+ /* If ma_rule is not the same as the attribute's
+ * normal rule, then we can't use the a_nvals.
+ */
+ if ( mra->ma_rule == a->a_desc->ad_type->sat_equality ) {
+ bv = a->a_nvals;
+
+ } else {
+ bv = a->a_vals;
+ normalize_attribute = 1;
+ }
+#ifdef LDAP_COMP_MATCH
+ i = 0;
+#endif
+ for ( ; !BER_BVISNULL( bv ); bv++ ) {
+ int ret;
+ int rc;
+ const char *text;
+
+#ifdef LDAP_COMP_MATCH
+ if ( mra->ma_cf &&
+ mra->ma_rule->smr_usage & SLAP_MR_COMPONENT )
+ {
+ /* Check if decoded component trees are already linked */
+ if ( num_attr_vals ) {
+ a->a_comp_data->cd_tree[i] = attr_converter(
+ a, a->a_desc->ad_type->sat_syntax, bv );
+ }
+ /* decoding error */
+ if ( !a->a_comp_data->cd_tree[i] ) {
+ return LDAP_OPERATIONS_ERROR;
+ }
+ rc = value_match( &ret, a->a_desc, mra->ma_rule,
+ SLAP_MR_COMPONENT,
+ (struct berval*)a->a_comp_data->cd_tree[i++],
+ (void*)mra, &text );
+ } else
+#endif
+ {
+ struct berval nbv = BER_BVNULL;
+
+ if ( normalize_attribute && mra->ma_rule->smr_normalize ) {
+ /*
+
+ Document: RFC 4511
+
+ 4.5.1. Search Request
+ ...
+ If the type field is present and the matchingRule is present,
+ the matchValue is compared against entry attributes of the
+ specified type. In this case, the matchingRule MUST be one
+ suitable for use with the specified type (see [RFC4517]),
+ otherwise the filter item is Undefined.
+
+
+ In this case, since the matchingRule requires the assertion
+ value to be normalized, we normalize the attribute value
+ according to the syntax of the matchingRule.
+
+ This should likely be done inside value_match(), by passing
+ the appropriate flags, but this is not done at present.
+ See ITS#3406.
+ */
+ if ( mra->ma_rule->smr_normalize(
+ SLAP_MR_VALUE_OF_ATTRIBUTE_SYNTAX,
+ mra->ma_rule->smr_syntax,
+ mra->ma_rule,
+ bv, &nbv, memctx ) != LDAP_SUCCESS )
+ {
+ /* FIXME: stop processing? */
+ continue;
+ }
+
+ } else {
+ nbv = *bv;
+ }
+
+ rc = value_match( &ret, a->a_desc, mra->ma_rule,
+ SLAP_MR_EXT, &nbv, &mra->ma_value, &text );
+
+ if ( nbv.bv_val != bv->bv_val ) {
+ memfree( nbv.bv_val, memctx );
+ }
+ }
+
+ if ( rc != LDAP_SUCCESS ) return rc;
+ if ( ret == 0 ) return LDAP_COMPARE_TRUE;
+ }
+ }
+
+ } else {
+ /*
+ * No attribute description: test all
+ */
+ for ( a = e->e_attrs; a != NULL; a = a->a_next ) {
+ struct berval *bv, value;
+ const char *text = NULL;
+ int rc;
+ int normalize_attribute = 0;
+
+ /* check if matching is appropriate */
+ if ( !mr_usable_with_at( mra->ma_rule, a->a_desc->ad_type ) ) {
+ continue;
+ }
+
+ /* normalize for equality */
+ rc = asserted_value_validate_normalize( a->a_desc, mra->ma_rule,
+ SLAP_MR_EXT|SLAP_MR_VALUE_OF_ASSERTION_SYNTAX,
+ &mra->ma_value, &value, &text, memctx );
+ if ( rc != LDAP_SUCCESS ) continue;
+
+ /* check search access */
+ if ( !access_allowed( op, e,
+ a->a_desc, &value, ACL_SEARCH, NULL ) )
+ {
+ memfree( value.bv_val, memctx );
+ continue;
+ }
+#ifdef LDAP_COMP_MATCH
+ /* Component Matching */
+ if ( mra->ma_cf &&
+ mra->ma_rule->smr_usage & SLAP_MR_COMPONENT )
+ {
+ int ret;
+
+ rc = value_match( &ret, a->a_desc, mra->ma_rule,
+ SLAP_MR_COMPONENT,
+ (struct berval*)a, (void*)mra, &text );
+ if ( rc != LDAP_SUCCESS ) break;
+
+ if ( ret == 0 ) {
+ rc = LDAP_COMPARE_TRUE;
+ break;
+ }
+
+ }
+#endif
+
+ /* check match */
+ if ( mra->ma_rule == a->a_desc->ad_type->sat_equality ) {
+ bv = a->a_nvals;
+
+ } else {
+ bv = a->a_vals;
+ normalize_attribute = 1;
+ }
+
+ for ( ; !BER_BVISNULL( bv ); bv++ ) {
+ int ret;
+ struct berval nbv = BER_BVNULL;
+
+ if ( normalize_attribute && mra->ma_rule->smr_normalize ) {
+ /* see comment above */
+ if ( mra->ma_rule->smr_normalize(
+ SLAP_MR_VALUE_OF_ATTRIBUTE_SYNTAX,
+ mra->ma_rule->smr_syntax,
+ mra->ma_rule,
+ bv, &nbv, memctx ) != LDAP_SUCCESS )
+ {
+ /* FIXME: stop processing? */
+ continue;
+ }
+
+ } else {
+ nbv = *bv;
+ }
+
+ rc = value_match( &ret, a->a_desc, mra->ma_rule,
+ SLAP_MR_EXT, &nbv, &value, &text );
+
+ if ( nbv.bv_val != bv->bv_val ) {
+ memfree( nbv.bv_val, memctx );
+ }
+
+ if ( rc != LDAP_SUCCESS ) break;
+
+ if ( ret == 0 ) {
+ rc = LDAP_COMPARE_TRUE;
+ break;
+ }
+ }
+ memfree( value.bv_val, memctx );
+ if ( rc != LDAP_SUCCESS ) return rc;
+ }
+ }
+
+ /* check attrs in DN AVAs if required */
+ if ( mra->ma_dnattrs && !BER_BVISEMPTY( &e->e_nname ) ) {
+ LDAPDN dn = NULL;
+ int iRDN, iAVA;
+ int rc;
+
+ /* parse and pretty the dn */
+ rc = dnPrettyDN( NULL, &e->e_name, &dn, memctx );
+ if ( rc != LDAP_SUCCESS ) {
+ return LDAP_INVALID_SYNTAX;
+ }
+
+ /* for each AVA of each RDN ... */
+ for ( iRDN = 0; dn[ iRDN ]; iRDN++ ) {
+ LDAPRDN rdn = dn[ iRDN ];
+
+ for ( iAVA = 0; rdn[ iAVA ]; iAVA++ ) {
+ LDAPAVA *ava = rdn[ iAVA ];
+ struct berval *bv = &ava->la_value,
+ value = BER_BVNULL,
+ nbv = BER_BVNULL;
+ AttributeDescription *ad =
+ (AttributeDescription *)ava->la_private;
+ int ret;
+ const char *text;
+
+ assert( ad != NULL );
+
+ if ( mra->ma_desc ) {
+ /* have a mra type? check for subtype */
+ if ( !is_ad_subtype( ad, mra->ma_desc ) ) {
+ continue;
+ }
+ value = mra->ma_value;
+
+ } else {
+ const char *text = NULL;
+
+ /* check if matching is appropriate */
+ if ( !mr_usable_with_at( mra->ma_rule, ad->ad_type ) ) {
+ continue;
+ }
+
+ /* normalize for equality */
+ rc = asserted_value_validate_normalize( ad,
+ mra->ma_rule,
+ SLAP_MR_EXT|SLAP_MR_VALUE_OF_ASSERTION_SYNTAX,
+ &mra->ma_value, &value, &text, memctx );
+ if ( rc != LDAP_SUCCESS ) continue;
+
+ /* check search access */
+ if ( !access_allowed( op, e,
+ ad, &value, ACL_SEARCH, NULL ) )
+ {
+ memfree( value.bv_val, memctx );
+ continue;
+ }
+ }
+
+ if ( mra->ma_rule->smr_normalize ) {
+ /* see comment above */
+ if ( mra->ma_rule->smr_normalize(
+ SLAP_MR_VALUE_OF_ATTRIBUTE_SYNTAX,
+ mra->ma_rule->smr_syntax,
+ mra->ma_rule,
+ bv, &nbv, memctx ) != LDAP_SUCCESS )
+ {
+ /* FIXME: stop processing? */
+ rc = LDAP_SUCCESS;
+ ret = -1;
+ goto cleanup;
+ }
+
+ } else {
+ nbv = *bv;
+ }
+
+ /* check match */
+ rc = value_match( &ret, ad, mra->ma_rule, SLAP_MR_EXT,
+ &nbv, &value, &text );
+
+cleanup:;
+ if ( !BER_BVISNULL( &value ) && value.bv_val != mra->ma_value.bv_val ) {
+ memfree( value.bv_val, memctx );
+ }
+
+ if ( !BER_BVISNULL( &nbv ) && nbv.bv_val != bv->bv_val ) {
+ memfree( nbv.bv_val, memctx );
+ }
+
+ if ( rc == LDAP_SUCCESS && ret == 0 ) rc = LDAP_COMPARE_TRUE;
+
+ if ( rc != LDAP_SUCCESS ) {
+ ldap_dnfree_x( dn, memctx );
+ return rc;
+ }