3 * Copyright 1998-2000 The OpenLDAP Foundation, All Rights Reserved.
4 * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
7 * Copyright (c) 1990 Regents of the University of Michigan.
17 #include <ac/stdlib.h>
19 #include <ac/socket.h>
20 #include <ac/string.h>
25 static int ldap_is_attr_oid LDAP_P((
28 static int ldap_is_attr_desc LDAP_P((
31 static int hex2value LDAP_P((
34 static char *find_right_paren LDAP_P((
37 static char *put_complex_filter LDAP_P((
43 static int put_filter LDAP_P((
47 static int put_simple_filter LDAP_P((
51 static int put_substring_filter LDAP_P((
56 static int put_filter_list LDAP_P((
61 * ldap_search_ext - initiate an ldap search operation.
66 * base DN of the base object
67 * scope the search scope - one of LDAP_SCOPE_BASE,
68 * LDAP_SCOPE_ONELEVEL, LDAP_SCOPE_SUBTREE
69 * filter a string containing the search filter
70 * (e.g., "(|(cn=bob)(sn=bob))")
71 * attrs list of attribute types to return for matches
72 * attrsonly 1 => attributes only 0 => attributes and values
75 * char *attrs[] = { "mail", "title", 0 };
76 * ldap_search_ext( ld, "c=us,o=UM", LDAP_SCOPE_SUBTREE, "cn~=bob",
77 * attrs, attrsonly, sctrls, ctrls, timeout, sizelimit,
83 LDAP_CONST char *base,
85 LDAP_CONST char *filter,
90 struct timeval *timeout,
97 Debug( LDAP_DEBUG_TRACE, "ldap_search_ext\n", 0, 0, 0 );
100 * if timeout is provided, both tv_sec and tv_usec must
103 if( timeout != NULL ) {
104 if( timeout->tv_sec == 0 && timeout->tv_usec == 0 ) {
105 return LDAP_PARAM_ERROR;
108 /* timelimit must be non-zero if timeout is provided */
109 timelimit = timeout->tv_sec != 0 ? timeout->tv_sec : 1;
112 /* no timeout, no timelimit */
116 ber = ldap_build_search_req( ld, base, scope, filter, attrs,
117 attrsonly, sctrls, cctrls, timelimit, sizelimit );
124 if ( ld->ld_cache != NULL ) {
125 if ( ldap_check_cache( ld, LDAP_REQ_SEARCH, ber ) == 0 ) {
127 ld->ld_errno = LDAP_SUCCESS;
128 *msgidp = ld->ld_msgid;
131 ldap_add_request_to_cache( ld, LDAP_REQ_SEARCH, ber );
133 #endif /* LDAP_NOCACHE */
135 /* send the message */
136 *msgidp = ldap_send_initial_request( ld, LDAP_REQ_SEARCH, base, ber );
147 LDAP_CONST char *base,
149 LDAP_CONST char *filter,
152 LDAPControl **sctrls,
153 LDAPControl **cctrls,
154 struct timeval *timeout,
161 rc = ldap_search_ext( ld, base, scope, filter, attrs, attrsonly,
162 sctrls, cctrls, timeout, sizelimit, &msgid );
164 if ( rc != LDAP_SUCCESS ) {
168 rc = ldap_result( ld, msgid, 1, timeout, res );
171 /* error(-1) or timeout(0) */
172 return( ld->ld_errno );
175 if( rc == LDAP_RES_SEARCH_REFERENCE || rc == LDAP_RES_EXTENDED_PARTIAL ) {
176 return( ld->ld_errno );
179 return( ldap_result2error( ld, *res, 0 ) );
183 * ldap_search - initiate an ldap search operation.
188 * base DN of the base object
189 * scope the search scope - one of LDAP_SCOPE_BASE,
190 * LDAP_SCOPE_ONELEVEL, LDAP_SCOPE_SUBTREE
191 * filter a string containing the search filter
192 * (e.g., "(|(cn=bob)(sn=bob))")
193 * attrs list of attribute types to return for matches
194 * attrsonly 1 => attributes only 0 => attributes and values
197 * char *attrs[] = { "mail", "title", 0 };
198 * msgid = ldap_search( ld, "c=us@o=UM", LDAP_SCOPE_SUBTREE, "cn~=bob",
199 * attrs, attrsonly );
203 LDAP *ld, LDAP_CONST char *base, int scope, LDAP_CONST char *filter,
204 char **attrs, int attrsonly )
208 Debug( LDAP_DEBUG_TRACE, "ldap_search\n", 0, 0, 0 );
210 ber = ldap_build_search_req( ld, base, scope, filter, attrs,
211 attrsonly, NULL, NULL, -1, -1 );
218 if ( ld->ld_cache != NULL ) {
219 if ( ldap_check_cache( ld, LDAP_REQ_SEARCH, ber ) == 0 ) {
221 ld->ld_errno = LDAP_SUCCESS;
222 return( ld->ld_msgid );
224 ldap_add_request_to_cache( ld, LDAP_REQ_SEARCH, ber );
226 #endif /* LDAP_NOCACHE */
228 /* send the message */
229 return ( ldap_send_initial_request( ld, LDAP_REQ_SEARCH, base, ber ));
234 ldap_build_search_req(
236 LDAP_CONST char *base,
238 LDAP_CONST char *filter_in,
241 LDAPControl **sctrls,
242 LDAPControl **cctrls,
244 ber_int_t sizelimit )
251 * Create the search request. It looks like this:
252 * SearchRequest := [APPLICATION 3] SEQUENCE {
253 * baseObject DistinguishedName,
259 * derefAliases ENUMERATED {
260 * neverDerefaliases (0),
261 * derefInSearching (1),
262 * derefFindingBaseObj (2),
263 * alwaysDerefAliases (3)
265 * sizelimit INTEGER (0 .. 65535),
266 * timelimit INTEGER (0 .. 65535),
269 * attributes SEQUENCE OF AttributeType
271 * wrapped in an ldap message.
274 /* create a message to send */
275 if ( (ber = ldap_alloc_ber_with_options( ld )) == NULL ) {
279 if ( base == NULL ) {
280 /* no base provided, use session default base */
281 base = ld->ld_options.ldo_defbase;
283 if ( base == NULL ) {
284 /* no session default base, use top */
289 #ifdef LDAP_CONNECTIONLESS
290 if ( ld->ld_cldapnaddr > 0 ) {
291 err = ber_printf( ber, "{ist{seeiib", ++ld->ld_msgid,
292 ld->ld_cldapdn, LDAP_REQ_SEARCH, base, scope, ld->ld_deref,
293 (sizelimit < 0) ? ld->ld_sizelimit : sizelimit,
294 (timelimit < 0) ? ld->ld_timelimit : timelimit,
297 #endif /* LDAP_CONNECTIONLESS */
298 err = ber_printf( ber, "{it{seeiib", ++ld->ld_msgid,
299 LDAP_REQ_SEARCH, base, (ber_int_t) scope, ld->ld_deref,
300 (sizelimit < 0) ? ld->ld_sizelimit : sizelimit,
301 (timelimit < 0) ? ld->ld_timelimit : timelimit,
303 #ifdef LDAP_CONNECTIONLESS
305 #endif /* LDAP_CONNECTIONLESS */
308 ld->ld_errno = LDAP_ENCODING_ERROR;
313 if( filter_in != NULL ) {
314 filter = LDAP_STRDUP( filter_in );
316 filter = LDAP_STRDUP( "(objectclass=*)" );
318 err = put_filter( ber, filter );
322 ld->ld_errno = LDAP_FILTER_ERROR;
327 if ( ber_printf( ber, /*{*/ "{v}N}", attrs ) == -1 ) {
328 ld->ld_errno = LDAP_ENCODING_ERROR;
333 /* Put Server Controls */
334 if( ldap_int_put_controls( ld, sctrls, ber ) != LDAP_SUCCESS ) {
339 if ( ber_printf( ber, /*{*/ "N}" ) == -1 ) {
340 ld->ld_errno = LDAP_ENCODING_ERROR;
348 static int ldap_is_attr_oid ( const char *attr )
352 for( i = 0; (c = attr[i]) != 0; i++ ) {
353 if( c >= '0' && c <= '9' ) {
356 } else if ( c != '.' ) {
357 /* not digit nor '.' */
360 } else if ( !digit ) {
361 /* '.' but prev not digit */
373 static int ldap_is_attr_desc ( const char *attr )
375 /* cheap attribute description check */
378 for( i = 0; (c = attr[i]) != 0; i++ ) {
379 if (( c >= '0' && c <= '9' )
380 || ( c >= 'A' && c <= 'Z' )
381 || ( c >= 'a' && c <= 'z' )
382 || ( c == '.' || c == '-' )
383 || ( c == ';' )) continue;
392 find_right_paren( char *s )
398 while ( *s && balance ) {
402 else if ( *s == ')' )
405 if ( *s == '\\' && ! escape )
413 return( *s ? s : NULL );
416 static int hex2value( int c )
418 if( c >= '0' && c <= '9' ) {
422 if( c >= 'A' && c <= 'F' ) {
423 return c + (10 - (int) 'A');
426 if( c >= 'a' && c <= 'f' ) {
427 return c + (10 - (int) 'a');
434 ldap_pvt_find_wildcard( const char *s )
436 for( ; *s != '\0' ; s++ ) {
438 case '*': /* found wildcard */
442 s++; /* skip over escape */
444 return NULL; /* escape at end of string */
451 /* unescape filter value */
452 /* support both LDAP v2 and v3 escapes */
453 /* output can include nul characters */
455 ldap_pvt_filter_value_unescape( char *fval )
460 for( r=v=0; fval[v] != '\0'; v++ ) {
466 if ( fval[v] == '\0' ) {
467 /* escape at end of string */
472 if (( v1 = hex2value( fval[v] )) >= 0 ) {
475 if (( v2 = hex2value( fval[v+1] )) < 0 ) {
476 /* must be two digit code */
480 fval[r++] = v1 * 16 + v2;
500 put_complex_filter( BerElement *ber, char *str, ber_tag_t tag, int not )
505 * We have (x(filter)...) with str sitting on
506 * the x. We have to find the paren matching
507 * the one before the x and put the intervening
508 * filters by calling put_filter_list().
511 /* put explicit tag */
512 if ( ber_printf( ber, "t{" /*}*/, tag ) == -1 )
516 if ( (next = find_right_paren( str )) == NULL )
520 if ( put_filter_list( ber, str ) == -1 )
524 /* flush explicit tagged thang */
525 if ( ber_printf( ber, /*{*/ "N}" ) == -1 )
532 put_filter( BerElement *ber, char *str )
535 int parens, balance, escape;
538 * A Filter looks like this:
539 * Filter ::= CHOICE {
540 * and [0] SET OF Filter,
541 * or [1] SET OF Filter,
543 * equalityMatch [3] AttributeValueAssertion,
544 * substrings [4] SubstringFilter,
545 * greaterOrEqual [5] AttributeValueAssertion,
546 * lessOrEqual [6] AttributeValueAssertion,
547 * present [7] AttributeType,
548 * approxMatch [8] AttributeValueAssertion,
549 * extensibleMatch [9] MatchingRuleAssertion -- LDAPv3
552 * SubstringFilter ::= SEQUENCE {
553 * type AttributeType,
554 * SEQUENCE OF CHOICE {
555 * initial [0] IA5String,
557 * final [2] IA5String
561 * MatchingRuleAssertion ::= SEQUENCE { -- LDAPv3
562 * matchingRule [1] MatchingRuleId OPTIONAL,
563 * type [2] AttributeDescription OPTIONAL,
564 * matchValue [3] AssertionValue,
565 * dnAttributes [4] BOOLEAN DEFAULT FALSE }
567 * Note: tags in a choice are always explicit
570 Debug( LDAP_DEBUG_TRACE, "put_filter \"%s\"\n", str, 0, 0 );
580 while( LDAP_SPACE( *str ) ) str++;
584 Debug( LDAP_DEBUG_TRACE, "put_filter: AND\n",
587 if ( (str = put_complex_filter( ber, str,
588 LDAP_FILTER_AND, 0 )) == NULL )
595 Debug( LDAP_DEBUG_TRACE, "put_filter: OR\n",
598 if ( (str = put_complex_filter( ber, str,
599 LDAP_FILTER_OR, 0 )) == NULL )
606 Debug( LDAP_DEBUG_TRACE, "put_filter: NOT\n",
609 if ( (str = put_complex_filter( ber, str,
610 LDAP_FILTER_NOT, 1 )) == NULL )
617 Debug( LDAP_DEBUG_TRACE, "put_filter: simple\n",
623 while ( *next && balance ) {
627 else if ( *next == ')' )
630 if ( *next == '\\' && ! escape )
641 if ( put_simple_filter( ber, str ) == -1 ) {
652 Debug( LDAP_DEBUG_TRACE, "put_filter: end\n", 0, 0,
654 if ( ber_printf( ber, /*[*/ "]" ) == -1 )
664 default: /* assume it's a simple type=value filter */
665 Debug( LDAP_DEBUG_TRACE, "put_filter: default\n", 0, 0,
667 next = strchr( str, '\0' );
668 if ( put_simple_filter( ber, str ) == -1 ) {
676 return( parens ? -1 : 0 );
680 * Put a list of filters like this "(filter1)(filter2)..."
684 put_filter_list( BerElement *ber, char *str )
689 Debug( LDAP_DEBUG_TRACE, "put_filter_list \"%s\"\n", str, 0, 0 );
692 while ( *str && LDAP_SPACE( (unsigned char) *str ) )
697 if ( (next = find_right_paren( str + 1 )) == NULL )
701 /* now we have "(filter)" with str pointing to it */
703 if ( put_filter( ber, str ) == -1 )
723 Debug( LDAP_DEBUG_TRACE, "put_simple_filter \"%s\"\n", str, 0, 0 );
725 str = LDAP_STRDUP( str );
726 if( str == NULL ) return -1;
728 if ( (s = strchr( str, '=' )) == NULL ) {
737 ftype = LDAP_FILTER_LE;
739 if(! ldap_is_attr_desc( str ) ) goto done;
743 ftype = LDAP_FILTER_GE;
745 if(! ldap_is_attr_desc( str ) ) goto done;
749 ftype = LDAP_FILTER_APPROX;
751 if(! ldap_is_attr_desc( str ) ) goto done;
755 /* RFC2254 extensible filters are off the form:
756 * type [:dn] [:rule] := value
757 * or [:dn]:rule := value
759 ftype = LDAP_FILTER_EXT;
763 char *dn = strchr( str, ':' );
767 if(! ldap_is_attr_desc( str ) ) goto done;
772 rule = strchr( dn, ':' );
776 if ( strcmp(dn, "dn") == 0 ) {
777 /* must have attribute */
778 if( !ldap_is_attr_desc( str ) ) {
793 if ( strcmp(dn, "dn") != 0 ) {
799 if ( *str == '\0' && *rule == '\0' ) {
800 /* must have either type or rule */
804 if ( *str != '\0' && !ldap_is_attr_desc( str ) ) {
808 if ( *rule != '\0' && !ldap_is_attr_oid( rule ) ) {
812 rc = ber_printf( ber, "t{" /*}*/, ftype );
814 if( rc != -1 && *rule != '\0' ) {
815 rc = ber_printf( ber, "ts", LDAP_FILTER_EXT_OID, rule );
817 if( rc != -1 && *str != '\0' ) {
818 rc = ber_printf( ber, "ts", LDAP_FILTER_EXT_TYPE, str );
822 ber_slen_t len = ldap_pvt_filter_value_unescape( value );
825 rc = ber_printf( ber, "totbN}",
826 LDAP_FILTER_EXT_VALUE, value, len,
827 LDAP_FILTER_EXT_DNATTRS, dn != NULL);
836 if ( ldap_pvt_find_wildcard( value ) == NULL ) {
837 ftype = LDAP_FILTER_EQUALITY;
838 } else if ( strcmp( value, "*" ) == 0 ) {
839 ftype = LDAP_FILTER_PRESENT;
841 rc = put_substring_filter( ber, str, value );
847 if ( ftype == LDAP_FILTER_PRESENT ) {
848 rc = ber_printf( ber, "ts", ftype, str );
851 ber_slen_t len = ldap_pvt_filter_value_unescape( value );
854 rc = ber_printf( ber, "t{soN}",
855 ftype, str, value, len );
859 if( rc != -1 ) rc = 0;
867 put_substring_filter( BerElement *ber, char *type, char *val )
869 char *nextstar, gotstar = 0;
870 ber_tag_t ftype = LDAP_FILTER_SUBSTRINGS;
872 Debug( LDAP_DEBUG_TRACE, "put_substring_filter \"%s=%s\"\n", type,
875 if ( ber_printf( ber, "t{s{", ftype, type ) == -1 )
878 for( ; val != NULL; val=nextstar ) {
879 if ( (nextstar = ldap_pvt_find_wildcard( val )) != NULL )
882 if ( gotstar == 0 ) {
883 ftype = LDAP_SUBSTRING_INITIAL;
884 } else if ( nextstar == NULL ) {
885 ftype = LDAP_SUBSTRING_FINAL;
887 ftype = LDAP_SUBSTRING_ANY;
890 if ( *val != '\0' ) {
891 ber_slen_t len = ldap_pvt_filter_value_unescape( val );
897 if ( ber_printf( ber, "to", ftype, val, len ) == -1 ) {
905 if ( ber_printf( ber, /* {{ */ "N}N}" ) == -1 )
913 LDAP *ld, LDAP_CONST char *base, int scope,
914 LDAP_CONST char *filter, char **attrs,
915 int attrsonly, struct timeval *timeout, LDAPMessage **res )
919 if ( (msgid = ldap_search( ld, base, scope, filter, attrs, attrsonly ))
921 return( ld->ld_errno );
923 if ( ldap_result( ld, msgid, 1, timeout, res ) == -1 )
924 return( ld->ld_errno );
926 if ( ld->ld_errno == LDAP_TIMEOUT ) {
927 (void) ldap_abandon( ld, msgid );
928 ld->ld_errno = LDAP_TIMEOUT;
929 return( ld->ld_errno );
932 return( ldap_result2error( ld, *res, 0 ) );
938 LDAP_CONST char *base,
940 LDAP_CONST char *filter,
947 if ( (msgid = ldap_search( ld, base, scope, filter, attrs, attrsonly ))
949 return( ld->ld_errno );
951 if ( ldap_result( ld, msgid, 1, (struct timeval *) NULL, res ) == -1 )
952 return( ld->ld_errno );
954 return( ldap_result2error( ld, *res, 0 ) );