/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software .
*
* Copyright 1999-2021 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted only as authorized by the OpenLDAP
* Public License.
*
* A copy of this license is available in the file LICENSE in the
* top-level directory of the distribution or, alternatively, at
* .
*/
#include "portable.h"
#include
#include
#include
#include "slap.h"
static int
test_mra_vrFilter(
Operation *op,
Attribute *a,
MatchingRuleAssertion *mra,
char ***e_flags
);
static int
test_substrings_vrFilter(
Operation *op,
Attribute *a,
ValuesReturnFilter *f,
char ***e_flags
);
static int
test_presence_vrFilter(
Operation *op,
Attribute *a,
AttributeDescription *desc,
char ***e_flags
);
static int
test_ava_vrFilter(
Operation *op,
Attribute *a,
AttributeAssertion *ava,
int type,
char ***e_flags
);
int
filter_matched_values(
Operation *op,
Attribute *a,
char ***e_flags )
{
ValuesReturnFilter *vrf;
int rc = LDAP_SUCCESS;
Debug( LDAP_DEBUG_FILTER, "=> filter_matched_values\n" );
for ( vrf = op->o_vrFilter; vrf != NULL; vrf = vrf->vrf_next ) {
switch ( vrf->vrf_choice ) {
case SLAPD_FILTER_COMPUTED:
Debug( LDAP_DEBUG_FILTER, " COMPUTED %s (%d)\n",
vrf->vrf_result == LDAP_COMPARE_FALSE ? "false"
: vrf->vrf_result == LDAP_COMPARE_TRUE ? "true"
: vrf->vrf_result == SLAPD_COMPARE_UNDEFINED ? "undefined"
: "error",
vrf->vrf_result );
/*This type of filter does not affect the result */
rc = LDAP_SUCCESS;
break;
case LDAP_FILTER_EQUALITY:
Debug( LDAP_DEBUG_FILTER, " EQUALITY\n" );
rc = test_ava_vrFilter( op, a, vrf->vrf_ava,
LDAP_FILTER_EQUALITY, e_flags );
if( rc == -1 ) return rc;
break;
case LDAP_FILTER_SUBSTRINGS:
Debug( LDAP_DEBUG_FILTER, " SUBSTRINGS\n" );
rc = test_substrings_vrFilter( op, a,
vrf, e_flags );
if( rc == -1 ) return rc;
break;
case LDAP_FILTER_PRESENT:
Debug( LDAP_DEBUG_FILTER, " PRESENT\n" );
rc = test_presence_vrFilter( op, a,
vrf->vrf_desc, e_flags );
if( rc == -1 ) return rc;
break;
case LDAP_FILTER_GE:
rc = test_ava_vrFilter( op, a, vrf->vrf_ava,
LDAP_FILTER_GE, e_flags );
if( rc == -1 ) return rc;
break;
case LDAP_FILTER_LE:
rc = test_ava_vrFilter( op, a, vrf->vrf_ava,
LDAP_FILTER_LE, e_flags );
if( rc == -1 ) return rc;
break;
case LDAP_FILTER_EXT:
Debug( LDAP_DEBUG_FILTER, " EXT\n" );
rc = test_mra_vrFilter( op, a,
vrf->vrf_mra, e_flags );
if( rc == -1 ) return rc;
break;
default:
Debug( LDAP_DEBUG_ANY, " unknown filter type %lu\n",
vrf->vrf_choice );
rc = LDAP_PROTOCOL_ERROR;
}
}
Debug( LDAP_DEBUG_FILTER, "<= filter_matched_values %d\n", rc );
return( rc );
}
static int
test_ava_vrFilter(
Operation *op,
Attribute *a,
AttributeAssertion *ava,
int type,
char ***e_flags )
{
int i, j;
for ( i=0; a != NULL; a = a->a_next, i++ ) {
MatchingRule *mr;
struct berval *bv;
if ( !is_ad_subtype( a->a_desc, ava->aa_desc ) ) {
continue;
}
switch ( type ) {
case LDAP_FILTER_APPROX:
mr = a->a_desc->ad_type->sat_approx;
if( mr != NULL ) break;
/* use EQUALITY matching rule if no APPROX rule */
case LDAP_FILTER_EQUALITY:
mr = a->a_desc->ad_type->sat_equality;
break;
case LDAP_FILTER_GE:
case LDAP_FILTER_LE:
mr = a->a_desc->ad_type->sat_ordering;
break;
default:
mr = NULL;
}
if( mr == NULL ) continue;
bv = a->a_nvals;
for ( j=0; !BER_BVISNULL( bv ); bv++, j++ ) {
int rc, match;
const char *text;
rc = value_match( &match, a->a_desc, mr, 0,
bv, &ava->aa_value, &text );
if( rc != LDAP_SUCCESS ) return rc;
switch ( type ) {
case LDAP_FILTER_EQUALITY:
case LDAP_FILTER_APPROX:
if ( match == 0 ) {
(*e_flags)[i][j] = 1;
}
break;
case LDAP_FILTER_GE:
if ( match >= 0 ) {
(*e_flags)[i][j] = 1;
}
break;
case LDAP_FILTER_LE:
if ( match <= 0 ) {
(*e_flags)[i][j] = 1;
}
break;
}
}
}
return LDAP_SUCCESS;
}
static int
test_presence_vrFilter(
Operation *op,
Attribute *a,
AttributeDescription *desc,
char ***e_flags )
{
int i, j;
for ( i=0; a != NULL; a = a->a_next, i++ ) {
struct berval *bv;
if ( !is_ad_subtype( a->a_desc, desc ) ) continue;
for ( bv = a->a_vals, j = 0; !BER_BVISNULL( bv ); bv++, j++ );
memset( (*e_flags)[i], 1, j);
}
return( LDAP_SUCCESS );
}
static int
test_substrings_vrFilter(
Operation *op,
Attribute *a,
ValuesReturnFilter *vrf,
char ***e_flags )
{
int i, j;
for ( i=0; a != NULL; a = a->a_next, i++ ) {
MatchingRule *mr = a->a_desc->ad_type->sat_substr;
struct berval *bv;
if ( !is_ad_subtype( a->a_desc, vrf->vrf_sub_desc ) ) {
continue;
}
if( mr == NULL ) continue;
bv = a->a_nvals;
for ( j = 0; !BER_BVISNULL( bv ); bv++, j++ ) {
int rc, match;
const char *text;
rc = value_match( &match, a->a_desc, mr, 0,
bv, vrf->vrf_sub, &text );
if( rc != LDAP_SUCCESS ) return rc;
if ( match == 0 ) {
(*e_flags)[i][j] = 1;
}
}
}
return LDAP_SUCCESS;
}
static int
test_mra_vrFilter(
Operation *op,
Attribute *a,
MatchingRuleAssertion *mra,
char ***e_flags )
{
int i, j;
for ( i = 0; a != NULL; a = a->a_next, i++ ) {
struct berval *bv, assertedValue;
int normalize_attribute = 0;
if ( mra->ma_desc ) {
if ( !is_ad_subtype( a->a_desc, mra->ma_desc ) ) {
continue;
}
assertedValue = mra->ma_value;
} else {
int rc;
const char *text = NULL;
/* check if matching is appropriate */
if ( !mr_usable_with_at( mra->ma_rule, a->a_desc->ad_type ) ) {
continue;
}
rc = asserted_value_validate_normalize( a->a_desc, mra->ma_rule,
SLAP_MR_EXT|SLAP_MR_VALUE_OF_ASSERTION_SYNTAX,
&mra->ma_value, &assertedValue, &text, op->o_tmpmemctx );
if ( rc != LDAP_SUCCESS ) continue;
}
/* check match */
if ( mra->ma_rule == a->a_desc->ad_type->sat_equality ) {
bv = a->a_nvals;
} else {
bv = a->a_vals;
normalize_attribute = 1;
}
for ( j = 0; !BER_BVISNULL( bv ); bv++, j++ ) {
int rc, match;
const char *text;
struct berval nbv = BER_BVNULL;
if ( normalize_attribute && mra->ma_rule->smr_normalize ) {
/* see comment in filterentry.c */
if ( mra->ma_rule->smr_normalize(
SLAP_MR_VALUE_OF_ATTRIBUTE_SYNTAX,
mra->ma_rule->smr_syntax,
mra->ma_rule,
bv, &nbv, op->o_tmpmemctx ) != LDAP_SUCCESS )
{
/* FIXME: stop processing? */
continue;
}
} else {
nbv = *bv;
}
rc = value_match( &match, a->a_desc, mra->ma_rule, 0,
&nbv, &assertedValue, &text );
if ( nbv.bv_val != bv->bv_val ) {
op->o_tmpfree( nbv.bv_val, op->o_tmpmemctx );
}
if ( rc != LDAP_SUCCESS ) return rc;
if ( match == 0 ) {
(*e_flags)[i][j] = 1;
}
}
}
return LDAP_SUCCESS;
}