schema_init.c 73.9 KB
Newer Older
1
2
3
/* schema_init.c - init builtin schema */
/* $OpenLDAP$ */
/*
Kurt Zeilenga's avatar
Kurt Zeilenga committed
4
 * Copyright 1998-2003 The OpenLDAP Foundation, All Rights Reserved.
5
6
7
8
9
10
 * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
 */

#include "portable.h"

#include <stdio.h>
Kurt Zeilenga's avatar
Kurt Zeilenga committed
11
#include <limits.h>
12
13

#include <ac/ctype.h>
14
#include <ac/errno.h>
15
16
17
18
19
#include <ac/string.h>
#include <ac/socket.h>

#include "slap.h"
#include "ldap_pvt.h"
Pierangelo Masarati's avatar
Pierangelo Masarati committed
20
#include "lber_pvt.h"
21

22
23
#include "ldap_utf8.h"

24
25
26
27
28
29
#include "lutil_hash.h"
#define HASH_BYTES				LUTIL_HASH_BYTES
#define HASH_CONTEXT			lutil_HASH_CTX
#define HASH_Init(c)			lutil_HASHInit(c)
#define HASH_Update(c,buf,len)	lutil_HASHUpdate(c,buf,len)
#define HASH_Final(d,c)			lutil_HASHFinal(d,c)
30

Kurt Zeilenga's avatar
Kurt Zeilenga committed
31
32
#define SLAP_NVALUES 1

Kurt Zeilenga's avatar
Kurt Zeilenga committed
33
34
35
36
37
38
/* not yet implemented */
#define objectIdentifierNormalize NULL
#define integerOrderingMatch NULL
#define uniqueMemberMatch NULL
#define integerFirstComponentNormalize NULL
#define objectIdentifierFirstComponentNormalize NULL
39

40
/* approx matching rules */
41
42
43
44
#ifdef SLAP_NVALUES
#define directoryStringApproxMatchOID	NULL
#define IA5StringApproxMatchOID			NULL
#else
45
#define directoryStringApproxMatchOID	"1.3.6.1.4.1.4203.666.4.4"
Gary Williams's avatar
Gary Williams committed
46
47
48
#define directoryStringApproxMatch	approxMatch
#define directoryStringApproxIndexer	approxIndexer
#define directoryStringApproxFilter	approxFilter
49
#define IA5StringApproxMatchOID			"1.3.6.1.4.1.4203.666.4.5"
Gary Williams's avatar
Gary Williams committed
50
#define IA5StringApproxMatch			approxMatch
51
#define IA5StringApproxIndexer			approxIndexer
Gary Williams's avatar
Gary Williams committed
52
#define IA5StringApproxFilter			approxFilter
53
#endif
54

Kurt Zeilenga's avatar
Kurt Zeilenga committed
55
56
57
58
static int
inValidate(
	Syntax *syntax,
	struct berval *in )
59
{
Kurt Zeilenga's avatar
Kurt Zeilenga committed
60
61
62
	/* no value allowed */
	return LDAP_INVALID_SYNTAX;
}
63

Kurt Zeilenga's avatar
Kurt Zeilenga committed
64
65
66
67
68
69
70
static int
blobValidate(
	Syntax *syntax,
	struct berval *in )
{
	/* any value allowed */
	return LDAP_SUCCESS;
71
}
72

Kurt Zeilenga's avatar
cleanup    
Kurt Zeilenga committed
73
74
#define berValidate blobValidate

75
76
77
static int
octetStringMatch(
	int *matchp,
78
	slap_mask_t flags,
79
80
81
82
83
	Syntax *syntax,
	MatchingRule *mr,
	struct berval *value,
	void *assertedValue )
{
Kurt Zeilenga's avatar
cleanup    
Kurt Zeilenga committed
84
85
	struct berval *asserted = (struct berval *) assertedValue;
	int match = value->bv_len - asserted->bv_len;
86
87

	if( match == 0 ) {
Kurt Zeilenga's avatar
cleanup    
Kurt Zeilenga committed
88
		match = memcmp( value->bv_val, asserted->bv_val, value->bv_len );
89
90
91
92
93
94
	}

	*matchp = match;
	return LDAP_SUCCESS;
}

95
96
97
98
99
100
101
102
103
static int
octetStringOrderingMatch(
	int *matchp,
	slap_mask_t flags,
	Syntax *syntax,
	MatchingRule *mr,
	struct berval *value,
	void *assertedValue )
{
Kurt Zeilenga's avatar
cleanup    
Kurt Zeilenga committed
104
	struct berval *asserted = (struct berval *) assertedValue;
105
	ber_len_t v_len  = value->bv_len;
Kurt Zeilenga's avatar
cleanup    
Kurt Zeilenga committed
106
	ber_len_t av_len = asserted->bv_len;
107

Kurt Zeilenga's avatar
cleanup    
Kurt Zeilenga committed
108
	int match = memcmp( value->bv_val, asserted->bv_val,
109
		(v_len < av_len ? v_len : av_len) );
110
111
112

	if( match == 0 ) match = v_len - av_len;

113
114
115
116
	*matchp = match;
	return LDAP_SUCCESS;
}

117
/* Index generation function */
118
int octetStringIndexer(
119
120
	slap_mask_t use,
	slap_mask_t flags,
121
122
123
	Syntax *syntax,
	MatchingRule *mr,
	struct berval *prefix,
124
125
	BerVarray values,
	BerVarray *keysp )
126
127
128
{
	int i;
	size_t slen, mlen;
129
	BerVarray keys;
Kurt Zeilenga's avatar
cleanup    
Kurt Zeilenga committed
130
131
	HASH_CONTEXT HASHcontext;
	unsigned char HASHdigest[HASH_BYTES];
132
	struct berval digest;
133
134
	digest.bv_val = HASHdigest;
	digest.bv_len = sizeof(HASHdigest);
135

136
	for( i=0; values[i].bv_val != NULL; i++ ) {
137
138
139
		/* just count them */
	}

Kurt Zeilenga's avatar
Kurt Zeilenga committed
140
141
142
	/* we should have at least one value at this point */
	assert( i > 0 );

143
	keys = ch_malloc( sizeof( struct berval ) * (i+1) );
144

145
146
	slen = syntax->ssyn_oidlen;
	mlen = mr->smr_oidlen;
147

148
	for( i=0; values[i].bv_val != NULL; i++ ) {
149
		HASH_Init( &HASHcontext );
150
		if( prefix != NULL && prefix->bv_len > 0 ) {
151
			HASH_Update( &HASHcontext,
152
153
				prefix->bv_val, prefix->bv_len );
		}
154
		HASH_Update( &HASHcontext,
155
			syntax->ssyn_oid, slen );
156
		HASH_Update( &HASHcontext,
157
			mr->smr_oid, mlen );
158
		HASH_Update( &HASHcontext,
159
			values[i].bv_val, values[i].bv_len );
160
		HASH_Final( HASHdigest, &HASHcontext );
161

162
		ber_dupbv( &keys[i], &digest );
163
164
	}

165
	keys[i].bv_val = NULL;
166
	keys[i].bv_len = 0;
167
168
169
170
171
172
173

	*keysp = keys;

	return LDAP_SUCCESS;
}

/* Index generation function */
174
int octetStringFilter(
175
176
	slap_mask_t use,
	slap_mask_t flags,
177
178
179
	Syntax *syntax,
	MatchingRule *mr,
	struct berval *prefix,
180
	void * assertedValue,
181
	BerVarray *keysp )
182
183
{
	size_t slen, mlen;
184
	BerVarray keys;
Kurt Zeilenga's avatar
cleanup    
Kurt Zeilenga committed
185
186
	HASH_CONTEXT HASHcontext;
	unsigned char HASHdigest[HASH_BYTES];
187
	struct berval *value = (struct berval *) assertedValue;
188
	struct berval digest;
189
190
	digest.bv_val = HASHdigest;
	digest.bv_len = sizeof(HASHdigest);
191

192
193
	slen = syntax->ssyn_oidlen;
	mlen = mr->smr_oidlen;
194

195
	keys = ch_malloc( sizeof( struct berval ) * 2 );
196

197
	HASH_Init( &HASHcontext );
198
	if( prefix != NULL && prefix->bv_len > 0 ) {
199
		HASH_Update( &HASHcontext,
200
201
			prefix->bv_val, prefix->bv_len );
	}
202
	HASH_Update( &HASHcontext,
203
		syntax->ssyn_oid, slen );
204
	HASH_Update( &HASHcontext,
205
		mr->smr_oid, mlen );
206
	HASH_Update( &HASHcontext,
207
		value->bv_val, value->bv_len );
208
	HASH_Final( HASHdigest, &HASHcontext );
209

210
211
	ber_dupbv( keys, &digest );
	keys[1].bv_val = NULL;
212
	keys[1].bv_len = 0;
213
214
215
216
217

	*keysp = keys;

	return LDAP_SUCCESS;
}
218

219
static int
Kurt Zeilenga's avatar
cleanup    
Kurt Zeilenga committed
220
octetStringSubstringsMatch(
Kurt Zeilenga's avatar
Kurt Zeilenga committed
221
222
	int *matchp,
	slap_mask_t flags,
223
	Syntax *syntax,
Kurt Zeilenga's avatar
Kurt Zeilenga committed
224
225
226
	MatchingRule *mr,
	struct berval *value,
	void *assertedValue )
227
{
Kurt Zeilenga's avatar
Kurt Zeilenga committed
228
229
230
231
	int match = 0;
	SubstringsAssertion *sub = assertedValue;
	struct berval left = *value;
	int i;
Kurt Zeilenga's avatar
cleanup    
Kurt Zeilenga committed
232
	ber_len_t inlen = 0;
233

Kurt Zeilenga's avatar
Kurt Zeilenga committed
234
235
236
	/* Add up asserted input length */
	if( sub->sa_initial.bv_val ) {
		inlen += sub->sa_initial.bv_len;
237
	}
Kurt Zeilenga's avatar
Kurt Zeilenga committed
238
239
240
241
242
243
244
	if( sub->sa_any ) {
		for(i=0; sub->sa_any[i].bv_val != NULL; i++) {
			inlen += sub->sa_any[i].bv_len;
		}
	}
	if( sub->sa_final.bv_val ) {
		inlen += sub->sa_final.bv_len;
245
246
	}

Kurt Zeilenga's avatar
Kurt Zeilenga committed
247
248
249
250
	if( sub->sa_initial.bv_val ) {
		if( inlen > left.bv_len ) {
			match = 1;
			goto done;
251
252
		}

Kurt Zeilenga's avatar
Kurt Zeilenga committed
253
254
		match = memcmp( sub->sa_initial.bv_val, left.bv_val,
			sub->sa_initial.bv_len );
255

Kurt Zeilenga's avatar
Kurt Zeilenga committed
256
257
258
		if( match != 0 ) {
			goto done;
		}
259

Kurt Zeilenga's avatar
Kurt Zeilenga committed
260
261
262
263
		left.bv_val += sub->sa_initial.bv_len;
		left.bv_len -= sub->sa_initial.bv_len;
		inlen -= sub->sa_initial.bv_len;
	}
264

Kurt Zeilenga's avatar
Kurt Zeilenga committed
265
266
267
268
269
	if( sub->sa_final.bv_val ) {
		if( inlen > left.bv_len ) {
			match = 1;
			goto done;
		}
270

Kurt Zeilenga's avatar
Kurt Zeilenga committed
271
272
273
		match = memcmp( sub->sa_final.bv_val,
			&left.bv_val[left.bv_len - sub->sa_final.bv_len],
			sub->sa_final.bv_len );
274

Kurt Zeilenga's avatar
Kurt Zeilenga committed
275
276
		if( match != 0 ) {
			goto done;
277
278
		}

Kurt Zeilenga's avatar
Kurt Zeilenga committed
279
280
		left.bv_len -= sub->sa_final.bv_len;
		inlen -= sub->sa_final.bv_len;
281
282
	}

Kurt Zeilenga's avatar
Kurt Zeilenga committed
283
284
285
286
	if( sub->sa_any ) {
		for(i=0; sub->sa_any[i].bv_val; i++) {
			ber_len_t idx;
			char *p;
287

Kurt Zeilenga's avatar
Kurt Zeilenga committed
288
289
290
291
292
293
retry:
			if( inlen > left.bv_len ) {
				/* not enough length */
				match = 1;
				goto done;
			}
294

Kurt Zeilenga's avatar
Kurt Zeilenga committed
295
296
297
			if( sub->sa_any[i].bv_len == 0 ) {
				continue;
			}
298

Kurt Zeilenga's avatar
Kurt Zeilenga committed
299
			p = memchr( left.bv_val, *sub->sa_any[i].bv_val, left.bv_len );
300

Kurt Zeilenga's avatar
Kurt Zeilenga committed
301
302
303
			if( p == NULL ) {
				match = 1;
				goto done;
304
305
			}

Kurt Zeilenga's avatar
Kurt Zeilenga committed
306
			idx = p - left.bv_val;
307

Kurt Zeilenga's avatar
Kurt Zeilenga committed
308
309
310
311
			if( idx >= left.bv_len ) {
				/* this shouldn't happen */
				return LDAP_OTHER;
			}
312

Kurt Zeilenga's avatar
Kurt Zeilenga committed
313
314
			left.bv_val = p;
			left.bv_len -= idx;
315

Kurt Zeilenga's avatar
Kurt Zeilenga committed
316
317
318
319
320
			if( sub->sa_any[i].bv_len > left.bv_len ) {
				/* not enough left */
				match = 1;
				goto done;
			}
321

Kurt Zeilenga's avatar
Kurt Zeilenga committed
322
323
324
			match = memcmp( left.bv_val,
				sub->sa_any[i].bv_val,
				sub->sa_any[i].bv_len );
325

Kurt Zeilenga's avatar
Kurt Zeilenga committed
326
327
328
329
330
			if( match != 0 ) {
				left.bv_val++;
				left.bv_len--;
				goto retry;
			}
331

Kurt Zeilenga's avatar
Kurt Zeilenga committed
332
333
334
			left.bv_val += sub->sa_any[i].bv_len;
			left.bv_len -= sub->sa_any[i].bv_len;
			inlen -= sub->sa_any[i].bv_len;
335
336
337
		}
	}

Kurt Zeilenga's avatar
Kurt Zeilenga committed
338
339
done:
	*matchp = match;
340
341
342
	return LDAP_SUCCESS;
}

Kurt Zeilenga's avatar
Kurt Zeilenga committed
343
344
/* Substrings Index generation function */
static int
Kurt Zeilenga's avatar
cleanup    
Kurt Zeilenga committed
345
octetStringSubstringsIndexer(
Kurt Zeilenga's avatar
Kurt Zeilenga committed
346
347
348
349
350
351
352
353
354
355
356
357
	slap_mask_t use,
	slap_mask_t flags,
	Syntax *syntax,
	MatchingRule *mr,
	struct berval *prefix,
	BerVarray values,
	BerVarray *keysp )
{
	ber_len_t i, j, nkeys;
	size_t slen, mlen;
	BerVarray keys;

Kurt Zeilenga's avatar
cleanup    
Kurt Zeilenga committed
358
359
	HASH_CONTEXT HASHcontext;
	unsigned char HASHdigest[HASH_BYTES];
Kurt Zeilenga's avatar
Kurt Zeilenga committed
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
	struct berval digest;
	digest.bv_val = HASHdigest;
	digest.bv_len = sizeof(HASHdigest);

	nkeys=0;

	for( i=0; values[i].bv_val != NULL; i++ ) {
		/* count number of indices to generate */
		if( values[i].bv_len < SLAP_INDEX_SUBSTR_MINLEN ) {
			continue;
		}

		if( flags & SLAP_INDEX_SUBSTR_INITIAL ) {
			if( values[i].bv_len >= SLAP_INDEX_SUBSTR_MAXLEN ) {
				nkeys += SLAP_INDEX_SUBSTR_MAXLEN -
Kurt Zeilenga's avatar
cleanup    
Kurt Zeilenga committed
375
					(SLAP_INDEX_SUBSTR_MINLEN - 1);
Kurt Zeilenga's avatar
Kurt Zeilenga committed
376
			} else {
Kurt Zeilenga's avatar
cleanup    
Kurt Zeilenga committed
377
				nkeys += values[i].bv_len - (SLAP_INDEX_SUBSTR_MINLEN - 1);
Kurt Zeilenga's avatar
Kurt Zeilenga committed
378
379
380
381
382
			}
		}

		if( flags & SLAP_INDEX_SUBSTR_ANY ) {
			if( values[i].bv_len >= SLAP_INDEX_SUBSTR_MAXLEN ) {
Kurt Zeilenga's avatar
cleanup    
Kurt Zeilenga committed
383
				nkeys += values[i].bv_len - (SLAP_INDEX_SUBSTR_MAXLEN - 1);
Kurt Zeilenga's avatar
Kurt Zeilenga committed
384
385
386
387
388
389
390
391
			}
		}

		if( flags & SLAP_INDEX_SUBSTR_FINAL ) {
			if( values[i].bv_len >= SLAP_INDEX_SUBSTR_MAXLEN ) {
				nkeys += SLAP_INDEX_SUBSTR_MAXLEN -
					( SLAP_INDEX_SUBSTR_MINLEN - 1);
			} else {
Kurt Zeilenga's avatar
cleanup    
Kurt Zeilenga committed
392
				nkeys += values[i].bv_len - (SLAP_INDEX_SUBSTR_MINLEN - 1);
Kurt Zeilenga's avatar
Kurt Zeilenga committed
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
			}
		}
	}

	if( nkeys == 0 ) {
		/* no keys to generate */
		*keysp = NULL;
		return LDAP_SUCCESS;
	}

	keys = ch_malloc( sizeof( struct berval ) * (nkeys+1) );

	slen = syntax->ssyn_oidlen;
	mlen = mr->smr_oidlen;

	nkeys=0;
	for( i=0; values[i].bv_val != NULL; i++ ) {
		ber_len_t j,max;

		if( values[i].bv_len < SLAP_INDEX_SUBSTR_MINLEN ) continue;

		if( ( flags & SLAP_INDEX_SUBSTR_ANY ) &&
			( values[i].bv_len >= SLAP_INDEX_SUBSTR_MAXLEN ) )
		{
			char pre = SLAP_INDEX_SUBSTR_PREFIX;
Kurt Zeilenga's avatar
cleanup    
Kurt Zeilenga committed
418
			max = values[i].bv_len - (SLAP_INDEX_SUBSTR_MAXLEN - 1);
Kurt Zeilenga's avatar
Kurt Zeilenga committed
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518

			for( j=0; j<max; j++ ) {
				HASH_Init( &HASHcontext );
				if( prefix != NULL && prefix->bv_len > 0 ) {
					HASH_Update( &HASHcontext,
						prefix->bv_val, prefix->bv_len );
				}

				HASH_Update( &HASHcontext,
					&pre, sizeof( pre ) );
				HASH_Update( &HASHcontext,
					syntax->ssyn_oid, slen );
				HASH_Update( &HASHcontext,
					mr->smr_oid, mlen );
				HASH_Update( &HASHcontext,
					&values[i].bv_val[j],
					SLAP_INDEX_SUBSTR_MAXLEN );
				HASH_Final( HASHdigest, &HASHcontext );

				ber_dupbv( &keys[nkeys++], &digest );
			}
		}

		max = SLAP_INDEX_SUBSTR_MAXLEN < values[i].bv_len
			? SLAP_INDEX_SUBSTR_MAXLEN : values[i].bv_len;

		for( j=SLAP_INDEX_SUBSTR_MINLEN; j<=max; j++ ) {
			char pre;

			if( flags & SLAP_INDEX_SUBSTR_INITIAL ) {
				pre = SLAP_INDEX_SUBSTR_INITIAL_PREFIX;
				HASH_Init( &HASHcontext );
				if( prefix != NULL && prefix->bv_len > 0 ) {
					HASH_Update( &HASHcontext,
						prefix->bv_val, prefix->bv_len );
				}
				HASH_Update( &HASHcontext,
					&pre, sizeof( pre ) );
				HASH_Update( &HASHcontext,
					syntax->ssyn_oid, slen );
				HASH_Update( &HASHcontext,
					mr->smr_oid, mlen );
				HASH_Update( &HASHcontext,
					values[i].bv_val, j );
				HASH_Final( HASHdigest, &HASHcontext );

				ber_dupbv( &keys[nkeys++], &digest );
			}

			if( flags & SLAP_INDEX_SUBSTR_FINAL ) {
				pre = SLAP_INDEX_SUBSTR_FINAL_PREFIX;
				HASH_Init( &HASHcontext );
				if( prefix != NULL && prefix->bv_len > 0 ) {
					HASH_Update( &HASHcontext,
						prefix->bv_val, prefix->bv_len );
				}
				HASH_Update( &HASHcontext,
					&pre, sizeof( pre ) );
				HASH_Update( &HASHcontext,
					syntax->ssyn_oid, slen );
				HASH_Update( &HASHcontext,
					mr->smr_oid, mlen );
				HASH_Update( &HASHcontext,
					&values[i].bv_val[values[i].bv_len-j], j );
				HASH_Final( HASHdigest, &HASHcontext );

				ber_dupbv( &keys[nkeys++], &digest );
			}

		}

	}

	if( nkeys > 0 ) {
		keys[nkeys].bv_val = NULL;
		*keysp = keys;
	} else {
		ch_free( keys );
		*keysp = NULL;
	}

	return LDAP_SUCCESS;
}

static int
octetStringSubstringsFilter (
	slap_mask_t use,
	slap_mask_t flags,
	Syntax *syntax,
	MatchingRule *mr,
	struct berval *prefix,
	void * assertedValue,
	BerVarray *keysp )
{
	SubstringsAssertion *sa;
	char pre;
	unsigned casefold;
	ber_len_t nkeys = 0;
	size_t slen, mlen, klen;
	BerVarray keys;
Kurt Zeilenga's avatar
cleanup    
Kurt Zeilenga committed
519
520
	HASH_CONTEXT HASHcontext;
	unsigned char HASHdigest[HASH_BYTES];
Kurt Zeilenga's avatar
Kurt Zeilenga committed
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
	struct berval *value;
	struct berval digest;

	sa = (SubstringsAssertion *) assertedValue;

	if( flags & SLAP_INDEX_SUBSTR_INITIAL && sa->sa_initial.bv_val != NULL
		&& sa->sa_initial.bv_len >= SLAP_INDEX_SUBSTR_MINLEN )
	{
		nkeys++;
	}

	if( flags & SLAP_INDEX_SUBSTR_ANY && sa->sa_any != NULL ) {
		ber_len_t i;
		for( i=0; sa->sa_any[i].bv_val != NULL; i++ ) {
			if( sa->sa_any[i].bv_len >= SLAP_INDEX_SUBSTR_MAXLEN ) {
				/* don't bother accounting for stepping */
				nkeys += sa->sa_any[i].bv_len -
					( SLAP_INDEX_SUBSTR_MAXLEN - 1 );
			}
		}
	}

	if( flags & SLAP_INDEX_SUBSTR_FINAL && sa->sa_final.bv_val != NULL &&
		sa->sa_final.bv_len >= SLAP_INDEX_SUBSTR_MINLEN )
	{
		nkeys++;
	}

	if( nkeys == 0 ) {
		*keysp = NULL;
		return LDAP_SUCCESS;
	}

	digest.bv_val = HASHdigest;
	digest.bv_len = sizeof(HASHdigest);

	slen = syntax->ssyn_oidlen;
	mlen = mr->smr_oidlen;

	keys = ch_malloc( sizeof( struct berval ) * (nkeys+1) );
	nkeys = 0;

	if( flags & SLAP_INDEX_SUBSTR_INITIAL && sa->sa_initial.bv_val != NULL &&
		sa->sa_initial.bv_len >= SLAP_INDEX_SUBSTR_MINLEN )
	{
		pre = SLAP_INDEX_SUBSTR_INITIAL_PREFIX;
		value = &sa->sa_initial;

		klen = SLAP_INDEX_SUBSTR_MAXLEN < value->bv_len
			? SLAP_INDEX_SUBSTR_MAXLEN : value->bv_len;

		HASH_Init( &HASHcontext );
		if( prefix != NULL && prefix->bv_len > 0 ) {
			HASH_Update( &HASHcontext,
				prefix->bv_val, prefix->bv_len );
		}
		HASH_Update( &HASHcontext,
			&pre, sizeof( pre ) );
		HASH_Update( &HASHcontext,
			syntax->ssyn_oid, slen );
		HASH_Update( &HASHcontext,
			mr->smr_oid, mlen );
		HASH_Update( &HASHcontext,
			value->bv_val, klen );
		HASH_Final( HASHdigest, &HASHcontext );

		ber_dupbv( &keys[nkeys++], &digest );
	}

	if( flags & SLAP_INDEX_SUBSTR_ANY && sa->sa_any != NULL ) {
		ber_len_t i, j;
		pre = SLAP_INDEX_SUBSTR_PREFIX;
		klen = SLAP_INDEX_SUBSTR_MAXLEN;

		for( i=0; sa->sa_any[i].bv_val != NULL; i++ ) {
			if( sa->sa_any[i].bv_len < SLAP_INDEX_SUBSTR_MAXLEN ) {
				continue;
			}

			value = &sa->sa_any[i];

			for(j=0;
				j <= value->bv_len - SLAP_INDEX_SUBSTR_MAXLEN;
				j += SLAP_INDEX_SUBSTR_STEP )
			{
				HASH_Init( &HASHcontext );
				if( prefix != NULL && prefix->bv_len > 0 ) {
					HASH_Update( &HASHcontext,
						prefix->bv_val, prefix->bv_len );
				}
				HASH_Update( &HASHcontext,
					&pre, sizeof( pre ) );
				HASH_Update( &HASHcontext,
					syntax->ssyn_oid, slen );
				HASH_Update( &HASHcontext,
					mr->smr_oid, mlen );
				HASH_Update( &HASHcontext,
					&value->bv_val[j], klen ); 
				HASH_Final( HASHdigest, &HASHcontext );

				ber_dupbv( &keys[nkeys++], &digest );
			}
		}
	}

	if( flags & SLAP_INDEX_SUBSTR_FINAL && sa->sa_final.bv_val != NULL &&
		sa->sa_final.bv_len >= SLAP_INDEX_SUBSTR_MINLEN )
	{
		pre = SLAP_INDEX_SUBSTR_FINAL_PREFIX;
		value = &sa->sa_final;

		klen = SLAP_INDEX_SUBSTR_MAXLEN < value->bv_len
			? SLAP_INDEX_SUBSTR_MAXLEN : value->bv_len;

		HASH_Init( &HASHcontext );
		if( prefix != NULL && prefix->bv_len > 0 ) {
			HASH_Update( &HASHcontext,
				prefix->bv_val, prefix->bv_len );
		}
		HASH_Update( &HASHcontext,
			&pre, sizeof( pre ) );
		HASH_Update( &HASHcontext,
			syntax->ssyn_oid, slen );
		HASH_Update( &HASHcontext,
			mr->smr_oid, mlen );
		HASH_Update( &HASHcontext,
			&value->bv_val[value->bv_len-klen], klen );
		HASH_Final( HASHdigest, &HASHcontext );

		ber_dupbv( &keys[nkeys++], &digest );
	}

	if( nkeys > 0 ) {
		keys[nkeys].bv_val = NULL;
		*keysp = keys;
	} else {
		ch_free( keys );
		*keysp = NULL;
	}

	return LDAP_SUCCESS;
}

static int
bitStringValidate(
	Syntax *syntax,
	struct berval *in )
{
	ber_len_t i;

	/* very unforgiving validation, requires no normalization
	 * before simplistic matching
	 */
	if( in->bv_len < 3 ) {
		return LDAP_INVALID_SYNTAX;
	}

	/*
Kurt Zeilenga's avatar
cleanup    
Kurt Zeilenga committed
679
680
681
	 * RFC 2252 section 6.3 Bit String
	 *	bitstring = "'" *binary-digit "'B"
	 *	binary-digit = "0" / "1"
Kurt Zeilenga's avatar
Kurt Zeilenga committed
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
	 * example: '0101111101'B
	 */
	
	if( in->bv_val[0] != '\'' ||
		in->bv_val[in->bv_len-2] != '\'' ||
		in->bv_val[in->bv_len-1] != 'B' )
	{
		return LDAP_INVALID_SYNTAX;
	}

	for( i=in->bv_len-3; i>0; i-- ) {
		if( in->bv_val[i] != '0' && in->bv_val[i] != '1' ) {
			return LDAP_INVALID_SYNTAX;
		}
	}

	return LDAP_SUCCESS;
}

static int
nameUIDValidate(
	Syntax *syntax,
	struct berval *in )
{
	int rc;
	struct berval dn;

	if( in->bv_len == 0 ) return LDAP_SUCCESS;

	ber_dupbv( &dn, in );
	if( !dn.bv_val ) return LDAP_OTHER;

	if( dn.bv_val[dn.bv_len-1] == 'B'
		&& dn.bv_val[dn.bv_len-2] == '\'' )
	{
		/* assume presence of optional UID */
		ber_len_t i;

		for(i=dn.bv_len-3; i>1; i--) {
Kurt Zeilenga's avatar
cleanup    
Kurt Zeilenga committed
721
			if( dn.bv_val[i] != '0' && dn.bv_val[i] != '1' ) {
Kurt Zeilenga's avatar
Kurt Zeilenga committed
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
				break;
			}
		}
		if( dn.bv_val[i] != '\'' || dn.bv_val[i-1] != '#' ) {
			ber_memfree( dn.bv_val );
			return LDAP_INVALID_SYNTAX;
		}

		/* trim the UID to allow use of dnValidate */
		dn.bv_val[i-1] = '\0';
		dn.bv_len = i-1;
	}

	rc = dnValidate( NULL, &dn );

	ber_memfree( dn.bv_val );
	return rc;
}

static int
uniqueMemberNormalize(
	slap_mask_t usage,
	Syntax *syntax,
	MatchingRule *mr,
	struct berval *val,
	struct berval *normalized )
{
	struct berval out;
	int rc;

	ber_dupbv( &out, val );
	if( out.bv_len != 0 ) {
		struct berval uid = { 0, NULL };

		if( out.bv_val[out.bv_len-1] == 'B'
			&& out.bv_val[out.bv_len-2] == '\'' )
		{
			/* assume presence of optional UID */
			uid.bv_val = strrchr( out.bv_val, '#' );

			if( uid.bv_val == NULL ) {
				free( out.bv_val );
				return LDAP_INVALID_SYNTAX;
			}

			uid.bv_len = out.bv_len - (uid.bv_val - out.bv_val);
			out.bv_len -= uid.bv_len--;

			/* temporarily trim the UID */
			*(uid.bv_val++) = '\0';
		}

		rc = dnNormalize2( NULL, &out, normalized );

		if( rc != LDAP_SUCCESS ) {
			free( out.bv_val );
			return LDAP_INVALID_SYNTAX;
		}

		if( uid.bv_len ) {
			normalized->bv_val = ch_realloc( normalized->bv_val,
				normalized->bv_len + uid.bv_len + sizeof("#") );

			/* insert the separator */
			normalized->bv_val[normalized->bv_len++] = '#';

			/* append the UID */
			AC_MEMCPY( &normalized->bv_val[normalized->bv_len],
				uid.bv_val, uid.bv_len );
			normalized->bv_len += uid.bv_len;

			/* terminate */
			normalized->bv_val[normalized->bv_len] = '\0';
		}

		free( out.bv_val );
	}

	return LDAP_SUCCESS;
}

/*
 * Handling boolean syntax and matching is quite rigid.
 * A more flexible approach would be to allow a variety
 * of strings to be normalized and prettied into TRUE
 * and FALSE.
 */
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
static int
booleanValidate(
	Syntax *syntax,
	struct berval *in )
{
	/* very unforgiving validation, requires no normalization
	 * before simplistic matching
	 */

	if( in->bv_len == 4 ) {
		if( !memcmp( in->bv_val, "TRUE", 4 ) ) {
			return LDAP_SUCCESS;
		}
	} else if( in->bv_len == 5 ) {
		if( !memcmp( in->bv_val, "FALSE", 5 ) ) {
			return LDAP_SUCCESS;
		}
	}

	return LDAP_INVALID_SYNTAX;
}

static int
booleanMatch(
	int *matchp,
834
	slap_mask_t flags,
835
836
837
838
839
840
841
842
843
844
845
	Syntax *syntax,
	MatchingRule *mr,
	struct berval *value,
	void *assertedValue )
{
	/* simplistic matching allowed by rigid validation */
	struct berval *asserted = (struct berval *) assertedValue;
	*matchp = value->bv_len != asserted->bv_len;
	return LDAP_SUCCESS;
}

846
847
848
849
850
/*-------------------------------------------------------------------
LDAP/X.500 string syntax / matching rules have a few oddities.  This
comment attempts to detail how slapd(8) treats them.

Summary:
851
  StringSyntax		X.500	LDAP	Matching/Comments
852
853
  DirectoryString	CHOICE	UTF8	i/e + ignore insignificant spaces
  PrintableString	subset	subset	i/e + ignore insignificant spaces
854
  PrintableString	subset	subset	i/e + ignore insignificant spaces
Kurt Zeilenga's avatar
cleanup    
Kurt Zeilenga committed
855
  NumericString		subset	subset	ignore all spaces
856
857
858
  IA5String			ASCII	ASCII	i/e + ignore insignificant spaces
  TeletexString		T.61	T.61	i/e + ignore insignificant spaces

Kurt Zeilenga's avatar
cleanup    
Kurt Zeilenga committed
859
  TelephoneNumber	subset	subset	i + ignore all spaces and "-"
860
861
862
863
864
865
866
867
868
869

  See draft-ietf-ldapbis-strpro for details (once published).


Directory String -
  In X.500(93), a directory string can be either a PrintableString,
  a bmpString, or a UniversalString (e.g., UCS (a subset of Unicode)).
  In later versions, more CHOICEs were added.  In all cases the string
  must be non-empty.

870
  In LDAPv3, a directory string is a UTF-8 encoded UCS string.
871
  A directory string cannot be zero length.
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917

  For matching, there are both case ignore and exact rules.  Both
  also require that "insignificant" spaces be ignored.
	spaces before the first non-space are ignored;
	spaces after the last non-space are ignored;
	spaces after a space are ignored.
  Note: by these rules (and as clarified in X.520), a string of only
  spaces is to be treated as if held one space, not empty (which
  would be a syntax error).

NumericString
  In ASN.1, numeric string is just a string of digits and spaces
  and could be empty.  However, in X.500, all attribute values of
  numeric string carry a non-empty constraint.  For example:

	internationalISDNNumber ATTRIBUTE ::= {
		WITH SYNTAX InternationalISDNNumber
		EQUALITY MATCHING RULE numericStringMatch
		SUBSTRINGS MATCHING RULE numericStringSubstringsMatch
		ID id-at-internationalISDNNumber }
	InternationalISDNNumber ::=
	    NumericString (SIZE(1..ub-international-isdn-number))

  Unforunately, some assertion values are don't carry the same
  constraint (but its unclear how such an assertion could ever
  be true). In LDAP, there is one syntax (numericString) not two
  (numericString with constraint, numericString without constraint).
  This should be treated as numericString with non-empty constraint.
  Note that while someone may have no ISDN number, there are no ISDN
  numbers which are zero length.

  In matching, spaces are ignored.

PrintableString
  In ASN.1, Printable string is just a string of printable characters
  and can be empty.  In X.500, semantics much like NumericString (see
  serialNumber for a like example) excepting uses insignificant space
  handling instead of ignore all spaces.  

IA5String
  Basically same as PrintableString.  There are no examples in X.500,
  but same logic applies.  So we require them to be non-empty as
  well.

-------------------------------------------------------------------*/

918
919
920
921
922
923
924
925
926
static int
UTF8StringValidate(
	Syntax *syntax,
	struct berval *in )
{
	ber_len_t count;
	int len;
	unsigned char *u = in->bv_val;

927
928
929
930
	if( in->bv_len == 0 && syntax == slap_schema.si_syn_directoryString ) {
		/* directory strings cannot be empty */
		return LDAP_INVALID_SYNTAX;
	}
931

932
	for( count = in->bv_len; count > 0; count-=len, u+=len ) {
933
		/* get the length indicated by the first byte */
934
		len = LDAP_UTF8_CHARLEN2( u, len );
935

Kurt Zeilenga's avatar
Kurt Zeilenga committed
936
937
938
		/* very basic checks */
		switch( len ) {
			case 6:
939
				if( (u[5] & 0xC0) != 0x80 ) {
Kurt Zeilenga's avatar
Kurt Zeilenga committed
940
941
942
					return LDAP_INVALID_SYNTAX;
				}
			case 5:
943
				if( (u[4] & 0xC0) != 0x80 ) {
Kurt Zeilenga's avatar
Kurt Zeilenga committed
944
945
946
					return LDAP_INVALID_SYNTAX;
				}
			case 4:
947
				if( (u[3] & 0xC0) != 0x80 ) {
Kurt Zeilenga's avatar
Kurt Zeilenga committed
948
949
950
					return LDAP_INVALID_SYNTAX;
				}
			case 3:
951
				if( (u[2] & 0xC0 )!= 0x80 ) {
Kurt Zeilenga's avatar
Kurt Zeilenga committed
952
953
954
					return LDAP_INVALID_SYNTAX;
				}
			case 2:
955
				if( (u[1] & 0xC0) != 0x80 ) {
Kurt Zeilenga's avatar
Kurt Zeilenga committed
956
957
958
					return LDAP_INVALID_SYNTAX;
				}
			case 1:
959
				/* CHARLEN already validated it */
Kurt Zeilenga's avatar
Kurt Zeilenga committed
960
961
962
963
				break;
			default:
				return LDAP_INVALID_SYNTAX;
		}
964
965
966

		/* make sure len corresponds with the offset
			to the next character */
967
		if( LDAP_UTF8_OFFSET( u ) != len ) return LDAP_INVALID_SYNTAX;
968
969
	}

970
971
972
	if( count != 0 ) {
		return LDAP_INVALID_SYNTAX;
	}
973

974
	return LDAP_SUCCESS;
975
976
}

977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
static int
UTF8StringNormalize(
	slap_mask_t use,
	Syntax *syntax,
	MatchingRule *mr,
	struct berval *val,
	struct berval *normalized )
{
	struct berval tmp, nvalue;
	int flags;
	int i, wasspace;

	if( val->bv_val == NULL ) {
		/* assume we're dealing with a syntax (e.g., UTF8String)
		 * which allows empty strings
		 */
		normalized->bv_len = 0;
		normalized->bv_val = NULL;
		return LDAP_SUCCESS;
	}

Kurt Zeilenga's avatar
Kurt Zeilenga committed
998
	flags = (mr == slap_schema.si_mr_caseExactMatch)
999
		? LDAP_UTF8_NOCASEFOLD : LDAP_UTF8_CASEFOLD;
1000
	flags |= ( ( use & SLAP_MR_EQUALITY_APPROX ) == SLAP_MR_EQUALITY_APPROX )
For faster browsing, not all history is shown. View entire blame