schema_init.c 116 KB
Newer Older
1
2
3
/* schema_init.c - init builtin schema */
/* $OpenLDAP$ */
/*
Kurt Zeilenga's avatar
Kurt Zeilenga committed
4
 * Copyright 1998-2003 The OpenLDAP Foundation, All Rights Reserved.
5
6
7
8
9
10
 * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
 */

#include "portable.h"

#include <stdio.h>
Kurt Zeilenga's avatar
Kurt Zeilenga committed
11
#include <limits.h>
12
13

#include <ac/ctype.h>
14
#include <ac/errno.h>
15
16
17
18
19
#include <ac/string.h>
#include <ac/socket.h>

#include "slap.h"
#include "ldap_pvt.h"
Pierangelo Masarati's avatar
Pierangelo Masarati committed
20
#include "lber_pvt.h"
21

22
23
#include "ldap_utf8.h"

24
25
26
27
28
29
#include "lutil_hash.h"
#define HASH_BYTES				LUTIL_HASH_BYTES
#define HASH_CONTEXT			lutil_HASH_CTX
#define HASH_Init(c)			lutil_HASHInit(c)
#define HASH_Update(c,buf,len)	lutil_HASHUpdate(c,buf,len)
#define HASH_Final(d,c)			lutil_HASHFinal(d,c)
30

Kurt Zeilenga's avatar
Kurt Zeilenga committed
31
#ifdef SLAP_NVALUES
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
/* TO BE DELETED */
#define SLAP_MR_DN_FOLD (0)

#define xUTF8StringNormalize NULL
#define xIA5StringNormalize NULL
#define xtelephoneNumberNormalize NULL
#define xgeneralizedTimeNormalize NULL
#define xintegerNormalize NULL
#define xnumericStringNormalize NULL
#define xnameUIDNormalize NULL

#define distinguishedNameMatch  	dnMatch
#define distinguishedNameIndexer	octetStringIndexer
#define distinguishedNameFilter		octetStringFilter

#define uniqueMemberMatch				dnMatch

#define objectIdentifierMatch	octetStringMatch
#define objectIdentifierIndexer	octetStringIndexer
#define objectIdentifierFilter	octetStringFilter

#define bitStringMatch			octetStringMatch
#define bitStringIndexer		octetStringIndexer
#define bitStringFilter			octetStringFilter

#define integerMatch NULL
#define integerOrderingMatch NULL
#define integerIndexer NULL
#define integerFilter NULL

#define generalizedTimeMatch	NULL
#define generalizedTimeOrderingMatch	NULL

#define caseIgnoreMatch		octetStringMatch
#define caseIgnoreOrderingMatch		octetStringOrderingMatch
#define caseIgnoreIndexer	octetStringIndexer
#define caseIgnoreFilter	octetStringFilter

#define caseIgnoreSubstringsMatch		NULL
#define caseIgnoreSubstringsIndexer		NULL
#define caseIgnoreSubstringsFilter		NULL

#define caseExactMatch		octetStringMatch
#define caseExactOrderingMatch		octetStringOrderingMatch
#define caseExactIndexer	octetStringIndexer
#define caseExactFilter		octetStringFilter

#define caseExactSubstringsMatch		NULL
#define caseExactSubstringsIndexer		NULL
#define caseExactSubstringsFilter		NULL

#define caseExactIA5Match		octetStringMatch
#define caseExactIA5Indexer		octetStringIndexer
#define caseExactIA5Filter		octetStringFilter

#define caseExactIA5SubstringsMatch			NULL
#define caseExactIA5SubstringsIndexer		NULL
#define caseExactIA5SubstringsFilter		NULL

#define caseIgnoreIA5Match		octetStringMatch
#define caseIgnoreIA5Indexer	octetStringIndexer
#define caseIgnoreIA5Filter		octetStringFilter

#define caseIgnoreIA5SubstringsMatch		caseExactIA5SubstringsMatch
#define caseIgnoreIA5SubstringsIndexer		caseExactIA5SubstringsIndexer
#define caseIgnoreIA5SubstringsFilter		caseExactIA5SubstringsFilter

#define numericStringMatch		octetStringMatch
#define numericStringIndexer	octetStringIndexer
#define numericStringFilter		octetStringFilter

#define numericStringSubstringsMatch		caseExactIA5SubstringsMatch
#define numericStringSubstringsIndexer		caseExactIA5SubstringsIndexer
#define numericStringSubstringsFilter		caseExactIA5SubstringsFilter

#define telephoneNumberMatch		octetStringMatch
#define telephoneNumberIndexer		octetStringIndexer
#define telephoneNumberFilter		octetStringFilter

#define telephoneNumberSubstringsMatch		caseExactIA5SubstringsMatch
#define telephoneNumberSubstringsIndexer	caseExactIA5SubstringsIndexer
#define telephoneNumberSubstringsFilter		caseExactIA5SubstringsFilter

Kurt Zeilenga's avatar
Kurt Zeilenga committed
115
116
#endif

117
/* validatation routines */
118
#define berValidate						blobValidate
119

120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
/* (new) normalization routines */
#define caseExactNormalize							NULL
#define caseExactIA5Normalize						NULL
#define caseIgnoreNormalize							NULL
#define caseIgnoreIA5Normalize						NULL
#define distinguishedNameNormalize					NULL
#define integerNormalize							NULL
#define integerFirstComponentNormalize				NULL
#define numericStringNormalize						NULL
#define objectIdentifierNormalize					NULL
#define objectIdentifierFirstComponentNormalize		NULL
#define generalizedTimeNormalize					NULL
#define uniqueMemberNormalize						NULL
#define bitStringNormalize							NULL
#define telephoneNumberNormalize					NULL
135

136
/* approx matching rules */
137
138
139
140
#ifdef SLAP_NVALUES
#define directoryStringApproxMatchOID	NULL
#define IA5StringApproxMatchOID			NULL
#else
141
#define directoryStringApproxMatchOID	"1.3.6.1.4.1.4203.666.4.4"
Gary Williams's avatar
Gary Williams committed
142
143
144
#define directoryStringApproxMatch	approxMatch
#define directoryStringApproxIndexer	approxIndexer
#define directoryStringApproxFilter	approxFilter
145
#define IA5StringApproxMatchOID			"1.3.6.1.4.1.4203.666.4.5"
Gary Williams's avatar
Gary Williams committed
146
#define IA5StringApproxMatch			approxMatch
147
#define IA5StringApproxIndexer			approxIndexer
Gary Williams's avatar
Gary Williams committed
148
#define IA5StringApproxFilter			approxFilter
149
#endif
150

151
152
#ifndef SLAP_NVALUES

153
154
155
156
/* matching routines */
#define bitStringMatch					octetStringMatch
#define bitStringIndexer				octetStringIndexer
#define bitStringFilter					octetStringFilter
157

158
159
160
161
162
#define numericStringMatch				caseIgnoreIA5Match
#define numericStringIndexer			NULL
#define numericStringFilter				NULL
#define numericStringSubstringsIndexer	NULL
#define numericStringSubstringsFilter	NULL
163

164
165
166
167
168
169
170
171
172
#define objectIdentifierMatch			octetStringMatch
#define objectIdentifierIndexer			caseIgnoreIA5Indexer
#define objectIdentifierFilter			caseIgnoreIA5Filter

#define generalizedTimeMatch			caseIgnoreIA5Match
#define generalizedTimeOrderingMatch	caseIgnoreIA5Match

#define uniqueMemberMatch				dnMatch
#define numericStringSubstringsMatch    NULL
173

174
175
176
177
178
179
180
181
182
183
184
185
#define caseExactIndexer				caseExactIgnoreIndexer
#define caseExactFilter					caseExactIgnoreFilter
#define caseExactOrderingMatch			caseExactMatch
#define caseExactSubstringsMatch		caseExactIgnoreSubstringsMatch
#define caseExactSubstringsIndexer		caseExactIgnoreSubstringsIndexer
#define caseExactSubstringsFilter		caseExactIgnoreSubstringsFilter
#define caseIgnoreIndexer				caseExactIgnoreIndexer
#define caseIgnoreFilter				caseExactIgnoreFilter
#define caseIgnoreOrderingMatch			caseIgnoreMatch
#define caseIgnoreSubstringsMatch		caseExactIgnoreSubstringsMatch
#define caseIgnoreSubstringsIndexer		caseExactIgnoreSubstringsIndexer
#define caseIgnoreSubstringsFilter		caseExactIgnoreSubstringsFilter
186

187
188
189
190
191
192
193
194
195
196
197
#define integerOrderingMatch			integerMatch
#define integerFirstComponentMatch		integerMatch

#define distinguishedNameMatch			dnMatch
#define distinguishedNameIndexer		caseExactIgnoreIndexer
#define distinguishedNameFilter			caseExactIgnoreFilter

#define telephoneNumberMatch			caseIgnoreIA5Match
#define telephoneNumberSubstringsMatch	caseIgnoreIA5SubstringsMatch
#define telephoneNumberIndexer				caseIgnoreIA5Indexer
#define telephoneNumberFilter				caseIgnoreIA5Filter
198
199
#define telephoneNumberSubstringsIndexer	caseIgnoreIA5SubstringsIndexer
#define telephoneNumberSubstringsFilter		caseIgnoreIA5SubstringsFilter
200
#endif
201

202

203
static char *bvcasechr( struct berval *bv, unsigned char c, ber_len_t *len )
204
{
205
	ber_len_t i;
206
207
	char lower = TOLOWER( c );
	char upper = TOUPPER( c );
208
209

	if( c == 0 ) return NULL;
210
211
212
213
214
215
	
	for( i=0; i < bv->bv_len; i++ ) {
		if( upper == bv->bv_val[i] || lower == bv->bv_val[i] ) {
			*len = i;
			return &bv->bv_val[i];
		}
216
	}
217
218

	return NULL;
219
}
220

221
222
223
static int
octetStringMatch(
	int *matchp,
224
	slap_mask_t flags,
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
	Syntax *syntax,
	MatchingRule *mr,
	struct berval *value,
	void *assertedValue )
{
	int match = value->bv_len - ((struct berval *) assertedValue)->bv_len;

	if( match == 0 ) {
		match = memcmp( value->bv_val,
			((struct berval *) assertedValue)->bv_val,
			value->bv_len );
	}

	*matchp = match;
	return LDAP_SUCCESS;
}

242
243
244
245
246
247
248
249
250
251
252
static int
octetStringOrderingMatch(
	int *matchp,
	slap_mask_t flags,
	Syntax *syntax,
	MatchingRule *mr,
	struct berval *value,
	void *assertedValue )
{
	ber_len_t v_len  = value->bv_len;
	ber_len_t av_len = ((struct berval *) assertedValue)->bv_len;
253

254
255
256
	int match = memcmp( value->bv_val,
		((struct berval *) assertedValue)->bv_val,
		(v_len < av_len ? v_len : av_len) );
257
258
259

	if( match == 0 ) match = v_len - av_len;

260
261
262
263
	*matchp = match;
	return LDAP_SUCCESS;
}

264
/* Index generation function */
265
int octetStringIndexer(
266
267
	slap_mask_t use,
	slap_mask_t flags,
268
269
270
	Syntax *syntax,
	MatchingRule *mr,
	struct berval *prefix,
271
272
	BerVarray values,
	BerVarray *keysp )
273
274
275
{
	int i;
	size_t slen, mlen;
276
	BerVarray keys;
277
	HASH_CONTEXT   HASHcontext;
Gary Williams's avatar
Gary Williams committed
278
	unsigned char	HASHdigest[HASH_BYTES];
279
	struct berval digest;
280
281
	digest.bv_val = HASHdigest;
	digest.bv_len = sizeof(HASHdigest);
282

283
	for( i=0; values[i].bv_val != NULL; i++ ) {
284
285
286
		/* just count them */
	}

Kurt Zeilenga's avatar
Kurt Zeilenga committed
287
288
289
	/* we should have at least one value at this point */
	assert( i > 0 );

290
	keys = ch_malloc( sizeof( struct berval ) * (i+1) );
291

292
293
	slen = syntax->ssyn_oidlen;
	mlen = mr->smr_oidlen;
294

295
	for( i=0; values[i].bv_val != NULL; i++ ) {
296
		HASH_Init( &HASHcontext );
297
		if( prefix != NULL && prefix->bv_len > 0 ) {
298
			HASH_Update( &HASHcontext,
299
300
				prefix->bv_val, prefix->bv_len );
		}
301
		HASH_Update( &HASHcontext,
302
			syntax->ssyn_oid, slen );
303
		HASH_Update( &HASHcontext,
304
			mr->smr_oid, mlen );
305
		HASH_Update( &HASHcontext,
306
			values[i].bv_val, values[i].bv_len );
307
		HASH_Final( HASHdigest, &HASHcontext );
308

309
		ber_dupbv( &keys[i], &digest );
310
311
	}

312
	keys[i].bv_val = NULL;
313
	keys[i].bv_len = 0;
314
315
316
317
318
319
320

	*keysp = keys;

	return LDAP_SUCCESS;
}

/* Index generation function */
321
int octetStringFilter(
322
323
	slap_mask_t use,
	slap_mask_t flags,
324
325
326
	Syntax *syntax,
	MatchingRule *mr,
	struct berval *prefix,
327
	void * assertedValue,
328
	BerVarray *keysp )
329
330
{
	size_t slen, mlen;
331
	BerVarray keys;
332
	HASH_CONTEXT   HASHcontext;
Gary Williams's avatar
Gary Williams committed
333
	unsigned char	HASHdigest[HASH_BYTES];
334
	struct berval *value = (struct berval *) assertedValue;
335
	struct berval digest;
336
337
	digest.bv_val = HASHdigest;
	digest.bv_len = sizeof(HASHdigest);
338

339
340
	slen = syntax->ssyn_oidlen;
	mlen = mr->smr_oidlen;
341

342
	keys = ch_malloc( sizeof( struct berval ) * 2 );
343

344
	HASH_Init( &HASHcontext );
345
	if( prefix != NULL && prefix->bv_len > 0 ) {
346
		HASH_Update( &HASHcontext,
347
348
			prefix->bv_val, prefix->bv_len );
	}
349
	HASH_Update( &HASHcontext,
350
		syntax->ssyn_oid, slen );
351
	HASH_Update( &HASHcontext,
352
		mr->smr_oid, mlen );
353
	HASH_Update( &HASHcontext,
354
		value->bv_val, value->bv_len );
355
	HASH_Final( HASHdigest, &HASHcontext );
356

357
358
	ber_dupbv( keys, &digest );
	keys[1].bv_val = NULL;
359
	keys[1].bv_len = 0;
360
361
362
363
364

	*keysp = keys;

	return LDAP_SUCCESS;
}
365

366
367
368
369
370
static int
inValidate(
	Syntax *syntax,
	struct berval *in )
{
Kurt Zeilenga's avatar
Kurt Zeilenga committed
371
372
	/* no value allowed */
	return LDAP_INVALID_SYNTAX;
373
374
}

375
static int
376
blobValidate(
377
378
379
380
	Syntax *syntax,
	struct berval *in )
{
	/* any value allowed */
381
	return LDAP_SUCCESS;
382
383
}

384
385
386
387
388
389
390
391
392
393
394
395
396
static int
bitStringValidate(
	Syntax *syntax,
	struct berval *in )
{
	ber_len_t i;

	/* very unforgiving validation, requires no normalization
	 * before simplistic matching
	 */
	if( in->bv_len < 3 ) {
		return LDAP_INVALID_SYNTAX;
	}
397

398
399
400
401
402
403
404
405
406
407
	/*
	 * rfc 2252 section 6.3 Bit String
	 * bitstring = "'" *binary-digit "'"
	 * binary-digit = "0" / "1"
	 * example: '0101111101'B
	 */
	
	if( in->bv_val[0] != '\'' ||
		in->bv_val[in->bv_len-2] != '\'' ||
		in->bv_val[in->bv_len-1] != 'B' )
408
409
410
411
	{
		return LDAP_INVALID_SYNTAX;
	}

412
	for( i=in->bv_len-3; i>0; i-- ) {
413
414
415
416
417
418
419
420
		if( in->bv_val[i] != '0' && in->bv_val[i] != '1' ) {
			return LDAP_INVALID_SYNTAX;
		}
	}

	return LDAP_SUCCESS;
}

421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
static int
nameUIDValidate(
	Syntax *syntax,
	struct berval *in )
{
	int rc;
	struct berval dn;

	if( in->bv_len == 0 ) return LDAP_SUCCESS;

	ber_dupbv( &dn, in );
	if( !dn.bv_val ) return LDAP_OTHER;

	if( dn.bv_val[dn.bv_len-1] == 'B'
		&& dn.bv_val[dn.bv_len-2] == '\'' )
	{
		/* assume presence of optional UID */
		ber_len_t i;

		for(i=dn.bv_len-3; i>1; i--) {
			if( dn.bv_val[i] != '0' &&	dn.bv_val[i] != '1' ) {
				break;
			}
		}
		if( dn.bv_val[i] != '\'' || dn.bv_val[i-1] != '#' ) {
			ber_memfree( dn.bv_val );
			return LDAP_INVALID_SYNTAX;
		}

		/* trim the UID to allow use of dnValidate */
		dn.bv_val[i-1] = '\0';
		dn.bv_len = i-1;
	}

	rc = dnValidate( NULL, &dn );

	ber_memfree( dn.bv_val );
	return rc;
}

461
462
#ifndef SLAP_NVALUES

463
static int
464
xnameUIDNormalize(
465
466
467
468
469
470
471
472
473
	Syntax *syntax,
	struct berval *val,
	struct berval *normalized )
{
	struct berval out;
	int rc;

	ber_dupbv( &out, val );
	if( out.bv_len != 0 ) {
474
		struct berval uid = { 0, NULL };
475
476
477
478
479

		if( out.bv_val[out.bv_len-1] == 'B'
			&& out.bv_val[out.bv_len-2] == '\'' )
		{
			/* assume presence of optional UID */
480
			uid.bv_val = strrchr( out.bv_val, '#' );
481

482
			if( uid.bv_val == NULL ) {
483
484
485
486
				free( out.bv_val );
				return LDAP_INVALID_SYNTAX;
			}

487
488
			uid.bv_len = out.bv_len - (uid.bv_val - out.bv_val);
			out.bv_len -= uid.bv_len--;
489
490

			/* temporarily trim the UID */
491
			*(uid.bv_val++) = '\0';
492
493
494
495
496
497
498
499
500
		}

		rc = dnNormalize2( NULL, &out, normalized );

		if( rc != LDAP_SUCCESS ) {
			free( out.bv_val );
			return LDAP_INVALID_SYNTAX;
		}

501
		if( uid.bv_len ) {
502
			normalized->bv_val = ch_realloc( normalized->bv_val,
503
				normalized->bv_len + uid.bv_len + sizeof("#") );
504
505
506
507
508
509

			/* insert the separator */
			normalized->bv_val[normalized->bv_len++] = '#';

			/* append the UID */
			AC_MEMCPY( &normalized->bv_val[normalized->bv_len],
510
511
				uid.bv_val, uid.bv_len );
			normalized->bv_len += uid.bv_len;
512
513
514
515
516
517
518
519
520
521
522

			/* terminate */
			normalized->bv_val[normalized->bv_len] = '\0';
		}

		free( out.bv_val );
	}

	return LDAP_SUCCESS;
}

523
#endif
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
/*
 * Handling boolean syntax and matching is quite rigid.
 * A more flexible approach would be to allow a variety
 * of strings to be normalized and prettied into TRUE
 * and FALSE.
 */
static int
booleanValidate(
	Syntax *syntax,
	struct berval *in )
{
	/* very unforgiving validation, requires no normalization
	 * before simplistic matching
	 */

	if( in->bv_len == 4 ) {
		if( !memcmp( in->bv_val, "TRUE", 4 ) ) {
			return LDAP_SUCCESS;
		}
	} else if( in->bv_len == 5 ) {
		if( !memcmp( in->bv_val, "FALSE", 5 ) ) {
			return LDAP_SUCCESS;
		}
	}

	return LDAP_INVALID_SYNTAX;
}

static int
booleanMatch(
	int *matchp,
555
	slap_mask_t flags,
556
557
558
559
560
561
562
563
564
565
566
	Syntax *syntax,
	MatchingRule *mr,
	struct berval *value,
	void *assertedValue )
{
	/* simplistic matching allowed by rigid validation */
	struct berval *asserted = (struct berval *) assertedValue;
	*matchp = value->bv_len != asserted->bv_len;
	return LDAP_SUCCESS;
}

567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
/*-------------------------------------------------------------------
LDAP/X.500 string syntax / matching rules have a few oddities.  This
comment attempts to detail how slapd(8) treats them.

Summary:
  StringSyntax		X.500	LDAP	Matching
  DirectoryString	CHOICE	UTF8	i/e + ignore insignificant spaces
  PrintableString	subset	subset	i/e + ignore insignificant spaces
  NumericString		subset	subset  ignore all spaces
  IA5String			ASCII	ASCII	i/e + ignore insignificant spaces
  TeletexString		T.61	T.61	i/e + ignore insignificant spaces

  TelephoneNumber subset  subset  i + ignore all spaces and "-"

  See draft-ietf-ldapbis-strpro for details (once published).


Directory String -
  In X.500(93), a directory string can be either a PrintableString,
  a bmpString, or a UniversalString (e.g., UCS (a subset of Unicode)).
  In later versions, more CHOICEs were added.  In all cases the string
  must be non-empty.

590
  In LDAPv3, a directory string is a UTF-8 encoded UCS string.
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636

  For matching, there are both case ignore and exact rules.  Both
  also require that "insignificant" spaces be ignored.
	spaces before the first non-space are ignored;
	spaces after the last non-space are ignored;
	spaces after a space are ignored.
  Note: by these rules (and as clarified in X.520), a string of only
  spaces is to be treated as if held one space, not empty (which
  would be a syntax error).

NumericString
  In ASN.1, numeric string is just a string of digits and spaces
  and could be empty.  However, in X.500, all attribute values of
  numeric string carry a non-empty constraint.  For example:

	internationalISDNNumber ATTRIBUTE ::= {
		WITH SYNTAX InternationalISDNNumber
		EQUALITY MATCHING RULE numericStringMatch
		SUBSTRINGS MATCHING RULE numericStringSubstringsMatch
		ID id-at-internationalISDNNumber }
	InternationalISDNNumber ::=
	    NumericString (SIZE(1..ub-international-isdn-number))

  Unforunately, some assertion values are don't carry the same
  constraint (but its unclear how such an assertion could ever
  be true). In LDAP, there is one syntax (numericString) not two
  (numericString with constraint, numericString without constraint).
  This should be treated as numericString with non-empty constraint.
  Note that while someone may have no ISDN number, there are no ISDN
  numbers which are zero length.

  In matching, spaces are ignored.

PrintableString
  In ASN.1, Printable string is just a string of printable characters
  and can be empty.  In X.500, semantics much like NumericString (see
  serialNumber for a like example) excepting uses insignificant space
  handling instead of ignore all spaces.  

IA5String
  Basically same as PrintableString.  There are no examples in X.500,
  but same logic applies.  So we require them to be non-empty as
  well.

-------------------------------------------------------------------*/

637
638
639
640
641
642
643
644
645
static int
UTF8StringValidate(
	Syntax *syntax,
	struct berval *in )
{
	ber_len_t count;
	int len;
	unsigned char *u = in->bv_val;

646
647
	if( !in->bv_len ) return LDAP_INVALID_SYNTAX;

648
	for( count = in->bv_len; count > 0; count-=len, u+=len ) {
649
		/* get the length indicated by the first byte */
650
		len = LDAP_UTF8_CHARLEN2( u, len );
651

Kurt Zeilenga's avatar
Kurt Zeilenga committed
652
653
654
		/* very basic checks */
		switch( len ) {
			case 6:
655
				if( (u[5] & 0xC0) != 0x80 ) {
Kurt Zeilenga's avatar
Kurt Zeilenga committed
656
657
658
					return LDAP_INVALID_SYNTAX;
				}
			case 5:
659
				if( (u[4] & 0xC0) != 0x80 ) {
Kurt Zeilenga's avatar
Kurt Zeilenga committed
660
661
662
					return LDAP_INVALID_SYNTAX;
				}
			case 4:
663
				if( (u[3] & 0xC0) != 0x80 ) {
Kurt Zeilenga's avatar
Kurt Zeilenga committed
664
665
666
					return LDAP_INVALID_SYNTAX;
				}
			case 3:
667
				if( (u[2] & 0xC0 )!= 0x80 ) {
Kurt Zeilenga's avatar
Kurt Zeilenga committed
668
669
670
					return LDAP_INVALID_SYNTAX;
				}
			case 2:
671
				if( (u[1] & 0xC0) != 0x80 ) {
Kurt Zeilenga's avatar
Kurt Zeilenga committed
672
673
674
					return LDAP_INVALID_SYNTAX;
				}
			case 1:
675
				/* CHARLEN already validated it */
Kurt Zeilenga's avatar
Kurt Zeilenga committed
676
677
678
679
				break;
			default:
				return LDAP_INVALID_SYNTAX;
		}
680
681
682

		/* make sure len corresponds with the offset
			to the next character */
683
		if( LDAP_UTF8_OFFSET( u ) != len ) return LDAP_INVALID_SYNTAX;
684
685
	}

686
	if( count != 0 ) return LDAP_INVALID_SYNTAX;
687

688
	return LDAP_SUCCESS;
689
690
}

691
692
#ifndef SLAP_NVALUES

693
static int
694
xUTF8StringNormalize(
695
696
	Syntax *syntax,
	struct berval *val,
697
	struct berval *normalized )
698
{
699
	char *p, *q, *s, *e;
700
	int len = 0;
701

Kurt Zeilenga's avatar
Kurt Zeilenga committed
702
703
704
	/* validator should have refused an empty string */
	assert( val->bv_len );

705
	p = val->bv_val;
706

707
	/* Ignore initial whitespace */
708
	/* All space is ASCII. All ASCII is 1 byte */
709
	for ( ; p < val->bv_val + val->bv_len && ASCII_SPACE( p[ 0 ] ); p++ );
710

711
	normalized->bv_len = val->bv_len - (p - val->bv_val);
Kurt Zeilenga's avatar
Kurt Zeilenga committed
712
713
714
715
716
717

	if( !normalized->bv_len ) {
		ber_mem2bv( " ", 1, 1, normalized );
		return LDAP_SUCCESS;
	}

718
719
	ber_mem2bv( p, normalized->bv_len, 1, normalized );
	e = normalized->bv_val + normalized->bv_len;
720
721
722
723

	assert( normalized->bv_val );

	p = q = normalized->bv_val;
724
	s = NULL;
725

726
	while ( p < e ) {
727
728
729
730
731
		q += len;
		if ( ASCII_SPACE( *p ) ) {
			s = q - len;
			len = 1;
			*q = *p++;
732

733
			/* Ignore the extra whitespace */
734
735
			while ( ASCII_SPACE( *p ) ) {
				p++;
736
			}
Kurt Zeilenga's avatar
Kurt Zeilenga committed
737
		} else {
738
739
740
			len = LDAP_UTF8_COPY(q,p);
			s=NULL;
			p+=len;
Kurt Zeilenga's avatar
Kurt Zeilenga committed
741
		}
742
743
	}

744
	assert( normalized->bv_val <= p );
745
	assert( q+len <= p );
746

747
	/* cannot start with a space */
748
	assert( !ASCII_SPACE( normalized->bv_val[0] ) );
749
750
751
752
753
754
755
756

	/*
	 * If the string ended in space, backup the pointer one
	 * position.  One is enough because the above loop collapsed
	 * all whitespace to a single space.
	 */

	if ( s != NULL ) {
Howard Chu's avatar
Howard Chu committed
757
		len = q - s;
758
		q = s;
Kurt Zeilenga's avatar
Kurt Zeilenga committed
759
	}
760

761
	/* cannot end with a space */
762
763
764
	assert( !ASCII_SPACE( *q ) );

	q += len;
765
766
767
768

	/* null terminate */
	*q = '\0';

769
	normalized->bv_len = q - normalized->bv_val;
770

771
	return LDAP_SUCCESS;
772
773
}

774
/* Returns Unicode canonically normalized copy of a substring assertion
775
 * Skipping attribute description */
776
static SubstringsAssertion *
777
UTF8SubstringsAssertionNormalize(
778
	SubstringsAssertion *sa,
Kurt Zeilenga's avatar
Kurt Zeilenga committed
779
	unsigned casefold )
780
781
782
783
{
	SubstringsAssertion *nsa;
	int i;

Julius Enarusai's avatar
   
Julius Enarusai committed
784
	nsa = (SubstringsAssertion *)SLAP_CALLOC( 1, sizeof(SubstringsAssertion) );
785
786
787
788
	if( nsa == NULL ) {
		return NULL;
	}

789
	if( sa->sa_initial.bv_val != NULL ) {
790
		UTF8bvnormalize( &sa->sa_initial, &nsa->sa_initial, casefold );
791
		if( nsa->sa_initial.bv_val == NULL ) {
792
793
794
795
796
			goto err;
		}
	}

	if( sa->sa_any != NULL ) {
797
		for( i=0; sa->sa_any[i].bv_val != NULL; i++ ) {
798
799
			/* empty */
		}
800
		nsa->sa_any = (struct berval *)
Julius Enarusai's avatar
   
Julius Enarusai committed
801
802
803
804
			SLAP_MALLOC( (i + 1) * sizeof(struct berval) );
		if( nsa->sa_any == NULL ) {
				goto err;
		}
805

806
		for( i=0; sa->sa_any[i].bv_val != NULL; i++ ) {
807
			UTF8bvnormalize( &sa->sa_any[i], &nsa->sa_any[i], 
808
				casefold );
809
			if( nsa->sa_any[i].bv_val == NULL ) {
810
811
812
				goto err;
			}
		}
813
		nsa->sa_any[i].bv_val = NULL;
814
815
	}

816
	if( sa->sa_final.bv_val != NULL ) {
817
		UTF8bvnormalize( &sa->sa_final, &nsa->sa_final, casefold );
818
		if( nsa->sa_final.bv_val == NULL ) {
819
820
821
822
823
824
825
			goto err;
		}
	}

	return nsa;

err:
Howard Chu's avatar
Howard Chu committed
826
	if ( nsa->sa_final.bv_val ) free( nsa->sa_final.bv_val );
827
	if ( nsa->sa_any ) ber_bvarray_free( nsa->sa_any );
Howard Chu's avatar
Howard Chu committed
828
	if ( nsa->sa_initial.bv_val ) free( nsa->sa_initial.bv_val );
829
830
831
832
	ch_free( nsa );
	return NULL;
}

833
#ifndef SLAPD_APPROX_OLDSINGLESTRING
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851

#if defined(SLAPD_APPROX_INITIALS)
#define SLAPD_APPROX_DELIMITER "._ "
#define SLAPD_APPROX_WORDLEN 2
#else
#define SLAPD_APPROX_DELIMITER " "
#define SLAPD_APPROX_WORDLEN 1
#endif

static int
approxMatch(
	int *matchp,
	slap_mask_t flags,
	Syntax *syntax,
	MatchingRule *mr,
	struct berval *value,
	void *assertedValue )
{
852
853
	struct berval *nval, *assertv;
	char *val, **values, **words, *c;
854
855
	int i, count, len, nextchunk=0, nextavail=0;

856
	/* Yes, this is necessary */
857
	nval = UTF8bvnormalize( value, NULL, LDAP_UTF8_APPROX );
858
	if( nval == NULL ) {
859
860
861
862
863
		*matchp = 1;
		return LDAP_SUCCESS;
	}

	/* Yes, this is necessary */
Kurt Zeilenga's avatar
Kurt Zeilenga committed
864
865
	assertv = UTF8bvnormalize( ((struct berval *)assertedValue),
		NULL, LDAP_UTF8_APPROX );
866
	if( assertv == NULL ) {
867
		ber_bvfree( nval );
868
869
870
		*matchp = 1;
		return LDAP_SUCCESS;
	}
871
872

	/* Isolate how many words there are */
873
	for ( c = nval->bv_val, count = 1; *c; c++ ) {
874
875
876
877
878
879
880
881
882
		c = strpbrk( c, SLAPD_APPROX_DELIMITER );
		if ( c == NULL ) break;
		*c = '\0';
		count++;
	}

	/* Get a phonetic copy of each word */
	words = (char **)ch_malloc( count * sizeof(char *) );
	values = (char **)ch_malloc( count * sizeof(char *) );
883
	for ( c = nval->bv_val, i = 0;  i < count; i++, c += strlen(c) + 1 ) {
884
885
886
887
		words[i] = c;
		values[i] = phonetic(c);
	}

888
	/* Work through the asserted value's words, to see if at least some
889
890
	   of the words are there, in the same order. */
	len = 0;
891
892
	while ( (ber_len_t) nextchunk < assertv->bv_len ) {
		len = strcspn( assertv->bv_val + nextchunk, SLAPD_APPROX_DELIMITER);
893
894
895
896
		if( len == 0 ) {
			nextchunk++;
			continue;
		}
897
#if defined(SLAPD_APPROX_INITIALS)
898
		else if( len == 1 ) {
899
900
			/* Single letter words need to at least match one word's initial */
			for( i=nextavail; i<count; i++ )
901
				if( !strncasecmp( assertv->bv_val + nextchunk, words[i], 1 )) {
902
					nextavail=i+1;
903
					break;
904
				}
905
906
		}
#endif
907
		else {
908
			/* Isolate the next word in the asserted value and phonetic it */
909
910
			assertv->bv_val[nextchunk+len] = '\0';
			val = phonetic( assertv->bv_val + nextchunk );
911
912
913
914
915
916
917
918

			/* See if this phonetic chunk is in the remaining words of *value */
			for( i=nextavail; i<count; i++ ){
				if( !strcmp( val, values[i] ) ){
					nextavail = i+1;
					break;
				}
			}
919
			ch_free( val );
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
		}

		/* This chunk in the asserted value was NOT within the *value. */
		if( i >= count ) {
			nextavail=-1;
			break;
		}

		/* Go on to the next word in the asserted value */
		nextchunk += len+1;
	}

	/* If some of the words were seen, call it a match */
	if( nextavail > 0 ) {
		*matchp = 0;
	}
	else {
		*matchp = 1;
	}

	/* Cleanup allocs */
941
	ber_bvfree( assertv );
942
943
944
945
946
	for( i=0; i<count; i++ ) {
		ch_free( values[i] );
	}
	ch_free( values );
	ch_free( words );
947
	ber_bvfree( nval );
948
949
950
951

	return LDAP_SUCCESS;
}

952
static int 
953
954
955
956
957
958
approxIndexer(
	slap_mask_t use,
	slap_mask_t flags,
	Syntax *syntax,
	MatchingRule *mr,
	struct berval *prefix,
959
960
	BerVarray values,
	BerVarray *keysp )
961
{
962
	char *c;
963
	int i,j, len, wordcount, keycount=0;
964
	struct berval *newkeys;
965
	BerVarray keys=NULL;
966

967
	for( j=0; values[j].bv_val != NULL; j++ ) {
968
		struct berval val = { 0, NULL };
969
		/* Yes, this is necessary */
970
971
		UTF8bvnormalize( &values[j], &val, LDAP_UTF8_APPROX );
		assert( val.bv_val != NULL );
972

973
		/* Isolate how many words there are. There will be a key for each */
974
		for( wordcount = 0, c = val.bv_val; *c; c++) {
975
976
977
978
979
980
981
982
			len = strcspn(c, SLAPD_APPROX_DELIMITER);
			if( len >= SLAPD_APPROX_WORDLEN ) wordcount++;
			c+= len;
			if (*c == '\0') break;
			*c = '\0';
		}

		/* Allocate/increase storage to account for new keys */
983
984
		newkeys = (struct berval *)ch_malloc( (keycount + wordcount + 1) 
			* sizeof(struct berval) );
Kurt Zeilenga's avatar
Kurt Zeilenga committed
985
		AC_MEMCPY( newkeys, keys, keycount * sizeof(struct berval) );
986
987
988
989
		if( keys ) ch_free( keys );
		keys = newkeys;

		/* Get a phonetic copy of each word */
990
		for( c = val.bv_val, i = 0; i < wordcount; c += len + 1 ) {
991
992
			len = strlen( c );
			if( len < SLAPD_APPROX_WORDLEN ) continue;
993
			ber_str2bv( phonetic( c ), 0, 0, &keys[keycount] );
994
995
996
997
			keycount++;
			i++;
		}

998
		ber_memfree( val.bv_val );
999
	}
1000
	keys[keycount].bv_val = NULL;