diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-07 16:35:32 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-07 16:35:32 +0000 |
commit | 5ea77a75dd2d2158401331879f3c8f47940a732c (patch) | |
tree | d89dc06e9f4850a900f161e25f84e922c4f86cc8 /servers/slapd/ad.c | |
parent | Initial commit. (diff) | |
download | openldap-b657cee8024a3308d338705c16d332daa54c9493.tar.xz openldap-b657cee8024a3308d338705c16d332daa54c9493.zip |
Adding upstream version 2.5.13+dfsg.upstream/2.5.13+dfsgupstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'servers/slapd/ad.c')
-rw-r--r-- | servers/slapd/ad.c | 1313 |
1 files changed, 1313 insertions, 0 deletions
diff --git a/servers/slapd/ad.c b/servers/slapd/ad.c new file mode 100644 index 0000000..6b643f5 --- /dev/null +++ b/servers/slapd/ad.c @@ -0,0 +1,1313 @@ +/* ad.c - routines for dealing with attribute descriptions */ +/* $OpenLDAP$ */ +/* This work is part of OpenLDAP Software <http://www.openldap.org/>. + * + * Copyright 1998-2022 The OpenLDAP Foundation. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted only as authorized by the OpenLDAP + * Public License. + * + * A copy of this license is available in the file LICENSE in the + * top-level directory of the distribution or, alternatively, at + * <http://www.OpenLDAP.org/license.html>. + */ + +#include "portable.h" + +#include <stdio.h> + +#include <ac/ctype.h> +#include <ac/errno.h> +#include <ac/socket.h> +#include <ac/string.h> +#include <ac/time.h> + +#include "slap.h" +#include "lutil.h" + +static struct berval bv_no_attrs = BER_BVC( LDAP_NO_ATTRS ); +static struct berval bv_all_user_attrs = BER_BVC( "*" ); +static struct berval bv_all_operational_attrs = BER_BVC( "+" ); + +static AttributeName anlist_no_attrs[] = { + { BER_BVC( LDAP_NO_ATTRS ), NULL, 0, NULL }, + { BER_BVNULL, NULL, 0, NULL } +}; + +static AttributeName anlist_all_user_attributes[] = { + { BER_BVC( LDAP_ALL_USER_ATTRIBUTES ), NULL, 0, NULL }, + { BER_BVNULL, NULL, 0, NULL } +}; + +static AttributeName anlist_all_operational_attributes[] = { + { BER_BVC( LDAP_ALL_OPERATIONAL_ATTRIBUTES ), NULL, 0, NULL }, + { BER_BVNULL, NULL, 0, NULL } +}; + +static AttributeName anlist_all_attributes[] = { + { BER_BVC( LDAP_ALL_USER_ATTRIBUTES ), NULL, 0, NULL }, + { BER_BVC( LDAP_ALL_OPERATIONAL_ATTRIBUTES ), NULL, 0, NULL }, + { BER_BVNULL, NULL, 0, NULL } +}; + +AttributeName *slap_anlist_no_attrs = anlist_no_attrs; +AttributeName *slap_anlist_all_user_attributes = anlist_all_user_attributes; +AttributeName *slap_anlist_all_operational_attributes = anlist_all_operational_attributes; +AttributeName *slap_anlist_all_attributes = anlist_all_attributes; + +struct berval * slap_bv_no_attrs = &bv_no_attrs; +struct berval * slap_bv_all_user_attrs = &bv_all_user_attrs; +struct berval * slap_bv_all_operational_attrs = &bv_all_operational_attrs; + +typedef struct Attr_option { + struct berval name; /* option name or prefix */ + int prefix; /* NAME is a tag and range prefix */ +} Attr_option; + +static Attr_option lang_option = { BER_BVC("lang-"), 1 }; + +/* Options sorted by name, and number of options */ +static Attr_option *options = &lang_option; +static int option_count = 1; + +static int msad_range_hack = 0; + +static int ad_count; + +static Attr_option *ad_find_option_definition( const char *opt, int optlen ); + +int ad_keystring( + struct berval *bv ) +{ + ber_len_t i; + + if( !AD_LEADCHAR( bv->bv_val[0] ) ) { + return 1; + } + + for( i=1; i<bv->bv_len; i++ ) { + if( !AD_CHAR( bv->bv_val[i] )) { + if ( msad_range_hack && bv->bv_val[i] == '=' ) + continue; + return 1; + } + } + return 0; +} + +void ad_destroy( AttributeDescription *ad ) +{ + AttributeDescription *n; + + for (; ad != NULL; ad = n) { + n = ad->ad_next; + ldap_memfree( ad ); + } +} + +/* Is there an AttributeDescription for this type that uses these tags? */ +AttributeDescription * ad_find_tags( + AttributeType *type, + struct berval *tags ) +{ + AttributeDescription *ad; + + ldap_pvt_thread_mutex_lock( &type->sat_ad_mutex ); + for (ad = type->sat_ad; ad; ad=ad->ad_next) + { + if (ad->ad_tags.bv_len == tags->bv_len && + !strcasecmp(ad->ad_tags.bv_val, tags->bv_val)) + break; + } + ldap_pvt_thread_mutex_unlock( &type->sat_ad_mutex ); + return ad; +} + +int slap_str2ad( + const char *str, + AttributeDescription **ad, + const char **text ) +{ + struct berval bv; + bv.bv_val = (char *) str; + bv.bv_len = strlen( str ); + + return slap_bv2ad( &bv, ad, text ); +} + +static char *strchrlen( + const char *beg, + const char *end, + const char ch, + int *len ) +{ + const char *p; + + for( p=beg; p < end && *p; p++ ) { + if( *p == ch ) { + *len = p - beg; + return (char *) p; + } + } + + *len = p - beg; + return NULL; +} + +int slap_bv2ad( + struct berval *bv, + AttributeDescription **ad, + const char **text ) +{ + int rtn = LDAP_UNDEFINED_TYPE; + AttributeDescription desc, *d2; + char *name, *options, *optn; + char *opt, *next; + int ntags; + int tagslen; + + /* hardcoded limits for speed */ +#define MAX_TAGGING_OPTIONS 128 + struct berval tags[MAX_TAGGING_OPTIONS+1]; +#define MAX_TAGS_LEN 1024 + char tagbuf[MAX_TAGS_LEN]; + + assert( ad != NULL ); + assert( *ad == NULL ); /* temporary */ + + if( bv == NULL || BER_BVISNULL( bv ) || BER_BVISEMPTY( bv ) ) { + *text = "empty AttributeDescription"; + return rtn; + } + + /* make sure description is IA5 */ + if( ad_keystring( bv ) ) { + *text = "AttributeDescription contains inappropriate characters"; + return rtn; + } + + /* find valid base attribute type; parse in place */ + desc.ad_cname = *bv; + desc.ad_flags = 0; + BER_BVZERO( &desc.ad_tags ); + name = bv->bv_val; + options = ber_bvchr( bv, ';' ); + if ( options != NULL && (unsigned) ( options - name ) < bv->bv_len ) { + /* don't go past the end of the berval! */ + desc.ad_cname.bv_len = options - name; + } else { + options = NULL; + } + desc.ad_type = at_bvfind( &desc.ad_cname ); + if( desc.ad_type == NULL ) { + *text = "attribute type undefined"; + return rtn; + } + + if( is_at_operational( desc.ad_type ) && options != NULL ) { + *text = "operational attribute with options undefined"; + return rtn; + } + + /* + * parse options in place + */ + ntags = 0; + tagslen = 0; + optn = bv->bv_val + bv->bv_len; + + for( opt=options; opt != NULL; opt=next ) { + Attr_option *aopt; + int optlen; + opt++; + next = strchrlen( opt, optn, ';', &optlen ); + + if( optlen == 0 ) { + *text = "zero length option is invalid"; + return rtn; + + } else if ( optlen == STRLENOF("binary") && + strncasecmp( opt, "binary", STRLENOF("binary") ) == 0 ) + { + /* binary option */ + if( slap_ad_is_binary( &desc ) ) { + *text = "option \"binary\" specified multiple times"; + return rtn; + } + + if( !slap_syntax_is_binary( desc.ad_type->sat_syntax )) { + /* not stored in binary, disallow option */ + *text = "option \"binary\" not supported with type"; + return rtn; + } + + desc.ad_flags |= SLAP_DESC_BINARY; + continue; + + } else if (( aopt = ad_find_option_definition( opt, optlen )) ) { + int i; + + if( opt[optlen-1] == '-' || + ( aopt->name.bv_val[aopt->name.bv_len-1] == '=' && msad_range_hack )) { + desc.ad_flags |= SLAP_DESC_TAG_RANGE; + } + + if( ntags >= MAX_TAGGING_OPTIONS ) { + *text = "too many tagging options"; + return rtn; + } + + /* + * tags should be presented in sorted order, + * so run the array in reverse. + */ + for( i=ntags-1; i>=0; i-- ) { + int rc; + + rc = strncasecmp( opt, tags[i].bv_val, + (unsigned) optlen < tags[i].bv_len + ? (unsigned) optlen : tags[i].bv_len ); + + if( rc == 0 && (unsigned)optlen == tags[i].bv_len ) { + /* duplicate (ignore) */ + ntags--; + goto done; + + } else if ( rc > 0 || + ( rc == 0 && (unsigned)optlen > tags[i].bv_len )) + { + AC_MEMCPY( &tags[i+2], &tags[i+1], + (ntags-i-1)*sizeof(struct berval) ); + tags[i+1].bv_val = opt; + tags[i+1].bv_len = optlen; + goto done; + } + } + + if( ntags ) { + AC_MEMCPY( &tags[1], &tags[0], + ntags*sizeof(struct berval) ); + } + tags[0].bv_val = opt; + tags[0].bv_len = optlen; + +done:; + tagslen += optlen + 1; + ntags++; + + } else { + *text = "unrecognized option"; + return rtn; + } + } + + if( ntags > 0 ) { + int i; + + if( tagslen > MAX_TAGS_LEN ) { + *text = "tagging options too long"; + return rtn; + } + + desc.ad_tags.bv_val = tagbuf; + tagslen = 0; + + for( i=0; i<ntags; i++ ) { + AC_MEMCPY( &desc.ad_tags.bv_val[tagslen], + tags[i].bv_val, tags[i].bv_len ); + + tagslen += tags[i].bv_len; + desc.ad_tags.bv_val[tagslen++] = ';'; + } + + desc.ad_tags.bv_val[--tagslen] = '\0'; + desc.ad_tags.bv_len = tagslen; + } + + /* see if a matching description is already cached */ + for (d2 = desc.ad_type->sat_ad; d2; d2=d2->ad_next) { + if( d2->ad_flags != desc.ad_flags ) { + continue; + } + if( d2->ad_tags.bv_len != desc.ad_tags.bv_len ) { + continue; + } + if( d2->ad_tags.bv_len == 0 ) { + break; + } + if( strncasecmp( d2->ad_tags.bv_val, desc.ad_tags.bv_val, + desc.ad_tags.bv_len ) == 0 ) + { + break; + } + } + + /* Not found, add new one */ + while (d2 == NULL) { + size_t dlen = 0; + ldap_pvt_thread_mutex_lock( &desc.ad_type->sat_ad_mutex ); + /* check again now that we've locked */ + for (d2 = desc.ad_type->sat_ad; d2; d2=d2->ad_next) { + if (d2->ad_flags != desc.ad_flags) + continue; + if (d2->ad_tags.bv_len != desc.ad_tags.bv_len) + continue; + if (d2->ad_tags.bv_len == 0) + break; + if (strncasecmp(d2->ad_tags.bv_val, desc.ad_tags.bv_val, + desc.ad_tags.bv_len) == 0) + break; + } + if (d2) { + ldap_pvt_thread_mutex_unlock( &desc.ad_type->sat_ad_mutex ); + break; + } + + /* Allocate a single contiguous block. If there are no + * options, we just need space for the AttrDesc structure. + * Otherwise, we need to tack on the full name length + + * options length, + maybe tagging options length again. + */ + if (desc.ad_tags.bv_len || desc.ad_flags != SLAP_DESC_NONE) { + dlen = desc.ad_type->sat_cname.bv_len + 1; + if (desc.ad_tags.bv_len) { + dlen += 1 + desc.ad_tags.bv_len; + } + if ( slap_ad_is_binary( &desc ) ) { + dlen += 1 + STRLENOF(";binary") + desc.ad_tags.bv_len; + } + } + + d2 = ch_malloc(sizeof(AttributeDescription) + dlen); + d2->ad_next = NULL; + d2->ad_type = desc.ad_type; + d2->ad_flags = desc.ad_flags; + d2->ad_cname.bv_len = desc.ad_type->sat_cname.bv_len; + d2->ad_tags.bv_len = desc.ad_tags.bv_len; + ldap_pvt_thread_mutex_lock( &ad_index_mutex ); + d2->ad_index = ++ad_count; + ldap_pvt_thread_mutex_unlock( &ad_index_mutex ); + + if (dlen == 0) { + d2->ad_cname.bv_val = d2->ad_type->sat_cname.bv_val; + d2->ad_tags.bv_val = NULL; + } else { + char *cp, *op, *lp; + int j; + d2->ad_cname.bv_val = (char *)(d2+1); + strcpy(d2->ad_cname.bv_val, d2->ad_type->sat_cname.bv_val); + cp = d2->ad_cname.bv_val + d2->ad_cname.bv_len; + if( slap_ad_is_binary( &desc ) ) { + op = cp; + lp = NULL; + if( desc.ad_tags.bv_len ) { + lp = desc.ad_tags.bv_val; + while( strncasecmp(lp, "binary", STRLENOF("binary")) < 0 + && (lp = strchr( lp, ';' )) != NULL ) + ++lp; + if( lp != desc.ad_tags.bv_val ) { + *cp++ = ';'; + j = (lp + ? (unsigned) (lp - desc.ad_tags.bv_val - 1) + : strlen( desc.ad_tags.bv_val )); + cp = lutil_strncopy(cp, desc.ad_tags.bv_val, j); + } + } + cp = lutil_strcopy(cp, ";binary"); + if( lp != NULL ) { + *cp++ = ';'; + cp = lutil_strcopy(cp, lp); + } + d2->ad_cname.bv_len = cp - d2->ad_cname.bv_val; + if( desc.ad_tags.bv_len ) + ldap_pvt_str2lower(op); + j = 1; + } else { + j = 0; + } + if( desc.ad_tags.bv_len ) { + lp = d2->ad_cname.bv_val + d2->ad_cname.bv_len + j; + if ( j == 0 ) + *lp++ = ';'; + d2->ad_tags.bv_val = lp; + strcpy(lp, desc.ad_tags.bv_val); + ldap_pvt_str2lower(lp); + if( j == 0 ) + d2->ad_cname.bv_len += 1 + desc.ad_tags.bv_len; + } + } + /* Add new desc to list. We always want the bare Desc with + * no options to stay at the head of the list, assuming + * that one will be used most frequently. + */ + if (desc.ad_type->sat_ad == NULL || dlen == 0) { + d2->ad_next = desc.ad_type->sat_ad; + desc.ad_type->sat_ad = d2; + } else { + d2->ad_next = desc.ad_type->sat_ad->ad_next; + desc.ad_type->sat_ad->ad_next = d2; + } + ldap_pvt_thread_mutex_unlock( &desc.ad_type->sat_ad_mutex ); + } + + if( *ad == NULL ) { + *ad = d2; + } else { + **ad = *d2; + } + + return LDAP_SUCCESS; +} + +static int is_ad_subtags( + struct berval *subtagsbv, + struct berval *suptagsbv ) +{ + const char *suptags, *supp, *supdelimp, *supn; + const char *subtags, *subp, *subdelimp, *subn; + int suplen, sublen; + + subtags =subtagsbv->bv_val; + suptags =suptagsbv->bv_val; + subn = subtags + subtagsbv->bv_len; + supn = suptags + suptagsbv->bv_len; + + for( supp=suptags ; supp; supp=supdelimp ) { + supdelimp = strchrlen( supp, supn, ';', &suplen ); + if( supdelimp ) supdelimp++; + + for( subp=subtags ; subp; subp=subdelimp ) { + subdelimp = strchrlen( subp, subn, ';', &sublen ); + if( subdelimp ) subdelimp++; + + if ( suplen > sublen + ? ( suplen-1 == sublen && supp[suplen-1] == '-' + && strncmp( supp, subp, sublen ) == 0 ) + : ( ( suplen == sublen || supp[suplen-1] == '-' ) + && strncmp( supp, subp, suplen ) == 0 ) ) + { + goto match; + } + } + + return 0; +match:; + } + return 1; +} + +int is_ad_subtype( + AttributeDescription *sub, + AttributeDescription *super +) +{ + AttributeType *a; + int lr; + + for ( a = sub->ad_type; a; a=a->sat_sup ) { + if ( a == super->ad_type ) break; + } + if( !a ) { + return 0; + } + + /* ensure sub does support all flags of super */ + lr = sub->ad_tags.bv_len ? SLAP_DESC_TAG_RANGE : 0; + if(( super->ad_flags & ( sub->ad_flags | lr )) != super->ad_flags ) { + return 0; + } + + /* check for tagging options */ + if ( super->ad_tags.bv_len == 0 ) + return 1; + if ( sub->ad_tags.bv_len == 0 ) + return 0; + + return is_ad_subtags( &sub->ad_tags, &super->ad_tags ); +} + +int ad_inlist( + AttributeDescription *desc, + AttributeName *attrs ) +{ + if (! attrs ) return 0; + + for( ; attrs->an_name.bv_val; attrs++ ) { + AttributeType *a; + ObjectClass *oc; + + if ( attrs->an_desc ) { + int lr; + + if ( desc == attrs->an_desc ) { + return 1; + } + + /* + * EXTENSION: if requested description is preceded by + * a '-' character, do not match on subtypes. + */ + if ( attrs->an_name.bv_val[0] == '-' ) { + continue; + } + + /* Is this a subtype of the requested attr? */ + for (a = desc->ad_type; a; a=a->sat_sup) { + if ( a == attrs->an_desc->ad_type ) + break; + } + if ( !a ) { + continue; + } + /* Does desc support all the requested flags? */ + lr = desc->ad_tags.bv_len ? SLAP_DESC_TAG_RANGE : 0; + if(( attrs->an_desc->ad_flags & (desc->ad_flags | lr)) + != attrs->an_desc->ad_flags ) { + continue; + } + /* Do the descs have compatible tags? */ + if ( attrs->an_desc->ad_tags.bv_len == 0 ) { + return 1; + } + if ( desc->ad_tags.bv_len == 0) { + continue; + } + if ( is_ad_subtags( &desc->ad_tags, + &attrs->an_desc->ad_tags ) ) { + return 1; + } + continue; + } + + if ( ber_bvccmp( &attrs->an_name, '*' ) ) { + if ( !is_at_operational( desc->ad_type ) ) { + return 1; + } + continue; + } + + if ( ber_bvccmp( &attrs->an_name, '+' ) ) { + if ( is_at_operational( desc->ad_type ) ) { + return 1; + } + continue; + } + + /* + * EXTENSION: see if requested description is @objectClass + * if so, return attributes which the class requires/allows + * else if requested description is !objectClass, return + * attributes which the class does not require/allow + */ + if ( !( attrs->an_flags & SLAP_AN_OCINITED )) { + if( attrs->an_name.bv_val ) { + switch( attrs->an_name.bv_val[0] ) { + case '@': /* @objectClass */ + case '+': /* +objectClass (deprecated) */ + case '!': { /* exclude */ + struct berval ocname; + ocname.bv_len = attrs->an_name.bv_len - 1; + ocname.bv_val = &attrs->an_name.bv_val[1]; + oc = oc_bvfind( &ocname ); + if ( oc && attrs->an_name.bv_val[0] == '!' ) { + attrs->an_flags |= SLAP_AN_OCEXCLUDE; + } else { + attrs->an_flags &= ~SLAP_AN_OCEXCLUDE; + } + } break; + + default: /* old (deprecated) way */ + oc = oc_bvfind( &attrs->an_name ); + } + attrs->an_oc = oc; + } + attrs->an_flags |= SLAP_AN_OCINITED; + } + oc = attrs->an_oc; + if( oc != NULL ) { + if ( attrs->an_flags & SLAP_AN_OCEXCLUDE ) { + if ( oc == slap_schema.si_oc_extensibleObject ) { + /* extensibleObject allows the return of anything */ + return 0; + } + + if( oc->soc_required ) { + /* allow return of required attributes */ + int i; + + for ( i = 0; oc->soc_required[i] != NULL; i++ ) { + for (a = desc->ad_type; a; a=a->sat_sup) { + if ( a == oc->soc_required[i] ) { + return 0; + } + } + } + } + + if( oc->soc_allowed ) { + /* allow return of allowed attributes */ + int i; + for ( i = 0; oc->soc_allowed[i] != NULL; i++ ) { + for (a = desc->ad_type; a; a=a->sat_sup) { + if ( a == oc->soc_allowed[i] ) { + return 0; + } + } + } + } + + return 1; + } + + if ( oc == slap_schema.si_oc_extensibleObject ) { + /* extensibleObject allows the return of anything */ + return 1; + } + + if( oc->soc_required ) { + /* allow return of required attributes */ + int i; + + for ( i = 0; oc->soc_required[i] != NULL; i++ ) { + for (a = desc->ad_type; a; a=a->sat_sup) { + if ( a == oc->soc_required[i] ) { + return 1; + } + } + } + } + + if( oc->soc_allowed ) { + /* allow return of allowed attributes */ + int i; + for ( i = 0; oc->soc_allowed[i] != NULL; i++ ) { + for (a = desc->ad_type; a; a=a->sat_sup) { + if ( a == oc->soc_allowed[i] ) { + return 1; + } + } + } + } + + } else { + const char *text; + + /* give it a chance of being retrieved by a proxy... */ + (void)slap_bv2undef_ad( &attrs->an_name, + &attrs->an_desc, &text, + SLAP_AD_PROXIED|SLAP_AD_NOINSERT ); + } + } + + return 0; +} + + +int slap_str2undef_ad( + const char *str, + AttributeDescription **ad, + const char **text, + unsigned flags ) +{ + struct berval bv; + bv.bv_val = (char *) str; + bv.bv_len = strlen( str ); + + return slap_bv2undef_ad( &bv, ad, text, flags ); +} + +int slap_bv2undef_ad( + struct berval *bv, + AttributeDescription **ad, + const char **text, + unsigned flags ) +{ + AttributeDescription *desc; + AttributeType *at; + + assert( ad != NULL ); + + if( bv == NULL || bv->bv_len == 0 ) { + *text = "empty AttributeDescription"; + return LDAP_UNDEFINED_TYPE; + } + + /* make sure description is IA5 */ + if( ad_keystring( bv ) ) { + *text = "AttributeDescription contains inappropriate characters"; + return LDAP_UNDEFINED_TYPE; + } + + /* use the appropriate type */ + if ( flags & SLAP_AD_PROXIED ) { + at = slap_schema.si_at_proxied; + + } else { + at = slap_schema.si_at_undefined; + } + + for( desc = at->sat_ad; desc; desc=desc->ad_next ) { + if( desc->ad_cname.bv_len == bv->bv_len && + !strcasecmp( desc->ad_cname.bv_val, bv->bv_val ) ) + { + break; + } + } + + if( !desc ) { + if ( flags & SLAP_AD_NOINSERT ) { + *text = NULL; + return LDAP_UNDEFINED_TYPE; + } + + desc = ch_malloc(sizeof(AttributeDescription) + 1 + + bv->bv_len); + + desc->ad_flags = SLAP_DESC_NONE; + BER_BVZERO( &desc->ad_tags ); + + desc->ad_cname.bv_len = bv->bv_len; + desc->ad_cname.bv_val = (char *)(desc+1); + strncpy(desc->ad_cname.bv_val, bv->bv_val, bv->bv_len); + desc->ad_cname.bv_val[bv->bv_len] = '\0'; + + /* canonical to upper case */ + ldap_pvt_str2upper( desc->ad_cname.bv_val ); + + /* shouldn't we protect this for concurrency? */ + desc->ad_type = at; + desc->ad_index = 0; + ldap_pvt_thread_mutex_lock( &ad_undef_mutex ); + desc->ad_next = desc->ad_type->sat_ad; + desc->ad_type->sat_ad = desc; + ldap_pvt_thread_mutex_unlock( &ad_undef_mutex ); + + Debug( LDAP_DEBUG_ANY, + "%s attributeDescription \"%s\" inserted.\n", + ( flags & SLAP_AD_PROXIED ) ? "PROXIED" : "UNKNOWN", + desc->ad_cname.bv_val ); + } + + if( !*ad ) { + *ad = desc; + } else { + **ad = *desc; + } + + return LDAP_SUCCESS; +} + +AttributeDescription * +slap_bv2tmp_ad( + struct berval *bv, + void *memctx ) +{ + AttributeDescription *ad = + slap_sl_mfuncs.bmf_malloc( sizeof(AttributeDescription) + + bv->bv_len + 1, memctx ); + + ad->ad_cname.bv_val = (char *)(ad+1); + strncpy( ad->ad_cname.bv_val, bv->bv_val, bv->bv_len+1 ); + ad->ad_cname.bv_len = bv->bv_len; + ad->ad_flags = SLAP_DESC_TEMPORARY; + ad->ad_type = slap_schema.si_at_undefined; + + return ad; +} + +static int +undef_promote( + AttributeType *at, + char *name, + AttributeType *nat ) +{ + AttributeDescription **u_ad, **n_ad; + + /* Get to last ad on the new type */ + for ( n_ad = &nat->sat_ad; *n_ad; n_ad = &(*n_ad)->ad_next ) ; + + for ( u_ad = &at->sat_ad; *u_ad; ) { + struct berval bv; + + ber_str2bv( name, 0, 0, &bv ); + + /* remove iff undef == name or undef == name;tag */ + if ( (*u_ad)->ad_cname.bv_len >= bv.bv_len + && strncasecmp( (*u_ad)->ad_cname.bv_val, bv.bv_val, bv.bv_len ) == 0 + && ( (*u_ad)->ad_cname.bv_val[ bv.bv_len ] == '\0' + || (*u_ad)->ad_cname.bv_val[ bv.bv_len ] == ';' ) ) + { + AttributeDescription *tmp = *u_ad; + + *u_ad = (*u_ad)->ad_next; + + tmp->ad_type = nat; + tmp->ad_next = NULL; + /* ad_cname was contiguous, no leak here */ + tmp->ad_cname = nat->sat_cname; + ldap_pvt_thread_mutex_lock( &ad_index_mutex ); + tmp->ad_index = ++ad_count; + ldap_pvt_thread_mutex_unlock( &ad_index_mutex ); + *n_ad = tmp; + n_ad = &tmp->ad_next; + } else { + u_ad = &(*u_ad)->ad_next; + } + } + + return 0; +} + +int +slap_ad_undef_promote( + char *name, + AttributeType *at ) +{ + int rc; + + ldap_pvt_thread_mutex_lock( &ad_undef_mutex ); + + rc = undef_promote( slap_schema.si_at_undefined, name, at ); + if ( rc == 0 ) { + rc = undef_promote( slap_schema.si_at_proxied, name, at ); + } + + ldap_pvt_thread_mutex_unlock( &ad_undef_mutex ); + + return rc; +} + +int +an_find( + AttributeName *a, + struct berval *s +) +{ + if( a == NULL ) return 0; + + for ( ; a->an_name.bv_val; a++ ) { + if ( a->an_name.bv_len != s->bv_len) continue; + if ( strcasecmp( s->bv_val, a->an_name.bv_val ) == 0 ) { + return( 1 ); + } + } + + return( 0 ); +} + +/* + * Convert a delimited string into a list of AttributeNames; add + * on to an existing list if it was given. If the string is not + * a valid attribute name, if a '-' is prepended it is skipped + * and the remaining name is tried again; if a '@' (or '+') is + * prepended, an objectclass name is searched instead; if a '!' + * is prepended, the objectclass name is negated. + * + * NOTE: currently, if a valid attribute name is not found, the + * same string is also checked as valid objectclass name; however, + * this behavior is deprecated. + */ +AttributeName * +str2anlist( AttributeName *an, char *in, const char *brkstr ) +{ + char *str; + char *s; + char *lasts; + int i, j; + const char *text; + AttributeName *anew; + + /* find last element in list */ + i = 0; + if ( an != NULL ) { + for ( i = 0; !BER_BVISNULL( &an[ i ].an_name ) ; i++) + ; + } + + /* protect the input string from strtok */ + str = ch_strdup( in ); + + /* Count words in string */ + j = 1; + for ( s = str; *s; s++ ) { + if ( strchr( brkstr, *s ) != NULL ) { + j++; + } + } + + an = ch_realloc( an, ( i + j + 1 ) * sizeof( AttributeName ) ); + anew = an + i; + for ( s = ldap_pvt_strtok( str, brkstr, &lasts ); + s != NULL; + s = ldap_pvt_strtok( NULL, brkstr, &lasts ) ) + { + /* put a stop mark */ + BER_BVZERO( &anew[1].an_name ); + + anew->an_desc = NULL; + anew->an_oc = NULL; + anew->an_flags = 0; + ber_str2bv(s, 0, 1, &anew->an_name); + slap_bv2ad(&anew->an_name, &anew->an_desc, &text); + if ( !anew->an_desc ) { + switch( anew->an_name.bv_val[0] ) { + case '-': { + struct berval adname; + adname.bv_len = anew->an_name.bv_len - 1; + adname.bv_val = &anew->an_name.bv_val[1]; + slap_bv2ad(&adname, &anew->an_desc, &text); + if ( !anew->an_desc ) { + goto reterr; + } + } break; + + case '@': + case '+': /* (deprecated) */ + case '!': { + struct berval ocname; + ocname.bv_len = anew->an_name.bv_len - 1; + ocname.bv_val = &anew->an_name.bv_val[1]; + anew->an_oc = oc_bvfind( &ocname ); + if ( !anew->an_oc ) { + goto reterr; + } + + if ( anew->an_name.bv_val[0] == '!' ) { + anew->an_flags |= SLAP_AN_OCEXCLUDE; + } + } break; + + default: + /* old (deprecated) way */ + anew->an_oc = oc_bvfind( &anew->an_name ); + if ( !anew->an_oc ) { + goto reterr; + } + } + } + anew->an_flags |= SLAP_AN_OCINITED; + anew++; + } + + BER_BVZERO( &anew->an_name ); + free( str ); + return( an ); + +reterr: + anlist_free( an, 1, NULL ); + + /* + * overwrites input string + * on error! + */ + strcpy( in, s ); + free( str ); + return NULL; +} + +void +anlist_free( AttributeName *an, int freename, void *ctx ) +{ + if ( an == NULL ) { + return; + } + + if ( freename ) { + int i; + + for ( i = 0; an[i].an_name.bv_val; i++ ) { + ber_memfree_x( an[i].an_name.bv_val, ctx ); + } + } + + ber_memfree_x( an, ctx ); +} + +char **anlist2charray_x( AttributeName *an, int dup, void *ctx ) +{ + char **attrs; + int i; + + if ( an != NULL ) { + for ( i = 0; !BER_BVISNULL( &an[i].an_name ); i++ ) + ; + attrs = (char **) slap_sl_malloc( (i + 1) * sizeof(char *), ctx ); + for ( i = 0; !BER_BVISNULL( &an[i].an_name ); i++ ) { + if ( dup ) + attrs[i] = ch_strdup( an[i].an_name.bv_val ); + else + attrs[i] = an[i].an_name.bv_val; + } + attrs[i] = NULL; + } else { + attrs = NULL; + } + + return attrs; +} + +char **anlist2charray( AttributeName *an, int dup ) +{ + return anlist2charray_x( an, dup, NULL ); +} + +char** +anlist2attrs( AttributeName * anlist ) +{ + int i, j, k = 0; + int n; + char **attrs; + ObjectClass *oc; + + if ( anlist == NULL ) + return NULL; + + for ( i = 0; anlist[i].an_name.bv_val; i++ ) { + if ( ( oc = anlist[i].an_oc ) ) { + for ( j = 0; oc->soc_required && oc->soc_required[j]; j++ ) ; + k += j; + for ( j = 0; oc->soc_allowed && oc->soc_allowed[j]; j++ ) ; + k += j; + } + } + + if ( i == 0 ) + return NULL; + + attrs = anlist2charray( anlist, 1 ); + + n = i; + + if ( k ) + attrs = (char **) ch_realloc( attrs, (i + k + 1) * sizeof( char * )); + + for ( i = 0; anlist[i].an_name.bv_val; i++ ) { + if ( ( oc = anlist[i].an_oc ) ) { + for ( j = 0; oc->soc_required && oc->soc_required[j]; j++ ) { + attrs[n++] = ch_strdup( + oc->soc_required[j]->sat_cname.bv_val ); + } + for ( j = 0; oc->soc_allowed && oc->soc_allowed[j]; j++ ) { + attrs[n++] = ch_strdup( + oc->soc_allowed[j]->sat_cname.bv_val ); + } + } + } + + if ( attrs ) + attrs[n] = NULL; + + i = 0; + while ( attrs && attrs[i] ) { + if ( *attrs[i] == '@' ) { + ch_free( attrs[i] ); + for ( j = i; attrs[j]; j++ ) { + attrs[j] = attrs[j+1]; + } + } else { + i++; + } + } + + for ( i = 0; attrs && attrs[i]; i++ ) { + j = i + 1; + while ( attrs && attrs[j] ) { + if ( !strcmp( attrs[i], attrs[j] )) { + ch_free( attrs[j] ); + for ( k = j; attrs && attrs[k]; k++ ) { + attrs[k] = attrs[k+1]; + } + } else { + j++; + } + } + } + + if ( i != n ) + attrs = (char **) ch_realloc( attrs, (i+1) * sizeof( char * )); + + return attrs; +} + +#define LBUFSIZ 80 +AttributeName* +file2anlist( AttributeName *an, const char *fname, const char *brkstr ) +{ + FILE *fp; + char *line = NULL; + char *lcur = NULL; + char *c; + size_t lmax = LBUFSIZ; + + fp = fopen( fname, "r" ); + if ( fp == NULL ) { + char ebuf[128]; + int saved_errno = errno; + Debug( LDAP_DEBUG_ANY, + "get_attrs_from_file: failed to open attribute list file " + "\"%s\": %s\n", fname, AC_STRERROR_R( saved_errno, ebuf, sizeof(ebuf) ) ); + return NULL; + } + + lcur = line = (char *) ch_malloc( lmax ); + if ( !line ) { + Debug( LDAP_DEBUG_ANY, + "get_attrs_from_file: could not allocate memory\n" ); + fclose(fp); + return NULL; + } + + while ( fgets( lcur, LBUFSIZ, fp ) != NULL ) { + if ( ( c = strchr( lcur, '\n' ) ) ) { + if ( c == line ) { + *c = '\0'; + } else if ( *(c-1) == '\r' ) { + *(c-1) = '\0'; + } else { + *c = '\0'; + } + } else { + lmax += LBUFSIZ; + line = (char *) ch_realloc( line, lmax ); + if ( !line ) { + Debug( LDAP_DEBUG_ANY, + "get_attrs_from_file: could not allocate memory\n" ); + fclose(fp); + return NULL; + } + lcur = line + strlen( line ); + continue; + } + an = str2anlist( an, line, brkstr ); + if ( an == NULL ) + break; + lcur = line; + } + ch_free( line ); + fclose(fp); + return an; +} +#undef LBUFSIZ + +/* Define an attribute option. */ +int +ad_define_option( const char *name, const char *fname, int lineno ) +{ + int i; + unsigned int optlen; + + if ( options == &lang_option ) { + options = NULL; + option_count = 0; + } + if ( name == NULL ) + return 0; + + optlen = 0; + do { + if ( !DESC_CHAR( name[optlen] ) ) { + /* allow trailing '=', same as '-' */ + if ( name[optlen] == '=' && !name[optlen+1] ) { + msad_range_hack = 1; + continue; + } + Debug( LDAP_DEBUG_ANY, + "%s: line %d: illegal option name \"%s\"\n", + fname, lineno, name ); + return 1; + } + } while ( name[++optlen] ); + + options = ch_realloc( options, + (option_count+1) * sizeof(Attr_option) ); + + if ( strcasecmp( name, "binary" ) == 0 + || ad_find_option_definition( name, optlen ) ) { + Debug( LDAP_DEBUG_ANY, + "%s: line %d: option \"%s\" is already defined\n", + fname, lineno, name ); + return 1; + } + + for ( i = option_count; i; --i ) { + if ( strcasecmp( name, options[i-1].name.bv_val ) >= 0 ) + break; + options[i] = options[i-1]; + } + + options[i].name.bv_val = ch_strdup( name ); + options[i].name.bv_len = optlen; + options[i].prefix = (name[optlen-1] == '-') || + (name[optlen-1] == '='); + + if ( i != option_count && + options[i].prefix && + optlen < options[i+1].name.bv_len && + strncasecmp( name, options[i+1].name.bv_val, optlen ) == 0 ) { + Debug( LDAP_DEBUG_ANY, + "%s: line %d: option \"%s\" overrides previous option\n", + fname, lineno, name ); + return 1; + } + + option_count++; + return 0; +} + +void +ad_unparse_options( BerVarray *res ) +{ + int i; + for ( i = 0; i < option_count; i++ ) { + value_add_one( res, &options[i].name ); + } +} + +/* Find the definition of the option name or prefix matching the arguments */ +static Attr_option * +ad_find_option_definition( const char *opt, int optlen ) +{ + int top = 0, bot = option_count; + while ( top < bot ) { + int mid = (top + bot) / 2; + int mlen = options[mid].name.bv_len; + char *mname = options[mid].name.bv_val; + int j; + if ( optlen < mlen ) { + j = strncasecmp( opt, mname, optlen ) - 1; + } else { + j = strncasecmp( opt, mname, mlen ); + if ( j==0 && (optlen==mlen || options[mid].prefix) ) + return &options[mid]; + } + if ( j < 0 ) + bot = mid; + else + top = mid + 1; + } + return NULL; +} + +MatchingRule *ad_mr( + AttributeDescription *ad, + unsigned usage ) +{ + switch( usage & SLAP_MR_TYPE_MASK ) { + case SLAP_MR_NONE: + case SLAP_MR_EQUALITY: + return ad->ad_type->sat_equality; + break; + case SLAP_MR_ORDERING: + return ad->ad_type->sat_ordering; + break; + case SLAP_MR_SUBSTR: + return ad->ad_type->sat_substr; + break; + case SLAP_MR_EXT: + default: + assert( 0 /* ad_mr: bad usage */); + } + return NULL; +} |