1 /* filter.c - routines for parsing and dealing with filters */
4 * Copyright 1998-2003 The OpenLDAP Foundation, All Rights Reserved.
5 * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
12 #include <ac/socket.h>
13 #include <ac/string.h>
17 static int get_filter_list(
23 static int get_substring_filter(
29 static void simple_vrFilter2bv(
30 ValuesReturnFilter *f,
31 struct berval *fstr );
33 static int get_simple_vrFilter(
36 ValuesReturnFilter **f,
53 LDAP_LOG( FILTER, ENTRY, "get_filter: conn %d\n", conn->c_connid, 0, 0 );
55 Debug( LDAP_DEBUG_FILTER, "begin get_filter\n", 0, 0, 0 );
58 * A filter looks like this coming in:
60 * and [0] SET OF Filter,
61 * or [1] SET OF Filter,
63 * equalityMatch [3] AttributeValueAssertion,
64 * substrings [4] SubstringFilter,
65 * greaterOrEqual [5] AttributeValueAssertion,
66 * lessOrEqual [6] AttributeValueAssertion,
67 * present [7] AttributeType,,
68 * approxMatch [8] AttributeValueAssertion
69 * extensibleMatch [9] MatchingRuleAssertion
72 * SubstringFilter ::= SEQUENCE {
74 * SEQUENCE OF CHOICE {
75 * initial [0] IA5String,
81 * MatchingRuleAssertion ::= SEQUENCE {
82 * matchingRule [1] MatchingRuleId OPTIONAL,
83 * type [2] AttributeDescription OPTIONAL,
84 * matchValue [3] AssertionValue,
85 * dnAttributes [4] BOOLEAN DEFAULT FALSE
90 tag = ber_peek_tag( ber, &len );
92 if( tag == LBER_ERROR ) {
93 *text = "error decoding filter";
94 return SLAPD_DISCONNECT;
97 f = (Filter *) ch_malloc( sizeof(Filter) );
103 switch ( f->f_choice ) {
104 case LDAP_FILTER_EQUALITY:
106 LDAP_LOG( FILTER, DETAIL2,
107 "get_filter: conn %d EQUALITY\n", conn->c_connid, 0, 0 );
109 Debug( LDAP_DEBUG_FILTER, "EQUALITY\n", 0, 0, 0 );
111 err = get_ava( ber, &f->f_ava, SLAP_MR_EQUALITY, text );
112 if ( err != LDAP_SUCCESS ) {
116 assert( f->f_ava != NULL );
119 case LDAP_FILTER_SUBSTRINGS:
121 LDAP_LOG( FILTER, DETAIL1,
122 "get_filter: conn %d SUBSTRINGS\n", conn->c_connid, 0, 0 );
124 Debug( LDAP_DEBUG_FILTER, "SUBSTRINGS\n", 0, 0, 0 );
126 err = get_substring_filter( conn, ber, f, text );
131 LDAP_LOG( FILTER, DETAIL1,
132 "get_filter: conn %d GE\n", conn->c_connid, 0, 0 );
134 Debug( LDAP_DEBUG_FILTER, "GE\n", 0, 0, 0 );
136 err = get_ava( ber, &f->f_ava, SLAP_MR_ORDERING, text );
137 if ( err != LDAP_SUCCESS ) {
144 LDAP_LOG( FILTER, DETAIL1,
145 "get_filter: conn %d LE\n", conn->c_connid, 0, 0 );
147 Debug( LDAP_DEBUG_FILTER, "LE\n", 0, 0, 0 );
149 err = get_ava( ber, &f->f_ava, SLAP_MR_ORDERING, text );
150 if ( err != LDAP_SUCCESS ) {
155 case LDAP_FILTER_PRESENT: {
159 LDAP_LOG( FILTER, DETAIL1,
160 "get_filter: conn %d PRESENT\n", conn->c_connid, 0, 0 );
162 Debug( LDAP_DEBUG_FILTER, "PRESENT\n", 0, 0, 0 );
164 if ( ber_scanf( ber, "m", &type ) == LBER_ERROR ) {
165 err = SLAPD_DISCONNECT;
166 *text = "error decoding filter";
171 err = slap_bv2ad( &type, &f->f_desc, text );
173 if( err != LDAP_SUCCESS ) {
174 /* unrecognized attribute description or other error */
175 f->f_choice = SLAPD_FILTER_COMPUTED;
176 f->f_result = LDAP_COMPARE_FALSE;
182 case LDAP_FILTER_APPROX:
184 LDAP_LOG( FILTER, DETAIL1,
185 "get_filter: conn %d APPROX\n", conn->c_connid, 0, 0 );
187 Debug( LDAP_DEBUG_FILTER, "APPROX\n", 0, 0, 0 );
189 err = get_ava( ber, &f->f_ava, SLAP_MR_EQUALITY_APPROX, text );
190 if ( err != LDAP_SUCCESS ) {
195 case LDAP_FILTER_AND:
197 LDAP_LOG( FILTER, DETAIL1,
198 "get_filter: conn %d AND\n", conn->c_connid, 0, 0 );
200 Debug( LDAP_DEBUG_FILTER, "AND\n", 0, 0, 0 );
202 err = get_filter_list( conn, ber, &f->f_and, text );
203 if ( err != LDAP_SUCCESS ) {
210 LDAP_LOG( FILTER, DETAIL1,
211 "get_filter: conn %d OR\n", conn->c_connid, 0, 0 );
213 Debug( LDAP_DEBUG_FILTER, "OR\n", 0, 0, 0 );
215 err = get_filter_list( conn, ber, &f->f_or, text );
216 if ( err != LDAP_SUCCESS ) {
221 case LDAP_FILTER_NOT:
223 LDAP_LOG( FILTER, DETAIL1,
224 "get_filter: conn %d NOT\n", conn->c_connid, 0, 0 );
226 Debug( LDAP_DEBUG_FILTER, "NOT\n", 0, 0, 0 );
228 (void) ber_skip_tag( ber, &len );
229 err = get_filter( conn, ber, &f->f_not, text );
230 if ( err != LDAP_SUCCESS ) {
235 case LDAP_FILTER_EXT:
237 LDAP_LOG( FILTER, DETAIL1,
238 "get_filter: conn %d EXTENSIBLE\n", conn->c_connid, 0, 0 );
240 Debug( LDAP_DEBUG_FILTER, "EXTENSIBLE\n", 0, 0, 0 );
243 err = get_mra( ber, &f->f_mra, text );
244 if ( err != LDAP_SUCCESS ) {
248 assert( f->f_mra != NULL );
252 (void) ber_scanf( ber, "x" ); /* skip the element */
254 LDAP_LOG( FILTER, ERR,
255 "get_filter: conn %d unknown filter type=%lu\n",
256 conn->c_connid, f->f_choice, 0 );
258 Debug( LDAP_DEBUG_ANY, "get_filter: unknown filter type=%lu\n",
261 f->f_choice = SLAPD_FILTER_COMPUTED;
262 f->f_result = SLAPD_COMPARE_UNDEFINED;
266 if ( err != LDAP_SUCCESS ) {
267 if( err != SLAPD_DISCONNECT ) {
269 f->f_choice = SLAPD_FILTER_COMPUTED;
270 f->f_result = SLAPD_COMPARE_UNDEFINED;
283 LDAP_LOG( FILTER, DETAIL2,
284 "get_filter: conn %d exit\n", conn->c_connid, 0, 0 );
286 Debug( LDAP_DEBUG_FILTER, "end get_filter %d\n", err, 0, 0 );
292 get_filter_list( Connection *conn, BerElement *ber,
303 LDAP_LOG( FILTER, ENTRY,
304 "get_filter_list: conn %d start\n", conn->c_connid, 0, 0 );
306 Debug( LDAP_DEBUG_FILTER, "begin get_filter_list\n", 0, 0, 0 );
309 for ( tag = ber_first_element( ber, &len, &last ); tag != LBER_DEFAULT;
310 tag = ber_next_element( ber, &len, last ) )
312 err = get_filter( conn, ber, new, text );
313 if ( err != LDAP_SUCCESS )
315 new = &(*new)->f_next;
320 LDAP_LOG( FILTER, ENTRY,
321 "get_filter_list: conn %d exit\n", conn->c_connid, 0, 0 );
323 Debug( LDAP_DEBUG_FILTER, "end get_filter_list\n", 0, 0, 0 );
325 return( LDAP_SUCCESS );
329 get_substring_filter(
341 *text = "error decoding filter";
344 LDAP_LOG( FILTER, ENTRY,
345 "get_substring_filter: conn %d begin\n", conn->c_connid, 0, 0 );
347 Debug( LDAP_DEBUG_FILTER, "begin get_substring_filter\n", 0, 0, 0 );
349 if ( ber_scanf( ber, "{m" /*}*/, &bv ) == LBER_ERROR ) {
350 return SLAPD_DISCONNECT;
353 f->f_sub = ch_calloc( 1, sizeof(SubstringsAssertion) );
354 f->f_sub_desc = NULL;
355 rc = slap_bv2ad( &bv, &f->f_sub_desc, text );
357 if( rc != LDAP_SUCCESS ) {
360 f->f_choice = SLAPD_FILTER_COMPUTED;
361 f->f_result = SLAPD_COMPARE_UNDEFINED;
365 f->f_sub_initial.bv_val = NULL;
367 f->f_sub_final.bv_val = NULL;
369 for ( tag = ber_first_element( ber, &len, &last ); tag != LBER_DEFAULT;
370 tag = ber_next_element( ber, &len, last ) )
374 rc = ber_scanf( ber, "m", &value );
375 if ( rc == LBER_ERROR ) {
376 rc = SLAPD_DISCONNECT;
380 if ( value.bv_val == NULL || value.bv_len == 0 ) {
381 rc = LDAP_INVALID_SYNTAX;
386 case LDAP_SUBSTRING_INITIAL:
387 usage = SLAP_MR_SUBSTR_INITIAL;
390 case LDAP_SUBSTRING_ANY:
391 usage = SLAP_MR_SUBSTR_ANY;
394 case LDAP_SUBSTRING_FINAL:
395 usage = SLAP_MR_SUBSTR_FINAL;
399 rc = LDAP_PROTOCOL_ERROR;
402 LDAP_LOG( FILTER, ERR,
403 "get_filter_substring: conn %d unknown substring choice=%ld\n",
404 conn->c_connid, (long)tag, 0 );
406 Debug( LDAP_DEBUG_FILTER,
407 " unknown substring choice=%ld\n",
414 /* validate/normalize using equality matching rule validator! */
415 rc = asserted_value_validate_normalize(
416 f->f_sub_desc, f->f_sub_desc->ad_type->sat_equality,
417 usage, &value, &bv, text );
418 if( rc != LDAP_SUCCESS ) {
422 /* validate using equality matching rule validator! */
423 rc = value_validate( f->f_sub_desc->ad_type->sat_equality,
425 if( rc != LDAP_SUCCESS ) {
429 rc = value_normalize( f->f_sub_desc, usage,
431 if( rc != LDAP_SUCCESS ) {
438 rc = LDAP_PROTOCOL_ERROR;
441 case LDAP_SUBSTRING_INITIAL:
443 LDAP_LOG( FILTER, DETAIL1,
444 "get_substring_filter: conn %d INITIAL\n", conn->c_connid, 0, 0 );
446 Debug( LDAP_DEBUG_FILTER, " INITIAL\n", 0, 0, 0 );
449 if ( f->f_sub_initial.bv_val != NULL
450 || f->f_sub_any != NULL
451 || f->f_sub_final.bv_val != NULL )
453 free( value.bv_val );
457 f->f_sub_initial = value;
460 case LDAP_SUBSTRING_ANY:
462 LDAP_LOG( FILTER, DETAIL1,
463 "get_substring_filter: conn %d ANY\n", conn->c_connid, 0, 0 );
465 Debug( LDAP_DEBUG_FILTER, " ANY\n", 0, 0, 0 );
468 if ( f->f_sub_final.bv_val != NULL ) {
469 free( value.bv_val );
473 ber_bvarray_add( &f->f_sub_any, &value );
476 case LDAP_SUBSTRING_FINAL:
478 LDAP_LOG( FILTER, DETAIL1,
479 "get_substring_filter: conn %d FINAL\n", conn->c_connid, 0, 0 );
481 Debug( LDAP_DEBUG_FILTER, " FINAL\n", 0, 0, 0 );
484 if ( f->f_sub_final.bv_val != NULL ) {
485 free( value.bv_val );
489 f->f_sub_final = value;
494 LDAP_LOG( FILTER, INFO,
495 "get_substring_filter: conn %d unknown substring type %ld\n",
496 conn->c_connid, (long)tag, 0 );
498 Debug( LDAP_DEBUG_FILTER,
499 " unknown substring type=%ld\n",
503 free( value.bv_val );
507 LDAP_LOG( FILTER, INFO,
508 "get_substring_filter: conn %d error %ld\n",
509 conn->c_connid, (long)rc, 0 );
511 Debug( LDAP_DEBUG_FILTER, " error=%ld\n",
514 free( f->f_sub_initial.bv_val );
515 ber_bvarray_free( f->f_sub_any );
516 free( f->f_sub_final.bv_val );
523 LDAP_LOG( FILTER, ENTRY,
524 "get_substring_filter: conn %d exit\n", conn->c_connid, 0, 0 );
526 Debug( LDAP_DEBUG_FILTER, "end get_substring_filter\n", 0, 0, 0 );
528 return( LDAP_SUCCESS );
532 filter_free( Filter *f )
540 switch ( f->f_choice ) {
541 case LDAP_FILTER_PRESENT:
544 case LDAP_FILTER_EQUALITY:
547 case LDAP_FILTER_APPROX:
548 ava_free( f->f_ava, 1 );
551 case LDAP_FILTER_SUBSTRINGS:
552 if ( f->f_sub_initial.bv_val != NULL ) {
553 free( f->f_sub_initial.bv_val );
555 ber_bvarray_free( f->f_sub_any );
556 if ( f->f_sub_final.bv_val != NULL ) {
557 free( f->f_sub_final.bv_val );
562 case LDAP_FILTER_AND:
564 case LDAP_FILTER_NOT:
565 for ( p = f->f_list; p != NULL; p = next ) {
571 case LDAP_FILTER_EXT:
572 mra_free( f->f_mra, 1 );
575 case SLAPD_FILTER_COMPUTED:
580 LDAP_LOG( FILTER, ERR,
581 "filter_free: unknown filter type %lu\n", f->f_choice, 0, 0 );
583 Debug( LDAP_DEBUG_ANY, "filter_free: unknown filter type=%lu\n",
593 filter2bv( Filter *f, struct berval *fstr )
601 ber_str2bv( "No filter!", sizeof("No filter!")-1, 1, fstr );
605 switch ( f->f_choice ) {
606 case LDAP_FILTER_EQUALITY:
607 filter_escape_value( &f->f_av_value, &tmp );
609 fstr->bv_len = f->f_av_desc->ad_cname.bv_len +
610 tmp.bv_len + ( sizeof("(=)") - 1 );
611 fstr->bv_val = ch_malloc( fstr->bv_len + 1 );
613 snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s=%s)",
614 f->f_av_desc->ad_cname.bv_val,
617 ber_memfree( tmp.bv_val );
621 filter_escape_value( &f->f_av_value, &tmp );
623 fstr->bv_len = f->f_av_desc->ad_cname.bv_len +
624 tmp.bv_len + ( sizeof("(>=)") - 1 );
625 fstr->bv_val = ch_malloc( fstr->bv_len + 1 );
627 snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s>=%s)",
628 f->f_av_desc->ad_cname.bv_val,
631 ber_memfree( tmp.bv_val );
635 filter_escape_value( &f->f_av_value, &tmp );
637 fstr->bv_len = f->f_av_desc->ad_cname.bv_len +
638 tmp.bv_len + ( sizeof("(<=)") - 1 );
639 fstr->bv_val = ch_malloc( fstr->bv_len + 1 );
641 snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s<=%s)",
642 f->f_av_desc->ad_cname.bv_val,
645 ber_memfree( tmp.bv_val );
648 case LDAP_FILTER_APPROX:
649 filter_escape_value( &f->f_av_value, &tmp );
651 fstr->bv_len = f->f_av_desc->ad_cname.bv_len +
652 tmp.bv_len + ( sizeof("(~=)") - 1 );
653 fstr->bv_val = ch_malloc( fstr->bv_len + 1 );
655 snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s~=%s)",
656 f->f_av_desc->ad_cname.bv_val,
658 ber_memfree( tmp.bv_val );
661 case LDAP_FILTER_SUBSTRINGS:
662 fstr->bv_len = f->f_sub_desc->ad_cname.bv_len +
663 ( sizeof("(=*)") - 1 );
664 fstr->bv_val = ch_malloc( fstr->bv_len + 128 );
666 snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s=*)",
667 f->f_sub_desc->ad_cname.bv_val );
669 if ( f->f_sub_initial.bv_val != NULL ) {
672 filter_escape_value( &f->f_sub_initial, &tmp );
674 fstr->bv_len += tmp.bv_len;
675 fstr->bv_val = ch_realloc( fstr->bv_val, fstr->bv_len + 1 );
677 snprintf( &fstr->bv_val[len-2], tmp.bv_len+3,
678 /* "(attr=" */ "%s*)",
681 ber_memfree( tmp.bv_val );
684 if ( f->f_sub_any != NULL ) {
685 for ( i = 0; f->f_sub_any[i].bv_val != NULL; i++ ) {
687 filter_escape_value( &f->f_sub_any[i], &tmp );
689 fstr->bv_len += tmp.bv_len + 1;
690 fstr->bv_val = ch_realloc( fstr->bv_val, fstr->bv_len + 1 );
692 snprintf( &fstr->bv_val[len-1], tmp.bv_len+3,
693 /* "(attr=[init]*[any*]" */ "%s*)",
695 ber_memfree( tmp.bv_val );
699 if ( f->f_sub_final.bv_val != NULL ) {
702 filter_escape_value( &f->f_sub_final, &tmp );
704 fstr->bv_len += tmp.bv_len;
705 fstr->bv_val = ch_realloc( fstr->bv_val, fstr->bv_len + 1 );
707 snprintf( &fstr->bv_val[len-1], tmp.bv_len+3,
708 /* "(attr=[init*][any*]" */ "%s)",
711 ber_memfree( tmp.bv_val );
716 case LDAP_FILTER_PRESENT:
717 fstr->bv_len = f->f_desc->ad_cname.bv_len +
718 ( sizeof("(=*)") - 1 );
719 fstr->bv_val = ch_malloc( fstr->bv_len + 1 );
721 snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s=*)",
722 f->f_desc->ad_cname.bv_val );
725 case LDAP_FILTER_AND:
727 case LDAP_FILTER_NOT:
728 fstr->bv_len = sizeof("(%)") - 1;
729 fstr->bv_val = ch_malloc( fstr->bv_len + 128 );
731 snprintf( fstr->bv_val, fstr->bv_len + 1, "(%c)",
732 f->f_choice == LDAP_FILTER_AND ? '&' :
733 f->f_choice == LDAP_FILTER_OR ? '|' : '!' );
735 for ( p = f->f_list; p != NULL; p = p->f_next ) {
738 filter2bv( p, &tmp );
740 fstr->bv_len += tmp.bv_len;
741 fstr->bv_val = ch_realloc( fstr->bv_val, fstr->bv_len + 1 );
743 snprintf( &fstr->bv_val[len-1], tmp.bv_len + 2,
744 /*"("*/ "%s)", tmp.bv_val );
746 ch_free( tmp.bv_val );
751 case LDAP_FILTER_EXT: {
753 filter_escape_value( &f->f_mr_value, &tmp );
755 if ( f->f_mr_desc ) {
756 ad = f->f_mr_desc->ad_cname;
762 fstr->bv_len = ad.bv_len +
763 ( f->f_mr_dnattrs ? sizeof(":dn")-1 : 0 ) +
764 ( f->f_mr_rule_text.bv_len ? f->f_mr_rule_text.bv_len+1 : 0 ) +
765 tmp.bv_len + ( sizeof("(:=)") - 1 );
766 fstr->bv_val = ch_malloc( fstr->bv_len + 1 );
768 snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s%s%s%s:=%s)",
770 f->f_mr_dnattrs ? ":dn" : "",
771 f->f_mr_rule_text.bv_len ? ":" : "",
772 f->f_mr_rule_text.bv_len ? f->f_mr_rule_text.bv_val : "",
774 ber_memfree( tmp.bv_val );
777 case SLAPD_FILTER_COMPUTED:
779 f->f_result == LDAP_COMPARE_FALSE ? "(?=false)" :
780 f->f_result == LDAP_COMPARE_TRUE ? "(?=true)" :
781 f->f_result == SLAPD_COMPARE_UNDEFINED ? "(?=undefined)" :
783 f->f_result == LDAP_COMPARE_FALSE ? sizeof("(?=false)")-1 :
784 f->f_result == LDAP_COMPARE_TRUE ? sizeof("(?=true)")-1 :
785 f->f_result == SLAPD_COMPARE_UNDEFINED ? sizeof("(?=undefined)")-1 :
786 sizeof("(?=error)")-1,
791 ber_str2bv( "(?=unknown)", sizeof("(?=unknown)")-1, 1, fstr );
805 out->bv_val = (char *) ch_malloc( ( in->bv_len * 3 ) + 1 );
808 for( i=0; i < in->bv_len ; i++ ) {
809 if( FILTER_ESCAPE(in->bv_val[i]) ) {
810 out->bv_val[out->bv_len++] = SLAP_ESCAPE_CHAR;
811 out->bv_val[out->bv_len++] = SLAP_ESCAPE_HI( in->bv_val[i] );
812 out->bv_val[out->bv_len++] = SLAP_ESCAPE_LO( in->bv_val[i] );
814 out->bv_val[out->bv_len++] = in->bv_val[i];
818 out->bv_val[out->bv_len] = '\0';
826 ValuesReturnFilter **filt,
832 ValuesReturnFilter *vrf;
835 LDAP_LOG( FILTER, ENTRY,
836 "get_simple_vrFilter: conn %d\n", conn->c_connid, 0, 0 );
838 Debug( LDAP_DEBUG_FILTER, "begin get_simple_vrFilter\n", 0, 0, 0 );
841 tag = ber_peek_tag( ber, &len );
843 if( tag == LBER_ERROR ) {
844 *text = "error decoding filter";
845 return SLAPD_DISCONNECT;
848 vrf = (ValuesReturnFilter *) ch_malloc( sizeof(ValuesReturnFilter) );
849 vrf->vrf_next = NULL;
852 vrf->vrf_choice = tag;
854 switch ( vrf->vrf_choice ) {
855 case LDAP_FILTER_EQUALITY:
857 LDAP_LOG( FILTER, DETAIL2,
858 "get_simple_vrFilter: conn %d EQUALITY\n", conn->c_connid, 0, 0 );
860 Debug( LDAP_DEBUG_FILTER, "EQUALITY\n", 0, 0, 0 );
862 err = get_ava( ber, &vrf->vrf_ava, SLAP_MR_EQUALITY, text );
863 if ( err != LDAP_SUCCESS ) {
867 assert( vrf->vrf_ava != NULL );
870 case LDAP_FILTER_SUBSTRINGS:
872 LDAP_LOG( FILTER, DETAIL1,
873 "get_simple_vrFilter: conn %d SUBSTRINGS\n", conn->c_connid, 0, 0 );
875 Debug( LDAP_DEBUG_FILTER, "SUBSTRINGS\n", 0, 0, 0 );
877 err = get_substring_filter( conn, ber, (Filter *)vrf, text );
882 LDAP_LOG( FILTER, DETAIL1,
883 "get_simple_vrFilter: conn %d GE\n", conn->c_connid, 0, 0 );
885 Debug( LDAP_DEBUG_FILTER, "GE\n", 0, 0, 0 );
887 err = get_ava( ber, &vrf->vrf_ava, SLAP_MR_ORDERING, text );
888 if ( err != LDAP_SUCCESS ) {
895 LDAP_LOG( FILTER, DETAIL1,
896 "get_simple_vrFilter: conn %d LE\n", conn->c_connid, 0, 0 );
898 Debug( LDAP_DEBUG_FILTER, "LE\n", 0, 0, 0 );
900 err = get_ava( ber, &vrf->vrf_ava, SLAP_MR_ORDERING, text );
901 if ( err != LDAP_SUCCESS ) {
906 case LDAP_FILTER_PRESENT: {
910 LDAP_LOG( FILTER, DETAIL1,
911 "get_simple_vrFilter: conn %d PRESENT\n", conn->c_connid, 0, 0 );
913 Debug( LDAP_DEBUG_FILTER, "PRESENT\n", 0, 0, 0 );
915 if ( ber_scanf( ber, "m", &type ) == LBER_ERROR ) {
916 err = SLAPD_DISCONNECT;
917 *text = "error decoding filter";
921 vrf->vrf_desc = NULL;
922 err = slap_bv2ad( &type, &vrf->vrf_desc, text );
924 if( err != LDAP_SUCCESS ) {
925 /* unrecognized attribute description or other error */
926 vrf->vrf_choice = SLAPD_FILTER_COMPUTED;
927 vrf->vrf_result = LDAP_COMPARE_FALSE;
933 case LDAP_FILTER_APPROX:
935 LDAP_LOG( FILTER, DETAIL1,
936 "get_simple_vrFilter: conn %d APPROX\n", conn->c_connid, 0, 0 );
938 Debug( LDAP_DEBUG_FILTER, "APPROX\n", 0, 0, 0 );
940 err = get_ava( ber, &vrf->vrf_ava, SLAP_MR_EQUALITY_APPROX, text );
941 if ( err != LDAP_SUCCESS ) {
946 case LDAP_FILTER_EXT:
948 LDAP_LOG( FILTER, DETAIL1,
949 "get_simple_vrFilter: conn %d EXTENSIBLE\n", conn->c_connid, 0, 0 );
951 Debug( LDAP_DEBUG_FILTER, "EXTENSIBLE\n", 0, 0, 0 );
954 err = get_mra( ber, &vrf->vrf_mra, text );
955 if ( err != LDAP_SUCCESS ) {
959 assert( vrf->vrf_mra != NULL );
963 (void) ber_scanf( ber, "x" ); /* skip the element */
965 LDAP_LOG( FILTER, ERR,
966 "get_simple_vrFilter: conn %d unknown filter type=%lu\n",
967 conn->c_connid, vrf->vrf_choice, 0 );
969 Debug( LDAP_DEBUG_ANY, "get_simple_vrFilter: unknown filter type=%lu\n",
970 vrf->vrf_choice, 0, 0 );
972 vrf->vrf_choice = SLAPD_FILTER_COMPUTED;
973 vrf->vrf_result = SLAPD_COMPARE_UNDEFINED;
977 if ( err != LDAP_SUCCESS ) {
978 if( err != SLAPD_DISCONNECT ) {
980 vrf->vrf_choice = SLAPD_FILTER_COMPUTED;
981 vrf->vrf_result = SLAPD_COMPARE_UNDEFINED;
994 LDAP_LOG( FILTER, DETAIL2,
995 "get_simple_vrFilter: conn %d exit\n", conn->c_connid, 0, 0 );
997 Debug( LDAP_DEBUG_FILTER, "end get_simple_vrFilter %d\n", err, 0, 0 );
1003 get_vrFilter( Connection *conn, BerElement *ber,
1004 ValuesReturnFilter **vrf,
1008 * A ValuesReturnFilter looks like this:
1010 * ValuesReturnFilter ::= SEQUENCE OF SimpleFilterItem
1011 * SimpleFilterItem ::= CHOICE {
1012 * equalityMatch [3] AttributeValueAssertion,
1013 * substrings [4] SubstringFilter,
1014 * greaterOrEqual [5] AttributeValueAssertion,
1015 * lessOrEqual [6] AttributeValueAssertion,
1016 * present [7] AttributeType,
1017 * approxMatch [8] AttributeValueAssertion,
1018 * extensibleMatch [9] SimpleMatchingAssertion -- LDAPv3
1021 * SubstringFilter ::= SEQUENCE {
1022 * type AttributeType,
1023 * SEQUENCE OF CHOICE {
1024 * initial [0] IA5String,
1025 * any [1] IA5String,
1026 * final [2] IA5String
1030 * SimpleMatchingAssertion ::= SEQUENCE { -- LDAPv3
1031 * matchingRule [1] MatchingRuleId OPTIONAL,
1032 * type [2] AttributeDescription OPTIONAL,
1033 * matchValue [3] AssertionValue }
1036 ValuesReturnFilter **n;
1042 LDAP_LOG( FILTER, ENTRY,
1043 "get_vrFilter: conn %d start\n", conn->c_connid, 0, 0 );
1045 Debug( LDAP_DEBUG_FILTER, "begin get_vrFilter\n", 0, 0, 0 );
1048 tag = ber_peek_tag( ber, &len );
1050 if( tag == LBER_ERROR ) {
1051 *text = "error decoding vrFilter";
1052 return SLAPD_DISCONNECT;
1055 if( tag != LBER_SEQUENCE ) {
1056 *text = "error decoding vrFilter, expect SEQUENCE tag";
1057 return SLAPD_DISCONNECT;
1061 for ( tag = ber_first_element( ber, &len, &last );
1062 tag != LBER_DEFAULT;
1063 tag = ber_next_element( ber, &len, last ) )
1065 int err = get_simple_vrFilter( conn, ber, n, text );
1066 if ( err != LDAP_SUCCESS )
1068 n = &(*n)->vrf_next;
1073 LDAP_LOG( FILTER, ENTRY,
1074 "get_vrFilter: conn %d exit\n", conn->c_connid, 0, 0 );
1076 Debug( LDAP_DEBUG_FILTER, "end get_vrFilter\n", 0, 0, 0 );
1078 return( LDAP_SUCCESS );
1082 vrFilter_free( ValuesReturnFilter *vrf )
1084 ValuesReturnFilter *p, *next;
1086 if ( vrf == NULL ) {
1090 for ( p = vrf; p != NULL; p = next ) {
1093 switch ( vrf->vrf_choice ) {
1094 case LDAP_FILTER_PRESENT:
1097 case LDAP_FILTER_EQUALITY:
1098 case LDAP_FILTER_GE:
1099 case LDAP_FILTER_LE:
1100 case LDAP_FILTER_APPROX:
1101 ava_free( vrf->vrf_ava, 1 );
1104 case LDAP_FILTER_SUBSTRINGS:
1105 if ( vrf->vrf_sub_initial.bv_val != NULL ) {
1106 free( vrf->vrf_sub_initial.bv_val );
1108 ber_bvarray_free( vrf->vrf_sub_any );
1109 if ( vrf->vrf_sub_final.bv_val != NULL ) {
1110 free( vrf->vrf_sub_final.bv_val );
1112 ch_free( vrf->vrf_sub );
1115 case LDAP_FILTER_EXT:
1116 mra_free( vrf->vrf_mra, 1 );
1119 case SLAPD_FILTER_COMPUTED:
1124 LDAP_LOG( FILTER, ERR,
1125 "filter_free: unknown filter type %lu\n", vrf->vrf_choice, 0, 0 );
1127 Debug( LDAP_DEBUG_ANY, "filter_free: unknown filter type=%lu\n",
1128 vrf->vrf_choice, 0, 0 );
1139 vrFilter2bv( ValuesReturnFilter *vrf, struct berval *fstr )
1141 ValuesReturnFilter *p;
1145 if ( vrf == NULL ) {
1146 ber_str2bv( "No filter!", sizeof("No filter!")-1, 1, fstr );
1150 fstr->bv_len = sizeof("()") - 1;
1151 fstr->bv_val = ch_malloc( fstr->bv_len + 128 );
1153 snprintf( fstr->bv_val, fstr->bv_len + 1, "()");
1155 for ( p = vrf; p != NULL; p = p->vrf_next ) {
1158 simple_vrFilter2bv( p, &tmp );
1160 fstr->bv_len += tmp.bv_len;
1161 fstr->bv_val = ch_realloc( fstr->bv_val, fstr->bv_len + 1 );
1163 snprintf( &fstr->bv_val[len-1], tmp.bv_len + 2,
1164 /*"("*/ "%s)", tmp.bv_val );
1166 ch_free( tmp.bv_val );
1171 simple_vrFilter2bv( ValuesReturnFilter *vrf, struct berval *fstr )
1176 if ( vrf == NULL ) {
1177 ber_str2bv( "No filter!", sizeof("No filter!")-1, 1, fstr );
1181 switch ( vrf->vrf_choice ) {
1182 case LDAP_FILTER_EQUALITY:
1183 filter_escape_value( &vrf->vrf_av_value, &tmp );
1185 fstr->bv_len = vrf->vrf_av_desc->ad_cname.bv_len +
1186 tmp.bv_len + ( sizeof("(=)") - 1 );
1187 fstr->bv_val = ch_malloc( fstr->bv_len + 1 );
1189 snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s=%s)",
1190 vrf->vrf_av_desc->ad_cname.bv_val,
1193 ber_memfree( tmp.bv_val );
1196 case LDAP_FILTER_GE:
1197 filter_escape_value( &vrf->vrf_av_value, &tmp );
1199 fstr->bv_len = vrf->vrf_av_desc->ad_cname.bv_len +
1200 tmp.bv_len + ( sizeof("(>=)") - 1 );
1201 fstr->bv_val = ch_malloc( fstr->bv_len + 1 );
1203 snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s>=%s)",
1204 vrf->vrf_av_desc->ad_cname.bv_val,
1207 ber_memfree( tmp.bv_val );
1210 case LDAP_FILTER_LE:
1211 filter_escape_value( &vrf->vrf_av_value, &tmp );
1213 fstr->bv_len = vrf->vrf_av_desc->ad_cname.bv_len +
1214 tmp.bv_len + ( sizeof("(<=)") - 1 );
1215 fstr->bv_val = ch_malloc( fstr->bv_len + 1 );
1217 snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s<=%s)",
1218 vrf->vrf_av_desc->ad_cname.bv_val,
1221 ber_memfree( tmp.bv_val );
1224 case LDAP_FILTER_APPROX:
1225 filter_escape_value( &vrf->vrf_av_value, &tmp );
1227 fstr->bv_len = vrf->vrf_av_desc->ad_cname.bv_len +
1228 tmp.bv_len + ( sizeof("(~=)") - 1 );
1229 fstr->bv_val = ch_malloc( fstr->bv_len + 1 );
1231 snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s~=%s)",
1232 vrf->vrf_av_desc->ad_cname.bv_val,
1234 ber_memfree( tmp.bv_val );
1237 case LDAP_FILTER_SUBSTRINGS:
1238 fstr->bv_len = vrf->vrf_sub_desc->ad_cname.bv_len +
1239 ( sizeof("(=*)") - 1 );
1240 fstr->bv_val = ch_malloc( fstr->bv_len + 128 );
1242 snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s=*)",
1243 vrf->vrf_sub_desc->ad_cname.bv_val );
1245 if ( vrf->vrf_sub_initial.bv_val != NULL ) {
1248 filter_escape_value( &vrf->vrf_sub_initial, &tmp );
1250 fstr->bv_len += tmp.bv_len;
1251 fstr->bv_val = ch_realloc( fstr->bv_val, fstr->bv_len + 1 );
1253 snprintf( &fstr->bv_val[len-2], tmp.bv_len+3,
1254 /* "(attr=" */ "%s*)",
1257 ber_memfree( tmp.bv_val );
1260 if ( vrf->vrf_sub_any != NULL ) {
1262 for ( i = 0; vrf->vrf_sub_any[i].bv_val != NULL; i++ ) {
1264 filter_escape_value( &vrf->vrf_sub_any[i], &tmp );
1266 fstr->bv_len += tmp.bv_len + 1;
1267 fstr->bv_val = ch_realloc( fstr->bv_val, fstr->bv_len + 1 );
1269 snprintf( &fstr->bv_val[len-1], tmp.bv_len+3,
1270 /* "(attr=[init]*[any*]" */ "%s*)",
1272 ber_memfree( tmp.bv_val );
1276 if ( vrf->vrf_sub_final.bv_val != NULL ) {
1279 filter_escape_value( &vrf->vrf_sub_final, &tmp );
1281 fstr->bv_len += tmp.bv_len;
1282 fstr->bv_val = ch_realloc( fstr->bv_val, fstr->bv_len + 1 );
1284 snprintf( &fstr->bv_val[len-1], tmp.bv_len+3,
1285 /* "(attr=[init*][any*]" */ "%s)",
1288 ber_memfree( tmp.bv_val );
1293 case LDAP_FILTER_PRESENT:
1294 fstr->bv_len = vrf->vrf_desc->ad_cname.bv_len +
1295 ( sizeof("(=*)") - 1 );
1296 fstr->bv_val = ch_malloc( fstr->bv_len + 1 );
1298 snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s=*)",
1299 vrf->vrf_desc->ad_cname.bv_val );
1302 case LDAP_FILTER_EXT: {
1304 filter_escape_value( &vrf->vrf_mr_value, &tmp );
1306 if ( vrf->vrf_mr_desc ) {
1307 ad = vrf->vrf_mr_desc->ad_cname;
1313 fstr->bv_len = ad.bv_len +
1314 ( vrf->vrf_mr_dnattrs ? sizeof(":dn")-1 : 0 ) +
1315 ( vrf->vrf_mr_rule_text.bv_len ? vrf->vrf_mr_rule_text.bv_len+1 : 0 ) +
1316 tmp.bv_len + ( sizeof("(:=)") - 1 );
1317 fstr->bv_val = ch_malloc( fstr->bv_len + 1 );
1319 snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s%s%s%s:=%s)",
1321 vrf->vrf_mr_dnattrs ? ":dn" : "",
1322 vrf->vrf_mr_rule_text.bv_len ? ":" : "",
1323 vrf->vrf_mr_rule_text.bv_len ? vrf->vrf_mr_rule_text.bv_val : "",
1326 ber_memfree( tmp.bv_val );
1329 case SLAPD_FILTER_COMPUTED:
1331 vrf->vrf_result == LDAP_COMPARE_FALSE ? "(?=false)" :
1332 vrf->vrf_result == LDAP_COMPARE_TRUE ? "(?=true)" :
1333 vrf->vrf_result == SLAPD_COMPARE_UNDEFINED ? "(?=undefined)" :
1335 vrf->vrf_result == LDAP_COMPARE_FALSE ? sizeof("(?=false)")-1 :
1336 vrf->vrf_result == LDAP_COMPARE_TRUE ? sizeof("(?=true)")-1 :
1337 vrf->vrf_result == SLAPD_COMPARE_UNDEFINED ? sizeof("(?=undefined)")-1 :
1338 sizeof("(?=error)")-1,
1343 ber_str2bv( "(?=unknown)", sizeof("(?=unknown)")-1, 1, fstr );
1349 get_substring_vrFilter(
1352 ValuesReturnFilter *vrf,
1358 struct berval value;
1361 *text = "error decoding filter";
1364 LDAP_LOG( FILTER, ENTRY,
1365 "get_substring_filter: conn %d begin\n", conn->c_connid, 0, 0 );
1367 Debug( LDAP_DEBUG_FILTER, "begin get_substring_filter\n", 0, 0, 0 );
1369 if ( ber_scanf( ber, "{m" /*}*/, &bv ) == LBER_ERROR ) {
1370 return SLAPD_DISCONNECT;
1373 vrf->vrf_sub = ch_calloc( 1, sizeof(SubstringsAssertion) );
1374 vrf->vrf_sub_desc = NULL;
1375 rc = slap_bv2ad( &bv, &vrf->vrf_sub_desc, text );
1377 if( rc != LDAP_SUCCESS ) {
1379 ch_free( vrf->vrf_sub );
1380 vrf->vrf_choice = SLAPD_FILTER_COMPUTED;
1381 vrf->vrf_result = SLAPD_COMPARE_UNDEFINED;
1382 return LDAP_SUCCESS;
1385 vrf->vrf_sub_initial.bv_val = NULL;
1386 vrf->vrf_sub_any = NULL;
1387 vrf->vrf_sub_final.bv_val = NULL;
1389 for ( tag = ber_first_element( ber, &len, &last ); tag != LBER_DEFAULT;
1390 tag = ber_next_element( ber, &len, last ) )
1394 rc = ber_scanf( ber, "m", &value );
1395 if ( rc == LBER_ERROR ) {
1396 rc = SLAPD_DISCONNECT;
1400 if ( value.bv_val == NULL || value.bv_len == 0 ) {
1401 rc = LDAP_INVALID_SYNTAX;
1406 case LDAP_SUBSTRING_INITIAL:
1407 usage = SLAP_MR_SUBSTR_INITIAL;
1410 case LDAP_SUBSTRING_ANY:
1411 usage = SLAP_MR_SUBSTR_ANY;
1414 case LDAP_SUBSTRING_FINAL:
1415 usage = SLAP_MR_SUBSTR_FINAL;
1419 rc = LDAP_PROTOCOL_ERROR;
1422 LDAP_LOG( FILTER, ERR,
1423 "get_filter_substring: conn %d unknown substring choice=%ld\n",
1424 conn->c_connid, (long)tag, 0 );
1426 Debug( LDAP_DEBUG_FILTER,
1427 " unknown substring choice=%ld\n",
1434 /* validate/normalize using equality matching rule validator! */
1435 rc = asserted_value_validate_normalize(
1436 vrf->vrf_sub_desc, vrf->vrf_sub_desc->ad_type->sat_equality,
1437 usage, &value, &bv, text );
1438 if( rc != LDAP_SUCCESS ) {
1442 /* valiate using equality matching rule validator! */
1443 rc = value_validate( vrf->vrf_sub_desc->ad_type->sat_equality,
1445 if( rc != LDAP_SUCCESS ) {
1449 rc = value_normalize( vrf->vrf_sub_desc, usage,
1450 &value, &bv, text );
1451 if( rc != LDAP_SUCCESS ) {
1458 rc = LDAP_PROTOCOL_ERROR;
1461 case LDAP_SUBSTRING_INITIAL:
1463 LDAP_LOG( FILTER, DETAIL1,
1464 "get_substring_filter: conn %d INITIAL\n",
1465 conn->c_connid, 0, 0 );
1467 Debug( LDAP_DEBUG_FILTER, " INITIAL\n", 0, 0, 0 );
1470 if ( vrf->vrf_sub_initial.bv_val != NULL
1471 || vrf->vrf_sub_any != NULL
1472 || vrf->vrf_sub_final.bv_val != NULL )
1474 free( value.bv_val );
1478 vrf->vrf_sub_initial = value;
1481 case LDAP_SUBSTRING_ANY:
1483 LDAP_LOG( FILTER, DETAIL1,
1484 "get_substring_filter: conn %d ANY\n", conn->c_connid, 0, 0 );
1486 Debug( LDAP_DEBUG_FILTER, " ANY\n", 0, 0, 0 );
1489 if ( vrf->vrf_sub_final.bv_val != NULL ) {
1490 free( value.bv_val );
1494 ber_bvarray_add( &vrf->vrf_sub_any, &value );
1497 case LDAP_SUBSTRING_FINAL:
1499 LDAP_LOG( FILTER, DETAIL1,
1500 "get_substring_filter: conn %d FINAL\n", conn->c_connid, 0, 0 );
1502 Debug( LDAP_DEBUG_FILTER, " FINAL\n", 0, 0, 0 );
1505 if ( vrf->vrf_sub_final.bv_val != NULL ) {
1506 free( value.bv_val );
1510 vrf->vrf_sub_final = value;
1515 LDAP_LOG( FILTER, INFO,
1516 "get_substring_filter: conn %d unknown substring type %ld\n",
1517 conn->c_connid, (long)tag, 0 );
1519 Debug( LDAP_DEBUG_FILTER,
1520 " unknown substring type=%ld\n",
1524 free( value.bv_val );
1528 LDAP_LOG( FILTER, INFO,
1529 "get_substring_filter: conn %d error %ld\n",
1530 conn->c_connid, (long)rc, 0 );
1532 Debug( LDAP_DEBUG_FILTER, " error=%ld\n",
1535 free( vrf->vrf_sub_initial.bv_val );
1536 ber_bvarray_free( vrf->vrf_sub_any );
1537 free( vrf->vrf_sub_final.bv_val );
1538 ch_free( vrf->vrf_sub );
1544 LDAP_LOG( FILTER, ENTRY,
1545 "get_substring_filter: conn %d exit\n", conn->c_connid, 0, 0 );
1547 Debug( LDAP_DEBUG_FILTER, "end get_substring_filter\n", 0, 0, 0 );
1549 return( LDAP_SUCCESS );