|
version 1.13.4.7, 2001/06/02 00:47:49
|
version 1.136, 2006/12/25 22:30:45
|
|
Line 1
|
Line 1
|
| /* filter.c - routines for parsing and dealing with filters */ |
/* filter.c - routines for parsing and dealing with filters */ |
| /* $OpenLDAP: pkg/ldap/servers/slapd/filter.c,v 1.13.4.6 2000/10/11 02:43:58 kurt Exp $ */ |
/* $OpenLDAP: pkg/ldap/servers/slapd/filter.c,v 1.135 2006/09/09 14:23:02 ando Exp $ */ |
| /* |
/* This work is part of OpenLDAP Software <http://www.openldap.org/>. |
| * Copyright 1998-2000 The OpenLDAP Foundation, All Rights Reserved. |
* |
| * COPYING RESTRICTIONS APPLY, see COPYRIGHT file |
* Copyright 1998-2006 The OpenLDAP Foundation. |
| |
* All rights reserved. |
| |
* |
| |
* Redistribution and use in source and binary forms, with or without |
| |
* modification, are permitted only as authorized by the OpenLDAP |
| |
* Public License. |
| |
* |
| |
* A copy of this license is available in the file LICENSE in the |
| |
* top-level directory of the distribution or, alternatively, at |
| |
* <http://www.OpenLDAP.org/license.html>. |
| |
*/ |
| |
/* Portions Copyright (c) 1995 Regents of the University of Michigan. |
| |
* All rights reserved. |
| |
* |
| |
* Redistribution and use in source and binary forms are permitted |
| |
* provided that this notice is preserved and that due credit is given |
| |
* to the University of Michigan at Ann Arbor. The name of the University |
| |
* may not be used to endorse or promote products derived from this |
| |
* software without specific prior written permission. This software |
| |
* is provided ``as is'' without express or implied warranty. |
| */ |
*/ |
| |
|
| #include "portable.h" |
#include "portable.h" |
|
Line 15
|
Line 34
|
| #include "slap.h" |
#include "slap.h" |
| |
|
| static int get_filter_list( |
static int get_filter_list( |
| Connection *conn, |
Operation *op, |
| BerElement *ber, |
BerElement *ber, |
| Filter **f, |
Filter **f, |
| char **fstr, |
|
| const char **text ); |
const char **text ); |
| |
|
| static int get_substring_filter( |
static int get_ssa( |
| Connection *conn, |
Operation *op, |
| BerElement *ber, |
BerElement *ber, |
| Filter *f, |
Filter *f, |
| char **fstr, |
|
| const char **text ); |
const char **text ); |
| |
|
| static int filter_escape_value( |
static void simple_vrFilter2bv( |
| struct berval *in, |
Operation *op, |
| struct berval *out ); |
ValuesReturnFilter *f, |
| |
struct berval *fstr ); |
| |
|
| |
static int get_simple_vrFilter( |
| |
Operation *op, |
| |
BerElement *ber, |
| |
ValuesReturnFilter **f, |
| |
const char **text ); |
| |
|
| int |
int |
| get_filter( |
get_filter( |
| Connection *conn, |
Operation *op, |
| BerElement *ber, |
BerElement *ber, |
| Filter **filt, |
Filter **filt, |
| char **fstr, |
|
| const char **text ) |
const char **text ) |
| { |
{ |
| ber_tag_t tag; |
ber_tag_t tag; |
| ber_len_t len; |
ber_len_t len; |
| int err; |
int err; |
| Filter *f; |
Filter f; |
| char *ftmp = NULL; |
|
| struct berval escaped; |
|
| |
|
| Debug( LDAP_DEBUG_FILTER, "begin get_filter\n", 0, 0, 0 ); |
Debug( LDAP_DEBUG_FILTER, "begin get_filter\n", 0, 0, 0 ); |
| |
|
| /* |
/* |
| * A filter looks like this coming in: |
* A filter looks like this coming in: |
| * Filter ::= CHOICE { |
* Filter ::= CHOICE { |
|
Line 59 get_filter(
|
Line 79 get_filter(
|
| * substrings [4] SubstringFilter, |
* substrings [4] SubstringFilter, |
| * greaterOrEqual [5] AttributeValueAssertion, |
* greaterOrEqual [5] AttributeValueAssertion, |
| * lessOrEqual [6] AttributeValueAssertion, |
* lessOrEqual [6] AttributeValueAssertion, |
| * present [7] AttributeType,, |
* present [7] AttributeType, |
| * approxMatch [8] AttributeValueAssertion |
* approxMatch [8] AttributeValueAssertion, |
| * extensibleMatch [9] MatchingRuleAssertion |
* extensibleMatch [9] MatchingRuleAssertion |
| * } |
* } |
| * |
* |
| * SubstringFilter ::= SEQUENCE { |
* SubstringFilter ::= SEQUENCE { |
| * type AttributeType, |
* type AttributeType, |
| * SEQUENCE OF CHOICE { |
* SEQUENCE OF CHOICE { |
| * initial [0] IA5String, |
* initial [0] IA5String, |
| * any [1] IA5String, |
* any [1] IA5String, |
| * final [2] IA5String |
* final [2] IA5String |
| * } |
* } |
| * } |
* } |
| * |
* |
| * MatchingRuleAssertion ::= SEQUENCE { |
* MatchingRuleAssertion ::= SEQUENCE { |
| * matchingRule [1] MatchingRuleId OPTIONAL, |
* matchingRule [1] MatchingRuleId OPTIONAL, |
| * type [2] AttributeDescription OPTIONAL, |
* type [2] AttributeDescription OPTIONAL, |
| * matchValue [3] AssertionValue, |
* matchValue [3] AssertionValue, |
| * dnAttributes [4] BOOLEAN DEFAULT FALSE |
* dnAttributes [4] BOOLEAN DEFAULT FALSE |
| * } |
* } |
| * |
* |
| */ |
*/ |
|
Line 89 get_filter(
|
Line 109 get_filter(
|
| return SLAPD_DISCONNECT; |
return SLAPD_DISCONNECT; |
| } |
} |
| |
|
| f = (Filter *) ch_malloc( sizeof(Filter) ); |
|
| f->f_next = NULL; |
|
| |
|
| err = LDAP_SUCCESS; |
err = LDAP_SUCCESS; |
| *fstr = NULL; |
|
| f->f_choice = tag; |
|
| |
|
| switch ( f->f_choice ) { |
f.f_next = NULL; |
| |
f.f_choice = tag; |
| |
|
| |
switch ( f.f_choice ) { |
| case LDAP_FILTER_EQUALITY: |
case LDAP_FILTER_EQUALITY: |
| Debug( LDAP_DEBUG_FILTER, "EQUALITY\n", 0, 0, 0 ); |
Debug( LDAP_DEBUG_FILTER, "EQUALITY\n", 0, 0, 0 ); |
| |
err = get_ava( op, ber, &f, SLAP_MR_EQUALITY, text ); |
| err = get_ava( ber, &f->f_ava, SLAP_MR_EQUALITY, text ); |
|
| if ( err != LDAP_SUCCESS ) { |
if ( err != LDAP_SUCCESS ) { |
| break; |
break; |
| } |
} |
| |
|
| assert( f->f_ava != NULL ); |
assert( f.f_ava != NULL ); |
| |
|
| filter_escape_value( f->f_av_value, &escaped ); |
|
| |
|
| *fstr = ch_malloc( sizeof("(=)") |
|
| + f->f_av_desc->ad_cname->bv_len |
|
| + escaped.bv_len ); |
|
| |
|
| sprintf( *fstr, "(%s=%s)", |
|
| f->f_av_desc->ad_cname->bv_val, |
|
| escaped.bv_val ); |
|
| |
|
| ber_memfree( escaped.bv_val ); |
|
| break; |
break; |
| |
|
| case LDAP_FILTER_SUBSTRINGS: |
case LDAP_FILTER_SUBSTRINGS: |
| Debug( LDAP_DEBUG_FILTER, "SUBSTRINGS\n", 0, 0, 0 ); |
Debug( LDAP_DEBUG_FILTER, "SUBSTRINGS\n", 0, 0, 0 ); |
| err = get_substring_filter( conn, ber, f, fstr, text ); |
err = get_ssa( op, ber, &f, text ); |
| |
if( err != LDAP_SUCCESS ) { |
| |
break; |
| |
} |
| |
assert( f.f_sub != NULL ); |
| break; |
break; |
| |
|
| case LDAP_FILTER_GE: |
case LDAP_FILTER_GE: |
| Debug( LDAP_DEBUG_FILTER, "GE\n", 0, 0, 0 ); |
Debug( LDAP_DEBUG_FILTER, "GE\n", 0, 0, 0 ); |
| |
err = get_ava( op, ber, &f, SLAP_MR_ORDERING, text ); |
| err = get_ava( ber, &f->f_ava, SLAP_MR_ORDERING, text ); |
|
| if ( err != LDAP_SUCCESS ) { |
if ( err != LDAP_SUCCESS ) { |
| break; |
break; |
| } |
} |
| |
assert( f.f_ava != NULL ); |
| filter_escape_value( f->f_av_value, &escaped ); |
|
| |
|
| *fstr = ch_malloc( sizeof("(>=)") |
|
| + f->f_av_desc->ad_cname->bv_len |
|
| + escaped.bv_len ); |
|
| |
|
| sprintf( *fstr, "(%s>=%s)", |
|
| f->f_av_desc->ad_cname->bv_val, |
|
| escaped.bv_val ); |
|
| |
|
| ber_memfree( escaped.bv_val ); |
|
| break; |
break; |
| |
|
| case LDAP_FILTER_LE: |
case LDAP_FILTER_LE: |
| Debug( LDAP_DEBUG_FILTER, "LE\n", 0, 0, 0 ); |
Debug( LDAP_DEBUG_FILTER, "LE\n", 0, 0, 0 ); |
| |
err = get_ava( op, ber, &f, SLAP_MR_ORDERING, text ); |
| err = get_ava( ber, &f->f_ava, SLAP_MR_ORDERING, text ); |
|
| if ( err != LDAP_SUCCESS ) { |
if ( err != LDAP_SUCCESS ) { |
| break; |
break; |
| } |
} |
| |
assert( f.f_ava != NULL ); |
| |
|
| filter_escape_value( f->f_av_value, &escaped ); |
|
| |
|
| *fstr = ch_malloc( sizeof("(<=)") |
|
| + f->f_av_desc->ad_cname->bv_len |
|
| + escaped.bv_len ); |
|
| |
|
| sprintf( *fstr, "(%s<=%s)", |
|
| f->f_av_desc->ad_cname->bv_val, |
|
| escaped.bv_val ); |
|
| |
|
| ber_memfree( escaped.bv_val ); |
|
| break; |
break; |
| |
|
| case LDAP_FILTER_PRESENT: { |
case LDAP_FILTER_PRESENT: { |
| struct berval type; |
struct berval type; |
| |
|
| Debug( LDAP_DEBUG_FILTER, "PRESENT\n", 0, 0, 0 ); |
Debug( LDAP_DEBUG_FILTER, "PRESENT\n", 0, 0, 0 ); |
| |
if ( ber_scanf( ber, "m", &type ) == LBER_ERROR ) { |
| if ( ber_scanf( ber, "o", &type ) == LBER_ERROR ) { |
|
| err = SLAPD_DISCONNECT; |
err = SLAPD_DISCONNECT; |
| *text = "error decoding filter"; |
*text = "error decoding filter"; |
| break; |
break; |
| } |
} |
| |
|
| f->f_desc = NULL; |
f.f_desc = NULL; |
| err = slap_bv2ad( &type, &f->f_desc, text ); |
err = slap_bv2ad( &type, &f.f_desc, text ); |
| |
|
| if( err != LDAP_SUCCESS ) { |
if( err != LDAP_SUCCESS ) { |
| ch_free( type.bv_val ); |
f.f_choice |= SLAPD_FILTER_UNDEFINED; |
| break; |
err = slap_bv2undef_ad( &type, &f.f_desc, text, SLAP_AD_PROXIED); |
| } |
if ( err != LDAP_SUCCESS ) { |
| |
/* unrecognized attribute description or other error */ |
| |
Debug( LDAP_DEBUG_ANY, |
| |
"get_filter: conn %lu unknown attribute " |
| |
"type=%s (%d)\n", |
| |
op->o_connid, type.bv_val, err ); |
| |
|
| ch_free( type.bv_val ); |
err = LDAP_SUCCESS; |
| |
} |
| *fstr = ch_malloc( sizeof("(=*)") |
*text = NULL; |
| + f->f_desc->ad_cname->bv_len ); |
} |
| sprintf( *fstr, "(%s=*)", |
|
| f->f_desc->ad_cname->bv_val ); |
|
| |
|
| |
assert( f.f_desc != NULL ); |
| } break; |
} break; |
| |
|
| case LDAP_FILTER_APPROX: |
case LDAP_FILTER_APPROX: |
| Debug( LDAP_DEBUG_FILTER, "APPROX\n", 0, 0, 0 ); |
Debug( LDAP_DEBUG_FILTER, "APPROX\n", 0, 0, 0 ); |
| |
err = get_ava( op, ber, &f, SLAP_MR_EQUALITY_APPROX, text ); |
| err = get_ava( ber, &f->f_ava, SLAP_MR_EQUALITY_APPROX, text ); |
|
| if ( err != LDAP_SUCCESS ) { |
if ( err != LDAP_SUCCESS ) { |
| break; |
break; |
| } |
} |
| |
assert( f.f_ava != NULL ); |
| filter_escape_value( f->f_av_value, &escaped ); |
|
| |
|
| *fstr = ch_malloc( sizeof("(~=)") |
|
| + f->f_av_desc->ad_cname->bv_len |
|
| + escaped.bv_len ); |
|
| |
|
| sprintf( *fstr, "(%s~=%s)", |
|
| f->f_av_desc->ad_cname->bv_val, |
|
| escaped.bv_val ); |
|
| |
|
| ber_memfree( escaped.bv_val ); |
|
| break; |
break; |
| |
|
| case LDAP_FILTER_AND: |
case LDAP_FILTER_AND: |
| Debug( LDAP_DEBUG_FILTER, "AND\n", 0, 0, 0 ); |
Debug( LDAP_DEBUG_FILTER, "AND\n", 0, 0, 0 ); |
| err = get_filter_list( conn, ber, &f->f_and, &ftmp, text ); |
err = get_filter_list( op, ber, &f.f_and, text ); |
| if ( err != LDAP_SUCCESS ) { |
if ( err != LDAP_SUCCESS ) { |
| break; |
break; |
| } |
} |
| *fstr = ch_malloc( sizeof("(&)") |
if ( f.f_and == NULL ) { |
| + ( ftmp == NULL ? 0 : strlen( ftmp ) ) ); |
f.f_choice = SLAPD_FILTER_COMPUTED; |
| sprintf( *fstr, "(&%s)", |
f.f_result = LDAP_COMPARE_TRUE; |
| ftmp == NULL ? "" : ftmp ); |
} |
| |
/* no assert - list could be empty */ |
| break; |
break; |
| |
|
| case LDAP_FILTER_OR: |
case LDAP_FILTER_OR: |
| Debug( LDAP_DEBUG_FILTER, "OR\n", 0, 0, 0 ); |
Debug( LDAP_DEBUG_FILTER, "OR\n", 0, 0, 0 ); |
| err = get_filter_list( conn, ber, &f->f_and, &ftmp, text ); |
err = get_filter_list( op, ber, &f.f_or, text ); |
| if ( err != LDAP_SUCCESS ) { |
if ( err != LDAP_SUCCESS ) { |
| break; |
break; |
| } |
} |
| *fstr = ch_malloc( sizeof("(!)") |
if ( f.f_or == NULL ) { |
| + ( ftmp == NULL ? 0 : strlen( ftmp ) ) ); |
f.f_choice = SLAPD_FILTER_COMPUTED; |
| sprintf( *fstr, "(|%s)", |
f.f_result = LDAP_COMPARE_FALSE; |
| ftmp == NULL ? "" : ftmp ); |
} |
| |
/* no assert - list could be empty */ |
| break; |
break; |
| |
|
| case LDAP_FILTER_NOT: |
case LDAP_FILTER_NOT: |
| Debug( LDAP_DEBUG_FILTER, "NOT\n", 0, 0, 0 ); |
Debug( LDAP_DEBUG_FILTER, "NOT\n", 0, 0, 0 ); |
| (void) ber_skip_tag( ber, &len ); |
(void) ber_skip_tag( ber, &len ); |
| err = get_filter( conn, ber, &f->f_not, &ftmp, text ); |
err = get_filter( op, ber, &f.f_not, text ); |
| if ( err != LDAP_SUCCESS ) { |
if ( err != LDAP_SUCCESS ) { |
| break; |
break; |
| } |
} |
| *fstr = ch_malloc( sizeof("(!)") |
|
| + ( ftmp == NULL ? 0 : strlen( ftmp ) ) ); |
assert( f.f_not != NULL ); |
| sprintf( *fstr, "(!%s)", |
if ( f.f_not->f_choice == SLAPD_FILTER_COMPUTED ) { |
| ftmp == NULL ? "" : ftmp ); |
int fresult = f.f_not->f_result; |
| |
f.f_choice = SLAPD_FILTER_COMPUTED; |
| |
op->o_tmpfree( f.f_not, op->o_tmpmemctx ); |
| |
f.f_not = NULL; |
| |
|
| |
switch( fresult ) { |
| |
case LDAP_COMPARE_TRUE: |
| |
f.f_result = LDAP_COMPARE_FALSE; |
| |
break; |
| |
case LDAP_COMPARE_FALSE: |
| |
f.f_result = LDAP_COMPARE_TRUE; |
| |
break; |
| |
default: ; |
| |
/* (!Undefined) is Undefined */ |
| |
} |
| |
} |
| break; |
break; |
| |
|
| case LDAP_FILTER_EXT: |
case LDAP_FILTER_EXT: |
| /* not yet implemented */ |
Debug( LDAP_DEBUG_FILTER, "EXTENSIBLE\n", 0, 0, 0 ); |
| Debug( LDAP_DEBUG_ANY, "extensible match not yet implemented.\n", |
|
| 0, 0, 0 ); |
err = get_mra( op, ber, &f, text ); |
| (void) ber_skip_tag( ber, &len ); |
if ( err != LDAP_SUCCESS ) { |
| f->f_choice = SLAPD_FILTER_COMPUTED; |
break; |
| f->f_result = SLAPD_COMPARE_UNDEFINED; |
} |
| *fstr = ch_strdup( "(extended)" ); |
|
| |
assert( f.f_mra != NULL ); |
| break; |
break; |
| |
|
| default: |
default: |
| (void) ber_skip_tag( ber, &len ); |
(void) ber_scanf( ber, "x" ); /* skip the element */ |
| Debug( LDAP_DEBUG_ANY, "get_filter: unknown filter type=%lu\n", |
Debug( LDAP_DEBUG_ANY, "get_filter: unknown filter type=%lu\n", |
| f->f_choice, 0, 0 ); |
f.f_choice, 0, 0 ); |
| f->f_choice = SLAPD_FILTER_COMPUTED; |
f.f_choice = SLAPD_FILTER_COMPUTED; |
| f->f_result = SLAPD_COMPARE_UNDEFINED; |
f.f_result = SLAPD_COMPARE_UNDEFINED; |
| *fstr = ch_strdup( "(undefined)" ); |
|
| break; |
break; |
| } |
} |
| |
|
| free( ftmp ); |
if( err != LDAP_SUCCESS && err != SLAPD_DISCONNECT ) { |
| |
/* ignore error */ |
| if ( err != LDAP_SUCCESS ) { |
*text = NULL; |
| if ( *fstr != NULL ) { |
f.f_choice = SLAPD_FILTER_COMPUTED; |
| free( *fstr ); |
f.f_result = SLAPD_COMPARE_UNDEFINED; |
| } |
err = LDAP_SUCCESS; |
| |
} |
| if( err != SLAPD_DISCONNECT ) { |
|
| /* ignore error */ |
|
| f->f_choice = SLAPD_FILTER_COMPUTED; |
|
| f->f_result = SLAPD_COMPARE_UNDEFINED; |
|
| *fstr = ch_strdup( "(badfilter)" ); |
|
| err = LDAP_SUCCESS; |
|
| *filt = f; |
|
| |
|
| } else { |
if ( err == LDAP_SUCCESS ) { |
| free(f); |
*filt = op->o_tmpalloc( sizeof(f), op->o_tmpmemctx ); |
| } |
**filt = f; |
| } else { |
|
| *filt = f; |
|
| } |
} |
| |
|
| Debug( LDAP_DEBUG_FILTER, "end get_filter %d\n", err, 0, 0 ); |
Debug( LDAP_DEBUG_FILTER, "end get_filter %d\n", err, 0, 0 ); |
| |
|
| return( err ); |
return( err ); |
| } |
} |
| |
|
| static int |
static int |
| get_filter_list( Connection *conn, BerElement *ber, |
get_filter_list( Operation *op, BerElement *ber, |
| Filter **f, char **fstr, |
Filter **f, |
| const char **text ) |
const char **text ) |
| { |
{ |
| Filter **new; |
Filter **new; |
| int err; |
int err; |
| ber_tag_t tag; |
ber_tag_t tag; |
| ber_len_t len; |
ber_len_t len; |
| char *last, *ftmp; |
char *last; |
| |
|
| Debug( LDAP_DEBUG_FILTER, "begin get_filter_list\n", 0, 0, 0 ); |
Debug( LDAP_DEBUG_FILTER, "begin get_filter_list\n", 0, 0, 0 ); |
| |
|
| *fstr = NULL; |
|
| new = f; |
new = f; |
| for ( tag = ber_first_element( ber, &len, &last ); tag != LBER_DEFAULT; |
for ( tag = ber_first_element( ber, &len, &last ); |
| tag = ber_next_element( ber, &len, last ) ) |
tag != LBER_DEFAULT; |
| |
tag = ber_next_element( ber, &len, last ) ) |
| { |
{ |
| err = get_filter( conn, ber, new, &ftmp, text ); |
err = get_filter( op, ber, new, text ); |
| if ( err != LDAP_SUCCESS ) |
if ( err != LDAP_SUCCESS ) |
| return( err ); |
return( err ); |
| |
|
| if ( *fstr == NULL ) { |
|
| *fstr = ftmp; |
|
| } else { |
|
| *fstr = ch_realloc( *fstr, strlen( *fstr ) + |
|
| strlen( ftmp ) + 1 ); |
|
| strcat( *fstr, ftmp ); |
|
| free( ftmp ); |
|
| } |
|
| new = &(*new)->f_next; |
new = &(*new)->f_next; |
| } |
} |
| *new = NULL; |
*new = NULL; |
|
Line 339 get_filter_list( Connection *conn, BerEl
|
Line 313 get_filter_list( Connection *conn, BerEl
|
| } |
} |
| |
|
| static int |
static int |
| get_substring_filter( |
get_ssa( |
| Connection *conn, |
Operation *op, |
| BerElement *ber, |
BerElement *ber, |
| Filter *f, |
Filter *f, |
| char **fstr, |
const char **text ) |
| const char **text |
|
| ) |
|
| { |
{ |
| ber_tag_t tag; |
ber_tag_t tag; |
| ber_len_t len; |
ber_len_t len; |
| ber_tag_t rc; |
ber_tag_t rc; |
| struct berval *value; |
struct berval desc, value, nvalue; |
| struct berval escaped; |
|
| char *last; |
char *last; |
| struct berval type; |
SubstringsAssertion ssa; |
| struct berval *nvalue; |
|
| *text = "error decoding filter"; |
|
| |
|
| Debug( LDAP_DEBUG_FILTER, "begin get_substring_filter\n", 0, 0, 0 ); |
*text = "error decoding filter"; |
| |
|
| if ( ber_scanf( ber, "{o" /*}*/, &type ) == LBER_ERROR ) { |
Debug( LDAP_DEBUG_FILTER, "begin get_ssa\n", 0, 0, 0 ); |
| |
if ( ber_scanf( ber, "{m" /*}*/, &desc ) == LBER_ERROR ) { |
| return SLAPD_DISCONNECT; |
return SLAPD_DISCONNECT; |
| } |
} |
| |
|
| f->f_sub = ch_calloc( 1, sizeof(SubstringsAssertion) ); |
*text = NULL; |
| f->f_sub_desc = NULL; |
|
| rc = slap_bv2ad( &type, &f->f_sub_desc, text ); |
|
| |
|
| ch_free( type.bv_val ); |
ssa.sa_desc = NULL; |
| |
ssa.sa_initial.bv_val = NULL; |
| |
ssa.sa_any = NULL; |
| |
ssa.sa_final.bv_val = NULL; |
| |
|
| |
rc = slap_bv2ad( &desc, &ssa.sa_desc, text ); |
| |
|
| if( rc != LDAP_SUCCESS ) { |
if( rc != LDAP_SUCCESS ) { |
| text = NULL; |
f->f_choice |= SLAPD_FILTER_UNDEFINED; |
| ch_free( f->f_sub ); |
rc = slap_bv2undef_ad( &desc, &ssa.sa_desc, text, SLAP_AD_PROXIED); |
| f->f_choice = SLAPD_FILTER_COMPUTED; |
if( rc != LDAP_SUCCESS ) { |
| f->f_result = SLAPD_COMPARE_UNDEFINED; |
Debug( LDAP_DEBUG_ANY, |
| *fstr = ch_strdup( "(undefined)" ); |
"get_ssa: conn %lu unknown attribute type=%s (%ld)\n", |
| return LDAP_SUCCESS; |
op->o_connid, desc.bv_val, (long) rc ); |
| } |
|
| |
/* skip over the rest of this filter */ |
| f->f_sub_initial = NULL; |
for ( tag = ber_first_element( ber, &len, &last ); |
| f->f_sub_any = NULL; |
tag != LBER_DEFAULT; |
| f->f_sub_final = NULL; |
tag = ber_next_element( ber, &len, last ) ) { |
| |
ber_scanf( ber, "x" ); |
| if( fstr ) { |
} |
| *fstr = ch_malloc( sizeof("(=" /*)*/) + |
return rc; |
| f->f_sub_desc->ad_cname->bv_len ); |
} |
| sprintf( *fstr, "(%s=" /*)*/, f->f_sub_desc->ad_cname->bv_val ); |
|
| } |
} |
| |
|
| for ( tag = ber_first_element( ber, &len, &last ); tag != LBER_DEFAULT; |
rc = LDAP_PROTOCOL_ERROR; |
| tag = ber_next_element( ber, &len, last ) ) |
|
| |
for ( tag = ber_first_element( ber, &len, &last ); |
| |
tag != LBER_DEFAULT; |
| |
tag = ber_next_element( ber, &len, last ) ) |
| { |
{ |
| unsigned usage; |
unsigned usage; |
| |
|
| rc = ber_scanf( ber, "O", &value ); |
rc = ber_scanf( ber, "m", &value ); |
| if ( rc == LBER_ERROR ) { |
if ( rc == LBER_ERROR ) { |
| rc = SLAPD_DISCONNECT; |
rc = SLAPD_DISCONNECT; |
| goto return_error; |
goto return_error; |
| } |
} |
| |
|
| if ( value == NULL || value->bv_len == 0 ) { |
if ( value.bv_val == NULL || value.bv_len == 0 ) { |
| ber_bvfree( value ); |
|
| rc = LDAP_INVALID_SYNTAX; |
rc = LDAP_INVALID_SYNTAX; |
| goto return_error; |
goto return_error; |
| } |
} |
| |
|
| switch ( tag ) { |
switch ( tag ) { |
| case LDAP_SUBSTRING_INITIAL: |
case LDAP_SUBSTRING_INITIAL: |
| |
if ( ssa.sa_initial.bv_val != NULL |
| |
|| ssa.sa_any != NULL |
| |
|| ssa.sa_final.bv_val != NULL ) |
| |
{ |
| |
rc = LDAP_PROTOCOL_ERROR; |
| |
goto return_error; |
| |
} |
| usage = SLAP_MR_SUBSTR_INITIAL; |
usage = SLAP_MR_SUBSTR_INITIAL; |
| break; |
break; |
| |
|
| case LDAP_SUBSTRING_ANY: |
case LDAP_SUBSTRING_ANY: |
| |
if ( ssa.sa_final.bv_val != NULL ) { |
| |
rc = LDAP_PROTOCOL_ERROR; |
| |
goto return_error; |
| |
} |
| usage = SLAP_MR_SUBSTR_ANY; |
usage = SLAP_MR_SUBSTR_ANY; |
| break; |
break; |
| |
|
| case LDAP_SUBSTRING_FINAL: |
case LDAP_SUBSTRING_FINAL: |
| |
if ( ssa.sa_final.bv_val != NULL ) { |
| |
rc = LDAP_PROTOCOL_ERROR; |
| |
goto return_error; |
| |
} |
| |
|
| usage = SLAP_MR_SUBSTR_FINAL; |
usage = SLAP_MR_SUBSTR_FINAL; |
| break; |
break; |
| |
|
| default: |
default: |
| rc = LDAP_PROTOCOL_ERROR; |
|
| |
|
| Debug( LDAP_DEBUG_FILTER, |
Debug( LDAP_DEBUG_FILTER, |
| " unknown substring choice=%ld\n", |
" unknown substring choice=%ld\n", |
| (long) tag, 0, 0 ); |
(long) tag, 0, 0 ); |
| |
|
| ber_bvfree( value ); |
rc = LDAP_PROTOCOL_ERROR; |
| goto return_error; |
|
| } |
|
| |
|
| rc = value_normalize( f->f_sub_desc, usage, value, &nvalue, text ); |
|
| ber_bvfree( value ); |
|
| |
|
| if( rc != LDAP_SUCCESS ) { |
|
| goto return_error; |
goto return_error; |
| } |
} |
| |
|
| value = nvalue; |
/* validate/normalize using equality matching rule validator! */ |
| |
rc = asserted_value_validate_normalize( |
| rc = LDAP_PROTOCOL_ERROR; |
ssa.sa_desc, ssa.sa_desc->ad_type->sat_equality, |
| |
usage, &value, &nvalue, text, op->o_tmpmemctx ); |
| |
if( rc != LDAP_SUCCESS ) goto return_error; |
| |
|
| switch ( tag ) { |
switch ( tag ) { |
| case LDAP_SUBSTRING_INITIAL: |
case LDAP_SUBSTRING_INITIAL: |
| Debug( LDAP_DEBUG_FILTER, " INITIAL\n", 0, 0, 0 ); |
Debug( LDAP_DEBUG_FILTER, " INITIAL\n", 0, 0, 0 ); |
| if ( f->f_sub_initial != NULL |
ssa.sa_initial = nvalue; |
| || f->f_sub_any != NULL |
|
| || f->f_sub_final != NULL ) |
|
| { |
|
| ber_bvfree( value ); |
|
| goto return_error; |
|
| } |
|
| |
|
| f->f_sub_initial = value; |
|
| |
|
| if( fstr ) { |
|
| filter_escape_value( value, &escaped ); |
|
| *fstr = ch_realloc( *fstr, |
|
| strlen( *fstr ) + escaped.bv_len + 1 ); |
|
| strcat( *fstr, escaped.bv_val ); |
|
| ber_memfree( escaped.bv_val ); |
|
| } |
|
| break; |
break; |
| |
|
| case LDAP_SUBSTRING_ANY: |
case LDAP_SUBSTRING_ANY: |
| Debug( LDAP_DEBUG_FILTER, " ANY\n", 0, 0, 0 ); |
Debug( LDAP_DEBUG_FILTER, " ANY\n", 0, 0, 0 ); |
| |
ber_bvarray_add_x( &ssa.sa_any, &nvalue, op->o_tmpmemctx ); |
| if ( f->f_sub_final != NULL ) { |
|
| ber_bvfree( value ); |
|
| goto return_error; |
|
| } |
|
| |
|
| if( ber_bvecadd( &f->f_sub_any, value ) < 0 ) { |
|
| ber_bvfree( value ); |
|
| goto return_error; |
|
| } |
|
| |
|
| if( fstr ) { |
|
| filter_escape_value( value, &escaped ); |
|
| *fstr = ch_realloc( *fstr, |
|
| strlen( *fstr ) + escaped.bv_len + 2 ); |
|
| strcat( *fstr, "*" ); |
|
| strcat( *fstr, escaped.bv_val ); |
|
| ber_memfree( escaped.bv_val ); |
|
| } |
|
| break; |
break; |
| |
|
| case LDAP_SUBSTRING_FINAL: |
case LDAP_SUBSTRING_FINAL: |
| Debug( LDAP_DEBUG_FILTER, " FINAL\n", 0, 0, 0 ); |
Debug( LDAP_DEBUG_FILTER, " FINAL\n", 0, 0, 0 ); |
| |
ssa.sa_final = nvalue; |
| if ( f->f_sub_final != NULL ) { |
|
| ber_bvfree( value ); |
|
| goto return_error; |
|
| } |
|
| |
|
| f->f_sub_final = value; |
|
| |
|
| if( fstr ) { |
|
| filter_escape_value( value, &escaped ); |
|
| *fstr = ch_realloc( *fstr, |
|
| strlen( *fstr ) + escaped.bv_len + 2 ); |
|
| strcat( *fstr, "*" ); |
|
| strcat( *fstr, escaped.bv_val ); |
|
| ber_memfree( escaped.bv_val ); |
|
| } |
|
| break; |
break; |
| |
|
| default: |
default: |
| Debug( LDAP_DEBUG_FILTER, |
assert( 0 ); |
| " unknown substring type=%ld\n", |
slap_sl_free( nvalue.bv_val, op->o_tmpmemctx ); |
| (long) tag, 0, 0 ); |
rc = LDAP_PROTOCOL_ERROR; |
| |
|
| ber_bvfree( value ); |
|
| |
|
| return_error: |
return_error: |
| Debug( LDAP_DEBUG_FILTER, " error=%ld\n", |
Debug( LDAP_DEBUG_FILTER, " error=%ld\n", |
| (long) rc, 0, 0 ); |
(long) rc, 0, 0 ); |
| |
slap_sl_free( ssa.sa_initial.bv_val, op->o_tmpmemctx ); |
| if( fstr ) { |
ber_bvarray_free_x( ssa.sa_any, op->o_tmpmemctx ); |
| free( *fstr ); |
slap_sl_free( ssa.sa_final.bv_val, op->o_tmpmemctx ); |
| *fstr = NULL; |
|
| } |
|
| |
|
| ad_free( f->f_sub_desc, 1 ); |
|
| ber_bvfree( f->f_sub_initial ); |
|
| ber_bvecfree( f->f_sub_any ); |
|
| ber_bvfree( f->f_sub_final ); |
|
| ch_free( f->f_sub ); |
|
| return rc; |
return rc; |
| } |
} |
| |
|
| |
rc = LDAP_SUCCESS; |
| } |
} |
| |
|
| if( fstr ) { |
if( rc == LDAP_SUCCESS ) { |
| *fstr = ch_realloc( *fstr, strlen( *fstr ) + 3 ); |
f->f_sub = op->o_tmpalloc( sizeof( ssa ), op->o_tmpmemctx ); |
| if ( f->f_sub_final == NULL ) { |
*f->f_sub = ssa; |
| strcat( *fstr, "*" ); |
|
| } |
|
| strcat( *fstr, /*(*/ ")" ); |
|
| } |
} |
| |
|
| Debug( LDAP_DEBUG_FILTER, "end get_substring_filter\n", 0, 0, 0 ); |
Debug( LDAP_DEBUG_FILTER, "end get_ssa\n", 0, 0, 0 ); |
| return( LDAP_SUCCESS ); |
return rc /* LDAP_SUCCESS */ ; |
| } |
} |
| |
|
| void |
void |
| filter_free( Filter *f ) |
filter_free_x( Operation *op, Filter *f ) |
| { |
{ |
| Filter *p, *next; |
Filter *p, *next; |
| |
|
|
Line 551 filter_free( Filter *f )
|
Line 474 filter_free( Filter *f )
|
| return; |
return; |
| } |
} |
| |
|
| |
f->f_choice &= SLAPD_FILTER_MASK; |
| |
|
| switch ( f->f_choice ) { |
switch ( f->f_choice ) { |
| case LDAP_FILTER_PRESENT: |
case LDAP_FILTER_PRESENT: |
| ad_free( f->f_desc, 1 ); |
|
| break; |
break; |
| |
|
| case LDAP_FILTER_EQUALITY: |
case LDAP_FILTER_EQUALITY: |
| case LDAP_FILTER_GE: |
case LDAP_FILTER_GE: |
| case LDAP_FILTER_LE: |
case LDAP_FILTER_LE: |
| case LDAP_FILTER_APPROX: |
case LDAP_FILTER_APPROX: |
| ava_free( f->f_ava, 1 ); |
ava_free( op, f->f_ava, 1 ); |
| break; |
break; |
| |
|
| case LDAP_FILTER_SUBSTRINGS: |
case LDAP_FILTER_SUBSTRINGS: |
| ad_free( f->f_sub_desc, 1 ); |
if ( f->f_sub_initial.bv_val != NULL ) { |
| if ( f->f_sub_initial != NULL ) { |
op->o_tmpfree( f->f_sub_initial.bv_val, op->o_tmpmemctx ); |
| ber_bvfree( f->f_sub_initial ); |
} |
| } |
ber_bvarray_free_x( f->f_sub_any, op->o_tmpmemctx ); |
| ber_bvecfree( f->f_sub_any ); |
if ( f->f_sub_final.bv_val != NULL ) { |
| if ( f->f_sub_final != NULL ) { |
op->o_tmpfree( f->f_sub_final.bv_val, op->o_tmpmemctx ); |
| ber_bvfree( f->f_sub_final ); |
|
| } |
} |
| |
op->o_tmpfree( f->f_sub, op->o_tmpmemctx ); |
| break; |
break; |
| |
|
| case LDAP_FILTER_AND: |
case LDAP_FILTER_AND: |
|
Line 579 filter_free( Filter *f )
|
Line 503 filter_free( Filter *f )
|
| case LDAP_FILTER_NOT: |
case LDAP_FILTER_NOT: |
| for ( p = f->f_list; p != NULL; p = next ) { |
for ( p = f->f_list; p != NULL; p = next ) { |
| next = p->f_next; |
next = p->f_next; |
| filter_free( p ); |
filter_free_x( op, p ); |
| } |
} |
| break; |
break; |
| |
|
| |
case LDAP_FILTER_EXT: |
| |
mra_free( op, f->f_mra, 1 ); |
| |
break; |
| |
|
| case SLAPD_FILTER_COMPUTED: |
case SLAPD_FILTER_COMPUTED: |
| break; |
break; |
| |
|
| default: |
default: |
| Debug( LDAP_DEBUG_ANY, "filter_free: unknown filter type=%lu\n", |
Debug( LDAP_DEBUG_ANY, "filter_free: unknown filter type=%lu\n", |
| f->f_choice, 0, 0 ); |
f->f_choice, 0, 0 ); |
| break; |
break; |
| } |
} |
| |
|
| free( f ); |
op->o_tmpfree( f, op->o_tmpmemctx ); |
| |
} |
| |
|
| |
void |
| |
filter_free( Filter *f ) |
| |
{ |
| |
Operation op; |
| |
Opheader ohdr; |
| |
|
| |
op.o_hdr = &ohdr; |
| |
op.o_tmpmemctx = slap_sl_context( f ); |
| |
op.o_tmpmfuncs = &slap_sl_mfuncs; |
| |
filter_free_x( &op, f ); |
| } |
} |
| |
|
| #ifdef LDAP_DEBUG |
|
| void |
void |
| filter_print( Filter *f ) |
filter2bv_x( Operation *op, Filter *f, struct berval *fstr ) |
| { |
{ |
| int i; |
int i; |
| Filter *p; |
Filter *p; |
| struct berval escaped; |
struct berval tmp; |
| |
static struct berval |
| |
ber_bvfalse = BER_BVC( "(?=false)" ), |
| |
ber_bvtrue = BER_BVC( "(?=true)" ), |
| |
ber_bvundefined = BER_BVC( "(?=undefined)" ), |
| |
ber_bverror = BER_BVC( "(?=error)" ), |
| |
ber_bvunknown = BER_BVC( "(?=unknown)" ), |
| |
ber_bvnone = BER_BVC( "(?=none)" ); |
| |
ber_len_t len; |
| |
ber_tag_t choice; |
| |
int undef; |
| |
char *sign; |
| |
|
| if ( f == NULL ) { |
if ( f == NULL ) { |
| fprintf( stderr, "No filter!" ); |
ber_dupbv_x( fstr, &ber_bvnone, op->o_tmpmemctx ); |
| |
return; |
| } |
} |
| |
|
| switch ( f->f_choice ) { |
undef = f->f_choice & SLAPD_FILTER_UNDEFINED; |
| case LDAP_FILTER_EQUALITY: |
choice = f->f_choice & SLAPD_FILTER_MASK; |
| filter_escape_value( f->f_av_value, &escaped ); |
|
| fprintf( stderr, "(%s=%s)", |
|
| f->f_av_desc->ad_cname->bv_val, |
|
| escaped.bv_val ); |
|
| ber_memfree( escaped.bv_val ); |
|
| break; |
|
| |
|
| |
switch ( choice ) { |
| |
case LDAP_FILTER_EQUALITY: |
| |
fstr->bv_len = STRLENOF("(=)"); |
| |
sign = "="; |
| |
goto simple; |
| case LDAP_FILTER_GE: |
case LDAP_FILTER_GE: |
| filter_escape_value( f->f_av_value, &escaped ); |
fstr->bv_len = STRLENOF("(>=)"); |
| fprintf( stderr, "(%s>=%s)", |
sign = ">="; |
| f->f_av_desc->ad_cname->bv_val, |
goto simple; |
| escaped.bv_val ); |
|
| ber_memfree( escaped.bv_val ); |
|
| break; |
|
| |
|
| case LDAP_FILTER_LE: |
case LDAP_FILTER_LE: |
| filter_escape_value( f->f_av_value, &escaped ); |
fstr->bv_len = STRLENOF("(<=)"); |
| fprintf( stderr, "(%s<=%s)", |
sign = "<="; |
| f->f_ava->aa_desc->ad_cname->bv_val, |
goto simple; |
| escaped.bv_val ); |
|
| ber_memfree( escaped.bv_val ); |
|
| break; |
|
| |
|
| case LDAP_FILTER_APPROX: |
case LDAP_FILTER_APPROX: |
| filter_escape_value( f->f_av_value, &escaped ); |
fstr->bv_len = STRLENOF("(~=)"); |
| fprintf( stderr, "(%s~=%s)", |
sign = "~="; |
| f->f_ava->aa_desc->ad_cname->bv_val, |
|
| escaped.bv_val ); |
simple: |
| ber_memfree( escaped.bv_val ); |
filter_escape_value_x( &f->f_av_value, &tmp, op->o_tmpmemctx ); |
| |
/* NOTE: tmp can legitimately be NULL (meaning empty) |
| |
* since in a Filter values in AVAs are supposed |
| |
* to have been normalized, meaning that an empty value |
| |
* is legal for that attribute's syntax */ |
| |
|
| |
fstr->bv_len += f->f_av_desc->ad_cname.bv_len + tmp.bv_len; |
| |
if ( undef ) |
| |
fstr->bv_len++; |
| |
fstr->bv_val = op->o_tmpalloc( fstr->bv_len + 1, op->o_tmpmemctx ); |
| |
|
| |
snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s%s%s%s)", |
| |
undef ? "?" : "", |
| |
f->f_av_desc->ad_cname.bv_val, sign, |
| |
tmp.bv_len ? tmp.bv_val : "" ); |
| |
|
| |
ber_memfree_x( tmp.bv_val, op->o_tmpmemctx ); |
| break; |
break; |
| |
|
| case LDAP_FILTER_SUBSTRINGS: |
case LDAP_FILTER_SUBSTRINGS: |
| fprintf( stderr, "(%s=" /*)*/, |
fstr->bv_len = f->f_sub_desc->ad_cname.bv_len + |
| f->f_sub_desc->ad_cname->bv_val ); |
STRLENOF("(=*)"); |
| if ( f->f_sub_initial != NULL ) { |
if ( undef ) |
| filter_escape_value( f->f_sub_initial, &escaped ); |
fstr->bv_len++; |
| fprintf( stderr, "%s", |
fstr->bv_val = op->o_tmpalloc( fstr->bv_len + 128, op->o_tmpmemctx ); |
| escaped.bv_val ); |
|
| ber_memfree( escaped.bv_val ); |
snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s%s=*)", |
| |
undef ? "?" : "", |
| |
f->f_sub_desc->ad_cname.bv_val ); |
| |
|
| |
if ( f->f_sub_initial.bv_val != NULL ) { |
| |
ber_len_t tmplen; |
| |
|
| |
len = fstr->bv_len; |
| |
|
| |
filter_escape_value_x( &f->f_sub_initial, &tmp, op->o_tmpmemctx ); |
| |
tmplen = tmp.bv_len ? tmp.bv_len : STRLENOF( "(null)" ); |
| |
|
| |
fstr->bv_len += tmplen; |
| |
fstr->bv_val = op->o_tmprealloc( fstr->bv_val, |
| |
fstr->bv_len + 1, op->o_tmpmemctx ); |
| |
|
| |
snprintf( &fstr->bv_val[len-2], |
| |
tmplen + STRLENOF( /*(*/ "*)" ) + 1, |
| |
/* "(attr=" */ "%s*)", |
| |
tmp.bv_len ? tmp.bv_val : "(null)"); |
| |
|
| |
ber_memfree_x( tmp.bv_val, op->o_tmpmemctx ); |
| } |
} |
| |
|
| if ( f->f_sub_any != NULL ) { |
if ( f->f_sub_any != NULL ) { |
| for ( i = 0; f->f_sub_any[i] != NULL; i++ ) { |
for ( i = 0; f->f_sub_any[i].bv_val != NULL; i++ ) { |
| filter_escape_value( f->f_sub_any[i], &escaped ); |
ber_len_t tmplen; |
| fprintf( stderr, "*%s", |
|
| escaped.bv_val ); |
len = fstr->bv_len; |
| ber_memfree( escaped.bv_val ); |
filter_escape_value_x( &f->f_sub_any[i], |
| |
&tmp, op->o_tmpmemctx ); |
| |
tmplen = tmp.bv_len ? tmp.bv_len : STRLENOF( "(null)" ); |
| |
|
| |
fstr->bv_len += tmplen + STRLENOF( /*(*/ ")" ); |
| |
fstr->bv_val = op->o_tmprealloc( fstr->bv_val, |
| |
fstr->bv_len + 1, op->o_tmpmemctx ); |
| |
|
| |
snprintf( &fstr->bv_val[len-1], |
| |
tmplen + STRLENOF( /*(*/ "*)" ) + 1, |
| |
/* "(attr=[init]*[any*]" */ "%s*)", |
| |
tmp.bv_len ? tmp.bv_val : "(null)"); |
| |
ber_memfree_x( tmp.bv_val, op->o_tmpmemctx ); |
| } |
} |
| } |
} |
| if ( f->f_sub_final != NULL ) { |
|
| filter_escape_value( f->f_sub_final, &escaped ); |
if ( f->f_sub_final.bv_val != NULL ) { |
| fprintf( stderr, |
ber_len_t tmplen; |
| "*%s", escaped.bv_val ); |
|
| ber_memfree( escaped.bv_val ); |
len = fstr->bv_len; |
| |
|
| |
filter_escape_value_x( &f->f_sub_final, &tmp, op->o_tmpmemctx ); |
| |
tmplen = tmp.bv_len ? tmp.bv_len : STRLENOF( "(null)" ); |
| |
|
| |
fstr->bv_len += tmplen; |
| |
fstr->bv_val = op->o_tmprealloc( fstr->bv_val, |
| |
fstr->bv_len + 1, op->o_tmpmemctx ); |
| |
|
| |
snprintf( &fstr->bv_val[len-1], |
| |
tmplen + STRLENOF( /*(*/ ")" ) + 1, |
| |
/* "(attr=[init*][any*]" */ "%s)", |
| |
tmp.bv_len ? tmp.bv_val : "(null)"); |
| |
|
| |
ber_memfree_x( tmp.bv_val, op->o_tmpmemctx ); |
| } |
} |
| fprintf( stderr, /*(*/ ")" ); |
|
| break; |
break; |
| |
|
| case LDAP_FILTER_PRESENT: |
case LDAP_FILTER_PRESENT: |
| fprintf( stderr, "(%s=*)", |
fstr->bv_len = f->f_desc->ad_cname.bv_len + |
| f->f_desc->ad_cname->bv_val ); |
STRLENOF("(=*)"); |
| |
if ( undef ) |
| |
fstr->bv_len++; |
| |
|
| |
fstr->bv_val = op->o_tmpalloc( fstr->bv_len + 1, op->o_tmpmemctx ); |
| |
|
| |
snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s%s=*)", |
| |
undef ? "?" : "", |
| |
f->f_desc->ad_cname.bv_val ); |
| break; |
break; |
| |
|
| case LDAP_FILTER_AND: |
case LDAP_FILTER_AND: |
| case LDAP_FILTER_OR: |
case LDAP_FILTER_OR: |
| case LDAP_FILTER_NOT: |
case LDAP_FILTER_NOT: |
| fprintf( stderr, "(%c" /*)*/, |
fstr->bv_len = STRLENOF("(%)"); |
| |
fstr->bv_val = op->o_tmpalloc( fstr->bv_len + 128, op->o_tmpmemctx ); |
| |
|
| |
snprintf( fstr->bv_val, fstr->bv_len + 1, "(%c)", |
| f->f_choice == LDAP_FILTER_AND ? '&' : |
f->f_choice == LDAP_FILTER_AND ? '&' : |
| f->f_choice == LDAP_FILTER_OR ? '|' : '!' ); |
f->f_choice == LDAP_FILTER_OR ? '|' : '!' ); |
| |
|
| for ( p = f->f_list; p != NULL; p = p->f_next ) { |
for ( p = f->f_list; p != NULL; p = p->f_next ) { |
| filter_print( p ); |
len = fstr->bv_len; |
| |
|
| |
filter2bv_x( op, p, &tmp ); |
| |
|
| |
fstr->bv_len += tmp.bv_len; |
| |
fstr->bv_val = op->o_tmprealloc( fstr->bv_val, fstr->bv_len + 1, |
| |
op->o_tmpmemctx ); |
| |
|
| |
snprintf( &fstr->bv_val[len-1], |
| |
tmp.bv_len + STRLENOF( /*(*/ ")" ) + 1, |
| |
/*"("*/ "%s)", tmp.bv_val ); |
| |
|
| |
op->o_tmpfree( tmp.bv_val, op->o_tmpmemctx ); |
| |
} |
| |
|
| |
break; |
| |
|
| |
case LDAP_FILTER_EXT: { |
| |
struct berval ad; |
| |
|
| |
filter_escape_value_x( &f->f_mr_value, &tmp, op->o_tmpmemctx ); |
| |
/* NOTE: tmp can legitimately be NULL (meaning empty) |
| |
* since in a Filter values in MRAs are supposed |
| |
* to have been normalized, meaning that an empty value |
| |
* is legal for that attribute's syntax */ |
| |
|
| |
if ( f->f_mr_desc ) { |
| |
ad = f->f_mr_desc->ad_cname; |
| |
} else { |
| |
ad.bv_len = 0; |
| |
ad.bv_val = ""; |
| |
} |
| |
|
| |
fstr->bv_len = ad.bv_len + |
| |
( f->f_mr_dnattrs ? STRLENOF(":dn") : 0 ) + |
| |
( f->f_mr_rule_text.bv_len ? f->f_mr_rule_text.bv_len+1 : 0 ) + |
| |
tmp.bv_len + STRLENOF("(:=)"); |
| |
fstr->bv_val = op->o_tmpalloc( fstr->bv_len + 1, op->o_tmpmemctx ); |
| |
|
| |
snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s%s%s%s%s:=%s)", |
| |
undef ? "?" : "", |
| |
ad.bv_val, |
| |
f->f_mr_dnattrs ? ":dn" : "", |
| |
f->f_mr_rule_text.bv_len ? ":" : "", |
| |
f->f_mr_rule_text.bv_len ? f->f_mr_rule_text.bv_val : "", |
| |
tmp.bv_len ? tmp.bv_val : "" ); |
| |
ber_memfree_x( tmp.bv_val, op->o_tmpmemctx ); |
| |
} break; |
| |
|
| |
case SLAPD_FILTER_COMPUTED: |
| |
switch ( f->f_result ) { |
| |
case LDAP_COMPARE_FALSE: |
| |
tmp = ber_bvfalse; |
| |
break; |
| |
|
| |
case LDAP_COMPARE_TRUE: |
| |
tmp = ber_bvtrue; |
| |
break; |
| |
|
| |
case SLAPD_COMPARE_UNDEFINED: |
| |
tmp = ber_bvundefined; |
| |
break; |
| |
|
| |
default: |
| |
tmp = ber_bverror; |
| |
break; |
| } |
} |
| fprintf( stderr, /*(*/ ")" ); |
|
| |
ber_dupbv_x( fstr, &tmp, op->o_tmpmemctx ); |
| break; |
break; |
| |
|
| |
default: |
| |
ber_dupbv_x( fstr, &ber_bvunknown, op->o_tmpmemctx ); |
| |
break; |
| |
} |
| |
} |
| |
|
| |
void |
| |
filter2bv( Filter *f, struct berval *fstr ) |
| |
{ |
| |
Operation op; |
| |
Opheader ohdr; |
| |
|
| |
op.o_hdr = &ohdr; |
| |
op.o_tmpmemctx = NULL; |
| |
op.o_tmpmfuncs = &ch_mfuncs; |
| |
|
| |
filter2bv_x( &op, f, fstr ); |
| |
} |
| |
|
| |
Filter * |
| |
filter_dup( Filter *f, void *memctx ) |
| |
{ |
| |
BerMemoryFunctions *mf = &slap_sl_mfuncs; |
| |
Filter *n; |
| |
|
| |
if ( !f ) |
| |
return NULL; |
| |
|
| |
n = mf->bmf_malloc( sizeof(Filter), memctx ); |
| |
n->f_choice = f->f_choice; |
| |
n->f_next = NULL; |
| |
|
| |
switch( f->f_choice & SLAPD_FILTER_MASK ) { |
| case SLAPD_FILTER_COMPUTED: |
case SLAPD_FILTER_COMPUTED: |
| fprintf( stderr, "(?=%s)", |
n->f_result = f->f_result; |
| f->f_result == LDAP_COMPARE_FALSE ? "false" : |
break; |
| f->f_result == LDAP_COMPARE_TRUE ? "true" : |
case LDAP_FILTER_PRESENT: |
| f->f_result == SLAPD_COMPARE_UNDEFINED ? "undefined" : |
n->f_desc = f->f_desc; |
| "error" ); |
break; |
| |
case LDAP_FILTER_EQUALITY: |
| |
case LDAP_FILTER_GE: |
| |
case LDAP_FILTER_LE: |
| |
case LDAP_FILTER_APPROX: |
| |
/* Should this be ava_dup() ? */ |
| |
n->f_ava = mf->bmf_calloc( 1, sizeof(AttributeAssertion), memctx ); |
| |
*n->f_ava = *f->f_ava; |
| |
ber_dupbv_x( &n->f_av_value, &f->f_av_value, memctx ); |
| |
break; |
| |
case LDAP_FILTER_SUBSTRINGS: |
| |
n->f_sub = mf->bmf_calloc( 1, sizeof(SubstringsAssertion), memctx ); |
| |
n->f_sub_desc = f->f_sub_desc; |
| |
if ( !BER_BVISNULL( &f->f_sub_initial )) |
| |
ber_dupbv_x( &n->f_sub_initial, &f->f_sub_initial, memctx ); |
| |
if ( f->f_sub_any ) { |
| |
int i; |
| |
for ( i = 0; !BER_BVISNULL( &f->f_sub_any[i] ); i++ ); |
| |
n->f_sub_any = mf->bmf_malloc(( i+1 )*sizeof( struct berval ), |
| |
memctx ); |
| |
for ( i = 0; !BER_BVISNULL( &f->f_sub_any[i] ); i++ ) { |
| |
ber_dupbv_x( &n->f_sub_any[i], &f->f_sub_any[i], memctx ); |
| |
} |
| |
BER_BVZERO( &n->f_sub_any[i] ); |
| |
} |
| |
if ( !BER_BVISNULL( &f->f_sub_final )) |
| |
ber_dupbv_x( &n->f_sub_final, &f->f_sub_final, memctx ); |
| |
break; |
| |
case LDAP_FILTER_EXT: { |
| |
/* Should this be mra_dup() ? */ |
| |
ber_len_t length; |
| |
length = sizeof(MatchingRuleAssertion); |
| |
if ( !BER_BVISNULL( &f->f_mr_rule_text )) |
| |
length += f->f_mr_rule_text.bv_len + 1; |
| |
n->f_mra = mf->bmf_calloc( 1, length, memctx ); |
| |
*n->f_mra = *f->f_mra; |
| |
ber_dupbv_x( &n->f_mr_value, &f->f_mr_value, memctx ); |
| |
if ( !BER_BVISNULL( &f->f_mr_rule_text )) { |
| |
n->f_mr_rule_text.bv_val = (char *)(n->f_mra+1); |
| |
AC_MEMCPY(n->f_mr_rule_text.bv_val, |
| |
f->f_mr_rule_text.bv_val, f->f_mr_rule_text.bv_len ); |
| |
} |
| |
} break; |
| |
case LDAP_FILTER_AND: |
| |
case LDAP_FILTER_OR: |
| |
case LDAP_FILTER_NOT: { |
| |
Filter **p; |
| |
for ( p = &n->f_list, f = f->f_list; f; f = f->f_next ) { |
| |
*p = filter_dup( f, memctx ); |
| |
p = &(*p)->f_next; |
| |
} |
| |
} break; |
| |
} |
| |
return n; |
| |
} |
| |
|
| |
static int |
| |
get_simple_vrFilter( |
| |
Operation *op, |
| |
BerElement *ber, |
| |
ValuesReturnFilter **filt, |
| |
const char **text ) |
| |
{ |
| |
ber_tag_t tag; |
| |
ber_len_t len; |
| |
int err; |
| |
ValuesReturnFilter vrf; |
| |
|
| |
Debug( LDAP_DEBUG_FILTER, "begin get_simple_vrFilter\n", 0, 0, 0 ); |
| |
|
| |
tag = ber_peek_tag( ber, &len ); |
| |
|
| |
if( tag == LBER_ERROR ) { |
| |
*text = "error decoding filter"; |
| |
return SLAPD_DISCONNECT; |
| |
} |
| |
|
| |
vrf.vrf_next = NULL; |
| |
|
| |
err = LDAP_SUCCESS; |
| |
vrf.vrf_choice = tag; |
| |
|
| |
switch ( vrf.vrf_choice ) { |
| |
case LDAP_FILTER_EQUALITY: |
| |
Debug( LDAP_DEBUG_FILTER, "EQUALITY\n", 0, 0, 0 ); |
| |
err = get_ava( op, ber, (Filter *)&vrf, SLAP_MR_EQUALITY, text ); |
| |
if ( err != LDAP_SUCCESS ) { |
| |
break; |
| |
} |
| |
|
| |
assert( vrf.vrf_ava != NULL ); |
| |
break; |
| |
|
| |
case LDAP_FILTER_SUBSTRINGS: |
| |
Debug( LDAP_DEBUG_FILTER, "SUBSTRINGS\n", 0, 0, 0 ); |
| |
err = get_ssa( op, ber, (Filter *)&vrf, text ); |
| |
break; |
| |
|
| |
case LDAP_FILTER_GE: |
| |
Debug( LDAP_DEBUG_FILTER, "GE\n", 0, 0, 0 ); |
| |
err = get_ava( op, ber, (Filter *)&vrf, SLAP_MR_ORDERING, text ); |
| |
if ( err != LDAP_SUCCESS ) { |
| |
break; |
| |
} |
| |
break; |
| |
|
| |
case LDAP_FILTER_LE: |
| |
Debug( LDAP_DEBUG_FILTER, "LE\n", 0, 0, 0 ); |
| |
err = get_ava( op, ber, (Filter *)&vrf, SLAP_MR_ORDERING, text ); |
| |
if ( err != LDAP_SUCCESS ) { |
| |
break; |
| |
} |
| |
break; |
| |
|
| |
case LDAP_FILTER_PRESENT: { |
| |
struct berval type; |
| |
|
| |
Debug( LDAP_DEBUG_FILTER, "PRESENT\n", 0, 0, 0 ); |
| |
if ( ber_scanf( ber, "m", &type ) == LBER_ERROR ) { |
| |
err = SLAPD_DISCONNECT; |
| |
*text = "error decoding filter"; |
| |
break; |
| |
} |
| |
|
| |
vrf.vrf_desc = NULL; |
| |
err = slap_bv2ad( &type, &vrf.vrf_desc, text ); |
| |
|
| |
if( err != LDAP_SUCCESS ) { |
| |
vrf.vrf_choice |= SLAPD_FILTER_UNDEFINED; |
| |
err = slap_bv2undef_ad( &type, &vrf.vrf_desc, text, |
| |
SLAP_AD_PROXIED); |
| |
|
| |
if( err != LDAP_SUCCESS ) { |
| |
/* unrecognized attribute description or other error */ |
| |
Debug( LDAP_DEBUG_ANY, |
| |
"get_simple_vrFilter: conn %lu unknown " |
| |
"attribute type=%s (%d)\n", |
| |
op->o_connid, type.bv_val, err ); |
| |
|
| |
vrf.vrf_choice = SLAPD_FILTER_COMPUTED; |
| |
vrf.vrf_result = LDAP_COMPARE_FALSE; |
| |
err = LDAP_SUCCESS; |
| |
break; |
| |
} |
| |
} |
| |
} break; |
| |
|
| |
case LDAP_FILTER_APPROX: |
| |
Debug( LDAP_DEBUG_FILTER, "APPROX\n", 0, 0, 0 ); |
| |
err = get_ava( op, ber, (Filter *)&vrf, SLAP_MR_EQUALITY_APPROX, text ); |
| |
if ( err != LDAP_SUCCESS ) { |
| |
break; |
| |
} |
| |
break; |
| |
|
| |
case LDAP_FILTER_EXT: |
| |
Debug( LDAP_DEBUG_FILTER, "EXTENSIBLE\n", 0, 0, 0 ); |
| |
|
| |
err = get_mra( op, ber, (Filter *)&vrf, text ); |
| |
if ( err != LDAP_SUCCESS ) { |
| |
break; |
| |
} |
| |
|
| |
assert( vrf.vrf_mra != NULL ); |
| break; |
break; |
| |
|
| default: |
default: |
| fprintf( stderr, "(unknown-filter=%lu)", f->f_choice ); |
(void) ber_scanf( ber, "x" ); /* skip the element */ |
| |
Debug( LDAP_DEBUG_ANY, "get_simple_vrFilter: unknown filter type=%lu\n", |
| |
vrf.vrf_choice, 0, 0 ); |
| |
vrf.vrf_choice = SLAPD_FILTER_COMPUTED; |
| |
vrf.vrf_result = SLAPD_COMPARE_UNDEFINED; |
| break; |
break; |
| } |
} |
| |
|
| |
if ( err != LDAP_SUCCESS && err != SLAPD_DISCONNECT ) { |
| |
/* ignore error */ |
| |
vrf.vrf_choice = SLAPD_FILTER_COMPUTED; |
| |
vrf.vrf_result = SLAPD_COMPARE_UNDEFINED; |
| |
err = LDAP_SUCCESS; |
| |
} |
| |
|
| |
if ( err == LDAP_SUCCESS ) { |
| |
*filt = ch_malloc( sizeof vrf ); |
| |
**filt = vrf; |
| |
} |
| |
|
| |
Debug( LDAP_DEBUG_FILTER, "end get_simple_vrFilter %d\n", err, 0, 0 ); |
| |
|
| |
return err; |
| } |
} |
| |
|
| #endif /* ldap_debug */ |
int |
| |
get_vrFilter( Operation *op, BerElement *ber, |
| |
ValuesReturnFilter **vrf, |
| |
const char **text ) |
| |
{ |
| |
/* |
| |
* A ValuesReturnFilter looks like this: |
| |
* |
| |
* ValuesReturnFilter ::= SEQUENCE OF SimpleFilterItem |
| |
* SimpleFilterItem ::= CHOICE { |
| |
* equalityMatch [3] AttributeValueAssertion, |
| |
* substrings [4] SubstringFilter, |
| |
* greaterOrEqual [5] AttributeValueAssertion, |
| |
* lessOrEqual [6] AttributeValueAssertion, |
| |
* present [7] AttributeType, |
| |
* approxMatch [8] AttributeValueAssertion, |
| |
* extensibleMatch [9] SimpleMatchingAssertion -- LDAPv3 |
| |
* } |
| |
* |
| |
* SubstringFilter ::= SEQUENCE { |
| |
* type AttributeType, |
| |
* SEQUENCE OF CHOICE { |
| |
* initial [0] IA5String, |
| |
* any [1] IA5String, |
| |
* final [2] IA5String |
| |
* } |
| |
* } |
| |
* |
| |
* SimpleMatchingAssertion ::= SEQUENCE { -- LDAPv3 |
| |
* matchingRule [1] MatchingRuleId OPTIONAL, |
| |
* type [2] AttributeDescription OPTIONAL, |
| |
* matchValue [3] AssertionValue } |
| |
*/ |
| |
|
| |
ValuesReturnFilter **n; |
| |
ber_tag_t tag; |
| |
ber_len_t len; |
| |
char *last; |
| |
|
| |
Debug( LDAP_DEBUG_FILTER, "begin get_vrFilter\n", 0, 0, 0 ); |
| |
|
| int filter_escape_value( |
tag = ber_peek_tag( ber, &len ); |
| struct berval *in, |
|
| struct berval *out ) |
if( tag == LBER_ERROR ) { |
| |
*text = "error decoding vrFilter"; |
| |
return SLAPD_DISCONNECT; |
| |
} |
| |
|
| |
if( tag != LBER_SEQUENCE ) { |
| |
*text = "error decoding vrFilter, expect SEQUENCE tag"; |
| |
return SLAPD_DISCONNECT; |
| |
} |
| |
|
| |
n = vrf; |
| |
for ( tag = ber_first_element( ber, &len, &last ); |
| |
tag != LBER_DEFAULT; |
| |
tag = ber_next_element( ber, &len, last ) ) |
| |
{ |
| |
int err = get_simple_vrFilter( op, ber, n, text ); |
| |
|
| |
if ( err != LDAP_SUCCESS ) return( err ); |
| |
|
| |
n = &(*n)->vrf_next; |
| |
} |
| |
*n = NULL; |
| |
|
| |
Debug( LDAP_DEBUG_FILTER, "end get_vrFilter\n", 0, 0, 0 ); |
| |
return( LDAP_SUCCESS ); |
| |
} |
| |
|
| |
void |
| |
vrFilter_free( Operation *op, ValuesReturnFilter *vrf ) |
| { |
{ |
| ber_len_t i; |
ValuesReturnFilter *p, *next; |
| assert( in ); |
|
| assert( out ); |
if ( vrf == NULL ) { |
| |
return; |
| |
} |
| |
|
| out->bv_val = (char *) ch_malloc( ( in->bv_len * 3 ) + 1 ); |
for ( p = vrf; p != NULL; p = next ) { |
| out->bv_len = 0; |
next = p->vrf_next; |
| |
|
| for( i=0; i < in->bv_len ; i++ ) { |
switch ( vrf->vrf_choice & SLAPD_FILTER_MASK ) { |
| if( FILTER_ESCAPE(in->bv_val[i]) ) { |
case LDAP_FILTER_PRESENT: |
| out->bv_val[out->bv_len++] = SLAP_ESCAPE_CHAR; |
break; |
| out->bv_val[out->bv_len++] = SLAP_ESCAPE_HI( in->bv_val[i] ); |
|
| out->bv_val[out->bv_len++] = SLAP_ESCAPE_LO( in->bv_val[i] ); |
case LDAP_FILTER_EQUALITY: |
| } else { |
case LDAP_FILTER_GE: |
| out->bv_val[out->bv_len++] = in->bv_val[i]; |
case LDAP_FILTER_LE: |
| |
case LDAP_FILTER_APPROX: |
| |
ava_free( op, vrf->vrf_ava, 1 ); |
| |
break; |
| |
|
| |
case LDAP_FILTER_SUBSTRINGS: |
| |
if ( vrf->vrf_sub_initial.bv_val != NULL ) { |
| |
op->o_tmpfree( vrf->vrf_sub_initial.bv_val, op->o_tmpmemctx ); |
| |
} |
| |
ber_bvarray_free_x( vrf->vrf_sub_any, op->o_tmpmemctx ); |
| |
if ( vrf->vrf_sub_final.bv_val != NULL ) { |
| |
op->o_tmpfree( vrf->vrf_sub_final.bv_val, op->o_tmpmemctx ); |
| |
} |
| |
op->o_tmpfree( vrf->vrf_sub, op->o_tmpmemctx ); |
| |
break; |
| |
|
| |
case LDAP_FILTER_EXT: |
| |
mra_free( op, vrf->vrf_mra, 1 ); |
| |
break; |
| |
|
| |
case SLAPD_FILTER_COMPUTED: |
| |
break; |
| |
|
| |
default: |
| |
Debug( LDAP_DEBUG_ANY, "filter_free: unknown filter type=%lu\n", |
| |
vrf->vrf_choice, 0, 0 ); |
| |
break; |
| } |
} |
| |
|
| |
op->o_tmpfree( vrf, op->o_tmpmemctx ); |
| |
} |
| |
} |
| |
|
| |
void |
| |
vrFilter2bv( Operation *op, ValuesReturnFilter *vrf, struct berval *fstr ) |
| |
{ |
| |
ValuesReturnFilter *p; |
| |
struct berval tmp; |
| |
ber_len_t len; |
| |
|
| |
if ( vrf == NULL ) { |
| |
ber_str2bv_x( "No filter!", STRLENOF("No filter!"), |
| |
1, fstr, op->o_tmpmemctx ); |
| |
return; |
| |
} |
| |
|
| |
fstr->bv_len = STRLENOF("()"); |
| |
fstr->bv_val = op->o_tmpalloc( fstr->bv_len + 128, op->o_tmpmemctx ); |
| |
|
| |
snprintf( fstr->bv_val, fstr->bv_len + 1, "()"); |
| |
|
| |
for ( p = vrf; p != NULL; p = p->vrf_next ) { |
| |
len = fstr->bv_len; |
| |
|
| |
simple_vrFilter2bv( op, p, &tmp ); |
| |
|
| |
fstr->bv_len += tmp.bv_len; |
| |
fstr->bv_val = op->o_tmprealloc( fstr->bv_val, fstr->bv_len + 1, |
| |
op->o_tmpmemctx ); |
| |
|
| |
snprintf( &fstr->bv_val[len-1], tmp.bv_len + 2, |
| |
/*"("*/ "%s)", tmp.bv_val ); |
| |
|
| |
op->o_tmpfree( tmp.bv_val, op->o_tmpmemctx ); |
| |
} |
| |
} |
| |
|
| |
static void |
| |
simple_vrFilter2bv( Operation *op, ValuesReturnFilter *vrf, struct berval *fstr ) |
| |
{ |
| |
struct berval tmp; |
| |
ber_len_t len; |
| |
|
| |
if ( vrf == NULL ) { |
| |
ber_str2bv_x( "No filter!", STRLENOF("No filter!"), 1, fstr, |
| |
op->o_tmpmemctx ); |
| |
return; |
| } |
} |
| |
int undef = vrf->vrf_choice & SLAPD_FILTER_UNDEFINED; |
| |
|
| out->bv_val[out->bv_len] = '\0'; |
switch ( vrf->vrf_choice & SLAPD_FILTER_MASK ) { |
| return LDAP_SUCCESS; |
case LDAP_FILTER_EQUALITY: |
| |
filter_escape_value_x( &vrf->vrf_av_value, &tmp, op->o_tmpmemctx ); |
| |
|
| |
fstr->bv_len = vrf->vrf_av_desc->ad_cname.bv_len + |
| |
tmp.bv_len + STRLENOF("(=)"); |
| |
if ( undef ) fstr->bv_len++; |
| |
fstr->bv_val = op->o_tmpalloc( fstr->bv_len + 1, op->o_tmpmemctx ); |
| |
|
| |
snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s=%s)", |
| |
vrf->vrf_av_desc->ad_cname.bv_val, |
| |
tmp.bv_val ); |
| |
|
| |
ber_memfree_x( tmp.bv_val, op->o_tmpmemctx ); |
| |
break; |
| |
|
| |
case LDAP_FILTER_GE: |
| |
filter_escape_value_x( &vrf->vrf_av_value, &tmp, op->o_tmpmemctx ); |
| |
|
| |
fstr->bv_len = vrf->vrf_av_desc->ad_cname.bv_len + |
| |
tmp.bv_len + STRLENOF("(>=)"); |
| |
if ( undef ) fstr->bv_len++; |
| |
fstr->bv_val = op->o_tmpalloc( fstr->bv_len + 1, op->o_tmpmemctx ); |
| |
|
| |
snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s>=%s)", |
| |
vrf->vrf_av_desc->ad_cname.bv_val, |
| |
tmp.bv_val ); |
| |
|
| |
ber_memfree_x( tmp.bv_val, op->o_tmpmemctx ); |
| |
break; |
| |
|
| |
case LDAP_FILTER_LE: |
| |
filter_escape_value_x( &vrf->vrf_av_value, &tmp, op->o_tmpmemctx ); |
| |
|
| |
fstr->bv_len = vrf->vrf_av_desc->ad_cname.bv_len + |
| |
tmp.bv_len + STRLENOF("(<=)"); |
| |
if ( undef ) fstr->bv_len++; |
| |
fstr->bv_val = op->o_tmpalloc( fstr->bv_len + 1, op->o_tmpmemctx ); |
| |
|
| |
snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s<=%s)", |
| |
vrf->vrf_av_desc->ad_cname.bv_val, |
| |
tmp.bv_val ); |
| |
|
| |
ber_memfree_x( tmp.bv_val, op->o_tmpmemctx ); |
| |
break; |
| |
|
| |
case LDAP_FILTER_APPROX: |
| |
filter_escape_value_x( &vrf->vrf_av_value, &tmp, op->o_tmpmemctx ); |
| |
|
| |
fstr->bv_len = vrf->vrf_av_desc->ad_cname.bv_len + |
| |
tmp.bv_len + STRLENOF("(~=)"); |
| |
if ( undef ) fstr->bv_len++; |
| |
fstr->bv_val = op->o_tmpalloc( fstr->bv_len + 1, op->o_tmpmemctx ); |
| |
|
| |
snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s~=%s)", |
| |
vrf->vrf_av_desc->ad_cname.bv_val, |
| |
tmp.bv_val ); |
| |
ber_memfree_x( tmp.bv_val, op->o_tmpmemctx ); |
| |
break; |
| |
|
| |
case LDAP_FILTER_SUBSTRINGS: |
| |
fstr->bv_len = vrf->vrf_sub_desc->ad_cname.bv_len + |
| |
STRLENOF("(=*)"); |
| |
if ( undef ) fstr->bv_len++; |
| |
fstr->bv_val = op->o_tmpalloc( fstr->bv_len + 128, op->o_tmpmemctx ); |
| |
|
| |
snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s=*)", |
| |
vrf->vrf_sub_desc->ad_cname.bv_val ); |
| |
|
| |
if ( vrf->vrf_sub_initial.bv_val != NULL ) { |
| |
len = fstr->bv_len; |
| |
|
| |
filter_escape_value_x( &vrf->vrf_sub_initial, &tmp, op->o_tmpmemctx ); |
| |
|
| |
fstr->bv_len += tmp.bv_len; |
| |
fstr->bv_val = op->o_tmprealloc( fstr->bv_val, fstr->bv_len + 1, |
| |
op->o_tmpmemctx ); |
| |
|
| |
snprintf( &fstr->bv_val[len-2], tmp.bv_len+3, |
| |
/* "(attr=" */ "%s*)", |
| |
tmp.bv_val ); |
| |
|
| |
ber_memfree_x( tmp.bv_val, op->o_tmpmemctx ); |
| |
} |
| |
|
| |
if ( vrf->vrf_sub_any != NULL ) { |
| |
int i; |
| |
for ( i = 0; vrf->vrf_sub_any[i].bv_val != NULL; i++ ) { |
| |
len = fstr->bv_len; |
| |
filter_escape_value_x( &vrf->vrf_sub_any[i], &tmp, |
| |
op->o_tmpmemctx ); |
| |
|
| |
fstr->bv_len += tmp.bv_len + 1; |
| |
fstr->bv_val = op->o_tmprealloc( fstr->bv_val, |
| |
fstr->bv_len + 1, op->o_tmpmemctx ); |
| |
|
| |
snprintf( &fstr->bv_val[len-1], tmp.bv_len+3, |
| |
/* "(attr=[init]*[any*]" */ "%s*)", |
| |
tmp.bv_val ); |
| |
ber_memfree_x( tmp.bv_val, op->o_tmpmemctx ); |
| |
} |
| |
} |
| |
|
| |
if ( vrf->vrf_sub_final.bv_val != NULL ) { |
| |
len = fstr->bv_len; |
| |
|
| |
filter_escape_value_x( &vrf->vrf_sub_final, &tmp, op->o_tmpmemctx ); |
| |
|
| |
fstr->bv_len += tmp.bv_len; |
| |
fstr->bv_val = op->o_tmprealloc( fstr->bv_val, fstr->bv_len + 1, |
| |
op->o_tmpmemctx ); |
| |
|
| |
snprintf( &fstr->bv_val[len-1], tmp.bv_len+3, |
| |
/* "(attr=[init*][any*]" */ "%s)", |
| |
tmp.bv_val ); |
| |
|
| |
ber_memfree_x( tmp.bv_val, op->o_tmpmemctx ); |
| |
} |
| |
|
| |
break; |
| |
|
| |
case LDAP_FILTER_PRESENT: |
| |
fstr->bv_len = vrf->vrf_desc->ad_cname.bv_len + |
| |
STRLENOF("(=*)"); |
| |
if ( undef ) fstr->bv_len++; |
| |
fstr->bv_val = op->o_tmpalloc( fstr->bv_len + 1, op->o_tmpmemctx ); |
| |
|
| |
snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s=*)", |
| |
vrf->vrf_desc->ad_cname.bv_val ); |
| |
break; |
| |
|
| |
case LDAP_FILTER_EXT: { |
| |
struct berval ad; |
| |
filter_escape_value_x( &vrf->vrf_mr_value, &tmp, op->o_tmpmemctx ); |
| |
|
| |
if ( vrf->vrf_mr_desc ) { |
| |
ad = vrf->vrf_mr_desc->ad_cname; |
| |
} else { |
| |
ad.bv_len = 0; |
| |
ad.bv_val = ""; |
| |
} |
| |
|
| |
fstr->bv_len = ad.bv_len + |
| |
( vrf->vrf_mr_dnattrs ? STRLENOF(":dn") : 0 ) + |
| |
( vrf->vrf_mr_rule_text.bv_len |
| |
? vrf->vrf_mr_rule_text.bv_len+1 : 0 ) + |
| |
tmp.bv_len + STRLENOF("(:=)"); |
| |
if ( undef ) fstr->bv_len++; |
| |
fstr->bv_val = op->o_tmpalloc( fstr->bv_len + 1, op->o_tmpmemctx ); |
| |
|
| |
snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s%s%s%s:=%s)", |
| |
ad.bv_val, |
| |
vrf->vrf_mr_dnattrs ? ":dn" : "", |
| |
vrf->vrf_mr_rule_text.bv_len ? ":" : "", |
| |
vrf->vrf_mr_rule_text.bv_len ? vrf->vrf_mr_rule_text.bv_val : "", |
| |
tmp.bv_val ); |
| |
|
| |
ber_memfree_x( tmp.bv_val, op->o_tmpmemctx ); |
| |
} break; |
| |
|
| |
case SLAPD_FILTER_COMPUTED: |
| |
ber_str2bv_x( |
| |
vrf->vrf_result == LDAP_COMPARE_FALSE ? "(?=false)" : |
| |
vrf->vrf_result == LDAP_COMPARE_TRUE ? "(?=true)" : |
| |
vrf->vrf_result == SLAPD_COMPARE_UNDEFINED |
| |
? "(?=undefined)" : "(?=error)", |
| |
vrf->vrf_result == LDAP_COMPARE_FALSE ? STRLENOF("(?=false)") : |
| |
vrf->vrf_result == LDAP_COMPARE_TRUE ? STRLENOF("(?=true)") : |
| |
vrf->vrf_result == SLAPD_COMPARE_UNDEFINED |
| |
? STRLENOF("(?=undefined)") : STRLENOF("(?=error)"), |
| |
1, fstr, op->o_tmpmemctx ); |
| |
break; |
| |
|
| |
default: |
| |
ber_str2bv_x( "(?=unknown)", STRLENOF("(?=unknown)"), |
| |
1, fstr, op->o_tmpmemctx ); |
| |
break; |
| |
} |
| } |
} |
![[BACK]](/cvsweb/icons/back.gif){kind=icon}
Return to filter.c CVS log ![[TXT]](/cvsweb/icons/text.gif){kind=icon}
![[DIR]](/cvsweb/icons/dir.gif){kind=icon}
Up to [OpenLDAP] / servers / slapd