1 /* filter.c - routines for parsing and dealing with filters */
4 * Copyright 1998-2000 The OpenLDAP Foundation, All Rights Reserved.
5 * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
12 #include <ac/socket.h>
13 #include <ac/string.h>
17 static int get_filter_list(
24 static int get_substring_filter(
31 static int filter_escape_value(
48 struct berval escaped;
50 Debug( LDAP_DEBUG_FILTER, "begin get_filter\n", 0, 0, 0 );
53 * A filter looks like this coming in:
55 * and [0] SET OF Filter,
56 * or [1] SET OF Filter,
58 * equalityMatch [3] AttributeValueAssertion,
59 * substrings [4] SubstringFilter,
60 * greaterOrEqual [5] AttributeValueAssertion,
61 * lessOrEqual [6] AttributeValueAssertion,
62 * present [7] AttributeType,,
63 * approxMatch [8] AttributeValueAssertion
64 * extensibleMatch [9] MatchingRuleAssertion
67 * SubstringFilter ::= SEQUENCE {
69 * SEQUENCE OF CHOICE {
70 * initial [0] IA5String,
76 * MatchingRuleAssertion ::= SEQUENCE {
77 * matchingRule [1] MatchingRuleId OPTIONAL,
78 * type [2] AttributeDescription OPTIONAL,
79 * matchValue [3] AssertionValue,
80 * dnAttributes [4] BOOLEAN DEFAULT FALSE
85 tag = ber_peek_tag( ber, &len );
87 if( tag == LBER_ERROR ) {
88 *text = "error decoding filter";
89 return SLAPD_DISCONNECT;
92 f = (Filter *) ch_malloc( sizeof(Filter) );
99 switch ( f->f_choice ) {
100 case LDAP_FILTER_EQUALITY:
101 Debug( LDAP_DEBUG_FILTER, "EQUALITY\n", 0, 0, 0 );
103 err = get_ava( ber, &f->f_ava, SLAP_MR_EQUALITY, text );
104 if ( err != LDAP_SUCCESS ) {
108 assert( f->f_ava != NULL );
110 filter_escape_value( f->f_av_value, &escaped );
112 *fstr = ch_malloc( sizeof("(=)")
113 + f->f_av_desc->ad_cname->bv_len
116 sprintf( *fstr, "(%s=%s)",
117 f->f_av_desc->ad_cname->bv_val,
120 ber_memfree( escaped.bv_val );
123 case LDAP_FILTER_SUBSTRINGS:
124 Debug( LDAP_DEBUG_FILTER, "SUBSTRINGS\n", 0, 0, 0 );
125 err = get_substring_filter( conn, ber, f, fstr, text );
129 Debug( LDAP_DEBUG_FILTER, "GE\n", 0, 0, 0 );
131 err = get_ava( ber, &f->f_ava, SLAP_MR_ORDERING, text );
132 if ( err != LDAP_SUCCESS ) {
136 filter_escape_value( f->f_av_value, &escaped );
138 *fstr = ch_malloc( sizeof("(>=)")
139 + f->f_av_desc->ad_cname->bv_len
142 sprintf( *fstr, "(%s>=%s)",
143 f->f_av_desc->ad_cname->bv_val,
146 ber_memfree( escaped.bv_val );
150 Debug( LDAP_DEBUG_FILTER, "LE\n", 0, 0, 0 );
152 err = get_ava( ber, &f->f_ava, SLAP_MR_ORDERING, text );
153 if ( err != LDAP_SUCCESS ) {
158 filter_escape_value( f->f_av_value, &escaped );
160 *fstr = ch_malloc( sizeof("(<=)")
161 + f->f_av_desc->ad_cname->bv_len
164 sprintf( *fstr, "(%s<=%s)",
165 f->f_av_desc->ad_cname->bv_val,
168 ber_memfree( escaped.bv_val );
171 case LDAP_FILTER_PRESENT: {
174 Debug( LDAP_DEBUG_FILTER, "PRESENT\n", 0, 0, 0 );
176 if ( ber_scanf( ber, "o", &type ) == LBER_ERROR ) {
177 err = SLAPD_DISCONNECT;
178 *text = "error decoding filter";
183 err = slap_bv2ad( &type, &f->f_desc, text );
185 if( err != LDAP_SUCCESS ) {
186 ch_free( type.bv_val );
190 ch_free( type.bv_val );
192 *fstr = ch_malloc( sizeof("(=*)")
193 + f->f_desc->ad_cname->bv_len );
194 sprintf( *fstr, "(%s=*)",
195 f->f_desc->ad_cname->bv_val );
199 case LDAP_FILTER_APPROX:
200 Debug( LDAP_DEBUG_FILTER, "APPROX\n", 0, 0, 0 );
202 err = get_ava( ber, &f->f_ava, SLAP_MR_EQUALITY_APPROX, text );
203 if ( err != LDAP_SUCCESS ) {
207 filter_escape_value( f->f_av_value, &escaped );
209 *fstr = ch_malloc( sizeof("(~=)")
210 + f->f_av_desc->ad_cname->bv_len
213 sprintf( *fstr, "(%s~=%s)",
214 f->f_av_desc->ad_cname->bv_val,
217 ber_memfree( escaped.bv_val );
220 case LDAP_FILTER_AND:
221 Debug( LDAP_DEBUG_FILTER, "AND\n", 0, 0, 0 );
222 err = get_filter_list( conn, ber, &f->f_and, &ftmp, text );
223 if ( err != LDAP_SUCCESS ) {
226 *fstr = ch_malloc( sizeof("(&)")
227 + ( ftmp == NULL ? 0 : strlen( ftmp ) ) );
228 sprintf( *fstr, "(&%s)",
229 ftmp == NULL ? "" : ftmp );
233 Debug( LDAP_DEBUG_FILTER, "OR\n", 0, 0, 0 );
234 err = get_filter_list( conn, ber, &f->f_and, &ftmp, text );
235 if ( err != LDAP_SUCCESS ) {
238 *fstr = ch_malloc( sizeof("(!)")
239 + ( ftmp == NULL ? 0 : strlen( ftmp ) ) );
240 sprintf( *fstr, "(|%s)",
241 ftmp == NULL ? "" : ftmp );
244 case LDAP_FILTER_NOT:
245 Debug( LDAP_DEBUG_FILTER, "NOT\n", 0, 0, 0 );
246 (void) ber_skip_tag( ber, &len );
247 err = get_filter( conn, ber, &f->f_not, &ftmp, text );
248 if ( err != LDAP_SUCCESS ) {
251 *fstr = ch_malloc( sizeof("(!)")
252 + ( ftmp == NULL ? 0 : strlen( ftmp ) ) );
253 sprintf( *fstr, "(!%s)",
254 ftmp == NULL ? "" : ftmp );
257 case LDAP_FILTER_EXT:
258 Debug( LDAP_DEBUG_FILTER, "EXTENSIBLE\n", 0, 0, 0 );
260 err = get_mra( ber, &f->f_mra, text );
261 if ( err != LDAP_SUCCESS ) {
265 assert( f->f_mra != NULL );
267 filter_escape_value( f->f_mr_value, &escaped );
269 *fstr = ch_malloc( sizeof("(:dn::=)")
270 + (f->f_mr_desc ? f->f_mr_desc->ad_cname->bv_len : 0)
271 + (f->f_mr_rule_text ? strlen(f->f_mr_rule_text) : 0)
274 sprintf( *fstr, "(%s%s%s%s:=%s)",
275 (f->f_mr_desc ? f->f_mr_desc->ad_cname->bv_val : ""),
276 (f->f_mr_dnattrs ? ":dn" : ""),
277 (f->f_mr_rule_text ? ":" : ""),
278 (f->f_mr_rule_text ? f->f_mr_rule_text : ""),
281 ber_memfree( escaped.bv_val );
285 (void) ber_skip_tag( ber, &len );
286 Debug( LDAP_DEBUG_ANY, "get_filter: unknown filter type=%lu\n",
288 f->f_choice = SLAPD_FILTER_COMPUTED;
289 f->f_result = SLAPD_COMPARE_UNDEFINED;
290 *fstr = ch_strdup( "(undefined)" );
296 if ( err != LDAP_SUCCESS ) {
297 if ( *fstr != NULL ) {
301 if( err != SLAPD_DISCONNECT ) {
303 f->f_choice = SLAPD_FILTER_COMPUTED;
304 f->f_result = SLAPD_COMPARE_UNDEFINED;
305 *fstr = ch_strdup( "(badfilter)" );
316 Debug( LDAP_DEBUG_FILTER, "end get_filter %d\n", err, 0, 0 );
321 get_filter_list( Connection *conn, BerElement *ber,
322 Filter **f, char **fstr,
331 Debug( LDAP_DEBUG_FILTER, "begin get_filter_list\n", 0, 0, 0 );
335 for ( tag = ber_first_element( ber, &len, &last ); tag != LBER_DEFAULT;
336 tag = ber_next_element( ber, &len, last ) )
338 err = get_filter( conn, ber, new, &ftmp, text );
339 if ( err != LDAP_SUCCESS )
342 if ( *fstr == NULL ) {
345 *fstr = ch_realloc( *fstr, strlen( *fstr ) +
346 strlen( ftmp ) + 1 );
347 strcat( *fstr, ftmp );
350 new = &(*new)->f_next;
354 Debug( LDAP_DEBUG_FILTER, "end get_filter_list\n", 0, 0, 0 );
355 return( LDAP_SUCCESS );
359 get_substring_filter(
370 struct berval *value;
371 struct berval escaped;
374 struct berval *nvalue;
375 *text = "error decoding filter";
377 Debug( LDAP_DEBUG_FILTER, "begin get_substring_filter\n", 0, 0, 0 );
379 if ( ber_scanf( ber, "{o" /*}*/, &type ) == LBER_ERROR ) {
380 return SLAPD_DISCONNECT;
383 f->f_sub = ch_calloc( 1, sizeof(SubstringsAssertion) );
384 f->f_sub_desc = NULL;
385 rc = slap_bv2ad( &type, &f->f_sub_desc, text );
387 ch_free( type.bv_val );
389 if( rc != LDAP_SUCCESS ) {
392 f->f_choice = SLAPD_FILTER_COMPUTED;
393 f->f_result = SLAPD_COMPARE_UNDEFINED;
394 *fstr = ch_strdup( "(undefined)" );
398 f->f_sub_initial = NULL;
400 f->f_sub_final = NULL;
403 *fstr = ch_malloc( sizeof("(=" /*)*/) +
404 f->f_sub_desc->ad_cname->bv_len );
405 sprintf( *fstr, "(%s=" /*)*/, f->f_sub_desc->ad_cname->bv_val );
408 for ( tag = ber_first_element( ber, &len, &last ); tag != LBER_DEFAULT;
409 tag = ber_next_element( ber, &len, last ) )
413 rc = ber_scanf( ber, "O", &value );
414 if ( rc == LBER_ERROR ) {
415 rc = SLAPD_DISCONNECT;
419 if ( value == NULL || value->bv_len == 0 ) {
421 rc = LDAP_INVALID_SYNTAX;
426 case LDAP_SUBSTRING_INITIAL:
427 usage = SLAP_MR_SUBSTR_INITIAL;
430 case LDAP_SUBSTRING_ANY:
431 usage = SLAP_MR_SUBSTR_ANY;
434 case LDAP_SUBSTRING_FINAL:
435 usage = SLAP_MR_SUBSTR_FINAL;
439 rc = LDAP_PROTOCOL_ERROR;
441 Debug( LDAP_DEBUG_FILTER,
442 " unknown substring choice=%ld\n",
449 rc = value_normalize( f->f_sub_desc, usage, value, &nvalue, text );
452 if( rc != LDAP_SUCCESS ) {
458 rc = LDAP_PROTOCOL_ERROR;
461 case LDAP_SUBSTRING_INITIAL:
462 Debug( LDAP_DEBUG_FILTER, " INITIAL\n", 0, 0, 0 );
463 if ( f->f_sub_initial != NULL ) {
468 f->f_sub_initial = value;
471 filter_escape_value( value, &escaped );
472 *fstr = ch_realloc( *fstr,
473 strlen( *fstr ) + escaped.bv_len + 1 );
474 strcat( *fstr, escaped.bv_val );
475 ber_memfree( escaped.bv_val );
479 case LDAP_SUBSTRING_ANY:
480 Debug( LDAP_DEBUG_FILTER, " ANY\n", 0, 0, 0 );
481 if( ber_bvecadd( &f->f_sub_any, value ) < 0 ) {
487 filter_escape_value( value, &escaped );
488 *fstr = ch_realloc( *fstr,
489 strlen( *fstr ) + escaped.bv_len + 2 );
490 strcat( *fstr, "*" );
491 strcat( *fstr, escaped.bv_val );
492 ber_memfree( escaped.bv_val );
496 case LDAP_SUBSTRING_FINAL:
497 Debug( LDAP_DEBUG_FILTER, " FINAL\n", 0, 0, 0 );
498 if ( f->f_sub_final != NULL ) {
502 f->f_sub_final = value;
505 filter_escape_value( value, &escaped );
506 *fstr = ch_realloc( *fstr,
507 strlen( *fstr ) + escaped.bv_len + 2 );
508 strcat( *fstr, "*" );
509 strcat( *fstr, escaped.bv_val );
510 ber_memfree( escaped.bv_val );
515 Debug( LDAP_DEBUG_FILTER,
516 " unknown substring type=%ld\n",
522 Debug( LDAP_DEBUG_FILTER, " error=%ld\n",
530 ad_free( f->f_sub_desc, 1 );
531 ber_bvfree( f->f_sub_initial );
532 ber_bvecfree( f->f_sub_any );
533 ber_bvfree( f->f_sub_final );
540 *fstr = ch_realloc( *fstr, strlen( *fstr ) + 3 );
541 if ( f->f_sub_final == NULL ) {
542 strcat( *fstr, "*" );
544 strcat( *fstr, /*(*/ ")" );
547 Debug( LDAP_DEBUG_FILTER, "end get_substring_filter\n", 0, 0, 0 );
548 return( LDAP_SUCCESS );
552 filter_free( Filter *f )
560 switch ( f->f_choice ) {
561 case LDAP_FILTER_PRESENT:
562 ad_free( f->f_desc, 1 );
565 case LDAP_FILTER_EQUALITY:
568 case LDAP_FILTER_APPROX:
569 ava_free( f->f_ava, 1 );
572 case LDAP_FILTER_SUBSTRINGS:
573 ad_free( f->f_sub_desc, 1 );
574 if ( f->f_sub_initial != NULL ) {
575 ber_bvfree( f->f_sub_initial );
577 ber_bvecfree( f->f_sub_any );
578 if ( f->f_sub_final != NULL ) {
579 ber_bvfree( f->f_sub_final );
583 case LDAP_FILTER_AND:
585 case LDAP_FILTER_NOT:
586 for ( p = f->f_list; p != NULL; p = next ) {
592 case SLAPD_FILTER_COMPUTED:
596 Debug( LDAP_DEBUG_ANY, "filter_free: unknown filter type=%lu\n",
606 filter_print( Filter *f )
610 struct berval escaped;
613 fprintf( stderr, "No filter!" );
616 switch ( f->f_choice ) {
617 case LDAP_FILTER_EQUALITY:
618 filter_escape_value( f->f_av_value, &escaped );
619 fprintf( stderr, "(%s=%s)",
620 f->f_av_desc->ad_cname->bv_val,
622 ber_memfree( escaped.bv_val );
626 filter_escape_value( f->f_av_value, &escaped );
627 fprintf( stderr, "(%s>=%s)",
628 f->f_av_desc->ad_cname->bv_val,
630 ber_memfree( escaped.bv_val );
634 filter_escape_value( f->f_av_value, &escaped );
635 fprintf( stderr, "(%s<=%s)",
636 f->f_ava->aa_desc->ad_cname->bv_val,
638 ber_memfree( escaped.bv_val );
641 case LDAP_FILTER_APPROX:
642 filter_escape_value( f->f_av_value, &escaped );
643 fprintf( stderr, "(%s~=%s)",
644 f->f_ava->aa_desc->ad_cname->bv_val,
646 ber_memfree( escaped.bv_val );
649 case LDAP_FILTER_SUBSTRINGS:
650 fprintf( stderr, "(%s=" /*)*/,
651 f->f_sub_desc->ad_cname->bv_val );
652 if ( f->f_sub_initial != NULL ) {
653 filter_escape_value( f->f_sub_initial, &escaped );
654 fprintf( stderr, "%s",
656 ber_memfree( escaped.bv_val );
658 if ( f->f_sub_any != NULL ) {
659 for ( i = 0; f->f_sub_any[i] != NULL; i++ ) {
660 filter_escape_value( f->f_sub_any[i], &escaped );
661 fprintf( stderr, "*%s",
663 ber_memfree( escaped.bv_val );
666 if ( f->f_sub_final != NULL ) {
667 filter_escape_value( f->f_sub_final, &escaped );
669 "*%s", escaped.bv_val );
670 ber_memfree( escaped.bv_val );
672 fprintf( stderr, /*(*/ ")" );
675 case LDAP_FILTER_PRESENT:
676 fprintf( stderr, "(%s=*)",
677 f->f_desc->ad_cname->bv_val );
680 case LDAP_FILTER_AND:
682 case LDAP_FILTER_NOT:
683 fprintf( stderr, "(%c" /*)*/,
684 f->f_choice == LDAP_FILTER_AND ? '&' :
685 f->f_choice == LDAP_FILTER_OR ? '|' : '!' );
686 for ( p = f->f_list; p != NULL; p = p->f_next ) {
689 fprintf( stderr, /*(*/ ")" );
692 case SLAPD_FILTER_COMPUTED:
693 fprintf( stderr, "(?=%s)",
694 f->f_result == LDAP_COMPARE_FALSE ? "false" :
695 f->f_result == LDAP_COMPARE_TRUE ? "true" :
696 f->f_result == SLAPD_COMPARE_UNDEFINED ? "undefined" :
701 fprintf( stderr, "(unknown-filter=%lu)", f->f_choice );
706 #endif /* ldap_debug */
708 int filter_escape_value(
716 out->bv_val = (char *) ch_malloc( ( in->bv_len * 3 ) + 1 );
719 for( i=0; i < in->bv_len ; i++ ) {
720 if( FILTER_ESCAPE(in->bv_val[i]) ) {
721 out->bv_val[out->bv_len++] = SLAP_ESCAPE_CHAR;
722 out->bv_val[out->bv_len++] = SLAP_ESCAPE_HI( in->bv_val[i] );
723 out->bv_val[out->bv_len++] = SLAP_ESCAPE_LO( in->bv_val[i] );
725 out->bv_val[out->bv_len++] = in->bv_val[i];
729 out->bv_val[out->bv_len] = '\0';