1 /* filter.c - routines for parsing and dealing with filters */
4 * Copyright 1998-2003 The OpenLDAP Foundation, All Rights Reserved.
5 * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
12 #include <ac/socket.h>
13 #include <ac/string.h>
17 static int get_filter_list(
26 SubstringsAssertion **s,
29 static void simple_vrFilter2bv(
31 ValuesReturnFilter *f,
32 struct berval *fstr );
34 static int get_simple_vrFilter(
37 ValuesReturnFilter **f,
53 LDAP_LOG( FILTER, ENTRY, "get_filter: conn %d\n", op->o_connid, 0, 0 );
55 Debug( LDAP_DEBUG_FILTER, "begin get_filter\n", 0, 0, 0 );
58 * A filter looks like this coming in:
60 * and [0] SET OF Filter,
61 * or [1] SET OF Filter,
63 * equalityMatch [3] AttributeValueAssertion,
64 * substrings [4] SubstringFilter,
65 * greaterOrEqual [5] AttributeValueAssertion,
66 * lessOrEqual [6] AttributeValueAssertion,
67 * present [7] AttributeType,,
68 * approxMatch [8] AttributeValueAssertion
69 * extensibleMatch [9] MatchingRuleAssertion
72 * SubstringFilter ::= SEQUENCE {
74 * SEQUENCE OF CHOICE {
75 * initial [0] IA5String,
81 * MatchingRuleAssertion ::= SEQUENCE {
82 * matchingRule [1] MatchingRuleId OPTIONAL,
83 * type [2] AttributeDescription OPTIONAL,
84 * matchValue [3] AssertionValue,
85 * dnAttributes [4] BOOLEAN DEFAULT FALSE
90 tag = ber_peek_tag( ber, &len );
92 if( tag == LBER_ERROR ) {
93 *text = "error decoding filter";
94 return SLAPD_DISCONNECT;
102 switch ( f.f_choice ) {
103 case LDAP_FILTER_EQUALITY:
105 LDAP_LOG( FILTER, DETAIL2,
106 "get_filter: conn %d EQUALITY\n", op->o_connid, 0, 0 );
108 Debug( LDAP_DEBUG_FILTER, "EQUALITY\n", 0, 0, 0 );
110 err = get_ava( op, ber, &f.f_ava, SLAP_MR_EQUALITY, text );
111 if ( err != LDAP_SUCCESS ) {
115 assert( f.f_ava != NULL );
118 case LDAP_FILTER_SUBSTRINGS:
120 LDAP_LOG( FILTER, DETAIL1,
121 "get_filter: conn %d SUBSTRINGS\n", op->o_connid, 0, 0 );
123 Debug( LDAP_DEBUG_FILTER, "SUBSTRINGS\n", 0, 0, 0 );
125 err = get_ssa( op, ber, &f.f_sub, text );
126 if( err != LDAP_SUCCESS ) {
129 assert( f.f_sub != NULL );
134 LDAP_LOG( FILTER, DETAIL1,
135 "get_filter: conn %d GE\n", op->o_connid, 0, 0 );
137 Debug( LDAP_DEBUG_FILTER, "GE\n", 0, 0, 0 );
139 err = get_ava( op, ber, &f.f_ava, SLAP_MR_ORDERING, text );
140 if ( err != LDAP_SUCCESS ) {
143 assert( f.f_ava != NULL );
148 LDAP_LOG( FILTER, DETAIL1,
149 "get_filter: conn %d LE\n", op->o_connid, 0, 0 );
151 Debug( LDAP_DEBUG_FILTER, "LE\n", 0, 0, 0 );
153 err = get_ava( op, ber, &f.f_ava, SLAP_MR_ORDERING, text );
154 if ( err != LDAP_SUCCESS ) {
157 assert( f.f_ava != NULL );
160 case LDAP_FILTER_PRESENT: {
164 LDAP_LOG( FILTER, DETAIL1,
165 "get_filter: conn %d PRESENT\n", op->o_connid, 0, 0 );
167 Debug( LDAP_DEBUG_FILTER, "PRESENT\n", 0, 0, 0 );
169 if ( ber_scanf( ber, "m", &type ) == LBER_ERROR ) {
170 err = SLAPD_DISCONNECT;
171 *text = "error decoding filter";
176 err = slap_bv2ad( &type, &f.f_desc, text );
178 if( err != LDAP_SUCCESS ) {
179 /* unrecognized attribute description or other error */
180 f.f_choice = SLAPD_FILTER_COMPUTED;
181 f.f_result = LDAP_COMPARE_FALSE;
187 assert( f.f_desc != NULL );
190 case LDAP_FILTER_APPROX:
192 LDAP_LOG( FILTER, DETAIL1,
193 "get_filter: conn %d APPROX\n", op->o_connid, 0, 0 );
195 Debug( LDAP_DEBUG_FILTER, "APPROX\n", 0, 0, 0 );
197 err = get_ava( op, ber, &f.f_ava, SLAP_MR_EQUALITY_APPROX, text );
198 if ( err != LDAP_SUCCESS ) {
201 assert( f.f_ava != NULL );
204 case LDAP_FILTER_AND:
206 LDAP_LOG( FILTER, DETAIL1,
207 "get_filter: conn %d AND\n", op->o_connid, 0, 0 );
209 Debug( LDAP_DEBUG_FILTER, "AND\n", 0, 0, 0 );
211 err = get_filter_list( op, ber, &f.f_and, text );
212 if ( err != LDAP_SUCCESS ) {
215 /* no assert - list could be empty */
220 LDAP_LOG( FILTER, DETAIL1,
221 "get_filter: conn %d OR\n", op->o_connid, 0, 0 );
223 Debug( LDAP_DEBUG_FILTER, "OR\n", 0, 0, 0 );
225 err = get_filter_list( op, ber, &f.f_or, text );
226 if ( err != LDAP_SUCCESS ) {
229 /* no assert - list could be empty */
232 case LDAP_FILTER_NOT:
234 LDAP_LOG( FILTER, DETAIL1,
235 "get_filter: conn %d NOT\n", op->o_connid, 0, 0 );
237 Debug( LDAP_DEBUG_FILTER, "NOT\n", 0, 0, 0 );
239 (void) ber_skip_tag( ber, &len );
240 err = get_filter( op, ber, &f.f_not, text );
241 if ( err != LDAP_SUCCESS ) {
245 assert( f.f_not != NULL );
248 case LDAP_FILTER_EXT:
250 LDAP_LOG( FILTER, DETAIL1,
251 "get_filter: conn %d EXTENSIBLE\n", op->o_connid, 0, 0 );
253 Debug( LDAP_DEBUG_FILTER, "EXTENSIBLE\n", 0, 0, 0 );
256 err = get_mra( op, ber, &f.f_mra, text );
257 if ( err != LDAP_SUCCESS ) {
261 assert( f.f_mra != NULL );
265 (void) ber_scanf( ber, "x" ); /* skip the element */
267 LDAP_LOG( FILTER, ERR,
268 "get_filter: conn %d unknown filter type=%lu\n",
269 op->o_connid, f.f_choice, 0 );
271 Debug( LDAP_DEBUG_ANY, "get_filter: unknown filter type=%lu\n",
274 f.f_choice = SLAPD_FILTER_COMPUTED;
275 f.f_result = SLAPD_COMPARE_UNDEFINED;
279 if( err != LDAP_SUCCESS && err != SLAPD_DISCONNECT ) {
281 f.f_choice = SLAPD_FILTER_COMPUTED;
282 f.f_result = SLAPD_COMPARE_UNDEFINED;
286 if ( err == LDAP_SUCCESS ) {
287 *filt = op->o_tmpalloc( sizeof(f), op->o_tmpmemctx );
292 LDAP_LOG( FILTER, DETAIL2,
293 "get_filter: conn %d exit\n", op->o_connid, 0, 0 );
295 Debug( LDAP_DEBUG_FILTER, "end get_filter %d\n", err, 0, 0 );
302 get_filter_list( Operation *op, BerElement *ber,
313 LDAP_LOG( FILTER, ENTRY,
314 "get_filter_list: conn %d start\n", op->o_connid, 0, 0 );
316 Debug( LDAP_DEBUG_FILTER, "begin get_filter_list\n", 0, 0, 0 );
319 for ( tag = ber_first_element( ber, &len, &last );
321 tag = ber_next_element( ber, &len, last ) )
323 err = get_filter( op, ber, new, text );
324 if ( err != LDAP_SUCCESS )
326 new = &(*new)->f_next;
331 LDAP_LOG( FILTER, ENTRY,
332 "get_filter_list: conn %d exit\n", op->o_connid, 0, 0 );
334 Debug( LDAP_DEBUG_FILTER, "end get_filter_list\n", 0, 0, 0 );
336 return( LDAP_SUCCESS );
343 SubstringsAssertion **out,
349 struct berval desc, value, nvalue;
351 SubstringsAssertion ssa;
353 *text = "error decoding filter";
356 LDAP_LOG( FILTER, ENTRY,
357 "get_ssa: conn %d begin\n", op->o_connid, 0, 0 );
359 Debug( LDAP_DEBUG_FILTER, "begin get_ssa\n", 0, 0, 0 );
361 if ( ber_scanf( ber, "{m" /*}*/, &desc ) == LBER_ERROR ) {
362 return SLAPD_DISCONNECT;
368 ssa.sa_initial.bv_val = NULL;
370 ssa.sa_final.bv_val = NULL;
372 rc = slap_bv2ad( &desc, &ssa.sa_desc, text );
374 if( rc != LDAP_SUCCESS ) {
378 rc = LDAP_PROTOCOL_ERROR;
380 for ( tag = ber_first_element( ber, &len, &last );
382 tag = ber_next_element( ber, &len, last ) )
386 rc = ber_scanf( ber, "m", &value );
387 if ( rc == LBER_ERROR ) {
388 rc = SLAPD_DISCONNECT;
392 if ( value.bv_val == NULL || value.bv_len == 0 ) {
393 rc = LDAP_INVALID_SYNTAX;
398 case LDAP_SUBSTRING_INITIAL:
399 usage = SLAP_MR_SUBSTR_INITIAL;
402 case LDAP_SUBSTRING_ANY:
403 usage = SLAP_MR_SUBSTR_ANY;
406 case LDAP_SUBSTRING_FINAL:
407 usage = SLAP_MR_SUBSTR_FINAL;
411 rc = LDAP_PROTOCOL_ERROR;
414 LDAP_LOG( FILTER, ERR,
415 "get_filter_substring: conn %d unknown substring choice=%ld\n",
416 op->o_connid, (long)tag, 0 );
418 Debug( LDAP_DEBUG_FILTER,
419 " unknown substring choice=%ld\n",
426 /* validate/normalize using equality matching rule validator! */
427 rc = asserted_value_validate_normalize(
428 ssa.sa_desc, ssa.sa_desc->ad_type->sat_equality,
429 usage, &value, &nvalue, text, op->o_tmpmemctx );
431 if( rc != LDAP_SUCCESS ) {
435 rc = LDAP_PROTOCOL_ERROR;
438 case LDAP_SUBSTRING_INITIAL:
440 LDAP_LOG( FILTER, DETAIL1,
441 "get_ssa: conn %d INITIAL\n",
442 op->o_connid, 0, 0 );
444 Debug( LDAP_DEBUG_FILTER, " INITIAL\n", 0, 0, 0 );
447 if ( ssa.sa_initial.bv_val != NULL
448 || ssa.sa_any != NULL
449 || ssa.sa_final.bv_val != NULL )
451 sl_free( nvalue.bv_val, op->o_tmpmemctx );
455 ssa.sa_initial = nvalue;
458 case LDAP_SUBSTRING_ANY:
460 LDAP_LOG( FILTER, DETAIL1,
461 "get_ssa: conn %d ANY\n",
462 op->o_connid, 0, 0 );
464 Debug( LDAP_DEBUG_FILTER, " ANY\n", 0, 0, 0 );
467 if ( ssa.sa_final.bv_val != NULL ) {
468 sl_free( nvalue.bv_val, op->o_tmpmemctx );
472 ber_bvarray_add_x( &ssa.sa_any, &nvalue, op->o_tmpmemctx );
475 case LDAP_SUBSTRING_FINAL:
477 LDAP_LOG( FILTER, DETAIL1,
478 "get_ssa: conn %d FINAL\n",
479 op->o_connid, 0, 0 );
481 Debug( LDAP_DEBUG_FILTER, " FINAL\n", 0, 0, 0 );
484 if ( ssa.sa_final.bv_val != NULL ) {
485 sl_free( nvalue.bv_val, op->o_tmpmemctx );
489 ssa.sa_final = nvalue;
494 LDAP_LOG( FILTER, INFO,
495 "get_ssa: conn %d unknown substring type %ld\n",
496 op->o_connid, (long)tag, 0 );
498 Debug( LDAP_DEBUG_FILTER,
499 " unknown substring type=%ld\n",
504 sl_free( nvalue.bv_val, op->o_tmpmemctx );
508 LDAP_LOG( FILTER, INFO,
509 "get_ssa: conn %d error %ld\n",
510 op->o_connid, (long)rc, 0 );
512 Debug( LDAP_DEBUG_FILTER, " error=%ld\n",
515 sl_free( ssa.sa_initial.bv_val, op->o_tmpmemctx );
516 ber_bvarray_free_x( ssa.sa_any, op->o_tmpmemctx );
517 sl_free( ssa.sa_final.bv_val, op->o_tmpmemctx );
524 if( rc == LDAP_SUCCESS ) {
525 *out = op->o_tmpalloc( sizeof( ssa ), op->o_tmpmemctx );
530 LDAP_LOG( FILTER, ENTRY,
531 "get_ssa: conn %d exit\n", op->o_connid, 0, 0 );
533 Debug( LDAP_DEBUG_FILTER, "end get_ssa\n", 0, 0, 0 );
540 filter_free_x( Operation *op, Filter *f )
548 switch ( f->f_choice ) {
549 case LDAP_FILTER_PRESENT:
552 case LDAP_FILTER_EQUALITY:
555 case LDAP_FILTER_APPROX:
556 ava_free( op, f->f_ava, 1 );
559 case LDAP_FILTER_SUBSTRINGS:
560 if ( f->f_sub_initial.bv_val != NULL ) {
561 op->o_tmpfree( f->f_sub_initial.bv_val, op->o_tmpmemctx );
563 ber_bvarray_free_x( f->f_sub_any, op->o_tmpmemctx );
564 if ( f->f_sub_final.bv_val != NULL ) {
565 op->o_tmpfree( f->f_sub_final.bv_val, op->o_tmpmemctx );
567 op->o_tmpfree( f->f_sub, op->o_tmpmemctx );
570 case LDAP_FILTER_AND:
572 case LDAP_FILTER_NOT:
573 for ( p = f->f_list; p != NULL; p = next ) {
575 filter_free_x( op, p );
579 case LDAP_FILTER_EXT:
580 mra_free( op, f->f_mra, 1 );
583 case SLAPD_FILTER_COMPUTED:
588 LDAP_LOG( FILTER, ERR,
589 "filter_free: unknown filter type %lu\n", f->f_choice, 0, 0 );
591 Debug( LDAP_DEBUG_ANY, "filter_free: unknown filter type=%lu\n",
597 op->o_tmpfree( f, op->o_tmpmemctx );
601 filter_free( Filter *f )
605 op.o_tmpmemctx = sl_context( f );
606 op.o_tmpmfuncs = &sl_mfuncs;
607 filter_free_x( &op, f );
611 filter2bv_x( Operation *op, Filter *f, struct berval *fstr )
619 ber_str2bv_x( "No filter!", sizeof("No filter!")-1, 1, fstr, op->o_tmpmemctx );
623 switch ( f->f_choice ) {
624 case LDAP_FILTER_EQUALITY:
625 filter_escape_value_x( &f->f_av_value, &tmp, op->o_tmpmemctx );
627 fstr->bv_len = f->f_av_desc->ad_cname.bv_len +
628 tmp.bv_len + ( sizeof("(=)") - 1 );
629 fstr->bv_val = op->o_tmpalloc( fstr->bv_len + 1, op->o_tmpmemctx );
631 snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s=%s)",
632 f->f_av_desc->ad_cname.bv_val,
635 ber_memfree_x( tmp.bv_val, op->o_tmpmemctx );
639 filter_escape_value_x( &f->f_av_value, &tmp, op->o_tmpmemctx );
641 fstr->bv_len = f->f_av_desc->ad_cname.bv_len +
642 tmp.bv_len + ( sizeof("(>=)") - 1 );
643 fstr->bv_val = op->o_tmpalloc( fstr->bv_len + 1, op->o_tmpmemctx );
645 snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s>=%s)",
646 f->f_av_desc->ad_cname.bv_val,
649 ber_memfree_x( tmp.bv_val, op->o_tmpmemctx );
653 filter_escape_value_x( &f->f_av_value, &tmp, op->o_tmpmemctx );
655 fstr->bv_len = f->f_av_desc->ad_cname.bv_len +
656 tmp.bv_len + ( sizeof("(<=)") - 1 );
657 fstr->bv_val = op->o_tmpalloc( fstr->bv_len + 1, op->o_tmpmemctx );
659 snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s<=%s)",
660 f->f_av_desc->ad_cname.bv_val,
663 ber_memfree_x( tmp.bv_val, op->o_tmpmemctx );
666 case LDAP_FILTER_APPROX:
667 filter_escape_value_x( &f->f_av_value, &tmp, op->o_tmpmemctx );
669 fstr->bv_len = f->f_av_desc->ad_cname.bv_len +
670 tmp.bv_len + ( sizeof("(~=)") - 1 );
671 fstr->bv_val = op->o_tmpalloc( fstr->bv_len + 1, op->o_tmpmemctx );
673 snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s~=%s)",
674 f->f_av_desc->ad_cname.bv_val,
676 ber_memfree_x( tmp.bv_val, op->o_tmpmemctx );
679 case LDAP_FILTER_SUBSTRINGS:
680 fstr->bv_len = f->f_sub_desc->ad_cname.bv_len +
681 ( sizeof("(=*)") - 1 );
682 fstr->bv_val = op->o_tmpalloc( fstr->bv_len + 128, op->o_tmpmemctx );
684 snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s=*)",
685 f->f_sub_desc->ad_cname.bv_val );
687 if ( f->f_sub_initial.bv_val != NULL ) {
690 filter_escape_value_x( &f->f_sub_initial, &tmp, op->o_tmpmemctx );
692 fstr->bv_len += tmp.bv_len;
693 fstr->bv_val = op->o_tmprealloc( fstr->bv_val, fstr->bv_len + 1, op->o_tmpmemctx );
695 snprintf( &fstr->bv_val[len-2], tmp.bv_len+3,
696 /* "(attr=" */ "%s*)",
699 ber_memfree_x( tmp.bv_val, op->o_tmpmemctx );
702 if ( f->f_sub_any != NULL ) {
703 for ( i = 0; f->f_sub_any[i].bv_val != NULL; i++ ) {
705 filter_escape_value_x( &f->f_sub_any[i], &tmp, op->o_tmpmemctx );
707 fstr->bv_len += tmp.bv_len + 1;
708 fstr->bv_val = op->o_tmprealloc( fstr->bv_val, fstr->bv_len + 1, op->o_tmpmemctx );
710 snprintf( &fstr->bv_val[len-1], tmp.bv_len+3,
711 /* "(attr=[init]*[any*]" */ "%s*)",
713 ber_memfree_x( tmp.bv_val, op->o_tmpmemctx );
717 if ( f->f_sub_final.bv_val != NULL ) {
720 filter_escape_value_x( &f->f_sub_final, &tmp, op->o_tmpmemctx );
722 fstr->bv_len += tmp.bv_len;
723 fstr->bv_val = op->o_tmprealloc( fstr->bv_val, fstr->bv_len + 1, op->o_tmpmemctx );
725 snprintf( &fstr->bv_val[len-1], tmp.bv_len+3,
726 /* "(attr=[init*][any*]" */ "%s)",
729 ber_memfree_x( tmp.bv_val, op->o_tmpmemctx );
734 case LDAP_FILTER_PRESENT:
735 fstr->bv_len = f->f_desc->ad_cname.bv_len +
736 ( sizeof("(=*)") - 1 );
737 fstr->bv_val = op->o_tmpalloc( fstr->bv_len + 1, op->o_tmpmemctx );
739 snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s=*)",
740 f->f_desc->ad_cname.bv_val );
743 case LDAP_FILTER_AND:
745 case LDAP_FILTER_NOT:
746 fstr->bv_len = sizeof("(%)") - 1;
747 fstr->bv_val = op->o_tmpalloc( fstr->bv_len + 128, op->o_tmpmemctx );
749 snprintf( fstr->bv_val, fstr->bv_len + 1, "(%c)",
750 f->f_choice == LDAP_FILTER_AND ? '&' :
751 f->f_choice == LDAP_FILTER_OR ? '|' : '!' );
753 for ( p = f->f_list; p != NULL; p = p->f_next ) {
756 filter2bv_x( op, p, &tmp );
758 fstr->bv_len += tmp.bv_len;
759 fstr->bv_val = op->o_tmprealloc( fstr->bv_val, fstr->bv_len + 1, op->o_tmpmemctx );
761 snprintf( &fstr->bv_val[len-1], tmp.bv_len + 2,
762 /*"("*/ "%s)", tmp.bv_val );
764 op->o_tmpfree( tmp.bv_val, op->o_tmpmemctx );
769 case LDAP_FILTER_EXT: {
771 filter_escape_value_x( &f->f_mr_value, &tmp, op->o_tmpmemctx );
773 if ( f->f_mr_desc ) {
774 ad = f->f_mr_desc->ad_cname;
780 fstr->bv_len = ad.bv_len +
781 ( f->f_mr_dnattrs ? sizeof(":dn")-1 : 0 ) +
782 ( f->f_mr_rule_text.bv_len ? f->f_mr_rule_text.bv_len+1 : 0 ) +
783 tmp.bv_len + ( sizeof("(:=)") - 1 );
784 fstr->bv_val = op->o_tmpalloc( fstr->bv_len + 1, op->o_tmpmemctx );
786 snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s%s%s%s:=%s)",
788 f->f_mr_dnattrs ? ":dn" : "",
789 f->f_mr_rule_text.bv_len ? ":" : "",
790 f->f_mr_rule_text.bv_len ? f->f_mr_rule_text.bv_val : "",
792 ber_memfree_x( tmp.bv_val, op->o_tmpmemctx );
795 case SLAPD_FILTER_COMPUTED:
797 f->f_result == LDAP_COMPARE_FALSE ? "(?=false)" :
798 f->f_result == LDAP_COMPARE_TRUE ? "(?=true)" :
799 f->f_result == SLAPD_COMPARE_UNDEFINED ? "(?=undefined)" :
801 f->f_result == LDAP_COMPARE_FALSE ? sizeof("(?=false)")-1 :
802 f->f_result == LDAP_COMPARE_TRUE ? sizeof("(?=true)")-1 :
803 f->f_result == SLAPD_COMPARE_UNDEFINED ? sizeof("(?=undefined)")-1 :
804 sizeof("(?=error)")-1,
805 1, fstr, op->o_tmpmemctx );
809 ber_str2bv_x( "(?=unknown)", sizeof("(?=unknown)")-1, 1, fstr, op->o_tmpmemctx );
815 filter2bv( Filter *f, struct berval *fstr )
818 op.o_tmpmemctx = NULL;
819 op.o_tmpmfuncs = &ch_mfuncs;
821 filter2bv_x( &op, f, fstr );
825 filter_escape_value_x(
834 i = in->bv_len * 3 + 1;
835 out->bv_val = ctx ? sl_malloc( i, ctx ) : ch_malloc( i );
838 for( i=0; i < in->bv_len ; i++ ) {
839 if( FILTER_ESCAPE(in->bv_val[i]) ) {
840 out->bv_val[out->bv_len++] = SLAP_ESCAPE_CHAR;
841 out->bv_val[out->bv_len++] = SLAP_ESCAPE_HI( in->bv_val[i] );
842 out->bv_val[out->bv_len++] = SLAP_ESCAPE_LO( in->bv_val[i] );
844 out->bv_val[out->bv_len++] = in->bv_val[i];
848 out->bv_val[out->bv_len] = '\0';
857 return filter_escape_value_x( in, out, NULL );
864 ValuesReturnFilter **filt,
870 ValuesReturnFilter vrf;
873 LDAP_LOG( FILTER, ENTRY,
874 "get_simple_vrFilter: conn %d\n", op->o_connid, 0, 0 );
876 Debug( LDAP_DEBUG_FILTER, "begin get_simple_vrFilter\n", 0, 0, 0 );
879 tag = ber_peek_tag( ber, &len );
881 if( tag == LBER_ERROR ) {
882 *text = "error decoding filter";
883 return SLAPD_DISCONNECT;
889 vrf.vrf_choice = tag;
891 switch ( vrf.vrf_choice ) {
892 case LDAP_FILTER_EQUALITY:
894 LDAP_LOG( FILTER, DETAIL2,
895 "get_simple_vrFilter: conn %d EQUALITY\n", op->o_connid, 0, 0 );
897 Debug( LDAP_DEBUG_FILTER, "EQUALITY\n", 0, 0, 0 );
899 err = get_ava( op, ber, &vrf.vrf_ava, SLAP_MR_EQUALITY, text );
900 if ( err != LDAP_SUCCESS ) {
904 assert( vrf.vrf_ava != NULL );
907 case LDAP_FILTER_SUBSTRINGS:
909 LDAP_LOG( FILTER, DETAIL1,
910 "get_simple_vrFilter: conn %d SUBSTRINGS\n", op->o_connid, 0, 0 );
912 Debug( LDAP_DEBUG_FILTER, "SUBSTRINGS\n", 0, 0, 0 );
914 err = get_ssa( op, ber, &vrf.vrf_sub, text );
919 LDAP_LOG( FILTER, DETAIL1,
920 "get_simple_vrFilter: conn %d GE\n", op->o_connid, 0, 0 );
922 Debug( LDAP_DEBUG_FILTER, "GE\n", 0, 0, 0 );
924 err = get_ava( op, ber, &vrf.vrf_ava, SLAP_MR_ORDERING, text );
925 if ( err != LDAP_SUCCESS ) {
932 LDAP_LOG( FILTER, DETAIL1,
933 "get_simple_vrFilter: conn %d LE\n", op->o_connid, 0, 0 );
935 Debug( LDAP_DEBUG_FILTER, "LE\n", 0, 0, 0 );
937 err = get_ava( op, ber, &vrf.vrf_ava, SLAP_MR_ORDERING, text );
938 if ( err != LDAP_SUCCESS ) {
943 case LDAP_FILTER_PRESENT: {
947 LDAP_LOG( FILTER, DETAIL1,
948 "get_simple_vrFilter: conn %d PRESENT\n", op->o_connid, 0, 0 );
950 Debug( LDAP_DEBUG_FILTER, "PRESENT\n", 0, 0, 0 );
952 if ( ber_scanf( ber, "m", &type ) == LBER_ERROR ) {
953 err = SLAPD_DISCONNECT;
954 *text = "error decoding filter";
959 err = slap_bv2ad( &type, &vrf.vrf_desc, text );
961 if( err != LDAP_SUCCESS ) {
962 /* unrecognized attribute description or other error */
963 vrf.vrf_choice = SLAPD_FILTER_COMPUTED;
964 vrf.vrf_result = LDAP_COMPARE_FALSE;
970 case LDAP_FILTER_APPROX:
972 LDAP_LOG( FILTER, DETAIL1,
973 "get_simple_vrFilter: conn %d APPROX\n", op->o_connid, 0, 0 );
975 Debug( LDAP_DEBUG_FILTER, "APPROX\n", 0, 0, 0 );
977 err = get_ava( op, ber, &vrf.vrf_ava, SLAP_MR_EQUALITY_APPROX, text );
978 if ( err != LDAP_SUCCESS ) {
983 case LDAP_FILTER_EXT:
985 LDAP_LOG( FILTER, DETAIL1,
986 "get_simple_vrFilter: conn %d EXTENSIBLE\n", op->o_connid, 0, 0 );
988 Debug( LDAP_DEBUG_FILTER, "EXTENSIBLE\n", 0, 0, 0 );
991 err = get_mra( op, ber, &vrf.vrf_mra, text );
992 if ( err != LDAP_SUCCESS ) {
996 assert( vrf.vrf_mra != NULL );
1000 (void) ber_scanf( ber, "x" ); /* skip the element */
1002 LDAP_LOG( FILTER, ERR,
1003 "get_simple_vrFilter: conn %d unknown filter type=%lu\n",
1004 op->o_connid, vrf.vrf_choice, 0 );
1006 Debug( LDAP_DEBUG_ANY, "get_simple_vrFilter: unknown filter type=%lu\n",
1007 vrf.vrf_choice, 0, 0 );
1009 vrf.vrf_choice = SLAPD_FILTER_COMPUTED;
1010 vrf.vrf_result = SLAPD_COMPARE_UNDEFINED;
1014 if ( err != LDAP_SUCCESS && err != SLAPD_DISCONNECT ) {
1016 vrf.vrf_choice = SLAPD_FILTER_COMPUTED;
1017 vrf.vrf_result = SLAPD_COMPARE_UNDEFINED;
1021 if ( err == LDAP_SUCCESS ) {
1022 *filt = ch_malloc( sizeof vrf );
1027 LDAP_LOG( FILTER, DETAIL2,
1028 "get_simple_vrFilter: conn %d exit\n", op->o_connid, 0, 0 );
1030 Debug( LDAP_DEBUG_FILTER, "end get_simple_vrFilter %d\n", err, 0, 0 );
1037 get_vrFilter( Operation *op, BerElement *ber,
1038 ValuesReturnFilter **vrf,
1042 * A ValuesReturnFilter looks like this:
1044 * ValuesReturnFilter ::= SEQUENCE OF SimpleFilterItem
1045 * SimpleFilterItem ::= CHOICE {
1046 * equalityMatch [3] AttributeValueAssertion,
1047 * substrings [4] SubstringFilter,
1048 * greaterOrEqual [5] AttributeValueAssertion,
1049 * lessOrEqual [6] AttributeValueAssertion,
1050 * present [7] AttributeType,
1051 * approxMatch [8] AttributeValueAssertion,
1052 * extensibleMatch [9] SimpleMatchingAssertion -- LDAPv3
1055 * SubstringFilter ::= SEQUENCE {
1056 * type AttributeType,
1057 * SEQUENCE OF CHOICE {
1058 * initial [0] IA5String,
1059 * any [1] IA5String,
1060 * final [2] IA5String
1064 * SimpleMatchingAssertion ::= SEQUENCE { -- LDAPv3
1065 * matchingRule [1] MatchingRuleId OPTIONAL,
1066 * type [2] AttributeDescription OPTIONAL,
1067 * matchValue [3] AssertionValue }
1070 ValuesReturnFilter **n;
1076 LDAP_LOG( FILTER, ENTRY,
1077 "get_vrFilter: conn %d start\n", op->o_connid, 0, 0 );
1079 Debug( LDAP_DEBUG_FILTER, "begin get_vrFilter\n", 0, 0, 0 );
1082 tag = ber_peek_tag( ber, &len );
1084 if( tag == LBER_ERROR ) {
1085 *text = "error decoding vrFilter";
1086 return SLAPD_DISCONNECT;
1089 if( tag != LBER_SEQUENCE ) {
1090 *text = "error decoding vrFilter, expect SEQUENCE tag";
1091 return SLAPD_DISCONNECT;
1095 for ( tag = ber_first_element( ber, &len, &last );
1096 tag != LBER_DEFAULT;
1097 tag = ber_next_element( ber, &len, last ) )
1099 int err = get_simple_vrFilter( op, ber, n, text );
1101 if ( err != LDAP_SUCCESS ) return( err );
1103 n = &(*n)->vrf_next;
1108 LDAP_LOG( FILTER, ENTRY,
1109 "get_vrFilter: conn %d exit\n", op->o_connid, 0, 0 );
1111 Debug( LDAP_DEBUG_FILTER, "end get_vrFilter\n", 0, 0, 0 );
1113 return( LDAP_SUCCESS );
1117 vrFilter_free( Operation *op, ValuesReturnFilter *vrf )
1119 ValuesReturnFilter *p, *next;
1121 if ( vrf == NULL ) {
1125 for ( p = vrf; p != NULL; p = next ) {
1128 switch ( vrf->vrf_choice ) {
1129 case LDAP_FILTER_PRESENT:
1132 case LDAP_FILTER_EQUALITY:
1133 case LDAP_FILTER_GE:
1134 case LDAP_FILTER_LE:
1135 case LDAP_FILTER_APPROX:
1136 ava_free( op, vrf->vrf_ava, 1 );
1139 case LDAP_FILTER_SUBSTRINGS:
1140 if ( vrf->vrf_sub_initial.bv_val != NULL ) {
1141 op->o_tmpfree( vrf->vrf_sub_initial.bv_val, op->o_tmpmemctx );
1143 ber_bvarray_free_x( vrf->vrf_sub_any, op->o_tmpmemctx );
1144 if ( vrf->vrf_sub_final.bv_val != NULL ) {
1145 op->o_tmpfree( vrf->vrf_sub_final.bv_val, op->o_tmpmemctx );
1147 op->o_tmpfree( vrf->vrf_sub, op->o_tmpmemctx );
1150 case LDAP_FILTER_EXT:
1151 mra_free( op, vrf->vrf_mra, 1 );
1154 case SLAPD_FILTER_COMPUTED:
1159 LDAP_LOG( FILTER, ERR,
1160 "filter_free: unknown filter type %lu\n", vrf->vrf_choice, 0, 0 );
1162 Debug( LDAP_DEBUG_ANY, "filter_free: unknown filter type=%lu\n",
1163 vrf->vrf_choice, 0, 0 );
1168 op->o_tmpfree( vrf, op->o_tmpmemctx );
1173 vrFilter2bv( Operation *op, ValuesReturnFilter *vrf, struct berval *fstr )
1175 ValuesReturnFilter *p;
1179 if ( vrf == NULL ) {
1180 ber_str2bv_x( "No filter!", sizeof("No filter!")-1, 1, fstr, op->o_tmpmemctx );
1184 fstr->bv_len = sizeof("()") - 1;
1185 fstr->bv_val = op->o_tmpalloc( fstr->bv_len + 128, op->o_tmpmemctx );
1187 snprintf( fstr->bv_val, fstr->bv_len + 1, "()");
1189 for ( p = vrf; p != NULL; p = p->vrf_next ) {
1192 simple_vrFilter2bv( op, p, &tmp );
1194 fstr->bv_len += tmp.bv_len;
1195 fstr->bv_val = op->o_tmprealloc( fstr->bv_val, fstr->bv_len + 1, op->o_tmpmemctx );
1197 snprintf( &fstr->bv_val[len-1], tmp.bv_len + 2,
1198 /*"("*/ "%s)", tmp.bv_val );
1200 op->o_tmpfree( tmp.bv_val, op->o_tmpmemctx );
1205 simple_vrFilter2bv( Operation *op, ValuesReturnFilter *vrf, struct berval *fstr )
1210 if ( vrf == NULL ) {
1211 ber_str2bv_x( "No filter!", sizeof("No filter!")-1, 1, fstr, op->o_tmpmemctx );
1215 switch ( vrf->vrf_choice ) {
1216 case LDAP_FILTER_EQUALITY:
1217 filter_escape_value_x( &vrf->vrf_av_value, &tmp, op->o_tmpmemctx );
1219 fstr->bv_len = vrf->vrf_av_desc->ad_cname.bv_len +
1220 tmp.bv_len + ( sizeof("(=)") - 1 );
1221 fstr->bv_val = op->o_tmpalloc( fstr->bv_len + 1, op->o_tmpmemctx );
1223 snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s=%s)",
1224 vrf->vrf_av_desc->ad_cname.bv_val,
1227 ber_memfree_x( tmp.bv_val, op->o_tmpmemctx );
1230 case LDAP_FILTER_GE:
1231 filter_escape_value_x( &vrf->vrf_av_value, &tmp, op->o_tmpmemctx );
1233 fstr->bv_len = vrf->vrf_av_desc->ad_cname.bv_len +
1234 tmp.bv_len + ( sizeof("(>=)") - 1 );
1235 fstr->bv_val = op->o_tmpalloc( fstr->bv_len + 1, op->o_tmpmemctx );
1237 snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s>=%s)",
1238 vrf->vrf_av_desc->ad_cname.bv_val,
1241 ber_memfree_x( tmp.bv_val, op->o_tmpmemctx );
1244 case LDAP_FILTER_LE:
1245 filter_escape_value_x( &vrf->vrf_av_value, &tmp, op->o_tmpmemctx );
1247 fstr->bv_len = vrf->vrf_av_desc->ad_cname.bv_len +
1248 tmp.bv_len + ( sizeof("(<=)") - 1 );
1249 fstr->bv_val = op->o_tmpalloc( fstr->bv_len + 1, op->o_tmpmemctx );
1251 snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s<=%s)",
1252 vrf->vrf_av_desc->ad_cname.bv_val,
1255 ber_memfree_x( tmp.bv_val, op->o_tmpmemctx );
1258 case LDAP_FILTER_APPROX:
1259 filter_escape_value_x( &vrf->vrf_av_value, &tmp, op->o_tmpmemctx );
1261 fstr->bv_len = vrf->vrf_av_desc->ad_cname.bv_len +
1262 tmp.bv_len + ( sizeof("(~=)") - 1 );
1263 fstr->bv_val = op->o_tmpalloc( fstr->bv_len + 1, op->o_tmpmemctx );
1265 snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s~=%s)",
1266 vrf->vrf_av_desc->ad_cname.bv_val,
1268 ber_memfree_x( tmp.bv_val, op->o_tmpmemctx );
1271 case LDAP_FILTER_SUBSTRINGS:
1272 fstr->bv_len = vrf->vrf_sub_desc->ad_cname.bv_len +
1273 ( sizeof("(=*)") - 1 );
1274 fstr->bv_val = op->o_tmpalloc( fstr->bv_len + 128, op->o_tmpmemctx );
1276 snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s=*)",
1277 vrf->vrf_sub_desc->ad_cname.bv_val );
1279 if ( vrf->vrf_sub_initial.bv_val != NULL ) {
1282 filter_escape_value_x( &vrf->vrf_sub_initial, &tmp, op->o_tmpmemctx );
1284 fstr->bv_len += tmp.bv_len;
1285 fstr->bv_val = op->o_tmprealloc( fstr->bv_val, fstr->bv_len + 1, op->o_tmpmemctx );
1287 snprintf( &fstr->bv_val[len-2], tmp.bv_len+3,
1288 /* "(attr=" */ "%s*)",
1291 ber_memfree_x( tmp.bv_val, op->o_tmpmemctx );
1294 if ( vrf->vrf_sub_any != NULL ) {
1296 for ( i = 0; vrf->vrf_sub_any[i].bv_val != NULL; i++ ) {
1298 filter_escape_value_x( &vrf->vrf_sub_any[i], &tmp, op->o_tmpmemctx );
1300 fstr->bv_len += tmp.bv_len + 1;
1301 fstr->bv_val = op->o_tmprealloc( fstr->bv_val, fstr->bv_len + 1, op->o_tmpmemctx );
1303 snprintf( &fstr->bv_val[len-1], tmp.bv_len+3,
1304 /* "(attr=[init]*[any*]" */ "%s*)",
1306 ber_memfree_x( tmp.bv_val, op->o_tmpmemctx );
1310 if ( vrf->vrf_sub_final.bv_val != NULL ) {
1313 filter_escape_value_x( &vrf->vrf_sub_final, &tmp, op->o_tmpmemctx );
1315 fstr->bv_len += tmp.bv_len;
1316 fstr->bv_val = op->o_tmprealloc( fstr->bv_val, fstr->bv_len + 1, op->o_tmpmemctx );
1318 snprintf( &fstr->bv_val[len-1], tmp.bv_len+3,
1319 /* "(attr=[init*][any*]" */ "%s)",
1322 ber_memfree_x( tmp.bv_val, op->o_tmpmemctx );
1327 case LDAP_FILTER_PRESENT:
1328 fstr->bv_len = vrf->vrf_desc->ad_cname.bv_len +
1329 ( sizeof("(=*)") - 1 );
1330 fstr->bv_val = op->o_tmpalloc( fstr->bv_len + 1, op->o_tmpmemctx );
1332 snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s=*)",
1333 vrf->vrf_desc->ad_cname.bv_val );
1336 case LDAP_FILTER_EXT: {
1338 filter_escape_value_x( &vrf->vrf_mr_value, &tmp, op->o_tmpmemctx );
1340 if ( vrf->vrf_mr_desc ) {
1341 ad = vrf->vrf_mr_desc->ad_cname;
1347 fstr->bv_len = ad.bv_len +
1348 ( vrf->vrf_mr_dnattrs ? sizeof(":dn")-1 : 0 ) +
1349 ( vrf->vrf_mr_rule_text.bv_len ? vrf->vrf_mr_rule_text.bv_len+1 : 0 ) +
1350 tmp.bv_len + ( sizeof("(:=)") - 1 );
1351 fstr->bv_val = op->o_tmpalloc( fstr->bv_len + 1, op->o_tmpmemctx );
1353 snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s%s%s%s:=%s)",
1355 vrf->vrf_mr_dnattrs ? ":dn" : "",
1356 vrf->vrf_mr_rule_text.bv_len ? ":" : "",
1357 vrf->vrf_mr_rule_text.bv_len ? vrf->vrf_mr_rule_text.bv_val : "",
1360 ber_memfree_x( tmp.bv_val, op->o_tmpmemctx );
1363 case SLAPD_FILTER_COMPUTED:
1365 vrf->vrf_result == LDAP_COMPARE_FALSE ? "(?=false)" :
1366 vrf->vrf_result == LDAP_COMPARE_TRUE ? "(?=true)" :
1367 vrf->vrf_result == SLAPD_COMPARE_UNDEFINED ? "(?=undefined)" :
1369 vrf->vrf_result == LDAP_COMPARE_FALSE ? sizeof("(?=false)")-1 :
1370 vrf->vrf_result == LDAP_COMPARE_TRUE ? sizeof("(?=true)")-1 :
1371 vrf->vrf_result == SLAPD_COMPARE_UNDEFINED ? sizeof("(?=undefined)")-1 :
1372 sizeof("(?=error)")-1,
1373 1, fstr, op->o_tmpmemctx );
1377 ber_str2bv_x( "(?=unknown)", sizeof("(?=unknown)")-1, 1, fstr, op->o_tmpmemctx );
1384 get_substring_vrFilter(
1387 ValuesReturnFilter *vrf,
1393 struct berval value;
1396 *text = "error decoding filter";
1399 LDAP_LOG( FILTER, ENTRY,
1400 "get_substring_filter: conn %d begin\n", op->o_connid, 0, 0 );
1402 Debug( LDAP_DEBUG_FILTER, "begin get_substring_filter\n", 0, 0, 0 );
1404 if ( ber_scanf( ber, "{m" /*}*/, &bv ) == LBER_ERROR ) {
1405 return SLAPD_DISCONNECT;
1408 vrf->vrf_sub = ch_calloc( 1, sizeof(SubstringsAssertion) );
1409 vrf->vrf_sub_desc = NULL;
1410 rc = slap_bv2ad( &bv, &vrf->vrf_sub_desc, text );
1412 if( rc != LDAP_SUCCESS ) {
1414 ch_free( vrf->vrf_sub );
1415 vrf->vrf_choice = SLAPD_FILTER_COMPUTED;
1416 vrf->vrf_result = SLAPD_COMPARE_UNDEFINED;
1417 return LDAP_SUCCESS;
1420 vrf->vrf_sub_initial.bv_val = NULL;
1421 vrf->vrf_sub_any = NULL;
1422 vrf->vrf_sub_final.bv_val = NULL;
1424 for ( tag = ber_first_element( ber, &len, &last ); tag != LBER_DEFAULT;
1425 tag = ber_next_element( ber, &len, last ) )
1429 rc = ber_scanf( ber, "m", &value );
1430 if ( rc == LBER_ERROR ) {
1431 rc = SLAPD_DISCONNECT;
1435 if ( value.bv_val == NULL || value.bv_len == 0 ) {
1436 rc = LDAP_INVALID_SYNTAX;
1441 case LDAP_SUBSTRING_INITIAL:
1442 usage = SLAP_MR_SUBSTR_INITIAL;
1445 case LDAP_SUBSTRING_ANY:
1446 usage = SLAP_MR_SUBSTR_ANY;
1449 case LDAP_SUBSTRING_FINAL:
1450 usage = SLAP_MR_SUBSTR_FINAL;
1454 rc = LDAP_PROTOCOL_ERROR;
1457 LDAP_LOG( FILTER, ERR,
1458 "get_filter_substring: conn %d unknown substring choice=%ld\n",
1459 op->o_connid, (long)tag, 0 );
1461 Debug( LDAP_DEBUG_FILTER,
1462 " unknown substring choice=%ld\n",
1468 /* validate/normalize using equality matching rule validator! */
1469 rc = asserted_value_validate_normalize(
1470 vrf->vrf_sub_desc, vrf->vrf_sub_desc->ad_type->sat_equality,
1471 usage, &value, &bv, text );
1472 if( rc != LDAP_SUCCESS ) {
1478 rc = LDAP_PROTOCOL_ERROR;
1481 case LDAP_SUBSTRING_INITIAL:
1483 LDAP_LOG( FILTER, DETAIL1,
1484 "get_substring_filter: conn %d INITIAL\n",
1485 op->o_connid, 0, 0 );
1487 Debug( LDAP_DEBUG_FILTER, " INITIAL\n", 0, 0, 0 );
1490 if ( vrf->vrf_sub_initial.bv_val != NULL
1491 || vrf->vrf_sub_any != NULL
1492 || vrf->vrf_sub_final.bv_val != NULL )
1494 free( value.bv_val );
1498 vrf->vrf_sub_initial = value;
1501 case LDAP_SUBSTRING_ANY:
1503 LDAP_LOG( FILTER, DETAIL1,
1504 "get_substring_filter: conn %d ANY\n", op->o_connid, 0, 0 );
1506 Debug( LDAP_DEBUG_FILTER, " ANY\n", 0, 0, 0 );
1509 if ( vrf->vrf_sub_final.bv_val != NULL ) {
1510 free( value.bv_val );
1514 ber_bvarray_add( &vrf->vrf_sub_any, &value );
1517 case LDAP_SUBSTRING_FINAL:
1519 LDAP_LOG( FILTER, DETAIL1,
1520 "get_substring_filter: conn %d FINAL\n", op->o_connid, 0, 0 );
1522 Debug( LDAP_DEBUG_FILTER, " FINAL\n", 0, 0, 0 );
1525 if ( vrf->vrf_sub_final.bv_val != NULL ) {
1526 free( value.bv_val );
1530 vrf->vrf_sub_final = value;
1535 LDAP_LOG( FILTER, INFO,
1536 "get_substring_filter: conn %d unknown substring type %ld\n",
1537 op->o_connid, (long)tag, 0 );
1539 Debug( LDAP_DEBUG_FILTER,
1540 " unknown substring type=%ld\n",
1544 free( value.bv_val );
1548 LDAP_LOG( FILTER, INFO,
1549 "get_substring_filter: conn %d error %ld\n",
1550 op->o_connid, (long)rc, 0 );
1552 Debug( LDAP_DEBUG_FILTER, " error=%ld\n",
1555 free( vrf->vrf_sub_initial.bv_val );
1556 ber_bvarray_free( vrf->vrf_sub_any );
1557 free( vrf->vrf_sub_final.bv_val );
1558 ch_free( vrf->vrf_sub );
1564 LDAP_LOG( FILTER, ENTRY,
1565 "get_substring_filter: conn %d exit\n", op->o_connid, 0, 0 );
1567 Debug( LDAP_DEBUG_FILTER, "end get_substring_filter\n", 0, 0, 0 );
1569 return( LDAP_SUCCESS );
projects / openldap / blob