1 /* filter.c - routines for parsing and dealing with filters */
4 * Copyright 1998-2003 The OpenLDAP Foundation, All Rights Reserved.
5 * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
12 #include <ac/socket.h>
13 #include <ac/string.h>
17 static int get_filter_list(
23 static int get_substring_filter(
29 static void simple_vrFilter2bv(
30 ValuesReturnFilter *f,
31 struct berval *fstr );
33 static int get_simple_vrFilter(
36 ValuesReturnFilter **f,
56 LDAP_LOG( FILTER, ENTRY, "get_filter: conn %d\n", conn->c_connid, 0, 0 );
58 Debug( LDAP_DEBUG_FILTER, "begin get_filter\n", 0, 0, 0 );
61 * A filter looks like this coming in:
63 * and [0] SET OF Filter,
64 * or [1] SET OF Filter,
66 * equalityMatch [3] AttributeValueAssertion,
67 * substrings [4] SubstringFilter,
68 * greaterOrEqual [5] AttributeValueAssertion,
69 * lessOrEqual [6] AttributeValueAssertion,
70 * present [7] AttributeType,,
71 * approxMatch [8] AttributeValueAssertion
72 * extensibleMatch [9] MatchingRuleAssertion
75 * SubstringFilter ::= SEQUENCE {
77 * SEQUENCE OF CHOICE {
78 * initial [0] IA5String,
84 * MatchingRuleAssertion ::= SEQUENCE {
85 * matchingRule [1] MatchingRuleId OPTIONAL,
86 * type [2] AttributeDescription OPTIONAL,
87 * matchValue [3] AssertionValue,
88 * dnAttributes [4] BOOLEAN DEFAULT FALSE
93 tag = ber_peek_tag( ber, &len );
95 if( tag == LBER_ERROR ) {
96 *text = "error decoding filter";
97 return SLAPD_DISCONNECT;
100 f = (Filter *) ch_malloc( sizeof(Filter) );
106 switch ( f->f_choice ) {
107 case LDAP_FILTER_EQUALITY:
109 LDAP_LOG( FILTER, DETAIL2,
110 "get_filter: conn %d EQUALITY\n", conn->c_connid, 0, 0 );
112 Debug( LDAP_DEBUG_FILTER, "EQUALITY\n", 0, 0, 0 );
114 err = get_ava( ber, &f->f_ava, SLAP_MR_EQUALITY, text );
115 if ( err != LDAP_SUCCESS ) {
119 assert( f->f_ava != NULL );
122 case LDAP_FILTER_SUBSTRINGS:
124 LDAP_LOG( FILTER, DETAIL1,
125 "get_filter: conn %d SUBSTRINGS\n", conn->c_connid, 0, 0 );
127 Debug( LDAP_DEBUG_FILTER, "SUBSTRINGS\n", 0, 0, 0 );
129 err = get_substring_filter( conn, ber, f, text );
130 if( err != LDAP_SUCCESS ) {
133 assert( f->f_sub != NULL );
138 LDAP_LOG( FILTER, DETAIL1,
139 "get_filter: conn %d GE\n", conn->c_connid, 0, 0 );
141 Debug( LDAP_DEBUG_FILTER, "GE\n", 0, 0, 0 );
143 err = get_ava( ber, &f->f_ava, SLAP_MR_ORDERING, text );
144 if ( err != LDAP_SUCCESS ) {
147 assert( f->f_ava != NULL );
152 LDAP_LOG( FILTER, DETAIL1,
153 "get_filter: conn %d LE\n", conn->c_connid, 0, 0 );
155 Debug( LDAP_DEBUG_FILTER, "LE\n", 0, 0, 0 );
157 err = get_ava( ber, &f->f_ava, SLAP_MR_ORDERING, text );
158 if ( err != LDAP_SUCCESS ) {
161 assert( f->f_ava != NULL );
164 case LDAP_FILTER_PRESENT: {
168 LDAP_LOG( FILTER, DETAIL1,
169 "get_filter: conn %d PRESENT\n", conn->c_connid, 0, 0 );
171 Debug( LDAP_DEBUG_FILTER, "PRESENT\n", 0, 0, 0 );
173 if ( ber_scanf( ber, "m", &type ) == LBER_ERROR ) {
174 err = SLAPD_DISCONNECT;
175 *text = "error decoding filter";
180 err = slap_bv2ad( &type, &f->f_desc, text );
182 if( err != LDAP_SUCCESS ) {
183 /* unrecognized attribute description or other error */
184 f->f_choice = SLAPD_FILTER_COMPUTED;
185 f->f_result = LDAP_COMPARE_FALSE;
191 case LDAP_FILTER_APPROX:
193 LDAP_LOG( FILTER, DETAIL1,
194 "get_filter: conn %d APPROX\n", conn->c_connid, 0, 0 );
196 Debug( LDAP_DEBUG_FILTER, "APPROX\n", 0, 0, 0 );
198 err = get_ava( ber, &f->f_ava, SLAP_MR_EQUALITY_APPROX, text );
199 if ( err != LDAP_SUCCESS ) {
202 assert( f->f_ava != NULL );
205 case LDAP_FILTER_AND:
207 LDAP_LOG( FILTER, DETAIL1,
208 "get_filter: conn %d AND\n", conn->c_connid, 0, 0 );
210 Debug( LDAP_DEBUG_FILTER, "AND\n", 0, 0, 0 );
212 err = get_filter_list( conn, ber, &f->f_and, text );
213 if ( err != LDAP_SUCCESS ) {
217 assert( f->f_and != NULL );
223 LDAP_LOG( FILTER, DETAIL1,
224 "get_filter: conn %d OR\n", conn->c_connid, 0, 0 );
226 Debug( LDAP_DEBUG_FILTER, "OR\n", 0, 0, 0 );
228 err = get_filter_list( conn, ber, &f->f_or, text );
229 if ( err != LDAP_SUCCESS ) {
234 case LDAP_FILTER_NOT:
236 LDAP_LOG( FILTER, DETAIL1,
237 "get_filter: conn %d NOT\n", conn->c_connid, 0, 0 );
239 Debug( LDAP_DEBUG_FILTER, "NOT\n", 0, 0, 0 );
241 (void) ber_skip_tag( ber, &len );
242 err = get_filter( conn, ber, &f->f_not, text );
243 if ( err != LDAP_SUCCESS ) {
248 case LDAP_FILTER_EXT:
250 LDAP_LOG( FILTER, DETAIL1,
251 "get_filter: conn %d EXTENSIBLE\n", conn->c_connid, 0, 0 );
253 Debug( LDAP_DEBUG_FILTER, "EXTENSIBLE\n", 0, 0, 0 );
256 err = get_mra( ber, &f->f_mra, text );
257 if ( err != LDAP_SUCCESS ) {
262 assert( f->f_mra != NULL );
267 (void) ber_scanf( ber, "x" ); /* skip the element */
269 LDAP_LOG( FILTER, ERR,
270 "get_filter: conn %d unknown filter type=%lu\n",
271 conn->c_connid, f->f_choice, 0 );
273 Debug( LDAP_DEBUG_ANY, "get_filter: unknown filter type=%lu\n",
276 f->f_choice = SLAPD_FILTER_COMPUTED;
277 f->f_result = SLAPD_COMPARE_UNDEFINED;
281 if ( err != LDAP_SUCCESS ) {
282 if( err != SLAPD_DISCONNECT ) {
284 f->f_choice = SLAPD_FILTER_COMPUTED;
285 f->f_result = SLAPD_COMPARE_UNDEFINED;
298 LDAP_LOG( FILTER, DETAIL2,
299 "get_filter: conn %d exit\n", conn->c_connid, 0, 0 );
301 Debug( LDAP_DEBUG_FILTER, "end get_filter %d\n", err, 0, 0 );
307 get_filter_list( Connection *conn, BerElement *ber,
318 LDAP_LOG( FILTER, ENTRY,
319 "get_filter_list: conn %d start\n", conn->c_connid, 0, 0 );
321 Debug( LDAP_DEBUG_FILTER, "begin get_filter_list\n", 0, 0, 0 );
324 for ( tag = ber_first_element( ber, &len, &last );
326 tag = ber_next_element( ber, &len, last ) )
328 err = get_filter( conn, ber, new, text );
329 if ( err != LDAP_SUCCESS )
331 new = &(*new)->f_next;
336 LDAP_LOG( FILTER, ENTRY,
337 "get_filter_list: conn %d exit\n", conn->c_connid, 0, 0 );
339 Debug( LDAP_DEBUG_FILTER, "end get_filter_list\n", 0, 0, 0 );
341 return( LDAP_SUCCESS );
345 get_substring_filter(
357 AttributeDescription *ad;
359 *text = "error decoding filter";
362 LDAP_LOG( FILTER, ENTRY,
363 "get_substring_filter: conn %d begin\n", conn->c_connid, 0, 0 );
365 Debug( LDAP_DEBUG_FILTER, "begin get_substring_filter\n", 0, 0, 0 );
367 if ( ber_scanf( ber, "{m" /*}*/, &bv ) == LBER_ERROR ) {
368 return SLAPD_DISCONNECT;
372 rc = slap_bv2ad( &bv, &ad, text );
374 if( rc != LDAP_SUCCESS ) {
376 f->f_choice = SLAPD_FILTER_COMPUTED;
377 f->f_result = SLAPD_COMPARE_UNDEFINED;
381 f->f_sub = ch_calloc( 1, sizeof(SubstringsAssertion) );
383 f->f_sub_initial.bv_val = NULL;
385 f->f_sub_final.bv_val = NULL;
387 for ( tag = ber_first_element( ber, &len, &last ); tag != LBER_DEFAULT;
388 tag = ber_next_element( ber, &len, last ) )
392 rc = ber_scanf( ber, "m", &value );
393 if ( rc == LBER_ERROR ) {
394 rc = SLAPD_DISCONNECT;
398 if ( value.bv_val == NULL || value.bv_len == 0 ) {
399 rc = LDAP_INVALID_SYNTAX;
404 case LDAP_SUBSTRING_INITIAL:
405 usage = SLAP_MR_SUBSTR_INITIAL;
408 case LDAP_SUBSTRING_ANY:
409 usage = SLAP_MR_SUBSTR_ANY;
412 case LDAP_SUBSTRING_FINAL:
413 usage = SLAP_MR_SUBSTR_FINAL;
417 rc = LDAP_PROTOCOL_ERROR;
420 LDAP_LOG( FILTER, ERR,
421 "get_filter_substring: conn %d unknown substring choice=%ld\n",
422 conn->c_connid, (long)tag, 0 );
424 Debug( LDAP_DEBUG_FILTER,
425 " unknown substring choice=%ld\n",
432 /* validate/normalize using equality matching rule validator! */
433 rc = asserted_value_validate_normalize(
434 f->f_sub_desc, f->f_sub_desc->ad_type->sat_equality,
435 usage, &value, &bv, text );
436 if( rc != LDAP_SUCCESS ) {
440 /* validate using equality matching rule validator! */
441 rc = value_validate( f->f_sub_desc->ad_type->sat_equality,
443 if( rc != LDAP_SUCCESS ) {
447 rc = value_normalize( f->f_sub_desc, usage,
449 if( rc != LDAP_SUCCESS ) {
455 rc = LDAP_PROTOCOL_ERROR;
458 case LDAP_SUBSTRING_INITIAL:
460 LDAP_LOG( FILTER, DETAIL1,
461 "get_substring_filter: conn %d INITIAL\n", conn->c_connid, 0, 0 );
463 Debug( LDAP_DEBUG_FILTER, " INITIAL\n", 0, 0, 0 );
466 if ( f->f_sub_initial.bv_val != NULL
467 || f->f_sub_any != NULL
468 || f->f_sub_final.bv_val != NULL )
470 free( value.bv_val );
474 f->f_sub_initial = value;
477 case LDAP_SUBSTRING_ANY:
479 LDAP_LOG( FILTER, DETAIL1,
480 "get_substring_filter: conn %d ANY\n", conn->c_connid, 0, 0 );
482 Debug( LDAP_DEBUG_FILTER, " ANY\n", 0, 0, 0 );
485 if ( f->f_sub_final.bv_val != NULL ) {
486 free( value.bv_val );
490 ber_bvarray_add( &f->f_sub_any, &value );
493 case LDAP_SUBSTRING_FINAL:
495 LDAP_LOG( FILTER, DETAIL1,
496 "get_substring_filter: conn %d FINAL\n", conn->c_connid, 0, 0 );
498 Debug( LDAP_DEBUG_FILTER, " FINAL\n", 0, 0, 0 );
501 if ( f->f_sub_final.bv_val != NULL ) {
502 free( value.bv_val );
506 f->f_sub_final = value;
511 LDAP_LOG( FILTER, INFO,
512 "get_substring_filter: conn %d unknown substring type %ld\n",
513 conn->c_connid, (long)tag, 0 );
515 Debug( LDAP_DEBUG_FILTER,
516 " unknown substring type=%ld\n",
520 free( value.bv_val );
524 LDAP_LOG( FILTER, INFO,
525 "get_substring_filter: conn %d error %ld\n",
526 conn->c_connid, (long)rc, 0 );
528 Debug( LDAP_DEBUG_FILTER, " error=%ld\n",
531 free( f->f_sub_initial.bv_val );
532 ber_bvarray_free( f->f_sub_any );
533 free( f->f_sub_final.bv_val );
541 LDAP_LOG( FILTER, ENTRY,
542 "get_substring_filter: conn %d exit\n", conn->c_connid, 0, 0 );
544 Debug( LDAP_DEBUG_FILTER, "end get_substring_filter\n", 0, 0, 0 );
546 return( LDAP_SUCCESS );
550 filter_free( Filter *f )
558 switch ( f->f_choice ) {
559 case LDAP_FILTER_PRESENT:
562 case LDAP_FILTER_EQUALITY:
565 case LDAP_FILTER_APPROX:
566 ava_free( f->f_ava, 1 );
569 case LDAP_FILTER_SUBSTRINGS:
570 if ( f->f_sub_initial.bv_val != NULL ) {
571 free( f->f_sub_initial.bv_val );
573 ber_bvarray_free( f->f_sub_any );
574 if ( f->f_sub_final.bv_val != NULL ) {
575 free( f->f_sub_final.bv_val );
580 case LDAP_FILTER_AND:
582 case LDAP_FILTER_NOT:
583 for ( p = f->f_list; p != NULL; p = next ) {
589 case LDAP_FILTER_EXT:
590 mra_free( f->f_mra, 1 );
593 case SLAPD_FILTER_COMPUTED:
598 LDAP_LOG( FILTER, ERR,
599 "filter_free: unknown filter type %lu\n", f->f_choice, 0, 0 );
601 Debug( LDAP_DEBUG_ANY, "filter_free: unknown filter type=%lu\n",
611 filter2bv( Filter *f, struct berval *fstr )
619 ber_str2bv( "No filter!", sizeof("No filter!")-1, 1, fstr );
623 switch ( f->f_choice ) {
624 case LDAP_FILTER_EQUALITY:
625 filter_escape_value( &f->f_av_value, &tmp );
627 fstr->bv_len = f->f_av_desc->ad_cname.bv_len +
628 tmp.bv_len + ( sizeof("(=)") - 1 );
629 fstr->bv_val = ch_malloc( fstr->bv_len + 1 );
631 snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s=%s)",
632 f->f_av_desc->ad_cname.bv_val,
635 ber_memfree( tmp.bv_val );
639 filter_escape_value( &f->f_av_value, &tmp );
641 fstr->bv_len = f->f_av_desc->ad_cname.bv_len +
642 tmp.bv_len + ( sizeof("(>=)") - 1 );
643 fstr->bv_val = ch_malloc( fstr->bv_len + 1 );
645 snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s>=%s)",
646 f->f_av_desc->ad_cname.bv_val,
649 ber_memfree( tmp.bv_val );
653 filter_escape_value( &f->f_av_value, &tmp );
655 fstr->bv_len = f->f_av_desc->ad_cname.bv_len +
656 tmp.bv_len + ( sizeof("(<=)") - 1 );
657 fstr->bv_val = ch_malloc( fstr->bv_len + 1 );
659 snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s<=%s)",
660 f->f_av_desc->ad_cname.bv_val,
663 ber_memfree( tmp.bv_val );
666 case LDAP_FILTER_APPROX:
667 filter_escape_value( &f->f_av_value, &tmp );
669 fstr->bv_len = f->f_av_desc->ad_cname.bv_len +
670 tmp.bv_len + ( sizeof("(~=)") - 1 );
671 fstr->bv_val = ch_malloc( fstr->bv_len + 1 );
673 snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s~=%s)",
674 f->f_av_desc->ad_cname.bv_val,
676 ber_memfree( tmp.bv_val );
679 case LDAP_FILTER_SUBSTRINGS:
680 fstr->bv_len = f->f_sub_desc->ad_cname.bv_len +
681 ( sizeof("(=*)") - 1 );
682 fstr->bv_val = ch_malloc( fstr->bv_len + 128 );
684 snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s=*)",
685 f->f_sub_desc->ad_cname.bv_val );
687 if ( f->f_sub_initial.bv_val != NULL ) {
690 filter_escape_value( &f->f_sub_initial, &tmp );
692 fstr->bv_len += tmp.bv_len;
693 fstr->bv_val = ch_realloc( fstr->bv_val, fstr->bv_len + 1 );
695 snprintf( &fstr->bv_val[len-2], tmp.bv_len+3,
696 /* "(attr=" */ "%s*)",
699 ber_memfree( tmp.bv_val );
702 if ( f->f_sub_any != NULL ) {
703 for ( i = 0; f->f_sub_any[i].bv_val != NULL; i++ ) {
705 filter_escape_value( &f->f_sub_any[i], &tmp );
707 fstr->bv_len += tmp.bv_len + 1;
708 fstr->bv_val = ch_realloc( fstr->bv_val, fstr->bv_len + 1 );
710 snprintf( &fstr->bv_val[len-1], tmp.bv_len+3,
711 /* "(attr=[init]*[any*]" */ "%s*)",
713 ber_memfree( tmp.bv_val );
717 if ( f->f_sub_final.bv_val != NULL ) {
720 filter_escape_value( &f->f_sub_final, &tmp );
722 fstr->bv_len += tmp.bv_len;
723 fstr->bv_val = ch_realloc( fstr->bv_val, fstr->bv_len + 1 );
725 snprintf( &fstr->bv_val[len-1], tmp.bv_len+3,
726 /* "(attr=[init*][any*]" */ "%s)",
729 ber_memfree( tmp.bv_val );
734 case LDAP_FILTER_PRESENT:
735 fstr->bv_len = f->f_desc->ad_cname.bv_len +
736 ( sizeof("(=*)") - 1 );
737 fstr->bv_val = ch_malloc( fstr->bv_len + 1 );
739 snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s=*)",
740 f->f_desc->ad_cname.bv_val );
743 case LDAP_FILTER_AND:
745 case LDAP_FILTER_NOT:
746 fstr->bv_len = sizeof("(%)") - 1;
747 fstr->bv_val = ch_malloc( fstr->bv_len + 128 );
749 snprintf( fstr->bv_val, fstr->bv_len + 1, "(%c)",
750 f->f_choice == LDAP_FILTER_AND ? '&' :
751 f->f_choice == LDAP_FILTER_OR ? '|' : '!' );
753 for ( p = f->f_list; p != NULL; p = p->f_next ) {
756 filter2bv( p, &tmp );
758 fstr->bv_len += tmp.bv_len;
759 fstr->bv_val = ch_realloc( fstr->bv_val, fstr->bv_len + 1 );
761 snprintf( &fstr->bv_val[len-1], tmp.bv_len + 2,
762 /*"("*/ "%s)", tmp.bv_val );
764 ch_free( tmp.bv_val );
769 case LDAP_FILTER_EXT: {
771 filter_escape_value( &f->f_mr_value, &tmp );
773 if ( f->f_mr_desc ) {
774 ad = f->f_mr_desc->ad_cname;
780 fstr->bv_len = ad.bv_len +
781 ( f->f_mr_dnattrs ? sizeof(":dn")-1 : 0 ) +
782 ( f->f_mr_rule_text.bv_len ? f->f_mr_rule_text.bv_len+1 : 0 ) +
783 tmp.bv_len + ( sizeof("(:=)") - 1 );
784 fstr->bv_val = ch_malloc( fstr->bv_len + 1 );
786 snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s%s%s%s:=%s)",
788 f->f_mr_dnattrs ? ":dn" : "",
789 f->f_mr_rule_text.bv_len ? ":" : "",
790 f->f_mr_rule_text.bv_len ? f->f_mr_rule_text.bv_val : "",
792 ber_memfree( tmp.bv_val );
795 case SLAPD_FILTER_COMPUTED:
797 f->f_result == LDAP_COMPARE_FALSE ? "(?=false)" :
798 f->f_result == LDAP_COMPARE_TRUE ? "(?=true)" :
799 f->f_result == SLAPD_COMPARE_UNDEFINED ? "(?=undefined)" :
801 f->f_result == LDAP_COMPARE_FALSE ? sizeof("(?=false)")-1 :
802 f->f_result == LDAP_COMPARE_TRUE ? sizeof("(?=true)")-1 :
803 f->f_result == SLAPD_COMPARE_UNDEFINED ? sizeof("(?=undefined)")-1 :
804 sizeof("(?=error)")-1,
809 ber_str2bv( "(?=unknown)", sizeof("(?=unknown)")-1, 1, fstr );
823 out->bv_val = (char *) ch_malloc( ( in->bv_len * 3 ) + 1 );
826 for( i=0; i < in->bv_len ; i++ ) {
827 if( FILTER_ESCAPE(in->bv_val[i]) ) {
828 out->bv_val[out->bv_len++] = SLAP_ESCAPE_CHAR;
829 out->bv_val[out->bv_len++] = SLAP_ESCAPE_HI( in->bv_val[i] );
830 out->bv_val[out->bv_len++] = SLAP_ESCAPE_LO( in->bv_val[i] );
832 out->bv_val[out->bv_len++] = in->bv_val[i];
836 out->bv_val[out->bv_len] = '\0';
844 ValuesReturnFilter **filt,
850 ValuesReturnFilter *vrf;
853 LDAP_LOG( FILTER, ENTRY,
854 "get_simple_vrFilter: conn %d\n", conn->c_connid, 0, 0 );
856 Debug( LDAP_DEBUG_FILTER, "begin get_simple_vrFilter\n", 0, 0, 0 );
859 tag = ber_peek_tag( ber, &len );
861 if( tag == LBER_ERROR ) {
862 *text = "error decoding filter";
863 return SLAPD_DISCONNECT;
866 vrf = (ValuesReturnFilter *) ch_malloc( sizeof(ValuesReturnFilter) );
867 vrf->vrf_next = NULL;
870 vrf->vrf_choice = tag;
872 switch ( vrf->vrf_choice ) {
873 case LDAP_FILTER_EQUALITY:
875 LDAP_LOG( FILTER, DETAIL2,
876 "get_simple_vrFilter: conn %d EQUALITY\n", conn->c_connid, 0, 0 );
878 Debug( LDAP_DEBUG_FILTER, "EQUALITY\n", 0, 0, 0 );
880 err = get_ava( ber, &vrf->vrf_ava, SLAP_MR_EQUALITY, text );
881 if ( err != LDAP_SUCCESS ) {
885 assert( vrf->vrf_ava != NULL );
888 case LDAP_FILTER_SUBSTRINGS:
890 LDAP_LOG( FILTER, DETAIL1,
891 "get_simple_vrFilter: conn %d SUBSTRINGS\n", conn->c_connid, 0, 0 );
893 Debug( LDAP_DEBUG_FILTER, "SUBSTRINGS\n", 0, 0, 0 );
895 err = get_substring_filter( conn, ber, (Filter *)vrf, text );
900 LDAP_LOG( FILTER, DETAIL1,
901 "get_simple_vrFilter: conn %d GE\n", conn->c_connid, 0, 0 );
903 Debug( LDAP_DEBUG_FILTER, "GE\n", 0, 0, 0 );
905 err = get_ava( ber, &vrf->vrf_ava, SLAP_MR_ORDERING, text );
906 if ( err != LDAP_SUCCESS ) {
913 LDAP_LOG( FILTER, DETAIL1,
914 "get_simple_vrFilter: conn %d LE\n", conn->c_connid, 0, 0 );
916 Debug( LDAP_DEBUG_FILTER, "LE\n", 0, 0, 0 );
918 err = get_ava( ber, &vrf->vrf_ava, SLAP_MR_ORDERING, text );
919 if ( err != LDAP_SUCCESS ) {
924 case LDAP_FILTER_PRESENT: {
928 LDAP_LOG( FILTER, DETAIL1,
929 "get_simple_vrFilter: conn %d PRESENT\n", conn->c_connid, 0, 0 );
931 Debug( LDAP_DEBUG_FILTER, "PRESENT\n", 0, 0, 0 );
933 if ( ber_scanf( ber, "m", &type ) == LBER_ERROR ) {
934 err = SLAPD_DISCONNECT;
935 *text = "error decoding filter";
939 vrf->vrf_desc = NULL;
940 err = slap_bv2ad( &type, &vrf->vrf_desc, text );
942 if( err != LDAP_SUCCESS ) {
943 /* unrecognized attribute description or other error */
944 vrf->vrf_choice = SLAPD_FILTER_COMPUTED;
945 vrf->vrf_result = LDAP_COMPARE_FALSE;
951 case LDAP_FILTER_APPROX:
953 LDAP_LOG( FILTER, DETAIL1,
954 "get_simple_vrFilter: conn %d APPROX\n", conn->c_connid, 0, 0 );
956 Debug( LDAP_DEBUG_FILTER, "APPROX\n", 0, 0, 0 );
958 err = get_ava( ber, &vrf->vrf_ava, SLAP_MR_EQUALITY_APPROX, text );
959 if ( err != LDAP_SUCCESS ) {
964 case LDAP_FILTER_EXT:
966 LDAP_LOG( FILTER, DETAIL1,
967 "get_simple_vrFilter: conn %d EXTENSIBLE\n", conn->c_connid, 0, 0 );
969 Debug( LDAP_DEBUG_FILTER, "EXTENSIBLE\n", 0, 0, 0 );
972 err = get_mra( ber, &vrf->vrf_mra, text );
973 if ( err != LDAP_SUCCESS ) {
977 assert( vrf->vrf_mra != NULL );
981 (void) ber_scanf( ber, "x" ); /* skip the element */
983 LDAP_LOG( FILTER, ERR,
984 "get_simple_vrFilter: conn %d unknown filter type=%lu\n",
985 conn->c_connid, vrf->vrf_choice, 0 );
987 Debug( LDAP_DEBUG_ANY, "get_simple_vrFilter: unknown filter type=%lu\n",
988 vrf->vrf_choice, 0, 0 );
990 vrf->vrf_choice = SLAPD_FILTER_COMPUTED;
991 vrf->vrf_result = SLAPD_COMPARE_UNDEFINED;
995 if ( err != LDAP_SUCCESS ) {
996 if( err != SLAPD_DISCONNECT ) {
998 vrf->vrf_choice = SLAPD_FILTER_COMPUTED;
999 vrf->vrf_result = SLAPD_COMPARE_UNDEFINED;
1012 LDAP_LOG( FILTER, DETAIL2,
1013 "get_simple_vrFilter: conn %d exit\n", conn->c_connid, 0, 0 );
1015 Debug( LDAP_DEBUG_FILTER, "end get_simple_vrFilter %d\n", err, 0, 0 );
1021 get_vrFilter( Connection *conn, BerElement *ber,
1022 ValuesReturnFilter **vrf,
1026 * A ValuesReturnFilter looks like this:
1028 * ValuesReturnFilter ::= SEQUENCE OF SimpleFilterItem
1029 * SimpleFilterItem ::= CHOICE {
1030 * equalityMatch [3] AttributeValueAssertion,
1031 * substrings [4] SubstringFilter,
1032 * greaterOrEqual [5] AttributeValueAssertion,
1033 * lessOrEqual [6] AttributeValueAssertion,
1034 * present [7] AttributeType,
1035 * approxMatch [8] AttributeValueAssertion,
1036 * extensibleMatch [9] SimpleMatchingAssertion -- LDAPv3
1039 * SubstringFilter ::= SEQUENCE {
1040 * type AttributeType,
1041 * SEQUENCE OF CHOICE {
1042 * initial [0] IA5String,
1043 * any [1] IA5String,
1044 * final [2] IA5String
1048 * SimpleMatchingAssertion ::= SEQUENCE { -- LDAPv3
1049 * matchingRule [1] MatchingRuleId OPTIONAL,
1050 * type [2] AttributeDescription OPTIONAL,
1051 * matchValue [3] AssertionValue }
1054 ValuesReturnFilter **n;
1060 LDAP_LOG( FILTER, ENTRY,
1061 "get_vrFilter: conn %d start\n", conn->c_connid, 0, 0 );
1063 Debug( LDAP_DEBUG_FILTER, "begin get_vrFilter\n", 0, 0, 0 );
1066 tag = ber_peek_tag( ber, &len );
1068 if( tag == LBER_ERROR ) {
1069 *text = "error decoding vrFilter";
1070 return SLAPD_DISCONNECT;
1073 if( tag != LBER_SEQUENCE ) {
1074 *text = "error decoding vrFilter, expect SEQUENCE tag";
1075 return SLAPD_DISCONNECT;
1079 for ( tag = ber_first_element( ber, &len, &last );
1080 tag != LBER_DEFAULT;
1081 tag = ber_next_element( ber, &len, last ) )
1083 int err = get_simple_vrFilter( conn, ber, n, text );
1084 if ( err != LDAP_SUCCESS )
1086 n = &(*n)->vrf_next;
1091 LDAP_LOG( FILTER, ENTRY,
1092 "get_vrFilter: conn %d exit\n", conn->c_connid, 0, 0 );
1094 Debug( LDAP_DEBUG_FILTER, "end get_vrFilter\n", 0, 0, 0 );
1096 return( LDAP_SUCCESS );
1100 vrFilter_free( ValuesReturnFilter *vrf )
1102 ValuesReturnFilter *p, *next;
1104 if ( vrf == NULL ) {
1108 for ( p = vrf; p != NULL; p = next ) {
1111 switch ( vrf->vrf_choice ) {
1112 case LDAP_FILTER_PRESENT:
1115 case LDAP_FILTER_EQUALITY:
1116 case LDAP_FILTER_GE:
1117 case LDAP_FILTER_LE:
1118 case LDAP_FILTER_APPROX:
1119 ava_free( vrf->vrf_ava, 1 );
1122 case LDAP_FILTER_SUBSTRINGS:
1123 if ( vrf->vrf_sub_initial.bv_val != NULL ) {
1124 free( vrf->vrf_sub_initial.bv_val );
1126 ber_bvarray_free( vrf->vrf_sub_any );
1127 if ( vrf->vrf_sub_final.bv_val != NULL ) {
1128 free( vrf->vrf_sub_final.bv_val );
1130 ch_free( vrf->vrf_sub );
1133 case LDAP_FILTER_EXT:
1134 mra_free( vrf->vrf_mra, 1 );
1137 case SLAPD_FILTER_COMPUTED:
1142 LDAP_LOG( FILTER, ERR,
1143 "filter_free: unknown filter type %lu\n", vrf->vrf_choice, 0, 0 );
1145 Debug( LDAP_DEBUG_ANY, "filter_free: unknown filter type=%lu\n",
1146 vrf->vrf_choice, 0, 0 );
1157 vrFilter2bv( ValuesReturnFilter *vrf, struct berval *fstr )
1159 ValuesReturnFilter *p;
1163 if ( vrf == NULL ) {
1164 ber_str2bv( "No filter!", sizeof("No filter!")-1, 1, fstr );
1168 fstr->bv_len = sizeof("()") - 1;
1169 fstr->bv_val = ch_malloc( fstr->bv_len + 128 );
1171 snprintf( fstr->bv_val, fstr->bv_len + 1, "()");
1173 for ( p = vrf; p != NULL; p = p->vrf_next ) {
1176 simple_vrFilter2bv( p, &tmp );
1178 fstr->bv_len += tmp.bv_len;
1179 fstr->bv_val = ch_realloc( fstr->bv_val, fstr->bv_len + 1 );
1181 snprintf( &fstr->bv_val[len-1], tmp.bv_len + 2,
1182 /*"("*/ "%s)", tmp.bv_val );
1184 ch_free( tmp.bv_val );
1189 simple_vrFilter2bv( ValuesReturnFilter *vrf, struct berval *fstr )
1194 if ( vrf == NULL ) {
1195 ber_str2bv( "No filter!", sizeof("No filter!")-1, 1, fstr );
1199 switch ( vrf->vrf_choice ) {
1200 case LDAP_FILTER_EQUALITY:
1201 filter_escape_value( &vrf->vrf_av_value, &tmp );
1203 fstr->bv_len = vrf->vrf_av_desc->ad_cname.bv_len +
1204 tmp.bv_len + ( sizeof("(=)") - 1 );
1205 fstr->bv_val = ch_malloc( fstr->bv_len + 1 );
1207 snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s=%s)",
1208 vrf->vrf_av_desc->ad_cname.bv_val,
1211 ber_memfree( tmp.bv_val );
1214 case LDAP_FILTER_GE:
1215 filter_escape_value( &vrf->vrf_av_value, &tmp );
1217 fstr->bv_len = vrf->vrf_av_desc->ad_cname.bv_len +
1218 tmp.bv_len + ( sizeof("(>=)") - 1 );
1219 fstr->bv_val = ch_malloc( fstr->bv_len + 1 );
1221 snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s>=%s)",
1222 vrf->vrf_av_desc->ad_cname.bv_val,
1225 ber_memfree( tmp.bv_val );
1228 case LDAP_FILTER_LE:
1229 filter_escape_value( &vrf->vrf_av_value, &tmp );
1231 fstr->bv_len = vrf->vrf_av_desc->ad_cname.bv_len +
1232 tmp.bv_len + ( sizeof("(<=)") - 1 );
1233 fstr->bv_val = ch_malloc( fstr->bv_len + 1 );
1235 snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s<=%s)",
1236 vrf->vrf_av_desc->ad_cname.bv_val,
1239 ber_memfree( tmp.bv_val );
1242 case LDAP_FILTER_APPROX:
1243 filter_escape_value( &vrf->vrf_av_value, &tmp );
1245 fstr->bv_len = vrf->vrf_av_desc->ad_cname.bv_len +
1246 tmp.bv_len + ( sizeof("(~=)") - 1 );
1247 fstr->bv_val = ch_malloc( fstr->bv_len + 1 );
1249 snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s~=%s)",
1250 vrf->vrf_av_desc->ad_cname.bv_val,
1252 ber_memfree( tmp.bv_val );
1255 case LDAP_FILTER_SUBSTRINGS:
1256 fstr->bv_len = vrf->vrf_sub_desc->ad_cname.bv_len +
1257 ( sizeof("(=*)") - 1 );
1258 fstr->bv_val = ch_malloc( fstr->bv_len + 128 );
1260 snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s=*)",
1261 vrf->vrf_sub_desc->ad_cname.bv_val );
1263 if ( vrf->vrf_sub_initial.bv_val != NULL ) {
1266 filter_escape_value( &vrf->vrf_sub_initial, &tmp );
1268 fstr->bv_len += tmp.bv_len;
1269 fstr->bv_val = ch_realloc( fstr->bv_val, fstr->bv_len + 1 );
1271 snprintf( &fstr->bv_val[len-2], tmp.bv_len+3,
1272 /* "(attr=" */ "%s*)",
1275 ber_memfree( tmp.bv_val );
1278 if ( vrf->vrf_sub_any != NULL ) {
1280 for ( i = 0; vrf->vrf_sub_any[i].bv_val != NULL; i++ ) {
1282 filter_escape_value( &vrf->vrf_sub_any[i], &tmp );
1284 fstr->bv_len += tmp.bv_len + 1;
1285 fstr->bv_val = ch_realloc( fstr->bv_val, fstr->bv_len + 1 );
1287 snprintf( &fstr->bv_val[len-1], tmp.bv_len+3,
1288 /* "(attr=[init]*[any*]" */ "%s*)",
1290 ber_memfree( tmp.bv_val );
1294 if ( vrf->vrf_sub_final.bv_val != NULL ) {
1297 filter_escape_value( &vrf->vrf_sub_final, &tmp );
1299 fstr->bv_len += tmp.bv_len;
1300 fstr->bv_val = ch_realloc( fstr->bv_val, fstr->bv_len + 1 );
1302 snprintf( &fstr->bv_val[len-1], tmp.bv_len+3,
1303 /* "(attr=[init*][any*]" */ "%s)",
1306 ber_memfree( tmp.bv_val );
1311 case LDAP_FILTER_PRESENT:
1312 fstr->bv_len = vrf->vrf_desc->ad_cname.bv_len +
1313 ( sizeof("(=*)") - 1 );
1314 fstr->bv_val = ch_malloc( fstr->bv_len + 1 );
1316 snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s=*)",
1317 vrf->vrf_desc->ad_cname.bv_val );
1320 case LDAP_FILTER_EXT: {
1322 filter_escape_value( &vrf->vrf_mr_value, &tmp );
1324 if ( vrf->vrf_mr_desc ) {
1325 ad = vrf->vrf_mr_desc->ad_cname;
1331 fstr->bv_len = ad.bv_len +
1332 ( vrf->vrf_mr_dnattrs ? sizeof(":dn")-1 : 0 ) +
1333 ( vrf->vrf_mr_rule_text.bv_len ? vrf->vrf_mr_rule_text.bv_len+1 : 0 ) +
1334 tmp.bv_len + ( sizeof("(:=)") - 1 );
1335 fstr->bv_val = ch_malloc( fstr->bv_len + 1 );
1337 snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s%s%s%s:=%s)",
1339 vrf->vrf_mr_dnattrs ? ":dn" : "",
1340 vrf->vrf_mr_rule_text.bv_len ? ":" : "",
1341 vrf->vrf_mr_rule_text.bv_len ? vrf->vrf_mr_rule_text.bv_val : "",
1344 ber_memfree( tmp.bv_val );
1347 case SLAPD_FILTER_COMPUTED:
1349 vrf->vrf_result == LDAP_COMPARE_FALSE ? "(?=false)" :
1350 vrf->vrf_result == LDAP_COMPARE_TRUE ? "(?=true)" :
1351 vrf->vrf_result == SLAPD_COMPARE_UNDEFINED ? "(?=undefined)" :
1353 vrf->vrf_result == LDAP_COMPARE_FALSE ? sizeof("(?=false)")-1 :
1354 vrf->vrf_result == LDAP_COMPARE_TRUE ? sizeof("(?=true)")-1 :
1355 vrf->vrf_result == SLAPD_COMPARE_UNDEFINED ? sizeof("(?=undefined)")-1 :
1356 sizeof("(?=error)")-1,
1361 ber_str2bv( "(?=unknown)", sizeof("(?=unknown)")-1, 1, fstr );
1367 get_substring_vrFilter(
1370 ValuesReturnFilter *vrf,
1376 struct berval value;
1379 *text = "error decoding filter";
1382 LDAP_LOG( FILTER, ENTRY,
1383 "get_substring_filter: conn %d begin\n", conn->c_connid, 0, 0 );
1385 Debug( LDAP_DEBUG_FILTER, "begin get_substring_filter\n", 0, 0, 0 );
1387 if ( ber_scanf( ber, "{m" /*}*/, &bv ) == LBER_ERROR ) {
1388 return SLAPD_DISCONNECT;
1391 vrf->vrf_sub = ch_calloc( 1, sizeof(SubstringsAssertion) );
1392 vrf->vrf_sub_desc = NULL;
1393 rc = slap_bv2ad( &bv, &vrf->vrf_sub_desc, text );
1395 if( rc != LDAP_SUCCESS ) {
1397 ch_free( vrf->vrf_sub );
1398 vrf->vrf_choice = SLAPD_FILTER_COMPUTED;
1399 vrf->vrf_result = SLAPD_COMPARE_UNDEFINED;
1400 return LDAP_SUCCESS;
1403 vrf->vrf_sub_initial.bv_val = NULL;
1404 vrf->vrf_sub_any = NULL;
1405 vrf->vrf_sub_final.bv_val = NULL;
1407 for ( tag = ber_first_element( ber, &len, &last ); tag != LBER_DEFAULT;
1408 tag = ber_next_element( ber, &len, last ) )
1412 rc = ber_scanf( ber, "m", &value );
1413 if ( rc == LBER_ERROR ) {
1414 rc = SLAPD_DISCONNECT;
1418 if ( value.bv_val == NULL || value.bv_len == 0 ) {
1419 rc = LDAP_INVALID_SYNTAX;
1424 case LDAP_SUBSTRING_INITIAL:
1425 usage = SLAP_MR_SUBSTR_INITIAL;
1428 case LDAP_SUBSTRING_ANY:
1429 usage = SLAP_MR_SUBSTR_ANY;
1432 case LDAP_SUBSTRING_FINAL:
1433 usage = SLAP_MR_SUBSTR_FINAL;
1437 rc = LDAP_PROTOCOL_ERROR;
1440 LDAP_LOG( FILTER, ERR,
1441 "get_filter_substring: conn %d unknown substring choice=%ld\n",
1442 conn->c_connid, (long)tag, 0 );
1444 Debug( LDAP_DEBUG_FILTER,
1445 " unknown substring choice=%ld\n",
1452 /* validate/normalize using equality matching rule validator! */
1453 rc = asserted_value_validate_normalize(
1454 vrf->vrf_sub_desc, vrf->vrf_sub_desc->ad_type->sat_equality,
1455 usage, &value, &bv, text );
1456 if( rc != LDAP_SUCCESS ) {
1460 /* valiate using equality matching rule validator! */
1461 rc = value_validate( vrf->vrf_sub_desc->ad_type->sat_equality,
1463 if( rc != LDAP_SUCCESS ) {
1467 rc = value_normalize( vrf->vrf_sub_desc, usage,
1468 &value, &bv, text );
1469 if( rc != LDAP_SUCCESS ) {
1476 rc = LDAP_PROTOCOL_ERROR;
1479 case LDAP_SUBSTRING_INITIAL:
1481 LDAP_LOG( FILTER, DETAIL1,
1482 "get_substring_filter: conn %d INITIAL\n",
1483 conn->c_connid, 0, 0 );
1485 Debug( LDAP_DEBUG_FILTER, " INITIAL\n", 0, 0, 0 );
1488 if ( vrf->vrf_sub_initial.bv_val != NULL
1489 || vrf->vrf_sub_any != NULL
1490 || vrf->vrf_sub_final.bv_val != NULL )
1492 free( value.bv_val );
1496 vrf->vrf_sub_initial = value;
1499 case LDAP_SUBSTRING_ANY:
1501 LDAP_LOG( FILTER, DETAIL1,
1502 "get_substring_filter: conn %d ANY\n", conn->c_connid, 0, 0 );
1504 Debug( LDAP_DEBUG_FILTER, " ANY\n", 0, 0, 0 );
1507 if ( vrf->vrf_sub_final.bv_val != NULL ) {
1508 free( value.bv_val );
1512 ber_bvarray_add( &vrf->vrf_sub_any, &value );
1515 case LDAP_SUBSTRING_FINAL:
1517 LDAP_LOG( FILTER, DETAIL1,
1518 "get_substring_filter: conn %d FINAL\n", conn->c_connid, 0, 0 );
1520 Debug( LDAP_DEBUG_FILTER, " FINAL\n", 0, 0, 0 );
1523 if ( vrf->vrf_sub_final.bv_val != NULL ) {
1524 free( value.bv_val );
1528 vrf->vrf_sub_final = value;
1533 LDAP_LOG( FILTER, INFO,
1534 "get_substring_filter: conn %d unknown substring type %ld\n",
1535 conn->c_connid, (long)tag, 0 );
1537 Debug( LDAP_DEBUG_FILTER,
1538 " unknown substring type=%ld\n",
1542 free( value.bv_val );
1546 LDAP_LOG( FILTER, INFO,
1547 "get_substring_filter: conn %d error %ld\n",
1548 conn->c_connid, (long)rc, 0 );
1550 Debug( LDAP_DEBUG_FILTER, " error=%ld\n",
1553 free( vrf->vrf_sub_initial.bv_val );
1554 ber_bvarray_free( vrf->vrf_sub_any );
1555 free( vrf->vrf_sub_final.bv_val );
1556 ch_free( vrf->vrf_sub );
1562 LDAP_LOG( FILTER, ENTRY,
1563 "get_substring_filter: conn %d exit\n", conn->c_connid, 0, 0 );
1565 Debug( LDAP_DEBUG_FILTER, "end get_substring_filter\n", 0, 0, 0 );
1567 return( LDAP_SUCCESS );