X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=servers%2Fslapd%2FmatchedValues.c;h=0d3986ae2b4f8da8397134954c7318c0aa11a067;hb=4e4818771c26a4c02808130970f2a5e4c216ef52;hp=7a9b2d2ab22dafd650de5fe459038b5af9c5feca;hpb=8c152396b9ff4fa0f2618435441550c1f12df461;p=openldap

diff --git a/servers/slapd/matchedValues.c b/servers/slapd/matchedValues.c
index 7a9b2d2ab2..0d3986ae2b 100644
--- a/servers/slapd/matchedValues.c
+++ b/servers/slapd/matchedValues.c
@@ -19,11 +19,12 @@
 
 #include "../../libraries/liblber/lber-int.h"
 
-static int test_mra_vrFilter(
+static int
+test_mra_vrFilter(
 	Backend 	*be,
 	Connection 	*conn,
 	Operation	*op,
-	Entry		*e,
+	Attribute	*a,
 	MatchingRuleAssertion *mra,
 	char 		***e_flags
 );
@@ -33,7 +34,7 @@ test_substrings_vrFilter(
 	Backend		*be,
 	Connection	*conn,
 	Operation	*op,
-	Entry		*e,
+	Attribute	*a,
 	ValuesReturnFilter *f,
 	char		***e_flags
 );
@@ -43,7 +44,7 @@ test_presence_vrFilter(
 	Backend		*be,
 	Connection	*conn,
 	Operation	*op,
-	Entry		*e,
+	Attribute	*a,
 	AttributeDescription *desc,
 	char 		***e_flags
 );
@@ -53,7 +54,7 @@ test_ava_vrFilter(
 	Backend		*be,
 	Connection	*conn,
 	Operation	*op,
-	Entry		*e,
+	Attribute	*a,
 	AttributeAssertion *ava,
 	int		type,
 	char 		***e_flags
@@ -65,20 +66,15 @@ filter_matched_values(
 	Backend		*be,
 	Connection	*conn,
 	Operation	*op,
-	Entry		*e,
+	Attribute	*a,
 	char		***e_flags
 )
 {
 	ValuesReturnFilter *f;
-	Attribute	*a;
-	struct berval	*bv;
-	char		filter_found;
-	int 		i, j;
 	int		rc = LDAP_SUCCESS;
 
 #ifdef NEW_LOGGING
-	LDAP_LOG(( "filter", LDAP_LEVEL_ENTRY,
-		"filter_matched_values: begin\n" ));
+	LDAP_LOG( FILTER, ENTRY, "filter_matched_values: begin\n", 0, 0, 0 );
 #else
 	Debug( LDAP_DEBUG_FILTER, "=> filter_matched_values\n", 0, 0, 0 );
 #endif
@@ -87,13 +83,12 @@ filter_matched_values(
 		switch ( f->f_choice ) {
 		case SLAPD_FILTER_COMPUTED:
 #ifdef NEW_LOGGING
-			LDAP_LOG(( "filter", LDAP_LEVEL_DETAIL1,
+			LDAP_LOG( FILTER, DETAIL1, 
 				"test_vrFilter: COMPUTED %s (%d)\n",
 				f->f_result == LDAP_COMPARE_FALSE ? "false" :
 				f->f_result == LDAP_COMPARE_TRUE	 ? "true"  :
 				f->f_result == SLAPD_COMPARE_UNDEFINED ? "undefined" :
-				"error",
-				f->f_result ));
+				"error", f->f_result, 0 );
 #else
 			Debug( LDAP_DEBUG_FILTER, "	COMPUTED %s (%d)\n",
 				f->f_result == LDAP_COMPARE_FALSE ? "false" :
@@ -107,12 +102,11 @@ filter_matched_values(
 
 		case LDAP_FILTER_EQUALITY:
 #ifdef NEW_LOGGING
-			LDAP_LOG(( "filter", LDAP_LEVEL_DETAIL1,
-				"test_vrFilter: EQUALITY\n" ));
+			LDAP_LOG( FILTER, DETAIL1, "test_vrFilter: EQUALITY\n", 0, 0, 0 );
 #else
 			Debug( LDAP_DEBUG_FILTER, "	EQUALITY\n", 0, 0, 0 );
 #endif
-			rc = test_ava_vrFilter( be, conn, op, e, f->f_ava,
+			rc = test_ava_vrFilter( be, conn, op, a, f->f_ava,
 				LDAP_FILTER_EQUALITY, e_flags );
 			if( rc == -1 ) {
 				return rc;
@@ -121,13 +115,12 @@ filter_matched_values(
 
 		case LDAP_FILTER_SUBSTRINGS:
 #ifdef NEW_LOGGING
-			LDAP_LOG(( "filter", LDAP_LEVEL_DETAIL1,
-				"test_vrFilter  SUBSTRINGS\n" ));
+			LDAP_LOG( FILTER, DETAIL1, "test_vrFilter  SUBSTRINGS\n", 0, 0, 0 );
 #else
 			Debug( LDAP_DEBUG_FILTER, "	SUBSTRINGS\n", 0, 0, 0 );
 #endif
 
-			rc = test_substrings_vrFilter( be, conn, op, e,
+			rc = test_substrings_vrFilter( be, conn, op, a,
 				f, e_flags );
 			if( rc == -1 ) {
 				return rc;
@@ -136,12 +129,11 @@ filter_matched_values(
 
 		case LDAP_FILTER_PRESENT:
 #ifdef NEW_LOGGING
-			LDAP_LOG(( "filter", LDAP_LEVEL_DETAIL1,
-				"test_vrFilter:	PRESENT\n" ));
+			LDAP_LOG( FILTER, DETAIL1, "test_vrFilter:	PRESENT\n", 0, 0, 0 );
 #else
 			Debug( LDAP_DEBUG_FILTER, "	PRESENT\n", 0, 0, 0 );
 #endif
-			rc = test_presence_vrFilter( be, conn, op, e,
+			rc = test_presence_vrFilter( be, conn, op, a,
 				f->f_desc, e_flags );
 			if( rc == -1 ) {
 				return rc;
@@ -149,7 +141,7 @@ filter_matched_values(
 			break;
 
 		case LDAP_FILTER_GE:
-			rc = test_ava_vrFilter( be, conn, op, e, f->f_ava,
+			rc = test_ava_vrFilter( be, conn, op, a, f->f_ava,
 				LDAP_FILTER_GE, e_flags );
 			if( rc == -1 ) {
 				return rc;
@@ -157,7 +149,7 @@ filter_matched_values(
 			break;
 
 		case LDAP_FILTER_LE:
-			rc = test_ava_vrFilter( be, conn, op, e, f->f_ava,
+			rc = test_ava_vrFilter( be, conn, op, a, f->f_ava,
 				LDAP_FILTER_LE, e_flags );
 			if( rc == -1 ) {
 				return rc;
@@ -166,12 +158,11 @@ filter_matched_values(
 
 		case LDAP_FILTER_EXT:
 #ifdef NEW_LOGGING
-			LDAP_LOG(( "filter", LDAP_LEVEL_DETAIL1,
-				"test_vrFilter:	EXT\n" ));
+			LDAP_LOG( FILTER, DETAIL1, "test_vrFilter:	EXT\n", 0, 0, 0 );
 #else
 			Debug( LDAP_DEBUG_FILTER, "	EXT\n", 0, 0, 0 );
 #endif
-			rc = test_mra_vrFilter( be, conn, op, e,
+			rc = test_mra_vrFilter( be, conn, op, a,
 				f->f_mra, e_flags );
 			if( rc == -1 ) {
 				return rc;
@@ -180,9 +171,8 @@ filter_matched_values(
 
 		default:
 #ifdef NEW_LOGGING
-			LDAP_LOG(( "filter", LDAP_LEVEL_INFO,
-				"test_vrFilter:  unknown filter type %lu\n", 
-				f->f_choice ));
+			LDAP_LOG( FILTER, INFO, 
+				"test_vrFilter:  unknown filter type %lu\n", f->f_choice, 0, 0 );
 #else
 			Debug( LDAP_DEBUG_ANY, "	unknown filter type %lu\n",
 				f->f_choice, 0, 0 );
@@ -192,8 +182,7 @@ filter_matched_values(
 	}
 
 #ifdef NEW_LOGGING
-	LDAP_LOG(( "filter", LDAP_LEVEL_ENTRY,
-		"filter_matched_values:  return=%d\n", rc ));
+	LDAP_LOG( FILTER, ENTRY, "filter_matched_values:  return=%d\n", rc, 0, 0 );
 #else
 	Debug( LDAP_DEBUG_FILTER, "<= filter_matched_values %d\n", rc, 0, 0 );
 #endif
@@ -202,26 +191,18 @@ filter_matched_values(
 
 static int
 test_ava_vrFilter(
-		Backend		*be,
+	Backend		*be,
 	Connection	*conn,
-		Operation	*op,
-		Entry		*e,
+	Operation	*op,
+	Attribute	*a,
 	AttributeAssertion *ava,
-		int		type,
-		char 		***e_flags
+	int		type,
+	char 		***e_flags
 )
 {
-	int		rc;
 	int 		i, j;
-	Attribute	*a;
-
-	if ( !access_allowed( be, conn, op, e,
-		ava->aa_desc, &ava->aa_value, ACL_SEARCH, NULL ) )
-	{
-		return LDAP_INSUFFICIENT_ACCESS;
-	}
 
-	for (a = e->e_attrs, i=0; a != NULL; a = a->a_next, i++ ) {
+	for ( i=0; a != NULL; a = a->a_next, i++ ) {
 
 		MatchingRule *mr;
 		struct berval *bv;
@@ -292,22 +273,17 @@ test_ava_vrFilter(
 
 static int
 test_presence_vrFilter(
-		Backend		*be,
-		Connection	*conn,
-		Operation	*op,
-		Entry		*e,
-		AttributeDescription *desc,
-		char 		***e_flags
+	Backend		*be,
+	Connection	*conn,
+	Operation	*op,
+	Attribute	*a,
+	AttributeDescription *desc,
+	char 		***e_flags
 )
 {
 	int i, j;
-	Attribute	*a;
 
-	if ( !access_allowed( be, conn, op, e, desc, NULL, ACL_SEARCH, NULL ) ) {
-		return LDAP_INSUFFICIENT_ACCESS;
-	}
-
-	for (a = e->e_attrs, i=0; a != NULL; a = a->a_next, i++ ) {
+	for ( i=0; a != NULL; a = a->a_next, i++ ) {
 		struct berval *bv;
 
 		if ( !is_ad_subtype( a->a_desc, desc ) ) {
@@ -323,24 +299,17 @@ test_presence_vrFilter(
 
 static int
 test_substrings_vrFilter(
-		Backend		*be,
-		Connection	*conn,
-		Operation	*op,
-		Entry		*e,
-		ValuesReturnFilter *f,
-		char		***e_flags
+	Backend		*be,
+	Connection	*conn,
+	Operation	*op,
+	Attribute	*a,
+	ValuesReturnFilter *f,
+	char		***e_flags
 )
 {
 	int i, j;
-	Attribute	*a;
-
-	if ( !access_allowed( be, conn, op, e,
-		f->f_sub_desc, NULL, ACL_SEARCH, NULL ) )
-	{
-		return LDAP_INSUFFICIENT_ACCESS;
-	}
 
-	for (a = e->e_attrs, i=0; a != NULL; a = a->a_next, i++ ) {
+	for ( i=0; a != NULL; a = a->a_next, i++ ) {
 		MatchingRule *mr = a->a_desc->ad_type->sat_substr;
 		struct berval *bv;
 
@@ -374,29 +343,44 @@ test_substrings_vrFilter(
 	return LDAP_SUCCESS;
 }
 
-static int test_mra_vrFilter(
+static int
+test_mra_vrFilter(
 	Backend 	*be,
 	Connection 	*conn,
 	Operation	*op,
-	Entry		*e,
+	Attribute	*a,
 	MatchingRuleAssertion *mra,
 	char 		***e_flags
 )
 {
 	int i, j;
-	Attribute	*a;
 
-	if( !access_allowed( be, conn, op, e,
-		mra->ma_desc, &mra->ma_value, ACL_SEARCH, NULL ) )
-	{
-		return LDAP_INSUFFICIENT_ACCESS;
-	}
+	for ( i=0; a != NULL; a = a->a_next, i++ ) {
+		struct berval *bv, value;
+
+		if ( mra->ma_desc ) {
+			if ( !is_ad_subtype( a->a_desc, mra->ma_desc ) ) {
+				continue;
+			}
+			value = mra->ma_value;
+
+		} else {
+			const char	*text = NULL;
+
+			/* check if matching is appropriate */
+			if ( strcmp( mra->ma_rule->smr_syntax->ssyn_oid,
+				a->a_desc->ad_type->sat_syntax->ssyn_oid ) != 0 ) {
+				continue;
+			}
+
+			/* normalize for equality */
+			if ( value_validate_normalize( a->a_desc, 
+				SLAP_MR_EQUALITY,
+				&mra->ma_value, &value,
+				&text ) != LDAP_SUCCESS ) {
+				continue;
+			}
 
-	for (a = e->e_attrs, i=0; a != NULL; a = a->a_next, i++ ) {
-		struct berval *bv;
-	
-		if ( !is_ad_subtype( a->a_desc, mra->ma_desc ) ) {
-			return( LDAP_SUCCESS );
 		}
 
 		for ( bv = a->a_vals, j = 0; bv->bv_val != NULL; bv++, j++ ) {
@@ -406,14 +390,14 @@ static int test_mra_vrFilter(
 
 			rc = value_match( &ret, a->a_desc, mra->ma_rule,
 				SLAP_MR_ASSERTION_SYNTAX_MATCH,
-				bv, &mra->ma_value,
+				bv, &value,
 				&text );
 
 			if( rc != LDAP_SUCCESS ) {
 				return rc;
 			}
 
-			if ( ret ) {
+			if ( ret == 0 ) {
 				(*e_flags)[i][j] = 1;
 			}
 		}