Skip to content
GitLab
Projects
Groups
Snippets
/
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Sign in / Register
Toggle navigation
Menu
Open sidebar
openldap
OpenLDAP
Commits
568be260
Commit
568be260
authored
Nov 08, 2008
by
Quanah Gibson-Mount
Browse files
ITS
#5700
parent
ed337039
Changes
2
Hide whitespace changes
Inline
Side-by-side
CHANGES
View file @
568be260
...
@@ -2,6 +2,7 @@ OpenLDAP 2.4 Change Log
...
@@ -2,6 +2,7 @@ OpenLDAP 2.4 Change Log
OpenLDAP 2.4.13 Engineering
OpenLDAP 2.4.13 Engineering
Fixed liblutil hex conversion (ITS#5699)
Fixed liblutil hex conversion (ITS#5699)
Added slapd support for certificateListExactMatch from RFC4523 (ITS#5700)
Fixed slapd-bdb/hdb invalid db crash (ITS#5698)
Fixed slapd-bdb/hdb invalid db crash (ITS#5698)
Added slapo-translucent try local bind when remote fails (ITS#5656)
Added slapo-translucent try local bind when remote fails (ITS#5656)
...
...
servers/slapd/schema_init.c
View file @
568be260
...
@@ -74,6 +74,13 @@ generalizedTimeValidate(
...
@@ -74,6 +74,13 @@ generalizedTimeValidate(
Syntax
*
syntax
,
Syntax
*
syntax
,
struct
berval
*
in
);
struct
berval
*
in
);
#ifdef SUPPORT_OBSOLETE_UTC_SYNTAX
static
int
utcTimeValidate
(
Syntax
*
syntax
,
struct
berval
*
in
);
#endif
/* SUPPORT_OBSOLETE_UTC_SYNTAX */
static
int
static
int
inValidate
(
inValidate
(
Syntax
*
syntax
,
Syntax
*
syntax
,
...
@@ -3429,6 +3436,494 @@ done:
...
@@ -3429,6 +3436,494 @@ done:
return
rc
;
return
rc
;
}
}
/* X.509 PKI certificateList stuff */
static
int
checkTime
(
struct
berval
*
in
,
struct
berval
*
out
)
{
int
i
;
char
buf
[
STRLENOF
(
"YYYYmmddHHMMSSZ"
)
+
1
];
struct
berval
bv
;
assert
(
in
!=
NULL
);
assert
(
!
BER_BVISNULL
(
in
)
);
assert
(
!
BER_BVISEMPTY
(
in
)
);
if
(
in
->
bv_len
<
STRLENOF
(
"YYmmddHHMMSSZ"
)
)
{
return
-
1
;
}
if
(
out
!=
NULL
)
{
assert
(
!
BER_BVISNULL
(
out
)
);
assert
(
out
->
bv_len
>=
sizeof
(
buf
)
);
bv
.
bv_val
=
out
->
bv_val
;
}
else
{
bv
.
bv_val
=
buf
;
}
for
(
i
=
0
;
i
<
STRLENOF
(
"YYYYmmddHHMMSS"
);
i
++
)
{
if
(
!
ASCII_DIGIT
(
in
->
bv_val
[
i
]
)
)
break
;
}
if
(
in
->
bv_val
[
i
]
!=
'Z'
)
{
return
-
1
;
}
i
++
;
if
(
i
!=
in
->
bv_len
)
{
return
-
1
;
}
if
(
i
==
STRLENOF
(
"YYYYmmddHHMMSSZ"
)
)
{
lutil_strncopy
(
bv
.
bv_val
,
in
->
bv_val
,
i
);
bv
.
bv_len
=
i
;
}
else
if
(
i
==
STRLENOF
(
"YYmmddHHMMSSZ"
)
)
{
char
*
p
=
bv
.
bv_val
;
if
(
in
->
bv_val
[
0
]
<
'7'
)
{
p
=
lutil_strcopy
(
p
,
"20"
);
}
else
{
p
=
lutil_strcopy
(
p
,
"19"
);
}
lutil_strncopy
(
p
,
in
->
bv_val
,
i
);
bv
.
bv_len
=
2
+
i
;
}
else
{
return
-
1
;
}
i
=
generalizedTimeValidate
(
NULL
,
&
bv
);
if
(
i
==
LDAP_SUCCESS
&&
out
!=
NULL
)
{
out
->
bv_len
=
bv
.
bv_len
;
}
return
i
!=
LDAP_SUCCESS
;
}
static
int
issuerAndThisUpdateCheck
(
struct
berval
*
in
,
struct
berval
*
is
,
struct
berval
*
tu
,
void
*
ctx
)
{
int
numdquotes
=
0
;
struct
berval
x
=
*
in
;
struct
berval
ni
=
BER_BVNULL
;
/* Parse GSER format */
enum
{
HAVE_NONE
=
0x0
,
HAVE_ISSUER
=
0x1
,
HAVE_THISUPDATE
=
0x2
,
HAVE_ALL
=
(
HAVE_ISSUER
|
HAVE_THISUPDATE
)
}
have
=
HAVE_NONE
;
if
(
in
->
bv_len
<
STRLENOF
(
"{issuer
\"\"
,thisUpdate
\"
YYMMDDhhmmssZ
\"
}"
)
)
return
LDAP_INVALID_SYNTAX
;
if
(
in
->
bv_val
[
0
]
!=
'{'
&&
in
->
bv_val
[
in
->
bv_len
-
1
]
!=
'}'
)
{
return
LDAP_INVALID_SYNTAX
;
}
x
.
bv_val
++
;
x
.
bv_len
-=
STRLENOF
(
"{}"
);
do
{
/* eat leading spaces */
for
(
;
(
x
.
bv_val
[
0
]
==
' '
)
&&
x
.
bv_len
;
x
.
bv_val
++
,
x
.
bv_len
--
)
{
/* empty */
;
}
/* should be at issuer or thisUpdate */
if
(
strncasecmp
(
x
.
bv_val
,
"issuer"
,
STRLENOF
(
"issuer"
)
)
==
0
)
{
if
(
have
&
HAVE_ISSUER
)
return
LDAP_INVALID_SYNTAX
;
/* parse issuer */
x
.
bv_val
+=
STRLENOF
(
"issuer"
);
x
.
bv_len
-=
STRLENOF
(
"issuer"
);
if
(
x
.
bv_val
[
0
]
!=
' '
)
return
LDAP_INVALID_SYNTAX
;
x
.
bv_val
++
;
x
.
bv_len
--
;
/* eat leading spaces */
for
(
;
(
x
.
bv_val
[
0
]
==
' '
)
&&
x
.
bv_len
;
x
.
bv_val
++
,
x
.
bv_len
--
)
{
/* empty */
;
}
/* For backward compatibility, this part is optional */
if
(
strncasecmp
(
x
.
bv_val
,
"rdnSequence:"
,
STRLENOF
(
"rdnSequence:"
)
)
!=
0
)
{
return
LDAP_INVALID_SYNTAX
;
}
x
.
bv_val
+=
STRLENOF
(
"rdnSequence:"
);
x
.
bv_len
-=
STRLENOF
(
"rdnSequence:"
);
if
(
x
.
bv_val
[
0
]
!=
'"'
)
return
LDAP_INVALID_SYNTAX
;
x
.
bv_val
++
;
x
.
bv_len
--
;
is
->
bv_val
=
x
.
bv_val
;
is
->
bv_len
=
0
;
for
(
;
is
->
bv_len
<
x
.
bv_len
;
)
{
if
(
is
->
bv_val
[
is
->
bv_len
]
!=
'"'
)
{
is
->
bv_len
++
;
continue
;
}
if
(
is
->
bv_val
[
is
->
bv_len
+
1
]
==
'"'
)
{
/* double dquote */
is
->
bv_len
+=
2
;
continue
;
}
break
;
}
x
.
bv_val
+=
is
->
bv_len
+
1
;
x
.
bv_len
-=
is
->
bv_len
+
1
;
have
|=
HAVE_ISSUER
;
}
else
if
(
strncasecmp
(
x
.
bv_val
,
"thisUpdate"
,
STRLENOF
(
"thisUpdate"
)
)
==
0
)
{
if
(
have
&
HAVE_THISUPDATE
)
return
LDAP_INVALID_SYNTAX
;
/* parse thisUpdate */
x
.
bv_val
+=
STRLENOF
(
"thisUpdate"
);
x
.
bv_len
-=
STRLENOF
(
"thisUpdate"
);
if
(
x
.
bv_val
[
0
]
!=
' '
)
return
LDAP_INVALID_SYNTAX
;
x
.
bv_val
++
;
x
.
bv_len
--
;
/* eat leading spaces */
for
(
;
(
x
.
bv_val
[
0
]
==
' '
)
&&
x
.
bv_len
;
x
.
bv_val
++
,
x
.
bv_len
--
)
{
/* empty */
;
}
if
(
x
.
bv_val
[
0
]
!=
'"'
)
return
LDAP_INVALID_SYNTAX
;
x
.
bv_val
++
;
x
.
bv_len
--
;
tu
->
bv_val
=
x
.
bv_val
;
tu
->
bv_len
=
0
;
for
(
;
tu
->
bv_len
<
x
.
bv_len
;
tu
->
bv_len
++
)
{
if
(
tu
->
bv_val
[
tu
->
bv_len
]
==
'"'
)
{
break
;
}
}
x
.
bv_val
+=
tu
->
bv_len
+
1
;
x
.
bv_len
-=
tu
->
bv_len
+
1
;
have
|=
HAVE_THISUPDATE
;
}
else
{
return
LDAP_INVALID_SYNTAX
;
}
/* eat leading spaces */
for
(
;
(
x
.
bv_val
[
0
]
==
' '
)
&&
x
.
bv_len
;
x
.
bv_val
++
,
x
.
bv_len
--
)
{
/* empty */
;
}
if
(
have
==
HAVE_ALL
)
{
break
;
}
if
(
x
.
bv_val
[
0
]
!=
','
)
{
return
LDAP_INVALID_SYNTAX
;
}
x
.
bv_val
++
;
x
.
bv_len
--
;
}
while
(
1
);
/* should have no characters left... */
if
(
x
.
bv_len
)
return
LDAP_INVALID_SYNTAX
;
if
(
numdquotes
==
0
)
{
ber_dupbv_x
(
&
ni
,
is
,
ctx
);
}
else
{
ber_int_t
src
,
dst
;
ni
.
bv_len
=
is
->
bv_len
-
numdquotes
;
ni
.
bv_val
=
ber_memalloc_x
(
ni
.
bv_len
+
1
,
ctx
);
for
(
src
=
0
,
dst
=
0
;
src
<
is
->
bv_len
;
src
++
,
dst
++
)
{
if
(
is
->
bv_val
[
src
]
==
'"'
)
{
src
++
;
}
ni
.
bv_val
[
dst
]
=
is
->
bv_val
[
src
];
}
ni
.
bv_val
[
dst
]
=
'\0'
;
}
*
is
=
ni
;
return
0
;
}
static
int
issuerAndThisUpdateValidate
(
Syntax
*
syntax
,
struct
berval
*
in
)
{
int
rc
;
struct
berval
i
,
tu
;
Debug
(
LDAP_DEBUG_TRACE
,
">>> issuerAndThisUpdateValidate: <%s>
\n
"
,
in
->
bv_val
,
0
,
0
);
rc
=
issuerAndThisUpdateCheck
(
in
,
&
i
,
&
tu
,
NULL
);
if
(
rc
)
{
goto
done
;
}
/* validate DN -- doesn't handle double dquote */
rc
=
dnValidate
(
NULL
,
&
i
);
if
(
rc
)
{
rc
=
LDAP_INVALID_SYNTAX
;
}
else
if
(
checkTime
(
&
tu
,
NULL
)
)
{
rc
=
LDAP_INVALID_SYNTAX
;
}
if
(
in
->
bv_val
[
0
]
==
'{'
&&
in
->
bv_val
[
in
->
bv_len
-
1
]
==
'}'
)
{
slap_sl_free
(
i
.
bv_val
,
NULL
);
}
Debug
(
LDAP_DEBUG_TRACE
,
"<<< issuerAndThisUpdateValidate: <%s> err=%d
\n
"
,
in
->
bv_val
,
rc
,
0
);
done:
;
return
rc
;
}
static
int
issuerAndThisUpdatePretty
(
Syntax
*
syntax
,
struct
berval
*
in
,
struct
berval
*
out
,
void
*
ctx
)
{
int
rc
;
struct
berval
i
,
tu
,
ni
=
BER_BVNULL
;
char
*
p
;
assert
(
in
!=
NULL
);
assert
(
out
!=
NULL
);
BER_BVZERO
(
out
);
Debug
(
LDAP_DEBUG_TRACE
,
">>> issuerAndThisUpdatePretty: <%s>
\n
"
,
in
->
bv_val
,
0
,
0
);
rc
=
issuerAndThisUpdateCheck
(
in
,
&
i
,
&
tu
,
ctx
);
if
(
rc
)
{
goto
done
;
}
rc
=
dnPretty
(
syntax
,
&
i
,
&
ni
,
ctx
);
if
(
in
->
bv_val
[
0
]
==
'{'
&&
in
->
bv_val
[
in
->
bv_len
-
1
]
==
'}'
)
{
slap_sl_free
(
i
.
bv_val
,
ctx
);
}
if
(
rc
||
checkTime
(
&
tu
,
NULL
)
)
{
rc
=
LDAP_INVALID_SYNTAX
;
goto
done
;
}
/* make room */
out
->
bv_len
=
STRLENOF
(
"{ issuer rdnSequence:
\"\"
, thisUpdate
\"\"
}"
)
+
ni
.
bv_len
+
tu
.
bv_len
;
out
->
bv_val
=
slap_sl_malloc
(
out
->
bv_len
+
1
,
ctx
);
if
(
out
->
bv_val
==
NULL
)
{
out
->
bv_len
=
0
;
rc
=
LDAP_OTHER
;
goto
done
;
}
p
=
out
->
bv_val
;
p
=
lutil_strcopy
(
p
,
"{ issuer rdnSequence:
\"
"
/*}*/
);
p
=
lutil_strncopy
(
p
,
ni
.
bv_val
,
ni
.
bv_len
);
p
=
lutil_strcopy
(
p
,
"
\"
, thisUpdate
\"
"
);
p
=
lutil_strncopy
(
p
,
tu
.
bv_val
,
tu
.
bv_len
);
p
=
lutil_strcopy
(
p
,
/*{*/
"
\"
}"
);
assert
(
p
-
out
->
bv_val
==
out
->
bv_len
);
done:
;
Debug
(
LDAP_DEBUG_TRACE
,
"<<< issuerAndThisUpdatePretty: <%s> => <%s>
\n
"
,
in
->
bv_val
,
rc
==
LDAP_SUCCESS
?
out
->
bv_val
:
"(err)"
,
0
);
slap_sl_free
(
ni
.
bv_val
,
ctx
);
return
rc
;
}
static
int
issuerAndThisUpdateNormalize
(
slap_mask_t
usage
,
Syntax
*
syntax
,
MatchingRule
*
mr
,
struct
berval
*
in
,
struct
berval
*
out
,
void
*
ctx
)
{
struct
berval
i
,
ni
,
tu
,
tu2
;
char
sbuf
[
STRLENOF
(
"YYYYmmddHHMMSSZ"
)
+
1
];
char
*
p
;
int
rc
;
assert
(
in
!=
NULL
);
assert
(
out
!=
NULL
);
Debug
(
LDAP_DEBUG_TRACE
,
">>> issuerAndThisUpdateNormalize: <%s>
\n
"
,
in
->
bv_val
,
0
,
0
);
rc
=
issuerAndThisUpdateCheck
(
in
,
&
i
,
&
tu
,
ctx
);
if
(
rc
)
{
return
rc
;
}
rc
=
dnNormalize
(
usage
,
syntax
,
mr
,
&
i
,
&
ni
,
ctx
);
if
(
in
->
bv_val
[
0
]
==
'{'
&&
in
->
bv_val
[
in
->
bv_len
-
1
]
==
'}'
)
{
slap_sl_free
(
i
.
bv_val
,
ctx
);
}
tu2
.
bv_val
=
sbuf
;
tu2
.
bv_len
=
sizeof
(
sbuf
);
if
(
rc
||
checkTime
(
&
tu
,
&
tu2
)
)
{
return
LDAP_INVALID_SYNTAX
;
}
out
->
bv_len
=
STRLENOF
(
"{ issuer rdnSequence:
\"\"
, thisUpdate
\"\"
}"
)
+
ni
.
bv_len
+
tu2
.
bv_len
;
out
->
bv_val
=
slap_sl_malloc
(
out
->
bv_len
+
1
,
ctx
);
if
(
out
->
bv_val
==
NULL
)
{
out
->
bv_len
=
0
;
rc
=
LDAP_OTHER
;
goto
func_leave
;
}
p
=
out
->
bv_val
;
p
=
lutil_strcopy
(
p
,
"{ issuer rdnSequence:
\"
"
/*}*/
);
p
=
lutil_strncopy
(
p
,
ni
.
bv_val
,
ni
.
bv_len
);
p
=
lutil_strcopy
(
p
,
"
\"
, thisUpdate
\"
"
);
p
=
lutil_strncopy
(
p
,
tu2
.
bv_val
,
tu2
.
bv_len
);
p
=
lutil_strcopy
(
p
,
/*{*/
"
\"
}"
);
assert
(
p
-
out
->
bv_val
==
out
->
bv_len
);
func_leave:
Debug
(
LDAP_DEBUG_TRACE
,
"<<< issuerAndThisUpdateNormalize: <%s> => <%s>
\n
"
,
in
->
bv_val
,
rc
==
LDAP_SUCCESS
?
out
->
bv_val
:
"(err)"
,
0
);
slap_sl_free
(
ni
.
bv_val
,
ctx
);
return
rc
;
}
static
int
certificateListExactNormalize
(
slap_mask_t
usage
,
Syntax
*
syntax
,
MatchingRule
*
mr
,
struct
berval
*
val
,
struct
berval
*
normalized
,
void
*
ctx
)
{
BerElementBuffer
berbuf
;
BerElement
*
ber
=
(
BerElement
*
)
&
berbuf
;
ber_tag_t
tag
;
ber_len_t
len
;
ber_int_t
version
;
struct
berval
issuer_dn
=
BER_BVNULL
,
bvdn
,
thisUpdate
,
bvtu
;
char
*
p
,
tubuf
[
STRLENOF
(
"YYYYmmddHHMMSSZ"
)
+
1
];
int
rc
=
LDAP_INVALID_SYNTAX
;
assert
(
val
!=
NULL
);
Debug
(
LDAP_DEBUG_TRACE
,
">>> certificateListExactNormalize: <%p, %lu>
\n
"
,
val
->
bv_val
,
val
->
bv_len
,
0
);
if
(
BER_BVISEMPTY
(
val
)
)
goto
done
;
if
(
SLAP_MR_IS_VALUE_OF_ASSERTION_SYNTAX
(
usage
)
)
{
return
issuerAndThisUpdateNormalize
(
0
,
NULL
,
NULL
,
val
,
normalized
,
ctx
);
}
assert
(
SLAP_MR_IS_VALUE_OF_ATTRIBUTE_SYNTAX
(
usage
)
!=
0
);
ber_init2
(
ber
,
val
,
LBER_USE_DER
);
tag
=
ber_skip_tag
(
ber
,
&
len
);
/* Signed wrapper */
if
(
tag
!=
LBER_SEQUENCE
)
return
LDAP_INVALID_SYNTAX
;
tag
=
ber_skip_tag
(
ber
,
&
len
);
/* Sequence */
if
(
tag
!=
LBER_SEQUENCE
)
return
LDAP_INVALID_SYNTAX
;
tag
=
ber_peek_tag
(
ber
,
&
len
);
/* Optional version */
if
(
tag
==
LBER_INTEGER
)
{
tag
=
ber_get_int
(
ber
,
&
version
);
assert
(
tag
==
LBER_INTEGER
);
if
(
version
!=
SLAP_X509_V2
)
return
LDAP_INVALID_SYNTAX
;
}
tag
=
ber_skip_tag
(
ber
,
&
len
);
/* Signature Algorithm */
if
(
tag
!=
LBER_SEQUENCE
)
return
LDAP_INVALID_SYNTAX
;
ber_skip_data
(
ber
,
len
);
tag
=
ber_peek_tag
(
ber
,
&
len
);
/* IssuerDN */
if
(
tag
!=
LBER_SEQUENCE
)
return
LDAP_INVALID_SYNTAX
;
len
=
ber_ptrlen
(
ber
);
bvdn
.
bv_val
=
val
->
bv_val
+
len
;
bvdn
.
bv_len
=
val
->
bv_len
-
len
;
tag
=
ber_skip_tag
(
ber
,
&
len
);
ber_skip_data
(
ber
,
len
);
tag
=
ber_skip_tag
(
ber
,
&
len
);
/* thisUpdate */
/* Time is a CHOICE { UTCTime, GeneralizedTime } */
if
(
tag
!=
SLAP_TAG_UTCTIME
&&
tag
!=
SLAP_TAG_GENERALIZEDTIME
)
return
LDAP_INVALID_SYNTAX
;
bvtu
.
bv_val
=
(
char
*
)
ber
->
ber_ptr
;
bvtu
.
bv_len
=
len
;
rc
=
dnX509normalize
(
&
bvdn
,
&
issuer_dn
);
if
(
rc
!=
LDAP_SUCCESS
)
goto
done
;
thisUpdate
.
bv_val
=
tubuf
;
thisUpdate
.
bv_len
=
sizeof
(
tubuf
);
if
(
checkTime
(
&
bvtu
,
&
thisUpdate
)
)
{
rc
=
LDAP_INVALID_SYNTAX
;
goto
done
;
}
normalized
->
bv_len
=
STRLENOF
(
"{ issuer rdnSequence:
\"\"
, thisUpdate
\"\"
}"
)
+
issuer_dn
.
bv_len
+
thisUpdate
.
bv_len
;
normalized
->
bv_val
=
ch_malloc
(
normalized
->
bv_len
+
1
);
p
=
normalized
->
bv_val
;
p
=
lutil_strcopy
(
p
,
"{ issuer rdnSequence:
\"
"
);
p
=
lutil_strncopy
(
p
,
issuer_dn
.
bv_val
,
issuer_dn
.
bv_len
);
p
=
lutil_strcopy
(
p
,
"
\"
, thisUpdate
\"
"
);
p
=
lutil_strncopy
(
p
,
thisUpdate
.
bv_val
,
thisUpdate
.
bv_len
);
p
=
lutil_strcopy
(
p
,
/*{*/
"
\"
}"
);
rc
=
LDAP_SUCCESS
;
done:
Debug
(
LDAP_DEBUG_TRACE
,
"<<< certificateListExactNormalize: <%p, %lu> => <%s>
\n
"
,
val
->
bv_val
,
val
->
bv_len
,
rc
==
LDAP_SUCCESS
?
normalized
->
bv_val
:
"(err)"
);
if
(
issuer_dn
.
bv_val
)
ber_memfree
(
issuer_dn
.
bv_val
);
return
rc
;
}
static
int
static
int
hexValidate
(
hexValidate
(
Syntax
*
syntax
,
Syntax
*
syntax
,
...
@@ -4816,7 +5311,9 @@ static slap_syntax_defs_rec syntax_defs[] = {
...
@@ -4816,7 +5311,9 @@ static slap_syntax_defs_rec syntax_defs[] = {
{
"( 1.3.6.1.1.15.4 DESC 'Certificate Pair Assertion' )"
,
{
"( 1.3.6.1.1.15.4 DESC 'Certificate Pair Assertion' )"
,
SLAP_SYNTAX_HIDE
,
NULL
,
NULL
,
NULL
},
SLAP_SYNTAX_HIDE
,
NULL
,
NULL
,
NULL
},
{
"( 1.3.6.1.1.15.5 DESC 'Certificate List Exact Assertion' )"
,
{
"( 1.3.6.1.1.15.5 DESC 'Certificate List Exact Assertion' )"
,
SLAP_SYNTAX_HIDE
,
NULL
,
NULL
,
NULL
},
SLAP_SYNTAX_HIDE
,
NULL
,
issuerAndThisUpdateValidate
,
issuerAndThisUpdatePretty
},
{
"( 1.3.6.1.1.15.6 DESC 'Certificate List Assertion' )"
,
{
"( 1.3.6.1.1.15.6 DESC 'Certificate List Assertion' )"
,
SLAP_SYNTAX_HIDE
,
NULL
,
NULL
,
NULL
},
SLAP_SYNTAX_HIDE
,
NULL
,
NULL
,
NULL
},
{
"( 1.3.6.1.1.15.7 DESC 'Algorithm Identifier' )"
,
{
"( 1.3.6.1.1.15.7 DESC 'Algorithm Identifier' )"
,
...
@@ -4856,9 +5353,14 @@ char *certificateExactMatchSyntaxes[] = {
...
@@ -4856,9 +5353,14 @@ char *certificateExactMatchSyntaxes[] = {
"1.3.6.1.4.1.1466.115.121.1.8"
/* certificate */
,
"1.3.6.1.4.1.1466.115.121.1.8"
/* certificate */
,
NULL
NULL
};
};
char
*
certificateListExactMatchSyntaxes
[]
=
{
"1.3.6.1.4.1.1466.115.121.1.9"
/* certificateList */
,
NULL
};
#ifdef LDAP_COMP_MATCH
#ifdef LDAP_COMP_MATCH
char
*
componentFilterMatchSyntaxes
[]
=
{
char
*
componentFilterMatchSyntaxes
[]
=
{
"1.3.6.1.4.1.1466.115.121.1.8"
/* certificate */
,
"1.3.6.1.4.1.1466.115.121.1.8"
/* certificate */
,
"1.3.6.1.4.1.1466.115.121.1.9"
/* certificateList */
,
NULL
NULL
};
};
#endif
#endif
...
@@ -4893,8 +5395,6 @@ char *objectIdentifierFirstComponentMatchSyntaxes[] = {
...
@@ -4893,8 +5395,6 @@ char *objectIdentifierFirstComponentMatchSyntaxes[] = {
* 2.5.13.33* keywordMatch
* 2.5.13.33* keywordMatch
* 2.5.13.36+ certificatePairExactMatch
* 2.5.13.36+ certificatePairExactMatch
* 2.5.13.37+ certificatePairMatch
* 2.5.13.37+ certificatePairMatch
* 2.5.13.38+ certificateListExactMatch
* 2.5.13.39+ certificateListMatch
* 2.5.13.40+ algorithmIdentifierMatch
* 2.5.13.40+ algorithmIdentifierMatch
* 2.5.13.41* storedPrefixMatch
* 2.5.13.41* storedPrefixMatch
* 2.5.13.42 attributeCertificateMatch
* 2.5.13.42 attributeCertificateMatch
...
@@ -5199,6 +5699,19 @@ static slap_mrule_defs_rec mrule_defs[] = {
...
@@ -5199,6 +5699,19 @@ static slap_mrule_defs_rec mrule_defs[] = {
NULL
,
NULL
,
NULL
,
NULL
,
NULL
,
NULL
,
NULL
,
NULL
,
NULL
,
NULL
,
NULL
},
NULL
},
{
"( 2.5.13.38 NAME 'certificateListExactMatch' "
"SYNTAX 1.3.6.1.1.15.5 )"
,
SLAP_MR_EQUALITY
|
SLAP_MR_EXT
,
certificateListExactMatchSyntaxes
,
NULL
,
certificateListExactNormalize
,
octetStringMatch
,
octetStringIndexer
,
octetStringFilter
,
NULL
},
{
"( 2.5.13.39 NAME 'certificateListMatch' "
"SYNTAX 1.3.6.1.1.15.6 )"
,
SLAP_MR_EQUALITY
|
SLAP_MR_EXT
,
NULL
,
NULL
,
NULL
,
NULL
,
NULL
,
NULL
,
NULL
},
{
"( 1.3.6.1.4.1.1466.109.114.1 NAME 'caseExactIA5Match' "
{
"( 1.3.6.1.4.1.1466.109.114.1 NAME 'caseExactIA5Match' "
"SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )"
,
"SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )"
,
SLAP_MR_EQUALITY
|
SLAP_MR_EXT
,
NULL
,
SLAP_MR_EQUALITY
|
SLAP_MR_EXT
,
NULL
,
...
...
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment