2 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
4 * Copyright 2000-2013 The OpenLDAP Foundation.
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted only as authorized by the OpenLDAP
11 * A copy of this license is available in the file LICENSE in the
12 * top-level directory of the distribution or, alternatively, at
13 * <http://www.OpenLDAP.org/license.html>.
19 #include <ac/string.h>
24 static BerVarray set_chase( SLAP_SET_GATHER gatherer,
25 SetCookie *cookie, BerVarray set, AttributeDescription *desc, int closure );
27 /* Count the array members */
29 slap_set_size( BerVarray set )
34 while ( !BER_BVISNULL( &set[ i ] ) ) {
42 /* Return 0 if there is at least one array member, non-zero otherwise */
44 slap_set_isempty( BerVarray set )
50 if ( !BER_BVISNULL( &set[ 0 ] ) ) {
57 /* Dispose of the contents of the array and the array itself according
58 * to the flags value. If SLAP_SET_REFVAL, don't dispose of values;
59 * if SLAP_SET_REFARR, don't dispose of the array itself. In case of
60 * binary operators, there are LEFT flags and RIGHT flags, referring to
61 * the first and the second operator arguments, respectively. In this
62 * case, flags must be transformed using macros SLAP_SET_LREF2REF() and
63 * SLAP_SET_RREF2REF() before calling this function.
66 slap_set_dispose( SetCookie *cp, BerVarray set, unsigned flags )
68 if ( flags & SLAP_SET_REFVAL ) {
69 if ( ! ( flags & SLAP_SET_REFARR ) ) {
70 cp->set_op->o_tmpfree( set, cp->set_op->o_tmpmemctx );
74 ber_bvarray_free_x( set, cp->set_op->o_tmpmemctx );
78 /* Duplicate a set. If SLAP_SET_REFARR, is not set, the original array
79 * with the original values is returned, otherwise the array is duplicated;
80 * if SLAP_SET_REFVAL is set, also the values are duplicated.
83 set_dup( SetCookie *cp, BerVarray set, unsigned flags )
85 BerVarray newset = NULL;
91 if ( flags & SLAP_SET_REFARR ) {
94 for ( i = 0; !BER_BVISNULL( &set[ i ] ); i++ )
96 newset = cp->set_op->o_tmpcalloc( i + 1,
97 sizeof( struct berval ),
98 cp->set_op->o_tmpmemctx );
99 if ( newset == NULL ) {
103 if ( flags & SLAP_SET_REFVAL ) {
104 for ( i = 0; !BER_BVISNULL( &set[ i ] ); i++ ) {
105 ber_dupbv_x( &newset[ i ], &set[ i ],
106 cp->set_op->o_tmpmemctx );
110 AC_MEMCPY( newset, set, ( i + 1 ) * sizeof( struct berval ) );
120 /* Join two sets according to operator op and flags op_flags.
122 * '|' (or): the union between the two sets is returned,
123 * eliminating duplicates
124 * '&' (and): the intersection between the two sets
126 * '+' (add): the inner product of the two sets is returned,
127 * namely a set containing the concatenation of
128 * all combinations of the two sets members,
129 * except for duplicates.
130 * The two sets are disposed of according to the flags as described
131 * for slap_set_dispose().
141 long i, j, last, rlast;
142 unsigned op = ( op_flags & SLAP_SET_OPMASK );
146 case '|': /* union */
147 if ( lset == NULL || BER_BVISNULL( &lset[ 0 ] ) ) {
148 if ( rset == NULL ) {
149 if ( lset == NULL ) {
150 set = cp->set_op->o_tmpcalloc( 1,
151 sizeof( struct berval ),
152 cp->set_op->o_tmpmemctx );
153 BER_BVZERO( &set[ 0 ] );
156 set = set_dup( cp, lset, SLAP_SET_LREF2REF( op_flags ) );
159 slap_set_dispose( cp, lset, SLAP_SET_LREF2REF( op_flags ) );
160 set = set_dup( cp, rset, SLAP_SET_RREF2REF( op_flags ) );
163 if ( rset == NULL || BER_BVISNULL( &rset[ 0 ] ) ) {
164 slap_set_dispose( cp, rset, SLAP_SET_RREF2REF( op_flags ) );
165 set = set_dup( cp, lset, SLAP_SET_LREF2REF( op_flags ) );
169 /* worst scenario: no duplicates */
170 rlast = slap_set_size( rset );
171 i = slap_set_size( lset ) + rlast + 1;
172 set = cp->set_op->o_tmpcalloc( i, sizeof( struct berval ), cp->set_op->o_tmpmemctx );
174 /* set_chase() depends on this routine to
175 * keep the first elements of the result
176 * set the same (and in the same order)
179 for ( i = 0; !BER_BVISNULL( &lset[ i ] ); i++ ) {
180 if ( op_flags & SLAP_SET_LREFVAL ) {
181 ber_dupbv_x( &set[ i ], &lset[ i ], cp->set_op->o_tmpmemctx );
184 set[ i ] = lset[ i ];
188 /* pointers to values have been used in set - don't free twice */
189 op_flags |= SLAP_SET_LREFVAL;
193 for ( i = 0; !BER_BVISNULL( &rset[ i ] ); i++ ) {
196 for ( j = 0; !BER_BVISNULL( &set[ j ] ); j++ ) {
197 if ( bvmatch( &rset[ i ], &set[ j ] ) )
199 if ( !( op_flags & SLAP_SET_RREFVAL ) ) {
200 cp->set_op->o_tmpfree( rset[ i ].bv_val, cp->set_op->o_tmpmemctx );
201 rset[ i ] = rset[ --rlast ];
202 BER_BVZERO( &rset[ rlast ] );
211 if ( op_flags & SLAP_SET_RREFVAL ) {
212 ber_dupbv_x( &set[ last ], &rset[ i ], cp->set_op->o_tmpmemctx );
215 set[ last ] = rset[ i ];
221 /* pointers to values have been used in set - don't free twice */
222 op_flags |= SLAP_SET_RREFVAL;
224 BER_BVZERO( &set[ last ] );
228 case '&': /* intersection */
229 if ( lset == NULL || BER_BVISNULL( &lset[ 0 ] )
230 || rset == NULL || BER_BVISNULL( &rset[ 0 ] ) )
232 set = cp->set_op->o_tmpcalloc( 1, sizeof( struct berval ),
233 cp->set_op->o_tmpmemctx );
234 BER_BVZERO( &set[ 0 ] );
241 llen = slap_set_size( lset );
242 rlen = slap_set_size( rset );
244 /* dup the shortest */
247 set = set_dup( cp, lset, SLAP_SET_LREF2REF( op_flags ) );
253 set = set_dup( cp, rset, SLAP_SET_RREF2REF( op_flags ) );
262 for ( i = 0; !BER_BVISNULL( &set[ i ] ); i++ ) {
263 for ( j = 0; !BER_BVISNULL( &sset[ j ] ); j++ ) {
264 if ( bvmatch( &set[ i ], &sset[ j ] ) ) {
269 if ( BER_BVISNULL( &sset[ j ] ) ) {
270 cp->set_op->o_tmpfree( set[ i ].bv_val, cp->set_op->o_tmpmemctx );
271 set[ i ] = set[ --last ];
272 BER_BVZERO( &set[ last ] );
279 case '+': /* string concatenation */
280 i = slap_set_size( rset );
281 j = slap_set_size( lset );
283 /* handle empty set cases */
284 if ( i == 0 || j == 0 ) {
285 set = cp->set_op->o_tmpcalloc( 1, sizeof( struct berval ),
286 cp->set_op->o_tmpmemctx );
290 BER_BVZERO( &set[ 0 ] );
294 set = cp->set_op->o_tmpcalloc( i * j + 1, sizeof( struct berval ),
295 cp->set_op->o_tmpmemctx );
300 for ( last = 0, i = 0; !BER_BVISNULL( &lset[ i ] ); i++ ) {
301 for ( j = 0; !BER_BVISNULL( &rset[ j ] ); j++ ) {
305 /* don't concatenate with the empty string */
306 if ( BER_BVISEMPTY( &lset[ i ] ) ) {
307 ber_dupbv_x( &bv, &rset[ j ], cp->set_op->o_tmpmemctx );
308 if ( bv.bv_val == NULL ) {
309 ber_bvarray_free_x( set, cp->set_op->o_tmpmemctx );
314 } else if ( BER_BVISEMPTY( &rset[ j ] ) ) {
315 ber_dupbv_x( &bv, &lset[ i ], cp->set_op->o_tmpmemctx );
316 if ( bv.bv_val == NULL ) {
317 ber_bvarray_free_x( set, cp->set_op->o_tmpmemctx );
323 bv.bv_len = lset[ i ].bv_len + rset[ j ].bv_len;
324 bv.bv_val = cp->set_op->o_tmpalloc( bv.bv_len + 1,
325 cp->set_op->o_tmpmemctx );
326 if ( bv.bv_val == NULL ) {
327 ber_bvarray_free_x( set, cp->set_op->o_tmpmemctx );
331 AC_MEMCPY( bv.bv_val, lset[ i ].bv_val, lset[ i ].bv_len );
332 AC_MEMCPY( &bv.bv_val[ lset[ i ].bv_len ], rset[ j ].bv_val, rset[ j ].bv_len );
333 bv.bv_val[ bv.bv_len ] = '\0';
336 for ( k = 0; k < last; k++ ) {
337 if ( bvmatch( &set[ k ], &bv ) ) {
338 cp->set_op->o_tmpfree( bv.bv_val, cp->set_op->o_tmpmemctx );
348 BER_BVZERO( &set[ last ] );
356 if ( lset ) slap_set_dispose( cp, lset, SLAP_SET_LREF2REF( op_flags ) );
357 if ( rset ) slap_set_dispose( cp, rset, SLAP_SET_RREF2REF( op_flags ) );
360 if ( LogTest( LDAP_DEBUG_ACL ) ) {
361 if ( BER_BVISNULL( set ) ) {
362 Debug( LDAP_DEBUG_ACL, " ACL set: empty\n", 0, 0, 0 );
365 for ( i = 0; !BER_BVISNULL( &set[ i ] ); i++ ) {
366 Debug( LDAP_DEBUG_ACL, " ACL set[%ld]=%s\n", i, set[i].bv_val, 0 );
375 set_chase( SLAP_SET_GATHER gatherer,
376 SetCookie *cp, BerVarray set, AttributeDescription *desc, int closure )
378 BerVarray vals, nset;
382 set = cp->set_op->o_tmpcalloc( 1, sizeof( struct berval ),
383 cp->set_op->o_tmpmemctx );
385 BER_BVZERO( &set[ 0 ] );
390 if ( BER_BVISNULL( set ) ) {
394 nset = cp->set_op->o_tmpcalloc( 1, sizeof( struct berval ), cp->set_op->o_tmpmemctx );
395 if ( nset == NULL ) {
396 ber_bvarray_free_x( set, cp->set_op->o_tmpmemctx );
399 for ( i = 0; !BER_BVISNULL( &set[ i ] ); i++ ) {
400 vals = gatherer( cp, &set[ i ], desc );
401 if ( vals != NULL ) {
402 nset = slap_set_join( cp, nset, '|', vals );
405 ber_bvarray_free_x( set, cp->set_op->o_tmpmemctx );
408 for ( i = 0; !BER_BVISNULL( &nset[ i ] ); i++ ) {
409 vals = gatherer( cp, &nset[ i ], desc );
410 if ( vals != NULL ) {
411 nset = slap_set_join( cp, nset, '|', vals );
412 if ( nset == NULL ) {
424 set_parents( SetCookie *cp, BerVarray set )
427 struct berval bv, pbv;
428 BerVarray nset, vals;
431 set = cp->set_op->o_tmpcalloc( 1, sizeof( struct berval ),
432 cp->set_op->o_tmpmemctx );
434 BER_BVZERO( &set[ 0 ] );
439 if ( BER_BVISNULL( &set[ 0 ] ) ) {
443 nset = cp->set_op->o_tmpcalloc( 1, sizeof( struct berval ), cp->set_op->o_tmpmemctx );
444 if ( nset == NULL ) {
445 ber_bvarray_free_x( set, cp->set_op->o_tmpmemctx );
449 BER_BVZERO( &nset[ 0 ] );
451 for ( i = 0; !BER_BVISNULL( &set[ i ] ); i++ ) {
455 for ( ; !BER_BVISEMPTY( &pbv ); dnParent( &bv, &pbv ) ) {
460 vals = cp->set_op->o_tmpcalloc( level + 1, sizeof( struct berval ), cp->set_op->o_tmpmemctx );
461 if ( vals == NULL ) {
462 ber_bvarray_free_x( set, cp->set_op->o_tmpmemctx );
463 ber_bvarray_free_x( nset, cp->set_op->o_tmpmemctx );
466 BER_BVZERO( &vals[ 0 ] );
470 for ( j = 0 ; j < level ; j++ ) {
471 ber_dupbv_x( &vals[ last ], &bv, cp->set_op->o_tmpmemctx );
473 dnParent( &bv, &bv );
475 BER_BVZERO( &vals[ last ] );
477 nset = slap_set_join( cp, nset, '|', vals );
480 ber_bvarray_free_x( set, cp->set_op->o_tmpmemctx );
488 set_parent( SetCookie *cp, BerVarray set, int level )
495 set = cp->set_op->o_tmpcalloc( 1, sizeof( struct berval ),
496 cp->set_op->o_tmpmemctx );
498 BER_BVZERO( &set[ 0 ] );
503 if ( BER_BVISNULL( &set[ 0 ] ) ) {
507 nset = cp->set_op->o_tmpcalloc( slap_set_size( set ) + 1, sizeof( struct berval ), cp->set_op->o_tmpmemctx );
508 if ( nset == NULL ) {
509 ber_bvarray_free_x( set, cp->set_op->o_tmpmemctx );
513 BER_BVZERO( &nset[ 0 ] );
516 for ( i = 0; !BER_BVISNULL( &set[ i ] ); i++ ) {
519 for ( j = 0 ; j < level ; j++ ) {
520 dnParent( &bv, &bv );
523 for ( j = 0; !BER_BVISNULL( &nset[ j ] ); j++ ) {
524 if ( bvmatch( &bv, &nset[ j ] ) )
530 if ( BER_BVISNULL( &nset[ j ] ) ) {
531 ber_dupbv_x( &nset[ last ], &bv, cp->set_op->o_tmpmemctx );
536 BER_BVZERO( &nset[ last ] );
538 ber_bvarray_free_x( set, cp->set_op->o_tmpmemctx );
544 slap_set_filter( SLAP_SET_GATHER gatherer,
545 SetCookie *cp, struct berval *fbv,
546 struct berval *user, struct berval *target, BerVarray *results )
548 #define STACK_SIZE 64
549 #define IS_SET(x) ( (unsigned long)(x) >= 256 )
550 #define IS_OP(x) ( (unsigned long)(x) < 256 )
551 #define SF_ERROR(x) do { rc = -1; goto _error; } while ( 0 )
552 #define SF_TOP() ( (BerVarray)( ( stp < 0 ) ? 0 : stack[ stp ] ) )
553 #define SF_POP() ( (BerVarray)( ( stp < 0 ) ? 0 : stack[ stp-- ] ) )
554 #define SF_PUSH(x) do { \
555 if ( stp >= ( STACK_SIZE - 1 ) ) SF_ERROR( overflow ); \
556 stack[ ++stp ] = (BerVarray)(long)(x); \
560 BerVarray stack[ STACK_SIZE ] = { 0 };
563 char c, *filter = fbv->bv_val;
570 while ( ( c = *filter++ ) ) {
580 if ( IS_SET( SF_TOP() ) ) {
588 if ( IS_OP( set ) ) {
591 if ( SF_TOP() == (void *)'(' /* ) */ ) {
596 } else if ( IS_OP( SF_TOP() ) ) {
597 op = (unsigned long)SF_POP();
600 set = slap_set_join( cp, lset, op, set );
612 case '|': /* union */
613 case '&': /* intersection */
614 case '+': /* string concatenation */
616 if ( IS_OP( set ) ) {
619 if ( SF_TOP() == 0 || SF_TOP() == (void *)'(' /* ) */ ) {
623 } else if ( IS_OP( SF_TOP() ) ) {
624 op = (unsigned long)SF_POP();
626 set = slap_set_join( cp, lset, op, set );
640 if ( ( SF_TOP() == (void *)'/' ) || IS_SET( SF_TOP() ) ) {
643 for ( len = 0; ( c = *filter++ ) && ( c != /* [ */ ']' ); len++ )
649 set = cp->set_op->o_tmpcalloc( 2, sizeof( struct berval ),
650 cp->set_op->o_tmpmemctx );
654 set->bv_val = cp->set_op->o_tmpcalloc( len + 1, sizeof( char ),
655 cp->set_op->o_tmpmemctx );
656 if ( BER_BVISNULL( set ) ) {
659 AC_MEMCPY( set->bv_val, &filter[ - len - 1 ], len );
666 if ( ( SF_TOP() == (void *)'/' )
667 && ( *filter == '*' || ASCII_DIGIT( *filter ) ) )
671 if ( *filter == '*' ) {
672 set = set_parents( cp, SF_POP() );
677 long parent = strtol( filter, &next, 10 );
679 if ( next == filter ) {
685 set = set_parent( cp, set, parent );
702 /* fall through to next case */
706 if ( IS_OP( SF_TOP() ) ) {
713 if ( !AD_LEADCHAR( c ) ) {
718 ( c = filter[ len ] ) && AD_CHAR( c );
722 if ( c == '-' && !AD_CHAR( filter[ len + 1 ] ) ) {
727 && memcmp( "this", filter, len ) == 0 )
729 assert( !BER_BVISNULL( target ) );
730 if ( ( SF_TOP() == (void *)'/' ) || IS_SET( SF_TOP() ) ) {
733 set = cp->set_op->o_tmpcalloc( 2, sizeof( struct berval ),
734 cp->set_op->o_tmpmemctx );
738 ber_dupbv_x( set, target, cp->set_op->o_tmpmemctx );
739 if ( BER_BVISNULL( set ) ) {
742 BER_BVZERO( &set[ 1 ] );
745 && memcmp( "user", filter, len ) == 0 )
747 if ( ( SF_TOP() == (void *)'/' ) || IS_SET( SF_TOP() ) ) {
750 if ( BER_BVISNULL( user ) ) {
753 set = cp->set_op->o_tmpcalloc( 2, sizeof( struct berval ),
754 cp->set_op->o_tmpmemctx );
758 ber_dupbv_x( set, user, cp->set_op->o_tmpmemctx );
759 BER_BVZERO( &set[ 1 ] );
761 } else if ( SF_TOP() != (void *)'/' ) {
766 AttributeDescription *ad = NULL;
767 const char *text = NULL;
773 if ( slap_bv2ad( &fb2, &ad, &text ) != LDAP_SUCCESS ) {
777 /* NOTE: ad must have distinguishedName syntax
778 * or expand in an LDAP URI if c == '*'
781 set = set_chase( gatherer,
782 cp, SF_POP(), ad, c == '*' );
798 if ( IS_OP( set ) ) {
801 if ( SF_TOP() == 0 ) {
804 } else if ( IS_OP( SF_TOP() ) ) {
805 op = (unsigned long)SF_POP();
807 set = slap_set_join( cp, lset, op, set );
816 rc = slap_set_isempty( set ) ? 0 : 1;
823 if ( IS_SET( set ) ) {
824 ber_bvarray_free_x( set, cp->set_op->o_tmpmemctx );
826 while ( ( set = SF_POP() ) ) {
827 if ( IS_SET( set ) ) {
828 ber_bvarray_free_x( set, cp->set_op->o_tmpmemctx );