OpenLDAP 2.0.X Engineering
Fixed KBIND (ITS#717)
Fixed clients/tools -R handling (ITS#726)
+ Fixed -lldap TLS issues (ITS#733)
+ Fixed -lldap_r NT threads (ITS#732)
Fixed ldappasswd -A -S crash (ITS#714)
Fixed ldappasswd user argument usage
Fixed slapd disallow bind_anon (ITS#721)
Fixed slapd IPv6 issues (ITS#716)
Fixed slapd MIT KPASSWD Compatibility (ITS#715)
Fixed slapd time syntax routines (ITS#713)
- Updated slapd root DSE inappropriate op handling
+ Fixed slapd/ldbm DB_PRIVATE not set bug (ITS#725)
+ Fixed slapd/ldbm nextid reporting bug
+ Fixed slapd syntaxes/mr routines (ITS#739)
+ Fixed slurpd -r buffer overflow (ITS#722)
+ Updated slapd rootDSE inappropriate op handling
+ Added slapd syntax/mr routines
+ Added slapd allow/disallow options
+ Added slapd defaultSearchBase and DN verify (ITS#723)
Build Environment
Added test000-rootdse
+ Added Corba & Java Schema
+ Updated MSVC projects for BDB 3.1
Fixed Kerberos detection (ITS#717)
Remove incompatible contribWare
Documentation
- Fixed ldappasswd(1) user argument usage
+ Fixed ldappasswd(1) usage
Fixed ldapmodify(1) (ITS#719)
Updated release documents (ITS#720)
ac_help="$ac_help
--enable-referrals enable V2 Referrals extension (yes)"
ac_help="$ac_help
- --enable-kbind enable V2 Kerberos IV bind (auto)"
+ --enable-kbind enable V2 Kerberos IV bind (no)"
ac_help="$ac_help
--enable-ipv6 enable IPv6 support (auto)"
ac_help="$ac_help
ol_enable_kbind="$ol_arg"
else
- ol_enable_kbind="auto"
+ ol_enable_kbind="no"
fi
# end --enable-kbind
# OpenLDAP --enable-ipv6
fi
ol_with_kerberos=yes
elif test $ol_enable_kbind = no -o $ol_enable_kpasswd = no ; then
- if test $ol_with_kerberos != no -a $ol_with_kerberos != no ; then
+ if test $ol_with_kerberos != no -a $ol_with_kerberos != auto ; then
echo "configure: warning: Kerberos detection enabled unnecessarily" 1>&2;
fi
ol_with_kerberos=no
OL_ARG_ENABLE(proctitle,[ --enable-proctitle enable proctitle support], yes)dnl
OL_ARG_ENABLE(cache,[ --enable-cache enable caching], yes)dnl
OL_ARG_ENABLE(referrals,[ --enable-referrals enable V2 Referrals extension], yes)dnl
-OL_ARG_ENABLE(kbind,[ --enable-kbind enable V2 Kerberos IV bind], auto)dnl
+OL_ARG_ENABLE(kbind,[ --enable-kbind enable V2 Kerberos IV bind], no)dnl
OL_ARG_ENABLE(ipv6,[ --enable-ipv6 enable IPv6 support], auto)dnl
OL_ARG_ENABLE(local,[ --enable-local enable AF_LOCAL (AF_UNIX) socket support], auto)dnl
OL_ARG_ENABLE(x_compile,[ --enable-x-compile enable cross compiling],
fi
ol_with_kerberos=yes
elif test $ol_enable_kbind = no -o $ol_enable_kpasswd = no ; then
- if test $ol_with_kerberos != no -a $ol_with_kerberos != no ; then
+ if test $ol_with_kerberos != no -a $ol_with_kerberos != auto ; then
AC_MSG_WARN([Kerberos detection enabled unnecessarily]);
fi
ol_with_kerberos=no
by <who>).
See the "OpenLDAP's Administrator's Guide" for details.
.TP
+.B allow <features>
+Specify a set of features (separated by white space) to
+allow (default none).
+.B tls_2_anon
+allows Start TLS to force session to anonymous status (see also
+.B disallow
+.BR tls_authc ).
+.TP
.B argsfile <filename>
The ( absolute ) name of a file that will hold the
.B slapd
directives be used instead.
.RE
.TP
+.B defaultsearchbase <dn>
+Specify a default search base to use when client submits a
+non-base search request with an empty base DN.
+.TP
.B disallow <features>
-Specify a set of features (separated by white space) to disallow.
+Specify a set of features (separated by white space) to
+disallow (default none).
.B bind_v2
disables acceptance of LDAPv2 bind requests.
.B bind_anon
disables acceptance of anonymous bind requests.
.B bind_anon_cred
-disables anonymous bind creditials are not empty (e.g. when
-DN is empty).
+disables anonymous bind creditials are not empty (e.g.
+when DN is empty).
.B bind_anon_dn
disables anonymous bind when DN is not empty.
+.B bind_simple
+disables simple (bind) authentication.
+.B bind_krbv4
+disables Kerberos V4 (bind) authentication.
+.B tls_authc
+disables StartTLS if authenticated (see also
+.B allow
+.BR tls_2_anon ).
.TP
.B idletimeout <integer>
Specify the number of seconds to wait before forcibly closing
If specified multiple times, each url is provided.
.TP
.B require <conditions>
-Specify a set of conditions (separated by white space) to require.
+Specify a set of conditions (separated by white space) to
+require (default none).
The directive may be specified globally and/or per-database.
.B bind
requires bind operation prior to directory operations.
Specify the distinguished name that is not subject to access control
or administrative limit restrictions for operations on this database.
This DN may or may not be associated with an entry. An empty root
-DN, the default, specifies no root access is to be granted.
+DN (the default) specifies no root access is to be granted. It is
+recommended that the rootdn only be specified when needed (such as
+when initially populating a database).
.TP
.B rootpw <password>
Specify a password (or hash of the password) for the rootdn.
desription) as well as cleartext.
.BR slappasswd (8)
may be used to generate a hash of a password. Cleartext
-and \fB{CRYPT}\fP passwords are not recommended. The default
-is empty imply authentication of the root DN is by other means
+and \fB{CRYPT}\fP passwords are not recommended. If empty
+(the default), authentication of the root DN is by other means
(e.g. SASL). Use of SASL is encouraged.
.TP
.B suffix <dn suffix>
LDAP_BEGIN_DECL
-LDAP_LDBM_F (int) ldbm_initialize( void );
+LDAP_LDBM_F (int) ldbm_initialize( const char * );
LDAP_LDBM_F (int) ldbm_shutdown( void );
LDAP_LDBM_F (int) ldbm_errno( LDBM ldbm );
{1, ATTR_TLS, "TLS_KEY", NULL, LDAP_OPT_X_TLS_KEYFILE},
{0, ATTR_TLS, "TLS_CACERT", NULL, LDAP_OPT_X_TLS_CACERTFILE},
{0, ATTR_TLS, "TLS_CACERTDIR",NULL, LDAP_OPT_X_TLS_CACERTDIR},
- {1, ATTR_TLS, "TLS_REQCERT", NULL, LDAP_OPT_X_TLS_REQUIRE_CERT},
- {1, ATTR_TLS, "TLS_RANDFILE", NULL, LDAP_OPT_X_TLS_RANDOM_FILE},
+ {0, ATTR_TLS, "TLS_REQCERT", NULL, LDAP_OPT_X_TLS_REQUIRE_CERT},
+ {0, ATTR_TLS, "TLS_RANDFILE", NULL, LDAP_OPT_X_TLS_RANDOM_FILE},
#endif
{0, ATTR_NONE, NULL, NULL, 0}
ldap_int_utils_init();
-#ifdef HAVE_TLS
- ldap_pvt_tls_init();
-#endif
-
- ldap_int_sasl_init();
-
if ( ldap_int_tblsize == 0 )
ldap_int_ip_init();
}
openldap_ldap_init_w_env(gopts, NULL);
+
+ ldap_int_sasl_init();
}
#endif /* LDAP_R_COMPILE */
/*
- * Initialize tls system. Should be called only once.
+ * Initialize TLS subsystem. Should be called only once.
*/
int
ldap_pvt_tls_init( void )
static int tls_initialized = 0;
if ( tls_initialized ) return 0;
+ tls_initialized = 1;
(void) tls_seed_PRNG( tls_opt_randfile );
- tls_initialized = 1;
#ifdef LDAP_R_COMPILE
tls_init_threads();
#endif
+
SSL_load_error_strings();
SSLeay_add_ssl_algorithms();
+
/* FIXME: mod_ssl does this */
X509V3_add_standard_extensions();
return 0;
ber_sockbuf_ctrl( sb, LBER_SB_OPT_GET_SSL, (void *)&p );
return p;
}
- return NULL;
+
+ return NULL;
}
void *
int
ldap_pvt_tls_start ( LDAP *ld, Sockbuf *sb, void *ctx_arg )
{
- /* Make sure tls is initialized, including PRNG properly seeded. */
ldap_pvt_tls_init();
/*
{
#ifndef URANDOM_DEVICE
/* no /dev/urandom (or equiv) */
-
- char buffer[1024];
- static int egdsocket = 0;
+ char buffer[MAXPATHLEN];
if (randfile == NULL) {
/* The seed file is $RANDFILE if defined, otherwise $HOME/.rnd.
* an error occurs. - From RAND_file_name() man page.
* The fact is that when $HOME is NULL, .rnd is used.
*/
- randfile = RAND_file_name(buffer, sizeof( buffer ));
+ randfile = RAND_file_name( buffer, sizeof( buffer ) );
} else if (RAND_egd(randfile) > 0) {
/* EGD socket */
- egdsocket = 1;
return 0;
}
if (randfile == NULL) {
Debug( LDAP_DEBUG_ANY,
- "TLS: Use configuration file or $RANDFILE to define seed file",
+ "TLS: Use configuration file or $RANDFILE to define seed PRNG",
0, 0, 0);
return -1;
}
if (RAND_status() == 0) {
Debug( LDAP_DEBUG_ANY,
- "TLS: PRNG has not been seeded with enough data",
+ "TLS: PRNG not been seeded with enough data",
0, 0, 0);
return -1;
}
int
ldap_start_tls_s ( LDAP *ld,
- LDAPControl **serverctrls,
- LDAPControl **clientctrls )
+ LDAPControl **serverctrls,
+ LDAPControl **clientctrls )
{
#ifdef HAVE_TLS
- LDAPConn *lc;
int rc;
char *rspoid = NULL;
struct berval *rspdata = NULL;
- if (ld->ld_conns == NULL) {
- rc = ldap_open_defconn( ld );
- if (rc != LDAP_SUCCESS)
- return(rc);
+ /* XXYYZ: this initiates operaton only on default connection! */
+
+ if ( ldap_pvt_tls_inplace( ld->ld_sb ) != 0 ) {
+ return LDAP_LOCAL_ERROR;
}
- for (lc = ld->ld_conns; lc != NULL; lc = lc->lconn_next) {
- if (ldap_pvt_tls_inplace(lc->lconn_sb) != 0)
- return LDAP_OPERATIONS_ERROR;
-
- /* XXYYZ: this initiates operaton only on default connection! */
- rc = ldap_extended_operation_s(ld, LDAP_EXOP_START_TLS,
- NULL, serverctrls, clientctrls, &rspoid, &rspdata);
-
- if (rc != LDAP_SUCCESS)
- return rc;
- if (rspoid != NULL)
- LDAP_FREE(rspoid);
- if (rspdata != NULL)
- ber_bvfree(rspdata);
- rc = ldap_pvt_tls_start( ld, lc->lconn_sb, ld->ld_options.ldo_tls_ctx );
- if (rc != LDAP_SUCCESS)
- return rc;
+ rc = ldap_extended_operation_s( ld, LDAP_EXOP_START_TLS,
+ NULL, serverctrls, clientctrls, &rspoid, &rspdata );
+ if ( rc != LDAP_SUCCESS ) {
+ return rc;
}
- return LDAP_SUCCESS;
+
+ if ( rspoid != NULL ) {
+ LDAP_FREE(rspoid);
+ }
+
+ if ( rspdata != NULL ) {
+ ber_bvfree( rspdata );
+ }
+
+ rc = ldap_pvt_tls_start( ld, ld->ld_sb, ld->ld_options.ldo_tls_ctx );
+ return rc;
#else
return LDAP_NOT_SUPPORTED;
#endif
{
DWORD status;
status = WaitForSingleObject( (HANDLE) thread, INFINITE );
- if (status == WAIT_FAILED) {
- return -1;
- }
- return 0;
+ return status == WAIT_FAILED ? -1 : 0;
}
int
ldap_pvt_thread_cond_wait( ldap_pvt_thread_cond_t *cond,
ldap_pvt_thread_mutex_t *mutex )
{
- ReleaseMutex( *mutex );
SignalObjectAndWait( *mutex, *cond, INFINITE, FALSE );
WaitForSingleObject( *mutex, INFINITE );
return( 0 );
int
ldap_pvt_thread_mutex_lock( ldap_pvt_thread_mutex_t *mutex )
{
- WaitForSingleObject( *mutex, INFINITE );
- return ( 0 );
+ DWORD status;
+ status = WaitForSingleObject( *mutex, INFINITE );
+ return status == WAIT_FAILED ? -1 : 0;
}
int
ldap_pvt_thread_mutex_trylock( ldap_pvt_thread_mutex_t *mp )
{
DWORD status;
-
status = WaitForSingleObject( *mp, 0 );
- if ( (status == WAIT_FAILED) || (status == WAIT_TIMEOUT) )
- return 0;
- else
- return 1;
+ return status == WAIT_FAILED || status == WAIT_TIMEOUT
+ ? -1 : 0;
}
#endif
*******************************************************************/
#if defined( HAVE_BERKELEY_DB ) && (DB_VERSION_MAJOR >= 2)
-
void *
ldbm_malloc( size_t size )
{
/* a dbEnv for BERKELEYv2 */
DB_ENV *ldbm_Env = NULL;
-int ldbm_initialize( void )
+int ldbm_initialize( const char* home )
{
int err;
u_int32_t envFlags;
#endif
envFlags =
+#if defined( DB_PRIVATE )
+ DB_PRIVATE |
+#endif
#if defined( HAVE_BERKELEY_DB_THREAD )
DB_THREAD |
#endif
#if DB_VERSION_MAJOR >= 3
err = db_env_create( &ldbm_Env, 0 );
-#elif DB_VERSION_MAJOR >= 2
- err = db_appinit( NULL, NULL, ldbm_Env, envFlags );
+#else
+ envFlags |= DB_USE_ENVIRON;
+ err = db_appinit( home, NULL, ldbm_Env, envFlags );
#endif
if ( err ) {
#ifdef LDAP_SYSLOG
syslog( LOG_INFO,
+#if DB_VERSION_MAJOR >= 3
+ "ldbm_initialize(): FATAL error in db_env_create() : %s\n",
+#else
"ldbm_initialize(): FATAL error in db_appinit() : %s\n",
+#endif
error );
#endif
return( 1 );
ldbm_Env->set_errcall( ldbm_Env, ldbm_db_errcall );
ldbm_Env->set_errpfx( ldbm_Env, "==>" );
- envFlags |= DB_INIT_MPOOL;
+ envFlags |= DB_INIT_MPOOL | DB_USE_ENVIRON;
#if (DB_VERSION_MAJOR > 3) || (DB_VERSION_MINOR >= 1)
- err = ldbm_Env->open( ldbm_Env, NULL, envFlags, 0 );
+ err = ldbm_Env->open( ldbm_Env, home, envFlags, 0 );
#else
- err = ldbm_Env->open( ldbm_Env, NULL, NULL, envFlags, 0 );
+ err = ldbm_Env->open( ldbm_Env, home, NULL, envFlags, 0 );
#endif
if ( err != 0 )
{
#ifdef LDAP_SYSLOG
syslog( LOG_INFO,
- "ldbm_initialize(): FATAL error in db_appinit() : %s\n",
+ "ldbm_initialize(): FATAL error in dbEnv->open() : %s\n",
error );
#endif
ldbm_Env->close( ldbm_Env, 0 );
#else /* some DB other than Berkeley V2 or greater */
-int ldbm_initialize( void )
+int ldbm_initialize( const char * home )
{
if(ldbm_initialized++) return 1;
return 0;
}
-#endif /* ifdef HAVE_BERKELEY_DB */
+#endif /* HAVE_BERKELEY_DB */
#if defined( LDBM_USE_DBHASH ) || defined( LDBM_USE_DBBTREE )
e->e_id = next_id( be );
+ if( e->e_id == NOID ) {
+ if( p != NULL) {
+ /* free parent and writer lock */
+ cache_return_entry_w( &li->li_cache, p );
+ }
+
+ if ( rootlock ) {
+ /* release root lock */
+ ldap_pvt_thread_mutex_unlock(&li->li_root_mutex);
+ }
+
+ Debug( LDAP_DEBUG_ANY, "ldbm_add: next_id failed\n",
+ 0, 0, 0 );
+
+ send_ldap_result( conn, op, LDAP_OTHER,
+ NULL, "next_id add failed", NULL, NULL );
+
+ return( -1 );
+ }
+
/*
* Try to add the entry to the cache, assign it a new dnid.
*/
int rc;
/* initialize the underlying database system */
- rc = ldbm_initialize();
+ rc = ldbm_initialize( NULL );
return rc;
}
ldap_pvt_thread_mutex_unlock( &li->li_nextid_mutex );
return id;
-
}
mech = NULL;
cred.bv_val = NULL;
- ldap_pvt_thread_mutex_lock( &conn->c_mutex );
-
/*
* Force to connection to "anonymous" until bind succeeds.
*/
-
- if ( conn->c_authmech != NULL ) {
- free( conn->c_authmech );
- conn->c_authmech = NULL;
- }
-
- if ( conn->c_cdn != NULL ) {
- free( conn->c_cdn );
- conn->c_cdn = NULL;
- }
-
- if ( conn->c_dn != NULL ) {
- free( conn->c_dn );
- conn->c_dn = NULL;
- }
-
- conn->c_authc_backend = NULL;
- conn->c_authz_backend = NULL;
-
+ ldap_pvt_thread_mutex_lock( &conn->c_mutex );
+ connection2anonymous( conn );
ldap_pvt_thread_mutex_unlock( &conn->c_mutex );
if ( op->o_dn != NULL ) {
ldap_pvt_thread_mutex_unlock( &conn->c_mutex );
}
- /* accept "anonymous" binds */
- if ( cred.bv_len == 0 || ndn == NULL || *ndn == '\0' ) {
- rc = LDAP_SUCCESS;
- text = NULL;
-
- if( cred.bv_len &&
- ( global_disallows & SLAP_DISALLOW_BIND_ANON_CRED ))
- {
- /* cred is not empty, disallow */
- rc = LDAP_INVALID_CREDENTIALS;
-
- } else if ( ndn != NULL && *ndn != '\0' &&
- ( global_disallows & SLAP_DISALLOW_BIND_ANON_DN ))
- {
- /* DN is not empty, disallow */
+ if ( method == LDAP_AUTH_SIMPLE ) {
+ /* accept "anonymous" binds */
+ if ( cred.bv_len == 0 || ndn == NULL || *ndn == '\0' ) {
+ rc = LDAP_SUCCESS;
+ text = NULL;
+
+ if( cred.bv_len &&
+ ( global_disallows & SLAP_DISALLOW_BIND_ANON_CRED ))
+ {
+ /* cred is not empty, disallow */
+ rc = LDAP_INVALID_CREDENTIALS;
+
+ } else if ( ndn != NULL && *ndn != '\0' &&
+ ( global_disallows & SLAP_DISALLOW_BIND_ANON_DN ))
+ {
+ /* DN is not empty, disallow */
+ rc = LDAP_UNWILLING_TO_PERFORM;
+ text = "unwilling to allow anonymous bind with non-empty DN";
+
+ } else if ( global_disallows & SLAP_DISALLOW_BIND_ANON ) {
+ /* disallow */
+ rc = LDAP_INAPPROPRIATE_AUTH;
+ text = "anonymous bind disallowed";
+ }
+
+ /*
+ * we already forced connection to "anonymous",
+ * just need to send success
+ */
+ send_ldap_result( conn, op, rc,
+ NULL, text, NULL, NULL );
+ Debug( LDAP_DEBUG_TRACE, "do_bind: v%d anonymous bind\n",
+ version, 0, 0 );
+ goto cleanup;
+
+ } else if ( global_disallows & SLAP_DISALLOW_BIND_SIMPLE ) {
+ /* disallow simple authentication */
rc = LDAP_UNWILLING_TO_PERFORM;
- text = "unwilling to allow anonymous bind with non-empty DN";
+ text = "unwilling to perform simple authentication";
+
+ send_ldap_result( conn, op, rc,
+ NULL, text, NULL, NULL );
+ Debug( LDAP_DEBUG_TRACE,
+ "do_bind: v%d simple bind(%s) disallowed\n",
+ version, ndn, 0 );
+ goto cleanup;
+ }
- } else if ( global_disallows & SLAP_DISALLOW_BIND_ANON ) {
- /* disallow */
+#ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND
+ } else if ( method == LDAP_AUTH_KRBV41 || method == LDAP_AUTH_KRBV42 ) {
+ if ( global_disallows & SLAP_DISALLOW_BIND_KRBV4 ) {
+ /* disallow simple authentication */
rc = LDAP_UNWILLING_TO_PERFORM;
- text = "anonymous bind disallowed";
+ text = "unwilling to perform Kerberos V4 bind";
+
+ send_ldap_result( conn, op, rc,
+ NULL, text, NULL, NULL );
+ Debug( LDAP_DEBUG_TRACE, "do_bind: v%d Kerberos V4 bind\n",
+ version, 0, 0 );
+ goto cleanup;
}
+#endif
+
+ } else {
+ rc = LDAP_AUTH_UNKNOWN;
+ text = "unknown authentication method";
- /*
- * we already forced connection to "anonymous",
- * just need to send success
- */
send_ldap_result( conn, op, rc,
NULL, text, NULL, NULL );
- Debug( LDAP_DEBUG_TRACE, "do_bind: v%d anonymous bind\n",
- version, 0, 0 );
+ Debug( LDAP_DEBUG_TRACE,
+ "do_bind: v%d unknown authentication method (%d)\n",
+ version, method, 0 );
goto cleanup;
}
AccessControl *global_acl = NULL;
slap_access_t global_default_access = ACL_READ;
slap_mask_t global_restrictops = 0;
+slap_mask_t global_allows = 0;
slap_mask_t global_disallows = 0;
slap_mask_t global_requires = 0;
slap_ssf_set_t global_ssf_set;
char *global_realm = NULL;
char *ldap_srvtab = "";
char *default_passwd_hash;
+char *default_search_base = NULL;
+char *default_search_nbase = NULL;
char *slapd_pid_file = NULL;
char *slapd_args_file = NULL;
ldap_pvt_thread_set_concurrency( c );
+ /* default search base */
+ } else if ( strcasecmp( cargv[0], "defaultSearchBase" ) == 0 ) {
+ if ( cargc < 2 ) {
+ Debug( LDAP_DEBUG_ANY, "%s: line %d: "
+ "missing dn in \"defaultSearchBase <dn>\" line\n",
+ fname, lineno, 0 );
+ return 1;
+
+ } else if ( cargc > 2 ) {
+ Debug( LDAP_DEBUG_ANY, "%s: line %d: "
+ "extra cruft after <dn> in \"defaultSearchBase %s\", "
+ "line (ignored)\n",
+ fname, lineno, cargv[1] );
+ }
+
+ if ( bi != NULL || be != NULL ) {
+ Debug( LDAP_DEBUG_ANY, "%s: line %d: "
+ "defaultSearchBaase line must appear prior to "
+ "any backend or database definition\n",
+ fname, lineno, 0 );
+ return 1;
+ }
+
+ if ( default_search_nbase != NULL ) {
+ Debug( LDAP_DEBUG_ANY, "%s: line %d: "
+ "default search base \"%s\" already defined "
+ "(discarding old)\n",
+ fname, lineno, default_search_base );
+ free( default_search_base );
+ free( default_search_nbase );
+ }
+
+ default_search_base = ch_strdup( cargv[1] );
+ default_search_nbase = ch_strdup( cargv[1] );
+
+ if( dn_normalize( default_search_nbase ) == NULL ) {
+ Debug( LDAP_DEBUG_ANY, "%s: line %d: "
+ "invalid default search base \"%s\"\n",
+ fname, lineno, default_search_base );
+ return 1;
+ }
+
/* set maximum threads in thread pool */
} else if ( strcasecmp( cargv[0], "threads" ) == 0 ) {
int c;
fname, lineno, tmp_be->be_suffix[0] );
} else {
char *dn = ch_strdup( cargv[1] );
- (void) dn_validate( dn );
+ if( dn_validate( dn ) == NULL ) {
+ Debug( LDAP_DEBUG_ANY, "%s: line %d: "
+ "suffix DN invalid \"%s\"\n",
+ fname, lineno, cargv[1] );
+ return 1;
+
+ } else if( *dn == '\0' && default_search_nbase != NULL ) {
+ Debug( LDAP_DEBUG_ANY, "%s: line %d: "
+ "suffix DN empty and default "
+ "search base provided \"%s\" (assuming okay)\n",
+ fname, lineno, default_search_base );
+ }
charray_add( &be->be_suffix, dn );
(void) ldap_pvt_str2upper( dn );
charray_add( &be->be_nsuffix, dn );
}
+ /* allow these features */
+ } else if ( strcasecmp( cargv[0], "allows" ) == 0 ||
+ strcasecmp( cargv[0], "allow" ) == 0 )
+ {
+ slap_mask_t allows;
+
+ if ( be != NULL ) {
+ Debug( LDAP_DEBUG_ANY,
+"%s: line %d: allow line must appear prior to database definitions\n",
+ fname, lineno, 0 );
+ }
+
+ if ( cargc < 2 ) {
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: missing feature(s) in \"allow <features>\" line\n",
+ fname, lineno, 0 );
+ return( 1 );
+ }
+
+ allows = 0;
+
+ for( i=1; i < cargc; i++ ) {
+ if( strcasecmp( cargv[i], "tls_2_anon" ) == 0 ) {
+ allows |= SLAP_ALLOW_TLS_2_ANON;
+
+ } else if( strcasecmp( cargv[i], "none" ) != 0 ) {
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: unknown feature %s in \"allow <features>\" line\n",
+ fname, lineno, cargv[i] );
+ return( 1 );
+ }
+ }
+
+ global_allows = allows;
+
/* disallow these features */
} else if ( strcasecmp( cargv[0], "disallows" ) == 0 ||
strcasecmp( cargv[0], "disallow" ) == 0 )
if ( cargc < 2 ) {
Debug( LDAP_DEBUG_ANY,
- "%s: line %d: missing feature(s) in \"disallows <features>\" line\n",
+ "%s: line %d: missing feature(s) in \"disallow <features>\" line\n",
fname, lineno, 0 );
return( 1 );
}
} else if( strcasecmp( cargv[i], "bind_anon_dn" ) == 0 ) {
disallows |= SLAP_DISALLOW_BIND_ANON_DN;
+ } else if( strcasecmp( cargv[i], "bind_simple" ) == 0 ) {
+ disallows |= SLAP_DISALLOW_BIND_SIMPLE;
+
+ } else if( strcasecmp( cargv[i], "bind_krbv4" ) == 0 ) {
+ disallows |= SLAP_DISALLOW_BIND_KRBV4;
+
+ } else if( strcasecmp( cargv[i], "tls_authc" ) == 0 ) {
+ disallows |= SLAP_DISALLOW_TLS_AUTHC;
+
} else if( strcasecmp( cargv[i], "none" ) != 0 ) {
Debug( LDAP_DEBUG_ANY,
"%s: line %d: unknown feature %s in \"disallow <features>\" line\n",
return id;
}
+void connection2anonymous( Connection *c )
+{
+ assert( connections != NULL );
+ assert( c != NULL );
+
+ if(c->c_authmech != NULL ) {
+ free(c->c_authmech);
+ c->c_authmech = NULL;
+ }
+
+ if(c->c_dn != NULL) {
+ free(c->c_dn);
+ c->c_dn = NULL;
+ }
+
+ if(c->c_cdn != NULL) {
+ free(c->c_cdn);
+ c->c_cdn = NULL;
+ }
+
+ c->c_authc_backend = NULL;
+ c->c_authz_backend = NULL;
+}
+
static void
connection_destroy( Connection *c )
{
c->c_activitytime = c->c_starttime = 0;
- if(c->c_authmech != NULL ) {
- free(c->c_authmech);
- c->c_authmech = NULL;
- }
- if(c->c_dn != NULL) {
- free(c->c_dn);
- c->c_dn = NULL;
- }
- if(c->c_cdn != NULL) {
- free(c->c_cdn);
- c->c_cdn = NULL;
- }
+ connection2anonymous( c );
+
if(c->c_listener_url != NULL) {
free(c->c_listener_url);
c->c_listener_url = NULL;
}
+
if(c->c_peer_domain != NULL) {
free(c->c_peer_domain);
c->c_peer_domain = NULL;
/* connections_mutex and c_mutex are locked */
connection_closing( c );
connection_close( c );
+ connection_return( c );
+ ldap_pvt_thread_mutex_unlock( &connections_mutex );
+ return 0;
}
- if ( ber_sockbuf_ctrl( c->c_sb, LBER_SB_OPT_NEEDS_READ, NULL ) )
+ if ( ber_sockbuf_ctrl( c->c_sb, LBER_SB_OPT_NEEDS_READ, NULL ) ) {
slapd_set_read( s, 1 );
- if ( ber_sockbuf_ctrl( c->c_sb, LBER_SB_OPT_NEEDS_WRITE, NULL ) )
+ }
+
+ if ( ber_sockbuf_ctrl( c->c_sb, LBER_SB_OPT_NEEDS_WRITE, NULL ) ) {
slapd_set_write( s, 1 );
+ }
+
connection_return( c );
ldap_pvt_thread_mutex_unlock( &connections_mutex );
return 0;
LDAP_SLAPD_F (Connection *) connection_next LDAP_P((Connection *, ber_socket_t *));
LDAP_SLAPD_F (void) connection_done LDAP_P((Connection *));
+LDAP_SLAPD_F (void) connection2anonymous LDAP_P((Connection *));
+
/*
* dn.c
*/
LDAP_SLAPD_F (Entry *) str2entry LDAP_P(( char *s ));
LDAP_SLAPD_F (char *) entry2str LDAP_P(( Entry *e, int *len ));
-LDAP_SLAPD_F (void) entry_free LDAP_P(( Entry *e ));
+LDAP_SLAPD_F (int) entry_decode LDAP_P(( struct berval *bv, Entry **e ));
+LDAP_SLAPD_F (int) entry_encode LDAP_P(( Entry *e, struct berval **bv ));
+
+LDAP_SLAPD_F (void) entry_free LDAP_P(( Entry *e ));
LDAP_SLAPD_F (int) entry_cmp LDAP_P(( Entry *a, Entry *b ));
LDAP_SLAPD_F (int) entry_dn_cmp LDAP_P(( Entry *a, Entry *b ));
LDAP_SLAPD_F (int) entry_id_cmp LDAP_P(( Entry *a, Entry *b ));
*/
LDAP_SLAPD_F (slap_mask_t) global_restrictops;
+LDAP_SLAPD_F (slap_mask_t) global_allows;
LDAP_SLAPD_F (slap_mask_t) global_disallows;
LDAP_SLAPD_F (slap_mask_t) global_requires;
LDAP_SLAPD_F (slap_ssf_set_t) global_ssf_set;
LDAP_SLAPD_F (char) *default_passwd_hash;
LDAP_SLAPD_F (int) lber_debug;
LDAP_SLAPD_F (int) ldap_syslog;
+LDAP_SLAPD_F (char *) default_search_base;
+LDAP_SLAPD_F (char *) default_search_nbase;
LDAP_SLAPD_F (ldap_pvt_thread_mutex_t) num_sent_mutex;
LDAP_SLAPD_F (long) num_bytes_sent;
File Description
---- -----------
+corba.schema Corba Object (RFC 2714) schema
core.schema OpenLDAP "core"
cosine.schema COSINE Pilot schema
inetorgperson.schema InetOrgPerson schema
+java.schema Java Object (RFC 2713) schema
krb5-kdc.schema Kerberos V KDC schema
microsoft.ext.schema Microsoft schema
microsoft.schema Microsoft schema
--- /dev/null
+# Corba Object Schema
+# $OpenLDAP$
+# depends upon core.schema
+
+# Network Working Group V. Ryan
+# Request for Comments: 2714 R. Lee
+# Category: Informational S. Seligman
+# Sun Microsystems, Inc.
+# October 1999
+#
+#
+# Schema for Representing CORBA Object References in an LDAP Directory
+#
+# Status of this Memo
+#
+# This memo provides information for the Internet community. It does
+# not specify an Internet standard of any kind. Distribution of this
+# memo is unlimited.
+#
+# Copyright Notice
+#
+# Copyright (C) The Internet Society (1999). All Rights Reserved.
+#
+# Abstract
+#
+# CORBA [CORBA] is the Common Object Request Broker Architecture
+# defined by the Object Management Group. This document defines the
+# schema for representing CORBA object references in an LDAP directory
+# [LDAPv3].
+#
+# [trimmed]
+
+# 3. Attribute Type Definitions
+#
+# The following attribute types are defined in this document:
+#
+# corbaIor
+# corbaRepositoryId
+#
+# 3.1 corbaIor
+#
+# This attribute stores the string representation of the interoperable
+# object reference (IOR) for a CORBA object. An IOR is an opaque handle
+# for the object which contains the information necessary to locate the
+# object, even if the object is in another ORB.
+#
+# This attribute's syntax is 'IA5 String' and its case is
+# insignificant.
+#
+# ( 1.3.6.1.4.1.42.2.27.4.1.14
+# NAME 'corbaIor'
+# DESC 'Stringified interoperable object reference of a CORBA object'
+# EQUALITY caseIgnoreIA5Match
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+# SINGLE-VALUE
+# )
+#
+attributetype ( 1.3.6.1.4.1.42.2.27.4.1.14
+ NAME 'corbaIor'
+ DESC 'Stringified interoperable object reference of a CORBA object'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+ SINGLE-VALUE )
+
+# 3.2 corbaRepositoryId
+#
+# Each CORBA interface has a unique "repository id" (also called "type
+# id") that identifies the interface. A CORBA object has one or more
+# repository ids, one for each interface that it implements.
+#
+# The format of a repository id can be any string, but the OMG
+# specifies four standard formats:
+#
+# a. IDL-style
+#
+# IDL:Prefix/ModuleName/InterfaceName:VersionNumber
+#
+# For example, the repository id for the "NamingContext" in OMG's COS
+# Naming module is: "IDL:omg.org/CosNaming/NamingContext:1.0".
+#
+# b. RMI-style
+#
+# RMI:ClassName:HashCode[:SUID]
+#
+# This format is used by RMI-IIOP remote objects [RMI-IIOP].
+# "ClassName" is the fully qualified name of the class (for example,
+# "java.lang.String"). "HashCode" is the object's hash code (that is,
+# that obtained by invoking the "hashCode()" method). "SUID" is the
+# "stream unique identifier", which is a 64-bit number that uniquely
+# identifies the serialization version of the class; SUID is optional
+# in the repository id.
+#
+# c. DCE-style
+#
+# DCE:UUID
+#
+# This format is used for DCE/CORBA interoperability [CORBA-DCE].
+# "UUID" represents a DCE UUID.
+#
+# d. "local"
+#
+# This format is defined by the local Object Request Broker (ORB).
+#
+# The corbaRepositoryId attribute is a multivalued attribute; each
+# value records a single repository id of an interface implemented by
+# the CORBA object. This attribute need not contain a complete list of
+# the interfaces implemented by the CORBA object.
+#
+# This attribute's syntax is 'Directory String' and its case is
+# significant. The values of this attribute are encoded using UTF-8.
+# Some values may require translation from their native representation
+# in order to be correctly encoded using UTF-8.
+#
+# ( 1.3.6.1.4.1.42.2.27.4.1.15
+# NAME 'corbaRepositoryId'
+# DESC 'Repository ids of interfaces implemented by a CORBA object'
+# EQUALITY caseExactMatch
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+# )
+#
+#
+attributetype ( 1.3.6.1.4.1.42.2.27.4.1.15
+ NAME 'corbaRepositoryId'
+ DESC 'Repository ids of interfaces implemented by a CORBA object'
+ EQUALITY caseExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+# 4. Object Class Definitions
+#
+# The following object classes are defined in this document:
+#
+# corbaContainer
+# corbaObject
+# corbaObjectReference
+#
+# 4.1 corbaContainer
+#
+# This structural object class represents a container for a CORBA
+# object.
+#
+# ( 1.3.6.1.4.1.42.2.27.4.2.10
+# NAME 'corbaContainer'
+# DESC 'Container for a CORBA object'
+# SUP top
+# STRUCTURAL
+# MUST ( cn )
+# )
+#
+objectclass ( 1.3.6.1.4.1.42.2.27.4.2.10
+ NAME 'corbaContainer'
+ DESC 'Container for a CORBA object'
+ SUP top
+ STRUCTURAL
+ MUST cn )
+
+# 4.2 corbaObject
+#
+# This abstract object class is the root class for representing a CORBA
+# object.
+#
+# ( 1.3.6.1.4.1.42.2.27.4.2.9
+# NAME 'corbaObject'
+# DESC 'CORBA object representation'
+# SUP top
+# ABSTRACT
+# MAY ( corbaRepositoryId $ description )
+# )
+#
+objectclass ( 1.3.6.1.4.1.42.2.27.4.2.9
+ NAME 'corbaObject'
+ DESC 'CORBA object representation'
+ SUP top
+ ABSTRACT
+ MAY ( corbaRepositoryId $ description ) )
+
+# 4.3 corbaObjectReference
+#
+# This auxiliary object class represents a CORBA object reference. It
+# must be mixed in with a structural object class.
+#
+# ( 1.3.6.1.4.1.42.2.27.4.2.11
+# NAME 'corbaObjectReference'
+# DESC 'CORBA interoperable object reference'
+# SUP corbaObject
+# AUXILIARY
+# MUST ( corbaIor )
+# )
+#
+objectclass ( 1.3.6.1.4.1.42.2.27.4.2.11
+ NAME 'corbaObjectReference'
+ DESC 'CORBA interoperable object reference'
+ SUP corbaObject
+ AUXILIARY
+ MUST corbaIor )
+
+# 10. Full Copyright Statement
+#
+# Copyright (C) The Internet Society (1999). All Rights Reserved.
+#
+# This document and translations of it may be copied and furnished to
+# others, and derivative works that comment on or otherwise explain it
+# or assist in its implementation may be prepared, copied, published
+# and distributed, in whole or in part, without restriction of any
+# kind, provided that the above copyright notice and this paragraph are
+# included on all such copies and derivative works. However, this
+# document itself may not be modified in any way, such as by removing
+# the copyright notice or references to the Internet Society or other
+# Internet organizations, except as needed for the purpose of
+# developing Internet standards in which case the procedures for
+# copyrights defined in the Internet Standards process must be
+# followed, or as required to translate it into languages other than
+# English.
+#
+# The limited permissions granted above are perpetual and will not be
+# revoked by the Internet Society or its successors or assigns.
+#
+# This document and the information contained herein is provided on an
+# "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
+# TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
+# BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
+# HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
+# MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
--- /dev/null
+# Java Object Schema
+# $OpenLDAP$
+# depends upon core.schema
+
+# Network Working Group V. Ryan
+# Request for Comments: 2713 S. Seligman
+# Category: Informational R. Lee
+# Sun Microsystems, Inc.
+# October 1999
+#
+#
+# Schema for Representing Java(tm) Objects in an LDAP Directory
+#
+# Status of this Memo
+#
+# This memo provides information for the Internet community. It does
+# not specify an Internet standard of any kind. Distribution of this
+# memo is unlimited.
+#
+# Copyright Notice
+#
+# Copyright (C) The Internet Society (1999). All Rights Reserved.
+#
+# Abstract
+#
+# This document defines the schema for representing Java(tm) objects in
+# an LDAP directory [LDAPv3]. It defines schema elements to represent
+# a Java serialized object [Serial], a Java marshalled object [RMI], a
+# Java remote object [RMI], and a JNDI reference [JNDI].
+#
+
+# [trimmed]
+
+# 3 Attribute Type Definitions
+#
+# The following attribute types are defined in this document:
+#
+# javaClassName
+# javaClassNames
+# javaCodebase
+# javaSerializedData
+# javaFactory
+# javaReferenceAddress
+# javaDoc
+#
+# 3.1 javaClassName
+#
+# This attribute stores the fully qualified name of the Java object's
+# "distinguished" class or interface (for example, "java.lang.String").
+# It is a single-valued attribute. This attribute's syntax is '
+# Directory String' and its case is significant.
+#
+# ( 1.3.6.1.4.1.42.2.27.4.1.6
+# NAME 'javaClassName'
+# DESC 'Fully qualified name of distinguished Java class or
+# interface'
+# EQUALITY caseExactMatch
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+# SINGLE-VALUE
+# )
+#
+attributetype ( 1.3.6.1.4.1.42.2.27.4.1.6
+ NAME 'javaClassName'
+ DESC 'Fully qualified name of distinguished Java class or interface'
+ EQUALITY caseExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+ SINGLE-VALUE )
+
+# 3.2 javaCodebase
+#
+# This attribute stores the Java class definition's locations. It
+# specifies the locations from which to load the class definition for
+# the class specified by the javaClassName attribute. Each value of
+# the attribute contains an ordered list of URLs, separated by spaces.
+# For example, a value of "url1 url2 url3" means that the three
+# (possibly interdependent) URLs (url1, url2, and url3) form the
+# codebase for loading in the Java class definition.
+#
+# If the javaCodebase attribute contains more than one value, each
+# value is an independent codebase. That is, there is no relationship
+# between the URLs in one value and those in another; each value can be
+# viewed as an alternate source for loading the Java class definition.
+# See [Java] for information regarding class loading.
+#
+# This attribute's syntax is 'IA5 String' and its case is significant.
+#
+# ( 1.3.6.1.4.1.42.2.27.4.1.7
+# NAME 'javaCodebase'
+# DESC 'URL(s) specifying the location of class definition'
+# EQUALITY caseExactIA5Match
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+# )
+#
+attributetype ( 1.3.6.1.4.1.42.2.27.4.1.7
+ NAME 'javaCodebase'
+ DESC 'URL(s) specifying the location of class definition'
+ EQUALITY caseExactIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+# 3.3 javaClassNames
+#
+# This attribute stores the Java object's fully qualified class or
+# interface names (for example, "java.lang.String"). It is a
+# multivalued attribute. When more than one value is present, each is
+# the name of a class or interface, or ancestor class or interface, of
+# this object.
+#
+# This attribute's syntax is 'Directory String' and its case is
+# significant.
+#
+# ( 1.3.6.1.4.1.42.2.27.4.1.13
+# NAME 'javaClassNames'
+# DESC 'Fully qualified Java class or interface name'
+# EQUALITY caseExactMatch
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+# )
+#
+#
+attributetype ( 1.3.6.1.4.1.42.2.27.4.1.13
+ NAME 'javaClassNames'
+ DESC 'Fully qualified Java class or interface name'
+ EQUALITY caseExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+# 3.4 javaSerializedData
+#
+# This attribute stores the serialized form of a Java object. The
+# serialized form is described in [Serial].
+#
+# This attribute's syntax is 'Octet String'.
+#
+# ( 1.3.6.1.4.1.42.2.27.4.1.8
+# NAME 'javaSerializedData
+# DESC 'Serialized form of a Java object'
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
+# SINGLE-VALUE
+# )
+#
+attributetype ( 1.3.6.1.4.1.42.2.27.4.1.8
+ NAME 'javaSerializedData
+ DESC 'Serialized form of a Java object'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
+ SINGLE-VALUE )
+
+# 3.5 javaFactory
+#
+# This attribute stores the fully qualified class name of the object
+# factory (for example, "com.wiz.jndi.WizObjectFactory") that can be
+# used to create an instance of the object identified by the
+# javaClassName attribute.
+#
+# This attribute's syntax is 'Directory String' and its case is
+# significant.
+#
+# ( 1.3.6.1.4.1.42.2.27.4.1.10
+# NAME 'javaFactory'
+# DESC 'Fully qualified Java class name of a JNDI object factory'
+# EQUALITY caseExactMatch
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+# SINGLE-VALUE
+# )
+#
+atttributetype ( 1.3.6.1.4.1.42.2.27.4.1.10
+ NAME 'javaFactory'
+ DESC 'Fully qualified Java class name of a JNDI object factory'
+ EQUALITY caseExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+ SINGLE-VALUE )
+
+# 3.6 javaReferenceAddress
+#
+# This attribute represents the sequence of addresses of a JNDI
+# reference. Each of its values represents one address, a Java object
+# of type javax.naming.RefAddr. Its value is a concatenation of the
+# address type and address contents, preceded by a sequence number (the
+# order of addresses in a JNDI reference is significant). For example:
+#
+# #0#TypeA#ValA
+# #1#TypeB#ValB
+# #2#TypeC##rO0ABXNyABpq...
+#
+# In more detail, the value is encoded as follows:
+#
+# The delimiter is the first character of the value. For readability
+# the character '#' is recommended when it is not otherwise used
+# anywhere in the value, but any character may be used subject to
+# restrictions given below.
+#
+# The first delimiter is followed by the sequence number. The sequence
+# number of an address is its position in the JNDI reference, with the
+# first address being numbered 0. It is represented by its shortest
+# string form, in decimal notation.
+#
+# The sequence number is followed by a delimiter, then by the address
+# type, and then by another delimiter. If the address is of Java class
+# javax.naming.StringRefAddr, then this delimiter is followed by the
+# value of the address contents (which is a string). Otherwise, this
+# delimiter is followed immediately by another delimiter, and then by
+# the Base64 encoding of the serialized form of the entire address.
+#
+# The delimiter may be any character other than a digit or a character
+# contained in the address type. In addition, if the address contents
+# is a string, the delimiter may not be the first character of that
+# string.
+#
+# This attribute's syntax is 'Directory String' and its case is
+# significant. It can contain multiple values.
+#
+# ( 1.3.6.1.4.1.42.2.27.4.1.11
+# NAME 'javaReferenceAddress'
+# DESC 'Addresses associated with a JNDI Reference'
+# EQUALITY caseExactMatch
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+# )
+#
+attributetype ( 1.3.6.1.4.1.42.2.27.4.1.11
+ NAME 'javaReferenceAddress'
+ DESC 'Addresses associated with a JNDI Reference'
+ EQUALITY caseExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+# 3.7 javaDoc
+#
+# This attribute stores a pointer to the Java documentation for the
+# class. It's value is a URL. For example, the following URL points to
+# the specification of the java.lang.String class:
+# http://java.sun.com/products/jdk/1.2/docs/api/java/lang/String.html
+#
+# This attribute's syntax is 'IA5 String' and its case is significant.
+#
+# ( 1.3.6.1.4.1.42.2.27.4.1.12
+# NAME 'javaDoc'
+# DESC 'The Java documentation for the class'
+# EQUALITY caseExactIA5Match
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+# )
+#
+attributetype ( 1.3.6.1.4.1.42.2.27.4.1.12
+ NAME 'javaDoc'
+ DESC 'The Java documentation for the class'
+ EQUALITY caseExactIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+# 4 Object Class Definitions
+#
+# The following object classes are defined in this document:
+#
+# javaContainer
+# javaObject
+# javaSerializedObject
+# javaMarshalledObject
+# javaNamingReference
+#
+# 4.1 javaContainer
+#
+# This structural object class represents a container for a Java
+# object.
+#
+# ( 1.3.6.1.4.1.42.2.27.4.2.1
+# NAME 'javaContainer'
+# DESC 'Container for a Java object'
+# SUP top
+# STRUCTURAL
+# MUST ( cn )
+# )
+#
+objectclass ( 1.3.6.1.4.1.42.2.27.4.2.1
+ NAME 'javaContainer'
+ DESC 'Container for a Java object'
+ SUP top
+ STRUCTURAL
+ MUST cn )
+
+# 4.2 javaObject
+#
+# This abstract object class represents a Java object. A javaObject
+# cannot exist in the directory; only auxiliary or structural
+# subclasses of it can exist in the directory.
+#
+# ( 1.3.6.1.4.1.42.2.27.4.2.4
+# NAME 'javaObject'
+# DESC 'Java object representation'
+# SUP top
+# ABSTRACT
+# MUST ( javaClassName )
+# MAY ( javaClassNames $
+# javaCodebase $
+# javaDoc $
+# description )
+# )
+#
+objectclass ( 1.3.6.1.4.1.42.2.27.4.2.4
+ NAME 'javaObject'
+ DESC 'Java object representation'
+ SUP top
+ ABSTRACT
+ MUST javaClassName
+ MAY ( javaClassNames $ javaCodebase $
+ javaDoc $ description ) )
+
+# 4.3 javaSerializedObject
+#
+# This auxiliary object class represents a Java serialized object. It
+# must be mixed in with a structural object class.
+#
+# ( 1.3.6.1.4.1.42.2.27.4.2.5
+# NAME 'javaSerializedObject'
+# DESC 'Java serialized object'
+# SUP javaObject
+# AUXILIARY
+# MUST ( javaSerializedData )
+# )
+#
+objectclass ( 1.3.6.1.4.1.42.2.27.4.2.5
+ NAME 'javaSerializedObject'
+ DESC 'Java serialized object'
+ SUP javaObject
+ AUXILIARY
+ MUST javaSerializedData )
+
+# 4.4 javaMarshalledObject
+#
+# This auxiliary object class represents a Java marshalled object. It
+# must be mixed in with a structural object class.
+#
+# ( 1.3.6.1.4.1.42.2.27.4.2.8
+# NAME 'javaMarshalledObject'
+# DESC 'Java marshalled object'
+# SUP javaObject
+# AUXILIARY
+# MUST ( javaSerializedData )
+# )
+#
+objectclass ( 1.3.6.1.4.1.42.2.27.4.2.8
+ NAME 'javaMarshalledObject'
+ DESC 'Java marshalled object'
+ SUP javaObject
+ AUXILIARY
+ MUST javaSerializedData )
+
+# 4.5 javaNamingReference
+#
+# This auxiliary object class represents a JNDI reference. It must be
+# mixed in with a structural object class.
+#
+# ( 1.3.6.1.4.1.42.2.27.4.2.7
+# NAME 'javaNamingReference'
+# DESC 'JNDI reference'
+# SUP javaObject
+# AUXILIARY
+# MAY ( javaReferenceAddress $
+# javaFactory )
+# )
+#
+objectclass ( 1.3.6.1.4.1.42.2.27.4.2.7
+ NAME 'javaNamingReference'
+ DESC 'JNDI reference'
+ SUP javaObject
+ AUXILIARY
+ MAY ( javaReferenceAddress $ javaFactory ) )
+
+# Full Copyright Statement
+#
+# Copyright (C) The Internet Society (1999). All Rights Reserved.
+#
+# This document and translations of it may be copied and furnished to
+# others, and derivative works that comment on or otherwise explain it
+# or assist in its implementation may be prepared, copied, published
+# and distributed, in whole or in part, without restriction of any
+# kind, provided that the above copyright notice and this paragraph are
+# included on all such copies and derivative works. However, this
+# document itself may not be modified in any way, such as by removing
+# the copyright notice or references to the Internet Society or other
+# Internet organizations, except as needed for the purpose of
+# developing Internet standards in which case the procedures for
+# copyrights defined in the Internet Standards process must be
+# followed, or as required to translate it into languages other than
+# English.
+#
+# The limited permissions granted above are perpetual and will not be
+# revoked by the Internet Society or its successors or assigns.
+#
+# This document and the information contained herein is provided on an
+# "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
+# TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
+# BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
+# HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
+# MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
/* recycled validatation routines */
#define berValidate blobValidate
-#define nameUIDValidate dnValidate
-
-/* unimplemented validators */
-#define bitStringValidate NULL
/* recycled normalization routines */
#define faxNumberNormalize numericStringNormalize
#define phoneNumberNormalize numericStringNormalize
#define telexNumberNormalize numericStringNormalize
-#define integerNormalize numericStringNormalize
-#define nameUIDNormalize dnNormalize
/* unimplemented normalizers */
#define bitStringNormalize NULL
#define dnPretty NULL
#define integerPretty NULL
-/* recycled pretters */
-#define nameUIDPretty dnPretty
-
/* recycled matching routines */
-#define caseIgnoreMatch caseIgnoreIA5Match
-#define caseIgnoreOrderingMatch caseIgnoreMatch
-#define caseIgnoreSubstringsMatch caseIgnoreIA5SubstringsMatch
-
-#define caseExactMatch caseExactIA5Match
-#define caseExactOrderingMatch caseExactMatch
-#define caseExactSubstringsMatch caseExactIA5SubstringsMatch
-
+#define bitStringMatch octetStringMatch
+#define integerMatch caseIgnoreIA5Match
#define numericStringMatch caseIgnoreMatch
#define objectIdentifierMatch numericStringMatch
-#define integerMatch numericStringMatch
#define telephoneNumberMatch numericStringMatch
#define telephoneNumberSubstringsMatch caseIgnoreIA5SubstringsMatch
#define generalizedTimeMatch numericStringMatch
#define generalizedTimeOrderingMatch numericStringMatch
#define uniqueMemberMatch dnMatch
+/* approx matching rules */
+#define directoryStringApproxMatchOID "1.3.6.1.4.1.4203.666.4.4"
+#define directoryStringApproxMatch NULL
+#define IA5StringApproxMatchOID "1.3.6.1.4.1.4203.666.4.5"
+#define IA5StringApproxMatch NULL
+
+/* orderring matching rules */
+#define caseIgnoreOrderingMatch caseIgnoreMatch
+#define caseExactOrderingMatch caseExactMatch
+
/* unimplemented matching routines */
#define caseIgnoreListMatch NULL
#define caseIgnoreListSubstringsMatch NULL
-#define bitStringMatch NULL
#define presentationAddressMatch NULL
#define protocolInformationMatch NULL
#define integerFirstComponentMatch NULL
#define OpenLDAPaciMatch NULL
+#define authPasswordMatch NULL
/* recycled indexing/filtering routines */
-#define caseIgnoreIndexer caseIgnoreIA5Indexer
-#define caseIgnoreFilter caseIgnoreIA5Filter
-#define caseExactIndexer caseExactIA5Indexer
-#define caseExactFilter caseExactIA5Filter
#define dnIndexer caseIgnoreIndexer
#define dnFilter caseIgnoreFilter
+#define integerIndexer caseIgnoreIA5Indexer
+#define integerFilter caseIgnoreIA5Filter
-#define caseIgnoreSubstringsIndexer caseIgnoreIA5SubstringsIndexer
-#define caseIgnoreSubstringsFilter caseIgnoreIA5SubstringsFilter
-#define caseExactSubstringsIndexer caseExactIA5SubstringsIndexer
-#define caseExactSubstringsFilter caseExactIA5SubstringsFilter
+static char *strcasechr( const char *str, int c )
+{
+ char *lower = strchr( str, TOLOWER(c) );
+ char *upper = strchr( str, TOUPPER(c) );
+ if( lower && upper ) {
+ return lower < upper ? lower : upper;
+ } else if ( lower ) {
+ return lower;
+ } else {
+ return upper;
+ }
+}
static int
octetStringMatch(
return LDAP_SUCCESS;
}
+static int
+nameUIDValidate(
+ Syntax *syntax,
+ struct berval *in )
+{
+ int rc;
+ struct berval *dn;
+
+ if( in->bv_len == 0 ) return LDAP_SUCCESS;
+
+ dn = ber_bvdup( in );
+
+ if( dn->bv_val[dn->bv_len-1] == '\'' ) {
+ /* assume presence of optional UID */
+ ber_len_t i;
+
+ for(i=dn->bv_len-2; i>2; i--) {
+ if( dn->bv_val[i] != '0' && dn->bv_val[i] != '1' ) {
+ break;
+ }
+ }
+ if( dn->bv_val[i] != '\'' ) {
+ return LDAP_INVALID_SYNTAX;
+ }
+ if( dn->bv_val[i-1] != 'B' ) {
+ return LDAP_INVALID_SYNTAX;
+ }
+ if( dn->bv_val[i-2] != '#' ) {
+ return LDAP_INVALID_SYNTAX;
+ }
+
+ /* trim the UID to allow use of dn_validate */
+ dn->bv_val[i-2] = '\0';
+ }
+
+ rc = dn_validate( dn->bv_val ) == NULL
+ ? LDAP_INVALID_SYNTAX : LDAP_SUCCESS;
+
+ ber_bvfree( dn );
+ return rc;
+}
+
+static int
+nameUIDNormalize(
+ Syntax *syntax,
+ struct berval *val,
+ struct berval **normalized )
+{
+ struct berval *out = ber_bvdup( val );
+
+ if( out->bv_len != 0 ) {
+ char *dn;
+ ber_len_t dnlen;
+ char *uid = NULL;
+ ber_len_t uidlen = 0;
+
+ if( out->bv_val[out->bv_len-1] == '\'' ) {
+ /* assume presence of optional UID */
+ uid = strrchr( out->bv_val, '#' );
+
+ if( uid == NULL ) {
+ ber_bvfree( out );
+ return LDAP_INVALID_SYNTAX;
+ }
+
+ uidlen = out->bv_len - (out->bv_val - uid);
+ /* temporarily trim the UID */
+ *uid = '\0';
+ }
+
+#ifdef USE_DN_NORMALIZE
+ dn = dn_normalize( out->bv_val );
+#else
+ dn = dn_validate( out->bv_val );
+#endif
+
+ if( dn == NULL ) {
+ ber_bvfree( out );
+ return LDAP_INVALID_SYNTAX;
+ }
+
+ dnlen = strlen(dn);
+
+ if( uidlen ) {
+ /* restore the separator */
+ *uid = '#';
+ /* shift the UID */
+ SAFEMEMCPY( &dn[dnlen], uid, uidlen );
+ }
+
+ out->bv_val = dn;
+ out->bv_len = dnlen + uidlen;
+ }
+
+ *normalized = out;
+ return LDAP_SUCCESS;
+}
+
static int
inValidate(
Syntax *syntax,
return LDAP_SUCCESS;
}
+static int
+bitStringValidate(
+ Syntax *syntax,
+ struct berval *in )
+{
+ ber_len_t i;
+
+ /* very unforgiving validation, requires no normalization
+ * before simplistic matching
+ */
+ if( in->bv_len < 3 ) {
+ return LDAP_INVALID_SYNTAX;
+ }
+ if( in->bv_val[0] != 'B' ||
+ in->bv_val[1] != '\'' ||
+ in->bv_val[in->bv_len-1] != '\'' )
+ {
+ return LDAP_INVALID_SYNTAX;
+ }
+
+ for( i=in->bv_len-2; i>1; i-- ) {
+ if( in->bv_val[i] != '0' && in->bv_val[i] != '1' ) {
+ return LDAP_INVALID_SYNTAX;
+ }
+ }
+
+ return LDAP_SUCCESS;
+}
+
/*
* Handling boolean syntax and matching is quite rigid.
* A more flexible approach would be to allow a variety
return LDAP_SUCCESS;
}
+#if 0
+static int
+UTF8casecmp(
+ struct berval *right,
+ struct berval *left )
+{
+ ber_len_t r, l;
+ int rlen, llen;
+ ldap_unicode_t ru, lu;
+ ldap_unicode_t ruu, luu;
+
+ for( r=0, l=0;
+ r < right->bv_len && l < left->bv_len;
+ r+=rlen, l+=llen )
+ {
+ /*
+ * XXYYZ: we convert to ucs4 even though -llunicode
+ * expects ucs2 in an unsigned long
+ */
+ ru = ldap_utf8_to_ucs4( &right->bv_val[r] );
+ if( ru == LDAP_UCS4_INVALID ) {
+ return 1;
+ }
+
+ lu = ldap_utf8_to_ucs4( &left->bv_val[l] );
+ if( lu == LDAP_UCS4_INVALID ) {
+ return -1;
+ }
+
+ ruu = uctoupper( ru );
+ luu = uctoupper( lu );
+
+ if( ruu > luu ) {
+ return 1;
+ } else if( luu > ruu ) {
+ return -1;
+ }
+
+ rlen = LDAP_UTF8_CHARLEN( &right->bv_val[r] );
+ llen = LDAP_UTF8_CHARLEN( &left->bv_val[l] );
+ }
+
+ if( r < right->bv_len ) {
+ /* less left */
+ return -1;
+ }
+
+ if( l < left->bv_len ) {
+ /* less right */
+ return 1;
+ }
+
+ return 0;
+}
+#endif
+
static int
UTF8StringValidate(
Syntax *syntax,
int len;
unsigned char *u = in->bv_val;
- if( !in->bv_len ) return LDAP_INVALID_SYNTAX;
+ if( !in->bv_len ) return LDAP_INVALID_SYNTAX;
+
+ for( count = in->bv_len; count > 0; count-=len, u+=len ) {
+ /* get the length indicated by the first byte */
+ len = LDAP_UTF8_CHARLEN( u );
+
+ /* should not be zero */
+ if( len == 0 ) return LDAP_INVALID_SYNTAX;
+
+ /* make sure len corresponds with the offset
+ to the next character */
+ if( LDAP_UTF8_OFFSET( u ) != len ) return LDAP_INVALID_SYNTAX;
+ }
+
+ if( count != 0 ) return LDAP_INVALID_SYNTAX;
+
+ return LDAP_SUCCESS;
+}
+
+static int
+UTF8StringNormalize(
+ Syntax *syntax,
+ struct berval *val,
+ struct berval **normalized )
+{
+ struct berval *newval;
+ char *p, *q, *s;
+
+ newval = ch_malloc( sizeof( struct berval ) );
+
+ p = val->bv_val;
+
+ /* Ignore initial whitespace */
+ while ( ldap_utf8_isspace( p ) ) {
+ LDAP_UTF8_INCR( p );
+ }
+
+ if( *p == '\0' ) {
+ ch_free( newval );
+ return LDAP_INVALID_SYNTAX;
+ }
+
+ newval->bv_val = ch_strdup( p );
+ p = q = newval->bv_val;
+ s = NULL;
+
+ while ( *p ) {
+ int len;
+
+ if ( ldap_utf8_isspace( p ) ) {
+ len = LDAP_UTF8_COPY(q,p);
+ s=q;
+ p+=len;
+ q+=len;
+
+ /* Ignore the extra whitespace */
+ while ( ldap_utf8_isspace( p ) ) {
+ LDAP_UTF8_INCR( p );
+ }
+ } else {
+ len = LDAP_UTF8_COPY(q,p);
+ s=NULL;
+ p+=len;
+ q+=len;
+ }
+ }
+
+ assert( *newval->bv_val );
+ assert( newval->bv_val < p );
+ assert( q <= p );
+
+ /* cannot start with a space */
+ assert( !ldap_utf8_isspace(newval->bv_val) );
+
+ /*
+ * If the string ended in space, backup the pointer one
+ * position. One is enough because the above loop collapsed
+ * all whitespace to a single space.
+ */
+
+ if ( s != NULL ) {
+ q = s;
+ }
+
+ /* cannot end with a space */
+ assert( !ldap_utf8_isspace( LDAP_UTF8_PREV(q) ) );
+
+ /* null terminate */
+ *q = '\0';
+
+ newval->bv_len = q - newval->bv_val;
+ *normalized = newval;
+
+ return LDAP_SUCCESS;
+}
+
+static int
+caseExactMatch(
+ int *matchp,
+ slap_mask_t flags,
+ Syntax *syntax,
+ MatchingRule *mr,
+ struct berval *value,
+ void *assertedValue )
+{
+ int match = value->bv_len - ((struct berval *) assertedValue)->bv_len;
+
+ if( match == 0 ) {
+ match = strncmp( value->bv_val,
+ ((struct berval *) assertedValue)->bv_val,
+ value->bv_len );
+ }
+
+ *matchp = match;
+ return LDAP_SUCCESS;
+}
+
+static int
+caseExactSubstringsMatch(
+ int *matchp,
+ slap_mask_t flags,
+ Syntax *syntax,
+ MatchingRule *mr,
+ struct berval *value,
+ void *assertedValue )
+{
+ int match = 0;
+ SubstringsAssertion *sub = assertedValue;
+ struct berval left = *value;
+ int i;
+ ber_len_t inlen=0;
+
+ /* Add up asserted input length */
+ if( sub->sa_initial ) {
+ inlen += sub->sa_initial->bv_len;
+ }
+ if( sub->sa_any ) {
+ for(i=0; sub->sa_any[i] != NULL; i++) {
+ inlen += sub->sa_any[i]->bv_len;
+ }
+ }
+ if( sub->sa_final ) {
+ inlen += sub->sa_final->bv_len;
+ }
+
+ if( sub->sa_initial ) {
+ if( inlen > left.bv_len ) {
+ match = 1;
+ goto done;
+ }
+
+ match = strncmp( sub->sa_initial->bv_val, left.bv_val,
+ sub->sa_initial->bv_len );
+
+ if( match != 0 ) {
+ goto done;
+ }
+
+ left.bv_val += sub->sa_initial->bv_len;
+ left.bv_len -= sub->sa_initial->bv_len;
+ inlen -= sub->sa_initial->bv_len;
+ }
+
+ if( sub->sa_final ) {
+ if( inlen > left.bv_len ) {
+ match = 1;
+ goto done;
+ }
+
+ match = strncmp( sub->sa_final->bv_val,
+ &left.bv_val[left.bv_len - sub->sa_final->bv_len],
+ sub->sa_final->bv_len );
+
+ if( match != 0 ) {
+ goto done;
+ }
+
+ left.bv_len -= sub->sa_final->bv_len;
+ inlen -= sub->sa_final->bv_len;
+ }
+
+ if( sub->sa_any ) {
+ for(i=0; sub->sa_any[i]; i++) {
+ ber_len_t idx;
+ char *p;
+
+retry:
+ if( inlen > left.bv_len ) {
+ /* not enough length */
+ match = 1;
+ goto done;
+ }
+
+ if( sub->sa_any[i]->bv_len == 0 ) {
+ continue;
+ }
+
+ p = strchr( left.bv_val, *sub->sa_any[i]->bv_val );
+
+ if( p == NULL ) {
+ match = 1;
+ goto done;
+ }
+
+ idx = p - left.bv_val;
+ assert( idx < left.bv_len );
+
+ if( idx >= left.bv_len ) {
+ /* this shouldn't happen */
+ return LDAP_OTHER;
+ }
+
+ left.bv_val = p;
+ left.bv_len -= idx;
+
+ if( sub->sa_any[i]->bv_len > left.bv_len ) {
+ /* not enough left */
+ match = 1;
+ goto done;
+ }
+
+ match = strncmp( left.bv_val,
+ sub->sa_any[i]->bv_val,
+ sub->sa_any[i]->bv_len );
+
+ if( match != 0 ) {
+ left.bv_val++;
+ left.bv_len--;
+ goto retry;
+ }
+
+ left.bv_val += sub->sa_any[i]->bv_len;
+ left.bv_len -= sub->sa_any[i]->bv_len;
+ inlen -= sub->sa_any[i]->bv_len;
+ }
+ }
+
+done:
+ *matchp = match;
+ return LDAP_SUCCESS;
+}
+
+/* Index generation function */
+int caseExactIndexer(
+ slap_mask_t use,
+ slap_mask_t flags,
+ Syntax *syntax,
+ MatchingRule *mr,
+ struct berval *prefix,
+ struct berval **values,
+ struct berval ***keysp )
+{
+ int i;
+ size_t slen, mlen;
+ struct berval **keys;
+ lutil_MD5_CTX MD5context;
+ unsigned char MD5digest[16];
+ struct berval digest;
+ digest.bv_val = MD5digest;
+ digest.bv_len = sizeof(MD5digest);
+
+ for( i=0; values[i] != NULL; i++ ) {
+ /* just count them */
+ }
+
+ assert( i > 0 );
+
+ keys = ch_malloc( sizeof( struct berval * ) * (i+1) );
+
+ slen = strlen( syntax->ssyn_oid );
+ mlen = strlen( mr->smr_oid );
+
+ for( i=0; values[i] != NULL; i++ ) {
+ struct berval *value = values[i];
+
+ lutil_MD5Init( &MD5context );
+ if( prefix != NULL && prefix->bv_len > 0 ) {
+ lutil_MD5Update( &MD5context,
+ prefix->bv_val, prefix->bv_len );
+ }
+ lutil_MD5Update( &MD5context,
+ syntax->ssyn_oid, slen );
+ lutil_MD5Update( &MD5context,
+ mr->smr_oid, mlen );
+ lutil_MD5Update( &MD5context,
+ value->bv_val, value->bv_len );
+ lutil_MD5Final( MD5digest, &MD5context );
+
+ keys[i] = ber_bvdup( &digest );
+ }
+
+ keys[i] = NULL;
+ *keysp = keys;
+ return LDAP_SUCCESS;
+}
+
+/* Index generation function */
+int caseExactFilter(
+ slap_mask_t use,
+ slap_mask_t flags,
+ Syntax *syntax,
+ MatchingRule *mr,
+ struct berval *prefix,
+ void * assertValue,
+ struct berval ***keysp )
+{
+ size_t slen, mlen;
+ struct berval **keys;
+ lutil_MD5_CTX MD5context;
+ unsigned char MD5digest[LUTIL_MD5_BYTES];
+ struct berval *value;
+ struct berval digest;
+ digest.bv_val = MD5digest;
+ digest.bv_len = sizeof(MD5digest);
+
+ slen = strlen( syntax->ssyn_oid );
+ mlen = strlen( mr->smr_oid );
+
+ value = (struct berval *) assertValue;
+
+ keys = ch_malloc( sizeof( struct berval * ) * 2 );
+
+ lutil_MD5Init( &MD5context );
+ if( prefix != NULL && prefix->bv_len > 0 ) {
+ lutil_MD5Update( &MD5context,
+ prefix->bv_val, prefix->bv_len );
+ }
+ lutil_MD5Update( &MD5context,
+ syntax->ssyn_oid, slen );
+ lutil_MD5Update( &MD5context,
+ mr->smr_oid, mlen );
+ lutil_MD5Update( &MD5context,
+ value->bv_val, value->bv_len );
+ lutil_MD5Final( MD5digest, &MD5context );
+
+ keys[0] = ber_bvdup( &digest );
+ keys[1] = NULL;
+
+ *keysp = keys;
+ return LDAP_SUCCESS;
+}
+
+/* Substrings Index generation function */
+int caseExactSubstringsIndexer(
+ slap_mask_t use,
+ slap_mask_t flags,
+ Syntax *syntax,
+ MatchingRule *mr,
+ struct berval *prefix,
+ struct berval **values,
+ struct berval ***keysp )
+{
+ ber_len_t i, nkeys;
+ size_t slen, mlen;
+ struct berval **keys;
+ lutil_MD5_CTX MD5context;
+ unsigned char MD5digest[16];
+ struct berval digest;
+ digest.bv_val = MD5digest;
+ digest.bv_len = sizeof(MD5digest);
+
+ nkeys=0;
+ for( i=0; values[i] != NULL; i++ ) {
+ /* count number of indices to generate */
+ if( values[i]->bv_len < SLAP_INDEX_SUBSTR_MINLEN ) {
+ continue;
+ }
+
+ if( flags & SLAP_INDEX_SUBSTR_INITIAL ) {
+ if( values[i]->bv_len >= SLAP_INDEX_SUBSTR_MAXLEN ) {
+ nkeys += SLAP_INDEX_SUBSTR_MAXLEN -
+ ( SLAP_INDEX_SUBSTR_MINLEN - 1);
+ } else {
+ nkeys += values[i]->bv_len - ( SLAP_INDEX_SUBSTR_MINLEN - 1 );
+ }
+ }
+
+ if( flags & SLAP_INDEX_SUBSTR_ANY ) {
+ if( values[i]->bv_len >= SLAP_INDEX_SUBSTR_MAXLEN ) {
+ nkeys += values[i]->bv_len - ( SLAP_INDEX_SUBSTR_MAXLEN - 1 );
+ }
+ }
+
+ if( flags & SLAP_INDEX_SUBSTR_FINAL ) {
+ if( values[i]->bv_len >= SLAP_INDEX_SUBSTR_MAXLEN ) {
+ nkeys += SLAP_INDEX_SUBSTR_MAXLEN -
+ ( SLAP_INDEX_SUBSTR_MINLEN - 1);
+ } else {
+ nkeys += values[i]->bv_len - ( SLAP_INDEX_SUBSTR_MINLEN - 1 );
+ }
+ }
+ }
+ assert( i > 0 );
+
+ if( nkeys == 0 ) {
+ /* no keys to generate */
+ *keysp = NULL;
+ return LDAP_SUCCESS;
+ }
+
+ keys = ch_malloc( sizeof( struct berval * ) * (nkeys+1) );
+
+ slen = strlen( syntax->ssyn_oid );
+ mlen = strlen( mr->smr_oid );
+
+ nkeys=0;
+ for( i=0; values[i] != NULL; i++ ) {
+ ber_len_t j,max;
+ struct berval *value;
+
+ value = values[i];
+ if( value->bv_len < SLAP_INDEX_SUBSTR_MINLEN ) continue;
+
+ if( ( flags & SLAP_INDEX_SUBSTR_ANY ) &&
+ ( value->bv_len >= SLAP_INDEX_SUBSTR_MAXLEN ) )
+ {
+ char pre = SLAP_INDEX_SUBSTR_PREFIX;
+ max = value->bv_len - ( SLAP_INDEX_SUBSTR_MAXLEN - 1);
+
+ for( j=0; j<max; j++ ) {
+ lutil_MD5Init( &MD5context );
+ if( prefix != NULL && prefix->bv_len > 0 ) {
+ lutil_MD5Update( &MD5context,
+ prefix->bv_val, prefix->bv_len );
+ }
+
+ lutil_MD5Update( &MD5context,
+ &pre, sizeof( pre ) );
+ lutil_MD5Update( &MD5context,
+ syntax->ssyn_oid, slen );
+ lutil_MD5Update( &MD5context,
+ mr->smr_oid, mlen );
+ lutil_MD5Update( &MD5context,
+ &value->bv_val[j],
+ SLAP_INDEX_SUBSTR_MAXLEN );
+ lutil_MD5Final( MD5digest, &MD5context );
+
+ keys[nkeys++] = ber_bvdup( &digest );
+ }
+ }
+
+ max = SLAP_INDEX_SUBSTR_MAXLEN < value->bv_len
+ ? SLAP_INDEX_SUBSTR_MAXLEN : value->bv_len;
+
+ for( j=SLAP_INDEX_SUBSTR_MINLEN; j<=max; j++ ) {
+ char pre;
+
+ if( flags & SLAP_INDEX_SUBSTR_INITIAL ) {
+ pre = SLAP_INDEX_SUBSTR_INITIAL_PREFIX;
+ lutil_MD5Init( &MD5context );
+ if( prefix != NULL && prefix->bv_len > 0 ) {
+ lutil_MD5Update( &MD5context,
+ prefix->bv_val, prefix->bv_len );
+ }
+ lutil_MD5Update( &MD5context,
+ &pre, sizeof( pre ) );
+ lutil_MD5Update( &MD5context,
+ syntax->ssyn_oid, slen );
+ lutil_MD5Update( &MD5context,
+ mr->smr_oid, mlen );
+ lutil_MD5Update( &MD5context,
+ value->bv_val, j );
+ lutil_MD5Final( MD5digest, &MD5context );
+
+ keys[nkeys++] = ber_bvdup( &digest );
+ }
+
+ if( flags & SLAP_INDEX_SUBSTR_FINAL ) {
+ pre = SLAP_INDEX_SUBSTR_FINAL_PREFIX;
+ lutil_MD5Init( &MD5context );
+ if( prefix != NULL && prefix->bv_len > 0 ) {
+ lutil_MD5Update( &MD5context,
+ prefix->bv_val, prefix->bv_len );
+ }
+ lutil_MD5Update( &MD5context,
+ &pre, sizeof( pre ) );
+ lutil_MD5Update( &MD5context,
+ syntax->ssyn_oid, slen );
+ lutil_MD5Update( &MD5context,
+ mr->smr_oid, mlen );
+ lutil_MD5Update( &MD5context,
+ &value->bv_val[value->bv_len-j], j );
+ lutil_MD5Final( MD5digest, &MD5context );
+
+ keys[nkeys++] = ber_bvdup( &digest );
+ }
+
+ }
+ }
+
+ if( nkeys > 0 ) {
+ keys[nkeys] = NULL;
+ *keysp = keys;
+ } else {
+ ch_free( keys );
+ *keysp = NULL;
+ }
+
+ return LDAP_SUCCESS;
+}
+
+int caseExactSubstringsFilter(
+ slap_mask_t use,
+ slap_mask_t flags,
+ Syntax *syntax,
+ MatchingRule *mr,
+ struct berval *prefix,
+ void * assertValue,
+ struct berval ***keysp )
+{
+ SubstringsAssertion *sa = assertValue;
+ char pre;
+ ber_len_t nkeys = 0;
+ size_t slen, mlen, klen;
+ struct berval **keys;
+ lutil_MD5_CTX MD5context;
+ unsigned char MD5digest[LUTIL_MD5_BYTES];
+ struct berval *value;
+ struct berval digest;
+
+ if( flags & SLAP_INDEX_SUBSTR_INITIAL && sa->sa_initial != NULL &&
+ sa->sa_initial->bv_len >= SLAP_INDEX_SUBSTR_MINLEN )
+ {
+ nkeys++;
+ }
+
+ if( flags & SLAP_INDEX_SUBSTR_ANY && sa->sa_any != NULL ) {
+ ber_len_t i;
+ for( i=0; sa->sa_any[i] != NULL; i++ ) {
+ if( sa->sa_any[i]->bv_len >= SLAP_INDEX_SUBSTR_MAXLEN ) {
+ /* don't bother accounting for stepping */
+ nkeys += sa->sa_any[i]->bv_len -
+ ( SLAP_INDEX_SUBSTR_MAXLEN - 1 );
+ }
+ }
+ }
+
+ if( flags & SLAP_INDEX_SUBSTR_FINAL && sa->sa_final != NULL &&
+ sa->sa_final->bv_len >= SLAP_INDEX_SUBSTR_MINLEN )
+ {
+ nkeys++;
+ }
+
+ if( nkeys == 0 ) {
+ *keysp = NULL;
+ return LDAP_SUCCESS;
+ }
+
+ digest.bv_val = MD5digest;
+ digest.bv_len = sizeof(MD5digest);
+
+ slen = strlen( syntax->ssyn_oid );
+ mlen = strlen( mr->smr_oid );
+
+ keys = ch_malloc( sizeof( struct berval * ) * (nkeys+1) );
+ nkeys = 0;
+
+ if( flags & SLAP_INDEX_SUBSTR_INITIAL && sa->sa_initial != NULL &&
+ sa->sa_initial->bv_len >= SLAP_INDEX_SUBSTR_MINLEN )
+ {
+ pre = SLAP_INDEX_SUBSTR_INITIAL_PREFIX;
+ value = sa->sa_initial;
+
+ klen = SLAP_INDEX_SUBSTR_MAXLEN < value->bv_len
+ ? SLAP_INDEX_SUBSTR_MAXLEN : value->bv_len;
+
+ lutil_MD5Init( &MD5context );
+ if( prefix != NULL && prefix->bv_len > 0 ) {
+ lutil_MD5Update( &MD5context,
+ prefix->bv_val, prefix->bv_len );
+ }
+ lutil_MD5Update( &MD5context,
+ &pre, sizeof( pre ) );
+ lutil_MD5Update( &MD5context,
+ syntax->ssyn_oid, slen );
+ lutil_MD5Update( &MD5context,
+ mr->smr_oid, mlen );
+ lutil_MD5Update( &MD5context,
+ value->bv_val, klen );
+ lutil_MD5Final( MD5digest, &MD5context );
+
+ keys[nkeys++] = ber_bvdup( &digest );
+ }
+
+ if( flags & SLAP_INDEX_SUBSTR_ANY && sa->sa_any != NULL ) {
+ ber_len_t i, j;
+ pre = SLAP_INDEX_SUBSTR_PREFIX;
+ klen = SLAP_INDEX_SUBSTR_MAXLEN;
+
+ for( i=0; sa->sa_any[i] != NULL; i++ ) {
+ if( sa->sa_any[i]->bv_len < SLAP_INDEX_SUBSTR_MAXLEN ) {
+ continue;
+ }
+
+ value = sa->sa_any[i];
+
+ for(j=0;
+ j <= value->bv_len - SLAP_INDEX_SUBSTR_MAXLEN;
+ j += SLAP_INDEX_SUBSTR_STEP )
+ {
+ lutil_MD5Init( &MD5context );
+ if( prefix != NULL && prefix->bv_len > 0 ) {
+ lutil_MD5Update( &MD5context,
+ prefix->bv_val, prefix->bv_len );
+ }
+ lutil_MD5Update( &MD5context,
+ &pre, sizeof( pre ) );
+ lutil_MD5Update( &MD5context,
+ syntax->ssyn_oid, slen );
+ lutil_MD5Update( &MD5context,
+ mr->smr_oid, mlen );
+ lutil_MD5Update( &MD5context,
+ &value->bv_val[j], klen );
+ lutil_MD5Final( MD5digest, &MD5context );
+
+ keys[nkeys++] = ber_bvdup( &digest );
+ }
+ }
+ }
+
+ if( flags & SLAP_INDEX_SUBSTR_FINAL && sa->sa_final != NULL &&
+ sa->sa_final->bv_len >= SLAP_INDEX_SUBSTR_MINLEN )
+ {
+ pre = SLAP_INDEX_SUBSTR_FINAL_PREFIX;
+ value = sa->sa_final;
+
+ klen = SLAP_INDEX_SUBSTR_MAXLEN < value->bv_len
+ ? SLAP_INDEX_SUBSTR_MAXLEN : value->bv_len;
+
+ lutil_MD5Init( &MD5context );
+ if( prefix != NULL && prefix->bv_len > 0 ) {
+ lutil_MD5Update( &MD5context,
+ prefix->bv_val, prefix->bv_len );
+ }
+ lutil_MD5Update( &MD5context,
+ &pre, sizeof( pre ) );
+ lutil_MD5Update( &MD5context,
+ syntax->ssyn_oid, slen );
+ lutil_MD5Update( &MD5context,
+ mr->smr_oid, mlen );
+ lutil_MD5Update( &MD5context,
+ &value->bv_val[value->bv_len-klen], klen );
+ lutil_MD5Final( MD5digest, &MD5context );
+
+ keys[nkeys++] = ber_bvdup( &digest );
+ }
+
+ if( nkeys > 0 ) {
+ keys[nkeys] = NULL;
+ *keysp = keys;
+ } else {
+ ch_free( keys );
+ *keysp = NULL;
+ }
+
+ return LDAP_SUCCESS;
+}
+
+static int
+caseIgnoreMatch(
+ int *matchp,
+ slap_mask_t flags,
+ Syntax *syntax,
+ MatchingRule *mr,
+ struct berval *value,
+ void *assertedValue )
+{
+#if 0
+ *matchp = UTF8casecmp( value, (struct berval *) assertedValue );
+#else
+ int match = value->bv_len - ((struct berval *) assertedValue)->bv_len;
+
+ if( match == 0 ) {
+ match = strncasecmp( value->bv_val,
+ ((struct berval *) assertedValue)->bv_val,
+ value->bv_len );
+ }
+
+ *matchp = match;
+#endif
+ return LDAP_SUCCESS;
+}
+
+static int
+caseIgnoreSubstringsMatch(
+ int *matchp,
+ slap_mask_t flags,
+ Syntax *syntax,
+ MatchingRule *mr,
+ struct berval *value,
+ void *assertedValue )
+{
+ int match = 0;
+ SubstringsAssertion *sub = assertedValue;
+ struct berval left = *value;
+ int i;
+ ber_len_t inlen=0;
+
+ /* Add up asserted input length */
+ if( sub->sa_initial ) {
+ inlen += sub->sa_initial->bv_len;
+ }
+ if( sub->sa_any ) {
+ for(i=0; sub->sa_any[i] != NULL; i++) {
+ inlen += sub->sa_any[i]->bv_len;
+ }
+ }
+ if( sub->sa_final ) {
+ inlen += sub->sa_final->bv_len;
+ }
+
+ if( sub->sa_initial ) {
+ if( inlen > left.bv_len ) {
+ match = 1;
+ goto done;
+ }
+
+ match = strncasecmp( sub->sa_initial->bv_val, left.bv_val,
+ sub->sa_initial->bv_len );
+
+ if( match != 0 ) {
+ goto done;
+ }
+
+ left.bv_val += sub->sa_initial->bv_len;
+ left.bv_len -= sub->sa_initial->bv_len;
+ inlen -= sub->sa_initial->bv_len;
+ }
+
+ if( sub->sa_final ) {
+ if( inlen > left.bv_len ) {
+ match = 1;
+ goto done;
+ }
+
+ match = strncasecmp( sub->sa_final->bv_val,
+ &left.bv_val[left.bv_len - sub->sa_final->bv_len],
+ sub->sa_final->bv_len );
+
+ if( match != 0 ) {
+ goto done;
+ }
+
+ left.bv_len -= sub->sa_final->bv_len;
+ inlen -= sub->sa_final->bv_len;
+ }
+
+ if( sub->sa_any ) {
+ for(i=0; sub->sa_any[i]; i++) {
+ ber_len_t idx;
+ char *p;
+
+retry:
+ if( inlen > left.bv_len ) {
+ /* not enough length */
+ match = 1;
+ goto done;
+ }
+
+ if( sub->sa_any[i]->bv_len == 0 ) {
+ continue;
+ }
+
+ p = strcasechr( left.bv_val, *sub->sa_any[i]->bv_val );
+
+ if( p == NULL ) {
+ match = 1;
+ goto done;
+ }
+
+ idx = p - left.bv_val;
+ assert( idx < left.bv_len );
+
+ if( idx >= left.bv_len ) {
+ /* this shouldn't happen */
+ return LDAP_OTHER;
+ }
+
+ left.bv_val = p;
+ left.bv_len -= idx;
+
+ if( sub->sa_any[i]->bv_len > left.bv_len ) {
+ /* not enough left */
+ match = 1;
+ goto done;
+ }
+
+ match = strncasecmp( left.bv_val,
+ sub->sa_any[i]->bv_val,
+ sub->sa_any[i]->bv_len );
+
+ if( match != 0 ) {
+ left.bv_val++;
+ left.bv_len--;
+
+ goto retry;
+ }
+
+ left.bv_val += sub->sa_any[i]->bv_len;
+ left.bv_len -= sub->sa_any[i]->bv_len;
+ inlen -= sub->sa_any[i]->bv_len;
+ }
+ }
+
+done:
+ *matchp = match;
+ return LDAP_SUCCESS;
+}
+
+/* Index generation function */
+int caseIgnoreIndexer(
+ slap_mask_t use,
+ slap_mask_t flags,
+ Syntax *syntax,
+ MatchingRule *mr,
+ struct berval *prefix,
+ struct berval **values,
+ struct berval ***keysp )
+{
+ int i;
+ size_t slen, mlen;
+ struct berval **keys;
+ lutil_MD5_CTX MD5context;
+ unsigned char MD5digest[16];
+ struct berval digest;
+ digest.bv_val = MD5digest;
+ digest.bv_len = sizeof(MD5digest);
+
+ for( i=0; values[i] != NULL; i++ ) {
+ /* just count them */
+ }
+
+ assert( i > 0 );
+
+ keys = ch_malloc( sizeof( struct berval * ) * (i+1) );
+
+ slen = strlen( syntax->ssyn_oid );
+ mlen = strlen( mr->smr_oid );
+
+ for( i=0; values[i] != NULL; i++ ) {
+ struct berval *value = ber_bvdup( values[i] );
+ ldap_pvt_str2upper( value->bv_val );
+
+ lutil_MD5Init( &MD5context );
+ if( prefix != NULL && prefix->bv_len > 0 ) {
+ lutil_MD5Update( &MD5context,
+ prefix->bv_val, prefix->bv_len );
+ }
+ lutil_MD5Update( &MD5context,
+ syntax->ssyn_oid, slen );
+ lutil_MD5Update( &MD5context,
+ mr->smr_oid, mlen );
+ lutil_MD5Update( &MD5context,
+ value->bv_val, value->bv_len );
+ lutil_MD5Final( MD5digest, &MD5context );
+
+ ber_bvfree( value );
+
+ keys[i] = ber_bvdup( &digest );
+ }
+
+ keys[i] = NULL;
+ *keysp = keys;
+ return LDAP_SUCCESS;
+}
+
+/* Index generation function */
+int caseIgnoreFilter(
+ slap_mask_t use,
+ slap_mask_t flags,
+ Syntax *syntax,
+ MatchingRule *mr,
+ struct berval *prefix,
+ void * assertValue,
+ struct berval ***keysp )
+{
+ size_t slen, mlen;
+ struct berval **keys;
+ lutil_MD5_CTX MD5context;
+ unsigned char MD5digest[LUTIL_MD5_BYTES];
+ struct berval *value;
+ struct berval digest;
+ digest.bv_val = MD5digest;
+ digest.bv_len = sizeof(MD5digest);
+
+ slen = strlen( syntax->ssyn_oid );
+ mlen = strlen( mr->smr_oid );
+
+ value = ber_bvdup( (struct berval *) assertValue );
+ ldap_pvt_str2upper( value->bv_val );
+
+ keys = ch_malloc( sizeof( struct berval * ) * 2 );
+
+ lutil_MD5Init( &MD5context );
+ if( prefix != NULL && prefix->bv_len > 0 ) {
+ lutil_MD5Update( &MD5context,
+ prefix->bv_val, prefix->bv_len );
+ }
+ lutil_MD5Update( &MD5context,
+ syntax->ssyn_oid, slen );
+ lutil_MD5Update( &MD5context,
+ mr->smr_oid, mlen );
+ lutil_MD5Update( &MD5context,
+ value->bv_val, value->bv_len );
+ lutil_MD5Final( MD5digest, &MD5context );
+
+ keys[0] = ber_bvdup( &digest );
+ keys[1] = NULL;
+
+ ber_bvfree( value );
+
+ *keysp = keys;
+
+ return LDAP_SUCCESS;
+}
+
+/* Substrings Index generation function */
+int caseIgnoreSubstringsIndexer(
+ slap_mask_t use,
+ slap_mask_t flags,
+ Syntax *syntax,
+ MatchingRule *mr,
+ struct berval *prefix,
+ struct berval **values,
+ struct berval ***keysp )
+{
+ ber_len_t i, nkeys;
+ size_t slen, mlen;
+ struct berval **keys;
+ lutil_MD5_CTX MD5context;
+ unsigned char MD5digest[16];
+ struct berval digest;
+ digest.bv_val = MD5digest;
+ digest.bv_len = sizeof(MD5digest);
+
+ nkeys=0;
+ for( i=0; values[i] != NULL; i++ ) {
+ /* count number of indices to generate */
+ if( values[i]->bv_len < SLAP_INDEX_SUBSTR_MINLEN ) {
+ continue;
+ }
+
+ if( flags & SLAP_INDEX_SUBSTR_INITIAL ) {
+ if( values[i]->bv_len >= SLAP_INDEX_SUBSTR_MAXLEN ) {
+ nkeys += SLAP_INDEX_SUBSTR_MAXLEN -
+ ( SLAP_INDEX_SUBSTR_MINLEN - 1);
+ } else {
+ nkeys += values[i]->bv_len - ( SLAP_INDEX_SUBSTR_MINLEN - 1 );
+ }
+ }
+
+ if( flags & SLAP_INDEX_SUBSTR_ANY ) {
+ if( values[i]->bv_len >= SLAP_INDEX_SUBSTR_MAXLEN ) {
+ nkeys += values[i]->bv_len - ( SLAP_INDEX_SUBSTR_MAXLEN - 1 );
+ }
+ }
+
+ if( flags & SLAP_INDEX_SUBSTR_FINAL ) {
+ if( values[i]->bv_len >= SLAP_INDEX_SUBSTR_MAXLEN ) {
+ nkeys += SLAP_INDEX_SUBSTR_MAXLEN -
+ ( SLAP_INDEX_SUBSTR_MINLEN - 1);
+ } else {
+ nkeys += values[i]->bv_len - ( SLAP_INDEX_SUBSTR_MINLEN - 1 );
+ }
+ }
+ }
+ assert( i > 0 );
+
+ if( nkeys == 0 ) {
+ /* no keys to generate */
+ *keysp = NULL;
+ return LDAP_SUCCESS;
+ }
+
+ keys = ch_malloc( sizeof( struct berval * ) * (nkeys+1) );
+
+ slen = strlen( syntax->ssyn_oid );
+ mlen = strlen( mr->smr_oid );
+
+ nkeys=0;
+ for( i=0; values[i] != NULL; i++ ) {
+ int j,max;
+ struct berval *value;
+
+ if( values[i]->bv_len < SLAP_INDEX_SUBSTR_MINLEN ) continue;
+
+ value = ber_bvdup( values[i] );
+ ldap_pvt_str2upper( value->bv_val );
+
+ if( ( flags & SLAP_INDEX_SUBSTR_ANY ) &&
+ ( value->bv_len >= SLAP_INDEX_SUBSTR_MAXLEN ) )
+ {
+ char pre = SLAP_INDEX_SUBSTR_PREFIX;
+ max = value->bv_len - ( SLAP_INDEX_SUBSTR_MAXLEN - 1);
+
+ for( j=0; j<max; j++ ) {
+ lutil_MD5Init( &MD5context );
+ if( prefix != NULL && prefix->bv_len > 0 ) {
+ lutil_MD5Update( &MD5context,
+ prefix->bv_val, prefix->bv_len );
+ }
+
+ lutil_MD5Update( &MD5context,
+ &pre, sizeof( pre ) );
+ lutil_MD5Update( &MD5context,
+ syntax->ssyn_oid, slen );
+ lutil_MD5Update( &MD5context,
+ mr->smr_oid, mlen );
+ lutil_MD5Update( &MD5context,
+ &value->bv_val[j],
+ SLAP_INDEX_SUBSTR_MAXLEN );
+ lutil_MD5Final( MD5digest, &MD5context );
+
+ keys[nkeys++] = ber_bvdup( &digest );
+ }
+ }
+
+ max = SLAP_INDEX_SUBSTR_MAXLEN < value->bv_len
+ ? SLAP_INDEX_SUBSTR_MAXLEN : value->bv_len;
+
+ for( j=SLAP_INDEX_SUBSTR_MINLEN; j<=max; j++ ) {
+ char pre;
+
+ if( flags & SLAP_INDEX_SUBSTR_INITIAL ) {
+ pre = SLAP_INDEX_SUBSTR_INITIAL_PREFIX;
+ lutil_MD5Init( &MD5context );
+ if( prefix != NULL && prefix->bv_len > 0 ) {
+ lutil_MD5Update( &MD5context,
+ prefix->bv_val, prefix->bv_len );
+ }
+ lutil_MD5Update( &MD5context,
+ &pre, sizeof( pre ) );
+ lutil_MD5Update( &MD5context,
+ syntax->ssyn_oid, slen );
+ lutil_MD5Update( &MD5context,
+ mr->smr_oid, mlen );
+ lutil_MD5Update( &MD5context,
+ value->bv_val, j );
+ lutil_MD5Final( MD5digest, &MD5context );
+
+ keys[nkeys++] = ber_bvdup( &digest );
+ }
+
+ if( flags & SLAP_INDEX_SUBSTR_FINAL ) {
+ pre = SLAP_INDEX_SUBSTR_FINAL_PREFIX;
+ lutil_MD5Init( &MD5context );
+ if( prefix != NULL && prefix->bv_len > 0 ) {
+ lutil_MD5Update( &MD5context,
+ prefix->bv_val, prefix->bv_len );
+ }
+ lutil_MD5Update( &MD5context,
+ &pre, sizeof( pre ) );
+ lutil_MD5Update( &MD5context,
+ syntax->ssyn_oid, slen );
+ lutil_MD5Update( &MD5context,
+ mr->smr_oid, mlen );
+ lutil_MD5Update( &MD5context,
+ &value->bv_val[value->bv_len-j], j );
+ lutil_MD5Final( MD5digest, &MD5context );
+
+ keys[nkeys++] = ber_bvdup( &digest );
+ }
+
+ }
+
+ ber_bvfree( value );
+ }
+
+ if( nkeys > 0 ) {
+ keys[nkeys] = NULL;
+ *keysp = keys;
+ } else {
+ ch_free( keys );
+ *keysp = NULL;
+ }
+
+ return LDAP_SUCCESS;
+}
+
+int caseIgnoreSubstringsFilter(
+ slap_mask_t use,
+ slap_mask_t flags,
+ Syntax *syntax,
+ MatchingRule *mr,
+ struct berval *prefix,
+ void * assertValue,
+ struct berval ***keysp )
+{
+ SubstringsAssertion *sa = assertValue;
+ char pre;
+ ber_len_t nkeys = 0;
+ size_t slen, mlen, klen;
+ struct berval **keys;
+ lutil_MD5_CTX MD5context;
+ unsigned char MD5digest[LUTIL_MD5_BYTES];
+ struct berval *value;
+ struct berval digest;
+
+ if((flags & SLAP_INDEX_SUBSTR_INITIAL) && sa->sa_initial != NULL &&
+ sa->sa_initial->bv_len >= SLAP_INDEX_SUBSTR_MINLEN )
+ {
+ nkeys++;
+ }
- for( count = in->bv_len; count > 0; count-=len, u+=len ) {
- /* get the length indicated by the first byte */
- len = LDAP_UTF8_CHARLEN( u );
+ if((flags & SLAP_INDEX_SUBSTR_ANY) && sa->sa_any != NULL ) {
+ ber_len_t i;
+ for( i=0; sa->sa_any[i] != NULL; i++ ) {
+ if( sa->sa_any[i]->bv_len >= SLAP_INDEX_SUBSTR_MAXLEN ) {
+ /* don't bother accounting for stepping */
+ nkeys += sa->sa_any[i]->bv_len -
+ ( SLAP_INDEX_SUBSTR_MAXLEN - 1 );
+ }
+ }
+ }
- /* should not be zero */
- if( len == 0 ) return LDAP_INVALID_SYNTAX;
+ if((flags & SLAP_INDEX_SUBSTR_FINAL) && sa->sa_final != NULL &&
+ sa->sa_final->bv_len >= SLAP_INDEX_SUBSTR_MINLEN )
+ {
+ nkeys++;
+ }
- /* make sure len corresponds with the offset
- to the next character */
- if( LDAP_UTF8_OFFSET( u ) != len ) return LDAP_INVALID_SYNTAX;
+ if( nkeys == 0 ) {
+ *keysp = NULL;
+ return LDAP_SUCCESS;
}
- if( count != 0 ) return LDAP_INVALID_SYNTAX;
+ digest.bv_val = MD5digest;
+ digest.bv_len = sizeof(MD5digest);
- return LDAP_SUCCESS;
-}
+ slen = strlen( syntax->ssyn_oid );
+ mlen = strlen( mr->smr_oid );
-static int
-UTF8StringNormalize(
- Syntax *syntax,
- struct berval *val,
- struct berval **normalized )
-{
- struct berval *newval;
- char *p, *q, *s;
+ keys = ch_malloc( sizeof( struct berval * ) * (nkeys+1) );
+ nkeys = 0;
- newval = ch_malloc( sizeof( struct berval ) );
+ if((flags & SLAP_INDEX_SUBSTR_INITIAL) && sa->sa_initial != NULL &&
+ sa->sa_initial->bv_len >= SLAP_INDEX_SUBSTR_MINLEN )
+ {
+ pre = SLAP_INDEX_SUBSTR_INITIAL_PREFIX;
+ value = ber_bvdup( sa->sa_initial );
+ ldap_pvt_str2upper( value->bv_val );
- p = val->bv_val;
+ klen = SLAP_INDEX_SUBSTR_MAXLEN < value->bv_len
+ ? SLAP_INDEX_SUBSTR_MAXLEN : value->bv_len;
- /* Ignore initial whitespace */
- while ( ldap_utf8_isspace( p ) ) {
- LDAP_UTF8_INCR( p );
- }
+ lutil_MD5Init( &MD5context );
+ if( prefix != NULL && prefix->bv_len > 0 ) {
+ lutil_MD5Update( &MD5context,
+ prefix->bv_val, prefix->bv_len );
+ }
+ lutil_MD5Update( &MD5context,
+ &pre, sizeof( pre ) );
+ lutil_MD5Update( &MD5context,
+ syntax->ssyn_oid, slen );
+ lutil_MD5Update( &MD5context,
+ mr->smr_oid, mlen );
+ lutil_MD5Update( &MD5context,
+ value->bv_val, klen );
+ lutil_MD5Final( MD5digest, &MD5context );
- if( *p == '\0' ) {
- ch_free( newval );
- return LDAP_INVALID_SYNTAX;
+ ber_bvfree( value );
+ keys[nkeys++] = ber_bvdup( &digest );
}
- newval->bv_val = ch_strdup( p );
- p = q = newval->bv_val;
- s = NULL;
+ if((flags & SLAP_INDEX_SUBSTR_ANY) && sa->sa_any != NULL ) {
+ ber_len_t i, j;
+ pre = SLAP_INDEX_SUBSTR_PREFIX;
+ klen = SLAP_INDEX_SUBSTR_MAXLEN;
- while ( *p ) {
- int len;
+ for( i=0; sa->sa_any[i] != NULL; i++ ) {
+ if( sa->sa_any[i]->bv_len < SLAP_INDEX_SUBSTR_MAXLEN ) {
+ continue;
+ }
- if ( ldap_utf8_isspace( p ) ) {
- len = LDAP_UTF8_COPY(q,p);
- s=q;
- p+=len;
- q+=len;
+ value = ber_bvdup( sa->sa_any[i] );
+ ldap_pvt_str2upper( value->bv_val );
- /* Ignore the extra whitespace */
- while ( ldap_utf8_isspace( p ) ) {
- LDAP_UTF8_INCR( p );
+ for(j=0;
+ j <= value->bv_len - SLAP_INDEX_SUBSTR_MAXLEN;
+ j += SLAP_INDEX_SUBSTR_STEP )
+ {
+ lutil_MD5Init( &MD5context );
+ if( prefix != NULL && prefix->bv_len > 0 ) {
+ lutil_MD5Update( &MD5context,
+ prefix->bv_val, prefix->bv_len );
+ }
+ lutil_MD5Update( &MD5context,
+ &pre, sizeof( pre ) );
+ lutil_MD5Update( &MD5context,
+ syntax->ssyn_oid, slen );
+ lutil_MD5Update( &MD5context,
+ mr->smr_oid, mlen );
+ lutil_MD5Update( &MD5context,
+ &value->bv_val[j], klen );
+ lutil_MD5Final( MD5digest, &MD5context );
+
+ keys[nkeys++] = ber_bvdup( &digest );
}
- } else {
- len = LDAP_UTF8_COPY(q,p);
- s=NULL;
- p+=len;
- q+=len;
+
+ ber_bvfree( value );
}
}
- assert( *newval->bv_val );
- assert( newval->bv_val < p );
- assert( p >= q );
+ if((flags & SLAP_INDEX_SUBSTR_FINAL) && sa->sa_final != NULL &&
+ sa->sa_final->bv_len >= SLAP_INDEX_SUBSTR_MINLEN )
+ {
+ pre = SLAP_INDEX_SUBSTR_FINAL_PREFIX;
+ value = ber_bvdup( sa->sa_final );
+ ldap_pvt_str2upper( value->bv_val );
- /* cannot start with a space */
- assert( !ldap_utf8_isspace(newval->bv_val) );
+ klen = SLAP_INDEX_SUBSTR_MAXLEN < value->bv_len
+ ? SLAP_INDEX_SUBSTR_MAXLEN : value->bv_len;
- /*
- * If the string ended in space, backup the pointer one
- * position. One is enough because the above loop collapsed
- * all whitespace to a single space.
- */
+ lutil_MD5Init( &MD5context );
+ if( prefix != NULL && prefix->bv_len > 0 ) {
+ lutil_MD5Update( &MD5context,
+ prefix->bv_val, prefix->bv_len );
+ }
+ lutil_MD5Update( &MD5context,
+ &pre, sizeof( pre ) );
+ lutil_MD5Update( &MD5context,
+ syntax->ssyn_oid, slen );
+ lutil_MD5Update( &MD5context,
+ mr->smr_oid, mlen );
+ lutil_MD5Update( &MD5context,
+ &value->bv_val[value->bv_len-klen], klen );
+ lutil_MD5Final( MD5digest, &MD5context );
- if ( s != NULL ) {
- q = s;
+ ber_bvfree( value );
+ keys[nkeys++] = ber_bvdup( &digest );
}
- /* cannot end with a space */
- assert( !ldap_utf8_isspace( LDAP_UTF8_PREV(q) ) );
-
- /* null terminate */
- *q = '\0';
-
- newval->bv_len = q - newval->bv_val;
- *normalized = newval;
+ if( nkeys > 0 ) {
+ keys[nkeys] = NULL;
+ *keysp = keys;
+ } else {
+ ch_free( keys );
+ *keysp = NULL;
+ }
return LDAP_SUCCESS;
}
-
+
static int
oidValidate(
Syntax *syntax,
if( !val->bv_len ) return LDAP_INVALID_SYNTAX;
- for(i=0; i < val->bv_len; i++) {
+ if( val->bv_val[0] == '+' || val->bv_val[0] == '-' ) {
+ if( val->bv_len < 2 ) return LDAP_INVALID_SYNTAX;
+ } else if( !ASCII_DIGIT(val->bv_val[0]) ) {
+ return LDAP_INVALID_SYNTAX;
+ }
+
+ for(i=1; i < val->bv_len; i++) {
if( !ASCII_DIGIT(val->bv_val[i]) ) return LDAP_INVALID_SYNTAX;
}
}
static int
-printableStringValidate(
+integerNormalize(
Syntax *syntax,
- struct berval *val )
+ struct berval *val,
+ struct berval **normalized )
{
- ber_len_t i;
+ int negative;
+ struct berval *newval;
+ char *p;
- if( !val->bv_len ) return LDAP_INVALID_SYNTAX;
+ p = val->bv_val;
- for(i=0; i < val->bv_len; i++) {
- if( !isprint(val->bv_val[i]) ) return LDAP_INVALID_SYNTAX;
+ /* save sign */
+ negative = ( *p == '-' );
+ if( *p == '-' || *p == '+' ) p++;
+
+ /* Ignore leading zeros */
+ while ( *p == '0' ) p++;
+
+ newval = (struct berval *) ch_malloc( sizeof(struct berval) );
+
+ if( *p == '\0' ) {
+ newval->bv_val = ch_strdup("0");
+ newval->bv_len = 1;
+ goto done;
+ }
+
+ newval->bv_val = ch_malloc( val->bv_len + 1 );
+ newval->bv_len = 0;
+
+ if( negative ) {
+ newval->bv_val[newval->bv_len++] = '-';
+ }
+
+ for( ; *p != '\0'; p++ ) {
+ newval->bv_val[newval->bv_len++] = *p;
}
+done:
+ *normalized = newval;
return LDAP_SUCCESS;
}
static int
-IA5StringValidate(
+printableStringValidate(
Syntax *syntax,
struct berval *val )
{
if( !val->bv_len ) return LDAP_INVALID_SYNTAX;
for(i=0; i < val->bv_len; i++) {
- if( !isascii(val->bv_val[i]) ) return LDAP_INVALID_SYNTAX;
+ if( !isprint(val->bv_val[i]) ) return LDAP_INVALID_SYNTAX;
}
return LDAP_SUCCESS;
}
static int
-IA5StringConvert(
+IA5StringValidate(
Syntax *syntax,
- struct berval *in,
- struct berval **out )
+ struct berval *val )
{
- ldap_unicode_t *u;
- ber_len_t i, len = in->bv_len;
- struct berval *bv = ch_malloc( sizeof(struct berval) );
+ ber_len_t i;
- bv->bv_len = len * sizeof( ldap_unicode_t );
- u = (ldap_unicode_t *) ch_malloc( bv->bv_len + sizeof(ldap_unicode_t) );
- bv->bv_val = (char *) u;
+ if( !val->bv_len ) return LDAP_INVALID_SYNTAX;
- for(i=0; i < len; i++ ) {
- /*
- * IA5StringValidate should have been called to ensure
- * input is limited to IA5.
- */
- u[i] = in->bv_val[i];
+ for(i=0; i < val->bv_len; i++) {
+ if( !isascii(val->bv_val[i]) ) return LDAP_INVALID_SYNTAX;
}
- u[i] = 0;
- *out = bv;
return LDAP_SUCCESS;
}
assert( *newval->bv_val );
assert( newval->bv_val < p );
- assert( p <= q );
+ assert( q <= p );
/* cannot start with a space */
assert( !ASCII_SPACE(*newval->bv_val) );
return LDAP_SUCCESS;
}
-static char *strcasechr( const char *str, int c )
-{
- char *lower = strchr( str, TOLOWER(c) );
- char *upper = strchr( str, TOUPPER(c) );
-
- if( lower && upper ) {
- return lower < upper ? lower : upper;
- } else if ( lower ) {
- return lower;
- } else {
- return upper;
- }
-}
-
static int
caseIgnoreIA5SubstringsMatch(
int *matchp,
{"( 1.3.6.1.4.1.1466.115.121.1.5 DESC 'Binary' " X_BINARY X_NOT_H_R ")",
SLAP_SYNTAX_BER, berValidate, NULL, NULL},
{"( 1.3.6.1.4.1.1466.115.121.1.6 DESC 'Bit String' )",
- 0, bitStringValidate, bitStringNormalize, NULL },
+ 0, bitStringValidate, NULL, NULL },
{"( 1.3.6.1.4.1.1466.115.121.1.7 DESC 'Boolean' )",
0, booleanValidate, NULL, NULL},
{"( 1.3.6.1.4.1.1466.115.121.1.8 DESC 'Certificate' "
{"( 1.3.6.1.4.1.1466.115.121.1.33 DESC 'MHS OR Address' )",
0, NULL, NULL, NULL},
{"( 1.3.6.1.4.1.1466.115.121.1.34 DESC 'Name And Optional UID' )",
- 0, nameUIDValidate, nameUIDNormalize, nameUIDPretty},
+ 0, nameUIDValidate, nameUIDNormalize, NULL},
{"( 1.3.6.1.4.1.1466.115.121.1.35 DESC 'Name Form Description' )",
0, NULL, NULL, NULL},
{"( 1.3.6.1.4.1.1466.115.121.1.36 DESC 'Numeric String' )",
0, NULL, NULL, NULL},
/* RFC 2307 NIS Syntaxes */
- {"( 1.3.6.1.1.1.0.0 DESC 'RFC2307 NIS Triple' )",
+ {"( 1.3.6.1.1.1.0.0 DESC 'RFC2307 NIS Netgroup Triple' )",
0, nisNetgroupTripleValidate, NULL, NULL},
{"( 1.3.6.1.1.1.0.1 DESC 'RFC2307 Boot Parameter' )",
0, bootParameterValidate, NULL, NULL},
{"( 1.3.6.1.4.1.4203.666.2.1 DESC 'OpenLDAP Experimental ACI' )",
0, IA5StringValidate /* THIS WILL CHANGE FOR NEW ACI SYNTAX */,
NULL, NULL},
+ {"( 1.3.6.1.4.1.4203.666.2.2 DESC 'OpenLDAP authPassword' )",
+ 0, NULL, NULL, NULL},
/* OpenLDAP Void Syntax */
{"( 1.3.6.1.4.1.4203.1.1.1 DESC 'OpenLDAP void' " X_HIDE ")" ,
* Other matching rules in X.520 that we do not use (yet):
*
* 2.5.13.9 numericStringOrderingMatch
- * 2.5.13.13 booleanMatch
* 2.5.13.15 integerOrderingMatch
* 2.5.13.18 octetStringOrderingMatch
* 2.5.13.19 octetStringSubstringsMatch
*/
struct mrule_defs_rec mrule_defs[] = {
+ /*
+ * EQUALITY matching rules must be listed after associated APPROX
+ * matching rules. So, we list all APPROX matching rules first.
+ */
+ {"( " directoryStringApproxMatchOID " NAME 'directoryStringApproxMatch' "
+ "SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )",
+ SLAP_MR_EQUALITY_APPROX | SLAP_MR_EXT,
+ NULL, NULL,
+ directoryStringApproxMatch, NULL, NULL,
+ NULL},
+
+ {"( " IA5StringApproxMatchOID " NAME 'IA5StringApproxMatch' "
+ "SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )",
+ SLAP_MR_EQUALITY_APPROX | SLAP_MR_EXT,
+ NULL, NULL,
+ IA5StringApproxMatch, NULL, NULL,
+ NULL},
+
/*
* Other matching rules
*/
SLAP_MR_EQUALITY | SLAP_MR_EXT,
NULL, NULL,
caseIgnoreMatch, caseIgnoreIndexer, caseIgnoreFilter,
- NULL},
+ directoryStringApproxMatchOID },
{"( 2.5.13.3 NAME 'caseIgnoreOrderingMatch' "
"SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )",
SLAP_MR_EQUALITY | SLAP_MR_EXT,
NULL, NULL,
caseExactMatch, caseExactIndexer, caseExactFilter,
- NULL},
+ directoryStringApproxMatchOID },
{"( 2.5.13.6 NAME 'caseExactOrderingMatch' "
"SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )",
"SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )",
SLAP_MR_EQUALITY | SLAP_MR_EXT,
NULL, NULL,
- integerMatch, NULL, NULL,
+ integerMatch, integerIndexer, integerFilter,
NULL},
{"( 2.5.13.16 NAME 'bitStringMatch' "
SLAP_MR_EQUALITY | SLAP_MR_EXT,
NULL, NULL,
caseExactIA5Match, caseExactIA5Indexer, caseExactIA5Filter,
- NULL},
+ IA5StringApproxMatchOID },
{"( 1.3.6.1.4.1.1466.109.114.2 NAME 'caseIgnoreIA5Match' "
"SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )",
SLAP_MR_EQUALITY | SLAP_MR_EXT,
NULL, NULL,
caseIgnoreIA5Match, caseExactIA5Indexer, caseExactIA5Filter,
- NULL},
+ IA5StringApproxMatchOID },
{"( 1.3.6.1.4.1.1466.109.114.3 NAME 'caseIgnoreIA5SubstringsMatch' "
"SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )",
caseExactIA5SubstringsFilter,
NULL},
+ {"( 1.3.6.1.4.1.4203.666.4.1 NAME 'authPasswordMatch' "
+ "SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 )",
+ SLAP_MR_EQUALITY,
+ NULL, NULL,
+ authPasswordMatch, NULL, NULL,
+ NULL},
+
{"( 1.3.6.1.4.1.4203.666.4.2 NAME 'OpenLDAPaciMatch' "
"SYNTAX 1.3.6.1.4.1.4203.666.2.1 )",
SLAP_MR_EQUALITY,
}
}
+ if( nbase[0] == '\0' && default_search_nbase != NULL ) {
+ ch_free( base );
+ ch_free( nbase );
+ base = ch_strdup( default_search_base );
+ nbase = ch_strdup( default_search_nbase );
+ }
+
/*
* We could be serving multiple database backends. Select the
* appropriate one, or send a referral to our "referral server"
* COPYING RESTRICTIONS APPLY, see COPYRIGHT file
*/
-#include "portable.h"\r
+#include "portable.h"
-#include <stdio.h>\r
+#include <stdio.h>
#include <ac/string.h>
-\r
+
#include "slap.h"
#include "sets.h"
static char **set_join (char **lset, int op, char **rset);
-static char **set_chase (SET_GATHER gatherer, void *cookie, char **set, char *attr, int attrlen, int closure);
+static char **set_chase (SET_GATHER gatherer,
+ void *cookie, char **set, char *attr, int attrlen, int closure);
static int set_samedn (char *dn1, char *dn2);
long
}
static char **
-set_chase (SET_GATHER gatherer, void *cookie, char **set, char *attr, int attrlen, int closure)
+set_chase (SET_GATHER gatherer,
+ void *cookie, char **set, char *attr, int attrlen, int closure)
{
char **vals, **nset;
char attrstr[32];
}
int
-set_filter (SET_GATHER gatherer, void *cookie, char *filter, char *user, char *this, char ***results)
+set_filter (SET_GATHER gatherer,
+ void *cookie, char *filter, char *user, char *this, char ***results)
{
-# define IS_SET(x) ( (long)(x) >= 256 )
-# define IS_OP(x) ( (long)(x) < 256 )
-# define SF_ERROR(x) { rc = -1; goto _error; }
-# define SF_TOP() (char **)( (stp < 0) ? 0 : stack[stp] )
-# define SF_POP() (char **)( (stp < 0) ? 0 : stack[stp--] )
-# define SF_PUSH(x) { if (stp >= 63) SF_ERROR(overflow); stack[++stp] = (char **)(long)(x); }
+#define IS_SET(x) ( (long)(x) >= 256 )
+#define IS_OP(x) ( (long)(x) < 256 )
+#define SF_ERROR(x) do { rc = -1; goto _error; } while (0)
+#define SF_TOP() ( (char **)( (stp < 0) ? 0 : stack[stp] ) )
+#define SF_POP() ( (char **)( (stp < 0) ? 0 : stack[stp--] ) )
+#define SF_PUSH(x) do { \
+ if (stp >= 63) SF_ERROR(overflow); \
+ stack[++stp] = (char **)(long)(x); \
+ } while (0)
+
char c;
char **set, **lset;
int len, op, rc, stp;
SF_ERROR(syntax);
} else {
SF_POP();
- set = set_chase(gatherer, cookie, SF_POP(), filter, len, c == '*');
+ set = set_chase(gatherer,
+ cookie, SF_POP(), filter, len, c == '*');
if (set == NULL)
SF_ERROR(memory);
if (c == '*')
#define slap_syntax_is_ber(s) slap_syntax_is_flag((s),SLAP_SYNTAX_BER)
#define slap_syntax_is_hidden(s) slap_syntax_is_flag((s),SLAP_SYNTAX_HIDE)
-/* XXX -> UCS-2 Converter */
+/* X -> Y Converter */
typedef int slap_mr_convert_func LDAP_P((
struct berval * in,
struct berval ** out ));
/* Other attributes descriptions */
AttributeDescription *si_ad_userPassword;
+ AttributeDescription *si_ad_authPassword;
#ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND
AttributeDescription *si_ad_krbName;
#endif
| SLAP_RESTRICT_OP_MODIFY \
| SLAP_RESTRICT_OP_RENAME )
+#define SLAP_ALLOW_TLS_2_ANON 0x0001U /* StartTLS -> Anonymous */
+
#define SLAP_DISALLOW_BIND_V2 0x0001U /* LDAPv2 bind */
#define SLAP_DISALLOW_BIND_ANON 0x0002U /* no anonymous */
#define SLAP_DISALLOW_BIND_ANON_CRED \
#define SLAP_DISALLOW_BIND_ANON_DN \
0x0008U /* dn should be empty */
+#define SLAP_DISALLOW_BIND_SIMPLE 0x0010U /* simple authentication */
+#define SLAP_DISALLOW_BIND_KRBV4 0x0020U /* Kerberos V4 authentication */
+
+#define SLAP_DISALLOW_TLS_AUTHC 0x0100U /* TLS while authenticated */
+
slap_mask_t be_requires; /* pre-operation requirements */
#define SLAP_REQUIRE_BIND 0x0001U /* bind before op */
#define SLAP_REQUIRE_LDAP_V3 0x0002U /* LDAPv3 before op */
#define SLAP_REQUIRE_SASL 0x0008U /* SASL before op */
#define SLAP_REQUIRE_STRONG 0x0010U /* strong authentication before op */
-
/* Required Security Strength Factor */
slap_ssf_set_t be_ssf_set;
# ADD BSC32 /nologo
LINK32=link.exe
# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /machine:I386
-# ADD LINK32 advapi32.lib sasl.lib hs_regex.lib libdb.lib libsasl.lib ws2_32.lib /nologo /subsystem:console /machine:I386 /libpath:"..\..\Release"
+# ADD LINK32 advapi32.lib libdb31.lib sasl.lib hs_regex.lib libsasl.lib ws2_32.lib /nologo /subsystem:console /machine:I386 /libpath:"..\..\Release"
!ELSEIF "$(CFG)" == "slapd - Win32 Debug"
# ADD BSC32 /nologo
LINK32=link.exe
# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /debug /machine:I386 /pdbtype:sept
-# ADD LINK32 advapi32.lib hs_regex.lib libdb.lib libsasl.lib ws2_32.lib /nologo /subsystem:console /debug /machine:I386 /pdbtype:sept /libpath:"..\..\Debug"
+# ADD LINK32 advapi32.lib libdb31.lib hs_regex.lib libsasl.lib ws2_32.lib /nologo /subsystem:console /debug /machine:I386 /pdbtype:sept /libpath:"..\..\Debug"
!ELSEIF "$(CFG)" == "slapd - Win32 Single Debug"
# ADD BSC32 /nologo
LINK32=link.exe
# ADD BASE LINK32 hs_regexd.lib libdbs.lib wsock32.lib /nologo /subsystem:console /debug /machine:I386 /pdbtype:sept
-# ADD LINK32 hs_regex.lib libdb.lib libsasl.lib ws2_32.lib /nologo /subsystem:console /debug /machine:I386 /pdbtype:sept /libpath:"..\..\SDebug"
+# ADD LINK32 libdb31.lib hs_regex.lib libsasl.lib ws2_32.lib /nologo /subsystem:console /debug /machine:I386 /pdbtype:sept /libpath:"..\..\SDebug"
!ELSEIF "$(CFG)" == "slapd - Win32 Single Release"
# ADD BSC32 /nologo
LINK32=link.exe
# ADD BASE LINK32 hs_regex.lib libdb.lib wsock32.lib /nologo /subsystem:console /machine:I386
-# ADD LINK32 sasl.lib hs_regex.lib libdb.lib libsasl.lib ws2_32.lib /nologo /subsystem:console /machine:I386 /libpath:"..\..\SRelease"
+# ADD LINK32 libdb.lib libdb31.lib hs_regex.lib libsasl.lib ws2_32.lib /nologo /subsystem:console /machine:I386 /libpath:"..\..\SRelease"
!ENDIF
goto done;
}
+ if ( ( global_disallows & SLAP_DISALLOW_TLS_AUTHC ) &&
+ ( conn->c_dn != NULL ) )
+ {
+ *text = "cannot start TLS after authentication";
+ rc = LDAP_OPERATIONS_ERROR;
+ goto done;
+ }
+
+ if ( ( global_allows & SLAP_ALLOW_TLS_2_ANON ) &&
+ ( conn->c_dn != NULL ) )
+ {
+ /* force to anonymous */
+ connection2anonymous( conn );
+ }
+
/* fail if TLS could not be initialized */
if (ldap_pvt_tls_get_option(NULL, LDAP_OPT_X_TLS_CERT, &ctx) != 0
|| ctx == NULL)
return NULL;
}
+void connection2anonymous( Connection *c )
+{
+ assert(0);
+}
# ADD BSC32 /nologo
LINK32=link.exe
# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /machine:I386
-# ADD LINK32 libdb.lib sasl.lib hs_regex.lib libsasl.lib ws2_32.lib /nologo /subsystem:console /machine:I386 /libpath:"..\..\..\Release"
+# ADD LINK32 libdb31.lib sasl.lib hs_regex.lib libsasl.lib ws2_32.lib /nologo /subsystem:console /machine:I386 /libpath:"..\..\..\Release"
!ELSEIF "$(CFG)" == "slapadd - Win32 Debug"
# ADD BSC32 /nologo
LINK32=link.exe
# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /debug /machine:I386 /pdbtype:sept
-# ADD LINK32 libdb.lib hs_regex.lib libsasl.lib ws2_32.lib /nologo /subsystem:console /debug /machine:I386 /pdbtype:sept /libpath:"..\..\..\Debug"
+# ADD LINK32 libdb31.lib hs_regex.lib libsasl.lib ws2_32.lib /nologo /subsystem:console /debug /machine:I386 /pdbtype:sept /libpath:"..\..\..\Debug"
!ELSEIF "$(CFG)" == "slapadd - Win32 Single Debug"
# ADD BSC32 /nologo
LINK32=link.exe
# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib hs_regexd.lib libdbs.lib ws2_32.lib /nologo /subsystem:console /debug /machine:I386 /pdbtype:sept
-# ADD LINK32 libdb.lib hs_regex.lib libsasl.lib ws2_32.lib /nologo /subsystem:console /debug /machine:I386 /pdbtype:sept /libpath:"..\..\..\SDebug"
+# ADD LINK32 libdb31.lib hs_regex.lib libsasl.lib ws2_32.lib /nologo /subsystem:console /debug /machine:I386 /pdbtype:sept /libpath:"..\..\..\SDebug"
!ELSEIF "$(CFG)" == "slapadd - Win32 Single Release"
# ADD BSC32 /nologo
LINK32=link.exe
# ADD BASE LINK32 hs_regex.lib libdb.lib ws2_32.lib /nologo /subsystem:console /machine:I386
-# ADD LINK32 libdbs.lib sasl.lib hs_regex.lib libsasl.lib ws2_32.lib /nologo /subsystem:console /machine:I386 /libpath:"..\..\..\SRelease"
+# ADD LINK32 libdbs.lib libdb31.lib hs_regex.lib libsasl.lib ws2_32.lib /nologo /subsystem:console /machine:I386 /libpath:"..\..\..\SRelease"
!ENDIF
# ADD BSC32 /nologo
LINK32=link.exe
# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /machine:I386
-# ADD LINK32 libdb.lib sasl.lib hs_regex.lib libsasl.lib ws2_32.lib /nologo /subsystem:console /machine:I386 /libpath:"..\..\..\Release"
+# ADD LINK32 libdb31.lib sasl.lib hs_regex.lib libsasl.lib ws2_32.lib /nologo /subsystem:console /machine:I386 /libpath:"..\..\..\Release"
!ELSEIF "$(CFG)" == "slapcat - Win32 Debug"
# ADD BSC32 /nologo
LINK32=link.exe
# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /debug /machine:I386 /pdbtype:sept
-# ADD LINK32 libdb.lib hs_regex.lib libsasl.lib ws2_32.lib /nologo /subsystem:console /debug /machine:I386 /pdbtype:sept /libpath:"..\..\..\Debug"
+# ADD LINK32 libdb31.lib hs_regex.lib libsasl.lib ws2_32.lib /nologo /subsystem:console /debug /machine:I386 /pdbtype:sept /libpath:"..\..\..\Debug"
!ELSEIF "$(CFG)" == "slapcat - Win32 Single Debug"
# ADD BSC32 /nologo
LINK32=link.exe
# ADD BASE LINK32 oldbm32.lib libdb.lib /nologo /subsystem:console /debug /machine:I386 /pdbtype:sept /libpath:"..\..\..\libraries\Debug"
-# ADD LINK32 libdb.lib hs_regex.lib libsasl.lib ws2_32.lib /nologo /subsystem:console /debug /machine:I386 /pdbtype:sept /libpath:"..\..\..\SDebug"
+# ADD LINK32 libdb31.lib hs_regex.lib libsasl.lib ws2_32.lib /nologo /subsystem:console /debug /machine:I386 /pdbtype:sept /libpath:"..\..\..\SDebug"
!ELSEIF "$(CFG)" == "slapcat - Win32 Single Release"
# ADD BSC32 /nologo
LINK32=link.exe
# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib libdb.lib /nologo /subsystem:console /machine:I386 /libpath:"..\..\..\libraries\Release"
-# ADD LINK32 libdbs.lib sasl.lib hs_regex.lib libsasl.lib ws2_32.lib /nologo /subsystem:console /machine:I386 /libpath:"..\..\..\SRelease"
+# ADD LINK32 libdbs.lib libdb31.lib hs_regex.lib libsasl.lib ws2_32.lib /nologo /subsystem:console /machine:I386 /libpath:"..\..\..\SRelease"
!ENDIF
# ADD BSC32 /nologo
LINK32=link.exe
# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /machine:I386
-# ADD LINK32 libdb.lib sasl.lib hs_regex.lib libsasl.lib ws2_32.lib /nologo /subsystem:console /machine:I386 /libpath:"..\..\..\Release"
+# ADD LINK32 libdb31.lib sasl.lib hs_regex.lib libsasl.lib ws2_32.lib /nologo /subsystem:console /machine:I386 /libpath:"..\..\..\Release"
!ELSEIF "$(CFG)" == "slapindex - Win32 Debug"
# ADD BSC32 /nologo
LINK32=link.exe
# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /debug /machine:I386 /pdbtype:sept
-# ADD LINK32 libdb.lib hs_regex.lib libsasl.lib ws2_32.lib /nologo /subsystem:console /debug /machine:I386 /pdbtype:sept /libpath:"..\..\..\Debug"
+# ADD LINK32 libdb31.lib hs_regex.lib libsasl.lib ws2_32.lib /nologo /subsystem:console /debug /machine:I386 /pdbtype:sept /libpath:"..\..\..\Debug"
!ELSEIF "$(CFG)" == "slapindex - Win32 Single Debug"
# ADD BSC32 /nologo
LINK32=link.exe
# ADD BASE LINK32 kernel32.lib shell32.lib hs_regexd.lib libdbs.lib ws2_32.lib /nologo /subsystem:console /debug /machine:I386 /pdbtype:sept
-# ADD LINK32 libdb.lib hs_regex.lib libsasl.lib ws2_32.lib /nologo /subsystem:console /debug /machine:I386 /pdbtype:sept /libpath:"..\..\..\SDebug"
+# ADD LINK32 libdb31.lib hs_regex.lib libsasl.lib ws2_32.lib /nologo /subsystem:console /debug /machine:I386 /pdbtype:sept /libpath:"..\..\..\SDebug"
!ELSEIF "$(CFG)" == "slapindex - Win32 Single Release"
# ADD BSC32 /nologo
LINK32=link.exe
# ADD BASE LINK32 hs_regex.lib libdb.lib ws2_32.lib /nologo /subsystem:console /machine:I386
-# ADD LINK32 libdbs.lib sasl.lib hs_regex.lib libsasl.lib ws2_32.lib /nologo /subsystem:console /machine:I386 /libpath:"..\..\SRelease"
+# ADD LINK32 libdbs.lib libdb31.lib hs_regex.lib libsasl.lib ws2_32.lib /nologo /subsystem:console /machine:I386 /libpath:"..\..\SRelease"
!ENDIF
g->slapd_configfile = strdup( optarg );
break;
case 'r': /* slapd replog file */
- strcpy( g->slapd_replogfile, optarg );
+ strncpy( g->slapd_replogfile, optarg,
+ sizeof(g->slapd_replogfile)-1 );
+ g->slapd_replogfile[sizeof(g->slapd_replogfile)-1] = '\0';
rflag++;
break;
case 't': /* dir to use for our copies of replogs */
#endif
return 0;
-
}
-
-
if test $RC != 0 ; then
echo ">>>>> Test failed"
else
- echo ">>>>> Test succeeded"
+ if grep "TLS:" $SEARCHOUT; then
+ RC=-1
+ else
+ echo ">>>>> Test succeeded"
+ fi
fi
projects / thirdparty / openldap.git / commitdiff
