From 28a967584db30c90597c16d16cd68a503ea70e1a Mon Sep 17 00:00:00 2001 From: Sang Seok Lim Date: Mon, 20 Dec 2004 03:31:44 +0000 Subject: [PATCH] Component Indexing support for BDB - only for equality matching - only components of ASN.1 types used in an X.509 certificate can be indexed (composite types except for RDN and DN are not supported yet) - how to use index [attribute name].[component reference] eq Ex) index userCertificate eq index userCertificate.toBeSigned.issuer.rdnSequence eq index userCertificate.toBeSigned.serialNumber eq index userCertificate.toBeSigned.version eq --- contrib/slapd-modules/comp_match/README | 6 +- contrib/slapd-modules/comp_match/asn.h | 2 +- .../slapd-modules/comp_match/asn_to_syn_mr.c | 127 ++++++++- .../comp_match/authorityKeyIdentifier.c | 8 +- .../slapd-modules/comp_match/certificate.asn1 | 2 +- .../slapd-modules/comp_match/certificate.c | 47 ++-- .../slapd-modules/comp_match/certificate.h | 2 +- .../slapd-modules/comp_match/componentlib.c | 168 ++++++++---- .../slapd-modules/comp_match/componentlib.h | 48 +++- contrib/slapd-modules/comp_match/init.c | 159 +++++++++-- servers/slapd/attr.c | 6 +- servers/slapd/back-bdb/attr.c | 68 ++++- servers/slapd/back-bdb/filterindex.c | 253 +++++++++++++++++- servers/slapd/back-bdb/index.c | 78 ++++++ servers/slapd/component.c | 111 ++++++-- servers/slapd/proto-slap.h | 9 + servers/slapd/slap.h | 30 ++- tests/scripts/test031-component-filter | 26 +- 18 files changed, 1014 insertions(+), 136 deletions(-) diff --git a/contrib/slapd-modules/comp_match/README b/contrib/slapd-modules/comp_match/README index 846706ff4e..23d87cb95e 100644 --- a/contrib/slapd-modules/comp_match/README +++ b/contrib/slapd-modules/comp_match/README @@ -81,7 +81,5 @@ have been tested successfully. But this is currently under development. before using it, don't forget to check following status of development, 1) Not all ASN.1 types are supported yet. See componentlib.c to check which ASN.1 types are currently supported -2) Component version of GSER encoders are not supported yet -3) Not all ComponentId of a component reference are supported yet -supported : identifier, from-beginning, count, from-end, -not supported : select, content +2) Component version of GSER encoders are partly supported(primitive types +used in an X.509 certificate) diff --git a/contrib/slapd-modules/comp_match/asn.h b/contrib/slapd-modules/comp_match/asn.h index 0bc27c081c..de63c0a2f1 100644 --- a/contrib/slapd-modules/comp_match/asn.h +++ b/contrib/slapd-modules/comp_match/asn.h @@ -14,7 +14,7 @@ typedef enum { BER, GSER } EncRulesType; typedef enum AsnTypeId { - BASICTYPE_BOOLEAN, + BASICTYPE_BOOLEAN = 0, BASICTYPE_INTEGER, BASICTYPE_BITSTRING, BASICTYPE_OCTETSTRING, diff --git a/contrib/slapd-modules/comp_match/asn_to_syn_mr.c b/contrib/slapd-modules/comp_match/asn_to_syn_mr.c index 718dcb7e84..930b39cba7 100644 --- a/contrib/slapd-modules/comp_match/asn_to_syn_mr.c +++ b/contrib/slapd-modules/comp_match/asn_to_syn_mr.c @@ -1,8 +1,8 @@ -#include "component.h" +#include #include "asn.h" #include "componentlib.h" -AsnTypetoMatchingRuleTable directory_component_matching_table = { +AsnTypetoMatchingRuleTable directory_component_matching_table[] = { "1.2.36.79672281.1.13.7", { { BASICTYPE_BOOLEAN,NULL,"1.3.6.1.4.1.1466.115.121.1.7", NULL }, @@ -41,7 +41,7 @@ AsnTypetoMatchingRuleTable directory_component_matching_table = { NULL }; -struct asntype_to_syntax asn_to_syntax_mapping_tbl[] = { +AsnTypetoSyntax asn_to_syntax_mapping_tbl[] = { { BASICTYPE_BOOLEAN,"Boolean","1.3.6.1.4.1.1466.115.121.1.7", NULL }, { BASICTYPE_INTEGER,"Integer","1.3.6.1.4.1.1466.115.121.1.27", NULL }, { BASICTYPE_BITSTRING,"Bit String","1.3.6.1.4.1.1466.115.121.1.6", NULL }, @@ -77,3 +77,124 @@ struct asntype_to_syntax asn_to_syntax_mapping_tbl[] = { { ASN_COMP_CERTIFICATE, "componentCertificate", "1.2.36.79672281.1.5.2" , NULL }, { ASNTYPE_END , NULL , NULL, NULL } }; + +/* + * This table describes relationship between an ASN.1 type and its + * potential matching rules such as equality, approx, ordering, and substring + * Based on the description of this table, the following ComponentType + * table is initialized + */ +AsnTypetoCompMatchingRule asntype_to_compMR_mapping_tbl[] = { +{ BASICTYPE_BOOLEAN, "booleanMatch", NULL, NULL, NULL }, +{ BASICTYPE_INTEGER, "integerMatch", NULL, "integerOrderingMatch", NULL }, +{ BASICTYPE_BITSTRING, "bitStringMatch", NULL, NULL, NULL }, +{ BASICTYPE_OCTETSTRING, "octetStringMatch", NULL, "octetStringOrderingMatch", NULL }, +{ BASICTYPE_NULL, NULL, NULL, NULL, NULL }, +{ BASICTYPE_OID, "objectIdentifierMatch", NULL, NULL, NULL }, +{ BASICTYPE_REAL, NULL, NULL, NULL, NULL }, +{ BASICTYPE_ENUMERATED, "integerMatch", NULL, "integerOrderingMatch", NULL }, +{ BASICTYPE_NUMERIC_STR, "numericStringMatch", NULL, "numericStringOrderingMatch", "numericStringSubstringsMatch"}, +{ BASICTYPE_PRINTABLE_STR, "caseIgnoreMatch", "directoryStringApproxMatch", "caseIgnoreOrderingMatch", "caseIgnoreSubstringsMatch" }, +{ BASICTYPE_UNIVERSAL_STR, "caseIgnoreMatch", "directoryStringApproxMatch", "caseIgnoreOrderingMatch", "caseIgnoreSubstringsMatch" }, +{ BASICTYPE_IA5_STR, "caseIgnoreMatch", "IA5StringApproxMatch", "caseIgnoreOrderingMatch", "caseIgnoreSubstringsMatch" }, +{ BASICTYPE_BMP_STR, "caseIgnoreMatch", "directoryStringApproxMatch", "caseIgnoreOrderingMatch", "caseIgnoreSubstringsMatch" }, +{ BASICTYPE_UTF8_STR, "caseIgnoreMatch", "directoryStringApproxMatch", "caseIgnoreOrderingMatch", "caseIgnoreSubstringsMatch" }, +{ BASICTYPE_UTCTIME, NULL, NULL, NULL, NULL }, +{ BASICTYPE_GENERALIZEDTIME, NULL, NULL, NULL, NULL }, +{ BASICTYPE_GRAPHIC_STR, NULL, NULL, NULL, NULL }, +{ BASICTYPE_VISIBLE_STR, "caseIgnoreMatch", "directoryStringApproxMatch", "caseIgnoreOrderingMatch", "caseIgnoreSubstringsMatch" }, +{ BASICTYPE_GENERAL_STR, NULL, NULL, NULL, NULL }, +{ BASICTYPE_OBJECTDESCRIPTOR, "objectIdentifierFirstComponentMatch", NULL, NULL, NULL }, +{ BASICTYPE_VIDEOTEX_STR, NULL, NULL, NULL, NULL }, +{ BASICTYPE_T61_STR, NULL, NULL, NULL, NULL }, +{ BASICTYPE_OCTETCONTAINING, NULL, NULL, NULL, NULL }, +{ BASICTYPE_BITCONTAINING, NULL, NULL, NULL, NULL }, +{ BASICTYPE_RELATIVE_OID, "objectIdentifierFirstComponentMatch", NULL, NULL, NULL }, +{ BASICTYPE_ANY, NULL, NULL, NULL, NULL }, +{ COMPOSITE_ASN1_TYPE, NULL, NULL, NULL, NULL }, +{ RDNSequence, "distinguishedNameMatch", NULL, NULL, NULL }, +{ RelativeDistinguishedName, "rdnMatch" , NULL, NULL, NULL }, +{ TelephoneNumber, NULL, NULL, NULL, NULL }, +{ FacsimileTelephoneNumber__telephoneNumber, "caseIgnoreMatch", "directoryStringApproxMatch", "caseIgnoreOrderingMatch", "caseIgnoreSubstringsMatch" }, +{ DirectoryString, "caseIgnoreMatch", "directoryStringApproxMatch", "caseIgnoreOrderingMatch", "caseIgnoreSubstringsMatch"}, +{ ASN_COMP_CERTIFICATE, "componentFilterMatch", NULL, NULL, NULL }, +{ ASNTYPE_END, NULL, NULL, NULL, NULL } +}; + +/* + * This table mapps an ASN type to a corresponding ComponentType which has + * equivalent contents of an existing AttributeType + */ +AsnTypetoCompType asntype_to_compType_mapping_tbl[] = { +{ BASICTYPE_BOOLEAN,{}}, +{ BASICTYPE_INTEGER, {}}, +{ BASICTYPE_BITSTRING, {}}, +{ BASICTYPE_OCTETSTRING, {}}, +{ BASICTYPE_NULL, {}}, +{ BASICTYPE_OID, {}}, +{ BASICTYPE_REAL, {}}, +{ BASICTYPE_ENUMERATED, {}}, +{ BASICTYPE_NUMERIC_STR, {}}, +{ BASICTYPE_PRINTABLE_STR, {}}, +{ BASICTYPE_UNIVERSAL_STR, {}}, +{ BASICTYPE_IA5_STR, {}}, +{ BASICTYPE_BMP_STR, {}}, +{ BASICTYPE_UTF8_STR, {}}, +{ BASICTYPE_UTCTIME, {}}, +{ BASICTYPE_GENERALIZEDTIME, {}}, +{ BASICTYPE_GRAPHIC_STR, {}}, +{ BASICTYPE_VISIBLE_STR, {}}, +{ BASICTYPE_GENERAL_STR,{}}, +{ BASICTYPE_OBJECTDESCRIPTOR, {}}, +{ BASICTYPE_VIDEOTEX_STR, {}}, +{ BASICTYPE_T61_STR, {}}, +{ BASICTYPE_OCTETCONTAINING, {}}, +{ BASICTYPE_BITCONTAINING, {}}, +{ BASICTYPE_RELATIVE_OID, {}}, +{ BASICTYPE_ANY, {}}, +{ COMPOSITE_ASN1_TYPE, {}}, +{ RDNSequence, {}}, +{ RelativeDistinguishedName, {}}, +{ TelephoneNumber, {}}, +{ FacsimileTelephoneNumber__telephoneNumber, {}}, +{ DirectoryString, {}}, +{ ASN_COMP_CERTIFICATE, {}}, +{ ASNTYPE_END , {}} +}; + +AsnTypetoCompDesc asntype_to_compdesc_mapping_tbl[] = { +{ BASICTYPE_BOOLEAN,{}}, +{ BASICTYPE_INTEGER, {}}, +{ BASICTYPE_BITSTRING, {}}, +{ BASICTYPE_OCTETSTRING, {}}, +{ BASICTYPE_NULL, {}}, +{ BASICTYPE_OID, {}}, +{ BASICTYPE_REAL, {}}, +{ BASICTYPE_ENUMERATED, {}}, +{ BASICTYPE_NUMERIC_STR, {}}, +{ BASICTYPE_PRINTABLE_STR, {}}, +{ BASICTYPE_UNIVERSAL_STR, {}}, +{ BASICTYPE_IA5_STR, {}}, +{ BASICTYPE_BMP_STR, {}}, +{ BASICTYPE_UTF8_STR, {}}, +{ BASICTYPE_UTCTIME, {}}, +{ BASICTYPE_GENERALIZEDTIME, {}}, +{ BASICTYPE_GRAPHIC_STR, {}}, +{ BASICTYPE_VISIBLE_STR, {}}, +{ BASICTYPE_GENERAL_STR,{}}, +{ BASICTYPE_OBJECTDESCRIPTOR, {}}, +{ BASICTYPE_VIDEOTEX_STR, {}}, +{ BASICTYPE_T61_STR, {}}, +{ BASICTYPE_OCTETCONTAINING, {}}, +{ BASICTYPE_BITCONTAINING, {}}, +{ BASICTYPE_RELATIVE_OID, {}}, +{ BASICTYPE_ANY, {}}, +{ COMPOSITE_ASN1_TYPE, {}}, +{ RDNSequence, {}}, +{ RelativeDistinguishedName, {}}, +{ TelephoneNumber, {}}, +{ FacsimileTelephoneNumber__telephoneNumber, {}}, +{ DirectoryString, {}}, +{ ASN_COMP_CERTIFICATE, {}}, +{ ASNTYPE_END , {}} +}; diff --git a/contrib/slapd-modules/comp_match/authorityKeyIdentifier.c b/contrib/slapd-modules/comp_match/authorityKeyIdentifier.c index 7a1213b62d..84e83b87ed 100644 --- a/contrib/slapd-modules/comp_match/authorityKeyIdentifier.c +++ b/contrib/slapd-modules/comp_match/authorityKeyIdentifier.c @@ -18,7 +18,7 @@ BDecComponentAuthorityKeyIdentifierTop( void* mem_op, GenBuf* b, void *v, AsnLen return (-1); } - return BDecComponentAuthorityKeyIdentifier( mem_op, b, tag, elmtLen, (ComponentSyntaxInfo*)v,(int*)bytesDecoded, mode ); + return BDecComponentAuthorityKeyIdentifier( mem_op, b, tag, elmtLen, ( ComponentAuthorityKeyIdentifier**)v, (AsnLen*)bytesDecoded, mode ); } @@ -45,7 +45,7 @@ MatchingComponentOtherName ( char* oid, ComponentSyntaxInfo* csi_attr, Component if ( rc != LDAP_COMPARE_TRUE ) return rc; rc = SetAnyTypeByComponentOid ((ComponentSyntaxInfo*)&((ComponentOtherName*)csi_attr)->value, (&((ComponentOtherName*)csi_attr)->type_id)); - rc = MatchingComponentAnyDefinedBy ( oid, (ComponentSyntaxInfo*)&((ComponentOtherName*)csi_attr)->value, (ComponentSyntaxInfo*)&((ComponentOtherName*)csi_assert)->value); + rc = MatchingComponentAnyDefinedBy ( oid, (ComponentAny*)&((ComponentOtherName*)csi_attr)->value, (ComponentAny*)&((ComponentOtherName*)csi_assert)->value); if ( rc != LDAP_COMPARE_TRUE ) return rc; return LDAP_COMPARE_TRUE; @@ -267,7 +267,7 @@ MatchingComponentORAddress ( char* oid, ComponentSyntaxInfo* csi_attr, Component if ( rc != LDAP_COMPARE_TRUE ) return rc; rc = SetAnyTypeByComponentOid ((ComponentSyntaxInfo*)&((ComponentORAddress*)csi_attr)->value, (&((ComponentORAddress*)csi_attr)->type_id)); - rc = MatchingComponentAnyDefinedBy ( oid, (ComponentSyntaxInfo*)&((ComponentORAddress*)csi_attr)->value, (ComponentSyntaxInfo*)&((ComponentORAddress*)csi_assert)->value); + rc = MatchingComponentAnyDefinedBy ( oid, (ComponentAny*)&((ComponentORAddress*)csi_attr)->value, (ComponentAny*)&((ComponentORAddress*)csi_assert)->value); if ( rc != LDAP_COMPARE_TRUE ) return rc; rc = MatchingComponentOcts ( oid, (ComponentSyntaxInfo*)&((ComponentORAddress*)csi_attr)->extension, (ComponentSyntaxInfo*)&((ComponentORAddress*)csi_assert)->extension ); @@ -1615,7 +1615,7 @@ ExtractingComponentGeneralNames ( void* mem_op, ComponentReference* cr, Componen case LDAP_COMPREF_COUNT : k = (ComponentInt*)CompAlloc( mem_op, sizeof(ComponentInt)); k->comp_desc = CompAlloc( mem_op, sizeof( ComponentDesc ) ); - k->comp_desc->cd_tag = NULL; + k->comp_desc->cd_tag = (-1); k->comp_desc->cd_gser_decoder = (gser_decoder_func*)GDecComponentInt; k->comp_desc->cd_ber_decoder = (ber_decoder_func*)BDecComponentInt; k->comp_desc->cd_extract_i = (extract_component_from_id_func*)NULL; diff --git a/contrib/slapd-modules/comp_match/certificate.asn1 b/contrib/slapd-modules/comp_match/certificate.asn1 index 25bad93547..0036f4bc07 100644 --- a/contrib/slapd-modules/comp_match/certificate.asn1 +++ b/contrib/slapd-modules/comp_match/certificate.asn1 @@ -3,7 +3,7 @@ BEGIN -- based on RFC 3280 and X.509 Certificate ::= SEQUENCE { - tbsCertificate TBSCertificate, + toBeSigned TBSCertificate, signatureAlgorithm AlgorithmIdentifier, signature BIT STRING } diff --git a/contrib/slapd-modules/comp_match/certificate.c b/contrib/slapd-modules/comp_match/certificate.c index 5c815206fe..7c3fa8a982 100644 --- a/contrib/slapd-modules/comp_match/certificate.c +++ b/contrib/slapd-modules/comp_match/certificate.c @@ -18,7 +18,7 @@ BDecComponentCertificateTop( void* mem_op, GenBuf* b, void **v, AsnLen* bytesDec return (-1); } - return BDecComponentCertificate( mem_op, b, tag, elmtLen, (ComponentSyntaxInfo*)v,(int*)bytesDecoded, mode ); + return BDecComponentCertificate( mem_op, b, tag, elmtLen, (ComponentCertificate**)v,(AsnLen*)bytesDecoded, mode ); } void init_module_AuthenticationFramework() { @@ -90,7 +90,7 @@ MatchingComponentAlgorithmIdentifier ( char* oid, ComponentSyntaxInfo* csi_attr, if ( rc != LDAP_COMPARE_TRUE ) return rc; rc = SetAnyTypeByComponentOid ((ComponentSyntaxInfo*)&((ComponentAlgorithmIdentifier*)csi_attr)->parameters, (&((ComponentAlgorithmIdentifier*)csi_attr)->algorithm)); - rc = MatchingComponentAnyDefinedBy ( oid, (ComponentSyntaxInfo*)&((ComponentAlgorithmIdentifier*)csi_attr)->parameters, (ComponentSyntaxInfo*)&((ComponentAlgorithmIdentifier*)csi_assert)->parameters); + rc = MatchingComponentAnyDefinedBy ( oid, (ComponentAny*)&((ComponentAlgorithmIdentifier*)csi_attr)->parameters, (ComponentAny*)&((ComponentAlgorithmIdentifier*)csi_assert)->parameters); if ( rc != LDAP_COMPARE_TRUE ) return rc; return LDAP_COMPARE_TRUE; @@ -792,7 +792,7 @@ MatchingComponentAttributeTypeAndValue ( char* oid, ComponentSyntaxInfo* csi_att if ( rc != LDAP_COMPARE_TRUE ) return rc; rc = SetAnyTypeByComponentOid ((ComponentSyntaxInfo*)&((ComponentAttributeTypeAndValue*)csi_attr)->value, (&((ComponentAttributeTypeAndValue*)csi_attr)->type)); - rc = MatchingComponentAnyDefinedBy ( oid, (ComponentSyntaxInfo*)&((ComponentAttributeTypeAndValue*)csi_attr)->value, (ComponentSyntaxInfo*)&((ComponentAttributeTypeAndValue*)csi_assert)->value); + rc = MatchingComponentAnyDefinedBy ( oid, (ComponentAny*)&((ComponentAttributeTypeAndValue*)csi_attr)->value, (ComponentAny*)&((ComponentAttributeTypeAndValue*)csi_assert)->value); if ( rc != LDAP_COMPARE_TRUE ) return rc; return LDAP_COMPARE_TRUE; @@ -1514,7 +1514,7 @@ ExtractingComponentExtensions ( void* mem_op, ComponentReference* cr, ComponentE case LDAP_COMPREF_COUNT : k = (ComponentInt*)CompAlloc( mem_op, sizeof(ComponentInt)); k->comp_desc = CompAlloc( mem_op, sizeof( ComponentDesc ) ); - k->comp_desc->cd_tag = NULL; + k->comp_desc->cd_tag = (-1); k->comp_desc->cd_gser_decoder = (gser_decoder_func*)GDecComponentInt; k->comp_desc->cd_ber_decoder = (ber_decoder_func*)BDecComponentInt; k->comp_desc->cd_extract_i = (extract_component_from_id_func*)NULL; @@ -1757,7 +1757,7 @@ ExtractingComponentRelativeDistinguishedName ( void* mem_op, ComponentReference* case LDAP_COMPREF_COUNT : k = (ComponentInt*)CompAlloc( mem_op, sizeof(ComponentInt)); k->comp_desc = CompAlloc( mem_op, sizeof( ComponentDesc ) ); - k->comp_desc->cd_tag = NULL; + k->comp_desc->cd_tag = (-1); k->comp_desc->cd_gser_decoder = (gser_decoder_func*)GDecComponentInt; k->comp_desc->cd_ber_decoder = (ber_decoder_func*)BDecComponentInt; k->comp_desc->cd_extract_i = (extract_component_from_id_func*)NULL; @@ -1833,6 +1833,10 @@ int mode) free ( t ); return -1; } + + t->comp_desc->cd_gser_encoder = (encoder_func*)NULL; + t->comp_desc->cd_ber_encoder = (encoder_func*)NULL; + t->comp_desc->cd_ldap_encoder = (encoder_func*)ConvertRDN2RFC2253; t->comp_desc->cd_gser_decoder = (gser_decoder_func*)GDecComponentRelativeDistinguishedName ; t->comp_desc->cd_ber_decoder = (ber_decoder_func*)BDecComponentRelativeDistinguishedName ; t->comp_desc->cd_free = (comp_free_func*)NULL; @@ -1991,7 +1995,7 @@ ExtractingComponentRDNSequence ( void* mem_op, ComponentReference* cr, Component case LDAP_COMPREF_COUNT : k = (ComponentInt*)CompAlloc( mem_op, sizeof(ComponentInt)); k->comp_desc = CompAlloc( mem_op, sizeof( ComponentDesc ) ); - k->comp_desc->cd_tag = NULL; + k->comp_desc->cd_tag = (-1); k->comp_desc->cd_gser_decoder = (gser_decoder_func*)GDecComponentInt; k->comp_desc->cd_ber_decoder = (ber_decoder_func*)BDecComponentInt; k->comp_desc->cd_extract_i = (extract_component_from_id_func*)NULL; @@ -2067,6 +2071,10 @@ int mode) free ( t ); return -1; } + + t->comp_desc->cd_gser_encoder = (encoder_func*)NULL; + t->comp_desc->cd_ber_encoder = (encoder_func*)NULL; + t->comp_desc->cd_ldap_encoder = (encoder_func*) ConvertRDNSequence2RFC2253; t->comp_desc->cd_gser_decoder = (gser_decoder_func*)GDecComponentRDNSequence ; t->comp_desc->cd_ber_decoder = (ber_decoder_func*)BDecComponentRDNSequence ; t->comp_desc->cd_free = (comp_free_func*)NULL; @@ -2140,6 +2148,9 @@ int mode) free ( t ); return -1; } + t->comp_desc->cd_gser_encoder = (encoder_func*)NULL; + t->comp_desc->cd_ber_encoder = (encoder_func*)NULL; + t->comp_desc->cd_ldap_encoder = (encoder_func*)ConvertRDNSequence2RFC2253; t->comp_desc->cd_gser_decoder = (gser_decoder_func*)GDecComponentRDNSequence ; t->comp_desc->cd_ber_decoder = (ber_decoder_func*)BDecComponentRDNSequence ; t->comp_desc->cd_free = (comp_free_func*)NULL; @@ -2969,7 +2980,7 @@ MatchingComponentCertificate ( char* oid, ComponentSyntaxInfo* csi_attr, Compone } rc = 1; - rc = MatchingComponentTBSCertificate ( oid, (ComponentSyntaxInfo*)((ComponentCertificate*)csi_attr)->tbsCertificate, (ComponentSyntaxInfo*)((ComponentCertificate*)csi_assert)->tbsCertificate ); + rc = MatchingComponentTBSCertificate ( oid, (ComponentSyntaxInfo*)((ComponentCertificate*)csi_attr)->toBeSigned, (ComponentSyntaxInfo*)((ComponentCertificate*)csi_assert)->toBeSigned ); if ( rc != LDAP_COMPARE_TRUE ) return rc; rc = MatchingComponentAlgorithmIdentifier ( oid, (ComponentSyntaxInfo*)((ComponentCertificate*)csi_attr)->signatureAlgorithm, (ComponentSyntaxInfo*)((ComponentCertificate*)csi_assert)->signatureAlgorithm ); @@ -2985,12 +2996,12 @@ void* ExtractingComponentCertificate ( void* mem_op, ComponentReference* cr, ComponentCertificate *comp ) { - if ( ( comp->tbsCertificate->identifier.bv_val && strncmp(comp->tbsCertificate->identifier.bv_val, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0 ) || ( strncmp(comp->tbsCertificate->id_buf, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0 ) ) { + if ( ( comp->toBeSigned->identifier.bv_val && strncmp(comp->toBeSigned->identifier.bv_val, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0 ) || ( strncmp(comp->toBeSigned->id_buf, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0 ) ) { if ( cr->cr_curr->ci_next == NULL ) - return comp->tbsCertificate; + return comp->toBeSigned; else { cr->cr_curr = cr->cr_curr->ci_next; - return ExtractingComponentTBSCertificate ( mem_op, cr, comp->tbsCertificate ); + return ExtractingComponentTBSCertificate ( mem_op, cr, comp->toBeSigned ); } } if ( ( comp->signatureAlgorithm->identifier.bv_val && strncmp(comp->signatureAlgorithm->identifier.bv_val, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0 ) || ( strncmp(comp->signatureAlgorithm->id_buf, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0 ) ) { @@ -3045,11 +3056,11 @@ int mode) if (((tagId1 == MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE)))) { elmtLen1 = BDecLen (b, &totalElmtsLen1 ); - rc = BDecComponentTBSCertificate (mem_op, b, tagId1, elmtLen1, (&k->tbsCertificate), &totalElmtsLen1, mode); + rc = BDecComponentTBSCertificate (mem_op, b, tagId1, elmtLen1, (&k->toBeSigned), &totalElmtsLen1, mode); if ( rc != LDAP_SUCCESS ) return rc; - (k->tbsCertificate)->identifier.bv_val = (k->tbsCertificate)->id_buf; - (k->tbsCertificate)->identifier.bv_len = strlen("tbsCertificate"); - strcpy( (k->tbsCertificate)->identifier.bv_val, "tbsCertificate"); + (k->toBeSigned)->identifier.bv_val = (k->toBeSigned)->id_buf; + (k->toBeSigned)->identifier.bv_len = strlen("toBeSigned"); + strcpy( (k->toBeSigned)->identifier.bv_val, "toBeSigned"); tagId1 = BDecTag (b, &totalElmtsLen1); } else @@ -3151,11 +3162,11 @@ int mode) Asn1Error("Error during Reading identifier"); return LDAP_PROTOCOL_ERROR; } - if ( strncmp( peek_head, "tbsCertificate", strlen("tbsCertificate") ) == 0 ) { - rc = GDecComponentTBSCertificate (mem_op, b, (&k->tbsCertificate), bytesDecoded, mode); + if ( strncmp( peek_head, "toBeSigned", strlen("toBeSigned") ) == 0 ) { + rc = GDecComponentTBSCertificate (mem_op, b, (&k->toBeSigned), bytesDecoded, mode); if ( rc != LDAP_SUCCESS ) return rc; - ( k->tbsCertificate)->identifier.bv_val = peek_head; - ( k->tbsCertificate)->identifier.bv_len = strLen; + ( k->toBeSigned)->identifier.bv_val = peek_head; + ( k->toBeSigned)->identifier.bv_len = strLen; if( !(strLen = LocateNextGSERToken(mem_op,b,&peek_head,GSER_NO_COPY)) ){ Asn1Error("Error during Reading , "); return LDAP_PROTOCOL_ERROR; diff --git a/contrib/slapd-modules/comp_match/certificate.h b/contrib/slapd-modules/comp_match/certificate.h index 4d5d6b2780..e9cf470be7 100644 --- a/contrib/slapd-modules/comp_match/certificate.h +++ b/contrib/slapd-modules/comp_match/certificate.h @@ -346,7 +346,7 @@ typedef struct Certificate /* SEQUENCE */ ComponentDesc* comp_desc; struct berval identifier; char id_buf[MAX_IDENTIFIER_LEN]; - ComponentTBSCertificate* tbsCertificate; /* TBSCertificate */ + ComponentTBSCertificate* toBeSigned; /* TBSCertificate */ ComponentAlgorithmIdentifier* signatureAlgorithm; /* AlgorithmIdentifier */ ComponentBits signature; /* BIT STRING */ } ComponentCertificate; diff --git a/contrib/slapd-modules/comp_match/componentlib.c b/contrib/slapd-modules/comp_match/componentlib.c index 1d17da7e5e..46602d6446 100644 --- a/contrib/slapd-modules/comp_match/componentlib.c +++ b/contrib/slapd-modules/comp_match/componentlib.c @@ -67,9 +67,12 @@ FreeComponentBits ( ComponentBits* v ) { int GEncComponentBits ( GenBuf *b, ComponentBits *in ) { - if ( !in ) - return (-1); - return GEncAsnBitsContent ( b, &in->value ); + GAsnBits bits = {0}; + + bits.value = in->value; + if ( !in ) + return (-1); + return GEncAsnBitsContent ( b, &bits); } @@ -105,6 +108,7 @@ GDecComponentBits ( void* mem_op, GenBuf *b, void *v, AsnLen *bytesDecoded, int if ( k ) CompFree( mem_op, k ); return LDAP_DECODING_ERROR; } + k->comp_desc->cd_gser_encoder = (encoder_func*)GEncComponentBits; k->comp_desc->cd_gser_decoder = (gser_decoder_func*)GDecComponentBits; k->comp_desc->cd_ber_decoder = (ber_decoder_func*)BDecComponentBits; k->comp_desc->cd_free = (comp_free_func*)FreeComponentBits; @@ -165,6 +169,7 @@ BDecComponentBits ( void* mem_op, GenBuf *b, AsnTag tagId, AsnLen len, void *v, if ( k ) CompFree( mem_op, k ); return LDAP_DECODING_ERROR; } + k->comp_desc->cd_gser_encoder = (encoder_func*)GEncComponentBits; k->comp_desc->cd_gser_decoder = (gser_decoder_func*)GDecComponentBits; k->comp_desc->cd_ber_decoder = (ber_decoder_func*)BDecComponentBits; k->comp_desc->cd_free = (comp_free_func*)FreeComponentBits; @@ -181,12 +186,16 @@ BDecComponentBits ( void* mem_op, GenBuf *b, AsnTag tagId, AsnLen len, void *v, /* * Component GSER BMPString Encoder */ - int - GEncComponentBMPString ( GenBuf *b, ComponentBMPString *in ) - { - if ( !in || in->value.octetLen <= 0 ) return (-1); - return GEncBMPStringContent ( b, &in->value ); - } +int +GEncComponentBMPString ( GenBuf *b, ComponentBMPString *in ) +{ + GBMPString t = {0}; + + if ( !in || in->value.octetLen <= 0 ) + return (-1); + t.value = in->value; + return GEncBMPStringContent ( b, &t ); +} /* * Component GSER BMPString Decoder @@ -223,6 +232,7 @@ GDecComponentBMPString ( void* mem_op, GenBuf *b, void *v, AsnLen *bytesDecoded, if ( k ) CompFree( mem_op, k ); return LDAP_DECODING_ERROR; } + k->comp_desc->cd_gser_encoder = (encoder_func*)GEncComponentBMPString; k->comp_desc->cd_gser_decoder = (gser_decoder_func*)GDecComponentBMPString; k->comp_desc->cd_ber_decoder = (ber_decoder_func*)BDecComponentBMPString; k->comp_desc->cd_free = (comp_free_func*)FreeComponentBMPString; @@ -283,6 +293,7 @@ BDecComponentBMPString ( void* mem_op, GenBuf *b, AsnTag tagId, AsnLen len, void if ( k ) CompFree ( mem_op, k ); return LDAP_DECODING_ERROR; } + k->comp_desc->cd_gser_encoder = (encoder_func*)GEncComponentBMPString; k->comp_desc->cd_gser_decoder = (gser_decoder_func*)GDecComponentBMPString; k->comp_desc->cd_ber_decoder = (ber_decoder_func*)BDecComponentBMPString; k->comp_desc->cd_free = (comp_free_func*)FreeComponentBMPString; @@ -303,9 +314,11 @@ BDecComponentBMPString ( void* mem_op, GenBuf *b, AsnTag tagId, AsnLen len, void int GEncComponentUTF8String ( GenBuf *b, ComponentUTF8String *in ) { - if ( !in || in->value.octetLen <= 0 ) - return (-1); - return GEncUTF8StringContent ( b, &in->value ); + GUTF8String t = {0}; + if ( !in || in->value.octetLen <= 0 ) + return (-1); + t.value = in->value; + return GEncUTF8StringContent ( b, &t ); } /* @@ -343,6 +356,7 @@ GDecComponentUTF8String ( void* mem_op, GenBuf *b, void *v, if ( k ) CompFree( mem_op, k ); return LDAP_DECODING_ERROR; } + k->comp_desc->cd_gser_encoder = (encoder_func*)GEncComponentUTF8String; k->comp_desc->cd_gser_decoder = (gser_decoder_func*)GDecComponentUTF8String; k->comp_desc->cd_ber_decoder = (ber_decoder_func*)BDecComponentUTF8String; k->comp_desc->cd_free = (comp_free_func*)FreeComponentUTF8String; @@ -401,6 +415,7 @@ BDecComponentUTF8String ( void* mem_op, GenBuf *b, AsnTag tagId, AsnLen len, if ( k ) CompFree ( mem_op, k ); return LDAP_DECODING_ERROR; } + k->comp_desc->cd_gser_encoder = (encoder_func*)GEncComponentUTF8String; k->comp_desc->cd_gser_decoder = (gser_decoder_func*)GDecComponentUTF8String; k->comp_desc->cd_ber_decoder = (ber_decoder_func*)BDecComponentUTF8String; k->comp_desc->cd_free = (comp_free_func*)FreeComponentUTF8String; @@ -418,9 +433,12 @@ BDecComponentUTF8String ( void* mem_op, GenBuf *b, AsnTag tagId, AsnLen len, int GEncComponentTeletexString ( GenBuf *b, ComponentTeletexString *in ) { - if ( !in || in->value.octetLen <= 0 ) - return (-1); - return GEncTeletexStringContent ( b, &in->value ); + GTeletexString t = {0}; + + if ( !in || in->value.octetLen <= 0 ) + return (-1); + t.value = in->value; + return GEncTeletexStringContent ( b, &t ); } /* @@ -458,6 +476,7 @@ GDecComponentTeletexString ( void* mem_op, GenBuf *b, void *v, if ( k ) CompFree ( mem_op, k ); return LDAP_DECODING_ERROR; } + k->comp_desc->cd_gser_encoder = (encoder_func*)GEncComponentTeletexString; k->comp_desc->cd_gser_decoder = (gser_decoder_func*)GDecComponentTeletexString; k->comp_desc->cd_ber_decoder = (ber_decoder_func*)BDecComponentTeletexString; k->comp_desc->cd_free = (comp_free_func*)FreeComponentTeletexString; @@ -500,9 +519,12 @@ MatchingComponentBool(char* oid, ComponentSyntaxInfo* csi_attr, int GEncComponentBool ( GenBuf *b, ComponentBool *in ) { - if ( !in ) - return (-1); - return GEncAsnBoolContent ( b, &in->value ); + GAsnBool t = {0}; + + if ( !in ) + return (-1); + t.value = in->value; + return GEncAsnBoolContent ( b, &t ); } /* @@ -537,6 +559,7 @@ GDecComponentBool ( void* mem_op, GenBuf *b, void *v, AsnLen *bytesDecoded, int if ( k ) CompFree ( mem_op, k ); return LDAP_DECODING_ERROR; } + k->comp_desc->cd_gser_encoder = (encoder_func*)GEncComponentBool; k->comp_desc->cd_gser_decoder = (gser_decoder_func*)GDecComponentBool; k->comp_desc->cd_ber_decoder = (ber_decoder_func*)BDecComponentBool; k->comp_desc->cd_free = (comp_free_func*)NULL; @@ -594,6 +617,7 @@ BDecComponentBool ( void* mem_op, GenBuf *b, AsnTag tagId, AsnLen len, void *v, if ( k ) CompFree ( mem_op, k ); return LDAP_DECODING_ERROR; } + k->comp_desc->cd_gser_encoder = (encoder_func*)GEncComponentBool; k->comp_desc->cd_gser_decoder = (gser_decoder_func*)GDecComponentBool; k->comp_desc->cd_ber_decoder = (ber_decoder_func*)BDecComponentBool; k->comp_desc->cd_free = (comp_free_func*)NULL; @@ -636,9 +660,12 @@ MatchingComponentEnum ( char* oid, ComponentSyntaxInfo *csi_attr, int GEncComponentEnum ( GenBuf *b, ComponentEnum *in ) { - if ( !in ) - return (-1); - return GEncAsnEnumContent ( b, &in->value ); + GAsnEnum t = {0}; + + if ( !in ) + return (-1); + t.value = in->value; + return GEncAsnEnumContent ( b, &t ); } /* @@ -675,6 +702,7 @@ GDecComponentEnum ( void* mem_op, GenBuf *b, void *v, AsnLen *bytesDecoded, int if ( k ) CompFree ( mem_op, k ); return LDAP_DECODING_ERROR; } + k->comp_desc->cd_gser_encoder = (encoder_func*)GEncComponentEnum; k->comp_desc->cd_gser_decoder = (gser_decoder_func*)GDecComponentEnum; k->comp_desc->cd_ber_decoder = (ber_decoder_func*)BDecComponentEnum; k->comp_desc->cd_free = (comp_free_func*)NULL; @@ -733,6 +761,7 @@ BDecComponentEnum ( void* mem_op, GenBuf *b, AsnTag tagId, AsnLen len, void *v, if ( k ) CompFree ( mem_op, k ); return LDAP_DECODING_ERROR; } + k->comp_desc->cd_gser_encoder = (encoder_func*)GEncComponentEnum; k->comp_desc->cd_gser_decoder = (gser_decoder_func*)GDecComponentEnum; k->comp_desc->cd_ber_decoder = (ber_decoder_func*)BDecComponentEnum; k->comp_desc->cd_free = (comp_free_func*)NULL; @@ -752,8 +781,10 @@ BDecComponentEnum ( void* mem_op, GenBuf *b, AsnTag tagId, AsnLen len, void *v, int GEncComponentIA5Stirng ( GenBuf *b, ComponentIA5String* in ) { - if ( !in || in->value.octetLen <= 0 ) return (-1); - return GEncIA5StringContent( b, &in->value ); + GIA5String t = {0}; + t.value = in->value; + if ( !in || in->value.octetLen <= 0 ) return (-1); + return GEncIA5StringContent( b, &t ); } /* @@ -801,6 +832,7 @@ BDecComponentIA5String ( void* mem_op, GenBuf *b, AsnTag tagId, AsnLen len, void if ( k ) CompFree ( mem_op, k ); return LDAP_DECODING_ERROR; } + k->comp_desc->cd_gser_encoder = (encoder_func*)GEncComponentIA5String; k->comp_desc->cd_gser_decoder = (gser_decoder_func*)GDecComponentIA5String; k->comp_desc->cd_ber_decoder = (ber_decoder_func*)BDecComponentIA5String; k->comp_desc->cd_free = (comp_free_func*)FreeComponentIA5String; @@ -844,8 +876,12 @@ function*/ int GEncComponentInt ( GenBuf *b, ComponentInt* in ) { - if ( !in ) return (-1); - return GEncAsnIntContent ( b, &in->value ); + GAsnInt t = {0}; + + if ( !in ) + return (-1); + t.value = in->value; + return GEncAsnIntContent ( b, &t ); } /* @@ -880,6 +916,7 @@ GDecComponentInt( void* mem_op, GenBuf * b, void *v, AsnLen *bytesDecoded, int m if ( k ) CompFree ( mem_op, k ); return LDAP_DECODING_ERROR; } + k->comp_desc->cd_gser_encoder = (encoder_func*)GEncComponentInt; k->comp_desc->cd_gser_decoder = (gser_decoder_func*)GDecComponentInt; k->comp_desc->cd_ber_decoder = (ber_decoder_func*)BDecComponentInt; k->comp_desc->cd_free = (comp_free_func*)NULL; @@ -933,6 +970,7 @@ BDecComponentInt ( void* mem_op, GenBuf *b, AsnTag tagId, AsnLen len, void *v, if ( k ) CompFree ( mem_op, k ); return LDAP_DECODING_ERROR; } + k->comp_desc->cd_gser_encoder = (encoder_func*)GEncComponentInt; k->comp_desc->cd_gser_decoder = (gser_decoder_func*)GDecComponentInt; k->comp_desc->cd_ber_decoder = (ber_decoder_func*)BDecComponentInt; k->comp_desc->cd_free = (comp_free_func*)NULL; @@ -973,8 +1011,12 @@ MatchingComponentNull ( char *oid, ComponentSyntaxInfo *csi_attr, int GEncComponentNull ( GenBuf *b, ComponentNull *in ) { - if ( !in ) return (-1); - return GEncAsnNullContent ( b, &in->value ); + GAsnNull t = {0}; + + if ( !in ) + return (-1); + t.value = in->value; + return GEncAsnNullContent ( b, &t ); } /* @@ -1009,6 +1051,7 @@ GDecComponentNull ( void* mem_op, GenBuf *b, void *v, AsnLen *bytesDecoded, int if ( k ) CompFree ( mem_op, k ); return LDAP_DECODING_ERROR; } + k->comp_desc->cd_gser_encoder = (encoder_func*)GEncComponentNull; k->comp_desc->cd_gser_decoder = (gser_decoder_func*)GDecComponentNull; k->comp_desc->cd_ber_decoder = (ber_decoder_func*)BDecComponentNull; k->comp_desc->cd_free = (comp_free_func*)FreeComponentNull; @@ -1068,6 +1111,7 @@ BDecComponentNull ( void* mem_op, GenBuf *b, AsnTag tagId, AsnLen len, void *v, if ( k ) CompFree ( mem_op, k ); return LDAP_DECODING_ERROR; } + k->comp_desc->cd_gser_encoder = (encoder_func*)GEncComponentNull; k->comp_desc->cd_gser_decoder = (gser_decoder_func*)GDecComponentNull; k->comp_desc->cd_ber_decoder = (ber_decoder_func*)BDecComponentNull; k->comp_desc->cd_free = (comp_free_func*)FreeComponentNull; @@ -1123,6 +1167,7 @@ BDecComponentNumericString ( void* mem_op, GenBuf *b, AsnTag tagId, AsnLen len, if ( k ) CompFree ( mem_op, k ); return LDAP_DECODING_ERROR; } + k->comp_desc->cd_gser_encoder = (encoder_func*)GEncComponentNumericString; k->comp_desc->cd_gser_decoder = (gser_decoder_func*)GDecComponentNumericString; k->comp_desc->cd_ber_decoder = (ber_decoder_func*)BDecComponentNumericString; k->comp_desc->cd_free = (comp_free_func*)FreeComponentNumericString; @@ -1177,9 +1222,12 @@ MatchingComponentOcts ( char* oid, ComponentSyntaxInfo* csi_attr, int GEncComponentOcts ( GenBuf* b, ComponentOcts *in ) { - if ( !in || in->value.octetLen <= 0 ) - return (-1); - return GEncAsnOctsContent ( b, &in->value ); + GAsnOcts t = {0}; + if ( !in || in->value.octetLen <= 0 ) + return (-1); + + t.value = in->value; + return GEncAsnOctsContent ( b, &t ); } /* @@ -1214,6 +1262,7 @@ GDecComponentOcts ( void* mem_op, GenBuf *b, void *v, AsnLen *bytesDecoded, int if ( k ) CompFree ( mem_op, k ); return LDAP_DECODING_ERROR; } + k->comp_desc->cd_gser_encoder = (encoder_func*)GEncComponentOcts; k->comp_desc->cd_gser_decoder = (gser_decoder_func*)GDecComponentOcts; k->comp_desc->cd_ber_decoder = (ber_decoder_func*)BDecComponentOcts; k->comp_desc->cd_free = (comp_free_func*)FreeComponentOcts; @@ -1271,6 +1320,7 @@ BDecComponentOcts ( void* mem_op, GenBuf *b, AsnTag tagId, AsnLen len, void *v, if ( k ) CompFree ( mem_op, k ); return LDAP_DECODING_ERROR; } + k->comp_desc->cd_gser_encoder = (encoder_func*)GEncComponentOcts; k->comp_desc->cd_gser_decoder = (gser_decoder_func*)GDecComponentOcts; k->comp_desc->cd_ber_decoder = (ber_decoder_func*)BDecComponentOcts; k->comp_desc->cd_free = (comp_free_func*)FreeComponentOcts; @@ -1314,8 +1364,12 @@ MatchingComponentOid ( char *oid, ComponentSyntaxInfo *csi_attr , */ GEncComponentOid ( GenBuf *b, ComponentOid *in ) { - if ( !in || in->value.octetLen <= 0 ) return (-1); - return GEncAsnOidContent( b, &in->value ); + GAsnOid t = {0}; + + if ( !in || in->value.octetLen <= 0 ) + return (-1); + t.value = in->value; + return GEncAsnOidContent( b, (GAsnOcts*)&t ); } /* @@ -1340,7 +1394,7 @@ GDecAsnDescOidContent ( void* mem_op, GenBuf *b, GAsnOid *result, AsnLen *bytesD peek_head = ad_type->sat_atype.at_oid; strLen = strlen ( peek_head ); - result->value.octs = EncodeComponentOid ( mem_op, peek_head , &strLen ); + result->value.octs = (char*)EncodeComponentOid ( mem_op, peek_head , &strLen ); result->value.octetLen = strLen; return LDAP_SUCCESS; } @@ -1400,6 +1454,7 @@ GDecComponentOid ( void* mem_op, GenBuf *b, void *v, AsnLen *bytesDecoded, int m if ( k ) CompFree ( mem_op, k ); return LDAP_DECODING_ERROR; } + k->comp_desc->cd_gser_encoder = (encoder_func*)GEncComponentOid; k->comp_desc->cd_gser_decoder = (gser_decoder_func*)GDecComponentOid; k->comp_desc->cd_ber_decoder = (ber_decoder_func*)BDecComponentOid; k->comp_desc->cd_free = (comp_free_func*)FreeComponentOid; @@ -1457,6 +1512,7 @@ BDecComponentOid ( void* mem_op, GenBuf *b, AsnTag tagId, AsnLen len, void *v, if ( k ) CompFree ( mem_op, k ); return LDAP_DECODING_ERROR; } + k->comp_desc->cd_gser_encoder = (encoder_func*)GEncComponentOid; k->comp_desc->cd_gser_decoder = (gser_decoder_func*)GDecComponentOid; k->comp_desc->cd_ber_decoder = (ber_decoder_func*)BDecComponentOid; k->comp_desc->cd_free = (comp_free_func*)FreeComponentOid; @@ -1514,6 +1570,7 @@ BDecComponentPrintableString( void* mem_op, GenBuf *b, AsnTag tagId, AsnLen len, if ( k ) CompFree ( mem_op, k ); return LDAP_DECODING_ERROR; } + k->comp_desc->cd_gser_encoder = (encoder_func*)GEncComponentPrintableString; k->comp_desc->cd_gser_decoder = (gser_decoder_func*)GDecComponentPrintableString; k->comp_desc->cd_ber_decoder = (ber_decoder_func*)BDecComponentPrintableString; k->comp_desc->cd_free = (comp_free_func*)FreeComponentPrintableString; @@ -1555,9 +1612,11 @@ MatchingComponentReal (char* oid, ComponentSyntaxInfo *csi_attr, int GEncComponentReal ( GenBuf *b, ComponentReal *in ) { - if ( !in ) - return (-1); - return GEncAsnRealContent ( b, &in->value ); + GAsnReal t = {0}; + if ( !in ) + return (-1); + t.value = in->value; + return GEncAsnRealContent ( b, &t ); } /* @@ -1592,6 +1651,7 @@ GDecComponentReal ( void* mem_op, GenBuf *b, void *v, AsnLen *bytesDecoded, int if ( k ) CompFree ( mem_op, k ); return LDAP_DECODING_ERROR; } + k->comp_desc->cd_gser_encoder = (encoder_func*)GEncComponentReal; k->comp_desc->cd_gser_decoder = (gser_decoder_func*)GDecComponentReal; k->comp_desc->cd_ber_decoder = (ber_decoder_func*)BDecComponentReal; k->comp_desc->cd_free = (comp_free_func*)NULL; @@ -1648,6 +1708,7 @@ BDecComponentReal ( void* mem_op, GenBuf *b, AsnTag tagId, AsnLen len, void *v, if ( k ) CompFree ( mem_op, k ); return LDAP_DECODING_ERROR; } + k->comp_desc->cd_gser_encoder = (encoder_func*)GEncComponentReal; k->comp_desc->cd_gser_decoder = (gser_decoder_func*)GDecComponentReal; k->comp_desc->cd_ber_decoder = (ber_decoder_func*)BDecComponentReal; k->comp_desc->cd_free = (comp_free_func*)NULL; @@ -1694,9 +1755,12 @@ MatchingComponentRelativeOid ( char* oid, ComponentSyntaxInfo *csi_attr, int GEncComponentRelativeOid ( GenBuf *b, ComponentRelativeOid *in ) { - if ( !in || in->value.octetLen <= 0 ) - return (-1); - return GEncAsnRelativeOidContent ( b , &in->value ); + GAsnRelativeOid t = {0}; + + if ( !in || in->value.octetLen <= 0 ) + return (-1); + t.value = in->value; + return GEncAsnRelativeOidContent ( b , (GAsnOcts*)&t ); } /* @@ -1731,6 +1795,7 @@ GDecComponentRelativeOid ( void* mem_op, GenBuf *b,void *v, AsnLen *bytesDecoded if ( k ) CompFree ( mem_op, k ); return LDAP_DECODING_ERROR; } + k->comp_desc->cd_gser_encoder = (encoder_func*)GEncComponentRelativeOid; k->comp_desc->cd_gser_decoder = (gser_decoder_func*)GDecComponentRelativeOid; k->comp_desc->cd_ber_decoder = (ber_decoder_func*)BDecComponentRelativeOid; k->comp_desc->cd_free = (comp_free_func*)FreeComponentRelativeOid; @@ -1787,6 +1852,7 @@ BDecComponentRelativeOid ( void* mem_op, GenBuf *b, AsnTag tagId, AsnLen len, vo if ( k ) CompFree ( mem_op, k ); return LDAP_DECODING_ERROR; } + k->comp_desc->cd_gser_encoder = (encoder_func*)GEncComponentRelativeOid; k->comp_desc->cd_gser_decoder = (gser_decoder_func*)GDecComponentRelativeOid; k->comp_desc->cd_ber_decoder = (ber_decoder_func*)BDecComponentRelativeOid; k->comp_desc->cd_free = (comp_free_func*)FreeComponentRelativeOid; @@ -1805,9 +1871,11 @@ BDecComponentRelativeOid ( void* mem_op, GenBuf *b, AsnTag tagId, AsnLen len, vo int GEncComponentUniversalString ( GenBuf *b, ComponentUniversalString *in ) { - if ( !in || in->value.octetLen <= 0 ) - return (-1); - return GEncUniversalStringContent( b, &in->value ); + GUniversalString t = {0}; + if ( !in || in->value.octetLen <= 0 ) + return (-1); + t.value = in->value; + return GEncUniversalStringContent( b, &t ); } /* @@ -1870,6 +1938,7 @@ BDecComponentUniversalString ( void* mem_op, GenBuf *b, AsnTag tagId, AsnLen len if ( k ) CompFree ( mem_op, k ); return LDAP_DECODING_ERROR; } + k->comp_desc->cd_gser_encoder = (encoder_func*)GEncComponentUniversalString; k->comp_desc->cd_gser_decoder = (gser_decoder_func*)GDecComponentUniversalString; k->comp_desc->cd_ber_decoder = (ber_decoder_func*)BDecComponentUniversalString; k->comp_desc->cd_free = (comp_free_func*)FreeComponentUniversalString; @@ -1921,6 +1990,7 @@ BDecComponentVisibleString ( void* mem_op, GenBuf *b, AsnTag tagId, AsnLen len, if ( k ) CompFree ( mem_op, k ); return LDAP_DECODING_ERROR; } + k->comp_desc->cd_gser_encoder = (encoder_func*)GEncComponentVisibleString; k->comp_desc->cd_gser_decoder = (gser_decoder_func*)GDecComponentVisibleString; k->comp_desc->cd_ber_decoder = (ber_decoder_func*)BDecComponentVisibleString; k->comp_desc->cd_free = (comp_free_func*)FreeComponentVisibleString; @@ -2003,9 +2073,10 @@ SetAnyTypeByComponentInt( ComponentAny *v, ComponentInt id) { int GEncComponentAny ( GenBuf *b, ComponentAny *in ) { - if ( in->cai != NULL && in->cai->Encode != NULL ) - return in->cai->Encode(b, &in->value ); - else return (-1); + if ( in->cai != NULL && in->cai->Encode != NULL ) + return in->cai->Encode(b, &in->value ); + else + return (-1); } int @@ -2034,6 +2105,7 @@ BEncComponentAny ( void* mem_op, GenBuf *b, ComponentAny *result, AsnLen *bytesD if ( k ) CompFree ( mem_op, k ); return LDAP_DECODING_ERROR; } + k->comp_desc->cd_gser_encoder = (encoder_func*)GEncComponentAny; k->comp_desc->cd_gser_decoder = (gser_decoder_func*)GDecComponentAny; k->comp_desc->cd_ber_decoder = (ber_decoder_func*)BDecComponentAny; k->comp_desc->cd_free = (comp_free_func*)FreeComponentAny; @@ -2072,7 +2144,7 @@ BDecComponentAny ( void* mem_op, GenBuf *b, ComponentAny *result, AsnLen *bytesD result->value = (void*) CompAlloc ( mem_op, result->cai->size ); if ( !result->value ) return 0; #endif - result->cai->BER_Decode ( mem_op, b, &result->value, (int*)bytesDecoded, DEC_ALLOC_MODE_0 ); + result->cai->BER_Decode ( mem_op, b, (ComponentSyntaxInfo*)&result->value, (int*)bytesDecoded, DEC_ALLOC_MODE_0 ); #if 0 rc = BDecComponentTop( result->cai->BER_Decode, mem_op, 0, 0, &result->value, bytesDecoded, DEC_ALLOC_MODE_0 ); if ( rc != LDAP_SUCCESS ) return rc; @@ -2083,6 +2155,7 @@ BDecComponentAny ( void* mem_op, GenBuf *b, ComponentAny *result, AsnLen *bytesD if ( k ) CompFree ( mem_op, k ); return LDAP_DECODING_ERROR; } + k->comp_desc->cd_gser_encoder = (encoder_func*)GEncComponentAny; k->comp_desc->cd_gser_decoder = (gser_decoder_func*)GDecComponentAny; k->comp_desc->cd_ber_decoder = (ber_decoder_func*)BDecComponentAny; k->comp_desc->cd_free = (comp_free_func*)FreeComponentAny; @@ -2121,6 +2194,7 @@ GDecComponentAny ( void* mem_op, GenBuf *b, ComponentAny *result, AsnLen *bytesD if ( k ) CompFree ( mem_op, k ); return LDAP_DECODING_ERROR; } + k->comp_desc->cd_gser_encoder = (encoder_func*)GEncComponentAny; k->comp_desc->cd_gser_decoder = (gser_decoder_func*)GDecComponentAny; k->comp_desc->cd_ber_decoder = (ber_decoder_func*)BDecComponentAny; k->comp_desc->cd_free = (comp_free_func*)FreeComponentAny; @@ -2310,7 +2384,7 @@ RetrieveOidDecoderMappingbyDesc( char* desc, int desc_len ) { mem_op = comp_nibble_memory_allocator ( 128, 16 ); - oid.octs = EncodeComponentOid ( mem_op, oid.octs , &oid.octetLen ); + oid.octs = EncodeComponentOid ( mem_op, oid.octs , (int*)&oid.octetLen ); if( oid.octetLen <= 0 ) { comp_nibble_memory_free( mem_op ); return (OidDecoderMapping*) NULL; diff --git a/contrib/slapd-modules/comp_match/componentlib.h b/contrib/slapd-modules/comp_match/componentlib.h index c41d1d9e3b..90745ebe49 100644 --- a/contrib/slapd-modules/comp_match/componentlib.h +++ b/contrib/slapd-modules/comp_match/componentlib.h @@ -29,6 +29,24 @@ #define MAX_IDENTIFIER_LEN 128 #define COMPONENTNOT_NULL(ptr) ((ptr) != NULL) +typedef struct slap_component_type { + /* + * Don't change the order of following fields + * They are identical the first 9 fields of + * AttributeType + */ + LDAPAttributeType ct_atype; + struct berval ct_cname; + struct slap_attribute_type *ct_sup; + struct slap_attribute_type **ct_subtypes; + MatchingRule *ct_equality; + MatchingRule *ct_approx; + MatchingRule *ct_ordering; + MatchingRule *ct_substr; + Syntax *ct_syntax; +} ComponentType; + + /* * BIT STRING */ @@ -447,6 +465,25 @@ typedef struct asntype_to_syntax { Syntax *ats_syn; } AsnTypetoSyntax; +typedef struct asntype_to_comp_matchingrule { + AsnTypeId atc_typeId; + char* atc_equality; + char* atc_approx; + char* atc_ordering; + char* atc_substr; +} AsnTypetoCompMatchingRule; + +typedef struct asntype_to_comp_desc { + AsnTypeId atcd_typeId; + ComponentDesc atcd_cd; +} AsnTypetoCompDesc; + +typedef struct asntype_to_comp_type { + AsnTypeId ac_asn_id; + ComponentType ac_comp_type; +} AsnTypetoCompType; + +/* refined matching purpose */ typedef struct asntype_to_matchingrule { AsnTypeId atmr_typeId; char* atmr_mr_name; @@ -461,8 +498,6 @@ typedef struct asntype_to_matchingrule_table { struct asntype_to_matchingrule_table* atmr_table_next; } AsnTypetoMatchingRuleTable; -extern AsnTypetoSyntax asn_to_syntax_mapping_tbl[]; - #define MAX_OID_LEN 256 #define MAX_OD_ENTRY 8 @@ -543,4 +578,13 @@ typedef struct comp_irAttributeTypeAndValue /* SEQUENCE */ #define RDN_MATCH_OID "1.2.36.79672281.1.13.3" #define DN_MATCH_OID "2.5.13.1" +extern AsnTypetoSyntax asn_to_syntax_mapping_tbl[]; +extern AsnTypetoCompMatchingRule asntype_to_compMR_mapping_tbl[]; +extern AsnTypetoCompType asntype_to_compType_mapping_tbl[]; +extern AsnTypetoCompDesc asntype_to_compdesc_mapping_tbl[]; + +int ConvertRDN2RFC2253 ( irRelativeDistinguishedName* in, struct berval *out ); +int ConvertRDNSequence2RFC2253( irRDNSequence *in, struct berval* out ); + +void* comp_nibble_memory_allocator ( int init_mem, int inc_mem ); #endif diff --git a/contrib/slapd-modules/comp_match/init.c b/contrib/slapd-modules/comp_match/init.c index fd9419a6fe..ef139fbb59 100644 --- a/contrib/slapd-modules/comp_match/init.c +++ b/contrib/slapd-modules/comp_match/init.c @@ -65,13 +65,13 @@ add_aa_entry( int index, char* aliasing_at_name, char* aliased_at_name, char* mr /* get and store aliasing AttributeDescription */ type.bv_val = aliasing_at_name; type.bv_len = strlen ( aliasing_at_name ); - rc = slap_bv2ad ( &type, &aa_table[index].aa_aliasing_ad,(char**)text ); + rc = slap_bv2ad ( &type, &aa_table[index].aa_aliasing_ad,(const char**)text ); if ( rc != LDAP_SUCCESS ) return rc; /* get and store aliased AttributeDescription */ type.bv_val = aliased_at_name; type.bv_len = strlen ( aliased_at_name ); - rc = slap_bv2ad ( &type, &aa_table[index].aa_aliased_ad,(char**)text ); + rc = slap_bv2ad ( &type, &aa_table[index].aa_aliased_ad,(const char**)text ); if ( rc != LDAP_SUCCESS ) return rc; /* get and store componentFilterMatch */ @@ -82,7 +82,7 @@ add_aa_entry( int index, char* aliasing_at_name, char* aliased_at_name, char* mr /* get and store a component filter */ type.bv_val = component_filter; type.bv_len = strlen ( component_filter ); - rc = get_comp_filter( NULL, &type, &aa_table[index].aa_cf,(char**)text); + rc = get_comp_filter( NULL, &type, &aa_table[index].aa_cf,(const char**)text); aa_table[index].aa_cf_str = component_filter; @@ -99,9 +99,9 @@ add_aa_entry( int index, char* aliasing_at_name, char* aliased_at_name, char* mr * See RFC3687 to understand the content of a component filter. */ char* pre_processed_comp_filter[] = { -/*1*/"item:{ component \"tbsCertificate.issuer.rdnSequence\", rule distinguishedNameMatch, value xxx }", -/*2*/"item:{ component \"tbsCertificate.serialNumber\", rule integerMatch, value xxx }", -/*3*/"and:{ item:{ component \"tbsCertificate.serialNumber\", rule integerMatch, value xxx }, item:{ component \"tbsCertificate.issuer.rdnSequence\", rule distinguishedNameMatch, value xxx } }" +/*1*/"item:{ component \"toBeSigned.issuer.rdnSequence\", rule distinguishedNameMatch, value xxx }", +/*2*/"item:{ component \"toBeSigned.serialNumber\", rule integerMatch, value xxx }", +/*3*/"and:{ item:{ component \"toBeSigned.serialNumber\", rule integerMatch, value xxx }, item:{ component \"toBeSigned.issuer.rdnSequence\", rule distinguishedNameMatch, value xxx } }" }; static int @@ -125,6 +125,60 @@ init_attribute_aliasing_table () return LDAP_SUCCESS; } +void +init_component_description_table () { + AsnTypeId id; + struct berval mr; + AsnTypetoSyntax* asn_to_syn; + Syntax* syn; + + for ( id = BASICTYPE_BOOLEAN; id != ASNTYPE_END ; id++ ) { +#if 0 + asntype_to_compType_mapping_tbl[id].ac_comp_type.ct_atype; + asntype_to_compType_mapping_tbl[id].ac_comp_type.ct_cname = {0,NULL}; +#endif + asntype_to_compType_mapping_tbl[id].ac_comp_type.ct_subtypes = NULL; + asntype_to_compType_mapping_tbl[id].ac_comp_type.ct_syntax = NULL; + + /* Equality Matching Rule */ + if ( asntype_to_compMR_mapping_tbl[id].atc_equality ) { + mr.bv_val = asntype_to_compMR_mapping_tbl[id].atc_equality; + mr.bv_len = strlen(asntype_to_compMR_mapping_tbl[id].atc_equality); + asntype_to_compType_mapping_tbl[id].ac_comp_type.ct_equality = mr_bvfind( &mr ); + } + /* Approx Matching Rule */ + if ( asntype_to_compMR_mapping_tbl[id].atc_approx ) { + mr.bv_val = asntype_to_compMR_mapping_tbl[id].atc_approx; + mr.bv_len = strlen(asntype_to_compMR_mapping_tbl[id].atc_approx); + asntype_to_compType_mapping_tbl[id].ac_comp_type.ct_approx = mr_bvfind( &mr ); + } + + /* Ordering Matching Rule */ + if ( asntype_to_compMR_mapping_tbl[id].atc_ordering ) { + mr.bv_val = asntype_to_compMR_mapping_tbl[id].atc_ordering; + mr.bv_len = strlen(asntype_to_compMR_mapping_tbl[id].atc_ordering); + asntype_to_compType_mapping_tbl[id].ac_comp_type.ct_ordering= mr_bvfind( &mr ); + } + + /* Substr Matching Rule */ + if ( asntype_to_compMR_mapping_tbl[id].atc_substr ) { + mr.bv_val = asntype_to_compMR_mapping_tbl[id].atc_substr; + mr.bv_len = strlen(asntype_to_compMR_mapping_tbl[id].atc_substr); + asntype_to_compType_mapping_tbl[id].ac_comp_type.ct_substr = mr_bvfind( &mr ); + } + /* Syntax */ + + asn_to_syn = &asn_to_syntax_mapping_tbl[ id ]; + if ( asn_to_syn->ats_syn_oid ) + syn = syn_find ( asn_to_syn->ats_syn_oid ); + else + syn = NULL; + asntype_to_compType_mapping_tbl[id].ac_comp_type.ct_syntax = syn; + + asntype_to_compdesc_mapping_tbl[id].atcd_cd.cd_comp_type = (AttributeType*)&asntype_to_compType_mapping_tbl[id].ac_comp_type; + } +} + MatchingRule* retrieve_matching_rule( char* mr_oid, AsnTypeId type ) { char* tmp; @@ -147,7 +201,6 @@ retrieve_matching_rule( char* mr_oid, AsnTypeId type ) { void* comp_convert_attr_to_comp LDAP_P (( Attribute* a, Syntax *syn, struct berval* bv )) { - char* peek_head; int mode, bytesDecoded, size, rc; void* component; @@ -159,7 +212,7 @@ comp_convert_attr_to_comp LDAP_P (( Attribute* a, Syntax *syn, struct berval* bv /* look for the decoder registered for the given attribute */ odm = RetrieveOidDecoderMappingbyOid( oid, strlen(oid) ); - if ( !odm || (!odm->BER_Decode && odm->GSER_Decode) ) + if ( !odm || (!odm->BER_Decode && !odm->GSER_Decode) ) return (void*)NULL; buf = ExpBufAllocBuf(); @@ -173,14 +226,14 @@ comp_convert_attr_to_comp LDAP_P (( Attribute* a, Syntax *syn, struct berval* bv * Currently BER decoder is called for a certificate. * The flag of Attribute will say something about it in the future */ - if ( slap_syntax_is_ber ( syn ) ) { + if ( syn && slap_syntax_is_ber ( syn ) ) { #if 0 rc =BDecComponentTop(odm->BER_Decode, a->a_comp_data->cd_mem_op, b, 0,0, &component,&bytesDecoded,mode ) ; #endif - rc = odm->BER_Decode ( a->a_comp_data->cd_mem_op,b,&component,&bytesDecoded, mode ); + rc = odm->BER_Decode ( a->a_comp_data->cd_mem_op, b, (ComponentSyntaxInfo*)&component, &bytesDecoded, mode ); } else { - rc = odm->GSER_Decode( a->a_comp_data->cd_mem_op, b, component,&bytesDecoded,mode); + rc = odm->GSER_Decode( a->a_comp_data->cd_mem_op, b, (ComponentSyntaxInfo**)component, &bytesDecoded, mode); } ExpBufFreeBuf( buf ); @@ -202,7 +255,7 @@ comp_free_component ( void* mem_op ) { return; } -int +void comp_convert_assert_to_comp ( void* mem_op, ComponentSyntaxInfo *csi_attr, @@ -224,7 +277,6 @@ comp_convert_assert_to_comp ( rc = (*decoder)( mem_op, genBuf, csi, len, mode ); ExpBufFreeBuf ( buf ); - return rc; } int intToAscii( int value, char* buf ) { @@ -335,6 +387,7 @@ comp_convert_asn_to_ldap ( MatchingRule* mr, ComponentSyntaxInfo* csi, struct be return LDAP_INVALID_SYNTAX; return comp_convert_asn_to_ldap( mr, csi, bv, allocated ); case COMPOSITE_ASN1_TYPE : + break; case RDNSequence : /*dnMatch*/ if( strncmp( mr->smr_mrule.mr_oid, DN_MATCH_OID, strlen(DN_MATCH_OID) ) != 0 ) @@ -521,6 +574,8 @@ comp_test_one_component ( assert_bv = ca->ca_comp_data.cd_tree; } #endif + if ( !n_attr_bv.bv_val ) + return LDAP_COMPARE_FALSE; rc = csi_value_match( mr, &n_attr_bv, assert_bv ); if ( n_attr_bv.bv_val ) free ( n_attr_bv.bv_val ); @@ -540,6 +595,8 @@ comp_test_components( void* attr_nm, void* assert_nm, ComponentSyntaxInfo* csi_a void* contained_comp, *anytype_comp; ComponentReference* cr = ca->ca_comp_ref; + if ( !cr ) + return comp_test_one_component ( attr_nm, assert_nm, csi_attr, ca ); /* Extracting the component refrenced by ca->ca_comp_ref */ csi_attr = (ComponentSyntaxInfo*)csi_attr->csi_comp_desc->cd_extract_i( attr_nm, cr, csi_attr ); if ( !csi_attr ) return LDAP_INVALID_SYNTAX; @@ -612,7 +669,7 @@ comp_test_components( void* attr_nm, void* assert_nm, ComponentSyntaxInfo* csi_a #if 0 rc =BDecComponentTop( odm->BER_Decode, attr_nm, b, 0,0, &contained_comp,&bytesDecoded, mode ); #endif - rc = odm->BER_Decode ( attr_nm,b,&contained_comp,&bytesDecoded, mode ); + rc = odm->BER_Decode ( attr_nm, b, (ComponentSyntaxInfo*)&contained_comp, &bytesDecoded, mode ); #if 0 if ( rc != LDAP_SUCCESS ) { @@ -663,7 +720,7 @@ comp_test_components( void* attr_nm, void* assert_nm, ComponentSyntaxInfo* csi_a void* comp_nibble_memory_allocator ( int init_mem, int inc_mem ) { void* nm; - nm = InitNibbleMemLocal( init_mem, inc_mem ); + nm = (void*)InitNibbleMemLocal( (unsigned long)init_mem, (unsigned long)inc_mem ); if ( !nm ) return NULL; else return (void*)nm; } @@ -673,6 +730,71 @@ comp_nibble_memory_free ( void* nm ) { ShutdownNibbleMemLocal( nm ); } +void* +comp_get_component_description ( int id ) { + if ( asntype_to_compdesc_mapping_tbl[id].atcd_typeId == id ) + return &asntype_to_compdesc_mapping_tbl[id].atcd_cd; + else + return NULL; +} + +int +comp_component_encoder ( void* mem_op, ComponentSyntaxInfo* csi , struct berval* nval ) { + int size, rc; + GenBuf* b; + ExpBuf* buf; + struct berval bv; + + buf = ExpBufAllocBufAndData(); + ExpBufResetInWriteRvsMode(buf); + ExpBuftoGenBuf( buf, &b ); + + if ( !csi->csi_comp_desc->cd_gser_encoder && !csi->csi_comp_desc->cd_ldap_encoder ) + return (-1); + + /* + * if an LDAP specific encoder is provided : + * dn and rdn have their LDAP specific encoder + */ + if ( csi->csi_comp_desc->cd_ldap_encoder ) { + rc = csi->csi_comp_desc->cd_ldap_encoder( csi, &bv ); + if ( rc != LDAP_SUCCESS ) + return rc; + if ( mem_op ) + nval->bv_val = CompAlloc( mem_op, bv.bv_len ); + else + nval->bv_val = malloc( size ); + memcpy( nval->bv_val, bv.bv_val, bv.bv_len ); + nval->bv_len = bv.bv_len; + /* + * This free will be eliminated by making ldap_encoder + * use nibble memory in it + */ + free ( bv.bv_val ); + return LDAP_SUCCESS; + } + + rc = csi->csi_comp_desc->cd_gser_encoder( b, csi ); + if ( rc < 0 ) { + BufFreeBuf( buf ); + return rc; + } + + size = ExpBufDataSize( buf ); + if ( size > 0 ) { + if ( mem_op ) + nval->bv_val = CompAlloc ( mem_op, size ); + else + nval->bv_val = malloc( size ); + nval->bv_len = size; + BufResetInReadMode(b); + BufCopy( nval->bv_val, b, size ); + } + ExpBufFreeBuf( buf ); + + return LDAP_SUCCESS; +} + #if SLAPD_COMP_MATCH == SLAPD_MOD_DYNAMIC #include "certificate.h" @@ -685,6 +807,8 @@ extern test_component_func* test_components; extern alloc_nibble_func* nibble_mem_allocator; extern free_nibble_func* nibble_mem_free; extern test_membership_func* is_aliased_attribute; +extern get_component_info_func* get_component_description; +extern component_encoder_func* component_encoder; int init_module(int argc, char *argv[]) { @@ -695,9 +819,11 @@ int init_module(int argc, char *argv[]) { assert_converter = comp_convert_assert_to_comp; component_destructor = comp_free_component; test_components = comp_test_components; - nibble_mem_allocator = comp_nibble_memory_allocator; + nibble_mem_allocator = (free_nibble_func*)comp_nibble_memory_allocator; nibble_mem_free = comp_nibble_memory_free; is_aliased_attribute = (test_membership_func*)comp_is_aliased_attribute; + get_component_description = (get_component_info_func*)comp_get_component_description; + component_encoder = (component_encoder_func*)comp_component_encoder; /* file path needs to be */ load_derived_matching_rule ("derived_mr.cfg"); @@ -706,6 +832,7 @@ int init_module(int argc, char *argv[]) { init_module_AuthenticationFramework(); init_module_AuthorityKeyIdentifierDefinition(); init_attribute_aliasing_table (); + init_component_description_table (); return 0; } diff --git a/servers/slapd/attr.c b/servers/slapd/attr.c index e1e64c8566..0de26e84e5 100644 --- a/servers/slapd/attr.c +++ b/servers/slapd/attr.c @@ -57,9 +57,9 @@ comp_tree_free( Attribute *a ) for( ; a != NULL ; a = next ) { next = a->a_next; - if ( component_destructor && a->a_comp_data && - a->a_comp_data->cd_mem_op ) { - component_destructor( a->a_comp_data->cd_mem_op ); + if ( component_destructor && a->a_comp_data ) { + if ( a->a_comp_data->cd_mem_op ) + component_destructor( a->a_comp_data->cd_mem_op ); free ( a->a_comp_data ); } } diff --git a/servers/slapd/back-bdb/attr.c b/servers/slapd/back-bdb/attr.c index 216f628eef..b5df633b66 100644 --- a/servers/slapd/back-bdb/attr.c +++ b/servers/slapd/back-bdb/attr.c @@ -28,6 +28,9 @@ typedef struct bdb_attrinfo { AttributeDescription *ai_desc; /* attribute description cn;lang-en */ slap_mask_t ai_indexmask; /* how the attr is indexed */ +#ifdef LDAP_COMP_MATCH + ComponentReference* ai_cr; /*component indexing*/ +#endif } AttrInfo; static int @@ -51,6 +54,18 @@ ainfo_cmp( return SLAP_PTRCMP(a->ai_desc, b->ai_desc); } +#ifdef LDAP_COMP_MATCH +void +bdb_attr_comp_ref( struct bdb_info *bdb, AttributeDescription *desc, ComponentReference** cr ) +{ + AttrInfo *a; + + a = (AttrInfo *) avl_find( bdb->bi_attrs, desc, ainfo_type_cmp ); + + *cr = a != NULL ? a->ai_cr : 0 ; +} +#endif + void bdb_attr_mask( struct bdb_info *bdb, @@ -130,14 +145,39 @@ bdb_attr_index_config( AttrInfo *a; AttributeDescription *ad; const char *text; +#ifdef LDAP_COMP_MATCH + ComponentReference* cr = NULL; + AttrInfo *a_cr = NULL; +#endif if( strcasecmp( attrs[i], "default" ) == 0 ) { - bdb->bi_defaultmask = mask; + bdb->bi_defaultmask |= mask; continue; } +#ifdef LDAP_COMP_MATCH + if ( is_component_reference( attrs[i] ) ) { + rc = extract_component_reference( attrs[i], &cr ); + if ( rc != LDAP_SUCCESS ) { + fprintf( stderr, "%s: line %d: " + "index component reference\"%s\" undefined\n", + fname, lineno, attrs[i] ); + return rc; + } + cr->cr_indexmask = mask; + /* + * After extracting a component reference + * only the name of a attribute will be remaining + */ + } else { + cr = NULL; + } +#endif a = (AttrInfo *) ch_malloc( sizeof(AttrInfo) ); +#ifdef LDAP_COMP_MATCH + a->ai_cr = NULL; +#endif ad = NULL; rc = slap_str2ad( attrs[i], &ad, &text ); @@ -191,10 +231,32 @@ bdb_attr_index_config( Debug( LDAP_DEBUG_CONFIG, "index %s 0x%04lx\n", ad->ad_cname.bv_val, mask, 0 ); - a->ai_desc = ad; a->ai_indexmask = mask; - +#ifdef LDAP_COMP_MATCH + if ( cr ) { + a_cr = avl_find( bdb->bi_attrs, ad, ainfo_type_cmp ); + if ( a_cr ) { + /* + * AttrInfo is already in AVL + * just add the extracted component reference + * in the AttrInfo + */ + rc = insert_component_reference( cr, &a_cr->ai_cr ); + if ( rc != LDAP_SUCCESS) { + fprintf( stderr, " error during inserting component reference in %s ", attrs[i]); + return LDAP_PARAM_ERROR; + } + continue; + } else { + rc = insert_component_reference( cr, &a->ai_cr ); + if ( rc != LDAP_SUCCESS) { + fprintf( stderr, " error during inserting component reference in %s ", attrs[i]); + return LDAP_PARAM_ERROR; + } + } + } +#endif rc = avl_insert( &bdb->bi_attrs, (caddr_t) a, ainfo_cmp, avl_dup_error ); diff --git a/servers/slapd/back-bdb/filterindex.c b/servers/slapd/back-bdb/filterindex.c index 62cd9b7f18..d1ab50e2ea 100644 --- a/servers/slapd/back-bdb/filterindex.c +++ b/servers/slapd/back-bdb/filterindex.c @@ -57,6 +57,16 @@ static int list_candidates( ID *tmp, ID *stack ); +#ifdef LDAP_COMP_MATCH +int +ext_candidates( + Operation *op, + MatchingRuleAssertion *mra, + ID *ids, + ID *tmp, + ID *stack); +#endif + int bdb_filter_candidates( Operation *op, @@ -147,7 +157,12 @@ bdb_filter_candidates( rc = list_candidates( op, f->f_or, LDAP_FILTER_OR, ids, tmp, stack ); break; - +#ifdef LDAP_COMP_MATCH + case LDAP_FILTER_EXT: + Debug( LDAP_DEBUG_FILTER, "\tEXT\n", 0, 0, 0 ); + rc = ext_candidates( op, f->f_mra, ids, tmp, stack ); + break; +#endif default: Debug( LDAP_DEBUG_FILTER, "\tUNKNOWN %lu\n", (unsigned long) f->f_choice, 0, 0 ); @@ -166,6 +181,242 @@ bdb_filter_candidates( return rc; } +#ifdef LDAP_COMP_MATCH +static int +comp_list_candidates( + Operation *op, + MatchingRuleAssertion* mra, + ComponentFilter *flist, + int ftype, + ID *ids, + ID *tmp, + ID *save ) +{ + struct bdb_info *bdb = (struct bdb_info *) op->o_bd->be_private; + int rc = 0; + ComponentFilter *f; + + Debug( LDAP_DEBUG_FILTER, "=> comp_list_candidates 0x%x\n", ftype, 0, 0 ); + for ( f = flist; f != NULL; f = f->cf_next ) { + /* ignore precomputed scopes */ + if ( f->cf_choice == SLAPD_FILTER_COMPUTED && + f->cf_result == LDAP_SUCCESS ) { + continue; + } + BDB_IDL_ZERO( save ); + rc = comp_candidates( op, mra, f, save, tmp, save+BDB_IDL_UM_SIZE ); + + if ( rc != 0 ) { + if ( ftype == LDAP_COMP_FILTER_AND ) { + rc = 0; + continue; + } + break; + } + + if ( ftype == LDAP_COMP_FILTER_AND ) { + if ( f == flist ) { + BDB_IDL_CPY( ids, save ); + } else { + bdb_idl_intersection( ids, save ); + } + if( BDB_IDL_IS_ZERO( ids ) ) + break; + } else { + if ( f == flist ) { + BDB_IDL_CPY( ids, save ); + } else { + bdb_idl_union( ids, save ); + } + } + } + + if( rc == LDAP_SUCCESS ) { + Debug( LDAP_DEBUG_FILTER, + "<= comp_list_candidates: id=%ld first=%ld last=%ld\n", + (long) ids[0], + (long) BDB_IDL_FIRST(ids), + (long) BDB_IDL_LAST(ids) ); + + } else { + Debug( LDAP_DEBUG_FILTER, + "<= comp_list_candidates: undefined rc=%d\n", + rc, 0, 0 ); + } + + return rc; +} + +int +comp_equality_candidates ( + Operation *op, + MatchingRuleAssertion *mra, + ComponentAssertion *ca, + ID *ids, + ID *tmp, + ID *stack) +{ + struct bdb_info *bdb = (struct bdb_info *) op->o_bd->be_private; + DB *db; + int i; + int rc; + slap_mask_t mask; + struct berval prefix = {0, NULL}; + struct berval *keys = NULL; + MatchingRule *mr = mra->ma_rule; + Syntax *sat_syntax; + ComponentReference* cr_list, *cr; + + BDB_IDL_ALL( bdb, ids ); + + bdb_attr_comp_ref ( op->o_bd->be_private, mra->ma_desc, &cr_list ); + if( !cr_list || !ca->ca_comp_ref ) + return 0; + /* find a component reference to be indexed */ + sat_syntax = ca->ca_ma_rule->smr_syntax; + for ( cr = cr_list ; cr ; cr = cr->cr_next ) { + if ( cr->cr_string.bv_len == ca->ca_comp_ref->cr_string.bv_len && + strncmp( cr->cr_string.bv_val, ca->ca_comp_ref->cr_string.bv_val,cr->cr_string.bv_len ) == 0 ) + break; + } + + if ( !cr ) + return 0; + + rc = bdb_index_param( op->o_bd, mra->ma_desc, LDAP_FILTER_EQUALITY, + &db, &mask, &prefix ); + + if( rc != LDAP_SUCCESS ) { + return 0; + } + if ( db == NULL ) { + return 0; + } + + if( !mr ) { + return 0; + } + + if( !mr->smr_filter ) { + return 0; + } + + rc = (ca->ca_ma_rule->smr_filter)( + LDAP_FILTER_EQUALITY, + cr->cr_indexmask, + sat_syntax, + ca->ca_ma_rule, + &prefix, + &ca->ca_ma_value, + &keys, op->o_tmpmemctx ); + + if( rc != LDAP_SUCCESS ) { + return 0; + } + + if( keys == NULL ) { + return 0; + } + for ( i= 0; keys[i].bv_val != NULL; i++ ) { + rc = bdb_key_read( op->o_bd, db, NULL, &keys[i], tmp, NULL, 0 ); + + if( rc == DB_NOTFOUND ) { + BDB_IDL_ZERO( ids ); + rc = 0; + break; + } else if( rc != LDAP_SUCCESS ) { + break; + } + + if( BDB_IDL_IS_ZERO( tmp ) ) { + BDB_IDL_ZERO( ids ); + break; + } + + if ( i == 0 ) { + BDB_IDL_CPY( ids, tmp ); + } else { + bdb_idl_intersection( ids, tmp ); + } + + if( BDB_IDL_IS_ZERO( ids ) ) + break; + } + ber_bvarray_free_x( keys, op->o_tmpmemctx ); + + Debug( LDAP_DEBUG_TRACE, + "<= comp_equality_candidates: id=%ld, first=%ld, last=%ld\n", + (long) ids[0], + (long) BDB_IDL_FIRST(ids), + (long) BDB_IDL_LAST(ids) ); + return( rc ); +} + +int +comp_candidates ( + Operation *op, + MatchingRuleAssertion *mra, + ComponentFilter *f, + ID *ids, + ID *tmp, + ID *stack) +{ + int rc; + + if ( !f ) return LDAP_PROTOCOL_ERROR; + + Debug( LDAP_DEBUG_FILTER, "comp_candidates\n", 0, 0, 0 ); + switch ( f->cf_choice ) { + case SLAPD_FILTER_COMPUTED: + rc = f->cf_result; + break; + case LDAP_COMP_FILTER_AND: + rc = comp_list_candidates( op, mra, f->cf_and, LDAP_COMP_FILTER_AND, ids, tmp, stack ); + break; + case LDAP_COMP_FILTER_OR: + rc = comp_list_candidates( op, mra, f->cf_or, LDAP_COMP_FILTER_OR, ids, tmp, stack ); + break; + case LDAP_COMP_FILTER_NOT: + /* No component indexing supported for NOT filter */ + Debug( LDAP_DEBUG_FILTER, "\tComponent NOT\n", 0, 0, 0 ); + { + struct bdb_info *bdb = (struct bdb_info *) op->o_bd->be_private; + BDB_IDL_ALL( bdb, ids ); + } + rc = LDAP_PROTOCOL_ERROR; + break; + case LDAP_COMP_FILTER_ITEM: + rc = comp_equality_candidates( op, mra, f->cf_ca, ids, tmp, stack ); + break; + default: + { + struct bdb_info *bdb = (struct bdb_info *) op->o_bd->be_private; + BDB_IDL_ALL( bdb, ids ); + } + rc = LDAP_PROTOCOL_ERROR; + } + + return( rc ); +} + +int +ext_candidates( + Operation *op, + MatchingRuleAssertion *mra, + ID *ids, + ID *tmp, + ID *stack) +{ + /* + * Currently Only Component Indexing for componentFilterMatch is supported + * Indexing for an extensible filter is not supported yet + */ + if ( !mra->ma_cf ) + return 0; + return comp_candidates ( op, mra, mra->ma_cf, ids, tmp, stack); +} +#endif + static int list_candidates( Operation *op, diff --git a/servers/slapd/back-bdb/index.c b/servers/slapd/back-bdb/index.c index 6889565618..a93fdc49a2 100644 --- a/servers/slapd/back-bdb/index.c +++ b/servers/slapd/back-bdb/index.c @@ -269,6 +269,10 @@ static int index_at_values( { int rc; slap_mask_t mask = 0; +#ifdef LDAP_COMP_MATCH + ComponentReference* cr_list, *cr; + AttributeDescription *comp_ad; +#endif if( type->sat_sup ) { /* recurse */ @@ -279,6 +283,17 @@ static int index_at_values( if( rc ) return rc; } +#ifdef LDAP_COMP_MATCH + /* component indexing */ + bdb_attr_comp_ref ( op->o_bd->be_private, type->sat_ad, &cr_list ); + if ( cr_list ) { + for( cr = cr_list ; cr ; cr = cr->cr_next ) { + rc = indexer( op, txn, cr->cr_ad, &type->sat_cname, + cr->cr_nvals, id, opid, + cr->cr_indexmask ); + } + } +#endif /* If this type has no AD, we've never used it before */ if( type->sat_ad ) { bdb_attr_mask( op->o_bd->be_private, type->sat_ad, &mask ); @@ -343,6 +358,17 @@ bdb_index_entry( { int rc; Attribute *ap = e->e_attrs; +#ifdef LDAP_COMP_MATCH + ComponentReference *cr_list = NULL; + ComponentReference *cr = NULL, *dupped_cr = NULL; + void* decoded_comp, *extracted_comp; + ComponentSyntaxInfo* csi_attr; + Syntax* syn; + AttributeType* at; + int i, num_attr; + void* mem_op; + struct berval value = {0}; +#endif Debug( LDAP_DEBUG_TRACE, "=> index_entry_%s( %ld, \"%s\" )\n", opid == SLAP_INDEX_ADD_OP ? "add" : "del", @@ -350,6 +376,58 @@ bdb_index_entry( /* add each attribute to the indexes */ for ( ; ap != NULL; ap = ap->a_next ) { +#ifdef LDAP_COMP_MATCH + /* see if attribute has components to be indexed */ + bdb_attr_comp_ref( op->o_bd->be_private, ap->a_desc->ad_type->sat_ad, &cr_list ); + if ( attr_converter && cr_list ) { + syn = ap->a_desc->ad_type->sat_syntax; + ap->a_comp_data = op->o_tmpalloc( sizeof( ComponentData ), op->o_tmpmemctx ); + /* Memory chunk(nibble) pre-allocation for decoders */ + mem_op = nibble_mem_allocator ( 1024*16, 1024*4 ); + ap->a_comp_data->cd_mem_op = mem_op; + for( cr = cr_list ; cr ; cr = cr->cr_next ) { + /* count how many values in an attribute */ + for( num_attr=0; ap->a_vals[num_attr].bv_val != NULL; num_attr++ ); + num_attr++; + cr->cr_nvals = (BerVarray)op->o_tmpalloc( sizeof( struct berval )*num_attr, op->o_tmpmemctx ); + for( i=0; ap->a_vals[i].bv_val != NULL; i++ ) { + /* decoding attribute value */ + decoded_comp = attr_converter ( ap, syn, &ap->a_vals[i] ); + if ( !decoded_comp ) + return LDAP_DECODING_ERROR; + /* extracting the referenced component */ + dupped_cr = dup_comp_ref( op, cr ); + csi_attr = ((ComponentSyntaxInfo*)decoded_comp)->csi_comp_desc->cd_extract_i( mem_op, dupped_cr, decoded_comp ); + if ( !csi_attr ) + return LDAP_DECODING_ERROR; + cr->cr_asn_type_id = csi_attr->csi_comp_desc->cd_type_id; + cr->cr_ad = (AttributeDescription*)get_component_description ( cr->cr_asn_type_id ); + if ( !cr->cr_ad ) + return LDAP_INVALID_SYNTAX; + at = cr->cr_ad->ad_type; + /* encoding the value of component in GSER */ + rc = component_encoder( mem_op, csi_attr, &value ); + if ( rc != LDAP_SUCCESS ) + return LDAP_ENCODING_ERROR; + /* Normalize the encoded component values */ + if ( at->sat_equality && at->sat_equality->smr_normalize ) { + rc = at->sat_equality->smr_normalize ( + SLAP_MR_VALUE_OF_ATTRIBUTE_SYNTAX, + at->sat_syntax, at->sat_equality, + &value, &cr->cr_nvals[i], op->o_tmpmemctx ); + } else { + cr->cr_nvals[i] = value; + } + } + /* The end of BerVarray */ + cr->cr_nvals[num_attr-1].bv_val = NULL; + cr->cr_nvals[num_attr-1].bv_len = 0; + } + op->o_tmpfree( ap->a_comp_data, op->o_tmpmemctx ); + nibble_mem_free ( mem_op ); + ap->a_comp_data = NULL; + } +#endif rc = bdb_index_values( op, txn, ap->a_desc, ap->a_nvals, e->e_id, opid ); diff --git a/servers/slapd/component.c b/servers/slapd/component.c index 6166db0c07..e9162495c1 100644 --- a/servers/slapd/component.c +++ b/servers/slapd/component.c @@ -34,12 +34,13 @@ */ alloc_nibble_func* nibble_mem_allocator = NULL; free_nibble_func* nibble_mem_free = NULL; -convert_attr_to_comp_func* attr_converter = NULL ; +convert_attr_to_comp_func* attr_converter = NULL; convert_assert_to_comp_func* assert_converter = NULL ; free_component_func* component_destructor = NULL ; test_component_func* test_components = NULL; test_membership_func* is_aliased_attribute = NULL; - +component_encoder_func* component_encoder = NULL; +get_component_info_func* get_component_description = NULL; #define OID_ALL_COMP_MATCH "1.2.36.79672281.1.13.6" #define OID_COMP_FILTER_MATCH "1.2.36.79672281.1.13.2" #define MAX_LDAP_STR_LEN 128 @@ -159,7 +160,7 @@ slapd_ber2cav( struct berval* bv, ComponentAssertionValue* cav ) return LDAP_SUCCESS; } -static ComponentReference* +ComponentReference* dup_comp_ref ( Operation* op, ComponentReference* cr ) { int rc, count = 0; @@ -511,6 +512,8 @@ comp_next_id( ComponentAssertionValue* cav ) else return LDAP_COMPREF_UNDEFINED; } + + static int get_component_reference( Operation *op, ComponentAssertionValue* cav, ComponentReference** cr, const char** text ) @@ -519,12 +522,13 @@ get_component_reference( Operation *op, ComponentAssertionValue* cav, ber_int_t type; ComponentReference* ca_comp_ref; ComponentId** cr_list; + char* start, *end; eat_whsp( cav ); + start = cav->cav_ptr; if ( ( rc = strip_cav_str( cav,"\"") ) != LDAP_SUCCESS ) return rc; - if ( op ) ca_comp_ref = op->o_tmpalloc( sizeof( ComponentReference ), op->o_tmpmemctx ); else @@ -545,7 +549,7 @@ get_component_reference( Operation *op, ComponentAssertionValue* cav, return rc; } ca_comp_ref->cr_len = count; - + end = cav->cav_ptr; if ( ( rc = strip_cav_str( cav,"\"") ) != LDAP_SUCCESS ) { if ( op ) op->o_tmpfree( ca_comp_ref , op->o_tmpmemctx ); @@ -563,9 +567,80 @@ get_component_reference( Operation *op, ComponentAssertionValue* cav, else free( ca_comp_ref ) ; + (*cr)->cr_string.bv_val = start; + (*cr)->cr_string.bv_len = end - start + 1; + return rc; } +int +insert_component_reference( ComponentReference *cr, ComponentReference** cr_list) { + if ( !cr ) + return LDAP_PARAM_ERROR; + if ( !(*cr_list) ) { + *cr_list = cr; + cr->cr_next = NULL; + } else { + cr->cr_next = *cr_list; + *cr_list = cr; + } + return LDAP_SUCCESS; +} + +/* + * If there is '.' in the name of a given attribute + * the first '.'- following characters are considered + * as a component reference of the attribute + * EX) userCertificate.toBeSigned.serialNumber + * attribute : userCertificate + * component reference : toBeSigned.serialNumber + */ +int +is_component_reference( char* attr ) { + int i; + for ( i=0; attr[i] != '\0' ; i++ ) { + if ( attr[i] == '.' ) + return (1); + } + return (0); +} + +int +extract_component_reference( char* attr, ComponentReference** cr ) { + int i, rc; + char* cr_ptr; + int cr_len; + ComponentAssertionValue cav; + char text[1][128]; + + for ( i=0; attr[i] != '\0' ; i++ ) { + if ( attr[i] == '.' ) break; + } + + if (attr[i] != '.' ) + return LDAP_PARAM_ERROR; + else + attr[i] = '\0'; + cr_ptr = attr + i + 1 ; + cr_len = strlen ( cr_ptr ); + if ( cr_len <= 0 ) + return LDAP_PARAM_ERROR; + + /* enclosed between double quotes*/ + cav.cav_ptr = cav.cav_buf = ch_malloc (cr_len+2); + memcpy( cav.cav_buf+1, cr_ptr, cr_len ); + cav.cav_buf[0] = '"'; + cav.cav_buf[cr_len+1] = '"'; + cav.cav_end = cr_ptr + cr_len + 2; + + rc = get_component_reference ( NULL, &cav, cr, (const char**)text ); + if ( rc != LDAP_SUCCESS ) + return rc; + (*cr)->cr_string.bv_val = cav.cav_buf; + (*cr)->cr_string.bv_len = cr_len + 2; + + return LDAP_SUCCESS; +} static int get_ca_use_default( Operation *op, ComponentAssertionValue* cav, int* ca_use_def, const char** text ) @@ -701,7 +776,7 @@ get_GSER_value( ComponentAssertionValue* cav, struct berval* bv ) succeed = 1; /*Find following white space where the value is ended*/ for( count = 1 ; ; count++ ) { - if ( cav->cav_ptr[count] == '\0' || cav->cav_ptr[count] == ' ' || (cav->cav_ptr+count) > cav->cav_end ) { + if ( cav->cav_ptr[count] == '\0' || cav->cav_ptr[count] == ' ' || cav->cav_ptr[count] == '}' || cav->cav_ptr[count] == '{' || (cav->cav_ptr+count) > cav->cav_end ) { break; } } @@ -826,11 +901,12 @@ get_item( Operation *op, ComponentAssertionValue* cav, ComponentAssertion** ca, free( _ca ); return LDAP_INVALID_SYNTAX; } + if ( ( rc = strip_cav_str( cav,",") ) != LDAP_SUCCESS ) + return rc; + } else { + _ca->ca_comp_ref = NULL; } - if ( ( rc = strip_cav_str( cav,",") ) != LDAP_SUCCESS ) - return rc; - rc = peek_cav_str( cav, "useDefaultValues"); if ( rc == LDAP_SUCCESS ) { rc = get_ca_use_default( op, cav, &_ca->ca_use_def, text ); @@ -875,9 +951,9 @@ get_item( Operation *op, ComponentAssertionValue* cav, ComponentAssertion** ca, value.bv_val[value.bv_len] = '\0'; rc = mr->smr_normalize ( - SLAP_MR_VALUE_OF_ASSERTION_SYNTAX, - NULL, mr, - &value, &_ca->ca_ma_value, op->o_tmpmemctx ); + SLAP_MR_VALUE_OF_ASSERTION_SYNTAX, + NULL, mr, + &value, &_ca->ca_ma_value, op->o_tmpmemctx ); if ( rc != LDAP_SUCCESS ) return rc; } @@ -1131,7 +1207,7 @@ test_comp_filter_item( if ( !a->a_comp_data && attr_converter && nibble_mem_allocator ) { a->a_comp_data = malloc( sizeof( ComponentData ) ); /* Memory chunk pre-allocation for decoders */ - a->a_comp_data->cd_mem_op = (void*) nibble_mem_allocator ( 1024, 128 ); + a->a_comp_data->cd_mem_op = nibble_mem_allocator ( 1024, 128 ); a->a_comp_data->cd_tree = attr_converter (a, syn, bv); } @@ -1160,7 +1236,8 @@ test_comp_filter_item( } /* component reference initialization */ - ca->ca_comp_ref->cr_curr = ca->ca_comp_ref->cr_list; + if ( ca->ca_comp_ref ) + ca->ca_comp_ref->cr_curr = ca->ca_comp_ref->cr_list; rc = test_components( attr_nm, assert_nm, (ComponentSyntaxInfo*)a->a_comp_data->cd_tree, ca ); /* free memory used for storing extracted attribute value */ @@ -1216,7 +1293,7 @@ static void free_comp_filter_list( ComponentFilter* f ) { ComponentFilter* tmp; - for ( tmp = f ; tmp; tmp = tmp->cf_next ); + for ( tmp = f; tmp; tmp = tmp->cf_next ) { free_comp_filter( tmp ); } @@ -1225,6 +1302,10 @@ free_comp_filter_list( ComponentFilter* f ) static void free_comp_filter( ComponentFilter* f ) { + if ( !f ) { + Debug( LDAP_DEBUG_FILTER, "free_comp_filter:Invalid filter so failed to release memory\n", 0, 0, 0 ); + return; + } switch ( f->cf_choice ) { case LDAP_COMP_FILTER_AND: case LDAP_COMP_FILTER_OR: diff --git a/servers/slapd/proto-slap.h b/servers/slapd/proto-slap.h index 9237cc7629..cc8f4fa494 100644 --- a/servers/slapd/proto-slap.h +++ b/servers/slapd/proto-slap.h @@ -380,6 +380,15 @@ LDAP_SLAPD_V (test_membership_func*) is_aliased_attribute; LDAP_SLAPD_V (free_component_func*) component_destructor; +LDAP_SLAPD_V (get_component_info_func*) get_component_description; + +LDAP_SLAPD_V (component_encoder_func*) component_encoder; + +LDAP_SLAPD_V (convert_attr_to_comp_func*) attr_converter; + +LDAP_SLAPD_V (alloc_nibble_func*) nibble_mem_allocator; + +LDAP_SLAPD_V (free_nibble_func*) nibble_mem_free; #endif /* diff --git a/servers/slapd/slap.h b/servers/slapd/slap.h index 3dd62fcfdd..4cebe94fc8 100644 --- a/servers/slapd/slap.h +++ b/servers/slapd/slap.h @@ -2700,6 +2700,12 @@ typedef struct slap_component_reference { ComponentId *cr_curr; struct berval cr_string; int cr_len; + /* Component Indexing */ + int cr_asn_type_id; + slap_mask_t cr_indexmask; + AttributeDescription* cr_ad; + BerVarray cr_nvals; + struct slap_component_reference* cr_next; } ComponentReference; typedef struct slap_component_assertion { @@ -2736,11 +2742,9 @@ typedef struct slap_component_assertion_value { char* cav_end; } ComponentAssertionValue; -#if 0 typedef int encoder_func LDAP_P(( void* b, void* comp)); -#endif struct slap_component_syntax_info; @@ -2788,7 +2792,8 @@ typedef void free_nibble_func LDAP_P (( void* nm )); struct slap_component_syntax_info; -typedef void* convert_assert_to_comp_func LDAP_P (( +typedef void convert_assert_to_comp_func LDAP_P (( + void *mem_op, struct slap_component_syntax_info* csi_attr, struct berval* bv, struct slap_component_syntax_info** csi, @@ -2811,16 +2816,33 @@ typedef int test_component_func LDAP_P (( typedef void* test_membership_func LDAP_P (( void* in )); +typedef void* get_component_info_func LDAP_P (( + int in )); + +struct slap_component_syntax_info; + +typedef int component_encoder_func LDAP_P (( + void* mem_op, + struct slap_component_syntax_info* csi, + struct berval* nvals )); + typedef int allcomponent_matching_func LDAP_P(( char* oid, struct slap_component_syntax_info* comp1, struct slap_component_syntax_info* comp)); -typedef struct slap_component_desc{ +typedef struct slap_component_desc { + /* Don't change the order of following four fields */ int cd_tag; + AttributeType *cd_comp_type; + struct berval cd_padding[2];/* ad_type, ad_cname */ + unsigned cd_flags; /*ad_flags*/ int cd_type; int cd_type_id; int cd_compref_type; + encoder_func *cd_ldap_encoder; + encoder_func *cd_gser_encoder; + encoder_func *cd_ber_encoder; gser_decoder_func *cd_gser_decoder; ber_decoder_func *cd_ber_decoder; comp_free_func *cd_free; diff --git a/tests/scripts/test031-component-filter b/tests/scripts/test031-component-filter index 3d16080fcd..5698e02cd2 100755 --- a/tests/scripts/test031-component-filter +++ b/tests/scripts/test031-component-filter @@ -82,7 +82,7 @@ cat /dev/null > $SEARCHOUT echo "Testing Component Filter Match RFC3687 Certificate searching:" echo "# Testing Component Filter Match RFC3687 Certificate searching:" >> $SEARCHOUT -FILTER="(userCertificate:componentFilterMatch:=item:{ component \"tbsCertificate.serialNumber\", rule allComponentsMatch, value 0 })" +FILTER="(userCertificate:componentFilterMatch:=item:{ component \"toBeSigned.serialNumber\", rule allComponentsMatch, value 0 })" echo " f=$FILTER ..." echo "# f=$FILTER ..." >> $SEARCHOUT $LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \ @@ -95,7 +95,7 @@ if test $RC != 0 ; then exit $RC fi -FILTER="(userCertificate:componentFilterMatch:=item:{ component \"tbsCertificate.version\", rule allComponentsMatch, value 2 })" +FILTER="(userCertificate:componentFilterMatch:=item:{ component \"toBeSigned.version\", rule allComponentsMatch, value 2 })" echo " f=$FILTER ..." echo "# f=$FILTER ..." >> $SEARCHOUT $LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \ @@ -108,7 +108,7 @@ if test $RC != 0 ; then exit $RC fi -FILTER="(userCertificate:componentFilterMatch:=item:{ component \"tbsCertificate.issuer.rdnSequence.1.1.value\", rule caseExactMatch, value \"US\" })" +FILTER="(userCertificate:componentFilterMatch:=item:{ component \"toBeSigned.issuer.rdnSequence.1.1.value\", rule caseExactMatch, value \"US\" })" echo " f=$FILTER ..." echo "# f=$FILTER ..." >> $SEARCHOUT $LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \ @@ -121,7 +121,7 @@ if test $RC != 0 ; then exit $RC fi -FILTER="(userCertificate:componentFilterMatch:=item:{ component \"tbsCertificate.issuer.rdnSequence.1.1.value\", rule allComponentsMatch, value \"US\" })" +FILTER="(userCertificate:componentFilterMatch:=item:{ component \"toBeSigned.issuer.rdnSequence.1.1.value\", rule allComponentsMatch, value \"US\" })" echo " f=$FILTER ..." echo "# f=$FILTER ..." >> $SEARCHOUT $LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \ @@ -134,7 +134,7 @@ if test $RC != 0 ; then exit $RC fi -FILTER="(userCertificate:componentFilterMatch:=item:{ component \"tbsCertificate.issuer.rdnSequence\", rule allComponentsMatch, value { { { type 2.5.4.6 , value \"US\" } } } })" +FILTER="(userCertificate:componentFilterMatch:=item:{ component \"toBeSigned.issuer.rdnSequence\", rule allComponentsMatch, value { { { type 2.5.4.6 , value \"US\" } } } })" echo " f=$FILTER ..." echo "# f=$FILTER ..." >> $SEARCHOUT $LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \ @@ -147,7 +147,7 @@ if test $RC != 0 ; then exit $RC fi -FILTER="(userCertificate:componentFilterMatch:=item:{ component \"tbsCertificate.extensions.0\", rule integerMatch, value 3 })" +FILTER="(userCertificate:componentFilterMatch:=item:{ component \"toBeSigned.extensions.0\", rule integerMatch, value 3 })" echo " f=$FILTER ..." echo "# f=$FILTER ..." >> $SEARCHOUT $LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \ @@ -160,7 +160,7 @@ if test $RC != 0 ; then exit $RC fi -FILTER="(userCertificate:componentFilterMatch:=item:{component \"tbsCertificate.extensions.\2a.extnID\",rule allComponentsMatch, value 2.5.29.14 })" +FILTER="(userCertificate:componentFilterMatch:=item:{component \"toBeSigned.extensions.\2a.extnID\",rule allComponentsMatch, value 2.5.29.14 })" echo " f=$FILTER ..." echo "# f=$FILTER ..." >> $SEARCHOUT $LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \ @@ -173,7 +173,7 @@ if test $RC != 0 ; then exit $RC fi -FILTER="(userCertificate:componentFilterMatch:=not:item:{component \"tbsCertificate.extensions.\2a\",rule allComponentsMatch, value { extnID 2.5.29.19 , extnValue '30030101FF'H })" +FILTER="(userCertificate:componentFilterMatch:=not:item:{component \"toBeSigned.extensions.\2a\",rule allComponentsMatch, value { extnID 2.5.29.19 , extnValue '30030101FF'H })" echo " f=$FILTER ..." echo "# f=$FILTER ..." >> $SEARCHOUT $LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \ @@ -186,7 +186,7 @@ if test $RC != 0 ; then exit $RC fi -FILTER="(userCertificate:componentFilterMatch:=item:{ component \"tbsCertificate.issuer.rdnSequence\", rule distinguishedNameMatch, value \"c=US\" })" +FILTER="(userCertificate:componentFilterMatch:=item:{ component \"toBeSigned.issuer.rdnSequence\", rule distinguishedNameMatch, value \"c=US\" })" echo " f=$FILTER ..." echo "# f=$FILTER ..." >> $SEARCHOUT $LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \ @@ -199,7 +199,7 @@ if test $RC != 0 ; then exit $RC fi -FILTER="(userCertificate:componentFilterMatch:=item:{ component \"tbsCertificate.issuer.rdnSequence.1\", rule rdnMatch, value \"c=US\" })" +FILTER="(userCertificate:componentFilterMatch:=item:{ component \"toBeSigned.issuer.rdnSequence.1\", rule rdnMatch, value \"c=US\" })" echo " f=$FILTER ..." echo "# f=$FILTER ..." >> $SEARCHOUT $LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \ @@ -212,7 +212,7 @@ if test $RC != 0 ; then exit $RC fi -FILTER="(userCertificate:componentFilterMatch:=item:{ component \"tbsCertificate.extensions.\2a.extnValue.content.\282.5.29.35\29.authorityCertSerialNumber\", rule integerMatch, value 0 })" +FILTER="(userCertificate:componentFilterMatch:=item:{ component \"toBeSigned.extensions.\2a.extnValue.content.\282.5.29.35\29.authorityCertSerialNumber\", rule integerMatch, value 0 })" echo " f=$FILTER ..." echo "# f=$FILTER ..." >> $SEARCHOUT $LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \ @@ -226,7 +226,7 @@ if test $RC != 0 ; then fi -FILTER="(userCertificate:componentFilterMatch:=item:{ component \"tbsCertificate.subject.rdnSequence.\2a\", rule rdnMatch, value \"c=US\" })" +FILTER="(userCertificate:componentFilterMatch:=item:{ component \"toBeSigned.subject.rdnSequence.\2a\", rule rdnMatch, value \"c=US\" })" echo " f=$FILTER ..." echo "# f=$FILTER ..." >> $SEARCHOUT $LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \ @@ -239,7 +239,7 @@ if test $RC != 0 ; then exit $RC fi -FILTER="(userCertificate:componentFilterMatch:=item:{ component \"tbsCertificate.subject.rdnSequence.\2a.\2a.value.\282.5.4.6\29\", rule caseExactMatch, value \"US\" })" +FILTER="(userCertificate:componentFilterMatch:=item:{ component \"toBeSigned.subject.rdnSequence.\2a.\2a.value.\282.5.4.6\29\", rule caseExactMatch, value \"US\" })" echo " f=$FILTER ..." echo "# f=$FILTER ..." >> $SEARCHOUT $LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \ -- 2.39.5