git.sur5r.net Git - openldap/blob - servers/slapd/search.c

   1 /* $OpenLDAP$ */
   2 /*
   3  * Copyright 1998-2000 The OpenLDAP Foundation, All Rights Reserved.
   4  * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
   5  */
   6 /* Portions
   7  * Copyright (c) 1995 Regents of the University of Michigan.
   8  * All rights reserved.
   9  *
  10  * Redistribution and use in source and binary forms are permitted
  11  * provided that this notice is preserved and that due credit is given
  12  * to the University of Michigan at Ann Arbor. The name of the University
  13  * may not be used to endorse or promote products derived from this
  14  * software without specific prior written permission. This software
  15  * is provided ``as is'' without express or implied warranty.
  16  */
  17
  18 #include "portable.h"
  19
  20 #include <stdio.h>
  21
  22 #include <ac/string.h>
  23 #include <ac/socket.h>
  24
  25 #include "ldap_pvt.h"
  26 #include "slap.h"
  27
  28 int
  29 do_search(
  30     Connection  *conn,  /* where to send results */
  31     Operation   *op     /* info about the op to which we're responding */
  32 ) {
  33         ber_int_t       scope, deref, attrsonly;
  34         ber_int_t       sizelimit, timelimit;
  35         struct berval base = { 0, NULL };
  36         struct berval pbase = { 0, NULL };
  37         struct berval nbase = { 0, NULL };
  38         struct berval   fstr = { 0, NULL };
  39         Filter          *filter = NULL;
  40         AttributeName   *an;
  41         ber_len_t       siz, off;
  42         Backend         *be;
  43         int                     rc;
  44         int                     i;
  45         const char      *text;
  46         int                     manageDSAit;
  47
  48 #ifdef NEW_LOGGING
  49         LDAP_LOG(( "operation", LDAP_LEVEL_ENTRY,
  50                 "do_search: conn %d\n", conn->c_connid ));
  51 #else
  52         Debug( LDAP_DEBUG_TRACE, "do_search\n", 0, 0, 0 );
  53 #endif
  54
  55         /*
  56          * Parse the search request.  It looks like this:
  57          *
  58          *      SearchRequest := [APPLICATION 3] SEQUENCE {
  59          *              baseObject      DistinguishedName,
  60          *              scope           ENUMERATED {
  61          *                      baseObject      (0),
  62          *                      singleLevel     (1),
  63          *                      wholeSubtree    (2)
  64          *              },
  65          *              derefAliases    ENUMERATED {
  66          *                      neverDerefaliases       (0),
  67          *                      derefInSearching        (1),
  68          *                      derefFindingBaseObj     (2),
  69          *                      alwaysDerefAliases      (3)
  70          *              },
  71          *              sizelimit       INTEGER (0 .. 65535),
  72          *              timelimit       INTEGER (0 .. 65535),
  73          *              attrsOnly       BOOLEAN,
  74          *              filter          Filter,
  75          *              attributes      SEQUENCE OF AttributeType
  76          *      }
  77          */
  78
  79         /* baseObject, scope, derefAliases, sizelimit, timelimit, attrsOnly */
  80         if ( ber_scanf( op->o_ber, "{oiiiib" /*}*/,
  81                 &base, &scope, &deref, &sizelimit,
  82             &timelimit, &attrsonly ) == LBER_ERROR )
  83         {
  84                 send_ldap_disconnect( conn, op,
  85                         LDAP_PROTOCOL_ERROR, "decoding error" );
  86                 rc = SLAPD_DISCONNECT;
  87                 goto return_results;
  88         }
  89
  90         switch( scope ) {
  91         case LDAP_SCOPE_BASE:
  92         case LDAP_SCOPE_ONELEVEL:
  93         case LDAP_SCOPE_SUBTREE:
  94                 break;
  95         default:
  96                 send_ldap_result( conn, op, rc = LDAP_PROTOCOL_ERROR,
  97                         NULL, "invalid scope", NULL, NULL );
  98                 goto return_results;
  99         }
 100
 101         switch( deref ) {
 102         case LDAP_DEREF_NEVER:
 103         case LDAP_DEREF_FINDING:
 104         case LDAP_DEREF_SEARCHING:
 105         case LDAP_DEREF_ALWAYS:
 106                 break;
 107         default:
 108                 send_ldap_result( conn, op, rc = LDAP_PROTOCOL_ERROR,
 109                         NULL, "invalid deref", NULL, NULL );
 110                 goto return_results;
 111         }
 112
 113         rc = dnPrettyNormal( NULL, &base, &pbase, &nbase );
 114         if( rc != LDAP_SUCCESS ) {
 115 #ifdef NEW_LOGGING
 116                 LDAP_LOG(( "operation", LDAP_LEVEL_INFO,
 117                         "do_search: conn %d  invalid dn (%s)\n",
 118                         conn->c_connid, base.bv_val ));
 119 #else
 120                 Debug( LDAP_DEBUG_ANY,
 121                         "do_search: invalid dn (%s)\n", base.bv_val, 0, 0 );
 122 #endif
 123                 send_ldap_result( conn, op, rc = LDAP_INVALID_DN_SYNTAX, NULL,
 124                     "invalid DN", NULL, NULL );
 125                 goto return_results;
 126         }
 127
 128 #ifdef NEW_LOGGING
 129         LDAP_LOG(( "operation", LDAP_LEVEL_ARGS,
 130                 "do_search \"%s\" %d %d %d %d %d\n", base.bv_val, scope,
 131                 deref, sizelimit, timelimit, attrsonly ));
 132 #else
 133         Debug( LDAP_DEBUG_ARGS, "SRCH \"%s\" %d %d",
 134                 base.bv_val, scope, deref );
 135         Debug( LDAP_DEBUG_ARGS, "    %d %d %d\n",
 136                 sizelimit, timelimit, attrsonly);
 137 #endif
 138
 139         /* filter - returns a "normalized" version */
 140         rc = get_filter( conn, op->o_ber, &filter, &fstr, &text );
 141         if( rc != LDAP_SUCCESS ) {
 142                 if( rc == SLAPD_DISCONNECT ) {
 143                         send_ldap_disconnect( conn, op,
 144                                 LDAP_PROTOCOL_ERROR, text );
 145                 } else {
 146                         send_ldap_result( conn, op, rc,
 147                                 NULL, text, NULL, NULL );
 148                 }
 149                 goto return_results;
 150         }
 151
 152 #ifdef NEW_LOGGING
 153         LDAP_LOG(( "operation", LDAP_LEVEL_ARGS,
 154                 "do_search: conn %d     filter: %s\n", conn->c_connid, fstr.bv_val ));
 155 #else
 156         Debug( LDAP_DEBUG_ARGS, "    filter: %s\n", fstr.bv_val, 0, 0 );
 157 #endif
 158
 159
 160         /* attributes */
 161         siz = sizeof(AttributeName);
 162         off = 0;
 163         if ( ber_scanf( op->o_ber, "{w}}", &an, &siz, off ) == LBER_ERROR ) {
 164                 send_ldap_disconnect( conn, op,
 165                         LDAP_PROTOCOL_ERROR, "decoding attrs error" );
 166                 rc = SLAPD_DISCONNECT;
 167                 goto return_results;
 168         }
 169         for ( i=0; i<siz; i++ ) {
 170                 an[i].an_desc = NULL;
 171                 slap_bv2ad(&an[i].an_name, &an[i].an_desc, &text);
 172         }
 173
 174         if( (rc = get_ctrls( conn, op, 1 )) != LDAP_SUCCESS ) {
 175 #ifdef NEW_LOGGING
 176                 LDAP_LOG(( "operation", LDAP_LEVEL_INFO,
 177                         "do_search: conn %d  get_ctrls failed (%d)\n",
 178                         conn->c_connid, rc ));
 179 #else
 180                 Debug( LDAP_DEBUG_ANY, "do_search: get_ctrls failed\n", 0, 0, 0 );
 181 #endif
 182
 183                 goto return_results;
 184         }
 185
 186         rc = LDAP_SUCCESS;
 187
 188 #ifdef NEW_LOGGING
 189         LDAP_LOG(( "operation", LDAP_LEVEL_ARGS,
 190                 "do_search: conn %d     attrs:", conn->c_connid ));
 191 #else
 192         Debug( LDAP_DEBUG_ARGS, "    attrs:", 0, 0, 0 );
 193 #endif
 194
 195
 196         if ( siz != 0 ) {
 197                 for ( i = 0; i<siz; i++ ) {
 198 #ifdef NEW_LOGGING
 199                         LDAP_LOG(( "operation", LDAP_LEVEL_ARGS,
 200                                 "do_search:        %s", an[i].an_name.bv_val ));
 201 #else
 202                         Debug( LDAP_DEBUG_ARGS, " %s", an[i].an_name.bv_val, 0, 0 );
 203 #endif
 204
 205                 }
 206         }
 207
 208 #ifdef NEW_LOGGING
 209         LDAP_LOG(( "operation", LDAP_LEVEL_ARGS, "\n" ));
 210 #else
 211         Debug( LDAP_DEBUG_ARGS, "\n", 0, 0, 0 );
 212 #endif
 213
 214         Statslog( LDAP_DEBUG_STATS,
 215             "conn=%ld op=%d SRCH base=\"%s\" scope=%d filter=\"%s\"\n",
 216             op->o_connid, op->o_opid, pbase.bv_val, scope, fstr.bv_val );
 217
 218         manageDSAit = get_manageDSAit( op );
 219
 220         if ( scope == LDAP_SCOPE_BASE ) {
 221                 Entry *entry = NULL;
 222
 223                 if ( strcasecmp( nbase.bv_val, LDAP_ROOT_DSE ) == 0 ) {
 224 #ifdef LDAP_CONNECTIONLESS
 225                         /* Ignore LDAPv2 CLDAP DSE queries */
 226                         if (op->o_protocol==LDAP_VERSION2 && conn->c_is_udp) {
 227                                 goto return_results;
 228                         }
 229 #endif
 230                         /* check restrictions */
 231                         rc = backend_check_restrictions( NULL, conn, op, NULL, &text ) ;
 232                         if( rc != LDAP_SUCCESS ) {
 233                                 send_ldap_result( conn, op, rc,
 234                                         NULL, text, NULL, NULL );
 235                                 goto return_results;
 236                         }
 237
 238                         rc = root_dse_info( conn, &entry, &text );
 239                 }
 240
 241 #if defined( SLAPD_SCHEMA_DN )
 242                 else if ( strcasecmp( nbase.bv_val, SLAPD_SCHEMA_DN ) == 0 ) {
 243                         /* check restrictions */
 244                         rc = backend_check_restrictions( NULL, conn, op, NULL, &text ) ;
 245                         if( rc != LDAP_SUCCESS ) {
 246                                 send_ldap_result( conn, op, rc,
 247                                         NULL, text, NULL, NULL );
 248                                 goto return_results;
 249                         }
 250
 251                         rc = schema_info( &entry, &text );
 252                 }
 253 #endif
 254
 255                 if( rc != LDAP_SUCCESS ) {
 256                         send_ldap_result( conn, op, rc,
 257                                 NULL, text, NULL, NULL );
 258                         goto return_results;
 259
 260                 } else if ( entry != NULL ) {
 261                         rc = test_filter( NULL, conn, op,
 262                                 entry, filter );
 263
 264                         if( rc == LDAP_COMPARE_TRUE ) {
 265                                 send_search_entry( NULL, conn, op,
 266                                         entry, an, attrsonly, NULL );
 267                         }
 268                         entry_free( entry );
 269
 270                         send_ldap_result( conn, op, LDAP_SUCCESS,
 271                                 NULL, NULL, NULL, NULL );
 272
 273                         goto return_results;
 274                 }
 275         }
 276
 277         if( !nbase.bv_len && default_search_nbase.bv_len ) {
 278                 ch_free( pbase.bv_val );
 279                 ch_free( nbase.bv_val );
 280
 281                 ber_dupbv( &pbase, &default_search_base );
 282                 ber_dupbv( &nbase, &default_search_nbase );
 283         }
 284
 285         /*
 286          * We could be serving multiple database backends.  Select the
 287          * appropriate one, or send a referral to our "referral server"
 288          * if we don't hold it.
 289          */
 290         if ( (be = select_backend( &nbase, manageDSAit, 1 )) == NULL ) {
 291                 BVarray ref = referral_rewrite( default_referral,
 292                         NULL, &pbase, scope );
 293
 294                 send_ldap_result( conn, op, rc = LDAP_REFERRAL,
 295                         NULL, NULL, ref ? ref : default_referral, NULL );
 296
 297                 bvarray_free( ref );
 298                 goto return_results;
 299         }
 300
 301         /* check restrictions */
 302         rc = backend_check_restrictions( be, conn, op, NULL, &text ) ;
 303         if( rc != LDAP_SUCCESS ) {
 304                 send_ldap_result( conn, op, rc,
 305                         NULL, text, NULL, NULL );
 306                 goto return_results;
 307         }
 308
 309         /* check for referrals */
 310         rc = backend_check_referrals( be, conn, op, &pbase, &nbase );
 311         if ( rc != LDAP_SUCCESS ) {
 312                 goto return_results;
 313         }
 314
 315         /* deref the base if needed */
 316         suffix_alias( be, &nbase );
 317
 318         /* actually do the search and send the result(s) */
 319         if ( be->be_search ) {
 320                 (*be->be_search)( be, conn, op, &pbase, &nbase,
 321                         scope, deref, sizelimit,
 322                     timelimit, filter, &fstr, an, attrsonly );
 323         } else {
 324                 send_ldap_result( conn, op, rc = LDAP_UNWILLING_TO_PERFORM,
 325                         NULL, "operation not supported within namingContext", NULL, NULL );
 326         }
 327
 328 return_results:;
 329         free( base.bv_val );
 330         if( pbase.bv_val != NULL) free( pbase.bv_val );
 331         if( nbase.bv_val != NULL) free( nbase.bv_val );
 332
 333         if( fstr.bv_val != NULL) free( fstr.bv_val );
 334         if( filter != NULL) filter_free( filter );
 335         for (i = 0; i<siz; i++ ) {
 336                 free(an[i].an_name.bv_val);
 337         }
 338         free(an);
 339
 340         return rc;
 341 }