1 /* filter.c - routines for parsing and dealing with filters */
4 * Copyright 1998-2003 The OpenLDAP Foundation, All Rights Reserved.
5 * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
12 #include <ac/socket.h>
13 #include <ac/string.h>
17 static int get_filter_list(
26 SubstringsAssertion **s,
29 static void simple_vrFilter2bv(
30 ValuesReturnFilter *f,
31 struct berval *fstr );
33 static int get_simple_vrFilter(
36 ValuesReturnFilter **f,
56 LDAP_LOG( FILTER, ENTRY, "get_filter: conn %d\n", conn->c_connid, 0, 0 );
58 Debug( LDAP_DEBUG_FILTER, "begin get_filter\n", 0, 0, 0 );
61 * A filter looks like this coming in:
63 * and [0] SET OF Filter,
64 * or [1] SET OF Filter,
66 * equalityMatch [3] AttributeValueAssertion,
67 * substrings [4] SubstringFilter,
68 * greaterOrEqual [5] AttributeValueAssertion,
69 * lessOrEqual [6] AttributeValueAssertion,
70 * present [7] AttributeType,,
71 * approxMatch [8] AttributeValueAssertion
72 * extensibleMatch [9] MatchingRuleAssertion
75 * SubstringFilter ::= SEQUENCE {
77 * SEQUENCE OF CHOICE {
78 * initial [0] IA5String,
84 * MatchingRuleAssertion ::= SEQUENCE {
85 * matchingRule [1] MatchingRuleId OPTIONAL,
86 * type [2] AttributeDescription OPTIONAL,
87 * matchValue [3] AssertionValue,
88 * dnAttributes [4] BOOLEAN DEFAULT FALSE
93 tag = ber_peek_tag( ber, &len );
95 if( tag == LBER_ERROR ) {
96 *text = "error decoding filter";
97 return SLAPD_DISCONNECT;
105 switch ( f.f_choice ) {
106 case LDAP_FILTER_EQUALITY:
108 LDAP_LOG( FILTER, DETAIL2,
109 "get_filter: conn %d EQUALITY\n", conn->c_connid, 0, 0 );
111 Debug( LDAP_DEBUG_FILTER, "EQUALITY\n", 0, 0, 0 );
113 err = get_ava( ber, &f.f_ava, SLAP_MR_EQUALITY, text );
114 if ( err != LDAP_SUCCESS ) {
118 assert( f.f_ava != NULL );
121 case LDAP_FILTER_SUBSTRINGS:
123 LDAP_LOG( FILTER, DETAIL1,
124 "get_filter: conn %d SUBSTRINGS\n", conn->c_connid, 0, 0 );
126 Debug( LDAP_DEBUG_FILTER, "SUBSTRINGS\n", 0, 0, 0 );
128 err = get_ssa( conn, ber, &f.f_sub, text );
129 if( err != LDAP_SUCCESS ) {
132 assert( f.f_sub != NULL );
137 LDAP_LOG( FILTER, DETAIL1,
138 "get_filter: conn %d GE\n", conn->c_connid, 0, 0 );
140 Debug( LDAP_DEBUG_FILTER, "GE\n", 0, 0, 0 );
142 err = get_ava( ber, &f.f_ava, SLAP_MR_ORDERING, text );
143 if ( err != LDAP_SUCCESS ) {
146 assert( f.f_ava != NULL );
151 LDAP_LOG( FILTER, DETAIL1,
152 "get_filter: conn %d LE\n", conn->c_connid, 0, 0 );
154 Debug( LDAP_DEBUG_FILTER, "LE\n", 0, 0, 0 );
156 err = get_ava( ber, &f.f_ava, SLAP_MR_ORDERING, text );
157 if ( err != LDAP_SUCCESS ) {
160 assert( f.f_ava != NULL );
163 case LDAP_FILTER_PRESENT: {
167 LDAP_LOG( FILTER, DETAIL1,
168 "get_filter: conn %d PRESENT\n", conn->c_connid, 0, 0 );
170 Debug( LDAP_DEBUG_FILTER, "PRESENT\n", 0, 0, 0 );
172 if ( ber_scanf( ber, "m", &type ) == LBER_ERROR ) {
173 err = SLAPD_DISCONNECT;
174 *text = "error decoding filter";
179 err = slap_bv2ad( &type, &f.f_desc, text );
181 if( err != LDAP_SUCCESS ) {
182 /* unrecognized attribute description or other error */
183 f.f_choice = SLAPD_FILTER_COMPUTED;
184 f.f_result = LDAP_COMPARE_FALSE;
189 assert( f.f_desc != NULL );
192 case LDAP_FILTER_APPROX:
194 LDAP_LOG( FILTER, DETAIL1,
195 "get_filter: conn %d APPROX\n", conn->c_connid, 0, 0 );
197 Debug( LDAP_DEBUG_FILTER, "APPROX\n", 0, 0, 0 );
199 err = get_ava( ber, &f.f_ava, SLAP_MR_EQUALITY_APPROX, text );
200 if ( err != LDAP_SUCCESS ) {
203 assert( f.f_ava != NULL );
206 case LDAP_FILTER_AND:
208 LDAP_LOG( FILTER, DETAIL1,
209 "get_filter: conn %d AND\n", conn->c_connid, 0, 0 );
211 Debug( LDAP_DEBUG_FILTER, "AND\n", 0, 0, 0 );
213 err = get_filter_list( conn, ber, &f.f_and, text );
214 if ( err != LDAP_SUCCESS ) {
217 /* no assert - list could be empty */
222 LDAP_LOG( FILTER, DETAIL1,
223 "get_filter: conn %d OR\n", conn->c_connid, 0, 0 );
225 Debug( LDAP_DEBUG_FILTER, "OR\n", 0, 0, 0 );
227 err = get_filter_list( conn, ber, &f.f_or, text );
228 if ( err != LDAP_SUCCESS ) {
231 /* no assert - list could be empty */
234 case LDAP_FILTER_NOT:
236 LDAP_LOG( FILTER, DETAIL1,
237 "get_filter: conn %d NOT\n", conn->c_connid, 0, 0 );
239 Debug( LDAP_DEBUG_FILTER, "NOT\n", 0, 0, 0 );
241 (void) ber_skip_tag( ber, &len );
242 err = get_filter( conn, ber, &f.f_not, text );
243 if ( err != LDAP_SUCCESS ) {
248 assert( f.f_not != NULL );
252 case LDAP_FILTER_EXT:
254 LDAP_LOG( FILTER, DETAIL1,
255 "get_filter: conn %d EXTENSIBLE\n", conn->c_connid, 0, 0 );
257 Debug( LDAP_DEBUG_FILTER, "EXTENSIBLE\n", 0, 0, 0 );
260 err = get_mra( ber, &f.f_mra, text );
261 if ( err != LDAP_SUCCESS ) {
266 assert( f.f_mra != NULL );
271 (void) ber_scanf( ber, "x" ); /* skip the element */
273 LDAP_LOG( FILTER, ERR,
274 "get_filter: conn %d unknown filter type=%lu\n",
275 conn->c_connid, f.f_choice, 0 );
277 Debug( LDAP_DEBUG_ANY, "get_filter: unknown filter type=%lu\n",
280 f.f_choice = SLAPD_FILTER_COMPUTED;
281 f.f_result = SLAPD_COMPARE_UNDEFINED;
285 if( err != LDAP_SUCCESS && err != SLAPD_DISCONNECT ) {
287 f.f_choice = SLAPD_FILTER_COMPUTED;
288 f.f_result = SLAPD_COMPARE_UNDEFINED;
292 if ( err == LDAP_SUCCESS ) {
293 *filt = ch_malloc( sizeof(f) );
298 LDAP_LOG( FILTER, DETAIL2,
299 "get_filter: conn %d exit\n", conn->c_connid, 0, 0 );
301 Debug( LDAP_DEBUG_FILTER, "end get_filter %d\n", err, 0, 0 );
308 get_filter_list( Connection *conn, BerElement *ber,
319 LDAP_LOG( FILTER, ENTRY,
320 "get_filter_list: conn %d start\n", conn->c_connid, 0, 0 );
322 Debug( LDAP_DEBUG_FILTER, "begin get_filter_list\n", 0, 0, 0 );
325 for ( tag = ber_first_element( ber, &len, &last );
327 tag = ber_next_element( ber, &len, last ) )
329 err = get_filter( conn, ber, new, text );
330 if ( err != LDAP_SUCCESS )
332 new = &(*new)->f_next;
337 LDAP_LOG( FILTER, ENTRY,
338 "get_filter_list: conn %d exit\n", conn->c_connid, 0, 0 );
340 Debug( LDAP_DEBUG_FILTER, "end get_filter_list\n", 0, 0, 0 );
342 return( LDAP_SUCCESS );
349 SubstringsAssertion **out,
355 struct berval desc, value, nvalue;
357 SubstringsAssertion ssa;
359 *text = "error decoding filter";
362 LDAP_LOG( FILTER, ENTRY,
363 "get_ssa: conn %d begin\n", conn->c_connid, 0, 0 );
365 Debug( LDAP_DEBUG_FILTER, "begin get_ssa\n", 0, 0, 0 );
367 if ( ber_scanf( ber, "{m" /*}*/, &desc ) == LBER_ERROR ) {
368 return SLAPD_DISCONNECT;
374 ssa.sa_initial.bv_val = NULL;
376 ssa.sa_final.bv_val = NULL;
378 rc = slap_bv2ad( &desc, &ssa.sa_desc, text );
380 if( rc != LDAP_SUCCESS ) {
384 rc = LDAP_PROTOCOL_ERROR;
386 for ( tag = ber_first_element( ber, &len, &last );
388 tag = ber_next_element( ber, &len, last ) )
392 rc = ber_scanf( ber, "m", &value );
393 if ( rc == LBER_ERROR ) {
394 rc = SLAPD_DISCONNECT;
398 if ( value.bv_val == NULL || value.bv_len == 0 ) {
399 free( value.bv_val );
400 rc = LDAP_INVALID_SYNTAX;
405 case LDAP_SUBSTRING_INITIAL:
406 usage = SLAP_MR_SUBSTR_INITIAL;
409 case LDAP_SUBSTRING_ANY:
410 usage = SLAP_MR_SUBSTR_ANY;
413 case LDAP_SUBSTRING_FINAL:
414 usage = SLAP_MR_SUBSTR_FINAL;
418 rc = LDAP_PROTOCOL_ERROR;
421 LDAP_LOG( FILTER, ERR,
422 "get_filter_substring: conn %d unknown substring choice=%ld\n",
423 conn->c_connid, (long)tag, 0 );
425 Debug( LDAP_DEBUG_FILTER,
426 " unknown substring choice=%ld\n",
430 free( value.bv_val );
435 /* validate/normalize using equality matching rule validator! */
436 rc = asserted_value_validate_normalize(
437 ssa.sa_desc, ssa.sa_desc->ad_type->sat_equality,
438 usage, &value, &nvalue, text );
440 if( rc != LDAP_SUCCESS ) {
441 free( value.bv_val );
445 /* validate using equality matching rule validator! */
446 rc = value_validate( ssa.sa_desc->ad_type->sat_equality,
448 if( rc != LDAP_SUCCESS ) {
449 free( value.bv_val );
453 rc = value_normalize( ssa.sa_desc, usage,
454 &value, &nvalue, text );
456 free( value.bv_val );
458 if( rc != LDAP_SUCCESS ) {
463 rc = LDAP_PROTOCOL_ERROR;
466 case LDAP_SUBSTRING_INITIAL:
468 LDAP_LOG( FILTER, DETAIL1,
469 "get_ssa: conn %d INITIAL\n",
470 conn->c_connid, 0, 0 );
472 Debug( LDAP_DEBUG_FILTER, " INITIAL\n", 0, 0, 0 );
475 if ( ssa.sa_initial.bv_val != NULL
476 || ssa.sa_any != NULL
477 || ssa.sa_final.bv_val != NULL )
479 free( nvalue.bv_val );
483 ssa.sa_initial = nvalue;
486 case LDAP_SUBSTRING_ANY:
488 LDAP_LOG( FILTER, DETAIL1,
489 "get_ssa: conn %d ANY\n",
490 conn->c_connid, 0, 0 );
492 Debug( LDAP_DEBUG_FILTER, " ANY\n", 0, 0, 0 );
495 if ( ssa.sa_final.bv_val != NULL ) {
496 free( nvalue.bv_val );
500 ber_bvarray_add( &ssa.sa_any, &nvalue );
503 case LDAP_SUBSTRING_FINAL:
505 LDAP_LOG( FILTER, DETAIL1,
506 "get_ssa: conn %d FINAL\n",
507 conn->c_connid, 0, 0 );
509 Debug( LDAP_DEBUG_FILTER, " FINAL\n", 0, 0, 0 );
512 if ( ssa.sa_final.bv_val != NULL ) {
513 free( nvalue.bv_val );
517 ssa.sa_final = nvalue;
522 LDAP_LOG( FILTER, INFO,
523 "get_ssa: conn %d unknown substring type %ld\n",
524 conn->c_connid, (long)tag, 0 );
526 Debug( LDAP_DEBUG_FILTER,
527 " unknown substring type=%ld\n",
532 free( nvalue.bv_val );
536 LDAP_LOG( FILTER, INFO,
537 "get_ssa: conn %d error %ld\n",
538 conn->c_connid, (long)rc, 0 );
540 Debug( LDAP_DEBUG_FILTER, " error=%ld\n",
543 free( ssa.sa_initial.bv_val );
544 ber_bvarray_free( ssa.sa_any );
545 free( ssa.sa_final.bv_val );
552 if( rc == LDAP_SUCCESS ) {
553 *out = ch_malloc( sizeof( ssa ) );
558 LDAP_LOG( FILTER, ENTRY,
559 "get_ssa: conn %d exit\n", conn->c_connid, 0, 0 );
561 Debug( LDAP_DEBUG_FILTER, "end get_ssa\n", 0, 0, 0 );
568 filter_free( Filter *f )
576 switch ( f->f_choice ) {
577 case LDAP_FILTER_PRESENT:
580 case LDAP_FILTER_EQUALITY:
583 case LDAP_FILTER_APPROX:
584 ava_free( f->f_ava, 1 );
587 case LDAP_FILTER_SUBSTRINGS:
588 if ( f->f_sub_initial.bv_val != NULL ) {
589 free( f->f_sub_initial.bv_val );
591 ber_bvarray_free( f->f_sub_any );
592 if ( f->f_sub_final.bv_val != NULL ) {
593 free( f->f_sub_final.bv_val );
598 case LDAP_FILTER_AND:
600 case LDAP_FILTER_NOT:
601 for ( p = f->f_list; p != NULL; p = next ) {
607 case LDAP_FILTER_EXT:
608 mra_free( f->f_mra, 1 );
611 case SLAPD_FILTER_COMPUTED:
616 LDAP_LOG( FILTER, ERR,
617 "filter_free: unknown filter type %lu\n", f->f_choice, 0, 0 );
619 Debug( LDAP_DEBUG_ANY, "filter_free: unknown filter type=%lu\n",
629 filter2bv( Filter *f, struct berval *fstr )
637 ber_str2bv( "No filter!", sizeof("No filter!")-1, 1, fstr );
641 switch ( f->f_choice ) {
642 case LDAP_FILTER_EQUALITY:
643 filter_escape_value( &f->f_av_value, &tmp );
645 fstr->bv_len = f->f_av_desc->ad_cname.bv_len +
646 tmp.bv_len + ( sizeof("(=)") - 1 );
647 fstr->bv_val = ch_malloc( fstr->bv_len + 1 );
649 snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s=%s)",
650 f->f_av_desc->ad_cname.bv_val,
653 ber_memfree( tmp.bv_val );
657 filter_escape_value( &f->f_av_value, &tmp );
659 fstr->bv_len = f->f_av_desc->ad_cname.bv_len +
660 tmp.bv_len + ( sizeof("(>=)") - 1 );
661 fstr->bv_val = ch_malloc( fstr->bv_len + 1 );
663 snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s>=%s)",
664 f->f_av_desc->ad_cname.bv_val,
667 ber_memfree( tmp.bv_val );
671 filter_escape_value( &f->f_av_value, &tmp );
673 fstr->bv_len = f->f_av_desc->ad_cname.bv_len +
674 tmp.bv_len + ( sizeof("(<=)") - 1 );
675 fstr->bv_val = ch_malloc( fstr->bv_len + 1 );
677 snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s<=%s)",
678 f->f_av_desc->ad_cname.bv_val,
681 ber_memfree( tmp.bv_val );
684 case LDAP_FILTER_APPROX:
685 filter_escape_value( &f->f_av_value, &tmp );
687 fstr->bv_len = f->f_av_desc->ad_cname.bv_len +
688 tmp.bv_len + ( sizeof("(~=)") - 1 );
689 fstr->bv_val = ch_malloc( fstr->bv_len + 1 );
691 snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s~=%s)",
692 f->f_av_desc->ad_cname.bv_val,
694 ber_memfree( tmp.bv_val );
697 case LDAP_FILTER_SUBSTRINGS:
698 fstr->bv_len = f->f_sub_desc->ad_cname.bv_len +
699 ( sizeof("(=*)") - 1 );
700 fstr->bv_val = ch_malloc( fstr->bv_len + 128 );
702 snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s=*)",
703 f->f_sub_desc->ad_cname.bv_val );
705 if ( f->f_sub_initial.bv_val != NULL ) {
708 filter_escape_value( &f->f_sub_initial, &tmp );
710 fstr->bv_len += tmp.bv_len;
711 fstr->bv_val = ch_realloc( fstr->bv_val, fstr->bv_len + 1 );
713 snprintf( &fstr->bv_val[len-2], tmp.bv_len+3,
714 /* "(attr=" */ "%s*)",
717 ber_memfree( tmp.bv_val );
720 if ( f->f_sub_any != NULL ) {
721 for ( i = 0; f->f_sub_any[i].bv_val != NULL; i++ ) {
723 filter_escape_value( &f->f_sub_any[i], &tmp );
725 fstr->bv_len += tmp.bv_len + 1;
726 fstr->bv_val = ch_realloc( fstr->bv_val, fstr->bv_len + 1 );
728 snprintf( &fstr->bv_val[len-1], tmp.bv_len+3,
729 /* "(attr=[init]*[any*]" */ "%s*)",
731 ber_memfree( tmp.bv_val );
735 if ( f->f_sub_final.bv_val != NULL ) {
738 filter_escape_value( &f->f_sub_final, &tmp );
740 fstr->bv_len += tmp.bv_len;
741 fstr->bv_val = ch_realloc( fstr->bv_val, fstr->bv_len + 1 );
743 snprintf( &fstr->bv_val[len-1], tmp.bv_len+3,
744 /* "(attr=[init*][any*]" */ "%s)",
747 ber_memfree( tmp.bv_val );
752 case LDAP_FILTER_PRESENT:
753 fstr->bv_len = f->f_desc->ad_cname.bv_len +
754 ( sizeof("(=*)") - 1 );
755 fstr->bv_val = ch_malloc( fstr->bv_len + 1 );
757 snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s=*)",
758 f->f_desc->ad_cname.bv_val );
761 case LDAP_FILTER_AND:
763 case LDAP_FILTER_NOT:
764 fstr->bv_len = sizeof("(%)") - 1;
765 fstr->bv_val = ch_malloc( fstr->bv_len + 128 );
767 snprintf( fstr->bv_val, fstr->bv_len + 1, "(%c)",
768 f->f_choice == LDAP_FILTER_AND ? '&' :
769 f->f_choice == LDAP_FILTER_OR ? '|' : '!' );
771 for ( p = f->f_list; p != NULL; p = p->f_next ) {
774 filter2bv( p, &tmp );
776 fstr->bv_len += tmp.bv_len;
777 fstr->bv_val = ch_realloc( fstr->bv_val, fstr->bv_len + 1 );
779 snprintf( &fstr->bv_val[len-1], tmp.bv_len + 2,
780 /*"("*/ "%s)", tmp.bv_val );
782 ch_free( tmp.bv_val );
787 case LDAP_FILTER_EXT: {
789 filter_escape_value( &f->f_mr_value, &tmp );
791 if ( f->f_mr_desc ) {
792 ad = f->f_mr_desc->ad_cname;
798 fstr->bv_len = ad.bv_len +
799 ( f->f_mr_dnattrs ? sizeof(":dn")-1 : 0 ) +
800 ( f->f_mr_rule_text.bv_len ? f->f_mr_rule_text.bv_len+1 : 0 ) +
801 tmp.bv_len + ( sizeof("(:=)") - 1 );
802 fstr->bv_val = ch_malloc( fstr->bv_len + 1 );
804 snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s%s%s%s:=%s)",
806 f->f_mr_dnattrs ? ":dn" : "",
807 f->f_mr_rule_text.bv_len ? ":" : "",
808 f->f_mr_rule_text.bv_len ? f->f_mr_rule_text.bv_val : "",
810 ber_memfree( tmp.bv_val );
813 case SLAPD_FILTER_COMPUTED:
815 f->f_result == LDAP_COMPARE_FALSE ? "(?=false)" :
816 f->f_result == LDAP_COMPARE_TRUE ? "(?=true)" :
817 f->f_result == SLAPD_COMPARE_UNDEFINED ? "(?=undefined)" :
819 f->f_result == LDAP_COMPARE_FALSE ? sizeof("(?=false)")-1 :
820 f->f_result == LDAP_COMPARE_TRUE ? sizeof("(?=true)")-1 :
821 f->f_result == SLAPD_COMPARE_UNDEFINED ? sizeof("(?=undefined)")-1 :
822 sizeof("(?=error)")-1,
827 ber_str2bv( "(?=unknown)", sizeof("(?=unknown)")-1, 1, fstr );
841 out->bv_val = (char *) ch_malloc( ( in->bv_len * 3 ) + 1 );
844 for( i=0; i < in->bv_len ; i++ ) {
845 if( FILTER_ESCAPE(in->bv_val[i]) ) {
846 out->bv_val[out->bv_len++] = SLAP_ESCAPE_CHAR;
847 out->bv_val[out->bv_len++] = SLAP_ESCAPE_HI( in->bv_val[i] );
848 out->bv_val[out->bv_len++] = SLAP_ESCAPE_LO( in->bv_val[i] );
850 out->bv_val[out->bv_len++] = in->bv_val[i];
854 out->bv_val[out->bv_len] = '\0';
862 ValuesReturnFilter **filt,
868 ValuesReturnFilter vrf;
871 LDAP_LOG( FILTER, ENTRY,
872 "get_simple_vrFilter: conn %d\n", conn->c_connid, 0, 0 );
874 Debug( LDAP_DEBUG_FILTER, "begin get_simple_vrFilter\n", 0, 0, 0 );
877 tag = ber_peek_tag( ber, &len );
879 if( tag == LBER_ERROR ) {
880 *text = "error decoding filter";
881 return SLAPD_DISCONNECT;
887 vrf.vrf_choice = tag;
889 switch ( vrf.vrf_choice ) {
890 case LDAP_FILTER_EQUALITY:
892 LDAP_LOG( FILTER, DETAIL2,
893 "get_simple_vrFilter: conn %d EQUALITY\n", conn->c_connid, 0, 0 );
895 Debug( LDAP_DEBUG_FILTER, "EQUALITY\n", 0, 0, 0 );
897 err = get_ava( ber, &vrf.vrf_ava, SLAP_MR_EQUALITY, text );
898 if ( err != LDAP_SUCCESS ) {
902 assert( vrf.vrf_ava != NULL );
905 case LDAP_FILTER_SUBSTRINGS:
907 LDAP_LOG( FILTER, DETAIL1,
908 "get_simple_vrFilter: conn %d SUBSTRINGS\n", conn->c_connid, 0, 0 );
910 Debug( LDAP_DEBUG_FILTER, "SUBSTRINGS\n", 0, 0, 0 );
912 err = get_ssa( conn, ber, &vrf.vrf_sub, text );
917 LDAP_LOG( FILTER, DETAIL1,
918 "get_simple_vrFilter: conn %d GE\n", conn->c_connid, 0, 0 );
920 Debug( LDAP_DEBUG_FILTER, "GE\n", 0, 0, 0 );
922 err = get_ava( ber, &vrf.vrf_ava, SLAP_MR_ORDERING, text );
923 if ( err != LDAP_SUCCESS ) {
930 LDAP_LOG( FILTER, DETAIL1,
931 "get_simple_vrFilter: conn %d LE\n", conn->c_connid, 0, 0 );
933 Debug( LDAP_DEBUG_FILTER, "LE\n", 0, 0, 0 );
935 err = get_ava( ber, &vrf.vrf_ava, SLAP_MR_ORDERING, text );
936 if ( err != LDAP_SUCCESS ) {
941 case LDAP_FILTER_PRESENT: {
945 LDAP_LOG( FILTER, DETAIL1,
946 "get_simple_vrFilter: conn %d PRESENT\n", conn->c_connid, 0, 0 );
948 Debug( LDAP_DEBUG_FILTER, "PRESENT\n", 0, 0, 0 );
950 if ( ber_scanf( ber, "m", &type ) == LBER_ERROR ) {
951 err = SLAPD_DISCONNECT;
952 *text = "error decoding filter";
957 err = slap_bv2ad( &type, &vrf.vrf_desc, text );
959 if( err != LDAP_SUCCESS ) {
960 /* unrecognized attribute description or other error */
961 vrf.vrf_choice = SLAPD_FILTER_COMPUTED;
962 vrf.vrf_result = LDAP_COMPARE_FALSE;
968 case LDAP_FILTER_APPROX:
970 LDAP_LOG( FILTER, DETAIL1,
971 "get_simple_vrFilter: conn %d APPROX\n", conn->c_connid, 0, 0 );
973 Debug( LDAP_DEBUG_FILTER, "APPROX\n", 0, 0, 0 );
975 err = get_ava( ber, &vrf.vrf_ava, SLAP_MR_EQUALITY_APPROX, text );
976 if ( err != LDAP_SUCCESS ) {
981 case LDAP_FILTER_EXT:
983 LDAP_LOG( FILTER, DETAIL1,
984 "get_simple_vrFilter: conn %d EXTENSIBLE\n", conn->c_connid, 0, 0 );
986 Debug( LDAP_DEBUG_FILTER, "EXTENSIBLE\n", 0, 0, 0 );
989 err = get_mra( ber, &vrf.vrf_mra, text );
990 if ( err != LDAP_SUCCESS ) {
994 assert( vrf.vrf_mra != NULL );
998 (void) ber_scanf( ber, "x" ); /* skip the element */
1000 LDAP_LOG( FILTER, ERR,
1001 "get_simple_vrFilter: conn %d unknown filter type=%lu\n",
1002 conn->c_connid, vrf.vrf_choice, 0 );
1004 Debug( LDAP_DEBUG_ANY, "get_simple_vrFilter: unknown filter type=%lu\n",
1005 vrf.vrf_choice, 0, 0 );
1007 vrf.vrf_choice = SLAPD_FILTER_COMPUTED;
1008 vrf.vrf_result = SLAPD_COMPARE_UNDEFINED;
1012 if ( err != LDAP_SUCCESS && err != SLAPD_DISCONNECT ) {
1014 vrf.vrf_choice = SLAPD_FILTER_COMPUTED;
1015 vrf.vrf_result = SLAPD_COMPARE_UNDEFINED;
1019 if ( err == LDAP_SUCCESS ) {
1020 *filt = ch_malloc( sizeof vrf );
1025 LDAP_LOG( FILTER, DETAIL2,
1026 "get_simple_vrFilter: conn %d exit\n", conn->c_connid, 0, 0 );
1028 Debug( LDAP_DEBUG_FILTER, "end get_simple_vrFilter %d\n", err, 0, 0 );
1035 get_vrFilter( Connection *conn, BerElement *ber,
1036 ValuesReturnFilter **vrf,
1040 * A ValuesReturnFilter looks like this:
1042 * ValuesReturnFilter ::= SEQUENCE OF SimpleFilterItem
1043 * SimpleFilterItem ::= CHOICE {
1044 * equalityMatch [3] AttributeValueAssertion,
1045 * substrings [4] SubstringFilter,
1046 * greaterOrEqual [5] AttributeValueAssertion,
1047 * lessOrEqual [6] AttributeValueAssertion,
1048 * present [7] AttributeType,
1049 * approxMatch [8] AttributeValueAssertion,
1050 * extensibleMatch [9] SimpleMatchingAssertion -- LDAPv3
1053 * SubstringFilter ::= SEQUENCE {
1054 * type AttributeType,
1055 * SEQUENCE OF CHOICE {
1056 * initial [0] IA5String,
1057 * any [1] IA5String,
1058 * final [2] IA5String
1062 * SimpleMatchingAssertion ::= SEQUENCE { -- LDAPv3
1063 * matchingRule [1] MatchingRuleId OPTIONAL,
1064 * type [2] AttributeDescription OPTIONAL,
1065 * matchValue [3] AssertionValue }
1068 ValuesReturnFilter **n;
1074 LDAP_LOG( FILTER, ENTRY,
1075 "get_vrFilter: conn %d start\n", conn->c_connid, 0, 0 );
1077 Debug( LDAP_DEBUG_FILTER, "begin get_vrFilter\n", 0, 0, 0 );
1080 tag = ber_peek_tag( ber, &len );
1082 if( tag == LBER_ERROR ) {
1083 *text = "error decoding vrFilter";
1084 return SLAPD_DISCONNECT;
1087 if( tag != LBER_SEQUENCE ) {
1088 *text = "error decoding vrFilter, expect SEQUENCE tag";
1089 return SLAPD_DISCONNECT;
1093 for ( tag = ber_first_element( ber, &len, &last );
1094 tag != LBER_DEFAULT;
1095 tag = ber_next_element( ber, &len, last ) )
1097 int err = get_simple_vrFilter( conn, ber, n, text );
1099 if ( err != LDAP_SUCCESS ) return( err );
1101 n = &(*n)->vrf_next;
1106 LDAP_LOG( FILTER, ENTRY,
1107 "get_vrFilter: conn %d exit\n", conn->c_connid, 0, 0 );
1109 Debug( LDAP_DEBUG_FILTER, "end get_vrFilter\n", 0, 0, 0 );
1111 return( LDAP_SUCCESS );
1115 vrFilter_free( ValuesReturnFilter *vrf )
1117 ValuesReturnFilter *p, *next;
1119 if ( vrf == NULL ) {
1123 for ( p = vrf; p != NULL; p = next ) {
1126 switch ( vrf->vrf_choice ) {
1127 case LDAP_FILTER_PRESENT:
1130 case LDAP_FILTER_EQUALITY:
1131 case LDAP_FILTER_GE:
1132 case LDAP_FILTER_LE:
1133 case LDAP_FILTER_APPROX:
1134 ava_free( vrf->vrf_ava, 1 );
1137 case LDAP_FILTER_SUBSTRINGS:
1138 if ( vrf->vrf_sub_initial.bv_val != NULL ) {
1139 free( vrf->vrf_sub_initial.bv_val );
1141 ber_bvarray_free( vrf->vrf_sub_any );
1142 if ( vrf->vrf_sub_final.bv_val != NULL ) {
1143 free( vrf->vrf_sub_final.bv_val );
1145 ch_free( vrf->vrf_sub );
1148 case LDAP_FILTER_EXT:
1149 mra_free( vrf->vrf_mra, 1 );
1152 case SLAPD_FILTER_COMPUTED:
1157 LDAP_LOG( FILTER, ERR,
1158 "filter_free: unknown filter type %lu\n", vrf->vrf_choice, 0, 0 );
1160 Debug( LDAP_DEBUG_ANY, "filter_free: unknown filter type=%lu\n",
1161 vrf->vrf_choice, 0, 0 );
1172 vrFilter2bv( ValuesReturnFilter *vrf, struct berval *fstr )
1174 ValuesReturnFilter *p;
1178 if ( vrf == NULL ) {
1179 ber_str2bv( "No filter!", sizeof("No filter!")-1, 1, fstr );
1183 fstr->bv_len = sizeof("()") - 1;
1184 fstr->bv_val = ch_malloc( fstr->bv_len + 128 );
1186 snprintf( fstr->bv_val, fstr->bv_len + 1, "()");
1188 for ( p = vrf; p != NULL; p = p->vrf_next ) {
1191 simple_vrFilter2bv( p, &tmp );
1193 fstr->bv_len += tmp.bv_len;
1194 fstr->bv_val = ch_realloc( fstr->bv_val, fstr->bv_len + 1 );
1196 snprintf( &fstr->bv_val[len-1], tmp.bv_len + 2,
1197 /*"("*/ "%s)", tmp.bv_val );
1199 ch_free( tmp.bv_val );
1204 simple_vrFilter2bv( ValuesReturnFilter *vrf, struct berval *fstr )
1209 if ( vrf == NULL ) {
1210 ber_str2bv( "No filter!", sizeof("No filter!")-1, 1, fstr );
1214 switch ( vrf->vrf_choice ) {
1215 case LDAP_FILTER_EQUALITY:
1216 filter_escape_value( &vrf->vrf_av_value, &tmp );
1218 fstr->bv_len = vrf->vrf_av_desc->ad_cname.bv_len +
1219 tmp.bv_len + ( sizeof("(=)") - 1 );
1220 fstr->bv_val = ch_malloc( fstr->bv_len + 1 );
1222 snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s=%s)",
1223 vrf->vrf_av_desc->ad_cname.bv_val,
1226 ber_memfree( tmp.bv_val );
1229 case LDAP_FILTER_GE:
1230 filter_escape_value( &vrf->vrf_av_value, &tmp );
1232 fstr->bv_len = vrf->vrf_av_desc->ad_cname.bv_len +
1233 tmp.bv_len + ( sizeof("(>=)") - 1 );
1234 fstr->bv_val = ch_malloc( fstr->bv_len + 1 );
1236 snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s>=%s)",
1237 vrf->vrf_av_desc->ad_cname.bv_val,
1240 ber_memfree( tmp.bv_val );
1243 case LDAP_FILTER_LE:
1244 filter_escape_value( &vrf->vrf_av_value, &tmp );
1246 fstr->bv_len = vrf->vrf_av_desc->ad_cname.bv_len +
1247 tmp.bv_len + ( sizeof("(<=)") - 1 );
1248 fstr->bv_val = ch_malloc( fstr->bv_len + 1 );
1250 snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s<=%s)",
1251 vrf->vrf_av_desc->ad_cname.bv_val,
1254 ber_memfree( tmp.bv_val );
1257 case LDAP_FILTER_APPROX:
1258 filter_escape_value( &vrf->vrf_av_value, &tmp );
1260 fstr->bv_len = vrf->vrf_av_desc->ad_cname.bv_len +
1261 tmp.bv_len + ( sizeof("(~=)") - 1 );
1262 fstr->bv_val = ch_malloc( fstr->bv_len + 1 );
1264 snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s~=%s)",
1265 vrf->vrf_av_desc->ad_cname.bv_val,
1267 ber_memfree( tmp.bv_val );
1270 case LDAP_FILTER_SUBSTRINGS:
1271 fstr->bv_len = vrf->vrf_sub_desc->ad_cname.bv_len +
1272 ( sizeof("(=*)") - 1 );
1273 fstr->bv_val = ch_malloc( fstr->bv_len + 128 );
1275 snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s=*)",
1276 vrf->vrf_sub_desc->ad_cname.bv_val );
1278 if ( vrf->vrf_sub_initial.bv_val != NULL ) {
1281 filter_escape_value( &vrf->vrf_sub_initial, &tmp );
1283 fstr->bv_len += tmp.bv_len;
1284 fstr->bv_val = ch_realloc( fstr->bv_val, fstr->bv_len + 1 );
1286 snprintf( &fstr->bv_val[len-2], tmp.bv_len+3,
1287 /* "(attr=" */ "%s*)",
1290 ber_memfree( tmp.bv_val );
1293 if ( vrf->vrf_sub_any != NULL ) {
1295 for ( i = 0; vrf->vrf_sub_any[i].bv_val != NULL; i++ ) {
1297 filter_escape_value( &vrf->vrf_sub_any[i], &tmp );
1299 fstr->bv_len += tmp.bv_len + 1;
1300 fstr->bv_val = ch_realloc( fstr->bv_val, fstr->bv_len + 1 );
1302 snprintf( &fstr->bv_val[len-1], tmp.bv_len+3,
1303 /* "(attr=[init]*[any*]" */ "%s*)",
1305 ber_memfree( tmp.bv_val );
1309 if ( vrf->vrf_sub_final.bv_val != NULL ) {
1312 filter_escape_value( &vrf->vrf_sub_final, &tmp );
1314 fstr->bv_len += tmp.bv_len;
1315 fstr->bv_val = ch_realloc( fstr->bv_val, fstr->bv_len + 1 );
1317 snprintf( &fstr->bv_val[len-1], tmp.bv_len+3,
1318 /* "(attr=[init*][any*]" */ "%s)",
1321 ber_memfree( tmp.bv_val );
1326 case LDAP_FILTER_PRESENT:
1327 fstr->bv_len = vrf->vrf_desc->ad_cname.bv_len +
1328 ( sizeof("(=*)") - 1 );
1329 fstr->bv_val = ch_malloc( fstr->bv_len + 1 );
1331 snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s=*)",
1332 vrf->vrf_desc->ad_cname.bv_val );
1335 case LDAP_FILTER_EXT: {
1337 filter_escape_value( &vrf->vrf_mr_value, &tmp );
1339 if ( vrf->vrf_mr_desc ) {
1340 ad = vrf->vrf_mr_desc->ad_cname;
1346 fstr->bv_len = ad.bv_len +
1347 ( vrf->vrf_mr_dnattrs ? sizeof(":dn")-1 : 0 ) +
1348 ( vrf->vrf_mr_rule_text.bv_len ? vrf->vrf_mr_rule_text.bv_len+1 : 0 ) +
1349 tmp.bv_len + ( sizeof("(:=)") - 1 );
1350 fstr->bv_val = ch_malloc( fstr->bv_len + 1 );
1352 snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s%s%s%s:=%s)",
1354 vrf->vrf_mr_dnattrs ? ":dn" : "",
1355 vrf->vrf_mr_rule_text.bv_len ? ":" : "",
1356 vrf->vrf_mr_rule_text.bv_len ? vrf->vrf_mr_rule_text.bv_val : "",
1359 ber_memfree( tmp.bv_val );
1362 case SLAPD_FILTER_COMPUTED:
1364 vrf->vrf_result == LDAP_COMPARE_FALSE ? "(?=false)" :
1365 vrf->vrf_result == LDAP_COMPARE_TRUE ? "(?=true)" :
1366 vrf->vrf_result == SLAPD_COMPARE_UNDEFINED ? "(?=undefined)" :
1368 vrf->vrf_result == LDAP_COMPARE_FALSE ? sizeof("(?=false)")-1 :
1369 vrf->vrf_result == LDAP_COMPARE_TRUE ? sizeof("(?=true)")-1 :
1370 vrf->vrf_result == SLAPD_COMPARE_UNDEFINED ? sizeof("(?=undefined)")-1 :
1371 sizeof("(?=error)")-1,
1376 ber_str2bv( "(?=unknown)", sizeof("(?=unknown)")-1, 1, fstr );
1382 get_substring_vrFilter(
1385 ValuesReturnFilter *vrf,
1391 struct berval value;
1394 SubstringsAssertion ssa;
1395 *text = "error decoding filter";
1398 LDAP_LOG( FILTER, ENTRY,
1399 "get_substring_filter: conn %d begin\n", conn->c_connid, 0, 0 );
1401 Debug( LDAP_DEBUG_FILTER, "begin get_substring_filter\n", 0, 0, 0 );
1403 if ( ber_scanf( ber, "{m" /*}*/, &bv ) == LBER_ERROR ) {
1404 return SLAPD_DISCONNECT;
1407 vrf->vrf_sub = ch_calloc( 1, sizeof(SubstringsAssertion) );
1408 vrf->vrf_sub_desc = NULL;
1409 rc = slap_bv2ad( &bv, &vrf->vrf_sub_desc, text );
1411 if( rc != LDAP_SUCCESS ) {
1413 ch_free( vrf->vrf_sub );
1414 vrf->vrf_choice = SLAPD_FILTER_COMPUTED;
1415 vrf->vrf_result = SLAPD_COMPARE_UNDEFINED;
1416 return LDAP_SUCCESS;
1419 vrf->vrf_sub_initial.bv_val = NULL;
1420 vrf->vrf_sub_any = NULL;
1421 vrf->vrf_sub_final.bv_val = NULL;
1423 for ( tag = ber_first_element( ber, &len, &last ); tag != LBER_DEFAULT;
1424 tag = ber_next_element( ber, &len, last ) )
1428 rc = ber_scanf( ber, "m", &value );
1429 if ( rc == LBER_ERROR ) {
1430 rc = SLAPD_DISCONNECT;
1434 if ( value.bv_val == NULL || value.bv_len == 0 ) {
1435 rc = LDAP_INVALID_SYNTAX;
1440 case LDAP_SUBSTRING_INITIAL:
1441 usage = SLAP_MR_SUBSTR_INITIAL;
1444 case LDAP_SUBSTRING_ANY:
1445 usage = SLAP_MR_SUBSTR_ANY;
1448 case LDAP_SUBSTRING_FINAL:
1449 usage = SLAP_MR_SUBSTR_FINAL;
1453 rc = LDAP_PROTOCOL_ERROR;
1456 LDAP_LOG( FILTER, ERR,
1457 "get_filter_substring: conn %d unknown substring choice=%ld\n",
1458 conn->c_connid, (long)tag, 0 );
1460 Debug( LDAP_DEBUG_FILTER,
1461 " unknown substring choice=%ld\n",
1468 /* validate/normalize using equality matching rule validator! */
1469 rc = asserted_value_validate_normalize(
1470 vrf->vrf_sub_desc, vrf->vrf_sub_desc->ad_type->sat_equality,
1471 usage, &value, &bv, text );
1472 if( rc != LDAP_SUCCESS ) {
1476 /* valiate using equality matching rule validator! */
1477 rc = value_validate( vrf->vrf_sub_desc->ad_type->sat_equality,
1479 if( rc != LDAP_SUCCESS ) {
1483 rc = value_normalize( vrf->vrf_sub_desc, usage,
1484 &value, &bv, text );
1485 if( rc != LDAP_SUCCESS ) {
1492 rc = LDAP_PROTOCOL_ERROR;
1495 case LDAP_SUBSTRING_INITIAL:
1497 LDAP_LOG( FILTER, DETAIL1,
1498 "get_substring_filter: conn %d INITIAL\n",
1499 conn->c_connid, 0, 0 );
1501 Debug( LDAP_DEBUG_FILTER, " INITIAL\n", 0, 0, 0 );
1504 if ( vrf->vrf_sub_initial.bv_val != NULL
1505 || vrf->vrf_sub_any != NULL
1506 || vrf->vrf_sub_final.bv_val != NULL )
1508 free( value.bv_val );
1512 vrf->vrf_sub_initial = value;
1515 case LDAP_SUBSTRING_ANY:
1517 LDAP_LOG( FILTER, DETAIL1,
1518 "get_substring_filter: conn %d ANY\n", conn->c_connid, 0, 0 );
1520 Debug( LDAP_DEBUG_FILTER, " ANY\n", 0, 0, 0 );
1523 if ( vrf->vrf_sub_final.bv_val != NULL ) {
1524 free( value.bv_val );
1528 ber_bvarray_add( &vrf->vrf_sub_any, &value );
1531 case LDAP_SUBSTRING_FINAL:
1533 LDAP_LOG( FILTER, DETAIL1,
1534 "get_substring_filter: conn %d FINAL\n", conn->c_connid, 0, 0 );
1536 Debug( LDAP_DEBUG_FILTER, " FINAL\n", 0, 0, 0 );
1539 if ( vrf->vrf_sub_final.bv_val != NULL ) {
1540 free( value.bv_val );
1544 vrf->vrf_sub_final = value;
1549 LDAP_LOG( FILTER, INFO,
1550 "get_substring_filter: conn %d unknown substring type %ld\n",
1551 conn->c_connid, (long)tag, 0 );
1553 Debug( LDAP_DEBUG_FILTER,
1554 " unknown substring type=%ld\n",
1558 free( value.bv_val );
1562 LDAP_LOG( FILTER, INFO,
1563 "get_substring_filter: conn %d error %ld\n",
1564 conn->c_connid, (long)rc, 0 );
1566 Debug( LDAP_DEBUG_FILTER, " error=%ld\n",
1569 free( vrf->vrf_sub_initial.bv_val );
1570 ber_bvarray_free( vrf->vrf_sub_any );
1571 free( vrf->vrf_sub_final.bv_val );
1572 ch_free( vrf->vrf_sub );
1578 LDAP_LOG( FILTER, ENTRY,
1579 "get_substring_filter: conn %d exit\n", conn->c_connid, 0, 0 );
1581 Debug( LDAP_DEBUG_FILTER, "end get_substring_filter\n", 0, 0, 0 );
1583 return( LDAP_SUCCESS );