aboutsummaryrefslogblamecommitdiff
path: root/src/eldap_filter.erl
blob: 4e554572d9dcaf94971a51022a4b93022c4900a6 (plain) (tree) 
22f928122

7d2a1af9d




1405e9d37

22f928122


b3211b1f7

22f928122










f09509502

8538997d6



22f928122


7d2a1af9d

7d2a1af9d

1405e9d37

1405e9d37

7d2a1af9d

1405e9d37




7d2a1af9d










1405e9d37

7d2a1af9d

1405e9d37



9deb29432



1405e9d37

7d2a1af9d

1405e9d37

7d2a1af9d











6e5439db5

7d2a1af9d













1405e9d37

9deb29432






6cc6c04c4


1405e9d37






7d2a1af9d


1405e9d37



9deb29432

1405e9d37


9deb29432

1405e9d37


9deb29432

1405e9d37










9deb29432



1405e9d37





9deb29432

1405e9d37



9deb29432

1405e9d37


9deb29432

7d2a1af9d



9deb29432



7d2a1af9d


9deb29432


bb4f9f63b



bb4f9f63b


7d2a1af9d



ce7b008b8












7d2a1af9d






ce7b008b8












7d2a1af9d


9deb29432







1

2
3
4
5

6

7
8

9

10
11
12
13
14
15
16
17
18
19

20

21
22
23

24
25

26

27

28

29

30

31
32
33
34

35
36
37
38
39
40
41
42
43
44

45

46

47
48
49

50
51
52

53

54

55

56
57
58
59
60
61
62
63
64
65
66

67

68
69
70
71
72
73
74
75
76
77
78
79
80

81

82
83
84
85
86
87

88
89

90
91
92
93
94
95

96
97

98
99
100

101

102
103

104

105
106

107

108
109
110
111
112
113
114
115
116
117

118
119
120

121
122
123
124
125

126

127
128
129

130

131
132

133

134
135
136

137
138
139

140
141

142
143

144
145
146

147
148

149
150
151

152
153
154
155
156
157
158
159
160
161
162
163

164
165
166
167
168
169

170
171
172
173
174
175
176
177
178
179
180
181

182
183

184
185
186
187
188
189
190

                                                                         



                                                  
                                                           

   
                                                  









                                                                      
   


                                                                           

                                                                         
                      
 
                                                        
                                      
 



                                                                      









                                                                                
                                                       
   


                                                                                


                                                               
                 
 
                                                                      










                                                                        
                                                                          












                                                            
                                                                      





                                                                         

                            





                               

        


                                                                      
                                                                                

                 
                                          

                                           
                                                                              









                                                            


                                                                          




                                                         
                                                               


                                           
                 

                
                                               


                            


                                                                          

                

                  


                                                       

                                                              


                                 











                                                           





                                        











                                                               

        






                                   
%%%----------------------------------------------------------------------
%%% File:    eldap_filter.erl
%%% Purpose: Converts String Representation of
%%%            LDAP Search Filter (RFC 2254)
%%%            to eldap's representation of filter
%%% Author:  Evgeniy Khramtsov <ekhramtsov@process-one.net>
%%%
%%%
%%% ejabberd, Copyright (C) 2002-2022   ProcessOne
%%%
%%% This program is free software; you can redistribute it and/or
%%% modify it under the terms of the GNU General Public License as
%%% published by the Free Software Foundation; either version 2 of the
%%% License, or (at your option) any later version.
%%%
%%% This program is distributed in the hope that it will be useful,
%%% but WITHOUT ANY WARRANTY; without even the implied warranty of
%%% MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
%%% General Public License for more details.
%%%
%%% You should have received a copy of the GNU General Public License along
%%% with this program; if not, write to the Free Software Foundation, Inc.,
%%% 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
%%%
%%%----------------------------------------------------------------------
-module(eldap_filter).

%% TODO: remove this when new regexp module will be used
-export([parse/1, parse/2, do_sub/2]).

%%====================================================================
%% API
%%====================================================================
%%%-------------------------------------------------------------------
%%% Arity: parse/1
%%% Function: parse(RFC2254_Filter) -> {ok, EldapFilter}   |
%%%                                    {error, bad_filter}
%%%
%%%           RFC2254_Filter = string().
%%%
%%% Description: Converts String Representation of LDAP Search Filter (RFC 2254)
%%%              to eldap's representation of filter.
%%%
%%% Example:
%%%   > eldap_filter:parse("(&(!(uid<=100))(mail=*))").
%%%
%%%   {ok,{'and',[{'not',{lessOrEqual,{'AttributeValueAssertion',"uid","100"}}},
%%%           {present,"mail"}]}}
%%%-------------------------------------------------------------------
-spec parse(binary()) -> {error, any()} | {ok, eldap:filter()}.

parse(L) ->
    parse(L, []).

%%%-------------------------------------------------------------------
%%% Arity: parse/2
%%% Function: parse(RFC2254_Filter, [SubstValue |...]) ->
%%%                                  {ok, EldapFilter}                 |
%%%                                  {error, bad_filter}               |
%%%                                  {error, bad_regexp}               |
%%%                                  {error, max_substitute_recursion}
%%%
%%%           SubstValue = {RegExp, Value} | {RegExp, Value, N},
%%%           RFC2254_Filter = RegExp = Value = string(),
%%%           N = integer().
%%%
%%% Description: The same as parse/1, but substitutes N or all occurrences
%%%              of RegExp with Value *after* parsing.
%%%
%%% Example:
%%%    > eldap_filter:parse(
%%%            "(|(mail=%u@%d)(jid=%u@%d))",
%%%            [{"%u", "xramtsov"},{"%d","gmail.com"}]).
%%%
%%%    {ok,{'or',[{equalityMatch,{'AttributeValueAssertion',
%%%                              "mail",
%%%                              "xramtsov@gmail.com"}},
%%%           {equalityMatch,{'AttributeValueAssertion',
%%%                              "jid",
%%%                              "xramtsov@gmail.com"}}]}}
%%%-------------------------------------------------------------------
-spec parse(binary(), [{binary(), binary()} |
                       {binary(), binary(), pos_integer()}]) ->
                   {error, any()} | {ok, eldap:filter()}.

parse(L, SList) ->
    case catch eldap_filter_yecc:parse(scan(binary_to_list(L), SList)) of
        {'EXIT', _} = Err ->
            {error, Err};
	{error, {_, _, Msg}} ->
	    {error, Msg};
	{ok, Result} ->
	    {ok, Result};
	{regexp, Err} ->
	    {error, Err}
    end.

%%====================================================================
%% Internal functions
%%====================================================================
-define(do_scan(L), scan(Rest, <<>>, [{L, 1} | check(Buf, S) ++ Result], L, S)).

scan(L, SList) ->
    scan(L, <<"">>, [], undefined, SList).

scan("=*)" ++ Rest, Buf, Result, '(', S) ->
    scan(Rest, <<>>, [{')', 1}, {'=*', 1} | check(Buf, S) ++ Result], ')', S);
scan(":dn" ++ Rest, Buf, Result, '(', S) -> ?do_scan(':dn');
scan(":=" ++ Rest, Buf, Result, '(', S) -> ?do_scan(':=');
scan(":=" ++ Rest, Buf, Result, ':dn', S) -> ?do_scan(':=');
scan(":=" ++ Rest, Buf, Result, ':', S) -> ?do_scan(':=');
scan("~=" ++ Rest, Buf, Result, '(', S) -> ?do_scan('~=');
scan(">=" ++ Rest, Buf, Result, '(', S) -> ?do_scan('>=');
scan("<=" ++ Rest, Buf, Result, '(', S) -> ?do_scan('<=');
scan("="  ++ Rest, Buf, Result, '(', S) -> ?do_scan('=');
scan(":"  ++ Rest, Buf, Result, '(', S) -> ?do_scan(':');
scan(":"  ++ Rest, Buf, Result, ':dn', S) -> ?do_scan(':');
scan("&"  ++ Rest, Buf, Result, '(', S) when Buf==<<"">> -> ?do_scan('&');
scan("|"  ++ Rest, Buf, Result, '(', S) when Buf==<<"">> -> ?do_scan('|');
scan("!"  ++ Rest, Buf, Result, '(', S) when Buf==<<"">> -> ?do_scan('!');
scan("*"  ++ Rest, Buf, Result, '*', S) -> ?do_scan('*');
scan("*"  ++ Rest, Buf, Result, '=', S) -> ?do_scan('*');
scan("("  ++ Rest, Buf, Result, _, S) -> ?do_scan('(');
scan(")"  ++ Rest, Buf, Result, _, S) -> ?do_scan(')');
scan([Letter | Rest], Buf, Result, PreviosAtom, S) ->
    scan(Rest, <<Buf/binary, Letter>>, Result, PreviosAtom, S);
scan([], Buf, Result, _, S) ->
    lists:reverse(check(Buf, S) ++ Result).

check(<<>>, _) ->
    [];
check(Buf, S) ->
    [{str, 1, binary_to_list(do_sub(Buf, S))}].

-define(MAX_RECURSION, 100).

-spec do_sub(binary(), [{binary(), binary()} |
                        {binary(), binary(), pos_integer()}]) -> binary().

do_sub(S, []) ->
    S;
do_sub(<<>>, _) ->
    <<>>;
do_sub(S, [{RegExp, New} | T]) ->
    Result = do_sub(S, {RegExp, replace_amps(New)}, 1),
    do_sub(Result, T);
do_sub(S, [{RegExp, New, Times} | T]) ->
    Result = do_sub(S, {RegExp, replace_amps(New), Times}, 1),
    do_sub(Result, T).

do_sub(S, {RegExp, New}, Iter) ->
    case ejabberd_regexp:run(S, RegExp) of
        match ->
            case ejabberd_regexp:replace(S, RegExp, New) of
                NewS when Iter =< ?MAX_RECURSION ->
                    do_sub(NewS, {RegExp, New}, Iter+1);
                _NewS when Iter > ?MAX_RECURSION ->
                    erlang:error(max_substitute_recursion)
            end;
        nomatch ->
            S;
        _ ->
            erlang:error(bad_regexp)
    end;

do_sub(S, {_, _, N}, _) when N<1 ->
    S;

do_sub(S, {RegExp, New, Times}, Iter) ->
    case ejabberd_regexp:run(S, RegExp) of
        match ->
            case ejabberd_regexp:replace(S, RegExp, New) of
                NewS when Iter < Times ->
                    do_sub(NewS, {RegExp, New, Times}, Iter+1);
                NewS ->
                    NewS
            end;
        nomatch ->
            S;
        _ ->
            erlang:error(bad_regexp)
    end.

replace_amps(Bin) ->
    list_to_binary(
      lists:flatmap(
        fun($&) -> "\\&";
           ($\\) -> "\\\\";
           (Chr) -> [Chr]
        end, binary_to_list(Bin))).
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-18 12:59:52 +0000