Home Explore Help
Register Sign In
Apq
/
389-ds-base
mirror of https://github.com/389ds/389-ds-base.git
1
0
Fork 0
Files Issues 0 Wiki
Tree: 333f963669
Branches Tags
389-ds-base
/
ldap
/
servers
/
slapd
/
filter.c

filter.c 41 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891892893894895896897898899900901902903904905906907908909910911912913914915916917918919920921922923924925926927928929930931932933934935936937938939940941942943944945946947948949950951952953954955956957958959960961962963964965966967968969970971972973974975976977978979980981982983984985986987988989990991992993994995996997998999100010011002100310041005100610071008100910101011101210131014101510161017101810191020102110221023102410251026102710281029103010311032103310341035103610371038103910401041104210431044104510461047104810491050105110521053105410551056105710581059106010611062106310641065106610671068106910701071107210731074107510761077107810791080108110821083108410851086108710881089109010911092109310941095109610971098109911001101110211031104110511061107110811091110111111121113111411151116111711181119112011211122112311241125112611271128112911301131113211331134113511361137113811391140114111421143114411451146114711481149115011511152115311541155115611571158115911601161116211631164116511661167116811691170117111721173117411751176117711781179118011811182118311841185118611871188118911901191119211931194119511961197119811991200120112021203120412051206120712081209121012111212121312141215121612171218121912201221122212231224122512261227122812291230123112321233123412351236123712381239124012411242124312441245124612471248124912501251125212531254125512561257125812591260126112621263126412651266126712681269127012711272127312741275127612771278127912801281128212831284128512861287128812891290129112921293129412951296129712981299130013011302130313041305130613071308130913101311131213131314131513161317131813191320132113221323132413251326132713281329133013311332133313341335133613371338133913401341134213431344134513461347134813491350135113521353135413551356135713581359136013611362136313641365136613671368136913701371137213731374137513761377137813791380138113821383138413851386138713881389139013911392139313941395139613971398139914001401140214031404140514061407140814091410141114121413141414151416141714181419142014211422142314241425142614271428142914301431143214331434143514361437143814391440144114421443144414451446144714481449145014511452145314541455145614571458145914601461146214631464146514661467146814691470147114721473147414751476147714781479148014811482148314841485148614871488148914901491149214931494149514961497149814991500150115021503150415051506150715081509151015111512151315141515151615171518151915201521152215231524152515261527152815291530153115321533153415351536153715381539154015411542154315441545154615471548154915501551155215531554155515561557155815591560156115621563156415651566156715681569157015711572157315741575157615771578157915801581158215831584158515861587158815891590159115921593159415951596159715981599160016011602160316041605160616071608160916101611161216131614161516161617161816191620162116221623162416251626162716281629163016311632163316341635163616371638163916401641164216431644164516461647164816491650165116521653165416551656165716581659166016611662166316641665 
  1. /** BEGIN COPYRIGHT BLOCK
    2. 

  2.  * Copyright (C) 2001 Sun Microsystems, Inc. Used by permission.
    3. 

  3.  * Copyright (C) 2005 Red Hat, Inc.
    4. 

  4.  * All rights reserved.
    5. 

  5.  *
    6. 

  6.  * License: GPL (version 3 or any later version).
    7. 

  7.  * See LICENSE for details. 
    8. 

  8.  * END COPYRIGHT BLOCK **/
    9. 

  9. 

  10. #ifdef HAVE_CONFIG_H
    11. 

  11. #  include <config.h>
    12. 

  12. #endif
    13. 

  13. 

  14. /* filter.c - routines for parsing and dealing with filters */
    15. 

  15. 

  16. #include <stdio.h>
    17. 

  17. #include <string.h>
    18. 

  18. #include <sys/types.h>
    19. 

  19. #include <sys/socket.h>
    20. 

  20. #include "slap.h"
    21. 

  21. #include "slapi-plugin.h"
    22. 

  22. 

  23. static int
    24. 

  24. get_filter_list( Connection *conn, BerElement *ber,
    25. 

  25. 		struct slapi_filter **f, char **fstr, int maxdepth, int curdepth,
    26. 

  26. 		int *subentry_dont_rewrite, int *has_tombstone_filter, int *has_ruv_filter);
    27. 

  27. static int	get_substring_filter();
    28. 

  28. static int	get_extensible_filter( BerElement *ber, mr_filter_t* );
    29. 

  29. 

  30. static int get_filter_internal( Connection *conn, BerElement *ber,
    31. 

  31. 		struct slapi_filter **filt, char **fstr, int maxdepth, int curdepth,
    32. 

  32. 		int *subentry_dont_rewrite, int *has_tombstone_filter, int *has_ruv_filter);
    33. 

  33. static int tombstone_check_filter(Slapi_Filter *f);
    34. 

  34. static int ruv_check_filter(Slapi_Filter *f);
    35. 

  35. static void filter_optimize(Slapi_Filter *f);
    36. 

  36. 

  37. 

  38. 

  39. /*
    40. 

  40.  * Read a filter off the wire and create a slapi_filter and string representation.
    41. 

  41.  * Both filt and fstr are allocated by this function, so must be freed by the caller.
    42. 

  42.  *
    43. 

  43.  * If the scope is not base and (objectclass=ldapsubentry) does not occur
    44. 

  44.  * in the filter then we add (!(objectclass=ldapsubentry)) to the filter
    45. 

  45.  * so that subentries are not returned.
    46. 

  46.  * If the scope is base or (objectclass=ldapsubentry) occurs in the filter,
    47. 

  47.  * then the caller is explicitly handling subentries himself and so we leave
    48. 

  48.  * the filter as is.
    49. 

  49.  */
    50. 

  50. int
    51. 

  51. get_filter( Connection *conn, BerElement *ber, int scope,
    52. 

  52. 			struct slapi_filter **filt, char **fstr )
    53. 

  53. {
    54. 

  54. 	int subentry_dont_rewrite = 0; /* Re-write unless we're told not to */
    55. 

  55. 	int has_tombstone_filter = 0; /* Check if nsTombstone appears */
    56. 

  56. 	int has_ruv_filter = 0;       /* Check if searching for RUV */
    57. 

  57. 	int return_value = 0;
    58. 

  58. 	char 	*logbuf = NULL;
    59. 

  59. 	size_t	logbufsize = 0;
    60. 

  60. 

  61. 	return_value = get_filter_internal(conn, ber, filt, fstr,
    62. 

  62. 			config_get_max_filter_nest_level(),	/* maximum depth */
    63. 

  63. 			0, /* current depth */ &subentry_dont_rewrite,
    64. 

  64. 			&has_tombstone_filter, &has_ruv_filter);
    65. 

  65. 

  66. 	if (0 == return_value) { /* Don't try to re-write if there was an error */
    67. 

  67. 		if (subentry_dont_rewrite || scope == LDAP_SCOPE_BASE)
    68. 

  68. 		  (*filt)->f_flags |= SLAPI_FILTER_LDAPSUBENTRY;
    69. 

  69. 		if (has_tombstone_filter)
    70. 

  70. 			(*filt)->f_flags |= SLAPI_FILTER_TOMBSTONE;
    71. 

  71. 		if (has_ruv_filter)
    72. 

  72. 			(*filt)->f_flags |= SLAPI_FILTER_RUV;
    73. 

  73. 	}
    74. 

  74. 

  75. 	if (LDAPDebugLevelIsSet( LDAP_DEBUG_FILTER ) && *filt != NULL
    76. 

  76. 			&& *fstr != NULL) {
    77. 

  77. 		logbufsize = strlen(*fstr) + 1;
    78. 

  78. 		logbuf = slapi_ch_malloc(logbufsize);
    79. 

  79. 		*logbuf = '\0';
    80. 

  80. 		slapi_log_error( SLAPI_LOG_FATAL, "get_filter", "before optimize: %s\n",
    81. 

  81. 				slapi_filter_to_string(*filt, logbuf, logbufsize));
    82. 

  82. 	}
    83. 

  83. 

  84. 	filter_optimize(*filt);
    85. 

  85. 

  86. 	if (NULL != logbuf) {
    87. 

  87. 		slapi_log_error( SLAPI_LOG_FATAL, "get_filter", " after optimize: %s\n",
    88. 

  88. 				slapi_filter_to_string(*filt, logbuf, logbufsize));
    89. 

  89. 		slapi_ch_free_string( &logbuf );
    90. 

  90. 	}
    91. 

  91. 

  92. 	return return_value;
    93. 

  93. }
    94. 

  94. 

  95. 

  96. #define FILTER_EQ_FMT       "(%s=%s%s)"
    97. 

  97. #define FILTER_GE_FMT       "(%s>=%s%s)"
    98. 

  98. #define FILTER_LE_FMT       "(%s<=%s%s)"
    99. 

  99. #define FILTER_APROX_FMT    "(%s~=%s%s)"
    100. 

  100. #define FILTER_EXTENDED_FMT "(%s%s%s%s:=%s%s)"
    101. 

  101. #define FILTER_EQ_LEN	4
    102. 

  102. #define FILTER_GE_LEN	5
    103. 

  103. #define FILTER_LE_LEN	5
    104. 

  104. #define FILTER_APROX_LEN 5
    105. 

  105. 

  106. 

  107. /* returns escaped filter string for extended filters only*/
    108. 

  108. 

  109. static char *
    110. 

  110. filter_escape_filter_value_extended(struct slapi_filter *f) 
    111. 

  111. {
    112. 

  112.     char *ptr;
    113. 

  113.     
    114. 

  114.     ptr = slapi_filter_sprintf(FILTER_EXTENDED_FMT,
    115. 

  115.         f->f_mr_type ? f->f_mr_type : "",
    116. 

  116.         f->f_mr_dnAttrs ? ":dn" : "",
    117. 

  117.         f->f_mr_oid ? ":" : "",
    118. 

  118.         f->f_mr_oid ? f->f_mr_oid : "",
    119. 

  119.         ESC_NEXT_VAL,  f->f_mr_value.bv_val);
    120. 

  120.     return ptr;
    121. 

  121. }
    122. 

  122. 

  123. /* returns escaped filter string for EQ, LE, GE and APROX filters */
    124. 

  124. 

  125. static char *
    126. 

  126. filter_escape_filter_value(struct slapi_filter *f, const char *fmt, size_t len) 
    127. 

  127. {
    128. 

  128.     char *ptr;
    129. 

  129. 

  130.     filter_compute_hash(f);
    131. 

  131.     ptr = slapi_filter_sprintf(fmt, f->f_avtype, ESC_NEXT_VAL, f->f_avvalue.bv_val );
    132. 

  132.     
    133. 

  133.     return ptr;
    134. 

  134. }
    135. 

  135. 

  136. 

  137. /*
    138. 

  138.  * get_filter_internal(): extract an LDAP filter from a BerElement and create
    139. 

  139.  *	a slapi_filter structure (*filt) and a string equivalent (*fstr).
    140. 

  140.  *
    141. 

  141.  * This function is recursive. It calls itself (to process NOT filters) and
    142. 

  142.  *	it calls get_filter_list() for AND and OR filters, and get_filter_list()
    143. 

  143.  *	calls this function again.
    144. 

  144.  */
    145. 

  145. static int
    146. 

  146. get_filter_internal( Connection *conn, BerElement *ber, 
    147. 

  147. 	struct slapi_filter **filt, char **fstr, int maxdepth, int curdepth,
    148. 

  148. 	int *subentry_dont_rewrite, int *has_tombstone_filter, int *has_ruv_filter )
    149. 

  149. {
    150. 

  150.     ber_len_t	len;
    151. 

  151.     int		err;
    152. 

  152.     struct slapi_filter	*f;
    153. 

  153.     char		*ftmp, *type = NULL;
    154. 

  154. 

  155. 	LDAPDebug( LDAP_DEBUG_FILTER, "=> get_filter_internal\n", 0, 0, 0 );
    156. 

  156. 

  157. 	/*
    158. 

  158. 	 * Track and check the depth of nesting.  Use post-increment on
    159. 

  159. 	 * current depth here because this function is called for the
    160. 

  160. 	 * top-level filter (which does not count towards the maximum depth).
    161. 

  161. 	 */
    162. 

  162. 	if ( ( curdepth++ > maxdepth ) && ( maxdepth > 0 )) {
    163. 

  163. 		*filt = NULL;
    164. 

  164. 		*fstr = NULL;
    165. 

  165. 		err = LDAP_UNWILLING_TO_PERFORM;
    166. 

  166. 		LDAPDebug( LDAP_DEBUG_FILTER, "<= get_filter_internal %d"
    167. 

  167. 				" (maximum nesting level of %d exceeded)\n",
    168. 

  168. 				err, maxdepth, 0 );
    169. 

  169. 		return( err );
    170. 

  170. 	}
    171. 

  171. 

  172. 	/*
    173. 

  173. 	 * A filter looks like this coming in:
    174. 

  174. 	 *	Filter ::= CHOICE {
    175. 

  175. 	 *		and		[0]	SET OF Filter,
    176. 

  176. 	 *		or		[1]	SET OF Filter,
    177. 

  177. 	 *		not		[2]	Filter,
    178. 

  178. 	 *		equalityMatch	[3]	AttributeValueAssertion,
    179. 

  179. 	 *		substrings	[4]	SubstringFilter,
    180. 

  180. 	 *		greaterOrEqual	[5]	AttributeValueAssertion,
    181. 

  181. 	 *		lessOrEqual	[6]	AttributeValueAssertion,
    182. 

  182. 	 *		present		[7]	AttributeType,
    183. 

  183. 	 *		approxMatch	[8]	AttributeValueAssertion,
    184. 

  184. 	 *		extensibleMatch	[9]	MatchingRuleAssertion --v3 only
    185. 

  185. 	 *	}
    186. 

  186. 	 *
    187. 

  187. 	 *	SubstringFilter ::= SEQUENCE {
    188. 

  188. 	 *		type               AttributeType,
    189. 

  189. 	 *		SEQUENCE OF CHOICE {
    190. 

  190. 	 *			initial          [0] IA5String,
    191. 

  191. 	 *			any              [1] IA5String,
    192. 

  192. 	 *			final            [2] IA5String
    193. 

  193. 	 *		}
    194. 

  194. 	 *	}
    195. 

  195. 	 *
    196. 

  196. 	 * The extensibleMatch was added in LDAPv3:
    197. 

  197. 	 *
    198. 

  198. 	 *	MatchingRuleAssertion ::= SEQUENCE {
    199. 

  199. 	 *		matchingRule	[1] MatchingRuleID OPTIONAL,
    200. 

  200. 	 *		type		[2] AttributeDescription OPTIONAL,
    201. 

  201. 	 *		matchValue	[3] AssertionValue,
    202. 

  202. 	 *		dnAttributes	[4] BOOLEAN DEFAULT FALSE
    203. 

  203. 	 *	}
    204. 

  204. 	 */
    205. 

  205. 

  206. 	f = (struct slapi_filter *) slapi_ch_calloc( 1, sizeof(struct slapi_filter) );
    207. 

  207. 

  208. 	err = 0;
    209. 

  209. 	*fstr = NULL;
    210. 

  210. 	f->f_choice = ber_peek_tag( ber, &len );
    211. 

  211. 	switch ( f->f_choice ) {
    212. 

  212. 	case LDAP_FILTER_EQUALITY:
    213. 

  213. 		LDAPDebug( LDAP_DEBUG_FILTER, "EQUALITY\n", 0, 0, 0 );
    214. 

  214. 		if ( (err = get_ava( ber, &f->f_ava )) == 0 ) {
    215. 

  215. 

  216. 			if ( 0 == strcasecmp ( f->f_avtype, "objectclass")) {
    217. 

  217. 				/* Process objectclass oid's here */
    218. 

  218. 				if (strchr (f->f_avvalue.bv_val, '.')) {
    219. 

  219. 					char	*ocname = oc_find_name( f->f_avvalue.bv_val );
    220. 

  220. 

  221. 					if ( NULL != ocname ) {
    222. 

  222. 						slapi_ch_free((void**)&f->f_avvalue.bv_val );
    223. 

  223. 						f->f_avvalue.bv_val = ocname;
    224. 

  224. 						f->f_avvalue.bv_len = strlen ( f->f_avvalue.bv_val );
    225. 

  225. 					}
    226. 

  226. 				}
    227. 

  227. 

  228. 				/*
    229. 

  229. 				 * Process subentry searches here.
    230. 

  230. 				 * Only set (*subentry_dont_rewrite) if it's not already set.
    231. 

  231. 				 */
    232. 

  232. 

  233. 				if (!(*subentry_dont_rewrite)) {
    234. 

  234. 					*subentry_dont_rewrite = subentry_check_filter(f);
    235. 

  235. 				}
    236. 

  236. 				/* 
    237. 

  237. 				 * Check if it's a Tomstone filter.
    238. 

  238. 				 * We need to do it once per filter, so if flag is already set,
    239. 

  239. 				 * don't bother doing it
    240. 

  240. 				 */
    241. 

  241. 				if (!(*has_tombstone_filter)) {
    242. 

  242. 					*has_tombstone_filter = tombstone_check_filter(f);
    243. 

  243. 				}
    244. 

  244. 			} 
    245. 

  245. 

  246. 			if ( 0 == strcasecmp ( f->f_avtype, "nsuniqueid")) {
    247. 

  247. 				/*
    248. 

  248. 				 * Check if it's a RUV filter.
    249. 

  249. 				 * We need to do it once per filter, so if flag is already set,
    250. 

  250. 				 * don't bother doing it
    251. 

  251. 				 */
    252. 

  252. 				if (!(*has_ruv_filter)) {
    253. 

  253. 					*has_ruv_filter = ruv_check_filter(f);
    254. 

  254. 				}
    255. 

  255. 			}
    256. 

  256. 

  257. 			*fstr=filter_escape_filter_value(f, FILTER_EQ_FMT, FILTER_EQ_LEN);
    258. 

  258. 		}
    259. 

  259. 		break;
    260. 

  260. 

  261. 	case LDAP_FILTER_SUBSTRINGS:
    262. 

  262. 		LDAPDebug( LDAP_DEBUG_FILTER, "SUBSTRINGS\n", 0, 0, 0 );
    263. 

  263. 		err = get_substring_filter( conn, ber, f, fstr );
    264. 

  264. 		break;
    265. 

  265. 

  266. 	case LDAP_FILTER_GE:
    267. 

  267. 		LDAPDebug( LDAP_DEBUG_FILTER, "GE\n", 0, 0, 0 );
    268. 

  268. 		if ( (err = get_ava( ber, &f->f_ava )) == 0 ) {
    269. 

  269. 		  *fstr=filter_escape_filter_value(f, FILTER_GE_FMT, FILTER_GE_LEN);
    270. 

  270. 		}
    271. 

  271. 		break;
    272. 

  272. 

  273. 	case LDAP_FILTER_LE:
    274. 

  274. 		LDAPDebug( LDAP_DEBUG_FILTER, "LE\n", 0, 0, 0 );
    275. 

  275. 		if ( (err = get_ava( ber, &f->f_ava )) == 0 ) {
    276. 

  276. 		  *fstr=filter_escape_filter_value(f, FILTER_LE_FMT, FILTER_LE_LEN);
    277. 

  277. 		}
    278. 

  278. 		break;
    279. 

  279. 

  280. 	case LDAP_FILTER_PRESENT:
    281. 

  281. 		LDAPDebug( LDAP_DEBUG_FILTER, "PRESENT\n", 0, 0, 0 );
    282. 

  282. 		if ( ber_scanf( ber, "a", &type ) == LBER_ERROR ) {
    283. 

  283.             slapi_ch_free_string(&type);
    284. 

  284. 			err = LDAP_PROTOCOL_ERROR;
    285. 

  285. 		} else {
    286. 

  286. 			err = LDAP_SUCCESS;
    287. 

  287. 			f->f_type = slapi_attr_syntax_normalize( type );
    288. 

  288. 			slapi_ch_free_string( &type );
    289. 

  289. 			filter_compute_hash(f);
    290. 

  290. 			*fstr = slapi_ch_smprintf( "(%s=*)", f->f_type );
    291. 

  291. 		}
    292. 

  292. 		break;
    293. 

  293. 

  294. 	case LDAP_FILTER_APPROX:
    295. 

  295. 		LDAPDebug( LDAP_DEBUG_FILTER, "APPROX\n", 0, 0, 0 );
    296. 

  296. 		if ( (err = get_ava( ber, &f->f_ava )) == 0 ) {
    297. 

  297. 		  *fstr=filter_escape_filter_value(f, FILTER_APROX_FMT, FILTER_APROX_LEN);
    298. 

  298. 		}
    299. 

  299. 		break;
    300. 

  300. 

  301.     case LDAP_FILTER_EXTENDED:
    302. 

  302.         LDAPDebug( LDAP_DEBUG_FILTER, "EXTENDED\n", 0, 0, 0 );
    303. 

  303.         if ( conn->c_ldapversion < 3 ) {
    304. 

  304.             LDAPDebug( LDAP_DEBUG_ANY,
    305. 

  305.                 "extensible filter received from v2 client\n",
    306. 

  306.                 0, 0, 0 );
    307. 

  307.             err = LDAP_PROTOCOL_ERROR;
    308. 

  308.         } else if ( (err = get_extensible_filter( ber, &f->f_mr )) == LDAP_SUCCESS ) {           
    309. 

  309.             *fstr=filter_escape_filter_value_extended(f); 
    310. 

  310.             LDAPDebug (LDAP_DEBUG_FILTER, "%s\n", *fstr, 0, 0);
    311. 

  311.             if(f->f_mr_oid==NULL) {
    312. 

  312.             /*
    313. 

  313.             * We accept:
    314. 

  314.             * A) attr ":=" value
    315. 

  315.             * B) attr ":dn" ":=" value
    316. 

  316.                 */
    317. 

  317.                 err = LDAP_SUCCESS;
    318. 

  318.             } else {
    319. 

  319.                 err = plugin_mr_filter_create (&f->f_mr);
    320. 

  320.             }
    321. 

  321.         }
    322. 

  322.         break;
    323. 

  323. 

  324. 	case LDAP_FILTER_AND:
    325. 

  325. 		LDAPDebug( LDAP_DEBUG_FILTER, "AND\n", 0, 0, 0 );
    326. 

  326. 		if ( (err = get_filter_list( conn, ber, &f->f_and, &ftmp, maxdepth,
    327. 

  327. 					curdepth, subentry_dont_rewrite,
    328. 

  328. 					has_tombstone_filter, has_ruv_filter ))
    329. 

  329. 					== 0 ) {
    330. 

  330. 			filter_compute_hash(f);
    331. 

  331. 			*fstr = slapi_ch_smprintf( "(&%s)", ftmp );
    332. 

  332. 			slapi_ch_free((void**)&ftmp );
    333. 

  333. 		}
    334. 

  334. 		break;
    335. 

  335. 

  336. 	case LDAP_FILTER_OR:
    337. 

  337. 		LDAPDebug( LDAP_DEBUG_FILTER, "OR\n", 0, 0, 0 );
    338. 

  338. 		if ( (err = get_filter_list( conn, ber, &f->f_or, &ftmp, maxdepth,
    339. 

  339. 					curdepth, subentry_dont_rewrite,
    340. 

  340. 					has_tombstone_filter, has_ruv_filter ))
    341. 

  341. 					== 0 ) {
    342. 

  342. 			filter_compute_hash(f);
    343. 

  343. 			*fstr = slapi_ch_smprintf( "(|%s)", ftmp );
    344. 

  344. 			slapi_ch_free((void**)&ftmp );
    345. 

  345. 		}
    346. 

  346. 		break;
    347. 

  347. 

  348. 	case LDAP_FILTER_NOT:
    349. 

  349. 		LDAPDebug( LDAP_DEBUG_FILTER, "NOT\n", 0, 0, 0 );
    350. 

  350. 		(void) ber_skip_tag( ber, &len );
    351. 

  351. 		if ( (err = get_filter_internal( conn, ber, &f->f_not, &ftmp, maxdepth,
    352. 

  352. 					curdepth, subentry_dont_rewrite,
    353. 

  353. 					has_tombstone_filter, has_ruv_filter ))
    354. 

  354. 					== 0 ) {
    355. 

  355. 			filter_compute_hash(f);
    356. 

  356. 			*fstr = slapi_ch_smprintf( "(!%s)", ftmp );
    357. 

  357. 			slapi_ch_free((void**)&ftmp );
    358. 

  358. 		}
    359. 

  359. 		break;
    360. 

  360. 

  361. 	default:
    362. 

  362. 		LDAPDebug( LDAP_DEBUG_ANY, "get_filter_internal: unknown type 0x%lX\n",
    363. 

  363. 		    f->f_choice, 0, 0 );
    364. 

  364. 		err = LDAP_PROTOCOL_ERROR;
    365. 

  365. 		break;
    366. 

  366. 	}
    367. 

  367. 

  368. 	if ( err != 0 ) {
    369. 

  369. 		slapi_filter_free( f, 1 );
    370. 

  370. 		f = NULL;
    371. 

  371. 		slapi_ch_free( (void**)fstr );
    372. 

  372. 	}
    373. 

  373. 	*filt = f;
    374. 

  374. 	LDAPDebug( LDAP_DEBUG_FILTER, "<= get_filter_internal %d\n", err, 0, 0 );
    375. 

  375. 	return( err );
    376. 

  376. }
    377. 

  377. 

  378. static int
    379. 

  379. get_filter_list( Connection *conn, BerElement *ber,
    380. 

  380. 				struct slapi_filter **f, char **fstr, int maxdepth,
    381. 

  381. 				int curdepth, int *subentry_dont_rewrite,
    382. 

  382. 				int *has_tombstone_filter, int* has_ruv_filter)
    383. 

  383. {
    384. 

  384. 	struct slapi_filter	**new;
    385. 

  385. 	int		err;
    386. 

  386. 	ber_tag_t	tag;
    387. 

  387. 	ber_len_t	len = -1;
    388. 

  388. 	char		*last;
    389. 

  389. 

  390. 	LDAPDebug( LDAP_DEBUG_FILTER, "=> get_filter_list\n", 0, 0, 0 );
    391. 

  391. 

  392. 	*fstr = NULL;
    393. 

  393. 	new = f;
    394. 

  394. 	for ( tag = ber_first_element( ber, &len, &last );
    395. 

  395. 	    tag != LBER_ERROR && tag != LBER_END_OF_SEQORSET;
    396. 

  396. 	    tag = ber_next_element( ber, &len, last ) ) {
    397. 

  397. 		char *ftmp;
    398. 

  398. 		if ( (err = get_filter_internal( conn, ber, new, &ftmp, maxdepth,
    399. 

  399. 					curdepth, subentry_dont_rewrite,
    400. 

  400. 					has_tombstone_filter, has_ruv_filter))
    401. 

  401. 					!= 0 ) {
    402. 

  402. 		    if ( *fstr != NULL ) {
    403. 

  403. 			slapi_ch_free((void**)fstr );
    404. 

  404. 		    }
    405. 

  405. 		    return( err );
    406. 

  406. 		}
    407. 

  407. 		if ( *fstr == NULL ) {
    408. 

  408. 			*fstr = ftmp;
    409. 

  409. 		} else {
    410. 

  410. 			*fstr = slapi_ch_realloc( *fstr, strlen( *fstr ) +
    411. 

  411. 			    strlen( ftmp ) + 1 );
    412. 

  412. 			strcat( *fstr, ftmp );
    413. 

  413. 			slapi_ch_free((void**)&ftmp );
    414. 

  414. 		}
    415. 

  415. 		new = &(*new)->f_next;
    416. 

  416. 		len = -1;
    417. 

  417. 	}
    418. 

  418. 	*new = NULL;
    419. 

  419. 

  420. 	/* openldap does not return LBER_END_OF_SEQORSET -
    421. 

  421. 	   so check for len == -1 - openldap ber_next_element will not set
    422. 

  422. 	   len if it has reached the end, and -1 is not a valid value
    423. 

  423. 	   for a real len */
    424. 

  424. 	if ( (tag != LBER_END_OF_SEQORSET) && (len != -1) && (*fstr != NULL) ) {
    425. 

  425. 		LDAPDebug( LDAP_DEBUG_ANY, "   error parsing filter list\n", 0, 0, 0 );
    426. 

  426. 		slapi_ch_free((void**)fstr );
    427. 

  427. 	}
    428. 

  428. 

  429. 	LDAPDebug( LDAP_DEBUG_FILTER, "<= get_filter_list\n", 0, 0, 0 );
    430. 

  430. 	return(( *fstr == NULL ) ? LDAP_PROTOCOL_ERROR : 0 );
    431. 

  431. }
    432. 

  432. 

  433. static int
    434. 

  434. get_substring_filter(
    435. 

  435.     Connection		*conn,
    436. 

  436.     BerElement		*ber,
    437. 

  437.     struct slapi_filter	*f,
    438. 

  438.     char		**fstr
    439. 

  439. )
    440. 

  440. {
    441. 

  441. 	ber_tag_t	tag, rc;
    442. 

  442. 	ber_len_t	len = -1;
    443. 

  443. 	char		*val, *eval, *last, *type = NULL;
    444. 

  444. 	size_t fstr_len;
    445. 

  445. 

  446. 	LDAPDebug( LDAP_DEBUG_FILTER, "=> get_substring_filter\n", 0, 0, 0 );
    447. 

  447. 

  448. 	if ( ber_scanf( ber, "{a", &type ) == LBER_ERROR ) {
    449. 

  449. 		slapi_ch_free_string(&type);
    450. 

  450. 		return( LDAP_PROTOCOL_ERROR );
    451. 

  451. 	}
    452. 

  452. 	f->f_sub_type = slapi_attr_syntax_normalize( type );
    453. 

  453. 	slapi_ch_free_string( &type );
    454. 

  454. 	f->f_sub_initial = NULL;
    455. 

  455. 	f->f_sub_any = NULL;
    456. 

  456. 	f->f_sub_final = NULL;
    457. 

  457. 

  458. 	/* borrowing the handy macro: 256 */
    459. 

  459. 	fstr_len = strlen( f->f_sub_type ) + SLAPD_TYPICAL_ATTRIBUTE_NAME_MAX_LENGTH;
    460. 

  460. 	*fstr = slapi_ch_malloc(fstr_len);
    461. 

  461. 	sprintf( *fstr, "(%s=", f->f_sub_type );
    462. 

  462. 	for ( tag = ber_first_element( ber, &len, &last );
    463. 

  463. 	    tag != LBER_ERROR && tag != LBER_END_OF_SEQORSET;
    464. 

  464. 	    tag = ber_next_element( ber, &len, last ) )
    465. 

  465. 	{
    466. 

  466.         len = -1; /* reset - not used in loop */
    467. 

  467.         val = NULL;
    468. 

  468. 		rc = ber_scanf( ber, "a", &val );
    469. 

  469. 		if ( rc == LBER_ERROR ) {
    470. 

  470.             slapi_ch_free_string(&val);
    471. 

  471. 			return( LDAP_PROTOCOL_ERROR );
    472. 

  472. 		}
    473. 

  473. 		if ( val == NULL || *val == '\0' ) {
    474. 

  474. 			if ( val != NULL ) {
    475. 

  475. 				slapi_ch_free_string( &val );
    476. 

  476. 			}
    477. 

  477. 			return( LDAP_INVALID_SYNTAX );
    478. 

  478. 		}
    479. 

  479. 

  480. 		switch ( tag ) {
    481. 

  481. 		case LDAP_SUBSTRING_INITIAL:
    482. 

  482. 			LDAPDebug( LDAP_DEBUG_FILTER, "  INITIAL\n", 0, 0, 0 );
    483. 

  483. 			if ( f->f_sub_initial != NULL ) {
    484. 

  484. 				return( LDAP_PROTOCOL_ERROR );
    485. 

  485. 			}
    486. 

  486. 			f->f_sub_initial = val;
    487. 

  487. 			eval = (char*)slapi_escape_filter_value(val, -1);
    488. 

  488. 			if(eval) {
    489. 

  489. 				if (fstr_len < strlen(*fstr) + strlen(eval) + 1) {
    490. 

  490. 				    fstr_len += (strlen(eval) + 1) * 2;
    491. 

  491. 				    *fstr = slapi_ch_realloc(*fstr, fstr_len);
    492. 

  492. 				}
    493. 

  493. 				strcat(*fstr, eval);
    494. 

  494. 				slapi_ch_free_string(&eval);
    495. 

  495. 			}
    496. 

  496. 			break;
    497. 

  497. 

  498. 		case LDAP_SUBSTRING_ANY:
    499. 

  499. 			LDAPDebug( LDAP_DEBUG_FILTER, "  ANY\n", 0, 0, 0 );
    500. 

  500. 			charray_add(&f->f_sub_any, val);
    501. 

  501. 			eval = (char*)slapi_escape_filter_value(val, -1);
    502. 

  502. 			if(eval){
    503. 

  503. 				if (fstr_len < strlen(*fstr) + strlen(eval) + 1) {
    504. 

  504. 				    fstr_len += (strlen(eval) + 1) * 2;
    505. 

  505. 				    *fstr = slapi_ch_realloc(*fstr, fstr_len);
    506. 

  506. 				}
    507. 

  507. 				strcat(*fstr, "*");
    508. 

  508. 				strcat(*fstr, eval);
    509. 

  509. 				slapi_ch_free_string(&eval);
    510. 

  510. 			}
    511. 

  511. 			break;
    512. 

  512. 

  513. 		case LDAP_SUBSTRING_FINAL:
    514. 

  514. 			LDAPDebug( LDAP_DEBUG_FILTER, "  FINAL\n", 0, 0, 0 );
    515. 

  515. 			if ( f->f_sub_final != NULL ) {
    516. 

  516. 				return( LDAP_PROTOCOL_ERROR );
    517. 

  517. 			}
    518. 

  518. 			f->f_sub_final = val;
    519. 

  519. 			eval = (char*)slapi_escape_filter_value( val, -1);
    520. 

  520. 			if(eval){
    521. 

  521. 				if (fstr_len < strlen(*fstr) + strlen(eval) + 1) {
    522. 

  522. 				    fstr_len += (strlen(eval) + 1) * 2;
    523. 

  523. 				    *fstr = slapi_ch_realloc(*fstr, fstr_len);
    524. 

  524. 				}
    525. 

  525. 				strcat(*fstr, "*");
    526. 

  526. 				strcat(*fstr, eval);
    527. 

  527. 				slapi_ch_free_string(&eval);
    528. 

  528. 			}
    529. 

  529. 			break;
    530. 

  530. 

  531. 		default:
    532. 

  532. 			LDAPDebug( LDAP_DEBUG_FILTER, "  unknown tag 0x%lX\n", tag, 0, 0 );
    533. 

  533. 			return( LDAP_PROTOCOL_ERROR );
    534. 

  534. 		}
    535. 

  535. 	}
    536. 

  536. 

  537. 	if ( (tag != LBER_END_OF_SEQORSET) && (len != -1) ) {
    538. 

  538. 		LDAPDebug( LDAP_DEBUG_ANY, "  error reading substring filter\n", 0, 0, 0 );
    539. 

  539. 		return( LDAP_PROTOCOL_ERROR );
    540. 

  540. 	}
    541. 

  541. 	if ( f->f_sub_initial == NULL && f->f_sub_any == NULL &&
    542. 

  542. 	    f->f_sub_final == NULL ) {
    543. 

  543. 		return( LDAP_PROTOCOL_ERROR );
    544. 

  544. 	}
    545. 

  545. 

  546. 	filter_compute_hash(f);
    547. 

  547. 	if (fstr_len < strlen(*fstr) + 3) {
    548. 

  548. 		fstr_len += 3;
    549. 

  549. 		*fstr = slapi_ch_realloc(*fstr, fstr_len);
    550. 

  550. 	}
    551. 

  551. 	if ( f->f_sub_final == NULL ) {
    552. 

  552. 		strcat( *fstr, "*" );
    553. 

  553. 	}
    554. 

  554. 	strcat( *fstr, ")" );
    555. 

  555. 

  556. 	LDAPDebug( LDAP_DEBUG_FILTER, "<= get_substring_filter\n", 0, 0, 0 );
    557. 

  557. 	return( 0 );
    558. 

  558. }
    559. 

  559. 

  560. static int
    561. 

  561. get_extensible_filter( BerElement *ber, mr_filter_t* mrf )
    562. 

  562. {
    563. 

  563. 	int		gotelem, gotoid, gotvalue;
    564. 

  564. 	ber_tag_t	tag;
    565. 

  565. 	ber_len_t	len = -1;
    566. 

  566. 	char		*last;
    567. 

  567. 	int		rc = LDAP_SUCCESS;
    568. 

  568. 

  569. 	LDAPDebug( LDAP_DEBUG_FILTER, "=> get_extensible_filter\n", 0, 0, 0 );
    570. 

  570. 	memset (mrf, 0, sizeof (mr_filter_t));
    571. 

  571. 

  572. 	gotelem = gotoid = gotvalue = 0;
    573. 

  573. 	for ( tag = ber_first_element( ber, &len, &last );
    574. 

  574. 	    tag != LBER_ERROR && tag != LBER_END_OF_SEQORSET;
    575. 

  575. 	    tag = ber_next_element( ber, &len, last ) ) {
    576. 

  576. 		/*
    577. 

  577. 		 * order of elements goes like this:
    578. 

  578. 		 *
    579. 

  579. 		 *	[oid][type]value[dnattr]
    580. 

  580. 		 *
    581. 

  581. 		 * where either oid or type is required.
    582. 

  582. 		 */
    583. 

  583. 		len = -1; /* reset - not used in loop */
    584. 

  584. 		switch ( tag ) {
    585. 

  585. 		case LDAP_TAG_MRA_OID:
    586. 

  586. 			if ( gotelem != 0 ) {
    587. 

  587. 				goto parsing_error;
    588. 

  588. 			}
    589. 

  589. 			if (ber_scanf( ber, "a", &mrf->mrf_oid ) == LBER_ERROR) {
    590. 

  590. 				rc = LDAP_PROTOCOL_ERROR;
    591. 

  591. 			}
    592. 

  592. 			gotoid = 1;
    593. 

  593. 			gotelem++;
    594. 

  594. 			break;
    595. 

  595. 		case LDAP_TAG_MRA_TYPE:
    596. 

  596. 			if ( gotelem != 0 ) {
    597. 

  597. 				if ( gotelem != 1 || gotoid != 1 ) {
    598. 

  598. 					goto parsing_error;
    599. 

  599. 				}
    600. 

  600. 			}
    601. 

  601. 			{
    602. 

  602. 			    char* type = NULL;
    603. 

  603. 			    if (ber_scanf( ber, "a", &type ) == LBER_ERROR) {
    604. 

  604. 				slapi_ch_free_string (&type);
    605. 

  605. 				rc = LDAP_PROTOCOL_ERROR;
    606. 

  606. 			    } else {
    607. 

  607. 				mrf->mrf_type = slapi_attr_syntax_normalize(type);
    608. 

  608. 				slapi_ch_free_string (&type);
    609. 

  609. 			    }
    610. 

  610. 			}
    611. 

  611. 			gotelem++;
    612. 

  612. 			break;
    613. 

  613. 		case LDAP_TAG_MRA_VALUE:
    614. 

  614. 			if ( gotelem != 1 && gotelem != 2 ) {
    615. 

  615. 				goto parsing_error;
    616. 

  616. 			}
    617. 

  617. 			if (ber_scanf( ber, "o", &mrf->mrf_value ) == LBER_ERROR) {
    618. 

  618. 				rc = LDAP_PROTOCOL_ERROR;
    619. 

  619. 			}
    620. 

  620. 			gotvalue = 1;
    621. 

  621. 			gotelem++;
    622. 

  622. 			break;
    623. 

  623. 		case LDAP_TAG_MRA_DNATTRS:
    624. 

  624. 			if ( gotvalue != 1 ) {
    625. 

  625. 				goto parsing_error;
    626. 

  626. 			}
    627. 

  627. 			if (ber_scanf( ber, "b", &mrf->mrf_dnAttrs ) == LBER_ERROR) {
    628. 

  628. 				 rc = LDAP_PROTOCOL_ERROR;
    629. 

  629. 			}
    630. 

  630. 			gotelem++;
    631. 

  631. 			break;
    632. 

  632. 		default:
    633. 

  633. 			goto parsing_error;
    634. 

  634. 		}
    635. 

  635. 		if ( rc != LDAP_SUCCESS ) {
    636. 

  636. 			goto parsing_error;
    637. 

  637. 		}
    638. 

  638. 	}
    639. 

  639. 

  640. 	if ( (tag != LBER_ERROR) && (len != -1) ) {
    641. 

  641. 		goto parsing_error;
    642. 

  642. 	}
    643. 

  643. 

  644. 	LDAPDebug( LDAP_DEBUG_FILTER, "<= get_extensible_filter %i\n", rc, 0, 0 );
    645. 

  645. 	return rc;
    646. 

  646. 

  647. parsing_error:;
    648. 

  648. 	LDAPDebug( LDAP_DEBUG_ANY, "error parsing extensible filter\n",
    649. 

  649. 	    0, 0, 0 );
    650. 

  650. 	return( LDAP_PROTOCOL_ERROR );
    651. 

  651. }
    652. 

  652. 

  653. 

  654. Slapi_Filter *
    655. 

  655. slapi_filter_dup(Slapi_Filter *f)
    656. 

  656. {
    657. 

  657. 	Slapi_Filter         *out = 0;
    658. 

  658. 	struct slapi_filter *fl = 0;
    659. 

  659. 	struct slapi_filter **outl = 0;
    660. 

  660. 	struct slapi_filter *lastout = 0;
    661. 

  661. 

  662. 	if ( f == NULL ) {
    663. 

  663. 		return NULL;
    664. 

  664. 	}
    665. 

  665. 

  666. 	out = (struct slapi_filter*)slapi_ch_calloc(1, sizeof(struct slapi_filter));
    667. 

  667. 	if ( out == NULL ) {
    668. 

  668. 		LDAPDebug(LDAP_DEBUG_ANY, "slapi_filter_dup: memory allocation error\n",
    669. 

  669. 		    0, 0, 0 );
    670. 

  670. 		return NULL;
    671. 

  671. 	}
    672. 

  672. 

  673. 	out->f_choice = f->f_choice;
    674. 

  674. 	out->f_hash = f->f_hash;
    675. 

  675. 	out->f_flags = f->f_flags;
    676. 

  676. 

  677. 	LDAPDebug( LDAP_DEBUG_FILTER, "slapi_filter_dup type 0x%lX\n", f->f_choice, 0, 0 );
    678. 

  678. 	switch ( f->f_choice ) {
    679. 

  679. 	case LDAP_FILTER_EQUALITY:
    680. 

  680. 	case LDAP_FILTER_GE:
    681. 

  681. 	case LDAP_FILTER_LE:
    682. 

  682. 	case LDAP_FILTER_APPROX:
    683. 

  683. 		out->f_ava.ava_type = slapi_ch_strdup(f->f_ava.ava_type);
    684. 

  684. 		slapi_ber_bvcpy(&out->f_ava.ava_value, &f->f_ava.ava_value);
    685. 

  685. 		break;
    686. 

  686. 

  687. 	case LDAP_FILTER_SUBSTRINGS:
    688. 

  688. 

  689. 		out->f_sub_type = slapi_ch_strdup(f->f_sub_type);
    690. 

  690. 		out->f_sub_initial = slapi_ch_strdup(f->f_sub_initial );
    691. 

  691. 		out->f_sub_any = charray_dup( f->f_sub_any );
    692. 

  692. 		out->f_sub_final = slapi_ch_strdup(f->f_sub_final );
    693. 

  693. 		break;
    694. 

  694. 

  695. 	case LDAP_FILTER_PRESENT:
    696. 

  696. 		out->f_type = slapi_ch_strdup( f->f_type );
    697. 

  697. 		break;
    698. 

  698. 

  699. 	case LDAP_FILTER_AND:
    700. 

  700. 	case LDAP_FILTER_OR:
    701. 

  701. 	case LDAP_FILTER_NOT:
    702. 

  702. 		outl = &out->f_list;
    703. 

  703. 		for (fl = f->f_list; fl != NULL; fl = fl->f_next) {
    704. 

  704. 			(*outl) = slapi_filter_dup( fl );
    705. 

  705. 			(*outl)->f_next = 0;
    706. 

  706. 			if(lastout)
    707. 

  707. 				lastout->f_next = *outl;
    708. 

  708. 			lastout = *outl;
    709. 

  709. 			outl = &((*outl)->f_next);
    710. 

  710. 		}
    711. 

  711. 		break;
    712. 

  712. 

  713. 	case LDAP_FILTER_EXTENDED:
    714. 

  714. 		out->f_mr_oid = slapi_ch_strdup(f->f_mr_oid);
    715. 

  715. 		out->f_mr_type = slapi_ch_strdup(f->f_mr_type);
    716. 

  716. 		slapi_ber_bvcpy(&out->f_mr_value, &f->f_mr_value);
    717. 

  717. 		out->f_mr_dnAttrs = f->f_mr_dnAttrs;
    718. 

  718. 		if (f->f_mr.mrf_match) {
    719. 

  719. 			int rc = plugin_mr_filter_create(&out->f_mr);
    720. 

  720. 			LDAPDebug1Arg( LDAP_DEBUG_FILTER, "slapi_filter_dup plugin_mr_filter_create returned %d\n", rc );
    721. 

  721. 		}
    722. 

  722. 		break;
    723. 

  723. 

  724. 	default:
    725. 

  725. 		LDAPDebug(LDAP_DEBUG_FILTER, "slapi_filter_dup: unknown type 0x%lX\n",
    726. 

  726. 		    f->f_choice, 0, 0 );
    727. 

  727. 		break;
    728. 

  728. 	}
    729. 

  729. 	
    730. 

  730. 	return out;
    731. 

  731. }
    732. 

  732. 

  733. void
    734. 

  734. slapi_filter_free( struct slapi_filter *f, int recurse )
    735. 

  735. {
    736. 

  736. 	if ( f == NULL ) {
    737. 

  737. 		return;
    738. 

  738. 	}
    739. 

  739. 

  740. 	LDAPDebug( LDAP_DEBUG_FILTER, "slapi_filter_free type 0x%lX\n", f->f_choice, 0, 0 );
    741. 

  741. 	switch ( f->f_choice ) {
    742. 

  742. 	case LDAP_FILTER_EQUALITY:
    743. 

  743. 	case LDAP_FILTER_GE:
    744. 

  744. 	case LDAP_FILTER_LE:
    745. 

  745. 	case LDAP_FILTER_APPROX:
    746. 

  746. 		ava_done( &f->f_ava );
    747. 

  747. 		break;
    748. 

  748. 

  749. 	case LDAP_FILTER_SUBSTRINGS:
    750. 

  750. 		slapi_ch_free((void**)&f->f_sub_type );
    751. 

  751. 		slapi_ch_free((void**)&f->f_sub_initial );
    752. 

  752. 		charray_free( f->f_sub_any );
    753. 

  753. 		slapi_ch_free((void**)&f->f_sub_final );
    754. 

  754. 		break;
    755. 

  755. 

  756. 	case LDAP_FILTER_PRESENT:
    757. 

  757. 		slapi_ch_free((void**)&f->f_type );
    758. 

  758. 		break;
    759. 

  759. 

  760. 	case LDAP_FILTER_AND:
    761. 

  761. 	case LDAP_FILTER_OR:
    762. 

  762. 	case LDAP_FILTER_NOT:
    763. 

  763. 		if ( recurse ) {
    764. 

  764. 			struct slapi_filter *fl, *next;
    765. 

  765. 

  766. 			for (fl = f->f_list; fl != NULL; fl = next) {
    767. 

  767. 			    next = fl->f_next;
    768. 

  768. 			    fl->f_next = NULL;
    769. 

  769. 			    slapi_filter_free( fl, recurse );
    770. 

  770. 			    fl = next;
    771. 

  771. 			}
    772. 

  772. 		}
    773. 

  773. 		break;
    774. 

  774. 

  775. 	case LDAP_FILTER_EXTENDED:
    776. 

  776. 		slapi_ch_free((void**)&f->f_mr_oid);
    777. 

  777. 		slapi_ch_free((void**)&f->f_mr_type);
    778. 

  778. 		slapi_ber_bvdone(&f->f_mr_value);
    779. 

  779. 		if (f->f_mr.mrf_destroy != NULL) {
    780. 

  780. 		    Slapi_PBlock pb;
    781. 

  781. 		    pblock_init (&pb);
    782. 

  782. 		    if ( ! slapi_pblock_set (&pb, SLAPI_PLUGIN_OBJECT, f->f_mr.mrf_object)) {
    783. 

  783. 			f->f_mr.mrf_destroy (&pb);
    784. 

  784. 		    }
    785. 

  785. 		}
    786. 

  786. 		break;
    787. 

  787. 

  788. 	default:
    789. 

  789. 		LDAPDebug( LDAP_DEBUG_ANY, "slapi_filter_free: unknown type 0x%lX\n",
    790. 

  790. 		    f->f_choice, 0, 0 );
    791. 

  791. 		break;
    792. 

  792. 	}
    793. 

  793. 	slapi_ch_free((void**)&f);
    794. 

  794. }
    795. 

  795. 

  796. #if 0
    797. 

  797. static void
    798. 

  798. filter_list_insert( struct slapi_filter **into, struct slapi_filter *from )
    799. 

  799. {
    800. 

  800.     struct slapi_filter *f;
    801. 

  801.     if (into == NULL || from == NULL) return;
    802. 

  802.     if (*into != NULL) {
    803. 

  803. 	for (f = from; f->f_next != NULL; f = f->f_next);
    804. 

  804. 	f->f_next = *into;
    805. 

  805.     }
    806. 

  806.     *into = from;
    807. 

  807. }
    808. 

  808. #endif
    809. 

  809. 

  810. 

  811. struct slapi_filter *
    812. 

  812. slapi_filter_join( int ftype, struct slapi_filter *f1, struct slapi_filter *f2)
    813. 

  813. {
    814. 

  814. 	return slapi_filter_join_ex( ftype, f1, f2, 1 );
    815. 

  815. 

  816. }
    817. 

  817. 

  818. 

  819. struct slapi_filter *
    820. 

  820. slapi_filter_join_ex( int ftype, struct slapi_filter *f1, struct slapi_filter *f2, int recurse_always )
    821. 

  821. {
    822. 

  822. 	struct slapi_filter *fjoin;
    823. 

  823. 	struct slapi_filter *add_to;
    824. 

  824. 	struct slapi_filter *add_this;
    825. 

  825. 	struct slapi_filter *return_this;
    826. 

  826. 	int insert = 0;
    827. 

  827. 

  828. 	if ((NULL == f1) || (NULL == f2)) {
    829. 

  829. 		switch(ftype) {
    830. 

  830. 		case LDAP_FILTER_AND:
    831. 

  831. 			return NULL;
    832. 

  832. 		case LDAP_FILTER_OR:
    833. 

  833. 			return f1?f1:f2;
    834. 

  834. 		default:
    835. 

  835. 			if (NULL == f1) {
    836. 

  836. 				if (NULL == f2) {
    837. 

  837. 					return NULL;
    838. 

  838. 				} else {
    839. 

  839. 					add_this = f2;
    840. 

  840. 				}
    841. 

  841. 			} else {
    842. 

  842. 				add_this = f1;
    843. 

  843. 			}
    844. 

  844. 			fjoin = (struct slapi_filter *)slapi_ch_calloc(1, sizeof(struct slapi_filter));
    845. 

  845. 			fjoin->f_choice = ftype;
    846. 

  846. 			fjoin->f_list = add_this;
    847. 

  847. 			filter_compute_hash(fjoin);
    848. 

  848. 			return fjoin;
    849. 

  849. 		}
    850. 

  850. 	}
    851. 

  851. 

  852. 	if(!recurse_always)
    853. 

  853. 	{
    854. 

  854. 		/* try to optimise the filter join */
    855. 

  855. 		switch(ftype)
    856. 

  856. 		{
    857. 

  857. 		case LDAP_FILTER_AND:
    858. 

  858. 		case LDAP_FILTER_OR:
    859. 

  859. 			if(ftype == (int)f1->f_choice)
    860. 

  860. 			{
    861. 

  861. 				add_to = f1;
    862. 

  862. 				add_this = f2;
    863. 

  863. 				insert = 1;
    864. 

  864. 			}
    865. 

  865. 			else if(ftype == (int)f2->f_choice)
    866. 

  866. 			{
    867. 

  867. 				add_to = f2;
    868. 

  868. 				add_this = f1;
    869. 

  869. 				insert = 1;
    870. 

  870. 			}
    871. 

  871. 

  872. 		default:
    873. 

  873. 			break;
    874. 

  874. 		}
    875. 

  875. 	}
    876. 

  876. 

  877. 	if(insert)
    878. 

  878. 	{
    879. 

  879. 		/* try to avoid ! filters as the first arg */
    880. 

  880. 		if(add_to->f_list->f_choice == LDAP_FILTER_NOT)
    881. 

  881. 		{
    882. 

  882. 			add_this->f_next = add_to->f_list;
    883. 

  883. 			add_to->f_list = add_this;
    884. 

  884. 			filter_compute_hash(add_to);
    885. 

  885. 			return_this = add_to;
    886. 

  886. 		}
    887. 

  887. 		else
    888. 

  888. 		{
    889. 

  889. 			/* find end of list, add the filter */
    890. 

  890. 			for (fjoin = add_to->f_list; fjoin != NULL; fjoin = fjoin->f_next) {
    891. 

  891. 				if(fjoin->f_next == NULL)
    892. 

  892. 				{
    893. 

  893. 					fjoin->f_next = add_this;
    894. 

  894. 					filter_compute_hash(add_to);
    895. 

  895. 					return_this = add_to;
    896. 

  896. 					break;
    897. 

  897. 				}
    898. 

  898. 			}
    899. 

  899. 		}
    900. 

  900. 	}
    901. 

  901. 	else
    902. 

  902. 	{
    903. 

  903. 		fjoin = (struct slapi_filter *) slapi_ch_calloc( 1, sizeof(struct slapi_filter) );
    904. 

  904. 		fjoin->f_choice = ftype;
    905. 

  905. 		fjoin->f_next = NULL;
    906. 

  906. 		/* try to ensure ! filters dont cause allid search */
    907. 

  907. 		if(f1->f_choice == LDAP_FILTER_NOT && f2)
    908. 

  908. 		{
    909. 

  909. 			fjoin->f_list = f2;
    910. 

  910. 			f2->f_next = f1;
    911. 

  911. 		}
    912. 

  912. 		else
    913. 

  913. 		{
    914. 

  914. 			fjoin->f_list = f1;
    915. 

  915. 			f1->f_next = f2;
    916. 

  916. 		}
    917. 

  917. 		filter_compute_hash(fjoin);
    918. 

  918. 		return_this = fjoin;
    919. 

  919. 	}
    920. 

  920. 

  921. 	return( return_this );
    922. 

  922. }
    923. 

  923. 

  924. int
    925. 

  925. slapi_filter_get_choice( struct slapi_filter *f )
    926. 

  926. {
    927. 

  927. 	return( f->f_choice );
    928. 

  928. }
    929. 

  929. 

  930. int
    931. 

  931. slapi_filter_get_ava( struct slapi_filter *f, char **type, struct berval **bval )
    932. 

  932. {
    933. 

  933. 	switch ( f->f_choice ) {
    934. 

  934. 	  case LDAP_FILTER_EQUALITY:
    935. 

  935. 	  case LDAP_FILTER_GE:
    936. 

  936. 	  case LDAP_FILTER_LE:
    937. 

  937. 	  case LDAP_FILTER_APPROX:
    938. 

  938. 	    break;
    939. 

  939. 	  default:
    940. 

  940. 	    *type = NULL;
    941. 

  941. 	    *bval = NULL;
    942. 

  942. 	    return( -1 );
    943. 

  943. 	}
    944. 

  944. 	*type = f->f_avtype;
    945. 

  945. 	*bval = &f->f_avvalue;
    946. 

  946. 	return( 0 );
    947. 

  947. }
    948. 

  948. 

  949. /* Deprecated--use slapi_filter_get_attribute_type() now */
    950. 

  950. 

  951. SLAPI_DEPRECATED int
    952. 

  952. slapi_filter_get_type( struct slapi_filter *f, char **type )
    953. 

  953. {
    954. 

  954. 	if ( f->f_choice != LDAP_FILTER_PRESENT ) {
    955. 

  955. 		return( -1 );
    956. 

  956. 	}
    957. 

  957. 	*type = f->f_type;
    958. 

  958. 

  959. 	return( 0 );
    960. 

  960. }
    961. 

  961. 

  962. /*
    963. 

  963.  * Return the attribute type for all simple filter choices into type.
    964. 

  964.  * ie. for all except LDAP_FILTER_AND, LDAP_FILTER_OR and LDAP_FILTER_NOT.
    965. 

  965.  *
    966. 

  966.  * The returned type is "as is" and so may not be normalized.
    967. 

  967.  *  Returns 0 for success, -1 otherwise.
    968. 

  968. */
    969. 

  969. 

  970. int 
    971. 

  971. slapi_filter_get_attribute_type( Slapi_Filter *f, char **type )
    972. 

  972. {    
    973. 

  973. 

  974.     if ( f == NULL ) {
    975. 

  975. 		return -1;
    976. 

  976.     }
    977. 

  977. 

  978.     switch ( f->f_choice ) {
    979. 

  979.     case LDAP_FILTER_GE:
    980. 

  980.     case LDAP_FILTER_LE:
    981. 

  981.     case LDAP_FILTER_APPROX:
    982. 

  982.     case LDAP_FILTER_EQUALITY:
    983. 

  983. 		*type = f->f_ava.ava_type;
    984. 

  984. 	break;
    985. 

  985.     case LDAP_FILTER_SUBSTRINGS:
    986. 

  986. 		*type = f->f_sub_type;	
    987. 

  987. 	break;
    988. 

  988.     case LDAP_FILTER_PRESENT:
    989. 

  989.  		*type = f->f_type;
    990. 

  990. 	break;
    991. 

  991.     case LDAP_FILTER_EXTENDED:
    992. 

  992. 		*type = f->f_mr_type;
    993. 

  993. 	break;
    994. 

  994.     case LDAP_FILTER_AND:
    995. 

  995.     case LDAP_FILTER_OR:
    996. 

  996.     case LDAP_FILTER_NOT:
    997. 

  997. 		return(-1);
    998. 

  998.     default:
    999. 

  999. 		/* Unknown filter choice */
    1000. 

  1000. 		return -1;
    1001. 

  1001.     }
    1002. 

  1002. 

  1003. 	/* success */
    1004. 

  1004. 	return(0); 
    1005. 

  1005. }
    1006. 

  1006. 

  1007. struct slapi_filter *
    1008. 

  1008. slapi_filter_list_first( struct slapi_filter *f )
    1009. 

  1009. {
    1010. 

  1010. 	if ( f->f_choice != LDAP_FILTER_AND && f->f_choice != LDAP_FILTER_OR
    1011. 

  1011. 	    && f->f_choice != LDAP_FILTER_NOT ) {
    1012. 

  1012. 		return( NULL );
    1013. 

  1013. 	}
    1014. 

  1014. 	return( f->f_list );
    1015. 

  1015. }
    1016. 

  1016. 

  1017. struct slapi_filter *
    1018. 

  1018. slapi_filter_list_next( struct slapi_filter *f, struct slapi_filter *fprev )
    1019. 

  1019. {
    1020. 

  1020. 	return( fprev->f_next );
    1021. 

  1021. }
    1022. 

  1022. 

  1023. int
    1024. 

  1024. slapi_filter_get_subfilt(
    1025. 

  1025.     struct slapi_filter	*f,
    1026. 

  1026.     char		**type,
    1027. 

  1027.     char		**initial,
    1028. 

  1028.     char		***any,
    1029. 

  1029.     char		**final
    1030. 

  1030. )
    1031. 

  1031. {
    1032. 

  1032. 	if ( f->f_choice != LDAP_FILTER_SUBSTRINGS ) {
    1033. 

  1033. 		return( -1 );
    1034. 

  1034. 	}
    1035. 

  1035. 	*type = f->f_sub_type;
    1036. 

  1036. 	*initial = f->f_sub_initial;
    1037. 

  1037. 	*any = f->f_sub_any;
    1038. 

  1038. 	*final = f->f_sub_final;
    1039. 

  1039. 

  1040. 	return( 0 );
    1041. 

  1041. }
    1042. 

  1042. 

  1043. static void
    1044. 

  1044. filter_normalize_ava( struct slapi_filter *f, PRBool norm_values )
    1045. 

  1045. {
    1046. 

  1046.     char *tmp;
    1047. 

  1047.     struct ava *ava;
    1048. 

  1048. 

  1049.     if ( f == NULL ) {
    1050. 

  1050.         return;
    1051. 

  1051.     }
    1052. 

  1052. 

  1053.     ava = &f->f_ava;
    1054. 

  1054.     tmp = ava->ava_type;
    1055. 

  1055.     ava->ava_type = slapi_attr_syntax_normalize(tmp);
    1056. 

  1056.     slapi_ch_free((void**)&tmp );
    1057. 

  1057.     f->f_flags |= SLAPI_FILTER_NORMALIZED_TYPE;
    1058. 

  1058.     if (norm_values) {
    1059. 

  1059.         char *newval = NULL;
    1060. 

  1060.         /* NOTE: assumes ava->ava_value.bv_val is NULL terminated - get_ava/ber_scanf 'o'
    1061. 

  1061.            will NULL terminate the string by default */
    1062. 

  1062.         slapi_attr_value_normalize_ext(NULL, NULL, ava->ava_type,
    1063. 

  1063.                                        ava->ava_value.bv_val, 1, &newval, f->f_choice);
    1064. 

  1064.         if (newval && (newval != ava->ava_value.bv_val)) {
    1065. 

  1065.             slapi_ch_free_string(&ava->ava_value.bv_val);
    1066. 

  1066.             ava->ava_value.bv_val = newval;
    1067. 

  1067.             ava->ava_value.bv_len = strlen(newval);
    1068. 

  1068.         }
    1069. 

  1069.         f->f_flags |= SLAPI_FILTER_NORMALIZED_VALUE;
    1070. 

  1070.     }
    1071. 

  1071. }
    1072. 

  1072. 

  1073. static void
    1074. 

  1074. filter_normalize_subfilt( struct slapi_filter *f, PRBool norm_values )
    1075. 

  1075. {
    1076. 

  1076. 	struct subfilt *sf;
    1077. 

  1077. 

  1078. 	if ( f == NULL ) {
    1079. 

  1079. 	    return;
    1080. 

  1080. 	}
    1081. 

  1081. 

  1082. 	sf = &f->f_sub;
    1083. 

  1083. 	char *tmp = sf->sf_type;
    1084. 

  1084. 	sf->sf_type = slapi_attr_syntax_normalize(tmp);
    1085. 

  1085. 	slapi_ch_free((void**)&tmp );
    1086. 

  1086. 	f->f_flags |= SLAPI_FILTER_NORMALIZED_TYPE;
    1087. 

  1087. 	if (norm_values) {
    1088. 

  1088. 		char *newval = NULL;
    1089. 

  1089. 		Slapi_Attr attr;
    1090. 

  1090. 		int ii;
    1091. 

  1091. 

  1092. 		slapi_attr_init(&attr, sf->sf_type);
    1093. 

  1093. 		slapi_attr_value_normalize_ext(NULL, &attr, NULL, sf->sf_initial, 1, &newval, f->f_choice);
    1094. 

  1094. 		if (newval && (newval != sf->sf_initial)) {
    1095. 

  1095. 			slapi_ch_free_string(&sf->sf_initial);
    1096. 

  1096. 			sf->sf_initial = newval;
    1097. 

  1097. 		}
    1098. 

  1098. 		for (ii = 0; sf->sf_any && sf->sf_any[ii]; ++ii) {
    1099. 

  1099. 			newval = NULL;
    1100. 

  1100. 			/* do not trim spaces of sf_any values - see string_filter_sub() */
    1101. 

  1101. 			slapi_attr_value_normalize_ext(NULL, &attr, NULL, sf->sf_any[ii], 0, &newval, f->f_choice);
    1102. 

  1102. 			if (newval && (newval != sf->sf_any[ii])) {
    1103. 

  1103. 				slapi_ch_free_string(&sf->sf_any[ii]);
    1104. 

  1104. 				sf->sf_any[ii] = newval;
    1105. 

  1105. 			}
    1106. 

  1106. 		}
    1107. 

  1107. 		newval = NULL;
    1108. 

  1108. 		/* do not trim spaces of sf_final values - see string_filter_sub() */
    1109. 

  1109. 		slapi_attr_value_normalize_ext(NULL, &attr, NULL, sf->sf_final, 0, &newval, f->f_choice);
    1110. 

  1110. 		if (newval && (newval != sf->sf_final)) {
    1111. 

  1111. 			slapi_ch_free_string(&sf->sf_final);
    1112. 

  1112. 			sf->sf_final = newval;
    1113. 

  1113. 		}
    1114. 

  1114. 		attr_done(&attr);
    1115. 

  1115. 		f->f_flags |= SLAPI_FILTER_NORMALIZED_VALUE;
    1116. 

  1116. 	}
    1117. 

  1117. }
    1118. 

  1118. 

  1119. void filter_normalize_ext( struct slapi_filter *f, PRBool norm_values );
    1120. 

  1120. 

  1121. static void
    1122. 

  1122. filter_normalize_list( struct slapi_filter *flist, PRBool norm_values )
    1123. 

  1123. {
    1124. 

  1124.     struct slapi_filter *f;
    1125. 

  1125. 

  1126.     for ( f = flist; f != NULL; f = f->f_next ) {
    1127. 

  1127. 	filter_normalize_ext( f, norm_values );
    1128. 

  1128.     }
    1129. 

  1129. }
    1130. 

  1130. 

  1131. /*
    1132. 

  1132.  * Normalize all values and types in a filter.  This isn't necessary
    1133. 

  1133.  * when we've read the slapi_filter off the wire, but if we've hand-constructed
    1134. 

  1134.  * a filter inside slapd (e.g. when calling the routines in wrapper.c),
    1135. 

  1135.  * we've called slapi_str2filter on something which *didn't* come over the wire,
    1136. 

  1136.  * so the attribute names and filters in the filter struct aren't
    1137. 

  1137.  * normalized.
    1138. 

  1138.  */
    1139. 

  1139. void
    1140. 

  1140. filter_normalize_ext( struct slapi_filter *f, PRBool norm_values )
    1141. 

  1141. {
    1142. 

  1142.     char	*tmp;
    1143. 

  1143. 

  1144.     if ( f == NULL ) {
    1145. 

  1145. 	return;
    1146. 

  1146.     }
    1147. 

  1147. 

  1148.     switch ( f->f_choice ) {
    1149. 

  1149.     case LDAP_FILTER_GE:
    1150. 

  1150.     case LDAP_FILTER_LE:
    1151. 

  1151.     case LDAP_FILTER_APPROX:
    1152. 

  1152.     case LDAP_FILTER_EQUALITY:
    1153. 

  1153. 	filter_normalize_ava( f, norm_values );
    1154. 

  1154. 	break;
    1155. 

  1155.     case LDAP_FILTER_SUBSTRINGS:
    1156. 

  1156. 	filter_normalize_subfilt( f, norm_values );
    1157. 

  1157. 	break;
    1158. 

  1158.     case LDAP_FILTER_PRESENT:
    1159. 

  1159. 	tmp = f->f_type;
    1160. 

  1160. 	f->f_type = slapi_attr_syntax_normalize(tmp);
    1161. 

  1161. 	slapi_ch_free((void**)&tmp );
    1162. 

  1162. 	f->f_flags |= SLAPI_FILTER_NORMALIZED_TYPE;
    1163. 

  1163. 	break;
    1164. 

  1164.     case LDAP_FILTER_EXTENDED:
    1165. 

  1165. 	tmp = f->f_mr_type;
    1166. 

  1166. 	f->f_mr_type = slapi_attr_syntax_normalize(tmp);
    1167. 

  1167. 	slapi_ch_free((void**)&tmp );
    1168. 

  1168. 	f->f_flags |= SLAPI_FILTER_NORMALIZED_TYPE;
    1169. 

  1169. 	break;
    1170. 

  1170.     case LDAP_FILTER_AND:
    1171. 

  1171. 	filter_normalize_list( f->f_and, norm_values );
    1172. 

  1172. 	break;
    1173. 

  1173.     case LDAP_FILTER_OR:
    1174. 

  1174. 	filter_normalize_list( f->f_or, norm_values );
    1175. 

  1175. 	break;
    1176. 

  1176.     case LDAP_FILTER_NOT:
    1177. 

  1177. 	filter_normalize_list( f->f_not, norm_values );
    1178. 

  1178. 	break;
    1179. 

  1179.     default:
    1180. 

  1180. 	return;
    1181. 

  1181.     }
    1182. 

  1182. }
    1183. 

  1183. 

  1184. void
    1185. 

  1185. filter_normalize( struct slapi_filter *f )
    1186. 

  1186. {
    1187. 

  1187.     filter_normalize_ext(f, PR_FALSE);
    1188. 

  1188. }
    1189. 

  1189. 

  1190. void
    1191. 

  1191. slapi_filter_normalize( struct slapi_filter *f, PRBool norm_values )
    1192. 

  1192. {
    1193. 

  1193.     filter_normalize_ext(f, norm_values);
    1194. 

  1194. }
    1195. 

  1195. 

  1196. void
    1197. 

  1197. filter_print( struct slapi_filter *f )
    1198. 

  1198. {
    1199. 

  1199. 	int	i;
    1200. 

  1200. 	struct slapi_filter *p;
    1201. 

  1201. 

  1202. 	if ( f == NULL ) {
    1203. 

  1203. 		printf( "NULL" );
    1204. 

  1204. 		return;
    1205. 

  1205. 	}
    1206. 

  1206. 

  1207. 	switch ( f->f_choice ) {
    1208. 

  1208. 	case LDAP_FILTER_EQUALITY:
    1209. 

  1209. 		printf( "(%s=%s)", f->f_ava.ava_type,
    1210. 

  1210. 		    f->f_ava.ava_value.bv_val );
    1211. 

  1211. 		break;
    1212. 

  1212. 

  1213. 	case LDAP_FILTER_GE:
    1214. 

  1214. 		printf( "(%s>=%s)", f->f_ava.ava_type,
    1215. 

  1215. 		    f->f_ava.ava_value.bv_val );
    1216. 

  1216. 		break;
    1217. 

  1217. 

  1218. 	case LDAP_FILTER_LE:
    1219. 

  1219. 		printf( "(%s<=%s)", f->f_ava.ava_type,
    1220. 

  1220. 		    f->f_ava.ava_value.bv_val );
    1221. 

  1221. 		break;
    1222. 

  1222. 

  1223. 	case LDAP_FILTER_APPROX:
    1224. 

  1224. 		printf( "(%s~=%s)", f->f_ava.ava_type,
    1225. 

  1225. 		    f->f_ava.ava_value.bv_val );
    1226. 

  1226. 		break;
    1227. 

  1227. 

  1228. 	case LDAP_FILTER_SUBSTRINGS:
    1229. 

  1229. 		printf( "(%s=", f->f_sub_type );
    1230. 

  1230. 		if ( f->f_sub_initial != NULL ) {
    1231. 

  1231. 			printf( "%s", f->f_sub_initial );
    1232. 

  1232. 		}
    1233. 

  1233. 		if ( f->f_sub_any != NULL ) {
    1234. 

  1234. 			for ( i = 0; f->f_sub_any[i] != NULL; i++ ) {
    1235. 

  1235. 				printf( "*%s", f->f_sub_any[i] );
    1236. 

  1236. 			}
    1237. 

  1237. 		}
    1238. 

  1238. 		if ( f->f_sub_final != NULL ) {
    1239. 

  1239. 			printf( "*%s", f->f_sub_final );
    1240. 

  1240. 		}
    1241. 

  1241. 		printf( ")" );
    1242. 

  1242. 		break;
    1243. 

  1243. 

  1244. 	case LDAP_FILTER_PRESENT:
    1245. 

  1245. 		printf( "(%s=*)", f->f_type );
    1246. 

  1246. 		break;
    1247. 

  1247. 

  1248. 	case LDAP_FILTER_AND:
    1249. 

  1249. 	case LDAP_FILTER_OR:
    1250. 

  1250. 	case LDAP_FILTER_NOT:
    1251. 

  1251. 		printf( "(%c", f->f_choice == LDAP_FILTER_AND ? '&' :
    1252. 

  1252. 		    f->f_choice == LDAP_FILTER_OR ? '|' : '!' );
    1253. 

  1253. 		for ( p = f->f_list; p != NULL; p = p->f_next ) {
    1254. 

  1254. 			filter_print( p );
    1255. 

  1255. 		}
    1256. 

  1256. 		printf( ")" );
    1257. 

  1257. 		break;
    1258. 

  1258. 

  1259. 	default:
    1260. 

  1260. 		printf( "unknown type 0x%lX", f->f_choice );
    1261. 

  1261. 		break;
    1262. 

  1262. 	}
    1263. 

  1263. 	fflush( stdout );
    1264. 

  1264. }
    1265. 

  1265. 

  1266. /* filter_to_string
    1267. 

  1267.  * ----------------
    1268. 

  1268.  * translates the supplied filter to
    1269. 

  1269.  * the string representation and places
    1270. 

  1270.  * the result in buf
    1271. 

  1271.  *
    1272. 

  1272.  * NOTE: intended for debug purposes, buffer must be 
    1273. 

  1273.  * large enough to contain filter string
    1274. 

  1274.  */
    1275. 

  1275. 

  1276. char *
    1277. 

  1277. slapi_filter_to_string_internal( const struct slapi_filter *f, char *buf, size_t *bufsize )
    1278. 

  1278. {
    1279. 

  1279. 	int	i;
    1280. 

  1280. 	char *return_buf = buf;
    1281. 

  1281. 	struct slapi_filter *p;
    1282. 

  1282. 	size_t size;
    1283. 

  1283. 	char *operator = ""; /* for comparison operators */
    1284. 

  1284. 

  1285. 	if(buf == NULL)
    1286. 

  1286. 		return 0;
    1287. 

  1287. 	else
    1288. 

  1288. 		*buf = 0; /* make sure buf is null terminated */
    1289. 

  1289. 

  1290. 	if ( f == NULL ) {
    1291. 

  1291. 		sprintf( buf, "NULL" );
    1292. 

  1292. 		return 0;
    1293. 

  1293. 	}
    1294. 

  1294. 

  1295. 	switch ( f->f_choice ) {
    1296. 

  1296. 	case LDAP_FILTER_EQUALITY:
    1297. 

  1297. 		operator = "=";
    1298. 

  1298. 		break;
    1299. 

  1299. 

  1300. 	case LDAP_FILTER_GE:
    1301. 

  1301. 		operator = ">=";
    1302. 

  1302. 		break;
    1303. 

  1303. 

  1304. 	case LDAP_FILTER_LE:
    1305. 

  1305. 		operator = "<=";
    1306. 

  1306. 		break;
    1307. 

  1307. 

  1308. 	case LDAP_FILTER_APPROX:
    1309. 

  1309. 		operator = "~=";
    1310. 

  1310. 		break;
    1311. 

  1311. 

  1312. 	case LDAP_FILTER_EXTENDED:
    1313. 

  1313. 		operator = ":=";
    1314. 

  1314. 		break;
    1315. 

  1315. 

  1316. 	default: break;
    1317. 

  1317. 	}
    1318. 

  1318. 

  1319. 	switch ( f->f_choice ) {
    1320. 

  1320. 	case LDAP_FILTER_EQUALITY:
    1321. 

  1321. 	case LDAP_FILTER_GE:
    1322. 

  1322. 	case LDAP_FILTER_LE:
    1323. 

  1323. 	case LDAP_FILTER_APPROX:
    1324. 

  1324. 		/* +3 -> 1 for (, 1 for ), and one for the trailing null */
    1325. 

  1325. 		size = strlen(f->f_ava.ava_type) + f->f_ava.ava_value.bv_len + strlen(operator) + 3;
    1326. 

  1326. 

  1327. 		if(size < *bufsize)
    1328. 

  1328. 		{
    1329. 

  1329. 			/* bv_val may not be null terminated, so use the max field width
    1330. 

  1330. 			   specifier .* with the bv_len as the length to avoid reading
    1331. 

  1331. 			   past bv_len in bv_val */
    1332. 

  1332. 			sprintf( buf, "(%s%s%.*s)", f->f_ava.ava_type, operator,
    1333. 

  1333. 					 (int)f->f_ava.ava_value.bv_len,
    1334. 

  1334. 					 f->f_ava.ava_value.bv_val );
    1335. 

  1335. 			*bufsize -= size;
    1336. 

  1336. 		}
    1337. 

  1337. 		break;
    1338. 

  1338. 

  1339. 	case LDAP_FILTER_SUBSTRINGS:
    1340. 

  1340. 		size = strlen(f->f_sub_type) + 2;
    1341. 

  1341. 

  1342. 		if(size < *bufsize)
    1343. 

  1343. 		{
    1344. 

  1344. 			sprintf( buf, "(%s=", f->f_sub_type );
    1345. 

  1345. 			*bufsize -= size;
    1346. 

  1346. 

  1347. 			if ( f->f_sub_initial != NULL ) {
    1348. 

  1348. 				size = strlen(f->f_sub_initial);
    1349. 

  1349. 

  1350. 				if(size < *bufsize)
    1351. 

  1351. 				{
    1352. 

  1352. 					buf += strlen(buf);
    1353. 

  1353. 					sprintf( buf, "%s", f->f_sub_initial );
    1354. 

  1354. 					*bufsize -= size;
    1355. 

  1355. 				}
    1356. 

  1356. 			}
    1357. 

  1357. 			if ( f->f_sub_any != NULL ) {
    1358. 

  1358. 				for ( i = 0; f->f_sub_any[i] != NULL; i++ ) {
    1359. 

  1359. 					size = strlen(f->f_sub_any[i]) + 1;
    1360. 

  1360. 

  1361. 					if(size < *bufsize)
    1362. 

  1362. 					{
    1363. 

  1363. 						buf += strlen(buf);
    1364. 

  1364. 						sprintf( buf, "*%s", f->f_sub_any[i] );
    1365. 

  1365. 						*bufsize -= size;
    1366. 

  1366. 					}
    1367. 

  1367. 				}
    1368. 

  1368. 			}
    1369. 

  1369. 			if ( f->f_sub_final != NULL ) {
    1370. 

  1370. 					size = strlen(f->f_sub_final) + 1;
    1371. 

  1371. 

  1372. 					if(size < *bufsize)
    1373. 

  1373. 					{
    1374. 

  1374. 						buf += strlen(buf);
    1375. 

  1375. 						sprintf( buf, "*%s", f->f_sub_final );
    1376. 

  1376. 						*bufsize -= size;
    1377. 

  1377. 					}
    1378. 

  1378. 			}
    1379. 

  1379. 			buf += strlen(buf);
    1380. 

  1380. 

  1381. 			if(1 < *bufsize)
    1382. 

  1382. 			{
    1383. 

  1383. 				sprintf( buf, ")" );
    1384. 

  1384. 				(*bufsize)--;
    1385. 

  1385. 			}
    1386. 

  1386. 		}
    1387. 

  1387. 		break;
    1388. 

  1388. 

  1389. 	case LDAP_FILTER_PRESENT:
    1390. 

  1390. 		size = strlen(f->f_type) + 4;
    1391. 

  1391. 		
    1392. 

  1392. 		if(size < *bufsize)
    1393. 

  1393. 		{
    1394. 

  1394. 			sprintf( buf, "(%s=*)", f->f_type );
    1395. 

  1395. 			*bufsize -= size;
    1396. 

  1396. 		}
    1397. 

  1397. 		break;
    1398. 

  1398. 

  1399. 	case LDAP_FILTER_AND:
    1400. 

  1400. 	case LDAP_FILTER_OR:
    1401. 

  1401. 	case LDAP_FILTER_NOT:
    1402. 

  1402. 		if(2 < *bufsize)
    1403. 

  1403. 		{
    1404. 

  1404. 			sprintf( buf, "(%c", f->f_choice == LDAP_FILTER_AND ? '&' :
    1405. 

  1405. 				f->f_choice == LDAP_FILTER_OR ? '|' : '!' );
    1406. 

  1406. 			*bufsize -= 2;
    1407. 

  1407. 

  1408. 			for ( p = f->f_list; p != NULL; p = p->f_next ) {
    1409. 

  1409. 					buf += strlen(buf);
    1410. 

  1410. 					slapi_filter_to_string_internal( p, buf, bufsize );
    1411. 

  1411. 			}
    1412. 

  1412. 			buf += strlen(buf);
    1413. 

  1413. 

  1414. 			if(1 < *bufsize)
    1415. 

  1415. 			{
    1416. 

  1416. 				sprintf( buf, ")" );
    1417. 

  1417. 				(*bufsize)--;
    1418. 

  1418. 			}
    1419. 

  1419. 		}
    1420. 

  1420. 		break;
    1421. 

  1421. 

  1422. 	case LDAP_FILTER_EXTENDED:
    1423. 

  1423. 		size = strlen(f->f_mr_type) + f->f_mr_value.bv_len + strlen(operator) +
    1424. 

  1424. 		       (f->f_mr_dnAttrs ? sizeof(":dn") - 1 : 0) +
    1425. 

  1425. 		       (f->f_mr_oid ? strlen(f->f_mr_oid) + 1 /* : */ : 0) + 3;
    1426. 

  1426. 		if(size < *bufsize) {
    1427. 

  1427. 			sprintf(buf, "(%s%s%s%s%s%.*s)", f->f_mr_type, f->f_mr_dnAttrs ? ":dn" : "",
    1428. 

  1428. 			        f->f_mr_oid ? ":" : "", f->f_mr_oid ? f->f_mr_oid : "",
    1429. 

  1429. 			        operator, (int)f->f_mr_value.bv_len, f->f_mr_value.bv_val);
    1430. 

  1430. 			*bufsize -= size;
    1431. 

  1431. 		}
    1432. 

  1432. 		break;
    1433. 

  1433. 

  1434. 	default:
    1435. 

  1435. 		size = 25;
    1436. 

  1436. 		
    1437. 

  1437. 		if(size < *bufsize)
    1438. 

  1438. 		{
    1439. 

  1439. 			sprintf( buf, "unsupported type 0x%lX", f->f_choice );
    1440. 

  1440. 			*bufsize -= 25;
    1441. 

  1441. 		}
    1442. 

  1442. 		break;
    1443. 

  1443. 	}
    1444. 

  1444. 

  1445. 	return return_buf;
    1446. 

  1446. }
    1447. 

  1447. 

  1448. char *
    1449. 

  1449. slapi_filter_to_string( const struct slapi_filter *f, char *buf, size_t bufsize )
    1450. 

  1450. {
    1451. 

  1451. 	size_t size = bufsize;
    1452. 

  1452. 

  1453. 	return slapi_filter_to_string_internal( f, buf, &size );
    1454. 

  1454. }
    1455. 

  1455. 

  1456. /* rbyrne */
    1457. 

  1457. 

  1458. static int
    1459. 

  1459. filter_apply_list( struct slapi_filter *flist, FILTER_APPLY_FN fn, caddr_t arg,
    1460. 

  1460. 					int *error_code )
    1461. 

  1461. {
    1462. 

  1462.     struct slapi_filter *f;
    1463. 

  1463. 	int rc;
    1464. 

  1464. 

  1465.     for ( f = flist; f != NULL; f = f->f_next ) {
    1466. 

  1466. 		rc = slapi_filter_apply( f, fn, arg, error_code );
    1467. 

  1467. 		if ( rc == SLAPI_FILTER_SCAN_STOP || rc == SLAPI_FILTER_SCAN_ERROR) {
    1468. 

  1468. 			return(rc);
    1469. 

  1469. 		}
    1470. 

  1470.     }
    1471. 

  1471. 

  1472. 	/* If we get here we've applied the whole list sucessfully so return 0 */
    1473. 

  1473. 

  1474. 	return(SLAPI_FILTER_SCAN_NOMORE);
    1475. 

  1475. }
    1476. 

  1476. 

  1477. /*
    1478. 

  1478.   * 
    1479. 

  1479.   * The idea here is to apply, fn() to each "simple filter" in f as follows:
    1480. 

  1480.   * fn( Slapi_Filter *simple_filter, caddr_t arg).
    1481. 

  1481.   *
    1482. 

  1482.   * A 'simple filter' is anything other than AND, OR or NOT.
    1483. 

  1483.   * 
    1484. 

  1484.   * If fn() wants the seasrch to abort it returns FILTER_SCAN_STOP.
    1485. 

  1485.   * In this case, FILTER_SCAN_STOP is returned by slapi_filter_apply().
    1486. 

  1486.   * Otherwise fn() should return FILTER_SCAN_CONTINUE.
    1487. 

  1487.   * 
    1488. 

  1488.   * If the whole filter is traversed, FILTER_SCAN_NO_MORE is returned.
    1489. 

  1489.   * If an error occurred during the traverse, the scan is aborted and
    1490. 

  1490.   * FILTER_SCAN_ERROR is returned, and in this case error_code can be checked
    1491. 

  1491.   * for more details--right now the only error is
    1492. 

  1492.   * SLAPI_FILTER_UNKNOWN_FILTER_TYPE.
    1493. 

  1493.   * 
    1494. 

  1494.   * 
    1495. 

  1495.  */
    1496. 

  1496. int 
    1497. 

  1497. slapi_filter_apply( struct slapi_filter *f, FILTER_APPLY_FN fn, void *arg,
    1498. 

  1498. 					int *error_code)
    1499. 

  1499. {
    1500. 

  1500. 	int rc = SLAPI_FILTER_SCAN_ERROR;
    1501. 

  1501. 

  1502.     if ( f == NULL ) {
    1503. 

  1503. 	return SLAPI_FILTER_SCAN_NOMORE;
    1504. 

  1504.     }
    1505. 

  1505. 

  1506.     switch ( f->f_choice ) {
    1507. 

  1507.     case LDAP_FILTER_GE:
    1508. 

  1508.     case LDAP_FILTER_LE:
    1509. 

  1509.     case LDAP_FILTER_APPROX:
    1510. 

  1510.     case LDAP_FILTER_EQUALITY:
    1511. 

  1511. 	rc = (*fn)(f, arg );
    1512. 

  1512. 	break;
    1513. 

  1513.     case LDAP_FILTER_SUBSTRINGS:	
    1514. 

  1514. 	rc = (*fn)(f, arg);
    1515. 

  1515. 	/* value will be normalized later */
    1516. 

  1516. 	break;
    1517. 

  1517.     case LDAP_FILTER_PRESENT:
    1518. 

  1518. 	rc = (*fn)(f, arg);
    1519. 

  1519. 	break;
    1520. 

  1520.     case LDAP_FILTER_EXTENDED:	
    1521. 

  1521. 	rc = (*fn)(f, arg);
    1522. 

  1522. 	break;
    1523. 

  1523.     case LDAP_FILTER_AND:
    1524. 

  1524. 	rc = filter_apply_list( f->f_and, fn, arg, error_code );
    1525. 

  1525. 	break;
    1526. 

  1526.     case LDAP_FILTER_OR:
    1527. 

  1527. 	rc = filter_apply_list( f->f_or, fn, arg, error_code );
    1528. 

  1528. 	break;
    1529. 

  1529.     case LDAP_FILTER_NOT:
    1530. 

  1530. 	rc = filter_apply_list( f->f_not, fn, arg, error_code );
    1531. 

  1531. 	break;
    1532. 

  1532.     default:
    1533. 

  1533. 	/* Unknown filter choice */
    1534. 

  1534. 	*error_code = SLAPI_FILTER_UNKNOWN_FILTER_TYPE;
    1535. 

  1535. 	rc = SLAPI_FILTER_SCAN_ERROR;
    1536. 

  1536.     }
    1537. 

  1537. 

  1538. 	/*
    1539. 

  1539. 	 * We propagate back FILTER_SCAN_ERROR and
    1540. 

  1540. 	 * FILTER_SCAN_STOP, anything else is success.
    1541. 

  1541. 	*/
    1542. 

  1542. 

  1543. 	if (rc != SLAPI_FILTER_SCAN_ERROR && rc != SLAPI_FILTER_SCAN_STOP) {
    1544. 

  1544. 		rc = SLAPI_FILTER_SCAN_NOMORE;
    1545. 

  1545. 	}
    1546. 

  1546. 	
    1547. 

  1547. 	return(rc);
    1548. 

  1548. }
    1549. 

  1549. 

  1550. 

  1551. int
    1552. 

  1552. filter_flag_is_set(const Slapi_Filter *f, unsigned char flag) {
    1553. 

  1553.   return(f->f_flags & flag);
    1554. 

  1554. }
    1555. 

  1555. 

  1556. 

  1557. static int 
    1558. 

  1558. tombstone_check_filter(Slapi_Filter *f)
    1559. 

  1559. {
    1560. 

  1560. 	if ( 0 == strcasecmp ( f->f_avvalue.bv_val, SLAPI_ATTR_VALUE_TOMBSTONE)) {
    1561. 

  1561. 		return 1; /* Contains a nsTombstone filter */
    1562. 

  1562. 	}
    1563. 

  1563. 	return 0; /* Not nsTombstone filter */
    1564. 

  1564. }
    1565. 

  1565. 

  1566. 

  1567. static int
    1568. 

  1568. ruv_check_filter(Slapi_Filter *f)
    1569. 

  1569. {
    1570. 

  1570. 	if ( 0 == strcasecmp ( f->f_avvalue.bv_val, "ffffffff-ffffffff-ffffffff-ffffffff")) {
    1571. 

  1571. 		return 1; /* Contains a RUV filter */
    1572. 

  1572. 	}
    1573. 

  1573. 	return 0; /* Not a RUV filter */
    1574. 

  1574. }
    1575. 

  1575. 

  1576. 

  1577. /* filter_optimize
    1578. 

  1578.  * ---------------
    1579. 

  1579.  * takes a filter and optimizes it for fast evaluation
    1580. 

  1580.  * currently this merely ensures that any AND or OR
    1581. 

  1581.  * does not start with a NOT sub-filter if possible
    1582. 

  1582.  */
    1583. 

  1583. static void
    1584. 

  1584. filter_optimize(Slapi_Filter *f)
    1585. 

  1585. {
    1586. 

  1586. 	if(!f)
    1587. 

  1587. 		return;
    1588. 

  1588. 

  1589. 	switch(f->f_choice)
    1590. 

  1590. 	{
    1591. 

  1591. 	case LDAP_FILTER_AND:
    1592. 

  1592. 	case LDAP_FILTER_OR:
    1593. 

  1593. 		{
    1594. 

  1594. 			/* first optimize children */
    1595. 

  1595. 			filter_optimize(f->f_list);
    1596. 

  1596. 

  1597. 			/* optimize this */
    1598. 

  1598. 			if(f->f_list->f_choice == LDAP_FILTER_NOT)
    1599. 

  1599. 			{
    1600. 

  1600. 				Slapi_Filter *f_prev = 0;
    1601. 

  1601. 				Slapi_Filter *f_child = 0;
    1602. 

  1602. 

  1603. 				/* grab a non not filter to place at start */
    1604. 

  1604. 				for(f_child = f->f_list; f_child != 0; f_child = f_child->f_next)
    1605. 

  1605. 				{
    1606. 

  1606. 					if(f_child->f_choice != LDAP_FILTER_NOT)
    1607. 

  1607. 					{
    1608. 

  1608. 						/* we have a winner, do swap */
    1609. 

  1609. 						if (f_prev) f_prev->f_next = f_child->f_next;
    1610. 

  1610. 						f_child->f_next = f->f_list;
    1611. 

  1611. 						f->f_list = f_child;
    1612. 

  1612. 						break;
    1613. 

  1613. 					}
    1614. 

  1614. 

  1615. 					f_prev = f_child;
    1616. 

  1616. 				}
    1617. 

  1617. 			}
    1618. 

  1618. 		}
    1619. 

  1619. 	default:
    1620. 

  1620. 		filter_optimize(f->f_next);
    1621. 

  1621. 		break;
    1622. 

  1622. 	}
    1623. 

  1623. }
    1624. 

  1624. 

  1625. 

  1626. /* slapi_filter_changetype
    1627. 

  1627.  * ------------------------
    1628. 

  1628.  * changes the type used in equality/>/</approx filters
    1629. 

  1629.  * handy for features that do type mapping
    1630. 

  1630.  */
    1631. 

  1631. int slapi_filter_changetype(Slapi_Filter *f, const char *newtype)
    1632. 

  1632. {
    1633. 

  1633. 	char **target = 0;
    1634. 

  1634. 

  1635. 	switch ( f->f_choice ) {
    1636. 

  1636. 	case LDAP_FILTER_EQUALITY:
    1637. 

  1637. 	case LDAP_FILTER_GE:
    1638. 

  1638. 	case LDAP_FILTER_LE:
    1639. 

  1639. 	case LDAP_FILTER_APPROX:
    1640. 

  1640. 		target = &f->f_ava.ava_type;
    1641. 

  1641. 		break;
    1642. 

  1642. 

  1643. 	case LDAP_FILTER_SUBSTRINGS:
    1644. 

  1644. 		target = &f->f_sub_type;
    1645. 

  1645. 		break;
    1646. 

  1646. 

  1647. 	case LDAP_FILTER_PRESENT:
    1648. 

  1648. 		target = &f->f_type;
    1649. 

  1649. 		break;
    1650. 

  1650. 

  1651. 	case LDAP_FILTER_AND:
    1652. 

  1652. 	case LDAP_FILTER_OR:
    1653. 

  1653. 	case LDAP_FILTER_NOT:
    1654. 

  1654. 	default:
    1655. 

  1655. 		goto bail;
    1656. 

  1656. 		break;
    1657. 

  1657. 	}
    1658. 

  1658. 

  1659. 	slapi_ch_free_string(target);
    1660. 

  1660. 	*target = slapi_ch_strdup(newtype);
    1661. 

  1661. 

  1662. bail:
    1663. 

  1663. 	return (!target);
    1664. 

  1664. }
    1665. 

  1665.