X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=servers%2Fslapd%2Ffilterentry.c;h=af513e29c565ca7035d0529a0ca3db57d1ab9c12;hb=62139b6ef3634529c6d1ff726c337e685ea38cf8;hp=29dbb0886f0c3276f49b6ffc50679d568f868a76;hpb=665272dca1ea2b2ebac85766a12ed26c7e1264f7;p=openldap diff --git a/servers/slapd/filterentry.c b/servers/slapd/filterentry.c index 29dbb0886f..af513e29c5 100644 --- a/servers/slapd/filterentry.c +++ b/servers/slapd/filterentry.c @@ -1,7 +1,7 @@ /* filterentry.c - apply a filter to an entry */ /* $OpenLDAP$ */ /* - * Copyright 1998-2000 The OpenLDAP Foundation, All Rights Reserved. + * Copyright 1998-2002 The OpenLDAP Foundation, All Rights Reserved. * COPYING RESTRICTIONS APPLY, see COPYRIGHT file */ @@ -55,26 +55,55 @@ test_filter( { int rc; +#ifdef NEW_LOGGING + LDAP_LOG(( "filter", LDAP_LEVEL_ENTRY, + "test_filter: begin\n" )); +#else Debug( LDAP_DEBUG_FILTER, "=> test_filter\n", 0, 0, 0 ); +#endif + switch ( f->f_choice ) { case SLAPD_FILTER_COMPUTED: +#ifdef NEW_LOGGING + LDAP_LOG(( "filter", LDAP_LEVEL_DETAIL1, + "test_filter: COMPUTED %s (%d)\n", + f->f_result == LDAP_COMPARE_FALSE ? "false" : + f->f_result == LDAP_COMPARE_TRUE ? "true" : + f->f_result == SLAPD_COMPARE_UNDEFINED ? "undefined" : + "error", + f->f_result )); +#else Debug( LDAP_DEBUG_FILTER, " COMPUTED %s (%d)\n", f->f_result == LDAP_COMPARE_FALSE ? "false" : f->f_result == LDAP_COMPARE_TRUE ? "true" : f->f_result == SLAPD_COMPARE_UNDEFINED ? "undefined" : "error", f->f_result, 0 ); +#endif + rc = f->f_result; break; case LDAP_FILTER_EQUALITY: +#ifdef NEW_LOGGING + LDAP_LOG(( "filter", LDAP_LEVEL_DETAIL1, + "test_filter: EQUALITY\n" )); +#else Debug( LDAP_DEBUG_FILTER, " EQUALITY\n", 0, 0, 0 ); +#endif + rc = test_ava_filter( be, conn, op, e, f->f_ava, LDAP_FILTER_EQUALITY ); break; case LDAP_FILTER_SUBSTRINGS: +#ifdef NEW_LOGGING + LDAP_LOG(( "filter", LDAP_LEVEL_DETAIL1, + "test_filter SUBSTRINGS\n" )); +#else Debug( LDAP_DEBUG_FILTER, " SUBSTRINGS\n", 0, 0, 0 ); +#endif + rc = test_substrings_filter( be, conn, op, e, f ); break; @@ -89,30 +118,62 @@ test_filter( break; case LDAP_FILTER_PRESENT: +#ifdef NEW_LOGGING + LDAP_LOG(( "filter", LDAP_LEVEL_DETAIL1, + "test_filter: PRESENT\n" )); +#else Debug( LDAP_DEBUG_FILTER, " PRESENT\n", 0, 0, 0 ); +#endif + rc = test_presence_filter( be, conn, op, e, f->f_desc ); break; case LDAP_FILTER_APPROX: +#ifdef NEW_LOGGING + LDAP_LOG(( "filter", LDAP_LEVEL_DETAIL1, + "test_filter: APPROX\n" )); +#else Debug( LDAP_DEBUG_FILTER, " APPROX\n", 0, 0, 0 ); +#endif rc = test_ava_filter( be, conn, op, e, f->f_ava, LDAP_FILTER_APPROX ); break; case LDAP_FILTER_AND: +#ifdef NEW_LOGGING + LDAP_LOG(( "filter", LDAP_LEVEL_DETAIL1, + "test_filter: AND\n" )); +#else Debug( LDAP_DEBUG_FILTER, " AND\n", 0, 0, 0 ); +#endif + rc = test_filter_and( be, conn, op, e, f->f_and ); break; case LDAP_FILTER_OR: +#ifdef NEW_LOGGING + LDAP_LOG(( "filter", LDAP_LEVEL_DETAIL1, + "test_filter: OR\n" )); +#else Debug( LDAP_DEBUG_FILTER, " OR\n", 0, 0, 0 ); +#endif + rc = test_filter_or( be, conn, op, e, f->f_or ); break; case LDAP_FILTER_NOT: +#ifdef NEW_LOGGING + LDAP_LOG(( "filter", LDAP_LEVEL_DETAIL1, + "test_filter: NOT\n" )); +#else Debug( LDAP_DEBUG_FILTER, " NOT\n", 0, 0, 0 ); +#endif + rc = test_filter( be, conn, op, e, f->f_not ); + /* Flip true to false and false to true + * but leave Undefined alone. + */ switch( rc ) { case LDAP_COMPARE_TRUE: rc = LDAP_COMPARE_FALSE; @@ -123,23 +184,82 @@ test_filter( } break; -#ifdef SLAPD_EXT_FILTERS case LDAP_FILTER_EXT: +#ifdef NEW_LOGGING + LDAP_LOG(( "filter", LDAP_LEVEL_DETAIL1, + "test_filter: EXT\n" )); +#else Debug( LDAP_DEBUG_FILTER, " EXT\n", 0, 0, 0 ); +#endif + rc = test_mra_filter( be, conn, op, e, f->f_mra ); break; -#endif default: +#ifdef NEW_LOGGING + LDAP_LOG(( "filter", LDAP_LEVEL_INFO, + "test_filter: unknown filter type %lu\n", + f->f_choice )); +#else Debug( LDAP_DEBUG_ANY, " unknown filter type %lu\n", f->f_choice, 0, 0 ); +#endif + rc = LDAP_PROTOCOL_ERROR; } +#ifdef NEW_LOGGING + LDAP_LOG(( "filter", LDAP_LEVEL_ENTRY, + "test_filter: return=%d\n", rc )); +#else Debug( LDAP_DEBUG_FILTER, "<= test_filter %d\n", rc, 0, 0 ); +#endif + return( rc ); } +static int test_mra_filter( + Backend *be, + Connection *conn, + Operation *op, + Entry *e, + MatchingRuleAssertion *mra ) +{ + Attribute *a; + + if( !access_allowed( be, conn, op, e, + mra->ma_desc, &mra->ma_value, ACL_SEARCH, NULL ) ) + { + return LDAP_INSUFFICIENT_ACCESS; + } + + for(a = attrs_find( e->e_attrs, mra->ma_desc ); + a != NULL; + a = attrs_find( a->a_next, mra->ma_desc ) ) + { + struct berval *bv; + for ( bv = a->a_vals; bv->bv_val != NULL; bv++ ) { + int ret; + int rc; + const char *text; + + rc = value_match( &ret, a->a_desc, mra->ma_rule, + SLAP_MR_ASSERTION_SYNTAX_MATCH, + bv, &mra->ma_value, + &text ); + + if( rc != LDAP_SUCCESS ) { + return rc; + } + + if ( ret == 0 ) { + return LDAP_COMPARE_TRUE; + } + } + } + + return LDAP_COMPARE_FALSE; +} static int test_ava_filter( @@ -151,11 +271,10 @@ test_ava_filter( int type ) { - int i; Attribute *a; - if ( be != NULL && ! access_allowed( be, conn, op, e, - ava->aa_desc, ava->aa_value, ACL_SEARCH ) ) + if ( !access_allowed( be, conn, op, e, + ava->aa_desc, &ava->aa_value, ACL_SEARCH, NULL ) ) { return LDAP_INSUFFICIENT_ACCESS; } @@ -165,12 +284,15 @@ test_ava_filter( a = attrs_find( a->a_next, ava->aa_desc ) ) { MatchingRule *mr; + struct berval *bv; switch ( type ) { case LDAP_FILTER_APPROX: mr = a->a_desc->ad_type->sat_approx; if( mr != NULL ) break; + /* use EQUALITY matching rule if no APPROX rule */ + case LDAP_FILTER_EQUALITY: mr = a->a_desc->ad_type->sat_equality; break; @@ -188,14 +310,14 @@ test_ava_filter( continue; } - for ( i = 0; a->a_vals[i] != NULL; i++ ) { + for ( bv = a->a_vals; bv->bv_val != NULL; bv++ ) { int ret; int rc; const char *text; rc = value_match( &ret, a->a_desc, mr, - a->a_vals[i], ava->aa_value, - &text ); + SLAP_MR_ASSERTION_SYNTAX_MATCH, + bv, &ava->aa_value, &text ); if( rc != LDAP_SUCCESS ) { return rc; @@ -237,8 +359,7 @@ test_presence_filter( AttributeDescription *desc ) { - if ( be != NULL && ! access_allowed( be, conn, op, e, - desc, NULL, ACL_SEARCH ) ) + if ( !access_allowed( be, conn, op, e, desc, NULL, ACL_SEARCH, NULL ) ) { return LDAP_INSUFFICIENT_ACCESS; } @@ -258,23 +379,38 @@ test_filter_and( ) { Filter *f; - int rtn = LDAP_COMPARE_TRUE; + int rtn = LDAP_COMPARE_TRUE; /* True if empty */ +#ifdef NEW_LOGGING + LDAP_LOG(( "filter", LDAP_LEVEL_ENTRY, + "test_filter_and: begin\n" )); +#else Debug( LDAP_DEBUG_FILTER, "=> test_filter_and\n", 0, 0, 0 ); +#endif + for ( f = flist; f != NULL; f = f->f_next ) { int rc = test_filter( be, conn, op, e, f ); if ( rc == LDAP_COMPARE_FALSE ) { - rtn = LDAP_COMPARE_FALSE; + /* filter is False */ + rtn = rc; break; } + if ( rc != LDAP_COMPARE_TRUE ) { + /* filter is Undefined unless later elements are False */ rtn = rc; } } +#ifdef NEW_LOGGING + LDAP_LOG(( "filter", LDAP_LEVEL_ENTRY, + "test_filter_and: rc=%d\n", rtn )); +#else Debug( LDAP_DEBUG_FILTER, "<= test_filter_and %d\n", rtn, 0, 0 ); +#endif + return rtn; } @@ -288,23 +424,38 @@ test_filter_or( ) { Filter *f; - int rtn = LDAP_COMPARE_FALSE; + int rtn = LDAP_COMPARE_FALSE; /* False if empty */ +#ifdef NEW_LOGGING + LDAP_LOG(( "filter", LDAP_LEVEL_ENTRY, + "test_filter_or: begin\n" )); +#else Debug( LDAP_DEBUG_FILTER, "=> test_filter_or\n", 0, 0, 0 ); +#endif + for ( f = flist; f != NULL; f = f->f_next ) { int rc = test_filter( be, conn, op, e, f ); if ( rc == LDAP_COMPARE_TRUE ) { - rtn = LDAP_COMPARE_TRUE; + /* filter is True */ + rtn = rc; break; } - if ( rc != LDAP_COMPARE_TRUE ) { + + if ( rc != LDAP_COMPARE_FALSE ) { + /* filter is Undefined unless later elements are True */ rtn = rc; } } +#ifdef NEW_LOGGING + LDAP_LOG(( "filter", LDAP_LEVEL_ENTRY, + "test_filter_or: result=%d\n", rtn )); +#else Debug( LDAP_DEBUG_FILTER, "<= test_filter_or %d\n", rtn, 0, 0 ); +#endif + return rtn; } @@ -320,10 +471,16 @@ test_substrings_filter( { Attribute *a; +#ifdef NEW_LOGGING + LDAP_LOG(( "filter", LDAP_LEVEL_ENTRY, + "test_substrings_filter: begin\n" )); +#else Debug( LDAP_DEBUG_FILTER, "begin test_substrings_filter\n", 0, 0, 0 ); +#endif - if ( be != NULL && ! access_allowed( be, conn, op, e, - f->f_sub_desc, NULL, ACL_SEARCH ) ) + + if ( !access_allowed( be, conn, op, e, + f->f_sub_desc, NULL, ACL_SEARCH, NULL ) ) { return LDAP_INSUFFICIENT_ACCESS; } @@ -332,21 +489,21 @@ test_substrings_filter( a != NULL; a = attrs_find( a->a_next, f->f_sub_desc ) ) { - int i; MatchingRule *mr = a->a_desc->ad_type->sat_substr; + struct berval *bv; if( mr == NULL ) { continue; } - for ( i = 0; a->a_vals[i] != NULL; i++ ) { + for ( bv = a->a_vals; bv->bv_val != NULL; bv++ ) { int ret; int rc; const char *text; rc = value_match( &ret, a->a_desc, mr, - a->a_vals[i], f->f_sub, - &text ); + SLAP_MR_ASSERTION_SYNTAX_MATCH, + bv, f->f_sub, &text ); if( rc != LDAP_SUCCESS ) { return rc; @@ -358,6 +515,12 @@ test_substrings_filter( } } +#ifdef NEW_LOGGING + LDAP_LOG(( "filter", LDAP_LEVEL_ENTRY, + "test_substrings_filter: return FALSE\n" )); +#else Debug( LDAP_DEBUG_FILTER, "end test_substrings_filter 1\n", 0, 0, 0 ); +#endif + return LDAP_COMPARE_FALSE; }