+/* search.c */
/* $OpenLDAP$ */
-/*
- * Copyright 1998-2000 The OpenLDAP Foundation, All Rights Reserved.
- * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
- */
-/* Portions
- * Copyright (c) 1990 Regents of the University of Michigan.
- * All rights reserved.
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2009 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
*
- * search.c
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* Portions Copyright (c) 1990 Regents of the University of Michigan.
+ * All rights reserved.
*/
#include "portable.h"
#include "ldap-int.h"
+static int put_simple_vrFilter LDAP_P((
+ BerElement *ber,
+ char *str ));
+
+static int put_vrFilter_list LDAP_P((
+ BerElement *ber,
+ char *str ));
+
static char *put_complex_filter LDAP_P((
BerElement *ber,
char *str,
static int put_substring_filter LDAP_P((
BerElement *ber,
char *type,
- char *str ));
+ char *str,
+ char *nextstar ));
static int put_filter_list LDAP_P((
BerElement *ber,
return 0;
options:
- if( !LDAP_LDH( str[i] )) {
+ if( !LDAP_LDH( str[0] )) {
return 0;
}
for( i=1; str[i]; i++ ) {
if ( balance ) s++;
}
- return( *s ? s : NULL );
+ return *s ? s : NULL;
}
static int hex2value( int c )
case '*': /* found wildcard */
return (char *) s;
+ case '(':
+ case ')':
+ return NULL;
+
case '\\':
if( s[1] == '\0' ) return NULL;
+
if( LDAP_HEX( s[1] ) && LDAP_HEX( s[2] ) ) {
s+=2;
- }
- switch( s[1] ) {
+ } else switch( s[1] ) {
default:
return NULL;
/* allow RFC 1960 escapes */
- case '\\':
case '*':
case '(':
case ')':
+ case '\\':
s++;
}
}
}
- return NULL;
+ return (char *) s;
}
/* unescape filter value */
for( r=v=0; fval[v] != '\0'; v++ ) {
switch( fval[v] ) {
+ case '(':
+ case ')':
+ case '*':
+ return -1;
+
case '\\':
/* escape */
v++;
if ( fval[v] == '\0' ) {
/* escape at end of string */
return -1;
-
}
if (( v1 = hex2value( fval[v] )) >= 0 ) {
*/
/* put explicit tag */
- if ( ber_printf( ber, "t{" /*"}"*/, tag ) == -1 )
- return( NULL );
+ if ( ber_printf( ber, "t{" /*"}"*/, tag ) == -1 ) {
+ return NULL;
+ }
str++;
- if ( (next = find_right_paren( str )) == NULL )
- return( NULL );
+ if ( (next = find_right_paren( str )) == NULL ) {
+ return NULL;
+ }
*next = '\0';
- if ( put_filter_list( ber, str, tag ) == -1 )
- return( NULL );
+ if ( put_filter_list( ber, str, tag ) == -1 ) {
+ return NULL;
+ }
/* close the '(' */
*next++ = ')';
/* flush explicit tagged thang */
- if ( ber_printf( ber, /*"{"*/ "N}" ) == -1 )
- return( NULL );
+ if ( ber_printf( ber, /*"{"*/ "N}" ) == -1 ) {
+ return NULL;
+ }
- return( next );
+ return next;
}
int
-ldap_int_put_filter( BerElement *ber, char *str )
+ldap_pvt_put_filter( BerElement *ber, const char *str_in )
{
+ int rc;
+ char *freeme;
+ char *str;
char *next;
int parens, balance, escape;
/*
- * A Filter looks like this:
- * Filter ::= CHOICE {
- * and [0] SET OF Filter,
- * or [1] SET OF Filter,
- * not [2] Filter,
- * equalityMatch [3] AttributeValueAssertion,
- * substrings [4] SubstringFilter,
- * greaterOrEqual [5] AttributeValueAssertion,
- * lessOrEqual [6] AttributeValueAssertion,
- * present [7] AttributeType,
- * approxMatch [8] AttributeValueAssertion,
- * extensibleMatch [9] MatchingRuleAssertion -- LDAPv3
- * }
+ * A Filter looks like this (RFC 4511 as extended by RFC 4526):
+ * Filter ::= CHOICE {
+ * and [0] SET SIZE (0..MAX) OF filter Filter,
+ * or [1] SET SIZE (0..MAX) OF filter Filter,
+ * not [2] Filter,
+ * equalityMatch [3] AttributeValueAssertion,
+ * substrings [4] SubstringFilter,
+ * greaterOrEqual [5] AttributeValueAssertion,
+ * lessOrEqual [6] AttributeValueAssertion,
+ * present [7] AttributeDescription,
+ * approxMatch [8] AttributeValueAssertion,
+ * extensibleMatch [9] MatchingRuleAssertion,
+ * ... }
*
- * SubstringFilter ::= SEQUENCE {
- * type AttributeType,
- * SEQUENCE OF CHOICE {
- * initial [0] IA5String,
- * any [1] IA5String,
- * final [2] IA5String
- * }
- * }
+ * SubstringFilter ::= SEQUENCE {
+ * type AttributeDescription,
+ * substrings SEQUENCE SIZE (1..MAX) OF substring CHOICE {
+ * initial [0] AssertionValue, -- only once
+ * any [1] AssertionValue,
+ * final [2] AssertionValue -- only once
+ * }
+ * }
*
- * MatchingRuleAssertion ::= SEQUENCE { -- LDAPv3
- * matchingRule [1] MatchingRuleId OPTIONAL,
- * type [2] AttributeDescription OPTIONAL,
- * matchValue [3] AssertionValue,
- * dnAttributes [4] BOOLEAN DEFAULT FALSE }
+ * MatchingRuleAssertion ::= SEQUENCE {
+ * matchingRule [1] MatchingRuleId OPTIONAL,
+ * type [2] AttributeDescription OPTIONAL,
+ * matchValue [3] AssertionValue,
+ * dnAttributes [4] BOOLEAN DEFAULT FALSE }
*
- * Note: tags in a choice are always explicit
+ * Note: tags in a CHOICE are always explicit
*/
- Debug( LDAP_DEBUG_TRACE, "put_filter \"%s\"\n", str, 0, 0 );
+ Debug( LDAP_DEBUG_TRACE, "put_filter: \"%s\"\n", str_in, 0, 0 );
+
+ freeme = LDAP_STRDUP( str_in );
+ if( freeme == NULL ) return LDAP_NO_MEMORY;
+ str = freeme;
parens = 0;
while ( *str ) {
Debug( LDAP_DEBUG_TRACE, "put_filter: AND\n",
0, 0, 0 );
- if ( (str = put_complex_filter( ber, str,
- LDAP_FILTER_AND, 0 )) == NULL )
- return( -1 );
+ str = put_complex_filter( ber, str,
+ LDAP_FILTER_AND, 0 );
+ if( str == NULL ) {
+ rc = -1;
+ goto done;
+ }
parens--;
break;
Debug( LDAP_DEBUG_TRACE, "put_filter: OR\n",
0, 0, 0 );
- if ( (str = put_complex_filter( ber, str,
- LDAP_FILTER_OR, 0 )) == NULL )
- return( -1 );
+ str = put_complex_filter( ber, str,
+ LDAP_FILTER_OR, 0 );
+ if( str == NULL ) {
+ rc = -1;
+ goto done;
+ }
parens--;
break;
Debug( LDAP_DEBUG_TRACE, "put_filter: NOT\n",
0, 0, 0 );
- if ( (str = put_complex_filter( ber, str,
- LDAP_FILTER_NOT, 1 )) == NULL )
- return( -1 );
+ str = put_complex_filter( ber, str,
+ LDAP_FILTER_NOT, 0 );
+ if( str == NULL ) {
+ rc = -1;
+ goto done;
+ }
parens--;
break;
+ case '(':
+ rc = -1;
+ goto done;
+
default:
Debug( LDAP_DEBUG_TRACE, "put_filter: simple\n",
0, 0, 0 );
balance = 1;
escape = 0;
next = str;
+
while ( *next && balance ) {
if ( escape == 0 ) {
- if ( *next == '(' )
+ if ( *next == '(' ) {
balance++;
- else if ( *next == ')' )
+ } else if ( *next == ')' ) {
balance--;
+ }
}
- if ( *next == '\\' && ! escape )
+
+ if ( *next == '\\' && ! escape ) {
escape = 1;
- else
+ } else {
escape = 0;
- if ( balance )
- next++;
+ }
+
+ if ( balance ) next++;
+ }
+
+ if ( balance != 0 ) {
+ rc = -1;
+ goto done;
}
- if ( balance != 0 )
- return( -1 );
*next = '\0';
+
if ( put_simple_filter( ber, str ) == -1 ) {
- return( -1 );
+ rc = -1;
+ goto done;
}
- *next++ = ')';
+
+ *next++ = /*'('*/ ')';
+
str = next;
parens--;
break;
case /*'('*/ ')':
Debug( LDAP_DEBUG_TRACE, "put_filter: end\n",
0, 0, 0 );
- if ( ber_printf( ber, /*"["*/ "]" ) == -1 )
- return( -1 );
+ if ( ber_printf( ber, /*"["*/ "]" ) == -1 ) {
+ rc = -1;
+ goto done;
+ }
str++;
parens--;
break;
0, 0, 0 );
next = strchr( str, '\0' );
if ( put_simple_filter( ber, str ) == -1 ) {
- return( -1 );
+ rc = -1;
+ goto done;
}
str = next;
break;
}
+ if ( !parens )
+ break;
}
- return( parens ? -1 : 0 );
+ rc = ( parens || *str ) ? -1 : 0;
+
+done:
+ LDAP_FREE( freeme );
+ return rc;
}
/*
if ( *str == '\0' ) break;
if ( (next = find_right_paren( str + 1 )) == NULL ) {
- return( -1 );
+ return -1;
}
save = *++next;
/* now we have "(filter)" with str pointing to it */
*next = '\0';
- if ( ldap_int_put_filter( ber, str ) == -1 ) return -1;
+ if ( ldap_pvt_put_filter( ber, str ) == -1 ) return -1;
*next = save;
str = next;
ber_tag_t ftype;
int rc = -1;
- Debug( LDAP_DEBUG_TRACE, "put_simple_filter \"%s\"\n",
+ Debug( LDAP_DEBUG_TRACE, "put_simple_filter: \"%s\"\n",
str, 0, 0 );
str = LDAP_STRDUP( str );
case '<':
ftype = LDAP_FILTER_LE;
*s = '\0';
- if(! ldap_is_desc( str ) ) goto done;
break;
case '>':
ftype = LDAP_FILTER_GE;
*s = '\0';
- if(! ldap_is_desc( str ) ) goto done;
break;
case '~':
ftype = LDAP_FILTER_APPROX;
*s = '\0';
- if(! ldap_is_desc( str ) ) goto done;
break;
case ':':
- /* RFC2254 extensible filters are off the form:
+ /* RFC 4515 extensible filters are off the form:
* type [:dn] [:rule] := value
* or [:dn]:rule := value
*/
char *dn = strchr( str, ':' );
char *rule = NULL;
- if( dn == NULL ) {
- if(! ldap_is_desc( str ) ) goto done;
-
- } else {
-
+ if( dn != NULL ) {
*dn++ = '\0';
rule = strchr( dn, ':' );
if( rule == NULL ) {
/* one colon */
- if ( strcmp(dn, "dn") == 0 ) {
+ if ( strcasecmp(dn, "dn") == 0 ) {
/* must have attribute */
if( !ldap_is_desc( str ) ) {
goto done;
/* two colons */
*rule++ = '\0';
- if ( strcmp(dn, "dn") != 0 ) {
+ if ( strcasecmp(dn, "dn") != 0 ) {
/* must have "dn" */
goto done;
}
if( rc != -1 && rule && *rule != '\0' ) {
rc = ber_printf( ber, "ts", LDAP_FILTER_EXT_OID, rule );
}
+
if( rc != -1 && *str != '\0' ) {
rc = ber_printf( ber, "ts", LDAP_FILTER_EXT_TYPE, str );
}
ber_slen_t len = ldap_pvt_filter_value_unescape( value );
if( len >= 0 ) {
- rc = ber_printf( ber, "totbN}",
- LDAP_FILTER_EXT_VALUE, value, len,
- LDAP_FILTER_EXT_DNATTRS, dn != NULL);
+ rc = ber_printf( ber, "to",
+ LDAP_FILTER_EXT_VALUE, value, len );
} else {
rc = -1;
}
}
+
+ if( rc != -1 && dn ) {
+ rc = ber_printf( ber, "tb",
+ LDAP_FILTER_EXT_DNATTRS, (ber_int_t) 1 );
+ }
+
+ if( rc != -1 ) {
+ rc = ber_printf( ber, /*"{"*/ "N}" );
+ }
}
goto done;
default:
- {
+ if( !ldap_is_desc( str ) ) {
+ goto done;
+
+ } else {
char *nextstar = ldap_pvt_find_wildcard( value );
+
if ( nextstar == NULL ) {
- rc = -1;
goto done;
+
} else if ( *nextstar == '\0' ) {
ftype = LDAP_FILTER_EQUALITY;
+
} else if ( strcmp( value, "*" ) == 0 ) {
ftype = LDAP_FILTER_PRESENT;
+
} else {
- rc = put_substring_filter( ber, str, value );
+ rc = put_substring_filter( ber, str, value, nextstar );
goto done;
}
} break;
}
+ if( !ldap_is_desc( str ) ) goto done;
+
if ( ftype == LDAP_FILTER_PRESENT ) {
rc = ber_printf( ber, "ts", ftype, str );
}
}
- if( rc != -1 ) rc = 0;
-
done:
+ if( rc != -1 ) rc = 0;
LDAP_FREE( str );
return rc;
}
static int
-put_substring_filter( BerElement *ber, char *type, char *val )
+put_substring_filter( BerElement *ber, char *type, char *val, char *nextstar )
{
- char *nextstar;
int gotstar = 0;
ber_tag_t ftype = LDAP_FILTER_SUBSTRINGS;
Debug( LDAP_DEBUG_TRACE, "put_substring_filter \"%s=%s\"\n",
type, val, 0 );
- if ( ber_printf( ber, "t{s{" /*"}}"*/, ftype, type ) == -1 )
- return( -1 );
+ if ( ber_printf( ber, "t{s{" /*"}}"*/, ftype, type ) == -1 ) {
+ return -1;
+ }
for( ; *val; val=nextstar ) {
- nextstar = ldap_pvt_find_wildcard( val );
+ if ( gotstar )
+ nextstar = ldap_pvt_find_wildcard( val );
if ( nextstar == NULL ) {
return -1;
}
-
+
if ( *nextstar == '\0' ) {
ftype = LDAP_SUBSTRING_FINAL;
- } else if ( gotstar++ == 0 ) {
- ftype = LDAP_SUBSTRING_INITIAL;
} else {
- ftype = LDAP_SUBSTRING_ANY;
+ *nextstar++ = '\0';
+ if ( gotstar++ == 0 ) {
+ ftype = LDAP_SUBSTRING_INITIAL;
+ } else {
+ ftype = LDAP_SUBSTRING_ANY;
+ }
}
- *nextstar++ = '\0';
-
- if ( *val != '\0' ) {
+ if ( *val != '\0' || ftype == LDAP_SUBSTRING_ANY ) {
ber_slen_t len = ldap_pvt_filter_value_unescape( val );
- if ( len < 0 ) {
+ if ( len <= 0 ) {
return -1;
}
}
}
- if ( ber_printf( ber, /*"{{"*/ "N}N}" ) == -1 )
- return( -1 );
+ if ( ber_printf( ber, /*"{{"*/ "N}N}" ) == -1 ) {
+ return -1;
+ }
return 0;
-}
\ No newline at end of file
+}
+
+static int
+put_vrFilter( BerElement *ber, const char *str_in )
+{
+ int rc;
+ char *freeme;
+ char *str;
+ char *next;
+ int parens, balance, escape;
+
+ /*
+ * A ValuesReturnFilter looks like this:
+ *
+ * ValuesReturnFilter ::= SEQUENCE OF SimpleFilterItem
+ * SimpleFilterItem ::= CHOICE {
+ * equalityMatch [3] AttributeValueAssertion,
+ * substrings [4] SubstringFilter,
+ * greaterOrEqual [5] AttributeValueAssertion,
+ * lessOrEqual [6] AttributeValueAssertion,
+ * present [7] AttributeType,
+ * approxMatch [8] AttributeValueAssertion,
+ * extensibleMatch [9] SimpleMatchingAssertion -- LDAPv3
+ * }
+ *
+ * SubstringFilter ::= SEQUENCE {
+ * type AttributeType,
+ * SEQUENCE OF CHOICE {
+ * initial [0] IA5String,
+ * any [1] IA5String,
+ * final [2] IA5String
+ * }
+ * }
+ *
+ * SimpleMatchingAssertion ::= SEQUENCE { -- LDAPv3
+ * matchingRule [1] MatchingRuleId OPTIONAL,
+ * type [2] AttributeDescription OPTIONAL,
+ * matchValue [3] AssertionValue }
+ *
+ * (Source: RFC 3876)
+ */
+
+ Debug( LDAP_DEBUG_TRACE, "put_vrFilter: \"%s\"\n", str_in, 0, 0 );
+
+ freeme = LDAP_STRDUP( str_in );
+ if( freeme == NULL ) return LDAP_NO_MEMORY;
+ str = freeme;
+
+ parens = 0;
+ while ( *str ) {
+ switch ( *str ) {
+ case '(': /*')'*/
+ str++;
+ parens++;
+
+ /* skip spaces */
+ while( LDAP_SPACE( *str ) ) str++;
+
+ switch ( *str ) {
+ case '(':
+ if ( (next = find_right_paren( str )) == NULL ) {
+ rc = -1;
+ goto done;
+ }
+
+ *next = '\0';
+
+ if ( put_vrFilter_list( ber, str ) == -1 ) {
+ rc = -1;
+ goto done;
+ }
+
+ /* close the '(' */
+ *next++ = ')';
+
+ str = next;
+
+ parens--;
+ break;
+
+
+ default:
+ Debug( LDAP_DEBUG_TRACE, "put_vrFilter: simple\n",
+ 0, 0, 0 );
+
+ balance = 1;
+ escape = 0;
+ next = str;
+
+ while ( *next && balance ) {
+ if ( escape == 0 ) {
+ if ( *next == '(' ) {
+ balance++;
+ } else if ( *next == ')' ) {
+ balance--;
+ }
+ }
+
+ if ( *next == '\\' && ! escape ) {
+ escape = 1;
+ } else {
+ escape = 0;
+ }
+
+ if ( balance ) next++;
+ }
+
+ if ( balance != 0 ) {
+ rc = -1;
+ goto done;
+ }
+
+ *next = '\0';
+
+ if ( put_simple_vrFilter( ber, str ) == -1 ) {
+ rc = -1;
+ goto done;
+ }
+
+ *next++ = /*'('*/ ')';
+
+ str = next;
+ parens--;
+ break;
+ }
+ break;
+
+ case /*'('*/ ')':
+ Debug( LDAP_DEBUG_TRACE, "put_vrFilter: end\n",
+ 0, 0, 0 );
+ if ( ber_printf( ber, /*"["*/ "]" ) == -1 ) {
+ rc = -1;
+ goto done;
+ }
+ str++;
+ parens--;
+ break;
+
+ case ' ':
+ str++;
+ break;
+
+ default: /* assume it's a simple type=value filter */
+ Debug( LDAP_DEBUG_TRACE, "put_vrFilter: default\n",
+ 0, 0, 0 );
+ next = strchr( str, '\0' );
+ if ( put_simple_vrFilter( ber, str ) == -1 ) {
+ rc = -1;
+ goto done;
+ }
+ str = next;
+ break;
+ }
+ }
+
+ rc = parens ? -1 : 0;
+
+done:
+ LDAP_FREE( freeme );
+ return rc;
+}
+
+int
+ldap_put_vrFilter( BerElement *ber, const char *str_in )
+{
+ int rc =0;
+
+ if ( ber_printf( ber, "{" /*"}"*/ ) == -1 ) {
+ rc = -1;
+ }
+
+ rc = put_vrFilter( ber, str_in );
+
+ if ( ber_printf( ber, /*"{"*/ "N}" ) == -1 ) {
+ rc = -1;
+ }
+
+ return rc;
+}
+
+static int
+put_vrFilter_list( BerElement *ber, char *str )
+{
+ char *next = NULL;
+ char save;
+
+ Debug( LDAP_DEBUG_TRACE, "put_vrFilter_list \"%s\"\n",
+ str, 0, 0 );
+
+ while ( *str ) {
+ while ( *str && LDAP_SPACE( (unsigned char) *str ) ) {
+ str++;
+ }
+ if ( *str == '\0' ) break;
+
+ if ( (next = find_right_paren( str + 1 )) == NULL ) {
+ return -1;
+ }
+ save = *++next;
+
+ /* now we have "(filter)" with str pointing to it */
+ *next = '\0';
+ if ( put_vrFilter( ber, str ) == -1 ) return -1;
+ *next = save;
+ str = next;
+ }
+
+ return 0;
+}
+
+static int
+put_simple_vrFilter(
+ BerElement *ber,
+ char *str )
+{
+ char *s;
+ char *value;
+ ber_tag_t ftype;
+ int rc = -1;
+
+ Debug( LDAP_DEBUG_TRACE, "put_simple_vrFilter: \"%s\"\n",
+ str, 0, 0 );
+
+ str = LDAP_STRDUP( str );
+ if( str == NULL ) return -1;
+
+ if ( (s = strchr( str, '=' )) == NULL ) {
+ goto done;
+ }
+
+ value = s + 1;
+ *s-- = '\0';
+
+ switch ( *s ) {
+ case '<':
+ ftype = LDAP_FILTER_LE;
+ *s = '\0';
+ break;
+
+ case '>':
+ ftype = LDAP_FILTER_GE;
+ *s = '\0';
+ break;
+
+ case '~':
+ ftype = LDAP_FILTER_APPROX;
+ *s = '\0';
+ break;
+
+ case ':':
+ /* According to ValuesReturnFilter control definition
+ * extensible filters are off the form:
+ * type [:rule] := value
+ * or :rule := value
+ */
+ ftype = LDAP_FILTER_EXT;
+ *s = '\0';
+
+ {
+ char *rule = strchr( str, ':' );
+
+ if( rule == NULL ) {
+ /* must have attribute */
+ if( !ldap_is_desc( str ) ) {
+ goto done;
+ }
+ rule = "";
+ } else {
+ *rule++ = '\0';
+ }
+
+ if ( *str == '\0' && ( !rule || *rule == '\0' ) ) {
+ /* must have either type or rule */
+ goto done;
+ }
+
+ if ( *str != '\0' && !ldap_is_desc( str ) ) {
+ goto done;
+ }
+
+ if ( rule && *rule != '\0' && !ldap_is_oid( rule ) ) {
+ goto done;
+ }
+
+ rc = ber_printf( ber, "t{" /*"}"*/, ftype );
+
+ if( rc != -1 && rule && *rule != '\0' ) {
+ rc = ber_printf( ber, "ts", LDAP_FILTER_EXT_OID, rule );
+ }
+
+ if( rc != -1 && *str != '\0' ) {
+ rc = ber_printf( ber, "ts", LDAP_FILTER_EXT_TYPE, str );
+ }
+
+ if( rc != -1 ) {
+ ber_slen_t len = ldap_pvt_filter_value_unescape( value );
+
+ if( len >= 0 ) {
+ rc = ber_printf( ber, "to",
+ LDAP_FILTER_EXT_VALUE, value, len );
+ } else {
+ rc = -1;
+ }
+ }
+
+ if( rc != -1 ) {
+ rc = ber_printf( ber, /*"{"*/ "N}" );
+ }
+ }
+ goto done;
+
+ default:
+ if( !ldap_is_desc( str ) ) {
+ goto done;
+
+ } else {
+ char *nextstar = ldap_pvt_find_wildcard( value );
+
+ if ( nextstar == NULL ) {
+ goto done;
+
+ } else if ( *nextstar == '\0' ) {
+ ftype = LDAP_FILTER_EQUALITY;
+
+ } else if ( strcmp( value, "*" ) == 0 ) {
+ ftype = LDAP_FILTER_PRESENT;
+
+ } else {
+ rc = put_substring_filter( ber, str, value, nextstar );
+ goto done;
+ }
+ } break;
+ }
+
+ if( !ldap_is_desc( str ) ) goto done;
+
+ if ( ftype == LDAP_FILTER_PRESENT ) {
+ rc = ber_printf( ber, "ts", ftype, str );
+
+ } else {
+ ber_slen_t len = ldap_pvt_filter_value_unescape( value );
+
+ if( len >= 0 ) {
+ rc = ber_printf( ber, "t{soN}",
+ ftype, str, value, len );
+ }
+ }
+
+done:
+ if( rc != -1 ) rc = 0;
+ LDAP_FREE( str );
+ return rc;
+}
+