X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=servers%2Fslapd%2Fmra.c;h=5276c546e6700f1ac32a1411c2e6fc67dd8b941b;hb=956f1d16aa522da6f6506d9c8fe9ce0d9867678a;hp=f3107156aaca9902143b41d1f6229300dcbcf65a;hpb=a1d757a0383fd65825ba1536547e4c3086780cfa;p=openldap diff --git a/servers/slapd/mra.c b/servers/slapd/mra.c index f3107156aa..5276c546e6 100644 --- a/servers/slapd/mra.c +++ b/servers/slapd/mra.c @@ -14,7 +14,6 @@ #include "slap.h" - void mra_free( MatchingRuleAssertion *mra, @@ -34,7 +33,8 @@ get_mra( const char **text ) { - int rc, tag; + int rc; + ber_tag_t tag, rtag; ber_len_t length; struct berval type = { 0, NULL }, value; MatchingRuleAssertion *ma; @@ -48,12 +48,12 @@ get_mra( ma->ma_value.bv_len = 0; ma->ma_value.bv_val = NULL; - rc = ber_scanf( ber, "{t", &tag ); + rtag = ber_scanf( ber, "{t", &tag ); - if( rc == LBER_ERROR ) { + if( rtag == LBER_ERROR ) { #ifdef NEW_LOGGING - LDAP_LOG(( "operation", LDAP_LEVEL_ERR, - "get_mra: ber_scanf (\"{t\") failure\n" )); + LDAP_LOG( OPERATION, ERR, + "get_mra: ber_scanf (\"{t\") failure\n", 0, 0, 0 ); #else Debug( LDAP_DEBUG_ANY, " get_mra ber_scanf\n", 0, 0, 0 ); #endif @@ -64,11 +64,11 @@ get_mra( } if ( tag == LDAP_FILTER_EXT_OID ) { - rc = ber_scanf( ber, "m", &ma->ma_rule_text ); - if ( rc == LBER_ERROR ) { + rtag = ber_scanf( ber, "m", &ma->ma_rule_text ); + if ( rtag == LBER_ERROR ) { #ifdef NEW_LOGGING - LDAP_LOG(( "operation", LDAP_LEVEL_ERR, - "get_mra: ber_scanf(\"o\") failure.\n" )); + LDAP_LOG( OPERATION, ERR, + "get_mra: ber_scanf(\"o\") failure.\n", 0, 0, 0 ); #else Debug( LDAP_DEBUG_ANY, " get_mra ber_scanf for mr\n", 0, 0, 0 ); #endif @@ -78,11 +78,11 @@ get_mra( return SLAPD_DISCONNECT; } - rc = ber_scanf( ber, "t", &tag ); - if( rc == LBER_ERROR ) { + rtag = ber_scanf( ber, "t", &tag ); + if( rtag == LBER_ERROR ) { #ifdef NEW_LOGGING - LDAP_LOG(( "operation", LDAP_LEVEL_ERR, - "get_mra: ber_scanf (\"t\") failure\n" )); + LDAP_LOG( OPERATION, ERR, + "get_mra: ber_scanf (\"t\") failure\n", 0, 0, 0 ); #else Debug( LDAP_DEBUG_ANY, " get_mra ber_scanf\n", 0, 0, 0 ); #endif @@ -94,11 +94,11 @@ get_mra( } if ( tag == LDAP_FILTER_EXT_TYPE ) { - rc = ber_scanf( ber, "m", &type ); - if ( rc == LBER_ERROR ) { + rtag = ber_scanf( ber, "m", &type ); + if ( rtag == LBER_ERROR ) { #ifdef NEW_LOGGING - LDAP_LOG(( "operation", LDAP_LEVEL_ERR, - "get_mra: ber_scanf (\"o\") failure.\n" )); + LDAP_LOG( OPERATION, ERR, + "get_mra: ber_scanf (\"o\") failure.\n", 0, 0, 0 ); #else Debug( LDAP_DEBUG_ANY, " get_mra ber_scanf for ad\n", 0, 0, 0 ); #endif @@ -107,11 +107,11 @@ get_mra( return SLAPD_DISCONNECT; } - rc = ber_scanf( ber, "t", &tag ); - if( rc == LBER_ERROR ) { + rtag = ber_scanf( ber, "t", &tag ); + if( rtag == LBER_ERROR ) { #ifdef NEW_LOGGING - LDAP_LOG(( "operation", LDAP_LEVEL_ERR, - "get_mra: ber_scanf (\"t\") failure.\n" )); + LDAP_LOG( OPERATION, ERR, + "get_mra: ber_scanf (\"t\") failure.\n", 0, 0, 0 ); #else Debug( LDAP_DEBUG_ANY, " get_mra ber_scanf\n", 0, 0, 0 ); #endif @@ -124,8 +124,8 @@ get_mra( if ( tag != LDAP_FILTER_EXT_VALUE ) { #ifdef NEW_LOGGING - LDAP_LOG(( "operation", LDAP_LEVEL_ERR, - "get_mra: ber_scanf missing value\n" )); + LDAP_LOG( OPERATION, ERR, + "get_mra: ber_scanf missing value\n", 0, 0, 0 ); #else Debug( LDAP_DEBUG_ANY, " get_mra ber_scanf missing value\n", 0, 0, 0 ); #endif @@ -135,12 +135,12 @@ get_mra( return SLAPD_DISCONNECT; } - rc = ber_scanf( ber, "m", &value ); + rtag = ber_scanf( ber, "m", &value ); - if( rc == LBER_ERROR ) { + if( rtag == LBER_ERROR ) { #ifdef NEW_LOGGING - LDAP_LOG(( "operation", LDAP_LEVEL_ERR, - "get_mra: ber_scanf (\"o\") failure.\n" )); + LDAP_LOG( OPERATION, ERR, + "get_mra: ber_scanf (\"o\") failure.\n", 0, 0, 0 ); #else Debug( LDAP_DEBUG_ANY, " get_mra ber_scanf\n", 0, 0, 0 ); #endif @@ -153,15 +153,14 @@ get_mra( tag = ber_peek_tag( ber, &length ); if ( tag == LDAP_FILTER_EXT_DNATTRS ) { - rc = ber_scanf( ber, "b}", &ma->ma_dnattrs ); + rtag = ber_scanf( ber, "b}", &ma->ma_dnattrs ); } else { - rc = ber_scanf( ber, "}" ); + rtag = ber_scanf( ber, "}" ); } - if( rc == LBER_ERROR ) { + if( rtag == LBER_ERROR ) { #ifdef NEW_LOGGING - LDAP_LOG(( "operation", LDAP_LEVEL_ERR, - "get_mra: ber_scanf failure\n")); + LDAP_LOG( OPERATION, ERR, "get_mra: ber_scanf failure\n", 0, 0, 0); #else Debug( LDAP_DEBUG_ANY, " get_mra ber_scanf\n", 0, 0, 0 ); #endif @@ -171,21 +170,12 @@ get_mra( return SLAPD_DISCONNECT; } - if( ma->ma_dnattrs ) { - *text = "matching with \":dn\" not supported"; - return LDAP_INAPPROPRIATE_MATCHING; - } - if( type.bv_val != NULL ) { rc = slap_bv2ad( &type, &ma->ma_desc, text ); if( rc != LDAP_SUCCESS ) { mra_free( ma, 1 ); return rc; } - - } else { - *text = "matching without attribute description rule not supported"; - return LDAP_INAPPROPRIATE_MATCHING; } if( ma->ma_rule_text.bv_val != NULL ) { @@ -197,36 +187,53 @@ get_mra( } } - if( ma->ma_desc != NULL && - ma->ma_desc->ad_type->sat_equality != NULL && - ma->ma_desc->ad_type->sat_equality->smr_usage & SLAP_MR_EXT ) - { - /* no matching rule was provided, use the attribute's - equality rule if it supports extensible matching. */ - ma->ma_rule = ma->ma_desc->ad_type->sat_equality; + if ( ma->ma_rule == NULL ) { + /* + * Need either type or rule ... + */ + if ( ma->ma_desc == NULL ) { + mra_free( ma, 1 ); + *text = "no matching rule or type"; + return LDAP_INAPPROPRIATE_MATCHING; + } - } else { - mra_free( ma, 1 ); - return LDAP_INAPPROPRIATE_MATCHING; - } + if ( ma->ma_desc->ad_type->sat_equality != NULL && + ma->ma_desc->ad_type->sat_equality->smr_usage & SLAP_MR_EXT ) + { + /* no matching rule was provided, use the attribute's + equality rule if it supports extensible matching. */ + ma->ma_rule = ma->ma_desc->ad_type->sat_equality; - /* check to see if the matching rule is appropriate for - the syntax of the attribute. This check will need - to be extended to support other kinds of extensible - matching rules */ - if( strcmp( ma->ma_rule->smr_syntax->ssyn_oid, - ma->ma_desc->ad_type->sat_syntax->ssyn_oid ) != 0 ) - { - mra_free( ma, 1 ); - return LDAP_INAPPROPRIATE_MATCHING; + } else { + *text = "no appropriate rule to use for type"; + mra_free( ma, 1 ); + return LDAP_INAPPROPRIATE_MATCHING; + } } - /* - * OK, if no matching rule, normalize for equality, otherwise - * normalize for the matching rule. - */ - rc = value_validate_normalize( ma->ma_desc, SLAP_MR_EQUALITY, - &value, &ma->ma_value, text ); + if ( ma->ma_desc != NULL ) { + if( !mr_usable_with_at( ma->ma_rule, ma->ma_desc->ad_type ) ) { + mra_free( ma, 1 ); + *text = "matching rule use with this attribute not appropriate"; + return LDAP_INAPPROPRIATE_MATCHING; + } + + /* + * OK, if no matching rule, normalize for equality, otherwise + * normalize for the matching rule. + */ + rc = value_validate_normalize( ma->ma_desc, SLAP_MR_EQUALITY, + &value, &ma->ma_value, text ); + } else { + /* + * Need to normalize, but how? + */ + rc = value_validate( ma->ma_rule, &value, text ); + if ( rc == LDAP_SUCCESS ) { + ber_dupbv( &ma->ma_value, &value ); + } + + } if( rc != LDAP_SUCCESS ) { mra_free( ma, 1 );