1 /* filter.c - routines for parsing and dealing with filters */
3 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
5 * Copyright 1998-2005 The OpenLDAP Foundation.
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted only as authorized by the OpenLDAP
12 * A copy of this license is available in the file LICENSE in the
13 * top-level directory of the distribution or, alternatively, at
14 * <http://www.OpenLDAP.org/license.html>.
16 /* Portions Copyright (c) 1995 Regents of the University of Michigan.
17 * All rights reserved.
19 * Redistribution and use in source and binary forms are permitted
20 * provided that this notice is preserved and that due credit is given
21 * to the University of Michigan at Ann Arbor. The name of the University
22 * may not be used to endorse or promote products derived from this
23 * software without specific prior written permission. This software
24 * is provided ``as is'' without express or implied warranty.
31 #include <ac/socket.h>
32 #include <ac/string.h>
36 static int get_filter_list(
45 SubstringsAssertion **s,
48 static int filter_escape_value_x(
53 static void simple_vrFilter2bv(
55 ValuesReturnFilter *f,
56 struct berval *fstr );
58 static int get_simple_vrFilter(
61 ValuesReturnFilter **f,
76 Debug( LDAP_DEBUG_FILTER, "begin get_filter\n", 0, 0, 0 );
78 * A filter looks like this coming in:
80 * and [0] SET OF Filter,
81 * or [1] SET OF Filter,
83 * equalityMatch [3] AttributeValueAssertion,
84 * substrings [4] SubstringFilter,
85 * greaterOrEqual [5] AttributeValueAssertion,
86 * lessOrEqual [6] AttributeValueAssertion,
87 * present [7] AttributeType,,
88 * approxMatch [8] AttributeValueAssertion
89 * extensibleMatch [9] MatchingRuleAssertion
92 * SubstringFilter ::= SEQUENCE {
94 * SEQUENCE OF CHOICE {
95 * initial [0] IA5String,
101 * MatchingRuleAssertion ::= SEQUENCE {
102 * matchingRule [1] MatchingRuleId OPTIONAL,
103 * type [2] AttributeDescription OPTIONAL,
104 * matchValue [3] AssertionValue,
105 * dnAttributes [4] BOOLEAN DEFAULT FALSE
110 tag = ber_peek_tag( ber, &len );
112 if( tag == LBER_ERROR ) {
113 *text = "error decoding filter";
114 return SLAPD_DISCONNECT;
122 switch ( f.f_choice ) {
123 case LDAP_FILTER_EQUALITY:
124 Debug( LDAP_DEBUG_FILTER, "EQUALITY\n", 0, 0, 0 );
125 err = get_ava( op, ber, &f.f_ava, SLAP_MR_EQUALITY, text );
126 if ( err != LDAP_SUCCESS ) {
130 assert( f.f_ava != NULL );
133 case LDAP_FILTER_SUBSTRINGS:
134 Debug( LDAP_DEBUG_FILTER, "SUBSTRINGS\n", 0, 0, 0 );
135 err = get_ssa( op, ber, &f.f_sub, text );
136 if( err != LDAP_SUCCESS ) {
139 assert( f.f_sub != NULL );
143 Debug( LDAP_DEBUG_FILTER, "GE\n", 0, 0, 0 );
144 err = get_ava( op, ber, &f.f_ava, SLAP_MR_ORDERING, text );
145 if ( err != LDAP_SUCCESS ) {
148 assert( f.f_ava != NULL );
152 Debug( LDAP_DEBUG_FILTER, "LE\n", 0, 0, 0 );
153 err = get_ava( op, ber, &f.f_ava, SLAP_MR_ORDERING, text );
154 if ( err != LDAP_SUCCESS ) {
157 assert( f.f_ava != NULL );
160 case LDAP_FILTER_PRESENT: {
163 Debug( LDAP_DEBUG_FILTER, "PRESENT\n", 0, 0, 0 );
164 if ( ber_scanf( ber, "m", &type ) == LBER_ERROR ) {
165 err = SLAPD_DISCONNECT;
166 *text = "error decoding filter";
171 err = slap_bv2ad( &type, &f.f_desc, text );
173 if( err != LDAP_SUCCESS ) {
174 /* unrecognized attribute description or other error */
175 Debug( LDAP_DEBUG_ANY,
176 "get_filter: conn %lu unknown attribute "
178 op->o_connid, type.bv_val, err );
180 f.f_choice = SLAPD_FILTER_COMPUTED;
181 f.f_result = LDAP_COMPARE_FALSE;
187 assert( f.f_desc != NULL );
190 case LDAP_FILTER_APPROX:
191 Debug( LDAP_DEBUG_FILTER, "APPROX\n", 0, 0, 0 );
192 err = get_ava( op, ber, &f.f_ava, SLAP_MR_EQUALITY_APPROX, text );
193 if ( err != LDAP_SUCCESS ) {
196 assert( f.f_ava != NULL );
199 case LDAP_FILTER_AND:
200 Debug( LDAP_DEBUG_FILTER, "AND\n", 0, 0, 0 );
201 err = get_filter_list( op, ber, &f.f_and, text );
202 if ( err != LDAP_SUCCESS ) {
205 if ( f.f_and == NULL ) {
206 f.f_choice = SLAPD_FILTER_COMPUTED;
207 f.f_result = LDAP_COMPARE_TRUE;
209 /* no assert - list could be empty */
213 Debug( LDAP_DEBUG_FILTER, "OR\n", 0, 0, 0 );
214 err = get_filter_list( op, ber, &f.f_or, text );
215 if ( err != LDAP_SUCCESS ) {
218 if ( f.f_or == NULL ) {
219 f.f_choice = SLAPD_FILTER_COMPUTED;
220 f.f_result = LDAP_COMPARE_FALSE;
222 /* no assert - list could be empty */
225 case LDAP_FILTER_NOT:
226 Debug( LDAP_DEBUG_FILTER, "NOT\n", 0, 0, 0 );
227 (void) ber_skip_tag( ber, &len );
228 err = get_filter( op, ber, &f.f_not, text );
229 if ( err != LDAP_SUCCESS ) {
233 assert( f.f_not != NULL );
234 if ( f.f_not->f_choice == SLAPD_FILTER_COMPUTED ) {
235 int fresult = f.f_not->f_result;
236 f.f_choice = SLAPD_FILTER_COMPUTED;
237 op->o_tmpfree( f.f_not, op->o_tmpmemctx );
241 case LDAP_COMPARE_TRUE:
242 f.f_result = LDAP_COMPARE_FALSE;
244 case LDAP_COMPARE_FALSE:
245 f.f_result = LDAP_COMPARE_TRUE;
248 /* (!Undefined) is Undefined */
253 case LDAP_FILTER_EXT:
254 Debug( LDAP_DEBUG_FILTER, "EXTENSIBLE\n", 0, 0, 0 );
256 err = get_mra( op, ber, &f.f_mra, text );
257 if ( err != LDAP_SUCCESS ) {
261 assert( f.f_mra != NULL );
265 (void) ber_scanf( ber, "x" ); /* skip the element */
266 Debug( LDAP_DEBUG_ANY, "get_filter: unknown filter type=%lu\n",
268 f.f_choice = SLAPD_FILTER_COMPUTED;
269 f.f_result = SLAPD_COMPARE_UNDEFINED;
273 if( err != LDAP_SUCCESS && err != SLAPD_DISCONNECT ) {
276 f.f_choice = SLAPD_FILTER_COMPUTED;
277 f.f_result = SLAPD_COMPARE_UNDEFINED;
281 if ( err == LDAP_SUCCESS ) {
282 *filt = op->o_tmpalloc( sizeof(f), op->o_tmpmemctx );
286 Debug( LDAP_DEBUG_FILTER, "end get_filter %d\n", err, 0, 0 );
292 get_filter_list( Operation *op, BerElement *ber,
302 Debug( LDAP_DEBUG_FILTER, "begin get_filter_list\n", 0, 0, 0 );
304 for ( tag = ber_first_element( ber, &len, &last );
306 tag = ber_next_element( ber, &len, last ) )
308 err = get_filter( op, ber, new, text );
309 if ( err != LDAP_SUCCESS )
311 new = &(*new)->f_next;
315 Debug( LDAP_DEBUG_FILTER, "end get_filter_list\n", 0, 0, 0 );
316 return( LDAP_SUCCESS );
323 SubstringsAssertion **out,
329 struct berval desc, value, nvalue;
331 SubstringsAssertion ssa;
333 *text = "error decoding filter";
336 Debug( LDAP_DEBUG_FILTER, "begin get_ssa\n", 0, 0, 0 );
337 if ( ber_scanf( ber, "{m" /*}*/, &desc ) == LBER_ERROR ) {
338 return SLAPD_DISCONNECT;
344 ssa.sa_initial.bv_val = NULL;
346 ssa.sa_final.bv_val = NULL;
348 rc = slap_bv2ad( &desc, &ssa.sa_desc, text );
350 if( rc != LDAP_SUCCESS ) {
351 Debug( LDAP_DEBUG_ANY,
352 "get_ssa: conn %lu unknown attribute type=%s (%ld)\n",
353 op->o_connid, desc.bv_val, (long) rc );
355 /* skip over the rest of this filter */
356 for ( tag = ber_first_element( ber, &len, &last );
358 tag = ber_next_element( ber, &len, last ) ) {
359 ber_scanf( ber, "x" );
364 rc = LDAP_PROTOCOL_ERROR;
366 for ( tag = ber_first_element( ber, &len, &last );
368 tag = ber_next_element( ber, &len, last ) )
372 rc = ber_scanf( ber, "m", &value );
373 if ( rc == LBER_ERROR ) {
374 rc = SLAPD_DISCONNECT;
378 if ( value.bv_val == NULL || value.bv_len == 0 ) {
379 rc = LDAP_INVALID_SYNTAX;
384 case LDAP_SUBSTRING_INITIAL:
385 if ( ssa.sa_initial.bv_val != NULL
386 || ssa.sa_any != NULL
387 || ssa.sa_final.bv_val != NULL )
389 rc = LDAP_PROTOCOL_ERROR;
392 usage = SLAP_MR_SUBSTR_INITIAL;
395 case LDAP_SUBSTRING_ANY:
396 if ( ssa.sa_final.bv_val != NULL ) {
397 rc = LDAP_PROTOCOL_ERROR;
400 usage = SLAP_MR_SUBSTR_ANY;
403 case LDAP_SUBSTRING_FINAL:
404 if ( ssa.sa_final.bv_val != NULL ) {
405 rc = LDAP_PROTOCOL_ERROR;
409 usage = SLAP_MR_SUBSTR_FINAL;
413 Debug( LDAP_DEBUG_FILTER,
414 " unknown substring choice=%ld\n",
417 rc = LDAP_PROTOCOL_ERROR;
421 /* validate/normalize using equality matching rule validator! */
422 rc = asserted_value_validate_normalize(
423 ssa.sa_desc, ssa.sa_desc->ad_type->sat_equality,
424 usage, &value, &nvalue, text, op->o_tmpmemctx );
425 if( rc != LDAP_SUCCESS ) goto return_error;
428 case LDAP_SUBSTRING_INITIAL:
429 Debug( LDAP_DEBUG_FILTER, " INITIAL\n", 0, 0, 0 );
430 ssa.sa_initial = nvalue;
433 case LDAP_SUBSTRING_ANY:
434 Debug( LDAP_DEBUG_FILTER, " ANY\n", 0, 0, 0 );
435 ber_bvarray_add_x( &ssa.sa_any, &nvalue, op->o_tmpmemctx );
438 case LDAP_SUBSTRING_FINAL:
439 Debug( LDAP_DEBUG_FILTER, " FINAL\n", 0, 0, 0 );
440 ssa.sa_final = nvalue;
445 slap_sl_free( nvalue.bv_val, op->o_tmpmemctx );
446 rc = LDAP_PROTOCOL_ERROR;
449 Debug( LDAP_DEBUG_FILTER, " error=%ld\n",
451 slap_sl_free( ssa.sa_initial.bv_val, op->o_tmpmemctx );
452 ber_bvarray_free_x( ssa.sa_any, op->o_tmpmemctx );
453 slap_sl_free( ssa.sa_final.bv_val, op->o_tmpmemctx );
460 if( rc == LDAP_SUCCESS ) {
461 *out = op->o_tmpalloc( sizeof( ssa ), op->o_tmpmemctx );
465 Debug( LDAP_DEBUG_FILTER, "end get_ssa\n", 0, 0, 0 );
466 return rc /* LDAP_SUCCESS */ ;
470 filter_free_x( Operation *op, Filter *f )
478 switch ( f->f_choice ) {
479 case LDAP_FILTER_PRESENT:
482 case LDAP_FILTER_EQUALITY:
485 case LDAP_FILTER_APPROX:
486 ava_free( op, f->f_ava, 1 );
489 case LDAP_FILTER_SUBSTRINGS:
490 if ( f->f_sub_initial.bv_val != NULL ) {
491 op->o_tmpfree( f->f_sub_initial.bv_val, op->o_tmpmemctx );
493 ber_bvarray_free_x( f->f_sub_any, op->o_tmpmemctx );
494 if ( f->f_sub_final.bv_val != NULL ) {
495 op->o_tmpfree( f->f_sub_final.bv_val, op->o_tmpmemctx );
497 op->o_tmpfree( f->f_sub, op->o_tmpmemctx );
500 case LDAP_FILTER_AND:
502 case LDAP_FILTER_NOT:
503 for ( p = f->f_list; p != NULL; p = next ) {
505 filter_free_x( op, p );
509 case LDAP_FILTER_EXT:
510 mra_free( op, f->f_mra, 1 );
513 case SLAPD_FILTER_COMPUTED:
517 Debug( LDAP_DEBUG_ANY, "filter_free: unknown filter type=%lu\n",
522 op->o_tmpfree( f, op->o_tmpmemctx );
526 filter_free( Filter *f )
532 op.o_tmpmemctx = slap_sl_context( f );
533 op.o_tmpmfuncs = &slap_sl_mfuncs;
534 filter_free_x( &op, f );
538 filter2bv_x( Operation *op, Filter *f, struct berval *fstr )
544 ber_bvfalse = BER_BVC( "(?=false)" ),
545 ber_bvtrue = BER_BVC( "(?=true)" ),
546 ber_bvundefined = BER_BVC( "(?=undefined)" ),
547 ber_bverror = BER_BVC( "(?=error)" ),
548 ber_bvunknown = BER_BVC( "(?=unknown)" ),
549 ber_bvnone = BER_BVC( "(?=none)" );
553 ber_dupbv_x( fstr, &ber_bvnone, op->o_tmpmemctx );
557 switch ( f->f_choice ) {
558 case LDAP_FILTER_EQUALITY:
559 filter_escape_value_x( &f->f_av_value, &tmp, op->o_tmpmemctx );
561 fstr->bv_len = f->f_av_desc->ad_cname.bv_len +
562 tmp.bv_len + ( sizeof("(=)") - 1 );
563 fstr->bv_val = op->o_tmpalloc( fstr->bv_len + 1, op->o_tmpmemctx );
565 snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s=%s)",
566 f->f_av_desc->ad_cname.bv_val,
569 ber_memfree_x( tmp.bv_val, op->o_tmpmemctx );
573 filter_escape_value_x( &f->f_av_value, &tmp, op->o_tmpmemctx );
575 fstr->bv_len = f->f_av_desc->ad_cname.bv_len +
576 tmp.bv_len + ( sizeof("(>=)") - 1 );
577 fstr->bv_val = op->o_tmpalloc( fstr->bv_len + 1, op->o_tmpmemctx );
579 snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s>=%s)",
580 f->f_av_desc->ad_cname.bv_val,
583 ber_memfree_x( tmp.bv_val, op->o_tmpmemctx );
587 filter_escape_value_x( &f->f_av_value, &tmp, op->o_tmpmemctx );
589 fstr->bv_len = f->f_av_desc->ad_cname.bv_len +
590 tmp.bv_len + ( sizeof("(<=)") - 1 );
591 fstr->bv_val = op->o_tmpalloc( fstr->bv_len + 1, op->o_tmpmemctx );
593 snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s<=%s)",
594 f->f_av_desc->ad_cname.bv_val,
597 ber_memfree_x( tmp.bv_val, op->o_tmpmemctx );
600 case LDAP_FILTER_APPROX:
601 filter_escape_value_x( &f->f_av_value, &tmp, op->o_tmpmemctx );
603 fstr->bv_len = f->f_av_desc->ad_cname.bv_len +
604 tmp.bv_len + ( sizeof("(~=)") - 1 );
605 fstr->bv_val = op->o_tmpalloc( fstr->bv_len + 1, op->o_tmpmemctx );
607 snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s~=%s)",
608 f->f_av_desc->ad_cname.bv_val,
610 ber_memfree_x( tmp.bv_val, op->o_tmpmemctx );
613 case LDAP_FILTER_SUBSTRINGS:
614 fstr->bv_len = f->f_sub_desc->ad_cname.bv_len +
615 ( sizeof("(=*)") - 1 );
616 fstr->bv_val = op->o_tmpalloc( fstr->bv_len + 128, op->o_tmpmemctx );
618 snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s=*)",
619 f->f_sub_desc->ad_cname.bv_val );
621 if ( f->f_sub_initial.bv_val != NULL ) {
624 filter_escape_value_x( &f->f_sub_initial, &tmp, op->o_tmpmemctx );
626 fstr->bv_len += tmp.bv_len;
627 fstr->bv_val = op->o_tmprealloc( fstr->bv_val, fstr->bv_len + 1,
630 snprintf( &fstr->bv_val[len-2], tmp.bv_len+3,
631 /* "(attr=" */ "%s*)",
634 ber_memfree_x( tmp.bv_val, op->o_tmpmemctx );
637 if ( f->f_sub_any != NULL ) {
638 for ( i = 0; f->f_sub_any[i].bv_val != NULL; i++ ) {
640 filter_escape_value_x( &f->f_sub_any[i],
641 &tmp, op->o_tmpmemctx );
643 fstr->bv_len += tmp.bv_len + 1;
644 fstr->bv_val = op->o_tmprealloc( fstr->bv_val, fstr->bv_len + 1,
647 snprintf( &fstr->bv_val[len-1], tmp.bv_len+3,
648 /* "(attr=[init]*[any*]" */ "%s*)",
650 ber_memfree_x( tmp.bv_val, op->o_tmpmemctx );
654 if ( f->f_sub_final.bv_val != NULL ) {
657 filter_escape_value_x( &f->f_sub_final, &tmp, op->o_tmpmemctx );
659 fstr->bv_len += tmp.bv_len;
660 fstr->bv_val = op->o_tmprealloc( fstr->bv_val, fstr->bv_len + 1,
663 snprintf( &fstr->bv_val[len-1], tmp.bv_len+3,
664 /* "(attr=[init*][any*]" */ "%s)",
667 ber_memfree_x( tmp.bv_val, op->o_tmpmemctx );
672 case LDAP_FILTER_PRESENT:
673 fstr->bv_len = f->f_desc->ad_cname.bv_len +
674 ( sizeof("(=*)") - 1 );
675 fstr->bv_val = op->o_tmpalloc( fstr->bv_len + 1, op->o_tmpmemctx );
677 snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s=*)",
678 f->f_desc->ad_cname.bv_val );
681 case LDAP_FILTER_AND:
683 case LDAP_FILTER_NOT:
684 fstr->bv_len = sizeof("(%)") - 1;
685 fstr->bv_val = op->o_tmpalloc( fstr->bv_len + 128, op->o_tmpmemctx );
687 snprintf( fstr->bv_val, fstr->bv_len + 1, "(%c)",
688 f->f_choice == LDAP_FILTER_AND ? '&' :
689 f->f_choice == LDAP_FILTER_OR ? '|' : '!' );
691 for ( p = f->f_list; p != NULL; p = p->f_next ) {
694 filter2bv_x( op, p, &tmp );
696 fstr->bv_len += tmp.bv_len;
697 fstr->bv_val = op->o_tmprealloc( fstr->bv_val, fstr->bv_len + 1,
700 snprintf( &fstr->bv_val[len-1], tmp.bv_len + 2,
701 /*"("*/ "%s)", tmp.bv_val );
703 op->o_tmpfree( tmp.bv_val, op->o_tmpmemctx );
708 case LDAP_FILTER_EXT: {
710 filter_escape_value_x( &f->f_mr_value, &tmp, op->o_tmpmemctx );
712 if ( f->f_mr_desc ) {
713 ad = f->f_mr_desc->ad_cname;
719 fstr->bv_len = ad.bv_len +
720 ( f->f_mr_dnattrs ? sizeof(":dn")-1 : 0 ) +
721 ( f->f_mr_rule_text.bv_len ? f->f_mr_rule_text.bv_len+1 : 0 ) +
722 tmp.bv_len + ( sizeof("(:=)") - 1 );
723 fstr->bv_val = op->o_tmpalloc( fstr->bv_len + 1, op->o_tmpmemctx );
725 snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s%s%s%s:=%s)",
727 f->f_mr_dnattrs ? ":dn" : "",
728 f->f_mr_rule_text.bv_len ? ":" : "",
729 f->f_mr_rule_text.bv_len ? f->f_mr_rule_text.bv_val : "",
731 ber_memfree_x( tmp.bv_val, op->o_tmpmemctx );
734 case SLAPD_FILTER_COMPUTED:
735 switch ( f->f_result ) {
736 case LDAP_COMPARE_FALSE:
740 case LDAP_COMPARE_TRUE:
744 case SLAPD_COMPARE_UNDEFINED:
745 tmp = ber_bvundefined;
753 ber_dupbv_x( fstr, &tmp, op->o_tmpmemctx );
757 ber_dupbv_x( fstr, &ber_bvunknown, op->o_tmpmemctx );
763 filter2bv( Filter *f, struct berval *fstr )
769 op.o_tmpmemctx = NULL;
770 op.o_tmpmfuncs = &ch_mfuncs;
772 filter2bv_x( &op, f, fstr );
776 filter_escape_value_x(
782 assert( in != NULL );
783 assert( out != NULL );
785 i = in->bv_len * 3 + 1;
786 out->bv_val = ctx ? slap_sl_malloc( i, ctx ) : ch_malloc( i );
789 for( i=0; i < in->bv_len ; i++ ) {
790 if( FILTER_ESCAPE(in->bv_val[i]) ) {
791 out->bv_val[out->bv_len++] = SLAP_ESCAPE_CHAR;
792 out->bv_val[out->bv_len++] = SLAP_ESCAPE_HI( in->bv_val[i] );
793 out->bv_val[out->bv_len++] = SLAP_ESCAPE_LO( in->bv_val[i] );
795 out->bv_val[out->bv_len++] = in->bv_val[i];
799 out->bv_val[out->bv_len] = '\0';
808 return filter_escape_value_x( in, out, NULL );
815 ValuesReturnFilter **filt,
821 ValuesReturnFilter vrf;
823 Debug( LDAP_DEBUG_FILTER, "begin get_simple_vrFilter\n", 0, 0, 0 );
825 tag = ber_peek_tag( ber, &len );
827 if( tag == LBER_ERROR ) {
828 *text = "error decoding filter";
829 return SLAPD_DISCONNECT;
835 vrf.vrf_choice = tag;
837 switch ( vrf.vrf_choice ) {
838 case LDAP_FILTER_EQUALITY:
839 Debug( LDAP_DEBUG_FILTER, "EQUALITY\n", 0, 0, 0 );
840 err = get_ava( op, ber, &vrf.vrf_ava, SLAP_MR_EQUALITY, text );
841 if ( err != LDAP_SUCCESS ) {
845 assert( vrf.vrf_ava != NULL );
848 case LDAP_FILTER_SUBSTRINGS:
849 Debug( LDAP_DEBUG_FILTER, "SUBSTRINGS\n", 0, 0, 0 );
850 err = get_ssa( op, ber, &vrf.vrf_sub, text );
854 Debug( LDAP_DEBUG_FILTER, "GE\n", 0, 0, 0 );
855 err = get_ava( op, ber, &vrf.vrf_ava, SLAP_MR_ORDERING, text );
856 if ( err != LDAP_SUCCESS ) {
862 Debug( LDAP_DEBUG_FILTER, "LE\n", 0, 0, 0 );
863 err = get_ava( op, ber, &vrf.vrf_ava, SLAP_MR_ORDERING, text );
864 if ( err != LDAP_SUCCESS ) {
869 case LDAP_FILTER_PRESENT: {
872 Debug( LDAP_DEBUG_FILTER, "PRESENT\n", 0, 0, 0 );
873 if ( ber_scanf( ber, "m", &type ) == LBER_ERROR ) {
874 err = SLAPD_DISCONNECT;
875 *text = "error decoding filter";
880 err = slap_bv2ad( &type, &vrf.vrf_desc, text );
882 if( err != LDAP_SUCCESS ) {
883 /* unrecognized attribute description or other error */
884 Debug( LDAP_DEBUG_ANY,
885 "get_simple_vrFilter: conn %lu unknown "
886 "attribute type=%s (%d)\n",
887 op->o_connid, type.bv_val, err );
889 vrf.vrf_choice = SLAPD_FILTER_COMPUTED;
890 vrf.vrf_result = LDAP_COMPARE_FALSE;
896 case LDAP_FILTER_APPROX:
897 Debug( LDAP_DEBUG_FILTER, "APPROX\n", 0, 0, 0 );
898 err = get_ava( op, ber, &vrf.vrf_ava, SLAP_MR_EQUALITY_APPROX, text );
899 if ( err != LDAP_SUCCESS ) {
904 case LDAP_FILTER_EXT:
905 Debug( LDAP_DEBUG_FILTER, "EXTENSIBLE\n", 0, 0, 0 );
907 err = get_mra( op, ber, &vrf.vrf_mra, text );
908 if ( err != LDAP_SUCCESS ) {
912 assert( vrf.vrf_mra != NULL );
916 (void) ber_scanf( ber, "x" ); /* skip the element */
917 Debug( LDAP_DEBUG_ANY, "get_simple_vrFilter: unknown filter type=%lu\n",
918 vrf.vrf_choice, 0, 0 );
919 vrf.vrf_choice = SLAPD_FILTER_COMPUTED;
920 vrf.vrf_result = SLAPD_COMPARE_UNDEFINED;
924 if ( err != LDAP_SUCCESS && err != SLAPD_DISCONNECT ) {
926 vrf.vrf_choice = SLAPD_FILTER_COMPUTED;
927 vrf.vrf_result = SLAPD_COMPARE_UNDEFINED;
931 if ( err == LDAP_SUCCESS ) {
932 *filt = ch_malloc( sizeof vrf );
936 Debug( LDAP_DEBUG_FILTER, "end get_simple_vrFilter %d\n", err, 0, 0 );
942 get_vrFilter( Operation *op, BerElement *ber,
943 ValuesReturnFilter **vrf,
947 * A ValuesReturnFilter looks like this:
949 * ValuesReturnFilter ::= SEQUENCE OF SimpleFilterItem
950 * SimpleFilterItem ::= CHOICE {
951 * equalityMatch [3] AttributeValueAssertion,
952 * substrings [4] SubstringFilter,
953 * greaterOrEqual [5] AttributeValueAssertion,
954 * lessOrEqual [6] AttributeValueAssertion,
955 * present [7] AttributeType,
956 * approxMatch [8] AttributeValueAssertion,
957 * extensibleMatch [9] SimpleMatchingAssertion -- LDAPv3
960 * SubstringFilter ::= SEQUENCE {
961 * type AttributeType,
962 * SEQUENCE OF CHOICE {
963 * initial [0] IA5String,
965 * final [2] IA5String
969 * SimpleMatchingAssertion ::= SEQUENCE { -- LDAPv3
970 * matchingRule [1] MatchingRuleId OPTIONAL,
971 * type [2] AttributeDescription OPTIONAL,
972 * matchValue [3] AssertionValue }
975 ValuesReturnFilter **n;
980 Debug( LDAP_DEBUG_FILTER, "begin get_vrFilter\n", 0, 0, 0 );
982 tag = ber_peek_tag( ber, &len );
984 if( tag == LBER_ERROR ) {
985 *text = "error decoding vrFilter";
986 return SLAPD_DISCONNECT;
989 if( tag != LBER_SEQUENCE ) {
990 *text = "error decoding vrFilter, expect SEQUENCE tag";
991 return SLAPD_DISCONNECT;
995 for ( tag = ber_first_element( ber, &len, &last );
997 tag = ber_next_element( ber, &len, last ) )
999 int err = get_simple_vrFilter( op, ber, n, text );
1001 if ( err != LDAP_SUCCESS ) return( err );
1003 n = &(*n)->vrf_next;
1007 Debug( LDAP_DEBUG_FILTER, "end get_vrFilter\n", 0, 0, 0 );
1008 return( LDAP_SUCCESS );
1012 vrFilter_free( Operation *op, ValuesReturnFilter *vrf )
1014 ValuesReturnFilter *p, *next;
1016 if ( vrf == NULL ) {
1020 for ( p = vrf; p != NULL; p = next ) {
1023 switch ( vrf->vrf_choice ) {
1024 case LDAP_FILTER_PRESENT:
1027 case LDAP_FILTER_EQUALITY:
1028 case LDAP_FILTER_GE:
1029 case LDAP_FILTER_LE:
1030 case LDAP_FILTER_APPROX:
1031 ava_free( op, vrf->vrf_ava, 1 );
1034 case LDAP_FILTER_SUBSTRINGS:
1035 if ( vrf->vrf_sub_initial.bv_val != NULL ) {
1036 op->o_tmpfree( vrf->vrf_sub_initial.bv_val, op->o_tmpmemctx );
1038 ber_bvarray_free_x( vrf->vrf_sub_any, op->o_tmpmemctx );
1039 if ( vrf->vrf_sub_final.bv_val != NULL ) {
1040 op->o_tmpfree( vrf->vrf_sub_final.bv_val, op->o_tmpmemctx );
1042 op->o_tmpfree( vrf->vrf_sub, op->o_tmpmemctx );
1045 case LDAP_FILTER_EXT:
1046 mra_free( op, vrf->vrf_mra, 1 );
1049 case SLAPD_FILTER_COMPUTED:
1053 Debug( LDAP_DEBUG_ANY, "filter_free: unknown filter type=%lu\n",
1054 vrf->vrf_choice, 0, 0 );
1058 op->o_tmpfree( vrf, op->o_tmpmemctx );
1063 vrFilter2bv( Operation *op, ValuesReturnFilter *vrf, struct berval *fstr )
1065 ValuesReturnFilter *p;
1069 if ( vrf == NULL ) {
1070 ber_str2bv_x( "No filter!", sizeof("No filter!")-1,
1071 1, fstr, op->o_tmpmemctx );
1075 fstr->bv_len = sizeof("()") - 1;
1076 fstr->bv_val = op->o_tmpalloc( fstr->bv_len + 128, op->o_tmpmemctx );
1078 snprintf( fstr->bv_val, fstr->bv_len + 1, "()");
1080 for ( p = vrf; p != NULL; p = p->vrf_next ) {
1083 simple_vrFilter2bv( op, p, &tmp );
1085 fstr->bv_len += tmp.bv_len;
1086 fstr->bv_val = op->o_tmprealloc( fstr->bv_val, fstr->bv_len + 1,
1089 snprintf( &fstr->bv_val[len-1], tmp.bv_len + 2,
1090 /*"("*/ "%s)", tmp.bv_val );
1092 op->o_tmpfree( tmp.bv_val, op->o_tmpmemctx );
1097 simple_vrFilter2bv( Operation *op, ValuesReturnFilter *vrf, struct berval *fstr )
1102 if ( vrf == NULL ) {
1103 ber_str2bv_x( "No filter!", sizeof("No filter!")-1, 1, fstr,
1108 switch ( vrf->vrf_choice ) {
1109 case LDAP_FILTER_EQUALITY:
1110 filter_escape_value_x( &vrf->vrf_av_value, &tmp, op->o_tmpmemctx );
1112 fstr->bv_len = vrf->vrf_av_desc->ad_cname.bv_len +
1113 tmp.bv_len + ( sizeof("(=)") - 1 );
1114 fstr->bv_val = op->o_tmpalloc( fstr->bv_len + 1, op->o_tmpmemctx );
1116 snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s=%s)",
1117 vrf->vrf_av_desc->ad_cname.bv_val,
1120 ber_memfree_x( tmp.bv_val, op->o_tmpmemctx );
1123 case LDAP_FILTER_GE:
1124 filter_escape_value_x( &vrf->vrf_av_value, &tmp, op->o_tmpmemctx );
1126 fstr->bv_len = vrf->vrf_av_desc->ad_cname.bv_len +
1127 tmp.bv_len + ( sizeof("(>=)") - 1 );
1128 fstr->bv_val = op->o_tmpalloc( fstr->bv_len + 1, op->o_tmpmemctx );
1130 snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s>=%s)",
1131 vrf->vrf_av_desc->ad_cname.bv_val,
1134 ber_memfree_x( tmp.bv_val, op->o_tmpmemctx );
1137 case LDAP_FILTER_LE:
1138 filter_escape_value_x( &vrf->vrf_av_value, &tmp, op->o_tmpmemctx );
1140 fstr->bv_len = vrf->vrf_av_desc->ad_cname.bv_len +
1141 tmp.bv_len + ( sizeof("(<=)") - 1 );
1142 fstr->bv_val = op->o_tmpalloc( fstr->bv_len + 1, op->o_tmpmemctx );
1144 snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s<=%s)",
1145 vrf->vrf_av_desc->ad_cname.bv_val,
1148 ber_memfree_x( tmp.bv_val, op->o_tmpmemctx );
1151 case LDAP_FILTER_APPROX:
1152 filter_escape_value_x( &vrf->vrf_av_value, &tmp, op->o_tmpmemctx );
1154 fstr->bv_len = vrf->vrf_av_desc->ad_cname.bv_len +
1155 tmp.bv_len + ( sizeof("(~=)") - 1 );
1156 fstr->bv_val = op->o_tmpalloc( fstr->bv_len + 1, op->o_tmpmemctx );
1158 snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s~=%s)",
1159 vrf->vrf_av_desc->ad_cname.bv_val,
1161 ber_memfree_x( tmp.bv_val, op->o_tmpmemctx );
1164 case LDAP_FILTER_SUBSTRINGS:
1165 fstr->bv_len = vrf->vrf_sub_desc->ad_cname.bv_len +
1166 ( sizeof("(=*)") - 1 );
1167 fstr->bv_val = op->o_tmpalloc( fstr->bv_len + 128, op->o_tmpmemctx );
1169 snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s=*)",
1170 vrf->vrf_sub_desc->ad_cname.bv_val );
1172 if ( vrf->vrf_sub_initial.bv_val != NULL ) {
1175 filter_escape_value_x( &vrf->vrf_sub_initial, &tmp, op->o_tmpmemctx );
1177 fstr->bv_len += tmp.bv_len;
1178 fstr->bv_val = op->o_tmprealloc( fstr->bv_val, fstr->bv_len + 1,
1181 snprintf( &fstr->bv_val[len-2], tmp.bv_len+3,
1182 /* "(attr=" */ "%s*)",
1185 ber_memfree_x( tmp.bv_val, op->o_tmpmemctx );
1188 if ( vrf->vrf_sub_any != NULL ) {
1190 for ( i = 0; vrf->vrf_sub_any[i].bv_val != NULL; i++ ) {
1192 filter_escape_value_x( &vrf->vrf_sub_any[i], &tmp,
1195 fstr->bv_len += tmp.bv_len + 1;
1196 fstr->bv_val = op->o_tmprealloc( fstr->bv_val,
1197 fstr->bv_len + 1, op->o_tmpmemctx );
1199 snprintf( &fstr->bv_val[len-1], tmp.bv_len+3,
1200 /* "(attr=[init]*[any*]" */ "%s*)",
1202 ber_memfree_x( tmp.bv_val, op->o_tmpmemctx );
1206 if ( vrf->vrf_sub_final.bv_val != NULL ) {
1209 filter_escape_value_x( &vrf->vrf_sub_final, &tmp, op->o_tmpmemctx );
1211 fstr->bv_len += tmp.bv_len;
1212 fstr->bv_val = op->o_tmprealloc( fstr->bv_val, fstr->bv_len + 1,
1215 snprintf( &fstr->bv_val[len-1], tmp.bv_len+3,
1216 /* "(attr=[init*][any*]" */ "%s)",
1219 ber_memfree_x( tmp.bv_val, op->o_tmpmemctx );
1224 case LDAP_FILTER_PRESENT:
1225 fstr->bv_len = vrf->vrf_desc->ad_cname.bv_len +
1226 ( sizeof("(=*)") - 1 );
1227 fstr->bv_val = op->o_tmpalloc( fstr->bv_len + 1, op->o_tmpmemctx );
1229 snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s=*)",
1230 vrf->vrf_desc->ad_cname.bv_val );
1233 case LDAP_FILTER_EXT: {
1235 filter_escape_value_x( &vrf->vrf_mr_value, &tmp, op->o_tmpmemctx );
1237 if ( vrf->vrf_mr_desc ) {
1238 ad = vrf->vrf_mr_desc->ad_cname;
1244 fstr->bv_len = ad.bv_len +
1245 ( vrf->vrf_mr_dnattrs ? sizeof(":dn")-1 : 0 ) +
1246 ( vrf->vrf_mr_rule_text.bv_len
1247 ? vrf->vrf_mr_rule_text.bv_len+1 : 0 ) +
1248 tmp.bv_len + ( sizeof("(:=)") - 1 );
1249 fstr->bv_val = op->o_tmpalloc( fstr->bv_len + 1, op->o_tmpmemctx );
1251 snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s%s%s%s:=%s)",
1253 vrf->vrf_mr_dnattrs ? ":dn" : "",
1254 vrf->vrf_mr_rule_text.bv_len ? ":" : "",
1255 vrf->vrf_mr_rule_text.bv_len ? vrf->vrf_mr_rule_text.bv_val : "",
1258 ber_memfree_x( tmp.bv_val, op->o_tmpmemctx );
1261 case SLAPD_FILTER_COMPUTED:
1263 vrf->vrf_result == LDAP_COMPARE_FALSE ? "(?=false)" :
1264 vrf->vrf_result == LDAP_COMPARE_TRUE ? "(?=true)" :
1265 vrf->vrf_result == SLAPD_COMPARE_UNDEFINED
1266 ? "(?=undefined)" : "(?=error)",
1267 vrf->vrf_result == LDAP_COMPARE_FALSE ? sizeof("(?=false)")-1 :
1268 vrf->vrf_result == LDAP_COMPARE_TRUE ? sizeof("(?=true)")-1 :
1269 vrf->vrf_result == SLAPD_COMPARE_UNDEFINED
1270 ? sizeof("(?=undefined)")-1 : sizeof("(?=error)")-1,
1271 1, fstr, op->o_tmpmemctx );
1275 ber_str2bv_x( "(?=unknown)", sizeof("(?=unknown)")-1,
1276 1, fstr, op->o_tmpmemctx );
projects / openldap / blob