X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=servers%2Fslapd%2Fschema_init.c;h=eef80beb30279966ba231ff6d1af3911b2c07fa6;hb=925714ceeff035c596ad3d3c899ff631986c6757;hp=3b185581425f261270e622367ac24076ec44e28a;hpb=c02f448a160332407f32f06816d3f6aa397a44fb;p=openldap diff --git a/servers/slapd/schema_init.c b/servers/slapd/schema_init.c index 3b18558142..eef80beb30 100644 --- a/servers/slapd/schema_init.c +++ b/servers/slapd/schema_init.c @@ -43,6 +43,7 @@ #define generalizedTimeMatch caseIgnoreIA5Match #define generalizedTimeOrderingMatch caseIgnoreIA5Match #define uniqueMemberMatch dnMatch +#define integerFirstComponentMatch integerMatch /* approx matching rules */ #define directoryStringApproxMatchOID "1.3.6.1.4.1.4203.666.4.4" @@ -54,15 +55,15 @@ #define IA5StringApproxIndexer approxIndexer #define IA5StringApproxFilter approxFilter -/* orderring matching rules */ +/* ordering matching rules */ #define caseIgnoreOrderingMatch caseIgnoreMatch #define caseExactOrderingMatch caseExactMatch +#define integerOrderingMatch integerMatch /* unimplemented matching routines */ #define caseIgnoreListMatch NULL #define caseIgnoreListSubstringsMatch NULL #define protocolInformationMatch NULL -#define integerFirstComponentMatch NULL #ifdef SLAPD_ACI_ENABLED #define OpenLDAPaciMatch NULL @@ -82,15 +83,26 @@ #define telephoneNumberSubstringsIndexer caseIgnoreIA5SubstringsIndexer #define telephoneNumberSubstringsFilter caseIgnoreIA5SubstringsFilter -/* must match OIDs below */ -#define caseExactMatchOID "2.5.13.5" -#define caseExactSubstringsMatchOID "2.5.13.7" +static MatchingRule *caseExactMatchingRule; +static MatchingRule *caseExactSubstringsMatchingRule; +static MatchingRule *integerFirstComponentMatchingRule; + +static const struct MatchingRulePtr { + const char *oid; + MatchingRule **mr; +} mr_ptr [] = { + /* must match OIDs below */ + { "2.5.13.5", &caseExactMatchingRule }, + { "2.5.13.7", &caseExactSubstringsMatchingRule }, + { "2.5.13.29", &integerFirstComponentMatchingRule } +}; + -static char *bvcasechr( struct berval *bv, int c, ber_len_t *len ) +static char *bvcasechr( struct berval *bv, unsigned char c, ber_len_t *len ) { ber_len_t i; - int lower = TOLOWER( c ); - int upper = TOUPPER( c ); + char lower = TOLOWER( c ); + char upper = TOUPPER( c ); if( c == 0 ) return NULL; @@ -225,117 +237,13 @@ static int octetStringFilter( return LDAP_SUCCESS; } -static int -nameUIDValidate( - Syntax *syntax, - struct berval *in ) -{ - int rc; - struct berval dn; - - if( in->bv_len == 0 ) return LDAP_SUCCESS; - - ber_dupbv( &dn, in ); - if( !dn.bv_val ) return LDAP_OTHER; - - if( dn.bv_val[dn.bv_len-1] == 'B' - && dn.bv_val[dn.bv_len-2] == '\'' ) - { - /* assume presence of optional UID */ - ber_len_t i; - - for(i=dn.bv_len-3; i>1; i--) { - if( dn.bv_val[i] != '0' && dn.bv_val[i] != '1' ) { - break; - } - } - if( dn.bv_val[i] != '\'' || - dn.bv_val[i-1] != '#' ) { - ber_memfree( dn.bv_val ); - return LDAP_INVALID_SYNTAX; - } - - /* trim the UID to allow use of dnValidate */ - dn.bv_val[i-1] = '\0'; - dn.bv_len = i-1; - } - - rc = dnValidate( NULL, &dn ); - - ber_memfree( &dn ); - return rc; -} - -static int -nameUIDNormalize( - Syntax *syntax, - struct berval *val, - struct berval *normalized ) -{ - struct berval out; - int rc; - - ber_dupbv( &out, val ); - if( out.bv_len != 0 ) { - ber_len_t dnlen; - char *uid = NULL; - ber_len_t uidlen = 0; - - if( out.bv_val[out.bv_len-1] == '\'' ) { - /* assume presence of optional UID */ - uid = strrchr( out.bv_val, '#' ); - - if( uid == NULL ) { - free( out.bv_val ); - return LDAP_INVALID_SYNTAX; - } - - uidlen = out.bv_len - (uid - out.bv_val); - /* temporarily trim the UID */ - *uid = '\0'; - out.bv_len -= uidlen; - } - -#ifdef USE_DN_NORMALIZE - rc = dnNormalize2( NULL, &out, normalized ); -#else - rc = dnPretty2( NULL, &out, normalized ); -#endif - - if( rc != LDAP_SUCCESS ) { - free( out.bv_val ); - return LDAP_INVALID_SYNTAX; - } - - dnlen = normalized->bv_len; - - if( uidlen ) { - struct berval b2; - b2.bv_val = ch_malloc(dnlen + uidlen + 1); - AC_MEMCPY( b2.bv_val, normalized->bv_val, dnlen ); - - /* restore the separator */ - *uid = '#'; - /* shift the UID */ - AC_MEMCPY( normalized->bv_val+dnlen, uid, uidlen ); - b2.bv_len = dnlen + uidlen; - normalized->bv_val[dnlen+uidlen] = '\0'; - free(normalized->bv_val); - *normalized = b2; - } - free( out.bv_val ); - } - - return LDAP_SUCCESS; -} - static int inValidate( Syntax *syntax, struct berval *in ) { - /* any value allowed */ - return LDAP_OTHER; + /* no value allowed */ + return LDAP_INVALID_SYNTAX; } static int @@ -424,6 +332,119 @@ done: return LDAP_SUCCESS; } +static int +nameUIDValidate( + Syntax *syntax, + struct berval *in ) +{ + int rc; + struct berval dn; + + if( in->bv_len == 0 ) return LDAP_SUCCESS; + + ber_dupbv( &dn, in ); + if( !dn.bv_val ) return LDAP_OTHER; + + if( dn.bv_val[dn.bv_len-1] == 'B' + && dn.bv_val[dn.bv_len-2] == '\'' ) + { + /* assume presence of optional UID */ + ber_len_t i; + + for(i=dn.bv_len-3; i>1; i--) { + if( dn.bv_val[i] != '0' && dn.bv_val[i] != '1' ) { + break; + } + } + if( dn.bv_val[i] != '\'' || dn.bv_val[i-1] != '#' ) { + ber_memfree( dn.bv_val ); + return LDAP_INVALID_SYNTAX; + } + + /* trim the UID to allow use of dnValidate */ + dn.bv_val[i-1] = '\0'; + dn.bv_len = i-1; + } + + rc = dnValidate( NULL, &dn ); + + ber_memfree( dn.bv_val ); + return rc; +} + +static int +nameUIDNormalize( + Syntax *syntax, + struct berval *val, + struct berval *normalized ) +{ + struct berval out; + int rc; + + ber_dupbv( &out, val ); + if( out.bv_len != 0 ) { + struct berval uidin = { 0, NULL }; + struct berval uidout = { 0, NULL }; + + if( out.bv_val[out.bv_len-1] == 'B' + && out.bv_val[out.bv_len-2] == '\'' ) + { + /* assume presence of optional UID */ + uidin.bv_val = strrchr( out.bv_val, '#' ); + + if( uidin.bv_val == NULL ) { + free( out.bv_val ); + return LDAP_INVALID_SYNTAX; + } + + uidin.bv_len = out.bv_len - (uidin.bv_val - out.bv_val); + out.bv_len -= uidin.bv_len--; + + /* temporarily trim the UID */ + *(uidin.bv_val++) = '\0'; + + rc = bitStringNormalize( syntax, &uidin, &uidout ); + + if( rc != LDAP_SUCCESS ) { + free( out.bv_val ); + return LDAP_INVALID_SYNTAX; + } + } + +#ifdef USE_DN_NORMALIZE + rc = dnNormalize2( NULL, &out, normalized ); +#else + rc = dnPretty2( NULL, &out, normalized ); +#endif + + if( rc != LDAP_SUCCESS ) { + free( out.bv_val ); + free( uidout.bv_val ); + return LDAP_INVALID_SYNTAX; + } + + if( uidout.bv_len ) { + normalized->bv_val = ch_realloc( normalized->bv_val, + normalized->bv_len + uidout.bv_len + sizeof("#") ); + + /* insert the separator */ + normalized->bv_val[normalized->bv_len++] = '#'; + + /* append the UID */ + AC_MEMCPY( &normalized->bv_val[normalized->bv_len], + uidout.bv_val, uidout.bv_len ); + normalized->bv_len += uidout.bv_len; + + /* terminate */ + normalized->bv_val[normalized->bv_len] = '\0'; + } + + free( out.bv_val ); + } + + return LDAP_SUCCESS; +} + /* * Handling boolean syntax and matching is quite rigid. * A more flexible approach would be to allow a variety @@ -467,6 +488,76 @@ booleanMatch( return LDAP_SUCCESS; } +/*------------------------------------------------------------------- +LDAP/X.500 string syntax / matching rules have a few oddities. This +comment attempts to detail how slapd(8) treats them. + +Summary: + StringSyntax X.500 LDAP Matching + DirectoryString CHOICE UTF8 i/e + ignore insignificant spaces + PrintableString subset subset i/e + ignore insignificant spaces + NumericString subset subset ignore all spaces + IA5String ASCII ASCII i/e + ignore insignificant spaces + TeletexString T.61 T.61 i/e + ignore insignificant spaces + + TelephoneNumber subset subset i + ignore all spaces and "-" + + See draft-ietf-ldapbis-strpro for details (once published). + + +Directory String - + In X.500(93), a directory string can be either a PrintableString, + a bmpString, or a UniversalString (e.g., UCS (a subset of Unicode)). + In later versions, more CHOICEs were added. In all cases the string + must be non-empty. + + In LDPAv3, a directory string is a UTF-8 encoded UCS string. + + For matching, there are both case ignore and exact rules. Both + also require that "insignificant" spaces be ignored. + spaces before the first non-space are ignored; + spaces after the last non-space are ignored; + spaces after a space are ignored. + Note: by these rules (and as clarified in X.520), a string of only + spaces is to be treated as if held one space, not empty (which + would be a syntax error). + +NumericString + In ASN.1, numeric string is just a string of digits and spaces + and could be empty. However, in X.500, all attribute values of + numeric string carry a non-empty constraint. For example: + + internationalISDNNumber ATTRIBUTE ::= { + WITH SYNTAX InternationalISDNNumber + EQUALITY MATCHING RULE numericStringMatch + SUBSTRINGS MATCHING RULE numericStringSubstringsMatch + ID id-at-internationalISDNNumber } + InternationalISDNNumber ::= + NumericString (SIZE(1..ub-international-isdn-number)) + + Unforunately, some assertion values are don't carry the same + constraint (but its unclear how such an assertion could ever + be true). In LDAP, there is one syntax (numericString) not two + (numericString with constraint, numericString without constraint). + This should be treated as numericString with non-empty constraint. + Note that while someone may have no ISDN number, there are no ISDN + numbers which are zero length. + + In matching, spaces are ignored. + +PrintableString + In ASN.1, Printable string is just a string of printable characters + and can be empty. In X.500, semantics much like NumericString (see + serialNumber for a like example) excepting uses insignificant space + handling instead of ignore all spaces. + +IA5String + Basically same as PrintableString. There are no examples in X.500, + but same logic applies. So we require them to be non-empty as + well. + +-------------------------------------------------------------------*/ + static int UTF8StringValidate( Syntax *syntax, @@ -530,16 +621,25 @@ UTF8StringNormalize( char *p, *q, *s, *e; int len = 0; + /* validator should have refused an empty string */ + assert( val->bv_len ); + p = val->bv_val; /* Ignore initial whitespace */ /* All space is ASCII. All ASCII is 1 byte */ for ( ; p < val->bv_val + val->bv_len && ASCII_SPACE( p[ 0 ] ); p++ ); - ber_mem2bv( p, val->bv_len - (p - val->bv_val), 1, normalized ); - e = normalized->bv_val + val->bv_len - (p - val->bv_val); + normalized->bv_len = val->bv_len - (p - val->bv_val); + + if( !normalized->bv_len ) { + ber_mem2bv( " ", 1, 1, normalized ); + return LDAP_SUCCESS; + } + + ber_mem2bv( p, normalized->bv_len, 1, normalized ); + e = normalized->bv_val + normalized->bv_len; - assert( normalized->bv_len ); assert( normalized->bv_val ); p = q = normalized->bv_val; @@ -563,11 +663,11 @@ UTF8StringNormalize( } } - assert( normalized->bv_val < p ); + assert( normalized->bv_val <= p ); assert( q+len <= p ); /* cannot start with a space */ - assert( !ASCII_SPACE(normalized->bv_val[0]) ); + assert( !ASCII_SPACE( normalized->bv_val[0] ) ); /* * If the string ended in space, backup the pointer one @@ -619,10 +719,12 @@ UTF8SubstringsassertionNormalize( for( i=0; sa->sa_any[i].bv_val != NULL; i++ ) { /* empty */ } - nsa->sa_any = (struct berval *)ch_malloc( (i + 1) * sizeof(struct berval) ); + nsa->sa_any = (struct berval *) + ch_malloc( (i + 1) * sizeof(struct berval) ); + for( i=0; sa->sa_any[i].bv_val != NULL; i++ ) { UTF8bvnormalize( &sa->sa_any[i], &nsa->sa_any[i], - casefold ); + casefold ); if( nsa->sa_any[i].bv_val == NULL ) { goto err; } @@ -641,7 +743,7 @@ UTF8SubstringsassertionNormalize( err: if ( nsa->sa_final.bv_val ) free( nsa->sa_final.bv_val ); - if ( nsa->sa_any )ber_bvarray_free( nsa->sa_any ); + if ( nsa->sa_any ) ber_bvarray_free( nsa->sa_any ); if ( nsa->sa_initial.bv_val ) free( nsa->sa_initial.bv_val ); ch_free( nsa ); return NULL; @@ -678,7 +780,8 @@ approxMatch( } /* Yes, this is necessary */ - assertv = UTF8bvnormalize( ((struct berval *)assertedValue), NULL, LDAP_UTF8_APPROX ); + assertv = UTF8bvnormalize( ((struct berval *)assertedValue), + NULL, LDAP_UTF8_APPROX ); if( assertv == NULL ) { ber_bvfree( nval ); *matchp = 1; @@ -835,7 +938,8 @@ approxFilter( BerVarray keys; /* Yes, this is necessary */ - val = UTF8bvnormalize( ((struct berval *)assertValue), NULL, LDAP_UTF8_APPROX ); + val = UTF8bvnormalize( ((struct berval *)assertValue), + NULL, LDAP_UTF8_APPROX ); if( val == NULL || val->bv_val == NULL ) { keys = (struct berval *)ch_malloc( sizeof(struct berval) ); keys[0].bv_val = NULL; @@ -1022,7 +1126,7 @@ caseExactIgnoreSubstringsMatch( char *nav = NULL; unsigned casefold; - casefold = strcmp( mr->smr_oid, caseExactSubstringsMatchOID ) + casefold = ( mr != caseExactSubstringsMatchingRule ) ? LDAP_UTF8_CASEFOLD : LDAP_UTF8_NOCASEFOLD; if ( UTF8bvnormalize( value, &left, casefold ) == NULL ) { @@ -1192,7 +1296,7 @@ static int caseExactIgnoreIndexer( slen = syntax->ssyn_oidlen; mlen = mr->smr_oidlen; - casefold = strcmp( mr->smr_oid, caseExactMatchOID ) + casefold = ( mr != caseExactMatchingRule ) ? LDAP_UTF8_CASEFOLD : LDAP_UTF8_NOCASEFOLD; for( i=0; values[i].bv_val != NULL; i++ ) { @@ -1246,7 +1350,7 @@ static int caseExactIgnoreFilter( slen = syntax->ssyn_oidlen; mlen = mr->smr_oidlen; - casefold = strcmp( mr->smr_oid, caseExactMatchOID ) + casefold = ( mr != caseExactMatchingRule ) ? LDAP_UTF8_CASEFOLD : LDAP_UTF8_NOCASEFOLD; UTF8bvnormalize( (struct berval *) assertValue, &value, casefold ); @@ -1312,7 +1416,7 @@ static int caseExactIgnoreSubstringsIndexer( /* we should have at least one value at this point */ assert( i > 0 ); - casefold = strcmp( mr->smr_oid, caseExactSubstringsMatchOID ) + casefold = ( mr != caseExactSubstringsMatchingRule ) ? LDAP_UTF8_CASEFOLD : LDAP_UTF8_NOCASEFOLD; nvalues = ch_malloc( sizeof( struct berval ) * (i+1) ); @@ -1482,7 +1586,7 @@ static int caseExactIgnoreSubstringsFilter( struct berval *value; struct berval digest; - casefold = strcmp( mr->smr_oid, caseExactSubstringsMatchOID ) + casefold = ( mr != caseExactSubstringsMatchingRule ) ? LDAP_UTF8_CASEFOLD : LDAP_UTF8_NOCASEFOLD; sa = UTF8SubstringsassertionNormalize( assertValue, casefold ); @@ -1653,6 +1757,37 @@ caseIgnoreMatch( return LDAP_SUCCESS; } +/* Remove all spaces and '-' characters */ +static int +telephoneNumberNormalize( + Syntax *syntax, + struct berval *val, + struct berval *normalized ) +{ + char *p, *q; + + /* validator should have refused an empty string */ + assert( val->bv_len ); + + q = normalized->bv_val = ch_malloc( val->bv_len + 1 ); + + for( p = val->bv_val; *p; p++ ) { + if ( ! ( ASCII_SPACE( *p ) || *p == '-' )) { + *q++ = *p; + } + } + *q = '\0'; + + normalized->bv_len = q - normalized->bv_val; + + if( normalized->bv_len == 0 ) { + free( normalized->bv_val ); + return LDAP_INVALID_SYNTAX; + } + + return LDAP_SUCCESS; +} + static int oidValidate( Syntax *syntax, @@ -1702,85 +1837,47 @@ integerMatch( void *assertedValue ) { char *v, *av; - int vsign=0, avsign=0; + int vsign = 1, avsign = 1; /* default sign = '+' */ struct berval *asserted; ber_len_t vlen, avlen; + int match; - - /* Start off pessimistic */ - *matchp = 1; - - /* Skip past leading spaces/zeros, and get the sign of the *value number */ + /* Skip leading space/sign/zeroes, and get the sign of the *value number */ v = value->bv_val; vlen = value->bv_len; - while( vlen ) { - if( ASCII_SPACE(*v) || ( *v == '0' )) { - /* empty -- skip spaces */ - } - else if ( *v == '+' ) { - vsign = 1; - } - else if ( *v == '-' ) { + if( mr == integerFirstComponentMatchingRule ) { + char *tmp = memchr( v, '$', vlen ); + if( tmp ) + vlen = tmp - v; + while( vlen && ASCII_SPACE( v[vlen-1] )) + vlen--; + } + for( ; vlen && ( *v < '1' || '9' < *v ); v++, vlen-- ) /* ANSI 2.2.1 */ + if( *v == '-' ) vsign = -1; - } - else if ( ASCII_DIGIT(*v) ) { - if ( vsign == 0 ) vsign = 1; - vsign *= 2; - break; - } - v++; - vlen--; - } + if( vlen == 0 ) + vsign = 0; - /* Skip past leading spaces/zeros, and get the sign of the *assertedValue - number */ + /* Do the same with the *assertedValue number */ asserted = (struct berval *) assertedValue; av = asserted->bv_val; avlen = asserted->bv_len; - while( avlen ) { - if( ASCII_SPACE(*av) || ( *av == '0' )) { - /* empty -- skip spaces */ - } - else if ( *av == '+' ) { - avsign = 1; - } - else if ( *av == '-' ) { + for( ; avlen && ( *av < '1' || '9' < *av ); av++, avlen-- ) + if( *av == '-' ) avsign = -1; - } - else if ( ASCII_DIGIT(*av) ) { - if ( avsign == 0 ) avsign = 1; - avsign *= 2; - break; - } - av++; - avlen--; - } + if( avlen == 0 ) + avsign = 0; - /* The two ?sign vars are now one of : - -2 negative non-zero number - -1 -0 \ - 0 0 collapse these three to 0 - +1 +0 / - +2 positive non-zero number - */ - if ( abs( vsign ) == 1 ) vsign = 0; - if ( abs( avsign ) == 1 ) avsign = 0; - - if( vsign != avsign ) return LDAP_SUCCESS; - - /* Check the significant digits */ - while( vlen && avlen ) { - if( *v != *av ) break; - v++; - vlen--; - av++; - avlen--; + match = vsign - avsign; + if( match == 0 ) { + match = (vlen != avlen + ? ( vlen < avlen ? -1 : 1 ) + : memcmp( v, av, vlen )); + if( vsign < 0 ) + match = -match; } - /* If all digits compared equal, the numbers are equal */ - if(( vlen == 0 ) && ( avlen == 0 )) { - *matchp = 0; - } + *matchp = match; return LDAP_SUCCESS; } @@ -1849,11 +1946,12 @@ integerNormalize( } else { normalized->bv_len = len+negative; - normalized->bv_val = ch_malloc( normalized->bv_len ); + normalized->bv_val = ch_malloc( normalized->bv_len + 1 ); if( negative ) { normalized->bv_val[0] = '-'; } AC_MEMCPY( normalized->bv_val + negative, p, len ); + normalized->bv_val[len+negative] = '\0'; } return LDAP_SUCCESS; @@ -1870,19 +1968,45 @@ static int integerIndexer( BerVarray *keysp ) { int i; + size_t slen, mlen; BerVarray keys; - - /* we should have at least one value at this point */ - assert( values != NULL && values[0].bv_val != NULL ); + HASH_CONTEXT HASHcontext; + unsigned char HASHdigest[HASH_BYTES]; + struct berval digest; + digest.bv_val = HASHdigest; + digest.bv_len = sizeof(HASHdigest); for( i=0; values[i].bv_val != NULL; i++ ) { - /* empty -- just count them */ + /* empty - just count them */ } + /* we should have at least one value at this point */ + assert( i > 0 ); + keys = ch_malloc( sizeof( struct berval ) * (i+1) ); + slen = syntax->ssyn_oidlen; + mlen = mr->smr_oidlen; + for( i=0; values[i].bv_val != NULL; i++ ) { - integerNormalize( syntax, &values[i], &keys[i] ); + struct berval norm; + integerNormalize( syntax, &values[i], &norm ); + + HASH_Init( &HASHcontext ); + if( prefix != NULL && prefix->bv_len > 0 ) { + HASH_Update( &HASHcontext, + prefix->bv_val, prefix->bv_len ); + } + HASH_Update( &HASHcontext, + syntax->ssyn_oid, slen ); + HASH_Update( &HASHcontext, + mr->smr_oid, mlen ); + HASH_Update( &HASHcontext, + norm.bv_val, norm.bv_len ); + HASH_Final( HASHdigest, &HASHcontext ); + + ber_dupbv( &keys[i], &digest ); + ch_free( norm.bv_val ); } keys[i].bv_val = NULL; @@ -1900,13 +2024,40 @@ static int integerFilter( void * assertValue, BerVarray *keysp ) { + size_t slen, mlen; BerVarray keys; + HASH_CONTEXT HASHcontext; + unsigned char HASHdigest[HASH_BYTES]; + struct berval norm; + struct berval digest; + digest.bv_val = HASHdigest; + digest.bv_len = sizeof(HASHdigest); + + slen = syntax->ssyn_oidlen; + mlen = mr->smr_oidlen; + + integerNormalize( syntax, assertValue, &norm ); keys = ch_malloc( sizeof( struct berval ) * 2 ); - integerNormalize( syntax, assertValue, &keys[0] ); + + HASH_Init( &HASHcontext ); + if( prefix != NULL && prefix->bv_len > 0 ) { + HASH_Update( &HASHcontext, + prefix->bv_val, prefix->bv_len ); + } + HASH_Update( &HASHcontext, + syntax->ssyn_oid, slen ); + HASH_Update( &HASHcontext, + mr->smr_oid, mlen ); + HASH_Update( &HASHcontext, + norm.bv_val, norm.bv_len ); + HASH_Final( HASHdigest, &HASHcontext ); + + ber_dupbv( &keys[0], &digest ); keys[1].bv_val = NULL; - *keysp = keys; + ch_free( norm.bv_val ); + *keysp = keys; return LDAP_SUCCESS; } @@ -1935,6 +2086,8 @@ printableStringValidate( { ber_len_t i; + if( val->bv_len == 0 ) return LDAP_INVALID_SYNTAX; + for(i=0; i < val->bv_len; i++) { if( !SLAP_PRINTABLE(val->bv_val[i]) ) { return LDAP_INVALID_SYNTAX; @@ -1949,14 +2102,30 @@ printablesStringValidate( Syntax *syntax, struct berval *val ) { - ber_len_t i; + ber_len_t i, len; - for(i=0; i < val->bv_len; i++) { - if( !SLAP_PRINTABLES(val->bv_val[i]) ) { + if( val->bv_len == 0 ) return LDAP_INVALID_SYNTAX; + + for(i=0,len=0; i < val->bv_len; i++) { + int c = val->bv_val[i]; + + if( c == '$' ) { + if( len == 0 ) { + return LDAP_INVALID_SYNTAX; + } + len = 0; + + } else if ( SLAP_PRINTABLE(c) ) { + len++; + } else { return LDAP_INVALID_SYNTAX; } } + if( len == 0 ) { + return LDAP_INVALID_SYNTAX; + } + return LDAP_SUCCESS; } @@ -1967,6 +2136,8 @@ IA5StringValidate( { ber_len_t i; + if( val->bv_len == 0 ) return LDAP_INVALID_SYNTAX; + for(i=0; i < val->bv_len; i++) { if( !LDAP_ASCII(val->bv_val[i]) ) { return LDAP_INVALID_SYNTAX; @@ -1984,6 +2155,8 @@ IA5StringNormalize( { char *p, *q; + assert( val->bv_len ); + p = val->bv_val; /* Ignore initial whitespace */ @@ -2025,6 +2198,13 @@ IA5StringNormalize( normalized->bv_len = q - normalized->bv_val; + if( normalized->bv_len == 0 ) { + normalized->bv_val = ch_realloc( normalized->bv_val, 2 ); + normalized->bv_val[0] = ' '; + normalized->bv_val[1] = '\0'; + normalized->bv_len = 1; + } + return LDAP_SUCCESS; } @@ -2748,6 +2928,7 @@ static int caseIgnoreIA5Indexer( BerVarray *keysp ) { int i; + int rc = LDAP_SUCCESS; size_t slen, mlen; BerVarray keys; HASH_CONTEXT HASHcontext; @@ -2770,8 +2951,22 @@ static int caseIgnoreIA5Indexer( for( i=0; values[i].bv_val != NULL; i++ ) { struct berval value; - ber_dupbv( &value, &values[i] ); - ldap_pvt_str2upper( value.bv_val ); + + if( mr->smr_normalize ) { + rc = (mr->smr_normalize)( use, syntax, mr, &values[i], &value ); + if( rc != LDAP_SUCCESS ) { + break; + } + } else if ( mr->smr_syntax->ssyn_normalize ) { + rc = (mr->smr_syntax->ssyn_normalize)( syntax, &values[i], &value ); + if( rc != LDAP_SUCCESS ) { + break; + } + } else { + ber_dupbv( &value, &values[i] ); + } + + ldap_pvt_str2lower( value.bv_val ); HASH_Init( &HASHcontext ); if( prefix != NULL && prefix->bv_len > 0 ) { @@ -2792,8 +2987,12 @@ static int caseIgnoreIA5Indexer( } keys[i].bv_val = NULL; + if( rc != LDAP_SUCCESS ) { + ber_bvarray_free( keys ); + keys = NULL; + } *keysp = keys; - return LDAP_SUCCESS; + return rc; } /* Index generation function */ @@ -2819,7 +3018,7 @@ static int caseIgnoreIA5Filter( mlen = mr->smr_oidlen; ber_dupbv( &value, (struct berval *) assertValue ); - ldap_pvt_str2upper( value.bv_val ); + ldap_pvt_str2lower( value.bv_val ); keys = ch_malloc( sizeof( struct berval ) * 2 ); @@ -2919,7 +3118,7 @@ static int caseIgnoreIA5SubstringsIndexer( if( values[i].bv_len < SLAP_INDEX_SUBSTR_MINLEN ) continue; ber_dupbv( &value, &values[i] ); - ldap_pvt_str2upper( value.bv_val ); + ldap_pvt_str2lower( value.bv_val ); if( ( flags & SLAP_INDEX_SUBSTR_ANY ) && ( value.bv_len >= SLAP_INDEX_SUBSTR_MAXLEN ) ) @@ -3072,7 +3271,7 @@ static int caseIgnoreIA5SubstringsFilter( { pre = SLAP_INDEX_SUBSTR_INITIAL_PREFIX; ber_dupbv( &value, &sa->sa_initial ); - ldap_pvt_str2upper( value.bv_val ); + ldap_pvt_str2lower( value.bv_val ); klen = SLAP_INDEX_SUBSTR_MAXLEN < value.bv_len ? SLAP_INDEX_SUBSTR_MAXLEN : value.bv_len; @@ -3107,7 +3306,7 @@ static int caseIgnoreIA5SubstringsFilter( } ber_dupbv( &value, &sa->sa_any[i] ); - ldap_pvt_str2upper( value.bv_val ); + ldap_pvt_str2lower( value.bv_val ); for(j=0; j <= value.bv_len - SLAP_INDEX_SUBSTR_MAXLEN; @@ -3140,7 +3339,7 @@ static int caseIgnoreIA5SubstringsFilter( { pre = SLAP_INDEX_SUBSTR_FINAL_PREFIX; ber_dupbv( &value, &sa->sa_final ); - ldap_pvt_str2upper( value.bv_val ); + ldap_pvt_str2lower( value.bv_val ); klen = SLAP_INDEX_SUBSTR_MAXLEN < value.bv_len ? SLAP_INDEX_SUBSTR_MAXLEN : value.bv_len; @@ -3182,6 +3381,8 @@ numericStringValidate( { ber_len_t i; + if( in->bv_len == 0 ) return LDAP_INVALID_SYNTAX; + for(i=0; i < in->bv_len; i++) { if( !SLAP_NUMERIC(in->bv_val[i]) ) { return LDAP_INVALID_SYNTAX; @@ -3200,6 +3401,8 @@ numericStringNormalize( /* removal all spaces */ char *p, *q; + assert( val->bv_len ); + normalized->bv_val = ch_malloc( val->bv_len + 1 ); p = val->bv_val; @@ -3222,6 +3425,13 @@ numericStringNormalize( normalized->bv_len = q - normalized->bv_val; + if( normalized->bv_len == 0 ) { + normalized->bv_val = ch_realloc( normalized->bv_val, 2 ); + normalized->bv_val[0] = ' '; + normalized->bv_val[1] = '\0'; + normalized->bv_len = 1; + } + return LDAP_SUCCESS; } @@ -3299,9 +3509,9 @@ objectIdentifierFirstComponentMatch( } #ifdef NEW_LOGGING - LDAP_LOG(( "schema", LDAP_LEVEL_ENTRY, - "objectIdentifierFirstComponentMatch: %d\n %s\n %s\n", - match, value->bv_val, asserted->bv_val )); + LDAP_LOG( CONFIG, ENTRY, + "objectIdentifierFirstComponentMatch: %d\n %s\n %s\n", + match, value->bv_val, asserted->bv_val ); #else Debug( LDAP_DEBUG_ARGS, "objectIdentifierFirstComponentMatch " "%d\n\t\"%s\"\n\t\"%s\"\n", @@ -3372,7 +3582,7 @@ char digit[] = "0123456789"; */ static struct berval * -asn1_integer2str(ASN1_INTEGER *a) +asn1_integer2str(ASN1_INTEGER *a, struct berval *bv) { char buf[256]; char *p; @@ -3428,35 +3638,7 @@ asn1_integer2str(ASN1_INTEGER *a) *--p = '-'; } - return ber_bvstrdup(p); -} - -/* Get a DN in RFC2253 format from a X509_NAME internal struct */ -static struct berval * -dn_openssl2ldap(X509_NAME *name) -{ - char issuer_dn[1024]; - BIO *bio; - - bio = BIO_new(BIO_s_mem()); - if ( !bio ) { -#ifdef NEW_LOGGING - LDAP_LOG(( "schema", LDAP_LEVEL_ENTRY, - "dn_openssl2ldap: error creating BIO_s_mem: %s\n", - ERR_error_string(ERR_get_error(),NULL))); -#else - Debug( LDAP_DEBUG_ARGS, "dn_openssl2ldap: " - "error creating BIO: %s\n", - ERR_error_string(ERR_get_error(),NULL), NULL, NULL ); -#endif - return NULL; - } - X509_NAME_print_ex(bio, name, 0, XN_FLAG_RFC2253); - - BIO_gets(bio, issuer_dn, 1024); - - BIO_free(bio); - return ber_bvstrdup(issuer_dn); + return ber_str2bv( p, 0, 1, bv ); } /* @@ -3470,16 +3652,15 @@ certificateExactConvert( { X509 *xcert; unsigned char *p = in->bv_val; - struct berval *serial; - struct berval *issuer_dn; - struct berval *bv_tmp; + struct berval serial; + struct berval issuer_dn; xcert = d2i_X509(NULL, &p, in->bv_len); if ( !xcert ) { #ifdef NEW_LOGGING - LDAP_LOG(( "schema", LDAP_LEVEL_ENTRY, - "certificateExactConvert: error parsing cert: %s\n", - ERR_error_string(ERR_get_error(),NULL))); + LDAP_LOG( CONFIG, ENTRY, + "certificateExactConvert: error parsing cert: %s\n", + ERR_error_string(ERR_get_error(),NULL), 0, 0 ); #else Debug( LDAP_DEBUG_ARGS, "certificateExactConvert: " "error parsing cert: %s\n", @@ -3488,53 +3669,40 @@ certificateExactConvert( return LDAP_INVALID_SYNTAX; } - serial = asn1_integer2str(xcert->cert_info->serialNumber); - if ( !serial ) { + if ( !asn1_integer2str(xcert->cert_info->serialNumber, &serial) ) { X509_free(xcert); return LDAP_INVALID_SYNTAX; } - issuer_dn = dn_openssl2ldap(X509_get_issuer_name(xcert)); - if ( !issuer_dn ) { + if ( dnX509normalize(X509_get_issuer_name(xcert), &issuer_dn ) != LDAP_SUCCESS ) { X509_free(xcert); - ber_bvfree(serial); + ber_memfree(serial.bv_val); return LDAP_INVALID_SYNTAX; } - /* Actually, dn_openssl2ldap returns in a normalized format, but - it is different from our normalized format */ - bv_tmp = issuer_dn; - if ( dnNormalize(NULL, bv_tmp, &issuer_dn) != LDAP_SUCCESS ) { - X509_free(xcert); - ber_bvfree(serial); - ber_bvfree(bv_tmp); - return LDAP_INVALID_SYNTAX; - } - ber_bvfree(bv_tmp); X509_free(xcert); - out->bv_len = serial->bv_len + issuer_dn->bv_len + sizeof(" $ "); + out->bv_len = serial.bv_len + issuer_dn.bv_len + sizeof(" $ "); out->bv_val = ch_malloc(out->bv_len); p = out->bv_val; - AC_MEMCPY(p, serial->bv_val, serial->bv_len); - p += serial->bv_len; + AC_MEMCPY(p, serial.bv_val, serial.bv_len); + p += serial.bv_len; AC_MEMCPY(p, " $ ", sizeof(" $ ")-1); p += 3; - AC_MEMCPY(p, issuer_dn->bv_val, issuer_dn->bv_len); - p += issuer_dn->bv_len; + AC_MEMCPY(p, issuer_dn.bv_val, issuer_dn.bv_len); + p += issuer_dn.bv_len; *p++ = '\0'; #ifdef NEW_LOGGING - LDAP_LOG(( "schema", LDAP_LEVEL_ENTRY, - "certificateExactConvert: \n %s\n", - out->bv_val)); + LDAP_LOG( CONFIG, ARGS, + "certificateExactConvert: \n %s\n", out->bv_val, 0, 0 ); #else Debug( LDAP_DEBUG_ARGS, "certificateExactConvert " "\n\t\"%s\"\n", out->bv_val, NULL, NULL ); #endif - ber_bvfree(serial); - ber_bvfree(issuer_dn); + ber_memfree(serial.bv_val); + ber_memfree(issuer_dn.bv_val); return LDAP_SUCCESS; } @@ -3542,8 +3710,8 @@ certificateExactConvert( static int serial_and_issuer_parse( struct berval *assertion, - struct berval **serial, - struct berval **issuer_dn + struct berval *serial, + struct berval *issuer_dn ) { char *begin; @@ -3568,18 +3736,20 @@ serial_and_issuer_parse( bv.bv_len = end-begin+1; bv.bv_val = begin; - *serial = ber_dupbv(NULL, &bv); + ber_dupbv(serial, &bv); /* now extract the issuer, remember p was at the dollar sign */ - begin = p+1; - end = assertion->bv_val+assertion->bv_len-1; - while (ASCII_SPACE(*begin)) - begin++; - /* should we trim spaces at the end too? is it safe always? */ + if ( issuer_dn ) { + begin = p+1; + end = assertion->bv_val+assertion->bv_len-1; + while (ASCII_SPACE(*begin)) + begin++; + /* should we trim spaces at the end too? is it safe always? */ - bv.bv_len = end-begin+1; - bv.bv_val = begin; - dnNormalize( NULL, &bv, issuer_dn ); + bv.bv_len = end-begin+1; + bv.bv_val = begin; + dnNormalize2( NULL, &bv, issuer_dn ); + } return LDAP_SUCCESS; } @@ -3595,18 +3765,18 @@ certificateExactMatch( { X509 *xcert; unsigned char *p = value->bv_val; - struct berval *serial; - struct berval *issuer_dn; - struct berval *asserted_serial; - struct berval *asserted_issuer_dn; + struct berval serial; + struct berval issuer_dn; + struct berval asserted_serial; + struct berval asserted_issuer_dn; int ret; xcert = d2i_X509(NULL, &p, value->bv_len); if ( !xcert ) { #ifdef NEW_LOGGING - LDAP_LOG(( "schema", LDAP_LEVEL_ENTRY, - "certificateExactMatch: error parsing cert: %s\n", - ERR_error_string(ERR_get_error(),NULL))); + LDAP_LOG( CONFIG, ENTRY, + "certificateExactMatch: error parsing cert: %s\n", + ERR_error_string(ERR_get_error(),NULL), 0, 0 ); #else Debug( LDAP_DEBUG_ARGS, "certificateExactMatch: " "error parsing cert: %s\n", @@ -3615,8 +3785,8 @@ certificateExactMatch( return LDAP_INVALID_SYNTAX; } - serial = asn1_integer2str(xcert->cert_info->serialNumber); - issuer_dn = dn_openssl2ldap(X509_get_issuer_name(xcert)); + asn1_integer2str(xcert->cert_info->serialNumber, &serial); + dnX509normalize(X509_get_issuer_name(xcert), &issuer_dn); X509_free(xcert); @@ -3629,8 +3799,8 @@ certificateExactMatch( flags, slap_schema.si_syn_integer, slap_schema.si_mr_integerMatch, - serial, - asserted_serial); + &serial, + &asserted_serial); if ( ret == LDAP_SUCCESS ) { if ( *matchp == 0 ) { /* We need to normalize everything for dnMatch */ @@ -3639,29 +3809,31 @@ certificateExactMatch( flags, slap_schema.si_syn_distinguishedName, slap_schema.si_mr_distinguishedNameMatch, - issuer_dn, - asserted_issuer_dn); + &issuer_dn, + &asserted_issuer_dn); } } #ifdef NEW_LOGGING - LDAP_LOG(( "schema", LDAP_LEVEL_ENTRY, - "certificateExactMatch: %d\n %s $ %s\n %s $ %s\n", - *matchp, serial->bv_val, issuer_dn->bv_val, - asserted_serial->bv_val, asserted_issuer_dn->bv_val)); + LDAP_LOG( CONFIG, ARGS, "certificateExactMatch " + "%d\n\t\"%s $ %s\"\n", + *matchp, serial.bv_val, issuer_dn.bv_val ); + LDAP_LOG( CONFIG, ARGS, "\t\"%s $ %s\"\n", + asserted_serial.bv_val, asserted_issuer_dn.bv_val, + 0 ); #else Debug( LDAP_DEBUG_ARGS, "certificateExactMatch " "%d\n\t\"%s $ %s\"\n", - *matchp, serial->bv_val, issuer_dn->bv_val ); + *matchp, serial.bv_val, issuer_dn.bv_val ); Debug( LDAP_DEBUG_ARGS, "\t\"%s $ %s\"\n", - asserted_serial->bv_val, asserted_issuer_dn->bv_val, + asserted_serial.bv_val, asserted_issuer_dn.bv_val, NULL ); #endif - ber_bvfree(serial); - ber_bvfree(issuer_dn); - ber_bvfree(asserted_serial); - ber_bvfree(asserted_issuer_dn); + ber_memfree(serial.bv_val); + ber_memfree(issuer_dn.bv_val); + ber_memfree(asserted_serial.bv_val); + ber_memfree(asserted_issuer_dn.bv_val); return ret; } @@ -3684,7 +3856,7 @@ static int certificateExactIndexer( BerVarray keys; X509 *xcert; unsigned char *p; - struct berval * serial; + struct berval serial; /* we should have at least one value at this point */ assert( values != NULL && values[0].bv_val != NULL ); @@ -3700,9 +3872,9 @@ static int certificateExactIndexer( xcert = d2i_X509(NULL, &p, values[i].bv_len); if ( !xcert ) { #ifdef NEW_LOGGING - LDAP_LOG(( "schema", LDAP_LEVEL_ENTRY, - "certificateExactIndexer: error parsing cert: %s\n", - ERR_error_string(ERR_get_error(),NULL))); + LDAP_LOG( CONFIG, ENTRY, + "certificateExactIndexer: error parsing cert: %s\n", + ERR_error_string(ERR_get_error(),NULL), 0, 0); #else Debug( LDAP_DEBUG_ARGS, "certificateExactIndexer: " "error parsing cert: %s\n", @@ -3713,16 +3885,15 @@ static int certificateExactIndexer( return LDAP_INVALID_SYNTAX; } - serial = asn1_integer2str(xcert->cert_info->serialNumber); + asn1_integer2str(xcert->cert_info->serialNumber, &serial); X509_free(xcert); integerNormalize( slap_schema.si_syn_integer, - serial, + &serial, &keys[i] ); - ber_bvfree(serial); + ber_memfree(serial.bv_val); #ifdef NEW_LOGGING - LDAP_LOG(( "schema", LDAP_LEVEL_ENTRY, - "certificateExactIndexer: returning: %s\n", - keys[i].bv_val)); + LDAP_LOG( CONFIG, ENTRY, + "certificateExactIndexer: returning: %s\n", keys[i].bv_val, 0, 0); #else Debug( LDAP_DEBUG_ARGS, "certificateExactIndexer: " "returning: %s\n", @@ -3748,20 +3919,18 @@ static int certificateExactFilter( BerVarray *keysp ) { BerVarray keys; - struct berval *asserted_serial; - struct berval *asserted_issuer_dn; + struct berval asserted_serial; serial_and_issuer_parse(assertValue, &asserted_serial, - &asserted_issuer_dn); + NULL); keys = ch_malloc( sizeof( struct berval ) * 2 ); - integerNormalize( syntax, asserted_serial, &keys[0] ); + integerNormalize( syntax, &asserted_serial, &keys[0] ); keys[1].bv_val = NULL; *keysp = keys; - ber_bvfree(asserted_serial); - ber_bvfree(asserted_issuer_dn); + ber_memfree(asserted_serial.bv_val); return LDAP_SUCCESS; } #endif @@ -3931,6 +4100,7 @@ check_time_syntax (struct berval *val, return LDAP_SUCCESS; } +#ifdef SUPPORT_OBSOLETE_UTC_SYNTAX static int utcTimeNormalize( Syntax *syntax, @@ -3956,7 +4126,9 @@ utcTimeNormalize( return LDAP_SUCCESS; } +#endif +#ifdef SUPPORT_OBSOLETE_UTC_SYNTAX static int utcTimeValidate( Syntax *syntax, @@ -3966,6 +4138,7 @@ utcTimeValidate( return check_time_syntax(in, 1, parts); } +#endif static int generalizedTimeValidate( @@ -4029,7 +4202,7 @@ nisNetgroupTripleValidate( return LDAP_INVALID_SYNTAX; } - } else if ( !ATTR_CHAR( *p ) ) { + } else if ( !AD_CHAR( *p ) ) { return LDAP_INVALID_SYNTAX; } } @@ -4063,7 +4236,7 @@ bootParameterValidate( /* key */ for (; ( p < e ) && ( *p != '=' ); p++ ) { - if ( !ATTR_CHAR( *p ) ) { + if ( !AD_CHAR( *p ) ) { return LDAP_INVALID_SYNTAX; } } @@ -4074,7 +4247,7 @@ bootParameterValidate( /* server */ for ( p++; ( p < e ) && ( *p != ':' ); p++ ) { - if ( !ATTR_CHAR( *p ) ) { + if ( !AD_CHAR( *p ) ) { return LDAP_INVALID_SYNTAX; } } @@ -4085,7 +4258,7 @@ bootParameterValidate( /* path */ for ( p++; p < e; p++ ) { - if ( !ATTR_CHAR( *p ) ) { + if ( !SLAP_PRINTABLE( *p ) ) { return LDAP_INVALID_SYNTAX; } } @@ -4093,19 +4266,10 @@ bootParameterValidate( return LDAP_SUCCESS; } -static struct syntax_defs_rec { - char *sd_desc; #define X_BINARY "X-BINARY-TRANSFER-REQUIRED 'TRUE' " #define X_NOT_H_R "X-NOT-HUMAN-READABLE 'TRUE' " - int sd_flags; - slap_syntax_validate_func *sd_validate; - slap_syntax_transform_func *sd_normalize; - slap_syntax_transform_func *sd_pretty; -#ifdef SLAPD_BINARY_CONVERSION - slap_syntax_transform_func *sd_ber2str; - slap_syntax_transform_func *sd_str2ber; -#endif -} syntax_defs[] = { + +static slap_syntax_defs_rec syntax_defs[] = { {"( 1.3.6.1.4.1.1466.115.121.1.1 DESC 'ACI Item' " X_BINARY X_NOT_H_R ")", SLAP_SYNTAX_BINARY|SLAP_SYNTAX_BER, NULL, NULL, NULL}, @@ -4153,7 +4317,7 @@ static struct syntax_defs_rec { {"( 1.3.6.1.4.1.1466.115.121.1.21 DESC 'Enhanced Guide' )", 0, NULL, NULL, NULL}, {"( 1.3.6.1.4.1.1466.115.121.1.22 DESC 'Facsimile Telephone Number' )", - 0, printablesStringValidate, IA5StringNormalize, NULL}, + 0, printablesStringValidate, telephoneNumberNormalize, NULL}, {"( 1.3.6.1.4.1.1466.115.121.1.23 DESC 'Fax' " X_NOT_H_R ")", SLAP_SYNTAX_BLOB, NULL, NULL, NULL}, {"( 1.3.6.1.4.1.1466.115.121.1.24 DESC 'Generalized Time' )", @@ -4205,13 +4369,15 @@ static struct syntax_defs_rec { X_BINARY X_NOT_H_R ")", SLAP_SYNTAX_BINARY|SLAP_SYNTAX_BER, berValidate, NULL, NULL}, {"( 1.3.6.1.4.1.1466.115.121.1.50 DESC 'Telephone Number' )", - 0, printableStringValidate, IA5StringNormalize, NULL}, + 0, printableStringValidate, telephoneNumberNormalize, NULL}, {"( 1.3.6.1.4.1.1466.115.121.1.51 DESC 'Teletex Terminal Identifier' )", 0, NULL, NULL, NULL}, {"( 1.3.6.1.4.1.1466.115.121.1.52 DESC 'Telex Number' )", 0, printablesStringValidate, IA5StringNormalize, NULL}, +#ifdef SUPPORT_OBSOLETE_UTC_SYNTAX {"( 1.3.6.1.4.1.1466.115.121.1.53 DESC 'UTC Time' )", 0, utcTimeValidate, utcTimeNormalize, NULL}, +#endif {"( 1.3.6.1.4.1.1466.115.121.1.54 DESC 'LDAP Syntax Description' )", 0, NULL, NULL, NULL}, {"( 1.3.6.1.4.1.1466.115.121.1.55 DESC 'Modify Rights' )", @@ -4263,7 +4429,6 @@ static struct syntax_defs_rec { * Other matching rules in X.520 that we do not use (yet): * * 2.5.13.9 numericStringOrderingMatch - * 2.5.13.15 integerOrderingMatch * 2.5.13.18 octetStringOrderingMatch * 2.5.13.19 octetStringSubstringsMatch * 2.5.13.25 uTCTimeMatch @@ -4282,17 +4447,7 @@ static struct syntax_defs_rec { * 2.5.13.43 readerAndKeyIDMatch * 2.5.13.44 attributeIntegrityMatch */ -static struct mrule_defs_rec { - char * mrd_desc; - slap_mask_t mrd_usage; - slap_mr_convert_func * mrd_convert; - slap_mr_normalize_func * mrd_normalize; - slap_mr_match_func * mrd_match; - slap_mr_indexer_func * mrd_indexer; - slap_mr_filter_func * mrd_filter; - - char * mrd_associated; -} mrule_defs[] = { +static slap_mrule_defs_rec mrule_defs[] = { /* * EQUALITY matching rules must be listed after associated APPROX * matching rules. So, we list all APPROX matching rules first. @@ -4425,6 +4580,13 @@ static struct mrule_defs_rec { integerMatch, integerIndexer, integerFilter, NULL}, + {"( 2.5.13.15 NAME 'integerOrderingMatch' " + "SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )", + SLAP_MR_ORDERING, + NULL, NULL, + integerOrderingMatch, NULL, NULL, + NULL}, + {"( 2.5.13.16 NAME 'bitStringMatch' " "SYNTAX 1.3.6.1.4.1.1466.115.121.1.6 )", SLAP_MR_EQUALITY | SLAP_MR_EXT, @@ -4588,23 +4750,13 @@ int slap_schema_init( void ) { int res; - int i; + int i = 0; /* we should only be called once (from main) */ assert( schema_init_done == 0 ); for ( i=0; syntax_defs[i].sd_desc != NULL; i++ ) { - res = register_syntax( syntax_defs[i].sd_desc, - syntax_defs[i].sd_flags, - syntax_defs[i].sd_validate, - syntax_defs[i].sd_normalize, - syntax_defs[i].sd_pretty -#ifdef SLAPD_BINARY_CONVERSION - , - syntax_defs[i].sd_ber2str, - syntax_defs[i].sd_str2ber -#endif - ); + res = register_syntax( &syntax_defs[i] ); if ( res ) { fprintf( stderr, "slap_schema_init: Error registering syntax %s\n", @@ -4621,15 +4773,7 @@ slap_schema_init( void ) continue; } - res = register_matching_rule( - mrule_defs[i].mrd_desc, - mrule_defs[i].mrd_usage, - mrule_defs[i].mrd_convert, - mrule_defs[i].mrd_normalize, - mrule_defs[i].mrd_match, - mrule_defs[i].mrd_indexer, - mrule_defs[i].mrd_filter, - mrule_defs[i].mrd_associated ); + res = register_matching_rule( &mrule_defs[i] ); if ( res ) { fprintf( stderr, @@ -4639,6 +4783,9 @@ slap_schema_init( void ) } } + for ( i=0; i < (int)(sizeof(mr_ptr)/sizeof(mr_ptr[0])); i++ ) + *mr_ptr[i].mr = mr_find( mr_ptr[i].oid ); + res = slap_schema_load(); schema_init_done = 1; return res; @@ -4647,9 +4794,12 @@ slap_schema_init( void ) void schema_destroy( void ) { + int i; oidm_destroy(); oc_destroy(); at_destroy(); + for ( i=0; i < (int)(sizeof(mr_ptr)/sizeof(mr_ptr[0])); i++ ) + *mr_ptr[i].mr = NULL; mr_destroy(); syn_destroy(); }