/** BEGIN COPYRIGHT BLOCK * Copyright (C) 2001 Sun Microsystems, Inc. Used by permission. * Copyright (C) 2009 Red Hat, Inc. * All rights reserved. * * License: GPL (version 3 or any later version). * See LICENSE for details. * END COPYRIGHT BLOCK **/ #ifdef HAVE_CONFIG_H #include #endif /* nameoptuid.c - Name And Optional UID syntax routines */ #include #include #include #include "syntax.h" static int nameoptuid_filter_ava(Slapi_PBlock *pb, struct berval *bvfilter, Slapi_Value **bvals, int ftype, Slapi_Value **retVal); static int nameoptuid_filter_sub(Slapi_PBlock *pb, char *initial, char **any, char * final, Slapi_Value **bvals); static int nameoptuid_values2keys(Slapi_PBlock *pb, Slapi_Value **val, Slapi_Value ***ivals, int ftype); static int nameoptuid_assertion2keys_ava(Slapi_PBlock *pb, Slapi_Value *val, Slapi_Value ***ivals, int ftype); static int nameoptuid_assertion2keys_sub(Slapi_PBlock *pb, char *initial, char **any, char * final, Slapi_Value ***ivals); static int nameoptuid_compare(struct berval *v1, struct berval *v2); static int nameoptuid_validate(struct berval *val); static void nameoptuid_normalize( Slapi_PBlock *pb, char *s, int trim_spaces, char **alt); /* the first name is the official one from RFC 4517 */ static char *names[] = {"Name And Optional UID", "nameoptuid", NAMEANDOPTIONALUID_SYNTAX_OID, 0}; static Slapi_PluginDesc pdesc = {"nameoptuid-syntax", VENDOR, DS_PACKAGE_VERSION, "Name And Optional UID attribute syntax plugin"}; static const char *uniqueMemberMatch_names[] = {"uniqueMemberMatch", "2.5.13.23", NULL}; static struct mr_plugin_def mr_plugin_table[] = { { { "2.5.13.23", NULL, "uniqueMemberMatch", "The uniqueMemberMatch rule compares an assertion value of the Name " "And Optional UID syntax to an attribute value of a syntax (e.g., the " "Name And Optional UID syntax) whose corresponding ASN.1 type is " "NameAndOptionalUID. " "The rule evaluates to TRUE if and only if the " "components of the assertion value and attribute value match according " "to the distinguishedNameMatch rule and either, (1) the " "component is absent from both the attribute value and assertion " "value, or (2) the component is present in both the " "attribute value and the assertion value and the component " "of the assertion value matches the component of the " "attribute value according to the bitStringMatch rule. " "Note that this matching rule has been altered from its description in " "X.520 [X.520] in order to make the matching rule commutative. Server " "implementors should consider using the original X.520 semantics " "(where the matching was less exact) for approximate matching of " "attributes with uniqueMemberMatch as the equality matching rule.", NAMEANDOPTIONALUID_SYNTAX_OID, 0, NULL /* no other syntaxes supported */ }, /* matching rule desc */ { "uniqueMemberMatch-mr", VENDOR, DS_PACKAGE_VERSION, "uniqueMemberMatch matching rule plugin"}, /* plugin desc */ uniqueMemberMatch_names, /* matching rule name/oid/aliases */ NULL, NULL, nameoptuid_filter_ava, NULL, nameoptuid_values2keys, nameoptuid_assertion2keys_ava, NULL, nameoptuid_compare, NULL /* mr_normalise */ }, }; static size_t mr_plugin_table_size = sizeof(mr_plugin_table) / sizeof(mr_plugin_table[0]); static int matching_rule_plugin_init(Slapi_PBlock *pb) { return syntax_matching_rule_plugin_init(pb, mr_plugin_table, mr_plugin_table_size); } static int register_matching_rule_plugins(void) { return syntax_register_matching_rule_plugins(mr_plugin_table, mr_plugin_table_size, matching_rule_plugin_init); } int nameoptuid_init(Slapi_PBlock *pb) { int rc, flags; slapi_log_err(SLAPI_LOG_PLUGIN, SYNTAX_PLUGIN_SUBSYSTEM, "=> nameoptuid_init\n"); rc = slapi_pblock_set(pb, SLAPI_PLUGIN_VERSION, (void *)SLAPI_PLUGIN_VERSION_01); rc |= slapi_pblock_set(pb, SLAPI_PLUGIN_DESCRIPTION, (void *)&pdesc); rc |= slapi_pblock_set(pb, SLAPI_PLUGIN_SYNTAX_FILTER_AVA, (void *)nameoptuid_filter_ava); rc |= slapi_pblock_set(pb, SLAPI_PLUGIN_SYNTAX_FILTER_SUB, (void *)nameoptuid_filter_sub); rc |= slapi_pblock_set(pb, SLAPI_PLUGIN_SYNTAX_VALUES2KEYS, (void *)nameoptuid_values2keys); rc |= slapi_pblock_set(pb, SLAPI_PLUGIN_SYNTAX_ASSERTION2KEYS_AVA, (void *)nameoptuid_assertion2keys_ava); rc |= slapi_pblock_set(pb, SLAPI_PLUGIN_SYNTAX_ASSERTION2KEYS_SUB, (void *)nameoptuid_assertion2keys_sub); flags = SLAPI_PLUGIN_SYNTAX_FLAG_ORDERING; rc |= slapi_pblock_set(pb, SLAPI_PLUGIN_SYNTAX_FLAGS, (void *)&flags); rc |= slapi_pblock_set(pb, SLAPI_PLUGIN_SYNTAX_NAMES, (void *)names); rc |= slapi_pblock_set(pb, SLAPI_PLUGIN_SYNTAX_OID, (void *)NAMEANDOPTIONALUID_SYNTAX_OID); rc |= slapi_pblock_set(pb, SLAPI_PLUGIN_SYNTAX_COMPARE, (void *)nameoptuid_compare); rc |= slapi_pblock_set(pb, SLAPI_PLUGIN_SYNTAX_VALIDATE, (void *)nameoptuid_validate); rc |= slapi_pblock_set(pb, SLAPI_PLUGIN_SYNTAX_NORMALIZE, (void *)nameoptuid_normalize); rc |= register_matching_rule_plugins(); slapi_log_err(SLAPI_LOG_PLUGIN, SYNTAX_PLUGIN_SUBSYSTEM, "<= nameoptuid_init %d\n", rc); return (rc); } static int nameoptuid_filter_ava( Slapi_PBlock *pb, struct berval *bvfilter, Slapi_Value **bvals, int ftype, Slapi_Value **retVal) { int filter_normalized = 0; int syntax = SYNTAX_CIS | SYNTAX_DN; if (pb) { slapi_pblock_get(pb, SLAPI_PLUGIN_SYNTAX_FILTER_NORMALIZED, &filter_normalized); if (filter_normalized) { syntax |= SYNTAX_NORM_FILT; } } return (string_filter_ava(bvfilter, bvals, syntax, ftype, retVal)); } static int nameoptuid_filter_sub( Slapi_PBlock *pb, char *initial, char **any, char * final, Slapi_Value **bvals) { return (string_filter_sub(pb, initial, any, final, bvals, SYNTAX_CIS | SYNTAX_DN)); } static int nameoptuid_values2keys( Slapi_PBlock *pb, Slapi_Value **vals, Slapi_Value ***ivals, int ftype) { return (string_values2keys(pb, vals, ivals, SYNTAX_CIS | SYNTAX_DN, ftype)); } static int nameoptuid_assertion2keys_ava( Slapi_PBlock *pb, Slapi_Value *val, Slapi_Value ***ivals, int ftype) { return (string_assertion2keys_ava(pb, val, ivals, SYNTAX_CIS | SYNTAX_DN, ftype)); } static int nameoptuid_assertion2keys_sub( Slapi_PBlock *pb, char *initial, char **any, char * final, Slapi_Value ***ivals) { return (string_assertion2keys_sub(pb, initial, any, final, ivals, SYNTAX_CIS | SYNTAX_DN)); } static int nameoptuid_compare( struct berval *v1, struct berval *v2) { return value_cmp(v1, v2, SYNTAX_CIS | SYNTAX_DN, 3 /* Normalise both values */); } static int nameoptuid_validate( struct berval *val) { int rc = 0; /* assume the value is valid */ int got_sharp = 0; const char *p = NULL; const char *start = NULL; const char *end = NULL; /* Per RFC4517: * * NameAndOptionalUID = distinguishedName [ SHARP BitString ] */ /* Don't allow a 0 length string */ if ((val == NULL) || (val->bv_len == 0)) { rc = 1; goto exit; } start = &(val->bv_val[0]); end = &(val->bv_val[val->bv_len - 1]); /* Find the last SHARP in the value that may be separating * the distinguishedName from the optional BitString. */ for (p = end; p >= start + 1; p--) { if (IS_SHARP(*p)) { got_sharp = 1; break; } } if (got_sharp) { /* Try to validate everything after the sharp as * a BitString. If this fails, we may still have * a valid value since a sharp is allowed in a * distinguishedName. If we don't find a valid * BitString, just validate the entire value as * a distinguishedName. */ if ((rc = bitstring_validate_internal(p + 1, end)) != 0) { rc = distinguishedname_validate(start, end); } else { rc = distinguishedname_validate(start, p - 1); } } else { /* No optional BitString is present, so validate * the entire value as a distinguishedName. */ rc = distinguishedname_validate(start, end); } exit: return rc; } static void nameoptuid_normalize( Slapi_PBlock *pb __attribute__((unused)), char *s, int trim_spaces, char **alt) { value_normalize_ext(s, SYNTAX_CIS | SYNTAX_DN, trim_spaces, alt); return; }