]> git.sur5r.net Git - openldap/blobdiff - servers/slapd/filter.c
projects / openldap / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
add function prototypes
[openldap] / servers / slapd / filter.c
diff --git a/servers/slapd/filter.c b/servers/slapd/filter.c
index 45a8d190e9b343bb9488670d3cb149dd4ab92356..ff9334639c6ace1a56ebe123cbe427e2a707ac9b 100644 (file)
--- a/servers/slapd/filter.c
+++ b/servers/slapd/filter.c
@@ -20,16 +20,12 @@ static int  get_filter_list(
        Filter **f,
        const char **text );
 
-static int     get_substring_filter(
+static int     get_ssa(
        Connection *conn,
        BerElement *ber,
-       Filter *f,
+       SubstringsAssertion **s,
        const char **text );
 
-static int filter_escape_value(
-       struct berval *in,
-       struct berval *out );
-
 static void simple_vrFilter2bv(
        ValuesReturnFilter *f,
        struct berval *fstr );
@@ -40,6 +36,9 @@ static int    get_simple_vrFilter(
        ValuesReturnFilter **f,
        const char **text );
 
+#ifdef SLAP_NVALUES
+#define XXX 1
+#endif
 
 int
 get_filter(
@@ -51,7 +50,7 @@ get_filter(
        ber_tag_t       tag;
        ber_len_t       len;
        int             err;
-       Filter          *f;
+       Filter          f;
 
 #ifdef NEW_LOGGING
        LDAP_LOG( FILTER, ENTRY, "get_filter: conn %d\n", conn->c_connid, 0, 0 );
@@ -98,13 +97,12 @@ get_filter(
                return SLAPD_DISCONNECT;
        }
 
-       f = (Filter *) ch_malloc( sizeof(Filter) );
-       f->f_next = NULL;
-
        err = LDAP_SUCCESS;
-       f->f_choice = tag; 
 
-       switch ( f->f_choice ) {
+       f.f_next = NULL;
+       f.f_choice = tag; 
+
+       switch ( f.f_choice ) {
        case LDAP_FILTER_EQUALITY:
 #ifdef NEW_LOGGING
                LDAP_LOG( FILTER, DETAIL2, 
@@ -112,12 +110,12 @@ get_filter(
 #else
                Debug( LDAP_DEBUG_FILTER, "EQUALITY\n", 0, 0, 0 );
 #endif
-               err = get_ava( ber, &f->f_ava, SLAP_MR_EQUALITY, text );
+               err = get_ava( ber, &f.f_ava, SLAP_MR_EQUALITY, text );
                if ( err != LDAP_SUCCESS ) {
                        break;
                }
 
-               assert( f->f_ava != NULL );
+               assert( f.f_ava != NULL );
                break;
 
        case LDAP_FILTER_SUBSTRINGS:
@@ -127,7 +125,11 @@ get_filter(
 #else
                Debug( LDAP_DEBUG_FILTER, "SUBSTRINGS\n", 0, 0, 0 );
 #endif
-               err = get_substring_filter( conn, ber, f, text );
+               err = get_ssa( conn, ber, &f.f_sub, text );
+               if( err != LDAP_SUCCESS ) {
+                       break;
+               }
+               assert( f.f_sub != NULL );
                break;
 
        case LDAP_FILTER_GE:
@@ -137,10 +139,11 @@ get_filter(
 #else
                Debug( LDAP_DEBUG_FILTER, "GE\n", 0, 0, 0 );
 #endif
-               err = get_ava( ber, &f->f_ava, SLAP_MR_ORDERING, text );
+               err = get_ava( ber, &f.f_ava, SLAP_MR_ORDERING, text );
                if ( err != LDAP_SUCCESS ) {
                        break;
                }
+               assert( f.f_ava != NULL );
                break;
 
        case LDAP_FILTER_LE:
@@ -150,10 +153,11 @@ get_filter(
 #else
                Debug( LDAP_DEBUG_FILTER, "LE\n", 0, 0, 0 );
 #endif
-               err = get_ava( ber, &f->f_ava, SLAP_MR_ORDERING, text );
+               err = get_ava( ber, &f.f_ava, SLAP_MR_ORDERING, text );
                if ( err != LDAP_SUCCESS ) {
                        break;
                }
+               assert( f.f_ava != NULL );
                break;
 
        case LDAP_FILTER_PRESENT: {
@@ -171,16 +175,18 @@ get_filter(
                        break;
                }
 
-               f->f_desc = NULL;
-               err = slap_bv2ad( &type, &f->f_desc, text );
+               f.f_desc = NULL;
+               err = slap_bv2ad( &type, &f.f_desc, text );
 
                if( err != LDAP_SUCCESS ) {
                        /* unrecognized attribute description or other error */
-                       f->f_choice = SLAPD_FILTER_COMPUTED;
-                       f->f_result = LDAP_COMPARE_FALSE;
+                       f.f_choice = SLAPD_FILTER_COMPUTED;
+                       f.f_result = LDAP_COMPARE_FALSE;
                        err = LDAP_SUCCESS;
                        break;
                }
+
+               assert( f.f_desc != NULL );
                } break;
 
        case LDAP_FILTER_APPROX:
@@ -190,10 +196,11 @@ get_filter(
 #else
                Debug( LDAP_DEBUG_FILTER, "APPROX\n", 0, 0, 0 );
 #endif
-               err = get_ava( ber, &f->f_ava, SLAP_MR_EQUALITY_APPROX, text );
+               err = get_ava( ber, &f.f_ava, SLAP_MR_EQUALITY_APPROX, text );
                if ( err != LDAP_SUCCESS ) {
                        break;
                }
+               assert( f.f_ava != NULL );
                break;
 
        case LDAP_FILTER_AND:
@@ -203,10 +210,11 @@ get_filter(
 #else
                Debug( LDAP_DEBUG_FILTER, "AND\n", 0, 0, 0 );
 #endif
-               err = get_filter_list( conn, ber, &f->f_and, text );
+               err = get_filter_list( conn, ber, &f.f_and, text );
                if ( err != LDAP_SUCCESS ) {
                        break;
                }
+               /* no assert - list could be empty */
                break;
 
        case LDAP_FILTER_OR:
@@ -216,10 +224,11 @@ get_filter(
 #else
                Debug( LDAP_DEBUG_FILTER, "OR\n", 0, 0, 0 );
 #endif
-               err = get_filter_list( conn, ber, &f->f_or, text );
+               err = get_filter_list( conn, ber, &f.f_or, text );
                if ( err != LDAP_SUCCESS ) {
                        break;
                }
+               /* no assert - list could be empty */
                break;
 
        case LDAP_FILTER_NOT:
@@ -230,10 +239,14 @@ get_filter(
                Debug( LDAP_DEBUG_FILTER, "NOT\n", 0, 0, 0 );
 #endif
                (void) ber_skip_tag( ber, &len );
-               err = get_filter( conn, ber, &f->f_not, text );
+               err = get_filter( conn, ber, &f.f_not, text );
                if ( err != LDAP_SUCCESS ) {
                        break;
                }
+
+#ifdef XXX
+               assert( f.f_not != NULL );
+#endif
                break;
 
        case LDAP_FILTER_EXT:
@@ -244,12 +257,14 @@ get_filter(
                Debug( LDAP_DEBUG_FILTER, "EXTENSIBLE\n", 0, 0, 0 );
 #endif
 
-               err = get_mra( ber, &f->f_mra, text );
+               err = get_mra( ber, &f.f_mra, text );
                if ( err != LDAP_SUCCESS ) {
                        break;
                }
 
-               assert( f->f_mra != NULL );
+#ifdef XXX
+               assert( f.f_mra != NULL );
+#endif
                break;
 
        default:
@@ -257,30 +272,26 @@ get_filter(
 #ifdef NEW_LOGGING
                LDAP_LOG( FILTER, ERR, 
                        "get_filter: conn %d unknown filter type=%lu\n",
-                       conn->c_connid, f->f_choice, 0 );
+                       conn->c_connid, f.f_choice, 0 );
 #else
                Debug( LDAP_DEBUG_ANY, "get_filter: unknown filter type=%lu\n",
-                       f->f_choice, 0, 0 );
+                       f.f_choice, 0, 0 );
 #endif
-               f->f_choice = SLAPD_FILTER_COMPUTED;
-               f->f_result = SLAPD_COMPARE_UNDEFINED;
+               f.f_choice = SLAPD_FILTER_COMPUTED;
+               f.f_result = SLAPD_COMPARE_UNDEFINED;
                break;
        }
 
-       if ( err != LDAP_SUCCESS ) {
-               if( err != SLAPD_DISCONNECT ) {
-                       /* ignore error */
-                       f->f_choice = SLAPD_FILTER_COMPUTED;
-                       f->f_result = SLAPD_COMPARE_UNDEFINED;
-                       err = LDAP_SUCCESS;
-                       *filt = f;
-
-               } else {
-                       free(f);
-               }
+       if( err != LDAP_SUCCESS && err != SLAPD_DISCONNECT ) {
+               /* ignore error */
+               f.f_choice = SLAPD_FILTER_COMPUTED;
+               f.f_result = SLAPD_COMPARE_UNDEFINED;
+               err = LDAP_SUCCESS;
+       }
 
-       } else {
-               *filt = f;
+       if ( err == LDAP_SUCCESS ) {
+               *filt = ch_malloc( sizeof(f) );
+               **filt = f;
        }
 
 #ifdef NEW_LOGGING
@@ -289,6 +300,7 @@ get_filter(
 #else
        Debug( LDAP_DEBUG_FILTER, "end get_filter %d\n", err, 0, 0 );
 #endif
+
        return( err );
 }
 
@@ -310,7 +322,8 @@ get_filter_list( Connection *conn, BerElement *ber,
        Debug( LDAP_DEBUG_FILTER, "begin get_filter_list\n", 0, 0, 0 );
 #endif
        new = f;
-       for ( tag = ber_first_element( ber, &len, &last ); tag != LBER_DEFAULT;
+       for ( tag = ber_first_element( ber, &len, &last );
+               tag != LBER_DEFAULT;
                tag = ber_next_element( ber, &len, last ) )
        {
                err = get_filter( conn, ber, new, text );
@@ -330,47 +343,48 @@ get_filter_list( Connection *conn, BerElement *ber,
 }
 
 static int
-get_substring_filter(
+get_ssa(
        Connection      *conn,
        BerElement      *ber,
-       Filter  *f,
+       SubstringsAssertion     **out,
        const char      **text )
 {
        ber_tag_t       tag;
        ber_len_t       len;
        ber_tag_t       rc;
-       struct berval value;
+       struct berval desc, value, nvalue;
        char            *last;
-       struct berval bv;
+       SubstringsAssertion ssa;
+
        *text = "error decoding filter";
 
 #ifdef NEW_LOGGING
        LDAP_LOG( FILTER, ENTRY, 
-               "get_substring_filter: conn %d  begin\n", conn->c_connid, 0, 0 );
+               "get_ssa: conn %d  begin\n", conn->c_connid, 0, 0 );
 #else
-       Debug( LDAP_DEBUG_FILTER, "begin get_substring_filter\n", 0, 0, 0 );
+       Debug( LDAP_DEBUG_FILTER, "begin get_ssa\n", 0, 0, 0 );
 #endif
-       if ( ber_scanf( ber, "{m" /*}*/, &bv ) == LBER_ERROR ) {
+       if ( ber_scanf( ber, "{m" /*}*/, &desc ) == LBER_ERROR ) {
                return SLAPD_DISCONNECT;
        }
 
-       f->f_sub = ch_calloc( 1, sizeof(SubstringsAssertion) );
-       f->f_sub_desc = NULL;
-       rc = slap_bv2ad( &bv, &f->f_sub_desc, text );
+       *text = NULL;
+
+       ssa.sa_desc = NULL;
+       ssa.sa_initial.bv_val = NULL;
+       ssa.sa_any = NULL;
+       ssa.sa_final.bv_val = NULL;
+
+       rc = slap_bv2ad( &desc, &ssa.sa_desc, text );
 
        if( rc != LDAP_SUCCESS ) {
-               text = NULL;
-               ch_free( f->f_sub );
-               f->f_choice = SLAPD_FILTER_COMPUTED;
-               f->f_result = SLAPD_COMPARE_UNDEFINED;
                return LDAP_SUCCESS;
        }
 
-       f->f_sub_initial.bv_val = NULL;
-       f->f_sub_any = NULL;
-       f->f_sub_final.bv_val = NULL;
+       rc = LDAP_PROTOCOL_ERROR;
 
-       for ( tag = ber_first_element( ber, &len, &last ); tag != LBER_DEFAULT;
+       for ( tag = ber_first_element( ber, &len, &last );
+               tag != LBER_DEFAULT;
                tag = ber_next_element( ber, &len, last ) )
        {
                unsigned usage;
@@ -411,23 +425,34 @@ get_substring_filter(
                                "  unknown substring choice=%ld\n",
                                (long) tag, 0, 0 );
 #endif
+
                        goto return_error;
                }
 
+#ifdef SLAP_NVALUES
+               /* validate/normalize using equality matching rule validator! */
+               rc = asserted_value_validate_normalize(
+                       ssa.sa_desc, ssa.sa_desc->ad_type->sat_equality,
+                       usage, &value, &nvalue, text );
+
+               if( rc != LDAP_SUCCESS ) {
+                       goto return_error;
+               }
+#else
                /* validate using equality matching rule validator! */
-               rc = value_validate( f->f_sub_desc->ad_type->sat_equality,
+               rc = value_validate( ssa.sa_desc->ad_type->sat_equality,
                        &value, text );
                if( rc != LDAP_SUCCESS ) {
                        goto return_error;
                }
 
-               rc = value_normalize( f->f_sub_desc, usage,
-                       &value, &bv, text );
+               rc = value_normalize( ssa.sa_desc, usage,
+                       &value, &nvalue, text );
+
                if( rc != LDAP_SUCCESS ) {
                        goto return_error;
                }
-
-               value = bv;
+#endif
 
                rc = LDAP_PROTOCOL_ERROR;
 
@@ -435,58 +460,61 @@ get_substring_filter(
                case LDAP_SUBSTRING_INITIAL:
 #ifdef NEW_LOGGING
                        LDAP_LOG( FILTER, DETAIL1,
-                               "get_substring_filter: conn %d  INITIAL\n", conn->c_connid, 0, 0 );
+                               "get_ssa: conn %d  INITIAL\n",
+                               conn->c_connid, 0, 0 );
 #else
                        Debug( LDAP_DEBUG_FILTER, "  INITIAL\n", 0, 0, 0 );
 #endif
 
-                       if ( f->f_sub_initial.bv_val != NULL
-                               || f->f_sub_any != NULL 
-                               || f->f_sub_final.bv_val != NULL )
+                       if ( ssa.sa_initial.bv_val != NULL
+                               || ssa.sa_any != NULL 
+                               || ssa.sa_final.bv_val != NULL )
                        {
-                               free( value.bv_val );
+                               free( nvalue.bv_val );
                                goto return_error;
                        }
 
-                       f->f_sub_initial = value;
+                       ssa.sa_initial = nvalue;
                        break;
 
                case LDAP_SUBSTRING_ANY:
 #ifdef NEW_LOGGING
                        LDAP_LOG( FILTER, DETAIL1,
-                               "get_substring_filter: conn %d  ANY\n", conn->c_connid, 0, 0 );
+                               "get_ssa: conn %d  ANY\n",
+                               conn->c_connid, 0, 0 );
 #else
                        Debug( LDAP_DEBUG_FILTER, "  ANY\n", 0, 0, 0 );
 #endif
 
-                       if ( f->f_sub_final.bv_val != NULL ) {
-                               free( value.bv_val );
+                       if ( ssa.sa_final.bv_val != NULL ) {
+                               free( nvalue.bv_val );
                                goto return_error;
                        }
 
-                       ber_bvarray_add( &f->f_sub_any, &value );
+                       ber_bvarray_add( &ssa.sa_any, &nvalue );
                        break;
 
                case LDAP_SUBSTRING_FINAL:
 #ifdef NEW_LOGGING
                        LDAP_LOG( FILTER, DETAIL1, 
-                               "get_substring_filter: conn %d  FINAL\n", conn->c_connid, 0, 0 );
+                               "get_ssa: conn %d  FINAL\n",
+                               conn->c_connid, 0, 0 );
 #else
                        Debug( LDAP_DEBUG_FILTER, "  FINAL\n", 0, 0, 0 );
 #endif
 
-                       if ( f->f_sub_final.bv_val != NULL ) {
-                               free( value.bv_val );
+                       if ( ssa.sa_final.bv_val != NULL ) {
+                               free( nvalue.bv_val );
                                goto return_error;
                        }
 
-                       f->f_sub_final = value;
+                       ssa.sa_final = nvalue;
                        break;
 
                default:
 #ifdef NEW_LOGGING
                        LDAP_LOG( FILTER, INFO, 
-                               "get_substring_filter: conn %d  unknown substring type %ld\n",
+                               "get_ssa: conn %d  unknown substring type %ld\n",
                                conn->c_connid, (long)tag, 0 );
 #else
                        Debug( LDAP_DEBUG_FILTER,
@@ -494,32 +522,40 @@ get_substring_filter(
                                (long) tag, 0, 0 );
 #endif
 
-                       free( value.bv_val );
+                       assert( 0 );
+                       free( nvalue.bv_val );
 
 return_error:
 #ifdef NEW_LOGGING
                        LDAP_LOG( FILTER, INFO, 
-                               "get_substring_filter: conn %d  error %ld\n",
+                               "get_ssa: conn %d  error %ld\n",
                                conn->c_connid, (long)rc, 0 );
 #else
                        Debug( LDAP_DEBUG_FILTER, "  error=%ld\n",
                                (long) rc, 0, 0 );
 #endif
-                       free( f->f_sub_initial.bv_val );
-                       ber_bvarray_free( f->f_sub_any );
-                       free( f->f_sub_final.bv_val );
-                       ch_free( f->f_sub );
+                       free( ssa.sa_initial.bv_val );
+                       ber_bvarray_free( ssa.sa_any );
+                       free( ssa.sa_final.bv_val );
                        return rc;
                }
+
+               rc = LDAP_SUCCESS;
+       }
+
+       if( rc == LDAP_SUCCESS ) {
+               *out = ch_malloc( sizeof( ssa ) );
+               **out = ssa;
        }
 
 #ifdef NEW_LOGGING
        LDAP_LOG( FILTER, ENTRY, 
-               "get_substring_filter: conn %d exit\n", conn->c_connid, 0, 0 );
+               "get_ssa: conn %d exit\n", conn->c_connid, 0, 0 );
 #else
-       Debug( LDAP_DEBUG_FILTER, "end get_substring_filter\n", 0, 0, 0 );
+       Debug( LDAP_DEBUG_FILTER, "end get_ssa\n", 0, 0, 0 );
 #endif
-       return( LDAP_SUCCESS );
+
+       return LDAP_SUCCESS;
 }
 
 void
@@ -602,7 +638,7 @@ filter2bv( Filter *f, struct berval *fstr )
 
                fstr->bv_len = f->f_av_desc->ad_cname.bv_len +
                        tmp.bv_len + ( sizeof("(=)") - 1 );
-               fstr->bv_val = malloc( fstr->bv_len + 1 );
+               fstr->bv_val = ch_malloc( fstr->bv_len + 1 );
 
                snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s=%s)",
                        f->f_av_desc->ad_cname.bv_val,
@@ -616,7 +652,7 @@ filter2bv( Filter *f, struct berval *fstr )
 
                fstr->bv_len = f->f_av_desc->ad_cname.bv_len +
                        tmp.bv_len + ( sizeof("(>=)") - 1 );
-               fstr->bv_val = malloc( fstr->bv_len + 1 );
+               fstr->bv_val = ch_malloc( fstr->bv_len + 1 );
 
                snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s>=%s)",
                        f->f_av_desc->ad_cname.bv_val,
@@ -630,7 +666,7 @@ filter2bv( Filter *f, struct berval *fstr )
 
                fstr->bv_len = f->f_av_desc->ad_cname.bv_len +
                        tmp.bv_len + ( sizeof("(<=)") - 1 );
-               fstr->bv_val = malloc( fstr->bv_len + 1 );
+               fstr->bv_val = ch_malloc( fstr->bv_len + 1 );
 
                snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s<=%s)",
                        f->f_av_desc->ad_cname.bv_val,
@@ -644,7 +680,7 @@ filter2bv( Filter *f, struct berval *fstr )
 
                fstr->bv_len = f->f_av_desc->ad_cname.bv_len +
                        tmp.bv_len + ( sizeof("(~=)") - 1 );
-               fstr->bv_val = malloc( fstr->bv_len + 1 );
+               fstr->bv_val = ch_malloc( fstr->bv_len + 1 );
 
                snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s~=%s)",
                        f->f_av_desc->ad_cname.bv_val,
@@ -655,7 +691,7 @@ filter2bv( Filter *f, struct berval *fstr )
        case LDAP_FILTER_SUBSTRINGS:
                fstr->bv_len = f->f_sub_desc->ad_cname.bv_len +
                        ( sizeof("(=*)") - 1 );
-               fstr->bv_val = malloc( fstr->bv_len + 128 );
+               fstr->bv_val = ch_malloc( fstr->bv_len + 128 );
 
                snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s=*)",
                        f->f_sub_desc->ad_cname.bv_val );
@@ -710,7 +746,7 @@ filter2bv( Filter *f, struct berval *fstr )
        case LDAP_FILTER_PRESENT:
                fstr->bv_len = f->f_desc->ad_cname.bv_len +
                        ( sizeof("(=*)") - 1 );
-               fstr->bv_val = malloc( fstr->bv_len + 1 );
+               fstr->bv_val = ch_malloc( fstr->bv_len + 1 );
 
                snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s=*)",
                        f->f_desc->ad_cname.bv_val );
@@ -720,7 +756,7 @@ filter2bv( Filter *f, struct berval *fstr )
        case LDAP_FILTER_OR:
        case LDAP_FILTER_NOT:
                fstr->bv_len = sizeof("(%)") - 1;
-               fstr->bv_val = malloc( fstr->bv_len + 128 );
+               fstr->bv_val = ch_malloc( fstr->bv_len + 128 );
 
                snprintf( fstr->bv_val, fstr->bv_len + 1, "(%c)",
                        f->f_choice == LDAP_FILTER_AND ? '&' :
@@ -757,7 +793,7 @@ filter2bv( Filter *f, struct berval *fstr )
                        ( f->f_mr_dnattrs ? sizeof(":dn")-1 : 0 ) +
                        ( f->f_mr_rule_text.bv_len ? f->f_mr_rule_text.bv_len+1 : 0 ) +
                        tmp.bv_len + ( sizeof("(:=)") - 1 );
-               fstr->bv_val = malloc( fstr->bv_len + 1 );
+               fstr->bv_val = ch_malloc( fstr->bv_len + 1 );
 
                snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s%s%s%s:=%s)",
                        ad.bv_val,
@@ -787,7 +823,8 @@ filter2bv( Filter *f, struct berval *fstr )
        }
 }
 
-static int filter_escape_value(
+int
+filter_escape_value(
        struct berval *in,
        struct berval *out )
 {
@@ -822,7 +859,7 @@ get_simple_vrFilter(
        ber_tag_t       tag;
        ber_len_t       len;
        int             err;
-       ValuesReturnFilter *vrf;
+       ValuesReturnFilter vrf;
 
 #ifdef NEW_LOGGING
        LDAP_LOG( FILTER, ENTRY, 
@@ -838,13 +875,12 @@ get_simple_vrFilter(
                return SLAPD_DISCONNECT;
        }
 
-       vrf = (ValuesReturnFilter *) ch_malloc( sizeof(ValuesReturnFilter) );
-       vrf->vrf_next = NULL;
+       vrf.vrf_next = NULL;
 
        err = LDAP_SUCCESS;
-       vrf->vrf_choice = tag; 
+       vrf.vrf_choice = tag; 
 
-       switch ( vrf->vrf_choice ) {
+       switch ( vrf.vrf_choice ) {
        case LDAP_FILTER_EQUALITY:
 #ifdef NEW_LOGGING
                LDAP_LOG( FILTER, DETAIL2, 
@@ -852,12 +888,12 @@ get_simple_vrFilter(
 #else
                Debug( LDAP_DEBUG_FILTER, "EQUALITY\n", 0, 0, 0 );
 #endif
-               err = get_ava( ber, &vrf->vrf_ava, SLAP_MR_EQUALITY, text );
+               err = get_ava( ber, &vrf.vrf_ava, SLAP_MR_EQUALITY, text );
                if ( err != LDAP_SUCCESS ) {
                        break;
                }
 
-               assert( vrf->vrf_ava != NULL );
+               assert( vrf.vrf_ava != NULL );
                break;
 
        case LDAP_FILTER_SUBSTRINGS:
@@ -867,7 +903,7 @@ get_simple_vrFilter(
 #else
                Debug( LDAP_DEBUG_FILTER, "SUBSTRINGS\n", 0, 0, 0 );
 #endif
-               err = get_substring_filter( conn, ber, (Filter *)vrf, text );
+               err = get_ssa( conn, ber, &vrf.vrf_sub, text );
                break;
 
        case LDAP_FILTER_GE:
@@ -877,7 +913,7 @@ get_simple_vrFilter(
 #else
                Debug( LDAP_DEBUG_FILTER, "GE\n", 0, 0, 0 );
 #endif
-               err = get_ava( ber, &vrf->vrf_ava, SLAP_MR_ORDERING, text );
+               err = get_ava( ber, &vrf.vrf_ava, SLAP_MR_ORDERING, text );
                if ( err != LDAP_SUCCESS ) {
                        break;
                }
@@ -890,7 +926,7 @@ get_simple_vrFilter(
 #else
                Debug( LDAP_DEBUG_FILTER, "LE\n", 0, 0, 0 );
 #endif
-               err = get_ava( ber, &vrf->vrf_ava, SLAP_MR_ORDERING, text );
+               err = get_ava( ber, &vrf.vrf_ava, SLAP_MR_ORDERING, text );
                if ( err != LDAP_SUCCESS ) {
                        break;
                }
@@ -911,13 +947,13 @@ get_simple_vrFilter(
                        break;
                }
 
-               vrf->vrf_desc = NULL;
-               err = slap_bv2ad( &type, &vrf->vrf_desc, text );
+               vrf.vrf_desc = NULL;
+               err = slap_bv2ad( &type, &vrf.vrf_desc, text );
 
                if( err != LDAP_SUCCESS ) {
                        /* unrecognized attribute description or other error */
-                       vrf->vrf_choice = SLAPD_FILTER_COMPUTED;
-                       vrf->vrf_result = LDAP_COMPARE_FALSE;
+                       vrf.vrf_choice = SLAPD_FILTER_COMPUTED;
+                       vrf.vrf_result = LDAP_COMPARE_FALSE;
                        err = LDAP_SUCCESS;
                        break;
                }
@@ -930,7 +966,7 @@ get_simple_vrFilter(
 #else
                Debug( LDAP_DEBUG_FILTER, "APPROX\n", 0, 0, 0 );
 #endif
-               err = get_ava( ber, &vrf->vrf_ava, SLAP_MR_EQUALITY_APPROX, text );
+               err = get_ava( ber, &vrf.vrf_ava, SLAP_MR_EQUALITY_APPROX, text );
                if ( err != LDAP_SUCCESS ) {
                        break;
                }
@@ -944,12 +980,12 @@ get_simple_vrFilter(
                Debug( LDAP_DEBUG_FILTER, "EXTENSIBLE\n", 0, 0, 0 );
 #endif
 
-               err = get_mra( ber, &vrf->vrf_mra, text );
+               err = get_mra( ber, &vrf.vrf_mra, text );
                if ( err != LDAP_SUCCESS ) {
                        break;
                }
 
-               assert( vrf->vrf_mra != NULL );
+               assert( vrf.vrf_mra != NULL );
                break;
 
        default:
@@ -957,30 +993,26 @@ get_simple_vrFilter(
 #ifdef NEW_LOGGING
                LDAP_LOG( FILTER, ERR, 
                        "get_simple_vrFilter: conn %d unknown filter type=%lu\n",
-                       conn->c_connid, vrf->vrf_choice, 0 );
+                       conn->c_connid, vrf.vrf_choice, 0 );
 #else
                Debug( LDAP_DEBUG_ANY, "get_simple_vrFilter: unknown filter type=%lu\n",
-                       vrf->vrf_choice, 0, 0 );
+                       vrf.vrf_choice, 0, 0 );
 #endif
-               vrf->vrf_choice = SLAPD_FILTER_COMPUTED;
-               vrf->vrf_result = SLAPD_COMPARE_UNDEFINED;
+               vrf.vrf_choice = SLAPD_FILTER_COMPUTED;
+               vrf.vrf_result = SLAPD_COMPARE_UNDEFINED;
                break;
        }
 
-       if ( err != LDAP_SUCCESS ) {
-               if( err != SLAPD_DISCONNECT ) {
-                       /* ignore error */
-                       vrf->vrf_choice = SLAPD_FILTER_COMPUTED;
-                       vrf->vrf_result = SLAPD_COMPARE_UNDEFINED;
-                       err = LDAP_SUCCESS;
-                       *filt = vrf;
-
-               } else {
-                       free(vrf);
-               }
+       if ( err != LDAP_SUCCESS && err != SLAPD_DISCONNECT ) {
+               /* ignore error */
+               vrf.vrf_choice = SLAPD_FILTER_COMPUTED;
+               vrf.vrf_result = SLAPD_COMPARE_UNDEFINED;
+               err = LDAP_SUCCESS;
+       }
 
-       } else {
-               *filt = vrf;
+       if ( err == LDAP_SUCCESS ) {
+               *filt = ch_malloc( sizeof vrf );
+               **filt = vrf;
        }
 
 #ifdef NEW_LOGGING
@@ -989,7 +1021,8 @@ get_simple_vrFilter(
 #else
        Debug( LDAP_DEBUG_FILTER, "end get_simple_vrFilter %d\n", err, 0, 0 );
 #endif
-       return( err );
+
+       return err;
 }
 
 int
@@ -1056,8 +1089,9 @@ get_vrFilter( Connection *conn, BerElement *ber,
                tag = ber_next_element( ber, &len, last ) )
        {
                int err = get_simple_vrFilter( conn, ber, n, text );
-               if ( err != LDAP_SUCCESS )
-                       return( err );
+
+               if ( err != LDAP_SUCCESS ) return( err );
+
                n = &(*n)->vrf_next;
        }
        *n = NULL;
@@ -1141,7 +1175,7 @@ vrFilter2bv( ValuesReturnFilter *vrf, struct berval *fstr )
        }
 
        fstr->bv_len = sizeof("()") - 1;
-       fstr->bv_val = malloc( fstr->bv_len + 128 );
+       fstr->bv_val = ch_malloc( fstr->bv_len + 128 );
 
        snprintf( fstr->bv_val, fstr->bv_len + 1, "()");
 
@@ -1177,7 +1211,7 @@ simple_vrFilter2bv( ValuesReturnFilter *vrf, struct berval *fstr )
 
                fstr->bv_len = vrf->vrf_av_desc->ad_cname.bv_len +
                        tmp.bv_len + ( sizeof("(=)") - 1 );
-               fstr->bv_val = malloc( fstr->bv_len + 1 );
+               fstr->bv_val = ch_malloc( fstr->bv_len + 1 );
 
                snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s=%s)",
                        vrf->vrf_av_desc->ad_cname.bv_val,
@@ -1191,7 +1225,7 @@ simple_vrFilter2bv( ValuesReturnFilter *vrf, struct berval *fstr )
 
                fstr->bv_len = vrf->vrf_av_desc->ad_cname.bv_len +
                        tmp.bv_len + ( sizeof("(>=)") - 1 );
-               fstr->bv_val = malloc( fstr->bv_len + 1 );
+               fstr->bv_val = ch_malloc( fstr->bv_len + 1 );
 
                snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s>=%s)",
                        vrf->vrf_av_desc->ad_cname.bv_val,
@@ -1205,7 +1239,7 @@ simple_vrFilter2bv( ValuesReturnFilter *vrf, struct berval *fstr )
 
                fstr->bv_len = vrf->vrf_av_desc->ad_cname.bv_len +
                        tmp.bv_len + ( sizeof("(<=)") - 1 );
-               fstr->bv_val = malloc( fstr->bv_len + 1 );
+               fstr->bv_val = ch_malloc( fstr->bv_len + 1 );
 
                snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s<=%s)",
                        vrf->vrf_av_desc->ad_cname.bv_val,
@@ -1219,7 +1253,7 @@ simple_vrFilter2bv( ValuesReturnFilter *vrf, struct berval *fstr )
 
                fstr->bv_len = vrf->vrf_av_desc->ad_cname.bv_len +
                        tmp.bv_len + ( sizeof("(~=)") - 1 );
-               fstr->bv_val = malloc( fstr->bv_len + 1 );
+               fstr->bv_val = ch_malloc( fstr->bv_len + 1 );
 
                snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s~=%s)",
                        vrf->vrf_av_desc->ad_cname.bv_val,
@@ -1230,7 +1264,7 @@ simple_vrFilter2bv( ValuesReturnFilter *vrf, struct berval *fstr )
        case LDAP_FILTER_SUBSTRINGS:
                fstr->bv_len = vrf->vrf_sub_desc->ad_cname.bv_len +
                        ( sizeof("(=*)") - 1 );
-               fstr->bv_val = malloc( fstr->bv_len + 128 );
+               fstr->bv_val = ch_malloc( fstr->bv_len + 128 );
 
                snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s=*)",
                        vrf->vrf_sub_desc->ad_cname.bv_val );
@@ -1286,7 +1320,7 @@ simple_vrFilter2bv( ValuesReturnFilter *vrf, struct berval *fstr )
        case LDAP_FILTER_PRESENT:
                fstr->bv_len = vrf->vrf_desc->ad_cname.bv_len +
                        ( sizeof("(=*)") - 1 );
-               fstr->bv_val = malloc( fstr->bv_len + 1 );
+               fstr->bv_val = ch_malloc( fstr->bv_len + 1 );
 
                snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s=*)",
                        vrf->vrf_desc->ad_cname.bv_val );
@@ -1307,7 +1341,7 @@ simple_vrFilter2bv( ValuesReturnFilter *vrf, struct berval *fstr )
                        ( vrf->vrf_mr_dnattrs ? sizeof(":dn")-1 : 0 ) +
                        ( vrf->vrf_mr_rule_text.bv_len ? vrf->vrf_mr_rule_text.bv_len+1 : 0 ) +
                        tmp.bv_len + ( sizeof("(:=)") - 1 );
-               fstr->bv_val = malloc( fstr->bv_len + 1 );
+               fstr->bv_val = ch_malloc( fstr->bv_len + 1 );
 
                snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s%s%s%s:=%s)",
                        ad.bv_val,
@@ -1338,6 +1372,7 @@ simple_vrFilter2bv( ValuesReturnFilter *vrf, struct berval *fstr )
        }
 }
 
+#if 0 /* unused */
 static int
 get_substring_vrFilter(
        Connection      *conn,
@@ -1423,6 +1458,15 @@ get_substring_vrFilter(
                        goto return_error;
                }
 
+#ifdef SLAP_NVALUES
+               /* validate/normalize using equality matching rule validator! */
+               rc = asserted_value_validate_normalize(
+                       vrf->vrf_sub_desc, vrf->vrf_sub_desc->ad_type->sat_equality,
+                       usage, &value, &bv, text );
+               if( rc != LDAP_SUCCESS ) {
+                       goto return_error;
+               }
+#else
                /* valiate using equality matching rule validator! */
                rc = value_validate( vrf->vrf_sub_desc->ad_type->sat_equality,
                        &value, text );
@@ -1435,6 +1479,7 @@ get_substring_vrFilter(
                if( rc != LDAP_SUCCESS ) {
                        goto return_error;
                }
+#endif
 
                value = bv;
 
@@ -1531,4 +1576,4 @@ return_error:
 #endif
        return( LDAP_SUCCESS );
 }
-
+#endif /* unused */
Cloned from git://git.openldap.org/openldap.git