|
version 1.4.2.2, 1998/11/15 19:09:05
|
version 1.125.2.2, 2005/07/11 05:55:30
|
|
Line 1
|
Line 1
|
| /* filter.c - routines for parsing and dealing with filters */ |
/* filter.c - routines for parsing and dealing with filters */ |
| |
/* $OpenLDAP: pkg/ldap/servers/slapd/filter.c,v 1.128 2005/07/04 03:29:12 hallvard Exp $ */ |
| |
/* This work is part of OpenLDAP Software <http://www.openldap.org/>. |
| |
* |
| |
* Copyright 1998-2005 The OpenLDAP Foundation. |
| |
* All rights reserved. |
| |
* |
| |
* Redistribution and use in source and binary forms, with or without |
| |
* modification, are permitted only as authorized by the OpenLDAP |
| |
* Public License. |
| |
* |
| |
* A copy of this license is available in the file LICENSE in the |
| |
* top-level directory of the distribution or, alternatively, at |
| |
* <http://www.OpenLDAP.org/license.html>. |
| |
*/ |
| |
/* Portions Copyright (c) 1995 Regents of the University of Michigan. |
| |
* All rights reserved. |
| |
* |
| |
* Redistribution and use in source and binary forms are permitted |
| |
* provided that this notice is preserved and that due credit is given |
| |
* to the University of Michigan at Ann Arbor. The name of the University |
| |
* may not be used to endorse or promote products derived from this |
| |
* software without specific prior written permission. This software |
| |
* is provided ``as is'' without express or implied warranty. |
| |
*/ |
| |
|
| #include "portable.h" |
#include "portable.h" |
| |
|
|
Line 9
|
Line 33
|
| |
|
| #include "slap.h" |
#include "slap.h" |
| |
|
| static int get_filter_list(); |
static int get_filter_list( |
| static int get_substring_filter(); |
Operation *op, |
| |
BerElement *ber, |
| extern int get_ava(); |
Filter **f, |
| |
const char **text ); |
| |
|
| |
static int get_ssa( |
| |
Operation *op, |
| |
BerElement *ber, |
| |
SubstringsAssertion **s, |
| |
const char **text ); |
| |
|
| |
static int filter_escape_value_x( |
| |
struct berval *in, |
| |
struct berval *out, |
| |
void *ctx ); |
| |
|
| |
static void simple_vrFilter2bv( |
| |
Operation *op, |
| |
ValuesReturnFilter *f, |
| |
struct berval *fstr ); |
| |
|
| |
static int get_simple_vrFilter( |
| |
Operation *op, |
| |
BerElement *ber, |
| |
ValuesReturnFilter **f, |
| |
const char **text ); |
| |
|
| int |
int |
| get_filter( Connection *conn, BerElement *ber, Filter **filt, char **fstr ) |
get_filter( |
| |
Operation *op, |
| |
BerElement *ber, |
| |
Filter **filt, |
| |
const char **text ) |
| { |
{ |
| unsigned long tag, len; |
ber_tag_t tag; |
| |
ber_len_t len; |
| int err; |
int err; |
| Filter *f; |
Filter f; |
| char *ftmp; |
|
| |
|
| Debug( LDAP_DEBUG_FILTER, "begin get_filter\n", 0, 0, 0 ); |
Debug( LDAP_DEBUG_FILTER, "begin get_filter\n", 0, 0, 0 ); |
| |
|
| /* |
/* |
| * A filter looks like this coming in: |
* A filter looks like this coming in: |
| * Filter ::= CHOICE { |
* Filter ::= CHOICE { |
|
Line 36 get_filter( Connection *conn, BerElement
|
Line 86 get_filter( Connection *conn, BerElement
|
| * lessOrEqual [6] AttributeValueAssertion, |
* lessOrEqual [6] AttributeValueAssertion, |
| * present [7] AttributeType,, |
* present [7] AttributeType,, |
| * approxMatch [8] AttributeValueAssertion |
* approxMatch [8] AttributeValueAssertion |
| |
* extensibleMatch [9] MatchingRuleAssertion |
| * } |
* } |
| * |
* |
| * SubstringFilter ::= SEQUENCE { |
* SubstringFilter ::= SEQUENCE { |
| * type AttributeType, |
* type AttributeType, |
| * SEQUENCE OF CHOICE { |
* SEQUENCE OF CHOICE { |
| * initial [0] IA5String, |
* initial [0] IA5String, |
| * any [1] IA5String, |
* any [1] IA5String, |
| * final [2] IA5String |
* final [2] IA5String |
| * } |
* } |
| * } |
* } |
| |
* |
| |
* MatchingRuleAssertion ::= SEQUENCE { |
| |
* matchingRule [1] MatchingRuleId OPTIONAL, |
| |
* type [2] AttributeDescription OPTIONAL, |
| |
* matchValue [3] AssertionValue, |
| |
* dnAttributes [4] BOOLEAN DEFAULT FALSE |
| |
* } |
| |
* |
| */ |
*/ |
| |
|
| f = (Filter *) ch_malloc( sizeof(Filter) ); |
tag = ber_peek_tag( ber, &len ); |
| *filt = f; |
|
| f->f_next = NULL; |
if( tag == LBER_ERROR ) { |
| |
*text = "error decoding filter"; |
| err = 0; |
return SLAPD_DISCONNECT; |
| *fstr = NULL; |
|
| f->f_choice = ber_peek_tag( ber, &len ); |
|
| #ifdef LDAP_COMPAT30 |
|
| if ( conn->c_version == 30 ) { |
|
| switch ( f->f_choice ) { |
|
| case LDAP_FILTER_EQUALITY: |
|
| case LDAP_FILTER_GE: |
|
| case LDAP_FILTER_LE: |
|
| case LDAP_FILTER_PRESENT: |
|
| case LDAP_FILTER_PRESENT_30: |
|
| case LDAP_FILTER_APPROX: |
|
| (void) ber_skip_tag( ber, &len ); |
|
| if ( f->f_choice == LDAP_FILTER_PRESENT_30 ) { |
|
| f->f_choice = LDAP_FILTER_PRESENT; |
|
| } |
|
| break; |
|
| default: |
|
| break; |
|
| } |
|
| } |
} |
| #endif |
|
| switch ( f->f_choice ) { |
err = LDAP_SUCCESS; |
| |
|
| |
f.f_next = NULL; |
| |
f.f_choice = tag; |
| |
|
| |
switch ( f.f_choice ) { |
| case LDAP_FILTER_EQUALITY: |
case LDAP_FILTER_EQUALITY: |
| Debug( LDAP_DEBUG_FILTER, "EQUALITY\n", 0, 0, 0 ); |
Debug( LDAP_DEBUG_FILTER, "EQUALITY\n", 0, 0, 0 ); |
| if ( (err = get_ava( ber, &f->f_ava )) == 0 ) { |
err = get_ava( op, ber, &f.f_ava, SLAP_MR_EQUALITY, text ); |
| *fstr = ch_malloc(4 + strlen( f->f_avtype ) + |
if ( err != LDAP_SUCCESS ) { |
| f->f_avvalue.bv_len); |
break; |
| sprintf( *fstr, "(%s=%s)", f->f_avtype, |
|
| f->f_avvalue.bv_val ); |
|
| } |
} |
| |
|
| |
assert( f.f_ava != NULL ); |
| break; |
break; |
| |
|
| case LDAP_FILTER_SUBSTRINGS: |
case LDAP_FILTER_SUBSTRINGS: |
| Debug( LDAP_DEBUG_FILTER, "SUBSTRINGS\n", 0, 0, 0 ); |
Debug( LDAP_DEBUG_FILTER, "SUBSTRINGS\n", 0, 0, 0 ); |
| err = get_substring_filter( conn, ber, f, fstr ); |
err = get_ssa( op, ber, &f.f_sub, text ); |
| |
if( err != LDAP_SUCCESS ) { |
| |
break; |
| |
} |
| |
assert( f.f_sub != NULL ); |
| break; |
break; |
| |
|
| case LDAP_FILTER_GE: |
case LDAP_FILTER_GE: |
| Debug( LDAP_DEBUG_FILTER, "GE\n", 0, 0, 0 ); |
Debug( LDAP_DEBUG_FILTER, "GE\n", 0, 0, 0 ); |
| if ( (err = get_ava( ber, &f->f_ava )) == 0 ) { |
err = get_ava( op, ber, &f.f_ava, SLAP_MR_ORDERING, text ); |
| *fstr = ch_malloc(5 + strlen( f->f_avtype ) + |
if ( err != LDAP_SUCCESS ) { |
| f->f_avvalue.bv_len); |
break; |
| sprintf( *fstr, "(%s>=%s)", f->f_avtype, |
|
| f->f_avvalue.bv_val ); |
|
| } |
} |
| |
assert( f.f_ava != NULL ); |
| break; |
break; |
| |
|
| case LDAP_FILTER_LE: |
case LDAP_FILTER_LE: |
| Debug( LDAP_DEBUG_FILTER, "LE\n", 0, 0, 0 ); |
Debug( LDAP_DEBUG_FILTER, "LE\n", 0, 0, 0 ); |
| if ( (err = get_ava( ber, &f->f_ava )) == 0 ) { |
err = get_ava( op, ber, &f.f_ava, SLAP_MR_ORDERING, text ); |
| *fstr = ch_malloc(5 + strlen( f->f_avtype ) + |
if ( err != LDAP_SUCCESS ) { |
| f->f_avvalue.bv_len); |
break; |
| sprintf( *fstr, "(%s<=%s)", f->f_avtype, |
|
| f->f_avvalue.bv_val ); |
|
| } |
} |
| |
assert( f.f_ava != NULL ); |
| break; |
break; |
| |
|
| case LDAP_FILTER_PRESENT: |
case LDAP_FILTER_PRESENT: { |
| |
struct berval type; |
| |
|
| Debug( LDAP_DEBUG_FILTER, "PRESENT\n", 0, 0, 0 ); |
Debug( LDAP_DEBUG_FILTER, "PRESENT\n", 0, 0, 0 ); |
| if ( ber_scanf( ber, "a", &f->f_type ) == LBER_ERROR ) { |
if ( ber_scanf( ber, "m", &type ) == LBER_ERROR ) { |
| err = LDAP_PROTOCOL_ERROR; |
err = SLAPD_DISCONNECT; |
| } else { |
*text = "error decoding filter"; |
| |
break; |
| |
} |
| |
|
| |
f.f_desc = NULL; |
| |
err = slap_bv2ad( &type, &f.f_desc, text ); |
| |
|
| |
if( err != LDAP_SUCCESS ) { |
| |
/* unrecognized attribute description or other error */ |
| |
Debug( LDAP_DEBUG_ANY, |
| |
"get_filter: conn %lu unknown attribute " |
| |
"type=%s (%d)\n", |
| |
op->o_connid, type.bv_val, err ); |
| |
|
| |
f.f_choice = SLAPD_FILTER_COMPUTED; |
| |
f.f_result = LDAP_COMPARE_FALSE; |
| err = LDAP_SUCCESS; |
err = LDAP_SUCCESS; |
| attr_normalize( f->f_type ); |
*text = NULL; |
| *fstr = ch_malloc( 5 + strlen( f->f_type ) ); |
break; |
| sprintf( *fstr, "(%s=*)", f->f_type ); |
|
| } |
} |
| break; |
|
| |
assert( f.f_desc != NULL ); |
| |
} break; |
| |
|
| case LDAP_FILTER_APPROX: |
case LDAP_FILTER_APPROX: |
| Debug( LDAP_DEBUG_FILTER, "APPROX\n", 0, 0, 0 ); |
Debug( LDAP_DEBUG_FILTER, "APPROX\n", 0, 0, 0 ); |
| if ( (err = get_ava( ber, &f->f_ava )) == 0 ) { |
err = get_ava( op, ber, &f.f_ava, SLAP_MR_EQUALITY_APPROX, text ); |
| *fstr = ch_malloc(5 + strlen( f->f_avtype ) + |
if ( err != LDAP_SUCCESS ) { |
| f->f_avvalue.bv_len); |
break; |
| sprintf( *fstr, "(%s~=%s)", f->f_avtype, |
|
| f->f_avvalue.bv_val ); |
|
| } |
} |
| |
assert( f.f_ava != NULL ); |
| break; |
break; |
| |
|
| case LDAP_FILTER_AND: |
case LDAP_FILTER_AND: |
| Debug( LDAP_DEBUG_FILTER, "AND\n", 0, 0, 0 ); |
Debug( LDAP_DEBUG_FILTER, "AND\n", 0, 0, 0 ); |
| if ( (err = get_filter_list( conn, ber, &f->f_and, &ftmp )) |
err = get_filter_list( op, ber, &f.f_and, text ); |
| == 0 ) { |
if ( err != LDAP_SUCCESS ) { |
| if (ftmp == NULL) ftmp = strdup(""); |
break; |
| *fstr = ch_malloc( 4 + strlen( ftmp ) ); |
} |
| sprintf( *fstr, "(&%s)", ftmp ); |
if ( f.f_and == NULL ) { |
| free( ftmp ); |
f.f_choice = SLAPD_FILTER_COMPUTED; |
| |
f.f_result = LDAP_COMPARE_TRUE; |
| } |
} |
| |
/* no assert - list could be empty */ |
| break; |
break; |
| |
|
| case LDAP_FILTER_OR: |
case LDAP_FILTER_OR: |
| Debug( LDAP_DEBUG_FILTER, "OR\n", 0, 0, 0 ); |
Debug( LDAP_DEBUG_FILTER, "OR\n", 0, 0, 0 ); |
| if ( (err = get_filter_list( conn, ber, &f->f_or, &ftmp )) |
err = get_filter_list( op, ber, &f.f_or, text ); |
| == 0 ) { |
if ( err != LDAP_SUCCESS ) { |
| if (ftmp == NULL) ftmp = strdup(""); |
break; |
| *fstr = ch_malloc( 4 + strlen( ftmp ) ); |
} |
| sprintf( *fstr, "(|%s)", ftmp ); |
if ( f.f_or == NULL ) { |
| free( ftmp ); |
f.f_choice = SLAPD_FILTER_COMPUTED; |
| |
f.f_result = LDAP_COMPARE_FALSE; |
| } |
} |
| |
/* no assert - list could be empty */ |
| break; |
break; |
| |
|
| case LDAP_FILTER_NOT: |
case LDAP_FILTER_NOT: |
| Debug( LDAP_DEBUG_FILTER, "NOT\n", 0, 0, 0 ); |
Debug( LDAP_DEBUG_FILTER, "NOT\n", 0, 0, 0 ); |
| (void) ber_skip_tag( ber, &len ); |
(void) ber_skip_tag( ber, &len ); |
| if ( (err = get_filter( conn, ber, &f->f_not, &ftmp )) == 0 ) { |
err = get_filter( op, ber, &f.f_not, text ); |
| if (ftmp == NULL) ftmp = strdup(""); |
if ( err != LDAP_SUCCESS ) { |
| *fstr = ch_malloc( 4 + strlen( ftmp ) ); |
break; |
| sprintf( *fstr, "(!%s)", ftmp ); |
} |
| free( ftmp ); |
|
| |
assert( f.f_not != NULL ); |
| |
if ( f.f_not->f_choice == SLAPD_FILTER_COMPUTED ) { |
| |
int fresult = f.f_not->f_result; |
| |
f.f_choice = SLAPD_FILTER_COMPUTED; |
| |
op->o_tmpfree( f.f_not, op->o_tmpmemctx ); |
| |
f.f_not = NULL; |
| |
|
| |
switch( fresult ) { |
| |
case LDAP_COMPARE_TRUE: |
| |
f.f_result = LDAP_COMPARE_FALSE; |
| |
break; |
| |
case LDAP_COMPARE_FALSE: |
| |
f.f_result = LDAP_COMPARE_TRUE; |
| |
break; |
| |
default: ; |
| |
/* (!Undefined) is Undefined */ |
| |
} |
| |
} |
| |
break; |
| |
|
| |
case LDAP_FILTER_EXT: |
| |
Debug( LDAP_DEBUG_FILTER, "EXTENSIBLE\n", 0, 0, 0 ); |
| |
|
| |
err = get_mra( op, ber, &f.f_mra, text ); |
| |
if ( err != LDAP_SUCCESS ) { |
| |
break; |
| } |
} |
| |
|
| |
assert( f.f_mra != NULL ); |
| break; |
break; |
| |
|
| default: |
default: |
| Debug( LDAP_DEBUG_ANY, "unknown filter type %d\n", f->f_choice, |
(void) ber_scanf( ber, "x" ); /* skip the element */ |
| 0, 0 ); |
Debug( LDAP_DEBUG_ANY, "get_filter: unknown filter type=%lu\n", |
| err = LDAP_PROTOCOL_ERROR; |
f.f_choice, 0, 0 ); |
| |
f.f_choice = SLAPD_FILTER_COMPUTED; |
| |
f.f_result = SLAPD_COMPARE_UNDEFINED; |
| break; |
break; |
| } |
} |
| |
|
| if ( err != 0 ) { |
if( err != LDAP_SUCCESS && err != SLAPD_DISCONNECT ) { |
| free( (char *) f ); |
/* ignore error */ |
| if ( *fstr != NULL ) { |
*text = NULL; |
| free( *fstr ); |
f.f_choice = SLAPD_FILTER_COMPUTED; |
| } |
f.f_result = SLAPD_COMPARE_UNDEFINED; |
| |
err = LDAP_SUCCESS; |
| |
} |
| |
|
| |
if ( err == LDAP_SUCCESS ) { |
| |
*filt = op->o_tmpalloc( sizeof(f), op->o_tmpmemctx ); |
| |
**filt = f; |
| } |
} |
| |
|
| Debug( LDAP_DEBUG_FILTER, "end get_filter %d\n", err, 0, 0 ); |
Debug( LDAP_DEBUG_FILTER, "end get_filter %d\n", err, 0, 0 ); |
| |
|
| return( err ); |
return( err ); |
| } |
} |
| |
|
| static int |
static int |
| get_filter_list( Connection *conn, BerElement *ber, Filter **f, char **fstr ) |
get_filter_list( Operation *op, BerElement *ber, |
| |
Filter **f, |
| |
const char **text ) |
| { |
{ |
| Filter **new; |
Filter **new; |
| int err; |
int err; |
| unsigned long tag, len; |
ber_tag_t tag; |
| char *last, *ftmp; |
ber_len_t len; |
| |
char *last; |
| |
|
| Debug( LDAP_DEBUG_FILTER, "begin get_filter_list\n", 0, 0, 0 ); |
Debug( LDAP_DEBUG_FILTER, "begin get_filter_list\n", 0, 0, 0 ); |
| |
|
| #ifdef LDAP_COMPAT30 |
|
| if ( conn->c_version == 30 ) { |
|
| (void) ber_skip_tag( ber, &len ); |
|
| } |
|
| #endif |
|
| *fstr = NULL; |
|
| new = f; |
new = f; |
| for ( tag = ber_first_element( ber, &len, &last ); tag != LBER_DEFAULT; |
for ( tag = ber_first_element( ber, &len, &last ); |
| tag = ber_next_element( ber, &len, last ) ) { |
tag != LBER_DEFAULT; |
| if ( (err = get_filter( conn, ber, new, &ftmp )) != 0 ) |
tag = ber_next_element( ber, &len, last ) ) |
| |
{ |
| |
err = get_filter( op, ber, new, text ); |
| |
if ( err != LDAP_SUCCESS ) |
| return( err ); |
return( err ); |
| if ( *fstr == NULL ) { |
|
| *fstr = ftmp; |
|
| } else { |
|
| *fstr = ch_realloc( *fstr, strlen( *fstr ) + |
|
| strlen( ftmp ) + 1 ); |
|
| strcat( *fstr, ftmp ); |
|
| free( ftmp ); |
|
| } |
|
| new = &(*new)->f_next; |
new = &(*new)->f_next; |
| } |
} |
| *new = NULL; |
*new = NULL; |
| |
|
| Debug( LDAP_DEBUG_FILTER, "end get_filter_list\n", 0, 0, 0 ); |
Debug( LDAP_DEBUG_FILTER, "end get_filter_list\n", 0, 0, 0 ); |
| return( 0 ); |
return( LDAP_SUCCESS ); |
| } |
} |
| |
|
| static int |
static int |
| get_substring_filter( |
get_ssa( |
| Connection *conn, |
Operation *op, |
| BerElement *ber, |
BerElement *ber, |
| Filter *f, |
SubstringsAssertion **out, |
| char **fstr |
const char **text ) |
| ) |
{ |
| { |
ber_tag_t tag; |
| unsigned long tag, len, rc; |
ber_len_t len; |
| char *val, *last; |
ber_tag_t rc; |
| int syntax; |
struct berval desc, value, nvalue; |
| |
char *last; |
| |
SubstringsAssertion ssa; |
| |
|
| |
*text = "error decoding filter"; |
| |
*out = NULL; |
| |
|
| |
Debug( LDAP_DEBUG_FILTER, "begin get_ssa\n", 0, 0, 0 ); |
| |
if ( ber_scanf( ber, "{m" /*}*/, &desc ) == LBER_ERROR ) { |
| |
return SLAPD_DISCONNECT; |
| |
} |
| |
|
| Debug( LDAP_DEBUG_FILTER, "begin get_substring_filter\n", 0, 0, 0 ); |
*text = NULL; |
| |
|
| #ifdef LDAP_COMPAT30 |
ssa.sa_desc = NULL; |
| if ( conn->c_version == 30 ) { |
ssa.sa_initial.bv_val = NULL; |
| (void) ber_skip_tag( ber, &len ); |
ssa.sa_any = NULL; |
| |
ssa.sa_final.bv_val = NULL; |
| |
|
| |
rc = slap_bv2ad( &desc, &ssa.sa_desc, text ); |
| |
|
| |
if( rc != LDAP_SUCCESS ) { |
| |
Debug( LDAP_DEBUG_ANY, |
| |
"get_ssa: conn %lu unknown attribute type=%s (%ld)\n", |
| |
op->o_connid, desc.bv_val, (long) rc ); |
| |
|
| |
/* skip over the rest of this filter */ |
| |
for ( tag = ber_first_element( ber, &len, &last ); |
| |
tag != LBER_DEFAULT; |
| |
tag = ber_next_element( ber, &len, last ) ) { |
| |
ber_scanf( ber, "x" ); |
| |
} |
| |
return rc; |
| } |
} |
| #endif |
|
| if ( ber_scanf( ber, "{a", &f->f_sub_type ) == LBER_ERROR ) { |
rc = LDAP_PROTOCOL_ERROR; |
| return( LDAP_PROTOCOL_ERROR ); |
|
| } |
for ( tag = ber_first_element( ber, &len, &last ); |
| attr_normalize( f->f_sub_type ); |
tag != LBER_DEFAULT; |
| syntax = attr_syntax( f->f_sub_type ); |
tag = ber_next_element( ber, &len, last ) ) |
| f->f_sub_initial = NULL; |
{ |
| f->f_sub_any = NULL; |
unsigned usage; |
| f->f_sub_final = NULL; |
|
| |
rc = ber_scanf( ber, "m", &value ); |
| *fstr = ch_malloc( strlen( f->f_sub_type ) + 3 ); |
|
| sprintf( *fstr, "(%s=", f->f_sub_type ); |
|
| for ( tag = ber_first_element( ber, &len, &last ); tag != LBER_DEFAULT; |
|
| tag = ber_next_element( ber, &len, last ) ) { |
|
| #ifdef LDAP_COMPAT30 |
|
| if ( conn->c_version == 30 ) { |
|
| rc = ber_scanf( ber, "{a}", &val ); |
|
| } else |
|
| #endif |
|
| rc = ber_scanf( ber, "a", &val ); |
|
| if ( rc == LBER_ERROR ) { |
if ( rc == LBER_ERROR ) { |
| return( LDAP_PROTOCOL_ERROR ); |
rc = SLAPD_DISCONNECT; |
| |
goto return_error; |
| } |
} |
| if ( val == NULL || *val == '\0' ) { |
|
| if ( val != NULL ) { |
if ( value.bv_val == NULL || value.bv_len == 0 ) { |
| free( val ); |
rc = LDAP_INVALID_SYNTAX; |
| |
goto return_error; |
| |
} |
| |
|
| |
switch ( tag ) { |
| |
case LDAP_SUBSTRING_INITIAL: |
| |
if ( ssa.sa_initial.bv_val != NULL |
| |
|| ssa.sa_any != NULL |
| |
|| ssa.sa_final.bv_val != NULL ) |
| |
{ |
| |
rc = LDAP_PROTOCOL_ERROR; |
| |
goto return_error; |
| |
} |
| |
usage = SLAP_MR_SUBSTR_INITIAL; |
| |
break; |
| |
|
| |
case LDAP_SUBSTRING_ANY: |
| |
if ( ssa.sa_final.bv_val != NULL ) { |
| |
rc = LDAP_PROTOCOL_ERROR; |
| |
goto return_error; |
| |
} |
| |
usage = SLAP_MR_SUBSTR_ANY; |
| |
break; |
| |
|
| |
case LDAP_SUBSTRING_FINAL: |
| |
if ( ssa.sa_final.bv_val != NULL ) { |
| |
rc = LDAP_PROTOCOL_ERROR; |
| |
goto return_error; |
| } |
} |
| return( LDAP_INVALID_SYNTAX ); |
|
| |
usage = SLAP_MR_SUBSTR_FINAL; |
| |
break; |
| |
|
| |
default: |
| |
Debug( LDAP_DEBUG_FILTER, |
| |
" unknown substring choice=%ld\n", |
| |
(long) tag, 0, 0 ); |
| |
|
| |
rc = LDAP_PROTOCOL_ERROR; |
| |
goto return_error; |
| } |
} |
| value_normalize( val, syntax ); |
|
| |
/* validate/normalize using equality matching rule validator! */ |
| |
rc = asserted_value_validate_normalize( |
| |
ssa.sa_desc, ssa.sa_desc->ad_type->sat_equality, |
| |
usage, &value, &nvalue, text, op->o_tmpmemctx ); |
| |
if( rc != LDAP_SUCCESS ) goto return_error; |
| |
|
| switch ( tag ) { |
switch ( tag ) { |
| #ifdef LDAP_COMPAT30 |
|
| case LDAP_SUBSTRING_INITIAL_30: |
|
| #endif |
|
| case LDAP_SUBSTRING_INITIAL: |
case LDAP_SUBSTRING_INITIAL: |
| Debug( LDAP_DEBUG_FILTER, " INITIAL\n", 0, 0, 0 ); |
Debug( LDAP_DEBUG_FILTER, " INITIAL\n", 0, 0, 0 ); |
| if ( f->f_sub_initial != NULL ) { |
ssa.sa_initial = nvalue; |
| return( LDAP_PROTOCOL_ERROR ); |
|
| } |
|
| f->f_sub_initial = val; |
|
| *fstr = ch_realloc( *fstr, strlen( *fstr ) + |
|
| strlen( val ) + 1 ); |
|
| strcat( *fstr, val ); |
|
| break; |
break; |
| |
|
| #ifdef LDAP_COMPAT30 |
|
| case LDAP_SUBSTRING_ANY_30: |
|
| #endif |
|
| case LDAP_SUBSTRING_ANY: |
case LDAP_SUBSTRING_ANY: |
| Debug( LDAP_DEBUG_FILTER, " ANY\n", 0, 0, 0 ); |
Debug( LDAP_DEBUG_FILTER, " ANY\n", 0, 0, 0 ); |
| charray_add( &f->f_sub_any, val ); |
ber_bvarray_add_x( &ssa.sa_any, &nvalue, op->o_tmpmemctx ); |
| *fstr = ch_realloc( *fstr, strlen( *fstr ) + |
|
| strlen( val ) + 2 ); |
|
| strcat( *fstr, "*" ); |
|
| strcat( *fstr, val ); |
|
| break; |
break; |
| |
|
| #ifdef LDAP_COMPAT30 |
|
| case LDAP_SUBSTRING_FINAL_30: |
|
| #endif |
|
| case LDAP_SUBSTRING_FINAL: |
case LDAP_SUBSTRING_FINAL: |
| Debug( LDAP_DEBUG_FILTER, " FINAL\n", 0, 0, 0 ); |
Debug( LDAP_DEBUG_FILTER, " FINAL\n", 0, 0, 0 ); |
| if ( f->f_sub_final != NULL ) { |
ssa.sa_final = nvalue; |
| return( LDAP_PROTOCOL_ERROR ); |
|
| } |
|
| f->f_sub_final = val; |
|
| *fstr = ch_realloc( *fstr, strlen( *fstr ) + |
|
| strlen( val ) + 2 ); |
|
| strcat( *fstr, "*" ); |
|
| strcat( *fstr, val ); |
|
| break; |
break; |
| |
|
| default: |
default: |
| Debug( LDAP_DEBUG_FILTER, " unknown type\n", tag, 0, |
assert( 0 ); |
| 0 ); |
slap_sl_free( nvalue.bv_val, op->o_tmpmemctx ); |
| return( LDAP_PROTOCOL_ERROR ); |
rc = LDAP_PROTOCOL_ERROR; |
| |
|
| |
return_error: |
| |
Debug( LDAP_DEBUG_FILTER, " error=%ld\n", |
| |
(long) rc, 0, 0 ); |
| |
slap_sl_free( ssa.sa_initial.bv_val, op->o_tmpmemctx ); |
| |
ber_bvarray_free_x( ssa.sa_any, op->o_tmpmemctx ); |
| |
slap_sl_free( ssa.sa_final.bv_val, op->o_tmpmemctx ); |
| |
return rc; |
| } |
} |
| |
|
| |
rc = LDAP_SUCCESS; |
| } |
} |
| *fstr = ch_realloc( *fstr, strlen( *fstr ) + 3 ); |
|
| if ( f->f_sub_final == NULL ) { |
if( rc == LDAP_SUCCESS ) { |
| strcat( *fstr, "*" ); |
*out = op->o_tmpalloc( sizeof( ssa ), op->o_tmpmemctx ); |
| |
**out = ssa; |
| } |
} |
| strcat( *fstr, ")" ); |
|
| |
|
| Debug( LDAP_DEBUG_FILTER, "end get_substring_filter\n", 0, 0, 0 ); |
Debug( LDAP_DEBUG_FILTER, "end get_ssa\n", 0, 0, 0 ); |
| return( 0 ); |
return rc /* LDAP_SUCCESS */ ; |
| } |
} |
| |
|
| void |
void |
| filter_free( Filter *f ) |
filter_free_x( Operation *op, Filter *f ) |
| { |
{ |
| Filter *p, *next; |
Filter *p, *next; |
| |
|
|
Line 337 filter_free( Filter *f )
|
Line 476 filter_free( Filter *f )
|
| } |
} |
| |
|
| switch ( f->f_choice ) { |
switch ( f->f_choice ) { |
| |
case LDAP_FILTER_PRESENT: |
| |
break; |
| |
|
| case LDAP_FILTER_EQUALITY: |
case LDAP_FILTER_EQUALITY: |
| case LDAP_FILTER_GE: |
case LDAP_FILTER_GE: |
| case LDAP_FILTER_LE: |
case LDAP_FILTER_LE: |
| case LDAP_FILTER_APPROX: |
case LDAP_FILTER_APPROX: |
| ava_free( &f->f_ava, 0 ); |
ava_free( op, f->f_ava, 1 ); |
| break; |
break; |
| |
|
| case LDAP_FILTER_SUBSTRINGS: |
case LDAP_FILTER_SUBSTRINGS: |
| if ( f->f_sub_type != NULL ) { |
if ( f->f_sub_initial.bv_val != NULL ) { |
| free( f->f_sub_type ); |
op->o_tmpfree( f->f_sub_initial.bv_val, op->o_tmpmemctx ); |
| } |
} |
| if ( f->f_sub_initial != NULL ) { |
ber_bvarray_free_x( f->f_sub_any, op->o_tmpmemctx ); |
| free( f->f_sub_initial ); |
if ( f->f_sub_final.bv_val != NULL ) { |
| } |
op->o_tmpfree( f->f_sub_final.bv_val, op->o_tmpmemctx ); |
| charray_free( f->f_sub_any ); |
|
| if ( f->f_sub_final != NULL ) { |
|
| free( f->f_sub_final ); |
|
| } |
|
| break; |
|
| |
|
| case LDAP_FILTER_PRESENT: |
|
| if ( f->f_type != NULL ) { |
|
| free( f->f_type ); |
|
| } |
} |
| |
op->o_tmpfree( f->f_sub, op->o_tmpmemctx ); |
| break; |
break; |
| |
|
| case LDAP_FILTER_AND: |
case LDAP_FILTER_AND: |
|
Line 368 filter_free( Filter *f )
|
Line 502 filter_free( Filter *f )
|
| case LDAP_FILTER_NOT: |
case LDAP_FILTER_NOT: |
| for ( p = f->f_list; p != NULL; p = next ) { |
for ( p = f->f_list; p != NULL; p = next ) { |
| next = p->f_next; |
next = p->f_next; |
| filter_free( p ); |
filter_free_x( op, p ); |
| } |
} |
| break; |
break; |
| |
|
| |
case LDAP_FILTER_EXT: |
| |
mra_free( op, f->f_mra, 1 ); |
| |
break; |
| |
|
| |
case SLAPD_FILTER_COMPUTED: |
| |
break; |
| |
|
| default: |
default: |
| Debug( LDAP_DEBUG_ANY, "unknown filter type %d\n", f->f_choice, |
Debug( LDAP_DEBUG_ANY, "filter_free: unknown filter type=%lu\n", |
| 0, 0 ); |
f->f_choice, 0, 0 ); |
| break; |
break; |
| } |
} |
| free( f ); |
|
| |
op->o_tmpfree( f, op->o_tmpmemctx ); |
| } |
} |
| |
|
| #ifdef LDAP_DEBUG |
void |
| |
filter_free( Filter *f ) |
| |
{ |
| |
Operation op; |
| |
Opheader ohdr; |
| |
|
| |
op.o_hdr = &ohdr; |
| |
op.o_tmpmemctx = slap_sl_context( f ); |
| |
op.o_tmpmfuncs = &slap_sl_mfuncs; |
| |
filter_free_x( &op, f ); |
| |
} |
| |
|
| void |
void |
| filter_print( Filter *f ) |
filter2bv_x( Operation *op, Filter *f, struct berval *fstr ) |
| { |
{ |
| int i; |
int i; |
| Filter *p; |
Filter *p; |
| |
struct berval tmp; |
| |
static struct berval |
| |
ber_bvfalse = BER_BVC( "(?=false)" ), |
| |
ber_bvtrue = BER_BVC( "(?=true)" ), |
| |
ber_bvundefined = BER_BVC( "(?=undefined)" ), |
| |
ber_bverror = BER_BVC( "(?=error)" ), |
| |
ber_bvunknown = BER_BVC( "(?=unknown)" ), |
| |
ber_bvnone = BER_BVC( "(?=none)" ); |
| |
ber_len_t len; |
| |
|
| if ( f == NULL ) { |
if ( f == NULL ) { |
| fprintf( stderr, "NULL" ); |
ber_dupbv_x( fstr, &ber_bvnone, op->o_tmpmemctx ); |
| |
return; |
| } |
} |
| |
|
| switch ( f->f_choice ) { |
switch ( f->f_choice ) { |
| case LDAP_FILTER_EQUALITY: |
case LDAP_FILTER_EQUALITY: |
| fprintf( stderr, "(%s=%s)", f->f_ava.ava_type, |
filter_escape_value_x( &f->f_av_value, &tmp, op->o_tmpmemctx ); |
| f->f_ava.ava_value.bv_val ); |
|
| |
fstr->bv_len = f->f_av_desc->ad_cname.bv_len + |
| |
tmp.bv_len + ( sizeof("(=)") - 1 ); |
| |
fstr->bv_val = op->o_tmpalloc( fstr->bv_len + 1, op->o_tmpmemctx ); |
| |
|
| |
snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s=%s)", |
| |
f->f_av_desc->ad_cname.bv_val, |
| |
tmp.bv_val ); |
| |
|
| |
ber_memfree_x( tmp.bv_val, op->o_tmpmemctx ); |
| break; |
break; |
| |
|
| case LDAP_FILTER_GE: |
case LDAP_FILTER_GE: |
| fprintf( stderr, "(%s>=%s)", f->f_ava.ava_type, |
filter_escape_value_x( &f->f_av_value, &tmp, op->o_tmpmemctx ); |
| f->f_ava.ava_value.bv_val ); |
|
| |
fstr->bv_len = f->f_av_desc->ad_cname.bv_len + |
| |
tmp.bv_len + ( sizeof("(>=)") - 1 ); |
| |
fstr->bv_val = op->o_tmpalloc( fstr->bv_len + 1, op->o_tmpmemctx ); |
| |
|
| |
snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s>=%s)", |
| |
f->f_av_desc->ad_cname.bv_val, |
| |
tmp.bv_val ); |
| |
|
| |
ber_memfree_x( tmp.bv_val, op->o_tmpmemctx ); |
| break; |
break; |
| |
|
| case LDAP_FILTER_LE: |
case LDAP_FILTER_LE: |
| fprintf( stderr, "(%s<=%s)", f->f_ava.ava_type, |
filter_escape_value_x( &f->f_av_value, &tmp, op->o_tmpmemctx ); |
| f->f_ava.ava_value.bv_val ); |
|
| |
fstr->bv_len = f->f_av_desc->ad_cname.bv_len + |
| |
tmp.bv_len + ( sizeof("(<=)") - 1 ); |
| |
fstr->bv_val = op->o_tmpalloc( fstr->bv_len + 1, op->o_tmpmemctx ); |
| |
|
| |
snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s<=%s)", |
| |
f->f_av_desc->ad_cname.bv_val, |
| |
tmp.bv_val ); |
| |
|
| |
ber_memfree_x( tmp.bv_val, op->o_tmpmemctx ); |
| break; |
break; |
| |
|
| case LDAP_FILTER_APPROX: |
case LDAP_FILTER_APPROX: |
| fprintf( stderr, "(%s~=%s)", f->f_ava.ava_type, |
filter_escape_value_x( &f->f_av_value, &tmp, op->o_tmpmemctx ); |
| f->f_ava.ava_value.bv_val ); |
|
| |
fstr->bv_len = f->f_av_desc->ad_cname.bv_len + |
| |
tmp.bv_len + ( sizeof("(~=)") - 1 ); |
| |
fstr->bv_val = op->o_tmpalloc( fstr->bv_len + 1, op->o_tmpmemctx ); |
| |
|
| |
snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s~=%s)", |
| |
f->f_av_desc->ad_cname.bv_val, |
| |
tmp.bv_val ); |
| |
ber_memfree_x( tmp.bv_val, op->o_tmpmemctx ); |
| break; |
break; |
| |
|
| case LDAP_FILTER_SUBSTRINGS: |
case LDAP_FILTER_SUBSTRINGS: |
| fprintf( stderr, "(%s=", f->f_sub_type ); |
fstr->bv_len = f->f_sub_desc->ad_cname.bv_len + |
| if ( f->f_sub_initial != NULL ) { |
( sizeof("(=*)") - 1 ); |
| fprintf( stderr, "%s", f->f_sub_initial ); |
fstr->bv_val = op->o_tmpalloc( fstr->bv_len + 128, op->o_tmpmemctx ); |
| |
|
| |
snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s=*)", |
| |
f->f_sub_desc->ad_cname.bv_val ); |
| |
|
| |
if ( f->f_sub_initial.bv_val != NULL ) { |
| |
len = fstr->bv_len; |
| |
|
| |
filter_escape_value_x( &f->f_sub_initial, &tmp, op->o_tmpmemctx ); |
| |
|
| |
fstr->bv_len += tmp.bv_len; |
| |
fstr->bv_val = op->o_tmprealloc( fstr->bv_val, fstr->bv_len + 1, |
| |
op->o_tmpmemctx ); |
| |
|
| |
snprintf( &fstr->bv_val[len-2], tmp.bv_len+3, |
| |
/* "(attr=" */ "%s*)", |
| |
tmp.bv_val ); |
| |
|
| |
ber_memfree_x( tmp.bv_val, op->o_tmpmemctx ); |
| } |
} |
| |
|
| if ( f->f_sub_any != NULL ) { |
if ( f->f_sub_any != NULL ) { |
| for ( i = 0; f->f_sub_any[i] != NULL; i++ ) { |
for ( i = 0; f->f_sub_any[i].bv_val != NULL; i++ ) { |
| fprintf( stderr, "*%s", f->f_sub_any[i] ); |
len = fstr->bv_len; |
| |
filter_escape_value_x( &f->f_sub_any[i], |
| |
&tmp, op->o_tmpmemctx ); |
| |
|
| |
fstr->bv_len += tmp.bv_len + 1; |
| |
fstr->bv_val = op->o_tmprealloc( fstr->bv_val, fstr->bv_len + 1, |
| |
op->o_tmpmemctx ); |
| |
|
| |
snprintf( &fstr->bv_val[len-1], tmp.bv_len+3, |
| |
/* "(attr=[init]*[any*]" */ "%s*)", |
| |
tmp.bv_val ); |
| |
ber_memfree_x( tmp.bv_val, op->o_tmpmemctx ); |
| } |
} |
| } |
} |
| charray_free( f->f_sub_any ); |
|
| if ( f->f_sub_final != NULL ) { |
if ( f->f_sub_final.bv_val != NULL ) { |
| fprintf( stderr, "*%s", f->f_sub_final ); |
len = fstr->bv_len; |
| |
|
| |
filter_escape_value_x( &f->f_sub_final, &tmp, op->o_tmpmemctx ); |
| |
|
| |
fstr->bv_len += tmp.bv_len; |
| |
fstr->bv_val = op->o_tmprealloc( fstr->bv_val, fstr->bv_len + 1, |
| |
op->o_tmpmemctx ); |
| |
|
| |
snprintf( &fstr->bv_val[len-1], tmp.bv_len+3, |
| |
/* "(attr=[init*][any*]" */ "%s)", |
| |
tmp.bv_val ); |
| |
|
| |
ber_memfree_x( tmp.bv_val, op->o_tmpmemctx ); |
| } |
} |
| |
|
| break; |
break; |
| |
|
| case LDAP_FILTER_PRESENT: |
case LDAP_FILTER_PRESENT: |
| fprintf( stderr, "%s=*", f->f_type ); |
fstr->bv_len = f->f_desc->ad_cname.bv_len + |
| |
( sizeof("(=*)") - 1 ); |
| |
fstr->bv_val = op->o_tmpalloc( fstr->bv_len + 1, op->o_tmpmemctx ); |
| |
|
| |
snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s=*)", |
| |
f->f_desc->ad_cname.bv_val ); |
| break; |
break; |
| |
|
| case LDAP_FILTER_AND: |
case LDAP_FILTER_AND: |
| case LDAP_FILTER_OR: |
case LDAP_FILTER_OR: |
| case LDAP_FILTER_NOT: |
case LDAP_FILTER_NOT: |
| fprintf( stderr, "(%c", f->f_choice == LDAP_FILTER_AND ? '&' : |
fstr->bv_len = sizeof("(%)") - 1; |
| f->f_choice == LDAP_FILTER_OR ? '|' : '!' ); |
fstr->bv_val = op->o_tmpalloc( fstr->bv_len + 128, op->o_tmpmemctx ); |
| |
|
| |
snprintf( fstr->bv_val, fstr->bv_len + 1, "(%c)", |
| |
f->f_choice == LDAP_FILTER_AND ? '&' : |
| |
f->f_choice == LDAP_FILTER_OR ? '|' : '!' ); |
| |
|
| for ( p = f->f_list; p != NULL; p = p->f_next ) { |
for ( p = f->f_list; p != NULL; p = p->f_next ) { |
| filter_print( p ); |
len = fstr->bv_len; |
| |
|
| |
filter2bv_x( op, p, &tmp ); |
| |
|
| |
fstr->bv_len += tmp.bv_len; |
| |
fstr->bv_val = op->o_tmprealloc( fstr->bv_val, fstr->bv_len + 1, |
| |
op->o_tmpmemctx ); |
| |
|
| |
snprintf( &fstr->bv_val[len-1], tmp.bv_len + 2, |
| |
/*"("*/ "%s)", tmp.bv_val ); |
| |
|
| |
op->o_tmpfree( tmp.bv_val, op->o_tmpmemctx ); |
| } |
} |
| fprintf( stderr, ")" ); |
|
| break; |
break; |
| |
|
| |
case LDAP_FILTER_EXT: { |
| |
struct berval ad; |
| |
filter_escape_value_x( &f->f_mr_value, &tmp, op->o_tmpmemctx ); |
| |
|
| |
if ( f->f_mr_desc ) { |
| |
ad = f->f_mr_desc->ad_cname; |
| |
} else { |
| |
ad.bv_len = 0; |
| |
ad.bv_val = ""; |
| |
} |
| |
|
| |
fstr->bv_len = ad.bv_len + |
| |
( f->f_mr_dnattrs ? sizeof(":dn")-1 : 0 ) + |
| |
( f->f_mr_rule_text.bv_len ? f->f_mr_rule_text.bv_len+1 : 0 ) + |
| |
tmp.bv_len + ( sizeof("(:=)") - 1 ); |
| |
fstr->bv_val = op->o_tmpalloc( fstr->bv_len + 1, op->o_tmpmemctx ); |
| |
|
| |
snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s%s%s%s:=%s)", |
| |
ad.bv_val, |
| |
f->f_mr_dnattrs ? ":dn" : "", |
| |
f->f_mr_rule_text.bv_len ? ":" : "", |
| |
f->f_mr_rule_text.bv_len ? f->f_mr_rule_text.bv_val : "", |
| |
tmp.bv_val ); |
| |
ber_memfree_x( tmp.bv_val, op->o_tmpmemctx ); |
| |
} break; |
| |
|
| |
case SLAPD_FILTER_COMPUTED: |
| |
switch ( f->f_result ) { |
| |
case LDAP_COMPARE_FALSE: |
| |
tmp = ber_bvfalse; |
| |
break; |
| |
|
| |
case LDAP_COMPARE_TRUE: |
| |
tmp = ber_bvtrue; |
| |
break; |
| |
|
| |
case SLAPD_COMPARE_UNDEFINED: |
| |
tmp = ber_bvundefined; |
| |
break; |
| |
|
| |
default: |
| |
tmp = ber_bverror; |
| |
break; |
| |
} |
| |
|
| |
ber_dupbv_x( fstr, &tmp, op->o_tmpmemctx ); |
| |
break; |
| |
|
| default: |
default: |
| fprintf( stderr, "unknown type %d", f->f_choice ); |
ber_dupbv_x( fstr, &ber_bvunknown, op->o_tmpmemctx ); |
| break; |
break; |
| } |
} |
| } |
} |
| |
|
| #endif /* ldap_debug */ |
void |
| |
filter2bv( Filter *f, struct berval *fstr ) |
| |
{ |
| |
Operation op; |
| |
Opheader ohdr; |
| |
|
| |
op.o_hdr = &ohdr; |
| |
op.o_tmpmemctx = NULL; |
| |
op.o_tmpmfuncs = &ch_mfuncs; |
| |
|
| |
filter2bv_x( &op, f, fstr ); |
| |
} |
| |
|
| |
static int |
| |
filter_escape_value_x( |
| |
struct berval *in, |
| |
struct berval *out, |
| |
void *ctx ) |
| |
{ |
| |
ber_len_t i; |
| |
assert( in ); |
| |
assert( out ); |
| |
|
| |
i = in->bv_len * 3 + 1; |
| |
out->bv_val = ctx ? slap_sl_malloc( i, ctx ) : ch_malloc( i ); |
| |
out->bv_len = 0; |
| |
|
| |
for( i=0; i < in->bv_len ; i++ ) { |
| |
if( FILTER_ESCAPE(in->bv_val[i]) ) { |
| |
out->bv_val[out->bv_len++] = SLAP_ESCAPE_CHAR; |
| |
out->bv_val[out->bv_len++] = SLAP_ESCAPE_HI( in->bv_val[i] ); |
| |
out->bv_val[out->bv_len++] = SLAP_ESCAPE_LO( in->bv_val[i] ); |
| |
} else { |
| |
out->bv_val[out->bv_len++] = in->bv_val[i]; |
| |
} |
| |
} |
| |
|
| |
out->bv_val[out->bv_len] = '\0'; |
| |
return LDAP_SUCCESS; |
| |
} |
| |
|
| |
int |
| |
filter_escape_value( |
| |
struct berval *in, |
| |
struct berval *out ) |
| |
{ |
| |
return filter_escape_value_x( in, out, NULL ); |
| |
} |
| |
|
| |
static int |
| |
get_simple_vrFilter( |
| |
Operation *op, |
| |
BerElement *ber, |
| |
ValuesReturnFilter **filt, |
| |
const char **text ) |
| |
{ |
| |
ber_tag_t tag; |
| |
ber_len_t len; |
| |
int err; |
| |
ValuesReturnFilter vrf; |
| |
|
| |
Debug( LDAP_DEBUG_FILTER, "begin get_simple_vrFilter\n", 0, 0, 0 ); |
| |
|
| |
tag = ber_peek_tag( ber, &len ); |
| |
|
| |
if( tag == LBER_ERROR ) { |
| |
*text = "error decoding filter"; |
| |
return SLAPD_DISCONNECT; |
| |
} |
| |
|
| |
vrf.vrf_next = NULL; |
| |
|
| |
err = LDAP_SUCCESS; |
| |
vrf.vrf_choice = tag; |
| |
|
| |
switch ( vrf.vrf_choice ) { |
| |
case LDAP_FILTER_EQUALITY: |
| |
Debug( LDAP_DEBUG_FILTER, "EQUALITY\n", 0, 0, 0 ); |
| |
err = get_ava( op, ber, &vrf.vrf_ava, SLAP_MR_EQUALITY, text ); |
| |
if ( err != LDAP_SUCCESS ) { |
| |
break; |
| |
} |
| |
|
| |
assert( vrf.vrf_ava != NULL ); |
| |
break; |
| |
|
| |
case LDAP_FILTER_SUBSTRINGS: |
| |
Debug( LDAP_DEBUG_FILTER, "SUBSTRINGS\n", 0, 0, 0 ); |
| |
err = get_ssa( op, ber, &vrf.vrf_sub, text ); |
| |
break; |
| |
|
| |
case LDAP_FILTER_GE: |
| |
Debug( LDAP_DEBUG_FILTER, "GE\n", 0, 0, 0 ); |
| |
err = get_ava( op, ber, &vrf.vrf_ava, SLAP_MR_ORDERING, text ); |
| |
if ( err != LDAP_SUCCESS ) { |
| |
break; |
| |
} |
| |
break; |
| |
|
| |
case LDAP_FILTER_LE: |
| |
Debug( LDAP_DEBUG_FILTER, "LE\n", 0, 0, 0 ); |
| |
err = get_ava( op, ber, &vrf.vrf_ava, SLAP_MR_ORDERING, text ); |
| |
if ( err != LDAP_SUCCESS ) { |
| |
break; |
| |
} |
| |
break; |
| |
|
| |
case LDAP_FILTER_PRESENT: { |
| |
struct berval type; |
| |
|
| |
Debug( LDAP_DEBUG_FILTER, "PRESENT\n", 0, 0, 0 ); |
| |
if ( ber_scanf( ber, "m", &type ) == LBER_ERROR ) { |
| |
err = SLAPD_DISCONNECT; |
| |
*text = "error decoding filter"; |
| |
break; |
| |
} |
| |
|
| |
vrf.vrf_desc = NULL; |
| |
err = slap_bv2ad( &type, &vrf.vrf_desc, text ); |
| |
|
| |
if( err != LDAP_SUCCESS ) { |
| |
/* unrecognized attribute description or other error */ |
| |
Debug( LDAP_DEBUG_ANY, |
| |
"get_simple_vrFilter: conn %lu unknown " |
| |
"attribute type=%s (%d)\n", |
| |
op->o_connid, type.bv_val, err ); |
| |
|
| |
vrf.vrf_choice = SLAPD_FILTER_COMPUTED; |
| |
vrf.vrf_result = LDAP_COMPARE_FALSE; |
| |
err = LDAP_SUCCESS; |
| |
break; |
| |
} |
| |
} break; |
| |
|
| |
case LDAP_FILTER_APPROX: |
| |
Debug( LDAP_DEBUG_FILTER, "APPROX\n", 0, 0, 0 ); |
| |
err = get_ava( op, ber, &vrf.vrf_ava, SLAP_MR_EQUALITY_APPROX, text ); |
| |
if ( err != LDAP_SUCCESS ) { |
| |
break; |
| |
} |
| |
break; |
| |
|
| |
case LDAP_FILTER_EXT: |
| |
Debug( LDAP_DEBUG_FILTER, "EXTENSIBLE\n", 0, 0, 0 ); |
| |
|
| |
err = get_mra( op, ber, &vrf.vrf_mra, text ); |
| |
if ( err != LDAP_SUCCESS ) { |
| |
break; |
| |
} |
| |
|
| |
assert( vrf.vrf_mra != NULL ); |
| |
break; |
| |
|
| |
default: |
| |
(void) ber_scanf( ber, "x" ); /* skip the element */ |
| |
Debug( LDAP_DEBUG_ANY, "get_simple_vrFilter: unknown filter type=%lu\n", |
| |
vrf.vrf_choice, 0, 0 ); |
| |
vrf.vrf_choice = SLAPD_FILTER_COMPUTED; |
| |
vrf.vrf_result = SLAPD_COMPARE_UNDEFINED; |
| |
break; |
| |
} |
| |
|
| |
if ( err != LDAP_SUCCESS && err != SLAPD_DISCONNECT ) { |
| |
/* ignore error */ |
| |
vrf.vrf_choice = SLAPD_FILTER_COMPUTED; |
| |
vrf.vrf_result = SLAPD_COMPARE_UNDEFINED; |
| |
err = LDAP_SUCCESS; |
| |
} |
| |
|
| |
if ( err == LDAP_SUCCESS ) { |
| |
*filt = ch_malloc( sizeof vrf ); |
| |
**filt = vrf; |
| |
} |
| |
|
| |
Debug( LDAP_DEBUG_FILTER, "end get_simple_vrFilter %d\n", err, 0, 0 ); |
| |
|
| |
return err; |
| |
} |
| |
|
| |
int |
| |
get_vrFilter( Operation *op, BerElement *ber, |
| |
ValuesReturnFilter **vrf, |
| |
const char **text ) |
| |
{ |
| |
/* |
| |
* A ValuesReturnFilter looks like this: |
| |
* |
| |
* ValuesReturnFilter ::= SEQUENCE OF SimpleFilterItem |
| |
* SimpleFilterItem ::= CHOICE { |
| |
* equalityMatch [3] AttributeValueAssertion, |
| |
* substrings [4] SubstringFilter, |
| |
* greaterOrEqual [5] AttributeValueAssertion, |
| |
* lessOrEqual [6] AttributeValueAssertion, |
| |
* present [7] AttributeType, |
| |
* approxMatch [8] AttributeValueAssertion, |
| |
* extensibleMatch [9] SimpleMatchingAssertion -- LDAPv3 |
| |
* } |
| |
* |
| |
* SubstringFilter ::= SEQUENCE { |
| |
* type AttributeType, |
| |
* SEQUENCE OF CHOICE { |
| |
* initial [0] IA5String, |
| |
* any [1] IA5String, |
| |
* final [2] IA5String |
| |
* } |
| |
* } |
| |
* |
| |
* SimpleMatchingAssertion ::= SEQUENCE { -- LDAPv3 |
| |
* matchingRule [1] MatchingRuleId OPTIONAL, |
| |
* type [2] AttributeDescription OPTIONAL, |
| |
* matchValue [3] AssertionValue } |
| |
*/ |
| |
|
| |
ValuesReturnFilter **n; |
| |
ber_tag_t tag; |
| |
ber_len_t len; |
| |
char *last; |
| |
|
| |
Debug( LDAP_DEBUG_FILTER, "begin get_vrFilter\n", 0, 0, 0 ); |
| |
|
| |
tag = ber_peek_tag( ber, &len ); |
| |
|
| |
if( tag == LBER_ERROR ) { |
| |
*text = "error decoding vrFilter"; |
| |
return SLAPD_DISCONNECT; |
| |
} |
| |
|
| |
if( tag != LBER_SEQUENCE ) { |
| |
*text = "error decoding vrFilter, expect SEQUENCE tag"; |
| |
return SLAPD_DISCONNECT; |
| |
} |
| |
|
| |
n = vrf; |
| |
for ( tag = ber_first_element( ber, &len, &last ); |
| |
tag != LBER_DEFAULT; |
| |
tag = ber_next_element( ber, &len, last ) ) |
| |
{ |
| |
int err = get_simple_vrFilter( op, ber, n, text ); |
| |
|
| |
if ( err != LDAP_SUCCESS ) return( err ); |
| |
|
| |
n = &(*n)->vrf_next; |
| |
} |
| |
*n = NULL; |
| |
|
| |
Debug( LDAP_DEBUG_FILTER, "end get_vrFilter\n", 0, 0, 0 ); |
| |
return( LDAP_SUCCESS ); |
| |
} |
| |
|
| |
void |
| |
vrFilter_free( Operation *op, ValuesReturnFilter *vrf ) |
| |
{ |
| |
ValuesReturnFilter *p, *next; |
| |
|
| |
if ( vrf == NULL ) { |
| |
return; |
| |
} |
| |
|
| |
for ( p = vrf; p != NULL; p = next ) { |
| |
next = p->vrf_next; |
| |
|
| |
switch ( vrf->vrf_choice ) { |
| |
case LDAP_FILTER_PRESENT: |
| |
break; |
| |
|
| |
case LDAP_FILTER_EQUALITY: |
| |
case LDAP_FILTER_GE: |
| |
case LDAP_FILTER_LE: |
| |
case LDAP_FILTER_APPROX: |
| |
ava_free( op, vrf->vrf_ava, 1 ); |
| |
break; |
| |
|
| |
case LDAP_FILTER_SUBSTRINGS: |
| |
if ( vrf->vrf_sub_initial.bv_val != NULL ) { |
| |
op->o_tmpfree( vrf->vrf_sub_initial.bv_val, op->o_tmpmemctx ); |
| |
} |
| |
ber_bvarray_free_x( vrf->vrf_sub_any, op->o_tmpmemctx ); |
| |
if ( vrf->vrf_sub_final.bv_val != NULL ) { |
| |
op->o_tmpfree( vrf->vrf_sub_final.bv_val, op->o_tmpmemctx ); |
| |
} |
| |
op->o_tmpfree( vrf->vrf_sub, op->o_tmpmemctx ); |
| |
break; |
| |
|
| |
case LDAP_FILTER_EXT: |
| |
mra_free( op, vrf->vrf_mra, 1 ); |
| |
break; |
| |
|
| |
case SLAPD_FILTER_COMPUTED: |
| |
break; |
| |
|
| |
default: |
| |
Debug( LDAP_DEBUG_ANY, "filter_free: unknown filter type=%lu\n", |
| |
vrf->vrf_choice, 0, 0 ); |
| |
break; |
| |
} |
| |
|
| |
op->o_tmpfree( vrf, op->o_tmpmemctx ); |
| |
} |
| |
} |
| |
|
| |
void |
| |
vrFilter2bv( Operation *op, ValuesReturnFilter *vrf, struct berval *fstr ) |
| |
{ |
| |
ValuesReturnFilter *p; |
| |
struct berval tmp; |
| |
ber_len_t len; |
| |
|
| |
if ( vrf == NULL ) { |
| |
ber_str2bv_x( "No filter!", sizeof("No filter!")-1, |
| |
1, fstr, op->o_tmpmemctx ); |
| |
return; |
| |
} |
| |
|
| |
fstr->bv_len = sizeof("()") - 1; |
| |
fstr->bv_val = op->o_tmpalloc( fstr->bv_len + 128, op->o_tmpmemctx ); |
| |
|
| |
snprintf( fstr->bv_val, fstr->bv_len + 1, "()"); |
| |
|
| |
for ( p = vrf; p != NULL; p = p->vrf_next ) { |
| |
len = fstr->bv_len; |
| |
|
| |
simple_vrFilter2bv( op, p, &tmp ); |
| |
|
| |
fstr->bv_len += tmp.bv_len; |
| |
fstr->bv_val = op->o_tmprealloc( fstr->bv_val, fstr->bv_len + 1, |
| |
op->o_tmpmemctx ); |
| |
|
| |
snprintf( &fstr->bv_val[len-1], tmp.bv_len + 2, |
| |
/*"("*/ "%s)", tmp.bv_val ); |
| |
|
| |
op->o_tmpfree( tmp.bv_val, op->o_tmpmemctx ); |
| |
} |
| |
} |
| |
|
| |
static void |
| |
simple_vrFilter2bv( Operation *op, ValuesReturnFilter *vrf, struct berval *fstr ) |
| |
{ |
| |
struct berval tmp; |
| |
ber_len_t len; |
| |
|
| |
if ( vrf == NULL ) { |
| |
ber_str2bv_x( "No filter!", sizeof("No filter!")-1, 1, fstr, |
| |
op->o_tmpmemctx ); |
| |
return; |
| |
} |
| |
|
| |
switch ( vrf->vrf_choice ) { |
| |
case LDAP_FILTER_EQUALITY: |
| |
filter_escape_value_x( &vrf->vrf_av_value, &tmp, op->o_tmpmemctx ); |
| |
|
| |
fstr->bv_len = vrf->vrf_av_desc->ad_cname.bv_len + |
| |
tmp.bv_len + ( sizeof("(=)") - 1 ); |
| |
fstr->bv_val = op->o_tmpalloc( fstr->bv_len + 1, op->o_tmpmemctx ); |
| |
|
| |
snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s=%s)", |
| |
vrf->vrf_av_desc->ad_cname.bv_val, |
| |
tmp.bv_val ); |
| |
|
| |
ber_memfree_x( tmp.bv_val, op->o_tmpmemctx ); |
| |
break; |
| |
|
| |
case LDAP_FILTER_GE: |
| |
filter_escape_value_x( &vrf->vrf_av_value, &tmp, op->o_tmpmemctx ); |
| |
|
| |
fstr->bv_len = vrf->vrf_av_desc->ad_cname.bv_len + |
| |
tmp.bv_len + ( sizeof("(>=)") - 1 ); |
| |
fstr->bv_val = op->o_tmpalloc( fstr->bv_len + 1, op->o_tmpmemctx ); |
| |
|
| |
snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s>=%s)", |
| |
vrf->vrf_av_desc->ad_cname.bv_val, |
| |
tmp.bv_val ); |
| |
|
| |
ber_memfree_x( tmp.bv_val, op->o_tmpmemctx ); |
| |
break; |
| |
|
| |
case LDAP_FILTER_LE: |
| |
filter_escape_value_x( &vrf->vrf_av_value, &tmp, op->o_tmpmemctx ); |
| |
|
| |
fstr->bv_len = vrf->vrf_av_desc->ad_cname.bv_len + |
| |
tmp.bv_len + ( sizeof("(<=)") - 1 ); |
| |
fstr->bv_val = op->o_tmpalloc( fstr->bv_len + 1, op->o_tmpmemctx ); |
| |
|
| |
snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s<=%s)", |
| |
vrf->vrf_av_desc->ad_cname.bv_val, |
| |
tmp.bv_val ); |
| |
|
| |
ber_memfree_x( tmp.bv_val, op->o_tmpmemctx ); |
| |
break; |
| |
|
| |
case LDAP_FILTER_APPROX: |
| |
filter_escape_value_x( &vrf->vrf_av_value, &tmp, op->o_tmpmemctx ); |
| |
|
| |
fstr->bv_len = vrf->vrf_av_desc->ad_cname.bv_len + |
| |
tmp.bv_len + ( sizeof("(~=)") - 1 ); |
| |
fstr->bv_val = op->o_tmpalloc( fstr->bv_len + 1, op->o_tmpmemctx ); |
| |
|
| |
snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s~=%s)", |
| |
vrf->vrf_av_desc->ad_cname.bv_val, |
| |
tmp.bv_val ); |
| |
ber_memfree_x( tmp.bv_val, op->o_tmpmemctx ); |
| |
break; |
| |
|
| |
case LDAP_FILTER_SUBSTRINGS: |
| |
fstr->bv_len = vrf->vrf_sub_desc->ad_cname.bv_len + |
| |
( sizeof("(=*)") - 1 ); |
| |
fstr->bv_val = op->o_tmpalloc( fstr->bv_len + 128, op->o_tmpmemctx ); |
| |
|
| |
snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s=*)", |
| |
vrf->vrf_sub_desc->ad_cname.bv_val ); |
| |
|
| |
if ( vrf->vrf_sub_initial.bv_val != NULL ) { |
| |
len = fstr->bv_len; |
| |
|
| |
filter_escape_value_x( &vrf->vrf_sub_initial, &tmp, op->o_tmpmemctx ); |
| |
|
| |
fstr->bv_len += tmp.bv_len; |
| |
fstr->bv_val = op->o_tmprealloc( fstr->bv_val, fstr->bv_len + 1, |
| |
op->o_tmpmemctx ); |
| |
|
| |
snprintf( &fstr->bv_val[len-2], tmp.bv_len+3, |
| |
/* "(attr=" */ "%s*)", |
| |
tmp.bv_val ); |
| |
|
| |
ber_memfree_x( tmp.bv_val, op->o_tmpmemctx ); |
| |
} |
| |
|
| |
if ( vrf->vrf_sub_any != NULL ) { |
| |
int i; |
| |
for ( i = 0; vrf->vrf_sub_any[i].bv_val != NULL; i++ ) { |
| |
len = fstr->bv_len; |
| |
filter_escape_value_x( &vrf->vrf_sub_any[i], &tmp, |
| |
op->o_tmpmemctx ); |
| |
|
| |
fstr->bv_len += tmp.bv_len + 1; |
| |
fstr->bv_val = op->o_tmprealloc( fstr->bv_val, |
| |
fstr->bv_len + 1, op->o_tmpmemctx ); |
| |
|
| |
snprintf( &fstr->bv_val[len-1], tmp.bv_len+3, |
| |
/* "(attr=[init]*[any*]" */ "%s*)", |
| |
tmp.bv_val ); |
| |
ber_memfree_x( tmp.bv_val, op->o_tmpmemctx ); |
| |
} |
| |
} |
| |
|
| |
if ( vrf->vrf_sub_final.bv_val != NULL ) { |
| |
len = fstr->bv_len; |
| |
|
| |
filter_escape_value_x( &vrf->vrf_sub_final, &tmp, op->o_tmpmemctx ); |
| |
|
| |
fstr->bv_len += tmp.bv_len; |
| |
fstr->bv_val = op->o_tmprealloc( fstr->bv_val, fstr->bv_len + 1, |
| |
op->o_tmpmemctx ); |
| |
|
| |
snprintf( &fstr->bv_val[len-1], tmp.bv_len+3, |
| |
/* "(attr=[init*][any*]" */ "%s)", |
| |
tmp.bv_val ); |
| |
|
| |
ber_memfree_x( tmp.bv_val, op->o_tmpmemctx ); |
| |
} |
| |
|
| |
break; |
| |
|
| |
case LDAP_FILTER_PRESENT: |
| |
fstr->bv_len = vrf->vrf_desc->ad_cname.bv_len + |
| |
( sizeof("(=*)") - 1 ); |
| |
fstr->bv_val = op->o_tmpalloc( fstr->bv_len + 1, op->o_tmpmemctx ); |
| |
|
| |
snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s=*)", |
| |
vrf->vrf_desc->ad_cname.bv_val ); |
| |
break; |
| |
|
| |
case LDAP_FILTER_EXT: { |
| |
struct berval ad; |
| |
filter_escape_value_x( &vrf->vrf_mr_value, &tmp, op->o_tmpmemctx ); |
| |
|
| |
if ( vrf->vrf_mr_desc ) { |
| |
ad = vrf->vrf_mr_desc->ad_cname; |
| |
} else { |
| |
ad.bv_len = 0; |
| |
ad.bv_val = ""; |
| |
} |
| |
|
| |
fstr->bv_len = ad.bv_len + |
| |
( vrf->vrf_mr_dnattrs ? sizeof(":dn")-1 : 0 ) + |
| |
( vrf->vrf_mr_rule_text.bv_len |
| |
? vrf->vrf_mr_rule_text.bv_len+1 : 0 ) + |
| |
tmp.bv_len + ( sizeof("(:=)") - 1 ); |
| |
fstr->bv_val = op->o_tmpalloc( fstr->bv_len + 1, op->o_tmpmemctx ); |
| |
|
| |
snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s%s%s%s:=%s)", |
| |
ad.bv_val, |
| |
vrf->vrf_mr_dnattrs ? ":dn" : "", |
| |
vrf->vrf_mr_rule_text.bv_len ? ":" : "", |
| |
vrf->vrf_mr_rule_text.bv_len ? vrf->vrf_mr_rule_text.bv_val : "", |
| |
tmp.bv_val ); |
| |
|
| |
ber_memfree_x( tmp.bv_val, op->o_tmpmemctx ); |
| |
} break; |
| |
|
| |
case SLAPD_FILTER_COMPUTED: |
| |
ber_str2bv_x( |
| |
vrf->vrf_result == LDAP_COMPARE_FALSE ? "(?=false)" : |
| |
vrf->vrf_result == LDAP_COMPARE_TRUE ? "(?=true)" : |
| |
vrf->vrf_result == SLAPD_COMPARE_UNDEFINED |
| |
? "(?=undefined)" : "(?=error)", |
| |
vrf->vrf_result == LDAP_COMPARE_FALSE ? sizeof("(?=false)")-1 : |
| |
vrf->vrf_result == LDAP_COMPARE_TRUE ? sizeof("(?=true)")-1 : |
| |
vrf->vrf_result == SLAPD_COMPARE_UNDEFINED |
| |
? sizeof("(?=undefined)")-1 : sizeof("(?=error)")-1, |
| |
1, fstr, op->o_tmpmemctx ); |
| |
break; |
| |
|
| |
default: |
| |
ber_str2bv_x( "(?=unknown)", sizeof("(?=unknown)")-1, |
| |
1, fstr, op->o_tmpmemctx ); |
| |
break; |
| |
} |
| |
} |
![[BACK]](/cvsweb/icons/back.gif){kind=icon}
Return to filter.c CVS log ![[TXT]](/cvsweb/icons/text.gif){kind=icon}
![[DIR]](/cvsweb/icons/dir.gif){kind=icon}
Up to [OpenLDAP] / servers / slapd