+/* $OpenLDAP$ */
/*
- * Copyright 1998-1999 The OpenLDAP Foundation, All Rights Reserved.
+ * Copyright 1998-2000 The OpenLDAP Foundation, All Rights Reserved.
* COPYING RESTRICTIONS APPLY, see COPYRIGHT file
*/
/* Portions
#include <ac/stdlib.h>
-#include <ac/ctype.h>
#include <ac/socket.h>
#include <ac/string.h>
#include <ac/time.h>
#include "ldap-int.h"
-static int ldap_is_attribute LDAP_P((
+static int ldap_is_attr_oid LDAP_P((
const char *attr ));
-static int ldap_is_attribute_ext LDAP_P((
+static int ldap_is_attr_desc LDAP_P((
const char *attr ));
static int hex2value LDAP_P((
int c ));
-static ber_slen_t filter_value_unescape LDAP_P((
- char *filter ));
-
static char *find_right_paren LDAP_P((
char *s ));
-static char *find_wildcard LDAP_P((
- char *s ));
-
static char *put_complex_filter LDAP_P((
BerElement *ber,
char *str,
int sizelimit,
int *msgidp )
{
+ int rc;
BerElement *ber;
int timelimit;
Debug( LDAP_DEBUG_TRACE, "ldap_search_ext\n", 0, 0, 0 );
+ assert( ld != NULL );
+ assert( LDAP_VALID( ld ) );
+
+ /* check client controls */
+ rc = ldap_int_client_controls( ld, cctrls );
+ if( rc != LDAP_SUCCESS ) return rc;
+
/*
- * if timeout is provided, use only tv_sec as timelimit.
- * otherwise, use default.
+ * if timeout is provided, both tv_sec and tv_usec must
+ * be non-zero
*/
- timelimit = (timeout != NULL)
- ? timeout->tv_sec
- : -1;
+ if( timeout != NULL ) {
+ if( timeout->tv_sec == 0 && timeout->tv_usec == 0 ) {
+ return LDAP_PARAM_ERROR;
+ }
+
+ /* timelimit must be non-zero if timeout is provided */
+ timelimit = timeout->tv_sec != 0 ? timeout->tv_sec : 1;
+
+ } else {
+ /* no timeout, no timelimit */
+ timelimit = -1;
+ }
ber = ldap_build_search_req( ld, base, scope, filter, attrs,
attrsonly, sctrls, cctrls, timelimit, sizelimit );
return( rc );
}
- if ( ldap_result( ld, msgid, 1, timeout, res ) == -1 )
+ rc = ldap_result( ld, msgid, 1, timeout, res );
+
+ if( rc <= 0 ) {
+ /* error(-1) or timeout(0) */
return( ld->ld_errno );
+ }
+
+ if( rc == LDAP_RES_SEARCH_REFERENCE || rc == LDAP_RES_EXTENDED_PARTIAL ) {
+ return( ld->ld_errno );
+ }
return( ldap_result2error( ld, *res, 0 ) );
}
Debug( LDAP_DEBUG_TRACE, "ldap_search\n", 0, 0, 0 );
+ assert( ld != NULL );
+ assert( LDAP_VALID( ld ) );
+
ber = ldap_build_search_req( ld, base, scope, filter, attrs,
attrsonly, NULL, NULL, -1, -1 );
BerElement *
ldap_build_search_req(
LDAP *ld,
- LDAP_CONST char *base_in,
+ LDAP_CONST char *base,
ber_int_t scope,
LDAP_CONST char *filter_in,
char **attrs,
{
BerElement *ber;
int err;
- char *base;
char *filter;
/*
return( NULL );
}
- if ( base_in == NULL ) {
+ if ( base == NULL ) {
/* no base provided, use session default base */
base = ld->ld_options.ldo_defbase;
- } else {
- base = (char *) base_in;
- }
- if ( base == NULL ) {
- /* no session default base, use top */
- base = "";
+ if ( base == NULL ) {
+ /* no session default base, use top */
+ base = "";
+ }
}
#ifdef LDAP_CONNECTIONLESS
- if ( ld->ld_cldapnaddr > 0 ) {
- err = ber_printf( ber, "{ist{seeiib", ++ld->ld_msgid,
- ld->ld_cldapdn, LDAP_REQ_SEARCH, base, scope, ld->ld_deref,
- (sizelimit < 0) ? ld->ld_sizelimit : sizelimit,
- (timelimit < 0) ? ld->ld_timelimit : timelimit,
- attrsonly );
- } else {
-#endif /* LDAP_CONNECTIONLESS */
- err = ber_printf( ber, "{it{seeiib", ++ld->ld_msgid,
- LDAP_REQ_SEARCH, base, (ber_int_t) scope, ld->ld_deref,
- (sizelimit < 0) ? ld->ld_sizelimit : sizelimit,
- (timelimit < 0) ? ld->ld_timelimit : timelimit,
- attrsonly );
-#ifdef LDAP_CONNECTIONLESS
+ if ( LDAP_IS_UDP(ld) ) {
+ err = ber_write( ber, ld->ld_options.ldo_peer,
+ sizeof(struct sockaddr), 0);
+ }
+ if ( LDAP_IS_UDP(ld) && ld->ld_options.ldo_version == LDAP_VERSION2) {
+ char *dn = ld->ld_options.ldo_cldapdn;
+ if (!dn) dn = "";
+ err = ber_printf( ber, "{ist{seeiib", ++ld->ld_msgid, dn,
+ LDAP_REQ_SEARCH, base, (ber_int_t) scope, ld->ld_deref,
+ (sizelimit < 0) ? ld->ld_sizelimit : sizelimit,
+ (timelimit < 0) ? ld->ld_timelimit : timelimit,
+ attrsonly );
+ } else
+#endif
+ {
+ err = ber_printf( ber, "{it{seeiib", ++ld->ld_msgid,
+ LDAP_REQ_SEARCH, base, (ber_int_t) scope, ld->ld_deref,
+ (sizelimit < 0) ? ld->ld_sizelimit : sizelimit,
+ (timelimit < 0) ? ld->ld_timelimit : timelimit,
+ attrsonly );
}
-#endif /* LDAP_CONNECTIONLESS */
if ( err == -1 ) {
ld->ld_errno = LDAP_ENCODING_ERROR;
return( NULL );
}
- filter = LDAP_STRDUP( filter_in );
+ if( filter_in != NULL ) {
+ filter = LDAP_STRDUP( filter_in );
+ } else {
+ filter = LDAP_STRDUP( "(objectclass=*)" );
+ }
err = put_filter( ber, filter );
LDAP_FREE( filter );
return( NULL );
}
- if ( ber_printf( ber, /*{*/ "{v}}", attrs ) == -1 ) {
+ if ( ber_printf( ber, /*{*/ "{v}N}", attrs ) == -1 ) {
ld->ld_errno = LDAP_ENCODING_ERROR;
ber_free( ber, 1 );
return( NULL );
return( NULL );
}
- if ( ber_printf( ber, /*{*/ "}", attrs ) == -1 ) {
+ if ( ber_printf( ber, /*{*/ "N}" ) == -1 ) {
ld->ld_errno = LDAP_ENCODING_ERROR;
ber_free( ber, 1 );
return( NULL );
return( ber );
}
-#ifndef LDAP_UNDERSCORE
-#define LDAP_UNDERSCORE ""
-#endif
+static int ldap_is_attr_oid ( const char *attr )
+{
+ int i, c, digit=0;
-static char *spanset =
- ":-.;" LDAP_UNDERSCORE
- "ABCDEFGHIGKLMNOPQRSTUVWXYZ"
- "abcdefghijklmnopqrstuvwxyz"
- "0123456789";
+ for( i = 0; (c = attr[i]) != 0; i++ ) {
+ if( c >= '0' && c <= '9' ) {
+ digit=1;
-#define ATTR_SPANSET (spanset)
-#define EXT_SPANSET (&spanset[1])
+ } else if ( c != '.' ) {
+ /* not digit nor '.' */
+ return 0;
-static int ldap_is_attribute LDAP_P(( const char *attr ))
-{
- size_t len = strlen( attr );
- size_t span = strspn( attr, ATTR_SPANSET );
+ } else if ( !digit ) {
+ /* '.' but prev not digit */
+ return 0;
- return span == len;
+ } else {
+ /* '.' */
+ digit = 0;
+ }
+ }
+
+ return digit;
}
-static int ldap_is_attribute_ext LDAP_P(( const char *attr ))
+static int ldap_is_attr_desc ( const char *attr )
{
- size_t len = strlen( attr );
- size_t span = strspn( attr, EXT_SPANSET );
+ /* cheap attribute description check */
+ int i, c;
+
+ for( i = 0; (c = attr[i]) != 0; i++ ) {
+ if (( c >= '0' && c <= '9' )
+ || ( c >= 'A' && c <= 'Z' )
+ || ( c >= 'a' && c <= 'z' )
+ || ( c == '.' || c == '-' )
+ || ( c == ';' )) continue;
- return span == len;
+ return 0;
+ }
+
+ return i > 0;
}
static char *
return -1;
}
-static char *
-find_wildcard( char *s )
+char *
+ldap_pvt_find_wildcard( const char *s )
{
for( ; *s != '\0' ; s++ ) {
switch( *s ) {
case '*': /* found wildcard */
- return s;
+ return (char *) s;
case '\\':
s++; /* skip over escape */
- if( hex2value( s[0] ) >= 0 && hex2value( s[1] ) >= 0 ) {
- /* skip over lead digit of two hex digit code */
- s++;
- }
+ if ( *s == '\0' )
+ return NULL; /* escape at end of string */
}
}
/* unescape filter value */
/* support both LDAP v2 and v3 escapes */
/* output can include nul characters */
-static ber_slen_t
-filter_value_unescape( char *fval )
+ber_slen_t
+ldap_pvt_filter_value_unescape( char *fval )
{
ber_slen_t r, v;
int v1, v2;
/* escape at end of string */
return -1;
- } else if (( v1 = hex2value( fval[v] )) < 0 ) {
+ }
+
+ if (( v1 = hex2value( fval[v] )) >= 0 ) {
/* LDAPv3 escape */
if (( v2 = hex2value( fval[v+1] )) < 0 ) {
*next++ = ')';
/* flush explicit tagged thang */
- if ( ber_printf( ber, /*{*/ "}" ) == -1 )
+ if ( ber_printf( ber, /*{*/ "N}" ) == -1 )
return( NULL );
return( next );
case '(':
str++;
parens++;
+
+ /* skip spaces */
+ while( LDAP_SPACE( *str ) ) str++;
+
switch ( *str ) {
case '&':
Debug( LDAP_DEBUG_TRACE, "put_filter: AND\n",
Debug( LDAP_DEBUG_TRACE, "put_filter_list \"%s\"\n", str, 0, 0 );
while ( *str ) {
- while ( *str && isspace( (unsigned char) *str ) )
+ while ( *str && LDAP_SPACE( (unsigned char) *str ) )
str++;
if ( *str == '\0' )
break;
case '<':
ftype = LDAP_FILTER_LE;
*s = '\0';
- if(! ldap_is_attribute( str ) ) goto done;
+ if(! ldap_is_attr_desc( str ) ) goto done;
break;
case '>':
ftype = LDAP_FILTER_GE;
*s = '\0';
- if(! ldap_is_attribute( str ) ) goto done;
+ if(! ldap_is_attr_desc( str ) ) goto done;
break;
case '~':
ftype = LDAP_FILTER_APPROX;
*s = '\0';
- if(! ldap_is_attribute( str ) ) goto done;
+ if(! ldap_is_attr_desc( str ) ) goto done;
break;
- case ':': /* LDAPv3 extended filter */
- ftype = LDAP_FILTER_EXTENDED;
- if(! ldap_is_attribute_ext( str ) ) goto done;
- goto done; /* XXX not yet implemented */
- break;
+ case ':':
+ /* RFC2254 extensible filters are off the form:
+ * type [:dn] [:rule] := value
+ * or [:dn]:rule := value
+ */
+ ftype = LDAP_FILTER_EXT;
+ *s = '\0';
+
+ {
+ char *dn = strchr( str, ':' );
+ char *rule = NULL;
+
+ if( dn == NULL ) {
+ if(! ldap_is_attr_desc( str ) ) goto done;
+ } else {
+
+ *dn++ = '\0';
+ rule = strchr( dn, ':' );
+
+ if( rule == NULL ) {
+ /* one colon */
+ if ( strcmp(dn, "dn") == 0 ) {
+ /* must have attribute */
+ if( !ldap_is_attr_desc( str ) ) {
+ goto done;
+ }
+
+ rule = "";
+
+ } else {
+ rule = dn;
+ dn = NULL;
+ }
+
+ } else {
+ /* two colons */
+ *rule++ = '\0';
+
+ if ( strcmp(dn, "dn") != 0 ) {
+ /* must have "dn" */
+ goto done;
+ }
+ }
+
+ }
+
+ if ( *str == '\0' && ( !rule || *rule == '\0' ) ) {
+ /* must have either type or rule */
+ goto done;
+ }
+
+ if ( *str != '\0' && !ldap_is_attr_desc( str ) ) {
+ goto done;
+ }
+
+ if ( rule && *rule != '\0' && !ldap_is_attr_oid( rule ) ) {
+ goto done;
+ }
+
+ rc = ber_printf( ber, "t{" /*}*/, ftype );
+
+ if( rc != -1 && rule && *rule != '\0' ) {
+ rc = ber_printf( ber, "ts", LDAP_FILTER_EXT_OID, rule );
+ }
+ if( rc != -1 && *str != '\0' ) {
+ rc = ber_printf( ber, "ts", LDAP_FILTER_EXT_TYPE, str );
+ }
+
+ if( rc != -1 ) {
+ ber_slen_t len = ldap_pvt_filter_value_unescape( value );
+
+ if( len >= 0 ) {
+ rc = ber_printf( ber, "totbN}",
+ LDAP_FILTER_EXT_VALUE, value, len,
+ LDAP_FILTER_EXT_DNATTRS, dn != NULL);
+ } else {
+ rc = -1;
+ }
+ }
+ }
+ goto done;
default:
- if ( find_wildcard( value ) == NULL ) {
+ if ( ldap_pvt_find_wildcard( value ) == NULL ) {
ftype = LDAP_FILTER_EQUALITY;
} else if ( strcmp( value, "*" ) == 0 ) {
ftype = LDAP_FILTER_PRESENT;
rc = ber_printf( ber, "ts", ftype, str );
} else {
- ber_slen_t len = filter_value_unescape( value );
+ ber_slen_t len = ldap_pvt_filter_value_unescape( value );
if( len >= 0 ) {
- rc = ber_printf( ber, "t{so}",
+ rc = ber_printf( ber, "t{soN}",
ftype, str, value, len );
}
}
return( -1 );
for( ; val != NULL; val=nextstar ) {
- if ( (nextstar = find_wildcard( val )) != NULL )
+ if ( (nextstar = ldap_pvt_find_wildcard( val )) != NULL )
*nextstar++ = '\0';
if ( gotstar == 0 ) {
}
if ( *val != '\0' ) {
- ber_slen_t len = filter_value_unescape( val );
+ ber_slen_t len = ldap_pvt_filter_value_unescape( val );
if ( len < 0 ) {
return -1;
gotstar = 1;
}
- if ( ber_printf( ber, /* {{ */ "}}" ) == -1 )
+ if ( ber_printf( ber, /* {{ */ "N}N}" ) == -1 )
return( -1 );
return( 0 );
projects / openldap / blobdiff