search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
join.py: Add Replica-Locations for DomainDNS and ForestDNS
[Samba.git] / lib / ldb / common / ldb_match.c
blobe83ad637dffd509d38cf62e3f280dd3c16cee3e5
1 /*
2 ldb database library
3
4 Copyright (C) Andrew Tridgell 2004-2005
5 Copyright (C) Simo Sorce 2005
6
7 ** NOTE! The following LGPL license applies to the ldb
8 ** library. This does NOT imply that all of Samba is released
9 ** under the LGPL
10
11 This library is free software; you can redistribute it and/or
12 modify it under the terms of the GNU Lesser General Public
13 License as published by the Free Software Foundation; either
14 version 3 of the License, or (at your option) any later version.
15
16 This library is distributed in the hope that it will be useful,
17 but WITHOUT ANY WARRANTY; without even the implied warranty of
18 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
19 Lesser General Public License for more details.
20
21 You should have received a copy of the GNU Lesser General Public
22 License along with this library; if not, see <http://www.gnu.org/licenses/>.
23 */
24
25 /*
26 * Name: ldb
27 *
28 * Component: ldb expression matching
29 *
30 * Description: ldb expression matching
31 *
32 * Author: Andrew Tridgell
33 */
34
35 #include "ldb_private.h"
36 #include "dlinklist.h"
37
38 /*
39 check if the scope matches in a search result
40 */
41 static int ldb_match_scope(struct ldb_context *ldb,
42 struct ldb_dn *base,
43 struct ldb_dn *dn,
44 enum ldb_scope scope)
45 {
46 int ret = 0;
47
48 if (base == NULL || dn == NULL) {
49 return 1;
50 }
51
52 switch (scope) {
53 case LDB_SCOPE_BASE:
54 if (ldb_dn_compare(base, dn) == 0) {
55 ret = 1;
56 }
57 break;
58
59 case LDB_SCOPE_ONELEVEL:
60 if (ldb_dn_get_comp_num(dn) == (ldb_dn_get_comp_num(base) + 1)) {
61 if (ldb_dn_compare_base(base, dn) == 0) {
62 ret = 1;
63 }
64 }
65 break;
66
67 case LDB_SCOPE_SUBTREE:
68 default:
69 if (ldb_dn_compare_base(base, dn) == 0) {
70 ret = 1;
71 }
72 break;
73 }
74
75 return ret;
76 }
77
78
79 /*
80 match if node is present
81 */
82 static int ldb_match_present(struct ldb_context *ldb,
83 const struct ldb_message *msg,
84 const struct ldb_parse_tree *tree,
85 enum ldb_scope scope, bool *matched)
86 {
87 const struct ldb_schema_attribute *a;
88 struct ldb_message_element *el;
89
90 if (ldb_attr_dn(tree->u.present.attr) == 0) {
91 *matched = true;
92 return LDB_SUCCESS;
93 }
94
95 el = ldb_msg_find_element(msg, tree->u.present.attr);
96 if (el == NULL) {
97 *matched = false;
98 return LDB_SUCCESS;
99 }
100
101 a = ldb_schema_attribute_by_name(ldb, el->name);
102 if (!a) {
103 return LDB_ERR_INVALID_ATTRIBUTE_SYNTAX;
104 }
105
106 if (a->syntax->operator_fn) {
107 unsigned int i;
108 for (i = 0; i < el->num_values; i++) {
109 int ret = a->syntax->operator_fn(ldb, LDB_OP_PRESENT, a, &el->values[i], NULL, matched);
110 if (ret != LDB_SUCCESS) return ret;
111 if (*matched) return LDB_SUCCESS;
112 }
113 *matched = false;
114 return LDB_SUCCESS;
115 }
116
117 *matched = true;
118 return LDB_SUCCESS;
119 }
120
121 static int ldb_match_comparison(struct ldb_context *ldb,
122 const struct ldb_message *msg,
123 const struct ldb_parse_tree *tree,
124 enum ldb_scope scope,
125 enum ldb_parse_op comp_op, bool *matched)
126 {
127 unsigned int i;
128 struct ldb_message_element *el;
129 const struct ldb_schema_attribute *a;
130
131 /* FIXME: APPROX comparison not handled yet */
132 if (comp_op == LDB_OP_APPROX) {
133 return LDB_ERR_INAPPROPRIATE_MATCHING;
134 }
135
136 el = ldb_msg_find_element(msg, tree->u.comparison.attr);
137 if (el == NULL) {
138 *matched = false;
139 return LDB_SUCCESS;
140 }
141
142 a = ldb_schema_attribute_by_name(ldb, el->name);
143 if (!a) {
144 return LDB_ERR_INVALID_ATTRIBUTE_SYNTAX;
145 }
146
147 for (i = 0; i < el->num_values; i++) {
148 if (a->syntax->operator_fn) {
149 int ret;
150 ret = a->syntax->operator_fn(ldb, comp_op, a, &el->values[i], &tree->u.comparison.value, matched);
151 if (ret != LDB_SUCCESS) return ret;
152 if (*matched) return LDB_SUCCESS;
153 } else {
154 int ret = a->syntax->comparison_fn(ldb, ldb, &el->values[i], &tree->u.comparison.value);
155
156 if (ret == 0) {
157 *matched = true;
158 return LDB_SUCCESS;
159 }
160 if (ret > 0 && comp_op == LDB_OP_GREATER) {
161 *matched = true;
162 return LDB_SUCCESS;
163 }
164 if (ret < 0 && comp_op == LDB_OP_LESS) {
165 *matched = true;
166 return LDB_SUCCESS;
167 }
168 }
169 }
170
171 *matched = false;
172 return LDB_SUCCESS;
173 }
174
175 /*
176 match a simple leaf node
177 */
178 static int ldb_match_equality(struct ldb_context *ldb,
179 const struct ldb_message *msg,
180 const struct ldb_parse_tree *tree,
181 enum ldb_scope scope,
182 bool *matched)
183 {
184 unsigned int i;
185 struct ldb_message_element *el;
186 const struct ldb_schema_attribute *a;
187 struct ldb_dn *valuedn;
188 int ret;
189
190 if (ldb_attr_dn(tree->u.equality.attr) == 0) {
191 valuedn = ldb_dn_from_ldb_val(ldb, ldb, &tree->u.equality.value);
192 if (valuedn == NULL) {
193 return LDB_ERR_INVALID_DN_SYNTAX;
194 }
195
196 ret = ldb_dn_compare(msg->dn, valuedn);
197
198 talloc_free(valuedn);
199
200 *matched = (ret == 0);
201 return LDB_SUCCESS;
202 }
203
204 /* TODO: handle the "*" case derived from an extended search
205 operation without the attibute type defined */
206 el = ldb_msg_find_element(msg, tree->u.equality.attr);
207 if (el == NULL) {
208 *matched = false;
209 return LDB_SUCCESS;
210 }
211
212 a = ldb_schema_attribute_by_name(ldb, el->name);
213 if (a == NULL) {
214 return LDB_ERR_INVALID_ATTRIBUTE_SYNTAX;
215 }
216
217 for (i=0;i<el->num_values;i++) {
218 if (a->syntax->operator_fn) {
219 ret = a->syntax->operator_fn(ldb, LDB_OP_EQUALITY, a,
220 &tree->u.equality.value, &el->values[i], matched);
221 if (ret != LDB_SUCCESS) return ret;
222 if (*matched) return LDB_SUCCESS;
223 } else {
224 if (a->syntax->comparison_fn(ldb, ldb, &tree->u.equality.value,
225 &el->values[i]) == 0) {
226 *matched = true;
227 return LDB_SUCCESS;
228 }
229 }
230 }
231
232 *matched = false;
233 return LDB_SUCCESS;
234 }
235
236 static int ldb_wildcard_compare(struct ldb_context *ldb,
237 const struct ldb_parse_tree *tree,
238 const struct ldb_val value, bool *matched)
239 {
240 const struct ldb_schema_attribute *a;
241 struct ldb_val val;
242 struct ldb_val cnk;
243 struct ldb_val *chunk;
244 uint8_t *save_p = NULL;
245 unsigned int c = 0;
246
247 a = ldb_schema_attribute_by_name(ldb, tree->u.substring.attr);
248 if (!a) {
249 return LDB_ERR_INVALID_ATTRIBUTE_SYNTAX;
250 }
251
252 if (tree->u.substring.chunks == NULL) {
253 *matched = false;
254 return LDB_SUCCESS;
255 }
256
257 if (a->syntax->canonicalise_fn(ldb, ldb, &value, &val) != 0) {
258 return LDB_ERR_INVALID_ATTRIBUTE_SYNTAX;
259 }
260
261 save_p = val.data;
262 cnk.data = NULL;
263
264 if ( ! tree->u.substring.start_with_wildcard ) {
265
266 chunk = tree->u.substring.chunks[c];
267 if (a->syntax->canonicalise_fn(ldb, ldb, chunk, &cnk) != 0) goto mismatch;
268
269 /* This deals with wildcard prefix searches on binary attributes (eg objectGUID) */
270 if (cnk.length > val.length) {
271 goto mismatch;
272 }
273 /*
274 * Empty strings are returned as length 0. Ensure
275 * we can cope with this.
276 */
277 if (cnk.length == 0) {
278 goto mismatch;
279 }
280
281 if (memcmp((char *)val.data, (char *)cnk.data, cnk.length) != 0) goto mismatch;
282 val.length -= cnk.length;
283 val.data += cnk.length;
284 c++;
285 talloc_free(cnk.data);
286 cnk.data = NULL;
287 }
288
289 while (tree->u.substring.chunks[c]) {
290 uint8_t *p;
291
292 chunk = tree->u.substring.chunks[c];
293 if(a->syntax->canonicalise_fn(ldb, ldb, chunk, &cnk) != 0) goto mismatch;
294
295 /*
296 * Empty strings are returned as length 0. Ensure
297 * we can cope with this.
298 */
299 if (cnk.length == 0) {
300 goto mismatch;
301 }
302 /*
303 * Values might be binary blobs. Don't use string
304 * search, but memory search instead.
305 */
306 p = memmem((const void *)val.data,val.length,
307 (const void *)cnk.data, cnk.length);
308 if (p == NULL) goto mismatch;
309 if ( (! tree->u.substring.chunks[c + 1]) && (! tree->u.substring.end_with_wildcard) ) {
310 uint8_t *g;
311 do { /* greedy */
312 g = memmem(p + cnk.length,
313 val.length - (p - val.data),
314 (const uint8_t *)cnk.data,
315 cnk.length);
316 if (g) p = g;
317 } while(g);
318 }
319 val.length = val.length - (p - (uint8_t *)(val.data)) - cnk.length;
320 val.data = (uint8_t *)(p + cnk.length);
321 c++;
322 talloc_free(cnk.data);
323 cnk.data = NULL;
324 }
325
326 /* last chunk may not have reached end of string */
327 if ( (! tree->u.substring.end_with_wildcard) && (*(val.data) != 0) ) goto mismatch;
328 talloc_free(save_p);
329 *matched = true;
330 return LDB_SUCCESS;
331
332 mismatch:
333 *matched = false;
334 talloc_free(save_p);
335 talloc_free(cnk.data);
336 return LDB_SUCCESS;
337 }
338
339 /*
340 match a simple leaf node
341 */
342 static int ldb_match_substring(struct ldb_context *ldb,
343 const struct ldb_message *msg,
344 const struct ldb_parse_tree *tree,
345 enum ldb_scope scope, bool *matched)
346 {
347 unsigned int i;
348 struct ldb_message_element *el;
349
350 el = ldb_msg_find_element(msg, tree->u.substring.attr);
351 if (el == NULL) {
352 *matched = false;
353 return LDB_SUCCESS;
354 }
355
356 for (i = 0; i < el->num_values; i++) {
357 int ret;
358 ret = ldb_wildcard_compare(ldb, tree, el->values[i], matched);
359 if (ret != LDB_SUCCESS) return ret;
360 if (*matched) return LDB_SUCCESS;
361 }
362
363 *matched = false;
364 return LDB_SUCCESS;
365 }
366
367
368 /*
369 bitwise and/or comparator depending on oid
370 */
371 static int ldb_comparator_bitmask(const char *oid, const struct ldb_val *v1, const struct ldb_val *v2,
372 bool *matched)
373 {
374 uint64_t i1, i2;
375 char ibuf[100];
376 char *endptr = NULL;
377
378 if (v1->length >= sizeof(ibuf)-1) {
379 return LDB_ERR_INVALID_ATTRIBUTE_SYNTAX;
380 }
381 memcpy(ibuf, (char *)v1->data, v1->length);
382 ibuf[v1->length] = 0;
383 i1 = strtoull(ibuf, &endptr, 0);
384 if (endptr != NULL) {
385 if (endptr == ibuf || *endptr != 0) {
386 return LDB_ERR_INVALID_ATTRIBUTE_SYNTAX;
387 }
388 }
389
390 if (v2->length >= sizeof(ibuf)-1) {
391 return LDB_ERR_INVALID_ATTRIBUTE_SYNTAX;
392 }
393 endptr = NULL;
394 memcpy(ibuf, (char *)v2->data, v2->length);
395 ibuf[v2->length] = 0;
396 i2 = strtoull(ibuf, &endptr, 0);
397 if (endptr != NULL) {
398 if (endptr == ibuf || *endptr != 0) {
399 return LDB_ERR_INVALID_ATTRIBUTE_SYNTAX;
400 }
401 }
402 if (strcmp(LDB_OID_COMPARATOR_AND, oid) == 0) {
403 *matched = ((i1 & i2) == i2);
404 } else if (strcmp(LDB_OID_COMPARATOR_OR, oid) == 0) {
405 *matched = ((i1 & i2) != 0);
406 } else {
407 return LDB_ERR_INAPPROPRIATE_MATCHING;
408 }
409 return LDB_SUCCESS;
410 }
411
412 static int ldb_match_bitmask(struct ldb_context *ldb,
413 const char *oid,
414 const struct ldb_message *msg,
415 const char *attribute_to_match,
416 const struct ldb_val *value_to_match,
417 bool *matched)
418 {
419 unsigned int i;
420 struct ldb_message_element *el;
421
422 /* find the message element */
423 el = ldb_msg_find_element(msg, attribute_to_match);
424 if (el == NULL) {
425 *matched = false;
426 return LDB_SUCCESS;
427 }
428
429 for (i=0;i<el->num_values;i++) {
430 int ret;
431 struct ldb_val *v = &el->values[i];
432
433 ret = ldb_comparator_bitmask(oid, v, value_to_match, matched);
434 if (ret != LDB_SUCCESS) {
435 return ret;
436 }
437 if (*matched) {
438 return LDB_SUCCESS;
439 }
440 }
441
442 *matched = false;
443 return LDB_SUCCESS;
444 }
445
446 /*
447 always return false
448 */
449 static int ldb_comparator_false(struct ldb_context *ldb,
450 const char *oid,
451 const struct ldb_message *msg,
452 const char *attribute_to_match,
453 const struct ldb_val *value_to_match,
454 bool *matched)
455 {
456 *matched = false;
457 return LDB_SUCCESS;
458 }
459
460
461 static const struct ldb_extended_match_rule *ldb_find_extended_match_rule(struct ldb_context *ldb,
462 const char *oid)
463 {
464 struct ldb_extended_match_entry *extended_match_rule;
465
466 for (extended_match_rule = ldb->extended_match_rules;
467 extended_match_rule;
468 extended_match_rule = extended_match_rule->next) {
469 if (strcmp(extended_match_rule->rule->oid, oid) == 0) {
470 return extended_match_rule->rule;
471 }
472 }
473
474 return NULL;
475 }
476
477
478 /*
479 extended match, handles things like bitops
480 */
481 static int ldb_match_extended(struct ldb_context *ldb,
482 const struct ldb_message *msg,
483 const struct ldb_parse_tree *tree,
484 enum ldb_scope scope, bool *matched)
485 {
486 const struct ldb_extended_match_rule *rule;
487
488 if (tree->u.extended.dnAttributes) {
489 /* FIXME: We really need to find out what this ":dn" part in
490 * an extended match means and how to handle it. For now print
491 * only a warning to have s3 winbind and other tools working
492 * against us. - Matthias */
493 ldb_debug(ldb, LDB_DEBUG_WARNING, "ldb: dnAttributes extended match not supported yet");
494 }
495 if (tree->u.extended.rule_id == NULL) {
496 ldb_debug(ldb, LDB_DEBUG_ERROR, "ldb: no-rule extended matches not supported yet");
497 return LDB_ERR_INAPPROPRIATE_MATCHING;
498 }
499 if (tree->u.extended.attr == NULL) {
500 ldb_debug(ldb, LDB_DEBUG_ERROR, "ldb: no-attribute extended matches not supported yet");
501 return LDB_ERR_INAPPROPRIATE_MATCHING;
502 }
503
504 rule = ldb_find_extended_match_rule(ldb, tree->u.extended.rule_id);
505 if (rule == NULL) {
506 *matched = false;
507 ldb_debug(ldb, LDB_DEBUG_ERROR, "ldb: unknown extended rule_id %s",
508 tree->u.extended.rule_id);
509 return LDB_SUCCESS;
510 }
511
512 return rule->callback(ldb, rule->oid, msg,
513 tree->u.extended.attr,
514 &tree->u.extended.value, matched);
515 }
516
517 /*
518 return 0 if the given parse tree matches the given message. Assumes
519 the message is in sorted order
520
521 return 1 if it matches, and 0 if it doesn't match
522
523 this is a recursive function, and does short-circuit evaluation
524 */
525 static int ldb_match_message(struct ldb_context *ldb,
526 const struct ldb_message *msg,
527 const struct ldb_parse_tree *tree,
528 enum ldb_scope scope, bool *matched)
529 {
530 unsigned int i;
531 int ret;
532
533 *matched = false;
534
535 if (scope != LDB_SCOPE_BASE && ldb_dn_is_special(msg->dn)) {
536 /* don't match special records except on base searches */
537 return LDB_SUCCESS;
538 }
539
540 switch (tree->operation) {
541 case LDB_OP_AND:
542 for (i=0;i<tree->u.list.num_elements;i++) {
543 ret = ldb_match_message(ldb, msg, tree->u.list.elements[i], scope, matched);
544 if (ret != LDB_SUCCESS) return ret;
545 if (!*matched) return LDB_SUCCESS;
546 }
547 *matched = true;
548 return LDB_SUCCESS;
549
550 case LDB_OP_OR:
551 for (i=0;i<tree->u.list.num_elements;i++) {
552 ret = ldb_match_message(ldb, msg, tree->u.list.elements[i], scope, matched);
553 if (ret != LDB_SUCCESS) return ret;
554 if (*matched) return LDB_SUCCESS;
555 }
556 *matched = false;
557 return LDB_SUCCESS;
558
559 case LDB_OP_NOT:
560 ret = ldb_match_message(ldb, msg, tree->u.isnot.child, scope, matched);
561 if (ret != LDB_SUCCESS) return ret;
562 *matched = ! *matched;
563 return LDB_SUCCESS;
564
565 case LDB_OP_EQUALITY:
566 return ldb_match_equality(ldb, msg, tree, scope, matched);
567
568 case LDB_OP_SUBSTRING:
569 return ldb_match_substring(ldb, msg, tree, scope, matched);
570
571 case LDB_OP_GREATER:
572 return ldb_match_comparison(ldb, msg, tree, scope, LDB_OP_GREATER, matched);
573
574 case LDB_OP_LESS:
575 return ldb_match_comparison(ldb, msg, tree, scope, LDB_OP_LESS, matched);
576
577 case LDB_OP_PRESENT:
578 return ldb_match_present(ldb, msg, tree, scope, matched);
579
580 case LDB_OP_APPROX:
581 return ldb_match_comparison(ldb, msg, tree, scope, LDB_OP_APPROX, matched);
582
583 case LDB_OP_EXTENDED:
584 return ldb_match_extended(ldb, msg, tree, scope, matched);
585 }
586
587 return LDB_ERR_INAPPROPRIATE_MATCHING;
588 }
589
590 int ldb_match_msg(struct ldb_context *ldb,
591 const struct ldb_message *msg,
592 const struct ldb_parse_tree *tree,
593 struct ldb_dn *base,
594 enum ldb_scope scope)
595 {
596 bool matched;
597 int ret;
598
599 if ( ! ldb_match_scope(ldb, base, msg->dn, scope) ) {
600 return 0;
601 }
602
603 ret = ldb_match_message(ldb, msg, tree, scope, &matched);
604 if (ret != LDB_SUCCESS) {
605 /* to match the old API, we need to consider this a
606 failure to match */
607 return 0;
608 }
609 return matched?1:0;
610 }
611
612 int ldb_match_msg_error(struct ldb_context *ldb,
613 const struct ldb_message *msg,
614 const struct ldb_parse_tree *tree,
615 struct ldb_dn *base,
616 enum ldb_scope scope,
617 bool *matched)
618 {
619 if ( ! ldb_match_scope(ldb, base, msg->dn, scope) ) {
620 *matched = false;
621 return LDB_SUCCESS;
622 }
623
624 return ldb_match_message(ldb, msg, tree, scope, matched);
625 }
626
627 int ldb_match_msg_objectclass(const struct ldb_message *msg,
628 const char *objectclass)
629 {
630 unsigned int i;
631 struct ldb_message_element *el = ldb_msg_find_element(msg, "objectClass");
632 if (!el) {
633 return 0;
634 }
635 for (i=0; i < el->num_values; i++) {
636 if (ldb_attr_cmp((const char *)el->values[i].data, objectclass) == 0) {
637 return 1;
638 }
639 }
640 return 0;
641 }
642
643 _PRIVATE_ int ldb_register_extended_match_rules(struct ldb_context *ldb)
644 {
645 struct ldb_extended_match_rule *bitmask_and;
646 struct ldb_extended_match_rule *bitmask_or;
647 struct ldb_extended_match_rule *always_false;
648 int ret;
649
650 /* Register bitmask-and match */
651 bitmask_and = talloc_zero(ldb, struct ldb_extended_match_rule);
652 if (bitmask_and == NULL) {
653 return LDB_ERR_OPERATIONS_ERROR;
654 }
655
656 bitmask_and->oid = LDB_OID_COMPARATOR_AND;
657 bitmask_and->callback = ldb_match_bitmask;
658
659 ret = ldb_register_extended_match_rule(ldb, bitmask_and);
660 if (ret != LDB_SUCCESS) {
661 return ret;
662 }
663
664 /* Register bitmask-or match */
665 bitmask_or = talloc_zero(ldb, struct ldb_extended_match_rule);
666 if (bitmask_or == NULL) {
667 return LDB_ERR_OPERATIONS_ERROR;
668 }
669
670 bitmask_or->oid = LDB_OID_COMPARATOR_OR;
671 bitmask_or->callback = ldb_match_bitmask;
672
673 ret = ldb_register_extended_match_rule(ldb, bitmask_or);
674 if (ret != LDB_SUCCESS) {
675 return ret;
676 }
677
678 /* Register always-false match */
679 always_false = talloc_zero(ldb, struct ldb_extended_match_rule);
680 if (always_false == NULL) {
681 return LDB_ERR_OPERATIONS_ERROR;
682 }
683
684 always_false->oid = SAMBA_LDAP_MATCH_ALWAYS_FALSE;
685 always_false->callback = ldb_comparator_false;
686
687 ret = ldb_register_extended_match_rule(ldb, always_false);
688 if (ret != LDB_SUCCESS) {
689 return ret;
690 }
691
692 return LDB_SUCCESS;
693 }
694
695 /*
696 register a new ldb backend
697
698 if override is true, then override any existing backend for this prefix
699 */
700 int ldb_register_extended_match_rule(struct ldb_context *ldb,
701 const struct ldb_extended_match_rule *rule)
702 {
703 const struct ldb_extended_match_rule *lookup_rule;
704 struct ldb_extended_match_entry *entry;
705
706 lookup_rule = ldb_find_extended_match_rule(ldb, rule->oid);
707 if (lookup_rule) {
708 return LDB_ERR_ENTRY_ALREADY_EXISTS;
709 }
710
711 entry = talloc_zero(ldb, struct ldb_extended_match_entry);
712 if (!entry) {
713 return LDB_ERR_OPERATIONS_ERROR;
714 }
715 entry->rule = rule;
716 DLIST_ADD_END(ldb->extended_match_rules, entry);
717
718 return LDB_SUCCESS;
719 }
720
Samba GIT mirror