4 Copyright (C) Andrew Tridgell 2004
6 ** NOTE! The following LGPL license applies to the ldb
7 ** library. This does NOT imply that all of Samba is released
10 This library is free software; you can redistribute it and/or
11 modify it under the terms of the GNU Lesser General Public
12 License as published by the Free Software Foundation; either
13 version 3 of the License, or (at your option) any later version.
15 This library is distributed in the hope that it will be useful,
16 but WITHOUT ANY WARRANTY; without even the implied warranty of
17 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
18 Lesser General Public License for more details.
20 You should have received a copy of the GNU Lesser General Public
21 License along with this library; if not, see <http://www.gnu.org/licenses/>.
27 * Component: ldb expression parsing
29 * Description: parse LDAP-like search expressions
31 * Author: Andrew Tridgell
36 - add RFC2254 binary string handling
37 - possibly add ~=, <= and >= handling
38 - expand the test suite
39 - add better parse error handling
43 #include "ldb_private.h"
44 #include "system/locale.h"
46 static int ldb_parse_hex2char(const char *x)
48 if (isxdigit(x[0]) && isxdigit(x[1])) {
49 const char h1 = x[0], h2 = x[1];
52 if (h1 >= 'a') c = h1 - (int)'a' + 10;
53 else if (h1 >= 'A') c = h1 - (int)'A' + 10;
54 else if (h1 >= '0') c = h1 - (int)'0';
56 if (h2 >= 'a') c += h2 - (int)'a' + 10;
57 else if (h2 >= 'A') c += h2 - (int)'A' + 10;
58 else if (h2 >= '0') c += h2 - (int)'0';
67 a filter is defined by:
68 <filter> ::= '(' <filtercomp> ')'
69 <filtercomp> ::= <and> | <or> | <not> | <simple>
70 <and> ::= '&' <filterlist>
71 <or> ::= '|' <filterlist>
72 <not> ::= '!' <filter>
73 <filterlist> ::= <filter> | <filter> <filterlist>
74 <simple> ::= <attributetype> <filtertype> <attributevalue>
75 <filtertype> ::= '=' | '~=' | '<=' | '>='
79 decode a RFC2254 binary string representation of a buffer.
82 struct ldb_val ldb_binary_decode(TALLOC_CTX *mem_ctx, const char *str)
86 size_t slen = str?strlen(str):0;
88 ret.data = (uint8_t *)talloc_size(mem_ctx, slen+1);
90 if (ret.data == NULL) return ret;
92 for (i=j=0;i<slen;i++) {
96 c = ldb_parse_hex2char(&str[i+1]);
98 talloc_free(ret.data);
99 memset(&ret, 0, sizeof(ret));
102 ((uint8_t *)ret.data)[j++] = c;
105 ((uint8_t *)ret.data)[j++] = str[i];
109 ((uint8_t *)ret.data)[j] = 0;
116 encode a blob as a RFC2254 binary string, escaping any
117 non-printable or '\' characters
119 char *ldb_binary_encode(TALLOC_CTX *mem_ctx, struct ldb_val val)
123 size_t len = val.length;
124 unsigned char *buf = val.data;
126 for (i=0;i<val.length;i++) {
127 if (!isprint(buf[i]) || strchr(" *()\\&|!\"", buf[i])) {
131 ret = talloc_array(mem_ctx, char, len+1);
132 if (ret == NULL) return NULL;
135 for (i=0;i<val.length;i++) {
136 if (!isprint(buf[i]) || strchr(" *()\\&|!\"", buf[i])) {
137 snprintf(ret+len, 4, "\\%02X", buf[i]);
150 encode a string as a RFC2254 binary string, escaping any
151 non-printable or '\' characters. This routine is suitable for use
152 in escaping user data in ldap filters.
154 char *ldb_binary_encode_string(TALLOC_CTX *mem_ctx, const char *string)
157 if (string == NULL) {
160 val.data = discard_const_p(uint8_t, string);
161 val.length = strlen(string);
162 return ldb_binary_encode(mem_ctx, val);
165 /* find the first matching wildcard */
166 static char *ldb_parse_find_wildcard(char *value)
169 value = strpbrk(value, "\\*");
170 if (value == NULL) return NULL;
172 if (value[0] == '\\') {
173 if (value[1] == '\0') return NULL;
178 if (value[0] == '*') return value;
184 /* return a NULL terminated list of binary strings representing the value
185 chunks separated by wildcards that makes the value portion of the filter
187 static struct ldb_val **ldb_wildcard_decode(TALLOC_CTX *mem_ctx, const char *string)
189 struct ldb_val **ret = NULL;
190 unsigned int val = 0;
193 wc = talloc_strdup(mem_ctx, string);
194 if (wc == NULL) return NULL;
198 wc = ldb_parse_find_wildcard(str);
208 ret = talloc_realloc(mem_ctx, ret, struct ldb_val *, val + 2);
209 if (ret == NULL) return NULL;
211 ret[val] = talloc(mem_ctx, struct ldb_val);
212 if (ret[val] == NULL) return NULL;
214 *(ret[val]) = ldb_binary_decode(mem_ctx, str);
215 if ((ret[val])->data == NULL) return NULL;
227 static struct ldb_parse_tree *ldb_parse_filter(TALLOC_CTX *mem_ctx, const char **s);
231 parse an extended match
239 the ':dn' part sets the dnAttributes boolean if present
240 the oid sets the rule_id string
243 static struct ldb_parse_tree *ldb_parse_extended(struct ldb_parse_tree *ret,
244 char *attr, char *value)
248 ret->operation = LDB_OP_EXTENDED;
249 ret->u.extended.value = ldb_binary_decode(ret, value);
250 if (ret->u.extended.value.data == NULL) goto failed;
252 p1 = strchr(attr, ':');
253 if (p1 == NULL) goto failed;
254 p2 = strchr(p1+1, ':');
259 ret->u.extended.attr = attr;
260 if (strcmp(p1+1, "dn") == 0) {
261 ret->u.extended.dnAttributes = 1;
263 ret->u.extended.rule_id = talloc_strdup(ret, p2+1);
264 if (ret->u.extended.rule_id == NULL) goto failed;
266 ret->u.extended.rule_id = NULL;
269 ret->u.extended.dnAttributes = 0;
270 ret->u.extended.rule_id = talloc_strdup(ret, p1+1);
271 if (ret->u.extended.rule_id == NULL) goto failed;
281 static enum ldb_parse_op ldb_parse_filtertype(TALLOC_CTX *mem_ctx, char **type, char **value, const char **s)
283 enum ldb_parse_op filter = 0;
284 char *name, *val, *k;
288 /* retrieve attributetype name */
291 if (*p == '@') { /* for internal attributes the first char can be @ */
295 while ((isascii(*p) && isalnum((unsigned char)*p)) || (*p == '-') || (*p == '.')) {
296 /* attribute names can only be alphanums */
300 if (*p == ':') { /* but extended searches have : and . chars too */
302 if (p == NULL) { /* malformed attribute name */
309 while (isspace((unsigned char)*p)) p++;
311 if (!strchr("=<>~:", *p)) {
316 name = (char *)talloc_memdup(mem_ctx, t, t1 - t + 1);
317 if (name == NULL) return 0;
320 /* retrieve filtertype */
323 filter = LDB_OP_EQUALITY;
324 } else if (*(p + 1) == '=') {
327 filter = LDB_OP_LESS;
331 filter = LDB_OP_GREATER;
335 filter = LDB_OP_APPROX;
339 filter = LDB_OP_EXTENDED;
350 while (isspace((unsigned char)*p)) p++;
355 while (*p && ((*p != ')') || ((*p == ')') && (*(p - 1) == '\\')))) p++;
357 val = (char *)talloc_memdup(mem_ctx, t, p - t + 1);
366 /* remove trailing spaces from value */
367 while ((k > val) && (isspace((unsigned char)*(k - 1)))) k--;
377 <simple> ::= <attributetype> <filtertype> <attributevalue>
379 static struct ldb_parse_tree *ldb_parse_simple(TALLOC_CTX *mem_ctx, const char **s)
382 struct ldb_parse_tree *ret;
383 enum ldb_parse_op filtertype;
385 ret = talloc(mem_ctx, struct ldb_parse_tree);
391 filtertype = ldb_parse_filtertype(ret, &attr, &value, s);
397 switch (filtertype) {
400 ret->operation = LDB_OP_PRESENT;
401 ret->u.present.attr = attr;
404 case LDB_OP_EQUALITY:
406 if (strcmp(value, "*") == 0) {
407 ret->operation = LDB_OP_PRESENT;
408 ret->u.present.attr = attr;
412 if (ldb_parse_find_wildcard(value) != NULL) {
413 ret->operation = LDB_OP_SUBSTRING;
414 ret->u.substring.attr = attr;
415 ret->u.substring.start_with_wildcard = 0;
416 ret->u.substring.end_with_wildcard = 0;
417 ret->u.substring.chunks = ldb_wildcard_decode(ret, value);
418 if (ret->u.substring.chunks == NULL){
423 ret->u.substring.start_with_wildcard = 1;
424 if (value[strlen(value) - 1] == '*')
425 ret->u.substring.end_with_wildcard = 1;
431 ret->operation = LDB_OP_EQUALITY;
432 ret->u.equality.attr = attr;
433 ret->u.equality.value = ldb_binary_decode(ret, value);
434 if (ret->u.equality.value.data == NULL) {
442 ret->operation = LDB_OP_GREATER;
443 ret->u.comparison.attr = attr;
444 ret->u.comparison.value = ldb_binary_decode(ret, value);
445 if (ret->u.comparison.value.data == NULL) {
453 ret->operation = LDB_OP_LESS;
454 ret->u.comparison.attr = attr;
455 ret->u.comparison.value = ldb_binary_decode(ret, value);
456 if (ret->u.comparison.value.data == NULL) {
464 ret->operation = LDB_OP_APPROX;
465 ret->u.comparison.attr = attr;
466 ret->u.comparison.value = ldb_binary_decode(ret, value);
467 if (ret->u.comparison.value.data == NULL) {
474 case LDB_OP_EXTENDED:
476 ret = ldb_parse_extended(ret, attr, value);
490 <and> ::= '&' <filterlist>
491 <or> ::= '|' <filterlist>
492 <filterlist> ::= <filter> | <filter> <filterlist>
494 static struct ldb_parse_tree *ldb_parse_filterlist(TALLOC_CTX *mem_ctx, const char **s)
496 struct ldb_parse_tree *ret, *next;
497 enum ldb_parse_op op;
512 while (isspace((unsigned char)*p)) p++;
514 ret = talloc(mem_ctx, struct ldb_parse_tree);
521 ret->u.list.num_elements = 1;
522 ret->u.list.elements = talloc(ret, struct ldb_parse_tree *);
523 if (!ret->u.list.elements) {
529 ret->u.list.elements[0] = ldb_parse_filter(ret->u.list.elements, &p);
530 if (!ret->u.list.elements[0]) {
535 while (isspace((unsigned char)*p)) p++;
537 while (*p && (next = ldb_parse_filter(ret->u.list.elements, &p))) {
538 struct ldb_parse_tree **e;
539 e = talloc_realloc(ret, ret->u.list.elements,
540 struct ldb_parse_tree *,
541 ret->u.list.num_elements + 1);
547 ret->u.list.elements = e;
548 ret->u.list.elements[ret->u.list.num_elements] = next;
549 ret->u.list.num_elements++;
550 while (isspace((unsigned char)*p)) p++;
560 <not> ::= '!' <filter>
562 static struct ldb_parse_tree *ldb_parse_not(TALLOC_CTX *mem_ctx, const char **s)
564 struct ldb_parse_tree *ret;
572 ret = talloc(mem_ctx, struct ldb_parse_tree);
578 ret->operation = LDB_OP_NOT;
579 ret->u.isnot.child = ldb_parse_filter(ret, &p);
580 if (!ret->u.isnot.child) {
592 <filtercomp> ::= <and> | <or> | <not> | <simple>
594 static struct ldb_parse_tree *ldb_parse_filtercomp(TALLOC_CTX *mem_ctx, const char **s)
596 struct ldb_parse_tree *ret;
599 while (isspace((unsigned char)*p)) p++;
603 ret = ldb_parse_filterlist(mem_ctx, &p);
607 ret = ldb_parse_filterlist(mem_ctx, &p);
611 ret = ldb_parse_not(mem_ctx, &p);
619 ret = ldb_parse_simple(mem_ctx, &p);
629 <filter> ::= '(' <filtercomp> ')'
631 static struct ldb_parse_tree *ldb_parse_filter(TALLOC_CTX *mem_ctx, const char **s)
633 struct ldb_parse_tree *ret;
641 ret = ldb_parse_filtercomp(mem_ctx, &p);
648 while (isspace((unsigned char)*p)) {
659 main parser entry point. Takes a search string and returns a parse tree
661 expression ::= <simple> | <filter>
663 struct ldb_parse_tree *ldb_parse_tree(TALLOC_CTX *mem_ctx, const char *s)
665 if (s == NULL || *s == 0) {
666 s = "(|(objectClass=*)(distinguishedName=*))";
669 while (isspace((unsigned char)*s)) s++;
672 return ldb_parse_filter(mem_ctx, &s);
675 return ldb_parse_simple(mem_ctx, &s);
680 construct a ldap parse filter given a parse tree
682 char *ldb_filter_from_tree(TALLOC_CTX *mem_ctx, const struct ldb_parse_tree *tree)
691 switch (tree->operation) {
694 ret = talloc_asprintf(mem_ctx, "(%c", tree->operation==LDB_OP_AND?'&':'|');
695 if (ret == NULL) return NULL;
696 for (i=0;i<tree->u.list.num_elements;i++) {
697 s = ldb_filter_from_tree(mem_ctx, tree->u.list.elements[i]);
702 s2 = talloc_asprintf_append(ret, "%s", s);
710 s = talloc_asprintf_append(ret, ")");
717 s = ldb_filter_from_tree(mem_ctx, tree->u.isnot.child);
718 if (s == NULL) return NULL;
720 ret = talloc_asprintf(mem_ctx, "(!%s)", s);
723 case LDB_OP_EQUALITY:
724 s = ldb_binary_encode(mem_ctx, tree->u.equality.value);
725 if (s == NULL) return NULL;
726 ret = talloc_asprintf(mem_ctx, "(%s=%s)",
727 tree->u.equality.attr, s);
730 case LDB_OP_SUBSTRING:
731 ret = talloc_asprintf(mem_ctx, "(%s=%s", tree->u.substring.attr,
732 tree->u.substring.start_with_wildcard?"*":"");
733 if (ret == NULL) return NULL;
734 for (i = 0; tree->u.substring.chunks[i]; i++) {
735 s2 = ldb_binary_encode(mem_ctx, *(tree->u.substring.chunks[i]));
740 if (tree->u.substring.chunks[i+1] ||
741 tree->u.substring.end_with_wildcard) {
742 s = talloc_asprintf_append(ret, "%s*", s2);
744 s = talloc_asprintf_append(ret, "%s", s2);
752 s = talloc_asprintf_append(ret, ")");
760 s = ldb_binary_encode(mem_ctx, tree->u.equality.value);
761 if (s == NULL) return NULL;
762 ret = talloc_asprintf(mem_ctx, "(%s>=%s)",
763 tree->u.equality.attr, s);
767 s = ldb_binary_encode(mem_ctx, tree->u.equality.value);
768 if (s == NULL) return NULL;
769 ret = talloc_asprintf(mem_ctx, "(%s<=%s)",
770 tree->u.equality.attr, s);
774 ret = talloc_asprintf(mem_ctx, "(%s=*)", tree->u.present.attr);
777 s = ldb_binary_encode(mem_ctx, tree->u.equality.value);
778 if (s == NULL) return NULL;
779 ret = talloc_asprintf(mem_ctx, "(%s~=%s)",
780 tree->u.equality.attr, s);
783 case LDB_OP_EXTENDED:
784 s = ldb_binary_encode(mem_ctx, tree->u.extended.value);
785 if (s == NULL) return NULL;
786 ret = talloc_asprintf(mem_ctx, "(%s%s%s%s:=%s)",
787 tree->u.extended.attr?tree->u.extended.attr:"",
788 tree->u.extended.dnAttributes?":dn":"",
789 tree->u.extended.rule_id?":":"",
790 tree->u.extended.rule_id?tree->u.extended.rule_id:"",
801 replace any occurrences of an attribute name in the parse tree with a
804 void ldb_parse_tree_attr_replace(struct ldb_parse_tree *tree,
809 switch (tree->operation) {
812 for (i=0;i<tree->u.list.num_elements;i++) {
813 ldb_parse_tree_attr_replace(tree->u.list.elements[i],
818 ldb_parse_tree_attr_replace(tree->u.isnot.child, attr, replace);
820 case LDB_OP_EQUALITY:
824 if (ldb_attr_cmp(tree->u.equality.attr, attr) == 0) {
825 tree->u.equality.attr = replace;
828 case LDB_OP_SUBSTRING:
829 if (ldb_attr_cmp(tree->u.substring.attr, attr) == 0) {
830 tree->u.substring.attr = replace;
834 if (ldb_attr_cmp(tree->u.present.attr, attr) == 0) {
835 tree->u.present.attr = replace;
838 case LDB_OP_EXTENDED:
839 if (tree->u.extended.attr &&
840 ldb_attr_cmp(tree->u.extended.attr, attr) == 0) {
841 tree->u.extended.attr = replace;
848 shallow copy a tree - copying only the elements array so that the caller
849 can safely add new elements without changing the message
851 struct ldb_parse_tree *ldb_parse_tree_copy_shallow(TALLOC_CTX *mem_ctx,
852 const struct ldb_parse_tree *ot)
855 struct ldb_parse_tree *nt;
857 nt = talloc(mem_ctx, struct ldb_parse_tree);
864 switch (ot->operation) {
867 nt->u.list.elements = talloc_array(nt, struct ldb_parse_tree *,
868 ot->u.list.num_elements);
869 if (!nt->u.list.elements) {
874 for (i=0;i<ot->u.list.num_elements;i++) {
875 nt->u.list.elements[i] =
876 ldb_parse_tree_copy_shallow(nt->u.list.elements,
877 ot->u.list.elements[i]);
878 if (!nt->u.list.elements[i]) {
885 nt->u.isnot.child = ldb_parse_tree_copy_shallow(nt,
887 if (!nt->u.isnot.child) {
892 case LDB_OP_EQUALITY:
896 case LDB_OP_SUBSTRING:
898 case LDB_OP_EXTENDED:
git.samba.org / samba.git / blob