schema_init.c 120 KB
Newer Older
1
2
3
/* schema_init.c - init builtin schema */
/* $OpenLDAP$ */
/*
Kurt Zeilenga's avatar
Kurt Zeilenga committed
4
 * Copyright 1998-2003 The OpenLDAP Foundation, All Rights Reserved.
5
6
7
8
9
10
 * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
 */

#include "portable.h"

#include <stdio.h>
Kurt Zeilenga's avatar
Kurt Zeilenga committed
11
#include <limits.h>
12
13

#include <ac/ctype.h>
14
#include <ac/errno.h>
15
16
17
18
19
#include <ac/string.h>
#include <ac/socket.h>

#include "slap.h"
#include "ldap_pvt.h"
Pierangelo Masarati's avatar
Pierangelo Masarati committed
20
#include "lber_pvt.h"
21

22
23
#include "ldap_utf8.h"

24
25
26
27
28
29
#include "lutil_hash.h"
#define HASH_BYTES				LUTIL_HASH_BYTES
#define HASH_CONTEXT			lutil_HASH_CTX
#define HASH_Init(c)			lutil_HASHInit(c)
#define HASH_Update(c,buf,len)	lutil_HASHUpdate(c,buf,len)
#define HASH_Final(d,c)			lutil_HASHFinal(d,c)
30

Kurt Zeilenga's avatar
Kurt Zeilenga committed
31
#ifdef SLAP_NVALUES
32
33
34
/* TO BE DELETED */
#define SLAP_MR_DN_FOLD (0)

35
36
37
#define SLAP_MR_ASSOCIATED(mr, with) \
	((mr) == (with) || (mr)->smr_associated == (with))

38
39
40
41
42
43
44
#define xUTF8StringNormalize NULL
#define xIA5StringNormalize NULL
#define xtelephoneNumberNormalize NULL
#define xgeneralizedTimeNormalize NULL
#define xintegerNormalize NULL
#define xnumericStringNormalize NULL
#define xnameUIDNormalize NULL
45
#define xdnNormalize NULL
46

47
48
49
50
51
52
53
54
55
56
/* (new) normalization routines */
#define caseExactIA5Normalize						IA5StringNormalize
#define caseIgnoreIA5Normalize						IA5StringNormalize
#define caseExactNormalize							UTF8StringNormalize
#define caseIgnoreNormalize							UTF8StringNormalize

#define integerFirstComponentNormalize				NULL
#define objectIdentifierNormalize					NULL
#define objectIdentifierFirstComponentNormalize		NULL

57
#define distinguishedNameNormalize	dnNormalize
58
59
60
61
#define distinguishedNameMatch  	dnMatch
#define distinguishedNameIndexer	octetStringIndexer
#define distinguishedNameFilter		octetStringFilter

62
63
#define integerOrderingMatch			integerMatch
#define integerFirstComponentMatch		NULL
64
#define integerIndexer				octetStringIndexer
65
#define integerFilter				octetStringFilter
66
67
68
69

#define generalizedTimeMatch			caseIgnoreIA5Match
#define generalizedTimeOrderingMatch	caseIgnoreIA5Match

70
#define uniqueMemberMatch			dnMatch /* FIXME! */
71
72
73
74
75

#define objectIdentifierMatch	octetStringMatch
#define objectIdentifierIndexer	octetStringIndexer
#define objectIdentifierFilter	octetStringFilter

76
77
#define OpenLDAPaciMatch						NULL

78
79
80
81
82
83
84
85
86
#define bitStringMatch			octetStringMatch
#define bitStringIndexer		octetStringIndexer
#define bitStringFilter			octetStringFilter

#define caseIgnoreMatch		octetStringMatch
#define caseIgnoreOrderingMatch		octetStringOrderingMatch
#define caseIgnoreIndexer	octetStringIndexer
#define caseIgnoreFilter	octetStringFilter

87
#define caseIgnoreSubstringsMatch		octetStringSubstringsMatch
88
89
#define caseIgnoreSubstringsIndexer		octetStringSubstringsIndexer
#define caseIgnoreSubstringsFilter		octetStringSubstringsFilter
90
91
92
93
94
95

#define caseExactMatch		octetStringMatch
#define caseExactOrderingMatch		octetStringOrderingMatch
#define caseExactIndexer	octetStringIndexer
#define caseExactFilter		octetStringFilter

96
#define caseExactSubstringsMatch		octetStringSubstringsMatch
97
98
#define caseExactSubstringsIndexer		octetStringSubstringsIndexer
#define caseExactSubstringsFilter		octetStringSubstringsFilter
99
100
101
102
103

#define caseExactIA5Match		octetStringMatch
#define caseExactIA5Indexer		octetStringIndexer
#define caseExactIA5Filter		octetStringFilter

104
#define caseExactIA5SubstringsMatch			octetStringSubstringsMatch
105
106
#define caseExactIA5SubstringsIndexer		octetStringSubstringsIndexer
#define caseExactIA5SubstringsFilter		octetStringSubstringsFilter
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131

#define caseIgnoreIA5Match		octetStringMatch
#define caseIgnoreIA5Indexer	octetStringIndexer
#define caseIgnoreIA5Filter		octetStringFilter

#define caseIgnoreIA5SubstringsMatch		caseExactIA5SubstringsMatch
#define caseIgnoreIA5SubstringsIndexer		caseExactIA5SubstringsIndexer
#define caseIgnoreIA5SubstringsFilter		caseExactIA5SubstringsFilter

#define numericStringMatch		octetStringMatch
#define numericStringIndexer	octetStringIndexer
#define numericStringFilter		octetStringFilter

#define numericStringSubstringsMatch		caseExactIA5SubstringsMatch
#define numericStringSubstringsIndexer		caseExactIA5SubstringsIndexer
#define numericStringSubstringsFilter		caseExactIA5SubstringsFilter

#define telephoneNumberMatch		octetStringMatch
#define telephoneNumberIndexer		octetStringIndexer
#define telephoneNumberFilter		octetStringFilter

#define telephoneNumberSubstringsMatch		caseExactIA5SubstringsMatch
#define telephoneNumberSubstringsIndexer	caseExactIA5SubstringsIndexer
#define telephoneNumberSubstringsFilter		caseExactIA5SubstringsFilter

Kurt Zeilenga's avatar
Kurt Zeilenga committed
132
133
#define booleanIndexer					octetStringIndexer
#define booleanFilter					octetStringFilter
Kurt Zeilenga's avatar
Kurt Zeilenga committed
134
135
#endif

136
/* validatation routines */
137
#define berValidate						blobValidate
138

139
/* approx matching rules */
140
141
142
143
#ifdef SLAP_NVALUES
#define directoryStringApproxMatchOID	NULL
#define IA5StringApproxMatchOID			NULL
#else
144
#define directoryStringApproxMatchOID	"1.3.6.1.4.1.4203.666.4.4"
Gary Williams's avatar
Gary Williams committed
145
146
147
#define directoryStringApproxMatch	approxMatch
#define directoryStringApproxIndexer	approxIndexer
#define directoryStringApproxFilter	approxFilter
148
#define IA5StringApproxMatchOID			"1.3.6.1.4.1.4203.666.4.5"
Gary Williams's avatar
Gary Williams committed
149
#define IA5StringApproxMatch			approxMatch
150
#define IA5StringApproxIndexer			approxIndexer
Gary Williams's avatar
Gary Williams committed
151
#define IA5StringApproxFilter			approxFilter
152
#endif
153

154
155
#ifndef SLAP_NVALUES

156
157
#define xdnNormalize dnNormalize

158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
/* (new) normalization routines */
#define caseExactNormalize							NULL
#define caseExactIA5Normalize						NULL
#define caseIgnoreNormalize							NULL
#define caseIgnoreIA5Normalize						NULL
#define distinguishedNameNormalize					NULL
#define integerNormalize							NULL
#define integerFirstComponentNormalize				NULL
#define numericStringNormalize						NULL
#define objectIdentifierNormalize					NULL
#define objectIdentifierFirstComponentNormalize		NULL
#define generalizedTimeNormalize					NULL
#define uniqueMemberNormalize						NULL
#define telephoneNumberNormalize					NULL


174
175
176
177
/* matching routines */
#define bitStringMatch					octetStringMatch
#define bitStringIndexer				octetStringIndexer
#define bitStringFilter					octetStringFilter
178

179
180
181
182
183
#define numericStringMatch				caseIgnoreIA5Match
#define numericStringIndexer			NULL
#define numericStringFilter				NULL
#define numericStringSubstringsIndexer	NULL
#define numericStringSubstringsFilter	NULL
184

185
186
187
188
#define objectIdentifierMatch			octetStringMatch
#define objectIdentifierIndexer			caseIgnoreIA5Indexer
#define objectIdentifierFilter			caseIgnoreIA5Filter

189
190
#define octetStringSubstringsMatch		NULL
#define OpenLDAPaciMatch				NULL
191

192
193
194
195
196
#define generalizedTimeMatch			caseIgnoreIA5Match
#define generalizedTimeOrderingMatch	caseIgnoreIA5Match

#define uniqueMemberMatch				dnMatch
#define numericStringSubstringsMatch    NULL
197

198
199
200
201
202
203
204
205
206
207
208
209
#define caseExactIndexer				caseExactIgnoreIndexer
#define caseExactFilter					caseExactIgnoreFilter
#define caseExactOrderingMatch			caseExactMatch
#define caseExactSubstringsMatch		caseExactIgnoreSubstringsMatch
#define caseExactSubstringsIndexer		caseExactIgnoreSubstringsIndexer
#define caseExactSubstringsFilter		caseExactIgnoreSubstringsFilter
#define caseIgnoreIndexer				caseExactIgnoreIndexer
#define caseIgnoreFilter				caseExactIgnoreFilter
#define caseIgnoreOrderingMatch			caseIgnoreMatch
#define caseIgnoreSubstringsMatch		caseExactIgnoreSubstringsMatch
#define caseIgnoreSubstringsIndexer		caseExactIgnoreSubstringsIndexer
#define caseIgnoreSubstringsFilter		caseExactIgnoreSubstringsFilter
210

211
212
213
214
215
216
217
218
219
220
221
#define integerOrderingMatch			integerMatch
#define integerFirstComponentMatch		integerMatch

#define distinguishedNameMatch			dnMatch
#define distinguishedNameIndexer		caseExactIgnoreIndexer
#define distinguishedNameFilter			caseExactIgnoreFilter

#define telephoneNumberMatch			caseIgnoreIA5Match
#define telephoneNumberSubstringsMatch	caseIgnoreIA5SubstringsMatch
#define telephoneNumberIndexer				caseIgnoreIA5Indexer
#define telephoneNumberFilter				caseIgnoreIA5Filter
222
223
#define telephoneNumberSubstringsIndexer	caseIgnoreIA5SubstringsIndexer
#define telephoneNumberSubstringsFilter		caseIgnoreIA5SubstringsFilter
Kurt Zeilenga's avatar
Kurt Zeilenga committed
224
225
226

#define booleanIndexer					octetStringIndexer
#define booleanFilter					octetStringFilter
227
#endif
228

229

230
static char *bvcasechr( struct berval *bv, unsigned char c, ber_len_t *len )
231
{
232
	ber_len_t i;
233
234
	char lower = TOLOWER( c );
	char upper = TOUPPER( c );
235
236

	if( c == 0 ) return NULL;
237
238
239
240
241
242
	
	for( i=0; i < bv->bv_len; i++ ) {
		if( upper == bv->bv_val[i] || lower == bv->bv_val[i] ) {
			*len = i;
			return &bv->bv_val[i];
		}
243
	}
244
245

	return NULL;
246
}
247

248
249
250
static int
octetStringMatch(
	int *matchp,
251
	slap_mask_t flags,
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
	Syntax *syntax,
	MatchingRule *mr,
	struct berval *value,
	void *assertedValue )
{
	int match = value->bv_len - ((struct berval *) assertedValue)->bv_len;

	if( match == 0 ) {
		match = memcmp( value->bv_val,
			((struct berval *) assertedValue)->bv_val,
			value->bv_len );
	}

	*matchp = match;
	return LDAP_SUCCESS;
}

269
270
271
272
273
274
275
276
277
278
279
static int
octetStringOrderingMatch(
	int *matchp,
	slap_mask_t flags,
	Syntax *syntax,
	MatchingRule *mr,
	struct berval *value,
	void *assertedValue )
{
	ber_len_t v_len  = value->bv_len;
	ber_len_t av_len = ((struct berval *) assertedValue)->bv_len;
280

281
282
283
	int match = memcmp( value->bv_val,
		((struct berval *) assertedValue)->bv_val,
		(v_len < av_len ? v_len : av_len) );
284
285
286

	if( match == 0 ) match = v_len - av_len;

287
288
289
290
	*matchp = match;
	return LDAP_SUCCESS;
}

291
/* Index generation function */
292
int octetStringIndexer(
293
294
	slap_mask_t use,
	slap_mask_t flags,
295
296
297
	Syntax *syntax,
	MatchingRule *mr,
	struct berval *prefix,
298
299
	BerVarray values,
	BerVarray *keysp )
300
301
302
{
	int i;
	size_t slen, mlen;
303
	BerVarray keys;
304
	HASH_CONTEXT   HASHcontext;
Gary Williams's avatar
Gary Williams committed
305
	unsigned char	HASHdigest[HASH_BYTES];
306
	struct berval digest;
307
308
	digest.bv_val = HASHdigest;
	digest.bv_len = sizeof(HASHdigest);
309

310
	for( i=0; values[i].bv_val != NULL; i++ ) {
311
312
313
		/* just count them */
	}

Kurt Zeilenga's avatar
Kurt Zeilenga committed
314
315
316
	/* we should have at least one value at this point */
	assert( i > 0 );

317
	keys = ch_malloc( sizeof( struct berval ) * (i+1) );
318

319
320
	slen = syntax->ssyn_oidlen;
	mlen = mr->smr_oidlen;
321

322
	for( i=0; values[i].bv_val != NULL; i++ ) {
323
		HASH_Init( &HASHcontext );
324
		if( prefix != NULL && prefix->bv_len > 0 ) {
325
			HASH_Update( &HASHcontext,
326
327
				prefix->bv_val, prefix->bv_len );
		}
328
		HASH_Update( &HASHcontext,
329
			syntax->ssyn_oid, slen );
330
		HASH_Update( &HASHcontext,
331
			mr->smr_oid, mlen );
332
		HASH_Update( &HASHcontext,
333
			values[i].bv_val, values[i].bv_len );
334
		HASH_Final( HASHdigest, &HASHcontext );
335

336
		ber_dupbv( &keys[i], &digest );
337
338
	}

339
	keys[i].bv_val = NULL;
340
	keys[i].bv_len = 0;
341
342
343
344
345
346
347

	*keysp = keys;

	return LDAP_SUCCESS;
}

/* Index generation function */
348
int octetStringFilter(
349
350
	slap_mask_t use,
	slap_mask_t flags,
351
352
353
	Syntax *syntax,
	MatchingRule *mr,
	struct berval *prefix,
354
	void * assertedValue,
355
	BerVarray *keysp )
356
357
{
	size_t slen, mlen;
358
	BerVarray keys;
359
	HASH_CONTEXT   HASHcontext;
Gary Williams's avatar
Gary Williams committed
360
	unsigned char	HASHdigest[HASH_BYTES];
361
	struct berval *value = (struct berval *) assertedValue;
362
	struct berval digest;
363
364
	digest.bv_val = HASHdigest;
	digest.bv_len = sizeof(HASHdigest);
365

366
367
	slen = syntax->ssyn_oidlen;
	mlen = mr->smr_oidlen;
368

369
	keys = ch_malloc( sizeof( struct berval ) * 2 );
370

371
	HASH_Init( &HASHcontext );
372
	if( prefix != NULL && prefix->bv_len > 0 ) {
373
		HASH_Update( &HASHcontext,
374
375
			prefix->bv_val, prefix->bv_len );
	}
376
	HASH_Update( &HASHcontext,
377
		syntax->ssyn_oid, slen );
378
	HASH_Update( &HASHcontext,
379
		mr->smr_oid, mlen );
380
	HASH_Update( &HASHcontext,
381
		value->bv_val, value->bv_len );
382
	HASH_Final( HASHdigest, &HASHcontext );
383

384
385
	ber_dupbv( keys, &digest );
	keys[1].bv_val = NULL;
386
	keys[1].bv_len = 0;
387
388
389
390
391

	*keysp = keys;

	return LDAP_SUCCESS;
}
392

393
394
395
396
397
static int
inValidate(
	Syntax *syntax,
	struct berval *in )
{
Kurt Zeilenga's avatar
Kurt Zeilenga committed
398
399
	/* no value allowed */
	return LDAP_INVALID_SYNTAX;
400
401
}

402
static int
403
blobValidate(
404
405
406
407
	Syntax *syntax,
	struct berval *in )
{
	/* any value allowed */
408
	return LDAP_SUCCESS;
409
410
}

411
412
413
414
415
416
417
418
419
420
421
422
423
static int
bitStringValidate(
	Syntax *syntax,
	struct berval *in )
{
	ber_len_t i;

	/* very unforgiving validation, requires no normalization
	 * before simplistic matching
	 */
	if( in->bv_len < 3 ) {
		return LDAP_INVALID_SYNTAX;
	}
424

425
426
427
428
429
430
431
432
433
434
	/*
	 * rfc 2252 section 6.3 Bit String
	 * bitstring = "'" *binary-digit "'"
	 * binary-digit = "0" / "1"
	 * example: '0101111101'B
	 */
	
	if( in->bv_val[0] != '\'' ||
		in->bv_val[in->bv_len-2] != '\'' ||
		in->bv_val[in->bv_len-1] != 'B' )
435
436
437
438
	{
		return LDAP_INVALID_SYNTAX;
	}

439
	for( i=in->bv_len-3; i>0; i-- ) {
440
441
442
443
444
445
446
447
		if( in->bv_val[i] != '0' && in->bv_val[i] != '1' ) {
			return LDAP_INVALID_SYNTAX;
		}
	}

	return LDAP_SUCCESS;
}

448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
static int
nameUIDValidate(
	Syntax *syntax,
	struct berval *in )
{
	int rc;
	struct berval dn;

	if( in->bv_len == 0 ) return LDAP_SUCCESS;

	ber_dupbv( &dn, in );
	if( !dn.bv_val ) return LDAP_OTHER;

	if( dn.bv_val[dn.bv_len-1] == 'B'
		&& dn.bv_val[dn.bv_len-2] == '\'' )
	{
		/* assume presence of optional UID */
		ber_len_t i;

		for(i=dn.bv_len-3; i>1; i--) {
			if( dn.bv_val[i] != '0' &&	dn.bv_val[i] != '1' ) {
				break;
			}
		}
		if( dn.bv_val[i] != '\'' || dn.bv_val[i-1] != '#' ) {
			ber_memfree( dn.bv_val );
			return LDAP_INVALID_SYNTAX;
		}

		/* trim the UID to allow use of dnValidate */
		dn.bv_val[i-1] = '\0';
		dn.bv_len = i-1;
	}

	rc = dnValidate( NULL, &dn );

	ber_memfree( dn.bv_val );
	return rc;
}

488
489
490
491
492
493
494
495
496
#ifdef SLAP_NVALUES
static int
uniqueMemberNormalize(
	slap_mask_t usage,
	Syntax *syntax,
	MatchingRule *mr,
	struct berval *val,
	struct berval *normalized )
#else
497
static int
498
xnameUIDNormalize(
499
500
501
	Syntax *syntax,
	struct berval *val,
	struct berval *normalized )
502
#endif
503
504
505
506
507
508
{
	struct berval out;
	int rc;

	ber_dupbv( &out, val );
	if( out.bv_len != 0 ) {
509
		struct berval uid = { 0, NULL };
510
511
512
513
514

		if( out.bv_val[out.bv_len-1] == 'B'
			&& out.bv_val[out.bv_len-2] == '\'' )
		{
			/* assume presence of optional UID */
515
			uid.bv_val = strrchr( out.bv_val, '#' );
516

517
			if( uid.bv_val == NULL ) {
518
519
520
521
				free( out.bv_val );
				return LDAP_INVALID_SYNTAX;
			}

522
523
			uid.bv_len = out.bv_len - (uid.bv_val - out.bv_val);
			out.bv_len -= uid.bv_len--;
524
525

			/* temporarily trim the UID */
526
			*(uid.bv_val++) = '\0';
527
528
529
530
531
532
533
534
535
		}

		rc = dnNormalize2( NULL, &out, normalized );

		if( rc != LDAP_SUCCESS ) {
			free( out.bv_val );
			return LDAP_INVALID_SYNTAX;
		}

536
		if( uid.bv_len ) {
537
			normalized->bv_val = ch_realloc( normalized->bv_val,
538
				normalized->bv_len + uid.bv_len + sizeof("#") );
539
540
541
542
543
544

			/* insert the separator */
			normalized->bv_val[normalized->bv_len++] = '#';

			/* append the UID */
			AC_MEMCPY( &normalized->bv_val[normalized->bv_len],
545
546
				uid.bv_val, uid.bv_len );
			normalized->bv_len += uid.bv_len;
547
548
549
550
551
552
553
554
555
556
557

			/* terminate */
			normalized->bv_val[normalized->bv_len] = '\0';
		}

		free( out.bv_val );
	}

	return LDAP_SUCCESS;
}

558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
/*
 * Handling boolean syntax and matching is quite rigid.
 * A more flexible approach would be to allow a variety
 * of strings to be normalized and prettied into TRUE
 * and FALSE.
 */
static int
booleanValidate(
	Syntax *syntax,
	struct berval *in )
{
	/* very unforgiving validation, requires no normalization
	 * before simplistic matching
	 */

	if( in->bv_len == 4 ) {
		if( !memcmp( in->bv_val, "TRUE", 4 ) ) {
			return LDAP_SUCCESS;
		}
	} else if( in->bv_len == 5 ) {
		if( !memcmp( in->bv_val, "FALSE", 5 ) ) {
			return LDAP_SUCCESS;
		}
	}

	return LDAP_INVALID_SYNTAX;
}

static int
booleanMatch(
	int *matchp,
589
	slap_mask_t flags,
590
591
592
593
594
595
596
597
598
599
600
	Syntax *syntax,
	MatchingRule *mr,
	struct berval *value,
	void *assertedValue )
{
	/* simplistic matching allowed by rigid validation */
	struct berval *asserted = (struct berval *) assertedValue;
	*matchp = value->bv_len != asserted->bv_len;
	return LDAP_SUCCESS;
}

601
602
603
604
605
/*-------------------------------------------------------------------
LDAP/X.500 string syntax / matching rules have a few oddities.  This
comment attempts to detail how slapd(8) treats them.

Summary:
606
  StringSyntax		X.500	LDAP	Matching/Comments
607
608
  DirectoryString	CHOICE	UTF8	i/e + ignore insignificant spaces
  PrintableString	subset	subset	i/e + ignore insignificant spaces
609
  PrintableString	subset	subset	i/e + ignore insignificant spaces
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
  NumericString		subset	subset  ignore all spaces
  IA5String			ASCII	ASCII	i/e + ignore insignificant spaces
  TeletexString		T.61	T.61	i/e + ignore insignificant spaces

  TelephoneNumber subset  subset  i + ignore all spaces and "-"

  See draft-ietf-ldapbis-strpro for details (once published).


Directory String -
  In X.500(93), a directory string can be either a PrintableString,
  a bmpString, or a UniversalString (e.g., UCS (a subset of Unicode)).
  In later versions, more CHOICEs were added.  In all cases the string
  must be non-empty.

625
  In LDAPv3, a directory string is a UTF-8 encoded UCS string.
626
  A directory string cannot be zero length.
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672

  For matching, there are both case ignore and exact rules.  Both
  also require that "insignificant" spaces be ignored.
	spaces before the first non-space are ignored;
	spaces after the last non-space are ignored;
	spaces after a space are ignored.
  Note: by these rules (and as clarified in X.520), a string of only
  spaces is to be treated as if held one space, not empty (which
  would be a syntax error).

NumericString
  In ASN.1, numeric string is just a string of digits and spaces
  and could be empty.  However, in X.500, all attribute values of
  numeric string carry a non-empty constraint.  For example:

	internationalISDNNumber ATTRIBUTE ::= {
		WITH SYNTAX InternationalISDNNumber
		EQUALITY MATCHING RULE numericStringMatch
		SUBSTRINGS MATCHING RULE numericStringSubstringsMatch
		ID id-at-internationalISDNNumber }
	InternationalISDNNumber ::=
	    NumericString (SIZE(1..ub-international-isdn-number))

  Unforunately, some assertion values are don't carry the same
  constraint (but its unclear how such an assertion could ever
  be true). In LDAP, there is one syntax (numericString) not two
  (numericString with constraint, numericString without constraint).
  This should be treated as numericString with non-empty constraint.
  Note that while someone may have no ISDN number, there are no ISDN
  numbers which are zero length.

  In matching, spaces are ignored.

PrintableString
  In ASN.1, Printable string is just a string of printable characters
  and can be empty.  In X.500, semantics much like NumericString (see
  serialNumber for a like example) excepting uses insignificant space
  handling instead of ignore all spaces.  

IA5String
  Basically same as PrintableString.  There are no examples in X.500,
  but same logic applies.  So we require them to be non-empty as
  well.

-------------------------------------------------------------------*/

673
674
675
676
677
678
679
680
681
static int
UTF8StringValidate(
	Syntax *syntax,
	struct berval *in )
{
	ber_len_t count;
	int len;
	unsigned char *u = in->bv_val;

682
683
684
685
	if( in->bv_len == 0 && syntax == slap_schema.si_syn_directoryString ) {
		/* directory strings cannot be empty */
		return LDAP_INVALID_SYNTAX;
	}
686

687
	for( count = in->bv_len; count > 0; count-=len, u+=len ) {
688
		/* get the length indicated by the first byte */
689
		len = LDAP_UTF8_CHARLEN2( u, len );
690

Kurt Zeilenga's avatar
Kurt Zeilenga committed
691
692
693
		/* very basic checks */
		switch( len ) {
			case 6:
694
				if( (u[5] & 0xC0) != 0x80 ) {
Kurt Zeilenga's avatar
Kurt Zeilenga committed
695
696
697
					return LDAP_INVALID_SYNTAX;
				}
			case 5:
698
				if( (u[4] & 0xC0) != 0x80 ) {
Kurt Zeilenga's avatar
Kurt Zeilenga committed
699
700
701
					return LDAP_INVALID_SYNTAX;
				}
			case 4:
702
				if( (u[3] & 0xC0) != 0x80 ) {
Kurt Zeilenga's avatar
Kurt Zeilenga committed
703
704
705
					return LDAP_INVALID_SYNTAX;
				}
			case 3:
706
				if( (u[2] & 0xC0 )!= 0x80 ) {
Kurt Zeilenga's avatar
Kurt Zeilenga committed
707
708
709
					return LDAP_INVALID_SYNTAX;
				}
			case 2:
710
				if( (u[1] & 0xC0) != 0x80 ) {
Kurt Zeilenga's avatar
Kurt Zeilenga committed
711
712
713
					return LDAP_INVALID_SYNTAX;
				}
			case 1:
714
				/* CHARLEN already validated it */
Kurt Zeilenga's avatar
Kurt Zeilenga committed
715
716
717
718
				break;
			default:
				return LDAP_INVALID_SYNTAX;
		}
719
720
721

		/* make sure len corresponds with the offset
			to the next character */
722
		if( LDAP_UTF8_OFFSET( u ) != len ) return LDAP_INVALID_SYNTAX;
723
724
	}

725
726
727
	if( count != 0 ) {
		return LDAP_INVALID_SYNTAX;
	}
728

729
	return LDAP_SUCCESS;
730
731
}

732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
#ifdef SLAP_NVALUES
static int
UTF8StringNormalize(
	slap_mask_t use,
	Syntax *syntax,
	MatchingRule *mr,
	struct berval *val,
	struct berval *normalized )
{
	struct berval tmp, nvalue;
	int flags;
	int i, wasspace;

	if( val->bv_val == NULL ) {
		/* assume we're dealing with a syntax (e.g., UTF8String)
		 * which allows empty strings
		 */
		normalized->bv_len = 0;
		normalized->bv_val = NULL;
		return LDAP_SUCCESS;
	}

	flags = SLAP_MR_ASSOCIATED(mr, slap_schema.si_mr_caseExactMatch )
755
		? LDAP_UTF8_NOCASEFOLD : LDAP_UTF8_CASEFOLD;
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
	flags |= ( use & SLAP_MR_EQUALITY_APPROX == SLAP_MR_EQUALITY_APPROX )
		? LDAP_UTF8_APPROX : 0;

	val = UTF8bvnormalize( val, &tmp, flags );
	if( val == NULL ) {
		return LDAP_OTHER;
	}
	
	/* collapse spaces (in place) */
	nvalue.bv_len = 0;
	nvalue.bv_val = tmp.bv_val;

	wasspace=1; /* trim leading spaces */
	for( i=0; i<tmp.bv_len; i++) {
		if ( ASCII_SPACE( tmp.bv_val[i] )) {
			if( wasspace++ == 0 ) {
				/* trim repeated spaces */
				nvalue.bv_val[nvalue.bv_len++] = tmp.bv_val[i];
			}
		} else {
			wasspace = 0;
			nvalue.bv_val[nvalue.bv_len++] = tmp.bv_val[i];
		}
	}

	if( nvalue.bv_len ) {
		if( wasspace ) {
			/* last character was a space, trim it */
			--nvalue.bv_len;
		}
		nvalue.bv_val[nvalue.bv_len] = '\0';

	} else {
		/* string of all spaces is treated as one space */
		nvalue.bv_val[0] = ' ';
		nvalue.bv_val[1] = '\0';
		nvalue.bv_len = 1;
	}

795
	*normalized = nvalue;
796
797
798
	return LDAP_SUCCESS;
}
#else
799

800
static int
801
xUTF8StringNormalize(
802
803
	Syntax *syntax,
	struct berval *val,
804
	struct berval *normalized )
805
{
806
	char *p, *q, *s, *e;
807
	int len = 0;
808

Kurt Zeilenga's avatar
Kurt Zeilenga committed
809
810
811
	/* validator should have refused an empty string */
	assert( val->bv_len );

812
	p = val->bv_val;
813

814
	/* Ignore initial whitespace */
815
	/* All space is ASCII. All ASCII is 1 byte */
816
	for ( ; p < val->bv_val + val->bv_len && ASCII_SPACE( p[ 0 ] ); p++ );
817

818
	normalized->bv_len = val->bv_len - (p - val->bv_val);
Kurt Zeilenga's avatar
Kurt Zeilenga committed
819
820
821
822
823
824

	if( !normalized->bv_len ) {
		ber_mem2bv( " ", 1, 1, normalized );
		return LDAP_SUCCESS;
	}

825
826
	ber_mem2bv( p, normalized->bv_len, 1, normalized );
	e = normalized->bv_val + normalized->bv_len;
827
828
829
830

	assert( normalized->bv_val );

	p = q = normalized->bv_val;
831
	s = NULL;
832

833
	while ( p < e ) {
834
835
836
837
838
		q += len;
		if ( ASCII_SPACE( *p ) ) {
			s = q - len;
			len = 1;
			*q = *p++;
839

840
			/* Ignore the extra whitespace */
841
842
			while ( ASCII_SPACE( *p ) ) {
				p++;
843
			}
Kurt Zeilenga's avatar
Kurt Zeilenga committed
844
		} else {
845
846
847
			len = LDAP_UTF8_COPY(q,p);
			s=NULL;
			p+=len;
Kurt Zeilenga's avatar
Kurt Zeilenga committed
848
		}
849
850
	}

851
	assert( normalized->bv_val <= p );
852
	assert( q+len <= p );
853

854
	/* cannot start with a space */
855
	assert( !ASCII_SPACE( normalized->bv_val[0] ) );
856
857
858
859
860
861
862
863

	/*
	 * If the string ended in space, backup the pointer one
	 * position.  One is enough because the above loop collapsed
	 * all whitespace to a single space.
	 */

	if ( s != NULL ) {
Howard Chu's avatar
Howard Chu committed
864
		len = q - s;
865
		q = s;
Kurt Zeilenga's avatar
Kurt Zeilenga committed
866
	}
867

868
	/* cannot end with a space */
869
870
871
	assert( !ASCII_SPACE( *q ) );

	q += len;
872
873
874
875

	/* null terminate */
	*q = '\0';

876
	normalized->bv_len = q - normalized->bv_val;
877

878
	return LDAP_SUCCESS;
879
880
}

881
/* Returns Unicode canonically normalized copy of a substring assertion
882
 * Skipping attribute description */
883
static SubstringsAssertion *
884
UTF8SubstringsAssertionNormalize(
885
	SubstringsAssertion *sa,
Kurt Zeilenga's avatar
Kurt Zeilenga committed
886
	unsigned casefold )
887
888
889
890
{
	SubstringsAssertion *nsa;
	int i;

Julius Enarusai's avatar
   
Julius Enarusai committed
891
	nsa = (SubstringsAssertion *)SLAP_CALLOC( 1, sizeof(SubstringsAssertion) );
892
893
894
895
	if( nsa == NULL ) {
		return NULL;
	}

896
	if( sa->sa_initial.bv_val != NULL ) {
897
		UTF8bvnormalize( &sa->sa_initial, &nsa->sa_initial, casefold );
898
		if( nsa->sa_initial.bv_val == NULL ) {
899
900
901
902
903
			goto err;
		}
	}

	if( sa->sa_any != NULL ) {
904
		for( i=0; sa->sa_any[i].bv_val != NULL; i++ ) {
905
906
			/* empty */
		}
907
		nsa->sa_any = (struct berval *)
Julius Enarusai's avatar
   
Julius Enarusai committed
908
909
910
911
			SLAP_MALLOC( (i + 1) * sizeof(struct berval) );
		if( nsa->sa_any == NULL ) {
				goto err;
		}
912

913
		for( i=0; sa->sa_any[i].bv_val != NULL; i++ ) {
914
			UTF8bvnormalize( &sa->sa_any[i], &nsa->sa_any[i], 
915
				casefold );
916
			if( nsa->sa_any[i].bv_val == NULL ) {
917
918
919
				goto err;
			}
		}
920
		nsa->sa_any[i].bv_val = NULL;
921
922
	}

923
	if( sa->sa_final.bv_val != NULL ) {
924
		UTF8bvnormalize( &sa->sa_final, &nsa->sa_final, casefold );
925
		if( nsa->sa_final.bv_val == NULL ) {
926
927
928
929
930
931
932
			goto err;
		}
	}

	return nsa;

err:
Howard Chu's avatar
Howard Chu committed
933
	if ( nsa->sa_final.bv_val ) free( nsa->sa_final.bv_val );
934
	if ( nsa->sa_any ) ber_bvarray_free( nsa->sa_any );
Howard Chu's avatar
Howard Chu committed
935
	if ( nsa->sa_initial.bv_val ) free( nsa->sa_initial.bv_val );
936
937
938
939
	ch_free( nsa );
	return NULL;
}

940
#ifndef SLAPD_APPROX_OLDSINGLESTRING
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958

#if defined(SLAPD_APPROX_INITIALS)
#define SLAPD_APPROX_DELIMITER "._ "
#define SLAPD_APPROX_WORDLEN 2
#else
#define SLAPD_APPROX_DELIMITER " "
#define SLAPD_APPROX_WORDLEN 1
#endif

static int
approxMatch(
	int *matchp,
	slap_mask_t flags,
	Syntax *syntax,
	MatchingRule *mr,
	struct berval *value,
	void *assertedValue )
{
959
960
	struct berval *nval, *assertv;
	char *val, **values, **words, *c;
961
962
	int i, count, len, nextchunk=0, nextavail=0;

963
	/* Yes, this is necessary */
964
	nval = UTF8bvnormalize( value, NULL, LDAP_UTF8_APPROX );
965
	if( nval == NULL ) {
966
967
968
969
970
		*matchp = 1;
		return LDAP_SUCCESS;
	}

	/* Yes, this is necessary */
Kurt Zeilenga's avatar
Kurt Zeilenga committed
971
972
	assertv = UTF8bvnormalize( ((struct berval *)assertedValue),
		NULL, LDAP_UTF8_APPROX );
973
	if( assertv == NULL ) {
974
		ber_bvfree( nval );
975
976
977
		*matchp = 1;
		return LDAP_SUCCESS;
	}
978
979

	/* Isolate how many words there are */
980
	for ( c = nval->bv_val, count = 1; *c; c++ ) {
981
982
983
984
985
986
987
988
989
		c = strpbrk( c, SLAPD_APPROX_DELIMITER );
		if ( c == NULL ) break;
		*c = '\0';
		count++;
	}

	/* Get a phonetic copy of each word */
	words = (char **)ch_malloc( count * sizeof(char *) );
	values = (char **)ch_malloc( count * sizeof(char *) );
990
	for ( c = nval->bv_val, i = 0;  i < count; i++, c += strlen(c) + 1 ) {
991
992
993
994
		words[i] = c;
		values[i] = phonetic(c);
	}

995
	/* Work through the asserted value's words, to see if at least some
996
997
	   of the words are there, in the same order. */
	len = 0;
998
999
	while ( (ber_len_t) nextchunk < assertv->bv_len ) {
		len = strcspn( assertv->bv_val + nextchunk, SLAPD_APPROX_DELIMITER);
1000
1001
1002
1003
		if( len == 0 ) {
			nextchunk++;
			continue;
		}
1004
#if defined(SLAPD_APPROX_INITIALS)
1005
		else if( len == 1 ) {
1006
1007
			/* Single letter words need to at least match one word's initial */
			for( i=nextavail; i<count; i++ )
1008
				if( !strncasecmp( assertv->bv_val + nextchunk, words[i], 1 )) {
1009
					nextavail=i+1;
1010
					break;
1011
				}
1012
1013
		}
#endif
1014
		else {
1015
			/* Isolate the next word in the asserted value and phonetic it */
1016
1017
			assertv->bv_val[nextchunk+len] = '\0';
			val = phonetic( assertv->bv_val + nextchunk );
1018
1019
1020
1021
1022
1023
1024
1025

			/* See if this phonetic chunk is in the remaining words of *value */
			for( i=nextavail; i<count; i++ ){
				if( !strcmp( val, values[i] ) ){
					nextavail = i+1;
					break;
				}
			}
1026
			ch_free( val );
1027
1028
1029
1030
1031
1032
1033
1034
1035
1036
1037
1038
1039
1040
1041
1042
1043
1044
1045
1046
1047
		}

		/* This chunk in the asserted value was NOT within the *value. */
		if( i >= count ) {
			nextavail=-1;
			break;
		}

		/* Go on to the next word in the asserted value */
		nextchunk += len+1;
	}

	/* If some of the words were seen, call it a match */
	if( nextavail > 0 ) {
		*matchp = 0;
	}
	else {
		*matchp = 1;
	}

	/* Cleanup allocs */
1048
	ber_bvfree( assertv );
1049
1050
1051
1052
1053
	for( i=0; i<count; i++ ) {
		ch_free( values[i] );
	}
	ch_free( values );
	ch_free( words );
1054
	ber_bvfree( nval );
1055
1056
1057
1058

	return LDAP_SUCCESS;
}

1059
static int 
1060
1061
1062
1063
1064
1065
approxIndexer(
	slap_mask_t use,
	slap_mask_t flags,
	Syntax *syntax,
	MatchingRule *mr,
	struct berval *prefix,
1066
1067
	BerVarray values,
	BerVarray *keysp )
1068
{
1069
	char *c;
1070
	int i,j, len, wordcount, keycount=0;
1071
	struct berval *newkeys;
1072
	BerVarray keys=NULL;
1073

1074
	for( j=0; values[j].bv_val != NULL; j++ ) {
1075
		struct berval val = { 0, NULL };
1076
		/* Yes, this is necessary */
1077
1078
		UTF8bvnormalize( &values[j], &val, LDAP_UTF8_APPROX );
		assert( val.bv_val != NULL );
1079

1080
		/* Isolate how many words there are. There will be a key for each */
1081
		for( wordcount = 0, c = val.bv_val; *c; c++) {
1082
1083
1084
1085
1086
1087
1088
1089
			len = strcspn(c, SLAPD_APPROX_DELIMITER);
			if( len >= SLAPD_APPROX_WORDLEN ) wordcount++;
			c+= len;
			if (*c == '\0') break;
			*c = '\0';
		}

		/* Allocate/increase storage to account for new keys */
1090
1091
		newkeys = (struct berval *)ch_malloc( (keycount + wordcount + 1) 
			* sizeof(struct berval) );
Kurt Zeilenga's avatar
Kurt Zeilenga committed
1092
		AC_MEMCPY( newkeys, keys, keycount * sizeof(struct berval) );
1093
1094
1095
1096
		if( keys ) ch_free( keys );
		keys = newkeys;

		/* Get a phonetic copy of each word */
1097
		for( c = val.bv_val, i = 0; i < wordcount; c += len + 1 ) {
1098
1099
			len = strlen( c );
			if( len < SLAPD_APPROX_WORDLEN ) continue;
1100
			ber_str2bv( phonetic( c ), 0, 0, &keys[keycount] );
1101
1102
1103
1104
			keycount++;
			i++;
		}

1105
		ber_memfree( val.bv_val );
1106
	}
1107
	keys[keycount].bv_val = NULL;
1108
1109
1110
1111
1112
	*keysp = keys;

	return LDAP_SUCCESS;
}

1113
static int 
1114
1115
1116
1117
1118
1119
approxFilter(
	slap_mask_t use,
	slap_mask_t flags,
	Syntax *syntax,
	MatchingRule *mr,
	struct berval *prefix,
1120
	void * assertedValue,
1121
	BerVarray *keysp )
1122
{
1123
	char *c;
1124
	int i, count, len;
1125
	struct berval *val;
1126
	BerVarray keys;
1127

1128
	/* Yes, this is necessary */
1129
	val = UTF8bvnormalize( ((struct berval *)assertedValue),
Kurt Zeilenga's avatar
Kurt Zeilenga committed
1130
		NULL, LDAP_UTF8_APPROX );
1131
	if( val == NULL || val->bv_val == NULL ) {
1132
1133
		keys = (struct berval *)ch_malloc( sizeof(struct berval) );
		keys[0].bv_val = NULL;
1134
		*keysp = keys;
1135
		ber_bvfree( val );
1136
1137
1138
		return LDAP_SUCCESS;
	}

1139
	/* Isolate how many words there are. There will be a key for each */
1140
	for( count = 0,c = val->bv_val; *c; c++) {
1141
1142
1143
1144
1145
1146
1147
1148
		len = strcspn(c, SLAPD_APPROX_DELIMITER);
		if( len >= SLAPD_APPROX_WORDLEN ) count++;
		c+= len;
		if (*c == '\0') break;
		*c = '\0';
	}

	/* Allocate storage for new keys */