schema_init.c 111 KB
Newer Older
1
2
3
/* schema_init.c - init builtin schema */
/* $OpenLDAP$ */
/*
Kurt Zeilenga's avatar
Kurt Zeilenga committed
4
 * Copyright 1998-2003 The OpenLDAP Foundation, All Rights Reserved.
5
6
7
8
9
10
 * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
 */

#include "portable.h"

#include <stdio.h>
Kurt Zeilenga's avatar
Kurt Zeilenga committed
11
#include <limits.h>
12
13

#include <ac/ctype.h>
14
#include <ac/errno.h>
15
16
17
18
19
#include <ac/string.h>
#include <ac/socket.h>

#include "slap.h"
#include "ldap_pvt.h"
Pierangelo Masarati's avatar
Pierangelo Masarati committed
20
#include "lber_pvt.h"
21

22
23
#include "ldap_utf8.h"

24
25
26
27
28
29
#include "lutil_hash.h"
#define HASH_BYTES				LUTIL_HASH_BYTES
#define HASH_CONTEXT			lutil_HASH_CTX
#define HASH_Init(c)			lutil_HASHInit(c)
#define HASH_Update(c,buf,len)	lutil_HASHUpdate(c,buf,len)
#define HASH_Final(d,c)			lutil_HASHFinal(d,c)
30

Kurt Zeilenga's avatar
Kurt Zeilenga committed
31
32
33
34
#ifdef SLAP_NVALUES
#define SLAP_MR_DN_FOLD (0) /* TO BE DELETED */
#endif

35
/* recycled validatation routines */
36
#define berValidate						blobValidate
37
38

/* unimplemented pretters */
39
#define integerPretty					NULL
40
41

/* recycled matching routines */
42
#define bitStringMatch					octetStringMatch
43
#define numericStringMatch				caseIgnoreIA5Match
44
#define objectIdentifierMatch			octetStringMatch
45
#define telephoneNumberMatch			caseIgnoreIA5Match
46
#define telephoneNumberSubstringsMatch	caseIgnoreIA5SubstringsMatch
47
48
#define generalizedTimeMatch			caseIgnoreIA5Match
#define generalizedTimeOrderingMatch	caseIgnoreIA5Match
49
#define uniqueMemberMatch				dnMatch
50
#define integerFirstComponentMatch		integerMatch
51

52
53
/* approx matching rules */
#define directoryStringApproxMatchOID	"1.3.6.1.4.1.4203.666.4.4"
Gary Williams's avatar
Gary Williams committed
54
55
56
#define directoryStringApproxMatch	approxMatch
#define directoryStringApproxIndexer	approxIndexer
#define directoryStringApproxFilter	approxFilter
57
#define IA5StringApproxMatchOID			"1.3.6.1.4.1.4203.666.4.5"
Gary Williams's avatar
Gary Williams committed
58
#define IA5StringApproxMatch			approxMatch
59
#define IA5StringApproxIndexer			approxIndexer
Gary Williams's avatar
Gary Williams committed
60
#define IA5StringApproxFilter			approxFilter
61

62
/* ordering matching rules */
63
64
#define caseIgnoreOrderingMatch			caseIgnoreMatch
#define caseExactOrderingMatch			caseExactMatch
65
#define integerOrderingMatch			integerMatch
66

67
/* unimplemented matching routines */
68
69
70
71
#define caseIgnoreListMatch				NULL
#define caseIgnoreListSubstringsMatch	NULL
#define protocolInformationMatch		NULL

Kurt Zeilenga's avatar
Kurt Zeilenga committed
72
#ifdef SLAPD_ACI_ENABLED
73
#define OpenLDAPaciMatch				NULL
Kurt Zeilenga's avatar
Kurt Zeilenga committed
74
75
#endif
#ifdef SLAPD_AUTHPASSWD
76
#define authPasswordMatch				NULL
Kurt Zeilenga's avatar
Kurt Zeilenga committed
77
#endif
78
79

/* recycled indexing/filtering routines */
80
81
#define dnIndexer				caseExactIgnoreIndexer
#define dnFilter				caseExactIgnoreFilter
82
83
#define bitStringFilter			octetStringFilter
#define bitStringIndexer		octetStringIndexer
84

85
86
87
88
89
#define telephoneNumberIndexer			caseIgnoreIA5Indexer
#define telephoneNumberFilter			caseIgnoreIA5Filter
#define telephoneNumberSubstringsIndexer	caseIgnoreIA5SubstringsIndexer
#define telephoneNumberSubstringsFilter		caseIgnoreIA5SubstringsFilter

90
static char *bvcasechr( struct berval *bv, unsigned char c, ber_len_t *len )
91
{
92
	ber_len_t i;
93
94
	char lower = TOLOWER( c );
	char upper = TOUPPER( c );
95
96

	if( c == 0 ) return NULL;
97
98
99
100
101
102
	
	for( i=0; i < bv->bv_len; i++ ) {
		if( upper == bv->bv_val[i] || lower == bv->bv_val[i] ) {
			*len = i;
			return &bv->bv_val[i];
		}
103
	}
104
105

	return NULL;
106
}
107

108
109
110
static int
octetStringMatch(
	int *matchp,
111
	slap_mask_t flags,
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
	Syntax *syntax,
	MatchingRule *mr,
	struct berval *value,
	void *assertedValue )
{
	int match = value->bv_len - ((struct berval *) assertedValue)->bv_len;

	if( match == 0 ) {
		match = memcmp( value->bv_val,
			((struct berval *) assertedValue)->bv_val,
			value->bv_len );
	}

	*matchp = match;
	return LDAP_SUCCESS;
}

129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
static int
octetStringOrderingMatch(
	int *matchp,
	slap_mask_t flags,
	Syntax *syntax,
	MatchingRule *mr,
	struct berval *value,
	void *assertedValue )
{
	ber_len_t v_len  = value->bv_len;
	ber_len_t av_len = ((struct berval *) assertedValue)->bv_len;
	int match = memcmp( value->bv_val,
		((struct berval *) assertedValue)->bv_val,
		(v_len < av_len ? v_len : av_len) );
	if( match == 0 )
		match = v_len - av_len;
	*matchp = match;
	return LDAP_SUCCESS;
}

149
/* Index generation function */
150
int octetStringIndexer(
151
152
	slap_mask_t use,
	slap_mask_t flags,
153
154
155
	Syntax *syntax,
	MatchingRule *mr,
	struct berval *prefix,
156
157
	BerVarray values,
	BerVarray *keysp )
158
159
160
{
	int i;
	size_t slen, mlen;
161
	BerVarray keys;
162
	HASH_CONTEXT   HASHcontext;
Gary Williams's avatar
Gary Williams committed
163
	unsigned char	HASHdigest[HASH_BYTES];
164
	struct berval digest;
165
166
	digest.bv_val = HASHdigest;
	digest.bv_len = sizeof(HASHdigest);
167

168
	for( i=0; values[i].bv_val != NULL; i++ ) {
169
170
171
		/* just count them */
	}

Kurt Zeilenga's avatar
Kurt Zeilenga committed
172
173
174
	/* we should have at least one value at this point */
	assert( i > 0 );

175
	keys = ch_malloc( sizeof( struct berval ) * (i+1) );
176

177
178
	slen = syntax->ssyn_oidlen;
	mlen = mr->smr_oidlen;
179

180
	for( i=0; values[i].bv_val != NULL; i++ ) {
181
		HASH_Init( &HASHcontext );
182
		if( prefix != NULL && prefix->bv_len > 0 ) {
183
			HASH_Update( &HASHcontext,
184
185
				prefix->bv_val, prefix->bv_len );
		}
186
		HASH_Update( &HASHcontext,
187
			syntax->ssyn_oid, slen );
188
		HASH_Update( &HASHcontext,
189
			mr->smr_oid, mlen );
190
		HASH_Update( &HASHcontext,
191
			values[i].bv_val, values[i].bv_len );
192
		HASH_Final( HASHdigest, &HASHcontext );
193

194
		ber_dupbv( &keys[i], &digest );
195
196
	}

197
	keys[i].bv_val = NULL;
198
	keys[i].bv_len = 0;
199
200
201
202
203
204
205

	*keysp = keys;

	return LDAP_SUCCESS;
}

/* Index generation function */
206
int octetStringFilter(
207
208
	slap_mask_t use,
	slap_mask_t flags,
209
210
211
	Syntax *syntax,
	MatchingRule *mr,
	struct berval *prefix,
212
	void * assertedValue,
213
	BerVarray *keysp )
214
215
{
	size_t slen, mlen;
216
	BerVarray keys;
217
	HASH_CONTEXT   HASHcontext;
Gary Williams's avatar
Gary Williams committed
218
	unsigned char	HASHdigest[HASH_BYTES];
219
	struct berval *value = (struct berval *) assertedValue;
220
	struct berval digest;
221
222
	digest.bv_val = HASHdigest;
	digest.bv_len = sizeof(HASHdigest);
223

224
225
	slen = syntax->ssyn_oidlen;
	mlen = mr->smr_oidlen;
226

227
	keys = ch_malloc( sizeof( struct berval ) * 2 );
228

229
	HASH_Init( &HASHcontext );
230
	if( prefix != NULL && prefix->bv_len > 0 ) {
231
		HASH_Update( &HASHcontext,
232
233
			prefix->bv_val, prefix->bv_len );
	}
234
	HASH_Update( &HASHcontext,
235
		syntax->ssyn_oid, slen );
236
	HASH_Update( &HASHcontext,
237
		mr->smr_oid, mlen );
238
	HASH_Update( &HASHcontext,
239
		value->bv_val, value->bv_len );
240
	HASH_Final( HASHdigest, &HASHcontext );
241

242
243
	ber_dupbv( keys, &digest );
	keys[1].bv_val = NULL;
244
	keys[1].bv_len = 0;
245
246
247
248
249

	*keysp = keys;

	return LDAP_SUCCESS;
}
250

251
252
253
254
255
static int
inValidate(
	Syntax *syntax,
	struct berval *in )
{
Kurt Zeilenga's avatar
Kurt Zeilenga committed
256
257
	/* no value allowed */
	return LDAP_INVALID_SYNTAX;
258
259
}

260
static int
261
blobValidate(
262
263
264
265
	Syntax *syntax,
	struct berval *in )
{
	/* any value allowed */
266
	return LDAP_SUCCESS;
267
268
}

269
270
271
272
273
274
275
276
277
278
279
280
281
static int
bitStringValidate(
	Syntax *syntax,
	struct berval *in )
{
	ber_len_t i;

	/* very unforgiving validation, requires no normalization
	 * before simplistic matching
	 */
	if( in->bv_len < 3 ) {
		return LDAP_INVALID_SYNTAX;
	}
282

283
284
285
286
287
288
289
290
291
292
	/*
	 * rfc 2252 section 6.3 Bit String
	 * bitstring = "'" *binary-digit "'"
	 * binary-digit = "0" / "1"
	 * example: '0101111101'B
	 */
	
	if( in->bv_val[0] != '\'' ||
		in->bv_val[in->bv_len-2] != '\'' ||
		in->bv_val[in->bv_len-1] != 'B' )
293
294
295
296
	{
		return LDAP_INVALID_SYNTAX;
	}

297
	for( i=in->bv_len-3; i>0; i-- ) {
298
299
300
301
302
303
304
305
		if( in->bv_val[i] != '0' && in->bv_val[i] != '1' ) {
			return LDAP_INVALID_SYNTAX;
		}
	}

	return LDAP_SUCCESS;
}

306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
static int
nameUIDValidate(
	Syntax *syntax,
	struct berval *in )
{
	int rc;
	struct berval dn;

	if( in->bv_len == 0 ) return LDAP_SUCCESS;

	ber_dupbv( &dn, in );
	if( !dn.bv_val ) return LDAP_OTHER;

	if( dn.bv_val[dn.bv_len-1] == 'B'
		&& dn.bv_val[dn.bv_len-2] == '\'' )
	{
		/* assume presence of optional UID */
		ber_len_t i;

		for(i=dn.bv_len-3; i>1; i--) {
			if( dn.bv_val[i] != '0' &&	dn.bv_val[i] != '1' ) {
				break;
			}
		}
		if( dn.bv_val[i] != '\'' || dn.bv_val[i-1] != '#' ) {
			ber_memfree( dn.bv_val );
			return LDAP_INVALID_SYNTAX;
		}

		/* trim the UID to allow use of dnValidate */
		dn.bv_val[i-1] = '\0';
		dn.bv_len = i-1;
	}

	rc = dnValidate( NULL, &dn );

	ber_memfree( dn.bv_val );
	return rc;
}

static int
nameUIDNormalize(
	Syntax *syntax,
	struct berval *val,
	struct berval *normalized )
{
	struct berval out;
	int rc;

	ber_dupbv( &out, val );
	if( out.bv_len != 0 ) {
357
		struct berval uid = { 0, NULL };
358
359
360
361
362

		if( out.bv_val[out.bv_len-1] == 'B'
			&& out.bv_val[out.bv_len-2] == '\'' )
		{
			/* assume presence of optional UID */
363
			uid.bv_val = strrchr( out.bv_val, '#' );
364

365
			if( uid.bv_val == NULL ) {
366
367
368
369
				free( out.bv_val );
				return LDAP_INVALID_SYNTAX;
			}

370
371
			uid.bv_len = out.bv_len - (uid.bv_val - out.bv_val);
			out.bv_len -= uid.bv_len--;
372
373

			/* temporarily trim the UID */
374
			*(uid.bv_val++) = '\0';
375
376
377
378
379
380
381
382
383
		}

		rc = dnNormalize2( NULL, &out, normalized );

		if( rc != LDAP_SUCCESS ) {
			free( out.bv_val );
			return LDAP_INVALID_SYNTAX;
		}

384
		if( uid.bv_len ) {
385
			normalized->bv_val = ch_realloc( normalized->bv_val,
386
				normalized->bv_len + uid.bv_len + sizeof("#") );
387
388
389
390
391
392

			/* insert the separator */
			normalized->bv_val[normalized->bv_len++] = '#';

			/* append the UID */
			AC_MEMCPY( &normalized->bv_val[normalized->bv_len],
393
394
				uid.bv_val, uid.bv_len );
			normalized->bv_len += uid.bv_len;
395
396
397
398
399
400
401
402
403
404
405

			/* terminate */
			normalized->bv_val[normalized->bv_len] = '\0';
		}

		free( out.bv_val );
	}

	return LDAP_SUCCESS;
}

406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
/*
 * Handling boolean syntax and matching is quite rigid.
 * A more flexible approach would be to allow a variety
 * of strings to be normalized and prettied into TRUE
 * and FALSE.
 */
static int
booleanValidate(
	Syntax *syntax,
	struct berval *in )
{
	/* very unforgiving validation, requires no normalization
	 * before simplistic matching
	 */

	if( in->bv_len == 4 ) {
		if( !memcmp( in->bv_val, "TRUE", 4 ) ) {
			return LDAP_SUCCESS;
		}
	} else if( in->bv_len == 5 ) {
		if( !memcmp( in->bv_val, "FALSE", 5 ) ) {
			return LDAP_SUCCESS;
		}
	}

	return LDAP_INVALID_SYNTAX;
}

static int
booleanMatch(
	int *matchp,
437
	slap_mask_t flags,
438
439
440
441
442
443
444
445
446
447
448
	Syntax *syntax,
	MatchingRule *mr,
	struct berval *value,
	void *assertedValue )
{
	/* simplistic matching allowed by rigid validation */
	struct berval *asserted = (struct berval *) assertedValue;
	*matchp = value->bv_len != asserted->bv_len;
	return LDAP_SUCCESS;
}

449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
/*-------------------------------------------------------------------
LDAP/X.500 string syntax / matching rules have a few oddities.  This
comment attempts to detail how slapd(8) treats them.

Summary:
  StringSyntax		X.500	LDAP	Matching
  DirectoryString	CHOICE	UTF8	i/e + ignore insignificant spaces
  PrintableString	subset	subset	i/e + ignore insignificant spaces
  NumericString		subset	subset  ignore all spaces
  IA5String			ASCII	ASCII	i/e + ignore insignificant spaces
  TeletexString		T.61	T.61	i/e + ignore insignificant spaces

  TelephoneNumber subset  subset  i + ignore all spaces and "-"

  See draft-ietf-ldapbis-strpro for details (once published).


Directory String -
  In X.500(93), a directory string can be either a PrintableString,
  a bmpString, or a UniversalString (e.g., UCS (a subset of Unicode)).
  In later versions, more CHOICEs were added.  In all cases the string
  must be non-empty.

472
  In LDAPv3, a directory string is a UTF-8 encoded UCS string.
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518

  For matching, there are both case ignore and exact rules.  Both
  also require that "insignificant" spaces be ignored.
	spaces before the first non-space are ignored;
	spaces after the last non-space are ignored;
	spaces after a space are ignored.
  Note: by these rules (and as clarified in X.520), a string of only
  spaces is to be treated as if held one space, not empty (which
  would be a syntax error).

NumericString
  In ASN.1, numeric string is just a string of digits and spaces
  and could be empty.  However, in X.500, all attribute values of
  numeric string carry a non-empty constraint.  For example:

	internationalISDNNumber ATTRIBUTE ::= {
		WITH SYNTAX InternationalISDNNumber
		EQUALITY MATCHING RULE numericStringMatch
		SUBSTRINGS MATCHING RULE numericStringSubstringsMatch
		ID id-at-internationalISDNNumber }
	InternationalISDNNumber ::=
	    NumericString (SIZE(1..ub-international-isdn-number))

  Unforunately, some assertion values are don't carry the same
  constraint (but its unclear how such an assertion could ever
  be true). In LDAP, there is one syntax (numericString) not two
  (numericString with constraint, numericString without constraint).
  This should be treated as numericString with non-empty constraint.
  Note that while someone may have no ISDN number, there are no ISDN
  numbers which are zero length.

  In matching, spaces are ignored.

PrintableString
  In ASN.1, Printable string is just a string of printable characters
  and can be empty.  In X.500, semantics much like NumericString (see
  serialNumber for a like example) excepting uses insignificant space
  handling instead of ignore all spaces.  

IA5String
  Basically same as PrintableString.  There are no examples in X.500,
  but same logic applies.  So we require them to be non-empty as
  well.

-------------------------------------------------------------------*/

519
520
521
522
523
524
525
526
527
static int
UTF8StringValidate(
	Syntax *syntax,
	struct berval *in )
{
	ber_len_t count;
	int len;
	unsigned char *u = in->bv_val;

528
529
	if( !in->bv_len ) return LDAP_INVALID_SYNTAX;

530
	for( count = in->bv_len; count > 0; count-=len, u+=len ) {
531
		/* get the length indicated by the first byte */
532
		len = LDAP_UTF8_CHARLEN2( u, len );
533

Kurt Zeilenga's avatar
Kurt Zeilenga committed
534
535
536
		/* very basic checks */
		switch( len ) {
			case 6:
537
				if( (u[5] & 0xC0) != 0x80 ) {
Kurt Zeilenga's avatar
Kurt Zeilenga committed
538
539
540
					return LDAP_INVALID_SYNTAX;
				}
			case 5:
541
				if( (u[4] & 0xC0) != 0x80 ) {
Kurt Zeilenga's avatar
Kurt Zeilenga committed
542
543
544
					return LDAP_INVALID_SYNTAX;
				}
			case 4:
545
				if( (u[3] & 0xC0) != 0x80 ) {
Kurt Zeilenga's avatar
Kurt Zeilenga committed
546
547
548
					return LDAP_INVALID_SYNTAX;
				}
			case 3:
549
				if( (u[2] & 0xC0 )!= 0x80 ) {
Kurt Zeilenga's avatar
Kurt Zeilenga committed
550
551
552
					return LDAP_INVALID_SYNTAX;
				}
			case 2:
553
				if( (u[1] & 0xC0) != 0x80 ) {
Kurt Zeilenga's avatar
Kurt Zeilenga committed
554
555
556
					return LDAP_INVALID_SYNTAX;
				}
			case 1:
557
				/* CHARLEN already validated it */
Kurt Zeilenga's avatar
Kurt Zeilenga committed
558
559
560
561
				break;
			default:
				return LDAP_INVALID_SYNTAX;
		}
562
563
564

		/* make sure len corresponds with the offset
			to the next character */
565
		if( LDAP_UTF8_OFFSET( u ) != len ) return LDAP_INVALID_SYNTAX;
566
567
	}

568
	if( count != 0 ) return LDAP_INVALID_SYNTAX;
569

570
	return LDAP_SUCCESS;
571
572
573
574
575
576
}

static int
UTF8StringNormalize(
	Syntax *syntax,
	struct berval *val,
577
	struct berval *normalized )
578
{
579
	char *p, *q, *s, *e;
580
	int len = 0;
581

Kurt Zeilenga's avatar
Kurt Zeilenga committed
582
583
584
	/* validator should have refused an empty string */
	assert( val->bv_len );

585
	p = val->bv_val;
586

587
	/* Ignore initial whitespace */
588
	/* All space is ASCII. All ASCII is 1 byte */
589
	for ( ; p < val->bv_val + val->bv_len && ASCII_SPACE( p[ 0 ] ); p++ );
590

591
	normalized->bv_len = val->bv_len - (p - val->bv_val);
Kurt Zeilenga's avatar
Kurt Zeilenga committed
592
593
594
595
596
597

	if( !normalized->bv_len ) {
		ber_mem2bv( " ", 1, 1, normalized );
		return LDAP_SUCCESS;
	}

598
599
	ber_mem2bv( p, normalized->bv_len, 1, normalized );
	e = normalized->bv_val + normalized->bv_len;
600
601
602
603

	assert( normalized->bv_val );

	p = q = normalized->bv_val;
604
	s = NULL;
605

606
	while ( p < e ) {
607
608
609
610
611
		q += len;
		if ( ASCII_SPACE( *p ) ) {
			s = q - len;
			len = 1;
			*q = *p++;
612

613
			/* Ignore the extra whitespace */
614
615
			while ( ASCII_SPACE( *p ) ) {
				p++;
616
			}
Kurt Zeilenga's avatar
Kurt Zeilenga committed
617
		} else {
618
619
620
			len = LDAP_UTF8_COPY(q,p);
			s=NULL;
			p+=len;
Kurt Zeilenga's avatar
Kurt Zeilenga committed
621
		}
622
623
	}

624
	assert( normalized->bv_val <= p );
625
	assert( q+len <= p );
626

627
	/* cannot start with a space */
628
	assert( !ASCII_SPACE( normalized->bv_val[0] ) );
629
630
631
632
633
634
635
636

	/*
	 * If the string ended in space, backup the pointer one
	 * position.  One is enough because the above loop collapsed
	 * all whitespace to a single space.
	 */

	if ( s != NULL ) {
Howard Chu's avatar
Howard Chu committed
637
		len = q - s;
638
		q = s;
Kurt Zeilenga's avatar
Kurt Zeilenga committed
639
	}
640

641
	/* cannot end with a space */
642
643
644
	assert( !ASCII_SPACE( *q ) );

	q += len;
645
646
647
648

	/* null terminate */
	*q = '\0';

649
	normalized->bv_len = q - normalized->bv_val;
650

651
	return LDAP_SUCCESS;
652
653
}

654
/* Returns Unicode canonically normalized copy of a substring assertion
655
 * Skipping attribute description */
656
static SubstringsAssertion *
657
658
UTF8SubstringsassertionNormalize(
	SubstringsAssertion *sa,
Kurt Zeilenga's avatar
Kurt Zeilenga committed
659
	unsigned casefold )
660
661
662
663
{
	SubstringsAssertion *nsa;
	int i;

Julius Enarusai's avatar
   
Julius Enarusai committed
664
	nsa = (SubstringsAssertion *)SLAP_CALLOC( 1, sizeof(SubstringsAssertion) );
665
666
667
668
	if( nsa == NULL ) {
		return NULL;
	}

669
	if( sa->sa_initial.bv_val != NULL ) {
670
		UTF8bvnormalize( &sa->sa_initial, &nsa->sa_initial, casefold );
671
		if( nsa->sa_initial.bv_val == NULL ) {
672
673
674
675
676
			goto err;
		}
	}

	if( sa->sa_any != NULL ) {
677
		for( i=0; sa->sa_any[i].bv_val != NULL; i++ ) {
678
679
			/* empty */
		}
680
		nsa->sa_any = (struct berval *)
Julius Enarusai's avatar
   
Julius Enarusai committed
681
682
683
684
			SLAP_MALLOC( (i + 1) * sizeof(struct berval) );
		if( nsa->sa_any == NULL ) {
				goto err;
		}
685

686
		for( i=0; sa->sa_any[i].bv_val != NULL; i++ ) {
687
			UTF8bvnormalize( &sa->sa_any[i], &nsa->sa_any[i], 
688
				casefold );
689
			if( nsa->sa_any[i].bv_val == NULL ) {
690
691
692
				goto err;
			}
		}
693
		nsa->sa_any[i].bv_val = NULL;
694
695
	}

696
	if( sa->sa_final.bv_val != NULL ) {
697
		UTF8bvnormalize( &sa->sa_final, &nsa->sa_final, casefold );
698
		if( nsa->sa_final.bv_val == NULL ) {
699
700
701
702
703
704
705
			goto err;
		}
	}

	return nsa;

err:
Howard Chu's avatar
Howard Chu committed
706
	if ( nsa->sa_final.bv_val ) free( nsa->sa_final.bv_val );
707
	if ( nsa->sa_any ) ber_bvarray_free( nsa->sa_any );
Howard Chu's avatar
Howard Chu committed
708
	if ( nsa->sa_initial.bv_val ) free( nsa->sa_initial.bv_val );
709
710
711
712
	ch_free( nsa );
	return NULL;
}

713
#ifndef SLAPD_APPROX_OLDSINGLESTRING
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731

#if defined(SLAPD_APPROX_INITIALS)
#define SLAPD_APPROX_DELIMITER "._ "
#define SLAPD_APPROX_WORDLEN 2
#else
#define SLAPD_APPROX_DELIMITER " "
#define SLAPD_APPROX_WORDLEN 1
#endif

static int
approxMatch(
	int *matchp,
	slap_mask_t flags,
	Syntax *syntax,
	MatchingRule *mr,
	struct berval *value,
	void *assertedValue )
{
732
733
	struct berval *nval, *assertv;
	char *val, **values, **words, *c;
734
735
	int i, count, len, nextchunk=0, nextavail=0;

736
	/* Yes, this is necessary */
737
	nval = UTF8bvnormalize( value, NULL, LDAP_UTF8_APPROX );
738
	if( nval == NULL ) {
739
740
741
742
743
		*matchp = 1;
		return LDAP_SUCCESS;
	}

	/* Yes, this is necessary */
Kurt Zeilenga's avatar
Kurt Zeilenga committed
744
745
	assertv = UTF8bvnormalize( ((struct berval *)assertedValue),
		NULL, LDAP_UTF8_APPROX );
746
	if( assertv == NULL ) {
747
		ber_bvfree( nval );
748
749
750
		*matchp = 1;
		return LDAP_SUCCESS;
	}
751
752

	/* Isolate how many words there are */
753
	for ( c = nval->bv_val, count = 1; *c; c++ ) {
754
755
756
757
758
759
760
761
762
		c = strpbrk( c, SLAPD_APPROX_DELIMITER );
		if ( c == NULL ) break;
		*c = '\0';
		count++;
	}

	/* Get a phonetic copy of each word */
	words = (char **)ch_malloc( count * sizeof(char *) );
	values = (char **)ch_malloc( count * sizeof(char *) );
763
	for ( c = nval->bv_val, i = 0;  i < count; i++, c += strlen(c) + 1 ) {
764
765
766
767
		words[i] = c;
		values[i] = phonetic(c);
	}

768
	/* Work through the asserted value's words, to see if at least some
769
770
	   of the words are there, in the same order. */
	len = 0;
771
772
	while ( (ber_len_t) nextchunk < assertv->bv_len ) {
		len = strcspn( assertv->bv_val + nextchunk, SLAPD_APPROX_DELIMITER);
773
774
775
776
		if( len == 0 ) {
			nextchunk++;
			continue;
		}
777
#if defined(SLAPD_APPROX_INITIALS)
778
		else if( len == 1 ) {
779
780
			/* Single letter words need to at least match one word's initial */
			for( i=nextavail; i<count; i++ )
781
				if( !strncasecmp( assertv->bv_val + nextchunk, words[i], 1 )) {
782
					nextavail=i+1;
783
					break;
784
				}
785
786
		}
#endif
787
		else {
788
			/* Isolate the next word in the asserted value and phonetic it */
789
790
			assertv->bv_val[nextchunk+len] = '\0';
			val = phonetic( assertv->bv_val + nextchunk );
791
792
793
794
795
796
797
798

			/* See if this phonetic chunk is in the remaining words of *value */
			for( i=nextavail; i<count; i++ ){
				if( !strcmp( val, values[i] ) ){
					nextavail = i+1;
					break;
				}
			}
799
			ch_free( val );
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
		}

		/* This chunk in the asserted value was NOT within the *value. */
		if( i >= count ) {
			nextavail=-1;
			break;
		}

		/* Go on to the next word in the asserted value */
		nextchunk += len+1;
	}

	/* If some of the words were seen, call it a match */
	if( nextavail > 0 ) {
		*matchp = 0;
	}
	else {
		*matchp = 1;
	}

	/* Cleanup allocs */
821
	ber_bvfree( assertv );
822
823
824
825
826
	for( i=0; i<count; i++ ) {
		ch_free( values[i] );
	}
	ch_free( values );
	ch_free( words );
827
	ber_bvfree( nval );
828
829
830
831

	return LDAP_SUCCESS;
}

832
static int 
833
834
835
836
837
838
approxIndexer(
	slap_mask_t use,
	slap_mask_t flags,
	Syntax *syntax,
	MatchingRule *mr,
	struct berval *prefix,
839
840
	BerVarray values,
	BerVarray *keysp )
841
{
842
	char *c;
843
	int i,j, len, wordcount, keycount=0;
844
	struct berval *newkeys;
845
	BerVarray keys=NULL;
846

847
	for( j=0; values[j].bv_val != NULL; j++ ) {
848
		struct berval val = { 0, NULL };
849
		/* Yes, this is necessary */
850
851
		UTF8bvnormalize( &values[j], &val, LDAP_UTF8_APPROX );
		assert( val.bv_val != NULL );
852

853
		/* Isolate how many words there are. There will be a key for each */
854
		for( wordcount = 0, c = val.bv_val; *c; c++) {
855
856
857
858
859
860
861
862
			len = strcspn(c, SLAPD_APPROX_DELIMITER);
			if( len >= SLAPD_APPROX_WORDLEN ) wordcount++;
			c+= len;
			if (*c == '\0') break;
			*c = '\0';
		}

		/* Allocate/increase storage to account for new keys */
863
864
		newkeys = (struct berval *)ch_malloc( (keycount + wordcount + 1) 
			* sizeof(struct berval) );
Kurt Zeilenga's avatar
Kurt Zeilenga committed
865
		AC_MEMCPY( newkeys, keys, keycount * sizeof(struct berval) );
866
867
868
869
		if( keys ) ch_free( keys );
		keys = newkeys;

		/* Get a phonetic copy of each word */
870
		for( c = val.bv_val, i = 0; i < wordcount; c += len + 1 ) {
871
872
			len = strlen( c );
			if( len < SLAPD_APPROX_WORDLEN ) continue;
873
			ber_str2bv( phonetic( c ), 0, 0, &keys[keycount] );
874
875
876
877
			keycount++;
			i++;
		}

878
		ber_memfree( val.bv_val );
879
	}
880
	keys[keycount].bv_val = NULL;
881
882
883
884
885
	*keysp = keys;

	return LDAP_SUCCESS;
}

886
static int 
887
888
889
890
891
892
approxFilter(
	slap_mask_t use,
	slap_mask_t flags,
	Syntax *syntax,
	MatchingRule *mr,
	struct berval *prefix,
893
	void * assertedValue,
894
	BerVarray *keysp )
895
{
896
	char *c;
897
	int i, count, len;
898
	struct berval *val;
899
	BerVarray keys;
900

901
	/* Yes, this is necessary */
902
	val = UTF8bvnormalize( ((struct berval *)assertedValue),
Kurt Zeilenga's avatar
Kurt Zeilenga committed
903
		NULL, LDAP_UTF8_APPROX );
904
	if( val == NULL || val->bv_val == NULL ) {
905
906
		keys = (struct berval *)ch_malloc( sizeof(struct berval) );
		keys[0].bv_val = NULL;
907
		*keysp = keys;
908
		ber_bvfree( val );
909
910
911
		return LDAP_SUCCESS;
	}

912
	/* Isolate how many words there are. There will be a key for each */
913
	for( count = 0,c = val->bv_val; *c; c++) {
914
915
916
917
918
919
920
921
		len = strcspn(c, SLAPD_APPROX_DELIMITER);
		if( len >= SLAPD_APPROX_WORDLEN ) count++;
		c+= len;
		if (*c == '\0') break;
		*c = '\0';
	}

	/* Allocate storage for new keys */
922
	keys = (struct berval *)ch_malloc( (count + 1) * sizeof(struct berval) );
923
924

	/* Get a phonetic copy of each word */
925
	for( c = val->bv_val, i = 0; i < count; c += len + 1 ) {
926
927
		len = strlen(c);
		if( len < SLAPD_APPROX_WORDLEN ) continue;
928
		ber_str2bv( phonetic( c ), 0, 0, &keys[i] );
929
930
931
		i++;
	}

932
	ber_bvfree( val );
933

934
	keys[count].bv_val = NULL;
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
	*keysp = keys;

	return LDAP_SUCCESS;
}


#else
/* No other form of Approximate Matching is defined */

static int
approxMatch(
	int *matchp,
	slap_mask_t flags,
	Syntax *syntax,
	MatchingRule *mr,
	struct berval *value,
	void *assertedValue )
{
	char *vapprox, *avapprox;
954
	char *s, *t;
955

956
	/* Yes, this is necessary */
957
	s = UTF8normalize( value, UTF8_NOCASEFOLD );
958
959
960
961
962
963
	if( s == NULL ) {
		*matchp = 1;
		return LDAP_SUCCESS;
	}

	/* Yes, this is necessary */
964
	t = UTF8normalize( ((struct berval *)assertedValue),
965
966
967
968
969
970
971
972
973
974
975
976
			   UTF8_NOCASEFOLD );
	if( t == NULL ) {
		free( s );
		*matchp = -1;
		return LDAP_SUCCESS;
	}

	vapprox = phonetic( strip8bitChars( s ) );
	avapprox = phonetic( strip8bitChars( t ) );

	free( s );
	free( t );
977
978
979
980
981
982
983
984
985

	*matchp = strcmp( vapprox, avapprox );

	ch_free( vapprox );
	ch_free( avapprox );

	return LDAP_SUCCESS;
}

986
static int 
987
988
989
990
991
992
approxIndexer(
	slap_mask_t use,
	slap_mask_t flags,
	Syntax *syntax,
	MatchingRule *mr,
	struct berval *prefix,
993
994
	BerVarray values,
	BerVarray *keysp )
995
996
{
	int i;
997
	BerVarray *keys;
998
	char *s;
999

1000
	for( i=0; values[i].bv_val != NULL; i++ ) {
Kurt Zeilenga's avatar
Kurt Zeilenga committed
1001
		/* empty - just count them */
1002
	}
Kurt Zeilenga's avatar
Kurt Zeilenga committed
1003
1004

	/* we should have at least one value at this point */
1005
1006
	assert( i > 0 );

1007
	keys = (struct berval *)ch_malloc( sizeof( struct berval ) * (i+1) );
1008
1009

	/* Copy each value and run it through phonetic() */
1010
	for( i=0; values[i].bv_val != NULL; i++ ) {
1011
		/* Yes, this is necessary */
1012
		s = UTF8normalize( &values[i], UTF8_NOCASEFOLD );
1013
1014

		/* strip 8-bit chars and run through phonetic() */
1015
		ber_str2bv( phonetic( strip8bitChars( s ) ), 0, 0, &keys[i] );
1016
		free( s );
1017
	}
1018
	keys[i].bv_val = NULL;
1019
1020
1021
1022
1023
1024

	*keysp = keys;
	return LDAP_SUCCESS;
}


1025
static int 
1026
1027
1028
1029
1030
1031
approxFilter(
	slap_mask_t use,
	slap_mask_t flags,
	Syntax *syntax,
	MatchingRule *mr,
	struct berval *prefix,
1032
	void * assertedValue,
1033
	BerVarray *keysp )
1034
{
1035
	BerVarray keys;
1036
	char *s;
1037

1038
	keys = (struct berval *)ch_malloc( sizeof( struct berval * ) * 2 );
1039

1040
	/* Yes, this is necessary */
1041
	s = UTF8normalize( ((struct berval *)assertedValue),
1042
1043
1044
1045
1046
1047
1048
1049
1050
			     UTF8_NOCASEFOLD );
	if( s == NULL ) {
		keys[0] = NULL;
	} else {
		/* strip 8-bit chars and run through phonetic() */
		keys[0] = ber_bvstr( phonetic( strip8bitChars( s ) ) );
		free( s );
		keys[1] = NULL;
	}
1051
1052
1053
1054
1055
1056
1057

	*keysp = keys;
	return LDAP_SUCCESS;
}
#endif


1058
static int
1059
caseExactMatch(
1060
	int *matchp,
1061
	slap_mask_t flags,
1062
1063
1064
	Syntax *syntax,
	MatchingRule *mr,
	struct berval *value,
1065
	void *assertedValue )
1066
{
1067
1068
1069
	*matchp = UTF8bvnormcmp( value,
		(struct berval *) assertedValue,
		LDAP_UTF8_NOCASEFOLD );
1070
	return LDAP_SUCCESS;
1071
1072
}

1073
static int
1074
caseExactIgnoreSubstringsMatch(
1075
	int *matchp,
1076
	slap_mask_t flags,
1077
1078
1079
1080
1081
1082
	Syntax *syntax,
	MatchingRule *mr,
	struct berval *value,
	void *assertedValue )
{
	int match = 0;
Pierangelo Masarati's avatar
Pierangelo Masarati committed
1083
	SubstringsAssertion *sub = NULL;
1084
	struct berval left = { 0, NULL };
1085
1086
	int i;
	ber_len_t inlen=0;
1087
	char *nav = NULL;
Kurt Zeilenga's avatar
Kurt Zeilenga committed
1088
	unsigned casefold;