X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=servers%2Fslapd%2Ffilterentry.c;h=82cd8cd327609843b92086015f996087657a0c5b;hb=69343add5ac17c2300e256c85acf3279298a0fbe;hp=4b6807f55a3a25346adc61940f7c11873e498536;hpb=fcbca73f90d6f4dd09e7ff34533b6ac1baff2135;p=openldap diff --git a/servers/slapd/filterentry.c b/servers/slapd/filterentry.c index 4b6807f55a..82cd8cd327 100644 --- a/servers/slapd/filterentry.c +++ b/servers/slapd/filterentry.c @@ -1,37 +1,47 @@ /* filterentry.c - apply a filter to an entry */ +/* $OpenLDAP$ */ +/* + * Copyright 1998-2002 The OpenLDAP Foundation, All Rights Reserved. + * COPYING RESTRICTIONS APPLY, see COPYRIGHT file + */ + +#include "portable.h" #include -#include -#include -#include -#ifdef sunos5 -#include "regexpr.h" -#else -#include "regex.h" -#endif -#include "slap.h" -extern Attribute *attr_find(); -extern char *first_word(); -extern char *next_word(); -extern char *phonetic(); -extern char *re_comp(); +#include +#include -#ifndef sunos5 -extern pthread_mutex_t regex_mutex; -#endif -static int test_filter_list(); -static int test_substring_filter(); -static int test_ava_filter(); -static int test_approx_filter(); -static int test_presence_filter(); +#include "slap.h" + +static int test_filter_and( Backend *be, + Connection *conn, Operation *op, + Entry *e, Filter *flist ); +static int test_filter_or( Backend *be, + Connection *conn, Operation *op, + Entry *e, Filter *flist ); +static int test_substrings_filter( Backend *be, + Connection *conn, Operation *op, + Entry *e, Filter *f); +static int test_ava_filter( Backend *be, + Connection *conn, Operation *op, + Entry *e, AttributeAssertion *ava, int type ); +static int test_mra_filter( Backend *be, + Connection *conn, Operation *op, + Entry *e, MatchingRuleAssertion *mra ); +static int test_presence_filter( Backend *be, + Connection *conn, Operation *op, + Entry *e, AttributeDescription *desc ); + /* * test_filter - test a filter against a single entry. - * returns 0 filter matched - * -1 filter did not match - * >0 an ldap error code + * returns: + * LDAP_COMPARE_TRUE filter matched + * LDAP_COMPARE_FALSE filter did not match + * SLAPD_COMPARE_UNDEFINED filter is undefined + * or an ldap result code indicating error */ int @@ -45,271 +55,523 @@ test_filter( { int rc; +#ifdef NEW_LOGGING + LDAP_LOG( FILTER, ENTRY, "test_filter: begin\n", 0, 0, 0 ); +#else Debug( LDAP_DEBUG_FILTER, "=> test_filter\n", 0, 0, 0 ); +#endif + switch ( f->f_choice ) { + case SLAPD_FILTER_COMPUTED: +#ifdef NEW_LOGGING + LDAP_LOG( FILTER, DETAIL1, + "test_filter: COMPUTED %s (%d)\n", + f->f_result == LDAP_COMPARE_FALSE ? "false" : + f->f_result == LDAP_COMPARE_TRUE ? "true" : + f->f_result == SLAPD_COMPARE_UNDEFINED ? "undefined" : + "error", f->f_result, 0 ); +#else + Debug( LDAP_DEBUG_FILTER, " COMPUTED %s (%d)\n", + f->f_result == LDAP_COMPARE_FALSE ? "false" : + f->f_result == LDAP_COMPARE_TRUE ? "true" : + f->f_result == SLAPD_COMPARE_UNDEFINED ? "undefined" : "error", + f->f_result, 0 ); +#endif + + rc = f->f_result; + break; + case LDAP_FILTER_EQUALITY: +#ifdef NEW_LOGGING + LDAP_LOG( FILTER, DETAIL1, "test_filter: EQUALITY\n", 0, 0, 0 ); +#else Debug( LDAP_DEBUG_FILTER, " EQUALITY\n", 0, 0, 0 ); - rc = test_ava_filter( be, conn, op, e, &f->f_ava, +#endif + + rc = test_ava_filter( be, conn, op, e, f->f_ava, LDAP_FILTER_EQUALITY ); break; case LDAP_FILTER_SUBSTRINGS: +#ifdef NEW_LOGGING + LDAP_LOG( FILTER, DETAIL1, "test_filter SUBSTRINGS\n", 0, 0, 0 ); +#else Debug( LDAP_DEBUG_FILTER, " SUBSTRINGS\n", 0, 0, 0 ); - rc = test_substring_filter( be, conn, op, e, f ); +#endif + + rc = test_substrings_filter( be, conn, op, e, f ); break; case LDAP_FILTER_GE: - Debug( LDAP_DEBUG_FILTER, " GE\n", 0, 0, 0 ); - rc = test_ava_filter( be, conn, op, e, &f->f_ava, + rc = test_ava_filter( be, conn, op, e, f->f_ava, LDAP_FILTER_GE ); break; case LDAP_FILTER_LE: - Debug( LDAP_DEBUG_FILTER, " LE\n", 0, 0, 0 ); - rc = test_ava_filter( be, conn, op, e, &f->f_ava, + rc = test_ava_filter( be, conn, op, e, f->f_ava, LDAP_FILTER_LE ); break; case LDAP_FILTER_PRESENT: +#ifdef NEW_LOGGING + LDAP_LOG( FILTER, DETAIL1, "test_filter: PRESENT\n", 0, 0, 0 ); +#else Debug( LDAP_DEBUG_FILTER, " PRESENT\n", 0, 0, 0 ); - rc = test_presence_filter( be, conn, op, e, f->f_type ); +#endif + + rc = test_presence_filter( be, conn, op, e, f->f_desc ); break; case LDAP_FILTER_APPROX: +#ifdef NEW_LOGGING + LDAP_LOG( FILTER, DETAIL1, "test_filter: APPROX\n", 0, 0, 0 ); +#else Debug( LDAP_DEBUG_FILTER, " APPROX\n", 0, 0, 0 ); - rc = test_approx_filter( be, conn, op, e, &f->f_ava ); +#endif + rc = test_ava_filter( be, conn, op, e, f->f_ava, + LDAP_FILTER_APPROX ); break; case LDAP_FILTER_AND: +#ifdef NEW_LOGGING + LDAP_LOG( FILTER, DETAIL1, "test_filter: AND\n", 0, 0, 0 ); +#else Debug( LDAP_DEBUG_FILTER, " AND\n", 0, 0, 0 ); - rc = test_filter_list( be, conn, op, e, f->f_and, - LDAP_FILTER_AND ); +#endif + + rc = test_filter_and( be, conn, op, e, f->f_and ); break; case LDAP_FILTER_OR: +#ifdef NEW_LOGGING + LDAP_LOG( FILTER, DETAIL1, "test_filter: OR\n", 0, 0, 0 ); +#else Debug( LDAP_DEBUG_FILTER, " OR\n", 0, 0, 0 ); - rc = test_filter_list( be, conn, op, e, f->f_or, - LDAP_FILTER_OR ); +#endif + + rc = test_filter_or( be, conn, op, e, f->f_or ); break; case LDAP_FILTER_NOT: +#ifdef NEW_LOGGING + LDAP_LOG( FILTER, DETAIL1, "test_filter: NOT\n", 0, 0, 0 ); +#else Debug( LDAP_DEBUG_FILTER, " NOT\n", 0, 0, 0 ); - rc = (! test_filter( be, conn, op, e, f->f_not ) ); +#endif + + rc = test_filter( be, conn, op, e, f->f_not ); + + /* Flip true to false and false to true + * but leave Undefined alone. + */ + switch( rc ) { + case LDAP_COMPARE_TRUE: + rc = LDAP_COMPARE_FALSE; + break; + case LDAP_COMPARE_FALSE: + rc = LDAP_COMPARE_TRUE; + break; + } + break; + + case LDAP_FILTER_EXT: +#ifdef NEW_LOGGING + LDAP_LOG( FILTER, DETAIL1, "test_filter: EXT\n", 0, 0, 0 ); +#else + Debug( LDAP_DEBUG_FILTER, " EXT\n", 0, 0, 0 ); +#endif + + rc = test_mra_filter( be, conn, op, e, f->f_mra ); break; default: - Debug( LDAP_DEBUG_ANY, " unknown filter type %d\n", +#ifdef NEW_LOGGING + LDAP_LOG( FILTER, INFO, + "test_filter: unknown filter type %lu\n", f->f_choice, 0, 0 ); +#else + Debug( LDAP_DEBUG_ANY, " unknown filter type %lu\n", f->f_choice, 0, 0 ); - rc = -1; +#endif + + rc = LDAP_PROTOCOL_ERROR; } +#ifdef NEW_LOGGING + LDAP_LOG( FILTER, RESULTS, "test_filter: return=%d\n", rc, 0, 0 ); +#else Debug( LDAP_DEBUG_FILTER, "<= test_filter %d\n", rc, 0, 0 ); +#endif + return( rc ); } +static int test_mra_filter( + Backend *be, + Connection *conn, + Operation *op, + Entry *e, + MatchingRuleAssertion *mra ) +{ + Attribute *a; + + if ( mra->ma_desc ) { + /* + * if ma_desc is available, then we're filtering for + * one attribute, and SEARCH permissions can be checked + * directly. + */ + if( !access_allowed( be, conn, op, e, + mra->ma_desc, &mra->ma_value, ACL_SEARCH, NULL ) ) + { + return LDAP_INSUFFICIENT_ACCESS; + } + + for(a = attrs_find( e->e_attrs, mra->ma_desc ); + a != NULL; + a = attrs_find( a->a_next, mra->ma_desc ) ) + { + struct berval *bv; + for ( bv = a->a_vals; bv->bv_val != NULL; bv++ ) { + int ret; + int rc; + const char *text; + + rc = value_match( &ret, a->a_desc, mra->ma_rule, + SLAP_MR_ASSERTION_SYNTAX_MATCH, + bv, &mra->ma_value, &text ); + + if( rc != LDAP_SUCCESS ) { + return rc; + } + + if ( ret == 0 ) { + return LDAP_COMPARE_TRUE; + } + } + } + } else { + + /* + * No attribute description: test all + */ + for ( a = e->e_attrs; a != NULL; a = a->a_next ) { + struct berval *bv, value; + const char *text = NULL; + int rc; + + /* check if matching is appropriate */ + if ( !mr_usable_with_at( mra->ma_rule, a->a_desc->ad_type )) { + continue; + } + + /* normalize for equality */ + rc = value_validate_normalize( a->a_desc, + SLAP_MR_EQUALITY, + &mra->ma_value, &value, &text ); + if ( rc != LDAP_SUCCESS ) { + continue; + } + + /* check search access */ + if ( !access_allowed( be, conn, op, e, + a->a_desc, &value, ACL_SEARCH, NULL ) ) { + continue; + } + + /* check match */ + for ( bv = a->a_vals; bv->bv_val != NULL; bv++ ) { + int ret; + int rc; + + rc = value_match( &ret, a->a_desc, mra->ma_rule, + SLAP_MR_ASSERTION_SYNTAX_MATCH, + bv, &value, &text ); + + if( rc != LDAP_SUCCESS ) { + return rc; + } + + if ( ret == 0 ) { + return LDAP_COMPARE_TRUE; + } + } + } + } + + /* check attrs in DN AVAs if required */ + if ( mra->ma_dnattrs ) { + LDAPDN *dn = NULL; + int iRDN, iAVA; + int rc; + + /* parse and pretty the dn */ + rc = dnPrettyDN( NULL, &e->e_name, &dn ); + if ( rc != LDAP_SUCCESS ) { + return LDAP_INVALID_SYNTAX; + } + + /* for each AVA of each RDN ... */ + for ( iRDN = 0; dn[ 0 ][ iRDN ]; iRDN++ ) { + LDAPRDN *rdn = dn[ 0 ][ iRDN ]; + + for ( iAVA = 0; rdn[ 0 ][ iAVA ]; iAVA++ ) { + LDAPAVA *ava = rdn[ 0 ][ iAVA ]; + struct berval *bv = &ava->la_value, value; + AttributeDescription *ad = (AttributeDescription *)ava->la_private; + int ret; + int rc; + const char *text; + + assert( ad ); + + if ( mra->ma_desc ) { + /* have a mra type? check for subtype */ + if ( !is_ad_subtype( ad, mra->ma_desc ) ) { + continue; + } + value = mra->ma_value; + + } else { + const char *text = NULL; + + /* check if matching is appropriate */ + if ( !mr_usable_with_at( mra->ma_rule, ad->ad_type )) { + continue; + } + + /* normalize for equality */ + rc = value_validate_normalize( ad, SLAP_MR_EQUALITY, + &mra->ma_value, &value, &text ); + if ( rc != LDAP_SUCCESS ) { + continue; + } + + /* check search access */ + if ( !access_allowed( be, conn, op, e, + ad, &value, ACL_SEARCH, NULL ) ) { + continue; + } + } + + /* check match */ + rc = value_match( &ret, ad, mra->ma_rule, + SLAP_MR_ASSERTION_SYNTAX_MATCH, + bv, &value, &text ); + + if( rc != LDAP_SUCCESS ) { + ldap_dnfree( dn ); + return rc; + } + + if ( ret == 0 ) { + ldap_dnfree( dn ); + return LDAP_COMPARE_TRUE; + } + } + } + } + + return LDAP_COMPARE_FALSE; +} + static int test_ava_filter( Backend *be, Connection *conn, Operation *op, Entry *e, - Ava *ava, + AttributeAssertion *ava, int type ) { - int i, rc; Attribute *a; - if ( be != NULL && ! access_allowed( be, conn, op, e, ava->ava_type, - &ava->ava_value, op->o_dn, ACL_SEARCH ) ) { - return( -2 ); + if ( !access_allowed( be, conn, op, e, + ava->aa_desc, &ava->aa_value, ACL_SEARCH, NULL ) ) + { + return LDAP_INSUFFICIENT_ACCESS; } - if ( (a = attr_find( e->e_attrs, ava->ava_type )) == NULL ) { - return( -1 ); - } - - if ( a->a_syntax == 0 ) { - a->a_syntax = attr_syntax( ava->ava_type ); - } - for ( i = 0; a->a_vals[i] != NULL; i++ ) { - rc = value_cmp( a->a_vals[i], &ava->ava_value, a->a_syntax, - 3 ); + for(a = attrs_find( e->e_attrs, ava->aa_desc ); + a != NULL; + a = attrs_find( a->a_next, ava->aa_desc ) ) + { + MatchingRule *mr; + struct berval *bv; switch ( type ) { + case LDAP_FILTER_APPROX: + mr = a->a_desc->ad_type->sat_approx; + if( mr != NULL ) break; + + /* use EQUALITY matching rule if no APPROX rule */ + case LDAP_FILTER_EQUALITY: - if ( rc == 0 ) { - return( 0 ); - } + mr = a->a_desc->ad_type->sat_equality; break; case LDAP_FILTER_GE: - if ( rc > 0 ) { - return( 0 ); - } + case LDAP_FILTER_LE: + mr = a->a_desc->ad_type->sat_ordering; break; - case LDAP_FILTER_LE: - if ( rc < 0 ) { - return( 0 ); + default: + mr = NULL; + } + + if( mr == NULL ) { + continue; + } + + for ( bv = a->a_vals; bv->bv_val != NULL; bv++ ) { + int ret; + int rc; + const char *text; + + rc = value_match( &ret, a->a_desc, mr, + SLAP_MR_ASSERTION_SYNTAX_MATCH, + bv, &ava->aa_value, &text ); + + if( rc != LDAP_SUCCESS ) { + return rc; + } + + switch ( type ) { + case LDAP_FILTER_EQUALITY: + case LDAP_FILTER_APPROX: + if ( ret == 0 ) { + return LDAP_COMPARE_TRUE; + } + break; + + case LDAP_FILTER_GE: + if ( ret >= 0 ) { + return LDAP_COMPARE_TRUE; + } + break; + + case LDAP_FILTER_LE: + if ( ret <= 0 ) { + return LDAP_COMPARE_TRUE; + } + break; } - break; } } - return( 1 ); + return( LDAP_COMPARE_FALSE ); } + static int test_presence_filter( Backend *be, Connection *conn, Operation *op, Entry *e, - char *type + AttributeDescription *desc ) { - if ( be != NULL && ! access_allowed( be, conn, op, e, type, NULL, - op->o_dn, ACL_SEARCH ) ) { - return( -2 ); + if ( !access_allowed( be, conn, op, e, desc, NULL, ACL_SEARCH, NULL ) ) + { + return LDAP_INSUFFICIENT_ACCESS; } - return( attr_find( e->e_attrs, type ) != NULL ? 0 : -1 ); + return attrs_find( e->e_attrs, desc ) != NULL + ? LDAP_COMPARE_TRUE : LDAP_COMPARE_FALSE; } + static int -test_approx_filter( +test_filter_and( Backend *be, Connection *conn, Operation *op, Entry *e, - Ava *ava + Filter *flist ) { - char *w1, *w2, *c1, *c2; - int i, rc, match; - Attribute *a; - - if ( be != NULL && ! access_allowed( be, conn, op, e, ava->ava_type, - NULL, op->o_dn, ACL_SEARCH ) ) { - return( -2 ); - } + Filter *f; + int rtn = LDAP_COMPARE_TRUE; /* True if empty */ - if ( (a = attr_find( e->e_attrs, ava->ava_type )) == NULL ) { - return( -1 ); - } +#ifdef NEW_LOGGING + LDAP_LOG( FILTER, ENTRY, "test_filter_and: begin\n", 0, 0, 0 ); +#else + Debug( LDAP_DEBUG_FILTER, "=> test_filter_and\n", 0, 0, 0 ); +#endif - /* for each value in the attribute */ - for ( i = 0; a->a_vals[i] != NULL; i++ ) { - /* - * try to match words in the filter value in order - * in the attribute value. - */ - w2 = a->a_vals[i]->bv_val; - /* for each word in the filter value */ - for ( w1 = first_word( ava->ava_value.bv_val ); w1 != NULL; - w1 = next_word( w1 ) ) { - if ( (c1 = phonetic( w1 )) == NULL ) { - break; - } + for ( f = flist; f != NULL; f = f->f_next ) { + int rc = test_filter( be, conn, op, e, f ); - /* - * for each word in the attribute value from - * where we left off... - */ - for ( w2 = first_word( w2 ); w2 != NULL; - w2 = next_word( w2 ) ) { - c2 = phonetic( w2 ); - if ( strcmp( c1, c2 ) == 0 ) { - free( c2 ); - break; - } - free( c2 ); - } - free( c1 ); - - /* - * if we stopped because we ran out of words - * before making a match, go on to the next - * value. otherwise try to keep matching - * words in this value from where we left off. - */ - if ( w2 == NULL ) { - break; - } else { - w2 = next_word( w2 ); - } + if ( rc == LDAP_COMPARE_FALSE ) { + /* filter is False */ + rtn = rc; + break; } - /* - * if we stopped because we ran out of words we - * have a match. - */ - if ( w1 == NULL ) { - return( 0 ); + + if ( rc != LDAP_COMPARE_TRUE ) { + /* filter is Undefined unless later elements are False */ + rtn = rc; } } - return( 1 ); +#ifdef NEW_LOGGING + LDAP_LOG( FILTER, RESULTS, "test_filter_and: rc=%d\n", rtn, 0, 0 ); +#else + Debug( LDAP_DEBUG_FILTER, "<= test_filter_and %d\n", rtn, 0, 0 ); +#endif + + return rtn; } static int -test_filter_list( +test_filter_or( Backend *be, Connection *conn, Operation *op, Entry *e, - Filter *flist, - int ftype + Filter *flist ) { - int rc, nomatch; Filter *f; + int rtn = LDAP_COMPARE_FALSE; /* False if empty */ + +#ifdef NEW_LOGGING + LDAP_LOG( FILTER, ENTRY, "test_filter_or: begin\n", 0, 0, 0 ); +#else + Debug( LDAP_DEBUG_FILTER, "=> test_filter_or\n", 0, 0, 0 ); +#endif - Debug( LDAP_DEBUG_FILTER, "=> test_filter_list\n", 0, 0, 0 ); - nomatch = 1; for ( f = flist; f != NULL; f = f->f_next ) { - if ( test_filter( be, conn, op, e, f ) != 0 ) { - if ( ftype == LDAP_FILTER_AND ) { - Debug( LDAP_DEBUG_FILTER, - "<= test_filter_list 1\n", 0, 0, 0 ); - return( 1 ); - } - } else { - nomatch = 0; - } - } + int rc = test_filter( be, conn, op, e, f ); - Debug( LDAP_DEBUG_FILTER, "<= test_filter_list %d\n", nomatch, 0, 0 ); - return( nomatch ); -} + if ( rc == LDAP_COMPARE_TRUE ) { + /* filter is True */ + rtn = rc; + break; + } -static void -strcpy_special( char *d, char *s ) -{ - for ( ; *s; s++ ) { - switch ( *s ) { - case '.': - case '\\': - case '[': - case ']': - case '*': - case '+': - case '^': - case '$': - *d++ = '\\'; - /* FALL */ - default: - *d++ = *s; + if ( rc != LDAP_COMPARE_FALSE ) { + /* filter is Undefined unless later elements are True */ + rtn = rc; } } - *d = '\0'; + +#ifdef NEW_LOGGING + LDAP_LOG( FILTER, ENTRY, "test_filter_or: result=%d\n", rtn, 0, 0 ); +#else + Debug( LDAP_DEBUG_FILTER, "<= test_filter_or %d\n", rtn, 0, 0 ); +#endif + + return rtn; } + static int -test_substring_filter( +test_substrings_filter( Backend *be, Connection *conn, Operation *op, @@ -318,130 +580,55 @@ test_substring_filter( ) { Attribute *a; - int i, rc; - char *p, *end, *realval, *tmp; - char pat[BUFSIZ]; - char buf[BUFSIZ]; - struct berval *val; - Debug( LDAP_DEBUG_FILTER, "begin test_substring_filter\n", 0, 0, 0 ); +#ifdef NEW_LOGGING + LDAP_LOG( FILTER, ENTRY, "test_substrings_filter: begin\n", 0, 0, 0 ); +#else + Debug( LDAP_DEBUG_FILTER, "begin test_substrings_filter\n", 0, 0, 0 ); +#endif - if ( be != NULL && ! access_allowed( be, conn, op, e, f->f_sub_type, - NULL, op->o_dn, ACL_SEARCH ) ) { - return( -2 ); - } - if ( (a = attr_find( e->e_attrs, f->f_sub_type )) == NULL ) { - return( -1 ); + if ( !access_allowed( be, conn, op, e, + f->f_sub_desc, NULL, ACL_SEARCH, NULL ) ) + { + return LDAP_INSUFFICIENT_ACCESS; } - if ( a->a_syntax & SYNTAX_BIN ) { - Debug( LDAP_DEBUG_FILTER, "test_substring_filter bin attr\n", - 0, 0, 0 ); - return( -1 ); - } + for(a = attrs_find( e->e_attrs, f->f_sub_desc ); + a != NULL; + a = attrs_find( a->a_next, f->f_sub_desc ) ) + { + MatchingRule *mr = a->a_desc->ad_type->sat_substr; + struct berval *bv; - /* - * construct a regular expression corresponding to the - * filter and let regex do the work - */ - - pat[0] = '\0'; - p = pat; - end = pat + sizeof(pat) - 2; /* leave room for null */ - if ( f->f_sub_initial != NULL ) { - strcpy( p, "^" ); - p = strchr( p, '\0' ); - /* 2 * in case every char is special */ - if ( p + 2 * strlen( f->f_sub_initial ) > end ) { - Debug( LDAP_DEBUG_ANY, "not enough pattern space\n", - 0, 0, 0 ); - return( -1 ); + if( mr == NULL ) { + continue; } - strcpy_special( p, f->f_sub_initial ); - p = strchr( p, '\0' ); - } - if ( f->f_sub_any != NULL ) { - for ( i = 0; f->f_sub_any[i] != NULL; i++ ) { - /* ".*" + value */ - if ( p + 2 * strlen( f->f_sub_any[i] ) + 2 > end ) { - Debug( LDAP_DEBUG_ANY, - "not enough pattern space\n", 0, 0, 0 ); - return( -1 ); - } - strcpy( p, ".*" ); - p = strchr( p, '\0' ); - strcpy_special( p, f->f_sub_any[i] ); - p = strchr( p, '\0' ); - } - } - if ( f->f_sub_final != NULL ) { - /* ".*" + value */ - if ( p + 2 * strlen( f->f_sub_final ) + 2 > end ) { - Debug( LDAP_DEBUG_ANY, "not enough pattern space\n", - 0, 0, 0 ); - return( -1 ); - } - strcpy( p, ".*" ); - p = strchr( p, '\0' ); - strcpy_special( p, f->f_sub_final ); - p = strchr( p, '\0' ); - strcpy( p, "$" ); - } - /* compile the regex */ -#ifdef sunos5 - if ( (p = compile( pat, NULL, NULL )) == NULL ) { - Debug( LDAP_DEBUG_ANY, "compile failed (%s)\n", p, 0, 0 ); - return( -1 ); - } -#else /* sunos5 */ - pthread_mutex_lock( ®ex_mutex ); - if ( (p = re_comp( pat )) != 0 ) { - Debug( LDAP_DEBUG_ANY, "re_comp failed (%s)\n", p, 0, 0 ); - pthread_mutex_unlock( ®ex_mutex ); - return( -1 ); - } -#endif /* sunos5 */ - - /* for each value in the attribute see if regex matches */ - for ( i = 0; a->a_vals[i] != NULL; i++ ) { - val = a->a_vals[i]; - tmp = NULL; - if ( val->bv_len < sizeof(buf) ) { - strcpy( buf, val->bv_val ); - realval = buf; - } else { - tmp = (char *) ch_malloc( val->bv_len + 1 ); - strcpy( tmp, val->bv_val ); - realval = tmp; - } - value_normalize( realval, a->a_syntax ); + for ( bv = a->a_vals; bv->bv_val != NULL; bv++ ) { + int ret; + int rc; + const char *text; -#ifdef sunos5 - rc = step( realval, p ); -#else /* sunos5 */ - rc = re_exec( realval ); -#endif /* sunos5 */ + rc = value_match( &ret, a->a_desc, mr, + SLAP_MR_ASSERTION_SYNTAX_MATCH, + bv, f->f_sub, &text ); - if ( tmp != NULL ) { - free( tmp ); - } - if ( rc == 1 ) { -#ifdef sunos5 - free( p ); -#else /* sunos5 */ - pthread_mutex_unlock( ®ex_mutex ); -#endif /* sunos5 */ - return( 0 ); + if( rc != LDAP_SUCCESS ) { + return rc; + } + + if ( ret == 0 ) { + return LDAP_COMPARE_TRUE; + } } } -#ifdef sunos5 - free( p ); -#else /* sunos5 */ - pthread_mutex_unlock( ®ex_mutex ); -#endif /* sunos5 */ - - Debug( LDAP_DEBUG_FILTER, "end test_substring_filter 1\n", 0, 0, 0 ); - return( 1 ); + +#ifdef NEW_LOGGING + LDAP_LOG( FILTER, ENTRY, "test_substrings_filter: return FALSE\n", 0, 0, 0 ); +#else + Debug( LDAP_DEBUG_FILTER, "end test_substrings_filter 1\n", 0, 0, 0 ); +#endif + + return LDAP_COMPARE_FALSE; }