/* $OpenLDAP$ */
-/*
- * Copyright 1999-2002 The OpenLDAP Foundation.
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1999-2004 The OpenLDAP Foundation.
* All rights reserved.
*
- * Redistribution and use in source and binary forms are permitted only
- * as authorized by the OpenLDAP Public License. A copy of this
- * license is available at http://www.OpenLDAP.org/license.html or
- * in file LICENSE in the top-level directory of the distribution.
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
*/
+
#include "portable.h"
#include <stdio.h>
#include "slap.h"
-#include "../../libraries/liblber/lber-int.h"
-
-static int test_mra_vrFilter(
- Backend *be,
- Connection *conn,
+static int
+test_mra_vrFilter(
Operation *op,
- Entry *e,
+ Attribute *a,
MatchingRuleAssertion *mra,
char ***e_flags
);
static int
test_substrings_vrFilter(
- Backend *be,
- Connection *conn,
Operation *op,
- Entry *e,
+ Attribute *a,
ValuesReturnFilter *f,
char ***e_flags
);
static int
test_presence_vrFilter(
- Backend *be,
- Connection *conn,
Operation *op,
- Entry *e,
+ Attribute *a,
AttributeDescription *desc,
char ***e_flags
);
static int
test_ava_vrFilter(
- Backend *be,
- Connection *conn,
Operation *op,
- Entry *e,
+ Attribute *a,
AttributeAssertion *ava,
int type,
char ***e_flags
int
filter_matched_values(
- Backend *be,
- Connection *conn,
Operation *op,
- Entry *e,
+ Attribute *a,
char ***e_flags
)
{
- ValuesReturnFilter *f;
+ ValuesReturnFilter *vrf;
int rc = LDAP_SUCCESS;
#ifdef NEW_LOGGING
- LDAP_LOG(( "filter", LDAP_LEVEL_ENTRY,
- "filter_matched_values: begin\n" ));
+ LDAP_LOG( FILTER, ENTRY, "filter_matched_values: begin\n", 0, 0, 0 );
#else
Debug( LDAP_DEBUG_FILTER, "=> filter_matched_values\n", 0, 0, 0 );
#endif
- for ( f = op->vrFilter; f != NULL; f = f->f_next ) {
- switch ( f->f_choice ) {
+ for ( vrf = op->o_vrFilter; vrf != NULL; vrf = vrf->vrf_next ) {
+ switch ( vrf->vrf_choice ) {
case SLAPD_FILTER_COMPUTED:
#ifdef NEW_LOGGING
- LDAP_LOG(( "filter", LDAP_LEVEL_DETAIL1,
+ LDAP_LOG( FILTER, DETAIL1,
"test_vrFilter: COMPUTED %s (%d)\n",
- f->f_result == LDAP_COMPARE_FALSE ? "false" :
- f->f_result == LDAP_COMPARE_TRUE ? "true" :
- f->f_result == SLAPD_COMPARE_UNDEFINED ? "undefined" :
- "error",
- f->f_result ));
+ vrf->vrf_result == LDAP_COMPARE_FALSE ? "false" :
+ vrf->vrf_result == LDAP_COMPARE_TRUE ? "true" :
+ vrf->vrf_result == SLAPD_COMPARE_UNDEFINED ? "undefined" :
+ "error", vrf->vrf_result, 0 );
#else
Debug( LDAP_DEBUG_FILTER, " COMPUTED %s (%d)\n",
- f->f_result == LDAP_COMPARE_FALSE ? "false" :
- f->f_result == LDAP_COMPARE_TRUE ? "true" :
- f->f_result == SLAPD_COMPARE_UNDEFINED ? "undefined" : "error",
- f->f_result, 0 );
+ vrf->vrf_result == LDAP_COMPARE_FALSE ? "false" :
+ vrf->vrf_result == LDAP_COMPARE_TRUE ? "true" :
+ vrf->vrf_result == SLAPD_COMPARE_UNDEFINED ? "undefined" : "error",
+ vrf->vrf_result, 0 );
#endif
/*This type of filter does not affect the result */
rc = LDAP_SUCCESS;
case LDAP_FILTER_EQUALITY:
#ifdef NEW_LOGGING
- LDAP_LOG(( "filter", LDAP_LEVEL_DETAIL1,
- "test_vrFilter: EQUALITY\n" ));
+ LDAP_LOG( FILTER, DETAIL1, "test_vrFilter: EQUALITY\n", 0, 0, 0 );
#else
Debug( LDAP_DEBUG_FILTER, " EQUALITY\n", 0, 0, 0 );
#endif
- rc = test_ava_vrFilter( be, conn, op, e, f->f_ava,
+ rc = test_ava_vrFilter( op, a, vrf->vrf_ava,
LDAP_FILTER_EQUALITY, e_flags );
if( rc == -1 ) {
return rc;
case LDAP_FILTER_SUBSTRINGS:
#ifdef NEW_LOGGING
- LDAP_LOG(( "filter", LDAP_LEVEL_DETAIL1,
- "test_vrFilter SUBSTRINGS\n" ));
+ LDAP_LOG( FILTER, DETAIL1, "test_vrFilter SUBSTRINGS\n", 0, 0, 0 );
#else
Debug( LDAP_DEBUG_FILTER, " SUBSTRINGS\n", 0, 0, 0 );
#endif
- rc = test_substrings_vrFilter( be, conn, op, e,
- f, e_flags );
+ rc = test_substrings_vrFilter( op, a,
+ vrf, e_flags );
if( rc == -1 ) {
return rc;
}
case LDAP_FILTER_PRESENT:
#ifdef NEW_LOGGING
- LDAP_LOG(( "filter", LDAP_LEVEL_DETAIL1,
- "test_vrFilter: PRESENT\n" ));
+ LDAP_LOG( FILTER, DETAIL1, "test_vrFilter: PRESENT\n", 0, 0, 0 );
#else
Debug( LDAP_DEBUG_FILTER, " PRESENT\n", 0, 0, 0 );
#endif
- rc = test_presence_vrFilter( be, conn, op, e,
- f->f_desc, e_flags );
+ rc = test_presence_vrFilter( op, a,
+ vrf->vrf_desc, e_flags );
if( rc == -1 ) {
return rc;
}
break;
case LDAP_FILTER_GE:
- rc = test_ava_vrFilter( be, conn, op, e, f->f_ava,
+ rc = test_ava_vrFilter( op, a, vrf->vrf_ava,
LDAP_FILTER_GE, e_flags );
if( rc == -1 ) {
return rc;
break;
case LDAP_FILTER_LE:
- rc = test_ava_vrFilter( be, conn, op, e, f->f_ava,
+ rc = test_ava_vrFilter( op, a, vrf->vrf_ava,
LDAP_FILTER_LE, e_flags );
if( rc == -1 ) {
return rc;
case LDAP_FILTER_EXT:
#ifdef NEW_LOGGING
- LDAP_LOG(( "filter", LDAP_LEVEL_DETAIL1,
- "test_vrFilter: EXT\n" ));
+ LDAP_LOG( FILTER, DETAIL1, "test_vrFilter: EXT\n", 0, 0, 0 );
#else
Debug( LDAP_DEBUG_FILTER, " EXT\n", 0, 0, 0 );
#endif
- rc = test_mra_vrFilter( be, conn, op, e,
- f->f_mra, e_flags );
+ rc = test_mra_vrFilter( op, a,
+ vrf->vrf_mra, e_flags );
if( rc == -1 ) {
return rc;
}
default:
#ifdef NEW_LOGGING
- LDAP_LOG(( "filter", LDAP_LEVEL_INFO,
- "test_vrFilter: unknown filter type %lu\n",
- f->f_choice ));
+ LDAP_LOG( FILTER, INFO,
+ "test_vrFilter: unknown filter type %lu\n", vrf->vrf_choice, 0, 0 );
#else
Debug( LDAP_DEBUG_ANY, " unknown filter type %lu\n",
- f->f_choice, 0, 0 );
+ vrf->vrf_choice, 0, 0 );
#endif
rc = LDAP_PROTOCOL_ERROR;
}
}
#ifdef NEW_LOGGING
- LDAP_LOG(( "filter", LDAP_LEVEL_ENTRY,
- "filter_matched_values: return=%d\n", rc ));
+ LDAP_LOG( FILTER, ENTRY, "filter_matched_values: return=%d\n", rc, 0, 0 );
#else
Debug( LDAP_DEBUG_FILTER, "<= filter_matched_values %d\n", rc, 0, 0 );
#endif
static int
test_ava_vrFilter(
- Backend *be,
- Connection *conn,
- Operation *op,
- Entry *e,
+ Operation *op,
+ Attribute *a,
AttributeAssertion *ava,
- int type,
- char ***e_flags
+ int type,
+ char ***e_flags
)
{
int i, j;
- Attribute *a;
-
- if ( !access_allowed( be, conn, op, e,
- ava->aa_desc, &ava->aa_value, ACL_SEARCH, NULL ) )
- {
- return LDAP_INSUFFICIENT_ACCESS;
- }
- for (a = e->e_attrs, i=0; a != NULL; a = a->a_next, i++ ) {
+ for ( i=0; a != NULL; a = a->a_next, i++ ) {
MatchingRule *mr;
struct berval *bv;
case LDAP_FILTER_APPROX:
mr = a->a_desc->ad_type->sat_approx;
if( mr != NULL ) break;
+ /* use EQUALITY matching rule if no APPROX rule */
- /* use EQUALITY matching rule if no APPROX rule */
case LDAP_FILTER_EQUALITY:
mr = a->a_desc->ad_type->sat_equality;
break;
mr = NULL;
}
- if( mr == NULL ) {
- continue;
-
- }
+ if( mr == NULL ) continue;
- for ( bv = a->a_vals, j=0; bv->bv_val != NULL; bv++, j++ ) {
+ bv = a->a_nvals;
+ for ( j=0; bv->bv_val != NULL; bv++, j++ ) {
int ret;
int rc;
const char *text;
- rc = value_match( &ret, a->a_desc, mr,
- SLAP_MR_ASSERTION_SYNTAX_MATCH, bv, &ava->aa_value, &text );
+ rc = value_match( &ret, a->a_desc, mr, 0,
+ bv, &ava->aa_value, &text );
if( rc != LDAP_SUCCESS ) {
return rc;
}
static int
test_presence_vrFilter(
- Backend *be,
- Connection *conn,
- Operation *op,
- Entry *e,
- AttributeDescription *desc,
- char ***e_flags
+ Operation *op,
+ Attribute *a,
+ AttributeDescription *desc,
+ char ***e_flags
)
{
int i, j;
- Attribute *a;
-
- if ( !access_allowed( be, conn, op, e, desc, NULL, ACL_SEARCH, NULL ) ) {
- return LDAP_INSUFFICIENT_ACCESS;
- }
- for (a = e->e_attrs, i=0; a != NULL; a = a->a_next, i++ ) {
+ for ( i=0; a != NULL; a = a->a_next, i++ ) {
struct berval *bv;
if ( !is_ad_subtype( a->a_desc, desc ) ) {
static int
test_substrings_vrFilter(
- Backend *be,
- Connection *conn,
- Operation *op,
- Entry *e,
- ValuesReturnFilter *f,
- char ***e_flags
+ Operation *op,
+ Attribute *a,
+ ValuesReturnFilter *vrf,
+ char ***e_flags
)
{
int i, j;
- Attribute *a;
-
- if ( !access_allowed( be, conn, op, e,
- f->f_sub_desc, NULL, ACL_SEARCH, NULL ) )
- {
- return LDAP_INSUFFICIENT_ACCESS;
- }
- for (a = e->e_attrs, i=0; a != NULL; a = a->a_next, i++ ) {
+ for ( i=0; a != NULL; a = a->a_next, i++ ) {
MatchingRule *mr = a->a_desc->ad_type->sat_substr;
struct berval *bv;
- if ( !is_ad_subtype( a->a_desc, f->f_sub_desc ) ) {
+ if ( !is_ad_subtype( a->a_desc, vrf->vrf_sub_desc ) ) {
continue;
}
continue;
}
- for ( bv = a->a_vals, j = 0; bv->bv_val != NULL; bv++, j++ ) {
+ bv = a->a_nvals;
+ for ( j = 0; bv->bv_val != NULL; bv++, j++ ) {
int ret;
int rc;
const char *text;
- rc = value_match( &ret, a->a_desc, mr,
- SLAP_MR_ASSERTION_SYNTAX_MATCH,
- bv, f->f_sub, &text );
+ rc = value_match( &ret, a->a_desc, mr, 0,
+ bv, vrf->vrf_sub, &text );
if( rc != LDAP_SUCCESS ) {
return rc;
return LDAP_SUCCESS;
}
-static int test_mra_vrFilter(
- Backend *be,
- Connection *conn,
+static int
+test_mra_vrFilter(
Operation *op,
- Entry *e,
+ Attribute *a,
MatchingRuleAssertion *mra,
char ***e_flags
)
{
int i, j;
- Attribute *a;
- if( !access_allowed( be, conn, op, e,
- mra->ma_desc, &mra->ma_value, ACL_SEARCH, NULL ) )
- {
- return LDAP_INSUFFICIENT_ACCESS;
- }
+ for ( i=0; a != NULL; a = a->a_next, i++ ) {
+ struct berval *bv, value;
- for (a = e->e_attrs, i=0; a != NULL; a = a->a_next, i++ ) {
- struct berval *bv;
-
- if ( !is_ad_subtype( a->a_desc, mra->ma_desc ) ) {
- return( LDAP_SUCCESS );
+ if ( mra->ma_desc ) {
+ if ( !is_ad_subtype( a->a_desc, mra->ma_desc ) ) {
+ continue;
+ }
+ value = mra->ma_value;
+
+ } else {
+ int rc;
+ const char *text = NULL;
+
+ /* check if matching is appropriate */
+ if ( strcmp( mra->ma_rule->smr_syntax->ssyn_oid,
+ a->a_desc->ad_type->sat_syntax->ssyn_oid ) != 0 ) {
+ continue;
+ }
+
+ rc = asserted_value_validate_normalize( a->a_desc, mra->ma_rule,
+ SLAP_MR_EXT|SLAP_MR_VALUE_OF_ASSERTION_SYNTAX,
+ &mra->ma_value, &value, &text, op->o_tmpmemctx );
+
+ if( rc != LDAP_SUCCESS ) continue;
}
- for ( bv = a->a_vals, j = 0; bv->bv_val != NULL; bv++, j++ ) {
+ bv = a->a_nvals;
+ for ( j = 0; bv->bv_val != NULL; bv++, j++ ) {
int ret;
int rc;
const char *text;
- rc = value_match( &ret, a->a_desc, mra->ma_rule,
- SLAP_MR_ASSERTION_SYNTAX_MATCH,
- bv, &mra->ma_value,
- &text );
-
+ rc = value_match( &ret, a->a_desc, mra->ma_rule, 0,
+ bv, &value, &text );
if( rc != LDAP_SUCCESS ) {
return rc;
}
- if ( ret ) {
+ if ( ret == 0 ) {
(*e_flags)[i][j] = 1;
}
}