schema_init.c 118 KB
Newer Older
1
2
3
/* schema_init.c - init builtin schema */
/* $OpenLDAP$ */
/*
Kurt Zeilenga's avatar
Kurt Zeilenga committed
4
 * Copyright 1998-2003 The OpenLDAP Foundation, All Rights Reserved.
5
6
7
8
9
10
 * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
 */

#include "portable.h"

#include <stdio.h>
Kurt Zeilenga's avatar
Kurt Zeilenga committed
11
#include <limits.h>
12
13

#include <ac/ctype.h>
14
#include <ac/errno.h>
15
16
17
18
19
#include <ac/string.h>
#include <ac/socket.h>

#include "slap.h"
#include "ldap_pvt.h"
Pierangelo Masarati's avatar
Pierangelo Masarati committed
20
#include "lber_pvt.h"
21

22
23
#include "ldap_utf8.h"

24
25
26
27
28
29
#include "lutil_hash.h"
#define HASH_BYTES				LUTIL_HASH_BYTES
#define HASH_CONTEXT			lutil_HASH_CTX
#define HASH_Init(c)			lutil_HASHInit(c)
#define HASH_Update(c,buf,len)	lutil_HASHUpdate(c,buf,len)
#define HASH_Final(d,c)			lutil_HASHFinal(d,c)
30

Kurt Zeilenga's avatar
Kurt Zeilenga committed
31
#ifdef SLAP_NVALUES
32
33
34
/* TO BE DELETED */
#define SLAP_MR_DN_FOLD (0)

35
36
37
#define SLAP_MR_ASSOCIATED(mr, with) \
	((mr) == (with) || (mr)->smr_associated == (with))

38
39
40
41
42
43
44
45
#define xUTF8StringNormalize NULL
#define xIA5StringNormalize NULL
#define xtelephoneNumberNormalize NULL
#define xgeneralizedTimeNormalize NULL
#define xintegerNormalize NULL
#define xnumericStringNormalize NULL
#define xnameUIDNormalize NULL

46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
/* (new) normalization routines */
#define caseExactIA5Normalize						IA5StringNormalize
#define caseIgnoreIA5Normalize						IA5StringNormalize
#define caseExactNormalize							UTF8StringNormalize
#define caseIgnoreNormalize							UTF8StringNormalize

#define distinguishedNameNormalize					NULL
#define integerNormalize							NULL
#define integerFirstComponentNormalize				NULL
#define numericStringNormalize						NULL
#define objectIdentifierNormalize					NULL
#define objectIdentifierFirstComponentNormalize		NULL
#define generalizedTimeNormalize					NULL
#define uniqueMemberNormalize						NULL
#define bitStringNormalize							NULL
#define telephoneNumberNormalize					NULL

63
64
65
66
67
68
69
70
71
72
#define distinguishedNameMatch  	dnMatch
#define distinguishedNameIndexer	octetStringIndexer
#define distinguishedNameFilter		octetStringFilter

#define uniqueMemberMatch				dnMatch

#define objectIdentifierMatch	octetStringMatch
#define objectIdentifierIndexer	octetStringIndexer
#define objectIdentifierFilter	octetStringFilter

73
74
#define OpenLDAPaciMatch						NULL

75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
#define bitStringMatch			octetStringMatch
#define bitStringIndexer		octetStringIndexer
#define bitStringFilter			octetStringFilter

#define integerMatch NULL
#define integerOrderingMatch NULL
#define integerIndexer NULL
#define integerFilter NULL

#define generalizedTimeMatch	NULL
#define generalizedTimeOrderingMatch	NULL

#define caseIgnoreMatch		octetStringMatch
#define caseIgnoreOrderingMatch		octetStringOrderingMatch
#define caseIgnoreIndexer	octetStringIndexer
#define caseIgnoreFilter	octetStringFilter

#define caseIgnoreSubstringsMatch		NULL
#define caseIgnoreSubstringsIndexer		NULL
#define caseIgnoreSubstringsFilter		NULL

#define caseExactMatch		octetStringMatch
#define caseExactOrderingMatch		octetStringOrderingMatch
#define caseExactIndexer	octetStringIndexer
#define caseExactFilter		octetStringFilter

#define caseExactSubstringsMatch		NULL
#define caseExactSubstringsIndexer		NULL
#define caseExactSubstringsFilter		NULL

#define caseExactIA5Match		octetStringMatch
#define caseExactIA5Indexer		octetStringIndexer
#define caseExactIA5Filter		octetStringFilter

#define caseExactIA5SubstringsMatch			NULL
#define caseExactIA5SubstringsIndexer		NULL
#define caseExactIA5SubstringsFilter		NULL

#define caseIgnoreIA5Match		octetStringMatch
#define caseIgnoreIA5Indexer	octetStringIndexer
#define caseIgnoreIA5Filter		octetStringFilter

#define caseIgnoreIA5SubstringsMatch		caseExactIA5SubstringsMatch
#define caseIgnoreIA5SubstringsIndexer		caseExactIA5SubstringsIndexer
#define caseIgnoreIA5SubstringsFilter		caseExactIA5SubstringsFilter

#define numericStringMatch		octetStringMatch
#define numericStringIndexer	octetStringIndexer
#define numericStringFilter		octetStringFilter

#define numericStringSubstringsMatch		caseExactIA5SubstringsMatch
#define numericStringSubstringsIndexer		caseExactIA5SubstringsIndexer
#define numericStringSubstringsFilter		caseExactIA5SubstringsFilter

#define telephoneNumberMatch		octetStringMatch
#define telephoneNumberIndexer		octetStringIndexer
#define telephoneNumberFilter		octetStringFilter

#define telephoneNumberSubstringsMatch		caseExactIA5SubstringsMatch
#define telephoneNumberSubstringsIndexer	caseExactIA5SubstringsIndexer
#define telephoneNumberSubstringsFilter		caseExactIA5SubstringsFilter

Kurt Zeilenga's avatar
Kurt Zeilenga committed
137
138
#endif

139
/* validatation routines */
140
#define berValidate						blobValidate
141

142
/* approx matching rules */
143
144
145
146
#ifdef SLAP_NVALUES
#define directoryStringApproxMatchOID	NULL
#define IA5StringApproxMatchOID			NULL
#else
147
#define directoryStringApproxMatchOID	"1.3.6.1.4.1.4203.666.4.4"
Gary Williams's avatar
Gary Williams committed
148
149
150
#define directoryStringApproxMatch	approxMatch
#define directoryStringApproxIndexer	approxIndexer
#define directoryStringApproxFilter	approxFilter
151
#define IA5StringApproxMatchOID			"1.3.6.1.4.1.4203.666.4.5"
Gary Williams's avatar
Gary Williams committed
152
#define IA5StringApproxMatch			approxMatch
153
#define IA5StringApproxIndexer			approxIndexer
Gary Williams's avatar
Gary Williams committed
154
#define IA5StringApproxFilter			approxFilter
155
#endif
156

157
158
#ifndef SLAP_NVALUES

159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
/* (new) normalization routines */
#define caseExactNormalize							NULL
#define caseExactIA5Normalize						NULL
#define caseIgnoreNormalize							NULL
#define caseIgnoreIA5Normalize						NULL
#define distinguishedNameNormalize					NULL
#define integerNormalize							NULL
#define integerFirstComponentNormalize				NULL
#define numericStringNormalize						NULL
#define objectIdentifierNormalize					NULL
#define objectIdentifierFirstComponentNormalize		NULL
#define generalizedTimeNormalize					NULL
#define uniqueMemberNormalize						NULL
#define bitStringNormalize							NULL
#define telephoneNumberNormalize					NULL


176
177
178
179
/* matching routines */
#define bitStringMatch					octetStringMatch
#define bitStringIndexer				octetStringIndexer
#define bitStringFilter					octetStringFilter
180

181
182
183
184
185
#define numericStringMatch				caseIgnoreIA5Match
#define numericStringIndexer			NULL
#define numericStringFilter				NULL
#define numericStringSubstringsIndexer	NULL
#define numericStringSubstringsFilter	NULL
186

187
188
189
190
#define objectIdentifierMatch			octetStringMatch
#define objectIdentifierIndexer			caseIgnoreIA5Indexer
#define objectIdentifierFilter			caseIgnoreIA5Filter

191
192
#define OpenLDAPaciMatch						NULL

193
194
195
196
197
#define generalizedTimeMatch			caseIgnoreIA5Match
#define generalizedTimeOrderingMatch	caseIgnoreIA5Match

#define uniqueMemberMatch				dnMatch
#define numericStringSubstringsMatch    NULL
198

199
200
201
202
203
204
205
206
207
208
209
210
#define caseExactIndexer				caseExactIgnoreIndexer
#define caseExactFilter					caseExactIgnoreFilter
#define caseExactOrderingMatch			caseExactMatch
#define caseExactSubstringsMatch		caseExactIgnoreSubstringsMatch
#define caseExactSubstringsIndexer		caseExactIgnoreSubstringsIndexer
#define caseExactSubstringsFilter		caseExactIgnoreSubstringsFilter
#define caseIgnoreIndexer				caseExactIgnoreIndexer
#define caseIgnoreFilter				caseExactIgnoreFilter
#define caseIgnoreOrderingMatch			caseIgnoreMatch
#define caseIgnoreSubstringsMatch		caseExactIgnoreSubstringsMatch
#define caseIgnoreSubstringsIndexer		caseExactIgnoreSubstringsIndexer
#define caseIgnoreSubstringsFilter		caseExactIgnoreSubstringsFilter
211

212
213
214
215
216
217
218
219
220
221
222
#define integerOrderingMatch			integerMatch
#define integerFirstComponentMatch		integerMatch

#define distinguishedNameMatch			dnMatch
#define distinguishedNameIndexer		caseExactIgnoreIndexer
#define distinguishedNameFilter			caseExactIgnoreFilter

#define telephoneNumberMatch			caseIgnoreIA5Match
#define telephoneNumberSubstringsMatch	caseIgnoreIA5SubstringsMatch
#define telephoneNumberIndexer				caseIgnoreIA5Indexer
#define telephoneNumberFilter				caseIgnoreIA5Filter
223
224
#define telephoneNumberSubstringsIndexer	caseIgnoreIA5SubstringsIndexer
#define telephoneNumberSubstringsFilter		caseIgnoreIA5SubstringsFilter
225
#endif
226

227

228
static char *bvcasechr( struct berval *bv, unsigned char c, ber_len_t *len )
229
{
230
	ber_len_t i;
231
232
	char lower = TOLOWER( c );
	char upper = TOUPPER( c );
233
234

	if( c == 0 ) return NULL;
235
236
237
238
239
240
	
	for( i=0; i < bv->bv_len; i++ ) {
		if( upper == bv->bv_val[i] || lower == bv->bv_val[i] ) {
			*len = i;
			return &bv->bv_val[i];
		}
241
	}
242
243

	return NULL;
244
}
245

246
247
248
static int
octetStringMatch(
	int *matchp,
249
	slap_mask_t flags,
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
	Syntax *syntax,
	MatchingRule *mr,
	struct berval *value,
	void *assertedValue )
{
	int match = value->bv_len - ((struct berval *) assertedValue)->bv_len;

	if( match == 0 ) {
		match = memcmp( value->bv_val,
			((struct berval *) assertedValue)->bv_val,
			value->bv_len );
	}

	*matchp = match;
	return LDAP_SUCCESS;
}

267
268
269
270
271
272
273
274
275
276
277
static int
octetStringOrderingMatch(
	int *matchp,
	slap_mask_t flags,
	Syntax *syntax,
	MatchingRule *mr,
	struct berval *value,
	void *assertedValue )
{
	ber_len_t v_len  = value->bv_len;
	ber_len_t av_len = ((struct berval *) assertedValue)->bv_len;
278

279
280
281
	int match = memcmp( value->bv_val,
		((struct berval *) assertedValue)->bv_val,
		(v_len < av_len ? v_len : av_len) );
282
283
284

	if( match == 0 ) match = v_len - av_len;

285
286
287
288
	*matchp = match;
	return LDAP_SUCCESS;
}

289
/* Index generation function */
290
int octetStringIndexer(
291
292
	slap_mask_t use,
	slap_mask_t flags,
293
294
295
	Syntax *syntax,
	MatchingRule *mr,
	struct berval *prefix,
296
297
	BerVarray values,
	BerVarray *keysp )
298
299
300
{
	int i;
	size_t slen, mlen;
301
	BerVarray keys;
302
	HASH_CONTEXT   HASHcontext;
Gary Williams's avatar
Gary Williams committed
303
	unsigned char	HASHdigest[HASH_BYTES];
304
	struct berval digest;
305
306
	digest.bv_val = HASHdigest;
	digest.bv_len = sizeof(HASHdigest);
307

308
	for( i=0; values[i].bv_val != NULL; i++ ) {
309
310
311
		/* just count them */
	}

Kurt Zeilenga's avatar
Kurt Zeilenga committed
312
313
314
	/* we should have at least one value at this point */
	assert( i > 0 );

315
	keys = ch_malloc( sizeof( struct berval ) * (i+1) );
316

317
318
	slen = syntax->ssyn_oidlen;
	mlen = mr->smr_oidlen;
319

320
	for( i=0; values[i].bv_val != NULL; i++ ) {
321
		HASH_Init( &HASHcontext );
322
		if( prefix != NULL && prefix->bv_len > 0 ) {
323
			HASH_Update( &HASHcontext,
324
325
				prefix->bv_val, prefix->bv_len );
		}
326
		HASH_Update( &HASHcontext,
327
			syntax->ssyn_oid, slen );
328
		HASH_Update( &HASHcontext,
329
			mr->smr_oid, mlen );
330
		HASH_Update( &HASHcontext,
331
			values[i].bv_val, values[i].bv_len );
332
		HASH_Final( HASHdigest, &HASHcontext );
333

334
		ber_dupbv( &keys[i], &digest );
335
336
	}

337
	keys[i].bv_val = NULL;
338
	keys[i].bv_len = 0;
339
340
341
342
343
344
345

	*keysp = keys;

	return LDAP_SUCCESS;
}

/* Index generation function */
346
int octetStringFilter(
347
348
	slap_mask_t use,
	slap_mask_t flags,
349
350
351
	Syntax *syntax,
	MatchingRule *mr,
	struct berval *prefix,
352
	void * assertedValue,
353
	BerVarray *keysp )
354
355
{
	size_t slen, mlen;
356
	BerVarray keys;
357
	HASH_CONTEXT   HASHcontext;
Gary Williams's avatar
Gary Williams committed
358
	unsigned char	HASHdigest[HASH_BYTES];
359
	struct berval *value = (struct berval *) assertedValue;
360
	struct berval digest;
361
362
	digest.bv_val = HASHdigest;
	digest.bv_len = sizeof(HASHdigest);
363

364
365
	slen = syntax->ssyn_oidlen;
	mlen = mr->smr_oidlen;
366

367
	keys = ch_malloc( sizeof( struct berval ) * 2 );
368

369
	HASH_Init( &HASHcontext );
370
	if( prefix != NULL && prefix->bv_len > 0 ) {
371
		HASH_Update( &HASHcontext,
372
373
			prefix->bv_val, prefix->bv_len );
	}
374
	HASH_Update( &HASHcontext,
375
		syntax->ssyn_oid, slen );
376
	HASH_Update( &HASHcontext,
377
		mr->smr_oid, mlen );
378
	HASH_Update( &HASHcontext,
379
		value->bv_val, value->bv_len );
380
	HASH_Final( HASHdigest, &HASHcontext );
381

382
383
	ber_dupbv( keys, &digest );
	keys[1].bv_val = NULL;
384
	keys[1].bv_len = 0;
385
386
387
388
389

	*keysp = keys;

	return LDAP_SUCCESS;
}
390

391
392
393
394
395
static int
inValidate(
	Syntax *syntax,
	struct berval *in )
{
Kurt Zeilenga's avatar
Kurt Zeilenga committed
396
397
	/* no value allowed */
	return LDAP_INVALID_SYNTAX;
398
399
}

400
static int
401
blobValidate(
402
403
404
405
	Syntax *syntax,
	struct berval *in )
{
	/* any value allowed */
406
	return LDAP_SUCCESS;
407
408
}

409
410
411
412
413
414
415
416
417
418
419
420
421
static int
bitStringValidate(
	Syntax *syntax,
	struct berval *in )
{
	ber_len_t i;

	/* very unforgiving validation, requires no normalization
	 * before simplistic matching
	 */
	if( in->bv_len < 3 ) {
		return LDAP_INVALID_SYNTAX;
	}
422

423
424
425
426
427
428
429
430
431
432
	/*
	 * rfc 2252 section 6.3 Bit String
	 * bitstring = "'" *binary-digit "'"
	 * binary-digit = "0" / "1"
	 * example: '0101111101'B
	 */
	
	if( in->bv_val[0] != '\'' ||
		in->bv_val[in->bv_len-2] != '\'' ||
		in->bv_val[in->bv_len-1] != 'B' )
433
434
435
436
	{
		return LDAP_INVALID_SYNTAX;
	}

437
	for( i=in->bv_len-3; i>0; i-- ) {
438
439
440
441
442
443
444
445
		if( in->bv_val[i] != '0' && in->bv_val[i] != '1' ) {
			return LDAP_INVALID_SYNTAX;
		}
	}

	return LDAP_SUCCESS;
}

446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
static int
nameUIDValidate(
	Syntax *syntax,
	struct berval *in )
{
	int rc;
	struct berval dn;

	if( in->bv_len == 0 ) return LDAP_SUCCESS;

	ber_dupbv( &dn, in );
	if( !dn.bv_val ) return LDAP_OTHER;

	if( dn.bv_val[dn.bv_len-1] == 'B'
		&& dn.bv_val[dn.bv_len-2] == '\'' )
	{
		/* assume presence of optional UID */
		ber_len_t i;

		for(i=dn.bv_len-3; i>1; i--) {
			if( dn.bv_val[i] != '0' &&	dn.bv_val[i] != '1' ) {
				break;
			}
		}
		if( dn.bv_val[i] != '\'' || dn.bv_val[i-1] != '#' ) {
			ber_memfree( dn.bv_val );
			return LDAP_INVALID_SYNTAX;
		}

		/* trim the UID to allow use of dnValidate */
		dn.bv_val[i-1] = '\0';
		dn.bv_len = i-1;
	}

	rc = dnValidate( NULL, &dn );

	ber_memfree( dn.bv_val );
	return rc;
}

486
487
#ifndef SLAP_NVALUES

488
static int
489
xnameUIDNormalize(
490
491
492
493
494
495
496
497
498
	Syntax *syntax,
	struct berval *val,
	struct berval *normalized )
{
	struct berval out;
	int rc;

	ber_dupbv( &out, val );
	if( out.bv_len != 0 ) {
499
		struct berval uid = { 0, NULL };
500
501
502
503
504

		if( out.bv_val[out.bv_len-1] == 'B'
			&& out.bv_val[out.bv_len-2] == '\'' )
		{
			/* assume presence of optional UID */
505
			uid.bv_val = strrchr( out.bv_val, '#' );
506

507
			if( uid.bv_val == NULL ) {
508
509
510
511
				free( out.bv_val );
				return LDAP_INVALID_SYNTAX;
			}

512
513
			uid.bv_len = out.bv_len - (uid.bv_val - out.bv_val);
			out.bv_len -= uid.bv_len--;
514
515

			/* temporarily trim the UID */
516
			*(uid.bv_val++) = '\0';
517
518
519
520
521
522
523
524
525
		}

		rc = dnNormalize2( NULL, &out, normalized );

		if( rc != LDAP_SUCCESS ) {
			free( out.bv_val );
			return LDAP_INVALID_SYNTAX;
		}

526
		if( uid.bv_len ) {
527
			normalized->bv_val = ch_realloc( normalized->bv_val,
528
				normalized->bv_len + uid.bv_len + sizeof("#") );
529
530
531
532
533
534

			/* insert the separator */
			normalized->bv_val[normalized->bv_len++] = '#';

			/* append the UID */
			AC_MEMCPY( &normalized->bv_val[normalized->bv_len],
535
536
				uid.bv_val, uid.bv_len );
			normalized->bv_len += uid.bv_len;
537
538
539
540
541
542
543
544
545
546
547

			/* terminate */
			normalized->bv_val[normalized->bv_len] = '\0';
		}

		free( out.bv_val );
	}

	return LDAP_SUCCESS;
}

548
#endif
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
/*
 * Handling boolean syntax and matching is quite rigid.
 * A more flexible approach would be to allow a variety
 * of strings to be normalized and prettied into TRUE
 * and FALSE.
 */
static int
booleanValidate(
	Syntax *syntax,
	struct berval *in )
{
	/* very unforgiving validation, requires no normalization
	 * before simplistic matching
	 */

	if( in->bv_len == 4 ) {
		if( !memcmp( in->bv_val, "TRUE", 4 ) ) {
			return LDAP_SUCCESS;
		}
	} else if( in->bv_len == 5 ) {
		if( !memcmp( in->bv_val, "FALSE", 5 ) ) {
			return LDAP_SUCCESS;
		}
	}

	return LDAP_INVALID_SYNTAX;
}

static int
booleanMatch(
	int *matchp,
580
	slap_mask_t flags,
581
582
583
584
585
586
587
588
589
590
591
	Syntax *syntax,
	MatchingRule *mr,
	struct berval *value,
	void *assertedValue )
{
	/* simplistic matching allowed by rigid validation */
	struct berval *asserted = (struct berval *) assertedValue;
	*matchp = value->bv_len != asserted->bv_len;
	return LDAP_SUCCESS;
}

592
593
594
595
596
/*-------------------------------------------------------------------
LDAP/X.500 string syntax / matching rules have a few oddities.  This
comment attempts to detail how slapd(8) treats them.

Summary:
597
  StringSyntax		X.500	LDAP	Matching/Comments
598
599
  DirectoryString	CHOICE	UTF8	i/e + ignore insignificant spaces
  PrintableString	subset	subset	i/e + ignore insignificant spaces
600
  PrintableString	subset	subset	i/e + ignore insignificant spaces
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
  NumericString		subset	subset  ignore all spaces
  IA5String			ASCII	ASCII	i/e + ignore insignificant spaces
  TeletexString		T.61	T.61	i/e + ignore insignificant spaces

  TelephoneNumber subset  subset  i + ignore all spaces and "-"

  See draft-ietf-ldapbis-strpro for details (once published).


Directory String -
  In X.500(93), a directory string can be either a PrintableString,
  a bmpString, or a UniversalString (e.g., UCS (a subset of Unicode)).
  In later versions, more CHOICEs were added.  In all cases the string
  must be non-empty.

616
  In LDAPv3, a directory string is a UTF-8 encoded UCS string.
617
  A directory string cannot be zero length.
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663

  For matching, there are both case ignore and exact rules.  Both
  also require that "insignificant" spaces be ignored.
	spaces before the first non-space are ignored;
	spaces after the last non-space are ignored;
	spaces after a space are ignored.
  Note: by these rules (and as clarified in X.520), a string of only
  spaces is to be treated as if held one space, not empty (which
  would be a syntax error).

NumericString
  In ASN.1, numeric string is just a string of digits and spaces
  and could be empty.  However, in X.500, all attribute values of
  numeric string carry a non-empty constraint.  For example:

	internationalISDNNumber ATTRIBUTE ::= {
		WITH SYNTAX InternationalISDNNumber
		EQUALITY MATCHING RULE numericStringMatch
		SUBSTRINGS MATCHING RULE numericStringSubstringsMatch
		ID id-at-internationalISDNNumber }
	InternationalISDNNumber ::=
	    NumericString (SIZE(1..ub-international-isdn-number))

  Unforunately, some assertion values are don't carry the same
  constraint (but its unclear how such an assertion could ever
  be true). In LDAP, there is one syntax (numericString) not two
  (numericString with constraint, numericString without constraint).
  This should be treated as numericString with non-empty constraint.
  Note that while someone may have no ISDN number, there are no ISDN
  numbers which are zero length.

  In matching, spaces are ignored.

PrintableString
  In ASN.1, Printable string is just a string of printable characters
  and can be empty.  In X.500, semantics much like NumericString (see
  serialNumber for a like example) excepting uses insignificant space
  handling instead of ignore all spaces.  

IA5String
  Basically same as PrintableString.  There are no examples in X.500,
  but same logic applies.  So we require them to be non-empty as
  well.

-------------------------------------------------------------------*/

664
665
666
667
668
669
670
671
672
static int
UTF8StringValidate(
	Syntax *syntax,
	struct berval *in )
{
	ber_len_t count;
	int len;
	unsigned char *u = in->bv_val;

673
674
675
676
	if( in->bv_len == 0 && syntax == slap_schema.si_syn_directoryString ) {
		/* directory strings cannot be empty */
		return LDAP_INVALID_SYNTAX;
	}
677

678
	for( count = in->bv_len; count > 0; count-=len, u+=len ) {
679
		/* get the length indicated by the first byte */
680
		len = LDAP_UTF8_CHARLEN2( u, len );
681

Kurt Zeilenga's avatar
Kurt Zeilenga committed
682
683
684
		/* very basic checks */
		switch( len ) {
			case 6:
685
				if( (u[5] & 0xC0) != 0x80 ) {
Kurt Zeilenga's avatar
Kurt Zeilenga committed
686
687
688
					return LDAP_INVALID_SYNTAX;
				}
			case 5:
689
				if( (u[4] & 0xC0) != 0x80 ) {
Kurt Zeilenga's avatar
Kurt Zeilenga committed
690
691
692
					return LDAP_INVALID_SYNTAX;
				}
			case 4:
693
				if( (u[3] & 0xC0) != 0x80 ) {
Kurt Zeilenga's avatar
Kurt Zeilenga committed
694
695
696
					return LDAP_INVALID_SYNTAX;
				}
			case 3:
697
				if( (u[2] & 0xC0 )!= 0x80 ) {
Kurt Zeilenga's avatar
Kurt Zeilenga committed
698
699
700
					return LDAP_INVALID_SYNTAX;
				}
			case 2:
701
				if( (u[1] & 0xC0) != 0x80 ) {
Kurt Zeilenga's avatar
Kurt Zeilenga committed
702
703
704
					return LDAP_INVALID_SYNTAX;
				}
			case 1:
705
				/* CHARLEN already validated it */
Kurt Zeilenga's avatar
Kurt Zeilenga committed
706
707
708
709
				break;
			default:
				return LDAP_INVALID_SYNTAX;
		}
710
711
712

		/* make sure len corresponds with the offset
			to the next character */
713
		if( LDAP_UTF8_OFFSET( u ) != len ) return LDAP_INVALID_SYNTAX;
714
715
	}

716
717
718
	if( count != 0 ) {
		return LDAP_INVALID_SYNTAX;
	}
719

720
	return LDAP_SUCCESS;
721
722
}

723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
#ifdef SLAP_NVALUES
static int
UTF8StringNormalize(
	slap_mask_t use,
	Syntax *syntax,
	MatchingRule *mr,
	struct berval *val,
	struct berval *normalized )
{
	struct berval tmp, nvalue;
	int flags;
	int i, wasspace;

	if( val->bv_val == NULL ) {
		/* assume we're dealing with a syntax (e.g., UTF8String)
		 * which allows empty strings
		 */
		normalized->bv_len = 0;
		normalized->bv_val = NULL;
		return LDAP_SUCCESS;
	}

	flags = SLAP_MR_ASSOCIATED(mr, slap_schema.si_mr_caseExactMatch )
746
		? LDAP_UTF8_NOCASEFOLD : LDAP_UTF8_CASEFOLD;
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
	flags |= ( use & SLAP_MR_EQUALITY_APPROX == SLAP_MR_EQUALITY_APPROX )
		? LDAP_UTF8_APPROX : 0;

	val = UTF8bvnormalize( val, &tmp, flags );
	if( val == NULL ) {
		return LDAP_OTHER;
	}
	
	/* collapse spaces (in place) */
	nvalue.bv_len = 0;
	nvalue.bv_val = tmp.bv_val;

	wasspace=1; /* trim leading spaces */
	for( i=0; i<tmp.bv_len; i++) {
		if ( ASCII_SPACE( tmp.bv_val[i] )) {
			if( wasspace++ == 0 ) {
				/* trim repeated spaces */
				nvalue.bv_val[nvalue.bv_len++] = tmp.bv_val[i];
			}
		} else {
			wasspace = 0;
			nvalue.bv_val[nvalue.bv_len++] = tmp.bv_val[i];
		}
	}

	if( nvalue.bv_len ) {
		if( wasspace ) {
			/* last character was a space, trim it */
			--nvalue.bv_len;
		}
		nvalue.bv_val[nvalue.bv_len] = '\0';

	} else {
		/* string of all spaces is treated as one space */
		nvalue.bv_val[0] = ' ';
		nvalue.bv_val[1] = '\0';
		nvalue.bv_len = 1;
	}

786
	*normalized = nvalue;
787
788
789
	return LDAP_SUCCESS;
}
#else
790

791
static int
792
xUTF8StringNormalize(
793
794
	Syntax *syntax,
	struct berval *val,
795
	struct berval *normalized )
796
{
797
	char *p, *q, *s, *e;
798
	int len = 0;
799

Kurt Zeilenga's avatar
Kurt Zeilenga committed
800
801
802
	/* validator should have refused an empty string */
	assert( val->bv_len );

803
	p = val->bv_val;
804

805
	/* Ignore initial whitespace */
806
	/* All space is ASCII. All ASCII is 1 byte */
807
	for ( ; p < val->bv_val + val->bv_len && ASCII_SPACE( p[ 0 ] ); p++ );
808

809
	normalized->bv_len = val->bv_len - (p - val->bv_val);
Kurt Zeilenga's avatar
Kurt Zeilenga committed
810
811
812
813
814
815

	if( !normalized->bv_len ) {
		ber_mem2bv( " ", 1, 1, normalized );
		return LDAP_SUCCESS;
	}

816
817
	ber_mem2bv( p, normalized->bv_len, 1, normalized );
	e = normalized->bv_val + normalized->bv_len;
818
819
820
821

	assert( normalized->bv_val );

	p = q = normalized->bv_val;
822
	s = NULL;
823

824
	while ( p < e ) {
825
826
827
828
829
		q += len;
		if ( ASCII_SPACE( *p ) ) {
			s = q - len;
			len = 1;
			*q = *p++;
830

831
			/* Ignore the extra whitespace */
832
833
			while ( ASCII_SPACE( *p ) ) {
				p++;
834
			}
Kurt Zeilenga's avatar
Kurt Zeilenga committed
835
		} else {
836
837
838
			len = LDAP_UTF8_COPY(q,p);
			s=NULL;
			p+=len;
Kurt Zeilenga's avatar
Kurt Zeilenga committed
839
		}
840
841
	}

842
	assert( normalized->bv_val <= p );
843
	assert( q+len <= p );
844

845
	/* cannot start with a space */
846
	assert( !ASCII_SPACE( normalized->bv_val[0] ) );
847
848
849
850
851
852
853
854

	/*
	 * If the string ended in space, backup the pointer one
	 * position.  One is enough because the above loop collapsed
	 * all whitespace to a single space.
	 */

	if ( s != NULL ) {
Howard Chu's avatar
Howard Chu committed
855
		len = q - s;
856
		q = s;
Kurt Zeilenga's avatar
Kurt Zeilenga committed
857
	}
858

859
	/* cannot end with a space */
860
861
862
	assert( !ASCII_SPACE( *q ) );

	q += len;
863
864
865
866

	/* null terminate */
	*q = '\0';

867
	normalized->bv_len = q - normalized->bv_val;
868

869
	return LDAP_SUCCESS;
870
871
}

872
/* Returns Unicode canonically normalized copy of a substring assertion
873
 * Skipping attribute description */
874
static SubstringsAssertion *
875
UTF8SubstringsAssertionNormalize(
876
	SubstringsAssertion *sa,
Kurt Zeilenga's avatar
Kurt Zeilenga committed
877
	unsigned casefold )
878
879
880
881
{
	SubstringsAssertion *nsa;
	int i;

Julius Enarusai's avatar
   
Julius Enarusai committed
882
	nsa = (SubstringsAssertion *)SLAP_CALLOC( 1, sizeof(SubstringsAssertion) );
883
884
885
886
	if( nsa == NULL ) {
		return NULL;
	}

887
	if( sa->sa_initial.bv_val != NULL ) {
888
		UTF8bvnormalize( &sa->sa_initial, &nsa->sa_initial, casefold );
889
		if( nsa->sa_initial.bv_val == NULL ) {
890
891
892
893
894
			goto err;
		}
	}

	if( sa->sa_any != NULL ) {
895
		for( i=0; sa->sa_any[i].bv_val != NULL; i++ ) {
896
897
			/* empty */
		}
898
		nsa->sa_any = (struct berval *)
Julius Enarusai's avatar
   
Julius Enarusai committed
899
900
901
902
			SLAP_MALLOC( (i + 1) * sizeof(struct berval) );
		if( nsa->sa_any == NULL ) {
				goto err;
		}
903

904
		for( i=0; sa->sa_any[i].bv_val != NULL; i++ ) {
905
			UTF8bvnormalize( &sa->sa_any[i], &nsa->sa_any[i], 
906
				casefold );
907
			if( nsa->sa_any[i].bv_val == NULL ) {
908
909
910
				goto err;
			}
		}
911
		nsa->sa_any[i].bv_val = NULL;
912
913
	}

914
	if( sa->sa_final.bv_val != NULL ) {
915
		UTF8bvnormalize( &sa->sa_final, &nsa->sa_final, casefold );
916
		if( nsa->sa_final.bv_val == NULL ) {
917
918
919
920
921
922
923
			goto err;
		}
	}

	return nsa;

err:
Howard Chu's avatar
Howard Chu committed
924
	if ( nsa->sa_final.bv_val ) free( nsa->sa_final.bv_val );
925
	if ( nsa->sa_any ) ber_bvarray_free( nsa->sa_any );
Howard Chu's avatar
Howard Chu committed
926
	if ( nsa->sa_initial.bv_val ) free( nsa->sa_initial.bv_val );
927
928
929
930
	ch_free( nsa );
	return NULL;
}

931
#ifndef SLAPD_APPROX_OLDSINGLESTRING
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949

#if defined(SLAPD_APPROX_INITIALS)
#define SLAPD_APPROX_DELIMITER "._ "
#define SLAPD_APPROX_WORDLEN 2
#else
#define SLAPD_APPROX_DELIMITER " "
#define SLAPD_APPROX_WORDLEN 1
#endif

static int
approxMatch(
	int *matchp,
	slap_mask_t flags,
	Syntax *syntax,
	MatchingRule *mr,
	struct berval *value,
	void *assertedValue )
{
950
951
	struct berval *nval, *assertv;
	char *val, **values, **words, *c;
952
953
	int i, count, len, nextchunk=0, nextavail=0;

954
	/* Yes, this is necessary */
955
	nval = UTF8bvnormalize( value, NULL, LDAP_UTF8_APPROX );
956
	if( nval == NULL ) {
957
958
959
960
961
		*matchp = 1;
		return LDAP_SUCCESS;
	}

	/* Yes, this is necessary */
Kurt Zeilenga's avatar
Kurt Zeilenga committed
962
963
	assertv = UTF8bvnormalize( ((struct berval *)assertedValue),
		NULL, LDAP_UTF8_APPROX );
964
	if( assertv == NULL ) {
965
		ber_bvfree( nval );
966
967
968
		*matchp = 1;
		return LDAP_SUCCESS;
	}
969
970

	/* Isolate how many words there are */
971
	for ( c = nval->bv_val, count = 1; *c; c++ ) {
972
973
974
975
976
977
978
979
980
		c = strpbrk( c, SLAPD_APPROX_DELIMITER );
		if ( c == NULL ) break;
		*c = '\0';
		count++;
	}

	/* Get a phonetic copy of each word */
	words = (char **)ch_malloc( count * sizeof(char *) );
	values = (char **)ch_malloc( count * sizeof(char *) );
981
	for ( c = nval->bv_val, i = 0;  i < count; i++, c += strlen(c) + 1 ) {
982
983
984
985
		words[i] = c;
		values[i] = phonetic(c);
	}

986
	/* Work through the asserted value's words, to see if at least some
987
988
	   of the words are there, in the same order. */
	len = 0;
989
990
	while ( (ber_len_t) nextchunk < assertv->bv_len ) {
		len = strcspn( assertv->bv_val + nextchunk, SLAPD_APPROX_DELIMITER);
991
992
993
994
		if( len == 0 ) {
			nextchunk++;
			continue;
		}
995
#if defined(SLAPD_APPROX_INITIALS)
996
		else if( len == 1 ) {
997
998
			/* Single letter words need to at least match one word's initial */
			for( i=nextavail; i<count; i++ )
999
				if( !strncasecmp( assertv->bv_val + nextchunk, words[i], 1 )) {
1000
					nextavail=i+1;
1001
					break;
1002
				}
1003
1004
		}
#endif
1005
		else {
1006
			/* Isolate the next word in the asserted value and phonetic it */
1007
1008
			assertv->bv_val[nextchunk+len] = '\0';
			val = phonetic( assertv->bv_val + nextchunk );
1009
1010
1011
1012
1013
1014
1015
1016

			/* See if this phonetic chunk is in the remaining words of *value */
			for( i=nextavail; i<count; i++ ){
				if( !strcmp( val, values[i] ) ){
					nextavail = i+1;
					break;
				}
			}
1017
			ch_free( val );
1018
1019
1020
1021
1022
1023
1024
1025
1026
1027
1028
1029
1030
1031
1032
1033
1034
1035
1036
1037
1038
		}

		/* This chunk in the asserted value was NOT within the *value. */
		if( i >= count ) {
			nextavail=-1;
			break;
		}

		/* Go on to the next word in the asserted value */
		nextchunk += len+1;
	}

	/* If some of the words were seen, call it a match */
	if( nextavail > 0 ) {
		*matchp = 0;
	}
	else {
		*matchp = 1;
	}

	/* Cleanup allocs */
1039
	ber_bvfree( assertv );
1040
1041
1042
1043
1044
	for( i=0; i<count; i++ ) {
		ch_free( values[i] );
	}
	ch_free( values );
	ch_free( words );
1045
	ber_bvfree( nval );
1046
1047
1048
1049

	return LDAP_SUCCESS;
}

1050
static int 
1051
1052
1053
1054
1055
1056
approxIndexer(
	slap_mask_t use,
	slap_mask_t flags,
	Syntax *syntax,
	MatchingRule *mr,
	struct berval *prefix,
1057
1058
	BerVarray values,
	BerVarray *keysp )
1059
{
1060
	char *c;
1061
	int i,j, len, wordcount, keycount=0;
1062
	struct berval *newkeys;
1063
	BerVarray keys=NULL;
1064

1065
	for( j=0; values[j].bv_val != NULL; j++ ) {
1066
		struct berval val = { 0, NULL };
1067
		/* Yes, this is necessary */
1068
1069
		UTF8bvnormalize( &values[j], &val, LDAP_UTF8_APPROX );
		assert( val.bv_val != NULL );
1070

1071
		/* Isolate how many words there are. There will be a key for each */
1072
		for( wordcount = 0, c = val.bv_val; *c; c++) {
1073
1074
1075
1076
1077
1078
1079
1080
			len = strcspn(c, SLAPD_APPROX_DELIMITER);
			if( len >= SLAPD_APPROX_WORDLEN ) wordcount++;
			c+= len;
			if (*c == '\0') break;
			*c = '\0';
		}

		/* Allocate/increase storage to account for new keys */
1081
1082
		newkeys = (struct berval *)ch_malloc( (keycount + wordcount + 1) 
			* sizeof(struct berval) );
Kurt Zeilenga's avatar
Kurt Zeilenga committed
1083
		AC_MEMCPY( newkeys, keys, keycount * sizeof(struct berval) );
1084
1085
1086
1087
		if( keys ) ch_free( keys );
		keys = newkeys;

		/* Get a phonetic copy of each word */
1088
		for( c = val.bv_val, i = 0; i < wordcount; c += len + 1 ) {
1089
1090
			len = strlen( c );
			if( len < SLAPD_APPROX_WORDLEN ) continue;
1091
			ber_str2bv( phonetic( c ), 0, 0, &keys[keycount] );
1092
1093
1094
1095
			keycount++;
			i++;
		}

1096
		ber_memfree( val.bv_val );
1097
	}
1098
	keys[keycount].bv_val = NULL;
1099
1100
1101
1102
1103
	*keysp = keys;

	return LDAP_SUCCESS;
}

1104
static int 
1105
1106
1107
1108
1109
1110
approxFilter(
	slap_mask_t use,
	slap_mask_t flags,
	Syntax *syntax,
	MatchingRule *mr,
	struct berval *prefix,
1111
	void * assertedValue,
1112
	BerVarray *keysp )
1113
{
1114
	char *c;
1115
	int i, count, len;
1116
	struct berval *val;
1117
	BerVarray keys;
1118

1119
	/* Yes, this is necessary */
1120
	val = UTF8bvnormalize( ((struct berval *)assertedValue),
Kurt Zeilenga's avatar
Kurt Zeilenga committed
1121
		NULL, LDAP_UTF8_APPROX );
1122
	if( val == NULL || val->bv_val == NULL ) {
1123
1124
		keys = (struct berval *)ch_malloc( sizeof(struct berval) );
		keys[0].bv_val = NULL;
1125
		*keysp = keys;
1126
		ber_bvfree( val );
1127
1128
1129
		return LDAP_SUCCESS;
	}

1130
	/* Isolate how many words there are. There will be a key for each */
1131
	for( count = 0,c = val->bv_val; *c; c++) {
1132
1133
1134
1135
1136
1137
1138
1139
		len = strcspn(c, SLAPD_APPROX_DELIMITER);
		if( len >= SLAPD_APPROX_WORDLEN ) count++;
		c+= len;
		if (*c == '\0') break;
		*c = '\0';
	}

	/* Allocate storage for new keys */
1140
	keys = (struct berval *)ch_malloc( (count + 1) * sizeof(struct berval) );
1141
1142

	/* Get a phonetic copy of each word */
1143
	for( c = val->bv_val, i = 0; i < count; c += len + 1 ) {
1144
1145
		len = strlen(c);
		if( len < SLAPD_APPROX_WORDLEN ) continue;
1146
		ber_str2bv( phonetic( c ), 0, 0, &keys[i] );
1147
1148
1149
		i++;
	}

1150
	ber_bvfree( val );
1151

1152
	keys[count].bv_val = NULL;
1153
1154
1155
1156
1157
1158
1159
1160
1161
1162
1163
1164
1165
1166
1167
1168
1169
1170
1171
	*keysp = keys;

	return LDAP_SUCCESS;
}


#else
/* No other form of Approximate Matching is defined */

static int
approxMatch(
	int *matchp,
	slap_mask_t flags,
	Syntax *syntax,
	MatchingRule *mr,
	struct berval *value,
	void *assertedValue )
{
	char *vapprox, *avapprox;
1172
	char *s, *t;
1173

1174
	/* Yes, this is necessary */
1175
	s = UTF8normalize( value, UTF8_NOCASEFOLD );
1176
1177
1178
1179
1180
1181
	if( s == NULL ) {
		*matchp = 1;
		return LDAP_SUCCESS;
	}

	/* Yes, this is necessary */
1182
	t = UTF8normalize( ((struct berval *)assertedValue),
1183
1184
1185
1186
1187
1188
1189
1190
1191
1192
1193
1194
			   UTF8_NOCASEFOLD );
	if( t == NULL ) {
		free( s );
		*matchp = -1;
		return LDAP_SUCCESS;
	}

	vapprox = phonetic( strip8bitChars( s ) );
	avapprox = phonetic( strip8bitChars( t ) );

	free( s );
	free( t );