schema_init.c 91.6 KB
Newer Older
1
2
3
/* schema_init.c - init builtin schema */
/* $OpenLDAP$ */
/*
Kurt Zeilenga's avatar
Kurt Zeilenga committed
4
 * Copyright 1998-2000 The OpenLDAP Foundation, All Rights Reserved.
5
6
7
8
9
10
11
12
 * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
 */

#include "portable.h"

#include <stdio.h>

#include <ac/ctype.h>
13
#include <ac/errno.h>
14
15
16
17
18
#include <ac/string.h>
#include <ac/socket.h>

#include "slap.h"
#include "ldap_pvt.h"
19

20
21
#include "ldap_utf8.h"

22
23
24
25
26
27
28
#include "lutil_hash.h"
/* We should replace MD5 with a faster hash */
#define HASH_BYTES				LUTIL_HASH_BYTES
#define HASH_CONTEXT			lutil_HASH_CTX
#define HASH_Init(c)			lutil_HASHInit(c)
#define HASH_Update(c,buf,len)	lutil_HASHUpdate(c,buf,len)
#define HASH_Final(d,c)			lutil_HASHFinal(d,c)
29

30
/* recycled validatation routines */
31
#define berValidate						blobValidate
32
33
34
35

/* unimplemented pretters */
#define dnPretty						NULL
#define integerPretty					NULL
36
37

/* recycled matching routines */
38
#define bitStringMatch					octetStringMatch
39
#define integerMatch					caseIgnoreIA5Match
40
41
42
#define numericStringMatch				caseIgnoreIA5Match
#define objectIdentifierMatch			caseIgnoreIA5Match
#define telephoneNumberMatch			caseIgnoreIA5Match
43
#define telephoneNumberSubstringsMatch	caseIgnoreIA5SubstringsMatch
44
45
#define generalizedTimeMatch			caseIgnoreIA5Match
#define generalizedTimeOrderingMatch	caseIgnoreIA5Match
46
#define uniqueMemberMatch				dnMatch
47

48
49
/* approx matching rules */
#define directoryStringApproxMatchOID	"1.3.6.1.4.1.4203.666.4.4"
Gary Williams's avatar
Gary Williams committed
50
51
52
#define directoryStringApproxMatch	approxMatch
#define directoryStringApproxIndexer	approxIndexer
#define directoryStringApproxFilter	approxFilter
53
#define IA5StringApproxMatchOID			"1.3.6.1.4.1.4203.666.4.5"
Gary Williams's avatar
Gary Williams committed
54
#define IA5StringApproxMatch			approxMatch
55
#define IA5StringApproxIndexer			approxIndexer
Gary Williams's avatar
Gary Williams committed
56
#define IA5StringApproxFilter			approxFilter
57

58
59
60
61
/* orderring matching rules */
#define caseIgnoreOrderingMatch			caseIgnoreMatch
#define caseExactOrderingMatch			caseExactMatch

62
/* unimplemented matching routines */
63
64
65
66
67
68
69
#define caseIgnoreListMatch				NULL
#define caseIgnoreListSubstringsMatch	NULL
#define protocolInformationMatch		NULL
#define integerFirstComponentMatch		NULL

#define OpenLDAPaciMatch				NULL
#define authPasswordMatch				NULL
70
71

/* recycled indexing/filtering routines */
72
73
#define dnIndexer				caseExactIgnoreIndexer
#define dnFilter				caseExactIgnoreFilter
74
75
#define integerIndexer					caseIgnoreIA5Indexer
#define integerFilter					caseIgnoreIA5Filter
76

77
78
79
80
81
#define telephoneNumberIndexer			caseIgnoreIA5Indexer
#define telephoneNumberFilter			caseIgnoreIA5Filter
#define telephoneNumberSubstringsIndexer	caseIgnoreIA5SubstringsIndexer
#define telephoneNumberSubstringsFilter		caseIgnoreIA5SubstringsFilter

82
83
84
85
/* must match OIDs below */
#define caseExactMatchOID			"2.5.13.5"
#define caseExactSubstringsMatchOID		"2.5.13.7"

86
87
88
89
static char *strcasechr( const char *str, int c )
{
	char *lower = strchr( str, TOLOWER(c) );
	char *upper = strchr( str, TOUPPER(c) );
90

91
92
93
94
95
96
97
98
	if( lower && upper ) {
		return lower < upper ? lower : upper;
	} else if ( lower ) {
		return lower;
	} else {
		return upper;
	}
}
99

100
101
102
static int
octetStringMatch(
	int *matchp,
103
	slap_mask_t flags,
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
	Syntax *syntax,
	MatchingRule *mr,
	struct berval *value,
	void *assertedValue )
{
	int match = value->bv_len - ((struct berval *) assertedValue)->bv_len;

	if( match == 0 ) {
		match = memcmp( value->bv_val,
			((struct berval *) assertedValue)->bv_val,
			value->bv_len );
	}

	*matchp = match;
	return LDAP_SUCCESS;
}

/* Index generation function */
int octetStringIndexer(
123
124
	slap_mask_t use,
	slap_mask_t flags,
125
126
127
128
129
130
131
132
133
	Syntax *syntax,
	MatchingRule *mr,
	struct berval *prefix,
	struct berval **values,
	struct berval ***keysp )
{
	int i;
	size_t slen, mlen;
	struct berval **keys;
134
	HASH_CONTEXT   HASHcontext;
Gary Williams's avatar
Gary Williams committed
135
	unsigned char	HASHdigest[HASH_BYTES];
136
	struct berval digest;
137
138
	digest.bv_val = HASHdigest;
	digest.bv_len = sizeof(HASHdigest);
139
140
141
142
143

	for( i=0; values[i] != NULL; i++ ) {
		/* just count them */
	}

Kurt Zeilenga's avatar
Kurt Zeilenga committed
144
145
146
	/* we should have at least one value at this point */
	assert( i > 0 );

147
148
149
150
151
152
	keys = ch_malloc( sizeof( struct berval * ) * (i+1) );

	slen = strlen( syntax->ssyn_oid );
	mlen = strlen( mr->smr_oid );

	for( i=0; values[i] != NULL; i++ ) {
153
		HASH_Init( &HASHcontext );
154
		if( prefix != NULL && prefix->bv_len > 0 ) {
155
			HASH_Update( &HASHcontext,
156
157
				prefix->bv_val, prefix->bv_len );
		}
158
		HASH_Update( &HASHcontext,
159
			syntax->ssyn_oid, slen );
160
		HASH_Update( &HASHcontext,
161
			mr->smr_oid, mlen );
162
		HASH_Update( &HASHcontext,
163
			values[i]->bv_val, values[i]->bv_len );
164
		HASH_Final( HASHdigest, &HASHcontext );
165
166
167
168
169
170
171
172
173
174
175
176
177

		keys[i] = ber_bvdup( &digest );
	}

	keys[i] = NULL;

	*keysp = keys;

	return LDAP_SUCCESS;
}

/* Index generation function */
int octetStringFilter(
178
179
	slap_mask_t use,
	slap_mask_t flags,
180
181
182
183
184
185
186
187
	Syntax *syntax,
	MatchingRule *mr,
	struct berval *prefix,
	void * assertValue,
	struct berval ***keysp )
{
	size_t slen, mlen;
	struct berval **keys;
188
	HASH_CONTEXT   HASHcontext;
Gary Williams's avatar
Gary Williams committed
189
	unsigned char	HASHdigest[HASH_BYTES];
190
191
	struct berval *value = (struct berval *) assertValue;
	struct berval digest;
192
193
	digest.bv_val = HASHdigest;
	digest.bv_len = sizeof(HASHdigest);
194
195
196
197
198
199

	slen = strlen( syntax->ssyn_oid );
	mlen = strlen( mr->smr_oid );

	keys = ch_malloc( sizeof( struct berval * ) * 2 );

200
	HASH_Init( &HASHcontext );
201
	if( prefix != NULL && prefix->bv_len > 0 ) {
202
		HASH_Update( &HASHcontext,
203
204
			prefix->bv_val, prefix->bv_len );
	}
205
	HASH_Update( &HASHcontext,
206
		syntax->ssyn_oid, slen );
207
	HASH_Update( &HASHcontext,
208
		mr->smr_oid, mlen );
209
	HASH_Update( &HASHcontext,
210
		value->bv_val, value->bv_len );
211
	HASH_Final( HASHdigest, &HASHcontext );
212
213
214
215
216
217
218
219

	keys[0] = ber_bvdup( &digest );
	keys[1] = NULL;

	*keysp = keys;

	return LDAP_SUCCESS;
}
220

221
222
223
224
225
226
227
228
229
230
static int
dnValidate(
	Syntax *syntax,
	struct berval *in )
{
	int rc;
	char *dn;

	if( in->bv_len == 0 ) return LDAP_SUCCESS;

231
	dn = ch_strdup( in->bv_val );
232

233
	if( dn == NULL ) {
Kurt Zeilenga's avatar
Kurt Zeilenga committed
234
		return LDAP_INVALID_SYNTAX;
235

236
	} else if ( strlen( in->bv_val ) != in->bv_len ) {
Kurt Zeilenga's avatar
Kurt Zeilenga committed
237
		rc = LDAP_INVALID_SYNTAX;
238

239
	} else if ( dn_validate( dn ) == NULL ) {
Kurt Zeilenga's avatar
Kurt Zeilenga committed
240
		rc = LDAP_INVALID_SYNTAX;
241
242
243
244
245
246

	} else {
		rc = LDAP_SUCCESS;
	}

	ch_free( dn );
247
248
249
	return rc;
}

250
int
251
252
253
254
255
dnNormalize(
	Syntax *syntax,
	struct berval *val,
	struct berval **normalized )
{
256
	struct berval *out;
257

258
259
260
	if ( val->bv_len != 0 ) {
		char *dn;
		out = ber_bvstr( UTF8normalize( val->bv_val, UTF8_CASEFOLD ) );
Kurt Zeilenga's avatar
Kurt Zeilenga committed
261

262
263
		dn = dn_validate( out->bv_val );

264
		if( dn == NULL ) {
265
266
267
			ber_bvfree( out );
			return LDAP_INVALID_SYNTAX;
		}
268

269
270
271
272
		out->bv_val = dn;
		out->bv_len = strlen( dn );
	} else {
		out = ber_bvdup( val );
273
274
275
276
277
278
279
280
	}

	*normalized = out;
	return LDAP_SUCCESS;
}

static int
dnMatch(
281
	int *matchp,
282
	slap_mask_t flags,
283
284
285
286
287
	Syntax *syntax,
	MatchingRule *mr,
	struct berval *value,
	void *assertedValue )
{
288
	int match;
289
290
	struct berval *asserted = (struct berval *) assertedValue;
	
291
292
293
	match = value->bv_len - asserted->bv_len;

	if( match == 0 ) {
294
#ifdef USE_DN_NORMALIZE
295
		match = strcmp( value->bv_val, asserted->bv_val );
296
#else
297
		match = strcasecmp( value->bv_val, asserted->bv_val );
298
#endif
299
300
	}

301
#ifdef NEW_LOGGING
Gary Williams's avatar
Gary Williams committed
302
	LDAP_LOG(( "schema", LDAP_LEVEL_ENTRY,
Kurt Zeilenga's avatar
Kurt Zeilenga committed
303
304
		"dnMatch: %d\n    %s\n    %s\n", match,
		value->bv_val, asserted->bv_val ));
305
#else
306
	Debug( LDAP_DEBUG_ARGS, "dnMatch %d\n\t\"%s\"\n\t\"%s\"\n",
Kurt Zeilenga's avatar
Kurt Zeilenga committed
307
		match, value->bv_val, asserted->bv_val );
308
309
#endif

310
311
312

	*matchp = match;
	return LDAP_SUCCESS;
313
}
314

315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
static int
nameUIDValidate(
	Syntax *syntax,
	struct berval *in )
{
	int rc;
	struct berval *dn;

	if( in->bv_len == 0 ) return LDAP_SUCCESS;

	dn = ber_bvdup( in );

	if( dn->bv_val[dn->bv_len-1] == '\'' ) {
		/* assume presence of optional UID */
		ber_len_t i;

		for(i=dn->bv_len-2; i>2; i--) {
			if( dn->bv_val[i] != '0' &&	dn->bv_val[i] != '1' ) {
				break;
			}
		}
		if( dn->bv_val[i] != '\'' ) {
			return LDAP_INVALID_SYNTAX;
		}
		if( dn->bv_val[i-1] != 'B' ) {
			return LDAP_INVALID_SYNTAX;
		}
		if( dn->bv_val[i-2] != '#' ) {
			return LDAP_INVALID_SYNTAX;
		}

		/* trim the UID to allow use of dn_validate */
		dn->bv_val[i-2] = '\0';
	}

	rc = dn_validate( dn->bv_val ) == NULL
		? LDAP_INVALID_SYNTAX : LDAP_SUCCESS;

	ber_bvfree( dn );
	return rc;
}

static int
nameUIDNormalize(
	Syntax *syntax,
	struct berval *val,
	struct berval **normalized )
{
	struct berval *out = ber_bvdup( val );

	if( out->bv_len != 0 ) {
		char *dn;
		ber_len_t dnlen;
		char *uid = NULL;
		ber_len_t uidlen = 0;

		if( out->bv_val[out->bv_len-1] == '\'' ) {
			/* assume presence of optional UID */
			uid = strrchr( out->bv_val, '#' );

			if( uid == NULL ) {
				ber_bvfree( out );
				return LDAP_INVALID_SYNTAX;
			}

			uidlen = out->bv_len - (out->bv_val - uid);
			/* temporarily trim the UID */
			*uid = '\0';
		}

#ifdef USE_DN_NORMALIZE
		dn = dn_normalize( out->bv_val );
#else
		dn = dn_validate( out->bv_val );
#endif

		if( dn == NULL ) {
			ber_bvfree( out );
			return LDAP_INVALID_SYNTAX;
		}

		dnlen = strlen(dn);

		if( uidlen ) {
			/* restore the separator */
			*uid = '#';
			/* shift the UID */
			SAFEMEMCPY( &dn[dnlen], uid, uidlen );
		}

		out->bv_val = dn;
		out->bv_len = dnlen + uidlen;
	}

	*normalized = out;
	return LDAP_SUCCESS;
}

413
414
415
416
417
418
419
420
421
static int
inValidate(
	Syntax *syntax,
	struct berval *in )
{
	/* any value allowed */
	return LDAP_OTHER;
}

422
static int
423
blobValidate(
424
425
426
427
	Syntax *syntax,
	struct berval *in )
{
	/* any value allowed */
428
	return LDAP_SUCCESS;
429
430
}

431
432
433
434
435
436
437
438
439
440
441
442
443
static int
bitStringValidate(
	Syntax *syntax,
	struct berval *in )
{
	ber_len_t i;

	/* very unforgiving validation, requires no normalization
	 * before simplistic matching
	 */
	if( in->bv_len < 3 ) {
		return LDAP_INVALID_SYNTAX;
	}
444

445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
	if( in->bv_val[0] != 'B' ||
		in->bv_val[1] != '\'' ||
		in->bv_val[in->bv_len-1] != '\'' )
	{
		return LDAP_INVALID_SYNTAX;
	}

	for( i=in->bv_len-2; i>1; i-- ) {
		if( in->bv_val[i] != '0' && in->bv_val[i] != '1' ) {
			return LDAP_INVALID_SYNTAX;
		}
	}

	return LDAP_SUCCESS;
}

461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
/*
 * Handling boolean syntax and matching is quite rigid.
 * A more flexible approach would be to allow a variety
 * of strings to be normalized and prettied into TRUE
 * and FALSE.
 */
static int
booleanValidate(
	Syntax *syntax,
	struct berval *in )
{
	/* very unforgiving validation, requires no normalization
	 * before simplistic matching
	 */

	if( in->bv_len == 4 ) {
		if( !memcmp( in->bv_val, "TRUE", 4 ) ) {
			return LDAP_SUCCESS;
		}
	} else if( in->bv_len == 5 ) {
		if( !memcmp( in->bv_val, "FALSE", 5 ) ) {
			return LDAP_SUCCESS;
		}
	}

	return LDAP_INVALID_SYNTAX;
}

static int
booleanMatch(
	int *matchp,
492
	slap_mask_t flags,
493
494
495
496
497
498
499
500
501
502
503
	Syntax *syntax,
	MatchingRule *mr,
	struct berval *value,
	void *assertedValue )
{
	/* simplistic matching allowed by rigid validation */
	struct berval *asserted = (struct berval *) assertedValue;
	*matchp = value->bv_len != asserted->bv_len;
	return LDAP_SUCCESS;
}

504
505
506
507
508
509
510
511
512
static int
UTF8StringValidate(
	Syntax *syntax,
	struct berval *in )
{
	ber_len_t count;
	int len;
	unsigned char *u = in->bv_val;

513
514
	if( !in->bv_len ) return LDAP_INVALID_SYNTAX;

515
	for( count = in->bv_len; count > 0; count-=len, u+=len ) {
516
517
518
519
		/* get the length indicated by the first byte */
		len = LDAP_UTF8_CHARLEN( u );

		/* should not be zero */
520
		if( len == 0 ) return LDAP_INVALID_SYNTAX;
521
522
523

		/* make sure len corresponds with the offset
			to the next character */
524
		if( LDAP_UTF8_OFFSET( u ) != len ) return LDAP_INVALID_SYNTAX;
525
526
	}

527
	if( count != 0 ) return LDAP_INVALID_SYNTAX;
528

529
	return LDAP_SUCCESS;
530
531
532
533
534
535
536
537
538
}

static int
UTF8StringNormalize(
	Syntax *syntax,
	struct berval *val,
	struct berval **normalized )
{
	struct berval *newval;
539
	char *p, *q, *s;
540

541
	newval = ch_malloc( sizeof( struct berval ) );
542

543
	p = val->bv_val;
544

545
546
547
	/* Ignore initial whitespace */
	while ( ldap_utf8_isspace( p ) ) {
		LDAP_UTF8_INCR( p );
Kurt Zeilenga's avatar
Kurt Zeilenga committed
548
	}
549

550
551
	if( *p == '\0' ) {
		ch_free( newval );
Kurt Zeilenga's avatar
Kurt Zeilenga committed
552
553
		return LDAP_INVALID_SYNTAX;
	}
554

555
556
557
	newval->bv_val = ch_strdup( p );
	p = q = newval->bv_val;
	s = NULL;
558

559
560
	while ( *p ) {
		int len;
561

562
563
564
565
566
		if ( ldap_utf8_isspace( p ) ) {
			len = LDAP_UTF8_COPY(q,p);
			s=q;
			p+=len;
			q+=len;
567

568
569
570
571
			/* Ignore the extra whitespace */
			while ( ldap_utf8_isspace( p ) ) {
				LDAP_UTF8_INCR( p );
			}
Kurt Zeilenga's avatar
Kurt Zeilenga committed
572
		} else {
573
574
575
576
			len = LDAP_UTF8_COPY(q,p);
			s=NULL;
			p+=len;
			q+=len;
Kurt Zeilenga's avatar
Kurt Zeilenga committed
577
		}
578
579
580
581
	}

	assert( *newval->bv_val );
	assert( newval->bv_val < p );
Kurt Zeilenga's avatar
Kurt Zeilenga committed
582
	assert( q <= p );
583

584
585
586
587
588
589
590
591
592
593
594
	/* cannot start with a space */
	assert( !ldap_utf8_isspace(newval->bv_val) );

	/*
	 * If the string ended in space, backup the pointer one
	 * position.  One is enough because the above loop collapsed
	 * all whitespace to a single space.
	 */

	if ( s != NULL ) {
		q = s;
Kurt Zeilenga's avatar
Kurt Zeilenga committed
595
	}
596

597
598
599
600
601
602
603
604
	/* cannot end with a space */
	assert( !ldap_utf8_isspace( LDAP_UTF8_PREV(q) ) );

	/* null terminate */
	*q = '\0';

	newval->bv_len = q - newval->bv_val;
	*normalized = newval;
605

606
	return LDAP_SUCCESS;
607
608
}

609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
/* Returns Unicode cannonically normalized copy of a substring assertion
 * Skipping attribute description */
SubstringsAssertion *
UTF8SubstringsassertionNormalize(
	SubstringsAssertion *sa,
	char casefold )
{
	SubstringsAssertion *nsa;
	int i;

	nsa = (SubstringsAssertion *)ch_calloc( 1, sizeof(SubstringsAssertion) );
	if( nsa == NULL ) {
		return NULL;
	}

	if( sa->sa_initial != NULL ) {
		nsa->sa_initial = ber_bvstr( UTF8normalize( sa->sa_initial->bv_val, casefold ) );
		if( nsa->sa_initial == NULL ) {
			goto err;
		}
	}

	if( sa->sa_any != NULL ) {
		for( i=0; sa->sa_any[i] != NULL; i++ ) {
			/* empty */
		}
		nsa->sa_any = (struct berval **)ch_malloc( (i + 1) * sizeof(struct berval *) );
		for( i=0; sa->sa_any[i] != NULL; i++ ) {
			nsa->sa_any[i] = ber_bvstr( UTF8normalize( sa->sa_any[i]->bv_val, casefold ) );
			if( nsa->sa_any[i] == NULL ) {
				goto err;
			}
		}
		nsa->sa_any[i] = NULL;
	}

	if( sa->sa_final != NULL ) {
		nsa->sa_final = ber_bvstr( UTF8normalize( sa->sa_final->bv_val, casefold ) );
		if( nsa->sa_final == NULL ) {
			goto err;
		}
	}

	return nsa;

err:
	ch_free( nsa->sa_final );
	ber_bvecfree( nsa->sa_any );
	ch_free( nsa->sa_initial );
	ch_free( nsa );
	return NULL;
}

662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
/* Strip characters with the 8th bit set */
char *
strip8bitChars(
	char *in )      
{
	char *p = in, *q;
  
	if( in == NULL ) {
		return NULL;
	}
	while( *p ) {
		if( *p & 0x80 ) {
			q = p;
			while( *++q & 0x80 ) {
				/* empty */
			}
			p = memmove(p, q, strlen(q) + 1);
		} else {
			p++;
		}
	}
	return in;
}

686
#ifndef SLAPD_APPROX_OLDSINGLESTRING
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706

#if defined(SLAPD_APPROX_INITIALS)
#define SLAPD_APPROX_DELIMITER "._ "
#define SLAPD_APPROX_WORDLEN 2
#else
#define SLAPD_APPROX_DELIMITER " "
#define SLAPD_APPROX_WORDLEN 1
#endif

static int
approxMatch(
	int *matchp,
	slap_mask_t flags,
	Syntax *syntax,
	MatchingRule *mr,
	struct berval *value,
	void *assertedValue )
{
	char *val, *assertv, **values, **words, *c;
	int i, count, len, nextchunk=0, nextavail=0;
707
	size_t avlen;
708

709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
	/* Yes, this is necessary */
	val = UTF8normalize( value->bv_val, UTF8_NOCASEFOLD );
	if( val == NULL ) {
		*matchp = 1;
		return LDAP_SUCCESS;
	}
	strip8bitChars( val );

	/* Yes, this is necessary */
	assertv = UTF8normalize( ((struct berval *)assertedValue)->bv_val,
				 UTF8_NOCASEFOLD );
	if( assertv == NULL ) {
		free( val );
		*matchp = 1;
		return LDAP_SUCCESS;
	}
	strip8bitChars( assertv );
	avlen = strlen( assertv );
727
728
729
730
731
732
733
734
735
736
737
738

	/* Isolate how many words there are */
	for( c=val,count=1; *c; c++ ) {
		c = strpbrk( c, SLAPD_APPROX_DELIMITER );
		if ( c == NULL ) break;
		*c = '\0';
		count++;
	}

	/* Get a phonetic copy of each word */
	words = (char **)ch_malloc( count * sizeof(char *) );
	values = (char **)ch_malloc( count * sizeof(char *) );
Gary Williams's avatar
Gary Williams committed
739
	for( c=val,i=0;	 i<count;  i++,c+=strlen(c)+1 ) {
740
741
742
743
		words[i] = c;
		values[i] = phonetic(c);
	}

744
	/* Work through the asserted value's words, to see if at least some
745
746
	   of the words are there, in the same order. */
	len = 0;
747
	while ( nextchunk < avlen ) {
748
		len = strcspn( assertv + nextchunk, SLAPD_APPROX_DELIMITER);
749
750
751
752
		if( len == 0 ) {
			nextchunk++;
			continue;
		}
753
#if defined(SLAPD_APPROX_INITIALS)
754
		else if( len == 1 ) {
755
756
			/* Single letter words need to at least match one word's initial */
			for( i=nextavail; i<count; i++ )
757
758
				if( !strncasecmp( assertv+nextchunk, words[i], 1 )) {
					nextavail=i+1;
759
					break;
760
				}
761
762
		}
#endif
763
		else {
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
			/* Isolate the next word in the asserted value and phonetic it */
			assertv[nextchunk+len] = '\0';
			val = phonetic( assertv + nextchunk );

			/* See if this phonetic chunk is in the remaining words of *value */
			for( i=nextavail; i<count; i++ ){
				if( !strcmp( val, values[i] ) ){
					nextavail = i+1;
					break;
				}
			}
		}

		/* This chunk in the asserted value was NOT within the *value. */
		if( i >= count ) {
			nextavail=-1;
			break;
		}

		/* Go on to the next word in the asserted value */
		nextchunk += len+1;
	}

	/* If some of the words were seen, call it a match */
	if( nextavail > 0 ) {
		*matchp = 0;
	}
	else {
		*matchp = 1;
	}

	/* Cleanup allocs */
796
	free( assertv );
797
798
799
800
801
	for( i=0; i<count; i++ ) {
		ch_free( values[i] );
	}
	ch_free( values );
	ch_free( words );
802
	free( val );
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821

	return LDAP_SUCCESS;
}

int 
approxIndexer(
	slap_mask_t use,
	slap_mask_t flags,
	Syntax *syntax,
	MatchingRule *mr,
	struct berval *prefix,
	struct berval **values,
	struct berval ***keysp )
{
	char *val, *c;
	int i,j, len, wordcount, keycount=0;
	struct berval **newkeys, **keys=NULL;

	for( j=0; values[j] != NULL; j++ ) {
822
823
824
825
		/* Yes, this is necessary */
		val = UTF8normalize( values[j]->bv_val, UTF8_NOCASEFOLD );
		strip8bitChars( val );

826
		/* Isolate how many words there are. There will be a key for each */
Gary Williams's avatar
Gary Williams committed
827
		for( wordcount=0,c=val;	 *c;  c++) {
828
829
830
831
832
833
834
835
836
			len = strcspn(c, SLAPD_APPROX_DELIMITER);
			if( len >= SLAPD_APPROX_WORDLEN ) wordcount++;
			c+= len;
			if (*c == '\0') break;
			*c = '\0';
		}

		/* Allocate/increase storage to account for new keys */
		newkeys = (struct berval **)ch_malloc( (keycount + wordcount + 1) 
Kurt Zeilenga's avatar
Kurt Zeilenga committed
837
			* sizeof(struct berval *) );
838
839
840
841
842
		memcpy( newkeys, keys, keycount * sizeof(struct berval *) );
		if( keys ) ch_free( keys );
		keys = newkeys;

		/* Get a phonetic copy of each word */
Gary Williams's avatar
Gary Williams committed
843
		for( c=val,i=0;	 i<wordcount;  c+=len+1	 ) {
844
845
846
847
848
849
850
851
852
			len = strlen( c );
			if( len < SLAPD_APPROX_WORDLEN ) continue;
			keys[keycount] = (struct berval *)ch_malloc( sizeof(struct berval) );
			keys[keycount]->bv_val = phonetic( c );
			keys[keycount]->bv_len = strlen( keys[keycount]->bv_val );
			keycount++;
			i++;
		}

853
		free( val );
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
	}
	keys[keycount] = NULL;
	*keysp = keys;

	return LDAP_SUCCESS;
}

int 
approxFilter(
	slap_mask_t use,
	slap_mask_t flags,
	Syntax *syntax,
	MatchingRule *mr,
	struct berval *prefix,
	void * assertValue,
	struct berval ***keysp )
{
	char *val, *c;
	int i, count, len;
	struct berval **keys;

875
876
877
878
879
880
881
882
883
884
885
	/* Yes, this is necessary */
	val = UTF8normalize( ((struct berval *)assertValue)->bv_val,
			     UTF8_NOCASEFOLD );
	if( val == NULL ) {
		keys = (struct berval **)ch_malloc( sizeof(struct berval *) );
		keys[0] = NULL;
		*keysp = keys;
		return LDAP_SUCCESS;
	}
	strip8bitChars( val );

886
887
888
889
890
891
892
893
894
895
896
897
898
	/* Isolate how many words there are. There will be a key for each */
	for( count=0,c=val;  *c;  c++) {
		len = strcspn(c, SLAPD_APPROX_DELIMITER);
		if( len >= SLAPD_APPROX_WORDLEN ) count++;
		c+= len;
		if (*c == '\0') break;
		*c = '\0';
	}

	/* Allocate storage for new keys */
	keys = (struct berval **)ch_malloc( (count + 1) * sizeof(struct berval *) );

	/* Get a phonetic copy of each word */
Gary Williams's avatar
Gary Williams committed
899
	for( c=val,i=0;	 i<count; c+=len+1 ) {
900
901
		len = strlen(c);
		if( len < SLAPD_APPROX_WORDLEN ) continue;
902
		keys[i] = ber_bvstr( phonetic( c ) );
903
904
905
		i++;
	}

906
	free( val );
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927

	keys[count] = NULL;
	*keysp = keys;

	return LDAP_SUCCESS;
}


#else
/* No other form of Approximate Matching is defined */

static int
approxMatch(
	int *matchp,
	slap_mask_t flags,
	Syntax *syntax,
	MatchingRule *mr,
	struct berval *value,
	void *assertedValue )
{
	char *vapprox, *avapprox;
928
	char *s, *t;
929

930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
	/* Yes, this is necessary */
	s = UTF8normalize( value->bv_val, UTF8_NOCASEFOLD );
	if( s == NULL ) {
		*matchp = 1;
		return LDAP_SUCCESS;
	}

	/* Yes, this is necessary */
	t = UTF8normalize( ((struct berval *)assertedValue)->bv_val,
			   UTF8_NOCASEFOLD );
	if( t == NULL ) {
		free( s );
		*matchp = -1;
		return LDAP_SUCCESS;
	}

	vapprox = phonetic( strip8bitChars( s ) );
	avapprox = phonetic( strip8bitChars( t ) );

	free( s );
	free( t );
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971

	*matchp = strcmp( vapprox, avapprox );

	ch_free( vapprox );
	ch_free( avapprox );

	return LDAP_SUCCESS;
}

int 
approxIndexer(
	slap_mask_t use,
	slap_mask_t flags,
	Syntax *syntax,
	MatchingRule *mr,
	struct berval *prefix,
	struct berval **values,
	struct berval ***keysp )
{
	int i;
	struct berval **keys;
972
	char *s;
973
974

	for( i=0; values[i] != NULL; i++ ) {
Kurt Zeilenga's avatar
Kurt Zeilenga committed
975
		/* empty - just count them */
976
	}
Kurt Zeilenga's avatar
Kurt Zeilenga committed
977
978

	/* we should have at least one value at this point */
979
980
981
982
983
984
	assert( i > 0 );

	keys = (struct berval **)ch_malloc( sizeof( struct berval * ) * (i+1) );

	/* Copy each value and run it through phonetic() */
	for( i=0; values[i] != NULL; i++ ) {
985
986
987
988
989
990
		/* Yes, this is necessary */
		s = UTF8normalize( values[i]->bv_val, UTF8_NOCASEFOLD );

		/* strip 8-bit chars and run through phonetic() */
		keys[i] = ber_bvstr( phonetic( strip8bitChars( s ) ) );
		free( s );
991
992
993
994
995
996
997
998
999
1000
1001
1002
1003
1004
1005
1006
1007
1008
1009
	}
	keys[i] = NULL;

	*keysp = keys;
	return LDAP_SUCCESS;
}


int 
approxFilter(
	slap_mask_t use,
	slap_mask_t flags,
	Syntax *syntax,
	MatchingRule *mr,
	struct berval *prefix,
	void * assertValue,
	struct berval ***keysp )
{
	struct berval **keys;
1010
	char *s;
1011
1012
1013

	keys = (struct berval **)ch_malloc( sizeof( struct berval * ) * 2 );

1014
1015
1016
1017
1018
1019
1020
1021
1022
1023
1024
	/* Yes, this is necessary */
	s = UTF8normalize( ((struct berval *)assertValue)->bv_val,
			     UTF8_NOCASEFOLD );
	if( s == NULL ) {
		keys[0] = NULL;
	} else {
		/* strip 8-bit chars and run through phonetic() */
		keys[0] = ber_bvstr( phonetic( strip8bitChars( s ) ) );
		free( s );
		keys[1] = NULL;
	}
1025
1026
1027
1028
1029
1030
1031

	*keysp = keys;
	return LDAP_SUCCESS;
}
#endif


1032
static int
1033
caseExactMatch(
1034
	int *matchp,
1035
	slap_mask_t flags,
1036
1037
1038
	Syntax *syntax,
	MatchingRule *mr,
	struct berval *value,
1039
	void *assertedValue )
1040
{
1041
1042
1043
	*matchp = UTF8normcmp( value->bv_val,
		((struct berval *) assertedValue)->bv_val,
		UTF8_NOCASEFOLD );
1044
	return LDAP_SUCCESS;
1045
1046
}

1047
static int
1048
caseExactIgnoreSubstringsMatch(
1049
	int *matchp,
1050
	slap_mask_t flags,
1051
1052
1053
1054
1055
1056
	Syntax *syntax,
	MatchingRule *mr,
	struct berval *value,
	void *assertedValue )
{
	int match = 0;
1057
1058
	SubstringsAssertion *sub;
	struct berval left;
1059
1060
	int i;
	ber_len_t inlen=0;
1061
1062
1063
1064
	char *nav, casefold;

	casefold = strcmp( mr->smr_oid, caseExactSubstringsMatchOID )
		? UTF8_CASEFOLD : UTF8_NOCASEFOLD;
1065

1066
	nav = UTF8normalize( value->bv_val, casefold );
1067
1068
1069
1070
1071
1072
	if( nav == NULL ) {
		match = 1;
		goto done;
	}
	left.bv_val = nav;
	left.bv_len = strlen( nav );
Kurt Zeilenga's avatar
Kurt Zeilenga committed
1073

1074
	sub = UTF8SubstringsassertionNormalize( assertedValue, casefold );
1075
1076
1077
1078
	if( sub == NULL ) {
		match = -1;
		goto done;
	}
1079

1080
	/* Add up asserted input length */
1081
1082
1083
1084
	if( sub->sa_initial ) {
		inlen += sub->sa_initial->bv_len;
	}
	if( sub->sa_any ) {
1085
1086
		for(i=0; sub->sa_any[i] != NULL; i++) {
			inlen += sub->sa_any[i]->bv_len;
1087
1088
1089
1090
1091
1092
1093
		}
	}
	if( sub->sa_final ) {
		inlen += sub->sa_final->bv_len;
	}

	if( sub->sa_initial ) {
Kurt Zeilenga's avatar
Kurt Zeilenga committed
1094
1095
1096
1097
1098
		if( inlen > left.bv_len ) {
			match = 1;
			goto done;
		}

1099
1100
		match = strncmp( sub->sa_initial->bv_val, left.bv_val,
			sub->sa_initial->bv_len );
1101
1102
1103
1104
1105
1106
1107

		if( match != 0 ) {
			goto done;
		}

		left.bv_val += sub->sa_initial->bv_len;
		left.bv_len -= sub->sa_initial->bv_len;
1108
		inlen -= sub->sa_initial->bv_len;
Kurt Zeilenga's avatar
Kurt Zeilenga committed
1109
	}
1110

Kurt Zeilenga's avatar
Kurt Zeilenga committed
1111
	if( sub->sa_final ) {
1112
1113
1114
1115
		if( inlen > left.bv_len ) {
			match = 1;
			goto done;
		}
1116

1117
1118
1119
		match = strncmp( sub->sa_final->bv_val,
			&left.bv_val[left.bv_len - sub->sa_final->bv_len],
			sub->sa_final->bv_len );
1120
1121
1122
1123
1124
1125

		if( match != 0 ) {
			goto done;
		}

		left.bv_len -= sub->sa_final->bv_len;
1126
		inlen -= sub->sa_final->bv_len;
1127
1128
1129
	}

	if( sub->sa_any ) {
1130
1131
1132
1133
1134
		for(i=0; sub->sa_any[i]; i++) {
			ber_len_t idx;
			char *p;

retry:
Kurt Zeilenga's avatar
Kurt Zeilenga committed
1135
1136
1137
1138
1139
1140
			if( inlen > left.bv_len ) {
				/* not enough length */
				match = 1;
				goto done;
			}

1141
1142
1143
1144
			if( sub->sa_any[i]->bv_len == 0 ) {
				continue;
			}

1145
			p = strchr( left.bv_val, *sub->sa_any[i]->bv_val );
1146
1147
1148
1149
1150
1151
1152
1153
1154
1155
1156
1157
1158
1159
1160
1161
1162
1163
1164
1165
1166
1167
1168

			if( p == NULL ) {
				match = 1;
				goto done;
			}

			idx = p - left.bv_val;
			assert( idx < left.bv_len );

			if( idx >= left.bv_len ) {
				/* this shouldn't happen */
				return LDAP_OTHER;
			}

			left.bv_val = p;
			left.bv_len -= idx;

			if( sub->sa_any[i]->bv_len > left.bv_len ) {
				/* not enough left */
				match = 1;
				goto done;
			}

1169
1170
1171
			match = strncmp( left.bv_val,
				sub->sa_any[i]->bv_val,
				sub->sa_any[i]->bv_len );
1172
1173

			if( match != 0 ) {
1174
1175
				left.bv_val++;
				left.bv_len--;
1176
1177
1178
1179
1180
				goto retry;
			}

			left.bv_val += sub->sa_any[i]->bv_len;
			left.bv_len -= sub->sa_any[i]->bv_len;
1181
			inlen -= sub->sa_any[i]->bv_len;
1182
		}
1183
1184
1185
	}

done:
1186
1187
1188
1189
1190
1191
1192
	free( nav );
	if( sub != NULL ) {
		ch_free( sub->sa_final );
		ber_bvecfree( sub->sa_any );
		ch_free( sub->sa_initial );
		ch_free( sub );
	}
1193
1194
1195
1196
	*matchp = match;
	return LDAP_SUCCESS;
}

1197
/* Index generation function */
1198
int caseExactIgnoreIndexer(
1199
1200
	slap_mask_t use,
	slap_mask_t flags,
1201
1202
1203
1204
1205
1206
1207
	Syntax *syntax,
	MatchingRule *mr,
	struct berval *prefix,
	struct berval **values,
	struct berval ***keysp )
{
	int i;
1208
	char casefold;
1209
1210
	size_t slen, mlen;
	struct berval **keys;
1211
	HASH_CONTEXT   HASHcontext;
Gary Williams's avatar
Gary Williams committed
1212
	unsigned char	HASHdigest[HASH_BYTES];
1213
	struct berval digest;
1214
1215
	digest.bv_val = HASHdigest;
	digest.bv_len = sizeof(HASHdigest);
1216
1217

	for( i=0; values[i] != NULL; i++ ) {
Kurt Zeilenga's avatar
Kurt Zeilenga committed
1218
		/* empty - just count them */
1219
1220
	}

Kurt Zeilenga's avatar
Kurt Zeilenga committed
1221
1222
1223
	/* we should have at least one value at this point */
	assert( i > 0 );

1224
1225
1226
1227
1228
	keys = ch_malloc( sizeof( struct berval * ) * (i+1) );

	slen = strlen( syntax->ssyn_oid );
	mlen = strlen( mr->smr_oid );

1229
1230
1231
	casefold = strcmp( mr->smr_oid, caseExactMatchOID )
		? UTF8_CASEFOLD : UTF8_NOCASEFOLD;

1232
	for( i=0; values[i] != NULL; i++ ) {
1233
		struct berval *value;
Kurt Zeilenga's avatar
Kurt Zeilenga committed
1234
		value = ber_bvstr( UTF8normalize( values[i]->bv_val,
1235
			casefold ) );
1236

1237
		HASH_Init( &HASHcontext );
1238
		if( prefix != NULL && prefix->bv_len > 0 ) {
1239
			HASH_Update( &HASHcontext,
1240
1241
				prefix->bv_val, prefix->bv_len );
		}
1242
		HASH_Update( &HASHcontext,
1243
			syntax->ssyn_oid, slen );
1244
		HASH_Update( &HASHcontext,
1245
			mr->smr_oid, mlen );
1246
		HASH_Update( &HASHcontext,
1247
			value->bv_val, value->bv_len );
1248
		HASH_Final( HASHdigest, &HASHcontext );
1249

1250
1251
		ber_bvfree( value );

1252
1253
1254
1255
1256
1257
1258
1259
1260
		keys[i] = ber_bvdup( &digest );
	}

	keys[i] = NULL;
	*keysp = keys;
	return LDAP_SUCCESS;
}

/* Index generation function */
1261
int caseExactIgnoreFilter(
1262
1263
	slap_mask_t use,
	slap_mask_t flags,
1264
1265
1266
1267
1268
1269
	Syntax *syntax,
	MatchingRule *mr,
	struct berval *prefix,
	void * assertValue,
	struct berval ***keysp )
{
1270
	char casefold;
1271
1272
	size_t slen, mlen;
	struct berval **keys;
1273
	HASH_CONTEXT   HASHcontext;
Gary Williams's avatar
Gary Williams committed
1274
	unsigned char	HASHdigest[HASH_BYTES];
1275
1276
	struct berval *value;
	struct berval digest;
1277
1278
	digest.bv_val = HASHdigest;
	digest.bv_len = sizeof(HASHdigest);
1279
1280
1281
1282

	slen = strlen( syntax->ssyn_oid );
	mlen = strlen( mr->smr_oid );

1283
1284
1285
	casefold = strcmp( mr->smr_oid, caseExactMatchOID )
		? UTF8_CASEFOLD : UTF8_NOCASEFOLD;

1286
	value = ber_bvstr( UTF8normalize( ((struct berval *) assertValue)->bv_val,
1287
		casefold ) );
1288
1289
1290
1291
1292
1293
	/* This usually happens if filter contains bad UTF8 */
	if( value == NULL ) {
		keys = ch_malloc( sizeof( struct berval * ) );
		keys[0] = NULL;
		return LDAP_SUCCESS;
	}
1294
1295
1296

	keys = ch_malloc( sizeof( struct berval * ) * 2 );

1297
	HASH_Init( &HASHcontext );
1298
	if( prefix != NULL && prefix->bv_len > 0 ) {
1299
		HASH_Update( &HASHcontext,
1300
1301
			prefix->bv_val, prefix->bv_len );
	}
1302
	HASH_Update( &HASHcontext,
1303
		syntax->ssyn_oid, slen );
1304
	HASH_Update( &HASHcontext,
1305
		mr->smr_oid, mlen );
1306
	HASH_Update( &HASHcontext,
1307
		value->bv_val, value->bv_len );
1308
	HASH_Final( HASHdigest, &HASHcontext );
1309
1310
1311
1312

	keys[0] = ber_bvdup( &digest );
	keys[1] = NULL;

1313
1314
	ber_bvfree( value );

1315
1316
1317
	*keysp = keys;
	return LDAP_SUCCESS;
}
1318

1319
/* Substrings Index generation function */
1320
int caseExactIgnoreSubstringsIndexer(
1321
1322
	slap_mask_t use,
	slap_mask_t flags,
1323
1324
1325
1326
1327
1328
	Syntax *syntax,
	MatchingRule *mr,
	struct berval *prefix,
	struct berval **values,
	struct berval ***keysp )
{
1329
	char casefold;
1330
	ber_len_t i, nkeys;
1331
1332
	size_t slen, mlen;
	struct berval **keys;
Kurt Zeilenga's avatar
Kurt Zeilenga committed
1333
	struct berval **nvalues;
1334

1335
	HASH_CONTEXT   HASHcontext;