3 * Copyright 1998-2000 The OpenLDAP Foundation, All Rights Reserved.
4 * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
7 * Copyright (c) 1990 Regents of the University of Michigan.
17 #include <ac/stdlib.h>
20 #include <ac/socket.h>
21 #include <ac/string.h>
26 static int ldap_is_attr_oid LDAP_P((
29 static int ldap_is_attr_desc LDAP_P((
32 static int hex2value LDAP_P((
35 static char *find_right_paren LDAP_P((
38 static char *put_complex_filter LDAP_P((
44 static int put_filter LDAP_P((
48 static int put_simple_filter LDAP_P((
52 static int put_substring_filter LDAP_P((
57 static int put_filter_list LDAP_P((
62 * ldap_search_ext - initiate an ldap search operation.
67 * base DN of the base object
68 * scope the search scope - one of LDAP_SCOPE_BASE,
69 * LDAP_SCOPE_ONELEVEL, LDAP_SCOPE_SUBTREE
70 * filter a string containing the search filter
71 * (e.g., "(|(cn=bob)(sn=bob))")
72 * attrs list of attribute types to return for matches
73 * attrsonly 1 => attributes only 0 => attributes and values
76 * char *attrs[] = { "mail", "title", 0 };
77 * ldap_search_ext( ld, "c=us,o=UM", LDAP_SCOPE_SUBTREE, "cn~=bob",
78 * attrs, attrsonly, sctrls, ctrls, timeout, sizelimit,
84 LDAP_CONST char *base,
86 LDAP_CONST char *filter,
91 struct timeval *timeout,
98 Debug( LDAP_DEBUG_TRACE, "ldap_search_ext\n", 0, 0, 0 );
101 * if timeout is provided, both tv_sec and tv_usec must
104 if( timeout != NULL ) {
105 if( timeout->tv_sec == 0 && timeout->tv_usec == 0 ) {
106 return LDAP_PARAM_ERROR;
109 /* timelimit must be non-zero if timeout is provided */
110 timelimit = timeout->tv_sec != 0 ? timeout->tv_sec : 1;
113 /* no timeout, no timelimit */
117 ber = ldap_build_search_req( ld, base, scope, filter, attrs,
118 attrsonly, sctrls, cctrls, timelimit, sizelimit );
125 if ( ld->ld_cache != NULL ) {
126 if ( ldap_check_cache( ld, LDAP_REQ_SEARCH, ber ) == 0 ) {
128 ld->ld_errno = LDAP_SUCCESS;
129 *msgidp = ld->ld_msgid;
132 ldap_add_request_to_cache( ld, LDAP_REQ_SEARCH, ber );
134 #endif /* LDAP_NOCACHE */
136 /* send the message */
137 *msgidp = ldap_send_initial_request( ld, LDAP_REQ_SEARCH, base, ber );
148 LDAP_CONST char *base,
150 LDAP_CONST char *filter,
153 LDAPControl **sctrls,
154 LDAPControl **cctrls,
155 struct timeval *timeout,
162 rc = ldap_search_ext( ld, base, scope, filter, attrs, attrsonly,
163 sctrls, cctrls, timeout, sizelimit, &msgid );
165 if ( rc != LDAP_SUCCESS ) {
169 rc = ldap_result( ld, msgid, 1, timeout, res );
172 /* error(-1) or timeout(0) */
173 return( ld->ld_errno );
176 if( rc == LDAP_RES_SEARCH_REFERENCE) {
177 return( ld->ld_errno );
180 return( ldap_result2error( ld, *res, 0 ) );
184 * ldap_search - initiate an ldap search operation.
189 * base DN of the base object
190 * scope the search scope - one of LDAP_SCOPE_BASE,
191 * LDAP_SCOPE_ONELEVEL, LDAP_SCOPE_SUBTREE
192 * filter a string containing the search filter
193 * (e.g., "(|(cn=bob)(sn=bob))")
194 * attrs list of attribute types to return for matches
195 * attrsonly 1 => attributes only 0 => attributes and values
198 * char *attrs[] = { "mail", "title", 0 };
199 * msgid = ldap_search( ld, "c=us@o=UM", LDAP_SCOPE_SUBTREE, "cn~=bob",
200 * attrs, attrsonly );
204 LDAP *ld, LDAP_CONST char *base, int scope, LDAP_CONST char *filter,
205 char **attrs, int attrsonly )
209 Debug( LDAP_DEBUG_TRACE, "ldap_search\n", 0, 0, 0 );
211 ber = ldap_build_search_req( ld, base, scope, filter, attrs,
212 attrsonly, NULL, NULL, -1, -1 );
219 if ( ld->ld_cache != NULL ) {
220 if ( ldap_check_cache( ld, LDAP_REQ_SEARCH, ber ) == 0 ) {
222 ld->ld_errno = LDAP_SUCCESS;
223 return( ld->ld_msgid );
225 ldap_add_request_to_cache( ld, LDAP_REQ_SEARCH, ber );
227 #endif /* LDAP_NOCACHE */
229 /* send the message */
230 return ( ldap_send_initial_request( ld, LDAP_REQ_SEARCH, base, ber ));
235 ldap_build_search_req(
237 LDAP_CONST char *base,
239 LDAP_CONST char *filter_in,
242 LDAPControl **sctrls,
243 LDAPControl **cctrls,
245 ber_int_t sizelimit )
252 * Create the search request. It looks like this:
253 * SearchRequest := [APPLICATION 3] SEQUENCE {
254 * baseObject DistinguishedName,
260 * derefAliases ENUMERATED {
261 * neverDerefaliases (0),
262 * derefInSearching (1),
263 * derefFindingBaseObj (2),
264 * alwaysDerefAliases (3)
266 * sizelimit INTEGER (0 .. 65535),
267 * timelimit INTEGER (0 .. 65535),
270 * attributes SEQUENCE OF AttributeType
272 * wrapped in an ldap message.
275 /* create a message to send */
276 if ( (ber = ldap_alloc_ber_with_options( ld )) == NULL ) {
280 if ( base == NULL ) {
281 /* no base provided, use session default base */
282 base = ld->ld_options.ldo_defbase;
284 if ( base == NULL ) {
285 /* no session default base, use top */
290 #ifdef LDAP_CONNECTIONLESS
291 if ( ld->ld_cldapnaddr > 0 ) {
292 err = ber_printf( ber, "{ist{seeiib", ++ld->ld_msgid,
293 ld->ld_cldapdn, LDAP_REQ_SEARCH, base, scope, ld->ld_deref,
294 (sizelimit < 0) ? ld->ld_sizelimit : sizelimit,
295 (timelimit < 0) ? ld->ld_timelimit : timelimit,
298 #endif /* LDAP_CONNECTIONLESS */
299 err = ber_printf( ber, "{it{seeiib", ++ld->ld_msgid,
300 LDAP_REQ_SEARCH, base, (ber_int_t) scope, ld->ld_deref,
301 (sizelimit < 0) ? ld->ld_sizelimit : sizelimit,
302 (timelimit < 0) ? ld->ld_timelimit : timelimit,
304 #ifdef LDAP_CONNECTIONLESS
306 #endif /* LDAP_CONNECTIONLESS */
309 ld->ld_errno = LDAP_ENCODING_ERROR;
314 if( filter_in != NULL ) {
315 filter = LDAP_STRDUP( filter_in );
317 filter = LDAP_STRDUP( "(objectclass=*)" );
319 err = put_filter( ber, filter );
323 ld->ld_errno = LDAP_FILTER_ERROR;
328 if ( ber_printf( ber, /*{*/ "{v}}", attrs ) == -1 ) {
329 ld->ld_errno = LDAP_ENCODING_ERROR;
334 /* Put Server Controls */
335 if( ldap_int_put_controls( ld, sctrls, ber ) != LDAP_SUCCESS ) {
340 if ( ber_printf( ber, /*{*/ "}", attrs ) == -1 ) {
341 ld->ld_errno = LDAP_ENCODING_ERROR;
349 static int ldap_is_attr_oid ( const char *attr )
353 for( i = 0; (c = attr[i]) != 0; i++ ) {
354 if( c >= '0' && c <= '9' ) {
357 } else if ( c != '.' ) {
358 /* not digit nor '.' */
361 } else if ( !digit ) {
362 /* '.' but prev not digit */
374 static int ldap_is_attr_desc ( const char *attr )
376 /* cheap attribute description check */
379 for( i = 0; (c = attr[i]) != 0; i++ ) {
380 if (( c >= '0' && c <= '9' )
381 || ( c >= 'A' && c <= 'Z' )
382 || ( c >= 'a' && c <= 'z' )
383 || ( c == '.' || c == '-' )
384 || ( c == ';' )) continue;
393 find_right_paren( char *s )
399 while ( *s && balance ) {
403 else if ( *s == ')' )
406 if ( *s == '\\' && ! escape )
414 return( *s ? s : NULL );
417 static int hex2value( int c )
419 if( c >= '0' && c <= '9' ) {
423 if( c >= 'A' && c <= 'F' ) {
424 return c + (10 - (int) 'A');
427 if( c >= 'a' && c <= 'f' ) {
428 return c + (10 - (int) 'a');
435 ldap_pvt_find_wildcard( const char *s )
437 for( ; *s != '\0' ; s++ ) {
439 case '*': /* found wildcard */
443 s++; /* skip over escape */
445 return NULL; /* escape at end of string */
452 /* unescape filter value */
453 /* support both LDAP v2 and v3 escapes */
454 /* output can include nul characters */
456 ldap_pvt_filter_value_unescape( char *fval )
461 for( r=v=0; fval[v] != '\0'; v++ ) {
467 if ( fval[v] == '\0' ) {
468 /* escape at end of string */
473 if (( v1 = hex2value( fval[v] )) >= 0 ) {
476 if (( v2 = hex2value( fval[v+1] )) < 0 ) {
477 /* must be two digit code */
481 fval[r++] = v1 * 16 + v2;
501 put_complex_filter( BerElement *ber, char *str, ber_tag_t tag, int not )
506 * We have (x(filter)...) with str sitting on
507 * the x. We have to find the paren matching
508 * the one before the x and put the intervening
509 * filters by calling put_filter_list().
512 /* put explicit tag */
513 if ( ber_printf( ber, "t{" /*}*/, tag ) == -1 )
517 if ( (next = find_right_paren( str )) == NULL )
521 if ( put_filter_list( ber, str ) == -1 )
525 /* flush explicit tagged thang */
526 if ( ber_printf( ber, /*{*/ "}" ) == -1 )
533 put_filter( BerElement *ber, char *str )
536 int parens, balance, escape;
539 * A Filter looks like this:
540 * Filter ::= CHOICE {
541 * and [0] SET OF Filter,
542 * or [1] SET OF Filter,
544 * equalityMatch [3] AttributeValueAssertion,
545 * substrings [4] SubstringFilter,
546 * greaterOrEqual [5] AttributeValueAssertion,
547 * lessOrEqual [6] AttributeValueAssertion,
548 * present [7] AttributeType,
549 * approxMatch [8] AttributeValueAssertion,
550 * extensibleMatch [9] MatchingRuleAssertion -- LDAPv3
553 * SubstringFilter ::= SEQUENCE {
554 * type AttributeType,
555 * SEQUENCE OF CHOICE {
556 * initial [0] IA5String,
558 * final [2] IA5String
562 * MatchingRuleAssertion ::= SEQUENCE { -- LDAPv3
563 * matchingRule [1] MatchingRuleId OPTIONAL,
564 * type [2] AttributeDescription OPTIONAL,
565 * matchValue [3] AssertionValue,
566 * dnAttributes [4] BOOLEAN DEFAULT FALSE }
568 * Note: tags in a choice are always explicit
571 Debug( LDAP_DEBUG_TRACE, "put_filter \"%s\"\n", str, 0, 0 );
581 while( isspace( *str ) ) str++;
585 Debug( LDAP_DEBUG_TRACE, "put_filter: AND\n",
588 if ( (str = put_complex_filter( ber, str,
589 LDAP_FILTER_AND, 0 )) == NULL )
596 Debug( LDAP_DEBUG_TRACE, "put_filter: OR\n",
599 if ( (str = put_complex_filter( ber, str,
600 LDAP_FILTER_OR, 0 )) == NULL )
607 Debug( LDAP_DEBUG_TRACE, "put_filter: NOT\n",
610 if ( (str = put_complex_filter( ber, str,
611 LDAP_FILTER_NOT, 1 )) == NULL )
618 Debug( LDAP_DEBUG_TRACE, "put_filter: simple\n",
624 while ( *next && balance ) {
628 else if ( *next == ')' )
631 if ( *next == '\\' && ! escape )
642 if ( put_simple_filter( ber, str ) == -1 ) {
653 Debug( LDAP_DEBUG_TRACE, "put_filter: end\n", 0, 0,
655 if ( ber_printf( ber, /*[*/ "]" ) == -1 )
665 default: /* assume it's a simple type=value filter */
666 Debug( LDAP_DEBUG_TRACE, "put_filter: default\n", 0, 0,
668 next = strchr( str, '\0' );
669 if ( put_simple_filter( ber, str ) == -1 ) {
677 return( parens ? -1 : 0 );
681 * Put a list of filters like this "(filter1)(filter2)..."
685 put_filter_list( BerElement *ber, char *str )
690 Debug( LDAP_DEBUG_TRACE, "put_filter_list \"%s\"\n", str, 0, 0 );
693 while ( *str && isspace( (unsigned char) *str ) )
698 if ( (next = find_right_paren( str + 1 )) == NULL )
702 /* now we have "(filter)" with str pointing to it */
704 if ( put_filter( ber, str ) == -1 )
724 Debug( LDAP_DEBUG_TRACE, "put_simple_filter \"%s\"\n", str, 0, 0 );
726 str = LDAP_STRDUP( str );
727 if( str == NULL ) return -1;
729 if ( (s = strchr( str, '=' )) == NULL ) {
738 ftype = LDAP_FILTER_LE;
740 if(! ldap_is_attr_desc( str ) ) goto done;
744 ftype = LDAP_FILTER_GE;
746 if(! ldap_is_attr_desc( str ) ) goto done;
750 ftype = LDAP_FILTER_APPROX;
752 if(! ldap_is_attr_desc( str ) ) goto done;
756 /* RFC2254 extensible filters are off the form:
757 * type [:dn] [:rule] := value
758 * or [:dn]:rule := value
760 ftype = LDAP_FILTER_EXT;
764 char *dn = strchr( str, ':' );
768 if(! ldap_is_attr_desc( str ) ) goto done;
773 rule = strchr( dn, ':' );
777 if ( strcmp(dn, "dn") == 0 ) {
778 /* must have attribute */
779 if( !ldap_is_attr_desc( str ) ) {
794 if ( strcmp(dn, "dn") != 0 ) {
800 if ( *str == '\0' && *rule == '\0' ) {
801 /* must have either type or rule */
805 if ( *str != '\0' && !ldap_is_attr_desc( str ) ) {
809 if ( *rule != '\0' && !ldap_is_attr_oid( rule ) ) {
813 rc = ber_printf( ber, "t{" /*}*/, ftype );
815 if( rc != -1 && *rule != '\0' ) {
816 rc = ber_printf( ber, "ts", LDAP_FILTER_EXT_OID, rule );
818 if( rc != -1 && *str != '\0' ) {
819 rc = ber_printf( ber, "ts", LDAP_FILTER_EXT_TYPE, str );
823 ber_slen_t len = ldap_pvt_filter_value_unescape( value );
826 rc = ber_printf( ber, "totb}",
827 LDAP_FILTER_EXT_VALUE, value, len,
828 LDAP_FILTER_EXT_DNATTRS, dn != NULL);
837 if ( ldap_pvt_find_wildcard( value ) == NULL ) {
838 ftype = LDAP_FILTER_EQUALITY;
839 } else if ( strcmp( value, "*" ) == 0 ) {
840 ftype = LDAP_FILTER_PRESENT;
842 rc = put_substring_filter( ber, str, value );
848 if ( ftype == LDAP_FILTER_PRESENT ) {
849 rc = ber_printf( ber, "ts", ftype, str );
852 ber_slen_t len = ldap_pvt_filter_value_unescape( value );
855 rc = ber_printf( ber, "t{so}",
856 ftype, str, value, len );
860 if( rc != -1 ) rc = 0;
868 put_substring_filter( BerElement *ber, char *type, char *val )
870 char *nextstar, gotstar = 0;
871 ber_tag_t ftype = LDAP_FILTER_SUBSTRINGS;
873 Debug( LDAP_DEBUG_TRACE, "put_substring_filter \"%s=%s\"\n", type,
876 if ( ber_printf( ber, "t{s{", ftype, type ) == -1 )
879 for( ; val != NULL; val=nextstar ) {
880 if ( (nextstar = ldap_pvt_find_wildcard( val )) != NULL )
883 if ( gotstar == 0 ) {
884 ftype = LDAP_SUBSTRING_INITIAL;
885 } else if ( nextstar == NULL ) {
886 ftype = LDAP_SUBSTRING_FINAL;
888 ftype = LDAP_SUBSTRING_ANY;
891 if ( *val != '\0' ) {
892 ber_slen_t len = ldap_pvt_filter_value_unescape( val );
898 if ( ber_printf( ber, "to", ftype, val, len ) == -1 ) {
906 if ( ber_printf( ber, /* {{ */ "}}" ) == -1 )
914 LDAP *ld, LDAP_CONST char *base, int scope,
915 LDAP_CONST char *filter, char **attrs,
916 int attrsonly, struct timeval *timeout, LDAPMessage **res )
920 if ( (msgid = ldap_search( ld, base, scope, filter, attrs, attrsonly ))
922 return( ld->ld_errno );
924 if ( ldap_result( ld, msgid, 1, timeout, res ) == -1 )
925 return( ld->ld_errno );
927 if ( ld->ld_errno == LDAP_TIMEOUT ) {
928 (void) ldap_abandon( ld, msgid );
929 ld->ld_errno = LDAP_TIMEOUT;
930 return( ld->ld_errno );
933 return( ldap_result2error( ld, *res, 0 ) );
939 LDAP_CONST char *base,
941 LDAP_CONST char *filter,
948 if ( (msgid = ldap_search( ld, base, scope, filter, attrs, attrsonly ))
950 return( ld->ld_errno );
952 if ( ldap_result( ld, msgid, 1, (struct timeval *) NULL, res ) == -1 )
953 return( ld->ld_errno );
955 return( ldap_result2error( ld, *res, 0 ) );