1 /* filterentry.c - apply a filter to an entry */
4 * Copyright 1998-2000 The OpenLDAP Foundation, All Rights Reserved.
5 * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
12 #include <ac/socket.h>
13 #include <ac/string.h>
15 #ifndef SLAPD_SCHEMA_NOT_COMPAT
21 static int test_filter_and( Backend *be,
22 Connection *conn, Operation *op,
23 Entry *e, Filter *flist );
24 static int test_filter_or( Backend *be,
25 Connection *conn, Operation *op,
26 Entry *e, Filter *flist );
27 static int test_substring_filter( Backend *be,
28 Connection *conn, Operation *op,
30 #ifdef SLAPD_SCHEMA_NOT_COMPAT
31 static int test_ava_filter( Backend *be,
32 Connection *conn, Operation *op,
33 Entry *e, AttributeAssertion *ava, int type );
34 static int test_mra_filter( Backend *be,
35 Connection *conn, Operation *op,
36 Entry *e, MatchingRuleAssertion *mra );
37 static int test_presence_filter( Backend *be,
38 Connection *conn, Operation *op,
39 Entry *e, AttributeDescription *desc );
41 static int test_ava_filter(Backend *be,
42 Connection *conn, Operation *op,
43 Entry *e, Ava *ava, int type);
44 static int test_approx_filter(Backend *be,
45 Connection *conn, Operation *op,
47 static int test_presence_filter(Backend *be,
48 Connection *conn, Operation *op,
49 Entry *e, char *type);
54 * test_filter - test a filter against a single entry.
56 * LDAP_COMPARE_TRUE filter matched
57 * LDAP_COMPARE_FALSE filter did not match
58 * SLAPD_COMPARE_UNDEFINED filter is undefined
59 * or an ldap result code indicating error
73 Debug( LDAP_DEBUG_FILTER, "=> test_filter\n", 0, 0, 0 );
75 switch ( f->f_choice ) {
76 #ifdef SLAPD_SCHEMA_NOT_COMPAT
77 case SLAPD_FILTER_COMPUTED:
78 Debug( LDAP_DEBUG_FILTER, " COMPUTED %s (%d)\n",
79 f->f_result == LDAP_COMPARE_FALSE ? "false" :
80 f->f_result == LDAP_COMPARE_TRUE ? "true" :
81 f->f_result == SLAPD_COMPARE_UNDEFINED ? "undefined" : "error",
87 case LDAP_FILTER_EQUALITY:
88 Debug( LDAP_DEBUG_FILTER, " EQUALITY\n", 0, 0, 0 );
89 #ifdef SLAPD_SCHEMA_NOT_COMPAT
90 rc = test_ava_filter( be, conn, op, e, f->f_ava,
91 LDAP_FILTER_EQUALITY );
93 rc = test_ava_filter( be, conn, op, e, &f->f_ava,
94 LDAP_FILTER_EQUALITY );
98 case LDAP_FILTER_SUBSTRINGS:
99 Debug( LDAP_DEBUG_FILTER, " SUBSTRINGS\n", 0, 0, 0 );
100 rc = test_substring_filter( be, conn, op, e, f );
104 #ifdef SLAPD_SCHEMA_NOT_COMPAT
105 rc = test_ava_filter( be, conn, op, e, f->f_ava,
108 Debug( LDAP_DEBUG_FILTER, " GE\n", 0, 0, 0 );
109 rc = test_ava_filter( be, conn, op, e, &f->f_ava,
115 #ifdef SLAPD_SCHEMA_NOT_COMPAT
116 rc = test_ava_filter( be, conn, op, e, f->f_ava,
119 Debug( LDAP_DEBUG_FILTER, " LE\n", 0, 0, 0 );
120 rc = test_ava_filter( be, conn, op, e, &f->f_ava,
125 case LDAP_FILTER_PRESENT:
126 Debug( LDAP_DEBUG_FILTER, " PRESENT\n", 0, 0, 0 );
127 #ifdef SLAPD_SCHEMA_NOT_COMPAT
128 rc = test_presence_filter( be, conn, op, e, f->f_desc );
130 rc = test_presence_filter( be, conn, op, e, f->f_type );
134 case LDAP_FILTER_APPROX:
135 Debug( LDAP_DEBUG_FILTER, " APPROX\n", 0, 0, 0 );
136 #ifdef SLAPD_SCHEMA_NOT_COMPAT
137 rc = test_ava_filter( be, conn, op, e, f->f_ava,
138 LDAP_FILTER_APPROX );
140 rc = test_approx_filter( be, conn, op, e, &f->f_ava );
144 case LDAP_FILTER_AND:
145 Debug( LDAP_DEBUG_FILTER, " AND\n", 0, 0, 0 );
146 rc = test_filter_and( be, conn, op, e, f->f_and );
150 Debug( LDAP_DEBUG_FILTER, " OR\n", 0, 0, 0 );
151 rc = test_filter_or( be, conn, op, e, f->f_or );
154 case LDAP_FILTER_NOT:
155 Debug( LDAP_DEBUG_FILTER, " NOT\n", 0, 0, 0 );
156 rc = test_filter( be, conn, op, e, f->f_not );
159 case LDAP_COMPARE_TRUE:
160 rc = LDAP_COMPARE_FALSE;
162 case LDAP_COMPARE_FALSE:
163 rc = LDAP_COMPARE_TRUE;
168 #ifdef SLAPD_EXT_FILTERS
169 case LDAP_FILTER_EXT:
170 Debug( LDAP_DEBUG_FILTER, " EXT\n", 0, 0, 0 );
171 #if SLAPD_SCHEMA_NOT_COMPAT
172 rc = test_mra_filter( be, conn, op, e, f->f_mra );
174 rc = LDAP_UNWILLING_TO_PERFORM;
180 Debug( LDAP_DEBUG_ANY, " unknown filter type %lu\n",
182 rc = LDAP_PROTOCOL_ERROR;
185 Debug( LDAP_DEBUG_FILTER, "<= test_filter %d\n", rc, 0, 0 );
196 #ifdef SLAPD_SCHEMA_NOT_COMPAT
197 AttributeAssertion *ava,
207 #ifdef SLAPD_SCHEMA_NOT_COMPAT
208 if ( be != NULL && ! access_allowed( be, conn, op, e,
209 ava->aa_desc, ava->aa_value, ACL_SEARCH ) )
212 if ( be != NULL && ! access_allowed( be, conn, op, e,
213 ava->ava_type, &ava->ava_value, ACL_SEARCH ) )
216 return LDAP_INSUFFICIENT_ACCESS;
219 #ifdef SLAPD_SCHEMA_NOT_COMPAT
220 for(a = attrs_find( e->e_attrs, ava->aa_desc );
222 a = attrs_find( a->a_next, ava->aa_desc ) )
224 a = attr_find( e->e_attrs, ava->ava_type );
228 #ifdef SLAPD_SCHEMA_NOT_COMPAT
232 case LDAP_FILTER_APPROX:
233 mr = a->a_desc->ad_type->sat_approx;
234 if( mr != NULL ) break;
236 case LDAP_FILTER_EQUALITY:
237 mr = a->a_desc->ad_type->sat_equality;
242 mr = a->a_desc->ad_type->sat_ordering;
253 if ( a->a_syntax == 0 ) {
254 a->a_syntax = attr_syntax( ava->ava_type );
258 for ( i = 0; a->a_vals[i] != NULL; i++ ) {
260 #ifdef SLAPD_SCHEMA_NOT_COMPAT
264 rc = value_match( &ret, a->a_desc, mr,
265 a->a_vals[i], ava->aa_value,
268 if( rc != LDAP_SUCCESS ) {
272 ret = value_cmp( a->a_vals[i], &ava->ava_value, a->a_syntax,
277 case LDAP_FILTER_EQUALITY:
278 case LDAP_FILTER_APPROX:
280 return LDAP_COMPARE_TRUE;
286 return LDAP_COMPARE_TRUE;
292 return LDAP_COMPARE_TRUE;
299 return( LDAP_COMPARE_FALSE );
304 test_presence_filter(
309 #ifdef SLAPD_SCHEMA_NOT_COMPAT
310 AttributeDescription *desc
316 if ( be != NULL && ! access_allowed( be, conn, op, e,
317 desc, NULL, ACL_SEARCH ) )
319 return LDAP_INSUFFICIENT_ACCESS;
322 #ifdef SLAPD_SCHEMA_NOT_COMPAT
323 return attrs_find( e->e_attrs, desc ) != NULL
325 return attr_find( e->e_attrs, desc ) != NULL
327 ? LDAP_COMPARE_TRUE : LDAP_COMPARE_FALSE;
330 #ifndef SLAPD_SCHEMA_NOT_COMPAT
340 char *w1, *w2, *c1, *c2;
344 if ( be != NULL && ! access_allowed( be, conn, op, e,
345 ava->ava_type, NULL, ACL_SEARCH ) )
347 return LDAP_INSUFFICIENT_ACCESS;
350 a = attr_find( e->e_attrs, ava->ava_type );
352 /* for each value in the attribute */
353 for ( i = 0; a->a_vals[i] != NULL; i++ ) {
355 * try to match words in the filter value in order
356 * in the attribute value.
359 w2 = a->a_vals[i]->bv_val;
360 /* for each word in the filter value */
361 for ( w1 = first_word( ava->ava_value.bv_val ); w1 != NULL;
362 w1 = next_word( w1 ) ) {
363 if ( (c1 = phonetic( w1 )) == NULL ) {
368 * for each word in the attribute value from
369 * where we left off...
371 for ( w2 = first_word( w2 ); w2 != NULL;
372 w2 = next_word( w2 ) ) {
374 if ( strcmp( c1, c2 ) == 0 ) {
383 * if we stopped because we ran out of words
384 * before making a match, go on to the next
385 * value. otherwise try to keep matching
386 * words in this value from where we left off.
391 w2 = next_word( w2 );
395 * if we stopped because we ran out of words we
399 return LDAP_COMPARE_TRUE;
404 return LDAP_COMPARE_FALSE;
418 int rtn = LDAP_COMPARE_TRUE;
420 Debug( LDAP_DEBUG_FILTER, "=> test_filter_and\n", 0, 0, 0 );
422 for ( f = flist; f != NULL; f = f->f_next ) {
423 int rc = test_filter( be, conn, op, e, f );
425 if ( rc == LDAP_COMPARE_FALSE ) {
426 rtn = LDAP_COMPARE_FALSE;
429 if ( rc != LDAP_COMPARE_TRUE ) {
434 Debug( LDAP_DEBUG_FILTER, "<= test_filter_and %d\n", rtn, 0, 0 );
448 int rtn = LDAP_COMPARE_FALSE;
450 Debug( LDAP_DEBUG_FILTER, "=> test_filter_or\n", 0, 0, 0 );
452 for ( f = flist; f != NULL; f = f->f_next ) {
453 int rc = test_filter( be, conn, op, e, f );
455 if ( rc == LDAP_COMPARE_TRUE ) {
456 rtn = LDAP_COMPARE_TRUE;
459 if ( rc != LDAP_COMPARE_TRUE ) {
464 Debug( LDAP_DEBUG_FILTER, "<= test_filter_or %d\n", rtn, 0, 0 );
468 #ifndef SLAPD_SCHEMA_NOT_COMPAT
470 strcpy_regex( char *d, char *s )
499 test_substring_filter(
508 #ifndef SLAPD_SCHEMA_NOT_COMPAT
510 char *p, *end, *realval, *tmp;
517 Debug( LDAP_DEBUG_FILTER, "begin test_substring_filter\n", 0, 0, 0 );
519 if ( be != NULL && ! access_allowed( be, conn, op, e,
520 f->f_sub_desc, NULL, ACL_SEARCH ) )
522 return LDAP_INSUFFICIENT_ACCESS;
525 #ifdef SLAPD_SCHEMA_NOT_COMPAT
526 for(a = attrs_find( e->e_attrs, f->f_sub_desc );
528 a = attrs_find( a->a_next, f->f_sub_desc ) )
530 a = attr_find( e->e_attrs, f->f_sub_type );
534 #ifdef SLAPD_SCHEMA_NOT_COMPAT
536 MatchingRule *mr = a->a_desc->ad_type->sat_substr;
542 for ( i = 0; a->a_vals[i] != NULL; i++ ) {
547 rc = value_match( &ret, a->a_desc, mr,
548 a->a_vals[i], f->f_sub,
551 if( rc != LDAP_SUCCESS ) {
556 return LDAP_COMPARE_TRUE;
560 if ( a->a_syntax & SYNTAX_BIN ) {
561 Debug( LDAP_DEBUG_FILTER, "test_substring_filter bin attr\n",
563 return LDAP_INAPPROPRIATE_MATCHING;
567 * construct a regular expression corresponding to the
568 * filter and let regex do the work
573 end = pat + sizeof(pat) - 2; /* leave room for null */
574 if ( f->f_sub_initial != NULL ) {
576 p = strchr( p, '\0' );
577 /* 2 * in case every char is special */
578 if ( p + 2 * f->f_sub_initial->bv_len > end ) {
579 Debug( LDAP_DEBUG_ANY, "not enough pattern space\n",
583 strcpy_regex( p, f->f_sub_initial->bv_val );
584 p = strchr( p, '\0' );
586 if ( f->f_sub_any != NULL ) {
587 for ( i = 0; f->f_sub_any[i] != NULL; i++ ) {
589 if ( p + 2 * f->f_sub_any[i]->bv_len + 2 > end ) {
590 Debug( LDAP_DEBUG_ANY,
591 "not enough pattern space\n", 0, 0, 0 );
595 p = strchr( p, '\0' );
596 strcpy_regex( p, f->f_sub_any[i]->bv_val );
597 p = strchr( p, '\0' );
600 if ( f->f_sub_final != NULL ) {
602 if ( p + 2 * f->f_sub_final->bv_len + 2 > end ) {
603 Debug( LDAP_DEBUG_ANY, "not enough pattern space\n",
608 p = strchr( p, '\0' );
609 strcpy_regex( p, f->f_sub_final->bv_val );
610 p = strchr( p, '\0' );
614 /* compile the regex */
615 Debug( LDAP_DEBUG_FILTER, "test_substring_filter: regcomp pat: %s\n",
617 if ((rc = regcomp(&re, pat, REG_EXTENDED|REG_NOSUB))) {
620 regerror(rc, &re, error, sizeof(error));
621 Debug( LDAP_DEBUG_ANY, "regcomp failed (%s) %s\n",
626 /* for each value in the attribute see if regex matches */
627 for ( i = 0; a->a_vals[i] != NULL; i++ ) {
630 if ( val->bv_len < sizeof(buf) ) {
631 strcpy( buf, val->bv_val );
634 tmp = (char *) ch_malloc( val->bv_len + 1 );
635 strcpy( tmp, val->bv_val );
639 value_normalize( realval, a->a_syntax );
641 rc = !regexec(&re, realval, 0, NULL, 0);
648 return LDAP_COMPARE_TRUE;
656 Debug( LDAP_DEBUG_FILTER, "end test_substring_filter 1\n", 0, 0, 0 );
657 return LDAP_COMPARE_FALSE;
projects / openldap / blob