3 * Copyright 1998-2000 The OpenLDAP Foundation, All Rights Reserved.
4 * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
7 * Copyright (c) 1990 Regents of the University of Michigan.
17 #include <ac/stdlib.h>
19 #include <ac/socket.h>
20 #include <ac/string.h>
25 static int ldap_is_attr_oid LDAP_P((
28 static int ldap_is_attr_desc LDAP_P((
31 static int hex2value LDAP_P((
34 static char *find_right_paren LDAP_P((
37 static char *put_complex_filter LDAP_P((
43 int ldap_int_put_filter LDAP_P((
47 #define put_filter(b,s) ldap_int_put_filter((b),(s))
49 static int put_simple_filter LDAP_P((
53 static int put_substring_filter LDAP_P((
58 static int put_filter_list LDAP_P((
64 * ldap_search_ext - initiate an ldap search operation.
69 * base DN of the base object
70 * scope the search scope - one of LDAP_SCOPE_BASE,
71 * LDAP_SCOPE_ONELEVEL, LDAP_SCOPE_SUBTREE
72 * filter a string containing the search filter
73 * (e.g., "(|(cn=bob)(sn=bob))")
74 * attrs list of attribute types to return for matches
75 * attrsonly 1 => attributes only 0 => attributes and values
78 * char *attrs[] = { "mail", "title", 0 };
79 * ldap_search_ext( ld, "dc=example,dc=com", LDAP_SCOPE_SUBTREE, "cn~=bob",
80 * attrs, attrsonly, sctrls, ctrls, timeout, sizelimit,
86 LDAP_CONST char *base,
88 LDAP_CONST char *filter,
93 struct timeval *timeout,
101 Debug( LDAP_DEBUG_TRACE, "ldap_search_ext\n", 0, 0, 0 );
103 assert( ld != NULL );
104 assert( LDAP_VALID( ld ) );
106 /* check client controls */
107 rc = ldap_int_client_controls( ld, cctrls );
108 if( rc != LDAP_SUCCESS ) return rc;
111 * if timeout is provided, both tv_sec and tv_usec must
114 if( timeout != NULL ) {
115 if( timeout->tv_sec == 0 && timeout->tv_usec == 0 ) {
116 return LDAP_PARAM_ERROR;
119 /* timelimit must be non-zero if timeout is provided */
120 timelimit = timeout->tv_sec != 0 ? timeout->tv_sec : 1;
123 /* no timeout, no timelimit */
127 ber = ldap_build_search_req( ld, base, scope, filter, attrs,
128 attrsonly, sctrls, cctrls, timelimit, sizelimit );
135 if ( ld->ld_cache != NULL ) {
136 if ( ldap_check_cache( ld, LDAP_REQ_SEARCH, ber ) == 0 ) {
138 ld->ld_errno = LDAP_SUCCESS;
139 *msgidp = ld->ld_msgid;
142 ldap_add_request_to_cache( ld, LDAP_REQ_SEARCH, ber );
144 #endif /* LDAP_NOCACHE */
146 /* send the message */
147 *msgidp = ldap_send_initial_request( ld, LDAP_REQ_SEARCH, base, ber );
158 LDAP_CONST char *base,
160 LDAP_CONST char *filter,
163 LDAPControl **sctrls,
164 LDAPControl **cctrls,
165 struct timeval *timeout,
172 rc = ldap_search_ext( ld, base, scope, filter, attrs, attrsonly,
173 sctrls, cctrls, timeout, sizelimit, &msgid );
175 if ( rc != LDAP_SUCCESS ) {
179 rc = ldap_result( ld, msgid, 1, timeout, res );
182 /* error(-1) or timeout(0) */
183 return( ld->ld_errno );
186 if( rc == LDAP_RES_SEARCH_REFERENCE || rc == LDAP_RES_EXTENDED_PARTIAL ) {
187 return( ld->ld_errno );
190 return( ldap_result2error( ld, *res, 0 ) );
194 * ldap_search - initiate an ldap search operation.
199 * base DN of the base object
200 * scope the search scope - one of LDAP_SCOPE_BASE,
201 * LDAP_SCOPE_ONELEVEL, LDAP_SCOPE_SUBTREE
202 * filter a string containing the search filter
203 * (e.g., "(|(cn=bob)(sn=bob))")
204 * attrs list of attribute types to return for matches
205 * attrsonly 1 => attributes only 0 => attributes and values
208 * char *attrs[] = { "mail", "title", 0 };
209 * msgid = ldap_search( ld, "dc=example,dc=com", LDAP_SCOPE_SUBTREE, "cn~=bob",
210 * attrs, attrsonly );
214 LDAP *ld, LDAP_CONST char *base, int scope, LDAP_CONST char *filter,
215 char **attrs, int attrsonly )
219 Debug( LDAP_DEBUG_TRACE, "ldap_search\n", 0, 0, 0 );
221 assert( ld != NULL );
222 assert( LDAP_VALID( ld ) );
224 ber = ldap_build_search_req( ld, base, scope, filter, attrs,
225 attrsonly, NULL, NULL, -1, -1 );
232 if ( ld->ld_cache != NULL ) {
233 if ( ldap_check_cache( ld, LDAP_REQ_SEARCH, ber ) == 0 ) {
235 ld->ld_errno = LDAP_SUCCESS;
236 return( ld->ld_msgid );
238 ldap_add_request_to_cache( ld, LDAP_REQ_SEARCH, ber );
240 #endif /* LDAP_NOCACHE */
242 /* send the message */
243 return ( ldap_send_initial_request( ld, LDAP_REQ_SEARCH, base, ber ));
248 ldap_build_search_req(
250 LDAP_CONST char *base,
252 LDAP_CONST char *filter_in,
255 LDAPControl **sctrls,
256 LDAPControl **cctrls,
258 ber_int_t sizelimit )
265 * Create the search request. It looks like this:
266 * SearchRequest := [APPLICATION 3] SEQUENCE {
267 * baseObject DistinguishedName,
273 * derefAliases ENUMERATED {
274 * neverDerefaliases (0),
275 * derefInSearching (1),
276 * derefFindingBaseObj (2),
277 * alwaysDerefAliases (3)
279 * sizelimit INTEGER (0 .. 65535),
280 * timelimit INTEGER (0 .. 65535),
283 * attributes SEQUENCE OF AttributeType
285 * wrapped in an ldap message.
288 /* create a message to send */
289 if ( (ber = ldap_alloc_ber_with_options( ld )) == NULL ) {
293 if ( base == NULL ) {
294 /* no base provided, use session default base */
295 base = ld->ld_options.ldo_defbase;
297 if ( base == NULL ) {
298 /* no session default base, use top */
303 #ifdef LDAP_CONNECTIONLESS
304 if ( LDAP_IS_UDP(ld) ) {
305 err = ber_write( ber, ld->ld_options.ldo_peer,
306 sizeof(struct sockaddr), 0);
308 if ( LDAP_IS_UDP(ld) && ld->ld_options.ldo_version == LDAP_VERSION2) {
309 char *dn = ld->ld_options.ldo_cldapdn;
311 err = ber_printf( ber, "{ist{seeiib", ++ld->ld_msgid, dn,
312 LDAP_REQ_SEARCH, base, (ber_int_t) scope, ld->ld_deref,
313 (sizelimit < 0) ? ld->ld_sizelimit : sizelimit,
314 (timelimit < 0) ? ld->ld_timelimit : timelimit,
319 err = ber_printf( ber, "{it{seeiib", ++ld->ld_msgid,
320 LDAP_REQ_SEARCH, base, (ber_int_t) scope, ld->ld_deref,
321 (sizelimit < 0) ? ld->ld_sizelimit : sizelimit,
322 (timelimit < 0) ? ld->ld_timelimit : timelimit,
327 ld->ld_errno = LDAP_ENCODING_ERROR;
332 if( filter_in != NULL ) {
333 filter = LDAP_STRDUP( filter_in );
335 filter = LDAP_STRDUP( "(objectclass=*)" );
337 err = put_filter( ber, filter );
341 ld->ld_errno = LDAP_FILTER_ERROR;
346 if ( ber_printf( ber, /*{*/ "{v}N}", attrs ) == -1 ) {
347 ld->ld_errno = LDAP_ENCODING_ERROR;
352 /* Put Server Controls */
353 if( ldap_int_put_controls( ld, sctrls, ber ) != LDAP_SUCCESS ) {
358 if ( ber_printf( ber, /*{*/ "N}" ) == -1 ) {
359 ld->ld_errno = LDAP_ENCODING_ERROR;
367 static int ldap_is_attr_oid ( const char *attr )
371 for( i = 0; (c = attr[i]) != 0; i++ ) {
372 if( c >= '0' && c <= '9' ) {
375 } else if ( c != '.' ) {
376 /* not digit nor '.' */
379 } else if ( !digit ) {
380 /* '.' but prev not digit */
392 static int ldap_is_attr_desc ( const char *attr )
394 /* cheap attribute description check */
397 for( i = 0; (c = attr[i]) != 0; i++ ) {
398 if (( c >= '0' && c <= '9' )
399 || ( c >= 'A' && c <= 'Z' )
400 || ( c >= 'a' && c <= 'z' )
401 || ( c == '.' || c == '-' )
402 || ( c == ';' )) continue;
411 find_right_paren( char *s )
417 while ( *s && balance ) {
421 else if ( *s == ')' )
424 if ( *s == '\\' && ! escape )
432 return( *s ? s : NULL );
435 static int hex2value( int c )
437 if( c >= '0' && c <= '9' ) {
441 if( c >= 'A' && c <= 'F' ) {
442 return c + (10 - (int) 'A');
445 if( c >= 'a' && c <= 'f' ) {
446 return c + (10 - (int) 'a');
453 ldap_pvt_find_wildcard( const char *s )
455 for( ; *s != '\0' ; s++ ) {
457 case '*': /* found wildcard */
461 s++; /* skip over escape */
463 return NULL; /* escape at end of string */
470 /* unescape filter value */
471 /* support both LDAP v2 and v3 escapes */
472 /* output can include nul characters! */
474 ldap_pvt_filter_value_unescape( char *fval )
479 for( r=v=0; fval[v] != '\0'; v++ ) {
485 if ( fval[v] == '\0' ) {
486 /* escape at end of string */
491 if (( v1 = hex2value( fval[v] )) >= 0 ) {
493 if (( v2 = hex2value( fval[v+1] )) < 0 ) {
494 /* must be two digit code */
498 fval[r++] = v1 * 16 + v2;
527 put_complex_filter( BerElement *ber, char *str, ber_tag_t tag, int not )
532 * We have (x(filter)...) with str sitting on
533 * the x. We have to find the paren matching
534 * the one before the x and put the intervening
535 * filters by calling put_filter_list().
538 /* put explicit tag */
539 if ( ber_printf( ber, "t{" /*}*/, tag ) == -1 )
543 if ( (next = find_right_paren( str )) == NULL )
547 if ( put_filter_list( ber, str, tag ) == -1 )
551 /* flush explicit tagged thang */
552 if ( ber_printf( ber, /*{*/ "N}" ) == -1 )
559 ldap_int_put_filter( BerElement *ber, char *str )
562 int parens, balance, escape;
565 * A Filter looks like this:
566 * Filter ::= CHOICE {
567 * and [0] SET OF Filter,
568 * or [1] SET OF Filter,
570 * equalityMatch [3] AttributeValueAssertion,
571 * substrings [4] SubstringFilter,
572 * greaterOrEqual [5] AttributeValueAssertion,
573 * lessOrEqual [6] AttributeValueAssertion,
574 * present [7] AttributeType,
575 * approxMatch [8] AttributeValueAssertion,
576 * extensibleMatch [9] MatchingRuleAssertion -- LDAPv3
579 * SubstringFilter ::= SEQUENCE {
580 * type AttributeType,
581 * SEQUENCE OF CHOICE {
582 * initial [0] IA5String,
584 * final [2] IA5String
588 * MatchingRuleAssertion ::= SEQUENCE { -- LDAPv3
589 * matchingRule [1] MatchingRuleId OPTIONAL,
590 * type [2] AttributeDescription OPTIONAL,
591 * matchValue [3] AssertionValue,
592 * dnAttributes [4] BOOLEAN DEFAULT FALSE }
594 * Note: tags in a choice are always explicit
597 Debug( LDAP_DEBUG_TRACE, "put_filter \"%s\"\n", str, 0, 0 );
607 while( LDAP_SPACE( *str ) ) str++;
611 Debug( LDAP_DEBUG_TRACE, "put_filter: AND\n",
614 if ( (str = put_complex_filter( ber, str,
615 LDAP_FILTER_AND, 0 )) == NULL )
622 Debug( LDAP_DEBUG_TRACE, "put_filter: OR\n",
625 if ( (str = put_complex_filter( ber, str,
626 LDAP_FILTER_OR, 0 )) == NULL )
633 Debug( LDAP_DEBUG_TRACE, "put_filter: NOT\n",
636 if ( (str = put_complex_filter( ber, str,
637 LDAP_FILTER_NOT, 1 )) == NULL )
644 Debug( LDAP_DEBUG_TRACE, "put_filter: simple\n",
650 while ( *next && balance ) {
654 else if ( *next == ')' )
657 if ( *next == '\\' && ! escape )
668 if ( put_simple_filter( ber, str ) == -1 ) {
679 Debug( LDAP_DEBUG_TRACE, "put_filter: end\n", 0, 0,
681 if ( ber_printf( ber, /*[*/ "]" ) == -1 )
691 default: /* assume it's a simple type=value filter */
692 Debug( LDAP_DEBUG_TRACE, "put_filter: default\n", 0, 0,
694 next = strchr( str, '\0' );
695 if ( put_simple_filter( ber, str ) == -1 ) {
703 return( parens ? -1 : 0 );
707 * Put a list of filters like this "(filter1)(filter2)..."
711 put_filter_list( BerElement *ber, char *str, ber_tag_t tag )
716 Debug( LDAP_DEBUG_TRACE, "put_filter_list \"%s\"\n", str, 0, 0 );
719 while ( *str && LDAP_SPACE( (unsigned char) *str ) ) {
722 if ( *str == '\0' ) break;
724 if ( (next = find_right_paren( str + 1 )) == NULL ) {
729 /* now we have "(filter)" with str pointing to it */
731 if ( put_filter( ber, str ) == -1 ) return -1;
735 if( tag == LDAP_FILTER_NOT ) break;
738 if( tag == LDAP_FILTER_NOT && ( next == NULL || *str )) {
755 Debug( LDAP_DEBUG_TRACE, "put_simple_filter \"%s\"\n", str, 0, 0 );
757 str = LDAP_STRDUP( str );
758 if( str == NULL ) return -1;
760 if ( (s = strchr( str, '=' )) == NULL ) {
769 ftype = LDAP_FILTER_LE;
771 if(! ldap_is_attr_desc( str ) ) goto done;
775 ftype = LDAP_FILTER_GE;
777 if(! ldap_is_attr_desc( str ) ) goto done;
781 ftype = LDAP_FILTER_APPROX;
783 if(! ldap_is_attr_desc( str ) ) goto done;
787 /* RFC2254 extensible filters are off the form:
788 * type [:dn] [:rule] := value
789 * or [:dn]:rule := value
791 ftype = LDAP_FILTER_EXT;
795 char *dn = strchr( str, ':' );
799 if(! ldap_is_attr_desc( str ) ) goto done;
803 rule = strchr( dn, ':' );
807 if ( strcmp(dn, "dn") == 0 ) {
808 /* must have attribute */
809 if( !ldap_is_attr_desc( str ) ) {
824 if ( strcmp(dn, "dn") != 0 ) {
832 if ( *str == '\0' && ( !rule || *rule == '\0' ) ) {
833 /* must have either type or rule */
837 if ( *str != '\0' && !ldap_is_attr_desc( str ) ) {
841 if ( rule && *rule != '\0' && !ldap_is_attr_oid( rule ) ) {
845 rc = ber_printf( ber, "t{" /*}*/, ftype );
847 if( rc != -1 && rule && *rule != '\0' ) {
848 rc = ber_printf( ber, "ts", LDAP_FILTER_EXT_OID, rule );
850 if( rc != -1 && *str != '\0' ) {
851 rc = ber_printf( ber, "ts", LDAP_FILTER_EXT_TYPE, str );
855 ber_slen_t len = ldap_pvt_filter_value_unescape( value );
858 rc = ber_printf( ber, "totbN}",
859 LDAP_FILTER_EXT_VALUE, value, len,
860 LDAP_FILTER_EXT_DNATTRS, dn != NULL);
869 if ( ldap_pvt_find_wildcard( value ) == NULL ) {
870 ftype = LDAP_FILTER_EQUALITY;
871 } else if ( strcmp( value, "*" ) == 0 ) {
872 ftype = LDAP_FILTER_PRESENT;
874 rc = put_substring_filter( ber, str, value );
880 if ( ftype == LDAP_FILTER_PRESENT ) {
881 rc = ber_printf( ber, "ts", ftype, str );
884 ber_slen_t len = ldap_pvt_filter_value_unescape( value );
887 rc = ber_printf( ber, "t{soN}",
888 ftype, str, value, len );
892 if( rc != -1 ) rc = 0;
900 put_substring_filter( BerElement *ber, char *type, char *val )
902 char *nextstar, gotstar = 0;
903 ber_tag_t ftype = LDAP_FILTER_SUBSTRINGS;
905 Debug( LDAP_DEBUG_TRACE, "put_substring_filter \"%s=%s\"\n", type,
908 if ( ber_printf( ber, "t{s{", ftype, type ) == -1 )
911 for( ; val != NULL; val=nextstar ) {
912 if ( (nextstar = ldap_pvt_find_wildcard( val )) != NULL )
915 if ( gotstar == 0 ) {
916 ftype = LDAP_SUBSTRING_INITIAL;
917 } else if ( nextstar == NULL ) {
918 ftype = LDAP_SUBSTRING_FINAL;
920 ftype = LDAP_SUBSTRING_ANY;
923 if ( *val != '\0' ) {
924 ber_slen_t len = ldap_pvt_filter_value_unescape( val );
930 if ( ber_printf( ber, "to", ftype, val, len ) == -1 ) {
938 if ( ber_printf( ber, /* {{ */ "N}N}" ) == -1 )
946 LDAP *ld, LDAP_CONST char *base, int scope,
947 LDAP_CONST char *filter, char **attrs,
948 int attrsonly, struct timeval *timeout, LDAPMessage **res )
952 if ( (msgid = ldap_search( ld, base, scope, filter, attrs, attrsonly ))
954 return( ld->ld_errno );
956 if ( ldap_result( ld, msgid, 1, timeout, res ) == -1 )
957 return( ld->ld_errno );
959 if ( ld->ld_errno == LDAP_TIMEOUT ) {
960 (void) ldap_abandon( ld, msgid );
961 ld->ld_errno = LDAP_TIMEOUT;
962 return( ld->ld_errno );
965 return( ldap_result2error( ld, *res, 0 ) );
971 LDAP_CONST char *base,
973 LDAP_CONST char *filter,
980 if ( (msgid = ldap_search( ld, base, scope, filter, attrs, attrsonly ))
982 return( ld->ld_errno );
984 if ( ldap_result( ld, msgid, 1, (struct timeval *) NULL, res ) == -1 )
985 return( ld->ld_errno );
987 return( ldap_result2error( ld, *res, 0 ) );