/*
 * Copyright 2001-2002 Sun Microsystems, Inc.  All rights reserved.
 * Use is subject to license terms.
 */

#pragma ident	"%Z%%M%	%I%	%E% SMI"


/*
 * The contents of this file are subject to the Netscape Public
 * License Version 1.1 (the "License"); you may not use this file
 * except in compliance with the License. You may obtain a copy of
 * the License at http://www.mozilla.org/NPL/
 *
 * Software distributed under the License is distributed on an "AS
 * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
 * implied. See the License for the specific language governing
 * rights and limitations under the License.
 *
 * The Original Code is Mozilla Communicator client code, released
 * March 31, 1998.
 *
 * The Initial Developer of the Original Code is Netscape
 * Communications Corporation. Portions created by Netscape are
 * Copyright (C) 1998-1999 Netscape Communications Corporation. All
 * Rights Reserved.
 *
 * Contributor(s):
 */
/*
 *  Copyright (c) 1990 Regents of the University of Michigan.
 *  All rights reserved.
 */
/*
 *  search.c
 */

#if 0
#ifndef lint 
static char copyright[] = "@(#) Copyright (c) 1990 Regents of the University of Michigan.\nAll rights reserved.\n";
#endif
#endif

#include "ldap-int.h"

static int nsldapi_timeval2ldaplimit( struct timeval *timeoutp,
	int defaultvalue );
static int nsldapi_search( LDAP *ld, const char *base, int scope,
	const char *filter, char **attrs, int attrsonly,
	LDAPControl **serverctrls, LDAPControl **clientctrls,
	int timelimit, int sizelimit, int *msgidp );
static char *find_right_paren( char *s );
static char *put_complex_filter( BerElement *ber, char *str,
	ber_tag_t tag, int not );
static int unescape_filterval( char *str );
static int hexchar2int( char c );
static int is_valid_attr( char *a );
static int put_simple_filter( BerElement *ber, char *str );
static int put_substring_filter( BerElement *ber, char *type,
	char *str );
static int put_filter_list( BerElement *ber, char *str );
static int nsldapi_search_s( LDAP *ld, const char *base, int scope, 
	const char *filter, char **attrs, int attrsonly,
	LDAPControl **serverctrls, LDAPControl **clientctrls,
	struct timeval *localtimeoutp, int timelimit, int sizelimit,
	LDAPMessage **res );

/*
 * ldap_search - initiate an ldap search operation.  Parameters:
 *
 *	ld		LDAP descriptor
 *	base		DN of the base object
 *	scope		the search scope - one of LDAP_SCOPE_BASE,
 *			    LDAP_SCOPE_ONELEVEL, LDAP_SCOPE_SUBTREE
 *	filter		a string containing the search filter
 *			(e.g., "(|(cn=bob)(sn=bob))")
 *	attrs		list of attribute types to return for matches
 *	attrsonly	1 => attributes only 0 => attributes and values
 *
 * Example:
 *	char	*attrs[] = { "mail", "title", 0 };
 *	msgid = ldap_search( ld, "c=us@o=UM", LDAP_SCOPE_SUBTREE, "cn~=bob",
 *	    attrs, attrsonly );
 */
int
LDAP_CALL
ldap_search(
    LDAP 	*ld,
    const char 	*base,
    int 	scope,
    const char 	*filter,
    char 	**attrs,
    int 	attrsonly
)
{
	int		msgid;

	LDAPDebug( LDAP_DEBUG_TRACE, "ldap_search\n", 0, 0, 0 );

	if ( ldap_search_ext( ld, base, scope, filter, attrs, attrsonly, NULL,
	    NULL, NULL, -1, &msgid ) == LDAP_SUCCESS ) {
		return( msgid );
	} else {
		return( -1 );	/* error is in ld handle */
	}
}


/*
 * LDAPv3 extended search.
 * Returns an LDAP error code.
 */
int
LDAP_CALL
ldap_search_ext(
    LDAP 		*ld,
    const char 		*base,
    int 		scope,
    const char 		*filter,
    char 		**attrs,
    int 		attrsonly,
    LDAPControl		**serverctrls,
    LDAPControl		**clientctrls,
    struct timeval	*timeoutp,	/* NULL means use ld->ld_timelimit */
    int			sizelimit,
    int			*msgidp
)
{
	/*
	 * It is an error to pass in a zero'd timeval.
	 */
	if ( timeoutp != NULL && timeoutp->tv_sec == 0 &&
	    timeoutp->tv_usec == 0 ) {
		if ( ld != NULL ) {
			LDAP_SET_LDERRNO( ld, LDAP_PARAM_ERROR, NULL, NULL );
		}
                return( LDAP_PARAM_ERROR );
        }

	return( nsldapi_search( ld, base, scope, filter, attrs, attrsonly,
	    serverctrls, clientctrls,
	    nsldapi_timeval2ldaplimit( timeoutp, -1 ), sizelimit, msgidp ));
}


/*
 * Like ldap_search_ext() except an integer timelimit is passed instead of
 * using the overloaded struct timeval *timeoutp.
 */
static int
nsldapi_search(
    LDAP 		*ld,
    const char 		*base,
    int 		scope,
    const char 		*filter,
    char 		**attrs,
    int 		attrsonly,
    LDAPControl		**serverctrls,
    LDAPControl		**clientctrls,
    int			timelimit,	/* -1 means use ld->ld_timelimit */
    int			sizelimit,	/* -1 means use ld->ld_sizelimit */
    int			*msgidp
)
{
	BerElement	*ber;
	int		rc, rc_key;
	unsigned long	key;	/* XXXmcs: memcache */

	LDAPDebug( LDAP_DEBUG_TRACE, "ldap_search_ext\n", 0, 0, 0 );

	if ( !NSLDAPI_VALID_LDAP_POINTER( ld )) {
		return( LDAP_PARAM_ERROR );
	}

	if ( base == NULL ) {
	    base = "";
	}

	if ( filter == NULL ) {
	    filter = "(objectclass=*)";
	}

	if ( msgidp == NULL || ( scope != LDAP_SCOPE_BASE
	    && scope != LDAP_SCOPE_ONELEVEL && scope != LDAP_SCOPE_SUBTREE )
		|| ( sizelimit < -1 )) {
		LDAP_SET_LDERRNO( ld, LDAP_PARAM_ERROR, NULL, NULL );
                return( LDAP_PARAM_ERROR );
        }
	LDAP_MUTEX_LOCK( ld, LDAP_MSGID_LOCK );
	*msgidp = ++ld->ld_msgid;
	LDAP_MUTEX_UNLOCK( ld, LDAP_MSGID_LOCK );

	/*
	 * XXXmcs: should use cache function pointers to hook in memcache
	 */
	if ( ld->ld_memcache == NULL ) {
		rc_key = LDAP_NOT_SUPPORTED;
	} else if (( rc_key = ldap_memcache_createkey( ld, base, scope, filter,
	    attrs, attrsonly, serverctrls, clientctrls, &key)) == LDAP_SUCCESS
	    && ldap_memcache_result( ld, *msgidp, key ) == LDAP_SUCCESS ) {
		return LDAP_SUCCESS;
	}

	/* check the cache */
	if ( ld->ld_cache_on && ld->ld_cache_search != NULL ) {
		LDAP_MUTEX_LOCK( ld, LDAP_CACHE_LOCK );
		if ( (rc = (ld->ld_cache_search)( ld, *msgidp, LDAP_REQ_SEARCH,
		    base, scope, filter, attrs, attrsonly )) != 0 ) {
			*msgidp = rc;
			LDAP_MUTEX_UNLOCK( ld, LDAP_CACHE_LOCK );
			return( LDAP_SUCCESS );
		}
		LDAP_MUTEX_UNLOCK( ld, LDAP_CACHE_LOCK );
	}

	/* caching off or did not find it in the cache - check the net */
	if (( rc = nsldapi_build_search_req( ld, base, scope, filter, attrs,
	    attrsonly, serverctrls, clientctrls, timelimit, sizelimit,
	    *msgidp, &ber )) != LDAP_SUCCESS ) {
		return( rc );
	}

	/* send the message */
	rc = nsldapi_send_initial_request( ld, *msgidp, LDAP_REQ_SEARCH,
		(char *) base, ber );

	/*
	 * XXXmcs: should use cache function pointers to hook in memcache
	 */
	if ( (rc_key == LDAP_SUCCESS) && (rc >= 0) ) {
		ldap_memcache_new( ld, rc, key, base );
	}

	*msgidp = rc;
	return( rc < 0 ? LDAP_GET_LDERRNO( ld, NULL, NULL ) : LDAP_SUCCESS );
}


/*
 * Convert a non-NULL timeoutp to a value in seconds that is appropriate to
 * send in an LDAP search request.  If timeoutp is NULL, return defaultvalue.
 */
static int
nsldapi_timeval2ldaplimit( struct timeval *timeoutp, int defaultvalue )
{
	int		timelimit;

	if ( NULL == timeoutp ) {
		timelimit = defaultvalue;
	} else if ( timeoutp->tv_sec > 0 ) {
		timelimit = timeoutp->tv_sec;
	} else if ( timeoutp->tv_usec > 0 ) {
		timelimit = 1;	/* minimum we can express in LDAP */
	} else {
		/*
		 * both tv_sec and tv_usec are less than one (zero?) so
		 * to maintain compatiblity with our "zero means no limit"
		 * convention we pass no limit to the server.
		 */
		timelimit = 0;	/* no limit */
	}

	return( timelimit );
}


/* returns an LDAP error code and also sets it in ld */
int
nsldapi_build_search_req(
    LDAP		*ld, 
    const char		*base, 
    int			scope, 
    const char		*filter,
    char		**attrs, 
    int			attrsonly,
    LDAPControl		**serverctrls,
    LDAPControl		**clientctrls,	/* not used for anything yet */
    int			timelimit,	/* if -1, ld->ld_timelimit is used */
    int			sizelimit,	/* if -1, ld->ld_sizelimit is used */
    int			msgid,
    BerElement		**berp
)
{
	BerElement	*ber;
	int		err;
	char		*fdup;

	/*
	 * Create the search request.  It looks like this:
	 *	SearchRequest := [APPLICATION 3] SEQUENCE {
	 *		baseObject	DistinguishedName,
	 *		scope		ENUMERATED {
	 *			baseObject	(0),
	 *			singleLevel	(1),
	 *			wholeSubtree	(2)
	 *		},
	 *		derefAliases	ENUMERATED {
	 *			neverDerefaliases	(0),
	 *			derefInSearching	(1),
	 *			derefFindingBaseObj	(2),
	 *			alwaysDerefAliases	(3)
	 *		},
	 *		sizelimit	INTEGER (0 .. 65535),
	 *		timelimit	INTEGER (0 .. 65535),
	 *		attrsOnly	BOOLEAN,
	 *		filter		Filter,
	 *		attributes	SEQUENCE OF AttributeType
	 *	}
	 * wrapped in an ldap message.
	 */

	/* create a message to send */
	if (( err = nsldapi_alloc_ber_with_options( ld, &ber ))
	    != LDAP_SUCCESS ) {
		return( err );
	}

	if ( base == NULL ) {
	    base = "";
	}

	if ( sizelimit == -1 ) {
	    sizelimit = ld->ld_sizelimit;
	}

	if ( timelimit == -1 ) {
	    timelimit = ld->ld_timelimit;
	}

#ifdef CLDAP
	if ( ld->ld_sbp->sb_naddr > 0 ) {
	    err = ber_printf( ber, "{ist{seeiib", msgid,
		ld->ld_cldapdn, LDAP_REQ_SEARCH, base, scope, ld->ld_deref,
		sizelimit, timelimit, attrsonly );
	} else {
#endif /* CLDAP */
		err = ber_printf( ber, "{it{seeiib", msgid,
		    LDAP_REQ_SEARCH, base, scope, ld->ld_deref,
		    sizelimit, timelimit, attrsonly );
#ifdef CLDAP
	}
#endif /* CLDAP */

	if ( err == -1 ) {
		LDAP_SET_LDERRNO( ld, LDAP_ENCODING_ERROR, NULL, NULL );
		ber_free( ber, 1 );
		return( LDAP_ENCODING_ERROR );
	}

	fdup = nsldapi_strdup( filter );
	if (fdup == NULL) {
		LDAP_SET_LDERRNO( ld, LDAP_NO_MEMORY, NULL, NULL );
		ber_free( ber, 1 );
		return( LDAP_NO_MEMORY );
	}
        err = ldap_put_filter( ber, fdup );
	NSLDAPI_FREE( fdup );

	if ( err == -1 ) {
		LDAP_SET_LDERRNO( ld, LDAP_FILTER_ERROR, NULL, NULL );
		ber_free( ber, 1 );
		return( LDAP_FILTER_ERROR );
	}

	if ( ber_printf( ber, "{v}}", attrs ) == -1 ) {
		LDAP_SET_LDERRNO( ld, LDAP_ENCODING_ERROR, NULL, NULL );
		ber_free( ber, 1 );
		return( LDAP_ENCODING_ERROR );
	}

	if ( (err = nsldapi_put_controls( ld, serverctrls, 1, ber ))
	    != LDAP_SUCCESS ) {
		ber_free( ber, 1 );
		return( err );
	}

	*berp = ber;
	return( LDAP_SUCCESS );
}

static char *
find_right_paren( char *s )
{
	int	balance, escape;

	balance = 1;
	escape = 0;
	while ( *s && balance ) {
		if ( escape == 0 ) {
			if ( *s == '(' )
				balance++;
			else if ( *s == ')' )
				balance--;
		}
		if ( *s == '\\' && ! escape )
			escape = 1;
		else
			escape = 0;
		if ( balance )
			s++;
	}

	return( *s ? s : NULL );
}

static char *
put_complex_filter(
    BerElement		*ber, 
    char		*str, 
    ber_tag_t		tag, 
    int			not 
)
{
	char	*next;

	/*
	 * We have (x(filter)...) with str sitting on
	 * the x.  We have to find the paren matching
	 * the one before the x and put the intervening
	 * filters by calling put_filter_list().
	 */

	/* put explicit tag */
	if ( ber_printf( ber, "t{", tag ) == -1 )
		return( NULL );

	str++;
	if ( (next = find_right_paren( str )) == NULL )
		return( NULL );

	*next = '\0';
	if ( put_filter_list( ber, str ) == -1 )
		return( NULL );
	*next++ = ')';

	/* flush explicit tagged thang */
	if ( ber_printf( ber, "}" ) == -1 )
		return( NULL );

	return( next );
}

int
ldap_put_filter( BerElement *ber, char *str )
{
	char	*next;
	int	parens, balance, escape;

	/*
	 * A Filter looks like this:
	 *      Filter ::= CHOICE {
	 *              and             [0]     SET OF Filter,
	 *              or              [1]     SET OF Filter,
	 *              not             [2]     Filter,
	 *              equalityMatch   [3]     AttributeValueAssertion,
	 *              substrings      [4]     SubstringFilter,
	 *              greaterOrEqual  [5]     AttributeValueAssertion,
	 *              lessOrEqual     [6]     AttributeValueAssertion,
	 *              present         [7]     AttributeType,,
	 *              approxMatch     [8]     AttributeValueAssertion
	 *      }
	 *
	 *      SubstringFilter ::= SEQUENCE {
	 *              type               AttributeType,
	 *              SEQUENCE OF CHOICE {
	 *                      initial          [0] IA5String,
	 *                      any              [1] IA5String,
	 *                      final            [2] IA5String
	 *              }
	 *      }
	 * Note: tags in a choice are always explicit
	 */

	LDAPDebug( LDAP_DEBUG_TRACE, "put_filter \"%s\"\n", str, 0, 0 );

	parens = 0;
	while ( *str ) {
		switch ( *str ) {
		case '(':
			str++;
			parens++;
			switch ( *str ) {
			case '&':
				LDAPDebug( LDAP_DEBUG_TRACE, "put_filter: AND\n",
				    0, 0, 0 );

				if ( (str = put_complex_filter( ber, str,
				    LDAP_FILTER_AND, 0 )) == NULL )
					return( -1 );

				parens--;
				break;

			case '|':
				LDAPDebug( LDAP_DEBUG_TRACE, "put_filter: OR\n",
				    0, 0, 0 );

				if ( (str = put_complex_filter( ber, str,
				    LDAP_FILTER_OR, 0 )) == NULL )
					return( -1 );

				parens--;
				break;

			case '!':
				LDAPDebug( LDAP_DEBUG_TRACE, "put_filter: NOT\n",
				    0, 0, 0 );

				if ( (str = put_complex_filter( ber, str,
				    LDAP_FILTER_NOT, 1 )) == NULL )
					return( -1 );

				parens--;
				break;

			default:
				LDAPDebug( LDAP_DEBUG_TRACE,
				    "put_filter: simple\n", 0, 0, 0 );

				balance = 1;
				escape = 0;
				next = str;
				while ( *next && balance ) {
					if ( escape == 0 ) {
						if ( *next == '(' )
							balance++;
						else if ( *next == ')' )
							balance--;
					}
					if ( *next == '\\' && ! escape )
						escape = 1;
					else
						escape = 0;
					if ( balance )
						next++;
				}
				if ( balance != 0 )
					return( -1 );

				*next = '\0';
				if ( put_simple_filter( ber, str ) == -1 ) {
					return( -1 );
				}
				*next++ = ')';
				str = next;
				parens--;
				break;
			}
			break;

		case ')':
			LDAPDebug( LDAP_DEBUG_TRACE, "put_filter: end\n", 0, 0,
			    0 );
			if ( ber_printf( ber, "]" ) == -1 )
				return( -1 );
			str++;
			parens--;
			break;

		case ' ':
			str++;
			break;

		default:	/* assume it's a simple type=value filter */
			LDAPDebug( LDAP_DEBUG_TRACE, "put_filter: default\n", 0, 0,
			    0 );
			next = strchr( str, '\0' );
			if ( put_simple_filter( ber, str ) == -1 ) {
				return( -1 );
			}
			str = next;
			break;
		}
	}

	return( parens ? -1 : 0 );
}


/*
 * Put a list of filters like this "(filter1)(filter2)..."
 */

static int
put_filter_list( BerElement *ber, char *str )
{
	char	*next;
	char	save;

	LDAPDebug( LDAP_DEBUG_TRACE, "put_filter_list \"%s\"\n", str, 0, 0 );

	while ( *str ) {
		while ( *str && isspace( *str ) )
			str++;
		if ( *str == '\0' )
			break;

		if ( (next = find_right_paren( str + 1 )) == NULL )
			return( -1 );
		save = *++next;

		/* now we have "(filter)" with str pointing to it */
		*next = '\0';
                if ( ldap_put_filter( ber, str ) == -1 )
			return( -1 );
		*next = save;

		str = next;
	}

	return( 0 );
}


/*
 * is_valid_attr - returns 1 if a is a syntactically valid left-hand side
 * of a filter expression, 0 otherwise.  A valid string may contain only
 * letters, numbers, hyphens, semi-colons, colons and periods. examples:
 *	cn
 *	cn;lang-fr
 *	1.2.3.4;binary;dynamic
 *	mail;dynamic
 *	cn:dn:1.2.3.4
 *
 * For compatibility with older servers, we also allow underscores in
 * attribute types, even through they are not allowed by the LDAPv3 RFCs.
 */
static int
is_valid_attr( char *a )
{
	for ( ; *a; a++ ) {
	    if ( !isascii( *a ) ) {
		return( 0 );
	    } else if ( !isalnum( *a ) ) {
		switch ( *a ) {
		  case '-':
		  case '.':
		  case ';':
		  case ':':
		  case '_':
		    break; /* valid */
		  default:
		    return( 0 );
		}
	    }
	}

	return( 1 );
}

static char *
find_star( char *s )
{
    for ( ; *s; ++s ) {
	switch ( *s ) {
	  case '*': return s;
	  case '\\':
	    ++s;
	    if ( hexchar2int(s[0]) >= 0 && hexchar2int(s[1]) >= 0 ) ++s;
	  default: break;
	}
    }
    return NULL;
}

static int
put_simple_filter( BerElement *ber, char *str )
{
	char		*s, *s2, *s3, filterop;
	char		*value;
	ber_uint_t	ftype;
	int		rc, len;
	char		*oid;	/* for v3 extended filter */
	int		dnattr;	/* for v3 extended filter */

	LDAPDebug( LDAP_DEBUG_TRACE, "put_simple_filter \"%s\"\n", str, 0, 0 );

	rc = -1;	/* pessimistic */

	if (( str = nsldapi_strdup( str )) == NULL ) {
		return( rc );
	}

	if ( (s = strchr( str, '=' )) == NULL ) {
		goto free_and_return;
	}
	value = s + 1;
	*s-- = '\0';
	filterop = *s;
	if ( filterop == '<' || filterop == '>' || filterop == '~' ||
	    filterop == ':' ) {
		*s = '\0';
	}

	if ( ! is_valid_attr( str ) ) {
		goto free_and_return;
	}

	switch ( filterop ) {
	case '<':
		ftype = LDAP_FILTER_LE;
		break;
	case '>':
		ftype = LDAP_FILTER_GE;
		break;
	case '~':
		ftype = LDAP_FILTER_APPROX;
		break;
	case ':':	/* extended filter - v3 only */
		/*
		 * extended filter looks like this:
		 *
		 *	[type][':dn'][':'oid]':='value
		 *
		 * where one of type or :oid is required.
		 *
		 */
		ftype = LDAP_FILTER_EXTENDED;
		s2 = s3 = NULL;
		if ( (s2 = strrchr( str, ':' )) == NULL ) {
			goto free_and_return;
		}
		if ( strcasecmp( s2, ":dn" ) == 0 ) {
			oid = NULL;
			dnattr = 1;
			*s2 = '\0';
		} else {
			oid = s2 + 1;
			dnattr = 0;
			*s2 = '\0';
			if ( (s3 = strrchr( str, ':' )) != NULL ) {
				if ( strcasecmp( s3, ":dn" ) == 0 ) {
					dnattr = 1;
				} else {
					goto free_and_return;
				}
				*s3 = '\0';
			}
		}
		if ( (rc = ber_printf( ber, "t{", ftype )) == -1 ) {
			goto free_and_return;
		}
		if ( oid != NULL ) {
			if ( (rc = ber_printf( ber, "ts", LDAP_TAG_MRA_OID,
			    oid )) == -1 ) {
				goto free_and_return;
			}
		}
		if ( *str != '\0' ) {
			if ( (rc = ber_printf( ber, "ts",
			    LDAP_TAG_MRA_TYPE, str )) == -1 ) {
				goto free_and_return;
			}
		}
		if (( len = unescape_filterval( value )) < 0 ||
		    ( rc = ber_printf( ber, "totb}", LDAP_TAG_MRA_VALUE,
		    value, len, LDAP_TAG_MRA_DNATTRS, dnattr )) == -1 ) {
			goto free_and_return;
		}
		rc = 0;
		goto free_and_return;
		/* break; */
	default:
		if ( find_star( value ) == NULL ) {
			ftype = LDAP_FILTER_EQUALITY;
		} else if ( strcmp( value, "*" ) == 0 ) {
			ftype = LDAP_FILTER_PRESENT;
		} else {
			rc = put_substring_filter( ber, str, value );
			goto free_and_return;
		}
		break;
	}

	if ( ftype == LDAP_FILTER_PRESENT ) {
		rc = ber_printf( ber, "ts", ftype, str );
	} else if (( len = unescape_filterval( value )) >= 0 ) {
		rc = ber_printf( ber, "t{so}", ftype, str, value, len );
	}
	if ( rc != -1 ) {
		rc = 0;
	}

free_and_return:
	NSLDAPI_FREE( str );
	return( rc );
}


/*
 * Undo in place both LDAPv2 (RFC-1960) and LDAPv3 (hexadecimal) escape
 * sequences within the null-terminated string 'val'.  The resulting value
 * may contain null characters.
 *
 * If 'val' contains invalid escape sequences we return -1.
 * Otherwise the length of the unescaped value is returned.
 */
static int
unescape_filterval( char *val )
{
	int	escape, firstdigit, ival; 
	char	*s, *d;

	escape = 0;
	for ( s = d = val; *s; s++ ) {
		if ( escape ) {
			/*
			 * first try LDAPv3 escape (hexadecimal) sequence
			 */
			if (( ival = hexchar2int( *s )) < 0 ) {
				if ( firstdigit ) {
					/*
					 * LDAPv2 (RFC1960) escape sequence
					 */
					*d++ = *s;
					escape = 0;
				} else {
					return(-1);
				}
			}
			if ( firstdigit ) {
			    *d = ( ival<<4 );
			    firstdigit = 0;
			} else {
			    *d++ |= ival;
			    escape = 0;
			}

		} else if ( *s != '\\' ) {
			*d++ = *s;
			escape = 0;

		} else {
			escape = 1;
			firstdigit = 1;
		}
	}

	return( d - val );
}


/*
 * convert character 'c' that represents a hexadecimal digit to an integer.
 * if 'c' is not a hexidecimal digit [0-9A-Fa-f], -1 is returned.
 * otherwise the converted value is returned.
 */
static int
hexchar2int( char c )
{
    if ( c >= '0' && c <= '9' ) {
	return( c - '0' );
    }
    if ( c >= 'A' && c <= 'F' ) {
	return( c - 'A' + 10 );
    }
    if ( c >= 'a' && c <= 'f' ) {
	return( c - 'a' + 10 );
    }
    return( -1 );
}

static int
put_substring_filter( BerElement *ber, char *type, char *val )
{
	char		*nextstar, gotstar = 0;
	ber_uint_t	ftype;
	int		len;

	LDAPDebug( LDAP_DEBUG_TRACE, "put_substring_filter \"%s=%s\"\n", type,
	    val, 0 );

	if ( ber_printf( ber, "t{s{", LDAP_FILTER_SUBSTRINGS, type ) == -1 ) {
		return( -1 );
	}

	for ( ; val != NULL; val = nextstar ) {
		if ( (nextstar = find_star( val )) != NULL ) {
			*nextstar++ = '\0';
		}

		if ( gotstar == 0 ) {
			ftype = LDAP_SUBSTRING_INITIAL;
		} else if ( nextstar == NULL ) {
			ftype = LDAP_SUBSTRING_FINAL;
		} else {
			ftype = LDAP_SUBSTRING_ANY;
		}
		if ( *val != '\0' ) {
			if (( len = unescape_filterval( val )) < 0 ||
			    ber_printf( ber, "to", ftype, val, len ) == -1 ) {
				return( -1 );
			}
		}

		gotstar = 1;
	}

	if ( ber_printf( ber, "}}" ) == -1 ) {
		return( -1 );
	}

	return( 0 );
}

int
LDAP_CALL
ldap_search_st(
    LDAP		*ld, 
    const char 		*base, 
    int 		scope, 
    const char 		*filter, 
    char 		**attrs,
    int 		attrsonly, 
    struct timeval	*timeout, 
    LDAPMessage 	**res
)
{
	return( nsldapi_search_s( ld, base, scope, filter, attrs, attrsonly,
	    NULL, NULL, timeout, -1, -1, res ));
}

int
LDAP_CALL
ldap_search_s(
    LDAP	*ld, 
    const char 	*base, 
    int 	scope, 
    const char 	*filter, 
    char 	**attrs,
    int		attrsonly, 
    LDAPMessage	**res
)
{
	return( nsldapi_search_s( ld, base, scope, filter, attrs, attrsonly,
	    NULL, NULL, NULL, -1, -1, res ));
}

int LDAP_CALL
ldap_search_ext_s(
    LDAP		*ld, 
    const char 		*base, 
    int 		scope, 
    const char 		*filter, 
    char 		**attrs,
    int			attrsonly, 
    LDAPControl		**serverctrls,
    LDAPControl		**clientctrls,
    struct timeval	*timeoutp,
    int			sizelimit,
    LDAPMessage		**res
)
{
	return( nsldapi_search_s( ld, base, scope, filter, attrs, attrsonly,
	    serverctrls, clientctrls, timeoutp,
	    nsldapi_timeval2ldaplimit( timeoutp, -1 ), sizelimit, res ));
}


static int 
nsldapi_search_s(
    LDAP		*ld, 
    const char 		*base, 
    int 		scope, 
    const char 		*filter, 
    char 		**attrs,
    int			attrsonly, 
    LDAPControl		**serverctrls,
    LDAPControl		**clientctrls,
    struct timeval	*localtimeoutp,
    int			timelimit,	/* -1 means use ld->ld_timelimit */
    int			sizelimit,	/* -1 means use ld->ld_sizelimit */
    LDAPMessage		**res
)
{
	int	err, msgid;

	/*
	 * It is an error to pass in a zero'd timeval.
	 */
	if ( localtimeoutp != NULL && localtimeoutp->tv_sec == 0 &&
	    localtimeoutp->tv_usec == 0 ) {
		if ( ld != NULL ) {
			LDAP_SET_LDERRNO( ld, LDAP_PARAM_ERROR, NULL, NULL );
		}
		if ( res != NULL ) {
			*res = NULL;
		}
                return( LDAP_PARAM_ERROR );
        }

	if (( err = nsldapi_search( ld, base, scope, filter, attrs, attrsonly,
	    serverctrls, clientctrls, timelimit, sizelimit, &msgid ))
	    != LDAP_SUCCESS ) {
		if ( res != NULL ) {
			*res = NULL;
		}
		return( err );
	}

	if ( ldap_result( ld, msgid, 1, localtimeoutp, res ) == -1 ) {
		/*
		 * Error.  ldap_result() sets *res to NULL for us.
		 */
		return( LDAP_GET_LDERRNO( ld, NULL, NULL ) );
	}

	if ( LDAP_GET_LDERRNO( ld, NULL, NULL ) == LDAP_TIMEOUT ) {
		(void) ldap_abandon( ld, msgid );
		err = LDAP_TIMEOUT;
		LDAP_SET_LDERRNO( ld, err, NULL, NULL );
		if ( res != NULL ) {
			*res = NULL;
		}
		return( err );
	}

	return( ldap_result2error( ld, *res, 0 ) );
}