From 074be5fb5aa8cbd09cf88e00f5274a431d6ed344 Mon Sep 17 00:00:00 2001 From: Kurt Zeilenga Date: Thu, 18 May 2000 17:21:42 +0000 Subject: [PATCH] SLAPD_SCHEMA_NOT_COMPAT: numerous changes to syntax flags, mostly minor added new value_normalize() code need LDAPsyntaxes X- field support --- servers/slapd/ad.c | 10 ++--- servers/slapd/ava.c | 12 ++--- servers/slapd/back-ldbm/attr.c | 47 +++++++++++-------- servers/slapd/back-ldbm/filterindex.c | 6 +-- servers/slapd/back-ldbm/index.c | 10 ++--- servers/slapd/compare.c | 12 ++--- servers/slapd/entry.c | 1 + servers/slapd/filter.c | 50 +++++++++++---------- servers/slapd/modify.c | 14 ++++-- servers/slapd/proto-slap.h | 16 ++++--- servers/slapd/schema/core.schema | 25 +++++++---- servers/slapd/schema_init.c | 65 ++++++++++++++++----------- servers/slapd/slap.h | 35 ++++++++++----- servers/slapd/syntax.c | 15 +++++-- servers/slapd/value.c | 45 ++++++++++++++++++- 15 files changed, 235 insertions(+), 128 deletions(-) diff --git a/servers/slapd/ad.c b/servers/slapd/ad.c index ff076944fc..9b9d636c89 100644 --- a/servers/slapd/ad.c +++ b/servers/slapd/ad.c @@ -130,14 +130,12 @@ int slap_bv2ad( for( i=1; tokens[i] != NULL; i++ ) { if( strcasecmp( tokens[i], "binary" ) == 0 ) { - if( desc.ad_flags & SLAP_DESC_BINARY ) { + if( slap_ad_is_binary( &desc ) ) { *text = "option \"binary\" specified multiple times"; goto done; } - if(!( desc.ad_type->sat_syntax->ssyn_flags - & SLAP_SYNTAX_BINARY )) - { + if( !slap_syntax_is_binary( desc.ad_type->sat_syntax )) { /* not stored in binary, disallow option */ *text = "option \"binary\" with type not supported"; goto done; @@ -166,7 +164,7 @@ int slap_bv2ad( desc.ad_cname = ch_malloc( sizeof( struct berval ) ); desc.ad_cname->bv_len = strlen( desc.ad_type->sat_cname ); - if( desc.ad_flags & SLAP_DESC_BINARY ) { + if( slap_ad_is_binary( &desc ) ) { desc.ad_cname->bv_len += sizeof("binary"); } if( desc.ad_lang != NULL ) { @@ -176,7 +174,7 @@ int slap_bv2ad( desc.ad_cname->bv_val = ch_malloc( desc.ad_cname->bv_len + 1 ); strcpy( desc.ad_cname->bv_val, desc.ad_type->sat_cname ); - if( desc.ad_flags & SLAP_DESC_BINARY ) { + if( slap_ad_is_binary( &desc ) ) { strcat( desc.ad_cname->bv_val, ";binary" ); } diff --git a/servers/slapd/ava.c b/servers/slapd/ava.c index 35fba72bfd..6e87c07af5 100644 --- a/servers/slapd/ava.c +++ b/servers/slapd/ava.c @@ -38,10 +38,10 @@ get_ava( ) { int rc; - struct berval type, *value; + struct berval type, value, *nvalue; AttributeAssertion *aa; - rc = ber_scanf( ber, "{oO}", &type, &value ); + rc = ber_scanf( ber, "{oo}", &type, &value ); if( rc == LBER_ERROR ) { Debug( LDAP_DEBUG_ANY, " get_ava ber_scanf\n", 0, 0, 0 ); @@ -56,22 +56,22 @@ get_ava( if( rc != LDAP_SUCCESS ) { ch_free( type.bv_val ); - ber_bvfree( value ); + ch_free( value.bv_val ); ch_free( aa ); return rc; } - rc = value_normalize( aa->aa_desc, usage, value, text ); + rc = value_normalize( aa->aa_desc, usage, &value, &nvalue, text ); + ch_free( value.bv_val ); if( rc != LDAP_SUCCESS ) { ch_free( type.bv_val ); - ber_bvfree( value ); ad_free( aa->aa_desc, 1 ); ch_free( aa ); return rc; } - aa->aa_value = value; + aa->aa_value = nvalue; *ava = aa; return LDAP_SUCCESS; diff --git a/servers/slapd/back-ldbm/attr.c b/servers/slapd/back-ldbm/attr.c index 95d47c2f9c..7e90bee13d 100644 --- a/servers/slapd/back-ldbm/attr.c +++ b/servers/slapd/back-ldbm/attr.c @@ -109,39 +109,50 @@ attr_index_config( if ( argc == 1 ) { a->ai_indexmask = ( SLAP_INDEX_PRESENCE | SLAP_INDEX_EQUALITY | - SLAP_INDEX_APPROX | SLAP_INDEX_SUB); + SLAP_INDEX_APPROX | SLAP_INDEX_SUBSTR); } else { a->ai_indexmask = 0; for ( j = 0; indexes[j] != NULL; j++ ) { - if ( strncasecmp( indexes[j], "pres", 4 ) - == 0 ) { + if ( strncasecmp( indexes[j], + "pres", sizeof("pres")-1 ) == 0 ) + { a->ai_indexmask |= SLAP_INDEX_PRESENCE; - } else if ( strncasecmp( indexes[j], "eq", 2 ) - == 0 ) { + + } else if ( strncasecmp( indexes[j], + "eq", sizeof("eq")-1 ) == 0 ) + { a->ai_indexmask |= SLAP_INDEX_EQUALITY; - } else if ( strncasecmp( indexes[j], "approx", - 6 ) == 0 ) { + + } else if ( strncasecmp( indexes[j], + "approx", sizeof("approx")-1 ) == 0 ) + { a->ai_indexmask |= SLAP_INDEX_APPROX; - } else if ( strncasecmp( indexes[j], "sub", 3 ) - == 0 ) { - a->ai_indexmask |= SLAP_INDEX_SUB; - } else if ( strncasecmp( indexes[j], "none", 4 ) - == 0 ) { + + } else if ( strncasecmp( indexes[j], + "sub", sizeof("sub")-1 ) == 0 ) + { + a->ai_indexmask |= SLAP_INDEX_SUBSTR; + + } else if ( strncasecmp( indexes[j], + "none", sizeof("none")-1 ) == 0 ) + { if ( a->ai_indexmask != 0 ) { - fprintf( stderr, -"%s: line %d: index type \"none\" cannot be combined with other types\n", + fprintf( stderr, "%s: line %d: " + "index type \"none\" cannot be combined with other types\n", fname, lineno ); } a->ai_indexmask = 0; + } else { - fprintf( stderr, - "%s: line %d: unknown index type \"%s\" (ignored)\n", + fprintf( stderr, "%s: line %d: " + "unknown index type \"%s\" (ignored)\n", fname, lineno, indexes[j] ); - fprintf( stderr, - "valid index types are \"pres\", \"eq\", \"approx\", or \"sub\"\n" ); + fprintf( stderr, "\tvalid index types are " + "\"pres\", \"eq\", \"approx\", or \"sub\"\n" ); } } } + if ( init ) { a->ai_indexmask |= SLAP_INDEX_FROMINIT; } diff --git a/servers/slapd/back-ldbm/filterindex.c b/servers/slapd/back-ldbm/filterindex.c index c733f85952..e75d7ebe3a 100644 --- a/servers/slapd/back-ldbm/filterindex.c +++ b/servers/slapd/back-ldbm/filterindex.c @@ -333,7 +333,7 @@ substring_comp_candidates( } buf[SUBLEN] = '\0'; - if ( (idl = index_read( be, type, SLAP_INDEX_SUB, buf )) == NULL ) { + if ( (idl = index_read( be, type, SLAP_INDEX_SUBSTR, buf )) == NULL ) { return( NULL ); } } else if ( prepost == '$' ) { @@ -344,7 +344,7 @@ substring_comp_candidates( buf[SUBLEN - 1] = '$'; buf[SUBLEN] = '\0'; - if ( (idl = index_read( be, type, SLAP_INDEX_SUB, buf )) == NULL ) { + if ( (idl = index_read( be, type, SLAP_INDEX_SUBSTR, buf )) == NULL ) { return( NULL ); } } @@ -355,7 +355,7 @@ substring_comp_candidates( } buf[SUBLEN] = '\0'; - if ( (tmp = index_read( be, type, SLAP_INDEX_SUB, buf )) == NULL ) { + if ( (tmp = index_read( be, type, SLAP_INDEX_SUBSTR, buf )) == NULL ) { idl_free( idl ); return( NULL ); } diff --git a/servers/slapd/back-ldbm/index.c b/servers/slapd/back-ldbm/index.c index 05afcf2dcc..27ecee0222 100644 --- a/servers/slapd/back-ldbm/index.c +++ b/servers/slapd/back-ldbm/index.c @@ -371,7 +371,7 @@ index_change_values( /* * substrings index entry */ - if ( indexmask & SLAP_INDEX_SUB ) { + if ( indexmask & SLAP_INDEX_SUBSTR ) { /* leading and trailing */ if ( len > SUBLEN - 2 ) { buf[0] = '^'; @@ -380,7 +380,7 @@ index_change_values( } buf[SUBLEN] = '\0'; - change_value( be, db, at_cn, SLAP_INDEX_SUB, + change_value( be, db, at_cn, SLAP_INDEX_SUBSTR, buf, id, idl_funct ); p = val + len - SUBLEN + 1; @@ -390,7 +390,7 @@ index_change_values( buf[SUBLEN - 1] = '$'; buf[SUBLEN] = '\0'; - change_value( be, db, at_cn, SLAP_INDEX_SUB, + change_value( be, db, at_cn, SLAP_INDEX_SUBSTR, buf, id, idl_funct ); } @@ -401,7 +401,7 @@ index_change_values( } buf[SUBLEN] = '\0'; - change_value( be, db, at_cn, SLAP_INDEX_SUB, + change_value( be, db, at_cn, SLAP_INDEX_SUBSTR, buf, id, idl_funct ); } } @@ -430,7 +430,7 @@ index2prefix( int indextype ) case SLAP_INDEX_APPROX: prefix = APPROX_PREFIX; break; - case SLAP_INDEX_SUB: + case SLAP_INDEX_SUBSTR: prefix = SUB_PREFIX; break; default: diff --git a/servers/slapd/compare.c b/servers/slapd/compare.c index 4e228a618c..ae91f7631d 100644 --- a/servers/slapd/compare.c +++ b/servers/slapd/compare.c @@ -33,15 +33,15 @@ do_compare( char *dn = NULL, *ndn=NULL; struct berval desc; struct berval value; - Backend *be; - int rc = LDAP_SUCCESS; - char *text = NULL; #ifdef SLAPD_SCHEMA_NOT_COMPAT + struct berval *nvalue; AttributeAssertion ava; - ava.aa_desc = NULL; #else Ava ava; #endif + Backend *be; + int rc = LDAP_SUCCESS; + char *text = NULL; desc.bv_val = NULL; value.bv_val = NULL; @@ -106,7 +106,7 @@ do_compare( goto cleanup; } - rc = value_normalize( ava.aa_desc, SLAP_MR_EQUALITY, &value, &text ); + rc = value_normalize( ava.aa_desc, SLAP_MR_EQUALITY, &value, &nvalue, &text ); if( rc != LDAP_SUCCESS ) { send_ldap_result( conn, op, rc, NULL, @@ -114,7 +114,7 @@ do_compare( goto cleanup; } - ava.aa_value = &value; + ava.aa_value = nvalue; Debug( LDAP_DEBUG_ARGS, "do_compare: dn (%s) attr (%s) value (%s)\n", dn, ava.aa_desc->ad_cname, ava.aa_value->bv_val ); diff --git a/servers/slapd/entry.c b/servers/slapd/entry.c index 56d0947c82..dc3ae72ac0 100644 --- a/servers/slapd/entry.c +++ b/servers/slapd/entry.c @@ -121,6 +121,7 @@ str2entry( char *s ) bval.bv_val = value; bval.bv_len = vlen; + #ifdef SLAPD_SCHEMA_NOT_COMPAT /* not yet implemented */ #else diff --git a/servers/slapd/filter.c b/servers/slapd/filter.c index 7157aa3d98..2f83a3fd1f 100644 --- a/servers/slapd/filter.c +++ b/servers/slapd/filter.c @@ -230,7 +230,7 @@ get_filter( Debug( LDAP_DEBUG_FILTER, "APPROX\n", 0, 0, 0 ); #ifdef SLAPD_SCHEMA_NOT_COMPAT - err = get_ava( ber, &f->f_ava, SLAP_MR_APPROX, text ); + err = get_ava( ber, &f->f_ava, SLAP_MR_EQUALITY_APPROX, text ); #else err = get_ava( ber, &f->f_ava, text ); #endif @@ -374,7 +374,8 @@ get_substring_filter( ber_tag_t tag; ber_len_t len; ber_tag_t rc; - struct berval *val; + struct berval *value; + struct berval *nvalue; char *last; struct berval type; #ifndef SLAPD_SCHEMA_NOT_COMPAT @@ -431,14 +432,14 @@ get_substring_filter( { unsigned usage; - rc = ber_scanf( ber, "O", &val ); + rc = ber_scanf( ber, "O", &value ); if ( rc == LBER_ERROR ) { rc = SLAPD_DISCONNECT; goto return_error; } - if ( val == NULL || val->bv_len == 0 ) { - ber_bvfree( val ); + if ( value == NULL || value->bv_len == 0 ) { + ber_bvfree( value ); rc = LDAP_INVALID_SYNTAX; goto return_error; } @@ -464,22 +465,24 @@ get_substring_filter( " unknown substring choice=%ld\n", (long) tag, 0, 0 ); - ber_bvfree( val ); + ber_bvfree( value ); goto return_error; } - rc = value_normalize( f->f_sub_desc, usage, val, text ); + rc = value_normalize( f->f_sub_desc, usage, value, &nvalue, text ); + ber_bvfree( value ); if( rc != LDAP_SUCCESS ) { - ber_bvfree( val ); goto return_error; } + + value = nvalue; #else /* we should call a substring syntax normalization routine */ - value_normalize( val->bv_val, syntax ); + value_normalize( value->bv_val, syntax ); /* this is bogus, value_normalize should take a berval */ - val->bv_len = strlen( val->bv_val ); + value->bv_len = strlen( value->bv_val ); #endif rc = LDAP_PROTOCOL_ERROR; @@ -488,48 +491,47 @@ get_substring_filter( case LDAP_SUBSTRING_INITIAL: Debug( LDAP_DEBUG_FILTER, " INITIAL\n", 0, 0, 0 ); if ( f->f_sub_initial != NULL ) { - ber_bvfree( val ); + ber_bvfree( value ); goto return_error; } - - f->f_sub_initial = val; + f->f_sub_initial = value; if( fstr ) { *fstr = ch_realloc( *fstr, - strlen( *fstr ) + val->bv_len + 1 ); - strcat( *fstr, val->bv_val ); + strlen( *fstr ) + value->bv_len + 1 ); + strcat( *fstr, value->bv_val ); } break; case LDAP_SUBSTRING_ANY: Debug( LDAP_DEBUG_FILTER, " ANY\n", 0, 0, 0 ); - if( ber_bvecadd( &f->f_sub_any, val ) < 0 ) { - ber_bvfree( val ); + if( ber_bvecadd( &f->f_sub_any, value ) < 0 ) { + ber_bvfree( value ); goto return_error; } if( fstr ) { *fstr = ch_realloc( *fstr, - strlen( *fstr ) + val->bv_len + 2 ); + strlen( *fstr ) + value->bv_len + 2 ); strcat( *fstr, "*" ); - strcat( *fstr, val->bv_val ); + strcat( *fstr, value->bv_val ); } break; case LDAP_SUBSTRING_FINAL: Debug( LDAP_DEBUG_FILTER, " FINAL\n", 0, 0, 0 ); if ( f->f_sub_final != NULL ) { - ber_bvfree( val ); + ber_bvfree( value ); goto return_error; } - f->f_sub_final = val; + f->f_sub_final = value; if( fstr ) { *fstr = ch_realloc( *fstr, - strlen( *fstr ) + val->bv_len + 2 ); + strlen( *fstr ) + value->bv_len + 2 ); strcat( *fstr, "*" ); - strcat( *fstr, val->bv_val ); + strcat( *fstr, value->bv_val ); } break; @@ -538,7 +540,7 @@ get_substring_filter( " unknown substring type=%ld\n", (long) tag, 0, 0 ); - ber_bvfree( val ); + ber_bvfree( value ); return_error: Debug( LDAP_DEBUG_FILTER, " error=%ld\n", diff --git a/servers/slapd/modify.c b/servers/slapd/modify.c index 181ccd8150..8c96cb2abb 100644 --- a/servers/slapd/modify.c +++ b/servers/slapd/modify.c @@ -313,8 +313,8 @@ int slap_modlist2mods( return rc; } - if((ad->ad_type->sat_syntax->ssyn_flags & SLAP_SYNTAX_BINARY) - && !( ad->ad_flags & SLAP_DESC_BINARY )) + if( slap_syntax_is_binary( ad->ad_type->sat_syntax ) + && !slap_ad_is_binary( ad )) { /* attribute requires binary transfer */ slap_mods_free( mod ); @@ -322,6 +322,15 @@ int slap_modlist2mods( return LDAP_UNDEFINED_TYPE; } + if( !slap_syntax_is_binary( ad->ad_type->sat_syntax ) + && slap_ad_is_binary( ad )) + { + /* attribute requires binary transfer */ + slap_mods_free( mod ); + *text = "attribute disallows ;binary transfer"; + return LDAP_UNDEFINED_TYPE; + } + if (!update && is_at_no_user_mod( ad->ad_type )) { /* user modification disallowed */ slap_mods_free( mod ); @@ -378,7 +387,6 @@ int slap_mods_opattrs( Modifications **modtail, char **text ) { - int rc; struct berval name, timestamp; time_t now = slap_get_time(); char timebuf[22]; diff --git a/servers/slapd/proto-slap.h b/servers/slapd/proto-slap.h index 8c01755157..8229f22ee2 100644 --- a/servers/slapd/proto-slap.h +++ b/servers/slapd/proto-slap.h @@ -569,7 +569,9 @@ LIBSLAPD_F (int) oc_add LDAP_P((LDAP_OBJECT_CLASS *oc, const char **err)); LIBSLAPD_F (Syntax *) syn_find LDAP_P((const char *synname)); LIBSLAPD_F (Syntax *) syn_find_desc LDAP_P((const char *syndesc, int *slen)); -LIBSLAPD_F (int) syn_add LDAP_P((LDAP_SYNTAX *syn, int flags, +LIBSLAPD_F (int) syn_add LDAP_P(( + LDAP_SYNTAX *syn, + unsigned flags, slap_syntax_validate_func *validate, slap_syntax_transform_func *ber2str, slap_syntax_transform_func *str2ber, @@ -585,12 +587,15 @@ LIBSLAPD_F (int) mr_add LDAP_P((LDAP_MATCHING_RULE *mr, slap_mr_filter_func *filter, const char **err)); -LIBSLAPD_F (int) register_syntax LDAP_P((char *desc, int flags, +LIBSLAPD_F (int) register_syntax LDAP_P(( + char *desc, + unsigned flags, slap_syntax_validate_func *validate, slap_syntax_transform_func *ber2str, slap_syntax_transform_func *str2ber )); -LIBSLAPD_F (int) register_matching_rule LDAP_P((char * desc, +LIBSLAPD_F (int) register_matching_rule LDAP_P(( + char * desc, unsigned usage, slap_mr_convert_func *convert, slap_mr_normalize_func *normalize, @@ -667,15 +672,16 @@ LIBSLAPD_F (char *) suffix_alias LDAP_P(( Backend *be, char *ndn )); LIBSLAPD_F (int) value_normalize LDAP_P(( AttributeDescription *ad, unsigned usage, - struct berval *val, + struct berval *in, + struct berval **out, char ** text )); #else LIBSLAPD_F (int) value_add_fast LDAP_P(( struct berval ***vals, struct berval **addvals, int nvals, int naddvals, int *maxvals )); -LIBSLAPD_F (int) value_add LDAP_P(( struct berval ***vals, struct berval **addvals )); LIBSLAPD_F (void) value_normalize LDAP_P(( char *s, int syntax )); LIBSLAPD_F (int) value_cmp LDAP_P(( struct berval *v1, struct berval *v2, int syntax, int normalize )); LIBSLAPD_F (int) value_find LDAP_P(( struct berval **vals, struct berval *v, int syntax, int normalize )); #endif +LIBSLAPD_F (int) value_add LDAP_P(( struct berval ***vals, struct berval **addvals )); /* * user.c diff --git a/servers/slapd/schema/core.schema b/servers/slapd/schema/core.schema index 40b7bf0bcc..06cfe644b1 100644 --- a/servers/slapd/schema/core.schema +++ b/servers/slapd/schema/core.schema @@ -82,14 +82,6 @@ attributetype ( 1.3.6.1.4.1.1466.101.120.14 NAME 'supportedSASLMechanisms' attributetype ( 1.3.6.1.4.1.1466.101.120.15 NAME 'supportedLDAPVersion' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 USAGE dSAOperation ) -attributetype ( supportedACIMechanismsOID NAME 'supportedACIMechanisms' - DESC 'list of access control mechanisms supported by this directory server' - SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 USAGE dSAOperation ) - -attributetype ( aCIMechanismOID NAME 'aCIMechanism' - DESC 'list of access control mechanism supported in this subtree' - SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 USAGE dSAOperation ) - # LDAP Subschema Atrribute from RFC2252 attributetype ( 1.3.6.1.4.1.1466.101.120.16 NAME 'ldapSyntaxes' @@ -588,3 +580,20 @@ objectclass ( 1.3.6.1.4.1.4203.666.3.2 NAME ( 'OpenLDAProotDSE' 'LDAProotDSE' ) DESC 'OpenLDAP Root DSE object' SUP top STRUCTURAL MAY cn ) + +# +# IETF LDAPext WG Access Control Model +# likely to change! +attributetype ( supportedACIMechanismsOID NAME 'supportedACIMechanisms' + DESC 'list of access control mechanisms supported by this directory server' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 USAGE dSAOperation ) + +attributetype ( aCIMechanismOID NAME 'aCIMechanism' + DESC 'list of access control mechanism supported in this subtree' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 USAGE dSAOperation ) + +attributetype ( ldapACIOID NAME 'ldapACI' + DESC 'LDAP access control information' + EQUALITY caseIgnoreMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + USAGE directoryOperation ) diff --git a/servers/slapd/schema_init.c b/servers/slapd/schema_init.c index abbdfc8caa..c6ec2dda39 100644 --- a/servers/slapd/schema_init.c +++ b/servers/slapd/schema_init.c @@ -16,8 +16,9 @@ #include "slap.h" #include "ldap_pvt.h" +#define berValidate blobValidate static int -octetStringValidate( +blobValidate( Syntax *syntax, struct berval *in ) { @@ -150,18 +151,21 @@ IA5StringConvert( struct berval *in, struct berval **out ) { - ber_len_t i; + ldap_unicode_t *u; + ber_len_t i, len = in->bv_len; struct berval *bv = ch_malloc( sizeof(struct berval) ); - bv->bv_len = (in->bv_len+1) * sizeof( ldap_unicode_t ); - bv->bv_val = ch_malloc( bv->bv_len ); - for(i=0; i < in->bv_len; i++ ) { + bv->bv_len = len * sizeof( ldap_unicode_t ); + bv->bv_val = (char *) u = ch_malloc( bv->bv_len + sizeof( ldap_unicode_t ) );; + + for(i=0; i < len; i++ ) { /* * IA5StringValidate should have been called to ensure * input is limited to IA5. */ - bv->bv_val[i] = in->bv_val[i]; + u[i] = in->bv_val[i]; } + u[i] = 0; *out = bv; return 0; @@ -269,27 +273,33 @@ struct syntax_defs_rec { slap_syntax_transform_func *sd_str2ber; }; +#define X_BINARY "" +#define X_NOT_H_R "" + struct syntax_defs_rec syntax_defs[] = { - {"( 1.3.6.1.4.1.1466.115.121.1.1 DESC 'ACI Item' )", - SLAP_SYNTAX_BINARY, NULL, NULL, NULL}, - {"( 1.3.6.1.4.1.1466.115.121.1.2 DESC 'Access Point' )", - SLAP_SYNTAX_BINARY, NULL, NULL, NULL}, + {"( 1.3.6.1.4.1.1466.115.121.1.1 DESC 'ACI Item' " X_BINARY X_NOT_H_R ")", + SLAP_SYNTAX_BINARY|SLAP_SYNTAX_BER, NULL, NULL, NULL}, + {"( 1.3.6.1.4.1.1466.115.121.1.2 DESC 'Access Point' " X_NOT_H_R ")", + 0, NULL, NULL, NULL}, {"( 1.3.6.1.4.1.1466.115.121.1.3 DESC 'Attribute Type Description' )", 0, NULL, NULL, NULL}, - {"( 1.3.6.1.4.1.1466.115.121.1.4 DESC 'Audio' )", - SLAP_SYNTAX_BINARY, NULL, NULL, NULL}, - {"( 1.3.6.1.4.1.1466.115.121.1.5 DESC 'Binary' )", - SLAP_SYNTAX_BINARY, NULL, NULL, NULL}, + {"( 1.3.6.1.4.1.1466.115.121.1.4 DESC 'Audio' " X_NOT_H_R ")", + SLAP_SYNTAX_BLOB, blobValidate, NULL, NULL}, + {"( 1.3.6.1.4.1.1466.115.121.1.5 DESC 'Binary' " X_BINARY X_NOT_H_R ")", + SLAP_SYNTAX_BER, berValidate, NULL, NULL}, {"( 1.3.6.1.4.1.1466.115.121.1.6 DESC 'Bit String' )", 0, NULL, NULL, NULL}, {"( 1.3.6.1.4.1.1466.115.121.1.7 DESC 'Boolean' )", 0, NULL, NULL, NULL}, - {"( 1.3.6.1.4.1.1466.115.121.1.8 DESC 'Certificate' )", - SLAP_SYNTAX_BINARY, NULL, NULL, NULL}, - {"( 1.3.6.1.4.1.1466.115.121.1.9 DESC 'Certificate List' )", - SLAP_SYNTAX_BINARY, NULL, NULL, NULL}, - {"( 1.3.6.1.4.1.1466.115.121.1.10 DESC 'Certificate Pair' )", - SLAP_SYNTAX_BINARY, NULL, NULL, NULL}, + {"( 1.3.6.1.4.1.1466.115.121.1.8 DESC 'Certificate' " + X_BINARY X_NOT_H_R ")", + SLAP_SYNTAX_BINARY|SLAP_SYNTAX_BER, berValidate, NULL, NULL}, + {"( 1.3.6.1.4.1.1466.115.121.1.9 DESC 'Certificate List' " + X_BINARY X_NOT_H_R ")", + SLAP_SYNTAX_BINARY|SLAP_SYNTAX_BER, berValidate, NULL, NULL}, + {"( 1.3.6.1.4.1.1466.115.121.1.10 DESC 'Certificate Pair' + " X_BINARY X_NOT_H_R ")", + SLAP_SYNTAX_BINARY|SLAP_SYNTAX_BER, berValidate, NULL, NULL}, {"( 1.3.6.1.4.1.1466.115.121.1.11 DESC 'Country String' )", 0, NULL, NULL, NULL}, {"( 1.3.6.1.4.1.1466.115.121.1.12 DESC 'DN' )", @@ -312,8 +322,8 @@ struct syntax_defs_rec syntax_defs[] = { 0, NULL, NULL, NULL}, {"( 1.3.6.1.4.1.1466.115.121.1.22 DESC 'Facsimile Telephone Number' )", 0, NULL, NULL, NULL}, - {"( 1.3.6.1.4.1.1466.115.121.1.23 DESC 'Fax' )", - SLAP_SYNTAX_BINARY, NULL, NULL, NULL}, + {"( 1.3.6.1.4.1.1466.115.121.1.23 DESC 'Fax' " X_NOT_H_R ")", + SLAP_SYNTAX_BLOB, NULL, NULL, NULL}, {"( 1.3.6.1.4.1.1466.115.121.1.24 DESC 'Generalized Time' )", 0, NULL, NULL, NULL}, {"( 1.3.6.1.4.1.1466.115.121.1.25 DESC 'Guide' )", @@ -322,8 +332,8 @@ struct syntax_defs_rec syntax_defs[] = { 0, IA5StringValidate, NULL, NULL}, {"( 1.3.6.1.4.1.1466.115.121.1.27 DESC 'Integer' )", 0, NULL, NULL, NULL}, - {"( 1.3.6.1.4.1.1466.115.121.1.28 DESC 'JPEG' )", - SLAP_SYNTAX_BINARY, NULL, NULL, NULL}, + {"( 1.3.6.1.4.1.1466.115.121.1.28 DESC 'JPEG' " X_NOT_H_R ")", + SLAP_SYNTAX_BLOB, NULL, NULL, NULL}, {"( 1.3.6.1.4.1.1466.115.121.1.29 DESC 'Master And Shadow Access Points' )", 0, NULL, NULL, NULL}, {"( 1.3.6.1.4.1.1466.115.121.1.30 DESC 'Matching Rule Description' )", @@ -347,7 +357,7 @@ struct syntax_defs_rec syntax_defs[] = { {"( 1.3.6.1.4.1.1466.115.121.1.39 DESC 'Other Mailbox' )", 0, NULL, NULL, NULL}, {"( 1.3.6.1.4.1.1466.115.121.1.40 DESC 'Octet String' )", - 0, octetStringValidate, NULL, NULL}, + NULL, blobValidate, NULL, NULL}, {"( 1.3.6.1.4.1.1466.115.121.1.41 DESC 'Postal Address' )", 0, NULL, NULL, NULL}, {"( 1.3.6.1.4.1.1466.115.121.1.42 DESC 'Protocol Information' )", @@ -356,8 +366,9 @@ struct syntax_defs_rec syntax_defs[] = { 0, NULL, NULL, NULL}, {"( 1.3.6.1.4.1.1466.115.121.1.44 DESC 'Printable String' )", 0, NULL, NULL, NULL}, - {"( 1.3.6.1.4.1.1466.115.121.1.49 DESC 'Supported Algorithm' )", - SLAP_SYNTAX_BINARY, NULL, NULL, NULL}, + {"( 1.3.6.1.4.1.1466.115.121.1.49 DESC 'Supported Algorithm' " + X_BINARY X_NOT_H_R ")", + SLAP_SYNTAX_BINARY|SLAP_SYNTAX_BER, berValidate, NULL, NULL}, {"( 1.3.6.1.4.1.1466.115.121.1.50 DESC 'Telephone Number' )", 0, NULL, NULL, NULL}, {"( 1.3.6.1.4.1.1466.115.121.1.51 DESC 'Teletex Terminal Identifier' )", diff --git a/servers/slapd/slap.h b/servers/slapd/slap.h index 69b541c537..69e08bf0dc 100644 --- a/servers/slapd/slap.h +++ b/servers/slapd/slap.h @@ -105,7 +105,7 @@ LIBSLAPD_F (int) slap_debug; #define SLAP_INDEX_PRESENCE 0x0001U #define SLAP_INDEX_EQUALITY 0x0002U #define SLAP_INDEX_APPROX 0x0004U -#define SLAP_INDEX_SUB 0x0008U +#define SLAP_INDEX_SUBSTR 0x0008U #define SLAP_INDEX_EXTENDED 0x0010U #define SLAP_INDEX_UNDEFINED 0x1000U #define SLAP_INDEX_FROMINIT 0x8000U /* psuedo type */ @@ -147,22 +147,32 @@ typedef int slap_syntax_transform_func LDAP_P(( typedef struct slap_syntax { LDAP_SYNTAX ssyn_syn; +#define ssyn_oid ssyn_syn.syn_oid +#define ssyn_desc ssyn_syn.syn_desc + unsigned ssyn_flags; #define SLAP_SYNTAX_NONE 0x0U -#define SLAP_SYNTAX_BINARY 0x1U +#define SLAP_SYNTAX_BLOB 0x1U /* syntax treated as blob (audio) */ +#define SLAP_SYNTAX_BINARY 0x2U /* binary transfer required (certificate) */ +#define SLAP_SYNTAX_BER 0x4U /* stored using BER encoding (binary,certificate) */ slap_syntax_validate_func *ssyn_validate; +#ifdef SLAPD_BINARY_CONVERSION /* convert to and from binary */ slap_syntax_transform_func *ssyn_ber2str; slap_syntax_transform_func *ssyn_str2ber; +#endif struct slap_syntax *ssyn_next; -#define ssyn_oid ssyn_syn.syn_oid -#define ssyn_desc ssyn_syn.syn_desc } Syntax; +#define slap_syntax_is_flag(s,flag) ((int)((s)->ssyn_flags & (flag)) ? 1 : 0) +#define slap_syntax_is_blob(s) slap_syntax_is_flag((s),SLAP_SYNTAX_BLOB) +#define slap_syntax_is_binary(s) slap_syntax_is_flag((s),SLAP_SYNTAX_BINARY) +#define slap_syntax_is_ber(s) slap_syntax_is_flag((s),SLAP_SYNTAX_BER) + /* XXX -> UCS-2 Converter */ typedef int slap_mr_convert_func LDAP_P(( struct berval * in, @@ -211,14 +221,15 @@ typedef struct slap_matching_rule { #define SLAP_MR_NONE 0x0000U #define SLAP_MR_EQUALITY 0x0100U -#define SLAP_MR_APPROX 0x0200U -#define SLAP_MR_ORDERING 0x0400U -#define SLAP_MR_SUBSTR 0x0800U -#define SLAP_MR_EXT 0x1000U +#define SLAP_MR_ORDERING 0x0200U +#define SLAP_MR_SUBSTR 0x0400U +#define SLAP_MR_EXT 0x0800U -#define SLAP_MR_SUBSTR_INITIAL (SLAP_MR_SUBSTR | 0x0001U ) -#define SLAP_MR_SUBSTR_ANY (SLAP_MR_SUBSTR | 0x0002U ) -#define SLAP_MR_SUBSTR_FINAL (SLAP_MR_SUBSTR | 0x0004U ) +#define SLAP_MR_EQUALITY_APPROX ( SLAP_MR_EQUALITY | 0x0001U ) + +#define SLAP_MR_SUBSTR_INITIAL ( SLAP_MR_SUBSTR | 0x0001U ) +#define SLAP_MR_SUBSTR_ANY ( SLAP_MR_SUBSTR | 0x0002U ) +#define SLAP_MR_SUBSTR_FINAL ( SLAP_MR_SUBSTR | 0x0004U ) Syntax *smr_syntax; slap_mr_convert_func *smr_convert; @@ -300,6 +311,8 @@ typedef struct slap_attr_desc { #define SLAP_DESC_BINARY 0x1U } AttributeDescription; +#define slap_ad_is_binary(ad) ( (int)((ad)->ad_flags & SLAP_DESC_BINARY) ? 1 : 0 ) + /* * pointers to schema elements used internally */ diff --git a/servers/slapd/syntax.c b/servers/slapd/syntax.c index 3d151a9a51..ef968fb189 100644 --- a/servers/slapd/syntax.c +++ b/servers/slapd/syntax.c @@ -102,7 +102,7 @@ syn_insert( int syn_add( LDAP_SYNTAX *syn, - int flags, + unsigned flags, slap_syntax_validate_func *validate, slap_syntax_transform_func *ber2str, slap_syntax_transform_func *str2ber, @@ -113,20 +113,27 @@ syn_add( int code; ssyn = (Syntax *) ch_calloc( 1, sizeof(Syntax) ); - memcpy( &ssyn->ssyn_syn, syn, sizeof(LDAP_SYNTAX)); + + memcpy( &ssyn->ssyn_syn, syn, sizeof(LDAP_SYNTAX) ); + + ssyn->ssyn_next = NULL; ssyn->ssyn_flags = flags; ssyn->ssyn_validate = validate; + +#ifdef SLAPD_BINARY_CONVERSION ssyn->ssyn_ber2str = ber2str; ssyn->ssyn_str2ber = str2ber; +#endif - code = syn_insert(ssyn,err); + code = syn_insert(ssyn, err); return code; } int register_syntax( - char * desc, int flags, + char * desc, + unsigned flags, slap_syntax_validate_func *validate, slap_syntax_transform_func *ber2str, slap_syntax_transform_func *str2ber ) diff --git a/servers/slapd/value.c b/servers/slapd/value.c index cc42578a64..9c92260701 100644 --- a/servers/slapd/value.c +++ b/servers/slapd/value.c @@ -92,10 +92,51 @@ int value_normalize( AttributeDescription *ad, unsigned usage, - struct berval *val, + struct berval *in, + struct berval **out, char **text ) { - /* not yet implemented */ + int rc; + MatchingRule *mr; + + switch( usage & SLAP_MR_TYPE_MASK ) { + case SLAP_MR_NONE: + case SLAP_MR_EQUALITY: + mr = ad->ad_type->sat_equality; + break; + case SLAP_MR_ORDERING: + mr = ad->ad_type->sat_ordering; + break; + case SLAP_MR_SUBSTR: + mr = ad->ad_type->sat_substr; + break; + case SLAP_MR_EXT: + default: + assert( 0 ); + *text = "internal error"; + return LDAP_OTHER; + } + + if( mr == NULL ) { + *text = "inappropriate matching request"; + return LDAP_INAPPROPRIATE_MATCHING; + } + + /* we only support equality matching of binary attributes */ + if( slap_ad_is_binary( ad ) && usage != SLAP_MR_EQUALITY ) { + *text = "inappropriate binary matching"; + return LDAP_INAPPROPRIATE_MATCHING; + } + + rc = (mr->smr_normalize)( usage, + ad->ad_type->sat_syntax, + mr, in, out ); + + if( rc != LDAP_SUCCESS ) { + *text = "unable to normalize value"; + return LDAP_INVALID_SYNTAX; + } + return LDAP_SUCCESS; } -- 2.39.5