git.sur5r.net Git - openldap/blob - servers/slapd/filterentry.c

   1 /* filterentry.c - apply a filter to an entry */
   2 /* $OpenLDAP$ */
   3 /*
   4  * Copyright 1998-2000 The OpenLDAP Foundation, All Rights Reserved.
   5  * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
   6  */
   7
   8 #include "portable.h"
   9
  10 #include <stdio.h>
  11
  12 #include <ac/socket.h>
  13 #include <ac/string.h>
  14
  15
  16 #include "slap.h"
  17
  18 static int      test_filter_and( Backend *be,
  19         Connection *conn, Operation *op,
  20         Entry *e, Filter *flist );
  21 static int      test_filter_or( Backend *be,
  22         Connection *conn, Operation *op,
  23         Entry *e, Filter *flist );
  24 static int      test_substrings_filter( Backend *be,
  25         Connection *conn, Operation *op,
  26         Entry *e, Filter *f);
  27 static int      test_ava_filter( Backend *be,
  28         Connection *conn, Operation *op,
  29         Entry *e, AttributeAssertion *ava, int type );
  30 static int      test_mra_filter( Backend *be,
  31         Connection *conn, Operation *op,
  32         Entry *e, MatchingRuleAssertion *mra );
  33 static int      test_presence_filter( Backend *be,
  34         Connection *conn, Operation *op,
  35         Entry *e, AttributeDescription *desc );
  36
  37
  38 /*
  39  * test_filter - test a filter against a single entry.
  40  * returns:
  41  *              LDAP_COMPARE_TRUE               filter matched
  42  *              LDAP_COMPARE_FALSE              filter did not match
  43  *              SLAPD_COMPARE_UNDEFINED filter is undefined
  44  *      or an ldap result code indicating error
  45  */
  46
  47 int
  48 test_filter(
  49     Backend     *be,
  50     Connection  *conn,
  51     Operation   *op,
  52     Entry       *e,
  53     Filter      *f
  54 )
  55 {
  56         int     rc;
  57
  58 #ifdef NEW_LOGGING
  59         LDAP_LOG(( "filter", LDAP_LEVEL_ENTRY,
  60                    "test_filter: begin\n" ));
  61 #else
  62         Debug( LDAP_DEBUG_FILTER, "=> test_filter\n", 0, 0, 0 );
  63 #endif
  64
  65
  66         switch ( f->f_choice ) {
  67         case SLAPD_FILTER_COMPUTED:
  68 #ifdef NEW_LOGGING
  69                 LDAP_LOG(( "filter", LDAP_LEVEL_DETAIL1,
  70                            "test_filter:   COMPUTED %s (%d)\n",
  71                            f->f_result == LDAP_COMPARE_FALSE ? "false" :
  72                            f->f_result == LDAP_COMPARE_TRUE      ? "true"  :
  73                            f->f_result == SLAPD_COMPARE_UNDEFINED ? "undefined" :
  74                            "error",
  75                            f->f_result ));
  76 #else
  77                 Debug( LDAP_DEBUG_FILTER, "    COMPUTED %s (%d)\n",
  78                         f->f_result == LDAP_COMPARE_FALSE ? "false" :
  79                         f->f_result == LDAP_COMPARE_TRUE ? "true" :
  80                         f->f_result == SLAPD_COMPARE_UNDEFINED ? "undefined" : "error",
  81                         f->f_result, 0 );
  82 #endif
  83
  84                 rc = f->f_result;
  85                 break;
  86
  87         case LDAP_FILTER_EQUALITY:
  88 #ifdef NEW_LOGGING
  89                 LDAP_LOG(( "filter", LDAP_LEVEL_DETAIL1,
  90                            "test_filter:   EQUALITY\n" ));
  91 #else
  92                 Debug( LDAP_DEBUG_FILTER, "    EQUALITY\n", 0, 0, 0 );
  93 #endif
  94
  95                 rc = test_ava_filter( be, conn, op, e, f->f_ava,
  96                     LDAP_FILTER_EQUALITY );
  97                 break;
  98
  99         case LDAP_FILTER_SUBSTRINGS:
 100 #ifdef NEW_LOGGING
 101                 LDAP_LOG(( "filter", LDAP_LEVEL_DETAIL1,
 102                            "test_filter  SUBSTRINGS\n" ));
 103 #else
 104                 Debug( LDAP_DEBUG_FILTER, "    SUBSTRINGS\n", 0, 0, 0 );
 105 #endif
 106
 107                 rc = test_substrings_filter( be, conn, op, e, f );
 108                 break;
 109
 110         case LDAP_FILTER_GE:
 111                 rc = test_ava_filter( be, conn, op, e, f->f_ava,
 112                     LDAP_FILTER_GE );
 113                 break;
 114
 115         case LDAP_FILTER_LE:
 116                 rc = test_ava_filter( be, conn, op, e, f->f_ava,
 117                     LDAP_FILTER_LE );
 118                 break;
 119
 120         case LDAP_FILTER_PRESENT:
 121 #ifdef NEW_LOGGING
 122                 LDAP_LOG(( "filter", LDAP_LEVEL_DETAIL1,
 123                            "test_filter:        PRESENT\n" ));
 124 #else
 125                 Debug( LDAP_DEBUG_FILTER, "    PRESENT\n", 0, 0, 0 );
 126 #endif
 127
 128                 rc = test_presence_filter( be, conn, op, e, f->f_desc );
 129                 break;
 130
 131         case LDAP_FILTER_APPROX:
 132 #ifdef NEW_LOGGING
 133                 LDAP_LOG(( "filter", LDAP_LEVEL_DETAIL1,
 134                            "test_filter: APPROX\n" ));
 135 #else
 136                 Debug( LDAP_DEBUG_FILTER, "    APPROX\n", 0, 0, 0 );
 137 #endif
 138                 rc = test_ava_filter( be, conn, op, e, f->f_ava,
 139                     LDAP_FILTER_APPROX );
 140                 break;
 141
 142         case LDAP_FILTER_AND:
 143 #ifdef NEW_LOGGING
 144                 LDAP_LOG(( "filter", LDAP_LEVEL_DETAIL1,
 145                            "test_filter:  AND\n" ));
 146 #else
 147                 Debug( LDAP_DEBUG_FILTER, "    AND\n", 0, 0, 0 );
 148 #endif
 149
 150                 rc = test_filter_and( be, conn, op, e, f->f_and );
 151                 break;
 152
 153         case LDAP_FILTER_OR:
 154 #ifdef NEW_LOGGING
 155                 LDAP_LOG(( "filter", LDAP_LEVEL_DETAIL1,
 156                            "test_filter:        OR\n" ));
 157 #else
 158                 Debug( LDAP_DEBUG_FILTER, "    OR\n", 0, 0, 0 );
 159 #endif
 160
 161                 rc = test_filter_or( be, conn, op, e, f->f_or );
 162                 break;
 163
 164         case LDAP_FILTER_NOT:
 165 #ifdef NEW_LOGGING
 166                 LDAP_LOG(( "filter", LDAP_LEVEL_DETAIL1,
 167                            "test_filter:        NOT\n" ));
 168 #else
 169                 Debug( LDAP_DEBUG_FILTER, "    NOT\n", 0, 0, 0 );
 170 #endif
 171
 172                 rc = test_filter( be, conn, op, e, f->f_not );
 173
 174                 /* Flip true to false and false to true
 175                  * but leave Undefined alone.
 176                  */
 177                 switch( rc ) {
 178                 case LDAP_COMPARE_TRUE:
 179                         rc = LDAP_COMPARE_FALSE;
 180                         break;
 181                 case LDAP_COMPARE_FALSE:
 182                         rc = LDAP_COMPARE_TRUE;
 183                         break;
 184                 }
 185                 break;
 186
 187 #ifdef SLAPD_EXT_FILTERS
 188         case LDAP_FILTER_EXT:
 189 #ifdef NEW_LOGGING
 190                 LDAP_LOG(( "filter", LDAP_LEVEL_DETAIL1,
 191                            "test_filter:        EXT\n" ));
 192 #else
 193                 Debug( LDAP_DEBUG_FILTER, "    EXT\n", 0, 0, 0 );
 194 #endif
 195
 196                 rc = test_mra_filter( be, conn, op, e, f->f_mra );
 197                 break;
 198 #endif
 199
 200         default:
 201 #ifdef NEW_LOGGING
 202                 LDAP_LOG(( "filter", LDAP_LEVEL_INFO,
 203                            "test_filter:  unknown filter type %lu\n",
 204                        f->f_choice ));
 205 #else
 206                 Debug( LDAP_DEBUG_ANY, "    unknown filter type %lu\n",
 207                     f->f_choice, 0, 0 );
 208 #endif
 209
 210                 rc = LDAP_PROTOCOL_ERROR;
 211         }
 212
 213 #ifdef NEW_LOGGING
 214         LDAP_LOG(( "filter", LDAP_LEVEL_ENTRY,
 215                    "test_filter:  return=%d\n", rc ));
 216 #else
 217         Debug( LDAP_DEBUG_FILTER, "<= test_filter %d\n", rc, 0, 0 );
 218 #endif
 219
 220         return( rc );
 221 }
 222
 223
 224 static int
 225 test_ava_filter(
 226     Backend     *be,
 227     Connection  *conn,
 228     Operation   *op,
 229     Entry       *e,
 230         AttributeAssertion *ava,
 231     int         type
 232 )
 233 {
 234         int             i;
 235         Attribute       *a;
 236
 237         if ( be != NULL && ! access_allowed( be, conn, op, e,
 238                 ava->aa_desc, ava->aa_value, ACL_SEARCH ) )
 239         {
 240                 return LDAP_INSUFFICIENT_ACCESS;
 241         }
 242
 243         for(a = attrs_find( e->e_attrs, ava->aa_desc );
 244                 a != NULL;
 245                 a = attrs_find( a->a_next, ava->aa_desc ) )
 246         {
 247                 MatchingRule *mr;
 248
 249                 switch ( type ) {
 250                 case LDAP_FILTER_APPROX:
 251                         mr = a->a_desc->ad_type->sat_approx;
 252                         if( mr != NULL ) break;
 253
 254                         /* use EQUALITY matching rule if no APPROX rule */
 255
 256                 case LDAP_FILTER_EQUALITY:
 257                         mr = a->a_desc->ad_type->sat_equality;
 258                         break;
 259
 260                 case LDAP_FILTER_GE:
 261                 case LDAP_FILTER_LE:
 262                         mr = a->a_desc->ad_type->sat_ordering;
 263                         break;
 264
 265                 default:
 266                         mr = NULL;
 267                 }
 268
 269                 if( mr == NULL ) {
 270                         continue;
 271                 }
 272
 273                 for ( i = 0; a->a_vals[i] != NULL; i++ ) {
 274                         int ret;
 275                         int rc;
 276                         const char *text;
 277
 278                         rc = value_match( &ret, a->a_desc, mr, 0,
 279                                 a->a_vals[i], ava->aa_value,
 280                                 &text );
 281
 282                         if( rc != LDAP_SUCCESS ) {
 283                                 return rc;
 284                         }
 285
 286                         switch ( type ) {
 287                         case LDAP_FILTER_EQUALITY:
 288                         case LDAP_FILTER_APPROX:
 289                                 if ( ret == 0 ) {
 290                                         return LDAP_COMPARE_TRUE;
 291                                 }
 292                                 break;
 293
 294                         case LDAP_FILTER_GE:
 295                                 if ( ret >= 0 ) {
 296                                         return LDAP_COMPARE_TRUE;
 297                                 }
 298                                 break;
 299
 300                         case LDAP_FILTER_LE:
 301                                 if ( ret <= 0 ) {
 302                                         return LDAP_COMPARE_TRUE;
 303                                 }
 304                                 break;
 305                         }
 306                 }
 307         }
 308
 309         return( LDAP_COMPARE_FALSE );
 310 }
 311
 312
 313 static int
 314 test_presence_filter(
 315     Backend     *be,
 316     Connection  *conn,
 317     Operation   *op,
 318     Entry       *e,
 319         AttributeDescription *desc
 320 )
 321 {
 322         if ( be != NULL && ! access_allowed( be, conn, op, e,
 323                 desc, NULL, ACL_SEARCH ) )
 324         {
 325                 return LDAP_INSUFFICIENT_ACCESS;
 326         }
 327
 328         return attrs_find( e->e_attrs, desc ) != NULL
 329                 ? LDAP_COMPARE_TRUE : LDAP_COMPARE_FALSE;
 330 }
 331
 332
 333 static int
 334 test_filter_and(
 335     Backend     *be,
 336     Connection  *conn,
 337     Operation   *op,
 338     Entry       *e,
 339     Filter      *flist
 340 )
 341 {
 342         Filter  *f;
 343         int rtn = LDAP_COMPARE_TRUE; /* True if empty */
 344
 345 #ifdef NEW_LOGGING
 346         LDAP_LOG(( "filter", LDAP_LEVEL_ENTRY,
 347                    "test_filter_and: begin\n" ));
 348 #else
 349         Debug( LDAP_DEBUG_FILTER, "=> test_filter_and\n", 0, 0, 0 );
 350 #endif
 351
 352
 353         for ( f = flist; f != NULL; f = f->f_next ) {
 354                 int rc = test_filter( be, conn, op, e, f );
 355
 356                 if ( rc == LDAP_COMPARE_FALSE ) {
 357                         /* filter is False */
 358                         rtn = rc;
 359                         break;
 360                 }
 361
 362                 if ( rc != LDAP_COMPARE_TRUE ) {
 363                         /* filter is Undefined unless later elements are False */
 364                         rtn = rc;
 365                 }
 366         }
 367
 368 #ifdef NEW_LOGGING
 369         LDAP_LOG(( "filter", LDAP_LEVEL_ENTRY,
 370                    "test_filter_and:  rc=%d\n", rtn ));
 371 #else
 372         Debug( LDAP_DEBUG_FILTER, "<= test_filter_and %d\n", rtn, 0, 0 );
 373 #endif
 374
 375         return rtn;
 376 }
 377
 378 static int
 379 test_filter_or(
 380     Backend     *be,
 381     Connection  *conn,
 382     Operation   *op,
 383     Entry       *e,
 384     Filter      *flist
 385 )
 386 {
 387         Filter  *f;
 388         int rtn = LDAP_COMPARE_FALSE; /* False if empty */
 389
 390 #ifdef NEW_LOGGING
 391         LDAP_LOG(( "filter", LDAP_LEVEL_ENTRY,
 392                    "test_filter_or: begin\n" ));
 393 #else
 394         Debug( LDAP_DEBUG_FILTER, "=> test_filter_or\n", 0, 0, 0 );
 395 #endif
 396
 397
 398         for ( f = flist; f != NULL; f = f->f_next ) {
 399                 int rc = test_filter( be, conn, op, e, f );
 400
 401                 if ( rc == LDAP_COMPARE_TRUE ) {
 402                         /* filter is True */
 403                         rtn = rc;
 404                         break;
 405                 }
 406
 407                 if ( rc != LDAP_COMPARE_FALSE ) {
 408                         /* filter is Undefined unless later elements are True */
 409                         rtn = rc;
 410                 }
 411         }
 412
 413 #ifdef NEW_LOGGING
 414         LDAP_LOG(( "filter", LDAP_LEVEL_ENTRY,
 415                    "test_filter_or: result=%d\n", rtn ));
 416 #else
 417         Debug( LDAP_DEBUG_FILTER, "<= test_filter_or %d\n", rtn, 0, 0 );
 418 #endif
 419
 420         return rtn;
 421 }
 422
 423
 424 static int
 425 test_substrings_filter(
 426     Backend     *be,
 427     Connection  *conn,
 428     Operation   *op,
 429     Entry       *e,
 430     Filter      *f
 431 )
 432 {
 433         Attribute       *a;
 434
 435 #ifdef NEW_LOGGING
 436         LDAP_LOG(( "filter", LDAP_LEVEL_ENTRY,
 437                    "test_substrings_filter: begin\n" ));
 438 #else
 439         Debug( LDAP_DEBUG_FILTER, "begin test_substrings_filter\n", 0, 0, 0 );
 440 #endif
 441
 442
 443         if ( be != NULL && ! access_allowed( be, conn, op, e,
 444                 f->f_sub_desc, NULL, ACL_SEARCH ) )
 445         {
 446                 return LDAP_INSUFFICIENT_ACCESS;
 447         }
 448
 449         for(a = attrs_find( e->e_attrs, f->f_sub_desc );
 450                 a != NULL;
 451                 a = attrs_find( a->a_next, f->f_sub_desc ) )
 452         {
 453                 int i;
 454                 MatchingRule *mr = a->a_desc->ad_type->sat_substr;
 455
 456                 if( mr == NULL ) {
 457                         continue;
 458                 }
 459
 460                 for ( i = 0; a->a_vals[i] != NULL; i++ ) {
 461                         int ret;
 462                         int rc;
 463                         const char *text;
 464
 465                         rc = value_match( &ret, a->a_desc, mr, 0,
 466                                 a->a_vals[i], f->f_sub,
 467                                 &text );
 468
 469                         if( rc != LDAP_SUCCESS ) {
 470                                 return rc;
 471                         }
 472
 473                         if ( ret == 0 ) {
 474                                 return LDAP_COMPARE_TRUE;
 475                         }
 476                 }
 477         }
 478
 479 #ifdef NEW_LOGGING
 480         LDAP_LOG(( "filter", LDAP_LEVEL_ENTRY,
 481                    "test_substrings_filter: return FALSE\n" ));
 482 #else
 483         Debug( LDAP_DEBUG_FILTER, "end test_substrings_filter 1\n", 0, 0, 0 );
 484 #endif
 485
 486         return LDAP_COMPARE_FALSE;
 487 }