ITS#5300

[openldap] / libraries / libldap / filter.c

diff --git a/libraries/libldap/filter.c b/libraries/libldap/filter.c
index 2ff345dd6d2c75fe87b0bd160348d3c3c23ec588..3ad77c4fdb8799d7bcfb479674cf1f0eb99e8b14 100644 (file)
--- a/libraries/libldap/filter.c
+++ b/libraries/libldap/filter.c
@@ -1,13 +1,20 @@
+/* search.c */
 /* $OpenLDAP$ */
-/*
- * Copyright 1998-2002 The OpenLDAP Foundation, All Rights Reserved.
- * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
- */
-/*  Portions
- *  Copyright (c) 1990 Regents of the University of Michigan.
- *  All rights reserved.
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
  *
- *  search.c
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* Portions Copyright (c) 1990 Regents of the University of Michigan.
+ * All rights reserved.
  */
 
 #include "portable.h"
@@ -324,43 +331,39 @@ ldap_pvt_put_filter( BerElement *ber, const char *str_in )
        int     parens, balance, escape;
 
        /*
-        * A Filter looks like this:
-        *      Filter ::= CHOICE {
-        *              and             [0]     SET OF Filter,
-        *              or              [1]     SET OF Filter,
-        *              not             [2]     Filter,
-        *              equalityMatch   [3]     AttributeValueAssertion,
-        *              substrings      [4]     SubstringFilter,
-        *              greaterOrEqual  [5]     AttributeValueAssertion,
-        *              lessOrEqual     [6]     AttributeValueAssertion,
-        *              present         [7]     AttributeType,
-        *              approxMatch     [8]     AttributeValueAssertion,
-        *                              extensibleMatch [9]             MatchingRuleAssertion -- LDAPv3
-        *      }
+        * A Filter looks like this (RFC 4511 as extended by RFC 4526):
+        *     Filter ::= CHOICE {
+        *         and             [0]     SET SIZE (0..MAX) OF filter Filter,
+        *         or              [1]     SET SIZE (0..MAX) OF filter Filter,
+        *         not             [2]     Filter,
+        *         equalityMatch   [3]     AttributeValueAssertion,
+        *         substrings      [4]     SubstringFilter,
+        *         greaterOrEqual  [5]     AttributeValueAssertion,
+        *         lessOrEqual     [6]     AttributeValueAssertion,
+        *         present         [7]     AttributeDescription,
+        *         approxMatch     [8]     AttributeValueAssertion,
+        *         extensibleMatch [9]     MatchingRuleAssertion,
+        *         ... }
         *
-        *      SubstringFilter ::= SEQUENCE {
-        *              type               AttributeType,
-        *              SEQUENCE OF CHOICE {
-        *                      initial          [0] IA5String,
-        *                      any              [1] IA5String,
-        *                      final            [2] IA5String
-        *              }
-        *      }
+        *     SubstringFilter ::= SEQUENCE {
+        *         type         AttributeDescription,
+        *         substrings   SEQUENCE SIZE (1..MAX) OF substring CHOICE {
+        *             initial          [0] AssertionValue, -- only once
+        *             any              [1] AssertionValue,
+        *             final            [2] AssertionValue  -- only once
+        *             }
+        *         }
         *
-        *              MatchingRuleAssertion ::= SEQUENCE {    -- LDAPv3
-        *                      matchingRule    [1] MatchingRuleId OPTIONAL,
-        *                      type            [2] AttributeDescription OPTIONAL,
-        *                      matchValue      [3] AssertionValue,
-        *                      dnAttributes    [4] BOOLEAN DEFAULT FALSE }
+        *         MatchingRuleAssertion ::= SEQUENCE {
+        *         matchingRule    [1] MatchingRuleId OPTIONAL,
+        *         type            [2] AttributeDescription OPTIONAL,
+        *         matchValue      [3] AssertionValue,
+        *         dnAttributes    [4] BOOLEAN DEFAULT FALSE }
         *
-        * Note: tags in a choice are always explicit
+        * Note: tags in a CHOICE are always explicit
         */
 
-#ifdef NEW_LOGGING
-       LDAP_LOG ( FILTER, ARGS, "ldap_pvt_put_filter: \"%s\"\n", str_in,0,0 );
-#else
        Debug( LDAP_DEBUG_TRACE, "put_filter: \"%s\"\n", str_in, 0, 0 );
-#endif
 
        freeme = LDAP_STRDUP( str_in );
        if( freeme == NULL ) return LDAP_NO_MEMORY;
@@ -378,12 +381,8 @@ ldap_pvt_put_filter( BerElement *ber, const char *str_in )
 
                        switch ( *str ) {
                        case '&':
-#ifdef NEW_LOGGING
-                               LDAP_LOG ( FILTER, DETAIL1, "ldap_pvt_put_filter: AND\n", 0,0,0 );
-#else
                                Debug( LDAP_DEBUG_TRACE, "put_filter: AND\n",
                                    0, 0, 0 );
-#endif
 
                                str = put_complex_filter( ber, str,
                                    LDAP_FILTER_AND, 0 );
@@ -396,12 +395,8 @@ ldap_pvt_put_filter( BerElement *ber, const char *str_in )
                                break;
 
                        case '|':
-#ifdef NEW_LOGGING
-                               LDAP_LOG ( FILTER, DETAIL1, "ldap_pvt_put_filter: OR\n", 0,0,0 );
-#else
                                Debug( LDAP_DEBUG_TRACE, "put_filter: OR\n",
                                    0, 0, 0 );
-#endif
 
                                str = put_complex_filter( ber, str,
                                    LDAP_FILTER_OR, 0 );
@@ -414,12 +409,8 @@ ldap_pvt_put_filter( BerElement *ber, const char *str_in )
                                break;
 
                        case '!':
-#ifdef NEW_LOGGING
-                               LDAP_LOG ( FILTER, DETAIL1, "ldap_pvt_put_filter: NOT\n", 0,0,0 );
-#else
                                Debug( LDAP_DEBUG_TRACE, "put_filter: NOT\n",
                                    0, 0, 0 );
-#endif
 
                                str = put_complex_filter( ber, str,
                                    LDAP_FILTER_NOT, 0 );
@@ -431,13 +422,13 @@ ldap_pvt_put_filter( BerElement *ber, const char *str_in )
                                parens--;
                                break;
 
+                       case '(':
+                               rc = -1;
+                               goto done;
+
                        default:
-#ifdef NEW_LOGGING
-                               LDAP_LOG ( FILTER, DETAIL1, "ldap_pvt_put_filter: simple\n", 0,0,0);
-#else
                                Debug( LDAP_DEBUG_TRACE, "put_filter: simple\n",
                                    0, 0, 0 );
-#endif
 
                                balance = 1;
                                escape = 0;
@@ -482,12 +473,8 @@ ldap_pvt_put_filter( BerElement *ber, const char *str_in )
                        break;
 
                case /*'('*/ ')':
-#ifdef NEW_LOGGING
-                       LDAP_LOG ( FILTER, DETAIL1, "ldap_pvt_put_filter: end\n", 0,0,0 );
-#else
                        Debug( LDAP_DEBUG_TRACE, "put_filter: end\n",
                                0, 0, 0 );
-#endif
                        if ( ber_printf( ber, /*"["*/ "]" ) == -1 ) {
                                rc = -1;
                                goto done;
@@ -501,12 +488,8 @@ ldap_pvt_put_filter( BerElement *ber, const char *str_in )
                        break;
 
                default:        /* assume it's a simple type=value filter */
-#ifdef NEW_LOGGING
-                       LDAP_LOG ( FILTER, DETAIL1, "ldap_pvt_put_filter: default\n", 0,0,0 );
-#else
                        Debug( LDAP_DEBUG_TRACE, "put_filter: default\n",
                                0, 0, 0 );
-#endif
                        next = strchr( str, '\0' );
                        if ( put_simple_filter( ber, str ) == -1 ) {
                                rc = -1;
@@ -515,9 +498,11 @@ ldap_pvt_put_filter( BerElement *ber, const char *str_in )
                        str = next;
                        break;
                }
+               if ( !parens )
+                       break;
        }
 
-       rc = parens ? -1 : 0;
+       rc = ( parens || *str ) ? -1 : 0;
 
 done:
        LDAP_FREE( freeme );
@@ -534,12 +519,8 @@ put_filter_list( BerElement *ber, char *str, ber_tag_t tag )
        char    *next = NULL;
        char    save;
 
-#ifdef NEW_LOGGING
-       LDAP_LOG ( FILTER, ARGS, "put_filter_list \"%s\"\n", str,0,0 );
-#else
        Debug( LDAP_DEBUG_TRACE, "put_filter_list \"%s\"\n",
                str, 0, 0 );
-#endif
 
        while ( *str ) {
                while ( *str && LDAP_SPACE( (unsigned char) *str ) ) {
@@ -578,12 +559,8 @@ put_simple_filter(
        ber_tag_t       ftype;
        int             rc = -1;
 
-#ifdef NEW_LOGGING
-       LDAP_LOG ( FILTER, ARGS, "put_simple_filter: \"%s\"\n", str,0,0 );
-#else
        Debug( LDAP_DEBUG_TRACE, "put_simple_filter: \"%s\"\n",
                str, 0, 0 );
-#endif
 
        str = LDAP_STRDUP( str );
        if( str == NULL ) return -1;
@@ -612,7 +589,7 @@ put_simple_filter(
                break;
 
        case ':':
-               /* RFC2254 extensible filters are off the form:
+               /* RFC 4515 extensible filters are off the form:
                 *              type [:dn] [:rule] := value
                 * or   [:dn]:rule := value             
                 */
@@ -629,7 +606,7 @@ put_simple_filter(
 
                                if( rule == NULL ) {
                                        /* one colon */
-                                       if ( strcmp(dn, "dn") == 0 ) {
+                                       if ( strcasecmp(dn, "dn") == 0 ) {
                                                /* must have attribute */
                                                if( !ldap_is_desc( str ) ) {
                                                        goto done;
@@ -646,7 +623,7 @@ put_simple_filter(
                                        /* two colons */
                                        *rule++ = '\0';
 
-                                       if ( strcmp(dn, "dn") != 0 ) {
+                                       if ( strcasecmp(dn, "dn") != 0 ) {
                                                /* must have "dn" */
                                                goto done;
                                        }
@@ -749,12 +726,8 @@ put_substring_filter( BerElement *ber, char *type, char *val )
        int gotstar = 0;
        ber_tag_t       ftype = LDAP_FILTER_SUBSTRINGS;
 
-#ifdef NEW_LOGGING
-       LDAP_LOG ( FILTER, ARGS, "put_substring_filter \"%s=%s\"\n", type, val, 0 );
-#else
        Debug( LDAP_DEBUG_TRACE, "put_substring_filter \"%s=%s\"\n",
                type, val, 0 );
-#endif
 
        if ( ber_printf( ber, "t{s{" /*"}}"*/, ftype, type ) == -1 ) {
                return -1;
@@ -778,10 +751,12 @@ put_substring_filter( BerElement *ber, char *type, char *val )
                        }
                }
 
-               if ( *val != '\0' || ftype == LDAP_SUBSTRING_ANY ) {
+               if ( *val == '\0' ) {
+                       return -1;
+               } else {
                        ber_slen_t len = ldap_pvt_filter_value_unescape( val );
 
-                       if ( len < 0  ) {
+                       if ( len <= 0  ) {
                                return -1;
                        }
 
@@ -834,13 +809,11 @@ put_vrFilter( BerElement *ber, const char *str_in )
         *              matchingRule    [1] MatchingRuleId OPTIONAL,
         *              type            [2] AttributeDescription OPTIONAL,
         *              matchValue      [3] AssertionValue }
+        *
+        * (Source: RFC 3876)
         */
 
-#ifdef NEW_LOGGING
-       LDAP_LOG ( FILTER, ARGS, "put_vrFilter: \"%s\"\n", str_in, 0, 0 );
-#else
        Debug( LDAP_DEBUG_TRACE, "put_vrFilter: \"%s\"\n", str_in, 0, 0 );
-#endif
 
        freeme = LDAP_STRDUP( str_in );
        if( freeme == NULL ) return LDAP_NO_MEMORY;
@@ -880,13 +853,8 @@ put_vrFilter( BerElement *ber, const char *str_in )
 
 
                        default:
-#ifdef NEW_LOGGING
-                               LDAP_LOG ( FILTER, DETAIL1, 
-                                       "put_vrFilter: simple\n", 0, 0, 0 );
-#else
                                Debug( LDAP_DEBUG_TRACE, "put_vrFilter: simple\n",
                                    0, 0, 0 );
-#endif
 
                                balance = 1;
                                escape = 0;
@@ -931,12 +899,8 @@ put_vrFilter( BerElement *ber, const char *str_in )
                        break;
 
                case /*'('*/ ')':
-#ifdef NEW_LOGGING
-                       LDAP_LOG ( FILTER, DETAIL1, "put_vrFilter: end\n", 0, 0, 0 );
-#else
                        Debug( LDAP_DEBUG_TRACE, "put_vrFilter: end\n",
                                0, 0, 0 );
-#endif
                        if ( ber_printf( ber, /*"["*/ "]" ) == -1 ) {
                                rc = -1;
                                goto done;
@@ -950,15 +914,10 @@ put_vrFilter( BerElement *ber, const char *str_in )
                        break;
 
                default:        /* assume it's a simple type=value filter */
-#ifdef NEW_LOGGING
-                       LDAP_LOG ( FILTER, DETAIL1, "put_vrFilter: default\n", 
-                               0, 0, 0 );
-#else
                        Debug( LDAP_DEBUG_TRACE, "put_vrFilter: default\n",
                                0, 0, 0 );
-#endif
                        next = strchr( str, '\0' );
-                       if ( put_simple_filter( ber, str ) == -1 ) {
+                       if ( put_simple_vrFilter( ber, str ) == -1 ) {
                                rc = -1;
                                goto done;
                        }
@@ -998,12 +957,8 @@ put_vrFilter_list( BerElement *ber, char *str )
        char    *next = NULL;
        char    save;
 
-#ifdef NEW_LOGGING
-       LDAP_LOG ( FILTER, ARGS, "put_vrFilter_list \"%s\"\n", str, 0, 0 );
-#else
        Debug( LDAP_DEBUG_TRACE, "put_vrFilter_list \"%s\"\n",
                str, 0, 0 );
-#endif
 
        while ( *str ) {
                while ( *str && LDAP_SPACE( (unsigned char) *str ) ) {
@@ -1036,12 +991,8 @@ put_simple_vrFilter(
        ber_tag_t       ftype;
        int             rc = -1;
 
-#ifdef NEW_LOGGING
-       LDAP_LOG ( FILTER, ARGS, "put_simple_vrFilter: \"%s\"\n", str, 0, 0 );
-#else
        Debug( LDAP_DEBUG_TRACE, "put_simple_vrFilter: \"%s\"\n",
                str, 0, 0 );
-#endif
 
        str = LDAP_STRDUP( str );
        if( str == NULL ) return -1;
@@ -1080,7 +1031,6 @@ put_simple_vrFilter(
 
                {
                        char *rule = strchr( str, ':' );
-                       *rule++ = '\0';
 
                        if( rule == NULL ) {
                                /* must have attribute */
@@ -1088,12 +1038,10 @@ put_simple_vrFilter(
                                        goto done;
                                }
                                rule = "";
-                       
                        } else {
                                *rule++ = '\0';
                        }
 
-
                        if ( *str == '\0' && ( !rule || *rule == '\0' ) ) {
                                /* must have either type or rule */
                                goto done;