schema_init.c 113 KB
Newer Older
1
2
3
/* schema_init.c - init builtin schema */
/* $OpenLDAP$ */
/*
Kurt Zeilenga's avatar
Kurt Zeilenga committed
4
 * Copyright 1998-2000 The OpenLDAP Foundation, All Rights Reserved.
5
6
7
8
9
10
 * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
 */

#include "portable.h"

#include <stdio.h>
Kurt Zeilenga's avatar
Kurt Zeilenga committed
11
#include <limits.h>
12
13

#include <ac/ctype.h>
14
#include <ac/errno.h>
15
16
17
18
19
#include <ac/string.h>
#include <ac/socket.h>

#include "slap.h"
#include "ldap_pvt.h"
20

21
22
#include "ldap_utf8.h"

23
24
25
26
27
28
#include "lutil_hash.h"
#define HASH_BYTES				LUTIL_HASH_BYTES
#define HASH_CONTEXT			lutil_HASH_CTX
#define HASH_Init(c)			lutil_HASHInit(c)
#define HASH_Update(c,buf,len)	lutil_HASHUpdate(c,buf,len)
#define HASH_Final(d,c)			lutil_HASHFinal(d,c)
29

30
/* recycled validatation routines */
31
#define berValidate						blobValidate
32
33

/* unimplemented pretters */
34
#define integerPretty					NULL
35
#define SLAP_LDAPDN_PRETTY 0x1
36
37

/* recycled matching routines */
38
#define bitStringMatch					octetStringMatch
39
40
41
#define numericStringMatch				caseIgnoreIA5Match
#define objectIdentifierMatch			caseIgnoreIA5Match
#define telephoneNumberMatch			caseIgnoreIA5Match
42
#define telephoneNumberSubstringsMatch	caseIgnoreIA5SubstringsMatch
43
44
#define generalizedTimeMatch			caseIgnoreIA5Match
#define generalizedTimeOrderingMatch	caseIgnoreIA5Match
45
#define uniqueMemberMatch				dnMatch
46

47
48
/* approx matching rules */
#define directoryStringApproxMatchOID	"1.3.6.1.4.1.4203.666.4.4"
Gary Williams's avatar
Gary Williams committed
49
50
51
#define directoryStringApproxMatch	approxMatch
#define directoryStringApproxIndexer	approxIndexer
#define directoryStringApproxFilter	approxFilter
52
#define IA5StringApproxMatchOID			"1.3.6.1.4.1.4203.666.4.5"
Gary Williams's avatar
Gary Williams committed
53
#define IA5StringApproxMatch			approxMatch
54
#define IA5StringApproxIndexer			approxIndexer
Gary Williams's avatar
Gary Williams committed
55
#define IA5StringApproxFilter			approxFilter
56

57
58
59
60
/* orderring matching rules */
#define caseIgnoreOrderingMatch			caseIgnoreMatch
#define caseExactOrderingMatch			caseExactMatch

61
/* unimplemented matching routines */
62
63
64
65
66
67
68
#define caseIgnoreListMatch				NULL
#define caseIgnoreListSubstringsMatch	NULL
#define protocolInformationMatch		NULL
#define integerFirstComponentMatch		NULL

#define OpenLDAPaciMatch				NULL
#define authPasswordMatch				NULL
69
70

/* recycled indexing/filtering routines */
71
72
#define dnIndexer				caseExactIgnoreIndexer
#define dnFilter				caseExactIgnoreFilter
73
74
#define bitStringFilter			octetStringFilter
#define bitStringIndexer		octetStringIndexer
75

76
77
78
79
80
#define telephoneNumberIndexer			caseIgnoreIA5Indexer
#define telephoneNumberFilter			caseIgnoreIA5Filter
#define telephoneNumberSubstringsIndexer	caseIgnoreIA5SubstringsIndexer
#define telephoneNumberSubstringsFilter		caseIgnoreIA5SubstringsFilter

81
82
83
84
/* must match OIDs below */
#define caseExactMatchOID			"2.5.13.5"
#define caseExactSubstringsMatchOID		"2.5.13.7"

85
86
87
88
static char *strcasechr( const char *str, int c )
{
	char *lower = strchr( str, TOLOWER(c) );
	char *upper = strchr( str, TOUPPER(c) );
89

90
91
92
93
94
95
96
97
	if( lower && upper ) {
		return lower < upper ? lower : upper;
	} else if ( lower ) {
		return lower;
	} else {
		return upper;
	}
}
98

99
100
101
static int
octetStringMatch(
	int *matchp,
102
	slap_mask_t flags,
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
	Syntax *syntax,
	MatchingRule *mr,
	struct berval *value,
	void *assertedValue )
{
	int match = value->bv_len - ((struct berval *) assertedValue)->bv_len;

	if( match == 0 ) {
		match = memcmp( value->bv_val,
			((struct berval *) assertedValue)->bv_val,
			value->bv_len );
	}

	*matchp = match;
	return LDAP_SUCCESS;
}

/* Index generation function */
int octetStringIndexer(
122
123
	slap_mask_t use,
	slap_mask_t flags,
124
125
126
127
128
129
130
131
132
	Syntax *syntax,
	MatchingRule *mr,
	struct berval *prefix,
	struct berval **values,
	struct berval ***keysp )
{
	int i;
	size_t slen, mlen;
	struct berval **keys;
133
	HASH_CONTEXT   HASHcontext;
Gary Williams's avatar
Gary Williams committed
134
	unsigned char	HASHdigest[HASH_BYTES];
135
	struct berval digest;
136
137
	digest.bv_val = HASHdigest;
	digest.bv_len = sizeof(HASHdigest);
138
139
140
141
142

	for( i=0; values[i] != NULL; i++ ) {
		/* just count them */
	}

Kurt Zeilenga's avatar
Kurt Zeilenga committed
143
144
145
	/* we should have at least one value at this point */
	assert( i > 0 );

146
147
148
149
150
151
	keys = ch_malloc( sizeof( struct berval * ) * (i+1) );

	slen = strlen( syntax->ssyn_oid );
	mlen = strlen( mr->smr_oid );

	for( i=0; values[i] != NULL; i++ ) {
152
		HASH_Init( &HASHcontext );
153
		if( prefix != NULL && prefix->bv_len > 0 ) {
154
			HASH_Update( &HASHcontext,
155
156
				prefix->bv_val, prefix->bv_len );
		}
157
		HASH_Update( &HASHcontext,
158
			syntax->ssyn_oid, slen );
159
		HASH_Update( &HASHcontext,
160
			mr->smr_oid, mlen );
161
		HASH_Update( &HASHcontext,
162
			values[i]->bv_val, values[i]->bv_len );
163
		HASH_Final( HASHdigest, &HASHcontext );
164
165
166
167
168
169
170
171
172
173
174
175
176

		keys[i] = ber_bvdup( &digest );
	}

	keys[i] = NULL;

	*keysp = keys;

	return LDAP_SUCCESS;
}

/* Index generation function */
int octetStringFilter(
177
178
	slap_mask_t use,
	slap_mask_t flags,
179
180
181
182
183
184
185
186
	Syntax *syntax,
	MatchingRule *mr,
	struct berval *prefix,
	void * assertValue,
	struct berval ***keysp )
{
	size_t slen, mlen;
	struct berval **keys;
187
	HASH_CONTEXT   HASHcontext;
Gary Williams's avatar
Gary Williams committed
188
	unsigned char	HASHdigest[HASH_BYTES];
189
190
	struct berval *value = (struct berval *) assertValue;
	struct berval digest;
191
192
	digest.bv_val = HASHdigest;
	digest.bv_len = sizeof(HASHdigest);
193
194
195
196
197
198

	slen = strlen( syntax->ssyn_oid );
	mlen = strlen( mr->smr_oid );

	keys = ch_malloc( sizeof( struct berval * ) * 2 );

199
	HASH_Init( &HASHcontext );
200
	if( prefix != NULL && prefix->bv_len > 0 ) {
201
		HASH_Update( &HASHcontext,
202
203
			prefix->bv_val, prefix->bv_len );
	}
204
	HASH_Update( &HASHcontext,
205
		syntax->ssyn_oid, slen );
206
	HASH_Update( &HASHcontext,
207
		mr->smr_oid, mlen );
208
	HASH_Update( &HASHcontext,
209
		value->bv_val, value->bv_len );
210
	HASH_Final( HASHdigest, &HASHcontext );
211
212
213
214
215
216
217
218

	keys[0] = ber_bvdup( &digest );
	keys[1] = NULL;

	*keysp = keys;

	return LDAP_SUCCESS;
}
219

Pierangelo Masarati's avatar
Pierangelo Masarati committed
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
/*
 * The DN syntax-related functions take advantage of the dn representation
 * handling functions ldap_str2dn/ldap_dn2str.  The latter are not schema-
 * aware, so the attributes and their values need be validated (and possibly
 * normalized).  In the current implementation the required validation/nor-
 * malization/"pretty"ing are done on newly created DN structural represen-
 * tations; however the idea is to move towards DN handling in structural
 * representation instead of the current string representation.  To this
 * purpose, we need to do only the required operations and keep track of
 * what has been done to minimize their impact on performances.
 *
 * Developers are strongly encouraged to use this feature, to speed-up
 * its stabilization.
 */

235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
#define	AVA_PRIVATE( ava ) ( ( AttributeDescription * )(ava)->la_private )

/*
 * In-place, schema-aware validation of the
 * structural representation of a distinguished name.
 */
static int
LDAPDN_validate( LDAPDN *dn )
{
	int 		iRDN;
	int 		rc;

	assert( dn );

	for ( iRDN = 0; dn[ iRDN ]; iRDN++ ) {
		LDAPRDN		*rdn = dn[ iRDN ][ 0 ];
		int		iAVA;

Pierangelo Masarati's avatar
Pierangelo Masarati committed
253
254
		assert( rdn );

255
256
257
258
		for ( iAVA = 0; rdn[ iAVA ]; iAVA++ ) {
			LDAPAVA			*ava = rdn[ iAVA ][ 0 ];
			AttributeDescription	*ad;
			slap_syntax_validate_func *validate = NULL;
Pierangelo Masarati's avatar
Pierangelo Masarati committed
259
260

			assert( ava );
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
			
			if ( ( ad = AVA_PRIVATE( ava ) ) == NULL ) {
				const char	*text = NULL;

				rc = slap_bv2ad( ava->la_attr, &ad, &text );
				if ( rc != LDAP_SUCCESS ) {
					return LDAP_INVALID_SYNTAX;
				}

				ava->la_private = ( void * )ad;
			}

			/* 
			 * Replace attr oid/name with the canonical name
			 */
			ber_bvfree( ava->la_attr );
			ava->la_attr = ber_bvdup( &ad->ad_cname );

			validate = ad->ad_type->sat_syntax->ssyn_validate;

			if ( validate ) {
				/*
			 	 * validate value by validate function
				 */
				rc = ( *validate )( ad->ad_type->sat_syntax,
					ava->la_value );
			
				if ( rc != LDAP_SUCCESS ) {
					return LDAP_INVALID_SYNTAX;
				}
			}
		}
	}

	return LDAP_SUCCESS;
}

Pierangelo Masarati's avatar
Pierangelo Masarati committed
298
299
300
/*
 * dn validate routine
 */
301
int
302
303
304
305
306
307
308
dnValidate(
	Syntax *syntax,
	struct berval *in )
{
	int		rc;
	LDAPDN		*dn = NULL;

Pierangelo Masarati's avatar
Pierangelo Masarati committed
309
310
	assert( in );

311
312
313
314
	if ( in->bv_len == 0 ) {
		return( LDAP_SUCCESS );
	}

315
316
317
	rc = ldap_str2dn( in->bv_val, &dn, LDAP_DN_FORMAT_LDAP );

	/*
318
	 * Schema-aware validate
319
	 */
320
321
322
323
	if ( rc == LDAP_SUCCESS ) {
		rc = LDAPDN_validate( dn );
	}
	
324
325
326
327
328
329
330
331
332
	ldapava_free_dn( dn );
	
	if ( rc != LDAP_SUCCESS ) {
		return( LDAP_INVALID_SYNTAX );
	}

	return( LDAP_SUCCESS );
}

Pierangelo Masarati's avatar
Pierangelo Masarati committed
333
334
335
336
337
338
339
340
341
342
343
/*
 * AVA sorting inside a RDN
 *
 * rule: sort attributeTypes in alphabetical order; in case of multiple
 * occurrences of the same attributeType, sort values in byte order
 * (use memcmp, which implies alphabetical order in case of IA5 value;
 * this should guarantee the repeatability of the operation).
 *
 * uses a linear search; should be fine since the number of AVAs in
 * a RDN should be limited.
 */
344
345
346
347
348
static void
AVA_Sort( LDAPRDN *rdn, int iAVA )
{
	int		i;
	LDAPAVA		*ava_in = rdn[ iAVA ][ 0 ];
Pierangelo Masarati's avatar
Pierangelo Masarati committed
349
350
351

	assert( rdn );
	assert( ava_in );
352
353
354
355
356
	
	for ( i = 0; i < iAVA; i++ ) {
		LDAPAVA		*ava = rdn[ i ][ 0 ];
		int		a, j;

Pierangelo Masarati's avatar
Pierangelo Masarati committed
357
358
		assert( ava );

359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
		a = strcmp( ava_in->la_attr->bv_val, ava->la_attr->bv_val );

		if ( a > 0 ) {
			break;
		}

		while ( a == 0 ) {
			int		v, d;

			d = ava_in->la_value->bv_len - ava->la_value->bv_len;

			v = memcmp( ava_in->la_value->bv_val, 
					ava->la_value->bv_val,
					d <= 0 ? ava_in->la_value->bv_len 
						: ava->la_value->bv_len );

			if ( v == 0 && d != 0 ) {
				v = d;
			}

			if ( v <= 0 ) {
				/* 
				 * got it!
				 */
				break;
			}

			if ( ++i == iAVA ) {
				/*
				 * already sorted
				 */
				return;
			}

			ava = rdn[ i ][ 0 ];
			a = strcmp( ava_in->la_value->bv_val, 
					ava->la_value->bv_val );
		}

		/*
		 * move ahead
		 */
		for ( j = iAVA; j > i; j-- ) {
			rdn[ j ][ 0 ] = rdn[ j - 1 ][ 0 ];
		}
		rdn[ i ][ 0 ] = ava_in;

		return;
	}
}

/*
411
412
 * In-place, schema-aware normalization / "pretty"ing of the
 * structural representation of a distinguished name.
413
414
 */
static int
415
LDAPDN_rewrite( LDAPDN *dn, unsigned flags )
416
417
418
419
420
421
422
423
424
425
{
	int 		iRDN;
	int 		rc;

	assert( dn );

	for ( iRDN = 0; dn[ iRDN ]; iRDN++ ) {
		LDAPRDN		*rdn = dn[ iRDN ][ 0 ];
		int		iAVA;

Pierangelo Masarati's avatar
Pierangelo Masarati committed
426
427
		assert( rdn );

428
429
		for ( iAVA = 0; rdn[ iAVA ]; iAVA++ ) {
			LDAPAVA			*ava = rdn[ iAVA ][ 0 ];
430
			AttributeDescription	*ad;
431
432
			slap_syntax_transform_func *transf = NULL;
			MatchingRule *mr;
433
434
			struct berval		*bv = NULL;

Pierangelo Masarati's avatar
Pierangelo Masarati committed
435
436
			assert( ava );

437
438
439
440
441
442
443
444
445
			if ( ( ad = AVA_PRIVATE( ava ) ) == NULL ) {
				const char	*text = NULL;

				rc = slap_bv2ad( ava->la_attr, &ad, &text );
				if ( rc != LDAP_SUCCESS ) {
					return LDAP_INVALID_SYNTAX;
				}
				
				ava->la_private = ( void * )ad;
446
447
448
			}

			/* 
449
			 * Replace attr oid/name with the canonical name
450
451
452
			 */
			ber_bvfree( ava->la_attr );
			ava->la_attr = ber_bvdup( &ad->ad_cname );
453
454
455
456
457
458
459

			if( flags & SLAP_LDAPDN_PRETTY ) {
				transf = ad->ad_type->sat_syntax->ssyn_pretty;
				mr = NULL;
			} else {
				transf = ad->ad_type->sat_syntax->ssyn_normalize;
				mr = ad->ad_type->sat_equality;
460
			}
461
462
463
464
465
466
467

			if ( transf ) {
				/*
			 	 * transform value by normalize/pretty function
				 */
				rc = ( *transf )( ad->ad_type->sat_syntax,
					ava->la_value, &bv );
468
			
469
470
471
				if ( rc != LDAP_SUCCESS ) {
					return LDAP_INVALID_SYNTAX;
				}
472
473
			}

474
			if( mr && ( mr->smr_usage & SLAP_MR_DN_FOLD ) ) {
475
				struct berval *s = bv;
476
477
478
479

				bv = ber_bvstr( UTF8normalize( bv ? bv : ava->la_value, 
					UTF8_CASEFOLD ) );

480
481
482
				ber_bvfree( s );
			}

483
484
485
486
			if( bv ) {
				ber_bvfree( ava->la_value );
				ava->la_value = bv;
			}
487
488
489
490
491

			AVA_Sort( rdn, iAVA );
		}
	}

492
	return LDAP_SUCCESS;
493
494
}

Pierangelo Masarati's avatar
Pierangelo Masarati committed
495
496
497
/*
 * dn normalize routine
 */
498
499
500
501
502
503
504
505
int
dnNormalize(
	Syntax *syntax,
	struct berval *val,
	struct berval **normalized )
{
	struct berval *out = NULL;

506
	Debug( LDAP_DEBUG_TRACE, ">>> dnNormalize: <%s>\n", val->bv_val, 0, 0 );
507

Pierangelo Masarati's avatar
Pierangelo Masarati committed
508
509
510
	assert( val );
	assert( normalized );

511
512
513
	if ( val->bv_len != 0 ) {
		LDAPDN		*dn = NULL;
		char		*dn_out = NULL;
514
		int		rc;
515

516
517
518
		/*
		 * Go to structural representation
		 */
519
		rc = ldap_str2dn( val->bv_val, &dn, LDAP_DN_FORMAT_LDAP );
520
		if ( rc != LDAP_SUCCESS ) {
521
			return LDAP_INVALID_SYNTAX;
522
523
		}

524
		/*
525
		 * Schema-aware rewrite
526
		 */
527
528
529
		if ( LDAPDN_rewrite( dn, 0 ) != LDAP_SUCCESS ) {
			ldapava_free_dn( dn );
			return LDAP_INVALID_SYNTAX;
530
531
		}

532
533
534
		/*
		 * Back to string representation
		 */
535
536
		rc = ldap_dn2str( dn, &dn_out, LDAP_DN_FORMAT_LDAPV3 );

537
538
		ldapava_free_dn( dn );

539
		if ( rc != LDAP_SUCCESS ) {
540
			return LDAP_INVALID_SYNTAX;
541
542
543
544
545
546
547
548
		}

		out = ber_bvstr( dn_out );

	} else {
		out = ber_bvdup( val );
	}

549
	Debug( LDAP_DEBUG_TRACE, "<<< dnNormalize: <%s>\n", out->bv_val, 0, 0 );
550

551
552
	*normalized = out;

553
	return LDAP_SUCCESS;
554
555
}

Pierangelo Masarati's avatar
Pierangelo Masarati committed
556
557
558
/*
 * dn "pretty"ing routine
 */
559
560
561
562
int
dnPretty(
	Syntax *syntax,
	struct berval *val,
563
	struct berval **pretty)
564
565
566
{
	struct berval *out = NULL;

567
568
	Debug( LDAP_DEBUG_TRACE, ">>> dnPretty: <%s>\n", val->bv_val, 0, 0 );

Pierangelo Masarati's avatar
Pierangelo Masarati committed
569
570
571
	assert( val );
	assert( pretty );

572
573
574
575
576
	if ( val->bv_len != 0 ) {
		LDAPDN		*dn = NULL;
		char		*dn_out = NULL;
		int		rc;

Kurt Zeilenga's avatar
Kurt Zeilenga committed
577
		/* FIXME: should be liberal in what we accept */
578
		rc = ldap_str2dn( val->bv_val, &dn, LDAP_DN_FORMAT_LDAP );
579
		if ( rc != LDAP_SUCCESS ) {
580
			return LDAP_INVALID_SYNTAX;
581
582
		}

583
584
		/*
		 * Schema-aware rewrite
Kurt Zeilenga's avatar
Kurt Zeilenga committed
585
		 */
586
587
588
589
		if ( LDAPDN_rewrite( dn, SLAP_LDAPDN_PRETTY ) != LDAP_SUCCESS ) {
			ldapava_free_dn( dn );
			return LDAP_INVALID_SYNTAX;
		}
590

Kurt Zeilenga's avatar
Kurt Zeilenga committed
591
		/* FIXME: not sure why the default isn't pretty */
Pierangelo Masarati's avatar
Pierangelo Masarati committed
592
593
594
		/* RE: the default is the form that is used as
		 * an internal representation; the pretty form
		 * is a variant */
Kurt Zeilenga's avatar
Kurt Zeilenga committed
595
596
		rc = ldap_dn2str( dn, &dn_out,
			LDAP_DN_FORMAT_LDAPV3 | LDAP_DN_PRETTY );
597

598
599
600
		ldapava_free_dn( dn );

		if ( rc != LDAP_SUCCESS ) {
601
			return LDAP_INVALID_SYNTAX;
602
603
604
605
606
607
608
609
		}

		out = ber_bvstr( dn_out );

	} else {
		out = ber_bvdup( val );
	}

610
611
	Debug( LDAP_DEBUG_TRACE, "<<< dnPretty: <%s>\n", out->bv_val, 0, 0 );

612
	*pretty = out;
613

614
	return LDAP_SUCCESS;
615
616
}

Pierangelo Masarati's avatar
Pierangelo Masarati committed
617
618
619
620
621
622
/*
 * dn match routine
 *
 * note: uses exact string match (strcmp) because it is supposed to work
 * on normalized DNs.
 */
623
624
625
626
627
628
629
630
631
632
633
int
dnMatch(
	int *matchp,
	slap_mask_t flags,
	Syntax *syntax,
	MatchingRule *mr,
	struct berval *value,
	void *assertedValue )
{
	int match;
	struct berval *asserted = (struct berval *) assertedValue;
Pierangelo Masarati's avatar
Pierangelo Masarati committed
634
635
636
637

	assert( matchp );
	assert( value );
	assert( assertedValue );
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
	
	match = value->bv_len - asserted->bv_len;

	if ( match == 0 ) {
		match = strcmp( value->bv_val, asserted->bv_val );
	}

#ifdef NEW_LOGGING
	LDAP_LOG(( "schema", LDAP_LEVEL_ENTRY,
		"dnMatch: %d\n    %s\n    %s\n", match,
		value->bv_val, asserted->bv_val ));
#else
	Debug( LDAP_DEBUG_ARGS, "dnMatch %d\n\t\"%s\"\n\t\"%s\"\n",
		match, value->bv_val, asserted->bv_val );
#endif

	*matchp = match;
	return( LDAP_SUCCESS );
}


659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
static int
nameUIDValidate(
	Syntax *syntax,
	struct berval *in )
{
	int rc;
	struct berval *dn;

	if( in->bv_len == 0 ) return LDAP_SUCCESS;

	dn = ber_bvdup( in );

	if( dn->bv_val[dn->bv_len-1] == '\'' ) {
		/* assume presence of optional UID */
		ber_len_t i;

		for(i=dn->bv_len-2; i>2; i--) {
			if( dn->bv_val[i] != '0' &&	dn->bv_val[i] != '1' ) {
				break;
			}
		}
Stig Venaas's avatar
Stig Venaas committed
680
681
682
683
		if( dn->bv_val[i] != '\'' ||
		    dn->bv_val[i-1] != 'B' ||
		    dn->bv_val[i-2] != '#' ) {
			ber_bvfree( dn );
684
685
686
687
688
689
690
			return LDAP_INVALID_SYNTAX;
		}

		/* trim the UID to allow use of dn_validate */
		dn->bv_val[i-2] = '\0';
	}

Kurt Zeilenga's avatar
Kurt Zeilenga committed
691
	/* FIXME: should use dnValidate */
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
	rc = dn_validate( dn->bv_val ) == NULL
		? LDAP_INVALID_SYNTAX : LDAP_SUCCESS;

	ber_bvfree( dn );
	return rc;
}

static int
nameUIDNormalize(
	Syntax *syntax,
	struct berval *val,
	struct berval **normalized )
{
	struct berval *out = ber_bvdup( val );

	if( out->bv_len != 0 ) {
		char *dn;
		ber_len_t dnlen;
		char *uid = NULL;
		ber_len_t uidlen = 0;

		if( out->bv_val[out->bv_len-1] == '\'' ) {
			/* assume presence of optional UID */
			uid = strrchr( out->bv_val, '#' );

			if( uid == NULL ) {
				ber_bvfree( out );
				return LDAP_INVALID_SYNTAX;
			}

			uidlen = out->bv_len - (out->bv_val - uid);
			/* temporarily trim the UID */
			*uid = '\0';
		}

Kurt Zeilenga's avatar
Kurt Zeilenga committed
727
		/* FIXME: should use dnNormalize */
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
#ifdef USE_DN_NORMALIZE
		dn = dn_normalize( out->bv_val );
#else
		dn = dn_validate( out->bv_val );
#endif

		if( dn == NULL ) {
			ber_bvfree( out );
			return LDAP_INVALID_SYNTAX;
		}

		dnlen = strlen(dn);

		if( uidlen ) {
			/* restore the separator */
			*uid = '#';
			/* shift the UID */
			SAFEMEMCPY( &dn[dnlen], uid, uidlen );
		}

		out->bv_val = dn;
		out->bv_len = dnlen + uidlen;
	}

	*normalized = out;
	return LDAP_SUCCESS;
}

756
757
758
759
760
761
762
763
764
static int
inValidate(
	Syntax *syntax,
	struct berval *in )
{
	/* any value allowed */
	return LDAP_OTHER;
}

765
static int
766
blobValidate(
767
768
769
770
	Syntax *syntax,
	struct berval *in )
{
	/* any value allowed */
771
	return LDAP_SUCCESS;
772
773
}

774
775
776
777
778
779
780
781
782
783
784
785
786
static int
bitStringValidate(
	Syntax *syntax,
	struct berval *in )
{
	ber_len_t i;

	/* very unforgiving validation, requires no normalization
	 * before simplistic matching
	 */
	if( in->bv_len < 3 ) {
		return LDAP_INVALID_SYNTAX;
	}
787

788
789
790
791
792
793
794
795
796
797
	/*
	 * rfc 2252 section 6.3 Bit String
	 * bitstring = "'" *binary-digit "'"
	 * binary-digit = "0" / "1"
	 * example: '0101111101'B
	 */
	
	if( in->bv_val[0] != '\'' ||
		in->bv_val[in->bv_len-2] != '\'' ||
		in->bv_val[in->bv_len-1] != 'B' )
798
799
800
801
	{
		return LDAP_INVALID_SYNTAX;
	}

802
	for( i=in->bv_len-3; i>0; i-- ) {
803
804
805
806
807
808
809
810
		if( in->bv_val[i] != '0' && in->bv_val[i] != '1' ) {
			return LDAP_INVALID_SYNTAX;
		}
	}

	return LDAP_SUCCESS;
}

811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
static int
bitStringNormalize(
	Syntax *syntax,
	struct berval *val,
	struct berval **normalized )
{
	/*
     * A normalized bitString is has no extaneous (leading) zero bits.
	 * That is, '00010'B is normalized to '10'B
	 * However, as a special case, '0'B requires no normalization.
     */
	struct berval *newval;
	char *p;

	/* start at the first bit */
	p = &val->bv_val[1];

	/* Find the first non-zero bit */
	while ( *p == '0' ) p++;

	newval = (struct berval *) ch_malloc( sizeof(struct berval) );

	if( *p == '\'' ) {
		/* no non-zero bits */
		newval->bv_val = ch_strdup("\'0\'B");
		newval->bv_len = sizeof("\'0\'B") - 1;
		goto done;
	}

	newval->bv_val = ch_malloc( val->bv_len + 1 );

	newval->bv_val[0] = '\'';
	newval->bv_len = 1;

	for( ; *p != '\0'; p++ ) {
		newval->bv_val[newval->bv_len++] = *p;
	}

	newval->bv_val[newval->bv_len] = '\0';

done:
	*normalized = newval;
	return LDAP_SUCCESS;
}

856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
/*
 * Handling boolean syntax and matching is quite rigid.
 * A more flexible approach would be to allow a variety
 * of strings to be normalized and prettied into TRUE
 * and FALSE.
 */
static int
booleanValidate(
	Syntax *syntax,
	struct berval *in )
{
	/* very unforgiving validation, requires no normalization
	 * before simplistic matching
	 */

	if( in->bv_len == 4 ) {
		if( !memcmp( in->bv_val, "TRUE", 4 ) ) {
			return LDAP_SUCCESS;
		}
	} else if( in->bv_len == 5 ) {
		if( !memcmp( in->bv_val, "FALSE", 5 ) ) {
			return LDAP_SUCCESS;
		}
	}

	return LDAP_INVALID_SYNTAX;
}

static int
booleanMatch(
	int *matchp,
887
	slap_mask_t flags,
888
889
890
891
892
893
894
895
896
897
898
	Syntax *syntax,
	MatchingRule *mr,
	struct berval *value,
	void *assertedValue )
{
	/* simplistic matching allowed by rigid validation */
	struct berval *asserted = (struct berval *) assertedValue;
	*matchp = value->bv_len != asserted->bv_len;
	return LDAP_SUCCESS;
}

899
900
901
902
903
904
905
906
907
static int
UTF8StringValidate(
	Syntax *syntax,
	struct berval *in )
{
	ber_len_t count;
	int len;
	unsigned char *u = in->bv_val;

908
909
	if( !in->bv_len ) return LDAP_INVALID_SYNTAX;

910
	for( count = in->bv_len; count > 0; count-=len, u+=len ) {
911
912
913
914
		/* get the length indicated by the first byte */
		len = LDAP_UTF8_CHARLEN( u );

		/* should not be zero */
915
		if( len == 0 ) return LDAP_INVALID_SYNTAX;
916
917
918

		/* make sure len corresponds with the offset
			to the next character */
919
		if( LDAP_UTF8_OFFSET( u ) != len ) return LDAP_INVALID_SYNTAX;
920
921
	}

922
	if( count != 0 ) return LDAP_INVALID_SYNTAX;
923

924
	return LDAP_SUCCESS;
925
926
927
928
929
930
931
932
933
}

static int
UTF8StringNormalize(
	Syntax *syntax,
	struct berval *val,
	struct berval **normalized )
{
	struct berval *newval;
934
	char *p, *q, *s;
935

936
	newval = ch_malloc( sizeof( struct berval ) );
937

938
	p = val->bv_val;
939

940
941
942
	/* Ignore initial whitespace */
	while ( ldap_utf8_isspace( p ) ) {
		LDAP_UTF8_INCR( p );
Kurt Zeilenga's avatar
Kurt Zeilenga committed
943
	}
944

945
946
	if( *p == '\0' ) {
		ch_free( newval );
Kurt Zeilenga's avatar
Kurt Zeilenga committed
947
948
		return LDAP_INVALID_SYNTAX;
	}
949

950
951
952
	newval->bv_val = ch_strdup( p );
	p = q = newval->bv_val;
	s = NULL;
953

954
955
	while ( *p ) {
		int len;
956

957
958
959
960
961
		if ( ldap_utf8_isspace( p ) ) {
			len = LDAP_UTF8_COPY(q,p);
			s=q;
			p+=len;
			q+=len;
962

963
964
965
966
			/* Ignore the extra whitespace */
			while ( ldap_utf8_isspace( p ) ) {
				LDAP_UTF8_INCR( p );
			}
Kurt Zeilenga's avatar
Kurt Zeilenga committed
967
		} else {
968
969
970
971
			len = LDAP_UTF8_COPY(q,p);
			s=NULL;
			p+=len;
			q+=len;
Kurt Zeilenga's avatar
Kurt Zeilenga committed
972
		}
973
974
975
976
	}

	assert( *newval->bv_val );
	assert( newval->bv_val < p );
Kurt Zeilenga's avatar
Kurt Zeilenga committed
977
	assert( q <= p );
978

979
980
981
982
983
984
985
986
987
988
989
	/* cannot start with a space */
	assert( !ldap_utf8_isspace(newval->bv_val) );

	/*
	 * If the string ended in space, backup the pointer one
	 * position.  One is enough because the above loop collapsed
	 * all whitespace to a single space.
	 */

	if ( s != NULL ) {
		q = s;
Kurt Zeilenga's avatar
Kurt Zeilenga committed
990
	}
991

992
993
994
995
996
997
998
999
	/* cannot end with a space */
	assert( !ldap_utf8_isspace( LDAP_UTF8_PREV(q) ) );

	/* null terminate */
	*q = '\0';

	newval->bv_len = q - newval->bv_val;
	*normalized = newval;
1000

1001
	return LDAP_SUCCESS;
1002
1003
}

1004
1005
1006
1007
1008
1009
1010
1011
1012
1013
1014
1015
1016
1017
1018
1019
/* Returns Unicode cannonically normalized copy of a substring assertion
 * Skipping attribute description */
SubstringsAssertion *
UTF8SubstringsassertionNormalize(
	SubstringsAssertion *sa,
	char casefold )
{
	SubstringsAssertion *nsa;
	int i;

	nsa = (SubstringsAssertion *)ch_calloc( 1, sizeof(SubstringsAssertion) );
	if( nsa == NULL ) {
		return NULL;
	}

	if( sa->sa_initial != NULL ) {
1020
		nsa->sa_initial = ber_bvstr( UTF8normalize( sa->sa_initial, casefold ) );
1021
1022
1023
1024
1025
1026
1027
1028
1029
1030
1031
		if( nsa->sa_initial == NULL ) {
			goto err;
		}
	}

	if( sa->sa_any != NULL ) {
		for( i=0; sa->sa_any[i] != NULL; i++ ) {
			/* empty */
		}
		nsa->sa_any = (struct berval **)ch_malloc( (i + 1) * sizeof(struct berval *) );
		for( i=0; sa->sa_any[i] != NULL; i++ ) {
1032
			nsa->sa_any[i] = ber_bvstr( UTF8normalize( sa->sa_any[i], casefold ) );
1033
1034
1035
1036
1037
1038
1039
1040
			if( nsa->sa_any[i] == NULL ) {
				goto err;
			}
		}
		nsa->sa_any[i] = NULL;
	}

	if( sa->sa_final != NULL ) {
1041
		nsa->sa_final = ber_bvstr( UTF8normalize( sa->sa_final, casefold ) );
1042
1043
1044
1045
1046
1047
1048
1049
		if( nsa->sa_final == NULL ) {
			goto err;
		}
	}

	return nsa;

err:
1050
	ber_bvfree( nsa->sa_final );
1051
	ber_bvecfree( nsa->sa_any );
1052
	ber_bvfree( nsa->sa_initial );
1053
1054
1055
1056
	ch_free( nsa );
	return NULL;
}

1057
1058
1059
1060
1061
1062
1063
1064
1065
1066
1067
1068
1069
1070
1071
1072
1073
1074
1075
1076
1077
1078
1079
1080
/* Strip characters with the 8th bit set */
char *
strip8bitChars(
	char *in )      
{
	char *p = in, *q;
  
	if( in == NULL ) {
		return NULL;
	}
	while( *p ) {
		if( *p & 0x80 ) {
			q = p;
			while( *++q & 0x80 ) {
				/* empty */
			}
			p = memmove(p, q, strlen(q) + 1);
		} else {
			p++;
		}
	}
	return in;
}

1081
#ifndef SLAPD_APPROX_OLDSINGLESTRING
1082
1083
1084
1085
1086
1087
1088
1089
1090
1091
1092
1093
1094
1095
1096
1097
1098
1099

#if defined(SLAPD_APPROX_INITIALS)
#define SLAPD_APPROX_DELIMITER "._ "
#define SLAPD_APPROX_WORDLEN 2
#else
#define SLAPD_APPROX_DELIMITER " "
#define SLAPD_APPROX_WORDLEN 1
#endif

static int
approxMatch(
	int *matchp,
	slap_mask_t flags,
	Syntax *syntax,
	MatchingRule *mr,
	struct berval *value,
	void *assertedValue )
{
1100
	char *val, *nval, *assertv, **values, **words, *c;
1101
	int i, count, len, nextchunk=0, nextavail=0;
1102
	size_t avlen;
1103

1104
	/* Yes, this is necessary */
1105
	nval = UTF8normalize( value, UTF8_NOCASEFOLD );
1106
	if( nval == NULL ) {
1107
1108
1109
		*matchp = 1;
		return LDAP_SUCCESS;
	}
1110
	strip8bitChars( nval );
1111
1112

	/* Yes, this is necessary */
1113
	assertv = UTF8normalize( ((struct berval *)assertedValue),
1114
1115
				 UTF8_NOCASEFOLD );
	if( assertv == NULL ) {
1116
		ch_free( nval );
1117
1118
1119
1120
1121
		*matchp = 1;
		return LDAP_SUCCESS;
	}
	strip8bitChars( assertv );
	avlen = strlen( assertv );
1122
1123

	/* Isolate how many words there are */
1124
	for( c=nval,count=1; *c; c++ ) {
1125
1126
1127
1128
1129
1130
1131
1132
1133
		c = strpbrk( c, SLAPD_APPROX_DELIMITER );
		if ( c == NULL ) break;
		*c = '\0';
		count++;
	}

	/* Get a phonetic copy of each word */
	words = (char **)ch_malloc( count * sizeof(char *) );
	values = (char **)ch_malloc( count * sizeof(char *) );
1134
	for( c=nval,i=0;  i<count;  i++,c+=strlen(c)+1 ) {
1135
1136
1137
1138
		words[i] = c;
		values[i] = phonetic(c);
	}

1139
	/* Work through the asserted value's words, to see if at least some
1140
1141
	   of the words are there, in the same order. */
	len = 0;
1142
	while ( (size_t) nextchunk < avlen ) {
1143
		len = strcspn( assertv + nextchunk, SLAPD_APPROX_DELIMITER);
1144
1145
1146
1147
		if( len == 0 ) {
			nextchunk++;
			continue;
		}
1148
#if defined(SLAPD_APPROX_INITIALS)
1149
		else if( len == 1 ) {
1150
1151
			/* Single letter words need to at least match one word's initial */
			for( i=nextavail; i<count; i++ )
1152
1153
				if( !strncasecmp( assertv+nextchunk, words[i], 1 )) {
					nextavail=i+1;
1154
					break;
1155
				}
1156
1157
		}
#endif
1158
		else {
1159
1160
1161
1162
1163
1164
1165
1166
1167
1168
1169
			/* Isolate the next word in the asserted value and phonetic it */
			assertv[nextchunk+len] = '\0';
			val = phonetic( assertv + nextchunk );

			/* See if this phonetic chunk is in the remaining words of *value */
			for( i=nextavail; i<count; i++ ){
				if( !strcmp( val, values[i] ) ){
					nextavail = i+1;
					break;
				}
			}
1170
			ch_free( val );
1171
1172
1173
1174
1175
1176
1177
1178
1179
1180
1181
1182
1183
1184
1185
1186
1187
1188
1189
1190
1191
		}

		/* This chunk in the asserted value was NOT within the *value. */
		if( i >= count ) {
			nextavail=-1;
			break;
		}

		/* Go on to the next word in the asserted value */
		nextchunk += len+1;
	}

	/* If some of the words were seen, call it a match */
	if( nextavail > 0 ) {
		*matchp = 0;
	}
	else {
		*matchp = 1;
	}

	/* Cleanup allocs */
1192
	free( assertv );
1193
1194
1195
1196
1197
	for( i=0; i<count; i++ ) {
		ch_free( values[i] );
	}
	ch_free( values );
	ch_free( words );
1198
	ch_free( nval );
1199
1200
1201
1202
1203
1204
1205
1206
1207
1208
1209
1210
1211
1212
1213
1214
1215
1216
1217

	return LDAP_SUCCESS;
}

int 
approxIndexer(
	slap_mask_t use,
	slap_mask_t flags,
	Syntax *syntax,
	MatchingRule *mr,
	struct berval *prefix,
	struct berval **values,
	struct berval ***keysp )
{
	char *val, *c;
	int i,j, len, wordcount, keycount=0;
	struct berval **newkeys, **keys=NULL;

	for( j=0; values[j] != NULL; j++ ) {
1218
		/* Yes, this is necessary */
1219
		val = UTF8normalize( values[j], UTF8_NOCASEFOLD );
1220
1221
		strip8bitChars( val );

1222
		/* Isolate how many words there are. There will be a key for each */
Gary Williams's avatar
Gary Williams committed
1223
		for( wordcount=0,c=val;	 *c;  c++) {
1224
1225
1226
1227
1228
1229
1230
1231
1232
			len = strcspn(c, SLAPD_APPROX_DELIMITER);
			if( len >= SLAPD_APPROX_WORDLEN ) wordcount++;
			c+= len;
			if (*c == '\0') break;
			*c = '\0';
		}

		/* Allocate/increase storage to account for new keys */
		newkeys = (struct berval **)ch_malloc( (keycount + wordcount + 1) 
Kurt Zeilenga's avatar
Kurt Zeilenga committed
1233
			* sizeof(struct berval *) );
1234
1235
1236
1237
1238
		memcpy( newkeys, keys, keycount * sizeof(struct berval *) );
		if( keys ) ch_free( keys );
		keys = newkeys;

		/* Get a phonetic copy of each word */
Gary Williams's avatar
Gary Williams committed
1239
		for( c=val,i=0;	 i<wordcount;  c+=len+1	 ) {
1240
1241
1242
1243
1244
1245
1246
1247
1248
			len = strlen( c );
			if( len < SLAPD_APPROX_WORDLEN ) continue;
			keys[keycount] = (struct berval *)ch_malloc( sizeof(struct berval) );
			keys[keycount]->bv_val = phonetic( c );
			keys[keycount]->bv_len = strlen( keys[keycount]->bv_val );
			keycount++;
			i++;
		}

1249
		free( val );
1250
1251
1252
1253
1254
1255
1256
1257
1258
1259
1260
1261
1262
1263
1264
1265
1266
1267
1268
1269
1270
	}
	keys[keycount] = NULL;
	*keysp = keys;

	return LDAP_SUCCESS;
}

int 
approxFilter(
	slap_mask_t use,
	slap_mask_t flags,
	Syntax *syntax,
	MatchingRule *mr,
	struct berval *prefix,
	void * assertValue,
	struct berval ***keysp )
{
	char *val, *c;
	int i, count, len;
	struct berval **keys;

1271
	/* Yes, this is necessary */
1272
	val = UTF8normalize( ((struct berval *)assertValue),
1273
1274
1275
1276
1277
1278
1279
1280
1281
			     UTF8_NOCASEFOLD );
	if( val == NULL ) {
		keys = (struct berval **)ch_malloc( sizeof(struct berval *) );
		keys[0] = NULL;
		*keysp = keys;
		return LDAP_SUCCESS;
	}
	strip8bitChars( val );

1282
1283
1284
1285
1286
1287
1288
1289
1290
1291
1292
1293
1294
	/* Isolate how many words there are. There will be a key for each */
	for( count=0,c=val;  *c;  c++) {
		len = strcspn(c, SLAPD_APPROX_DELIMITER);
		if( len >= SLAPD_APPROX_WORDLEN ) count++;
		c+= len;
		if (*c == '\0') break;
		*c = '\0';
	}

	/* Allocate storage for new keys */
	keys = (struct berval **)ch_malloc( (count + 1) * sizeof(struct berval *) );

	/* Get a phonetic copy of each word */
Gary Williams's avatar
Gary Williams committed
1295
	for( c=val,i=0;	 i<count; c+=len+1 ) {
1296
1297
		len = strlen(c);
		if( len < SLAPD_APPROX_WORDLEN ) continue;
1298
		keys[i] = ber_bvstr( phonetic( c ) );
1299
1300
1301
		i++;
	}

1302
	free( val );
1303
1304
1305
1306
1307
1308
1309
1310
1311
1312
1313
1314
1315
1316
1317
1318
1319
1320
1321
1322
1323

	keys[count] = NULL;
	*keysp = keys;

	return LDAP_SUCCESS;
}


#else
/* No other form of Approximate Matching is defined */

static int
approxMatch(
	int *matchp,
	slap_mask_t flags,
	Syntax *syntax,
	MatchingRule *mr,
	struct berval *value,
	void *assertedValue )
{
	char *vapprox, *avapprox;
1324
	char *s, *t;
1325

1326
	/* Yes, this is necessary */
1327
	s = UTF8normalize( value, UTF8_NOCASEFOLD );
1328
1329
1330
1331
1332
1333
	if( s == NULL ) {
		*matchp = 1;
		return LDAP_SUCCESS;
	}

	/* Yes, this is necessary */
1334
	t = UTF8normalize( ((struct berval *)assertedValue),
1335
1336
1337
1338
1339
1340
1341
1342
1343
1344
1345
1346
			   UTF8_NOCASEFOLD );
	if( t == NULL ) {
		free( s );
		*matchp = -1;
		return LDAP_SUCCESS;
	}

	vapprox = phonetic( strip8bitChars( s ) );
	avapprox = phonetic( strip8bitChars( t ) );

	free( s );
	free( t );
1347
1348
1349
1350
1351
1352
1353
1354
1355
1356
1357
1358
1359
1360
1361
1362
1363
1364
1365
1366
1367

	*matchp = strcmp( vapprox, avapprox );

	ch_free( vapprox );
	ch_free( avapprox );

	return LDAP_SUCCESS;
}

int 
approxIndexer(
	slap_mask_t use,
	slap_mask_t flags,
	Syntax *syntax,
	MatchingRule *mr,
	struct berval *prefix,
	struct berval **values,
	struct berval ***keysp )
{
	int i;
	struct berval **keys;
1368
	char *s;
1369
1370

	for( i=0; values[i] != NULL; i++ ) {
Kurt Zeilenga's avatar
Kurt Zeilenga committed
1371
		/* empty - just count them */
1372
	}
Kurt Zeilenga's avatar
Kurt Zeilenga committed
1373
1374

	/* we should have at least one value at this point */
1375
1376
1377
1378
1379
1380
	assert( i > 0 );

	keys = (struct berval **)ch_malloc( sizeof( struct berval * ) * (i+1) );

	/* Copy each value and run it through phonetic() */
	for( i=0; values[i] != NULL; i++ ) {
1381
		/* Yes, this is necessary */
1382
		s = UTF8normalize( values[i], UTF8_NOCASEFOLD );
1383
1384
1385
1386

		/* strip 8-bit chars and run through phonetic() */
		keys[i] = ber_bvstr( phonetic( strip8bitChars( s ) ) );
		free( s );
1387
1388
1389
1390
1391
1392
1393
1394
1395
1396
1397
1398
1399
1400
1401
1402
1403
1404
1405
	}
	keys[i] = NULL;

	*keysp = keys;
	return LDAP_SUCCESS;
}


int 
approxFilter(
	slap_mask_t use,
	slap_mask_t flags,
	Syntax *syntax,
	MatchingRule *mr,
	struct berval *prefix,
	void *