1 /* filter.c - routines for parsing and dealing with filters */
4 * Copyright 1998-1999 The OpenLDAP Foundation, All Rights Reserved.
5 * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
12 #include <ac/socket.h>
13 #include <ac/string.h>
17 static int get_filter_list(
23 static int get_substring_filter(
44 Debug( LDAP_DEBUG_FILTER, "begin get_filter\n", 0, 0, 0 );
47 * A filter looks like this coming in:
49 * and [0] SET OF Filter,
50 * or [1] SET OF Filter,
52 * equalityMatch [3] AttributeValueAssertion,
53 * substrings [4] SubstringFilter,
54 * greaterOrEqual [5] AttributeValueAssertion,
55 * lessOrEqual [6] AttributeValueAssertion,
56 * present [7] AttributeType,,
57 * approxMatch [8] AttributeValueAssertion
58 * extensibleMatch [9] MatchingRuleAssertion
61 * SubstringFilter ::= SEQUENCE {
63 * SEQUENCE OF CHOICE {
64 * initial [0] IA5String,
70 * MatchingRuleAssertion ::= SEQUENCE {
71 * matchingRule [1] MatchingRuleId OPTIONAL,
72 * type [2] AttributeDescription OPTIONAL,
73 * matchValue [3] AssertionValue,
74 * dnAttributes [4] BOOLEAN DEFAULT FALSE
79 tag = ber_peek_tag( ber, &len );
81 if( tag == LBER_ERROR ) {
82 *text = "error decoding filter";
83 return SLAPD_DISCONNECT;
86 f = (Filter *) ch_malloc( sizeof(Filter) );
93 switch ( f->f_choice ) {
94 #ifdef SLAPD_SCHEMA_NOT_COMPAT
95 /* not yet implemented */
97 case LDAP_FILTER_EQUALITY:
98 Debug( LDAP_DEBUG_FILTER, "EQUALITY\n", 0, 0, 0 );
99 if ( (err = get_ava( ber, &f->f_ava )) != LDAP_SUCCESS ) {
100 *text = "error decoding filter";
103 *fstr = ch_malloc(4 + strlen( f->f_avtype ) +
104 f->f_avvalue.bv_len);
105 sprintf( *fstr, "(%s=%s)", f->f_avtype,
106 f->f_avvalue.bv_val );
109 case LDAP_FILTER_SUBSTRINGS:
110 Debug( LDAP_DEBUG_FILTER, "SUBSTRINGS\n", 0, 0, 0 );
111 err = get_substring_filter( conn, ber, f, fstr, text );
115 Debug( LDAP_DEBUG_FILTER, "GE\n", 0, 0, 0 );
116 if ( (err = get_ava( ber, &f->f_ava )) != LDAP_SUCCESS ) {
117 *text = "decoding filter error";
120 *fstr = ch_malloc(5 + strlen( f->f_avtype ) +
121 f->f_avvalue.bv_len);
122 sprintf( *fstr, "(%s>=%s)", f->f_avtype,
123 f->f_avvalue.bv_val );
127 Debug( LDAP_DEBUG_FILTER, "LE\n", 0, 0, 0 );
128 if ( (err = get_ava( ber, &f->f_ava )) != LDAP_SUCCESS ) {
129 *text = "error decoding filter";
132 *fstr = ch_malloc(5 + strlen( f->f_avtype ) +
133 f->f_avvalue.bv_len);
134 sprintf( *fstr, "(%s<=%s)", f->f_avtype,
135 f->f_avvalue.bv_val );
138 case LDAP_FILTER_PRESENT:
139 Debug( LDAP_DEBUG_FILTER, "PRESENT\n", 0, 0, 0 );
140 if ( ber_scanf( ber, "a", &f->f_type ) == LBER_ERROR ) {
141 err = SLAPD_DISCONNECT;
142 *text = "error decoding filter";
147 attr_normalize( f->f_type );
148 *fstr = ch_malloc( 5 + strlen( f->f_type ) );
149 sprintf( *fstr, "(%s=*)", f->f_type );
152 case LDAP_FILTER_APPROX:
153 Debug( LDAP_DEBUG_FILTER, "APPROX\n", 0, 0, 0 );
154 if ( (err = get_ava( ber, &f->f_ava )) != LDAP_SUCCESS ) {
155 *text = "error decoding filter";
158 *fstr = ch_malloc(5 + strlen( f->f_avtype ) +
159 f->f_avvalue.bv_len);
160 sprintf( *fstr, "(%s~=%s)", f->f_avtype,
161 f->f_avvalue.bv_val );
165 case LDAP_FILTER_AND:
166 Debug( LDAP_DEBUG_FILTER, "AND\n", 0, 0, 0 );
167 err = get_filter_list( conn, ber, &f->f_and, &ftmp, text );
168 if ( err != LDAP_SUCCESS ) {
171 if (ftmp == NULL) ftmp = ch_strdup("");
172 *fstr = ch_malloc( 4 + strlen( ftmp ) );
173 sprintf( *fstr, "(&%s)", ftmp );
178 Debug( LDAP_DEBUG_FILTER, "OR\n", 0, 0, 0 );
179 err = get_filter_list( conn, ber, &f->f_and, &ftmp, text );
180 if ( err != LDAP_SUCCESS ) {
183 if (ftmp == NULL) ftmp = ch_strdup("");
184 *fstr = ch_malloc( 4 + strlen( ftmp ) );
185 sprintf( *fstr, "(|%s)", ftmp );
189 case LDAP_FILTER_NOT:
190 Debug( LDAP_DEBUG_FILTER, "NOT\n", 0, 0, 0 );
191 (void) ber_skip_tag( ber, &len );
192 err = get_filter( conn, ber, &f->f_not, &ftmp, text );
193 if ( err != LDAP_SUCCESS ) {
196 if (ftmp == NULL) ftmp = ch_strdup("");
197 *fstr = ch_malloc( 4 + strlen( ftmp ) );
198 sprintf( *fstr, "(!%s)", ftmp );
202 case LDAP_FILTER_EXT:
203 /* not yet implemented */
204 Debug( LDAP_DEBUG_ANY, "extensible match not yet implemented.\n",
206 err = LDAP_PROTOCOL_ERROR;
207 *text = "extensible match not yet implemented";
211 Debug( LDAP_DEBUG_ANY, "unknown filter type %lu\n",
213 err = LDAP_PROTOCOL_ERROR;
214 *text = "unknown filter type";
218 if ( err != LDAP_SUCCESS ) {
220 if ( *fstr != NULL ) {
227 Debug( LDAP_DEBUG_FILTER, "end get_filter %d\n", err, 0, 0 );
232 get_filter_list( Connection *conn, BerElement *ber, Filter **f, char **fstr, char **text )
240 Debug( LDAP_DEBUG_FILTER, "begin get_filter_list\n", 0, 0, 0 );
244 for ( tag = ber_first_element( ber, &len, &last ); tag != LBER_DEFAULT;
245 tag = ber_next_element( ber, &len, last ) )
247 err = get_filter( conn, ber, new, &ftmp, text );
248 if ( err != LDAP_SUCCESS )
251 if ( *fstr == NULL ) {
254 *fstr = ch_realloc( *fstr, strlen( *fstr ) +
255 strlen( ftmp ) + 1 );
256 strcat( *fstr, ftmp );
259 new = &(*new)->f_next;
263 Debug( LDAP_DEBUG_FILTER, "end get_filter_list\n", 0, 0, 0 );
264 return( LDAP_SUCCESS );
267 #ifndef SLAPD_SCHEMA_NOT_COMPAT
270 get_substring_filter(
285 *text = "error decoding filter";
287 Debug( LDAP_DEBUG_FILTER, "begin get_substring_filter\n", 0, 0, 0 );
289 if ( ber_scanf( ber, "{a" /*}*/, &f->f_sub_type ) == LBER_ERROR ) {
290 return SLAPD_DISCONNECT;
293 #ifdef SLAPD_SCHEMA_NOT_COMPAT
294 /* not yet implemented */
296 attr_normalize( f->f_sub_type );
298 /* should get real syntax and see if we have a substring matching rule */
299 syntax = attr_syntax( f->f_sub_type );
302 f->f_sub_initial = NULL;
304 f->f_sub_final = NULL;
307 *fstr = ch_malloc( strlen( f->f_sub_type ) + 3 );
308 sprintf( *fstr, "(%s=" /*)*/, f->f_sub_type );
311 for ( tag = ber_first_element( ber, &len, &last ); tag != LBER_DEFAULT;
312 tag = ber_next_element( ber, &len, last ) )
314 rc = ber_scanf( ber, "O", &val );
315 if ( rc == LBER_ERROR ) {
316 rc = SLAPD_DISCONNECT;
320 if ( val == NULL || val->bv_len == 0 ) {
322 rc = LDAP_INVALID_SYNTAX;
326 rc = LDAP_PROTOCOL_ERROR;
328 #ifdef SLAPD_SCHEMA_NOT_COMPAT
329 /* not yet implemented */
331 /* we should call a substring syntax normalization routine */
332 value_normalize( val->bv_val, syntax );
333 /* this is bogus, value_normalize should take a berval */
334 val->bv_len = strlen( val->bv_val );
338 case LDAP_SUBSTRING_INITIAL:
339 Debug( LDAP_DEBUG_FILTER, " INITIAL\n", 0, 0, 0 );
340 if ( f->f_sub_initial != NULL ) {
344 f->f_sub_initial = val;
347 *fstr = ch_realloc( *fstr,
348 strlen( *fstr ) + val->bv_len + 1 );
349 strcat( *fstr, val->bv_val );
353 case LDAP_SUBSTRING_ANY:
354 Debug( LDAP_DEBUG_FILTER, " ANY\n", 0, 0, 0 );
355 if( ber_bvecadd( &f->f_sub_any, val ) < 0 ) {
361 *fstr = ch_realloc( *fstr,
362 strlen( *fstr ) + val->bv_len + 2 );
363 strcat( *fstr, "*" );
364 strcat( *fstr, val->bv_val );
368 case LDAP_SUBSTRING_FINAL:
369 Debug( LDAP_DEBUG_FILTER, " FINAL\n", 0, 0, 0 );
370 if ( f->f_sub_final != NULL ) {
374 f->f_sub_final = val;
377 *fstr = ch_realloc( *fstr,
378 strlen( *fstr ) + val->bv_len + 2 );
379 strcat( *fstr, "*" );
380 strcat( *fstr, val->bv_val );
385 Debug( LDAP_DEBUG_FILTER, " unknown type=%ld\n",
391 Debug( LDAP_DEBUG_FILTER, " error=%ld\n",
399 ch_free( f->f_sub_type );
400 ber_bvfree( f->f_sub_initial );
401 ber_bvecfree( f->f_sub_any );
402 ber_bvfree( f->f_sub_final );
408 *fstr = ch_realloc( *fstr, strlen( *fstr ) + 3 );
409 if ( f->f_sub_final == NULL ) {
410 strcat( *fstr, "*" );
412 strcat( *fstr, /*(*/ ")" );
415 Debug( LDAP_DEBUG_FILTER, "end get_substring_filter\n", 0, 0, 0 );
416 return( LDAP_SUCCESS );
419 #endif /* not compat */
422 filter_free( Filter *f )
430 switch ( f->f_choice ) {
431 case LDAP_FILTER_PRESENT:
432 #ifdef SLAPD_SCHEMA_NOT_COMPAT
433 ad_free( f->f_desc, 1 );
435 if ( f->f_type != NULL ) {
441 case LDAP_FILTER_EQUALITY:
444 case LDAP_FILTER_APPROX:
445 #ifdef SLAPD_SCHEMA_NOT_COMPAT
446 ava_free( f->f_ava, 1 );
448 ava_free( &f->f_ava, 0 );
452 case LDAP_FILTER_SUBSTRINGS:
453 #ifdef SLAPD_SCHEMA_NOT_COMPAT
454 ad_free( f->f_sub_desc, 1 );
455 if ( f->f_sub_initial != NULL ) {
456 ber_bvfree( f->f_sub_initial );
458 ber_bvecfree( f->f_sub_any );
459 if ( f->f_sub_final != NULL ) {
460 ber_bvfree( f->f_sub_final );
463 if ( f->f_sub_type != NULL ) {
464 free( f->f_sub_type );
466 if ( f->f_sub_initial != NULL ) {
467 ber_bvfree( f->f_sub_initial );
469 ber_bvecfree( f->f_sub_any );
470 if ( f->f_sub_final != NULL ) {
471 ber_bvfree( f->f_sub_final );
476 case LDAP_FILTER_AND:
478 case LDAP_FILTER_NOT:
479 for ( p = f->f_list; p != NULL; p = next ) {
485 case SLAPD_FILTER_COMPUTED:
489 Debug( LDAP_DEBUG_ANY, "unknown filter type %lu\n",
500 filter_print( Filter *f )
506 fprintf( stderr, "No filter!" );
509 switch ( f->f_choice ) {
510 case LDAP_FILTER_EQUALITY:
511 #ifdef SLAPD_SCHEMA_NOT_COMPAT
512 fprintf( stderr, "(%s=%s)",
513 f->f_ava->aa_desc->ad_cname,
514 f->f_ava->aa_value->bv_val );
516 fprintf( stderr, "(%s=%s)", f->f_ava.ava_type,
517 f->f_ava.ava_value.bv_val );
522 #ifdef SLAPD_SCHEMA_NOT_COMPAT
523 fprintf( stderr, "(%s>=%s)",
524 f->f_ava->aa_desc->ad_cname,
525 f->f_ava->aa_value->bv_val );
527 fprintf( stderr, "(%s>=%s)", f->f_ava.ava_type,
528 f->f_ava.ava_value.bv_val );
533 #ifdef SLAPD_SCHEMA_NOT_COMPAT
534 fprintf( stderr, "(%s<=%s)",
535 f->f_ava->aa_desc->ad_cname,
536 f->f_ava->aa_value->bv_val );
538 fprintf( stderr, "(%s<=%s)", f->f_ava.ava_type,
539 f->f_ava.ava_value.bv_val );
543 case LDAP_FILTER_APPROX:
544 #ifdef SLAPD_SCHEMA_NOT_COMPAT
545 fprintf( stderr, "(%s~=%s)",
546 f->f_ava->aa_desc->ad_cname,
547 f->f_ava->aa_value->bv_val );
549 fprintf( stderr, "(%s~=%s)", f->f_ava.ava_type,
550 f->f_ava.ava_value.bv_val );
554 case LDAP_FILTER_SUBSTRINGS:
555 #ifdef SLAPD_SCHEMA_NOT_COMPAT
556 fprintf( stderr, "(%s=" /*)*/, f->f_sub_desc->ad_cname );
558 fprintf( stderr, "(%s=" /*)*/, f->f_sub_type );
560 if ( f->f_sub_initial != NULL ) {
561 fprintf( stderr, "%s", f->f_sub_initial->bv_val );
563 if ( f->f_sub_any != NULL ) {
564 for ( i = 0; f->f_sub_any[i] != NULL; i++ ) {
565 fprintf( stderr, "*%s", f->f_sub_any[i]->bv_val );
568 if ( f->f_sub_final != NULL ) {
569 fprintf( stderr, "*%s", f->f_sub_final->bv_val );
571 fprintf( stderr, /*(*/ ")" );
574 case LDAP_FILTER_PRESENT:
575 #ifdef SLAPD_SCHEMA_NOT_COMPAT
576 fprintf( stderr, "(%s=*)",
577 f->f_desc->ad_cname );
579 fprintf( stderr, "(%s=*)", f->f_type );
583 case LDAP_FILTER_AND:
585 case LDAP_FILTER_NOT:
586 fprintf( stderr, "(%c" /*)*/,
587 f->f_choice == LDAP_FILTER_AND ? '&' :
588 f->f_choice == LDAP_FILTER_OR ? '|' : '!' );
589 for ( p = f->f_list; p != NULL; p = p->f_next ) {
592 fprintf( stderr, /*(*/ ")" );
595 case SLAPD_FILTER_COMPUTED:
596 fprintf( stderr, "(%s)",
597 f->f_result == LDAP_COMPARE_FALSE ? "false" :
598 f->f_result == LDAP_COMPARE_TRUE ? "true" :
599 f->f_result == SLAPD_COMPARE_UNDEFINED ? "undefined" :
604 fprintf( stderr, "(unknown filter %lu)", f->f_choice );
609 #endif /* ldap_debug */