X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=servers%2Fslapd%2Fschema_init.c;h=69c93f270d9306d9f68f9b55d49b2d4d2fa5c38b;hb=01c38dd6ea7f02cfdc9f77f9299771a4ef6ce968;hp=9b46a5ef93845c5ef93abf8fe3c9556eda6c1709;hpb=4c64b8626d5b2b26256446dbc29f63ab45b5ec1d;p=openldap diff --git a/servers/slapd/schema_init.c b/servers/slapd/schema_init.c index 9b46a5ef93..69c93f270d 100644 --- a/servers/slapd/schema_init.c +++ b/servers/slapd/schema_init.c @@ -67,10 +67,8 @@ #define csnIndexer generalizedTimeIndexer #define csnFilter generalizedTimeFilter -#ifdef SLAP_AUTHZ_SYNTAX /* FIXME: temporary */ #define authzMatch octetStringMatch -#endif /* SLAP_AUTHZ_SYNTAX */ unsigned int index_substr_if_minlen = SLAP_INDEX_SUBSTR_IF_MINLEN_DEFAULT; unsigned int index_substr_if_maxlen = SLAP_INDEX_SUBSTR_IF_MAXLEN_DEFAULT; @@ -712,11 +710,14 @@ bitStringValidate( return LDAP_INVALID_SYNTAX; } - /* - * RFC 2252 section 6.3 Bit String - * bitstring = "'" *binary-digit "'B" - * binary-digit = "0" / "1" - * example: '0101111101'B + /* RFC 4517 Section 3.3.2 Bit String: + * BitString = SQUOTE *binary-digit SQUOTE "B" + * binary-digit = "0" / "1" + * + * where SQUOTE [RFC4512] is + * SQUOTE = %x27 ; single quote ("'") + * + * Example: '0101111101'B */ if( in->bv_val[0] != '\'' || @@ -736,39 +737,7 @@ bitStringValidate( } /* - * Syntax is [RFC2252]: - * - -6.3. Bit String - - ( 1.3.6.1.4.1.1466.115.121.1.6 DESC 'Bit String' ) - - Values in this syntax are encoded according to the following BNF: - - bitstring = "'" *binary-digit "'B" - - binary-digit = "0" / "1" - - ... - -6.21. Name And Optional UID - - ( 1.3.6.1.4.1.1466.115.121.1.34 DESC 'Name And Optional UID' ) - - Values in this syntax are encoded according to the following BNF: - - NameAndOptionalUID = DistinguishedName [ "#" bitstring ] - - Although the '#' character may occur in a string representation of a - distinguished name, no additional special quoting is done. This - syntax has been added subsequent to RFC 1778. - - Example: - - 1.3.6.1.4.1.1466.0=#04024869,O=Test,C=GB#'0101'B - - * - * draft-ietf-ldapbis-syntaxes-xx.txt says: + * Syntaxes from RFC 4517 * 3.3.2. Bit String @@ -826,7 +795,7 @@ bitStringValidate( [X.520]. * - * draft-ietf-ldapbis-models-xx.txt [MODELS] says: + * RFC 4512 says: * 1.4. Common ABNF Productions @@ -844,11 +813,11 @@ bitStringValidate( * * 1.3.6.1.4.1.1466.0=#04024869,o=test,c=gb#'101'B * - * Since draft-ietf-ldapbis-dn-xx.txt clarifies that SHARP, - * i.e. "#", doesn't have to be escaped except when at the - * beginning of a value, the definition of Name and Optional - * UID appears to be flawed, because there is no clear means - * to determine whether the UID part is present or not. + * RFC 4514 clarifies that SHARP, i.e. "#", doesn't have to + * be escaped except when at the beginning of a value, the + * definition of Name and Optional UID appears to be flawed, + * because there is no clear means to determine whether the + * UID part is present or not. * * Example: * @@ -1010,7 +979,7 @@ uniqueMemberNormalize( struct berval out; int rc; - assert( SLAP_MR_IS_VALUE_OF_SYNTAX( usage )); + assert( SLAP_MR_IS_VALUE_OF_SYNTAX( usage ) != 0 ); ber_dupbv_x( &out, val, ctx ); if ( BER_BVISEMPTY( &out ) ) { @@ -1294,7 +1263,7 @@ Summary: TelephoneNumber subset subset i + ignore all spaces and "-" - See draft-ietf-ldapbis-strpro for details (once published). + See RFC 4518 for details. Directory String - @@ -1423,7 +1392,7 @@ UTF8StringNormalize( int flags; int i, wasspace; - assert( SLAP_MR_IS_VALUE_OF_SYNTAX( use )); + assert( SLAP_MR_IS_VALUE_OF_SYNTAX( use ) != 0 ); if( BER_BVISNULL( val ) ) { /* assume we're dealing with a syntax (e.g., UTF8String) @@ -1854,7 +1823,7 @@ telephoneNumberNormalize( { char *p, *q; - assert( SLAP_MR_IS_VALUE_OF_SYNTAX( usage )); + assert( SLAP_MR_IS_VALUE_OF_SYNTAX( usage ) != 0 ); /* validator should have refused an empty string */ assert( !BER_BVISEMPTY( val ) ); @@ -2106,7 +2075,7 @@ IA5StringNormalize( assert( !BER_BVISEMPTY( val ) ); - assert( SLAP_MR_IS_VALUE_OF_SYNTAX( use )); + assert( SLAP_MR_IS_VALUE_OF_SYNTAX( use ) != 0 ); p = val->bv_val; @@ -2355,16 +2324,11 @@ numericStringNormalize( * Integer conversion macros that will use the largest available * type. */ -#if defined(HAVE_STRTOLL) && defined(LLONG_MAX) \ - && defined(LLONG_MIN) && defined(HAVE_LONG_LONG) +#if defined(HAVE_STRTOLL) && defined(HAVE_LONG_LONG) # define SLAP_STRTOL(n,e,b) strtoll(n,e,b) -# define SLAP_LONG_MAX LLONG_MAX -# define SLAP_LONG_MIN LLONG_MIN # define SLAP_LONG long long #else # define SLAP_STRTOL(n,e,b) strtol(n,e,b) -# define SLAP_LONG_MAX LONG_MAX -# define SLAP_LONG_MIN LONG_MIN # define SLAP_LONG long #endif /* HAVE_STRTOLL ... */ @@ -2379,18 +2343,17 @@ integerBitAndMatch( { SLAP_LONG lValue, lAssertedValue; + errno = 0; /* safe to assume integers are NUL terminated? */ lValue = SLAP_STRTOL(value->bv_val, NULL, 10); - if(( lValue == SLAP_LONG_MIN || lValue == SLAP_LONG_MAX) && - errno == ERANGE ) + if( errno == ERANGE ) { return LDAP_CONSTRAINT_VIOLATION; } lAssertedValue = SLAP_STRTOL(((struct berval *)assertedValue)->bv_val, NULL, 10); - if(( lAssertedValue == SLAP_LONG_MIN || lAssertedValue == SLAP_LONG_MAX ) && - errno == ERANGE ) + if( errno == ERANGE ) { return LDAP_CONSTRAINT_VIOLATION; } @@ -2410,18 +2373,17 @@ integerBitOrMatch( { SLAP_LONG lValue, lAssertedValue; + errno = 0; /* safe to assume integers are NUL terminated? */ lValue = SLAP_STRTOL(value->bv_val, NULL, 10); - if(( lValue == SLAP_LONG_MIN || lValue == SLAP_LONG_MAX ) && - errno == ERANGE ) + if( errno == ERANGE ) { return LDAP_CONSTRAINT_VIOLATION; } lAssertedValue = SLAP_STRTOL( ((struct berval *)assertedValue)->bv_val, NULL, 10); - if(( lAssertedValue == SLAP_LONG_MIN || lAssertedValue == SLAP_LONG_MAX ) && - errno == ERANGE ) + if( errno == ERANGE ) { return LDAP_CONSTRAINT_VIOLATION; } @@ -3275,7 +3237,7 @@ certificateExactNormalize( return serialNumberAndIssuerNormalize(0,NULL,NULL,val,normalized,ctx); } - assert( SLAP_MR_IS_VALUE_OF_ATTRIBUTE_SYNTAX(usage) ); + assert( SLAP_MR_IS_VALUE_OF_ATTRIBUTE_SYNTAX(usage) != 0 ); p = (unsigned char *)val->bv_val; xcert = d2i_X509( NULL, &p, val->bv_len); @@ -4146,11 +4108,23 @@ static slap_syntax_defs_rec syntax_defs[] = { {"( 1.3.6.1.1.1.0.1 DESC 'RFC2307 Boot Parameter' )", 0, bootParameterValidate, NULL}, - /* From PKIX *//* This OID is not published yet. */ - {"( 1.2.826.0.1.3344810.7.1 DESC 'Certificate Serial Number and Issuer' )", + /* draft-zeilenga-ldap-x509 */ + {"( 1.3.6.1.1.15.1 DESC 'Certificate Exact Assertion' )", SLAP_SYNTAX_HIDE, serialNumberAndIssuerValidate, serialNumberAndIssuerPretty}, + {"( 1.3.6.1.1.15.2 DESC 'Certificate Assertion' )", + SLAP_SYNTAX_HIDE, NULL, NULL}, + {"( 1.3.6.1.1.15.3 DESC 'Certificate Pair Exact Assertion' )", + SLAP_SYNTAX_HIDE, NULL, NULL}, + {"( 1.3.6.1.1.15.4 DESC 'Certificate Pair Assertion' )", + SLAP_SYNTAX_HIDE, NULL, NULL}, + {"( 1.3.6.1.1.15.5 DESC 'Certificate List Exact Assertion' )", + SLAP_SYNTAX_HIDE, NULL, NULL}, + {"( 1.3.6.1.1.15.6 DESC 'Certificate List Assertion' )", + SLAP_SYNTAX_HIDE, NULL, NULL}, + {"( 1.3.6.1.1.15.7 DESC 'Algorithm Identifier' )", + SLAP_SYNTAX_HIDE, NULL, NULL}, #ifdef SLAPD_AUTHPASSWD /* needs updating */ @@ -4168,11 +4142,9 @@ static slap_syntax_defs_rec syntax_defs[] = { {"( 1.3.6.1.4.1.4203.1.1.1 DESC 'OpenLDAP void' )" , SLAP_SYNTAX_HIDE, inValidate, NULL}, -#ifdef SLAP_AUTHZ_SYNTAX /* FIXME: OID is unused, but not registered yet */ {"( 1.3.6.1.4.1.4203.666.2.7 DESC 'OpenLDAP authz' )", SLAP_SYNTAX_HIDE, authzValidate, authzPretty}, -#endif /* SLAP_AUTHZ_SYNTAX */ {NULL, 0, NULL, NULL} }; @@ -4193,13 +4165,13 @@ char *directoryStringSyntaxes[] = { }; char *integerFirstComponentMatchSyntaxes[] = { "1.3.6.1.4.1.1466.115.121.1.27" /* INTEGER */, - "1.3.6.1.4.1.1466.115.121.1.17" /* ditStructureRuleDescription */, + "1.3.6.1.4.1.1466.115.121.1.17" /* dITStructureRuleDescription */, NULL }; char *objectIdentifierFirstComponentMatchSyntaxes[] = { "1.3.6.1.4.1.1466.115.121.1.38" /* OID */, "1.3.6.1.4.1.1466.115.121.1.3" /* attributeTypeDescription */, - "1.3.6.1.4.1.1466.115.121.1.16" /* ditContentRuleDescription */, + "1.3.6.1.4.1.1466.115.121.1.16" /* dITContentRuleDescription */, "1.3.6.1.4.1.1466.115.121.1.54" /* ldapSyntaxDescription */, "1.3.6.1.4.1.1466.115.121.1.30" /* matchingRuleDescription */, "1.3.6.1.4.1.1466.115.121.1.31" /* matchingRuleUseDescription */, @@ -4216,17 +4188,18 @@ char *objectIdentifierFirstComponentMatchSyntaxes[] = { * 2.5.13.31* directoryStringFirstComponentMatch * 2.5.13.32* wordMatch * 2.5.13.33* keywordMatch - * 2.5.13.36 certificatePairExactMatch - * 2.5.13.37 certificatePairMatch - * 2.5.13.38 certificateListExactMatch - * 2.5.13.39 certificateListMatch - * 2.5.13.40 algorithmIdentifierMatch + * 2.5.13.36+ certificatePairExactMatch + * 2.5.13.37+ certificatePairMatch + * 2.5.13.38+ certificateListExactMatch + * 2.5.13.39+ certificateListMatch + * 2.5.13.40+ algorithmIdentifierMatch * 2.5.13.41* storedPrefixMatch * 2.5.13.42 attributeCertificateMatch * 2.5.13.43 readerAndKeyIDMatch * 2.5.13.44 attributeIntegrityMatch * * (*) described in RFC 3698 (LDAP: Additional Matching Rules) + * (+) described in draft-zeilenga-ldap-x509 */ static slap_mrule_defs_rec mrule_defs[] = { /* @@ -4509,7 +4482,7 @@ static slap_mrule_defs_rec mrule_defs[] = { NULL }, {"( 2.5.13.34 NAME 'certificateExactMatch' " - "SYNTAX 1.2.826.0.1.3344810.7.1 )", + "SYNTAX 1.3.6.1.1.15.1 )", SLAP_MR_EQUALITY | SLAP_MR_EXT, certificateExactMatchSyntaxes, #ifdef HAVE_TLS NULL, certificateExactNormalize, octetStringMatch, @@ -4520,7 +4493,7 @@ static slap_mrule_defs_rec mrule_defs[] = { NULL }, {"( 2.5.13.35 NAME 'certificateMatch' " - "SYNTAX 1.3.6.1.4.1.1466.115.121.1.8 )", + "SYNTAX 1.3.6.1.1.15.2 )", SLAP_MR_EQUALITY | SLAP_MR_EXT, NULL, NULL, NULL, NULL, NULL, NULL, NULL }, @@ -4605,7 +4578,6 @@ static slap_mrule_defs_rec mrule_defs[] = { NULL, NULL, "CSNMatch" }, -#ifdef SLAP_AUTHZ_SYNTAX /* FIXME: OID is unused, but not registered yet */ {"( 1.3.6.1.4.1.4203.666.4.12 NAME 'authzMatch' " "SYNTAX 1.3.6.1.4.1.4203.666.2.7 )", @@ -4613,7 +4585,6 @@ static slap_mrule_defs_rec mrule_defs[] = { NULL, authzNormalize, authzMatch, NULL, NULL, NULL}, -#endif /* SLAP_AUTHZ_SYNTAX */ {NULL, SLAP_MR_NONE, NULL, NULL, NULL, NULL, NULL, NULL, @@ -4674,6 +4645,8 @@ schema_destroy( void ) mru_destroy(); syn_destroy(); - ldap_pvt_thread_mutex_destroy( &ad_undef_mutex ); - ldap_pvt_thread_mutex_destroy( &oc_undef_mutex ); + if( schema_init_done ) { + ldap_pvt_thread_mutex_destroy( &ad_undef_mutex ); + ldap_pvt_thread_mutex_destroy( &oc_undef_mutex ); + } }