mirror of
https://git.openldap.org/openldap/openldap.git
synced 2025-01-24 13:24:56 +08:00
522 lines
11 KiB
C
522 lines
11 KiB
C
/* $OpenLDAP$ */
|
|
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
|
|
*
|
|
* Copyright 2000-2005 The OpenLDAP Foundation.
|
|
* All rights reserved.
|
|
*
|
|
* Redistribution and use in source and binary forms, with or without
|
|
* modification, are permitted only as authorized by the OpenLDAP
|
|
* Public License.
|
|
*
|
|
* A copy of this license is available in the file LICENSE in the
|
|
* top-level directory of the distribution or, alternatively, at
|
|
* <http://www.OpenLDAP.org/license.html>.
|
|
*/
|
|
|
|
#include "portable.h"
|
|
|
|
#include <stdio.h>
|
|
#include <ac/string.h>
|
|
|
|
#include "slap.h"
|
|
#include "sets.h"
|
|
|
|
static BerVarray set_chase( SLAP_SET_GATHER gatherer,
|
|
SetCookie *cookie, BerVarray set, AttributeDescription *desc, int closure );
|
|
|
|
static long
|
|
slap_set_size( BerVarray set )
|
|
{
|
|
long i;
|
|
|
|
i = 0;
|
|
if ( set != NULL ) {
|
|
while ( !BER_BVISNULL( &set[ i ] ) ) {
|
|
i++;
|
|
}
|
|
}
|
|
return i;
|
|
}
|
|
|
|
static int
|
|
slap_set_isempty( BerVarray set )
|
|
{
|
|
if ( set == NULL ) {
|
|
return 1;
|
|
}
|
|
|
|
if ( !BER_BVISNULL( &set[ 0 ] ) ) {
|
|
return 0;
|
|
}
|
|
|
|
return 1;
|
|
}
|
|
|
|
static void
|
|
slap_set_dispose( SetCookie *cp, BerVarray set, unsigned flags )
|
|
{
|
|
if ( flags & SLAP_SET_REFVAL ) {
|
|
if ( ! ( flags & SLAP_SET_REFARR ) ) {
|
|
cp->op->o_tmpfree( set, cp->op->o_tmpmemctx );
|
|
}
|
|
|
|
} else {
|
|
ber_bvarray_free_x( set, cp->op->o_tmpmemctx );
|
|
}
|
|
}
|
|
|
|
static BerVarray
|
|
set_dup( SetCookie *cp, BerVarray set, unsigned flags )
|
|
{
|
|
BerVarray newset = NULL;
|
|
|
|
if ( set == NULL ) {
|
|
return NULL;
|
|
}
|
|
|
|
if ( flags & SLAP_SET_REFARR ) {
|
|
int i;
|
|
|
|
for ( i = 0; !BER_BVISNULL( &set[ i ] ); i++ )
|
|
;
|
|
newset = cp->op->o_tmpcalloc( i + 1,
|
|
sizeof(struct berval),
|
|
cp->op->o_tmpmemctx );
|
|
if ( newset == NULL ) {
|
|
return NULL;
|
|
}
|
|
|
|
if ( flags & SLAP_SET_REFVAL ) {
|
|
for ( i = 0; !BER_BVISNULL( &set[ i ] ); i++ ) {
|
|
ber_dupbv_x( &newset[ i ], &set[ i ],
|
|
cp->op->o_tmpmemctx );
|
|
}
|
|
|
|
} else {
|
|
AC_MEMCPY( newset, set, ( i + 1 ) * sizeof( struct berval ) );
|
|
}
|
|
|
|
} else {
|
|
newset = set;
|
|
}
|
|
|
|
return newset;
|
|
}
|
|
|
|
BerVarray
|
|
slap_set_join(
|
|
SetCookie *cp,
|
|
BerVarray lset,
|
|
unsigned op_flags,
|
|
BerVarray rset )
|
|
{
|
|
BerVarray set;
|
|
long i, j, last;
|
|
unsigned op = ( op_flags & SLAP_SET_OPMASK );
|
|
|
|
set = NULL;
|
|
switch ( op ) {
|
|
case '|':
|
|
if ( lset == NULL || BER_BVISNULL( lset ) ) {
|
|
if ( rset == NULL ) {
|
|
if ( lset == NULL ) {
|
|
return cp->op->o_tmpcalloc( 1,
|
|
sizeof(struct berval),
|
|
cp->op->o_tmpmemctx );
|
|
}
|
|
return set_dup( cp, lset, SLAP_SET_LREF2REF( op_flags ) );
|
|
}
|
|
slap_set_dispose( cp, lset, SLAP_SET_LREF2REF( op_flags ) );
|
|
return set_dup( cp, rset, SLAP_SET_RREF2REF( op_flags ) );
|
|
}
|
|
if ( rset == NULL || BER_BVISNULL( rset ) ) {
|
|
slap_set_dispose( cp, rset, SLAP_SET_RREF2REF( op_flags ) );
|
|
return set_dup( cp, lset, SLAP_SET_LREF2REF( op_flags ) );
|
|
}
|
|
|
|
i = slap_set_size( lset ) + slap_set_size( rset ) + 1;
|
|
set = cp->op->o_tmpcalloc( i, sizeof(struct berval), cp->op->o_tmpmemctx );
|
|
if ( set != NULL ) {
|
|
/* set_chase() depends on this routine to
|
|
* keep the first elements of the result
|
|
* set the same (and in the same order)
|
|
* as the left-set.
|
|
*/
|
|
for ( i = 0; !BER_BVISNULL( &lset[ i ] ); i++ ) {
|
|
if ( op_flags & SLAP_SET_LREFVAL ) {
|
|
ber_dupbv_x( &set[ i ], &lset[ i ], cp->op->o_tmpmemctx );
|
|
|
|
} else {
|
|
set[ i ] = lset[ i ];
|
|
}
|
|
}
|
|
|
|
for ( i = 0; !BER_BVISNULL( &rset[ i ] ); i++ ) {
|
|
int exists = 0;
|
|
for ( j = 0; !BER_BVISNULL( &set[ j ] ); j++ ) {
|
|
if ( dn_match( &rset[ i ], &set[ j ] ) )
|
|
{
|
|
if ( !( op_flags & SLAP_SET_RREFVAL ) ) {
|
|
cp->op->o_tmpfree( rset[ i ].bv_val, cp->op->o_tmpmemctx );
|
|
BER_BVZERO( &rset[ i ] );
|
|
}
|
|
exists = 1;
|
|
break;
|
|
}
|
|
}
|
|
|
|
if ( !exists ) {
|
|
if ( op_flags & SLAP_SET_RREFVAL ) {
|
|
ber_dupbv_x( &set[ j ], &rset[ i ], cp->op->o_tmpmemctx );
|
|
|
|
} else {
|
|
set[ j ] = rset[ i ];
|
|
}
|
|
}
|
|
}
|
|
}
|
|
break;
|
|
|
|
case '&':
|
|
if ( lset == NULL || BER_BVISNULL( lset )
|
|
|| rset == NULL || BER_BVISNULL( rset ) )
|
|
{
|
|
set = cp->op->o_tmpcalloc( 1, sizeof(struct berval),
|
|
cp->op->o_tmpmemctx );
|
|
|
|
} else {
|
|
set = set_dup( cp, lset, SLAP_SET_LREF2REF( op_flags ) );
|
|
if ( set == NULL ) {
|
|
break;
|
|
}
|
|
lset = NULL;
|
|
last = slap_set_size( set ) - 1;
|
|
for ( i = 0; !BER_BVISNULL( &set[ i ] ); i++ ) {
|
|
for ( j = 0; !BER_BVISNULL( &rset[ j ] ); j++ ) {
|
|
if ( dn_match( &set[ i ], &rset[ j ] ) ) {
|
|
break;
|
|
}
|
|
}
|
|
|
|
if ( BER_BVISNULL( &rset[ j ] ) ) {
|
|
cp->op->o_tmpfree( set[ i ].bv_val, cp->op->o_tmpmemctx );
|
|
set[ i ] = set[ last ];
|
|
BER_BVZERO( &set[ last ] );
|
|
last--;
|
|
i--;
|
|
}
|
|
}
|
|
}
|
|
break;
|
|
|
|
default:
|
|
break;
|
|
}
|
|
|
|
if ( !( op_flags & SLAP_SET_LREFARR ) && lset != NULL ) {
|
|
cp->op->o_tmpfree( lset, cp->op->o_tmpmemctx );
|
|
}
|
|
|
|
if ( !( op_flags & SLAP_SET_RREFARR ) && rset != NULL ) {
|
|
cp->op->o_tmpfree( rset, cp->op->o_tmpmemctx );
|
|
}
|
|
|
|
return set;
|
|
}
|
|
|
|
static BerVarray
|
|
set_chase( SLAP_SET_GATHER gatherer,
|
|
SetCookie *cp, BerVarray set, AttributeDescription *desc, int closure )
|
|
{
|
|
BerVarray vals, nset;
|
|
int i;
|
|
|
|
if ( set == NULL )
|
|
return cp->op->o_tmpcalloc( 1, sizeof(struct berval),
|
|
cp->op->o_tmpmemctx );
|
|
|
|
if ( BER_BVISNULL( set ) )
|
|
return set;
|
|
|
|
nset = cp->op->o_tmpcalloc( 1, sizeof(struct berval), cp->op->o_tmpmemctx );
|
|
if ( nset == NULL ) {
|
|
slap_set_dispose( cp, set, 0 );
|
|
return NULL;
|
|
}
|
|
for ( i = 0; !BER_BVISNULL( &set[ i ] ); i++ ) {
|
|
vals = (gatherer)( cp, &set[ i ], desc );
|
|
if ( vals != NULL ) {
|
|
nset = slap_set_join( cp, nset, '|', vals );
|
|
}
|
|
}
|
|
slap_set_dispose( cp, set, 0 );
|
|
|
|
if ( closure ) {
|
|
for ( i = 0; !BER_BVISNULL( &nset[ i ] ); i++ ) {
|
|
vals = (gatherer)( cp, &nset[ i ], desc );
|
|
if ( vals != NULL ) {
|
|
nset = slap_set_join( cp, nset, '|', vals );
|
|
if ( nset == NULL ) {
|
|
break;
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
return nset;
|
|
}
|
|
|
|
int
|
|
slap_set_filter( SLAP_SET_GATHER gatherer,
|
|
SetCookie *cp, struct berval *fbv,
|
|
struct berval *user, struct berval *target, BerVarray *results )
|
|
{
|
|
#define IS_SET(x) ( (unsigned long)(x) >= 256 )
|
|
#define IS_OP(x) ( (unsigned long)(x) < 256 )
|
|
#define SF_ERROR(x) do { rc = -1; goto _error; } while (0)
|
|
#define SF_TOP() ( (BerVarray)( (stp < 0) ? 0 : stack[ stp ] ) )
|
|
#define SF_POP() ( (BerVarray)( (stp < 0) ? 0 : stack[ stp-- ] ) )
|
|
#define SF_PUSH(x) do { \
|
|
if (stp >= 63) SF_ERROR(overflow); \
|
|
stack[ ++stp ] = (BerVarray)(long)(x); \
|
|
} while (0)
|
|
|
|
BerVarray set, lset;
|
|
BerVarray stack[64] = { 0 };
|
|
int len, rc, stp;
|
|
unsigned op;
|
|
char c, *filter = fbv->bv_val;
|
|
|
|
if ( results ) {
|
|
*results = NULL;
|
|
}
|
|
|
|
stp = -1;
|
|
while ( ( c = *filter++ ) ) {
|
|
set = NULL;
|
|
switch ( c ) {
|
|
case ' ':
|
|
case '\t':
|
|
case '\x0A':
|
|
case '\x0D':
|
|
break;
|
|
|
|
case '(' /* ) */ :
|
|
if ( IS_SET( SF_TOP() ) ) {
|
|
SF_ERROR( syntax );
|
|
}
|
|
SF_PUSH( c );
|
|
break;
|
|
|
|
case /* ( */ ')':
|
|
set = SF_POP();
|
|
if ( IS_OP( set ) ) {
|
|
SF_ERROR( syntax );
|
|
}
|
|
if ( SF_TOP() == (void *)'(' /* ) */ ) {
|
|
SF_POP();
|
|
SF_PUSH( set );
|
|
set = NULL;
|
|
|
|
} else if ( IS_OP( SF_TOP() ) ) {
|
|
op = (unsigned)SF_POP();
|
|
lset = SF_POP();
|
|
SF_POP();
|
|
set = slap_set_join( cp, lset, op, set );
|
|
if ( set == NULL ) {
|
|
SF_ERROR(memory);
|
|
}
|
|
SF_PUSH( set );
|
|
set = NULL;
|
|
|
|
} else {
|
|
SF_ERROR( syntax );
|
|
}
|
|
break;
|
|
|
|
case '&':
|
|
case '|':
|
|
set = SF_POP();
|
|
if ( IS_OP( set ) ) {
|
|
SF_ERROR( syntax );
|
|
}
|
|
if ( SF_TOP() == 0 || SF_TOP() == (void *)'(' /* ) */ ) {
|
|
SF_PUSH( set );
|
|
set = NULL;
|
|
|
|
} else if ( IS_OP( SF_TOP() ) ) {
|
|
op = (unsigned)SF_POP();
|
|
lset = SF_POP();
|
|
set = slap_set_join( cp, lset, op, set );
|
|
if ( set == NULL ) {
|
|
SF_ERROR( memory );
|
|
}
|
|
SF_PUSH( set );
|
|
set = NULL;
|
|
|
|
} else {
|
|
SF_ERROR( syntax );
|
|
}
|
|
SF_PUSH( c );
|
|
break;
|
|
|
|
case '[' /* ] */:
|
|
if ( ( SF_TOP() == (void *)'/' ) || IS_SET( SF_TOP() ) ) {
|
|
SF_ERROR( syntax );
|
|
}
|
|
for ( len = 0; ( c = *filter++ ) && (c != /* [ */ ']'); len++ )
|
|
;
|
|
if ( c == 0 ) {
|
|
SF_ERROR(syntax);
|
|
}
|
|
|
|
set = cp->op->o_tmpcalloc( 2, sizeof(struct berval),
|
|
cp->op->o_tmpmemctx );
|
|
if ( set == NULL ) {
|
|
SF_ERROR(memory);
|
|
}
|
|
set->bv_val = cp->op->o_tmpcalloc( len + 1, sizeof(char),
|
|
cp->op->o_tmpmemctx );
|
|
if ( BER_BVISNULL( set ) ) {
|
|
SF_ERROR( memory );
|
|
}
|
|
AC_MEMCPY( set->bv_val, &filter[ - len - 1 ], len );
|
|
set->bv_len = len;
|
|
SF_PUSH( set );
|
|
set = NULL;
|
|
break;
|
|
|
|
case '-':
|
|
c = *filter++;
|
|
if ( c != '>' ) {
|
|
SF_ERROR( syntax );
|
|
}
|
|
/* fall through to next case */
|
|
|
|
case '/':
|
|
if ( IS_OP( SF_TOP() ) ) {
|
|
SF_ERROR( syntax );
|
|
}
|
|
SF_PUSH( '/' );
|
|
break;
|
|
|
|
default:
|
|
if ( ( c != '_' )
|
|
&& ( c < 'A' || c > 'Z' )
|
|
&& ( c < 'a' || c > 'z' ) )
|
|
{
|
|
SF_ERROR( syntax );
|
|
}
|
|
filter--;
|
|
for ( len = 1;
|
|
( c = filter[ len ] )
|
|
&& ( ( c >= '0' && c <= '9' )
|
|
|| ( c >= 'A' && c <= 'Z' )
|
|
|| ( c >= 'a' && c <= 'z' ) );
|
|
len++ )
|
|
/* count */ ;
|
|
if ( len == 4
|
|
&& memcmp( "this", filter, len ) == 0 )
|
|
{
|
|
if ( ( SF_TOP() == (void *)'/' ) || IS_SET( SF_TOP() ) ) {
|
|
SF_ERROR( syntax );
|
|
}
|
|
set = cp->op->o_tmpcalloc( 2, sizeof(struct berval),
|
|
cp->op->o_tmpmemctx );
|
|
if ( set == NULL ) {
|
|
SF_ERROR( memory );
|
|
}
|
|
ber_dupbv_x( set, target, cp->op->o_tmpmemctx );
|
|
if ( BER_BVISNULL( set ) ) {
|
|
SF_ERROR( memory );
|
|
}
|
|
|
|
} else if ( len == 4
|
|
&& memcmp( "user", filter, len ) == 0 )
|
|
{
|
|
if ( ( SF_TOP() == (void *)'/' ) || IS_SET( SF_TOP() ) ) {
|
|
SF_ERROR( syntax );
|
|
}
|
|
set = cp->op->o_tmpcalloc( 2, sizeof(struct berval),
|
|
cp->op->o_tmpmemctx );
|
|
if ( set == NULL ) {
|
|
SF_ERROR( memory );
|
|
}
|
|
ber_dupbv_x( set, user, cp->op->o_tmpmemctx );
|
|
if ( BER_BVISNULL( set ) ) {
|
|
SF_ERROR( memory );
|
|
}
|
|
|
|
} else if ( SF_TOP() != (void *)'/' ) {
|
|
SF_ERROR( syntax );
|
|
|
|
} else {
|
|
struct berval fb2;
|
|
AttributeDescription *ad = NULL;
|
|
const char *text = NULL;
|
|
|
|
SF_POP();
|
|
fb2.bv_val = filter;
|
|
fb2.bv_len = len;
|
|
|
|
if ( slap_bv2ad( &fb2, &ad, &text ) != LDAP_SUCCESS ) {
|
|
SF_ERROR( syntax );
|
|
}
|
|
|
|
/* NOTE: ad must have distinguishedName syntax
|
|
* or expand in an LDAP URI if c == '*'
|
|
*/
|
|
|
|
set = set_chase( gatherer,
|
|
cp, SF_POP(), ad, c == '*' );
|
|
if ( set == NULL ) {
|
|
SF_ERROR( memory );
|
|
}
|
|
if ( c == '*' ) {
|
|
len++;
|
|
}
|
|
}
|
|
filter += len;
|
|
SF_PUSH( set );
|
|
set = NULL;
|
|
break;
|
|
}
|
|
}
|
|
|
|
set = SF_POP();
|
|
if ( IS_OP( set ) ) {
|
|
SF_ERROR( syntax );
|
|
}
|
|
if ( SF_TOP() == 0 ) {
|
|
/* FIXME: ok ? */ ;
|
|
|
|
} else if ( IS_OP( SF_TOP() ) ) {
|
|
op = (unsigned)SF_POP();
|
|
lset = SF_POP();
|
|
set = slap_set_join( cp, lset, op, set );
|
|
if ( set == NULL ) {
|
|
SF_ERROR( memory );
|
|
}
|
|
|
|
} else {
|
|
SF_ERROR( syntax );
|
|
}
|
|
|
|
rc = slap_set_isempty( set ) ? 0 : 1;
|
|
if ( results ) {
|
|
*results = set;
|
|
set = NULL;
|
|
}
|
|
|
|
_error:
|
|
if ( IS_SET( set ) ) {
|
|
slap_set_dispose( cp, set, 0 );
|
|
}
|
|
while ( ( set = SF_POP() ) ) {
|
|
if ( IS_SET( set ) ) {
|
|
slap_set_dispose( cp, set, 0 );
|
|
}
|
|
}
|
|
return rc;
|
|
}
|