4 Copyright (C) Andrew Tridgell 2004-2005
5 Copyright (C) Simo Sorce 2005
7 ** NOTE! The following LGPL license applies to the ldb
8 ** library. This does NOT imply that all of Samba is released
11 This library is free software; you can redistribute it and/or
12 modify it under the terms of the GNU Lesser General Public
13 License as published by the Free Software Foundation; either
14 version 3 of the License, or (at your option) any later version.
16 This library is distributed in the hope that it will be useful,
17 but WITHOUT ANY WARRANTY; without even the implied warranty of
18 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
19 Lesser General Public License for more details.
21 You should have received a copy of the GNU Lesser General Public
22 License along with this library; if not, see <http://www.gnu.org/licenses/>.
28 * Component: ldb expression matching
30 * Description: ldb expression matching
32 * Author: Andrew Tridgell
35 #include "ldb_private.h"
36 #include "dlinklist.h"
39 check if the scope matches in a search result
41 static int ldb_match_scope(struct ldb_context *ldb,
48 if (base == NULL || dn == NULL) {
54 if (ldb_dn_compare(base, dn) == 0) {
59 case LDB_SCOPE_ONELEVEL:
60 if (ldb_dn_get_comp_num(dn) == (ldb_dn_get_comp_num(base) + 1)) {
61 if (ldb_dn_compare_base(base, dn) == 0) {
67 case LDB_SCOPE_SUBTREE:
69 if (ldb_dn_compare_base(base, dn) == 0) {
80 match if node is present
82 static int ldb_match_present(struct ldb_context *ldb,
83 const struct ldb_message *msg,
84 const struct ldb_parse_tree *tree,
85 enum ldb_scope scope, bool *matched)
87 const struct ldb_schema_attribute *a;
88 struct ldb_message_element *el;
90 if (ldb_attr_dn(tree->u.present.attr) == 0) {
95 el = ldb_msg_find_element(msg, tree->u.present.attr);
101 a = ldb_schema_attribute_by_name(ldb, el->name);
103 return LDB_ERR_INVALID_ATTRIBUTE_SYNTAX;
106 if (a->syntax->operator_fn) {
108 for (i = 0; i < el->num_values; i++) {
109 int ret = a->syntax->operator_fn(ldb, LDB_OP_PRESENT, a, &el->values[i], NULL, matched);
110 if (ret != LDB_SUCCESS) return ret;
111 if (*matched) return LDB_SUCCESS;
121 static int ldb_match_comparison(struct ldb_context *ldb,
122 const struct ldb_message *msg,
123 const struct ldb_parse_tree *tree,
124 enum ldb_scope scope,
125 enum ldb_parse_op comp_op, bool *matched)
128 struct ldb_message_element *el;
129 const struct ldb_schema_attribute *a;
131 /* FIXME: APPROX comparison not handled yet */
132 if (comp_op == LDB_OP_APPROX) {
133 return LDB_ERR_INAPPROPRIATE_MATCHING;
136 el = ldb_msg_find_element(msg, tree->u.comparison.attr);
142 a = ldb_schema_attribute_by_name(ldb, el->name);
144 return LDB_ERR_INVALID_ATTRIBUTE_SYNTAX;
147 for (i = 0; i < el->num_values; i++) {
148 if (a->syntax->operator_fn) {
150 ret = a->syntax->operator_fn(ldb, comp_op, a, &el->values[i], &tree->u.comparison.value, matched);
151 if (ret != LDB_SUCCESS) return ret;
152 if (*matched) return LDB_SUCCESS;
154 int ret = a->syntax->comparison_fn(ldb, ldb, &el->values[i], &tree->u.comparison.value);
160 if (ret > 0 && comp_op == LDB_OP_GREATER) {
164 if (ret < 0 && comp_op == LDB_OP_LESS) {
176 match a simple leaf node
178 static int ldb_match_equality(struct ldb_context *ldb,
179 const struct ldb_message *msg,
180 const struct ldb_parse_tree *tree,
181 enum ldb_scope scope,
185 struct ldb_message_element *el;
186 const struct ldb_schema_attribute *a;
187 struct ldb_dn *valuedn;
190 if (ldb_attr_dn(tree->u.equality.attr) == 0) {
191 valuedn = ldb_dn_from_ldb_val(ldb, ldb, &tree->u.equality.value);
192 if (valuedn == NULL) {
193 return LDB_ERR_INVALID_DN_SYNTAX;
196 ret = ldb_dn_compare(msg->dn, valuedn);
198 talloc_free(valuedn);
200 *matched = (ret == 0);
204 /* TODO: handle the "*" case derived from an extended search
205 operation without the attibute type defined */
206 el = ldb_msg_find_element(msg, tree->u.equality.attr);
212 a = ldb_schema_attribute_by_name(ldb, el->name);
214 return LDB_ERR_INVALID_ATTRIBUTE_SYNTAX;
217 for (i=0;i<el->num_values;i++) {
218 if (a->syntax->operator_fn) {
219 ret = a->syntax->operator_fn(ldb, LDB_OP_EQUALITY, a,
220 &tree->u.equality.value, &el->values[i], matched);
221 if (ret != LDB_SUCCESS) return ret;
222 if (*matched) return LDB_SUCCESS;
224 if (a->syntax->comparison_fn(ldb, ldb, &tree->u.equality.value,
225 &el->values[i]) == 0) {
236 static int ldb_wildcard_compare(struct ldb_context *ldb,
237 const struct ldb_parse_tree *tree,
238 const struct ldb_val value, bool *matched)
240 const struct ldb_schema_attribute *a;
243 struct ldb_val *chunk;
245 uint8_t *save_p = NULL;
248 a = ldb_schema_attribute_by_name(ldb, tree->u.substring.attr);
250 return LDB_ERR_INVALID_ATTRIBUTE_SYNTAX;
253 if (tree->u.substring.chunks == NULL) {
258 if (a->syntax->canonicalise_fn(ldb, ldb, &value, &val) != 0) {
259 return LDB_ERR_INVALID_ATTRIBUTE_SYNTAX;
265 if ( ! tree->u.substring.start_with_wildcard ) {
267 chunk = tree->u.substring.chunks[c];
268 if (a->syntax->canonicalise_fn(ldb, ldb, chunk, &cnk) != 0) goto mismatch;
270 /* This deals with wildcard prefix searches on binary attributes (eg objectGUID) */
271 if (cnk.length > val.length) {
274 if (memcmp((char *)val.data, (char *)cnk.data, cnk.length) != 0) goto mismatch;
275 val.length -= cnk.length;
276 val.data += cnk.length;
278 talloc_free(cnk.data);
282 while (tree->u.substring.chunks[c]) {
284 chunk = tree->u.substring.chunks[c];
285 if(a->syntax->canonicalise_fn(ldb, ldb, chunk, &cnk) != 0) goto mismatch;
287 /* FIXME: case of embedded nulls */
288 p = strstr((char *)val.data, (char *)cnk.data);
289 if (p == NULL) goto mismatch;
290 if ( (! tree->u.substring.chunks[c + 1]) && (! tree->u.substring.end_with_wildcard) ) {
292 g = strstr((char *)p + cnk.length, (char *)cnk.data);
296 val.length = val.length - (p - (char *)(val.data)) - cnk.length;
297 val.data = (uint8_t *)(p + cnk.length);
299 talloc_free(cnk.data);
303 /* last chunk may not have reached end of string */
304 if ( (! tree->u.substring.end_with_wildcard) && (*(val.data) != 0) ) goto mismatch;
312 talloc_free(cnk.data);
317 match a simple leaf node
319 static int ldb_match_substring(struct ldb_context *ldb,
320 const struct ldb_message *msg,
321 const struct ldb_parse_tree *tree,
322 enum ldb_scope scope, bool *matched)
325 struct ldb_message_element *el;
327 el = ldb_msg_find_element(msg, tree->u.substring.attr);
333 for (i = 0; i < el->num_values; i++) {
335 ret = ldb_wildcard_compare(ldb, tree, el->values[i], matched);
336 if (ret != LDB_SUCCESS) return ret;
337 if (*matched) return LDB_SUCCESS;
346 bitwise and/or comparator depending on oid
348 static int ldb_comparator_bitmask(const char *oid, const struct ldb_val *v1, const struct ldb_val *v2,
355 if (v1->length >= sizeof(ibuf)-1) {
356 return LDB_ERR_INVALID_ATTRIBUTE_SYNTAX;
358 memcpy(ibuf, (char *)v1->data, v1->length);
359 ibuf[v1->length] = 0;
360 i1 = strtoull(ibuf, &endptr, 0);
361 if (endptr != NULL) {
362 if (endptr == ibuf || *endptr != 0) {
363 return LDB_ERR_INVALID_ATTRIBUTE_SYNTAX;
367 if (v2->length >= sizeof(ibuf)-1) {
368 return LDB_ERR_INVALID_ATTRIBUTE_SYNTAX;
371 memcpy(ibuf, (char *)v2->data, v2->length);
372 ibuf[v2->length] = 0;
373 i2 = strtoull(ibuf, &endptr, 0);
374 if (endptr != NULL) {
375 if (endptr == ibuf || *endptr != 0) {
376 return LDB_ERR_INVALID_ATTRIBUTE_SYNTAX;
379 if (strcmp(LDB_OID_COMPARATOR_AND, oid) == 0) {
380 *matched = ((i1 & i2) == i2);
381 } else if (strcmp(LDB_OID_COMPARATOR_OR, oid) == 0) {
382 *matched = ((i1 & i2) != 0);
384 return LDB_ERR_INAPPROPRIATE_MATCHING;
389 static int ldb_match_bitmask(struct ldb_context *ldb,
391 const struct ldb_message *msg,
392 const char *attribute_to_match,
393 const struct ldb_val *value_to_match,
397 struct ldb_message_element *el;
399 /* find the message element */
400 el = ldb_msg_find_element(msg, attribute_to_match);
406 for (i=0;i<el->num_values;i++) {
408 struct ldb_val *v = &el->values[i];
410 ret = ldb_comparator_bitmask(oid, v, value_to_match, matched);
411 if (ret != LDB_SUCCESS) {
426 static int ldb_comparator_false(struct ldb_context *ldb,
428 const struct ldb_message *msg,
429 const char *attribute_to_match,
430 const struct ldb_val *value_to_match,
438 static const struct ldb_extended_match_rule *ldb_find_extended_match_rule(struct ldb_context *ldb,
441 struct ldb_extended_match_entry *extended_match_rule;
443 for (extended_match_rule = ldb->extended_match_rules;
445 extended_match_rule = extended_match_rule->next) {
446 if (strcmp(extended_match_rule->rule->oid, oid) == 0) {
447 return extended_match_rule->rule;
456 extended match, handles things like bitops
458 static int ldb_match_extended(struct ldb_context *ldb,
459 const struct ldb_message *msg,
460 const struct ldb_parse_tree *tree,
461 enum ldb_scope scope, bool *matched)
463 const struct ldb_extended_match_rule *rule;
465 if (tree->u.extended.dnAttributes) {
466 /* FIXME: We really need to find out what this ":dn" part in
467 * an extended match means and how to handle it. For now print
468 * only a warning to have s3 winbind and other tools working
469 * against us. - Matthias */
470 ldb_debug(ldb, LDB_DEBUG_WARNING, "ldb: dnAttributes extended match not supported yet");
472 if (tree->u.extended.rule_id == NULL) {
473 ldb_debug(ldb, LDB_DEBUG_ERROR, "ldb: no-rule extended matches not supported yet");
474 return LDB_ERR_INAPPROPRIATE_MATCHING;
476 if (tree->u.extended.attr == NULL) {
477 ldb_debug(ldb, LDB_DEBUG_ERROR, "ldb: no-attribute extended matches not supported yet");
478 return LDB_ERR_INAPPROPRIATE_MATCHING;
481 rule = ldb_find_extended_match_rule(ldb, tree->u.extended.rule_id);
483 ldb_debug(ldb, LDB_DEBUG_ERROR, "ldb: unknown extended rule_id %s",
484 tree->u.extended.rule_id);
485 return LDB_ERR_INAPPROPRIATE_MATCHING;
488 return rule->callback(ldb, rule->oid, msg,
489 tree->u.extended.attr,
490 &tree->u.extended.value, matched);
494 return 0 if the given parse tree matches the given message. Assumes
495 the message is in sorted order
497 return 1 if it matches, and 0 if it doesn't match
499 this is a recursive function, and does short-circuit evaluation
501 static int ldb_match_message(struct ldb_context *ldb,
502 const struct ldb_message *msg,
503 const struct ldb_parse_tree *tree,
504 enum ldb_scope scope, bool *matched)
511 if (scope != LDB_SCOPE_BASE && ldb_dn_is_special(msg->dn)) {
512 /* don't match special records except on base searches */
516 switch (tree->operation) {
518 for (i=0;i<tree->u.list.num_elements;i++) {
519 ret = ldb_match_message(ldb, msg, tree->u.list.elements[i], scope, matched);
520 if (ret != LDB_SUCCESS) return ret;
521 if (!*matched) return LDB_SUCCESS;
527 for (i=0;i<tree->u.list.num_elements;i++) {
528 ret = ldb_match_message(ldb, msg, tree->u.list.elements[i], scope, matched);
529 if (ret != LDB_SUCCESS) return ret;
530 if (*matched) return LDB_SUCCESS;
536 ret = ldb_match_message(ldb, msg, tree->u.isnot.child, scope, matched);
537 if (ret != LDB_SUCCESS) return ret;
538 *matched = ! *matched;
541 case LDB_OP_EQUALITY:
542 return ldb_match_equality(ldb, msg, tree, scope, matched);
544 case LDB_OP_SUBSTRING:
545 return ldb_match_substring(ldb, msg, tree, scope, matched);
548 return ldb_match_comparison(ldb, msg, tree, scope, LDB_OP_GREATER, matched);
551 return ldb_match_comparison(ldb, msg, tree, scope, LDB_OP_LESS, matched);
554 return ldb_match_present(ldb, msg, tree, scope, matched);
557 return ldb_match_comparison(ldb, msg, tree, scope, LDB_OP_APPROX, matched);
559 case LDB_OP_EXTENDED:
560 return ldb_match_extended(ldb, msg, tree, scope, matched);
563 return LDB_ERR_INAPPROPRIATE_MATCHING;
566 int ldb_match_msg(struct ldb_context *ldb,
567 const struct ldb_message *msg,
568 const struct ldb_parse_tree *tree,
570 enum ldb_scope scope)
575 if ( ! ldb_match_scope(ldb, base, msg->dn, scope) ) {
579 ret = ldb_match_message(ldb, msg, tree, scope, &matched);
580 if (ret != LDB_SUCCESS) {
581 /* to match the old API, we need to consider this a
588 int ldb_match_msg_error(struct ldb_context *ldb,
589 const struct ldb_message *msg,
590 const struct ldb_parse_tree *tree,
592 enum ldb_scope scope,
595 if ( ! ldb_match_scope(ldb, base, msg->dn, scope) ) {
600 return ldb_match_message(ldb, msg, tree, scope, matched);
603 int ldb_match_msg_objectclass(const struct ldb_message *msg,
604 const char *objectclass)
607 struct ldb_message_element *el = ldb_msg_find_element(msg, "objectClass");
611 for (i=0; i < el->num_values; i++) {
612 if (ldb_attr_cmp((const char *)el->values[i].data, objectclass) == 0) {
619 _PRIVATE_ int ldb_register_extended_match_rules(struct ldb_context *ldb)
621 struct ldb_extended_match_rule *bitmask_and;
622 struct ldb_extended_match_rule *bitmask_or;
623 struct ldb_extended_match_rule *always_false;
626 /* Register bitmask-and match */
627 bitmask_and = talloc_zero(ldb, struct ldb_extended_match_rule);
628 if (bitmask_and == NULL) {
629 return LDB_ERR_OPERATIONS_ERROR;
632 bitmask_and->oid = LDB_OID_COMPARATOR_AND;
633 bitmask_and->callback = ldb_match_bitmask;
635 ret = ldb_register_extended_match_rule(ldb, bitmask_and);
636 if (ret != LDB_SUCCESS) {
640 /* Register bitmask-or match */
641 bitmask_or = talloc_zero(ldb, struct ldb_extended_match_rule);
642 if (bitmask_or == NULL) {
643 return LDB_ERR_OPERATIONS_ERROR;
646 bitmask_or->oid = LDB_OID_COMPARATOR_OR;
647 bitmask_or->callback = ldb_match_bitmask;
649 ret = ldb_register_extended_match_rule(ldb, bitmask_or);
650 if (ret != LDB_SUCCESS) {
654 /* Register always-false match */
655 always_false = talloc_zero(ldb, struct ldb_extended_match_rule);
656 if (always_false == NULL) {
657 return LDB_ERR_OPERATIONS_ERROR;
660 always_false->oid = SAMBA_LDAP_MATCH_ALWAYS_FALSE;
661 always_false->callback = ldb_comparator_false;
663 ret = ldb_register_extended_match_rule(ldb, always_false);
664 if (ret != LDB_SUCCESS) {
672 register a new ldb backend
674 if override is true, then override any existing backend for this prefix
676 int ldb_register_extended_match_rule(struct ldb_context *ldb,
677 const struct ldb_extended_match_rule *rule)
679 const struct ldb_extended_match_rule *lookup_rule;
680 struct ldb_extended_match_entry *entry;
682 lookup_rule = ldb_find_extended_match_rule(ldb, rule->oid);
684 return LDB_ERR_ENTRY_ALREADY_EXISTS;
687 entry = talloc_zero(ldb, struct ldb_extended_match_entry);
689 return LDB_ERR_OPERATIONS_ERROR;
692 DLIST_ADD_END(ldb->extended_match_rules, entry, struct ldb_extended_match_entry);
git.samba.org / obnox / samba / samba-obnox.git / blob