1 /* filter.c - routines for parsing and dealing with filters */
4 * Copyright 1998-2003 The OpenLDAP Foundation, All Rights Reserved.
5 * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
12 #include <ac/socket.h>
13 #include <ac/string.h>
17 static int get_filter_list(
26 SubstringsAssertion **s,
29 static int filter_escape_value_x(
34 static void simple_vrFilter2bv(
36 ValuesReturnFilter *f,
37 struct berval *fstr );
39 static int get_simple_vrFilter(
42 ValuesReturnFilter **f,
58 LDAP_LOG( FILTER, ENTRY, "get_filter: conn %d\n", op->o_connid, 0, 0 );
60 Debug( LDAP_DEBUG_FILTER, "begin get_filter\n", 0, 0, 0 );
63 * A filter looks like this coming in:
65 * and [0] SET OF Filter,
66 * or [1] SET OF Filter,
68 * equalityMatch [3] AttributeValueAssertion,
69 * substrings [4] SubstringFilter,
70 * greaterOrEqual [5] AttributeValueAssertion,
71 * lessOrEqual [6] AttributeValueAssertion,
72 * present [7] AttributeType,,
73 * approxMatch [8] AttributeValueAssertion
74 * extensibleMatch [9] MatchingRuleAssertion
77 * SubstringFilter ::= SEQUENCE {
79 * SEQUENCE OF CHOICE {
80 * initial [0] IA5String,
86 * MatchingRuleAssertion ::= SEQUENCE {
87 * matchingRule [1] MatchingRuleId OPTIONAL,
88 * type [2] AttributeDescription OPTIONAL,
89 * matchValue [3] AssertionValue,
90 * dnAttributes [4] BOOLEAN DEFAULT FALSE
95 tag = ber_peek_tag( ber, &len );
97 if( tag == LBER_ERROR ) {
98 *text = "error decoding filter";
99 return SLAPD_DISCONNECT;
107 switch ( f.f_choice ) {
108 case LDAP_FILTER_EQUALITY:
110 LDAP_LOG( FILTER, DETAIL2,
111 "get_filter: conn %d EQUALITY\n", op->o_connid, 0, 0 );
113 Debug( LDAP_DEBUG_FILTER, "EQUALITY\n", 0, 0, 0 );
115 err = get_ava( op, ber, &f.f_ava, SLAP_MR_EQUALITY, text );
116 if ( err != LDAP_SUCCESS ) {
120 assert( f.f_ava != NULL );
123 case LDAP_FILTER_SUBSTRINGS:
125 LDAP_LOG( FILTER, DETAIL1,
126 "get_filter: conn %d SUBSTRINGS\n", op->o_connid, 0, 0 );
128 Debug( LDAP_DEBUG_FILTER, "SUBSTRINGS\n", 0, 0, 0 );
130 err = get_ssa( op, ber, &f.f_sub, text );
131 if( err != LDAP_SUCCESS ) {
134 assert( f.f_sub != NULL );
139 LDAP_LOG( FILTER, DETAIL1,
140 "get_filter: conn %d GE\n", op->o_connid, 0, 0 );
142 Debug( LDAP_DEBUG_FILTER, "GE\n", 0, 0, 0 );
144 err = get_ava( op, ber, &f.f_ava, SLAP_MR_ORDERING, text );
145 if ( err != LDAP_SUCCESS ) {
148 assert( f.f_ava != NULL );
153 LDAP_LOG( FILTER, DETAIL1,
154 "get_filter: conn %d LE\n", op->o_connid, 0, 0 );
156 Debug( LDAP_DEBUG_FILTER, "LE\n", 0, 0, 0 );
158 err = get_ava( op, ber, &f.f_ava, SLAP_MR_ORDERING, text );
159 if ( err != LDAP_SUCCESS ) {
162 assert( f.f_ava != NULL );
165 case LDAP_FILTER_PRESENT: {
169 LDAP_LOG( FILTER, DETAIL1,
170 "get_filter: conn %d PRESENT\n", op->o_connid, 0, 0 );
172 Debug( LDAP_DEBUG_FILTER, "PRESENT\n", 0, 0, 0 );
174 if ( ber_scanf( ber, "m", &type ) == LBER_ERROR ) {
175 err = SLAPD_DISCONNECT;
176 *text = "error decoding filter";
181 err = slap_bv2ad( &type, &f.f_desc, text );
183 if( err != LDAP_SUCCESS ) {
184 /* unrecognized attribute description or other error */
185 f.f_choice = SLAPD_FILTER_COMPUTED;
186 f.f_result = LDAP_COMPARE_FALSE;
192 assert( f.f_desc != NULL );
195 case LDAP_FILTER_APPROX:
197 LDAP_LOG( FILTER, DETAIL1,
198 "get_filter: conn %d APPROX\n", op->o_connid, 0, 0 );
200 Debug( LDAP_DEBUG_FILTER, "APPROX\n", 0, 0, 0 );
202 err = get_ava( op, ber, &f.f_ava, SLAP_MR_EQUALITY_APPROX, text );
203 if ( err != LDAP_SUCCESS ) {
206 assert( f.f_ava != NULL );
209 case LDAP_FILTER_AND:
211 LDAP_LOG( FILTER, DETAIL1,
212 "get_filter: conn %d AND\n", op->o_connid, 0, 0 );
214 Debug( LDAP_DEBUG_FILTER, "AND\n", 0, 0, 0 );
216 err = get_filter_list( op, ber, &f.f_and, text );
217 if ( err != LDAP_SUCCESS ) {
220 if ( f.f_and == NULL ) {
221 f.f_choice = SLAPD_FILTER_COMPUTED;
222 f.f_result = LDAP_COMPARE_TRUE;
224 /* no assert - list could be empty */
229 LDAP_LOG( FILTER, DETAIL1,
230 "get_filter: conn %d OR\n", op->o_connid, 0, 0 );
232 Debug( LDAP_DEBUG_FILTER, "OR\n", 0, 0, 0 );
234 err = get_filter_list( op, ber, &f.f_or, text );
235 if ( err != LDAP_SUCCESS ) {
238 if ( f.f_or == NULL ) {
239 f.f_choice = SLAPD_FILTER_COMPUTED;
240 f.f_result = LDAP_COMPARE_FALSE;
242 /* no assert - list could be empty */
245 case LDAP_FILTER_NOT:
247 LDAP_LOG( FILTER, DETAIL1,
248 "get_filter: conn %d NOT\n", op->o_connid, 0, 0 );
250 Debug( LDAP_DEBUG_FILTER, "NOT\n", 0, 0, 0 );
252 (void) ber_skip_tag( ber, &len );
253 err = get_filter( op, ber, &f.f_not, text );
254 if ( err != LDAP_SUCCESS ) {
258 assert( f.f_not != NULL );
259 if ( f.f_not->f_choice == SLAPD_FILTER_COMPUTED ) {
260 int fresult = f.f_not->f_result;
261 f.f_choice = SLAPD_FILTER_COMPUTED;
262 op->o_tmpfree( f.f_not, op->o_tmpmemctx );
266 case LDAP_COMPARE_TRUE:
267 f.f_result = LDAP_COMPARE_FALSE;
269 case LDAP_COMPARE_FALSE:
270 f.f_result = LDAP_COMPARE_TRUE;
273 /* (!Undefined) is Undefined */
278 case LDAP_FILTER_EXT:
280 LDAP_LOG( FILTER, DETAIL1,
281 "get_filter: conn %d EXTENSIBLE\n", op->o_connid, 0, 0 );
283 Debug( LDAP_DEBUG_FILTER, "EXTENSIBLE\n", 0, 0, 0 );
286 err = get_mra( op, ber, &f.f_mra, text );
287 if ( err != LDAP_SUCCESS ) {
291 assert( f.f_mra != NULL );
295 (void) ber_scanf( ber, "x" ); /* skip the element */
297 LDAP_LOG( FILTER, ERR,
298 "get_filter: conn %d unknown filter type=%lu\n",
299 op->o_connid, f.f_choice, 0 );
301 Debug( LDAP_DEBUG_ANY, "get_filter: unknown filter type=%lu\n",
304 f.f_choice = SLAPD_FILTER_COMPUTED;
305 f.f_result = SLAPD_COMPARE_UNDEFINED;
309 if( err != LDAP_SUCCESS && err != SLAPD_DISCONNECT ) {
312 f.f_choice = SLAPD_FILTER_COMPUTED;
313 f.f_result = SLAPD_COMPARE_UNDEFINED;
317 if ( err == LDAP_SUCCESS ) {
318 *filt = op->o_tmpalloc( sizeof(f), op->o_tmpmemctx );
323 LDAP_LOG( FILTER, DETAIL2,
324 "get_filter: conn %d exit\n", op->o_connid, 0, 0 );
326 Debug( LDAP_DEBUG_FILTER, "end get_filter %d\n", err, 0, 0 );
333 get_filter_list( Operation *op, BerElement *ber,
344 LDAP_LOG( FILTER, ENTRY,
345 "get_filter_list: conn %d start\n", op->o_connid, 0, 0 );
347 Debug( LDAP_DEBUG_FILTER, "begin get_filter_list\n", 0, 0, 0 );
350 for ( tag = ber_first_element( ber, &len, &last );
352 tag = ber_next_element( ber, &len, last ) )
354 err = get_filter( op, ber, new, text );
355 if ( err != LDAP_SUCCESS )
357 new = &(*new)->f_next;
362 LDAP_LOG( FILTER, ENTRY,
363 "get_filter_list: conn %d exit\n", op->o_connid, 0, 0 );
365 Debug( LDAP_DEBUG_FILTER, "end get_filter_list\n", 0, 0, 0 );
367 return( LDAP_SUCCESS );
374 SubstringsAssertion **out,
380 struct berval desc, value, nvalue;
382 SubstringsAssertion ssa;
384 *text = "error decoding filter";
387 LDAP_LOG( FILTER, ENTRY,
388 "get_ssa: conn %d begin\n", op->o_connid, 0, 0 );
390 Debug( LDAP_DEBUG_FILTER, "begin get_ssa\n", 0, 0, 0 );
392 if ( ber_scanf( ber, "{m" /*}*/, &desc ) == LBER_ERROR ) {
393 return SLAPD_DISCONNECT;
399 ssa.sa_initial.bv_val = NULL;
401 ssa.sa_final.bv_val = NULL;
403 rc = slap_bv2ad( &desc, &ssa.sa_desc, text );
405 if( rc != LDAP_SUCCESS ) {
406 /* skip over the rest of this filter */
407 for ( tag = ber_first_element( ber, &len, &last );
409 tag = ber_next_element( ber, &len, last ) ) {
410 ber_scanf( ber, "x" );
415 rc = LDAP_PROTOCOL_ERROR;
417 for ( tag = ber_first_element( ber, &len, &last );
419 tag = ber_next_element( ber, &len, last ) )
423 rc = ber_scanf( ber, "m", &value );
424 if ( rc == LBER_ERROR ) {
425 rc = SLAPD_DISCONNECT;
429 if ( value.bv_val == NULL || value.bv_len == 0 ) {
430 rc = LDAP_INVALID_SYNTAX;
435 case LDAP_SUBSTRING_INITIAL:
436 usage = SLAP_MR_SUBSTR_INITIAL;
439 case LDAP_SUBSTRING_ANY:
440 usage = SLAP_MR_SUBSTR_ANY;
443 case LDAP_SUBSTRING_FINAL:
444 usage = SLAP_MR_SUBSTR_FINAL;
448 rc = LDAP_PROTOCOL_ERROR;
451 LDAP_LOG( FILTER, ERR,
452 "get_filter_substring: conn %d unknown substring choice=%ld\n",
453 op->o_connid, (long)tag, 0 );
455 Debug( LDAP_DEBUG_FILTER,
456 " unknown substring choice=%ld\n",
463 /* validate/normalize using equality matching rule validator! */
464 rc = asserted_value_validate_normalize(
465 ssa.sa_desc, ssa.sa_desc->ad_type->sat_equality,
466 usage, &value, &nvalue, text, op->o_tmpmemctx );
468 if( rc != LDAP_SUCCESS ) {
472 rc = LDAP_PROTOCOL_ERROR;
475 case LDAP_SUBSTRING_INITIAL:
477 LDAP_LOG( FILTER, DETAIL1,
478 "get_ssa: conn %d INITIAL\n",
479 op->o_connid, 0, 0 );
481 Debug( LDAP_DEBUG_FILTER, " INITIAL\n", 0, 0, 0 );
484 if ( ssa.sa_initial.bv_val != NULL
485 || ssa.sa_any != NULL
486 || ssa.sa_final.bv_val != NULL )
488 sl_free( nvalue.bv_val, op->o_tmpmemctx );
492 ssa.sa_initial = nvalue;
495 case LDAP_SUBSTRING_ANY:
497 LDAP_LOG( FILTER, DETAIL1,
498 "get_ssa: conn %d ANY\n",
499 op->o_connid, 0, 0 );
501 Debug( LDAP_DEBUG_FILTER, " ANY\n", 0, 0, 0 );
504 if ( ssa.sa_final.bv_val != NULL ) {
505 sl_free( nvalue.bv_val, op->o_tmpmemctx );
509 ber_bvarray_add_x( &ssa.sa_any, &nvalue, op->o_tmpmemctx );
512 case LDAP_SUBSTRING_FINAL:
514 LDAP_LOG( FILTER, DETAIL1,
515 "get_ssa: conn %d FINAL\n",
516 op->o_connid, 0, 0 );
518 Debug( LDAP_DEBUG_FILTER, " FINAL\n", 0, 0, 0 );
521 if ( ssa.sa_final.bv_val != NULL ) {
522 sl_free( nvalue.bv_val, op->o_tmpmemctx );
526 ssa.sa_final = nvalue;
531 LDAP_LOG( FILTER, INFO,
532 "get_ssa: conn %d unknown substring type %ld\n",
533 op->o_connid, (long)tag, 0 );
535 Debug( LDAP_DEBUG_FILTER,
536 " unknown substring type=%ld\n",
541 sl_free( nvalue.bv_val, op->o_tmpmemctx );
545 LDAP_LOG( FILTER, INFO,
546 "get_ssa: conn %d error %ld\n",
547 op->o_connid, (long)rc, 0 );
549 Debug( LDAP_DEBUG_FILTER, " error=%ld\n",
552 sl_free( ssa.sa_initial.bv_val, op->o_tmpmemctx );
553 ber_bvarray_free_x( ssa.sa_any, op->o_tmpmemctx );
554 sl_free( ssa.sa_final.bv_val, op->o_tmpmemctx );
561 if( rc == LDAP_SUCCESS ) {
562 *out = op->o_tmpalloc( sizeof( ssa ), op->o_tmpmemctx );
567 LDAP_LOG( FILTER, ENTRY,
568 "get_ssa: conn %d exit\n", op->o_connid, 0, 0 );
570 Debug( LDAP_DEBUG_FILTER, "end get_ssa\n", 0, 0, 0 );
577 filter_free_x( Operation *op, Filter *f )
585 switch ( f->f_choice ) {
586 case LDAP_FILTER_PRESENT:
589 case LDAP_FILTER_EQUALITY:
592 case LDAP_FILTER_APPROX:
593 ava_free( op, f->f_ava, 1 );
596 case LDAP_FILTER_SUBSTRINGS:
597 if ( f->f_sub_initial.bv_val != NULL ) {
598 op->o_tmpfree( f->f_sub_initial.bv_val, op->o_tmpmemctx );
600 ber_bvarray_free_x( f->f_sub_any, op->o_tmpmemctx );
601 if ( f->f_sub_final.bv_val != NULL ) {
602 op->o_tmpfree( f->f_sub_final.bv_val, op->o_tmpmemctx );
604 op->o_tmpfree( f->f_sub, op->o_tmpmemctx );
607 case LDAP_FILTER_AND:
609 case LDAP_FILTER_NOT:
610 for ( p = f->f_list; p != NULL; p = next ) {
612 filter_free_x( op, p );
616 case LDAP_FILTER_EXT:
617 mra_free( op, f->f_mra, 1 );
620 case SLAPD_FILTER_COMPUTED:
625 LDAP_LOG( FILTER, ERR,
626 "filter_free: unknown filter type %lu\n", f->f_choice, 0, 0 );
628 Debug( LDAP_DEBUG_ANY, "filter_free: unknown filter type=%lu\n",
634 op->o_tmpfree( f, op->o_tmpmemctx );
638 filter_free( Filter *f )
642 op.o_tmpmemctx = sl_context( f );
643 op.o_tmpmfuncs = &sl_mfuncs;
644 filter_free_x( &op, f );
648 filter2bv_x( Operation *op, Filter *f, struct berval *fstr )
656 ber_str2bv_x( "No filter!", sizeof("No filter!")-1, 1, fstr, op->o_tmpmemctx );
660 switch ( f->f_choice ) {
661 case LDAP_FILTER_EQUALITY:
662 filter_escape_value_x( &f->f_av_value, &tmp, op->o_tmpmemctx );
664 fstr->bv_len = f->f_av_desc->ad_cname.bv_len +
665 tmp.bv_len + ( sizeof("(=)") - 1 );
666 fstr->bv_val = op->o_tmpalloc( fstr->bv_len + 1, op->o_tmpmemctx );
668 snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s=%s)",
669 f->f_av_desc->ad_cname.bv_val,
672 ber_memfree_x( tmp.bv_val, op->o_tmpmemctx );
676 filter_escape_value_x( &f->f_av_value, &tmp, op->o_tmpmemctx );
678 fstr->bv_len = f->f_av_desc->ad_cname.bv_len +
679 tmp.bv_len + ( sizeof("(>=)") - 1 );
680 fstr->bv_val = op->o_tmpalloc( fstr->bv_len + 1, op->o_tmpmemctx );
682 snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s>=%s)",
683 f->f_av_desc->ad_cname.bv_val,
686 ber_memfree_x( tmp.bv_val, op->o_tmpmemctx );
690 filter_escape_value_x( &f->f_av_value, &tmp, op->o_tmpmemctx );
692 fstr->bv_len = f->f_av_desc->ad_cname.bv_len +
693 tmp.bv_len + ( sizeof("(<=)") - 1 );
694 fstr->bv_val = op->o_tmpalloc( fstr->bv_len + 1, op->o_tmpmemctx );
696 snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s<=%s)",
697 f->f_av_desc->ad_cname.bv_val,
700 ber_memfree_x( tmp.bv_val, op->o_tmpmemctx );
703 case LDAP_FILTER_APPROX:
704 filter_escape_value_x( &f->f_av_value, &tmp, op->o_tmpmemctx );
706 fstr->bv_len = f->f_av_desc->ad_cname.bv_len +
707 tmp.bv_len + ( sizeof("(~=)") - 1 );
708 fstr->bv_val = op->o_tmpalloc( fstr->bv_len + 1, op->o_tmpmemctx );
710 snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s~=%s)",
711 f->f_av_desc->ad_cname.bv_val,
713 ber_memfree_x( tmp.bv_val, op->o_tmpmemctx );
716 case LDAP_FILTER_SUBSTRINGS:
717 fstr->bv_len = f->f_sub_desc->ad_cname.bv_len +
718 ( sizeof("(=*)") - 1 );
719 fstr->bv_val = op->o_tmpalloc( fstr->bv_len + 128, op->o_tmpmemctx );
721 snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s=*)",
722 f->f_sub_desc->ad_cname.bv_val );
724 if ( f->f_sub_initial.bv_val != NULL ) {
727 filter_escape_value_x( &f->f_sub_initial, &tmp, op->o_tmpmemctx );
729 fstr->bv_len += tmp.bv_len;
730 fstr->bv_val = op->o_tmprealloc( fstr->bv_val, fstr->bv_len + 1, op->o_tmpmemctx );
732 snprintf( &fstr->bv_val[len-2], tmp.bv_len+3,
733 /* "(attr=" */ "%s*)",
736 ber_memfree_x( tmp.bv_val, op->o_tmpmemctx );
739 if ( f->f_sub_any != NULL ) {
740 for ( i = 0; f->f_sub_any[i].bv_val != NULL; i++ ) {
742 filter_escape_value_x( &f->f_sub_any[i], &tmp, op->o_tmpmemctx );
744 fstr->bv_len += tmp.bv_len + 1;
745 fstr->bv_val = op->o_tmprealloc( fstr->bv_val, fstr->bv_len + 1, op->o_tmpmemctx );
747 snprintf( &fstr->bv_val[len-1], tmp.bv_len+3,
748 /* "(attr=[init]*[any*]" */ "%s*)",
750 ber_memfree_x( tmp.bv_val, op->o_tmpmemctx );
754 if ( f->f_sub_final.bv_val != NULL ) {
757 filter_escape_value_x( &f->f_sub_final, &tmp, op->o_tmpmemctx );
759 fstr->bv_len += tmp.bv_len;
760 fstr->bv_val = op->o_tmprealloc( fstr->bv_val, fstr->bv_len + 1, op->o_tmpmemctx );
762 snprintf( &fstr->bv_val[len-1], tmp.bv_len+3,
763 /* "(attr=[init*][any*]" */ "%s)",
766 ber_memfree_x( tmp.bv_val, op->o_tmpmemctx );
771 case LDAP_FILTER_PRESENT:
772 fstr->bv_len = f->f_desc->ad_cname.bv_len +
773 ( sizeof("(=*)") - 1 );
774 fstr->bv_val = op->o_tmpalloc( fstr->bv_len + 1, op->o_tmpmemctx );
776 snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s=*)",
777 f->f_desc->ad_cname.bv_val );
780 case LDAP_FILTER_AND:
782 case LDAP_FILTER_NOT:
783 fstr->bv_len = sizeof("(%)") - 1;
784 fstr->bv_val = op->o_tmpalloc( fstr->bv_len + 128, op->o_tmpmemctx );
786 snprintf( fstr->bv_val, fstr->bv_len + 1, "(%c)",
787 f->f_choice == LDAP_FILTER_AND ? '&' :
788 f->f_choice == LDAP_FILTER_OR ? '|' : '!' );
790 for ( p = f->f_list; p != NULL; p = p->f_next ) {
793 filter2bv_x( op, p, &tmp );
795 fstr->bv_len += tmp.bv_len;
796 fstr->bv_val = op->o_tmprealloc( fstr->bv_val, fstr->bv_len + 1, op->o_tmpmemctx );
798 snprintf( &fstr->bv_val[len-1], tmp.bv_len + 2,
799 /*"("*/ "%s)", tmp.bv_val );
801 op->o_tmpfree( tmp.bv_val, op->o_tmpmemctx );
806 case LDAP_FILTER_EXT: {
808 filter_escape_value_x( &f->f_mr_value, &tmp, op->o_tmpmemctx );
810 if ( f->f_mr_desc ) {
811 ad = f->f_mr_desc->ad_cname;
817 fstr->bv_len = ad.bv_len +
818 ( f->f_mr_dnattrs ? sizeof(":dn")-1 : 0 ) +
819 ( f->f_mr_rule_text.bv_len ? f->f_mr_rule_text.bv_len+1 : 0 ) +
820 tmp.bv_len + ( sizeof("(:=)") - 1 );
821 fstr->bv_val = op->o_tmpalloc( fstr->bv_len + 1, op->o_tmpmemctx );
823 snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s%s%s%s:=%s)",
825 f->f_mr_dnattrs ? ":dn" : "",
826 f->f_mr_rule_text.bv_len ? ":" : "",
827 f->f_mr_rule_text.bv_len ? f->f_mr_rule_text.bv_val : "",
829 ber_memfree_x( tmp.bv_val, op->o_tmpmemctx );
832 case SLAPD_FILTER_COMPUTED:
834 f->f_result == LDAP_COMPARE_FALSE ? "(?=false)" :
835 f->f_result == LDAP_COMPARE_TRUE ? "(?=true)" :
836 f->f_result == SLAPD_COMPARE_UNDEFINED ? "(?=undefined)" :
838 f->f_result == LDAP_COMPARE_FALSE ? sizeof("(?=false)")-1 :
839 f->f_result == LDAP_COMPARE_TRUE ? sizeof("(?=true)")-1 :
840 f->f_result == SLAPD_COMPARE_UNDEFINED ? sizeof("(?=undefined)")-1 :
841 sizeof("(?=error)")-1,
842 1, fstr, op->o_tmpmemctx );
846 ber_str2bv_x( "(?=unknown)", sizeof("(?=unknown)")-1,
847 1, fstr, op->o_tmpmemctx );
853 filter2bv( Filter *f, struct berval *fstr )
856 op.o_tmpmemctx = NULL;
857 op.o_tmpmfuncs = &ch_mfuncs;
859 filter2bv_x( &op, f, fstr );
863 filter_escape_value_x(
872 i = in->bv_len * 3 + 1;
873 out->bv_val = ctx ? sl_malloc( i, ctx ) : ch_malloc( i );
876 for( i=0; i < in->bv_len ; i++ ) {
877 if( FILTER_ESCAPE(in->bv_val[i]) ) {
878 out->bv_val[out->bv_len++] = SLAP_ESCAPE_CHAR;
879 out->bv_val[out->bv_len++] = SLAP_ESCAPE_HI( in->bv_val[i] );
880 out->bv_val[out->bv_len++] = SLAP_ESCAPE_LO( in->bv_val[i] );
882 out->bv_val[out->bv_len++] = in->bv_val[i];
886 out->bv_val[out->bv_len] = '\0';
895 return filter_escape_value_x( in, out, NULL );
902 ValuesReturnFilter **filt,
908 ValuesReturnFilter vrf;
911 LDAP_LOG( FILTER, ENTRY,
912 "get_simple_vrFilter: conn %d\n", op->o_connid, 0, 0 );
914 Debug( LDAP_DEBUG_FILTER, "begin get_simple_vrFilter\n", 0, 0, 0 );
917 tag = ber_peek_tag( ber, &len );
919 if( tag == LBER_ERROR ) {
920 *text = "error decoding filter";
921 return SLAPD_DISCONNECT;
927 vrf.vrf_choice = tag;
929 switch ( vrf.vrf_choice ) {
930 case LDAP_FILTER_EQUALITY:
932 LDAP_LOG( FILTER, DETAIL2,
933 "get_simple_vrFilter: conn %d EQUALITY\n", op->o_connid, 0, 0 );
935 Debug( LDAP_DEBUG_FILTER, "EQUALITY\n", 0, 0, 0 );
937 err = get_ava( op, ber, &vrf.vrf_ava, SLAP_MR_EQUALITY, text );
938 if ( err != LDAP_SUCCESS ) {
942 assert( vrf.vrf_ava != NULL );
945 case LDAP_FILTER_SUBSTRINGS:
947 LDAP_LOG( FILTER, DETAIL1,
948 "get_simple_vrFilter: conn %d SUBSTRINGS\n", op->o_connid, 0, 0 );
950 Debug( LDAP_DEBUG_FILTER, "SUBSTRINGS\n", 0, 0, 0 );
952 err = get_ssa( op, ber, &vrf.vrf_sub, text );
957 LDAP_LOG( FILTER, DETAIL1,
958 "get_simple_vrFilter: conn %d GE\n", op->o_connid, 0, 0 );
960 Debug( LDAP_DEBUG_FILTER, "GE\n", 0, 0, 0 );
962 err = get_ava( op, ber, &vrf.vrf_ava, SLAP_MR_ORDERING, text );
963 if ( err != LDAP_SUCCESS ) {
970 LDAP_LOG( FILTER, DETAIL1,
971 "get_simple_vrFilter: conn %d LE\n", op->o_connid, 0, 0 );
973 Debug( LDAP_DEBUG_FILTER, "LE\n", 0, 0, 0 );
975 err = get_ava( op, ber, &vrf.vrf_ava, SLAP_MR_ORDERING, text );
976 if ( err != LDAP_SUCCESS ) {
981 case LDAP_FILTER_PRESENT: {
985 LDAP_LOG( FILTER, DETAIL1,
986 "get_simple_vrFilter: conn %d PRESENT\n", op->o_connid, 0, 0 );
988 Debug( LDAP_DEBUG_FILTER, "PRESENT\n", 0, 0, 0 );
990 if ( ber_scanf( ber, "m", &type ) == LBER_ERROR ) {
991 err = SLAPD_DISCONNECT;
992 *text = "error decoding filter";
997 err = slap_bv2ad( &type, &vrf.vrf_desc, text );
999 if( err != LDAP_SUCCESS ) {
1000 /* unrecognized attribute description or other error */
1001 vrf.vrf_choice = SLAPD_FILTER_COMPUTED;
1002 vrf.vrf_result = LDAP_COMPARE_FALSE;
1008 case LDAP_FILTER_APPROX:
1010 LDAP_LOG( FILTER, DETAIL1,
1011 "get_simple_vrFilter: conn %d APPROX\n", op->o_connid, 0, 0 );
1013 Debug( LDAP_DEBUG_FILTER, "APPROX\n", 0, 0, 0 );
1015 err = get_ava( op, ber, &vrf.vrf_ava, SLAP_MR_EQUALITY_APPROX, text );
1016 if ( err != LDAP_SUCCESS ) {
1021 case LDAP_FILTER_EXT:
1023 LDAP_LOG( FILTER, DETAIL1,
1024 "get_simple_vrFilter: conn %d EXTENSIBLE\n", op->o_connid, 0, 0 );
1026 Debug( LDAP_DEBUG_FILTER, "EXTENSIBLE\n", 0, 0, 0 );
1029 err = get_mra( op, ber, &vrf.vrf_mra, text );
1030 if ( err != LDAP_SUCCESS ) {
1034 assert( vrf.vrf_mra != NULL );
1038 (void) ber_scanf( ber, "x" ); /* skip the element */
1040 LDAP_LOG( FILTER, ERR,
1041 "get_simple_vrFilter: conn %d unknown filter type=%lu\n",
1042 op->o_connid, vrf.vrf_choice, 0 );
1044 Debug( LDAP_DEBUG_ANY, "get_simple_vrFilter: unknown filter type=%lu\n",
1045 vrf.vrf_choice, 0, 0 );
1047 vrf.vrf_choice = SLAPD_FILTER_COMPUTED;
1048 vrf.vrf_result = SLAPD_COMPARE_UNDEFINED;
1052 if ( err != LDAP_SUCCESS && err != SLAPD_DISCONNECT ) {
1054 vrf.vrf_choice = SLAPD_FILTER_COMPUTED;
1055 vrf.vrf_result = SLAPD_COMPARE_UNDEFINED;
1059 if ( err == LDAP_SUCCESS ) {
1060 *filt = ch_malloc( sizeof vrf );
1065 LDAP_LOG( FILTER, DETAIL2,
1066 "get_simple_vrFilter: conn %d exit\n", op->o_connid, 0, 0 );
1068 Debug( LDAP_DEBUG_FILTER, "end get_simple_vrFilter %d\n", err, 0, 0 );
1075 get_vrFilter( Operation *op, BerElement *ber,
1076 ValuesReturnFilter **vrf,
1080 * A ValuesReturnFilter looks like this:
1082 * ValuesReturnFilter ::= SEQUENCE OF SimpleFilterItem
1083 * SimpleFilterItem ::= CHOICE {
1084 * equalityMatch [3] AttributeValueAssertion,
1085 * substrings [4] SubstringFilter,
1086 * greaterOrEqual [5] AttributeValueAssertion,
1087 * lessOrEqual [6] AttributeValueAssertion,
1088 * present [7] AttributeType,
1089 * approxMatch [8] AttributeValueAssertion,
1090 * extensibleMatch [9] SimpleMatchingAssertion -- LDAPv3
1093 * SubstringFilter ::= SEQUENCE {
1094 * type AttributeType,
1095 * SEQUENCE OF CHOICE {
1096 * initial [0] IA5String,
1097 * any [1] IA5String,
1098 * final [2] IA5String
1102 * SimpleMatchingAssertion ::= SEQUENCE { -- LDAPv3
1103 * matchingRule [1] MatchingRuleId OPTIONAL,
1104 * type [2] AttributeDescription OPTIONAL,
1105 * matchValue [3] AssertionValue }
1108 ValuesReturnFilter **n;
1114 LDAP_LOG( FILTER, ENTRY,
1115 "get_vrFilter: conn %d start\n", op->o_connid, 0, 0 );
1117 Debug( LDAP_DEBUG_FILTER, "begin get_vrFilter\n", 0, 0, 0 );
1120 tag = ber_peek_tag( ber, &len );
1122 if( tag == LBER_ERROR ) {
1123 *text = "error decoding vrFilter";
1124 return SLAPD_DISCONNECT;
1127 if( tag != LBER_SEQUENCE ) {
1128 *text = "error decoding vrFilter, expect SEQUENCE tag";
1129 return SLAPD_DISCONNECT;
1133 for ( tag = ber_first_element( ber, &len, &last );
1134 tag != LBER_DEFAULT;
1135 tag = ber_next_element( ber, &len, last ) )
1137 int err = get_simple_vrFilter( op, ber, n, text );
1139 if ( err != LDAP_SUCCESS ) return( err );
1141 n = &(*n)->vrf_next;
1146 LDAP_LOG( FILTER, ENTRY,
1147 "get_vrFilter: conn %d exit\n", op->o_connid, 0, 0 );
1149 Debug( LDAP_DEBUG_FILTER, "end get_vrFilter\n", 0, 0, 0 );
1151 return( LDAP_SUCCESS );
1155 vrFilter_free( Operation *op, ValuesReturnFilter *vrf )
1157 ValuesReturnFilter *p, *next;
1159 if ( vrf == NULL ) {
1163 for ( p = vrf; p != NULL; p = next ) {
1166 switch ( vrf->vrf_choice ) {
1167 case LDAP_FILTER_PRESENT:
1170 case LDAP_FILTER_EQUALITY:
1171 case LDAP_FILTER_GE:
1172 case LDAP_FILTER_LE:
1173 case LDAP_FILTER_APPROX:
1174 ava_free( op, vrf->vrf_ava, 1 );
1177 case LDAP_FILTER_SUBSTRINGS:
1178 if ( vrf->vrf_sub_initial.bv_val != NULL ) {
1179 op->o_tmpfree( vrf->vrf_sub_initial.bv_val, op->o_tmpmemctx );
1181 ber_bvarray_free_x( vrf->vrf_sub_any, op->o_tmpmemctx );
1182 if ( vrf->vrf_sub_final.bv_val != NULL ) {
1183 op->o_tmpfree( vrf->vrf_sub_final.bv_val, op->o_tmpmemctx );
1185 op->o_tmpfree( vrf->vrf_sub, op->o_tmpmemctx );
1188 case LDAP_FILTER_EXT:
1189 mra_free( op, vrf->vrf_mra, 1 );
1192 case SLAPD_FILTER_COMPUTED:
1197 LDAP_LOG( FILTER, ERR,
1198 "filter_free: unknown filter type %lu\n", vrf->vrf_choice, 0, 0 );
1200 Debug( LDAP_DEBUG_ANY, "filter_free: unknown filter type=%lu\n",
1201 vrf->vrf_choice, 0, 0 );
1206 op->o_tmpfree( vrf, op->o_tmpmemctx );
1211 vrFilter2bv( Operation *op, ValuesReturnFilter *vrf, struct berval *fstr )
1213 ValuesReturnFilter *p;
1217 if ( vrf == NULL ) {
1218 ber_str2bv_x( "No filter!", sizeof("No filter!")-1,
1219 1, fstr, op->o_tmpmemctx );
1223 fstr->bv_len = sizeof("()") - 1;
1224 fstr->bv_val = op->o_tmpalloc( fstr->bv_len + 128, op->o_tmpmemctx );
1226 snprintf( fstr->bv_val, fstr->bv_len + 1, "()");
1228 for ( p = vrf; p != NULL; p = p->vrf_next ) {
1231 simple_vrFilter2bv( op, p, &tmp );
1233 fstr->bv_len += tmp.bv_len;
1234 fstr->bv_val = op->o_tmprealloc( fstr->bv_val, fstr->bv_len + 1, op->o_tmpmemctx );
1236 snprintf( &fstr->bv_val[len-1], tmp.bv_len + 2,
1237 /*"("*/ "%s)", tmp.bv_val );
1239 op->o_tmpfree( tmp.bv_val, op->o_tmpmemctx );
1244 simple_vrFilter2bv( Operation *op, ValuesReturnFilter *vrf, struct berval *fstr )
1249 if ( vrf == NULL ) {
1250 ber_str2bv_x( "No filter!", sizeof("No filter!")-1, 1, fstr, op->o_tmpmemctx );
1254 switch ( vrf->vrf_choice ) {
1255 case LDAP_FILTER_EQUALITY:
1256 filter_escape_value_x( &vrf->vrf_av_value, &tmp, op->o_tmpmemctx );
1258 fstr->bv_len = vrf->vrf_av_desc->ad_cname.bv_len +
1259 tmp.bv_len + ( sizeof("(=)") - 1 );
1260 fstr->bv_val = op->o_tmpalloc( fstr->bv_len + 1, op->o_tmpmemctx );
1262 snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s=%s)",
1263 vrf->vrf_av_desc->ad_cname.bv_val,
1266 ber_memfree_x( tmp.bv_val, op->o_tmpmemctx );
1269 case LDAP_FILTER_GE:
1270 filter_escape_value_x( &vrf->vrf_av_value, &tmp, op->o_tmpmemctx );
1272 fstr->bv_len = vrf->vrf_av_desc->ad_cname.bv_len +
1273 tmp.bv_len + ( sizeof("(>=)") - 1 );
1274 fstr->bv_val = op->o_tmpalloc( fstr->bv_len + 1, op->o_tmpmemctx );
1276 snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s>=%s)",
1277 vrf->vrf_av_desc->ad_cname.bv_val,
1280 ber_memfree_x( tmp.bv_val, op->o_tmpmemctx );
1283 case LDAP_FILTER_LE:
1284 filter_escape_value_x( &vrf->vrf_av_value, &tmp, op->o_tmpmemctx );
1286 fstr->bv_len = vrf->vrf_av_desc->ad_cname.bv_len +
1287 tmp.bv_len + ( sizeof("(<=)") - 1 );
1288 fstr->bv_val = op->o_tmpalloc( fstr->bv_len + 1, op->o_tmpmemctx );
1290 snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s<=%s)",
1291 vrf->vrf_av_desc->ad_cname.bv_val,
1294 ber_memfree_x( tmp.bv_val, op->o_tmpmemctx );
1297 case LDAP_FILTER_APPROX:
1298 filter_escape_value_x( &vrf->vrf_av_value, &tmp, op->o_tmpmemctx );
1300 fstr->bv_len = vrf->vrf_av_desc->ad_cname.bv_len +
1301 tmp.bv_len + ( sizeof("(~=)") - 1 );
1302 fstr->bv_val = op->o_tmpalloc( fstr->bv_len + 1, op->o_tmpmemctx );
1304 snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s~=%s)",
1305 vrf->vrf_av_desc->ad_cname.bv_val,
1307 ber_memfree_x( tmp.bv_val, op->o_tmpmemctx );
1310 case LDAP_FILTER_SUBSTRINGS:
1311 fstr->bv_len = vrf->vrf_sub_desc->ad_cname.bv_len +
1312 ( sizeof("(=*)") - 1 );
1313 fstr->bv_val = op->o_tmpalloc( fstr->bv_len + 128, op->o_tmpmemctx );
1315 snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s=*)",
1316 vrf->vrf_sub_desc->ad_cname.bv_val );
1318 if ( vrf->vrf_sub_initial.bv_val != NULL ) {
1321 filter_escape_value_x( &vrf->vrf_sub_initial, &tmp, op->o_tmpmemctx );
1323 fstr->bv_len += tmp.bv_len;
1324 fstr->bv_val = op->o_tmprealloc( fstr->bv_val, fstr->bv_len + 1, op->o_tmpmemctx );
1326 snprintf( &fstr->bv_val[len-2], tmp.bv_len+3,
1327 /* "(attr=" */ "%s*)",
1330 ber_memfree_x( tmp.bv_val, op->o_tmpmemctx );
1333 if ( vrf->vrf_sub_any != NULL ) {
1335 for ( i = 0; vrf->vrf_sub_any[i].bv_val != NULL; i++ ) {
1337 filter_escape_value_x( &vrf->vrf_sub_any[i], &tmp, op->o_tmpmemctx );
1339 fstr->bv_len += tmp.bv_len + 1;
1340 fstr->bv_val = op->o_tmprealloc( fstr->bv_val, fstr->bv_len + 1, op->o_tmpmemctx );
1342 snprintf( &fstr->bv_val[len-1], tmp.bv_len+3,
1343 /* "(attr=[init]*[any*]" */ "%s*)",
1345 ber_memfree_x( tmp.bv_val, op->o_tmpmemctx );
1349 if ( vrf->vrf_sub_final.bv_val != NULL ) {
1352 filter_escape_value_x( &vrf->vrf_sub_final, &tmp, op->o_tmpmemctx );
1354 fstr->bv_len += tmp.bv_len;
1355 fstr->bv_val = op->o_tmprealloc( fstr->bv_val, fstr->bv_len + 1, op->o_tmpmemctx );
1357 snprintf( &fstr->bv_val[len-1], tmp.bv_len+3,
1358 /* "(attr=[init*][any*]" */ "%s)",
1361 ber_memfree_x( tmp.bv_val, op->o_tmpmemctx );
1366 case LDAP_FILTER_PRESENT:
1367 fstr->bv_len = vrf->vrf_desc->ad_cname.bv_len +
1368 ( sizeof("(=*)") - 1 );
1369 fstr->bv_val = op->o_tmpalloc( fstr->bv_len + 1, op->o_tmpmemctx );
1371 snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s=*)",
1372 vrf->vrf_desc->ad_cname.bv_val );
1375 case LDAP_FILTER_EXT: {
1377 filter_escape_value_x( &vrf->vrf_mr_value, &tmp, op->o_tmpmemctx );
1379 if ( vrf->vrf_mr_desc ) {
1380 ad = vrf->vrf_mr_desc->ad_cname;
1386 fstr->bv_len = ad.bv_len +
1387 ( vrf->vrf_mr_dnattrs ? sizeof(":dn")-1 : 0 ) +
1388 ( vrf->vrf_mr_rule_text.bv_len ? vrf->vrf_mr_rule_text.bv_len+1 : 0 ) +
1389 tmp.bv_len + ( sizeof("(:=)") - 1 );
1390 fstr->bv_val = op->o_tmpalloc( fstr->bv_len + 1, op->o_tmpmemctx );
1392 snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s%s%s%s:=%s)",
1394 vrf->vrf_mr_dnattrs ? ":dn" : "",
1395 vrf->vrf_mr_rule_text.bv_len ? ":" : "",
1396 vrf->vrf_mr_rule_text.bv_len ? vrf->vrf_mr_rule_text.bv_val : "",
1399 ber_memfree_x( tmp.bv_val, op->o_tmpmemctx );
1402 case SLAPD_FILTER_COMPUTED:
1404 vrf->vrf_result == LDAP_COMPARE_FALSE ? "(?=false)" :
1405 vrf->vrf_result == LDAP_COMPARE_TRUE ? "(?=true)" :
1406 vrf->vrf_result == SLAPD_COMPARE_UNDEFINED ? "(?=undefined)" :
1408 vrf->vrf_result == LDAP_COMPARE_FALSE ? sizeof("(?=false)")-1 :
1409 vrf->vrf_result == LDAP_COMPARE_TRUE ? sizeof("(?=true)")-1 :
1410 vrf->vrf_result == SLAPD_COMPARE_UNDEFINED ? sizeof("(?=undefined)")-1 :
1411 sizeof("(?=error)")-1,
1412 1, fstr, op->o_tmpmemctx );
1416 ber_str2bv_x( "(?=unknown)", sizeof("(?=unknown)")-1,
1417 1, fstr, op->o_tmpmemctx );
projects / openldap / blob