X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=libraries%2Flibldap%2Fsearch.c;h=c8e276a6635af17e1f90e61675c094c103fb9e06;hb=7887ef7e92a4b91d20814242322dfc33d3ebb0ee;hp=a94f17a38c1af551c75991b396ed0c8c1a2b8188;hpb=0fe5da0f9a4b512fb4e01fedcbc6a1daae39b682;p=openldap diff --git a/libraries/libldap/search.c b/libraries/libldap/search.c index a94f17a38c..c8e276a663 100644 --- a/libraries/libldap/search.c +++ b/libraries/libldap/search.c @@ -1,5 +1,6 @@ +/* $OpenLDAP$ */ /* - * Copyright 1998-1999 The OpenLDAP Foundation, All Rights Reserved. + * Copyright 1998-2002 The OpenLDAP Foundation, All Rights Reserved. * COPYING RESTRICTIONS APPLY, see COPYRIGHT file */ /* Portions @@ -15,53 +16,12 @@ #include -#include #include #include #include #include "ldap-int.h" -static int ldap_is_attribute LDAP_P(( - const char *attr )); - -static int ldap_is_attribute_ext LDAP_P(( - const char *attr )); - -static int hex2value LDAP_P(( - int c )); - -static ber_slen_t filter_value_unescape LDAP_P(( - char *filter )); - -static char *find_right_paren LDAP_P(( - char *s )); - -static char *find_wildcard LDAP_P(( - char *s )); - -static char *put_complex_filter LDAP_P(( - BerElement *ber, - char *str, - ber_tag_t tag, - int not )); - -static int put_filter LDAP_P(( - BerElement *ber, - char *str )); - -static int put_simple_filter LDAP_P(( - BerElement *ber, - char *str )); - -static int put_substring_filter LDAP_P(( - BerElement *ber, - char *type, - char *str )); - -static int put_filter_list LDAP_P(( - BerElement *ber, - char *str )); /* * ldap_search_ext - initiate an ldap search operation. @@ -79,7 +39,7 @@ static int put_filter_list LDAP_P(( * * Example: * char *attrs[] = { "mail", "title", 0 }; - * ldap_search_ext( ld, "c=us,o=UM", LDAP_SCOPE_SUBTREE, "cn~=bob", + * ldap_search_ext( ld, "dc=example,dc=com", LDAP_SCOPE_SUBTREE, "cn~=bob", * attrs, attrsonly, sctrls, ctrls, timeout, sizelimit, * &msgid ); */ @@ -97,18 +57,35 @@ ldap_search_ext( int sizelimit, int *msgidp ) { + int rc; BerElement *ber; int timelimit; Debug( LDAP_DEBUG_TRACE, "ldap_search_ext\n", 0, 0, 0 ); + assert( ld != NULL ); + assert( LDAP_VALID( ld ) ); + + /* check client controls */ + rc = ldap_int_client_controls( ld, cctrls ); + if( rc != LDAP_SUCCESS ) return rc; + /* - * if timeout is provided, use only tv_sec as timelimit. - * otherwise, use default. + * if timeout is provided, both tv_sec and tv_usec must + * be non-zero */ - timelimit = (timeout != NULL) - ? timeout->tv_sec - : -1; + if( timeout != NULL ) { + if( timeout->tv_sec == 0 && timeout->tv_usec == 0 ) { + return LDAP_PARAM_ERROR; + } + + /* timelimit must be non-zero if timeout is provided */ + timelimit = timeout->tv_sec != 0 ? timeout->tv_sec : 1; + + } else { + /* no timeout, no timelimit */ + timelimit = -1; + } ber = ldap_build_search_req( ld, base, scope, filter, attrs, attrsonly, sctrls, cctrls, timelimit, sizelimit ); @@ -162,8 +139,16 @@ ldap_search_ext_s( return( rc ); } - if ( ldap_result( ld, msgid, 1, timeout, res ) == -1 ) + rc = ldap_result( ld, msgid, 1, timeout, res ); + + if( rc <= 0 ) { + /* error(-1) or timeout(0) */ return( ld->ld_errno ); + } + + if( rc == LDAP_RES_SEARCH_REFERENCE || rc == LDAP_RES_EXTENDED_PARTIAL ) { + return( ld->ld_errno ); + } return( ldap_result2error( ld, *res, 0 ) ); } @@ -184,7 +169,7 @@ ldap_search_ext_s( * * Example: * char *attrs[] = { "mail", "title", 0 }; - * msgid = ldap_search( ld, "c=us@o=UM", LDAP_SCOPE_SUBTREE, "cn~=bob", + * msgid = ldap_search( ld, "dc=example,dc=com", LDAP_SCOPE_SUBTREE, "cn~=bob", * attrs, attrsonly ); */ int @@ -196,6 +181,9 @@ ldap_search( Debug( LDAP_DEBUG_TRACE, "ldap_search\n", 0, 0, 0 ); + assert( ld != NULL ); + assert( LDAP_VALID( ld ) ); + ber = ldap_build_search_req( ld, base, scope, filter, attrs, attrsonly, NULL, NULL, -1, -1 ); @@ -222,9 +210,9 @@ ldap_search( BerElement * ldap_build_search_req( LDAP *ld, - LDAP_CONST char *base_in, + LDAP_CONST char *base, ber_int_t scope, - LDAP_CONST char *filter_in, + LDAP_CONST char *filter, char **attrs, ber_int_t attrsonly, LDAPControl **sctrls, @@ -234,8 +222,6 @@ ldap_build_search_req( { BerElement *ber; int err; - char *base; - char *filter; /* * Create the search request. It looks like this: @@ -266,35 +252,38 @@ ldap_build_search_req( return( NULL ); } - if ( base_in == NULL ) { + if ( base == NULL ) { /* no base provided, use session default base */ base = ld->ld_options.ldo_defbase; - } else { - base = (char *) base_in; - } - if ( base == NULL ) { - /* no session default base, use top */ - base = ""; + if ( base == NULL ) { + /* no session default base, use top */ + base = ""; + } } #ifdef LDAP_CONNECTIONLESS - if ( ld->ld_cldapnaddr > 0 ) { - err = ber_printf( ber, "{ist{seeiib", ++ld->ld_msgid, - ld->ld_cldapdn, LDAP_REQ_SEARCH, base, scope, ld->ld_deref, - (sizelimit < 0) ? ld->ld_sizelimit : sizelimit, - (timelimit < 0) ? ld->ld_timelimit : timelimit, - attrsonly ); - } else { -#endif /* LDAP_CONNECTIONLESS */ - err = ber_printf( ber, "{it{seeiib", ++ld->ld_msgid, - LDAP_REQ_SEARCH, base, (ber_int_t) scope, ld->ld_deref, - (sizelimit < 0) ? ld->ld_sizelimit : sizelimit, - (timelimit < 0) ? ld->ld_timelimit : timelimit, - attrsonly ); -#ifdef LDAP_CONNECTIONLESS + if ( LDAP_IS_UDP(ld) ) { + err = ber_write( ber, ld->ld_options.ldo_peer, + sizeof(struct sockaddr), 0); + } + if ( LDAP_IS_UDP(ld) && ld->ld_options.ldo_version == LDAP_VERSION2) { + char *dn = ld->ld_options.ldo_cldapdn; + if (!dn) dn = ""; + err = ber_printf( ber, "{ist{seeiib", ++ld->ld_msgid, dn, + LDAP_REQ_SEARCH, base, (ber_int_t) scope, ld->ld_deref, + (sizelimit < 0) ? ld->ld_sizelimit : sizelimit, + (timelimit < 0) ? ld->ld_timelimit : timelimit, + attrsonly ); + } else +#endif + { + err = ber_printf( ber, "{it{seeiib", ++ld->ld_msgid, + LDAP_REQ_SEARCH, base, (ber_int_t) scope, ld->ld_deref, + (sizelimit < 0) ? ld->ld_sizelimit : sizelimit, + (timelimit < 0) ? ld->ld_timelimit : timelimit, + attrsonly ); } -#endif /* LDAP_CONNECTIONLESS */ if ( err == -1 ) { ld->ld_errno = LDAP_ENCODING_ERROR; @@ -302,9 +291,11 @@ ldap_build_search_req( return( NULL ); } - filter = LDAP_STRDUP( filter_in ); - err = put_filter( ber, filter ); - LDAP_FREE( filter ); + if( filter == NULL ) { + filter = "(objectclass=*)"; + } + + err = ldap_int_put_filter( ber, filter ); if ( err == -1 ) { ld->ld_errno = LDAP_FILTER_ERROR; @@ -312,7 +303,7 @@ ldap_build_search_req( return( NULL ); } - if ( ber_printf( ber, /*{*/ "{v}}", attrs ) == -1 ) { + if ( ber_printf( ber, /*{*/ "{v}N}", attrs ) == -1 ) { ld->ld_errno = LDAP_ENCODING_ERROR; ber_free( ber, 1 ); return( NULL ); @@ -324,7 +315,7 @@ ldap_build_search_req( return( NULL ); } - if ( ber_printf( ber, /*{*/ "}", attrs ) == -1 ) { + if ( ber_printf( ber, /*{*/ "N}" ) == -1 ) { ld->ld_errno = LDAP_ENCODING_ERROR; ber_free( ber, 1 ); return( NULL ); @@ -333,476 +324,6 @@ ldap_build_search_req( return( ber ); } -#ifndef LDAP_UNDERSCORE -#define LDAP_UNDERSCORE "" -#endif - -static char *spanset = - ":-.;" LDAP_UNDERSCORE - "ABCDEFGHIGKLMNOPQRSTUVWXYZ" - "abcdefghijklmnopqrstuvwxyz" - "0123456789"; - -#define ATTR_SPANSET (spanset) -#define EXT_SPANSET (&spanset[1]) - -static int ldap_is_attribute LDAP_P(( const char *attr )) -{ - size_t len = strlen( attr ); - size_t span = strspn( attr, ATTR_SPANSET ); - - return span == len; -} - -static int ldap_is_attribute_ext LDAP_P(( const char *attr )) -{ - size_t len = strlen( attr ); - size_t span = strspn( attr, EXT_SPANSET ); - - return span == len; -} - -static char * -find_right_paren( char *s ) -{ - int balance, escape; - - balance = 1; - escape = 0; - while ( *s && balance ) { - if ( escape == 0 ) { - if ( *s == '(' ) - balance++; - else if ( *s == ')' ) - balance--; - } - if ( *s == '\\' && ! escape ) - escape = 1; - else - escape = 0; - if ( balance ) - s++; - } - - return( *s ? s : NULL ); -} - -static int hex2value( int c ) -{ - if( c >= '0' && c <= '9' ) { - return c - '0'; - } - - if( c >= 'A' && c <= 'F' ) { - return c + (10 - (int) 'A'); - } - - if( c >= 'a' && c <= 'f' ) { - return c + (10 - (int) 'a'); - } - - return -1; -} - -static char * -find_wildcard( char *s ) -{ - for( ; *s != '\0' ; s++ ) { - switch( *s ) { - case '*': /* found wildcard */ - return s; - - case '\\': - s++; /* skip over escape */ - if( hex2value( s[0] ) >= 0 && hex2value( s[1] ) >= 0 ) { - /* skip over lead digit of two hex digit code */ - s++; - } - } - } - - return NULL; -} - -/* unescape filter value */ -/* support both LDAP v2 and v3 escapes */ -/* output can include nul characters */ -static ber_slen_t -filter_value_unescape( char *fval ) -{ - ber_slen_t r, v; - int v1, v2; - - for( r=v=0; fval[v] != '\0'; v++ ) { - switch( fval[v] ) { - case '\\': - /* escape */ - v++; - - if ( fval[v] == '\0' ) { - /* escape at end of string */ - return -1; - - } else if (( v1 = hex2value( fval[v] )) < 0 ) { - /* LDAPv3 escape */ - - if (( v2 = hex2value( fval[v+1] )) < 0 ) { - /* must be two digit code */ - return -1; - } - - fval[r++] = v1 * 16 + v2; - v++; - - } else { - /* LDAPv2 escape */ - fval[r++] = fval[v]; - } - - break; - - default: - fval[r++] = fval[v]; - } - } - - fval[r] = '\0'; - return r; -} - -static char * -put_complex_filter( BerElement *ber, char *str, ber_tag_t tag, int not ) -{ - char *next; - - /* - * We have (x(filter)...) with str sitting on - * the x. We have to find the paren matching - * the one before the x and put the intervening - * filters by calling put_filter_list(). - */ - - /* put explicit tag */ - if ( ber_printf( ber, "t{" /*}*/, tag ) == -1 ) - return( NULL ); - - str++; - if ( (next = find_right_paren( str )) == NULL ) - return( NULL ); - - *next = '\0'; - if ( put_filter_list( ber, str ) == -1 ) - return( NULL ); - *next++ = ')'; - - /* flush explicit tagged thang */ - if ( ber_printf( ber, /*{*/ "}" ) == -1 ) - return( NULL ); - - return( next ); -} - -static int -put_filter( BerElement *ber, char *str ) -{ - char *next; - int parens, balance, escape; - - /* - * A Filter looks like this: - * Filter ::= CHOICE { - * and [0] SET OF Filter, - * or [1] SET OF Filter, - * not [2] Filter, - * equalityMatch [3] AttributeValueAssertion, - * substrings [4] SubstringFilter, - * greaterOrEqual [5] AttributeValueAssertion, - * lessOrEqual [6] AttributeValueAssertion, - * present [7] AttributeType, - * approxMatch [8] AttributeValueAssertion, - * extensibleMatch [9] MatchingRuleAssertion -- LDAPv3 - * } - * - * SubstringFilter ::= SEQUENCE { - * type AttributeType, - * SEQUENCE OF CHOICE { - * initial [0] IA5String, - * any [1] IA5String, - * final [2] IA5String - * } - * } - * - * MatchingRuleAssertion ::= SEQUENCE { -- LDAPv3 - * matchingRule [1] MatchingRuleId OPTIONAL, - * type [2] AttributeDescription OPTIONAL, - * matchValue [3] AssertionValue, - * dnAttributes [4] BOOLEAN DEFAULT FALSE } - * - * Note: tags in a choice are always explicit - */ - - Debug( LDAP_DEBUG_TRACE, "put_filter \"%s\"\n", str, 0, 0 ); - - parens = 0; - while ( *str ) { - switch ( *str ) { - case '(': - str++; - parens++; - switch ( *str ) { - case '&': - Debug( LDAP_DEBUG_TRACE, "put_filter: AND\n", - 0, 0, 0 ); - - if ( (str = put_complex_filter( ber, str, - LDAP_FILTER_AND, 0 )) == NULL ) - return( -1 ); - - parens--; - break; - - case '|': - Debug( LDAP_DEBUG_TRACE, "put_filter: OR\n", - 0, 0, 0 ); - - if ( (str = put_complex_filter( ber, str, - LDAP_FILTER_OR, 0 )) == NULL ) - return( -1 ); - - parens--; - break; - - case '!': - Debug( LDAP_DEBUG_TRACE, "put_filter: NOT\n", - 0, 0, 0 ); - - if ( (str = put_complex_filter( ber, str, - LDAP_FILTER_NOT, 1 )) == NULL ) - return( -1 ); - - parens--; - break; - - default: - Debug( LDAP_DEBUG_TRACE, "put_filter: simple\n", - 0, 0, 0 ); - - balance = 1; - escape = 0; - next = str; - while ( *next && balance ) { - if ( escape == 0 ) { - if ( *next == '(' ) - balance++; - else if ( *next == ')' ) - balance--; - } - if ( *next == '\\' && ! escape ) - escape = 1; - else - escape = 0; - if ( balance ) - next++; - } - if ( balance != 0 ) - return( -1 ); - - *next = '\0'; - if ( put_simple_filter( ber, str ) == -1 ) { - return( -1 ); - } - *next++ = ')'; - str = next; - parens--; - break; - } - break; - - case ')': - Debug( LDAP_DEBUG_TRACE, "put_filter: end\n", 0, 0, - 0 ); - if ( ber_printf( ber, /*[*/ "]" ) == -1 ) - return( -1 ); - str++; - parens--; - break; - - case ' ': - str++; - break; - - default: /* assume it's a simple type=value filter */ - Debug( LDAP_DEBUG_TRACE, "put_filter: default\n", 0, 0, - 0 ); - next = strchr( str, '\0' ); - if ( put_simple_filter( ber, str ) == -1 ) { - return( -1 ); - } - str = next; - break; - } - } - - return( parens ? -1 : 0 ); -} - -/* - * Put a list of filters like this "(filter1)(filter2)..." - */ - -static int -put_filter_list( BerElement *ber, char *str ) -{ - char *next; - char save; - - Debug( LDAP_DEBUG_TRACE, "put_filter_list \"%s\"\n", str, 0, 0 ); - - while ( *str ) { - while ( *str && isspace( (unsigned char) *str ) ) - str++; - if ( *str == '\0' ) - break; - - if ( (next = find_right_paren( str + 1 )) == NULL ) - return( -1 ); - save = *++next; - - /* now we have "(filter)" with str pointing to it */ - *next = '\0'; - if ( put_filter( ber, str ) == -1 ) - return( -1 ); - *next = save; - - str = next; - } - - return( 0 ); -} - -static int -put_simple_filter( - BerElement *ber, - char *str ) -{ - char *s; - char *value; - ber_tag_t ftype; - int rc = -1; - - Debug( LDAP_DEBUG_TRACE, "put_simple_filter \"%s\"\n", str, 0, 0 ); - - str = LDAP_STRDUP( str ); - if( str == NULL ) return -1; - - if ( (s = strchr( str, '=' )) == NULL ) { - goto done; - } - - value = s + 1; - *s-- = '\0'; - - switch ( *s ) { - case '<': - ftype = LDAP_FILTER_LE; - *s = '\0'; - if(! ldap_is_attribute( str ) ) goto done; - break; - - case '>': - ftype = LDAP_FILTER_GE; - *s = '\0'; - if(! ldap_is_attribute( str ) ) goto done; - break; - - case '~': - ftype = LDAP_FILTER_APPROX; - *s = '\0'; - if(! ldap_is_attribute( str ) ) goto done; - break; - - case ':': /* LDAPv3 extended filter */ - ftype = LDAP_FILTER_EXTENDED; - if(! ldap_is_attribute_ext( str ) ) goto done; - goto done; /* XXX not yet implemented */ - break; - - default: - if ( find_wildcard( value ) == NULL ) { - ftype = LDAP_FILTER_EQUALITY; - } else if ( strcmp( value, "*" ) == 0 ) { - ftype = LDAP_FILTER_PRESENT; - } else { - rc = put_substring_filter( ber, str, value ); - goto done; - } - break; - } - - if ( ftype == LDAP_FILTER_PRESENT ) { - rc = ber_printf( ber, "ts", ftype, str ); - - } else { - ber_slen_t len = filter_value_unescape( value ); - - if( len >= 0 ) { - rc = ber_printf( ber, "t{so}", - ftype, str, value, len ); - } - } - - if( rc != -1 ) rc = 0; - -done: - LDAP_FREE( str ); - return rc; -} - -static int -put_substring_filter( BerElement *ber, char *type, char *val ) -{ - char *nextstar, gotstar = 0; - ber_tag_t ftype = LDAP_FILTER_SUBSTRINGS; - - Debug( LDAP_DEBUG_TRACE, "put_substring_filter \"%s=%s\"\n", type, - val, 0 ); - - if ( ber_printf( ber, "t{s{", ftype, type ) == -1 ) - return( -1 ); - - for( ; val != NULL; val=nextstar ) { - if ( (nextstar = find_wildcard( val )) != NULL ) - *nextstar++ = '\0'; - - if ( gotstar == 0 ) { - ftype = LDAP_SUBSTRING_INITIAL; - } else if ( nextstar == NULL ) { - ftype = LDAP_SUBSTRING_FINAL; - } else { - ftype = LDAP_SUBSTRING_ANY; - } - - if ( *val != '\0' ) { - ber_slen_t len = filter_value_unescape( val ); - - if ( len < 0 ) { - return -1; - } - - if ( ber_printf( ber, "to", ftype, val, len ) == -1 ) { - return( -1 ); - } - } - - gotstar = 1; - } - - if ( ber_printf( ber, /* {{ */ "}}" ) == -1 ) - return( -1 ); - - return( 0 ); -} - int ldap_search_st( LDAP *ld, LDAP_CONST char *base, int scope,