1 /* filter.c - routines for parsing and dealing with filters */
4 * Copyright 1998-2003 The OpenLDAP Foundation, All Rights Reserved.
5 * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
12 #include <ac/socket.h>
13 #include <ac/string.h>
17 static int get_filter_list(
26 SubstringsAssertion **s,
29 static void simple_vrFilter2bv(
30 ValuesReturnFilter *f,
31 struct berval *fstr );
33 static int get_simple_vrFilter(
36 ValuesReturnFilter **f,
52 LDAP_LOG( FILTER, ENTRY, "get_filter: conn %d\n", conn->c_connid, 0, 0 );
54 Debug( LDAP_DEBUG_FILTER, "begin get_filter\n", 0, 0, 0 );
57 * A filter looks like this coming in:
59 * and [0] SET OF Filter,
60 * or [1] SET OF Filter,
62 * equalityMatch [3] AttributeValueAssertion,
63 * substrings [4] SubstringFilter,
64 * greaterOrEqual [5] AttributeValueAssertion,
65 * lessOrEqual [6] AttributeValueAssertion,
66 * present [7] AttributeType,,
67 * approxMatch [8] AttributeValueAssertion
68 * extensibleMatch [9] MatchingRuleAssertion
71 * SubstringFilter ::= SEQUENCE {
73 * SEQUENCE OF CHOICE {
74 * initial [0] IA5String,
80 * MatchingRuleAssertion ::= SEQUENCE {
81 * matchingRule [1] MatchingRuleId OPTIONAL,
82 * type [2] AttributeDescription OPTIONAL,
83 * matchValue [3] AssertionValue,
84 * dnAttributes [4] BOOLEAN DEFAULT FALSE
89 tag = ber_peek_tag( ber, &len );
91 if( tag == LBER_ERROR ) {
92 *text = "error decoding filter";
93 return SLAPD_DISCONNECT;
101 switch ( f.f_choice ) {
102 case LDAP_FILTER_EQUALITY:
104 LDAP_LOG( FILTER, DETAIL2,
105 "get_filter: conn %d EQUALITY\n", conn->c_connid, 0, 0 );
107 Debug( LDAP_DEBUG_FILTER, "EQUALITY\n", 0, 0, 0 );
109 err = get_ava( ber, &f.f_ava, SLAP_MR_EQUALITY, text );
110 if ( err != LDAP_SUCCESS ) {
114 assert( f.f_ava != NULL );
117 case LDAP_FILTER_SUBSTRINGS:
119 LDAP_LOG( FILTER, DETAIL1,
120 "get_filter: conn %d SUBSTRINGS\n", conn->c_connid, 0, 0 );
122 Debug( LDAP_DEBUG_FILTER, "SUBSTRINGS\n", 0, 0, 0 );
124 err = get_ssa( conn, ber, &f.f_sub, text );
125 if( err != LDAP_SUCCESS ) {
128 assert( f.f_sub != NULL );
133 LDAP_LOG( FILTER, DETAIL1,
134 "get_filter: conn %d GE\n", conn->c_connid, 0, 0 );
136 Debug( LDAP_DEBUG_FILTER, "GE\n", 0, 0, 0 );
138 err = get_ava( ber, &f.f_ava, SLAP_MR_ORDERING, text );
139 if ( err != LDAP_SUCCESS ) {
142 assert( f.f_ava != NULL );
147 LDAP_LOG( FILTER, DETAIL1,
148 "get_filter: conn %d LE\n", conn->c_connid, 0, 0 );
150 Debug( LDAP_DEBUG_FILTER, "LE\n", 0, 0, 0 );
152 err = get_ava( ber, &f.f_ava, SLAP_MR_ORDERING, text );
153 if ( err != LDAP_SUCCESS ) {
156 assert( f.f_ava != NULL );
159 case LDAP_FILTER_PRESENT: {
163 LDAP_LOG( FILTER, DETAIL1,
164 "get_filter: conn %d PRESENT\n", conn->c_connid, 0, 0 );
166 Debug( LDAP_DEBUG_FILTER, "PRESENT\n", 0, 0, 0 );
168 if ( ber_scanf( ber, "m", &type ) == LBER_ERROR ) {
169 err = SLAPD_DISCONNECT;
170 *text = "error decoding filter";
175 err = slap_bv2ad( &type, &f.f_desc, text );
177 if( err != LDAP_SUCCESS ) {
178 /* unrecognized attribute description or other error */
179 f.f_choice = SLAPD_FILTER_COMPUTED;
180 f.f_result = LDAP_COMPARE_FALSE;
186 assert( f.f_desc != NULL );
189 case LDAP_FILTER_APPROX:
191 LDAP_LOG( FILTER, DETAIL1,
192 "get_filter: conn %d APPROX\n", conn->c_connid, 0, 0 );
194 Debug( LDAP_DEBUG_FILTER, "APPROX\n", 0, 0, 0 );
196 err = get_ava( ber, &f.f_ava, SLAP_MR_EQUALITY_APPROX, text );
197 if ( err != LDAP_SUCCESS ) {
200 assert( f.f_ava != NULL );
203 case LDAP_FILTER_AND:
205 LDAP_LOG( FILTER, DETAIL1,
206 "get_filter: conn %d AND\n", conn->c_connid, 0, 0 );
208 Debug( LDAP_DEBUG_FILTER, "AND\n", 0, 0, 0 );
210 err = get_filter_list( conn, ber, &f.f_and, text );
211 if ( err != LDAP_SUCCESS ) {
214 /* no assert - list could be empty */
219 LDAP_LOG( FILTER, DETAIL1,
220 "get_filter: conn %d OR\n", conn->c_connid, 0, 0 );
222 Debug( LDAP_DEBUG_FILTER, "OR\n", 0, 0, 0 );
224 err = get_filter_list( conn, ber, &f.f_or, text );
225 if ( err != LDAP_SUCCESS ) {
228 /* no assert - list could be empty */
231 case LDAP_FILTER_NOT:
233 LDAP_LOG( FILTER, DETAIL1,
234 "get_filter: conn %d NOT\n", conn->c_connid, 0, 0 );
236 Debug( LDAP_DEBUG_FILTER, "NOT\n", 0, 0, 0 );
238 (void) ber_skip_tag( ber, &len );
239 err = get_filter( conn, ber, &f.f_not, text );
240 if ( err != LDAP_SUCCESS ) {
244 assert( f.f_not != NULL );
247 case LDAP_FILTER_EXT:
249 LDAP_LOG( FILTER, DETAIL1,
250 "get_filter: conn %d EXTENSIBLE\n", conn->c_connid, 0, 0 );
252 Debug( LDAP_DEBUG_FILTER, "EXTENSIBLE\n", 0, 0, 0 );
255 err = get_mra( ber, &f.f_mra, text );
256 if ( err != LDAP_SUCCESS ) {
260 assert( f.f_mra != NULL );
264 (void) ber_scanf( ber, "x" ); /* skip the element */
266 LDAP_LOG( FILTER, ERR,
267 "get_filter: conn %d unknown filter type=%lu\n",
268 conn->c_connid, f.f_choice, 0 );
270 Debug( LDAP_DEBUG_ANY, "get_filter: unknown filter type=%lu\n",
273 f.f_choice = SLAPD_FILTER_COMPUTED;
274 f.f_result = SLAPD_COMPARE_UNDEFINED;
278 if( err != LDAP_SUCCESS && err != SLAPD_DISCONNECT ) {
280 f.f_choice = SLAPD_FILTER_COMPUTED;
281 f.f_result = SLAPD_COMPARE_UNDEFINED;
285 if ( err == LDAP_SUCCESS ) {
286 *filt = ch_malloc( sizeof(f) );
291 LDAP_LOG( FILTER, DETAIL2,
292 "get_filter: conn %d exit\n", conn->c_connid, 0, 0 );
294 Debug( LDAP_DEBUG_FILTER, "end get_filter %d\n", err, 0, 0 );
301 get_filter_list( Connection *conn, BerElement *ber,
312 LDAP_LOG( FILTER, ENTRY,
313 "get_filter_list: conn %d start\n", conn->c_connid, 0, 0 );
315 Debug( LDAP_DEBUG_FILTER, "begin get_filter_list\n", 0, 0, 0 );
318 for ( tag = ber_first_element( ber, &len, &last );
320 tag = ber_next_element( ber, &len, last ) )
322 err = get_filter( conn, ber, new, text );
323 if ( err != LDAP_SUCCESS )
325 new = &(*new)->f_next;
330 LDAP_LOG( FILTER, ENTRY,
331 "get_filter_list: conn %d exit\n", conn->c_connid, 0, 0 );
333 Debug( LDAP_DEBUG_FILTER, "end get_filter_list\n", 0, 0, 0 );
335 return( LDAP_SUCCESS );
342 SubstringsAssertion **out,
348 struct berval desc, value, nvalue;
350 SubstringsAssertion ssa;
352 *text = "error decoding filter";
355 LDAP_LOG( FILTER, ENTRY,
356 "get_ssa: conn %d begin\n", conn->c_connid, 0, 0 );
358 Debug( LDAP_DEBUG_FILTER, "begin get_ssa\n", 0, 0, 0 );
360 if ( ber_scanf( ber, "{m" /*}*/, &desc ) == LBER_ERROR ) {
361 return SLAPD_DISCONNECT;
367 ssa.sa_initial.bv_val = NULL;
369 ssa.sa_final.bv_val = NULL;
371 rc = slap_bv2ad( &desc, &ssa.sa_desc, text );
373 if( rc != LDAP_SUCCESS ) {
377 rc = LDAP_PROTOCOL_ERROR;
379 for ( tag = ber_first_element( ber, &len, &last );
381 tag = ber_next_element( ber, &len, last ) )
385 rc = ber_scanf( ber, "m", &value );
386 if ( rc == LBER_ERROR ) {
387 rc = SLAPD_DISCONNECT;
391 if ( value.bv_val == NULL || value.bv_len == 0 ) {
392 rc = LDAP_INVALID_SYNTAX;
397 case LDAP_SUBSTRING_INITIAL:
398 usage = SLAP_MR_SUBSTR_INITIAL;
401 case LDAP_SUBSTRING_ANY:
402 usage = SLAP_MR_SUBSTR_ANY;
405 case LDAP_SUBSTRING_FINAL:
406 usage = SLAP_MR_SUBSTR_FINAL;
410 rc = LDAP_PROTOCOL_ERROR;
413 LDAP_LOG( FILTER, ERR,
414 "get_filter_substring: conn %d unknown substring choice=%ld\n",
415 conn->c_connid, (long)tag, 0 );
417 Debug( LDAP_DEBUG_FILTER,
418 " unknown substring choice=%ld\n",
425 /* validate/normalize using equality matching rule validator! */
426 rc = asserted_value_validate_normalize(
427 ssa.sa_desc, ssa.sa_desc->ad_type->sat_equality,
428 usage, &value, &nvalue, text );
430 if( rc != LDAP_SUCCESS ) {
434 rc = LDAP_PROTOCOL_ERROR;
437 case LDAP_SUBSTRING_INITIAL:
439 LDAP_LOG( FILTER, DETAIL1,
440 "get_ssa: conn %d INITIAL\n",
441 conn->c_connid, 0, 0 );
443 Debug( LDAP_DEBUG_FILTER, " INITIAL\n", 0, 0, 0 );
446 if ( ssa.sa_initial.bv_val != NULL
447 || ssa.sa_any != NULL
448 || ssa.sa_final.bv_val != NULL )
450 free( nvalue.bv_val );
454 ssa.sa_initial = nvalue;
457 case LDAP_SUBSTRING_ANY:
459 LDAP_LOG( FILTER, DETAIL1,
460 "get_ssa: conn %d ANY\n",
461 conn->c_connid, 0, 0 );
463 Debug( LDAP_DEBUG_FILTER, " ANY\n", 0, 0, 0 );
466 if ( ssa.sa_final.bv_val != NULL ) {
467 free( nvalue.bv_val );
471 ber_bvarray_add( &ssa.sa_any, &nvalue );
474 case LDAP_SUBSTRING_FINAL:
476 LDAP_LOG( FILTER, DETAIL1,
477 "get_ssa: conn %d FINAL\n",
478 conn->c_connid, 0, 0 );
480 Debug( LDAP_DEBUG_FILTER, " FINAL\n", 0, 0, 0 );
483 if ( ssa.sa_final.bv_val != NULL ) {
484 free( nvalue.bv_val );
488 ssa.sa_final = nvalue;
493 LDAP_LOG( FILTER, INFO,
494 "get_ssa: conn %d unknown substring type %ld\n",
495 conn->c_connid, (long)tag, 0 );
497 Debug( LDAP_DEBUG_FILTER,
498 " unknown substring type=%ld\n",
503 free( nvalue.bv_val );
507 LDAP_LOG( FILTER, INFO,
508 "get_ssa: conn %d error %ld\n",
509 conn->c_connid, (long)rc, 0 );
511 Debug( LDAP_DEBUG_FILTER, " error=%ld\n",
514 free( ssa.sa_initial.bv_val );
515 ber_bvarray_free( ssa.sa_any );
516 free( ssa.sa_final.bv_val );
523 if( rc == LDAP_SUCCESS ) {
524 *out = ch_malloc( sizeof( ssa ) );
529 LDAP_LOG( FILTER, ENTRY,
530 "get_ssa: conn %d exit\n", conn->c_connid, 0, 0 );
532 Debug( LDAP_DEBUG_FILTER, "end get_ssa\n", 0, 0, 0 );
539 filter_free( Filter *f )
547 switch ( f->f_choice ) {
548 case LDAP_FILTER_PRESENT:
551 case LDAP_FILTER_EQUALITY:
554 case LDAP_FILTER_APPROX:
555 ava_free( f->f_ava, 1 );
558 case LDAP_FILTER_SUBSTRINGS:
559 if ( f->f_sub_initial.bv_val != NULL ) {
560 free( f->f_sub_initial.bv_val );
562 ber_bvarray_free( f->f_sub_any );
563 if ( f->f_sub_final.bv_val != NULL ) {
564 free( f->f_sub_final.bv_val );
569 case LDAP_FILTER_AND:
571 case LDAP_FILTER_NOT:
572 for ( p = f->f_list; p != NULL; p = next ) {
578 case LDAP_FILTER_EXT:
579 mra_free( f->f_mra, 1 );
582 case SLAPD_FILTER_COMPUTED:
587 LDAP_LOG( FILTER, ERR,
588 "filter_free: unknown filter type %lu\n", f->f_choice, 0, 0 );
590 Debug( LDAP_DEBUG_ANY, "filter_free: unknown filter type=%lu\n",
600 filter2bv( Filter *f, struct berval *fstr )
608 ber_str2bv( "No filter!", sizeof("No filter!")-1, 1, fstr );
612 switch ( f->f_choice ) {
613 case LDAP_FILTER_EQUALITY:
614 filter_escape_value( &f->f_av_value, &tmp );
616 fstr->bv_len = f->f_av_desc->ad_cname.bv_len +
617 tmp.bv_len + ( sizeof("(=)") - 1 );
618 fstr->bv_val = ch_malloc( fstr->bv_len + 1 );
620 snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s=%s)",
621 f->f_av_desc->ad_cname.bv_val,
624 ber_memfree( tmp.bv_val );
628 filter_escape_value( &f->f_av_value, &tmp );
630 fstr->bv_len = f->f_av_desc->ad_cname.bv_len +
631 tmp.bv_len + ( sizeof("(>=)") - 1 );
632 fstr->bv_val = ch_malloc( fstr->bv_len + 1 );
634 snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s>=%s)",
635 f->f_av_desc->ad_cname.bv_val,
638 ber_memfree( tmp.bv_val );
642 filter_escape_value( &f->f_av_value, &tmp );
644 fstr->bv_len = f->f_av_desc->ad_cname.bv_len +
645 tmp.bv_len + ( sizeof("(<=)") - 1 );
646 fstr->bv_val = ch_malloc( fstr->bv_len + 1 );
648 snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s<=%s)",
649 f->f_av_desc->ad_cname.bv_val,
652 ber_memfree( tmp.bv_val );
655 case LDAP_FILTER_APPROX:
656 filter_escape_value( &f->f_av_value, &tmp );
658 fstr->bv_len = f->f_av_desc->ad_cname.bv_len +
659 tmp.bv_len + ( sizeof("(~=)") - 1 );
660 fstr->bv_val = ch_malloc( fstr->bv_len + 1 );
662 snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s~=%s)",
663 f->f_av_desc->ad_cname.bv_val,
665 ber_memfree( tmp.bv_val );
668 case LDAP_FILTER_SUBSTRINGS:
669 fstr->bv_len = f->f_sub_desc->ad_cname.bv_len +
670 ( sizeof("(=*)") - 1 );
671 fstr->bv_val = ch_malloc( fstr->bv_len + 128 );
673 snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s=*)",
674 f->f_sub_desc->ad_cname.bv_val );
676 if ( f->f_sub_initial.bv_val != NULL ) {
679 filter_escape_value( &f->f_sub_initial, &tmp );
681 fstr->bv_len += tmp.bv_len;
682 fstr->bv_val = ch_realloc( fstr->bv_val, fstr->bv_len + 1 );
684 snprintf( &fstr->bv_val[len-2], tmp.bv_len+3,
685 /* "(attr=" */ "%s*)",
688 ber_memfree( tmp.bv_val );
691 if ( f->f_sub_any != NULL ) {
692 for ( i = 0; f->f_sub_any[i].bv_val != NULL; i++ ) {
694 filter_escape_value( &f->f_sub_any[i], &tmp );
696 fstr->bv_len += tmp.bv_len + 1;
697 fstr->bv_val = ch_realloc( fstr->bv_val, fstr->bv_len + 1 );
699 snprintf( &fstr->bv_val[len-1], tmp.bv_len+3,
700 /* "(attr=[init]*[any*]" */ "%s*)",
702 ber_memfree( tmp.bv_val );
706 if ( f->f_sub_final.bv_val != NULL ) {
709 filter_escape_value( &f->f_sub_final, &tmp );
711 fstr->bv_len += tmp.bv_len;
712 fstr->bv_val = ch_realloc( fstr->bv_val, fstr->bv_len + 1 );
714 snprintf( &fstr->bv_val[len-1], tmp.bv_len+3,
715 /* "(attr=[init*][any*]" */ "%s)",
718 ber_memfree( tmp.bv_val );
723 case LDAP_FILTER_PRESENT:
724 fstr->bv_len = f->f_desc->ad_cname.bv_len +
725 ( sizeof("(=*)") - 1 );
726 fstr->bv_val = ch_malloc( fstr->bv_len + 1 );
728 snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s=*)",
729 f->f_desc->ad_cname.bv_val );
732 case LDAP_FILTER_AND:
734 case LDAP_FILTER_NOT:
735 fstr->bv_len = sizeof("(%)") - 1;
736 fstr->bv_val = ch_malloc( fstr->bv_len + 128 );
738 snprintf( fstr->bv_val, fstr->bv_len + 1, "(%c)",
739 f->f_choice == LDAP_FILTER_AND ? '&' :
740 f->f_choice == LDAP_FILTER_OR ? '|' : '!' );
742 for ( p = f->f_list; p != NULL; p = p->f_next ) {
745 filter2bv( p, &tmp );
747 fstr->bv_len += tmp.bv_len;
748 fstr->bv_val = ch_realloc( fstr->bv_val, fstr->bv_len + 1 );
750 snprintf( &fstr->bv_val[len-1], tmp.bv_len + 2,
751 /*"("*/ "%s)", tmp.bv_val );
753 ch_free( tmp.bv_val );
758 case LDAP_FILTER_EXT: {
760 filter_escape_value( &f->f_mr_value, &tmp );
762 if ( f->f_mr_desc ) {
763 ad = f->f_mr_desc->ad_cname;
769 fstr->bv_len = ad.bv_len +
770 ( f->f_mr_dnattrs ? sizeof(":dn")-1 : 0 ) +
771 ( f->f_mr_rule_text.bv_len ? f->f_mr_rule_text.bv_len+1 : 0 ) +
772 tmp.bv_len + ( sizeof("(:=)") - 1 );
773 fstr->bv_val = ch_malloc( fstr->bv_len + 1 );
775 snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s%s%s%s:=%s)",
777 f->f_mr_dnattrs ? ":dn" : "",
778 f->f_mr_rule_text.bv_len ? ":" : "",
779 f->f_mr_rule_text.bv_len ? f->f_mr_rule_text.bv_val : "",
781 ber_memfree( tmp.bv_val );
784 case SLAPD_FILTER_COMPUTED:
786 f->f_result == LDAP_COMPARE_FALSE ? "(?=false)" :
787 f->f_result == LDAP_COMPARE_TRUE ? "(?=true)" :
788 f->f_result == SLAPD_COMPARE_UNDEFINED ? "(?=undefined)" :
790 f->f_result == LDAP_COMPARE_FALSE ? sizeof("(?=false)")-1 :
791 f->f_result == LDAP_COMPARE_TRUE ? sizeof("(?=true)")-1 :
792 f->f_result == SLAPD_COMPARE_UNDEFINED ? sizeof("(?=undefined)")-1 :
793 sizeof("(?=error)")-1,
798 ber_str2bv( "(?=unknown)", sizeof("(?=unknown)")-1, 1, fstr );
812 out->bv_val = (char *) ch_malloc( ( in->bv_len * 3 ) + 1 );
815 for( i=0; i < in->bv_len ; i++ ) {
816 if( FILTER_ESCAPE(in->bv_val[i]) ) {
817 out->bv_val[out->bv_len++] = SLAP_ESCAPE_CHAR;
818 out->bv_val[out->bv_len++] = SLAP_ESCAPE_HI( in->bv_val[i] );
819 out->bv_val[out->bv_len++] = SLAP_ESCAPE_LO( in->bv_val[i] );
821 out->bv_val[out->bv_len++] = in->bv_val[i];
825 out->bv_val[out->bv_len] = '\0';
833 ValuesReturnFilter **filt,
839 ValuesReturnFilter vrf;
842 LDAP_LOG( FILTER, ENTRY,
843 "get_simple_vrFilter: conn %d\n", conn->c_connid, 0, 0 );
845 Debug( LDAP_DEBUG_FILTER, "begin get_simple_vrFilter\n", 0, 0, 0 );
848 tag = ber_peek_tag( ber, &len );
850 if( tag == LBER_ERROR ) {
851 *text = "error decoding filter";
852 return SLAPD_DISCONNECT;
858 vrf.vrf_choice = tag;
860 switch ( vrf.vrf_choice ) {
861 case LDAP_FILTER_EQUALITY:
863 LDAP_LOG( FILTER, DETAIL2,
864 "get_simple_vrFilter: conn %d EQUALITY\n", conn->c_connid, 0, 0 );
866 Debug( LDAP_DEBUG_FILTER, "EQUALITY\n", 0, 0, 0 );
868 err = get_ava( ber, &vrf.vrf_ava, SLAP_MR_EQUALITY, text );
869 if ( err != LDAP_SUCCESS ) {
873 assert( vrf.vrf_ava != NULL );
876 case LDAP_FILTER_SUBSTRINGS:
878 LDAP_LOG( FILTER, DETAIL1,
879 "get_simple_vrFilter: conn %d SUBSTRINGS\n", conn->c_connid, 0, 0 );
881 Debug( LDAP_DEBUG_FILTER, "SUBSTRINGS\n", 0, 0, 0 );
883 err = get_ssa( conn, ber, &vrf.vrf_sub, text );
888 LDAP_LOG( FILTER, DETAIL1,
889 "get_simple_vrFilter: conn %d GE\n", conn->c_connid, 0, 0 );
891 Debug( LDAP_DEBUG_FILTER, "GE\n", 0, 0, 0 );
893 err = get_ava( ber, &vrf.vrf_ava, SLAP_MR_ORDERING, text );
894 if ( err != LDAP_SUCCESS ) {
901 LDAP_LOG( FILTER, DETAIL1,
902 "get_simple_vrFilter: conn %d LE\n", conn->c_connid, 0, 0 );
904 Debug( LDAP_DEBUG_FILTER, "LE\n", 0, 0, 0 );
906 err = get_ava( ber, &vrf.vrf_ava, SLAP_MR_ORDERING, text );
907 if ( err != LDAP_SUCCESS ) {
912 case LDAP_FILTER_PRESENT: {
916 LDAP_LOG( FILTER, DETAIL1,
917 "get_simple_vrFilter: conn %d PRESENT\n", conn->c_connid, 0, 0 );
919 Debug( LDAP_DEBUG_FILTER, "PRESENT\n", 0, 0, 0 );
921 if ( ber_scanf( ber, "m", &type ) == LBER_ERROR ) {
922 err = SLAPD_DISCONNECT;
923 *text = "error decoding filter";
928 err = slap_bv2ad( &type, &vrf.vrf_desc, text );
930 if( err != LDAP_SUCCESS ) {
931 /* unrecognized attribute description or other error */
932 vrf.vrf_choice = SLAPD_FILTER_COMPUTED;
933 vrf.vrf_result = LDAP_COMPARE_FALSE;
939 case LDAP_FILTER_APPROX:
941 LDAP_LOG( FILTER, DETAIL1,
942 "get_simple_vrFilter: conn %d APPROX\n", conn->c_connid, 0, 0 );
944 Debug( LDAP_DEBUG_FILTER, "APPROX\n", 0, 0, 0 );
946 err = get_ava( ber, &vrf.vrf_ava, SLAP_MR_EQUALITY_APPROX, text );
947 if ( err != LDAP_SUCCESS ) {
952 case LDAP_FILTER_EXT:
954 LDAP_LOG( FILTER, DETAIL1,
955 "get_simple_vrFilter: conn %d EXTENSIBLE\n", conn->c_connid, 0, 0 );
957 Debug( LDAP_DEBUG_FILTER, "EXTENSIBLE\n", 0, 0, 0 );
960 err = get_mra( ber, &vrf.vrf_mra, text );
961 if ( err != LDAP_SUCCESS ) {
965 assert( vrf.vrf_mra != NULL );
969 (void) ber_scanf( ber, "x" ); /* skip the element */
971 LDAP_LOG( FILTER, ERR,
972 "get_simple_vrFilter: conn %d unknown filter type=%lu\n",
973 conn->c_connid, vrf.vrf_choice, 0 );
975 Debug( LDAP_DEBUG_ANY, "get_simple_vrFilter: unknown filter type=%lu\n",
976 vrf.vrf_choice, 0, 0 );
978 vrf.vrf_choice = SLAPD_FILTER_COMPUTED;
979 vrf.vrf_result = SLAPD_COMPARE_UNDEFINED;
983 if ( err != LDAP_SUCCESS && err != SLAPD_DISCONNECT ) {
985 vrf.vrf_choice = SLAPD_FILTER_COMPUTED;
986 vrf.vrf_result = SLAPD_COMPARE_UNDEFINED;
990 if ( err == LDAP_SUCCESS ) {
991 *filt = ch_malloc( sizeof vrf );
996 LDAP_LOG( FILTER, DETAIL2,
997 "get_simple_vrFilter: conn %d exit\n", conn->c_connid, 0, 0 );
999 Debug( LDAP_DEBUG_FILTER, "end get_simple_vrFilter %d\n", err, 0, 0 );
1006 get_vrFilter( Connection *conn, BerElement *ber,
1007 ValuesReturnFilter **vrf,
1011 * A ValuesReturnFilter looks like this:
1013 * ValuesReturnFilter ::= SEQUENCE OF SimpleFilterItem
1014 * SimpleFilterItem ::= CHOICE {
1015 * equalityMatch [3] AttributeValueAssertion,
1016 * substrings [4] SubstringFilter,
1017 * greaterOrEqual [5] AttributeValueAssertion,
1018 * lessOrEqual [6] AttributeValueAssertion,
1019 * present [7] AttributeType,
1020 * approxMatch [8] AttributeValueAssertion,
1021 * extensibleMatch [9] SimpleMatchingAssertion -- LDAPv3
1024 * SubstringFilter ::= SEQUENCE {
1025 * type AttributeType,
1026 * SEQUENCE OF CHOICE {
1027 * initial [0] IA5String,
1028 * any [1] IA5String,
1029 * final [2] IA5String
1033 * SimpleMatchingAssertion ::= SEQUENCE { -- LDAPv3
1034 * matchingRule [1] MatchingRuleId OPTIONAL,
1035 * type [2] AttributeDescription OPTIONAL,
1036 * matchValue [3] AssertionValue }
1039 ValuesReturnFilter **n;
1045 LDAP_LOG( FILTER, ENTRY,
1046 "get_vrFilter: conn %d start\n", conn->c_connid, 0, 0 );
1048 Debug( LDAP_DEBUG_FILTER, "begin get_vrFilter\n", 0, 0, 0 );
1051 tag = ber_peek_tag( ber, &len );
1053 if( tag == LBER_ERROR ) {
1054 *text = "error decoding vrFilter";
1055 return SLAPD_DISCONNECT;
1058 if( tag != LBER_SEQUENCE ) {
1059 *text = "error decoding vrFilter, expect SEQUENCE tag";
1060 return SLAPD_DISCONNECT;
1064 for ( tag = ber_first_element( ber, &len, &last );
1065 tag != LBER_DEFAULT;
1066 tag = ber_next_element( ber, &len, last ) )
1068 int err = get_simple_vrFilter( conn, ber, n, text );
1070 if ( err != LDAP_SUCCESS ) return( err );
1072 n = &(*n)->vrf_next;
1077 LDAP_LOG( FILTER, ENTRY,
1078 "get_vrFilter: conn %d exit\n", conn->c_connid, 0, 0 );
1080 Debug( LDAP_DEBUG_FILTER, "end get_vrFilter\n", 0, 0, 0 );
1082 return( LDAP_SUCCESS );
1086 vrFilter_free( ValuesReturnFilter *vrf )
1088 ValuesReturnFilter *p, *next;
1090 if ( vrf == NULL ) {
1094 for ( p = vrf; p != NULL; p = next ) {
1097 switch ( vrf->vrf_choice ) {
1098 case LDAP_FILTER_PRESENT:
1101 case LDAP_FILTER_EQUALITY:
1102 case LDAP_FILTER_GE:
1103 case LDAP_FILTER_LE:
1104 case LDAP_FILTER_APPROX:
1105 ava_free( vrf->vrf_ava, 1 );
1108 case LDAP_FILTER_SUBSTRINGS:
1109 if ( vrf->vrf_sub_initial.bv_val != NULL ) {
1110 free( vrf->vrf_sub_initial.bv_val );
1112 ber_bvarray_free( vrf->vrf_sub_any );
1113 if ( vrf->vrf_sub_final.bv_val != NULL ) {
1114 free( vrf->vrf_sub_final.bv_val );
1116 ch_free( vrf->vrf_sub );
1119 case LDAP_FILTER_EXT:
1120 mra_free( vrf->vrf_mra, 1 );
1123 case SLAPD_FILTER_COMPUTED:
1128 LDAP_LOG( FILTER, ERR,
1129 "filter_free: unknown filter type %lu\n", vrf->vrf_choice, 0, 0 );
1131 Debug( LDAP_DEBUG_ANY, "filter_free: unknown filter type=%lu\n",
1132 vrf->vrf_choice, 0, 0 );
1143 vrFilter2bv( ValuesReturnFilter *vrf, struct berval *fstr )
1145 ValuesReturnFilter *p;
1149 if ( vrf == NULL ) {
1150 ber_str2bv( "No filter!", sizeof("No filter!")-1, 1, fstr );
1154 fstr->bv_len = sizeof("()") - 1;
1155 fstr->bv_val = ch_malloc( fstr->bv_len + 128 );
1157 snprintf( fstr->bv_val, fstr->bv_len + 1, "()");
1159 for ( p = vrf; p != NULL; p = p->vrf_next ) {
1162 simple_vrFilter2bv( p, &tmp );
1164 fstr->bv_len += tmp.bv_len;
1165 fstr->bv_val = ch_realloc( fstr->bv_val, fstr->bv_len + 1 );
1167 snprintf( &fstr->bv_val[len-1], tmp.bv_len + 2,
1168 /*"("*/ "%s)", tmp.bv_val );
1170 ch_free( tmp.bv_val );
1175 simple_vrFilter2bv( ValuesReturnFilter *vrf, struct berval *fstr )
1180 if ( vrf == NULL ) {
1181 ber_str2bv( "No filter!", sizeof("No filter!")-1, 1, fstr );
1185 switch ( vrf->vrf_choice ) {
1186 case LDAP_FILTER_EQUALITY:
1187 filter_escape_value( &vrf->vrf_av_value, &tmp );
1189 fstr->bv_len = vrf->vrf_av_desc->ad_cname.bv_len +
1190 tmp.bv_len + ( sizeof("(=)") - 1 );
1191 fstr->bv_val = ch_malloc( fstr->bv_len + 1 );
1193 snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s=%s)",
1194 vrf->vrf_av_desc->ad_cname.bv_val,
1197 ber_memfree( tmp.bv_val );
1200 case LDAP_FILTER_GE:
1201 filter_escape_value( &vrf->vrf_av_value, &tmp );
1203 fstr->bv_len = vrf->vrf_av_desc->ad_cname.bv_len +
1204 tmp.bv_len + ( sizeof("(>=)") - 1 );
1205 fstr->bv_val = ch_malloc( fstr->bv_len + 1 );
1207 snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s>=%s)",
1208 vrf->vrf_av_desc->ad_cname.bv_val,
1211 ber_memfree( tmp.bv_val );
1214 case LDAP_FILTER_LE:
1215 filter_escape_value( &vrf->vrf_av_value, &tmp );
1217 fstr->bv_len = vrf->vrf_av_desc->ad_cname.bv_len +
1218 tmp.bv_len + ( sizeof("(<=)") - 1 );
1219 fstr->bv_val = ch_malloc( fstr->bv_len + 1 );
1221 snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s<=%s)",
1222 vrf->vrf_av_desc->ad_cname.bv_val,
1225 ber_memfree( tmp.bv_val );
1228 case LDAP_FILTER_APPROX:
1229 filter_escape_value( &vrf->vrf_av_value, &tmp );
1231 fstr->bv_len = vrf->vrf_av_desc->ad_cname.bv_len +
1232 tmp.bv_len + ( sizeof("(~=)") - 1 );
1233 fstr->bv_val = ch_malloc( fstr->bv_len + 1 );
1235 snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s~=%s)",
1236 vrf->vrf_av_desc->ad_cname.bv_val,
1238 ber_memfree( tmp.bv_val );
1241 case LDAP_FILTER_SUBSTRINGS:
1242 fstr->bv_len = vrf->vrf_sub_desc->ad_cname.bv_len +
1243 ( sizeof("(=*)") - 1 );
1244 fstr->bv_val = ch_malloc( fstr->bv_len + 128 );
1246 snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s=*)",
1247 vrf->vrf_sub_desc->ad_cname.bv_val );
1249 if ( vrf->vrf_sub_initial.bv_val != NULL ) {
1252 filter_escape_value( &vrf->vrf_sub_initial, &tmp );
1254 fstr->bv_len += tmp.bv_len;
1255 fstr->bv_val = ch_realloc( fstr->bv_val, fstr->bv_len + 1 );
1257 snprintf( &fstr->bv_val[len-2], tmp.bv_len+3,
1258 /* "(attr=" */ "%s*)",
1261 ber_memfree( tmp.bv_val );
1264 if ( vrf->vrf_sub_any != NULL ) {
1266 for ( i = 0; vrf->vrf_sub_any[i].bv_val != NULL; i++ ) {
1268 filter_escape_value( &vrf->vrf_sub_any[i], &tmp );
1270 fstr->bv_len += tmp.bv_len + 1;
1271 fstr->bv_val = ch_realloc( fstr->bv_val, fstr->bv_len + 1 );
1273 snprintf( &fstr->bv_val[len-1], tmp.bv_len+3,
1274 /* "(attr=[init]*[any*]" */ "%s*)",
1276 ber_memfree( tmp.bv_val );
1280 if ( vrf->vrf_sub_final.bv_val != NULL ) {
1283 filter_escape_value( &vrf->vrf_sub_final, &tmp );
1285 fstr->bv_len += tmp.bv_len;
1286 fstr->bv_val = ch_realloc( fstr->bv_val, fstr->bv_len + 1 );
1288 snprintf( &fstr->bv_val[len-1], tmp.bv_len+3,
1289 /* "(attr=[init*][any*]" */ "%s)",
1292 ber_memfree( tmp.bv_val );
1297 case LDAP_FILTER_PRESENT:
1298 fstr->bv_len = vrf->vrf_desc->ad_cname.bv_len +
1299 ( sizeof("(=*)") - 1 );
1300 fstr->bv_val = ch_malloc( fstr->bv_len + 1 );
1302 snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s=*)",
1303 vrf->vrf_desc->ad_cname.bv_val );
1306 case LDAP_FILTER_EXT: {
1308 filter_escape_value( &vrf->vrf_mr_value, &tmp );
1310 if ( vrf->vrf_mr_desc ) {
1311 ad = vrf->vrf_mr_desc->ad_cname;
1317 fstr->bv_len = ad.bv_len +
1318 ( vrf->vrf_mr_dnattrs ? sizeof(":dn")-1 : 0 ) +
1319 ( vrf->vrf_mr_rule_text.bv_len ? vrf->vrf_mr_rule_text.bv_len+1 : 0 ) +
1320 tmp.bv_len + ( sizeof("(:=)") - 1 );
1321 fstr->bv_val = ch_malloc( fstr->bv_len + 1 );
1323 snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s%s%s%s:=%s)",
1325 vrf->vrf_mr_dnattrs ? ":dn" : "",
1326 vrf->vrf_mr_rule_text.bv_len ? ":" : "",
1327 vrf->vrf_mr_rule_text.bv_len ? vrf->vrf_mr_rule_text.bv_val : "",
1330 ber_memfree( tmp.bv_val );
1333 case SLAPD_FILTER_COMPUTED:
1335 vrf->vrf_result == LDAP_COMPARE_FALSE ? "(?=false)" :
1336 vrf->vrf_result == LDAP_COMPARE_TRUE ? "(?=true)" :
1337 vrf->vrf_result == SLAPD_COMPARE_UNDEFINED ? "(?=undefined)" :
1339 vrf->vrf_result == LDAP_COMPARE_FALSE ? sizeof("(?=false)")-1 :
1340 vrf->vrf_result == LDAP_COMPARE_TRUE ? sizeof("(?=true)")-1 :
1341 vrf->vrf_result == SLAPD_COMPARE_UNDEFINED ? sizeof("(?=undefined)")-1 :
1342 sizeof("(?=error)")-1,
1347 ber_str2bv( "(?=unknown)", sizeof("(?=unknown)")-1, 1, fstr );
1354 get_substring_vrFilter(
1357 ValuesReturnFilter *vrf,
1363 struct berval value;
1366 *text = "error decoding filter";
1369 LDAP_LOG( FILTER, ENTRY,
1370 "get_substring_filter: conn %d begin\n", conn->c_connid, 0, 0 );
1372 Debug( LDAP_DEBUG_FILTER, "begin get_substring_filter\n", 0, 0, 0 );
1374 if ( ber_scanf( ber, "{m" /*}*/, &bv ) == LBER_ERROR ) {
1375 return SLAPD_DISCONNECT;
1378 vrf->vrf_sub = ch_calloc( 1, sizeof(SubstringsAssertion) );
1379 vrf->vrf_sub_desc = NULL;
1380 rc = slap_bv2ad( &bv, &vrf->vrf_sub_desc, text );
1382 if( rc != LDAP_SUCCESS ) {
1384 ch_free( vrf->vrf_sub );
1385 vrf->vrf_choice = SLAPD_FILTER_COMPUTED;
1386 vrf->vrf_result = SLAPD_COMPARE_UNDEFINED;
1387 return LDAP_SUCCESS;
1390 vrf->vrf_sub_initial.bv_val = NULL;
1391 vrf->vrf_sub_any = NULL;
1392 vrf->vrf_sub_final.bv_val = NULL;
1394 for ( tag = ber_first_element( ber, &len, &last ); tag != LBER_DEFAULT;
1395 tag = ber_next_element( ber, &len, last ) )
1399 rc = ber_scanf( ber, "m", &value );
1400 if ( rc == LBER_ERROR ) {
1401 rc = SLAPD_DISCONNECT;
1405 if ( value.bv_val == NULL || value.bv_len == 0 ) {
1406 rc = LDAP_INVALID_SYNTAX;
1411 case LDAP_SUBSTRING_INITIAL:
1412 usage = SLAP_MR_SUBSTR_INITIAL;
1415 case LDAP_SUBSTRING_ANY:
1416 usage = SLAP_MR_SUBSTR_ANY;
1419 case LDAP_SUBSTRING_FINAL:
1420 usage = SLAP_MR_SUBSTR_FINAL;
1424 rc = LDAP_PROTOCOL_ERROR;
1427 LDAP_LOG( FILTER, ERR,
1428 "get_filter_substring: conn %d unknown substring choice=%ld\n",
1429 conn->c_connid, (long)tag, 0 );
1431 Debug( LDAP_DEBUG_FILTER,
1432 " unknown substring choice=%ld\n",
1438 /* validate/normalize using equality matching rule validator! */
1439 rc = asserted_value_validate_normalize(
1440 vrf->vrf_sub_desc, vrf->vrf_sub_desc->ad_type->sat_equality,
1441 usage, &value, &bv, text );
1442 if( rc != LDAP_SUCCESS ) {
1448 rc = LDAP_PROTOCOL_ERROR;
1451 case LDAP_SUBSTRING_INITIAL:
1453 LDAP_LOG( FILTER, DETAIL1,
1454 "get_substring_filter: conn %d INITIAL\n",
1455 conn->c_connid, 0, 0 );
1457 Debug( LDAP_DEBUG_FILTER, " INITIAL\n", 0, 0, 0 );
1460 if ( vrf->vrf_sub_initial.bv_val != NULL
1461 || vrf->vrf_sub_any != NULL
1462 || vrf->vrf_sub_final.bv_val != NULL )
1464 free( value.bv_val );
1468 vrf->vrf_sub_initial = value;
1471 case LDAP_SUBSTRING_ANY:
1473 LDAP_LOG( FILTER, DETAIL1,
1474 "get_substring_filter: conn %d ANY\n", conn->c_connid, 0, 0 );
1476 Debug( LDAP_DEBUG_FILTER, " ANY\n", 0, 0, 0 );
1479 if ( vrf->vrf_sub_final.bv_val != NULL ) {
1480 free( value.bv_val );
1484 ber_bvarray_add( &vrf->vrf_sub_any, &value );
1487 case LDAP_SUBSTRING_FINAL:
1489 LDAP_LOG( FILTER, DETAIL1,
1490 "get_substring_filter: conn %d FINAL\n", conn->c_connid, 0, 0 );
1492 Debug( LDAP_DEBUG_FILTER, " FINAL\n", 0, 0, 0 );
1495 if ( vrf->vrf_sub_final.bv_val != NULL ) {
1496 free( value.bv_val );
1500 vrf->vrf_sub_final = value;
1505 LDAP_LOG( FILTER, INFO,
1506 "get_substring_filter: conn %d unknown substring type %ld\n",
1507 conn->c_connid, (long)tag, 0 );
1509 Debug( LDAP_DEBUG_FILTER,
1510 " unknown substring type=%ld\n",
1514 free( value.bv_val );
1518 LDAP_LOG( FILTER, INFO,
1519 "get_substring_filter: conn %d error %ld\n",
1520 conn->c_connid, (long)rc, 0 );
1522 Debug( LDAP_DEBUG_FILTER, " error=%ld\n",
1525 free( vrf->vrf_sub_initial.bv_val );
1526 ber_bvarray_free( vrf->vrf_sub_any );
1527 free( vrf->vrf_sub_final.bv_val );
1528 ch_free( vrf->vrf_sub );
1534 LDAP_LOG( FILTER, ENTRY,
1535 "get_substring_filter: conn %d exit\n", conn->c_connid, 0, 0 );
1537 Debug( LDAP_DEBUG_FILTER, "end get_substring_filter\n", 0, 0, 0 );
1539 return( LDAP_SUCCESS );