From faba0c3198a9572e11e268c8f27ff527aeb4e1d1 Mon Sep 17 00:00:00 2001
From: Pierangelo Masarati <ando@openldap.org>
Date: Wed, 10 Mar 2004 22:05:39 +0000
Subject: [PATCH] sync with HEAD (ITS#2977): do not return no such object if
 filter cannot be interpreted

---
 CHANGES                          |  1 +
 servers/slapd/back-ldap/map.c    | 82 ++++++++++++++++----------------
 servers/slapd/back-meta/search.c | 22 ++++++++-
 3 files changed, 61 insertions(+), 44 deletions(-)

diff --git a/CHANGES b/CHANGES
index ef2a104ed6..e70926bcb0 100644
--- a/CHANGES
+++ b/CHANGES
@@ -7,6 +7,7 @@ OpenLDAP 2.2.7 Engineering
 	Fixed (undocumented) AD canonical DN (ITS#3000)
 	Fixed undefined attribute name request in back-sql search (ITS#3005)
 	Added ACL set logging (ITS#2949)
+	Fixed erroneous illegal filter handling (ITS#2977)
 	Documentation
 		Fixed ldapmodrdn(1) manpage (ITS#3003)
 
diff --git a/servers/slapd/back-ldap/map.c b/servers/slapd/back-ldap/map.c
index de55fcf705..3f38ce6b4b 100644
--- a/servers/slapd/back-ldap/map.c
+++ b/servers/slapd/back-ldap/map.c
@@ -172,7 +172,7 @@ map_attr_value(
 	}
 
 	if ( value == NULL ) {
-		return 0;
+		return LDAP_SUCCESS;
 	}
 
 	if ( ad->ad_type->sat_syntax == slap_schema.si_syn_distinguishedName )
@@ -191,10 +191,8 @@ map_attr_value(
 			break;
 		
 		case LDAP_UNWILLING_TO_PERFORM:
-			return -1;
-
 		case LDAP_OTHER:
-			return -1;
+			return LDAP_OTHER;
 		}
 
 	} else if ( ad == slap_schema.si_ad_objectClass || ad == slap_schema.si_ad_structuralObjectClass ) {
@@ -213,7 +211,7 @@ map_attr_value(
 		ber_memfree( vtmp.bv_val );
 	}
 	
-	return 0;
+	return LDAP_SUCCESS;
 }
 
 int
@@ -223,23 +221,23 @@ ldap_back_filter_map_rewrite(
 		struct berval		*fstr,
 		int			remap )
 {
-	int		i;
+	int		i, rc;
 	Filter		*p;
 	struct berval	atmp;
 	struct berval	vtmp;
 	ber_len_t	len;
 
 	if ( f == NULL ) {
-		ber_str2bv( "No filter!", sizeof("No filter!")-1, 1, fstr );
-		return -1;
+		ber_str2bv( "(?=error)", sizeof("(?=error)")-1, 1, fstr );
+		return LDAP_OTHER;
 	}
 
 	switch ( f->f_choice ) {
 	case LDAP_FILTER_EQUALITY:
-		if ( map_attr_value( dc, f->f_av_desc, &atmp,
-					&f->f_av_value, &vtmp, remap ) )
-		{
-			return -1;
+		rc = map_attr_value( dc, f->f_av_desc, &atmp,
+					&f->f_av_value, &vtmp, remap );
+		if ( rc ) {
+			return rc;
 		}
 
 		fstr->bv_len = atmp.bv_len + vtmp.bv_len
@@ -253,10 +251,10 @@ ldap_back_filter_map_rewrite(
 		break;
 
 	case LDAP_FILTER_GE:
-		if ( map_attr_value( dc, f->f_av_desc, &atmp,
-					&f->f_av_value, &vtmp, remap ) )
-		{
-			return -1;
+		rc = map_attr_value( dc, f->f_av_desc, &atmp,
+					&f->f_av_value, &vtmp, remap );
+		if ( rc ) {
+			return rc;
 		}
 
 		fstr->bv_len = atmp.bv_len + vtmp.bv_len
@@ -270,10 +268,10 @@ ldap_back_filter_map_rewrite(
 		break;
 
 	case LDAP_FILTER_LE:
-		if ( map_attr_value( dc, f->f_av_desc, &atmp,
-					&f->f_av_value, &vtmp, remap ) )
-		{
-			return -1;
+		rc = map_attr_value( dc, f->f_av_desc, &atmp,
+					&f->f_av_value, &vtmp, remap );
+		if ( rc ) {
+			return rc;
 		}
 
 		fstr->bv_len = atmp.bv_len + vtmp.bv_len
@@ -287,10 +285,10 @@ ldap_back_filter_map_rewrite(
 		break;
 
 	case LDAP_FILTER_APPROX:
-		if ( map_attr_value( dc, f->f_av_desc, &atmp,
-					&f->f_av_value, &vtmp, remap ) )
-		{
-			return -1;
+		rc = map_attr_value( dc, f->f_av_desc, &atmp,
+					&f->f_av_value, &vtmp, remap );
+		if ( rc ) {
+			return rc;
 		}
 
 		fstr->bv_len = atmp.bv_len + vtmp.bv_len
@@ -304,10 +302,10 @@ ldap_back_filter_map_rewrite(
 		break;
 
 	case LDAP_FILTER_SUBSTRINGS:
-		if ( map_attr_value( dc, f->f_sub_desc, &atmp,
-					NULL, NULL, remap ) )
-		{
-			return -1;
+		rc = map_attr_value( dc, f->f_sub_desc, &atmp,
+					NULL, NULL, remap );
+		if ( rc ) {
+			return rc;
 		}
 
 		/* cannot be a DN ... */
@@ -366,10 +364,10 @@ ldap_back_filter_map_rewrite(
 		break;
 
 	case LDAP_FILTER_PRESENT:
-		if ( map_attr_value( dc, f->f_desc, &atmp,
-					NULL, NULL, remap ) )
-		{
-			return -1;
+		rc = map_attr_value( dc, f->f_desc, &atmp,
+					NULL, NULL, remap );
+		if ( rc ) {
+			return rc;
 		}
 
 		fstr->bv_len = atmp.bv_len + ( sizeof("(=*)") - 1 );
@@ -392,9 +390,9 @@ ldap_back_filter_map_rewrite(
 		for ( p = f->f_list; p != NULL; p = p->f_next ) {
 			len = fstr->bv_len;
 
-			if ( ldap_back_filter_map_rewrite( dc, p, &vtmp, remap ) )
-			{
-				return -1;
+			rc = ldap_back_filter_map_rewrite( dc, p, &vtmp, remap );
+			if ( rc != LDAP_SUCCESS ) {
+				return rc;
 			}
 			
 			fstr->bv_len += vtmp.bv_len;
@@ -410,10 +408,10 @@ ldap_back_filter_map_rewrite(
 
 	case LDAP_FILTER_EXT: {
 		if ( f->f_mr_desc ) {
-			if ( map_attr_value( dc, f->f_mr_desc, &atmp,
-						&f->f_mr_value, &vtmp, remap ) )
-			{
-				return -1;
+			rc = map_attr_value( dc, f->f_mr_desc, &atmp,
+						&f->f_mr_value, &vtmp, remap );
+			if ( rc ) {
+				return rc;
 			}
 
 		} else {
@@ -450,14 +448,14 @@ ldap_back_filter_map_rewrite(
 			f->f_result == SLAPD_COMPARE_UNDEFINED ? sizeof("(?=undefined)")-1 :
 			sizeof("(?=error)")-1,
 			1, fstr );
-		break;
+		return LDAP_COMPARE_FALSE;
 
 	default:
 		ber_str2bv( "(?=unknown)", sizeof("(?=unknown)")-1, 1, fstr );
-		break;
+		return LDAP_COMPARE_FALSE;
 	}
 
-	return 0;
+	return LDAP_SUCCESS;
 }
 
 /*
diff --git a/servers/slapd/back-meta/search.c b/servers/slapd/back-meta/search.c
index 40f1b03dbe..8f38adaf4a 100644
--- a/servers/slapd/back-meta/search.c
+++ b/servers/slapd/back-meta/search.c
@@ -59,7 +59,7 @@ meta_back_search( Operation *op, SlapReply *rs )
 	struct metasingleconn *lsc;
 	struct timeval	tv = { 0, 0 };
 	LDAPMessage	*res, *e;
-	int	rc = 0, *msgid, sres = LDAP_NO_SUCH_OBJECT;
+	int	rc = 0, *msgid, sres = LDAP_SUCCESS;
 	char *err = NULL;
 	struct berval match = { 0, NULL }, mmatch = { 0, NULL };
 	BerVarray v2refs = NULL;
@@ -70,6 +70,9 @@ meta_back_search( Operation *op, SlapReply *rs )
 	int isroot = 0;
 	dncookie dc;
 
+	int	is_scope = 0,
+		is_filter = 0;
+
 	/*
 	 * controls are set in ldap_back_dobind()
 	 * 
@@ -198,6 +201,8 @@ meta_back_search( Operation *op, SlapReply *rs )
 				if ( dnIsSuffix( &li->targets[ i ]->suffix,
 						&op->o_req_ndn ) ) {
 					realbase = li->targets[ i ]->suffix;
+					is_scope++;
+
 				} else {
 					/*
 					 * this target is no longer candidate
@@ -218,6 +223,7 @@ meta_back_search( Operation *op, SlapReply *rs )
 					 */
 					realbase = li->targets[ i ]->suffix;
 					realscope = LDAP_SCOPE_BASE;
+					is_scope++;
 					break;
 				} /* else continue with the next case */
 
@@ -268,7 +274,15 @@ meta_back_search( Operation *op, SlapReply *rs )
 		rc = ldap_back_filter_map_rewrite( &dc,
 				op->oq_search.rs_filter,
 				&mfilter, BACKLDAP_MAP );
-		if ( rc != 0 ) {
+		switch ( rc ) {
+		case LDAP_SUCCESS:
+			is_filter++;
+			break;
+
+		case LDAP_COMPARE_FALSE:
+			rc = 0;
+
+		default:
 			/*
 			 * this target is no longer candidate
 			 */
@@ -529,6 +543,10 @@ new_candidate:;
 	 * FIXME: we should handle error codes and return the more 
 	 * important/reasonable
 	 */
+	if ( is_scope == 0 ) {
+		sres = LDAP_NO_SUCH_OBJECT;
+	}
+
 	if ( sres == LDAP_SUCCESS && v2refs ) {
 		sres = LDAP_REFERRAL;
 	}
-- 
2.39.2