git.sur5r.net Git - openldap/blob - servers/slapd/search.c

   1 /* $OpenLDAP$ */
   2 /*
   3  * Copyright 1998-2000 The OpenLDAP Foundation, All Rights Reserved.
   4  * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
   5  */
   6 /* Portions
   7  * Copyright (c) 1995 Regents of the University of Michigan.
   8  * All rights reserved.
   9  *
  10  * Redistribution and use in source and binary forms are permitted
  11  * provided that this notice is preserved and that due credit is given
  12  * to the University of Michigan at Ann Arbor. The name of the University
  13  * may not be used to endorse or promote products derived from this
  14  * software without specific prior written permission. This software
  15  * is provided ``as is'' without express or implied warranty.
  16  */
  17
  18 #include "portable.h"
  19
  20 #include <stdio.h>
  21
  22 #include <ac/string.h>
  23 #include <ac/socket.h>
  24
  25 #include "ldap_pvt.h"
  26 #include "slap.h"
  27
  28 int
  29 do_search(
  30     Connection  *conn,  /* where to send results */
  31     Operation   *op     /* info about the op to which we're responding */
  32 ) {
  33         int             i;
  34         ber_int_t       scope, deref, attrsonly;
  35         ber_int_t       sizelimit, timelimit;
  36         struct berval base = { 0, NULL };
  37         struct berval *pbase = NULL;
  38         struct berval *nbase = NULL;
  39         char            *fstr = NULL;
  40         Filter          *filter = NULL;
  41         char            **attrs = NULL;
  42         Backend         *be;
  43         int                     rc;
  44         const char      *text;
  45         int                     manageDSAit;
  46
  47 #ifdef NEW_LOGGING
  48         LDAP_LOG(( "operation", LDAP_LEVEL_ENTRY,
  49                 "do_search: conn %d\n", conn->c_connid ));
  50 #else
  51         Debug( LDAP_DEBUG_TRACE, "do_search\n", 0, 0, 0 );
  52 #endif
  53
  54         /*
  55          * Parse the search request.  It looks like this:
  56          *
  57          *      SearchRequest := [APPLICATION 3] SEQUENCE {
  58          *              baseObject      DistinguishedName,
  59          *              scope           ENUMERATED {
  60          *                      baseObject      (0),
  61          *                      singleLevel     (1),
  62          *                      wholeSubtree    (2)
  63          *              },
  64          *              derefAliases    ENUMERATED {
  65          *                      neverDerefaliases       (0),
  66          *                      derefInSearching        (1),
  67          *                      derefFindingBaseObj     (2),
  68          *                      alwaysDerefAliases      (3)
  69          *              },
  70          *              sizelimit       INTEGER (0 .. 65535),
  71          *              timelimit       INTEGER (0 .. 65535),
  72          *              attrsOnly       BOOLEAN,
  73          *              filter          Filter,
  74          *              attributes      SEQUENCE OF AttributeType
  75          *      }
  76          */
  77
  78         /* baseObject, scope, derefAliases, sizelimit, timelimit, attrsOnly */
  79         if ( ber_scanf( op->o_ber, "{oiiiib" /*}*/,
  80                 &base, &scope, &deref, &sizelimit,
  81             &timelimit, &attrsonly ) == LBER_ERROR )
  82         {
  83                 send_ldap_disconnect( conn, op,
  84                         LDAP_PROTOCOL_ERROR, "decoding error" );
  85                 rc = SLAPD_DISCONNECT;
  86                 goto return_results;
  87         }
  88
  89         switch( scope ) {
  90         case LDAP_SCOPE_BASE:
  91         case LDAP_SCOPE_ONELEVEL:
  92         case LDAP_SCOPE_SUBTREE:
  93                 break;
  94         default:
  95                 send_ldap_result( conn, op, rc = LDAP_PROTOCOL_ERROR,
  96                         NULL, "invalid scope", NULL, NULL );
  97                 goto return_results;
  98         }
  99
 100         switch( deref ) {
 101         case LDAP_DEREF_NEVER:
 102         case LDAP_DEREF_FINDING:
 103         case LDAP_DEREF_SEARCHING:
 104         case LDAP_DEREF_ALWAYS:
 105                 break;
 106         default:
 107                 send_ldap_result( conn, op, rc = LDAP_PROTOCOL_ERROR,
 108                         NULL, "invalid deref", NULL, NULL );
 109                 goto return_results;
 110         }
 111
 112         rc = dnPretty( NULL, &base, &pbase );
 113         if( rc != LDAP_SUCCESS ) {
 114 #ifdef NEW_LOGGING
 115                 LDAP_LOG(( "operation", LDAP_LEVEL_INFO,
 116                         "do_search: conn %d  invalid dn (%s)\n",
 117                         conn->c_connid, base.bv_val ));
 118 #else
 119                 Debug( LDAP_DEBUG_ANY,
 120                         "do_search: invalid dn (%s)\n", base.bv_val, 0, 0 );
 121 #endif
 122                 send_ldap_result( conn, op, rc = LDAP_INVALID_DN_SYNTAX, NULL,
 123                     "invalid DN", NULL, NULL );
 124                 goto return_results;
 125         }
 126
 127         rc = dnNormalize( NULL, &base, &nbase );
 128         if( rc != LDAP_SUCCESS ) {
 129 #ifdef NEW_LOGGING
 130                 LDAP_LOG(( "operation", LDAP_LEVEL_INFO,
 131                         "do_searc: conn %d  invalid dn (%s)\n",
 132                         conn->c_connid, base.bv_val ));
 133 #else
 134                 Debug( LDAP_DEBUG_ANY,
 135                         "do_search: invalid dn (%s)\n", base.bv_val, 0, 0 );
 136 #endif
 137                 send_ldap_result( conn, op, rc = LDAP_INVALID_DN_SYNTAX, NULL,
 138                     "invalid DN", NULL, NULL );
 139                 goto return_results;
 140         }
 141
 142
 143 #ifdef NEW_LOGGING
 144         LDAP_LOG(( "operation", LDAP_LEVEL_ARGS,
 145                 "do_search \"%s\" %d %d %d %d %d\n", base.bv_val, scope,
 146                 deref, sizelimit, timelimit, attrsonly ));
 147 #else
 148         Debug( LDAP_DEBUG_ARGS, "SRCH \"%s\" %d %d", base.bv_val, scope, deref );
 149         Debug( LDAP_DEBUG_ARGS, "    %d %d %d\n", sizelimit, timelimit,
 150             attrsonly);
 151 #endif
 152
 153         /* filter - returns a "normalized" version */
 154         rc = get_filter( conn, op->o_ber, &filter, &fstr, &text );
 155         if( rc != LDAP_SUCCESS ) {
 156                 if( rc == SLAPD_DISCONNECT ) {
 157                         send_ldap_disconnect( conn, op,
 158                                 LDAP_PROTOCOL_ERROR, text );
 159                 } else {
 160                         send_ldap_result( conn, op, rc,
 161                                 NULL, text, NULL, NULL );
 162                 }
 163                 goto return_results;
 164         }
 165
 166 #ifdef NEW_LOGGING
 167         LDAP_LOG(( "operation", LDAP_LEVEL_ARGS,
 168                 "do_search: conn %d     filter: %s\n", conn->c_connid, fstr ));
 169 #else
 170         Debug( LDAP_DEBUG_ARGS, "    filter: %s\n", fstr, 0, 0 );
 171 #endif
 172
 173
 174         /* attributes */
 175         if ( ber_scanf( op->o_ber, /*{*/ "{v}}", &attrs ) == LBER_ERROR ) {
 176                 send_ldap_disconnect( conn, op,
 177                         LDAP_PROTOCOL_ERROR, "decoding attrs error" );
 178                 rc = SLAPD_DISCONNECT;
 179                 goto return_results;
 180         }
 181
 182         if( (rc = get_ctrls( conn, op, 1 )) != LDAP_SUCCESS ) {
 183 #ifdef NEW_LOGGING
 184                 LDAP_LOG(( "operation", LDAP_LEVEL_INFO,
 185                         "do_search: conn %d  get_ctrls failed (%d)\n",
 186                         conn->c_connid, rc ));
 187 #else
 188                 Debug( LDAP_DEBUG_ANY, "do_search: get_ctrls failed\n", 0, 0, 0 );
 189 #endif
 190
 191                 goto return_results;
 192         }
 193
 194         rc = LDAP_SUCCESS;
 195
 196 #ifdef NEW_LOGGING
 197         LDAP_LOG(( "operation", LDAP_LEVEL_ARGS,
 198                 "do_search: conn %d     attrs:", conn->c_connid ));
 199 #else
 200         Debug( LDAP_DEBUG_ARGS, "    attrs:", 0, 0, 0 );
 201 #endif
 202
 203
 204         if ( attrs != NULL ) {
 205                 for ( i = 0; attrs[i] != NULL; i++ ) {
 206 #ifdef NEW_LOGGING
 207                         LDAP_LOG(( "operation", LDAP_LEVEL_ARGS,
 208                                 "do_search:        %s", attrs[i] ));
 209 #else
 210                         Debug( LDAP_DEBUG_ARGS, " %s", attrs[i], 0, 0 );
 211 #endif
 212
 213                 }
 214         }
 215
 216 #ifdef NEW_LOGGING
 217         LDAP_LOG(( "operation", LDAP_LEVEL_ARGS, "\n" ));
 218 #else
 219         Debug( LDAP_DEBUG_ARGS, "\n", 0, 0, 0 );
 220 #endif
 221
 222         Statslog( LDAP_DEBUG_STATS,
 223             "conn=%ld op=%d SRCH base=\"%s\" scope=%d filter=\"%s\"\n",
 224             op->o_connid, op->o_opid, pbase->bv_val, scope, fstr );
 225
 226         manageDSAit = get_manageDSAit( op );
 227
 228         if ( scope == LDAP_SCOPE_BASE ) {
 229                 Entry *entry = NULL;
 230
 231                 if ( strcasecmp( nbase->bv_val, LDAP_ROOT_DSE ) == 0 ) {
 232 #ifdef LDAP_CONNECTIONLESS
 233                         /* Ignore LDAPv2 CLDAP DSE queries */
 234                         if (op->o_protocol==LDAP_VERSION2 && conn->c_is_udp) {
 235                                 goto return_results;
 236                         }
 237 #endif
 238                         /* check restrictions */
 239                         rc = backend_check_restrictions( NULL, conn, op, NULL, &text ) ;
 240                         if( rc != LDAP_SUCCESS ) {
 241                                 send_ldap_result( conn, op, rc,
 242                                         NULL, text, NULL, NULL );
 243                                 goto return_results;
 244                         }
 245
 246                         rc = root_dse_info( conn, &entry, &text );
 247                 }
 248
 249 #if defined( SLAPD_SCHEMA_DN )
 250                 else if ( strcasecmp( nbase->bv_val, SLAPD_SCHEMA_DN ) == 0 ) {
 251                         /* check restrictions */
 252                         rc = backend_check_restrictions( NULL, conn, op, NULL, &text ) ;
 253                         if( rc != LDAP_SUCCESS ) {
 254                                 send_ldap_result( conn, op, rc,
 255                                         NULL, text, NULL, NULL );
 256                                 goto return_results;
 257                         }
 258
 259                         rc = schema_info( &entry, &text );
 260                 }
 261 #endif
 262
 263                 if( rc != LDAP_SUCCESS ) {
 264                         send_ldap_result( conn, op, rc,
 265                                 NULL, text, NULL, NULL );
 266                         goto return_results;
 267
 268                 } else if ( entry != NULL ) {
 269                         rc = test_filter( NULL, conn, op,
 270                                 entry, filter );
 271
 272                         if( rc == LDAP_COMPARE_TRUE ) {
 273                                 send_search_entry( NULL, conn, op,
 274                                         entry, attrs, attrsonly, NULL );
 275                         }
 276                         entry_free( entry );
 277
 278                         send_ldap_result( conn, op, LDAP_SUCCESS,
 279                                 NULL, NULL, NULL, NULL );
 280
 281                         goto return_results;
 282                 }
 283         }
 284
 285         if( nbase->bv_len == 0 && default_search_nbase != NULL ) {
 286                 ch_free( base.bv_val );
 287                 ch_free( nbase->bv_val );
 288                 base.bv_val = ch_strdup( default_search_base );
 289                 base.bv_len = strlen( default_search_nbase );
 290                 nbase->bv_val = ch_strdup( default_search_nbase );
 291                 nbase->bv_len = strlen( default_search_nbase );
 292         }
 293
 294         /*
 295          * We could be serving multiple database backends.  Select the
 296          * appropriate one, or send a referral to our "referral server"
 297          * if we don't hold it.
 298          */
 299         if ( (be = select_backend( nbase->bv_val, manageDSAit, 1 )) == NULL ) {
 300                 struct berval **ref = referral_rewrite( default_referral,
 301                         NULL, pbase->bv_val, scope );
 302
 303                 send_ldap_result( conn, op, rc = LDAP_REFERRAL,
 304                         NULL, NULL, ref ? ref : default_referral, NULL );
 305
 306                 ber_bvecfree( ref );
 307                 goto return_results;
 308         }
 309
 310         /* check restrictions */
 311         rc = backend_check_restrictions( be, conn, op, NULL, &text ) ;
 312         if( rc != LDAP_SUCCESS ) {
 313                 send_ldap_result( conn, op, rc,
 314                         NULL, text, NULL, NULL );
 315                 goto return_results;
 316         }
 317
 318         /* check for referrals */
 319         rc = backend_check_referrals( be, conn, op, pbase->bv_val, nbase->bv_val );
 320         if ( rc != LDAP_SUCCESS ) {
 321                 goto return_results;
 322         }
 323
 324         /* deref the base if needed */
 325         suffix_alias( be, nbase );
 326
 327         /* actually do the search and send the result(s) */
 328         if ( be->be_search ) {
 329                 (*be->be_search)( be, conn, op, pbase->bv_val, nbase->bv_val,
 330                         scope, deref, sizelimit,
 331                     timelimit, filter, fstr, attrs, attrsonly );
 332         } else {
 333                 send_ldap_result( conn, op, rc = LDAP_UNWILLING_TO_PERFORM,
 334                         NULL, "operation not supported within namingContext", NULL, NULL );
 335         }
 336
 337 return_results:;
 338         free( base.bv_val );
 339         if( pbase != NULL) ber_bvfree( pbase );
 340         if( nbase != NULL) ber_bvfree( nbase );
 341
 342         if( fstr != NULL) free( fstr );
 343         if( filter != NULL) filter_free( filter );
 344         if ( attrs != NULL ) {
 345                 charray_free( attrs );
 346         }
 347
 348         return rc;
 349 }