upstream/openldap
1
0
Fork 0
mirror of https://git.openldap.org/openldap/openldap.git synced 2025-12-21 15:19:34 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

Component Matching module

Browse source 
See "contrib/slapd-modules/comp_match/README" to understand
what's the purpose of  this patch is and how to use it.
This commit is contained in:
Sang Seok Lim 2004-10-27 19:37:02 +00:00
parent 7e454e074a
commit 71e78dd7f9
27 changed files with 7230 additions and 254 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
configure vendored
View file

@ -1795,9 +1795,11 @@ if test "${enable_modules+set}" = set; then
{ echo "configure: error: bad value $enableval for --enable-modules" 1>&2; exit 1; } { echo "configure: error: bad value $enableval for --enable-modules" 1>&2; exit 1; }
fi fi
ol_enable_modules="$ol_arg" ol_enable_modules="$ol_arg"
WITH_MODULES_ENABLED=yes
else else
ol_enable_modules="no" ol_enable_modules="no"
WITH_MODULES_ENABLED=no
fi fi
# end --enable-modules # end --enable-modules
ol_enable_multimaster=${ol_enable_multimaster-no} ol_enable_multimaster=${ol_enable_multimaster-no}
@ -24051,6 +24053,7 @@ EOF
fi fi
WITH_MODULES_ENABLED=no
if test "$ol_link_modules" != no ; then if test "$ol_link_modules" != no ; then
cat >> confdefs.h <<\EOF cat >> confdefs.h <<\EOF
#define SLAPD_MODULES 1 #define SLAPD_MODULES 1
@ -24058,6 +24061,7 @@ EOF
BUILD_SLAPD=yes BUILD_SLAPD=yes
SLAPD_MODULES_LDFLAGS="-dlopen self" SLAPD_MODULES_LDFLAGS="-dlopen self"
WITH_MODULES_ENABLED=yes
fi fi
cat >> confdefs.h <<\EOF cat >> confdefs.h <<\EOF
@ -24707,6 +24711,7 @@ s%@LIBSRCS@%$LIBSRCS%g
s%@PLAT@%$PLAT%g s%@PLAT@%$PLAT%g
s%@WITH_SASL@%$WITH_SASL%g s%@WITH_SASL@%$WITH_SASL%g
s%@WITH_TLS@%$WITH_TLS%g s%@WITH_TLS@%$WITH_TLS%g
s%@WITH_MODULES_ENABLED@%$WITH_MODULES_ENABLED%g
s%@BUILD_LIBS_DYNAMIC@%$BUILD_LIBS_DYNAMIC%g s%@BUILD_LIBS_DYNAMIC@%$BUILD_LIBS_DYNAMIC%g
s%@BUILD_SLAPD@%$BUILD_SLAPD%g s%@BUILD_SLAPD@%$BUILD_SLAPD%g
s%@BUILD_SLAPI@%$BUILD_SLAPI%g s%@BUILD_SLAPI@%$BUILD_SLAPI%g

1
configure.in
View file

@ -2883,6 +2883,7 @@ AC_SUBST(LIBSRCS)
AC_SUBST(PLAT) AC_SUBST(PLAT)
AC_SUBST(WITH_SASL) AC_SUBST(WITH_SASL)
AC_SUBST(WITH_TLS) AC_SUBST(WITH_TLS)
AC_SUBST(WITH_MODULES_ENABLED)
AC_SUBST(BUILD_LIBS_DYNAMIC) AC_SUBST(BUILD_LIBS_DYNAMIC)
AC_SUBST(BUILD_SLAPD) AC_SUBST(BUILD_SLAPD)

60
contrib/slapd-modules/comp_match/Makefile Normal file
View file

@ -0,0 +1,60 @@
# $OpenLDAP$
# This work is part of OpenLDAP Software <http://www.openldap.org/>.
#
# Copyright 2003-2004 The OpenLDAP Foundation.
# Portions Copyright 2004 by IBM Corporation.
# All rights reserved.
# Copyright 2004 Sang Seok Lim, IBM Corp. All Rights Reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted only as authorized by the OpenLDAP
# Public License.
#
# A copy of this license is available in the file LICENSE in the
# top-level directory of the distribution or, alternatively, at
# <http://www.OpenLDAP.org/license.html>.
topbuilddir = ../../../../build
topsrcdir = ../../..
snaccdir = /home/slim/snacc
LIBTOOL=$(topbuilddir)/libtool
OPT=-g -finstrument-functions -DLDAP_COMPONENT
CC=gcc
SNACC_INC=-I$(snaccdir) -I$(snaccdir)/c-lib/inc
LDAP_INC=-I$(topsrcdir)/include -I$(topsrcdir)/servers/slapd -I$(topbuilddir)/include
INCS=$(LDAP_INC) $(SNACC_INC)
SNACC_LIB=$(snaccdir)/c-lib/libcasn1.a
SSL_LIB=-lcrypto
LDAP_LIB=-lldap_r -llber
LIBS=$(LDAP_LIB) $(SNACC_LIB) $(SSL_LIB) /home/slim/local/lib/libfnccheck.a
all: compmatch.la
componentlib.lo: componentlib.c
$(LIBTOOL) --mode=compile $(CC) $(OPT) $(INCS) -c $?
certificate.lo: certificate.c
$(LIBTOOL) --mode=compile $(CC) $(OPT) $(INCS) -c $?
asn_to_syn_mr.lo: asn_to_syn_mr.c
$(LIBTOOL) --mode=compile $(CC) $(OPT) $(INCS) -c $?
init.lo: init.c
$(LIBTOOL) --mode=compile $(CC) $(OPT) $(INCS) -c $?
compmatch.la: componentlib.lo init.lo certificate.lo asn_to_syn_mr.lo
$(LIBTOOL) --mode=link $(CC) $(OPT) $(LIBS) -version-info 0:0:0 \
-rpath /home/slim/ldap/local/libexec/openldap -module -o $@ $? $(LIBS)
clean:
\rm compmatch.la componentlib.lo certificate.lo asn_to_syn_mr.lo\
init.o init.lo componentlib.o certificate.o asn_to_syn_mr.o
install:
cp -r .libs $(topsrcdir)/tests/data/comp_libs
cp compmatch.la $(topsrcdir)/tests/data/comp_libs

87
contrib/slapd-modules/comp_match/README Normal file
View file

@ -0,0 +1,87 @@
Copyright 2004 Sang Seok Lim, IBM . All rights reserved.
Redistribution and use in source and binary forms, with or without
modification, are permitted only as authorized by the OpenLDAP
Public License.
A copy of this license is available in the file LICENSE in the
top-level directory of the distribution or, alternatively, at
<http://www.OpenLDAP.org/license.html>.
This directory contains a Component Matching module
and a X.509 Certificate example.
In order to understand Component Matching, see RFC 3687
and http://www.openldap.org/conf/odd-sandiego-2004/Sangseok.pdf
Brief introduction about files in this directory
1) init.c
module_init() and four functions which are dynamically linked into the main slapd codes
comp_convert_attr_to_comp : decode an attribute value into a component tree
comp_convert_assert_to_comp : decode an assertion value into a component tree
using the decoder of the extracted component.
comp_convert_asn_to_ldap : transform ASN.1 type values into a LDAP string.
comp_free_component : free memory allocated by GSER or BER decoders
2) componentlib.c and component.h
GSER and BER decoder library of each ASN.1 type. They
use component representation to store ASN.1 values.
3) certificate.c certificate.h cacert.pem
eSNACC generated BER and GSER decoder routines of the X.509 certificate
specification, or certificate.asn1 in the directory. cacert.pem
is generated by openssl to test this module.
4) asn_to_syn_mr.c asn.h
An mapping table from ASN.1 types to corresponding Syntaxes and
matching rules in slapd. If the validate function of the mapped syntax
exists, it will be called to validate the decoded ASN.1 value.
How to compile and test the module with the certificate example
1) be sure to configure slapd with enable-modules on.
2) install an eSNACC compiler. At least, you should have library and
header files to compile the module.
3) modify Makefile accordingly. then execute make.
you will get compmatch.la and other necessary files in ./libs
4) modify slapd.conf to include the following module command
moduleload <path to>compmatch.la
5) run slapd and perform ldapsearch on the attribute, or componentCertificatea
(preregistered example attribute defined by the certificate)
--component search filter example
"componentCertificate:componentCertificateMatch:=item:{ component
\"tbsCertificate.serialNumber\", rule allComponentsMatch, value 2 }"
You can find more examples in "test031-component-filter", a test script.
How to add a new ASN.1 syntax other than the example
1) download and install an eSNACC compiler supporting Component Matching
in www.openldap.org. Before compiling, be sure to define
a "LDAP_COMPONENT" macro to obtain component
supported version of C library and back-ends of eSNACC. Otherwise compiled
library fails to be linked to module.
2) using eSNACc, compile your ASN.1 specifications and copy the generated c files
to this directory
Ex) $ esnacc -E BER_COMP -E GSER -t -d -f example.asn
For Component Matching, set BOTH BER_COMP and GSER on.
After compiling, you will get example.c and example.h
3) modify example.c accordingly, seeing certificate.c and certificate.asn
as a reference.
- modify parameters of add_OD_entry(...) in init_module_xxx(...) in example.c.
you need a new OID to register this module into slapd.
- add init_module_xxx() into init_module() in init.c
4) modify asn.h and asn_to_syn_mr.c accordingly. add new enum ID.
5) register a new attribute syntax with a new OID in a schema file
6) then goto 3) above.
Current Status
The generated functions such as GSER/BER decoders, extractor
allComponentMatch for a X.509 certificate ASN.1 specification (certificate.asn)
have been tested successfully. But this is currently under development.
before using it, don't forget to check following status of development,
1) Not all ASN.1 types are supported yet.
See componentlib.c to check which ASN.1 types are currently supported
2) Component version of GSER encoders are not supported yet
3) Not all ComponentId of a component reference are supported yet
supported : identifier, from-beginning, count, from-end
not supported : all, select, content

58
contrib/slapd-modules/comp_match/asn.h Normal file
View file

@ -0,0 +1,58 @@
/* Copyright 2004 IBM Corporation
* All rights reserved.
* Redisribution and use in source and binary forms, with or without
* modification, are permitted only as authorizd by the OpenLADP
* Public License.
*/
/* ACKNOWLEDGEMENTS
* This work originally developed by Sang Seok Lim
* 2004/06/18 03:20:00 slim@OpenLDAP.org
*/
#ifndef _H_ASN_MODULE
#define _H_ASN_MODULE
typedef enum { BER, GSER } EncRulesType;
typedef enum { ASN_BASIC, ASN_COMPOSITE } AsnType;
typedef enum AsnTypeId {
BASICTYPE_BOOLEAN,
BASICTYPE_INTEGER,
BASICTYPE_BITSTRING,
BASICTYPE_OCTETSTRING,
BASICTYPE_NULL,
BASICTYPE_OID,
BASICTYPE_REAL,
BASICTYPE_ENUMERATED,
BASICTYPE_NUMERIC_STR,
BASICTYPE_PRINTABLE_STR,
BASICTYPE_UNIVERSAL_STR,
BASICTYPE_IA5_STR,
BASICTYPE_BMP_STR,
BASICTYPE_UTF8_STR,
BASICTYPE_UTCTIME,
BASICTYPE_GENERALIZEDTIME,
BASICTYPE_GRAPHIC_STR,
BASICTYPE_VISIBLE_STR,
BASICTYPE_GENERAL_STR,
BASICTYPE_OBJECTDESCRIPTOR,
BASICTYPE_VIDEOTEX_STR,
BASICTYPE_T61_STR,
BASICTYPE_OCTETCONTAINING,
BASICTYPE_BITCONTAINING,
BASICTYPE_RELATIVE_OID, /* 25 */
BASICTYPE_ANY,
/* Embedded Composite Types*/
COMPOSITE_ASN1_TYPE,
/* A New ASN.1 types including type reference */
RDNSequence,
RelativeDistinguishedName,
TelephoneNumber,
FacsimileTelephoneNumber__telephoneNumber,
DirectoryString,
/* Newly Defined ASN.1 Type, Manually registered */
ASN_COMP_CERTIFICATE,
/* ASN.1 Type End */
ASNTYPE_END
} AsnTypeId;
#endif

77
contrib/slapd-modules/comp_match/asn_to_syn_mr.c Normal file
View file

@ -0,0 +1,77 @@
#include "asn.h"
#include "component.h"
AsnTypetoMatchingRuleTable directory_component_matching_table = {
"1.2.36.79672281.1.13.7",
{
{ BASICTYPE_BOOLEAN,NULL,"1.3.6.1.4.1.1466.115.121.1.7", NULL },
{ BASICTYPE_INTEGER,NULL ,"1.3.6.1.4.1.1466.115.121.1.27", NULL },
{ BASICTYPE_BITSTRING,NULL ,"1.3.6.1.4.1.1466.115.121.1.6", NULL },
{ BASICTYPE_OCTETSTRING,NULL , "1.3.6.1.4.1.1466.115.121.1.40", NULL },
{ BASICTYPE_NULL,NULL , NULL, NULL },
{ BASICTYPE_OID,NULL ,"1.3.6.1.4.1.1466.115.121.1.38", NULL },
{ BASICTYPE_REAL,NULL , NULL, NULL },
{ BASICTYPE_ENUMERATED,NULL , NULL, NULL },
{ BASICTYPE_NUMERIC_STR, "numericStringMatch", "1.3.6.1.4.1.1466.115.121.1.36", NULL },
{ BASICTYPE_PRINTABLE_STR, "caseIgnoreMatch", "1.3.6.1.4.1.1466.115.121.1.44", NULL },
{ BASICTYPE_UNIVERSAL_STR, "caseIgnoreMatch" , NULL, NULL },
{ BASICTYPE_IA5_STR, "caseIgnoreMatch", "1.3.6.1.4.1.1466.115.121.1.26", NULL },
{ BASICTYPE_BMP_STR, "caseIgnoreMatch" , NULL, NULL },
{ BASICTYPE_UTF8_STR, "caseIgnoreMatch" , NULL, NULL },
{ BASICTYPE_UTCTIME, "uTCTimeMatch" , "1.3.6.1.4.1.1466.115.121.1.53", NULL },
{ BASICTYPE_GENERALIZEDTIME, "generalizedTimeMatch" ,"1.3.6.1.4.1.1466.115.121.1.24", NULL },
{ BASICTYPE_GRAPHIC_STR, "caseIgnoreMatch", NULL, NULL },
{ BASICTYPE_VISIBLE_STR, "caseIgnoreMatch", NULL, NULL },
{ BASICTYPE_GENERAL_STR, "caseIgnoreMatch", NULL, NULL },
{ BASICTYPE_OBJECTDESCRIPTOR, NULL , NULL, NULL },
{ BASICTYPE_VIDEOTEX_STR, "caseIgnoreMatch", NULL, NULL },
{ BASICTYPE_T61_STR, "caseIgnoreMatch", NULL, NULL },
{ BASICTYPE_OCTETCONTAINING, NULL , NULL, NULL },
{ BASICTYPE_BITCONTAINING, NULL , NULL, NULL },
{ BASICTYPE_RELATIVE_OID, NULL, "1.2.36.79672281.1.5.0", NULL },
{ RDNSequence, "distinguishedNameMatch" , NULL, NULL },
{ RelativeDistinguishedName, NULL , NULL, NULL },
{ TelephoneNumber, "telephoneNumberMatch" , "1.3.6.1.4.1.1466.115.121.1.50", NULL },
{ FacsimileTelephoneNumber__telephoneNumber, "telephoneNumberMatch","1.3.6.1.4.1.1466.115.121.1.22", NULL },
{ DirectoryString, "caseIgnoreMatch" ,"1.3.6.1.4.1.1466.115.121.1.15", NULL },
{ ASN_COMP_CERTIFICATE, NULL , "1.2.36.79672281.1.5.2" , NULL },
{ ASNTYPE_END , NULL , NULL, NULL }
},
NULL
};
struct asntype_to_syntax asn_to_syntax_mapping_tbl[] = {
{ BASICTYPE_BOOLEAN,"Boolean","1.3.6.1.4.1.1466.115.121.1.7", NULL },
{ BASICTYPE_INTEGER,"Integer","1.3.6.1.4.1.1466.115.121.1.27", NULL },
{ BASICTYPE_BITSTRING,"Bit String","1.3.6.1.4.1.1466.115.121.1.6", NULL },
{ BASICTYPE_OCTETSTRING,"Octet String", "1.3.6.1.4.1.1466.115.121.1.40", NULL },
{ BASICTYPE_NULL,NULL, NULL, NULL },
{ BASICTYPE_OID,"OID","1.3.6.1.4.1.1466.115.121.1.38", NULL },
{ BASICTYPE_REAL,NULL, NULL, NULL },
{ BASICTYPE_ENUMERATED,"Integer", "1.3.6.1.4.1.1466.115.121.1.27", NULL },
{ BASICTYPE_NUMERIC_STR, "Numeric String", "1.3.6.1.4.1.1466.115.121.1.36", NULL },
{ BASICTYPE_PRINTABLE_STR, "Printable String", "1.3.6.1.4.1.1466.115.121.1.44", NULL },
{ BASICTYPE_UNIVERSAL_STR, NULL , NULL, NULL },
{ BASICTYPE_IA5_STR, "IA5 String", "1.3.6.1.4.1.1466.115.121.1.26", NULL },
{ BASICTYPE_BMP_STR, NULL , NULL, NULL },
{ BASICTYPE_UTF8_STR, "Directory String" , "1.3.6.1.4.1.1466.115.121.1.15", NULL },
{ BASICTYPE_UTCTIME, "UTC Time" , "1.3.6.1.4.1.1466.115.121.1.53", NULL },
{ BASICTYPE_GENERALIZEDTIME, "Generalized Time" ,"1.3.6.1.4.1.1466.115.121.1.24", NULL },
{ BASICTYPE_GRAPHIC_STR, NULL, NULL, NULL },
{ BASICTYPE_VISIBLE_STR, "Directory String", "1.3.6.1.4.1.1466.115.121.1.15", NULL },
{ BASICTYPE_GENERAL_STR, NULL, NULL, NULL },
{ BASICTYPE_OBJECTDESCRIPTOR, "Object Class Description", "1.3.6.1.4.1.1466.115.121.1.37", NULL },
{ BASICTYPE_VIDEOTEX_STR, NULL, NULL, NULL },
{ BASICTYPE_T61_STR, NULL, NULL, NULL },
{ BASICTYPE_OCTETCONTAINING, NULL , NULL, NULL },
{ BASICTYPE_BITCONTAINING, NULL , NULL, NULL },
{ BASICTYPE_RELATIVE_OID, "OID", "1.3.6.1.4.1.1466.115.121.1.38", NULL },
{ BASICTYPE_ANY, NULL, NULL, NULL },
{ RDNSequence, "RDN" , "1.2.36.79672281.1.5.0", NULL },
{ RelativeDistinguishedName, "RDN", "1.2.36.79672281.1.5.0", NULL },
{ TelephoneNumber, "Telephone Number" , "1.3.6.1.4.1.1466.115.121.1.50", NULL },
{ FacsimileTelephoneNumber__telephoneNumber, "Facsimile Telephone Number","1.3.6.1.4.1.1466.115.121.1.22", NULL },
{ DirectoryString, "Directory String" ,"1.3.6.1.4.1.1466.115.121.1.15", NULL },
{ ASN_COMP_CERTIFICATE, "componentCertificate", "1.2.36.79672281.1.5.2" , NULL },
{ ASNTYPE_END , NULL , NULL, NULL }
};

91
contrib/slapd-modules/comp_match/certificate.asn1 Normal file
View file

@ -0,0 +1,91 @@
AuthenticationFramework {joint-iso-itu-t ds(5) module(1) authenticationFramework(7) 4} DEFINITIONS ::=
BEGIN
-- based on RFC 3280 and X.509
Certificate ::= SEQUENCE {
tbsCertificate TBSCertificate,
signatureAlgorithm AlgorithmIdentifier,
signature BIT STRING
}
TBSCertificate ::= SEQUENCE {
version [0] Version DEFAULT v1,
serialNumber CertificateSerialNumber,
signature AlgorithmIdentifier,
issuer Name,
validity Validity,
subject Name,
subjectPublicKeyInfo SubjectPublicKeyInfo,
issuerUniqueIdentifier [1] IMPLICIT UniqueIdentifier OPTIONAL,
-- if present, version shall be v2 or v3
subjectUniqueIdentifier [2] IMPLICIT UniqueIdentifier OPTIONAL,
-- if present, version shall be v2 or v3
extensions [3] Extensions OPTIONAL
-- If present, version shall be v3 -- }
Version ::= INTEGER { v1(0), v2(1), v3(2) }
CertificateSerialNumber ::= INTEGER
AlgorithmIdentifier ::= SEQUENCE {
algorithm OBJECT IDENTIFIER,
parameters ANY DEFINED BY algorithm OPTIONAL -- DSA, SHA-1--
}
Name ::= CHOICE {
rdnSequence RDNSequence }
RDNSequence ::= SEQUENCE OF RelativeDistinguishedName
RelativeDistinguishedName ::= SET OF AttributeTypeAndValue
AttributeTypeAndValue ::= SEQUENCE {
type AttributeType,
value ANY DEFINED BY type}
AttributeType ::= OBJECT IDENTIFIER
Validity ::= SEQUENCE {
notBefore Time,
notAfter Time }
UniqueIdentifier ::= BIT STRING
SubjectPublicKeyInfo ::= SEQUENCE {
algorithm AlgorithmIdentifier,
subjectPublicKey BIT STRING }
Time ::= CHOICE {
utcTime UTCTime,
generalizedTime GeneralizedTime }
Extensions ::= SEQUENCE SIZE(1..MAX) OF Extension
Extension ::= SEQUENCE {
extnID OBJECT IDENTIFIER,
-- critical BOOLEAN DEFAULT FALSE,
extnValue OCTET STRING
-- contains a DER encoding of a value of type &ExtnType
-- for the extension object identified by extnId --
}
nullOid OBJECT-TYPE
SYNTAX NULL
ACCESS read-write
STATUS mandatory
::= { 1 2 840 113549 1 1 4 }
nullOid2 OBJECT-TYPE
SYNTAX NULL
ACCESS read-write
STATUS mandatory
::= { 1 2 840 113549 1 1 1 }
printableStringOid OBJECT-TYPE
SYNTAX PrintableString
ACCESS read-write
STATUS mandatory
::= { 2 5 4 6 }
END

3171
contrib/slapd-modules/comp_match/certificate.c Normal file
View file

File diff suppressed because it is too large Load diff

405
contrib/slapd-modules/comp_match/certificate.h Normal file
View file

@ -0,0 +1,405 @@
#include "asn-incl.h"
/*
* certificate.h
* "AuthenticationFramework" ASN.1 module encode/decode/extracting/matching/free C src.
* This file was generated by modified eSMACC compiler Sat Oct 23 20:25:08 2004
* The generated files are strongly encouraged to be
* compiled as a module for OpenLDAP Software
*/
#ifndef _certificate_h_
#define _certificate_h_
#ifdef __cplusplus
extern "C" {
#endif
#ifdef _WIN32
#pragma warning( disable : 4101 )
#endif
#include "component.h"
typedef enum AuthenticationFrameworkAnyId
{
nullOid_ANY_ID = 0,
nullOid2_ANY_ID = 1,
printableStringOid_ANY_ID = 2} AuthenticationFrameworkAnyId;
void InitAnyAuthenticationFramework();
#define V1 0
#define V2 1
#define V3 2
typedef ComponentInt ComponentVersion; /* INTEGER { V1 (0), V2 (1), V3 (2) } */
#define MatchingComponentVersion MatchingComponentInt
#define ExtractingComponentVersion ExtractingComponentInt
#define BDecComponentVersion BDecComponentInt
#define GDecComponentVersion GDecComponentInt
#define FreeComponentVersion FreeComponentInt
typedef ComponentInt ComponentCertificateSerialNumber; /* INTEGER */
#define MatchingComponentCertificateSerialNumber MatchingComponentInt
#define ExtractingComponentCertificateSerialNumber ExtractingComponentInt
#define BDecComponentCertificateSerialNumber BDecComponentInt
#define GDecComponentCertificateSerialNumber GDecComponentInt
#define FreeComponentCertificateSerialNumber FreeComponentInt
typedef ComponentOid ComponentAttributeType; /* OBJECT IDENTIFIER */
#define MatchingComponentAttributeType MatchingComponentOid
#define ExtractingComponentAttributeType ExtractingComponentOid
#define BDecComponentAttributeType BDecComponentOid
#define GDecComponentAttributeType GDecComponentOid
#define FreeComponentAttributeType FreeComponentOid
typedef ComponentBits ComponentUniqueIdentifier; /* BIT STRING */
#define MatchingComponentUniqueIdentifier MatchingComponentBits
#define ExtractingComponentUniqueIdentifier ExtractingComponentBits
#define BDecComponentUniqueIdentifier BDecComponentBits
#define GDecComponentUniqueIdentifier GDecComponentBits
#define FreeComponentUniqueIdentifier FreeComponentBits
typedef struct AlgorithmIdentifier /* SEQUENCE */
{
Syntax* syntax;
ComponentDesc* comp_desc;
struct berval identifier;
char id_buf[MAX_IDENTIFIER_LEN];
ComponentOid algorithm; /* OBJECT IDENTIFIER */
ComponentAnyDefinedBy parameters; /* ANY DEFINED BY algorithm OPTIONAL */
} ComponentAlgorithmIdentifier;
int MatchingComponentAlgorithmIdentifier PROTO (( char *oid, ComponentSyntaxInfo *, ComponentSyntaxInfo *v2 ));
void* ExtractingComponentAlgorithmIdentifier PROTO ((ComponentReference *cr, ComponentAlgorithmIdentifier *comp ));
int BDecComponentAlgorithmIdentifier PROTO ((GenBuf * b, AsnTag tagId0, AsnLen elmtLen0, ComponentAlgorithmIdentifier **v, AsnLen *bytesDecoded, int mode));
int GDecComponentAlgorithmIdentifier PROTO ((GenBuf * b, ComponentAlgorithmIdentifier **v, AsnLen *bytesDecoded, int mode));
void FreeComponentAlgorithmIdentifier(ComponentAlgorithmIdentifier *v);
typedef struct Time /* CHOICE */
{
Syntax* syntax;
ComponentDesc* comp_desc;
struct berval identifier;
char id_buf[MAX_IDENTIFIER_LEN];
enum TimeChoiceId
{
TIME_UTCTIME,
TIME_GENERALIZEDTIME
} choiceId;
union TimeChoiceUnion
{
ComponentUTCTime* utcTime; /* < unknown type id ?! > */
ComponentGeneralizedTime* generalizedTime; /* < unknown type id ?! > */
} a;
} ComponentTime;
int MatchingComponentTime PROTO (( char *oid, ComponentSyntaxInfo *, ComponentSyntaxInfo *v2 ));
void* ExtractingComponentTime PROTO ((ComponentReference *cr, ComponentTime *comp ));
int BDecComponentTime PROTO ((GenBuf * b, AsnTag tagId0, AsnLen elmtLen0, ComponentTime **v, AsnLen *bytesDecoded, int mode));
int GDecComponentTime PROTO ((GenBuf * b, ComponentTime **v, AsnLen *bytesDecoded, int mode));
void FreeComponentTime(ComponentTime *v);
typedef struct Extension /* SEQUENCE */
{
Syntax* syntax;
ComponentDesc* comp_desc;
struct berval identifier;
char id_buf[MAX_IDENTIFIER_LEN];
ComponentOid extnID; /* OBJECT IDENTIFIER */
ComponentOcts extnValue; /* OCTET STRING */
} ComponentExtension;
int MatchingComponentExtension PROTO (( char *oid, ComponentSyntaxInfo *, ComponentSyntaxInfo *v2 ));
void* ExtractingComponentExtension PROTO ((ComponentReference *cr, ComponentExtension *comp ));
int BDecComponentExtension PROTO ((GenBuf * b, AsnTag tagId0, AsnLen elmtLen0, ComponentExtension **v, AsnLen *bytesDecoded, int mode));
int GDecComponentExtension PROTO ((GenBuf * b, ComponentExtension **v, AsnLen *bytesDecoded, int mode));
void FreeComponentExtension(ComponentExtension *v);
typedef struct AttributeTypeAndValue /* SEQUENCE */
{
Syntax* syntax;
ComponentDesc* comp_desc;
struct berval identifier;
char id_buf[MAX_IDENTIFIER_LEN];
ComponentAttributeType type; /* AttributeType */
ComponentAnyDefinedBy value; /* ANY DEFINED BY type */
} ComponentAttributeTypeAndValue;
int MatchingComponentAttributeTypeAndValue PROTO (( char *oid, ComponentSyntaxInfo *, ComponentSyntaxInfo *v2 ));
void* ExtractingComponentAttributeTypeAndValue PROTO ((ComponentReference *cr, ComponentAttributeTypeAndValue *comp ));
int BDecComponentAttributeTypeAndValue PROTO ((GenBuf * b, AsnTag tagId0, AsnLen elmtLen0, ComponentAttributeTypeAndValue **v, AsnLen *bytesDecoded, int mode));
int GDecComponentAttributeTypeAndValue PROTO ((GenBuf * b, ComponentAttributeTypeAndValue **v, AsnLen *bytesDecoded, int mode));
void FreeComponentAttributeTypeAndValue(ComponentAttributeTypeAndValue *v);
typedef struct Validity /* SEQUENCE */
{
Syntax* syntax;
ComponentDesc* comp_desc;
struct berval identifier;
char id_buf[MAX_IDENTIFIER_LEN];
ComponentTime* notBefore; /* Time */
ComponentTime* notAfter; /* Time */
} ComponentValidity;
int MatchingComponentValidity PROTO (( char *oid, ComponentSyntaxInfo *, ComponentSyntaxInfo *v2 ));
void* ExtractingComponentValidity PROTO ((ComponentReference *cr, ComponentValidity *comp ));
int BDecComponentValidity PROTO ((GenBuf * b, AsnTag tagId0, AsnLen elmtLen0, ComponentValidity **v, AsnLen *bytesDecoded, int mode));
int GDecComponentValidity PROTO ((GenBuf * b, ComponentValidity **v, AsnLen *bytesDecoded, int mode));
void FreeComponentValidity(ComponentValidity *v);
typedef struct SubjectPublicKeyInfo /* SEQUENCE */
{
Syntax* syntax;
ComponentDesc* comp_desc;
struct berval identifier;
char id_buf[MAX_IDENTIFIER_LEN];
ComponentAlgorithmIdentifier* algorithm; /* AlgorithmIdentifier */
ComponentBits subjectPublicKey; /* BIT STRING */
} ComponentSubjectPublicKeyInfo;
int MatchingComponentSubjectPublicKeyInfo PROTO (( char *oid, ComponentSyntaxInfo *, ComponentSyntaxInfo *v2 ));
void* ExtractingComponentSubjectPublicKeyInfo PROTO ((ComponentReference *cr, ComponentSubjectPublicKeyInfo *comp ));
int BDecComponentSubjectPublicKeyInfo PROTO ((GenBuf * b, AsnTag tagId0, AsnLen elmtLen0, ComponentSubjectPublicKeyInfo **v, AsnLen *bytesDecoded, int mode));
int GDecComponentSubjectPublicKeyInfo PROTO ((GenBuf * b, ComponentSubjectPublicKeyInfo **v, AsnLen *bytesDecoded, int mode));
void FreeComponentSubjectPublicKeyInfo(ComponentSubjectPublicKeyInfo *v);
typedef ComponentList ComponentExtensions; /* SEQUENCE SIZE 1..MAX OF Extension */
int MatchingComponentExtensions PROTO (( char *oid, ComponentSyntaxInfo *, ComponentSyntaxInfo *v2 ));
void* ExtractingComponentExtensions PROTO ((ComponentReference *cr, ComponentExtensions *comp ));
int BDecComponentExtensions PROTO ((GenBuf * b, AsnTag tagId0, AsnLen elmtLen0, ComponentExtensions **v, AsnLen *bytesDecoded, int mode));
int GDecComponentExtensions PROTO ((GenBuf * b, ComponentExtensions **v, AsnLen *bytesDecoded, int mode));
void FreeComponentExtensions(ComponentExtensions *v);
typedef ComponentList ComponentRelativeDistinguishedName; /* SET OF AttributeTypeAndValue */
int MatchingComponentRelativeDistinguishedName PROTO (( char *oid, ComponentSyntaxInfo *, ComponentSyntaxInfo *v2 ));
void* ExtractingComponentRelativeDistinguishedName PROTO ((ComponentReference *cr, ComponentRelativeDistinguishedName *comp ));
int BDecComponentRelativeDistinguishedName PROTO ((GenBuf * b, AsnTag tagId0, AsnLen elmtLen0, ComponentRelativeDistinguishedName **v, AsnLen *bytesDecoded, int mode));
int GDecComponentRelativeDistinguishedName PROTO ((GenBuf * b, ComponentRelativeDistinguishedName **v, AsnLen *bytesDecoded, int mode));
void FreeComponentRelativeDistinguishedName(ComponentRelativeDistinguishedName *v);
typedef ComponentList ComponentRDNSequence; /* SEQUENCE OF RelativeDistinguishedName */
int MatchingComponentRDNSequence PROTO (( char *oid, ComponentSyntaxInfo *, ComponentSyntaxInfo *v2 ));
void* ExtractingComponentRDNSequence PROTO ((ComponentReference *cr, ComponentRDNSequence *comp ));
int BDecComponentRDNSequence PROTO ((GenBuf * b, AsnTag tagId0, AsnLen elmtLen0, ComponentRDNSequence **v, AsnLen *bytesDecoded, int mode));
int GDecComponentRDNSequence PROTO ((GenBuf * b, ComponentRDNSequence **v, AsnLen *bytesDecoded, int mode));
void FreeComponentRDNSequence(ComponentRDNSequence *v);
typedef struct Name /* CHOICE */
{
Syntax* syntax;
ComponentDesc* comp_desc;
struct berval identifier;
char id_buf[MAX_IDENTIFIER_LEN];
enum NameChoiceId
{
NAME_RDNSEQUENCE
} choiceId;
union NameChoiceUnion
{
ComponentRDNSequence* rdnSequence; /* RDNSequence */
} a;
} ComponentName;
int MatchingComponentName PROTO (( char *oid, ComponentSyntaxInfo *, ComponentSyntaxInfo *v2 ));
void* ExtractingComponentName PROTO ((ComponentReference *cr, ComponentName *comp ));
int BDecComponentName PROTO ((GenBuf * b, AsnTag tagId0, AsnLen elmtLen0, ComponentName **v, AsnLen *bytesDecoded, int mode));
int GDecComponentName PROTO ((GenBuf * b, ComponentName **v, AsnLen *bytesDecoded, int mode));
void FreeComponentName(ComponentName *v);
typedef struct TBSCertificate /* SEQUENCE */
{
Syntax* syntax;
ComponentDesc* comp_desc;
struct berval identifier;
char id_buf[MAX_IDENTIFIER_LEN];
ComponentVersion* version; /* [0] Version DEFAULT v1 */
ComponentCertificateSerialNumber serialNumber; /* CertificateSerialNumber */
ComponentAlgorithmIdentifier* signature; /* AlgorithmIdentifier */
ComponentName* issuer; /* Name */
ComponentValidity* validity; /* Validity */
ComponentName* subject; /* Name */
ComponentSubjectPublicKeyInfo* subjectPublicKeyInfo; /* SubjectPublicKeyInfo */
ComponentUniqueIdentifier issuerUniqueIdentifier; /* [1] IMPLICIT UniqueIdentifier OPTIONAL */
ComponentUniqueIdentifier subjectUniqueIdentifier; /* [2] IMPLICIT UniqueIdentifier OPTIONAL */
ComponentExtensions* extensions; /* [3] Extensions OPTIONAL */
} ComponentTBSCertificate;
int MatchingComponentTBSCertificate PROTO (( char *oid, ComponentSyntaxInfo *, ComponentSyntaxInfo *v2 ));
void* ExtractingComponentTBSCertificate PROTO ((ComponentReference *cr, ComponentTBSCertificate *comp ));
int BDecComponentTBSCertificate PROTO ((GenBuf * b, AsnTag tagId0, AsnLen elmtLen0, ComponentTBSCertificate **v, AsnLen *bytesDecoded, int mode));
int GDecComponentTBSCertificate PROTO ((GenBuf * b, ComponentTBSCertificate **v, AsnLen *bytesDecoded, int mode));
void FreeComponentTBSCertificate(ComponentTBSCertificate *v);
typedef struct Certificate /* SEQUENCE */
{
Syntax* syntax;
ComponentDesc* comp_desc;
struct berval identifier;
char id_buf[MAX_IDENTIFIER_LEN];
ComponentTBSCertificate* tbsCertificate; /* TBSCertificate */
ComponentAlgorithmIdentifier* signatureAlgorithm; /* AlgorithmIdentifier */
ComponentBits signature; /* BIT STRING */
} ComponentCertificate;
int MatchingComponentCertificate PROTO (( char *oid, ComponentSyntaxInfo *, ComponentSyntaxInfo *v2 ));
void* ExtractingComponentCertificate PROTO ((ComponentReference *cr, ComponentCertificate *comp ));
int BDecComponentCertificate PROTO ((GenBuf * b, AsnTag tagId0, AsnLen elmtLen0, ComponentCertificate **v, AsnLen *bytesDecoded, int mode));
int GDecComponentCertificate PROTO ((GenBuf * b, ComponentCertificate **v, AsnLen *bytesDecoded, int mode));
void FreeComponentCertificate(ComponentCertificate *v);
/* ========== Object Declarations ========== */
/* ========== Object Set Declarations ========== */
#ifdef __cplusplus
extern "C" {
#endif
#endif /* conditional include of certificate.h */

517
contrib/slapd-modules/comp_match/component.h Normal file
View file

@ -0,0 +1,517 @@
/* Copyright 2004 IBM Corporation
* All rights reserved.
* Redisribution and use in source and binary forms, with or without
* modification, are permitted only as authorizd by the OpenLADP
* Public License.
*/
/* ACKNOWLEDGEMENTS
* This work originally developed by Sang Seok Lim
* 2004/06/18 03:20:00 slim@OpenLDAP.org
*/
#ifndef _H_COMPONENT_MODULE
#define _H_COMPONENT_MODULE
#include "portable.h"
#include <ac/string.h>
#include <ac/socket.h>
#include <ldap_pvt.h>
#include "lutil.h"
#include <ldap.h>
#include <slap.h>
#include <asn-incl.h>
#include "asn.h"
#include <asn-gser.h>
#include <string.h>
#define MAX_IDENTIFIER_LEN 128
#define COMPONENTNOT_NULL(ptr) ((ptr) != NULL)
/*
* BIT STRING
*/
typedef struct ComponentBits {
void* syntax;
ComponentDesc* comp_desc;
struct berval identifier;
char id_buf[MAX_IDENTIFIER_LEN];
AsnBits value;
} ComponentBits;
#define GASNBITS_PRESENT(abits) ((abits)->value.bits != NULL)
#define COMPONENTBITS_PRESENT(abits) ((abits)->value.bits != NULL)
int GDecComponentBits (GenBuf *b, void *result, AsnLen *bytesDecoded, int mode);
int BDecComponentBits (GenBuf *b, AsnTag tagId, AsnLen len, void *result,
AsnLen *bytesDecoded, int mode);
int MatchingComponentBits (char* oid, ComponentSyntaxInfo *bits1 , ComponentSyntaxInfo* bits2);
#define ExtractingComponentBits(cr,data) NULL
/*
* BMP String
*/
typedef struct ComponentBMPString {
void* syntax;
ComponentDesc* comp_desc;
struct berval identifier;
char id_buf[MAX_IDENTIFIER_LEN];
BMPString value;
} ComponentBMPString;
int GDecComponentBMPString (GenBuf *b, void *result,
AsnLen *bytesDecoded, int mode);
int BDecComponentBMPString (GenBuf *b, AsnTag tagId, AsnLen len, void *result,
AsnLen *bytesDecoded, int mode);
#define MatchingComponentBMPString MatchingComponentOcts
#define ExtractingComponentBMPString(cr,data) NULL
#define FreeComponentBMPString FreeComponentOcts
/*
* BOOLEAN
*/
typedef struct ComponentBool {
void* syntax;
ComponentDesc* comp_desc;
struct berval identifier;
char id_buf[MAX_IDENTIFIER_LEN];
AsnBool value;
} ComponentBool;
int GDecComponentBool (GenBuf *b, void *result,
AsnLen *bytesDecoded, int mode);
int BDecComponentBool (GenBuf *b, AsnTag tagId, AsnLen len, void *result,
AsnLen *bytesDecoded, int mode);
int MatchingComponentBool (char* oid, ComponentSyntaxInfo *a, ComponentSyntaxInfo *b);
#define ExtractingComponentBool(cr,data) NULL
#define FreeComponentBool(v) NULL
/*
* ENUMERTED
*/
typedef struct ComponentEnum {
void* syntax;
ComponentDesc* comp_desc;
struct berval identifier;
char id_buf[MAX_IDENTIFIER_LEN];
AsnEnum value;
struct berval value_identifier;/*Why this value is defined here?*/
} ComponentEnum;
int GDecComponentEnum (GenBuf *a, void *result, AsnLen *bytesDecoded,int mode);
int BDecComponentEnum (GenBuf *b, AsnTag tagId, AsnLen len, void *result,
AsnLen *bytesDecoded, int mode);
int MatchingComponentEnum (char *oid, ComponentSyntaxInfo *a, ComponentSyntaxInfo * b);
#define ExtractingComponentEnum(cr,data) NULL
#define FreeComponentEnum FreeComponentInt
/*
* IA5 String
*/
typedef struct ComponentIA5String {
void* syntax;
ComponentDesc* comp_desc;
struct berval identifier;
char id_buf[MAX_IDENTIFIER_LEN];
IA5String value;
} ComponentIA5String;
#define GDecComponentIA5String GDecComponentUTF8String
int BDecComponentIA5String (GenBuf *b, AsnTag tagId, AsnLen len, void *result,
AsnLen *bytesDecoded, int mode);
#define MatchingComponentIA5String MatchingComponentOcts
#define ExtractingComponentIA5String(cr,data) NULL
#define FreeComponentIA5String FreeComponentOcts
/*
* INTEGER
*/
typedef struct ComponentInt {
void* syntax;
ComponentDesc* comp_desc;
struct berval identifier;
char id_buf[MAX_IDENTIFIER_LEN];
int value;
} ComponentInt;
#define GNOT_NULL(ptr) ((ptr) != NULL)
int GDecComponentInt (GenBuf *b, void *result, AsnLen *bytesDecoded, int mode );
int BDecComponentInt (GenBuf *b, AsnTag tagId, AsnLen len, void *result,
AsnLen *bytesDecoded, int mode);
int MatchingComponentInt (char* oid, ComponentSyntaxInfo *a, ComponentSyntaxInfo *b);
#define ExtractingComponentInt(cr,data) NULL
#define FreeComponentInt(v) NULL
/*
* LIST Data Structure for C_LIST
*/
typedef struct ComponentList {
void* syntax;
ComponentDesc* comp_desc;
struct berval identifier;
char id_buf[MAX_IDENTIFIER_LEN];
AsnList comp_list;
} ComponentList;
/*
* NULL
*/
typedef struct ComponentNull {
void* syntax;
ComponentDesc* comp_desc;
struct berval identifier;
char id_buf[MAX_IDENTIFIER_LEN];
AsnNull value;
} ComponentNull;
int GDecComponentNull (GenBuf *b, void *result,
AsnLen *bytesDecoded, int mode);
int BDecComponentNull (GenBuf *b, AsnTag tagId, AsnLen len, void *result,
AsnLen *bytesDecoded, int mode);
int BDecComponentNullTag ( GenBuf *b, void *v, AsnLen *bytesDecoded, int mode );
int MatchingComponentNull (char* oid, ComponentSyntaxInfo *a, ComponentSyntaxInfo *b);
#define ExtractingComponentNull(cr,data) NULL
#define FreeComponentNull NULL
/*
* Numeric String
*/
typedef struct ComponentNumericString {
void* syntax;
ComponentDesc* comp_desc;
struct berval identifier;
char id_buf[MAX_IDENTIFIER_LEN];
NumericString value;
} ComponentNumericString;
#define GDecComponentNumericString GDecComponentUTF8String
int BDecComponentNumericString (GenBuf *b, AsnTag tagId, AsnLen len,
void *result, AsnLen *bytesDecoded, int mode);
#define MatchingComponentNumericString MatchingComponentOcts
#define ExtractingComponentNumericString(cr,data) NULL
#define FreeComponentNumericString FreeComponentOcts
/*
* OCTETS STRING
*/
typedef struct ComponentOcts {
void* syntax;
ComponentDesc* comp_desc;
struct berval identifier;
char id_buf[MAX_IDENTIFIER_LEN];
AsnOcts value;
} ComponentOcts;
#define GASNOCTS_PRESENT(aocts) ((aocts)->value.octs != NULL)
int GDecComponentOcts (GenBuf *b, void *result,
AsnLen *bytesDecoded, int mode);
int BDecComponentOcts (GenBuf *b, AsnTag tagId, AsnLen len,
void *result, AsnLen *bytesDecoded, int mode);
int MatchingComponentOcts (char* oid, ComponentSyntaxInfo *a, ComponentSyntaxInfo *b);
#define ExtractingComponentOcts(cr,data) NULL
void FreeComponentOcts( ComponentOcts* octs );
/*
* OID (Object Identifier)
*/
typedef struct ComponentOid {
void* syntax;
ComponentDesc* comp_desc;
struct berval identifier;
char id_buf[MAX_IDENTIFIER_LEN];
AsnOid value;
} ComponentOid;
#define GASNOID_PRESENT(aoid) ASNOCTS_PRESENT(aoid)
int GDecComponentOid (GenBuf *b, void *result,
AsnLen *bytesDecoded, int mode);
int BDecComponentOid (GenBuf *b, AsnTag tagId, AsnLen len,
void *result, AsnLen *bytesDecoded, int mode);
int MatchingComponentOid (char* oid, ComponentSyntaxInfo *a, ComponentSyntaxInfo *b);
#define ExtractingComponentOid(cr,data) NULL
#define FreeComponentOid FreeComponentOcts
/*
* Printable String
*/
typedef struct ComponentPrintableString{
void* syntax;
ComponentDesc* comp_desc;
struct berval identifier;
char id_buf[MAX_IDENTIFIER_LEN];
PrintableString value;
} ComponentPrintableString;
#define GDecComponentPrintableString GDecComponentUTF8String
int BDecComponentPrintableString (GenBuf *b, AsnTag tagId, AsnLen len,
void *result, AsnLen *bytesDecoded, int mode);
int BDecComponentPrintableStringTag ( GenBuf *b, void *v, AsnLen *bytesDecoded, int mode );
#define MatchingComponentPrintableString MatchingComponentOcts
#define ExtractingComponentPrintableString(cr,data) NULL
#define FreeComponentPrintableString FreeComponentOcts
/*
* REAL
*/
typedef struct ComponentReal{
void* syntax;
ComponentDesc* comp_desc;
struct berval identifier;
char id_buf[MAX_IDENTIFIER_LEN];
AsnReal value;
} ComponentReal;
int GDecComponentReal (GenBuf *b, void *result,
AsnLen *bytesDecoded, int mode);
int BDecComponentReal (GenBuf *b, AsnTag tagId, AsnLen len,
void *result, AsnLen *bytesDecoded, int mode);
int MatchingComponentReal (char* oid, ComponentSyntaxInfo *a, ComponentSyntaxInfo *b);
#define ExtractingComponentReal(cr,data) NULL
#define FreeComponentReal(v) NULL
/*
* Relative OID
*/
typedef struct ComponentRelativeOid {
void* syntax;
ComponentDesc* comp_desc;
struct berval identifier;
char id_buf[MAX_IDENTIFIER_LEN];
AsnRelativeOid value;
} ComponentRelativeOid;
int GDecComponentRelativeOid (GenBuf *b, void *result,
AsnLen *bytesDecoded, int mode);
int BDecComponentRelativeOid (GenBuf *b, AsnTag tagId, AsnLen len,
void *result, AsnLen *bytesDecoded, int mode);
int MatchingComponentRelativeOid (char* oid, ComponentSyntaxInfo *a, ComponentSyntaxInfo *b);
#define ExtractingComponentRelativeOid(cr,data)
#define FreeComponentRelativeOid FreeComponentOid
/*
* Teletex String
*/
typedef struct ComponentTeletexString {
void* syntax;
ComponentDesc* comp_desc;
struct berval identifier;
char id_buf[MAX_IDENTIFIER_LEN];
TeletexString value;
} ComponentTeletexString;
int GDecComponentTeletexString (GenBuf *b, void *result,
AsnLen *bytesDecoded, int mode);
#define BDecComponentTeletexString BDecComponentOcts
#define MatchingComponentTeletexString MatchingComponentOcts
#define ExtractingComponentTeletexString(cr,data)
#define FreeComponentTeletexString FreeComponentOcts
/*
* Universal String
*/
typedef struct ComponentUniversalString{
void* syntax;
ComponentDesc* comp_desc;
struct berval identifier;
char id_buf[MAX_IDENTIFIER_LEN];
UniversalString value;
} ComponentUniversalString;
int GDecComponentUniversalString (GenBuf *b, void *result,
AsnLen *bytesDecoded, int mode);
int BDecComponentUniversalString (GenBuf *b, AsnTag tagId, AsnLen len,
void *result, AsnLen *bytesDecoded, int mode);
#define MatchingComponentUniversalString MatchingComponentOcts
#define ExtractingComponentUniversalString(cr,data)
#define FreeComponentUniversalString FreeComponentOcts
/*
* UTF8 String
*/
typedef struct ComponentUTF8String{
void* syntax;
ComponentDesc* comp_desc;
struct berval identifier;
char id_buf[MAX_IDENTIFIER_LEN];
UTF8String value;
} ComponentUTF8String;
int GDecComponentUTF8String (GenBuf *b, void *result,
AsnLen *bytesDecoded, int mode);
int BDecComponentUTF8String (GenBuf *b, AsnTag tagId, AsnLen len,
void *result, AsnLen *bytesDecoded, int mode);
#define MatchingComponentUTF8String MatchingComponentOcts
#define ExtractingComponentUTF8String(cr,data)
#define FreeComponentUTF8String FreeComponentOcts
/*
* Visible String
*/
typedef struct ComponentVisibleString{
void* syntax;
ComponentDesc* comp_desc;
struct berval identifier;
char id_buf[MAX_IDENTIFIER_LEN];
VisibleString value;
} ComponentVisibleString;
#define GDecComponentVisibleString GDecComponentUTF8String
int BDecComponentVisibleString (GenBuf *b, AsnTag tagId, AsnLen len,
void *result, AsnLen *bytesDecoded, int mode);
#define MatchingComponentVisibleString MatchingComponentOcts
#define ExtractingComponentVisibleString(cr,data)
#define FreeComponentVisibleString FreeComponentOcts
/*
* ANY and ANY DEFINED BY
*/
typedef int (*MatchFcn) (char*, void*, void*);
typedef void* (*ExtractFcn) (ComponentReference*, void * );
typedef struct ComponentAnyInfo
{
int anyId;
AsnOid oid;
ComponentInt intId;
unsigned int size;
EncodeFcn Encode;
gser_decoder_func* GSER_Decode;
ber_tag_decoder_func* BER_Decode;
ExtractFcn Extract;
MatchFcn Match;
FreeFcn Free;
PrintFcn Print;
} ComponentAnyInfo;
typedef struct ComponentAny{
void* syntax;
ComponentDesc *comp_desc;
struct berval identifier;
char id_buf[MAX_IDENTIFIER_LEN];
ComponentAnyInfo *cai;
void *value;
} ComponentAny;
typedef ComponentAny ComponentAnyDefinedBy;
#define BDecComponentAnyDefinedBy BDecComponentAny
#define GDecComponentAnyDefinedBy GDecComponentAny
#define MatchingComponentAnyDefinedBy MatchingComponentAny
#define FreeComponentAnyDefinedBy FreeComponentAny
int BDecComponentAny (GenBuf *b, ComponentAny *result, AsnLen *bytesDecoded, int mode);
int GDecComponentAny (GenBuf *b, ComponentAny *result, AsnLen *bytesDecoded, int mode);
int MatchingComponentAny (char* oid, ComponentAny *a, ComponentAny *b);
void FreeComponentAny ( ComponentAny*);
void InstallAnyByComponentInt (int anyId, ComponentInt intId, unsigned int size, EncodeFcn encode, gser_decoder_func* G_decode, ber_tag_decoder_func B_decode, ExtractFcn extract, MatchFcn match, FreeFcn free, PrintFcn print);
void InstallAnyByComponentOid (int anyId, AsnOid *oid, unsigned int size, EncodeFcn encode, gser_decoder_func* G_decode, ber_tag_decoder_func* B_decode, ExtractFcn extract, MatchFcn match, FreeFcn free, PrintFcn print);
/*
* UTCTime
*/
typedef ComponentVisibleString ComponentUTCTime;
#define GDecComponentUTCTime GDecComponentVisibleString
#define BDecComponentUTCTime BDecComponentOcts
#define MatchingComponentUTCTime MatchingComponentOcts
#define ExtractingComponentUTCTime(cr,data)
#define FreeComponentUTCTime FreeComponentOcts
/*
* GeneralizedTime
*/
typedef ComponentVisibleString ComponentGeneralizedTime;
#define GDecComponentGeneralizedTime GDecComponentVisibleString
#define BDecComponentGeneralizedTime BDecComponentOcts
#define MatchingComponentGeneralizedTime MatchingComponentOcts
#define ExtractingComponentGeneralizedTime(cr,data)
#define FreeComponentGeneralizedTime FreeComponentOcts
typedef int converter_func LDAP_P ((
struct berval* in ));
typedef struct asntype_to_syntax {
AsnTypeId ats_typeId;
/* Syntax Descriptor */
char *ats_syn_name;
/* Syntax OID */
char *ats_syn_oid;
Syntax *ats_syn;
} AsnTypetoSyntax;
typedef struct asntype_to_matchingrule {
AsnTypeId atmr_typeId;
char* atmr_mr_name;
/*Implicitly corresponding LDAP syntax OID*/
char* atmr_syn_oid;
MatchingRule *atmr_mr;
} AsnTypetoMatchingRule;
typedef struct asntype_to_matchingrule_table {
char* atmr_oid;
struct asntype_to_matchingrule atmr_table[ASNTYPE_END];
struct asntype_to_matchingrule_table* atmr_table_next;
} AsnTypetoMatchingRuleTable;
extern AsnTypetoSyntax asn_to_syntax_mapping_tbl[];
#define MAX_OID_LEN 256
#define MAX_OD_ENTRY 8
/*
* Object Identifier and corresponding Syntax Decoder Table
*/
typedef struct OID_Decoder_entry {
char oe_oid[MAX_OID_LEN];
gser_decoder_func* oe_gser_decoder;
ber_decoder_func* oe_ber_decoder;
converter_func* oe_converter;
struct OID_Decoder_entry* oe_next;
struct OID_Decoder_entry* oe_prev;
} OD_entry;
void
m_convert_asn_to_ldap( ComponentSyntaxInfo* csi, struct berval* bv);
int
m_convert_assert_to_comp ( gser_decoder_func* decoder, struct berval* bv,
ComponentSyntaxInfo** csi, int len, int mode );
void*
m_convert_attr_to_comp ( Attribute* a, struct berval* bv );
/*
* Decoder Modes
* Different operation is required to handle Decoding(2), Extracted Component
* decoding(0), ANY DEFINED TYPe(2)
* b0 : Component Alloc(yes)
* Constructed type : Component Alloc (Yes)
* Primitive type : Component Alloc (Yes)
* set to mode 2 in inner decoders
* b1 : Component Alloc (No)
* Constructed type : Component Alloc (No)
* Primitive type : Component Alloc (No)
* set to mode 2 in inner decoders
* b2 : Default Mode
* Constructed type : Component Alloc (Yes)
* Primitive type : Component Alloc (No)
* in addition to above modes, the 4th bit has special meaning,
* b4 : if the 4th bit is clear, DecxxxContent is called
* b4 : if the 4th bit is set, Decxxx is called, then it is cleared.
*/
#define DEC_ALLOC_MODE_0 0x01
#define DEC_ALLOC_MODE_1 0x02
#define DEC_ALLOC_MODE_2 0x04
#define CALL_TAG_DECODER 0x08
#define CALL_CONTENT_DECODER ~0x08
MatchingRule*
retrieve_matching_rule( char* mr_oid, AsnTypeId type );
#endif

1867
contrib/slapd-modules/comp_match/componentlib.c Normal file
View file

File diff suppressed because it is too large Load diff

339
contrib/slapd-modules/comp_match/init.c Normal file
View file

@ -0,0 +1,339 @@
/* Copyright 2004 IBM Corporation
* All rights reserved.
* Redisribution and use in source and binary forms, with or without
* modification, are permitted only as authorizd by the OpenLADP
* Public License.
*/
/* ACKNOWLEDGEMENTS
* This work originally developed by Sang Seok Lim
* 2004/06/18 03:20:00 slim@OpenLDAP.org
*/
#include "portable.h"
#include <ac/string.h>
#include <ac/socket.h>
#include <ldap_pvt.h>
#include "lutil.h"
#include <ldap.h>
#include "slap.h"
#include "component.h"
#include "asn.h"
#include <asn-gser.h>
#include <string.h>
#ifndef SLAPD_COMP_MATCH
#define SLAPD_COMP_MATCH SLAPD_MOD_DYNAMIC
#endif
OD_entry* gOD_table = NULL;
AsnTypetoMatchingRuleTable* gATMR_table = NULL;
int
load_derived_matching_rule ( char* cfg_path ){
}
MatchingRule*
retrieve_matching_rule( char* mr_oid, AsnTypeId type ) {
char* tmp;
struct berval mr_name = BER_BVNULL;
AsnTypetoMatchingRuleTable* atmr;
for ( atmr = gATMR_table ; atmr ; atmr = atmr->atmr_table_next ) {
if ( strcmp( atmr->atmr_oid, mr_oid ) == 0 ) {
tmp = atmr->atmr_table[type].atmr_mr_name;
if ( tmp ) {
mr_name.bv_val = tmp;
mr_name.bv_len = strlen( tmp );
return mr_bvfind ( &mr_name );
}
}
}
return (MatchingRule*)NULL;
}
OD_entry*
retrieve_oid_decoder_table ( char* oid ) {
OD_entry* curr_entry;
for ( curr_entry = gOD_table ; curr_entry != NULL ;
curr_entry = curr_entry->oe_next ) {
if ( strcmp ( curr_entry->oe_oid , oid ) == 0 )
return curr_entry;
}
return (OD_entry*) NULL;
}
int
add_OD_entry ( char* oid, gser_decoder_func* gser_decoder ,
ber_decoder_func ber_decoder, converter_func* converter ) {
OD_entry* new_entry;
if ( !gOD_table ) {
gOD_table = new_entry = (OD_entry*) malloc( sizeof ( OD_entry ) );
gOD_table->oe_next = NULL;
gOD_table->oe_prev = NULL;
}
else {
new_entry = (OD_entry*) malloc( sizeof ( OD_entry ) );
if ( !new_entry ) return -1;
gOD_table->oe_prev = new_entry;
new_entry->oe_next = gOD_table;
new_entry->oe_prev = NULL;
gOD_table = new_entry;
}
strcpy ( new_entry->oe_oid ,oid );
new_entry->oe_gser_decoder = gser_decoder;
new_entry->oe_ber_decoder = ber_decoder;
new_entry->oe_converter = converter;
return 1;
}
int
remove_OD_entry ( char* oid ) {
OD_entry* curr_entry;
for ( curr_entry = gOD_table ; curr_entry != NULL ;
curr_entry = curr_entry->oe_next ) {
if ( strcmp ( curr_entry->oe_oid , oid ) == 0 ) {
if ( !curr_entry->oe_next ) {
if ( curr_entry->oe_prev ) {
curr_entry->oe_prev->oe_next = NULL;
}
} else {
curr_entry->oe_prev->oe_next = curr_entry->oe_next;
curr_entry->oe_next->oe_prev = curr_entry->oe_prev;
}
free ( curr_entry );
return 1;
}
}
return -1;
}
void*
comp_convert_attr_to_comp LDAP_P (( Attribute* a, Syntax *syn, struct berval* bv ))
{
char* peek_head;
int mode, bytesDecoded, size, rc;
void* component;
char* oid = a->a_desc->ad_type->sat_atype.at_oid ;
GenBuf* b;
ExpBuf* buf;
OD_entry* od_entry;
/* look for the decoder registered for the given attribute */
od_entry = retrieve_oid_decoder_table ( oid );
if ( !od_entry || !od_entry->oe_ber_decoder ) return (void*)NULL;
if ( od_entry->oe_converter ) {
size = (*od_entry->oe_converter)( bv );
if ( size <= 0 ) return (void*)NULL;
}
ExpBufInit( 2048 );
buf = ExpBufAllocBufAndData();
ExpBufResetInWriteRvsMode( buf );
ExpBuftoGenBuf( buf, &b );
BufPutSegRvs( b, bv->bv_val, bv->bv_len );
BufResetInReadMode( b );
mode = DEC_ALLOC_MODE_2;
/*
* How can we decide which decoder will be called, GSER or BER?
* Currently BER decoder is called for a certificate.
* The flag of Attribute will say something about it in the future
*/
if ( slap_syntax_is_ber ( syn ) ) {
rc =BDecComponentTop(od_entry->oe_ber_decoder, b, 0,0,
&component,&bytesDecoded,mode ) ;
}
else {
rc = od_entry->oe_gser_decoder(b, component,&bytesDecoded,mode);
}
if ( rc == -1 )
return (void*)NULL;
else
return component;
}
void
comp_free_component LDAP_P (( ComponentSyntaxInfo *csi )) {
if ( csi->csi_comp_desc->cd_free )
csi->csi_comp_desc->cd_free(csi);
free ( csi->csi_comp_desc );
free ( csi );
return;
}
int
comp_convert_assert_to_comp LDAP_P (( ComponentSyntaxInfo *csi_attr, struct berval* bv,
ComponentSyntaxInfo** csi, int* len, int mode ))
{
GenBuf* genBuf;
ExpBuf* buf;
gser_decoder_func *decoder = csi_attr->csi_comp_desc->cd_gser_decoder;
ExpBufInit( 2048 );
buf = ExpBufAllocBufAndData();
ExpBufResetInWriteRvsMode( buf );
ExpBuftoGenBuf( buf, &genBuf );
BufPutSegRvs( genBuf, bv->bv_val, bv->bv_len );
BufResetInReadMode( genBuf );
if ( csi_attr->csi_comp_desc->cd_type_id == BASICTYPE_ANY )
decoder = ((ComponentAny*)csi_attr)->cai->GSER_Decode;
return (*decoder)( genBuf, csi, len, mode );
}
int intToAscii( int value, char* buf ) {
int minus=0,i,temp;
char digit;
int total_num_digits;
if ( value == 0 ){
buf[0] = '0';
return 1;
}
if ( value < 0 ){
minus = 1;
value = value*(-1);
buf[0] = '-';
}
/* How many digits */
for ( temp = value, total_num_digits=0 ; temp ; total_num_digits++ )
temp = temp/10;
total_num_digits += minus;
for ( i = minus ; value ; i++ ) {
buf[ total_num_digits - i ]= (char)(value%10 + '0');
value = value/10;
}
return i;
}
int
comp_convert_asn_to_ldap LDAP_P(( ComponentSyntaxInfo* csi, struct berval* bv ))
{
int value;
Syntax* syn;
AsnTypetoSyntax* asn_to_syn =
&asn_to_syntax_mapping_tbl[csi->csi_comp_desc->cd_type_id];
if ( asn_to_syn->ats_syn_oid )
csi->csi_syntax = syn_find ( asn_to_syn->ats_syn_oid );
else
csi->csi_syntax = NULL;
switch ( csi->csi_comp_desc->cd_type_id ) {
case BASICTYPE_BOOLEAN :
if ( ((ComponentBool*)csi)->value > 0 ) {
strcpy ( bv->bv_val , "TRUE" );
bv->bv_len = 4;
}
else {
strcpy ( bv->bv_val , "FALSE" );
bv->bv_len = 5;
}
break ;
case BASICTYPE_NULL :
bv->bv_val = (char *) &((ComponentNull*)csi)->value;
bv->bv_len = sizeof(char);
break;
case BASICTYPE_INTEGER :
bv->bv_len = intToAscii(((ComponentInt*)csi)->value, bv->bv_val );
if ( bv->bv_len <= 0 ) return LDAP_INVALID_SYNTAX;
break;
case BASICTYPE_REAL :
bv->bv_val = (char *) &((ComponentReal*)csi)->value;
bv->bv_len = sizeof(double);
break;
case BASICTYPE_ENUMERATED :
bv->bv_val = (char *) &((ComponentEnum*)csi)->value;
bv->bv_len = sizeof(int);
break;
case BASICTYPE_OID :
case BASICTYPE_OCTETSTRING :
case BASICTYPE_BITSTRING :
case BASICTYPE_NUMERIC_STR :
case BASICTYPE_PRINTABLE_STR :
case BASICTYPE_UNIVERSAL_STR :
case BASICTYPE_IA5_STR :
case BASICTYPE_BMP_STR :
case BASICTYPE_UTF8_STR :
case BASICTYPE_UTCTIME :
case BASICTYPE_GENERALIZEDTIME :
case BASICTYPE_GRAPHIC_STR :
case BASICTYPE_VISIBLE_STR :
case BASICTYPE_GENERAL_STR :
case BASICTYPE_OBJECTDESCRIPTOR :
case BASICTYPE_VIDEOTEX_STR :
case BASICTYPE_T61_STR :
case BASICTYPE_OCTETCONTAINING :
case BASICTYPE_BITCONTAINING :
case BASICTYPE_RELATIVE_OID :
bv->bv_val = ((ComponentOcts*)csi)->value.octs;
bv->bv_len = ((ComponentOcts*)csi)->value.octetLen;
break;
case BASICTYPE_ANY :
csi = ((ComponentAny*)csi)->value;
if ( csi->csi_comp_desc->cd_type != ASN_BASIC ||
csi->csi_comp_desc->cd_type_id == BASICTYPE_ANY )
return LDAP_INVALID_SYNTAX;
return comp_convert_asn_to_ldap( csi, bv );
case COMPOSITE_ASN1_TYPE :
case RDNSequence :
case RelativeDistinguishedName :
case TelephoneNumber :
case FacsimileTelephoneNumber__telephoneNumber :
break;
case DirectoryString :
bv->bv_val = ((ComponentOcts*)csi)->value.octs;
bv->bv_len = ((ComponentOcts*)csi)->value.octetLen;
break;
case ASN_COMP_CERTIFICATE :
case ASNTYPE_END :
break;
default :
/*Only ASN Basic Type can be converted into LDAP string*/
return LDAP_INVALID_SYNTAX;
}
if ( csi->csi_syntax && csi->csi_syntax->ssyn_validate ) {
if ( csi->csi_syntax->ssyn_validate(csi->csi_syntax, bv) != LDAP_SUCCESS )
return LDAP_INVALID_SYNTAX;
}
return LDAP_SUCCESS;
}
#if SLAPD_COMP_MATCH == SLAPD_MOD_DYNAMIC
#include "certificate.h"
extern convert_attr_to_comp_func* attr_converter;
extern convert_assert_to_comp_func* assert_converter;
extern convert_asn_to_ldap_func* csi_converter;
extern free_component_func* component_destructor;
int init_module(int argc, char *argv[]) {
/*
* Initialize function pointers in slapd
*/
attr_converter = comp_convert_attr_to_comp;
assert_converter = comp_convert_assert_to_comp;
csi_converter = comp_convert_asn_to_ldap;
component_destructor = comp_free_component;
/* file path needs to be */
load_derived_matching_rule ("derived_mr.cfg");
/* the initialization for example X.509 certificate */
init_module_AuthenticationFramework();
return 0;
}
#endif /* SLAPD_PASSWD */

3
servers/slapd/asn.h
View file

@ -49,6 +49,7 @@ typedef enum AsnTypeId {
BASICTYPE_OCTETCONTAINING, BASICTYPE_OCTETCONTAINING,
BASICTYPE_BITCONTAINING, BASICTYPE_BITCONTAINING,
BASICTYPE_RELATIVE_OID, /* 25 */ BASICTYPE_RELATIVE_OID, /* 25 */
BASICTYPE_ANY, /* 25 */
/* Embedded Composite Types*/ /* Embedded Composite Types*/
COMPOSITE_ASN1_TYPE, COMPOSITE_ASN1_TYPE,
/* A New ASN.1 types including type reference */ /* A New ASN.1 types including type reference */
@ -58,7 +59,7 @@ typedef enum AsnTypeId {
FacsimileTelephoneNumber_telephoneNumber, FacsimileTelephoneNumber_telephoneNumber,
DirectoryString, DirectoryString,
/* Newly Defined ASN.1 Type, Manually registered */ /* Newly Defined ASN.1 Type, Manually registered */
ASN_T1, ASN_COMP_CERTIFICATE,
/* ASN.1 Type End */ /* ASN.1 Type End */
ASNTYPE_END ASNTYPE_END
} AsnTypeId; } AsnTypeId;

374
servers/slapd/component.c
View file

@ -26,8 +26,20 @@
#ifdef LDAP_COMP_MATCH #ifdef LDAP_COMP_MATCH
#include "asn.h" #include "component.h"
/*
* This three function pointers are initialized
* when a component module is loaded
*/
convert_attr_to_comp_func* attr_converter = NULL ;
convert_assert_to_comp_func* assert_converter = NULL ;
convert_asn_to_ldap_func* csi_converter = NULL ;
free_component_func* component_destructor = NULL ;
#define OID_ALL_COMP_MATCH "1.2.36.79672281.1.13.6"
#define OID_COMP_FILTER_MATCH "1.2.36.79672281.1.13.2"
#define MAX_LDAP_STR_LEN 128
static int static int
peek_componentId_type( ComponentAssertionValue* cav ); peek_componentId_type( ComponentAssertionValue* cav );
@ -42,10 +54,16 @@ parse_comp_filter( Operation* op, ComponentAssertionValue* cav,
ComponentFilter** filt, const char** text ); ComponentFilter** filt, const char** text );
static int static int
test_comp_filter_attr( Operation *op, Attribute *a, struct berval *bv, test_comp_filter( Syntax *syn, Attribute *a, struct berval *bv,
ComponentFilter *f ); ComponentFilter *f );
int componentCertificateValidate(
Syntax *syntax,
struct berval *val )
{
return LDAP_SUCCESS;
}
componentFilterValidate( componentFilterValidate(
Syntax *syntax, Syntax *syntax,
struct berval *val ) struct berval *val )
@ -53,6 +71,14 @@ componentFilterValidate(
return LDAP_SUCCESS; return LDAP_SUCCESS;
} }
int
allComponentsValidate(
Syntax *syntax,
struct berval *val )
{
return LDAP_SUCCESS;
}
int int
componentFilterMatch ( componentFilterMatch (
int *matchp, int *matchp,
@ -62,12 +88,47 @@ componentFilterMatch (
struct berval *value, struct berval *value,
void *assertedValue ) void *assertedValue )
{ {
/* FIXME: to be implemented */ Attribute *a = (Attribute*)value;
MatchingRuleAssertion * ma = (MatchingRuleAssertion*)assertedValue;
int rc;
if ( !(mr && mr->smr_usage & SLAP_MR_COMPONENT) || !ma->ma_cf )
return LDAP_INAPPROPRIATE_MATCHING;
rc = test_comp_filter( syntax, a, a->a_vals, ma->ma_cf );
if ( component_destructor && a->a_component_values ) {
component_destructor(a->a_component_values);
a->a_component_values = NULL;
}
if ( rc == LDAP_COMPARE_TRUE ) {
*matchp = 0;
return LDAP_SUCCESS;
}
else if ( rc == LDAP_COMPARE_FALSE ) {
*matchp = 1;
return LDAP_SUCCESS;
}
else {
return LDAP_INAPPROPRIATE_MATCHING;
}
}
int
allComponentsMatch(
int *matchp,
slap_mask_t flags,
Syntax *syntax,
MatchingRule *mr,
struct berval *value,
void *assertedValue )
{
/* Only for Registeration */
*matchp = 0; *matchp = 0;
return LDAP_SUCCESS; return LDAP_SUCCESS;
} }
static int static int
slapd_ber2cav( struct berval* bv, ComponentAssertionValue* cav) slapd_ber2cav( struct berval* bv, ComponentAssertionValue* cav)
{ {
@ -94,8 +155,9 @@ get_comp_filter ( Operation* op, struct berval* bv, ComponentFilter** filt,
static void static void
eat_whsp( ComponentAssertionValue* cav ) eat_whsp( ComponentAssertionValue* cav )
{ {
while ( ( cav->cav_ptr <= cav->cav_end ) && ( *cav->cav_ptr == ' ' ) ) for ( ; ( *cav->cav_ptr == ' ' ) && ( cav->cav_ptr < cav->cav_end ) ; ) {
cav->cav_ptr++; cav->cav_ptr++;
}
} }
static int static int
@ -238,7 +300,9 @@ peek_componentId_type( ComponentAssertionValue* cav )
else if ( (cav->cav_end - cav->cav_ptr) >= 7 && else if ( (cav->cav_end - cav->cav_ptr) >= 7 &&
strncmp(cav->cav_ptr,"content",7) == 0 ) strncmp(cav->cav_ptr,"content",7) == 0 )
return LDAP_COMPREF_CONTENT; return LDAP_COMPREF_CONTENT;
else if ( cav->cav_ptr[0] >= 'a' && cav->cav_ptr[0] <= 'z' ) else if ( (cav->cav_ptr[0] >= 'a' && cav->cav_ptr[0] <= 'z') ||
(cav->cav_ptr[0] >= 'A' && cav->cav_ptr[0] <= 'Z') )
return LDAP_COMPREF_IDENTIFIER; return LDAP_COMPREF_IDENTIFIER;
else else
return LDAP_COMPREF_UNDEFINED; return LDAP_COMPREF_UNDEFINED;
@ -277,6 +341,8 @@ get_component_reference( Operation *op, ComponentAssertionValue* cav,
if ( count == 0 ) ca_comp_ref->cr_curr = ca_comp_ref->cr_list; if ( count == 0 ) ca_comp_ref->cr_curr = ca_comp_ref->cr_list;
cr_list = &(*cr_list)->ci_next; cr_list = &(*cr_list)->ci_next;
} }
else if ( rc == LDAP_COMPREF_UNDEFINED )
return rc;
} }
ca_comp_ref->cr_len = count; ca_comp_ref->cr_len = count;
strip_cav_str( cav, "\""); strip_cav_str( cav, "\"");
@ -347,10 +413,10 @@ get_matching_rule( Operation *op, ComponentAssertionValue* cav,
return LDAP_SUCCESS; return LDAP_SUCCESS;
} }
static void static int
get_GSER_value( ComponentAssertionValue* cav, struct berval* bv ) get_GSER_value( ComponentAssertionValue* cav, struct berval* bv )
{ {
int count; int count, sequent_dquote, unclosed_brace, succeed;
eat_whsp( cav ); eat_whsp( cav );
/* /*
@ -365,39 +431,61 @@ get_GSER_value( ComponentAssertionValue* cav, struct berval* bv )
* INTEGER, BOOLEAN, NULL,ENUMERATE, etc * INTEGER, BOOLEAN, NULL,ENUMERATE, etc
*/ */
succeed = 0;
if ( cav->cav_ptr[0] == '"' ) { if ( cav->cav_ptr[0] == '"' ) {
for( count = 0 ; ; count++ ) { for( count = 1, sequent_dquote = 0 ; ; count++ ) {
if ( cav->cav_ptr[count] == '\0' || /* In order to find escaped double quote */
( cav->cav_ptr[count] == '"' && cav->cav_ptr[count-1] != '"') ) if ( cav->cav_ptr[count] == '"' ) sequent_dquote++;
else sequent_dquote = 0;
if ( cav->cav_ptr[count] == '\0' || cav->cav_ptr > cav->cav_end ) {
break; break;
} }
if ( ( cav->cav_ptr[count] == '"' && cav->cav_ptr[count-1] != '"') ||
( sequent_dquote > 2 && (sequent_dquote%2) == 1 ) ) {
succeed = 1;
break;
}
}
} }
else if ( cav->cav_ptr[0] == '\'' ) { else if ( cav->cav_ptr[0] == '\'' ) {
for( count = 0 ; ; count++ ) { for( count = 1 ; ; count++ ) {
if ( cav->cav_ptr[count] == '\0' || if ( cav->cav_ptr[count] == '\0' || cav->cav_ptr > cav->cav_end ) {
(cav->cav_ptr[count] == '\'' && cav->cav_ptr[count] == 'B')||
(cav->cav_ptr[count] == '\'' && cav->cav_ptr[count] == 'H') )
break; break;
} }
if ((cav->cav_ptr[count-1] == '\'' && cav->cav_ptr[count] == 'B')||
(cav->cav_ptr[count-1] == '\'' && cav->cav_ptr[count] == 'H') ) {
succeed = 1;
break;
}
}
} }
else if ( cav->cav_ptr[0] == '{' ) { else if ( cav->cav_ptr[0] == '{' ) {
for( count = 0 ; ; count++ ) { for( count = 1, unclosed_brace = 1 ; ; count++ ) {
if ( cav->cav_ptr[count] == '\0' || if ( cav->cav_ptr[count] == '{' ) unclosed_brace++;
(cav->cav_ptr[count] == '}' && cav->cav_ptr[count] == ' ') ) if ( cav->cav_ptr[count] == '}' ) unclosed_brace--;
if ( cav->cav_ptr[count] == '\0' || cav->cav_ptr > cav->cav_end )
break; break;
if ( unclosed_brace == 0 ) {
succeed = 1;
break;
}
} }
} }
else { else {
for( count = 0 ; ; count++ ) { succeed = 1;
if ( cav->cav_ptr[count] == ' ') count = cav->cav_end - cav->cav_ptr;
break;
}
} }
if ( !succeed ) return LDAP_FILTER_ERROR;
bv->bv_val = cav->cav_ptr; bv->bv_val = cav->cav_ptr;
bv->bv_len = count; bv->bv_len = count + 1 ;
cav->cav_ptr += count; cav->cav_ptr += count;
return LDAP_SUCCESS;
} }
static int static int
@ -409,7 +497,8 @@ get_matching_value( Operation *op, ComponentAssertion* ca,
ber_tag_t tag; ber_tag_t tag;
if ( !(ca->ca_ma_rule->smr_usage & (SLAP_MR_COMPONENT)) ) { if ( !(ca->ca_ma_rule->smr_usage & (SLAP_MR_COMPONENT)) ) {
get_GSER_value( cav, bv ); if ( get_GSER_value( cav, bv ) != LDAP_SUCCESS )
return LDAP_FILTER_ERROR;
} }
else { else {
/* embeded componentFilterMatch Description */ /* embeded componentFilterMatch Description */
@ -491,6 +580,8 @@ get_item( Operation *op, ComponentAssertionValue* cav, ComponentAssertion** ca,
Debug( LDAP_DEBUG_FILTER, "get_item: %s\n", 0, 0, 0 ); Debug( LDAP_DEBUG_FILTER, "get_item: %s\n", 0, 0, 0 );
_ca = op->o_tmpalloc( sizeof( ComponentAssertion ), op->o_tmpmemctx ); _ca = op->o_tmpalloc( sizeof( ComponentAssertion ), op->o_tmpmemctx );
_ca->ca_component_values = NULL;
rc = peek_cav_str( cav, "component" ); rc = peek_cav_str( cav, "component" );
if ( rc == LDAP_SUCCESS ) { if ( rc == LDAP_SUCCESS ) {
strip_cav_str( cav, "component" ); strip_cav_str( cav, "component" );
@ -511,6 +602,7 @@ get_item( Operation *op, ComponentAssertionValue* cav, ComponentAssertion** ca,
op->o_tmpfree( _ca, op->o_tmpmemctx ); op->o_tmpfree( _ca, op->o_tmpmemctx );
return rc; return rc;
} }
strip_cav_str( cav,",");
} }
if ( !( strip_cav_str( cav, "rule" ) == LDAP_SUCCESS && if ( !( strip_cav_str( cav, "rule" ) == LDAP_SUCCESS &&
@ -529,7 +621,7 @@ get_item( Operation *op, ComponentAssertionValue* cav, ComponentAssertion** ca,
} }
/* componentFilterMatch contains componentFilterMatch in it */ /* componentFilterMatch contains componentFilterMatch in it */
if ( _ca->ca_ma_rule->smr_usage & (SLAP_MR_COMPONENT) ) { if ( strcmp(_ca->ca_ma_rule->smr_mrule.mr_oid, OID_COMP_FILTER_MATCH ) == 0) {
struct berval bv; struct berval bv;
bv.bv_val = cav->cav_ptr; bv.bv_val = cav->cav_ptr;
bv.bv_len = cav_cur_len( cav ); bv.bv_len = cav_cur_len( cav );
@ -669,7 +761,7 @@ parse_comp_filter( Operation* op, ComponentAssertionValue* cav,
static int static int
test_comp_filter_and( test_comp_filter_and(
Operation *op, Syntax *syn,
Attribute *a, Attribute *a,
struct berval *bv, struct berval *bv,
ComponentFilter *flist ) ComponentFilter *flist )
@ -678,7 +770,7 @@ test_comp_filter_and(
int rtn = LDAP_COMPARE_TRUE; int rtn = LDAP_COMPARE_TRUE;
for ( f = flist ; f != NULL; f = f->cf_next ) { for ( f = flist ; f != NULL; f = f->cf_next ) {
int rc = test_comp_filter_attr( op, a, bv, f ); int rc = test_comp_filter( syn, a, bv, f );
if ( rc == LDAP_COMPARE_FALSE ) { if ( rc == LDAP_COMPARE_FALSE ) {
rtn = rc; rtn = rc;
break; break;
@ -694,7 +786,7 @@ test_comp_filter_and(
static int static int
test_comp_filter_or( test_comp_filter_or(
Operation *op, Syntax *syn,
Attribute *a, Attribute *a,
struct berval *bv, struct berval *bv,
ComponentFilter *flist ) ComponentFilter *flist )
@ -703,7 +795,7 @@ test_comp_filter_or(
int rtn = LDAP_COMPARE_TRUE; int rtn = LDAP_COMPARE_TRUE;
for ( f = flist ; f != NULL; f = f->cf_next ) { for ( f = flist ; f != NULL; f = f->cf_next ) {
int rc = test_comp_filter_attr( op, a, bv, f ); int rc = test_comp_filter( syn, a, bv, f );
if ( rc == LDAP_COMPARE_TRUE ) { if ( rc == LDAP_COMPARE_TRUE ) {
rtn = rc; rtn = rc;
break; break;
@ -717,136 +809,138 @@ test_comp_filter_or(
return rtn; return rtn;
} }
/* static int
* Convert attribute value to C internal data structure csi_value_match( MatchingRule *mr, struct berval* bv_attr,
* This function has an associated ASN.1 type struct berval* bv_assert )
* bv must contain the value for the type( type name is T1 ) {
* This function is linked to ssyn_attr2comp int rc;
*/ int match;
assert( mr != NULL );
assert( !(mr->smr_usage & SLAP_MR_COMPONENT) );
if( !mr->smr_match ) {
return LDAP_INAPPROPRIATE_MATCHING;
}
rc = (mr->smr_match)( &match, 0, NULL /*ad->ad_type->sat_syntax*/,
mr, bv_attr, bv_assert );
if ( rc == LDAP_SUCCESS )
return match? LDAP_COMPARE_FALSE:LDAP_COMPARE_TRUE;
else
return rc;
}
int
component_value_match( MatchingRule* mr,
ComponentSyntaxInfo* csi_attr, ComponentSyntaxInfo* csi_assert )
{
int rc;
if ( mr->smr_usage & SLAP_MR_COMPONENT ){
if( strcmp( mr->smr_mrule.mr_oid, OID_ALL_COMP_MATCH ) == 0 ){
/* allComponentMatch */
return csi_attr->csi_comp_desc->cd_all_match( NULL,
csi_attr, csi_assert );
}
else {
return csi_assert->csi_comp_desc->cd_all_match(
mr->smr_mrule.mr_oid, csi_attr, csi_assert );
}
}
else {
if ( csi_attr->csi_comp_desc->cd_type == ASN_BASIC ) {
struct berval bv1, bv2;
char attr_buf[MAX_LDAP_STR_LEN],assert_buf[MAX_LDAP_STR_LEN];
bv1.bv_val = attr_buf;
bv2.bv_val = assert_buf;
if ( csi_converter &&
( csi_converter ( csi_attr, &bv1 ) == LDAP_SUCCESS ) && ( csi_converter ( csi_assert, &bv2 ) == LDAP_SUCCESS ) )
return csi_value_match( mr, &bv1, &bv2 );
else
return LDAP_INAPPROPRIATE_MATCHING;
}
else if ( csi_attr->csi_comp_desc->cd_type == ASN_COMPOSITE ) {
return LDAP_INAPPROPRIATE_MATCHING;
}
}
}
/* /*
* return codes : LDAP_COMPARE_TRUE, LDAP_COMPARE_FALSE * return codes : LDAP_COMPARE_TRUE, LDAP_COMPARE_FALSE
*/ */
static int static int
test_comp_filter_item( test_comp_filter_item(
Operation *op, Syntax *syn,
Attribute *a, Attribute *a,
struct berval *bv, struct berval *bv,
ComponentAssertion *ca ) ComponentAssertion *ca )
{ {
int rc = LDAP_COMPARE_TRUE; int rc, len;
int len; ComponentSyntaxInfo* csi_attr, *csi_assert=NULL;
ComponentSyntaxInfo* csi_attr, *csi_assert;
if ( (ca->ca_ma_rule->smr_usage & SLAP_MR_COMPONENT) && ca->ca_cf ) { if ( strcmp(ca->ca_ma_rule->smr_mrule.mr_oid,
OID_COMP_FILTER_MATCH ) == 0 && ca->ca_cf ) {
/* componentFilterMatch inside of componentFilterMatch */ /* componentFilterMatch inside of componentFilterMatch */
rc = test_comp_filter_attr( op, a, bv, ca->ca_cf ); rc = test_comp_filter( syn, a, bv, ca->ca_cf );
return rc; return rc;
} }
assert( !(ca->ca_ma_rule->smr_usage & SLAP_MR_COMPONENT) ); /* load attribute containg components */
/* FIXME : Return ALWAYS true */ /* For a testing purpose, link following function here */
return LDAP_COMPARE_TRUE; if ( !a->a_component_values && attr_converter )
} a->a_component_values = attr_converter (a, syn, bv);
/* if ( a->a_component_values == NULL )
* If matched, LDAP_COMPARE_TRUE is returned return LDAP_PROTOCOL_ERROR;
*/
int
test_comp_filter_entry(
Operation *op,
Entry *e,
MatchingRuleAssertion *mra )
{
Attribute *a;
void *memctx;
mra->ma_cf->cf_ca->ca_mra = mra; /* load component containg the referenced component */
ca->ca_comp_ref->cr_curr = ca->ca_comp_ref->cr_list;
csi_attr = (((ComponentSyntaxInfo*)a->a_component_values)->csi_comp_desc->cd_extract_i)( ca->ca_comp_ref, a->a_component_values );
Debug( LDAP_DEBUG_FILTER, "test_comp_filter_entry\n", 0, 0, 0 ); if ( !csi_attr )
if ( mra->ma_desc ) { return LDAP_PROTOCOL_ERROR;
/*
* ma_desc is available, so filtering for one attribute /* decode the asserted value */
* SEARCH permissionc can be checked directly if( !ca->ca_component_values && assert_converter ) {
*/ assert_converter ( csi_attr, &ca->ca_ma_value,
if ( !access_allowed( op, e, mra->ma_desc, &csi_assert, &len, DEC_ALLOC_MODE_0 );
&mra->ma_value, ACL_SEARCH, NULL ) ) ca->ca_component_values = (void*)csi_assert;
{
return LDAP_INSUFFICIENT_ACCESS;
} }
/* Find attributes that componentFilter Match can be applied to */ else csi_assert = ca->ca_component_values;
for( a=attrs_find( e->e_attrs, mra->ma_desc );
a != NULL ;
a = attrs_find( a->a_next, mra->ma_desc ) )
{
struct berval *bv = a->a_vals;
for ( ; bv->bv_val != NULL ; bv++ ) { if ( !csi_assert )
int ret, rc; return LDAP_PROTOCOL_ERROR;
const char *text;
rc = test_comp_filter_attr( op, a, bv, mra->ma_cf );
if ( rc == LDAP_COMPARE_TRUE ) return rc;
}
}
} else { return component_value_match( ca->ca_ma_rule, csi_attr, csi_assert);
/*
* No attribute description : test all
*/
for ( a = e->e_attrs; a != NULL; a = a->a_next ) {
struct berval *bv, value;
const char *text = NULL;
int rc;
/* check if matching is appropriate */
if ( !mr_usable_with_at( mra->ma_rule, a->a_desc->ad_type
)) {
continue;
}
/* check search access */
if ( !access_allowed( op, e,
a->a_desc, &value, ACL_SEARCH, NULL ) ) {
continue;
}
bv = a->a_vals;
for ( ; bv->bv_val != NULL ; bv++ ) {
int ret, rc;
const char *text;
rc = test_comp_filter_attr( op, a, bv, mra->ma_cf );
if ( rc == LDAP_COMPARE_TRUE ) break;
}
if ( rc != LDAP_SUCCESS ) return rc;
}
}
return LDAP_COMPARE_FALSE;
} }
static int static int
test_comp_filter_attr( test_comp_filter(
Operation *op, Syntax *syn,
Attribute *a, Attribute *a,
struct berval *bv, struct berval *bv,
ComponentFilter *f ) ComponentFilter *f )
{ {
int rc; int rc;
Debug( LDAP_DEBUG_FILTER, "test_comp_filter_attr\n", 0, 0, 0 ); if ( !f ) return LDAP_PROTOCOL_ERROR;
Debug( LDAP_DEBUG_FILTER, "test_comp_filter\n", 0, 0, 0 );
switch ( f->cf_choice ) { switch ( f->cf_choice ) {
case SLAPD_FILTER_COMPUTED: case SLAPD_FILTER_COMPUTED:
rc = f->cf_result; rc = f->cf_result;
break; break;
case LDAP_COMP_FILTER_AND: case LDAP_COMP_FILTER_AND:
rc = test_comp_filter_and( op, a, bv, f->cf_and ); rc = test_comp_filter_and( syn, a, bv, f->cf_and );
break; break;
case LDAP_COMP_FILTER_OR: case LDAP_COMP_FILTER_OR:
rc = test_comp_filter_or( op, a, bv, f->cf_or ); rc = test_comp_filter_or( syn, a, bv, f->cf_or );
break; break;
case LDAP_COMP_FILTER_NOT: case LDAP_COMP_FILTER_NOT:
rc = test_comp_filter_attr( op, a, bv, f->cf_not ); rc = test_comp_filter( syn, a, bv, f->cf_not );
switch ( rc ) { switch ( rc ) {
case LDAP_COMPARE_TRUE: case LDAP_COMPARE_TRUE:
@ -858,7 +952,7 @@ test_comp_filter_attr(
} }
break; break;
case LDAP_COMP_FILTER_ITEM: case LDAP_COMP_FILTER_ITEM:
rc = test_comp_filter_item( op, a, bv, f->cf_ca ); rc = test_comp_filter_item( syn, a, bv, f->cf_ca );
break; break;
default: default:
rc = LDAP_PROTOCOL_ERROR; rc = LDAP_PROTOCOL_ERROR;
@ -866,4 +960,40 @@ test_comp_filter_attr(
return( rc ); return( rc );
} }
static void
free_comp_filter_list( ComponentFilter* f )
{
ComponentFilter* tmp;
for ( tmp = f ; tmp; tmp = tmp->cf_next );
{
free_comp_filter( tmp );
}
}
static void
free_comp_filter( ComponentFilter* f )
{
switch ( f->cf_choice ) {
case LDAP_COMP_FILTER_AND:
case LDAP_COMP_FILTER_OR:
case LDAP_COMP_FILTER_NOT:
free_comp_filter( f->cf_any );
break;
case LDAP_COMP_FILTER_ITEM:
if ( component_destructor && f->cf_ca->ca_component_values )
component_destructor( f->cf_ca->ca_component_values );
break;
default:
break;
}
}
void
component_free( ComponentFilter *f ) {
free_comp_filter( f );
}
#endif #endif

33
servers/slapd/filterentry.c
View file

@ -163,13 +163,6 @@ static int test_mra_filter(
memfree = op->o_tmpfree; memfree = op->o_tmpfree;
} }
#ifdef LDAP_COMP_MATCH
/* Component Matching */
if( mra->ma_cf && mra->ma_rule->smr_usage & SLAP_MR_COMPONENT ) {
return test_comp_filter_entry( op, e, mra );
}
#endif
if ( mra->ma_desc ) { if ( mra->ma_desc ) {
/* /*
* if ma_desc is available, then we're filtering for * if ma_desc is available, then we're filtering for
@ -189,6 +182,7 @@ static int test_mra_filter(
rc = value_match( &ret, slap_schema.si_ad_entryDN, mra->ma_rule, rc = value_match( &ret, slap_schema.si_ad_entryDN, mra->ma_rule,
0, &e->e_nname, &mra->ma_value, &text ); 0, &e->e_nname, &mra->ma_value, &text );
if( rc != LDAP_SUCCESS ) return rc; if( rc != LDAP_SUCCESS ) return rc;
if ( ret == 0 ) return LDAP_COMPARE_TRUE; if ( ret == 0 ) return LDAP_COMPARE_TRUE;
return LDAP_COMPARE_FALSE; return LDAP_COMPARE_FALSE;
@ -213,9 +207,19 @@ static int test_mra_filter(
int rc; int rc;
const char *text; const char *text;
#ifdef LDAP_COMP_MATCH
/* Component Matching */
if( mra->ma_cf && mra->ma_rule->smr_usage & SLAP_MR_COMPONENT ) {
rc = value_match( &ret, a->a_desc, mra->ma_rule, 0,
(struct berval *)a,(void*) mra , &text );
}
else {
#endif
rc = value_match( &ret, a->a_desc, mra->ma_rule, 0, rc = value_match( &ret, a->a_desc, mra->ma_rule, 0,
bv, &mra->ma_value, &text ); bv, &mra->ma_value, &text );
#ifdef LDAP_COMP_MATCH
}
#endif
if( rc != LDAP_SUCCESS ) return rc; if( rc != LDAP_SUCCESS ) return rc;
if ( ret == 0 ) return LDAP_COMPARE_TRUE; if ( ret == 0 ) return LDAP_COMPARE_TRUE;
} }
@ -258,9 +262,21 @@ static int test_mra_filter(
for ( ; bv->bv_val != NULL; bv++ ) { for ( ; bv->bv_val != NULL; bv++ ) {
int ret; int ret;
#ifdef LDAP_COMP_MATCH
/* Component Matching */
if( mra->ma_cf &&
mra->ma_rule->smr_usage & SLAP_MR_COMPONENT) {
rc = value_match( &ret, a->a_desc, mra->ma_rule, 0,
(struct berval*)a, (void*)mra, &text );
}
else {
#endif
rc = value_match( &ret, a->a_desc, mra->ma_rule, 0, rc = value_match( &ret, a->a_desc, mra->ma_rule, 0,
bv, &value, &text ); bv, &value, &text );
#ifdef LDAP_COMP_MATCH
}
#endif
if( rc != LDAP_SUCCESS ) break; if( rc != LDAP_SUCCESS ) break;
if ( ret == 0 ) { if ( ret == 0 ) {
@ -333,7 +349,6 @@ static int test_mra_filter(
/* check match */ /* check match */
rc = value_match( &ret, ad, mra->ma_rule, 0, rc = value_match( &ret, ad, mra->ma_rule, 0,
bv, &value, &text ); bv, &value, &text );
if ( value.bv_val != mra->ma_value.bv_val ) { if ( value.bv_val != mra->ma_value.bv_val ) {
memfree( value.bv_val, memctx ); memfree( value.bv_val, memctx );
} }

6
servers/slapd/mra.c
View file

@ -29,6 +29,11 @@ mra_free(
MatchingRuleAssertion *mra, MatchingRuleAssertion *mra,
int freeit ) int freeit )
{ {
#ifdef LDAP_COMP_MATCH
/* free component assertion */
if ( mra->ma_rule->smr_usage & SLAP_MR_COMPONENT )
component_free( mra->ma_cf );
#endif
/* op->o_tmpfree( mra->ma_value.bv_val, op->o_tmpmemctx ); */ /* op->o_tmpfree( mra->ma_value.bv_val, op->o_tmpmemctx ); */
ch_free( mra->ma_value.bv_val ); ch_free( mra->ma_value.bv_val );
if ( freeit ) op->o_tmpfree( (char *) mra, op->o_tmpmemctx ); if ( freeit ) op->o_tmpfree( (char *) mra, op->o_tmpmemctx );
@ -186,7 +191,6 @@ get_mra(
/* Matching Rule for Component Matching */ /* Matching Rule for Component Matching */
Debug( LDAP_DEBUG_FILTER, "matchingrule %s\n", Debug( LDAP_DEBUG_FILTER, "matchingrule %s\n",
ma.ma_rule->smr_mrule.mr_oid, 0, 0); ma.ma_rule->smr_mrule.mr_oid, 0, 0);
if( ma.ma_rule && ma.ma_rule->smr_usage & SLAP_MR_COMPONENT ) { if( ma.ma_rule && ma.ma_rule->smr_usage & SLAP_MR_COMPONENT ) {
rc = get_comp_filter( op, &ma.ma_value, &ma.ma_cf, text ); rc = get_comp_filter( op, &ma.ma_value, &ma.ma_cf, text );
if ( rc != LDAP_SUCCESS ) return rc; if ( rc != LDAP_SUCCESS ) return rc;

19
servers/slapd/proto-slap.h
View file

@ -342,9 +342,28 @@ LDAP_SLAPD_F (int) componentFilterMatch LDAP_P((
struct berval *value, struct berval *value,
void *assertedValue )); void *assertedValue ));
#define componentCertificateMatch componentFilterMatch
LDAP_SLAPD_F (int) componentCertificateValidate LDAP_P((
Syntax *syntax,
struct berval* bv ));
LDAP_SLAPD_F (int) allComponentsMatch LDAP_P((
int *matchp,
slap_mask_t flags,
Syntax *syntax,
MatchingRule *mr,
struct berval *value,
void *assertedValue ));
LDAP_SLAPD_F (int) componentFilterValidate LDAP_P(( LDAP_SLAPD_F (int) componentFilterValidate LDAP_P((
Syntax *syntax, Syntax *syntax,
struct berval* bv )); struct berval* bv ));
LDAP_SLAPD_F (int) allComponentsValidate LDAP_P((
Syntax *syntax,
struct berval* bv ));
#endif #endif
/* /*

6
servers/slapd/schema/core.schema
View file

@ -248,6 +248,10 @@ attributetype ( 2.5.4.36 NAME 'userCertificate'
EQUALITY certificateExactMatch EQUALITY certificateExactMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.8 ) SYNTAX 1.3.6.1.4.1.1466.115.121.1.8 )
attributetype ( 1.3.6.1.4.1.4203.666.1.34 NAME 'componentCertificate'
DESC 'RFC 3687 Component Matching, use ;binary'
SYNTAX 1.3.6.1.4.1.4203.666.2.7 )
# Must be transferred using ;binary # Must be transferred using ;binary
# with certificateExactMatch rule (per X.509) # with certificateExactMatch rule (per X.509)
attributetype ( 2.5.4.37 NAME 'cACertificate' attributetype ( 2.5.4.37 NAME 'cACertificate'
@ -392,7 +396,7 @@ objectclass ( 2.5.6.7 NAME 'organizationalPerson'
SUP person STRUCTURAL SUP person STRUCTURAL
MAY ( title $ x121Address $ registeredAddress $ destinationIndicator $ MAY ( title $ x121Address $ registeredAddress $ destinationIndicator $
preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $ preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $
telephoneNumber $ internationaliSDNNumber $ telephoneNumber $ internationaliSDNNumber $ componentCertificate $
facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $ facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $
postalAddress $ physicalDeliveryOfficeName $ ou $ st $ l ) ) postalAddress $ physicalDeliveryOfficeName $ ou $ st $ l ) )

22
servers/slapd/schema_init.c
View file

@ -3073,8 +3073,13 @@ static slap_syntax_defs_rec syntax_defs[] = {
{"( 1.2.36.79672281.1.5.0 DESC 'RDN' )", {"( 1.2.36.79672281.1.5.0 DESC 'RDN' )",
0, rdnValidate, rdnPretty}, 0, rdnValidate, rdnPretty},
#ifdef LDAP_COMP_MATCH #ifdef LDAP_COMP_MATCH
{"( 1.2.36.79672281.1.5.2 DESC 'ComponentFilter' )", {"( 1.2.36.79672281.1.5.3 DESC 'allComponents' )",
0, allComponentsValidate, NULL},
{"( 1.2.36.79672281.1.5.2 DESC 'componentFilter') ",
0, componentFilterValidate, NULL}, 0, componentFilterValidate, NULL},
{"( 1.3.6.1.4.1.4203.666.2.7 DESC 'componentCertificate' "
X_BINARY X_NOT_H_R ")",
SLAP_SYNTAX_BINARY|SLAP_SYNTAX_BER, componentCertificateValidate, NULL},
#endif #endif
{"( 1.3.6.1.4.1.1466.115.121.1.13 DESC 'Data Quality' )", {"( 1.3.6.1.4.1.1466.115.121.1.13 DESC 'Data Quality' )",
0, NULL, NULL}, 0, NULL, NULL},
@ -3320,10 +3325,23 @@ static slap_mrule_defs_rec mrule_defs[] = {
#ifdef LDAP_COMP_MATCH #ifdef LDAP_COMP_MATCH
{"( 1.2.36.79672281.1.13.2 NAME 'componentFilterMatch' " {"( 1.2.36.79672281.1.13.2 NAME 'componentFilterMatch' "
"SYNTAX 1.2.36.79672281.1.5.2 )", "SYNTAX 1.2.36.79672281.1.5.2 )",
SLAP_MR_EQUALITY|SLAP_MR_EXT|SLAP_MR_COMPONENT, NULL, SLAP_MR_EXT|SLAP_MR_COMPONENT, NULL,
NULL, NULL , componentFilterMatch, NULL, NULL , componentFilterMatch,
octetStringIndexer, octetStringFilter, octetStringIndexer, octetStringFilter,
NULL }, NULL },
{"( 1.2.36.79672281.1.13.6 NAME 'allComponentsMatch' "
"SYNTAX 1.2.36.79672281.1.5.3 )",
SLAP_MR_EQUALITY|SLAP_MR_EXT|SLAP_MR_COMPONENT, NULL,
NULL, NULL , allComponentsMatch,
octetStringIndexer, octetStringFilter,
NULL },
{"( 1.3.6.1.4.1.4203.666.4.12 NAME 'componentCertificateMatch' "
"SYNTAX 1.3.6.1.4.1.4203.666.2.7 )",
SLAP_MR_EXT|SLAP_MR_COMPONENT, NULL,
NULL, NULL , componentCertificateMatch,
octetStringIndexer, octetStringFilter,
NULL },
#endif #endif
{"( 2.5.13.2 NAME 'caseIgnoreMatch' " {"( 2.5.13.2 NAME 'caseIgnoreMatch' "

83
servers/slapd/slap.h
View file

@ -2572,6 +2572,7 @@ typedef struct slap_component_assertion {
ber_int_t ca_use_def; ber_int_t ca_use_def;
MatchingRule *ca_ma_rule; MatchingRule *ca_ma_rule;
struct berval ca_ma_value; struct berval ca_ma_value;
void* ca_component_values;
struct slap_component_filter *ca_cf; struct slap_component_filter *ca_cf;
MatchingRuleAssertion *ca_mra; MatchingRuleAssertion *ca_mra;
} ComponentAssertion; } ComponentAssertion;
@ -2589,6 +2590,7 @@ typedef struct slap_component_filter {
#define cf_and cf_un.cf_un_complex #define cf_and cf_un.cf_un_complex
#define cf_or cf_un.cf_un_complex #define cf_or cf_un.cf_un_complex
#define cf_not cf_un.cf_un_complex #define cf_not cf_un.cf_un_complex
#define cf_any cf_un.cf_un_complex
struct slap_component_filter *cf_next; struct slap_component_filter *cf_next;
} ComponentFilter; } ComponentFilter;
@ -2598,43 +2600,76 @@ typedef struct slap_component_assertion_value {
char* cav_ptr; char* cav_ptr;
char* cav_end; char* cav_end;
} ComponentAssertionValue; } ComponentAssertionValue;
/*
#include "asn.h"
typedef int encoder_func LDAP_P(( typedef int encoder_func LDAP_P((
void* b, void* b,
void* comp)); void* comp));*/
struct slap_component_syntax_info; struct slap_component_syntax_info;
typedef int decoder_func LDAP_P(( typedef int gser_decoder_func LDAP_P((
void* b, void* b,
struct slap_component_syntax_info** comp_syn_info, struct slap_component_syntax_info* comp_syn_info,
unsigned int* len, int* len,
int mode)); int mode));
typedef void* extract_component_from_tag_func LDAP_P(( typedef int comp_free_func LDAP_P((
int *tag)); void* b));
typedef int ber_decoder_func LDAP_P((
void* b,
int tag,
int elmtLen,
struct slap_component_syntax_info* comp_syn_info,
int* len,
int mode));
typedef int ber_tag_decoder_func LDAP_P((
void* b,
struct slap_component_syntax_info* comp_syn_info,
int* len,
int mode));
typedef void* extract_component_from_id_func LDAP_P(( typedef void* extract_component_from_id_func LDAP_P((
ComponentReference* cr, ComponentReference* cr,
void* comp )); void* comp ));
typedef void* convert_attr_to_comp_func LDAP_P ((
Attribute* a,
Syntax* syn,
struct berval* bv ));
struct slap_component_syntax_info;
typedef int convert_assert_to_comp_func LDAP_P ((
struct slap_component_syntax_info* csi_attr,
struct berval* bv,
struct slap_component_syntax_info** csi,
int* len,
int mode ));
typedef int convert_asn_to_ldap_func LDAP_P ((
struct slap_component_syntax_info* csi,
struct berval *bv ));
typedef void free_component_func LDAP_P ((
struct slap_component_syntax_info* csi ));
typedef int allcomponent_matching_func LDAP_P(( typedef int allcomponent_matching_func LDAP_P((
char* oid, char* oid,
void* component1, struct slap_component_syntax_info* comp1,
void* component2 )); struct slap_component_syntax_info* comp));
typedef struct slap_component_desc{ typedef struct slap_component_desc{
int cd_tag; int cd_tag;
ComponentId* cd_identifier; int cd_type;
encoder_func *cd_encoder; int cd_type_id;
decoder_func *cd_decoder; gser_decoder_func *cd_gser_decoder;
extract_component_from_tag_func* cd_extract_t; ber_decoder_func *cd_ber_decoder;
comp_free_func *cd_free;
extract_component_from_id_func* cd_extract_i; extract_component_from_id_func* cd_extract_i;
AsnType cd_type; slap_syntax_validate_func *cd_validate;
AsnTypeId cd_type_id; slap_syntax_transform_func *cd_pretty;
allcomponent_matching_func* cd_all_match; allcomponent_matching_func *cd_all_match;
} ComponentDesc; } ComponentDesc;
typedef struct slap_component_syntax_info { typedef struct slap_component_syntax_info {
@ -2642,18 +2677,6 @@ typedef struct slap_component_syntax_info {
ComponentDesc* csi_comp_desc; ComponentDesc* csi_comp_desc;
} ComponentSyntaxInfo; } ComponentSyntaxInfo;
typedef struct asntype_to_matchingrule {
AsnTypeId atmr_typeId;
char* atmr_mr_name;
MatchingRule *atmr_mr;
} AsnTypetoMatchingRule;
typedef struct asntype_to_matchingrule_table {
char* atmr_oid;
struct asntype_to_matchingrule atmr_table[ASNTYPE_END];
struct asntype_to_matchingrule_table* atmr_table_next;
} AsnTypetoMatchingRuleTable;
#endif #endif
LDAP_END_DECL LDAP_END_DECL

1
servers/slapd/value.c
View file

@ -185,7 +185,6 @@ int asserted_value_validate_normalize(
return LDAP_SUCCESS; return LDAP_SUCCESS;
} }
int int
value_match( value_match(
int *match, int *match,

185
tests/data/compsearch.out
View file

@ -1,64 +1,153 @@
dn: uid=sangseoklim,ou=Alumni Association,ou=People,dc=example,dc=com dn: cn=beta,ou=Alumni Association,ou=People,dc=example,dc=com
objectClass: OpenLDAPperson objectClass: OpenLDAPperson
objectClass: extensibleObject objectClass: extensibleObject
uid: sangseoklim uid:: Y2hhcmxpZSA=
cn: Sang Seok Lim cn: beta
sn: Lim
componentTest: component1
dn: uid=seotaejee,ou=Alumni Association,ou=People,dc=example,dc=com
objectClass: OpenLDAPperson
objectClass: extensibleObject
uid: seotaejee
cn: Seo Tae Jee
sn: Jee sn: Jee
componentTest: component2 componentCertificate;binary:: MIIB9jCCAV+gAwIBAgIBADANBgkqhkiG9w0BAQQFADANMQsw
CQYDVQQGEwJVUzAeFw0wNDEwMTIwMDAxNTBaFw0wNDExMTEwMDAxNTBaMA0xCzAJBgNVBAYTAlVTM
IGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCQcTs4uD+gAoQ1XkYN4woLtZaEi7XVEVIJQ6Rsn2
QP3MONBT9jvrhVcnUJQtvEEkfnsNANKeYntUTvih76jErFNTmg7zl0govFSkiuS+tfrZnn/Ebix3+
tTMnAKUQXkYi5Mr+x3U44yYo1EPLpZlcV1Caafc30EMRQ/Gv/PdrqYwIDAQABo2YwZDAdBgNVHQ4E
FgQUAzNnruNiI38IPf39ZJGFx8mDsxgwNQYDVR0jBC4wLIAUAzNnruNiI38IPf39ZJGFx8mDsxihE
aQPMA0xCzAJBgNVBAYTAlVTggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAf44lao
KcTySuz3yQb/lfOBVDh6oMxysal0eEij+nypQJ1H+rsZ+ebUlKMiTYhrTk3n3H6moHaxICENIu4P5
rD5UedAWtMjWq2ZJIa26bbvB4enGOF66KH5S823ZdKa0Kr2JcHAAYFpf+TQoGg5JO7TD3AECd7Qo9
a+4XrEkBJ/Q=
dn: uid=sangseoklim,ou=Alumni Association,ou=People,dc=example,dc=com dn: cn=charlie,ou=Alumni Association,ou=People,dc=example,dc=com
objectClass: OpenLDAPperson objectClass: OpenLDAPperson
objectClass: extensibleObject objectClass: extensibleObject
uid: sangseoklim uid:: Y2hhcmxpZSA=
cn: Sang Seok Lim cn: charlie
sn: Lim
componentTest: component1
dn: uid=seotaejee,ou=Alumni Association,ou=People,dc=example,dc=com
objectClass: OpenLDAPperson
objectClass: extensibleObject
uid: seotaejee
cn: Seo Tae Jee
sn: Jee sn: Jee
componentTest: component2 componentCertificate;binary:: MIIB9jCCAV+gAwIBAgIBADANBgkqhkiG9w0BAQQFADANMQsw
CQYDVQQGEwJVUzAeFw0wNDEwMTIwMDAxNTBaFw0wNDExMTEwMDAxNTBaMA0xCzAJBgNVBAYTAlVTM
IGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCQcTs4uD+gAoQ1XkYN4woLtZaEi7XVEVIJQ6Rsn2
QP3MONBT9jvrhVcnUJQtvEEkfnsNANKeYntUTvih76jErFNTmg7zl0govFSkiuS+tfrZnn/Ebix3+
tTMnAKUQXkYi5Mr+x3U44yYo1EPLpZlcV1Caafc30EMRQ/Gv/PdrqYwIDAQABo2YwZDAdBgNVHQ4E
FgQUAzNnruNiI38IPf39ZJGFx8mDsxgwNQYDVR0jBC4wLIAUAzNnruNiI38IPf39ZJGFx8mDsxihE
aQPMA0xCzAJBgNVBAYTAlVTggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAf44lao
KcTySuz3yQb/lfOBVDh6oMxysal0eEij+nypQJ1H+rsZ+ebUlKMiTYhrTk3n3H6moHaxICENIu4P5
rD5UedAWtMjWq2ZJIa26bbvB4enGOF66KH5S823ZdKa0Kr2JcHAAYFpf+TQoGg5JO7TD3AECd7Qo9
a+4XrEkBJ/Q=
dn: uid=sangseoklim,ou=Alumni Association,ou=People,dc=example,dc=com dn: cn=beta,ou=Alumni Association,ou=People,dc=example,dc=com
objectClass: OpenLDAPperson objectClass: OpenLDAPperson
objectClass: extensibleObject objectClass: extensibleObject
uid: sangseoklim uid:: Y2hhcmxpZSA=
cn: Sang Seok Lim cn: beta
sn: Lim
componentTest: component1
dn: uid=seotaejee,ou=Alumni Association,ou=People,dc=example,dc=com
objectClass: OpenLDAPperson
objectClass: extensibleObject
uid: seotaejee
cn: Seo Tae Jee
sn: Jee sn: Jee
componentTest: component2 componentCertificate;binary:: MIIB9jCCAV+gAwIBAgIBADANBgkqhkiG9w0BAQQFADANMQsw
CQYDVQQGEwJVUzAeFw0wNDEwMTIwMDAxNTBaFw0wNDExMTEwMDAxNTBaMA0xCzAJBgNVBAYTAlVTM
IGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCQcTs4uD+gAoQ1XkYN4woLtZaEi7XVEVIJQ6Rsn2
QP3MONBT9jvrhVcnUJQtvEEkfnsNANKeYntUTvih76jErFNTmg7zl0govFSkiuS+tfrZnn/Ebix3+
tTMnAKUQXkYi5Mr+x3U44yYo1EPLpZlcV1Caafc30EMRQ/Gv/PdrqYwIDAQABo2YwZDAdBgNVHQ4E
FgQUAzNnruNiI38IPf39ZJGFx8mDsxgwNQYDVR0jBC4wLIAUAzNnruNiI38IPf39ZJGFx8mDsxihE
aQPMA0xCzAJBgNVBAYTAlVTggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAf44lao
KcTySuz3yQb/lfOBVDh6oMxysal0eEij+nypQJ1H+rsZ+ebUlKMiTYhrTk3n3H6moHaxICENIu4P5
rD5UedAWtMjWq2ZJIa26bbvB4enGOF66KH5S823ZdKa0Kr2JcHAAYFpf+TQoGg5JO7TD3AECd7Qo9
a+4XrEkBJ/Q=
dn: uid=sangseoklim,ou=Alumni Association,ou=People,dc=example,dc=com dn: cn=charlie,ou=Alumni Association,ou=People,dc=example,dc=com
objectClass: OpenLDAPperson objectClass: OpenLDAPperson
objectClass: extensibleObject objectClass: extensibleObject
uid: sangseoklim uid:: Y2hhcmxpZSA=
cn: Sang Seok Lim cn: charlie
sn: Lim
componentTest: component1
dn: uid=seotaejee,ou=Alumni Association,ou=People,dc=example,dc=com
objectClass: OpenLDAPperson
objectClass: extensibleObject
uid: seotaejee
cn: Seo Tae Jee
sn: Jee sn: Jee
componentTest: component2 componentCertificate;binary:: MIIB9jCCAV+gAwIBAgIBADANBgkqhkiG9w0BAQQFADANMQsw
CQYDVQQGEwJVUzAeFw0wNDEwMTIwMDAxNTBaFw0wNDExMTEwMDAxNTBaMA0xCzAJBgNVBAYTAlVTM
IGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCQcTs4uD+gAoQ1XkYN4woLtZaEi7XVEVIJQ6Rsn2
QP3MONBT9jvrhVcnUJQtvEEkfnsNANKeYntUTvih76jErFNTmg7zl0govFSkiuS+tfrZnn/Ebix3+
tTMnAKUQXkYi5Mr+x3U44yYo1EPLpZlcV1Caafc30EMRQ/Gv/PdrqYwIDAQABo2YwZDAdBgNVHQ4E
FgQUAzNnruNiI38IPf39ZJGFx8mDsxgwNQYDVR0jBC4wLIAUAzNnruNiI38IPf39ZJGFx8mDsxihE
aQPMA0xCzAJBgNVBAYTAlVTggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAf44lao
KcTySuz3yQb/lfOBVDh6oMxysal0eEij+nypQJ1H+rsZ+ebUlKMiTYhrTk3n3H6moHaxICENIu4P5
rD5UedAWtMjWq2ZJIa26bbvB4enGOF66KH5S823ZdKa0Kr2JcHAAYFpf+TQoGg5JO7TD3AECd7Qo9
a+4XrEkBJ/Q=
dn: cn=beta,ou=Alumni Association,ou=People,dc=example,dc=com
objectClass: OpenLDAPperson
objectClass: extensibleObject
uid:: Y2hhcmxpZSA=
cn: beta
sn: Jee
componentCertificate;binary:: MIIB9jCCAV+gAwIBAgIBADANBgkqhkiG9w0BAQQFADANMQsw
CQYDVQQGEwJVUzAeFw0wNDEwMTIwMDAxNTBaFw0wNDExMTEwMDAxNTBaMA0xCzAJBgNVBAYTAlVTM
IGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCQcTs4uD+gAoQ1XkYN4woLtZaEi7XVEVIJQ6Rsn2
QP3MONBT9jvrhVcnUJQtvEEkfnsNANKeYntUTvih76jErFNTmg7zl0govFSkiuS+tfrZnn/Ebix3+
tTMnAKUQXkYi5Mr+x3U44yYo1EPLpZlcV1Caafc30EMRQ/Gv/PdrqYwIDAQABo2YwZDAdBgNVHQ4E
FgQUAzNnruNiI38IPf39ZJGFx8mDsxgwNQYDVR0jBC4wLIAUAzNnruNiI38IPf39ZJGFx8mDsxihE
aQPMA0xCzAJBgNVBAYTAlVTggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAf44lao
KcTySuz3yQb/lfOBVDh6oMxysal0eEij+nypQJ1H+rsZ+ebUlKMiTYhrTk3n3H6moHaxICENIu4P5
rD5UedAWtMjWq2ZJIa26bbvB4enGOF66KH5S823ZdKa0Kr2JcHAAYFpf+TQoGg5JO7TD3AECd7Qo9
a+4XrEkBJ/Q=
dn: cn=charlie,ou=Alumni Association,ou=People,dc=example,dc=com
objectClass: OpenLDAPperson
objectClass: extensibleObject
uid:: Y2hhcmxpZSA=
cn: charlie
sn: Jee
componentCertificate;binary:: MIIB9jCCAV+gAwIBAgIBADANBgkqhkiG9w0BAQQFADANMQsw
CQYDVQQGEwJVUzAeFw0wNDEwMTIwMDAxNTBaFw0wNDExMTEwMDAxNTBaMA0xCzAJBgNVBAYTAlVTM
IGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCQcTs4uD+gAoQ1XkYN4woLtZaEi7XVEVIJQ6Rsn2
QP3MONBT9jvrhVcnUJQtvEEkfnsNANKeYntUTvih76jErFNTmg7zl0govFSkiuS+tfrZnn/Ebix3+
tTMnAKUQXkYi5Mr+x3U44yYo1EPLpZlcV1Caafc30EMRQ/Gv/PdrqYwIDAQABo2YwZDAdBgNVHQ4E
FgQUAzNnruNiI38IPf39ZJGFx8mDsxgwNQYDVR0jBC4wLIAUAzNnruNiI38IPf39ZJGFx8mDsxihE
aQPMA0xCzAJBgNVBAYTAlVTggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAf44lao
KcTySuz3yQb/lfOBVDh6oMxysal0eEij+nypQJ1H+rsZ+ebUlKMiTYhrTk3n3H6moHaxICENIu4P5
rD5UedAWtMjWq2ZJIa26bbvB4enGOF66KH5S823ZdKa0Kr2JcHAAYFpf+TQoGg5JO7TD3AECd7Qo9
a+4XrEkBJ/Q=
dn: cn=beta,ou=Alumni Association,ou=People,dc=example,dc=com
objectClass: OpenLDAPperson
objectClass: extensibleObject
uid:: Y2hhcmxpZSA=
cn: beta
sn: Jee
componentCertificate;binary:: MIIB9jCCAV+gAwIBAgIBADANBgkqhkiG9w0BAQQFADANMQsw
CQYDVQQGEwJVUzAeFw0wNDEwMTIwMDAxNTBaFw0wNDExMTEwMDAxNTBaMA0xCzAJBgNVBAYTAlVTM
IGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCQcTs4uD+gAoQ1XkYN4woLtZaEi7XVEVIJQ6Rsn2
QP3MONBT9jvrhVcnUJQtvEEkfnsNANKeYntUTvih76jErFNTmg7zl0govFSkiuS+tfrZnn/Ebix3+
tTMnAKUQXkYi5Mr+x3U44yYo1EPLpZlcV1Caafc30EMRQ/Gv/PdrqYwIDAQABo2YwZDAdBgNVHQ4E
FgQUAzNnruNiI38IPf39ZJGFx8mDsxgwNQYDVR0jBC4wLIAUAzNnruNiI38IPf39ZJGFx8mDsxihE
aQPMA0xCzAJBgNVBAYTAlVTggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAf44lao
KcTySuz3yQb/lfOBVDh6oMxysal0eEij+nypQJ1H+rsZ+ebUlKMiTYhrTk3n3H6moHaxICENIu4P5
rD5UedAWtMjWq2ZJIa26bbvB4enGOF66KH5S823ZdKa0Kr2JcHAAYFpf+TQoGg5JO7TD3AECd7Qo9
a+4XrEkBJ/Q=
dn: cn=charlie,ou=Alumni Association,ou=People,dc=example,dc=com
objectClass: OpenLDAPperson
objectClass: extensibleObject
uid:: Y2hhcmxpZSA=
cn: charlie
sn: Jee
componentCertificate;binary:: MIIB9jCCAV+gAwIBAgIBADANBgkqhkiG9w0BAQQFADANMQsw
CQYDVQQGEwJVUzAeFw0wNDEwMTIwMDAxNTBaFw0wNDExMTEwMDAxNTBaMA0xCzAJBgNVBAYTAlVTM
IGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCQcTs4uD+gAoQ1XkYN4woLtZaEi7XVEVIJQ6Rsn2
QP3MONBT9jvrhVcnUJQtvEEkfnsNANKeYntUTvih76jErFNTmg7zl0govFSkiuS+tfrZnn/Ebix3+
tTMnAKUQXkYi5Mr+x3U44yYo1EPLpZlcV1Caafc30EMRQ/Gv/PdrqYwIDAQABo2YwZDAdBgNVHQ4E
FgQUAzNnruNiI38IPf39ZJGFx8mDsxgwNQYDVR0jBC4wLIAUAzNnruNiI38IPf39ZJGFx8mDsxihE
aQPMA0xCzAJBgNVBAYTAlVTggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAf44lao
KcTySuz3yQb/lfOBVDh6oMxysal0eEij+nypQJ1H+rsZ+ebUlKMiTYhrTk3n3H6moHaxICENIu4P5
rD5UedAWtMjWq2ZJIa26bbvB4enGOF66KH5S823ZdKa0Kr2JcHAAYFpf+TQoGg5JO7TD3AECd7Qo9
a+4XrEkBJ/Q=
dn: cn=charlie,ou=Alumni Association,ou=People,dc=example,dc=com
objectClass: OpenLDAPperson
objectClass: extensibleObject
uid:: Y2hhcmxpZSA=
cn: charlie
sn: Jee
componentCertificate;binary:: MIIB9jCCAV+gAwIBAgIBADANBgkqhkiG9w0BAQQFADANMQsw
CQYDVQQGEwJVUzAeFw0wNDEwMTIwMDAxNTBaFw0wNDExMTEwMDAxNTBaMA0xCzAJBgNVBAYTAlVTM
IGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCQcTs4uD+gAoQ1XkYN4woLtZaEi7XVEVIJQ6Rsn2
QP3MONBT9jvrhVcnUJQtvEEkfnsNANKeYntUTvih76jErFNTmg7zl0govFSkiuS+tfrZnn/Ebix3+
tTMnAKUQXkYi5Mr+x3U44yYo1EPLpZlcV1Caafc30EMRQ/Gv/PdrqYwIDAQABo2YwZDAdBgNVHQ4E
FgQUAzNnruNiI38IPf39ZJGFx8mDsxgwNQYDVR0jBC4wLIAUAzNnruNiI38IPf39ZJGFx8mDsxihE
aQPMA0xCzAJBgNVBAYTAlVTggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAf44lao
KcTySuz3yQb/lfOBVDh6oMxysal0eEij+nypQJ1H+rsZ+ebUlKMiTYhrTk3n3H6moHaxICENIu4P5
rD5UedAWtMjWq2ZJIa26bbvB4enGOF66KH5S823ZdKa0Kr2JcHAAYFpf+TQoGg5JO7TD3AECd7Qo9
a+4XrEkBJ/Q=

2
tests/data/slapd-component.conf
View file

@ -19,13 +19,13 @@ include ./schema/cosine.schema
include ./schema/inetorgperson.schema include ./schema/inetorgperson.schema
include ./schema/openldap.schema include ./schema/openldap.schema
include ./schema/nis.schema include ./schema/nis.schema
include ./schema/test.schema
include ./testdata/ditcontentrules.conf include ./testdata/ditcontentrules.conf
pidfile ./testrun/slapd.1.pid pidfile ./testrun/slapd.1.pid
argsfile ./testrun/slapd.1.args argsfile ./testrun/slapd.1.args
moduleload ./testdata/comp_libs/compmatch.la
#mod#modulepath ../servers/slapd/back-@BACKEND@/ #mod#modulepath ../servers/slapd/back-@BACKEND@/
#mod#moduleload back_@BACKEND@.la #mod#moduleload back_@BACKEND@.la
#monitormod#modulepath ../servers/slapd/back-monitor/ #monitormod#modulepath ../servers/slapd/back-monitor/

24
tests/data/test-compmatch.ldif
View file

@ -395,18 +395,18 @@ pager: +1 313 555 7671
facsimiletelephonenumber: +1 313 555 7762 facsimiletelephonenumber: +1 313 555 7762
telephonenumber: +1 313 555 4177 telephonenumber: +1 313 555 4177
dn: uid=sangseoklim,ou=Alumni Association,ou=People,dc=example,dc=com dn: cn=charlie,ou=Alumni Association,ou=People,dc=example,dc=com
objectclass: OpenLDAPperson objectclass: OpenLDAPperson
objectclass: extensibleObject objectclass: extensibleObject
uid: sangseoklim uid: charlie
cn: Sang Seok Lim cn: charlie
sn: Lim
componentTest: component1
dn: uid=seotaejee,ou=Alumni Association,ou=People,dc=example,dc=com
objectclass: OpenLDAPperson
objectclass: extensibleObject
uid: seotaejee
cn: Seo Tae Jee
sn: Jee sn: Jee
componentTest: component2 componentCertificate;binary:: MIIB9jCCAV+gAwIBAgIBADANBgkqhkiG9w0BAQQFADANMQswCQYDVQQGEwJVUzAeFw0wNDEwMTIwMDAxNTBaFw0wNDExMTEwMDAxNTBaMA0xCzAJBgNVBAYTAlVTMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCQcTs4uD+gAoQ1XkYN4woLtZaEi7XVEVIJQ6Rsn2QP3MONBT9jvrhVcnUJQtvEEkfnsNANKeYntUTvih76jErFNTmg7zl0govFSkiuS+tfrZnn/Ebix3+tTMnAKUQXkYi5Mr+x3U44yYo1EPLpZlcV1Caafc30EMRQ/Gv/PdrqYwIDAQABo2YwZDAdBgNVHQ4EFgQUAzNnruNiI38IPf39ZJGFx8mDsxgwNQYDVR0jBC4wLIAUAzNnruNiI38IPf39ZJGFx8mDsxihEaQPMA0xCzAJBgNVBAYTAlVTggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAf44laoKcTySuz3yQb/lfOBVDh6oMxysal0eEij+nypQJ1H+rsZ+ebUlKMiTYhrTk3n3H6moHaxICENIu4P5rD5UedAWtMjWq2ZJIa26bbvB4enGOF66KH5S823ZdKa0Kr2JcHAAYFpf+TQoGg5JO7TD3AECd7Qo9a+4XrEkBJ/Q=
dn: cn=beta,ou=Alumni Association,ou=People,dc=example,dc=com
objectclass: OpenLDAPperson
objectclass: extensibleObject
uid: charlie
cn: beta
sn: Jee
componentCertificate;binary:: MIIB9jCCAV+gAwIBAgIBADANBgkqhkiG9w0BAQQFADANMQswCQYDVQQGEwJVUzAeFw0wNDEwMTIwMDAxNTBaFw0wNDExMTEwMDAxNTBaMA0xCzAJBgNVBAYTAlVTMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCQcTs4uD+gAoQ1XkYN4woLtZaEi7XVEVIJQ6Rsn2QP3MONBT9jvrhVcnUJQtvEEkfnsNANKeYntUTvih76jErFNTmg7zl0govFSkiuS+tfrZnn/Ebix3+tTMnAKUQXkYi5Mr+x3U44yYo1EPLpZlcV1Caafc30EMRQ/Gv/PdrqYwIDAQABo2YwZDAdBgNVHQ4EFgQUAzNnruNiI38IPf39ZJGFx8mDsxgwNQYDVR0jBC4wLIAUAzNnruNiI38IPf39ZJGFx8mDsxihEaQPMA0xCzAJBgNVBAYTAlVTggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAf44laoKcTySuz3yQb/lfOBVDh6oMxysal0eEij+nypQJ1H+rsZ+ebUlKMiTYhrTk3n3H6moHaxICENIu4P5rD5UedAWtMjWq2ZJIa26bbvB4enGOF66KH5S823ZdKa0Kr2JcHAAYFpf+TQoGg5JO7TD3AECd7Qo9a+4XrEkBJ/Q=

4
tests/run.in
View file

@ -41,11 +41,11 @@ AC_rwm=rwm@BUILD_RWM@
# misc # misc
AC_WITH_SASL=@WITH_SASL@ AC_WITH_SASL=@WITH_SASL@
AC_WITH_TLS=@WITH_TLS@ AC_WITH_TLS=@WITH_TLS@
AC_WITH_COMP_MATCH=yes AC_WITH_MODULES_ENABLED=@WITH_MODULES_ENABLED@
export AC_bdb AC_hdb AC_ldap AC_ldbm AC_monitor AC_relay AC_sql export AC_bdb AC_hdb AC_ldap AC_ldbm AC_monitor AC_relay AC_sql
export AC_pcache AC_ppolicy AC_refint AC_unique AC_rwm export AC_pcache AC_ppolicy AC_refint AC_unique AC_rwm
export AC_WITH_SASL AC_WITH_TLS AC_WITH_COMP_MATCH export AC_WITH_SASL AC_WITH_TLS AC_WITH_MODULES_ENABLED
if test ! -x ../servers/slapd/slapd ; then if test ! -x ../servers/slapd/slapd ; then
echo "Could not locate slapd(8)" echo "Could not locate slapd(8)"

40
tests/scripts/test031-component-filter
View file

@ -18,21 +18,27 @@ echo "running defines.sh"
## If you use this script then ## If you use this script then
## Make sure that you turn on LDAP_COMP_MATCH in slapd source codes ## Make sure that you turn on LDAP_COMP_MATCH in slapd source codes
## To disable, set "WITH_COMP_MATCH=no" in source_root/openldap/tests/run.in ## and --enable-modules is configured yes
if test "$AC_WITH_COMP_MATCH" != "yes" ; then if test "$AC_WITH_MODULES_ENABLED" != "yes" ; then
echo "test disabled " echo "dynamic module disabled "
exit exit
fi fi
mkdir -p $TESTDIR $DBDIR1 mkdir -p $TESTDIR $DBDIR1
## Make sure that you set a proper path to component matching
## module directory in $COMPCONF
## moduleload path/to/component/library/compmatch.la
## otherwise it fails to execute slapd
echo "Running slapadd to build slapd database..." echo "Running slapadd to build slapd database..."
. $CONFFILTER $BACKEND $MONITORDB < $COMPCONF > $ADDCONF . $CONFFILTER $BACKEND $MONITORDB < $COMPCONF > $ADDCONF
$SLAPADD -f $ADDCONF -l $LDIFCOMPMATCH $SLAPADD -f $ADDCONF -l $LDIFCOMPMATCH
RC=$? RC=$?
if test $RC != 0 ; then if test $RC != 0 ; then
echo "slapadd failed ($RC)!" echo "slapadd failed ($RC)!"
exit $RC echo "Be sure to have a certificate module in tests/data/comp_libs "
echo "The module is in openldap/contrib/slapd-modules/comp_match"
exit
fi fi
echo "Running slapindex to index slapd database..." echo "Running slapindex to index slapd database..."
@ -73,10 +79,10 @@ fi
cat /dev/null > $SEARCHOUT cat /dev/null > $SEARCHOUT
echo "Testing Component Filter Match RFC3687 searching:" echo "Testing Component Filter Match RFC3687 Certificate searching:"
echo "# Testing Component Filter Match RFC3687 searching:" >> $SEARCHOUT echo "# Testing Component Filter Match RFC3687 Certificate searching:" >> $SEARCHOUT
FILTER="(componentTest:componentFilterMatch:=item:{ component \"id\", rule caseExactMatch, value \"worldcup\" )" FILTER="(componentCertificate:componentCertificateMatch:=item:{ component \"tbsCertificate.serialNumber\", rule allComponentsMatch, value 0 })"
echo " f=$FILTER ..." echo " f=$FILTER ..."
echo "# f=$FILTER ..." >> $SEARCHOUT echo "# f=$FILTER ..." >> $SEARCHOUT
$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \ $LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
@ -89,7 +95,7 @@ if test $RC != 0 ; then
exit $RC exit $RC
fi fi
FILTER="(componentTest:componentFilterMatch:=not:item:{ component \"id2\", rule caseExactMatch, value \"worldcup\" )" FILTER="(componentCertificate:componentCertificateMatch:=item:{ component \"tbsCertificate.version\", rule allComponentsMatch, value 2 })"
echo " f=$FILTER ..." echo " f=$FILTER ..."
echo "# f=$FILTER ..." >> $SEARCHOUT echo "# f=$FILTER ..." >> $SEARCHOUT
$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \ $LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
@ -102,7 +108,7 @@ if test $RC != 0 ; then
exit $RC exit $RC
fi fi
FILTER="(componentTest:componentFilterMatch:=not:item:{ component \"id2\", rule componentFilterMatch, value not:item:{ component \"id.0\", rule integerMatch, value 5 }})" FILTER="(componentCertificate:componentCertificateMatch:=item:{ component \"tbsCertificate.issuer.rdnSequence.1.1.value\", rule octetStringMatch, value \"US\" })"
echo " f=$FILTER ..." echo " f=$FILTER ..."
echo "# f=$FILTER ..." >> $SEARCHOUT echo "# f=$FILTER ..." >> $SEARCHOUT
$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \ $LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
@ -115,7 +121,7 @@ if test $RC != 0 ; then
exit $RC exit $RC
fi fi
FILTER="(componentTest:componentFilterMatch:=and:{item:{ component \"100\", rule caseIgnoreMatch, value "foobar" },item:{ component \"id2.rr.kk\", rule componentFilterMatch, value item:{ component \"id3\", rule integerMatch, value 1 }}})" FILTER="(componentCertificate:componentCertificateMatch:=item:{ component \"tbsCertificate.issuer.rdnSequence.1.1.value\", rule allComponentsMatch, value \"US\" })"
echo " f=$FILTER ..." echo " f=$FILTER ..."
echo "# f=$FILTER ..." >> $SEARCHOUT echo "# f=$FILTER ..." >> $SEARCHOUT
$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \ $LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
@ -128,7 +134,7 @@ if test $RC != 0 ; then
exit $RC exit $RC
fi fi
FILTER="(componentTest:componentFilterMatch:=and:{not:item:{ component \"100\", rule caseIgnoreMatch, value "foobar" },not:item:{ component \"id2.rr.kk\", rule componentFilterMatch, value item:{ component \"id3\", rule integerMatch, value 1 }}})" FILTER="(componentCertificate:componentCertificateMatch:=item:{ component \"tbsCertificate.issuer.rdnSequence\", rule allComponentsMatch, value { { { type 2.5.4.6 , value \"US\" } } } })"
echo " f=$FILTER ..." echo " f=$FILTER ..."
echo "# f=$FILTER ..." >> $SEARCHOUT echo "# f=$FILTER ..." >> $SEARCHOUT
$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \ $LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
@ -141,18 +147,8 @@ if test $RC != 0 ; then
exit $RC exit $RC
fi fi
FILTER="(componentTest:componentFilterMatch:=or:{not:item:{ component \"100\", rule caseIgnoreMatch, value "foobar" },not:item:{ component \"id2.rr.kk\", rule componentFilterMatch, value item:{ component \"id3\", rule integerMatch, value 1 }}})"
echo " f=$FILTER ..."
echo "# f=$FILTER ..." >> $SEARCHOUT
$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
"$FILTER" >> $SEARCHOUT 2>&1
RC=$?
if test $RC != 0 ; then
echo "ldapsearch failed ($RC)!"
test $KILLSERVERS != no && kill -HUP $KILLPIDS
exit $RC
fi
test $KILLSERVERS != no && kill -HUP $KILLPIDS test $KILLSERVERS != no && kill -HUP $KILLPIDS
echo "Filtering ldapsearch results..." echo "Filtering ldapsearch results..."