/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2013 The OpenLDAP Foundation.
+ * Copyright 1998-2017 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
return LDAP_SUCCESS;
}
+/* accept a PKCS#8 private key */
+static int
+privateKeyValidate(
+ Syntax *syntax,
+ struct berval *val )
+{
+ BerElementBuffer berbuf;
+ BerElement *ber = (BerElement *)&berbuf;
+ ber_tag_t tag;
+ ber_len_t len;
+ ber_int_t version;
+
+ ber_init2( ber, val, LBER_USE_DER );
+ tag = ber_skip_tag( ber, &len ); /* Sequence */
+ if ( tag != LBER_SEQUENCE ) return LDAP_INVALID_SYNTAX;
+ tag = ber_peek_tag( ber, &len );
+ if ( tag != LBER_INTEGER ) return LDAP_INVALID_SYNTAX;
+ tag = ber_get_int( ber, &version );
+ tag = ber_skip_tag( ber, &len ); /* AlgorithmIdentifier */
+ if ( tag != LBER_SEQUENCE ) return LDAP_INVALID_SYNTAX;
+ ber_skip_data( ber, len );
+ tag = ber_skip_tag( ber, &len ); /* PrivateKey */
+ if ( tag != LBER_OCTETSTRING ) return LDAP_INVALID_SYNTAX;
+ ber_skip_data( ber, len );
+ tag = ber_skip_tag( ber, &len );
+ if ( tag == LBER_SET ) { /* Optional Attributes */
+ ber_skip_data( ber, len );
+ tag = ber_skip_tag( ber, &len );
+ }
+
+ /* Must be at end now */
+ if ( len || tag != LBER_DEFAULT ) return LDAP_INVALID_SYNTAX;
+ return LDAP_SUCCESS;
+}
+
int
octetStringMatch(
int *matchp,
void *ctx )
{
int i;
- size_t slen, mlen;
BerVarray keys;
HASH_CONTEXT HASHcontext;
unsigned char HASHdigest[HASH_BYTES];
keys = slap_sl_malloc( sizeof( struct berval ) * (i+1), ctx );
- slen = syntax->ssyn_oidlen;
- mlen = mr->smr_oidlen;
-
hashPreset( &HASHcontext, prefix, 0, syntax, mr);
for( i=0; !BER_BVISNULL( &values[i] ); i++ ) {
hashIter( &HASHcontext, HASHdigest,
BerVarray *keysp,
void *ctx )
{
- size_t slen, mlen;
BerVarray keys;
HASH_CONTEXT HASHcontext;
unsigned char HASHdigest[HASH_BYTES];
digest.bv_val = (char *)HASHdigest;
digest.bv_len = HASH_LEN;
- slen = syntax->ssyn_oidlen;
- mlen = mr->smr_oidlen;
-
keys = slap_sl_malloc( sizeof( struct berval ) * 2, ctx );
hashPreset( &HASHcontext, prefix, 0, syntax, mr );
void *ctx )
{
ber_len_t i, nkeys;
- size_t slen, mlen;
BerVarray keys;
HASH_CONTEXT HCany, HCini, HCfin;
keys = slap_sl_malloc( sizeof( struct berval ) * (nkeys+1), ctx );
- slen = syntax->ssyn_oidlen;
- mlen = mr->smr_oidlen;
-
if ( flags & SLAP_INDEX_SUBSTR_ANY )
hashPreset( &HCany, prefix, SLAP_INDEX_SUBSTR_PREFIX, syntax, mr );
if( flags & SLAP_INDEX_SUBSTR_INITIAL )
SubstringsAssertion *sa;
char pre;
ber_len_t nkeys = 0;
- size_t slen, mlen, klen;
+ size_t klen;
BerVarray keys;
HASH_CONTEXT HASHcontext;
unsigned char HASHdigest[HASH_BYTES];
digest.bv_val = (char *)HASHdigest;
digest.bv_len = HASH_LEN;
- slen = syntax->ssyn_oidlen;
- mlen = mr->smr_oidlen;
-
keys = slap_sl_malloc( sizeof( struct berval ) * (nkeys+1), ctx );
nkeys = 0;
Syntax *syntax,
struct berval *in )
{
- ber_len_t count;
int len;
- unsigned char *u = (unsigned char *)in->bv_val;
+ unsigned char *u = (unsigned char *)in->bv_val, *end = (unsigned char *)in->bv_val + in->bv_len;
if( BER_BVISEMPTY( in ) && syntax == slap_schema.si_syn_directoryString ) {
/* directory strings cannot be empty */
return LDAP_INVALID_SYNTAX;
}
- for( count = in->bv_len; count > 0; count -= len, u += len ) {
+ for( ; u < end; u += len ) {
/* get the length indicated by the first byte */
len = LDAP_UTF8_CHARLEN2( u, len );
if( LDAP_UTF8_OFFSET( (char *)u ) != len ) return LDAP_INVALID_SYNTAX;
}
- if( count != 0 ) {
+ if( u > end ) {
return LDAP_INVALID_SYNTAX;
}
return LDAP_SUCCESS;
}
-/* Remove all spaces and '-' characters */
+/* Remove all spaces and '-' characters, unless the result would be empty */
static int
telephoneNumberNormalize(
slap_mask_t usage,
assert( SLAP_MR_IS_VALUE_OF_SYNTAX( usage ) != 0 );
- /* validator should have refused an empty string */
- assert( !BER_BVISEMPTY( val ) );
+ /* Ensure q is big enough, though validator should have caught this */
+ if ( BER_BVISEMPTY( val )) {
+ BER_BVZERO( normalized );
+ return LDAP_INVALID_SYNTAX;
+ }
q = normalized->bv_val = slap_sl_malloc( val->bv_len + 1, ctx );
*q++ = *p;
}
}
+ if ( q == normalized->bv_val ) {
+ *q++ = ' ';
+ }
*q = '\0';
normalized->bv_len = q - normalized->bv_val;
- if( BER_BVISEMPTY( normalized ) ) {
- slap_sl_free( normalized->bv_val, ctx );
- BER_BVZERO( normalized );
- return LDAP_INVALID_SYNTAX;
- }
-
return LDAP_SUCCESS;
}
itmp.bv_len = maxstrlen;
}
rc = integerVal2Key( &values[i], &keys[i], &itmp, ctx );
- if ( rc )
+ if ( rc ) {
+ slap_sl_free( keys, ctx );
goto func_leave;
+ }
}
*keysp = keys;
func_leave:
}
rc = integerVal2Key( value, keys, &iv, ctx );
- if ( rc == 0 )
- *keysp = keys;
if ( iv.bv_val != ibuf ) {
slap_sl_free( iv.bv_val, ctx );
}
+
+ if ( rc == 0 )
+ *keysp = keys;
+ else
+ slap_sl_free( keys, ctx );
+
return rc;
}
}
if ( is->bv_val[is->bv_len+1] == '"' ) {
/* double dquote */
+ numdquotes++;
is->bv_len += 2;
continue;
}
tag = ber_skip_tag( ber, &len ); /* SignatureAlg */
ber_skip_data( ber, len );
tag = ber_peek_tag( ber, &len ); /* IssuerDN */
- len = ber_ptrlen( ber );
- bvdn.bv_val = val->bv_val + len;
- bvdn.bv_len = val->bv_len - len;
+ if ( len ) {
+ len = ber_ptrlen( ber );
+ bvdn.bv_val = val->bv_val + len;
+ bvdn.bv_len = val->bv_len - len;
- rc = dnX509normalize( &bvdn, &issuer_dn );
- if ( rc != LDAP_SUCCESS ) goto done;
+ rc = dnX509normalize( &bvdn, &issuer_dn );
+ if ( rc != LDAP_SUCCESS ) goto done;
+ }
normalized->bv_len = STRLENOF( "{ serialNumber , issuer rdnSequence:\"\" }" )
+ sn2.bv_len + issuer_dn.bv_len;
}
if ( is->bv_val[is->bv_len+1] == '"' ) {
/* double dquote */
+ numdquotes++;
is->bv_len += 2;
continue;
}
}
if ( is->bv_val[is->bv_len + 1] == '"' ) {
/* double dquote */
+ numdquotes++;
is->bv_len += 2;
continue;
}
{"( 1.3.6.1.4.1.4203.666.2.7 DESC 'OpenLDAP authz' )",
SLAP_SYNTAX_HIDE, NULL, authzValidate, authzPretty},
+ /* PKCS#8 Private Keys for X.509 certificates */
+ {"( 1.3.6.1.4.1.4203.666.2.13 DESC 'OpenLDAP privateKey' )",
+ SLAP_SYNTAX_BINARY|SLAP_SYNTAX_BER, NULL, privateKeyValidate, NULL},
{NULL, 0, NULL, NULL, NULL}
};
NULL, NULL,
NULL},
+ {"( 1.3.6.1.4.1.4203.666.4.13 NAME 'privateKeyMatch' "
+ "SYNTAX 1.3.6.1.4.1.4203.666.2.13 )", /* OpenLDAP privateKey */
+ SLAP_MR_HIDE | SLAP_MR_EQUALITY, NULL,
+ NULL, NULL, octetStringMatch,
+ NULL, NULL,
+ NULL},
+
{NULL, SLAP_MR_NONE, NULL,
NULL, NULL, NULL, NULL, NULL,
NULL }
projects / openldap / blobdiff