From 5c53e3ad727b4735e7b772aa123260c4a0fee967 Mon Sep 17 00:00:00 2001 From: Pierangelo Masarati Date: Mon, 14 Jul 2008 22:44:01 +0000 Subject: [PATCH] improve previous commit (ITS#5614) --- doc/man/man5/slapd-ldap.5 | 11 +++++++++++ doc/man/man5/slapd-meta.5 | 13 +++++++++++++ servers/slapd/back-ldap/search.c | 12 ++++++------ servers/slapd/back-meta/map.c | 3 ++- 4 files changed, 32 insertions(+), 7 deletions(-) diff --git a/doc/man/man5/slapd-ldap.5 b/doc/man/man5/slapd-ldap.5 index 4ce6d21795..ddadfb4935 100644 --- a/doc/man/man5/slapd-ldap.5 +++ b/doc/man/man5/slapd-ldap.5 @@ -391,6 +391,17 @@ If do not return search reference responses. By default, they are returned unless request is LDAPv2. +.TP +.B noundeffilter +If +.BR yes , +return success instead of searching if a filter is undefined or contains +undefined portions. +By default, the search is propagated after replacing undefined portions +with +.BR (!(objectClass=*)) , +which corresponds to the empty result set. + .TP .B protocol\-version {0,2,3} This directive indicates what protocol version must be used to contact diff --git a/doc/man/man5/slapd-meta.5 b/doc/man/man5/slapd-meta.5 index 897578c22f..e44dcd6bff 100644 --- a/doc/man/man5/slapd-meta.5 +++ b/doc/man/man5/slapd-meta.5 @@ -136,6 +136,19 @@ By default, they are returned unless request is LDAPv2. If set before any target specification, it affects all targets, unless overridden by any per-target directive. +.TP +.B noundeffilter +If +.BR yes , +return success instead of searching if a filter is undefined or contains +undefined portions. +By default, the search is propagated after replacing undefined portions +with +.BR (!(objectClass=*)) , +which corresponds to the empty result set. +If set before any target specification, it affects all targets, unless +overridden by any per-target directive. + .TP .B protocol\-version {0,2,3} This directive indicates what protocol version must be used to contact diff --git a/servers/slapd/back-ldap/search.c b/servers/slapd/back-ldap/search.c index 4167e99721..91f3508ae4 100644 --- a/servers/slapd/back-ldap/search.c +++ b/servers/slapd/back-ldap/search.c @@ -94,6 +94,12 @@ ldap_back_munge_filter( } else if ( strncmp( ptr, bv_undefined.bv_val, bv_undefined.bv_len ) == 0 ) { + /* if undef or invalid filter is not allowed, + * don't rewrite filter */ + if ( LDAP_BACK_NOUNDEFFILTER( li ) ) { + return -1; + } + oldbv = &bv_undefined; newbv = &bv_F; @@ -102,12 +108,6 @@ ldap_back_munge_filter( goto done; } - /* if undef or invalid filter is not allowed, - * don't rewrite filter */ - if ( LDAP_BACK_NOUNDEFFILTER( li ) ) { - return -1; - } - oldfilter = *filter; filter->bv_len += newbv->bv_len - oldbv->bv_len; if ( filter->bv_val == op->ors_filterstr.bv_val ) { diff --git a/servers/slapd/back-meta/map.c b/servers/slapd/back-meta/map.c index 018c57f795..962b4f05e5 100644 --- a/servers/slapd/back-meta/map.c +++ b/servers/slapd/back-meta/map.c @@ -530,14 +530,15 @@ ldap_back_int_filter_map_rewrite( case SLAPD_FILTER_COMPUTED: switch ( f->f_result ) { - case LDAP_COMPARE_FALSE: /* FIXME: treat UNDEFINED as FALSE */ case SLAPD_COMPARE_UNDEFINED: computed:; if ( META_BACK_TGT_NOUNDEFFILTER( dc->target ) ) { return LDAP_COMPARE_FALSE; } + /* fallthru */ + case LDAP_COMPARE_FALSE: if ( META_BACK_TGT_T_F( dc->target ) ) { tmp = &ber_bvtf_false; break; -- 2.39.5