4 Copyright (C) Andrew Tridgell 2004-2005
5 Copyright (C) Simo Sorce 2005
7 ** NOTE! The following LGPL license applies to the ldb
8 ** library. This does NOT imply that all of Samba is released
11 This library is free software; you can redistribute it and/or
12 modify it under the terms of the GNU Lesser General Public
13 License as published by the Free Software Foundation; either
14 version 3 of the License, or (at your option) any later version.
16 This library is distributed in the hope that it will be useful,
17 but WITHOUT ANY WARRANTY; without even the implied warranty of
18 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
19 Lesser General Public License for more details.
21 You should have received a copy of the GNU Lesser General Public
22 License along with this library; if not, see <http://www.gnu.org/licenses/>.
28 * Component: ldb expression matching
30 * Description: ldb expression matching
32 * Author: Andrew Tridgell
35 #include "ldb_private.h"
38 check if the scope matches in a search result
40 static int ldb_match_scope(struct ldb_context *ldb,
47 if (base == NULL || dn == NULL) {
53 if (ldb_dn_compare(base, dn) == 0) {
58 case LDB_SCOPE_ONELEVEL:
60 * We used to check the number of components
61 * so that we don't call ldb_dn_compare_base if
62 * dn->comp_num != base->comp_num + 1
63 * But ldb_dn_get_comp_num(dn) will first explode the DN
64 * if it's not already exploded. Exploding is expensive.
65 * This function is mainly used in indexes where DNs are not
66 * exploded yet (it's just linearized strings).
67 * ldb_dn_compare_base/ldb_dn_compare_base_one have a fast track
68 * for comparing just linearized strings, so let's take
71 if (ldb_dn_compare_base_one(base, dn) == 0)
77 case LDB_SCOPE_SUBTREE:
79 if (ldb_dn_compare_base(base, dn) == 0) {
90 match if node is present
92 static int ldb_match_present(struct ldb_context *ldb,
93 const struct ldb_message *msg,
94 const struct ldb_parse_tree *tree,
95 enum ldb_scope scope, bool *matched)
97 const struct ldb_schema_attribute *a;
98 struct ldb_message_element *el;
100 if (ldb_attr_dn(tree->u.present.attr) == 0) {
105 el = ldb_msg_find_element(msg, tree->u.present.attr);
111 a = ldb_schema_attribute_by_name(ldb, el->name);
113 return LDB_ERR_INVALID_ATTRIBUTE_SYNTAX;
116 if (a->syntax->operator_fn) {
118 for (i = 0; i < el->num_values; i++) {
119 int ret = a->syntax->operator_fn(ldb, LDB_OP_PRESENT, a, &el->values[i], NULL, matched);
120 if (ret != LDB_SUCCESS) return ret;
121 if (*matched) return LDB_SUCCESS;
131 static int ldb_match_comparison(struct ldb_context *ldb,
132 const struct ldb_message *msg,
133 const struct ldb_parse_tree *tree,
134 enum ldb_scope scope,
135 enum ldb_parse_op comp_op, bool *matched)
138 struct ldb_message_element *el;
139 const struct ldb_schema_attribute *a;
141 /* FIXME: APPROX comparison not handled yet */
142 if (comp_op == LDB_OP_APPROX) {
143 return LDB_ERR_INAPPROPRIATE_MATCHING;
146 el = ldb_msg_find_element(msg, tree->u.comparison.attr);
152 a = ldb_schema_attribute_by_name(ldb, el->name);
154 return LDB_ERR_INVALID_ATTRIBUTE_SYNTAX;
157 for (i = 0; i < el->num_values; i++) {
158 if (a->syntax->operator_fn) {
160 ret = a->syntax->operator_fn(ldb, comp_op, a, &el->values[i], &tree->u.comparison.value, matched);
161 if (ret != LDB_SUCCESS) return ret;
162 if (*matched) return LDB_SUCCESS;
164 int ret = a->syntax->comparison_fn(ldb, ldb, &el->values[i], &tree->u.comparison.value);
170 if (ret > 0 && comp_op == LDB_OP_GREATER) {
174 if (ret < 0 && comp_op == LDB_OP_LESS) {
186 match a simple leaf node
188 static int ldb_match_equality(struct ldb_context *ldb,
189 const struct ldb_message *msg,
190 const struct ldb_parse_tree *tree,
191 enum ldb_scope scope,
195 struct ldb_message_element *el;
196 const struct ldb_schema_attribute *a;
197 struct ldb_dn *valuedn;
200 if (ldb_attr_dn(tree->u.equality.attr) == 0) {
201 valuedn = ldb_dn_from_ldb_val(ldb, ldb, &tree->u.equality.value);
202 if (valuedn == NULL) {
203 return LDB_ERR_INVALID_DN_SYNTAX;
206 ret = ldb_dn_compare(msg->dn, valuedn);
208 talloc_free(valuedn);
210 *matched = (ret == 0);
214 /* TODO: handle the "*" case derived from an extended search
215 operation without the attibute type defined */
216 el = ldb_msg_find_element(msg, tree->u.equality.attr);
222 a = ldb_schema_attribute_by_name(ldb, el->name);
224 return LDB_ERR_INVALID_ATTRIBUTE_SYNTAX;
227 for (i=0;i<el->num_values;i++) {
228 if (a->syntax->operator_fn) {
229 ret = a->syntax->operator_fn(ldb, LDB_OP_EQUALITY, a,
230 &tree->u.equality.value, &el->values[i], matched);
231 if (ret != LDB_SUCCESS) return ret;
232 if (*matched) return LDB_SUCCESS;
234 if (a->syntax->comparison_fn(ldb, ldb, &tree->u.equality.value,
235 &el->values[i]) == 0) {
246 static int ldb_wildcard_compare(struct ldb_context *ldb,
247 const struct ldb_parse_tree *tree,
248 const struct ldb_val value, bool *matched)
250 const struct ldb_schema_attribute *a;
253 struct ldb_val *chunk;
255 uint8_t *save_p = NULL;
258 a = ldb_schema_attribute_by_name(ldb, tree->u.substring.attr);
260 return LDB_ERR_INVALID_ATTRIBUTE_SYNTAX;
263 if (a->syntax->canonicalise_fn(ldb, ldb, &value, &val) != 0) {
264 return LDB_ERR_INVALID_ATTRIBUTE_SYNTAX;
270 if ( ! tree->u.substring.start_with_wildcard ) {
272 chunk = tree->u.substring.chunks[c];
273 if (a->syntax->canonicalise_fn(ldb, ldb, chunk, &cnk) != 0) goto mismatch;
275 /* This deals with wildcard prefix searches on binary attributes (eg objectGUID) */
276 if (cnk.length > val.length) {
279 if (memcmp((char *)val.data, (char *)cnk.data, cnk.length) != 0) goto mismatch;
280 val.length -= cnk.length;
281 val.data += cnk.length;
283 talloc_free(cnk.data);
287 while (tree->u.substring.chunks[c]) {
289 chunk = tree->u.substring.chunks[c];
290 if(a->syntax->canonicalise_fn(ldb, ldb, chunk, &cnk) != 0) goto mismatch;
292 /* FIXME: case of embedded nulls */
293 p = strstr((char *)val.data, (char *)cnk.data);
294 if (p == NULL) goto mismatch;
295 if ( (! tree->u.substring.chunks[c + 1]) && (! tree->u.substring.end_with_wildcard) ) {
297 g = strstr((char *)p + cnk.length, (char *)cnk.data);
301 val.length = val.length - (p - (char *)(val.data)) - cnk.length;
302 val.data = (uint8_t *)(p + cnk.length);
304 talloc_free(cnk.data);
308 /* last chunk may not have reached end of string */
309 if ( (! tree->u.substring.end_with_wildcard) && (*(val.data) != 0) ) goto mismatch;
317 talloc_free(cnk.data);
322 match a simple leaf node
324 static int ldb_match_substring(struct ldb_context *ldb,
325 const struct ldb_message *msg,
326 const struct ldb_parse_tree *tree,
327 enum ldb_scope scope, bool *matched)
330 struct ldb_message_element *el;
332 el = ldb_msg_find_element(msg, tree->u.substring.attr);
338 for (i = 0; i < el->num_values; i++) {
340 ret = ldb_wildcard_compare(ldb, tree, el->values[i], matched);
341 if (ret != LDB_SUCCESS) return ret;
342 if (*matched) return LDB_SUCCESS;
351 bitwise-and comparator
353 static int ldb_comparator_bitmask(const char *oid, const struct ldb_val *v1, const struct ldb_val *v2,
360 if (v1->length >= sizeof(ibuf)-1) {
361 return LDB_ERR_INVALID_ATTRIBUTE_SYNTAX;
363 memcpy(ibuf, (char *)v1->data, v1->length);
364 ibuf[v1->length] = 0;
365 i1 = strtoull(ibuf, &endptr, 0);
366 if (endptr != NULL) {
367 if (endptr == ibuf || *endptr != 0) {
368 return LDB_ERR_INVALID_ATTRIBUTE_SYNTAX;
372 if (v2->length >= sizeof(ibuf)-1) {
373 return LDB_ERR_INVALID_ATTRIBUTE_SYNTAX;
376 memcpy(ibuf, (char *)v2->data, v2->length);
377 ibuf[v2->length] = 0;
378 i2 = strtoull(ibuf, &endptr, 0);
379 if (endptr != NULL) {
380 if (endptr == ibuf || *endptr != 0) {
381 return LDB_ERR_INVALID_ATTRIBUTE_SYNTAX;
384 if (strcmp(LDB_OID_COMPARATOR_AND, oid) == 0) {
385 *matched = ((i1 & i2) == i2);
386 } else if (strcmp(LDB_OID_COMPARATOR_OR, oid) == 0) {
387 *matched = ((i1 & i2) != 0);
389 return LDB_ERR_INAPPROPRIATE_MATCHING;
397 static int ldb_comparator_false(const char *oid, const struct ldb_val *v1, const struct ldb_val *v2,
406 extended match, handles things like bitops
408 static int ldb_match_extended(struct ldb_context *ldb,
409 const struct ldb_message *msg,
410 const struct ldb_parse_tree *tree,
411 enum ldb_scope scope, bool *matched)
416 int (*comparator)(const char *, const struct ldb_val *, const struct ldb_val *, bool *);
418 { LDB_OID_COMPARATOR_AND, ldb_comparator_bitmask},
419 { LDB_OID_COMPARATOR_OR, ldb_comparator_bitmask},
420 { SAMBA_LDAP_MATCH_ALWAYS_FALSE, ldb_comparator_false}
422 int (*comp)(const char *,const struct ldb_val *, const struct ldb_val *, bool *) = NULL;
423 struct ldb_message_element *el;
425 if (tree->u.extended.dnAttributes) {
426 /* FIXME: We really need to find out what this ":dn" part in
427 * an extended match means and how to handle it. For now print
428 * only a warning to have s3 winbind and other tools working
429 * against us. - Matthias */
430 ldb_debug(ldb, LDB_DEBUG_WARNING, "ldb: dnAttributes extended match not supported yet");
432 if (tree->u.extended.rule_id == NULL) {
433 ldb_debug(ldb, LDB_DEBUG_ERROR, "ldb: no-rule extended matches not supported yet");
434 return LDB_ERR_INAPPROPRIATE_MATCHING;
436 if (tree->u.extended.attr == NULL) {
437 ldb_debug(ldb, LDB_DEBUG_ERROR, "ldb: no-attribute extended matches not supported yet");
438 return LDB_ERR_INAPPROPRIATE_MATCHING;
441 for (i=0;i<ARRAY_SIZE(rules);i++) {
442 if (strcmp(rules[i].oid, tree->u.extended.rule_id) == 0) {
443 comp = rules[i].comparator;
448 ldb_debug(ldb, LDB_DEBUG_ERROR, "ldb: unknown extended rule_id %s",
449 tree->u.extended.rule_id);
450 return LDB_ERR_INAPPROPRIATE_MATCHING;
453 /* find the message element */
454 el = ldb_msg_find_element(msg, tree->u.extended.attr);
460 for (i=0;i<el->num_values;i++) {
461 int ret = comp(tree->u.extended.rule_id, &el->values[i], &tree->u.extended.value, matched);
462 if (ret != LDB_SUCCESS) return ret;
463 if (*matched) return LDB_SUCCESS;
471 return 0 if the given parse tree matches the given message. Assumes
472 the message is in sorted order
474 return 1 if it matches, and 0 if it doesn't match
476 this is a recursive function, and does short-circuit evaluation
478 static int ldb_match_message(struct ldb_context *ldb,
479 const struct ldb_message *msg,
480 const struct ldb_parse_tree *tree,
481 enum ldb_scope scope, bool *matched)
488 if (scope != LDB_SCOPE_BASE && ldb_dn_is_special(msg->dn)) {
489 /* don't match special records except on base searches */
493 switch (tree->operation) {
495 for (i=0;i<tree->u.list.num_elements;i++) {
496 ret = ldb_match_message(ldb, msg, tree->u.list.elements[i], scope, matched);
497 if (ret != LDB_SUCCESS) return ret;
498 if (!*matched) return LDB_SUCCESS;
504 for (i=0;i<tree->u.list.num_elements;i++) {
505 ret = ldb_match_message(ldb, msg, tree->u.list.elements[i], scope, matched);
506 if (ret != LDB_SUCCESS) return ret;
507 if (*matched) return LDB_SUCCESS;
513 ret = ldb_match_message(ldb, msg, tree->u.isnot.child, scope, matched);
514 if (ret != LDB_SUCCESS) return ret;
515 *matched = ! *matched;
518 case LDB_OP_EQUALITY:
519 return ldb_match_equality(ldb, msg, tree, scope, matched);
521 case LDB_OP_SUBSTRING:
522 return ldb_match_substring(ldb, msg, tree, scope, matched);
525 return ldb_match_comparison(ldb, msg, tree, scope, LDB_OP_GREATER, matched);
528 return ldb_match_comparison(ldb, msg, tree, scope, LDB_OP_LESS, matched);
531 return ldb_match_present(ldb, msg, tree, scope, matched);
534 return ldb_match_comparison(ldb, msg, tree, scope, LDB_OP_APPROX, matched);
536 case LDB_OP_EXTENDED:
537 return ldb_match_extended(ldb, msg, tree, scope, matched);
540 return LDB_ERR_INAPPROPRIATE_MATCHING;
543 int ldb_match_msg(struct ldb_context *ldb,
544 const struct ldb_message *msg,
545 const struct ldb_parse_tree *tree,
547 enum ldb_scope scope)
552 if ( ! ldb_match_scope(ldb, base, msg->dn, scope) ) {
556 ret = ldb_match_message(ldb, msg, tree, scope, &matched);
557 if (ret != LDB_SUCCESS) {
558 /* to match the old API, we need to consider this a
565 int ldb_match_msg_error(struct ldb_context *ldb,
566 const struct ldb_message *msg,
567 const struct ldb_parse_tree *tree,
569 enum ldb_scope scope,
572 if ( ! ldb_match_scope(ldb, base, msg->dn, scope) ) {
577 return ldb_match_message(ldb, msg, tree, scope, matched);
580 int ldb_match_msg_objectclass(const struct ldb_message *msg,
581 const char *objectclass)
584 struct ldb_message_element *el = ldb_msg_find_element(msg, "objectClass");
588 for (i=0; i < el->num_values; i++) {
589 if (ldb_attr_cmp((const char *)el->values[i].data, objectclass) == 0) {
git.samba.org / metze / samba / wip.git / blob