upstream/openldap
1
0
Fork 0
mirror of https://git.openldap.org/openldap/openldap.git synced 2025-12-25 00:59:45 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

1) <select> and <content> type component reference support

Browse source 
2) attribute aliasing support
- x509CertificateIssuer
- x509CertificateSerial
- x509CertificateIssuerAndIssuer
3) AuthorityKeyIdentifier support(one of certificate extension)
4) Misc. improvement
- integrate OID and its decoder mapping table
- normalize and validate the values of both component asserions and
  extracted components
5) Misc. bug fix
This commit is contained in:
Sang Seok Lim 2004-12-13 16:26:58 +00:00
parent c90c9f3689
commit 3492452a5b
23 changed files with 3898 additions and 398 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
contrib/slapd-modules/comp_match/Makefile
View file

@ -17,7 +17,7 @@
topbuilddir = ../../../../build
topsrcdir = ../../..
snaccdir = /home/slim/snacc
snaccdir = /usr/local/snacc
LIBTOOL=$(topbuilddir)/libtool
OPT=-g -O2 -DLDAP_COMPONENT
@ -42,19 +42,22 @@ componentlib.lo: componentlib.c
certificate.lo: certificate.c
$(LIBTOOL) --mode=compile $(CC) $(OPT) $(INCS) -c $?
authorityKeyIdentifier.lo: authorityKeyIdentifier.c
$(LIBTOOL) --mode=compile $(CC) $(OPT) $(INCS) -c $?
asn_to_syn_mr.lo: asn_to_syn_mr.c
$(LIBTOOL) --mode=compile $(CC) $(OPT) $(INCS) -c $?
init.lo: init.c
$(LIBTOOL) --mode=compile $(CC) $(OPT) $(INCS) -c $?
compmatch.la: componentlib.lo init.lo certificate.lo asn_to_syn_mr.lo
compmatch.la: componentlib.lo init.lo certificate.lo asn_to_syn_mr.lo authorityKeyIdentifier.lo
$(LIBTOOL) --mode=link $(CC) $(OPT) $(LIBS) -version-info 0:0:0 \
-rpath /usr/local/libexec/openldap -module -o $@ $? $(LIBS)
clean:
\rm compmatch.la componentlib.lo certificate.lo asn_to_syn_mr.lo\
init.o init.lo componentlib.o certificate.o asn_to_syn_mr.o
\rm compmatch.la componentlib.lo certificate.lo asn_to_syn_mr.lo authorityKeyIdentifier.lo\
init.o init.lo componentlib.o certificate.o asn_to_syn_mr.o authorityKeyIdentifier.o
install:
cp -r .libs $(topsrcdir)/tests/data/comp_libs
cp compmatch.la $(topsrcdir)/tests/data/comp_libs

1
contrib/slapd-modules/comp_match/asn.h
View file

@ -12,7 +12,6 @@
#define _H_ASN_MODULE
typedef enum { BER, GSER } EncRulesType;
typedef enum { ASN_BASIC, ASN_COMPOSITE } AsnType;
typedef enum AsnTypeId {
BASICTYPE_BOOLEAN,

6
contrib/slapd-modules/comp_match/asn_to_syn_mr.c
View file

@ -1,5 +1,6 @@
#include "asn.h"
#include "component.h"
#include "asn.h"
#include "componentlib.h"
AsnTypetoMatchingRuleTable directory_component_matching_table = {
"1.2.36.79672281.1.13.7",
@ -67,7 +68,8 @@ struct asntype_to_syntax asn_to_syntax_mapping_tbl[] = {
{ BASICTYPE_BITCONTAINING, NULL , NULL, NULL },
{ BASICTYPE_RELATIVE_OID, "OID", "1.3.6.1.4.1.1466.115.121.1.38", NULL },
{ BASICTYPE_ANY, NULL, NULL, NULL },
{ RDNSequence, "RDN" , "1.2.36.79672281.1.5.0", NULL },
{ COMPOSITE_ASN1_TYPE, NULL , NULL, NULL },
{ RDNSequence, "Distinguished Name" , "1.3.6.1.4.1.1466.115.121.1.12", NULL },
{ RelativeDistinguishedName, "RDN", "1.2.36.79672281.1.5.0", NULL },
{ TelephoneNumber, "Telephone Number" , "1.3.6.1.4.1.1466.115.121.1.50", NULL },
{ FacsimileTelephoneNumber__telephoneNumber, "Facsimile Telephone Number","1.3.6.1.4.1.1466.115.121.1.22", NULL },

65
contrib/slapd-modules/comp_match/authorityKeyIdentifier.asn Normal file
View file

@ -0,0 +1,65 @@
AuthorityKeyIdentifierDefinition DEFINITIONS ::=
BEGIN
AuthorityKeyIdentifier ::= SEQUENCE {
keyIdentifier [0] IMPLICIT KeyIdentifier OPTIONAL,
authorityCertIssuer [1] IMPLICIT GeneralNames OPTIONAL,
authorityCertSerialNumber [2] IMPLICIT CertificateSerialNumber OPTIONAL }
-- authorityCertIssuer and authorityCertSerialNumber MUST both
-- be present or both be absent
KeyIdentifier ::= OCTET STRING
CertificateSerialNumber ::= INTEGER
GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName
GeneralName ::= CHOICE {
otherName [0] OtherName,
rfc822Name [1] IA5String,
dNSName [2] IA5String,
x400Address [3] ORAddress,
directoryName [4] Name,
ediPartyName [5] EDIPartyName,
uniformResourceIdentifier [6] IA5String,
iPAddress [7] OCTET STRING,
registeredID [8] OBJECT IDENTIFIER }
OtherName ::= SEQUENCE {
type-id OBJECT IDENTIFIER,
value [0] EXPLICIT ANY DEFINED BY type-id }
EDIPartyName ::= SEQUENCE {
nameAssigner [0] DirectoryString OPTIONAL,
partyName [1] DirectoryString }
-- following ORAddress may not conform original def. in ASN.1
ORAddress ::= SEQUENCE {
-- built-in-standard-attributes BuiltInStandardAttributes,
type-id OBJECT IDENTIFIER,
-- built-in-domain-defined-attributes
value ANY DEFINED BY type-id,
-- BuiltInDomainDefinedAttributes OPTIONAL,
-- see also teletex-domain-defined-attributes
--extension-attributes ExtensionAttributes OPTIONAL }
extension OCTET STRING OPTIONAL }
Name ::= CHOICE {
rdnSequence RDNSequence }
RDNSequence ::= SEQUENCE OF RelativeDistinguishedName
RelativeDistinguishedName ::= SET OF AttributeTypeAndValue
AttributeTypeAndValue ::= SEQUENCE {
type OBJECT IDENTIFIER,
value ANY DEFINED BY type}
DirectoryString ::= CHOICE {
teletexString TeletexString (SIZE (1..MAX)),
printableString PrintableString (SIZE (1..MAX)),
universalString UniversalString (SIZE (1..MAX)),
utf8String UTF8String (SIZE (1..MAX)),
bmpString BMPString (SIZE (1..MAX)) }
END

2058
contrib/slapd-modules/comp_match/authorityKeyIdentifier.c Normal file
View file

File diff suppressed because it is too large Load diff

327
contrib/slapd-modules/comp_match/authorityKeyIdentifier.h Normal file
View file

@ -0,0 +1,327 @@
#include "asn-incl.h"
/*
* authorityKeyIdentifier.h
* "AuthorityKeyIdentifierDefinition" ASN.1 module encode/decode/extracting/matching/free C src.
* This file was generated by modified eSMACC compiler Sat Dec 11 10:15:39 2004
* The generated files are strongly encouraged to be
* compiled as a module for OpenLDAP Software
*/
#ifndef _authorityKeyIdentifier_h_
#define _authorityKeyIdentifier_h_
#ifdef __cplusplus
extern "C" {
#endif
#ifdef _WIN32
#pragma warning( disable : 4101 )
#endif
#include "componentlib.h"
typedef ComponentOcts ComponentKeyIdentifier; /* OCTET STRING */
#define MatchingComponentKeyIdentifier MatchingComponentOcts
#define ExtractingComponentKeyIdentifier ExtractingComponentOcts
#define BDecComponentKeyIdentifier BDecComponentOcts
#define GDecComponentKeyIdentifier GDecComponentOcts
typedef ComponentInt ComponentCertificateSerialNumber; /* INTEGER */
#define MatchingComponentCertificateSerialNumber MatchingComponentInt
#define ExtractingComponentCertificateSerialNumber ExtractingComponentInt
#define BDecComponentCertificateSerialNumber BDecComponentInt
#define GDecComponentCertificateSerialNumber GDecComponentInt
typedef struct OtherName /* SEQUENCE */
{
Syntax* syntax;
ComponentDesc* comp_desc;
struct berval identifier;
char id_buf[MAX_IDENTIFIER_LEN];
ComponentOid type_id; /* OBJECT IDENTIFIER */
ComponentAnyDefinedBy value; /* [0] EXPLICIT ANY DEFINED BY type-id */
} ComponentOtherName;
int MatchingComponentOtherName PROTO (( char *oid, ComponentSyntaxInfo *, ComponentSyntaxInfo *v2 ));
void* ExtractingComponentOtherName PROTO (( void* mem_op, ComponentReference *cr, ComponentOtherName *comp ));
int BDecComponentOtherName PROTO ((void* mem_op, GenBuf * b, AsnTag tagId0, AsnLen elmtLen0, ComponentOtherName **v, AsnLen *bytesDecoded, int mode));
int GDecComponentOtherName PROTO (( void* mem_op, GenBuf * b, ComponentOtherName **v, AsnLen *bytesDecoded, int mode));
typedef struct ORAddress /* SEQUENCE */
{
Syntax* syntax;
ComponentDesc* comp_desc;
struct berval identifier;
char id_buf[MAX_IDENTIFIER_LEN];
ComponentOid type_id; /* OBJECT IDENTIFIER */
ComponentAnyDefinedBy value; /* ANY DEFINED BY type-id */
ComponentOcts extension; /* OCTET STRING OPTIONAL */
} ComponentORAddress;
int MatchingComponentORAddress PROTO (( char *oid, ComponentSyntaxInfo *, ComponentSyntaxInfo *v2 ));
void* ExtractingComponentORAddress PROTO (( void* mem_op, ComponentReference *cr, ComponentORAddress *comp ));
int BDecComponentORAddress PROTO ((void* mem_op, GenBuf * b, AsnTag tagId0, AsnLen elmtLen0, ComponentORAddress **v, AsnLen *bytesDecoded, int mode));
int GDecComponentORAddress PROTO (( void* mem_op, GenBuf * b, ComponentORAddress **v, AsnLen *bytesDecoded, int mode));
typedef struct AttributeTypeAndValue /* SEQUENCE */
{
Syntax* syntax;
ComponentDesc* comp_desc;
struct berval identifier;
char id_buf[MAX_IDENTIFIER_LEN];
ComponentOid type; /* OBJECT IDENTIFIER */
ComponentAnyDefinedBy value; /* ANY DEFINED BY type */
} ComponentAttributeTypeAndValue;
int MatchingComponentAttributeTypeAndValue PROTO (( char *oid, ComponentSyntaxInfo *, ComponentSyntaxInfo *v2 ));
void* ExtractingComponentAttributeTypeAndValue PROTO (( void* mem_op, ComponentReference *cr, ComponentAttributeTypeAndValue *comp ));
int BDecComponentAttributeTypeAndValue PROTO ((void* mem_op, GenBuf * b, AsnTag tagId0, AsnLen elmtLen0, ComponentAttributeTypeAndValue **v, AsnLen *bytesDecoded, int mode));
int GDecComponentAttributeTypeAndValue PROTO (( void* mem_op, GenBuf * b, ComponentAttributeTypeAndValue **v, AsnLen *bytesDecoded, int mode));
typedef struct DirectoryString /* CHOICE */
{
Syntax* syntax;
ComponentDesc* comp_desc;
struct berval identifier;
char id_buf[MAX_IDENTIFIER_LEN];
enum DirectoryStringChoiceId
{
DIRECTORYSTRING_TELETEXSTRING,
DIRECTORYSTRING_PRINTABLESTRING,
DIRECTORYSTRING_UNIVERSALSTRING,
DIRECTORYSTRING_UTF8STRING,
DIRECTORYSTRING_BMPSTRING
} choiceId;
union DirectoryStringChoiceUnion
{
ComponentTeletexString* teletexString; /* TeletexString SIZE 1..MAX */
ComponentPrintableString* printableString; /* PrintableString SIZE 1..MAX */
ComponentUniversalString* universalString; /* UniversalString SIZE 1..MAX */
ComponentUTF8String* utf8String; /* UTF8String SIZE 1..MAX */
ComponentBMPString* bmpString; /* BMPString SIZE 1..MAX */
} a;
} ComponentDirectoryString;
int MatchingComponentDirectoryString PROTO (( char *oid, ComponentSyntaxInfo *, ComponentSyntaxInfo *v2 ));
void* ExtractingComponentDirectoryString PROTO (( void* mem_op, ComponentReference *cr, ComponentDirectoryString *comp ));
int BDecComponentDirectoryString PROTO ((void* mem_op, GenBuf * b, AsnTag tagId0, AsnLen elmtLen0, ComponentDirectoryString **v, AsnLen *bytesDecoded, int mode));
int GDecComponentDirectoryString PROTO (( void* mem_op, GenBuf * b, ComponentDirectoryString **v, AsnLen *bytesDecoded, int mode));
typedef struct EDIPartyName /* SEQUENCE */
{
Syntax* syntax;
ComponentDesc* comp_desc;
struct berval identifier;
char id_buf[MAX_IDENTIFIER_LEN];
ComponentDirectoryString* nameAssigner; /* [0] DirectoryString OPTIONAL */
ComponentDirectoryString* partyName; /* [1] DirectoryString */
} ComponentEDIPartyName;
int MatchingComponentEDIPartyName PROTO (( char *oid, ComponentSyntaxInfo *, ComponentSyntaxInfo *v2 ));
void* ExtractingComponentEDIPartyName PROTO (( void* mem_op, ComponentReference *cr, ComponentEDIPartyName *comp ));
int BDecComponentEDIPartyName PROTO ((void* mem_op, GenBuf * b, AsnTag tagId0, AsnLen elmtLen0, ComponentEDIPartyName **v, AsnLen *bytesDecoded, int mode));
int GDecComponentEDIPartyName PROTO (( void* mem_op, GenBuf * b, ComponentEDIPartyName **v, AsnLen *bytesDecoded, int mode));
typedef ComponentList ComponentRelativeDistinguishedName; /* SET OF AttributeTypeAndValue */
int MatchingComponentRelativeDistinguishedName PROTO (( char *oid, ComponentSyntaxInfo *, ComponentSyntaxInfo *v2 ));
void* ExtractingComponentRelativeDistinguishedName PROTO (( void* mem_op, ComponentReference *cr, ComponentRelativeDistinguishedName *comp ));
int BDecComponentRelativeDistinguishedName PROTO ((void* mem_op, GenBuf * b, AsnTag tagId0, AsnLen elmtLen0, ComponentRelativeDistinguishedName **v, AsnLen *bytesDecoded, int mode));
int GDecComponentRelativeDistinguishedName PROTO (( void* mem_op, GenBuf * b, ComponentRelativeDistinguishedName **v, AsnLen *bytesDecoded, int mode));
typedef ComponentList ComponentRDNSequence; /* SEQUENCE OF RelativeDistinguishedName */
int MatchingComponentRDNSequence PROTO (( char *oid, ComponentSyntaxInfo *, ComponentSyntaxInfo *v2 ));
void* ExtractingComponentRDNSequence PROTO (( void* mem_op, ComponentReference *cr, ComponentRDNSequence *comp ));
int BDecComponentRDNSequence PROTO ((void* mem_op, GenBuf * b, AsnTag tagId0, AsnLen elmtLen0, ComponentRDNSequence **v, AsnLen *bytesDecoded, int mode));
int GDecComponentRDNSequence PROTO (( void* mem_op, GenBuf * b, ComponentRDNSequence **v, AsnLen *bytesDecoded, int mode));
typedef struct Name /* CHOICE */
{
Syntax* syntax;
ComponentDesc* comp_desc;
struct berval identifier;
char id_buf[MAX_IDENTIFIER_LEN];
enum NameChoiceId
{
NAME_RDNSEQUENCE
} choiceId;
union NameChoiceUnion
{
ComponentRDNSequence* rdnSequence; /* RDNSequence */
} a;
} ComponentName;
int MatchingComponentName PROTO (( char *oid, ComponentSyntaxInfo *, ComponentSyntaxInfo *v2 ));
void* ExtractingComponentName PROTO (( void* mem_op, ComponentReference *cr, ComponentName *comp ));
int BDecComponentName PROTO ((void* mem_op, GenBuf * b, AsnTag tagId0, AsnLen elmtLen0, ComponentName **v, AsnLen *bytesDecoded, int mode));
int GDecComponentName PROTO (( void* mem_op, GenBuf * b, ComponentName **v, AsnLen *bytesDecoded, int mode));
typedef struct GeneralName /* CHOICE */
{
Syntax* syntax;
ComponentDesc* comp_desc;
struct berval identifier;
char id_buf[MAX_IDENTIFIER_LEN];
enum GeneralNameChoiceId
{
GENERALNAME_OTHERNAME,
GENERALNAME_RFC822NAME,
GENERALNAME_DNSNAME,
GENERALNAME_X400ADDRESS,
GENERALNAME_DIRECTORYNAME,
GENERALNAME_EDIPARTYNAME,
GENERALNAME_UNIFORMRESOURCEIDENTIFIER,
GENERALNAME_IPADDRESS,
GENERALNAME_REGISTEREDID
} choiceId;
union GeneralNameChoiceUnion
{
ComponentOtherName* otherName; /* [0] OtherName */
ComponentIA5String* rfc822Name; /* [1] IA5String */
ComponentIA5String* dNSName; /* [2] IA5String */
ComponentORAddress* x400Address; /* [3] ORAddress */
ComponentName* directoryName; /* [4] Name */
ComponentEDIPartyName* ediPartyName; /* [5] EDIPartyName */
ComponentIA5String* uniformResourceIdentifier; /* [6] IA5String */
ComponentOcts* iPAddress; /* [7] OCTET STRING */
ComponentOid* registeredID; /* [8] OBJECT IDENTIFIER */
} a;
} ComponentGeneralName;
int MatchingComponentGeneralName PROTO (( char *oid, ComponentSyntaxInfo *, ComponentSyntaxInfo *v2 ));
void* ExtractingComponentGeneralName PROTO (( void* mem_op, ComponentReference *cr, ComponentGeneralName *comp ));
int BDecComponentGeneralName PROTO ((void* mem_op, GenBuf * b, AsnTag tagId0, AsnLen elmtLen0, ComponentGeneralName **v, AsnLen *bytesDecoded, int mode));
int GDecComponentGeneralName PROTO (( void* mem_op, GenBuf * b, ComponentGeneralName **v, AsnLen *bytesDecoded, int mode));
typedef ComponentList ComponentGeneralNames; /* SEQUENCE SIZE 1..MAX OF GeneralName */
int MatchingComponentGeneralNames PROTO (( char *oid, ComponentSyntaxInfo *, ComponentSyntaxInfo *v2 ));
void* ExtractingComponentGeneralNames PROTO (( void* mem_op, ComponentReference *cr, ComponentGeneralNames *comp ));
int BDecComponentGeneralNames PROTO ((void* mem_op, GenBuf * b, AsnTag tagId0, AsnLen elmtLen0, ComponentGeneralNames **v, AsnLen *bytesDecoded, int mode));
int GDecComponentGeneralNames PROTO (( void* mem_op, GenBuf * b, ComponentGeneralNames **v, AsnLen *bytesDecoded, int mode));
typedef struct AuthorityKeyIdentifier /* SEQUENCE */
{
Syntax* syntax;
ComponentDesc* comp_desc;
struct berval identifier;
char id_buf[MAX_IDENTIFIER_LEN];
ComponentKeyIdentifier keyIdentifier; /* [0] KeyIdentifier OPTIONAL */
ComponentGeneralNames* authorityCertIssuer; /* [1] GeneralNames OPTIONAL */
ComponentCertificateSerialNumber* authorityCertSerialNumber; /* [2] CertificateSerialNumber OPTIONAL */
} ComponentAuthorityKeyIdentifier;
int MatchingComponentAuthorityKeyIdentifier PROTO (( char *oid, ComponentSyntaxInfo *, ComponentSyntaxInfo *v2 ));
void* ExtractingComponentAuthorityKeyIdentifier PROTO (( void* mem_op, ComponentReference *cr, ComponentAuthorityKeyIdentifier *comp ));
int BDecComponentAuthorityKeyIdentifier PROTO ((void* mem_op, GenBuf * b, AsnTag tagId0, AsnLen elmtLen0, ComponentAuthorityKeyIdentifier **v, AsnLen *bytesDecoded, int mode));
int GDecComponentAuthorityKeyIdentifier PROTO (( void* mem_op, GenBuf * b, ComponentAuthorityKeyIdentifier **v, AsnLen *bytesDecoded, int mode));
/* ========== Object Declarations ========== */
/* ========== Object Set Declarations ========== */
#ifdef __cplusplus
extern "C" {
#endif
#endif /* conditional include of authorityKeyIdentifier.h */

55
contrib/slapd-modules/comp_match/certificate.asn1
View file

@ -63,7 +63,7 @@ Extensions ::= SEQUENCE SIZE(1..MAX) OF Extension
Extension ::= SEQUENCE {
extnID OBJECT IDENTIFIER,
-- critical BOOLEAN DEFAULT FALSE,
critical BOOLEAN DEFAULT FALSE,
extnValue OCTET STRING
-- contains a DER encoding of a value of type &ExtnType
-- for the extension object identified by extnId --
@ -82,10 +82,63 @@ nullOid2 OBJECT-TYPE
::= { 1 2 840 113549 1 1 1 }
printableStringOid OBJECT-TYPE
SYNTAX PrintableString
ACCESS read-write
STATUS mandatory
::= { 2 5 4 3 }
printableStringOid2 OBJECT-TYPE
SYNTAX PrintableString
ACCESS read-write
STATUS mandatory
::= { 2 5 4 6 }
printableStringOid3 OBJECT-TYPE
SYNTAX PrintableString
ACCESS read-write
STATUS mandatory
::= { 2 5 4 7 }
printableStringOid4 OBJECT-TYPE
SYNTAX PrintableString
ACCESS read-write
STATUS mandatory
::= { 2 5 4 8 }
printableStringOid5 OBJECT-TYPE
SYNTAX PrintableString
ACCESS read-write
STATUS mandatory
::= { 2 5 4 10 }
printableStringOid6 OBJECT-TYPE
SYNTAX PrintableString
ACCESS read-write
STATUS mandatory
::= { 2 5 4 11 }
iA5StringOid OBJECT-TYPE
SYNTAX IA5String
ACCESS read-write
STATUS mandatory
::= { 1 2 840 113549 1 9 1 }
octetStringOid OBJECT-TYPE
SYNTAX OCTET STRING
ACCESS read-write
STATUS mandatory
::= { 2 5 29 19 }
octetStringOid2 OBJECT-TYPE
SYNTAX OCTET STRING
ACCESS read-write
STATUS mandatory
::= { 2 16 840 1 113730 1 13 }
octetStringOid3 OBJECT-TYPE
SYNTAX OCTET STRING
ACCESS read-write
STATUS mandatory
::= { 2 5 29 14 }
END

223
contrib/slapd-modules/comp_match/certificate.c
View file

@ -1,24 +1,51 @@
/*
* certificate.c
* "AuthenticationFramework" ASN.1 module encode/decode/extracting/matching/free C src.
* This file was generated by modified eSMACC compiler Sun Dec 5 19:16:59 2004
* This file was generated by modified eSMACC compiler Sat Dec 11 11:22:49 2004
* The generated files are supposed to be compiled as a module for OpenLDAP Software
*/
#include "certificate.h"
BDecComponentCertificateTop( void* mem_op, GenBuf* b, void **v, AsnLen* bytesDecoded,int mode) {
AsnTag tag;
AsnLen elmtLen;
tag = BDecTag ( b, bytesDecoded );
elmtLen = BDecLen ( b, bytesDecoded );
if ( elmtLen <= 0 ) return (-1);
if ( tag != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE) ) {
return (-1);
}
return BDecComponentCertificate( mem_op, b, tag, elmtLen, (ComponentSyntaxInfo*)v,(int*)bytesDecoded, mode );
}
void init_module_AuthenticationFramework() {
add_OD_entry ( "2.5.4.36", GDecComponentCertificate,
BDecComponentCertificate, NULL);
/* Register Certificate OID and its decoder */
InstallOidDecoderMapping( "2.5.4.36", NULL,
GDecComponentCertificate,
BDecComponentCertificateTop,
ExtractingComponentCertificate,
MatchingComponentCertificate );
InitAnyAuthenticationFramework();
}
void InitAnyAuthenticationFramework()
{
AsnOid oid0 ={ 9, "\52\206\110\206\367\15\1\1\4" };
AsnOid oid1 ={ 9, "\52\206\110\206\367\15\1\1\1" };
AsnOid oid2 ={ 3, "\125\4\6" };
AsnOid oid2 ={ 3, "\125\4\3" };
AsnOid oid3 ={ 3, "\125\4\6" };
AsnOid oid4 ={ 3, "\125\4\7" };
AsnOid oid5 ={ 3, "\125\4\10" };
AsnOid oid6 ={ 3, "\125\4\12" };
AsnOid oid7 ={ 3, "\125\4\13" };
AsnOid oid8 ={ 9, "\52\206\110\206\367\15\1\11\1" };
AsnOid oid9 ={ 3, "\125\35\23" };
AsnOid oid10 ={ 9, "\140\206\110\1\206\370\102\1\15" };
AsnOid oid11 ={ 3, "\125\35\16" };
InstallAnyByComponentOid (nullOid_ANY_ID, &oid0, sizeof (ComponentNull), (EncodeFcn)BEncAsnNull, (gser_decoder_func*)GDecComponentNull, (ber_tag_decoder_func*)BDecComponentNullTag, (ExtractFcn)NULL,(MatchFcn)MatchingComponentNull,(FreeFcn)FreeComponentNull, (PrintFcn)NULL);
@ -27,6 +54,24 @@ void InitAnyAuthenticationFramework()
InstallAnyByComponentOid (printableStringOid_ANY_ID, &oid2, sizeof (ComponentPrintableString), (EncodeFcn)BEncPrintableString, (gser_decoder_func*)GDecComponentPrintableString, (ber_tag_decoder_func*)BDecComponentPrintableStringTag, (ExtractFcn)NULL,(MatchFcn)MatchingComponentPrintableString,(FreeFcn)FreeComponentPrintableString, (PrintFcn)NULL);
InstallAnyByComponentOid (printableStringOid2_ANY_ID, &oid3, sizeof (ComponentPrintableString), (EncodeFcn)BEncPrintableString, (gser_decoder_func*)GDecComponentPrintableString, (ber_tag_decoder_func*)BDecComponentPrintableStringTag, (ExtractFcn)NULL,(MatchFcn)MatchingComponentPrintableString,(FreeFcn)FreeComponentPrintableString, (PrintFcn)NULL);
InstallAnyByComponentOid (printableStringOid3_ANY_ID, &oid4, sizeof (ComponentPrintableString), (EncodeFcn)BEncPrintableString, (gser_decoder_func*)GDecComponentPrintableString, (ber_tag_decoder_func*)BDecComponentPrintableStringTag, (ExtractFcn)NULL,(MatchFcn)MatchingComponentPrintableString,(FreeFcn)FreeComponentPrintableString, (PrintFcn)NULL);
InstallAnyByComponentOid (printableStringOid4_ANY_ID, &oid5, sizeof (ComponentPrintableString), (EncodeFcn)BEncPrintableString, (gser_decoder_func*)GDecComponentPrintableString, (ber_tag_decoder_func*)BDecComponentPrintableStringTag, (ExtractFcn)NULL,(MatchFcn)MatchingComponentPrintableString,(FreeFcn)FreeComponentPrintableString, (PrintFcn)NULL);
InstallAnyByComponentOid (printableStringOid5_ANY_ID, &oid6, sizeof (ComponentPrintableString), (EncodeFcn)BEncPrintableString, (gser_decoder_func*)GDecComponentPrintableString, (ber_tag_decoder_func*)BDecComponentPrintableStringTag, (ExtractFcn)NULL,(MatchFcn)MatchingComponentPrintableString,(FreeFcn)FreeComponentPrintableString, (PrintFcn)NULL);
InstallAnyByComponentOid (printableStringOid6_ANY_ID, &oid7, sizeof (ComponentPrintableString), (EncodeFcn)BEncPrintableString, (gser_decoder_func*)GDecComponentPrintableString, (ber_tag_decoder_func*)BDecComponentPrintableStringTag, (ExtractFcn)NULL,(MatchFcn)MatchingComponentPrintableString,(FreeFcn)FreeComponentPrintableString, (PrintFcn)NULL);
InstallAnyByComponentOid (iA5StringOid_ANY_ID, &oid8, sizeof (ComponentIA5String), (EncodeFcn)BEncIA5String, (gser_decoder_func*)GDecComponentIA5String, (ber_tag_decoder_func*)BDecComponentIA5StringTag, (ExtractFcn)NULL,(MatchFcn)MatchingComponentIA5String,(FreeFcn)FreeComponentIA5String, (PrintFcn)NULL);
InstallAnyByComponentOid (octetStringOid_ANY_ID, &oid9, sizeof (ComponentOcts), (EncodeFcn)BEncAsnOcts, (gser_decoder_func*)GDecComponentOcts, (ber_tag_decoder_func*)BDecComponentOctsTag, (ExtractFcn)NULL,(MatchFcn)MatchingComponentOcts,(FreeFcn)FreeComponentOcts, (PrintFcn)NULL);
InstallAnyByComponentOid (octetStringOid2_ANY_ID, &oid10, sizeof (ComponentOcts), (EncodeFcn)BEncAsnOcts, (gser_decoder_func*)GDecComponentOcts, (ber_tag_decoder_func*)BDecComponentOctsTag, (ExtractFcn)NULL,(MatchFcn)MatchingComponentOcts,(FreeFcn)FreeComponentOcts, (PrintFcn)NULL);
InstallAnyByComponentOid (octetStringOid3_ANY_ID, &oid11, sizeof (ComponentOcts), (EncodeFcn)BEncAsnOcts, (gser_decoder_func*)GDecComponentOcts, (ber_tag_decoder_func*)BDecComponentOctsTag, (ExtractFcn)NULL,(MatchFcn)MatchingComponentOcts,(FreeFcn)FreeComponentOcts, (PrintFcn)NULL);
} /* InitAnyAuthenticationFramework */
@ -64,8 +109,12 @@ ExtractingComponentAlgorithmIdentifier ( void* mem_op, ComponentReference* cr, C
if ( ( comp->parameters.identifier.bv_val && strncmp(comp->parameters.identifier.bv_val, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0 ) || ( strncmp(comp->parameters.id_buf, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0 ) ) {
if ( cr->cr_curr->ci_next == NULL )
return &comp->parameters;
else
else if ( cr->cr_curr->ci_next->ci_type == LDAP_COMPREF_CONTENT) {
cr->cr_curr = cr->cr_curr->ci_next;
return &comp->parameters;
} else {
return NULL;
}
}
return NULL;
} /* ExtractingComponentAlgorithmIdentifier */
@ -101,7 +150,7 @@ int mode)
if (((tagId1 == MAKE_TAG_ID (UNIV, PRIM, OID_TAG_CODE))))
{
elmtLen1 = BDecLen (b, &totalElmtsLen1 );
rc = BDecComponentOid (mem_op, b, tagId1, elmtLen1, (&k->algorithm), &totalElmtsLen1, mode);
rc = BDecComponentOid (mem_op, b, tagId1, elmtLen1, (&k->algorithm), &totalElmtsLen1, mode);
if ( rc != LDAP_SUCCESS ) return rc;
(&k->algorithm)->identifier.bv_val = (&k->algorithm)->id_buf;
(&k->algorithm)->identifier.bv_len = strlen("algorithm");
@ -124,7 +173,7 @@ int mode)
if (!seqDone) {
rc = SetAnyTypeByComponentOid ((&k->parameters), (&k->algorithm));
rc = SetAnyTypeByComponentOid ((&k->parameters), (&k->algorithm));
rc = BDecComponentAnyDefinedBy (mem_op,b, (&k->parameters), &totalElmtsLen1, mode );
if ( rc != LDAP_SUCCESS ) return rc;
(&k->parameters)->identifier.bv_val = (&k->parameters)->id_buf;
@ -216,7 +265,7 @@ int mode)
}
}
if ( strncmp( peek_head, "parameters", strlen("parameters") ) == 0 ) {
rc = SetAnyTypeByComponentOid ((&k->parameters), (&k->algorithm));
rc = rc = SetAnyTypeByComponentOid ((&k->parameters), (&k->algorithm));
rc = GDecComponentAnyDefinedBy (mem_op, b, (&k->parameters), bytesDecoded, mode );
if ( rc != LDAP_SUCCESS ) return rc;
(&k->parameters)->identifier.bv_val = peek_head;
@ -341,7 +390,7 @@ int mode)
case MAKE_TAG_ID (UNIV, PRIM, UTCTIME_TAG_CODE):
case MAKE_TAG_ID (UNIV, CONS, UTCTIME_TAG_CODE):
(k->choiceId) = TIME_UTCTIME;
rc = BDecComponentUTCTime (mem_op, b, tagId0, elmtLen0, (&k->a.utcTime), &totalElmtsLen1, DEC_ALLOC_MODE_0 );
rc = BDecComponentUTCTime (mem_op, b, tagId0, elmtLen0, (&k->a.utcTime), &totalElmtsLen1, DEC_ALLOC_MODE_0 );
if ( rc != LDAP_SUCCESS ) return rc;
(k->a.utcTime)->identifier.bv_val = (k->a.utcTime)->id_buf;
(k->a.utcTime)->identifier.bv_len = strlen("utcTime");
@ -351,7 +400,7 @@ int mode)
case MAKE_TAG_ID (UNIV, PRIM, GENERALIZEDTIME_TAG_CODE):
case MAKE_TAG_ID (UNIV, CONS, GENERALIZEDTIME_TAG_CODE):
(k->choiceId) = TIME_GENERALIZEDTIME;
rc = BDecComponentGeneralizedTime (mem_op, b, tagId0, elmtLen0, (&k->a.generalizedTime), &totalElmtsLen1, DEC_ALLOC_MODE_0 );
rc = BDecComponentGeneralizedTime (mem_op, b, tagId0, elmtLen0, (&k->a.generalizedTime), &totalElmtsLen1, DEC_ALLOC_MODE_0 );
if ( rc != LDAP_SUCCESS ) return rc;
(k->a.generalizedTime)->identifier.bv_val = (k->a.generalizedTime)->id_buf;
(k->a.generalizedTime)->identifier.bv_len = strlen("generalizedTime");
@ -416,14 +465,14 @@ int mode)
Asn1Error("Missing : in encoded data");
return LDAP_PROTOCOL_ERROR;
}
if( strncmp("utcTime",peek_head,sizeof("utcTime")-1) == 0){
if( strncmp("utcTime",peek_head, strlen("utcTime")) == 0){
(k->choiceId) = TIME_UTCTIME;
rc = GDecComponentUTCTime (mem_op, b, (&k->a.utcTime), bytesDecoded, DEC_ALLOC_MODE_0 );
if ( rc != LDAP_SUCCESS ) return rc;
(k->a.utcTime)->identifier.bv_val = peek_head;
(k->a.utcTime)->identifier.bv_len = strLen;
}
else if( strncmp("generalizedTime",peek_head,sizeof("generalizedTime")-1) == 0){
else if( strncmp("generalizedTime",peek_head,strlen("generalizedTime")) == 0){
(k->choiceId) = TIME_GENERALIZEDTIME;
rc = GDecComponentGeneralizedTime (mem_op, b, (&k->a.generalizedTime), bytesDecoded, DEC_ALLOC_MODE_0 );
if ( rc != LDAP_SUCCESS ) return rc;
@ -468,6 +517,9 @@ MatchingComponentExtension ( char* oid, ComponentSyntaxInfo* csi_attr, Component
rc = 1;
rc = MatchingComponentOid ( oid, (ComponentSyntaxInfo*)&((ComponentExtension*)csi_attr)->extnID, (ComponentSyntaxInfo*)&((ComponentExtension*)csi_assert)->extnID );
if ( rc != LDAP_COMPARE_TRUE )
return rc;
rc = MatchingComponentBool ( oid, (ComponentSyntaxInfo*)((ComponentExtension*)csi_attr)->critical, (ComponentSyntaxInfo*)((ComponentExtension*)csi_assert)->critical );
if ( rc != LDAP_COMPARE_TRUE )
return rc;
rc = MatchingComponentOcts ( oid, (ComponentSyntaxInfo*)&((ComponentExtension*)csi_attr)->extnValue, (ComponentSyntaxInfo*)&((ComponentExtension*)csi_assert)->extnValue );
@ -486,11 +538,23 @@ ExtractingComponentExtension ( void* mem_op, ComponentReference* cr, ComponentEx
else
return NULL;
}
if ( ( comp->critical->identifier.bv_val && strncmp(comp->critical->identifier.bv_val, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0 ) || ( strncmp(comp->critical->id_buf, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0 ) ) {
if ( cr->cr_curr->ci_next == NULL )
return comp->critical;
else {
cr->cr_curr = cr->cr_curr->ci_next;
return ExtractingComponentBool ( mem_op, cr, comp->critical );
}
}
if ( ( comp->extnValue.identifier.bv_val && strncmp(comp->extnValue.identifier.bv_val, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0 ) || ( strncmp(comp->extnValue.id_buf, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0 ) ) {
if ( cr->cr_curr->ci_next == NULL )
return &comp->extnValue;
else
else if ( cr->cr_curr->ci_next->ci_type == LDAP_COMPREF_CONTENT) {
cr->cr_curr = cr->cr_curr->ci_next;
return &comp->extnValue;
} else {
return NULL;
}
}
return NULL;
} /* ExtractingComponentExtension */
@ -526,7 +590,7 @@ int mode)
if (((tagId1 == MAKE_TAG_ID (UNIV, PRIM, OID_TAG_CODE))))
{
elmtLen1 = BDecLen (b, &totalElmtsLen1 );
rc = BDecComponentOid (mem_op, b, tagId1, elmtLen1, (&k->extnID), &totalElmtsLen1, mode);
rc = BDecComponentOid (mem_op, b, tagId1, elmtLen1, (&k->extnID), &totalElmtsLen1, mode);
if ( rc != LDAP_SUCCESS ) return rc;
(&k->extnID)->identifier.bv_val = (&k->extnID)->id_buf;
(&k->extnID)->identifier.bv_len = strlen("extnID");
@ -538,11 +602,23 @@ int mode)
if (((tagId1 == MAKE_TAG_ID (UNIV, PRIM, BOOLEAN_TAG_CODE))))
{
elmtLen1 = BDecLen (b, &totalElmtsLen1 );
rc = BDecComponentBool (mem_op, b, tagId1, elmtLen1, (&k->critical), &totalElmtsLen1, DEC_ALLOC_MODE_0 );
if ( rc != LDAP_SUCCESS ) return rc;
(k->critical)->identifier.bv_val = (k->critical)->id_buf;
(k->critical)->identifier.bv_len = strlen("critical");
strcpy( (k->critical)->identifier.bv_val, "critical");
tagId1 = BDecTag (b, &totalElmtsLen1);
}
if (((tagId1 == MAKE_TAG_ID (UNIV, PRIM, OCTETSTRING_TAG_CODE)) ||
(tagId1 == MAKE_TAG_ID (UNIV, CONS, OCTETSTRING_TAG_CODE))))
{
elmtLen1 = BDecLen (b, &totalElmtsLen1 );
rc = BDecComponentOcts (mem_op, b, tagId1, elmtLen1, (&k->extnValue), &totalElmtsLen1, mode);
rc = BDecComponentOcts (mem_op, b, tagId1, elmtLen1, (&k->extnValue), &totalElmtsLen1, mode);
if ( rc != LDAP_SUCCESS ) return rc;
(&k->extnValue)->identifier.bv_val = (&k->extnValue)->id_buf;
(&k->extnValue)->identifier.bv_len = strlen("extnValue");
@ -562,6 +638,14 @@ int mode)
if (!seqDone)
return -1;
if(!COMPONENTNOT_NULL ((k->critical)))
{
(k->critical) = CompAlloc( mem_op, sizeof(ComponentBool));
(k->critical)->identifier.bv_val = (k->critical)->id_buf;
(k->critical)->identifier.bv_len = strlen("critical");
strcpy( (k->critical)->identifier.bv_val, "critical");
(k->critical)->value = 0;
}
if( !(old_mode & DEC_ALLOC_MODE_1) ) {
*v = t = (ComponentExtension*) CompAlloc( mem_op, sizeof(ComponentExtension) );
if ( !t ) return -1;
@ -635,6 +719,28 @@ int mode)
return LDAP_PROTOCOL_ERROR;
}
}
if ( strncmp( peek_head, "critical", strlen("critical") ) == 0 ) {
rc = GDecComponentBool (mem_op, b, (&k->critical), bytesDecoded, DEC_ALLOC_MODE_0 );
if ( rc != LDAP_SUCCESS ) return rc;
( k->critical)->identifier.bv_val = peek_head;
( k->critical)->identifier.bv_len = strLen;
if( !(strLen = LocateNextGSERToken(mem_op,b,&peek_head,GSER_NO_COPY)) ){
Asn1Error("Error during Reading , ");
return LDAP_PROTOCOL_ERROR;
}
if(*peek_head != ','){
Asn1Error("Missing , in encoding");
return LDAP_PROTOCOL_ERROR;
}
if( !(strLen = LocateNextGSERToken(mem_op,b,&peek_head,GSER_NO_COPY)) ){
Asn1Error("Error during Reading identifier");
return LDAP_PROTOCOL_ERROR;
}
}
else {
(k->critical) = CompAlloc( mem_op, sizeof(ComponentBool));
(k->critical)->value = 0;
}
if ( strncmp( peek_head, "extnValue", strlen("extnValue") ) == 0 ) {
rc = GDecComponentOcts (mem_op, b, (&k->extnValue), bytesDecoded, mode);
if ( rc != LDAP_SUCCESS ) return rc;
@ -705,8 +811,12 @@ ExtractingComponentAttributeTypeAndValue ( void* mem_op, ComponentReference* cr,
if ( ( comp->value.identifier.bv_val && strncmp(comp->value.identifier.bv_val, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0 ) || ( strncmp(comp->value.id_buf, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0 ) ) {
if ( cr->cr_curr->ci_next == NULL )
return &comp->value;
else
else if ( cr->cr_curr->ci_next->ci_type == LDAP_COMPREF_SELECT ) {
cr->cr_curr = cr->cr_curr->ci_next;
return &comp->value;
} else {
return NULL;
}
}
return NULL;
} /* ExtractingComponentAttributeTypeAndValue */
@ -742,7 +852,7 @@ int mode)
if (((tagId1 == MAKE_TAG_ID (UNIV, PRIM, OID_TAG_CODE))))
{
elmtLen1 = BDecLen (b, &totalElmtsLen1 );
rc = BDecComponentAttributeType (mem_op, b, tagId1, elmtLen1, (&k->type), &totalElmtsLen1, mode);
rc = BDecComponentAttributeType (mem_op, b, tagId1, elmtLen1, (&k->type), &totalElmtsLen1, mode);
if ( rc != LDAP_SUCCESS ) return rc;
(&k->type)->identifier.bv_val = (&k->type)->id_buf;
(&k->type)->identifier.bv_len = strlen("type");
@ -754,7 +864,7 @@ int mode)
{
rc = SetAnyTypeByComponentOid ((&k->value), (&k->type));
rc = SetAnyTypeByComponentOid ((&k->value), (&k->type));
rc = BDecComponentAnyDefinedBy (mem_op,b, (&k->value), &totalElmtsLen1, mode );
if ( rc != LDAP_SUCCESS ) return rc;
(&k->value)->identifier.bv_val = (&k->value)->id_buf;
@ -846,7 +956,7 @@ int mode)
}
}
if ( strncmp( peek_head, "value", strlen("value") ) == 0 ) {
rc = SetAnyTypeByComponentOid ((&k->value), (&k->type));
rc = rc = SetAnyTypeByComponentOid ((&k->value), (&k->type));
rc = GDecComponentAnyDefinedBy (mem_op, b, (&k->value), bytesDecoded, mode );
if ( rc != LDAP_SUCCESS ) return rc;
(&k->value)->identifier.bv_val = peek_head;
@ -962,7 +1072,7 @@ int mode)
(tagId1 == MAKE_TAG_ID (UNIV, CONS, GENERALIZEDTIME_TAG_CODE))))
{
elmtLen1 = BDecLen (b, &totalElmtsLen1 );
rc = BDecComponentTime (mem_op, b, tagId1, elmtLen1, (&k->notBefore), &totalElmtsLen1, mode);
rc = BDecComponentTime (mem_op, b, tagId1, elmtLen1, (&k->notBefore), &totalElmtsLen1, mode);
if ( rc != LDAP_SUCCESS ) return rc;
(k->notBefore)->identifier.bv_val = (k->notBefore)->id_buf;
(k->notBefore)->identifier.bv_len = strlen("notBefore");
@ -980,7 +1090,7 @@ int mode)
(tagId1 == MAKE_TAG_ID (UNIV, CONS, GENERALIZEDTIME_TAG_CODE))))
{
elmtLen1 = BDecLen (b, &totalElmtsLen1 );
rc = BDecComponentTime (mem_op, b, tagId1, elmtLen1, (&k->notAfter), &totalElmtsLen1, mode);
rc = BDecComponentTime (mem_op, b, tagId1, elmtLen1, (&k->notAfter), &totalElmtsLen1, mode);
if ( rc != LDAP_SUCCESS ) return rc;
(k->notAfter)->identifier.bv_val = (k->notAfter)->id_buf;
(k->notAfter)->identifier.bv_len = strlen("notAfter");
@ -1144,8 +1254,12 @@ ExtractingComponentSubjectPublicKeyInfo ( void* mem_op, ComponentReference* cr,
if ( ( comp->subjectPublicKey.identifier.bv_val && strncmp(comp->subjectPublicKey.identifier.bv_val, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0 ) || ( strncmp(comp->subjectPublicKey.id_buf, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0 ) ) {
if ( cr->cr_curr->ci_next == NULL )
return &comp->subjectPublicKey;
else
else if ( cr->cr_curr->ci_next->ci_type == LDAP_COMPREF_CONTENT) {
cr->cr_curr = cr->cr_curr->ci_next;
return &comp->subjectPublicKey;
} else {
return NULL;
}
}
return NULL;
} /* ExtractingComponentSubjectPublicKeyInfo */
@ -1181,7 +1295,7 @@ int mode)
if (((tagId1 == MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))))
{
elmtLen1 = BDecLen (b, &totalElmtsLen1 );
rc = BDecComponentAlgorithmIdentifier (mem_op, b, tagId1, elmtLen1, (&k->algorithm), &totalElmtsLen1, mode);
rc = BDecComponentAlgorithmIdentifier (mem_op, b, tagId1, elmtLen1, (&k->algorithm), &totalElmtsLen1, mode);
if ( rc != LDAP_SUCCESS ) return rc;
(k->algorithm)->identifier.bv_val = (k->algorithm)->id_buf;
(k->algorithm)->identifier.bv_len = strlen("algorithm");
@ -1197,7 +1311,7 @@ int mode)
(tagId1 == MAKE_TAG_ID (UNIV, CONS, BITSTRING_TAG_CODE))))
{
elmtLen1 = BDecLen (b, &totalElmtsLen1 );
rc = BDecComponentBits (mem_op, b, tagId1, elmtLen1, (&k->subjectPublicKey), &totalElmtsLen1, mode);
rc = BDecComponentBits (mem_op, b, tagId1, elmtLen1, (&k->subjectPublicKey), &totalElmtsLen1, mode);
if ( rc != LDAP_SUCCESS ) return rc;
(&k->subjectPublicKey)->identifier.bv_val = (&k->subjectPublicKey)->id_buf;
(&k->subjectPublicKey)->identifier.bv_len = strlen("subjectPublicKey");
@ -1455,7 +1569,7 @@ int mode)
{
elmtLen1 = BDecLen (b, &totalElmtsLen1 );
tmpVar = (ComponentExtension**) CompAsnListAppend (mem_op,&k->comp_list);
rc = BDecComponentExtension (mem_op, b, tagId1, elmtLen1, tmpVar, &totalElmtsLen1, mode);
rc = BDecComponentExtension (mem_op, b, tagId1, elmtLen1, tmpVar, &totalElmtsLen1, mode);
if ( rc != LDAP_SUCCESS ) return rc;
} /* end of tag check if */
else /* wrong tag */
@ -1698,7 +1812,7 @@ int mode)
{
elmtLen1 = BDecLen (b, &totalElmtsLen1 );
tmpVar = (ComponentAttributeTypeAndValue**) CompAsnListAppend (mem_op,&k->comp_list);
rc = BDecComponentAttributeTypeAndValue (mem_op, b, tagId1, elmtLen1, tmpVar, &totalElmtsLen1, mode);
rc = BDecComponentAttributeTypeAndValue (mem_op, b, tagId1, elmtLen1, tmpVar, &totalElmtsLen1, mode);
if ( rc != LDAP_SUCCESS ) return rc;
} /* end of tag check if */
else /* wrong tag */
@ -1932,7 +2046,7 @@ int mode)
{
elmtLen1 = BDecLen (b, &totalElmtsLen1 );
tmpVar = (ComponentRelativeDistinguishedName**) CompAsnListAppend (mem_op,&k->comp_list);
rc = BDecComponentRelativeDistinguishedName (mem_op, b, tagId1, elmtLen1, tmpVar, &totalElmtsLen1, mode);
rc = BDecComponentRelativeDistinguishedName (mem_op, b, tagId1, elmtLen1, tmpVar, &totalElmtsLen1, mode);
if ( rc != LDAP_SUCCESS ) return rc;
} /* end of tag check if */
else /* wrong tag */
@ -2031,7 +2145,7 @@ int mode)
t->comp_desc->cd_free = (comp_free_func*)NULL;
t->comp_desc->cd_extract_i = (extract_component_from_id_func*)ExtractingComponentRDNSequence;
t->comp_desc->cd_type = ASN_COMPOSITE;
t->comp_desc->cd_type_id = RDNSequence;
t->comp_desc->cd_type_id = RDNSequence ;
t->comp_desc->cd_all_match = (allcomponent_matching_func*)MatchingComponentRDNSequence;
return LDAP_SUCCESS;
} /* GDecRDNSequenceContent */
@ -2112,7 +2226,7 @@ int mode)
{
case MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE):
(k->choiceId) = NAME_RDNSEQUENCE;
rc = BDecComponentRDNSequence (mem_op, b, tagId0, elmtLen0, (&k->a.rdnSequence), &totalElmtsLen1, mode);
rc = BDecComponentRDNSequence (mem_op, b, tagId0, elmtLen0, (&k->a.rdnSequence), &totalElmtsLen1, mode);
if ( rc != LDAP_SUCCESS ) return rc;
(k->a.rdnSequence)->identifier.bv_val = (k->a.rdnSequence)->id_buf;
(k->a.rdnSequence)->identifier.bv_len = strlen("rdnSequence");
@ -2177,7 +2291,7 @@ int mode)
Asn1Error("Missing : in encoded data");
return LDAP_PROTOCOL_ERROR;
}
if( strncmp("rdnSequence",peek_head,sizeof("rdnSequence")-1) == 0){
if( strncmp("rdnSequence",peek_head, strlen("rdnSequence")) == 0){
(k->choiceId) = NAME_RDNSEQUENCE;
rc = GDecComponentRDNSequence (mem_op, b, (&k->a.rdnSequence), bytesDecoded, mode);
if ( rc != LDAP_SUCCESS ) return rc;
@ -2317,14 +2431,22 @@ ExtractingComponentTBSCertificate ( void* mem_op, ComponentReference* cr, Compon
if ( ( comp->issuerUniqueIdentifier.identifier.bv_val && strncmp(comp->issuerUniqueIdentifier.identifier.bv_val, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0 ) || ( strncmp(comp->issuerUniqueIdentifier.id_buf, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0 ) ) {
if ( cr->cr_curr->ci_next == NULL )
return &comp->issuerUniqueIdentifier;
else
else if ( cr->cr_curr->ci_next->ci_type == LDAP_COMPREF_CONTENT) {
cr->cr_curr = cr->cr_curr->ci_next;
return &comp->issuerUniqueIdentifier;
} else {
return NULL;
}
}
if ( ( comp->subjectUniqueIdentifier.identifier.bv_val && strncmp(comp->subjectUniqueIdentifier.identifier.bv_val, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0 ) || ( strncmp(comp->subjectUniqueIdentifier.id_buf, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0 ) ) {
if ( cr->cr_curr->ci_next == NULL )
return &comp->subjectUniqueIdentifier;
else
else if ( cr->cr_curr->ci_next->ci_type == LDAP_COMPREF_CONTENT) {
cr->cr_curr = cr->cr_curr->ci_next;
return &comp->subjectUniqueIdentifier;
} else {
return NULL;
}
}
if ( ( comp->extensions->identifier.bv_val && strncmp(comp->extensions->identifier.bv_val, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0 ) || ( strncmp(comp->extensions->id_buf, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0 ) ) {
if ( cr->cr_curr->ci_next == NULL )
@ -2380,7 +2502,7 @@ int mode)
}
elmtLen2 = BDecLen (b, &totalElmtsLen1 );
rc = BDecComponentVersion (mem_op, b, tagId2, elmtLen2, (&k->version), &totalElmtsLen1, DEC_ALLOC_MODE_0 );
rc = BDecComponentVersion (mem_op, b, tagId2, elmtLen2, (&k->version), &totalElmtsLen1, DEC_ALLOC_MODE_0 );
if ( rc != LDAP_SUCCESS ) return rc;
(k->version)->identifier.bv_val = (k->version)->id_buf;
(k->version)->identifier.bv_len = strlen("version");
@ -2394,7 +2516,7 @@ int mode)
if (((tagId1 == MAKE_TAG_ID (UNIV, PRIM, INTEGER_TAG_CODE))))
{
elmtLen1 = BDecLen (b, &totalElmtsLen1 );
rc = BDecComponentCertificateSerialNumber (mem_op, b, tagId1, elmtLen1, (&k->serialNumber), &totalElmtsLen1, mode);
rc = BDecComponentCertificateSerialNumber (mem_op, b, tagId1, elmtLen1, (&k->serialNumber), &totalElmtsLen1, mode);
if ( rc != LDAP_SUCCESS ) return rc;
(&k->serialNumber)->identifier.bv_val = (&k->serialNumber)->id_buf;
(&k->serialNumber)->identifier.bv_len = strlen("serialNumber");
@ -2409,7 +2531,7 @@ int mode)
if (((tagId1 == MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))))
{
elmtLen1 = BDecLen (b, &totalElmtsLen1 );
rc = BDecComponentAlgorithmIdentifier (mem_op, b, tagId1, elmtLen1, (&k->signature), &totalElmtsLen1, mode);
rc = BDecComponentAlgorithmIdentifier (mem_op, b, tagId1, elmtLen1, (&k->signature), &totalElmtsLen1, mode);
if ( rc != LDAP_SUCCESS ) return rc;
(k->signature)->identifier.bv_val = (k->signature)->id_buf;
(k->signature)->identifier.bv_len = strlen("signature");
@ -2424,7 +2546,7 @@ int mode)
if (((tagId1 == MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))))
{
elmtLen1 = BDecLen (b, &totalElmtsLen1 );
rc = BDecComponentName (mem_op, b, tagId1, elmtLen1, (&k->issuer), &totalElmtsLen1, mode);
rc = BDecComponentName (mem_op, b, tagId1, elmtLen1, (&k->issuer), &totalElmtsLen1, mode);
if ( rc != LDAP_SUCCESS ) return rc;
(k->issuer)->identifier.bv_val = (k->issuer)->id_buf;
(k->issuer)->identifier.bv_len = strlen("issuer");
@ -2439,7 +2561,7 @@ int mode)
if (((tagId1 == MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))))
{
elmtLen1 = BDecLen (b, &totalElmtsLen1 );
rc = BDecComponentValidity (mem_op, b, tagId1, elmtLen1, (&k->validity), &totalElmtsLen1, mode);
rc = BDecComponentValidity (mem_op, b, tagId1, elmtLen1, (&k->validity), &totalElmtsLen1, mode);
if ( rc != LDAP_SUCCESS ) return rc;
(k->validity)->identifier.bv_val = (k->validity)->id_buf;
(k->validity)->identifier.bv_len = strlen("validity");
@ -2454,7 +2576,7 @@ int mode)
if (((tagId1 == MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))))
{
elmtLen1 = BDecLen (b, &totalElmtsLen1 );
rc = BDecComponentName (mem_op, b, tagId1, elmtLen1, (&k->subject), &totalElmtsLen1, mode);
rc = BDecComponentName (mem_op, b, tagId1, elmtLen1, (&k->subject), &totalElmtsLen1, mode);
if ( rc != LDAP_SUCCESS ) return rc;
(k->subject)->identifier.bv_val = (k->subject)->id_buf;
(k->subject)->identifier.bv_len = strlen("subject");
@ -2469,7 +2591,7 @@ int mode)
if (((tagId1 == MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))))
{
elmtLen1 = BDecLen (b, &totalElmtsLen1 );
rc = BDecComponentSubjectPublicKeyInfo (mem_op, b, tagId1, elmtLen1, (&k->subjectPublicKeyInfo), &totalElmtsLen1, mode);
rc = BDecComponentSubjectPublicKeyInfo (mem_op, b, tagId1, elmtLen1, (&k->subjectPublicKeyInfo), &totalElmtsLen1, mode);
if ( rc != LDAP_SUCCESS ) return rc;
(k->subjectPublicKeyInfo)->identifier.bv_val = (k->subjectPublicKeyInfo)->id_buf;
(k->subjectPublicKeyInfo)->identifier.bv_len = strlen("subjectPublicKeyInfo");
@ -2496,7 +2618,7 @@ int mode)
(tagId1 == MAKE_TAG_ID (CNTX, CONS, 1))))
{
elmtLen1 = BDecLen (b, &totalElmtsLen1 );
rc = BDecComponentUniqueIdentifier (mem_op, b, tagId1, elmtLen1, (&k->issuerUniqueIdentifier), &totalElmtsLen1, mode);
rc = BDecComponentUniqueIdentifier (mem_op, b, tagId1, elmtLen1, (&k->issuerUniqueIdentifier), &totalElmtsLen1, mode);
if ( rc != LDAP_SUCCESS ) return rc;
(&k->issuerUniqueIdentifier)->identifier.bv_val = (&k->issuerUniqueIdentifier)->id_buf;
(&k->issuerUniqueIdentifier)->identifier.bv_len = strlen("issuerUniqueIdentifier");
@ -2520,7 +2642,7 @@ int mode)
(tagId1 == MAKE_TAG_ID (CNTX, CONS, 2))))
{
elmtLen1 = BDecLen (b, &totalElmtsLen1 );
rc = BDecComponentUniqueIdentifier (mem_op, b, tagId1, elmtLen1, (&k->subjectUniqueIdentifier), &totalElmtsLen1, mode);
rc = BDecComponentUniqueIdentifier (mem_op, b, tagId1, elmtLen1, (&k->subjectUniqueIdentifier), &totalElmtsLen1, mode);
if ( rc != LDAP_SUCCESS ) return rc;
(&k->subjectUniqueIdentifier)->identifier.bv_val = (&k->subjectUniqueIdentifier)->id_buf;
(&k->subjectUniqueIdentifier)->identifier.bv_len = strlen("subjectUniqueIdentifier");
@ -2552,7 +2674,7 @@ int mode)
}
elmtLen2 = BDecLen (b, &totalElmtsLen1 );
rc = BDecComponentExtensions (mem_op, b, tagId2, elmtLen2, (&k->extensions), &totalElmtsLen1, mode);
rc = BDecComponentExtensions (mem_op, b, tagId2, elmtLen2, (&k->extensions), &totalElmtsLen1, mode);
if ( rc != LDAP_SUCCESS ) return rc;
(k->extensions)->identifier.bv_val = (k->extensions)->id_buf;
(k->extensions)->identifier.bv_len = strlen("extensions");
@ -2573,6 +2695,10 @@ int mode)
if(!COMPONENTNOT_NULL ((k->version)))
{
(k->version) = CompAlloc( mem_op, sizeof(ComponentVersion));
(k->version)->identifier.bv_val = (k->version)->id_buf;
(k->version)->identifier.bv_len = strlen("version");
strcpy( (k->version)->identifier.bv_val, "version");
(k->version)->value = 0;
}
if( !(old_mode & DEC_ALLOC_MODE_1) ) {
@ -2649,6 +2775,7 @@ int mode)
}
}
else {
(k->version) = CompAlloc( mem_op, sizeof(ComponentVersion));
(k->version)->value = 0;
}
if ( strncmp( peek_head, "serialNumber", strlen("serialNumber") ) == 0 ) {
@ -2877,8 +3004,12 @@ ExtractingComponentCertificate ( void* mem_op, ComponentReference* cr, Component
if ( ( comp->signature.identifier.bv_val && strncmp(comp->signature.identifier.bv_val, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0 ) || ( strncmp(comp->signature.id_buf, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0 ) ) {
if ( cr->cr_curr->ci_next == NULL )
return &comp->signature;
else
else if ( cr->cr_curr->ci_next->ci_type == LDAP_COMPREF_CONTENT) {
cr->cr_curr = cr->cr_curr->ci_next;
return &comp->signature;
} else {
return NULL;
}
}
return NULL;
} /* ExtractingComponentCertificate */
@ -2914,7 +3045,7 @@ int mode)
if (((tagId1 == MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))))
{
elmtLen1 = BDecLen (b, &totalElmtsLen1 );
rc = BDecComponentTBSCertificate (mem_op, b, tagId1, elmtLen1, (&k->tbsCertificate), &totalElmtsLen1, mode);
rc = BDecComponentTBSCertificate (mem_op, b, tagId1, elmtLen1, (&k->tbsCertificate), &totalElmtsLen1, mode);
if ( rc != LDAP_SUCCESS ) return rc;
(k->tbsCertificate)->identifier.bv_val = (k->tbsCertificate)->id_buf;
(k->tbsCertificate)->identifier.bv_len = strlen("tbsCertificate");
@ -2929,7 +3060,7 @@ int mode)
if (((tagId1 == MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))))
{
elmtLen1 = BDecLen (b, &totalElmtsLen1 );
rc = BDecComponentAlgorithmIdentifier (mem_op, b, tagId1, elmtLen1, (&k->signatureAlgorithm), &totalElmtsLen1, mode);
rc = BDecComponentAlgorithmIdentifier (mem_op, b, tagId1, elmtLen1, (&k->signatureAlgorithm), &totalElmtsLen1, mode);
if ( rc != LDAP_SUCCESS ) return rc;
(k->signatureAlgorithm)->identifier.bv_val = (k->signatureAlgorithm)->id_buf;
(k->signatureAlgorithm)->identifier.bv_len = strlen("signatureAlgorithm");
@ -2945,7 +3076,7 @@ int mode)
(tagId1 == MAKE_TAG_ID (UNIV, CONS, BITSTRING_TAG_CODE))))
{
elmtLen1 = BDecLen (b, &totalElmtsLen1 );
rc = BDecComponentBits (mem_op, b, tagId1, elmtLen1, (&k->signature), &totalElmtsLen1, mode);
rc = BDecComponentBits (mem_op, b, tagId1, elmtLen1, (&k->signature), &totalElmtsLen1, mode);
if ( rc != LDAP_SUCCESS ) return rc;
(&k->signature)->identifier.bv_val = (&k->signature)->id_buf;
(&k->signature)->identifier.bv_len = strlen("signature");

16
contrib/slapd-modules/comp_match/certificate.h
View file

@ -3,7 +3,7 @@
/*
* certificate.h
* "AuthenticationFramework" ASN.1 module encode/decode/extracting/matching/free C src.
* This file was generated by modified eSMACC compiler Sun Dec 5 19:16:59 2004
* This file was generated by modified eSMACC compiler Sat Dec 11 11:22:49 2004
* The generated files are strongly encouraged to be
* compiled as a module for OpenLDAP Software
*/
@ -20,12 +20,21 @@ extern "C" {
#ifdef _WIN32
#pragma warning( disable : 4101 )
#endif
#include "component.h"
#include "componentlib.h"
typedef enum AuthenticationFrameworkAnyId
{
nullOid_ANY_ID = 0,
nullOid2_ANY_ID = 1,
printableStringOid_ANY_ID = 2} AuthenticationFrameworkAnyId;
printableStringOid_ANY_ID = 2,
printableStringOid2_ANY_ID = 3,
printableStringOid3_ANY_ID = 4,
printableStringOid4_ANY_ID = 5,
printableStringOid5_ANY_ID = 6,
printableStringOid6_ANY_ID = 7,
iA5StringOid_ANY_ID = 8,
octetStringOid_ANY_ID = 9,
octetStringOid2_ANY_ID = 10,
octetStringOid3_ANY_ID = 11} AuthenticationFrameworkAnyId;
void InitAnyAuthenticationFramework();
@ -140,6 +149,7 @@ typedef struct Extension /* SEQUENCE */
struct berval identifier;
char id_buf[MAX_IDENTIFIER_LEN];
ComponentOid extnID; /* OBJECT IDENTIFIER */
ComponentBool* critical; /* BOOLEAN DEFAULT FALSE */
ComponentOcts extnValue; /* OCTET STRING */
} ComponentExtension;

226
contrib/slapd-modules/comp_match/componentlib.c
View file

@ -16,8 +16,9 @@
#include "lutil.h"
#include <ldap.h>
#include "slap.h"
#include "component.h"
#include "componentlib.h"
#include "asn.h"
#include <asn-gser.h>
#include <stdlib.h>
@ -1935,6 +1936,37 @@ BDecComponentVisibleString ( void* mem_op, GenBuf *b, AsnTag tagId, AsnLen len,
/*
* Routines for handling an ANY DEFINED Type
*/
/* Check if the <select> type CR and the OID of the given ANY type */
int
CheckSelectTypeCorrect ( void* mem_op, ComponentAnyInfo* cai, struct berval* select ) {
int strLen;
AttributeType* ad_type;
char* oid;
char* result;
if ( IsNumericOid ( select->bv_val , select->bv_len ) ) {
oid = select->bv_val;
strLen = select->bv_len;
} else {
ad_type = at_bvfind( select );
if ( !ad_type )
return LDAP_DECODING_ERROR;
oid = ad_type->sat_atype.at_oid;
strLen = strlen ( oid );
}
result = EncodeComponentOid ( mem_op, oid , &strLen );
if ( !result || strLen <= 0 ) return (-1);
if ( cai->oid.octetLen == strLen &&
strncmp ( cai->oid.octs, result, strLen ) == 0 )
return (1);
else
return (-1);
}
int
SetAnyTypeByComponentOid ( ComponentAny *v, ComponentOid *id ) {
Hash hash;
@ -1977,7 +2009,8 @@ GEncComponentAny ( GenBuf *b, ComponentAny *in )
}
int
BDecComponentAny ( void* mem_op, GenBuf *b, ComponentAny *result, AsnLen *bytesDecoded, int mode) {
BEncComponentAny ( void* mem_op, GenBuf *b, ComponentAny *result, AsnLen *bytesDecoded, int mode)
{
ComponentAny *k, **k2;
k = (ComponentAny*) result;
@ -2018,6 +2051,55 @@ BDecComponentAny ( void* mem_op, GenBuf *b, ComponentAny *result, AsnLen *bytesD
}
}
int
BDecComponentAny ( void* mem_op, GenBuf *b, ComponentAny *result, AsnLen *bytesDecoded, int mode) {
int rc;
ComponentAny *k, **k2;
k = (ComponentAny*) result;
if ( !k ) return (-1);
if ( mode & DEC_ALLOC_MODE_0 ) {
k2 = (ComponentAny**) result;
*k2 = (ComponentAny*) CompAlloc( mem_op, sizeof( ComponentAny ) );
if ( !*k2 ) return LDAP_DECODING_ERROR;
k = *k2;
}
if ((result->cai != NULL) && (result->cai->BER_Decode != NULL)) {
#if 0
result->value = (void*) CompAlloc ( mem_op, result->cai->size );
if ( !result->value ) return 0;
#endif
result->cai->BER_Decode ( mem_op, b, &result->value, (int*)bytesDecoded, DEC_ALLOC_MODE_0 );
#if 0
rc = BDecComponentTop( result->cai->BER_Decode, mem_op, 0, 0, &result->value, bytesDecoded, DEC_ALLOC_MODE_0 );
if ( rc != LDAP_SUCCESS ) return rc;
#endif
k->comp_desc = CompAlloc( mem_op, sizeof( ComponentDesc ) );
if ( !k->comp_desc ) {
if ( k ) CompFree ( mem_op, k );
return LDAP_DECODING_ERROR;
}
k->comp_desc->cd_gser_decoder = (gser_decoder_func*)GDecComponentAny;
k->comp_desc->cd_ber_decoder = (ber_decoder_func*)BDecComponentAny;
k->comp_desc->cd_free = (comp_free_func*)FreeComponentAny;
k->comp_desc->cd_pretty = (slap_syntax_transform_func*)NULL;
k->comp_desc->cd_validate = (slap_syntax_validate_func*)NULL;
k->comp_desc->cd_extract_i = NULL;
k->comp_desc->cd_type = ASN_BASIC;
k->comp_desc->cd_type_id = BASICTYPE_ANY;
k->comp_desc->cd_all_match = (allcomponent_matching_func*)MatchingComponentAny;
return LDAP_SUCCESS;
}
else {
Asn1Error ("ERROR - Component ANY Decode routine is NULL\n");
return 0;
}
}
int
GDecComponentAny ( void* mem_op, GenBuf *b, ComponentAny *result, AsnLen *bytesDecoded, int mode) {
ComponentAny *k, **k2;
@ -2137,6 +2219,112 @@ InstallAnyByComponentInt (int anyId, ComponentInt intId, unsigned int size,
Insert(anyIntHashTblG, a, h);
}
/*
* OID and its corresponding decoder can be registerd with this func.
* If contained types constrained by <select> are used,
* their OID and decoder MUST be registered, otherwise it will return no entry.
* An open type(ANY type) also need be registered.
*/
void
InstallOidDecoderMapping ( char* ch_oid, EncodeFcn encode, gser_decoder_func* G_decode, ber_tag_decoder_func* B_decode, ExtractFcn extract, MatchFcn match ) {
AsnOid oid;
int strLen;
void* mem_op;
strLen = strlen( ch_oid );
if( strLen <= 0 ) return;
mem_op = comp_nibble_memory_allocator ( 128, 16 );
oid.octs = EncodeComponentOid ( mem_op, ch_oid, &strLen );
oid.octetLen = strLen;
if( strLen <= 0 ) return;
InstallAnyByComponentOid ( 0, &oid, 0, encode, G_decode, B_decode,
extract, match, NULL, NULL);
comp_nibble_memory_free(mem_op);
}
/*
* Look up Oid-decoder mapping table by berval have either
* oid or description
*/
OidDecoderMapping*
RetrieveOidDecoderMappingbyBV( struct berval* in ) {
if ( IsNumericOid ( in->bv_val, in->bv_len ) )
return RetrieveOidDecoderMappingbyOid( in->bv_val, in->bv_len );
else
return RetrieveOidDecoderMappingbyDesc( in->bv_val, in->bv_len );
}
/*
* Look up Oid-decoder mapping table by dotted OID
*/
OidDecoderMapping*
RetrieveOidDecoderMappingbyOid( char* ch_oid, int oid_len ) {
Hash hash;
void *anyInfo;
AsnOid oid;
int strLen;
void* mem_op;
mem_op = comp_nibble_memory_allocator ( 128, 16 );
oid.octs = EncodeComponentOid ( mem_op, ch_oid, &oid_len);
oid.octetLen = oid_len;
if( strLen <= 0 ) {
comp_nibble_memory_free( mem_op );
return;
}
/* use encoded oid as hash string */
hash = MakeHash ( oid.octs, oid.octetLen);
comp_nibble_memory_free( mem_op );
if (CheckForAndReturnValue (anyOidHashTblG, hash, &anyInfo))
return (OidDecoderMapping*) anyInfo;
else
return (OidDecoderMapping*) NULL;
}
/*
* Look up Oid-decoder mapping table by description
*/
OidDecoderMapping*
RetrieveOidDecoderMappingbyDesc( char* desc, int desc_len ) {
Hash hash;
void *anyInfo;
AsnOid oid;
AttributeType* ad_type;
struct berval bv;
void* mem_op;
bv.bv_val = desc;
bv.bv_len = desc_len;
ad_type = at_bvfind( &bv );
oid.octs = ad_type->sat_atype.at_oid;
oid.octetLen = strlen ( oid.octs );
if ( !ad_type )
return (OidDecoderMapping*) NULL;
mem_op = comp_nibble_memory_allocator ( 128, 16 );
oid.octs = EncodeComponentOid ( mem_op, oid.octs , &oid.octetLen );
if( oid.octetLen <= 0 ) {
comp_nibble_memory_free( mem_op );
return (OidDecoderMapping*) NULL;
}
/* use encoded oid as hash string */
hash = MakeHash ( oid.octs, oid.octetLen);
comp_nibble_memory_free( mem_op );
if (CheckForAndReturnValue (anyOidHashTblG, hash, &anyInfo))
return (OidDecoderMapping*) anyInfo;
else
return (OidDecoderMapping*) NULL;
}
void
InstallAnyByComponentOid (int anyId, AsnOid *oid, unsigned int size,
EncodeFcn encode, gser_decoder_func* G_decode,
@ -2148,8 +2336,11 @@ InstallAnyByComponentOid (int anyId, AsnOid *oid, unsigned int size,
a = (ComponentAnyInfo*) malloc (sizeof (ComponentAnyInfo));
a->anyId = anyId;
a->oid.octs = NULL;
a->oid.octetLen = 0;
if ( oid ) {
a->oid.octs = malloc( oid->octetLen );
memcpy ( a->oid.octs, oid->octs, oid->octetLen );
a->oid.octetLen = oid->octetLen;
}
a->size = size;
a->Encode = encode;
a->GSER_Decode = G_decode;
@ -2180,9 +2371,9 @@ AsnLen *bytesDecoded _AND_
int mode) {
tag = BDecTag ( b, bytesDecoded );
elmtLen = BDecLen ( b, bytesDecoded );
if ( elmtLen <= 0 ) return (-1);
if ( tag != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE) ) {
printf("Invliad Tag\n");
exit (1);
return (-1);
}
return (*decoder)( mem_op, b, tag, elmtLen, (ComponentSyntaxInfo*)v,(int*)bytesDecoded, mode );
@ -2212,9 +2403,8 @@ int mode) {
* LDAP Encodings : cn=sang,o=ibm,c=us
*/
int
increment_bv_mem ( struct berval* in ) {
int new_size = in->bv_len + INCREMENT_SIZE;
increment_bv_mem_by_size ( struct berval* in, int size ) {
int new_size = in->bv_len + size;
in->bv_val = realloc( in->bv_val, new_size );
in->bv_len = new_size;
}
@ -2245,7 +2435,7 @@ ConvertBER2Desc( char* in, int size, struct berval* out, int* pos ) {
/*check if the buffer can store the first/second arc and two dots*/
if ( out->bv_len < *pos + 2 + 1 + rc )
increment_bv_mem ( out );
increment_bv_mem_by_size ( out, INCREMENT_SIZE );
if ( firstArcNum == 1)
out->bv_val[*pos] = '1';
@ -2269,7 +2459,7 @@ ConvertBER2Desc( char* in, int size, struct berval* out, int* pos ) {
rc = intToAscii ( arcNum, buf );
if ( out->bv_len < *pos + rc + 1 )
increment_bv_mem ( out );
increment_bv_mem_by_size ( out, INCREMENT_SIZE );
memcpy( out->bv_val + *pos, buf, rc );
*pos += rc;
@ -2303,14 +2493,14 @@ ConvertComponentAttributeTypeAndValue2RFC2253 ( irAttributeTypeAndValue* in, str
rc = ConvertBER2Desc( in->type.value.octs, in->type.value.octetLen, out, pos );
if ( rc != LDAP_SUCCESS ) return rc;
if ( out->bv_len < *pos + 1/*for '='*/ )
increment_bv_mem ( out );
increment_bv_mem_by_size ( out, INCREMENT_SIZE );
/*Between type and value, put '='*/
out->bv_val[*pos] = '=';
(*pos)++;
/*Assume it is string*/
if ( out->bv_len < *pos + value_size )
increment_bv_mem ( out );
increment_bv_mem_by_size ( out, INCREMENT_SIZE );
memcpy( out->bv_val + *pos, value_ptr, value_size );
out->bv_len += value_size;
*pos += value_size;
@ -2329,10 +2519,10 @@ ConvertRelativeDistinguishedName2RFC2253 ( irRelativeDistinguishedName* in, stru
rc = ConvertComponentAttributeTypeAndValue2RFC2253( attr_typeNvalue, out, pos );
if ( rc != LDAP_SUCCESS ) return LDAP_INVALID_SYNTAX;
if ( out->bv_len < pos + 1/*for '+'*/ )
increment_bv_mem ( out );
if ( out->bv_len < *pos + 1/*for '+'*/ )
increment_bv_mem_by_size ( out, INCREMENT_SIZE );
/*between multivalued RDNs, put comma*/
out->bv_val[*pos++] = '+';
out->bv_val[(*pos)++] = '+';
}
(*pos)--;/*remove the last '+'*/
return LDAP_SUCCESS;
@ -2366,13 +2556,13 @@ ConvertRDNSequence2RFC2253( irRDNSequence *in, struct berval* out ) {
if ( rc != LDAP_SUCCESS ) return LDAP_INVALID_SYNTAX;
if ( out->bv_len < pos + 1/*for ','*/ )
increment_bv_mem ( out );
increment_bv_mem_by_size ( out, INCREMENT_SIZE );
/*Between RDN, put comma*/
out->bv_val[pos++] = ',';
}
pos--;/*remove the last '+'*/
out->bv_val[pos] = '\0';
out->bv_len = pos;
out->bv_len =pos;
return LDAP_SUCCESS;
}

18
contrib/slapd-modules/comp_match/component.h → contrib/slapd-modules/comp_match/componentlib.h
View file

@ -19,6 +19,7 @@
#include "lutil.h"
#include <ldap.h>
#include <slap.h>
#include <component.h>
#include <asn-incl.h>
#include "asn.h"
@ -115,6 +116,8 @@ typedef struct ComponentIA5String {
#define GEncComponentIA5String GEncComponentUTF8String
#define GDecComponentIA5String GDecComponentUTF8String
int
BDecComponentIA5StringTag ( void* mem_op, GenBuf *b, void *v, AsnLen *bytesDecoded, int mode );
int BDecComponentIA5String ( void* mem_op, GenBuf *b, AsnTag tagId, AsnLen len, void *result, AsnLen *bytesDecoded, int mode);
#define MatchingComponentIA5String MatchingComponentOcts
#define ExtractingComponentIA5String(mem_op, cr,data) NULL
@ -202,6 +205,7 @@ typedef struct ComponentOcts {
#define GASNOCTS_PRESENT(aocts) ((aocts)->value.octs != NULL)
int GEncComponentOcts (GenBuf *b, ComponentOcts *octs);
int GDecComponentOcts (void* mem_op, GenBuf *b, void *result, AsnLen *bytesDecoded, int mode);
int BDecComponentOctsTag ( void* mem_op, GenBuf *b, void *v, AsnLen *bytesDecoded, int mode );
int BDecComponentOcts (void* mem_op, GenBuf *b, AsnTag tagId, AsnLen len, void *result, AsnLen *bytesDecoded, int mode);
int MatchingComponentOcts (char* oid, ComponentSyntaxInfo *a, ComponentSyntaxInfo *b);
#define ExtractingComponentOcts(mem_op,cr,data) NULL
@ -376,6 +380,8 @@ typedef struct ComponentAnyInfo
PrintFcn Print;
} ComponentAnyInfo;
typedef struct ComponentAnyInfo OidDecoderMapping ;
typedef struct ComponentAny{
void* syntax;
ComponentDesc *comp_desc;
@ -402,7 +408,11 @@ void InstallAnyByComponentInt (int anyId, ComponentInt intId, unsigned int size,
void InstallAnyByComponentOid (int anyId, AsnOid *oid, unsigned int size, EncodeFcn encode, gser_decoder_func* G_decode, ber_tag_decoder_func* B_decode, ExtractFcn extract, MatchFcn match, FreeFcn free, PrintFcn print);
int CheckSelectTypeCorrect ( void* mem_op, ComponentAnyInfo *v, struct berval* select );
OidDecoderMapping* RetrieveOidDecoderMappingbyBV( struct berval* in );
OidDecoderMapping* RetrieveOidDecoderMappingbyOid( char* ch_oid, int oid_len );
OidDecoderMapping* RetrieveOidDecoderMappingbyDesc( char* desc, int desc_len );
/*
* UTCTime
*/
@ -511,12 +521,17 @@ retrieve_matching_rule( char* mr_oid, AsnTypeId type );
#define INITIAL_DN_SIZE 128
#define INITIAL_ATTR_SIZE 256
#define INCREMENT_SIZE 32
/*
* Followings are for conversion from ASN.1 RDN and DN to
* LDAP encodings
*/
#define MAX_ALIASING_ENTRY 128
int increment_bv_mem ( struct berval* in );
int intToAscii ( int value, char* buf );
typedef ComponentList irRDNSequence;
typedef ComponentList irRelativeDistinguishedName;
typedef ComponentOid irAttributeType;
typedef struct irAttributeTypeAndValue /* SEQUENCE */
typedef struct comp_irAttributeTypeAndValue /* SEQUENCE */
{
Syntax* syntax;
ComponentDesc* comp_desc;
@ -527,4 +542,5 @@ typedef struct irAttributeTypeAndValue /* SEQUENCE */
} irAttributeTypeAndValue;
#define RDN_MATCH_OID "1.2.36.79672281.1.13.3"
#define DN_MATCH_OID "2.5.13.1"
#endif

527
contrib/slapd-modules/comp_match/init.c
View file

@ -16,8 +16,9 @@
#include "lutil.h"
#include <ldap.h>
#include "slap.h"
#include "component.h"
#include "componentlib.h"
#include "asn.h"
#include <asn-gser.h>
@ -27,6 +28,11 @@
#define SLAPD_COMP_MATCH SLAPD_MOD_DYNAMIC
#endif
/*
* Attribute and MatchingRule aliasing table
*/
AttributeAliasing aa_table [ MAX_ALIASING_ENTRY ];
MatchingRuleAliasing mra_table [ MAX_ALIASING_ENTRY ];
OD_entry* gOD_table = NULL;
AsnTypetoMatchingRuleTable* gATMR_table = NULL;
@ -35,6 +41,90 @@ int
load_derived_matching_rule ( char* cfg_path ){
}
AttributeAliasing*
comp_is_aliased_attribute( void *in )
{
AttributeAliasing* curr_aa;
int i;
AttributeDescription *ad = (AttributeDescription*)in;
for ( i = 0; aa_table[i].aa_aliasing_ad && i < MAX_ALIASING_ENTRY; i++ ) {
if ( strncmp(aa_table[i].aa_aliasing_ad->ad_cname.bv_val , ad->ad_cname.bv_val, ad->ad_cname.bv_len) == 0 )
return &aa_table[i];
}
return NULL;
}
static int
add_aa_entry( int index, char* aliasing_at_name, char* aliased_at_name, char* mr_name, char* component_filter )
{
char text[1][128];
int rc;
struct berval type;
/* get and store aliasing AttributeDescription */
type.bv_val = aliasing_at_name;
type.bv_len = strlen ( aliasing_at_name );
rc = slap_bv2ad ( &type, &aa_table[index].aa_aliasing_ad,(char**)text );
if ( rc != LDAP_SUCCESS ) return rc;
/* get and store aliased AttributeDescription */
type.bv_val = aliased_at_name;
type.bv_len = strlen ( aliased_at_name );
rc = slap_bv2ad ( &type, &aa_table[index].aa_aliased_ad,(char**)text );
if ( rc != LDAP_SUCCESS ) return rc;
/* get and store componentFilterMatch */
type.bv_val = mr_name;
type.bv_len = strlen ( mr_name);
aa_table[index].aa_mr = mr_bvfind ( &type );
/* get and store a component filter */
type.bv_val = component_filter;
type.bv_len = strlen ( component_filter );
rc = get_comp_filter( NULL, &type, &aa_table[index].aa_cf,(char**)text);
aa_table[index].aa_cf_str = component_filter;
return rc;
}
/*
* Initialize attribute aliasing table when this module is loaded
* add_aa_entry ( index for the global table,
* name of the aliasing attribute,
* component filter with filling value parts "xxx"
* )
* "xxx" will be replaced with effective values later.
* See RFC3687 to understand the content of a component filter.
*/
char* pre_processed_comp_filter[] = {
/*1*/"item:{ component \"tbsCertificate.issuer.rdnSequence\", rule distinguishedNameMatch, value xxx }",
/*2*/"item:{ component \"tbsCertificate.serialNumber\", rule integerMatch, value xxx }",
/*3*/"and:{ item:{ component \"tbsCertificate.serialNumber\", rule integerMatch, value xxx }, item:{ component \"tbsCertificate.issuer.rdnSequence\", rule distinguishedNameMatch, value xxx } }"
};
static int
init_attribute_aliasing_table ()
{
int rc;
int index = 0 ;
rc = add_aa_entry ( index, "x509CertificateIssuer", "userCertificate","componentFilterMatch", pre_processed_comp_filter[index] );
if ( rc != LDAP_SUCCESS ) return LDAP_PARAM_ERROR;
index++;
rc = add_aa_entry ( index, "x509CertificateSerial","userCertificate", "componentFilterMatch", pre_processed_comp_filter[index] );
if ( rc != LDAP_SUCCESS ) return LDAP_PARAM_ERROR;
index++;
rc = add_aa_entry ( index, "x509CertificateSerialAndIssuer", "userCertificate", "componentFilterMatch", pre_processed_comp_filter[index] );
if ( rc != LDAP_SUCCESS ) return LDAP_PARAM_ERROR;
index++;
return LDAP_SUCCESS;
}
MatchingRule*
retrieve_matching_rule( char* mr_oid, AsnTypeId type ) {
char* tmp;
@ -54,65 +144,6 @@ retrieve_matching_rule( char* mr_oid, AsnTypeId type ) {
return (MatchingRule*)NULL;
}
OD_entry*
retrieve_oid_decoder_table ( char* oid ) {
OD_entry* curr_entry;
for ( curr_entry = gOD_table ; curr_entry != NULL ;
curr_entry = curr_entry->oe_next ) {
if ( strcmp ( curr_entry->oe_oid , oid ) == 0 )
return curr_entry;
}
return (OD_entry*) NULL;
}
int
add_OD_entry ( char* oid, gser_decoder_func* gser_decoder ,
ber_decoder_func ber_decoder, converter_func* converter ) {
OD_entry* new_entry;
if ( !gOD_table ) {
gOD_table = new_entry = (OD_entry*) malloc( sizeof ( OD_entry ) );
gOD_table->oe_next = NULL;
gOD_table->oe_prev = NULL;
}
else {
new_entry = (OD_entry*) malloc( sizeof ( OD_entry ) );
if ( !new_entry ) return -1;
gOD_table->oe_prev = new_entry;
new_entry->oe_next = gOD_table;
new_entry->oe_prev = NULL;
gOD_table = new_entry;
}
strcpy ( new_entry->oe_oid ,oid );
new_entry->oe_gser_decoder = gser_decoder;
new_entry->oe_ber_decoder = ber_decoder;
new_entry->oe_converter = converter;
return 1;
}
int
remove_OD_entry ( char* oid ) {
OD_entry* curr_entry;
for ( curr_entry = gOD_table ; curr_entry != NULL ;
curr_entry = curr_entry->oe_next ) {
if ( strcmp ( curr_entry->oe_oid , oid ) == 0 ) {
if ( !curr_entry->oe_next ) {
if ( curr_entry->oe_prev ) {
curr_entry->oe_prev->oe_next = NULL;
}
} else {
curr_entry->oe_prev->oe_next = curr_entry->oe_next;
curr_entry->oe_next->oe_prev = curr_entry->oe_prev;
}
free ( curr_entry );
return 1;
}
}
return -1;
}
void*
comp_convert_attr_to_comp LDAP_P (( Attribute* a, Syntax *syn, struct berval* bv ))
{
@ -123,15 +154,13 @@ comp_convert_attr_to_comp LDAP_P (( Attribute* a, Syntax *syn, struct berval* bv
char* oid = a->a_desc->ad_type->sat_atype.at_oid ;
GenBuf* b;
ExpBuf* buf;
OD_entry* od_entry;
OidDecoderMapping* odm;
/* look for the decoder registered for the given attribute */
od_entry = retrieve_oid_decoder_table ( oid );
if ( !od_entry || !od_entry->oe_ber_decoder ) return (void*)NULL;
if ( od_entry->oe_converter ) {
size = (*od_entry->oe_converter)( bv );
if ( size <= 0 ) return (void*)NULL;
}
odm = RetrieveOidDecoderMappingbyOid( oid, strlen(oid) );
if ( !odm || (!odm->BER_Decode && odm->GSER_Decode) )
return (void*)NULL;
buf = ExpBufAllocBuf();
ExpBuftoGenBuf( buf, &b );
@ -145,16 +174,20 @@ comp_convert_attr_to_comp LDAP_P (( Attribute* a, Syntax *syn, struct berval* bv
* The flag of Attribute will say something about it in the future
*/
if ( slap_syntax_is_ber ( syn ) ) {
rc =BDecComponentTop(od_entry->oe_ber_decoder, a->a_comp_data->cd_mem_op, b, 0,0, &component,&bytesDecoded,mode ) ;
#if 0
rc =BDecComponentTop(odm->BER_Decode, a->a_comp_data->cd_mem_op, b, 0,0, &component,&bytesDecoded,mode ) ;
#endif
rc = odm->BER_Decode ( a->a_comp_data->cd_mem_op,b,&component,&bytesDecoded, mode );
}
else {
rc = od_entry->oe_gser_decoder( a->a_comp_data->cd_mem_op, b, component,&bytesDecoded,mode);
rc = odm->GSER_Decode( a->a_comp_data->cd_mem_op, b, component,&bytesDecoded,mode);
}
ExpBufFreeBuf( buf );
if ( rc == -1 ) {
ShutdownNibbleMemLocal ( a->a_comp_data->cd_mem_op );
a->a_comp_data->cd_mem_op = NULL;
free ( a->a_comp_data );
a->a_comp_data = NULL;
return (void*)NULL;
}
else {
@ -225,7 +258,8 @@ int intToAscii( int value, char* buf ) {
int
comp_convert_asn_to_ldap ( MatchingRule* mr, ComponentSyntaxInfo* csi, struct berval* bv, int *allocated )
{
int value, rc;
int rc;
struct berval prettied;
Syntax* syn;
AsnTypetoSyntax* asn_to_syn =
@ -307,14 +341,16 @@ comp_convert_asn_to_ldap ( MatchingRule* mr, ComponentSyntaxInfo* csi, struct be
return LDAP_INVALID_SYNTAX;
*allocated = 1;
rc = ConvertRDNSequence2RFC2253( (irRDNSequence*)csi, bv );
return rc;
if ( rc != LDAP_SUCCESS ) return rc;
break;
case RelativeDistinguishedName :
/*rdnMatch*/
if( strncmp( mr->smr_mrule.mr_oid, RDN_MATCH_OID, strlen(RDN_MATCH_OID) ) != 0 )
return LDAP_INVALID_SYNTAX;
*allocated = 1;
rc = ConvertRDN2RFC2253((irRelativeDistinguishedName*)csi,bv);
return rc;
if ( rc != LDAP_SUCCESS ) return rc;
break;
case TelephoneNumber :
case FacsimileTelephoneNumber__telephoneNumber :
break;
@ -328,9 +364,22 @@ comp_convert_asn_to_ldap ( MatchingRule* mr, ComponentSyntaxInfo* csi, struct be
return LDAP_INVALID_SYNTAX;
}
if ( csi->csi_syntax && csi->csi_syntax->ssyn_validate ) {
if ( csi->csi_syntax->ssyn_validate(csi->csi_syntax, bv) != LDAP_SUCCESS )
return LDAP_INVALID_SYNTAX;
if ( csi->csi_syntax ) {
if ( csi->csi_syntax->ssyn_validate ) {
rc = csi->csi_syntax->ssyn_validate(csi->csi_syntax, bv);
if ( rc != LDAP_SUCCESS )
return LDAP_INVALID_SYNTAX;
}
if ( csi->csi_syntax->ssyn_pretty ) {
rc = csi->csi_syntax->ssyn_pretty(csi->csi_syntax, bv, &prettied , NULL );
if ( rc != LDAP_SUCCESS )
return LDAP_INVALID_SYNTAX;
#if 0
free ( bv->bv_val );/*potential memory leak?*/
#endif
bv->bv_val = prettied.bv_val;
bv->bv_len = prettied.bv_len;
}
}
return LDAP_SUCCESS;
@ -343,7 +392,8 @@ comp_convert_asn_to_ldap ( MatchingRule* mr, ComponentSyntaxInfo* csi, struct be
#define IS_TERMINAL_COMPREF(cr) (cr->cr_curr->ci_next == NULL)
int
comp_test_all_components (
void* mem_op,
void* attr_mem_op,
void* assert_mem_op,
ComponentSyntaxInfo *csi_attr,
ComponentAssertion* ca )
{
@ -353,40 +403,11 @@ comp_test_all_components (
struct berval *ca_val = &ca->ca_ma_value;
switch ( cr->cr_curr->ci_type ) {
case LDAP_COMPREF_IDENTIFIER:
case LDAP_COMPREF_FROM_BEGINNING:
case LDAP_COMPREF_FROM_END:
csi_temp = (ComponentSyntaxInfo*)csi_attr->csi_comp_desc->cd_extract_i( mem_op, cr, csi_attr );
if ( cr->cr_curr->ci_type == LDAP_COMPREF_ALL ) {
rc = comp_test_all_components ( mem_op, csi_temp, ca );
} else {
rc = comp_test_one_component( mem_op, csi_temp, ca );
}
break;
case LDAP_COMPREF_COUNT:
/* "count" component reference should be the last component id */
if ( IS_TERMINAL_COMPREF(cr) ) {
ComponentInt *k;
k = (ComponentInt*)CompAlloc( mem_op, sizeof(ComponentInt) );
k->comp_desc = CompAlloc( mem_op, sizeof( ComponentDesc ) );
k->comp_desc->cd_tag = 0;
k->comp_desc->cd_gser_decoder = (gser_decoder_func*)GDecComponentInt;
k->comp_desc->cd_ber_decoder = (ber_decoder_func*)BDecComponentInt;
k->comp_desc->cd_extract_i = (extract_component_from_id_func*)NULL;
k->comp_desc->cd_type = ASN_BASIC;
k->comp_desc->cd_type_id = BASICTYPE_INTEGER;
k->comp_desc->cd_all_match = (allcomponent_matching_func*)MatchingComponentInt;
k->value = AsnListCount(&((ComponentList*)csi_attr)->comp_list);
rc = comp_test_one_component( mem_op, k, ca );
} else {
rc = LDAP_INVALID_SYNTAX;
}
break;
case LDAP_COMPREF_ALL:
if ( IS_TERMINAL_COMPREF(cr) ) {
FOR_EACH_LIST_ELMT( comp_elmt, &((ComponentList*)csi_attr)->comp_list )
{
rc = comp_test_one_component( mem_op, comp_elmt, ca );
rc = comp_test_one_component( attr_mem_op, assert_mem_op, comp_elmt, ca );
if ( rc == LDAP_COMPARE_TRUE ) {
break;
}
@ -396,13 +417,8 @@ comp_test_all_components (
FOR_EACH_LIST_ELMT( comp_elmt, &((ComponentList*)csi_attr)->comp_list )
{
cr->cr_curr = start_compid;
csi_temp = comp_elmt->csi_comp_desc->cd_extract_i( mem_op, cr, comp_elmt );
if ( cr->cr_curr->ci_type == LDAP_COMPREF_ALL ) {
rc = comp_test_all_components ( mem_op, csi_temp, ca );
} else {
rc = comp_test_one_component ( mem_op, csi_temp, ca );
}
rc = comp_test_components ( attr_mem_op, assert_mem_op, comp_elmt, ca );
if ( rc == LDAP_COMPARE_TRUE ) {
break;
}
@ -413,6 +429,10 @@ comp_test_all_components (
case LDAP_COMPREF_SELECT:
case LDAP_COMPREF_DEFINED:
case LDAP_COMPREF_UNDEFINED:
case LDAP_COMPREF_IDENTIFIER:
case LDAP_COMPREF_FROM_BEGINNING:
case LDAP_COMPREF_FROM_END:
case LDAP_COMPREF_COUNT:
rc = LDAP_OPERATIONS_ERROR;
break;
default:
@ -430,109 +450,6 @@ eat_bv_whsp ( struct berval* in )
}
}
int
get_primitive_GSER_value ( struct berval* in )
{
int count, sequent_dquote, unclosed_brace, succeed;
char* ptr = in->bv_val;
char* end = in->bv_val + in->bv_len;
eat_bv_whsp( in );
/*
* Four cases of GSER <Values>
* 1) "..." :
* StringVal, GeneralizedTimeVal, UTCTimeVal, ObjectDescriptorVal
* 2) '...'B or '...'H :
* BitStringVal, OctetStringVal
* 3) {...} :
* SEQUENCE, SEQUENCEOF, SETOF, SET, CHOICE, BIT STRING(bit list)
* 4) Between two white spaces
* INTEGER, BOOLEAN, NULL,ENUMERATE, REAL
*/
if ( in->bv_len <= 0 )
return LDAP_INVALID_SYNTAX;
succeed = 0;
if ( ptr[0] == '"' ) {
for( count = 1, sequent_dquote = 0 ; ; count++ ) {
/* In order to find escaped double quote */
if ( ptr[count] == '"' ) sequent_dquote++;
else sequent_dquote = 0;
if ( ptr[count] == '\0' || (ptr + count) > end ) {
break;
}
if ( ( ptr[count] == '"' && ptr[count-1] != '"') ||
( sequent_dquote > 2 && (sequent_dquote%2) == 1 ) ) {
succeed = 1;
break;
}
}
if ( !succeed || ptr[count] != '"' )
return LDAP_FILTER_ERROR;
in->bv_val = ptr+1; /*the next to '"'*/
in->bv_len = count - 1; /* exclude '"' */
}
else if ( ptr[0] == '\'' ) {
for( count = 1 ; ; count++ ) {
if ( ptr[count] == '\0' || (ptr+count) > end ) {
break;
}
if ((ptr[count-1] == '\'' && ptr[count] == 'B')||
(ptr[count-1] == '\'' && ptr[count] == 'H') ) {
succeed = 1;
break;
}
}
if ( !succeed || !(ptr[count] == 'H' || ptr[count] == 'B') )
return LDAP_FILTER_ERROR;
in->bv_val = ptr+1; /* the next to '"' */
in->bv_len = count - 2; /* exclude "'H" or "'B" */
}
else if ( ptr[0] == '{' ) {
for( count = 1, unclosed_brace = 1 ; ; count++ ) {
if ( ptr[count] == '{' ) unclosed_brace++;
if ( ptr[count] == '}' ) unclosed_brace--;
if ( ptr[count] == '\0' || (ptr+count) > end )
break;
if ( unclosed_brace == 0 ) {
succeed = 1;
break;
}
}
if ( !succeed || ptr[count] != '}' )
return LDAP_FILTER_ERROR;
in->bv_val = ptr+1; /*the next to '"'*/
in->bv_len = count - 1; /* exclude '"' */
}
else {
/*Find following white space where the value is ended*/
for( count = 1 ; ; count++ ) {
if ( ptr[count] == '\0' || ptr[count] == ' ' ||
(ptr+count) >end ) {
break;
}
}
if ( ptr[count] != ' ' )
return LDAP_FILTER_ERROR;
in->bv_val = ptr; /*the next to '"'*/
in->bv_len = count; /* exclude '"' */
}
return LDAP_SUCCESS;
}
/*
* Perform matching one referenced component against assertion
* If the matching rule in a component filter is allComponentsMatch
@ -543,7 +460,8 @@ get_primitive_GSER_value ( struct berval* in )
*/
int
comp_test_one_component (
void* mem_op,
void* attr_mem_op,
void* assert_mem_op,
ComponentSyntaxInfo *csi_attr,
ComponentAssertion *ca )
{
@ -555,7 +473,7 @@ comp_test_one_component (
if ( mr->smr_usage & SLAP_MR_COMPONENT ) {
/* If allComponentsMatch or its derivatives */
if ( !ca->ca_comp_data.cd_tree ) {
comp_convert_assert_to_comp( mem_op, csi_attr, &ca->ca_ma_value, &csi_assert, &len, DEC_ALLOC_MODE_0 );
comp_convert_assert_to_comp( assert_mem_op, csi_attr, &ca->ca_ma_value, &csi_assert, &len, DEC_ALLOC_MODE_0 );
ca->ca_comp_data.cd_tree = (void*)csi_assert;
} else {
csi_assert = ca->ca_comp_data.cd_tree;
@ -575,32 +493,173 @@ comp_test_one_component (
} else {
/* LDAP existing matching rules */
struct berval attr_bv = BER_BVNULL;
struct berval n_attr_bv = BER_BVNULL;
struct berval* assert_bv = &ca->ca_ma_value;
int allocated = 0;
/*Attribute is converted to compatible LDAP encodings*/
if ( comp_convert_asn_to_ldap( mr, csi_attr, &attr_bv, &allocated ) != LDAP_SUCCESS )
return LDAP_INAPPROPRIATE_MATCHING;
/* extracted component value is not normalized */
if ( ca->ca_ma_rule->smr_normalize ) {
rc = ca->ca_ma_rule->smr_normalize (
SLAP_MR_VALUE_OF_ASSERTION_SYNTAX,
NULL, ca->ca_ma_rule,
&attr_bv, &n_attr_bv, NULL );
if ( rc != LDAP_SUCCESS )
return rc;
if ( allocated && attr_bv.bv_val )
free (attr_bv.bv_val);
} else {
n_attr_bv = attr_bv;
}
#if 0
/*Assertion value is validated by MR's syntax*/
if ( !ca->ca_comp_data.cd_tree ) {
if ( get_primitive_GSER_value( assert_bv ) != LDAP_SUCCESS )
return LDAP_INVALID_SYNTAX;
assert_bv->bv_val[assert_bv->bv_len] = '\0';
if ( mr->smr_syntax->ssyn_validate( mr->smr_syntax, assert_bv ) != LDAP_SUCCESS ) {
return LDAP_INVALID_SYNTAX;
}
ca->ca_comp_data.cd_tree = assert_bv;
}
else {
assert_bv = ca->ca_comp_data.cd_tree;
}
rc = csi_value_match( mr, &attr_bv, assert_bv );
if ( allocated ) free (attr_bv.bv_val);
#endif
rc = csi_value_match( mr, &n_attr_bv, assert_bv );
if ( n_attr_bv.bv_val )
free ( n_attr_bv.bv_val );
return rc;
}
}
int
comp_test_components( void* attr_nm, void* assert_nm, ComponentSyntaxInfo* csi_attr, ComponentAssertion* ca) {
char* peek_head;
int mode, bytesDecoded = 0, rc;
GenBuf* b;
ExpBuf* buf;
OidDecoderMapping* odm;
struct berval bv;
char oid[MAX_OID_LEN];
void* contained_comp, *anytype_comp;
ComponentReference* cr = ca->ca_comp_ref;
/* Extracting the component refrenced by ca->ca_comp_ref */
csi_attr = (ComponentSyntaxInfo*)csi_attr->csi_comp_desc->cd_extract_i( attr_nm, cr, csi_attr );
if ( !csi_attr ) return LDAP_INVALID_SYNTAX;
/* perform matching, considering the type of a Component Reference(CR)*/
switch( cr->cr_curr->ci_type ) {
case LDAP_COMPREF_IDENTIFIER:
case LDAP_COMPREF_FROM_BEGINNING:
case LDAP_COMPREF_FROM_END:
case LDAP_COMPREF_COUNT:
/*
* Exactly one component is referenced
* Fast Path for matching for this case
*/
rc = comp_test_one_component ( attr_nm, assert_nm, csi_attr, ca );
break;
case LDAP_COMPREF_ALL:
/*
* If <all> type CR is used
* more than one component will be tested
*/
rc = comp_test_all_components ( attr_nm, assert_nm, csi_attr, ca );
break;
case LDAP_COMPREF_CONTENT:
/*
* <content> type CR is used
* check if it is followed by <select> type CR.
* 1) If so, look up the corresponding decoder in the mapping
* table(OID to decoder) by <select>
* and then decode the OCTET/BIT STRING with the decoder
* Finially, extreact the target component with the remaining CR.
* 2) If not, just return the current component, It SHOULD not be
* extracted further, because the component MUST be BIT/OCTET
* string.
*/
cr->cr_curr = cr->cr_curr->ci_next;
if ( !cr->cr_curr ) {
/* case 2) in above description */
rc = comp_test_one_component ( attr_nm, assert_nm, csi_attr, ca );
break;
}
if ( cr->cr_curr->ci_type == LDAP_COMPREF_SELECT ) {
/* Look up OID mapping table */
odm = RetrieveOidDecoderMappingbyBV( &cr->cr_curr->ci_val.ci_select_value );
if ( !odm || !odm->BER_Decode )
return LDAP_PROTOCOL_ERROR;
/* current componet MUST be either BIT or OCTET STRING */
if ( csi_attr->csi_comp_desc->cd_type_id != BASICTYPE_BITSTRING ) {
bv.bv_val = ((ComponentBits*)csi_attr)->value.bits;
bv.bv_len = ((ComponentBits*)csi_attr)->value.bitLen;
}
else if ( csi_attr->csi_comp_desc->cd_type_id != BASICTYPE_BITSTRING ) {
bv.bv_val = ((ComponentOcts*)csi_attr)->value.octs;
bv.bv_len = ((ComponentOcts*)csi_attr)->value.octetLen;
}
else
return LDAP_PROTOCOL_ERROR;
buf = ExpBufAllocBuf();
ExpBuftoGenBuf( buf, &b );
ExpBufInstallDataInBuf ( buf, bv.bv_val, bv.bv_len );
BufResetInReadMode( b );
mode = DEC_ALLOC_MODE_2;
/* Try to decode with BER/DER decoder */
#if 0
rc =BDecComponentTop( odm->BER_Decode, attr_nm, b, 0,0, &contained_comp,&bytesDecoded, mode );
#endif
rc = odm->BER_Decode ( attr_nm,b,&contained_comp,&bytesDecoded, mode );
#if 0
if ( rc != LDAP_SUCCESS ) {
/* If fails with BER/DER decoder, try with GSER */
bytesDecoded = 0;
BufResetInReadMode( b );
rc = odm->GSER_decoder( attr_nm, b, contained_comp, &bytesDecoded, mode);
}
#endif
ExpBufFreeBuf( buf );
if ( rc != LDAP_SUCCESS ) return LDAP_PROTOCOL_ERROR;
/* xxx.content.(x.xy.xyz).rfc822Name */
/* In the aboe Ex. move CR to the right to (x.xy.xyz)*/
cr->cr_curr = cr->cr_curr->ci_next;
if (!cr->cr_curr )
rc = comp_test_one_component ( attr_nm, assert_nm, csi_attr, ca );
else
rc = comp_test_components( attr_nm, assert_nm, contained_comp, ca );
}
else {
/* Ivalid Component reference */
rc = LDAP_PROTOCOL_ERROR;
}
break;
case LDAP_COMPREF_SELECT:
if (csi_attr->csi_comp_desc->cd_type_id != BASICTYPE_ANY )
return LDAP_INVALID_SYNTAX;
rc = CheckSelectTypeCorrect( attr_nm, ((ComponentAny*)csi_attr)->cai, &cr->cr_curr->ci_val.ci_select_value );
if ( rc < 0 ) return LDAP_INVALID_SYNTAX;
/* point to the real component, not any type component */
csi_attr = ((ComponentAny*)csi_attr)->value;
cr->cr_curr = cr->cr_curr->ci_next;
if ( cr->cr_curr )
rc = comp_test_components( attr_nm, assert_nm, csi_attr, ca);
else
rc = comp_test_one_component( attr_nm, assert_nm, csi_attr, ca);
break;
default:
rc = LDAP_INVALID_SYNTAX;
}
return rc;
}
void*
comp_nibble_memory_allocator ( int init_mem, int inc_mem ) {
void* nm;
@ -622,10 +681,10 @@ extern convert_attr_to_comp_func* attr_converter;
extern convert_assert_to_comp_func* assert_converter;
extern convert_asn_to_ldap_func* csi_converter;
extern free_component_func* component_destructor;
extern test_component_func* test_one_component;
extern test_component_func* test_all_components;
extern test_component_func* test_components;
extern alloc_nibble_func* nibble_mem_allocator;
extern free_nibble_func* nibble_mem_free;
extern test_membership_func* is_aliased_attribute;
int init_module(int argc, char *argv[]) {
@ -635,16 +694,18 @@ int init_module(int argc, char *argv[]) {
attr_converter = comp_convert_attr_to_comp;
assert_converter = comp_convert_assert_to_comp;
component_destructor = comp_free_component;
test_one_component = comp_test_one_component;
test_all_components = comp_test_all_components;
test_components = comp_test_components;
nibble_mem_allocator = comp_nibble_memory_allocator;
nibble_mem_free = comp_nibble_memory_free;
is_aliased_attribute = (test_membership_func*)comp_is_aliased_attribute;
/* file path needs to be */
load_derived_matching_rule ("derived_mr.cfg");
/* the initialization for example X.509 certificate */
init_module_AuthenticationFramework();
init_module_AuthorityKeyIdentifierDefinition();
init_attribute_aliasing_table ();
return 0;
}

26
servers/slapd/attr.c
View file

@ -40,24 +40,32 @@
#include "slap.h"
#ifdef LDAP_COMP_MATCH
extern free_component_func* component_destructor;
#endif
void
attr_free( Attribute *a )
{
if ( a->a_nvals && a->a_nvals != a->a_vals )
ber_bvarray_free( a->a_nvals );
ber_bvarray_free( a->a_vals );
#ifdef LDAP_COMP_MATCH
if ( component_destructor && a->a_comp_data && a->a_comp_data->cd_mem_op ) {
component_destructor( a->a_comp_data->cd_mem_op );
free ( a->a_comp_data );
}
#endif
free( a );
}
#ifdef LDAP_COMP_MATCH
void
comp_tree_free( Attribute *a )
{
Attribute *next;
for( ; a != NULL ; a = next ) {
next = a->a_next;
if ( component_destructor && a->a_comp_data &&
a->a_comp_data->cd_mem_op ) {
component_destructor( a->a_comp_data->cd_mem_op );
free ( a->a_comp_data );
}
}
}
#endif
void
attrs_free( Attribute *a )
{

3
servers/slapd/back-bdb/id2entry.c
View file

@ -168,6 +168,9 @@ int bdb_entry_return(
* is when an entry has been modified, in which case we also need
* to free e_attrs.
*/
#ifdef LDAP_COMP_MATCH
comp_tree_free( e->e_attrs );
#endif
if( !e->e_bv.bv_val ) { /* A regular entry, from do_add */
entry_free( e );
return 0;

364
servers/slapd/component.c
View file

@ -29,7 +29,7 @@
#include "component.h"
/*
* This three function pointers are initialized
* Following function pointers are initialized
* when a component module is loaded
*/
alloc_nibble_func* nibble_mem_allocator = NULL;
@ -37,8 +37,8 @@ free_nibble_func* nibble_mem_free = NULL;
convert_attr_to_comp_func* attr_converter = NULL ;
convert_assert_to_comp_func* assert_converter = NULL ;
free_component_func* component_destructor = NULL ;
test_component_func* test_one_component = NULL;
test_component_func* test_all_components = NULL;
test_component_func* test_components = NULL;
test_membership_func* is_aliased_attribute = NULL;
#define OID_ALL_COMP_MATCH "1.2.36.79672281.1.13.6"
#define OID_COMP_FILTER_MATCH "1.2.36.79672281.1.13.2"
@ -149,7 +149,7 @@ allComponentsMatch(
}
static int
slapd_ber2cav( struct berval* bv, ComponentAssertionValue* cav)
slapd_ber2cav( struct berval* bv, ComponentAssertionValue* cav )
{
int len;
@ -159,6 +159,168 @@ slapd_ber2cav( struct berval* bv, ComponentAssertionValue* cav)
return LDAP_SUCCESS;
}
static ComponentReference*
dup_comp_ref ( Operation* op, ComponentReference* cr )
{
int rc, count = 0;
ComponentReference* dup_cr;
ComponentId* ci_curr;
ComponentId** ci_temp;
ber_int_t type;
dup_cr = op->o_tmpalloc( sizeof( ComponentReference ), op->o_tmpmemctx );
dup_cr->cr_len = cr->cr_len;
dup_cr->cr_string = cr->cr_string;
ci_temp = &dup_cr->cr_list;
ci_curr = cr->cr_list;
for ( ; ci_curr ; ci_curr = ci_curr->ci_next, ci_temp = &(*ci_temp)->ci_next ) {
*ci_temp = op->o_tmpalloc( sizeof( ComponentId ), op->o_tmpmemctx );
if ( !ci_temp ) return NULL;
**ci_temp = *ci_curr;
}
dup_cr->cr_curr = dup_cr->cr_list;
return dup_cr;
}
static int
dup_comp_filter_list (
Operation *op,
struct berval *bv,
ComponentFilter* in_f,
ComponentFilter** out_f )
{
ComponentFilter **new, *f;
int rc;
new = out_f;
for ( f = in_f; f != NULL; f = f->cf_next ) {
rc = dup_comp_filter( op, bv, f, new );
if ( rc != LDAP_SUCCESS ) {
return rc;
}
new = &(*new)->cf_next;
}
return LDAP_SUCCESS;
}
int
get_len_of_next_assert_value ( struct berval* bv, char separator )
{
int i = 0;
while (1) {
if ( (bv->bv_val[ i ] == separator) || ( i >= bv->bv_len) )
break;
i++;
}
bv->bv_val += (i + 1);
bv->bv_len -= (i + 1);
return i;
}
int
dup_comp_filter_item (
Operation *op,
struct berval* assert_bv,
ComponentAssertion* in_ca,
ComponentAssertion** out_ca )
{
ComponentAssertion* ca;
int len;
if ( !in_ca->ca_comp_ref )
return SLAPD_DISCONNECT;
*out_ca = op->o_tmpalloc( sizeof( ComponentAssertion ), op->o_tmpmemctx );
if ( !(*out_ca) )
return LDAP_NO_MEMORY;
(*out_ca)->ca_comp_data.cd_tree = NULL;
(*out_ca)->ca_comp_data.cd_mem_op = NULL;
(*out_ca)->ca_comp_ref = dup_comp_ref ( op, in_ca->ca_comp_ref );
(*out_ca)->ca_use_def = 0;
(*out_ca)->ca_ma_rule = in_ca->ca_ma_rule;
(*out_ca)->ca_ma_value.bv_val = assert_bv->bv_val;
len = get_len_of_next_assert_value ( assert_bv, '$' );
if ( len <= 0 )
return SLAPD_DISCONNECT;
(*out_ca)->ca_ma_value.bv_len = len;
return LDAP_SUCCESS;
}
int
dup_comp_filter (
Operation* op,
struct berval *bv,
ComponentFilter *in_f,
ComponentFilter **out_f )
{
int rc;
ComponentFilter dup_f;
bzero( &dup_f, sizeof(dup_f));
if ( !in_f ) return LDAP_PROTOCOL_ERROR;
switch ( in_f->cf_choice ) {
case LDAP_COMP_FILTER_AND:
rc = dup_comp_filter_list( op, bv, in_f->cf_and, &dup_f.cf_and);
dup_f.cf_choice = LDAP_COMP_FILTER_AND;
break;
case LDAP_COMP_FILTER_OR:
rc = dup_comp_filter_list( op, bv, in_f->cf_or, &dup_f.cf_or);
dup_f.cf_choice = LDAP_COMP_FILTER_OR;
break;
case LDAP_COMP_FILTER_NOT:
rc = dup_comp_filter( op, bv, in_f->cf_not, &dup_f.cf_not);
dup_f.cf_choice = LDAP_COMP_FILTER_NOT;
break;
case LDAP_COMP_FILTER_ITEM:
rc = dup_comp_filter_item( op, bv, in_f->cf_ca ,&dup_f.cf_ca );
dup_f.cf_choice = LDAP_COMP_FILTER_ITEM;
break;
default:
rc = LDAP_PROTOCOL_ERROR;
}
if ( rc == LDAP_SUCCESS ) {
*out_f = op->o_tmpalloc( sizeof(dup_f), op->o_tmpmemctx );
**out_f = dup_f;
}
return( rc );
}
int
get_aliased_filter ( Operation* op, MatchingRuleAssertion* ma, AttributeAliasing* aa, const char** text )
{
int rc;
struct berval assert_bv;
ComponentAssertion* ca;
Debug( LDAP_DEBUG_FILTER, "get_aliased_filter\n", 0, 0, 0 );
if ( !aa->aa_cf ) return LDAP_PROTOCOL_ERROR;
assert_bv = ma->ma_value;
/* Attribute Description is replaced with aliased one */
ma->ma_desc = aa->aa_aliased_ad;
ma->ma_rule = aa->aa_mr;
/*
* Duplicate aa->aa_cf to ma->ma_cf by replacing the
* the component assertion value in assert_bv
* Multiple values may be separated with '$'
*/
rc = dup_comp_filter ( op, &assert_bv, aa->aa_cf, &ma->ma_cf );
}
int
get_comp_filter( Operation* op, struct berval* bv, ComponentFilter** filt,
const char **text )
@ -292,11 +454,11 @@ get_componentId( Operation *op, ComponentAssertionValue* cav,
if ( cav->cav_ptr[len] != '(' )
return LDAP_COMPREF_UNDEFINED;
for( ;cav->cav_ptr[len] != ' ' && cav->cav_ptr[len] != '\0' &&
cav->cav_ptr[len] != '.' && cav->cav_ptr[len] != '\"' &&
cav->cav_ptr[len] != ')' ; len++ );
cav->cav_ptr[len] != '\"' && cav->cav_ptr[len] != ')'
; len++ );
_cid.ci_val.ci_select_value.bv_val = cav->cav_ptr + 1;
_cid.ci_val.ci_select_value.bv_len = len - 1 ;
cav->cav_ptr += len;
cav->cav_ptr += len + 1;
break;
case LDAP_COMPREF_ALL :
_cid.ci_val.ci_all = '*';
@ -306,7 +468,10 @@ get_componentId( Operation *op, ComponentAssertionValue* cav,
return LDAP_COMPREF_UNDEFINED;
}
*cid = op->o_tmpalloc( sizeof( ComponentId ), op->o_tmpmemctx );
if ( op )
*cid = op->o_tmpalloc( sizeof( ComponentId ), op->o_tmpmemctx );
else
*cid = malloc( sizeof( ComponentId ) );
**cid = _cid;
return LDAP_SUCCESS;
}
@ -321,8 +486,6 @@ peek_componentId_type( ComponentAssertionValue* cav )
return LDAP_COMPREF_SELECT;
else if ( cav->cav_ptr[0] == '*' )
return LDAP_COMPREF_ALL;
else if ( strncmp(cav->cav_ptr,"all",3) == 0 )
return LDAP_COMPREF_ALL;
else if ( cav->cav_ptr[0] == '0' )
return LDAP_COMPREF_COUNT;
else if ( cav->cav_ptr[0] > '0' && cav->cav_ptr[0] <= '9' )
@ -353,7 +516,7 @@ static int
get_component_reference( Operation *op, ComponentAssertionValue* cav,
ComponentReference** cr, const char** text )
{
int rc,count=0;
int rc, count = 0;
ber_int_t type;
ComponentReference* ca_comp_ref;
ComponentId** cr_list;
@ -363,8 +526,12 @@ get_component_reference( Operation *op, ComponentAssertionValue* cav,
if ( ( rc = strip_cav_str( cav,"\"") ) != LDAP_SUCCESS )
return rc;
ca_comp_ref =
op->o_tmpalloc( sizeof( ComponentReference ), op->o_tmpmemctx );
if ( op )
ca_comp_ref = op->o_tmpalloc( sizeof( ComponentReference ), op->o_tmpmemctx );
else
ca_comp_ref = malloc( sizeof( ComponentReference ) );
if ( !ca_comp_ref ) return LDAP_NO_MEMORY;
cr_list = &ca_comp_ref->cr_list;
@ -381,7 +548,10 @@ get_component_reference( Operation *op, ComponentAssertionValue* cav,
ca_comp_ref->cr_len = count;
if ( ( rc = strip_cav_str( cav,"\"") ) != LDAP_SUCCESS ) {
op->o_tmpfree( ca_comp_ref , op->o_tmpmemctx );
if ( op )
op->o_tmpfree( ca_comp_ref , op->o_tmpmemctx );
else
free( ca_comp_ref );
return rc;
}
@ -389,7 +559,10 @@ get_component_reference( Operation *op, ComponentAssertionValue* cav,
*cr = ca_comp_ref;
**cr = *ca_comp_ref;
}
else op->o_tmpfree( ca_comp_ref , op->o_tmpmemctx );
else if ( op )
op->o_tmpfree( ca_comp_ref , op->o_tmpmemctx );
else
free( ca_comp_ref ) ;
return rc;
}
@ -480,6 +653,12 @@ get_GSER_value( ComponentAssertionValue* cav, struct berval* bv )
break;
}
}
if ( !succeed || cav->cav_ptr[count] != '"' )
return LDAP_FILTER_ERROR;
bv->bv_val = cav->cav_ptr + 1;
bv->bv_len = count - 1; /* exclude '"' */
}
else if ( cav->cav_ptr[0] == '\'' ) {
for( count = 1 ; ; count++ ) {
@ -492,6 +671,12 @@ get_GSER_value( ComponentAssertionValue* cav, struct berval* bv )
break;
}
}
if ( !succeed || !(cav->cav_ptr[count] == 'H' || cav->cav_ptr[count] == 'B') )
return LDAP_FILTER_ERROR;
bv->bv_val = cav->cav_ptr + 1;/*the next to '"' */
bv->bv_len = count - 2;/* exclude "'H" or "'B" */
}
else if ( cav->cav_ptr[0] == '{' ) {
@ -506,6 +691,12 @@ get_GSER_value( ComponentAssertionValue* cav, struct berval* bv )
break;
}
}
if ( !succeed || cav->cav_ptr[count] != '}' )
return LDAP_FILTER_ERROR;
bv->bv_val = cav->cav_ptr + 1;/*the next to '"' */
bv->bv_len = count - 1;/* exclude "'B" */
}
else {
succeed = 1;
@ -515,13 +706,12 @@ get_GSER_value( ComponentAssertionValue* cav, struct berval* bv )
break;
}
}
bv->bv_val = cav->cav_ptr;
bv->bv_len = count;
}
if ( !succeed ) return LDAP_FILTER_ERROR;
cav->cav_ptr += bv->bv_len;
bv->bv_val = cav->cav_ptr;
bv->bv_len = count ;
cav->cav_ptr += count;
return LDAP_SUCCESS;
}
@ -611,9 +801,17 @@ get_item( Operation *op, ComponentAssertionValue* cav, ComponentAssertion** ca,
{
int rc;
ComponentAssertion* _ca;
struct berval t_bv;
struct berval value;
MatchingRule* mr;
Debug( LDAP_DEBUG_FILTER, "get_item: %s\n", 0, 0, 0 );
_ca = op->o_tmpalloc( sizeof( ComponentAssertion ), op->o_tmpmemctx );
Debug( LDAP_DEBUG_FILTER, "get_item \n", 0, 0, 0 );
if ( op )
_ca = op->o_tmpalloc( sizeof( ComponentAssertion ), op->o_tmpmemctx );
else
_ca = malloc( sizeof( ComponentAssertion ) );
if ( !_ca ) return LDAP_NO_MEMORY;
_ca->ca_comp_data.cd_tree = NULL;
_ca->ca_comp_data.cd_mem_op = NULL;
@ -623,9 +821,11 @@ get_item( Operation *op, ComponentAssertionValue* cav, ComponentAssertion** ca,
strip_cav_str( cav, "component" );
rc = get_component_reference( op, cav, &_ca->ca_comp_ref, text );
if ( rc != LDAP_SUCCESS ) {
rc = LDAP_INVALID_SYNTAX;
op->o_tmpfree( _ca, op->o_tmpmemctx );
return rc;
if ( op )
op->o_tmpfree( _ca, op->o_tmpmemctx );
else
free( _ca );
return LDAP_INVALID_SYNTAX;
}
}
@ -636,9 +836,11 @@ get_item( Operation *op, ComponentAssertionValue* cav, ComponentAssertion** ca,
if ( rc == LDAP_SUCCESS ) {
rc = get_ca_use_default( op, cav, &_ca->ca_use_def, text );
if ( rc != LDAP_SUCCESS ) {
rc = LDAP_INVALID_SYNTAX;
op->o_tmpfree( _ca, op->o_tmpmemctx );
return rc;
if ( op )
op->o_tmpfree( _ca, op->o_tmpmemctx );
else
free( _ca );
return LDAP_INVALID_SYNTAX;
}
if ( ( rc = strip_cav_str( cav,",") ) != LDAP_SUCCESS )
return rc;
@ -647,20 +849,49 @@ get_item( Operation *op, ComponentAssertionValue* cav, ComponentAssertion** ca,
if ( !( strip_cav_str( cav, "rule" ) == LDAP_SUCCESS &&
get_matching_rule( op, cav , &_ca->ca_ma_rule, text ) == LDAP_SUCCESS )) {
rc = LDAP_INAPPROPRIATE_MATCHING;
op->o_tmpfree( _ca, op->o_tmpmemctx );
return rc;
if ( op )
op->o_tmpfree( _ca, op->o_tmpmemctx );
else
free( _ca );
return LDAP_INAPPROPRIATE_MATCHING;
}
if ( ( rc = strip_cav_str( cav,",") ) != LDAP_SUCCESS )
return rc;
if ( !(strip_cav_str( cav, "value" ) == LDAP_SUCCESS &&
get_matching_value( op, _ca, cav, &_ca->ca_ma_value,text ) == LDAP_SUCCESS )) {
rc = LDAP_INVALID_SYNTAX;
op->o_tmpfree( _ca, op->o_tmpmemctx );
return rc;
get_matching_value( op, _ca, cav,&value ,text ) == LDAP_SUCCESS )) {
if ( op )
op->o_tmpfree( _ca, op->o_tmpmemctx );
else
free( _ca );
return LDAP_INVALID_SYNTAX;
}
/*
* Normalize the value of this component assertion when the matching
* rule is one of existing matching rules
*/
mr = _ca->ca_ma_rule;
if ( op && !(mr->smr_usage & (SLAP_MR_COMPONENT)) && mr->smr_normalize ) {
value.bv_val[value.bv_len] = '\0';
rc = mr->smr_normalize (
SLAP_MR_VALUE_OF_ASSERTION_SYNTAX,
NULL, mr,
&value, &_ca->ca_ma_value, op->o_tmpmemctx );
if ( rc != LDAP_SUCCESS )
return rc;
}
else
_ca->ca_ma_value = value;
/*
* Validate the value of this component assertion
*/
if ( op && mr->smr_syntax->ssyn_validate( mr->smr_syntax, &_ca->ca_ma_value) != LDAP_SUCCESS ) {
return LDAP_INVALID_SYNTAX;
}
/* componentFilterMatch contains componentFilterMatch in it */
if ( strcmp(_ca->ca_ma_rule->smr_mrule.mr_oid, OID_COMP_FILTER_MATCH ) == 0) {
struct berval bv;
@ -668,7 +899,10 @@ get_item( Operation *op, ComponentAssertionValue* cav, ComponentAssertion** ca,
bv.bv_len = cav_cur_len( cav );
rc = get_comp_filter( op, &bv,(ComponentFilter**)&_ca->ca_cf, text );
if ( rc != LDAP_SUCCESS ) {
op->o_tmpfree( _ca, op->o_tmpmemctx );
if ( op )
op->o_tmpfree( _ca, op->o_tmpmemctx );
else
free( _ca );
return rc;
}
cav->cav_ptr = bv.bv_val;
@ -781,18 +1015,20 @@ parse_comp_filter( Operation* op, ComponentAssertionValue* cav,
break;
}
if ( err != LDAP_SUCCESS && err != SLAPD_DISCONNECT ) {
*text = "Component Filter Syntax Error";
return err;
}
if ( tag != LDAP_COMP_FILTER_NOT )
strip_cav_str( cav, "}");
if ( err != LDAP_SUCCESS && err != SLAPD_DISCONNECT ) {
*text = NULL;
f.cf_choice = SLAPD_FILTER_COMPUTED;
f.cf_result = SLAPD_COMPARE_UNDEFINED;
err = LDAP_SUCCESS;
}
if ( err == LDAP_SUCCESS ) {
*filt = op->o_tmpalloc( sizeof(f), op->o_tmpmemctx );
if ( op ) {
*filt = op->o_tmpalloc( sizeof(f), op->o_tmpmemctx );
} else {
*filt = malloc( sizeof(f) );
}
**filt = f;
}
@ -901,50 +1137,33 @@ test_comp_filter_item(
}
if ( a->a_comp_data->cd_tree == NULL ) {
nibble_mem_free( a->a_comp_data->cd_mem_op );
free ( a->a_comp_data );
a->a_comp_data = NULL;
return LDAP_PROTOCOL_ERROR;
}
/* Memory for storing will-be-extracted attribute values */
attr_nm = nibble_mem_allocator ( 256, 64 );
attr_nm = nibble_mem_allocator ( 1024*4 , 1024 );
if ( !attr_nm )return LDAP_PROTOCOL_ERROR;
/* component reference initialization */
ca->ca_comp_ref->cr_curr = ca->ca_comp_ref->cr_list;
/* load component containg the referenced component */
csi_attr = (((ComponentSyntaxInfo*)a->a_comp_data->cd_tree)->csi_comp_desc->cd_extract_i)( attr_nm, ca->ca_comp_ref, a->a_comp_data->cd_tree );
if ( !csi_attr )
return LDAP_PROTOCOL_ERROR;
/* Memory for storing component assertion values */
if( !ca->ca_comp_data.cd_mem_op ) {
assert_nm = nibble_mem_allocator ( 256, 64 );
if ( !assert_nm )
if ( !assert_nm ) {
nibble_mem_free ( attr_nm );
return LDAP_PROTOCOL_ERROR;
}
ca->ca_comp_data.cd_mem_op = assert_nm;
}
else {
assert_nm = ca->ca_comp_data.cd_mem_op;
}
/* perform matching */
if ( ca->ca_comp_ref->cr_curr->ci_type == LDAP_COMPREF_ALL ) {
/*
* If <all> type component referenced is used
* more than one component will be tested
*/
if ( test_all_components )
rc = test_all_components ( assert_nm, csi_attr, ca );
else
rc = LDAP_PROTOCOL_ERROR;
} else {
/*
* Exactly one component is referenced
* Fast Path for matching for this case
*/
if ( test_one_component )
rc = test_one_component ( assert_nm, csi_attr, ca );
else
rc = LDAP_PROTOCOL_ERROR;
}
/* component reference initialization */
ca->ca_comp_ref->cr_curr = ca->ca_comp_ref->cr_list;
rc = test_components( attr_nm, assert_nm, (ComponentSyntaxInfo*)a->a_comp_data->cd_tree, ca );
/* free memory used for storing extracted attribute value */
nibble_mem_free ( attr_nm );
return rc;
@ -1010,10 +1229,11 @@ free_comp_filter( ComponentFilter* f )
switch ( f->cf_choice ) {
case LDAP_COMP_FILTER_AND:
case LDAP_COMP_FILTER_OR:
free_comp_filter_list( f->cf_any );
break;
case LDAP_COMP_FILTER_NOT:
free_comp_filter( f->cf_any );
break;
case LDAP_COMP_FILTER_ITEM:
if ( nibble_mem_free && f->cf_ca->ca_comp_data.cd_mem_op )
nibble_mem_free( f->cf_ca->ca_comp_data.cd_mem_op );

24
servers/slapd/component.h
View file

@ -4,12 +4,12 @@
#include "portable.h"
#include <ac/string.h>
#include <ac/socket.h>
#include "ldap_pvt.h"
#include <ldap_pvt.h>
#include "lutil.h"
#include <ldap.h>
#include "slap.h"
typedef enum {ASN_BASIC, ASN_COMPOSITE } AsnType;
typedef enum { ASN_BASIC, ASN_COMPOSITE } AsnType;
/*
* Decoder Modes
* Different operation is required to handle Decoding(2), Extracted Component
@ -34,5 +34,25 @@ typedef enum {ASN_BASIC, ASN_COMPOSITE } AsnType;
#define DEC_ALLOC_MODE_2 0x04
#define CALL_TAG_DECODER 0x08
#define CALL_CONTENT_DECODER ~0x08
/*
* For Attribute Aliasing
*/
#define MAX_ALIASING_ENTRY 128
typedef struct comp_attribute_aliasing {
AttributeDescription* aa_aliasing_ad;
AttributeDescription* aa_aliased_ad;
ComponentFilter* aa_cf;
MatchingRule* aa_mr;
char* aa_cf_str;
} AttributeAliasing;
typedef struct comp_matchingrule_aliasing {
MatchingRule* mra_aliasing_attr;
MatchingRule* mra_aliased_attr;
AttributeDescription* mra_attr;
ComponentFilter* mra_cf;
MatchingRule* mra_mr;
char* aa_cf_str;
} MatchingRuleAliasing;
#endif

20
servers/slapd/mra.c
View file

@ -23,6 +23,10 @@
#include "slap.h"
#ifdef LDAP_COMP_MATCH
#include "component.h"
#endif
void
mra_free(
Operation *op,
@ -31,7 +35,7 @@ mra_free(
{
#ifdef LDAP_COMP_MATCH
/* free component assertion */
if ( mra->ma_rule->smr_usage & SLAP_MR_COMPONENT ) {
if ( mra->ma_rule->smr_usage & SLAP_MR_COMPONENT && mra->ma_cf ) {
component_free( mra->ma_cf );
}
#endif
@ -54,6 +58,9 @@ get_mra(
struct berval value = BER_BVNULL;
struct berval rule_text = BER_BVNULL;
MatchingRuleAssertion ma;
#ifdef LDAP_COMP_MATCH
AttributeAliasing* aa = NULL;
#endif
memset( &ma, 0, sizeof ma);
@ -189,10 +196,13 @@ get_mra(
if( rc != LDAP_SUCCESS ) return rc;
#ifdef LDAP_COMP_MATCH
/* Matching Rule for Component Matching */
Debug( LDAP_DEBUG_FILTER, "matchingrule %s\n",
ma.ma_rule->smr_mrule.mr_oid, 0, 0);
if( ma.ma_rule && ma.ma_rule->smr_usage & SLAP_MR_COMPONENT ) {
/* Check If this attribute is aliased */
if ( is_aliased_attribute && ma.ma_desc && ( aa = is_aliased_attribute ( ma.ma_desc ) ) ) {
rc = get_aliased_filter ( op, &ma, aa, text );
if ( rc != LDAP_SUCCESS ) return rc;
}
else if ( ma.ma_rule && ma.ma_rule->smr_usage & SLAP_MR_COMPONENT ) {
/* Matching Rule for Component Matching */
rc = get_comp_filter( op, &ma.ma_value, &ma.ma_cf, text );
if ( rc != LDAP_SUCCESS ) return rc;
}

5
servers/slapd/proto-slap.h
View file

@ -375,6 +375,11 @@ LDAP_SLAPD_F (int) componentFilterValidate LDAP_P((
LDAP_SLAPD_F (int) allComponentsValidate LDAP_P((
Syntax *syntax,
struct berval* bv ));
LDAP_SLAPD_V (test_membership_func*) is_aliased_attribute;
LDAP_SLAPD_V (free_component_func*) component_destructor;
#endif
/*

33
servers/slapd/schema/test.schema Normal file
View file

@ -0,0 +1,33 @@
# OpenLDAP Test schema
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
## Copyright 1998-2004 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
## modification, are permitted only as authorized by the OpenLDAP
## Public License.
##
## A copy of this license is available in the file LICENSE in the
## top-level directory of the distribution or, alternatively, at
## <http://www.OpenLDAP.org/license.html>.
#
# For testing purposes only.
# For Attribute Aliasing.
attributetype ( 1.3.6.1.4.1.4203.666.1.34 NAME 'x509CertificateIssuer'
EQUALITY distinguishedNameMatch
DESC 'Aliasing attribute: Issuer, use'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
attributetype ( 1.3.6.1.4.1.4203.666.1.35 NAME 'x509CertificateSerial'
DESC 'Aliasing attribute: Serial, use'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
attributetype ( 1.3.6.1.4.1.4203.666.1.36 NAME 'x509CertificateSerialAndIssuer'
DESC 'Aliasing attribute: Serial and Issuer together, use'
EQUALITY certificateExactMatch
SYNTAX 1.2.826.0.1.3344810.7.1 )

6
servers/slapd/slap.h
View file

@ -2803,10 +2803,14 @@ typedef void free_component_func LDAP_P ((
void* mem_op));
typedef int test_component_func LDAP_P ((
void* mem_op,
void* attr_mem_op,
void* assert_mem_op,
struct slap_component_syntax_info* csi,
struct slap_component_assertion* ca));
typedef void* test_membership_func LDAP_P ((
void* in ));
typedef int allcomponent_matching_func LDAP_P((
char* oid,
struct slap_component_syntax_info* comp1,

204
tests/data/compsearch.out
View file

@ -304,3 +304,207 @@ userCertificate;binary:: MIIB9jCCAV+gAwIBAgIBADANBgkqhkiG9w0BAQQFADANMQswCQYDV
dAWtMjWq2ZJIa26bbvB4enGOF66KH5S823ZdKa0Kr2JcHAAYFpf+TQoGg5JO7TD3AECd7Qo9a+4Xr
EkBJ/Q=
dn: cn=beta,ou=Alumni Association,ou=People,dc=example,dc=com
objectClass: OpenLDAPperson
objectClass: extensibleObject
uid:: Y2hhcmxpZSA=
cn: beta
sn: Jee
userCertificate;binary:: MIIB9jCCAV+gAwIBAgIBADANBgkqhkiG9w0BAQQFADANMQswCQYDV
QQGEwJVUzAeFw0wNDEwMTIwMDAxNTBaFw0wNDExMTEwMDAxNTBaMA0xCzAJBgNVBAYTAlVTMIGfMA
0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCQcTs4uD+gAoQ1XkYN4woLtZaEi7XVEVIJQ6Rsn2QP3MO
NBT9jvrhVcnUJQtvEEkfnsNANKeYntUTvih76jErFNTmg7zl0govFSkiuS+tfrZnn/Ebix3+tTMnA
KUQXkYi5Mr+x3U44yYo1EPLpZlcV1Caafc30EMRQ/Gv/PdrqYwIDAQABo2YwZDAdBgNVHQ4EFgQUA
zNnruNiI38IPf39ZJGFx8mDsxgwNQYDVR0jBC4wLIAUAzNnruNiI38IPf39ZJGFx8mDsxihEaQPMA
0xCzAJBgNVBAYTAlVTggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAf44laoKcTyS
uz3yQb/lfOBVDh6oMxysal0eEij+nypQJ1H+rsZ+ebUlKMiTYhrTk3n3H6moHaxICENIu4P5rD5Ue
dAWtMjWq2ZJIa26bbvB4enGOF66KH5S823ZdKa0Kr2JcHAAYFpf+TQoGg5JO7TD3AECd7Qo9a+4Xr
EkBJ/Q=
dn: cn=charlie,ou=Alumni Association,ou=People,dc=example,dc=com
objectClass: OpenLDAPperson
objectClass: extensibleObject
uid:: Y2hhcmxpZSA=
cn: charlie
sn: Jee
userCertificate;binary:: MIIB9jCCAV+gAwIBAgIBADANBgkqhkiG9w0BAQQFADANMQswCQYDV
QQGEwJVUzAeFw0wNDEwMTIwMDAxNTBaFw0wNDExMTEwMDAxNTBaMA0xCzAJBgNVBAYTAlVTMIGfMA
0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCQcTs4uD+gAoQ1XkYN4woLtZaEi7XVEVIJQ6Rsn2QP3MO
NBT9jvrhVcnUJQtvEEkfnsNANKeYntUTvih76jErFNTmg7zl0govFSkiuS+tfrZnn/Ebix3+tTMnA
KUQXkYi5Mr+x3U44yYo1EPLpZlcV1Caafc30EMRQ/Gv/PdrqYwIDAQABo2YwZDAdBgNVHQ4EFgQUA
zNnruNiI38IPf39ZJGFx8mDsxgwNQYDVR0jBC4wLIAUAzNnruNiI38IPf39ZJGFx8mDsxihEaQPMA
0xCzAJBgNVBAYTAlVTggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAf44laoKcTyS
uz3yQb/lfOBVDh6oMxysal0eEij+nypQJ1H+rsZ+ebUlKMiTYhrTk3n3H6moHaxICENIu4P5rD5Ue
dAWtMjWq2ZJIa26bbvB4enGOF66KH5S823ZdKa0Kr2JcHAAYFpf+TQoGg5JO7TD3AECd7Qo9a+4Xr
EkBJ/Q=
dn: cn=beta,ou=Alumni Association,ou=People,dc=example,dc=com
objectClass: OpenLDAPperson
objectClass: extensibleObject
uid:: Y2hhcmxpZSA=
cn: beta
sn: Jee
userCertificate;binary:: MIIB9jCCAV+gAwIBAgIBADANBgkqhkiG9w0BAQQFADANMQswCQYDV
QQGEwJVUzAeFw0wNDEwMTIwMDAxNTBaFw0wNDExMTEwMDAxNTBaMA0xCzAJBgNVBAYTAlVTMIGfMA
0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCQcTs4uD+gAoQ1XkYN4woLtZaEi7XVEVIJQ6Rsn2QP3MO
NBT9jvrhVcnUJQtvEEkfnsNANKeYntUTvih76jErFNTmg7zl0govFSkiuS+tfrZnn/Ebix3+tTMnA
KUQXkYi5Mr+x3U44yYo1EPLpZlcV1Caafc30EMRQ/Gv/PdrqYwIDAQABo2YwZDAdBgNVHQ4EFgQUA
zNnruNiI38IPf39ZJGFx8mDsxgwNQYDVR0jBC4wLIAUAzNnruNiI38IPf39ZJGFx8mDsxihEaQPMA
0xCzAJBgNVBAYTAlVTggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAf44laoKcTyS
uz3yQb/lfOBVDh6oMxysal0eEij+nypQJ1H+rsZ+ebUlKMiTYhrTk3n3H6moHaxICENIu4P5rD5Ue
dAWtMjWq2ZJIa26bbvB4enGOF66KH5S823ZdKa0Kr2JcHAAYFpf+TQoGg5JO7TD3AECd7Qo9a+4Xr
EkBJ/Q=
dn: cn=charlie,ou=Alumni Association,ou=People,dc=example,dc=com
objectClass: OpenLDAPperson
objectClass: extensibleObject
uid:: Y2hhcmxpZSA=
cn: charlie
sn: Jee
userCertificate;binary:: MIIB9jCCAV+gAwIBAgIBADANBgkqhkiG9w0BAQQFADANMQswCQYDV
QQGEwJVUzAeFw0wNDEwMTIwMDAxNTBaFw0wNDExMTEwMDAxNTBaMA0xCzAJBgNVBAYTAlVTMIGfMA
0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCQcTs4uD+gAoQ1XkYN4woLtZaEi7XVEVIJQ6Rsn2QP3MO
NBT9jvrhVcnUJQtvEEkfnsNANKeYntUTvih76jErFNTmg7zl0govFSkiuS+tfrZnn/Ebix3+tTMnA
KUQXkYi5Mr+x3U44yYo1EPLpZlcV1Caafc30EMRQ/Gv/PdrqYwIDAQABo2YwZDAdBgNVHQ4EFgQUA
zNnruNiI38IPf39ZJGFx8mDsxgwNQYDVR0jBC4wLIAUAzNnruNiI38IPf39ZJGFx8mDsxihEaQPMA
0xCzAJBgNVBAYTAlVTggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAf44laoKcTyS
uz3yQb/lfOBVDh6oMxysal0eEij+nypQJ1H+rsZ+ebUlKMiTYhrTk3n3H6moHaxICENIu4P5rD5Ue
dAWtMjWq2ZJIa26bbvB4enGOF66KH5S823ZdKa0Kr2JcHAAYFpf+TQoGg5JO7TD3AECd7Qo9a+4Xr
EkBJ/Q=
dn: cn=beta,ou=Alumni Association,ou=People,dc=example,dc=com
objectClass: OpenLDAPperson
objectClass: extensibleObject
uid:: Y2hhcmxpZSA=
cn: beta
sn: Jee
userCertificate;binary:: MIIB9jCCAV+gAwIBAgIBADANBgkqhkiG9w0BAQQFADANMQswCQYDV
QQGEwJVUzAeFw0wNDEwMTIwMDAxNTBaFw0wNDExMTEwMDAxNTBaMA0xCzAJBgNVBAYTAlVTMIGfMA
0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCQcTs4uD+gAoQ1XkYN4woLtZaEi7XVEVIJQ6Rsn2QP3MO
NBT9jvrhVcnUJQtvEEkfnsNANKeYntUTvih76jErFNTmg7zl0govFSkiuS+tfrZnn/Ebix3+tTMnA
KUQXkYi5Mr+x3U44yYo1EPLpZlcV1Caafc30EMRQ/Gv/PdrqYwIDAQABo2YwZDAdBgNVHQ4EFgQUA
zNnruNiI38IPf39ZJGFx8mDsxgwNQYDVR0jBC4wLIAUAzNnruNiI38IPf39ZJGFx8mDsxihEaQPMA
0xCzAJBgNVBAYTAlVTggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAf44laoKcTyS
uz3yQb/lfOBVDh6oMxysal0eEij+nypQJ1H+rsZ+ebUlKMiTYhrTk3n3H6moHaxICENIu4P5rD5Ue
dAWtMjWq2ZJIa26bbvB4enGOF66KH5S823ZdKa0Kr2JcHAAYFpf+TQoGg5JO7TD3AECd7Qo9a+4Xr
EkBJ/Q=
dn: cn=charlie,ou=Alumni Association,ou=People,dc=example,dc=com
objectClass: OpenLDAPperson
objectClass: extensibleObject
uid:: Y2hhcmxpZSA=
cn: charlie
sn: Jee
userCertificate;binary:: MIIB9jCCAV+gAwIBAgIBADANBgkqhkiG9w0BAQQFADANMQswCQYDV
QQGEwJVUzAeFw0wNDEwMTIwMDAxNTBaFw0wNDExMTEwMDAxNTBaMA0xCzAJBgNVBAYTAlVTMIGfMA
0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCQcTs4uD+gAoQ1XkYN4woLtZaEi7XVEVIJQ6Rsn2QP3MO
NBT9jvrhVcnUJQtvEEkfnsNANKeYntUTvih76jErFNTmg7zl0govFSkiuS+tfrZnn/Ebix3+tTMnA
KUQXkYi5Mr+x3U44yYo1EPLpZlcV1Caafc30EMRQ/Gv/PdrqYwIDAQABo2YwZDAdBgNVHQ4EFgQUA
zNnruNiI38IPf39ZJGFx8mDsxgwNQYDVR0jBC4wLIAUAzNnruNiI38IPf39ZJGFx8mDsxihEaQPMA
0xCzAJBgNVBAYTAlVTggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAf44laoKcTyS
uz3yQb/lfOBVDh6oMxysal0eEij+nypQJ1H+rsZ+ebUlKMiTYhrTk3n3H6moHaxICENIu4P5rD5Ue
dAWtMjWq2ZJIa26bbvB4enGOF66KH5S823ZdKa0Kr2JcHAAYFpf+TQoGg5JO7TD3AECd7Qo9a+4Xr
EkBJ/Q=
dn: cn=beta,ou=Alumni Association,ou=People,dc=example,dc=com
objectClass: OpenLDAPperson
objectClass: extensibleObject
uid:: Y2hhcmxpZSA=
cn: beta
sn: Jee
userCertificate;binary:: MIIB9jCCAV+gAwIBAgIBADANBgkqhkiG9w0BAQQFADANMQswCQYDV
QQGEwJVUzAeFw0wNDEwMTIwMDAxNTBaFw0wNDExMTEwMDAxNTBaMA0xCzAJBgNVBAYTAlVTMIGfMA
0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCQcTs4uD+gAoQ1XkYN4woLtZaEi7XVEVIJQ6Rsn2QP3MO
NBT9jvrhVcnUJQtvEEkfnsNANKeYntUTvih76jErFNTmg7zl0govFSkiuS+tfrZnn/Ebix3+tTMnA
KUQXkYi5Mr+x3U44yYo1EPLpZlcV1Caafc30EMRQ/Gv/PdrqYwIDAQABo2YwZDAdBgNVHQ4EFgQUA
zNnruNiI38IPf39ZJGFx8mDsxgwNQYDVR0jBC4wLIAUAzNnruNiI38IPf39ZJGFx8mDsxihEaQPMA
0xCzAJBgNVBAYTAlVTggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAf44laoKcTyS
uz3yQb/lfOBVDh6oMxysal0eEij+nypQJ1H+rsZ+ebUlKMiTYhrTk3n3H6moHaxICENIu4P5rD5Ue
dAWtMjWq2ZJIa26bbvB4enGOF66KH5S823ZdKa0Kr2JcHAAYFpf+TQoGg5JO7TD3AECd7Qo9a+4Xr
EkBJ/Q=
dn: cn=charlie,ou=Alumni Association,ou=People,dc=example,dc=com
objectClass: OpenLDAPperson
objectClass: extensibleObject
uid:: Y2hhcmxpZSA=
cn: charlie
sn: Jee
userCertificate;binary:: MIIB9jCCAV+gAwIBAgIBADANBgkqhkiG9w0BAQQFADANMQswCQYDV
QQGEwJVUzAeFw0wNDEwMTIwMDAxNTBaFw0wNDExMTEwMDAxNTBaMA0xCzAJBgNVBAYTAlVTMIGfMA
0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCQcTs4uD+gAoQ1XkYN4woLtZaEi7XVEVIJQ6Rsn2QP3MO
NBT9jvrhVcnUJQtvEEkfnsNANKeYntUTvih76jErFNTmg7zl0govFSkiuS+tfrZnn/Ebix3+tTMnA
KUQXkYi5Mr+x3U44yYo1EPLpZlcV1Caafc30EMRQ/Gv/PdrqYwIDAQABo2YwZDAdBgNVHQ4EFgQUA
zNnruNiI38IPf39ZJGFx8mDsxgwNQYDVR0jBC4wLIAUAzNnruNiI38IPf39ZJGFx8mDsxihEaQPMA
0xCzAJBgNVBAYTAlVTggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAf44laoKcTyS
uz3yQb/lfOBVDh6oMxysal0eEij+nypQJ1H+rsZ+ebUlKMiTYhrTk3n3H6moHaxICENIu4P5rD5Ue
dAWtMjWq2ZJIa26bbvB4enGOF66KH5S823ZdKa0Kr2JcHAAYFpf+TQoGg5JO7TD3AECd7Qo9a+4Xr
EkBJ/Q=
dn: cn=beta,ou=Alumni Association,ou=People,dc=example,dc=com
objectClass: OpenLDAPperson
objectClass: extensibleObject
uid:: Y2hhcmxpZSA=
cn: beta
sn: Jee
userCertificate;binary:: MIIB9jCCAV+gAwIBAgIBADANBgkqhkiG9w0BAQQFADANMQswCQYDV
QQGEwJVUzAeFw0wNDEwMTIwMDAxNTBaFw0wNDExMTEwMDAxNTBaMA0xCzAJBgNVBAYTAlVTMIGfMA
0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCQcTs4uD+gAoQ1XkYN4woLtZaEi7XVEVIJQ6Rsn2QP3MO
NBT9jvrhVcnUJQtvEEkfnsNANKeYntUTvih76jErFNTmg7zl0govFSkiuS+tfrZnn/Ebix3+tTMnA
KUQXkYi5Mr+x3U44yYo1EPLpZlcV1Caafc30EMRQ/Gv/PdrqYwIDAQABo2YwZDAdBgNVHQ4EFgQUA
zNnruNiI38IPf39ZJGFx8mDsxgwNQYDVR0jBC4wLIAUAzNnruNiI38IPf39ZJGFx8mDsxihEaQPMA
0xCzAJBgNVBAYTAlVTggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAf44laoKcTyS
uz3yQb/lfOBVDh6oMxysal0eEij+nypQJ1H+rsZ+ebUlKMiTYhrTk3n3H6moHaxICENIu4P5rD5Ue
dAWtMjWq2ZJIa26bbvB4enGOF66KH5S823ZdKa0Kr2JcHAAYFpf+TQoGg5JO7TD3AECd7Qo9a+4Xr
EkBJ/Q=
dn: cn=charlie,ou=Alumni Association,ou=People,dc=example,dc=com
objectClass: OpenLDAPperson
objectClass: extensibleObject
uid:: Y2hhcmxpZSA=
cn: charlie
sn: Jee
userCertificate;binary:: MIIB9jCCAV+gAwIBAgIBADANBgkqhkiG9w0BAQQFADANMQswCQYDV
QQGEwJVUzAeFw0wNDEwMTIwMDAxNTBaFw0wNDExMTEwMDAxNTBaMA0xCzAJBgNVBAYTAlVTMIGfMA
0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCQcTs4uD+gAoQ1XkYN4woLtZaEi7XVEVIJQ6Rsn2QP3MO
NBT9jvrhVcnUJQtvEEkfnsNANKeYntUTvih76jErFNTmg7zl0govFSkiuS+tfrZnn/Ebix3+tTMnA
KUQXkYi5Mr+x3U44yYo1EPLpZlcV1Caafc30EMRQ/Gv/PdrqYwIDAQABo2YwZDAdBgNVHQ4EFgQUA
zNnruNiI38IPf39ZJGFx8mDsxgwNQYDVR0jBC4wLIAUAzNnruNiI38IPf39ZJGFx8mDsxihEaQPMA
0xCzAJBgNVBAYTAlVTggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAf44laoKcTyS
uz3yQb/lfOBVDh6oMxysal0eEij+nypQJ1H+rsZ+ebUlKMiTYhrTk3n3H6moHaxICENIu4P5rD5Ue
dAWtMjWq2ZJIa26bbvB4enGOF66KH5S823ZdKa0Kr2JcHAAYFpf+TQoGg5JO7TD3AECd7Qo9a+4Xr
EkBJ/Q=
dn: cn=beta,ou=Alumni Association,ou=People,dc=example,dc=com
objectClass: OpenLDAPperson
objectClass: extensibleObject
uid:: Y2hhcmxpZSA=
cn: beta
sn: Jee
userCertificate;binary:: MIIB9jCCAV+gAwIBAgIBADANBgkqhkiG9w0BAQQFADANMQswCQYDV
QQGEwJVUzAeFw0wNDEwMTIwMDAxNTBaFw0wNDExMTEwMDAxNTBaMA0xCzAJBgNVBAYTAlVTMIGfMA
0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCQcTs4uD+gAoQ1XkYN4woLtZaEi7XVEVIJQ6Rsn2QP3MO
NBT9jvrhVcnUJQtvEEkfnsNANKeYntUTvih76jErFNTmg7zl0govFSkiuS+tfrZnn/Ebix3+tTMnA
KUQXkYi5Mr+x3U44yYo1EPLpZlcV1Caafc30EMRQ/Gv/PdrqYwIDAQABo2YwZDAdBgNVHQ4EFgQUA
zNnruNiI38IPf39ZJGFx8mDsxgwNQYDVR0jBC4wLIAUAzNnruNiI38IPf39ZJGFx8mDsxihEaQPMA
0xCzAJBgNVBAYTAlVTggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAf44laoKcTyS
uz3yQb/lfOBVDh6oMxysal0eEij+nypQJ1H+rsZ+ebUlKMiTYhrTk3n3H6moHaxICENIu4P5rD5Ue
dAWtMjWq2ZJIa26bbvB4enGOF66KH5S823ZdKa0Kr2JcHAAYFpf+TQoGg5JO7TD3AECd7Qo9a+4Xr
EkBJ/Q=
dn: cn=charlie,ou=Alumni Association,ou=People,dc=example,dc=com
objectClass: OpenLDAPperson
objectClass: extensibleObject
uid:: Y2hhcmxpZSA=
cn: charlie
sn: Jee
userCertificate;binary:: MIIB9jCCAV+gAwIBAgIBADANBgkqhkiG9w0BAQQFADANMQswCQYDV
QQGEwJVUzAeFw0wNDEwMTIwMDAxNTBaFw0wNDExMTEwMDAxNTBaMA0xCzAJBgNVBAYTAlVTMIGfMA
0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCQcTs4uD+gAoQ1XkYN4woLtZaEi7XVEVIJQ6Rsn2QP3MO
NBT9jvrhVcnUJQtvEEkfnsNANKeYntUTvih76jErFNTmg7zl0govFSkiuS+tfrZnn/Ebix3+tTMnA
KUQXkYi5Mr+x3U44yYo1EPLpZlcV1Caafc30EMRQ/Gv/PdrqYwIDAQABo2YwZDAdBgNVHQ4EFgQUA
zNnruNiI38IPf39ZJGFx8mDsxgwNQYDVR0jBC4wLIAUAzNnruNiI38IPf39ZJGFx8mDsxihEaQPMA
0xCzAJBgNVBAYTAlVTggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAf44laoKcTyS
uz3yQb/lfOBVDh6oMxysal0eEij+nypQJ1H+rsZ+ebUlKMiTYhrTk3n3H6moHaxICENIu4P5rD5Ue
dAWtMjWq2ZJIa26bbvB4enGOF66KH5S823ZdKa0Kr2JcHAAYFpf+TQoGg5JO7TD3AECd7Qo9a+4Xr
EkBJ/Q=

1
tests/data/slapd-component.conf
View file

@ -15,6 +15,7 @@
## <http://www.OpenLDAP.org/license.html>.
include ./schema/core.schema
include ./schema/test.schema
include ./schema/cosine.schema
include ./schema/inetorgperson.schema
include ./schema/openldap.schema

77
tests/scripts/test031-component-filter
View file

@ -212,7 +212,84 @@ if test $RC != 0 ; then
exit $RC
fi
FILTER="(userCertificate:componentFilterMatch:=item:{ component \"tbsCertificate.extensions.\2a.extnValue.content.\282.5.29.35\29.authorityCertSerialNumber\", rule integerMatch, value 0 })"
echo " f=$FILTER ..."
echo "# f=$FILTER ..." >> $SEARCHOUT
$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
"$FILTER" >> $SEARCHOUT 2>&1
RC=$?
if test $RC != 0 ; then
echo "ldapsearch failed ($RC)!"
test $KILLSERVERS != no && kill -HUP $KILLPIDS
exit $RC
fi
FILTER="(userCertificate:componentFilterMatch:=item:{ component \"tbsCertificate.subject.rdnSequence.\2a\", rule rdnMatch, value \"c=US\" })"
echo " f=$FILTER ..."
echo "# f=$FILTER ..." >> $SEARCHOUT
$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
"$FILTER" >> $SEARCHOUT 2>&1
RC=$?
if test $RC != 0 ; then
echo "ldapsearch failed ($RC)!"
test $KILLSERVERS != no && kill -HUP $KILLPIDS
exit $RC
fi
FILTER="(userCertificate:componentFilterMatch:=item:{ component \"tbsCertificate.subject.rdnSequence.\2a.\2a.value.\282.5.4.6\29\", rule caseExactMatch, value \"US\" })"
echo " f=$FILTER ..."
echo "# f=$FILTER ..." >> $SEARCHOUT
$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
"$FILTER" >> $SEARCHOUT 2>&1
RC=$?
if test $RC != 0 ; then
echo "ldapsearch failed ($RC)!"
test $KILLSERVERS != no && kill -HUP $KILLPIDS
exit $RC
fi
FILTER="(x509CertificateIssuer:distinguishedNameMatch:=c=US)"
echo " f=$FILTER ..."
echo "# f=$FILTER ..." >> $SEARCHOUT
$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
"$FILTER" >> $SEARCHOUT 2>&1
RC=$?
if test $RC != 0 ; then
echo "ldapsearch failed ($RC)!"
test $KILLSERVERS != no && kill -HUP $KILLPIDS
exit $RC
fi
FILTER="(x509CertificateSerial:integerMatch:=0)"
echo " f=$FILTER ..."
echo "# f=$FILTER ..." >> $SEARCHOUT
$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
"$FILTER" >> $SEARCHOUT 2>&1
RC=$?
if test $RC != 0 ; then
echo "ldapsearch failed ($RC)!"
test $KILLSERVERS != no && kill -HUP $KILLPIDS
exit $RC
fi
FILTER="(x509CertificateSerialAndIssuer:certificateExactMatch:=0\$c=US)"
echo " f=$FILTER ..."
echo "# f=$FILTER ..." >> $SEARCHOUT
$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
"$FILTER" >> $SEARCHOUT 2>&1
RC=$?
if test $RC != 0 ; then
echo "ldapsearch failed ($RC)!"
test $KILLSERVERS != no && kill -HUP $KILLPIDS
exit $RC
fi
test $KILLSERVERS != no && kill -HUP $KILLPIDS