1 /* filter.c - routines for parsing and dealing with filters */
3 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
5 * Copyright 1998-2007 The OpenLDAP Foundation.
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted only as authorized by the OpenLDAP
12 * A copy of this license is available in the file LICENSE in the
13 * top-level directory of the distribution or, alternatively, at
14 * <http://www.OpenLDAP.org/license.html>.
16 /* Portions Copyright (c) 1995 Regents of the University of Michigan.
17 * All rights reserved.
19 * Redistribution and use in source and binary forms are permitted
20 * provided that this notice is preserved and that due credit is given
21 * to the University of Michigan at Ann Arbor. The name of the University
22 * may not be used to endorse or promote products derived from this
23 * software without specific prior written permission. This software
24 * is provided ``as is'' without express or implied warranty.
31 #include <ac/socket.h>
32 #include <ac/string.h>
36 const Filter *slap_filter_objectClass_pres;
37 const struct berval *slap_filterstr_objectClass_pres;
39 static int get_filter_list(
51 static void simple_vrFilter2bv(
53 ValuesReturnFilter *f,
54 struct berval *fstr );
56 static int get_simple_vrFilter(
59 ValuesReturnFilter **f,
65 static Filter filter_objectClass_pres = { LDAP_FILTER_PRESENT };
66 static struct berval filterstr_objectClass_pres = BER_BVC("(objectClass=*)");
68 filter_objectClass_pres.f_desc = slap_schema.si_ad_objectClass;
70 slap_filter_objectClass_pres = &filter_objectClass_pres;
71 slap_filterstr_objectClass_pres = &filterstr_objectClass_pres;
77 filter_destroy( void )
94 Debug( LDAP_DEBUG_FILTER, "begin get_filter\n", 0, 0, 0 );
96 * A filter looks like this coming in:
98 * and [0] SET OF Filter,
99 * or [1] SET OF Filter,
101 * equalityMatch [3] AttributeValueAssertion,
102 * substrings [4] SubstringFilter,
103 * greaterOrEqual [5] AttributeValueAssertion,
104 * lessOrEqual [6] AttributeValueAssertion,
105 * present [7] AttributeType,
106 * approxMatch [8] AttributeValueAssertion,
107 * extensibleMatch [9] MatchingRuleAssertion
110 * SubstringFilter ::= SEQUENCE {
111 * type AttributeType,
112 * SEQUENCE OF CHOICE {
113 * initial [0] IA5String,
115 * final [2] IA5String
119 * MatchingRuleAssertion ::= SEQUENCE {
120 * matchingRule [1] MatchingRuleId OPTIONAL,
121 * type [2] AttributeDescription OPTIONAL,
122 * matchValue [3] AssertionValue,
123 * dnAttributes [4] BOOLEAN DEFAULT FALSE
128 tag = ber_peek_tag( ber, &len );
130 if( tag == LBER_ERROR ) {
131 *text = "error decoding filter";
132 return SLAPD_DISCONNECT;
140 switch ( f.f_choice ) {
141 case LDAP_FILTER_EQUALITY:
142 Debug( LDAP_DEBUG_FILTER, "EQUALITY\n", 0, 0, 0 );
143 err = get_ava( op, ber, &f, SLAP_MR_EQUALITY, text );
144 if ( err != LDAP_SUCCESS ) {
148 assert( f.f_ava != NULL );
151 case LDAP_FILTER_SUBSTRINGS:
152 Debug( LDAP_DEBUG_FILTER, "SUBSTRINGS\n", 0, 0, 0 );
153 err = get_ssa( op, ber, &f, text );
154 if( err != LDAP_SUCCESS ) {
157 assert( f.f_sub != NULL );
161 Debug( LDAP_DEBUG_FILTER, "GE\n", 0, 0, 0 );
162 err = get_ava( op, ber, &f, SLAP_MR_ORDERING, text );
163 if ( err != LDAP_SUCCESS ) {
166 assert( f.f_ava != NULL );
170 Debug( LDAP_DEBUG_FILTER, "LE\n", 0, 0, 0 );
171 err = get_ava( op, ber, &f, SLAP_MR_ORDERING, text );
172 if ( err != LDAP_SUCCESS ) {
175 assert( f.f_ava != NULL );
178 case LDAP_FILTER_PRESENT: {
181 Debug( LDAP_DEBUG_FILTER, "PRESENT\n", 0, 0, 0 );
182 if ( ber_scanf( ber, "m", &type ) == LBER_ERROR ) {
183 err = SLAPD_DISCONNECT;
184 *text = "error decoding filter";
189 err = slap_bv2ad( &type, &f.f_desc, text );
191 if( err != LDAP_SUCCESS ) {
192 f.f_choice |= SLAPD_FILTER_UNDEFINED;
193 err = slap_bv2undef_ad( &type, &f.f_desc, text,
194 SLAP_AD_PROXIED|SLAP_AD_NOINSERT );
196 if ( err != LDAP_SUCCESS ) {
197 /* unrecognized attribute description or other error */
198 Debug( LDAP_DEBUG_ANY,
199 "get_filter: conn %lu unknown attribute "
201 op->o_connid, type.bv_val, err );
204 f.f_desc = slap_bv2tmp_ad( &type, op->o_tmpmemctx );
209 assert( f.f_desc != NULL );
212 case LDAP_FILTER_APPROX:
213 Debug( LDAP_DEBUG_FILTER, "APPROX\n", 0, 0, 0 );
214 err = get_ava( op, ber, &f, SLAP_MR_EQUALITY_APPROX, text );
215 if ( err != LDAP_SUCCESS ) {
218 assert( f.f_ava != NULL );
221 case LDAP_FILTER_AND:
222 Debug( LDAP_DEBUG_FILTER, "AND\n", 0, 0, 0 );
223 err = get_filter_list( op, ber, &f.f_and, text );
224 if ( err != LDAP_SUCCESS ) {
227 if ( f.f_and == NULL ) {
228 f.f_choice = SLAPD_FILTER_COMPUTED;
229 f.f_result = LDAP_COMPARE_TRUE;
231 /* no assert - list could be empty */
235 Debug( LDAP_DEBUG_FILTER, "OR\n", 0, 0, 0 );
236 err = get_filter_list( op, ber, &f.f_or, text );
237 if ( err != LDAP_SUCCESS ) {
240 if ( f.f_or == NULL ) {
241 f.f_choice = SLAPD_FILTER_COMPUTED;
242 f.f_result = LDAP_COMPARE_FALSE;
244 /* no assert - list could be empty */
247 case LDAP_FILTER_NOT:
248 Debug( LDAP_DEBUG_FILTER, "NOT\n", 0, 0, 0 );
249 (void) ber_skip_tag( ber, &len );
250 err = get_filter( op, ber, &f.f_not, text );
251 if ( err != LDAP_SUCCESS ) {
255 assert( f.f_not != NULL );
256 if ( f.f_not->f_choice == SLAPD_FILTER_COMPUTED ) {
257 int fresult = f.f_not->f_result;
258 f.f_choice = SLAPD_FILTER_COMPUTED;
259 op->o_tmpfree( f.f_not, op->o_tmpmemctx );
263 case LDAP_COMPARE_TRUE:
264 f.f_result = LDAP_COMPARE_FALSE;
266 case LDAP_COMPARE_FALSE:
267 f.f_result = LDAP_COMPARE_TRUE;
270 /* (!Undefined) is Undefined */
275 case LDAP_FILTER_EXT:
276 Debug( LDAP_DEBUG_FILTER, "EXTENSIBLE\n", 0, 0, 0 );
278 err = get_mra( op, ber, &f, text );
279 if ( err != LDAP_SUCCESS ) {
283 assert( f.f_mra != NULL );
287 (void) ber_scanf( ber, "x" ); /* skip the element */
288 Debug( LDAP_DEBUG_ANY, "get_filter: unknown filter type=%lu\n",
290 f.f_choice = SLAPD_FILTER_COMPUTED;
291 f.f_result = SLAPD_COMPARE_UNDEFINED;
295 if( err != LDAP_SUCCESS && err != SLAPD_DISCONNECT ) {
298 f.f_choice = SLAPD_FILTER_COMPUTED;
299 f.f_result = SLAPD_COMPARE_UNDEFINED;
303 if ( err == LDAP_SUCCESS ) {
304 *filt = op->o_tmpalloc( sizeof(f), op->o_tmpmemctx );
308 Debug( LDAP_DEBUG_FILTER, "end get_filter %d\n", err, 0, 0 );
314 get_filter_list( Operation *op, BerElement *ber,
324 Debug( LDAP_DEBUG_FILTER, "begin get_filter_list\n", 0, 0, 0 );
326 for ( tag = ber_first_element( ber, &len, &last );
328 tag = ber_next_element( ber, &len, last ) )
330 err = get_filter( op, ber, new, text );
331 if ( err != LDAP_SUCCESS )
333 new = &(*new)->f_next;
337 Debug( LDAP_DEBUG_FILTER, "end get_filter_list\n", 0, 0, 0 );
338 return( LDAP_SUCCESS );
351 struct berval desc, value, nvalue;
353 SubstringsAssertion ssa;
355 *text = "error decoding filter";
357 Debug( LDAP_DEBUG_FILTER, "begin get_ssa\n", 0, 0, 0 );
358 if ( ber_scanf( ber, "{m" /*}*/, &desc ) == LBER_ERROR ) {
359 return SLAPD_DISCONNECT;
365 ssa.sa_initial.bv_val = NULL;
367 ssa.sa_final.bv_val = NULL;
369 rc = slap_bv2ad( &desc, &ssa.sa_desc, text );
371 if( rc != LDAP_SUCCESS ) {
372 f->f_choice |= SLAPD_FILTER_UNDEFINED;
373 rc = slap_bv2undef_ad( &desc, &ssa.sa_desc, text,
374 SLAP_AD_PROXIED|SLAP_AD_NOINSERT );
376 if( rc != LDAP_SUCCESS ) {
377 Debug( LDAP_DEBUG_ANY,
378 "get_ssa: conn %lu unknown attribute type=%s (%ld)\n",
379 op->o_connid, desc.bv_val, (long) rc );
381 ssa.sa_desc = slap_bv2tmp_ad( &desc, op->o_tmpmemctx );
385 rc = LDAP_PROTOCOL_ERROR;
387 for ( tag = ber_first_element( ber, &len, &last );
389 tag = ber_next_element( ber, &len, last ) )
393 rc = ber_scanf( ber, "m", &value );
394 if ( rc == LBER_ERROR ) {
395 rc = SLAPD_DISCONNECT;
399 if ( value.bv_val == NULL || value.bv_len == 0 ) {
400 rc = LDAP_INVALID_SYNTAX;
405 case LDAP_SUBSTRING_INITIAL:
406 if ( ssa.sa_initial.bv_val != NULL
407 || ssa.sa_any != NULL
408 || ssa.sa_final.bv_val != NULL )
410 rc = LDAP_PROTOCOL_ERROR;
413 usage = SLAP_MR_SUBSTR_INITIAL;
416 case LDAP_SUBSTRING_ANY:
417 if ( ssa.sa_final.bv_val != NULL ) {
418 rc = LDAP_PROTOCOL_ERROR;
421 usage = SLAP_MR_SUBSTR_ANY;
424 case LDAP_SUBSTRING_FINAL:
425 if ( ssa.sa_final.bv_val != NULL ) {
426 rc = LDAP_PROTOCOL_ERROR;
430 usage = SLAP_MR_SUBSTR_FINAL;
434 Debug( LDAP_DEBUG_FILTER,
435 " unknown substring choice=%ld\n",
438 rc = LDAP_PROTOCOL_ERROR;
442 /* validate/normalize using equality matching rule validator! */
443 rc = asserted_value_validate_normalize(
444 ssa.sa_desc, ssa.sa_desc->ad_type->sat_equality,
445 usage, &value, &nvalue, text, op->o_tmpmemctx );
446 if( rc != LDAP_SUCCESS ) goto return_error;
449 case LDAP_SUBSTRING_INITIAL:
450 Debug( LDAP_DEBUG_FILTER, " INITIAL\n", 0, 0, 0 );
451 ssa.sa_initial = nvalue;
454 case LDAP_SUBSTRING_ANY:
455 Debug( LDAP_DEBUG_FILTER, " ANY\n", 0, 0, 0 );
456 ber_bvarray_add_x( &ssa.sa_any, &nvalue, op->o_tmpmemctx );
459 case LDAP_SUBSTRING_FINAL:
460 Debug( LDAP_DEBUG_FILTER, " FINAL\n", 0, 0, 0 );
461 ssa.sa_final = nvalue;
466 slap_sl_free( nvalue.bv_val, op->o_tmpmemctx );
467 rc = LDAP_PROTOCOL_ERROR;
470 Debug( LDAP_DEBUG_FILTER, " error=%ld\n",
472 slap_sl_free( ssa.sa_initial.bv_val, op->o_tmpmemctx );
473 ber_bvarray_free_x( ssa.sa_any, op->o_tmpmemctx );
474 if ( ssa.sa_desc->ad_flags & SLAP_DESC_TEMPORARY )
475 op->o_tmpfree( ssa.sa_desc, op->o_tmpmemctx );
476 slap_sl_free( ssa.sa_final.bv_val, op->o_tmpmemctx );
483 if( rc == LDAP_SUCCESS ) {
484 f->f_sub = op->o_tmpalloc( sizeof( ssa ), op->o_tmpmemctx );
488 Debug( LDAP_DEBUG_FILTER, "end get_ssa\n", 0, 0, 0 );
489 return rc /* LDAP_SUCCESS */ ;
493 filter_free_x( Operation *op, Filter *f )
501 f->f_choice &= SLAPD_FILTER_MASK;
503 switch ( f->f_choice ) {
504 case LDAP_FILTER_PRESENT:
507 case LDAP_FILTER_EQUALITY:
510 case LDAP_FILTER_APPROX:
511 ava_free( op, f->f_ava, 1 );
514 case LDAP_FILTER_SUBSTRINGS:
515 if ( f->f_sub_initial.bv_val != NULL ) {
516 op->o_tmpfree( f->f_sub_initial.bv_val, op->o_tmpmemctx );
518 ber_bvarray_free_x( f->f_sub_any, op->o_tmpmemctx );
519 if ( f->f_sub_final.bv_val != NULL ) {
520 op->o_tmpfree( f->f_sub_final.bv_val, op->o_tmpmemctx );
522 if ( f->f_sub->sa_desc->ad_flags & SLAP_DESC_TEMPORARY )
523 op->o_tmpfree( f->f_sub->sa_desc, op->o_tmpmemctx );
524 op->o_tmpfree( f->f_sub, op->o_tmpmemctx );
527 case LDAP_FILTER_AND:
529 case LDAP_FILTER_NOT:
530 for ( p = f->f_list; p != NULL; p = next ) {
532 filter_free_x( op, p );
536 case LDAP_FILTER_EXT:
537 mra_free( op, f->f_mra, 1 );
540 case SLAPD_FILTER_COMPUTED:
544 Debug( LDAP_DEBUG_ANY, "filter_free: unknown filter type=%lu\n",
549 op->o_tmpfree( f, op->o_tmpmemctx );
553 filter_free( Filter *f )
559 op.o_tmpmemctx = slap_sl_context( f );
560 op.o_tmpmfuncs = &slap_sl_mfuncs;
561 filter_free_x( &op, f );
565 filter2bv_x( Operation *op, Filter *f, struct berval *fstr )
571 ber_bvfalse = BER_BVC( "(?=false)" ),
572 ber_bvtrue = BER_BVC( "(?=true)" ),
573 ber_bvundefined = BER_BVC( "(?=undefined)" ),
574 ber_bverror = BER_BVC( "(?=error)" ),
575 ber_bvunknown = BER_BVC( "(?=unknown)" ),
576 ber_bvnone = BER_BVC( "(?=none)" );
583 ber_dupbv_x( fstr, &ber_bvnone, op->o_tmpmemctx );
587 undef = f->f_choice & SLAPD_FILTER_UNDEFINED;
588 choice = f->f_choice & SLAPD_FILTER_MASK;
591 case LDAP_FILTER_EQUALITY:
592 fstr->bv_len = STRLENOF("(=)");
596 fstr->bv_len = STRLENOF("(>=)");
600 fstr->bv_len = STRLENOF("(<=)");
603 case LDAP_FILTER_APPROX:
604 fstr->bv_len = STRLENOF("(~=)");
608 filter_escape_value_x( &f->f_av_value, &tmp, op->o_tmpmemctx );
609 /* NOTE: tmp can legitimately be NULL (meaning empty)
610 * since in a Filter values in AVAs are supposed
611 * to have been normalized, meaning that an empty value
612 * is legal for that attribute's syntax */
614 fstr->bv_len += f->f_av_desc->ad_cname.bv_len + tmp.bv_len;
617 fstr->bv_val = op->o_tmpalloc( fstr->bv_len + 1, op->o_tmpmemctx );
619 snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s%s%s%s)",
621 f->f_av_desc->ad_cname.bv_val, sign,
622 tmp.bv_len ? tmp.bv_val : "" );
624 ber_memfree_x( tmp.bv_val, op->o_tmpmemctx );
627 case LDAP_FILTER_SUBSTRINGS:
628 fstr->bv_len = f->f_sub_desc->ad_cname.bv_len +
632 fstr->bv_val = op->o_tmpalloc( fstr->bv_len + 128, op->o_tmpmemctx );
634 snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s%s=*)",
636 f->f_sub_desc->ad_cname.bv_val );
638 if ( f->f_sub_initial.bv_val != NULL ) {
643 filter_escape_value_x( &f->f_sub_initial, &tmp, op->o_tmpmemctx );
646 fstr->bv_len += tmplen;
647 fstr->bv_val = op->o_tmprealloc( fstr->bv_val,
648 fstr->bv_len + 1, op->o_tmpmemctx );
650 snprintf( &fstr->bv_val[len - 2],
651 tmplen + STRLENOF( /*(*/ "*)" ) + 1,
652 /* "(attr=" */ "%s*)",
653 tmp.bv_len ? tmp.bv_val : "");
655 ber_memfree_x( tmp.bv_val, op->o_tmpmemctx );
658 if ( f->f_sub_any != NULL ) {
659 for ( i = 0; f->f_sub_any[i].bv_val != NULL; i++ ) {
663 filter_escape_value_x( &f->f_sub_any[i],
664 &tmp, op->o_tmpmemctx );
667 fstr->bv_len += tmplen + STRLENOF( /*(*/ ")" );
668 fstr->bv_val = op->o_tmprealloc( fstr->bv_val,
669 fstr->bv_len + 1, op->o_tmpmemctx );
671 snprintf( &fstr->bv_val[len - 1],
672 tmplen + STRLENOF( /*(*/ "*)" ) + 1,
673 /* "(attr=[init]*[any*]" */ "%s*)",
674 tmp.bv_len ? tmp.bv_val : "");
675 ber_memfree_x( tmp.bv_val, op->o_tmpmemctx );
679 if ( f->f_sub_final.bv_val != NULL ) {
684 filter_escape_value_x( &f->f_sub_final, &tmp, op->o_tmpmemctx );
687 fstr->bv_len += tmplen;
688 fstr->bv_val = op->o_tmprealloc( fstr->bv_val,
689 fstr->bv_len + 1, op->o_tmpmemctx );
691 snprintf( &fstr->bv_val[len - 1],
692 tmplen + STRLENOF( /*(*/ ")" ) + 1,
693 /* "(attr=[init*][any*]" */ "%s)",
694 tmp.bv_len ? tmp.bv_val : "");
696 ber_memfree_x( tmp.bv_val, op->o_tmpmemctx );
701 case LDAP_FILTER_PRESENT:
702 fstr->bv_len = f->f_desc->ad_cname.bv_len +
707 fstr->bv_val = op->o_tmpalloc( fstr->bv_len + 1, op->o_tmpmemctx );
709 snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s%s=*)",
711 f->f_desc->ad_cname.bv_val );
714 case LDAP_FILTER_AND:
716 case LDAP_FILTER_NOT:
717 fstr->bv_len = STRLENOF("(%)");
718 fstr->bv_val = op->o_tmpalloc( fstr->bv_len + 128, op->o_tmpmemctx );
720 snprintf( fstr->bv_val, fstr->bv_len + 1, "(%c)",
721 f->f_choice == LDAP_FILTER_AND ? '&' :
722 f->f_choice == LDAP_FILTER_OR ? '|' : '!' );
724 for ( p = f->f_list; p != NULL; p = p->f_next ) {
727 filter2bv_x( op, p, &tmp );
729 fstr->bv_len += tmp.bv_len;
730 fstr->bv_val = op->o_tmprealloc( fstr->bv_val, fstr->bv_len + 1,
733 snprintf( &fstr->bv_val[len-1],
734 tmp.bv_len + STRLENOF( /*(*/ ")" ) + 1,
735 /*"("*/ "%s)", tmp.bv_val );
737 op->o_tmpfree( tmp.bv_val, op->o_tmpmemctx );
742 case LDAP_FILTER_EXT: {
745 filter_escape_value_x( &f->f_mr_value, &tmp, op->o_tmpmemctx );
746 /* NOTE: tmp can legitimately be NULL (meaning empty)
747 * since in a Filter values in MRAs are supposed
748 * to have been normalized, meaning that an empty value
749 * is legal for that attribute's syntax */
751 if ( f->f_mr_desc ) {
752 ad = f->f_mr_desc->ad_cname;
758 fstr->bv_len = ad.bv_len +
759 ( f->f_mr_dnattrs ? STRLENOF(":dn") : 0 ) +
760 ( f->f_mr_rule_text.bv_len ? f->f_mr_rule_text.bv_len+1 : 0 ) +
761 tmp.bv_len + STRLENOF("(:=)");
762 fstr->bv_val = op->o_tmpalloc( fstr->bv_len + 1, op->o_tmpmemctx );
764 snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s%s%s%s%s:=%s)",
767 f->f_mr_dnattrs ? ":dn" : "",
768 f->f_mr_rule_text.bv_len ? ":" : "",
769 f->f_mr_rule_text.bv_len ? f->f_mr_rule_text.bv_val : "",
770 tmp.bv_len ? tmp.bv_val : "" );
771 ber_memfree_x( tmp.bv_val, op->o_tmpmemctx );
774 case SLAPD_FILTER_COMPUTED:
775 switch ( f->f_result ) {
776 case LDAP_COMPARE_FALSE:
780 case LDAP_COMPARE_TRUE:
784 case SLAPD_COMPARE_UNDEFINED:
785 tmp = ber_bvundefined;
793 ber_dupbv_x( fstr, &tmp, op->o_tmpmemctx );
797 ber_dupbv_x( fstr, &ber_bvunknown, op->o_tmpmemctx );
803 filter2bv( Filter *f, struct berval *fstr )
809 op.o_tmpmemctx = NULL;
810 op.o_tmpmfuncs = &ch_mfuncs;
812 filter2bv_x( &op, f, fstr );
816 filter_dup( Filter *f, void *memctx )
818 BerMemoryFunctions *mf = &slap_sl_mfuncs;
824 n = mf->bmf_malloc( sizeof(Filter), memctx );
825 n->f_choice = f->f_choice;
828 switch( f->f_choice & SLAPD_FILTER_MASK ) {
829 case SLAPD_FILTER_COMPUTED:
830 n->f_result = f->f_result;
832 case LDAP_FILTER_PRESENT:
833 if ( f->f_desc->ad_flags & SLAP_DESC_TEMPORARY )
834 n->f_desc = slap_bv2tmp_ad( &f->f_desc->ad_cname, memctx );
836 n->f_desc = f->f_desc;
838 case LDAP_FILTER_EQUALITY:
841 case LDAP_FILTER_APPROX:
842 /* Should this be ava_dup() ? */
843 n->f_ava = mf->bmf_calloc( 1, sizeof(AttributeAssertion), memctx );
844 *n->f_ava = *f->f_ava;
845 if ( f->f_av_desc->ad_flags & SLAP_DESC_TEMPORARY )
846 n->f_av_desc = slap_bv2tmp_ad( &f->f_av_desc->ad_cname, memctx );
847 ber_dupbv_x( &n->f_av_value, &f->f_av_value, memctx );
849 case LDAP_FILTER_SUBSTRINGS:
850 n->f_sub = mf->bmf_calloc( 1, sizeof(SubstringsAssertion), memctx );
851 if ( f->f_sub_desc->ad_flags & SLAP_DESC_TEMPORARY )
852 n->f_sub_desc = slap_bv2tmp_ad( &f->f_sub_desc->ad_cname, memctx );
854 n->f_sub_desc = f->f_sub_desc;
855 if ( !BER_BVISNULL( &f->f_sub_initial ))
856 ber_dupbv_x( &n->f_sub_initial, &f->f_sub_initial, memctx );
857 if ( f->f_sub_any ) {
859 for ( i = 0; !BER_BVISNULL( &f->f_sub_any[i] ); i++ );
860 n->f_sub_any = mf->bmf_malloc(( i+1 )*sizeof( struct berval ),
862 for ( i = 0; !BER_BVISNULL( &f->f_sub_any[i] ); i++ ) {
863 ber_dupbv_x( &n->f_sub_any[i], &f->f_sub_any[i], memctx );
865 BER_BVZERO( &n->f_sub_any[i] );
867 if ( !BER_BVISNULL( &f->f_sub_final ))
868 ber_dupbv_x( &n->f_sub_final, &f->f_sub_final, memctx );
870 case LDAP_FILTER_EXT: {
871 /* Should this be mra_dup() ? */
873 length = sizeof(MatchingRuleAssertion);
874 if ( !BER_BVISNULL( &f->f_mr_rule_text ))
875 length += f->f_mr_rule_text.bv_len + 1;
876 n->f_mra = mf->bmf_calloc( 1, length, memctx );
877 *n->f_mra = *f->f_mra;
878 if ( f->f_mr_desc && ( f->f_sub_desc->ad_flags & SLAP_DESC_TEMPORARY ))
879 n->f_mr_desc = slap_bv2tmp_ad( &f->f_mr_desc->ad_cname, memctx );
880 ber_dupbv_x( &n->f_mr_value, &f->f_mr_value, memctx );
881 if ( !BER_BVISNULL( &f->f_mr_rule_text )) {
882 n->f_mr_rule_text.bv_val = (char *)(n->f_mra+1);
883 AC_MEMCPY(n->f_mr_rule_text.bv_val,
884 f->f_mr_rule_text.bv_val, f->f_mr_rule_text.bv_len );
887 case LDAP_FILTER_AND:
889 case LDAP_FILTER_NOT: {
891 for ( p = &n->f_list, f = f->f_list; f; f = f->f_next ) {
892 *p = filter_dup( f, memctx );
904 ValuesReturnFilter **filt,
910 ValuesReturnFilter vrf;
912 Debug( LDAP_DEBUG_FILTER, "begin get_simple_vrFilter\n", 0, 0, 0 );
914 tag = ber_peek_tag( ber, &len );
916 if( tag == LBER_ERROR ) {
917 *text = "error decoding filter";
918 return SLAPD_DISCONNECT;
924 vrf.vrf_choice = tag;
926 switch ( vrf.vrf_choice ) {
927 case LDAP_FILTER_EQUALITY:
928 Debug( LDAP_DEBUG_FILTER, "EQUALITY\n", 0, 0, 0 );
929 err = get_ava( op, ber, (Filter *)&vrf, SLAP_MR_EQUALITY, text );
930 if ( err != LDAP_SUCCESS ) {
934 assert( vrf.vrf_ava != NULL );
937 case LDAP_FILTER_SUBSTRINGS:
938 Debug( LDAP_DEBUG_FILTER, "SUBSTRINGS\n", 0, 0, 0 );
939 err = get_ssa( op, ber, (Filter *)&vrf, text );
943 Debug( LDAP_DEBUG_FILTER, "GE\n", 0, 0, 0 );
944 err = get_ava( op, ber, (Filter *)&vrf, SLAP_MR_ORDERING, text );
945 if ( err != LDAP_SUCCESS ) {
951 Debug( LDAP_DEBUG_FILTER, "LE\n", 0, 0, 0 );
952 err = get_ava( op, ber, (Filter *)&vrf, SLAP_MR_ORDERING, text );
953 if ( err != LDAP_SUCCESS ) {
958 case LDAP_FILTER_PRESENT: {
961 Debug( LDAP_DEBUG_FILTER, "PRESENT\n", 0, 0, 0 );
962 if ( ber_scanf( ber, "m", &type ) == LBER_ERROR ) {
963 err = SLAPD_DISCONNECT;
964 *text = "error decoding filter";
969 err = slap_bv2ad( &type, &vrf.vrf_desc, text );
971 if( err != LDAP_SUCCESS ) {
972 vrf.vrf_choice |= SLAPD_FILTER_UNDEFINED;
973 err = slap_bv2undef_ad( &type, &vrf.vrf_desc, text,
976 if( err != LDAP_SUCCESS ) {
977 /* unrecognized attribute description or other error */
978 Debug( LDAP_DEBUG_ANY,
979 "get_simple_vrFilter: conn %lu unknown "
980 "attribute type=%s (%d)\n",
981 op->o_connid, type.bv_val, err );
983 vrf.vrf_choice = SLAPD_FILTER_COMPUTED;
984 vrf.vrf_result = LDAP_COMPARE_FALSE;
991 case LDAP_FILTER_APPROX:
992 Debug( LDAP_DEBUG_FILTER, "APPROX\n", 0, 0, 0 );
993 err = get_ava( op, ber, (Filter *)&vrf, SLAP_MR_EQUALITY_APPROX, text );
994 if ( err != LDAP_SUCCESS ) {
999 case LDAP_FILTER_EXT:
1000 Debug( LDAP_DEBUG_FILTER, "EXTENSIBLE\n", 0, 0, 0 );
1002 err = get_mra( op, ber, (Filter *)&vrf, text );
1003 if ( err != LDAP_SUCCESS ) {
1007 assert( vrf.vrf_mra != NULL );
1011 (void) ber_scanf( ber, "x" ); /* skip the element */
1012 Debug( LDAP_DEBUG_ANY, "get_simple_vrFilter: unknown filter type=%lu\n",
1013 vrf.vrf_choice, 0, 0 );
1014 vrf.vrf_choice = SLAPD_FILTER_COMPUTED;
1015 vrf.vrf_result = SLAPD_COMPARE_UNDEFINED;
1019 if ( err != LDAP_SUCCESS && err != SLAPD_DISCONNECT ) {
1021 vrf.vrf_choice = SLAPD_FILTER_COMPUTED;
1022 vrf.vrf_result = SLAPD_COMPARE_UNDEFINED;
1026 if ( err == LDAP_SUCCESS ) {
1027 *filt = op->o_tmpalloc( sizeof vrf, op->o_tmpmemctx );
1031 Debug( LDAP_DEBUG_FILTER, "end get_simple_vrFilter %d\n", err, 0, 0 );
1037 get_vrFilter( Operation *op, BerElement *ber,
1038 ValuesReturnFilter **vrf,
1042 * A ValuesReturnFilter looks like this:
1044 * ValuesReturnFilter ::= SEQUENCE OF SimpleFilterItem
1045 * SimpleFilterItem ::= CHOICE {
1046 * equalityMatch [3] AttributeValueAssertion,
1047 * substrings [4] SubstringFilter,
1048 * greaterOrEqual [5] AttributeValueAssertion,
1049 * lessOrEqual [6] AttributeValueAssertion,
1050 * present [7] AttributeType,
1051 * approxMatch [8] AttributeValueAssertion,
1052 * extensibleMatch [9] SimpleMatchingAssertion -- LDAPv3
1055 * SubstringFilter ::= SEQUENCE {
1056 * type AttributeType,
1057 * SEQUENCE OF CHOICE {
1058 * initial [0] IA5String,
1059 * any [1] IA5String,
1060 * final [2] IA5String
1064 * SimpleMatchingAssertion ::= SEQUENCE { -- LDAPv3
1065 * matchingRule [1] MatchingRuleId OPTIONAL,
1066 * type [2] AttributeDescription OPTIONAL,
1067 * matchValue [3] AssertionValue }
1070 ValuesReturnFilter **n;
1075 Debug( LDAP_DEBUG_FILTER, "begin get_vrFilter\n", 0, 0, 0 );
1077 tag = ber_peek_tag( ber, &len );
1079 if( tag == LBER_ERROR ) {
1080 *text = "error decoding vrFilter";
1081 return SLAPD_DISCONNECT;
1084 if( tag != LBER_SEQUENCE ) {
1085 *text = "error decoding vrFilter, expect SEQUENCE tag";
1086 return SLAPD_DISCONNECT;
1090 for ( tag = ber_first_element( ber, &len, &last );
1091 tag != LBER_DEFAULT;
1092 tag = ber_next_element( ber, &len, last ) )
1094 int err = get_simple_vrFilter( op, ber, n, text );
1096 if ( err != LDAP_SUCCESS ) return( err );
1098 n = &(*n)->vrf_next;
1102 Debug( LDAP_DEBUG_FILTER, "end get_vrFilter\n", 0, 0, 0 );
1103 return( LDAP_SUCCESS );
1107 vrFilter_free( Operation *op, ValuesReturnFilter *vrf )
1109 ValuesReturnFilter *p, *next;
1111 if ( vrf == NULL ) {
1115 for ( p = vrf; p != NULL; p = next ) {
1118 switch ( vrf->vrf_choice & SLAPD_FILTER_MASK ) {
1119 case LDAP_FILTER_PRESENT:
1122 case LDAP_FILTER_EQUALITY:
1123 case LDAP_FILTER_GE:
1124 case LDAP_FILTER_LE:
1125 case LDAP_FILTER_APPROX:
1126 ava_free( op, vrf->vrf_ava, 1 );
1129 case LDAP_FILTER_SUBSTRINGS:
1130 if ( vrf->vrf_sub_initial.bv_val != NULL ) {
1131 op->o_tmpfree( vrf->vrf_sub_initial.bv_val, op->o_tmpmemctx );
1133 ber_bvarray_free_x( vrf->vrf_sub_any, op->o_tmpmemctx );
1134 if ( vrf->vrf_sub_final.bv_val != NULL ) {
1135 op->o_tmpfree( vrf->vrf_sub_final.bv_val, op->o_tmpmemctx );
1137 op->o_tmpfree( vrf->vrf_sub, op->o_tmpmemctx );
1140 case LDAP_FILTER_EXT:
1141 mra_free( op, vrf->vrf_mra, 1 );
1144 case SLAPD_FILTER_COMPUTED:
1148 Debug( LDAP_DEBUG_ANY, "filter_free: unknown filter type=%lu\n",
1149 vrf->vrf_choice, 0, 0 );
1153 op->o_tmpfree( vrf, op->o_tmpmemctx );
1158 vrFilter2bv( Operation *op, ValuesReturnFilter *vrf, struct berval *fstr )
1160 ValuesReturnFilter *p;
1164 if ( vrf == NULL ) {
1165 ber_str2bv_x( "No filter!", STRLENOF("No filter!"),
1166 1, fstr, op->o_tmpmemctx );
1170 fstr->bv_len = STRLENOF("()");
1171 fstr->bv_val = op->o_tmpalloc( fstr->bv_len + 128, op->o_tmpmemctx );
1173 snprintf( fstr->bv_val, fstr->bv_len + 1, "()");
1175 for ( p = vrf; p != NULL; p = p->vrf_next ) {
1178 simple_vrFilter2bv( op, p, &tmp );
1180 fstr->bv_len += tmp.bv_len;
1181 fstr->bv_val = op->o_tmprealloc( fstr->bv_val, fstr->bv_len + 1,
1184 snprintf( &fstr->bv_val[len-1], tmp.bv_len + 2,
1185 /*"("*/ "%s)", tmp.bv_val );
1187 op->o_tmpfree( tmp.bv_val, op->o_tmpmemctx );
1192 simple_vrFilter2bv( Operation *op, ValuesReturnFilter *vrf, struct berval *fstr )
1198 if ( vrf == NULL ) {
1199 ber_str2bv_x( "No filter!", STRLENOF("No filter!"), 1, fstr,
1203 undef = vrf->vrf_choice & SLAPD_FILTER_UNDEFINED;
1205 switch ( vrf->vrf_choice & SLAPD_FILTER_MASK ) {
1206 case LDAP_FILTER_EQUALITY:
1207 filter_escape_value_x( &vrf->vrf_av_value, &tmp, op->o_tmpmemctx );
1209 fstr->bv_len = vrf->vrf_av_desc->ad_cname.bv_len +
1210 tmp.bv_len + STRLENOF("(=)");
1211 if ( undef ) fstr->bv_len++;
1212 fstr->bv_val = op->o_tmpalloc( fstr->bv_len + 1, op->o_tmpmemctx );
1214 snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s=%s)",
1215 vrf->vrf_av_desc->ad_cname.bv_val,
1218 ber_memfree_x( tmp.bv_val, op->o_tmpmemctx );
1221 case LDAP_FILTER_GE:
1222 filter_escape_value_x( &vrf->vrf_av_value, &tmp, op->o_tmpmemctx );
1224 fstr->bv_len = vrf->vrf_av_desc->ad_cname.bv_len +
1225 tmp.bv_len + STRLENOF("(>=)");
1226 if ( undef ) fstr->bv_len++;
1227 fstr->bv_val = op->o_tmpalloc( fstr->bv_len + 1, op->o_tmpmemctx );
1229 snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s>=%s)",
1230 vrf->vrf_av_desc->ad_cname.bv_val,
1233 ber_memfree_x( tmp.bv_val, op->o_tmpmemctx );
1236 case LDAP_FILTER_LE:
1237 filter_escape_value_x( &vrf->vrf_av_value, &tmp, op->o_tmpmemctx );
1239 fstr->bv_len = vrf->vrf_av_desc->ad_cname.bv_len +
1240 tmp.bv_len + STRLENOF("(<=)");
1241 if ( undef ) fstr->bv_len++;
1242 fstr->bv_val = op->o_tmpalloc( fstr->bv_len + 1, op->o_tmpmemctx );
1244 snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s<=%s)",
1245 vrf->vrf_av_desc->ad_cname.bv_val,
1248 ber_memfree_x( tmp.bv_val, op->o_tmpmemctx );
1251 case LDAP_FILTER_APPROX:
1252 filter_escape_value_x( &vrf->vrf_av_value, &tmp, op->o_tmpmemctx );
1254 fstr->bv_len = vrf->vrf_av_desc->ad_cname.bv_len +
1255 tmp.bv_len + STRLENOF("(~=)");
1256 if ( undef ) fstr->bv_len++;
1257 fstr->bv_val = op->o_tmpalloc( fstr->bv_len + 1, op->o_tmpmemctx );
1259 snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s~=%s)",
1260 vrf->vrf_av_desc->ad_cname.bv_val,
1262 ber_memfree_x( tmp.bv_val, op->o_tmpmemctx );
1265 case LDAP_FILTER_SUBSTRINGS:
1266 fstr->bv_len = vrf->vrf_sub_desc->ad_cname.bv_len +
1268 if ( undef ) fstr->bv_len++;
1269 fstr->bv_val = op->o_tmpalloc( fstr->bv_len + 128, op->o_tmpmemctx );
1271 snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s=*)",
1272 vrf->vrf_sub_desc->ad_cname.bv_val );
1274 if ( vrf->vrf_sub_initial.bv_val != NULL ) {
1277 filter_escape_value_x( &vrf->vrf_sub_initial, &tmp, op->o_tmpmemctx );
1279 fstr->bv_len += tmp.bv_len;
1280 fstr->bv_val = op->o_tmprealloc( fstr->bv_val, fstr->bv_len + 1,
1283 snprintf( &fstr->bv_val[len-2], tmp.bv_len+3,
1284 /* "(attr=" */ "%s*)",
1287 ber_memfree_x( tmp.bv_val, op->o_tmpmemctx );
1290 if ( vrf->vrf_sub_any != NULL ) {
1292 for ( i = 0; vrf->vrf_sub_any[i].bv_val != NULL; i++ ) {
1294 filter_escape_value_x( &vrf->vrf_sub_any[i], &tmp,
1297 fstr->bv_len += tmp.bv_len + 1;
1298 fstr->bv_val = op->o_tmprealloc( fstr->bv_val,
1299 fstr->bv_len + 1, op->o_tmpmemctx );
1301 snprintf( &fstr->bv_val[len-1], tmp.bv_len+3,
1302 /* "(attr=[init]*[any*]" */ "%s*)",
1304 ber_memfree_x( tmp.bv_val, op->o_tmpmemctx );
1308 if ( vrf->vrf_sub_final.bv_val != NULL ) {
1311 filter_escape_value_x( &vrf->vrf_sub_final, &tmp, op->o_tmpmemctx );
1313 fstr->bv_len += tmp.bv_len;
1314 fstr->bv_val = op->o_tmprealloc( fstr->bv_val, fstr->bv_len + 1,
1317 snprintf( &fstr->bv_val[len-1], tmp.bv_len+3,
1318 /* "(attr=[init*][any*]" */ "%s)",
1321 ber_memfree_x( tmp.bv_val, op->o_tmpmemctx );
1326 case LDAP_FILTER_PRESENT:
1327 fstr->bv_len = vrf->vrf_desc->ad_cname.bv_len +
1329 if ( undef ) fstr->bv_len++;
1330 fstr->bv_val = op->o_tmpalloc( fstr->bv_len + 1, op->o_tmpmemctx );
1332 snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s=*)",
1333 vrf->vrf_desc->ad_cname.bv_val );
1336 case LDAP_FILTER_EXT: {
1338 filter_escape_value_x( &vrf->vrf_mr_value, &tmp, op->o_tmpmemctx );
1340 if ( vrf->vrf_mr_desc ) {
1341 ad = vrf->vrf_mr_desc->ad_cname;
1347 fstr->bv_len = ad.bv_len +
1348 ( vrf->vrf_mr_dnattrs ? STRLENOF(":dn") : 0 ) +
1349 ( vrf->vrf_mr_rule_text.bv_len
1350 ? vrf->vrf_mr_rule_text.bv_len+1 : 0 ) +
1351 tmp.bv_len + STRLENOF("(:=)");
1352 if ( undef ) fstr->bv_len++;
1353 fstr->bv_val = op->o_tmpalloc( fstr->bv_len + 1, op->o_tmpmemctx );
1355 snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s%s%s%s:=%s)",
1357 vrf->vrf_mr_dnattrs ? ":dn" : "",
1358 vrf->vrf_mr_rule_text.bv_len ? ":" : "",
1359 vrf->vrf_mr_rule_text.bv_len ? vrf->vrf_mr_rule_text.bv_val : "",
1362 ber_memfree_x( tmp.bv_val, op->o_tmpmemctx );
1365 case SLAPD_FILTER_COMPUTED:
1367 vrf->vrf_result == LDAP_COMPARE_FALSE ? "(?=false)" :
1368 vrf->vrf_result == LDAP_COMPARE_TRUE ? "(?=true)" :
1369 vrf->vrf_result == SLAPD_COMPARE_UNDEFINED
1370 ? "(?=undefined)" : "(?=error)",
1371 vrf->vrf_result == LDAP_COMPARE_FALSE ? STRLENOF("(?=false)") :
1372 vrf->vrf_result == LDAP_COMPARE_TRUE ? STRLENOF("(?=true)") :
1373 vrf->vrf_result == SLAPD_COMPARE_UNDEFINED
1374 ? STRLENOF("(?=undefined)") : STRLENOF("(?=error)"),
1375 1, fstr, op->o_tmpmemctx );
1379 ber_str2bv_x( "(?=unknown)", STRLENOF("(?=unknown)"),
1380 1, fstr, op->o_tmpmemctx );
projects / openldap / blob