1 /* filterentry.c - apply a filter to an entry */
13 static int test_filter_list(Backend *be, Connection *conn, Operation *op, Entry *e, Filter *flist, int ftype);
14 static int test_substring_filter(Backend *be, Connection *conn, Operation *op, Entry *e, Filter *f);
15 static int test_ava_filter(Backend *be, Connection *conn, Operation *op, Entry *e, Ava *ava, int type);
16 static int test_approx_filter(Backend *be, Connection *conn, Operation *op, Entry *e, Ava *ava);
17 static int test_presence_filter(Backend *be, Connection *conn, Operation *op, Entry *e, char *type);
20 * test_filter - test a filter against a single entry.
21 * returns 0 filter matched
22 * -1 filter did not match
23 * >0 an ldap error code
37 Debug( LDAP_DEBUG_FILTER, "=> test_filter\n", 0, 0, 0 );
39 switch ( f->f_choice ) {
40 case LDAP_FILTER_EQUALITY:
41 Debug( LDAP_DEBUG_FILTER, " EQUALITY\n", 0, 0, 0 );
42 rc = test_ava_filter( be, conn, op, e, &f->f_ava,
43 LDAP_FILTER_EQUALITY );
46 case LDAP_FILTER_SUBSTRINGS:
47 Debug( LDAP_DEBUG_FILTER, " SUBSTRINGS\n", 0, 0, 0 );
48 rc = test_substring_filter( be, conn, op, e, f );
52 Debug( LDAP_DEBUG_FILTER, " GE\n", 0, 0, 0 );
53 rc = test_ava_filter( be, conn, op, e, &f->f_ava,
58 Debug( LDAP_DEBUG_FILTER, " LE\n", 0, 0, 0 );
59 rc = test_ava_filter( be, conn, op, e, &f->f_ava,
63 case LDAP_FILTER_PRESENT:
64 Debug( LDAP_DEBUG_FILTER, " PRESENT\n", 0, 0, 0 );
65 rc = test_presence_filter( be, conn, op, e, f->f_type );
68 case LDAP_FILTER_APPROX:
69 Debug( LDAP_DEBUG_FILTER, " APPROX\n", 0, 0, 0 );
70 rc = test_approx_filter( be, conn, op, e, &f->f_ava );
74 Debug( LDAP_DEBUG_FILTER, " AND\n", 0, 0, 0 );
75 rc = test_filter_list( be, conn, op, e, f->f_and,
80 Debug( LDAP_DEBUG_FILTER, " OR\n", 0, 0, 0 );
81 rc = test_filter_list( be, conn, op, e, f->f_or,
86 Debug( LDAP_DEBUG_FILTER, " NOT\n", 0, 0, 0 );
87 rc = (! test_filter( be, conn, op, e, f->f_not ) );
91 Debug( LDAP_DEBUG_ANY, " unknown filter type %lu\n",
96 Debug( LDAP_DEBUG_FILTER, "<= test_filter %d\n", rc, 0, 0 );
113 if ( be != NULL && ! access_allowed( be, conn, op, e, ava->ava_type,
114 &ava->ava_value, op->o_dn, ACL_SEARCH ) ) {
118 if ( (a = attr_find( e->e_attrs, ava->ava_type )) == NULL ) {
122 if ( a->a_syntax == 0 ) {
123 a->a_syntax = attr_syntax( ava->ava_type );
125 for ( i = 0; a->a_vals[i] != NULL; i++ ) {
126 rc = value_cmp( a->a_vals[i], &ava->ava_value, a->a_syntax,
130 case LDAP_FILTER_EQUALITY:
154 test_presence_filter(
162 if ( be != NULL && ! access_allowed( be, conn, op, e, type, NULL,
163 op->o_dn, ACL_SEARCH ) ) {
167 return( attr_find( e->e_attrs, type ) != NULL ? 0 : -1 );
179 char *w1, *w2, *c1, *c2;
183 if ( be != NULL && ! access_allowed( be, conn, op, e, ava->ava_type,
184 NULL, op->o_dn, ACL_SEARCH ) ) {
188 if ( (a = attr_find( e->e_attrs, ava->ava_type )) == NULL ) {
192 /* for each value in the attribute */
193 for ( i = 0; a->a_vals[i] != NULL; i++ ) {
195 * try to match words in the filter value in order
196 * in the attribute value.
199 w2 = a->a_vals[i]->bv_val;
200 /* for each word in the filter value */
201 for ( w1 = first_word( ava->ava_value.bv_val ); w1 != NULL;
202 w1 = next_word( w1 ) ) {
203 if ( (c1 = phonetic( w1 )) == NULL ) {
208 * for each word in the attribute value from
209 * where we left off...
211 for ( w2 = first_word( w2 ); w2 != NULL;
212 w2 = next_word( w2 ) ) {
214 if ( strcmp( c1, c2 ) == 0 ) {
223 * if we stopped because we ran out of words
224 * before making a match, go on to the next
225 * value. otherwise try to keep matching
226 * words in this value from where we left off.
231 w2 = next_word( w2 );
235 * if we stopped because we ran out of words we
259 Debug( LDAP_DEBUG_FILTER, "=> test_filter_list\n", 0, 0, 0 );
262 for ( f = flist; f != NULL; f = f->f_next ) {
263 if ( test_filter( be, conn, op, e, f ) != 0 ) {
264 if ( ftype == LDAP_FILTER_AND ) {
265 Debug( LDAP_DEBUG_FILTER,
266 "<= test_filter_list 1\n", 0, 0, 0 );
274 Debug( LDAP_DEBUG_FILTER, "<= test_filter_list %d\n", nomatch, 0, 0 );
279 strcpy_special( char *d, char *s )
301 test_substring_filter(
311 char *p, *end, *realval, *tmp;
317 Debug( LDAP_DEBUG_FILTER, "begin test_substring_filter\n", 0, 0, 0 );
319 if ( be != NULL && ! access_allowed( be, conn, op, e, f->f_sub_type,
320 NULL, op->o_dn, ACL_SEARCH ) ) {
324 if ( (a = attr_find( e->e_attrs, f->f_sub_type )) == NULL ) {
328 if ( a->a_syntax & SYNTAX_BIN ) {
329 Debug( LDAP_DEBUG_FILTER, "test_substring_filter bin attr\n",
335 * construct a regular expression corresponding to the
336 * filter and let regex do the work
341 end = pat + sizeof(pat) - 2; /* leave room for null */
342 if ( f->f_sub_initial != NULL ) {
344 p = strchr( p, '\0' );
345 /* 2 * in case every char is special */
346 if ( p + 2 * strlen( f->f_sub_initial ) > end ) {
347 Debug( LDAP_DEBUG_ANY, "not enough pattern space\n",
351 strcpy_special( p, f->f_sub_initial );
352 p = strchr( p, '\0' );
354 if ( f->f_sub_any != NULL ) {
355 for ( i = 0; f->f_sub_any[i] != NULL; i++ ) {
357 if ( p + 2 * strlen( f->f_sub_any[i] ) + 2 > end ) {
358 Debug( LDAP_DEBUG_ANY,
359 "not enough pattern space\n", 0, 0, 0 );
363 p = strchr( p, '\0' );
364 strcpy_special( p, f->f_sub_any[i] );
365 p = strchr( p, '\0' );
368 if ( f->f_sub_final != NULL ) {
370 if ( p + 2 * strlen( f->f_sub_final ) + 2 > end ) {
371 Debug( LDAP_DEBUG_ANY, "not enough pattern space\n",
376 p = strchr( p, '\0' );
377 strcpy_special( p, f->f_sub_final );
378 p = strchr( p, '\0' );
382 /* compile the regex */
383 Debug( LDAP_DEBUG_FILTER, "test_substring_filter: regcomp pat: %s\n",
385 if ((rc = regcomp(&re, pat, 0))) {
388 regerror(rc, &re, error, sizeof(error));
389 Debug( LDAP_DEBUG_ANY, "regcomp failed (%s) %s\n",
394 /* for each value in the attribute see if regex matches */
395 for ( i = 0; a->a_vals[i] != NULL; i++ ) {
398 if ( val->bv_len < sizeof(buf) ) {
399 strcpy( buf, val->bv_val );
402 tmp = (char *) ch_malloc( val->bv_len + 1 );
403 strcpy( tmp, val->bv_val );
406 value_normalize( realval, a->a_syntax );
408 rc = !regexec(&re, realval, 0, NULL, 0);
421 Debug( LDAP_DEBUG_FILTER, "end test_substring_filter 1\n", 0, 0, 0 );