From: Kurt Zeilenga Date: Mon, 3 Jun 2002 16:45:09 +0000 (+0000) Subject: VLV updates X-Git-Tag: OPENLDAP_REL_ENG_2_MP~26 X-Git-Url: https://git.sur5r.net/?a=commitdiff_plain;h=5c5b5455fba4058c39375024f3db520e565ce98c;p=openldap VLV updates --- diff --git a/servers/slapd/matchedValues.c b/servers/slapd/matchedValues.c index ac953f111e..56bd29667b 100644 --- a/servers/slapd/matchedValues.c +++ b/servers/slapd/matchedValues.c @@ -23,7 +23,7 @@ static int test_mra_vrFilter( Backend *be, Connection *conn, Operation *op, - Entry *e, + Attribute *a, MatchingRuleAssertion *mra, char ***e_flags ); @@ -33,7 +33,7 @@ test_substrings_vrFilter( Backend *be, Connection *conn, Operation *op, - Entry *e, + Attribute *a, ValuesReturnFilter *f, char ***e_flags ); @@ -43,7 +43,7 @@ test_presence_vrFilter( Backend *be, Connection *conn, Operation *op, - Entry *e, + Attribute *a, AttributeDescription *desc, char ***e_flags ); @@ -53,7 +53,7 @@ test_ava_vrFilter( Backend *be, Connection *conn, Operation *op, - Entry *e, + Attribute *a, AttributeAssertion *ava, int type, char ***e_flags @@ -65,7 +65,7 @@ filter_matched_values( Backend *be, Connection *conn, Operation *op, - Entry *e, + Attribute *a, char ***e_flags ) { @@ -108,7 +108,7 @@ filter_matched_values( #else Debug( LDAP_DEBUG_FILTER, " EQUALITY\n", 0, 0, 0 ); #endif - rc = test_ava_vrFilter( be, conn, op, e, f->f_ava, + rc = test_ava_vrFilter( be, conn, op, a, f->f_ava, LDAP_FILTER_EQUALITY, e_flags ); if( rc == -1 ) { return rc; @@ -123,7 +123,7 @@ filter_matched_values( Debug( LDAP_DEBUG_FILTER, " SUBSTRINGS\n", 0, 0, 0 ); #endif - rc = test_substrings_vrFilter( be, conn, op, e, + rc = test_substrings_vrFilter( be, conn, op, a, f, e_flags ); if( rc == -1 ) { return rc; @@ -137,7 +137,7 @@ filter_matched_values( #else Debug( LDAP_DEBUG_FILTER, " PRESENT\n", 0, 0, 0 ); #endif - rc = test_presence_vrFilter( be, conn, op, e, + rc = test_presence_vrFilter( be, conn, op, a, f->f_desc, e_flags ); if( rc == -1 ) { return rc; @@ -145,7 +145,7 @@ filter_matched_values( break; case LDAP_FILTER_GE: - rc = test_ava_vrFilter( be, conn, op, e, f->f_ava, + rc = test_ava_vrFilter( be, conn, op, a, f->f_ava, LDAP_FILTER_GE, e_flags ); if( rc == -1 ) { return rc; @@ -153,7 +153,7 @@ filter_matched_values( break; case LDAP_FILTER_LE: - rc = test_ava_vrFilter( be, conn, op, e, f->f_ava, + rc = test_ava_vrFilter( be, conn, op, a, f->f_ava, LDAP_FILTER_LE, e_flags ); if( rc == -1 ) { return rc; @@ -167,7 +167,7 @@ filter_matched_values( #else Debug( LDAP_DEBUG_FILTER, " EXT\n", 0, 0, 0 ); #endif - rc = test_mra_vrFilter( be, conn, op, e, + rc = test_mra_vrFilter( be, conn, op, a, f->f_mra, e_flags ); if( rc == -1 ) { return rc; @@ -198,25 +198,18 @@ filter_matched_values( static int test_ava_vrFilter( - Backend *be, + Backend *be, Connection *conn, - Operation *op, - Entry *e, + Operation *op, + Attribute *a, AttributeAssertion *ava, - int type, - char ***e_flags + int type, + char ***e_flags ) { int i, j; - Attribute *a; - - if ( !access_allowed( be, conn, op, e, - ava->aa_desc, &ava->aa_value, ACL_SEARCH, NULL ) ) - { - return LDAP_INSUFFICIENT_ACCESS; - } - for (a = e->e_attrs, i=0; a != NULL; a = a->a_next, i++ ) { + for ( i=0; a != NULL; a = a->a_next, i++ ) { MatchingRule *mr; struct berval *bv; @@ -287,22 +280,17 @@ test_ava_vrFilter( static int test_presence_vrFilter( - Backend *be, - Connection *conn, - Operation *op, - Entry *e, - AttributeDescription *desc, - char ***e_flags + Backend *be, + Connection *conn, + Operation *op, + Attribute *a, + AttributeDescription *desc, + char ***e_flags ) { int i, j; - Attribute *a; - if ( !access_allowed( be, conn, op, e, desc, NULL, ACL_SEARCH, NULL ) ) { - return LDAP_INSUFFICIENT_ACCESS; - } - - for (a = e->e_attrs, i=0; a != NULL; a = a->a_next, i++ ) { + for ( i=0; a != NULL; a = a->a_next, i++ ) { struct berval *bv; if ( !is_ad_subtype( a->a_desc, desc ) ) { @@ -318,24 +306,17 @@ test_presence_vrFilter( static int test_substrings_vrFilter( - Backend *be, - Connection *conn, - Operation *op, - Entry *e, - ValuesReturnFilter *f, - char ***e_flags + Backend *be, + Connection *conn, + Operation *op, + Attribute *a, + ValuesReturnFilter *f, + char ***e_flags ) { int i, j; - Attribute *a; - - if ( !access_allowed( be, conn, op, e, - f->f_sub_desc, NULL, ACL_SEARCH, NULL ) ) - { - return LDAP_INSUFFICIENT_ACCESS; - } - for (a = e->e_attrs, i=0; a != NULL; a = a->a_next, i++ ) { + for ( i=0; a != NULL; a = a->a_next, i++ ) { MatchingRule *mr = a->a_desc->ad_type->sat_substr; struct berval *bv; @@ -373,21 +354,14 @@ static int test_mra_vrFilter( Backend *be, Connection *conn, Operation *op, - Entry *e, + Attribute *a, MatchingRuleAssertion *mra, char ***e_flags ) { int i, j; - Attribute *a; - - if( !access_allowed( be, conn, op, e, - mra->ma_desc, &mra->ma_value, ACL_SEARCH, NULL ) ) - { - return LDAP_INSUFFICIENT_ACCESS; - } - for (a = e->e_attrs, i=0; a != NULL; a = a->a_next, i++ ) { + for ( i=0; a != NULL; a = a->a_next, i++ ) { struct berval *bv; if ( !is_ad_subtype( a->a_desc, mra->ma_desc ) ) { diff --git a/servers/slapd/proto-slap.h b/servers/slapd/proto-slap.h index ec841a6df9..92bd607b88 100644 --- a/servers/slapd/proto-slap.h +++ b/servers/slapd/proto-slap.h @@ -526,7 +526,7 @@ LDAP_SLAPD_F (int) filter_matched_values( Backend *be, Connection *conn, Operation *op, - Entry *e, + Attribute *a, char ***e_flags ); /* diff --git a/servers/slapd/result.c b/servers/slapd/result.c index 83906f6418..140e4a6d6c 100644 --- a/servers/slapd/result.c +++ b/servers/slapd/result.c @@ -744,9 +744,9 @@ send_search_entry( e_flags[i] = a_flags; } - if ( op->vrFilter != NULL ){ + if ( op->vrFilter != NULL ){ - rc = filter_matched_values(be, conn, op, e, &e_flags) ; + rc = filter_matched_values(be, conn, op, e->e_attrs, &e_flags) ; if ( rc == -1 ) { #ifdef NEW_LOGGING @@ -917,8 +917,51 @@ send_search_entry( /* eventually will loop through generated operational attributes */ /* only have subschemaSubentry implemented */ aa = backend_operational( be, conn, op, e, attrs, opattrs ); + + for ( a = aa, i=0; a != NULL; a = a->a_next ) i++; + e_flags = ch_malloc ( i * sizeof(a_flags) ); - for (a = aa ; a != NULL; a = a->a_next ) { + for ( a = aa, i=0; a != NULL; a = a->a_next, i++ ) { + for ( j = 0; a->a_vals[j].bv_val != NULL; j++ ); + + a_flags = ch_calloc ( j, sizeof(char) ); + /* If no ValuesReturnFilter control return everything */ + if ( op->vrFilter == NULL ){ + memset(a_flags, 1, j); + } + e_flags[i] = a_flags; + } + + if ( op->vrFilter != NULL ){ + + rc = filter_matched_values(be, conn, op, aa, &e_flags) ; + + if ( rc == -1 ) { +#ifdef NEW_LOGGING + LDAP_LOG(( "operation", LDAP_LEVEL_ERR, + "send_search_entry: conn %lu " + "matched values filtering failed\n", + conn ? conn->c_connid : 0 )); +#else + Debug( LDAP_DEBUG_ANY, + "matched values filtering failed\n", 0, 0, 0 ); +#endif + ber_free( ber, 1 ); + + /* free e_flags */ + for ( a = aa, i=0; a != NULL; a = a->a_next, i++ ) { + free( e_flags[i] ); + } + free( e_flags ); + + send_ldap_result( conn, op, LDAP_OTHER, + NULL, "matched values filtering error", + NULL, NULL ); + goto error_return; + } + } + + for (a = aa, j=0; a != NULL; a = a->a_next, j++ ) { AttributeDescription *desc = a->a_desc; if ( attrs == NULL ) { @@ -974,6 +1017,12 @@ send_search_entry( ber_free_buf( ber ); send_ldap_result( conn, op, LDAP_OTHER, NULL, "encoding description error", NULL, NULL ); + /* free e_flags */ + for ( a = aa, i=0; a != NULL; a = a->a_next, i++ ) { + free( e_flags[i] ); + } + free( e_flags ); + attrs_free( aa ); goto error_return; } @@ -1000,6 +1049,10 @@ send_search_entry( continue; } + if ( e_flags[j][i] == 0 ){ + continue; + } + if (( rc = ber_printf( ber, "O", &a->a_vals[i] )) == -1 ) { #ifdef NEW_LOGGING LDAP_LOG(( "operation", LDAP_LEVEL_ERR, @@ -1016,6 +1069,12 @@ send_search_entry( send_ldap_result( conn, op, LDAP_OTHER, NULL, "encoding values error", NULL, NULL ); + /* free e_flags */ + for ( a = aa, i=0; a != NULL; a = a->a_next, i++ ) { + free( e_flags[i] ); + } + free( e_flags ); + attrs_free( aa ); goto error_return; } @@ -1035,13 +1094,24 @@ send_search_entry( ber_free_buf( ber ); send_ldap_result( conn, op, LDAP_OTHER, NULL, "encode end error", NULL, NULL ); + /* free e_flags */ + for ( a = aa, i=0; a != NULL; a = a->a_next, i++ ) { + free( e_flags[i] ); + } + free( e_flags ); + attrs_free( aa ); goto error_return; } } - attrs_free( aa ); + /* free e_flags */ + for ( a = aa, i=0; a != NULL; a = a->a_next, i++ ) { + free( e_flags[i] ); + } + free( e_flags ); + attrs_free( aa ); rc = ber_printf( ber, /*{{{*/ "}N}N}" ); #ifdef LDAP_CONNECTIONLESS