4 Copyright (C) Andrew Tridgell 2004
6 ** NOTE! The following LGPL license applies to the ldb
7 ** library. This does NOT imply that all of Samba is released
10 This library is free software; you can redistribute it and/or
11 modify it under the terms of the GNU Lesser General Public
12 License as published by the Free Software Foundation; either
13 version 3 of the License, or (at your option) any later version.
15 This library is distributed in the hope that it will be useful,
16 but WITHOUT ANY WARRANTY; without even the implied warranty of
17 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
18 Lesser General Public License for more details.
20 You should have received a copy of the GNU Lesser General Public
21 License along with this library; if not, see <http://www.gnu.org/licenses/>.
27 * Component: ldb expression parsing
29 * Description: parse LDAP-like search expressions
31 * Author: Andrew Tridgell
36 - add RFC2254 binary string handling
37 - possibly add ~=, <= and >= handling
38 - expand the test suite
39 - add better parse error handling
43 #include "ldb_private.h"
44 #include "system/locale.h"
46 static int ldb_parse_hex2char(const char *x)
48 if (isxdigit(x[0]) && isxdigit(x[1])) {
49 const char h1 = x[0], h2 = x[1];
52 if (h1 >= 'a') c = h1 - (int)'a' + 10;
53 else if (h1 >= 'A') c = h1 - (int)'A' + 10;
54 else if (h1 >= '0') c = h1 - (int)'0';
56 if (h2 >= 'a') c += h2 - (int)'a' + 10;
57 else if (h2 >= 'A') c += h2 - (int)'A' + 10;
58 else if (h2 >= '0') c += h2 - (int)'0';
67 a filter is defined by:
68 <filter> ::= '(' <filtercomp> ')'
69 <filtercomp> ::= <and> | <or> | <not> | <simple>
70 <and> ::= '&' <filterlist>
71 <or> ::= '|' <filterlist>
72 <not> ::= '!' <filter>
73 <filterlist> ::= <filter> | <filter> <filterlist>
74 <simple> ::= <attributetype> <filtertype> <attributevalue>
75 <filtertype> ::= '=' | '~=' | '<=' | '>='
79 decode a RFC2254 binary string representation of a buffer.
82 struct ldb_val ldb_binary_decode(TALLOC_CTX *mem_ctx, const char *str)
86 size_t slen = str?strlen(str):0;
88 ret.data = (uint8_t *)talloc_size(mem_ctx, slen+1);
90 if (ret.data == NULL) return ret;
92 for (i=j=0;i<slen;i++) {
96 c = ldb_parse_hex2char(&str[i+1]);
98 talloc_free(ret.data);
99 memset(&ret, 0, sizeof(ret));
102 ((uint8_t *)ret.data)[j++] = c;
105 ((uint8_t *)ret.data)[j++] = str[i];
109 ((uint8_t *)ret.data)[j] = 0;
116 encode a blob as a RFC2254 binary string, escaping any
117 non-printable or '\' characters
119 char *ldb_binary_encode(TALLOC_CTX *mem_ctx, struct ldb_val val)
123 size_t len = val.length;
124 unsigned char *buf = val.data;
126 for (i=0;i<val.length;i++) {
127 if (!isprint(buf[i]) || strchr(" *()\\&|!\"", buf[i])) {
131 ret = talloc_array(mem_ctx, char, len+1);
132 if (ret == NULL) return NULL;
135 for (i=0;i<val.length;i++) {
136 if (!isprint(buf[i]) || strchr(" *()\\&|!\"", buf[i])) {
137 snprintf(ret+len, 4, "\\%02X", buf[i]);
150 encode a string as a RFC2254 binary string, escaping any
151 non-printable or '\' characters. This routine is suitable for use
152 in escaping user data in ldap filters.
154 char *ldb_binary_encode_string(TALLOC_CTX *mem_ctx, const char *string)
157 if (string == NULL) {
160 val.data = discard_const_p(uint8_t, string);
161 val.length = strlen(string);
162 return ldb_binary_encode(mem_ctx, val);
165 /* find the first matching wildcard */
166 static char *ldb_parse_find_wildcard(char *value)
169 value = strpbrk(value, "\\*");
170 if (value == NULL) return NULL;
172 if (value[0] == '\\') {
173 if (value[1] == '\0') return NULL;
178 if (value[0] == '*') return value;
184 /* return a NULL terminated list of binary strings representing the value
185 chunks separated by wildcards that makes the value portion of the filter
187 static struct ldb_val **ldb_wildcard_decode(TALLOC_CTX *mem_ctx, const char *string)
189 struct ldb_val **ret = NULL;
190 unsigned int val = 0;
193 wc = talloc_strdup(mem_ctx, string);
194 if (wc == NULL) return NULL;
198 wc = ldb_parse_find_wildcard(str);
208 ret = talloc_realloc(mem_ctx, ret, struct ldb_val *, val + 2);
209 if (ret == NULL) return NULL;
211 ret[val] = talloc(mem_ctx, struct ldb_val);
212 if (ret[val] == NULL) return NULL;
214 *(ret[val]) = ldb_binary_decode(mem_ctx, str);
215 if ((ret[val])->data == NULL) return NULL;
227 static struct ldb_parse_tree *ldb_parse_filter(TALLOC_CTX *mem_ctx, const char **s);
231 parse an extended match
239 the ':dn' part sets the dnAttributes boolean if present
240 the oid sets the rule_id string
243 static struct ldb_parse_tree *ldb_parse_extended(struct ldb_parse_tree *ret,
244 char *attr, char *value)
248 ret->operation = LDB_OP_EXTENDED;
249 ret->u.extended.value = ldb_binary_decode(ret, value);
250 if (ret->u.extended.value.data == NULL) goto failed;
252 p1 = strchr(attr, ':');
253 if (p1 == NULL) goto failed;
254 p2 = strchr(p1+1, ':');
259 ret->u.extended.attr = attr;
260 if (strcmp(p1+1, "dn") == 0) {
261 ret->u.extended.dnAttributes = 1;
263 ret->u.extended.rule_id = talloc_strdup(ret, p2+1);
264 if (ret->u.extended.rule_id == NULL) goto failed;
266 ret->u.extended.rule_id = NULL;
269 ret->u.extended.dnAttributes = 0;
270 ret->u.extended.rule_id = talloc_strdup(ret, p1+1);
271 if (ret->u.extended.rule_id == NULL) goto failed;
281 static enum ldb_parse_op ldb_parse_filtertype(TALLOC_CTX *mem_ctx, char **type, char **value, const char **s)
283 enum ldb_parse_op filter = 0;
284 char *name, *val, *k;
288 /* retrieve attributetype name */
291 if (*p == '@') { /* for internal attributes the first char can be @ */
295 while ((isascii(*p) && isalnum((unsigned char)*p)) || (*p == '-') || (*p == '.')) {
296 /* attribute names can only be alphanums */
300 if (*p == ':') { /* but extended searches have : and . chars too */
302 if (p == NULL) { /* malformed attribute name */
309 while (isspace((unsigned char)*p)) p++;
311 if (!strchr("=<>~:", *p)) {
316 name = (char *)talloc_memdup(mem_ctx, t, t1 - t + 1);
317 if (name == NULL) return 0;
320 /* retrieve filtertype */
323 filter = LDB_OP_EQUALITY;
324 } else if (*(p + 1) == '=') {
327 filter = LDB_OP_LESS;
331 filter = LDB_OP_GREATER;
335 filter = LDB_OP_APPROX;
339 filter = LDB_OP_EXTENDED;
350 while (isspace((unsigned char)*p)) p++;
355 while (*p && ((*p != ')') || ((*p == ')') && (*(p - 1) == '\\')))) p++;
357 val = (char *)talloc_memdup(mem_ctx, t, p - t + 1);
366 /* remove trailing spaces from value */
367 while ((k > val) && (isspace((unsigned char)*(k - 1)))) k--;
377 <simple> ::= <attributetype> <filtertype> <attributevalue>
379 static struct ldb_parse_tree *ldb_parse_simple(TALLOC_CTX *mem_ctx, const char **s)
382 struct ldb_parse_tree *ret;
383 enum ldb_parse_op filtertype;
385 ret = talloc(mem_ctx, struct ldb_parse_tree);
391 filtertype = ldb_parse_filtertype(ret, &attr, &value, s);
397 switch (filtertype) {
400 ret->operation = LDB_OP_PRESENT;
401 ret->u.present.attr = attr;
404 case LDB_OP_EQUALITY:
406 if (strcmp(value, "*") == 0) {
407 ret->operation = LDB_OP_PRESENT;
408 ret->u.present.attr = attr;
412 if (ldb_parse_find_wildcard(value) != NULL) {
413 ret->operation = LDB_OP_SUBSTRING;
414 ret->u.substring.attr = attr;
415 ret->u.substring.start_with_wildcard = 0;
416 ret->u.substring.end_with_wildcard = 0;
417 ret->u.substring.chunks = ldb_wildcard_decode(ret, value);
418 if (ret->u.substring.chunks == NULL){
423 ret->u.substring.start_with_wildcard = 1;
424 if (value[strlen(value) - 1] == '*')
425 ret->u.substring.end_with_wildcard = 1;
431 ret->operation = LDB_OP_EQUALITY;
432 ret->u.equality.attr = attr;
433 ret->u.equality.value = ldb_binary_decode(ret, value);
434 if (ret->u.equality.value.data == NULL) {
442 ret->operation = LDB_OP_GREATER;
443 ret->u.comparison.attr = attr;
444 ret->u.comparison.value = ldb_binary_decode(ret, value);
445 if (ret->u.comparison.value.data == NULL) {
453 ret->operation = LDB_OP_LESS;
454 ret->u.comparison.attr = attr;
455 ret->u.comparison.value = ldb_binary_decode(ret, value);
456 if (ret->u.comparison.value.data == NULL) {
464 ret->operation = LDB_OP_APPROX;
465 ret->u.comparison.attr = attr;
466 ret->u.comparison.value = ldb_binary_decode(ret, value);
467 if (ret->u.comparison.value.data == NULL) {
474 case LDB_OP_EXTENDED:
476 ret = ldb_parse_extended(ret, attr, value);
490 <and> ::= '&' <filterlist>
491 <or> ::= '|' <filterlist>
492 <filterlist> ::= <filter> | <filter> <filterlist>
494 static struct ldb_parse_tree *ldb_parse_filterlist(TALLOC_CTX *mem_ctx, const char **s)
496 struct ldb_parse_tree *ret, *next;
497 enum ldb_parse_op op;
512 while (isspace((unsigned char)*p)) p++;
514 ret = talloc(mem_ctx, struct ldb_parse_tree);
521 ret->u.list.num_elements = 1;
522 ret->u.list.elements = talloc(ret, struct ldb_parse_tree *);
523 if (!ret->u.list.elements) {
529 ret->u.list.elements[0] = ldb_parse_filter(ret->u.list.elements, &p);
530 if (!ret->u.list.elements[0]) {
535 while (isspace((unsigned char)*p)) p++;
538 struct ldb_parse_tree **e;
543 next = ldb_parse_filter(ret->u.list.elements, &p);
545 /* an invalid filter element */
549 e = talloc_realloc(ret, ret->u.list.elements,
550 struct ldb_parse_tree *,
551 ret->u.list.num_elements + 1);
557 ret->u.list.elements = e;
558 ret->u.list.elements[ret->u.list.num_elements] = next;
559 ret->u.list.num_elements++;
560 while (isspace((unsigned char)*p)) p++;
570 <not> ::= '!' <filter>
572 static struct ldb_parse_tree *ldb_parse_not(TALLOC_CTX *mem_ctx, const char **s)
574 struct ldb_parse_tree *ret;
582 ret = talloc(mem_ctx, struct ldb_parse_tree);
588 ret->operation = LDB_OP_NOT;
589 ret->u.isnot.child = ldb_parse_filter(ret, &p);
590 if (!ret->u.isnot.child) {
602 <filtercomp> ::= <and> | <or> | <not> | <simple>
604 static struct ldb_parse_tree *ldb_parse_filtercomp(TALLOC_CTX *mem_ctx, const char **s)
606 struct ldb_parse_tree *ret;
609 while (isspace((unsigned char)*p)) p++;
613 ret = ldb_parse_filterlist(mem_ctx, &p);
617 ret = ldb_parse_filterlist(mem_ctx, &p);
621 ret = ldb_parse_not(mem_ctx, &p);
629 ret = ldb_parse_simple(mem_ctx, &p);
639 <filter> ::= '(' <filtercomp> ')'
641 static struct ldb_parse_tree *ldb_parse_filter(TALLOC_CTX *mem_ctx, const char **s)
643 struct ldb_parse_tree *ret;
651 ret = ldb_parse_filtercomp(mem_ctx, &p);
658 while (isspace((unsigned char)*p)) {
669 main parser entry point. Takes a search string and returns a parse tree
671 expression ::= <simple> | <filter>
673 struct ldb_parse_tree *ldb_parse_tree(TALLOC_CTX *mem_ctx, const char *s)
675 if (s == NULL || *s == 0) {
676 s = "(|(objectClass=*)(distinguishedName=*))";
679 while (isspace((unsigned char)*s)) s++;
682 return ldb_parse_filter(mem_ctx, &s);
685 return ldb_parse_simple(mem_ctx, &s);
690 construct a ldap parse filter given a parse tree
692 char *ldb_filter_from_tree(TALLOC_CTX *mem_ctx, const struct ldb_parse_tree *tree)
701 switch (tree->operation) {
704 ret = talloc_asprintf(mem_ctx, "(%c", tree->operation==LDB_OP_AND?'&':'|');
705 if (ret == NULL) return NULL;
706 for (i=0;i<tree->u.list.num_elements;i++) {
707 s = ldb_filter_from_tree(mem_ctx, tree->u.list.elements[i]);
712 s2 = talloc_asprintf_append(ret, "%s", s);
720 s = talloc_asprintf_append(ret, ")");
727 s = ldb_filter_from_tree(mem_ctx, tree->u.isnot.child);
728 if (s == NULL) return NULL;
730 ret = talloc_asprintf(mem_ctx, "(!%s)", s);
733 case LDB_OP_EQUALITY:
734 s = ldb_binary_encode(mem_ctx, tree->u.equality.value);
735 if (s == NULL) return NULL;
736 ret = talloc_asprintf(mem_ctx, "(%s=%s)",
737 tree->u.equality.attr, s);
740 case LDB_OP_SUBSTRING:
741 ret = talloc_asprintf(mem_ctx, "(%s=%s", tree->u.substring.attr,
742 tree->u.substring.start_with_wildcard?"*":"");
743 if (ret == NULL) return NULL;
744 for (i = 0; tree->u.substring.chunks[i]; i++) {
745 s2 = ldb_binary_encode(mem_ctx, *(tree->u.substring.chunks[i]));
750 if (tree->u.substring.chunks[i+1] ||
751 tree->u.substring.end_with_wildcard) {
752 s = talloc_asprintf_append(ret, "%s*", s2);
754 s = talloc_asprintf_append(ret, "%s", s2);
762 s = talloc_asprintf_append(ret, ")");
770 s = ldb_binary_encode(mem_ctx, tree->u.equality.value);
771 if (s == NULL) return NULL;
772 ret = talloc_asprintf(mem_ctx, "(%s>=%s)",
773 tree->u.equality.attr, s);
777 s = ldb_binary_encode(mem_ctx, tree->u.equality.value);
778 if (s == NULL) return NULL;
779 ret = talloc_asprintf(mem_ctx, "(%s<=%s)",
780 tree->u.equality.attr, s);
784 ret = talloc_asprintf(mem_ctx, "(%s=*)", tree->u.present.attr);
787 s = ldb_binary_encode(mem_ctx, tree->u.equality.value);
788 if (s == NULL) return NULL;
789 ret = talloc_asprintf(mem_ctx, "(%s~=%s)",
790 tree->u.equality.attr, s);
793 case LDB_OP_EXTENDED:
794 s = ldb_binary_encode(mem_ctx, tree->u.extended.value);
795 if (s == NULL) return NULL;
796 ret = talloc_asprintf(mem_ctx, "(%s%s%s%s:=%s)",
797 tree->u.extended.attr?tree->u.extended.attr:"",
798 tree->u.extended.dnAttributes?":dn":"",
799 tree->u.extended.rule_id?":":"",
800 tree->u.extended.rule_id?tree->u.extended.rule_id:"",
811 walk a parse tree, calling the provided callback on each node
813 int ldb_parse_tree_walk(struct ldb_parse_tree *tree,
814 int (*callback)(struct ldb_parse_tree *tree, void *),
815 void *private_context)
820 ret = callback(tree, private_context);
821 if (ret != LDB_SUCCESS) {
825 switch (tree->operation) {
828 for (i=0;i<tree->u.list.num_elements;i++) {
829 ret = ldb_parse_tree_walk(tree->u.list.elements[i], callback, private_context);
830 if (ret != LDB_SUCCESS) {
836 ret = ldb_parse_tree_walk(tree->u.isnot.child, callback, private_context);
837 if (ret != LDB_SUCCESS) {
841 case LDB_OP_EQUALITY:
845 case LDB_OP_SUBSTRING:
847 case LDB_OP_EXTENDED:
853 struct parse_tree_attr_replace_ctx {
859 callback for ldb_parse_tree_attr_replace()
861 static int parse_tree_attr_replace(struct ldb_parse_tree *tree, void *private_context)
863 struct parse_tree_attr_replace_ctx *ctx = private_context;
864 switch (tree->operation) {
865 case LDB_OP_EQUALITY:
869 if (ldb_attr_cmp(tree->u.equality.attr, ctx->attr) == 0) {
870 tree->u.equality.attr = ctx->replace;
873 case LDB_OP_SUBSTRING:
874 if (ldb_attr_cmp(tree->u.substring.attr, ctx->attr) == 0) {
875 tree->u.substring.attr = ctx->replace;
879 if (ldb_attr_cmp(tree->u.present.attr, ctx->attr) == 0) {
880 tree->u.present.attr = ctx->replace;
883 case LDB_OP_EXTENDED:
884 if (tree->u.extended.attr &&
885 ldb_attr_cmp(tree->u.extended.attr, ctx->attr) == 0) {
886 tree->u.extended.attr = ctx->replace;
896 replace any occurrences of an attribute name in the parse tree with a
899 void ldb_parse_tree_attr_replace(struct ldb_parse_tree *tree,
903 struct parse_tree_attr_replace_ctx ctx;
906 ctx.replace = replace;
908 ldb_parse_tree_walk(tree, parse_tree_attr_replace, &ctx);
912 shallow copy a tree - copying only the elements array so that the caller
913 can safely add new elements without changing the message
915 struct ldb_parse_tree *ldb_parse_tree_copy_shallow(TALLOC_CTX *mem_ctx,
916 const struct ldb_parse_tree *ot)
919 struct ldb_parse_tree *nt;
921 nt = talloc(mem_ctx, struct ldb_parse_tree);
928 switch (ot->operation) {
931 nt->u.list.elements = talloc_array(nt, struct ldb_parse_tree *,
932 ot->u.list.num_elements);
933 if (!nt->u.list.elements) {
938 for (i=0;i<ot->u.list.num_elements;i++) {
939 nt->u.list.elements[i] =
940 ldb_parse_tree_copy_shallow(nt->u.list.elements,
941 ot->u.list.elements[i]);
942 if (!nt->u.list.elements[i]) {
949 nt->u.isnot.child = ldb_parse_tree_copy_shallow(nt,
951 if (!nt->u.isnot.child) {
956 case LDB_OP_EQUALITY:
960 case LDB_OP_SUBSTRING:
962 case LDB_OP_EXTENDED:
git.samba.org / mdw / samba.git / blob