3 * Copyright 1998-2002 The OpenLDAP Foundation, All Rights Reserved.
4 * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
7 * Copyright (c) 1995 Regents of the University of Michigan.
10 * Redistribution and use in source and binary forms are permitted
11 * provided that this notice is preserved and that due credit is given
12 * to the University of Michigan at Ann Arbor. The name of the University
13 * may not be used to endorse or promote products derived from this
14 * software without specific prior written permission. This software
15 * is provided ``as is'' without express or implied warranty.
19 #include "slapi_common.h"
23 #include <ac/string.h>
24 #include <ac/socket.h>
32 Connection *conn, /* where to send results */
33 Operation *op /* info about the op to which we're responding */
35 ber_int_t scope, deref, attrsonly;
36 ber_int_t sizelimit, timelimit;
37 struct berval base = { 0, NULL };
38 struct berval pbase = { 0, NULL };
39 struct berval nbase = { 0, NULL };
40 struct berval fstr = { 0, NULL };
41 Filter *filter = NULL;
42 AttributeName *an = NULL;
43 ber_len_t siz, off, i;
49 Slapi_PBlock *pb = op->o_pb;
52 LDAP_LOG( OPERATION, ENTRY, "do_search: conn %d\n", conn->c_connid, 0, 0 );
54 Debug( LDAP_DEBUG_TRACE, "do_search\n", 0, 0, 0 );
58 * Parse the search request. It looks like this:
60 * SearchRequest := [APPLICATION 3] SEQUENCE {
61 * baseObject DistinguishedName,
67 * derefAliases ENUMERATED {
68 * neverDerefaliases (0),
69 * derefInSearching (1),
70 * derefFindingBaseObj (2),
71 * alwaysDerefAliases (3)
73 * sizelimit INTEGER (0 .. 65535),
74 * timelimit INTEGER (0 .. 65535),
77 * attributes SEQUENCE OF AttributeType
81 /* baseObject, scope, derefAliases, sizelimit, timelimit, attrsOnly */
82 if ( ber_scanf( op->o_ber, "{miiiib" /*}*/,
83 &base, &scope, &deref, &sizelimit,
84 &timelimit, &attrsonly ) == LBER_ERROR )
86 send_ldap_disconnect( conn, op,
87 LDAP_PROTOCOL_ERROR, "decoding error" );
88 rc = SLAPD_DISCONNECT;
94 case LDAP_SCOPE_ONELEVEL:
95 case LDAP_SCOPE_SUBTREE:
98 send_ldap_result( conn, op, rc = LDAP_PROTOCOL_ERROR,
99 NULL, "invalid scope", NULL, NULL );
104 case LDAP_DEREF_NEVER:
105 case LDAP_DEREF_FINDING:
106 case LDAP_DEREF_SEARCHING:
107 case LDAP_DEREF_ALWAYS:
110 send_ldap_result( conn, op, rc = LDAP_PROTOCOL_ERROR,
111 NULL, "invalid deref", NULL, NULL );
115 rc = dnPrettyNormal( NULL, &base, &pbase, &nbase );
116 if( rc != LDAP_SUCCESS ) {
118 LDAP_LOG( OPERATION, ERR,
119 "do_search: conn %d invalid dn (%s)\n",
120 conn->c_connid, base.bv_val, 0 );
122 Debug( LDAP_DEBUG_ANY,
123 "do_search: invalid dn (%s)\n", base.bv_val, 0, 0 );
125 send_ldap_result( conn, op, rc = LDAP_INVALID_DN_SYNTAX, NULL,
126 "invalid DN", NULL, NULL );
131 LDAP_LOG( OPERATION, ARGS, "SRCH \"%s\" %d %d",
132 base.bv_val, scope, deref );
133 LDAP_LOG( OPERATION, ARGS, " %d %d %d\n",
134 sizelimit, timelimit, attrsonly);
136 Debug( LDAP_DEBUG_ARGS, "SRCH \"%s\" %d %d",
137 base.bv_val, scope, deref );
138 Debug( LDAP_DEBUG_ARGS, " %d %d %d\n",
139 sizelimit, timelimit, attrsonly);
142 /* filter - returns a "normalized" version */
143 rc = get_filter( conn, op->o_ber, &filter, &text );
144 if( rc != LDAP_SUCCESS ) {
145 if( rc == SLAPD_DISCONNECT ) {
146 send_ldap_disconnect( conn, op,
147 LDAP_PROTOCOL_ERROR, text );
149 send_ldap_result( conn, op, rc,
150 NULL, text, NULL, NULL );
154 filter2bv( filter, &fstr );
157 LDAP_LOG( OPERATION, ARGS,
158 "do_search: conn %d filter: %s\n",
159 conn->c_connid, fstr.bv_len ? fstr.bv_val : "empty", 0 );
161 Debug( LDAP_DEBUG_ARGS, " filter: %s\n",
162 fstr.bv_len ? fstr.bv_val : "empty", 0, 0 );
166 siz = sizeof(AttributeName);
168 if ( ber_scanf( op->o_ber, "{M}}", &an, &siz, off ) == LBER_ERROR ) {
169 send_ldap_disconnect( conn, op,
170 LDAP_PROTOCOL_ERROR, "decoding attrs error" );
171 rc = SLAPD_DISCONNECT;
174 for ( i=0; i<siz; i++ ) {
175 an[i].an_desc = NULL;
177 slap_bv2ad(&an[i].an_name, &an[i].an_desc, &text);
180 if( (rc = get_ctrls( conn, op, 1 )) != LDAP_SUCCESS ) {
182 LDAP_LOG( OPERATION, INFO,
183 "do_search: conn %d get_ctrls failed (%d)\n",
184 conn->c_connid, rc, 0 );
186 Debug( LDAP_DEBUG_ANY, "do_search: get_ctrls failed\n", 0, 0, 0 );
193 LDAP_LOG( OPERATION, ARGS,
194 "do_search: conn %d attrs:", conn->c_connid, 0, 0 );
196 Debug( LDAP_DEBUG_ARGS, " attrs:", 0, 0, 0 );
200 for ( i = 0; i<siz; i++ ) {
202 LDAP_LOG( OPERATION, ARGS,
203 "do_search: %s", an[i].an_name.bv_val, 0, 0 );
205 Debug( LDAP_DEBUG_ARGS, " %s", an[i].an_name.bv_val, 0, 0 );
211 LDAP_LOG( OPERATION, ARGS, "\n" , 0, 0, 0 );
213 Debug( LDAP_DEBUG_ARGS, "\n", 0, 0, 0 );
216 Statslog( LDAP_DEBUG_STATS,
217 "conn=%lu op=%lu SRCH base=\"%s\" scope=%d filter=\"%s\"\n",
218 op->o_connid, op->o_opid, pbase.bv_val, scope, fstr.bv_val );
220 manageDSAit = get_manageDSAit( op );
222 if ( scope == LDAP_SCOPE_BASE ) {
225 if ( nbase.bv_len == 0 ) {
226 #ifdef LDAP_CONNECTIONLESS
227 /* Ignore LDAPv2 CLDAP Root DSE queries */
228 if (op->o_protocol==LDAP_VERSION2 && conn->c_is_udp) {
232 /* check restrictions */
233 rc = backend_check_restrictions( NULL, conn, op, NULL, &text ) ;
234 if( rc != LDAP_SUCCESS ) {
235 send_ldap_result( conn, op, rc,
236 NULL, text, NULL, NULL );
240 rc = root_dse_info( conn, &entry, &text );
242 } else if ( bvmatch( &nbase, &global_schemandn ) ) {
243 /* check restrictions */
244 rc = backend_check_restrictions( NULL, conn, op, NULL, &text ) ;
245 if( rc != LDAP_SUCCESS ) {
246 send_ldap_result( conn, op, rc,
247 NULL, text, NULL, NULL );
251 rc = schema_info( &entry, &text );
254 if( rc != LDAP_SUCCESS ) {
255 send_ldap_result( conn, op, rc,
256 NULL, text, NULL, NULL );
259 } else if ( entry != NULL ) {
260 rc = test_filter( NULL, conn, op,
263 if( rc == LDAP_COMPARE_TRUE ) {
264 send_search_entry( NULL, conn, op,
265 entry, an, attrsonly, NULL );
269 send_ldap_result( conn, op, LDAP_SUCCESS,
270 NULL, NULL, NULL, NULL );
276 if( !nbase.bv_len && default_search_nbase.bv_len ) {
277 ch_free( pbase.bv_val );
278 ch_free( nbase.bv_val );
280 ber_dupbv( &pbase, &default_search_base );
281 ber_dupbv( &nbase, &default_search_nbase );
285 * We could be serving multiple database backends. Select the
286 * appropriate one, or send a referral to our "referral server"
287 * if we don't hold it.
289 if ( (be = select_backend( &nbase, manageDSAit, 1 )) == NULL ) {
290 BerVarray ref = referral_rewrite( default_referral,
291 NULL, &pbase, scope );
293 send_ldap_result( conn, op, rc = LDAP_REFERRAL,
294 NULL, NULL, ref ? ref : default_referral, NULL );
296 ber_bvarray_free( ref );
300 /* check restrictions */
301 rc = backend_check_restrictions( be, conn, op, NULL, &text ) ;
302 if( rc != LDAP_SUCCESS ) {
303 send_ldap_result( conn, op, rc,
304 NULL, text, NULL, NULL );
308 /* check for referrals */
309 rc = backend_check_referrals( be, conn, op, &pbase, &nbase );
310 if ( rc != LDAP_SUCCESS ) {
314 /* deref the base if needed */
315 suffix_alias( be, &nbase );
317 #if defined( LDAP_SLAPI )
318 slapi_pblock_set( pb, SLAPI_BACKEND, (void *)be );
319 slapi_pblock_set( pb, SLAPI_CONNECTION, (void *)conn );
320 slapi_pblock_set( pb, SLAPI_OPERATION, (void *)op );
321 slapi_pblock_set( pb, SLAPI_BIND_TARGET, (void *)base.bv_val );
322 slapi_pblock_set( pb, SLAPI_SEARCH_SCOPE, (void *)scope );
323 slapi_pblock_set( pb, SLAPI_SEARCH_DEREF, (void *)deref );
324 slapi_pblock_set( pb, SLAPI_SEARCH_SIZELIMIT, (void *)sizelimit );
325 slapi_pblock_set( pb, SLAPI_SEARCH_TIMELIMIT, (void *)timelimit );
326 slapi_pblock_set( pb, SLAPI_SEARCH_FILTER, (void *)filter );
327 slapi_pblock_set( pb, SLAPI_SEARCH_STRFILTER, (void *)fstr.bv_val );
328 slapi_pblock_set( pb, SLAPI_SEARCH_ATTRSONLY, (void *)attrsonly );
329 slapi_pblock_set( pb, SLAPI_REQCONTROLS, (void *)op->o_ctrls );
330 slapi_pblock_set( pb, SLAPI_MANAGEDSAIT, (void *)(1) );
332 rc = doPluginFNs( be, SLAPI_PLUGIN_PRE_SEARCH_FN, pb );
333 if ( rc != 0 && rc != LDAP_OTHER ) {
335 * either there is no preOp (search) plugins
336 * or a plugin failed. Just log it
338 * FIXME: is this correct?
341 LDAP_LOG(( "operation", LDAP_LEVEL_INFO, "do_search: search preOps failed\n"));
343 Debug(LDAP_DEBUG_TRACE, "search preOps failed.\n", 0, 0, 0);
346 #endif /* defined( LDAP_SLAPI ) */
348 /* actually do the search and send the result(s) */
349 if ( be->be_search ) {
350 (*be->be_search)( be, conn, op, &pbase, &nbase,
351 scope, deref, sizelimit,
352 timelimit, filter, &fstr, an, attrsonly );
354 send_ldap_result( conn, op, rc = LDAP_UNWILLING_TO_PERFORM,
355 NULL, "operation not supported within namingContext",
359 #if defined( LDAP_SLAPI )
360 rc = doPluginFNs( be, SLAPI_PLUGIN_POST_SEARCH_FN, pb );
361 if ( rc != 0 && rc != LDAP_OTHER ) {
363 * either there is no postOp (search) plugins
364 * or a plugin failed. Just log it
366 * FIXME: is this correct?
369 LDAP_LOG(( "operation", LDAP_LEVEL_INFO, "do_search: search postOps failed\n"));
371 Debug (LDAP_DEBUG_TRACE, " search postOps failed.\n", 0, 0, 0);
374 #endif /* defined( LDAP_SLAPI ) */
377 #ifdef LDAP_CLIENT_UPDATE
378 if ( !( op->o_clientupdate_type & SLAP_LCUP_PERSIST ) )
379 #endif /* LDAP_CLIENT_UPDATE */
381 if( pbase.bv_val != NULL) free( pbase.bv_val );
382 if( nbase.bv_val != NULL) free( nbase.bv_val );
384 if( fstr.bv_val != NULL) free( fstr.bv_val );
385 if( filter != NULL) filter_free( filter );
386 if( an != NULL ) free( an );
projects / openldap / blob