1 /* filter.c - routines for parsing and dealing with filters */
3 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
5 * Copyright 1998-2004 The OpenLDAP Foundation.
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted only as authorized by the OpenLDAP
12 * A copy of this license is available in the file LICENSE in the
13 * top-level directory of the distribution or, alternatively, at
14 * <http://www.OpenLDAP.org/license.html>.
16 /* Portions Copyright (c) 1995 Regents of the University of Michigan.
17 * All rights reserved.
19 * Redistribution and use in source and binary forms are permitted
20 * provided that this notice is preserved and that due credit is given
21 * to the University of Michigan at Ann Arbor. The name of the University
22 * may not be used to endorse or promote products derived from this
23 * software without specific prior written permission. This software
24 * is provided ``as is'' without express or implied warranty.
31 #include <ac/socket.h>
32 #include <ac/string.h>
36 static int get_filter_list(
45 SubstringsAssertion **s,
48 static int filter_escape_value_x(
53 static void simple_vrFilter2bv(
55 ValuesReturnFilter *f,
56 struct berval *fstr );
58 static int get_simple_vrFilter(
61 ValuesReturnFilter **f,
77 LDAP_LOG( FILTER, ENTRY, "get_filter: conn %d\n", op->o_connid, 0, 0 );
79 Debug( LDAP_DEBUG_FILTER, "begin get_filter\n", 0, 0, 0 );
82 * A filter looks like this coming in:
84 * and [0] SET OF Filter,
85 * or [1] SET OF Filter,
87 * equalityMatch [3] AttributeValueAssertion,
88 * substrings [4] SubstringFilter,
89 * greaterOrEqual [5] AttributeValueAssertion,
90 * lessOrEqual [6] AttributeValueAssertion,
91 * present [7] AttributeType,,
92 * approxMatch [8] AttributeValueAssertion
93 * extensibleMatch [9] MatchingRuleAssertion
96 * SubstringFilter ::= SEQUENCE {
98 * SEQUENCE OF CHOICE {
99 * initial [0] IA5String,
101 * final [2] IA5String
105 * MatchingRuleAssertion ::= SEQUENCE {
106 * matchingRule [1] MatchingRuleId OPTIONAL,
107 * type [2] AttributeDescription OPTIONAL,
108 * matchValue [3] AssertionValue,
109 * dnAttributes [4] BOOLEAN DEFAULT FALSE
114 tag = ber_peek_tag( ber, &len );
116 if( tag == LBER_ERROR ) {
117 *text = "error decoding filter";
118 return SLAPD_DISCONNECT;
126 switch ( f.f_choice ) {
127 case LDAP_FILTER_EQUALITY:
129 LDAP_LOG( FILTER, DETAIL2,
130 "get_filter: conn %d EQUALITY\n", op->o_connid, 0, 0 );
132 Debug( LDAP_DEBUG_FILTER, "EQUALITY\n", 0, 0, 0 );
134 err = get_ava( op, ber, &f.f_ava, SLAP_MR_EQUALITY, text );
135 if ( err != LDAP_SUCCESS ) {
139 assert( f.f_ava != NULL );
142 case LDAP_FILTER_SUBSTRINGS:
144 LDAP_LOG( FILTER, DETAIL1,
145 "get_filter: conn %d SUBSTRINGS\n", op->o_connid, 0, 0 );
147 Debug( LDAP_DEBUG_FILTER, "SUBSTRINGS\n", 0, 0, 0 );
149 err = get_ssa( op, ber, &f.f_sub, text );
150 if( err != LDAP_SUCCESS ) {
153 assert( f.f_sub != NULL );
158 LDAP_LOG( FILTER, DETAIL1,
159 "get_filter: conn %d GE\n", op->o_connid, 0, 0 );
161 Debug( LDAP_DEBUG_FILTER, "GE\n", 0, 0, 0 );
163 err = get_ava( op, ber, &f.f_ava, SLAP_MR_ORDERING, text );
164 if ( err != LDAP_SUCCESS ) {
167 assert( f.f_ava != NULL );
172 LDAP_LOG( FILTER, DETAIL1,
173 "get_filter: conn %d LE\n", op->o_connid, 0, 0 );
175 Debug( LDAP_DEBUG_FILTER, "LE\n", 0, 0, 0 );
177 err = get_ava( op, ber, &f.f_ava, SLAP_MR_ORDERING, text );
178 if ( err != LDAP_SUCCESS ) {
181 assert( f.f_ava != NULL );
184 case LDAP_FILTER_PRESENT: {
188 LDAP_LOG( FILTER, DETAIL1,
189 "get_filter: conn %d PRESENT\n", op->o_connid, 0, 0 );
191 Debug( LDAP_DEBUG_FILTER, "PRESENT\n", 0, 0, 0 );
193 if ( ber_scanf( ber, "m", &type ) == LBER_ERROR ) {
194 err = SLAPD_DISCONNECT;
195 *text = "error decoding filter";
200 err = slap_bv2ad( &type, &f.f_desc, text );
202 if( err != LDAP_SUCCESS ) {
203 /* unrecognized attribute description or other error */
204 f.f_choice = SLAPD_FILTER_COMPUTED;
205 f.f_result = LDAP_COMPARE_FALSE;
211 assert( f.f_desc != NULL );
214 case LDAP_FILTER_APPROX:
216 LDAP_LOG( FILTER, DETAIL1,
217 "get_filter: conn %d APPROX\n", op->o_connid, 0, 0 );
219 Debug( LDAP_DEBUG_FILTER, "APPROX\n", 0, 0, 0 );
221 err = get_ava( op, ber, &f.f_ava, SLAP_MR_EQUALITY_APPROX, text );
222 if ( err != LDAP_SUCCESS ) {
225 assert( f.f_ava != NULL );
228 case LDAP_FILTER_AND:
230 LDAP_LOG( FILTER, DETAIL1,
231 "get_filter: conn %d AND\n", op->o_connid, 0, 0 );
233 Debug( LDAP_DEBUG_FILTER, "AND\n", 0, 0, 0 );
235 err = get_filter_list( op, ber, &f.f_and, text );
236 if ( err != LDAP_SUCCESS ) {
239 if ( f.f_and == NULL ) {
240 f.f_choice = SLAPD_FILTER_COMPUTED;
241 f.f_result = LDAP_COMPARE_TRUE;
243 /* no assert - list could be empty */
248 LDAP_LOG( FILTER, DETAIL1,
249 "get_filter: conn %d OR\n", op->o_connid, 0, 0 );
251 Debug( LDAP_DEBUG_FILTER, "OR\n", 0, 0, 0 );
253 err = get_filter_list( op, ber, &f.f_or, text );
254 if ( err != LDAP_SUCCESS ) {
257 if ( f.f_or == NULL ) {
258 f.f_choice = SLAPD_FILTER_COMPUTED;
259 f.f_result = LDAP_COMPARE_FALSE;
261 /* no assert - list could be empty */
264 case LDAP_FILTER_NOT:
266 LDAP_LOG( FILTER, DETAIL1,
267 "get_filter: conn %d NOT\n", op->o_connid, 0, 0 );
269 Debug( LDAP_DEBUG_FILTER, "NOT\n", 0, 0, 0 );
271 (void) ber_skip_tag( ber, &len );
272 err = get_filter( op, ber, &f.f_not, text );
273 if ( err != LDAP_SUCCESS ) {
277 assert( f.f_not != NULL );
278 if ( f.f_not->f_choice == SLAPD_FILTER_COMPUTED ) {
279 int fresult = f.f_not->f_result;
280 f.f_choice = SLAPD_FILTER_COMPUTED;
281 op->o_tmpfree( f.f_not, op->o_tmpmemctx );
285 case LDAP_COMPARE_TRUE:
286 f.f_result = LDAP_COMPARE_FALSE;
288 case LDAP_COMPARE_FALSE:
289 f.f_result = LDAP_COMPARE_TRUE;
292 /* (!Undefined) is Undefined */
297 case LDAP_FILTER_EXT:
299 LDAP_LOG( FILTER, DETAIL1,
300 "get_filter: conn %d EXTENSIBLE\n", op->o_connid, 0, 0 );
302 Debug( LDAP_DEBUG_FILTER, "EXTENSIBLE\n", 0, 0, 0 );
305 err = get_mra( op, ber, &f.f_mra, text );
306 if ( err != LDAP_SUCCESS ) {
310 assert( f.f_mra != NULL );
314 (void) ber_scanf( ber, "x" ); /* skip the element */
316 LDAP_LOG( FILTER, ERR,
317 "get_filter: conn %d unknown filter type=%lu\n",
318 op->o_connid, f.f_choice, 0 );
320 Debug( LDAP_DEBUG_ANY, "get_filter: unknown filter type=%lu\n",
323 f.f_choice = SLAPD_FILTER_COMPUTED;
324 f.f_result = SLAPD_COMPARE_UNDEFINED;
328 if( err != LDAP_SUCCESS && err != SLAPD_DISCONNECT ) {
331 f.f_choice = SLAPD_FILTER_COMPUTED;
332 f.f_result = SLAPD_COMPARE_UNDEFINED;
336 if ( err == LDAP_SUCCESS ) {
337 *filt = op->o_tmpalloc( sizeof(f), op->o_tmpmemctx );
342 LDAP_LOG( FILTER, DETAIL2,
343 "get_filter: conn %d exit\n", op->o_connid, 0, 0 );
345 Debug( LDAP_DEBUG_FILTER, "end get_filter %d\n", err, 0, 0 );
352 get_filter_list( Operation *op, BerElement *ber,
363 LDAP_LOG( FILTER, ENTRY,
364 "get_filter_list: conn %d start\n", op->o_connid, 0, 0 );
366 Debug( LDAP_DEBUG_FILTER, "begin get_filter_list\n", 0, 0, 0 );
369 for ( tag = ber_first_element( ber, &len, &last );
371 tag = ber_next_element( ber, &len, last ) )
373 err = get_filter( op, ber, new, text );
374 if ( err != LDAP_SUCCESS )
376 new = &(*new)->f_next;
381 LDAP_LOG( FILTER, ENTRY,
382 "get_filter_list: conn %d exit\n", op->o_connid, 0, 0 );
384 Debug( LDAP_DEBUG_FILTER, "end get_filter_list\n", 0, 0, 0 );
386 return( LDAP_SUCCESS );
393 SubstringsAssertion **out,
399 struct berval desc, value, nvalue;
401 SubstringsAssertion ssa;
403 *text = "error decoding filter";
406 LDAP_LOG( FILTER, ENTRY,
407 "get_ssa: conn %d begin\n", op->o_connid, 0, 0 );
409 Debug( LDAP_DEBUG_FILTER, "begin get_ssa\n", 0, 0, 0 );
411 if ( ber_scanf( ber, "{m" /*}*/, &desc ) == LBER_ERROR ) {
412 return SLAPD_DISCONNECT;
418 ssa.sa_initial.bv_val = NULL;
420 ssa.sa_final.bv_val = NULL;
422 rc = slap_bv2ad( &desc, &ssa.sa_desc, text );
424 if( rc != LDAP_SUCCESS ) {
425 /* skip over the rest of this filter */
426 for ( tag = ber_first_element( ber, &len, &last );
428 tag = ber_next_element( ber, &len, last ) ) {
429 ber_scanf( ber, "x" );
434 rc = LDAP_PROTOCOL_ERROR;
436 for ( tag = ber_first_element( ber, &len, &last );
438 tag = ber_next_element( ber, &len, last ) )
442 rc = ber_scanf( ber, "m", &value );
443 if ( rc == LBER_ERROR ) {
444 rc = SLAPD_DISCONNECT;
448 if ( value.bv_val == NULL || value.bv_len == 0 ) {
449 rc = LDAP_INVALID_SYNTAX;
454 case LDAP_SUBSTRING_INITIAL:
455 usage = SLAP_MR_SUBSTR_INITIAL;
458 case LDAP_SUBSTRING_ANY:
459 usage = SLAP_MR_SUBSTR_ANY;
462 case LDAP_SUBSTRING_FINAL:
463 usage = SLAP_MR_SUBSTR_FINAL;
467 rc = LDAP_PROTOCOL_ERROR;
470 LDAP_LOG( FILTER, ERR,
471 "get_filter_substring: conn %d unknown substring choice=%ld\n",
472 op->o_connid, (long)tag, 0 );
474 Debug( LDAP_DEBUG_FILTER,
475 " unknown substring choice=%ld\n",
482 /* validate/normalize using equality matching rule validator! */
483 rc = asserted_value_validate_normalize(
484 ssa.sa_desc, ssa.sa_desc->ad_type->sat_equality,
485 usage, &value, &nvalue, text, op->o_tmpmemctx );
487 if( rc != LDAP_SUCCESS ) {
491 rc = LDAP_PROTOCOL_ERROR;
494 case LDAP_SUBSTRING_INITIAL:
496 LDAP_LOG( FILTER, DETAIL1,
497 "get_ssa: conn %d INITIAL\n",
498 op->o_connid, 0, 0 );
500 Debug( LDAP_DEBUG_FILTER, " INITIAL\n", 0, 0, 0 );
503 if ( ssa.sa_initial.bv_val != NULL
504 || ssa.sa_any != NULL
505 || ssa.sa_final.bv_val != NULL )
507 sl_free( nvalue.bv_val, op->o_tmpmemctx );
511 ssa.sa_initial = nvalue;
514 case LDAP_SUBSTRING_ANY:
516 LDAP_LOG( FILTER, DETAIL1,
517 "get_ssa: conn %d ANY\n",
518 op->o_connid, 0, 0 );
520 Debug( LDAP_DEBUG_FILTER, " ANY\n", 0, 0, 0 );
523 if ( ssa.sa_final.bv_val != NULL ) {
524 sl_free( nvalue.bv_val, op->o_tmpmemctx );
528 ber_bvarray_add_x( &ssa.sa_any, &nvalue, op->o_tmpmemctx );
531 case LDAP_SUBSTRING_FINAL:
533 LDAP_LOG( FILTER, DETAIL1,
534 "get_ssa: conn %d FINAL\n",
535 op->o_connid, 0, 0 );
537 Debug( LDAP_DEBUG_FILTER, " FINAL\n", 0, 0, 0 );
540 if ( ssa.sa_final.bv_val != NULL ) {
541 sl_free( nvalue.bv_val, op->o_tmpmemctx );
545 ssa.sa_final = nvalue;
550 LDAP_LOG( FILTER, INFO,
551 "get_ssa: conn %d unknown substring type %ld\n",
552 op->o_connid, (long)tag, 0 );
554 Debug( LDAP_DEBUG_FILTER,
555 " unknown substring type=%ld\n",
560 sl_free( nvalue.bv_val, op->o_tmpmemctx );
564 LDAP_LOG( FILTER, INFO,
565 "get_ssa: conn %d error %ld\n",
566 op->o_connid, (long)rc, 0 );
568 Debug( LDAP_DEBUG_FILTER, " error=%ld\n",
571 sl_free( ssa.sa_initial.bv_val, op->o_tmpmemctx );
572 ber_bvarray_free_x( ssa.sa_any, op->o_tmpmemctx );
573 sl_free( ssa.sa_final.bv_val, op->o_tmpmemctx );
580 if( rc == LDAP_SUCCESS ) {
581 *out = op->o_tmpalloc( sizeof( ssa ), op->o_tmpmemctx );
586 LDAP_LOG( FILTER, ENTRY,
587 "get_ssa: conn %d exit\n", op->o_connid, 0, 0 );
589 Debug( LDAP_DEBUG_FILTER, "end get_ssa\n", 0, 0, 0 );
596 filter_free_x( Operation *op, Filter *f )
604 switch ( f->f_choice ) {
605 case LDAP_FILTER_PRESENT:
608 case LDAP_FILTER_EQUALITY:
611 case LDAP_FILTER_APPROX:
612 ava_free( op, f->f_ava, 1 );
615 case LDAP_FILTER_SUBSTRINGS:
616 if ( f->f_sub_initial.bv_val != NULL ) {
617 op->o_tmpfree( f->f_sub_initial.bv_val, op->o_tmpmemctx );
619 ber_bvarray_free_x( f->f_sub_any, op->o_tmpmemctx );
620 if ( f->f_sub_final.bv_val != NULL ) {
621 op->o_tmpfree( f->f_sub_final.bv_val, op->o_tmpmemctx );
623 op->o_tmpfree( f->f_sub, op->o_tmpmemctx );
626 case LDAP_FILTER_AND:
628 case LDAP_FILTER_NOT:
629 for ( p = f->f_list; p != NULL; p = next ) {
631 filter_free_x( op, p );
635 case LDAP_FILTER_EXT:
636 mra_free( op, f->f_mra, 1 );
639 case SLAPD_FILTER_COMPUTED:
644 LDAP_LOG( FILTER, ERR,
645 "filter_free: unknown filter type %lu\n", f->f_choice, 0, 0 );
647 Debug( LDAP_DEBUG_ANY, "filter_free: unknown filter type=%lu\n",
653 op->o_tmpfree( f, op->o_tmpmemctx );
657 filter_free( Filter *f )
661 op.o_tmpmemctx = sl_context( f );
662 op.o_tmpmfuncs = &sl_mfuncs;
663 filter_free_x( &op, f );
667 filter2bv_x( Operation *op, Filter *f, struct berval *fstr )
675 ber_str2bv_x( "No filter!", sizeof("No filter!")-1, 1, fstr, op->o_tmpmemctx );
679 switch ( f->f_choice ) {
680 case LDAP_FILTER_EQUALITY:
681 filter_escape_value_x( &f->f_av_value, &tmp, op->o_tmpmemctx );
683 fstr->bv_len = f->f_av_desc->ad_cname.bv_len +
684 tmp.bv_len + ( sizeof("(=)") - 1 );
685 fstr->bv_val = op->o_tmpalloc( fstr->bv_len + 1, op->o_tmpmemctx );
687 snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s=%s)",
688 f->f_av_desc->ad_cname.bv_val,
691 ber_memfree_x( tmp.bv_val, op->o_tmpmemctx );
695 filter_escape_value_x( &f->f_av_value, &tmp, op->o_tmpmemctx );
697 fstr->bv_len = f->f_av_desc->ad_cname.bv_len +
698 tmp.bv_len + ( sizeof("(>=)") - 1 );
699 fstr->bv_val = op->o_tmpalloc( fstr->bv_len + 1, op->o_tmpmemctx );
701 snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s>=%s)",
702 f->f_av_desc->ad_cname.bv_val,
705 ber_memfree_x( tmp.bv_val, op->o_tmpmemctx );
709 filter_escape_value_x( &f->f_av_value, &tmp, op->o_tmpmemctx );
711 fstr->bv_len = f->f_av_desc->ad_cname.bv_len +
712 tmp.bv_len + ( sizeof("(<=)") - 1 );
713 fstr->bv_val = op->o_tmpalloc( fstr->bv_len + 1, op->o_tmpmemctx );
715 snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s<=%s)",
716 f->f_av_desc->ad_cname.bv_val,
719 ber_memfree_x( tmp.bv_val, op->o_tmpmemctx );
722 case LDAP_FILTER_APPROX:
723 filter_escape_value_x( &f->f_av_value, &tmp, op->o_tmpmemctx );
725 fstr->bv_len = f->f_av_desc->ad_cname.bv_len +
726 tmp.bv_len + ( sizeof("(~=)") - 1 );
727 fstr->bv_val = op->o_tmpalloc( fstr->bv_len + 1, op->o_tmpmemctx );
729 snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s~=%s)",
730 f->f_av_desc->ad_cname.bv_val,
732 ber_memfree_x( tmp.bv_val, op->o_tmpmemctx );
735 case LDAP_FILTER_SUBSTRINGS:
736 fstr->bv_len = f->f_sub_desc->ad_cname.bv_len +
737 ( sizeof("(=*)") - 1 );
738 fstr->bv_val = op->o_tmpalloc( fstr->bv_len + 128, op->o_tmpmemctx );
740 snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s=*)",
741 f->f_sub_desc->ad_cname.bv_val );
743 if ( f->f_sub_initial.bv_val != NULL ) {
746 filter_escape_value_x( &f->f_sub_initial, &tmp, op->o_tmpmemctx );
748 fstr->bv_len += tmp.bv_len;
749 fstr->bv_val = op->o_tmprealloc( fstr->bv_val, fstr->bv_len + 1, op->o_tmpmemctx );
751 snprintf( &fstr->bv_val[len-2], tmp.bv_len+3,
752 /* "(attr=" */ "%s*)",
755 ber_memfree_x( tmp.bv_val, op->o_tmpmemctx );
758 if ( f->f_sub_any != NULL ) {
759 for ( i = 0; f->f_sub_any[i].bv_val != NULL; i++ ) {
761 filter_escape_value_x( &f->f_sub_any[i], &tmp, op->o_tmpmemctx );
763 fstr->bv_len += tmp.bv_len + 1;
764 fstr->bv_val = op->o_tmprealloc( fstr->bv_val, fstr->bv_len + 1, op->o_tmpmemctx );
766 snprintf( &fstr->bv_val[len-1], tmp.bv_len+3,
767 /* "(attr=[init]*[any*]" */ "%s*)",
769 ber_memfree_x( tmp.bv_val, op->o_tmpmemctx );
773 if ( f->f_sub_final.bv_val != NULL ) {
776 filter_escape_value_x( &f->f_sub_final, &tmp, op->o_tmpmemctx );
778 fstr->bv_len += tmp.bv_len;
779 fstr->bv_val = op->o_tmprealloc( fstr->bv_val, fstr->bv_len + 1, op->o_tmpmemctx );
781 snprintf( &fstr->bv_val[len-1], tmp.bv_len+3,
782 /* "(attr=[init*][any*]" */ "%s)",
785 ber_memfree_x( tmp.bv_val, op->o_tmpmemctx );
790 case LDAP_FILTER_PRESENT:
791 fstr->bv_len = f->f_desc->ad_cname.bv_len +
792 ( sizeof("(=*)") - 1 );
793 fstr->bv_val = op->o_tmpalloc( fstr->bv_len + 1, op->o_tmpmemctx );
795 snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s=*)",
796 f->f_desc->ad_cname.bv_val );
799 case LDAP_FILTER_AND:
801 case LDAP_FILTER_NOT:
802 fstr->bv_len = sizeof("(%)") - 1;
803 fstr->bv_val = op->o_tmpalloc( fstr->bv_len + 128, op->o_tmpmemctx );
805 snprintf( fstr->bv_val, fstr->bv_len + 1, "(%c)",
806 f->f_choice == LDAP_FILTER_AND ? '&' :
807 f->f_choice == LDAP_FILTER_OR ? '|' : '!' );
809 for ( p = f->f_list; p != NULL; p = p->f_next ) {
812 filter2bv_x( op, p, &tmp );
814 fstr->bv_len += tmp.bv_len;
815 fstr->bv_val = op->o_tmprealloc( fstr->bv_val, fstr->bv_len + 1, op->o_tmpmemctx );
817 snprintf( &fstr->bv_val[len-1], tmp.bv_len + 2,
818 /*"("*/ "%s)", tmp.bv_val );
820 op->o_tmpfree( tmp.bv_val, op->o_tmpmemctx );
825 case LDAP_FILTER_EXT: {
827 filter_escape_value_x( &f->f_mr_value, &tmp, op->o_tmpmemctx );
829 if ( f->f_mr_desc ) {
830 ad = f->f_mr_desc->ad_cname;
836 fstr->bv_len = ad.bv_len +
837 ( f->f_mr_dnattrs ? sizeof(":dn")-1 : 0 ) +
838 ( f->f_mr_rule_text.bv_len ? f->f_mr_rule_text.bv_len+1 : 0 ) +
839 tmp.bv_len + ( sizeof("(:=)") - 1 );
840 fstr->bv_val = op->o_tmpalloc( fstr->bv_len + 1, op->o_tmpmemctx );
842 snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s%s%s%s:=%s)",
844 f->f_mr_dnattrs ? ":dn" : "",
845 f->f_mr_rule_text.bv_len ? ":" : "",
846 f->f_mr_rule_text.bv_len ? f->f_mr_rule_text.bv_val : "",
848 ber_memfree_x( tmp.bv_val, op->o_tmpmemctx );
851 case SLAPD_FILTER_COMPUTED:
853 f->f_result == LDAP_COMPARE_FALSE ? "(?=false)" :
854 f->f_result == LDAP_COMPARE_TRUE ? "(?=true)" :
855 f->f_result == SLAPD_COMPARE_UNDEFINED ? "(?=undefined)" :
857 f->f_result == LDAP_COMPARE_FALSE ? sizeof("(?=false)")-1 :
858 f->f_result == LDAP_COMPARE_TRUE ? sizeof("(?=true)")-1 :
859 f->f_result == SLAPD_COMPARE_UNDEFINED ? sizeof("(?=undefined)")-1 :
860 sizeof("(?=error)")-1,
861 1, fstr, op->o_tmpmemctx );
865 ber_str2bv_x( "(?=unknown)", sizeof("(?=unknown)")-1,
866 1, fstr, op->o_tmpmemctx );
872 filter2bv( Filter *f, struct berval *fstr )
875 op.o_tmpmemctx = NULL;
876 op.o_tmpmfuncs = &ch_mfuncs;
878 filter2bv_x( &op, f, fstr );
882 filter_escape_value_x(
891 i = in->bv_len * 3 + 1;
892 out->bv_val = ctx ? sl_malloc( i, ctx ) : ch_malloc( i );
895 for( i=0; i < in->bv_len ; i++ ) {
896 if( FILTER_ESCAPE(in->bv_val[i]) ) {
897 out->bv_val[out->bv_len++] = SLAP_ESCAPE_CHAR;
898 out->bv_val[out->bv_len++] = SLAP_ESCAPE_HI( in->bv_val[i] );
899 out->bv_val[out->bv_len++] = SLAP_ESCAPE_LO( in->bv_val[i] );
901 out->bv_val[out->bv_len++] = in->bv_val[i];
905 out->bv_val[out->bv_len] = '\0';
914 return filter_escape_value_x( in, out, NULL );
921 ValuesReturnFilter **filt,
927 ValuesReturnFilter vrf;
930 LDAP_LOG( FILTER, ENTRY,
931 "get_simple_vrFilter: conn %d\n", op->o_connid, 0, 0 );
933 Debug( LDAP_DEBUG_FILTER, "begin get_simple_vrFilter\n", 0, 0, 0 );
936 tag = ber_peek_tag( ber, &len );
938 if( tag == LBER_ERROR ) {
939 *text = "error decoding filter";
940 return SLAPD_DISCONNECT;
946 vrf.vrf_choice = tag;
948 switch ( vrf.vrf_choice ) {
949 case LDAP_FILTER_EQUALITY:
951 LDAP_LOG( FILTER, DETAIL2,
952 "get_simple_vrFilter: conn %d EQUALITY\n", op->o_connid, 0, 0 );
954 Debug( LDAP_DEBUG_FILTER, "EQUALITY\n", 0, 0, 0 );
956 err = get_ava( op, ber, &vrf.vrf_ava, SLAP_MR_EQUALITY, text );
957 if ( err != LDAP_SUCCESS ) {
961 assert( vrf.vrf_ava != NULL );
964 case LDAP_FILTER_SUBSTRINGS:
966 LDAP_LOG( FILTER, DETAIL1,
967 "get_simple_vrFilter: conn %d SUBSTRINGS\n", op->o_connid, 0, 0 );
969 Debug( LDAP_DEBUG_FILTER, "SUBSTRINGS\n", 0, 0, 0 );
971 err = get_ssa( op, ber, &vrf.vrf_sub, text );
976 LDAP_LOG( FILTER, DETAIL1,
977 "get_simple_vrFilter: conn %d GE\n", op->o_connid, 0, 0 );
979 Debug( LDAP_DEBUG_FILTER, "GE\n", 0, 0, 0 );
981 err = get_ava( op, ber, &vrf.vrf_ava, SLAP_MR_ORDERING, text );
982 if ( err != LDAP_SUCCESS ) {
989 LDAP_LOG( FILTER, DETAIL1,
990 "get_simple_vrFilter: conn %d LE\n", op->o_connid, 0, 0 );
992 Debug( LDAP_DEBUG_FILTER, "LE\n", 0, 0, 0 );
994 err = get_ava( op, ber, &vrf.vrf_ava, SLAP_MR_ORDERING, text );
995 if ( err != LDAP_SUCCESS ) {
1000 case LDAP_FILTER_PRESENT: {
1004 LDAP_LOG( FILTER, DETAIL1,
1005 "get_simple_vrFilter: conn %d PRESENT\n", op->o_connid, 0, 0 );
1007 Debug( LDAP_DEBUG_FILTER, "PRESENT\n", 0, 0, 0 );
1009 if ( ber_scanf( ber, "m", &type ) == LBER_ERROR ) {
1010 err = SLAPD_DISCONNECT;
1011 *text = "error decoding filter";
1015 vrf.vrf_desc = NULL;
1016 err = slap_bv2ad( &type, &vrf.vrf_desc, text );
1018 if( err != LDAP_SUCCESS ) {
1019 /* unrecognized attribute description or other error */
1020 vrf.vrf_choice = SLAPD_FILTER_COMPUTED;
1021 vrf.vrf_result = LDAP_COMPARE_FALSE;
1027 case LDAP_FILTER_APPROX:
1029 LDAP_LOG( FILTER, DETAIL1,
1030 "get_simple_vrFilter: conn %d APPROX\n", op->o_connid, 0, 0 );
1032 Debug( LDAP_DEBUG_FILTER, "APPROX\n", 0, 0, 0 );
1034 err = get_ava( op, ber, &vrf.vrf_ava, SLAP_MR_EQUALITY_APPROX, text );
1035 if ( err != LDAP_SUCCESS ) {
1040 case LDAP_FILTER_EXT:
1042 LDAP_LOG( FILTER, DETAIL1,
1043 "get_simple_vrFilter: conn %d EXTENSIBLE\n", op->o_connid, 0, 0 );
1045 Debug( LDAP_DEBUG_FILTER, "EXTENSIBLE\n", 0, 0, 0 );
1048 err = get_mra( op, ber, &vrf.vrf_mra, text );
1049 if ( err != LDAP_SUCCESS ) {
1053 assert( vrf.vrf_mra != NULL );
1057 (void) ber_scanf( ber, "x" ); /* skip the element */
1059 LDAP_LOG( FILTER, ERR,
1060 "get_simple_vrFilter: conn %d unknown filter type=%lu\n",
1061 op->o_connid, vrf.vrf_choice, 0 );
1063 Debug( LDAP_DEBUG_ANY, "get_simple_vrFilter: unknown filter type=%lu\n",
1064 vrf.vrf_choice, 0, 0 );
1066 vrf.vrf_choice = SLAPD_FILTER_COMPUTED;
1067 vrf.vrf_result = SLAPD_COMPARE_UNDEFINED;
1071 if ( err != LDAP_SUCCESS && err != SLAPD_DISCONNECT ) {
1073 vrf.vrf_choice = SLAPD_FILTER_COMPUTED;
1074 vrf.vrf_result = SLAPD_COMPARE_UNDEFINED;
1078 if ( err == LDAP_SUCCESS ) {
1079 *filt = ch_malloc( sizeof vrf );
1084 LDAP_LOG( FILTER, DETAIL2,
1085 "get_simple_vrFilter: conn %d exit\n", op->o_connid, 0, 0 );
1087 Debug( LDAP_DEBUG_FILTER, "end get_simple_vrFilter %d\n", err, 0, 0 );
1094 get_vrFilter( Operation *op, BerElement *ber,
1095 ValuesReturnFilter **vrf,
1099 * A ValuesReturnFilter looks like this:
1101 * ValuesReturnFilter ::= SEQUENCE OF SimpleFilterItem
1102 * SimpleFilterItem ::= CHOICE {
1103 * equalityMatch [3] AttributeValueAssertion,
1104 * substrings [4] SubstringFilter,
1105 * greaterOrEqual [5] AttributeValueAssertion,
1106 * lessOrEqual [6] AttributeValueAssertion,
1107 * present [7] AttributeType,
1108 * approxMatch [8] AttributeValueAssertion,
1109 * extensibleMatch [9] SimpleMatchingAssertion -- LDAPv3
1112 * SubstringFilter ::= SEQUENCE {
1113 * type AttributeType,
1114 * SEQUENCE OF CHOICE {
1115 * initial [0] IA5String,
1116 * any [1] IA5String,
1117 * final [2] IA5String
1121 * SimpleMatchingAssertion ::= SEQUENCE { -- LDAPv3
1122 * matchingRule [1] MatchingRuleId OPTIONAL,
1123 * type [2] AttributeDescription OPTIONAL,
1124 * matchValue [3] AssertionValue }
1127 ValuesReturnFilter **n;
1133 LDAP_LOG( FILTER, ENTRY,
1134 "get_vrFilter: conn %d start\n", op->o_connid, 0, 0 );
1136 Debug( LDAP_DEBUG_FILTER, "begin get_vrFilter\n", 0, 0, 0 );
1139 tag = ber_peek_tag( ber, &len );
1141 if( tag == LBER_ERROR ) {
1142 *text = "error decoding vrFilter";
1143 return SLAPD_DISCONNECT;
1146 if( tag != LBER_SEQUENCE ) {
1147 *text = "error decoding vrFilter, expect SEQUENCE tag";
1148 return SLAPD_DISCONNECT;
1152 for ( tag = ber_first_element( ber, &len, &last );
1153 tag != LBER_DEFAULT;
1154 tag = ber_next_element( ber, &len, last ) )
1156 int err = get_simple_vrFilter( op, ber, n, text );
1158 if ( err != LDAP_SUCCESS ) return( err );
1160 n = &(*n)->vrf_next;
1165 LDAP_LOG( FILTER, ENTRY,
1166 "get_vrFilter: conn %d exit\n", op->o_connid, 0, 0 );
1168 Debug( LDAP_DEBUG_FILTER, "end get_vrFilter\n", 0, 0, 0 );
1170 return( LDAP_SUCCESS );
1174 vrFilter_free( Operation *op, ValuesReturnFilter *vrf )
1176 ValuesReturnFilter *p, *next;
1178 if ( vrf == NULL ) {
1182 for ( p = vrf; p != NULL; p = next ) {
1185 switch ( vrf->vrf_choice ) {
1186 case LDAP_FILTER_PRESENT:
1189 case LDAP_FILTER_EQUALITY:
1190 case LDAP_FILTER_GE:
1191 case LDAP_FILTER_LE:
1192 case LDAP_FILTER_APPROX:
1193 ava_free( op, vrf->vrf_ava, 1 );
1196 case LDAP_FILTER_SUBSTRINGS:
1197 if ( vrf->vrf_sub_initial.bv_val != NULL ) {
1198 op->o_tmpfree( vrf->vrf_sub_initial.bv_val, op->o_tmpmemctx );
1200 ber_bvarray_free_x( vrf->vrf_sub_any, op->o_tmpmemctx );
1201 if ( vrf->vrf_sub_final.bv_val != NULL ) {
1202 op->o_tmpfree( vrf->vrf_sub_final.bv_val, op->o_tmpmemctx );
1204 op->o_tmpfree( vrf->vrf_sub, op->o_tmpmemctx );
1207 case LDAP_FILTER_EXT:
1208 mra_free( op, vrf->vrf_mra, 1 );
1211 case SLAPD_FILTER_COMPUTED:
1216 LDAP_LOG( FILTER, ERR,
1217 "filter_free: unknown filter type %lu\n", vrf->vrf_choice, 0, 0 );
1219 Debug( LDAP_DEBUG_ANY, "filter_free: unknown filter type=%lu\n",
1220 vrf->vrf_choice, 0, 0 );
1225 op->o_tmpfree( vrf, op->o_tmpmemctx );
1230 vrFilter2bv( Operation *op, ValuesReturnFilter *vrf, struct berval *fstr )
1232 ValuesReturnFilter *p;
1236 if ( vrf == NULL ) {
1237 ber_str2bv_x( "No filter!", sizeof("No filter!")-1,
1238 1, fstr, op->o_tmpmemctx );
1242 fstr->bv_len = sizeof("()") - 1;
1243 fstr->bv_val = op->o_tmpalloc( fstr->bv_len + 128, op->o_tmpmemctx );
1245 snprintf( fstr->bv_val, fstr->bv_len + 1, "()");
1247 for ( p = vrf; p != NULL; p = p->vrf_next ) {
1250 simple_vrFilter2bv( op, p, &tmp );
1252 fstr->bv_len += tmp.bv_len;
1253 fstr->bv_val = op->o_tmprealloc( fstr->bv_val, fstr->bv_len + 1, op->o_tmpmemctx );
1255 snprintf( &fstr->bv_val[len-1], tmp.bv_len + 2,
1256 /*"("*/ "%s)", tmp.bv_val );
1258 op->o_tmpfree( tmp.bv_val, op->o_tmpmemctx );
1263 simple_vrFilter2bv( Operation *op, ValuesReturnFilter *vrf, struct berval *fstr )
1268 if ( vrf == NULL ) {
1269 ber_str2bv_x( "No filter!", sizeof("No filter!")-1, 1, fstr, op->o_tmpmemctx );
1273 switch ( vrf->vrf_choice ) {
1274 case LDAP_FILTER_EQUALITY:
1275 filter_escape_value_x( &vrf->vrf_av_value, &tmp, op->o_tmpmemctx );
1277 fstr->bv_len = vrf->vrf_av_desc->ad_cname.bv_len +
1278 tmp.bv_len + ( sizeof("(=)") - 1 );
1279 fstr->bv_val = op->o_tmpalloc( fstr->bv_len + 1, op->o_tmpmemctx );
1281 snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s=%s)",
1282 vrf->vrf_av_desc->ad_cname.bv_val,
1285 ber_memfree_x( tmp.bv_val, op->o_tmpmemctx );
1288 case LDAP_FILTER_GE:
1289 filter_escape_value_x( &vrf->vrf_av_value, &tmp, op->o_tmpmemctx );
1291 fstr->bv_len = vrf->vrf_av_desc->ad_cname.bv_len +
1292 tmp.bv_len + ( sizeof("(>=)") - 1 );
1293 fstr->bv_val = op->o_tmpalloc( fstr->bv_len + 1, op->o_tmpmemctx );
1295 snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s>=%s)",
1296 vrf->vrf_av_desc->ad_cname.bv_val,
1299 ber_memfree_x( tmp.bv_val, op->o_tmpmemctx );
1302 case LDAP_FILTER_LE:
1303 filter_escape_value_x( &vrf->vrf_av_value, &tmp, op->o_tmpmemctx );
1305 fstr->bv_len = vrf->vrf_av_desc->ad_cname.bv_len +
1306 tmp.bv_len + ( sizeof("(<=)") - 1 );
1307 fstr->bv_val = op->o_tmpalloc( fstr->bv_len + 1, op->o_tmpmemctx );
1309 snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s<=%s)",
1310 vrf->vrf_av_desc->ad_cname.bv_val,
1313 ber_memfree_x( tmp.bv_val, op->o_tmpmemctx );
1316 case LDAP_FILTER_APPROX:
1317 filter_escape_value_x( &vrf->vrf_av_value, &tmp, op->o_tmpmemctx );
1319 fstr->bv_len = vrf->vrf_av_desc->ad_cname.bv_len +
1320 tmp.bv_len + ( sizeof("(~=)") - 1 );
1321 fstr->bv_val = op->o_tmpalloc( fstr->bv_len + 1, op->o_tmpmemctx );
1323 snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s~=%s)",
1324 vrf->vrf_av_desc->ad_cname.bv_val,
1326 ber_memfree_x( tmp.bv_val, op->o_tmpmemctx );
1329 case LDAP_FILTER_SUBSTRINGS:
1330 fstr->bv_len = vrf->vrf_sub_desc->ad_cname.bv_len +
1331 ( sizeof("(=*)") - 1 );
1332 fstr->bv_val = op->o_tmpalloc( fstr->bv_len + 128, op->o_tmpmemctx );
1334 snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s=*)",
1335 vrf->vrf_sub_desc->ad_cname.bv_val );
1337 if ( vrf->vrf_sub_initial.bv_val != NULL ) {
1340 filter_escape_value_x( &vrf->vrf_sub_initial, &tmp, op->o_tmpmemctx );
1342 fstr->bv_len += tmp.bv_len;
1343 fstr->bv_val = op->o_tmprealloc( fstr->bv_val, fstr->bv_len + 1, op->o_tmpmemctx );
1345 snprintf( &fstr->bv_val[len-2], tmp.bv_len+3,
1346 /* "(attr=" */ "%s*)",
1349 ber_memfree_x( tmp.bv_val, op->o_tmpmemctx );
1352 if ( vrf->vrf_sub_any != NULL ) {
1354 for ( i = 0; vrf->vrf_sub_any[i].bv_val != NULL; i++ ) {
1356 filter_escape_value_x( &vrf->vrf_sub_any[i], &tmp, op->o_tmpmemctx );
1358 fstr->bv_len += tmp.bv_len + 1;
1359 fstr->bv_val = op->o_tmprealloc( fstr->bv_val, fstr->bv_len + 1, op->o_tmpmemctx );
1361 snprintf( &fstr->bv_val[len-1], tmp.bv_len+3,
1362 /* "(attr=[init]*[any*]" */ "%s*)",
1364 ber_memfree_x( tmp.bv_val, op->o_tmpmemctx );
1368 if ( vrf->vrf_sub_final.bv_val != NULL ) {
1371 filter_escape_value_x( &vrf->vrf_sub_final, &tmp, op->o_tmpmemctx );
1373 fstr->bv_len += tmp.bv_len;
1374 fstr->bv_val = op->o_tmprealloc( fstr->bv_val, fstr->bv_len + 1, op->o_tmpmemctx );
1376 snprintf( &fstr->bv_val[len-1], tmp.bv_len+3,
1377 /* "(attr=[init*][any*]" */ "%s)",
1380 ber_memfree_x( tmp.bv_val, op->o_tmpmemctx );
1385 case LDAP_FILTER_PRESENT:
1386 fstr->bv_len = vrf->vrf_desc->ad_cname.bv_len +
1387 ( sizeof("(=*)") - 1 );
1388 fstr->bv_val = op->o_tmpalloc( fstr->bv_len + 1, op->o_tmpmemctx );
1390 snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s=*)",
1391 vrf->vrf_desc->ad_cname.bv_val );
1394 case LDAP_FILTER_EXT: {
1396 filter_escape_value_x( &vrf->vrf_mr_value, &tmp, op->o_tmpmemctx );
1398 if ( vrf->vrf_mr_desc ) {
1399 ad = vrf->vrf_mr_desc->ad_cname;
1405 fstr->bv_len = ad.bv_len +
1406 ( vrf->vrf_mr_dnattrs ? sizeof(":dn")-1 : 0 ) +
1407 ( vrf->vrf_mr_rule_text.bv_len ? vrf->vrf_mr_rule_text.bv_len+1 : 0 ) +
1408 tmp.bv_len + ( sizeof("(:=)") - 1 );
1409 fstr->bv_val = op->o_tmpalloc( fstr->bv_len + 1, op->o_tmpmemctx );
1411 snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s%s%s%s:=%s)",
1413 vrf->vrf_mr_dnattrs ? ":dn" : "",
1414 vrf->vrf_mr_rule_text.bv_len ? ":" : "",
1415 vrf->vrf_mr_rule_text.bv_len ? vrf->vrf_mr_rule_text.bv_val : "",
1418 ber_memfree_x( tmp.bv_val, op->o_tmpmemctx );
1421 case SLAPD_FILTER_COMPUTED:
1423 vrf->vrf_result == LDAP_COMPARE_FALSE ? "(?=false)" :
1424 vrf->vrf_result == LDAP_COMPARE_TRUE ? "(?=true)" :
1425 vrf->vrf_result == SLAPD_COMPARE_UNDEFINED ? "(?=undefined)" :
1427 vrf->vrf_result == LDAP_COMPARE_FALSE ? sizeof("(?=false)")-1 :
1428 vrf->vrf_result == LDAP_COMPARE_TRUE ? sizeof("(?=true)")-1 :
1429 vrf->vrf_result == SLAPD_COMPARE_UNDEFINED ? sizeof("(?=undefined)")-1 :
1430 sizeof("(?=error)")-1,
1431 1, fstr, op->o_tmpmemctx );
1435 ber_str2bv_x( "(?=unknown)", sizeof("(?=unknown)")-1,
1436 1, fstr, op->o_tmpmemctx );
projects / openldap / blob