X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=libraries%2Flibldap%2Fsearch.c;h=50f50067ff92dfe2d6d32fcd46f9226367758429;hb=a2eec74fc1d535fa9092f4d7b82a669b39eef539;hp=a94f17a38c1af551c75991b396ed0c8c1a2b8188;hpb=0fe5da0f9a4b512fb4e01fedcbc6a1daae39b682;p=openldap diff --git a/libraries/libldap/search.c b/libraries/libldap/search.c index a94f17a38c..50f50067ff 100644 --- a/libraries/libldap/search.c +++ b/libraries/libldap/search.c @@ -1,5 +1,6 @@ +/* $OpenLDAP$ */ /* - * Copyright 1998-1999 The OpenLDAP Foundation, All Rights Reserved. + * Copyright 1998-2000 The OpenLDAP Foundation, All Rights Reserved. * COPYING RESTRICTIONS APPLY, see COPYRIGHT file */ /* Portions @@ -15,31 +16,24 @@ #include -#include #include #include #include #include "ldap-int.h" -static int ldap_is_attribute LDAP_P(( +static int ldap_is_attr_oid LDAP_P(( const char *attr )); -static int ldap_is_attribute_ext LDAP_P(( +static int ldap_is_attr_desc LDAP_P(( const char *attr )); static int hex2value LDAP_P(( int c )); -static ber_slen_t filter_value_unescape LDAP_P(( - char *filter )); - static char *find_right_paren LDAP_P(( char *s )); -static char *find_wildcard LDAP_P(( - char *s )); - static char *put_complex_filter LDAP_P(( BerElement *ber, char *str, @@ -97,18 +91,35 @@ ldap_search_ext( int sizelimit, int *msgidp ) { + int rc; BerElement *ber; int timelimit; Debug( LDAP_DEBUG_TRACE, "ldap_search_ext\n", 0, 0, 0 ); + assert( ld != NULL ); + assert( LDAP_VALID( ld ) ); + + /* check client controls */ + rc = ldap_int_client_controls( ld, cctrls ); + if( rc != LDAP_SUCCESS ) return rc; + /* - * if timeout is provided, use only tv_sec as timelimit. - * otherwise, use default. + * if timeout is provided, both tv_sec and tv_usec must + * be non-zero */ - timelimit = (timeout != NULL) - ? timeout->tv_sec - : -1; + if( timeout != NULL ) { + if( timeout->tv_sec == 0 && timeout->tv_usec == 0 ) { + return LDAP_PARAM_ERROR; + } + + /* timelimit must be non-zero if timeout is provided */ + timelimit = timeout->tv_sec != 0 ? timeout->tv_sec : 1; + + } else { + /* no timeout, no timelimit */ + timelimit = -1; + } ber = ldap_build_search_req( ld, base, scope, filter, attrs, attrsonly, sctrls, cctrls, timelimit, sizelimit ); @@ -162,8 +173,16 @@ ldap_search_ext_s( return( rc ); } - if ( ldap_result( ld, msgid, 1, timeout, res ) == -1 ) + rc = ldap_result( ld, msgid, 1, timeout, res ); + + if( rc <= 0 ) { + /* error(-1) or timeout(0) */ return( ld->ld_errno ); + } + + if( rc == LDAP_RES_SEARCH_REFERENCE || rc == LDAP_RES_EXTENDED_PARTIAL ) { + return( ld->ld_errno ); + } return( ldap_result2error( ld, *res, 0 ) ); } @@ -196,6 +215,9 @@ ldap_search( Debug( LDAP_DEBUG_TRACE, "ldap_search\n", 0, 0, 0 ); + assert( ld != NULL ); + assert( LDAP_VALID( ld ) ); + ber = ldap_build_search_req( ld, base, scope, filter, attrs, attrsonly, NULL, NULL, -1, -1 ); @@ -222,7 +244,7 @@ ldap_search( BerElement * ldap_build_search_req( LDAP *ld, - LDAP_CONST char *base_in, + LDAP_CONST char *base, ber_int_t scope, LDAP_CONST char *filter_in, char **attrs, @@ -234,7 +256,6 @@ ldap_build_search_req( { BerElement *ber; int err; - char *base; char *filter; /* @@ -266,35 +287,38 @@ ldap_build_search_req( return( NULL ); } - if ( base_in == NULL ) { + if ( base == NULL ) { /* no base provided, use session default base */ base = ld->ld_options.ldo_defbase; - } else { - base = (char *) base_in; - } - if ( base == NULL ) { - /* no session default base, use top */ - base = ""; + if ( base == NULL ) { + /* no session default base, use top */ + base = ""; + } } #ifdef LDAP_CONNECTIONLESS - if ( ld->ld_cldapnaddr > 0 ) { - err = ber_printf( ber, "{ist{seeiib", ++ld->ld_msgid, - ld->ld_cldapdn, LDAP_REQ_SEARCH, base, scope, ld->ld_deref, - (sizelimit < 0) ? ld->ld_sizelimit : sizelimit, - (timelimit < 0) ? ld->ld_timelimit : timelimit, - attrsonly ); - } else { -#endif /* LDAP_CONNECTIONLESS */ - err = ber_printf( ber, "{it{seeiib", ++ld->ld_msgid, - LDAP_REQ_SEARCH, base, (ber_int_t) scope, ld->ld_deref, - (sizelimit < 0) ? ld->ld_sizelimit : sizelimit, - (timelimit < 0) ? ld->ld_timelimit : timelimit, - attrsonly ); -#ifdef LDAP_CONNECTIONLESS + if ( LDAP_IS_UDP(ld) ) { + err = ber_write( ber, ld->ld_options.ldo_peer, + sizeof(struct sockaddr), 0); + } + if ( LDAP_IS_UDP(ld) && ld->ld_options.ldo_version == LDAP_VERSION2) { + char *dn = ld->ld_options.ldo_cldapdn; + if (!dn) dn = ""; + err = ber_printf( ber, "{ist{seeiib", ++ld->ld_msgid, dn, + LDAP_REQ_SEARCH, base, (ber_int_t) scope, ld->ld_deref, + (sizelimit < 0) ? ld->ld_sizelimit : sizelimit, + (timelimit < 0) ? ld->ld_timelimit : timelimit, + attrsonly ); + } else +#endif + { + err = ber_printf( ber, "{it{seeiib", ++ld->ld_msgid, + LDAP_REQ_SEARCH, base, (ber_int_t) scope, ld->ld_deref, + (sizelimit < 0) ? ld->ld_sizelimit : sizelimit, + (timelimit < 0) ? ld->ld_timelimit : timelimit, + attrsonly ); } -#endif /* LDAP_CONNECTIONLESS */ if ( err == -1 ) { ld->ld_errno = LDAP_ENCODING_ERROR; @@ -302,7 +326,11 @@ ldap_build_search_req( return( NULL ); } - filter = LDAP_STRDUP( filter_in ); + if( filter_in != NULL ) { + filter = LDAP_STRDUP( filter_in ); + } else { + filter = LDAP_STRDUP( "(objectclass=*)" ); + } err = put_filter( ber, filter ); LDAP_FREE( filter ); @@ -312,7 +340,7 @@ ldap_build_search_req( return( NULL ); } - if ( ber_printf( ber, /*{*/ "{v}}", attrs ) == -1 ) { + if ( ber_printf( ber, /*{*/ "{v}N}", attrs ) == -1 ) { ld->ld_errno = LDAP_ENCODING_ERROR; ber_free( ber, 1 ); return( NULL ); @@ -324,7 +352,7 @@ ldap_build_search_req( return( NULL ); } - if ( ber_printf( ber, /*{*/ "}", attrs ) == -1 ) { + if ( ber_printf( ber, /*{*/ "N}" ) == -1 ) { ld->ld_errno = LDAP_ENCODING_ERROR; ber_free( ber, 1 ); return( NULL ); @@ -333,33 +361,47 @@ ldap_build_search_req( return( ber ); } -#ifndef LDAP_UNDERSCORE -#define LDAP_UNDERSCORE "" -#endif +static int ldap_is_attr_oid ( const char *attr ) +{ + int i, c, digit=0; -static char *spanset = - ":-.;" LDAP_UNDERSCORE - "ABCDEFGHIGKLMNOPQRSTUVWXYZ" - "abcdefghijklmnopqrstuvwxyz" - "0123456789"; + for( i = 0; (c = attr[i]) != 0; i++ ) { + if( c >= '0' && c <= '9' ) { + digit=1; -#define ATTR_SPANSET (spanset) -#define EXT_SPANSET (&spanset[1]) + } else if ( c != '.' ) { + /* not digit nor '.' */ + return 0; -static int ldap_is_attribute LDAP_P(( const char *attr )) -{ - size_t len = strlen( attr ); - size_t span = strspn( attr, ATTR_SPANSET ); + } else if ( !digit ) { + /* '.' but prev not digit */ + return 0; - return span == len; + } else { + /* '.' */ + digit = 0; + } + } + + return digit; } -static int ldap_is_attribute_ext LDAP_P(( const char *attr )) +static int ldap_is_attr_desc ( const char *attr ) { - size_t len = strlen( attr ); - size_t span = strspn( attr, EXT_SPANSET ); + /* cheap attribute description check */ + int i, c; + + for( i = 0; (c = attr[i]) != 0; i++ ) { + if (( c >= '0' && c <= '9' ) + || ( c >= 'A' && c <= 'Z' ) + || ( c >= 'a' && c <= 'z' ) + || ( c == '.' || c == '-' ) + || ( c == ';' )) continue; - return span == len; + return 0; + } + + return i > 0; } static char * @@ -404,20 +446,18 @@ static int hex2value( int c ) return -1; } -static char * -find_wildcard( char *s ) +char * +ldap_pvt_find_wildcard( const char *s ) { for( ; *s != '\0' ; s++ ) { switch( *s ) { case '*': /* found wildcard */ - return s; + return (char *) s; case '\\': s++; /* skip over escape */ - if( hex2value( s[0] ) >= 0 && hex2value( s[1] ) >= 0 ) { - /* skip over lead digit of two hex digit code */ - s++; - } + if ( *s == '\0' ) + return NULL; /* escape at end of string */ } } @@ -427,8 +467,8 @@ find_wildcard( char *s ) /* unescape filter value */ /* support both LDAP v2 and v3 escapes */ /* output can include nul characters */ -static ber_slen_t -filter_value_unescape( char *fval ) +ber_slen_t +ldap_pvt_filter_value_unescape( char *fval ) { ber_slen_t r, v; int v1, v2; @@ -443,7 +483,9 @@ filter_value_unescape( char *fval ) /* escape at end of string */ return -1; - } else if (( v1 = hex2value( fval[v] )) < 0 ) { + } + + if (( v1 = hex2value( fval[v] )) >= 0 ) { /* LDAPv3 escape */ if (( v2 = hex2value( fval[v+1] )) < 0 ) { @@ -496,7 +538,7 @@ put_complex_filter( BerElement *ber, char *str, ber_tag_t tag, int not ) *next++ = ')'; /* flush explicit tagged thang */ - if ( ber_printf( ber, /*{*/ "}" ) == -1 ) + if ( ber_printf( ber, /*{*/ "N}" ) == -1 ) return( NULL ); return( next ); @@ -549,6 +591,10 @@ put_filter( BerElement *ber, char *str ) case '(': str++; parens++; + + /* skip spaces */ + while( LDAP_SPACE( *str ) ) str++; + switch ( *str ) { case '&': Debug( LDAP_DEBUG_TRACE, "put_filter: AND\n", @@ -659,7 +705,7 @@ put_filter_list( BerElement *ber, char *str ) Debug( LDAP_DEBUG_TRACE, "put_filter_list \"%s\"\n", str, 0, 0 ); while ( *str ) { - while ( *str && isspace( (unsigned char) *str ) ) + while ( *str && LDAP_SPACE( (unsigned char) *str ) ) str++; if ( *str == '\0' ) break; @@ -706,29 +752,105 @@ put_simple_filter( case '<': ftype = LDAP_FILTER_LE; *s = '\0'; - if(! ldap_is_attribute( str ) ) goto done; + if(! ldap_is_attr_desc( str ) ) goto done; break; case '>': ftype = LDAP_FILTER_GE; *s = '\0'; - if(! ldap_is_attribute( str ) ) goto done; + if(! ldap_is_attr_desc( str ) ) goto done; break; case '~': ftype = LDAP_FILTER_APPROX; *s = '\0'; - if(! ldap_is_attribute( str ) ) goto done; + if(! ldap_is_attr_desc( str ) ) goto done; break; - case ':': /* LDAPv3 extended filter */ - ftype = LDAP_FILTER_EXTENDED; - if(! ldap_is_attribute_ext( str ) ) goto done; - goto done; /* XXX not yet implemented */ - break; + case ':': + /* RFC2254 extensible filters are off the form: + * type [:dn] [:rule] := value + * or [:dn]:rule := value + */ + ftype = LDAP_FILTER_EXT; + *s = '\0'; + + { + char *dn = strchr( str, ':' ); + char *rule = NULL; + + if( dn == NULL ) { + if(! ldap_is_attr_desc( str ) ) goto done; + } else { + + *dn++ = '\0'; + rule = strchr( dn, ':' ); + + if( rule == NULL ) { + /* one colon */ + if ( strcmp(dn, "dn") == 0 ) { + /* must have attribute */ + if( !ldap_is_attr_desc( str ) ) { + goto done; + } + + rule = ""; + + } else { + rule = dn; + dn = NULL; + } + + } else { + /* two colons */ + *rule++ = '\0'; + + if ( strcmp(dn, "dn") != 0 ) { + /* must have "dn" */ + goto done; + } + } + + } + + if ( *str == '\0' && ( !rule || *rule == '\0' ) ) { + /* must have either type or rule */ + goto done; + } + + if ( *str != '\0' && !ldap_is_attr_desc( str ) ) { + goto done; + } + + if ( rule && *rule != '\0' && !ldap_is_attr_oid( rule ) ) { + goto done; + } + + rc = ber_printf( ber, "t{" /*}*/, ftype ); + + if( rc != -1 && rule && *rule != '\0' ) { + rc = ber_printf( ber, "ts", LDAP_FILTER_EXT_OID, rule ); + } + if( rc != -1 && *str != '\0' ) { + rc = ber_printf( ber, "ts", LDAP_FILTER_EXT_TYPE, str ); + } + + if( rc != -1 ) { + ber_slen_t len = ldap_pvt_filter_value_unescape( value ); + + if( len >= 0 ) { + rc = ber_printf( ber, "totbN}", + LDAP_FILTER_EXT_VALUE, value, len, + LDAP_FILTER_EXT_DNATTRS, dn != NULL); + } else { + rc = -1; + } + } + } + goto done; default: - if ( find_wildcard( value ) == NULL ) { + if ( ldap_pvt_find_wildcard( value ) == NULL ) { ftype = LDAP_FILTER_EQUALITY; } else if ( strcmp( value, "*" ) == 0 ) { ftype = LDAP_FILTER_PRESENT; @@ -743,10 +865,10 @@ put_simple_filter( rc = ber_printf( ber, "ts", ftype, str ); } else { - ber_slen_t len = filter_value_unescape( value ); + ber_slen_t len = ldap_pvt_filter_value_unescape( value ); if( len >= 0 ) { - rc = ber_printf( ber, "t{so}", + rc = ber_printf( ber, "t{soN}", ftype, str, value, len ); } } @@ -771,7 +893,7 @@ put_substring_filter( BerElement *ber, char *type, char *val ) return( -1 ); for( ; val != NULL; val=nextstar ) { - if ( (nextstar = find_wildcard( val )) != NULL ) + if ( (nextstar = ldap_pvt_find_wildcard( val )) != NULL ) *nextstar++ = '\0'; if ( gotstar == 0 ) { @@ -783,7 +905,7 @@ put_substring_filter( BerElement *ber, char *type, char *val ) } if ( *val != '\0' ) { - ber_slen_t len = filter_value_unescape( val ); + ber_slen_t len = ldap_pvt_filter_value_unescape( val ); if ( len < 0 ) { return -1; @@ -797,7 +919,7 @@ put_substring_filter( BerElement *ber, char *type, char *val ) gotstar = 1; } - if ( ber_printf( ber, /* {{ */ "}}" ) == -1 ) + if ( ber_printf( ber, /* {{ */ "N}N}" ) == -1 ) return( -1 ); return( 0 );