VLV updates

author Kurt Zeilenga <kurt@openldap.org>

Mon, 3 Jun 2002 16:45:09 +0000 (16:45 +0000)

committer Kurt Zeilenga <kurt@openldap.org>

Mon, 3 Jun 2002 16:45:09 +0000 (16:45 +0000)
author Kurt Zeilenga <kurt@openldap.org>
Mon, 3 Jun 2002 16:45:09 +0000 (16:45 +0000)
committer Kurt Zeilenga <kurt@openldap.org>
Mon, 3 Jun 2002 16:45:09 +0000 (16:45 +0000)
diff --git a/servers/slapd/matchedValues.c b/servers/slapd/matchedValues.c

index ac953f111e33976a3ea062f1fa2ac1a34496e598..56bd29667b491b59dc3e40bd258be1e43a5266a5 100644 (file)
--- a/servers/slapd/matchedValues.c
+++ b/servers/slapd/matchedValues.c
@@ -23,7 +23,7 @@ static int test_mra_vrFilter(
         Backend         *be,
         Connection      *conn,
         Operation       *op,
-       Entry           *e,
+       Attribute       *a,
         MatchingRuleAssertion *mra,
         char            ***e_flags
  );
@@ -33,7 +33,7 @@ test_substrings_vrFilter(
         Backend         *be,
         Connection      *conn,
         Operation       *op,
-       Entry           *e,
+       Attribute       *a,
         ValuesReturnFilter *f,
         char            ***e_flags
  );
@@ -43,7 +43,7 @@ test_presence_vrFilter(
         Backend         *be,
         Connection      *conn,
         Operation       *op,
-       Entry           *e,
+       Attribute       *a,
         AttributeDescription *desc,
         char            ***e_flags
  );
@@ -53,7 +53,7 @@ test_ava_vrFilter(
         Backend         *be,
         Connection      *conn,
         Operation       *op,
-       Entry           *e,
+       Attribute       *a,
         AttributeAssertion *ava,
         int             type,
         char            ***e_flags
@@ -65,7 +65,7 @@ filter_matched_values(
         Backend         *be,
         Connection      *conn,
         Operation       *op,
-       Entry           *e,
+       Attribute       *a,
         char            ***e_flags
  )
  {
@@ -108,7 +108,7 @@ filter_matched_values(
  #else
                         Debug( LDAP_DEBUG_FILTER, "     EQUALITY\n", 0, 0, 0 );
  #endif
-                       rc = test_ava_vrFilter( be, conn, op, e, f->f_ava,
+                       rc = test_ava_vrFilter( be, conn, op, a, f->f_ava,
                                 LDAP_FILTER_EQUALITY, e_flags );
                         if( rc == -1 ) {
                                 return rc;
@@ -123,7 +123,7 @@ filter_matched_values(
                         Debug( LDAP_DEBUG_FILTER, "     SUBSTRINGS\n", 0, 0, 0 );
  #endif
  
-                       rc = test_substrings_vrFilter( be, conn, op, e,
+                       rc = test_substrings_vrFilter( be, conn, op, a,
                                 f, e_flags );
                         if( rc == -1 ) {
                                 return rc;
@@ -137,7 +137,7 @@ filter_matched_values(
  #else
                         Debug( LDAP_DEBUG_FILTER, "     PRESENT\n", 0, 0, 0 );
  #endif
-                       rc = test_presence_vrFilter( be, conn, op, e,
+                       rc = test_presence_vrFilter( be, conn, op, a,
                                 f->f_desc, e_flags );
                         if( rc == -1 ) {
                                 return rc;
@@ -145,7 +145,7 @@ filter_matched_values(
                         break;
  
                 case LDAP_FILTER_GE:
-                       rc = test_ava_vrFilter( be, conn, op, e, f->f_ava,
+                       rc = test_ava_vrFilter( be, conn, op, a, f->f_ava,
                                 LDAP_FILTER_GE, e_flags );
                         if( rc == -1 ) {
                                 return rc;
@@ -153,7 +153,7 @@ filter_matched_values(
                         break;
  
                 case LDAP_FILTER_LE:
-                       rc = test_ava_vrFilter( be, conn, op, e, f->f_ava,
+                       rc = test_ava_vrFilter( be, conn, op, a, f->f_ava,
                                 LDAP_FILTER_LE, e_flags );
                         if( rc == -1 ) {
                                 return rc;
@@ -167,7 +167,7 @@ filter_matched_values(
  #else
                         Debug( LDAP_DEBUG_FILTER, "     EXT\n", 0, 0, 0 );
  #endif
-                       rc = test_mra_vrFilter( be, conn, op, e,
+                       rc = test_mra_vrFilter( be, conn, op, a,
                                 f->f_mra, e_flags );
                         if( rc == -1 ) {
                                 return rc;
@@ -198,25 +198,18 @@ filter_matched_values(
  
  static int
  test_ava_vrFilter(
-               Backend         *be,
+       Backend         *be,
         Connection      *conn,
-               Operation       *op,
-               Entry           *e,
+       Operation       *op,
+       Attribute       *a,
         AttributeAssertion *ava,
-               int             type,
-               char            ***e_flags
+       int             type,
+       char            ***e_flags
  )
  {
         int             i, j;
-       Attribute       *a;
-
-       if ( !access_allowed( be, conn, op, e,
-               ava->aa_desc, &ava->aa_value, ACL_SEARCH, NULL ) )
-       {
-               return LDAP_INSUFFICIENT_ACCESS;
-       }
  
-       for (a = e->e_attrs, i=0; a != NULL; a = a->a_next, i++ ) {
+       for ( i=0; a != NULL; a = a->a_next, i++ ) {
  
                 MatchingRule *mr;
                 struct berval *bv;
@@ -287,22 +280,17 @@ test_ava_vrFilter(
  
  static int
  test_presence_vrFilter(
-               Backend         *be,
-               Connection      *conn,
-               Operation       *op,
-               Entry           *e,
-               AttributeDescription *desc,
-               char            ***e_flags
+       Backend         *be,
+       Connection      *conn,
+       Operation       *op,
+       Attribute       *a,
+       AttributeDescription *desc,
+       char            ***e_flags
  )
  {
         int i, j;
-       Attribute       *a;
  
-       if ( !access_allowed( be, conn, op, e, desc, NULL, ACL_SEARCH, NULL ) ) {
-               return LDAP_INSUFFICIENT_ACCESS;
-       }
-
-       for (a = e->e_attrs, i=0; a != NULL; a = a->a_next, i++ ) {
+       for ( i=0; a != NULL; a = a->a_next, i++ ) {
                 struct berval *bv;
  
                 if ( !is_ad_subtype( a->a_desc, desc ) ) {
@@ -318,24 +306,17 @@ test_presence_vrFilter(
  
  static int
  test_substrings_vrFilter(
-               Backend         *be,
-               Connection      *conn,
-               Operation       *op,
-               Entry           *e,
-               ValuesReturnFilter *f,
-               char            ***e_flags
+       Backend         *be,
+       Connection      *conn,
+       Operation       *op,
+       Attribute       *a,
+       ValuesReturnFilter *f,
+       char            ***e_flags
  )
  {
         int i, j;
-       Attribute       *a;
-
-       if ( !access_allowed( be, conn, op, e,
-               f->f_sub_desc, NULL, ACL_SEARCH, NULL ) )
-       {
-               return LDAP_INSUFFICIENT_ACCESS;
-       }
  
-       for (a = e->e_attrs, i=0; a != NULL; a = a->a_next, i++ ) {
+       for ( i=0; a != NULL; a = a->a_next, i++ ) {
                 MatchingRule *mr = a->a_desc->ad_type->sat_substr;
                 struct berval *bv;
  
@@ -373,21 +354,14 @@ static int test_mra_vrFilter(
         Backend         *be,
         Connection      *conn,
         Operation       *op,
-       Entry           *e,
+       Attribute       *a,
         MatchingRuleAssertion *mra,
         char            ***e_flags
  )
  {
         int i, j;
-       Attribute       *a;
-
-       if( !access_allowed( be, conn, op, e,
-               mra->ma_desc, &mra->ma_value, ACL_SEARCH, NULL ) )
-       {
-               return LDAP_INSUFFICIENT_ACCESS;
-       }
  
-       for (a = e->e_attrs, i=0; a != NULL; a = a->a_next, i++ ) {
+       for ( i=0; a != NULL; a = a->a_next, i++ ) {
                 struct berval *bv;
         
                 if ( !is_ad_subtype( a->a_desc, mra->ma_desc ) ) {
diff --git a/servers/slapd/proto-slap.h b/servers/slapd/proto-slap.h

index ec841a6df93f7face3e2bafba9a7c858075f58c7..92bd607b880b63b9d9bd812a3dd6045e48783623 100644 (file)
--- a/servers/slapd/proto-slap.h
+++ b/servers/slapd/proto-slap.h
@@ -526,7 +526,7 @@ LDAP_SLAPD_F (int) filter_matched_values(
         Backend         *be,
         Connection      *conn,
         Operation       *op,
-       Entry           *e,
+       Attribute       *a,
         char            ***e_flags );
  
  /*
diff --git a/servers/slapd/result.c b/servers/slapd/result.c

index 83906f6418c7538558df630128cc334b8479e640..140e4a6d6cb22625602992aad41171dcebc28fa5 100644 (file)
--- a/servers/slapd/result.c
+++ b/servers/slapd/result.c
@@ -744,9 +744,9 @@ send_search_entry(
                 e_flags[i] = a_flags; 
         }
  
-       if ( op->vrFilter != NULL ){
+       if ( op->vrFilter != NULL ){ 
  
-               rc = filter_matched_values(be, conn, op, e, &e_flags) ; 
+               rc = filter_matched_values(be, conn, op, e->e_attrs, &e_flags) ; 
             
                 if ( rc == -1 ) {
  #ifdef NEW_LOGGING
@@ -917,8 +917,51 @@ send_search_entry(
         /* eventually will loop through generated operational attributes */
         /* only have subschemaSubentry implemented */
         aa = backend_operational( be, conn, op, e, attrs, opattrs );
+
+       for ( a = aa, i=0; a != NULL; a = a->a_next ) i++;
+       e_flags = ch_malloc ( i * sizeof(a_flags) );
         
-       for (a = aa ; a != NULL; a = a->a_next ) {
+       for ( a = aa, i=0; a != NULL; a = a->a_next, i++ ) {
+               for ( j = 0; a->a_vals[j].bv_val != NULL; j++ );
+
+               a_flags = ch_calloc ( j, sizeof(char) );
+               /* If no ValuesReturnFilter control return everything */
+               if ( op->vrFilter == NULL ){
+                   memset(a_flags, 1, j);
+               }
+               e_flags[i] = a_flags; 
+       }
+
+       if ( op->vrFilter != NULL ){ 
+
+               rc = filter_matched_values(be, conn, op, aa, &e_flags) ; 
+           
+               if ( rc == -1 ) {
+#ifdef NEW_LOGGING
+                       LDAP_LOG(( "operation", LDAP_LEVEL_ERR,
+                               "send_search_entry: conn %lu "
+                               "matched values filtering failed\n",
+                               conn ? conn->c_connid : 0 ));
+#else
+               Debug( LDAP_DEBUG_ANY,
+                               "matched values filtering failed\n", 0, 0, 0 );
+#endif
+                       ber_free( ber, 1 );
+
+                       /* free e_flags */
+                       for ( a = aa, i=0; a != NULL; a = a->a_next, i++ ) {
+                               free( e_flags[i] );
+                       }
+                       free( e_flags );
+
+                       send_ldap_result( conn, op, LDAP_OTHER,
+                               NULL, "matched values filtering error", 
+                               NULL, NULL );
+                       goto error_return;
+               }
+       }
+
+       for (a = aa, j=0; a != NULL; a = a->a_next, j++ ) {
                 AttributeDescription *desc = a->a_desc;
  
                 if ( attrs == NULL ) {
@@ -974,6 +1017,12 @@ send_search_entry(
                         ber_free_buf( ber );
                         send_ldap_result( conn, op, LDAP_OTHER,
                             NULL, "encoding description error", NULL, NULL );
+                       /* free e_flags */
+                       for ( a = aa, i=0; a != NULL; a = a->a_next, i++ ) {
+                               free( e_flags[i] );
+                       }
+                       free( e_flags );
+
                         attrs_free( aa );
                         goto error_return;
                 }
@@ -1000,6 +1049,10 @@ send_search_entry(
                                         continue;
                                 }
  
+                               if ( e_flags[j][i] == 0 ){
+                                       continue;
+                               }
+
                                 if (( rc = ber_printf( ber, "O", &a->a_vals[i] )) == -1 ) {
  #ifdef NEW_LOGGING
                                         LDAP_LOG(( "operation", LDAP_LEVEL_ERR,
@@ -1016,6 +1069,12 @@ send_search_entry(
                                         send_ldap_result( conn, op, LDAP_OTHER,
                                                 NULL, "encoding values error", 
                                                 NULL, NULL );
+                                       /* free e_flags */
+                                       for ( a = aa, i=0; a != NULL; a = a->a_next, i++ ) {
+                                               free( e_flags[i] );
+                                       }
+                                       free( e_flags );
+
                                         attrs_free( aa );
                                         goto error_return;
                                 }
@@ -1035,13 +1094,24 @@ send_search_entry(
                         ber_free_buf( ber );
                         send_ldap_result( conn, op, LDAP_OTHER,
                             NULL, "encode end error", NULL, NULL );
+                       /* free e_flags */
+                       for ( a = aa, i=0; a != NULL; a = a->a_next, i++ ) {
+                               free( e_flags[i] );
+                       }
+                       free( e_flags );
+
                         attrs_free( aa );
                         goto error_return;
                 }
         }
  
-       attrs_free( aa );
+       /* free e_flags */
+       for ( a = aa, i=0; a != NULL; a = a->a_next, i++ ) {
+               free( e_flags[i] );
+       }
+       free( e_flags );
  
+       attrs_free( aa );
         rc = ber_printf( ber, /*{{{*/ "}N}N}" );
  
  #ifdef LDAP_CONNECTIONLESS
author	Kurt Zeilenga <kurt@openldap.org>
	Mon, 3 Jun 2002 16:45:09 +0000 (16:45 +0000)
committer	Kurt Zeilenga <kurt@openldap.org>
	Mon, 3 Jun 2002 16:45:09 +0000 (16:45 +0000)
servers/slapd/matchedValues.c		patch \| blob \| history
servers/slapd/proto-slap.h		patch \| blob \| history
servers/slapd/result.c		patch \| blob \| history