3 * Copyright 1998-2000 The OpenLDAP Foundation, All Rights Reserved.
4 * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
7 * Copyright (c) 1990 Regents of the University of Michigan.
17 #include <ac/stdlib.h>
19 #include <ac/socket.h>
20 #include <ac/string.h>
25 static int ldap_is_attr_oid LDAP_P((
28 static int ldap_is_attr_desc LDAP_P((
31 static int hex2value LDAP_P((
34 static char *find_right_paren LDAP_P((
37 static char *put_complex_filter LDAP_P((
43 static int put_filter LDAP_P((
47 static int put_simple_filter LDAP_P((
51 static int put_substring_filter LDAP_P((
56 static int put_filter_list LDAP_P((
62 * ldap_search_ext - initiate an ldap search operation.
67 * base DN of the base object
68 * scope the search scope - one of LDAP_SCOPE_BASE,
69 * LDAP_SCOPE_ONELEVEL, LDAP_SCOPE_SUBTREE
70 * filter a string containing the search filter
71 * (e.g., "(|(cn=bob)(sn=bob))")
72 * attrs list of attribute types to return for matches
73 * attrsonly 1 => attributes only 0 => attributes and values
76 * char *attrs[] = { "mail", "title", 0 };
77 * ldap_search_ext( ld, "dc=example,dc=com", LDAP_SCOPE_SUBTREE, "cn~=bob",
78 * attrs, attrsonly, sctrls, ctrls, timeout, sizelimit,
84 LDAP_CONST char *base,
86 LDAP_CONST char *filter,
91 struct timeval *timeout,
99 Debug( LDAP_DEBUG_TRACE, "ldap_search_ext\n", 0, 0, 0 );
101 assert( ld != NULL );
102 assert( LDAP_VALID( ld ) );
104 /* check client controls */
105 rc = ldap_int_client_controls( ld, cctrls );
106 if( rc != LDAP_SUCCESS ) return rc;
109 * if timeout is provided, both tv_sec and tv_usec must
112 if( timeout != NULL ) {
113 if( timeout->tv_sec == 0 && timeout->tv_usec == 0 ) {
114 return LDAP_PARAM_ERROR;
117 /* timelimit must be non-zero if timeout is provided */
118 timelimit = timeout->tv_sec != 0 ? timeout->tv_sec : 1;
121 /* no timeout, no timelimit */
125 ber = ldap_build_search_req( ld, base, scope, filter, attrs,
126 attrsonly, sctrls, cctrls, timelimit, sizelimit );
133 if ( ld->ld_cache != NULL ) {
134 if ( ldap_check_cache( ld, LDAP_REQ_SEARCH, ber ) == 0 ) {
136 ld->ld_errno = LDAP_SUCCESS;
137 *msgidp = ld->ld_msgid;
140 ldap_add_request_to_cache( ld, LDAP_REQ_SEARCH, ber );
142 #endif /* LDAP_NOCACHE */
144 /* send the message */
145 *msgidp = ldap_send_initial_request( ld, LDAP_REQ_SEARCH, base, ber );
156 LDAP_CONST char *base,
158 LDAP_CONST char *filter,
161 LDAPControl **sctrls,
162 LDAPControl **cctrls,
163 struct timeval *timeout,
170 rc = ldap_search_ext( ld, base, scope, filter, attrs, attrsonly,
171 sctrls, cctrls, timeout, sizelimit, &msgid );
173 if ( rc != LDAP_SUCCESS ) {
177 rc = ldap_result( ld, msgid, 1, timeout, res );
180 /* error(-1) or timeout(0) */
181 return( ld->ld_errno );
184 if( rc == LDAP_RES_SEARCH_REFERENCE || rc == LDAP_RES_EXTENDED_PARTIAL ) {
185 return( ld->ld_errno );
188 return( ldap_result2error( ld, *res, 0 ) );
192 * ldap_search - initiate an ldap search operation.
197 * base DN of the base object
198 * scope the search scope - one of LDAP_SCOPE_BASE,
199 * LDAP_SCOPE_ONELEVEL, LDAP_SCOPE_SUBTREE
200 * filter a string containing the search filter
201 * (e.g., "(|(cn=bob)(sn=bob))")
202 * attrs list of attribute types to return for matches
203 * attrsonly 1 => attributes only 0 => attributes and values
206 * char *attrs[] = { "mail", "title", 0 };
207 * msgid = ldap_search( ld, "dc=example,dc=com", LDAP_SCOPE_SUBTREE, "cn~=bob",
208 * attrs, attrsonly );
212 LDAP *ld, LDAP_CONST char *base, int scope, LDAP_CONST char *filter,
213 char **attrs, int attrsonly )
217 Debug( LDAP_DEBUG_TRACE, "ldap_search\n", 0, 0, 0 );
219 assert( ld != NULL );
220 assert( LDAP_VALID( ld ) );
222 ber = ldap_build_search_req( ld, base, scope, filter, attrs,
223 attrsonly, NULL, NULL, -1, -1 );
230 if ( ld->ld_cache != NULL ) {
231 if ( ldap_check_cache( ld, LDAP_REQ_SEARCH, ber ) == 0 ) {
233 ld->ld_errno = LDAP_SUCCESS;
234 return( ld->ld_msgid );
236 ldap_add_request_to_cache( ld, LDAP_REQ_SEARCH, ber );
238 #endif /* LDAP_NOCACHE */
240 /* send the message */
241 return ( ldap_send_initial_request( ld, LDAP_REQ_SEARCH, base, ber ));
246 ldap_build_search_req(
248 LDAP_CONST char *base,
250 LDAP_CONST char *filter_in,
253 LDAPControl **sctrls,
254 LDAPControl **cctrls,
256 ber_int_t sizelimit )
263 * Create the search request. It looks like this:
264 * SearchRequest := [APPLICATION 3] SEQUENCE {
265 * baseObject DistinguishedName,
271 * derefAliases ENUMERATED {
272 * neverDerefaliases (0),
273 * derefInSearching (1),
274 * derefFindingBaseObj (2),
275 * alwaysDerefAliases (3)
277 * sizelimit INTEGER (0 .. 65535),
278 * timelimit INTEGER (0 .. 65535),
281 * attributes SEQUENCE OF AttributeType
283 * wrapped in an ldap message.
286 /* create a message to send */
287 if ( (ber = ldap_alloc_ber_with_options( ld )) == NULL ) {
291 if ( base == NULL ) {
292 /* no base provided, use session default base */
293 base = ld->ld_options.ldo_defbase;
295 if ( base == NULL ) {
296 /* no session default base, use top */
301 #ifdef LDAP_CONNECTIONLESS
302 if ( LDAP_IS_UDP(ld) ) {
303 err = ber_write( ber, ld->ld_options.ldo_peer,
304 sizeof(struct sockaddr), 0);
306 if ( LDAP_IS_UDP(ld) && ld->ld_options.ldo_version == LDAP_VERSION2) {
307 char *dn = ld->ld_options.ldo_cldapdn;
309 err = ber_printf( ber, "{ist{seeiib", ++ld->ld_msgid, dn,
310 LDAP_REQ_SEARCH, base, (ber_int_t) scope, ld->ld_deref,
311 (sizelimit < 0) ? ld->ld_sizelimit : sizelimit,
312 (timelimit < 0) ? ld->ld_timelimit : timelimit,
317 err = ber_printf( ber, "{it{seeiib", ++ld->ld_msgid,
318 LDAP_REQ_SEARCH, base, (ber_int_t) scope, ld->ld_deref,
319 (sizelimit < 0) ? ld->ld_sizelimit : sizelimit,
320 (timelimit < 0) ? ld->ld_timelimit : timelimit,
325 ld->ld_errno = LDAP_ENCODING_ERROR;
330 if( filter_in != NULL ) {
331 filter = LDAP_STRDUP( filter_in );
333 filter = LDAP_STRDUP( "(objectclass=*)" );
335 err = put_filter( ber, filter );
339 ld->ld_errno = LDAP_FILTER_ERROR;
344 if ( ber_printf( ber, /*{*/ "{v}N}", attrs ) == -1 ) {
345 ld->ld_errno = LDAP_ENCODING_ERROR;
350 /* Put Server Controls */
351 if( ldap_int_put_controls( ld, sctrls, ber ) != LDAP_SUCCESS ) {
356 if ( ber_printf( ber, /*{*/ "N}" ) == -1 ) {
357 ld->ld_errno = LDAP_ENCODING_ERROR;
365 static int ldap_is_attr_oid ( const char *attr )
369 for( i = 0; (c = attr[i]) != 0; i++ ) {
370 if( c >= '0' && c <= '9' ) {
373 } else if ( c != '.' ) {
374 /* not digit nor '.' */
377 } else if ( !digit ) {
378 /* '.' but prev not digit */
390 static int ldap_is_attr_desc ( const char *attr )
392 /* cheap attribute description check */
395 for( i = 0; (c = attr[i]) != 0; i++ ) {
396 if (( c >= '0' && c <= '9' )
397 || ( c >= 'A' && c <= 'Z' )
398 || ( c >= 'a' && c <= 'z' )
399 || ( c == '.' || c == '-' )
400 || ( c == ';' )) continue;
409 find_right_paren( char *s )
415 while ( *s && balance ) {
419 else if ( *s == ')' )
422 if ( *s == '\\' && ! escape )
430 return( *s ? s : NULL );
433 static int hex2value( int c )
435 if( c >= '0' && c <= '9' ) {
439 if( c >= 'A' && c <= 'F' ) {
440 return c + (10 - (int) 'A');
443 if( c >= 'a' && c <= 'f' ) {
444 return c + (10 - (int) 'a');
451 ldap_pvt_find_wildcard( const char *s )
453 for( ; *s != '\0' ; s++ ) {
455 case '*': /* found wildcard */
459 s++; /* skip over escape */
461 return NULL; /* escape at end of string */
468 /* unescape filter value */
469 /* support both LDAP v2 and v3 escapes */
470 /* output can include nul characters! */
472 ldap_pvt_filter_value_unescape( char *fval )
477 for( r=v=0; fval[v] != '\0'; v++ ) {
483 if ( fval[v] == '\0' ) {
484 /* escape at end of string */
489 if (( v1 = hex2value( fval[v] )) >= 0 ) {
491 if (( v2 = hex2value( fval[v+1] )) < 0 ) {
492 /* must be two digit code */
496 fval[r++] = v1 * 16 + v2;
525 put_complex_filter( BerElement *ber, char *str, ber_tag_t tag, int not )
530 * We have (x(filter)...) with str sitting on
531 * the x. We have to find the paren matching
532 * the one before the x and put the intervening
533 * filters by calling put_filter_list().
536 /* put explicit tag */
537 if ( ber_printf( ber, "t{" /*}*/, tag ) == -1 )
541 if ( (next = find_right_paren( str )) == NULL )
545 if ( put_filter_list( ber, str, tag ) == -1 )
549 /* flush explicit tagged thang */
550 if ( ber_printf( ber, /*{*/ "N}" ) == -1 )
557 put_filter( BerElement *ber, char *str )
560 int parens, balance, escape;
563 * A Filter looks like this:
564 * Filter ::= CHOICE {
565 * and [0] SET OF Filter,
566 * or [1] SET OF Filter,
568 * equalityMatch [3] AttributeValueAssertion,
569 * substrings [4] SubstringFilter,
570 * greaterOrEqual [5] AttributeValueAssertion,
571 * lessOrEqual [6] AttributeValueAssertion,
572 * present [7] AttributeType,
573 * approxMatch [8] AttributeValueAssertion,
574 * extensibleMatch [9] MatchingRuleAssertion -- LDAPv3
577 * SubstringFilter ::= SEQUENCE {
578 * type AttributeType,
579 * SEQUENCE OF CHOICE {
580 * initial [0] IA5String,
582 * final [2] IA5String
586 * MatchingRuleAssertion ::= SEQUENCE { -- LDAPv3
587 * matchingRule [1] MatchingRuleId OPTIONAL,
588 * type [2] AttributeDescription OPTIONAL,
589 * matchValue [3] AssertionValue,
590 * dnAttributes [4] BOOLEAN DEFAULT FALSE }
592 * Note: tags in a choice are always explicit
595 Debug( LDAP_DEBUG_TRACE, "put_filter \"%s\"\n", str, 0, 0 );
605 while( LDAP_SPACE( *str ) ) str++;
609 Debug( LDAP_DEBUG_TRACE, "put_filter: AND\n",
612 if ( (str = put_complex_filter( ber, str,
613 LDAP_FILTER_AND, 0 )) == NULL )
620 Debug( LDAP_DEBUG_TRACE, "put_filter: OR\n",
623 if ( (str = put_complex_filter( ber, str,
624 LDAP_FILTER_OR, 0 )) == NULL )
631 Debug( LDAP_DEBUG_TRACE, "put_filter: NOT\n",
634 if ( (str = put_complex_filter( ber, str,
635 LDAP_FILTER_NOT, 1 )) == NULL )
642 Debug( LDAP_DEBUG_TRACE, "put_filter: simple\n",
648 while ( *next && balance ) {
652 else if ( *next == ')' )
655 if ( *next == '\\' && ! escape )
666 if ( put_simple_filter( ber, str ) == -1 ) {
677 Debug( LDAP_DEBUG_TRACE, "put_filter: end\n", 0, 0,
679 if ( ber_printf( ber, /*[*/ "]" ) == -1 )
689 default: /* assume it's a simple type=value filter */
690 Debug( LDAP_DEBUG_TRACE, "put_filter: default\n", 0, 0,
692 next = strchr( str, '\0' );
693 if ( put_simple_filter( ber, str ) == -1 ) {
701 return( parens ? -1 : 0 );
705 * Put a list of filters like this "(filter1)(filter2)..."
709 put_filter_list( BerElement *ber, char *str, ber_tag_t tag )
714 Debug( LDAP_DEBUG_TRACE, "put_filter_list \"%s\"\n", str, 0, 0 );
717 while ( *str && LDAP_SPACE( (unsigned char) *str ) ) {
720 if ( *str == '\0' ) break;
722 if ( (next = find_right_paren( str + 1 )) == NULL ) {
727 /* now we have "(filter)" with str pointing to it */
729 if ( put_filter( ber, str ) == -1 ) return -1;
733 if( tag == LDAP_FILTER_NOT ) break;
736 if( tag == LDAP_FILTER_NOT && ( next == NULL || *str )) {
753 Debug( LDAP_DEBUG_TRACE, "put_simple_filter \"%s\"\n", str, 0, 0 );
755 str = LDAP_STRDUP( str );
756 if( str == NULL ) return -1;
758 if ( (s = strchr( str, '=' )) == NULL ) {
767 ftype = LDAP_FILTER_LE;
769 if(! ldap_is_attr_desc( str ) ) goto done;
773 ftype = LDAP_FILTER_GE;
775 if(! ldap_is_attr_desc( str ) ) goto done;
779 ftype = LDAP_FILTER_APPROX;
781 if(! ldap_is_attr_desc( str ) ) goto done;
785 /* RFC2254 extensible filters are off the form:
786 * type [:dn] [:rule] := value
787 * or [:dn]:rule := value
789 ftype = LDAP_FILTER_EXT;
793 char *dn = strchr( str, ':' );
797 if(! ldap_is_attr_desc( str ) ) goto done;
801 rule = strchr( dn, ':' );
805 if ( strcmp(dn, "dn") == 0 ) {
806 /* must have attribute */
807 if( !ldap_is_attr_desc( str ) ) {
822 if ( strcmp(dn, "dn") != 0 ) {
830 if ( *str == '\0' && ( !rule || *rule == '\0' ) ) {
831 /* must have either type or rule */
835 if ( *str != '\0' && !ldap_is_attr_desc( str ) ) {
839 if ( rule && *rule != '\0' && !ldap_is_attr_oid( rule ) ) {
843 rc = ber_printf( ber, "t{" /*}*/, ftype );
845 if( rc != -1 && rule && *rule != '\0' ) {
846 rc = ber_printf( ber, "ts", LDAP_FILTER_EXT_OID, rule );
848 if( rc != -1 && *str != '\0' ) {
849 rc = ber_printf( ber, "ts", LDAP_FILTER_EXT_TYPE, str );
853 ber_slen_t len = ldap_pvt_filter_value_unescape( value );
856 rc = ber_printf( ber, "totbN}",
857 LDAP_FILTER_EXT_VALUE, value, len,
858 LDAP_FILTER_EXT_DNATTRS, dn != NULL);
867 if ( ldap_pvt_find_wildcard( value ) == NULL ) {
868 ftype = LDAP_FILTER_EQUALITY;
869 } else if ( strcmp( value, "*" ) == 0 ) {
870 ftype = LDAP_FILTER_PRESENT;
872 rc = put_substring_filter( ber, str, value );
878 if ( ftype == LDAP_FILTER_PRESENT ) {
879 rc = ber_printf( ber, "ts", ftype, str );
882 ber_slen_t len = ldap_pvt_filter_value_unescape( value );
885 rc = ber_printf( ber, "t{soN}",
886 ftype, str, value, len );
890 if( rc != -1 ) rc = 0;
898 put_substring_filter( BerElement *ber, char *type, char *val )
900 char *nextstar, gotstar = 0;
901 ber_tag_t ftype = LDAP_FILTER_SUBSTRINGS;
903 Debug( LDAP_DEBUG_TRACE, "put_substring_filter \"%s=%s\"\n", type,
906 if ( ber_printf( ber, "t{s{", ftype, type ) == -1 )
909 for( ; val != NULL; val=nextstar ) {
910 if ( (nextstar = ldap_pvt_find_wildcard( val )) != NULL )
913 if ( gotstar == 0 ) {
914 ftype = LDAP_SUBSTRING_INITIAL;
915 } else if ( nextstar == NULL ) {
916 ftype = LDAP_SUBSTRING_FINAL;
918 ftype = LDAP_SUBSTRING_ANY;
921 if ( *val != '\0' ) {
922 ber_slen_t len = ldap_pvt_filter_value_unescape( val );
928 if ( ber_printf( ber, "to", ftype, val, len ) == -1 ) {
936 if ( ber_printf( ber, /* {{ */ "N}N}" ) == -1 )
944 LDAP *ld, LDAP_CONST char *base, int scope,
945 LDAP_CONST char *filter, char **attrs,
946 int attrsonly, struct timeval *timeout, LDAPMessage **res )
950 if ( (msgid = ldap_search( ld, base, scope, filter, attrs, attrsonly ))
952 return( ld->ld_errno );
954 if ( ldap_result( ld, msgid, 1, timeout, res ) == -1 )
955 return( ld->ld_errno );
957 if ( ld->ld_errno == LDAP_TIMEOUT ) {
958 (void) ldap_abandon( ld, msgid );
959 ld->ld_errno = LDAP_TIMEOUT;
960 return( ld->ld_errno );
963 return( ldap_result2error( ld, *res, 0 ) );
969 LDAP_CONST char *base,
971 LDAP_CONST char *filter,
978 if ( (msgid = ldap_search( ld, base, scope, filter, attrs, attrsonly ))
980 return( ld->ld_errno );
982 if ( ldap_result( ld, msgid, 1, (struct timeval *) NULL, res ) == -1 )
983 return( ld->ld_errno );
985 return( ldap_result2error( ld, *res, 0 ) );