schema_init.c 110 KB
Newer Older
1
2
3
/* schema_init.c - init builtin schema */
/* $OpenLDAP$ */
/*
Kurt Zeilenga's avatar
Kurt Zeilenga committed
4
 * Copyright 1998-2002 The OpenLDAP Foundation, All Rights Reserved.
5
6
7
8
9
10
 * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
 */

#include "portable.h"

#include <stdio.h>
Kurt Zeilenga's avatar
Kurt Zeilenga committed
11
#include <limits.h>
12
13

#include <ac/ctype.h>
14
#include <ac/errno.h>
15
16
17
18
19
#include <ac/string.h>
#include <ac/socket.h>

#include "slap.h"
#include "ldap_pvt.h"
Pierangelo Masarati's avatar
Pierangelo Masarati committed
20
#include "lber_pvt.h"
21

22
23
#include "ldap_utf8.h"

24
25
26
27
28
29
#include "lutil_hash.h"
#define HASH_BYTES				LUTIL_HASH_BYTES
#define HASH_CONTEXT			lutil_HASH_CTX
#define HASH_Init(c)			lutil_HASHInit(c)
#define HASH_Update(c,buf,len)	lutil_HASHUpdate(c,buf,len)
#define HASH_Final(d,c)			lutil_HASHFinal(d,c)
30

31
/* recycled validatation routines */
32
#define berValidate						blobValidate
33
34

/* unimplemented pretters */
35
#define integerPretty					NULL
36
37

/* recycled matching routines */
38
#define bitStringMatch					octetStringMatch
39
#define numericStringMatch				caseIgnoreIA5Match
40
#define objectIdentifierMatch			octetStringMatch
41
#define telephoneNumberMatch			caseIgnoreIA5Match
42
#define telephoneNumberSubstringsMatch	caseIgnoreIA5SubstringsMatch
43
44
#define generalizedTimeMatch			caseIgnoreIA5Match
#define generalizedTimeOrderingMatch	caseIgnoreIA5Match
45
#define uniqueMemberMatch				dnMatch
46
#define integerFirstComponentMatch		integerMatch
47

48
49
/* approx matching rules */
#define directoryStringApproxMatchOID	"1.3.6.1.4.1.4203.666.4.4"
Gary Williams's avatar
Gary Williams committed
50
51
52
#define directoryStringApproxMatch	approxMatch
#define directoryStringApproxIndexer	approxIndexer
#define directoryStringApproxFilter	approxFilter
53
#define IA5StringApproxMatchOID			"1.3.6.1.4.1.4203.666.4.5"
Gary Williams's avatar
Gary Williams committed
54
#define IA5StringApproxMatch			approxMatch
55
#define IA5StringApproxIndexer			approxIndexer
Gary Williams's avatar
Gary Williams committed
56
#define IA5StringApproxFilter			approxFilter
57

58
/* ordering matching rules */
59
60
#define caseIgnoreOrderingMatch			caseIgnoreMatch
#define caseExactOrderingMatch			caseExactMatch
61
#define integerOrderingMatch			integerMatch
62
63
#define	octetStringOrderingMatch		octetStringMatch

64
/* unimplemented matching routines */
65
66
67
68
#define caseIgnoreListMatch				NULL
#define caseIgnoreListSubstringsMatch	NULL
#define protocolInformationMatch		NULL

Kurt Zeilenga's avatar
Kurt Zeilenga committed
69
#ifdef SLAPD_ACI_ENABLED
70
#define OpenLDAPaciMatch				NULL
Kurt Zeilenga's avatar
Kurt Zeilenga committed
71
72
#endif
#ifdef SLAPD_AUTHPASSWD
73
#define authPasswordMatch				NULL
Kurt Zeilenga's avatar
Kurt Zeilenga committed
74
#endif
75
76

/* recycled indexing/filtering routines */
77
78
#define dnIndexer				caseExactIgnoreIndexer
#define dnFilter				caseExactIgnoreFilter
79
80
#define bitStringFilter			octetStringFilter
#define bitStringIndexer		octetStringIndexer
81

82
83
84
85
86
#define telephoneNumberIndexer			caseIgnoreIA5Indexer
#define telephoneNumberFilter			caseIgnoreIA5Filter
#define telephoneNumberSubstringsIndexer	caseIgnoreIA5SubstringsIndexer
#define telephoneNumberSubstringsFilter		caseIgnoreIA5SubstringsFilter

87
88
89
90
91
92
93
94
95
96
97
98
99
100
static MatchingRule *caseExactMatchingRule;
static MatchingRule *caseExactSubstringsMatchingRule;
static MatchingRule *integerFirstComponentMatchingRule;

static const struct MatchingRulePtr {
	const char   *oid;
	MatchingRule **mr;
} mr_ptr [] = {
	/* must match OIDs below */
	{ "2.5.13.5",  &caseExactMatchingRule },
	{ "2.5.13.7",  &caseExactSubstringsMatchingRule },
	{ "2.5.13.29", &integerFirstComponentMatchingRule }
};

101

102
static char *bvcasechr( struct berval *bv, unsigned char c, ber_len_t *len )
103
{
104
	ber_len_t i;
105
106
	char lower = TOLOWER( c );
	char upper = TOUPPER( c );
107
108

	if( c == 0 ) return NULL;
109
110
111
112
113
114
	
	for( i=0; i < bv->bv_len; i++ ) {
		if( upper == bv->bv_val[i] || lower == bv->bv_val[i] ) {
			*len = i;
			return &bv->bv_val[i];
		}
115
	}
116
117

	return NULL;
118
}
119

120
121
122
static int
octetStringMatch(
	int *matchp,
123
	slap_mask_t flags,
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
	Syntax *syntax,
	MatchingRule *mr,
	struct berval *value,
	void *assertedValue )
{
	int match = value->bv_len - ((struct berval *) assertedValue)->bv_len;

	if( match == 0 ) {
		match = memcmp( value->bv_val,
			((struct berval *) assertedValue)->bv_val,
			value->bv_len );
	}

	*matchp = match;
	return LDAP_SUCCESS;
}

/* Index generation function */
142
int octetStringIndexer(
143
144
	slap_mask_t use,
	slap_mask_t flags,
145
146
147
	Syntax *syntax,
	MatchingRule *mr,
	struct berval *prefix,
148
149
	BerVarray values,
	BerVarray *keysp )
150
151
152
{
	int i;
	size_t slen, mlen;
153
	BerVarray keys;
154
	HASH_CONTEXT   HASHcontext;
Gary Williams's avatar
Gary Williams committed
155
	unsigned char	HASHdigest[HASH_BYTES];
156
	struct berval digest;
157
158
	digest.bv_val = HASHdigest;
	digest.bv_len = sizeof(HASHdigest);
159

160
	for( i=0; values[i].bv_val != NULL; i++ ) {
161
162
163
		/* just count them */
	}

Kurt Zeilenga's avatar
Kurt Zeilenga committed
164
165
166
	/* we should have at least one value at this point */
	assert( i > 0 );

167
	keys = ch_malloc( sizeof( struct berval ) * (i+1) );
168

169
170
	slen = syntax->ssyn_oidlen;
	mlen = mr->smr_oidlen;
171

172
	for( i=0; values[i].bv_val != NULL; i++ ) {
173
		HASH_Init( &HASHcontext );
174
		if( prefix != NULL && prefix->bv_len > 0 ) {
175
			HASH_Update( &HASHcontext,
176
177
				prefix->bv_val, prefix->bv_len );
		}
178
		HASH_Update( &HASHcontext,
179
			syntax->ssyn_oid, slen );
180
		HASH_Update( &HASHcontext,
181
			mr->smr_oid, mlen );
182
		HASH_Update( &HASHcontext,
183
			values[i].bv_val, values[i].bv_len );
184
		HASH_Final( HASHdigest, &HASHcontext );
185

186
		ber_dupbv( &keys[i], &digest );
187
188
	}

189
	keys[i].bv_val = NULL;
190
	keys[i].bv_len = 0;
191
192
193
194
195
196
197

	*keysp = keys;

	return LDAP_SUCCESS;
}

/* Index generation function */
198
int octetStringFilter(
199
200
	slap_mask_t use,
	slap_mask_t flags,
201
202
203
	Syntax *syntax,
	MatchingRule *mr,
	struct berval *prefix,
204
	void * assertedValue,
205
	BerVarray *keysp )
206
207
{
	size_t slen, mlen;
208
	BerVarray keys;
209
	HASH_CONTEXT   HASHcontext;
Gary Williams's avatar
Gary Williams committed
210
	unsigned char	HASHdigest[HASH_BYTES];
211
	struct berval *value = (struct berval *) assertedValue;
212
	struct berval digest;
213
214
	digest.bv_val = HASHdigest;
	digest.bv_len = sizeof(HASHdigest);
215

216
217
	slen = syntax->ssyn_oidlen;
	mlen = mr->smr_oidlen;
218

219
	keys = ch_malloc( sizeof( struct berval ) * 2 );
220

221
	HASH_Init( &HASHcontext );
222
	if( prefix != NULL && prefix->bv_len > 0 ) {
223
		HASH_Update( &HASHcontext,
224
225
			prefix->bv_val, prefix->bv_len );
	}
226
	HASH_Update( &HASHcontext,
227
		syntax->ssyn_oid, slen );
228
	HASH_Update( &HASHcontext,
229
		mr->smr_oid, mlen );
230
	HASH_Update( &HASHcontext,
231
		value->bv_val, value->bv_len );
232
	HASH_Final( HASHdigest, &HASHcontext );
233

234
235
	ber_dupbv( keys, &digest );
	keys[1].bv_val = NULL;
236
	keys[1].bv_len = 0;
237
238
239
240
241

	*keysp = keys;

	return LDAP_SUCCESS;
}
242

243
244
245
246
247
static int
inValidate(
	Syntax *syntax,
	struct berval *in )
{
Kurt Zeilenga's avatar
Kurt Zeilenga committed
248
249
	/* no value allowed */
	return LDAP_INVALID_SYNTAX;
250
251
}

252
static int
253
blobValidate(
254
255
256
257
	Syntax *syntax,
	struct berval *in )
{
	/* any value allowed */
258
	return LDAP_SUCCESS;
259
260
}

261
262
263
264
265
266
267
268
269
270
271
272
273
static int
bitStringValidate(
	Syntax *syntax,
	struct berval *in )
{
	ber_len_t i;

	/* very unforgiving validation, requires no normalization
	 * before simplistic matching
	 */
	if( in->bv_len < 3 ) {
		return LDAP_INVALID_SYNTAX;
	}
274

275
276
277
278
279
280
281
282
283
284
	/*
	 * rfc 2252 section 6.3 Bit String
	 * bitstring = "'" *binary-digit "'"
	 * binary-digit = "0" / "1"
	 * example: '0101111101'B
	 */
	
	if( in->bv_val[0] != '\'' ||
		in->bv_val[in->bv_len-2] != '\'' ||
		in->bv_val[in->bv_len-1] != 'B' )
285
286
287
288
	{
		return LDAP_INVALID_SYNTAX;
	}

289
	for( i=in->bv_len-3; i>0; i-- ) {
290
291
292
293
294
295
296
297
		if( in->bv_val[i] != '0' && in->bv_val[i] != '1' ) {
			return LDAP_INVALID_SYNTAX;
		}
	}

	return LDAP_SUCCESS;
}

298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
static int
nameUIDValidate(
	Syntax *syntax,
	struct berval *in )
{
	int rc;
	struct berval dn;

	if( in->bv_len == 0 ) return LDAP_SUCCESS;

	ber_dupbv( &dn, in );
	if( !dn.bv_val ) return LDAP_OTHER;

	if( dn.bv_val[dn.bv_len-1] == 'B'
		&& dn.bv_val[dn.bv_len-2] == '\'' )
	{
		/* assume presence of optional UID */
		ber_len_t i;

		for(i=dn.bv_len-3; i>1; i--) {
			if( dn.bv_val[i] != '0' &&	dn.bv_val[i] != '1' ) {
				break;
			}
		}
		if( dn.bv_val[i] != '\'' || dn.bv_val[i-1] != '#' ) {
			ber_memfree( dn.bv_val );
			return LDAP_INVALID_SYNTAX;
		}

		/* trim the UID to allow use of dnValidate */
		dn.bv_val[i-1] = '\0';
		dn.bv_len = i-1;
	}

	rc = dnValidate( NULL, &dn );

	ber_memfree( dn.bv_val );
	return rc;
}

static int
nameUIDNormalize(
	Syntax *syntax,
	struct berval *val,
	struct berval *normalized )
{
	struct berval out;
	int rc;

	ber_dupbv( &out, val );
	if( out.bv_len != 0 ) {
349
		struct berval uid = { 0, NULL };
350
351
352
353
354

		if( out.bv_val[out.bv_len-1] == 'B'
			&& out.bv_val[out.bv_len-2] == '\'' )
		{
			/* assume presence of optional UID */
355
			uid.bv_val = strrchr( out.bv_val, '#' );
356

357
			if( uid.bv_val == NULL ) {
358
359
360
361
				free( out.bv_val );
				return LDAP_INVALID_SYNTAX;
			}

362
363
			uid.bv_len = out.bv_len - (uid.bv_val - out.bv_val);
			out.bv_len -= uid.bv_len--;
364
365

			/* temporarily trim the UID */
366
			*(uid.bv_val++) = '\0';
367
368
369
370
371
372
373
374
375
		}

		rc = dnNormalize2( NULL, &out, normalized );

		if( rc != LDAP_SUCCESS ) {
			free( out.bv_val );
			return LDAP_INVALID_SYNTAX;
		}

376
		if( uid.bv_len ) {
377
			normalized->bv_val = ch_realloc( normalized->bv_val,
378
				normalized->bv_len + uid.bv_len + sizeof("#") );
379
380
381
382
383
384

			/* insert the separator */
			normalized->bv_val[normalized->bv_len++] = '#';

			/* append the UID */
			AC_MEMCPY( &normalized->bv_val[normalized->bv_len],
385
386
				uid.bv_val, uid.bv_len );
			normalized->bv_len += uid.bv_len;
387
388
389
390
391
392
393
394
395
396
397

			/* terminate */
			normalized->bv_val[normalized->bv_len] = '\0';
		}

		free( out.bv_val );
	}

	return LDAP_SUCCESS;
}

398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
/*
 * Handling boolean syntax and matching is quite rigid.
 * A more flexible approach would be to allow a variety
 * of strings to be normalized and prettied into TRUE
 * and FALSE.
 */
static int
booleanValidate(
	Syntax *syntax,
	struct berval *in )
{
	/* very unforgiving validation, requires no normalization
	 * before simplistic matching
	 */

	if( in->bv_len == 4 ) {
		if( !memcmp( in->bv_val, "TRUE", 4 ) ) {
			return LDAP_SUCCESS;
		}
	} else if( in->bv_len == 5 ) {
		if( !memcmp( in->bv_val, "FALSE", 5 ) ) {
			return LDAP_SUCCESS;
		}
	}

	return LDAP_INVALID_SYNTAX;
}

static int
booleanMatch(
	int *matchp,
429
	slap_mask_t flags,
430
431
432
433
434
435
436
437
438
439
440
	Syntax *syntax,
	MatchingRule *mr,
	struct berval *value,
	void *assertedValue )
{
	/* simplistic matching allowed by rigid validation */
	struct berval *asserted = (struct berval *) assertedValue;
	*matchp = value->bv_len != asserted->bv_len;
	return LDAP_SUCCESS;
}

441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
/*-------------------------------------------------------------------
LDAP/X.500 string syntax / matching rules have a few oddities.  This
comment attempts to detail how slapd(8) treats them.

Summary:
  StringSyntax		X.500	LDAP	Matching
  DirectoryString	CHOICE	UTF8	i/e + ignore insignificant spaces
  PrintableString	subset	subset	i/e + ignore insignificant spaces
  NumericString		subset	subset  ignore all spaces
  IA5String			ASCII	ASCII	i/e + ignore insignificant spaces
  TeletexString		T.61	T.61	i/e + ignore insignificant spaces

  TelephoneNumber subset  subset  i + ignore all spaces and "-"

  See draft-ietf-ldapbis-strpro for details (once published).


Directory String -
  In X.500(93), a directory string can be either a PrintableString,
  a bmpString, or a UniversalString (e.g., UCS (a subset of Unicode)).
  In later versions, more CHOICEs were added.  In all cases the string
  must be non-empty.

464
  In LDAPv3, a directory string is a UTF-8 encoded UCS string.
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510

  For matching, there are both case ignore and exact rules.  Both
  also require that "insignificant" spaces be ignored.
	spaces before the first non-space are ignored;
	spaces after the last non-space are ignored;
	spaces after a space are ignored.
  Note: by these rules (and as clarified in X.520), a string of only
  spaces is to be treated as if held one space, not empty (which
  would be a syntax error).

NumericString
  In ASN.1, numeric string is just a string of digits and spaces
  and could be empty.  However, in X.500, all attribute values of
  numeric string carry a non-empty constraint.  For example:

	internationalISDNNumber ATTRIBUTE ::= {
		WITH SYNTAX InternationalISDNNumber
		EQUALITY MATCHING RULE numericStringMatch
		SUBSTRINGS MATCHING RULE numericStringSubstringsMatch
		ID id-at-internationalISDNNumber }
	InternationalISDNNumber ::=
	    NumericString (SIZE(1..ub-international-isdn-number))

  Unforunately, some assertion values are don't carry the same
  constraint (but its unclear how such an assertion could ever
  be true). In LDAP, there is one syntax (numericString) not two
  (numericString with constraint, numericString without constraint).
  This should be treated as numericString with non-empty constraint.
  Note that while someone may have no ISDN number, there are no ISDN
  numbers which are zero length.

  In matching, spaces are ignored.

PrintableString
  In ASN.1, Printable string is just a string of printable characters
  and can be empty.  In X.500, semantics much like NumericString (see
  serialNumber for a like example) excepting uses insignificant space
  handling instead of ignore all spaces.  

IA5String
  Basically same as PrintableString.  There are no examples in X.500,
  but same logic applies.  So we require them to be non-empty as
  well.

-------------------------------------------------------------------*/

511
512
513
514
515
516
517
518
519
static int
UTF8StringValidate(
	Syntax *syntax,
	struct berval *in )
{
	ber_len_t count;
	int len;
	unsigned char *u = in->bv_val;

520
521
	if( !in->bv_len ) return LDAP_INVALID_SYNTAX;

522
	for( count = in->bv_len; count > 0; count-=len, u+=len ) {
523
		/* get the length indicated by the first byte */
524
		len = LDAP_UTF8_CHARLEN2( u, len );
525

Kurt Zeilenga's avatar
Kurt Zeilenga committed
526
527
528
		/* very basic checks */
		switch( len ) {
			case 6:
529
				if( (u[5] & 0xC0) != 0x80 ) {
Kurt Zeilenga's avatar
Kurt Zeilenga committed
530
531
532
					return LDAP_INVALID_SYNTAX;
				}
			case 5:
533
				if( (u[4] & 0xC0) != 0x80 ) {
Kurt Zeilenga's avatar
Kurt Zeilenga committed
534
535
536
					return LDAP_INVALID_SYNTAX;
				}
			case 4:
537
				if( (u[3] & 0xC0) != 0x80 ) {
Kurt Zeilenga's avatar
Kurt Zeilenga committed
538
539
540
					return LDAP_INVALID_SYNTAX;
				}
			case 3:
541
				if( (u[2] & 0xC0 )!= 0x80 ) {
Kurt Zeilenga's avatar
Kurt Zeilenga committed
542
543
544
					return LDAP_INVALID_SYNTAX;
				}
			case 2:
545
				if( (u[1] & 0xC0) != 0x80 ) {
Kurt Zeilenga's avatar
Kurt Zeilenga committed
546
547
548
					return LDAP_INVALID_SYNTAX;
				}
			case 1:
549
				/* CHARLEN already validated it */
Kurt Zeilenga's avatar
Kurt Zeilenga committed
550
551
552
553
				break;
			default:
				return LDAP_INVALID_SYNTAX;
		}
554
555
556

		/* make sure len corresponds with the offset
			to the next character */
557
		if( LDAP_UTF8_OFFSET( u ) != len ) return LDAP_INVALID_SYNTAX;
558
559
	}

560
	if( count != 0 ) return LDAP_INVALID_SYNTAX;
561

562
	return LDAP_SUCCESS;
563
564
565
566
567
568
}

static int
UTF8StringNormalize(
	Syntax *syntax,
	struct berval *val,
569
	struct berval *normalized )
570
{
571
	char *p, *q, *s, *e;
572
	int len = 0;
573

Kurt Zeilenga's avatar
Kurt Zeilenga committed
574
575
576
	/* validator should have refused an empty string */
	assert( val->bv_len );

577
	p = val->bv_val;
578

579
	/* Ignore initial whitespace */
580
	/* All space is ASCII. All ASCII is 1 byte */
581
	for ( ; p < val->bv_val + val->bv_len && ASCII_SPACE( p[ 0 ] ); p++ );
582

583
	normalized->bv_len = val->bv_len - (p - val->bv_val);
Kurt Zeilenga's avatar
Kurt Zeilenga committed
584
585
586
587
588
589

	if( !normalized->bv_len ) {
		ber_mem2bv( " ", 1, 1, normalized );
		return LDAP_SUCCESS;
	}

590
591
	ber_mem2bv( p, normalized->bv_len, 1, normalized );
	e = normalized->bv_val + normalized->bv_len;
592
593
594
595

	assert( normalized->bv_val );

	p = q = normalized->bv_val;
596
	s = NULL;
597

598
	while ( p < e ) {
599
600
601
602
603
		q += len;
		if ( ASCII_SPACE( *p ) ) {
			s = q - len;
			len = 1;
			*q = *p++;
604

605
			/* Ignore the extra whitespace */
606
607
			while ( ASCII_SPACE( *p ) ) {
				p++;
608
			}
Kurt Zeilenga's avatar
Kurt Zeilenga committed
609
		} else {
610
611
612
			len = LDAP_UTF8_COPY(q,p);
			s=NULL;
			p+=len;
Kurt Zeilenga's avatar
Kurt Zeilenga committed
613
		}
614
615
	}

616
	assert( normalized->bv_val <= p );
617
	assert( q+len <= p );
618

619
	/* cannot start with a space */
620
	assert( !ASCII_SPACE( normalized->bv_val[0] ) );
621
622
623
624
625
626
627
628

	/*
	 * If the string ended in space, backup the pointer one
	 * position.  One is enough because the above loop collapsed
	 * all whitespace to a single space.
	 */

	if ( s != NULL ) {
Howard Chu's avatar
Howard Chu committed
629
		len = q - s;
630
		q = s;
Kurt Zeilenga's avatar
Kurt Zeilenga committed
631
	}
632

633
	/* cannot end with a space */
634
635
636
	assert( !ASCII_SPACE( *q ) );

	q += len;
637
638
639
640

	/* null terminate */
	*q = '\0';

641
	normalized->bv_len = q - normalized->bv_val;
642

643
	return LDAP_SUCCESS;
644
645
}

646
/* Returns Unicode canonically normalized copy of a substring assertion
647
 * Skipping attribute description */
648
static SubstringsAssertion *
649
650
UTF8SubstringsassertionNormalize(
	SubstringsAssertion *sa,
Kurt Zeilenga's avatar
Kurt Zeilenga committed
651
	unsigned casefold )
652
653
654
655
{
	SubstringsAssertion *nsa;
	int i;

Julius Enarusai's avatar
   
Julius Enarusai committed
656
	nsa = (SubstringsAssertion *)SLAP_CALLOC( 1, sizeof(SubstringsAssertion) );
657
658
659
660
	if( nsa == NULL ) {
		return NULL;
	}

661
	if( sa->sa_initial.bv_val != NULL ) {
662
		UTF8bvnormalize( &sa->sa_initial, &nsa->sa_initial, casefold );
663
		if( nsa->sa_initial.bv_val == NULL ) {
664
665
666
667
668
			goto err;
		}
	}

	if( sa->sa_any != NULL ) {
669
		for( i=0; sa->sa_any[i].bv_val != NULL; i++ ) {
670
671
			/* empty */
		}
672
		nsa->sa_any = (struct berval *)
Julius Enarusai's avatar
   
Julius Enarusai committed
673
674
675
676
			SLAP_MALLOC( (i + 1) * sizeof(struct berval) );
		if( nsa->sa_any == NULL ) {
				goto err;
		}
677

678
		for( i=0; sa->sa_any[i].bv_val != NULL; i++ ) {
679
			UTF8bvnormalize( &sa->sa_any[i], &nsa->sa_any[i], 
680
				casefold );
681
			if( nsa->sa_any[i].bv_val == NULL ) {
682
683
684
				goto err;
			}
		}
685
		nsa->sa_any[i].bv_val = NULL;
686
687
	}

688
	if( sa->sa_final.bv_val != NULL ) {
689
		UTF8bvnormalize( &sa->sa_final, &nsa->sa_final, casefold );
690
		if( nsa->sa_final.bv_val == NULL ) {
691
692
693
694
695
696
697
			goto err;
		}
	}

	return nsa;

err:
Howard Chu's avatar
Howard Chu committed
698
	if ( nsa->sa_final.bv_val ) free( nsa->sa_final.bv_val );
699
	if ( nsa->sa_any ) ber_bvarray_free( nsa->sa_any );
Howard Chu's avatar
Howard Chu committed
700
	if ( nsa->sa_initial.bv_val ) free( nsa->sa_initial.bv_val );
701
702
703
704
	ch_free( nsa );
	return NULL;
}

705
#ifndef SLAPD_APPROX_OLDSINGLESTRING
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723

#if defined(SLAPD_APPROX_INITIALS)
#define SLAPD_APPROX_DELIMITER "._ "
#define SLAPD_APPROX_WORDLEN 2
#else
#define SLAPD_APPROX_DELIMITER " "
#define SLAPD_APPROX_WORDLEN 1
#endif

static int
approxMatch(
	int *matchp,
	slap_mask_t flags,
	Syntax *syntax,
	MatchingRule *mr,
	struct berval *value,
	void *assertedValue )
{
724
725
	struct berval *nval, *assertv;
	char *val, **values, **words, *c;
726
727
	int i, count, len, nextchunk=0, nextavail=0;

728
	/* Yes, this is necessary */
729
	nval = UTF8bvnormalize( value, NULL, LDAP_UTF8_APPROX );
730
	if( nval == NULL ) {
731
732
733
734
735
		*matchp = 1;
		return LDAP_SUCCESS;
	}

	/* Yes, this is necessary */
Kurt Zeilenga's avatar
Kurt Zeilenga committed
736
737
	assertv = UTF8bvnormalize( ((struct berval *)assertedValue),
		NULL, LDAP_UTF8_APPROX );
738
	if( assertv == NULL ) {
739
		ber_bvfree( nval );
740
741
742
		*matchp = 1;
		return LDAP_SUCCESS;
	}
743
744

	/* Isolate how many words there are */
745
	for ( c = nval->bv_val, count = 1; *c; c++ ) {
746
747
748
749
750
751
752
753
754
		c = strpbrk( c, SLAPD_APPROX_DELIMITER );
		if ( c == NULL ) break;
		*c = '\0';
		count++;
	}

	/* Get a phonetic copy of each word */
	words = (char **)ch_malloc( count * sizeof(char *) );
	values = (char **)ch_malloc( count * sizeof(char *) );
755
	for ( c = nval->bv_val, i = 0;  i < count; i++, c += strlen(c) + 1 ) {
756
757
758
759
		words[i] = c;
		values[i] = phonetic(c);
	}

760
	/* Work through the asserted value's words, to see if at least some
761
762
	   of the words are there, in the same order. */
	len = 0;
763
764
	while ( (ber_len_t) nextchunk < assertv->bv_len ) {
		len = strcspn( assertv->bv_val + nextchunk, SLAPD_APPROX_DELIMITER);
765
766
767
768
		if( len == 0 ) {
			nextchunk++;
			continue;
		}
769
#if defined(SLAPD_APPROX_INITIALS)
770
		else if( len == 1 ) {
771
772
			/* Single letter words need to at least match one word's initial */
			for( i=nextavail; i<count; i++ )
773
				if( !strncasecmp( assertv->bv_val + nextchunk, words[i], 1 )) {
774
					nextavail=i+1;
775
					break;
776
				}
777
778
		}
#endif
779
		else {
780
			/* Isolate the next word in the asserted value and phonetic it */
781
782
			assertv->bv_val[nextchunk+len] = '\0';
			val = phonetic( assertv->bv_val + nextchunk );
783
784
785
786
787
788
789
790

			/* See if this phonetic chunk is in the remaining words of *value */
			for( i=nextavail; i<count; i++ ){
				if( !strcmp( val, values[i] ) ){
					nextavail = i+1;
					break;
				}
			}
791
			ch_free( val );
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
		}

		/* This chunk in the asserted value was NOT within the *value. */
		if( i >= count ) {
			nextavail=-1;
			break;
		}

		/* Go on to the next word in the asserted value */
		nextchunk += len+1;
	}

	/* If some of the words were seen, call it a match */
	if( nextavail > 0 ) {
		*matchp = 0;
	}
	else {
		*matchp = 1;
	}

	/* Cleanup allocs */
813
	ber_bvfree( assertv );
814
815
816
817
818
	for( i=0; i<count; i++ ) {
		ch_free( values[i] );
	}
	ch_free( values );
	ch_free( words );
819
	ber_bvfree( nval );
820
821
822
823

	return LDAP_SUCCESS;
}

824
static int 
825
826
827
828
829
830
approxIndexer(
	slap_mask_t use,
	slap_mask_t flags,
	Syntax *syntax,
	MatchingRule *mr,
	struct berval *prefix,
831
832
	BerVarray values,
	BerVarray *keysp )
833
{
834
	char *c;
835
	int i,j, len, wordcount, keycount=0;
836
	struct berval *newkeys;
837
	BerVarray keys=NULL;
838

839
	for( j=0; values[j].bv_val != NULL; j++ ) {
840
		struct berval val = { 0, NULL };
841
		/* Yes, this is necessary */
842
843
		UTF8bvnormalize( &values[j], &val, LDAP_UTF8_APPROX );
		assert( val.bv_val != NULL );
844

845
		/* Isolate how many words there are. There will be a key for each */
846
		for( wordcount = 0, c = val.bv_val; *c; c++) {
847
848
849
850
851
852
853
854
			len = strcspn(c, SLAPD_APPROX_DELIMITER);
			if( len >= SLAPD_APPROX_WORDLEN ) wordcount++;
			c+= len;
			if (*c == '\0') break;
			*c = '\0';
		}

		/* Allocate/increase storage to account for new keys */
855
856
		newkeys = (struct berval *)ch_malloc( (keycount + wordcount + 1) 
			* sizeof(struct berval) );
Kurt Zeilenga's avatar
Kurt Zeilenga committed
857
		AC_MEMCPY( newkeys, keys, keycount * sizeof(struct berval) );
858
859
860
861
		if( keys ) ch_free( keys );
		keys = newkeys;

		/* Get a phonetic copy of each word */
862
		for( c = val.bv_val, i = 0; i < wordcount; c += len + 1 ) {
863
864
			len = strlen( c );
			if( len < SLAPD_APPROX_WORDLEN ) continue;
865
			ber_str2bv( phonetic( c ), 0, 0, &keys[keycount] );
866
867
868
869
			keycount++;
			i++;
		}

870
		ber_memfree( val.bv_val );
871
	}
872
	keys[keycount].bv_val = NULL;
873
874
875
876
877
	*keysp = keys;

	return LDAP_SUCCESS;
}

878
static int 
879
880
881
882
883
884
approxFilter(
	slap_mask_t use,
	slap_mask_t flags,
	Syntax *syntax,
	MatchingRule *mr,
	struct berval *prefix,
885
	void * assertedValue,
886
	BerVarray *keysp )
887
{
888
	char *c;
889
	int i, count, len;
890
	struct berval *val;
891
	BerVarray keys;
892

893
	/* Yes, this is necessary */
894
	val = UTF8bvnormalize( ((struct berval *)assertedValue),
Kurt Zeilenga's avatar
Kurt Zeilenga committed
895
		NULL, LDAP_UTF8_APPROX );
896
	if( val == NULL || val->bv_val == NULL ) {
897
898
		keys = (struct berval *)ch_malloc( sizeof(struct berval) );
		keys[0].bv_val = NULL;
899
		*keysp = keys;
900
		ber_bvfree( val );
901
902
903
		return LDAP_SUCCESS;
	}

904
	/* Isolate how many words there are. There will be a key for each */
905
	for( count = 0,c = val->bv_val; *c; c++) {
906
907
908
909
910
911
912
913
		len = strcspn(c, SLAPD_APPROX_DELIMITER);
		if( len >= SLAPD_APPROX_WORDLEN ) count++;
		c+= len;
		if (*c == '\0') break;
		*c = '\0';
	}

	/* Allocate storage for new keys */
914
	keys = (struct berval *)ch_malloc( (count + 1) * sizeof(struct berval) );
915
916

	/* Get a phonetic copy of each word */
917
	for( c = val->bv_val, i = 0; i < count; c += len + 1 ) {
918
919
		len = strlen(c);
		if( len < SLAPD_APPROX_WORDLEN ) continue;
920
		ber_str2bv( phonetic( c ), 0, 0, &keys[i] );
921
922
923
		i++;
	}

924
	ber_bvfree( val );
925

926
	keys[count].bv_val = NULL;
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
	*keysp = keys;

	return LDAP_SUCCESS;
}


#else
/* No other form of Approximate Matching is defined */

static int
approxMatch(
	int *matchp,
	slap_mask_t flags,
	Syntax *syntax,
	MatchingRule *mr,
	struct berval *value,
	void *assertedValue )
{
	char *vapprox, *avapprox;
946
	char *s, *t;
947

948
	/* Yes, this is necessary */
949
	s = UTF8normalize( value, UTF8_NOCASEFOLD );
950
951
952
953
954
955
	if( s == NULL ) {
		*matchp = 1;
		return LDAP_SUCCESS;
	}

	/* Yes, this is necessary */
956
	t = UTF8normalize( ((struct berval *)assertedValue),
957
958
959
960
961
962
963
964
965
966
967
968
			   UTF8_NOCASEFOLD );
	if( t == NULL ) {
		free( s );
		*matchp = -1;
		return LDAP_SUCCESS;
	}

	vapprox = phonetic( strip8bitChars( s ) );
	avapprox = phonetic( strip8bitChars( t ) );

	free( s );
	free( t );
969
970
971
972
973
974
975
976
977

	*matchp = strcmp( vapprox, avapprox );

	ch_free( vapprox );
	ch_free( avapprox );

	return LDAP_SUCCESS;
}

978
static int 
979
980
981
982
983
984
approxIndexer(
	slap_mask_t use,
	slap_mask_t flags,
	Syntax *syntax,
	MatchingRule *mr,
	struct berval *prefix,
985
986
	BerVarray values,
	BerVarray *keysp )
987
988
{
	int i;
989
	BerVarray *keys;
990
	char *s;
991

992
	for( i=0; values[i].bv_val != NULL; i++ ) {
Kurt Zeilenga's avatar
Kurt Zeilenga committed
993
		/* empty - just count them */
994
	}
Kurt Zeilenga's avatar
Kurt Zeilenga committed
995
996

	/* we should have at least one value at this point */
997
998
	assert( i > 0 );

999
	keys = (struct berval *)ch_malloc( sizeof( struct berval ) * (i+1) );
1000
1001

	/* Copy each value and run it through phonetic() */
1002
	for( i=0; values[i].bv_val != NULL; i++ ) {
1003
		/* Yes, this is necessary */
1004
		s = UTF8normalize( &values[i], UTF8_NOCASEFOLD );
1005
1006

		/* strip 8-bit chars and run through phonetic() */
1007
		ber_str2bv( phonetic( strip8bitChars( s ) ), 0, 0, &keys[i] );
1008
		free( s );
1009
	}
1010
	keys[i].bv_val = NULL;
1011
1012
1013
1014
1015
1016

	*keysp = keys;
	return LDAP_SUCCESS;
}


1017
static int 
1018
1019
1020
1021
1022
1023
approxFilter(
	slap_mask_t use,
	slap_mask_t flags,
	Syntax *syntax,
	MatchingRule *mr,
	struct berval *prefix,
1024
	void * assertedValue,
1025
	BerVarray *keysp )
1026
{
1027
	BerVarray keys;
1028
	char *s;
1029

1030
	keys = (struct berval *)ch_malloc( sizeof( struct berval * ) * 2 );
1031

1032
	/* Yes, this is necessary */
1033
	s = UTF8normalize( ((struct berval *)assertedValue),
1034
1035
1036
1037
1038
1039
1040
1041
1042
			     UTF8_NOCASEFOLD );
	if( s == NULL ) {
		keys[0] = NULL;
	} else {
		/* strip 8-bit chars and run through phonetic() */
		keys[0] = ber_bvstr( phonetic( strip8bitChars( s ) ) );
		free( s );
		keys[1] = NULL;
	}
1043
1044
1045
1046
1047
1048
1049

	*keysp = keys;
	return LDAP_SUCCESS;
}
#endif


1050
static int
1051
caseExactMatch(
1052
	int *matchp,
1053
	slap_mask_t flags,
1054
1055
1056
	Syntax *syntax,
	MatchingRule *mr,
	struct berval *value,
1057
	void *assertedValue )
1058
{
1059
1060
1061
	*matchp = UTF8bvnormcmp( value,
		(struct berval *) assertedValue,
		LDAP_UTF8_NOCASEFOLD );
1062
	return LDAP_SUCCESS;
1063
1064
}

1065
static int
1066
caseExactIgnoreSubstringsMatch(
1067
	int *matchp,
1068
	slap_mask_t flags,
1069
1070
1071
1072
1073
1074
	Syntax *syntax,
	MatchingRule *mr,
	struct berval *value,
	void *assertedValue )
{
	int match = 0;
Pierangelo Masarati's avatar
Pierangelo Masarati committed
1075
	SubstringsAssertion *sub = NULL;
1076
	struct berval left = { 0, NULL };
1077
1078
	int i;
	ber_len_t inlen=0;
1079
	char *nav = NULL;
Kurt Zeilenga's avatar
Kurt Zeilenga committed
1080
	unsigned casefold;
1081

1082
	casefold = ( mr != caseExactSubstringsMatchingRule )
Kurt Zeilenga's avatar
Kurt Zeilenga committed
1083
		? LDAP_UTF8_CASEFOLD : LDAP_UTF8_NOCASEFOLD;