LCOV - code coverage report
Current view: top level - lib/ldb/common - ldb_match.c (source / functions) Hit Total Coverage
Test: coverage report for support-claim-type-attributes 6b5c566e Lines: 350 402 87.1 %
Date: 2023-11-21 12:31:41 Functions: 18 19 94.7 %

          Line data    Source code
       1             : /* 
       2             :    ldb database library
       3             : 
       4             :    Copyright (C) Andrew Tridgell  2004-2005
       5             :    Copyright (C) Simo Sorce            2005
       6             : 
       7             :      ** NOTE! The following LGPL license applies to the ldb
       8             :      ** library. This does NOT imply that all of Samba is released
       9             :      ** under the LGPL
      10             :    
      11             :    This library is free software; you can redistribute it and/or
      12             :    modify it under the terms of the GNU Lesser General Public
      13             :    License as published by the Free Software Foundation; either
      14             :    version 3 of the License, or (at your option) any later version.
      15             : 
      16             :    This library is distributed in the hope that it will be useful,
      17             :    but WITHOUT ANY WARRANTY; without even the implied warranty of
      18             :    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
      19             :    Lesser General Public License for more details.
      20             : 
      21             :    You should have received a copy of the GNU Lesser General Public
      22             :    License along with this library; if not, see <http://www.gnu.org/licenses/>.
      23             : */
      24             : 
      25             : /*
      26             :  *  Name: ldb
      27             :  *
      28             :  *  Component: ldb expression matching
      29             :  *
      30             :  *  Description: ldb expression matching 
      31             :  *
      32             :  *  Author: Andrew Tridgell
      33             :  */
      34             : 
      35             : #include "ldb_private.h"
      36             : #include "dlinklist.h"
      37             : #include "ldb_handlers.h"
      38             : 
      39             : /*
      40             :   check if the scope matches in a search result
      41             : */
      42   231830436 : int ldb_match_scope(struct ldb_context *ldb,
      43             :                     struct ldb_dn *base,
      44             :                     struct ldb_dn *dn,
      45             :                     enum ldb_scope scope)
      46             : {
      47   231830436 :         int ret = 0;
      48             : 
      49   231830436 :         if (base == NULL || dn == NULL) {
      50           0 :                 return 1;
      51             :         }
      52             : 
      53   231830436 :         switch (scope) {
      54          32 :         case LDB_SCOPE_BASE:
      55          32 :                 if (ldb_dn_compare(base, dn) == 0) {
      56          32 :                         ret = 1;
      57             :                 }
      58           0 :                 break;
      59             : 
      60      343644 :         case LDB_SCOPE_ONELEVEL:
      61      343644 :                 if (ldb_dn_get_comp_num(dn) == (ldb_dn_get_comp_num(base) + 1)) {
      62       71079 :                         if (ldb_dn_compare_base(base, dn) == 0) {
      63       33577 :                                 ret = 1;
      64             :                         }
      65             :                 }
      66      343031 :                 break;
      67             :                 
      68   231486760 :         case LDB_SCOPE_SUBTREE:
      69             :         default:
      70   231486760 :                 if (ldb_dn_compare_base(base, dn) == 0) {
      71   138075614 :                         ret = 1;
      72             :                 }
      73   228512753 :                 break;
      74             :         }
      75             : 
      76   228855784 :         return ret;
      77             : }
      78             : 
      79             : 
      80             : /*
      81             :   match if node is present
      82             : */
      83    54921804 : static int ldb_match_present(struct ldb_context *ldb, 
      84             :                              const struct ldb_message *msg,
      85             :                              const struct ldb_parse_tree *tree,
      86             :                              enum ldb_scope scope, bool *matched)
      87             : {
      88     1961051 :         const struct ldb_schema_attribute *a;
      89     1961051 :         struct ldb_message_element *el;
      90             : 
      91    54921804 :         if (ldb_attr_dn(tree->u.present.attr) == 0) {
      92     5793326 :                 *matched = true;
      93     5793326 :                 return LDB_SUCCESS;
      94             :         }
      95             : 
      96    49128478 :         el = ldb_msg_find_element(msg, tree->u.present.attr);
      97    49128478 :         if (el == NULL) {
      98     6457998 :                 *matched = false;
      99     6457998 :                 return LDB_SUCCESS;
     100             :         }
     101             : 
     102    42670480 :         a = ldb_schema_attribute_by_name(ldb, el->name);
     103    42670480 :         if (!a) {
     104           0 :                 return LDB_ERR_INVALID_ATTRIBUTE_SYNTAX;
     105             :         }
     106             : 
     107    42670480 :         if (a->syntax->operator_fn) {
     108             :                 unsigned int i;
     109      462056 :                 for (i = 0; i < el->num_values; i++) {
     110      462056 :                         int ret = a->syntax->operator_fn(ldb, LDB_OP_PRESENT, a, &el->values[i], NULL, matched);
     111      462056 :                         if (ret != LDB_SUCCESS) return ret;
     112      462056 :                         if (*matched) return LDB_SUCCESS;
     113             :                 }
     114           0 :                 *matched = false;
     115           0 :                 return LDB_SUCCESS;
     116             :         }
     117             : 
     118    42208424 :         *matched = true;
     119    42208424 :         return LDB_SUCCESS;
     120             : }
     121             : 
     122     6172019 : static int ldb_match_comparison(struct ldb_context *ldb, 
     123             :                                 const struct ldb_message *msg,
     124             :                                 const struct ldb_parse_tree *tree,
     125             :                                 enum ldb_scope scope,
     126             :                                 enum ldb_parse_op comp_op, bool *matched)
     127             : {
     128         912 :         unsigned int i;
     129         912 :         struct ldb_message_element *el;
     130         912 :         const struct ldb_schema_attribute *a;
     131             : 
     132             :         /* FIXME: APPROX comparison not handled yet */
     133     6172019 :         if (comp_op == LDB_OP_APPROX) {
     134           0 :                 return LDB_ERR_INAPPROPRIATE_MATCHING;
     135             :         }
     136             : 
     137     6172019 :         el = ldb_msg_find_element(msg, tree->u.comparison.attr);
     138     6172019 :         if (el == NULL) {
     139      123625 :                 *matched = false;
     140      123625 :                 return LDB_SUCCESS;
     141             :         }
     142             : 
     143     6048394 :         a = ldb_schema_attribute_by_name(ldb, el->name);
     144     6048394 :         if (!a) {
     145           0 :                 return LDB_ERR_INVALID_ATTRIBUTE_SYNTAX;
     146             :         }
     147             : 
     148     9443416 :         for (i = 0; i < el->num_values; i++) {
     149     6048420 :                 if (a->syntax->operator_fn) {
     150         842 :                         int ret;
     151        1844 :                         ret = a->syntax->operator_fn(ldb, comp_op, a, &el->values[i], &tree->u.comparison.value, matched);
     152        1844 :                         if (ret != LDB_SUCCESS) return ret;
     153        1844 :                         if (*matched) return LDB_SUCCESS;
     154             :                 } else {
     155     6046576 :                         int ret = a->syntax->comparison_fn(ldb, ldb, &el->values[i], &tree->u.comparison.value);
     156             : 
     157     6046576 :                         if (ret == 0) {
     158        1993 :                                 *matched = true;
     159        1993 :                                 return LDB_SUCCESS;
     160             :                         }
     161     6044583 :                         if (ret > 0 && comp_op == LDB_OP_GREATER) {
     162     2649544 :                                 *matched = true;
     163     2649544 :                                 return LDB_SUCCESS;
     164             :                         }
     165     3395039 :                         if (ret < 0 && comp_op == LDB_OP_LESS) {
     166         743 :                                 *matched = true;
     167         743 :                                 return LDB_SUCCESS;
     168             :                         }
     169             :                 }
     170             :         }
     171             : 
     172     3394996 :         *matched = false;
     173     3394996 :         return LDB_SUCCESS;
     174             : }
     175             : 
     176             : /*
     177             :   match a simple leaf node
     178             : */
     179   280607105 : static int ldb_match_equality(struct ldb_context *ldb, 
     180             :                               const struct ldb_message *msg,
     181             :                               const struct ldb_parse_tree *tree,
     182             :                               enum ldb_scope scope,
     183             :                               bool *matched)
     184             : {
     185     6107110 :         unsigned int i;
     186     6107110 :         struct ldb_message_element *el;
     187     6107110 :         const struct ldb_schema_attribute *a;
     188     6107110 :         struct ldb_dn *valuedn;
     189     6107110 :         int ret;
     190             : 
     191   280607105 :         if (ldb_attr_dn(tree->u.equality.attr) == 0) {
     192      183033 :                 valuedn = ldb_dn_from_ldb_val(ldb, ldb, &tree->u.equality.value);
     193      183033 :                 if (valuedn == NULL) {
     194           0 :                         return LDB_ERR_INVALID_DN_SYNTAX;
     195             :                 }
     196             : 
     197      183033 :                 ret = ldb_dn_compare(msg->dn, valuedn);
     198             : 
     199      183033 :                 talloc_free(valuedn);
     200             : 
     201      183033 :                 *matched = (ret == 0);
     202      183033 :                 return LDB_SUCCESS;
     203             :         }
     204             : 
     205             :         /* TODO: handle the "*" case derived from an extended search
     206             :            operation without the attribute type defined */
     207   280424072 :         el = ldb_msg_find_element(msg, tree->u.equality.attr);
     208   280424072 :         if (el == NULL) {
     209   130002425 :                 *matched = false;
     210   130002425 :                 return LDB_SUCCESS;
     211             :         }
     212             : 
     213   150421647 :         a = ldb_schema_attribute_by_name(ldb, el->name);
     214   150421647 :         if (a == NULL) {
     215           0 :                 return LDB_ERR_INVALID_ATTRIBUTE_SYNTAX;
     216             :         }
     217             : 
     218   282455331 :         for (i=0;i<el->num_values;i++) {
     219   259973537 :                 if (a->syntax->operator_fn) {
     220    28412639 :                         ret = a->syntax->operator_fn(ldb, LDB_OP_EQUALITY, a,
     221    27890494 :                                                      &tree->u.equality.value, &el->values[i], matched);
     222    27890494 :                         if (ret != LDB_SUCCESS) return ret;
     223    27890494 :                         if (*matched) return LDB_SUCCESS;
     224             :                 } else {
     225   232083043 :                         if (a->syntax->comparison_fn(ldb, ldb, &tree->u.equality.value,
     226   232083043 :                                                      &el->values[i]) == 0) {
     227   101326614 :                                 *matched = true;
     228   101326614 :                                 return LDB_SUCCESS;
     229             :                         }
     230             :                 }
     231             :         }
     232             : 
     233    22481794 :         *matched = false;
     234    22481794 :         return LDB_SUCCESS;
     235             : }
     236             : 
     237     3164334 : static int ldb_wildcard_compare(struct ldb_context *ldb,
     238             :                                 const struct ldb_parse_tree *tree,
     239             :                                 const struct ldb_val value, bool *matched)
     240             : {
     241         197 :         const struct ldb_schema_attribute *a;
     242         197 :         struct ldb_val val;
     243         197 :         struct ldb_val cnk;
     244         197 :         struct ldb_val *chunk;
     245     3164334 :         uint8_t *save_p = NULL;
     246     3164334 :         unsigned int c = 0;
     247             : 
     248     3164334 :         if (tree->operation != LDB_OP_SUBSTRING) {
     249           1 :                 *matched = false;
     250           1 :                 return LDB_ERR_INAPPROPRIATE_MATCHING;
     251             :         }
     252             : 
     253     3164333 :         a = ldb_schema_attribute_by_name(ldb, tree->u.substring.attr);
     254     3164333 :         if (!a) {
     255           0 :                 return LDB_ERR_INVALID_ATTRIBUTE_SYNTAX;
     256             :         }
     257             : 
     258     3164333 :         if (tree->u.substring.chunks == NULL) {
     259           3 :                 *matched = false;
     260           3 :                 return LDB_SUCCESS;
     261             :         }
     262             : 
     263             :         /* No need to just copy this value for a binary match */
     264     3164330 :         if (a->syntax->canonicalise_fn != ldb_handler_copy) {
     265     2398900 :                 if (a->syntax->canonicalise_fn(ldb, ldb, &value, &val) != 0) {
     266           0 :                         return LDB_ERR_INVALID_ATTRIBUTE_SYNTAX;
     267             :                 }
     268             : 
     269             :                 /*
     270             :                  * Only set save_p if we allocate (call
     271             :                  * a->syntax->canonicalise_fn()), as we
     272             :                  * talloc_free(save_p) below to clean up
     273             :                  */
     274     2398900 :                 save_p = val.data;
     275             :         } else {
     276      765430 :                 val = value;
     277             :         }
     278             : 
     279     3164330 :         cnk.data = NULL;
     280             : 
     281     3164330 :         if ( ! tree->u.substring.start_with_wildcard ) {
     282     2367074 :                 uint8_t *cnk_to_free = NULL;
     283             : 
     284     2367074 :                 chunk = tree->u.substring.chunks[c];
     285             :                 /* No need to just copy this value for a binary match */
     286     2367074 :                 if (a->syntax->canonicalise_fn != ldb_handler_copy) {
     287     2365651 :                         if (a->syntax->canonicalise_fn(ldb, ldb, chunk, &cnk) != 0) {
     288           0 :                                 goto mismatch;
     289             :                         }
     290             : 
     291     2365651 :                         cnk_to_free = cnk.data;
     292             :                 } else {
     293        1423 :                         cnk = *chunk;
     294             :                 }
     295             : 
     296             :                 /* This deals with wildcard prefix searches on binary attributes (eg objectGUID) */
     297     2367074 :                 if (cnk.length > val.length) {
     298       58439 :                         TALLOC_FREE(cnk_to_free);
     299       58439 :                         goto mismatch;
     300             :                 }
     301             :                 /*
     302             :                  * Empty strings are returned as length 0. Ensure
     303             :                  * we can cope with this.
     304             :                  */
     305     2308635 :                 if (cnk.length == 0) {
     306           0 :                         TALLOC_FREE(cnk_to_free);
     307           0 :                         goto mismatch;
     308             :                 }
     309             : 
     310     2308635 :                 if (memcmp((char *)val.data, (char *)cnk.data, cnk.length) != 0) {
     311     1852312 :                         TALLOC_FREE(cnk_to_free);
     312     1852312 :                         goto mismatch;
     313             :                 }
     314             : 
     315      456323 :                 val.length -= cnk.length;
     316      456323 :                 val.data += cnk.length;
     317      456323 :                 c++;
     318      456323 :                 TALLOC_FREE(cnk_to_free);
     319      456323 :                 cnk.data = NULL;
     320             :         }
     321             : 
     322     1254380 :         while (tree->u.substring.chunks[c]) {
     323          76 :                 uint8_t *p;
     324      797323 :                 uint8_t *cnk_to_free = NULL;
     325             : 
     326      797323 :                 chunk = tree->u.substring.chunks[c];
     327             :                 /* No need to just copy this value for a binary match */
     328      797323 :                 if (a->syntax->canonicalise_fn != ldb_handler_copy) {
     329       33312 :                         if (a->syntax->canonicalise_fn(ldb, ldb, chunk, &cnk) != 0) {
     330           0 :                                 goto mismatch;
     331             :                         }
     332             : 
     333       33312 :                         cnk_to_free = cnk.data;
     334             :                 } else {
     335      764011 :                         cnk = *chunk;
     336             :                 }
     337             :                 /*
     338             :                  * Empty strings are returned as length 0. Ensure
     339             :                  * we can cope with this.
     340             :                  */
     341      797323 :                 if (cnk.length == 0) {
     342           0 :                         TALLOC_FREE(cnk_to_free);
     343           0 :                         goto mismatch;
     344             :                 }
     345      797323 :                 if (cnk.length > val.length) {
     346       23347 :                         TALLOC_FREE(cnk_to_free);
     347       23347 :                         goto mismatch;
     348             :                 }
     349             : 
     350      773976 :                 if ( (tree->u.substring.chunks[c + 1]) == NULL &&
     351      774601 :                      (! tree->u.substring.end_with_wildcard) ) {
     352             :                         /*
     353             :                          * The last bit, after all the asterisks, must match
     354             :                          * exactly the last bit of the string.
     355             :                          */
     356          23 :                         int cmp;
     357        9348 :                         p = val.data + val.length - cnk.length;
     358        9348 :                         cmp = memcmp(p,
     359        9348 :                                      cnk.data,
     360             :                                      cnk.length);
     361        9348 :                         TALLOC_FREE(cnk_to_free);
     362             : 
     363        9348 :                         if (cmp != 0) {
     364        8609 :                                 goto mismatch;
     365             :                         }
     366             :                 } else {
     367             :                         /*
     368             :                          * Values might be binary blobs. Don't use string
     369             :                          * search, but memory search instead.
     370             :                          */
     371      764628 :                         p = memmem((const void *)val.data, val.length,
     372      764628 :                                    (const void *)cnk.data, cnk.length);
     373      764628 :                         if (p == NULL) {
     374      764566 :                                 TALLOC_FREE(cnk_to_free);
     375      764566 :                                 goto mismatch;
     376             :                         }
     377             :                         /* move val to the end of the match */
     378          62 :                         p += cnk.length;
     379          62 :                         val.length -= (p - val.data);
     380          62 :                         val.data = p;
     381          62 :                         TALLOC_FREE(cnk_to_free);
     382             :                 }
     383         788 :                 c++;
     384             :         }
     385             : 
     386      457057 :         talloc_free(save_p);
     387      457057 :         *matched = true;
     388      457057 :         return LDB_SUCCESS;
     389             : 
     390     2707273 : mismatch:
     391     2707273 :         *matched = false;
     392     2707273 :         talloc_free(save_p);
     393     2707273 :         return LDB_SUCCESS;
     394             : }
     395             : 
     396             : /*
     397             :   match a simple leaf node
     398             : */
     399     3757999 : static int ldb_match_substring(struct ldb_context *ldb, 
     400             :                                const struct ldb_message *msg,
     401             :                                const struct ldb_parse_tree *tree,
     402             :                                enum ldb_scope scope, bool *matched)
     403             : {
     404         175 :         unsigned int i;
     405         175 :         struct ldb_message_element *el;
     406             : 
     407     3757999 :         el = ldb_msg_find_element(msg, tree->u.substring.attr);
     408     3757999 :         if (el == NULL) {
     409      593856 :                 *matched = false;
     410      593856 :                 return LDB_SUCCESS;
     411             :         }
     412             : 
     413     5871413 :         for (i = 0; i < el->num_values; i++) {
     414         197 :                 int ret;
     415     3164301 :                 ret = ldb_wildcard_compare(ldb, tree, el->values[i], matched);
     416     3164301 :                 if (ret != LDB_SUCCESS) return ret;
     417     3164301 :                 if (*matched) return LDB_SUCCESS;
     418             :         }
     419             : 
     420     2707112 :         *matched = false;
     421     2707112 :         return LDB_SUCCESS;
     422             : }
     423             : 
     424             : 
     425             : /*
     426             :   bitwise and/or comparator depending on oid
     427             : */
     428     4524160 : static int ldb_comparator_bitmask(const char *oid, const struct ldb_val *v1, const struct ldb_val *v2,
     429             :                                   bool *matched)
     430             : {
     431      135433 :         uint64_t i1, i2;
     432      135433 :         char ibuf[100];
     433     4524160 :         char *endptr = NULL;
     434             : 
     435     4524160 :         if (v1->length >= sizeof(ibuf)-1) {
     436           0 :                 return LDB_ERR_INVALID_ATTRIBUTE_SYNTAX;
     437             :         }
     438     4524160 :         memcpy(ibuf, (char *)v1->data, v1->length);
     439     4524160 :         ibuf[v1->length] = 0;
     440     4524160 :         i1 = strtoull(ibuf, &endptr, 0);
     441     4524160 :         if (endptr != NULL) {
     442     4524160 :                 if (endptr == ibuf || *endptr != 0) {
     443           0 :                         return LDB_ERR_INVALID_ATTRIBUTE_SYNTAX;
     444             :                 }
     445             :         }
     446             : 
     447     4524160 :         if (v2->length >= sizeof(ibuf)-1) {
     448           0 :                 return LDB_ERR_INVALID_ATTRIBUTE_SYNTAX;
     449             :         }
     450     4524160 :         endptr = NULL;
     451     4524160 :         memcpy(ibuf, (char *)v2->data, v2->length);
     452     4524160 :         ibuf[v2->length] = 0;
     453     4524160 :         i2 = strtoull(ibuf, &endptr, 0);
     454     4524160 :         if (endptr != NULL) {
     455     4524160 :                 if (endptr == ibuf || *endptr != 0) {
     456           0 :                         return LDB_ERR_INVALID_ATTRIBUTE_SYNTAX;
     457             :                 }
     458             :         }
     459     4524160 :         if (strcmp(LDB_OID_COMPARATOR_AND, oid) == 0) {
     460     4522601 :                 *matched = ((i1 & i2) == i2);
     461        1559 :         } else if (strcmp(LDB_OID_COMPARATOR_OR, oid) == 0) {
     462        1559 :                 *matched = ((i1 & i2) != 0);
     463             :         } else {
     464           0 :                 return LDB_ERR_INAPPROPRIATE_MATCHING;
     465             :         }
     466     4388727 :         return LDB_SUCCESS;
     467             : }
     468             : 
     469     4529321 : static int ldb_match_bitmask(struct ldb_context *ldb,
     470             :                              const char *oid,
     471             :                              const struct ldb_message *msg,
     472             :                              const char *attribute_to_match,
     473             :                              const struct ldb_val *value_to_match,
     474             :                              bool *matched)
     475             : {
     476      135480 :         unsigned int i;
     477      135480 :         struct ldb_message_element *el;
     478             : 
     479             :         /* find the message element */
     480     4529321 :         el = ldb_msg_find_element(msg, attribute_to_match);
     481     4529321 :         if (el == NULL) {
     482        5175 :                 *matched = false;
     483        5175 :                 return LDB_SUCCESS;
     484             :         }
     485             : 
     486     6574710 :         for (i=0;i<el->num_values;i++) {
     487      135433 :                 int ret;
     488     4524160 :                 struct ldb_val *v = &el->values[i];
     489             : 
     490     4524160 :                 ret = ldb_comparator_bitmask(oid, v, value_to_match, matched);
     491     4524160 :                 if (ret != LDB_SUCCESS) {
     492           0 :                         return ret;
     493             :                 }
     494     4524160 :                 if (*matched) {
     495     2398144 :                         return LDB_SUCCESS;
     496             :                 }
     497             :         }
     498             : 
     499     2050550 :         *matched = false;
     500     2050550 :         return LDB_SUCCESS;
     501             : }
     502             : 
     503             : /*
     504             :   always return false
     505             : */
     506        3373 : static int ldb_comparator_false(struct ldb_context *ldb,
     507             :                                 const char *oid,
     508             :                                 const struct ldb_message *msg,
     509             :                                 const char *attribute_to_match,
     510             :                                 const struct ldb_val *value_to_match,
     511             :                                 bool *matched)
     512             : {
     513        3373 :         *matched = false;
     514        3373 :         return LDB_SUCCESS;
     515             : }
     516             : 
     517             : 
     518    17133051 : static const struct ldb_extended_match_rule *ldb_find_extended_match_rule(struct ldb_context *ldb,
     519             :                                                                           const char *oid)
     520             : {
     521      622439 :         struct ldb_extended_match_entry *extended_match_rule;
     522             : 
     523    17133051 :         for (extended_match_rule = ldb->extended_match_rules;
     524    60676954 :              extended_match_rule;
     525    43543903 :              extended_match_rule = extended_match_rule->next) {
     526    56120680 :                 if (strcmp(extended_match_rule->rule->oid, oid) == 0) {
     527    12576777 :                         return extended_match_rule->rule;
     528             :                 }
     529             :         }
     530             : 
     531     4477209 :         return NULL;
     532             : }
     533             : 
     534             : 
     535             : /*
     536             :   extended match, handles things like bitops
     537             : */
     538    12576780 : static int ldb_match_extended(struct ldb_context *ldb, 
     539             :                               const struct ldb_message *msg,
     540             :                               const struct ldb_parse_tree *tree,
     541             :                               enum ldb_scope scope, bool *matched)
     542             : {
     543      543374 :         const struct ldb_extended_match_rule *rule;
     544             : 
     545    12576780 :         if (tree->u.extended.dnAttributes) {
     546             :                 /* FIXME: We really need to find out what this ":dn" part in
     547             :                  * an extended match means and how to handle it. For now print
     548             :                  * only a warning to have s3 winbind and other tools working
     549             :                  * against us. - Matthias */
     550         912 :                 ldb_debug(ldb, LDB_DEBUG_WARNING, "ldb: dnAttributes extended match not supported yet");
     551             :         }
     552    12576780 :         if (tree->u.extended.rule_id == NULL) {
     553           0 :                 ldb_debug(ldb, LDB_DEBUG_ERROR, "ldb: no-rule extended matches not supported yet");
     554           0 :                 return LDB_ERR_INAPPROPRIATE_MATCHING;
     555             :         }
     556    12576780 :         if (tree->u.extended.attr == NULL) {
     557           0 :                 ldb_debug(ldb, LDB_DEBUG_ERROR, "ldb: no-attribute extended matches not supported yet");
     558           0 :                 return LDB_ERR_INAPPROPRIATE_MATCHING;
     559             :         }
     560             : 
     561    12576780 :         rule = ldb_find_extended_match_rule(ldb, tree->u.extended.rule_id);
     562    12576780 :         if (rule == NULL) {
     563           3 :                 *matched = false;
     564           3 :                 ldb_debug(ldb, LDB_DEBUG_ERROR, "ldb: unknown extended rule_id %s",
     565           3 :                           tree->u.extended.rule_id);
     566           3 :                 return LDB_SUCCESS;
     567             :         }
     568             : 
     569    12576777 :         return rule->callback(ldb, rule->oid, msg,
     570    12033403 :                               tree->u.extended.attr,
     571             :                               &tree->u.extended.value, matched);
     572             : }
     573             : 
     574   752975016 : static bool ldb_must_suppress_match(const struct ldb_message *msg,
     575             :                                     const struct ldb_parse_tree *tree)
     576             : {
     577   752975016 :         const char *attr = NULL;
     578   752975016 :         struct ldb_message_element *el = NULL;
     579             : 
     580   752975016 :         attr = ldb_parse_tree_get_attr(tree);
     581   752975016 :         if (attr == NULL) {
     582   398036137 :                 return false;
     583             :         }
     584             : 
     585             :         /* find the message element */
     586   345464344 :         el = ldb_msg_find_element(msg, attr);
     587   345464344 :         if (el == NULL) {
     588   139969541 :                 return false;
     589             :         }
     590             : 
     591   202310090 :         return ldb_msg_element_is_inaccessible(el);
     592             : }
     593             : 
     594             : /*
     595             :   Check if a particular message will match the given filter
     596             : 
     597             :   set *matched to true if it matches, false otherwise
     598             : 
     599             :   returns LDB_SUCCESS or an error
     600             : 
     601             :   this is a recursive function, and does short-circuit evaluation
     602             :  */
     603   765551796 : int ldb_match_message(struct ldb_context *ldb,
     604             :                       const struct ldb_message *msg,
     605             :                       const struct ldb_parse_tree *tree,
     606             :                       enum ldb_scope scope, bool *matched)
     607             : {
     608    18087157 :         unsigned int i;
     609    18087157 :         int ret;
     610             : 
     611   765551796 :         *matched = false;
     612             : 
     613   765551796 :         if (scope != LDB_SCOPE_BASE && ldb_dn_is_special(msg->dn)) {
     614             :                 /* don't match special records except on base searches */
     615           0 :                 return LDB_SUCCESS;
     616             :         }
     617             : 
     618             :         /*
     619             :          * Suppress matches on confidential attributes (handled
     620             :          * manually in extended matches as these can do custom things
     621             :          * like read other parts of the DB or other attributes).
     622             :          */
     623   765551796 :         if (tree->operation != LDB_OP_EXTENDED) {
     624   752975016 :                 if (ldb_must_suppress_match(msg, tree)) {
     625        5417 :                         return LDB_SUCCESS;
     626             :                 }
     627             :         }
     628             : 
     629   765546379 :         switch (tree->operation) {
     630   136183793 :         case LDB_OP_AND:
     631   386844927 :                 for (i=0;i<tree->u.list.num_elements;i++) {
     632   270916399 :                         ret = ldb_match_message(ldb, msg, tree->u.list.elements[i], scope, matched);
     633   270916399 :                         if (ret != LDB_SUCCESS) return ret;
     634   270916384 :                         if (!*matched) return LDB_SUCCESS;
     635             :                 }
     636   115928528 :                 *matched = true;
     637   115928528 :                 return LDB_SUCCESS;
     638             : 
     639   134107123 :         case LDB_OP_OR:
     640   178954347 :                 for (i=0;i<tree->u.list.num_elements;i++) {
     641   172878566 :                         ret = ldb_match_message(ldb, msg, tree->u.list.elements[i], scope, matched);
     642   172878566 :                         if (ret != LDB_SUCCESS) return ret;
     643   172878566 :                         if (*matched) return LDB_SUCCESS;
     644             :                 }
     645     6075781 :                 *matched = false;
     646     6075781 :                 return LDB_SUCCESS;
     647             : 
     648   130657192 :         case LDB_OP_NOT:
     649   130657192 :                 ret = ldb_match_message(ldb, msg, tree->u.isnot.child, scope, matched);
     650   130657192 :                 if (ret != LDB_SUCCESS) return ret;
     651   130657192 :                 *matched = ! *matched;
     652   130657192 :                 return LDB_SUCCESS;
     653             : 
     654   280607105 :         case LDB_OP_EQUALITY:
     655   280607105 :                 return ldb_match_equality(ldb, msg, tree, scope, matched);
     656             : 
     657     3757999 :         case LDB_OP_SUBSTRING:
     658     3757999 :                 return ldb_match_substring(ldb, msg, tree, scope, matched);
     659             : 
     660     6107147 :         case LDB_OP_GREATER:
     661     6107147 :                 return ldb_match_comparison(ldb, msg, tree, scope, LDB_OP_GREATER, matched);
     662             : 
     663       64872 :         case LDB_OP_LESS:
     664       64872 :                 return ldb_match_comparison(ldb, msg, tree, scope, LDB_OP_LESS, matched);
     665             : 
     666    54921804 :         case LDB_OP_PRESENT:
     667    54921804 :                 return ldb_match_present(ldb, msg, tree, scope, matched);
     668             : 
     669           0 :         case LDB_OP_APPROX:
     670           0 :                 return ldb_match_comparison(ldb, msg, tree, scope, LDB_OP_APPROX, matched);
     671             : 
     672    12576780 :         case LDB_OP_EXTENDED:
     673    12576780 :                 return ldb_match_extended(ldb, msg, tree, scope, matched);
     674             :         }
     675             : 
     676           0 :         return LDB_ERR_INAPPROPRIATE_MATCHING;
     677             : }
     678             : 
     679             : /*
     680             :   return 0 if the given parse tree matches the given message. Assumes
     681             :   the message is in sorted order
     682             : 
     683             :   return 1 if it matches, and 0 if it doesn't match
     684             : */
     685             : 
     686           0 : int ldb_match_msg(struct ldb_context *ldb,
     687             :                   const struct ldb_message *msg,
     688             :                   const struct ldb_parse_tree *tree,
     689             :                   struct ldb_dn *base,
     690             :                   enum ldb_scope scope)
     691             : {
     692           0 :         bool matched;
     693           0 :         int ret;
     694             : 
     695           0 :         if ( ! ldb_match_scope(ldb, base, msg->dn, scope) ) {
     696           0 :                 return 0;
     697             :         }
     698             : 
     699           0 :         ret = ldb_match_message(ldb, msg, tree, scope, &matched);
     700           0 :         if (ret != LDB_SUCCESS) {
     701             :                 /* to match the old API, we need to consider this a
     702             :                    failure to match */
     703           0 :                 return 0;
     704             :         }
     705           0 :         return matched?1:0;
     706             : }
     707             : 
     708         254 : int ldb_match_msg_error(struct ldb_context *ldb,
     709             :                         const struct ldb_message *msg,
     710             :                         const struct ldb_parse_tree *tree,
     711             :                         struct ldb_dn *base,
     712             :                         enum ldb_scope scope,
     713             :                         bool *matched)
     714             : {
     715         254 :         if ( ! ldb_match_scope(ldb, base, msg->dn, scope) ) {
     716           0 :                 *matched = false;
     717           0 :                 return LDB_SUCCESS;
     718             :         }
     719             : 
     720         254 :         return ldb_match_message(ldb, msg, tree, scope, matched);
     721             : }
     722             : 
     723      891729 : int ldb_match_msg_objectclass(const struct ldb_message *msg,
     724             :                               const char *objectclass)
     725             : {
     726       29180 :         unsigned int i;
     727      891729 :         struct ldb_message_element *el = ldb_msg_find_element(msg, "objectClass");
     728      891729 :         if (!el) {
     729           0 :                 return 0;
     730             :         }
     731     3566901 :         for (i=0; i < el->num_values; i++) {
     732     3566888 :                 if (ldb_attr_cmp((const char *)el->values[i].data, objectclass) == 0) {
     733      862536 :                         return 1;
     734             :                 }
     735             :         }
     736          13 :         return 0;
     737             : }
     738             : 
     739      762441 : _PRIVATE_ int ldb_register_extended_match_rules(struct ldb_context *ldb)
     740             : {
     741       13260 :         struct ldb_extended_match_rule *bitmask_and;
     742       13260 :         struct ldb_extended_match_rule *bitmask_or;
     743       13260 :         struct ldb_extended_match_rule *always_false;
     744       13260 :         int ret;
     745             : 
     746             :         /* Register bitmask-and match */
     747      762441 :         bitmask_and = talloc_zero(ldb, struct ldb_extended_match_rule);
     748      762441 :         if (bitmask_and == NULL) {
     749           0 :                 return LDB_ERR_OPERATIONS_ERROR;
     750             :         }
     751             : 
     752      762441 :         bitmask_and->oid = LDB_OID_COMPARATOR_AND;
     753      762441 :         bitmask_and->callback = ldb_match_bitmask;
     754             : 
     755      762441 :         ret = ldb_register_extended_match_rule(ldb, bitmask_and);
     756      762441 :         if (ret != LDB_SUCCESS) {
     757           0 :                 return ret;
     758             :         }
     759             : 
     760             :         /* Register bitmask-or match */
     761      762441 :         bitmask_or = talloc_zero(ldb, struct ldb_extended_match_rule);
     762      762441 :         if (bitmask_or == NULL) {
     763           0 :                 return LDB_ERR_OPERATIONS_ERROR;
     764             :         }
     765             : 
     766      762441 :         bitmask_or->oid = LDB_OID_COMPARATOR_OR;
     767      762441 :         bitmask_or->callback = ldb_match_bitmask;
     768             : 
     769      762441 :         ret = ldb_register_extended_match_rule(ldb, bitmask_or);
     770      762441 :         if (ret != LDB_SUCCESS) {
     771           0 :                 return ret;
     772             :         }
     773             : 
     774             :         /* Register always-false match */
     775      762441 :         always_false = talloc_zero(ldb, struct ldb_extended_match_rule);
     776      762441 :         if (always_false == NULL) {
     777           0 :                 return LDB_ERR_OPERATIONS_ERROR;
     778             :         }
     779             : 
     780      762441 :         always_false->oid = SAMBA_LDAP_MATCH_ALWAYS_FALSE;
     781      762441 :         always_false->callback = ldb_comparator_false;
     782             : 
     783      762441 :         ret = ldb_register_extended_match_rule(ldb, always_false);
     784      762441 :         if (ret != LDB_SUCCESS) {
     785           0 :                 return ret;
     786             :         }
     787             : 
     788      749181 :         return LDB_SUCCESS;
     789             : }
     790             : 
     791             : /*
     792             :   register a new ldb extended matching rule
     793             : */
     794     4556271 : int ldb_register_extended_match_rule(struct ldb_context *ldb,
     795             :                                      const struct ldb_extended_match_rule *rule)
     796             : {
     797       79065 :         const struct ldb_extended_match_rule *lookup_rule;
     798       79065 :         struct ldb_extended_match_entry *entry;
     799             : 
     800     4556271 :         lookup_rule = ldb_find_extended_match_rule(ldb, rule->oid);
     801     4556271 :         if (lookup_rule) {
     802           0 :                 return LDB_ERR_ENTRY_ALREADY_EXISTS;
     803             :         }
     804             : 
     805     4556271 :         entry = talloc_zero(ldb, struct ldb_extended_match_entry);
     806     4556271 :         if (!entry) {
     807           0 :                 return LDB_ERR_OPERATIONS_ERROR;
     808             :         }
     809     4556271 :         entry->rule = rule;
     810     4556271 :         DLIST_ADD_END(ldb->extended_match_rules, entry);
     811             : 
     812     4477206 :         return LDB_SUCCESS;
     813             : }
     814             : 
     815      412389 : int ldb_register_redact_callback(struct ldb_context *ldb,
     816             :                                  ldb_redact_fn redact_fn,
     817             :                                  struct ldb_module *module)
     818             : {
     819      412389 :         if (ldb->redact.callback != NULL) {
     820           0 :                 return LDB_ERR_ENTRY_ALREADY_EXISTS;
     821             :         }
     822             : 
     823      412389 :         ldb->redact.callback = redact_fn;
     824      412389 :         ldb->redact.module = module;
     825      412389 :         return LDB_SUCCESS;
     826             : }

Generated by: LCOV version 1.14