1 /* filter.c - routines for parsing and dealing with filters */
4 * Copyright 1998-2000 The OpenLDAP Foundation, All Rights Reserved.
5 * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
12 #include <ac/socket.h>
13 #include <ac/string.h>
17 static int get_filter_list(
24 static int get_substring_filter(
31 static int filter_escape_value(
48 struct berval escaped;
50 Debug( LDAP_DEBUG_FILTER, "begin get_filter\n", 0, 0, 0 );
53 * A filter looks like this coming in:
55 * and [0] SET OF Filter,
56 * or [1] SET OF Filter,
58 * equalityMatch [3] AttributeValueAssertion,
59 * substrings [4] SubstringFilter,
60 * greaterOrEqual [5] AttributeValueAssertion,
61 * lessOrEqual [6] AttributeValueAssertion,
62 * present [7] AttributeType,,
63 * approxMatch [8] AttributeValueAssertion
64 * extensibleMatch [9] MatchingRuleAssertion
67 * SubstringFilter ::= SEQUENCE {
69 * SEQUENCE OF CHOICE {
70 * initial [0] IA5String,
76 * MatchingRuleAssertion ::= SEQUENCE {
77 * matchingRule [1] MatchingRuleId OPTIONAL,
78 * type [2] AttributeDescription OPTIONAL,
79 * matchValue [3] AssertionValue,
80 * dnAttributes [4] BOOLEAN DEFAULT FALSE
85 tag = ber_peek_tag( ber, &len );
87 if( tag == LBER_ERROR ) {
88 *text = "error decoding filter";
89 return SLAPD_DISCONNECT;
92 f = (Filter *) ch_malloc( sizeof(Filter) );
99 switch ( f->f_choice ) {
100 case LDAP_FILTER_EQUALITY:
101 Debug( LDAP_DEBUG_FILTER, "EQUALITY\n", 0, 0, 0 );
103 err = get_ava( ber, &f->f_ava, SLAP_MR_EQUALITY, text );
104 if ( err != LDAP_SUCCESS ) {
108 assert( f->f_ava != NULL );
110 filter_escape_value( f->f_av_value, &escaped );
112 *fstr = ch_malloc( sizeof("(=)")
113 + f->f_av_desc->ad_cname->bv_len
116 sprintf( *fstr, "(%s=%s)",
117 f->f_av_desc->ad_cname->bv_val,
120 ber_memfree( escaped.bv_val );
123 case LDAP_FILTER_SUBSTRINGS:
124 Debug( LDAP_DEBUG_FILTER, "SUBSTRINGS\n", 0, 0, 0 );
125 err = get_substring_filter( conn, ber, f, fstr, text );
129 Debug( LDAP_DEBUG_FILTER, "GE\n", 0, 0, 0 );
131 err = get_ava( ber, &f->f_ava, SLAP_MR_ORDERING, text );
132 if ( err != LDAP_SUCCESS ) {
136 filter_escape_value( f->f_av_value, &escaped );
138 *fstr = ch_malloc( sizeof("(>=)")
139 + f->f_av_desc->ad_cname->bv_len
142 sprintf( *fstr, "(%s>=%s)",
143 f->f_av_desc->ad_cname->bv_val,
146 ber_memfree( escaped.bv_val );
150 Debug( LDAP_DEBUG_FILTER, "LE\n", 0, 0, 0 );
152 err = get_ava( ber, &f->f_ava, SLAP_MR_ORDERING, text );
153 if ( err != LDAP_SUCCESS ) {
158 filter_escape_value( f->f_av_value, &escaped );
160 *fstr = ch_malloc( sizeof("(<=)")
161 + f->f_av_desc->ad_cname->bv_len
164 sprintf( *fstr, "(%s<=%s)",
165 f->f_av_desc->ad_cname->bv_val,
168 ber_memfree( escaped.bv_val );
171 case LDAP_FILTER_PRESENT: {
174 Debug( LDAP_DEBUG_FILTER, "PRESENT\n", 0, 0, 0 );
176 if ( ber_scanf( ber, "o", &type ) == LBER_ERROR ) {
177 err = SLAPD_DISCONNECT;
178 *text = "error decoding filter";
183 err = slap_bv2ad( &type, &f->f_desc, text );
185 if( err != LDAP_SUCCESS ) {
186 ch_free( type.bv_val );
190 ch_free( type.bv_val );
192 *fstr = ch_malloc( sizeof("(=*)")
193 + f->f_desc->ad_cname->bv_len );
194 sprintf( *fstr, "(%s=*)",
195 f->f_desc->ad_cname->bv_val );
199 case LDAP_FILTER_APPROX:
200 Debug( LDAP_DEBUG_FILTER, "APPROX\n", 0, 0, 0 );
202 err = get_ava( ber, &f->f_ava, SLAP_MR_EQUALITY_APPROX, text );
203 if ( err != LDAP_SUCCESS ) {
207 filter_escape_value( f->f_av_value, &escaped );
209 *fstr = ch_malloc( sizeof("(~=)")
210 + f->f_av_desc->ad_cname->bv_len
213 sprintf( *fstr, "(%s~=%s)",
214 f->f_av_desc->ad_cname->bv_val,
217 ber_memfree( escaped.bv_val );
220 case LDAP_FILTER_AND:
221 Debug( LDAP_DEBUG_FILTER, "AND\n", 0, 0, 0 );
222 err = get_filter_list( conn, ber, &f->f_and, &ftmp, text );
223 if ( err != LDAP_SUCCESS ) {
226 *fstr = ch_malloc( sizeof("(&)")
227 + ( ftmp == NULL ? 0 : strlen( ftmp ) ) );
228 sprintf( *fstr, "(&%s)",
229 ftmp == NULL ? "" : ftmp );
233 Debug( LDAP_DEBUG_FILTER, "OR\n", 0, 0, 0 );
234 err = get_filter_list( conn, ber, &f->f_and, &ftmp, text );
235 if ( err != LDAP_SUCCESS ) {
238 *fstr = ch_malloc( sizeof("(!)")
239 + ( ftmp == NULL ? 0 : strlen( ftmp ) ) );
240 sprintf( *fstr, "(|%s)",
241 ftmp == NULL ? "" : ftmp );
244 case LDAP_FILTER_NOT:
245 Debug( LDAP_DEBUG_FILTER, "NOT\n", 0, 0, 0 );
246 (void) ber_skip_tag( ber, &len );
247 err = get_filter( conn, ber, &f->f_not, &ftmp, text );
248 if ( err != LDAP_SUCCESS ) {
251 *fstr = ch_malloc( sizeof("(!)")
252 + ( ftmp == NULL ? 0 : strlen( ftmp ) ) );
253 sprintf( *fstr, "(!%s)",
254 ftmp == NULL ? "" : ftmp );
257 case LDAP_FILTER_EXT:
258 /* not yet implemented */
259 Debug( LDAP_DEBUG_ANY, "extensible match not yet implemented.\n",
261 (void) ber_skip_tag( ber, &len );
262 f->f_choice = SLAPD_FILTER_COMPUTED;
263 f->f_result = SLAPD_COMPARE_UNDEFINED;
264 *fstr = ch_strdup( "(extended)" );
268 (void) ber_skip_tag( ber, &len );
269 Debug( LDAP_DEBUG_ANY, "get_filter: unknown filter type=%lu\n",
271 f->f_choice = SLAPD_FILTER_COMPUTED;
272 f->f_result = SLAPD_COMPARE_UNDEFINED;
273 *fstr = ch_strdup( "(undefined)" );
279 if ( err != LDAP_SUCCESS ) {
280 if ( *fstr != NULL ) {
284 if( err != SLAPD_DISCONNECT ) {
286 f->f_choice = SLAPD_FILTER_COMPUTED;
287 f->f_result = SLAPD_COMPARE_UNDEFINED;
288 *fstr = ch_strdup( "(badfilter)" );
299 Debug( LDAP_DEBUG_FILTER, "end get_filter %d\n", err, 0, 0 );
304 get_filter_list( Connection *conn, BerElement *ber,
305 Filter **f, char **fstr,
314 Debug( LDAP_DEBUG_FILTER, "begin get_filter_list\n", 0, 0, 0 );
318 for ( tag = ber_first_element( ber, &len, &last ); tag != LBER_DEFAULT;
319 tag = ber_next_element( ber, &len, last ) )
321 err = get_filter( conn, ber, new, &ftmp, text );
322 if ( err != LDAP_SUCCESS )
325 if ( *fstr == NULL ) {
328 *fstr = ch_realloc( *fstr, strlen( *fstr ) +
329 strlen( ftmp ) + 1 );
330 strcat( *fstr, ftmp );
333 new = &(*new)->f_next;
337 Debug( LDAP_DEBUG_FILTER, "end get_filter_list\n", 0, 0, 0 );
338 return( LDAP_SUCCESS );
342 get_substring_filter(
353 struct berval *value;
354 struct berval escaped;
357 struct berval *nvalue;
358 *text = "error decoding filter";
360 Debug( LDAP_DEBUG_FILTER, "begin get_substring_filter\n", 0, 0, 0 );
362 if ( ber_scanf( ber, "{o" /*}*/, &type ) == LBER_ERROR ) {
363 return SLAPD_DISCONNECT;
366 f->f_sub = ch_calloc( 1, sizeof(SubstringsAssertion) );
367 f->f_sub_desc = NULL;
368 rc = slap_bv2ad( &type, &f->f_sub_desc, text );
370 ch_free( type.bv_val );
372 if( rc != LDAP_SUCCESS ) {
375 f->f_choice = SLAPD_FILTER_COMPUTED;
376 f->f_result = SLAPD_COMPARE_UNDEFINED;
377 *fstr = ch_strdup( "(undefined)" );
381 f->f_sub_initial = NULL;
383 f->f_sub_final = NULL;
386 *fstr = ch_malloc( sizeof("(=" /*)*/) +
387 f->f_sub_desc->ad_cname->bv_len );
388 sprintf( *fstr, "(%s=" /*)*/, f->f_sub_desc->ad_cname->bv_val );
391 for ( tag = ber_first_element( ber, &len, &last ); tag != LBER_DEFAULT;
392 tag = ber_next_element( ber, &len, last ) )
396 rc = ber_scanf( ber, "O", &value );
397 if ( rc == LBER_ERROR ) {
398 rc = SLAPD_DISCONNECT;
402 if ( value == NULL || value->bv_len == 0 ) {
404 rc = LDAP_INVALID_SYNTAX;
409 case LDAP_SUBSTRING_INITIAL:
410 usage = SLAP_MR_SUBSTR_INITIAL;
413 case LDAP_SUBSTRING_ANY:
414 usage = SLAP_MR_SUBSTR_ANY;
417 case LDAP_SUBSTRING_FINAL:
418 usage = SLAP_MR_SUBSTR_FINAL;
422 rc = LDAP_PROTOCOL_ERROR;
424 Debug( LDAP_DEBUG_FILTER,
425 " unknown substring choice=%ld\n",
432 rc = value_normalize( f->f_sub_desc, usage, value, &nvalue, text );
435 if( rc != LDAP_SUCCESS ) {
441 rc = LDAP_PROTOCOL_ERROR;
444 case LDAP_SUBSTRING_INITIAL:
445 Debug( LDAP_DEBUG_FILTER, " INITIAL\n", 0, 0, 0 );
446 if ( f->f_sub_initial != NULL ) {
451 f->f_sub_initial = value;
454 filter_escape_value( value, &escaped );
455 *fstr = ch_realloc( *fstr,
456 strlen( *fstr ) + escaped.bv_len + 1 );
457 strcat( *fstr, escaped.bv_val );
458 ber_memfree( escaped.bv_val );
462 case LDAP_SUBSTRING_ANY:
463 Debug( LDAP_DEBUG_FILTER, " ANY\n", 0, 0, 0 );
464 if( ber_bvecadd( &f->f_sub_any, value ) < 0 ) {
470 filter_escape_value( value, &escaped );
471 *fstr = ch_realloc( *fstr,
472 strlen( *fstr ) + escaped.bv_len + 2 );
473 strcat( *fstr, "*" );
474 strcat( *fstr, escaped.bv_val );
475 ber_memfree( escaped.bv_val );
479 case LDAP_SUBSTRING_FINAL:
480 Debug( LDAP_DEBUG_FILTER, " FINAL\n", 0, 0, 0 );
481 if ( f->f_sub_final != NULL ) {
485 f->f_sub_final = value;
488 filter_escape_value( value, &escaped );
489 *fstr = ch_realloc( *fstr,
490 strlen( *fstr ) + escaped.bv_len + 2 );
491 strcat( *fstr, "*" );
492 strcat( *fstr, escaped.bv_val );
493 ber_memfree( escaped.bv_val );
498 Debug( LDAP_DEBUG_FILTER,
499 " unknown substring type=%ld\n",
505 Debug( LDAP_DEBUG_FILTER, " error=%ld\n",
513 ad_free( f->f_sub_desc, 1 );
514 ber_bvfree( f->f_sub_initial );
515 ber_bvecfree( f->f_sub_any );
516 ber_bvfree( f->f_sub_final );
523 *fstr = ch_realloc( *fstr, strlen( *fstr ) + 3 );
524 if ( f->f_sub_final == NULL ) {
525 strcat( *fstr, "*" );
527 strcat( *fstr, /*(*/ ")" );
530 Debug( LDAP_DEBUG_FILTER, "end get_substring_filter\n", 0, 0, 0 );
531 return( LDAP_SUCCESS );
535 filter_free( Filter *f )
543 switch ( f->f_choice ) {
544 case LDAP_FILTER_PRESENT:
545 ad_free( f->f_desc, 1 );
548 case LDAP_FILTER_EQUALITY:
551 case LDAP_FILTER_APPROX:
552 ava_free( f->f_ava, 1 );
555 case LDAP_FILTER_SUBSTRINGS:
556 ad_free( f->f_sub_desc, 1 );
557 if ( f->f_sub_initial != NULL ) {
558 ber_bvfree( f->f_sub_initial );
560 ber_bvecfree( f->f_sub_any );
561 if ( f->f_sub_final != NULL ) {
562 ber_bvfree( f->f_sub_final );
566 case LDAP_FILTER_AND:
568 case LDAP_FILTER_NOT:
569 for ( p = f->f_list; p != NULL; p = next ) {
575 case SLAPD_FILTER_COMPUTED:
579 Debug( LDAP_DEBUG_ANY, "filter_free: unknown filter type=%lu\n",
589 filter_print( Filter *f )
593 struct berval escaped;
596 fprintf( stderr, "No filter!" );
599 switch ( f->f_choice ) {
600 case LDAP_FILTER_EQUALITY:
601 filter_escape_value( f->f_av_value, &escaped );
602 fprintf( stderr, "(%s=%s)",
603 f->f_av_desc->ad_cname->bv_val,
605 ber_memfree( escaped.bv_val );
609 filter_escape_value( f->f_av_value, &escaped );
610 fprintf( stderr, "(%s>=%s)",
611 f->f_av_desc->ad_cname->bv_val,
613 ber_memfree( escaped.bv_val );
617 filter_escape_value( f->f_av_value, &escaped );
618 fprintf( stderr, "(%s<=%s)",
619 f->f_ava->aa_desc->ad_cname->bv_val,
621 ber_memfree( escaped.bv_val );
624 case LDAP_FILTER_APPROX:
625 filter_escape_value( f->f_av_value, &escaped );
626 fprintf( stderr, "(%s~=%s)",
627 f->f_ava->aa_desc->ad_cname->bv_val,
629 ber_memfree( escaped.bv_val );
632 case LDAP_FILTER_SUBSTRINGS:
633 fprintf( stderr, "(%s=" /*)*/,
634 f->f_sub_desc->ad_cname->bv_val );
635 if ( f->f_sub_initial != NULL ) {
636 filter_escape_value( f->f_sub_initial, &escaped );
637 fprintf( stderr, "%s",
639 ber_memfree( escaped.bv_val );
641 if ( f->f_sub_any != NULL ) {
642 for ( i = 0; f->f_sub_any[i] != NULL; i++ ) {
643 filter_escape_value( f->f_sub_any[i], &escaped );
644 fprintf( stderr, "*%s",
646 ber_memfree( escaped.bv_val );
649 if ( f->f_sub_final != NULL ) {
650 filter_escape_value( f->f_sub_final, &escaped );
652 "*%s", escaped.bv_val );
653 ber_memfree( escaped.bv_val );
655 fprintf( stderr, /*(*/ ")" );
658 case LDAP_FILTER_PRESENT:
659 fprintf( stderr, "(%s=*)",
660 f->f_desc->ad_cname->bv_val );
663 case LDAP_FILTER_AND:
665 case LDAP_FILTER_NOT:
666 fprintf( stderr, "(%c" /*)*/,
667 f->f_choice == LDAP_FILTER_AND ? '&' :
668 f->f_choice == LDAP_FILTER_OR ? '|' : '!' );
669 for ( p = f->f_list; p != NULL; p = p->f_next ) {
672 fprintf( stderr, /*(*/ ")" );
675 case SLAPD_FILTER_COMPUTED:
676 fprintf( stderr, "(?=%s)",
677 f->f_result == LDAP_COMPARE_FALSE ? "false" :
678 f->f_result == LDAP_COMPARE_TRUE ? "true" :
679 f->f_result == SLAPD_COMPARE_UNDEFINED ? "undefined" :
684 fprintf( stderr, "(unknown-filter=%lu)", f->f_choice );
689 #endif /* ldap_debug */
691 int filter_escape_value(
699 out->bv_val = (char *) ch_malloc( ( in->bv_len * 3 ) + 1 );
702 for( i=0; i < in->bv_len ; i++ ) {
703 if( FILTER_ESCAPE(in->bv_val[i]) ) {
704 out->bv_val[out->bv_len++] = SLAP_ESCAPE_CHAR;
705 out->bv_val[out->bv_len++] = SLAP_ESCAPE_HI( in->bv_val[i] );
706 out->bv_val[out->bv_len++] = SLAP_ESCAPE_LO( in->bv_val[i] );
708 out->bv_val[out->bv_len++] = in->bv_val[i];
712 out->bv_val[out->bv_len] = '\0';