2 * Copyright 1998-1999 The OpenLDAP Foundation, All Rights Reserved.
3 * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
6 * Copyright (c) 1990 Regents of the University of Michigan.
16 #include <ac/stdlib.h>
19 #include <ac/socket.h>
20 #include <ac/string.h>
25 static char *find_right_paren LDAP_P(( char *s ));
26 static char *put_complex_filter LDAP_P(( BerElement *ber, char *str,
27 unsigned long tag, int not ));
28 static int put_filter LDAP_P(( BerElement *ber, char *str ));
29 static int put_simple_filter LDAP_P(( BerElement *ber, char *str ));
30 static int put_substring_filter LDAP_P(( BerElement *ber, char *type, char *str ));
31 static int put_filter_list LDAP_P(( BerElement *ber, char *str ));
34 * ldap_search_ext - initiate an ldap search operation.
39 * base DN of the base object
40 * scope the search scope - one of LDAP_SCOPE_BASE,
41 * LDAP_SCOPE_ONELEVEL, LDAP_SCOPE_SUBTREE
42 * filter a string containing the search filter
43 * (e.g., "(|(cn=bob)(sn=bob))")
44 * attrs list of attribute types to return for matches
45 * attrsonly 1 => attributes only 0 => attributes and values
48 * char *attrs[] = { "mail", "title", 0 };
49 * ldap_search_ext( ld, "c=us@o=UM", LDAP_SCOPE_SUBTREE, "cn~=bob",
50 * attrs, attrsonly, sctrls, ctrls, timeout, sizelimit,
56 LDAP_CONST char *base,
58 LDAP_CONST char *filter,
63 struct timeval *timeout,
70 Debug( LDAP_DEBUG_TRACE, "ldap_search_ext\n", 0, 0, 0 );
73 * if timeout is provided, use only tv_sec as timelimit.
74 * otherwise, use default.
76 timelimit = (timeout != NULL)
77 ? timelimit = timeout->tv_sec
80 ber = ldap_build_search_req( ld, base, scope, filter, attrs,
81 attrsonly, sctrls, cctrls, timelimit, sizelimit );
83 if ( ber == NULLBER ) {
88 if ( ld->ld_cache != NULL ) {
89 if ( ldap_check_cache( ld, LDAP_REQ_SEARCH, ber ) == 0 ) {
91 ld->ld_errno = LDAP_SUCCESS;
92 *msgidp = ld->ld_msgid;
95 ldap_add_request_to_cache( ld, LDAP_REQ_SEARCH, ber );
97 #endif /* LDAP_NOCACHE */
99 /* send the message */
100 *msgidp = ldap_send_initial_request( ld, LDAP_REQ_SEARCH, base, ber );
111 LDAP_CONST char *base,
113 LDAP_CONST char *filter,
116 LDAPControl **sctrls,
117 LDAPControl **cctrls,
118 struct timeval *timeout,
125 rc = ldap_search_ext( ld, base, scope, filter, attrs, attrsonly,
126 sctrls, cctrls, timeout, sizelimit, &msgid );
128 if ( rc != LDAP_SUCCESS ) {
132 if ( ldap_result( ld, msgid, 1, timeout, res ) == -1 )
133 return( ld->ld_errno );
135 return( ldap_result2error( ld, *res, 0 ) );
139 * ldap_search - initiate an ldap search operation.
144 * base DN of the base object
145 * scope the search scope - one of LDAP_SCOPE_BASE,
146 * LDAP_SCOPE_ONELEVEL, LDAP_SCOPE_SUBTREE
147 * filter a string containing the search filter
148 * (e.g., "(|(cn=bob)(sn=bob))")
149 * attrs list of attribute types to return for matches
150 * attrsonly 1 => attributes only 0 => attributes and values
153 * char *attrs[] = { "mail", "title", 0 };
154 * msgid = ldap_search( ld, "c=us@o=UM", LDAP_SCOPE_SUBTREE, "cn~=bob",
155 * attrs, attrsonly );
159 LDAP *ld, LDAP_CONST char *base, int scope, LDAP_CONST char *filter,
160 char **attrs, int attrsonly )
164 Debug( LDAP_DEBUG_TRACE, "ldap_search\n", 0, 0, 0 );
166 ber = ldap_build_search_req( ld, base, scope, filter, attrs,
167 attrsonly, NULL, NULL, -1, -1 );
169 if ( ber == NULLBER ) {
174 if ( ld->ld_cache != NULL ) {
175 if ( ldap_check_cache( ld, LDAP_REQ_SEARCH, ber ) == 0 ) {
177 ld->ld_errno = LDAP_SUCCESS;
178 return( ld->ld_msgid );
180 ldap_add_request_to_cache( ld, LDAP_REQ_SEARCH, ber );
182 #endif /* LDAP_NOCACHE */
184 /* send the message */
185 return ( ldap_send_initial_request( ld, LDAP_REQ_SEARCH, base, ber ));
190 ldap_build_search_req(
192 LDAP_CONST char *base_in,
194 LDAP_CONST char *filter_in,
197 LDAPControl **sctrls,
198 LDAPControl **cctrls,
208 * Create the search request. It looks like this:
209 * SearchRequest := [APPLICATION 3] SEQUENCE {
210 * baseObject DistinguishedName,
216 * derefAliases ENUMERATED {
217 * neverDerefaliases (0),
218 * derefInSearching (1),
219 * derefFindingBaseObj (2),
220 * alwaysDerefAliases (3)
222 * sizelimit INTEGER (0 .. 65535),
223 * timelimit INTEGER (0 .. 65535),
226 * attributes SEQUENCE OF AttributeType
228 * wrapped in an ldap message.
231 /* create a message to send */
232 if ( (ber = ldap_alloc_ber_with_options( ld )) == NULLBER ) {
236 if ( base_in == NULL ) {
237 /* no base provided, use session default base */
238 base = ld->ld_options.ldo_defbase;
240 base = (char *) base_in;
243 if ( base == NULL ) {
244 /* no session default base, use top */
248 #ifdef LDAP_CONNECTIONLESS
249 if ( ld->ld_cldapnaddr > 0 ) {
250 err = ber_printf( ber, "{ist{seeiib", ++ld->ld_msgid,
251 ld->ld_cldapdn, LDAP_REQ_SEARCH, base, scope, ld->ld_deref,
252 (sizelimit < 0) ? ld->ld_sizelimit : sizelimit,
253 (timelimit < 0) ? ld->ld_timelimit : timelimit,
256 #endif /* LDAP_CONNECTIONLESS */
257 err = ber_printf( ber, "{it{seeiib", ++ld->ld_msgid,
258 LDAP_REQ_SEARCH, base, scope, ld->ld_deref,
259 (sizelimit < 0) ? ld->ld_sizelimit : sizelimit,
260 (timelimit < 0) ? ld->ld_timelimit : timelimit,
262 #ifdef LDAP_CONNECTIONLESS
264 #endif /* LDAP_CONNECTIONLESS */
267 ld->ld_errno = LDAP_ENCODING_ERROR;
272 filter = LDAP_STRDUP( filter_in );
273 err = put_filter( ber, filter );
277 ld->ld_errno = LDAP_FILTER_ERROR;
282 if ( ber_printf( ber, "{v}}", attrs ) == -1 ) {
283 ld->ld_errno = LDAP_ENCODING_ERROR;
288 /* Put Server Controls */
289 if( ldap_int_put_controls( ld, sctrls, ber ) != LDAP_SUCCESS ) {
294 if ( ber_printf( ber, "}", attrs ) == -1 ) {
295 ld->ld_errno = LDAP_ENCODING_ERROR;
304 find_right_paren( char *s )
310 while ( *s && balance ) {
314 else if ( *s == ')' )
317 if ( *s == '\\' && ! escape )
325 return( *s ? s : NULL );
329 put_complex_filter( BerElement *ber, char *str, unsigned long tag, int not )
334 * We have (x(filter)...) with str sitting on
335 * the x. We have to find the paren matching
336 * the one before the x and put the intervening
337 * filters by calling put_filter_list().
340 /* put explicit tag */
341 if ( ber_printf( ber, "t{", tag ) == -1 )
345 if ( !not && ber_printf( ber, "{" ) == -1 )
350 if ( (next = find_right_paren( str )) == NULL )
354 if ( put_filter_list( ber, str ) == -1 )
358 /* flush explicit tagged thang */
359 if ( ber_printf( ber, "}" ) == -1 )
363 if ( !not && ber_printf( ber, "}" ) == -1 )
371 put_filter( BerElement *ber, char *str )
373 char *next, *tmp, *s, *d;
374 int parens, balance, escape, gotescape;
377 * A Filter looks like this:
378 * Filter ::= CHOICE {
379 * and [0] SET OF Filter,
380 * or [1] SET OF Filter,
382 * equalityMatch [3] AttributeValueAssertion,
383 * substrings [4] SubstringFilter,
384 * greaterOrEqual [5] AttributeValueAssertion,
385 * lessOrEqual [6] AttributeValueAssertion,
386 * present [7] AttributeType,
387 * approxMatch [8] AttributeValueAssertion,
388 * extensibleMatch [9] MatchingRuleAssertion -- LDAPv3
391 * SubstringFilter ::= SEQUENCE {
392 * type AttributeType,
393 * SEQUENCE OF CHOICE {
394 * initial [0] IA5String,
396 * final [2] IA5String
400 * MatchingRuleAssertion ::= SEQUENCE { -- LDAPv3
401 * matchingRule [1] MatchingRuleId OPTIONAL,
402 * type [2] AttributeDescription OPTIONAL,
403 * matchValue [3] AssertionValue,
404 * dnAttributes [4] BOOLEAN DEFAULT FALSE }
406 * Note: tags in a choice are always explicit
409 Debug( LDAP_DEBUG_TRACE, "put_filter \"%s\"\n", str, 0, 0 );
411 gotescape = parens = 0;
419 Debug( LDAP_DEBUG_TRACE, "put_filter: AND\n",
422 if ( (str = put_complex_filter( ber, str,
423 LDAP_FILTER_AND, 0 )) == NULL )
430 Debug( LDAP_DEBUG_TRACE, "put_filter: OR\n",
433 if ( (str = put_complex_filter( ber, str,
434 LDAP_FILTER_OR, 0 )) == NULL )
441 Debug( LDAP_DEBUG_TRACE, "put_filter: NOT\n",
444 if ( (str = put_complex_filter( ber, str,
445 LDAP_FILTER_NOT, 1 )) == NULL )
452 Debug( LDAP_DEBUG_TRACE, "put_filter: simple\n",
458 while ( *next && balance ) {
462 else if ( *next == ')' )
465 if ( *next == '\\' && ! escape )
466 gotescape = escape = 1;
476 tmp = LDAP_STRDUP( str );
479 for ( s = d = tmp; *s; s++ ) {
480 if ( *s != '\\' || escape ) {
489 if ( put_simple_filter( ber, tmp ) == -1 ) {
502 Debug( LDAP_DEBUG_TRACE, "put_filter: end\n", 0, 0,
504 if ( ber_printf( ber, "]" ) == -1 )
514 default: /* assume it's a simple type=value filter */
515 Debug( LDAP_DEBUG_TRACE, "put_filter: default\n", 0, 0,
517 next = strchr( str, '\0' );
518 tmp = LDAP_STRDUP( str );
519 if ( strchr( tmp, '\\' ) != NULL ) {
521 for ( s = d = tmp; *s; s++ ) {
522 if ( *s != '\\' || escape ) {
531 if ( put_simple_filter( ber, tmp ) == -1 ) {
541 return( parens ? -1 : 0 );
545 * Put a list of filters like this "(filter1)(filter2)..."
549 put_filter_list( BerElement *ber, char *str )
554 Debug( LDAP_DEBUG_TRACE, "put_filter_list \"%s\"\n", str, 0, 0 );
557 while ( *str && isspace( (unsigned char) *str ) )
562 if ( (next = find_right_paren( str + 1 )) == NULL )
566 /* now we have "(filter)" with str pointing to it */
568 if ( put_filter( ber, str ) == -1 )
579 put_simple_filter( BerElement *ber, char *str )
582 char *value, savechar;
586 Debug( LDAP_DEBUG_TRACE, "put_simple_filter \"%s\"\n", str, 0, 0 );
588 if ( (s = strchr( str, '=' )) == NULL )
596 ftype = LDAP_FILTER_LE;
600 ftype = LDAP_FILTER_GE;
604 ftype = LDAP_FILTER_APPROX;
608 if ( strchr( value, '*' ) == NULL ) {
609 ftype = LDAP_FILTER_EQUALITY;
610 } else if ( strcmp( value, "*" ) == 0 ) {
611 ftype = LDAP_FILTER_PRESENT;
613 rc = put_substring_filter( ber, str, value );
620 if ( ftype == LDAP_FILTER_PRESENT ) {
621 rc = ber_printf( ber, "ts", ftype, str );
623 rc = ber_printf( ber, "t{ss}", ftype, str, value );
628 return( rc == -1 ? rc : 0 );
632 put_substring_filter( BerElement *ber, char *type, char *val )
634 char *nextstar, gotstar = 0;
637 Debug( LDAP_DEBUG_TRACE, "put_substring_filter \"%s=%s\"\n", type,
640 if ( ber_printf( ber, "t{s{", LDAP_FILTER_SUBSTRINGS, type ) == -1 )
643 while ( val != NULL ) {
644 if ( (nextstar = strchr( val, '*' )) != NULL )
647 if ( gotstar == 0 ) {
648 ftype = LDAP_SUBSTRING_INITIAL;
649 } else if ( nextstar == NULL ) {
650 ftype = LDAP_SUBSTRING_FINAL;
652 ftype = LDAP_SUBSTRING_ANY;
654 if ( *val != '\0' ) {
655 if ( ber_printf( ber, "ts", ftype, val ) == -1 )
660 if ( nextstar != NULL )
665 if ( ber_printf( ber, "}}" ) == -1 )
673 LDAP *ld, LDAP_CONST char *base, int scope,
674 LDAP_CONST char *filter, char **attrs,
675 int attrsonly, struct timeval *timeout, LDAPMessage **res )
679 if ( (msgid = ldap_search( ld, base, scope, filter, attrs, attrsonly ))
681 return( ld->ld_errno );
683 if ( ldap_result( ld, msgid, 1, timeout, res ) == -1 )
684 return( ld->ld_errno );
686 if ( ld->ld_errno == LDAP_TIMEOUT ) {
687 (void) ldap_abandon( ld, msgid );
688 ld->ld_errno = LDAP_TIMEOUT;
689 return( ld->ld_errno );
692 return( ldap_result2error( ld, *res, 0 ) );
698 LDAP_CONST char *base,
700 LDAP_CONST char *filter,
707 if ( (msgid = ldap_search( ld, base, scope, filter, attrs, attrsonly ))
709 return( ld->ld_errno );
711 if ( ldap_result( ld, msgid, 1, (struct timeval *) NULL, res ) == -1 )
712 return( ld->ld_errno );
714 return( ldap_result2error( ld, *res, 0 ) );