/* $OpenLDAP$ */
-/*
- * Copyright 1999-2002 The OpenLDAP Foundation.
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1999-2013 The OpenLDAP Foundation.
* All rights reserved.
*
- * Redistribution and use in source and binary forms are permitted only
- * as authorized by the OpenLDAP Public License. A copy of this
- * license is available at http://www.OpenLDAP.org/license.html or
- * in file LICENSE in the top-level directory of the distribution.
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
*/
+
#include "portable.h"
#include <stdio.h>
#include "slap.h"
-#include "../../libraries/liblber/lber-int.h"
-
-static int test_mra_vrFilter(
- Backend *be,
- Connection *conn,
+static int
+test_mra_vrFilter(
Operation *op,
- Entry *e,
+ Attribute *a,
MatchingRuleAssertion *mra,
char ***e_flags
);
static int
test_substrings_vrFilter(
- Backend *be,
- Connection *conn,
Operation *op,
- Entry *e,
+ Attribute *a,
ValuesReturnFilter *f,
char ***e_flags
);
static int
test_presence_vrFilter(
- Backend *be,
- Connection *conn,
Operation *op,
- Entry *e,
+ Attribute *a,
AttributeDescription *desc,
char ***e_flags
);
static int
test_ava_vrFilter(
- Backend *be,
- Connection *conn,
Operation *op,
- Entry *e,
+ Attribute *a,
AttributeAssertion *ava,
int type,
char ***e_flags
int
filter_matched_values(
- Backend *be,
- Connection *conn,
Operation *op,
- Entry *e,
- char ***e_flags
-)
+ Attribute *a,
+ char ***e_flags )
{
- ValuesReturnFilter *f;
+ ValuesReturnFilter *vrf;
int rc = LDAP_SUCCESS;
-#ifdef NEW_LOGGING
- LDAP_LOG(( "filter", LDAP_LEVEL_ENTRY,
- "filter_matched_values: begin\n" ));
-#else
Debug( LDAP_DEBUG_FILTER, "=> filter_matched_values\n", 0, 0, 0 );
-#endif
- for ( f = op->vrFilter; f != NULL; f = f->f_next ) {
- switch ( f->f_choice ) {
+ for ( vrf = op->o_vrFilter; vrf != NULL; vrf = vrf->vrf_next ) {
+ switch ( vrf->vrf_choice ) {
case SLAPD_FILTER_COMPUTED:
-#ifdef NEW_LOGGING
- LDAP_LOG(( "filter", LDAP_LEVEL_DETAIL1,
- "test_vrFilter: COMPUTED %s (%d)\n",
- f->f_result == LDAP_COMPARE_FALSE ? "false" :
- f->f_result == LDAP_COMPARE_TRUE ? "true" :
- f->f_result == SLAPD_COMPARE_UNDEFINED ? "undefined" :
- "error",
- f->f_result ));
-#else
Debug( LDAP_DEBUG_FILTER, " COMPUTED %s (%d)\n",
- f->f_result == LDAP_COMPARE_FALSE ? "false" :
- f->f_result == LDAP_COMPARE_TRUE ? "true" :
- f->f_result == SLAPD_COMPARE_UNDEFINED ? "undefined" : "error",
- f->f_result, 0 );
-#endif
+ vrf->vrf_result == LDAP_COMPARE_FALSE ? "false"
+ : vrf->vrf_result == LDAP_COMPARE_TRUE ? "true"
+ : vrf->vrf_result == SLAPD_COMPARE_UNDEFINED ? "undefined"
+ : "error",
+ vrf->vrf_result, 0 );
/*This type of filter does not affect the result */
rc = LDAP_SUCCESS;
break;
case LDAP_FILTER_EQUALITY:
-#ifdef NEW_LOGGING
- LDAP_LOG(( "filter", LDAP_LEVEL_DETAIL1,
- "test_vrFilter: EQUALITY\n" ));
-#else
Debug( LDAP_DEBUG_FILTER, " EQUALITY\n", 0, 0, 0 );
-#endif
- rc = test_ava_vrFilter( be, conn, op, e, f->f_ava,
+ rc = test_ava_vrFilter( op, a, vrf->vrf_ava,
LDAP_FILTER_EQUALITY, e_flags );
- if( rc == -1 ) {
- return rc;
- }
+ if( rc == -1 ) return rc;
break;
case LDAP_FILTER_SUBSTRINGS:
-#ifdef NEW_LOGGING
- LDAP_LOG(( "filter", LDAP_LEVEL_DETAIL1,
- "test_vrFilter SUBSTRINGS\n" ));
-#else
Debug( LDAP_DEBUG_FILTER, " SUBSTRINGS\n", 0, 0, 0 );
-#endif
-
- rc = test_substrings_vrFilter( be, conn, op, e,
- f, e_flags );
- if( rc == -1 ) {
- return rc;
- }
+ rc = test_substrings_vrFilter( op, a,
+ vrf, e_flags );
+ if( rc == -1 ) return rc;
break;
case LDAP_FILTER_PRESENT:
-#ifdef NEW_LOGGING
- LDAP_LOG(( "filter", LDAP_LEVEL_DETAIL1,
- "test_vrFilter: PRESENT\n" ));
-#else
Debug( LDAP_DEBUG_FILTER, " PRESENT\n", 0, 0, 0 );
-#endif
- rc = test_presence_vrFilter( be, conn, op, e,
- f->f_desc, e_flags );
- if( rc == -1 ) {
- return rc;
- }
+ rc = test_presence_vrFilter( op, a,
+ vrf->vrf_desc, e_flags );
+ if( rc == -1 ) return rc;
break;
case LDAP_FILTER_GE:
- rc = test_ava_vrFilter( be, conn, op, e, f->f_ava,
+ rc = test_ava_vrFilter( op, a, vrf->vrf_ava,
LDAP_FILTER_GE, e_flags );
- if( rc == -1 ) {
- return rc;
- }
+ if( rc == -1 ) return rc;
break;
case LDAP_FILTER_LE:
- rc = test_ava_vrFilter( be, conn, op, e, f->f_ava,
+ rc = test_ava_vrFilter( op, a, vrf->vrf_ava,
LDAP_FILTER_LE, e_flags );
- if( rc == -1 ) {
- return rc;
- }
+ if( rc == -1 ) return rc;
break;
case LDAP_FILTER_EXT:
-#ifdef NEW_LOGGING
- LDAP_LOG(( "filter", LDAP_LEVEL_DETAIL1,
- "test_vrFilter: EXT\n" ));
-#else
Debug( LDAP_DEBUG_FILTER, " EXT\n", 0, 0, 0 );
-#endif
- rc = test_mra_vrFilter( be, conn, op, e,
- f->f_mra, e_flags );
- if( rc == -1 ) {
- return rc;
- }
+ rc = test_mra_vrFilter( op, a,
+ vrf->vrf_mra, e_flags );
+ if( rc == -1 ) return rc;
break;
default:
-#ifdef NEW_LOGGING
- LDAP_LOG(( "filter", LDAP_LEVEL_INFO,
- "test_vrFilter: unknown filter type %lu\n",
- f->f_choice ));
-#else
Debug( LDAP_DEBUG_ANY, " unknown filter type %lu\n",
- f->f_choice, 0, 0 );
-#endif
+ vrf->vrf_choice, 0, 0 );
rc = LDAP_PROTOCOL_ERROR;
- }
+ }
}
-#ifdef NEW_LOGGING
- LDAP_LOG(( "filter", LDAP_LEVEL_ENTRY,
- "filter_matched_values: return=%d\n", rc ));
-#else
Debug( LDAP_DEBUG_FILTER, "<= filter_matched_values %d\n", rc, 0, 0 );
-#endif
return( rc );
}
static int
test_ava_vrFilter(
- Backend *be,
- Connection *conn,
- Operation *op,
- Entry *e,
+ Operation *op,
+ Attribute *a,
AttributeAssertion *ava,
- int type,
- char ***e_flags
-)
+ int type,
+ char ***e_flags )
{
int i, j;
- Attribute *a;
-
- if ( !access_allowed( be, conn, op, e,
- ava->aa_desc, &ava->aa_value, ACL_SEARCH, NULL ) )
- {
- return LDAP_INSUFFICIENT_ACCESS;
- }
-
- for (a = e->e_attrs, i=0; a != NULL; a = a->a_next, i++ ) {
+ for ( i=0; a != NULL; a = a->a_next, i++ ) {
MatchingRule *mr;
struct berval *bv;
case LDAP_FILTER_APPROX:
mr = a->a_desc->ad_type->sat_approx;
if( mr != NULL ) break;
+ /* use EQUALITY matching rule if no APPROX rule */
- /* use EQUALITY matching rule if no APPROX rule */
case LDAP_FILTER_EQUALITY:
mr = a->a_desc->ad_type->sat_equality;
break;
mr = NULL;
}
- if( mr == NULL ) {
- continue;
-
- }
+ if( mr == NULL ) continue;
- for ( bv = a->a_vals, j=0; bv->bv_val != NULL; bv++, j++ ) {
- int ret;
- int rc;
+ bv = a->a_nvals;
+ for ( j=0; !BER_BVISNULL( bv ); bv++, j++ ) {
+ int rc, match;
const char *text;
- rc = value_match( &ret, a->a_desc, mr,
- SLAP_MR_ASSERTION_SYNTAX_MATCH, bv, &ava->aa_value, &text );
- if( rc != LDAP_SUCCESS ) {
- return rc;
- }
+ rc = value_match( &match, a->a_desc, mr, 0,
+ bv, &ava->aa_value, &text );
+ if( rc != LDAP_SUCCESS ) return rc;
switch ( type ) {
case LDAP_FILTER_EQUALITY:
case LDAP_FILTER_APPROX:
- if ( ret == 0 ) {
+ if ( match == 0 ) {
(*e_flags)[i][j] = 1;
}
break;
case LDAP_FILTER_GE:
- if ( ret >= 0 ) {
+ if ( match >= 0 ) {
(*e_flags)[i][j] = 1;
}
break;
case LDAP_FILTER_LE:
- if ( ret <= 0 ) {
+ if ( match <= 0 ) {
(*e_flags)[i][j] = 1;
}
break;
}
}
}
- return( LDAP_SUCCESS );
+ return LDAP_SUCCESS;
}
static int
test_presence_vrFilter(
- Backend *be,
- Connection *conn,
- Operation *op,
- Entry *e,
- AttributeDescription *desc,
- char ***e_flags
-)
+ Operation *op,
+ Attribute *a,
+ AttributeDescription *desc,
+ char ***e_flags )
{
int i, j;
- Attribute *a;
- if ( !access_allowed( be, conn, op, e, desc, NULL, ACL_SEARCH, NULL ) ) {
- return LDAP_INSUFFICIENT_ACCESS;
- }
-
- for (a = e->e_attrs, i=0; a != NULL; a = a->a_next, i++ ) {
+ for ( i=0; a != NULL; a = a->a_next, i++ ) {
struct berval *bv;
- if ( !is_ad_subtype( a->a_desc, desc ) ) {
- continue;
- }
+ if ( !is_ad_subtype( a->a_desc, desc ) ) continue;
- for ( bv = a->a_vals, j=0; bv->bv_val != NULL; bv++, j++ );
+ for ( bv = a->a_vals, j = 0; !BER_BVISNULL( bv ); bv++, j++ );
memset( (*e_flags)[i], 1, j);
}
static int
test_substrings_vrFilter(
- Backend *be,
- Connection *conn,
- Operation *op,
- Entry *e,
- ValuesReturnFilter *f,
- char ***e_flags
-)
+ Operation *op,
+ Attribute *a,
+ ValuesReturnFilter *vrf,
+ char ***e_flags )
{
int i, j;
- Attribute *a;
-
- if ( !access_allowed( be, conn, op, e,
- f->f_sub_desc, NULL, ACL_SEARCH, NULL ) )
- {
- return LDAP_INSUFFICIENT_ACCESS;
- }
- for (a = e->e_attrs, i=0; a != NULL; a = a->a_next, i++ ) {
+ for ( i=0; a != NULL; a = a->a_next, i++ ) {
MatchingRule *mr = a->a_desc->ad_type->sat_substr;
struct berval *bv;
- if ( !is_ad_subtype( a->a_desc, f->f_sub_desc ) ) {
+ if ( !is_ad_subtype( a->a_desc, vrf->vrf_sub_desc ) ) {
continue;
}
- if( mr == NULL ) {
- continue;
- }
+ if( mr == NULL ) continue;
- for ( bv = a->a_vals, j = 0; bv->bv_val != NULL; bv++, j++ ) {
- int ret;
- int rc;
+ bv = a->a_nvals;
+ for ( j = 0; !BER_BVISNULL( bv ); bv++, j++ ) {
+ int rc, match;
const char *text;
- rc = value_match( &ret, a->a_desc, mr,
- SLAP_MR_ASSERTION_SYNTAX_MATCH,
- bv, f->f_sub, &text );
+ rc = value_match( &match, a->a_desc, mr, 0,
+ bv, vrf->vrf_sub, &text );
- if( rc != LDAP_SUCCESS ) {
- return rc;
- }
+ if( rc != LDAP_SUCCESS ) return rc;
- if ( ret == 0 ) {
+ if ( match == 0 ) {
(*e_flags)[i][j] = 1;
}
}
return LDAP_SUCCESS;
}
-static int test_mra_vrFilter(
- Backend *be,
- Connection *conn,
+static int
+test_mra_vrFilter(
Operation *op,
- Entry *e,
+ Attribute *a,
MatchingRuleAssertion *mra,
- char ***e_flags
-)
+ char ***e_flags )
{
- int i, j;
- Attribute *a;
+ int i, j;
- if( !access_allowed( be, conn, op, e,
- mra->ma_desc, &mra->ma_value, ACL_SEARCH, NULL ) )
- {
- return LDAP_INSUFFICIENT_ACCESS;
- }
+ for ( i = 0; a != NULL; a = a->a_next, i++ ) {
+ struct berval *bv, assertedValue;
+ int normalize_attribute = 0;
- for (a = e->e_attrs, i=0; a != NULL; a = a->a_next, i++ ) {
- struct berval *bv;
-
- if ( !is_ad_subtype( a->a_desc, mra->ma_desc ) ) {
- return( LDAP_SUCCESS );
- }
+ if ( mra->ma_desc ) {
+ if ( !is_ad_subtype( a->a_desc, mra->ma_desc ) ) {
+ continue;
+ }
+ assertedValue = mra->ma_value;
- for ( bv = a->a_vals, j = 0; bv->bv_val != NULL; bv++, j++ ) {
- int ret;
+ } else {
int rc;
- const char *text;
+ const char *text = NULL;
+
+ /* check if matching is appropriate */
+ if ( !mr_usable_with_at( mra->ma_rule, a->a_desc->ad_type ) ) {
+ continue;
+ }
- rc = value_match( &ret, a->a_desc, mra->ma_rule,
- SLAP_MR_ASSERTION_SYNTAX_MATCH,
- bv, &mra->ma_value,
- &text );
+ rc = asserted_value_validate_normalize( a->a_desc, mra->ma_rule,
+ SLAP_MR_EXT|SLAP_MR_VALUE_OF_ASSERTION_SYNTAX,
+ &mra->ma_value, &assertedValue, &text, op->o_tmpmemctx );
- if( rc != LDAP_SUCCESS ) {
- return rc;
+ if ( rc != LDAP_SUCCESS ) continue;
+ }
+
+ /* check match */
+ if ( mra->ma_rule == a->a_desc->ad_type->sat_equality ) {
+ bv = a->a_nvals;
+
+ } else {
+ bv = a->a_vals;
+ normalize_attribute = 1;
+ }
+
+ for ( j = 0; !BER_BVISNULL( bv ); bv++, j++ ) {
+ int rc, match;
+ const char *text;
+ struct berval nbv = BER_BVNULL;
+
+ if ( normalize_attribute && mra->ma_rule->smr_normalize ) {
+ /* see comment in filterentry.c */
+ if ( mra->ma_rule->smr_normalize(
+ SLAP_MR_VALUE_OF_ATTRIBUTE_SYNTAX,
+ mra->ma_rule->smr_syntax,
+ mra->ma_rule,
+ bv, &nbv, op->o_tmpmemctx ) != LDAP_SUCCESS )
+ {
+ /* FIXME: stop processing? */
+ continue;
+ }
+
+ } else {
+ nbv = *bv;
}
- if ( ret ) {
+ rc = value_match( &match, a->a_desc, mra->ma_rule, 0,
+ &nbv, &assertedValue, &text );
+
+ if ( nbv.bv_val != bv->bv_val ) {
+ op->o_tmpfree( nbv.bv_val, op->o_tmpmemctx );
+ }
+
+ if ( rc != LDAP_SUCCESS ) return rc;
+
+ if ( match == 0 ) {
(*e_flags)[i][j] = 1;
}
}
return LDAP_SUCCESS;
}
+
projects / openldap / blobdiff