1 /* filter.c - routines for parsing and dealing with filters */
4 * Copyright 1998-2000 The OpenLDAP Foundation, All Rights Reserved.
5 * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
12 #include <ac/socket.h>
13 #include <ac/string.h>
17 static int get_filter_list(
24 static int get_substring_filter(
45 Debug( LDAP_DEBUG_FILTER, "begin get_filter\n", 0, 0, 0 );
48 * A filter looks like this coming in:
50 * and [0] SET OF Filter,
51 * or [1] SET OF Filter,
53 * equalityMatch [3] AttributeValueAssertion,
54 * substrings [4] SubstringFilter,
55 * greaterOrEqual [5] AttributeValueAssertion,
56 * lessOrEqual [6] AttributeValueAssertion,
57 * present [7] AttributeType,,
58 * approxMatch [8] AttributeValueAssertion
59 * extensibleMatch [9] MatchingRuleAssertion
62 * SubstringFilter ::= SEQUENCE {
64 * SEQUENCE OF CHOICE {
65 * initial [0] IA5String,
71 * MatchingRuleAssertion ::= SEQUENCE {
72 * matchingRule [1] MatchingRuleId OPTIONAL,
73 * type [2] AttributeDescription OPTIONAL,
74 * matchValue [3] AssertionValue,
75 * dnAttributes [4] BOOLEAN DEFAULT FALSE
80 tag = ber_peek_tag( ber, &len );
82 if( tag == LBER_ERROR ) {
83 *text = "error decoding filter";
84 return SLAPD_DISCONNECT;
87 f = (Filter *) ch_malloc( sizeof(Filter) );
94 switch ( f->f_choice ) {
95 case LDAP_FILTER_EQUALITY:
96 Debug( LDAP_DEBUG_FILTER, "EQUALITY\n", 0, 0, 0 );
98 #ifdef SLAPD_SCHEMA_NOT_COMPAT
99 err = get_ava( ber, &f->f_ava, SLAP_MR_EQUALITY, text );
101 err = get_ava( ber, &f->f_ava, text );
103 if ( err != LDAP_SUCCESS ) {
107 #ifdef SLAPD_SCHEMA_NOT_COMPAT
108 assert( f->f_ava != NULL );
110 *fstr = ch_malloc( sizeof("(=)")
111 + f->f_av_desc->ad_cname->bv_len
112 + f->f_av_value->bv_len );
114 sprintf( *fstr, "(%s=%s)",
115 f->f_av_desc->ad_cname->bv_val,
116 f->f_av_value->bv_val );
119 *fstr = ch_malloc( sizeof("(=)")
120 + strlen( f->f_avtype )
121 + f->f_avvalue.bv_len);
122 sprintf( *fstr, "(%s=%s)", f->f_avtype,
123 f->f_avvalue.bv_val );
127 case LDAP_FILTER_SUBSTRINGS:
128 Debug( LDAP_DEBUG_FILTER, "SUBSTRINGS\n", 0, 0, 0 );
129 err = get_substring_filter( conn, ber, f, fstr, text );
133 Debug( LDAP_DEBUG_FILTER, "GE\n", 0, 0, 0 );
135 #ifdef SLAPD_SCHEMA_NOT_COMPAT
136 err = get_ava( ber, &f->f_ava, SLAP_MR_ORDERING, text );
138 err = get_ava( ber, &f->f_ava, text );
140 if ( err != LDAP_SUCCESS ) {
144 #ifdef SLAPD_SCHEMA_NOT_COMPAT
145 *fstr = ch_malloc( sizeof("(>=)")
146 + f->f_av_desc->ad_cname->bv_len
147 + f->f_av_value->bv_len );
149 sprintf( *fstr, "(%s>=%s)",
150 f->f_av_desc->ad_cname->bv_val,
151 f->f_av_value->bv_val );
154 *fstr = ch_malloc( sizeof("(>=)")
155 + strlen( f->f_avtype )
156 + f->f_avvalue.bv_len);
157 sprintf( *fstr, "(%s>=%s)", f->f_avtype,
158 f->f_avvalue.bv_val );
163 Debug( LDAP_DEBUG_FILTER, "LE\n", 0, 0, 0 );
165 #ifdef SLAPD_SCHEMA_NOT_COMPAT
166 err = get_ava( ber, &f->f_ava, SLAP_MR_ORDERING, text );
168 err = get_ava( ber, &f->f_ava, text );
170 if ( err != LDAP_SUCCESS ) {
175 #ifdef SLAPD_SCHEMA_NOT_COMPAT
176 *fstr = ch_malloc( sizeof("(<=)")
177 + f->f_av_desc->ad_cname->bv_len
178 + f->f_av_value->bv_len );
180 sprintf( *fstr, "(%s<=%s)",
181 f->f_av_desc->ad_cname->bv_val,
182 f->f_av_value->bv_val );
185 *fstr = ch_malloc( sizeof("(<=)")
186 + strlen( f->f_avtype )
187 + f->f_avvalue.bv_len);
188 sprintf( *fstr, "(%s<=%s)", f->f_avtype,
189 f->f_avvalue.bv_val );
193 case LDAP_FILTER_PRESENT: {
196 Debug( LDAP_DEBUG_FILTER, "PRESENT\n", 0, 0, 0 );
198 if ( ber_scanf( ber, "o", &type ) == LBER_ERROR ) {
199 err = SLAPD_DISCONNECT;
200 *text = "error decoding filter";
204 #ifdef SLAPD_SCHEMA_NOT_COMPAT
206 err = slap_bv2ad( &type, &f->f_desc, text );
208 if( err != LDAP_SUCCESS ) {
209 ch_free( type.bv_val );
213 ch_free( type.bv_val );
215 *fstr = ch_malloc( sizeof("(=*)")
216 + f->f_desc->ad_cname->bv_len );
217 sprintf( *fstr, "(%s=*)",
218 f->f_desc->ad_cname->bv_val );
221 f->f_type = type.bv_val;
223 attr_normalize( f->f_type );
224 *fstr = ch_malloc( sizeof("(=*)")
225 + strlen( f->f_type ) );
226 sprintf( *fstr, "(%s=*)", f->f_type );
230 case LDAP_FILTER_APPROX:
231 Debug( LDAP_DEBUG_FILTER, "APPROX\n", 0, 0, 0 );
233 #ifdef SLAPD_SCHEMA_NOT_COMPAT
234 err = get_ava( ber, &f->f_ava, SLAP_MR_EQUALITY_APPROX, text );
236 err = get_ava( ber, &f->f_ava, text );
238 if ( err != LDAP_SUCCESS ) {
242 #ifdef SLAPD_SCHEMA_NOT_COMPAT
243 *fstr = ch_malloc( sizeof("(~=)")
244 + f->f_av_desc->ad_cname->bv_len
245 + f->f_av_value->bv_len );
247 sprintf( *fstr, "(%s~=%s)",
248 f->f_av_desc->ad_cname->bv_val,
249 f->f_av_value->bv_val );
252 *fstr = ch_malloc( sizeof("(~=)")
253 + strlen( f->f_avtype )
254 + f->f_avvalue.bv_len);
255 sprintf( *fstr, "(%s~=%s)", f->f_avtype,
256 f->f_avvalue.bv_val );
260 case LDAP_FILTER_AND:
261 Debug( LDAP_DEBUG_FILTER, "AND\n", 0, 0, 0 );
262 err = get_filter_list( conn, ber, &f->f_and, &ftmp, text );
263 if ( err != LDAP_SUCCESS ) {
266 *fstr = ch_malloc( sizeof("(&)")
267 + ( ftmp == NULL ? 0 : strlen( ftmp ) ) );
268 sprintf( *fstr, "(&%s)",
269 ftmp == NULL ? "" : ftmp );
273 Debug( LDAP_DEBUG_FILTER, "OR\n", 0, 0, 0 );
274 err = get_filter_list( conn, ber, &f->f_and, &ftmp, text );
275 if ( err != LDAP_SUCCESS ) {
278 *fstr = ch_malloc( sizeof("(!)")
279 + ( ftmp == NULL ? 0 : strlen( ftmp ) ) );
280 sprintf( *fstr, "(|%s)",
281 ftmp == NULL ? "" : ftmp );
284 case LDAP_FILTER_NOT:
285 Debug( LDAP_DEBUG_FILTER, "NOT\n", 0, 0, 0 );
286 (void) ber_skip_tag( ber, &len );
287 err = get_filter( conn, ber, &f->f_not, &ftmp, text );
288 if ( err != LDAP_SUCCESS ) {
291 *fstr = ch_malloc( sizeof("(!)")
292 + ( ftmp == NULL ? 0 : strlen( ftmp ) ) );
293 sprintf( *fstr, "(!%s)",
294 ftmp == NULL ? "" : ftmp );
297 case LDAP_FILTER_EXT:
298 /* not yet implemented */
299 Debug( LDAP_DEBUG_ANY, "extensible match not yet implemented.\n",
301 f->f_choice = SLAPD_FILTER_COMPUTED;
302 f->f_result = SLAPD_COMPARE_UNDEFINED;
303 *fstr = ch_strdup( "(extended)" );
307 Debug( LDAP_DEBUG_ANY, "get_filter: unknown filter type=%lu\n",
309 f->f_choice = SLAPD_FILTER_COMPUTED;
310 f->f_result = SLAPD_COMPARE_UNDEFINED;
311 *fstr = ch_strdup( "(undefined)" );
317 if ( err != LDAP_SUCCESS ) {
318 if ( *fstr != NULL ) {
322 if( err != SLAPD_DISCONNECT ) {
324 f->f_choice = SLAPD_FILTER_COMPUTED;
325 f->f_result = SLAPD_COMPARE_UNDEFINED;
326 *fstr = ch_strdup( "(badfilter)" );
337 Debug( LDAP_DEBUG_FILTER, "end get_filter %d\n", err, 0, 0 );
342 get_filter_list( Connection *conn, BerElement *ber,
343 Filter **f, char **fstr,
352 Debug( LDAP_DEBUG_FILTER, "begin get_filter_list\n", 0, 0, 0 );
356 for ( tag = ber_first_element( ber, &len, &last ); tag != LBER_DEFAULT;
357 tag = ber_next_element( ber, &len, last ) )
359 err = get_filter( conn, ber, new, &ftmp, text );
360 if ( err != LDAP_SUCCESS )
363 if ( *fstr == NULL ) {
366 *fstr = ch_realloc( *fstr, strlen( *fstr ) +
367 strlen( ftmp ) + 1 );
368 strcat( *fstr, ftmp );
371 new = &(*new)->f_next;
375 Debug( LDAP_DEBUG_FILTER, "end get_filter_list\n", 0, 0, 0 );
376 return( LDAP_SUCCESS );
380 get_substring_filter(
391 struct berval *value;
394 #ifdef SLAPD_SCHEMA_NOT_COMPAT
395 struct berval *nvalue;
399 *text = "error decoding filter";
401 Debug( LDAP_DEBUG_FILTER, "begin get_substring_filter\n", 0, 0, 0 );
403 if ( ber_scanf( ber, "{o" /*}*/, &type ) == LBER_ERROR ) {
404 return SLAPD_DISCONNECT;
407 #ifdef SLAPD_SCHEMA_NOT_COMPAT
408 f->f_sub_desc = NULL;
409 rc = slap_bv2ad( &type, &f->f_sub_desc, text );
411 ch_free( type.bv_val );
413 if( rc != LDAP_SUCCESS ) {
415 f->f_choice = SLAPD_FILTER_COMPUTED;
416 f->f_result = SLAPD_COMPARE_UNDEFINED;
417 *fstr = ch_strdup( "(undefined)" );
421 f->f_sub_type = type.bv_val;
422 attr_normalize( f->f_sub_type );
424 /* should get real syntax and see if we have a substring matching rule */
425 syntax = attr_syntax( f->f_sub_type );
428 f->f_sub_initial = NULL;
430 f->f_sub_final = NULL;
432 #ifdef SLAPD_SCHEMA_NOT_COMPAT
434 *fstr = ch_malloc( sizeof("(=" /*)*/) +
435 f->f_sub_desc->ad_cname->bv_len );
436 sprintf( *fstr, "(%s=" /*)*/, f->f_sub_desc->ad_cname->bv_val );
440 *fstr = ch_malloc( strlen( f->f_sub_type ) + 3 );
441 sprintf( *fstr, "(%s=" /*)*/, f->f_sub_type );
445 for ( tag = ber_first_element( ber, &len, &last ); tag != LBER_DEFAULT;
446 tag = ber_next_element( ber, &len, last ) )
448 #ifdef SLAPD_SCHEMA_NOT_COMPAT
452 rc = ber_scanf( ber, "O", &value );
453 if ( rc == LBER_ERROR ) {
454 rc = SLAPD_DISCONNECT;
458 if ( value == NULL || value->bv_len == 0 ) {
460 rc = LDAP_INVALID_SYNTAX;
464 #ifdef SLAPD_SCHEMA_NOT_COMPAT
466 case LDAP_SUBSTRING_INITIAL:
467 usage = SLAP_MR_SUBSTR_INITIAL;
470 case LDAP_SUBSTRING_ANY:
471 usage = SLAP_MR_SUBSTR_ANY;
474 case LDAP_SUBSTRING_FINAL:
475 usage = SLAP_MR_SUBSTR_FINAL;
479 rc = LDAP_PROTOCOL_ERROR;
481 Debug( LDAP_DEBUG_FILTER,
482 " unknown substring choice=%ld\n",
489 rc = value_normalize( f->f_sub_desc, usage, value, &nvalue, text );
492 if( rc != LDAP_SUCCESS ) {
499 /* we should call a substring syntax normalization routine */
500 value_normalize( value->bv_val, syntax );
501 /* this is bogus, value_normalize should take a berval */
502 value->bv_len = strlen( value->bv_val );
505 rc = LDAP_PROTOCOL_ERROR;
508 case LDAP_SUBSTRING_INITIAL:
509 Debug( LDAP_DEBUG_FILTER, " INITIAL\n", 0, 0, 0 );
510 if ( f->f_sub_initial != NULL ) {
515 f->f_sub_initial = value;
518 *fstr = ch_realloc( *fstr,
519 strlen( *fstr ) + value->bv_len + 1 );
520 strcat( *fstr, value->bv_val );
524 case LDAP_SUBSTRING_ANY:
525 Debug( LDAP_DEBUG_FILTER, " ANY\n", 0, 0, 0 );
526 if( ber_bvecadd( &f->f_sub_any, value ) < 0 ) {
532 *fstr = ch_realloc( *fstr,
533 strlen( *fstr ) + value->bv_len + 2 );
534 strcat( *fstr, "*" );
535 strcat( *fstr, value->bv_val );
539 case LDAP_SUBSTRING_FINAL:
540 Debug( LDAP_DEBUG_FILTER, " FINAL\n", 0, 0, 0 );
541 if ( f->f_sub_final != NULL ) {
545 f->f_sub_final = value;
548 *fstr = ch_realloc( *fstr,
549 strlen( *fstr ) + value->bv_len + 2 );
550 strcat( *fstr, "*" );
551 strcat( *fstr, value->bv_val );
556 Debug( LDAP_DEBUG_FILTER,
557 " unknown substring type=%ld\n",
563 Debug( LDAP_DEBUG_FILTER, " error=%ld\n",
571 #ifdef SLAPD_SCHEMA_NOT_COMPAT
572 ad_free( f->f_sub_desc, 1 );
574 ch_free( f->f_sub_type );
576 ber_bvfree( f->f_sub_initial );
577 ber_bvecfree( f->f_sub_any );
578 ber_bvfree( f->f_sub_final );
584 *fstr = ch_realloc( *fstr, strlen( *fstr ) + 3 );
585 if ( f->f_sub_final == NULL ) {
586 strcat( *fstr, "*" );
588 strcat( *fstr, /*(*/ ")" );
591 Debug( LDAP_DEBUG_FILTER, "end get_substring_filter\n", 0, 0, 0 );
592 return( LDAP_SUCCESS );
596 filter_free( Filter *f )
604 switch ( f->f_choice ) {
605 case LDAP_FILTER_PRESENT:
606 #ifdef SLAPD_SCHEMA_NOT_COMPAT
607 ad_free( f->f_desc, 1 );
609 if ( f->f_type != NULL ) {
615 case LDAP_FILTER_EQUALITY:
618 case LDAP_FILTER_APPROX:
619 #ifdef SLAPD_SCHEMA_NOT_COMPAT
620 ava_free( f->f_ava, 1 );
622 ava_free( &f->f_ava, 0 );
626 case LDAP_FILTER_SUBSTRINGS:
627 #ifdef SLAPD_SCHEMA_NOT_COMPAT
628 ad_free( f->f_sub_desc, 1 );
629 if ( f->f_sub_initial != NULL ) {
630 ber_bvfree( f->f_sub_initial );
632 ber_bvecfree( f->f_sub_any );
633 if ( f->f_sub_final != NULL ) {
634 ber_bvfree( f->f_sub_final );
637 if ( f->f_sub_type != NULL ) {
638 free( f->f_sub_type );
640 if ( f->f_sub_initial != NULL ) {
641 ber_bvfree( f->f_sub_initial );
643 ber_bvecfree( f->f_sub_any );
644 if ( f->f_sub_final != NULL ) {
645 ber_bvfree( f->f_sub_final );
650 case LDAP_FILTER_AND:
652 case LDAP_FILTER_NOT:
653 for ( p = f->f_list; p != NULL; p = next ) {
659 case SLAPD_FILTER_COMPUTED:
663 Debug( LDAP_DEBUG_ANY, "filter_free: unknown filter type=%lu\n",
674 filter_print( Filter *f )
680 fprintf( stderr, "No filter!" );
683 switch ( f->f_choice ) {
684 case LDAP_FILTER_EQUALITY:
685 #ifdef SLAPD_SCHEMA_NOT_COMPAT
686 fprintf( stderr, "(%s=%s)",
687 f->f_av_desc->ad_cname->bv_val,
688 f->f_av_value->bv_val );
690 fprintf( stderr, "(%s=%s)",
692 f->f_ava.ava_value.bv_val );
697 #ifdef SLAPD_SCHEMA_NOT_COMPAT
698 fprintf( stderr, "(%s>=%s)",
699 f->f_av_desc->ad_cname->bv_val,
700 f->f_av_value->bv_val );
702 fprintf( stderr, "(%s>=%s)",
704 f->f_ava.ava_value.bv_val );
709 #ifdef SLAPD_SCHEMA_NOT_COMPAT
710 fprintf( stderr, "(%s<=%s)",
711 f->f_ava->aa_desc->ad_cname->bv_val,
712 f->f_ava->aa_value->bv_val );
714 fprintf( stderr, "(%s<=%s)",
716 f->f_ava.ava_value.bv_val );
720 case LDAP_FILTER_APPROX:
721 #ifdef SLAPD_SCHEMA_NOT_COMPAT
722 fprintf( stderr, "(%s~=%s)",
723 f->f_ava->aa_desc->ad_cname->bv_val,
724 f->f_ava->aa_value->bv_val );
726 fprintf( stderr, "(%s~=%s)",
728 f->f_ava.ava_value.bv_val );
732 case LDAP_FILTER_SUBSTRINGS:
733 #ifdef SLAPD_SCHEMA_NOT_COMPAT
734 fprintf( stderr, "(%s=" /*)*/,
735 f->f_sub_desc->ad_cname->bv_val );
737 fprintf( stderr, "(%s=" /*)*/,
740 if ( f->f_sub_initial != NULL ) {
741 fprintf( stderr, "%s",
742 f->f_sub_initial->bv_val );
744 if ( f->f_sub_any != NULL ) {
745 for ( i = 0; f->f_sub_any[i] != NULL; i++ ) {
746 fprintf( stderr, "*%s",
747 f->f_sub_any[i]->bv_val );
750 if ( f->f_sub_final != NULL ) {
752 "*%s", f->f_sub_final->bv_val );
754 fprintf( stderr, /*(*/ ")" );
757 case LDAP_FILTER_PRESENT:
758 #ifdef SLAPD_SCHEMA_NOT_COMPAT
759 fprintf( stderr, "(%s=*)",
760 f->f_desc->ad_cname->bv_val );
762 fprintf( stderr, "(%s=*)",
767 case LDAP_FILTER_AND:
769 case LDAP_FILTER_NOT:
770 fprintf( stderr, "(%c" /*)*/,
771 f->f_choice == LDAP_FILTER_AND ? '&' :
772 f->f_choice == LDAP_FILTER_OR ? '|' : '!' );
773 for ( p = f->f_list; p != NULL; p = p->f_next ) {
776 fprintf( stderr, /*(*/ ")" );
779 case SLAPD_FILTER_COMPUTED:
780 fprintf( stderr, "(?=%s)",
781 f->f_result == LDAP_COMPARE_FALSE ? "false" :
782 f->f_result == LDAP_COMPARE_TRUE ? "true" :
783 f->f_result == SLAPD_COMPARE_UNDEFINED ? "undefined" :
788 fprintf( stderr, "(unknown-filter=%lu)", f->f_choice );
793 #endif /* ldap_debug */