X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=servers%2Fslapd%2Fmra.c;h=eca939b02674fd8b17def10f75c736b76a158c53;hb=50d490be6c54e81fbbe464ae1233660e90fff958;hp=0223e44704764d5108e56a61718714554ff11057;hpb=faa99564467f36a06b761e440c1f0acb2f783705;p=openldap

diff --git a/servers/slapd/mra.c b/servers/slapd/mra.c
index 0223e44704..eca939b026 100644
--- a/servers/slapd/mra.c
+++ b/servers/slapd/mra.c
@@ -14,16 +14,12 @@
 
 #include "slap.h"
 
-
 void
 mra_free(
-    MatchingRuleAssertion *mra,
-    int	freeit
+	MatchingRuleAssertion *mra,
+	int	freeit
 )
 {
-#if 0	/* no longer a malloc'd string */
-	ch_free( mra->ma_rule_text.bv_val );
-#endif
 	ch_free( mra->ma_value.bv_val );
 	if ( freeit ) {
 		ch_free( (char *) mra );
@@ -32,30 +28,32 @@ mra_free(
 
 int
 get_mra(
-    BerElement	*ber,
-    MatchingRuleAssertion	**mra,
+	BerElement	*ber,
+	MatchingRuleAssertion	**mra,
 	const char **text
 )
 {
-	int rc, tag;
+	int rc;
+	ber_tag_t tag, rtag;
 	ber_len_t length;
-	struct berval type, value;
+	struct berval type = { 0, NULL }, value;
 	MatchingRuleAssertion *ma;
 
 	ma = ch_malloc( sizeof( MatchingRuleAssertion ) );
 	ma->ma_rule = NULL;
-	ma->ma_rule_text.bv_val = NULL;
 	ma->ma_rule_text.bv_len = 0;
+	ma->ma_rule_text.bv_val = NULL;
 	ma->ma_desc = NULL;
 	ma->ma_dnattrs = 0;
+	ma->ma_value.bv_len = 0;
 	ma->ma_value.bv_val = NULL;
 
-	rc = ber_scanf( ber, "{t", &tag );
+	rtag = ber_scanf( ber, "{t", &tag );
 
-	if( rc == LBER_ERROR ) {
+	if( rtag == LBER_ERROR ) {
 #ifdef NEW_LOGGING
-		LDAP_LOG(( "operation", LDAP_LEVEL_ERR,
-			   "get_mra: ber_scanf (\"{t\") failure\n" ));
+		LDAP_LOG( OPERATION, ERR, 
+			"get_mra: ber_scanf (\"{t\") failure\n", 0, 0, 0 );
 #else
 		Debug( LDAP_DEBUG_ANY, "  get_mra ber_scanf\n", 0, 0, 0 );
 #endif
@@ -66,11 +64,11 @@ get_mra(
 	}
 
 	if ( tag == LDAP_FILTER_EXT_OID ) {
-		rc = ber_scanf( ber, "m", &ma->ma_rule_text );
-		if ( rc == LBER_ERROR ) {
+		rtag = ber_scanf( ber, "m", &ma->ma_rule_text );
+		if ( rtag == LBER_ERROR ) {
 #ifdef NEW_LOGGING
-			LDAP_LOG(( "operation", LDAP_LEVEL_ERR,
-				   "get_mra: ber_scanf(\"o\") failure.\n" ));
+			LDAP_LOG( OPERATION, ERR,
+			   "get_mra: ber_scanf(\"o\") failure.\n", 0, 0, 0 );
 #else
 			Debug( LDAP_DEBUG_ANY, "  get_mra ber_scanf for mr\n", 0, 0, 0 );
 #endif
@@ -79,14 +77,12 @@ get_mra(
 			mra_free( ma, 1 );
 			return SLAPD_DISCONNECT;
 		}
-		ma->ma_rule = mr_bvfind( &ma->ma_rule_text );
-
-		rc = ber_scanf( ber, "t", &tag );
 
-		if( rc == LBER_ERROR ) {
+		rtag = ber_scanf( ber, "t", &tag );
+		if( rtag == LBER_ERROR ) {
 #ifdef NEW_LOGGING
-			LDAP_LOG(( "operation", LDAP_LEVEL_ERR,
-				   "get_mra: ber_scanf (\"t\") failure\n" ));
+			LDAP_LOG( OPERATION, ERR,
+			   "get_mra: ber_scanf (\"t\") failure\n", 0, 0, 0 );
 #else
 			Debug( LDAP_DEBUG_ANY, "  get_mra ber_scanf\n", 0, 0, 0 );
 #endif
@@ -98,11 +94,11 @@ get_mra(
 	}
 
 	if ( tag == LDAP_FILTER_EXT_TYPE ) {
-		rc = ber_scanf( ber, "m", &type );
-		if ( rc == LBER_ERROR ) {
+		rtag = ber_scanf( ber, "m", &type );
+		if ( rtag == LBER_ERROR ) {
 #ifdef NEW_LOGGING
-			LDAP_LOG(( "operation", LDAP_LEVEL_ERR,
-				   "get_mra: ber_scanf (\"o\") failure.\n" ));
+			LDAP_LOG( OPERATION, ERR,
+			   "get_mra: ber_scanf (\"o\") failure.\n", 0, 0, 0 );
 #else
 			Debug( LDAP_DEBUG_ANY, "  get_mra ber_scanf for ad\n", 0, 0, 0 );
 #endif
@@ -111,19 +107,11 @@ get_mra(
 			return SLAPD_DISCONNECT;
 		}
 
-		rc = slap_bv2ad( &type, &ma->ma_desc, text );
-
-		if( rc != LDAP_SUCCESS ) {
-			mra_free( ma, 1 );
-			return rc;
-		}
-
-		rc = ber_scanf( ber, "t", &tag );
-
-		if( rc == LBER_ERROR ) {
+		rtag = ber_scanf( ber, "t", &tag );
+		if( rtag == LBER_ERROR ) {
 #ifdef NEW_LOGGING
-			LDAP_LOG(( "operation", LDAP_LEVEL_ERR,
-				   "get_mra: ber_scanf (\"t\") failure.\n" ));
+			LDAP_LOG( OPERATION, ERR,
+			   "get_mra: ber_scanf (\"t\") failure.\n", 0, 0, 0 );
 #else
 			Debug( LDAP_DEBUG_ANY, "  get_mra ber_scanf\n", 0, 0, 0 );
 #endif
@@ -136,8 +124,8 @@ get_mra(
 
 	if ( tag != LDAP_FILTER_EXT_VALUE ) {
 #ifdef NEW_LOGGING
-		LDAP_LOG(( "operation", LDAP_LEVEL_ERR,
-			   "get_mra: ber_scanf missing value\n" ));
+		LDAP_LOG( OPERATION, ERR, 
+			"get_mra: ber_scanf missing value\n", 0, 0, 0 );
 #else
 		Debug( LDAP_DEBUG_ANY, "  get_mra ber_scanf missing value\n", 0, 0, 0 );
 #endif
@@ -147,12 +135,12 @@ get_mra(
 		return SLAPD_DISCONNECT;
 	}
 
-	rc = ber_scanf( ber, "m", &value );
+	rtag = ber_scanf( ber, "m", &value );
 
-	if( rc == LBER_ERROR ) {
+	if( rtag == LBER_ERROR ) {
 #ifdef NEW_LOGGING
-		LDAP_LOG(( "operation", LDAP_LEVEL_ERR,
-			   "get_mra: ber_scanf (\"o\") failure.\n" ));
+		LDAP_LOG( OPERATION, ERR, 
+			"get_mra: ber_scanf (\"o\") failure.\n", 0, 0, 0 );
 #else
 		Debug( LDAP_DEBUG_ANY, "  get_mra ber_scanf\n", 0, 0, 0 );
 #endif
@@ -162,31 +150,17 @@ get_mra(
 		return SLAPD_DISCONNECT;
 	}
 
-	/*
-	 * OK, if no matching rule, normalize for equality, otherwise
-	 * normalize for the matching rule.
-	 */
-	rc = value_validate_normalize( ma->ma_desc, SLAP_MR_EQUALITY,
-		&value, &ma->ma_value, text );
-
-	if( rc != LDAP_SUCCESS ) {
-		mra_free( ma, 1 );
-		return rc;
-	}
-
 	tag = ber_peek_tag( ber, &length );
 
 	if ( tag == LDAP_FILTER_EXT_DNATTRS ) {
-		rc = ber_scanf( ber, "b}", &ma->ma_dnattrs );
+		rtag = ber_scanf( ber, "b}", &ma->ma_dnattrs );
 	} else {
-		rc = ber_scanf( ber, "}" );
-		ma->ma_dnattrs = 0;
+		rtag = ber_scanf( ber, "}" );
 	}
 
-	if( rc == LBER_ERROR ) {
+	if( rtag == LBER_ERROR ) {
 #ifdef NEW_LOGGING
-		LDAP_LOG(( "operation", LDAP_LEVEL_ERR,
-			   "get_mra: ber_scanf failure\n"));
+		LDAP_LOG( OPERATION, ERR, "get_mra: ber_scanf failure\n", 0, 0, 0);
 #else
 		Debug( LDAP_DEBUG_ANY, "  get_mra ber_scanf\n", 0, 0, 0 );
 #endif
@@ -196,8 +170,69 @@ get_mra(
 		return SLAPD_DISCONNECT;
 	}
 
-	*mra = ma;
+	if( ma->ma_dnattrs ) {
+		*text = "matching with \":dn\" not supported";
+		return LDAP_INAPPROPRIATE_MATCHING;
+	}
 
+	if( type.bv_val != NULL ) {
+		rc = slap_bv2ad( &type, &ma->ma_desc, text );
+		if( rc != LDAP_SUCCESS ) {
+			mra_free( ma, 1 );
+			return rc;
+		}
+
+	} else {
+		*text = "matching without attribute description rule not supported";
+		return LDAP_INAPPROPRIATE_MATCHING;
+	}
+
+	if( ma->ma_rule_text.bv_val != NULL ) {
+		ma->ma_rule = mr_bvfind( &ma->ma_rule_text );
+		if( ma->ma_rule == NULL ) {
+			mra_free( ma, 1 );
+			*text = "matching rule not recognized";
+			return LDAP_INAPPROPRIATE_MATCHING;
+		}
+	}
+
+	if( ma->ma_desc != NULL &&
+		ma->ma_desc->ad_type->sat_equality != NULL &&
+		ma->ma_desc->ad_type->sat_equality->smr_usage & SLAP_MR_EXT )
+	{
+		/* no matching rule was provided, use the attribute's
+		   equality rule if it supports extensible matching. */
+		ma->ma_rule = ma->ma_desc->ad_type->sat_equality;
+
+	} else {
+		mra_free( ma, 1 );
+		return LDAP_INAPPROPRIATE_MATCHING;
+	}
+
+	/* check to see if the matching rule is appropriate for
+	   the syntax of the attribute.  This check will need
+	   to be extended to support other kinds of extensible
+	   matching rules */
+	if( strcmp( ma->ma_rule->smr_syntax->ssyn_oid,
+		ma->ma_desc->ad_type->sat_syntax->ssyn_oid ) != 0 )
+	{
+		mra_free( ma, 1 );
+		return LDAP_INAPPROPRIATE_MATCHING;
+	}
+
+	/*
+	 * OK, if no matching rule, normalize for equality, otherwise
+	 * normalize for the matching rule.
+	 */
+	rc = value_validate_normalize( ma->ma_desc, SLAP_MR_EQUALITY,
+		&value, &ma->ma_value, text );
+
+	if( rc != LDAP_SUCCESS ) {
+		mra_free( ma, 1 );
+		return rc;
+	}
+
+	*mra = ma;
 	return LDAP_SUCCESS;
 }