entryExpireTimestamp ExperimentalAttr:57 (slapo-dds)
rdnValue ExperimentalAttr:58 (contrib/slapd-modules/samba4)
parentUUID ExperimentalAttr:59 (...samba4)
+ x509PrivateKey ExperimentalAttr:60
ExperimentalSyntax OpenLDAPexperimental:2
ACIsyntax ExperimentalSyntax:1
authPassword ExperimentalSyntax:2 check - this was promoted to RFC3112
authz ExperimentalSyntax:7
+ privateKey ExperimentalSyntax:13
ExperimentalObjectClass OpenLDAPexperimental:3
glue ExperimentalObjectClass:4
dnSubordinateMatch ExperimentalMatchingRule:10
dnSuperiorMatch ExperimentalMatchingRule:11
authzMatch ExperimentalMatchingRule:12
+ privateKeyMatch ExperimentalMatchingRule:13
ExperimentalControl OpenLDAPexperimental:5
noop ExperimentalControl:2
#define ACA_SCHEMA_AT ACA_SCHEMA_ROOT ".1"
#define ACA_SCHEMA_OC ACA_SCHEMA_ROOT ".2"
-#define ACA_SCHEMA_SYN ACA_SCHEMA_ROOT ".3"
-#define ACA_SCHEMA_MR ACA_SCHEMA_ROOT ".4"
static AttributeDescription *ad_caCert, *ad_caPkey, *ad_usrCert, *ad_usrPkey;
static AttributeDescription *ad_mail, *ad_ipaddr;
static ObjectClass *oc_caObj, *oc_usrObj;
-/* OpenSSL privatekeys have no single specific format */
-static int
-privateKeyValidate(
- Syntax *syntax,
- struct berval *val )
-{
- BerElementBuffer berbuf;
- BerElement *ber = (BerElement *)&berbuf;
- ber_tag_t tag;
- ber_len_t len;
- ber_int_t version;
-
- ber_init2( ber, val, LBER_USE_DER );
- tag = ber_skip_tag( ber, &len ); /* Sequence */
- if ( tag != LBER_SEQUENCE ) return LDAP_INVALID_SYNTAX;
- tag = ber_peek_tag( ber, &len );
- if ( tag != LBER_INTEGER ) return LDAP_INVALID_SYNTAX;
- tag = ber_get_int( ber, &version );
- /* the rest varies for RSA, DSA, EC, PKCS#8 */
- return LDAP_SUCCESS;
-}
-
-static slap_syntax_defs_rec aca_syntax = {
- "( " ACA_SCHEMA_SYN ".1 DESC 'X.509 Private Key' "
- "X-BINARY-TRANSFER-REQUIRED 'TRUE' "
- "X-NOT-HUMAN-READABLE 'TRUE' )",
- SLAP_SYNTAX_BINARY|SLAP_SYNTAX_BER,
- NULL,
- privateKeyValidate,
- NULL };
-
-static slap_mrule_defs_rec aca_mrule = {
- "( " ACA_SCHEMA_MR ".1 NAME 'privateKeyMatch' "
- "SYNTAX " ACA_SCHEMA_SYN ".1 )",
- SLAP_MR_HIDE | SLAP_MR_EQUALITY, NULL,
- NULL, NULL, octetStringMatch, octetStringIndexer,
- octetStringFilter, NULL };
-
static char *aca_attrs[] = {
- "( " ACA_SCHEMA_AT ".0 NAME 'x509PrivateKey' "
- "DESC 'X.509 private key, use ;binary' "
- "EQUALITY privateKeyMatch "
- "SYNTAX " ACA_SCHEMA_SYN ".1 )",
"( " ACA_SCHEMA_AT ".1 NAME 'cAPrivateKey' "
"DESC 'X.509 CA private key, use ;binary' "
"SUP x509PrivateKey )",
code = config_register_schema( autoca_cfg, autoca_ocs );
if ( code ) return code;
- code = register_syntax( &aca_syntax );
- if ( code ) return code;
-
- code = register_matching_rule( &aca_mrule );
- if ( code ) return code;
-
for ( i=0; aca_attrs[i]; i++ ) {
code = register_at( aca_attrs[i], NULL, 0 );
if ( code ) return code;
if ( code ) return code;
}
-
return overlay_register( &autoca );
}
return LDAP_SUCCESS;
}
+/* accept an OpenSSL-compatible private key */
+static int
+privateKeyValidate(
+ Syntax *syntax,
+ struct berval *val )
+{
+ BerElementBuffer berbuf;
+ BerElement *ber = (BerElement *)&berbuf;
+ ber_tag_t tag;
+ ber_len_t len;
+ ber_int_t version;
+
+ ber_init2( ber, val, LBER_USE_DER );
+ tag = ber_skip_tag( ber, &len ); /* Sequence */
+ if ( tag != LBER_SEQUENCE ) return LDAP_INVALID_SYNTAX;
+ tag = ber_peek_tag( ber, &len );
+ if ( tag != LBER_INTEGER ) return LDAP_INVALID_SYNTAX;
+ tag = ber_get_int( ber, &version );
+ /* the rest varies for RSA, DSA, EC, PKCS#8 */
+ return LDAP_SUCCESS;
+}
+
int
octetStringMatch(
int *matchp,
{"( 1.3.6.1.4.1.4203.666.2.7 DESC 'OpenLDAP authz' )",
SLAP_SYNTAX_HIDE, NULL, authzValidate, authzPretty},
+ /* OpenSSL-compatible Private Keys for X.509 certificates */
+ {"( 1.3.6.1.4.1.4203.666.2.13 DESC 'OpenLDAP privateKey' )",
+ SLAP_SYNTAX_BINARY|SLAP_SYNTAX_BER, NULL, privateKeyValidate, NULL},
{NULL, 0, NULL, NULL, NULL}
};
NULL, NULL,
NULL},
+ {"( 1.3.6.1.4.1.4203.666.4.13 NAME 'privateKeyMatch' "
+ "SYNTAX 1.3.6.1.4.1.4203.666.2.13 )", /* OpenLDAP privateKey */
+ SLAP_MR_HIDE | SLAP_MR_EQUALITY, NULL,
+ NULL, NULL, octetStringMatch,
+ NULL, NULL,
+ NULL},
+
{NULL, SLAP_MR_NONE, NULL,
NULL, NULL, NULL, NULL, NULL,
NULL }
NULL, NULL, NULL, NULL, NULL,
offsetof(struct slap_internal_schema, si_ad_seeAlso) },
+ { "x509PrivateKey", "( 1.3.6.1.4.1.4203.666.1.60 "
+ "NAME 'x509PrivateKey' "
+ "DESC 'X.509 private key, use ;binary' "
+ "EQUALITY privateKeyMatch "
+ "SYNTAX 1.3.6.1.4.1.4203.666.2.13 )",
+ NULL, 0,
+ NULL, NULL,
+ NULL, NULL, NULL, NULL, NULL,
+ offsetof(struct slap_internal_schema, si_ad_x509PrivateKey) },
+
{ NULL, NULL, NULL, 0, NULL, NULL, NULL, NULL, NULL, NULL, NULL, 0 }
};
AttributeDescription *si_ad_description;
AttributeDescription *si_ad_seeAlso;
+ /* privateKeys */
+ AttributeDescription *si_ad_x509PrivateKey;
+
/* Undefined Attribute Type */
AttributeType *si_at_undefined;
projects / openldap / commitdiff