schema_init.c 120 KB
Newer Older
1
2
3
/* schema_init.c - init builtin schema */
/* $OpenLDAP$ */
/*
Kurt Zeilenga's avatar
Kurt Zeilenga committed
4
 * Copyright 1998-2003 The OpenLDAP Foundation, All Rights Reserved.
5
6
7
8
9
10
 * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
 */

#include "portable.h"

#include <stdio.h>
Kurt Zeilenga's avatar
Kurt Zeilenga committed
11
#include <limits.h>
12
13

#include <ac/ctype.h>
14
#include <ac/errno.h>
15
16
17
18
19
#include <ac/string.h>
#include <ac/socket.h>

#include "slap.h"
#include "ldap_pvt.h"
Pierangelo Masarati's avatar
Pierangelo Masarati committed
20
#include "lber_pvt.h"
21

22
23
#include "ldap_utf8.h"

24
25
26
27
28
29
#include "lutil_hash.h"
#define HASH_BYTES				LUTIL_HASH_BYTES
#define HASH_CONTEXT			lutil_HASH_CTX
#define HASH_Init(c)			lutil_HASHInit(c)
#define HASH_Update(c,buf,len)	lutil_HASHUpdate(c,buf,len)
#define HASH_Final(d,c)			lutil_HASHFinal(d,c)
30

Kurt Zeilenga's avatar
Kurt Zeilenga committed
31
#ifdef SLAP_NVALUES
32
33
34
/* TO BE DELETED */
#define SLAP_MR_DN_FOLD (0)

35
36
37
#define SLAP_MR_ASSOCIATED(mr, with) \
	((mr) == (with) || (mr)->smr_associated == (with))

38
39
40
41
42
43
44
#define xUTF8StringNormalize NULL
#define xIA5StringNormalize NULL
#define xtelephoneNumberNormalize NULL
#define xgeneralizedTimeNormalize NULL
#define xintegerNormalize NULL
#define xnumericStringNormalize NULL
#define xnameUIDNormalize NULL
45
#define xdnNormalize NULL
46

47
48
49
50
51
52
53
54
55
56
57
58
59
/* (new) normalization routines */
#define caseExactIA5Normalize						IA5StringNormalize
#define caseIgnoreIA5Normalize						IA5StringNormalize
#define caseExactNormalize							UTF8StringNormalize
#define caseIgnoreNormalize							UTF8StringNormalize

#define integerNormalize							NULL
#define integerFirstComponentNormalize				NULL
#define objectIdentifierNormalize					NULL
#define objectIdentifierFirstComponentNormalize		NULL
#define generalizedTimeNormalize					NULL
#define bitStringNormalize							NULL

60
#define distinguishedNameNormalize	dnNormalize
61
62
63
64
#define distinguishedNameMatch  	dnMatch
#define distinguishedNameIndexer	octetStringIndexer
#define distinguishedNameFilter		octetStringFilter

65
#define uniqueMemberMatch			dnMatch /* FIXME! */
66
67
68
69
70

#define objectIdentifierMatch	octetStringMatch
#define objectIdentifierIndexer	octetStringIndexer
#define objectIdentifierFilter	octetStringFilter

71
72
#define OpenLDAPaciMatch						NULL

73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
#define bitStringMatch			octetStringMatch
#define bitStringIndexer		octetStringIndexer
#define bitStringFilter			octetStringFilter

#define integerMatch NULL
#define integerOrderingMatch NULL
#define integerIndexer NULL
#define integerFilter NULL

#define generalizedTimeMatch	NULL
#define generalizedTimeOrderingMatch	NULL

#define caseIgnoreMatch		octetStringMatch
#define caseIgnoreOrderingMatch		octetStringOrderingMatch
#define caseIgnoreIndexer	octetStringIndexer
#define caseIgnoreFilter	octetStringFilter

90
#define caseIgnoreSubstringsMatch		octetStringSubstringsMatch
91
92
#define caseIgnoreSubstringsIndexer		octetStringSubstringsIndexer
#define caseIgnoreSubstringsFilter		octetStringSubstringsFilter
93
94
95
96
97
98

#define caseExactMatch		octetStringMatch
#define caseExactOrderingMatch		octetStringOrderingMatch
#define caseExactIndexer	octetStringIndexer
#define caseExactFilter		octetStringFilter

99
#define caseExactSubstringsMatch		octetStringSubstringsMatch
100
101
#define caseExactSubstringsIndexer		octetStringSubstringsIndexer
#define caseExactSubstringsFilter		octetStringSubstringsFilter
102
103
104
105
106

#define caseExactIA5Match		octetStringMatch
#define caseExactIA5Indexer		octetStringIndexer
#define caseExactIA5Filter		octetStringFilter

107
#define caseExactIA5SubstringsMatch			octetStringSubstringsMatch
108
109
#define caseExactIA5SubstringsIndexer		octetStringSubstringsIndexer
#define caseExactIA5SubstringsFilter		octetStringSubstringsFilter
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134

#define caseIgnoreIA5Match		octetStringMatch
#define caseIgnoreIA5Indexer	octetStringIndexer
#define caseIgnoreIA5Filter		octetStringFilter

#define caseIgnoreIA5SubstringsMatch		caseExactIA5SubstringsMatch
#define caseIgnoreIA5SubstringsIndexer		caseExactIA5SubstringsIndexer
#define caseIgnoreIA5SubstringsFilter		caseExactIA5SubstringsFilter

#define numericStringMatch		octetStringMatch
#define numericStringIndexer	octetStringIndexer
#define numericStringFilter		octetStringFilter

#define numericStringSubstringsMatch		caseExactIA5SubstringsMatch
#define numericStringSubstringsIndexer		caseExactIA5SubstringsIndexer
#define numericStringSubstringsFilter		caseExactIA5SubstringsFilter

#define telephoneNumberMatch		octetStringMatch
#define telephoneNumberIndexer		octetStringIndexer
#define telephoneNumberFilter		octetStringFilter

#define telephoneNumberSubstringsMatch		caseExactIA5SubstringsMatch
#define telephoneNumberSubstringsIndexer	caseExactIA5SubstringsIndexer
#define telephoneNumberSubstringsFilter		caseExactIA5SubstringsFilter

Kurt Zeilenga's avatar
Kurt Zeilenga committed
135
136
#define booleanIndexer					octetStringIndexer
#define booleanFilter					octetStringFilter
Kurt Zeilenga's avatar
Kurt Zeilenga committed
137
138
#endif

139
/* validatation routines */
140
#define berValidate						blobValidate
141

142
/* approx matching rules */
143
144
145
146
#ifdef SLAP_NVALUES
#define directoryStringApproxMatchOID	NULL
#define IA5StringApproxMatchOID			NULL
#else
147
#define directoryStringApproxMatchOID	"1.3.6.1.4.1.4203.666.4.4"
Gary Williams's avatar
Gary Williams committed
148
149
150
#define directoryStringApproxMatch	approxMatch
#define directoryStringApproxIndexer	approxIndexer
#define directoryStringApproxFilter	approxFilter
151
#define IA5StringApproxMatchOID			"1.3.6.1.4.1.4203.666.4.5"
Gary Williams's avatar
Gary Williams committed
152
#define IA5StringApproxMatch			approxMatch
153
#define IA5StringApproxIndexer			approxIndexer
Gary Williams's avatar
Gary Williams committed
154
#define IA5StringApproxFilter			approxFilter
155
#endif
156

157
158
#ifndef SLAP_NVALUES

159
160
#define xdnNormalize dnNormalize

161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
/* (new) normalization routines */
#define caseExactNormalize							NULL
#define caseExactIA5Normalize						NULL
#define caseIgnoreNormalize							NULL
#define caseIgnoreIA5Normalize						NULL
#define distinguishedNameNormalize					NULL
#define integerNormalize							NULL
#define integerFirstComponentNormalize				NULL
#define numericStringNormalize						NULL
#define objectIdentifierNormalize					NULL
#define objectIdentifierFirstComponentNormalize		NULL
#define generalizedTimeNormalize					NULL
#define uniqueMemberNormalize						NULL
#define bitStringNormalize							NULL
#define telephoneNumberNormalize					NULL


178
179
180
181
/* matching routines */
#define bitStringMatch					octetStringMatch
#define bitStringIndexer				octetStringIndexer
#define bitStringFilter					octetStringFilter
182

183
184
185
186
187
#define numericStringMatch				caseIgnoreIA5Match
#define numericStringIndexer			NULL
#define numericStringFilter				NULL
#define numericStringSubstringsIndexer	NULL
#define numericStringSubstringsFilter	NULL
188

189
190
191
192
#define objectIdentifierMatch			octetStringMatch
#define objectIdentifierIndexer			caseIgnoreIA5Indexer
#define objectIdentifierFilter			caseIgnoreIA5Filter

193
194
#define octetStringSubstringsMatch		NULL
#define OpenLDAPaciMatch				NULL
195

196
197
198
199
200
#define generalizedTimeMatch			caseIgnoreIA5Match
#define generalizedTimeOrderingMatch	caseIgnoreIA5Match

#define uniqueMemberMatch				dnMatch
#define numericStringSubstringsMatch    NULL
201

202
203
204
205
206
207
208
209
210
211
212
213
#define caseExactIndexer				caseExactIgnoreIndexer
#define caseExactFilter					caseExactIgnoreFilter
#define caseExactOrderingMatch			caseExactMatch
#define caseExactSubstringsMatch		caseExactIgnoreSubstringsMatch
#define caseExactSubstringsIndexer		caseExactIgnoreSubstringsIndexer
#define caseExactSubstringsFilter		caseExactIgnoreSubstringsFilter
#define caseIgnoreIndexer				caseExactIgnoreIndexer
#define caseIgnoreFilter				caseExactIgnoreFilter
#define caseIgnoreOrderingMatch			caseIgnoreMatch
#define caseIgnoreSubstringsMatch		caseExactIgnoreSubstringsMatch
#define caseIgnoreSubstringsIndexer		caseExactIgnoreSubstringsIndexer
#define caseIgnoreSubstringsFilter		caseExactIgnoreSubstringsFilter
214

215
216
217
218
219
220
221
222
223
224
225
#define integerOrderingMatch			integerMatch
#define integerFirstComponentMatch		integerMatch

#define distinguishedNameMatch			dnMatch
#define distinguishedNameIndexer		caseExactIgnoreIndexer
#define distinguishedNameFilter			caseExactIgnoreFilter

#define telephoneNumberMatch			caseIgnoreIA5Match
#define telephoneNumberSubstringsMatch	caseIgnoreIA5SubstringsMatch
#define telephoneNumberIndexer				caseIgnoreIA5Indexer
#define telephoneNumberFilter				caseIgnoreIA5Filter
226
227
#define telephoneNumberSubstringsIndexer	caseIgnoreIA5SubstringsIndexer
#define telephoneNumberSubstringsFilter		caseIgnoreIA5SubstringsFilter
Kurt Zeilenga's avatar
Kurt Zeilenga committed
228
229
230

#define booleanIndexer					octetStringIndexer
#define booleanFilter					octetStringFilter
231
#endif
232

233

234
static char *bvcasechr( struct berval *bv, unsigned char c, ber_len_t *len )
235
{
236
	ber_len_t i;
237
238
	char lower = TOLOWER( c );
	char upper = TOUPPER( c );
239
240

	if( c == 0 ) return NULL;
241
242
243
244
245
246
	
	for( i=0; i < bv->bv_len; i++ ) {
		if( upper == bv->bv_val[i] || lower == bv->bv_val[i] ) {
			*len = i;
			return &bv->bv_val[i];
		}
247
	}
248
249

	return NULL;
250
}
251

252
253
254
static int
octetStringMatch(
	int *matchp,
255
	slap_mask_t flags,
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
	Syntax *syntax,
	MatchingRule *mr,
	struct berval *value,
	void *assertedValue )
{
	int match = value->bv_len - ((struct berval *) assertedValue)->bv_len;

	if( match == 0 ) {
		match = memcmp( value->bv_val,
			((struct berval *) assertedValue)->bv_val,
			value->bv_len );
	}

	*matchp = match;
	return LDAP_SUCCESS;
}

273
274
275
276
277
278
279
280
281
282
283
static int
octetStringOrderingMatch(
	int *matchp,
	slap_mask_t flags,
	Syntax *syntax,
	MatchingRule *mr,
	struct berval *value,
	void *assertedValue )
{
	ber_len_t v_len  = value->bv_len;
	ber_len_t av_len = ((struct berval *) assertedValue)->bv_len;
284

285
286
287
	int match = memcmp( value->bv_val,
		((struct berval *) assertedValue)->bv_val,
		(v_len < av_len ? v_len : av_len) );
288
289
290

	if( match == 0 ) match = v_len - av_len;

291
292
293
294
	*matchp = match;
	return LDAP_SUCCESS;
}

295
/* Index generation function */
296
int octetStringIndexer(
297
298
	slap_mask_t use,
	slap_mask_t flags,
299
300
301
	Syntax *syntax,
	MatchingRule *mr,
	struct berval *prefix,
302
303
	BerVarray values,
	BerVarray *keysp )
304
305
306
{
	int i;
	size_t slen, mlen;
307
	BerVarray keys;
308
	HASH_CONTEXT   HASHcontext;
Gary Williams's avatar
Gary Williams committed
309
	unsigned char	HASHdigest[HASH_BYTES];
310
	struct berval digest;
311
312
	digest.bv_val = HASHdigest;
	digest.bv_len = sizeof(HASHdigest);
313

314
	for( i=0; values[i].bv_val != NULL; i++ ) {
315
316
317
		/* just count them */
	}

Kurt Zeilenga's avatar
Kurt Zeilenga committed
318
319
320
	/* we should have at least one value at this point */
	assert( i > 0 );

321
	keys = ch_malloc( sizeof( struct berval ) * (i+1) );
322

323
324
	slen = syntax->ssyn_oidlen;
	mlen = mr->smr_oidlen;
325

326
	for( i=0; values[i].bv_val != NULL; i++ ) {
327
		HASH_Init( &HASHcontext );
328
		if( prefix != NULL && prefix->bv_len > 0 ) {
329
			HASH_Update( &HASHcontext,
330
331
				prefix->bv_val, prefix->bv_len );
		}
332
		HASH_Update( &HASHcontext,
333
			syntax->ssyn_oid, slen );
334
		HASH_Update( &HASHcontext,
335
			mr->smr_oid, mlen );
336
		HASH_Update( &HASHcontext,
337
			values[i].bv_val, values[i].bv_len );
338
		HASH_Final( HASHdigest, &HASHcontext );
339

340
		ber_dupbv( &keys[i], &digest );
341
342
	}

343
	keys[i].bv_val = NULL;
344
	keys[i].bv_len = 0;
345
346
347
348
349
350
351

	*keysp = keys;

	return LDAP_SUCCESS;
}

/* Index generation function */
352
int octetStringFilter(
353
354
	slap_mask_t use,
	slap_mask_t flags,
355
356
357
	Syntax *syntax,
	MatchingRule *mr,
	struct berval *prefix,
358
	void * assertedValue,
359
	BerVarray *keysp )
360
361
{
	size_t slen, mlen;
362
	BerVarray keys;
363
	HASH_CONTEXT   HASHcontext;
Gary Williams's avatar
Gary Williams committed
364
	unsigned char	HASHdigest[HASH_BYTES];
365
	struct berval *value = (struct berval *) assertedValue;
366
	struct berval digest;
367
368
	digest.bv_val = HASHdigest;
	digest.bv_len = sizeof(HASHdigest);
369

370
371
	slen = syntax->ssyn_oidlen;
	mlen = mr->smr_oidlen;
372

373
	keys = ch_malloc( sizeof( struct berval ) * 2 );
374

375
	HASH_Init( &HASHcontext );
376
	if( prefix != NULL && prefix->bv_len > 0 ) {
377
		HASH_Update( &HASHcontext,
378
379
			prefix->bv_val, prefix->bv_len );
	}
380
	HASH_Update( &HASHcontext,
381
		syntax->ssyn_oid, slen );
382
	HASH_Update( &HASHcontext,
383
		mr->smr_oid, mlen );
384
	HASH_Update( &HASHcontext,
385
		value->bv_val, value->bv_len );
386
	HASH_Final( HASHdigest, &HASHcontext );
387

388
389
	ber_dupbv( keys, &digest );
	keys[1].bv_val = NULL;
390
	keys[1].bv_len = 0;
391
392
393
394
395

	*keysp = keys;

	return LDAP_SUCCESS;
}
396

397
398
399
400
401
static int
inValidate(
	Syntax *syntax,
	struct berval *in )
{
Kurt Zeilenga's avatar
Kurt Zeilenga committed
402
403
	/* no value allowed */
	return LDAP_INVALID_SYNTAX;
404
405
}

406
static int
407
blobValidate(
408
409
410
411
	Syntax *syntax,
	struct berval *in )
{
	/* any value allowed */
412
	return LDAP_SUCCESS;
413
414
}

415
416
417
418
419
420
421
422
423
424
425
426
427
static int
bitStringValidate(
	Syntax *syntax,
	struct berval *in )
{
	ber_len_t i;

	/* very unforgiving validation, requires no normalization
	 * before simplistic matching
	 */
	if( in->bv_len < 3 ) {
		return LDAP_INVALID_SYNTAX;
	}
428

429
430
431
432
433
434
435
436
437
438
	/*
	 * rfc 2252 section 6.3 Bit String
	 * bitstring = "'" *binary-digit "'"
	 * binary-digit = "0" / "1"
	 * example: '0101111101'B
	 */
	
	if( in->bv_val[0] != '\'' ||
		in->bv_val[in->bv_len-2] != '\'' ||
		in->bv_val[in->bv_len-1] != 'B' )
439
440
441
442
	{
		return LDAP_INVALID_SYNTAX;
	}

443
	for( i=in->bv_len-3; i>0; i-- ) {
444
445
446
447
448
449
450
451
		if( in->bv_val[i] != '0' && in->bv_val[i] != '1' ) {
			return LDAP_INVALID_SYNTAX;
		}
	}

	return LDAP_SUCCESS;
}

452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
static int
nameUIDValidate(
	Syntax *syntax,
	struct berval *in )
{
	int rc;
	struct berval dn;

	if( in->bv_len == 0 ) return LDAP_SUCCESS;

	ber_dupbv( &dn, in );
	if( !dn.bv_val ) return LDAP_OTHER;

	if( dn.bv_val[dn.bv_len-1] == 'B'
		&& dn.bv_val[dn.bv_len-2] == '\'' )
	{
		/* assume presence of optional UID */
		ber_len_t i;

		for(i=dn.bv_len-3; i>1; i--) {
			if( dn.bv_val[i] != '0' &&	dn.bv_val[i] != '1' ) {
				break;
			}
		}
		if( dn.bv_val[i] != '\'' || dn.bv_val[i-1] != '#' ) {
			ber_memfree( dn.bv_val );
			return LDAP_INVALID_SYNTAX;
		}

		/* trim the UID to allow use of dnValidate */
		dn.bv_val[i-1] = '\0';
		dn.bv_len = i-1;
	}

	rc = dnValidate( NULL, &dn );

	ber_memfree( dn.bv_val );
	return rc;
}

492
493
494
495
496
497
498
499
500
#ifdef SLAP_NVALUES
static int
uniqueMemberNormalize(
	slap_mask_t usage,
	Syntax *syntax,
	MatchingRule *mr,
	struct berval *val,
	struct berval *normalized )
#else
501
static int
502
xnameUIDNormalize(
503
504
505
	Syntax *syntax,
	struct berval *val,
	struct berval *normalized )
506
#endif
507
508
509
510
511
512
{
	struct berval out;
	int rc;

	ber_dupbv( &out, val );
	if( out.bv_len != 0 ) {
513
		struct berval uid = { 0, NULL };
514
515
516
517
518

		if( out.bv_val[out.bv_len-1] == 'B'
			&& out.bv_val[out.bv_len-2] == '\'' )
		{
			/* assume presence of optional UID */
519
			uid.bv_val = strrchr( out.bv_val, '#' );
520

521
			if( uid.bv_val == NULL ) {
522
523
524
525
				free( out.bv_val );
				return LDAP_INVALID_SYNTAX;
			}

526
527
			uid.bv_len = out.bv_len - (uid.bv_val - out.bv_val);
			out.bv_len -= uid.bv_len--;
528
529

			/* temporarily trim the UID */
530
			*(uid.bv_val++) = '\0';
531
532
533
534
535
536
537
538
539
		}

		rc = dnNormalize2( NULL, &out, normalized );

		if( rc != LDAP_SUCCESS ) {
			free( out.bv_val );
			return LDAP_INVALID_SYNTAX;
		}

540
		if( uid.bv_len ) {
541
			normalized->bv_val = ch_realloc( normalized->bv_val,
542
				normalized->bv_len + uid.bv_len + sizeof("#") );
543
544
545
546
547
548

			/* insert the separator */
			normalized->bv_val[normalized->bv_len++] = '#';

			/* append the UID */
			AC_MEMCPY( &normalized->bv_val[normalized->bv_len],
549
550
				uid.bv_val, uid.bv_len );
			normalized->bv_len += uid.bv_len;
551
552
553
554
555
556
557
558
559
560
561

			/* terminate */
			normalized->bv_val[normalized->bv_len] = '\0';
		}

		free( out.bv_val );
	}

	return LDAP_SUCCESS;
}

562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
/*
 * Handling boolean syntax and matching is quite rigid.
 * A more flexible approach would be to allow a variety
 * of strings to be normalized and prettied into TRUE
 * and FALSE.
 */
static int
booleanValidate(
	Syntax *syntax,
	struct berval *in )
{
	/* very unforgiving validation, requires no normalization
	 * before simplistic matching
	 */

	if( in->bv_len == 4 ) {
		if( !memcmp( in->bv_val, "TRUE", 4 ) ) {
			return LDAP_SUCCESS;
		}
	} else if( in->bv_len == 5 ) {
		if( !memcmp( in->bv_val, "FALSE", 5 ) ) {
			return LDAP_SUCCESS;
		}
	}

	return LDAP_INVALID_SYNTAX;
}

static int
booleanMatch(
	int *matchp,
593
	slap_mask_t flags,
594
595
596
597
598
599
600
601
602
603
604
	Syntax *syntax,
	MatchingRule *mr,
	struct berval *value,
	void *assertedValue )
{
	/* simplistic matching allowed by rigid validation */
	struct berval *asserted = (struct berval *) assertedValue;
	*matchp = value->bv_len != asserted->bv_len;
	return LDAP_SUCCESS;
}

605
606
607
608
609
/*-------------------------------------------------------------------
LDAP/X.500 string syntax / matching rules have a few oddities.  This
comment attempts to detail how slapd(8) treats them.

Summary:
610
  StringSyntax		X.500	LDAP	Matching/Comments
611
612
  DirectoryString	CHOICE	UTF8	i/e + ignore insignificant spaces
  PrintableString	subset	subset	i/e + ignore insignificant spaces
613
  PrintableString	subset	subset	i/e + ignore insignificant spaces
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
  NumericString		subset	subset  ignore all spaces
  IA5String			ASCII	ASCII	i/e + ignore insignificant spaces
  TeletexString		T.61	T.61	i/e + ignore insignificant spaces

  TelephoneNumber subset  subset  i + ignore all spaces and "-"

  See draft-ietf-ldapbis-strpro for details (once published).


Directory String -
  In X.500(93), a directory string can be either a PrintableString,
  a bmpString, or a UniversalString (e.g., UCS (a subset of Unicode)).
  In later versions, more CHOICEs were added.  In all cases the string
  must be non-empty.

629
  In LDAPv3, a directory string is a UTF-8 encoded UCS string.
630
  A directory string cannot be zero length.
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676

  For matching, there are both case ignore and exact rules.  Both
  also require that "insignificant" spaces be ignored.
	spaces before the first non-space are ignored;
	spaces after the last non-space are ignored;
	spaces after a space are ignored.
  Note: by these rules (and as clarified in X.520), a string of only
  spaces is to be treated as if held one space, not empty (which
  would be a syntax error).

NumericString
  In ASN.1, numeric string is just a string of digits and spaces
  and could be empty.  However, in X.500, all attribute values of
  numeric string carry a non-empty constraint.  For example:

	internationalISDNNumber ATTRIBUTE ::= {
		WITH SYNTAX InternationalISDNNumber
		EQUALITY MATCHING RULE numericStringMatch
		SUBSTRINGS MATCHING RULE numericStringSubstringsMatch
		ID id-at-internationalISDNNumber }
	InternationalISDNNumber ::=
	    NumericString (SIZE(1..ub-international-isdn-number))

  Unforunately, some assertion values are don't carry the same
  constraint (but its unclear how such an assertion could ever
  be true). In LDAP, there is one syntax (numericString) not two
  (numericString with constraint, numericString without constraint).
  This should be treated as numericString with non-empty constraint.
  Note that while someone may have no ISDN number, there are no ISDN
  numbers which are zero length.

  In matching, spaces are ignored.

PrintableString
  In ASN.1, Printable string is just a string of printable characters
  and can be empty.  In X.500, semantics much like NumericString (see
  serialNumber for a like example) excepting uses insignificant space
  handling instead of ignore all spaces.  

IA5String
  Basically same as PrintableString.  There are no examples in X.500,
  but same logic applies.  So we require them to be non-empty as
  well.

-------------------------------------------------------------------*/

677
678
679
680
681
682
683
684
685
static int
UTF8StringValidate(
	Syntax *syntax,
	struct berval *in )
{
	ber_len_t count;
	int len;
	unsigned char *u = in->bv_val;

686
687
688
689
	if( in->bv_len == 0 && syntax == slap_schema.si_syn_directoryString ) {
		/* directory strings cannot be empty */
		return LDAP_INVALID_SYNTAX;
	}
690

691
	for( count = in->bv_len; count > 0; count-=len, u+=len ) {
692
		/* get the length indicated by the first byte */
693
		len = LDAP_UTF8_CHARLEN2( u, len );
694

Kurt Zeilenga's avatar
Kurt Zeilenga committed
695
696
697
		/* very basic checks */
		switch( len ) {
			case 6:
698
				if( (u[5] & 0xC0) != 0x80 ) {
Kurt Zeilenga's avatar
Kurt Zeilenga committed
699
700
701
					return LDAP_INVALID_SYNTAX;
				}
			case 5:
702
				if( (u[4] & 0xC0) != 0x80 ) {
Kurt Zeilenga's avatar
Kurt Zeilenga committed
703
704
705
					return LDAP_INVALID_SYNTAX;
				}
			case 4:
706
				if( (u[3] & 0xC0) != 0x80 ) {
Kurt Zeilenga's avatar
Kurt Zeilenga committed
707
708
709
					return LDAP_INVALID_SYNTAX;
				}
			case 3:
710
				if( (u[2] & 0xC0 )!= 0x80 ) {
Kurt Zeilenga's avatar
Kurt Zeilenga committed
711
712
713
					return LDAP_INVALID_SYNTAX;
				}
			case 2:
714
				if( (u[1] & 0xC0) != 0x80 ) {
Kurt Zeilenga's avatar
Kurt Zeilenga committed
715
716
717
					return LDAP_INVALID_SYNTAX;
				}
			case 1:
718
				/* CHARLEN already validated it */
Kurt Zeilenga's avatar
Kurt Zeilenga committed
719
720
721
722
				break;
			default:
				return LDAP_INVALID_SYNTAX;
		}
723
724
725

		/* make sure len corresponds with the offset
			to the next character */
726
		if( LDAP_UTF8_OFFSET( u ) != len ) return LDAP_INVALID_SYNTAX;
727
728
	}

729
730
731
	if( count != 0 ) {
		return LDAP_INVALID_SYNTAX;
	}
732

733
	return LDAP_SUCCESS;
734
735
}

736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
#ifdef SLAP_NVALUES
static int
UTF8StringNormalize(
	slap_mask_t use,
	Syntax *syntax,
	MatchingRule *mr,
	struct berval *val,
	struct berval *normalized )
{
	struct berval tmp, nvalue;
	int flags;
	int i, wasspace;

	if( val->bv_val == NULL ) {
		/* assume we're dealing with a syntax (e.g., UTF8String)
		 * which allows empty strings
		 */
		normalized->bv_len = 0;
		normalized->bv_val = NULL;
		return LDAP_SUCCESS;
	}

	flags = SLAP_MR_ASSOCIATED(mr, slap_schema.si_mr_caseExactMatch )
759
		? LDAP_UTF8_NOCASEFOLD : LDAP_UTF8_CASEFOLD;
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
	flags |= ( use & SLAP_MR_EQUALITY_APPROX == SLAP_MR_EQUALITY_APPROX )
		? LDAP_UTF8_APPROX : 0;

	val = UTF8bvnormalize( val, &tmp, flags );
	if( val == NULL ) {
		return LDAP_OTHER;
	}
	
	/* collapse spaces (in place) */
	nvalue.bv_len = 0;
	nvalue.bv_val = tmp.bv_val;

	wasspace=1; /* trim leading spaces */
	for( i=0; i<tmp.bv_len; i++) {
		if ( ASCII_SPACE( tmp.bv_val[i] )) {
			if( wasspace++ == 0 ) {
				/* trim repeated spaces */
				nvalue.bv_val[nvalue.bv_len++] = tmp.bv_val[i];
			}
		} else {
			wasspace = 0;
			nvalue.bv_val[nvalue.bv_len++] = tmp.bv_val[i];
		}
	}

	if( nvalue.bv_len ) {
		if( wasspace ) {
			/* last character was a space, trim it */
			--nvalue.bv_len;
		}
		nvalue.bv_val[nvalue.bv_len] = '\0';

	} else {
		/* string of all spaces is treated as one space */
		nvalue.bv_val[0] = ' ';
		nvalue.bv_val[1] = '\0';
		nvalue.bv_len = 1;
	}

799
	*normalized = nvalue;
800
801
802
	return LDAP_SUCCESS;
}
#else
803

804
static int
805
xUTF8StringNormalize(
806
807
	Syntax *syntax,
	struct berval *val,
808
	struct berval *normalized )
809
{
810
	char *p, *q, *s, *e;
811
	int len = 0;
812

Kurt Zeilenga's avatar
Kurt Zeilenga committed
813
814
815
	/* validator should have refused an empty string */
	assert( val->bv_len );

816
	p = val->bv_val;
817

818
	/* Ignore initial whitespace */
819
	/* All space is ASCII. All ASCII is 1 byte */
820
	for ( ; p < val->bv_val + val->bv_len && ASCII_SPACE( p[ 0 ] ); p++ );
821

822
	normalized->bv_len = val->bv_len - (p - val->bv_val);
Kurt Zeilenga's avatar
Kurt Zeilenga committed
823
824
825
826
827
828

	if( !normalized->bv_len ) {
		ber_mem2bv( " ", 1, 1, normalized );
		return LDAP_SUCCESS;
	}

829
830
	ber_mem2bv( p, normalized->bv_len, 1, normalized );
	e = normalized->bv_val + normalized->bv_len;
831
832
833
834

	assert( normalized->bv_val );

	p = q = normalized->bv_val;
835
	s = NULL;
836

837
	while ( p < e ) {
838
839
840
841
842
		q += len;
		if ( ASCII_SPACE( *p ) ) {
			s = q - len;
			len = 1;
			*q = *p++;
843

844
			/* Ignore the extra whitespace */
845
846
			while ( ASCII_SPACE( *p ) ) {
				p++;
847
			}
Kurt Zeilenga's avatar
Kurt Zeilenga committed
848
		} else {
849
850
851
			len = LDAP_UTF8_COPY(q,p);
			s=NULL;
			p+=len;
Kurt Zeilenga's avatar
Kurt Zeilenga committed
852
		}
853
854
	}

855
	assert( normalized->bv_val <= p );
856
	assert( q+len <= p );
857

858
	/* cannot start with a space */
859
	assert( !ASCII_SPACE( normalized->bv_val[0] ) );
860
861
862
863
864
865
866
867

	/*
	 * If the string ended in space, backup the pointer one
	 * position.  One is enough because the above loop collapsed
	 * all whitespace to a single space.
	 */

	if ( s != NULL ) {
Howard Chu's avatar
Howard Chu committed
868
		len = q - s;
869
		q = s;
Kurt Zeilenga's avatar
Kurt Zeilenga committed
870
	}
871

872
	/* cannot end with a space */
873
874
875
	assert( !ASCII_SPACE( *q ) );

	q += len;
876
877
878
879

	/* null terminate */
	*q = '\0';

880
	normalized->bv_len = q - normalized->bv_val;
881

882
	return LDAP_SUCCESS;
883
884
}

885
/* Returns Unicode canonically normalized copy of a substring assertion
886
 * Skipping attribute description */
887
static SubstringsAssertion *
888
UTF8SubstringsAssertionNormalize(
889
	SubstringsAssertion *sa,
Kurt Zeilenga's avatar
Kurt Zeilenga committed
890
	unsigned casefold )
891
892
893
894
{
	SubstringsAssertion *nsa;
	int i;

Julius Enarusai's avatar
   
Julius Enarusai committed
895
	nsa = (SubstringsAssertion *)SLAP_CALLOC( 1, sizeof(SubstringsAssertion) );
896
897
898
899
	if( nsa == NULL ) {
		return NULL;
	}

900
	if( sa->sa_initial.bv_val != NULL ) {
901
		UTF8bvnormalize( &sa->sa_initial, &nsa->sa_initial, casefold );
902
		if( nsa->sa_initial.bv_val == NULL ) {
903
904
905
906
907
			goto err;
		}
	}

	if( sa->sa_any != NULL ) {
908
		for( i=0; sa->sa_any[i].bv_val != NULL; i++ ) {
909
910
			/* empty */
		}
911
		nsa->sa_any = (struct berval *)
Julius Enarusai's avatar
   
Julius Enarusai committed
912
913
914
915
			SLAP_MALLOC( (i + 1) * sizeof(struct berval) );
		if( nsa->sa_any == NULL ) {
				goto err;
		}
916

917
		for( i=0; sa->sa_any[i].bv_val != NULL; i++ ) {
918
			UTF8bvnormalize( &sa->sa_any[i], &nsa->sa_any[i], 
919
				casefold );
920
			if( nsa->sa_any[i].bv_val == NULL ) {
921
922
923
				goto err;
			}
		}
924
		nsa->sa_any[i].bv_val = NULL;
925
926
	}

927
	if( sa->sa_final.bv_val != NULL ) {
928
		UTF8bvnormalize( &sa->sa_final, &nsa->sa_final, casefold );
929
		if( nsa->sa_final.bv_val == NULL ) {
930
931
932
933
934
935
936
			goto err;
		}
	}

	return nsa;

err:
Howard Chu's avatar
Howard Chu committed
937
	if ( nsa->sa_final.bv_val ) free( nsa->sa_final.bv_val );
938
	if ( nsa->sa_any ) ber_bvarray_free( nsa->sa_any );
Howard Chu's avatar
Howard Chu committed
939
	if ( nsa->sa_initial.bv_val ) free( nsa->sa_initial.bv_val );
940
941
942
943
	ch_free( nsa );
	return NULL;
}

944
#ifndef SLAPD_APPROX_OLDSINGLESTRING
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962

#if defined(SLAPD_APPROX_INITIALS)
#define SLAPD_APPROX_DELIMITER "._ "
#define SLAPD_APPROX_WORDLEN 2
#else
#define SLAPD_APPROX_DELIMITER " "
#define SLAPD_APPROX_WORDLEN 1
#endif

static int
approxMatch(
	int *matchp,
	slap_mask_t flags,
	Syntax *syntax,
	MatchingRule *mr,
	struct berval *value,
	void *assertedValue )
{
963
964
	struct berval *nval, *assertv;
	char *val, **values, **words, *c;
965
966
	int i, count, len, nextchunk=0, nextavail=0;

967
	/* Yes, this is necessary */
968
	nval = UTF8bvnormalize( value, NULL, LDAP_UTF8_APPROX );
969
	if( nval == NULL ) {
970
971
972
973
974
		*matchp = 1;
		return LDAP_SUCCESS;
	}

	/* Yes, this is necessary */
Kurt Zeilenga's avatar
Kurt Zeilenga committed
975
976
	assertv = UTF8bvnormalize( ((struct berval *)assertedValue),
		NULL, LDAP_UTF8_APPROX );
977
	if( assertv == NULL ) {
978
		ber_bvfree( nval );
979
980
981
		*matchp = 1;
		return LDAP_SUCCESS;
	}
982
983

	/* Isolate how many words there are */
984
	for ( c = nval->bv_val, count = 1; *c; c++ ) {
985
986
987
988
989
990
991
992
993
		c = strpbrk( c, SLAPD_APPROX_DELIMITER );
		if ( c == NULL ) break;
		*c = '\0';
		count++;
	}

	/* Get a phonetic copy of each word */
	words = (char **)ch_malloc( count * sizeof(char *) );
	values = (char **)ch_malloc( count * sizeof(char *) );
994
	for ( c = nval->bv_val, i = 0;  i < count; i++, c += strlen(c) + 1 ) {
995
996
997
998
		words[i] = c;
		values[i] = phonetic(c);
	}

999
	/* Work through the asserted value's words, to see if at least some
1000
1001
	   of the words are there, in the same order. */
	len = 0;
1002
1003
	while ( (ber_len_t) nextchunk < assertv->bv_len ) {
		len = strcspn( assertv->bv_val + nextchunk, SLAPD_APPROX_DELIMITER);
1004
1005
1006
1007
		if( len == 0 ) {
			nextchunk++;
			continue;
		}
1008
#if defined(SLAPD_APPROX_INITIALS)
1009
		else if( len == 1 ) {
1010
1011
			/* Single letter words need to at least match one word's initial */
			for( i=nextavail; i<count; i++ )
1012
				if( !strncasecmp( assertv->bv_val + nextchunk, words[i], 1 )) {
1013
					nextavail=i+1;
1014
					break;
1015
				}
1016
1017
		}
#endif
1018
		else {
1019
			/* Isolate the next word in the asserted value and phonetic it */
1020
1021
			assertv->bv_val[nextchunk+len] = '\0';
			val = phonetic( assertv->bv_val + nextchunk );
1022
1023
1024
1025
1026
1027
1028
1029

			/* See if this phonetic chunk is in the remaining words of *value */
			for( i=nextavail; i<count; i++ ){
				if( !strcmp( val, values[i] ) ){
					nextavail = i+1;
					break;
				}
			}
1030
			ch_free( val );
1031
1032
1033
1034
1035
1036
1037
1038
1039
1040
1041
1042
1043
1044
1045
1046
1047
1048
1049
1050
1051
		}

		/* This chunk in the asserted value was NOT within the *value. */
		if( i >= count ) {
			nextavail=-1;
			break;
		}

		/* Go on to the next word in the asserted value */
		nextchunk += len+1;
	}

	/* If some of the words were seen, call it a match */
	if( nextavail > 0 ) {
		*matchp = 0;
	}
	else {
		*matchp = 1;
	}

	/* Cleanup allocs */
1052
	ber_bvfree( assertv );
1053
1054
1055
1056
1057
	for( i=0; i<count; i++ ) {
		ch_free( values[i] );
	}
	ch_free( values );
	ch_free( words );
1058
	ber_bvfree( nval );
1059
1060
1061
1062

	return LDAP_SUCCESS;
}

1063
static int 
1064
1065
1066
1067
1068
1069
approxIndexer(
	slap_mask_t use,
	slap_mask_t flags,
	Syntax *syntax,
	MatchingRule *mr,
	struct berval *prefix,
1070
1071
	BerVarray values,
	BerVarray *keysp )
1072
{
1073
	char *c;
1074
	int i,j, len, wordcount, keycount=0;
1075
	struct berval *newkeys;
1076
	BerVarray keys=NULL;
1077

1078
	for( j=0; values[j].bv_val != NULL; j++ ) {
1079
		struct berval val = { 0, NULL };
1080
		/* Yes, this is necessary */
1081
1082
		UTF8bvnormalize( &values[j], &val, LDAP_UTF8_APPROX );
		assert( val.bv_val != NULL );
1083

1084
		/* Isolate how many words there are. There will be a key for each */
1085
		for( wordcount = 0, c = val.bv_val; *c; c++) {
1086
1087
1088
1089
1090
1091
1092
1093
			len = strcspn(c, SLAPD_APPROX_DELIMITER);
			if( len >= SLAPD_APPROX_WORDLEN ) wordcount++;
			c+= len;
			if (*c == '\0') break;
			*c = '\0';
		}

		/* Allocate/increase storage to account for new keys */
1094
1095
		newkeys = (struct berval *)ch_malloc( (keycount + wordcount + 1) 
			* sizeof(struct berval) );
Kurt Zeilenga's avatar
Kurt Zeilenga committed
1096
		AC_MEMCPY( newkeys, keys, keycount * sizeof(struct berval) );
1097
1098
1099
1100
		if( keys ) ch_free( keys );
		keys = newkeys;

		/* Get a phonetic copy of each word */
1101
		for( c = val.bv_val, i = 0; i < wordcount; c += len + 1 ) {
1102
1103
			len = strlen( c );
			if( len < SLAPD_APPROX_WORDLEN ) continue;
1104
			ber_str2bv( phonetic( c ), 0, 0, &keys[keycount] );
1105
1106
1107
1108
			keycount++;
			i++;
		}

1109
		ber_memfree( val.bv_val );
1110
	}
1111
	keys[keycount].bv_val = NULL;
1112
1113
1114
1115
1116
	*keysp = keys;

	return LDAP_SUCCESS;
}

1117
static int 
1118
1119
1120
1121
1122
1123
approxFilter(
	slap_mask_t use,
	slap_mask_t flags,
	Syntax *syntax,
	MatchingRule *mr,
	struct berval *prefix,
1124
	void * assertedValue,
1125
	BerVarray *keysp )
1126
{
1127
	char *c;
1128
	int i, count, len;
1129
	struct berval *val;
1130
	BerVarray keys;
1131

1132
	/* Yes, this is necessary */
1133
	val = UTF8bvnormalize( ((struct berval *)assertedValue),
Kurt Zeilenga's avatar
Kurt Zeilenga committed
1134
		NULL, LDAP_UTF8_APPROX );
1135
	if( val == NULL || val->bv_val == NULL ) {
1136
1137
		keys = (struct berval *)ch_malloc( sizeof(struct berval) );
		keys[0].bv_val = NULL;
1138
		*keysp = keys;
1139
		ber_bvfree( val );
1140
1141
1142
		return LDAP_SUCCESS;
	}

1143
	/* Isolate how many words there are. There will be a key for each */
1144
	for( count = 0,c = val->bv_val; *c; c++) {
1145
1146
1147
1148
1149
1150
1151
1152
		len = strcspn(c, SLAPD_APPROX_DELIMITER);
		if( len >= SLAPD_APPROX_WORDLEN ) count++;
		c+= len;
		if (*c == '\0') break;
		*c = '\0';
	}

	/* Allocate storage for new keys */
1153
	keys = (struct berval *)ch_malloc( (count + 1) * sizeof(struct berval) );
1154
1155

	/* Get a phonetic copy of each word */
1156
	for( c = val->bv_val, i = 0; i < count; c += len + 1 ) {
1157
1158
		len = strlen(c);
		if( len < SLAPD_APPROX_WORDLEN ) continue;
1159
		ber_str2bv( phonetic( c ), 0, 0, &keys[i] );