Yet another round of SLAPD_SCHEMA_NOT_COMPAT changes...

Changes outside of #ifdef include three value filter processing.

servers/slapd/Makefile.in

@@ -16,7 +16,7 @@ SRCS	= main.c daemon.c connection.c search.c filter.c add.c charray.c \
 		phonetic.c acl.c str2filter.c aclparse.c init.c user.c \
 		repl.c lock.c controls.c extended.c kerberos.c passwd.c \
 		schema.c schema_check.c schema_init.c schemaparse.c \
-		at.c mr.c syntax.c oc.c \
+		ad.c at.c mr.c syntax.c oc.c \
 		monitor.c configinfo.c starttls.c \
 		root_dse.c sasl.c module.c suffixalias.c $(@PLAT@_SRCS)
 
@@ -27,7 +27,7 @@ OBJS	= main.o daemon.o connection.o search.o filter.o add.o charray.o \
 		phonetic.o acl.o str2filter.o aclparse.o init.o user.o \
 		repl.o lock.o controls.o extended.o kerberos.o passwd.o \
 		schema.o schema_check.o schema_init.o schemaparse.o \
-		at.o mr.o syntax.o oc.o \
+		ad.o at.o mr.o syntax.o oc.o \
 		monitor.o configinfo.o starttls.o \
 		root_dse.o sasl.o module.o suffixalias.o $(@PLAT@_OBJS)
 

servers/slapd/acl.c

@@ -35,7 +35,7 @@ static int aci_mask(
 	regmatch_t *matches, slap_access_t *grant, slap_access_t *deny );
 
 char *supportedACIMechs[] = {
-	"1.3.6.1.4.1.4203.666.7.1",	/* experimental draft aci family */
+	"1.3.6.1.4.1.4203.666.7.1",	/* experimental IETF aci family */
 	"1.3.6.1.4.1.4203.666.7.2",	/* experimental OpenLDAP aci family */
 	NULL
 };
@@ -74,7 +74,9 @@ access_allowed(
 {
 	int				count;
 	AccessControl	*a;
+#ifdef LDAP_DEBUG
 	char accessmaskbuf[ACCESSMASK_MAXLEN];
+#endif
 	slap_access_mask_t mask;
 	slap_control_t control;
 
@@ -238,7 +240,8 @@ acl_get(
 		}
 
 		if ( a->acl_filter != NULL ) {
-			if ( test_filter( NULL, NULL, NULL, e, a->acl_filter ) != 0 ) {
+			ber_int_t rc = test_filter( NULL, NULL, NULL, e, a->acl_filter );
+			if ( rc != LDAP_COMPARE_TRUE ) {
 				continue;
 			}
 		}
@@ -286,7 +289,9 @@ acl_mask(
 {
 	int		i;
 	Access	*b;
+#ifdef LDAP_DEBUG
 	char accessmaskbuf[ACCESSMASK_MAXLEN];
+#endif
 
 	assert( a != NULL );
 	assert( mask != NULL );

servers/slapd/ad.c

+/* $OpenLDAP$ */
+/*
+ * Copyright 1998-1999 The OpenLDAP Foundation, All Rights Reserved.
+ * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
+ */
+/* ad.c - routines for dealing with attribute descriptions */
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <ac/ctype.h>
+#include <ac/errno.h>
+#include <ac/socket.h>
+#include <ac/string.h>
+#include <ac/time.h>
+
+#include "ldap_pvt.h"
+#include "slap.h"
+
+#ifdef SLAPD_SCHEMA_NOT_COMPAT
+
+int slap_bv2ad(
+	struct berval *bv,
+	AttributeDescription **ad,
+	char **text )
+{
+	int rtn = LDAP_UNDEFINED_TYPE;
+	int i;
+	AttributeDescription desc;
+	char **tokens;
+
+	assert( *ad != NULL );
+	assert( *text != NULL );
+
+	if( bv == NULL || bv->bv_len == 0 ) {
+		*text = "empty attribute description";
+		return LDAP_UNDEFINED_TYPE;
+	}
+
+	/* make sure description is IA5 */
+	if( IA5StringValidate( NULL, bv ) != 0 ) {
+		*text = "attribute description contains non-IA5 characters";
+		return LDAP_UNDEFINED_TYPE;
+	}
+
+	tokens = str2charray( bv->bv_val, ";");
+
+	if( tokens == NULL || *tokens == NULL ) {
+		*text = "no attribute type";
+		goto done;
+	}
+
+	desc.ad_type = at_find( *tokens );
+
+	if( desc.ad_type == NULL ) {
+		*text = "attribute type undefined";
+		goto done;
+	}
+
+	desc.ad_flags = SLAP_DESC_NONE;
+	desc.ad_lang = NULL;
+
+	for( i=1; tokens[i] != NULL; i++ ) {
+		if( strcasecmp( tokens[i], "binary" ) == 0 ) {
+			if( desc.ad_flags & SLAP_DESC_BINARY ) {
+				*text = "option \"binary\" specified multiple times";
+				goto done;
+			}
+
+			if(!( desc.ad_type->sat_syntax->ssyn_flags
+				& SLAP_SYNTAX_BINARY ))
+			{
+				/* not stored in binary, disallow option */
+				*text = "option \"binary\" with type not supported";
+				goto done;
+			}
+
+			desc.ad_flags |= SLAP_DESC_BINARY;
+
+		} else if ( strncasecmp( tokens[i], "lang-",
+			sizeof("lang-")-1 ) == 0 && tokens[i][sizeof("lang-")-1] )
+		{
+			if( desc.ad_lang != NULL ) {
+				*text = "multiple language tag options specified";
+				goto done;
+			}
+			desc.ad_lang = tokens[i];
+
+			/* normalize to all lower case, it's easy */
+			ldap_pvt_str2lower( desc.ad_lang );
+
+		} else {
+			*text = "unrecognized option";
+			goto done;
+		}
+	}
+
+	desc.ad_cname = ch_malloc( sizeof( struct berval ) );
+
+	desc.ad_cname->bv_len = strlen( desc.ad_type->sat_cname );
+	if( desc.ad_flags & SLAP_DESC_BINARY ) {
+		desc.ad_cname->bv_len += sizeof("binary");
+	}
+	if( desc.ad_lang != NULL ) {
+		desc.ad_cname->bv_len += strlen( desc.ad_lang );
+	}
+
+	desc.ad_cname = ch_malloc( desc.ad_cname->bv_len + 1 );
+
+	strcpy( desc.ad_cname->bv_val, desc.ad_type->sat_cname );
+	strcat( desc.ad_cname->bv_val, ";binary" );
+	if( desc.ad_flags & SLAP_DESC_BINARY ) {
+		strcat( desc.ad_cname->bv_val, ";binary" );
+	}
+
+	if( desc.ad_lang != NULL ) {
+		strcat( desc.ad_cname->bv_val, ";" );
+		strcat( desc.ad_cname->bv_val, desc.ad_lang );
+	}
+
+	*ad = ch_malloc( sizeof( AttributeDescription ) );
+	**ad = desc;
+
+	rtn = LDAP_SUCCESS;
+
+done:
+	charray_free( tokens );
+	return rtn;
+}
+
+void
+ad_free( AttributeDescription *ad, int freeit )
+{
+	if( ad == NULL ) return;
+
+	ber_bvfree( ad->ad_cname );
+	free( ad->ad_lang );
+
+	if( freeit ) free( ad );
+}
+
+#endif
+

servers/slapd/at.c

@@ -3,7 +3,7 @@
  * Copyright 1998-1999 The OpenLDAP Foundation, All Rights Reserved.
  * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
  */
-/* at.c - routines for dealing with attributes */
+/* at.c - routines for dealing with attribute types */
 
 #include "portable.h"
 

servers/slapd/attr.c

@@ -26,19 +26,6 @@
 static void at_index_print( void );
 #endif
 
-#ifdef SLAPD_SCHEMA_NOT_COMPAT
-void
-ad_free( AttributeDescription *ad, int freeit )
-{
-	if( ad == NULL ) return;
-
-	ber_bvfree( ad->ad_cname );
-	free( ad->ad_lang );
-
-	if( freeit ) free( ad );
-}
-#endif
-
 void
 attr_free( Attribute *a )
 {

servers/slapd/ava.c

@@ -14,6 +14,23 @@
 
 #include "slap.h"
 
+#ifdef SLAPD_SCHEMA_NOT_COMPAT
+
+void
+ava_free(
+    AttributeAssertion *ava,
+    int	freeit
+)
+{
+	ad_free( ava->aa_desc, 1 );
+	ber_bvfree( ava->aa_value );
+	if ( freeit ) {
+		ch_free( (char *) ava );
+	}
+}
+
+#else
+
 int
 get_ava(
     BerElement	*ber,
@@ -23,14 +40,11 @@ get_ava(
 	if ( ber_scanf( ber, "{ao}", &ava->ava_type, &ava->ava_value )
 	    == LBER_ERROR ) {
 		Debug( LDAP_DEBUG_ANY, "  get_ava ber_scanf\n", 0, 0, 0 );
-		return( -1 );
+		return -1;
 	}
 
 	attr_normalize( ava->ava_type );
-
-#ifndef SLAPD_SCHEMA_NOT_COMPAT
 	value_normalize( ava->ava_value.bv_val, attr_syntax( ava->ava_type ) );
-#endif
 
 	return( LDAP_SUCCESS );
 }
@@ -41,10 +55,11 @@ ava_free(
     int	freeit
 )
 {
-	free( (char *) ava->ava_type );
-	free( (char *) ava->ava_value.bv_val );
+	ch_free( (char *) ava->ava_type );
+	ch_free( (char *) ava->ava_value.bv_val );
 	if ( freeit ) {
-		free( (char *) ava );
+		ch_free( (char *) ava );
 	}
 }
 
+#endif

servers/slapd/back-bdb2/search.c

@@ -240,7 +240,7 @@ bdb2i_back_search_internal(
 		}
 
 		/* if it matches the filter and scope, send it */
-		if ( test_filter( be, conn, op, e, filter ) == 0 ) {
+		if ( test_filter( be, conn, op, e, filter ) == LDAP_COMPARE_TRUE ) {
 			char	*dn;
 
 			/* check scope */

servers/slapd/back-ldbm/compare.c

@@ -23,7 +23,11 @@ ldbm_back_compare(
     Operation	*op,
     char	*dn,
     char	*ndn,
+#ifdef SLAPD_SCHEMA_NOT_COMPAT
+	AttributeAssertion *ava
+#else
     Ava		*ava
+#endif
 )
 {
 	struct ldbminfo	*li = (struct ldbminfo *) be->be_private;
@@ -76,8 +80,13 @@ ldbm_back_compare(
 		goto return_results;
 	}
 
+#ifdef SLAPD_SCHEMA_NOT_COMPAT
+	if ( ! access_allowed( be, conn, op, e,
+		ava->aa_desc->ad_type->sat_cname, ava->aa_value, ACL_COMPARE ) )
+#else
 	if ( ! access_allowed( be, conn, op, e,
 		ava->ava_type, &ava->ava_value, ACL_COMPARE ) )
+#endif
 	{
 		send_ldap_result( conn, op, LDAP_INSUFFICIENT_ACCESS,
 			NULL, NULL, NULL, NULL );
@@ -85,7 +94,12 @@ ldbm_back_compare(
 		goto return_results;
 	}
 
-	if ( (a = attr_find( e->e_attrs, ava->ava_type )) == NULL ) {
+#ifdef SLAPD_SCHEMA_NOT_COMPAT
+	if ( (a = attr_find( e->e_attrs, ava->aa_desc->ad_cname->bv_val )) == NULL )
+#else
+	if ( (a = attr_find( e->e_attrs, ava->ava_type )) == NULL )
+#endif
+	{
 		send_ldap_result( conn, op, LDAP_NO_SUCH_ATTRIBUTE,
 			NULL, NULL, NULL, NULL );
 		rc = 1;

servers/slapd/back-ldbm/external.h

@@ -45,9 +45,15 @@ extern int	ldbm_back_search LDAP_P(( BackendDB *bd,
 	char *nbase, int scope, int deref, int sizelimit, int timelimit,
 	Filter *filter, char *filterstr, char **attrs, int attrsonly ));
 
+#ifdef SLAPD_SCHEMA_NOT_COMPAT
+extern int	ldbm_back_compare LDAP_P(( BackendDB *bd,
+	Connection *conn, Operation *op,
+	char *dn, char *ndn, AttributeAssertion *ava ));
+#else
 extern int	ldbm_back_compare LDAP_P((BackendDB *bd,
 	Connection *conn, Operation *op,
 	char *dn, char *ndn, Ava 	*ava ));
+#endif
 
 extern int	ldbm_back_modify LDAP_P(( BackendDB *bd,
 	Connection *conn, Operation *op,

servers/slapd/back-ldbm/filterindex.c

@@ -15,6 +15,16 @@
 #include "slap.h"
 #include "back-ldbm.h"
 
+#ifdef SLAPD_SCHEMA_NOT_COMPAT
+ID_BLOCK *
+filter_candidates(
+    Backend	*be,
+    Filter	*f )
+{
+	return NULL;
+}
+#else
+
 static ID_BLOCK	*ava_candidates( Backend *be, Ava *ava, int type );
 static ID_BLOCK	*presence_candidates( Backend *be, char *type );
 static ID_BLOCK	*approx_candidates( Backend *be, Ava *ava );
@@ -384,3 +394,4 @@ substring_comp_candidates(
 	    idl ? ID_BLOCK_NIDS(idl) : 0, 0, 0 );
 	return( idl );
 }
+#endif

servers/slapd/back-ldbm/index.c

@@ -318,7 +318,9 @@ index_change_values(
 
 	}
 
+#ifndef SLAPD_SCHEMA_NOT_COMPAT
 	attr_normalize(type);
+#endif
 	attr_mask( be->be_private, type, &indexmask );
 
 	if ( indexmask == 0 ) {

servers/slapd/back-ldbm/search.c

@@ -245,7 +245,7 @@ ldbm_back_search(
 		}
 
 		/* if it matches the filter and scope, send it */
-		if ( test_filter( be, conn, op, e, filter ) == 0 ) {
+		if ( test_filter( be, conn, op, e, filter ) == LDAP_COMPARE_TRUE ) {
 			char	*dn;
 
 			/* check scope */
@@ -412,12 +412,14 @@ search_candidates(
 		rf = (Filter *) ch_malloc( sizeof(Filter) );
 		rf->f_next = NULL;
 		rf->f_choice = LDAP_FILTER_OR;
+#ifndef SLAPD_SCHEMA_NOT_COMPAT
 		rf->f_or = (Filter *) ch_malloc( sizeof(Filter) );
 		rf->f_or->f_choice = LDAP_FILTER_EQUALITY;
 		rf->f_or->f_avtype = ch_strdup( "objectclass" );
 		rf->f_or->f_avvalue.bv_val = ch_strdup( "REFERRAL" );
 		rf->f_or->f_avvalue.bv_len = sizeof("REFERRAL")-1;
 		rf->f_or->f_next = filter;
+#endif
 		f = rf;
 	} else {
 		rf = NULL;
@@ -429,12 +431,14 @@ search_candidates(
 		af = (Filter *) ch_malloc( sizeof(Filter) );
 		af->f_next = NULL;
 		af->f_choice = LDAP_FILTER_OR;
+#ifndef SLAPD_SCHEMA_NOT_COMPAT
 		af->f_or = (Filter *) ch_malloc( sizeof(Filter) );
 		af->f_or->f_choice = LDAP_FILTER_EQUALITY;
 		af->f_or->f_avtype = ch_strdup( "objectclass" );
 		af->f_or->f_avvalue.bv_val = ch_strdup( "ALIAS" );
 		af->f_or->f_avvalue.bv_len = sizeof("ALIAS")-1;
 		af->f_or->f_next = f;
+#endif
 		f = af;
 	} else {
 		af = NULL;
@@ -444,24 +448,28 @@ search_candidates(
 		lf = (Filter *) ch_malloc( sizeof(Filter) );
 		lf->f_next = NULL;
 		lf->f_choice = LDAP_FILTER_AND;
+#ifndef SLAPD_SCHEMA_NOT_COMPAT
 		lf->f_and = (Filter *) ch_malloc( sizeof(Filter) );
 
 		lf->f_and->f_choice = SLAPD_FILTER_DN_SUBTREE;
 		lf->f_and->f_dn = e->e_ndn;
 
 		lf->f_and->f_next = f;
+#endif
 		f = lf;
 
 	} else if ( scope == LDAP_SCOPE_ONELEVEL ) {
 		lf = (Filter *) ch_malloc( sizeof(Filter) );
 		lf->f_next = NULL;
 		lf->f_choice = LDAP_FILTER_AND;
+#ifndef SLAPD_SCHEMA_NOT_COMPAT
 		lf->f_and = (Filter *) ch_malloc( sizeof(Filter) );
 
 		lf->f_and->f_choice = SLAPD_FILTER_DN_ONE;
 		lf->f_and->f_dn = e->e_ndn;
 
 		lf->f_and->f_next = f;
+#endif
 		f = lf;
 
 	} else {
@@ -472,17 +480,23 @@ search_candidates(
 
 	/* free up filter additions we allocated above */
 	if( lf != NULL ) {
+#ifndef SLAPD_SCHEMA_NOT_COMPAT
 		free( lf->f_and );
+#endif
 		free( lf );
 	}
 
 	if( af != NULL ) {
+#ifndef SLAPD_SCHEMA_NOT_COMPAT
 		af->f_or->f_next = NULL;
+#endif
 		filter_free( af );
 	}
 
 	if( rf != NULL ) {
+#ifndef SLAPD_SCHEMA_NOT_COMPAT
 		rf->f_or->f_next = NULL;
+#endif
 		filter_free( rf );
 	}
 

servers/slapd/back-passwd/search.c

@@ -108,7 +108,7 @@ passwd_back_search(
 			val.bv_len = strlen( val.bv_val );
 			attr_merge( e, "objectClass", vals );
 	
-			if ( test_filter( be, conn, op, e, filter ) == 0 ) {
+			if ( test_filter( be, conn, op, e, filter ) == LDAP_COMPARE_TRUE ) {
 				send_search_entry( be, conn, op,
 					e, attrs, attrsonly, NULL );
 				sent++;
@@ -138,7 +138,7 @@ passwd_back_search(
 
 				e = pw2entry( be, pw, NULL );
 
-				if ( test_filter( be, conn, op, e, filter ) == 0 ) {
+				if ( test_filter( be, conn, op, e, filter ) == LDAP_COMPARE_TRUE ) {
 					/* check size limit */
 					if ( --slimit == -1 ) {
 						send_ldap_result( conn, op, LDAP_SIZELIMIT_EXCEEDED,
@@ -195,7 +195,7 @@ passwd_back_search(
 
 		e = pw2entry( be, pw, rdn );
 
-		if ( test_filter( be, conn, op, e, filter ) == 0 ) {
+		if ( test_filter( be, conn, op, e, filter ) == LDAP_COMPARE_TRUE ) {
 			send_search_entry( be, conn, op,
 				e, attrs, attrsonly, NULL );
 			sent++;

servers/slapd/compare.c

@@ -31,9 +31,21 @@ do_compare(
 )
 {
 	char	*dn = NULL, *ndn=NULL;
-	Ava	ava;
+	struct berval desc;
+	struct berval value;
 	Backend	*be;
 	int rc = LDAP_SUCCESS;
+#ifdef SLAPD_SCHEMA_NOT_COMPAT
+	char *text = NULL;
+	AttributeAssertion ava;
+
+	ava.aa_desc = NULL;
+#else
+	Ava	ava;
+#endif
+
+	desc.bv_val = NULL;
+	value.bv_val = NULL;
 
 	Debug( LDAP_DEBUG_TRACE, "do_compare\n", 0, 0, 0 );
 
@@ -73,18 +85,20 @@ do_compare(
 		goto cleanup;
 	}
 
-	if ( get_ava( op->o_ber, &ava ) != LDAP_SUCCESS ) {
+	if ( ber_scanf( op->o_ber, "{oo}", &desc, &value ) == LBER_ERROR ) {
 		Debug( LDAP_DEBUG_ANY, "do_compare: get ava failed\n", 0, 0, 0 );
 		send_ldap_disconnect( conn, op,
 			LDAP_PROTOCOL_ERROR, "decoding error" );
-		return -1;
+		rc = -1;
+		goto cleanup;
 	}
 
 	if ( ber_scanf( op->o_ber, /*{*/ "}" ) == LBER_ERROR ) {
 		Debug( LDAP_DEBUG_ANY, "ber_scanf failed\n", 0, 0, 0 );
 		send_ldap_disconnect( conn, op,
 			LDAP_PROTOCOL_ERROR, "decoding error" );
-		return -1;
+		rc = -1;
+		goto cleanup;
 	}
 
 	if( ( rc = get_ctrls( conn, op, 1 )) != LDAP_SUCCESS ) {
@@ -92,11 +106,34 @@ do_compare(
 		goto cleanup;
 	} 
 
+#ifdef SLAPD_SCHEMA_NOT_COMPAT
+	rc = slap_bv2ad( &desc, &ava.aa_desc, &text );
+	if( rc != LDAP_SUCCESS ) {
+		send_ldap_result( conn, op, rc, NULL,
+		    text, NULL, NULL );
+		goto cleanup;
+	}
+	ava.aa_value = &value;
+
+	Debug( LDAP_DEBUG_ARGS, "do_compare: dn (%s) attr (%s) value (%s)\n",
+	    dn, ava.aa_desc->ad_cname, ava.aa_value->bv_val );
+
+	Statslog( LDAP_DEBUG_STATS, "conn=%ld op=%d CMP dn=\"%s\" attr=\"%s\"\n",
+	    op->o_connid, op->o_opid, dn, ava.aa_desc->ad_cname, 0 );
+
+#else
+	ava.ava_type = desc.bv_val;
+	ava.ava_value = value;
+	attr_normalize( ava.ava_type );
+	value_normalize( ava.ava_value.bv_val, attr_syntax( ava.ava_type ) );
+
 	Debug( LDAP_DEBUG_ARGS, "do_compare: dn (%s) attr (%s) value (%s)\n",
 	    dn, ava.ava_type, ava.ava_value.bv_val );
 
 	Statslog( LDAP_DEBUG_STATS, "conn=%ld op=%d CMP dn=\"%s\" attr=\"%s\"\n",
 	    op->o_connid, op->o_opid, dn, ava.ava_type, 0 );
+#endif
+
 
 	/*
 	 * We could be serving multiple database backends.  Select the
@@ -132,7 +169,13 @@ do_compare(
 cleanup:
 	free( dn );
 	free( ndn );
-	ava_free( &ava, 0 );
+	free( desc.bv_val );
+	free( value.bv_val );
+#ifdef SLAPD_SCHEMA_NOT_COMPAT
+	if( ava.aa_desc != NULL ) {
+		ad_free( ava.aa_desc, 1 );
+	}
+#endif
 
 	return rc;
 }

servers/slapd/entry.c

@@ -120,6 +120,9 @@ str2entry( char *s )
 
 		bval.bv_val = value;
 		bval.bv_len = vlen;
+#ifdef SLAPD_SCHEMA_NOT_COMPAT
+		/* not yet implemented */
+#else
 		if ( attr_merge_fast( e, type, vals, nvals, 1, &maxvals, &a )
 		    != 0 ) {
 			Debug( LDAP_DEBUG_TRACE,
@@ -129,6 +132,7 @@ str2entry( char *s )
 			free( type );
 			return( NULL );
 		}
+#endif
 
 		free( value );
 		free( type );

servers/slapd/filter.c

@@ -68,6 +68,7 @@ get_filter( Connection *conn, BerElement *ber, Filter **filt, char **fstr )
 	f->f_ch