ", issuer \"", STRLENOF( ", issuer \"" )); + n += STRLENOF( ", issuer \"" ); + + AC_MEMCPY( &out->bv_val[n], ni.bv_val, ni.bv_len ); + n += ni.bv_len; + + AC_MEMCPY( &out->bv_val[n], "\" }", STRLENOF( "\" }" )); + n += STRLENOF( "\" }" ); + + out->bv_val[n] = '\0'; + + assert( n == out->bv_len ); Debug( LDAP_DEBUG_TRACE, "<<< serialNumberAndIssuerNormalize: <%s>\n", out->bv_val, 0, 0 ); - return rc; + slap_sl_free( ni.bv_val, ctx ); + + return LDAP_SUCCESS; } #ifdef HAVE_TLS @@ -2579,7 +3237,7 @@ certificateExactNormalize( return serialNumberAndIssuerNormalize(0,NULL,NULL,val,normalized,ctx); } - assert( SLAP_MR_IS_VALUE_OF_ATTRIBUTE_SYNTAX(usage) ); + assert( SLAP_MR_IS_VALUE_OF_ATTRIBUTE_SYNTAX(usage) != 0 ); p = (unsigned char *)val->bv_val; xcert = d2i_X509( NULL, &p, val->bv_len); @@ -2596,19 +3254,34 @@ certificateExactNormalize( rc = dnX509normalize( name, &issuer_dn ); if( rc != LDAP_SUCCESS ) goto done; - normalized->bv_len = seriallen + issuer_dn.bv_len + 1; + normalized->bv_len = STRLENOF( "{ serialNumber , issuer \"\" }" ) + + seriallen + issuer_dn.bv_len; normalized->bv_val = ch_malloc(normalized->bv_len+1); + p = (unsigned char *)normalized->bv_val; + + AC_MEMCPY(p, "{ serialNumber ", STRLENOF( "{ serialNumber " )); + p += STRLENOF( "{ serialNumber " ); + AC_MEMCPY(p, serial, seriallen); p += seriallen; - *p++ = '$'; + + AC_MEMCPY(p, ", issuer \"", STRLENOF( ", issuer \"" )); + p += STRLENOF( ", issuer \"" ); + AC_MEMCPY(p, issuer_dn.bv_val, issuer_dn.bv_len); p += issuer_dn.bv_len; + + AC_MEMCPY(p, "\" }", STRLENOF( "\" }" )); + p += STRLENOF( "\" }" ); + *p = '\0'; Debug( LDAP_DEBUG_TRACE, "certificateExactNormalize: %s\n", normalized->bv_val, NULL, NULL ); + rc = LDAP_SUCCESS; + done: if (xcert) X509_free(xcert); if (serial) ch_free(serial); @@ -2868,7 +3541,7 @@ generalizedTimeNormalize( return rc; } - len = sizeof("YYYYmmddHHMMSSZ")-1 + fraction.bv_len; + len = STRLENOF("YYYYmmddHHMMSSZ") + fraction.bv_len; normalized->bv_val = slap_sl_malloc( len + 1, ctx ); if ( BER_BVISNULL( normalized ) ) { return LBER_ERROR_MEMORY; @@ -2878,9 +3551,9 @@ generalizedTimeNormalize( parts[0], parts[1], parts[2] + 1, parts[3] + 1, parts[4], parts[5], parts[6] ); if ( !BER_BVISEMPTY( &fraction ) ) { - memcpy( normalized->bv_val + sizeof("YYYYmmddHHMMSSZ")-2, + memcpy( normalized->bv_val + STRLENOF("YYYYmmddHHMMSSZ")-1, fraction.bv_val, fraction.bv_len ); - normalized->bv_val[sizeof("YYYYmmddHHMMSSZ")-2] = '.'; + normalized->bv_val[STRLENOF("YYYYmmddHHMMSSZ")-1] = '.'; } strcpy( normalized->bv_val + len-1, "Z" ); normalized->bv_len = len; @@ -3435,11 +4108,23 @@ static slap_syntax_defs_rec syntax_defs[] = { {"( 1.3.6.1.1.1.0.1 DESC 'RFC2307 Boot Parameter' )", 0, bootParameterValidate, NULL}, - /* From PKIX *//* This OID is not published yet. */ - {"( 1.2.826.0.1.3344810.7.1 DESC 'Certificate Serial Number and Issuer' )", + /* draft-zeilenga-ldap-x509 */ + {"( 1.3.6.1.1.15.1 DESC 'Certificate Exact Assertion' )", SLAP_SYNTAX_HIDE, serialNumberAndIssuerValidate, serialNumberAndIssuerPretty}, + {"( 1.3.6.1.1.15.2 DESC 'Certificate Assertion' )", + SLAP_SYNTAX_HIDE, NULL, NULL}, + {"( 1.3.6.1.1.15.3 DESC 'Certificate Pair Exact Assertion' )", + SLAP_SYNTAX_HIDE, NULL, NULL}, + {"( 1.3.6.1.1.15.4 DESC 'Certificate Pair Assertion' )", + SLAP_SYNTAX_HIDE, NULL, NULL}, + {"( 1.3.6.1.1.15.5 DESC 'Certificate List Exact Assertion' )", + SLAP_SYNTAX_HIDE, NULL, NULL}, + {"( 1.3.6.1.1.15.6 DESC 'Certificate List Assertion' )", + SLAP_SYNTAX_HIDE, NULL, NULL}, + {"( 1.3.6.1.1.15.7 DESC 'Algorithm Identifier' )", + SLAP_SYNTAX_HIDE, NULL, NULL}, #ifdef SLAPD_AUTHPASSWD /* needs updating */ @@ -3448,7 +4133,7 @@ static slap_syntax_defs_rec syntax_defs[] = { #endif {"( 1.3.6.1.1.16.1 DESC 'UUID' )", - 0, UUIDValidate, NULL}, + 0, UUIDValidate, UUIDPretty}, {"( 1.3.6.1.4.1.4203.666.11.2.1 DESC 'CSN' )", SLAP_SYNTAX_HIDE, csnValidate, NULL}, @@ -3457,11 +4142,9 @@ static slap_syntax_defs_rec syntax_defs[] = { {"( 1.3.6.1.4.1.4203.1.1.1 DESC 'OpenLDAP void' )" , SLAP_SYNTAX_HIDE, inValidate, NULL}, -#ifdef SLAP_AUTHZ_SYNTAX /* FIXME: OID is unused, but not registered yet */ {"( 1.3.6.1.4.1.4203.666.2.7 DESC 'OpenLDAP authz' )", SLAP_SYNTAX_HIDE, authzValidate, authzPretty}, -#endif /* SLAP_AUTHZ_SYNTAX */ {NULL, 0, NULL, NULL} }; @@ -3482,13 +4165,13 @@ char *directoryStringSyntaxes[] = { }; char *integerFirstComponentMatchSyntaxes[] = { "1.3.6.1.4.1.1466.115.121.1.27" /* INTEGER */, - "1.3.6.1.4.1.1466.115.121.1.17" /* ditStructureRuleDescription */, + "1.3.6.1.4.1.1466.115.121.1.17" /* dITStructureRuleDescription */, NULL }; char *objectIdentifierFirstComponentMatchSyntaxes[] = { "1.3.6.1.4.1.1466.115.121.1.38" /* OID */, "1.3.6.1.4.1.1466.115.121.1.3" /* attributeTypeDescription */, - "1.3.6.1.4.1.1466.115.121.1.16" /* ditContentRuleDescription */, + "1.3.6.1.4.1.1466.115.121.1.16" /* dITContentRuleDescription */, "1.3.6.1.4.1.1466.115.121.1.54" /* ldapSyntaxDescription */, "1.3.6.1.4.1.1466.115.121.1.30" /* matchingRuleDescription */, "1.3.6.1.4.1.1466.115.121.1.31" /* matchingRuleUseDescription */, @@ -3505,17 +4188,18 @@ char *objectIdentifierFirstComponentMatchSyntaxes[] = { * 2.5.13.31* directoryStringFirstComponentMatch * 2.5.13.32* wordMatch * 2.5.13.33* keywordMatch - * 2.5.13.36 certificatePairExactMatch - * 2.5.13.37 certificatePairMatch - * 2.5.13.38 certificateListExactMatch - * 2.5.13.39 certificateListMatch - * 2.5.13.40 algorithmIdentifierMatch + * 2.5.13.36+ certificatePairExactMatch + * 2.5.13.37+ certificatePairMatch + * 2.5.13.38+ certificateListExactMatch + * 2.5.13.39+ certificateListMatch + * 2.5.13.40+ algorithmIdentifierMatch * 2.5.13.41* storedPrefixMatch * 2.5.13.42 attributeCertificateMatch * 2.5.13.43 readerAndKeyIDMatch * 2.5.13.44 attributeIntegrityMatch * * (*) described in RFC 3698 (LDAP: Additional Matching Rules) + * (+) described in draft-zeilenga-ldap-x509 */ static slap_mrule_defs_rec mrule_defs[] = { /* @@ -3798,7 +4482,7 @@ static slap_mrule_defs_rec mrule_defs[] = { NULL }, {"( 2.5.13.34 NAME 'certificateExactMatch' " - "SYNTAX 1.2.826.0.1.3344810.7.1 )", + "SYNTAX 1.3.6.1.1.15.1 )", SLAP_MR_EQUALITY | SLAP_MR_EXT, certificateExactMatchSyntaxes, #ifdef HAVE_TLS NULL, certificateExactNormalize, octetStringMatch, @@ -3809,14 +4493,9 @@ static slap_mrule_defs_rec mrule_defs[] = { NULL }, {"( 2.5.13.35 NAME 'certificateMatch' " - "SYNTAX 1.3.6.1.4.1.1466.115.121.1.8 )", + "SYNTAX 1.3.6.1.1.15.2 )", SLAP_MR_EQUALITY | SLAP_MR_EXT, NULL, -#ifdef HAVE_TLS - NULL, NULL, octetStringMatch, - octetStringIndexer, octetStringFilter, -#else NULL, NULL, NULL, NULL, NULL, -#endif NULL }, {"( 1.3.6.1.4.1.1466.109.114.1 NAME 'caseExactIA5Match' " @@ -3873,14 +4552,14 @@ static slap_mrule_defs_rec mrule_defs[] = { {"( 1.3.6.1.1.16.2 NAME 'UUIDMatch' " "SYNTAX 1.3.6.1.1.16.1 )", - SLAP_MR_EQUALITY, NULL, + SLAP_MR_EQUALITY | SLAP_MR_MUTATION_NORMALIZER, NULL, NULL, UUIDNormalize, octetStringMatch, octetStringIndexer, octetStringFilter, NULL}, {"( 1.3.6.1.1.16.3 NAME 'UUIDOrderingMatch' " "SYNTAX 1.3.6.1.1.16.1 )", - SLAP_MR_ORDERING, NULL, + SLAP_MR_ORDERING | SLAP_MR_MUTATION_NORMALIZER, NULL, NULL, UUIDNormalize, octetStringOrderingMatch, octetStringIndexer, octetStringFilter, "UUIDMatch"}, @@ -3899,7 +4578,6 @@ static slap_mrule_defs_rec mrule_defs[] = { NULL, NULL, "CSNMatch" }, -#ifdef SLAP_AUTHZ_SYNTAX /* FIXME: OID is unused, but not registered yet */ {"( 1.3.6.1.4.1.4203.666.4.12 NAME 'authzMatch' " "SYNTAX 1.3.6.1.4.1.4203.666.2.7 )", @@ -3907,7 +4585,6 @@ static slap_mrule_defs_rec mrule_defs[] = { NULL, authzNormalize, authzMatch, NULL, NULL, NULL}, -#endif /* SLAP_AUTHZ_SYNTAX */ {NULL, SLAP_MR_NONE, NULL, NULL, NULL, NULL, NULL, NULL, @@ -3968,6 +4645,8 @@ schema_destroy( void ) mru_destroy(); syn_destroy(); - ldap_pvt_thread_mutex_destroy( &ad_undef_mutex ); - ldap_pvt_thread_mutex_destroy( &oc_undef_mutex ); + if( schema_init_done ) { + ldap_pvt_thread_mutex_destroy( &ad_undef_mutex ); + ldap_pvt_thread_mutex_destroy( &oc_undef_mutex ); + } }