upstream/openldap
1
0
Fork 0
mirror of https://git.openldap.org/openldap/openldap.git synced 2025-12-20 22:59:34 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

Component Indexing support for BDB

Browse source 
- only for equality matching
- only components of ASN.1 types used in an X.509 certificate can be indexed
(composite types except for RDN and DN are not supported yet)
- how to use
index [attribute name].[component reference] eq
Ex)
index userCertificate eq
index userCertificate.toBeSigned.issuer.rdnSequence eq
index userCertificate.toBeSigned.serialNumber eq
index userCertificate.toBeSigned.version eq
This commit is contained in:
Sang Seok Lim 2004-12-20 03:31:44 +00:00
parent 69ca6c9b59
commit 28a967584d
18 changed files with 1014 additions and 136 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
contrib/slapd-modules/comp_match/README
View file

@ -81,7 +81,5 @@ have been tested successfully. But this is currently under development.
before using it, don't forget to check following status of development,
1) Not all ASN.1 types are supported yet.
See componentlib.c to check which ASN.1 types are currently supported
2) Component version of GSER encoders are not supported yet
3) Not all ComponentId of a component reference are supported yet
supported : identifier, from-beginning, count, from-end, <all>
not supported : select, content
2) Component version of GSER encoders are partly supported(primitive types
used in an X.509 certificate)

2
contrib/slapd-modules/comp_match/asn.h
View file

@ -14,7 +14,7 @@
typedef enum { BER, GSER } EncRulesType;
typedef enum AsnTypeId {
BASICTYPE_BOOLEAN,
BASICTYPE_BOOLEAN = 0,
BASICTYPE_INTEGER,
BASICTYPE_BITSTRING,
BASICTYPE_OCTETSTRING,

127
contrib/slapd-modules/comp_match/asn_to_syn_mr.c
View file

@ -1,8 +1,8 @@
#include "component.h"
#include <component.h>
#include "asn.h"
#include "componentlib.h"
AsnTypetoMatchingRuleTable directory_component_matching_table = {
AsnTypetoMatchingRuleTable directory_component_matching_table[] = {
"1.2.36.79672281.1.13.7",
{
{ BASICTYPE_BOOLEAN,NULL,"1.3.6.1.4.1.1466.115.121.1.7", NULL },
@ -41,7 +41,7 @@ AsnTypetoMatchingRuleTable directory_component_matching_table = {
NULL
};
struct asntype_to_syntax asn_to_syntax_mapping_tbl[] = {
AsnTypetoSyntax asn_to_syntax_mapping_tbl[] = {
{ BASICTYPE_BOOLEAN,"Boolean","1.3.6.1.4.1.1466.115.121.1.7", NULL },
{ BASICTYPE_INTEGER,"Integer","1.3.6.1.4.1.1466.115.121.1.27", NULL },
{ BASICTYPE_BITSTRING,"Bit String","1.3.6.1.4.1.1466.115.121.1.6", NULL },
@ -77,3 +77,124 @@ struct asntype_to_syntax asn_to_syntax_mapping_tbl[] = {
{ ASN_COMP_CERTIFICATE, "componentCertificate", "1.2.36.79672281.1.5.2" , NULL },
{ ASNTYPE_END , NULL , NULL, NULL }
};
/*
* This table describes relationship between an ASN.1 type and its
* potential matching rules such as equality, approx, ordering, and substring
* Based on the description of this table, the following ComponentType
* table is initialized
*/
AsnTypetoCompMatchingRule asntype_to_compMR_mapping_tbl[] = {
{ BASICTYPE_BOOLEAN, "booleanMatch", NULL, NULL, NULL },
{ BASICTYPE_INTEGER, "integerMatch", NULL, "integerOrderingMatch", NULL },
{ BASICTYPE_BITSTRING, "bitStringMatch", NULL, NULL, NULL },
{ BASICTYPE_OCTETSTRING, "octetStringMatch", NULL, "octetStringOrderingMatch", NULL },
{ BASICTYPE_NULL, NULL, NULL, NULL, NULL },
{ BASICTYPE_OID, "objectIdentifierMatch", NULL, NULL, NULL },
{ BASICTYPE_REAL, NULL, NULL, NULL, NULL },
{ BASICTYPE_ENUMERATED, "integerMatch", NULL, "integerOrderingMatch", NULL },
{ BASICTYPE_NUMERIC_STR, "numericStringMatch", NULL, "numericStringOrderingMatch", "numericStringSubstringsMatch"},
{ BASICTYPE_PRINTABLE_STR, "caseIgnoreMatch", "directoryStringApproxMatch", "caseIgnoreOrderingMatch", "caseIgnoreSubstringsMatch" },
{ BASICTYPE_UNIVERSAL_STR, "caseIgnoreMatch", "directoryStringApproxMatch", "caseIgnoreOrderingMatch", "caseIgnoreSubstringsMatch" },
{ BASICTYPE_IA5_STR, "caseIgnoreMatch", "IA5StringApproxMatch", "caseIgnoreOrderingMatch", "caseIgnoreSubstringsMatch" },
{ BASICTYPE_BMP_STR, "caseIgnoreMatch", "directoryStringApproxMatch", "caseIgnoreOrderingMatch", "caseIgnoreSubstringsMatch" },
{ BASICTYPE_UTF8_STR, "caseIgnoreMatch", "directoryStringApproxMatch", "caseIgnoreOrderingMatch", "caseIgnoreSubstringsMatch" },
{ BASICTYPE_UTCTIME, NULL, NULL, NULL, NULL },
{ BASICTYPE_GENERALIZEDTIME, NULL, NULL, NULL, NULL },
{ BASICTYPE_GRAPHIC_STR, NULL, NULL, NULL, NULL },
{ BASICTYPE_VISIBLE_STR, "caseIgnoreMatch", "directoryStringApproxMatch", "caseIgnoreOrderingMatch", "caseIgnoreSubstringsMatch" },
{ BASICTYPE_GENERAL_STR, NULL, NULL, NULL, NULL },
{ BASICTYPE_OBJECTDESCRIPTOR, "objectIdentifierFirstComponentMatch", NULL, NULL, NULL },
{ BASICTYPE_VIDEOTEX_STR, NULL, NULL, NULL, NULL },
{ BASICTYPE_T61_STR, NULL, NULL, NULL, NULL },
{ BASICTYPE_OCTETCONTAINING, NULL, NULL, NULL, NULL },
{ BASICTYPE_BITCONTAINING, NULL, NULL, NULL, NULL },
{ BASICTYPE_RELATIVE_OID, "objectIdentifierFirstComponentMatch", NULL, NULL, NULL },
{ BASICTYPE_ANY, NULL, NULL, NULL, NULL },
{ COMPOSITE_ASN1_TYPE, NULL, NULL, NULL, NULL },
{ RDNSequence, "distinguishedNameMatch", NULL, NULL, NULL },
{ RelativeDistinguishedName, "rdnMatch" , NULL, NULL, NULL },
{ TelephoneNumber, NULL, NULL, NULL, NULL },
{ FacsimileTelephoneNumber__telephoneNumber, "caseIgnoreMatch", "directoryStringApproxMatch", "caseIgnoreOrderingMatch", "caseIgnoreSubstringsMatch" },
{ DirectoryString, "caseIgnoreMatch", "directoryStringApproxMatch", "caseIgnoreOrderingMatch", "caseIgnoreSubstringsMatch"},
{ ASN_COMP_CERTIFICATE, "componentFilterMatch", NULL, NULL, NULL },
{ ASNTYPE_END, NULL, NULL, NULL, NULL }
};
/*
* This table mapps an ASN type to a corresponding ComponentType which has
* equivalent contents of an existing AttributeType
*/
AsnTypetoCompType asntype_to_compType_mapping_tbl[] = {
{ BASICTYPE_BOOLEAN,{}},
{ BASICTYPE_INTEGER, {}},
{ BASICTYPE_BITSTRING, {}},
{ BASICTYPE_OCTETSTRING, {}},
{ BASICTYPE_NULL, {}},
{ BASICTYPE_OID, {}},
{ BASICTYPE_REAL, {}},
{ BASICTYPE_ENUMERATED, {}},
{ BASICTYPE_NUMERIC_STR, {}},
{ BASICTYPE_PRINTABLE_STR, {}},
{ BASICTYPE_UNIVERSAL_STR, {}},
{ BASICTYPE_IA5_STR, {}},
{ BASICTYPE_BMP_STR, {}},
{ BASICTYPE_UTF8_STR, {}},
{ BASICTYPE_UTCTIME, {}},
{ BASICTYPE_GENERALIZEDTIME, {}},
{ BASICTYPE_GRAPHIC_STR, {}},
{ BASICTYPE_VISIBLE_STR, {}},
{ BASICTYPE_GENERAL_STR,{}},
{ BASICTYPE_OBJECTDESCRIPTOR, {}},
{ BASICTYPE_VIDEOTEX_STR, {}},
{ BASICTYPE_T61_STR, {}},
{ BASICTYPE_OCTETCONTAINING, {}},
{ BASICTYPE_BITCONTAINING, {}},
{ BASICTYPE_RELATIVE_OID, {}},
{ BASICTYPE_ANY, {}},
{ COMPOSITE_ASN1_TYPE, {}},
{ RDNSequence, {}},
{ RelativeDistinguishedName, {}},
{ TelephoneNumber, {}},
{ FacsimileTelephoneNumber__telephoneNumber, {}},
{ DirectoryString, {}},
{ ASN_COMP_CERTIFICATE, {}},
{ ASNTYPE_END , {}}
};
AsnTypetoCompDesc asntype_to_compdesc_mapping_tbl[] = {
{ BASICTYPE_BOOLEAN,{}},
{ BASICTYPE_INTEGER, {}},
{ BASICTYPE_BITSTRING, {}},
{ BASICTYPE_OCTETSTRING, {}},
{ BASICTYPE_NULL, {}},
{ BASICTYPE_OID, {}},
{ BASICTYPE_REAL, {}},
{ BASICTYPE_ENUMERATED, {}},
{ BASICTYPE_NUMERIC_STR, {}},
{ BASICTYPE_PRINTABLE_STR, {}},
{ BASICTYPE_UNIVERSAL_STR, {}},
{ BASICTYPE_IA5_STR, {}},
{ BASICTYPE_BMP_STR, {}},
{ BASICTYPE_UTF8_STR, {}},
{ BASICTYPE_UTCTIME, {}},
{ BASICTYPE_GENERALIZEDTIME, {}},
{ BASICTYPE_GRAPHIC_STR, {}},
{ BASICTYPE_VISIBLE_STR, {}},
{ BASICTYPE_GENERAL_STR,{}},
{ BASICTYPE_OBJECTDESCRIPTOR, {}},
{ BASICTYPE_VIDEOTEX_STR, {}},
{ BASICTYPE_T61_STR, {}},
{ BASICTYPE_OCTETCONTAINING, {}},
{ BASICTYPE_BITCONTAINING, {}},
{ BASICTYPE_RELATIVE_OID, {}},
{ BASICTYPE_ANY, {}},
{ COMPOSITE_ASN1_TYPE, {}},
{ RDNSequence, {}},
{ RelativeDistinguishedName, {}},
{ TelephoneNumber, {}},
{ FacsimileTelephoneNumber__telephoneNumber, {}},
{ DirectoryString, {}},
{ ASN_COMP_CERTIFICATE, {}},
{ ASNTYPE_END , {}}
};

8
contrib/slapd-modules/comp_match/authorityKeyIdentifier.c
View file

@ -18,7 +18,7 @@ BDecComponentAuthorityKeyIdentifierTop( void* mem_op, GenBuf* b, void *v, AsnLen
return (-1);
}
return BDecComponentAuthorityKeyIdentifier( mem_op, b, tag, elmtLen, (ComponentSyntaxInfo*)v,(int*)bytesDecoded, mode );
return BDecComponentAuthorityKeyIdentifier( mem_op, b, tag, elmtLen, ( ComponentAuthorityKeyIdentifier**)v, (AsnLen*)bytesDecoded, mode );
}
@ -45,7 +45,7 @@ MatchingComponentOtherName ( char* oid, ComponentSyntaxInfo* csi_attr, Component
if ( rc != LDAP_COMPARE_TRUE )
return rc;
rc = SetAnyTypeByComponentOid ((ComponentSyntaxInfo*)&((ComponentOtherName*)csi_attr)->value, (&((ComponentOtherName*)csi_attr)->type_id));
rc = MatchingComponentAnyDefinedBy ( oid, (ComponentSyntaxInfo*)&((ComponentOtherName*)csi_attr)->value, (ComponentSyntaxInfo*)&((ComponentOtherName*)csi_assert)->value);
rc = MatchingComponentAnyDefinedBy ( oid, (ComponentAny*)&((ComponentOtherName*)csi_attr)->value, (ComponentAny*)&((ComponentOtherName*)csi_assert)->value);
if ( rc != LDAP_COMPARE_TRUE )
return rc;
return LDAP_COMPARE_TRUE;
@ -267,7 +267,7 @@ MatchingComponentORAddress ( char* oid, ComponentSyntaxInfo* csi_attr, Component
if ( rc != LDAP_COMPARE_TRUE )
return rc;
rc = SetAnyTypeByComponentOid ((ComponentSyntaxInfo*)&((ComponentORAddress*)csi_attr)->value, (&((ComponentORAddress*)csi_attr)->type_id));
rc = MatchingComponentAnyDefinedBy ( oid, (ComponentSyntaxInfo*)&((ComponentORAddress*)csi_attr)->value, (ComponentSyntaxInfo*)&((ComponentORAddress*)csi_assert)->value);
rc = MatchingComponentAnyDefinedBy ( oid, (ComponentAny*)&((ComponentORAddress*)csi_attr)->value, (ComponentAny*)&((ComponentORAddress*)csi_assert)->value);
if ( rc != LDAP_COMPARE_TRUE )
return rc;
rc = MatchingComponentOcts ( oid, (ComponentSyntaxInfo*)&((ComponentORAddress*)csi_attr)->extension, (ComponentSyntaxInfo*)&((ComponentORAddress*)csi_assert)->extension );
@ -1615,7 +1615,7 @@ ExtractingComponentGeneralNames ( void* mem_op, ComponentReference* cr, Componen
case LDAP_COMPREF_COUNT :
k = (ComponentInt*)CompAlloc( mem_op, sizeof(ComponentInt));
k->comp_desc = CompAlloc( mem_op, sizeof( ComponentDesc ) );
k->comp_desc->cd_tag = NULL;
k->comp_desc->cd_tag = (-1);
k->comp_desc->cd_gser_decoder = (gser_decoder_func*)GDecComponentInt;
k->comp_desc->cd_ber_decoder = (ber_decoder_func*)BDecComponentInt;
k->comp_desc->cd_extract_i = (extract_component_from_id_func*)NULL;

2
contrib/slapd-modules/comp_match/certificate.asn1
View file

@ -3,7 +3,7 @@ BEGIN
-- based on RFC 3280 and X.509
Certificate ::= SEQUENCE {
tbsCertificate TBSCertificate,
toBeSigned TBSCertificate,
signatureAlgorithm AlgorithmIdentifier,
signature BIT STRING
}

47
contrib/slapd-modules/comp_match/certificate.c
View file

@ -18,7 +18,7 @@ BDecComponentCertificateTop( void* mem_op, GenBuf* b, void **v, AsnLen* bytesDec
return (-1);
}
return BDecComponentCertificate( mem_op, b, tag, elmtLen, (ComponentSyntaxInfo*)v,(int*)bytesDecoded, mode );
return BDecComponentCertificate( mem_op, b, tag, elmtLen, (ComponentCertificate**)v,(AsnLen*)bytesDecoded, mode );
}
void init_module_AuthenticationFramework() {
@ -90,7 +90,7 @@ MatchingComponentAlgorithmIdentifier ( char* oid, ComponentSyntaxInfo* csi_attr,
if ( rc != LDAP_COMPARE_TRUE )
return rc;
rc = SetAnyTypeByComponentOid ((ComponentSyntaxInfo*)&((ComponentAlgorithmIdentifier*)csi_attr)->parameters, (&((ComponentAlgorithmIdentifier*)csi_attr)->algorithm));
rc = MatchingComponentAnyDefinedBy ( oid, (ComponentSyntaxInfo*)&((ComponentAlgorithmIdentifier*)csi_attr)->parameters, (ComponentSyntaxInfo*)&((ComponentAlgorithmIdentifier*)csi_assert)->parameters);
rc = MatchingComponentAnyDefinedBy ( oid, (ComponentAny*)&((ComponentAlgorithmIdentifier*)csi_attr)->parameters, (ComponentAny*)&((ComponentAlgorithmIdentifier*)csi_assert)->parameters);
if ( rc != LDAP_COMPARE_TRUE )
return rc;
return LDAP_COMPARE_TRUE;
@ -792,7 +792,7 @@ MatchingComponentAttributeTypeAndValue ( char* oid, ComponentSyntaxInfo* csi_att
if ( rc != LDAP_COMPARE_TRUE )
return rc;
rc = SetAnyTypeByComponentOid ((ComponentSyntaxInfo*)&((ComponentAttributeTypeAndValue*)csi_attr)->value, (&((ComponentAttributeTypeAndValue*)csi_attr)->type));
rc = MatchingComponentAnyDefinedBy ( oid, (ComponentSyntaxInfo*)&((ComponentAttributeTypeAndValue*)csi_attr)->value, (ComponentSyntaxInfo*)&((ComponentAttributeTypeAndValue*)csi_assert)->value);
rc = MatchingComponentAnyDefinedBy ( oid, (ComponentAny*)&((ComponentAttributeTypeAndValue*)csi_attr)->value, (ComponentAny*)&((ComponentAttributeTypeAndValue*)csi_assert)->value);
if ( rc != LDAP_COMPARE_TRUE )
return rc;
return LDAP_COMPARE_TRUE;
@ -1514,7 +1514,7 @@ ExtractingComponentExtensions ( void* mem_op, ComponentReference* cr, ComponentE
case LDAP_COMPREF_COUNT :
k = (ComponentInt*)CompAlloc( mem_op, sizeof(ComponentInt));
k->comp_desc = CompAlloc( mem_op, sizeof( ComponentDesc ) );
k->comp_desc->cd_tag = NULL;
k->comp_desc->cd_tag = (-1);
k->comp_desc->cd_gser_decoder = (gser_decoder_func*)GDecComponentInt;
k->comp_desc->cd_ber_decoder = (ber_decoder_func*)BDecComponentInt;
k->comp_desc->cd_extract_i = (extract_component_from_id_func*)NULL;
@ -1757,7 +1757,7 @@ ExtractingComponentRelativeDistinguishedName ( void* mem_op, ComponentReference*
case LDAP_COMPREF_COUNT :
k = (ComponentInt*)CompAlloc( mem_op, sizeof(ComponentInt));
k->comp_desc = CompAlloc( mem_op, sizeof( ComponentDesc ) );
k->comp_desc->cd_tag = NULL;
k->comp_desc->cd_tag = (-1);
k->comp_desc->cd_gser_decoder = (gser_decoder_func*)GDecComponentInt;
k->comp_desc->cd_ber_decoder = (ber_decoder_func*)BDecComponentInt;
k->comp_desc->cd_extract_i = (extract_component_from_id_func*)NULL;
@ -1833,6 +1833,10 @@ int mode)
free ( t );
return -1;
}
t->comp_desc->cd_gser_encoder = (encoder_func*)NULL;
t->comp_desc->cd_ber_encoder = (encoder_func*)NULL;
t->comp_desc->cd_ldap_encoder = (encoder_func*)ConvertRDN2RFC2253;
t->comp_desc->cd_gser_decoder = (gser_decoder_func*)GDecComponentRelativeDistinguishedName ;
t->comp_desc->cd_ber_decoder = (ber_decoder_func*)BDecComponentRelativeDistinguishedName ;
t->comp_desc->cd_free = (comp_free_func*)NULL;
@ -1991,7 +1995,7 @@ ExtractingComponentRDNSequence ( void* mem_op, ComponentReference* cr, Component
case LDAP_COMPREF_COUNT :
k = (ComponentInt*)CompAlloc( mem_op, sizeof(ComponentInt));
k->comp_desc = CompAlloc( mem_op, sizeof( ComponentDesc ) );
k->comp_desc->cd_tag = NULL;
k->comp_desc->cd_tag = (-1);
k->comp_desc->cd_gser_decoder = (gser_decoder_func*)GDecComponentInt;
k->comp_desc->cd_ber_decoder = (ber_decoder_func*)BDecComponentInt;
k->comp_desc->cd_extract_i = (extract_component_from_id_func*)NULL;
@ -2067,6 +2071,10 @@ int mode)
free ( t );
return -1;
}
t->comp_desc->cd_gser_encoder = (encoder_func*)NULL;
t->comp_desc->cd_ber_encoder = (encoder_func*)NULL;
t->comp_desc->cd_ldap_encoder = (encoder_func*) ConvertRDNSequence2RFC2253;
t->comp_desc->cd_gser_decoder = (gser_decoder_func*)GDecComponentRDNSequence ;
t->comp_desc->cd_ber_decoder = (ber_decoder_func*)BDecComponentRDNSequence ;
t->comp_desc->cd_free = (comp_free_func*)NULL;
@ -2140,6 +2148,9 @@ int mode)
free ( t );
return -1;
}
t->comp_desc->cd_gser_encoder = (encoder_func*)NULL;
t->comp_desc->cd_ber_encoder = (encoder_func*)NULL;
t->comp_desc->cd_ldap_encoder = (encoder_func*)ConvertRDNSequence2RFC2253;
t->comp_desc->cd_gser_decoder = (gser_decoder_func*)GDecComponentRDNSequence ;
t->comp_desc->cd_ber_decoder = (ber_decoder_func*)BDecComponentRDNSequence ;
t->comp_desc->cd_free = (comp_free_func*)NULL;
@ -2969,7 +2980,7 @@ MatchingComponentCertificate ( char* oid, ComponentSyntaxInfo* csi_attr, Compone
}
rc = 1;
rc = MatchingComponentTBSCertificate ( oid, (ComponentSyntaxInfo*)((ComponentCertificate*)csi_attr)->tbsCertificate, (ComponentSyntaxInfo*)((ComponentCertificate*)csi_assert)->tbsCertificate );
rc = MatchingComponentTBSCertificate ( oid, (ComponentSyntaxInfo*)((ComponentCertificate*)csi_attr)->toBeSigned, (ComponentSyntaxInfo*)((ComponentCertificate*)csi_assert)->toBeSigned );
if ( rc != LDAP_COMPARE_TRUE )
return rc;
rc = MatchingComponentAlgorithmIdentifier ( oid, (ComponentSyntaxInfo*)((ComponentCertificate*)csi_attr)->signatureAlgorithm, (ComponentSyntaxInfo*)((ComponentCertificate*)csi_assert)->signatureAlgorithm );
@ -2985,12 +2996,12 @@ void*
ExtractingComponentCertificate ( void* mem_op, ComponentReference* cr, ComponentCertificate *comp )
{
if ( ( comp->tbsCertificate->identifier.bv_val && strncmp(comp->tbsCertificate->identifier.bv_val, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0 ) || ( strncmp(comp->tbsCertificate->id_buf, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0 ) ) {
if ( ( comp->toBeSigned->identifier.bv_val && strncmp(comp->toBeSigned->identifier.bv_val, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0 ) || ( strncmp(comp->toBeSigned->id_buf, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0 ) ) {
if ( cr->cr_curr->ci_next == NULL )
return comp->tbsCertificate;
return comp->toBeSigned;
else {
cr->cr_curr = cr->cr_curr->ci_next;
return ExtractingComponentTBSCertificate ( mem_op, cr, comp->tbsCertificate );
return ExtractingComponentTBSCertificate ( mem_op, cr, comp->toBeSigned );
}
}
if ( ( comp->signatureAlgorithm->identifier.bv_val && strncmp(comp->signatureAlgorithm->identifier.bv_val, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0 ) || ( strncmp(comp->signatureAlgorithm->id_buf, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0 ) ) {
@ -3045,11 +3056,11 @@ int mode)
if (((tagId1 == MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))))
{
elmtLen1 = BDecLen (b, &totalElmtsLen1 );
rc = BDecComponentTBSCertificate (mem_op, b, tagId1, elmtLen1, (&k->tbsCertificate), &totalElmtsLen1, mode);
rc = BDecComponentTBSCertificate (mem_op, b, tagId1, elmtLen1, (&k->toBeSigned), &totalElmtsLen1, mode);
if ( rc != LDAP_SUCCESS ) return rc;
(k->tbsCertificate)->identifier.bv_val = (k->tbsCertificate)->id_buf;
(k->tbsCertificate)->identifier.bv_len = strlen("tbsCertificate");
strcpy( (k->tbsCertificate)->identifier.bv_val, "tbsCertificate");
(k->toBeSigned)->identifier.bv_val = (k->toBeSigned)->id_buf;
(k->toBeSigned)->identifier.bv_len = strlen("toBeSigned");
strcpy( (k->toBeSigned)->identifier.bv_val, "toBeSigned");
tagId1 = BDecTag (b, &totalElmtsLen1);
}
else
@ -3151,11 +3162,11 @@ int mode)
Asn1Error("Error during Reading identifier");
return LDAP_PROTOCOL_ERROR;
}
if ( strncmp( peek_head, "tbsCertificate", strlen("tbsCertificate") ) == 0 ) {
rc = GDecComponentTBSCertificate (mem_op, b, (&k->tbsCertificate), bytesDecoded, mode);
if ( strncmp( peek_head, "toBeSigned", strlen("toBeSigned") ) == 0 ) {
rc = GDecComponentTBSCertificate (mem_op, b, (&k->toBeSigned), bytesDecoded, mode);
if ( rc != LDAP_SUCCESS ) return rc;
( k->tbsCertificate)->identifier.bv_val = peek_head;
( k->tbsCertificate)->identifier.bv_len = strLen;
( k->toBeSigned)->identifier.bv_val = peek_head;
( k->toBeSigned)->identifier.bv_len = strLen;
if( !(strLen = LocateNextGSERToken(mem_op,b,&peek_head,GSER_NO_COPY)) ){
Asn1Error("Error during Reading , ");
return LDAP_PROTOCOL_ERROR;

2
contrib/slapd-modules/comp_match/certificate.h
View file

@ -346,7 +346,7 @@ typedef struct Certificate /* SEQUENCE */
ComponentDesc* comp_desc;
struct berval identifier;
char id_buf[MAX_IDENTIFIER_LEN];
ComponentTBSCertificate* tbsCertificate; /* TBSCertificate */
ComponentTBSCertificate* toBeSigned; /* TBSCertificate */
ComponentAlgorithmIdentifier* signatureAlgorithm; /* AlgorithmIdentifier */
ComponentBits signature; /* BIT STRING */
} ComponentCertificate;

126
contrib/slapd-modules/comp_match/componentlib.c
View file

@ -67,9 +67,12 @@ FreeComponentBits ( ComponentBits* v ) {
int
GEncComponentBits ( GenBuf *b, ComponentBits *in )
{
GAsnBits bits = {0};
bits.value = in->value;
if ( !in )
return (-1);
return GEncAsnBitsContent ( b, &in->value );
return GEncAsnBitsContent ( b, &bits);
}
@ -105,6 +108,7 @@ GDecComponentBits ( void* mem_op, GenBuf *b, void *v, AsnLen *bytesDecoded, int
if ( k ) CompFree( mem_op, k );
return LDAP_DECODING_ERROR;
}
k->comp_desc->cd_gser_encoder = (encoder_func*)GEncComponentBits;
k->comp_desc->cd_gser_decoder = (gser_decoder_func*)GDecComponentBits;
k->comp_desc->cd_ber_decoder = (ber_decoder_func*)BDecComponentBits;
k->comp_desc->cd_free = (comp_free_func*)FreeComponentBits;
@ -165,6 +169,7 @@ BDecComponentBits ( void* mem_op, GenBuf *b, AsnTag tagId, AsnLen len, void *v,
if ( k ) CompFree( mem_op, k );
return LDAP_DECODING_ERROR;
}
k->comp_desc->cd_gser_encoder = (encoder_func*)GEncComponentBits;
k->comp_desc->cd_gser_decoder = (gser_decoder_func*)GDecComponentBits;
k->comp_desc->cd_ber_decoder = (ber_decoder_func*)BDecComponentBits;
k->comp_desc->cd_free = (comp_free_func*)FreeComponentBits;
@ -181,12 +186,16 @@ BDecComponentBits ( void* mem_op, GenBuf *b, AsnTag tagId, AsnLen len, void *v,
/*
* Component GSER BMPString Encoder
*/
int
GEncComponentBMPString ( GenBuf *b, ComponentBMPString *in )
{
if ( !in || in->value.octetLen <= 0 ) return (-1);
return GEncBMPStringContent ( b, &in->value );
}
int
GEncComponentBMPString ( GenBuf *b, ComponentBMPString *in )
{
GBMPString t = {0};
if ( !in || in->value.octetLen <= 0 )
return (-1);
t.value = in->value;
return GEncBMPStringContent ( b, &t );
}
/*
* Component GSER BMPString Decoder
@ -223,6 +232,7 @@ GDecComponentBMPString ( void* mem_op, GenBuf *b, void *v, AsnLen *bytesDecoded,
if ( k ) CompFree( mem_op, k );
return LDAP_DECODING_ERROR;
}
k->comp_desc->cd_gser_encoder = (encoder_func*)GEncComponentBMPString;
k->comp_desc->cd_gser_decoder = (gser_decoder_func*)GDecComponentBMPString;
k->comp_desc->cd_ber_decoder = (ber_decoder_func*)BDecComponentBMPString;
k->comp_desc->cd_free = (comp_free_func*)FreeComponentBMPString;
@ -283,6 +293,7 @@ BDecComponentBMPString ( void* mem_op, GenBuf *b, AsnTag tagId, AsnLen len, void
if ( k ) CompFree ( mem_op, k );
return LDAP_DECODING_ERROR;
}
k->comp_desc->cd_gser_encoder = (encoder_func*)GEncComponentBMPString;
k->comp_desc->cd_gser_decoder = (gser_decoder_func*)GDecComponentBMPString;
k->comp_desc->cd_ber_decoder = (ber_decoder_func*)BDecComponentBMPString;
k->comp_desc->cd_free = (comp_free_func*)FreeComponentBMPString;
@ -303,9 +314,11 @@ BDecComponentBMPString ( void* mem_op, GenBuf *b, AsnTag tagId, AsnLen len, void
int
GEncComponentUTF8String ( GenBuf *b, ComponentUTF8String *in )
{
GUTF8String t = {0};
if ( !in || in->value.octetLen <= 0 )
return (-1);
return GEncUTF8StringContent ( b, &in->value );
t.value = in->value;
return GEncUTF8StringContent ( b, &t );
}
/*
@ -343,6 +356,7 @@ GDecComponentUTF8String ( void* mem_op, GenBuf *b, void *v,
if ( k ) CompFree( mem_op, k );
return LDAP_DECODING_ERROR;
}
k->comp_desc->cd_gser_encoder = (encoder_func*)GEncComponentUTF8String;
k->comp_desc->cd_gser_decoder = (gser_decoder_func*)GDecComponentUTF8String;
k->comp_desc->cd_ber_decoder = (ber_decoder_func*)BDecComponentUTF8String;
k->comp_desc->cd_free = (comp_free_func*)FreeComponentUTF8String;
@ -401,6 +415,7 @@ BDecComponentUTF8String ( void* mem_op, GenBuf *b, AsnTag tagId, AsnLen len,
if ( k ) CompFree ( mem_op, k );
return LDAP_DECODING_ERROR;
}
k->comp_desc->cd_gser_encoder = (encoder_func*)GEncComponentUTF8String;
k->comp_desc->cd_gser_decoder = (gser_decoder_func*)GDecComponentUTF8String;
k->comp_desc->cd_ber_decoder = (ber_decoder_func*)BDecComponentUTF8String;
k->comp_desc->cd_free = (comp_free_func*)FreeComponentUTF8String;
@ -418,9 +433,12 @@ BDecComponentUTF8String ( void* mem_op, GenBuf *b, AsnTag tagId, AsnLen len,
int
GEncComponentTeletexString ( GenBuf *b, ComponentTeletexString *in )
{
GTeletexString t = {0};
if ( !in || in->value.octetLen <= 0 )
return (-1);
return GEncTeletexStringContent ( b, &in->value );
t.value = in->value;
return GEncTeletexStringContent ( b, &t );
}
/*
@ -458,6 +476,7 @@ GDecComponentTeletexString ( void* mem_op, GenBuf *b, void *v,
if ( k ) CompFree ( mem_op, k );
return LDAP_DECODING_ERROR;
}
k->comp_desc->cd_gser_encoder = (encoder_func*)GEncComponentTeletexString;
k->comp_desc->cd_gser_decoder = (gser_decoder_func*)GDecComponentTeletexString;
k->comp_desc->cd_ber_decoder = (ber_decoder_func*)BDecComponentTeletexString;
k->comp_desc->cd_free = (comp_free_func*)FreeComponentTeletexString;
@ -500,9 +519,12 @@ MatchingComponentBool(char* oid, ComponentSyntaxInfo* csi_attr,
int
GEncComponentBool ( GenBuf *b, ComponentBool *in )
{
GAsnBool t = {0};
if ( !in )
return (-1);
return GEncAsnBoolContent ( b, &in->value );
t.value = in->value;
return GEncAsnBoolContent ( b, &t );
}
/*
@ -537,6 +559,7 @@ GDecComponentBool ( void* mem_op, GenBuf *b, void *v, AsnLen *bytesDecoded, int
if ( k ) CompFree ( mem_op, k );
return LDAP_DECODING_ERROR;
}
k->comp_desc->cd_gser_encoder = (encoder_func*)GEncComponentBool;
k->comp_desc->cd_gser_decoder = (gser_decoder_func*)GDecComponentBool;
k->comp_desc->cd_ber_decoder = (ber_decoder_func*)BDecComponentBool;
k->comp_desc->cd_free = (comp_free_func*)NULL;
@ -594,6 +617,7 @@ BDecComponentBool ( void* mem_op, GenBuf *b, AsnTag tagId, AsnLen len, void *v,
if ( k ) CompFree ( mem_op, k );
return LDAP_DECODING_ERROR;
}
k->comp_desc->cd_gser_encoder = (encoder_func*)GEncComponentBool;
k->comp_desc->cd_gser_decoder = (gser_decoder_func*)GDecComponentBool;
k->comp_desc->cd_ber_decoder = (ber_decoder_func*)BDecComponentBool;
k->comp_desc->cd_free = (comp_free_func*)NULL;
@ -636,9 +660,12 @@ MatchingComponentEnum ( char* oid, ComponentSyntaxInfo *csi_attr,
int
GEncComponentEnum ( GenBuf *b, ComponentEnum *in )
{
GAsnEnum t = {0};
if ( !in )
return (-1);
return GEncAsnEnumContent ( b, &in->value );
t.value = in->value;
return GEncAsnEnumContent ( b, &t );
}
/*
@ -675,6 +702,7 @@ GDecComponentEnum ( void* mem_op, GenBuf *b, void *v, AsnLen *bytesDecoded, int
if ( k ) CompFree ( mem_op, k );
return LDAP_DECODING_ERROR;
}
k->comp_desc->cd_gser_encoder = (encoder_func*)GEncComponentEnum;
k->comp_desc->cd_gser_decoder = (gser_decoder_func*)GDecComponentEnum;
k->comp_desc->cd_ber_decoder = (ber_decoder_func*)BDecComponentEnum;
k->comp_desc->cd_free = (comp_free_func*)NULL;
@ -733,6 +761,7 @@ BDecComponentEnum ( void* mem_op, GenBuf *b, AsnTag tagId, AsnLen len, void *v,
if ( k ) CompFree ( mem_op, k );
return LDAP_DECODING_ERROR;
}
k->comp_desc->cd_gser_encoder = (encoder_func*)GEncComponentEnum;
k->comp_desc->cd_gser_decoder = (gser_decoder_func*)GDecComponentEnum;
k->comp_desc->cd_ber_decoder = (ber_decoder_func*)BDecComponentEnum;
k->comp_desc->cd_free = (comp_free_func*)NULL;
@ -752,8 +781,10 @@ BDecComponentEnum ( void* mem_op, GenBuf *b, AsnTag tagId, AsnLen len, void *v,
int
GEncComponentIA5Stirng ( GenBuf *b, ComponentIA5String* in )
{
GIA5String t = {0};
t.value = in->value;
if ( !in || in->value.octetLen <= 0 ) return (-1);
return GEncIA5StringContent( b, &in->value );
return GEncIA5StringContent( b, &t );
}
/*
@ -801,6 +832,7 @@ BDecComponentIA5String ( void* mem_op, GenBuf *b, AsnTag tagId, AsnLen len, void
if ( k ) CompFree ( mem_op, k );
return LDAP_DECODING_ERROR;
}
k->comp_desc->cd_gser_encoder = (encoder_func*)GEncComponentIA5String;
k->comp_desc->cd_gser_decoder = (gser_decoder_func*)GDecComponentIA5String;
k->comp_desc->cd_ber_decoder = (ber_decoder_func*)BDecComponentIA5String;
k->comp_desc->cd_free = (comp_free_func*)FreeComponentIA5String;
@ -844,8 +876,12 @@ function*/
int
GEncComponentInt ( GenBuf *b, ComponentInt* in )
{
if ( !in ) return (-1);
return GEncAsnIntContent ( b, &in->value );
GAsnInt t = {0};
if ( !in )
return (-1);
t.value = in->value;
return GEncAsnIntContent ( b, &t );
}
/*
@ -880,6 +916,7 @@ GDecComponentInt( void* mem_op, GenBuf * b, void *v, AsnLen *bytesDecoded, int m
if ( k ) CompFree ( mem_op, k );
return LDAP_DECODING_ERROR;
}
k->comp_desc->cd_gser_encoder = (encoder_func*)GEncComponentInt;
k->comp_desc->cd_gser_decoder = (gser_decoder_func*)GDecComponentInt;
k->comp_desc->cd_ber_decoder = (ber_decoder_func*)BDecComponentInt;
k->comp_desc->cd_free = (comp_free_func*)NULL;
@ -933,6 +970,7 @@ BDecComponentInt ( void* mem_op, GenBuf *b, AsnTag tagId, AsnLen len, void *v,
if ( k ) CompFree ( mem_op, k );
return LDAP_DECODING_ERROR;
}
k->comp_desc->cd_gser_encoder = (encoder_func*)GEncComponentInt;
k->comp_desc->cd_gser_decoder = (gser_decoder_func*)GDecComponentInt;
k->comp_desc->cd_ber_decoder = (ber_decoder_func*)BDecComponentInt;
k->comp_desc->cd_free = (comp_free_func*)NULL;
@ -973,8 +1011,12 @@ MatchingComponentNull ( char *oid, ComponentSyntaxInfo *csi_attr,
int
GEncComponentNull ( GenBuf *b, ComponentNull *in )
{
if ( !in ) return (-1);
return GEncAsnNullContent ( b, &in->value );
GAsnNull t = {0};
if ( !in )
return (-1);
t.value = in->value;
return GEncAsnNullContent ( b, &t );
}
/*
@ -1009,6 +1051,7 @@ GDecComponentNull ( void* mem_op, GenBuf *b, void *v, AsnLen *bytesDecoded, int
if ( k ) CompFree ( mem_op, k );
return LDAP_DECODING_ERROR;
}
k->comp_desc->cd_gser_encoder = (encoder_func*)GEncComponentNull;
k->comp_desc->cd_gser_decoder = (gser_decoder_func*)GDecComponentNull;
k->comp_desc->cd_ber_decoder = (ber_decoder_func*)BDecComponentNull;
k->comp_desc->cd_free = (comp_free_func*)FreeComponentNull;
@ -1068,6 +1111,7 @@ BDecComponentNull ( void* mem_op, GenBuf *b, AsnTag tagId, AsnLen len, void *v,
if ( k ) CompFree ( mem_op, k );
return LDAP_DECODING_ERROR;
}
k->comp_desc->cd_gser_encoder = (encoder_func*)GEncComponentNull;
k->comp_desc->cd_gser_decoder = (gser_decoder_func*)GDecComponentNull;
k->comp_desc->cd_ber_decoder = (ber_decoder_func*)BDecComponentNull;
k->comp_desc->cd_free = (comp_free_func*)FreeComponentNull;
@ -1123,6 +1167,7 @@ BDecComponentNumericString ( void* mem_op, GenBuf *b, AsnTag tagId, AsnLen len,
if ( k ) CompFree ( mem_op, k );
return LDAP_DECODING_ERROR;
}
k->comp_desc->cd_gser_encoder = (encoder_func*)GEncComponentNumericString;
k->comp_desc->cd_gser_decoder = (gser_decoder_func*)GDecComponentNumericString;
k->comp_desc->cd_ber_decoder = (ber_decoder_func*)BDecComponentNumericString;
k->comp_desc->cd_free = (comp_free_func*)FreeComponentNumericString;
@ -1177,9 +1222,12 @@ MatchingComponentOcts ( char* oid, ComponentSyntaxInfo* csi_attr,
int
GEncComponentOcts ( GenBuf* b, ComponentOcts *in )
{
GAsnOcts t = {0};
if ( !in || in->value.octetLen <= 0 )
return (-1);
return GEncAsnOctsContent ( b, &in->value );
t.value = in->value;
return GEncAsnOctsContent ( b, &t );
}
/*
@ -1214,6 +1262,7 @@ GDecComponentOcts ( void* mem_op, GenBuf *b, void *v, AsnLen *bytesDecoded, int
if ( k ) CompFree ( mem_op, k );
return LDAP_DECODING_ERROR;
}
k->comp_desc->cd_gser_encoder = (encoder_func*)GEncComponentOcts;
k->comp_desc->cd_gser_decoder = (gser_decoder_func*)GDecComponentOcts;
k->comp_desc->cd_ber_decoder = (ber_decoder_func*)BDecComponentOcts;
k->comp_desc->cd_free = (comp_free_func*)FreeComponentOcts;
@ -1271,6 +1320,7 @@ BDecComponentOcts ( void* mem_op, GenBuf *b, AsnTag tagId, AsnLen len, void *v,
if ( k ) CompFree ( mem_op, k );
return LDAP_DECODING_ERROR;
}
k->comp_desc->cd_gser_encoder = (encoder_func*)GEncComponentOcts;
k->comp_desc->cd_gser_decoder = (gser_decoder_func*)GDecComponentOcts;
k->comp_desc->cd_ber_decoder = (ber_decoder_func*)BDecComponentOcts;
k->comp_desc->cd_free = (comp_free_func*)FreeComponentOcts;
@ -1314,8 +1364,12 @@ MatchingComponentOid ( char *oid, ComponentSyntaxInfo *csi_attr ,
*/
GEncComponentOid ( GenBuf *b, ComponentOid *in )
{
if ( !in || in->value.octetLen <= 0 ) return (-1);
return GEncAsnOidContent( b, &in->value );
GAsnOid t = {0};
if ( !in || in->value.octetLen <= 0 )
return (-1);
t.value = in->value;
return GEncAsnOidContent( b, (GAsnOcts*)&t );
}
/*
@ -1340,7 +1394,7 @@ GDecAsnDescOidContent ( void* mem_op, GenBuf *b, GAsnOid *result, AsnLen *bytesD
peek_head = ad_type->sat_atype.at_oid;
strLen = strlen ( peek_head );
result->value.octs = EncodeComponentOid ( mem_op, peek_head , &strLen );
result->value.octs = (char*)EncodeComponentOid ( mem_op, peek_head , &strLen );
result->value.octetLen = strLen;
return LDAP_SUCCESS;
}
@ -1400,6 +1454,7 @@ GDecComponentOid ( void* mem_op, GenBuf *b, void *v, AsnLen *bytesDecoded, int m
if ( k ) CompFree ( mem_op, k );
return LDAP_DECODING_ERROR;
}
k->comp_desc->cd_gser_encoder = (encoder_func*)GEncComponentOid;
k->comp_desc->cd_gser_decoder = (gser_decoder_func*)GDecComponentOid;
k->comp_desc->cd_ber_decoder = (ber_decoder_func*)BDecComponentOid;
k->comp_desc->cd_free = (comp_free_func*)FreeComponentOid;
@ -1457,6 +1512,7 @@ BDecComponentOid ( void* mem_op, GenBuf *b, AsnTag tagId, AsnLen len, void *v,
if ( k ) CompFree ( mem_op, k );
return LDAP_DECODING_ERROR;
}
k->comp_desc->cd_gser_encoder = (encoder_func*)GEncComponentOid;
k->comp_desc->cd_gser_decoder = (gser_decoder_func*)GDecComponentOid;
k->comp_desc->cd_ber_decoder = (ber_decoder_func*)BDecComponentOid;
k->comp_desc->cd_free = (comp_free_func*)FreeComponentOid;
@ -1514,6 +1570,7 @@ BDecComponentPrintableString( void* mem_op, GenBuf *b, AsnTag tagId, AsnLen len,
if ( k ) CompFree ( mem_op, k );
return LDAP_DECODING_ERROR;
}
k->comp_desc->cd_gser_encoder = (encoder_func*)GEncComponentPrintableString;
k->comp_desc->cd_gser_decoder = (gser_decoder_func*)GDecComponentPrintableString;
k->comp_desc->cd_ber_decoder = (ber_decoder_func*)BDecComponentPrintableString;
k->comp_desc->cd_free = (comp_free_func*)FreeComponentPrintableString;
@ -1555,9 +1612,11 @@ MatchingComponentReal (char* oid, ComponentSyntaxInfo *csi_attr,
int
GEncComponentReal ( GenBuf *b, ComponentReal *in )
{
GAsnReal t = {0};
if ( !in )
return (-1);
return GEncAsnRealContent ( b, &in->value );
t.value = in->value;
return GEncAsnRealContent ( b, &t );
}
/*
@ -1592,6 +1651,7 @@ GDecComponentReal ( void* mem_op, GenBuf *b, void *v, AsnLen *bytesDecoded, int
if ( k ) CompFree ( mem_op, k );
return LDAP_DECODING_ERROR;
}
k->comp_desc->cd_gser_encoder = (encoder_func*)GEncComponentReal;
k->comp_desc->cd_gser_decoder = (gser_decoder_func*)GDecComponentReal;
k->comp_desc->cd_ber_decoder = (ber_decoder_func*)BDecComponentReal;
k->comp_desc->cd_free = (comp_free_func*)NULL;
@ -1648,6 +1708,7 @@ BDecComponentReal ( void* mem_op, GenBuf *b, AsnTag tagId, AsnLen len, void *v,
if ( k ) CompFree ( mem_op, k );
return LDAP_DECODING_ERROR;
}
k->comp_desc->cd_gser_encoder = (encoder_func*)GEncComponentReal;
k->comp_desc->cd_gser_decoder = (gser_decoder_func*)GDecComponentReal;
k->comp_desc->cd_ber_decoder = (ber_decoder_func*)BDecComponentReal;
k->comp_desc->cd_free = (comp_free_func*)NULL;
@ -1694,9 +1755,12 @@ MatchingComponentRelativeOid ( char* oid, ComponentSyntaxInfo *csi_attr,
int
GEncComponentRelativeOid ( GenBuf *b, ComponentRelativeOid *in )
{
GAsnRelativeOid t = {0};
if ( !in || in->value.octetLen <= 0 )
return (-1);
return GEncAsnRelativeOidContent ( b , &in->value );
t.value = in->value;
return GEncAsnRelativeOidContent ( b , (GAsnOcts*)&t );
}
/*
@ -1731,6 +1795,7 @@ GDecComponentRelativeOid ( void* mem_op, GenBuf *b,void *v, AsnLen *bytesDecoded
if ( k ) CompFree ( mem_op, k );
return LDAP_DECODING_ERROR;
}
k->comp_desc->cd_gser_encoder = (encoder_func*)GEncComponentRelativeOid;
k->comp_desc->cd_gser_decoder = (gser_decoder_func*)GDecComponentRelativeOid;
k->comp_desc->cd_ber_decoder = (ber_decoder_func*)BDecComponentRelativeOid;
k->comp_desc->cd_free = (comp_free_func*)FreeComponentRelativeOid;
@ -1787,6 +1852,7 @@ BDecComponentRelativeOid ( void* mem_op, GenBuf *b, AsnTag tagId, AsnLen len, vo
if ( k ) CompFree ( mem_op, k );
return LDAP_DECODING_ERROR;
}
k->comp_desc->cd_gser_encoder = (encoder_func*)GEncComponentRelativeOid;
k->comp_desc->cd_gser_decoder = (gser_decoder_func*)GDecComponentRelativeOid;
k->comp_desc->cd_ber_decoder = (ber_decoder_func*)BDecComponentRelativeOid;
k->comp_desc->cd_free = (comp_free_func*)FreeComponentRelativeOid;
@ -1805,9 +1871,11 @@ BDecComponentRelativeOid ( void* mem_op, GenBuf *b, AsnTag tagId, AsnLen len, vo
int
GEncComponentUniversalString ( GenBuf *b, ComponentUniversalString *in )
{
GUniversalString t = {0};
if ( !in || in->value.octetLen <= 0 )
return (-1);
return GEncUniversalStringContent( b, &in->value );
t.value = in->value;
return GEncUniversalStringContent( b, &t );
}
/*
@ -1870,6 +1938,7 @@ BDecComponentUniversalString ( void* mem_op, GenBuf *b, AsnTag tagId, AsnLen len
if ( k ) CompFree ( mem_op, k );
return LDAP_DECODING_ERROR;
}
k->comp_desc->cd_gser_encoder = (encoder_func*)GEncComponentUniversalString;
k->comp_desc->cd_gser_decoder = (gser_decoder_func*)GDecComponentUniversalString;
k->comp_desc->cd_ber_decoder = (ber_decoder_func*)BDecComponentUniversalString;
k->comp_desc->cd_free = (comp_free_func*)FreeComponentUniversalString;
@ -1921,6 +1990,7 @@ BDecComponentVisibleString ( void* mem_op, GenBuf *b, AsnTag tagId, AsnLen len,
if ( k ) CompFree ( mem_op, k );
return LDAP_DECODING_ERROR;
}
k->comp_desc->cd_gser_encoder = (encoder_func*)GEncComponentVisibleString;
k->comp_desc->cd_gser_decoder = (gser_decoder_func*)GDecComponentVisibleString;
k->comp_desc->cd_ber_decoder = (ber_decoder_func*)BDecComponentVisibleString;
k->comp_desc->cd_free = (comp_free_func*)FreeComponentVisibleString;
@ -2005,7 +2075,8 @@ GEncComponentAny ( GenBuf *b, ComponentAny *in )
{
if ( in->cai != NULL && in->cai->Encode != NULL )
return in->cai->Encode(b, &in->value );
else return (-1);
else
return (-1);
}
int
@ -2034,6 +2105,7 @@ BEncComponentAny ( void* mem_op, GenBuf *b, ComponentAny *result, AsnLen *bytesD
if ( k ) CompFree ( mem_op, k );
return LDAP_DECODING_ERROR;
}
k->comp_desc->cd_gser_encoder = (encoder_func*)GEncComponentAny;
k->comp_desc->cd_gser_decoder = (gser_decoder_func*)GDecComponentAny;
k->comp_desc->cd_ber_decoder = (ber_decoder_func*)BDecComponentAny;
k->comp_desc->cd_free = (comp_free_func*)FreeComponentAny;
@ -2072,7 +2144,7 @@ BDecComponentAny ( void* mem_op, GenBuf *b, ComponentAny *result, AsnLen *bytesD
result->value = (void*) CompAlloc ( mem_op, result->cai->size );
if ( !result->value ) return 0;
#endif
result->cai->BER_Decode ( mem_op, b, &result->value, (int*)bytesDecoded, DEC_ALLOC_MODE_0 );
result->cai->BER_Decode ( mem_op, b, (ComponentSyntaxInfo*)&result->value, (int*)bytesDecoded, DEC_ALLOC_MODE_0 );
#if 0
rc = BDecComponentTop( result->cai->BER_Decode, mem_op, 0, 0, &result->value, bytesDecoded, DEC_ALLOC_MODE_0 );
if ( rc != LDAP_SUCCESS ) return rc;
@ -2083,6 +2155,7 @@ BDecComponentAny ( void* mem_op, GenBuf *b, ComponentAny *result, AsnLen *bytesD
if ( k ) CompFree ( mem_op, k );
return LDAP_DECODING_ERROR;
}
k->comp_desc->cd_gser_encoder = (encoder_func*)GEncComponentAny;
k->comp_desc->cd_gser_decoder = (gser_decoder_func*)GDecComponentAny;
k->comp_desc->cd_ber_decoder = (ber_decoder_func*)BDecComponentAny;
k->comp_desc->cd_free = (comp_free_func*)FreeComponentAny;
@ -2121,6 +2194,7 @@ GDecComponentAny ( void* mem_op, GenBuf *b, ComponentAny *result, AsnLen *bytesD
if ( k ) CompFree ( mem_op, k );
return LDAP_DECODING_ERROR;
}
k->comp_desc->cd_gser_encoder = (encoder_func*)GEncComponentAny;
k->comp_desc->cd_gser_decoder = (gser_decoder_func*)GDecComponentAny;
k->comp_desc->cd_ber_decoder = (ber_decoder_func*)BDecComponentAny;
k->comp_desc->cd_free = (comp_free_func*)FreeComponentAny;
@ -2310,7 +2384,7 @@ RetrieveOidDecoderMappingbyDesc( char* desc, int desc_len ) {
mem_op = comp_nibble_memory_allocator ( 128, 16 );
oid.octs = EncodeComponentOid ( mem_op, oid.octs , &oid.octetLen );
oid.octs = EncodeComponentOid ( mem_op, oid.octs , (int*)&oid.octetLen );
if( oid.octetLen <= 0 ) {
comp_nibble_memory_free( mem_op );
return (OidDecoderMapping*) NULL;

48
contrib/slapd-modules/comp_match/componentlib.h
View file

@ -29,6 +29,24 @@
#define MAX_IDENTIFIER_LEN 128
#define COMPONENTNOT_NULL(ptr) ((ptr) != NULL)
typedef struct slap_component_type {
/*
* Don't change the order of following fields
* They are identical the first 9 fields of
* AttributeType
*/
LDAPAttributeType ct_atype;
struct berval ct_cname;
struct slap_attribute_type *ct_sup;
struct slap_attribute_type **ct_subtypes;
MatchingRule *ct_equality;
MatchingRule *ct_approx;
MatchingRule *ct_ordering;
MatchingRule *ct_substr;
Syntax *ct_syntax;
} ComponentType;
/*
* BIT STRING
*/
@ -447,6 +465,25 @@ typedef struct asntype_to_syntax {
Syntax *ats_syn;
} AsnTypetoSyntax;
typedef struct asntype_to_comp_matchingrule {
AsnTypeId atc_typeId;
char* atc_equality;
char* atc_approx;
char* atc_ordering;
char* atc_substr;
} AsnTypetoCompMatchingRule;
typedef struct asntype_to_comp_desc {
AsnTypeId atcd_typeId;
ComponentDesc atcd_cd;
} AsnTypetoCompDesc;
typedef struct asntype_to_comp_type {
AsnTypeId ac_asn_id;
ComponentType ac_comp_type;
} AsnTypetoCompType;
/* refined matching purpose */
typedef struct asntype_to_matchingrule {
AsnTypeId atmr_typeId;
char* atmr_mr_name;
@ -461,8 +498,6 @@ typedef struct asntype_to_matchingrule_table {
struct asntype_to_matchingrule_table* atmr_table_next;
} AsnTypetoMatchingRuleTable;
extern AsnTypetoSyntax asn_to_syntax_mapping_tbl[];
#define MAX_OID_LEN 256
#define MAX_OD_ENTRY 8
@ -543,4 +578,13 @@ typedef struct comp_irAttributeTypeAndValue /* SEQUENCE */
#define RDN_MATCH_OID "1.2.36.79672281.1.13.3"
#define DN_MATCH_OID "2.5.13.1"
extern AsnTypetoSyntax asn_to_syntax_mapping_tbl[];
extern AsnTypetoCompMatchingRule asntype_to_compMR_mapping_tbl[];
extern AsnTypetoCompType asntype_to_compType_mapping_tbl[];
extern AsnTypetoCompDesc asntype_to_compdesc_mapping_tbl[];
int ConvertRDN2RFC2253 ( irRelativeDistinguishedName* in, struct berval *out );
int ConvertRDNSequence2RFC2253( irRDNSequence *in, struct berval* out );
void* comp_nibble_memory_allocator ( int init_mem, int inc_mem );
#endif

159
contrib/slapd-modules/comp_match/init.c
View file

@ -65,13 +65,13 @@ add_aa_entry( int index, char* aliasing_at_name, char* aliased_at_name, char* mr
/* get and store aliasing AttributeDescription */
type.bv_val = aliasing_at_name;
type.bv_len = strlen ( aliasing_at_name );
rc = slap_bv2ad ( &type, &aa_table[index].aa_aliasing_ad,(char**)text );
rc = slap_bv2ad ( &type, &aa_table[index].aa_aliasing_ad,(const char**)text );
if ( rc != LDAP_SUCCESS ) return rc;
/* get and store aliased AttributeDescription */
type.bv_val = aliased_at_name;
type.bv_len = strlen ( aliased_at_name );
rc = slap_bv2ad ( &type, &aa_table[index].aa_aliased_ad,(char**)text );
rc = slap_bv2ad ( &type, &aa_table[index].aa_aliased_ad,(const char**)text );
if ( rc != LDAP_SUCCESS ) return rc;
/* get and store componentFilterMatch */
@ -82,7 +82,7 @@ add_aa_entry( int index, char* aliasing_at_name, char* aliased_at_name, char* mr
/* get and store a component filter */
type.bv_val = component_filter;
type.bv_len = strlen ( component_filter );
rc = get_comp_filter( NULL, &type, &aa_table[index].aa_cf,(char**)text);
rc = get_comp_filter( NULL, &type, &aa_table[index].aa_cf,(const char**)text);
aa_table[index].aa_cf_str = component_filter;
@ -99,9 +99,9 @@ add_aa_entry( int index, char* aliasing_at_name, char* aliased_at_name, char* mr
* See RFC3687 to understand the content of a component filter.
*/
char* pre_processed_comp_filter[] = {
/*1*/"item:{ component \"tbsCertificate.issuer.rdnSequence\", rule distinguishedNameMatch, value xxx }",
/*2*/"item:{ component \"tbsCertificate.serialNumber\", rule integerMatch, value xxx }",
/*3*/"and:{ item:{ component \"tbsCertificate.serialNumber\", rule integerMatch, value xxx }, item:{ component \"tbsCertificate.issuer.rdnSequence\", rule distinguishedNameMatch, value xxx } }"
/*1*/"item:{ component \"toBeSigned.issuer.rdnSequence\", rule distinguishedNameMatch, value xxx }",
/*2*/"item:{ component \"toBeSigned.serialNumber\", rule integerMatch, value xxx }",
/*3*/"and:{ item:{ component \"toBeSigned.serialNumber\", rule integerMatch, value xxx }, item:{ component \"toBeSigned.issuer.rdnSequence\", rule distinguishedNameMatch, value xxx } }"
};
static int
@ -125,6 +125,60 @@ init_attribute_aliasing_table ()
return LDAP_SUCCESS;
}
void
init_component_description_table () {
AsnTypeId id;
struct berval mr;
AsnTypetoSyntax* asn_to_syn;
Syntax* syn;
for ( id = BASICTYPE_BOOLEAN; id != ASNTYPE_END ; id++ ) {
#if 0
asntype_to_compType_mapping_tbl[id].ac_comp_type.ct_atype;
asntype_to_compType_mapping_tbl[id].ac_comp_type.ct_cname = {0,NULL};
#endif
asntype_to_compType_mapping_tbl[id].ac_comp_type.ct_subtypes = NULL;
asntype_to_compType_mapping_tbl[id].ac_comp_type.ct_syntax = NULL;
/* Equality Matching Rule */
if ( asntype_to_compMR_mapping_tbl[id].atc_equality ) {
mr.bv_val = asntype_to_compMR_mapping_tbl[id].atc_equality;
mr.bv_len = strlen(asntype_to_compMR_mapping_tbl[id].atc_equality);
asntype_to_compType_mapping_tbl[id].ac_comp_type.ct_equality = mr_bvfind( &mr );
}
/* Approx Matching Rule */
if ( asntype_to_compMR_mapping_tbl[id].atc_approx ) {
mr.bv_val = asntype_to_compMR_mapping_tbl[id].atc_approx;
mr.bv_len = strlen(asntype_to_compMR_mapping_tbl[id].atc_approx);
asntype_to_compType_mapping_tbl[id].ac_comp_type.ct_approx = mr_bvfind( &mr );
}
/* Ordering Matching Rule */
if ( asntype_to_compMR_mapping_tbl[id].atc_ordering ) {
mr.bv_val = asntype_to_compMR_mapping_tbl[id].atc_ordering;
mr.bv_len = strlen(asntype_to_compMR_mapping_tbl[id].atc_ordering);
asntype_to_compType_mapping_tbl[id].ac_comp_type.ct_ordering= mr_bvfind( &mr );
}
/* Substr Matching Rule */
if ( asntype_to_compMR_mapping_tbl[id].atc_substr ) {
mr.bv_val = asntype_to_compMR_mapping_tbl[id].atc_substr;
mr.bv_len = strlen(asntype_to_compMR_mapping_tbl[id].atc_substr);
asntype_to_compType_mapping_tbl[id].ac_comp_type.ct_substr = mr_bvfind( &mr );
}
/* Syntax */
asn_to_syn = &asn_to_syntax_mapping_tbl[ id ];
if ( asn_to_syn->ats_syn_oid )
syn = syn_find ( asn_to_syn->ats_syn_oid );
else
syn = NULL;
asntype_to_compType_mapping_tbl[id].ac_comp_type.ct_syntax = syn;
asntype_to_compdesc_mapping_tbl[id].atcd_cd.cd_comp_type = (AttributeType*)&asntype_to_compType_mapping_tbl[id].ac_comp_type;
}
}
MatchingRule*
retrieve_matching_rule( char* mr_oid, AsnTypeId type ) {
char* tmp;
@ -147,7 +201,6 @@ retrieve_matching_rule( char* mr_oid, AsnTypeId type ) {
void*
comp_convert_attr_to_comp LDAP_P (( Attribute* a, Syntax *syn, struct berval* bv ))
{
char* peek_head;
int mode, bytesDecoded, size, rc;
void* component;
@ -159,7 +212,7 @@ comp_convert_attr_to_comp LDAP_P (( Attribute* a, Syntax *syn, struct berval* bv
/* look for the decoder registered for the given attribute */
odm = RetrieveOidDecoderMappingbyOid( oid, strlen(oid) );
if ( !odm || (!odm->BER_Decode && odm->GSER_Decode) )
if ( !odm || (!odm->BER_Decode && !odm->GSER_Decode) )
return (void*)NULL;
buf = ExpBufAllocBuf();
@ -173,14 +226,14 @@ comp_convert_attr_to_comp LDAP_P (( Attribute* a, Syntax *syn, struct berval* bv
* Currently BER decoder is called for a certificate.
* The flag of Attribute will say something about it in the future
*/
if ( slap_syntax_is_ber ( syn ) ) {
if ( syn && slap_syntax_is_ber ( syn ) ) {
#if 0
rc =BDecComponentTop(odm->BER_Decode, a->a_comp_data->cd_mem_op, b, 0,0, &component,&bytesDecoded,mode ) ;
#endif
rc = odm->BER_Decode ( a->a_comp_data->cd_mem_op,b,&component,&bytesDecoded, mode );
rc = odm->BER_Decode ( a->a_comp_data->cd_mem_op, b, (ComponentSyntaxInfo*)&component, &bytesDecoded, mode );
}
else {
rc = odm->GSER_Decode( a->a_comp_data->cd_mem_op, b, component,&bytesDecoded,mode);
rc = odm->GSER_Decode( a->a_comp_data->cd_mem_op, b, (ComponentSyntaxInfo**)component, &bytesDecoded, mode);
}
ExpBufFreeBuf( buf );
@ -202,7 +255,7 @@ comp_free_component ( void* mem_op ) {
return;
}
int
void
comp_convert_assert_to_comp (
void* mem_op,
ComponentSyntaxInfo *csi_attr,
@ -224,7 +277,6 @@ comp_convert_assert_to_comp (
rc = (*decoder)( mem_op, genBuf, csi, len, mode );
ExpBufFreeBuf ( buf );
return rc;
}
int intToAscii( int value, char* buf ) {
@ -335,6 +387,7 @@ comp_convert_asn_to_ldap ( MatchingRule* mr, ComponentSyntaxInfo* csi, struct be
return LDAP_INVALID_SYNTAX;
return comp_convert_asn_to_ldap( mr, csi, bv, allocated );
case COMPOSITE_ASN1_TYPE :
break;
case RDNSequence :
/*dnMatch*/
if( strncmp( mr->smr_mrule.mr_oid, DN_MATCH_OID, strlen(DN_MATCH_OID) ) != 0 )
@ -521,6 +574,8 @@ comp_test_one_component (
assert_bv = ca->ca_comp_data.cd_tree;
}
#endif
if ( !n_attr_bv.bv_val )
return LDAP_COMPARE_FALSE;
rc = csi_value_match( mr, &n_attr_bv, assert_bv );
if ( n_attr_bv.bv_val )
free ( n_attr_bv.bv_val );
@ -540,6 +595,8 @@ comp_test_components( void* attr_nm, void* assert_nm, ComponentSyntaxInfo* csi_a
void* contained_comp, *anytype_comp;
ComponentReference* cr = ca->ca_comp_ref;
if ( !cr )
return comp_test_one_component ( attr_nm, assert_nm, csi_attr, ca );
/* Extracting the component refrenced by ca->ca_comp_ref */
csi_attr = (ComponentSyntaxInfo*)csi_attr->csi_comp_desc->cd_extract_i( attr_nm, cr, csi_attr );
if ( !csi_attr ) return LDAP_INVALID_SYNTAX;
@ -612,7 +669,7 @@ comp_test_components( void* attr_nm, void* assert_nm, ComponentSyntaxInfo* csi_a
#if 0
rc =BDecComponentTop( odm->BER_Decode, attr_nm, b, 0,0, &contained_comp,&bytesDecoded, mode );
#endif
rc = odm->BER_Decode ( attr_nm,b,&contained_comp,&bytesDecoded, mode );
rc = odm->BER_Decode ( attr_nm, b, (ComponentSyntaxInfo*)&contained_comp, &bytesDecoded, mode );
#if 0
if ( rc != LDAP_SUCCESS ) {
@ -663,7 +720,7 @@ comp_test_components( void* attr_nm, void* assert_nm, ComponentSyntaxInfo* csi_a
void*
comp_nibble_memory_allocator ( int init_mem, int inc_mem ) {
void* nm;
nm = InitNibbleMemLocal( init_mem, inc_mem );
nm = (void*)InitNibbleMemLocal( (unsigned long)init_mem, (unsigned long)inc_mem );
if ( !nm ) return NULL;
else return (void*)nm;
}
@ -673,6 +730,71 @@ comp_nibble_memory_free ( void* nm ) {
ShutdownNibbleMemLocal( nm );
}
void*
comp_get_component_description ( int id ) {
if ( asntype_to_compdesc_mapping_tbl[id].atcd_typeId == id )
return &asntype_to_compdesc_mapping_tbl[id].atcd_cd;
else
return NULL;
}
int
comp_component_encoder ( void* mem_op, ComponentSyntaxInfo* csi , struct berval* nval ) {
int size, rc;
GenBuf* b;
ExpBuf* buf;
struct berval bv;
buf = ExpBufAllocBufAndData();
ExpBufResetInWriteRvsMode(buf);
ExpBuftoGenBuf( buf, &b );
if ( !csi->csi_comp_desc->cd_gser_encoder && !csi->csi_comp_desc->cd_ldap_encoder )
return (-1);
/*
* if an LDAP specific encoder is provided :
* dn and rdn have their LDAP specific encoder
*/
if ( csi->csi_comp_desc->cd_ldap_encoder ) {
rc = csi->csi_comp_desc->cd_ldap_encoder( csi, &bv );
if ( rc != LDAP_SUCCESS )
return rc;
if ( mem_op )
nval->bv_val = CompAlloc( mem_op, bv.bv_len );
else
nval->bv_val = malloc( size );
memcpy( nval->bv_val, bv.bv_val, bv.bv_len );
nval->bv_len = bv.bv_len;
/*
* This free will be eliminated by making ldap_encoder
* use nibble memory in it
*/
free ( bv.bv_val );
return LDAP_SUCCESS;
}
rc = csi->csi_comp_desc->cd_gser_encoder( b, csi );
if ( rc < 0 ) {
BufFreeBuf( buf );
return rc;
}
size = ExpBufDataSize( buf );
if ( size > 0 ) {
if ( mem_op )
nval->bv_val = CompAlloc ( mem_op, size );
else
nval->bv_val = malloc( size );
nval->bv_len = size;
BufResetInReadMode(b);
BufCopy( nval->bv_val, b, size );
}
ExpBufFreeBuf( buf );
return LDAP_SUCCESS;
}
#if SLAPD_COMP_MATCH == SLAPD_MOD_DYNAMIC
#include "certificate.h"
@ -685,6 +807,8 @@ extern test_component_func* test_components;
extern alloc_nibble_func* nibble_mem_allocator;
extern free_nibble_func* nibble_mem_free;
extern test_membership_func* is_aliased_attribute;
extern get_component_info_func* get_component_description;
extern component_encoder_func* component_encoder;
int init_module(int argc, char *argv[]) {
@ -695,9 +819,11 @@ int init_module(int argc, char *argv[]) {
assert_converter = comp_convert_assert_to_comp;
component_destructor = comp_free_component;
test_components = comp_test_components;
nibble_mem_allocator = comp_nibble_memory_allocator;
nibble_mem_allocator = (free_nibble_func*)comp_nibble_memory_allocator;
nibble_mem_free = comp_nibble_memory_free;
is_aliased_attribute = (test_membership_func*)comp_is_aliased_attribute;
get_component_description = (get_component_info_func*)comp_get_component_description;
component_encoder = (component_encoder_func*)comp_component_encoder;
/* file path needs to be */
load_derived_matching_rule ("derived_mr.cfg");
@ -706,6 +832,7 @@ int init_module(int argc, char *argv[]) {
init_module_AuthenticationFramework();
init_module_AuthorityKeyIdentifierDefinition();
init_attribute_aliasing_table ();
init_component_description_table ();
return 0;
}

4
servers/slapd/attr.c
View file

@ -57,8 +57,8 @@ comp_tree_free( Attribute *a )
for( ; a != NULL ; a = next ) {
next = a->a_next;
if ( component_destructor && a->a_comp_data &&
a->a_comp_data->cd_mem_op ) {
if ( component_destructor && a->a_comp_data ) {
if ( a->a_comp_data->cd_mem_op )
component_destructor( a->a_comp_data->cd_mem_op );
free ( a->a_comp_data );
}

68
servers/slapd/back-bdb/attr.c
View file

@ -28,6 +28,9 @@
typedef struct bdb_attrinfo {
AttributeDescription *ai_desc; /* attribute description cn;lang-en */
slap_mask_t ai_indexmask; /* how the attr is indexed */
#ifdef LDAP_COMP_MATCH
ComponentReference* ai_cr; /*component indexing*/
#endif
} AttrInfo;
static int
@ -51,6 +54,18 @@ ainfo_cmp(
return SLAP_PTRCMP(a->ai_desc, b->ai_desc);
}
#ifdef LDAP_COMP_MATCH
void
bdb_attr_comp_ref( struct bdb_info *bdb, AttributeDescription *desc, ComponentReference** cr )
{
AttrInfo *a;
a = (AttrInfo *) avl_find( bdb->bi_attrs, desc, ainfo_type_cmp );
*cr = a != NULL ? a->ai_cr : 0 ;
}
#endif
void
bdb_attr_mask(
struct bdb_info *bdb,
@ -130,14 +145,39 @@ bdb_attr_index_config(
AttrInfo *a;
AttributeDescription *ad;
const char *text;
#ifdef LDAP_COMP_MATCH
ComponentReference* cr = NULL;
AttrInfo *a_cr = NULL;
#endif
if( strcasecmp( attrs[i], "default" ) == 0 ) {
bdb->bi_defaultmask = mask;
bdb->bi_defaultmask |= mask;
continue;
}
#ifdef LDAP_COMP_MATCH
if ( is_component_reference( attrs[i] ) ) {
rc = extract_component_reference( attrs[i], &cr );
if ( rc != LDAP_SUCCESS ) {
fprintf( stderr, "%s: line %d: "
"index component reference\"%s\" undefined\n",
fname, lineno, attrs[i] );
return rc;
}
cr->cr_indexmask = mask;
/*
* After extracting a component reference
* only the name of a attribute will be remaining
*/
} else {
cr = NULL;
}
#endif
a = (AttrInfo *) ch_malloc( sizeof(AttrInfo) );
#ifdef LDAP_COMP_MATCH
a->ai_cr = NULL;
#endif
ad = NULL;
rc = slap_str2ad( attrs[i], &ad, &text );
@ -191,10 +231,32 @@ bdb_attr_index_config(
Debug( LDAP_DEBUG_CONFIG, "index %s 0x%04lx\n",
ad->ad_cname.bv_val, mask, 0 );
a->ai_desc = ad;
a->ai_indexmask = mask;
#ifdef LDAP_COMP_MATCH
if ( cr ) {
a_cr = avl_find( bdb->bi_attrs, ad, ainfo_type_cmp );
if ( a_cr ) {
/*
* AttrInfo is already in AVL
* just add the extracted component reference
* in the AttrInfo
*/
rc = insert_component_reference( cr, &a_cr->ai_cr );
if ( rc != LDAP_SUCCESS) {
fprintf( stderr, " error during inserting component reference in %s ", attrs[i]);
return LDAP_PARAM_ERROR;
}
continue;
} else {
rc = insert_component_reference( cr, &a->ai_cr );
if ( rc != LDAP_SUCCESS) {
fprintf( stderr, " error during inserting component reference in %s ", attrs[i]);
return LDAP_PARAM_ERROR;
}
}
}
#endif
rc = avl_insert( &bdb->bi_attrs, (caddr_t) a,
ainfo_cmp, avl_dup_error );

253
servers/slapd/back-bdb/filterindex.c
View file

@ -57,6 +57,16 @@ static int list_candidates(
ID *tmp,
ID *stack );
#ifdef LDAP_COMP_MATCH
int
ext_candidates(
Operation *op,
MatchingRuleAssertion *mra,
ID *ids,
ID *tmp,
ID *stack);
#endif
int
bdb_filter_candidates(
Operation *op,
@ -147,7 +157,12 @@ bdb_filter_candidates(
rc = list_candidates( op,
f->f_or, LDAP_FILTER_OR, ids, tmp, stack );
break;
#ifdef LDAP_COMP_MATCH
case LDAP_FILTER_EXT:
Debug( LDAP_DEBUG_FILTER, "\tEXT\n", 0, 0, 0 );
rc = ext_candidates( op, f->f_mra, ids, tmp, stack );
break;
#endif
default:
Debug( LDAP_DEBUG_FILTER, "\tUNKNOWN %lu\n",
(unsigned long) f->f_choice, 0, 0 );
@ -166,6 +181,242 @@ bdb_filter_candidates(
return rc;
}
#ifdef LDAP_COMP_MATCH
static int
comp_list_candidates(
Operation *op,
MatchingRuleAssertion* mra,
ComponentFilter *flist,
int ftype,
ID *ids,
ID *tmp,
ID *save )
{
struct bdb_info *bdb = (struct bdb_info *) op->o_bd->be_private;
int rc = 0;
ComponentFilter *f;
Debug( LDAP_DEBUG_FILTER, "=> comp_list_candidates 0x%x\n", ftype, 0, 0 );
for ( f = flist; f != NULL; f = f->cf_next ) {
/* ignore precomputed scopes */
if ( f->cf_choice == SLAPD_FILTER_COMPUTED &&
f->cf_result == LDAP_SUCCESS ) {
continue;
}
BDB_IDL_ZERO( save );
rc = comp_candidates( op, mra, f, save, tmp, save+BDB_IDL_UM_SIZE );
if ( rc != 0 ) {
if ( ftype == LDAP_COMP_FILTER_AND ) {
rc = 0;
continue;
}
break;
}
if ( ftype == LDAP_COMP_FILTER_AND ) {
if ( f == flist ) {
BDB_IDL_CPY( ids, save );
} else {
bdb_idl_intersection( ids, save );
}
if( BDB_IDL_IS_ZERO( ids ) )
break;
} else {
if ( f == flist ) {
BDB_IDL_CPY( ids, save );
} else {
bdb_idl_union( ids, save );
}
}
}
if( rc == LDAP_SUCCESS ) {
Debug( LDAP_DEBUG_FILTER,
"<= comp_list_candidates: id=%ld first=%ld last=%ld\n",
(long) ids[0],
(long) BDB_IDL_FIRST(ids),
(long) BDB_IDL_LAST(ids) );
} else {
Debug( LDAP_DEBUG_FILTER,
"<= comp_list_candidates: undefined rc=%d\n",
rc, 0, 0 );
}
return rc;
}
int
comp_equality_candidates (
Operation *op,
MatchingRuleAssertion *mra,
ComponentAssertion *ca,
ID *ids,
ID *tmp,
ID *stack)
{
struct bdb_info *bdb = (struct bdb_info *) op->o_bd->be_private;
DB *db;
int i;
int rc;
slap_mask_t mask;
struct berval prefix = {0, NULL};
struct berval *keys = NULL;
MatchingRule *mr = mra->ma_rule;
Syntax *sat_syntax;
ComponentReference* cr_list, *cr;
BDB_IDL_ALL( bdb, ids );
bdb_attr_comp_ref ( op->o_bd->be_private, mra->ma_desc, &cr_list );
if( !cr_list || !ca->ca_comp_ref )
return 0;
/* find a component reference to be indexed */
sat_syntax = ca->ca_ma_rule->smr_syntax;
for ( cr = cr_list ; cr ; cr = cr->cr_next ) {
if ( cr->cr_string.bv_len == ca->ca_comp_ref->cr_string.bv_len &&
strncmp( cr->cr_string.bv_val, ca->ca_comp_ref->cr_string.bv_val,cr->cr_string.bv_len ) == 0 )
break;
}
if ( !cr )
return 0;
rc = bdb_index_param( op->o_bd, mra->ma_desc, LDAP_FILTER_EQUALITY,
&db, &mask, &prefix );
if( rc != LDAP_SUCCESS ) {
return 0;
}
if ( db == NULL ) {
return 0;
}
if( !mr ) {
return 0;
}
if( !mr->smr_filter ) {
return 0;
}
rc = (ca->ca_ma_rule->smr_filter)(
LDAP_FILTER_EQUALITY,
cr->cr_indexmask,
sat_syntax,
ca->ca_ma_rule,
&prefix,
&ca->ca_ma_value,
&keys, op->o_tmpmemctx );
if( rc != LDAP_SUCCESS ) {
return 0;
}
if( keys == NULL ) {
return 0;
}
for ( i= 0; keys[i].bv_val != NULL; i++ ) {
rc = bdb_key_read( op->o_bd, db, NULL, &keys[i], tmp, NULL, 0 );
if( rc == DB_NOTFOUND ) {
BDB_IDL_ZERO( ids );
rc = 0;
break;
} else if( rc != LDAP_SUCCESS ) {
break;
}
if( BDB_IDL_IS_ZERO( tmp ) ) {
BDB_IDL_ZERO( ids );
break;
}
if ( i == 0 ) {
BDB_IDL_CPY( ids, tmp );
} else {
bdb_idl_intersection( ids, tmp );
}
if( BDB_IDL_IS_ZERO( ids ) )
break;
}
ber_bvarray_free_x( keys, op->o_tmpmemctx );
Debug( LDAP_DEBUG_TRACE,
"<= comp_equality_candidates: id=%ld, first=%ld, last=%ld\n",
(long) ids[0],
(long) BDB_IDL_FIRST(ids),
(long) BDB_IDL_LAST(ids) );
return( rc );
}
int
comp_candidates (
Operation *op,
MatchingRuleAssertion *mra,
ComponentFilter *f,
ID *ids,
ID *tmp,
ID *stack)
{
int rc;
if ( !f ) return LDAP_PROTOCOL_ERROR;
Debug( LDAP_DEBUG_FILTER, "comp_candidates\n", 0, 0, 0 );
switch ( f->cf_choice ) {
case SLAPD_FILTER_COMPUTED:
rc = f->cf_result;
break;
case LDAP_COMP_FILTER_AND:
rc = comp_list_candidates( op, mra, f->cf_and, LDAP_COMP_FILTER_AND, ids, tmp, stack );
break;
case LDAP_COMP_FILTER_OR:
rc = comp_list_candidates( op, mra, f->cf_or, LDAP_COMP_FILTER_OR, ids, tmp, stack );
break;
case LDAP_COMP_FILTER_NOT:
/* No component indexing supported for NOT filter */
Debug( LDAP_DEBUG_FILTER, "\tComponent NOT\n", 0, 0, 0 );
{
struct bdb_info *bdb = (struct bdb_info *) op->o_bd->be_private;
BDB_IDL_ALL( bdb, ids );
}
rc = LDAP_PROTOCOL_ERROR;
break;
case LDAP_COMP_FILTER_ITEM:
rc = comp_equality_candidates( op, mra, f->cf_ca, ids, tmp, stack );
break;
default:
{
struct bdb_info *bdb = (struct bdb_info *) op->o_bd->be_private;
BDB_IDL_ALL( bdb, ids );
}
rc = LDAP_PROTOCOL_ERROR;
}
return( rc );
}
int
ext_candidates(
Operation *op,
MatchingRuleAssertion *mra,
ID *ids,
ID *tmp,
ID *stack)
{
/*
* Currently Only Component Indexing for componentFilterMatch is supported
* Indexing for an extensible filter is not supported yet
*/
if ( !mra->ma_cf )
return 0;
return comp_candidates ( op, mra, mra->ma_cf, ids, tmp, stack);
}
#endif
static int
list_candidates(
Operation *op,

78
servers/slapd/back-bdb/index.c
View file

@ -269,6 +269,10 @@ static int index_at_values(
{
int rc;
slap_mask_t mask = 0;
#ifdef LDAP_COMP_MATCH
ComponentReference* cr_list, *cr;
AttributeDescription *comp_ad;
#endif
if( type->sat_sup ) {
/* recurse */
@ -279,6 +283,17 @@ static int index_at_values(
if( rc ) return rc;
}
#ifdef LDAP_COMP_MATCH
/* component indexing */
bdb_attr_comp_ref ( op->o_bd->be_private, type->sat_ad, &cr_list );
if ( cr_list ) {
for( cr = cr_list ; cr ; cr = cr->cr_next ) {
rc = indexer( op, txn, cr->cr_ad, &type->sat_cname,
cr->cr_nvals, id, opid,
cr->cr_indexmask );
}
}
#endif
/* If this type has no AD, we've never used it before */
if( type->sat_ad ) {
bdb_attr_mask( op->o_bd->be_private, type->sat_ad, &mask );
@ -343,6 +358,17 @@ bdb_index_entry(
{
int rc;
Attribute *ap = e->e_attrs;
#ifdef LDAP_COMP_MATCH
ComponentReference *cr_list = NULL;
ComponentReference *cr = NULL, *dupped_cr = NULL;
void* decoded_comp, *extracted_comp;
ComponentSyntaxInfo* csi_attr;
Syntax* syn;
AttributeType* at;
int i, num_attr;
void* mem_op;
struct berval value = {0};
#endif
Debug( LDAP_DEBUG_TRACE, "=> index_entry_%s( %ld, \"%s\" )\n",
opid == SLAP_INDEX_ADD_OP ? "add" : "del",
@ -350,6 +376,58 @@ bdb_index_entry(
/* add each attribute to the indexes */
for ( ; ap != NULL; ap = ap->a_next ) {
#ifdef LDAP_COMP_MATCH
/* see if attribute has components to be indexed */
bdb_attr_comp_ref( op->o_bd->be_private, ap->a_desc->ad_type->sat_ad, &cr_list );
if ( attr_converter && cr_list ) {
syn = ap->a_desc->ad_type->sat_syntax;
ap->a_comp_data = op->o_tmpalloc( sizeof( ComponentData ), op->o_tmpmemctx );
/* Memory chunk(nibble) pre-allocation for decoders */
mem_op = nibble_mem_allocator ( 1024*16, 1024*4 );
ap->a_comp_data->cd_mem_op = mem_op;
for( cr = cr_list ; cr ; cr = cr->cr_next ) {
/* count how many values in an attribute */
for( num_attr=0; ap->a_vals[num_attr].bv_val != NULL; num_attr++ );
num_attr++;
cr->cr_nvals = (BerVarray)op->o_tmpalloc( sizeof( struct berval )*num_attr, op->o_tmpmemctx );
for( i=0; ap->a_vals[i].bv_val != NULL; i++ ) {
/* decoding attribute value */
decoded_comp = attr_converter ( ap, syn, &ap->a_vals[i] );
if ( !decoded_comp )
return LDAP_DECODING_ERROR;
/* extracting the referenced component */
dupped_cr = dup_comp_ref( op, cr );
csi_attr = ((ComponentSyntaxInfo*)decoded_comp)->csi_comp_desc->cd_extract_i( mem_op, dupped_cr, decoded_comp );
if ( !csi_attr )
return LDAP_DECODING_ERROR;
cr->cr_asn_type_id = csi_attr->csi_comp_desc->cd_type_id;
cr->cr_ad = (AttributeDescription*)get_component_description ( cr->cr_asn_type_id );
if ( !cr->cr_ad )
return LDAP_INVALID_SYNTAX;
at = cr->cr_ad->ad_type;
/* encoding the value of component in GSER */
rc = component_encoder( mem_op, csi_attr, &value );
if ( rc != LDAP_SUCCESS )
return LDAP_ENCODING_ERROR;
/* Normalize the encoded component values */
if ( at->sat_equality && at->sat_equality->smr_normalize ) {
rc = at->sat_equality->smr_normalize (
SLAP_MR_VALUE_OF_ATTRIBUTE_SYNTAX,
at->sat_syntax, at->sat_equality,
&value, &cr->cr_nvals[i], op->o_tmpmemctx );
} else {
cr->cr_nvals[i] = value;
}
}
/* The end of BerVarray */
cr->cr_nvals[num_attr-1].bv_val = NULL;
cr->cr_nvals[num_attr-1].bv_len = 0;
}
op->o_tmpfree( ap->a_comp_data, op->o_tmpmemctx );
nibble_mem_free ( mem_op );
ap->a_comp_data = NULL;
}
#endif
rc = bdb_index_values( op, txn, ap->a_desc,
ap->a_nvals, e->e_id, opid );

101
servers/slapd/component.c
View file

@ -34,12 +34,13 @@
*/
alloc_nibble_func* nibble_mem_allocator = NULL;
free_nibble_func* nibble_mem_free = NULL;
convert_attr_to_comp_func* attr_converter = NULL ;
convert_attr_to_comp_func* attr_converter = NULL;
convert_assert_to_comp_func* assert_converter = NULL ;
free_component_func* component_destructor = NULL ;
test_component_func* test_components = NULL;
test_membership_func* is_aliased_attribute = NULL;
component_encoder_func* component_encoder = NULL;
get_component_info_func* get_component_description = NULL;
#define OID_ALL_COMP_MATCH "1.2.36.79672281.1.13.6"
#define OID_COMP_FILTER_MATCH "1.2.36.79672281.1.13.2"
#define MAX_LDAP_STR_LEN 128
@ -159,7 +160,7 @@ slapd_ber2cav( struct berval* bv, ComponentAssertionValue* cav )
return LDAP_SUCCESS;
}
static ComponentReference*
ComponentReference*
dup_comp_ref ( Operation* op, ComponentReference* cr )
{
int rc, count = 0;
@ -511,6 +512,8 @@ comp_next_id( ComponentAssertionValue* cav )
else return LDAP_COMPREF_UNDEFINED;
}
static int
get_component_reference( Operation *op, ComponentAssertionValue* cav,
ComponentReference** cr, const char** text )
@ -519,12 +522,13 @@ get_component_reference( Operation *op, ComponentAssertionValue* cav,
ber_int_t type;
ComponentReference* ca_comp_ref;
ComponentId** cr_list;
char* start, *end;
eat_whsp( cav );
start = cav->cav_ptr;
if ( ( rc = strip_cav_str( cav,"\"") ) != LDAP_SUCCESS )
return rc;
if ( op )
ca_comp_ref = op->o_tmpalloc( sizeof( ComponentReference ), op->o_tmpmemctx );
else
@ -545,7 +549,7 @@ get_component_reference( Operation *op, ComponentAssertionValue* cav,
return rc;
}
ca_comp_ref->cr_len = count;
end = cav->cav_ptr;
if ( ( rc = strip_cav_str( cav,"\"") ) != LDAP_SUCCESS ) {
if ( op )
op->o_tmpfree( ca_comp_ref , op->o_tmpmemctx );
@ -563,9 +567,80 @@ get_component_reference( Operation *op, ComponentAssertionValue* cav,
else
free( ca_comp_ref ) ;
(*cr)->cr_string.bv_val = start;
(*cr)->cr_string.bv_len = end - start + 1;
return rc;
}
int
insert_component_reference( ComponentReference *cr, ComponentReference** cr_list) {
if ( !cr )
return LDAP_PARAM_ERROR;
if ( !(*cr_list) ) {
*cr_list = cr;
cr->cr_next = NULL;
} else {
cr->cr_next = *cr_list;
*cr_list = cr;
}
return LDAP_SUCCESS;
}
/*
* If there is '.' in the name of a given attribute
* the first '.'- following characters are considered
* as a component reference of the attribute
* EX) userCertificate.toBeSigned.serialNumber
* attribute : userCertificate
* component reference : toBeSigned.serialNumber
*/
int
is_component_reference( char* attr ) {
int i;
for ( i=0; attr[i] != '\0' ; i++ ) {
if ( attr[i] == '.' )
return (1);
}
return (0);
}
int
extract_component_reference( char* attr, ComponentReference** cr ) {
int i, rc;
char* cr_ptr;
int cr_len;
ComponentAssertionValue cav;
char text[1][128];
for ( i=0; attr[i] != '\0' ; i++ ) {
if ( attr[i] == '.' ) break;
}
if (attr[i] != '.' )
return LDAP_PARAM_ERROR;
else
attr[i] = '\0';
cr_ptr = attr + i + 1 ;
cr_len = strlen ( cr_ptr );
if ( cr_len <= 0 )
return LDAP_PARAM_ERROR;
/* enclosed between double quotes*/
cav.cav_ptr = cav.cav_buf = ch_malloc (cr_len+2);
memcpy( cav.cav_buf+1, cr_ptr, cr_len );
cav.cav_buf[0] = '"';
cav.cav_buf[cr_len+1] = '"';
cav.cav_end = cr_ptr + cr_len + 2;
rc = get_component_reference ( NULL, &cav, cr, (const char**)text );
if ( rc != LDAP_SUCCESS )
return rc;
(*cr)->cr_string.bv_val = cav.cav_buf;
(*cr)->cr_string.bv_len = cr_len + 2;
return LDAP_SUCCESS;
}
static int
get_ca_use_default( Operation *op, ComponentAssertionValue* cav,
int* ca_use_def, const char** text )
@ -701,7 +776,7 @@ get_GSER_value( ComponentAssertionValue* cav, struct berval* bv )
succeed = 1;
/*Find following white space where the value is ended*/
for( count = 1 ; ; count++ ) {
if ( cav->cav_ptr[count] == '\0' || cav->cav_ptr[count] == ' ' || (cav->cav_ptr+count) > cav->cav_end ) {
if ( cav->cav_ptr[count] == '\0' || cav->cav_ptr[count] == ' ' || cav->cav_ptr[count] == '}' || cav->cav_ptr[count] == '{' || (cav->cav_ptr+count) > cav->cav_end ) {
break;
}
}
@ -826,10 +901,11 @@ get_item( Operation *op, ComponentAssertionValue* cav, ComponentAssertion** ca,
free( _ca );
return LDAP_INVALID_SYNTAX;
}
}
if ( ( rc = strip_cav_str( cav,",") ) != LDAP_SUCCESS )
return rc;
} else {
_ca->ca_comp_ref = NULL;
}
rc = peek_cav_str( cav, "useDefaultValues");
if ( rc == LDAP_SUCCESS ) {
@ -1131,7 +1207,7 @@ test_comp_filter_item(
if ( !a->a_comp_data && attr_converter && nibble_mem_allocator ) {
a->a_comp_data = malloc( sizeof( ComponentData ) );
/* Memory chunk pre-allocation for decoders */
a->a_comp_data->cd_mem_op = (void*) nibble_mem_allocator ( 1024, 128 );
a->a_comp_data->cd_mem_op = nibble_mem_allocator ( 1024, 128 );
a->a_comp_data->cd_tree = attr_converter (a, syn, bv);
}
@ -1160,6 +1236,7 @@ test_comp_filter_item(
}
/* component reference initialization */
if ( ca->ca_comp_ref )
ca->ca_comp_ref->cr_curr = ca->ca_comp_ref->cr_list;
rc = test_components( attr_nm, assert_nm, (ComponentSyntaxInfo*)a->a_comp_data->cd_tree, ca );
@ -1216,7 +1293,7 @@ static void
free_comp_filter_list( ComponentFilter* f )
{
ComponentFilter* tmp;
for ( tmp = f ; tmp; tmp = tmp->cf_next );
for ( tmp = f; tmp; tmp = tmp->cf_next )
{
free_comp_filter( tmp );
}
@ -1225,6 +1302,10 @@ free_comp_filter_list( ComponentFilter* f )
static void
free_comp_filter( ComponentFilter* f )
{
if ( !f ) {
Debug( LDAP_DEBUG_FILTER, "free_comp_filter:Invalid filter so failed to release memory\n", 0, 0, 0 );
return;
}
switch ( f->cf_choice ) {
case LDAP_COMP_FILTER_AND:
case LDAP_COMP_FILTER_OR:

9
servers/slapd/proto-slap.h
View file

@ -380,6 +380,15 @@ LDAP_SLAPD_V (test_membership_func*) is_aliased_attribute;
LDAP_SLAPD_V (free_component_func*) component_destructor;
LDAP_SLAPD_V (get_component_info_func*) get_component_description;
LDAP_SLAPD_V (component_encoder_func*) component_encoder;
LDAP_SLAPD_V (convert_attr_to_comp_func*) attr_converter;
LDAP_SLAPD_V (alloc_nibble_func*) nibble_mem_allocator;
LDAP_SLAPD_V (free_nibble_func*) nibble_mem_free;
#endif
/*

30
servers/slapd/slap.h
View file

@ -2700,6 +2700,12 @@ typedef struct slap_component_reference {
ComponentId *cr_curr;
struct berval cr_string;
int cr_len;
/* Component Indexing */
int cr_asn_type_id;
slap_mask_t cr_indexmask;
AttributeDescription* cr_ad;
BerVarray cr_nvals;
struct slap_component_reference* cr_next;
} ComponentReference;
typedef struct slap_component_assertion {
@ -2736,11 +2742,9 @@ typedef struct slap_component_assertion_value {
char* cav_end;
} ComponentAssertionValue;
#if 0
typedef int encoder_func LDAP_P((
void* b,
void* comp));
#endif
struct slap_component_syntax_info;
@ -2788,7 +2792,8 @@ typedef void free_nibble_func LDAP_P ((
void* nm ));
struct slap_component_syntax_info;
typedef void* convert_assert_to_comp_func LDAP_P ((
typedef void convert_assert_to_comp_func LDAP_P ((
void *mem_op,
struct slap_component_syntax_info* csi_attr,
struct berval* bv,
struct slap_component_syntax_info** csi,
@ -2811,16 +2816,33 @@ typedef int test_component_func LDAP_P ((
typedef void* test_membership_func LDAP_P ((
void* in ));
typedef void* get_component_info_func LDAP_P ((
int in ));
struct slap_component_syntax_info;
typedef int component_encoder_func LDAP_P ((
void* mem_op,
struct slap_component_syntax_info* csi,
struct berval* nvals ));
typedef int allcomponent_matching_func LDAP_P((
char* oid,
struct slap_component_syntax_info* comp1,
struct slap_component_syntax_info* comp));
typedef struct slap_component_desc{
typedef struct slap_component_desc {
/* Don't change the order of following four fields */
int cd_tag;
AttributeType *cd_comp_type;
struct berval cd_padding[2];/* ad_type, ad_cname */
unsigned cd_flags; /*ad_flags*/
int cd_type;
int cd_type_id;
int cd_compref_type;
encoder_func *cd_ldap_encoder;
encoder_func *cd_gser_encoder;
encoder_func *cd_ber_encoder;
gser_decoder_func *cd_gser_decoder;
ber_decoder_func *cd_ber_decoder;
comp_free_func *cd_free;

26
tests/scripts/test031-component-filter
View file

@ -82,7 +82,7 @@ cat /dev/null > $SEARCHOUT
echo "Testing Component Filter Match RFC3687 Certificate searching:"
echo "# Testing Component Filter Match RFC3687 Certificate searching:" >> $SEARCHOUT
FILTER="(userCertificate:componentFilterMatch:=item:{ component \"tbsCertificate.serialNumber\", rule allComponentsMatch, value 0 })"
FILTER="(userCertificate:componentFilterMatch:=item:{ component \"toBeSigned.serialNumber\", rule allComponentsMatch, value 0 })"
echo " f=$FILTER ..."
echo "# f=$FILTER ..." >> $SEARCHOUT
$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
@ -95,7 +95,7 @@ if test $RC != 0 ; then
exit $RC
fi
FILTER="(userCertificate:componentFilterMatch:=item:{ component \"tbsCertificate.version\", rule allComponentsMatch, value 2 })"
FILTER="(userCertificate:componentFilterMatch:=item:{ component \"toBeSigned.version\", rule allComponentsMatch, value 2 })"
echo " f=$FILTER ..."
echo "# f=$FILTER ..." >> $SEARCHOUT
$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
@ -108,7 +108,7 @@ if test $RC != 0 ; then
exit $RC
fi
FILTER="(userCertificate:componentFilterMatch:=item:{ component \"tbsCertificate.issuer.rdnSequence.1.1.value\", rule caseExactMatch, value \"US\" })"
FILTER="(userCertificate:componentFilterMatch:=item:{ component \"toBeSigned.issuer.rdnSequence.1.1.value\", rule caseExactMatch, value \"US\" })"
echo " f=$FILTER ..."
echo "# f=$FILTER ..." >> $SEARCHOUT
$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
@ -121,7 +121,7 @@ if test $RC != 0 ; then
exit $RC
fi
FILTER="(userCertificate:componentFilterMatch:=item:{ component \"tbsCertificate.issuer.rdnSequence.1.1.value\", rule allComponentsMatch, value \"US\" })"
FILTER="(userCertificate:componentFilterMatch:=item:{ component \"toBeSigned.issuer.rdnSequence.1.1.value\", rule allComponentsMatch, value \"US\" })"
echo " f=$FILTER ..."
echo "# f=$FILTER ..." >> $SEARCHOUT
$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
@ -134,7 +134,7 @@ if test $RC != 0 ; then
exit $RC
fi
FILTER="(userCertificate:componentFilterMatch:=item:{ component \"tbsCertificate.issuer.rdnSequence\", rule allComponentsMatch, value { { { type 2.5.4.6 , value \"US\" } } } })"
FILTER="(userCertificate:componentFilterMatch:=item:{ component \"toBeSigned.issuer.rdnSequence\", rule allComponentsMatch, value { { { type 2.5.4.6 , value \"US\" } } } })"
echo " f=$FILTER ..."
echo "# f=$FILTER ..." >> $SEARCHOUT
$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
@ -147,7 +147,7 @@ if test $RC != 0 ; then
exit $RC
fi
FILTER="(userCertificate:componentFilterMatch:=item:{ component \"tbsCertificate.extensions.0\", rule integerMatch, value 3 })"
FILTER="(userCertificate:componentFilterMatch:=item:{ component \"toBeSigned.extensions.0\", rule integerMatch, value 3 })"
echo " f=$FILTER ..."
echo "# f=$FILTER ..." >> $SEARCHOUT
$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
@ -160,7 +160,7 @@ if test $RC != 0 ; then
exit $RC
fi
FILTER="(userCertificate:componentFilterMatch:=item:{component \"tbsCertificate.extensions.\2a.extnID\",rule allComponentsMatch, value 2.5.29.14 })"
FILTER="(userCertificate:componentFilterMatch:=item:{component \"toBeSigned.extensions.\2a.extnID\",rule allComponentsMatch, value 2.5.29.14 })"
echo " f=$FILTER ..."
echo "# f=$FILTER ..." >> $SEARCHOUT
$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
@ -173,7 +173,7 @@ if test $RC != 0 ; then
exit $RC
fi
FILTER="(userCertificate:componentFilterMatch:=not:item:{component \"tbsCertificate.extensions.\2a\",rule allComponentsMatch, value { extnID 2.5.29.19 , extnValue '30030101FF'H })"
FILTER="(userCertificate:componentFilterMatch:=not:item:{component \"toBeSigned.extensions.\2a\",rule allComponentsMatch, value { extnID 2.5.29.19 , extnValue '30030101FF'H })"
echo " f=$FILTER ..."
echo "# f=$FILTER ..." >> $SEARCHOUT
$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
@ -186,7 +186,7 @@ if test $RC != 0 ; then
exit $RC
fi
FILTER="(userCertificate:componentFilterMatch:=item:{ component \"tbsCertificate.issuer.rdnSequence\", rule distinguishedNameMatch, value \"c=US\" })"
FILTER="(userCertificate:componentFilterMatch:=item:{ component \"toBeSigned.issuer.rdnSequence\", rule distinguishedNameMatch, value \"c=US\" })"
echo " f=$FILTER ..."
echo "# f=$FILTER ..." >> $SEARCHOUT
$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
@ -199,7 +199,7 @@ if test $RC != 0 ; then
exit $RC
fi
FILTER="(userCertificate:componentFilterMatch:=item:{ component \"tbsCertificate.issuer.rdnSequence.1\", rule rdnMatch, value \"c=US\" })"
FILTER="(userCertificate:componentFilterMatch:=item:{ component \"toBeSigned.issuer.rdnSequence.1\", rule rdnMatch, value \"c=US\" })"
echo " f=$FILTER ..."
echo "# f=$FILTER ..." >> $SEARCHOUT
$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
@ -212,7 +212,7 @@ if test $RC != 0 ; then
exit $RC
fi
FILTER="(userCertificate:componentFilterMatch:=item:{ component \"tbsCertificate.extensions.\2a.extnValue.content.\282.5.29.35\29.authorityCertSerialNumber\", rule integerMatch, value 0 })"
FILTER="(userCertificate:componentFilterMatch:=item:{ component \"toBeSigned.extensions.\2a.extnValue.content.\282.5.29.35\29.authorityCertSerialNumber\", rule integerMatch, value 0 })"
echo " f=$FILTER ..."
echo "# f=$FILTER ..." >> $SEARCHOUT
$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
@ -226,7 +226,7 @@ if test $RC != 0 ; then
fi
FILTER="(userCertificate:componentFilterMatch:=item:{ component \"tbsCertificate.subject.rdnSequence.\2a\", rule rdnMatch, value \"c=US\" })"
FILTER="(userCertificate:componentFilterMatch:=item:{ component \"toBeSigned.subject.rdnSequence.\2a\", rule rdnMatch, value \"c=US\" })"
echo " f=$FILTER ..."
echo "# f=$FILTER ..." >> $SEARCHOUT
$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
@ -239,7 +239,7 @@ if test $RC != 0 ; then
exit $RC
fi
FILTER="(userCertificate:componentFilterMatch:=item:{ component \"tbsCertificate.subject.rdnSequence.\2a.\2a.value.\282.5.4.6\29\", rule caseExactMatch, value \"US\" })"
FILTER="(userCertificate:componentFilterMatch:=item:{ component \"toBeSigned.subject.rdnSequence.\2a.\2a.value.\282.5.4.6\29\", rule caseExactMatch, value \"US\" })"
echo " f=$FILTER ..."
echo "# f=$FILTER ..." >> $SEARCHOUT
$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \