LCOV - code coverage report
Current view: top level - lib/ldb/common - ldb_match.c (source / functions) Hit Total Coverage
Test: coverage report for v4-17-test 1498b464 Lines: 307 364 84.3 %
Date: 2024-06-13 04:01:37 Functions: 17 19 89.5 %

          Line data    Source code
       1             : /* 
       2             :    ldb database library
       3             : 
       4             :    Copyright (C) Andrew Tridgell  2004-2005
       5             :    Copyright (C) Simo Sorce            2005
       6             : 
       7             :      ** NOTE! The following LGPL license applies to the ldb
       8             :      ** library. This does NOT imply that all of Samba is released
       9             :      ** under the LGPL
      10             :    
      11             :    This library is free software; you can redistribute it and/or
      12             :    modify it under the terms of the GNU Lesser General Public
      13             :    License as published by the Free Software Foundation; either
      14             :    version 3 of the License, or (at your option) any later version.
      15             : 
      16             :    This library is distributed in the hope that it will be useful,
      17             :    but WITHOUT ANY WARRANTY; without even the implied warranty of
      18             :    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
      19             :    Lesser General Public License for more details.
      20             : 
      21             :    You should have received a copy of the GNU Lesser General Public
      22             :    License along with this library; if not, see <http://www.gnu.org/licenses/>.
      23             : */
      24             : 
      25             : /*
      26             :  *  Name: ldb
      27             :  *
      28             :  *  Component: ldb expression matching
      29             :  *
      30             :  *  Description: ldb expression matching 
      31             :  *
      32             :  *  Author: Andrew Tridgell
      33             :  */
      34             : 
      35             : #include "ldb_private.h"
      36             : #include "dlinklist.h"
      37             : #include "ldb_handlers.h"
      38             : 
      39             : /*
      40             :   check if the scope matches in a search result
      41             : */
      42   163484373 : int ldb_match_scope(struct ldb_context *ldb,
      43             :                     struct ldb_dn *base,
      44             :                     struct ldb_dn *dn,
      45             :                     enum ldb_scope scope)
      46             : {
      47   163484373 :         int ret = 0;
      48             : 
      49   163484373 :         if (base == NULL || dn == NULL) {
      50           0 :                 return 1;
      51             :         }
      52             : 
      53   163484373 :         switch (scope) {
      54           0 :         case LDB_SCOPE_BASE:
      55           0 :                 if (ldb_dn_compare(base, dn) == 0) {
      56           0 :                         ret = 1;
      57             :                 }
      58           0 :                 break;
      59             : 
      60      155899 :         case LDB_SCOPE_ONELEVEL:
      61      155899 :                 if (ldb_dn_get_comp_num(dn) == (ldb_dn_get_comp_num(base) + 1)) {
      62       30005 :                         if (ldb_dn_compare_base(base, dn) == 0) {
      63       12552 :                                 ret = 1;
      64             :                         }
      65             :                 }
      66      155899 :                 break;
      67             :                 
      68   163328474 :         case LDB_SCOPE_SUBTREE:
      69             :         default:
      70   163328474 :                 if (ldb_dn_compare_base(base, dn) == 0) {
      71    96833578 :                         ret = 1;
      72             :                 }
      73   163328474 :                 break;
      74             :         }
      75             : 
      76   163484373 :         return ret;
      77             : }
      78             : 
      79             : 
      80             : /*
      81             :   match if node is present
      82             : */
      83    39442702 : static int ldb_match_present(struct ldb_context *ldb, 
      84             :                              const struct ldb_message *msg,
      85             :                              const struct ldb_parse_tree *tree,
      86             :                              enum ldb_scope scope, bool *matched)
      87             : {
      88             :         const struct ldb_schema_attribute *a;
      89             :         struct ldb_message_element *el;
      90             : 
      91    39442702 :         if (ldb_attr_dn(tree->u.present.attr) == 0) {
      92     4223331 :                 *matched = true;
      93     4223331 :                 return LDB_SUCCESS;
      94             :         }
      95             : 
      96    35219371 :         el = ldb_msg_find_element(msg, tree->u.present.attr);
      97    35219371 :         if (el == NULL) {
      98     4556344 :                 *matched = false;
      99     4556344 :                 return LDB_SUCCESS;
     100             :         }
     101             : 
     102    30663027 :         a = ldb_schema_attribute_by_name(ldb, el->name);
     103    30663027 :         if (!a) {
     104           0 :                 return LDB_ERR_INVALID_ATTRIBUTE_SYNTAX;
     105             :         }
     106             : 
     107    30663027 :         if (a->syntax->operator_fn) {
     108             :                 unsigned int i;
     109      333966 :                 for (i = 0; i < el->num_values; i++) {
     110      333966 :                         int ret = a->syntax->operator_fn(ldb, LDB_OP_PRESENT, a, &el->values[i], NULL, matched);
     111      333966 :                         if (ret != LDB_SUCCESS) return ret;
     112      333966 :                         if (*matched) return LDB_SUCCESS;
     113             :                 }
     114           0 :                 *matched = false;
     115           0 :                 return LDB_SUCCESS;
     116             :         }
     117             : 
     118    30329061 :         *matched = true;
     119    30329061 :         return LDB_SUCCESS;
     120             : }
     121             : 
     122     4528705 : static int ldb_match_comparison(struct ldb_context *ldb, 
     123             :                                 const struct ldb_message *msg,
     124             :                                 const struct ldb_parse_tree *tree,
     125             :                                 enum ldb_scope scope,
     126             :                                 enum ldb_parse_op comp_op, bool *matched)
     127             : {
     128             :         unsigned int i;
     129             :         struct ldb_message_element *el;
     130             :         const struct ldb_schema_attribute *a;
     131             : 
     132             :         /* FIXME: APPROX comparison not handled yet */
     133     4528705 :         if (comp_op == LDB_OP_APPROX) {
     134           0 :                 return LDB_ERR_INAPPROPRIATE_MATCHING;
     135             :         }
     136             : 
     137     4528705 :         el = ldb_msg_find_element(msg, tree->u.comparison.attr);
     138     4528705 :         if (el == NULL) {
     139      121725 :                 *matched = false;
     140      121725 :                 return LDB_SUCCESS;
     141             :         }
     142             : 
     143     4406980 :         a = ldb_schema_attribute_by_name(ldb, el->name);
     144     4406980 :         if (!a) {
     145           0 :                 return LDB_ERR_INVALID_ATTRIBUTE_SYNTAX;
     146             :         }
     147             : 
     148     6459707 :         for (i = 0; i < el->num_values; i++) {
     149     4406993 :                 if (a->syntax->operator_fn) {
     150             :                         int ret;
     151         334 :                         ret = a->syntax->operator_fn(ldb, comp_op, a, &el->values[i], &tree->u.comparison.value, matched);
     152         334 :                         if (ret != LDB_SUCCESS) return ret;
     153         334 :                         if (*matched) return LDB_SUCCESS;
     154             :                 } else {
     155     4406659 :                         int ret = a->syntax->comparison_fn(ldb, ldb, &el->values[i], &tree->u.comparison.value);
     156             : 
     157     4406659 :                         if (ret == 0) {
     158        1819 :                                 *matched = true;
     159        1819 :                                 return LDB_SUCCESS;
     160             :                         }
     161     4404840 :                         if (ret > 0 && comp_op == LDB_OP_GREATER) {
     162     2351714 :                                 *matched = true;
     163     2351714 :                                 return LDB_SUCCESS;
     164             :                         }
     165     2053126 :                         if (ret < 0 && comp_op == LDB_OP_LESS) {
     166         527 :                                 *matched = true;
     167         527 :                                 return LDB_SUCCESS;
     168             :                         }
     169             :                 }
     170             :         }
     171             : 
     172     2052714 :         *matched = false;
     173     2052714 :         return LDB_SUCCESS;
     174             : }
     175             : 
     176             : /*
     177             :   match a simple leaf node
     178             : */
     179   193969069 : static int ldb_match_equality(struct ldb_context *ldb, 
     180             :                               const struct ldb_message *msg,
     181             :                               const struct ldb_parse_tree *tree,
     182             :                               enum ldb_scope scope,
     183             :                               bool *matched)
     184             : {
     185             :         unsigned int i;
     186             :         struct ldb_message_element *el;
     187             :         const struct ldb_schema_attribute *a;
     188             :         struct ldb_dn *valuedn;
     189             :         int ret;
     190             : 
     191   193969069 :         if (ldb_attr_dn(tree->u.equality.attr) == 0) {
     192      141018 :                 valuedn = ldb_dn_from_ldb_val(ldb, ldb, &tree->u.equality.value);
     193      141018 :                 if (valuedn == NULL) {
     194           0 :                         return LDB_ERR_INVALID_DN_SYNTAX;
     195             :                 }
     196             : 
     197      141018 :                 ret = ldb_dn_compare(msg->dn, valuedn);
     198             : 
     199      141018 :                 talloc_free(valuedn);
     200             : 
     201      141018 :                 *matched = (ret == 0);
     202      141018 :                 return LDB_SUCCESS;
     203             :         }
     204             : 
     205             :         /* TODO: handle the "*" case derived from an extended search
     206             :            operation without the attibute type defined */
     207   193828051 :         el = ldb_msg_find_element(msg, tree->u.equality.attr);
     208   193828051 :         if (el == NULL) {
     209    90035003 :                 *matched = false;
     210    90035003 :                 return LDB_SUCCESS;
     211             :         }
     212             : 
     213   103793048 :         a = ldb_schema_attribute_by_name(ldb, el->name);
     214   103793048 :         if (a == NULL) {
     215           0 :                 return LDB_ERR_INVALID_ATTRIBUTE_SYNTAX;
     216             :         }
     217             : 
     218   195046081 :         for (i=0;i<el->num_values;i++) {
     219   178660249 :                 if (a->syntax->operator_fn) {
     220    34457285 :                         ret = a->syntax->operator_fn(ldb, LDB_OP_EQUALITY, a,
     221    18320807 :                                                      &tree->u.equality.value, &el->values[i], matched);
     222    18320807 :                         if (ret != LDB_SUCCESS) return ret;
     223    18320807 :                         if (*matched) return LDB_SUCCESS;
     224             :                 } else {
     225   278700678 :                         if (a->syntax->comparison_fn(ldb, ldb, &tree->u.equality.value,
     226   160339442 :                                                      &el->values[i]) == 0) {
     227    69719136 :                                 *matched = true;
     228    69719136 :                                 return LDB_SUCCESS;
     229             :                         }
     230             :                 }
     231             :         }
     232             : 
     233    16385832 :         *matched = false;
     234    16385832 :         return LDB_SUCCESS;
     235             : }
     236             : 
     237     3091537 : static int ldb_wildcard_compare(struct ldb_context *ldb,
     238             :                                 const struct ldb_parse_tree *tree,
     239             :                                 const struct ldb_val value, bool *matched)
     240             : {
     241             :         const struct ldb_schema_attribute *a;
     242             :         struct ldb_val val;
     243             :         struct ldb_val cnk;
     244             :         struct ldb_val *chunk;
     245     3091537 :         uint8_t *save_p = NULL;
     246     3091537 :         unsigned int c = 0;
     247             : 
     248     3091537 :         if (tree->operation != LDB_OP_SUBSTRING) {
     249           1 :                 *matched = false;
     250           1 :                 return LDB_ERR_INAPPROPRIATE_MATCHING;
     251             :         }
     252             : 
     253     3091536 :         a = ldb_schema_attribute_by_name(ldb, tree->u.substring.attr);
     254     3091536 :         if (!a) {
     255           0 :                 return LDB_ERR_INVALID_ATTRIBUTE_SYNTAX;
     256             :         }
     257             : 
     258     3091536 :         if (tree->u.substring.chunks == NULL) {
     259           3 :                 *matched = false;
     260           3 :                 return LDB_SUCCESS;
     261             :         }
     262             : 
     263             :         /* No need to just copy this value for a binary match */
     264     3091533 :         if (a->syntax->canonicalise_fn != ldb_handler_copy) {
     265     2328513 :                 if (a->syntax->canonicalise_fn(ldb, ldb, &value, &val) != 0) {
     266           0 :                         return LDB_ERR_INVALID_ATTRIBUTE_SYNTAX;
     267             :                 }
     268             : 
     269             :                 /*
     270             :                  * Only set save_p if we allocate (call
     271             :                  * a->syntax->canonicalise_fn()), as we
     272             :                  * talloc_free(save_p) below to clean up
     273             :                  */
     274     2328513 :                 save_p = val.data;
     275             :         } else {
     276      763020 :                 val = value;
     277             :         }
     278             : 
     279     3091533 :         cnk.data = NULL;
     280             : 
     281     3091533 :         if ( ! tree->u.substring.start_with_wildcard ) {
     282     2297676 :                 uint8_t *cnk_to_free = NULL;
     283             : 
     284     2297676 :                 chunk = tree->u.substring.chunks[c];
     285             :                 /* No need to just copy this value for a binary match */
     286     2297676 :                 if (a->syntax->canonicalise_fn != ldb_handler_copy) {
     287     2296663 :                         if (a->syntax->canonicalise_fn(ldb, ldb, chunk, &cnk) != 0) {
     288           0 :                                 goto mismatch;
     289             :                         }
     290             : 
     291     2296663 :                         cnk_to_free = cnk.data;
     292             :                 } else {
     293        1013 :                         cnk = *chunk;
     294             :                 }
     295             : 
     296             :                 /* This deals with wildcard prefix searches on binary attributes (eg objectGUID) */
     297     2297676 :                 if (cnk.length > val.length) {
     298       56584 :                         TALLOC_FREE(cnk_to_free);
     299       56584 :                         goto mismatch;
     300             :                 }
     301             :                 /*
     302             :                  * Empty strings are returned as length 0. Ensure
     303             :                  * we can cope with this.
     304             :                  */
     305     2241092 :                 if (cnk.length == 0) {
     306           0 :                         TALLOC_FREE(cnk_to_free);
     307           0 :                         goto mismatch;
     308             :                 }
     309             : 
     310     2241092 :                 if (memcmp((char *)val.data, (char *)cnk.data, cnk.length) != 0) {
     311     1812170 :                         TALLOC_FREE(cnk_to_free);
     312     1812170 :                         goto mismatch;
     313             :                 }
     314             : 
     315      428922 :                 val.length -= cnk.length;
     316      428922 :                 val.data += cnk.length;
     317      428922 :                 c++;
     318      428922 :                 TALLOC_FREE(cnk_to_free);
     319      428922 :                 cnk.data = NULL;
     320             :         }
     321             : 
     322     2244642 :         while (tree->u.substring.chunks[c]) {
     323             :                 uint8_t *p;
     324      793913 :                 uint8_t *cnk_to_free = NULL;
     325             : 
     326      793913 :                 chunk = tree->u.substring.chunks[c];
     327             :                 /* No need to just copy this value for a binary match */
     328      793913 :                 if (a->syntax->canonicalise_fn != ldb_handler_copy) {
     329       31903 :                         if (a->syntax->canonicalise_fn(ldb, ldb, chunk, &cnk) != 0) {
     330           0 :                                 goto mismatch;
     331             :                         }
     332             : 
     333       31903 :                         cnk_to_free = cnk.data;
     334             :                 } else {
     335      762010 :                         cnk = *chunk;
     336             :                 }
     337             :                 /*
     338             :                  * Empty strings are returned as length 0. Ensure
     339             :                  * we can cope with this.
     340             :                  */
     341      793913 :                 if (cnk.length == 0) {
     342           0 :                         TALLOC_FREE(cnk_to_free);
     343           0 :                         goto mismatch;
     344             :                 }
     345      793913 :                 if (cnk.length > val.length) {
     346       22462 :                         TALLOC_FREE(cnk_to_free);
     347       22462 :                         goto mismatch;
     348             :                 }
     349             : 
     350     1342887 :                 if ( (tree->u.substring.chunks[c + 1]) == NULL &&
     351      772093 :                      (! tree->u.substring.end_with_wildcard) ) {
     352             :                         /*
     353             :                          * The last bit, after all the asterisks, must match
     354             :                          * exactly the last bit of the string.
     355             :                          */
     356             :                         int cmp;
     357        9051 :                         p = val.data + val.length - cnk.length;
     358       16160 :                         cmp = memcmp(p,
     359        9051 :                                      cnk.data,
     360             :                                      cnk.length);
     361        9051 :                         TALLOC_FREE(cnk_to_free);
     362             : 
     363        9051 :                         if (cmp != 0) {
     364        8336 :                                 goto mismatch;
     365             :                         }
     366             :                 } else {
     367             :                         /*
     368             :                          * Values might be binary blobs. Don't use string
     369             :                          * search, but memory search instead.
     370             :                          */
     371     1326800 :                         p = memmem((const void *)val.data, val.length,
     372      762400 :                                    (const void *)cnk.data, cnk.length);
     373      762400 :                         if (p == NULL) {
     374      762347 :                                 TALLOC_FREE(cnk_to_free);
     375      762347 :                                 goto mismatch;
     376             :                         }
     377             :                         /* move val to the end of the match */
     378          53 :                         p += cnk.length;
     379          53 :                         val.length -= (p - val.data);
     380          53 :                         val.data = p;
     381          53 :                         TALLOC_FREE(cnk_to_free);
     382             :                 }
     383         768 :                 c++;
     384             :         }
     385             : 
     386      429634 :         talloc_free(save_p);
     387      429634 :         *matched = true;
     388      429634 :         return LDB_SUCCESS;
     389             : 
     390     2661899 : mismatch:
     391     2661899 :         *matched = false;
     392     2661899 :         talloc_free(save_p);
     393     2661899 :         return LDB_SUCCESS;
     394             : }
     395             : 
     396             : /*
     397             :   match a simple leaf node
     398             : */
     399     3650708 : static int ldb_match_substring(struct ldb_context *ldb, 
     400             :                                const struct ldb_message *msg,
     401             :                                const struct ldb_parse_tree *tree,
     402             :                                enum ldb_scope scope, bool *matched)
     403             : {
     404             :         unsigned int i;
     405             :         struct ldb_message_element *el;
     406             : 
     407     3650708 :         el = ldb_msg_find_element(msg, tree->u.substring.attr);
     408     3650708 :         if (el == NULL) {
     409      559284 :                 *matched = false;
     410      559284 :                 return LDB_SUCCESS;
     411             :         }
     412             : 
     413     5753320 :         for (i = 0; i < el->num_values; i++) {
     414             :                 int ret;
     415     3091504 :                 ret = ldb_wildcard_compare(ldb, tree, el->values[i], matched);
     416     3091504 :                 if (ret != LDB_SUCCESS) return ret;
     417     3091504 :                 if (*matched) return LDB_SUCCESS;
     418             :         }
     419             : 
     420     2661816 :         *matched = false;
     421     2661816 :         return LDB_SUCCESS;
     422             : }
     423             : 
     424             : 
     425             : /*
     426             :   bitwise and/or comparator depending on oid
     427             : */
     428     1748179 : static int ldb_comparator_bitmask(const char *oid, const struct ldb_val *v1, const struct ldb_val *v2,
     429             :                                   bool *matched)
     430             : {
     431             :         uint64_t i1, i2;
     432             :         char ibuf[100];
     433     1748179 :         char *endptr = NULL;
     434             : 
     435     1748179 :         if (v1->length >= sizeof(ibuf)-1) {
     436           0 :                 return LDB_ERR_INVALID_ATTRIBUTE_SYNTAX;
     437             :         }
     438     1748179 :         memcpy(ibuf, (char *)v1->data, v1->length);
     439     1748179 :         ibuf[v1->length] = 0;
     440     1748179 :         i1 = strtoull(ibuf, &endptr, 0);
     441     1748179 :         if (endptr != NULL) {
     442     1748179 :                 if (endptr == ibuf || *endptr != 0) {
     443           0 :                         return LDB_ERR_INVALID_ATTRIBUTE_SYNTAX;
     444             :                 }
     445             :         }
     446             : 
     447     1748179 :         if (v2->length >= sizeof(ibuf)-1) {
     448           0 :                 return LDB_ERR_INVALID_ATTRIBUTE_SYNTAX;
     449             :         }
     450     1748179 :         endptr = NULL;
     451     1748179 :         memcpy(ibuf, (char *)v2->data, v2->length);
     452     1748179 :         ibuf[v2->length] = 0;
     453     1748179 :         i2 = strtoull(ibuf, &endptr, 0);
     454     1748179 :         if (endptr != NULL) {
     455     1748179 :                 if (endptr == ibuf || *endptr != 0) {
     456           0 :                         return LDB_ERR_INVALID_ATTRIBUTE_SYNTAX;
     457             :                 }
     458             :         }
     459     1748179 :         if (strcmp(LDB_OID_COMPARATOR_AND, oid) == 0) {
     460     1746695 :                 *matched = ((i1 & i2) == i2);
     461        1484 :         } else if (strcmp(LDB_OID_COMPARATOR_OR, oid) == 0) {
     462        1484 :                 *matched = ((i1 & i2) != 0);
     463             :         } else {
     464           0 :                 return LDB_ERR_INAPPROPRIATE_MATCHING;
     465             :         }
     466     1748179 :         return LDB_SUCCESS;
     467             : }
     468             : 
     469     1753041 : static int ldb_match_bitmask(struct ldb_context *ldb,
     470             :                              const char *oid,
     471             :                              const struct ldb_message *msg,
     472             :                              const char *attribute_to_match,
     473             :                              const struct ldb_val *value_to_match,
     474             :                              bool *matched)
     475             : {
     476             :         unsigned int i;
     477             :         struct ldb_message_element *el;
     478             : 
     479             :         /* find the message element */
     480     1753041 :         el = ldb_msg_find_element(msg, attribute_to_match);
     481     1753041 :         if (el == NULL) {
     482        4869 :                 *matched = false;
     483        4869 :                 return LDB_SUCCESS;
     484             :         }
     485             : 
     486     2433757 :         for (i=0;i<el->num_values;i++) {
     487             :                 int ret;
     488     1748179 :                 struct ldb_val *v = &el->values[i];
     489             : 
     490     1748179 :                 ret = ldb_comparator_bitmask(oid, v, value_to_match, matched);
     491     1748179 :                 if (ret != LDB_SUCCESS) {
     492           0 :                         return ret;
     493             :                 }
     494     1748179 :                 if (*matched) {
     495     1062594 :                         return LDB_SUCCESS;
     496             :                 }
     497             :         }
     498             : 
     499      685578 :         *matched = false;
     500      685578 :         return LDB_SUCCESS;
     501             : }
     502             : 
     503             : /*
     504             :   always return false
     505             : */
     506         465 : static int ldb_comparator_false(struct ldb_context *ldb,
     507             :                                 const char *oid,
     508             :                                 const struct ldb_message *msg,
     509             :                                 const char *attribute_to_match,
     510             :                                 const struct ldb_val *value_to_match,
     511             :                                 bool *matched)
     512             : {
     513         465 :         *matched = false;
     514         465 :         return LDB_SUCCESS;
     515             : }
     516             : 
     517             : 
     518    11309986 : static const struct ldb_extended_match_rule *ldb_find_extended_match_rule(struct ldb_context *ldb,
     519             :                                                                           const char *oid)
     520             : {
     521             :         struct ldb_extended_match_entry *extended_match_rule;
     522             : 
     523    46379260 :         for (extended_match_rule = ldb->extended_match_rules;
     524     9487894 :              extended_match_rule;
     525    33247182 :              extended_match_rule = extended_match_rule->next) {
     526    41252536 :                 if (strcmp(extended_match_rule->rule->oid, oid) == 0) {
     527     8005354 :                         return extended_match_rule->rule;
     528             :                 }
     529             :         }
     530             : 
     531     3304632 :         return NULL;
     532             : }
     533             : 
     534             : 
     535             : /*
     536             :   extended match, handles things like bitops
     537             : */
     538     8005357 : static int ldb_match_extended(struct ldb_context *ldb, 
     539             :                               const struct ldb_message *msg,
     540             :                               const struct ldb_parse_tree *tree,
     541             :                               enum ldb_scope scope, bool *matched)
     542             : {
     543             :         const struct ldb_extended_match_rule *rule;
     544             : 
     545     8005357 :         if (tree->u.extended.dnAttributes) {
     546             :                 /* FIXME: We really need to find out what this ":dn" part in
     547             :                  * an extended match means and how to handle it. For now print
     548             :                  * only a warning to have s3 winbind and other tools working
     549             :                  * against us. - Matthias */
     550        1140 :                 ldb_debug(ldb, LDB_DEBUG_WARNING, "ldb: dnAttributes extended match not supported yet");
     551             :         }
     552     8005357 :         if (tree->u.extended.rule_id == NULL) {
     553           0 :                 ldb_debug(ldb, LDB_DEBUG_ERROR, "ldb: no-rule extended matches not supported yet");
     554           0 :                 return LDB_ERR_INAPPROPRIATE_MATCHING;
     555             :         }
     556     8005357 :         if (tree->u.extended.attr == NULL) {
     557           0 :                 ldb_debug(ldb, LDB_DEBUG_ERROR, "ldb: no-attribute extended matches not supported yet");
     558           0 :                 return LDB_ERR_INAPPROPRIATE_MATCHING;
     559             :         }
     560             : 
     561     8005357 :         rule = ldb_find_extended_match_rule(ldb, tree->u.extended.rule_id);
     562     8005357 :         if (rule == NULL) {
     563           3 :                 *matched = false;
     564           3 :                 ldb_debug(ldb, LDB_DEBUG_ERROR, "ldb: unknown extended rule_id %s",
     565           0 :                           tree->u.extended.rule_id);
     566           3 :                 return LDB_SUCCESS;
     567             :         }
     568             : 
     569     8005354 :         return rule->callback(ldb, rule->oid, msg,
     570     1532928 :                               tree->u.extended.attr,
     571             :                               &tree->u.extended.value, matched);
     572             : }
     573             : 
     574   524811240 : static bool ldb_must_suppress_match(const struct ldb_message *msg,
     575             :                                     const struct ldb_parse_tree *tree)
     576             : {
     577   524811240 :         const char *attr = NULL;
     578   524811240 :         struct ldb_message_element *el = NULL;
     579             : 
     580   524811240 :         attr = ldb_parse_tree_get_attr(tree);
     581   524811240 :         if (attr == NULL) {
     582   283214719 :                 return false;
     583             :         }
     584             : 
     585             :         /* find the message element */
     586   241596521 :         el = ldb_msg_find_element(msg, attr);
     587   241596521 :         if (el == NULL) {
     588    99636705 :                 return false;
     589             :         }
     590             : 
     591   141959816 :         return ldb_msg_element_is_inaccessible(el);
     592             : }
     593             : 
     594             : /*
     595             :   Check if a particular message will match the given filter
     596             : 
     597             :   set *matched to true if it matches, false otherwise
     598             : 
     599             :   returns LDB_SUCCESS or an error
     600             : 
     601             :   this is a recursive function, and does short-circuit evaluation
     602             :  */
     603   532816597 : int ldb_match_message(struct ldb_context *ldb,
     604             :                       const struct ldb_message *msg,
     605             :                       const struct ldb_parse_tree *tree,
     606             :                       enum ldb_scope scope, bool *matched)
     607             : {
     608             :         unsigned int i;
     609             :         int ret;
     610             : 
     611   532816597 :         *matched = false;
     612             : 
     613   532816597 :         if (scope != LDB_SCOPE_BASE && ldb_dn_is_special(msg->dn)) {
     614             :                 /* don't match special records except on base searches */
     615           0 :                 return LDB_SUCCESS;
     616             :         }
     617             : 
     618             :         /*
     619             :          * Suppress matches on confidential attributes (handled
     620             :          * manually in extended matches as these can do custom things
     621             :          * like read other parts of the DB or other attributes).
     622             :          */
     623   532816597 :         if (tree->operation != LDB_OP_EXTENDED) {
     624   524811240 :                 if (ldb_must_suppress_match(msg, tree)) {
     625        5337 :                         return LDB_SUCCESS;
     626             :                 }
     627             :         }
     628             : 
     629   532811260 :         switch (tree->operation) {
     630    95783398 :         case LDB_OP_AND:
     631   262203935 :                 for (i=0;i<tree->u.list.num_elements;i++) {
     632   184626502 :                         ret = ldb_match_message(ldb, msg, tree->u.list.elements[i], scope, matched);
     633   184626502 :                         if (ret != LDB_SUCCESS) return ret;
     634   184626487 :                         if (!*matched) return LDB_SUCCESS;
     635             :                 }
     636    77577433 :                 *matched = true;
     637    77577433 :                 return LDB_SUCCESS;
     638             : 
     639    97513788 :         case LDB_OP_OR:
     640   128676296 :                 for (i=0;i<tree->u.list.num_elements;i++) {
     641   123542291 :                         ret = ldb_match_message(ldb, msg, tree->u.list.elements[i], scope, matched);
     642   123542291 :                         if (ret != LDB_SUCCESS) return ret;
     643   123542291 :                         if (*matched) return LDB_SUCCESS;
     644             :                 }
     645     5134005 :                 *matched = false;
     646     5134005 :                 return LDB_SUCCESS;
     647             : 
     648    89917533 :         case LDB_OP_NOT:
     649    89917533 :                 ret = ldb_match_message(ldb, msg, tree->u.isnot.child, scope, matched);
     650    89917533 :                 if (ret != LDB_SUCCESS) return ret;
     651    89917533 :                 *matched = ! *matched;
     652    89917533 :                 return LDB_SUCCESS;
     653             : 
     654   193969069 :         case LDB_OP_EQUALITY:
     655   193969069 :                 return ldb_match_equality(ldb, msg, tree, scope, matched);
     656             : 
     657     3650708 :         case LDB_OP_SUBSTRING:
     658     3650708 :                 return ldb_match_substring(ldb, msg, tree, scope, matched);
     659             : 
     660     4466030 :         case LDB_OP_GREATER:
     661     4466030 :                 return ldb_match_comparison(ldb, msg, tree, scope, LDB_OP_GREATER, matched);
     662             : 
     663       62675 :         case LDB_OP_LESS:
     664       62675 :                 return ldb_match_comparison(ldb, msg, tree, scope, LDB_OP_LESS, matched);
     665             : 
     666    39442702 :         case LDB_OP_PRESENT:
     667    39442702 :                 return ldb_match_present(ldb, msg, tree, scope, matched);
     668             : 
     669           0 :         case LDB_OP_APPROX:
     670           0 :                 return ldb_match_comparison(ldb, msg, tree, scope, LDB_OP_APPROX, matched);
     671             : 
     672     8005357 :         case LDB_OP_EXTENDED:
     673     8005357 :                 return ldb_match_extended(ldb, msg, tree, scope, matched);
     674             :         }
     675             : 
     676           0 :         return LDB_ERR_INAPPROPRIATE_MATCHING;
     677             : }
     678             : 
     679             : /*
     680             :   return 0 if the given parse tree matches the given message. Assumes
     681             :   the message is in sorted order
     682             : 
     683             :   return 1 if it matches, and 0 if it doesn't match
     684             : */
     685             : 
     686           0 : int ldb_match_msg(struct ldb_context *ldb,
     687             :                   const struct ldb_message *msg,
     688             :                   const struct ldb_parse_tree *tree,
     689             :                   struct ldb_dn *base,
     690             :                   enum ldb_scope scope)
     691             : {
     692             :         bool matched;
     693             :         int ret;
     694             : 
     695           0 :         if ( ! ldb_match_scope(ldb, base, msg->dn, scope) ) {
     696           0 :                 return 0;
     697             :         }
     698             : 
     699           0 :         ret = ldb_match_message(ldb, msg, tree, scope, &matched);
     700           0 :         if (ret != LDB_SUCCESS) {
     701             :                 /* to match the old API, we need to consider this a
     702             :                    failure to match */
     703           0 :                 return 0;
     704             :         }
     705           0 :         return matched?1:0;
     706             : }
     707             : 
     708           0 : int ldb_match_msg_error(struct ldb_context *ldb,
     709             :                         const struct ldb_message *msg,
     710             :                         const struct ldb_parse_tree *tree,
     711             :                         struct ldb_dn *base,
     712             :                         enum ldb_scope scope,
     713             :                         bool *matched)
     714             : {
     715           0 :         if ( ! ldb_match_scope(ldb, base, msg->dn, scope) ) {
     716           0 :                 *matched = false;
     717           0 :                 return LDB_SUCCESS;
     718             :         }
     719             : 
     720           0 :         return ldb_match_message(ldb, msg, tree, scope, matched);
     721             : }
     722             : 
     723      642701 : int ldb_match_msg_objectclass(const struct ldb_message *msg,
     724             :                               const char *objectclass)
     725             : {
     726             :         unsigned int i;
     727      642701 :         struct ldb_message_element *el = ldb_msg_find_element(msg, "objectClass");
     728      642701 :         if (!el) {
     729           0 :                 return 0;
     730             :         }
     731     2570791 :         for (i=0; i < el->num_values; i++) {
     732     2570778 :                 if (ldb_attr_cmp((const char *)el->values[i].data, objectclass) == 0) {
     733      642688 :                         return 1;
     734             :                 }
     735             :         }
     736          13 :         return 0;
     737             : }
     738             : 
     739      553031 : _PRIVATE_ int ldb_register_extended_match_rules(struct ldb_context *ldb)
     740             : {
     741             :         struct ldb_extended_match_rule *bitmask_and;
     742             :         struct ldb_extended_match_rule *bitmask_or;
     743             :         struct ldb_extended_match_rule *always_false;
     744             :         int ret;
     745             : 
     746             :         /* Register bitmask-and match */
     747      553031 :         bitmask_and = talloc_zero(ldb, struct ldb_extended_match_rule);
     748      553031 :         if (bitmask_and == NULL) {
     749           0 :                 return LDB_ERR_OPERATIONS_ERROR;
     750             :         }
     751             : 
     752      553031 :         bitmask_and->oid = LDB_OID_COMPARATOR_AND;
     753      553031 :         bitmask_and->callback = ldb_match_bitmask;
     754             : 
     755      553031 :         ret = ldb_register_extended_match_rule(ldb, bitmask_and);
     756      553031 :         if (ret != LDB_SUCCESS) {
     757           0 :                 return ret;
     758             :         }
     759             : 
     760             :         /* Register bitmask-or match */
     761      553031 :         bitmask_or = talloc_zero(ldb, struct ldb_extended_match_rule);
     762      553031 :         if (bitmask_or == NULL) {
     763           0 :                 return LDB_ERR_OPERATIONS_ERROR;
     764             :         }
     765             : 
     766      553031 :         bitmask_or->oid = LDB_OID_COMPARATOR_OR;
     767      553031 :         bitmask_or->callback = ldb_match_bitmask;
     768             : 
     769      553031 :         ret = ldb_register_extended_match_rule(ldb, bitmask_or);
     770      553031 :         if (ret != LDB_SUCCESS) {
     771           0 :                 return ret;
     772             :         }
     773             : 
     774             :         /* Register always-false match */
     775      553031 :         always_false = talloc_zero(ldb, struct ldb_extended_match_rule);
     776      553031 :         if (always_false == NULL) {
     777           0 :                 return LDB_ERR_OPERATIONS_ERROR;
     778             :         }
     779             : 
     780      553031 :         always_false->oid = SAMBA_LDAP_MATCH_ALWAYS_FALSE;
     781      553031 :         always_false->callback = ldb_comparator_false;
     782             : 
     783      553031 :         ret = ldb_register_extended_match_rule(ldb, always_false);
     784      553031 :         if (ret != LDB_SUCCESS) {
     785           0 :                 return ret;
     786             :         }
     787             : 
     788      553031 :         return LDB_SUCCESS;
     789             : }
     790             : 
     791             : /*
     792             :   register a new ldb extended matching rule
     793             : */
     794     3304629 : int ldb_register_extended_match_rule(struct ldb_context *ldb,
     795             :                                      const struct ldb_extended_match_rule *rule)
     796             : {
     797             :         const struct ldb_extended_match_rule *lookup_rule;
     798             :         struct ldb_extended_match_entry *entry;
     799             : 
     800     3304629 :         lookup_rule = ldb_find_extended_match_rule(ldb, rule->oid);
     801     3304629 :         if (lookup_rule) {
     802           0 :                 return LDB_ERR_ENTRY_ALREADY_EXISTS;
     803             :         }
     804             : 
     805     3304629 :         entry = talloc_zero(ldb, struct ldb_extended_match_entry);
     806     3304629 :         if (!entry) {
     807           0 :                 return LDB_ERR_OPERATIONS_ERROR;
     808             :         }
     809     3304629 :         entry->rule = rule;
     810     3304629 :         DLIST_ADD_END(ldb->extended_match_rules, entry);
     811             : 
     812     3304629 :         return LDB_SUCCESS;
     813             : }
     814             : 
     815      305181 : int ldb_register_redact_callback(struct ldb_context *ldb,
     816             :                                  ldb_redact_fn redact_fn,
     817             :                                  struct ldb_module *module)
     818             : {
     819      305181 :         if (ldb->redact.callback != NULL) {
     820           0 :                 return LDB_ERR_ENTRY_ALREADY_EXISTS;
     821             :         }
     822             : 
     823      305181 :         ldb->redact.callback = redact_fn;
     824      305181 :         ldb->redact.module = module;
     825      305181 :         return LDB_SUCCESS;
     826             : }

Generated by: LCOV version 1.13