X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=servers%2Fslapd%2Ffilterentry.c;h=94724f8da5c3604e3e357ca34794411de5b19df3;hb=2c94c7915a52f8df4323c8193ec424df568f0fc1;hp=fe4e1c1b54a5395d00ae1c91b758b595135fb425;hpb=c1da50a4261747a5ea1f8f3843fcf33dc4f9496d;p=openldap diff --git a/servers/slapd/filterentry.c b/servers/slapd/filterentry.c index fe4e1c1b54..94724f8da5 100644 --- a/servers/slapd/filterentry.c +++ b/servers/slapd/filterentry.c @@ -1,7 +1,7 @@ /* filterentry.c - apply a filter to an entry */ /* $OpenLDAP$ */ /* - * Copyright 1998-2000 The OpenLDAP Foundation, All Rights Reserved. + * Copyright 1998-2002 The OpenLDAP Foundation, All Rights Reserved. * COPYING RESTRICTIONS APPLY, see COPYRIGHT file */ @@ -12,9 +12,6 @@ #include #include -#ifndef SLAPD_SCHEMA_NOT_COMPAT -#include -#endif #include "slap.h" @@ -24,10 +21,9 @@ static int test_filter_and( Backend *be, static int test_filter_or( Backend *be, Connection *conn, Operation *op, Entry *e, Filter *flist ); -static int test_substring_filter( Backend *be, +static int test_substrings_filter( Backend *be, Connection *conn, Operation *op, Entry *e, Filter *f); -#ifdef SLAPD_SCHEMA_NOT_COMPAT static int test_ava_filter( Backend *be, Connection *conn, Operation *op, Entry *e, AttributeAssertion *ava, int type ); @@ -37,17 +33,6 @@ static int test_mra_filter( Backend *be, static int test_presence_filter( Backend *be, Connection *conn, Operation *op, Entry *e, AttributeDescription *desc ); -#else -static int test_ava_filter(Backend *be, - Connection *conn, Operation *op, - Entry *e, Ava *ava, int type); -static int test_approx_filter(Backend *be, - Connection *conn, Operation *op, - Entry *e, Ava *ava); -static int test_presence_filter(Backend *be, - Connection *conn, Operation *op, - Entry *e, char *type); -#endif /* @@ -70,91 +55,125 @@ test_filter( { int rc; +#ifdef NEW_LOGGING + LDAP_LOG(( "filter", LDAP_LEVEL_ENTRY, + "test_filter: begin\n" )); +#else Debug( LDAP_DEBUG_FILTER, "=> test_filter\n", 0, 0, 0 ); +#endif + switch ( f->f_choice ) { -#ifdef SLAPD_SCHEMA_NOT_COMPAT case SLAPD_FILTER_COMPUTED: +#ifdef NEW_LOGGING + LDAP_LOG(( "filter", LDAP_LEVEL_DETAIL1, + "test_filter: COMPUTED %s (%d)\n", + f->f_result == LDAP_COMPARE_FALSE ? "false" : + f->f_result == LDAP_COMPARE_TRUE ? "true" : + f->f_result == SLAPD_COMPARE_UNDEFINED ? "undefined" : + "error", + f->f_result )); +#else Debug( LDAP_DEBUG_FILTER, " COMPUTED %s (%d)\n", f->f_result == LDAP_COMPARE_FALSE ? "false" : f->f_result == LDAP_COMPARE_TRUE ? "true" : f->f_result == SLAPD_COMPARE_UNDEFINED ? "undefined" : "error", f->f_result, 0 ); +#endif + rc = f->f_result; break; -#endif case LDAP_FILTER_EQUALITY: +#ifdef NEW_LOGGING + LDAP_LOG(( "filter", LDAP_LEVEL_DETAIL1, + "test_filter: EQUALITY\n" )); +#else Debug( LDAP_DEBUG_FILTER, " EQUALITY\n", 0, 0, 0 ); -#ifdef SLAPD_SCHEMA_NOT_COMPAT +#endif + rc = test_ava_filter( be, conn, op, e, f->f_ava, LDAP_FILTER_EQUALITY ); -#else - rc = test_ava_filter( be, conn, op, e, &f->f_ava, - LDAP_FILTER_EQUALITY ); -#endif break; case LDAP_FILTER_SUBSTRINGS: +#ifdef NEW_LOGGING + LDAP_LOG(( "filter", LDAP_LEVEL_DETAIL1, + "test_filter SUBSTRINGS\n" )); +#else Debug( LDAP_DEBUG_FILTER, " SUBSTRINGS\n", 0, 0, 0 ); - rc = test_substring_filter( be, conn, op, e, f ); +#endif + + rc = test_substrings_filter( be, conn, op, e, f ); break; case LDAP_FILTER_GE: -#ifdef SLAPD_SCHEMA_NOT_COMPAT rc = test_ava_filter( be, conn, op, e, f->f_ava, LDAP_FILTER_GE ); -#else - Debug( LDAP_DEBUG_FILTER, " GE\n", 0, 0, 0 ); - rc = test_ava_filter( be, conn, op, e, &f->f_ava, - LDAP_FILTER_GE ); -#endif break; case LDAP_FILTER_LE: -#ifdef SLAPD_SCHEMA_NOT_COMPAT rc = test_ava_filter( be, conn, op, e, f->f_ava, LDAP_FILTER_LE ); -#else - Debug( LDAP_DEBUG_FILTER, " LE\n", 0, 0, 0 ); - rc = test_ava_filter( be, conn, op, e, &f->f_ava, - LDAP_FILTER_LE ); -#endif break; case LDAP_FILTER_PRESENT: - Debug( LDAP_DEBUG_FILTER, " PRESENT\n", 0, 0, 0 ); -#ifdef SLAPD_SCHEMA_NOT_COMPAT - rc = test_presence_filter( be, conn, op, e, f->f_desc ); +#ifdef NEW_LOGGING + LDAP_LOG(( "filter", LDAP_LEVEL_DETAIL1, + "test_filter: PRESENT\n" )); #else - rc = test_presence_filter( be, conn, op, e, f->f_type ); + Debug( LDAP_DEBUG_FILTER, " PRESENT\n", 0, 0, 0 ); #endif + + rc = test_presence_filter( be, conn, op, e, f->f_desc ); break; case LDAP_FILTER_APPROX: +#ifdef NEW_LOGGING + LDAP_LOG(( "filter", LDAP_LEVEL_DETAIL1, + "test_filter: APPROX\n" )); +#else Debug( LDAP_DEBUG_FILTER, " APPROX\n", 0, 0, 0 ); -#ifdef SLAPD_SCHEMA_NOT_COMPAT +#endif rc = test_ava_filter( be, conn, op, e, f->f_ava, LDAP_FILTER_APPROX ); -#else - rc = test_approx_filter( be, conn, op, e, &f->f_ava ); -#endif break; case LDAP_FILTER_AND: +#ifdef NEW_LOGGING + LDAP_LOG(( "filter", LDAP_LEVEL_DETAIL1, + "test_filter: AND\n" )); +#else Debug( LDAP_DEBUG_FILTER, " AND\n", 0, 0, 0 ); +#endif + rc = test_filter_and( be, conn, op, e, f->f_and ); break; case LDAP_FILTER_OR: +#ifdef NEW_LOGGING + LDAP_LOG(( "filter", LDAP_LEVEL_DETAIL1, + "test_filter: OR\n" )); +#else Debug( LDAP_DEBUG_FILTER, " OR\n", 0, 0, 0 ); +#endif + rc = test_filter_or( be, conn, op, e, f->f_or ); break; case LDAP_FILTER_NOT: +#ifdef NEW_LOGGING + LDAP_LOG(( "filter", LDAP_LEVEL_DETAIL1, + "test_filter: NOT\n" )); +#else Debug( LDAP_DEBUG_FILTER, " NOT\n", 0, 0, 0 ); +#endif + rc = test_filter( be, conn, op, e, f->f_not ); + /* Flip true to false and false to true + * but leave Undefined alone. + */ switch( rc ) { case LDAP_COMPARE_TRUE: rc = LDAP_COMPARE_FALSE; @@ -165,27 +184,93 @@ test_filter( } break; -#ifdef SLAPD_EXT_FILTERS case LDAP_FILTER_EXT: - Debug( LDAP_DEBUG_FILTER, " EXT\n", 0, 0, 0 ); -#if SLAPD_SCHEMA_NOT_COMPAT - rc = test_mra_filter( be, conn, op, e, f->f_mra ); +#ifdef NEW_LOGGING + LDAP_LOG(( "filter", LDAP_LEVEL_DETAIL1, + "test_filter: EXT\n" )); #else - rc = LDAP_UNWILLING_TO_PERFORM; + Debug( LDAP_DEBUG_FILTER, " EXT\n", 0, 0, 0 ); #endif + + rc = test_mra_filter( be, conn, op, e, f->f_mra ); break; -#endif default: +#ifdef NEW_LOGGING + LDAP_LOG(( "filter", LDAP_LEVEL_INFO, + "test_filter: unknown filter type %lu\n", + f->f_choice )); +#else Debug( LDAP_DEBUG_ANY, " unknown filter type %lu\n", f->f_choice, 0, 0 ); +#endif + rc = LDAP_PROTOCOL_ERROR; } +#ifdef NEW_LOGGING + LDAP_LOG(( "filter", LDAP_LEVEL_ENTRY, + "test_filter: return=%d\n", rc )); +#else Debug( LDAP_DEBUG_FILTER, "<= test_filter %d\n", rc, 0, 0 ); +#endif + return( rc ); } +static int test_mra_filter( + Backend *be, + Connection *conn, + Operation *op, + Entry *e, + MatchingRuleAssertion *mra ) +{ + Attribute *a; + + if( !access_allowed( be, conn, op, e, + mra->ma_desc, &mra->ma_value, ACL_SEARCH ) ) + { + return LDAP_INSUFFICIENT_ACCESS; + } + + if( strcmp(mra->ma_rule->smr_syntax->ssyn_oid, + mra->ma_desc->ad_type->sat_syntax->ssyn_oid) != 0) + { + return LDAP_INVALID_SYNTAX; + } + + if( mra->ma_rule == NULL ) + { + return LDAP_INAPPROPRIATE_MATCHING; + } + + for(a = attrs_find( e->e_attrs, mra->ma_desc ); + a != NULL; + a = attrs_find( a->a_next, mra->ma_desc ) ) + { + struct berval *bv; + for ( bv = a->a_vals; bv->bv_val != NULL; bv++ ) { + int ret; + int rc; + const char *text; + + rc = value_match( &ret, a->a_desc, mra->ma_rule, + SLAP_MR_ASSERTION_SYNTAX_MATCH, + bv, &mra->ma_value, + &text ); + + if( rc != LDAP_SUCCESS ) { + return rc; + } + + if ( ret ) { + return LDAP_COMPARE_TRUE; + } + } + } + + return LDAP_COMPARE_FALSE; +} static int test_ava_filter( @@ -193,44 +278,33 @@ test_ava_filter( Connection *conn, Operation *op, Entry *e, -#ifdef SLAPD_SCHEMA_NOT_COMPAT AttributeAssertion *ava, -#else - Ava *ava, -#endif int type ) { - int i; Attribute *a; -#ifdef SLAPD_SCHEMA_NOT_COMPAT - if ( be != NULL && ! access_allowed( be, conn, op, e, - ava->aa_desc, ava->aa_value, ACL_SEARCH ) ) -#else - - if ( be != NULL && ! access_allowed( be, conn, op, e, - ava->ava_type, &ava->ava_value, ACL_SEARCH ) ) -#endif + if ( !access_allowed( be, conn, op, e, + ava->aa_desc, &ava->aa_value, ACL_SEARCH ) ) { return LDAP_INSUFFICIENT_ACCESS; } -#ifdef SLAPD_SCHEMA_NOT_COMPAT for(a = attrs_find( e->e_attrs, ava->aa_desc ); a != NULL; a = attrs_find( a->a_next, ava->aa_desc ) ) -#else - a = attr_find( e->e_attrs, ava->ava_type ); - if ( a != NULL ) -#endif { -#ifdef SLAPD_SCHEMA_NOT_COMPAT MatchingRule *mr; + struct berval *bv; switch ( type ) { - case LDAP_FILTER_EQUALITY: case LDAP_FILTER_APPROX: + mr = a->a_desc->ad_type->sat_approx; + if( mr != NULL ) break; + + /* use EQUALITY matching rule if no APPROX rule */ + + case LDAP_FILTER_EQUALITY: mr = a->a_desc->ad_type->sat_equality; break; @@ -246,29 +320,19 @@ test_ava_filter( if( mr == NULL ) { continue; } -#else - if ( a->a_syntax == 0 ) { - a->a_syntax = attr_syntax( ava->ava_type ); - } -#endif - for ( i = 0; a->a_vals[i] != NULL; i++ ) { + for ( bv = a->a_vals; bv->bv_val != NULL; bv++ ) { int ret; -#ifdef SLAPD_SCHEMA_NOT_COMPAT int rc; const char *text; rc = value_match( &ret, a->a_desc, mr, - a->a_vals[i], ava->aa_value, - &text ); + SLAP_MR_ASSERTION_SYNTAX_MATCH, + bv, &ava->aa_value, &text ); if( rc != LDAP_SUCCESS ) { return rc; } -#else - ret = value_cmp( a->a_vals[i], &ava->ava_value, a->a_syntax, - 3 ); -#endif switch ( type ) { case LDAP_FILTER_EQUALITY: @@ -303,104 +367,18 @@ test_presence_filter( Connection *conn, Operation *op, Entry *e, -#ifdef SLAPD_SCHEMA_NOT_COMPAT AttributeDescription *desc -#else - char *desc -#endif ) { - if ( be != NULL && ! access_allowed( be, conn, op, e, - desc, NULL, ACL_SEARCH ) ) + if ( !access_allowed( be, conn, op, e, desc, NULL, ACL_SEARCH ) ) { return LDAP_INSUFFICIENT_ACCESS; } -#ifdef SLAPD_SCHEMA_NOT_COMPAT return attrs_find( e->e_attrs, desc ) != NULL -#else - return attr_find( e->e_attrs, desc ) != NULL -#endif ? LDAP_COMPARE_TRUE : LDAP_COMPARE_FALSE; } -#ifndef SLAPD_SCHEMA_NOT_COMPAT -static int -test_approx_filter( - Backend *be, - Connection *conn, - Operation *op, - Entry *e, - Ava *ava -) -{ - char *w1, *w2, *c1, *c2; - int i; - Attribute *a; - - if ( be != NULL && ! access_allowed( be, conn, op, e, - ava->ava_type, NULL, ACL_SEARCH ) ) - { - return LDAP_INSUFFICIENT_ACCESS; - } - - a = attr_find( e->e_attrs, ava->ava_type ); - if ( a != NULL ) { - /* for each value in the attribute */ - for ( i = 0; a->a_vals[i] != NULL; i++ ) { - /* - * try to match words in the filter value in order - * in the attribute value. - */ - - w2 = a->a_vals[i]->bv_val; - /* for each word in the filter value */ - for ( w1 = first_word( ava->ava_value.bv_val ); w1 != NULL; - w1 = next_word( w1 ) ) { - if ( (c1 = phonetic( w1 )) == NULL ) { - break; - } - - /* - * for each word in the attribute value from - * where we left off... - */ - for ( w2 = first_word( w2 ); w2 != NULL; - w2 = next_word( w2 ) ) { - c2 = phonetic( w2 ); - if ( strcmp( c1, c2 ) == 0 ) { - free( c2 ); - break; - } - free( c2 ); - } - free( c1 ); - - /* - * if we stopped because we ran out of words - * before making a match, go on to the next - * value. otherwise try to keep matching - * words in this value from where we left off. - */ - if ( w2 == NULL ) { - break; - } else { - w2 = next_word( w2 ); - } - } - /* - * if we stopped because we ran out of words we - * have a match. - */ - if ( w1 == NULL ) { - return LDAP_COMPARE_TRUE; - } - } - } - - return LDAP_COMPARE_FALSE; -} -#endif static int test_filter_and( @@ -412,23 +390,38 @@ test_filter_and( ) { Filter *f; - int rtn = LDAP_COMPARE_TRUE; + int rtn = LDAP_COMPARE_TRUE; /* True if empty */ +#ifdef NEW_LOGGING + LDAP_LOG(( "filter", LDAP_LEVEL_ENTRY, + "test_filter_and: begin\n" )); +#else Debug( LDAP_DEBUG_FILTER, "=> test_filter_and\n", 0, 0, 0 ); +#endif + for ( f = flist; f != NULL; f = f->f_next ) { int rc = test_filter( be, conn, op, e, f ); if ( rc == LDAP_COMPARE_FALSE ) { - rtn = LDAP_COMPARE_FALSE; + /* filter is False */ + rtn = rc; break; } + if ( rc != LDAP_COMPARE_TRUE ) { + /* filter is Undefined unless later elements are False */ rtn = rc; } } +#ifdef NEW_LOGGING + LDAP_LOG(( "filter", LDAP_LEVEL_ENTRY, + "test_filter_and: rc=%d\n", rtn )); +#else Debug( LDAP_DEBUG_FILTER, "<= test_filter_and %d\n", rtn, 0, 0 ); +#endif + return rtn; } @@ -442,58 +435,44 @@ test_filter_or( ) { Filter *f; - int rtn = LDAP_COMPARE_FALSE; + int rtn = LDAP_COMPARE_FALSE; /* False if empty */ +#ifdef NEW_LOGGING + LDAP_LOG(( "filter", LDAP_LEVEL_ENTRY, + "test_filter_or: begin\n" )); +#else Debug( LDAP_DEBUG_FILTER, "=> test_filter_or\n", 0, 0, 0 ); +#endif + for ( f = flist; f != NULL; f = f->f_next ) { int rc = test_filter( be, conn, op, e, f ); if ( rc == LDAP_COMPARE_TRUE ) { - rtn = LDAP_COMPARE_TRUE; + /* filter is True */ + rtn = rc; break; } - if ( rc != LDAP_COMPARE_TRUE ) { + + if ( rc != LDAP_COMPARE_FALSE ) { + /* filter is Undefined unless later elements are True */ rtn = rc; } } +#ifdef NEW_LOGGING + LDAP_LOG(( "filter", LDAP_LEVEL_ENTRY, + "test_filter_or: result=%d\n", rtn )); +#else Debug( LDAP_DEBUG_FILTER, "<= test_filter_or %d\n", rtn, 0, 0 ); +#endif + return rtn; } -#ifndef SLAPD_SCHEMA_NOT_COMPAT -static void -strcpy_regex( char *d, char *s ) -{ - for ( ; *s; s++ ) { - switch ( *s ) { - case '^': - case '.': - case '[': - case ']': /* ? */ - case '$': - case '(': - case ')': /* ? */ - case '|': - case '*': - case '+': - case '?': - case '{': - case '}': /* ? */ - case '\\': - *d++ = '\\'; - /* FALL */ - default: - *d++ = *s; - } - } - *d = '\0'; -} -#endif static int -test_substring_filter( +test_substrings_filter( Backend *be, Connection *conn, Operation *op, @@ -501,122 +480,58 @@ test_substring_filter( Filter *f ) { -#ifndef SLAPD_SCHEMA_NOT_COMPAT Attribute *a; - int i, rc; - char *p, *end, *realval, *tmp; - char pat[BUFSIZ]; - char buf[BUFSIZ]; - struct berval *val; - regex_t re; - Debug( LDAP_DEBUG_FILTER, "begin test_substring_filter\n", 0, 0, 0 ); +#ifdef NEW_LOGGING + LDAP_LOG(( "filter", LDAP_LEVEL_ENTRY, + "test_substrings_filter: begin\n" )); +#else + Debug( LDAP_DEBUG_FILTER, "begin test_substrings_filter\n", 0, 0, 0 ); +#endif + - if ( be != NULL && ! access_allowed( be, conn, op, e, - f->f_sub_type, NULL, ACL_SEARCH ) ) + if ( !access_allowed( be, conn, op, e, + f->f_sub_desc, NULL, ACL_SEARCH ) ) { return LDAP_INSUFFICIENT_ACCESS; } - if ( (a = attr_find( e->e_attrs, f->f_sub_type )) == NULL ) { - return LDAP_COMPARE_FALSE; - } - - if ( a->a_syntax & SYNTAX_BIN ) { - Debug( LDAP_DEBUG_FILTER, "test_substring_filter bin attr\n", - 0, 0, 0 ); - return LDAP_INAPPROPRIATE_MATCHING; - } + for(a = attrs_find( e->e_attrs, f->f_sub_desc ); + a != NULL; + a = attrs_find( a->a_next, f->f_sub_desc ) ) + { + MatchingRule *mr = a->a_desc->ad_type->sat_substr; + struct berval *bv; - /* - * construct a regular expression corresponding to the - * filter and let regex do the work - */ - - pat[0] = '\0'; - p = pat; - end = pat + sizeof(pat) - 2; /* leave room for null */ - if ( f->f_sub_initial != NULL ) { - strcpy( p, "^" ); - p = strchr( p, '\0' ); - /* 2 * in case every char is special */ - if ( p + 2 * f->f_sub_initial->bv_len > end ) { - Debug( LDAP_DEBUG_ANY, "not enough pattern space\n", - 0, 0, 0 ); - return LDAP_OTHER; - } - strcpy_regex( p, f->f_sub_initial->bv_val ); - p = strchr( p, '\0' ); - } - if ( f->f_sub_any != NULL ) { - for ( i = 0; f->f_sub_any[i] != NULL; i++ ) { - /* ".*" + value */ - if ( p + 2 * f->f_sub_any[i]->bv_len + 2 > end ) { - Debug( LDAP_DEBUG_ANY, - "not enough pattern space\n", 0, 0, 0 ); - return LDAP_OTHER; - } - strcpy( p, ".*" ); - p = strchr( p, '\0' ); - strcpy_regex( p, f->f_sub_any[i]->bv_val ); - p = strchr( p, '\0' ); - } - } - if ( f->f_sub_final != NULL ) { - /* ".*" + value */ - if ( p + 2 * f->f_sub_final->bv_len + 2 > end ) { - Debug( LDAP_DEBUG_ANY, "not enough pattern space\n", - 0, 0, 0 ); - return( -1 ); + if( mr == NULL ) { + continue; } - strcpy( p, ".*" ); - p = strchr( p, '\0' ); - strcpy_regex( p, f->f_sub_final->bv_val ); - p = strchr( p, '\0' ); - strcpy( p, "$" ); - } - - /* compile the regex */ - Debug( LDAP_DEBUG_FILTER, "test_substring_filter: regcomp pat: %s\n", - pat, 0, 0 ); - if ((rc = regcomp(&re, pat, REG_EXTENDED|REG_NOSUB))) { - char error[512]; - - regerror(rc, &re, error, sizeof(error)); - Debug( LDAP_DEBUG_ANY, "regcomp failed (%s) %s\n", - p, error, 0 ); - return LDAP_OTHER; - } - /* for each value in the attribute see if regex matches */ - for ( i = 0; a->a_vals[i] != NULL; i++ ) { - val = a->a_vals[i]; - tmp = NULL; - if ( val->bv_len < sizeof(buf) ) { - strcpy( buf, val->bv_val ); - realval = buf; - } else { - tmp = (char *) ch_malloc( val->bv_len + 1 ); - strcpy( tmp, val->bv_val ); - realval = tmp; - } + for ( bv = a->a_vals; bv->bv_val != NULL; bv++ ) { + int ret; + int rc; + const char *text; - value_normalize( realval, a->a_syntax ); + rc = value_match( &ret, a->a_desc, mr, + SLAP_MR_ASSERTION_SYNTAX_MATCH, + bv, f->f_sub, &text ); - rc = !regexec(&re, realval, 0, NULL, 0); + if( rc != LDAP_SUCCESS ) { + return rc; + } - if ( tmp != NULL ) { - free( tmp ); - } - if ( rc == 1 ) { - regfree(&re); - return LDAP_COMPARE_TRUE; + if ( ret == 0 ) { + return LDAP_COMPARE_TRUE; + } } } - regfree(&re); +#ifdef NEW_LOGGING + LDAP_LOG(( "filter", LDAP_LEVEL_ENTRY, + "test_substrings_filter: return FALSE\n" )); +#else + Debug( LDAP_DEBUG_FILTER, "end test_substrings_filter 1\n", 0, 0, 0 ); #endif - Debug( LDAP_DEBUG_FILTER, "end test_substring_filter 1\n", 0, 0, 0 ); return LDAP_COMPARE_FALSE; }