search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
s3:smbXsrv_tcon: don't pass smbXsrv_connection to smbXsrv_tcon_create()
[Samba.git] / lib / ldb / common / ldb_match.c
blob7918aec65f166378a232e9da4513f1dd19928ff5
1 /*
2 ldb database library
3
4 Copyright (C) Andrew Tridgell 2004-2005
5 Copyright (C) Simo Sorce 2005
6
7 ** NOTE! The following LGPL license applies to the ldb
8 ** library. This does NOT imply that all of Samba is released
9 ** under the LGPL
10
11 This library is free software; you can redistribute it and/or
12 modify it under the terms of the GNU Lesser General Public
13 License as published by the Free Software Foundation; either
14 version 3 of the License, or (at your option) any later version.
15
16 This library is distributed in the hope that it will be useful,
17 but WITHOUT ANY WARRANTY; without even the implied warranty of
18 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
19 Lesser General Public License for more details.
20
21 You should have received a copy of the GNU Lesser General Public
22 License along with this library; if not, see <http://www.gnu.org/licenses/>.
23 */
24
25 /*
26 * Name: ldb
27 *
28 * Component: ldb expression matching
29 *
30 * Description: ldb expression matching
31 *
32 * Author: Andrew Tridgell
33 */
34
35 #include "ldb_private.h"
36
37 /*
38 check if the scope matches in a search result
39 */
40 static int ldb_match_scope(struct ldb_context *ldb,
41 struct ldb_dn *base,
42 struct ldb_dn *dn,
43 enum ldb_scope scope)
44 {
45 int ret = 0;
46
47 if (base == NULL || dn == NULL) {
48 return 1;
49 }
50
51 switch (scope) {
52 case LDB_SCOPE_BASE:
53 if (ldb_dn_compare(base, dn) == 0) {
54 ret = 1;
55 }
56 break;
57
58 case LDB_SCOPE_ONELEVEL:
59 if (ldb_dn_get_comp_num(dn) == (ldb_dn_get_comp_num(base) + 1)) {
60 if (ldb_dn_compare_base(base, dn) == 0) {
61 ret = 1;
62 }
63 }
64 break;
65
66 case LDB_SCOPE_SUBTREE:
67 default:
68 if (ldb_dn_compare_base(base, dn) == 0) {
69 ret = 1;
70 }
71 break;
72 }
73
74 return ret;
75 }
76
77
78 /*
79 match if node is present
80 */
81 static int ldb_match_present(struct ldb_context *ldb,
82 const struct ldb_message *msg,
83 const struct ldb_parse_tree *tree,
84 enum ldb_scope scope, bool *matched)
85 {
86 const struct ldb_schema_attribute *a;
87 struct ldb_message_element *el;
88
89 if (ldb_attr_dn(tree->u.present.attr) == 0) {
90 *matched = true;
91 return LDB_SUCCESS;
92 }
93
94 el = ldb_msg_find_element(msg, tree->u.present.attr);
95 if (el == NULL) {
96 *matched = false;
97 return LDB_SUCCESS;
98 }
99
100 a = ldb_schema_attribute_by_name(ldb, el->name);
101 if (!a) {
102 return LDB_ERR_INVALID_ATTRIBUTE_SYNTAX;
103 }
104
105 if (a->syntax->operator_fn) {
106 unsigned int i;
107 for (i = 0; i < el->num_values; i++) {
108 int ret = a->syntax->operator_fn(ldb, LDB_OP_PRESENT, a, &el->values[i], NULL, matched);
109 if (ret != LDB_SUCCESS) return ret;
110 if (*matched) return LDB_SUCCESS;
111 }
112 *matched = false;
113 return LDB_SUCCESS;
114 }
115
116 *matched = true;
117 return LDB_SUCCESS;
118 }
119
120 static int ldb_match_comparison(struct ldb_context *ldb,
121 const struct ldb_message *msg,
122 const struct ldb_parse_tree *tree,
123 enum ldb_scope scope,
124 enum ldb_parse_op comp_op, bool *matched)
125 {
126 unsigned int i;
127 struct ldb_message_element *el;
128 const struct ldb_schema_attribute *a;
129
130 /* FIXME: APPROX comparison not handled yet */
131 if (comp_op == LDB_OP_APPROX) {
132 return LDB_ERR_INAPPROPRIATE_MATCHING;
133 }
134
135 el = ldb_msg_find_element(msg, tree->u.comparison.attr);
136 if (el == NULL) {
137 *matched = false;
138 return LDB_SUCCESS;
139 }
140
141 a = ldb_schema_attribute_by_name(ldb, el->name);
142 if (!a) {
143 return LDB_ERR_INVALID_ATTRIBUTE_SYNTAX;
144 }
145
146 for (i = 0; i < el->num_values; i++) {
147 if (a->syntax->operator_fn) {
148 int ret;
149 ret = a->syntax->operator_fn(ldb, comp_op, a, &el->values[i], &tree->u.comparison.value, matched);
150 if (ret != LDB_SUCCESS) return ret;
151 if (*matched) return LDB_SUCCESS;
152 } else {
153 int ret = a->syntax->comparison_fn(ldb, ldb, &el->values[i], &tree->u.comparison.value);
154
155 if (ret == 0) {
156 *matched = true;
157 return LDB_SUCCESS;
158 }
159 if (ret > 0 && comp_op == LDB_OP_GREATER) {
160 *matched = true;
161 return LDB_SUCCESS;
162 }
163 if (ret < 0 && comp_op == LDB_OP_LESS) {
164 *matched = true;
165 return LDB_SUCCESS;
166 }
167 }
168 }
169
170 *matched = false;
171 return LDB_SUCCESS;
172 }
173
174 /*
175 match a simple leaf node
176 */
177 static int ldb_match_equality(struct ldb_context *ldb,
178 const struct ldb_message *msg,
179 const struct ldb_parse_tree *tree,
180 enum ldb_scope scope,
181 bool *matched)
182 {
183 unsigned int i;
184 struct ldb_message_element *el;
185 const struct ldb_schema_attribute *a;
186 struct ldb_dn *valuedn;
187 int ret;
188
189 if (ldb_attr_dn(tree->u.equality.attr) == 0) {
190 valuedn = ldb_dn_from_ldb_val(ldb, ldb, &tree->u.equality.value);
191 if (valuedn == NULL) {
192 return LDB_ERR_INVALID_DN_SYNTAX;
193 }
194
195 ret = ldb_dn_compare(msg->dn, valuedn);
196
197 talloc_free(valuedn);
198
199 *matched = (ret == 0);
200 return LDB_SUCCESS;
201 }
202
203 /* TODO: handle the "*" case derived from an extended search
204 operation without the attibute type defined */
205 el = ldb_msg_find_element(msg, tree->u.equality.attr);
206 if (el == NULL) {
207 *matched = false;
208 return LDB_SUCCESS;
209 }
210
211 a = ldb_schema_attribute_by_name(ldb, el->name);
212 if (a == NULL) {
213 return LDB_ERR_INVALID_ATTRIBUTE_SYNTAX;
214 }
215
216 for (i=0;i<el->num_values;i++) {
217 if (a->syntax->operator_fn) {
218 ret = a->syntax->operator_fn(ldb, LDB_OP_EQUALITY, a,
219 &tree->u.equality.value, &el->values[i], matched);
220 if (ret != LDB_SUCCESS) return ret;
221 if (*matched) return LDB_SUCCESS;
222 } else {
223 if (a->syntax->comparison_fn(ldb, ldb, &tree->u.equality.value,
224 &el->values[i]) == 0) {
225 *matched = true;
226 return LDB_SUCCESS;
227 }
228 }
229 }
230
231 *matched = false;
232 return LDB_SUCCESS;
233 }
234
235 static int ldb_wildcard_compare(struct ldb_context *ldb,
236 const struct ldb_parse_tree *tree,
237 const struct ldb_val value, bool *matched)
238 {
239 const struct ldb_schema_attribute *a;
240 struct ldb_val val;
241 struct ldb_val cnk;
242 struct ldb_val *chunk;
243 char *p, *g;
244 uint8_t *save_p = NULL;
245 unsigned int c = 0;
246
247 a = ldb_schema_attribute_by_name(ldb, tree->u.substring.attr);
248 if (!a) {
249 return LDB_ERR_INVALID_ATTRIBUTE_SYNTAX;
250 }
251
252 if (tree->u.substring.chunks == NULL) {
253 *matched = false;
254 return LDB_SUCCESS;
255 }
256
257 if (a->syntax->canonicalise_fn(ldb, ldb, &value, &val) != 0) {
258 return LDB_ERR_INVALID_ATTRIBUTE_SYNTAX;
259 }
260
261 save_p = val.data;
262 cnk.data = NULL;
263
264 if ( ! tree->u.substring.start_with_wildcard ) {
265
266 chunk = tree->u.substring.chunks[c];
267 if (a->syntax->canonicalise_fn(ldb, ldb, chunk, &cnk) != 0) goto mismatch;
268
269 /* This deals with wildcard prefix searches on binary attributes (eg objectGUID) */
270 if (cnk.length > val.length) {
271 goto mismatch;
272 }
273 if (memcmp((char *)val.data, (char *)cnk.data, cnk.length) != 0) goto mismatch;
274 val.length -= cnk.length;
275 val.data += cnk.length;
276 c++;
277 talloc_free(cnk.data);
278 cnk.data = NULL;
279 }
280
281 while (tree->u.substring.chunks[c]) {
282
283 chunk = tree->u.substring.chunks[c];
284 if(a->syntax->canonicalise_fn(ldb, ldb, chunk, &cnk) != 0) goto mismatch;
285
286 /* FIXME: case of embedded nulls */
287 p = strstr((char *)val.data, (char *)cnk.data);
288 if (p == NULL) goto mismatch;
289 if ( (! tree->u.substring.chunks[c + 1]) && (! tree->u.substring.end_with_wildcard) ) {
290 do { /* greedy */
291 g = strstr((char *)p + cnk.length, (char *)cnk.data);
292 if (g) p = g;
293 } while(g);
294 }
295 val.length = val.length - (p - (char *)(val.data)) - cnk.length;
296 val.data = (uint8_t *)(p + cnk.length);
297 c++;
298 talloc_free(cnk.data);
299 cnk.data = NULL;
300 }
301
302 /* last chunk may not have reached end of string */
303 if ( (! tree->u.substring.end_with_wildcard) && (*(val.data) != 0) ) goto mismatch;
304 talloc_free(save_p);
305 *matched = true;
306 return LDB_SUCCESS;
307
308 mismatch:
309 *matched = false;
310 talloc_free(save_p);
311 talloc_free(cnk.data);
312 return LDB_SUCCESS;
313 }
314
315 /*
316 match a simple leaf node
317 */
318 static int ldb_match_substring(struct ldb_context *ldb,
319 const struct ldb_message *msg,
320 const struct ldb_parse_tree *tree,
321 enum ldb_scope scope, bool *matched)
322 {
323 unsigned int i;
324 struct ldb_message_element *el;
325
326 el = ldb_msg_find_element(msg, tree->u.substring.attr);
327 if (el == NULL) {
328 *matched = false;
329 return LDB_SUCCESS;
330 }
331
332 for (i = 0; i < el->num_values; i++) {
333 int ret;
334 ret = ldb_wildcard_compare(ldb, tree, el->values[i], matched);
335 if (ret != LDB_SUCCESS) return ret;
336 if (*matched) return LDB_SUCCESS;
337 }
338
339 *matched = false;
340 return LDB_SUCCESS;
341 }
342
343
344 /*
345 bitwise-and comparator
346 */
347 static int ldb_comparator_bitmask(const char *oid, const struct ldb_val *v1, const struct ldb_val *v2,
348 bool *matched)
349 {
350 uint64_t i1, i2;
351 char ibuf[100];
352 char *endptr = NULL;
353
354 if (v1->length >= sizeof(ibuf)-1) {
355 return LDB_ERR_INVALID_ATTRIBUTE_SYNTAX;
356 }
357 memcpy(ibuf, (char *)v1->data, v1->length);
358 ibuf[v1->length] = 0;
359 i1 = strtoull(ibuf, &endptr, 0);
360 if (endptr != NULL) {
361 if (endptr == ibuf || *endptr != 0) {
362 return LDB_ERR_INVALID_ATTRIBUTE_SYNTAX;
363 }
364 }
365
366 if (v2->length >= sizeof(ibuf)-1) {
367 return LDB_ERR_INVALID_ATTRIBUTE_SYNTAX;
368 }
369 endptr = NULL;
370 memcpy(ibuf, (char *)v2->data, v2->length);
371 ibuf[v2->length] = 0;
372 i2 = strtoull(ibuf, &endptr, 0);
373 if (endptr != NULL) {
374 if (endptr == ibuf || *endptr != 0) {
375 return LDB_ERR_INVALID_ATTRIBUTE_SYNTAX;
376 }
377 }
378 if (strcmp(LDB_OID_COMPARATOR_AND, oid) == 0) {
379 *matched = ((i1 & i2) == i2);
380 } else if (strcmp(LDB_OID_COMPARATOR_OR, oid) == 0) {
381 *matched = ((i1 & i2) != 0);
382 } else {
383 return LDB_ERR_INAPPROPRIATE_MATCHING;
384 }
385 return LDB_SUCCESS;
386 }
387
388 /*
389 always return false
390 */
391 static int ldb_comparator_false(const char *oid, const struct ldb_val *v1, const struct ldb_val *v2,
392 bool *matched)
393 {
394 *matched = false;
395 return LDB_SUCCESS;
396 }
397
398
399 /*
400 extended match, handles things like bitops
401 */
402 static int ldb_match_extended(struct ldb_context *ldb,
403 const struct ldb_message *msg,
404 const struct ldb_parse_tree *tree,
405 enum ldb_scope scope, bool *matched)
406 {
407 unsigned int i;
408 const struct {
409 const char *oid;
410 int (*comparator)(const char *, const struct ldb_val *, const struct ldb_val *, bool *);
411 } rules[] = {
412 { LDB_OID_COMPARATOR_AND, ldb_comparator_bitmask},
413 { LDB_OID_COMPARATOR_OR, ldb_comparator_bitmask},
414 { SAMBA_LDAP_MATCH_ALWAYS_FALSE, ldb_comparator_false}
415 };
416 int (*comp)(const char *,const struct ldb_val *, const struct ldb_val *, bool *) = NULL;
417 struct ldb_message_element *el;
418
419 if (tree->u.extended.dnAttributes) {
420 /* FIXME: We really need to find out what this ":dn" part in
421 * an extended match means and how to handle it. For now print
422 * only a warning to have s3 winbind and other tools working
423 * against us. - Matthias */
424 ldb_debug(ldb, LDB_DEBUG_WARNING, "ldb: dnAttributes extended match not supported yet");
425 }
426 if (tree->u.extended.rule_id == NULL) {
427 ldb_debug(ldb, LDB_DEBUG_ERROR, "ldb: no-rule extended matches not supported yet");
428 return LDB_ERR_INAPPROPRIATE_MATCHING;
429 }
430 if (tree->u.extended.attr == NULL) {
431 ldb_debug(ldb, LDB_DEBUG_ERROR, "ldb: no-attribute extended matches not supported yet");
432 return LDB_ERR_INAPPROPRIATE_MATCHING;
433 }
434
435 for (i=0;i<ARRAY_SIZE(rules);i++) {
436 if (strcmp(rules[i].oid, tree->u.extended.rule_id) == 0) {
437 comp = rules[i].comparator;
438 break;
439 }
440 }
441 if (comp == NULL) {
442 ldb_debug(ldb, LDB_DEBUG_ERROR, "ldb: unknown extended rule_id %s",
443 tree->u.extended.rule_id);
444 return LDB_ERR_INAPPROPRIATE_MATCHING;
445 }
446
447 /* find the message element */
448 el = ldb_msg_find_element(msg, tree->u.extended.attr);
449 if (el == NULL) {
450 *matched = false;
451 return LDB_SUCCESS;
452 }
453
454 for (i=0;i<el->num_values;i++) {
455 int ret = comp(tree->u.extended.rule_id, &el->values[i], &tree->u.extended.value, matched);
456 if (ret != LDB_SUCCESS) return ret;
457 if (*matched) return LDB_SUCCESS;
458 }
459
460 *matched = false;
461 return LDB_SUCCESS;
462 }
463
464 /*
465 return 0 if the given parse tree matches the given message. Assumes
466 the message is in sorted order
467
468 return 1 if it matches, and 0 if it doesn't match
469
470 this is a recursive function, and does short-circuit evaluation
471 */
472 static int ldb_match_message(struct ldb_context *ldb,
473 const struct ldb_message *msg,
474 const struct ldb_parse_tree *tree,
475 enum ldb_scope scope, bool *matched)
476 {
477 unsigned int i;
478 int ret;
479
480 *matched = false;
481
482 if (scope != LDB_SCOPE_BASE && ldb_dn_is_special(msg->dn)) {
483 /* don't match special records except on base searches */
484 return LDB_SUCCESS;
485 }
486
487 switch (tree->operation) {
488 case LDB_OP_AND:
489 for (i=0;i<tree->u.list.num_elements;i++) {
490 ret = ldb_match_message(ldb, msg, tree->u.list.elements[i], scope, matched);
491 if (ret != LDB_SUCCESS) return ret;
492 if (!*matched) return LDB_SUCCESS;
493 }
494 *matched = true;
495 return LDB_SUCCESS;
496
497 case LDB_OP_OR:
498 for (i=0;i<tree->u.list.num_elements;i++) {
499 ret = ldb_match_message(ldb, msg, tree->u.list.elements[i], scope, matched);
500 if (ret != LDB_SUCCESS) return ret;
501 if (*matched) return LDB_SUCCESS;
502 }
503 *matched = false;
504 return LDB_SUCCESS;
505
506 case LDB_OP_NOT:
507 ret = ldb_match_message(ldb, msg, tree->u.isnot.child, scope, matched);
508 if (ret != LDB_SUCCESS) return ret;
509 *matched = ! *matched;
510 return LDB_SUCCESS;
511
512 case LDB_OP_EQUALITY:
513 return ldb_match_equality(ldb, msg, tree, scope, matched);
514
515 case LDB_OP_SUBSTRING:
516 return ldb_match_substring(ldb, msg, tree, scope, matched);
517
518 case LDB_OP_GREATER:
519 return ldb_match_comparison(ldb, msg, tree, scope, LDB_OP_GREATER, matched);
520
521 case LDB_OP_LESS:
522 return ldb_match_comparison(ldb, msg, tree, scope, LDB_OP_LESS, matched);
523
524 case LDB_OP_PRESENT:
525 return ldb_match_present(ldb, msg, tree, scope, matched);
526
527 case LDB_OP_APPROX:
528 return ldb_match_comparison(ldb, msg, tree, scope, LDB_OP_APPROX, matched);
529
530 case LDB_OP_EXTENDED:
531 return ldb_match_extended(ldb, msg, tree, scope, matched);
532 }
533
534 return LDB_ERR_INAPPROPRIATE_MATCHING;
535 }
536
537 int ldb_match_msg(struct ldb_context *ldb,
538 const struct ldb_message *msg,
539 const struct ldb_parse_tree *tree,
540 struct ldb_dn *base,
541 enum ldb_scope scope)
542 {
543 bool matched;
544 int ret;
545
546 if ( ! ldb_match_scope(ldb, base, msg->dn, scope) ) {
547 return 0;
548 }
549
550 ret = ldb_match_message(ldb, msg, tree, scope, &matched);
551 if (ret != LDB_SUCCESS) {
552 /* to match the old API, we need to consider this a
553 failure to match */
554 return 0;
555 }
556 return matched?1:0;
557 }
558
559 int ldb_match_msg_error(struct ldb_context *ldb,
560 const struct ldb_message *msg,
561 const struct ldb_parse_tree *tree,
562 struct ldb_dn *base,
563 enum ldb_scope scope,
564 bool *matched)
565 {
566 if ( ! ldb_match_scope(ldb, base, msg->dn, scope) ) {
567 *matched = false;
568 return LDB_SUCCESS;
569 }
570
571 return ldb_match_message(ldb, msg, tree, scope, matched);
572 }
573
574 int ldb_match_msg_objectclass(const struct ldb_message *msg,
575 const char *objectclass)
576 {
577 unsigned int i;
578 struct ldb_message_element *el = ldb_msg_find_element(msg, "objectClass");
579 if (!el) {
580 return 0;
581 }
582 for (i=0; i < el->num_values; i++) {
583 if (ldb_attr_cmp((const char *)el->values[i].data, objectclass) == 0) {
584 return 1;
585 }
586 }
587 return 0;
588 }
589
590
591
Samba GIT mirror