Clean up include logging

[openldap] / servers / slapd / filterentry.c
diff --git a/servers/slapd/filterentry.c b/servers/slapd/filterentry.c

index 83edbc6bb42172d2d161f4290db27bfb23de3f9c..deb47e4b8099b2b8a7790e819be9213b02e29260 100644 (file)
--- a/servers/slapd/filterentry.c
+++ b/servers/slapd/filterentry.c
@@ -171,6 +171,9 @@ test_filter(
  
                 rc = test_filter( be, conn, op, e, f->f_not );
  
+               /* Flip true to false and false to true
+                * but leave Undefined alone.
+                */
                 switch( rc ) {
                 case LDAP_COMPARE_TRUE:
                         rc = LDAP_COMPARE_FALSE;
@@ -181,7 +184,6 @@ test_filter(
                 }
                 break;
  
-#ifdef SLAPD_EXT_FILTERS
         case LDAP_FILTER_EXT:
  #ifdef NEW_LOGGING
                 LDAP_LOG(( "filter", LDAP_LEVEL_DETAIL1,
@@ -192,7 +194,6 @@ test_filter(
  
                 rc = test_mra_filter( be, conn, op, e, f->f_mra );
                 break;
-#endif
  
         default:
  #ifdef NEW_LOGGING
@@ -217,6 +218,58 @@ test_filter(
         return( rc );
  }
  
+static int test_mra_filter(
+       Backend *be,
+       Connection *conn,
+       Operation *op,
+       Entry *e,
+       MatchingRuleAssertion *mra )
+{
+       int             i;
+       Attribute       *a;
+
+       if( !access_allowed( be, conn, op, e,
+               mra->ma_desc, mra->ma_value, ACL_SEARCH ) )
+       {
+               return LDAP_INSUFFICIENT_ACCESS;
+       }
+
+       if( strcmp(mra->ma_rule->smr_syntax->ssyn_oid,
+               mra->ma_desc->ad_type->sat_syntax->ssyn_oid) != 0)
+       {
+               return LDAP_INVALID_SYNTAX;
+       }
+
+       if( mra->ma_rule == NULL )
+       {
+               return LDAP_INAPPROPRIATE_MATCHING;
+       }
+
+       for(a = attrs_find( e->e_attrs, mra->ma_desc );
+               a != NULL;
+               a = attrs_find( a->a_next, mra->ma_desc ) )
+       {
+               for ( i = 0; a->a_vals[i] != NULL; i++ ) {
+                       int ret;
+                       int rc;
+                       const char *text;
+
+                       rc = value_match( &ret, a->a_desc, mra->ma_rule, 0,
+                               a->a_vals[i], mra->ma_value,
+                               &text );
+
+                       if( rc != LDAP_SUCCESS ) {
+                               return rc;
+                       }
+
+                       if ( ret ) {
+                               return LDAP_COMPARE_TRUE;
+                       }
+               }
+       }
+
+       return LDAP_COMPARE_FALSE;
+}
  
  static int
  test_ava_filter(
@@ -231,7 +284,7 @@ test_ava_filter(
         int             i;
         Attribute       *a;
  
-       if ( be != NULL && ! access_allowed( be, conn, op, e,
+       if ( !access_allowed( be, conn, op, e,
                 ava->aa_desc, ava->aa_value, ACL_SEARCH ) )
         {
                 return LDAP_INSUFFICIENT_ACCESS;
@@ -316,8 +369,7 @@ test_presence_filter(
         AttributeDescription *desc
  )
  {
-       if ( be != NULL && ! access_allowed( be, conn, op, e,
-               desc, NULL, ACL_SEARCH ) )
+       if ( !access_allowed( be, conn, op, e, desc, NULL, ACL_SEARCH ) )
         {
                 return LDAP_INSUFFICIENT_ACCESS;
         }
@@ -337,7 +389,7 @@ test_filter_and(
  )
  {
         Filter  *f;
-       int rtn = LDAP_COMPARE_TRUE;
+       int rtn = LDAP_COMPARE_TRUE; /* True if empty */
  
  #ifdef NEW_LOGGING
         LDAP_LOG(( "filter", LDAP_LEVEL_ENTRY,
@@ -351,11 +403,13 @@ test_filter_and(
                 int rc = test_filter( be, conn, op, e, f );
  
                 if ( rc == LDAP_COMPARE_FALSE ) {
+                       /* filter is False */
                         rtn = rc;
                         break;
                 }
  
                 if ( rc != LDAP_COMPARE_TRUE ) {
+                       /* filter is Undefined unless later elements are False */
                         rtn = rc;
                 }
         }
@@ -380,7 +434,7 @@ test_filter_or(
  )
  {
         Filter  *f;
-       int rtn = LDAP_COMPARE_FALSE;
+       int rtn = LDAP_COMPARE_FALSE; /* False if empty */
  
  #ifdef NEW_LOGGING
         LDAP_LOG(( "filter", LDAP_LEVEL_ENTRY,
@@ -394,11 +448,13 @@ test_filter_or(
                 int rc = test_filter( be, conn, op, e, f );
  
                 if ( rc == LDAP_COMPARE_TRUE ) {
+                       /* filter is True */
                         rtn = rc;
                         break;
                 }
  
                 if ( rc != LDAP_COMPARE_FALSE ) {
+                       /* filter is Undefined unless later elements are True */
                         rtn = rc;
                 }
         }
@@ -433,7 +489,7 @@ test_substrings_filter(
  #endif
  
  
-       if ( be != NULL && ! access_allowed( be, conn, op, e,
+       if ( !access_allowed( be, conn, op, e,
                 f->f_sub_desc, NULL, ACL_SEARCH ) )
         {
                 return LDAP_INSUFFICIENT_ACCESS;