schema_init.c 120 KB
Newer Older
1
2
3
/* schema_init.c - init builtin schema */
/* $OpenLDAP$ */
/*
Kurt Zeilenga's avatar
Kurt Zeilenga committed
4
 * Copyright 1998-2003 The OpenLDAP Foundation, All Rights Reserved.
5
6
7
8
9
10
 * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
 */

#include "portable.h"

#include <stdio.h>
Kurt Zeilenga's avatar
Kurt Zeilenga committed
11
#include <limits.h>
12
13

#include <ac/ctype.h>
14
#include <ac/errno.h>
15
16
17
18
19
#include <ac/string.h>
#include <ac/socket.h>

#include "slap.h"
#include "ldap_pvt.h"
Pierangelo Masarati's avatar
Pierangelo Masarati committed
20
#include "lber_pvt.h"
21

22
23
#include "ldap_utf8.h"

24
25
26
27
28
29
#include "lutil_hash.h"
#define HASH_BYTES				LUTIL_HASH_BYTES
#define HASH_CONTEXT			lutil_HASH_CTX
#define HASH_Init(c)			lutil_HASHInit(c)
#define HASH_Update(c,buf,len)	lutil_HASHUpdate(c,buf,len)
#define HASH_Final(d,c)			lutil_HASHFinal(d,c)
30

Kurt Zeilenga's avatar
Kurt Zeilenga committed
31
#ifdef SLAP_NVALUES
32
33
34
/* TO BE DELETED */
#define SLAP_MR_DN_FOLD (0)

35
36
37
#define SLAP_MR_ASSOCIATED(mr, with) \
	((mr) == (with) || (mr)->smr_associated == (with))

38
39
40
41
42
43
44
#define xUTF8StringNormalize NULL
#define xIA5StringNormalize NULL
#define xtelephoneNumberNormalize NULL
#define xgeneralizedTimeNormalize NULL
#define xintegerNormalize NULL
#define xnumericStringNormalize NULL
#define xnameUIDNormalize NULL
45
#define xdnNormalize NULL
46

47
48
49
50
51
52
53
54
55
56
57
58
59
60
/* (new) normalization routines */
#define caseExactIA5Normalize						IA5StringNormalize
#define caseIgnoreIA5Normalize						IA5StringNormalize
#define caseExactNormalize							UTF8StringNormalize
#define caseIgnoreNormalize							UTF8StringNormalize

#define integerNormalize							NULL
#define integerFirstComponentNormalize				NULL
#define objectIdentifierNormalize					NULL
#define objectIdentifierFirstComponentNormalize		NULL
#define generalizedTimeNormalize					NULL
#define bitStringNormalize							NULL
#define telephoneNumberNormalize					NULL

61
#define distinguishedNameNormalize	dnNormalize
62
63
64
65
#define distinguishedNameMatch  	dnMatch
#define distinguishedNameIndexer	octetStringIndexer
#define distinguishedNameFilter		octetStringFilter

66
#define uniqueMemberMatch			dnMatch
67
68
69
70
71

#define objectIdentifierMatch	octetStringMatch
#define objectIdentifierIndexer	octetStringIndexer
#define objectIdentifierFilter	octetStringFilter

72
73
#define OpenLDAPaciMatch						NULL

74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
#define bitStringMatch			octetStringMatch
#define bitStringIndexer		octetStringIndexer
#define bitStringFilter			octetStringFilter

#define integerMatch NULL
#define integerOrderingMatch NULL
#define integerIndexer NULL
#define integerFilter NULL

#define generalizedTimeMatch	NULL
#define generalizedTimeOrderingMatch	NULL

#define caseIgnoreMatch		octetStringMatch
#define caseIgnoreOrderingMatch		octetStringOrderingMatch
#define caseIgnoreIndexer	octetStringIndexer
#define caseIgnoreFilter	octetStringFilter

91
#define caseIgnoreSubstringsMatch		octetStringSubstringsMatch
92
93
#define caseIgnoreSubstringsIndexer		octetStringSubstringsIndexer
#define caseIgnoreSubstringsFilter		octetStringSubstringsFilter
94
95
96
97
98
99

#define caseExactMatch		octetStringMatch
#define caseExactOrderingMatch		octetStringOrderingMatch
#define caseExactIndexer	octetStringIndexer
#define caseExactFilter		octetStringFilter

100
#define caseExactSubstringsMatch		octetStringSubstringsMatch
101
102
#define caseExactSubstringsIndexer		octetStringSubstringsIndexer
#define caseExactSubstringsFilter		octetStringSubstringsFilter
103
104
105
106
107

#define caseExactIA5Match		octetStringMatch
#define caseExactIA5Indexer		octetStringIndexer
#define caseExactIA5Filter		octetStringFilter

108
#define caseExactIA5SubstringsMatch			octetStringSubstringsMatch
109
110
#define caseExactIA5SubstringsIndexer		octetStringSubstringsIndexer
#define caseExactIA5SubstringsFilter		octetStringSubstringsFilter
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135

#define caseIgnoreIA5Match		octetStringMatch
#define caseIgnoreIA5Indexer	octetStringIndexer
#define caseIgnoreIA5Filter		octetStringFilter

#define caseIgnoreIA5SubstringsMatch		caseExactIA5SubstringsMatch
#define caseIgnoreIA5SubstringsIndexer		caseExactIA5SubstringsIndexer
#define caseIgnoreIA5SubstringsFilter		caseExactIA5SubstringsFilter

#define numericStringMatch		octetStringMatch
#define numericStringIndexer	octetStringIndexer
#define numericStringFilter		octetStringFilter

#define numericStringSubstringsMatch		caseExactIA5SubstringsMatch
#define numericStringSubstringsIndexer		caseExactIA5SubstringsIndexer
#define numericStringSubstringsFilter		caseExactIA5SubstringsFilter

#define telephoneNumberMatch		octetStringMatch
#define telephoneNumberIndexer		octetStringIndexer
#define telephoneNumberFilter		octetStringFilter

#define telephoneNumberSubstringsMatch		caseExactIA5SubstringsMatch
#define telephoneNumberSubstringsIndexer	caseExactIA5SubstringsIndexer
#define telephoneNumberSubstringsFilter		caseExactIA5SubstringsFilter

Kurt Zeilenga's avatar
Kurt Zeilenga committed
136
137
#define booleanIndexer					octetStringIndexer
#define booleanFilter					octetStringFilter
Kurt Zeilenga's avatar
Kurt Zeilenga committed
138
139
#endif

140
/* validatation routines */
141
#define berValidate						blobValidate
142

143
/* approx matching rules */
144
145
146
147
#ifdef SLAP_NVALUES
#define directoryStringApproxMatchOID	NULL
#define IA5StringApproxMatchOID			NULL
#else
148
#define directoryStringApproxMatchOID	"1.3.6.1.4.1.4203.666.4.4"
Gary Williams's avatar
Gary Williams committed
149
150
151
#define directoryStringApproxMatch	approxMatch
#define directoryStringApproxIndexer	approxIndexer
#define directoryStringApproxFilter	approxFilter
152
#define IA5StringApproxMatchOID			"1.3.6.1.4.1.4203.666.4.5"
Gary Williams's avatar
Gary Williams committed
153
#define IA5StringApproxMatch			approxMatch
154
#define IA5StringApproxIndexer			approxIndexer
Gary Williams's avatar
Gary Williams committed
155
#define IA5StringApproxFilter			approxFilter
156
#endif
157

158
159
#ifndef SLAP_NVALUES

160
161
#define xdnNormalize dnNormalize

162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
/* (new) normalization routines */
#define caseExactNormalize							NULL
#define caseExactIA5Normalize						NULL
#define caseIgnoreNormalize							NULL
#define caseIgnoreIA5Normalize						NULL
#define distinguishedNameNormalize					NULL
#define integerNormalize							NULL
#define integerFirstComponentNormalize				NULL
#define numericStringNormalize						NULL
#define objectIdentifierNormalize					NULL
#define objectIdentifierFirstComponentNormalize		NULL
#define generalizedTimeNormalize					NULL
#define uniqueMemberNormalize						NULL
#define bitStringNormalize							NULL
#define telephoneNumberNormalize					NULL


179
180
181
182
/* matching routines */
#define bitStringMatch					octetStringMatch
#define bitStringIndexer				octetStringIndexer
#define bitStringFilter					octetStringFilter
183

184
185
186
187
188
#define numericStringMatch				caseIgnoreIA5Match
#define numericStringIndexer			NULL
#define numericStringFilter				NULL
#define numericStringSubstringsIndexer	NULL
#define numericStringSubstringsFilter	NULL
189

190
191
192
193
#define objectIdentifierMatch			octetStringMatch
#define objectIdentifierIndexer			caseIgnoreIA5Indexer
#define objectIdentifierFilter			caseIgnoreIA5Filter

194
195
#define octetStringSubstringsMatch		NULL
#define OpenLDAPaciMatch				NULL
196

197
198
199
200
201
#define generalizedTimeMatch			caseIgnoreIA5Match
#define generalizedTimeOrderingMatch	caseIgnoreIA5Match

#define uniqueMemberMatch				dnMatch
#define numericStringSubstringsMatch    NULL
202

203
204
205
206
207
208
209
210
211
212
213
214
#define caseExactIndexer				caseExactIgnoreIndexer
#define caseExactFilter					caseExactIgnoreFilter
#define caseExactOrderingMatch			caseExactMatch
#define caseExactSubstringsMatch		caseExactIgnoreSubstringsMatch
#define caseExactSubstringsIndexer		caseExactIgnoreSubstringsIndexer
#define caseExactSubstringsFilter		caseExactIgnoreSubstringsFilter
#define caseIgnoreIndexer				caseExactIgnoreIndexer
#define caseIgnoreFilter				caseExactIgnoreFilter
#define caseIgnoreOrderingMatch			caseIgnoreMatch
#define caseIgnoreSubstringsMatch		caseExactIgnoreSubstringsMatch
#define caseIgnoreSubstringsIndexer		caseExactIgnoreSubstringsIndexer
#define caseIgnoreSubstringsFilter		caseExactIgnoreSubstringsFilter
215

216
217
218
219
220
221
222
223
224
225
226
#define integerOrderingMatch			integerMatch
#define integerFirstComponentMatch		integerMatch

#define distinguishedNameMatch			dnMatch
#define distinguishedNameIndexer		caseExactIgnoreIndexer
#define distinguishedNameFilter			caseExactIgnoreFilter

#define telephoneNumberMatch			caseIgnoreIA5Match
#define telephoneNumberSubstringsMatch	caseIgnoreIA5SubstringsMatch
#define telephoneNumberIndexer				caseIgnoreIA5Indexer
#define telephoneNumberFilter				caseIgnoreIA5Filter
227
228
#define telephoneNumberSubstringsIndexer	caseIgnoreIA5SubstringsIndexer
#define telephoneNumberSubstringsFilter		caseIgnoreIA5SubstringsFilter
Kurt Zeilenga's avatar
Kurt Zeilenga committed
229
230
231

#define booleanIndexer					octetStringIndexer
#define booleanFilter					octetStringFilter
232
#endif
233

234

235
static char *bvcasechr( struct berval *bv, unsigned char c, ber_len_t *len )
236
{
237
	ber_len_t i;
238
239
	char lower = TOLOWER( c );
	char upper = TOUPPER( c );
240
241

	if( c == 0 ) return NULL;
242
243
244
245
246
247
	
	for( i=0; i < bv->bv_len; i++ ) {
		if( upper == bv->bv_val[i] || lower == bv->bv_val[i] ) {
			*len = i;
			return &bv->bv_val[i];
		}
248
	}
249
250

	return NULL;
251
}
252

253
254
255
static int
octetStringMatch(
	int *matchp,
256
	slap_mask_t flags,
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
	Syntax *syntax,
	MatchingRule *mr,
	struct berval *value,
	void *assertedValue )
{
	int match = value->bv_len - ((struct berval *) assertedValue)->bv_len;

	if( match == 0 ) {
		match = memcmp( value->bv_val,
			((struct berval *) assertedValue)->bv_val,
			value->bv_len );
	}

	*matchp = match;
	return LDAP_SUCCESS;
}

274
275
276
277
278
279
280
281
282
283
284
static int
octetStringOrderingMatch(
	int *matchp,
	slap_mask_t flags,
	Syntax *syntax,
	MatchingRule *mr,
	struct berval *value,
	void *assertedValue )
{
	ber_len_t v_len  = value->bv_len;
	ber_len_t av_len = ((struct berval *) assertedValue)->bv_len;
285

286
287
288
	int match = memcmp( value->bv_val,
		((struct berval *) assertedValue)->bv_val,
		(v_len < av_len ? v_len : av_len) );
289
290
291

	if( match == 0 ) match = v_len - av_len;

292
293
294
295
	*matchp = match;
	return LDAP_SUCCESS;
}

296
/* Index generation function */
297
int octetStringIndexer(
298
299
	slap_mask_t use,
	slap_mask_t flags,
300
301
302
	Syntax *syntax,
	MatchingRule *mr,
	struct berval *prefix,
303
304
	BerVarray values,
	BerVarray *keysp )
305
306
307
{
	int i;
	size_t slen, mlen;
308
	BerVarray keys;
309
	HASH_CONTEXT   HASHcontext;
Gary Williams's avatar
Gary Williams committed
310
	unsigned char	HASHdigest[HASH_BYTES];
311
	struct berval digest;
312
313
	digest.bv_val = HASHdigest;
	digest.bv_len = sizeof(HASHdigest);
314

315
	for( i=0; values[i].bv_val != NULL; i++ ) {
316
317
318
		/* just count them */
	}

Kurt Zeilenga's avatar
Kurt Zeilenga committed
319
320
321
	/* we should have at least one value at this point */
	assert( i > 0 );

322
	keys = ch_malloc( sizeof( struct berval ) * (i+1) );
323

324
325
	slen = syntax->ssyn_oidlen;
	mlen = mr->smr_oidlen;
326

327
	for( i=0; values[i].bv_val != NULL; i++ ) {
328
		HASH_Init( &HASHcontext );
329
		if( prefix != NULL && prefix->bv_len > 0 ) {
330
			HASH_Update( &HASHcontext,
331
332
				prefix->bv_val, prefix->bv_len );
		}
333
		HASH_Update( &HASHcontext,
334
			syntax->ssyn_oid, slen );
335
		HASH_Update( &HASHcontext,
336
			mr->smr_oid, mlen );
337
		HASH_Update( &HASHcontext,
338
			values[i].bv_val, values[i].bv_len );
339
		HASH_Final( HASHdigest, &HASHcontext );
340

341
		ber_dupbv( &keys[i], &digest );
342
343
	}

344
	keys[i].bv_val = NULL;
345
	keys[i].bv_len = 0;
346
347
348
349
350
351
352

	*keysp = keys;

	return LDAP_SUCCESS;
}

/* Index generation function */
353
int octetStringFilter(
354
355
	slap_mask_t use,
	slap_mask_t flags,
356
357
358
	Syntax *syntax,
	MatchingRule *mr,
	struct berval *prefix,
359
	void * assertedValue,
360
	BerVarray *keysp )
361
362
{
	size_t slen, mlen;
363
	BerVarray keys;
364
	HASH_CONTEXT   HASHcontext;
Gary Williams's avatar
Gary Williams committed
365
	unsigned char	HASHdigest[HASH_BYTES];
366
	struct berval *value = (struct berval *) assertedValue;
367
	struct berval digest;
368
369
	digest.bv_val = HASHdigest;
	digest.bv_len = sizeof(HASHdigest);
370

371
372
	slen = syntax->ssyn_oidlen;
	mlen = mr->smr_oidlen;
373

374
	keys = ch_malloc( sizeof( struct berval ) * 2 );
375

376
	HASH_Init( &HASHcontext );
377
	if( prefix != NULL && prefix->bv_len > 0 ) {
378
		HASH_Update( &HASHcontext,
379
380
			prefix->bv_val, prefix->bv_len );
	}
381
	HASH_Update( &HASHcontext,
382
		syntax->ssyn_oid, slen );
383
	HASH_Update( &HASHcontext,
384
		mr->smr_oid, mlen );
385
	HASH_Update( &HASHcontext,
386
		value->bv_val, value->bv_len );
387
	HASH_Final( HASHdigest, &HASHcontext );
388

389
390
	ber_dupbv( keys, &digest );
	keys[1].bv_val = NULL;
391
	keys[1].bv_len = 0;
392
393
394
395
396

	*keysp = keys;

	return LDAP_SUCCESS;
}
397

398
399
400
401
402
static int
inValidate(
	Syntax *syntax,
	struct berval *in )
{
Kurt Zeilenga's avatar
Kurt Zeilenga committed
403
404
	/* no value allowed */
	return LDAP_INVALID_SYNTAX;
405
406
}

407
static int
408
blobValidate(
409
410
411
412
	Syntax *syntax,
	struct berval *in )
{
	/* any value allowed */
413
	return LDAP_SUCCESS;
414
415
}

416
417
418
419
420
421
422
423
424
425
426
427
428
static int
bitStringValidate(
	Syntax *syntax,
	struct berval *in )
{
	ber_len_t i;

	/* very unforgiving validation, requires no normalization
	 * before simplistic matching
	 */
	if( in->bv_len < 3 ) {
		return LDAP_INVALID_SYNTAX;
	}
429

430
431
432
433
434
435
436
437
438
439
	/*
	 * rfc 2252 section 6.3 Bit String
	 * bitstring = "'" *binary-digit "'"
	 * binary-digit = "0" / "1"
	 * example: '0101111101'B
	 */
	
	if( in->bv_val[0] != '\'' ||
		in->bv_val[in->bv_len-2] != '\'' ||
		in->bv_val[in->bv_len-1] != 'B' )
440
441
442
443
	{
		return LDAP_INVALID_SYNTAX;
	}

444
	for( i=in->bv_len-3; i>0; i-- ) {
445
446
447
448
449
450
451
452
		if( in->bv_val[i] != '0' && in->bv_val[i] != '1' ) {
			return LDAP_INVALID_SYNTAX;
		}
	}

	return LDAP_SUCCESS;
}

453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
static int
nameUIDValidate(
	Syntax *syntax,
	struct berval *in )
{
	int rc;
	struct berval dn;

	if( in->bv_len == 0 ) return LDAP_SUCCESS;

	ber_dupbv( &dn, in );
	if( !dn.bv_val ) return LDAP_OTHER;

	if( dn.bv_val[dn.bv_len-1] == 'B'
		&& dn.bv_val[dn.bv_len-2] == '\'' )
	{
		/* assume presence of optional UID */
		ber_len_t i;

		for(i=dn.bv_len-3; i>1; i--) {
			if( dn.bv_val[i] != '0' &&	dn.bv_val[i] != '1' ) {
				break;
			}
		}
		if( dn.bv_val[i] != '\'' || dn.bv_val[i-1] != '#' ) {
			ber_memfree( dn.bv_val );
			return LDAP_INVALID_SYNTAX;
		}

		/* trim the UID to allow use of dnValidate */
		dn.bv_val[i-1] = '\0';
		dn.bv_len = i-1;
	}

	rc = dnValidate( NULL, &dn );

	ber_memfree( dn.bv_val );
	return rc;
}

493
494
495
496
497
498
499
500
501
#ifdef SLAP_NVALUES
static int
uniqueMemberNormalize(
	slap_mask_t usage,
	Syntax *syntax,
	MatchingRule *mr,
	struct berval *val,
	struct berval *normalized )
#else
502
static int
503
xnameUIDNormalize(
504
505
506
	Syntax *syntax,
	struct berval *val,
	struct berval *normalized )
507
#endif
508
509
510
511
512
513
{
	struct berval out;
	int rc;

	ber_dupbv( &out, val );
	if( out.bv_len != 0 ) {
514
		struct berval uid = { 0, NULL };
515
516
517
518
519

		if( out.bv_val[out.bv_len-1] == 'B'
			&& out.bv_val[out.bv_len-2] == '\'' )
		{
			/* assume presence of optional UID */
520
			uid.bv_val = strrchr( out.bv_val, '#' );
521

522
			if( uid.bv_val == NULL ) {
523
524
525
526
				free( out.bv_val );
				return LDAP_INVALID_SYNTAX;
			}

527
528
			uid.bv_len = out.bv_len - (uid.bv_val - out.bv_val);
			out.bv_len -= uid.bv_len--;
529
530

			/* temporarily trim the UID */
531
			*(uid.bv_val++) = '\0';
532
533
534
535
536
537
538
539
540
		}

		rc = dnNormalize2( NULL, &out, normalized );

		if( rc != LDAP_SUCCESS ) {
			free( out.bv_val );
			return LDAP_INVALID_SYNTAX;
		}

541
		if( uid.bv_len ) {
542
			normalized->bv_val = ch_realloc( normalized->bv_val,
543
				normalized->bv_len + uid.bv_len + sizeof("#") );
544
545
546
547
548
549

			/* insert the separator */
			normalized->bv_val[normalized->bv_len++] = '#';

			/* append the UID */
			AC_MEMCPY( &normalized->bv_val[normalized->bv_len],
550
551
				uid.bv_val, uid.bv_len );
			normalized->bv_len += uid.bv_len;
552
553
554
555
556
557
558
559
560
561
562

			/* terminate */
			normalized->bv_val[normalized->bv_len] = '\0';
		}

		free( out.bv_val );
	}

	return LDAP_SUCCESS;
}

563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
/*
 * Handling boolean syntax and matching is quite rigid.
 * A more flexible approach would be to allow a variety
 * of strings to be normalized and prettied into TRUE
 * and FALSE.
 */
static int
booleanValidate(
	Syntax *syntax,
	struct berval *in )
{
	/* very unforgiving validation, requires no normalization
	 * before simplistic matching
	 */

	if( in->bv_len == 4 ) {
		if( !memcmp( in->bv_val, "TRUE", 4 ) ) {
			return LDAP_SUCCESS;
		}
	} else if( in->bv_len == 5 ) {
		if( !memcmp( in->bv_val, "FALSE", 5 ) ) {
			return LDAP_SUCCESS;
		}
	}

	return LDAP_INVALID_SYNTAX;
}

static int
booleanMatch(
	int *matchp,
594
	slap_mask_t flags,
595
596
597
598
599
600
601
602
603
604
605
	Syntax *syntax,
	MatchingRule *mr,
	struct berval *value,
	void *assertedValue )
{
	/* simplistic matching allowed by rigid validation */
	struct berval *asserted = (struct berval *) assertedValue;
	*matchp = value->bv_len != asserted->bv_len;
	return LDAP_SUCCESS;
}

606
607
608
609
610
/*-------------------------------------------------------------------
LDAP/X.500 string syntax / matching rules have a few oddities.  This
comment attempts to detail how slapd(8) treats them.

Summary:
611
  StringSyntax		X.500	LDAP	Matching/Comments
612
613
  DirectoryString	CHOICE	UTF8	i/e + ignore insignificant spaces
  PrintableString	subset	subset	i/e + ignore insignificant spaces
614
  PrintableString	subset	subset	i/e + ignore insignificant spaces
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
  NumericString		subset	subset  ignore all spaces
  IA5String			ASCII	ASCII	i/e + ignore insignificant spaces
  TeletexString		T.61	T.61	i/e + ignore insignificant spaces

  TelephoneNumber subset  subset  i + ignore all spaces and "-"

  See draft-ietf-ldapbis-strpro for details (once published).


Directory String -
  In X.500(93), a directory string can be either a PrintableString,
  a bmpString, or a UniversalString (e.g., UCS (a subset of Unicode)).
  In later versions, more CHOICEs were added.  In all cases the string
  must be non-empty.

630
  In LDAPv3, a directory string is a UTF-8 encoded UCS string.
631
  A directory string cannot be zero length.
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677

  For matching, there are both case ignore and exact rules.  Both
  also require that "insignificant" spaces be ignored.
	spaces before the first non-space are ignored;
	spaces after the last non-space are ignored;
	spaces after a space are ignored.
  Note: by these rules (and as clarified in X.520), a string of only
  spaces is to be treated as if held one space, not empty (which
  would be a syntax error).

NumericString
  In ASN.1, numeric string is just a string of digits and spaces
  and could be empty.  However, in X.500, all attribute values of
  numeric string carry a non-empty constraint.  For example:

	internationalISDNNumber ATTRIBUTE ::= {
		WITH SYNTAX InternationalISDNNumber
		EQUALITY MATCHING RULE numericStringMatch
		SUBSTRINGS MATCHING RULE numericStringSubstringsMatch
		ID id-at-internationalISDNNumber }
	InternationalISDNNumber ::=
	    NumericString (SIZE(1..ub-international-isdn-number))

  Unforunately, some assertion values are don't carry the same
  constraint (but its unclear how such an assertion could ever
  be true). In LDAP, there is one syntax (numericString) not two
  (numericString with constraint, numericString without constraint).
  This should be treated as numericString with non-empty constraint.
  Note that while someone may have no ISDN number, there are no ISDN
  numbers which are zero length.

  In matching, spaces are ignored.

PrintableString
  In ASN.1, Printable string is just a string of printable characters
  and can be empty.  In X.500, semantics much like NumericString (see
  serialNumber for a like example) excepting uses insignificant space
  handling instead of ignore all spaces.  

IA5String
  Basically same as PrintableString.  There are no examples in X.500,
  but same logic applies.  So we require them to be non-empty as
  well.

-------------------------------------------------------------------*/

678
679
680
681
682
683
684
685
686
static int
UTF8StringValidate(
	Syntax *syntax,
	struct berval *in )
{
	ber_len_t count;
	int len;
	unsigned char *u = in->bv_val;

687
688
689
690
	if( in->bv_len == 0 && syntax == slap_schema.si_syn_directoryString ) {
		/* directory strings cannot be empty */
		return LDAP_INVALID_SYNTAX;
	}
691

692
	for( count = in->bv_len; count > 0; count-=len, u+=len ) {
693
		/* get the length indicated by the first byte */
694
		len = LDAP_UTF8_CHARLEN2( u, len );
695

Kurt Zeilenga's avatar
Kurt Zeilenga committed
696
697
698
		/* very basic checks */
		switch( len ) {
			case 6:
699
				if( (u[5] & 0xC0) != 0x80 ) {
Kurt Zeilenga's avatar
Kurt Zeilenga committed
700
701
702
					return LDAP_INVALID_SYNTAX;
				}
			case 5:
703
				if( (u[4] & 0xC0) != 0x80 ) {
Kurt Zeilenga's avatar
Kurt Zeilenga committed
704
705
706
					return LDAP_INVALID_SYNTAX;
				}
			case 4:
707
				if( (u[3] & 0xC0) != 0x80 ) {
Kurt Zeilenga's avatar
Kurt Zeilenga committed
708
709
710
					return LDAP_INVALID_SYNTAX;
				}
			case 3:
711
				if( (u[2] & 0xC0 )!= 0x80 ) {
Kurt Zeilenga's avatar
Kurt Zeilenga committed
712
713
714
					return LDAP_INVALID_SYNTAX;
				}
			case 2:
715
				if( (u[1] & 0xC0) != 0x80 ) {
Kurt Zeilenga's avatar
Kurt Zeilenga committed
716
717
718
					return LDAP_INVALID_SYNTAX;
				}
			case 1:
719
				/* CHARLEN already validated it */
Kurt Zeilenga's avatar
Kurt Zeilenga committed
720
721
722
723
				break;
			default:
				return LDAP_INVALID_SYNTAX;
		}
724
725
726

		/* make sure len corresponds with the offset
			to the next character */
727
		if( LDAP_UTF8_OFFSET( u ) != len ) return LDAP_INVALID_SYNTAX;
728
729
	}

730
731
732
	if( count != 0 ) {
		return LDAP_INVALID_SYNTAX;
	}
733

734
	return LDAP_SUCCESS;
735
736
}

737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
#ifdef SLAP_NVALUES
static int
UTF8StringNormalize(
	slap_mask_t use,
	Syntax *syntax,
	MatchingRule *mr,
	struct berval *val,
	struct berval *normalized )
{
	struct berval tmp, nvalue;
	int flags;
	int i, wasspace;

	if( val->bv_val == NULL ) {
		/* assume we're dealing with a syntax (e.g., UTF8String)
		 * which allows empty strings
		 */
		normalized->bv_len = 0;
		normalized->bv_val = NULL;
		return LDAP_SUCCESS;
	}

	flags = SLAP_MR_ASSOCIATED(mr, slap_schema.si_mr_caseExactMatch )
760
		? LDAP_UTF8_NOCASEFOLD : LDAP_UTF8_CASEFOLD;
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
	flags |= ( use & SLAP_MR_EQUALITY_APPROX == SLAP_MR_EQUALITY_APPROX )
		? LDAP_UTF8_APPROX : 0;

	val = UTF8bvnormalize( val, &tmp, flags );
	if( val == NULL ) {
		return LDAP_OTHER;
	}
	
	/* collapse spaces (in place) */
	nvalue.bv_len = 0;
	nvalue.bv_val = tmp.bv_val;

	wasspace=1; /* trim leading spaces */
	for( i=0; i<tmp.bv_len; i++) {
		if ( ASCII_SPACE( tmp.bv_val[i] )) {
			if( wasspace++ == 0 ) {
				/* trim repeated spaces */
				nvalue.bv_val[nvalue.bv_len++] = tmp.bv_val[i];
			}
		} else {
			wasspace = 0;
			nvalue.bv_val[nvalue.bv_len++] = tmp.bv_val[i];
		}
	}

	if( nvalue.bv_len ) {
		if( wasspace ) {
			/* last character was a space, trim it */
			--nvalue.bv_len;
		}
		nvalue.bv_val[nvalue.bv_len] = '\0';

	} else {
		/* string of all spaces is treated as one space */
		nvalue.bv_val[0] = ' ';
		nvalue.bv_val[1] = '\0';
		nvalue.bv_len = 1;
	}

800
	*normalized = nvalue;
801
802
803
	return LDAP_SUCCESS;
}
#else
804

805
static int
806
xUTF8StringNormalize(
807
808
	Syntax *syntax,
	struct berval *val,
809
	struct berval *normalized )
810
{
811
	char *p, *q, *s, *e;
812
	int len = 0;
813

Kurt Zeilenga's avatar
Kurt Zeilenga committed
814
815
816
	/* validator should have refused an empty string */
	assert( val->bv_len );

817
	p = val->bv_val;
818

819
	/* Ignore initial whitespace */
820
	/* All space is ASCII. All ASCII is 1 byte */
821
	for ( ; p < val->bv_val + val->bv_len && ASCII_SPACE( p[ 0 ] ); p++ );
822

823
	normalized->bv_len = val->bv_len - (p - val->bv_val);
Kurt Zeilenga's avatar
Kurt Zeilenga committed
824
825
826
827
828
829

	if( !normalized->bv_len ) {
		ber_mem2bv( " ", 1, 1, normalized );
		return LDAP_SUCCESS;
	}

830
831
	ber_mem2bv( p, normalized->bv_len, 1, normalized );
	e = normalized->bv_val + normalized->bv_len;
832
833
834
835

	assert( normalized->bv_val );

	p = q = normalized->bv_val;
836
	s = NULL;
837

838
	while ( p < e ) {
839
840
841
842
843
		q += len;
		if ( ASCII_SPACE( *p ) ) {
			s = q - len;
			len = 1;
			*q = *p++;
844

845
			/* Ignore the extra whitespace */
846
847
			while ( ASCII_SPACE( *p ) ) {
				p++;
848
			}
Kurt Zeilenga's avatar
Kurt Zeilenga committed
849
		} else {
850
851
852
			len = LDAP_UTF8_COPY(q,p);
			s=NULL;
			p+=len;
Kurt Zeilenga's avatar
Kurt Zeilenga committed
853
		}
854
855
	}

856
	assert( normalized->bv_val <= p );
857
	assert( q+len <= p );
858

859
	/* cannot start with a space */
860
	assert( !ASCII_SPACE( normalized->bv_val[0] ) );
861
862
863
864
865
866
867
868

	/*
	 * If the string ended in space, backup the pointer one
	 * position.  One is enough because the above loop collapsed
	 * all whitespace to a single space.
	 */

	if ( s != NULL ) {
Howard Chu's avatar
Howard Chu committed
869
		len = q - s;
870
		q = s;
Kurt Zeilenga's avatar
Kurt Zeilenga committed
871
	}
872

873
	/* cannot end with a space */
874
875
876
	assert( !ASCII_SPACE( *q ) );

	q += len;
877
878
879
880

	/* null terminate */
	*q = '\0';

881
	normalized->bv_len = q - normalized->bv_val;
882

883
	return LDAP_SUCCESS;
884
885
}

886
/* Returns Unicode canonically normalized copy of a substring assertion
887
 * Skipping attribute description */
888
static SubstringsAssertion *
889
UTF8SubstringsAssertionNormalize(
890
	SubstringsAssertion *sa,
Kurt Zeilenga's avatar
Kurt Zeilenga committed
891
	unsigned casefold )
892
893
894
895
{
	SubstringsAssertion *nsa;
	int i;

Julius Enarusai's avatar
   
Julius Enarusai committed
896
	nsa = (SubstringsAssertion *)SLAP_CALLOC( 1, sizeof(SubstringsAssertion) );
897
898
899
900
	if( nsa == NULL ) {
		return NULL;
	}

901
	if( sa->sa_initial.bv_val != NULL ) {
902
		UTF8bvnormalize( &sa->sa_initial, &nsa->sa_initial, casefold );
903
		if( nsa->sa_initial.bv_val == NULL ) {
904
905
906
907
908
			goto err;
		}
	}

	if( sa->sa_any != NULL ) {
909
		for( i=0; sa->sa_any[i].bv_val != NULL; i++ ) {
910
911
			/* empty */
		}
912
		nsa->sa_any = (struct berval *)
Julius Enarusai's avatar
   
Julius Enarusai committed
913
914
915
916
			SLAP_MALLOC( (i + 1) * sizeof(struct berval) );
		if( nsa->sa_any == NULL ) {
				goto err;
		}
917

918
		for( i=0; sa->sa_any[i].bv_val != NULL; i++ ) {
919
			UTF8bvnormalize( &sa->sa_any[i], &nsa->sa_any[i], 
920
				casefold );
921
			if( nsa->sa_any[i].bv_val == NULL ) {
922
923
924
				goto err;
			}
		}
925
		nsa->sa_any[i].bv_val = NULL;
926
927
	}

928
	if( sa->sa_final.bv_val != NULL ) {
929
		UTF8bvnormalize( &sa->sa_final, &nsa->sa_final, casefold );
930
		if( nsa->sa_final.bv_val == NULL ) {
931
932
933
934
935
936
937
			goto err;
		}
	}

	return nsa;

err:
Howard Chu's avatar
Howard Chu committed
938
	if ( nsa->sa_final.bv_val ) free( nsa->sa_final.bv_val );
939
	if ( nsa->sa_any ) ber_bvarray_free( nsa->sa_any );
Howard Chu's avatar
Howard Chu committed
940
	if ( nsa->sa_initial.bv_val ) free( nsa->sa_initial.bv_val );
941
942
943
944
	ch_free( nsa );
	return NULL;
}

945
#ifndef SLAPD_APPROX_OLDSINGLESTRING
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963

#if defined(SLAPD_APPROX_INITIALS)
#define SLAPD_APPROX_DELIMITER "._ "
#define SLAPD_APPROX_WORDLEN 2
#else
#define SLAPD_APPROX_DELIMITER " "
#define SLAPD_APPROX_WORDLEN 1
#endif

static int
approxMatch(
	int *matchp,
	slap_mask_t flags,
	Syntax *syntax,
	MatchingRule *mr,
	struct berval *value,
	void *assertedValue )
{
964
965
	struct berval *nval, *assertv;
	char *val, **values, **words, *c;
966
967
	int i, count, len, nextchunk=0, nextavail=0;

968
	/* Yes, this is necessary */
969
	nval = UTF8bvnormalize( value, NULL, LDAP_UTF8_APPROX );
970
	if( nval == NULL ) {
971
972
973
974
975
		*matchp = 1;
		return LDAP_SUCCESS;
	}

	/* Yes, this is necessary */
Kurt Zeilenga's avatar
Kurt Zeilenga committed
976
977
	assertv = UTF8bvnormalize( ((struct berval *)assertedValue),
		NULL, LDAP_UTF8_APPROX );
978
	if( assertv == NULL ) {
979
		ber_bvfree( nval );
980
981
982
		*matchp = 1;
		return LDAP_SUCCESS;
	}
983
984

	/* Isolate how many words there are */
985
	for ( c = nval->bv_val, count = 1; *c; c++ ) {
986
987
988
989
990
991
992
993
994
		c = strpbrk( c, SLAPD_APPROX_DELIMITER );
		if ( c == NULL ) break;
		*c = '\0';
		count++;
	}

	/* Get a phonetic copy of each word */
	words = (char **)ch_malloc( count * sizeof(char *) );
	values = (char **)ch_malloc( count * sizeof(char *) );
995
	for ( c = nval->bv_val, i = 0;  i < count; i++, c += strlen(c) + 1 ) {
996
997
998
999
		words[i] = c;
		values[i] = phonetic(c);
	}

1000
	/* Work through the asserted value's words, to see if at least some
1001
1002
	   of the words are there, in the same order. */
	len = 0;
1003
1004
	while ( (ber_len_t) nextchunk < assertv->bv_len ) {
		len = strcspn( assertv->bv_val + nextchunk, SLAPD_APPROX_DELIMITER);
1005
1006
1007
1008
		if( len == 0 ) {
			nextchunk++;
			continue;
		}
1009
#if defined(SLAPD_APPROX_INITIALS)
1010
		else if( len == 1 ) {
1011
1012
			/* Single letter words need to at least match one word's initial */
			for( i=nextavail; i<count; i++ )
1013
				if( !strncasecmp( assertv->bv_val + nextchunk, words[i], 1 )) {
1014
					nextavail=i+1;
1015
					break;
1016
				}
1017
1018
		}
#endif
1019
		else {
1020
			/* Isolate the next word in the asserted value and phonetic it */
1021
1022
			assertv->bv_val[nextchunk+len] = '\0';
			val = phonetic( assertv->bv_val + nextchunk );
1023
1024
1025
1026
1027
1028
1029
1030

			/* See if this phonetic chunk is in the remaining words of *value */
			for( i=nextavail; i<count; i++ ){
				if( !strcmp( val, values[i] ) ){
					nextavail = i+1;
					break;
				}
			}
1031
			ch_free( val );
1032
1033
1034
1035
1036
1037
1038
1039
1040
1041
1042
1043
1044
1045
1046
1047
1048
1049
1050
1051
1052
		}

		/* This chunk in the asserted value was NOT within the *value. */
		if( i >= count ) {
			nextavail=-1;
			break;
		}

		/* Go on to the next word in the asserted value */
		nextchunk += len+1;
	}

	/* If some of the words were seen, call it a match */
	if( nextavail > 0 ) {
		*matchp = 0;
	}
	else {
		*matchp = 1;
	}

	/* Cleanup allocs */
1053
	ber_bvfree( assertv );
1054
1055
1056
1057
1058
	for( i=0; i<count; i++ ) {
		ch_free( values[i] );
	}
	ch_free( values );
	ch_free( words );
1059
	ber_bvfree( nval );
1060
1061
1062
1063

	return LDAP_SUCCESS;
}

1064
static int 
1065
1066
1067
1068
1069
1070
approxIndexer(
	slap_mask_t use,
	slap_mask_t flags,
	Syntax *syntax,
	MatchingRule *mr,
	struct berval *prefix,
1071
1072
	BerVarray values,
	BerVarray *keysp )
1073
{
1074
	char *c;
1075
	int i,j, len, wordcount, keycount=0;
1076
	struct berval *newkeys;
1077
	BerVarray keys=NULL;
1078

1079
	for( j=0; values[j].bv_val != NULL; j++ ) {
1080
		struct berval val = { 0, NULL };
1081
		/* Yes, this is necessary */
1082
1083
		UTF8bvnormalize( &values[j], &val, LDAP_UTF8_APPROX );
		assert( val.bv_val != NULL );
1084

1085
		/* Isolate how many words there are. There will be a key for each */
1086
		for( wordcount = 0, c = val.bv_val; *c; c++) {
1087
1088
1089
1090
1091
1092
1093
1094
			len = strcspn(c, SLAPD_APPROX_DELIMITER);
			if( len >= SLAPD_APPROX_WORDLEN ) wordcount++;
			c+= len;
			if (*c == '\0') break;
			*c = '\0';
		}

		/* Allocate/increase storage to account for new keys */
1095
1096
		newkeys = (struct berval *)ch_malloc( (keycount + wordcount + 1) 
			* sizeof(struct berval) );
Kurt Zeilenga's avatar
Kurt Zeilenga committed
1097
		AC_MEMCPY( newkeys, keys, keycount * sizeof(struct berval) );
1098
1099
1100
1101
		if( keys ) ch_free( keys );
		keys = newkeys;

		/* Get a phonetic copy of each word */
1102
		for( c = val.bv_val, i = 0; i < wordcount; c += len + 1 ) {
1103
1104
			len = strlen( c );
			if( len < SLAPD_APPROX_WORDLEN ) continue;
1105
			ber_str2bv( phonetic( c ), 0, 0, &keys[keycount] );
1106
1107
1108
1109
			keycount++;
			i++;
		}

1110
		ber_memfree( val.bv_val );
1111
	}
1112
	keys[keycount].bv_val = NULL;
1113
1114
1115
1116
1117
	*keysp = keys;

	return LDAP_SUCCESS;
}

1118
static int 
1119
1120
1121
1122
1123
1124
approxFilter(
	slap_mask_t use,
	slap_mask_t flags,
	Syntax *syntax,
	MatchingRule *mr,
	struct berval *prefix,
1125
	void * assertedValue,
1126
	BerVarray *keysp )
1127
{
1128
	char *c;
1129
	int i, count, len;
1130
	struct berval *val;
1131
	BerVarray keys;
1132

1133
	/* Yes, this is necessary */
1134
	val = UTF8bvnormalize( ((struct berval *)assertedValue),
Kurt Zeilenga's avatar
Kurt Zeilenga committed
1135
		NULL, LDAP_UTF8_APPROX );
1136
	if( val == NULL || val->bv_val == NULL ) {
1137
1138
		keys = (struct berval *)ch_malloc( sizeof(struct berval) );
		keys[0].bv_val = NULL;
1139
		*keysp = keys;
1140
		ber_bvfree( val );
1141
1142
1143
		return LDAP_SUCCESS;
	}

1144
	/* Isolate how many words there are. There will be a key for each */
1145
	for( count = 0,c = val->bv_val; *c; c++) {
1146
1147
1148
1149
1150
1151
1152
1153
		len = strcspn(c, SLAPD_APPROX_DELIMITER);
		if( len >= SLAPD_APPROX_WORDLEN ) count++;
		c+= len;
		if (*c == '\0') break;
		*c = '\0';
	}

	/* Allocate storage for new keys */
1154
	keys = (struct berval *)ch_malloc( (count + 1) * sizeof(struct berval) );
1155
1156

	/* Get a phonetic copy of each word */
1157
	for( c = val->bv_val, i = 0; i < count; c += len + 1 ) {
1158
1159
		len = strlen(c);
		if( len < SLAPD_APPROX_WORDLEN ) continue;
1160
		ber_str2bv( phonetic( c ), 0, 0, &keys[i] );
1161
1162