static struct ldb_parse_tree *ldb_parse_filter(void *mem_ctx, const char **s);
+
+/*
+ parse an extended match
+
+ possible forms:
+ (attr:oid:=value)
+ (attr:dn:oid:=value)
+ (attr:dn:=value)
+ (:dn:oid:=value)
+
+ the ':dn' part sets the dnAttributes boolean if present
+ the oid sets the rule_id string
+
+*/
+static struct ldb_parse_tree *ldb_parse_extended(struct ldb_parse_tree *ret,
+ char *attr, char *value)
+{
+ char *p1, *p2, *p3;
+ ret->operation = LDB_OP_EXTENDED;
+ ret->u.extended.value = ldb_binary_decode(ret, value);
+ p1 = strchr(attr, ':');
+ if (p1 == NULL) goto failed;
+ p2 = strchr(p1+1, ':');
+ if (p2 == NULL) goto failed;
+ p3 = strchr(p2+1, ':');
+
+ *p1 = 0;
+ *p2 = 0;
+ if (p3) *p3 = 0;
+
+ ret->u.extended.attr = talloc_strdup(ret, attr);
+ if (ret->u.extended.attr == NULL) goto failed;
+ if (strcmp(p1+1, "dn") == 0) {
+ ret->u.extended.dnAttributes = 1;
+ if (p3) {
+ ret->u.extended.rule_id = talloc_strdup(ret, p2+1);
+ if (ret->u.extended.rule_id == NULL) goto failed;
+ } else {
+ ret->u.extended.rule_id = NULL;
+ }
+ } else {
+ ret->u.extended.dnAttributes = 0;
+ ret->u.extended.rule_id = talloc_strdup(ret, p1+1);
+ if (ret->u.extended.rule_id == NULL) goto failed;
+ }
+ ret->u.extended.value = ldb_binary_decode(ret, value);
+
+ return ret;
+
+failed:
+ talloc_free(ret);
+ return NULL;
+}
+
+
/*
<simple> ::= <attributetype> <filtertype> <attributevalue>
*/
talloc_free(ret);
return NULL;
}
+
+ if (l[strlen(l)-1] == ':') {
+ /* its an extended match */
+ return ldb_parse_extended(ret, l, val);
+ }
ret->operation = LDB_OP_SIMPLE;
ret->u.simple.attr = l;
tree->u.simple.attr, s);
talloc_free(s);
return ret;
+ case LDB_OP_EXTENDED:
+ s = ldb_binary_encode(mem_ctx, tree->u.extended.value);
+ if (s == NULL) return NULL;
+ ret = talloc_asprintf(mem_ctx, "(%s%s%s%s=%s)",
+ tree->u.extended.attr?tree->u.extended.attr:"",
+ tree->u.extended.dnAttributes?":dn":"",
+ tree->u.extended.rule_id?":":"",
+ tree->u.extended.rule_id?tree->u.extended.rule_id:"",
+ s);
+ talloc_free(s);
+ return ret;
case LDB_OP_AND:
case LDB_OP_OR:
ret = talloc_asprintf(mem_ctx, "(%c", (char)tree->operation);
const char *base,
enum ldb_scope scope)
{
- unsigned int i, j;
+ unsigned int i;
+ struct ldb_message_element *el;
if (!scope_match(msg->dn, base, scope)) {
return 0;
return ldb_dn_cmp(msg->dn, tree->u.simple.value.data) == 0;
}
- for (i=0;i<msg->num_elements;i++) {
- if (ldb_attr_cmp(msg->elements[i].name, tree->u.simple.attr) == 0) {
- if (strcmp(tree->u.simple.value.data, "*") == 0) {
- return 1;
- }
- for (j=0;j<msg->elements[i].num_values;j++) {
- if (ltdb_val_equal(module, msg->elements[i].name,
- &msg->elements[i].values[j],
- &tree->u.simple.value)) {
- return 1;
- }
- }
+ el = ldb_msg_find_element(msg, tree->u.simple.attr);
+ if (el == NULL) {
+ return 0;
+ }
+
+ if (strcmp(tree->u.simple.value.data, "*") == 0) {
+ return 1;
+ }
+
+ for (i=0;i<el->num_values;i++) {
+ if (ltdb_val_equal(module, el->name, &el->values[i],
+ &tree->u.simple.value)) {
+ return 1;
+ }
+ }
+
+ return 0;
+}
+
+
+/*
+ bitwise-and comparator
+*/
+static int comparator_and(struct ldb_val *v1, struct ldb_val *v2)
+{
+ unsigned i1, i2;
+ i1 = strtoul(v1->data, NULL, 0);
+ i2 = strtoul(v2->data, NULL, 0);
+ return ((i1 & i2) == i2);
+}
+
+/*
+ bitwise-or comparator
+*/
+static int comparator_or(struct ldb_val *v1, struct ldb_val *v2)
+{
+ unsigned i1, i2;
+ i1 = strtoul(v1->data, NULL, 0);
+ i2 = strtoul(v2->data, NULL, 0);
+ return ((i1 & i2) != 0);
+}
+
+
+/*
+ extended match, handles things like bitops
+*/
+static int ltdb_extended_match(struct ldb_module *module,
+ struct ldb_message *msg,
+ struct ldb_parse_tree *tree,
+ const char *base,
+ enum ldb_scope scope)
+{
+ int i;
+ const struct {
+ const char *oid;
+ int (*comparator)(struct ldb_val *, struct ldb_val *);
+ } rules[] = {
+ { "1.2.840.113556.1.4.803", comparator_and},
+ { "1.2.840.113556.1.4.804", comparator_or}
+ };
+ int (*comp)(struct ldb_val *, struct ldb_val *) = NULL;
+ struct ldb_message_element *el;
+
+ if (tree->u.extended.dnAttributes) {
+ ldb_debug(module->ldb, LDB_DEBUG_ERROR, "ldb: dnAttributes extended match not supported yet");
+ return -1;
+ }
+ if (tree->u.extended.rule_id == NULL) {
+ ldb_debug(module->ldb, LDB_DEBUG_ERROR, "ldb: no-rule extended matches not supported yet");
+ return -1;
+ }
+ if (tree->u.extended.attr == NULL) {
+ ldb_debug(module->ldb, LDB_DEBUG_ERROR, "ldb: no-attribute extended matches not supported yet");
+ return -1;
+ }
+
+ for (i=0;i<ARRAY_SIZE(rules);i++) {
+ if (strcmp(rules[i].oid, tree->u.extended.rule_id) == 0) {
+ comp = rules[i].comparator;
+ break;
}
}
+ if (comp == NULL) {
+ ldb_debug(module->ldb, LDB_DEBUG_ERROR, "ldb: unknown extended rule_id %s\n",
+ tree->u.extended.rule_id);
+ return -1;
+ }
+
+ /* find the message element */
+ el = ldb_msg_find_element(msg, tree->u.extended.attr);
+ if (el == NULL) {
+ return 0;
+ }
+
+ for (i=0;i<el->num_values;i++) {
+ int ret = comp(&el->values[i], &tree->u.extended.value);
+ if (ret == -1 || ret == 1) return ret;
+ }
return 0;
}
case LDB_OP_SIMPLE:
break;
+ case LDB_OP_EXTENDED:
+ return ltdb_extended_match(module, msg, tree, base, scope);
+
case LDB_OP_NOT:
return ! ltdb_message_match(module, msg, tree->u.not.child, base, scope);