X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=libraries%2Flibldap%2Fsearch.c;h=5adb5b8ed2d7aa976264eb91664b6c5df1d1f745;hb=241d6a558e3bfd7a7cfc70a1de65fa527fe40e60;hp=379aeae4b5dae35afb089eab15821381e7666d0e;hpb=669b8f4047c03d4583a44ed8287d0d5920d15373;p=openldap diff --git a/libraries/libldap/search.c b/libraries/libldap/search.c index 379aeae4b5..5adb5b8ed2 100644 --- a/libraries/libldap/search.c +++ b/libraries/libldap/search.c @@ -1,5 +1,6 @@ +/* $OpenLDAP$ */ /* - * Copyright 1998-1999 The OpenLDAP Foundation, All Rights Reserved. + * Copyright 1998-2000 The OpenLDAP Foundation, All Rights Reserved. * COPYING RESTRICTIONS APPLY, see COPYRIGHT file */ /* Portions @@ -15,13 +16,21 @@ #include -#include #include #include #include #include "ldap-int.h" +static int ldap_is_attr_oid LDAP_P(( + const char *attr )); + +static int ldap_is_attr_desc LDAP_P(( + const char *attr )); + +static int hex2value LDAP_P(( + int c )); + static char *find_right_paren LDAP_P(( char *s )); @@ -64,7 +73,7 @@ static int put_filter_list LDAP_P(( * * Example: * char *attrs[] = { "mail", "title", 0 }; - * ldap_search_ext( ld, "c=us@o=UM", LDAP_SCOPE_SUBTREE, "cn~=bob", + * ldap_search_ext( ld, "c=us,o=UM", LDAP_SCOPE_SUBTREE, "cn~=bob", * attrs, attrsonly, sctrls, ctrls, timeout, sizelimit, * &msgid ); */ @@ -82,18 +91,35 @@ ldap_search_ext( int sizelimit, int *msgidp ) { + int rc; BerElement *ber; int timelimit; Debug( LDAP_DEBUG_TRACE, "ldap_search_ext\n", 0, 0, 0 ); + assert( ld != NULL ); + assert( LDAP_VALID( ld ) ); + + /* check client controls */ + rc = ldap_int_client_controls( ld, cctrls ); + if( rc != LDAP_SUCCESS ) return rc; + /* - * if timeout is provided, use only tv_sec as timelimit. - * otherwise, use default. + * if timeout is provided, both tv_sec and tv_usec must + * be non-zero */ - timelimit = (timeout != NULL) - ? timelimit = timeout->tv_sec - : -1; + if( timeout != NULL ) { + if( timeout->tv_sec == 0 && timeout->tv_usec == 0 ) { + return LDAP_PARAM_ERROR; + } + + /* timelimit must be non-zero if timeout is provided */ + timelimit = timeout->tv_sec != 0 ? timeout->tv_sec : 1; + + } else { + /* no timeout, no timelimit */ + timelimit = -1; + } ber = ldap_build_search_req( ld, base, scope, filter, attrs, attrsonly, sctrls, cctrls, timelimit, sizelimit ); @@ -147,8 +173,16 @@ ldap_search_ext_s( return( rc ); } - if ( ldap_result( ld, msgid, 1, timeout, res ) == -1 ) + rc = ldap_result( ld, msgid, 1, timeout, res ); + + if( rc <= 0 ) { + /* error(-1) or timeout(0) */ return( ld->ld_errno ); + } + + if( rc == LDAP_RES_SEARCH_REFERENCE || rc == LDAP_RES_EXTENDED_PARTIAL ) { + return( ld->ld_errno ); + } return( ldap_result2error( ld, *res, 0 ) ); } @@ -181,6 +215,9 @@ ldap_search( Debug( LDAP_DEBUG_TRACE, "ldap_search\n", 0, 0, 0 ); + assert( ld != NULL ); + assert( LDAP_VALID( ld ) ); + ber = ldap_build_search_req( ld, base, scope, filter, attrs, attrsonly, NULL, NULL, -1, -1 ); @@ -207,7 +244,7 @@ ldap_search( BerElement * ldap_build_search_req( LDAP *ld, - LDAP_CONST char *base_in, + LDAP_CONST char *base, ber_int_t scope, LDAP_CONST char *filter_in, char **attrs, @@ -219,7 +256,6 @@ ldap_build_search_req( { BerElement *ber; int err; - char *base; char *filter; /* @@ -251,35 +287,21 @@ ldap_build_search_req( return( NULL ); } - if ( base_in == NULL ) { + if ( base == NULL ) { /* no base provided, use session default base */ base = ld->ld_options.ldo_defbase; - } else { - base = (char *) base_in; - } - if ( base == NULL ) { - /* no session default base, use top */ - base = ""; + if ( base == NULL ) { + /* no session default base, use top */ + base = ""; + } } -#ifdef LDAP_CONNECTIONLESS - if ( ld->ld_cldapnaddr > 0 ) { - err = ber_printf( ber, "{ist{seeiib", ++ld->ld_msgid, - ld->ld_cldapdn, LDAP_REQ_SEARCH, base, scope, ld->ld_deref, - (sizelimit < 0) ? ld->ld_sizelimit : sizelimit, - (timelimit < 0) ? ld->ld_timelimit : timelimit, - attrsonly ); - } else { -#endif /* LDAP_CONNECTIONLESS */ - err = ber_printf( ber, "{it{seeiib", ++ld->ld_msgid, - LDAP_REQ_SEARCH, base, (ber_int_t) scope, ld->ld_deref, - (sizelimit < 0) ? ld->ld_sizelimit : sizelimit, - (timelimit < 0) ? ld->ld_timelimit : timelimit, - attrsonly ); -#ifdef LDAP_CONNECTIONLESS - } -#endif /* LDAP_CONNECTIONLESS */ + err = ber_printf( ber, "{it{seeiib", ++ld->ld_msgid, + LDAP_REQ_SEARCH, base, (ber_int_t) scope, ld->ld_deref, + (sizelimit < 0) ? ld->ld_sizelimit : sizelimit, + (timelimit < 0) ? ld->ld_timelimit : timelimit, + attrsonly ); if ( err == -1 ) { ld->ld_errno = LDAP_ENCODING_ERROR; @@ -287,7 +309,11 @@ ldap_build_search_req( return( NULL ); } - filter = LDAP_STRDUP( filter_in ); + if( filter_in != NULL ) { + filter = LDAP_STRDUP( filter_in ); + } else { + filter = LDAP_STRDUP( "(objectclass=*)" ); + } err = put_filter( ber, filter ); LDAP_FREE( filter ); @@ -297,7 +323,7 @@ ldap_build_search_req( return( NULL ); } - if ( ber_printf( ber, /*{*/ "{v}}", attrs ) == -1 ) { + if ( ber_printf( ber, /*{*/ "{v}N}", attrs ) == -1 ) { ld->ld_errno = LDAP_ENCODING_ERROR; ber_free( ber, 1 ); return( NULL ); @@ -309,7 +335,7 @@ ldap_build_search_req( return( NULL ); } - if ( ber_printf( ber, /*{*/ "}", attrs ) == -1 ) { + if ( ber_printf( ber, /*{*/ "N}" ) == -1 ) { ld->ld_errno = LDAP_ENCODING_ERROR; ber_free( ber, 1 ); return( NULL ); @@ -318,6 +344,49 @@ ldap_build_search_req( return( ber ); } +static int ldap_is_attr_oid ( const char *attr ) +{ + int i, c, digit=0; + + for( i = 0; (c = attr[i]) != 0; i++ ) { + if( c >= '0' && c <= '9' ) { + digit=1; + + } else if ( c != '.' ) { + /* not digit nor '.' */ + return 0; + + } else if ( !digit ) { + /* '.' but prev not digit */ + return 0; + + } else { + /* '.' */ + digit = 0; + } + } + + return digit; +} + +static int ldap_is_attr_desc ( const char *attr ) +{ + /* cheap attribute description check */ + int i, c; + + for( i = 0; (c = attr[i]) != 0; i++ ) { + if (( c >= '0' && c <= '9' ) + || ( c >= 'A' && c <= 'Z' ) + || ( c >= 'a' && c <= 'z' ) + || ( c == '.' || c == '-' ) + || ( c == ';' )) continue; + + return 0; + } + + return i > 0; +} + static char * find_right_paren( char *s ) { @@ -343,6 +412,89 @@ find_right_paren( char *s ) return( *s ? s : NULL ); } +static int hex2value( int c ) +{ + if( c >= '0' && c <= '9' ) { + return c - '0'; + } + + if( c >= 'A' && c <= 'F' ) { + return c + (10 - (int) 'A'); + } + + if( c >= 'a' && c <= 'f' ) { + return c + (10 - (int) 'a'); + } + + return -1; +} + +char * +ldap_pvt_find_wildcard( const char *s ) +{ + for( ; *s != '\0' ; s++ ) { + switch( *s ) { + case '*': /* found wildcard */ + return (char *) s; + + case '\\': + s++; /* skip over escape */ + if ( *s == '\0' ) + return NULL; /* escape at end of string */ + } + } + + return NULL; +} + +/* unescape filter value */ +/* support both LDAP v2 and v3 escapes */ +/* output can include nul characters */ +ber_slen_t +ldap_pvt_filter_value_unescape( char *fval ) +{ + ber_slen_t r, v; + int v1, v2; + + for( r=v=0; fval[v] != '\0'; v++ ) { + switch( fval[v] ) { + case '\\': + /* escape */ + v++; + + if ( fval[v] == '\0' ) { + /* escape at end of string */ + return -1; + + } + + if (( v1 = hex2value( fval[v] )) >= 0 ) { + /* LDAPv3 escape */ + + if (( v2 = hex2value( fval[v+1] )) < 0 ) { + /* must be two digit code */ + return -1; + } + + fval[r++] = v1 * 16 + v2; + v++; + + } else { + /* LDAPv2 escape */ + fval[r++] = fval[v]; + } + + break; + + default: + fval[r++] = fval[v]; + } + } + + fval[r] = '\0'; + return r; +} + static char * put_complex_filter( BerElement *ber, char *str, ber_tag_t tag, int not ) { @@ -369,7 +521,7 @@ put_complex_filter( BerElement *ber, char *str, ber_tag_t tag, int not ) *next++ = ')'; /* flush explicit tagged thang */ - if ( ber_printf( ber, /*{*/ "}" ) == -1 ) + if ( ber_printf( ber, /*{*/ "N}" ) == -1 ) return( NULL ); return( next ); @@ -378,8 +530,8 @@ put_complex_filter( BerElement *ber, char *str, ber_tag_t tag, int not ) static int put_filter( BerElement *ber, char *str ) { - char *next, *tmp, *s, *d; - int parens, balance, escape, gotescape; + char *next; + int parens, balance, escape; /* * A Filter looks like this: @@ -416,12 +568,16 @@ put_filter( BerElement *ber, char *str ) Debug( LDAP_DEBUG_TRACE, "put_filter \"%s\"\n", str, 0, 0 ); - gotescape = parens = 0; + parens = 0; while ( *str ) { switch ( *str ) { case '(': str++; parens++; + + /* skip spaces */ + while( LDAP_SPACE( *str ) ) str++; + switch ( *str ) { case '&': Debug( LDAP_DEBUG_TRACE, "put_filter: AND\n", @@ -471,7 +627,7 @@ put_filter( BerElement *ber, char *str ) balance--; } if ( *next == '\\' && ! escape ) - gotescape = escape = 1; + escape = 1; else escape = 0; if ( balance ) @@ -481,24 +637,9 @@ put_filter( BerElement *ber, char *str ) return( -1 ); *next = '\0'; - tmp = LDAP_STRDUP( str ); - if ( gotescape ) { - escape = 0; - for ( s = d = tmp; *s; s++ ) { - if ( *s != '\\' || escape ) { - *d++ = *s; - escape = 0; - } else { - escape = 1; - } - } - *d = '\0'; - } - if ( put_simple_filter( ber, tmp ) == -1 ) { - LDAP_FREE( tmp ); + if ( put_simple_filter( ber, str ) == -1 ) { return( -1 ); } - LDAP_FREE( tmp ); *next++ = ')'; str = next; parens--; @@ -523,24 +664,9 @@ put_filter( BerElement *ber, char *str ) Debug( LDAP_DEBUG_TRACE, "put_filter: default\n", 0, 0, 0 ); next = strchr( str, '\0' ); - tmp = LDAP_STRDUP( str ); - if ( strchr( tmp, '\\' ) != NULL ) { - escape = 0; - for ( s = d = tmp; *s; s++ ) { - if ( *s != '\\' || escape ) { - *d++ = *s; - escape = 0; - } else { - escape = 1; - } - } - *d = '\0'; - } - if ( put_simple_filter( ber, tmp ) == -1 ) { - LDAP_FREE( tmp ); + if ( put_simple_filter( ber, str ) == -1 ) { return( -1 ); } - LDAP_FREE( tmp ); str = next; break; } @@ -562,7 +688,7 @@ put_filter_list( BerElement *ber, char *str ) Debug( LDAP_DEBUG_TRACE, "put_filter_list \"%s\"\n", str, 0, 0 ); while ( *str ) { - while ( *str && isspace( (unsigned char) *str ) ) + while ( *str && LDAP_SPACE( (unsigned char) *str ) ) str++; if ( *str == '\0' ) break; @@ -589,57 +715,152 @@ put_simple_filter( char *str ) { char *s; - char *value, savechar; + char *value; ber_tag_t ftype; - int rc; + int rc = -1; Debug( LDAP_DEBUG_TRACE, "put_simple_filter \"%s\"\n", str, 0, 0 ); - if ( (s = strchr( str, '=' )) == NULL ) - return( -1 ); + str = LDAP_STRDUP( str ); + if( str == NULL ) return -1; + + if ( (s = strchr( str, '=' )) == NULL ) { + goto done; + } + value = s + 1; *s-- = '\0'; - savechar = *s; switch ( *s ) { case '<': ftype = LDAP_FILTER_LE; *s = '\0'; + if(! ldap_is_attr_desc( str ) ) goto done; break; + case '>': ftype = LDAP_FILTER_GE; *s = '\0'; + if(! ldap_is_attr_desc( str ) ) goto done; break; + case '~': ftype = LDAP_FILTER_APPROX; *s = '\0'; + if(! ldap_is_attr_desc( str ) ) goto done; break; - case ':': /* LDAPv3 extended filter */ - ftype = LDAP_FILTER_EXTENDED; - return -1; - break; + + case ':': + /* RFC2254 extensible filters are off the form: + * type [:dn] [:rule] := value + * or [:dn]:rule := value + */ + ftype = LDAP_FILTER_EXT; + *s = '\0'; + + { + char *dn = strchr( str, ':' ); + char *rule = NULL; + + if( dn == NULL ) { + if(! ldap_is_attr_desc( str ) ) goto done; + } else { + + *dn++ = '\0'; + rule = strchr( dn, ':' ); + + if( rule == NULL ) { + /* one colon */ + if ( strcmp(dn, "dn") == 0 ) { + /* must have attribute */ + if( !ldap_is_attr_desc( str ) ) { + goto done; + } + + rule = ""; + + } else { + rule = dn; + dn = NULL; + } + + } else { + /* two colons */ + *rule++ = '\0'; + + if ( strcmp(dn, "dn") != 0 ) { + /* must have "dn" */ + goto done; + } + } + + } + + if ( *str == '\0' && ( !rule || *rule == '\0' ) ) { + /* must have either type or rule */ + goto done; + } + + if ( *str != '\0' && !ldap_is_attr_desc( str ) ) { + goto done; + } + + if ( rule && *rule != '\0' && !ldap_is_attr_oid( rule ) ) { + goto done; + } + + rc = ber_printf( ber, "t{" /*}*/, ftype ); + + if( rc != -1 && rule && *rule != '\0' ) { + rc = ber_printf( ber, "ts", LDAP_FILTER_EXT_OID, rule ); + } + if( rc != -1 && *str != '\0' ) { + rc = ber_printf( ber, "ts", LDAP_FILTER_EXT_TYPE, str ); + } + + if( rc != -1 ) { + ber_slen_t len = ldap_pvt_filter_value_unescape( value ); + + if( len >= 0 ) { + rc = ber_printf( ber, "totbN}", + LDAP_FILTER_EXT_VALUE, value, len, + LDAP_FILTER_EXT_DNATTRS, dn != NULL); + } else { + rc = -1; + } + } + } + goto done; + default: - if ( strchr( value, '*' ) == NULL ) { + if ( ldap_pvt_find_wildcard( value ) == NULL ) { ftype = LDAP_FILTER_EQUALITY; } else if ( strcmp( value, "*" ) == 0 ) { ftype = LDAP_FILTER_PRESENT; } else { rc = put_substring_filter( ber, str, value ); - *(value-1) = '='; - return( rc ); + goto done; } break; } if ( ftype == LDAP_FILTER_PRESENT ) { rc = ber_printf( ber, "ts", ftype, str ); + } else { - rc = ber_printf( ber, "t{ss}", ftype, str, value ); + ber_slen_t len = ldap_pvt_filter_value_unescape( value ); + + if( len >= 0 ) { + rc = ber_printf( ber, "t{soN}", + ftype, str, value, len ); + } } - *s = savechar; - *(value-1) = '='; - return( rc == -1 ? rc : 0 ); + if( rc != -1 ) rc = 0; + +done: + LDAP_FREE( str ); + return rc; } static int @@ -654,8 +875,8 @@ put_substring_filter( BerElement *ber, char *type, char *val ) if ( ber_printf( ber, "t{s{", ftype, type ) == -1 ) return( -1 ); - while ( val != NULL ) { - if ( (nextstar = strchr( val, '*' )) != NULL ) + for( ; val != NULL; val=nextstar ) { + if ( (nextstar = ldap_pvt_find_wildcard( val )) != NULL ) *nextstar++ = '\0'; if ( gotstar == 0 ) { @@ -665,18 +886,23 @@ put_substring_filter( BerElement *ber, char *type, char *val ) } else { ftype = LDAP_SUBSTRING_ANY; } + if ( *val != '\0' ) { - if ( ber_printf( ber, "ts", ftype, val ) == -1 ) + ber_slen_t len = ldap_pvt_filter_value_unescape( val ); + + if ( len < 0 ) { + return -1; + } + + if ( ber_printf( ber, "to", ftype, val, len ) == -1 ) { return( -1 ); + } } gotstar = 1; - if ( nextstar != NULL ) - *(nextstar-1) = '*'; - val = nextstar; } - if ( ber_printf( ber, /* {{ */ "}}" ) == -1 ) + if ( ber_printf( ber, /* {{ */ "N}N}" ) == -1 ) return( -1 ); return( 0 );