2 * Copyright 1998-1999 The OpenLDAP Foundation, All Rights Reserved.
3 * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
6 * Copyright (c) 1990 Regents of the University of Michigan.
16 #include <ac/stdlib.h>
19 #include <ac/socket.h>
20 #include <ac/string.h>
25 static int ldap_is_attr_oid LDAP_P((
28 static int ldap_is_attr_desc LDAP_P((
31 static int hex2value LDAP_P((
34 static char *find_right_paren LDAP_P((
37 static char *put_complex_filter LDAP_P((
43 static int put_filter LDAP_P((
47 static int put_simple_filter LDAP_P((
51 static int put_substring_filter LDAP_P((
56 static int put_filter_list LDAP_P((
61 * ldap_search_ext - initiate an ldap search operation.
66 * base DN of the base object
67 * scope the search scope - one of LDAP_SCOPE_BASE,
68 * LDAP_SCOPE_ONELEVEL, LDAP_SCOPE_SUBTREE
69 * filter a string containing the search filter
70 * (e.g., "(|(cn=bob)(sn=bob))")
71 * attrs list of attribute types to return for matches
72 * attrsonly 1 => attributes only 0 => attributes and values
75 * char *attrs[] = { "mail", "title", 0 };
76 * ldap_search_ext( ld, "c=us,o=UM", LDAP_SCOPE_SUBTREE, "cn~=bob",
77 * attrs, attrsonly, sctrls, ctrls, timeout, sizelimit,
83 LDAP_CONST char *base,
85 LDAP_CONST char *filter,
90 struct timeval *timeout,
97 Debug( LDAP_DEBUG_TRACE, "ldap_search_ext\n", 0, 0, 0 );
100 * if timeout is provided, use only tv_sec as timelimit.
101 * otherwise, use default.
103 timelimit = (timeout != NULL)
107 ber = ldap_build_search_req( ld, base, scope, filter, attrs,
108 attrsonly, sctrls, cctrls, timelimit, sizelimit );
115 if ( ld->ld_cache != NULL ) {
116 if ( ldap_check_cache( ld, LDAP_REQ_SEARCH, ber ) == 0 ) {
118 ld->ld_errno = LDAP_SUCCESS;
119 *msgidp = ld->ld_msgid;
122 ldap_add_request_to_cache( ld, LDAP_REQ_SEARCH, ber );
124 #endif /* LDAP_NOCACHE */
126 /* send the message */
127 *msgidp = ldap_send_initial_request( ld, LDAP_REQ_SEARCH, base, ber );
138 LDAP_CONST char *base,
140 LDAP_CONST char *filter,
143 LDAPControl **sctrls,
144 LDAPControl **cctrls,
145 struct timeval *timeout,
152 rc = ldap_search_ext( ld, base, scope, filter, attrs, attrsonly,
153 sctrls, cctrls, timeout, sizelimit, &msgid );
155 if ( rc != LDAP_SUCCESS ) {
159 if ( ldap_result( ld, msgid, 1, timeout, res ) == -1 )
160 return( ld->ld_errno );
162 return( ldap_result2error( ld, *res, 0 ) );
166 * ldap_search - initiate an ldap search operation.
171 * base DN of the base object
172 * scope the search scope - one of LDAP_SCOPE_BASE,
173 * LDAP_SCOPE_ONELEVEL, LDAP_SCOPE_SUBTREE
174 * filter a string containing the search filter
175 * (e.g., "(|(cn=bob)(sn=bob))")
176 * attrs list of attribute types to return for matches
177 * attrsonly 1 => attributes only 0 => attributes and values
180 * char *attrs[] = { "mail", "title", 0 };
181 * msgid = ldap_search( ld, "c=us@o=UM", LDAP_SCOPE_SUBTREE, "cn~=bob",
182 * attrs, attrsonly );
186 LDAP *ld, LDAP_CONST char *base, int scope, LDAP_CONST char *filter,
187 char **attrs, int attrsonly )
191 Debug( LDAP_DEBUG_TRACE, "ldap_search\n", 0, 0, 0 );
193 ber = ldap_build_search_req( ld, base, scope, filter, attrs,
194 attrsonly, NULL, NULL, -1, -1 );
201 if ( ld->ld_cache != NULL ) {
202 if ( ldap_check_cache( ld, LDAP_REQ_SEARCH, ber ) == 0 ) {
204 ld->ld_errno = LDAP_SUCCESS;
205 return( ld->ld_msgid );
207 ldap_add_request_to_cache( ld, LDAP_REQ_SEARCH, ber );
209 #endif /* LDAP_NOCACHE */
211 /* send the message */
212 return ( ldap_send_initial_request( ld, LDAP_REQ_SEARCH, base, ber ));
217 ldap_build_search_req(
219 LDAP_CONST char *base,
221 LDAP_CONST char *filter_in,
224 LDAPControl **sctrls,
225 LDAPControl **cctrls,
227 ber_int_t sizelimit )
234 * Create the search request. It looks like this:
235 * SearchRequest := [APPLICATION 3] SEQUENCE {
236 * baseObject DistinguishedName,
242 * derefAliases ENUMERATED {
243 * neverDerefaliases (0),
244 * derefInSearching (1),
245 * derefFindingBaseObj (2),
246 * alwaysDerefAliases (3)
248 * sizelimit INTEGER (0 .. 65535),
249 * timelimit INTEGER (0 .. 65535),
252 * attributes SEQUENCE OF AttributeType
254 * wrapped in an ldap message.
257 /* create a message to send */
258 if ( (ber = ldap_alloc_ber_with_options( ld )) == NULL ) {
262 if ( base == NULL ) {
263 /* no base provided, use session default base */
264 base = ld->ld_options.ldo_defbase;
266 if ( base == NULL ) {
267 /* no session default base, use top */
272 #ifdef LDAP_CONNECTIONLESS
273 if ( ld->ld_cldapnaddr > 0 ) {
274 err = ber_printf( ber, "{ist{seeiib", ++ld->ld_msgid,
275 ld->ld_cldapdn, LDAP_REQ_SEARCH, base, scope, ld->ld_deref,
276 (sizelimit < 0) ? ld->ld_sizelimit : sizelimit,
277 (timelimit < 0) ? ld->ld_timelimit : timelimit,
280 #endif /* LDAP_CONNECTIONLESS */
281 err = ber_printf( ber, "{it{seeiib", ++ld->ld_msgid,
282 LDAP_REQ_SEARCH, base, (ber_int_t) scope, ld->ld_deref,
283 (sizelimit < 0) ? ld->ld_sizelimit : sizelimit,
284 (timelimit < 0) ? ld->ld_timelimit : timelimit,
286 #ifdef LDAP_CONNECTIONLESS
288 #endif /* LDAP_CONNECTIONLESS */
291 ld->ld_errno = LDAP_ENCODING_ERROR;
296 filter = LDAP_STRDUP( filter_in );
297 err = put_filter( ber, filter );
301 ld->ld_errno = LDAP_FILTER_ERROR;
306 if ( ber_printf( ber, /*{*/ "{v}}", attrs ) == -1 ) {
307 ld->ld_errno = LDAP_ENCODING_ERROR;
312 /* Put Server Controls */
313 if( ldap_int_put_controls( ld, sctrls, ber ) != LDAP_SUCCESS ) {
318 if ( ber_printf( ber, /*{*/ "}", attrs ) == -1 ) {
319 ld->ld_errno = LDAP_ENCODING_ERROR;
327 static int ldap_is_attr_oid ( const char *attr )
331 for( i=0 ; c = attr[i] ; i++ ) {
332 if( c >= '0' && c <= '9' ) {
335 } else if ( c != '.' ) {
336 /* not digit nor '.' */
339 } else if ( !digit ) {
340 /* '.' but prev not digit */
353 static int ldap_is_attr_desc ( const char *attr )
355 /* cheap attribute description check */
358 for( i=0; c = attr[i]; i++ ) {
359 if (( c >= '0' && c <= '9' )
360 || ( c >= 'A' && c <= 'Z' )
361 || ( c >= 'a' && c <= 'z' )
362 || ( c == '.' || c == '-' )
363 || ( c == ';' )) continue;
372 find_right_paren( char *s )
378 while ( *s && balance ) {
382 else if ( *s == ')' )
385 if ( *s == '\\' && ! escape )
393 return( *s ? s : NULL );
396 static int hex2value( int c )
398 if( c >= '0' && c <= '9' ) {
402 if( c >= 'A' && c <= 'F' ) {
403 return c + (10 - (int) 'A');
406 if( c >= 'a' && c <= 'f' ) {
407 return c + (10 - (int) 'a');
414 ldap_pvt_find_wildcard( char *s )
416 for( ; *s != '\0' ; s++ ) {
418 case '*': /* found wildcard */
422 s++; /* skip over escape */
424 return NULL; /* escape at end of string */
431 /* unescape filter value */
432 /* support both LDAP v2 and v3 escapes */
433 /* output can include nul characters */
435 ldap_pvt_filter_value_unescape( char *fval )
440 for( r=v=0; fval[v] != '\0'; v++ ) {
446 if ( fval[v] == '\0' ) {
447 /* escape at end of string */
452 if (( v1 = hex2value( fval[v] )) >= 0 ) {
455 if (( v2 = hex2value( fval[v+1] )) < 0 ) {
456 /* must be two digit code */
460 fval[r++] = v1 * 16 + v2;
480 put_complex_filter( BerElement *ber, char *str, ber_tag_t tag, int not )
485 * We have (x(filter)...) with str sitting on
486 * the x. We have to find the paren matching
487 * the one before the x and put the intervening
488 * filters by calling put_filter_list().
491 /* put explicit tag */
492 if ( ber_printf( ber, "t{" /*}*/, tag ) == -1 )
496 if ( (next = find_right_paren( str )) == NULL )
500 if ( put_filter_list( ber, str ) == -1 )
504 /* flush explicit tagged thang */
505 if ( ber_printf( ber, /*{*/ "}" ) == -1 )
512 put_filter( BerElement *ber, char *str )
515 int parens, balance, escape;
518 * A Filter looks like this:
519 * Filter ::= CHOICE {
520 * and [0] SET OF Filter,
521 * or [1] SET OF Filter,
523 * equalityMatch [3] AttributeValueAssertion,
524 * substrings [4] SubstringFilter,
525 * greaterOrEqual [5] AttributeValueAssertion,
526 * lessOrEqual [6] AttributeValueAssertion,
527 * present [7] AttributeType,
528 * approxMatch [8] AttributeValueAssertion,
529 * extensibleMatch [9] MatchingRuleAssertion -- LDAPv3
532 * SubstringFilter ::= SEQUENCE {
533 * type AttributeType,
534 * SEQUENCE OF CHOICE {
535 * initial [0] IA5String,
537 * final [2] IA5String
541 * MatchingRuleAssertion ::= SEQUENCE { -- LDAPv3
542 * matchingRule [1] MatchingRuleId OPTIONAL,
543 * type [2] AttributeDescription OPTIONAL,
544 * matchValue [3] AssertionValue,
545 * dnAttributes [4] BOOLEAN DEFAULT FALSE }
547 * Note: tags in a choice are always explicit
550 Debug( LDAP_DEBUG_TRACE, "put_filter \"%s\"\n", str, 0, 0 );
560 Debug( LDAP_DEBUG_TRACE, "put_filter: AND\n",
563 if ( (str = put_complex_filter( ber, str,
564 LDAP_FILTER_AND, 0 )) == NULL )
571 Debug( LDAP_DEBUG_TRACE, "put_filter: OR\n",
574 if ( (str = put_complex_filter( ber, str,
575 LDAP_FILTER_OR, 0 )) == NULL )
582 Debug( LDAP_DEBUG_TRACE, "put_filter: NOT\n",
585 if ( (str = put_complex_filter( ber, str,
586 LDAP_FILTER_NOT, 1 )) == NULL )
593 Debug( LDAP_DEBUG_TRACE, "put_filter: simple\n",
599 while ( *next && balance ) {
603 else if ( *next == ')' )
606 if ( *next == '\\' && ! escape )
617 if ( put_simple_filter( ber, str ) == -1 ) {
628 Debug( LDAP_DEBUG_TRACE, "put_filter: end\n", 0, 0,
630 if ( ber_printf( ber, /*[*/ "]" ) == -1 )
640 default: /* assume it's a simple type=value filter */
641 Debug( LDAP_DEBUG_TRACE, "put_filter: default\n", 0, 0,
643 next = strchr( str, '\0' );
644 if ( put_simple_filter( ber, str ) == -1 ) {
652 return( parens ? -1 : 0 );
656 * Put a list of filters like this "(filter1)(filter2)..."
660 put_filter_list( BerElement *ber, char *str )
665 Debug( LDAP_DEBUG_TRACE, "put_filter_list \"%s\"\n", str, 0, 0 );
668 while ( *str && isspace( (unsigned char) *str ) )
673 if ( (next = find_right_paren( str + 1 )) == NULL )
677 /* now we have "(filter)" with str pointing to it */
679 if ( put_filter( ber, str ) == -1 )
699 Debug( LDAP_DEBUG_TRACE, "put_simple_filter \"%s\"\n", str, 0, 0 );
701 str = LDAP_STRDUP( str );
702 if( str == NULL ) return -1;
704 if ( (s = strchr( str, '=' )) == NULL ) {
713 ftype = LDAP_FILTER_LE;
715 if(! ldap_is_attr_desc( str ) ) goto done;
719 ftype = LDAP_FILTER_GE;
721 if(! ldap_is_attr_desc( str ) ) goto done;
725 ftype = LDAP_FILTER_APPROX;
727 if(! ldap_is_attr_desc( str ) ) goto done;
731 /* RFC2254 extensible filters are off the form:
732 * type [:dn] [:rule] := value
733 * or [:dn]:rule := value
735 ftype = LDAP_FILTER_EXT;
739 char *dn = strchr( str, ':' );
743 if(! ldap_is_attr_desc( str ) ) goto done;
748 rule = strchr( dn, ':' );
752 if ( strcmp(dn, "dn") == 0 ) {
753 /* must have attribute */
754 if( !ldap_is_attr_desc( str ) ) {
769 if ( strcmp(dn, "dn") != 0 ) {
775 if ( *str == '\0' && *rule == '\0' ) {
776 /* must have either type or rule */
780 if ( *str != '\0' && !ldap_is_attr_desc( str ) ) {
784 if ( *rule != '\0' && !ldap_is_attr_oid( rule ) ) {
788 rc = ber_printf( ber, "t{" /*}*/, ftype );
790 if( rc != -1 && *rule != '\0' ) {
791 rc = ber_printf( ber, "ts", LDAP_FILTER_EXT_OID, rule );
793 if( rc != -1 && *str != '\0' ) {
794 rc = ber_printf( ber, "ts", LDAP_FILTER_EXT_TYPE, str );
798 ber_slen_t len = ldap_pvt_filter_value_unescape( value );
801 rc = ber_printf( ber, "totb}",
802 LDAP_FILTER_EXT_VALUE, value, len,
803 LDAP_FILTER_EXT_DNATTRS, dn != NULL);
812 if ( ldap_pvt_find_wildcard( value ) == NULL ) {
813 ftype = LDAP_FILTER_EQUALITY;
814 } else if ( strcmp( value, "*" ) == 0 ) {
815 ftype = LDAP_FILTER_PRESENT;
817 rc = put_substring_filter( ber, str, value );
823 if ( ftype == LDAP_FILTER_PRESENT ) {
824 rc = ber_printf( ber, "ts", ftype, str );
827 ber_slen_t len = ldap_pvt_filter_value_unescape( value );
830 rc = ber_printf( ber, "t{so}",
831 ftype, str, value, len );
835 if( rc != -1 ) rc = 0;
843 put_substring_filter( BerElement *ber, char *type, char *val )
845 char *nextstar, gotstar = 0;
846 ber_tag_t ftype = LDAP_FILTER_SUBSTRINGS;
848 Debug( LDAP_DEBUG_TRACE, "put_substring_filter \"%s=%s\"\n", type,
851 if ( ber_printf( ber, "t{s{", ftype, type ) == -1 )
854 for( ; val != NULL; val=nextstar ) {
855 if ( (nextstar = ldap_pvt_find_wildcard( val )) != NULL )
858 if ( gotstar == 0 ) {
859 ftype = LDAP_SUBSTRING_INITIAL;
860 } else if ( nextstar == NULL ) {
861 ftype = LDAP_SUBSTRING_FINAL;
863 ftype = LDAP_SUBSTRING_ANY;
866 if ( *val != '\0' ) {
867 ber_slen_t len = ldap_pvt_filter_value_unescape( val );
873 if ( ber_printf( ber, "to", ftype, val, len ) == -1 ) {
881 if ( ber_printf( ber, /* {{ */ "}}" ) == -1 )
889 LDAP *ld, LDAP_CONST char *base, int scope,
890 LDAP_CONST char *filter, char **attrs,
891 int attrsonly, struct timeval *timeout, LDAPMessage **res )
895 if ( (msgid = ldap_search( ld, base, scope, filter, attrs, attrsonly ))
897 return( ld->ld_errno );
899 if ( ldap_result( ld, msgid, 1, timeout, res ) == -1 )
900 return( ld->ld_errno );
902 if ( ld->ld_errno == LDAP_TIMEOUT ) {
903 (void) ldap_abandon( ld, msgid );
904 ld->ld_errno = LDAP_TIMEOUT;
905 return( ld->ld_errno );
908 return( ldap_result2error( ld, *res, 0 ) );
914 LDAP_CONST char *base,
916 LDAP_CONST char *filter,
923 if ( (msgid = ldap_search( ld, base, scope, filter, attrs, attrsonly ))
925 return( ld->ld_errno );
927 if ( ldap_result( ld, msgid, 1, (struct timeval *) NULL, res ) == -1 )
928 return( ld->ld_errno );
930 return( ldap_result2error( ld, *res, 0 ) );