1 /* filter.c - routines for parsing and dealing with filters */
4 * Copyright 1998-2000 The OpenLDAP Foundation, All Rights Reserved.
5 * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
12 #include <ac/socket.h>
13 #include <ac/string.h>
17 static int get_filter_list(
24 static int get_substring_filter(
45 Debug( LDAP_DEBUG_FILTER, "begin get_filter\n", 0, 0, 0 );
48 * A filter looks like this coming in:
50 * and [0] SET OF Filter,
51 * or [1] SET OF Filter,
53 * equalityMatch [3] AttributeValueAssertion,
54 * substrings [4] SubstringFilter,
55 * greaterOrEqual [5] AttributeValueAssertion,
56 * lessOrEqual [6] AttributeValueAssertion,
57 * present [7] AttributeType,,
58 * approxMatch [8] AttributeValueAssertion
59 * extensibleMatch [9] MatchingRuleAssertion
62 * SubstringFilter ::= SEQUENCE {
64 * SEQUENCE OF CHOICE {
65 * initial [0] IA5String,
71 * MatchingRuleAssertion ::= SEQUENCE {
72 * matchingRule [1] MatchingRuleId OPTIONAL,
73 * type [2] AttributeDescription OPTIONAL,
74 * matchValue [3] AssertionValue,
75 * dnAttributes [4] BOOLEAN DEFAULT FALSE
80 tag = ber_peek_tag( ber, &len );
82 if( tag == LBER_ERROR ) {
83 *text = "error decoding filter";
84 return SLAPD_DISCONNECT;
87 f = (Filter *) ch_malloc( sizeof(Filter) );
94 switch ( f->f_choice ) {
95 case LDAP_FILTER_EQUALITY:
96 Debug( LDAP_DEBUG_FILTER, "EQUALITY\n", 0, 0, 0 );
98 #ifdef SLAPD_SCHEMA_NOT_COMPAT
99 err = get_ava( ber, &f->f_ava, SLAP_MR_EQUALITY, text );
101 err = get_ava( ber, &f->f_ava, text );
103 if ( err != LDAP_SUCCESS ) {
107 #ifdef SLAPD_SCHEMA_NOT_COMPAT
108 assert( f->f_ava != NULL );
110 *fstr = ch_malloc( sizeof("(=)")
111 + f->f_av_desc->ad_cname->bv_len
112 + f->f_av_value->bv_len );
114 sprintf( *fstr, "(%s=%s)",
115 f->f_av_desc->ad_cname->bv_val,
116 f->f_av_value->bv_val );
119 *fstr = ch_malloc( sizeof("(=)")
120 + strlen( f->f_avtype )
121 + f->f_avvalue.bv_len);
122 sprintf( *fstr, "(%s=%s)", f->f_avtype,
123 f->f_avvalue.bv_val );
127 case LDAP_FILTER_SUBSTRINGS:
128 Debug( LDAP_DEBUG_FILTER, "SUBSTRINGS\n", 0, 0, 0 );
129 err = get_substring_filter( conn, ber, f, fstr, text );
133 Debug( LDAP_DEBUG_FILTER, "GE\n", 0, 0, 0 );
135 #ifdef SLAPD_SCHEMA_NOT_COMPAT
136 err = get_ava( ber, &f->f_ava, SLAP_MR_ORDERING, text );
138 err = get_ava( ber, &f->f_ava, text );
140 if ( err != LDAP_SUCCESS ) {
144 #ifdef SLAPD_SCHEMA_NOT_COMPAT
145 *fstr = ch_malloc( sizeof("(>=)")
146 + f->f_av_desc->ad_cname->bv_len
147 + f->f_av_value->bv_len );
149 sprintf( *fstr, "(%s>=%s)",
150 f->f_av_desc->ad_cname->bv_val,
151 f->f_av_value->bv_val );
154 *fstr = ch_malloc( sizeof("(>=)")
155 + strlen( f->f_avtype )
156 + f->f_avvalue.bv_len);
157 sprintf( *fstr, "(%s>=%s)", f->f_avtype,
158 f->f_avvalue.bv_val );
163 Debug( LDAP_DEBUG_FILTER, "LE\n", 0, 0, 0 );
165 #ifdef SLAPD_SCHEMA_NOT_COMPAT
166 err = get_ava( ber, &f->f_ava, SLAP_MR_ORDERING, text );
168 err = get_ava( ber, &f->f_ava, text );
170 if ( err != LDAP_SUCCESS ) {
175 #ifdef SLAPD_SCHEMA_NOT_COMPAT
176 *fstr = ch_malloc( sizeof("(<=)")
177 + f->f_av_desc->ad_cname->bv_len
178 + f->f_av_value->bv_len );
180 sprintf( *fstr, "(%s<=%s)",
181 f->f_av_desc->ad_cname->bv_val,
182 f->f_av_value->bv_val );
185 *fstr = ch_malloc( sizeof("(<=)")
186 + strlen( f->f_avtype )
187 + f->f_avvalue.bv_len);
188 sprintf( *fstr, "(%s<=%s)", f->f_avtype,
189 f->f_avvalue.bv_val );
193 case LDAP_FILTER_PRESENT: {
196 Debug( LDAP_DEBUG_FILTER, "PRESENT\n", 0, 0, 0 );
198 if ( ber_scanf( ber, "o", &type ) == LBER_ERROR ) {
199 err = SLAPD_DISCONNECT;
200 *text = "error decoding filter";
204 #ifdef SLAPD_SCHEMA_NOT_COMPAT
206 err = slap_bv2ad( &type, &f->f_desc, text );
208 if( err != LDAP_SUCCESS ) {
209 ch_free( type.bv_val );
213 ch_free( type.bv_val );
215 *fstr = ch_malloc( sizeof("(=*)")
216 + f->f_desc->ad_cname->bv_len );
217 sprintf( *fstr, "(%s=*)",
218 f->f_desc->ad_cname->bv_val );
221 f->f_type = type.bv_val;
223 attr_normalize( f->f_type );
224 *fstr = ch_malloc( sizeof("(=*)")
225 + strlen( f->f_type ) );
226 sprintf( *fstr, "(%s=*)", f->f_type );
230 case LDAP_FILTER_APPROX:
231 Debug( LDAP_DEBUG_FILTER, "APPROX\n", 0, 0, 0 );
233 #ifdef SLAPD_SCHEMA_NOT_COMPAT
234 err = get_ava( ber, &f->f_ava, SLAP_MR_EQUALITY_APPROX, text );
236 err = get_ava( ber, &f->f_ava, text );
238 if ( err != LDAP_SUCCESS ) {
242 #ifdef SLAPD_SCHEMA_NOT_COMPAT
243 *fstr = ch_malloc( sizeof("(~=)")
244 + f->f_av_desc->ad_cname->bv_len
245 + f->f_av_value->bv_len );
247 sprintf( *fstr, "(%s~=%s)",
248 f->f_av_desc->ad_cname->bv_val,
249 f->f_av_value->bv_val );
252 *fstr = ch_malloc( sizeof("(~=)")
253 + strlen( f->f_avtype )
254 + f->f_avvalue.bv_len);
255 sprintf( *fstr, "(%s~=%s)", f->f_avtype,
256 f->f_avvalue.bv_val );
260 case LDAP_FILTER_AND:
261 Debug( LDAP_DEBUG_FILTER, "AND\n", 0, 0, 0 );
262 err = get_filter_list( conn, ber, &f->f_and, &ftmp, text );
263 if ( err != LDAP_SUCCESS ) {
266 *fstr = ch_malloc( sizeof("(&)")
267 + ( ftmp == NULL ? 0 : strlen( ftmp ) ) );
268 sprintf( *fstr, "(&%s)",
269 ftmp == NULL ? "" : ftmp );
273 Debug( LDAP_DEBUG_FILTER, "OR\n", 0, 0, 0 );
274 err = get_filter_list( conn, ber, &f->f_and, &ftmp, text );
275 if ( err != LDAP_SUCCESS ) {
278 *fstr = ch_malloc( sizeof("(!)")
279 + ( ftmp == NULL ? 0 : strlen( ftmp ) ) );
280 sprintf( *fstr, "(|%s)",
281 ftmp == NULL ? "" : ftmp );
284 case LDAP_FILTER_NOT:
285 Debug( LDAP_DEBUG_FILTER, "NOT\n", 0, 0, 0 );
286 (void) ber_skip_tag( ber, &len );
287 err = get_filter( conn, ber, &f->f_not, &ftmp, text );
288 if ( err != LDAP_SUCCESS ) {
291 *fstr = ch_malloc( sizeof("(!)")
292 + ( ftmp == NULL ? 0 : strlen( ftmp ) ) );
293 sprintf( *fstr, "(!%s)",
294 ftmp == NULL ? "" : ftmp );
297 case LDAP_FILTER_EXT:
298 /* not yet implemented */
299 Debug( LDAP_DEBUG_ANY, "extensible match not yet implemented.\n",
301 f->f_choice = SLAPD_FILTER_COMPUTED;
302 f->f_result = SLAPD_COMPARE_UNDEFINED;
303 *fstr = ch_strdup( "(extended)" );
307 Debug( LDAP_DEBUG_ANY, "get_filter: unknown filter type=%lu\n",
309 f->f_choice = SLAPD_FILTER_COMPUTED;
310 f->f_result = SLAPD_COMPARE_UNDEFINED;
311 *fstr = ch_strdup( "(undefined)" );
315 if ( err != LDAP_SUCCESS ) {
317 if ( *fstr != NULL ) {
326 Debug( LDAP_DEBUG_FILTER, "end get_filter %d\n", err, 0, 0 );
331 get_filter_list( Connection *conn, BerElement *ber,
332 Filter **f, char **fstr,
341 Debug( LDAP_DEBUG_FILTER, "begin get_filter_list\n", 0, 0, 0 );
345 for ( tag = ber_first_element( ber, &len, &last ); tag != LBER_DEFAULT;
346 tag = ber_next_element( ber, &len, last ) )
348 err = get_filter( conn, ber, new, &ftmp, text );
349 if ( err != LDAP_SUCCESS )
352 if ( *fstr == NULL ) {
355 *fstr = ch_realloc( *fstr, strlen( *fstr ) +
356 strlen( ftmp ) + 1 );
357 strcat( *fstr, ftmp );
360 new = &(*new)->f_next;
364 Debug( LDAP_DEBUG_FILTER, "end get_filter_list\n", 0, 0, 0 );
365 return( LDAP_SUCCESS );
369 get_substring_filter(
380 struct berval *value;
383 #ifdef SLAPD_SCHEMA_NOT_COMPAT
384 struct berval *nvalue;
388 *text = "error decoding filter";
390 Debug( LDAP_DEBUG_FILTER, "begin get_substring_filter\n", 0, 0, 0 );
392 if ( ber_scanf( ber, "{o" /*}*/, &type ) == LBER_ERROR ) {
393 return SLAPD_DISCONNECT;
396 #ifdef SLAPD_SCHEMA_NOT_COMPAT
397 f->f_sub_desc = NULL;
398 rc = slap_bv2ad( &type, &f->f_sub_desc, text );
400 ch_free( type.bv_val );
402 if( rc != LDAP_SUCCESS ) {
404 f->f_choice = SLAPD_FILTER_COMPUTED;
405 f->f_result = SLAPD_COMPARE_UNDEFINED;
406 *fstr = ch_strdup( "(undefined)" );
410 f->f_sub_type = type.bv_val;
411 attr_normalize( f->f_sub_type );
413 /* should get real syntax and see if we have a substring matching rule */
414 syntax = attr_syntax( f->f_sub_type );
417 f->f_sub_initial = NULL;
419 f->f_sub_final = NULL;
421 #ifdef SLAPD_SCHEMA_NOT_COMPAT
423 *fstr = ch_malloc( sizeof("(=" /*)*/) +
424 f->f_sub_desc->ad_cname->bv_len );
425 sprintf( *fstr, "(%s=" /*)*/, f->f_sub_desc->ad_cname->bv_val );
429 *fstr = ch_malloc( strlen( f->f_sub_type ) + 3 );
430 sprintf( *fstr, "(%s=" /*)*/, f->f_sub_type );
434 for ( tag = ber_first_element( ber, &len, &last ); tag != LBER_DEFAULT;
435 tag = ber_next_element( ber, &len, last ) )
437 #ifdef SLAPD_SCHEMA_NOT_COMPAT
441 rc = ber_scanf( ber, "O", &value );
442 if ( rc == LBER_ERROR ) {
443 rc = SLAPD_DISCONNECT;
447 if ( value == NULL || value->bv_len == 0 ) {
449 rc = LDAP_INVALID_SYNTAX;
453 #ifdef SLAPD_SCHEMA_NOT_COMPAT
455 case LDAP_SUBSTRING_INITIAL:
456 usage = SLAP_MR_SUBSTR_INITIAL;
459 case LDAP_SUBSTRING_ANY:
460 usage = SLAP_MR_SUBSTR_ANY;
463 case LDAP_SUBSTRING_FINAL:
464 usage = SLAP_MR_SUBSTR_FINAL;
468 rc = LDAP_PROTOCOL_ERROR;
470 Debug( LDAP_DEBUG_FILTER,
471 " unknown substring choice=%ld\n",
478 rc = value_normalize( f->f_sub_desc, usage, value, &nvalue, text );
481 if( rc != LDAP_SUCCESS ) {
488 /* we should call a substring syntax normalization routine */
489 value_normalize( value->bv_val, syntax );
490 /* this is bogus, value_normalize should take a berval */
491 value->bv_len = strlen( value->bv_val );
494 rc = LDAP_PROTOCOL_ERROR;
497 case LDAP_SUBSTRING_INITIAL:
498 Debug( LDAP_DEBUG_FILTER, " INITIAL\n", 0, 0, 0 );
499 if ( f->f_sub_initial != NULL ) {
504 f->f_sub_initial = value;
507 *fstr = ch_realloc( *fstr,
508 strlen( *fstr ) + value->bv_len + 1 );
509 strcat( *fstr, value->bv_val );
513 case LDAP_SUBSTRING_ANY:
514 Debug( LDAP_DEBUG_FILTER, " ANY\n", 0, 0, 0 );
515 if( ber_bvecadd( &f->f_sub_any, value ) < 0 ) {
521 *fstr = ch_realloc( *fstr,
522 strlen( *fstr ) + value->bv_len + 2 );
523 strcat( *fstr, "*" );
524 strcat( *fstr, value->bv_val );
528 case LDAP_SUBSTRING_FINAL:
529 Debug( LDAP_DEBUG_FILTER, " FINAL\n", 0, 0, 0 );
530 if ( f->f_sub_final != NULL ) {
534 f->f_sub_final = value;
537 *fstr = ch_realloc( *fstr,
538 strlen( *fstr ) + value->bv_len + 2 );
539 strcat( *fstr, "*" );
540 strcat( *fstr, value->bv_val );
545 Debug( LDAP_DEBUG_FILTER,
546 " unknown substring type=%ld\n",
552 Debug( LDAP_DEBUG_FILTER, " error=%ld\n",
560 #ifdef SLAPD_SCHEMA_NOT_COMPAT
561 ad_free( f->f_sub_desc, 1 );
563 ch_free( f->f_sub_type );
565 ber_bvfree( f->f_sub_initial );
566 ber_bvecfree( f->f_sub_any );
567 ber_bvfree( f->f_sub_final );
573 *fstr = ch_realloc( *fstr, strlen( *fstr ) + 3 );
574 if ( f->f_sub_final == NULL ) {
575 strcat( *fstr, "*" );
577 strcat( *fstr, /*(*/ ")" );
580 Debug( LDAP_DEBUG_FILTER, "end get_substring_filter\n", 0, 0, 0 );
581 return( LDAP_SUCCESS );
585 filter_free( Filter *f )
593 switch ( f->f_choice ) {
594 case LDAP_FILTER_PRESENT:
595 #ifdef SLAPD_SCHEMA_NOT_COMPAT
596 ad_free( f->f_desc, 1 );
598 if ( f->f_type != NULL ) {
604 case LDAP_FILTER_EQUALITY:
607 case LDAP_FILTER_APPROX:
608 #ifdef SLAPD_SCHEMA_NOT_COMPAT
609 ava_free( f->f_ava, 1 );
611 ava_free( &f->f_ava, 0 );
615 case LDAP_FILTER_SUBSTRINGS:
616 #ifdef SLAPD_SCHEMA_NOT_COMPAT
617 ad_free( f->f_sub_desc, 1 );
618 if ( f->f_sub_initial != NULL ) {
619 ber_bvfree( f->f_sub_initial );
621 ber_bvecfree( f->f_sub_any );
622 if ( f->f_sub_final != NULL ) {
623 ber_bvfree( f->f_sub_final );
626 if ( f->f_sub_type != NULL ) {
627 free( f->f_sub_type );
629 if ( f->f_sub_initial != NULL ) {
630 ber_bvfree( f->f_sub_initial );
632 ber_bvecfree( f->f_sub_any );
633 if ( f->f_sub_final != NULL ) {
634 ber_bvfree( f->f_sub_final );
639 case LDAP_FILTER_AND:
641 case LDAP_FILTER_NOT:
642 for ( p = f->f_list; p != NULL; p = next ) {
648 case SLAPD_FILTER_COMPUTED:
652 Debug( LDAP_DEBUG_ANY, "filter_free: unknown filter type=%lu\n",
663 filter_print( Filter *f )
669 fprintf( stderr, "No filter!" );
672 switch ( f->f_choice ) {
673 case LDAP_FILTER_EQUALITY:
674 #ifdef SLAPD_SCHEMA_NOT_COMPAT
675 fprintf( stderr, "(%s=%s)",
676 f->f_av_desc->ad_cname->bv_val,
677 f->f_av_value->bv_val );
679 fprintf( stderr, "(%s=%s)",
681 f->f_ava.ava_value.bv_val );
686 #ifdef SLAPD_SCHEMA_NOT_COMPAT
687 fprintf( stderr, "(%s>=%s)",
688 f->f_av_desc->ad_cname->bv_val,
689 f->f_av_value->bv_val );
691 fprintf( stderr, "(%s>=%s)",
693 f->f_ava.ava_value.bv_val );
698 #ifdef SLAPD_SCHEMA_NOT_COMPAT
699 fprintf( stderr, "(%s<=%s)",
700 f->f_ava->aa_desc->ad_cname->bv_val,
701 f->f_ava->aa_value->bv_val );
703 fprintf( stderr, "(%s<=%s)",
705 f->f_ava.ava_value.bv_val );
709 case LDAP_FILTER_APPROX:
710 #ifdef SLAPD_SCHEMA_NOT_COMPAT
711 fprintf( stderr, "(%s~=%s)",
712 f->f_ava->aa_desc->ad_cname->bv_val,
713 f->f_ava->aa_value->bv_val );
715 fprintf( stderr, "(%s~=%s)",
717 f->f_ava.ava_value.bv_val );
721 case LDAP_FILTER_SUBSTRINGS:
722 #ifdef SLAPD_SCHEMA_NOT_COMPAT
723 fprintf( stderr, "(%s=" /*)*/,
724 f->f_sub_desc->ad_cname->bv_val );
726 fprintf( stderr, "(%s=" /*)*/,
729 if ( f->f_sub_initial != NULL ) {
730 fprintf( stderr, "%s",
731 f->f_sub_initial->bv_val );
733 if ( f->f_sub_any != NULL ) {
734 for ( i = 0; f->f_sub_any[i] != NULL; i++ ) {
735 fprintf( stderr, "*%s",
736 f->f_sub_any[i]->bv_val );
739 if ( f->f_sub_final != NULL ) {
741 "*%s", f->f_sub_final->bv_val );
743 fprintf( stderr, /*(*/ ")" );
746 case LDAP_FILTER_PRESENT:
747 #ifdef SLAPD_SCHEMA_NOT_COMPAT
748 fprintf( stderr, "(%s=*)",
749 f->f_desc->ad_cname->bv_val );
751 fprintf( stderr, "(%s=*)",
756 case LDAP_FILTER_AND:
758 case LDAP_FILTER_NOT:
759 fprintf( stderr, "(%c" /*)*/,
760 f->f_choice == LDAP_FILTER_AND ? '&' :
761 f->f_choice == LDAP_FILTER_OR ? '|' : '!' );
762 for ( p = f->f_list; p != NULL; p = p->f_next ) {
765 fprintf( stderr, /*(*/ ")" );
768 case SLAPD_FILTER_COMPUTED:
769 fprintf( stderr, "(?=%s)",
770 f->f_result == LDAP_COMPARE_FALSE ? "false" :
771 f->f_result == LDAP_COMPARE_TRUE ? "true" :
772 f->f_result == SLAPD_COMPARE_UNDEFINED ? "undefined" :
777 fprintf( stderr, "(unknown-filter=%lu)", f->f_choice );
782 #endif /* ldap_debug */