X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=libraries%2Flibldap%2Ffilter.c;h=3ad77c4fdb8799d7bcfb479674cf1f0eb99e8b14;hb=3d39ff68a94e4455074707d763138f01aaa1c5b1;hp=45eebb9483418f0a6eb116bdcfd3fafdbc2a3d1c;hpb=c76b36254ccb9862dcc40525596acf29185fc662;p=openldap
diff --git a/libraries/libldap/filter.c b/libraries/libldap/filter.c
index 45eebb9483..3ad77c4fdb 100644
--- a/libraries/libldap/filter.c
+++ b/libraries/libldap/filter.c
@@ -1,13 +1,20 @@
+/* search.c */
/* $OpenLDAP$ */
-/*
- * Copyright 1998-2002 The OpenLDAP Foundation, All Rights Reserved.
- * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
- */
-/* Portions
- * Copyright (c) 1990 Regents of the University of Michigan.
- * All rights reserved.
+/* This work is part of OpenLDAP Software .
+ *
+ * Copyright 1998-2007 The OpenLDAP Foundation.
+ * All rights reserved.
*
- * search.c
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * .
+ */
+/* Portions Copyright (c) 1990 Regents of the University of Michigan.
+ * All rights reserved.
*/
#include "portable.h"
@@ -324,43 +331,39 @@ ldap_pvt_put_filter( BerElement *ber, const char *str_in )
int parens, balance, escape;
/*
- * A Filter looks like this:
- * Filter ::= CHOICE {
- * and [0] SET OF Filter,
- * or [1] SET OF Filter,
- * not [2] Filter,
- * equalityMatch [3] AttributeValueAssertion,
- * substrings [4] SubstringFilter,
- * greaterOrEqual [5] AttributeValueAssertion,
- * lessOrEqual [6] AttributeValueAssertion,
- * present [7] AttributeType,
- * approxMatch [8] AttributeValueAssertion,
- * extensibleMatch [9] MatchingRuleAssertion -- LDAPv3
- * }
+ * A Filter looks like this (RFC 4511 as extended by RFC 4526):
+ * Filter ::= CHOICE {
+ * and [0] SET SIZE (0..MAX) OF filter Filter,
+ * or [1] SET SIZE (0..MAX) OF filter Filter,
+ * not [2] Filter,
+ * equalityMatch [3] AttributeValueAssertion,
+ * substrings [4] SubstringFilter,
+ * greaterOrEqual [5] AttributeValueAssertion,
+ * lessOrEqual [6] AttributeValueAssertion,
+ * present [7] AttributeDescription,
+ * approxMatch [8] AttributeValueAssertion,
+ * extensibleMatch [9] MatchingRuleAssertion,
+ * ... }
*
- * SubstringFilter ::= SEQUENCE {
- * type AttributeType,
- * SEQUENCE OF CHOICE {
- * initial [0] IA5String,
- * any [1] IA5String,
- * final [2] IA5String
- * }
- * }
+ * SubstringFilter ::= SEQUENCE {
+ * type AttributeDescription,
+ * substrings SEQUENCE SIZE (1..MAX) OF substring CHOICE {
+ * initial [0] AssertionValue, -- only once
+ * any [1] AssertionValue,
+ * final [2] AssertionValue -- only once
+ * }
+ * }
*
- * MatchingRuleAssertion ::= SEQUENCE { -- LDAPv3
- * matchingRule [1] MatchingRuleId OPTIONAL,
- * type [2] AttributeDescription OPTIONAL,
- * matchValue [3] AssertionValue,
- * dnAttributes [4] BOOLEAN DEFAULT FALSE }
+ * MatchingRuleAssertion ::= SEQUENCE {
+ * matchingRule [1] MatchingRuleId OPTIONAL,
+ * type [2] AttributeDescription OPTIONAL,
+ * matchValue [3] AssertionValue,
+ * dnAttributes [4] BOOLEAN DEFAULT FALSE }
*
- * Note: tags in a choice are always explicit
+ * Note: tags in a CHOICE are always explicit
*/
-#ifdef NEW_LOGGING
- LDAP_LOG ( FILTER, ARGS, "ldap_pvt_put_filter: \"%s\"\n", str_in,0,0 );
-#else
Debug( LDAP_DEBUG_TRACE, "put_filter: \"%s\"\n", str_in, 0, 0 );
-#endif
freeme = LDAP_STRDUP( str_in );
if( freeme == NULL ) return LDAP_NO_MEMORY;
@@ -378,12 +381,8 @@ ldap_pvt_put_filter( BerElement *ber, const char *str_in )
switch ( *str ) {
case '&':
-#ifdef NEW_LOGGING
- LDAP_LOG ( FILTER, DETAIL1, "ldap_pvt_put_filter: AND\n", 0,0,0 );
-#else
Debug( LDAP_DEBUG_TRACE, "put_filter: AND\n",
0, 0, 0 );
-#endif
str = put_complex_filter( ber, str,
LDAP_FILTER_AND, 0 );
@@ -396,12 +395,8 @@ ldap_pvt_put_filter( BerElement *ber, const char *str_in )
break;
case '|':
-#ifdef NEW_LOGGING
- LDAP_LOG ( FILTER, DETAIL1, "ldap_pvt_put_filter: OR\n", 0,0,0 );
-#else
Debug( LDAP_DEBUG_TRACE, "put_filter: OR\n",
0, 0, 0 );
-#endif
str = put_complex_filter( ber, str,
LDAP_FILTER_OR, 0 );
@@ -414,12 +409,8 @@ ldap_pvt_put_filter( BerElement *ber, const char *str_in )
break;
case '!':
-#ifdef NEW_LOGGING
- LDAP_LOG ( FILTER, DETAIL1, "ldap_pvt_put_filter: NOT\n", 0,0,0 );
-#else
Debug( LDAP_DEBUG_TRACE, "put_filter: NOT\n",
0, 0, 0 );
-#endif
str = put_complex_filter( ber, str,
LDAP_FILTER_NOT, 0 );
@@ -431,13 +422,13 @@ ldap_pvt_put_filter( BerElement *ber, const char *str_in )
parens--;
break;
+ case '(':
+ rc = -1;
+ goto done;
+
default:
-#ifdef NEW_LOGGING
- LDAP_LOG ( FILTER, DETAIL1, "ldap_pvt_put_filter: simple\n", 0,0,0);
-#else
Debug( LDAP_DEBUG_TRACE, "put_filter: simple\n",
0, 0, 0 );
-#endif
balance = 1;
escape = 0;
@@ -482,12 +473,8 @@ ldap_pvt_put_filter( BerElement *ber, const char *str_in )
break;
case /*'('*/ ')':
-#ifdef NEW_LOGGING
- LDAP_LOG ( FILTER, DETAIL1, "ldap_pvt_put_filter: end\n", 0,0,0 );
-#else
Debug( LDAP_DEBUG_TRACE, "put_filter: end\n",
0, 0, 0 );
-#endif
if ( ber_printf( ber, /*"["*/ "]" ) == -1 ) {
rc = -1;
goto done;
@@ -501,12 +488,8 @@ ldap_pvt_put_filter( BerElement *ber, const char *str_in )
break;
default: /* assume it's a simple type=value filter */
-#ifdef NEW_LOGGING
- LDAP_LOG ( FILTER, DETAIL1, "ldap_pvt_put_filter: default\n", 0,0,0 );
-#else
Debug( LDAP_DEBUG_TRACE, "put_filter: default\n",
0, 0, 0 );
-#endif
next = strchr( str, '\0' );
if ( put_simple_filter( ber, str ) == -1 ) {
rc = -1;
@@ -515,9 +498,11 @@ ldap_pvt_put_filter( BerElement *ber, const char *str_in )
str = next;
break;
}
+ if ( !parens )
+ break;
}
- rc = parens ? -1 : 0;
+ rc = ( parens || *str ) ? -1 : 0;
done:
LDAP_FREE( freeme );
@@ -534,12 +519,8 @@ put_filter_list( BerElement *ber, char *str, ber_tag_t tag )
char *next = NULL;
char save;
-#ifdef NEW_LOGGING
- LDAP_LOG ( FILTER, ARGS, "put_filter_list \"%s\"\n", str,0,0 );
-#else
Debug( LDAP_DEBUG_TRACE, "put_filter_list \"%s\"\n",
str, 0, 0 );
-#endif
while ( *str ) {
while ( *str && LDAP_SPACE( (unsigned char) *str ) ) {
@@ -578,12 +559,8 @@ put_simple_filter(
ber_tag_t ftype;
int rc = -1;
-#ifdef NEW_LOGGING
- LDAP_LOG ( FILTER, ARGS, "put_simple_filter: \"%s\"\n", str,0,0 );
-#else
Debug( LDAP_DEBUG_TRACE, "put_simple_filter: \"%s\"\n",
str, 0, 0 );
-#endif
str = LDAP_STRDUP( str );
if( str == NULL ) return -1;
@@ -612,7 +589,7 @@ put_simple_filter(
break;
case ':':
- /* RFC2254 extensible filters are off the form:
+ /* RFC 4515 extensible filters are off the form:
* type [:dn] [:rule] := value
* or [:dn]:rule := value
*/
@@ -629,7 +606,7 @@ put_simple_filter(
if( rule == NULL ) {
/* one colon */
- if ( strcmp(dn, "dn") == 0 ) {
+ if ( strcasecmp(dn, "dn") == 0 ) {
/* must have attribute */
if( !ldap_is_desc( str ) ) {
goto done;
@@ -646,7 +623,7 @@ put_simple_filter(
/* two colons */
*rule++ = '\0';
- if ( strcmp(dn, "dn") != 0 ) {
+ if ( strcasecmp(dn, "dn") != 0 ) {
/* must have "dn" */
goto done;
}
@@ -749,12 +726,8 @@ put_substring_filter( BerElement *ber, char *type, char *val )
int gotstar = 0;
ber_tag_t ftype = LDAP_FILTER_SUBSTRINGS;
-#ifdef NEW_LOGGING
- LDAP_LOG ( FILTER, ARGS, "put_substring_filter \"%s=%s\"\n", type, val, 0 );
-#else
Debug( LDAP_DEBUG_TRACE, "put_substring_filter \"%s=%s\"\n",
type, val, 0 );
-#endif
if ( ber_printf( ber, "t{s{" /*"}}"*/, ftype, type ) == -1 ) {
return -1;
@@ -778,10 +751,12 @@ put_substring_filter( BerElement *ber, char *type, char *val )
}
}
- if ( *val != '\0' || ftype == LDAP_SUBSTRING_ANY ) {
+ if ( *val == '\0' ) {
+ return -1;
+ } else {
ber_slen_t len = ldap_pvt_filter_value_unescape( val );
- if ( len < 0 ) {
+ if ( len <= 0 ) {
return -1;
}
@@ -834,13 +809,11 @@ put_vrFilter( BerElement *ber, const char *str_in )
* matchingRule [1] MatchingRuleId OPTIONAL,
* type [2] AttributeDescription OPTIONAL,
* matchValue [3] AssertionValue }
+ *
+ * (Source: RFC 3876)
*/
-#ifdef NEW_LOGGING
- LDAP_LOG ( FILTER, ARGS, "put_vrFilter: \"%s\"\n", str_in, 0, 0 );
-#else
Debug( LDAP_DEBUG_TRACE, "put_vrFilter: \"%s\"\n", str_in, 0, 0 );
-#endif
freeme = LDAP_STRDUP( str_in );
if( freeme == NULL ) return LDAP_NO_MEMORY;
@@ -880,13 +853,8 @@ put_vrFilter( BerElement *ber, const char *str_in )
default:
-#ifdef NEW_LOGGING
- LDAP_LOG ( FILTER, DETAIL1,
- "put_vrFilter: simple\n", 0, 0, 0 );
-#else
Debug( LDAP_DEBUG_TRACE, "put_vrFilter: simple\n",
0, 0, 0 );
-#endif
balance = 1;
escape = 0;
@@ -931,12 +899,8 @@ put_vrFilter( BerElement *ber, const char *str_in )
break;
case /*'('*/ ')':
-#ifdef NEW_LOGGING
- LDAP_LOG ( FILTER, DETAIL1, "put_vrFilter: end\n", 0, 0, 0 );
-#else
Debug( LDAP_DEBUG_TRACE, "put_vrFilter: end\n",
0, 0, 0 );
-#endif
if ( ber_printf( ber, /*"["*/ "]" ) == -1 ) {
rc = -1;
goto done;
@@ -950,15 +914,10 @@ put_vrFilter( BerElement *ber, const char *str_in )
break;
default: /* assume it's a simple type=value filter */
-#ifdef NEW_LOGGING
- LDAP_LOG ( FILTER, DETAIL1, "put_vrFilter: default\n",
- 0, 0, 0 );
-#else
Debug( LDAP_DEBUG_TRACE, "put_vrFilter: default\n",
0, 0, 0 );
-#endif
next = strchr( str, '\0' );
- if ( put_simple_filter( ber, str ) == -1 ) {
+ if ( put_simple_vrFilter( ber, str ) == -1 ) {
rc = -1;
goto done;
}
@@ -998,12 +957,8 @@ put_vrFilter_list( BerElement *ber, char *str )
char *next = NULL;
char save;
-#ifdef NEW_LOGGING
- LDAP_LOG ( FILTER, ARGS, "put_vrFilter_list \"%s\"\n", str, 0, 0 );
-#else
Debug( LDAP_DEBUG_TRACE, "put_vrFilter_list \"%s\"\n",
str, 0, 0 );
-#endif
while ( *str ) {
while ( *str && LDAP_SPACE( (unsigned char) *str ) ) {
@@ -1036,12 +991,8 @@ put_simple_vrFilter(
ber_tag_t ftype;
int rc = -1;
-#ifdef NEW_LOGGING
- LDAP_LOG ( FILTER, ARGS, "put_simple_vrFilter: \"%s\"\n", str, 0, 0 );
-#else
Debug( LDAP_DEBUG_TRACE, "put_simple_vrFilter: \"%s\"\n",
str, 0, 0 );
-#endif
str = LDAP_STRDUP( str );
if( str == NULL ) return -1;
@@ -1080,7 +1031,6 @@ put_simple_vrFilter(
{
char *rule = strchr( str, ':' );
- *rule++ = '\0';
if( rule == NULL ) {
/* must have attribute */
@@ -1088,12 +1038,10 @@ put_simple_vrFilter(
goto done;
}
rule = "";
-
} else {
*rule++ = '\0';
}
-
if ( *str == '\0' && ( !rule || *rule == '\0' ) ) {
/* must have either type or rule */
goto done;