* one attribute, and SEARCH permissions can be checked
* directly.
*/
- if( !access_allowed( op, e,
+ if ( !access_allowed( op, e,
mra->ma_desc, &mra->ma_value, ACL_SEARCH, NULL ) )
{
return LDAP_INSUFFICIENT_ACCESS;
return LDAP_COMPARE_FALSE;
}
- for(a = attrs_find( e->e_attrs, mra->ma_desc );
+ for ( a = attrs_find( e->e_attrs, mra->ma_desc );
a != NULL;
a = attrs_find( a->a_next, mra->ma_desc ) )
{
- struct berval *bv;
+ struct berval *bv;
+ int normalize_attribute = 0;
+
#ifdef LDAP_COMP_MATCH
/* Component Matching */
- if( mra->ma_cf && mra->ma_rule->smr_usage & SLAP_MR_COMPONENT ) {
+ if ( mra->ma_cf && mra->ma_rule->smr_usage & SLAP_MR_COMPONENT ) {
num_attr_vals = 0;
if ( !a->a_comp_data ) {
for ( ;
- a->a_vals[num_attr_vals].bv_val != NULL;
+ !BER_BVISNULL( &a->a_vals[num_attr_vals] );
num_attr_vals++ )
{
/* empty */;
/* If ma_rule is not the same as the attribute's
* normal rule, then we can't use the a_nvals.
*/
- if (mra->ma_rule == a->a_desc->ad_type->sat_equality) {
+ if ( mra->ma_rule == a->a_desc->ad_type->sat_equality ) {
bv = a->a_nvals;
+
} else {
bv = a->a_vals;
+ normalize_attribute = 1;
}
#ifdef LDAP_COMP_MATCH
i = 0;
#endif
- for ( ; bv->bv_val != NULL; bv++ ) {
+ for ( ; !BER_BVISNULL( bv ); bv++ ) {
int ret;
int rc;
const char *text;
#ifdef LDAP_COMP_MATCH
- if( mra->ma_cf &&
- mra->ma_rule->smr_usage & SLAP_MR_COMPONENT ) {
+ if ( mra->ma_cf &&
+ mra->ma_rule->smr_usage & SLAP_MR_COMPONENT )
+ {
/* Check if decoded component trees are already linked */
if ( num_attr_vals ) {
a->a_comp_data->cd_tree[i] = attr_converter(
} else
#endif
{
+ struct berval nbv = BER_BVNULL;
+
+ if ( normalize_attribute && mra->ma_rule->smr_normalize ) {
+ /*
+
+ Document: draft-ietf-ldapbis-protocol
+
+ 4.5.1. Search Request
+ ...
+ If the type field is present and the matchingRule is present,
+ the matchValue is compared against entry attributes of the
+ specified type. In this case, the matchingRule MUST be one
+ suitable for use with the specified type (see [Syntaxes]),
+ otherwise the filter item is Undefined.
+
+
+ In this case, since the matchingRule requires the assertion
+ value to be normalized, we normalize the attribute value
+ according to the syntax of the matchingRule.
+
+ This should likely be done inside value_match(), by passing
+ the appropriate flags, but this is not done at present.
+ See ITS#3406.
+ */
+ if ( mra->ma_rule->smr_normalize(
+ SLAP_MR_VALUE_OF_ATTRIBUTE_SYNTAX,
+ mra->ma_rule->smr_syntax,
+ mra->ma_rule,
+ bv, &nbv, memctx ) != LDAP_SUCCESS )
+ {
+ /* FIXME: stop processing? */
+ continue;
+ }
+
+ } else {
+ nbv = *bv;
+ }
+
rc = value_match( &ret, a->a_desc, mra->ma_rule, 0,
- bv, &mra->ma_value, &text );
+ &nbv, &mra->ma_value, &text );
+
+ if ( nbv.bv_val != bv->bv_val ) {
+ memfree( nbv.bv_val, memctx );
+ }
}
- if( rc != LDAP_SUCCESS ) return rc;
+ if ( rc != LDAP_SUCCESS ) return rc;
if ( ret == 0 ) return LDAP_COMPARE_TRUE;
}
}
struct berval *bv, value;
const char *text = NULL;
int rc;
+ int normalize_attribute = 0;
/* check if matching is appropriate */
- if ( !mr_usable_with_at( mra->ma_rule, a->a_desc->ad_type )) {
+ if ( !mr_usable_with_at( mra->ma_rule, a->a_desc->ad_type ) ) {
continue;
}
/* check search access */
if ( !access_allowed( op, e,
- a->a_desc, &value, ACL_SEARCH, NULL ) ) {
+ a->a_desc, &value, ACL_SEARCH, NULL ) )
+ {
memfree( value.bv_val, memctx );
continue;
}
#ifdef LDAP_COMP_MATCH
/* Component Matching */
- if( mra->ma_cf &&
- mra->ma_rule->smr_usage & SLAP_MR_COMPONENT)
+ if ( mra->ma_cf &&
+ mra->ma_rule->smr_usage & SLAP_MR_COMPONENT )
{
int ret;
rc = value_match( &ret, a->a_desc, mra->ma_rule, 0,
(struct berval*)a, (void*)mra, &text );
- if( rc != LDAP_SUCCESS ) break;
+ if ( rc != LDAP_SUCCESS ) break;
if ( ret == 0 ) {
rc = LDAP_COMPARE_TRUE;
#endif
/* check match */
- if (mra->ma_rule == a->a_desc->ad_type->sat_equality) {
+ if ( mra->ma_rule == a->a_desc->ad_type->sat_equality ) {
bv = a->a_nvals;
+
} else {
bv = a->a_vals;
+ normalize_attribute = 1;
}
- for ( ; bv->bv_val != NULL; bv++ ) {
- int ret;
-
+ for ( ; !BER_BVISNULL( bv ); bv++ ) {
+ int ret;
+ struct berval nbv = BER_BVNULL;
+
+ if ( normalize_attribute && mra->ma_rule->smr_normalize ) {
+ /* see comment above */
+ if ( mra->ma_rule->smr_normalize(
+ SLAP_MR_VALUE_OF_ATTRIBUTE_SYNTAX,
+ mra->ma_rule->smr_syntax,
+ mra->ma_rule,
+ bv, &nbv, memctx ) != LDAP_SUCCESS )
+ {
+ /* FIXME: stop processing? */
+ continue;
+ }
+
+ } else {
+ nbv = *bv;
+ }
+
rc = value_match( &ret, a->a_desc, mra->ma_rule, 0,
- bv, &value, &text );
+ &nbv, &value, &text );
+
+ if ( nbv.bv_val != bv->bv_val ) {
+ memfree( nbv.bv_val, memctx );
+ }
- if( rc != LDAP_SUCCESS ) break;
+ if ( rc != LDAP_SUCCESS ) break;
if ( ret == 0 ) {
rc = LDAP_COMPARE_TRUE;
const char *text = NULL;
/* check if matching is appropriate */
- if ( !mr_usable_with_at( mra->ma_rule, ad->ad_type )) {
+ if ( !mr_usable_with_at( mra->ma_rule, ad->ad_type ) ) {
continue;
}
if ( rc == LDAP_SUCCESS && ret == 0 ) rc = LDAP_COMPARE_TRUE;
- if( rc != LDAP_SUCCESS ) {
+ if ( rc != LDAP_SUCCESS ) {
ldap_dnfree_x( dn, memctx );
return rc;
}
continue;
}
- for ( bv = a->a_nvals; bv->bv_val != NULL; bv++ ) {
+ for ( bv = a->a_nvals; !BER_BVISNULL( bv ); bv++ ) {
int ret, match;
const char *text;
continue;
}
- for ( bv = a->a_nvals; bv->bv_val != NULL; bv++ ) {
+ for ( bv = a->a_nvals; !BER_BVISNULL( bv ); bv++ ) {
int ret, match;
const char *text;
if( mr == NULL ) continue;
bv = a->a_nvals;
- for ( j=0; bv->bv_val != NULL; bv++, j++ ) {
+ for ( j=0; !BER_BVISNULL( bv ); bv++, j++ ) {
int rc, match;
const char *text;
if ( !is_ad_subtype( a->a_desc, desc ) ) continue;
- for ( bv = a->a_vals, j=0; bv->bv_val != NULL; bv++, j++ );
+ for ( bv = a->a_vals, j = 0; !BER_BVISNULL( bv ); bv++, j++ );
memset( (*e_flags)[i], 1, j);
}
if( mr == NULL ) continue;
bv = a->a_nvals;
- for ( j = 0; bv->bv_val != NULL; bv++, j++ ) {
+ for ( j = 0; !BER_BVISNULL( bv ); bv++, j++ ) {
int rc, match;
const char *text;
MatchingRuleAssertion *mra,
char ***e_flags )
{
- int i, j;
+ int i, j;
- for ( i=0; a != NULL; a = a->a_next, i++ ) {
- struct berval *bv, assertedValue;
+ for ( i = 0; a != NULL; a = a->a_next, i++ ) {
+ struct berval *bv, assertedValue;
+ int normalize_attribute = 0;
if ( mra->ma_desc ) {
if ( !is_ad_subtype( a->a_desc, mra->ma_desc ) ) {
SLAP_MR_EXT|SLAP_MR_VALUE_OF_ASSERTION_SYNTAX,
&mra->ma_value, &assertedValue, &text, op->o_tmpmemctx );
- if( rc != LDAP_SUCCESS ) continue;
+ if ( rc != LDAP_SUCCESS ) continue;
}
/* check match */
- if (mra->ma_rule == a->a_desc->ad_type->sat_equality) {
+ if ( mra->ma_rule == a->a_desc->ad_type->sat_equality ) {
bv = a->a_nvals;
+
} else {
bv = a->a_vals;
+ normalize_attribute = 1;
}
- for ( j = 0; bv->bv_val != NULL; bv++, j++ ) {
- int rc, match;
- const char *text;
+ for ( j = 0; !BER_BVISNULL( bv ); bv++, j++ ) {
+ int rc, match;
+ const char *text;
+ struct berval nbv = BER_BVNULL;
+
+ if ( normalize_attribute && mra->ma_rule->smr_normalize ) {
+ /* see comment in filterentry.c */
+ if ( mra->ma_rule->smr_normalize(
+ SLAP_MR_VALUE_OF_ATTRIBUTE_SYNTAX,
+ mra->ma_rule->smr_syntax,
+ mra->ma_rule,
+ bv, &nbv, op->o_tmpmemctx ) != LDAP_SUCCESS )
+ {
+ /* FIXME: stop processing? */
+ continue;
+ }
+
+ } else {
+ nbv = *bv;
+ }
rc = value_match( &match, a->a_desc, mra->ma_rule, 0,
- bv, &assertedValue, &text );
- if( rc != LDAP_SUCCESS ) return rc;
+ &nbv, &assertedValue, &text );
+
+ if ( nbv.bv_val != bv->bv_val ) {
+ op->o_tmpfree( nbv.bv_val, op->o_tmpmemctx );
+ }
+
+ if ( rc != LDAP_SUCCESS ) return rc;
if ( match == 0 ) {
(*e_flags)[i][j] = 1;
projects / openldap / commitdiff