mirror of
https://git.openldap.org/openldap/openldap.git
synced 2025-01-24 13:24:56 +08:00
945 lines
18 KiB
C
945 lines
18 KiB
C
/* $OpenLDAP$ */
|
|
/*
|
|
* Copyright 1998-2000 The OpenLDAP Foundation, All Rights Reserved.
|
|
* COPYING RESTRICTIONS APPLY, see COPYRIGHT file
|
|
*/
|
|
/* Portions
|
|
* Copyright (c) 1990 Regents of the University of Michigan.
|
|
* All rights reserved.
|
|
*
|
|
* search.c
|
|
*/
|
|
|
|
#include "portable.h"
|
|
|
|
#include <stdio.h>
|
|
|
|
#include <ac/stdlib.h>
|
|
|
|
#include <ac/socket.h>
|
|
#include <ac/string.h>
|
|
#include <ac/time.h>
|
|
|
|
#include "ldap-int.h"
|
|
|
|
static int ldap_is_attr_oid LDAP_P((
|
|
const char *attr ));
|
|
|
|
static int ldap_is_attr_desc LDAP_P((
|
|
const char *attr ));
|
|
|
|
static int hex2value LDAP_P((
|
|
int c ));
|
|
|
|
static char *find_right_paren LDAP_P((
|
|
char *s ));
|
|
|
|
static char *put_complex_filter LDAP_P((
|
|
BerElement *ber,
|
|
char *str,
|
|
ber_tag_t tag,
|
|
int not ));
|
|
|
|
static int put_filter LDAP_P((
|
|
BerElement *ber,
|
|
char *str ));
|
|
|
|
static int put_simple_filter LDAP_P((
|
|
BerElement *ber,
|
|
char *str ));
|
|
|
|
static int put_substring_filter LDAP_P((
|
|
BerElement *ber,
|
|
char *type,
|
|
char *str ));
|
|
|
|
static int put_filter_list LDAP_P((
|
|
BerElement *ber,
|
|
char *str ));
|
|
|
|
/*
|
|
* ldap_search_ext - initiate an ldap search operation.
|
|
*
|
|
* Parameters:
|
|
*
|
|
* ld LDAP descriptor
|
|
* base DN of the base object
|
|
* scope the search scope - one of LDAP_SCOPE_BASE,
|
|
* LDAP_SCOPE_ONELEVEL, LDAP_SCOPE_SUBTREE
|
|
* filter a string containing the search filter
|
|
* (e.g., "(|(cn=bob)(sn=bob))")
|
|
* attrs list of attribute types to return for matches
|
|
* attrsonly 1 => attributes only 0 => attributes and values
|
|
*
|
|
* Example:
|
|
* char *attrs[] = { "mail", "title", 0 };
|
|
* ldap_search_ext( ld, "c=us,o=UM", LDAP_SCOPE_SUBTREE, "cn~=bob",
|
|
* attrs, attrsonly, sctrls, ctrls, timeout, sizelimit,
|
|
* &msgid );
|
|
*/
|
|
int
|
|
ldap_search_ext(
|
|
LDAP *ld,
|
|
LDAP_CONST char *base,
|
|
int scope,
|
|
LDAP_CONST char *filter,
|
|
char **attrs,
|
|
int attrsonly,
|
|
LDAPControl **sctrls,
|
|
LDAPControl **cctrls,
|
|
struct timeval *timeout,
|
|
int sizelimit,
|
|
int *msgidp )
|
|
{
|
|
BerElement *ber;
|
|
int timelimit;
|
|
|
|
Debug( LDAP_DEBUG_TRACE, "ldap_search_ext\n", 0, 0, 0 );
|
|
|
|
/*
|
|
* if timeout is provided, both tv_sec and tv_usec must
|
|
* be non-zero
|
|
*/
|
|
if( timeout != NULL ) {
|
|
if( timeout->tv_sec == 0 && timeout->tv_usec == 0 ) {
|
|
return LDAP_PARAM_ERROR;
|
|
}
|
|
|
|
/* timelimit must be non-zero if timeout is provided */
|
|
timelimit = timeout->tv_sec != 0 ? timeout->tv_sec : 1;
|
|
|
|
} else {
|
|
/* no timeout, no timelimit */
|
|
timelimit = -1;
|
|
}
|
|
|
|
ber = ldap_build_search_req( ld, base, scope, filter, attrs,
|
|
attrsonly, sctrls, cctrls, timelimit, sizelimit );
|
|
|
|
if ( ber == NULL ) {
|
|
return ld->ld_errno;
|
|
}
|
|
|
|
#ifndef LDAP_NOCACHE
|
|
if ( ld->ld_cache != NULL ) {
|
|
if ( ldap_check_cache( ld, LDAP_REQ_SEARCH, ber ) == 0 ) {
|
|
ber_free( ber, 1 );
|
|
ld->ld_errno = LDAP_SUCCESS;
|
|
*msgidp = ld->ld_msgid;
|
|
return ld->ld_errno;
|
|
}
|
|
ldap_add_request_to_cache( ld, LDAP_REQ_SEARCH, ber );
|
|
}
|
|
#endif /* LDAP_NOCACHE */
|
|
|
|
/* send the message */
|
|
*msgidp = ldap_send_initial_request( ld, LDAP_REQ_SEARCH, base, ber );
|
|
|
|
if( *msgidp < 0 )
|
|
return ld->ld_errno;
|
|
|
|
return LDAP_SUCCESS;
|
|
}
|
|
|
|
int
|
|
ldap_search_ext_s(
|
|
LDAP *ld,
|
|
LDAP_CONST char *base,
|
|
int scope,
|
|
LDAP_CONST char *filter,
|
|
char **attrs,
|
|
int attrsonly,
|
|
LDAPControl **sctrls,
|
|
LDAPControl **cctrls,
|
|
struct timeval *timeout,
|
|
int sizelimit,
|
|
LDAPMessage **res )
|
|
{
|
|
int rc;
|
|
int msgid;
|
|
|
|
rc = ldap_search_ext( ld, base, scope, filter, attrs, attrsonly,
|
|
sctrls, cctrls, timeout, sizelimit, &msgid );
|
|
|
|
if ( rc != LDAP_SUCCESS ) {
|
|
return( rc );
|
|
}
|
|
|
|
rc = ldap_result( ld, msgid, 1, timeout, res );
|
|
|
|
if( rc <= 0 ) {
|
|
/* error(-1) or timeout(0) */
|
|
return( ld->ld_errno );
|
|
}
|
|
|
|
if( rc == LDAP_RES_SEARCH_REFERENCE || rc == LDAP_RES_EXTENDED_PARTIAL ) {
|
|
return( ld->ld_errno );
|
|
}
|
|
|
|
return( ldap_result2error( ld, *res, 0 ) );
|
|
}
|
|
|
|
/*
|
|
* ldap_search - initiate an ldap search operation.
|
|
*
|
|
* Parameters:
|
|
*
|
|
* ld LDAP descriptor
|
|
* base DN of the base object
|
|
* scope the search scope - one of LDAP_SCOPE_BASE,
|
|
* LDAP_SCOPE_ONELEVEL, LDAP_SCOPE_SUBTREE
|
|
* filter a string containing the search filter
|
|
* (e.g., "(|(cn=bob)(sn=bob))")
|
|
* attrs list of attribute types to return for matches
|
|
* attrsonly 1 => attributes only 0 => attributes and values
|
|
*
|
|
* Example:
|
|
* char *attrs[] = { "mail", "title", 0 };
|
|
* msgid = ldap_search( ld, "c=us@o=UM", LDAP_SCOPE_SUBTREE, "cn~=bob",
|
|
* attrs, attrsonly );
|
|
*/
|
|
int
|
|
ldap_search(
|
|
LDAP *ld, LDAP_CONST char *base, int scope, LDAP_CONST char *filter,
|
|
char **attrs, int attrsonly )
|
|
{
|
|
BerElement *ber;
|
|
|
|
Debug( LDAP_DEBUG_TRACE, "ldap_search\n", 0, 0, 0 );
|
|
|
|
ber = ldap_build_search_req( ld, base, scope, filter, attrs,
|
|
attrsonly, NULL, NULL, -1, -1 );
|
|
|
|
if ( ber == NULL ) {
|
|
return( -1 );
|
|
}
|
|
|
|
#ifndef LDAP_NOCACHE
|
|
if ( ld->ld_cache != NULL ) {
|
|
if ( ldap_check_cache( ld, LDAP_REQ_SEARCH, ber ) == 0 ) {
|
|
ber_free( ber, 1 );
|
|
ld->ld_errno = LDAP_SUCCESS;
|
|
return( ld->ld_msgid );
|
|
}
|
|
ldap_add_request_to_cache( ld, LDAP_REQ_SEARCH, ber );
|
|
}
|
|
#endif /* LDAP_NOCACHE */
|
|
|
|
/* send the message */
|
|
return ( ldap_send_initial_request( ld, LDAP_REQ_SEARCH, base, ber ));
|
|
}
|
|
|
|
|
|
BerElement *
|
|
ldap_build_search_req(
|
|
LDAP *ld,
|
|
LDAP_CONST char *base,
|
|
ber_int_t scope,
|
|
LDAP_CONST char *filter_in,
|
|
char **attrs,
|
|
ber_int_t attrsonly,
|
|
LDAPControl **sctrls,
|
|
LDAPControl **cctrls,
|
|
ber_int_t timelimit,
|
|
ber_int_t sizelimit )
|
|
{
|
|
BerElement *ber;
|
|
int err;
|
|
char *filter;
|
|
|
|
/*
|
|
* Create the search request. It looks like this:
|
|
* SearchRequest := [APPLICATION 3] SEQUENCE {
|
|
* baseObject DistinguishedName,
|
|
* scope ENUMERATED {
|
|
* baseObject (0),
|
|
* singleLevel (1),
|
|
* wholeSubtree (2)
|
|
* },
|
|
* derefAliases ENUMERATED {
|
|
* neverDerefaliases (0),
|
|
* derefInSearching (1),
|
|
* derefFindingBaseObj (2),
|
|
* alwaysDerefAliases (3)
|
|
* },
|
|
* sizelimit INTEGER (0 .. 65535),
|
|
* timelimit INTEGER (0 .. 65535),
|
|
* attrsOnly BOOLEAN,
|
|
* filter Filter,
|
|
* attributes SEQUENCE OF AttributeType
|
|
* }
|
|
* wrapped in an ldap message.
|
|
*/
|
|
|
|
/* create a message to send */
|
|
if ( (ber = ldap_alloc_ber_with_options( ld )) == NULL ) {
|
|
return( NULL );
|
|
}
|
|
|
|
if ( base == NULL ) {
|
|
/* no base provided, use session default base */
|
|
base = ld->ld_options.ldo_defbase;
|
|
|
|
if ( base == NULL ) {
|
|
/* no session default base, use top */
|
|
base = "";
|
|
}
|
|
}
|
|
|
|
err = ber_printf( ber, "{it{seeiib", ++ld->ld_msgid,
|
|
LDAP_REQ_SEARCH, base, (ber_int_t) scope, ld->ld_deref,
|
|
(sizelimit < 0) ? ld->ld_sizelimit : sizelimit,
|
|
(timelimit < 0) ? ld->ld_timelimit : timelimit,
|
|
attrsonly );
|
|
|
|
if ( err == -1 ) {
|
|
ld->ld_errno = LDAP_ENCODING_ERROR;
|
|
ber_free( ber, 1 );
|
|
return( NULL );
|
|
}
|
|
|
|
if( filter_in != NULL ) {
|
|
filter = LDAP_STRDUP( filter_in );
|
|
} else {
|
|
filter = LDAP_STRDUP( "(objectclass=*)" );
|
|
}
|
|
err = put_filter( ber, filter );
|
|
LDAP_FREE( filter );
|
|
|
|
if ( err == -1 ) {
|
|
ld->ld_errno = LDAP_FILTER_ERROR;
|
|
ber_free( ber, 1 );
|
|
return( NULL );
|
|
}
|
|
|
|
if ( ber_printf( ber, /*{*/ "{v}N}", attrs ) == -1 ) {
|
|
ld->ld_errno = LDAP_ENCODING_ERROR;
|
|
ber_free( ber, 1 );
|
|
return( NULL );
|
|
}
|
|
|
|
/* Put Server Controls */
|
|
if( ldap_int_put_controls( ld, sctrls, ber ) != LDAP_SUCCESS ) {
|
|
ber_free( ber, 1 );
|
|
return( NULL );
|
|
}
|
|
|
|
if ( ber_printf( ber, /*{*/ "N}" ) == -1 ) {
|
|
ld->ld_errno = LDAP_ENCODING_ERROR;
|
|
ber_free( ber, 1 );
|
|
return( NULL );
|
|
}
|
|
|
|
return( ber );
|
|
}
|
|
|
|
static int ldap_is_attr_oid ( const char *attr )
|
|
{
|
|
int i, c, digit=0;
|
|
|
|
for( i = 0; (c = attr[i]) != 0; i++ ) {
|
|
if( c >= '0' && c <= '9' ) {
|
|
digit=1;
|
|
|
|
} else if ( c != '.' ) {
|
|
/* not digit nor '.' */
|
|
return 0;
|
|
|
|
} else if ( !digit ) {
|
|
/* '.' but prev not digit */
|
|
return 0;
|
|
|
|
} else {
|
|
/* '.' */
|
|
digit = 0;
|
|
}
|
|
}
|
|
|
|
return digit;
|
|
}
|
|
|
|
static int ldap_is_attr_desc ( const char *attr )
|
|
{
|
|
/* cheap attribute description check */
|
|
int i, c;
|
|
|
|
for( i = 0; (c = attr[i]) != 0; i++ ) {
|
|
if (( c >= '0' && c <= '9' )
|
|
|| ( c >= 'A' && c <= 'Z' )
|
|
|| ( c >= 'a' && c <= 'z' )
|
|
|| ( c == '.' || c == '-' )
|
|
|| ( c == ';' )) continue;
|
|
|
|
return 0;
|
|
}
|
|
|
|
return i > 0;
|
|
}
|
|
|
|
static char *
|
|
find_right_paren( char *s )
|
|
{
|
|
int balance, escape;
|
|
|
|
balance = 1;
|
|
escape = 0;
|
|
while ( *s && balance ) {
|
|
if ( escape == 0 ) {
|
|
if ( *s == '(' )
|
|
balance++;
|
|
else if ( *s == ')' )
|
|
balance--;
|
|
}
|
|
if ( *s == '\\' && ! escape )
|
|
escape = 1;
|
|
else
|
|
escape = 0;
|
|
if ( balance )
|
|
s++;
|
|
}
|
|
|
|
return( *s ? s : NULL );
|
|
}
|
|
|
|
static int hex2value( int c )
|
|
{
|
|
if( c >= '0' && c <= '9' ) {
|
|
return c - '0';
|
|
}
|
|
|
|
if( c >= 'A' && c <= 'F' ) {
|
|
return c + (10 - (int) 'A');
|
|
}
|
|
|
|
if( c >= 'a' && c <= 'f' ) {
|
|
return c + (10 - (int) 'a');
|
|
}
|
|
|
|
return -1;
|
|
}
|
|
|
|
char *
|
|
ldap_pvt_find_wildcard( const char *s )
|
|
{
|
|
for( ; *s != '\0' ; s++ ) {
|
|
switch( *s ) {
|
|
case '*': /* found wildcard */
|
|
return (char *) s;
|
|
|
|
case '\\':
|
|
s++; /* skip over escape */
|
|
if ( *s == '\0' )
|
|
return NULL; /* escape at end of string */
|
|
}
|
|
}
|
|
|
|
return NULL;
|
|
}
|
|
|
|
/* unescape filter value */
|
|
/* support both LDAP v2 and v3 escapes */
|
|
/* output can include nul characters */
|
|
ber_slen_t
|
|
ldap_pvt_filter_value_unescape( char *fval )
|
|
{
|
|
ber_slen_t r, v;
|
|
int v1, v2;
|
|
|
|
for( r=v=0; fval[v] != '\0'; v++ ) {
|
|
switch( fval[v] ) {
|
|
case '\\':
|
|
/* escape */
|
|
v++;
|
|
|
|
if ( fval[v] == '\0' ) {
|
|
/* escape at end of string */
|
|
return -1;
|
|
|
|
}
|
|
|
|
if (( v1 = hex2value( fval[v] )) >= 0 ) {
|
|
/* LDAPv3 escape */
|
|
|
|
if (( v2 = hex2value( fval[v+1] )) < 0 ) {
|
|
/* must be two digit code */
|
|
return -1;
|
|
}
|
|
|
|
fval[r++] = v1 * 16 + v2;
|
|
v++;
|
|
|
|
} else {
|
|
/* LDAPv2 escape */
|
|
fval[r++] = fval[v];
|
|
}
|
|
|
|
break;
|
|
|
|
default:
|
|
fval[r++] = fval[v];
|
|
}
|
|
}
|
|
|
|
fval[r] = '\0';
|
|
return r;
|
|
}
|
|
|
|
static char *
|
|
put_complex_filter( BerElement *ber, char *str, ber_tag_t tag, int not )
|
|
{
|
|
char *next;
|
|
|
|
/*
|
|
* We have (x(filter)...) with str sitting on
|
|
* the x. We have to find the paren matching
|
|
* the one before the x and put the intervening
|
|
* filters by calling put_filter_list().
|
|
*/
|
|
|
|
/* put explicit tag */
|
|
if ( ber_printf( ber, "t{" /*}*/, tag ) == -1 )
|
|
return( NULL );
|
|
|
|
str++;
|
|
if ( (next = find_right_paren( str )) == NULL )
|
|
return( NULL );
|
|
|
|
*next = '\0';
|
|
if ( put_filter_list( ber, str ) == -1 )
|
|
return( NULL );
|
|
*next++ = ')';
|
|
|
|
/* flush explicit tagged thang */
|
|
if ( ber_printf( ber, /*{*/ "N}" ) == -1 )
|
|
return( NULL );
|
|
|
|
return( next );
|
|
}
|
|
|
|
static int
|
|
put_filter( BerElement *ber, char *str )
|
|
{
|
|
char *next;
|
|
int parens, balance, escape;
|
|
|
|
/*
|
|
* A Filter looks like this:
|
|
* Filter ::= CHOICE {
|
|
* and [0] SET OF Filter,
|
|
* or [1] SET OF Filter,
|
|
* not [2] Filter,
|
|
* equalityMatch [3] AttributeValueAssertion,
|
|
* substrings [4] SubstringFilter,
|
|
* greaterOrEqual [5] AttributeValueAssertion,
|
|
* lessOrEqual [6] AttributeValueAssertion,
|
|
* present [7] AttributeType,
|
|
* approxMatch [8] AttributeValueAssertion,
|
|
* extensibleMatch [9] MatchingRuleAssertion -- LDAPv3
|
|
* }
|
|
*
|
|
* SubstringFilter ::= SEQUENCE {
|
|
* type AttributeType,
|
|
* SEQUENCE OF CHOICE {
|
|
* initial [0] IA5String,
|
|
* any [1] IA5String,
|
|
* final [2] IA5String
|
|
* }
|
|
* }
|
|
*
|
|
* MatchingRuleAssertion ::= SEQUENCE { -- LDAPv3
|
|
* matchingRule [1] MatchingRuleId OPTIONAL,
|
|
* type [2] AttributeDescription OPTIONAL,
|
|
* matchValue [3] AssertionValue,
|
|
* dnAttributes [4] BOOLEAN DEFAULT FALSE }
|
|
*
|
|
* Note: tags in a choice are always explicit
|
|
*/
|
|
|
|
Debug( LDAP_DEBUG_TRACE, "put_filter \"%s\"\n", str, 0, 0 );
|
|
|
|
parens = 0;
|
|
while ( *str ) {
|
|
switch ( *str ) {
|
|
case '(':
|
|
str++;
|
|
parens++;
|
|
|
|
/* skip spaces */
|
|
while( LDAP_SPACE( *str ) ) str++;
|
|
|
|
switch ( *str ) {
|
|
case '&':
|
|
Debug( LDAP_DEBUG_TRACE, "put_filter: AND\n",
|
|
0, 0, 0 );
|
|
|
|
if ( (str = put_complex_filter( ber, str,
|
|
LDAP_FILTER_AND, 0 )) == NULL )
|
|
return( -1 );
|
|
|
|
parens--;
|
|
break;
|
|
|
|
case '|':
|
|
Debug( LDAP_DEBUG_TRACE, "put_filter: OR\n",
|
|
0, 0, 0 );
|
|
|
|
if ( (str = put_complex_filter( ber, str,
|
|
LDAP_FILTER_OR, 0 )) == NULL )
|
|
return( -1 );
|
|
|
|
parens--;
|
|
break;
|
|
|
|
case '!':
|
|
Debug( LDAP_DEBUG_TRACE, "put_filter: NOT\n",
|
|
0, 0, 0 );
|
|
|
|
if ( (str = put_complex_filter( ber, str,
|
|
LDAP_FILTER_NOT, 1 )) == NULL )
|
|
return( -1 );
|
|
|
|
parens--;
|
|
break;
|
|
|
|
default:
|
|
Debug( LDAP_DEBUG_TRACE, "put_filter: simple\n",
|
|
0, 0, 0 );
|
|
|
|
balance = 1;
|
|
escape = 0;
|
|
next = str;
|
|
while ( *next && balance ) {
|
|
if ( escape == 0 ) {
|
|
if ( *next == '(' )
|
|
balance++;
|
|
else if ( *next == ')' )
|
|
balance--;
|
|
}
|
|
if ( *next == '\\' && ! escape )
|
|
escape = 1;
|
|
else
|
|
escape = 0;
|
|
if ( balance )
|
|
next++;
|
|
}
|
|
if ( balance != 0 )
|
|
return( -1 );
|
|
|
|
*next = '\0';
|
|
if ( put_simple_filter( ber, str ) == -1 ) {
|
|
return( -1 );
|
|
}
|
|
*next++ = ')';
|
|
str = next;
|
|
parens--;
|
|
break;
|
|
}
|
|
break;
|
|
|
|
case ')':
|
|
Debug( LDAP_DEBUG_TRACE, "put_filter: end\n", 0, 0,
|
|
0 );
|
|
if ( ber_printf( ber, /*[*/ "]" ) == -1 )
|
|
return( -1 );
|
|
str++;
|
|
parens--;
|
|
break;
|
|
|
|
case ' ':
|
|
str++;
|
|
break;
|
|
|
|
default: /* assume it's a simple type=value filter */
|
|
Debug( LDAP_DEBUG_TRACE, "put_filter: default\n", 0, 0,
|
|
0 );
|
|
next = strchr( str, '\0' );
|
|
if ( put_simple_filter( ber, str ) == -1 ) {
|
|
return( -1 );
|
|
}
|
|
str = next;
|
|
break;
|
|
}
|
|
}
|
|
|
|
return( parens ? -1 : 0 );
|
|
}
|
|
|
|
/*
|
|
* Put a list of filters like this "(filter1)(filter2)..."
|
|
*/
|
|
|
|
static int
|
|
put_filter_list( BerElement *ber, char *str )
|
|
{
|
|
char *next;
|
|
char save;
|
|
|
|
Debug( LDAP_DEBUG_TRACE, "put_filter_list \"%s\"\n", str, 0, 0 );
|
|
|
|
while ( *str ) {
|
|
while ( *str && LDAP_SPACE( (unsigned char) *str ) )
|
|
str++;
|
|
if ( *str == '\0' )
|
|
break;
|
|
|
|
if ( (next = find_right_paren( str + 1 )) == NULL )
|
|
return( -1 );
|
|
save = *++next;
|
|
|
|
/* now we have "(filter)" with str pointing to it */
|
|
*next = '\0';
|
|
if ( put_filter( ber, str ) == -1 )
|
|
return( -1 );
|
|
*next = save;
|
|
|
|
str = next;
|
|
}
|
|
|
|
return( 0 );
|
|
}
|
|
|
|
static int
|
|
put_simple_filter(
|
|
BerElement *ber,
|
|
char *str )
|
|
{
|
|
char *s;
|
|
char *value;
|
|
ber_tag_t ftype;
|
|
int rc = -1;
|
|
|
|
Debug( LDAP_DEBUG_TRACE, "put_simple_filter \"%s\"\n", str, 0, 0 );
|
|
|
|
str = LDAP_STRDUP( str );
|
|
if( str == NULL ) return -1;
|
|
|
|
if ( (s = strchr( str, '=' )) == NULL ) {
|
|
goto done;
|
|
}
|
|
|
|
value = s + 1;
|
|
*s-- = '\0';
|
|
|
|
switch ( *s ) {
|
|
case '<':
|
|
ftype = LDAP_FILTER_LE;
|
|
*s = '\0';
|
|
if(! ldap_is_attr_desc( str ) ) goto done;
|
|
break;
|
|
|
|
case '>':
|
|
ftype = LDAP_FILTER_GE;
|
|
*s = '\0';
|
|
if(! ldap_is_attr_desc( str ) ) goto done;
|
|
break;
|
|
|
|
case '~':
|
|
ftype = LDAP_FILTER_APPROX;
|
|
*s = '\0';
|
|
if(! ldap_is_attr_desc( str ) ) goto done;
|
|
break;
|
|
|
|
case ':':
|
|
/* RFC2254 extensible filters are off the form:
|
|
* type [:dn] [:rule] := value
|
|
* or [:dn]:rule := value
|
|
*/
|
|
ftype = LDAP_FILTER_EXT;
|
|
*s = '\0';
|
|
|
|
{
|
|
char *dn = strchr( str, ':' );
|
|
char *rule = NULL;
|
|
|
|
if( dn == NULL ) {
|
|
if(! ldap_is_attr_desc( str ) ) goto done;
|
|
break;
|
|
}
|
|
|
|
*dn++ = '\0';
|
|
rule = strchr( dn, ':' );
|
|
|
|
if( rule == NULL ) {
|
|
/* one colon */
|
|
if ( strcmp(dn, "dn") == 0 ) {
|
|
/* must have attribute */
|
|
if( !ldap_is_attr_desc( str ) ) {
|
|
goto done;
|
|
}
|
|
|
|
rule = "";
|
|
|
|
} else {
|
|
rule = dn;
|
|
dn = NULL;
|
|
}
|
|
|
|
} else {
|
|
/* two colons */
|
|
*rule++ = '\0';
|
|
|
|
if ( strcmp(dn, "dn") != 0 ) {
|
|
/* must have "dn" */
|
|
goto done;
|
|
}
|
|
}
|
|
|
|
if ( *str == '\0' && *rule == '\0' ) {
|
|
/* must have either type or rule */
|
|
goto done;
|
|
}
|
|
|
|
if ( *str != '\0' && !ldap_is_attr_desc( str ) ) {
|
|
goto done;
|
|
}
|
|
|
|
if ( *rule != '\0' && !ldap_is_attr_oid( rule ) ) {
|
|
goto done;
|
|
}
|
|
|
|
rc = ber_printf( ber, "t{" /*}*/, ftype );
|
|
|
|
if( rc != -1 && *rule != '\0' ) {
|
|
rc = ber_printf( ber, "ts", LDAP_FILTER_EXT_OID, rule );
|
|
}
|
|
if( rc != -1 && *str != '\0' ) {
|
|
rc = ber_printf( ber, "ts", LDAP_FILTER_EXT_TYPE, str );
|
|
}
|
|
|
|
if( rc != -1 ) {
|
|
ber_slen_t len = ldap_pvt_filter_value_unescape( value );
|
|
|
|
if( len >= 0 ) {
|
|
rc = ber_printf( ber, "totbN}",
|
|
LDAP_FILTER_EXT_VALUE, value, len,
|
|
LDAP_FILTER_EXT_DNATTRS, dn != NULL);
|
|
} else {
|
|
rc = -1;
|
|
}
|
|
}
|
|
}
|
|
break;
|
|
|
|
default:
|
|
if ( ldap_pvt_find_wildcard( value ) == NULL ) {
|
|
ftype = LDAP_FILTER_EQUALITY;
|
|
} else if ( strcmp( value, "*" ) == 0 ) {
|
|
ftype = LDAP_FILTER_PRESENT;
|
|
} else {
|
|
rc = put_substring_filter( ber, str, value );
|
|
goto done;
|
|
}
|
|
break;
|
|
}
|
|
|
|
if ( ftype == LDAP_FILTER_PRESENT ) {
|
|
rc = ber_printf( ber, "ts", ftype, str );
|
|
|
|
} else {
|
|
ber_slen_t len = ldap_pvt_filter_value_unescape( value );
|
|
|
|
if( len >= 0 ) {
|
|
rc = ber_printf( ber, "t{soN}",
|
|
ftype, str, value, len );
|
|
}
|
|
}
|
|
|
|
if( rc != -1 ) rc = 0;
|
|
|
|
done:
|
|
LDAP_FREE( str );
|
|
return rc;
|
|
}
|
|
|
|
static int
|
|
put_substring_filter( BerElement *ber, char *type, char *val )
|
|
{
|
|
char *nextstar, gotstar = 0;
|
|
ber_tag_t ftype = LDAP_FILTER_SUBSTRINGS;
|
|
|
|
Debug( LDAP_DEBUG_TRACE, "put_substring_filter \"%s=%s\"\n", type,
|
|
val, 0 );
|
|
|
|
if ( ber_printf( ber, "t{s{", ftype, type ) == -1 )
|
|
return( -1 );
|
|
|
|
for( ; val != NULL; val=nextstar ) {
|
|
if ( (nextstar = ldap_pvt_find_wildcard( val )) != NULL )
|
|
*nextstar++ = '\0';
|
|
|
|
if ( gotstar == 0 ) {
|
|
ftype = LDAP_SUBSTRING_INITIAL;
|
|
} else if ( nextstar == NULL ) {
|
|
ftype = LDAP_SUBSTRING_FINAL;
|
|
} else {
|
|
ftype = LDAP_SUBSTRING_ANY;
|
|
}
|
|
|
|
if ( *val != '\0' ) {
|
|
ber_slen_t len = ldap_pvt_filter_value_unescape( val );
|
|
|
|
if ( len < 0 ) {
|
|
return -1;
|
|
}
|
|
|
|
if ( ber_printf( ber, "to", ftype, val, len ) == -1 ) {
|
|
return( -1 );
|
|
}
|
|
}
|
|
|
|
gotstar = 1;
|
|
}
|
|
|
|
if ( ber_printf( ber, /* {{ */ "N}N}" ) == -1 )
|
|
return( -1 );
|
|
|
|
return( 0 );
|
|
}
|
|
|
|
int
|
|
ldap_search_st(
|
|
LDAP *ld, LDAP_CONST char *base, int scope,
|
|
LDAP_CONST char *filter, char **attrs,
|
|
int attrsonly, struct timeval *timeout, LDAPMessage **res )
|
|
{
|
|
int msgid;
|
|
|
|
if ( (msgid = ldap_search( ld, base, scope, filter, attrs, attrsonly ))
|
|
== -1 )
|
|
return( ld->ld_errno );
|
|
|
|
if ( ldap_result( ld, msgid, 1, timeout, res ) == -1 )
|
|
return( ld->ld_errno );
|
|
|
|
if ( ld->ld_errno == LDAP_TIMEOUT ) {
|
|
(void) ldap_abandon( ld, msgid );
|
|
ld->ld_errno = LDAP_TIMEOUT;
|
|
return( ld->ld_errno );
|
|
}
|
|
|
|
return( ldap_result2error( ld, *res, 0 ) );
|
|
}
|
|
|
|
int
|
|
ldap_search_s(
|
|
LDAP *ld,
|
|
LDAP_CONST char *base,
|
|
int scope,
|
|
LDAP_CONST char *filter,
|
|
char **attrs,
|
|
int attrsonly,
|
|
LDAPMessage **res )
|
|
{
|
|
int msgid;
|
|
|
|
if ( (msgid = ldap_search( ld, base, scope, filter, attrs, attrsonly ))
|
|
== -1 )
|
|
return( ld->ld_errno );
|
|
|
|
if ( ldap_result( ld, msgid, 1, (struct timeval *) NULL, res ) == -1 )
|
|
return( ld->ld_errno );
|
|
|
|
return( ldap_result2error( ld, *res, 0 ) );
|
|
}
|
|
|