git.sur5r.net Git - openldap/blob - servers/slapd/search.c

   1 /* $OpenLDAP$ */
   2 /*
   3  * Copyright 1998-2000 The OpenLDAP Foundation, All Rights Reserved.
   4  * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
   5  */
   6 /* Portions
   7  * Copyright (c) 1995 Regents of the University of Michigan.
   8  * All rights reserved.
   9  *
  10  * Redistribution and use in source and binary forms are permitted
  11  * provided that this notice is preserved and that due credit is given
  12  * to the University of Michigan at Ann Arbor. The name of the University
  13  * may not be used to endorse or promote products derived from this
  14  * software without specific prior written permission. This software
  15  * is provided ``as is'' without express or implied warranty.
  16  */
  17
  18 #include "portable.h"
  19
  20 #include <stdio.h>
  21
  22 #include <ac/string.h>
  23 #include <ac/socket.h>
  24
  25 #include "ldap_pvt.h"
  26 #include "slap.h"
  27
  28 int
  29 do_search(
  30     Connection  *conn,  /* where to send results */
  31     Operation   *op     /* info about the op to which we're responding */
  32 ) {
  33         int             i;
  34         ber_int_t               scope, deref, attrsonly;
  35         ber_int_t               sizelimit, timelimit;
  36         char            *base = NULL, *nbase = NULL, *fstr = NULL;
  37         Filter          *filter = NULL;
  38         char            **attrs = NULL;
  39         Backend         *be;
  40         int                     rc;
  41         const char              *text;
  42         int                     manageDSAit;
  43
  44 #ifdef NEW_LOGGING
  45         LDAP_LOG(( "operation", LDAP_LEVEL_ENTRY,
  46                    "do_search: conn %d\n", conn->c_connid ));
  47 #else
  48         Debug( LDAP_DEBUG_TRACE, "do_search\n", 0, 0, 0 );
  49 #endif
  50
  51         /*
  52          * Parse the search request.  It looks like this:
  53          *
  54          *      SearchRequest := [APPLICATION 3] SEQUENCE {
  55          *              baseObject      DistinguishedName,
  56          *              scope           ENUMERATED {
  57          *                      baseObject      (0),
  58          *                      singleLevel     (1),
  59          *                      wholeSubtree    (2)
  60          *              },
  61          *              derefAliases    ENUMERATED {
  62          *                      neverDerefaliases       (0),
  63          *                      derefInSearching        (1),
  64          *                      derefFindingBaseObj     (2),
  65          *                      alwaysDerefAliases      (3)
  66          *              },
  67          *              sizelimit       INTEGER (0 .. 65535),
  68          *              timelimit       INTEGER (0 .. 65535),
  69          *              attrsOnly       BOOLEAN,
  70          *              filter          Filter,
  71          *              attributes      SEQUENCE OF AttributeType
  72          *      }
  73          */
  74
  75         /* baseObject, scope, derefAliases, sizelimit, timelimit, attrsOnly */
  76         if ( ber_scanf( op->o_ber, "{aiiiib" /*}*/,
  77                 &base, &scope, &deref, &sizelimit,
  78             &timelimit, &attrsonly ) == LBER_ERROR ) {
  79                 send_ldap_disconnect( conn, op,
  80                         LDAP_PROTOCOL_ERROR, "decoding error" );
  81                 rc = SLAPD_DISCONNECT;
  82                 goto return_results;
  83         }
  84
  85         switch( scope ) {
  86         case LDAP_SCOPE_BASE:
  87         case LDAP_SCOPE_ONELEVEL:
  88         case LDAP_SCOPE_SUBTREE:
  89                 break;
  90         default:
  91                 send_ldap_result( conn, op, rc = LDAP_PROTOCOL_ERROR,
  92                         NULL, "invalid scope", NULL, NULL );
  93                 goto return_results;
  94         }
  95
  96         switch( deref ) {
  97         case LDAP_DEREF_NEVER:
  98         case LDAP_DEREF_FINDING:
  99         case LDAP_DEREF_SEARCHING:
 100         case LDAP_DEREF_ALWAYS:
 101                 break;
 102         default:
 103                 send_ldap_result( conn, op, rc = LDAP_PROTOCOL_ERROR,
 104                         NULL, "invalid deref", NULL, NULL );
 105                 goto return_results;
 106         }
 107
 108         nbase = ch_strdup( base );
 109
 110         if( dn_normalize( nbase ) == NULL ) {
 111                 send_ldap_result( conn, op, rc = LDAP_INVALID_DN_SYNTAX,
 112                         NULL, "invalid DN", NULL, NULL );
 113                 goto return_results;
 114         }
 115
 116 #ifdef NEW_LOGGING
 117         LDAP_LOG(( "operation", LDAP_LEVEL_ARGS,
 118                    "do_search \"%s\" %d %d %d %d %d\n", base, scope,
 119                    deref, sizelimit, timelimit, attrsonly ));
 120 #else
 121         Debug( LDAP_DEBUG_ARGS, "SRCH \"%s\" %d %d", base, scope, deref );
 122         Debug( LDAP_DEBUG_ARGS, "    %d %d %d\n", sizelimit, timelimit,
 123             attrsonly);
 124 #endif
 125
 126         /* filter - returns a "normalized" version */
 127         rc = get_filter( conn, op->o_ber, &filter, &fstr, &text );
 128         if( rc != LDAP_SUCCESS ) {
 129                 if( rc == SLAPD_DISCONNECT ) {
 130                         send_ldap_disconnect( conn, op,
 131                                 LDAP_PROTOCOL_ERROR, text );
 132                 } else {
 133                         send_ldap_result( conn, op, rc,
 134                                 NULL, text, NULL, NULL );
 135                 }
 136                 goto return_results;
 137         }
 138
 139 #ifdef NEW_LOGGING
 140         LDAP_LOG(( "operation", LDAP_LEVEL_ARGS,
 141                    "do_search: conn %d  filter: %s\n", conn->c_connid, fstr ));
 142 #else
 143         Debug( LDAP_DEBUG_ARGS, "    filter: %s\n", fstr, 0, 0 );
 144 #endif
 145
 146
 147         /* attributes */
 148         if ( ber_scanf( op->o_ber, /*{*/ "{v}}", &attrs ) == LBER_ERROR ) {
 149                 send_ldap_disconnect( conn, op,
 150                         LDAP_PROTOCOL_ERROR, "decoding attrs error" );
 151                 rc = SLAPD_DISCONNECT;
 152                 goto return_results;
 153         }
 154
 155         if( (rc = get_ctrls( conn, op, 1 )) != LDAP_SUCCESS ) {
 156 #ifdef NEW_LOGGING
 157                 LDAP_LOG(( "operation", LDAP_LEVEL_INFO,
 158                            "do_search: conn %d  get_ctrls failed (%d)\n",
 159                            conn->c_connid, rc ));
 160 #else
 161                 Debug( LDAP_DEBUG_ANY, "do_search: get_ctrls failed\n", 0, 0, 0 );
 162 #endif
 163
 164                 goto return_results;
 165         }
 166
 167         rc = LDAP_SUCCESS;
 168
 169 #ifdef NEW_LOGGING
 170         LDAP_LOG(( "operation", LDAP_LEVEL_ARGS,
 171                    "do_search: conn %d  attrs:", conn->c_connid ));
 172 #else
 173         Debug( LDAP_DEBUG_ARGS, "    attrs:", 0, 0, 0 );
 174 #endif
 175
 176
 177         if ( attrs != NULL ) {
 178                 for ( i = 0; attrs[i] != NULL; i++ ) {
 179 #ifdef NEW_LOGGING
 180                         LDAP_LOG(( "operation", LDAP_LEVEL_ARGS,
 181                                    "do_search:     %s", attrs[i] ));
 182 #else
 183                         Debug( LDAP_DEBUG_ARGS, " %s", attrs[i], 0, 0 );
 184 #endif
 185
 186                 }
 187         }
 188
 189 #ifdef NEW_LOGGING
 190         LDAP_LOG(( "operation", LDAP_LEVEL_ARGS, "\n" ));
 191 #else
 192         Debug( LDAP_DEBUG_ARGS, "\n", 0, 0, 0 );
 193 #endif
 194
 195         Statslog( LDAP_DEBUG_STATS,
 196             "conn=%ld op=%d SRCH base=\"%s\" scope=%d filter=\"%s\"\n",
 197             op->o_connid, op->o_opid, base, scope, fstr );
 198
 199         manageDSAit = get_manageDSAit( op );
 200
 201         if ( scope == LDAP_SCOPE_BASE ) {
 202                 Entry *entry = NULL;
 203
 204                 if ( strcasecmp( nbase, LDAP_ROOT_DSE ) == 0 ) {
 205                         /* check restrictions */
 206                         rc = backend_check_restrictions( NULL, conn, op, NULL, &text ) ;
 207                         if( rc != LDAP_SUCCESS ) {
 208                                 send_ldap_result( conn, op, rc,
 209                                         NULL, text, NULL, NULL );
 210                                 goto return_results;
 211                         }
 212
 213                         rc = root_dse_info( conn, &entry, &text );
 214                 }
 215
 216 #if defined( SLAPD_MONITOR_DN )
 217                 else if ( strcasecmp( nbase, SLAPD_MONITOR_DN ) == 0 ) {
 218                         /* check restrictions */
 219                         rc = backend_check_restrictions( NULL, conn, op, NULL, &text ) ;
 220                         if( rc != LDAP_SUCCESS ) {
 221                                 send_ldap_result( conn, op, rc,
 222                                         NULL, text, NULL, NULL );
 223                                 goto return_results;
 224                         }
 225
 226                         rc = monitor_info( &entry, &text );
 227                 }
 228 #endif
 229
 230 #if defined( SLAPD_CONFIG_DN )
 231                 else if ( strcasecmp( nbase, SLAPD_CONFIG_DN ) == 0 ) {
 232                         /* check restrictions */
 233                         rc = backend_check_restrictions( NULL, conn, op, NULL, &text ) ;
 234                         if( rc != LDAP_SUCCESS ) {
 235                                 send_ldap_result( conn, op, rc,
 236                                         NULL, text, NULL, NULL );
 237                                 goto return_results;
 238                         }
 239
 240                         rc = config_info( &entry, &text );
 241                 }
 242 #endif
 243
 244 #if defined( SLAPD_SCHEMA_DN )
 245                 else if ( strcasecmp( nbase, SLAPD_SCHEMA_DN ) == 0 ) {
 246                         /* check restrictions */
 247                         rc = backend_check_restrictions( NULL, conn, op, NULL, &text ) ;
 248                         if( rc != LDAP_SUCCESS ) {
 249                                 send_ldap_result( conn, op, rc,
 250                                         NULL, text, NULL, NULL );
 251                                 goto return_results;
 252                         }
 253
 254                         rc = schema_info( &entry, &text );
 255                 }
 256 #endif
 257
 258                 if( rc != LDAP_SUCCESS ) {
 259                         send_ldap_result( conn, op, rc,
 260                                 NULL, text, NULL, NULL );
 261                         goto return_results;
 262
 263                 } else if ( entry != NULL ) {
 264                         rc = test_filter( NULL, conn, op,
 265                                 entry, filter );
 266
 267                         if( rc == LDAP_COMPARE_TRUE ) {
 268                                 send_search_entry( &backends[0], conn, op,
 269                                         entry, attrs, attrsonly, NULL );
 270                         }
 271                         entry_free( entry );
 272
 273                         send_ldap_result( conn, op, LDAP_SUCCESS,
 274                                 NULL, NULL, NULL, NULL );
 275
 276                         goto return_results;
 277                 }
 278         }
 279
 280         if( nbase[0] == '\0' && default_search_nbase != NULL ) {
 281                 ch_free( base );
 282                 ch_free( nbase );
 283                 base = ch_strdup( default_search_base );
 284                 nbase = ch_strdup( default_search_nbase );
 285         }
 286
 287         /*
 288          * We could be serving multiple database backends.  Select the
 289          * appropriate one, or send a referral to our "referral server"
 290          * if we don't hold it.
 291          */
 292         if ( (be = select_backend( nbase, manageDSAit )) == NULL ) {
 293                 send_ldap_result( conn, op, rc = LDAP_REFERRAL,
 294                         NULL, NULL, default_referral, NULL );
 295
 296                 goto return_results;
 297         }
 298
 299         /* check restrictions */
 300         rc = backend_check_restrictions( be, conn, op, NULL, &text ) ;
 301         if( rc != LDAP_SUCCESS ) {
 302                 send_ldap_result( conn, op, rc,
 303                         NULL, text, NULL, NULL );
 304                 goto return_results;
 305         }
 306
 307         /* check for referrals */
 308         rc = backend_check_referrals( be, conn, op, base, nbase );
 309         if ( rc != LDAP_SUCCESS ) {
 310                 goto return_results;
 311         }
 312
 313         /* deref the base if needed */
 314         nbase = suffix_alias( be, nbase );
 315
 316         /* actually do the search and send the result(s) */
 317         if ( be->be_search ) {
 318                 (*be->be_search)( be, conn, op, base, nbase, scope, deref, sizelimit,
 319                     timelimit, filter, fstr, attrs, attrsonly );
 320         } else {
 321                 send_ldap_result( conn, op, rc = LDAP_UNWILLING_TO_PERFORM,
 322                         NULL, "operation not supported within namingContext", NULL, NULL );
 323         }
 324
 325 return_results:;
 326         if( base != NULL) free( base );
 327         if( nbase != NULL) free( nbase );
 328         if( fstr != NULL) free( fstr );
 329         if( filter != NULL) filter_free( filter );
 330         if ( attrs != NULL ) {
 331                 charray_free( attrs );
 332         }
 333
 334         return rc;
 335 }