Please review: fix rpmlint issues
by Rich Megginson
There are a couple of rpmlint issues with 389-ds-base:
389-ds-base.x86_64: E: script-without-shebang
/usr/lib64/dirsrv/perl/Resource.pm
...
389-ds-base.x86_64: E: executable-marked-as-config-file
/etc/sysconfig/dirsrv
These are fixed by marking them as _DATA instead of _SCRIPTS in Makefile.am
I'm also changing the version to 1.2.1 to take into consideration the
new syntax and paged results code.
Finally, this is the output of git diff, not git-format-patch, so you
guys don't have to wade through all of those configure and Makefile.in
diffs.
14 years, 11 months
Please Review: Add strict DN syntax enforcement option
by Nathan Kinder
>From 0410819d48795fca4faf986cf8658c34c4d929e3 Mon Sep 17 00:00:00 2001
From: Nathan Kinder <nkinder(a)redhat.com>
Date: Wed, 13 May 2009 11:12:11 -0700
Subject: [PATCH] Add strict DN syntax enforcement option.
The DN syntax has become more restrictive over time, and the
current rules are quite strict. Strict adherence to the rules
defined in RFC 4514, section 3, would likely cause some pain to
client applications. Things such as spaces between the RDN
components are not allowed, yet many people use them still since
they were allowed in the previous specification outlined in RFC
1779.
To deal with the special circumstances around validation of the DN
syntax, a configuration attribute is provided named
nsslapd-dn-validate-strict. This configuration attribute will
ensure that the value strictly adheres to the rules defined in RFC
4514, section 3 if it is set to on. If it is set to off, the server
will normalize the value before checking it for syntax violations.
Our current normalization function was designed to handle DN values
adhering to RFC 1779 or RFC 2253
---
ldap/ldif/template-dse.ldif.in | 1 +
ldap/servers/plugins/syntaxes/dn.c | 16 ++++++++++++++++
ldap/servers/slapd/config.c | 16 ++++++++++++++++
ldap/servers/slapd/libglobs.c | 30 ++++++++++++++++++++++++++++++
ldap/servers/slapd/proto-slap.h | 2 ++
ldap/servers/slapd/slap.h | 4 +++-
6 files changed, 68 insertions(+), 1 deletions(-)
diff --git a/ldap/ldif/template-dse.ldif.in b/ldap/ldif/template-dse.ldif.in
index 232d9f2..54a9c4f 100644
--- a/ldap/ldif/template-dse.ldif.in
+++ b/ldap/ldif/template-dse.ldif.in
@@ -25,6 +25,7 @@ nsslapd-enquote-sup-oc: off
nsslapd-localhost: %fqdn%
nsslapd-schemacheck: on
nsslapd-syntaxcheck: on
+nsslapd-dn-validate-strict: off
nsslapd-rewrite-rfc1274: off
nsslapd-return-exact-case: on
nsslapd-ssl-check-hostname: on
diff --git a/ldap/servers/plugins/syntaxes/dn.c b/ldap/servers/plugins/syntaxes/dn.c
index a6dcced..80a3f8b 100644
--- a/ldap/servers/plugins/syntaxes/dn.c
+++ b/ldap/servers/plugins/syntaxes/dn.c
@@ -141,6 +141,7 @@ dn_assertion2keys_sub( Slapi_PBlock *pb, char *initial, char **any, char *final,
static int dn_validate( struct berval *val )
{
int rc = 0; /* Assume value is valid */
+ char *val_copy = NULL;
if (val != NULL) {
/* Per RFC 4514:
@@ -154,10 +155,22 @@ static int dn_validate( struct berval *val )
* attributeValue = string / hexstring
*/
if (val->bv_len > 0) {
+ int strict = 0;
char *p = val->bv_val;
char *end = &(val->bv_val[val->bv_len - 1]);
char *last = NULL;
+ /* Check if we should be performing strict validation. */
+ strict = config_get_dn_validate_strict();
+ if (!strict) {
+ /* Create a normalized copy of the value to use
+ * for validation. The original value will be
+ * stored in the backend unmodified. */
+ val_copy = PL_strndup(val->bv_val, val->bv_len);
+ p = val_copy;
+ end = slapi_dn_normalize_to_end(p, NULL) - 1;
+ }
+
/* Validate one RDN at a time in a loop. */
while (p <= end) {
if ((rc = rdn_validate(p, end, &last)) != 0) {
@@ -186,6 +199,9 @@ static int dn_validate( struct berval *val )
goto exit;
}
exit:
+ if (val_copy) {
+ slapi_ch_free_string(&val_copy);
+ }
return rc;
}
diff --git a/ldap/servers/slapd/config.c b/ldap/servers/slapd/config.c
index 1af1b77..6275757 100644
--- a/ldap/servers/slapd/config.c
+++ b/ldap/servers/slapd/config.c
@@ -241,11 +241,13 @@ slapd_bootstrap_config(const char *configdir)
char schemacheck[BUFSIZ];
char syntaxcheck[BUFSIZ];
char syntaxlogging[BUFSIZ];
+ char dn_validate_strict[BUFSIZ];
Slapi_DN plug_dn;
workpath[0] = loglevel[0] = maxdescriptors[0] = '\0';
val[0] = logenabled[0] = schemacheck[0] = syntaxcheck[0] = '\0';
syntaxlogging[0] = _localuser[0] = '\0';
+ dn_validate_strict[0] = '\0';
/* Convert LDIF to entry structures */
slapi_sdn_init_dn_byref(&plug_dn, PLUGIN_BASE_DN);
@@ -490,6 +492,20 @@ slapd_bootstrap_config(const char *configdir)
}
}
+ /* see if we need to enable strict dn validation */
+ if (!dn_validate_strict[0] &&
+ entry_has_attr_and_value(e, CONFIG_DN_VALIDATE_STRICT_ATTRIBUTE,
+ dn_validate_strict, sizeof(dn_validate_strict)))
+ {
+ if (config_set_dn_validate_strict(CONFIG_DN_VALIDATE_STRICT_ATTRIBUTE,
+ dn_validate_strict, errorbuf, CONFIG_APPLY)
+ != LDAP_SUCCESS)
+ {
+ LDAPDebug(LDAP_DEBUG_ANY, "%s: %s: %s\n", configfile,
+ CONFIG_DN_VALIDATE_STRICT_ATTRIBUTE, errorbuf);
+ }
+ }
+
/* see if we need to expect quoted schema values */
if (entry_has_attr_and_value(e, CONFIG_ENQUOTE_SUP_OC_ATTRIBUTE,
val, sizeof(val)))
diff --git a/ldap/servers/slapd/libglobs.c b/ldap/servers/slapd/libglobs.c
index 30ad5f3..8c13a9b 100644
--- a/ldap/servers/slapd/libglobs.c
+++ b/ldap/servers/slapd/libglobs.c
@@ -327,6 +327,9 @@ static struct config_get_and_set {
{CONFIG_SYNTAXLOGGING_ATTRIBUTE, config_set_syntaxlogging,
NULL, 0,
(void**)&global_slapdFrontendConfig.syntaxlogging, CONFIG_ON_OFF, NULL},
+ {CONFIG_DN_VALIDATE_STRICT_ATTRIBUTE, config_set_dn_validate_strict,
+ NULL, 0,
+ (void**)&global_slapdFrontendConfig.dn_validate_strict, CONFIG_ON_OFF, NULL},
{CONFIG_DS4_COMPATIBLE_SCHEMA_ATTRIBUTE, config_set_ds4_compatible_schema,
NULL, 0,
(void**)&global_slapdFrontendConfig.ds4_compatible_schema,
@@ -899,6 +902,7 @@ FrontendConfig_init () {
cfg->schemacheck = LDAP_ON;
cfg->syntaxcheck = LDAP_OFF;
cfg->syntaxlogging = LDAP_OFF;
+ cfg->dn_validate_strict = LDAP_OFF;
cfg->ds4_compatible_schema = LDAP_OFF;
cfg->enquote_sup_oc = LDAP_OFF;
cfg->lastmod = LDAP_ON;
@@ -2459,6 +2463,20 @@ config_set_syntaxlogging( const char *attrname, char *value, char *errorbuf, int
}
int
+config_set_dn_validate_strict( const char *attrname, char *value, char *errorbuf, int apply ) {
+ int retVal = LDAP_SUCCESS;
+ slapdFrontendConfig_t *slapdFrontendConfig = getFrontendConfig();
+
+ retVal = config_set_onoff ( attrname,
+ value,
+ &(slapdFrontendConfig->dn_validate_strict),
+ errorbuf,
+ apply);
+
+ return retVal;
+}
+
+int
config_set_ds4_compatible_schema( const char *attrname, char *value, char *errorbuf, int apply ) {
int retVal = LDAP_SUCCESS;
slapdFrontendConfig_t *slapdFrontendConfig = getFrontendConfig();
@@ -4093,6 +4111,18 @@ config_get_syntaxlogging() {
}
int
+config_get_dn_validate_strict() {
+ slapdFrontendConfig_t *slapdFrontendConfig = getFrontendConfig();
+ int retVal;
+
+ CFG_LOCK_READ(slapdFrontendConfig);
+ retVal = slapdFrontendConfig->dn_validate_strict;
+ CFG_UNLOCK_READ(slapdFrontendConfig);
+
+ return retVal;
+}
+
+int
config_get_ds4_compatible_schema() {
slapdFrontendConfig_t *slapdFrontendConfig = getFrontendConfig();
int retVal;
diff --git a/ldap/servers/slapd/proto-slap.h b/ldap/servers/slapd/proto-slap.h
index c561196..2041a99 100644
--- a/ldap/servers/slapd/proto-slap.h
+++ b/ldap/servers/slapd/proto-slap.h
@@ -266,6 +266,7 @@ int config_set_readonly( const char *attrname, char *value, char *errorbuf, int
int config_set_schemacheck( const char *attrname, char *value, char *errorbuf, int apply );
int config_set_syntaxcheck( const char *attrname, char *value, char *errorbuf, int apply );
int config_set_syntaxlogging( const char *attrname, char *value, char *errorbuf, int apply );
+int config_set_dn_validate_strict( const char *attrname, char *value, char *errorbuf, int apply );
int config_set_ds4_compatible_schema( const char *attrname, char *value, char *errorbuf, int apply );
int config_set_schema_ignore_trailing_spaces( const char *attrname, char *value, char *errorbuf, int apply );
int config_set_rootdn( const char *attrname, char *value, char *errorbuf, int apply );
@@ -410,6 +411,7 @@ int config_get_security();
int config_get_schemacheck();
int config_get_syntaxcheck();
int config_get_syntaxlogging();
+int config_get_dn_validate_strict();
int config_get_ds4_compatible_schema();
int config_get_schema_ignore_trailing_spaces();
char *config_get_rootdn();
diff --git a/ldap/servers/slapd/slap.h b/ldap/servers/slapd/slap.h
index cec186f..724bef9 100644
--- a/ldap/servers/slapd/slap.h
+++ b/ldap/servers/slapd/slap.h
@@ -1639,7 +1639,8 @@ typedef struct _slapdEntryPoints {
#define CONFIG_SCHEMACHECK_ATTRIBUTE "nsslapd-schemacheck"
#define CONFIG_SYNTAXCHECK_ATTRIBUTE "nsslapd-syntaxcheck"
#define CONFIG_SYNTAXLOGGING_ATTRIBUTE "nsslapd-syntaxlogging"
-#define CONFIG_DS4_COMPATIBLE_SCHEMA_ATTRIBUTE "nsslapd-ds4-compatible-schema"
+#define CONFIG_DN_VALIDATE_STRICT_ATTRIBUTE "nsslapd-dn-validate-strict"
+#define CONFIG_DS4_COMPATIBLE_SCHEMA_ATTRIBUTE "nsslapd-ds4-compatible-schema"
#define CONFIG_SCHEMA_IGNORE_TRAILING_SPACES "nsslapd-schema-ignore-trailing-spaces"
#define CONFIG_SCHEMAREPLACE_ATTRIBUTE "nsslapd-schemareplace"
#define CONFIG_LOGLEVEL_ATTRIBUTE "nsslapd-errorlog-level"
@@ -1856,6 +1857,7 @@ typedef struct _slapdFrontendConfig {
int schemacheck;
int syntaxcheck;
int syntaxlogging;
+ int dn_validate_strict;
int ds4_compatible_schema;
int schema_ignore_trailing_spaces;
int secureport;
--
1.6.0.6
14 years, 11 months
Please Review: Auto-generate SLAPI documentation - first pass
by Nathan Kinder
>From 5381a78daee870cff14684fa9c7845ff363a6e7c Mon Sep 17 00:00:00 2001
From: Nathan Kinder <nkinder(a)redhat.com>
Date: Mon, 11 May 2009 16:07:42 -0700
Subject: [PATCH] Auto-generate SLAPI docs - first pass.
This starts the effort to be able to use Doxygen to
auto-generate the SLAPI documentation.
I started documenting everything in slapi-plugin.h
from the top down. There is a TODO comment indicating
where the effort needs to be picked up from in the
header file.
To build the SLAPI docs, run "doxygen slapi.doxy" in
the top of the source tree. The resulting doc files
will be in a subdirectory named "docs". The build of
the docs still needs to be integrated with the rest of
the build.
---
ldap/servers/slapd/slapi-plugin.h | 1460 ++++++++++++++++++++++++++++++++++++-
slapi.doxy | 1417 +++++++++++++++++++++++++++++++++++
2 files changed, 2851 insertions(+), 26 deletions(-)
create mode 100644 slapi.doxy
diff --git a/ldap/servers/slapd/slapi-plugin.h b/ldap/servers/slapd/slapi-plugin.h
index 70556e9..0ae909f 100644
--- a/ldap/servers/slapd/slapi-plugin.h
+++ b/ldap/servers/slapd/slapi-plugin.h
@@ -1,4 +1,4 @@
-/** BEGIN COPYRIGHT BLOCK
+/* BEGIN COPYRIGHT BLOCK
* This Program is free software; you can redistribute it and/or modify it under
* the terms of the GNU General Public License as published by the Free Software
* Foundation; version 2 of the License.
@@ -34,14 +34,20 @@
* Copyright (C) 2001 Sun Microsystems, Inc. Used by permission.
* Copyright (C) 2005 Red Hat, Inc.
* All rights reserved.
- * END COPYRIGHT BLOCK **/
+ * END COPYRIGHT BLOCK */
#ifdef HAVE_CONFIG_H
# include <config.h>
#endif
-/* slapi-plugin.h - public Directory Server plugin interface */
+/*! \file slapi-plugin.h
+ * \brief Public Directory Server plugin interface.
+ *
+ * The SLAPI plugin interface allows complex plugins to be created
+ * for Directory Server.
+ */
+
#ifndef _SLAPIPLUGIN
#define _SLAPIPLUGIN
@@ -169,26 +175,185 @@ NSPR_API(PRUint32) PR_fprintf(struct PRFileDesc* fd, const char *fmt, ...)
/* opaque structures */
+/**
+ * Contains name-value pairs, known as parameter blocks, that you can get or set for
+ * each LDAP operation.
+ *
+ * #Slapi_PBlock contains name-value pairs that you can use to retrieve information
+ * from the server and set information to be used by the server.
+ *
+ * For most types of plug-in functions, the server passes in a #Slapi_PBlock
+ * structure that typically includes data relevant to the operation being processed.
+ * You can get the value of a parameter by calling the slapi_pblock_get() function.
+ *
+ * For example, when the plug-in function for an LDAP bind operation is called, the
+ * server puts the DN and credentials in the #SLAPI_BIND_TARGET and
+ * #SLAPI_BIND_CREDENTIALS parameters of the Slapi_PBlock structure. You can
+ * call slapi_pblock_get() to get the DN and credentials of the client requesting
+ * authentication.
+ *
+ * For plug-in initialization functions, you can use the #Slapi_PBlock structure to
+ * pass information to the server, such as the description of your plug-in and the
+ * names of your plug-in functions. You can set the value of a parameter by calling
+ * the slapi_pblock_set() function.
+ *
+ * For example, in order to register a pre-operation bind plug-in function, you need to
+ * call slapi_pblock_set() to set the version number, description, and name of the
+ * plug-in function as the #SLAPI_PLUGIN_VERSION, #SLAPI_PLUGIN_DESCRIPTION,
+ * and #SLAPI_PLUGIN_PRE_BIND_FN parameters.
+ *
+ * The available parameters that you can use depends on the type of plug-in function
+ * you are writing.
+ */
typedef struct slapi_pblock Slapi_PBlock;
+
+/**
+ * Represents an entry in the directory.
+ *
+ * #Slapi_Entry is the data type for an opaque structure that represents an entry in
+ * the directory. In certain cases, your server plug-in may need to work with an entry
+ * in the directory.
+ */
typedef struct slapi_entry Slapi_Entry;
+
+/**
+ * Represents an attribute in an entry.
+ *
+ * #Slapi_Attr is the data type for an opaque structure that represents an attribute
+ * in a directory entry. In certain cases, your server plug-in may need to work with
+ * an entry’s attributes.
+ */
typedef struct slapi_attr Slapi_Attr;
+
+/**
+ * Represents the value of the attribute in a directory entry.
+ *
+ * #Slapi_Value is the data type for an opaque structure that represents the value of
+ * an attribute in a directory entry.
+ */
typedef struct slapi_value Slapi_Value;
+
+/**
+ * Represents a set of Slapi_Value (or a list of Slapi_Value).
+ *
+ * #Slapi_ValueSet is the data type for an opaque structure that represents set of
+ * #Slapi_Value (or a list of #Slapi_Value).
+ */
typedef struct slapi_value_set Slapi_ValueSet;
+
+/**
+ * Represents a search filter.
+ *
+ * #Slapi_Filter is the data type for an opaque structure that represents an search
+ * filter.
+ */
typedef struct slapi_filter Slapi_Filter;
+
+/**
+ * Represents a backend operation in the server plug-in.
+ *
+ * #Slapi_Backend is the data type for an opaque structure that represents a backend
+ * operation.
+ */
typedef struct backend Slapi_Backend;
+
+/**
+ * Represents the unique identifier of a directory entry.
+ *
+ * #Slapi_UniqueID is the data type for an opaque structure that represents the
+ * unique identifier of a directory entry. All directory entries contain a unique
+ * identifier. Unlike the distinguished name (DN), the unique identifier of an entry
+ * never changes, providing a good way to refer unambiguously to an entry in a
+ * distributed/replicated environment.
+ */
typedef struct _guid_t Slapi_UniqueID;
+
+/**
+ * Represents an operation pending from an LDAP client.
+ *
+ * #Slapi_Operation is the data type for an opaque structure that represents an
+ * operation pending from an LDAP client.
+ */
typedef struct op Slapi_Operation;
+
+/**
+ * Represents a connection.
+ *
+ * #Slapi_Connection is the data type for an opaque structure that represents a
+ * connection.
+ */
typedef struct conn Slapi_Connection;
+
+/**
+ * Represents a distinguished name in a directory entry.
+ *
+ * #Slapi_DN is the data type for an opaque structure that represents a distinguished
+ * name in the server plug-in.
+ */
typedef struct slapi_dn Slapi_DN;
+
+/**
+ * Represents a relative distinguished name in a directory entry.
+ *
+ * #Slapi_RDN is the data type for an opaque structure that represents a relative
+ * distinguished name in the server plug-in.
+ */
typedef struct slapi_rdn Slapi_RDN;
+
+/**
+ * Represents a single LDAP modification to a directory entry.
+ *
+ * #Slapi_Mod is the data type for an opaque structure that represents LDAPMod
+ * modifications to an attribute in a directory entry.
+ */
typedef struct slapi_mod Slapi_Mod;
+
+/**
+ * Represents two or more LDAP modifications to a directory entry
+ *
+ * #Slapi_Mods is the data type for an opaque structure that represents LDAPMod
+ * manipulations that can be made to a directory entry.
+ */
typedef struct slapi_mods Slapi_Mods;
+
+/**
+ * Represents a the component ID in a directory entry.
+ *
+ * #Slapi_ComponentId is the data type for an opaque structure that represents the
+ * component ID in a directory entry.
+ */
typedef struct slapi_componentid Slapi_ComponentId;
+
+/**
+ * Represents an integral counter.
+ *
+ * Provides 64-bit integers with support for atomic operations, even on 32-bit
+ * systems. This lets your plug-in have global integers that can be updated by
+ * multiple worker threads in a thread-safe manner.
+ *
+ * The #Slapi_Counter structure is a wrapper around the actual counter value
+ */
typedef struct slapi_counter Slapi_Counter;
/* Online tasks interface (to support import, export, etc) */
#define SLAPI_TASK_PUBLIC 1 /* tell old plugins that the task api is now public */
+
+/**
+ * An opaque structure that represents a task that has been initiated.
+ *
+ * Common Directory Server tasks, including importing, exporting, and indexing
+ * databases, can be initiated through a special task configuration entry in
+ * cn=tasks,cn=config. These task operations are managed using the #Slapi_Task
+ * structure.
+ */
typedef struct slapi_task Slapi_Task;
+
+/**
+ * Defines a callback used specifically by Slapi_Task structure cancel and
+ * destructor functions.
+ *
+ * \param task The task that is being cancelled or destroyed.
+ */
typedef void (*TaskCallbackFn)(Slapi_Task *task);
/*
@@ -215,125 +380,1367 @@ typedef void (*TaskCallbackFn)(Slapi_Task *task);
#define SLAPD_DEFAULT_THREAD_STACKSIZE 0
#endif
-/*
+
+/*---------------------------
* parameter block routines
+ *--------------------------*/
+/**
+ * Creates a new parameter block.
+ *
+ * \return This function returns a pointer to the new parameter block.
+ * \warning The pblock pointer allocated with this function must always be freed by
+ * slapi_pblock_destroy(). The use of other memory deallocators (for example,
+ * <tt>free()</tt>) is not supported and may lead to crashes or memory leaks.
+ * \see slapi_pblock_destroy()
*/
Slapi_PBlock *slapi_pblock_new( void ); /* allocate and initialize */
+
+/**
+ * Initializes an existing parameter block for re-use.
+ *
+ * \param pb The parameter block to initialize.
+ * \warning The parameter block that you wish to free must have been created using
+ * slapi_pblock_new(). When you are finished with the parameter block, you
+ * must free it using the slapi_pblock_destroy() function.
+ *
+ * \warning Note that search results will not be freed from the parameter block by
+ * slapi_pblock_init(). You must free any internal search results with the
+ * slapi_free_search_results_internal() function prior to calling
+ * slapi_pblock_init(), otherwise the search results will be leaked.
+ * \see slapi_pblock_new()
+ * \see slapi_pblock_destroy()
+ * \see slapi_free_search_results_internal()
+ */
void slapi_pblock_init( Slapi_PBlock *pb ); /* clear out for re-use */
+
+/**
+ * Gets the value of a name-value pair from a parameter block.
+ *
+ * \param pb Parameter block.
+ * \param arg ID of the name-value pair that you want to get.
+ * \param value Pointer to the value retrieved from the parameter block.
+ * \return \c 0 if successful.
+ * \return \c -1 if an error occurs (for example, if an invalid ID is specified).
+ * \todo Document valid values for the ID.
+ * \warning The <tt>void *value</tt> argument should always be a pointer to the
+ * type of value you are retrieving:
+ * \code
+ * int connid = 0;
+ * ...
+ * retval = slapi_pblock_get(pb, SLAPI_CONN_ID, &connid);
+ * \endcode
+ *
+ * \warning #SLAPI_CONN_ID is an integer value, so you will pass in a pointer
+ * to/address of an integer to get the value. Similarly, for a
+ * <tt>char *</tt> value (a string), pass in a pointer to/address of the value.
+ * For example:
+ * \code
+ * char *binddn = NULL;
+ * ...
+ * retval = slapi_pblock_get(pb, SLAPI_CONN_DN, &binddn);
+ * \endcode
+ *
+ * \warning With certain compilers on some platforms, you may have to cast the
+ * value to <tt>(void *)</tt>.
+ *
+ * \warning We recommend that you set the value to \c 0 or \c NULL before calling
+ * slapi_pblock_get() to avoid reading from uninitialized memory, in
+ * case the call to slapi_pblock_get() fails.
+ *
+ * \warning In most instances, the caller should not free the returned value.
+ * The value will usually be freed internally or through the call to
+ * slapi_pblock_destroy(). The exception is if the value is explicitly
+ * set by the caller through slapi_pblock_set(). In this case, the caller
+ * is responsible for memory management. If the value is freed, it is
+ * strongly recommended that the free is followed by a call to
+ * slapi_pblock_set() with a value of \c NULL. For example:
+ * \code
+ * char *someparam = NULL;
+ * ...
+ * someparam = slapi_ch_strdup(somestring);
+ * slapi_pblock_set(pb, SOME_PARAM, someparam);
+ * someparam = NULL;
+ * ...
+ * slapi_pblock_get(pb, SOME_PARAM, &someparam);
+ * slapi_pblock_set(pb, SOME_PARAM, NULL);
+ * slapi_ch_free_string(&someparam);
+ * ...
+ * \endcode
+ *
+ * \warning Some internal functions may change the value passed in, so it is
+ * recommended to use slapi_pblock_get() to retrieve the value again,
+ * rather than relying on a potential dangling pointer. This is shown
+ * in the example above, which sets someparam to \c NULL after setting
+ * it in the pblock.
+ *
+ * \see slapi_pblock_destroy()
+ * \see slapi_pblock_set()
+ */
int slapi_pblock_get( Slapi_PBlock *pb, int arg, void *value );
+
+/**
+ * Sets the value of a name-value pair in a parameter block.
+ *
+ * \param pb Parameter block.
+ * \param arg ID of the name-value pair that you want to get.
+ * \param value Pointer to the value you want to set in the parameter block.
+ * \return \c 0 if successful.
+ * \return \c -1 if an error occurs (for example, if an invalid ID is specified).
+ * \warning The value to be passed in must always be a pointer, even for integer
+ * arguments. For example, if you wanted to do a search with the
+ * \c ManageDSAIT control:
+ * \code
+ * int managedsait = 1;
+ * ...
+ * slapi_pblock_set(pb, SLAPI_MANAGEDSAIT, &managedsait);
+ * \endcode
+ *
+ * \warning A call similar to the following example will cause a crash:
+ * \code
+ * slapi_pblock_set(pb, SLAPI_MANAGEDSAIT, 1);
+ * \endcode
+ *
+ * \warning However, for values which are already pointers, (<tt>char * string</tt>,
+ * <tt>char **arrays</tt>, <tt>#Slapi_Backend *</tt>, etc.), you can pass
+ * in the value directly. For example:
+ * \code
+ * char *target_dn = slapi_ch_strdup(some_dn);
+ * slapi_pblock_set(pb, SLAPI_TARGET_DN, target_dn);
+ * \endcode
+ *
+ * \warning or
+ * \code
+ * slapi_pblock_set(pb, SLAPI_TARGET_DN, NULL);
+ * \endcode
+ *
+ * \warning With some compilers, you will have to cast the value argument to
+ * <tt>(void *)</tt>. If the caller allocates the memory passed in, the
+ * caller is responsible for freeing that memory. Also, it is recommended
+ * to use slapi_pblock_get() to retrieve the value to free, rather than
+ * relying on a potentially dangling pointer. See the slapi_pblock_get()
+ * example for more details.
+ *
+ * \warning When setting parameters to register a plug-in, the plug-in type must
+ * always be set first, since many of the plug-in parameters depend on
+ * the type. For example, set the #SLAPI_PLUGIN_TYPE to extended
+ * operation before setting the list of extended operation OIDs for
+ * the plug-in.
+ *
+ * \see slapi_pblock_get()
+ */
int slapi_pblock_set( Slapi_PBlock *pb, int arg, void *value );
+
+/**
+ * Frees the specified parameter block from memory.
+ *
+ * \param pb Parameter block you want to free.
+ * \warning The parameter block that you wish to free must have been created
+ * using slapi_pblock_new(). Use of this function with parameter
+ * blocks allocated on the stack (for example, <tt>#Slapi_PBlock pb;</tt>)
+ * or using another memory allocator is not supported and may lead to
+ * memory errors and memory leaks. For example:
+ * \code
+ * Slapi_PBlock *pb = malloc(sizeof(Slapi_PBlock));
+ * \endcode
+ *
+ * \warning After calling this function, you should set the parameter block
+ * pointer to \c NULL to avoid reusing freed memory in your function
+ * context, as in the following:
+ * \code
+ * slapi_pblock_destroy(pb);
+ * pb =NULL;
+ * \endcode
+ *
+ * \warning If you reuse the pointer in this way, it makes it easier to
+ * identify a Segmentation Fault, rather than using some difficult
+ * method to detect memory leaks or other abnormal behavior.
+ *
+ * \warning It is safe to call this function with a \c NULL pointer. For
+ * example:
+ * \code
+ * Slapi_PBlock *pb = NULL;
+ * slapi_pblock_destroy(pb);
+ * \endcode
+ *
+ * \warning This saves the trouble of checking for \c NULL before calling
+ * slapi_pblock_destroy().
+ *
+ * \see slapi_pblock_new()
+ */
void slapi_pblock_destroy( Slapi_PBlock *pb );
-/*
+/*----------------
* entry routines
+ *---------------*/
+/**
+ * Converts an LDIF description of a directory entry (a string value) into
+ * an entry of the #Slapi_Entry type.
+ *
+ * A directory entry can be described by a string in LDIF format. Calling
+ * the slapi_str2entry() function converts a string description in this
+ * format to a #Slapi_Entry structure, which you can pass to other API
+ * functions.
+ *
+ * \param s Description of an entry that you want to convert to a #Slapi_Entry.
+ * \param flags One or more flags specifying how the entry should be generated.
+ * The valid values of the \c flags argument are:
+ * \arg #SLAPI_STR2ENTRY_REMOVEDUPVALS
+ * \arg #SLAPI_STR2ENTRY_ADDRDNVALS
+ * \arg #SLAPI_STR2ENTRY_BIGENTRY
+ * \arg #SLAPI_STR2ENTRY_TOMBSTONE_CHECK
+ * \arg #SLAPI_STR2ENTRY_IGNORE_STATE
+ * \arg #SLAPI_STR2ENTRY_INCLUDE_VERSION_STR
+ * \arg #SLAPI_STR2ENTRY_EXPAND_OBJECTCLASSES
+ * \arg #SLAPI_STR2ENTRY_NOT_WELL_FORMED_LDIF
+ * \arg #SLAPI_STR2ENTRY_NO_SCHEMA_LOCK
+ * \return A pointer to the #Slapi_Entry structure representing the entry.
+ * \return \c NULL if the string cannot be converted; for example, if no DN is
+ * specified in the string.
+ * \warning This function modifies the string argument s. If you still need to
+ * use this string value, you should make a copy of this string before
+ * calling slapi_str2entry().
+ *
+ * \warning When you are done working with the entry, you should call the
+ * slapi_entry_free() function.
+ *
+ * \note To convert an entry to a string description, call the slapi_entry2str()
+ * function.
+ *
+ * \see slapi_entry_free()
+ * \see slapi_entry2str()
*/
Slapi_Entry *slapi_str2entry( char *s, int flags );
-/* Flags for slapi_str2entry() */
-/* Remove duplicate values */
+
+
+/*-----------------------------
+ * Flags for slapi_str2entry()
+ *----------------------------*/
+/**
+ * Removes any duplicate values in the attributes of the entry.
+ *
+ * \see slapi_str2entry()
+ */
#define SLAPI_STR2ENTRY_REMOVEDUPVALS 1
-/* Add any missing values from RDN */
+
+/**
+ * Adds the relative distinguished name (RDN) components (for example,
+ * \c uid=bjensen) as attributes of the entry.
+ *
+ * \see slapi_str2entry()
+ */
#define SLAPI_STR2ENTRY_ADDRDNVALS 2
-/* Provide a hint that the entry is large; this enables some optimizations
- related to large entries. */
+
+/**
+ * Provide a hint that the entry is large. This enables some optimizations
+ * related to large entries.
+ *
+ * \see slapi_str2entry()
+ */
#define SLAPI_STR2ENTRY_BIGENTRY 4
-/* Check to see if the entry is a tombstone; if so, set the tombstone flag
- (SLAPI_ENTRY_FLAG_TOMBSTONE) */
+
+/**
+ * Check to see if the entry is a tombstone. If so, set the tombstone flag
+ * (#SLAPI_ENTRY_FLAG_TOMBSTONE).
+ *
+ * \see slapi_str2entry()
+ */
#define SLAPI_STR2ENTRY_TOMBSTONE_CHECK 8
-/* Ignore entry state information if present */
+
+/**
+ * Ignore entry state information if present.
+ *
+ * \see slapi_str2entry()
+ */
#define SLAPI_STR2ENTRY_IGNORE_STATE 16
-/* Return entries that have a "version: 1" line as part of the LDIF
- representation */
+
+/**
+ * Return entries that have a <tt>version: 1</tt> line as part of the LDIF
+ * representation.
+ *
+ * \see slapi_str2entry()
+ */
#define SLAPI_STR2ENTRY_INCLUDE_VERSION_STR 32
-/* Add any missing ancestor values based on the object class hierarchy */
+
+/**
+ * Add any missing ancestor values based on the object class hierarchy.
+ *
+ * \see slapi_str2entry()
+ */
#define SLAPI_STR2ENTRY_EXPAND_OBJECTCLASSES 64
-/* Inform slapi_str2entry() that the LDIF input is not well formed.
- Well formed LDIF has no duplicate attribute values, already
- has the RDN as an attribute of the entry, and has all values for a
- given attribute type listed contiguously. */
+
+/**
+ * Inform slapi_str2entry() that the LDIF input is not well formed.
+ *
+ * Well formed LDIF has no duplicate attribute values, already has the RDN
+ * as an attribute of the entry, and has all values for a given attribute
+ * type listed contiguously.
+ *
+ * \see slapi_str2entry()
+ */
#define SLAPI_STR2ENTRY_NOT_WELL_FORMED_LDIF 128
+
+/**
+ * Don't acquire the schema lock.
+ *
+ * You should use this flag if you are sure that the lock is already held,
+ * or if the server has not started it's threads yet during startup.
+ *
+ * \see slapi_str2entry()
+ */
#define SLAPI_STR2ENTRY_NO_SCHEMA_LOCK 256
+/**
+ * Generates a description of an entry as an LDIF string.
+ *
+ * This function behaves much like slapi_entry2str(); however, you can specify
+ * output options with this function.
+ *
+ * This function generates an LDIF string value conforming to the following syntax:
+ * \code
+ * dn: dn\n
+ * [attr: value\n]*
+ * \endcode
+ *
+ * For example:
+ * \code
+ * dn: uid=jdoe, ou=People, dc=example,dc=com
+ * cn: Jane Doe
+ * sn: Doe
+ * ...
+ * \endcode
+ *
+ * To convert an entry described in LDIF string format to an LDAP entry using
+ * the #Slapi_Entry data type, call the slapi_str2entry() function.
+ *
+ * \param e Entry that you want to convert into an LDIF string.
+ * \param len Length of the LDIF string returned by this function.
+ * \param options An option set that specifies how you want the string
+ * converted. You can \c OR together any of the following options
+ * when you call this function:
+ * \arg #SLAPI_DUMP_STATEINFO
+ * \arg #SLAPI_DUMP_UNIQUEID
+ * \arg #SLAPI_DUMP_NOOPATTRS
+ * \arg #SLAPI_DUMP_NOWRAP
+ * \arg #SLAPI_DUMP_MINIMAL_ENCODING
+ * \return The LDIF string representation of the entry you specify.
+ * \return \c NULL if an error occurs.
+ * \warning When you no longer need to use the string, you should free it
+ * from memory by calling the slapi_ch_free_string() function.
+ *
+ * \see slapi_entry2str()
+ * \see slapi_str2entry()
+ */
char *slapi_entry2str_with_options( Slapi_Entry *e, int *len, int options );
-/* Options for slapi_entry2str_with_options() */
+
+
+/*---------------------------------------------
+ * Options for slapi_entry2str_with_options()
+ *--------------------------------------------*/
+/**
+ * Output entry with replication state info.
+ *
+ * This allows access to the internal data used by multi-master replication.
+ *
+ * \see slapi_entry2str_with_options()
+ */
#define SLAPI_DUMP_STATEINFO 1 /* replication state */
+
+/**
+ * Output entry with uniqueid.
+ *
+ * This option is used when creating an LDIF file to be used to initialize
+ * a replica. Each entry will contain the nsuniqueID operational attribute.
+ *
+ * \see slapi_entry2str_with_options()
+ */
#define SLAPI_DUMP_UNIQUEID 2 /* unique ID */
+
+/**
+ * Output entry without operational attributes.
+ *
+ * By default, certain operational attributes (such as \c creatorsName,
+ * \c modifiersName, \c createTimestamp, \c modifyTimestamp) may be
+ * included in the output. With this option, no operational attributes
+ * will be included.
+ *
+ * \see slapi_entry2str_with_options()
+ */
#define SLAPI_DUMP_NOOPATTRS 4 /* suppress operational attrs */
+
+/**
+ * Output entry without LDIF line wrapping.
+ *
+ * By default, lines will be wrapped as defined in the LDIF specification.
+ * With this option, line wrapping is disabled.
+ *
+ * \see slapi_entry2str_with_options()
+ */
#define SLAPI_DUMP_NOWRAP 8 /* no line breaks */
+
+/**
+ * Output entry with less base64 encoding.
+ *
+ * Uses as little base64 encoding as possible in the output.
+ *
+ * \see slapi_entry2str_with_options()
+ */
#define SLAPI_DUMP_MINIMAL_ENCODING 16 /* use less base64 encoding */
+/**
+ * Generates an LDIF string description of an LDAP entry.
+ *
+ * This function generates an LDIF string value conforming to the following syntax:
+ * \code
+ * dn: dn\n
+ * [attr: value\n]*
+ * \endcode
+ *
+ * For example:
+ * \code
+ * dn: uid=jdoe, ou=People, dc=example,dc=com
+ * cn: Jane Doe
+ * sn: Doe
+ * ...
+ * \endcode
+ *
+ * To convert an entry described in LDIF string format to an LDAP entry using
+ * the #Slapi_Entry data type, call the slapi_str2entry() function.
+ *
+ * \param e Entry that you want to convert into an LDIF string.
+ * \param len Length of the LDIF string returned by this function.
+ * \return The LDIF string representation of the entry you specify.
+ * \return \c NULL if an error occurs.
+ * \warning When you no longer need to use the string, you should free it
+ * from memory by calling the slapi_ch_free_string() function.
+ *
+ * \see slapi_entry2str_with_options()
+ * \see slapi_str2entry()
+ */
char *slapi_entry2str( Slapi_Entry *e, int *len );
+
+/**
+ * Allocates memory for a new entry of the data type #Slapi_Entry.
+ *
+ * This function returns an empty #Slapi_Entry structure. You can call other
+ * front-end functions to set the DN and attributes of this entry.
+ *
+ * When you are no longer using the entry, you should free it from memory by
+ * calling the slapi_entry_free() function.
+ *
+ * \return This function returns a pointer to the newly allocated entry of the
+ * data type #Slapi_Entry. If space cannot be allocated, e.g., no more
+ * virtual memory exists, the \c ns-slapd program terminates.
+ * \warning When you no longer use the entry, free it from memory by calling the
+ * slapi_entry_free() function.
+ *
+ * \see slapi_entry_dup()
+ * \see slapi_entry_free()
+ */
Slapi_Entry *slapi_entry_alloc(void);
+
+/**
+ * Initializes the values of an entry with the DN and attribute value pairs you
+ * supply.
+ *
+ * This function initializes the attributes and the corresponding attribute values
+ * of an entry. Also, during the course of processing, the unique ID of the entry
+ * is set to \c NULL, and the flag value is set to \c 0.
+ *
+ * Use this function to initialize a #Slapi_Entry pointer.
+ *
+ * \param e The entry you want to initialize.
+ * \param dn The DN of the entry you are initializing.
+ * \param a Initialization list of attribute value pairs, supplied as a
+ * #Slapi_Attr data value.
+ * \warning This function should always be used after slapi_entry_alloc() and
+ * never otherwise. For example:
+ * \code
+ * Slapi_Entry *e = slapi_entry_alloc();
+ * slapi_entry_init(e, NULL, NULL);
+ * \endcode
+ *
+ * \warning To set the DN in the entry:
+ * \code
+ * slapi_sdn_set_dn_passin(slapi_entry_get_sdn(e), dn);
+ * \endcode
+ *
+ * \warning In this case, the dn argument is not copied but is consumed by the
+ * function. To copy the argument, see the following example:
+ * \code
+ * char *dn = slapi_ch_strdup(some_dn);
+ * Slapi_Entry *e = slapi_entry_alloc();
+ * slapi_entry_init(e, dn, NULL);
+ * \endcode
+ *
+ * \warning The \c dn argument is not freed in this context but will eventually
+ * be freed when slapi_entry_free() is called.
+ *
+ * \see slapi_entry_free()
+ * \see slapi_entry_alloc()
+ */
void slapi_entry_init(Slapi_Entry *e, char *dn, Slapi_Attr *a);
+
+/**
+ * Frees an entry, its DN, and its attributes from memory.
+ *
+ * Call this function to free an entry that you have allocated by using the
+ * slapi_entry_alloc() function or the slapi_entry_dup() function.
+ *
+ * \param e Entry that you want to free. If \c NULL, no action occurs.
+ * \warning To free entries, always use this function instead of using
+ * slapi_ch_free() or free().
+ *
+ * \see slapi_entry_alloc()
+ * \see slapi_entry_dup()
+ */
void slapi_entry_free( Slapi_Entry *e );
+
+/**
+ * Makes a copy of an entry, its DN, and its attributes.
+ *
+ * This function returns a copy of an existing #Slapi_Entry structure. You can
+ * call other front-end functions to change the DN and attributes of this entry.
+ *
+ * \param e Entry that you want to copy.
+ * \return This function returns the new copy of the entry. If the structure
+ * cannot be duplicated, for example, if no more virtual memory exists,
+ * the \c ns-slapd program terminates.
+ * \warning When you are no longer using the entry, free it from memory by
+ * calling the slapi_entry_free() function.
+ * \see slapi_entry_alloc()
+ * \see slapi_entry_free()
+ */
Slapi_Entry *slapi_entry_dup( const Slapi_Entry *e );
+
+/**
+ * Gets the distinguished name (DN) of the specified entry.
+ *
+ * \param e Entry from which you want to get the DN.
+ * \return This function returns the DN of the entry. This returns a pointer
+ * to the actual DN in the entry, not a copy of the DN. You should not
+ * free the DN unless you plan to replace it by calling slapi_entry_set_dn().
+ * \warning Use slapi_ch_free_string() if you are replacing the DN with
+ * slapi_entry_set_dn().
+ * \see slapi_ch_free_string()
+ * \see slapi_entry_set_dn()
+ */
char *slapi_entry_get_dn( Slapi_Entry *e );
+
+/**
+ * Returns the normalized DN from the entry that you specify.
+ *
+ * \param e Entry from which you want to obtain the normalized DN.
+ * \return This function returns the normalized DN from the entry that you
+ * specify. If the entry you specify does not contain a normalized DN,
+ * one is created through the processing of this function.
+ * \warning Never free the returned value.
+ * \see slapi_entry_get_dn()
+ */
char *slapi_entry_get_ndn( Slapi_Entry *e );
+
+/**
+ * Returns as a \c const the value of the #Slapi_DN object from the entry
+ * that you specify.
+ *
+ * \param e Entry from which you want to get the #Slapi_DN object.
+ * \return Returns as a \c const the #Slapi_DN object from the entry that you
+ * specify.
+ * \warning Never free the returned value. If you need a copy, use
+ * slapi_sdn_dup().
+ * \see slapi_sdn_dup()
+ * \see slapi_entry_get_sdn()
+ */
const Slapi_DN *slapi_entry_get_sdn_const( const Slapi_Entry *e );
+
+/**
+ * Returns the #Slapi_DN object from the entry that you specify.
+ *
+ * \param e Entry from which you want to get the #Slapi_DN object.
+ * \return Returns the #Slapi_DN object from the entry that you specify.
+ * \warning Never free the returned value. If you need a copy, use
+ * slapi_sdn_dup().
+ * \see slapi_entry_get_sdn_const()
+ * \see slapi_sdn_dup()
+ */
Slapi_DN *slapi_entry_get_sdn( Slapi_Entry *e );
+
+/**
+ * Returns as a \c const the DN value of the entry that you specify.
+ *
+ * \param e Entry from which you want to get the DN as a constant.
+ * \return This function returns one of the following values:
+ * \arg The DN of the entry that you specify. The DN is returned
+ * as a const; you are not able to modify the DN value.
+ * \arg The NDN value of Slapi_DN if the DN of the Slapi_DN object is NULL.
+ * \warning Never free the returned value.
+ * \see slapi_entry_set_sdn()
+ */
const char *slapi_entry_get_dn_const( const Slapi_Entry *e );
+
+/**
+ * Sets the distinguished name (DN) of an entry.
+ *
+ * This function sets the DN pointer in the specified entry to the DN that you supply.
+ *
+ * \param e Entry to which you want to assign the DN.
+ * \param dn Distinguished name you want assigned to the entry.
+ * \warning The dn will be freed eventually when slapi_entry_free() is called.
+ * \warning A copy of dn should be passed. For example:
+ * \code
+ * char *dn = slapi_ch_strdup(some_dn):
+ * slapi_entry_set_dn(e, dn);
+ * \endcode
+ *
+ * \warning The old dn will be freed as a result of this call. Do not pass in
+ * a \c NULL value.
+ * \see slapi_entry_free()
+ * \see slapi_entry_get_dn()
+ */
void slapi_entry_set_dn( Slapi_Entry *e, char *dn );
+
+/**
+ * Sets the Slapi_DN value in an entry.
+ *
+ * This function sets the value for the #Slapi_DN object in the entry you specify.
+ *
+ * \param e Entry to which you want to set the value of the #Slapi_DN.
+ * \param sdn The specified #Slapi_DN value that you want to set.
+ * \warning This function makes a copy of the \c sdn parameter.
+ * \see slapi_entry_get_sdn()
+ */
void slapi_entry_set_sdn( Slapi_Entry *e, const Slapi_DN *sdn );
+
+/**
+ * Determines if an entry contains the specified attribute.
+ *
+ * If the entry contains the attribute, the function returns a pointer to
+ * the attribute.
+ *
+ * \param e Entry that you want to check.
+ * \param type Name of the attribute that you want to check.
+ * \param attr Pointer to the attribute, if the attribute is found in the
+ * entry.
+ * \return \c 0 if the entry contains the specified attribute.
+ * \return \c -1 if the entry does not contain the specified attribute.
+ * \warning Do not free the returned \c attr. It is a pointer to the internal
+ * entry data structure. It is usually wise to make a copy of the
+ * returned attribute, using slapi_attr_dup(), to avoid dangling pointers
+ * if the entry is freed while the pointer to attr is still being used.
+ * \see slapi_attr_dup()
+ */
int slapi_entry_attr_find( const Slapi_Entry *e, const char *type, Slapi_Attr **attr );
+
+/**
+ * Finds the first attribute in an entry.
+ *
+ * If you want to iterate through the attributes in an entry, use this function
+ * in conjunction with the slapi_entry_next_attr() function.
+ *
+ * \param e Entry from which you want to get the attribute.
+ * \param attr Pointer to the first attribute in the entry.
+ * \return Returns 0 when successful; any other value returned signals failure.
+ * \warning Do not free the returned \c attr. This is a pointer into the
+ * internal entry data structure. If you need a copy, use slapi_attr_dup().
+ * \see slapi_entry_next_attr()
+ * \see slapi_attr_dup()
+ */
int slapi_entry_first_attr( const Slapi_Entry *e, Slapi_Attr **attr );
+
+/**
+ * Finds the next attribute after \c prevattr in an entry.
+ *
+ * To iterate through the attributes in an entry, use this function in conjunction
+ * with the slapi_entry_first_attr() function.
+ *
+ * \param e Entry from which you want to get the attribute.
+ * \param prevattr Previous attribute in the entry.
+ * \param attr Pointer to the next attribute after \c prevattr in the entry.
+ * \return \c 0 if successful.
+ * \return \c -1 if \c prevattr was the last attribute in the entry.
+ * \warning Do not free the returned \c attr. This is a pointer into the
+ * internal entry data structure. If you need a copy, use slapi_attr_dup().
+ * \see slapi_entry_first_attr()
+ * \see slapi_entry_dup()
+ */
int slapi_entry_next_attr( const Slapi_Entry *e, Slapi_Attr *prevattr, Slapi_Attr **attr );
+
+/**
+ * Gets the unique ID value of the entry.
+ *
+ * \param e Entry from which you want to obtain the unique ID.
+ * \return This function returns the unique ID value of the entry specified.
+ * \warning Never free this value. If you need a copy, use slapi_ch_strdup().
+ * \see slapi_entry_set_uniqueid()
+ * \see slapi_ch_strdup()
+ */
const char *slapi_entry_get_uniqueid( const Slapi_Entry *e );
+
+/**
+ * Replaces the unique ID value of an entry with the unique ID value that you
+ * supply.
+ *
+ * This function replaces the unique ID value of the entry with the \c uniqueid
+ * value that you specify. In addition, the function adds #SLAPI_ATTR_UNIQUEID to
+ * the attribute list and gives it the unique ID value supplied. If the entry
+ * already contains a #SLAPI_ATTR_UNIQUEID attribute, its value is updated with
+ * the new value supplied.
+ *
+ * \param e Entry for which you want to generate a unique ID.
+ * \param uniqueid The unique ID value that you want to assign to the entry.
+ * \warning Do not free the \c uniqueid after calling this function. The value
+ * will eventually be freed when slapi_entry_free() is called.
+ *
+ * \warning You should pass in a copy of the value because this function will
+ * consume the value passed in. For example:
+ * \code
+ * char *uniqueid = slapi_ch_strdup(some_uniqueid);
+ * slapi_entry_set_uniqueid(e, uniqueid);
+ * \endcode
+ *
+ * \warning Do not pass in a \c NULL for \c uniqueid.
+ * \see slapi_entry_get_uniqueid()
+ * \see slapi_entry_free()
+ */
void slapi_entry_set_uniqueid( Slapi_Entry *e, char *uniqueid );
+
+/**
+ * Determines whether the specified entry complies with the schema for its object
+ * class.
+ *
+ * \param pb Parmeter block.
+ * \param e Entry that you want to check.
+ * \return \c 0 if the entry complies with the schema or if schema checking is
+ * turned off. The function also returns \c 0 if the entry has additional
+ * attributes not allowed by the schema and has the object class
+ * \c extensibleObject.
+ * \return \c 1 if the entry is missing the \c objectclass attribute, if it is missing
+ * any required attributes, if it has any attributes not allowed by the schema
+ * but does not have the object class \c extensibleObject, or if the entry has
+ * multiple values for a single-valued attribute.
+ * \warning The \c pb argument can be \c NULL. It is only used to get the
+ * #SLAPI_IS_REPLICATED_OPERATION flag. If that flag is present, no schema
+ * checking is done.
+ */
int slapi_entry_schema_check( Slapi_PBlock *pb, Slapi_Entry *e );
+
+/**
+ * Determines whether the specified entry complies with the syntax rules imposed
+ * by it's attribute types.
+ *
+ * \param pb Parameter block.
+ * \param e Entry that you want to check.
+ * \param override Flag to override the server configuration and force syntax checking
+ * to be performed.
+ * \return \c 0 if the entry complies with the syntax rules or if syntax checking
+ * is disabled.
+ * \return \c 1 if the entry has any attribute values that violate the syntax rules
+ * imposed by the associated attribute type. If the \c pb parameter was
+ * passed in, an error message describing the syntax violations will be
+ * set in the #SLAPI_PB_RESULT_TEXT paramter.
+ * \warning The \c pb parameter can be \c NULL. It is used to store an error
+ * message with details of any syntax violations. The \c pb paramter
+ * is also used to check if the #SLAPI_IS_REPLICATED_OPERATION flag is
+ * set. If that flag is present, no syntax checking is performed.
+ */
int slapi_entry_syntax_check( Slapi_PBlock *pb, Slapi_Entry *e, int override );
+
+/**
+ * Determines if any values being added to an entry violate the syntax rules
+ * imposed by the associated attribute type.
+ *
+ * \param pb Parameter block.
+ * \param mods Array of mods that you want to check.
+ * \param override Flag to override the server configuration and force syntax checking
+ * to be performed.
+ * \return \c 0 if the mods comply with the syntax rules or if syntax checking
+ * is disabled.
+ * \return \c 1 if the mods are adding any new attribute values that violate the
+ * syntax rules imposed by the associated attribute type. If the \c pb
+ * parameter was passed in, an error message describing the syntax violations
+ * will be set in the #SLAPI_PB_RESULT_TEXT paramter.
+ * \warning The \c pb parameter can be \c NULL. It is used to store an error
+ * message with details of any syntax violations. The \c pb paramter
+ * is also used to check if the #SLAPI_IS_REPLICATED_OPERATION flag is
+ * set. If that flag is present, no syntax checking is performed.
+ */
int slapi_mods_syntax_check( Slapi_PBlock *pb, LDAPMod **mods, int override );
+
+/**
+ * Determines whether the values in an entry’s relative distinguished name (RDN)
+ * are also present as attribute values.
+ *
+ * For example, if the entry’s RDN is <tt>cn=Barbara Jensen</tt>, the function determines
+ * if the entry has the \c cn attribute with the value <tt>Barbara Jensen</tt>.
+ *
+ * \param e Entry that you want to check for RDN values.
+ * \return \c 1 if the values in the RDN are present in the attributes of the entry.
+ * \return \c 0 if the values are not present.
+ */
int slapi_entry_rdn_values_present( const Slapi_Entry *e );
+
+/**
+ * Adds the components in an entry’s relative distinguished name (RDN) to the entry
+ * as attribute values.
+ *
+ * For example, if the entry’s RDN is <tt>uid=bjensen</tt>, the function adds
+ * <tt>uid=bjensen</tt> to the entry as an attribute value.
+ *
+ * \param e Entry to which you want to add the RDN attributes.
+ * \return \c LDAP_SUCCESS if the values were successfully added to the entry. The
+ * function also returns \c LDAP_SUCCESS if the entry is \c NULL, if the
+ * entry’s DN is \c NULL, or if the entry’s RDN is \c NULL.
+ * \return \c LDAP_INVALID_DN_SYNTAX if the DN of the entry cannot be parsed.
+ * \warning Free the entry from memory by using the slapi_entry_free() function, if the
+ * entry was allocated by the user.
+ * \see slapi_entry_free()
+ */
int slapi_entry_add_rdn_values( Slapi_Entry *e );
+
+/**
+ * Deletes an attribute (and all its associated values) from an entry.
+ *
+ * \param e Entry from which you want to delete the attribute.
+ * \param type Attribute type that you want to delete.
+ * \return \c 0 if successful.
+ * \return \c 1 if the specified attribute is not part of the entry.
+ * \return \c -1 if an error occurred.
+ */
int slapi_entry_attr_delete( Slapi_Entry *e, const char *type );
- char **slapi_entry_attr_get_charray(const Slapi_Entry* e, const char *type);
+
+/**
+ * Gets the values of a multi-valued attribute of an entry.
+ *
+ * This function is very similar to slapi_entry_attr_get_charptr(), except that it
+ * returns a <tt>char **</tt> array for multi-valued attributes. The array and all
+ * values are copies. Even if the attribute values are not strings, they will still
+ * be \c NULL terminated so that they can be used safely in a string context. If there
+ * are no values, \c NULL will be returned. Because the array is \c NULL terminated,
+ * the usage should be similar to the sample shown below:
+ *
+ * \code
+ * char **ary = slapi_entry_attr_get_charray(e, someattr);
+ * int ii;
+ * for (ii = 0; ary && ary[ii]; ++ii) {
+ * char *strval = ary[ii];
+ * ...
+ * }
+ * slapi_ch_array_free(ary);
+ * \endcode
+ *
+ * \param e Entry from which you want to get the values.
+ * \param type Attribute type from which you want to get the values.
+ * \return A copy of all the values of the attribute.
+ * \return \c NULL if the entry does not contain the attribute or if the attribute
+ * has no values.
+ * \warning When you are done working with the values, free them from memory by calling
+ * the slapi_ch_array_free() function.
+ * \see slapi_entry_attr_get_charptr()
+ */
+char **slapi_entry_attr_get_charray(const Slapi_Entry* e, const char *type);
+
+/**
+ * Gets the first value of an attribute of an entry as a string.
+ *
+ * \param e Entry from which you want to get the string value.
+ * \param type Attribute type from which you want to get the value.
+ * \return A copy of the first value in the attribute.
+ * \return \c NULL if the entry does not contain the attribute.
+ * \warning When you are done working with this value, free it from memory by calling the
+ * slapi_ch_free_string() function.
+ * \see slapi_entry_attr_get_charray()
+ */
char *slapi_entry_attr_get_charptr(const Slapi_Entry* e, const char *type);
+
+/**
+ * Gets the first value of an attribute in an entry as an integer.
+ *
+ * \param e Entry from which you want to get the integer value.
+ * \param type Attribute type from which you want to get the value.
+ * \return The first value of the attribute converted to an integer.
+ * \return \c 0 if the entry does not contain the attribute.
+ */
int slapi_entry_attr_get_int(const Slapi_Entry* e, const char *type);
+
+/**
+ * Gets the first value of an attribute in an entry as an unsigned integer data type.
+ *
+ * \param e Entry from which you want to get the integer value.
+ * \param type Attribute type from which you want to get the value.
+ * \return The first value of the attribute converted to an unsigned integer.
+ * \return \c 0 if the entry does not contain the attribute.
+ */
unsigned int slapi_entry_attr_get_uint(const Slapi_Entry* e, const char *type);
+
+/**
+ * Gets the first value of an attribute in an entry as a long data type.
+ *
+ * \param e Entry from which you want to get the long value.
+ * \param type Attribute type from which you want to get the value.
+ * \return The first value of the attribute converted to a \c long type.
+ * \return \c 0 if the entry does not contain the attribute.
+ */
long slapi_entry_attr_get_long( const Slapi_Entry* e, const char *type);
+
+/**
+ * Gets the first value of an attribute in an entry as an unsigned long
+ * data type.
+ *
+ * \param e Entry from which you want to get the unsigned long value.
+ * \param type Attribute type from which you want to get the value.
+ * \return The first value of the attribute converted to an <tt>
+ * unsigned long</tt>.
+ * \return \c 0 if the entry does not contain the attribute.
+ */
unsigned long slapi_entry_attr_get_ulong( const Slapi_Entry* e, const char *type);
+
+/**
+ * Gets the first value of an attribute in an entry as a long long data type.
+ *
+ * \param e Entry from which you want to get the long long value.
+ * \param type Attribute type from which you want to get the value.
+ * \return The first value of the attribute converted to a <tt>long long</tt>.
+ * \return \c 0 if the entry does not contain the attribute.
+ */
long long slapi_entry_attr_get_longlong( const Slapi_Entry* e, const char *type);
+
+/**
+ * Gets the first value of an attribute in an entry as an unsigned
+ * long long data type.
+ *
+ * \param e Entry from which you want to get the unsigned long long value.
+ * \param type Attribute type from which you want to get the value.
+ * \return The first value of the attribute converted to an <tt>unsigned
+ * long long</tt>.
+ * \return \c 0 if the entry does not contain the attribute.
+ */
unsigned long long slapi_entry_attr_get_ulonglong( const Slapi_Entry* e, const char *type);
+
+/**
+ * Gets the value of a given attribute of a given entry as a boolean value.
+ *
+ * Comparisons are case-insensitive (\c TRUE, \c trUe, and \c true are all the
+ * same), and unique substrings can be matched (\c t and \c tr will be interpreted
+ * as \c true). If the attribute value is a number, then non-zero numbers are
+ * interpreted as \c true, and \c 0 is interpreted as \c false.
+ *
+ * \param e Entry from which you want to get the boolean value.
+ * \param type Attribute type from which you want to get the value.
+ * \return \c PR_TRUE | \c PR_FALSE
+ */
PRBool slapi_entry_attr_get_bool( const Slapi_Entry* e, const char *type);
+
+/**
+ * Replaces the value or values of an attribute in an entry with a specified string
+ * value.
+ *
+ * \param e Entry in which you want to set the value.
+ * \param type Attribute type in which you want to set the value.
+ * \param value String value that you want to assign to the attribute.
+ * \warning This function makes a copy of the parameter \c value. The \c value
+ * parameter can be \c NULL; if so, this function is roughly equivalent
+ * to slapi_entry_attr_delete().
+ * \see slapi_entry_attr_delete()
+ */
void slapi_entry_attr_set_charptr(Slapi_Entry* e, const char *type, const char *value);
+
+/**
+ * Replaces the value or values of an attribute in an entry with a specified integer
+ * data value.
+ *
+ * This function will replace the value or values of an attribute with the
+ * integer value that you specify. If the attribute does not exist, it is created
+ * with the integer value that you specify.
+ *
+ * \param e Entry in which you want to set the value.
+ * \param type Attribute type in which you want to set the value.
+ * \param l Integer value that you want to assign to the attribute.
+ */
void slapi_entry_attr_set_int( Slapi_Entry* e, const char *type, int l);
+
+/**
+ * Replaces the value or values of an attribute in an entry with a specified
+ * unsigned integer data type value.
+ *
+ * This function will replace the value or values of an attribute with the
+ * unsigned integer value that you specify. If the attribute does not exist,
+ * it is created with the unsigned integer value you specify.
+ *
+ * \param e Entry in which you want to set the value.
+ * \param type Attribute type in which you want to set the value.
+ * \param l Unsigned integer value that you want to assign to the attribute.
+ */
void slapi_entry_attr_set_uint( Slapi_Entry* e, const char *type, unsigned int l);
+
+/**
+ * Replaces the value or values of an attribute in an entry with a specified long data
+ * type value.
+ *
+ * \param e Entry in which you want to set the value.
+ * \param type Attribute type in which you want to set the value.
+ * \param l Long integer value that you want to assign to the attribute.
+ */
void slapi_entry_attr_set_long(Slapi_Entry* e, const char *type, long l);
+
+/**
+ * Replaces the value or values of an attribute in an entry with a specified unsigned
+ * long data type value.
+ *
+ * This function will replace the value or values of an attribute with the unsigned
+ * long value that you specify. If the attribute does not exist, it is created with the
+ * unsigned long value that you specify.
+ *
+ * \param e Entry in which you want to set the value.
+ * \param type Attribute type in which you want to set the value.
+ * \param l Unsigned long value that you want to assign to the attribute.
+ */
void slapi_entry_attr_set_ulong(Slapi_Entry* e, const char *type, unsigned long l);
+
+/**
+ * Determines if an attribute in an entry contains a specified value.
+ *
+ * The syntax of the attribute type is taken into account when checking
+ * for the specified value.
+ *
+ * \param e Entry that you want to check.
+ * \param type Attribute type that you want to test for the value specified.
+ * \param value Value that you want to find in the attribute.
+ * \return \c 1 if the attribute contains the specified value.
+ * \return \c 0 if the attribute does not contain the specified value.
+ * \warning \c value must not be \c NULL.
+ */
int slapi_entry_attr_has_syntax_value(const Slapi_Entry *e, const char *type, const Slapi_Value *value);
+
+/**
+ * This function determines if the specified entry has child entries.
+ *
+ * \param e Entry that you want to test for child entries.
+ * \return \c 1 if the entry you supply has child entries.
+ * \return \c 0 if the entry you supply has child entries.
+ */
int slapi_entry_has_children(const Slapi_Entry *e);
+
+/**
+ * This function determines if an entry is the root DSE.
+ *
+ * The root DSE is a special entry that contains information about the Directory
+ * Server, including its capabilities and configuration.
+ *
+ * \param dn The DN that you want to test to see if it is the root DSE entry.
+ * \return \c 1 if \c dn is the root DSE.
+ * \return \c 0 if \c dn is not the root DSE.
+ */
int slapi_is_rootdse( const char *dn );
+
+/**
+ * This function returns the approximate size of an entry, rounded to the nearest 1k.
+ *
+ * This can be useful for checking cache sizes, estimating storage needs, and so on.
+ *
+ * When determining the size of an entry, only the sizes of the attribute values are
+ * counted; the size of other entry values (such as the size of attribute names,
+ * variously-normalized DNs, or any metadata) are not included in the size
+ * returned. It is assumed that the size of the metadata, et al., is well enough
+ * accounted for by the rounding of the size to the next largest 1k . This holds true
+ * especially in larger entries, where the actual size of the attribute values far
+ * outweighs the size of the metadata.
+ *
+ * When determining the size of the entry, both deleted values and deleted
+ * attributes are included in the count.
+ *
+ * \param e Entry from which you want the size returned.
+ * \return The size of the entry, rounded to the nearest 1k. The value returned is a
+ * size_t data type with a u_long value.
+ * \return A size of 1k if the entry is empty.
+ * \warning The \c e parameter must not be \c NULL.
+ */
size_t slapi_entry_size(Slapi_Entry *e);
+
+/**
+ * Adds an array of #Slapi_Value data values to the existing attribute values in
+ * an entry.
+ *
+ * If the attribute does not exist, it is created with the #Slapi_Value specified.
+ *
+ * \param e Entry to which you want to add values.
+ * \param type Attribute type to which you want to add values.
+ * \param vals \c NULL terminated array of #Slapi_Value data values you want to add.
+ * \return This function returns \c 0 if successful; any other value returned
+ * signals failure.
+ * \warning This function makes a copy of the parameter \c vals. The \c vals
+ * parameter can be \c NULL.
+ */
int slapi_entry_attr_merge_sv( Slapi_Entry *e, const char *type, Slapi_Value **vals );
+
+/**
+ * Adds and array of #Slapi_Value data values to the specified attribute in an entry.
+ *
+ * This function adds an array of #Slapi_Value data values to an attribute. If the
+ * attribute does not exist, it is created and given the value contained in the
+ * #Slapi_Value array.
+ *
+ * \param e Entry to which you want to add values.
+ * \param type Attribute type to which you want to add values.
+ * \param vals \c NULL terminated array of #Slapi_Value data values you want to add.
+ * \return \c LDAP_SUCCESS if the #Slapi_Value array if successfully added to the
+ * attribute.
+ * \return \c LDAP_TYPE_OR_VALUE_EXISTS if any values you are trying to add duplicate
+ * an existing value in the attribute.
+ * \return \c LDAP_OPERATIONS_ERROR if there are pre-existing duplicate values in the
+ * attribute.
+ * \warning This function makes a copy of the parameter \c vals. The \c vals
+ * parameter can be \c NULL.
+ */
int slapi_entry_add_values_sv( Slapi_Entry *e, const char *type, Slapi_Value **vals );
+
+/**
+ * Add a Slapi_ValueSet data value to the specified attribute in an entry.
+ *
+ * This function adds a set of values to an attribute in an entry. The values added
+ * are in the form of a #Slapi_ValueSet data type. If the entry does not contain the
+ * attribute specified, it is created with the specified #Slapi_ValueSet values.
+ *
+ * \param e Entry to which you want to add values.
+ * \param type Attribute type to which you want to add values.
+ * \param vs #Slapi_ValueSet data value that you want to add to the entry.
+ * \return \c 0 when successful; any other value returned signals failure.
+ * \warning This function makes a copy of the parameter \c vs. The \c vs
+ * parameter can be \c NULL.
+ */
int slapi_entry_add_valueset(Slapi_Entry *e, const char *type, Slapi_ValueSet *vs);
+
+/**
+ * Removes an array of Slapi_Value data values from an attribute in an entry.
+ *
+ * This function removes an attribute/valueset from an entry. Both the attribute
+ * and its #Slapi_Value data values are removed from the entry. If you supply a
+ * #Slapi_Value whose value is \c NULL, the function will delete the specified
+ * attribute from the entry. In either case, the function returns \c LDAP_SUCCESS.
+ *
+ * \param e Entry from which you want to delete values.
+ * \param type Attribute type from which you want to delete values.
+ * \param vals \c NULL terminated array of #Slapi_Value data values that you
+ * want to delete.
+ * \return \c LDAP_SUCCESS if the specified attribute and the array of #Slapi_Value
+ * data values are deleted from the entry.
+ * \return If the specified attribute contains a \c NULL value, the attribute is
+ * deleted from the attribute list, and the function returns
+ * \c LDAP_NO_SUCH_ATTRIBUTE. As well, if the attribute is not found in the
+ * list of attributes for the specified entry, the function returns
+ * \c LDAP_NO_SUCH_ATTRIBUTE.
+ * \return If there is an operational error during the processing of this call such
+ * as a duplicate value found, the function will return
+ * \c LDAP_OPERATIONS_ERROR.
+ * \warning The \c vals parameter can be \c NULL, in which case this function does
+ * nothing.
+ */
int slapi_entry_delete_values_sv( Slapi_Entry *e, const char *type, Slapi_Value **vals );
+
+/**
+ * Merges (adds) and array of #Slapi_Value data values to a specified attribute in
+ * an entry.
+ *
+ * This function adds additional #Slapi_Value data values to the existing values
+ * contained in an attribute. If the attribute type does not exist, it is created.
+ *
+ * If the specified attribute exists in the entry, the function merges the value
+ * specified and returns \c LDAP_SUCCESS. If the attribute is not found in the entry,
+ * the function creates it with the #Slapi_Value specified and returns \c
+ * LDAP_NO_SUCH_ATTRIBUTE.
+ *
+ * If this function fails, it leaves the values for \c type within a pointer to
+ * \c e in an indeterminate state. The present valueset may be truncated.
+ *
+ * \param e Entry into which you want to merge values.
+ * \param type Attribute type that you want to merge the values into.
+ * \param vals \c NULL terminated array of #Slapi_Value values that you want to merge
+ * into the entry.
+ * \return \c LDAP_SUCCESS
+ * \return \c LDAP_NO_SUCH_ATTRIBUTE
+ * \warning This function makes a copy of \c vals. The \c vals parameter
+ * can be \c NULL.
+ */
int slapi_entry_merge_values_sv( Slapi_Entry *e, const char *type, Slapi_Value **vals );
+
+/**
+ * Replaces the values of an attribute with the #Slapi_Value data value you specify.
+ *
+ * This function replaces existing attribute values in a specified entry with a single
+ * #Slapi_Value data value. The function first deletes the existing attribute from the
+ * entry, then replaces it with the new value specified.
+ *
+ * \param e Entry in which you want to replace values.
+ * \param type Attribute type which will receive the replaced values
+ * \param vals \c NULL terminated array of #Slapi_Value valyes that should replace
+ * the existing values of the attribute.
+ * \return \c 0 when successfull; any other value returned signals failure.
+ * \warning This function makes a copy of \c vals. The \c vals parameter
+ * can be \c NULL.
+ */
int slapi_entry_attr_replace_sv( Slapi_Entry *e, const char *type, Slapi_Value **vals );
+
+/**
+ * Adds a specified #Slapi_Value data value to an attribute in an entry.
+ *
+ * This function adds a #Slapi_Value data value to the existing attribute values in an
+ * entry. If the specified attribute does not exist in the entry, the attribute is
+ * created with the #Slapi_Value specified. The function doesn’t check for duplicate
+ * values, meaning it does not check if the value being added is already there.
+ *
+ * \param e Entry to which you want to add a value.
+ * \param type Attribute to which you want to add a value.
+ * \param value The #Slapi_Value data value you want to add to the entry.
+ * \return \c 0 when successfull; any other value returned signals failure.
+ * \warning This function makes a copy of \c value. The \c value parameter
+ * can be \c NULL.
+ */
int slapi_entry_add_value(Slapi_Entry *e, const char *type, const Slapi_Value *value);
+
+/**
+ * Adds a string value to an attribute in an entry.
+ *
+ * This function adds a string value to the existing attribute values in an entry. If
+ * the specified attribute does not exist in the entry, the attribute is created with
+ * the string value specified. The function doesn’t check for duplicate values; it
+ * does not check if the string value being added is already there.
+ *
+ * \param e Entry to which you want to add a string value.
+ * \param type Attribute to which you want to add a string value.
+ * \param value String value you want to add.
+ * \return \c 0 when successfull; any other value returned signals failure.
+ * \warning This function makes a copy of \c value. The \c value parameter
+ * can be \c NULL.
+ */
int slapi_entry_add_string(Slapi_Entry *e, const char *type, const char *value);
+
+/**
+ * Deletes a string value from an attribute in an entry.
+ *
+ * \param e Entry from which you want the string deleted.
+ * \param type Attribute type from which you want the string deleted.
+ * \param value Value of string to delete.
+ * \return \c 0 when successfull; any other value returned signals failure.
+ */
int slapi_entry_delete_string(Slapi_Entry *e, const char *type, const char *value);
+
+/**
+ * Find differences between two entries.
+ *
+ * Compares two #Slapi_Entry entries and determines the difference between them. The
+ * differences are returned as the modifications needed to the first entry to make it
+ * match the second entry.
+ *
+ * \param smods An empty #Slapi_Mods that will be filled in with the modifications
+ * needed to make \c e1 the same as \c e2.
+ * \param e1 The first entry you want to compare.
+ * \param e2 The second entry you want to compare.
+ * \param diff_ctrl Allows you to skip comparing operational attributes by passing
+ * #SLAPI_DUMP_NOOPATTRS. Pass \c 0 if you want to compare the
+ * operational attributes.
+ * \warning The caller must allocate the #Slapi_Mods that is passed in as \c smods.
+ * This must be an empty #Slapi_Mods, otherwise the contents will be leaked.
+ * \warning It is up to the caller to free \c smods when they are finished using them
+ * by calling slapi_mods_free() or slapi_mods_done() if \c smods was allocated
+ * on the stack.
+ */
void slapi_entry_diff(Slapi_Mods *smods, Slapi_Entry *e1, Slapi_Entry *e2, int diff_ctrl);
+
+/**
+ * Applies an array of \c LDAPMod modifications a Slapi_Entry.
+ *
+ * \param e Entry to which you want to apply the modifications.
+ * \param mods \c NULL terminated array of \c LDAPMod modifications that you
+ * want to apply to the specified entry.
+ * \return \c LDAP_SUCCESS if the mods applied to the entry cleanly, otherwise an
+ * LDAP error is returned.
+ * \warning It is up to the caller to free the \c LDAPMod array after the mods have
+ * been applied.
+ */
int slapi_entry_apply_mods(Slapi_Entry *e, LDAPMod **mods);
-/*
+/*------------------------
* Entry flags.
+ *-----------------------*/
+/**
+ * Flag that signifies that an entry is a tombstone entry
+ *
+ * \see slapi_entry_flag_is_set()
+ * \see slapi_entry_set_flag()
+ * \see slapi_entry_clear_flag()
*/
#define SLAPI_ENTRY_FLAG_TOMBSTONE 1
+
+/**
+ * Determines if certain flags are set for a specified entry.
+ *
+ * \param e Entry for which you want to check for the specified flag.
+ * \param flag The flag whose presense you want to check for. Valid flags are:
+ * \arg #SLAPI_ENTRY_FLAG_TOMBSTONE
+ * \return \c 0 if the flag is not set.
+ * \return The value of the flag if it is set.
+ * \see slapi_entry_clear_flag()
+ * \see slapi_entry_set_flag()
+ */
int slapi_entry_flag_is_set( const Slapi_Entry *e, unsigned char flag );
+
+/**
+ * Sets a flag for a specified entry.
+ *
+ * \param e Entry for which you want to set the flag.
+ * \param flag Flag that you want to set. Valid flags are:
+ * \arg #SLAPI_ENTRY_FLAG_TOMBSTONE
+ * \see slapi_entry_clear_flag()
+ * \see slapi_entry_flag_is_set()
+ */
void slapi_entry_set_flag( Slapi_Entry *e, unsigned char flag);
+
+/**
+ * Clears a flag for a specified entry.
+ *
+ * \param e Entry for which you want to clear the flag.
+ * \param flag Flag that you want to clear. Valid flags are:
+ * \arg #SLAPI_ENTRY_FLAG_TOMBSTONE
+ * \see slapi_entry_flag_is_set()
+ * \see slapi_entry_set_flag()
+ */
void slapi_entry_clear_flag( Slapi_Entry *e, unsigned char flag);
-/* exported vattrcache routines */
+/*------------------------------
+ * exported vattrcache routines
+ *------------------------------*/
+/**
+ * Check if an entry is current in the virtual attribute cache.
+ *
+ * \param e The entry for which you want to check the virtual attribute cache
+ * validity.
+ * \return \c 1 if the entry is valid in the cache.
+ * \return \c 0 if the entry is invalid in the cache.
+ */
int slapi_entry_vattrcache_watermark_isvalid(const Slapi_Entry *e);
+
+/**
+ * Mark an entry as valid in the virtual attribute cache.
+ *
+ * \param e The entry that you want to mark as valid.
+ */
void slapi_entry_vattrcache_watermark_set(Slapi_Entry *e);
-void slapi_entry_vattrcache_watermark_invalidate(Slapi_Entry *e);
-void slapi_entrycache_vattrcache_watermark_invalidate();
+/**
+ * Mark an entry as invalid in the virtual attribute cache.
+ *
+ * \param e The entry that you want to mark as invalid.
+ */
+void slapi_entry_vattrcache_watermark_invalidate(Slapi_Entry *e);
+/**
+ * Invalidate all entries in the virtual attribute cache.
+ */
+void slapi_entrycache_vattrcache_watermark_invalidate();
+/* TODO - Pickup Doxygen work here */
/*
* Slapi_DN routines
*/
@@ -1704,6 +3111,7 @@ typedef struct slapi_plugindesc {
#define SLAPI_PLUGIN_SYNTAX_OID 706
#define SLAPI_PLUGIN_SYNTAX_FLAGS 707
#define SLAPI_PLUGIN_SYNTAX_COMPARE 708
+
/* user defined substrlen; not stored in slapdplugin, but pblock itself */
#define SLAPI_SYNTAX_SUBSTRLENS 709
#define SLAPI_PLUGIN_SYNTAX_VALIDATE 710
diff --git a/slapi.doxy b/slapi.doxy
new file mode 100644
index 0000000..12f825f
--- /dev/null
+++ b/slapi.doxy
@@ -0,0 +1,1417 @@
+# Doxyfile 1.5.6
+
+# This file describes the settings to be used by the documentation system
+# doxygen (www.doxygen.org) for a project
+#
+# All text after a hash (#) is considered a comment and will be ignored
+# The format is:
+# TAG = value [value, ...]
+# For lists items can also be appended using:
+# TAG += value [value, ...]
+# Values that contain spaces should be placed between quotes (" ")
+
+#---------------------------------------------------------------------------
+# Project related configuration options
+#---------------------------------------------------------------------------
+
+# This tag specifies the encoding used for all characters in the config file
+# that follow. The default is UTF-8 which is also the encoding used for all
+# text before the first occurrence of this tag. Doxygen uses libiconv (or the
+# iconv built into libc) for the transcoding. See
+# http://www.gnu.org/software/libiconv for the list of possible encodings.
+
+DOXYFILE_ENCODING = UTF-8
+
+# The PROJECT_NAME tag is a single word (or a sequence of words surrounded
+# by quotes) that should identify the project.
+
+PROJECT_NAME = SLAPI
+
+# The PROJECT_NUMBER tag can be used to enter a project or revision number.
+# This could be handy for archiving the generated documentation or
+# if some version control system is used.
+
+PROJECT_NUMBER = 1.1.5
+
+# The OUTPUT_DIRECTORY tag is used to specify the (relative or absolute)
+# base path where the generated documentation will be put.
+# If a relative path is entered, it will be relative to the location
+# where doxygen was started. If left blank the current directory will be used.
+
+OUTPUT_DIRECTORY = ./docs
+
+# If the CREATE_SUBDIRS tag is set to YES, then doxygen will create
+# 4096 sub-directories (in 2 levels) under the output directory of each output
+# format and will distribute the generated files over these directories.
+# Enabling this option can be useful when feeding doxygen a huge amount of
+# source files, where putting all generated files in the same directory would
+# otherwise cause performance problems for the file system.
+
+CREATE_SUBDIRS = NO
+
+# The OUTPUT_LANGUAGE tag is used to specify the language in which all
+# documentation generated by doxygen is written. Doxygen will use this
+# information to generate all constant output in the proper language.
+# The default language is English, other supported languages are:
+# Afrikaans, Arabic, Brazilian, Catalan, Chinese, Chinese-Traditional,
+# Croatian, Czech, Danish, Dutch, Farsi, Finnish, French, German, Greek,
+# Hungarian, Italian, Japanese, Japanese-en (Japanese with English messages),
+# Korean, Korean-en, Lithuanian, Norwegian, Macedonian, Persian, Polish,
+# Portuguese, Romanian, Russian, Serbian, Slovak, Slovene, Spanish, Swedish,
+# and Ukrainian.
+
+OUTPUT_LANGUAGE = English
+
+# If the BRIEF_MEMBER_DESC tag is set to YES (the default) Doxygen will
+# include brief member descriptions after the members that are listed in
+# the file and class documentation (similar to JavaDoc).
+# Set to NO to disable this.
+
+BRIEF_MEMBER_DESC = YES
+
+# If the REPEAT_BRIEF tag is set to YES (the default) Doxygen will prepend
+# the brief description of a member or function before the detailed description.
+# Note: if both HIDE_UNDOC_MEMBERS and BRIEF_MEMBER_DESC are set to NO, the
+# brief descriptions will be completely suppressed.
+
+REPEAT_BRIEF = YES
+
+# This tag implements a quasi-intelligent brief description abbreviator
+# that is used to form the text in various listings. Each string
+# in this list, if found as the leading text of the brief description, will be
+# stripped from the text and the result after processing the whole list, is
+# used as the annotated text. Otherwise, the brief description is used as-is.
+# If left blank, the following values are used ("$name" is automatically
+# replaced with the name of the entity): "The $name class" "The $name widget"
+# "The $name file" "is" "provides" "specifies" "contains"
+# "represents" "a" "an" "the"
+
+ABBREVIATE_BRIEF =
+
+# If the ALWAYS_DETAILED_SEC and REPEAT_BRIEF tags are both set to YES then
+# Doxygen will generate a detailed section even if there is only a brief
+# description.
+
+ALWAYS_DETAILED_SEC = NO
+
+# If the INLINE_INHERITED_MEMB tag is set to YES, doxygen will show all
+# inherited members of a class in the documentation of that class as if those
+# members were ordinary class members. Constructors, destructors and assignment
+# operators of the base classes will not be shown.
+
+INLINE_INHERITED_MEMB = NO
+
+# If the FULL_PATH_NAMES tag is set to YES then Doxygen will prepend the full
+# path before files name in the file list and in the header files. If set
+# to NO the shortest path that makes the file name unique will be used.
+
+FULL_PATH_NAMES = YES
+
+# If the FULL_PATH_NAMES tag is set to YES then the STRIP_FROM_PATH tag
+# can be used to strip a user-defined part of the path. Stripping is
+# only done if one of the specified strings matches the left-hand part of
+# the path. The tag can be used to show relative paths in the file list.
+# If left blank the directory from which doxygen is run is used as the
+# path to strip.
+
+STRIP_FROM_PATH =
+
+# The STRIP_FROM_INC_PATH tag can be used to strip a user-defined part of
+# the path mentioned in the documentation of a class, which tells
+# the reader which header file to include in order to use a class.
+# If left blank only the name of the header file containing the class
+# definition is used. Otherwise one should specify the include paths that
+# are normally passed to the compiler using the -I flag.
+
+STRIP_FROM_INC_PATH =
+
+# If the SHORT_NAMES tag is set to YES, doxygen will generate much shorter
+# (but less readable) file names. This can be useful is your file systems
+# doesn't support long names like on DOS, Mac, or CD-ROM.
+
+SHORT_NAMES = NO
+
+# If the JAVADOC_AUTOBRIEF tag is set to YES then Doxygen
+# will interpret the first line (until the first dot) of a JavaDoc-style
+# comment as the brief description. If set to NO, the JavaDoc
+# comments will behave just like regular Qt-style comments
+# (thus requiring an explicit @brief command for a brief description.)
+
+JAVADOC_AUTOBRIEF = YES
+
+# If the QT_AUTOBRIEF tag is set to YES then Doxygen will
+# interpret the first line (until the first dot) of a Qt-style
+# comment as the brief description. If set to NO, the comments
+# will behave just like regular Qt-style comments (thus requiring
+# an explicit \brief command for a brief description.)
+
+QT_AUTOBRIEF = NO
+
+# The MULTILINE_CPP_IS_BRIEF tag can be set to YES to make Doxygen
+# treat a multi-line C++ special comment block (i.e. a block of //! or ///
+# comments) as a brief description. This used to be the default behaviour.
+# The new default is to treat a multi-line C++ comment block as a detailed
+# description. Set this tag to YES if you prefer the old behaviour instead.
+
+MULTILINE_CPP_IS_BRIEF = NO
+
+# If the DETAILS_AT_TOP tag is set to YES then Doxygen
+# will output the detailed description near the top, like JavaDoc.
+# If set to NO, the detailed description appears after the member
+# documentation.
+
+DETAILS_AT_TOP = NO
+
+# If the INHERIT_DOCS tag is set to YES (the default) then an undocumented
+# member inherits the documentation from any documented member that it
+# re-implements.
+
+INHERIT_DOCS = YES
+
+# If the SEPARATE_MEMBER_PAGES tag is set to YES, then doxygen will produce
+# a new page for each member. If set to NO, the documentation of a member will
+# be part of the file/class/namespace that contains it.
+
+SEPARATE_MEMBER_PAGES = NO
+
+# The TAB_SIZE tag can be used to set the number of spaces in a tab.
+# Doxygen uses this value to replace tabs by spaces in code fragments.
+
+TAB_SIZE = 8
+
+# This tag can be used to specify a number of aliases that acts
+# as commands in the documentation. An alias has the form "name=value".
+# For example adding "sideeffect=\par Side Effects:\n" will allow you to
+# put the command \sideeffect (or @sideeffect) in the documentation, which
+# will result in a user-defined paragraph with heading "Side Effects:".
+# You can put \n's in the value part of an alias to insert newlines.
+
+ALIASES =
+
+# Set the OPTIMIZE_OUTPUT_FOR_C tag to YES if your project consists of C
+# sources only. Doxygen will then generate output that is more tailored for C.
+# For instance, some of the names that are used will be different. The list
+# of all members will be omitted, etc.
+
+OPTIMIZE_OUTPUT_FOR_C = YES
+
+# Set the OPTIMIZE_OUTPUT_JAVA tag to YES if your project consists of Java
+# sources only. Doxygen will then generate output that is more tailored for
+# Java. For instance, namespaces will be presented as packages, qualified
+# scopes will look different, etc.
+
+OPTIMIZE_OUTPUT_JAVA = NO
+
+# Set the OPTIMIZE_FOR_FORTRAN tag to YES if your project consists of Fortran
+# sources only. Doxygen will then generate output that is more tailored for
+# Fortran.
+
+OPTIMIZE_FOR_FORTRAN = NO
+
+# Set the OPTIMIZE_OUTPUT_VHDL tag to YES if your project consists of VHDL
+# sources. Doxygen will then generate output that is tailored for
+# VHDL.
+
+OPTIMIZE_OUTPUT_VHDL = NO
+
+# If you use STL classes (i.e. std::string, std::vector, etc.) but do not want
+# to include (a tag file for) the STL sources as input, then you should
+# set this tag to YES in order to let doxygen match functions declarations and
+# definitions whose arguments contain STL classes (e.g. func(std::string); v.s.
+# func(std::string) {}). This also make the inheritance and collaboration
+# diagrams that involve STL classes more complete and accurate.
+
+BUILTIN_STL_SUPPORT = NO
+
+# If you use Microsoft's C++/CLI language, you should set this option to YES to
+# enable parsing support.
+
+CPP_CLI_SUPPORT = NO
+
+# Set the SIP_SUPPORT tag to YES if your project consists of sip sources only.
+# Doxygen will parse them like normal C++ but will assume all classes use public
+# instead of private inheritance when no explicit protection keyword is present.
+
+SIP_SUPPORT = NO
+
+# For Microsoft's IDL there are propget and propput attributes to indicate getter
+# and setter methods for a property. Setting this option to YES (the default)
+# will make doxygen to replace the get and set methods by a property in the
+# documentation. This will only work if the methods are indeed getting or
+# setting a simple type. If this is not the case, or you want to show the
+# methods anyway, you should set this option to NO.
+
+IDL_PROPERTY_SUPPORT = YES
+
+# If member grouping is used in the documentation and the DISTRIBUTE_GROUP_DOC
+# tag is set to YES, then doxygen will reuse the documentation of the first
+# member in the group (if any) for the other members of the group. By default
+# all members of a group must be documented explicitly.
+
+DISTRIBUTE_GROUP_DOC = NO
+
+# Set the SUBGROUPING tag to YES (the default) to allow class member groups of
+# the same type (for instance a group of public functions) to be put as a
+# subgroup of that type (e.g. under the Public Functions section). Set it to
+# NO to prevent subgrouping. Alternatively, this can be done per class using
+# the \nosubgrouping command.
+
+SUBGROUPING = YES
+
+# When TYPEDEF_HIDES_STRUCT is enabled, a typedef of a struct, union, or enum
+# is documented as struct, union, or enum with the name of the typedef. So
+# typedef struct TypeS {} TypeT, will appear in the documentation as a struct
+# with name TypeT. When disabled the typedef will appear as a member of a file,
+# namespace, or class. And the struct will be named TypeS. This can typically
+# be useful for C code in case the coding convention dictates that all compound
+# types are typedef'ed and only the typedef is referenced, never the tag name.
+
+TYPEDEF_HIDES_STRUCT = NO
+
+#---------------------------------------------------------------------------
+# Build related configuration options
+#---------------------------------------------------------------------------
+
+# If the EXTRACT_ALL tag is set to YES doxygen will assume all entities in
+# documentation are documented, even if no documentation was available.
+# Private class members and static file members will be hidden unless
+# the EXTRACT_PRIVATE and EXTRACT_STATIC tags are set to YES
+
+EXTRACT_ALL = NO
+
+# If the EXTRACT_PRIVATE tag is set to YES all private members of a class
+# will be included in the documentation.
+
+EXTRACT_PRIVATE = NO
+
+# If the EXTRACT_STATIC tag is set to YES all static members of a file
+# will be included in the documentation.
+
+EXTRACT_STATIC = NO
+
+# If the EXTRACT_LOCAL_CLASSES tag is set to YES classes (and structs)
+# defined locally in source files will be included in the documentation.
+# If set to NO only classes defined in header files are included.
+
+EXTRACT_LOCAL_CLASSES = YES
+
+# This flag is only useful for Objective-C code. When set to YES local
+# methods, which are defined in the implementation section but not in
+# the interface are included in the documentation.
+# If set to NO (the default) only methods in the interface are included.
+
+EXTRACT_LOCAL_METHODS = NO
+
+# If this flag is set to YES, the members of anonymous namespaces will be
+# extracted and appear in the documentation as a namespace called
+# 'anonymous_namespace{file}', where file will be replaced with the base
+# name of the file that contains the anonymous namespace. By default
+# anonymous namespace are hidden.
+
+EXTRACT_ANON_NSPACES = NO
+
+# If the HIDE_UNDOC_MEMBERS tag is set to YES, Doxygen will hide all
+# undocumented members of documented classes, files or namespaces.
+# If set to NO (the default) these members will be included in the
+# various overviews, but no documentation section is generated.
+# This option has no effect if EXTRACT_ALL is enabled.
+
+HIDE_UNDOC_MEMBERS = NO
+
+# If the HIDE_UNDOC_CLASSES tag is set to YES, Doxygen will hide all
+# undocumented classes that are normally visible in the class hierarchy.
+# If set to NO (the default) these classes will be included in the various
+# overviews. This option has no effect if EXTRACT_ALL is enabled.
+
+HIDE_UNDOC_CLASSES = NO
+
+# If the HIDE_FRIEND_COMPOUNDS tag is set to YES, Doxygen will hide all
+# friend (class|struct|union) declarations.
+# If set to NO (the default) these declarations will be included in the
+# documentation.
+
+HIDE_FRIEND_COMPOUNDS = NO
+
+# If the HIDE_IN_BODY_DOCS tag is set to YES, Doxygen will hide any
+# documentation blocks found inside the body of a function.
+# If set to NO (the default) these blocks will be appended to the
+# function's detailed documentation block.
+
+HIDE_IN_BODY_DOCS = NO
+
+# The INTERNAL_DOCS tag determines if documentation
+# that is typed after a \internal command is included. If the tag is set
+# to NO (the default) then the documentation will be excluded.
+# Set it to YES to include the internal documentation.
+
+INTERNAL_DOCS = NO
+
+# If the CASE_SENSE_NAMES tag is set to NO then Doxygen will only generate
+# file names in lower-case letters. If set to YES upper-case letters are also
+# allowed. This is useful if you have classes or files whose names only differ
+# in case and if your file system supports case sensitive file names. Windows
+# and Mac users are advised to set this option to NO.
+
+CASE_SENSE_NAMES = YES
+
+# If the HIDE_SCOPE_NAMES tag is set to NO (the default) then Doxygen
+# will show members with their full class and namespace scopes in the
+# documentation. If set to YES the scope will be hidden.
+
+HIDE_SCOPE_NAMES = NO
+
+# If the SHOW_INCLUDE_FILES tag is set to YES (the default) then Doxygen
+# will put a list of the files that are included by a file in the documentation
+# of that file.
+
+SHOW_INCLUDE_FILES = YES
+
+# If the INLINE_INFO tag is set to YES (the default) then a tag [inline]
+# is inserted in the documentation for inline members.
+
+INLINE_INFO = YES
+
+# If the SORT_MEMBER_DOCS tag is set to YES (the default) then doxygen
+# will sort the (detailed) documentation of file and class members
+# alphabetically by member name. If set to NO the members will appear in
+# declaration order.
+
+SORT_MEMBER_DOCS = YES
+
+# If the SORT_BRIEF_DOCS tag is set to YES then doxygen will sort the
+# brief documentation of file, namespace and class members alphabetically
+# by member name. If set to NO (the default) the members will appear in
+# declaration order.
+
+SORT_BRIEF_DOCS = NO
+
+# If the SORT_GROUP_NAMES tag is set to YES then doxygen will sort the
+# hierarchy of group names into alphabetical order. If set to NO (the default)
+# the group names will appear in their defined order.
+
+SORT_GROUP_NAMES = NO
+
+# If the SORT_BY_SCOPE_NAME tag is set to YES, the class list will be
+# sorted by fully-qualified names, including namespaces. If set to
+# NO (the default), the class list will be sorted only by class name,
+# not including the namespace part.
+# Note: This option is not very useful if HIDE_SCOPE_NAMES is set to YES.
+# Note: This option applies only to the class list, not to the
+# alphabetical list.
+
+SORT_BY_SCOPE_NAME = NO
+
+# The GENERATE_TODOLIST tag can be used to enable (YES) or
+# disable (NO) the todo list. This list is created by putting \todo
+# commands in the documentation.
+
+GENERATE_TODOLIST = YES
+
+# The GENERATE_TESTLIST tag can be used to enable (YES) or
+# disable (NO) the test list. This list is created by putting \test
+# commands in the documentation.
+
+GENERATE_TESTLIST = YES
+
+# The GENERATE_BUGLIST tag can be used to enable (YES) or
+# disable (NO) the bug list. This list is created by putting \bug
+# commands in the documentation.
+
+GENERATE_BUGLIST = YES
+
+# The GENERATE_DEPRECATEDLIST tag can be used to enable (YES) or
+# disable (NO) the deprecated list. This list is created by putting
+# \deprecated commands in the documentation.
+
+GENERATE_DEPRECATEDLIST= YES
+
+# The ENABLED_SECTIONS tag can be used to enable conditional
+# documentation sections, marked by \if sectionname ... \endif.
+
+ENABLED_SECTIONS =
+
+# The MAX_INITIALIZER_LINES tag determines the maximum number of lines
+# the initial value of a variable or define consists of for it to appear in
+# the documentation. If the initializer consists of more lines than specified
+# here it will be hidden. Use a value of 0 to hide initializers completely.
+# The appearance of the initializer of individual variables and defines in the
+# documentation can be controlled using \showinitializer or \hideinitializer
+# command in the documentation regardless of this setting.
+
+MAX_INITIALIZER_LINES = 30
+
+# Set the SHOW_USED_FILES tag to NO to disable the list of files generated
+# at the bottom of the documentation of classes and structs. If set to YES the
+# list will mention the files that were used to generate the documentation.
+
+SHOW_USED_FILES = YES
+
+# If the sources in your project are distributed over multiple directories
+# then setting the SHOW_DIRECTORIES tag to YES will show the directory hierarchy
+# in the documentation. The default is NO.
+
+SHOW_DIRECTORIES = NO
+
+# Set the SHOW_FILES tag to NO to disable the generation of the Files page.
+# This will remove the Files entry from the Quick Index and from the
+# Folder Tree View (if specified). The default is YES.
+
+SHOW_FILES = YES
+
+# Set the SHOW_NAMESPACES tag to NO to disable the generation of the
+# Namespaces page. This will remove the Namespaces entry from the Quick Index
+# and from the Folder Tree View (if specified). The default is YES.
+
+SHOW_NAMESPACES = YES
+
+# The FILE_VERSION_FILTER tag can be used to specify a program or script that
+# doxygen should invoke to get the current version for each file (typically from
+# the version control system). Doxygen will invoke the program by executing (via
+# popen()) the command <command> <input-file>, where <command> is the value of
+# the FILE_VERSION_FILTER tag, and <input-file> is the name of an input file
+# provided by doxygen. Whatever the program writes to standard output
+# is used as the file version. See the manual for examples.
+
+FILE_VERSION_FILTER =
+
+#---------------------------------------------------------------------------
+# configuration options related to warning and progress messages
+#---------------------------------------------------------------------------
+
+# The QUIET tag can be used to turn on/off the messages that are generated
+# by doxygen. Possible values are YES and NO. If left blank NO is used.
+
+QUIET = NO
+
+# The WARNINGS tag can be used to turn on/off the warning messages that are
+# generated by doxygen. Possible values are YES and NO. If left blank
+# NO is used.
+
+WARNINGS = YES
+
+# If WARN_IF_UNDOCUMENTED is set to YES, then doxygen will generate warnings
+# for undocumented members. If EXTRACT_ALL is set to YES then this flag will
+# automatically be disabled.
+
+WARN_IF_UNDOCUMENTED = YES
+
+# If WARN_IF_DOC_ERROR is set to YES, doxygen will generate warnings for
+# potential errors in the documentation, such as not documenting some
+# parameters in a documented function, or documenting parameters that
+# don't exist or using markup commands wrongly.
+
+WARN_IF_DOC_ERROR = YES
+
+# This WARN_NO_PARAMDOC option can be abled to get warnings for
+# functions that are documented, but have no documentation for their parameters
+# or return value. If set to NO (the default) doxygen will only warn about
+# wrong or incomplete parameter documentation, but not about the absence of
+# documentation.
+
+WARN_NO_PARAMDOC = NO
+
+# The WARN_FORMAT tag determines the format of the warning messages that
+# doxygen can produce. The string should contain the $file, $line, and $text
+# tags, which will be replaced by the file and line number from which the
+# warning originated and the warning text. Optionally the format may contain
+# $version, which will be replaced by the version of the file (if it could
+# be obtained via FILE_VERSION_FILTER)
+
+WARN_FORMAT = "$file:$line: $text"
+
+# The WARN_LOGFILE tag can be used to specify a file to which warning
+# and error messages should be written. If left blank the output is written
+# to stderr.
+
+WARN_LOGFILE =
+
+#---------------------------------------------------------------------------
+# configuration options related to the input files
+#---------------------------------------------------------------------------
+
+# The INPUT tag can be used to specify the files and/or directories that contain
+# documented source files. You may enter file names like "myfile.cpp" or
+# directories like "/usr/src/myproject". Separate the files or directories
+# with spaces.
+
+INPUT = ldap/servers/slapd/slapi-plugin.h
+
+# This tag can be used to specify the character encoding of the source files
+# that doxygen parses. Internally doxygen uses the UTF-8 encoding, which is
+# also the default input encoding. Doxygen uses libiconv (or the iconv built
+# into libc) for the transcoding. See http://www.gnu.org/software/libiconv for
+# the list of possible encodings.
+
+INPUT_ENCODING = UTF-8
+
+# If the value of the INPUT tag contains directories, you can use the
+# FILE_PATTERNS tag to specify one or more wildcard pattern (like *.cpp
+# and *.h) to filter out the source-files in the directories. If left
+# blank the following patterns are tested:
+# *.c *.cc *.cxx *.cpp *.c++ *.java *.ii *.ixx *.ipp *.i++ *.inl *.h *.hh *.hxx
+# *.hpp *.h++ *.idl *.odl *.cs *.php *.php3 *.inc *.m *.mm *.py *.f90
+
+FILE_PATTERNS =
+
+# The RECURSIVE tag can be used to turn specify whether or not subdirectories
+# should be searched for input files as well. Possible values are YES and NO.
+# If left blank NO is used.
+
+RECURSIVE = NO
+
+# The EXCLUDE tag can be used to specify files and/or directories that should
+# excluded from the INPUT source files. This way you can easily exclude a
+# subdirectory from a directory tree whose root is specified with the INPUT tag.
+
+EXCLUDE =
+
+# The EXCLUDE_SYMLINKS tag can be used select whether or not files or
+# directories that are symbolic links (a Unix filesystem feature) are excluded
+# from the input.
+
+EXCLUDE_SYMLINKS = NO
+
+# If the value of the INPUT tag contains directories, you can use the
+# EXCLUDE_PATTERNS tag to specify one or more wildcard patterns to exclude
+# certain files from those directories. Note that the wildcards are matched
+# against the file with absolute path, so to exclude all test directories
+# for example use the pattern */test/*
+
+EXCLUDE_PATTERNS =
+
+# The EXCLUDE_SYMBOLS tag can be used to specify one or more symbol names
+# (namespaces, classes, functions, etc.) that should be excluded from the
+# output. The symbol name can be a fully qualified name, a word, or if the
+# wildcard * is used, a substring. Examples: ANamespace, AClass,
+# AClass::ANamespace, ANamespace::*Test
+
+EXCLUDE_SYMBOLS =
+
+# The EXAMPLE_PATH tag can be used to specify one or more files or
+# directories that contain example code fragments that are included (see
+# the \include command).
+
+EXAMPLE_PATH =
+
+# If the value of the EXAMPLE_PATH tag contains directories, you can use the
+# EXAMPLE_PATTERNS tag to specify one or more wildcard pattern (like *.cpp
+# and *.h) to filter out the source-files in the directories. If left
+# blank all files are included.
+
+EXAMPLE_PATTERNS =
+
+# If the EXAMPLE_RECURSIVE tag is set to YES then subdirectories will be
+# searched for input files to be used with the \include or \dontinclude
+# commands irrespective of the value of the RECURSIVE tag.
+# Possible values are YES and NO. If left blank NO is used.
+
+EXAMPLE_RECURSIVE = NO
+
+# The IMAGE_PATH tag can be used to specify one or more files or
+# directories that contain image that are included in the documentation (see
+# the \image command).
+
+IMAGE_PATH =
+
+# The INPUT_FILTER tag can be used to specify a program that doxygen should
+# invoke to filter for each input file. Doxygen will invoke the filter program
+# by executing (via popen()) the command <filter> <input-file>, where <filter>
+# is the value of the INPUT_FILTER tag, and <input-file> is the name of an
+# input file. Doxygen will then use the output that the filter program writes
+# to standard output. If FILTER_PATTERNS is specified, this tag will be
+# ignored.
+
+INPUT_FILTER =
+
+# The FILTER_PATTERNS tag can be used to specify filters on a per file pattern
+# basis. Doxygen will compare the file name with each pattern and apply the
+# filter if there is a match. The filters are a list of the form:
+# pattern=filter (like *.cpp=my_cpp_filter). See INPUT_FILTER for further
+# info on how filters are used. If FILTER_PATTERNS is empty, INPUT_FILTER
+# is applied to all files.
+
+FILTER_PATTERNS =
+
+# If the FILTER_SOURCE_FILES tag is set to YES, the input filter (if set using
+# INPUT_FILTER) will be used to filter the input files when producing source
+# files to browse (i.e. when SOURCE_BROWSER is set to YES).
+
+FILTER_SOURCE_FILES = NO
+
+#---------------------------------------------------------------------------
+# configuration options related to source browsing
+#---------------------------------------------------------------------------
+
+# If the SOURCE_BROWSER tag is set to YES then a list of source files will
+# be generated. Documented entities will be cross-referenced with these sources.
+# Note: To get rid of all source code in the generated output, make sure also
+# VERBATIM_HEADERS is set to NO.
+
+SOURCE_BROWSER = NO
+
+# Setting the INLINE_SOURCES tag to YES will include the body
+# of functions and classes directly in the documentation.
+
+INLINE_SOURCES = NO
+
+# Setting the STRIP_CODE_COMMENTS tag to YES (the default) will instruct
+# doxygen to hide any special comment blocks from generated source code
+# fragments. Normal C and C++ comments will always remain visible.
+
+STRIP_CODE_COMMENTS = YES
+
+# If the REFERENCED_BY_RELATION tag is set to YES
+# then for each documented function all documented
+# functions referencing it will be listed.
+
+REFERENCED_BY_RELATION = NO
+
+# If the REFERENCES_RELATION tag is set to YES
+# then for each documented function all documented entities
+# called/used by that function will be listed.
+
+REFERENCES_RELATION = NO
+
+# If the REFERENCES_LINK_SOURCE tag is set to YES (the default)
+# and SOURCE_BROWSER tag is set to YES, then the hyperlinks from
+# functions in REFERENCES_RELATION and REFERENCED_BY_RELATION lists will
+# link to the source code. Otherwise they will link to the documentstion.
+
+REFERENCES_LINK_SOURCE = YES
+
+# If the USE_HTAGS tag is set to YES then the references to source code
+# will point to the HTML generated by the htags(1) tool instead of doxygen
+# built-in source browser. The htags tool is part of GNU's global source
+# tagging system (see http://www.gnu.org/software/global/global.html). You
+# will need version 4.8.6 or higher.
+
+USE_HTAGS = NO
+
+# If the VERBATIM_HEADERS tag is set to YES (the default) then Doxygen
+# will generate a verbatim copy of the header file for each class for
+# which an include is specified. Set to NO to disable this.
+
+VERBATIM_HEADERS = YES
+
+#---------------------------------------------------------------------------
+# configuration options related to the alphabetical class index
+#---------------------------------------------------------------------------
+
+# If the ALPHABETICAL_INDEX tag is set to YES, an alphabetical index
+# of all compounds will be generated. Enable this if the project
+# contains a lot of classes, structs, unions or interfaces.
+
+ALPHABETICAL_INDEX = NO
+
+# If the alphabetical index is enabled (see ALPHABETICAL_INDEX) then
+# the COLS_IN_ALPHA_INDEX tag can be used to specify the number of columns
+# in which this list will be split (can be a number in the range [1..20])
+
+COLS_IN_ALPHA_INDEX = 5
+
+# In case all classes in a project start with a common prefix, all
+# classes will be put under the same header in the alphabetical index.
+# The IGNORE_PREFIX tag can be used to specify one or more prefixes that
+# should be ignored while generating the index headers.
+
+IGNORE_PREFIX =
+
+#---------------------------------------------------------------------------
+# configuration options related to the HTML output
+#---------------------------------------------------------------------------
+
+# If the GENERATE_HTML tag is set to YES (the default) Doxygen will
+# generate HTML output.
+
+GENERATE_HTML = YES
+
+# The HTML_OUTPUT tag is used to specify where the HTML docs will be put.
+# If a relative path is entered the value of OUTPUT_DIRECTORY will be
+# put in front of it. If left blank `html' will be used as the default path.
+
+HTML_OUTPUT = html
+
+# The HTML_FILE_EXTENSION tag can be used to specify the file extension for
+# each generated HTML page (for example: .htm,.php,.asp). If it is left blank
+# doxygen will generate files with .html extension.
+
+HTML_FILE_EXTENSION = .html
+
+# The HTML_HEADER tag can be used to specify a personal HTML header for
+# each generated HTML page. If it is left blank doxygen will generate a
+# standard header.
+
+HTML_HEADER =
+
+# The HTML_FOOTER tag can be used to specify a personal HTML footer for
+# each generated HTML page. If it is left blank doxygen will generate a
+# standard footer.
+
+HTML_FOOTER =
+
+# The HTML_STYLESHEET tag can be used to specify a user-defined cascading
+# style sheet that is used by each HTML page. It can be used to
+# fine-tune the look of the HTML output. If the tag is left blank doxygen
+# will generate a default style sheet. Note that doxygen will try to copy
+# the style sheet file to the HTML output directory, so don't put your own
+# stylesheet in the HTML output directory as well, or it will be erased!
+
+HTML_STYLESHEET =
+
+# If the HTML_ALIGN_MEMBERS tag is set to YES, the members of classes,
+# files or namespaces will be aligned in HTML using tables. If set to
+# NO a bullet list will be used.
+
+HTML_ALIGN_MEMBERS = YES
+
+# If the GENERATE_HTMLHELP tag is set to YES, additional index files
+# will be generated that can be used as input for tools like the
+# Microsoft HTML help workshop to generate a compiled HTML help file (.chm)
+# of the generated HTML documentation.
+
+GENERATE_HTMLHELP = NO
+
+# If the GENERATE_DOCSET tag is set to YES, additional index files
+# will be generated that can be used as input for Apple's Xcode 3
+# integrated development environment, introduced with OSX 10.5 (Leopard).
+# To create a documentation set, doxygen will generate a Makefile in the
+# HTML output directory. Running make will produce the docset in that
+# directory and running "make install" will install the docset in
+# ~/Library/Developer/Shared/Documentation/DocSets so that Xcode will find
+# it at startup.
+
+GENERATE_DOCSET = NO
+
+# When GENERATE_DOCSET tag is set to YES, this tag determines the name of the
+# feed. A documentation feed provides an umbrella under which multiple
+# documentation sets from a single provider (such as a company or product suite)
+# can be grouped.
+
+DOCSET_FEEDNAME = "Doxygen generated docs"
+
+# When GENERATE_DOCSET tag is set to YES, this tag specifies a string that
+# should uniquely identify the documentation set bundle. This should be a
+# reverse domain-name style string, e.g. com.mycompany.MyDocSet. Doxygen
+# will append .docset to the name.
+
+DOCSET_BUNDLE_ID = org.doxygen.Project
+
+# If the HTML_DYNAMIC_SECTIONS tag is set to YES then the generated HTML
+# documentation will contain sections that can be hidden and shown after the
+# page has loaded. For this to work a browser that supports
+# JavaScript and DHTML is required (for instance Mozilla 1.0+, Firefox
+# Netscape 6.0+, Internet explorer 5.0+, Konqueror, or Safari).
+
+HTML_DYNAMIC_SECTIONS = NO
+
+# If the GENERATE_HTMLHELP tag is set to YES, the CHM_FILE tag can
+# be used to specify the file name of the resulting .chm file. You
+# can add a path in front of the file if the result should not be
+# written to the html output directory.
+
+CHM_FILE =
+
+# If the GENERATE_HTMLHELP tag is set to YES, the HHC_LOCATION tag can
+# be used to specify the location (absolute path including file name) of
+# the HTML help compiler (hhc.exe). If non-empty doxygen will try to run
+# the HTML help compiler on the generated index.hhp.
+
+HHC_LOCATION =
+
+# If the GENERATE_HTMLHELP tag is set to YES, the GENERATE_CHI flag
+# controls if a separate .chi index file is generated (YES) or that
+# it should be included in the master .chm file (NO).
+
+GENERATE_CHI = NO
+
+# If the GENERATE_HTMLHELP tag is set to YES, the CHM_INDEX_ENCODING
+# is used to encode HtmlHelp index (hhk), content (hhc) and project file
+# content.
+
+CHM_INDEX_ENCODING =
+
+# If the GENERATE_HTMLHELP tag is set to YES, the BINARY_TOC flag
+# controls whether a binary table of contents is generated (YES) or a
+# normal table of contents (NO) in the .chm file.
+
+BINARY_TOC = NO
+
+# The TOC_EXPAND flag can be set to YES to add extra items for group members
+# to the contents of the HTML help documentation and to the tree view.
+
+TOC_EXPAND = NO
+
+# The DISABLE_INDEX tag can be used to turn on/off the condensed index at
+# top of each HTML page. The value NO (the default) enables the index and
+# the value YES disables it.
+
+DISABLE_INDEX = NO
+
+# This tag can be used to set the number of enum values (range [1..20])
+# that doxygen will group on one line in the generated HTML documentation.
+
+ENUM_VALUES_PER_LINE = 4
+
+# The GENERATE_TREEVIEW tag is used to specify whether a tree-like index
+# structure should be generated to display hierarchical information.
+# If the tag value is set to FRAME, a side panel will be generated
+# containing a tree-like index structure (just like the one that
+# is generated for HTML Help). For this to work a browser that supports
+# JavaScript, DHTML, CSS and frames is required (for instance Mozilla 1.0+,
+# Netscape 6.0+, Internet explorer 5.0+, or Konqueror). Windows users are
+# probably better off using the HTML help feature. Other possible values
+# for this tag are: HIERARCHIES, which will generate the Groups, Directories,
+# and Class Hiererachy pages using a tree view instead of an ordered list;
+# ALL, which combines the behavior of FRAME and HIERARCHIES; and NONE, which
+# disables this behavior completely. For backwards compatibility with previous
+# releases of Doxygen, the values YES and NO are equivalent to FRAME and NONE
+# respectively.
+
+GENERATE_TREEVIEW = NONE
+
+# If the treeview is enabled (see GENERATE_TREEVIEW) then this tag can be
+# used to set the initial width (in pixels) of the frame in which the tree
+# is shown.
+
+TREEVIEW_WIDTH = 250
+
+# Use this tag to change the font size of Latex formulas included
+# as images in the HTML documentation. The default is 10. Note that
+# when you change the font size after a successful doxygen run you need
+# to manually remove any form_*.png images from the HTML output directory
+# to force them to be regenerated.
+
+FORMULA_FONTSIZE = 10
+
+#---------------------------------------------------------------------------
+# configuration options related to the LaTeX output
+#---------------------------------------------------------------------------
+
+# If the GENERATE_LATEX tag is set to YES (the default) Doxygen will
+# generate Latex output.
+
+GENERATE_LATEX = YES
+
+# The LATEX_OUTPUT tag is used to specify where the LaTeX docs will be put.
+# If a relative path is entered the value of OUTPUT_DIRECTORY will be
+# put in front of it. If left blank `latex' will be used as the default path.
+
+LATEX_OUTPUT = latex
+
+# The LATEX_CMD_NAME tag can be used to specify the LaTeX command name to be
+# invoked. If left blank `latex' will be used as the default command name.
+
+LATEX_CMD_NAME = latex
+
+# The MAKEINDEX_CMD_NAME tag can be used to specify the command name to
+# generate index for LaTeX. If left blank `makeindex' will be used as the
+# default command name.
+
+MAKEINDEX_CMD_NAME = makeindex
+
+# If the COMPACT_LATEX tag is set to YES Doxygen generates more compact
+# LaTeX documents. This may be useful for small projects and may help to
+# save some trees in general.
+
+COMPACT_LATEX = NO
+
+# The PAPER_TYPE tag can be used to set the paper type that is used
+# by the printer. Possible values are: a4, a4wide, letter, legal and
+# executive. If left blank a4wide will be used.
+
+PAPER_TYPE = a4wide
+
+# The EXTRA_PACKAGES tag can be to specify one or more names of LaTeX
+# packages that should be included in the LaTeX output.
+
+EXTRA_PACKAGES =
+
+# The LATEX_HEADER tag can be used to specify a personal LaTeX header for
+# the generated latex document. The header should contain everything until
+# the first chapter. If it is left blank doxygen will generate a
+# standard header. Notice: only use this tag if you know what you are doing!
+
+LATEX_HEADER =
+
+# If the PDF_HYPERLINKS tag is set to YES, the LaTeX that is generated
+# is prepared for conversion to pdf (using ps2pdf). The pdf file will
+# contain links (just like the HTML output) instead of page references
+# This makes the output suitable for online browsing using a pdf viewer.
+
+PDF_HYPERLINKS = YES
+
+# If the USE_PDFLATEX tag is set to YES, pdflatex will be used instead of
+# plain latex in the generated Makefile. Set this option to YES to get a
+# higher quality PDF documentation.
+
+USE_PDFLATEX = YES
+
+# If the LATEX_BATCHMODE tag is set to YES, doxygen will add the \\batchmode.
+# command to the generated LaTeX files. This will instruct LaTeX to keep
+# running if errors occur, instead of asking the user for help.
+# This option is also used when generating formulas in HTML.
+
+LATEX_BATCHMODE = NO
+
+# If LATEX_HIDE_INDICES is set to YES then doxygen will not
+# include the index chapters (such as File Index, Compound Index, etc.)
+# in the output.
+
+LATEX_HIDE_INDICES = NO
+
+#---------------------------------------------------------------------------
+# configuration options related to the RTF output
+#---------------------------------------------------------------------------
+
+# If the GENERATE_RTF tag is set to YES Doxygen will generate RTF output
+# The RTF output is optimized for Word 97 and may not look very pretty with
+# other RTF readers or editors.
+
+GENERATE_RTF = NO
+
+# The RTF_OUTPUT tag is used to specify where the RTF docs will be put.
+# If a relative path is entered the value of OUTPUT_DIRECTORY will be
+# put in front of it. If left blank `rtf' will be used as the default path.
+
+RTF_OUTPUT = rtf
+
+# If the COMPACT_RTF tag is set to YES Doxygen generates more compact
+# RTF documents. This may be useful for small projects and may help to
+# save some trees in general.
+
+COMPACT_RTF = NO
+
+# If the RTF_HYPERLINKS tag is set to YES, the RTF that is generated
+# will contain hyperlink fields. The RTF file will
+# contain links (just like the HTML output) instead of page references.
+# This makes the output suitable for online browsing using WORD or other
+# programs which support those fields.
+# Note: wordpad (write) and others do not support links.
+
+RTF_HYPERLINKS = NO
+
+# Load stylesheet definitions from file. Syntax is similar to doxygen's
+# config file, i.e. a series of assignments. You only have to provide
+# replacements, missing definitions are set to their default value.
+
+RTF_STYLESHEET_FILE =
+
+# Set optional variables used in the generation of an rtf document.
+# Syntax is similar to doxygen's config file.
+
+RTF_EXTENSIONS_FILE =
+
+#---------------------------------------------------------------------------
+# configuration options related to the man page output
+#---------------------------------------------------------------------------
+
+# If the GENERATE_MAN tag is set to YES (the default) Doxygen will
+# generate man pages
+
+GENERATE_MAN = NO
+
+# The MAN_OUTPUT tag is used to specify where the man pages will be put.
+# If a relative path is entered the value of OUTPUT_DIRECTORY will be
+# put in front of it. If left blank `man' will be used as the default path.
+
+MAN_OUTPUT = man
+
+# The MAN_EXTENSION tag determines the extension that is added to
+# the generated man pages (default is the subroutine's section .3)
+
+MAN_EXTENSION = .3
+
+# If the MAN_LINKS tag is set to YES and Doxygen generates man output,
+# then it will generate one additional man file for each entity
+# documented in the real man page(s). These additional files
+# only source the real man page, but without them the man command
+# would be unable to find the correct page. The default is NO.
+
+MAN_LINKS = NO
+
+#---------------------------------------------------------------------------
+# configuration options related to the XML output
+#---------------------------------------------------------------------------
+
+# If the GENERATE_XML tag is set to YES Doxygen will
+# generate an XML file that captures the structure of
+# the code including all documentation.
+
+GENERATE_XML = NO
+
+# The XML_OUTPUT tag is used to specify where the XML pages will be put.
+# If a relative path is entered the value of OUTPUT_DIRECTORY will be
+# put in front of it. If left blank `xml' will be used as the default path.
+
+XML_OUTPUT = xml
+
+# The XML_SCHEMA tag can be used to specify an XML schema,
+# which can be used by a validating XML parser to check the
+# syntax of the XML files.
+
+XML_SCHEMA =
+
+# The XML_DTD tag can be used to specify an XML DTD,
+# which can be used by a validating XML parser to check the
+# syntax of the XML files.
+
+XML_DTD =
+
+# If the XML_PROGRAMLISTING tag is set to YES Doxygen will
+# dump the program listings (including syntax highlighting
+# and cross-referencing information) to the XML output. Note that
+# enabling this will significantly increase the size of the XML output.
+
+XML_PROGRAMLISTING = YES
+
+#---------------------------------------------------------------------------
+# configuration options for the AutoGen Definitions output
+#---------------------------------------------------------------------------
+
+# If the GENERATE_AUTOGEN_DEF tag is set to YES Doxygen will
+# generate an AutoGen Definitions (see autogen.sf.net) file
+# that captures the structure of the code including all
+# documentation. Note that this feature is still experimental
+# and incomplete at the moment.
+
+GENERATE_AUTOGEN_DEF = NO
+
+#---------------------------------------------------------------------------
+# configuration options related to the Perl module output
+#---------------------------------------------------------------------------
+
+# If the GENERATE_PERLMOD tag is set to YES Doxygen will
+# generate a Perl module file that captures the structure of
+# the code including all documentation. Note that this
+# feature is still experimental and incomplete at the
+# moment.
+
+GENERATE_PERLMOD = NO
+
+# If the PERLMOD_LATEX tag is set to YES Doxygen will generate
+# the necessary Makefile rules, Perl scripts and LaTeX code to be able
+# to generate PDF and DVI output from the Perl module output.
+
+PERLMOD_LATEX = NO
+
+# If the PERLMOD_PRETTY tag is set to YES the Perl module output will be
+# nicely formatted so it can be parsed by a human reader. This is useful
+# if you want to understand what is going on. On the other hand, if this
+# tag is set to NO the size of the Perl module output will be much smaller
+# and Perl will parse it just the same.
+
+PERLMOD_PRETTY = YES
+
+# The names of the make variables in the generated doxyrules.make file
+# are prefixed with the string contained in PERLMOD_MAKEVAR_PREFIX.
+# This is useful so different doxyrules.make files included by the same
+# Makefile don't overwrite each other's variables.
+
+PERLMOD_MAKEVAR_PREFIX =
+
+#---------------------------------------------------------------------------
+# Configuration options related to the preprocessor
+#---------------------------------------------------------------------------
+
+# If the ENABLE_PREPROCESSING tag is set to YES (the default) Doxygen will
+# evaluate all C-preprocessor directives found in the sources and include
+# files.
+
+ENABLE_PREPROCESSING = YES
+
+# If the MACRO_EXPANSION tag is set to YES Doxygen will expand all macro
+# names in the source code. If set to NO (the default) only conditional
+# compilation will be performed. Macro expansion can be done in a controlled
+# way by setting EXPAND_ONLY_PREDEF to YES.
+
+MACRO_EXPANSION = NO
+
+# If the EXPAND_ONLY_PREDEF and MACRO_EXPANSION tags are both set to YES
+# then the macro expansion is limited to the macros specified with the
+# PREDEFINED and EXPAND_AS_DEFINED tags.
+
+EXPAND_ONLY_PREDEF = NO
+
+# If the SEARCH_INCLUDES tag is set to YES (the default) the includes files
+# in the INCLUDE_PATH (see below) will be search if a #include is found.
+
+SEARCH_INCLUDES = YES
+
+# The INCLUDE_PATH tag can be used to specify one or more directories that
+# contain include files that are not input files but should be processed by
+# the preprocessor.
+
+INCLUDE_PATH =
+
+# You can use the INCLUDE_FILE_PATTERNS tag to specify one or more wildcard
+# patterns (like *.h and *.hpp) to filter out the header-files in the
+# directories. If left blank, the patterns specified with FILE_PATTERNS will
+# be used.
+
+INCLUDE_FILE_PATTERNS =
+
+# The PREDEFINED tag can be used to specify one or more macro names that
+# are defined before the preprocessor is started (similar to the -D option of
+# gcc). The argument of the tag is a list of macros of the form: name
+# or name=definition (no spaces). If the definition and the = are
+# omitted =1 is assumed. To prevent a macro definition from being
+# undefined via #undef or recursively expanded use the := operator
+# instead of the = operator.
+
+PREDEFINED =
+
+# If the MACRO_EXPANSION and EXPAND_ONLY_PREDEF tags are set to YES then
+# this tag can be used to specify a list of macro names that should be expanded.
+# The macro definition that is found in the sources will be used.
+# Use the PREDEFINED tag if you want to use a different macro definition.
+
+EXPAND_AS_DEFINED =
+
+# If the SKIP_FUNCTION_MACROS tag is set to YES (the default) then
+# doxygen's preprocessor will remove all function-like macros that are alone
+# on a line, have an all uppercase name, and do not end with a semicolon. Such
+# function macros are typically used for boiler-plate code, and will confuse
+# the parser if not removed.
+
+SKIP_FUNCTION_MACROS = YES
+
+#---------------------------------------------------------------------------
+# Configuration::additions related to external references
+#---------------------------------------------------------------------------
+
+# The TAGFILES option can be used to specify one or more tagfiles.
+# Optionally an initial location of the external documentation
+# can be added for each tagfile. The format of a tag file without
+# this location is as follows:
+# TAGFILES = file1 file2 ...
+# Adding location for the tag files is done as follows:
+# TAGFILES = file1=loc1 "file2 = loc2" ...
+# where "loc1" and "loc2" can be relative or absolute paths or
+# URLs. If a location is present for each tag, the installdox tool
+# does not have to be run to correct the links.
+# Note that each tag file must have a unique name
+# (where the name does NOT include the path)
+# If a tag file is not located in the directory in which doxygen
+# is run, you must also specify the path to the tagfile here.
+
+TAGFILES =
+
+# When a file name is specified after GENERATE_TAGFILE, doxygen will create
+# a tag file that is based on the input files it reads.
+
+GENERATE_TAGFILE =
+
+# If the ALLEXTERNALS tag is set to YES all external classes will be listed
+# in the class index. If set to NO only the inherited external classes
+# will be listed.
+
+ALLEXTERNALS = NO
+
+# If the EXTERNAL_GROUPS tag is set to YES all external groups will be listed
+# in the modules index. If set to NO, only the current project's groups will
+# be listed.
+
+EXTERNAL_GROUPS = YES
+
+# The PERL_PATH should be the absolute path and name of the perl script
+# interpreter (i.e. the result of `which perl').
+
+PERL_PATH = /usr/bin/perl
+
+#---------------------------------------------------------------------------
+# Configuration options related to the dot tool
+#---------------------------------------------------------------------------
+
+# If the CLASS_DIAGRAMS tag is set to YES (the default) Doxygen will
+# generate a inheritance diagram (in HTML, RTF and LaTeX) for classes with base
+# or super classes. Setting the tag to NO turns the diagrams off. Note that
+# this option is superseded by the HAVE_DOT option below. This is only a
+# fallback. It is recommended to install and use dot, since it yields more
+# powerful graphs.
+
+CLASS_DIAGRAMS = YES
+
+# You can define message sequence charts within doxygen comments using the \msc
+# command. Doxygen will then run the mscgen tool (see
+# http://www.mcternan.me.uk/mscgen/) to produce the chart and insert it in the
+# documentation. The MSCGEN_PATH tag allows you to specify the directory where
+# the mscgen tool resides. If left empty the tool is assumed to be found in the
+# default search path.
+
+MSCGEN_PATH =
+
+# If set to YES, the inheritance and collaboration graphs will hide
+# inheritance and usage relations if the target is undocumented
+# or is not a class.
+
+HIDE_UNDOC_RELATIONS = YES
+
+# If you set the HAVE_DOT tag to YES then doxygen will assume the dot tool is
+# available from the path. This tool is part of Graphviz, a graph visualization
+# toolkit from AT&T and Lucent Bell Labs. The other options in this section
+# have no effect if this option is set to NO (the default)
+
+HAVE_DOT = NO
+
+# By default doxygen will write a font called FreeSans.ttf to the output
+# directory and reference it in all dot files that doxygen generates. This
+# font does not include all possible unicode characters however, so when you need
+# these (or just want a differently looking font) you can specify the font name
+# using DOT_FONTNAME. You need need to make sure dot is able to find the font,
+# which can be done by putting it in a standard location or by setting the
+# DOTFONTPATH environment variable or by setting DOT_FONTPATH to the directory
+# containing the font.
+
+DOT_FONTNAME = FreeSans
+
+# By default doxygen will tell dot to use the output directory to look for the
+# FreeSans.ttf font (which doxygen will put there itself). If you specify a
+# different font using DOT_FONTNAME you can set the path where dot
+# can find it using this tag.
+
+DOT_FONTPATH =
+
+# If the CLASS_GRAPH and HAVE_DOT tags are set to YES then doxygen
+# will generate a graph for each documented class showing the direct and
+# indirect inheritance relations. Setting this tag to YES will force the
+# the CLASS_DIAGRAMS tag to NO.
+
+CLASS_GRAPH = YES
+
+# If the COLLABORATION_GRAPH and HAVE_DOT tags are set to YES then doxygen
+# will generate a graph for each documented class showing the direct and
+# indirect implementation dependencies (inheritance, containment, and
+# class references variables) of the class with other documented classes.
+
+COLLABORATION_GRAPH = YES
+
+# If the GROUP_GRAPHS and HAVE_DOT tags are set to YES then doxygen
+# will generate a graph for groups, showing the direct groups dependencies
+
+GROUP_GRAPHS = YES
+
+# If the UML_LOOK tag is set to YES doxygen will generate inheritance and
+# collaboration diagrams in a style similar to the OMG's Unified Modeling
+# Language.
+
+UML_LOOK = NO
+
+# If set to YES, the inheritance and collaboration graphs will show the
+# relations between templates and their instances.
+
+TEMPLATE_RELATIONS = NO
+
+# If the ENABLE_PREPROCESSING, SEARCH_INCLUDES, INCLUDE_GRAPH, and HAVE_DOT
+# tags are set to YES then doxygen will generate a graph for each documented
+# file showing the direct and indirect include dependencies of the file with
+# other documented files.
+
+INCLUDE_GRAPH = YES
+
+# If the ENABLE_PREPROCESSING, SEARCH_INCLUDES, INCLUDED_BY_GRAPH, and
+# HAVE_DOT tags are set to YES then doxygen will generate a graph for each
+# documented header file showing the documented files that directly or
+# indirectly include this file.
+
+INCLUDED_BY_GRAPH = YES
+
+# If the CALL_GRAPH and HAVE_DOT options are set to YES then
+# doxygen will generate a call dependency graph for every global function
+# or class method. Note that enabling this option will significantly increase
+# the time of a run. So in most cases it will be better to enable call graphs
+# for selected functions only using the \callgraph command.
+
+CALL_GRAPH = NO
+
+# If the CALLER_GRAPH and HAVE_DOT tags are set to YES then
+# doxygen will generate a caller dependency graph for every global function
+# or class method. Note that enabling this option will significantly increase
+# the time of a run. So in most cases it will be better to enable caller
+# graphs for selected functions only using the \callergraph command.
+
+CALLER_GRAPH = NO
+
+# If the GRAPHICAL_HIERARCHY and HAVE_DOT tags are set to YES then doxygen
+# will graphical hierarchy of all classes instead of a textual one.
+
+GRAPHICAL_HIERARCHY = YES
+
+# If the DIRECTORY_GRAPH, SHOW_DIRECTORIES and HAVE_DOT tags are set to YES
+# then doxygen will show the dependencies a directory has on other directories
+# in a graphical way. The dependency relations are determined by the #include
+# relations between the files in the directories.
+
+DIRECTORY_GRAPH = YES
+
+# The DOT_IMAGE_FORMAT tag can be used to set the image format of the images
+# generated by dot. Possible values are png, jpg, or gif
+# If left blank png will be used.
+
+DOT_IMAGE_FORMAT = png
+
+# The tag DOT_PATH can be used to specify the path where the dot tool can be
+# found. If left blank, it is assumed the dot tool can be found in the path.
+
+DOT_PATH =
+
+# The DOTFILE_DIRS tag can be used to specify one or more directories that
+# contain dot files that are included in the documentation (see the
+# \dotfile command).
+
+DOTFILE_DIRS =
+
+# The DOT_GRAPH_MAX_NODES tag can be used to set the maximum number of
+# nodes that will be shown in the graph. If the number of nodes in a graph
+# becomes larger than this value, doxygen will truncate the graph, which is
+# visualized by representing a node as a red box. Note that doxygen if the
+# number of direct children of the root node in a graph is already larger than
+# DOT_GRAPH_MAX_NODES then the graph will not be shown at all. Also note
+# that the size of a graph can be further restricted by MAX_DOT_GRAPH_DEPTH.
+
+DOT_GRAPH_MAX_NODES = 50
+
+# The MAX_DOT_GRAPH_DEPTH tag can be used to set the maximum depth of the
+# graphs generated by dot. A depth value of 3 means that only nodes reachable
+# from the root by following a path via at most 3 edges will be shown. Nodes
+# that lay further from the root node will be omitted. Note that setting this
+# option to 1 or 2 may greatly reduce the computation time needed for large
+# code bases. Also note that the size of a graph can be further restricted by
+# DOT_GRAPH_MAX_NODES. Using a depth of 0 means no depth restriction.
+
+MAX_DOT_GRAPH_DEPTH = 0
+
+# Set the DOT_TRANSPARENT tag to YES to generate images with a transparent
+# background. This is enabled by default, which results in a transparent
+# background. Warning: Depending on the platform used, enabling this option
+# may lead to badly anti-aliased labels on the edges of a graph (i.e. they
+# become hard to read).
+
+DOT_TRANSPARENT = YES
+
+# Set the DOT_MULTI_TARGETS tag to YES allow dot to generate multiple output
+# files in one run (i.e. multiple -o and -T options on the command line). This
+# makes dot run faster, but since only newer versions of dot (>1.8.10)
+# support this, this feature is disabled by default.
+
+DOT_MULTI_TARGETS = NO
+
+# If the GENERATE_LEGEND tag is set to YES (the default) Doxygen will
+# generate a legend page explaining the meaning of the various boxes and
+# arrows in the dot generated graphs.
+
+GENERATE_LEGEND = YES
+
+# If the DOT_CLEANUP tag is set to YES (the default) Doxygen will
+# remove the intermediate dot files that are used to generate
+# the various graphs.
+
+DOT_CLEANUP = YES
+
+#---------------------------------------------------------------------------
+# Configuration::additions related to the search engine
+#---------------------------------------------------------------------------
+
+# The SEARCHENGINE tag specifies whether or not a search engine should be
+# used. If set to NO the values of all tags below this one will be ignored.
+
+SEARCHENGINE = NO
--
1.5.5.1
14 years, 11 months
[Fedora-directory-devel] Please Review: Syntax Validation feature implementation
by Nathan Kinder
Here's the implementation of syntax validation support for values being
added to the database. It does not deal with validation of assertion
values.
For details on the implementation, see the design document:
http://directory.fedoraproject.org/wiki/Syntax_Validation_Design
I also added support for the "numericString" syntax.
-NGK
>From d19eafcd211d89cffdac1b2c3432087443e7d122 Mon Sep 17 00:00:00 2001
From: Nathan Kinder <nkinder(a)redhat.com>
Date: Fri, 8 May 2009 09:14:42 -0700
Subject: [PATCH] Added capability to validate syntax of values being added to the database. Also added numericstring syntax support.
For more details, see the design doc at http://directory.fedoraproject.org/wiki/Syntax_Validation_Design
---
Makefile.am | 28 +-
config.h.in | 3 +
configure.ac | 15 +
.../src/scripts/template-syntax-validate.pl.in | 163 +++++++
ldap/ldif/template-dse.ldif.in | 25 +-
ldap/schema/60mozilla.ldif | 4 +-
ldap/servers/plugins/syntaxes/bin.c | 6 +-
ldap/servers/plugins/syntaxes/ces.c | 43 ++-
ldap/servers/plugins/syntaxes/cis.c | 482 +++++++++++++++++++-
ldap/servers/plugins/syntaxes/dn.c | 215 +++++++++
ldap/servers/plugins/syntaxes/int.c | 56 +++
ldap/servers/plugins/syntaxes/numericstring.c | 188 ++++++++
ldap/servers/plugins/syntaxes/sicis.c | 3 +
ldap/servers/plugins/syntaxes/syntax.h | 45 ++
ldap/servers/plugins/syntaxes/tel.c | 35 ++
ldap/servers/plugins/syntaxes/validate.c | 352 ++++++++++++++
ldap/servers/plugins/syntaxes/validate_task.c | 303 ++++++++++++
ldap/servers/slapd/add.c | 10 +
ldap/servers/slapd/back-ldbm/import-threads.c | 22 +-
ldap/servers/slapd/back-ldbm/ldbm_add.c | 9 +
ldap/servers/slapd/back-ldbm/ldbm_modify.c | 14 +-
ldap/servers/slapd/back-ldbm/ldbm_modrdn.c | 11 +
ldap/servers/slapd/back-ldif/add.c | 7 +
ldap/servers/slapd/back-ldif/modify.c | 7 +
ldap/servers/slapd/config.c | 34 ++-
ldap/servers/slapd/dse.c | 23 +
ldap/servers/slapd/fedse.c | 11 +-
ldap/servers/slapd/libglobs.c | 59 +++
ldap/servers/slapd/pblock.c | 12 +
ldap/servers/slapd/plugin.c | 16 +-
ldap/servers/slapd/plugin_syntax.c | 177 +++++++
ldap/servers/slapd/proto-slap.h | 4 +
ldap/servers/slapd/schema.c | 4 +-
ldap/servers/slapd/slap.h | 22 +-
ldap/servers/slapd/slapi-plugin.h | 6 +-
35 files changed, 2352 insertions(+), 62 deletions(-)
create mode 100644 ldap/admin/src/scripts/template-syntax-validate.pl.in
create mode 100644 ldap/servers/plugins/syntaxes/numericstring.c
create mode 100644 ldap/servers/plugins/syntaxes/validate.c
create mode 100644 ldap/servers/plugins/syntaxes/validate_task.c
diff --git a/Makefile.am b/Makefile.am
index ddfe011..b9cdc18 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -138,14 +138,22 @@ LIBBITWISE_PLUGIN = libbitwise-plugin.la
enable_bitwise = 1
endif
+if enable_presence
+LIBPRESENCE_PLUGIN = libpresence-plugin.la
+LIBPRESENCE_SCHEMA = $(srcdir)/ldap/schema/10presence.ldif
+enable_presence = on
+else
+enable_presence = off
+endif
+
serverplugin_LTLIBRARIES = libacl-plugin.la libattr-unique-plugin.la \
libback-ldbm.la libchainingdb-plugin.la libcos-plugin.la libdes-plugin.la \
libdistrib-plugin.la libhttp-client-plugin.la libcollation-plugin.la \
- libmemberof-plugin.la libpassthru-plugin.la libpresence-plugin.la \
- libpwdstorage-plugin.la libreferint-plugin.la libreplication-plugin.la \
- libretrocl-plugin.la libroles-plugin.la libstatechange-plugin.la \
- libsyntax-plugin.la libviews-plugin.la libschemareload-plugin.la \
- $(LIBPAM_PASSTHRU_PLUGIN) $(LIBDNA_PLUGIN) $(LIBBITWISE_PLUGIN)
+ libmemberof-plugin.la libpassthru-plugin.la libpwdstorage-plugin.la \
+ libreferint-plugin.la libreplication-plugin.la libretrocl-plugin.la \
+ libroles-plugin.la libstatechange-plugin.la libsyntax-plugin.la \
+ libviews-plugin.la libschemareload-plugin.la $(LIBPAM_PASSTHRU_PLUGIN) \
+ $(LIBDNA_PLUGIN) $(LIBBITWISE_PLUGIN) $(LIBPRESENCE_PLUGIN)
nodist_property_DATA = ns-slapd.properties
@@ -200,13 +208,13 @@ sampledata_DATA = $(srcdir)/ldap/ldif/Ace.ldif \
$(srcdir)/ldap/schema/60radius.ldif \
$(srcdir)/ldap/schema/60rfc4876.ldif \
$(srcdir)/ldap/schema/60samba.ldif \
- $(srcdir)/ldap/schema/60samba3.ldif
+ $(srcdir)/ldap/schema/60samba3.ldif \
+ $(LIBPRESENCE_SCHEMA)
schema_DATA = $(srcdir)/ldap/schema/00core.ldif \
$(srcdir)/ldap/schema/01common.ldif \
$(srcdir)/ldap/schema/05rfc2247.ldif \
$(srcdir)/ldap/schema/05rfc2927.ldif \
- $(srcdir)/ldap/schema/10presence.ldif \
$(srcdir)/ldap/schema/10rfc2307.ldif \
$(srcdir)/ldap/schema/20subscriber.ldif \
$(srcdir)/ldap/schema/25java-object.ldif \
@@ -295,6 +303,7 @@ task_SCRIPTS = ldap/admin/src/scripts/template-bak2db \
ldap/admin/src/scripts/template-ns-inactivate.pl \
ldap/admin/src/scripts/template-ns-newpwpolicy.pl \
ldap/admin/src/scripts/template-schema-reload.pl \
+ ldap/admin/src/scripts/template-syntax-validate.pl \
ldap/admin/src/scripts/template-verify-db.pl \
ldap/admin/src/scripts/template-dbverify
@@ -894,10 +903,13 @@ libsyntax_plugin_la_SOURCES = ldap/servers/plugins/syntaxes/bin.c \
ldap/servers/plugins/syntaxes/debug.c \
ldap/servers/plugins/syntaxes/dn.c \
ldap/servers/plugins/syntaxes/int.c \
+ ldap/servers/plugins/syntaxes/numericstring.c \
ldap/servers/plugins/syntaxes/phonetic.c \
ldap/servers/plugins/syntaxes/sicis.c \
ldap/servers/plugins/syntaxes/string.c \
ldap/servers/plugins/syntaxes/tel.c \
+ ldap/servers/plugins/syntaxes/validate.c \
+ ldap/servers/plugins/syntaxes/validate_task.c \
ldap/servers/plugins/syntaxes/value.c
libsyntax_plugin_la_CPPFLAGS = $(PLUGIN_CPPFLAGS)
@@ -1149,6 +1161,7 @@ fixupcmd = sed \
-e 's,@enable_dna\@,$(enable_dna),g' \
-e 's,@enable_autobind\@,$(enable_autobind),g' \
-e 's,@enable_auto_dn_suffix\@,$(enable_auto_dn_suffix),g' \
+ -e 's,@enable_presence\@,$(enable_presence),g' \
-e 's,@ECHO_N\@,$(ECHO_N),g' \
-e 's,@ECHO_C\@,$(ECHO_C),g' \
-e 's,@brand\@,$(brand),g' \
@@ -1199,6 +1212,7 @@ fixupcmd = sed \
-e 's,@enable_dna\@,$(enable_dna),g' \
-e 's,@enable_autobind\@,$(enable_autobind),g' \
-e 's,@enable_auto_dn_suffix\@,$(enable_auto_dn_suffix),g' \
+ -e 's,@enable_presence\@,$(enable_presence),g' \
-e 's,@ECHO_N\@,$(ECHO_N),g' \
-e 's,@ECHO_C\@,$(ECHO_C),g' \
-e 's,@brand\@,$(brand),g' \
diff --git a/config.h.in b/config.h.in
index e3175ca..981e815 100644
--- a/config.h.in
+++ b/config.h.in
@@ -39,6 +39,9 @@
/* enable the pam passthru auth plugin */
#undef ENABLE_PAM_PASSTHRU
+/* enable the presence plugin */
+#undef ENABLE_PRESENCE
+
/* Define to 1 if you have the <arpa/inet.h> header file. */
#undef HAVE_ARPA_INET_H
diff --git a/configure.ac b/configure.ac
index 9626172..57dd54d 100644
--- a/configure.ac
+++ b/configure.ac
@@ -167,6 +167,21 @@ else
fi
AM_CONDITIONAL(enable_bitwise,test "$enable_bitwise" = "yes")
+if test -z "$enable_presence" ; then
+ enable_presence=no # if not set on cmdline, set default
+fi
+AC_MSG_CHECKING(for --enable-presence)
+AC_ARG_ENABLE(presence,
+ AS_HELP_STRING([--enable-presence],
+ [enable the presence plugin (default: no)]))
+if test "$enable_presence" = yes ; then
+ AC_MSG_RESULT(yes)
+ AC_DEFINE([ENABLE_PRESENCE], [1], [enable the presence plugin])
+else
+ AC_MSG_RESULT(no)
+fi
+AM_CONDITIONAL(enable_presence,test "$enable_presence" = "yes")
+
# the default prefix - override with --prefix or --with-fhs
AC_PREFIX_DEFAULT([/opt/$PACKAGE_NAME])
diff --git a/ldap/admin/src/scripts/template-syntax-validate.pl.in b/ldap/admin/src/scripts/template-syntax-validate.pl.in
new file mode 100644
index 0000000..4e4fa74
--- /dev/null
+++ b/ldap/admin/src/scripts/template-syntax-validate.pl.in
@@ -0,0 +1,163 @@
+#{{PERL-EXEC}}
+#
+# BEGIN COPYRIGHT BLOCK
+# This Program is free software; you can redistribute it and/or modify it under
+# the terms of the GNU General Public License as published by the Free Software
+# Foundation; version 2 of the License.
+#
+# This Program is distributed in the hope that it will be useful, but WITHOUT
+# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+# FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License along with
+# this Program; if not, write to the Free Software Foundation, Inc., 59 Temple
+# Place, Suite 330, Boston, MA 02111-1307 USA.
+#
+# In addition, as a special exception, Red Hat, Inc. gives You the additional
+# right to link the code of this Program with code not covered under the GNU
+# General Public License ("Non-GPL Code") and to distribute linked combinations
+# including the two, subject to the limitations in this paragraph. Non-GPL Code
+# permitted under this exception must only link to the code of this Program
+# through those well defined interfaces identified in the file named EXCEPTION
+# found in the source code files (the "Approved Interfaces"). The files of
+# Non-GPL Code may instantiate templates or use macros or inline functions from
+# the Approved Interfaces without causing the resulting work to be covered by
+# the GNU General Public License. Only Red Hat, Inc. may make changes or
+# additions to the list of Approved Interfaces. You must obey the GNU General
+# Public License in all respects for all of the Program code and other code used
+# in conjunction with the Program except the Non-GPL Code covered by this
+# exception. If you modify this file, you may extend this exception to your
+# version of the file, but you are not obligated to do so. If you do not wish to
+# provide this exception without modification, you must delete this exception
+# statement from your version and license this file solely under the GPL without
+# exception.
+#
+#
+# Copyright (C) 2001 Sun Microsystems, Inc. Used by permission.
+# Copyright (C) 2009 Red Hat, Inc.
+# All rights reserved.
+# END COPYRIGHT BLOCK
+#
+
+sub usage {
+ print(STDERR "Usage: $0 [-v] -D rootdn { -w password | -w - | -j filename } \n");
+ print(STDERR " -b baseDN [-f filter]\n");
+ print(STDERR " Opts: -D rootdn - Directory Manager.\n");
+ print(STDERR " : -w password - Directory Manager's password.\n");
+ print(STDERR " : -w - - Prompt for Directory Manager's password.\n");
+ print(STDERR " : -j filename - Read Directory Manager's password from file.\n");
+ print(STDERR " : -b baseDN - Base DN that contains entries to validate.\n");
+ print(STDERR " : -f filter - Filter for entries to validate.\n");
+ print(STDERR " If omitted, all entries under the specified\n");
+ print(STDERR " base will have their attribute values\n");
+ print(STDERR " validated.\n");
+ print(STDERR " : -v - Verbose.\n");
+}
+
+$rootdn = "";
+$passwd = "";
+$passwdfile = "";
+$basedn_arg = "";
+$filter_arg = "";
+$filter = "";
+$verbose = 0;
+
+$prefix = "{{DS-ROOT}}";
+
+$ENV{'PATH'} = "$prefix@ldapsdk_bindir@:$prefix/usr/bin:@ldapsdk_bindir@:/usr/bin";
+$ENV{'LD_LIBRARY_PATH'} = "$prefix@nss_libdir@:$prefix/usr/lib:@nss_libdir@:/usr/lib";
+$ENV{'SHLIB_PATH'} = "$prefix@nss_libdir@:$prefix/usr/lib:@nss_libdir@:/usr/lib";
+
+$i = 0;
+while ($i <= $#ARGV)
+{
+ if ("$ARGV[$i]" eq "-b")
+ {
+ # base DN
+ $i++; $basedn_arg = $ARGV[$i];
+ }
+ elsif ("$ARGV[$i]" eq "-f")
+ {
+ # filter
+ $i++; $filter_arg = $ARGV[$i];
+ }
+ elsif ("$ARGV[$i]" eq "-D")
+ {
+ # Directory Manager
+ $i++; $rootdn = $ARGV[$i];
+ }
+ elsif ("$ARGV[$i]" eq "-w")
+ {
+ # Directory Manager's password
+ $i++; $passwd = $ARGV[$i];
+ }
+ elsif ("$ARGV[$i]" eq "-j")
+ {
+ # Read Directory Manager's password from a file
+ $i++; $passwdfile = $ARGV[$i];
+ }
+ elsif ("$ARGV[$i]" eq "-v")
+ {
+ # verbose
+ $verbose = 1;
+ }
+ else
+ {
+ &usage; exit(1);
+ }
+ $i++;
+}
+
+if ($passwdfile ne ""){
+# Open file and get the password
+ unless (open (RPASS, $passwdfile)) {
+ die "Error, cannot open password file $passwdfile\n";
+ }
+ $passwd = <RPASS>;
+ chomp($passwd);
+ close(RPASS);
+} elsif ($passwd eq "-"){
+# Read the password from terminal
+ print "Bind Password: ";
+ # Disable console echo
+ system("stty -echo");
+ # read the answer
+ $passwd = <STDIN>;
+ # Enable console echo
+ system("stty echo");
+ print "\n";
+ chop($passwd); # trim trailing newline
+}
+
+if ( $rootdn eq "" || $passwd eq "" || $basedn_arg eq "" )
+{
+ &usage;
+ exit(1);
+}
+
+$vstr = "";
+if ($verbose != 0)
+{
+ $vstr = "-v";
+}
+
+# Use a timestamp as part of the task entry name
+($s, $m, $h, $dy, $mn, $yr, $wdy, $ydy, $r) = localtime(time);
+$mn++; $yr += 1900;
+$taskname = "syntax_validate_${yr}_${mn}_${dy}_${h}_${m}_${s}";
+
+# Build the task entry to add
+$dn = "dn: cn=$taskname, cn=syntax validate, cn=tasks, cn=config\n";
+$misc = "changetype: add\nobjectclass: top\nobjectclass: extensibleObject\n";
+$cn = "cn: $taskname\n";
+$basedn = "basedn: $basedn_arg\n";
+
+if ( $filter_arg ne "" )
+{
+ $filter = "filter: $filter_arg\n";
+}
+
+$entry = "${dn}${misc}${cn}${basedn}${filter}";
+open(FOO, "| ldapmodify $vstr -h {{SERVER-NAME}} -p {{SERVER-PORT}} -D \"$rootdn\" -w \"$passwd\" -a" );
+print(FOO "$entry");
+close(FOO);
diff --git a/ldap/ldif/template-dse.ldif.in b/ldap/ldif/template-dse.ldif.in
index 36a5566..232d9f2 100644
--- a/ldap/ldif/template-dse.ldif.in
+++ b/ldap/ldif/template-dse.ldif.in
@@ -24,6 +24,7 @@ nsslapd-accesslog: %log_dir%/access
nsslapd-enquote-sup-oc: off
nsslapd-localhost: %fqdn%
nsslapd-schemacheck: on
+nsslapd-syntaxcheck: on
nsslapd-rewrite-rfc1274: off
nsslapd-return-exact-case: on
nsslapd-ssl-check-hostname: on
@@ -181,6 +182,16 @@ nsslapd-pluginarg0: nsmultiplexorcredentials
nsslapd-pluginarg1: nsds5ReplicaCredentials
nsslapd-pluginid: des-storage-scheme
+dn: cn=Syntax Validation Task,cn=plugins,cn=config
+objectclass: top
+objectclass: nsSlapdPlugin
+objectclass: extensibleObject
+cn: Syntax Validation Task
+nsslapd-pluginpath: libsyntax-plugin
+nsslapd-plugininitfunc: syntax_validate_task_init
+nsslapd-plugintype: object
+nsslapd-pluginenabled: on
+
dn: cn=Case Ignore String Syntax,cn=plugins,cn=config
objectclass: top
objectclass: nsSlapdPlugin
@@ -219,7 +230,7 @@ cn: Space Insensitive String Syntax
nsslapd-pluginpath: libsyntax-plugin
nsslapd-plugininitfunc: sicis_init
nsslapd-plugintype: syntax
-nsslapd-pluginenabled: on
+nsslapd-pluginenabled: @enable_presence@
dn: cn=Binary Syntax,cn=plugins,cn=config
objectclass: top
@@ -309,7 +320,7 @@ cn: URI Syntax
nsslapd-pluginpath: libsyntax-plugin
nsslapd-plugininitfunc: uri_init
nsslapd-plugintype: syntax
-nsslapd-pluginenabled: on
+nsslapd-pluginenabled: off
dn: cn=JPEG Syntax,cn=plugins,cn=config
objectclass: top
@@ -341,6 +352,16 @@ nsslapd-plugininitfunc: postal_init
nsslapd-plugintype: syntax
nsslapd-pluginenabled: on
+dn: cn=Numeric String Syntax,cn=plugins,cn=config
+objectclass: top
+objectclass: nsSlapdPlugin
+objectclass: extensibleObject
+cn: Numeric String Syntax
+nsslapd-pluginpath: libsyntax-plugin
+nsslapd-plugininitfunc: numstr_init
+nsslapd-plugintype: syntax
+nsslapd-pluginenabled: on
+
dn: cn=State Change Plugin,cn=plugins,cn=config
objectclass: top
objectclass: nsSlapdPlugin
diff --git a/ldap/schema/60mozilla.ldif b/ldap/schema/60mozilla.ldif
index f01c3d6..e53e442 100644
--- a/ldap/schema/60mozilla.ldif
+++ b/ldap/schema/60mozilla.ldif
@@ -200,10 +200,10 @@ attributeTypes: (
)
#
################################################################################
-# nsAIMid is already defined in 10presence.ldif as 2.16.840.1.113730.3.1.2013
+#
attributeTypes: (
1.3.6.1.4.1.13769.2.4
- NAME ( 'nscpaimscreenname' )
+ NAME ( 'nsAIMid' 'nscpaimscreenname' )
EQUALITY telephoneNumberMatch
SUBSTR telephoneNumberSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.50
diff --git a/ldap/servers/plugins/syntaxes/bin.c b/ldap/servers/plugins/syntaxes/bin.c
index 6d6c763..b7be0d1 100644
--- a/ldap/servers/plugins/syntaxes/bin.c
+++ b/ldap/servers/plugins/syntaxes/bin.c
@@ -43,8 +43,7 @@
/* bin.c - bin syntax routines */
/*
- * This file actually implements two syntax plugins: OctetString and Binary.
- * We treat them identically for now. XXXmcs: check if that is correct.
+ * This file actually implements three syntax plugins: OctetString, JPEG, and Binary.
*/
#include <stdio.h>
@@ -73,6 +72,9 @@ static char *octetstring_names[] = { "OctetString", OCTETSTRING_SYNTAX_OID, 0 };
static char *jpeg_names[] = { "JPEG", JPEG_SYNTAX_OID, 0 };
+/* This syntax has "gone away" in RFC 4517, however we still use it for
+ * a number of attributes in our default schema. We should try to eliminate
+ * it's use and remove support for it. */
static Slapi_PluginDesc bin_pdesc = {
"bin-syntax", PLUGIN_MAGIC_VENDOR_STR, PRODUCTTEXT,
"binary attribute syntax plugin"
diff --git a/ldap/servers/plugins/syntaxes/ces.c b/ldap/servers/plugins/syntaxes/ces.c
index a7ffee5..68b642f 100644
--- a/ldap/servers/plugins/syntaxes/ces.c
+++ b/ldap/servers/plugins/syntaxes/ces.c
@@ -40,7 +40,9 @@
# include <config.h>
#endif
-/* ces.c - caseexactstring syntax routines */
+/* ces.c - caseexactstring syntax routines. Implements support for:
+ * - IA5String
+ * - URI (DEPRECATED - This is non-standard and isn't used in the default schema.) */
#include <stdio.h>
#include <string.h>
@@ -58,6 +60,7 @@ static int ces_assertion2keys_ava( Slapi_PBlock *pb, Slapi_Value *val,
static int ces_assertion2keys_sub( Slapi_PBlock *pb, char *initial, char **any,
char *final, Slapi_Value ***ivals );
static int ces_compare(struct berval *v1, struct berval *v2);
+static int ia5_validate(struct berval *val);
/* the first name is the official one from RFC 2252 */
static char *ia5_names[] = { "IA5String", "ces", "caseexactstring",
@@ -78,7 +81,7 @@ static Slapi_PluginDesc uri_pdesc = { "uri-syntax", PLUGIN_MAGIC_VENDOR_STR,
*/
static int
register_ces_like_plugin( Slapi_PBlock *pb, Slapi_PluginDesc *pdescp,
- char **names, char *oid )
+ char **names, char *oid, void *validate_fn )
{
int rc, flags;
@@ -105,6 +108,10 @@ register_ces_like_plugin( Slapi_PBlock *pb, Slapi_PluginDesc *pdescp,
(void *) oid );
rc |= slapi_pblock_set( pb, SLAPI_PLUGIN_SYNTAX_COMPARE,
(void *) ces_compare );
+ if (validate_fn != NULL) {
+ rc |= slapi_pblock_set( pb, SLAPI_PLUGIN_SYNTAX_VALIDATE,
+ (void *)validate_fn );
+ }
return( rc );
}
@@ -116,7 +123,7 @@ ces_init( Slapi_PBlock *pb )
LDAPDebug( LDAP_DEBUG_PLUGIN, "=> ces_init\n", 0, 0, 0 );
- rc = register_ces_like_plugin(pb,&ia5_pdesc,ia5_names,IA5STRING_SYNTAX_OID);
+ rc = register_ces_like_plugin(pb,&ia5_pdesc,ia5_names,IA5STRING_SYNTAX_OID, ia5_validate);
LDAPDebug( LDAP_DEBUG_PLUGIN, "<= ces_init %d\n", rc, 0, 0 );
return( rc );
@@ -130,7 +137,7 @@ uri_init( Slapi_PBlock *pb )
LDAPDebug( LDAP_DEBUG_PLUGIN, "=> uri_init\n", 0, 0, 0 );
rc = register_ces_like_plugin(pb,&uri_pdesc,uri_names,
- "1.3.6.1.4.1.4401.1.1.1");
+ "1.3.6.1.4.1.4401.1.1.1", NULL);
LDAPDebug( LDAP_DEBUG_PLUGIN, "<= uri_init %d\n", rc, 0, 0 );
return( rc );
@@ -203,3 +210,31 @@ static int ces_compare(
{
return value_cmp(v1,v2,SYNTAX_CES,3 /* Normalise both values */);
}
+
+static int
+ia5_validate(
+ struct berval *val
+)
+{
+ int rc = 0; /* assume the value is valid */
+ int i = 0;
+
+ if (val == NULL) {
+ rc = 1;
+ goto exit;
+ }
+
+ /* Per RFC 4517:
+ *
+ * IA5String = *(%x00-7F)
+ */
+ for (i=0; i < val->bv_len; i++) {
+ if (!IS_UTF1(val->bv_val[i])) {
+ rc = 1;
+ goto exit;
+ }
+ }
+
+exit:
+ return rc;
+}
diff --git a/ldap/servers/plugins/syntaxes/cis.c b/ldap/servers/plugins/syntaxes/cis.c
index 20b990d..f20ae5e 100644
--- a/ldap/servers/plugins/syntaxes/cis.c
+++ b/ldap/servers/plugins/syntaxes/cis.c
@@ -43,13 +43,15 @@
/* cis.c - caseignorestring syntax routines */
/*
- * This file actually implements three syntax plugins:
- * DirectoryString
+ * This file actually implements numerous syntax plugins:
+ *
* Boolean
+ * CountryString
+ * DirectoryString
* GeneralizedTime
+ * OID
+ * PostalAddress
*
- * We treat them identically for now. XXXmcs: we could do some validation on
- * Boolean and GeneralizedTime values (someday, maybe).
*/
#include <stdio.h>
@@ -68,6 +70,12 @@ static int cis_assertion2keys_ava( Slapi_PBlock *pb, Slapi_Value *val,
static int cis_assertion2keys_sub( Slapi_PBlock *pb, char *initial, char **any,
char *final, Slapi_Value ***ivals );
static int cis_compare(struct berval *v1, struct berval *v2);
+static int dirstring_validate(struct berval *val);
+static int boolean_validate(struct berval *val);
+static int time_validate(struct berval *val);
+static int country_validate(struct berval *val);
+static int postal_validate(struct berval *val);
+static int oid_validate(struct berval *val);
/*
* Attribute syntaxes. We treat all of these the same for now, even though
@@ -170,7 +178,7 @@ static Slapi_PluginDesc oid_pdesc = { "oid-syntax",
*/
static int
register_cis_like_plugin( Slapi_PBlock *pb, Slapi_PluginDesc *pdescp,
- char **names, char *oid )
+ char **names, char *oid, void *validate_fn )
{
int rc, flags;
@@ -197,11 +205,14 @@ register_cis_like_plugin( Slapi_PBlock *pb, Slapi_PluginDesc *pdescp,
(void *) oid );
rc |= slapi_pblock_set( pb, SLAPI_PLUGIN_SYNTAX_COMPARE,
(void *) cis_compare );
+ if (validate_fn != NULL) {
+ rc |= slapi_pblock_set( pb, SLAPI_PLUGIN_SYNTAX_VALIDATE,
+ (void *)validate_fn );
+ }
return( rc );
}
-
int
cis_init( Slapi_PBlock *pb )
{
@@ -209,7 +220,7 @@ cis_init( Slapi_PBlock *pb )
LDAPDebug( LDAP_DEBUG_PLUGIN, "=> cis_init\n", 0, 0, 0 );
rc = register_cis_like_plugin( pb, &dirstring_pdesc, dirstring_names,
- DIRSTRING_SYNTAX_OID );
+ DIRSTRING_SYNTAX_OID, dirstring_validate );
LDAPDebug( LDAP_DEBUG_PLUGIN, "<= cis_init %d\n", rc, 0, 0 );
return( rc );
}
@@ -222,12 +233,11 @@ boolean_init( Slapi_PBlock *pb )
LDAPDebug( LDAP_DEBUG_PLUGIN, "=> boolean_init\n", 0, 0, 0 );
rc = register_cis_like_plugin( pb, &boolean_pdesc, boolean_names,
- BOOLEAN_SYNTAX_OID );
+ BOOLEAN_SYNTAX_OID, boolean_validate );
LDAPDebug( LDAP_DEBUG_PLUGIN, "<= boolean_init %d\n", rc, 0, 0 );
return( rc );
}
-
int
time_init( Slapi_PBlock *pb )
{
@@ -235,7 +245,7 @@ time_init( Slapi_PBlock *pb )
LDAPDebug( LDAP_DEBUG_PLUGIN, "=> time_init\n", 0, 0, 0 );
rc = register_cis_like_plugin( pb, &time_pdesc, time_names,
- GENERALIZEDTIME_SYNTAX_OID );
+ GENERALIZEDTIME_SYNTAX_OID, time_validate );
/* also register this plugin for matching rules */
rc |= slapi_matchingrule_register(&generalizedTimeMatch);
rc |= slapi_matchingrule_register(&generalizedTimeOrderingMatch);
@@ -250,7 +260,7 @@ country_init( Slapi_PBlock *pb )
LDAPDebug( LDAP_DEBUG_PLUGIN, "=> country_init\n", 0, 0, 0 );
rc = register_cis_like_plugin( pb, &country_pdesc, country_names,
- COUNTRYSTRING_SYNTAX_OID );
+ COUNTRYSTRING_SYNTAX_OID, country_validate );
LDAPDebug( LDAP_DEBUG_PLUGIN, "<= country_init %d\n", rc, 0, 0 );
return( rc );
}
@@ -262,7 +272,7 @@ postal_init( Slapi_PBlock *pb )
LDAPDebug( LDAP_DEBUG_PLUGIN, "=> postal_init\n", 0, 0, 0 );
rc = register_cis_like_plugin( pb, &postal_pdesc, postal_names,
- POSTALADDRESS_SYNTAX_OID );
+ POSTALADDRESS_SYNTAX_OID, postal_validate );
LDAPDebug( LDAP_DEBUG_PLUGIN, "<= postal_init %d\n", rc, 0, 0 );
return( rc );
}
@@ -274,7 +284,7 @@ oid_init( Slapi_PBlock *pb )
int rc;
LDAPDebug( LDAP_DEBUG_PLUGIN, "=> oid_init\n", 0, 0, 0 );
- rc = register_cis_like_plugin( pb, &oid_pdesc, oid_names, OID_SYNTAX_OID );
+ rc = register_cis_like_plugin( pb, &oid_pdesc, oid_names, OID_SYNTAX_OID, oid_validate );
LDAPDebug( LDAP_DEBUG_PLUGIN, "<= oid_init %d\n", rc, 0, 0 );
return( rc );
}
@@ -349,3 +359,449 @@ static int cis_compare(
{
return value_cmp(v1,v2,SYNTAX_CIS,3 /* Normalise both values */);
}
+
+static int dirstring_validate(
+ struct berval *val
+)
+{
+ int rc = 0; /* assume the value is valid */
+ char *p = NULL;
+ char *end = NULL;
+
+ /* Per RFC4517:
+ *
+ * DirectoryString = 1*UTF8
+ */
+ if ((val != NULL) && (val->bv_len > 0)) {
+ p = val->bv_val;
+ end = &(val->bv_val[val->bv_len - 1]);
+ rc = utf8string_validate(p, end, NULL);
+ } else {
+ rc = 1;
+ goto exit;
+ }
+
+exit:
+ return( rc );
+}
+
+static int boolean_validate(
+ struct berval *val
+)
+{
+ int rc = 0; /* assume the value is valid */
+
+ /* Per RFC4517:
+ *
+ * Boolean = "TRUE" / "FALSE"
+ */
+ if (val != NULL) {
+ if (val->bv_len == 4) {
+ if (strncmp(val->bv_val, "TRUE", 4) != 0) {
+ rc = 1;
+ goto exit;
+ }
+ } else if (val->bv_len == 5) {
+ if (strncmp(val->bv_val, "FALSE", 5) != 0) {
+ rc = 1;
+ goto exit;
+ }
+ } else {
+ rc = 1;
+ goto exit;
+ }
+ } else {
+ rc = 1;
+ }
+
+exit:
+ return(rc);
+}
+
+static int time_validate(
+ struct berval *val
+)
+{
+ int rc = 0; /* assume the value is valid */
+ int i = 0;
+ const char *p = NULL;
+ char *end = NULL;
+
+ /* Per RFC4517:
+ *
+ * GeneralizedTime = century year month day hour
+ * [ minute [ second / leap-second ] ]
+ * [ fraction ]
+ * g-time-zone
+ *
+ * century = 2(%x30-39) ; "00" to "99"
+ * year = 2(%x30-39) ; "00" to "99"
+ * month = ( %x30 %x31-39 ) ; "01" (January) to "09"
+ * / ( %x31 %x30-32 ) ; "10 to "12"
+ * day = ( %x30 %x31-39 ) ; "01" to "09"
+ * / ( %x31-x32 %x30-39 ) ; "10" to "29"
+ * / ( %x33 %x30-31 ) ; "30" to "31"
+ * hour = ( %x30-31 %x30-39 ) / ( %x32 %x30-33 ) ; "00" to "23"
+ * minute = %x30-35 %x30-39 ; "00" to "59"
+ *
+ * second = ( %x30-35 - %x30-39 ) ; "00" to "59"
+ * leap-second = ( %x36 %x30 ) ; "60"
+ *
+ * fraction = ( DOT / COMMA ) 1*(%x30-39)
+ * g-time-zone = %x5A ; "Z"
+ * / g-differential
+ * g-differential = ( MINUS / PLUS ) hour [ minute ]
+ */
+ if (val != NULL) {
+ /* A valid GeneralizedTime should be at least 11 characters. There
+ * is no upper bound due to the variable length of "fraction". */
+ if (val->bv_len < 11) {
+ rc = 1;
+ goto exit;
+ }
+
+ /* We're guaranteed that the value is at least 11 characters, so we
+ * don't need to bother checking if we're at the end of the value
+ * until we start processing the "minute" part of the value. */
+ p = val->bv_val;
+ end = &(val->bv_val[val->bv_len - 1]);
+
+ /* Process "century year". First 4 characters can be any valid digit. */
+ for (i=0; i<4; i++) {
+ if (!isdigit(*p)) {
+ rc = 1;
+ goto exit;
+ }
+ p++;
+ }
+
+ /* Process "month". Next character can be "0" or "1". */
+ if (*p == '0') {
+ p++;
+ /* any LDIGIT is valid now */
+ if (!IS_LDIGIT(*p)) {
+ rc = 1;
+ goto exit;
+ }
+ p++;
+ } else if (*p == '1') {
+ p++;
+ /* only "0"-"2" are valid now */
+ if ((*p < '0') || (*p > '2')) {
+ rc = 1;
+ goto exit;
+ }
+ p++;
+ } else {
+ rc = 1;
+ goto exit;
+ }
+
+ /* Process "day". Next character can be "0"-"3". */
+ if (*p == '0') {
+ p++;
+ /* any LDIGIT is valid now */
+ if (!IS_LDIGIT(*p)) {
+ rc = 1;
+ goto exit;
+ }
+ p++;
+ } else if ((*p == '1') || (*p == '2')) {
+ p++;
+ /* any digit is valid now */
+ if (!isdigit(*p)) {
+ rc = 1;
+ goto exit;
+ }
+ p++;
+ } else if (*p == '3') {
+ p++;
+ /* only "0"-"1" are valid now */
+ if ((*p != '0') && (*p != '1')) {
+ rc = 1;
+ goto exit;
+ }
+ p++;
+ } else {
+ rc = 1;
+ goto exit;
+ }
+
+ /* Process "hour". Next character can be "0"-"2". */
+ if ((*p == '0') || (*p == '1')) {
+ p++;
+ /* any digit is valid now */
+ if (!isdigit(*p)) {
+ rc = 1;
+ goto exit;
+ }
+ p++;
+ } else if (*p == '2') {
+ p++;
+ /* only "0"-"3" are valid now */
+ if ((*p < '0') || (*p > '3')) {
+ rc = 1;
+ goto exit;
+ }
+ p++;
+ } else {
+ rc = 1;
+ goto exit;
+ }
+
+ /* Time for the optional stuff. We know we have at least one character here, but
+ * we need to start checking for the end of the string afterwards.
+ *
+ * See if a "minute" was specified. */
+ if ((*p >= '0') && (*p <= '5')) {
+ p++;
+ /* any digit is valid for the second char of a minute */
+ if ((p > end) || (!isdigit(*p))) {
+ rc = 1;
+ goto exit;
+ }
+ p++;
+
+ /* At this point, there has to at least be a "g-time-zone" left.
+ * Make sure we're not at the end of the string. */
+ if (p > end) {
+ rc = 1;
+ goto exit;
+ }
+
+ /* See if a "second" or "leap-second" was specified. */
+ if ((*p >= '0') && (*p <= '5')) {
+ p++;
+ /* any digit is valid now */
+ if ((p > end) || (!isdigit(*p))) {
+ rc = 1;
+ goto exit;
+ }
+ p++;
+ } else if (*p == '6') {
+ p++;
+ /* only a '0' is valid now */
+ if ((p > end) || (*p != '0')) {
+ rc = 1;
+ goto exit;
+ }
+ p++;
+ }
+
+ /* At this point, there has to at least be a "g-time-zone" left.
+ * Make sure we're not at the end of the string. */
+ if (p > end) {
+ rc = 1;
+ goto exit;
+ }
+ }
+
+ /* See if a fraction was specified. */
+ if ((*p == '.') || (*p == ',')) {
+ p++;
+ /* An arbitrary length string of digit chars is allowed here.
+ * Ensure we have at least one digit character. */
+ if ((p >= end) || (!isdigit(*p))) {
+ rc = 1;
+ goto exit;
+ }
+
+ /* Just loop through the rest of the fraction until we encounter a non-digit */
+ p++;
+ while ((p < end) && (isdigit(*p))) {
+ p++;
+ }
+ }
+
+ /* Process "g-time-zone". We either end with 'Z', or have a differential. */
+ if (p == end) {
+ if (*p != 'Z') {
+ rc = 1;
+ goto exit;
+ }
+ } else if (p < end) {
+ if ((*p != '-') && (*p != '+')) {
+ rc = 1;
+ goto exit;
+ } else {
+ /* A "g-differential" was specified. An "hour" must be present now. */
+ p++;
+ if ((*p == '0') || (*p == '1')) {
+ p++;
+ /* any digit is valid now */
+ if ((p > end) || !isdigit(*p)) {
+ rc = 1;
+ goto exit;
+ }
+ p++;
+ } else if (*p == '2') {
+ p++;
+ /* only "0"-"3" are valid now */
+ if ((p > end) || (*p < '0') || (*p > '3')) {
+ rc = 1;
+ goto exit;
+ }
+ p++;
+ } else {
+ rc = 1;
+ goto exit;
+ }
+
+ /* See if an optional minute is present ("00"-"59"). */
+ if (p <= end) {
+ /* "0"-"5" are valid now */
+ if ((*p < '0') || (*p > '5')) {
+ rc = 1;
+ goto exit;
+ }
+ p++;
+
+ /* We should be at the last character of the string
+ * now, which must be a valid digit. */
+ if ((p != end) || !isdigit(*p)) {
+ rc = 1;
+ goto exit;
+ }
+ }
+ }
+ } else {
+ /* Premature end of string */
+ rc = 1;
+ goto exit;
+ }
+ } else {
+ rc = 1;
+ goto exit;
+ }
+
+exit:
+ return( rc );
+}
+
+static int country_validate(
+ struct berval *val
+)
+{
+ int rc = 0; /* assume the value is valid */
+
+ /* Per RFC4517:
+ *
+ * CountryString = 2(PrintableCharacter)
+ */
+ if (val != NULL) {
+ if ((val->bv_len != 2) || !IS_PRINTABLE(val->bv_val[0]) || !IS_PRINTABLE(val->bv_val[1])) {
+ rc = 1;
+ goto exit;
+ }
+
+
+ } else {
+ rc = 1;
+ }
+
+exit:
+ return(rc);
+}
+
+static int postal_validate(
+ struct berval *val
+)
+{
+ int rc = 0; /* assume the value is valid */
+ const char *p = NULL;
+ const char *start = NULL;
+ char *end = NULL;
+
+ /* Per RFC4517:
+ * PostalAddress = line *( DOLLAR line )
+ * line = 1*line-char
+ * line-char = %x00-23
+ * / (%x5C "24") ; escaped "$"
+ * / %x25-5B
+ * / (%x5C "5C") ; escaped "\"
+ * / %x5D-7F
+ * / UTFMB
+ */
+ if (val != NULL) {
+ start = val->bv_val;
+ end = &(val->bv_val[val->bv_len - 1]);
+ for (p = start; p <= end; p++) {
+ /* look for a '\' and make sure it's only used to escape a '$' or a '\' */
+ if (*p == '\\') {
+ p++;
+ /* ensure that we're not at the end of the value */
+ if ((p > end) || (strncmp(p, "24", 2) != 0) && (strncasecmp(p, "5C", 2) != 0)) {
+ rc = 1;
+ goto exit;
+ } else {
+ /* advance the pointer to point to the end
+ * of the hex code for the escaped character */
+ p++;
+ }
+ } else if (*p == '$') {
+ /* This signifies the end of a line. We need
+ * to ensure that the line is not empty. */
+ if (p == start) {
+ rc = 1;
+ goto exit;
+ }
+
+ /* make sure the value doesn't end with a '$' */
+ if (p == end) {
+ rc = 1;
+ goto exit;
+ }
+
+ /* Make sure the line (start to p) is valid UTF-8. */
+ if ((rc = utf8string_validate(start, p, NULL)) != 0) {
+ goto exit;
+ }
+
+ /* make the start pointer point to the
+ * beginning of the next line */
+ start = p + 1;
+ }
+ }
+ } else {
+ rc = 1;
+ }
+
+exit:
+ return(rc);
+}
+
+static int oid_validate(
+ struct berval *val
+)
+{
+ int rc = 0; /* assume the value is valid */
+ const char *p = NULL;
+ char *end = NULL;
+
+ /* Per RFC4512:
+ *
+ * oid = descr / numericoid
+ * descr = keystring
+ */
+ if ((val != NULL) && (val->bv_len > 0)) {
+ p = val->bv_val;
+ end = &(val->bv_val[val->bv_len - 1]);
+
+ /* check if the value matches the descr form */
+ if (IS_LEADKEYCHAR(*p)) {
+ rc = keystring_validate(p, end);
+ /* check if the value matches the numericoid form */
+ } else if (isdigit(*p)) {
+ rc = numericoid_validate(p, end);
+ } else {
+ rc = 1;
+ goto exit;
+ }
+ } else {
+ rc = 1;
+ }
+
+exit:
+ return( rc );
+}
+
diff --git a/ldap/servers/plugins/syntaxes/dn.c b/ldap/servers/plugins/syntaxes/dn.c
index c7d3475..a6dcced 100644
--- a/ldap/servers/plugins/syntaxes/dn.c
+++ b/ldap/servers/plugins/syntaxes/dn.c
@@ -57,6 +57,8 @@ static int dn_assertion2keys_ava( Slapi_PBlock *pb, Slapi_Value *val,
Slapi_Value ***ivals, int ftype );
static int dn_assertion2keys_sub( Slapi_PBlock *pb, char *initial, char **any,
char *final, Slapi_Value ***ivals );
+static int dn_validate( struct berval *val );
+static int rdn_validate( char *begin, char *end, char **last );
/* the first name is the official one from RFC 2252 */
static char *names[] = { "DN", DN_SYNTAX_OID, 0 };
@@ -89,6 +91,8 @@ dn_init( Slapi_PBlock *pb )
(void *) names );
rc |= slapi_pblock_set( pb, SLAPI_PLUGIN_SYNTAX_OID,
(void *) DN_SYNTAX_OID );
+ rc |= slapi_pblock_set( pb, SLAPI_PLUGIN_SYNTAX_VALIDATE,
+ (void *) dn_validate );
LDAPDebug( LDAP_DEBUG_PLUGIN, "<= dn_init %d\n", rc, 0, 0 );
return( rc );
@@ -133,3 +137,214 @@ dn_assertion2keys_sub( Slapi_PBlock *pb, char *initial, char **any, char *final,
return( string_assertion2keys_sub( pb, initial, any, final, ivals,
SYNTAX_CIS | SYNTAX_DN ) );
}
+
+static int dn_validate( struct berval *val )
+{
+ int rc = 0; /* Assume value is valid */
+
+ if (val != NULL) {
+ /* Per RFC 4514:
+ *
+ * distinguishedName = [ relativeDistinguishedName
+ * *( COMMA relativeDistinguishedName ) ]
+ * relativeDistinguishedName = attributeTypeAndValue
+ * *( PLUS attributeTypeAndValue )
+ * attributeTypeAndValue = attribyteType EQUALS attributeValue
+ * attributeType = descr / numericoid
+ * attributeValue = string / hexstring
+ */
+ if (val->bv_len > 0) {
+ char *p = val->bv_val;
+ char *end = &(val->bv_val[val->bv_len - 1]);
+ char *last = NULL;
+
+ /* Validate one RDN at a time in a loop. */
+ while (p <= end) {
+ if ((rc = rdn_validate(p, end, &last)) != 0) {
+ goto exit;
+ }
+ p = last + 1;
+
+ /* p should be pointing at a comma, or one past
+ * the end of the entire dn value. If we have
+ * not reached the end, ensure that the next
+ * character is a comma and that there is at
+ * least another character after the comma. */
+ if ((p <= end) && ((p == end) || (*p != ','))) {
+ rc = 1;
+ goto exit;
+ }
+
+ /* Advance the pointer past the comma so it
+ * points at the beginning of the next RDN
+ * (if there is one). */
+ p++;
+ }
+ }
+ } else {
+ rc = 1;
+ goto exit;
+ }
+exit:
+ return rc;
+}
+
+/*
+ * Helper function for validating a DN. This function will validate
+ * a single RDN. If the RDN is valid, 0 will be returned, otherwise
+ * non-zero will be returned. A pointer to the last character processed
+ * will be set in the "last parameter. This will be the end of the RDN
+ * in the valid case, and the illegal character in the invalid case.
+ */
+static int rdn_validate( char *begin, char *end, char **last )
+{
+ int rc = 0; /* Assume RDN is valid */
+ int numericform = 0;
+ char *separator = NULL;
+ char *p = begin;
+
+ /* Find the '=', then use the helpers for descr and numericoid */
+ if ((separator = PL_strnchr(p, '=', end - begin + 1)) == NULL) {
+ rc = 1;
+ goto exit;
+ }
+
+ /* Process an attribute type. The 'descr'
+ * form must start with a 'leadkeychar'. */
+ if (IS_LEADKEYCHAR(*p)) {
+ if (rc = keystring_validate(p, separator - 1)) {
+ goto exit;
+ }
+ /* See if the 'numericoid' form is being used */
+ } else if (isdigit(*p)) {
+ numericform = 1;
+ if (rc = numericoid_validate(p, separator - 1)) {
+ goto exit;
+ }
+ } else {
+ rc = 1;
+ goto exit;
+ }
+
+ /* Advance the pointer past the '=' and make sure
+ * we're not past the end of the string. */
+ p = separator + 1;
+ if (p > end) {
+ rc = 1;
+ goto exit;
+ }
+
+ /* The value must be a 'hexstring' if the 'numericoid'
+ * form of 'attributeType' is used. Per RFC 4514:
+ *
+ * hexstring = SHARP 1*hexpair
+ * hexpair = HEX HEX
+ */
+ if (numericform) {
+ if ((p == end) || !IS_SHARP(*p)) {
+ rc = 1;
+ goto exit;
+ }
+ p++;
+ /* The value must be a 'string' when the 'descr' form
+ * of 'attributeType' is used. Per RFC 4514:
+ *
+ * string = [ ( leadchar / pair ) [ *( stringchar / pair )
+ * ( trailchar / pair ) ] ]
+ *
+ * leadchar = LUTF1 / UTFMB
+ * trailchar = TUTF1 / UTFMB
+ * stringchar = SUTF1 / UTFMB
+ *
+ * pair = ESC (ESC / special / hexpair )
+ * special = escaped / SPACE / SHARP / EQUALS
+ * escaped = DQUOTE / PLUS / COMMA / SEMI / LANGLE / RANGLE
+ * hexpair = HEX HEX
+ */
+ } else {
+ /* Check the leadchar to see if anything illegal
+ * is there. We need to allow a 'pair' to get
+ * through, so we'll assume that a '\' is the
+ * start of a 'pair' for now. */
+ if (IS_UTF1(*p) && !IS_ESC(*p) && !IS_LUTF1(*p)) {
+ rc = 1;
+ goto exit;
+ }
+ }
+
+ /* Loop through string until we find the ',' separator, a '+'
+ * char indicating a multi-value RDN, or we reach the end. */
+ while ((p <= end) && (*p != ',') && (*p != '+')) {
+ if (numericform) {
+ /* Process a single 'hexpair' */
+ if ((p == end) || !isxdigit(*p) || !isxdigit(*p + 1)) {
+ rc = 1;
+ goto exit;
+ }
+ p = p + 2;
+ } else {
+ /* Check for a valid 'stringchar'. We handle
+ * multi-byte characters separately. */
+ if (IS_UTF1(*p)) {
+ /* If we're at the end, check if we have
+ * a valid 'trailchar'. */
+ if ((p == end) && !IS_TUTF1(*p)) {
+ rc = 1;
+ goto exit;
+ /* Check for a 'pair'. */
+ } else if (IS_ESC(*p)) {
+ /* We're guaranteed to still have at
+ * least one more character, so lets
+ * take a look at it. */
+ p++;
+ if (!IS_ESC(*p) && !IS_SPECIAL(*p)) {
+ /* The only thing valid now
+ * is a 'hexpair'. */
+ if ((p == end) || !isxdigit(*p) ||!isxdigit(*p + 1)) {
+ rc = 1;
+ goto exit;
+ }
+ p++;
+ }
+ p++;
+ /* Only allow 'SUTF1' chars now. */
+ } else if (!IS_SUTF1(*p)) {
+ rc = 1;
+ goto exit;
+ }
+
+ p++;
+ } else {
+ /* Validate a single 'UTFMB' (multi-byte) character. */
+ if (utf8char_validate(p, end, &p ) != 0) {
+ rc = 1;
+ goto exit;
+ }
+
+ /* Advance the pointer past the multi-byte char. */
+ p++;
+ }
+ }
+ }
+
+ /* We'll end up either at the comma, a '+', or one past end.
+ * If we are processing a multi-valued RDN, we recurse to
+ * process the next 'attributeTypeAndValue'. */
+ if ((p <= end) && (*p == '+')) {
+ /* Make sure that there is something after the '+'. */
+ if (p == end) {
+ rc = 1;
+ goto exit;
+ }
+ p++;
+
+ /* Recurse to process the next value. We need to reset p to
+ * ensure that last is set correctly for the original caller. */
+ rc = rdn_validate( p, end, last );
+ p = *last + 1;
+ }
+
+exit:
+ *last = p - 1;
+ return rc;
+}
diff --git a/ldap/servers/plugins/syntaxes/int.c b/ldap/servers/plugins/syntaxes/int.c
index 73c879a..0372d3a 100644
--- a/ldap/servers/plugins/syntaxes/int.c
+++ b/ldap/servers/plugins/syntaxes/int.c
@@ -54,6 +54,7 @@ static int int_values2keys( Slapi_PBlock *pb, Slapi_Value **val,
static int int_assertion2keys( Slapi_PBlock *pb, Slapi_Value *val,
Slapi_Value ***ivals, int ftype );
static int int_compare(struct berval *v1, struct berval *v2);
+static int int_validate(struct berval *val);
/* the first name is the official one from RFC 2252 */
static char *names[] = { "INTEGER", "int", INTEGER_SYNTAX_OID, 0 };
@@ -101,6 +102,8 @@ int_init( Slapi_PBlock *pb )
(void *) INTEGER_SYNTAX_OID );
rc |= slapi_pblock_set( pb, SLAPI_PLUGIN_SYNTAX_COMPARE,
(void *) int_compare );
+ rc |= slapi_pblock_set( pb, SLAPI_PLUGIN_SYNTAX_VALIDATE,
+ (void *) int_validate );
/* also register this plugin for matching rules */
rc |= slapi_matchingrule_register(&integerMatch);
@@ -139,3 +142,56 @@ static int int_compare(
{
return value_cmp(v1, v2, SYNTAX_INT|SYNTAX_CES, 3 /* Normalise both values */);
}
+
+/* return 0 if valid, non-0 if invalid */
+static int int_validate(
+ struct berval *val
+)
+{
+ int rc = 0; /* assume the value is valid */
+ char *p = NULL;
+ char *end = NULL;
+
+ /* Per RFC4517:
+ *
+ * Integer = (HYPHEN LDIGIT *DIGIT) / number
+ * number = DIGIT / (LDIGIT 1*DIGIT)
+ */
+ if ((val != NULL) && (val->bv_len > 0)) {
+ p = val->bv_val;
+ end = &(val->bv_val[val->bv_len - 1]);
+
+ /* If the first character is HYPHEN, we need
+ * to make sure the next char is a LDIGIT. */
+ if (*p == '-') {
+ p++;
+ if ((p > end) || !IS_LDIGIT(*p)) {
+ rc = 1;
+ goto exit;
+ }
+ p++;
+ } else if (*p == '0') {
+ /* 0 is allowed by itself, but not as
+ * a leading 0 before other digits */
+ if (p != end) {
+ rc = 1;
+ }
+
+ /* We're done here */
+ goto exit;
+ }
+
+ /* Now we can simply allow the rest to be DIGIT */
+ for (; p <= end; p++) {
+ if (!isdigit(*p)) {
+ rc = 1;
+ goto exit;
+ }
+ }
+ } else {
+ rc = 1;
+ }
+
+exit:
+ return(rc);
+}
diff --git a/ldap/servers/plugins/syntaxes/numericstring.c b/ldap/servers/plugins/syntaxes/numericstring.c
new file mode 100644
index 0000000..180f8f7
--- /dev/null
+++ b/ldap/servers/plugins/syntaxes/numericstring.c
@@ -0,0 +1,188 @@
+/** BEGIN COPYRIGHT BLOCK
+ * This Program is free software; you can redistribute it and/or modify it under
+ * the terms of the GNU General Public License as published by the Free Software
+ * Foundation; version 2 of the License.
+ *
+ * This Program is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along with
+ * this Program; if not, write to the Free Software Foundation, Inc., 59 Temple
+ * Place, Suite 330, Boston, MA 02111-1307 USA.
+ *
+ * In addition, as a special exception, Red Hat, Inc. gives You the additional
+ * right to link the code of this Program with code not covered under the GNU
+ * General Public License ("Non-GPL Code") and to distribute linked combinations
+ * including the two, subject to the limitations in this paragraph. Non-GPL Code
+ * permitted under this exception must only link to the code of this Program
+ * through those well defined interfaces identified in the file named EXCEPTION
+ * found in the source code files (the "Approved Interfaces"). The files of
+ * Non-GPL Code may instantiate templates or use macros or inline functions from
+ * the Approved Interfaces without causing the resulting work to be covered by
+ * the GNU General Public License. Only Red Hat, Inc. may make changes or
+ * additions to the list of Approved Interfaces. You must obey the GNU General
+ * Public License in all respects for all of the Program code and other code used
+ * in conjunction with the Program except the Non-GPL Code covered by this
+ * exception. If you modify this file, you may extend this exception to your
+ * version of the file, but you are not obligated to do so. If you do not wish to
+ * provide this exception without modification, you must delete this exception
+ * statement from your version and license this file solely under the GPL without
+ * exception.
+ *
+ *
+ * Copyright (C) 2001 Sun Microsystems, Inc. Used by permission.
+ * Copyright (C) 2009 Red Hat, Inc.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK **/
+
+#ifdef HAVE_CONFIG_H
+# include <config.h>
+#endif
+
+/* numericstring.c - Numeric String syntax routines */
+
+#include <stdio.h>
+#include <string.h>
+#include <sys/types.h>
+#include "syntax.h"
+
+static int numstr_filter_ava( Slapi_PBlock *pb, struct berval *bvfilter,
+ Slapi_Value **bvals, int ftype, Slapi_Value **retVal );
+static int numstr_values2keys( Slapi_PBlock *pb, Slapi_Value **val,
+ Slapi_Value ***ivals, int ftype );
+static int numstr_assertion2keys( Slapi_PBlock *pb, Slapi_Value *val,
+ Slapi_Value ***ivals, int ftype );
+static int numstr_compare(struct berval *v1, struct berval *v2);
+static int numstr_validate(struct berval *val);
+
+/* the first name is the official one from RFC 4517 */
+static char *names[] = { "Numeric String", "numstr", NUMERICSTRING_SYNTAX_OID, 0 };
+
+#define NUMERICSTRINGMATCH_OID "2.5.13.8"
+#define NUMERICSTRINGORDERINGMATCH_OID "2.5.13.9"
+#define NUMERICSTRINGSUBSTRINGMATCH_OID "2.5.13.10"
+
+static Slapi_PluginDesc pdesc = { "numstr-syntax", PLUGIN_MAGIC_VENDOR_STR,
+ PRODUCTTEXT, "numeric string attribute syntax plugin" };
+
+static Slapi_MatchingRuleEntry
+numericStringMatch = { NUMERICSTRINGMATCH_OID, NULL /* no alias? */,
+ "numericStringMatch", "The rule evaluates to TRUE if and only if the prepared "
+ "attribute value character string and the prepared assertion value character "
+ "string have the same number of characters and corresponding characters have "
+ "the same code point.",
+ NUMERICSTRING_SYNTAX_OID, 0 /* not obsolete */ };
+
+static Slapi_MatchingRuleEntry
+numericStringOrderingMatch = { NUMERICSTRINGORDERINGMATCH_OID, NULL /* no alias? */,
+ "numericStringOrderingMatch", "The rule evaluates to TRUE if and only if, "
+ "in the code point collation order, the prepared attribute value character "
+ "string appears earlier than the prepared assertion value character string; "
+ "i.e., the attribute value is less than the assertion value.",
+ NUMERICSTRING_SYNTAX_OID, 0 /* not obsolete */ };
+
+static Slapi_MatchingRuleEntry
+numericStringSubstringMatch = { NUMERICSTRINGSUBSTRINGMATCH_OID, NULL /* no alias? */,
+ "numericStringSubstringMatch", "The rule evaluates to TRUE if and only if (1) "
+ "the prepared substrings of the assertion value match disjoint portions of "
+ "the prepared attribute value, (2) an initial substring, if present, matches "
+ "the beginning of the prepared attribute value character string, and (3) a "
+ "final substring, if present, matches the end of the prepared attribute value "
+ "character string.",
+ NUMERICSTRING_SYNTAX_OID, 0 /* not obsolete */ };
+
+int
+numstr_init( Slapi_PBlock *pb )
+{
+ int rc, flags;
+
+ LDAPDebug( LDAP_DEBUG_PLUGIN, "=> numstr_init\n", 0, 0, 0 );
+
+ rc = slapi_pblock_set( pb, SLAPI_PLUGIN_VERSION,
+ (void *) SLAPI_PLUGIN_VERSION_01 );
+ rc |= slapi_pblock_set( pb, SLAPI_PLUGIN_DESCRIPTION,
+ (void *)&pdesc );
+ rc |= slapi_pblock_set( pb, SLAPI_PLUGIN_SYNTAX_FILTER_AVA,
+ (void *) numstr_filter_ava );
+ rc |= slapi_pblock_set( pb, SLAPI_PLUGIN_SYNTAX_VALUES2KEYS,
+ (void *) numstr_values2keys );
+ rc |= slapi_pblock_set( pb, SLAPI_PLUGIN_SYNTAX_ASSERTION2KEYS_AVA,
+ (void *) numstr_assertion2keys );
+ flags = SLAPI_PLUGIN_SYNTAX_FLAG_ORDERING;
+ rc |= slapi_pblock_set( pb, SLAPI_PLUGIN_SYNTAX_FLAGS,
+ (void *) &flags );
+ rc |= slapi_pblock_set( pb, SLAPI_PLUGIN_SYNTAX_NAMES,
+ (void *) names );
+ rc |= slapi_pblock_set( pb, SLAPI_PLUGIN_SYNTAX_OID,
+ (void *) INTEGER_SYNTAX_OID );
+ rc |= slapi_pblock_set( pb, SLAPI_PLUGIN_SYNTAX_COMPARE,
+ (void *) numstr_compare );
+ rc |= slapi_pblock_set( pb, SLAPI_PLUGIN_SYNTAX_VALIDATE,
+ (void *) numstr_validate );
+
+ /* also register this plugin for matching rules */
+ rc |= slapi_matchingrule_register(&numericStringMatch);
+ rc |= slapi_matchingrule_register(&numericStringOrderingMatch);
+ rc |= slapi_matchingrule_register(&numericStringSubstringMatch);
+
+ LDAPDebug( LDAP_DEBUG_PLUGIN, "<= numstr_init %d\n", rc, 0, 0 );
+ return( rc );
+}
+
+static int
+numstr_filter_ava( Slapi_PBlock *pb, struct berval *bvfilter,
+ Slapi_Value **bvals, int ftype, Slapi_Value **retVal )
+{
+ return( string_filter_ava( bvfilter, bvals, SYNTAX_SI | SYNTAX_CES,
+ ftype, retVal ) );
+}
+
+static int
+numstr_values2keys( Slapi_PBlock *pb, Slapi_Value **vals, Slapi_Value ***ivals, int ftype )
+{
+ return( string_values2keys( pb, vals, ivals, SYNTAX_SI | SYNTAX_CES,
+ ftype ) );
+}
+
+static int
+numstr_assertion2keys( Slapi_PBlock *pb, Slapi_Value *val, Slapi_Value ***ivals, int ftype )
+{
+ return(string_assertion2keys_ava( pb, val, ivals,
+ SYNTAX_SI | SYNTAX_CES, ftype ));
+}
+
+static int numstr_compare(
+ struct berval *v1,
+ struct berval *v2
+)
+{
+ return value_cmp(v1, v2, SYNTAX_SI | SYNTAX_CES, 3 /* Normalise both values */);
+}
+
+/* return 0 if valid, non-0 if invalid */
+static int numstr_validate(
+ struct berval *val
+)
+{
+ int rc = 0; /* assume the value is valid */
+ const char *p = NULL;
+
+ /* Per RFC4517:
+ *
+ * NumericString = 1*(DIGIT / SPACE)
+ */
+ if (val != NULL) {
+ for (p = val->bv_val; p < &(val->bv_val[val->bv_len]); p++) {
+ if (!isdigit(*p) && !IS_SPACE(*p)) {
+ rc = 1;
+ goto exit;
+ }
+ }
+ } else {
+ rc = 1;
+ }
+
+exit:
+ return(rc);
+}
diff --git a/ldap/servers/plugins/syntaxes/sicis.c b/ldap/servers/plugins/syntaxes/sicis.c
index fe7188c..07fee06 100644
--- a/ldap/servers/plugins/syntaxes/sicis.c
+++ b/ldap/servers/plugins/syntaxes/sicis.c
@@ -43,6 +43,9 @@
/*
* sicis.c - space insensitive string syntax routines.
* these strings are also case insensitive.
+ *
+ * This is a non-standard syntax. It is only used by the presence plug-in.
+ * It will be disabled by default unless the presence plug-in is compiled.
*/
#include <stdio.h>
#include <string.h>
diff --git a/ldap/servers/plugins/syntaxes/syntax.h b/ldap/servers/plugins/syntaxes/syntax.h
index fc7a2db..b9a0137 100644
--- a/ldap/servers/plugins/syntaxes/syntax.h
+++ b/ldap/servers/plugins/syntaxes/syntax.h
@@ -66,6 +66,46 @@
#define MIN( a, b ) (a < b ? a : b )
#endif
+#define SYNTAX_PLUGIN_SUBSYSTEM "syntax-plugin"
+
+/* The following are derived from RFC 4512, section 1.4. */
+#define IS_LEADKEYCHAR(c) ( isalpha(c) )
+#define IS_KEYCHAR(c) ( isalnum(c) || (c == '-') )
+#define IS_SPACE(c) ( (c == ' ') )
+#define IS_LDIGIT(c) ( (c != '0') && isdigit(c) )
+#define IS_SHARP(c) ( (c == '#') )
+#define IS_ESC(c) ( (c == '\\') )
+#define IS_UTF0(c) ( (c >= '\x80') && (c <= '\xBF') )
+#define IS_UTF1(c) ( !(c & 128) )
+/* These are only checking the first byte of the multibyte character. They
+ * do not verify that the entire multibyte character is correct. */
+#define IS_UTF2(c) ( (c >= '\xC2') && (c <= '\xDF') )
+#define IS_UTF3(c) ( (c >= '\xE0') && (c <= '\xEF') )
+#define IS_UTF4(c) ( (c >= '\xF0') && (c <= '\xF4') )
+#define IS_UTFMB(c) ( IS_UTF2(c) || IS_UTF3(c) || IS_UTF4(c) )
+#define IS_UTF8(c) ( IS_UTF1(c) || IS_UTFMB(c) )
+
+/* The following are derived from RFC 4514, section 3. */
+#define IS_ESCAPED(c) ( (c == '"') || (c == '+') || (c == ',') || \
+ (c == ';') || (c == '<') || (c == '>') )
+#define IS_SPECIAL(c) ( IS_ESCAPED(c) || IS_SPACE(c) || \
+ IS_SHARP(c) || (c == '=') )
+#define IS_LUTF1(c) ( IS_UTF1(c) && !IS_ESCAPED(c) && !IS_SPACE(c) && \
+ !IS_SHARP(c) && !IS_ESC(c) )
+#define IS_TUTF1(c) ( IS_UTF1(c) && !IS_ESCAPED(c) && !IS_SPACE(c) && \
+ !IS_ESC(c) )
+#define IS_SUTF1(c) ( IS_UTF1(c) && !IS_ESCAPED(c) && !IS_ESC(c) )
+
+/* Per RFC 4517:
+ *
+ * PrintableCharacter = ALPHA / DIGIT / SQUOTE / LPAREN / RPAREN /
+ * PLUS / COMMA / HYPHEN / DOT / EQUALS /
+ * SLASH / COLON / QUESTION / SPACE
+ */
+#define IS_PRINTABLE(c) ( isalnum(c) || (c == '\'') || (c == '(') || \
+ (c == ')') || (c == '+') || (c == ',') || (c == '-') || (c == '.') || \
+ (c == '=') || (c == '/') || (c == ':') || (c == '?') || IS_SPACE(c) )
+
int string_filter_sub( Slapi_PBlock *pb, char *initial, char **any, char *final,Slapi_Value **bvals, int syntax );
int string_filter_ava( struct berval *bvfilter, Slapi_Value **bvals, int syntax,int ftype, Slapi_Value **retVal );
int string_values2keys( Slapi_PBlock *pb, Slapi_Value **bvals,Slapi_Value ***ivals, int syntax, int ftype );
@@ -78,5 +118,10 @@ char *first_word( char *s );
char *next_word( char *s );
char *phonetic( char *s );
+/* Validation helper functions */
+int keystring_validate( char *begin, char *end );
+int numericoid_validate( char *begin, char *end );
+int utf8char_validate( char *begin, char *end, char **last );
+int utf8string_validate( char *begin, char *end, char **last );
#endif
diff --git a/ldap/servers/plugins/syntaxes/tel.c b/ldap/servers/plugins/syntaxes/tel.c
index b67fb78..3a2edd6 100644
--- a/ldap/servers/plugins/syntaxes/tel.c
+++ b/ldap/servers/plugins/syntaxes/tel.c
@@ -58,6 +58,7 @@ static int tel_assertion2keys_ava( Slapi_PBlock *pb, Slapi_Value *val,
static int tel_assertion2keys_sub( Slapi_PBlock *pb, char *initial, char **any,
char *final, Slapi_Value ***ivals );
static int tel_compare(struct berval *v1, struct berval *v2);
+static int tel_validate(struct berval *val);
/* the first name is the official one from RFC 2252 */
static char *names[] = { "TelephoneNumber", "tel", TELEPHONE_SYNTAX_OID, 0 };
@@ -95,6 +96,8 @@ tel_init( Slapi_PBlock *pb )
(void *) TELEPHONE_SYNTAX_OID );
rc |= slapi_pblock_set( pb, SLAPI_PLUGIN_SYNTAX_COMPARE,
(void *) tel_compare );
+ rc |= slapi_pblock_set( pb, SLAPI_PLUGIN_SYNTAX_VALIDATE,
+ (void *) tel_validate );
LDAPDebug( LDAP_DEBUG_PLUGIN, "<= tel_init %d\n", rc, 0, 0 );
return( rc );
@@ -170,3 +173,35 @@ static int tel_compare(
{
return value_cmp(v1, v2, SYNTAX_TEL|SYNTAX_CIS, 3 /* Normalise both values */);
}
+
+static int
+tel_validate(
+ struct berval *val
+)
+{
+ int rc = 0; /* assume the value is valid */
+ int i = 0;
+
+ /* Per RFC4517:
+ *
+ * TelephoneNumber = PrintableString
+ * PrintableString = 1*PrintableCharacter
+ */
+
+ /* Don't allow a 0 length string */
+ if ((val == NULL) || (val->bv_len == 0)) {
+ rc = 1;
+ goto exit;
+ }
+
+ /* Make sure all chars are a PrintableCharacter */
+ for (i=0; i < val->bv_len; i++) {
+ if (!IS_PRINTABLE(val->bv_val[i])) {
+ rc = 1;
+ goto exit;
+ }
+ }
+
+exit:
+ return rc;
+}
diff --git a/ldap/servers/plugins/syntaxes/validate.c b/ldap/servers/plugins/syntaxes/validate.c
new file mode 100644
index 0000000..8367e08
--- /dev/null
+++ b/ldap/servers/plugins/syntaxes/validate.c
@@ -0,0 +1,352 @@
+/** BEGIN COPYRIGHT BLOCK
+ * This Program is free software; you can redistribute it and/or modify it under
+ * the terms of the GNU General Public License as published by the Free Software
+ * Foundation; version 2 of the License.
+ *
+ * This Program is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along with
+ * this Program; if not, write to the Free Software Foundation, Inc., 59 Temple
+ * Place, Suite 330, Boston, MA 02111-1307 USA.
+ *
+ * In addition, as a special exception, Red Hat, Inc. gives You the additional
+ * right to link the code of this Program with code not covered under the GNU
+ * General Public License ("Non-GPL Code") and to distribute linked combinations
+ * including the two, subject to the limitations in this paragraph. Non-GPL Code
+ * permitted under this exception must only link to the code of this Program
+ * through those well defined interfaces identified in the file named EXCEPTION
+ * found in the source code files (the "Approved Interfaces"). The files of
+ * Non-GPL Code may instantiate templates or use macros or inline functions from
+ * the Approved Interfaces without causing the resulting work to be covered by
+ * the GNU General Public License. Only Red Hat, Inc. may make changes or
+ * additions to the list of Approved Interfaces. You must obey the GNU General
+ * Public License in all respects for all of the Program code and other code used
+ * in conjunction with the Program except the Non-GPL Code covered by this
+ * exception. If you modify this file, you may extend this exception to your
+ * version of the file, but you are not obligated to do so. If you do not wish to
+ * provide this exception without modification, you must delete this exception
+ * statement from your version and license this file solely under the GPL without
+ * exception.
+ *
+ *
+ * Copyright (C) 2009 Red Hat, Inc.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK **/
+
+#ifdef HAVE_CONFIG_H
+# include <config.h>
+#endif
+
+/* validate.c - syntax validation helper functions */
+
+#include <stdio.h>
+#include <string.h>
+#include <sys/types.h>
+#include "syntax.h"
+
+/* Helper function for processing a 'keystring'.
+ *
+ * Returns 0 is the value between begin and end is a valid 'keystring'.
+ * Returns non-zero if the value is not a valide 'keystring'.
+ */
+int keystring_validate(
+ char *begin,
+ char *end
+)
+{
+ int rc = 0; /* assume the value is valid */
+ const char *p = begin;
+
+ if ((begin == NULL) || (end == NULL)) {
+ rc = 1;
+ goto exit;
+ }
+
+ /* Per RFC4512:
+ *
+ * keystring = leadkeychar *keychar
+ */
+ if (IS_LEADKEYCHAR(*p)) {
+ for (p++; p <= end; p++) {
+ if (!IS_KEYCHAR(*p)) {
+ rc = 1;
+ goto exit;
+ }
+ }
+ } else {
+ rc = 1;
+ goto exit;
+ }
+
+exit:
+ return( rc );
+}
+
+/* Helper function for processing a 'numericoid'.
+ *
+ * Returns 0 is the value between begin and end is a valid 'numericoid'.
+ * Returns non-zero if the value is not a valide 'numericoid'.
+ */
+int numericoid_validate(
+ char *begin,
+ char *end
+)
+{
+ int rc = 0; /* assume the value is valid */
+ int found_separator = 0;
+ char *p = NULL;
+
+ if ((begin == NULL) || (end == NULL)) {
+ rc = 1;
+ goto exit;
+ }
+
+ /* Per RFC 4512:
+ *
+ * numericoid = number 1*( DOT number )
+ */
+
+ /* one pass of this loop should process one element of the oid (number DOT) */
+ for (p = begin; p <= end; p++) {
+ if (IS_LDIGIT(*p)) {
+ /* loop until we get to a separator char */
+ while(*p != '.') {
+ p++;
+ if (p > end) {
+ /* ensure we got at least 2 elements */
+ if (!found_separator) {
+ rc = 1;
+ goto exit;
+ } else {
+ /* looks like a valid numericoid */
+ goto exit;
+ }
+ } else if (*p == '.') {
+ /* we can not end with a '.' */
+ if (p == end) {
+ rc = 1;
+ goto exit;
+ } else {
+ found_separator = 1;
+ }
+ } else if (!isdigit(*p)) {
+ rc = 1;
+ goto exit;
+ }
+ }
+ } else if (*p == '0') {
+ p++;
+ if (p > end) {
+ /* ensure we got at least 2 elements */
+ if (!found_separator) {
+ rc = 1;
+ goto exit;
+ } else {
+ /* looks like a valid numericoid */
+ goto exit;
+ }
+ } else if (*p != '.') {
+ /* a leading 0 is not allowed unless the entire element is simply 0 */
+ rc = 1;
+ goto exit;
+ }
+
+ /* At this point, *p is '.'. We can not end with a '.' */
+ if (p == end) {
+ rc = 1;
+ goto exit;
+ } else {
+ found_separator = 1;
+ }
+ } else {
+ rc = 1;
+ goto exit;
+ }
+ }
+
+exit:
+ return(rc);
+}
+
+/* Helper to validate a single UTF-8 character.
+ * It is assumed that the first byte of the character
+ * is pointed to by begin. This function will not read
+ * past the byte pointed to by the end parameter. The
+ * last pointer will be filled in the the address of
+ * the last byte of the validated character if the
+ * character is valid, or the last byte processed
+ * in the invalid case.
+ *
+ * Returns 0 if it is valid and non-zero otherwise. */
+int utf8char_validate(
+ char *begin,
+ char *end,
+ char **last
+)
+{
+ int rc = 0; /* Assume char is valid */
+ char *p = begin;
+
+ if ((begin == NULL) || (end == NULL)) {
+ rc = 1;
+ goto exit;
+ }
+
+ /* Per RFC 4512:
+ *
+ * UTF8 = UTF1 / UTFMB
+ * UTFMB = UTF2 / UTF3 / UTF4
+ * UTF0 = %x80-BF
+ * UTF1 = %x00-7F
+ * UTF2 = %xC2-DF UTF0
+ * UTF3 = %xE0 %xA0-BF UTF0 / %xE1-EC 2(UTF0) /
+ * %xED %x80-9F UTF0 / %xEE-EF 2(UTF0)
+ * UTF4 = %xF0 %x90-BF 2(UTF0) / %xF1-F3 3(UTF0) /
+ * %xF4 %x80-8F 2(UTF0)
+ */
+
+ /* If we have a single byte (ASCII) character, we
+ * don't really have any work to do. */
+ if (IS_UTF1(*p)) {
+ goto exit;
+ } else if (IS_UTF2(*p)) {
+ /* Ensure that there is another byte
+ * and that is is 'UTF0'. */
+ if ((p == end) || !IS_UTF0(*(p + 1))) {
+ rc = 1;
+ goto exit;
+ }
+
+ /* Advance p so last is set correctly */
+ p++;
+ } else if (IS_UTF3(*p)) {
+ /* Ensure that there are at least 2 more bytes. */
+ if (end - p < 2) {
+ rc = 1;
+ goto exit;
+ }
+
+ /* The first byte determines what is legal for
+ * the second byte. */
+ if (*p == '\xE0') {
+ /* The next byte must be %xA0-BF. */
+ p++;
+ if ((*p < '\xA0') || (*p > '\xBF')) {
+ rc = 1;
+ goto exit;
+ }
+ } else if (*p == '\xED') {
+ /* The next byte must be %x80-9F. */
+ p++;
+ if ((*p < '\x80') || (*p > '\x9F')) {
+ rc = 1;
+ goto exit;
+ }
+ } else {
+ /* The next byte must each be 'UTF0'. */
+ p++;
+ if (!IS_UTF0(*p)) {
+ rc = 1;
+ goto exit;
+ }
+ }
+
+ /* The last byte must be 'UTF0'. */
+ p++;
+ if (!IS_UTF0(*p)) {
+ rc = 1;
+ goto exit;
+ }
+ } else if (IS_UTF4(*p)) {
+ /* Ensure that there are at least 3 more bytes. */
+ if (end - p < 3) {
+ rc = 1;
+ goto exit;
+ }
+
+ /* The first byte determines what is legal for
+ * the second byte. */
+ if (*p == '\xF0') {
+ /* The next byte must be %x90-BF. */
+ if ((*p < '\x90') || (*p > '\xBF')) {
+ rc = 1;
+ goto exit;
+ }
+ } else if (*p == '\xF4') {
+ /* The next byte must be %x80-BF. */
+ if ((*p < '\x80') || (*p > '\xBF')) {
+ rc = 1;
+ goto exit;
+ }
+ } else {
+ /* The next byte must each be 'UTF0'. */
+ p++;
+ if (!IS_UTF0(*p)) {
+ rc = 1;
+ goto exit;
+ }
+ }
+
+ /* The last 2 bytes must be 'UTF0'. */
+ p++;
+ if (!IS_UTF0(*p) || !IS_UTF0(*(p + 1))) {
+ rc = 1;
+ goto exit;
+ }
+
+ /* Advance the pointer so last is set correctly
+ * when we return. */
+ p++;
+ } else {
+ /* We found an illegal first byte. */
+ rc = 1;
+ goto exit;
+ }
+
+exit:
+ if (last) {
+ *last = p;
+ }
+ return(rc);
+}
+
+/* Validates that a non '\0' terminated string is UTF8. This
+ * function will not read past the byte pointed to by the end
+ * parameter. The last pointer will be filled in to point to
+ * the address of the last byte of the last validated character
+ * if the string is valid, or the last byte processed in the
+ * invalid case.
+ *
+ * Returns 0 if it is valid and non-zero otherwise. */
+int utf8string_validate(
+ char *begin,
+ char *end,
+ char **last
+)
+{
+ int rc = 0; /* Assume string is valid */
+ char *p = NULL;
+
+ if ((begin == NULL) || (end == NULL)) {
+ rc = 1;
+ goto exit;
+ }
+
+ for (p = begin; p <= end; p++) {
+ if ((rc = utf8char_validate(p, end, &p)) != 0) {
+ goto exit;
+ }
+ }
+
+ /* Adjust the pointer so last is set correctly for caller. */
+ p--;
+
+exit:
+ if (last) {
+ *last = p;
+ }
+ return(rc);
+}
+
diff --git a/ldap/servers/plugins/syntaxes/validate_task.c b/ldap/servers/plugins/syntaxes/validate_task.c
new file mode 100644
index 0000000..d469ccd
--- /dev/null
+++ b/ldap/servers/plugins/syntaxes/validate_task.c
@@ -0,0 +1,303 @@
+/** BEGIN COPYRIGHT BLOCK
+ * This Program is free software; you can redistribute it and/or modify it under
+ * the terms of the GNU General Public License as published by the Free Software
+ * Foundation; version 2 of the License.
+ *
+ * This Program is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along with
+ * this Program; if not, write to the Free Software Foundation, Inc., 59 Temple
+ * Place, Suite 330, Boston, MA 02111-1307 USA.
+ *
+ * In addition, as a special exception, Red Hat, Inc. gives You the additional
+ * right to link the code of this Program with code not covered under the GNU
+ * General Public License ("Non-GPL Code") and to distribute linked combinations
+ * including the two, subject to the limitations in this paragraph. Non-GPL Code
+ * permitted under this exception must only link to the code of this Program
+ * through those well defined interfaces identified in the file named EXCEPTION
+ * found in the source code files (the "Approved Interfaces"). The files of
+ * Non-GPL Code may instantiate templates or use macros or inline functions from
+ * the Approved Interfaces without causing the resulting work to be covered by
+ * the GNU General Public License. Only Red Hat, Inc. may make changes or
+ * additions to the list of Approved Interfaces. You must obey the GNU General
+ * Public License in all respects for all of the Program code and other code used
+ * in conjunction with the Program except the Non-GPL Code covered by this
+ * exception. If you modify this file, you may extend this exception to your
+ * version of the file, but you are not obligated to do so. If you do not wish to
+ * provide this exception without modification, you must delete this exception
+ * statement from your version and license this file solely under the GPL without
+ * exception.
+ *
+ *
+ * Copyright (C) 2009 Red Hat, Inc.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK **/
+
+#ifdef HAVE_CONFIG_H
+# include <config.h>
+#endif
+
+/* validate_task.c - syntax validation task */
+
+#include <stdio.h>
+#include <string.h>
+#include <sys/types.h>
+#include "syntax.h"
+
+/*
+ * Globals
+ */
+static Slapi_PluginDesc pdesc = { "syntax-validate-task", PLUGIN_MAGIC_VENDOR_STR,
+ PRODUCTTEXT, "syntax validation task plugin" };
+static void* _PluginID = NULL;
+
+
+/*
+ * Data Structures
+ */
+typedef struct _task_data
+{
+ char *dn;
+ char *filter_str;
+ Slapi_Counter *invalid_entries;
+} task_data;
+
+
+/*
+ * Function Prototypes
+ */
+int syntax_validate_task_init(Slapi_PBlock *pb);
+static int syntax_validate_task_start(Slapi_PBlock *pb);
+static int syntax_validate_task_add(Slapi_PBlock *pb, Slapi_Entry *e,
+ Slapi_Entry *eAfter, int *returncode,
+ char *returntext, void *arg);
+static void syntax_validate_task_destructor(Slapi_Task *task);
+static void syntax_validate_task_thread(void *arg);
+static int syntax_validate_task_callback(Slapi_Entry *e, void *callback_data);
+static const char *fetch_attr(Slapi_Entry *e, const char *attrname,
+ const char *default_val);
+static void syntax_validate_set_plugin_id(void * plugin_id);
+static void *syntax_validate_get_plugin_id();
+
+
+/*
+ * Function Implementations
+ */
+int
+syntax_validate_task_init(Slapi_PBlock *pb)
+{
+ int rc = 0;
+ char *syntax_validate_plugin_identity = NULL;
+
+ /* Save plugin ID. */
+ slapi_pblock_get (pb, SLAPI_PLUGIN_IDENTITY, &syntax_validate_plugin_identity);
+ PR_ASSERT (syntax_validate_plugin_identity);
+ syntax_validate_set_plugin_id(syntax_validate_plugin_identity);
+
+ /* Register task callback. */
+ rc = slapi_pblock_set(pb, SLAPI_PLUGIN_VERSION,
+ (void *) SLAPI_PLUGIN_VERSION_03 );
+ rc |= slapi_pblock_set(pb, SLAPI_PLUGIN_START_FN,
+ (void *) syntax_validate_task_start );
+
+ return rc;
+}
+
+static int
+syntax_validate_task_start(Slapi_PBlock *pb)
+{
+ int rc = slapi_task_register_handler("syntax validate", syntax_validate_task_add);
+ return rc;
+}
+
+static int
+syntax_validate_task_add(Slapi_PBlock *pb, Slapi_Entry *e,
+ Slapi_Entry *eAfter, int *returncode,
+ char *returntext, void *arg)
+{
+ PRThread *thread = NULL;
+ int rv = SLAPI_DSE_CALLBACK_OK;
+ task_data *mytaskdata = NULL;
+ Slapi_Task *task = NULL;
+ const char *filter;
+ const char *dn = 0;
+
+ *returncode = LDAP_SUCCESS;
+ /* get arg(s) */
+ if ((dn = fetch_attr(e, "basedn", 0)) == NULL) {
+ *returncode = LDAP_OBJECT_CLASS_VIOLATION;
+ rv = SLAPI_DSE_CALLBACK_ERROR;
+ goto out;
+ }
+
+ if ((filter = fetch_attr(e, "filter", "(objectclass=*)")) == NULL) {
+ *returncode = LDAP_OBJECT_CLASS_VIOLATION;
+ rv = SLAPI_DSE_CALLBACK_ERROR;
+ goto out;
+ }
+
+ /* setup our task data */
+ mytaskdata = (task_data*)slapi_ch_malloc(sizeof(task_data));
+ if (mytaskdata == NULL) {
+ *returncode = LDAP_OPERATIONS_ERROR;
+ rv = SLAPI_DSE_CALLBACK_ERROR;
+ goto out;
+ }
+ mytaskdata->dn = slapi_ch_strdup(dn);
+ mytaskdata->filter_str = slapi_ch_strdup(filter);
+ mytaskdata->invalid_entries = slapi_counter_new();
+
+ /* allocate new task now */
+ task = slapi_new_task(slapi_entry_get_ndn(e));
+
+ /* register our destructor for cleaning up our private data */
+ slapi_task_set_destructor_fn(task, syntax_validate_task_destructor);
+
+ /* Stash a pointer to our data in the task */
+ slapi_task_set_data(task, mytaskdata);
+
+ /* start the sample task as a separate thread */
+ thread = PR_CreateThread(PR_USER_THREAD, syntax_validate_task_thread,
+ (void *)task, PR_PRIORITY_NORMAL, PR_GLOBAL_THREAD,
+ PR_UNJOINABLE_THREAD, SLAPD_DEFAULT_THREAD_STACKSIZE);
+ if (thread == NULL) {
+ slapi_log_error( SLAPI_LOG_FATAL, SYNTAX_PLUGIN_SUBSYSTEM,
+ "unable to create task thread!\n");
+ *returncode = LDAP_OPERATIONS_ERROR;
+ rv = SLAPI_DSE_CALLBACK_ERROR;
+ slapi_task_finish(task, *returncode);
+ } else {
+ rv = SLAPI_DSE_CALLBACK_OK;
+ }
+
+out:
+ return rv;
+}
+
+static void
+syntax_validate_task_destructor(Slapi_Task *task)
+{
+ if (task) {
+ task_data *mydata = (task_data *)slapi_task_get_data(task);
+ if (mydata) {
+ slapi_ch_free_string(&mydata->dn);
+ slapi_ch_free_string(&mydata->filter_str);
+ slapi_counter_destroy(&mydata->invalid_entries);
+ /* Need to cast to avoid a compiler warning */
+ slapi_ch_free((void **)&mydata);
+ }
+ }
+}
+
+static void
+syntax_validate_task_thread(void *arg)
+{
+ int rc = 0;
+ Slapi_Task *task = (Slapi_Task *)arg;
+ task_data *td = NULL;
+ Slapi_PBlock *search_pb = slapi_pblock_new();
+
+ /* Fetch our task data from the task */
+ td = (task_data *)slapi_task_get_data(task);
+
+ /* Log started message. */
+ slapi_task_begin(task, 1);
+ slapi_task_log_notice(task, "Syntax validation task starting (arg: %s) ...\n",
+ td->filter_str);
+ slapi_log_error(SLAPI_LOG_FATAL, SYNTAX_PLUGIN_SUBSYSTEM,
+ "Syntax validate task starting (base: \"%s\", filter: \"%s\") ...\n",
+ td->dn, td->filter_str);
+
+ /* Perform the search and use a callback
+ * to validate each matching entry. */
+ slapi_search_internal_set_pb(search_pb, td->dn,
+ LDAP_SCOPE_SUBTREE, td->filter_str, 0, 0,
+ 0, 0, syntax_validate_get_plugin_id(), 0);
+
+ rc = slapi_search_internal_callback_pb(search_pb,
+ td, 0, syntax_validate_task_callback, 0);
+
+ slapi_pblock_destroy(search_pb);
+
+ /* Log finished message. */
+ slapi_task_log_notice(task, "Syntax validate task complete. Found %" NSPRIu64
+ " invalid entries.\n", slapi_counter_get_value(td->invalid_entries));
+ slapi_task_log_status(task, "Syntax validate task complete. Found %" NSPRIu64
+ " invalid entries.\n", slapi_counter_get_value(td->invalid_entries));
+ slapi_log_error(SLAPI_LOG_FATAL, SYNTAX_PLUGIN_SUBSYSTEM, "Syntax validate task complete."
+ " Found %" NSPRIu64 " invalid entries.\n",
+ slapi_counter_get_value(td->invalid_entries));
+ slapi_task_inc_progress(task);
+
+ /* this will queue the destruction of the task */
+ slapi_task_finish(task, rc);
+}
+
+static int
+syntax_validate_task_callback(Slapi_Entry *e, void *callback_data)
+{
+ int rc = 0;
+ char *dn = slapi_entry_get_dn(e);
+ task_data *td = (task_data *)callback_data;
+ Slapi_PBlock *pb = NULL;
+
+ /* Override the syntax checking config to force syntax checking. */
+ if (slapi_entry_syntax_check(NULL, e, 1) != 0) {
+ char *error_text = NULL;
+
+ /* We need a pblock to get more details on the syntax violation,
+ * but we don't want to allocate a pblock unless we need it for
+ * performance reasons. This means that we will actually call
+ * slapi_entry_syntax_check() twice for entries that have a
+ * syntax violation. */
+ pb = slapi_pblock_new();
+ slapi_entry_syntax_check(pb, e, 1);
+ slapi_pblock_get(pb, SLAPI_PB_RESULT_TEXT, &error_text);
+ slapi_log_error(SLAPI_LOG_FATAL, SYNTAX_PLUGIN_SUBSYSTEM,
+ "Entry \"%s\" violates syntax.\n%s",
+ dn, error_text);
+ slapi_pblock_destroy(pb);
+
+ /* Keep a tally of the number of invalid entries found. */
+ slapi_counter_increment(td->invalid_entries);
+ }
+
+ return rc;
+}
+
+/* extract a single value from the entry (as a string) -- if it's not in the
+ * entry, the default will be returned (which can be NULL).
+ * you do not need to free anything returned by this.
+ */
+static const char *
+fetch_attr(Slapi_Entry *e, const char *attrname,
+ const char *default_val)
+{
+Slapi_Attr *attr;
+Slapi_Value *val = NULL;
+
+ if (slapi_entry_attr_find(e, attrname, &attr) != 0) {
+ return default_val;
+ }
+
+ slapi_attr_first_value(attr, &val);
+
+ return slapi_value_get_string(val);
+}
+
+/*
+ * Plug-in identity management helper functions
+ */
+static void
+syntax_validate_set_plugin_id(void * plugin_id)
+{
+ _PluginID=plugin_id;
+}
+
+static void *
+syntax_validate_get_plugin_id()
+{
+ return _PluginID;
+}
diff --git a/ldap/servers/slapd/add.c b/ldap/servers/slapd/add.c
index b69da2e..6607eff 100644
--- a/ldap/servers/slapd/add.c
+++ b/ldap/servers/slapd/add.c
@@ -800,6 +800,16 @@ static void handle_fast_add(Slapi_PBlock *pb, Slapi_Entry *entry)
return;
}
+ /* syntax check */
+ if (slapi_entry_syntax_check(pb, entry, 0) != 0) {
+ char *errtext;
+ LDAPDebug(LDAP_DEBUG_TRACE, "entry failed syntax check\n", 0, 0, 0);
+ slapi_pblock_get(pb, SLAPI_PB_RESULT_TEXT, &errtext);
+ send_ldap_result(pb, LDAP_INVALID_SYNTAX, NULL, errtext, 0, NULL);
+ slapi_entry_free(entry);
+ return;
+ }
+
/* Check if the entry being added is a Tombstone. Could be if we are
* doing a replica init. */
if (slapi_entry_attr_hasvalue(entry, SLAPI_ATTR_OBJECTCLASS,
diff --git a/ldap/servers/slapd/back-ldbm/import-threads.c b/ldap/servers/slapd/back-ldbm/import-threads.c
index 7a1bcba..7cde2bf 100644
--- a/ldap/servers/slapd/back-ldbm/import-threads.c
+++ b/ldap/servers/slapd/back-ldbm/import-threads.c
@@ -534,9 +534,27 @@ void import_producer(void *param)
"violates schema, ending line %d of file "
"\"%s\"", escape_string(slapi_entry_get_dn(e), ebuf),
curr_lineno, curr_filename);
- if (e)
+ if (e) {
+ slapi_entry_free(e);
+ }
+
+ job->skipped++;
+ continue;
+ }
+
+ /* Check attribute syntax */
+ if (slapi_entry_syntax_check(NULL, e, 0) != 0)
+ {
+ char ebuf[BUFSIZ];
+ import_log_notice(job, "WARNING: skipping entry \"%s\" which "
+ "violates attribute syntax, ending line %d of "
+ "file \"%s\"", escape_string(slapi_entry_get_dn(e), ebuf),
+ curr_lineno, curr_filename);
+ if (e) {
slapi_entry_free(e);
- job->skipped++;
+ }
+
+ job->skipped++;
continue;
}
diff --git a/ldap/servers/slapd/back-ldbm/ldbm_add.c b/ldap/servers/slapd/back-ldbm/ldbm_add.c
index 764cff9..b9f573a 100644
--- a/ldap/servers/slapd/back-ldbm/ldbm_add.c
+++ b/ldap/servers/slapd/back-ldbm/ldbm_add.c
@@ -305,6 +305,15 @@ ldbm_back_add( Slapi_PBlock *pb )
goto error_return;
}
+ /* Check attribute syntax */
+ if (slapi_entry_syntax_check(pb, e, 0) != 0)
+ {
+ LDAPDebug(LDAP_DEBUG_TRACE, "entry failed syntax check\n", 0, 0, 0);
+ ldap_result_code = LDAP_INVALID_SYNTAX;
+ slapi_pblock_get(pb, SLAPI_PB_RESULT_TEXT, &ldap_result_message);
+ goto error_return;
+ }
+
opcsn = operation_get_csn (operation);
if(is_resurect_operation)
{
diff --git a/ldap/servers/slapd/back-ldbm/ldbm_modify.c b/ldap/servers/slapd/back-ldbm/ldbm_modify.c
index c169e9e..1cbe92d 100644
--- a/ldap/servers/slapd/back-ldbm/ldbm_modify.c
+++ b/ldap/servers/slapd/back-ldbm/ldbm_modify.c
@@ -188,6 +188,7 @@ ldbm_back_modify( Slapi_PBlock *pb )
struct backentry *e, *ec = NULL;
Slapi_Entry *postentry = NULL;
LDAPMod **mods;
+ Slapi_Mods smods;
back_txn txn;
back_txnid parent_txn;
int retval = -1;
@@ -279,11 +280,10 @@ ldbm_back_modify( Slapi_PBlock *pb )
slapi_pblock_get(pb, SLAPI_RESULT_CODE, &ldap_result_code);
/* The Plugin may have messed about with some of the PBlock parameters... ie. mods */
slapi_pblock_get( pb, SLAPI_MODIFY_MODS, &mods );
+ slapi_mods_init_byref(&smods,mods);
{
- Slapi_Mods smods;
CSN *csn = operation_get_csn(operation);
- slapi_mods_init_byref(&smods,mods);
if ( (change_entry = mods_have_effect (ec->ep_entry, &smods)) ) {
ldap_result_code = entry_apply_mods_wsi(ec->ep_entry, &smods, csn, operation_is_flag_set(operation,OP_FLAG_REPLICATED));
/*
@@ -301,7 +301,6 @@ ldbm_back_modify( Slapi_PBlock *pb )
slapi_pblock_set ( pb, SLAPI_ENTRY_POST_OP, postentry );
postentry = NULL; /* avoid removal/free in error_return code */
}
- slapi_mods_done(&smods);
if ( !change_entry || ldap_result_code != 0 ) {
/* change_entry == 0 is not an error, but we need to free lock etc */
goto error_return;
@@ -340,6 +339,14 @@ ldbm_back_modify( Slapi_PBlock *pb )
goto error_return;
}
+ /* check attribute syntax for the new values */
+ if (slapi_mods_syntax_check(pb, mods, 0) != 0)
+ {
+ ldap_result_code = LDAP_INVALID_SYNTAX;
+ slapi_pblock_get(pb, SLAPI_PB_RESULT_TEXT, &ldap_result_message);
+ goto error_return;
+ }
+
/*
* make sure the entry contains all values in the RDN.
* if not, the modification must have removed them.
@@ -506,6 +513,7 @@ error_return:
common_return:
+ slapi_mods_done(&smods);
if (ec_in_cache)
{
diff --git a/ldap/servers/slapd/back-ldbm/ldbm_modrdn.c b/ldap/servers/slapd/back-ldbm/ldbm_modrdn.c
index 1cb35ab..c71dd8e 100644
--- a/ldap/servers/slapd/back-ldbm/ldbm_modrdn.c
+++ b/ldap/servers/slapd/back-ldbm/ldbm_modrdn.c
@@ -530,6 +530,17 @@ ldbm_back_modrdn( Slapi_PBlock *pb )
goto error_return;
}
+ /* Check attribute syntax if any new values are being added for the new RDN */
+ if (slapi_mods_get_num_mods(&smods_operation_wsi)>0)
+ {
+ if (slapi_mods_syntax_check(pb, smods_generated_wsi.mods, 0) != 0)
+ {
+ ldap_result_code = LDAP_INVALID_SYNTAX;
+ slapi_pblock_get(pb, SLAPI_PB_RESULT_TEXT, &ldap_result_message);
+ goto error_return;
+ }
+ }
+
/*
* Update the DN CSN of the entry.
*/
diff --git a/ldap/servers/slapd/back-ldif/add.c b/ldap/servers/slapd/back-ldif/add.c
index 231f548..2779997 100644
--- a/ldap/servers/slapd/back-ldif/add.c
+++ b/ldap/servers/slapd/back-ldif/add.c
@@ -92,6 +92,13 @@ ldif_back_add( Slapi_PBlock *pb )
return( -1 );
}
+ /* Check if the attribute values in the entry obey the syntaxes */
+ if ( slapi_entry_syntax_check( pb, e, 0 ) != 0 ) {
+ LDAPDebug( LDAP_DEBUG_TRACE, "entry failed syntax_check\n", 0, 0, 0 );
+ slapi_send_ldap_result( pb, LDAP_INVALID_SYNTAX, NULL, NULL, 0, NULL );
+ return( -1 );
+ }
+
prev = NULL;
/*Lock the database*/
diff --git a/ldap/servers/slapd/back-ldif/modify.c b/ldap/servers/slapd/back-ldif/modify.c
index 58229ec..7fff067 100644
--- a/ldap/servers/slapd/back-ldif/modify.c
+++ b/ldap/servers/slapd/back-ldif/modify.c
@@ -140,6 +140,13 @@ ldif_back_modify( Slapi_PBlock *pb )
PR_Unlock( db->ldif_lock );
goto error_return;
}
+
+ /* Check if the attribute values in the mods obey the syntaxes */
+ if ( slapi_mods_syntax_check( pb, mods, 0 ) != 0 ) {
+ slapi_send_ldap_result( pb, LDAP_INVALID_SYNTAX, NULL, NULL, 0, NULL );
+ PR_Unlock( db->ldif_lock );
+ goto error_return;
+ }
/* Check for abandon again */
if ( slapi_op_abandoned( pb ) ) {
diff --git a/ldap/servers/slapd/config.c b/ldap/servers/slapd/config.c
index 9cf56dd..1af1b77 100644
--- a/ldap/servers/slapd/config.c
+++ b/ldap/servers/slapd/config.c
@@ -239,11 +239,13 @@ slapd_bootstrap_config(const char *configdir)
char _localuser[BUFSIZ];
char logenabled[BUFSIZ];
char schemacheck[BUFSIZ];
+ char syntaxcheck[BUFSIZ];
+ char syntaxlogging[BUFSIZ];
Slapi_DN plug_dn;
workpath[0] = loglevel[0] = maxdescriptors[0] = '\0';
- val[0] = logenabled[0] = schemacheck[0] = '\0';
- _localuser[0] = '\0';
+ val[0] = logenabled[0] = schemacheck[0] = syntaxcheck[0] = '\0';
+ syntaxlogging[0] = _localuser[0] = '\0';
/* Convert LDIF to entry structures */
slapi_sdn_init_dn_byref(&plug_dn, PLUGIN_BASE_DN);
@@ -460,6 +462,34 @@ slapd_bootstrap_config(const char *configdir)
}
}
+ /* see if we need to enable syntax checking */
+ if (!syntaxcheck[0] &&
+ entry_has_attr_and_value(e, CONFIG_SYNTAXCHECK_ATTRIBUTE,
+ syntaxcheck, sizeof(syntaxcheck)))
+ {
+ if (config_set_syntaxcheck(CONFIG_SYNTAXCHECK_ATTRIBUTE,
+ syntaxcheck, errorbuf, CONFIG_APPLY)
+ != LDAP_SUCCESS)
+ {
+ LDAPDebug(LDAP_DEBUG_ANY, "%s: %s: %s\n", configfile,
+ CONFIG_SYNTAXCHECK_ATTRIBUTE, errorbuf);
+ }
+ }
+
+ /* see if we need to enable syntax warnings */
+ if (!syntaxlogging[0] &&
+ entry_has_attr_and_value(e, CONFIG_SYNTAXLOGGING_ATTRIBUTE,
+ syntaxlogging, sizeof(syntaxlogging)))
+ {
+ if (config_set_syntaxlogging(CONFIG_SYNTAXLOGGING_ATTRIBUTE,
+ syntaxlogging, errorbuf, CONFIG_APPLY)
+ != LDAP_SUCCESS)
+ {
+ LDAPDebug(LDAP_DEBUG_ANY, "%s: %s: %s\n", configfile,
+ CONFIG_SYNTAXLOGGING_ATTRIBUTE, errorbuf);
+ }
+ }
+
/* see if we need to expect quoted schema values */
if (entry_has_attr_and_value(e, CONFIG_ENQUOTE_SUP_OC_ATTRIBUTE,
val, sizeof(val)))
diff --git a/ldap/servers/slapd/dse.c b/ldap/servers/slapd/dse.c
index 4d59350..956c29d 100644
--- a/ldap/servers/slapd/dse.c
+++ b/ldap/servers/slapd/dse.c
@@ -1864,6 +1864,17 @@ dse_modify(Slapi_PBlock *pb) /* JCM There should only be one exit point from thi
return dse_modify_return( -1, ec, ecc );
}
+ /* Check if the attribute values in the mods obey the syntaxes */
+ if ( slapi_mods_syntax_check( pb, mods, 0 ) != 0 )
+ {
+ char *errtext;
+
+ slapi_pblock_get(pb, SLAPI_PB_RESULT_TEXT, &errtext);
+ slapi_send_ldap_result( pb, LDAP_INVALID_SYNTAX, NULL, errtext, 0, NULL );
+ slapi_sdn_done(&sdn);
+ return dse_modify_return( -1, ec, ecc );
+ }
+
/* Change the entry itself both on disk and in the AVL tree */
/* dse_replace_entry free's the existing entry. */
if (dse_replace_entry( pdse, ecc, !dont_write_file, DSE_USE_LOCK )!=0 )
@@ -1941,6 +1952,18 @@ dse_add(Slapi_PBlock *pb) /* JCM There should only be one exit point from this f
return error;
}
+ /* Check if the attribute values in the entry obey the syntaxes */
+ if ( slapi_entry_syntax_check( pb, e, 0 ) != 0 )
+ {
+ char *errtext;
+ LDAPDebug( SLAPI_DSE_TRACELEVEL,
+ "dse_add: entry failed syntax check\n", 0, 0, 0 );
+ slapi_pblock_get(pb, SLAPI_PB_RESULT_TEXT, &errtext);
+ slapi_send_ldap_result( pb, LDAP_INVALID_SYNTAX, NULL, errtext, 0, NULL );
+ slapi_sdn_done(&sdn);
+ return error;
+ }
+
/*
* Attempt to find this dn.
*/
diff --git a/ldap/servers/slapd/fedse.c b/ldap/servers/slapd/fedse.c
index f71b7fd..beec7d5 100644
--- a/ldap/servers/slapd/fedse.c
+++ b/ldap/servers/slapd/fedse.c
@@ -143,14 +143,7 @@ static const char *internal_entries[] =
"objectclass:top\n"
"objectclass:nsSNMP\n"
"cn:SNMP\n"
- "nsSNMPEnabled:on\n"
- "nsSNMPName:\n"
- "nsSNMPOrganization:\n"
- "nsSNMPLocation:\n"
- "nsSNMPContact:\n"
- "nsSNMPDescription:\n"
- "nsSNMPMasterHost:\n"
- "nsSNMPMasterPort:\n"
+ "nsSNMPEnabled: on\n"
"aci:(target=\"ldap:///cn=SNMP,cn=config\")(targetattr !=\"aci\")(version 3.0;acl \"snmp\";allow (read, search, compare)(userdn = \"ldap:///anyone\");)\n",
};
@@ -161,7 +154,7 @@ static char *easter_egg_entry=
"1E14405A150F47341F0E09191B0A1F5A3E13081F190E1508035A2E1F1B1756191447171514"
"130E1508701518101F190E39161B0909405A0E150A701518101F190E39161B0909405A1508"
"1D1B1413001B0E1315141B162F14130E701518101F190E39161B0909405A1E13081F190E15"
-"0803040E1F1B17041F020E1F14091318161F041518101F190E70150F405A341F0E09191B0A"
+"0803570E1F1B17571F020E1F14091318161F571518101F190E70150F405A341F0E09191B0A"
"1F5A291F190F08130E035A2915160F0E1315140970150F405A341F0E09191B0A1F5A3E1308"
"1F190E1508035A2E1F1B17701E1F091908130A0E131514405A3E1B0C131E5A3815081F121B"
"17565A301B190B0F1F1613141F5A3815081F121B17565A3B140E121514035A3C15020D1508"
diff --git a/ldap/servers/slapd/libglobs.c b/ldap/servers/slapd/libglobs.c
index e473663..30ad5f3 100644
--- a/ldap/servers/slapd/libglobs.c
+++ b/ldap/servers/slapd/libglobs.c
@@ -321,6 +321,12 @@ static struct config_get_and_set {
{CONFIG_SCHEMACHECK_ATTRIBUTE, config_set_schemacheck,
NULL, 0,
(void**)&global_slapdFrontendConfig.schemacheck, CONFIG_ON_OFF, NULL},
+ {CONFIG_SYNTAXCHECK_ATTRIBUTE, config_set_syntaxcheck,
+ NULL, 0,
+ (void**)&global_slapdFrontendConfig.syntaxcheck, CONFIG_ON_OFF, NULL},
+ {CONFIG_SYNTAXLOGGING_ATTRIBUTE, config_set_syntaxlogging,
+ NULL, 0,
+ (void**)&global_slapdFrontendConfig.syntaxlogging, CONFIG_ON_OFF, NULL},
{CONFIG_DS4_COMPATIBLE_SCHEMA_ATTRIBUTE, config_set_ds4_compatible_schema,
NULL, 0,
(void**)&global_slapdFrontendConfig.ds4_compatible_schema,
@@ -891,6 +897,8 @@ FrontendConfig_init () {
cfg->sizelimit = SLAPD_DEFAULT_SIZELIMIT;
cfg->timelimit = SLAPD_DEFAULT_TIMELIMIT;
cfg->schemacheck = LDAP_ON;
+ cfg->syntaxcheck = LDAP_OFF;
+ cfg->syntaxlogging = LDAP_OFF;
cfg->ds4_compatible_schema = LDAP_OFF;
cfg->enquote_sup_oc = LDAP_OFF;
cfg->lastmod = LDAP_ON;
@@ -2422,6 +2430,33 @@ config_set_schemacheck( const char *attrname, char *value, char *errorbuf, int a
return retVal;
}
+int
+config_set_syntaxcheck( const char *attrname, char *value, char *errorbuf, int apply ) {
+ int retVal = LDAP_SUCCESS;
+ slapdFrontendConfig_t *slapdFrontendConfig = getFrontendConfig();
+
+ retVal = config_set_onoff ( attrname,
+ value,
+ &(slapdFrontendConfig->syntaxcheck),
+ errorbuf,
+ apply);
+
+ return retVal;
+}
+
+int
+config_set_syntaxlogging( const char *attrname, char *value, char *errorbuf, int apply ) {
+ int retVal = LDAP_SUCCESS;
+ slapdFrontendConfig_t *slapdFrontendConfig = getFrontendConfig();
+
+ retVal = config_set_onoff ( attrname,
+ value,
+ &(slapdFrontendConfig->syntaxlogging),
+ errorbuf,
+ apply);
+
+ return retVal;
+}
int
config_set_ds4_compatible_schema( const char *attrname, char *value, char *errorbuf, int apply ) {
@@ -4034,6 +4069,30 @@ config_get_schemacheck() {
}
int
+config_get_syntaxcheck() {
+ slapdFrontendConfig_t *slapdFrontendConfig = getFrontendConfig();
+ int retVal;
+
+ CFG_LOCK_READ(slapdFrontendConfig);
+ retVal = slapdFrontendConfig->syntaxcheck;
+ CFG_UNLOCK_READ(slapdFrontendConfig);
+
+ return retVal;
+}
+
+int
+config_get_syntaxlogging() {
+ slapdFrontendConfig_t *slapdFrontendConfig = getFrontendConfig();
+ int retVal;
+
+ CFG_LOCK_READ(slapdFrontendConfig);
+ retVal = slapdFrontendConfig->syntaxlogging;
+ CFG_UNLOCK_READ(slapdFrontendConfig);
+
+ return retVal;
+}
+
+int
config_get_ds4_compatible_schema() {
slapdFrontendConfig_t *slapdFrontendConfig = getFrontendConfig();
int retVal;
diff --git a/ldap/servers/slapd/pblock.c b/ldap/servers/slapd/pblock.c
index 6ac6aa8..062a87f 100644
--- a/ldap/servers/slapd/pblock.c
+++ b/ldap/servers/slapd/pblock.c
@@ -1072,6 +1072,12 @@ slapi_pblock_get( Slapi_PBlock *pblock, int arg, void *value )
case SLAPI_SYNTAX_SUBSTRLENS:
(*(int **)value) = pblock->pb_substrlens;
break;
+ case SLAPI_PLUGIN_SYNTAX_VALIDATE:
+ if ( pblock->pb_plugin->plg_type != SLAPI_PLUGIN_SYNTAX ) {
+ return( -1 );
+ }
+ (*(int *)value) = pblock->pb_plugin->plg_syntax_validate;
+ break;
/* controls we know about */
case SLAPI_MANAGEDSAIT:
@@ -2314,6 +2320,12 @@ slapi_pblock_set( Slapi_PBlock *pblock, int arg, void *value )
case SLAPI_SYNTAX_SUBSTRLENS:
pblock->pb_substrlens = (int *) value;
break;
+ case SLAPI_PLUGIN_SYNTAX_VALIDATE:
+ if ( pblock->pb_plugin->plg_type != SLAPI_PLUGIN_SYNTAX ) {
+ return( -1 );
+ }
+ pblock->pb_plugin->plg_syntax_validate = (IFP) value;
+ break;
case SLAPI_ENTRY_PRE_OP:
pblock->pb_pre_op_entry = (Slapi_Entry *) value;
break;
diff --git a/ldap/servers/slapd/plugin.c b/ldap/servers/slapd/plugin.c
index a7ad7df..5ae6356 100644
--- a/ldap/servers/slapd/plugin.c
+++ b/ldap/servers/slapd/plugin.c
@@ -1878,35 +1878,37 @@ plugin_add_descriptive_attributes( Slapi_Entry *e, struct slapdplugin *plugin )
if ( NULL == plugin )
{
+ /* This can happen for things such as disabled syntax plug-ins. We
+ * just treat this as a warning to allow the description attributes
+ * to be set to a default value to avoid an objectclass violation. */
LDAPDebug(LDAP_DEBUG_PLUGIN,
- "Error: failed to add descriptive values for plugin %s"
- " (could not find plugin entry)\n",
+ "Warning: couldn't find plugin %s in global list. "
+ "Adding default descriptive values.\n",
slapi_entry_get_dn_const(e), 0, 0 );
- return 1; /* failure */
}
}
if (add_plugin_description(e, ATTR_PLUGIN_PLUGINID,
- plugin->plg_desc.spd_id))
+ plugin ? plugin->plg_desc.spd_id : NULL))
{
status = 1;
}
if (add_plugin_description(e, ATTR_PLUGIN_VERSION,
- plugin->plg_desc.spd_version))
+ plugin ? plugin->plg_desc.spd_version : NULL))
{
status = 1;
}
if (add_plugin_description(e, ATTR_PLUGIN_VENDOR,
- plugin->plg_desc.spd_vendor))
+ plugin ? plugin->plg_desc.spd_vendor: NULL))
{
status = 1;
}
if (add_plugin_description(e, ATTR_PLUGIN_DESC,
- plugin->plg_desc.spd_description))
+ plugin ? plugin->plg_desc.spd_description : NULL))
{
status = 1;
}
diff --git a/ldap/servers/slapd/plugin_syntax.c b/ldap/servers/slapd/plugin_syntax.c
index cb3cde9..3290a95 100644
--- a/ldap/servers/slapd/plugin_syntax.c
+++ b/ldap/servers/slapd/plugin_syntax.c
@@ -261,6 +261,183 @@ plugin_call_syntax_filter_sub_sv(
return( rc );
}
+/* Checks if the values of all attributes in an entry are valid for the
+ * syntax specified for the attribute in question. Setting override to
+ * 1 will force syntax checking to be performed, even if syntax checking
+ * is disabled in the config. Setting override to 0 will obey the config
+ * settings.
+ *
+ * Returns 1 if there is a syntax violation and sets the error message
+ * appropriately. Returns 0 if everything checks out fine.
+ */
+int
+slapi_entry_syntax_check(
+ Slapi_PBlock *pb, Slapi_Entry *e, int override
+)
+{
+ int ret = 0;
+ int i = 0;
+ int is_replicated_operation = 0;
+ int badval = 0;
+ int syntaxcheck = config_get_syntaxcheck();
+ int syntaxlogging = config_get_syntaxlogging();
+ Slapi_Attr *prevattr = NULL;
+ Slapi_Attr *a = NULL;
+ char errtext[ BUFSIZ ];
+ char *errp = &errtext[0];
+ size_t err_remaining = sizeof(errtext);
+
+ if (pb != NULL) {
+ slapi_pblock_get(pb, SLAPI_IS_REPLICATED_OPERATION, &is_replicated_operation);
+ }
+
+ /* If syntax checking and logging are off, or if this is a
+ * replicated operation, just return that the syntax is OK. */
+ if (((syntaxcheck == 0) && (syntaxlogging == 0) && (override == 0)) ||
+ is_replicated_operation) {
+ goto exit;
+ }
+
+ i = slapi_entry_first_attr(e, &a);
+
+ while ((-1 != i) && a && (a->a_plugin != NULL)) {
+ /* If no validate function is available for this type, just
+ * assume that the value is valid. */
+ if ( a->a_plugin->plg_syntax_validate != NULL ) {
+ int numvals = 0;
+
+ slapi_attr_get_numvalues(a, &numvals);
+ if ( numvals > 0 ) {
+ Slapi_Value *val = NULL;
+ const struct berval *bval = NULL;
+ int hint = slapi_attr_first_value(a, &val);
+
+ /* iterate through each value to check if it's valid */
+ while (val != NULL) {
+ bval = slapi_value_get_berval(val);
+ if ((a->a_plugin->plg_syntax_validate( bval )) != 0) {
+ if (syntaxlogging) {
+ slapi_log_error( SLAPI_LOG_FATAL, "Syntax Check",
+ "\"%s\": (%s) value #%d invalid per syntax\n",
+ slapi_entry_get_dn(e), a->a_type, hint );
+ }
+
+ if (syntaxcheck || override) {
+ if (pb) {
+ /* Append new text to any existing text. */
+ errp += PR_snprintf( errp, err_remaining,
+ "%s: value #%d invalid per syntax\n", a->a_type, hint );
+ err_remaining -= errp - &errtext[0];
+ }
+ ret = 1;
+ }
+ }
+
+ hint = slapi_attr_next_value(a, hint, &val);
+ }
+ }
+ }
+
+ prevattr = a;
+ i = slapi_entry_next_attr(e, prevattr, &a);
+ }
+
+ /* See if we need to set the error text in the pblock. */
+ if (errp != &errtext[0]) {
+ slapi_pblock_set( pb, SLAPI_PB_RESULT_TEXT, errtext );
+ }
+
+exit:
+ return( ret );
+}
+
+/* Checks if the values of all attributes being added in a Slapi_Mods
+ * are valid for the syntax specified for the attribute in question.
+ * The new values in an add or replace modify operation and the newrdn
+ * value for a modrdn operation will be checked.
+ * Returns 1 if there is a syntax violation and sets the error message
+ * appropriately. Returns 0 if everything checks out fine.
+ */
+int
+slapi_mods_syntax_check(
+ Slapi_PBlock *pb, LDAPMod **mods, int override
+)
+{
+ int ret = 0;
+ int i, j = 0;
+ int is_replicated_operation = 0;
+ int badval = 0;
+ int syntaxcheck = config_get_syntaxcheck();
+ int syntaxlogging = config_get_syntaxlogging();
+ char errtext[ BUFSIZ ];
+ char *errp = &errtext[0];
+ size_t err_remaining = sizeof(errtext);
+ char *dn = NULL;
+ LDAPMod *mod = NULL;
+
+ if (mods == NULL) {
+ ret = 1;
+ goto exit;
+ }
+
+ if (pb != NULL) {
+ slapi_pblock_get(pb, SLAPI_IS_REPLICATED_OPERATION, &is_replicated_operation);
+ slapi_pblock_get(pb, SLAPI_TARGET_DN, &dn);
+ }
+
+ /* If syntax checking and logging are off, or if this is a
+ * replicated operation, just return that the syntax is OK. */
+ if (((syntaxcheck == 0) && (syntaxlogging == 0) && (override == 0)) ||
+ is_replicated_operation) {
+ goto exit;
+ }
+
+ /* Loop through mods */
+ for (i = 0; mods[i] != NULL; i++) {
+ mod = mods[i];
+
+ /* We only care about replace and add modify operations that
+ * are truly adding new values to the entry. */
+ if ((SLAPI_IS_MOD_REPLACE(mod->mod_op) || SLAPI_IS_MOD_ADD(mod->mod_op)) &&
+ (mod->mod_bvalues != NULL)) {
+ struct slapdplugin *syntax_plugin = NULL;
+
+ /* Find the plug-in for this type, then call it's
+ * validate function.*/
+ slapi_attr_type2plugin(mod->mod_type, (void **)&syntax_plugin);
+ if ((syntax_plugin != NULL) && (syntax_plugin->plg_syntax_validate != NULL)) {
+ /* Loop through the values and validate each one */
+ for (j = 0; mod->mod_bvalues[j] != NULL; j++) {
+ if (syntax_plugin->plg_syntax_validate(mod->mod_bvalues[j]) != 0) {
+ if (syntaxlogging) {
+ slapi_log_error( SLAPI_LOG_FATAL, "Syntax Check", "\"%s\": (%s) value #%d invalid per syntax\n",
+ dn ? dn : "NULL", mod->mod_type, j );
+ }
+
+ if (syntaxcheck || override) {
+ if (pb) {
+ /* Append new text to any existing text. */
+ errp += PR_snprintf( errp, err_remaining,
+ "%s: value #%d invalid per syntax\n", mod->mod_type, j );
+ err_remaining -= errp - &errtext[0];
+ }
+ ret = 1;
+ }
+ }
+ }
+ }
+ }
+ }
+
+ /* See if we need to set the error text in the pblock. */
+ if (errp != &errtext[0]) {
+ slapi_pblock_set( pb, SLAPI_PB_RESULT_TEXT, errtext );
+ }
+
+exit:
+ return( ret );
+}
+
SLAPI_DEPRECATED int
slapi_call_syntax_values2keys( /* JCM SLOW FUNCTION */
void *vpi,
diff --git a/ldap/servers/slapd/proto-slap.h b/ldap/servers/slapd/proto-slap.h
index 7c25b18..c561196 100644
--- a/ldap/servers/slapd/proto-slap.h
+++ b/ldap/servers/slapd/proto-slap.h
@@ -264,6 +264,8 @@ int config_set_accesscontrol( const char *attrname, char *value, char *errorbuf,
int config_set_security( const char *attrname, char *value, char *errorbuf, int apply );
int config_set_readonly( const char *attrname, char *value, char *errorbuf, int apply );
int config_set_schemacheck( const char *attrname, char *value, char *errorbuf, int apply );
+int config_set_syntaxcheck( const char *attrname, char *value, char *errorbuf, int apply );
+int config_set_syntaxlogging( const char *attrname, char *value, char *errorbuf, int apply );
int config_set_ds4_compatible_schema( const char *attrname, char *value, char *errorbuf, int apply );
int config_set_schema_ignore_trailing_spaces( const char *attrname, char *value, char *errorbuf, int apply );
int config_set_rootdn( const char *attrname, char *value, char *errorbuf, int apply );
@@ -406,6 +408,8 @@ int config_get_return_exact_case();
int config_get_result_tweak();
int config_get_security();
int config_get_schemacheck();
+int config_get_syntaxcheck();
+int config_get_syntaxlogging();
int config_get_ds4_compatible_schema();
int config_get_schema_ignore_trailing_spaces();
char *config_get_rootdn();
diff --git a/ldap/servers/slapd/schema.c b/ldap/servers/slapd/schema.c
index 04b13d0..e331a94 100644
--- a/ldap/servers/slapd/schema.c
+++ b/ldap/servers/slapd/schema.c
@@ -3415,7 +3415,9 @@ read_at_ldif(const char *input, struct asyntaxinfo **asipp, char *errorbuf,
schema_errprefix_at, first_attr_name,
"Missing parent attribute syntax OID");
status = invalid_syntax_error;
- } else {
+ /* We only want to use the parent syntax if a SYNTAX
+ * wasn't explicitly specified for this attribute. */
+ } else if (NULL == pSyntax) {
char *pso = plugin_syntax2oid(asi_parent->asi_plugin);
if (pso) {
diff --git a/ldap/servers/slapd/slap.h b/ldap/servers/slapd/slap.h
index ceeb11e..cec186f 100644
--- a/ldap/servers/slapd/slap.h
+++ b/ldap/servers/slapd/slap.h
@@ -287,8 +287,8 @@ typedef void (*VFP0)();
#define SLAPD_SCHEMA_DN "cn=schema"
#define SLAPD_CONFIG_DN "cn=config"
-#define EGG_OBJECT_CLASS "directory~team~extensible~object"
-#define EGG_FILTER "(objectclass=directory~team~extensible~object)"
+#define EGG_OBJECT_CLASS "directory-team-extensible-object"
+#define EGG_FILTER "(objectclass=directory-team-extensible-object)"
#define BE_LIST_SIZE 100 /* used by mapping tree code to hold be_list stuff */
@@ -501,16 +501,17 @@ typedef int (*SyntaxEnumFunc)(char **names, Slapi_PluginDesc *plugindesc,
/* OIDs for some commonly used syntaxes */
#define BINARY_SYNTAX_OID "1.3.6.1.4.1.1466.115.121.1.5"
-#define BOOLEAN_SYNTAX_OID "1.3.6.1.4.1.1466.115.121.1.7"
+#define BOOLEAN_SYNTAX_OID "1.3.6.1.4.1.1466.115.121.1.7"
#define COUNTRYSTRING_SYNTAX_OID "1.3.6.1.4.1.1466.115.121.1.11"
#define DN_SYNTAX_OID "1.3.6.1.4.1.1466.115.121.1.12"
#define DIRSTRING_SYNTAX_OID "1.3.6.1.4.1.1466.115.121.1.15"
#define GENERALIZEDTIME_SYNTAX_OID "1.3.6.1.4.1.1466.115.121.1.24"
#define IA5STRING_SYNTAX_OID "1.3.6.1.4.1.1466.115.121.1.26"
#define INTEGER_SYNTAX_OID "1.3.6.1.4.1.1466.115.121.1.27"
-#define JPEG_SYNTAX_OID "1.3.6.1.4.1.1466.115.121.1.28"
+#define JPEG_SYNTAX_OID "1.3.6.1.4.1.1466.115.121.1.28"
+#define NUMERICSTRING_SYNTAX_OID "1.3.6.1.4.1.1466.115.121.1.36"
+#define OID_SYNTAX_OID "1.3.6.1.4.1.1466.115.121.1.38"
#define OCTETSTRING_SYNTAX_OID "1.3.6.1.4.1.1466.115.121.1.40"
-#define OID_SYNTAX_OID "1.3.6.1.4.1.1466.115.121.1.38"
#define POSTALADDRESS_SYNTAX_OID "1.3.6.1.4.1.1466.115.121.1.41"
#define TELEPHONE_SYNTAX_OID "1.3.6.1.4.1.1466.115.121.1.50"
#define SPACE_INSENSITIVE_STRING_SYNTAX_OID "2.16.840.1.113730.3.7.1"
@@ -967,6 +968,7 @@ struct slapdplugin {
char **plg_un_syntax_names;
char *plg_un_syntax_oid;
IFP plg_un_syntax_compare;
+ IFP plg_un_syntax_validate;
} plg_un_syntax;
#define plg_syntax_filter_ava plg_un.plg_un_syntax.plg_un_syntax_filter_ava
#define plg_syntax_filter_sub plg_un.plg_un_syntax.plg_un_syntax_filter_sub
@@ -976,7 +978,8 @@ struct slapdplugin {
#define plg_syntax_flags plg_un.plg_un_syntax.plg_un_syntax_flags
#define plg_syntax_names plg_un.plg_un_syntax.plg_un_syntax_names
#define plg_syntax_oid plg_un.plg_un_syntax.plg_un_syntax_oid
-#define plg_syntax_compare plg_un.plg_un_syntax.plg_un_syntax_compare
+#define plg_syntax_compare plg_un.plg_un_syntax.plg_un_syntax_compare
+#define plg_syntax_validate plg_un.plg_un_syntax.plg_un_syntax_validate
struct plg_un_acl_struct {
IFP plg_un_acl_init;
@@ -1519,6 +1522,9 @@ typedef struct daemon_ports_s {
/* Definition for plugin syntax compare routine */
typedef int (*value_compare_fn_type)(const struct berval *,const struct berval *);
+/* Definition for plugin syntax validate routine */
+typedef int (*value_validate_fn_type)(const struct berval *);
+
#include "pw.h"
#include "proto-slap.h"
@@ -1631,6 +1637,8 @@ typedef struct _slapdEntryPoints {
#define CONFIG_OBJECTCLASS_ATTRIBUTE "nsslapd-objectclass"
#define CONFIG_ATTRIBUTE_ATTRIBUTE "nsslapd-attribute"
#define CONFIG_SCHEMACHECK_ATTRIBUTE "nsslapd-schemacheck"
+#define CONFIG_SYNTAXCHECK_ATTRIBUTE "nsslapd-syntaxcheck"
+#define CONFIG_SYNTAXLOGGING_ATTRIBUTE "nsslapd-syntaxlogging"
#define CONFIG_DS4_COMPATIBLE_SCHEMA_ATTRIBUTE "nsslapd-ds4-compatible-schema"
#define CONFIG_SCHEMA_IGNORE_TRAILING_SPACES "nsslapd-schema-ignore-trailing-spaces"
#define CONFIG_SCHEMAREPLACE_ATTRIBUTE "nsslapd-schemareplace"
@@ -1846,6 +1854,8 @@ typedef struct _slapdFrontendConfig {
int readonly;
int reservedescriptors;
int schemacheck;
+ int syntaxcheck;
+ int syntaxlogging;
int ds4_compatible_schema;
int schema_ignore_trailing_spaces;
int secureport;
diff --git a/ldap/servers/slapd/slapi-plugin.h b/ldap/servers/slapd/slapi-plugin.h
index 3c0cf72..70556e9 100644
--- a/ldap/servers/slapd/slapi-plugin.h
+++ b/ldap/servers/slapd/slapi-plugin.h
@@ -280,6 +280,8 @@ int slapi_entry_next_attr( const Slapi_Entry *e, Slapi_Attr *prevattr, Slapi_Att
const char *slapi_entry_get_uniqueid( const Slapi_Entry *e );
void slapi_entry_set_uniqueid( Slapi_Entry *e, char *uniqueid );
int slapi_entry_schema_check( Slapi_PBlock *pb, Slapi_Entry *e );
+int slapi_entry_syntax_check( Slapi_PBlock *pb, Slapi_Entry *e, int override );
+int slapi_mods_syntax_check( Slapi_PBlock *pb, LDAPMod **mods, int override );
int slapi_entry_rdn_values_present( const Slapi_Entry *e );
int slapi_entry_add_rdn_values( Slapi_Entry *e );
int slapi_entry_attr_delete( Slapi_Entry *e, const char *type );
@@ -1702,9 +1704,9 @@ typedef struct slapi_plugindesc {
#define SLAPI_PLUGIN_SYNTAX_OID 706
#define SLAPI_PLUGIN_SYNTAX_FLAGS 707
#define SLAPI_PLUGIN_SYNTAX_COMPARE 708
-
/* user defined substrlen; not stored in slapdplugin, but pblock itself */
-#define SLAPI_SYNTAX_SUBSTRLENS 709
+#define SLAPI_SYNTAX_SUBSTRLENS 709
+#define SLAPI_PLUGIN_SYNTAX_VALIDATE 710
/* ACL plugin functions and arguments */
#define SLAPI_PLUGIN_ACL_INIT 730
--
1.5.5.1
14 years, 11 months