3 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
5 * Copyright 1998-2006 The OpenLDAP Foundation.
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted only as authorized by the OpenLDAP
12 * A copy of this license is available in the file LICENSE in the
13 * top-level directory of the distribution or, alternatively, at
14 * <http://www.OpenLDAP.org/license.html>.
16 /* Portions Copyright (c) 1990 Regents of the University of Michigan.
17 * All rights reserved.
24 #include <ac/stdlib.h>
26 #include <ac/socket.h>
27 #include <ac/string.h>
32 static int put_simple_vrFilter LDAP_P((
36 static int put_vrFilter_list LDAP_P((
40 static char *put_complex_filter LDAP_P((
46 static int put_simple_filter LDAP_P((
50 static int put_substring_filter LDAP_P((
55 static int put_filter_list LDAP_P((
60 static int ldap_is_oid ( const char *str )
64 if( LDAP_ALPHA( str[0] )) {
65 for( i=1; str[i]; i++ ) {
66 if( !LDAP_LDH( str[i] )) {
72 } else if LDAP_DIGIT( str[0] ) {
74 for( i=1; str[i]; i++ ) {
75 if( LDAP_DIGIT( str[i] )) {
78 } else if ( str[i] == '.' ) {
80 if( ++dot > 1 ) return 0;
92 static int ldap_is_desc ( const char *str )
96 if( LDAP_ALPHA( str[0] )) {
97 for( i=1; str[i]; i++ ) {
103 if( !LDAP_LDH( str[i] )) {
109 } else if LDAP_DIGIT( str[0] ) {
111 for( i=1; str[i]; i++ ) {
112 if( str[i] == ';' ) {
118 if( LDAP_DIGIT( str[i] )) {
121 } else if ( str[i] == '.' ) {
123 if( ++dot > 1 ) return 0;
135 if( !LDAP_LDH( str[0] )) {
138 for( i=1; str[i]; i++ ) {
139 if( str[i] == ';' ) {
143 if( !LDAP_LDH( str[i] )) {
151 find_right_paren( char *s )
157 while ( *s && balance ) {
161 } else if ( *s == ')' ) {
166 escape = ( *s == '\\' && !escape );
171 return *s ? s : NULL;
174 static int hex2value( int c )
176 if( c >= '0' && c <= '9' ) {
180 if( c >= 'A' && c <= 'F' ) {
181 return c + (10 - (int) 'A');
184 if( c >= 'a' && c <= 'f' ) {
185 return c + (10 - (int) 'a');
192 ldap_pvt_find_wildcard( const char *s )
196 case '*': /* found wildcard */
204 if( s[1] == '\0' ) return NULL;
206 if( LDAP_HEX( s[1] ) && LDAP_HEX( s[2] ) ) {
209 } else switch( s[1] ) {
213 /* allow RFC 1960 escapes */
226 /* unescape filter value */
227 /* support both LDAP v2 and v3 escapes */
228 /* output can include nul characters! */
230 ldap_pvt_filter_value_unescape( char *fval )
235 for( r=v=0; fval[v] != '\0'; v++ ) {
246 if ( fval[v] == '\0' ) {
247 /* escape at end of string */
251 if (( v1 = hex2value( fval[v] )) >= 0 ) {
253 if (( v2 = hex2value( fval[v+1] )) < 0 ) {
254 /* must be two digit code */
258 fval[r++] = v1 * 16 + v2;
287 put_complex_filter( BerElement *ber, char *str, ber_tag_t tag, int not )
292 * We have (x(filter)...) with str sitting on
293 * the x. We have to find the paren matching
294 * the one before the x and put the intervening
295 * filters by calling put_filter_list().
298 /* put explicit tag */
299 if ( ber_printf( ber, "t{" /*"}"*/, tag ) == -1 ) {
304 if ( (next = find_right_paren( str )) == NULL ) {
309 if ( put_filter_list( ber, str, tag ) == -1 ) {
316 /* flush explicit tagged thang */
317 if ( ber_printf( ber, /*"{"*/ "N}" ) == -1 ) {
325 ldap_pvt_put_filter( BerElement *ber, const char *str_in )
331 int parens, balance, escape;
334 * A Filter looks like this (RFC 4511 as extended by RFC 4526):
335 * Filter ::= CHOICE {
336 * and [0] SET SIZE (0..MAX) OF filter Filter,
337 * or [1] SET SIZE (0..MAX) OF filter Filter,
339 * equalityMatch [3] AttributeValueAssertion,
340 * substrings [4] SubstringFilter,
341 * greaterOrEqual [5] AttributeValueAssertion,
342 * lessOrEqual [6] AttributeValueAssertion,
343 * present [7] AttributeDescription,
344 * approxMatch [8] AttributeValueAssertion,
345 * extensibleMatch [9] MatchingRuleAssertion,
348 * SubstringFilter ::= SEQUENCE {
349 * type AttributeDescription,
350 * substrings SEQUENCE SIZE (1..MAX) OF substring CHOICE {
351 * initial [0] AssertionValue, -- only once
352 * any [1] AssertionValue,
353 * final [2] AssertionValue -- only once
357 * MatchingRuleAssertion ::= SEQUENCE {
358 * matchingRule [1] MatchingRuleId OPTIONAL,
359 * type [2] AttributeDescription OPTIONAL,
360 * matchValue [3] AssertionValue,
361 * dnAttributes [4] BOOLEAN DEFAULT FALSE }
363 * Note: tags in a CHOICE are always explicit
366 Debug( LDAP_DEBUG_TRACE, "put_filter: \"%s\"\n", str_in, 0, 0 );
368 freeme = LDAP_STRDUP( str_in );
369 if( freeme == NULL ) return LDAP_NO_MEMORY;
380 while( LDAP_SPACE( *str ) ) str++;
384 Debug( LDAP_DEBUG_TRACE, "put_filter: AND\n",
387 str = put_complex_filter( ber, str,
388 LDAP_FILTER_AND, 0 );
398 Debug( LDAP_DEBUG_TRACE, "put_filter: OR\n",
401 str = put_complex_filter( ber, str,
412 Debug( LDAP_DEBUG_TRACE, "put_filter: NOT\n",
415 str = put_complex_filter( ber, str,
416 LDAP_FILTER_NOT, 0 );
426 Debug( LDAP_DEBUG_TRACE, "put_filter: simple\n",
433 while ( *next && balance ) {
435 if ( *next == '(' ) {
437 } else if ( *next == ')' ) {
442 if ( *next == '\\' && ! escape ) {
448 if ( balance ) next++;
451 if ( balance != 0 ) {
458 if ( put_simple_filter( ber, str ) == -1 ) {
463 *next++ = /*'('*/ ')';
472 Debug( LDAP_DEBUG_TRACE, "put_filter: end\n",
474 if ( ber_printf( ber, /*"["*/ "]" ) == -1 ) {
486 default: /* assume it's a simple type=value filter */
487 Debug( LDAP_DEBUG_TRACE, "put_filter: default\n",
489 next = strchr( str, '\0' );
490 if ( put_simple_filter( ber, str ) == -1 ) {
499 rc = parens ? -1 : 0;
507 * Put a list of filters like this "(filter1)(filter2)..."
511 put_filter_list( BerElement *ber, char *str, ber_tag_t tag )
516 Debug( LDAP_DEBUG_TRACE, "put_filter_list \"%s\"\n",
520 while ( *str && LDAP_SPACE( (unsigned char) *str ) ) {
523 if ( *str == '\0' ) break;
525 if ( (next = find_right_paren( str + 1 )) == NULL ) {
530 /* now we have "(filter)" with str pointing to it */
532 if ( ldap_pvt_put_filter( ber, str ) == -1 ) return -1;
536 if( tag == LDAP_FILTER_NOT ) break;
539 if( tag == LDAP_FILTER_NOT && ( next == NULL || *str )) {
556 Debug( LDAP_DEBUG_TRACE, "put_simple_filter: \"%s\"\n",
559 str = LDAP_STRDUP( str );
560 if( str == NULL ) return -1;
562 if ( (s = strchr( str, '=' )) == NULL ) {
571 ftype = LDAP_FILTER_LE;
576 ftype = LDAP_FILTER_GE;
581 ftype = LDAP_FILTER_APPROX;
586 /* RFC 4515 extensible filters are off the form:
587 * type [:dn] [:rule] := value
588 * or [:dn]:rule := value
590 ftype = LDAP_FILTER_EXT;
594 char *dn = strchr( str, ':' );
599 rule = strchr( dn, ':' );
603 if ( strcasecmp(dn, "dn") == 0 ) {
604 /* must have attribute */
605 if( !ldap_is_desc( str ) ) {
620 if ( strcasecmp(dn, "dn") != 0 ) {
628 if ( *str == '\0' && ( !rule || *rule == '\0' ) ) {
629 /* must have either type or rule */
633 if ( *str != '\0' && !ldap_is_desc( str ) ) {
637 if ( rule && *rule != '\0' && !ldap_is_oid( rule ) ) {
641 rc = ber_printf( ber, "t{" /*"}"*/, ftype );
643 if( rc != -1 && rule && *rule != '\0' ) {
644 rc = ber_printf( ber, "ts", LDAP_FILTER_EXT_OID, rule );
647 if( rc != -1 && *str != '\0' ) {
648 rc = ber_printf( ber, "ts", LDAP_FILTER_EXT_TYPE, str );
652 ber_slen_t len = ldap_pvt_filter_value_unescape( value );
655 rc = ber_printf( ber, "to",
656 LDAP_FILTER_EXT_VALUE, value, len );
662 if( rc != -1 && dn ) {
663 rc = ber_printf( ber, "tb",
664 LDAP_FILTER_EXT_DNATTRS, (ber_int_t) 1 );
668 rc = ber_printf( ber, /*"{"*/ "N}" );
674 if( !ldap_is_desc( str ) ) {
678 char *nextstar = ldap_pvt_find_wildcard( value );
680 if ( nextstar == NULL ) {
683 } else if ( *nextstar == '\0' ) {
684 ftype = LDAP_FILTER_EQUALITY;
686 } else if ( strcmp( value, "*" ) == 0 ) {
687 ftype = LDAP_FILTER_PRESENT;
690 rc = put_substring_filter( ber, str, value );
696 if( !ldap_is_desc( str ) ) goto done;
698 if ( ftype == LDAP_FILTER_PRESENT ) {
699 rc = ber_printf( ber, "ts", ftype, str );
702 ber_slen_t len = ldap_pvt_filter_value_unescape( value );
705 rc = ber_printf( ber, "t{soN}",
706 ftype, str, value, len );
711 if( rc != -1 ) rc = 0;
717 put_substring_filter( BerElement *ber, char *type, char *val )
721 ber_tag_t ftype = LDAP_FILTER_SUBSTRINGS;
723 Debug( LDAP_DEBUG_TRACE, "put_substring_filter \"%s=%s\"\n",
726 if ( ber_printf( ber, "t{s{" /*"}}"*/, ftype, type ) == -1 ) {
730 for( ; *val; val=nextstar ) {
731 nextstar = ldap_pvt_find_wildcard( val );
733 if ( nextstar == NULL ) {
737 if ( *nextstar == '\0' ) {
738 ftype = LDAP_SUBSTRING_FINAL;
741 if ( gotstar++ == 0 ) {
742 ftype = LDAP_SUBSTRING_INITIAL;
744 ftype = LDAP_SUBSTRING_ANY;
748 if ( *val != '\0' || ftype == LDAP_SUBSTRING_ANY ) {
749 ber_slen_t len = ldap_pvt_filter_value_unescape( val );
755 if ( ber_printf( ber, "to", ftype, val, len ) == -1 ) {
761 if ( ber_printf( ber, /*"{{"*/ "N}N}" ) == -1 ) {
769 put_vrFilter( BerElement *ber, const char *str_in )
775 int parens, balance, escape;
778 * A ValuesReturnFilter looks like this:
780 * ValuesReturnFilter ::= SEQUENCE OF SimpleFilterItem
781 * SimpleFilterItem ::= CHOICE {
782 * equalityMatch [3] AttributeValueAssertion,
783 * substrings [4] SubstringFilter,
784 * greaterOrEqual [5] AttributeValueAssertion,
785 * lessOrEqual [6] AttributeValueAssertion,
786 * present [7] AttributeType,
787 * approxMatch [8] AttributeValueAssertion,
788 * extensibleMatch [9] SimpleMatchingAssertion -- LDAPv3
791 * SubstringFilter ::= SEQUENCE {
792 * type AttributeType,
793 * SEQUENCE OF CHOICE {
794 * initial [0] IA5String,
796 * final [2] IA5String
800 * SimpleMatchingAssertion ::= SEQUENCE { -- LDAPv3
801 * matchingRule [1] MatchingRuleId OPTIONAL,
802 * type [2] AttributeDescription OPTIONAL,
803 * matchValue [3] AssertionValue }
808 Debug( LDAP_DEBUG_TRACE, "put_vrFilter: \"%s\"\n", str_in, 0, 0 );
810 freeme = LDAP_STRDUP( str_in );
811 if( freeme == NULL ) return LDAP_NO_MEMORY;
822 while( LDAP_SPACE( *str ) ) str++;
826 if ( (next = find_right_paren( str )) == NULL ) {
833 if ( put_vrFilter_list( ber, str ) == -1 ) {
848 Debug( LDAP_DEBUG_TRACE, "put_vrFilter: simple\n",
855 while ( *next && balance ) {
857 if ( *next == '(' ) {
859 } else if ( *next == ')' ) {
864 if ( *next == '\\' && ! escape ) {
870 if ( balance ) next++;
873 if ( balance != 0 ) {
880 if ( put_simple_vrFilter( ber, str ) == -1 ) {
885 *next++ = /*'('*/ ')';
894 Debug( LDAP_DEBUG_TRACE, "put_vrFilter: end\n",
896 if ( ber_printf( ber, /*"["*/ "]" ) == -1 ) {
908 default: /* assume it's a simple type=value filter */
909 Debug( LDAP_DEBUG_TRACE, "put_vrFilter: default\n",
911 next = strchr( str, '\0' );
912 if ( put_simple_vrFilter( ber, str ) == -1 ) {
921 rc = parens ? -1 : 0;
929 ldap_put_vrFilter( BerElement *ber, const char *str_in )
933 if ( ber_printf( ber, "{" /*"}"*/ ) == -1 ) {
937 rc = put_vrFilter( ber, str_in );
939 if ( ber_printf( ber, /*"{"*/ "N}" ) == -1 ) {
947 put_vrFilter_list( BerElement *ber, char *str )
952 Debug( LDAP_DEBUG_TRACE, "put_vrFilter_list \"%s\"\n",
956 while ( *str && LDAP_SPACE( (unsigned char) *str ) ) {
959 if ( *str == '\0' ) break;
961 if ( (next = find_right_paren( str + 1 )) == NULL ) {
966 /* now we have "(filter)" with str pointing to it */
968 if ( put_vrFilter( ber, str ) == -1 ) return -1;
986 Debug( LDAP_DEBUG_TRACE, "put_simple_vrFilter: \"%s\"\n",
989 str = LDAP_STRDUP( str );
990 if( str == NULL ) return -1;
992 if ( (s = strchr( str, '=' )) == NULL ) {
1001 ftype = LDAP_FILTER_LE;
1006 ftype = LDAP_FILTER_GE;
1011 ftype = LDAP_FILTER_APPROX;
1016 /* According to ValuesReturnFilter control definition
1017 * extensible filters are off the form:
1018 * type [:rule] := value
1021 ftype = LDAP_FILTER_EXT;
1025 char *rule = strchr( str, ':' );
1027 if( rule == NULL ) {
1028 /* must have attribute */
1029 if( !ldap_is_desc( str ) ) {
1037 if ( *str == '\0' && ( !rule || *rule == '\0' ) ) {
1038 /* must have either type or rule */
1042 if ( *str != '\0' && !ldap_is_desc( str ) ) {
1046 if ( rule && *rule != '\0' && !ldap_is_oid( rule ) ) {
1050 rc = ber_printf( ber, "t{" /*"}"*/, ftype );
1052 if( rc != -1 && rule && *rule != '\0' ) {
1053 rc = ber_printf( ber, "ts", LDAP_FILTER_EXT_OID, rule );
1056 if( rc != -1 && *str != '\0' ) {
1057 rc = ber_printf( ber, "ts", LDAP_FILTER_EXT_TYPE, str );
1061 ber_slen_t len = ldap_pvt_filter_value_unescape( value );
1064 rc = ber_printf( ber, "to",
1065 LDAP_FILTER_EXT_VALUE, value, len );
1072 rc = ber_printf( ber, /*"{"*/ "N}" );
1078 if( !ldap_is_desc( str ) ) {
1082 char *nextstar = ldap_pvt_find_wildcard( value );
1084 if ( nextstar == NULL ) {
1087 } else if ( *nextstar == '\0' ) {
1088 ftype = LDAP_FILTER_EQUALITY;
1090 } else if ( strcmp( value, "*" ) == 0 ) {
1091 ftype = LDAP_FILTER_PRESENT;
1094 rc = put_substring_filter( ber, str, value );
1100 if( !ldap_is_desc( str ) ) goto done;
1102 if ( ftype == LDAP_FILTER_PRESENT ) {
1103 rc = ber_printf( ber, "ts", ftype, str );
1106 ber_slen_t len = ldap_pvt_filter_value_unescape( value );
1109 rc = ber_printf( ber, "t{soN}",
1110 ftype, str, value, len );
1115 if( rc != -1 ) rc = 0;
projects / openldap / blob