1 /* component.c -- Component Filter Match Routines */
3 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
5 * Copyright 2003-2005 The OpenLDAP Foundation.
6 * Portions Copyright 2004 by IBM Corporation.
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted only as authorized by the OpenLDAP
13 * A copy of this license is available in the file LICENSE in the
14 * top-level directory of the distribution or, alternatively, at
15 * <http://www.OpenLDAP.org/license.html>.
20 #include <ac/string.h>
21 #include <ac/socket.h>
27 #ifdef LDAP_COMP_MATCH
29 #include "component.h"
32 * Following function pointers are initialized
33 * when a component module is loaded
35 alloc_nibble_func* nibble_mem_allocator = NULL;
36 free_nibble_func* nibble_mem_free = NULL;
37 convert_attr_to_comp_func* attr_converter = NULL;
38 convert_assert_to_comp_func* assert_converter = NULL ;
39 free_component_func* component_destructor = NULL ;
40 test_component_func* test_components = NULL;
41 test_membership_func* is_aliased_attribute = NULL;
42 component_encoder_func* component_encoder = NULL;
43 get_component_info_func* get_component_description = NULL;
44 #define OID_ALL_COMP_MATCH "1.2.36.79672281.1.13.6"
45 #define OID_COMP_FILTER_MATCH "1.2.36.79672281.1.13.2"
46 #define MAX_LDAP_STR_LEN 128
49 peek_componentId_type( ComponentAssertionValue* cav );
52 strip_cav_str( ComponentAssertionValue* cav, char* str);
55 peek_cav_str( ComponentAssertionValue* cav, char* str );
58 parse_comp_filter( Operation* op, ComponentAssertionValue* cav,
59 ComponentFilter** filt, const char** text );
62 free_comp_filter( ComponentFilter* f );
65 test_comp_filter( Syntax *syn, ComponentSyntaxInfo *a, ComponentFilter *f );
68 componentCertificateValidate(
76 componentFilterValidate(
84 allComponentsValidate(
92 componentFilterMatch (
100 ComponentSyntaxInfo *csi_attr = (ComponentSyntaxInfo*)value;
101 MatchingRuleAssertion * ma = (MatchingRuleAssertion*)assertedValue;
104 if ( !mr || !ma->ma_cf ) return LDAP_INAPPROPRIATE_MATCHING;
106 /* Check if the component module is loaded */
107 if ( !attr_converter || !nibble_mem_allocator ) {
111 rc = test_comp_filter( syntax, csi_attr, ma->ma_cf );
113 if ( rc == LDAP_COMPARE_TRUE ) {
117 else if ( rc == LDAP_COMPARE_FALSE ) {
122 return LDAP_INAPPROPRIATE_MATCHING;
127 directoryComponentsMatch(
132 struct berval *value,
133 void *assertedValue )
135 /* Only for registration */
146 struct berval *value,
147 void *assertedValue )
149 /* Only for registration */
155 slapd_ber2cav( struct berval* bv, ComponentAssertionValue* cav )
159 cav->cav_ptr = cav->cav_buf = bv->bv_val;
160 cav->cav_end = bv->bv_val + bv->bv_len;
166 dup_comp_ref ( Operation* op, ComponentReference* cr )
169 ComponentReference* dup_cr;
170 ComponentId* ci_curr;
171 ComponentId** ci_temp;
174 dup_cr = op->o_tmpalloc( sizeof( ComponentReference ), op->o_tmpmemctx );
176 dup_cr->cr_len = cr->cr_len;
177 dup_cr->cr_string = cr->cr_string;
179 ci_temp = &dup_cr->cr_list;
180 ci_curr = cr->cr_list;
182 for ( ; ci_curr != NULL ;
183 ci_curr = ci_curr->ci_next, ci_temp = &(*ci_temp)->ci_next )
185 *ci_temp = op->o_tmpalloc( sizeof( ComponentId ), op->o_tmpmemctx );
186 if ( !ci_temp ) return NULL;
187 **ci_temp = *ci_curr;
190 dup_cr->cr_curr = dup_cr->cr_list;
196 dup_comp_filter_list (
199 ComponentFilter* in_f,
200 ComponentFilter** out_f )
202 ComponentFilter **new, *f;
206 for ( f = in_f; f != NULL; f = f->cf_next ) {
207 rc = dup_comp_filter( op, bv, f, new );
208 if ( rc != LDAP_SUCCESS ) {
211 new = &(*new)->cf_next;
217 get_len_of_next_assert_value ( struct berval* bv, char separator )
221 if ( (bv->bv_val[ i ] == separator) || ( i >= bv->bv_len) )
225 bv->bv_val += (i + 1);
226 bv->bv_len -= (i + 1);
231 dup_comp_filter_item (
233 struct berval* assert_bv,
234 ComponentAssertion* in_ca,
235 ComponentAssertion** out_ca )
237 ComponentAssertion* ca;
240 if ( !in_ca->ca_comp_ref ) return SLAPD_DISCONNECT;
242 *out_ca = op->o_tmpalloc( sizeof( ComponentAssertion ), op->o_tmpmemctx );
243 if ( !(*out_ca) ) return LDAP_NO_MEMORY;
245 (*out_ca)->ca_comp_data.cd_tree = NULL;
246 (*out_ca)->ca_comp_data.cd_mem_op = NULL;
248 (*out_ca)->ca_comp_ref = dup_comp_ref ( op, in_ca->ca_comp_ref );
249 (*out_ca)->ca_use_def = 0;
250 (*out_ca)->ca_ma_rule = in_ca->ca_ma_rule;
252 (*out_ca)->ca_ma_value.bv_val = assert_bv->bv_val;
253 len = get_len_of_next_assert_value ( assert_bv, '$' );
254 if ( len <= 0 ) return SLAPD_DISCONNECT;
255 (*out_ca)->ca_ma_value.bv_len = len;
264 ComponentFilter *in_f,
265 ComponentFilter **out_f )
268 ComponentFilter dup_f = {0};
270 if ( !in_f ) return LDAP_PROTOCOL_ERROR;
272 switch ( in_f->cf_choice ) {
273 case LDAP_COMP_FILTER_AND:
274 rc = dup_comp_filter_list( op, bv, in_f->cf_and, &dup_f.cf_and);
275 dup_f.cf_choice = LDAP_COMP_FILTER_AND;
277 case LDAP_COMP_FILTER_OR:
278 rc = dup_comp_filter_list( op, bv, in_f->cf_or, &dup_f.cf_or);
279 dup_f.cf_choice = LDAP_COMP_FILTER_OR;
281 case LDAP_COMP_FILTER_NOT:
282 rc = dup_comp_filter( op, bv, in_f->cf_not, &dup_f.cf_not);
283 dup_f.cf_choice = LDAP_COMP_FILTER_NOT;
285 case LDAP_COMP_FILTER_ITEM:
286 rc = dup_comp_filter_item( op, bv, in_f->cf_ca ,&dup_f.cf_ca );
287 dup_f.cf_choice = LDAP_COMP_FILTER_ITEM;
290 rc = LDAP_PROTOCOL_ERROR;
293 if ( rc == LDAP_SUCCESS ) {
294 *out_f = op->o_tmpalloc( sizeof(dup_f), op->o_tmpmemctx );
302 get_aliased_filter_aa ( Operation* op, AttributeAssertion* a_assert, AttributeAliasing* aa, const char** text )
305 struct berval assert_bv;
306 ComponentAssertion* ca;
308 Debug( LDAP_DEBUG_FILTER, "get_aliased_filter\n", 0, 0, 0 );
311 return LDAP_PROTOCOL_ERROR;
313 assert_bv = a_assert->aa_value;
315 * Duplicate aa->aa_cf to ma->ma_cf by replacing the
316 * the component assertion value in assert_bv
317 * Multiple values may be separated with '$'
319 return dup_comp_filter ( op, &assert_bv, aa->aa_cf, &a_assert->aa_cf );
323 get_aliased_filter( Operation* op,
324 MatchingRuleAssertion* ma, AttributeAliasing* aa,
328 struct berval assert_bv;
329 ComponentAssertion* ca;
331 Debug( LDAP_DEBUG_FILTER, "get_aliased_filter\n", 0, 0, 0 );
333 if ( !aa->aa_cf ) return LDAP_PROTOCOL_ERROR;
335 assert_bv = ma->ma_value;
336 /* Attribute Description is replaced with aliased one */
337 ma->ma_desc = aa->aa_aliased_ad;
338 ma->ma_rule = aa->aa_mr;
340 * Duplicate aa->aa_cf to ma->ma_cf by replacing the
341 * the component assertion value in assert_bv
342 * Multiple values may be separated with '$'
344 return dup_comp_filter ( op, &assert_bv, aa->aa_cf, &ma->ma_cf );
348 get_comp_filter( Operation* op, struct berval* bv,
349 ComponentFilter** filt, const char **text )
351 ComponentAssertionValue cav;
354 Debug( LDAP_DEBUG_FILTER, "get_comp_filter\n", 0, 0, 0 );
355 if ( (rc = slapd_ber2cav(bv, &cav) ) != LDAP_SUCCESS ) {
358 rc = parse_comp_filter( op, &cav, filt, text );
359 bv->bv_val = cav.cav_ptr;
365 eat_whsp( ComponentAssertionValue* cav )
367 for ( ; ( *cav->cav_ptr == ' ' ) && ( cav->cav_ptr < cav->cav_end ) ; ) {
373 cav_cur_len( ComponentAssertionValue* cav )
375 return cav->cav_end - cav->cav_ptr;
379 comp_first_element( ComponentAssertionValue* cav )
382 if ( cav_cur_len( cav ) >= 8 && strncmp( cav->cav_ptr, "item", 4 ) == 0 ) {
383 return LDAP_COMP_FILTER_ITEM;
385 } else if ( cav_cur_len( cav ) >= 7 &&
386 strncmp( cav->cav_ptr, "and", 3 ) == 0 )
388 return LDAP_COMP_FILTER_AND;
390 } else if ( cav_cur_len( cav ) >= 6 &&
391 strncmp( cav->cav_ptr, "or" , 2 ) == 0 )
393 return LDAP_COMP_FILTER_OR;
395 } else if ( cav_cur_len( cav ) >= 7 &&
396 strncmp( cav->cav_ptr, "not", 3 ) == 0 )
398 return LDAP_COMP_FILTER_NOT;
401 return LDAP_COMP_FILTER_UNDEFINED;
406 comp_next_element( ComponentAssertionValue* cav )
409 if ( *(cav->cav_ptr) == ',' ) {
410 /* move pointer to the next CA */
412 return comp_first_element( cav );
414 else return LDAP_COMP_FILTER_UNDEFINED;
418 get_comp_filter_list( Operation *op, ComponentAssertionValue *cav,
419 ComponentFilter** f, const char** text )
421 ComponentFilter **new;
425 Debug( LDAP_DEBUG_FILTER, "get_comp_filter_list\n", 0, 0, 0 );
427 for ( tag = comp_first_element( cav );
428 tag != LDAP_COMP_FILTER_UNDEFINED;
429 tag = comp_next_element( cav ) )
431 err = parse_comp_filter( op, cav, new, text );
432 if ( err != LDAP_SUCCESS ) return ( err );
433 new = &(*new)->cf_next;
437 return( LDAP_SUCCESS );
441 get_componentId( Operation *op, ComponentAssertionValue* cav,
442 ComponentId ** cid, const char** text )
448 type = peek_componentId_type( cav );
450 Debug( LDAP_DEBUG_FILTER, "get_compId [%d]\n", type, 0, 0 );
455 case LDAP_COMPREF_IDENTIFIER :
456 _cid.ci_val.ci_identifier.bv_val = cav->cav_ptr;
457 for( ;cav->cav_ptr[len] != ' ' && cav->cav_ptr[len] != '\0' &&
458 cav->cav_ptr[len] != '.' && cav->cav_ptr[len] != '\"' ; len++ );
459 _cid.ci_val.ci_identifier.bv_len = len;
462 case LDAP_COMPREF_FROM_BEGINNING :
463 for( ;cav->cav_ptr[len] != ' ' && cav->cav_ptr[len] != '\0' &&
464 cav->cav_ptr[len] != '.' && cav->cav_ptr[len] != '\"' ; len++ );
465 _cid.ci_val.ci_from_beginning = strtol( cav->cav_ptr, NULL, 0 );
468 case LDAP_COMPREF_FROM_END :
469 for( ;cav->cav_ptr[len] != ' ' && cav->cav_ptr[len] != '\0' &&
470 cav->cav_ptr[len] != '.' && cav->cav_ptr[len] != '\"' ; len++ );
471 _cid.ci_val.ci_from_end = strtol( cav->cav_ptr, NULL, 0 );
474 case LDAP_COMPREF_COUNT :
475 _cid.ci_val.ci_count = 0;
478 case LDAP_COMPREF_CONTENT :
479 _cid.ci_val.ci_content = 1;
480 cav->cav_ptr += strlen("content");
482 case LDAP_COMPREF_SELECT :
483 if ( cav->cav_ptr[len] != '(' ) return LDAP_COMPREF_UNDEFINED;
484 for( ;cav->cav_ptr[len] != ' ' && cav->cav_ptr[len] != '\0' &&
485 cav->cav_ptr[len] != '\"' && cav->cav_ptr[len] != ')'
487 _cid.ci_val.ci_select_value.bv_val = cav->cav_ptr + 1;
488 _cid.ci_val.ci_select_value.bv_len = len - 1 ;
489 cav->cav_ptr += len + 1;
491 case LDAP_COMPREF_ALL :
492 _cid.ci_val.ci_all = '*';
496 return LDAP_COMPREF_UNDEFINED;
500 *cid = op->o_tmpalloc( sizeof( ComponentId ), op->o_tmpmemctx );
502 *cid = malloc( sizeof( ComponentId ) );
509 peek_componentId_type( ComponentAssertionValue* cav )
513 if ( cav->cav_ptr[0] == '-' ) {
514 return LDAP_COMPREF_FROM_END;
516 } else if ( cav->cav_ptr[0] == '(' ) {
517 return LDAP_COMPREF_SELECT;
519 } else if ( cav->cav_ptr[0] == '*' ) {
520 return LDAP_COMPREF_ALL;
522 } else if ( cav->cav_ptr[0] == '0' ) {
523 return LDAP_COMPREF_COUNT;
525 } else if ( cav->cav_ptr[0] > '0' && cav->cav_ptr[0] <= '9' ) {
526 return LDAP_COMPREF_FROM_BEGINNING;
528 } else if ( (cav->cav_end - cav->cav_ptr) >= 7 &&
529 strncmp(cav->cav_ptr,"content",7) == 0 )
531 return LDAP_COMPREF_CONTENT;
532 } else if ( (cav->cav_ptr[0] >= 'a' && cav->cav_ptr[0] <= 'z') ||
533 (cav->cav_ptr[0] >= 'A' && cav->cav_ptr[0] <= 'Z') )
535 return LDAP_COMPREF_IDENTIFIER;
538 return LDAP_COMPREF_UNDEFINED;
542 comp_next_id( ComponentAssertionValue* cav )
544 if ( *(cav->cav_ptr) == '.' ) {
546 return LDAP_COMPREF_DEFINED;
549 return LDAP_COMPREF_UNDEFINED;
555 get_component_reference(
557 ComponentAssertionValue* cav,
558 ComponentReference** cr,
563 ComponentReference* ca_comp_ref;
564 ComponentId** cr_list;
569 start = cav->cav_ptr;
570 if ( ( rc = strip_cav_str( cav,"\"") ) != LDAP_SUCCESS ) return rc;
572 ca_comp_ref = op->o_tmpalloc( sizeof( ComponentReference ),
575 ca_comp_ref = malloc( sizeof( ComponentReference ) );
578 if ( !ca_comp_ref ) return LDAP_NO_MEMORY;
580 cr_list = &ca_comp_ref->cr_list;
582 for ( type = peek_componentId_type( cav ) ; type != LDAP_COMPREF_UNDEFINED
583 ; type = comp_next_id( cav ), count++ )
585 rc = get_componentId( op, cav, cr_list, text );
586 if ( rc == LDAP_SUCCESS ) {
587 if ( count == 0 ) ca_comp_ref->cr_curr = ca_comp_ref->cr_list;
588 cr_list = &(*cr_list)->ci_next;
590 } else if ( rc == LDAP_COMPREF_UNDEFINED ) {
594 ca_comp_ref->cr_len = count;
596 if ( ( rc = strip_cav_str( cav,"\"") ) != LDAP_SUCCESS ) {
598 op->o_tmpfree( ca_comp_ref , op->o_tmpmemctx );
605 if ( rc == LDAP_SUCCESS ) {
610 op->o_tmpfree( ca_comp_ref , op->o_tmpmemctx );
613 free( ca_comp_ref ) ;
616 (*cr)->cr_string.bv_val = start;
617 (*cr)->cr_string.bv_len = end - start + 1;
623 insert_component_reference(
624 ComponentReference *cr,
625 ComponentReference** cr_list)
627 if ( !cr ) return LDAP_PARAM_ERROR;
633 cr->cr_next = *cr_list;
640 * If there is '.' in the name of a given attribute
641 * the first '.'- following characters are considered
642 * as a component reference of the attribute
643 * EX) userCertificate.toBeSigned.serialNumber
644 * attribute : userCertificate
645 * component reference : toBeSigned.serialNumber
648 is_component_reference( char* attr ) {
650 for ( i=0; attr[i] != '\0' ; i++ ) {
651 if ( attr[i] == '.' ) return (1);
657 extract_component_reference(
659 ComponentReference** cr )
664 ComponentAssertionValue cav;
667 for ( i=0; attr[i] != '\0' ; i++ ) {
668 if ( attr[i] == '.' ) break;
671 if (attr[i] != '.' ) return LDAP_PARAM_ERROR;
674 cr_ptr = attr + i + 1 ;
675 cr_len = strlen ( cr_ptr );
676 if ( cr_len <= 0 ) return LDAP_PARAM_ERROR;
678 /* enclosed between double quotes*/
679 cav.cav_ptr = cav.cav_buf = ch_malloc (cr_len+2);
680 memcpy( cav.cav_buf+1, cr_ptr, cr_len );
681 cav.cav_buf[0] = '"';
682 cav.cav_buf[cr_len+1] = '"';
683 cav.cav_end = cr_ptr + cr_len + 2;
685 rc = get_component_reference ( NULL, &cav, cr, (const char**)text );
686 if ( rc != LDAP_SUCCESS ) return rc;
687 (*cr)->cr_string.bv_val = cav.cav_buf;
688 (*cr)->cr_string.bv_len = cr_len + 2;
694 get_ca_use_default( Operation *op,
695 ComponentAssertionValue* cav,
696 int* ca_use_def, const char** text )
698 strip_cav_str( cav, "useDefaultValues" );
700 if ( peek_cav_str( cav, "TRUE" ) == LDAP_SUCCESS ) {
701 strip_cav_str( cav, "TRUE" );
704 } else if ( peek_cav_str( cav, "FALSE" ) == LDAP_SUCCESS ) {
705 strip_cav_str( cav, "FALSE" );
709 return LDAP_INVALID_SYNTAX;
716 get_matching_rule( Operation *op, ComponentAssertionValue* cav,
717 MatchingRule** mr, const char** text )
720 struct berval rule_text = { 0L, NULL };
724 for ( ; ; count++ ) {
725 if ( cav->cav_ptr[count] == ' ' || cav->cav_ptr[count] == ',' ||
726 cav->cav_ptr[count] == '\0' || cav->cav_ptr[count] == '{' ||
727 cav->cav_ptr[count] == '}' || cav->cav_ptr[count] == '\n' )
734 *text = "component matching rule not recognized";
735 return LDAP_INAPPROPRIATE_MATCHING;
738 rule_text.bv_len = count;
739 rule_text.bv_val = cav->cav_ptr;
740 *mr = mr_bvfind( &rule_text );
741 cav->cav_ptr += count;
742 Debug( LDAP_DEBUG_FILTER, "get_matching_rule: %s\n",
743 (*mr)->smr_mrule.mr_oid, 0, 0 );
745 *text = "component matching rule not recognized";
746 return LDAP_INAPPROPRIATE_MATCHING;
752 get_GSER_value( ComponentAssertionValue* cav, struct berval* bv )
754 int count, sequent_dquote, unclosed_brace, succeed;
758 * Four cases of GSER <Values>
760 * StringVal, GeneralizedTimeVal, UTCTimeVal, ObjectDescriptorVal
761 * 2) '...'B or '...'H :
762 * BitStringVal, OctetStringVal
764 * SEQUENCE, SEQUENCEOF, SETOF, SET, CHOICE
765 * 4) Between two white spaces
766 * INTEGER, BOOLEAN, NULL,ENUMERATE, etc
770 if ( cav->cav_ptr[0] == '"' ) {
771 for( count = 1, sequent_dquote = 0 ; ; count++ ) {
772 /* In order to find escaped double quote */
773 if ( cav->cav_ptr[count] == '"' ) sequent_dquote++;
774 else sequent_dquote = 0;
776 if ( cav->cav_ptr[count] == '\0' ||
777 (cav->cav_ptr+count) > cav->cav_end )
782 if ( ( cav->cav_ptr[count] == '"' &&
783 cav->cav_ptr[count-1] != '"') ||
784 ( sequent_dquote > 2 && (sequent_dquote%2) == 1 ) )
791 if ( !succeed || cav->cav_ptr[count] != '"' ) {
792 return LDAP_FILTER_ERROR;
795 bv->bv_val = cav->cav_ptr + 1;
796 bv->bv_len = count - 1; /* exclude '"' */
798 } else if ( cav->cav_ptr[0] == '\'' ) {
799 for( count = 1 ; ; count++ ) {
800 if ( cav->cav_ptr[count] == '\0' ||
801 (cav->cav_ptr+count) > cav->cav_end )
805 if ((cav->cav_ptr[count-1] == '\'' && cav->cav_ptr[count] == 'B') ||
806 (cav->cav_ptr[count-1] == '\'' && cav->cav_ptr[count] == 'H') )
814 !(cav->cav_ptr[count] == 'H' || cav->cav_ptr[count] == 'B') )
816 return LDAP_FILTER_ERROR;
819 bv->bv_val = cav->cav_ptr + 1;/*the next to '"' */
820 bv->bv_len = count - 2;/* exclude "'H" or "'B" */
822 } else if ( cav->cav_ptr[0] == '{' ) {
823 for( count = 1, unclosed_brace = 1 ; ; count++ ) {
824 if ( cav->cav_ptr[count] == '{' ) unclosed_brace++;
825 if ( cav->cav_ptr[count] == '}' ) unclosed_brace--;
827 if ( cav->cav_ptr[count] == '\0' ||
828 (cav->cav_ptr+count) > cav->cav_end )
832 if ( unclosed_brace == 0 ) {
838 if ( !succeed || cav->cav_ptr[count] != '}' ) return LDAP_FILTER_ERROR;
840 bv->bv_val = cav->cav_ptr + 1;/*the next to '"' */
841 bv->bv_len = count - 1;/* exclude "'B" */
845 /*Find following white space where the value is ended*/
846 for( count = 1 ; ; count++ ) {
847 if ( cav->cav_ptr[count] == '\0' ||
848 cav->cav_ptr[count] == ' ' || cav->cav_ptr[count] == '}' ||
849 cav->cav_ptr[count] == '{' ||
850 (cav->cav_ptr+count) > cav->cav_end )
855 bv->bv_val = cav->cav_ptr;
859 cav->cav_ptr += bv->bv_len;
864 get_matching_value( Operation *op, ComponentAssertion* ca,
865 ComponentAssertionValue* cav, struct berval* bv,
868 if ( !(ca->ca_ma_rule->smr_usage & (SLAP_MR_COMPONENT)) ) {
869 if ( get_GSER_value( cav, bv ) != LDAP_SUCCESS ) {
870 return LDAP_FILTER_ERROR;
874 /* embeded componentFilterMatch Description */
875 bv->bv_val = cav->cav_ptr;
876 bv->bv_len = cav_cur_len( cav );
882 /* Don't move the position pointer, just peek given string */
884 peek_cav_str( ComponentAssertionValue* cav, char* str )
887 if ( cav_cur_len( cav ) >= strlen( str ) &&
888 strncmp( cav->cav_ptr, str, strlen( str ) ) == 0 )
893 return LDAP_INVALID_SYNTAX;
897 strip_cav_str( ComponentAssertionValue* cav, char* str)
900 if ( cav_cur_len( cav ) >= strlen( str ) &&
901 strncmp( cav->cav_ptr, str, strlen( str ) ) == 0 )
903 cav->cav_ptr += strlen( str );
907 return LDAP_INVALID_SYNTAX;
911 * TAG : "item", "and", "or", "not"
914 strip_cav_tag( ComponentAssertionValue* cav )
918 if ( cav_cur_len( cav ) >= 8 && strncmp( cav->cav_ptr, "item", 4 ) == 0 ) {
919 strip_cav_str( cav , "item:" );
920 return LDAP_COMP_FILTER_ITEM;
922 } else if ( cav_cur_len( cav ) >= 7 &&
923 strncmp( cav->cav_ptr, "and", 3 ) == 0 )
925 strip_cav_str( cav , "and:" );
926 return LDAP_COMP_FILTER_AND;
928 } else if ( cav_cur_len( cav ) >= 6 &&
929 strncmp( cav->cav_ptr, "or" , 2 ) == 0 )
931 strip_cav_str( cav , "or:" );
932 return LDAP_COMP_FILTER_OR;
934 } else if ( cav_cur_len( cav ) >= 7 &&
935 strncmp( cav->cav_ptr, "not", 3 ) == 0 )
937 strip_cav_str( cav , "not:" );
938 return LDAP_COMP_FILTER_NOT;
945 * when encoding, "item" is denotation of ComponentAssertion
946 * ComponentAssertion :: SEQUENCE {
947 * component ComponentReference (SIZE(1..MAX)) OPTIONAL,
948 * useDefaultValues BOOLEAN DEFAULT TRUE,
949 * rule MATCHING-RULE.&id,
950 * value MATCHING-RULE.&AssertionType }
953 get_item( Operation *op, ComponentAssertionValue* cav, ComponentAssertion** ca,
957 ComponentAssertion* _ca;
962 Debug( LDAP_DEBUG_FILTER, "get_item \n", 0, 0, 0 );
964 _ca = op->o_tmpalloc( sizeof( ComponentAssertion ), op->o_tmpmemctx );
966 _ca = malloc( sizeof( ComponentAssertion ) );
968 if ( !_ca ) return LDAP_NO_MEMORY;
970 _ca->ca_comp_data.cd_tree = NULL;
971 _ca->ca_comp_data.cd_mem_op = NULL;
973 rc = peek_cav_str( cav, "component" );
974 if ( rc == LDAP_SUCCESS ) {
975 strip_cav_str( cav, "component" );
976 rc = get_component_reference( op, cav, &_ca->ca_comp_ref, text );
977 if ( rc != LDAP_SUCCESS ) {
979 op->o_tmpfree( _ca, op->o_tmpmemctx );
982 return LDAP_INVALID_SYNTAX;
984 if ( ( rc = strip_cav_str( cav,",") ) != LDAP_SUCCESS )
987 _ca->ca_comp_ref = NULL;
990 rc = peek_cav_str( cav, "useDefaultValues");
991 if ( rc == LDAP_SUCCESS ) {
992 rc = get_ca_use_default( op, cav, &_ca->ca_use_def, text );
993 if ( rc != LDAP_SUCCESS ) {
995 op->o_tmpfree( _ca, op->o_tmpmemctx );
998 return LDAP_INVALID_SYNTAX;
1000 if ( ( rc = strip_cav_str( cav,",") ) != LDAP_SUCCESS )
1003 else _ca->ca_use_def = 1;
1005 if ( !( strip_cav_str( cav, "rule" ) == LDAP_SUCCESS &&
1006 get_matching_rule( op, cav , &_ca->ca_ma_rule, text ) == LDAP_SUCCESS )) {
1008 op->o_tmpfree( _ca, op->o_tmpmemctx );
1011 return LDAP_INAPPROPRIATE_MATCHING;
1014 if ( ( rc = strip_cav_str( cav,",") ) != LDAP_SUCCESS )
1016 if ( !(strip_cav_str( cav, "value" ) == LDAP_SUCCESS &&
1017 get_matching_value( op, _ca, cav,&value ,text ) == LDAP_SUCCESS )) {
1019 op->o_tmpfree( _ca, op->o_tmpmemctx );
1022 return LDAP_INVALID_SYNTAX;
1026 * Normalize the value of this component assertion when the matching
1027 * rule is one of existing matching rules
1029 mr = _ca->ca_ma_rule;
1030 if ( op && !(mr->smr_usage & (SLAP_MR_COMPONENT)) && mr->smr_normalize ) {
1032 value.bv_val[value.bv_len] = '\0';
1033 rc = mr->smr_normalize (
1034 SLAP_MR_VALUE_OF_ASSERTION_SYNTAX,
1036 &value, &_ca->ca_ma_value, op->o_tmpmemctx );
1037 if ( rc != LDAP_SUCCESS )
1041 _ca->ca_ma_value = value;
1043 * Validate the value of this component assertion
1045 if ( op && mr->smr_syntax->ssyn_validate( mr->smr_syntax, &_ca->ca_ma_value) != LDAP_SUCCESS ) {
1046 return LDAP_INVALID_SYNTAX;
1050 /* componentFilterMatch contains componentFilterMatch in it */
1051 if ( strcmp(_ca->ca_ma_rule->smr_mrule.mr_oid, OID_COMP_FILTER_MATCH ) == 0) {
1053 bv.bv_val = cav->cav_ptr;
1054 bv.bv_len = cav_cur_len( cav );
1055 rc = get_comp_filter( op, &bv,(ComponentFilter**)&_ca->ca_cf, text );
1056 if ( rc != LDAP_SUCCESS ) {
1058 op->o_tmpfree( _ca, op->o_tmpmemctx );
1063 cav->cav_ptr = bv.bv_val;
1064 assert( cav->cav_end >= bv.bv_val );
1068 return LDAP_SUCCESS;
1072 parse_comp_filter( Operation* op, ComponentAssertionValue* cav,
1073 ComponentFilter** filt, const char** text )
1076 * A component filter looks like this coming in:
1077 * Filter ::= CHOICE {
1078 * item [0] ComponentAssertion,
1079 * and [1] SEQUENCE OF ComponentFilter,
1080 * or [2] SEQUENCE OF ComponentFilter,
1081 * not [3] ComponentFilter,
1088 /* TAG : item, and, or, not in RFC 2254 */
1089 tag = strip_cav_tag( cav );
1091 if ( tag == LBER_ERROR ) {
1092 *text = "error decoding comp filter";
1093 return LDAP_PROTOCOL_ERROR;
1096 if ( tag != LDAP_COMP_FILTER_NOT )
1097 strip_cav_str( cav, "{");
1104 switch ( f.cf_choice ) {
1105 case LDAP_COMP_FILTER_AND:
1106 Debug( LDAP_DEBUG_FILTER, "LDAP_COMP_FILTER_AND\n", 0, 0, 0 );
1107 err = get_comp_filter_list( op, cav, &f.cf_and, text );
1108 if ( err != LDAP_SUCCESS ) {
1111 if ( f.cf_and == NULL ) {
1112 f.cf_choice = SLAPD_FILTER_COMPUTED;
1113 f.cf_result = LDAP_COMPARE_TRUE;
1117 case LDAP_COMP_FILTER_OR:
1118 Debug( LDAP_DEBUG_FILTER, "LDAP_COMP_FILTER_OR\n", 0, 0, 0 );
1119 err = get_comp_filter_list( op, cav, &f.cf_or, text );
1120 if ( err != LDAP_SUCCESS ) {
1123 if ( f.cf_or == NULL ) {
1124 f.cf_choice = SLAPD_FILTER_COMPUTED;
1125 f.cf_result = LDAP_COMPARE_FALSE;
1127 /* no assert - list could be empty */
1130 case LDAP_COMP_FILTER_NOT:
1131 Debug( LDAP_DEBUG_FILTER, "LDAP_COMP_FILTER_NOT\n", 0, 0, 0 );
1132 err = parse_comp_filter( op, cav, &f.cf_not, text );
1133 if ( err != LDAP_SUCCESS ) {
1137 assert( f.cf_not != NULL );
1138 if ( f.cf_not->cf_choice == SLAPD_FILTER_COMPUTED ) {
1139 int fresult = f.cf_not->cf_result;
1140 f.cf_choice = SLAPD_FILTER_COMPUTED;
1141 op->o_tmpfree( f.cf_not, op->o_tmpmemctx );
1144 switch ( fresult ) {
1145 case LDAP_COMPARE_TRUE:
1146 f.cf_result = LDAP_COMPARE_FALSE;
1148 case LDAP_COMPARE_FALSE:
1149 f.cf_result = LDAP_COMPARE_TRUE;
1152 /* (!Undefined) is Undefined */
1157 case LDAP_COMP_FILTER_ITEM:
1158 Debug( LDAP_DEBUG_FILTER, "LDAP_COMP_FILTER_ITEM\n", 0, 0, 0 );
1159 err = get_item( op, cav, &f.cf_ca, text );
1160 if ( err != LDAP_SUCCESS ) {
1164 assert( f.cf_ca != NULL );
1168 f.cf_choice = SLAPD_FILTER_COMPUTED;
1169 f.cf_result = SLAPD_COMPARE_UNDEFINED;
1173 if ( err != LDAP_SUCCESS && err != SLAPD_DISCONNECT ) {
1174 *text = "Component Filter Syntax Error";
1178 if ( tag != LDAP_COMP_FILTER_NOT )
1179 strip_cav_str( cav, "}");
1181 if ( err == LDAP_SUCCESS ) {
1183 *filt = op->o_tmpalloc( sizeof(f), op->o_tmpmemctx );
1185 *filt = malloc( sizeof(f) );
1194 test_comp_filter_and(
1196 ComponentSyntaxInfo *a,
1197 ComponentFilter *flist )
1200 int rtn = LDAP_COMPARE_TRUE;
1202 for ( f = flist ; f != NULL; f = f->cf_next ) {
1203 int rc = test_comp_filter( syn, a, f );
1204 if ( rc == LDAP_COMPARE_FALSE ) {
1209 if ( rc != LDAP_COMPARE_TRUE ) {
1218 test_comp_filter_or(
1220 ComponentSyntaxInfo *a,
1221 ComponentFilter *flist )
1224 int rtn = LDAP_COMPARE_TRUE;
1226 for ( f = flist ; f != NULL; f = f->cf_next ) {
1227 int rc = test_comp_filter( syn, a, f );
1228 if ( rc == LDAP_COMPARE_TRUE ) {
1233 if ( rc != LDAP_COMPARE_FALSE ) {
1242 csi_value_match( MatchingRule *mr, struct berval* bv_attr,
1243 struct berval* bv_assert )
1248 assert( mr != NULL );
1249 assert( !(mr->smr_usage & SLAP_MR_COMPONENT) );
1251 if( !mr->smr_match ) return LDAP_INAPPROPRIATE_MATCHING;
1253 rc = (mr->smr_match)( &match, 0, NULL /*ad->ad_type->sat_syntax*/,
1254 mr, bv_attr, bv_assert );
1256 if ( rc != LDAP_SUCCESS ) return rc;
1258 return match ? LDAP_COMPARE_FALSE : LDAP_COMPARE_TRUE;
1262 * return codes : LDAP_COMPARE_TRUE, LDAP_COMPARE_FALSE
1265 test_comp_filter_item(
1267 ComponentSyntaxInfo *csi_attr,
1268 ComponentAssertion *ca )
1271 void *attr_nm, *assert_nm;
1273 if ( strcmp(ca->ca_ma_rule->smr_mrule.mr_oid,
1274 OID_COMP_FILTER_MATCH ) == 0 && ca->ca_cf ) {
1275 /* componentFilterMatch inside of componentFilterMatch */
1276 rc = test_comp_filter( syn, csi_attr, ca->ca_cf );
1280 /* Memory for storing will-be-extracted attribute values */
1281 attr_nm = nibble_mem_allocator ( 1024*4 , 1024 );
1282 if ( !attr_nm ) return LDAP_PROTOCOL_ERROR;
1284 /* Memory for storing component assertion values */
1285 if( !ca->ca_comp_data.cd_mem_op ) {
1286 assert_nm = nibble_mem_allocator ( 256, 64 );
1288 nibble_mem_free ( attr_nm );
1289 return LDAP_PROTOCOL_ERROR;
1291 ca->ca_comp_data.cd_mem_op = assert_nm;
1294 assert_nm = ca->ca_comp_data.cd_mem_op;
1297 /* component reference initialization */
1298 if ( ca->ca_comp_ref ) {
1299 ca->ca_comp_ref->cr_curr = ca->ca_comp_ref->cr_list;
1301 rc = test_components( attr_nm, assert_nm, csi_attr, ca );
1303 /* free memory used for storing extracted attribute value */
1304 nibble_mem_free ( attr_nm );
1311 ComponentSyntaxInfo *a,
1312 ComponentFilter *f )
1316 if ( !f ) return LDAP_PROTOCOL_ERROR;
1318 Debug( LDAP_DEBUG_FILTER, "test_comp_filter\n", 0, 0, 0 );
1319 switch ( f->cf_choice ) {
1320 case SLAPD_FILTER_COMPUTED:
1323 case LDAP_COMP_FILTER_AND:
1324 rc = test_comp_filter_and( syn, a, f->cf_and );
1326 case LDAP_COMP_FILTER_OR:
1327 rc = test_comp_filter_or( syn, a, f->cf_or );
1329 case LDAP_COMP_FILTER_NOT:
1330 rc = test_comp_filter( syn, a, f->cf_not );
1333 case LDAP_COMPARE_TRUE:
1334 rc = LDAP_COMPARE_FALSE;
1336 case LDAP_COMPARE_FALSE:
1337 rc = LDAP_COMPARE_TRUE;
1341 case LDAP_COMP_FILTER_ITEM:
1342 rc = test_comp_filter_item( syn, a, f->cf_ca );
1345 rc = LDAP_PROTOCOL_ERROR;
1352 free_comp_filter_list( ComponentFilter* f )
1354 ComponentFilter* tmp;
1355 for ( tmp = f; tmp; tmp = tmp->cf_next ) {
1356 free_comp_filter( tmp );
1361 free_comp_filter( ComponentFilter* f )
1364 Debug( LDAP_DEBUG_FILTER,
1365 "free_comp_filter: Invalid filter so failed to release memory\n",
1369 switch ( f->cf_choice ) {
1370 case LDAP_COMP_FILTER_AND:
1371 case LDAP_COMP_FILTER_OR:
1372 free_comp_filter_list( f->cf_any );
1374 case LDAP_COMP_FILTER_NOT:
1375 free_comp_filter( f->cf_any );
1377 case LDAP_COMP_FILTER_ITEM:
1378 if ( nibble_mem_free && f->cf_ca->ca_comp_data.cd_mem_op ) {
1379 nibble_mem_free( f->cf_ca->ca_comp_data.cd_mem_op );
1388 component_free( ComponentFilter *f ) {
1389 free_comp_filter( f );
1393 free_ComponentData( Attribute *a ) {
1394 if ( a->a_comp_data->cd_mem_op )
1395 component_destructor( a->a_comp_data->cd_mem_op );
1396 free ( a->a_comp_data );
1397 a->a_comp_data = NULL;
projects / openldap / blob