1 /* mra.c - routines for dealing with extensible matching rule assertions */
3 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
5 * Copyright 1998-2004 The OpenLDAP Foundation.
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted only as authorized by the OpenLDAP
12 * A copy of this license is available in the file LICENSE in the
13 * top-level directory of the distribution or, alternatively, at
14 * <http://www.OpenLDAP.org/license.html>.
21 #include <ac/string.h>
22 #include <ac/socket.h>
29 MatchingRuleAssertion *mra,
33 /* op->o_tmpfree( mra->ma_value.bv_val, op->o_tmpmemctx ); */
34 ch_free( mra->ma_value.bv_val );
36 op->o_tmpfree( (char *) mra, op->o_tmpmemctx );
44 MatchingRuleAssertion **mra,
51 struct berval type = { 0, NULL };
52 struct berval value = { 0, NULL };
53 struct berval rule_text = { 0, NULL };
54 MatchingRuleAssertion ma;
56 memset( &ma, 0, sizeof ma);
58 rtag = ber_scanf( ber, "{t" /*"}"*/, &tag );
60 if( rtag == LBER_ERROR ) {
62 LDAP_LOG( OPERATION, ERR,
63 "get_mra: ber_scanf (\"{t\") failure\n", 0, 0, 0 );
65 Debug( LDAP_DEBUG_ANY, " get_mra ber_scanf\n", 0, 0, 0 );
68 *text = "Error parsing matching rule assertion";
69 return SLAPD_DISCONNECT;
72 if ( tag == LDAP_FILTER_EXT_OID ) {
73 rtag = ber_scanf( ber, "m", &rule_text );
74 if ( rtag == LBER_ERROR ) {
76 LDAP_LOG( OPERATION, ERR,
77 "get_mra: ber_scanf(\"o\") failure.\n", 0, 0, 0 );
79 Debug( LDAP_DEBUG_ANY, " get_mra ber_scanf for mr\n", 0, 0, 0 );
82 *text = "Error parsing matching rule in matching rule assertion";
83 return SLAPD_DISCONNECT;
86 rtag = ber_scanf( ber, "t", &tag );
87 if( rtag == LBER_ERROR ) {
89 LDAP_LOG( OPERATION, ERR,
90 "get_mra: ber_scanf (\"t\") failure\n", 0, 0, 0 );
92 Debug( LDAP_DEBUG_ANY, " get_mra ber_scanf\n", 0, 0, 0 );
95 *text = "Error parsing matching rule assertion";
96 return SLAPD_DISCONNECT;
100 if ( tag == LDAP_FILTER_EXT_TYPE ) {
101 rtag = ber_scanf( ber, "m", &type );
102 if ( rtag == LBER_ERROR ) {
104 LDAP_LOG( OPERATION, ERR,
105 "get_mra: ber_scanf (\"o\") failure.\n", 0, 0, 0 );
107 Debug( LDAP_DEBUG_ANY, " get_mra ber_scanf for ad\n", 0, 0, 0 );
110 *text = "Error parsing attribute description in matching rule assertion";
111 return SLAPD_DISCONNECT;
114 rtag = ber_scanf( ber, "t", &tag );
115 if( rtag == LBER_ERROR ) {
117 LDAP_LOG( OPERATION, ERR,
118 "get_mra: ber_scanf (\"t\") failure.\n", 0, 0, 0 );
120 Debug( LDAP_DEBUG_ANY, " get_mra ber_scanf\n", 0, 0, 0 );
123 *text = "Error parsing matching rule assertion";
124 return SLAPD_DISCONNECT;
128 if ( tag != LDAP_FILTER_EXT_VALUE ) {
130 LDAP_LOG( OPERATION, ERR,
131 "get_mra: ber_scanf missing value\n", 0, 0, 0 );
133 Debug( LDAP_DEBUG_ANY, " get_mra ber_scanf missing value\n", 0, 0, 0 );
136 *text = "Missing value in matching rule assertion";
137 return SLAPD_DISCONNECT;
140 rtag = ber_scanf( ber, "m", &value );
142 if( rtag == LBER_ERROR ) {
144 LDAP_LOG( OPERATION, ERR,
145 "get_mra: ber_scanf (\"o\") failure.\n", 0, 0, 0 );
147 Debug( LDAP_DEBUG_ANY, " get_mra ber_scanf\n", 0, 0, 0 );
150 *text = "Error decoding value in matching rule assertion";
151 return SLAPD_DISCONNECT;
154 tag = ber_peek_tag( ber, &length );
156 if ( tag == LDAP_FILTER_EXT_DNATTRS ) {
157 rtag = ber_scanf( ber, /*"{"*/ "b}", &ma.ma_dnattrs );
159 rtag = ber_scanf( ber, /*"{"*/ "}" );
162 if( rtag == LBER_ERROR ) {
164 LDAP_LOG( OPERATION, ERR, "get_mra: ber_scanf failure\n", 0, 0, 0);
166 Debug( LDAP_DEBUG_ANY, " get_mra ber_scanf\n", 0, 0, 0 );
169 *text = "Error decoding dnattrs matching rule assertion";
170 return SLAPD_DISCONNECT;
173 if( type.bv_val != NULL ) {
174 rc = slap_bv2ad( &type, &ma.ma_desc, text );
175 if( rc != LDAP_SUCCESS ) {
180 if( rule_text.bv_val != NULL ) {
181 ma.ma_rule = mr_bvfind( &rule_text );
182 if( ma.ma_rule == NULL ) {
183 *text = "matching rule not recognized";
184 return LDAP_INAPPROPRIATE_MATCHING;
188 if ( ma.ma_rule == NULL ) {
190 * Need either type or rule ...
192 if ( ma.ma_desc == NULL ) {
193 *text = "no matching rule or type";
194 return LDAP_INAPPROPRIATE_MATCHING;
197 if ( ma.ma_desc->ad_type->sat_equality != NULL &&
198 ma.ma_desc->ad_type->sat_equality->smr_usage & SLAP_MR_EXT )
200 /* no matching rule was provided, use the attribute's
201 equality rule if it supports extensible matching. */
202 ma.ma_rule = ma.ma_desc->ad_type->sat_equality;
205 *text = "no appropriate rule to use for type";
206 return LDAP_INAPPROPRIATE_MATCHING;
210 if ( ma.ma_desc != NULL ) {
211 if( !mr_usable_with_at( ma.ma_rule, ma.ma_desc->ad_type ) ) {
212 *text = "matching rule use with this attribute not appropriate";
213 return LDAP_INAPPROPRIATE_MATCHING;
219 * Normalize per matching rule
221 rc = asserted_value_validate_normalize( ma.ma_desc,
223 SLAP_MR_EXT|SLAP_MR_VALUE_OF_ASSERTION_SYNTAX,
224 &value, &ma.ma_value, text, op->o_tmpmemctx );
226 if( rc != LDAP_SUCCESS ) {
231 /* Append rule_text to end of struct */
232 if (rule_text.bv_val) length += rule_text.bv_len + 1;
233 *mra = op->o_tmpalloc( length, op->o_tmpmemctx );
235 if (rule_text.bv_val) {
236 (*mra)->ma_rule_text.bv_len = rule_text.bv_len;
237 (*mra)->ma_rule_text.bv_val = (char *)(*mra+1);
238 AC_MEMCPY((*mra)->ma_rule_text.bv_val, rule_text.bv_val,