git.sur5r.net Git - openldap/blob - servers/slapd/filter.c

   1 /* filter.c - routines for parsing and dealing with filters */
   2 /* $OpenLDAP$ */
   3 /*
   4  * Copyright 1998-1999 The OpenLDAP Foundation, All Rights Reserved.
   5  * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
   6  */
   7
   8 #include "portable.h"
   9
  10 #include <stdio.h>
  11
  12 #include <ac/socket.h>
  13 #include <ac/string.h>
  14
  15 #include "slap.h"
  16
  17 static int      get_filter_list(Connection *conn, BerElement *ber, Filter **f, char **fstr);
  18 static int      get_substring_filter(Connection *conn, BerElement *ber, Filter *f, char **fstr);
  19
  20 int
  21 get_filter( Connection *conn, BerElement *ber, Filter **filt, char **fstr )
  22 {
  23         ber_len_t       len;
  24         int             err;
  25         Filter          *f;
  26         char            *ftmp;
  27
  28         Debug( LDAP_DEBUG_FILTER, "begin get_filter\n", 0, 0, 0 );
  29
  30         /*
  31          * A filter looks like this coming in:
  32          *      Filter ::= CHOICE {
  33          *              and             [0]     SET OF Filter,
  34          *              or              [1]     SET OF Filter,
  35          *              not             [2]     Filter,
  36          *              equalityMatch   [3]     AttributeValueAssertion,
  37          *              substrings      [4]     SubstringFilter,
  38          *              greaterOrEqual  [5]     AttributeValueAssertion,
  39          *              lessOrEqual     [6]     AttributeValueAssertion,
  40          *              present         [7]     AttributeType,,
  41          *              approxMatch     [8]     AttributeValueAssertion
  42          *              extensibleMatch [9] MatchingRuleAssertion
  43          *      }
  44          *
  45          *      SubstringFilter ::= SEQUENCE {
  46          *              type               AttributeType,
  47          *              SEQUENCE OF CHOICE {
  48          *                      initial          [0] IA5String,
  49          *                      any              [1] IA5String,
  50          *                      final            [2] IA5String
  51          *              }
  52          *      }
  53          *
  54      *  MatchingRuleAssertion ::= SEQUENCE {
  55      *          matchingRule    [1] MatchingRuleId OPTIONAL,
  56      *          type            [2] AttributeDescription OPTIONAL,
  57      *          matchValue      [3] AssertionValue,
  58      *          dnAttributes    [4] BOOLEAN DEFAULT FALSE
  59          *      }
  60          *
  61          */
  62
  63         f = (Filter *) ch_malloc( sizeof(Filter) );
  64         f->f_next = NULL;
  65
  66         err = LDAP_SUCCESS;
  67         *fstr = NULL;
  68         f->f_choice = ber_peek_tag( ber, &len );
  69
  70         switch ( f->f_choice ) {
  71         case LDAP_FILTER_EQUALITY:
  72                 Debug( LDAP_DEBUG_FILTER, "EQUALITY\n", 0, 0, 0 );
  73                 if ( (err = get_ava( ber, &f->f_ava )) == LDAP_SUCCESS ) {
  74                         *fstr = ch_malloc(4 + strlen( f->f_avtype ) +
  75                             f->f_avvalue.bv_len);
  76                         sprintf( *fstr, "(%s=%s)", f->f_avtype,
  77                             f->f_avvalue.bv_val );
  78                 }
  79                 break;
  80
  81         case LDAP_FILTER_SUBSTRINGS:
  82                 Debug( LDAP_DEBUG_FILTER, "SUBSTRINGS\n", 0, 0, 0 );
  83                 err = get_substring_filter( conn, ber, f, fstr );
  84                 break;
  85
  86         case LDAP_FILTER_GE:
  87                 Debug( LDAP_DEBUG_FILTER, "GE\n", 0, 0, 0 );
  88                 if ( (err = get_ava( ber, &f->f_ava )) == LDAP_SUCCESS ) {
  89                         *fstr = ch_malloc(5 + strlen( f->f_avtype ) +
  90                             f->f_avvalue.bv_len);
  91                         sprintf( *fstr, "(%s>=%s)", f->f_avtype,
  92                             f->f_avvalue.bv_val );
  93                 }
  94                 break;
  95
  96         case LDAP_FILTER_LE:
  97                 Debug( LDAP_DEBUG_FILTER, "LE\n", 0, 0, 0 );
  98                 if ( (err = get_ava( ber, &f->f_ava )) == LDAP_SUCCESS ) {
  99                         *fstr = ch_malloc(5 + strlen( f->f_avtype ) +
 100                             f->f_avvalue.bv_len);
 101                         sprintf( *fstr, "(%s<=%s)", f->f_avtype,
 102                             f->f_avvalue.bv_val );
 103                 }
 104                 break;
 105
 106         case LDAP_FILTER_PRESENT:
 107                 Debug( LDAP_DEBUG_FILTER, "PRESENT\n", 0, 0, 0 );
 108                 if ( ber_scanf( ber, "a", &f->f_type ) == LBER_ERROR ) {
 109                         err = -1;
 110                 } else {
 111                         err = LDAP_SUCCESS;
 112                         attr_normalize( f->f_type );
 113                         *fstr = ch_malloc( 5 + strlen( f->f_type ) );
 114                         sprintf( *fstr, "(%s=*)", f->f_type );
 115                 }
 116                 break;
 117
 118         case LDAP_FILTER_APPROX:
 119                 Debug( LDAP_DEBUG_FILTER, "APPROX\n", 0, 0, 0 );
 120                 if ( (err = get_ava( ber, &f->f_ava )) == LDAP_SUCCESS ) {
 121                         *fstr = ch_malloc(5 + strlen( f->f_avtype ) +
 122                             f->f_avvalue.bv_len);
 123                         sprintf( *fstr, "(%s~=%s)", f->f_avtype,
 124                             f->f_avvalue.bv_val );
 125                 }
 126                 break;
 127
 128         case LDAP_FILTER_AND:
 129                 Debug( LDAP_DEBUG_FILTER, "AND\n", 0, 0, 0 );
 130                 if ( (err = get_filter_list( conn, ber, &f->f_and, &ftmp ))
 131                     == LDAP_SUCCESS ) {
 132                         if (ftmp == NULL) ftmp = ch_strdup("");
 133                         *fstr = ch_malloc( 4 + strlen( ftmp ) );
 134                         sprintf( *fstr, "(&%s)", ftmp );
 135                         free( ftmp );
 136                 }
 137                 break;
 138
 139         case LDAP_FILTER_OR:
 140                 Debug( LDAP_DEBUG_FILTER, "OR\n", 0, 0, 0 );
 141                 if ( (err = get_filter_list( conn, ber, &f->f_or, &ftmp ))
 142                     == LDAP_SUCCESS ) {
 143                         if (ftmp == NULL) ftmp = ch_strdup("");
 144                         *fstr = ch_malloc( 4 + strlen( ftmp ) );
 145                         sprintf( *fstr, "(|%s)", ftmp );
 146                         free( ftmp );
 147                 }
 148                 break;
 149
 150         case LDAP_FILTER_NOT:
 151                 Debug( LDAP_DEBUG_FILTER, "NOT\n", 0, 0, 0 );
 152                 (void) ber_skip_tag( ber, &len );
 153                 if ( (err = get_filter( conn, ber, &f->f_not, &ftmp )) == LDAP_SUCCESS ) {
 154                         if (ftmp == NULL) ftmp = ch_strdup("");
 155                         *fstr = ch_malloc( 4 + strlen( ftmp ) );
 156                         sprintf( *fstr, "(!%s)", ftmp );
 157                         free( ftmp );
 158                 }
 159                 break;
 160
 161         case LBER_DEFAULT:
 162                 Debug( LDAP_DEBUG_ANY, "decoding filter error\n",
 163                        0, 0, 0 );
 164                 err = -1;
 165                 break;
 166
 167         default:
 168                 Debug( LDAP_DEBUG_ANY, "unknown filter type %lu\n",
 169                        f->f_choice, 0, 0 );
 170                 err = LDAP_PROTOCOL_ERROR;
 171                 break;
 172         }
 173
 174         if ( err != LDAP_SUCCESS ) {
 175                 free( (char *) f );
 176                 if ( *fstr != NULL ) {
 177                         free( *fstr );
 178                 }
 179         } else {
 180                 *filt = f;
 181         }
 182
 183         Debug( LDAP_DEBUG_FILTER, "end get_filter %d\n", err, 0, 0 );
 184         return( err );
 185 }
 186
 187 static int
 188 get_filter_list( Connection *conn, BerElement *ber, Filter **f, char **fstr )
 189 {
 190         Filter          **new;
 191         int             err;
 192         ber_tag_t       tag;
 193         ber_len_t       len;
 194         char            *last, *ftmp;
 195
 196         Debug( LDAP_DEBUG_FILTER, "begin get_filter_list\n", 0, 0, 0 );
 197
 198         *fstr = NULL;
 199         new = f;
 200         for ( tag = ber_first_element( ber, &len, &last ); tag != LBER_DEFAULT;
 201             tag = ber_next_element( ber, &len, last ) )
 202         {
 203                 if ( (err = get_filter( conn, ber, new, &ftmp )) != LDAP_SUCCESS )
 204                         return( err );
 205                 if ( *fstr == NULL ) {
 206                         *fstr = ftmp;
 207                 } else {
 208                         *fstr = ch_realloc( *fstr, strlen( *fstr ) +
 209                             strlen( ftmp ) + 1 );
 210                         strcat( *fstr, ftmp );
 211                         free( ftmp );
 212                 }
 213                 new = &(*new)->f_next;
 214         }
 215         *new = NULL;
 216
 217         Debug( LDAP_DEBUG_FILTER, "end get_filter_list\n", 0, 0, 0 );
 218         return( LDAP_SUCCESS );
 219 }
 220
 221 static int
 222 get_substring_filter(
 223     Connection  *conn,
 224     BerElement  *ber,
 225     Filter      *f,
 226     char        **fstr
 227 )
 228 {
 229         ber_tag_t       tag;
 230         ber_len_t       len;
 231         ber_tag_t       rc;
 232         struct berval *val;
 233         char            *last;
 234         int             syntax;
 235
 236         Debug( LDAP_DEBUG_FILTER, "begin get_substring_filter\n", 0, 0, 0 );
 237
 238         if ( ber_scanf( ber, "{a" /*}*/, &f->f_sub_type ) == LBER_ERROR ) {
 239                 return( -1 );
 240         }
 241
 242         attr_normalize( f->f_sub_type );
 243
 244         /* should get real syntax and see if we have a substring matching rule */
 245         syntax = attr_syntax( f->f_sub_type );
 246
 247         f->f_sub_initial = NULL;
 248         f->f_sub_any = NULL;
 249         f->f_sub_final = NULL;
 250
 251         if( fstr ) {
 252                 *fstr = ch_malloc( strlen( f->f_sub_type ) + 3 );
 253                 sprintf( *fstr, "(%s=", f->f_sub_type );
 254         }
 255
 256         for ( tag = ber_first_element( ber, &len, &last ); tag != LBER_DEFAULT;
 257             tag = ber_next_element( ber, &len, last ) )
 258         {
 259                 rc = ber_scanf( ber, "O", &val );
 260                 if ( rc == LBER_ERROR ) {
 261                         return( -1 );
 262                 }
 263                 if ( val == NULL || val->bv_len == 0 ) {
 264                         ber_bvfree( val );
 265                         return( LDAP_INVALID_SYNTAX );
 266                 }
 267
 268                 /* we should call a substring syntax normalization routine */
 269                 value_normalize( val->bv_val, syntax );
 270
 271                 /* this is bogus, value_normalize should take a berval */
 272                 val->bv_len = strlen( val->bv_val );
 273
 274                 switch ( tag ) {
 275                 case LDAP_SUBSTRING_INITIAL:
 276                         Debug( LDAP_DEBUG_FILTER, "  INITIAL\n", 0, 0, 0 );
 277                         if ( f->f_sub_initial != NULL ) {
 278                                 ber_bvfree( val );
 279                                 goto return_error;
 280                         }
 281                         f->f_sub_initial = val;
 282
 283                         if( fstr ) {
 284                                 *fstr = ch_realloc( *fstr,
 285                                         strlen( *fstr ) + val->bv_len + 1 );
 286                                 strcat( *fstr, val->bv_val );
 287                         }
 288                         break;
 289
 290                 case LDAP_SUBSTRING_ANY:
 291                         Debug( LDAP_DEBUG_FILTER, "  ANY\n", 0, 0, 0 );
 292                         charray_add( (char ***) &f->f_sub_any, (char *) val );
 293
 294                         if( fstr ) {
 295                                 *fstr = ch_realloc( *fstr,
 296                                         strlen( *fstr ) + val->bv_len + 2 );
 297                                 strcat( *fstr, "*" );
 298                                 strcat( *fstr, val->bv_val );
 299                         }
 300                         break;
 301
 302                 case LDAP_SUBSTRING_FINAL:
 303                         Debug( LDAP_DEBUG_FILTER, "  FINAL\n", 0, 0, 0 );
 304                         if ( f->f_sub_final != NULL ) {
 305                                 ber_bvfree( val );
 306                                 goto return_error;
 307                         }
 308                         f->f_sub_final = val;
 309
 310                         if( fstr ) {
 311                                 *fstr = ch_realloc( *fstr,
 312                                         strlen( *fstr ) + val->bv_len + 2 );
 313                                 strcat( *fstr, "*" );
 314                                 strcat( *fstr, val->bv_val );
 315                         }
 316                         break;
 317
 318                 default:
 319                         Debug( LDAP_DEBUG_FILTER, "  unknown type\n", tag, 0,
 320                             0 );
 321 return_error:
 322                         if( fstr ) {
 323                                 free( *fstr );
 324                                 *fstr = NULL;
 325                         }
 326
 327                         ch_free( f->f_sub_type );
 328                         ber_bvfree( f->f_sub_initial );
 329                         ber_bvecfree( f->f_sub_any );
 330                         ber_bvfree( f->f_sub_final );
 331                         return( LDAP_PROTOCOL_ERROR );
 332                 }
 333         }
 334
 335         if( fstr ) {
 336                 *fstr = ch_realloc( *fstr, strlen( *fstr ) + 3 );
 337                 if ( f->f_sub_final == NULL ) {
 338                         strcat( *fstr, "*" );
 339                 }
 340                 strcat( *fstr, ")" );
 341         }
 342
 343         Debug( LDAP_DEBUG_FILTER, "end get_substring_filter\n", 0, 0, 0 );
 344         return( LDAP_SUCCESS );
 345 }
 346
 347 void
 348 filter_free( Filter *f )
 349 {
 350         Filter  *p, *next;
 351
 352         if ( f == NULL ) {
 353                 return;
 354         }
 355
 356         switch ( f->f_choice ) {
 357         case LDAP_FILTER_EQUALITY:
 358         case LDAP_FILTER_GE:
 359         case LDAP_FILTER_LE:
 360         case LDAP_FILTER_APPROX:
 361                 ava_free( &f->f_ava, 0 );
 362                 break;
 363
 364         case LDAP_FILTER_SUBSTRINGS:
 365                 if ( f->f_sub_type != NULL ) {
 366                         free( f->f_sub_type );
 367                 }
 368                 if ( f->f_sub_initial != NULL ) {
 369                         ber_bvfree( f->f_sub_initial );
 370                 }
 371                 ber_bvecfree( f->f_sub_any );
 372                 if ( f->f_sub_final != NULL ) {
 373                         ber_bvfree( f->f_sub_final );
 374                 }
 375                 break;
 376
 377         case LDAP_FILTER_PRESENT:
 378                 if ( f->f_type != NULL ) {
 379                         free( f->f_type );
 380                 }
 381                 break;
 382
 383         case LDAP_FILTER_AND:
 384         case LDAP_FILTER_OR:
 385         case LDAP_FILTER_NOT:
 386                 for ( p = f->f_list; p != NULL; p = next ) {
 387                         next = p->f_next;
 388                         filter_free( p );
 389                 }
 390                 break;
 391
 392         default:
 393                 Debug( LDAP_DEBUG_ANY, "unknown filter type %lu\n",
 394                        f->f_choice, 0, 0 );
 395                 break;
 396         }
 397         free( f );
 398 }
 399
 400 #ifdef LDAP_DEBUG
 401
 402 void
 403 filter_print( Filter *f )
 404 {
 405         int     i;
 406         Filter  *p;
 407
 408         if ( f == NULL ) {
 409                 fprintf( stderr, "NULL" );
 410         }
 411
 412         switch ( f->f_choice ) {
 413         case LDAP_FILTER_EQUALITY:
 414                 fprintf( stderr, "(%s=%s)", f->f_ava.ava_type,
 415                     f->f_ava.ava_value.bv_val );
 416                 break;
 417
 418         case LDAP_FILTER_GE:
 419                 fprintf( stderr, "(%s>=%s)", f->f_ava.ava_type,
 420                     f->f_ava.ava_value.bv_val );
 421                 break;
 422
 423         case LDAP_FILTER_LE:
 424                 fprintf( stderr, "(%s<=%s)", f->f_ava.ava_type,
 425                     f->f_ava.ava_value.bv_val );
 426                 break;
 427
 428         case LDAP_FILTER_APPROX:
 429                 fprintf( stderr, "(%s~=%s)", f->f_ava.ava_type,
 430                     f->f_ava.ava_value.bv_val );
 431                 break;
 432
 433         case LDAP_FILTER_SUBSTRINGS:
 434                 fprintf( stderr, "(%s=", f->f_sub_type );
 435                 if ( f->f_sub_initial != NULL ) {
 436                         fprintf( stderr, "%s", f->f_sub_initial->bv_val );
 437                 }
 438                 if ( f->f_sub_any != NULL ) {
 439                         for ( i = 0; f->f_sub_any[i] != NULL; i++ ) {
 440                                 fprintf( stderr, "*%s", f->f_sub_any[i]->bv_val );
 441                         }
 442                 }
 443                 if ( f->f_sub_final != NULL ) {
 444                         fprintf( stderr, "*%s", f->f_sub_final->bv_val );
 445                 }
 446                 break;
 447
 448         case LDAP_FILTER_PRESENT:
 449                 fprintf( stderr, "%s=*", f->f_type );
 450                 break;
 451
 452         case LDAP_FILTER_AND:
 453         case LDAP_FILTER_OR:
 454         case LDAP_FILTER_NOT:
 455                 fprintf( stderr, "(%c", f->f_choice == LDAP_FILTER_AND ? '&' :
 456                     f->f_choice == LDAP_FILTER_OR ? '|' : '!' );
 457                 for ( p = f->f_list; p != NULL; p = p->f_next ) {
 458                         filter_print( p );
 459                 }
 460                 fprintf( stderr, ")" );
 461                 break;
 462
 463         default:
 464                 fprintf( stderr, "unknown type %lu", f->f_choice );
 465                 break;
 466         }
 467 }
 468
 469 #endif /* ldap_debug */