1 /* filter.c - routines for parsing and dealing with filters */
4 * Copyright 1998-2003 The OpenLDAP Foundation, All Rights Reserved.
5 * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
12 #include <ac/socket.h>
13 #include <ac/string.h>
17 static int get_filter_list(
23 static int get_substring_filter(
29 static void simple_vrFilter2bv(
30 ValuesReturnFilter *f,
31 struct berval *fstr );
33 static int get_simple_vrFilter(
36 ValuesReturnFilter **f,
53 LDAP_LOG( FILTER, ENTRY, "get_filter: conn %d\n", conn->c_connid, 0, 0 );
55 Debug( LDAP_DEBUG_FILTER, "begin get_filter\n", 0, 0, 0 );
58 * A filter looks like this coming in:
60 * and [0] SET OF Filter,
61 * or [1] SET OF Filter,
63 * equalityMatch [3] AttributeValueAssertion,
64 * substrings [4] SubstringFilter,
65 * greaterOrEqual [5] AttributeValueAssertion,
66 * lessOrEqual [6] AttributeValueAssertion,
67 * present [7] AttributeType,,
68 * approxMatch [8] AttributeValueAssertion
69 * extensibleMatch [9] MatchingRuleAssertion
72 * SubstringFilter ::= SEQUENCE {
74 * SEQUENCE OF CHOICE {
75 * initial [0] IA5String,
81 * MatchingRuleAssertion ::= SEQUENCE {
82 * matchingRule [1] MatchingRuleId OPTIONAL,
83 * type [2] AttributeDescription OPTIONAL,
84 * matchValue [3] AssertionValue,
85 * dnAttributes [4] BOOLEAN DEFAULT FALSE
90 tag = ber_peek_tag( ber, &len );
92 if( tag == LBER_ERROR ) {
93 *text = "error decoding filter";
94 return SLAPD_DISCONNECT;
97 f = (Filter *) ch_malloc( sizeof(Filter) );
103 switch ( f->f_choice ) {
104 case LDAP_FILTER_EQUALITY:
106 LDAP_LOG( FILTER, DETAIL2,
107 "get_filter: conn %d EQUALITY\n", conn->c_connid, 0, 0 );
109 Debug( LDAP_DEBUG_FILTER, "EQUALITY\n", 0, 0, 0 );
111 err = get_ava( ber, &f->f_ava, SLAP_MR_EQUALITY, text );
112 if ( err != LDAP_SUCCESS ) {
116 assert( f->f_ava != NULL );
119 case LDAP_FILTER_SUBSTRINGS:
121 LDAP_LOG( FILTER, DETAIL1,
122 "get_filter: conn %d SUBSTRINGS\n", conn->c_connid, 0, 0 );
124 Debug( LDAP_DEBUG_FILTER, "SUBSTRINGS\n", 0, 0, 0 );
126 err = get_substring_filter( conn, ber, f, text );
127 if( err != LDAP_SUCCESS ) {
130 assert( f->f_sub != NULL );
135 LDAP_LOG( FILTER, DETAIL1,
136 "get_filter: conn %d GE\n", conn->c_connid, 0, 0 );
138 Debug( LDAP_DEBUG_FILTER, "GE\n", 0, 0, 0 );
140 err = get_ava( ber, &f->f_ava, SLAP_MR_ORDERING, text );
141 if ( err != LDAP_SUCCESS ) {
144 assert( f->f_ava != NULL );
149 LDAP_LOG( FILTER, DETAIL1,
150 "get_filter: conn %d LE\n", conn->c_connid, 0, 0 );
152 Debug( LDAP_DEBUG_FILTER, "LE\n", 0, 0, 0 );
154 err = get_ava( ber, &f->f_ava, SLAP_MR_ORDERING, text );
155 if ( err != LDAP_SUCCESS ) {
158 assert( f->f_ava != NULL );
161 case LDAP_FILTER_PRESENT: {
165 LDAP_LOG( FILTER, DETAIL1,
166 "get_filter: conn %d PRESENT\n", conn->c_connid, 0, 0 );
168 Debug( LDAP_DEBUG_FILTER, "PRESENT\n", 0, 0, 0 );
170 if ( ber_scanf( ber, "m", &type ) == LBER_ERROR ) {
171 err = SLAPD_DISCONNECT;
172 *text = "error decoding filter";
177 err = slap_bv2ad( &type, &f->f_desc, text );
179 if( err != LDAP_SUCCESS ) {
180 /* unrecognized attribute description or other error */
181 f->f_choice = SLAPD_FILTER_COMPUTED;
182 f->f_result = LDAP_COMPARE_FALSE;
188 case LDAP_FILTER_APPROX:
190 LDAP_LOG( FILTER, DETAIL1,
191 "get_filter: conn %d APPROX\n", conn->c_connid, 0, 0 );
193 Debug( LDAP_DEBUG_FILTER, "APPROX\n", 0, 0, 0 );
195 err = get_ava( ber, &f->f_ava, SLAP_MR_EQUALITY_APPROX, text );
196 if ( err != LDAP_SUCCESS ) {
199 assert( f->f_ava != NULL );
202 case LDAP_FILTER_AND:
204 LDAP_LOG( FILTER, DETAIL1,
205 "get_filter: conn %d AND\n", conn->c_connid, 0, 0 );
207 Debug( LDAP_DEBUG_FILTER, "AND\n", 0, 0, 0 );
209 err = get_filter_list( conn, ber, &f->f_and, text );
210 if ( err != LDAP_SUCCESS ) {
213 assert( f->f_and != NULL );
218 LDAP_LOG( FILTER, DETAIL1,
219 "get_filter: conn %d OR\n", conn->c_connid, 0, 0 );
221 Debug( LDAP_DEBUG_FILTER, "OR\n", 0, 0, 0 );
223 err = get_filter_list( conn, ber, &f->f_or, text );
224 if ( err != LDAP_SUCCESS ) {
227 assert( f->f_or != NULL );
230 case LDAP_FILTER_NOT:
232 LDAP_LOG( FILTER, DETAIL1,
233 "get_filter: conn %d NOT\n", conn->c_connid, 0, 0 );
235 Debug( LDAP_DEBUG_FILTER, "NOT\n", 0, 0, 0 );
237 (void) ber_skip_tag( ber, &len );
238 err = get_filter( conn, ber, &f->f_not, text );
239 if ( err != LDAP_SUCCESS ) {
242 assert( f->f_not != NULL );
245 case LDAP_FILTER_EXT:
247 LDAP_LOG( FILTER, DETAIL1,
248 "get_filter: conn %d EXTENSIBLE\n", conn->c_connid, 0, 0 );
250 Debug( LDAP_DEBUG_FILTER, "EXTENSIBLE\n", 0, 0, 0 );
253 err = get_mra( ber, &f->f_mra, text );
254 if ( err != LDAP_SUCCESS ) {
258 assert( f->f_mra != NULL );
262 (void) ber_scanf( ber, "x" ); /* skip the element */
264 LDAP_LOG( FILTER, ERR,
265 "get_filter: conn %d unknown filter type=%lu\n",
266 conn->c_connid, f->f_choice, 0 );
268 Debug( LDAP_DEBUG_ANY, "get_filter: unknown filter type=%lu\n",
271 f->f_choice = SLAPD_FILTER_COMPUTED;
272 f->f_result = SLAPD_COMPARE_UNDEFINED;
276 if ( err != LDAP_SUCCESS ) {
277 if( err != SLAPD_DISCONNECT ) {
279 f->f_choice = SLAPD_FILTER_COMPUTED;
280 f->f_result = SLAPD_COMPARE_UNDEFINED;
293 LDAP_LOG( FILTER, DETAIL2,
294 "get_filter: conn %d exit\n", conn->c_connid, 0, 0 );
296 Debug( LDAP_DEBUG_FILTER, "end get_filter %d\n", err, 0, 0 );
302 get_filter_list( Connection *conn, BerElement *ber,
313 LDAP_LOG( FILTER, ENTRY,
314 "get_filter_list: conn %d start\n", conn->c_connid, 0, 0 );
316 Debug( LDAP_DEBUG_FILTER, "begin get_filter_list\n", 0, 0, 0 );
319 for ( tag = ber_first_element( ber, &len, &last ); tag != LBER_DEFAULT;
320 tag = ber_next_element( ber, &len, last ) )
322 err = get_filter( conn, ber, new, text );
323 if ( err != LDAP_SUCCESS )
325 new = &(*new)->f_next;
330 LDAP_LOG( FILTER, ENTRY,
331 "get_filter_list: conn %d exit\n", conn->c_connid, 0, 0 );
333 Debug( LDAP_DEBUG_FILTER, "end get_filter_list\n", 0, 0, 0 );
335 return( LDAP_SUCCESS );
339 get_substring_filter(
351 *text = "error decoding filter";
354 LDAP_LOG( FILTER, ENTRY,
355 "get_substring_filter: conn %d begin\n", conn->c_connid, 0, 0 );
357 Debug( LDAP_DEBUG_FILTER, "begin get_substring_filter\n", 0, 0, 0 );
359 if ( ber_scanf( ber, "{m" /*}*/, &bv ) == LBER_ERROR ) {
360 return SLAPD_DISCONNECT;
363 f->f_sub = ch_calloc( 1, sizeof(SubstringsAssertion) );
364 f->f_sub_desc = NULL;
365 rc = slap_bv2ad( &bv, &f->f_sub_desc, text );
367 if( rc != LDAP_SUCCESS ) {
370 f->f_choice = SLAPD_FILTER_COMPUTED;
371 f->f_result = SLAPD_COMPARE_UNDEFINED;
375 f->f_sub_initial.bv_val = NULL;
377 f->f_sub_final.bv_val = NULL;
379 for ( tag = ber_first_element( ber, &len, &last ); tag != LBER_DEFAULT;
380 tag = ber_next_element( ber, &len, last ) )
384 rc = ber_scanf( ber, "m", &value );
385 if ( rc == LBER_ERROR ) {
386 rc = SLAPD_DISCONNECT;
390 if ( value.bv_val == NULL || value.bv_len == 0 ) {
391 rc = LDAP_INVALID_SYNTAX;
396 case LDAP_SUBSTRING_INITIAL:
397 usage = SLAP_MR_SUBSTR_INITIAL;
400 case LDAP_SUBSTRING_ANY:
401 usage = SLAP_MR_SUBSTR_ANY;
404 case LDAP_SUBSTRING_FINAL:
405 usage = SLAP_MR_SUBSTR_FINAL;
409 rc = LDAP_PROTOCOL_ERROR;
412 LDAP_LOG( FILTER, ERR,
413 "get_filter_substring: conn %d unknown substring choice=%ld\n",
414 conn->c_connid, (long)tag, 0 );
416 Debug( LDAP_DEBUG_FILTER,
417 " unknown substring choice=%ld\n",
424 /* validate/normalize using equality matching rule validator! */
425 rc = asserted_value_validate_normalize(
426 f->f_sub_desc, f->f_sub_desc->ad_type->sat_equality,
427 usage, &value, &bv, text );
428 if( rc != LDAP_SUCCESS ) {
432 /* validate using equality matching rule validator! */
433 rc = value_validate( f->f_sub_desc->ad_type->sat_equality,
435 if( rc != LDAP_SUCCESS ) {
439 rc = value_normalize( f->f_sub_desc, usage,
441 if( rc != LDAP_SUCCESS ) {
448 rc = LDAP_PROTOCOL_ERROR;
451 case LDAP_SUBSTRING_INITIAL:
453 LDAP_LOG( FILTER, DETAIL1,
454 "get_substring_filter: conn %d INITIAL\n", conn->c_connid, 0, 0 );
456 Debug( LDAP_DEBUG_FILTER, " INITIAL\n", 0, 0, 0 );
459 if ( f->f_sub_initial.bv_val != NULL
460 || f->f_sub_any != NULL
461 || f->f_sub_final.bv_val != NULL )
463 free( value.bv_val );
467 f->f_sub_initial = value;
470 case LDAP_SUBSTRING_ANY:
472 LDAP_LOG( FILTER, DETAIL1,
473 "get_substring_filter: conn %d ANY\n", conn->c_connid, 0, 0 );
475 Debug( LDAP_DEBUG_FILTER, " ANY\n", 0, 0, 0 );
478 if ( f->f_sub_final.bv_val != NULL ) {
479 free( value.bv_val );
483 ber_bvarray_add( &f->f_sub_any, &value );
486 case LDAP_SUBSTRING_FINAL:
488 LDAP_LOG( FILTER, DETAIL1,
489 "get_substring_filter: conn %d FINAL\n", conn->c_connid, 0, 0 );
491 Debug( LDAP_DEBUG_FILTER, " FINAL\n", 0, 0, 0 );
494 if ( f->f_sub_final.bv_val != NULL ) {
495 free( value.bv_val );
499 f->f_sub_final = value;
504 LDAP_LOG( FILTER, INFO,
505 "get_substring_filter: conn %d unknown substring type %ld\n",
506 conn->c_connid, (long)tag, 0 );
508 Debug( LDAP_DEBUG_FILTER,
509 " unknown substring type=%ld\n",
513 free( value.bv_val );
517 LDAP_LOG( FILTER, INFO,
518 "get_substring_filter: conn %d error %ld\n",
519 conn->c_connid, (long)rc, 0 );
521 Debug( LDAP_DEBUG_FILTER, " error=%ld\n",
524 free( f->f_sub_initial.bv_val );
525 ber_bvarray_free( f->f_sub_any );
526 free( f->f_sub_final.bv_val );
533 LDAP_LOG( FILTER, ENTRY,
534 "get_substring_filter: conn %d exit\n", conn->c_connid, 0, 0 );
536 Debug( LDAP_DEBUG_FILTER, "end get_substring_filter\n", 0, 0, 0 );
538 return( LDAP_SUCCESS );
542 filter_free( Filter *f )
550 switch ( f->f_choice ) {
551 case LDAP_FILTER_PRESENT:
554 case LDAP_FILTER_EQUALITY:
557 case LDAP_FILTER_APPROX:
558 ava_free( f->f_ava, 1 );
561 case LDAP_FILTER_SUBSTRINGS:
562 if ( f->f_sub_initial.bv_val != NULL ) {
563 free( f->f_sub_initial.bv_val );
565 ber_bvarray_free( f->f_sub_any );
566 if ( f->f_sub_final.bv_val != NULL ) {
567 free( f->f_sub_final.bv_val );
572 case LDAP_FILTER_AND:
574 case LDAP_FILTER_NOT:
575 for ( p = f->f_list; p != NULL; p = next ) {
581 case LDAP_FILTER_EXT:
582 mra_free( f->f_mra, 1 );
585 case SLAPD_FILTER_COMPUTED:
590 LDAP_LOG( FILTER, ERR,
591 "filter_free: unknown filter type %lu\n", f->f_choice, 0, 0 );
593 Debug( LDAP_DEBUG_ANY, "filter_free: unknown filter type=%lu\n",
603 filter2bv( Filter *f, struct berval *fstr )
611 ber_str2bv( "No filter!", sizeof("No filter!")-1, 1, fstr );
615 switch ( f->f_choice ) {
616 case LDAP_FILTER_EQUALITY:
617 filter_escape_value( &f->f_av_value, &tmp );
619 fstr->bv_len = f->f_av_desc->ad_cname.bv_len +
620 tmp.bv_len + ( sizeof("(=)") - 1 );
621 fstr->bv_val = ch_malloc( fstr->bv_len + 1 );
623 snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s=%s)",
624 f->f_av_desc->ad_cname.bv_val,
627 ber_memfree( tmp.bv_val );
631 filter_escape_value( &f->f_av_value, &tmp );
633 fstr->bv_len = f->f_av_desc->ad_cname.bv_len +
634 tmp.bv_len + ( sizeof("(>=)") - 1 );
635 fstr->bv_val = ch_malloc( fstr->bv_len + 1 );
637 snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s>=%s)",
638 f->f_av_desc->ad_cname.bv_val,
641 ber_memfree( tmp.bv_val );
645 filter_escape_value( &f->f_av_value, &tmp );
647 fstr->bv_len = f->f_av_desc->ad_cname.bv_len +
648 tmp.bv_len + ( sizeof("(<=)") - 1 );
649 fstr->bv_val = ch_malloc( fstr->bv_len + 1 );
651 snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s<=%s)",
652 f->f_av_desc->ad_cname.bv_val,
655 ber_memfree( tmp.bv_val );
658 case LDAP_FILTER_APPROX:
659 filter_escape_value( &f->f_av_value, &tmp );
661 fstr->bv_len = f->f_av_desc->ad_cname.bv_len +
662 tmp.bv_len + ( sizeof("(~=)") - 1 );
663 fstr->bv_val = ch_malloc( fstr->bv_len + 1 );
665 snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s~=%s)",
666 f->f_av_desc->ad_cname.bv_val,
668 ber_memfree( tmp.bv_val );
671 case LDAP_FILTER_SUBSTRINGS:
672 fstr->bv_len = f->f_sub_desc->ad_cname.bv_len +
673 ( sizeof("(=*)") - 1 );
674 fstr->bv_val = ch_malloc( fstr->bv_len + 128 );
676 snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s=*)",
677 f->f_sub_desc->ad_cname.bv_val );
679 if ( f->f_sub_initial.bv_val != NULL ) {
682 filter_escape_value( &f->f_sub_initial, &tmp );
684 fstr->bv_len += tmp.bv_len;
685 fstr->bv_val = ch_realloc( fstr->bv_val, fstr->bv_len + 1 );
687 snprintf( &fstr->bv_val[len-2], tmp.bv_len+3,
688 /* "(attr=" */ "%s*)",
691 ber_memfree( tmp.bv_val );
694 if ( f->f_sub_any != NULL ) {
695 for ( i = 0; f->f_sub_any[i].bv_val != NULL; i++ ) {
697 filter_escape_value( &f->f_sub_any[i], &tmp );
699 fstr->bv_len += tmp.bv_len + 1;
700 fstr->bv_val = ch_realloc( fstr->bv_val, fstr->bv_len + 1 );
702 snprintf( &fstr->bv_val[len-1], tmp.bv_len+3,
703 /* "(attr=[init]*[any*]" */ "%s*)",
705 ber_memfree( tmp.bv_val );
709 if ( f->f_sub_final.bv_val != NULL ) {
712 filter_escape_value( &f->f_sub_final, &tmp );
714 fstr->bv_len += tmp.bv_len;
715 fstr->bv_val = ch_realloc( fstr->bv_val, fstr->bv_len + 1 );
717 snprintf( &fstr->bv_val[len-1], tmp.bv_len+3,
718 /* "(attr=[init*][any*]" */ "%s)",
721 ber_memfree( tmp.bv_val );
726 case LDAP_FILTER_PRESENT:
727 fstr->bv_len = f->f_desc->ad_cname.bv_len +
728 ( sizeof("(=*)") - 1 );
729 fstr->bv_val = ch_malloc( fstr->bv_len + 1 );
731 snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s=*)",
732 f->f_desc->ad_cname.bv_val );
735 case LDAP_FILTER_AND:
737 case LDAP_FILTER_NOT:
738 fstr->bv_len = sizeof("(%)") - 1;
739 fstr->bv_val = ch_malloc( fstr->bv_len + 128 );
741 snprintf( fstr->bv_val, fstr->bv_len + 1, "(%c)",
742 f->f_choice == LDAP_FILTER_AND ? '&' :
743 f->f_choice == LDAP_FILTER_OR ? '|' : '!' );
745 for ( p = f->f_list; p != NULL; p = p->f_next ) {
748 filter2bv( p, &tmp );
750 fstr->bv_len += tmp.bv_len;
751 fstr->bv_val = ch_realloc( fstr->bv_val, fstr->bv_len + 1 );
753 snprintf( &fstr->bv_val[len-1], tmp.bv_len + 2,
754 /*"("*/ "%s)", tmp.bv_val );
756 ch_free( tmp.bv_val );
761 case LDAP_FILTER_EXT: {
763 filter_escape_value( &f->f_mr_value, &tmp );
765 if ( f->f_mr_desc ) {
766 ad = f->f_mr_desc->ad_cname;
772 fstr->bv_len = ad.bv_len +
773 ( f->f_mr_dnattrs ? sizeof(":dn")-1 : 0 ) +
774 ( f->f_mr_rule_text.bv_len ? f->f_mr_rule_text.bv_len+1 : 0 ) +
775 tmp.bv_len + ( sizeof("(:=)") - 1 );
776 fstr->bv_val = ch_malloc( fstr->bv_len + 1 );
778 snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s%s%s%s:=%s)",
780 f->f_mr_dnattrs ? ":dn" : "",
781 f->f_mr_rule_text.bv_len ? ":" : "",
782 f->f_mr_rule_text.bv_len ? f->f_mr_rule_text.bv_val : "",
784 ber_memfree( tmp.bv_val );
787 case SLAPD_FILTER_COMPUTED:
789 f->f_result == LDAP_COMPARE_FALSE ? "(?=false)" :
790 f->f_result == LDAP_COMPARE_TRUE ? "(?=true)" :
791 f->f_result == SLAPD_COMPARE_UNDEFINED ? "(?=undefined)" :
793 f->f_result == LDAP_COMPARE_FALSE ? sizeof("(?=false)")-1 :
794 f->f_result == LDAP_COMPARE_TRUE ? sizeof("(?=true)")-1 :
795 f->f_result == SLAPD_COMPARE_UNDEFINED ? sizeof("(?=undefined)")-1 :
796 sizeof("(?=error)")-1,
801 ber_str2bv( "(?=unknown)", sizeof("(?=unknown)")-1, 1, fstr );
815 out->bv_val = (char *) ch_malloc( ( in->bv_len * 3 ) + 1 );
818 for( i=0; i < in->bv_len ; i++ ) {
819 if( FILTER_ESCAPE(in->bv_val[i]) ) {
820 out->bv_val[out->bv_len++] = SLAP_ESCAPE_CHAR;
821 out->bv_val[out->bv_len++] = SLAP_ESCAPE_HI( in->bv_val[i] );
822 out->bv_val[out->bv_len++] = SLAP_ESCAPE_LO( in->bv_val[i] );
824 out->bv_val[out->bv_len++] = in->bv_val[i];
828 out->bv_val[out->bv_len] = '\0';
836 ValuesReturnFilter **filt,
842 ValuesReturnFilter *vrf;
845 LDAP_LOG( FILTER, ENTRY,
846 "get_simple_vrFilter: conn %d\n", conn->c_connid, 0, 0 );
848 Debug( LDAP_DEBUG_FILTER, "begin get_simple_vrFilter\n", 0, 0, 0 );
851 tag = ber_peek_tag( ber, &len );
853 if( tag == LBER_ERROR ) {
854 *text = "error decoding filter";
855 return SLAPD_DISCONNECT;
858 vrf = (ValuesReturnFilter *) ch_malloc( sizeof(ValuesReturnFilter) );
859 vrf->vrf_next = NULL;
862 vrf->vrf_choice = tag;
864 switch ( vrf->vrf_choice ) {
865 case LDAP_FILTER_EQUALITY:
867 LDAP_LOG( FILTER, DETAIL2,
868 "get_simple_vrFilter: conn %d EQUALITY\n", conn->c_connid, 0, 0 );
870 Debug( LDAP_DEBUG_FILTER, "EQUALITY\n", 0, 0, 0 );
872 err = get_ava( ber, &vrf->vrf_ava, SLAP_MR_EQUALITY, text );
873 if ( err != LDAP_SUCCESS ) {
877 assert( vrf->vrf_ava != NULL );
880 case LDAP_FILTER_SUBSTRINGS:
882 LDAP_LOG( FILTER, DETAIL1,
883 "get_simple_vrFilter: conn %d SUBSTRINGS\n", conn->c_connid, 0, 0 );
885 Debug( LDAP_DEBUG_FILTER, "SUBSTRINGS\n", 0, 0, 0 );
887 err = get_substring_filter( conn, ber, (Filter *)vrf, text );
892 LDAP_LOG( FILTER, DETAIL1,
893 "get_simple_vrFilter: conn %d GE\n", conn->c_connid, 0, 0 );
895 Debug( LDAP_DEBUG_FILTER, "GE\n", 0, 0, 0 );
897 err = get_ava( ber, &vrf->vrf_ava, SLAP_MR_ORDERING, text );
898 if ( err != LDAP_SUCCESS ) {
905 LDAP_LOG( FILTER, DETAIL1,
906 "get_simple_vrFilter: conn %d LE\n", conn->c_connid, 0, 0 );
908 Debug( LDAP_DEBUG_FILTER, "LE\n", 0, 0, 0 );
910 err = get_ava( ber, &vrf->vrf_ava, SLAP_MR_ORDERING, text );
911 if ( err != LDAP_SUCCESS ) {
916 case LDAP_FILTER_PRESENT: {
920 LDAP_LOG( FILTER, DETAIL1,
921 "get_simple_vrFilter: conn %d PRESENT\n", conn->c_connid, 0, 0 );
923 Debug( LDAP_DEBUG_FILTER, "PRESENT\n", 0, 0, 0 );
925 if ( ber_scanf( ber, "m", &type ) == LBER_ERROR ) {
926 err = SLAPD_DISCONNECT;
927 *text = "error decoding filter";
931 vrf->vrf_desc = NULL;
932 err = slap_bv2ad( &type, &vrf->vrf_desc, text );
934 if( err != LDAP_SUCCESS ) {
935 /* unrecognized attribute description or other error */
936 vrf->vrf_choice = SLAPD_FILTER_COMPUTED;
937 vrf->vrf_result = LDAP_COMPARE_FALSE;
943 case LDAP_FILTER_APPROX:
945 LDAP_LOG( FILTER, DETAIL1,
946 "get_simple_vrFilter: conn %d APPROX\n", conn->c_connid, 0, 0 );
948 Debug( LDAP_DEBUG_FILTER, "APPROX\n", 0, 0, 0 );
950 err = get_ava( ber, &vrf->vrf_ava, SLAP_MR_EQUALITY_APPROX, text );
951 if ( err != LDAP_SUCCESS ) {
956 case LDAP_FILTER_EXT:
958 LDAP_LOG( FILTER, DETAIL1,
959 "get_simple_vrFilter: conn %d EXTENSIBLE\n", conn->c_connid, 0, 0 );
961 Debug( LDAP_DEBUG_FILTER, "EXTENSIBLE\n", 0, 0, 0 );
964 err = get_mra( ber, &vrf->vrf_mra, text );
965 if ( err != LDAP_SUCCESS ) {
969 assert( vrf->vrf_mra != NULL );
973 (void) ber_scanf( ber, "x" ); /* skip the element */
975 LDAP_LOG( FILTER, ERR,
976 "get_simple_vrFilter: conn %d unknown filter type=%lu\n",
977 conn->c_connid, vrf->vrf_choice, 0 );
979 Debug( LDAP_DEBUG_ANY, "get_simple_vrFilter: unknown filter type=%lu\n",
980 vrf->vrf_choice, 0, 0 );
982 vrf->vrf_choice = SLAPD_FILTER_COMPUTED;
983 vrf->vrf_result = SLAPD_COMPARE_UNDEFINED;
987 if ( err != LDAP_SUCCESS ) {
988 if( err != SLAPD_DISCONNECT ) {
990 vrf->vrf_choice = SLAPD_FILTER_COMPUTED;
991 vrf->vrf_result = SLAPD_COMPARE_UNDEFINED;
1004 LDAP_LOG( FILTER, DETAIL2,
1005 "get_simple_vrFilter: conn %d exit\n", conn->c_connid, 0, 0 );
1007 Debug( LDAP_DEBUG_FILTER, "end get_simple_vrFilter %d\n", err, 0, 0 );
1013 get_vrFilter( Connection *conn, BerElement *ber,
1014 ValuesReturnFilter **vrf,
1018 * A ValuesReturnFilter looks like this:
1020 * ValuesReturnFilter ::= SEQUENCE OF SimpleFilterItem
1021 * SimpleFilterItem ::= CHOICE {
1022 * equalityMatch [3] AttributeValueAssertion,
1023 * substrings [4] SubstringFilter,
1024 * greaterOrEqual [5] AttributeValueAssertion,
1025 * lessOrEqual [6] AttributeValueAssertion,
1026 * present [7] AttributeType,
1027 * approxMatch [8] AttributeValueAssertion,
1028 * extensibleMatch [9] SimpleMatchingAssertion -- LDAPv3
1031 * SubstringFilter ::= SEQUENCE {
1032 * type AttributeType,
1033 * SEQUENCE OF CHOICE {
1034 * initial [0] IA5String,
1035 * any [1] IA5String,
1036 * final [2] IA5String
1040 * SimpleMatchingAssertion ::= SEQUENCE { -- LDAPv3
1041 * matchingRule [1] MatchingRuleId OPTIONAL,
1042 * type [2] AttributeDescription OPTIONAL,
1043 * matchValue [3] AssertionValue }
1046 ValuesReturnFilter **n;
1052 LDAP_LOG( FILTER, ENTRY,
1053 "get_vrFilter: conn %d start\n", conn->c_connid, 0, 0 );
1055 Debug( LDAP_DEBUG_FILTER, "begin get_vrFilter\n", 0, 0, 0 );
1058 tag = ber_peek_tag( ber, &len );
1060 if( tag == LBER_ERROR ) {
1061 *text = "error decoding vrFilter";
1062 return SLAPD_DISCONNECT;
1065 if( tag != LBER_SEQUENCE ) {
1066 *text = "error decoding vrFilter, expect SEQUENCE tag";
1067 return SLAPD_DISCONNECT;
1071 for ( tag = ber_first_element( ber, &len, &last );
1072 tag != LBER_DEFAULT;
1073 tag = ber_next_element( ber, &len, last ) )
1075 int err = get_simple_vrFilter( conn, ber, n, text );
1076 if ( err != LDAP_SUCCESS )
1078 n = &(*n)->vrf_next;
1083 LDAP_LOG( FILTER, ENTRY,
1084 "get_vrFilter: conn %d exit\n", conn->c_connid, 0, 0 );
1086 Debug( LDAP_DEBUG_FILTER, "end get_vrFilter\n", 0, 0, 0 );
1088 return( LDAP_SUCCESS );
1092 vrFilter_free( ValuesReturnFilter *vrf )
1094 ValuesReturnFilter *p, *next;
1096 if ( vrf == NULL ) {
1100 for ( p = vrf; p != NULL; p = next ) {
1103 switch ( vrf->vrf_choice ) {
1104 case LDAP_FILTER_PRESENT:
1107 case LDAP_FILTER_EQUALITY:
1108 case LDAP_FILTER_GE:
1109 case LDAP_FILTER_LE:
1110 case LDAP_FILTER_APPROX:
1111 ava_free( vrf->vrf_ava, 1 );
1114 case LDAP_FILTER_SUBSTRINGS:
1115 if ( vrf->vrf_sub_initial.bv_val != NULL ) {
1116 free( vrf->vrf_sub_initial.bv_val );
1118 ber_bvarray_free( vrf->vrf_sub_any );
1119 if ( vrf->vrf_sub_final.bv_val != NULL ) {
1120 free( vrf->vrf_sub_final.bv_val );
1122 ch_free( vrf->vrf_sub );
1125 case LDAP_FILTER_EXT:
1126 mra_free( vrf->vrf_mra, 1 );
1129 case SLAPD_FILTER_COMPUTED:
1134 LDAP_LOG( FILTER, ERR,
1135 "filter_free: unknown filter type %lu\n", vrf->vrf_choice, 0, 0 );
1137 Debug( LDAP_DEBUG_ANY, "filter_free: unknown filter type=%lu\n",
1138 vrf->vrf_choice, 0, 0 );
1149 vrFilter2bv( ValuesReturnFilter *vrf, struct berval *fstr )
1151 ValuesReturnFilter *p;
1155 if ( vrf == NULL ) {
1156 ber_str2bv( "No filter!", sizeof("No filter!")-1, 1, fstr );
1160 fstr->bv_len = sizeof("()") - 1;
1161 fstr->bv_val = ch_malloc( fstr->bv_len + 128 );
1163 snprintf( fstr->bv_val, fstr->bv_len + 1, "()");
1165 for ( p = vrf; p != NULL; p = p->vrf_next ) {
1168 simple_vrFilter2bv( p, &tmp );
1170 fstr->bv_len += tmp.bv_len;
1171 fstr->bv_val = ch_realloc( fstr->bv_val, fstr->bv_len + 1 );
1173 snprintf( &fstr->bv_val[len-1], tmp.bv_len + 2,
1174 /*"("*/ "%s)", tmp.bv_val );
1176 ch_free( tmp.bv_val );
1181 simple_vrFilter2bv( ValuesReturnFilter *vrf, struct berval *fstr )
1186 if ( vrf == NULL ) {
1187 ber_str2bv( "No filter!", sizeof("No filter!")-1, 1, fstr );
1191 switch ( vrf->vrf_choice ) {
1192 case LDAP_FILTER_EQUALITY:
1193 filter_escape_value( &vrf->vrf_av_value, &tmp );
1195 fstr->bv_len = vrf->vrf_av_desc->ad_cname.bv_len +
1196 tmp.bv_len + ( sizeof("(=)") - 1 );
1197 fstr->bv_val = ch_malloc( fstr->bv_len + 1 );
1199 snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s=%s)",
1200 vrf->vrf_av_desc->ad_cname.bv_val,
1203 ber_memfree( tmp.bv_val );
1206 case LDAP_FILTER_GE:
1207 filter_escape_value( &vrf->vrf_av_value, &tmp );
1209 fstr->bv_len = vrf->vrf_av_desc->ad_cname.bv_len +
1210 tmp.bv_len + ( sizeof("(>=)") - 1 );
1211 fstr->bv_val = ch_malloc( fstr->bv_len + 1 );
1213 snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s>=%s)",
1214 vrf->vrf_av_desc->ad_cname.bv_val,
1217 ber_memfree( tmp.bv_val );
1220 case LDAP_FILTER_LE:
1221 filter_escape_value( &vrf->vrf_av_value, &tmp );
1223 fstr->bv_len = vrf->vrf_av_desc->ad_cname.bv_len +
1224 tmp.bv_len + ( sizeof("(<=)") - 1 );
1225 fstr->bv_val = ch_malloc( fstr->bv_len + 1 );
1227 snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s<=%s)",
1228 vrf->vrf_av_desc->ad_cname.bv_val,
1231 ber_memfree( tmp.bv_val );
1234 case LDAP_FILTER_APPROX:
1235 filter_escape_value( &vrf->vrf_av_value, &tmp );
1237 fstr->bv_len = vrf->vrf_av_desc->ad_cname.bv_len +
1238 tmp.bv_len + ( sizeof("(~=)") - 1 );
1239 fstr->bv_val = ch_malloc( fstr->bv_len + 1 );
1241 snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s~=%s)",
1242 vrf->vrf_av_desc->ad_cname.bv_val,
1244 ber_memfree( tmp.bv_val );
1247 case LDAP_FILTER_SUBSTRINGS:
1248 fstr->bv_len = vrf->vrf_sub_desc->ad_cname.bv_len +
1249 ( sizeof("(=*)") - 1 );
1250 fstr->bv_val = ch_malloc( fstr->bv_len + 128 );
1252 snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s=*)",
1253 vrf->vrf_sub_desc->ad_cname.bv_val );
1255 if ( vrf->vrf_sub_initial.bv_val != NULL ) {
1258 filter_escape_value( &vrf->vrf_sub_initial, &tmp );
1260 fstr->bv_len += tmp.bv_len;
1261 fstr->bv_val = ch_realloc( fstr->bv_val, fstr->bv_len + 1 );
1263 snprintf( &fstr->bv_val[len-2], tmp.bv_len+3,
1264 /* "(attr=" */ "%s*)",
1267 ber_memfree( tmp.bv_val );
1270 if ( vrf->vrf_sub_any != NULL ) {
1272 for ( i = 0; vrf->vrf_sub_any[i].bv_val != NULL; i++ ) {
1274 filter_escape_value( &vrf->vrf_sub_any[i], &tmp );
1276 fstr->bv_len += tmp.bv_len + 1;
1277 fstr->bv_val = ch_realloc( fstr->bv_val, fstr->bv_len + 1 );
1279 snprintf( &fstr->bv_val[len-1], tmp.bv_len+3,
1280 /* "(attr=[init]*[any*]" */ "%s*)",
1282 ber_memfree( tmp.bv_val );
1286 if ( vrf->vrf_sub_final.bv_val != NULL ) {
1289 filter_escape_value( &vrf->vrf_sub_final, &tmp );
1291 fstr->bv_len += tmp.bv_len;
1292 fstr->bv_val = ch_realloc( fstr->bv_val, fstr->bv_len + 1 );
1294 snprintf( &fstr->bv_val[len-1], tmp.bv_len+3,
1295 /* "(attr=[init*][any*]" */ "%s)",
1298 ber_memfree( tmp.bv_val );
1303 case LDAP_FILTER_PRESENT:
1304 fstr->bv_len = vrf->vrf_desc->ad_cname.bv_len +
1305 ( sizeof("(=*)") - 1 );
1306 fstr->bv_val = ch_malloc( fstr->bv_len + 1 );
1308 snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s=*)",
1309 vrf->vrf_desc->ad_cname.bv_val );
1312 case LDAP_FILTER_EXT: {
1314 filter_escape_value( &vrf->vrf_mr_value, &tmp );
1316 if ( vrf->vrf_mr_desc ) {
1317 ad = vrf->vrf_mr_desc->ad_cname;
1323 fstr->bv_len = ad.bv_len +
1324 ( vrf->vrf_mr_dnattrs ? sizeof(":dn")-1 : 0 ) +
1325 ( vrf->vrf_mr_rule_text.bv_len ? vrf->vrf_mr_rule_text.bv_len+1 : 0 ) +
1326 tmp.bv_len + ( sizeof("(:=)") - 1 );
1327 fstr->bv_val = ch_malloc( fstr->bv_len + 1 );
1329 snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s%s%s%s:=%s)",
1331 vrf->vrf_mr_dnattrs ? ":dn" : "",
1332 vrf->vrf_mr_rule_text.bv_len ? ":" : "",
1333 vrf->vrf_mr_rule_text.bv_len ? vrf->vrf_mr_rule_text.bv_val : "",
1336 ber_memfree( tmp.bv_val );
1339 case SLAPD_FILTER_COMPUTED:
1341 vrf->vrf_result == LDAP_COMPARE_FALSE ? "(?=false)" :
1342 vrf->vrf_result == LDAP_COMPARE_TRUE ? "(?=true)" :
1343 vrf->vrf_result == SLAPD_COMPARE_UNDEFINED ? "(?=undefined)" :
1345 vrf->vrf_result == LDAP_COMPARE_FALSE ? sizeof("(?=false)")-1 :
1346 vrf->vrf_result == LDAP_COMPARE_TRUE ? sizeof("(?=true)")-1 :
1347 vrf->vrf_result == SLAPD_COMPARE_UNDEFINED ? sizeof("(?=undefined)")-1 :
1348 sizeof("(?=error)")-1,
1353 ber_str2bv( "(?=unknown)", sizeof("(?=unknown)")-1, 1, fstr );
1359 get_substring_vrFilter(
1362 ValuesReturnFilter *vrf,
1368 struct berval value;
1371 *text = "error decoding filter";
1374 LDAP_LOG( FILTER, ENTRY,
1375 "get_substring_filter: conn %d begin\n", conn->c_connid, 0, 0 );
1377 Debug( LDAP_DEBUG_FILTER, "begin get_substring_filter\n", 0, 0, 0 );
1379 if ( ber_scanf( ber, "{m" /*}*/, &bv ) == LBER_ERROR ) {
1380 return SLAPD_DISCONNECT;
1383 vrf->vrf_sub = ch_calloc( 1, sizeof(SubstringsAssertion) );
1384 vrf->vrf_sub_desc = NULL;
1385 rc = slap_bv2ad( &bv, &vrf->vrf_sub_desc, text );
1387 if( rc != LDAP_SUCCESS ) {
1389 ch_free( vrf->vrf_sub );
1390 vrf->vrf_choice = SLAPD_FILTER_COMPUTED;
1391 vrf->vrf_result = SLAPD_COMPARE_UNDEFINED;
1392 return LDAP_SUCCESS;
1395 vrf->vrf_sub_initial.bv_val = NULL;
1396 vrf->vrf_sub_any = NULL;
1397 vrf->vrf_sub_final.bv_val = NULL;
1399 for ( tag = ber_first_element( ber, &len, &last ); tag != LBER_DEFAULT;
1400 tag = ber_next_element( ber, &len, last ) )
1404 rc = ber_scanf( ber, "m", &value );
1405 if ( rc == LBER_ERROR ) {
1406 rc = SLAPD_DISCONNECT;
1410 if ( value.bv_val == NULL || value.bv_len == 0 ) {
1411 rc = LDAP_INVALID_SYNTAX;
1416 case LDAP_SUBSTRING_INITIAL:
1417 usage = SLAP_MR_SUBSTR_INITIAL;
1420 case LDAP_SUBSTRING_ANY:
1421 usage = SLAP_MR_SUBSTR_ANY;
1424 case LDAP_SUBSTRING_FINAL:
1425 usage = SLAP_MR_SUBSTR_FINAL;
1429 rc = LDAP_PROTOCOL_ERROR;
1432 LDAP_LOG( FILTER, ERR,
1433 "get_filter_substring: conn %d unknown substring choice=%ld\n",
1434 conn->c_connid, (long)tag, 0 );
1436 Debug( LDAP_DEBUG_FILTER,
1437 " unknown substring choice=%ld\n",
1444 /* validate/normalize using equality matching rule validator! */
1445 rc = asserted_value_validate_normalize(
1446 vrf->vrf_sub_desc, vrf->vrf_sub_desc->ad_type->sat_equality,
1447 usage, &value, &bv, text );
1448 if( rc != LDAP_SUCCESS ) {
1452 /* valiate using equality matching rule validator! */
1453 rc = value_validate( vrf->vrf_sub_desc->ad_type->sat_equality,
1455 if( rc != LDAP_SUCCESS ) {
1459 rc = value_normalize( vrf->vrf_sub_desc, usage,
1460 &value, &bv, text );
1461 if( rc != LDAP_SUCCESS ) {
1468 rc = LDAP_PROTOCOL_ERROR;
1471 case LDAP_SUBSTRING_INITIAL:
1473 LDAP_LOG( FILTER, DETAIL1,
1474 "get_substring_filter: conn %d INITIAL\n",
1475 conn->c_connid, 0, 0 );
1477 Debug( LDAP_DEBUG_FILTER, " INITIAL\n", 0, 0, 0 );
1480 if ( vrf->vrf_sub_initial.bv_val != NULL
1481 || vrf->vrf_sub_any != NULL
1482 || vrf->vrf_sub_final.bv_val != NULL )
1484 free( value.bv_val );
1488 vrf->vrf_sub_initial = value;
1491 case LDAP_SUBSTRING_ANY:
1493 LDAP_LOG( FILTER, DETAIL1,
1494 "get_substring_filter: conn %d ANY\n", conn->c_connid, 0, 0 );
1496 Debug( LDAP_DEBUG_FILTER, " ANY\n", 0, 0, 0 );
1499 if ( vrf->vrf_sub_final.bv_val != NULL ) {
1500 free( value.bv_val );
1504 ber_bvarray_add( &vrf->vrf_sub_any, &value );
1507 case LDAP_SUBSTRING_FINAL:
1509 LDAP_LOG( FILTER, DETAIL1,
1510 "get_substring_filter: conn %d FINAL\n", conn->c_connid, 0, 0 );
1512 Debug( LDAP_DEBUG_FILTER, " FINAL\n", 0, 0, 0 );
1515 if ( vrf->vrf_sub_final.bv_val != NULL ) {
1516 free( value.bv_val );
1520 vrf->vrf_sub_final = value;
1525 LDAP_LOG( FILTER, INFO,
1526 "get_substring_filter: conn %d unknown substring type %ld\n",
1527 conn->c_connid, (long)tag, 0 );
1529 Debug( LDAP_DEBUG_FILTER,
1530 " unknown substring type=%ld\n",
1534 free( value.bv_val );
1538 LDAP_LOG( FILTER, INFO,
1539 "get_substring_filter: conn %d error %ld\n",
1540 conn->c_connid, (long)rc, 0 );
1542 Debug( LDAP_DEBUG_FILTER, " error=%ld\n",
1545 free( vrf->vrf_sub_initial.bv_val );
1546 ber_bvarray_free( vrf->vrf_sub_any );
1547 free( vrf->vrf_sub_final.bv_val );
1548 ch_free( vrf->vrf_sub );
1554 LDAP_LOG( FILTER, ENTRY,
1555 "get_substring_filter: conn %d exit\n", conn->c_connid, 0, 0 );
1557 Debug( LDAP_DEBUG_FILTER, "end get_substring_filter\n", 0, 0, 0 );
1559 return( LDAP_SUCCESS );