diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-07 16:35:32 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-07 16:35:32 +0000 |
commit | 5ea77a75dd2d2158401331879f3c8f47940a732c (patch) | |
tree | d89dc06e9f4850a900f161e25f84e922c4f86cc8 /servers/slapd/matchedValues.c | |
parent | Initial commit. (diff) | |
download | openldap-5ea77a75dd2d2158401331879f3c8f47940a732c.tar.xz openldap-5ea77a75dd2d2158401331879f3c8f47940a732c.zip |
Adding upstream version 2.5.13+dfsg.upstream/2.5.13+dfsgupstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'servers/slapd/matchedValues.c')
-rw-r--r-- | servers/slapd/matchedValues.c | 348 |
1 files changed, 348 insertions, 0 deletions
diff --git a/servers/slapd/matchedValues.c b/servers/slapd/matchedValues.c new file mode 100644 index 0000000..574e085 --- /dev/null +++ b/servers/slapd/matchedValues.c @@ -0,0 +1,348 @@ +/* $OpenLDAP$ */ +/* This work is part of OpenLDAP Software <http://www.openldap.org/>. + * + * Copyright 1999-2022 The OpenLDAP Foundation. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted only as authorized by the OpenLDAP + * Public License. + * + * A copy of this license is available in the file LICENSE in the + * top-level directory of the distribution or, alternatively, at + * <http://www.OpenLDAP.org/license.html>. + */ + +#include "portable.h" + +#include <stdio.h> + +#include <ac/string.h> +#include <ac/socket.h> + +#include "slap.h" + +static int +test_mra_vrFilter( + Operation *op, + Attribute *a, + MatchingRuleAssertion *mra, + char ***e_flags +); + +static int +test_substrings_vrFilter( + Operation *op, + Attribute *a, + ValuesReturnFilter *f, + char ***e_flags +); + +static int +test_presence_vrFilter( + Operation *op, + Attribute *a, + AttributeDescription *desc, + char ***e_flags +); + +static int +test_ava_vrFilter( + Operation *op, + Attribute *a, + AttributeAssertion *ava, + int type, + char ***e_flags +); + + +int +filter_matched_values( + Operation *op, + Attribute *a, + char ***e_flags ) +{ + ValuesReturnFilter *vrf; + int rc = LDAP_SUCCESS; + + Debug( LDAP_DEBUG_FILTER, "=> filter_matched_values\n" ); + + for ( vrf = op->o_vrFilter; vrf != NULL; vrf = vrf->vrf_next ) { + switch ( vrf->vrf_choice ) { + case SLAPD_FILTER_COMPUTED: + Debug( LDAP_DEBUG_FILTER, " COMPUTED %s (%d)\n", + vrf->vrf_result == LDAP_COMPARE_FALSE ? "false" + : vrf->vrf_result == LDAP_COMPARE_TRUE ? "true" + : vrf->vrf_result == SLAPD_COMPARE_UNDEFINED ? "undefined" + : "error", + vrf->vrf_result ); + /*This type of filter does not affect the result */ + rc = LDAP_SUCCESS; + break; + + case LDAP_FILTER_EQUALITY: + Debug( LDAP_DEBUG_FILTER, " EQUALITY\n" ); + rc = test_ava_vrFilter( op, a, vrf->vrf_ava, + LDAP_FILTER_EQUALITY, e_flags ); + if( rc == -1 ) return rc; + break; + + case LDAP_FILTER_SUBSTRINGS: + Debug( LDAP_DEBUG_FILTER, " SUBSTRINGS\n" ); + rc = test_substrings_vrFilter( op, a, + vrf, e_flags ); + if( rc == -1 ) return rc; + break; + + case LDAP_FILTER_PRESENT: + Debug( LDAP_DEBUG_FILTER, " PRESENT\n" ); + rc = test_presence_vrFilter( op, a, + vrf->vrf_desc, e_flags ); + if( rc == -1 ) return rc; + break; + + case LDAP_FILTER_GE: + rc = test_ava_vrFilter( op, a, vrf->vrf_ava, + LDAP_FILTER_GE, e_flags ); + if( rc == -1 ) return rc; + break; + + case LDAP_FILTER_LE: + rc = test_ava_vrFilter( op, a, vrf->vrf_ava, + LDAP_FILTER_LE, e_flags ); + if( rc == -1 ) return rc; + break; + + case LDAP_FILTER_EXT: + Debug( LDAP_DEBUG_FILTER, " EXT\n" ); + rc = test_mra_vrFilter( op, a, + vrf->vrf_mra, e_flags ); + if( rc == -1 ) return rc; + break; + + default: + Debug( LDAP_DEBUG_ANY, " unknown filter type %lu\n", + vrf->vrf_choice ); + rc = LDAP_PROTOCOL_ERROR; + } + } + + Debug( LDAP_DEBUG_FILTER, "<= filter_matched_values %d\n", rc ); + return( rc ); +} + +static int +test_ava_vrFilter( + Operation *op, + Attribute *a, + AttributeAssertion *ava, + int type, + char ***e_flags ) +{ + int i, j; + + for ( i=0; a != NULL; a = a->a_next, i++ ) { + MatchingRule *mr; + struct berval *bv; + + if ( !is_ad_subtype( a->a_desc, ava->aa_desc ) ) { + continue; + } + + switch ( type ) { + case LDAP_FILTER_APPROX: + mr = a->a_desc->ad_type->sat_approx; + if( mr != NULL ) break; + /* use EQUALITY matching rule if no APPROX rule */ + + case LDAP_FILTER_EQUALITY: + mr = a->a_desc->ad_type->sat_equality; + break; + + case LDAP_FILTER_GE: + case LDAP_FILTER_LE: + mr = a->a_desc->ad_type->sat_ordering; + break; + + default: + mr = NULL; + } + + if( mr == NULL ) continue; + + bv = a->a_nvals; + for ( j=0; !BER_BVISNULL( bv ); bv++, j++ ) { + int rc, match; + const char *text; + + rc = value_match( &match, a->a_desc, mr, 0, + bv, &ava->aa_value, &text ); + if( rc != LDAP_SUCCESS ) return rc; + + switch ( type ) { + case LDAP_FILTER_EQUALITY: + case LDAP_FILTER_APPROX: + if ( match == 0 ) { + (*e_flags)[i][j] = 1; + } + break; + + case LDAP_FILTER_GE: + if ( match >= 0 ) { + (*e_flags)[i][j] = 1; + } + break; + + case LDAP_FILTER_LE: + if ( match <= 0 ) { + (*e_flags)[i][j] = 1; + } + break; + } + } + } + return LDAP_SUCCESS; +} + +static int +test_presence_vrFilter( + Operation *op, + Attribute *a, + AttributeDescription *desc, + char ***e_flags ) +{ + int i, j; + + for ( i=0; a != NULL; a = a->a_next, i++ ) { + struct berval *bv; + + if ( !is_ad_subtype( a->a_desc, desc ) ) continue; + + for ( bv = a->a_vals, j = 0; !BER_BVISNULL( bv ); bv++, j++ ); + memset( (*e_flags)[i], 1, j); + } + + return( LDAP_SUCCESS ); +} + +static int +test_substrings_vrFilter( + Operation *op, + Attribute *a, + ValuesReturnFilter *vrf, + char ***e_flags ) +{ + int i, j; + + for ( i=0; a != NULL; a = a->a_next, i++ ) { + MatchingRule *mr = a->a_desc->ad_type->sat_substr; + struct berval *bv; + + if ( !is_ad_subtype( a->a_desc, vrf->vrf_sub_desc ) ) { + continue; + } + + if( mr == NULL ) continue; + + bv = a->a_nvals; + for ( j = 0; !BER_BVISNULL( bv ); bv++, j++ ) { + int rc, match; + const char *text; + + rc = value_match( &match, a->a_desc, mr, 0, + bv, vrf->vrf_sub, &text ); + + if( rc != LDAP_SUCCESS ) return rc; + + if ( match == 0 ) { + (*e_flags)[i][j] = 1; + } + } + } + + return LDAP_SUCCESS; +} + +static int +test_mra_vrFilter( + Operation *op, + Attribute *a, + MatchingRuleAssertion *mra, + char ***e_flags ) +{ + int i, j; + + for ( i = 0; a != NULL; a = a->a_next, i++ ) { + struct berval *bv, assertedValue; + int normalize_attribute = 0; + + if ( mra->ma_desc ) { + if ( !is_ad_subtype( a->a_desc, mra->ma_desc ) ) { + continue; + } + assertedValue = mra->ma_value; + + } else { + int rc; + const char *text = NULL; + + /* check if matching is appropriate */ + if ( !mr_usable_with_at( mra->ma_rule, a->a_desc->ad_type ) ) { + continue; + } + + rc = asserted_value_validate_normalize( a->a_desc, mra->ma_rule, + SLAP_MR_EXT|SLAP_MR_VALUE_OF_ASSERTION_SYNTAX, + &mra->ma_value, &assertedValue, &text, op->o_tmpmemctx ); + + if ( rc != LDAP_SUCCESS ) continue; + } + + /* check match */ + if ( mra->ma_rule == a->a_desc->ad_type->sat_equality ) { + bv = a->a_nvals; + + } else { + bv = a->a_vals; + normalize_attribute = 1; + } + + for ( j = 0; !BER_BVISNULL( bv ); bv++, j++ ) { + int rc, match; + const char *text; + struct berval nbv = BER_BVNULL; + + if ( normalize_attribute && mra->ma_rule->smr_normalize ) { + /* see comment in filterentry.c */ + if ( mra->ma_rule->smr_normalize( + SLAP_MR_VALUE_OF_ATTRIBUTE_SYNTAX, + mra->ma_rule->smr_syntax, + mra->ma_rule, + bv, &nbv, op->o_tmpmemctx ) != LDAP_SUCCESS ) + { + /* FIXME: stop processing? */ + continue; + } + + } else { + nbv = *bv; + } + + rc = value_match( &match, a->a_desc, mra->ma_rule, 0, + &nbv, &assertedValue, &text ); + + if ( nbv.bv_val != bv->bv_val ) { + op->o_tmpfree( nbv.bv_val, op->o_tmpmemctx ); + } + + if ( rc != LDAP_SUCCESS ) return rc; + + if ( match == 0 ) { + (*e_flags)[i][j] = 1; + } + } + } + + return LDAP_SUCCESS; +} + |