3 * Copyright 1998-2003 The OpenLDAP Foundation, All Rights Reserved.
4 * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
7 * Copyright (c) 1995 Regents of the University of Michigan.
10 * Redistribution and use in source and binary forms are permitted
11 * provided that this notice is preserved and that due credit is given
12 * to the University of Michigan at Ann Arbor. The name of the University
13 * may not be used to endorse or promote products derived from this
14 * software without specific prior written permission. This software
15 * is provided ``as is'' without express or implied warranty.
19 #include "slapi_common.h"
23 #include <ac/string.h>
24 #include <ac/socket.h>
32 static char **anlist2charray( AttributeName *an );
33 static Slapi_PBlock *initSearchPlugin( Backend *be, Connection *conn, Operation *op,
34 struct berval *base, int scope, int deref, int sizelimit, int timelimit,
35 Filter *filter, struct berval *fstr, char **attrs,
36 int attrsonly, int managedsait );
37 static int doPreSearchPluginFNs( Backend *be, Slapi_PBlock *pb );
38 static int doSearchRewriteFNs( Backend *be, Slapi_PBlock *pb, Filter **filter, struct berval *fstr );
39 static int doPostSearchPluginFNs( Backend *be, Slapi_PBlock *pb );
40 #endif /* LDAPI_SLAPI */
44 Connection *conn, /* where to send results */
45 Operation *op /* info about the op to which we're responding */
47 ber_int_t scope, deref, attrsonly;
48 ber_int_t sizelimit, timelimit;
49 struct berval base = { 0, NULL };
50 struct berval pbase = { 0, NULL };
51 struct berval nbase = { 0, NULL };
52 struct berval fstr = { 0, NULL };
53 Filter *filter = NULL;
54 AttributeName *an = NULL;
55 ber_len_t siz, off, i;
66 LDAP_LOG( OPERATION, ENTRY, "do_search: conn %d\n", conn->c_connid, 0, 0 );
68 Debug( LDAP_DEBUG_TRACE, "do_search\n", 0, 0, 0 );
72 * Parse the search request. It looks like this:
74 * SearchRequest := [APPLICATION 3] SEQUENCE {
75 * baseObject DistinguishedName,
81 * derefAliases ENUMERATED {
82 * neverDerefaliases (0),
83 * derefInSearching (1),
84 * derefFindingBaseObj (2),
85 * alwaysDerefAliases (3)
87 * sizelimit INTEGER (0 .. 65535),
88 * timelimit INTEGER (0 .. 65535),
91 * attributes SEQUENCE OF AttributeType
95 /* baseObject, scope, derefAliases, sizelimit, timelimit, attrsOnly */
96 if ( ber_scanf( op->o_ber, "{miiiib" /*}*/,
97 &base, &scope, &deref, &sizelimit,
98 &timelimit, &attrsonly ) == LBER_ERROR )
100 send_ldap_disconnect( conn, op,
101 LDAP_PROTOCOL_ERROR, "decoding error" );
102 rc = SLAPD_DISCONNECT;
107 case LDAP_SCOPE_BASE:
108 case LDAP_SCOPE_ONELEVEL:
109 case LDAP_SCOPE_SUBTREE:
112 send_ldap_result( conn, op, rc = LDAP_PROTOCOL_ERROR,
113 NULL, "invalid scope", NULL, NULL );
118 case LDAP_DEREF_NEVER:
119 case LDAP_DEREF_FINDING:
120 case LDAP_DEREF_SEARCHING:
121 case LDAP_DEREF_ALWAYS:
124 send_ldap_result( conn, op, rc = LDAP_PROTOCOL_ERROR,
125 NULL, "invalid deref", NULL, NULL );
129 rc = dnPrettyNormal( NULL, &base, &pbase, &nbase );
130 if( rc != LDAP_SUCCESS ) {
132 LDAP_LOG( OPERATION, ERR,
133 "do_search: conn %d invalid dn (%s)\n",
134 conn->c_connid, base.bv_val, 0 );
136 Debug( LDAP_DEBUG_ANY,
137 "do_search: invalid dn (%s)\n", base.bv_val, 0, 0 );
139 send_ldap_result( conn, op, rc = LDAP_INVALID_DN_SYNTAX, NULL,
140 "invalid DN", NULL, NULL );
145 LDAP_LOG( OPERATION, ARGS, "SRCH \"%s\" %d %d",
146 base.bv_val, scope, deref );
147 LDAP_LOG( OPERATION, ARGS, " %d %d %d\n",
148 sizelimit, timelimit, attrsonly);
150 Debug( LDAP_DEBUG_ARGS, "SRCH \"%s\" %d %d",
151 base.bv_val, scope, deref );
152 Debug( LDAP_DEBUG_ARGS, " %d %d %d\n",
153 sizelimit, timelimit, attrsonly);
156 /* filter - returns a "normalized" version */
157 rc = get_filter( conn, op->o_ber, &filter, &text );
158 if( rc != LDAP_SUCCESS ) {
159 if( rc == SLAPD_DISCONNECT ) {
160 send_ldap_disconnect( conn, op,
161 LDAP_PROTOCOL_ERROR, text );
163 send_ldap_result( conn, op, rc,
164 NULL, text, NULL, NULL );
168 filter2bv( filter, &fstr );
171 LDAP_LOG( OPERATION, ARGS,
172 "do_search: conn %d filter: %s\n",
173 conn->c_connid, fstr.bv_len ? fstr.bv_val : "empty", 0 );
175 Debug( LDAP_DEBUG_ARGS, " filter: %s\n",
176 fstr.bv_len ? fstr.bv_val : "empty", 0, 0 );
180 siz = sizeof(AttributeName);
182 if ( ber_scanf( op->o_ber, "{M}}", &an, &siz, off ) == LBER_ERROR ) {
183 send_ldap_disconnect( conn, op,
184 LDAP_PROTOCOL_ERROR, "decoding attrs error" );
185 rc = SLAPD_DISCONNECT;
188 for ( i=0; i<siz; i++ ) {
189 an[i].an_desc = NULL;
191 slap_bv2ad(&an[i].an_name, &an[i].an_desc, &text);
194 if( (rc = get_ctrls( conn, op, 1 )) != LDAP_SUCCESS ) {
196 LDAP_LOG( OPERATION, INFO,
197 "do_search: conn %d get_ctrls failed (%d)\n",
198 conn->c_connid, rc, 0 );
200 Debug( LDAP_DEBUG_ANY, "do_search: get_ctrls failed\n", 0, 0, 0 );
207 LDAP_LOG( OPERATION, ARGS,
208 "do_search: conn %d attrs:", conn->c_connid, 0, 0 );
210 Debug( LDAP_DEBUG_ARGS, " attrs:", 0, 0, 0 );
214 for ( i = 0; i<siz; i++ ) {
216 LDAP_LOG( OPERATION, ARGS,
217 "do_search: %s", an[i].an_name.bv_val, 0, 0 );
219 Debug( LDAP_DEBUG_ARGS, " %s", an[i].an_name.bv_val, 0, 0 );
225 LDAP_LOG( OPERATION, ARGS, "\n" , 0, 0, 0 );
227 Debug( LDAP_DEBUG_ARGS, "\n", 0, 0, 0 );
230 if ( StatslogTest( LDAP_DEBUG_STATS ) ) {
231 char abuf[BUFSIZ/2], *ptr = abuf;
234 Statslog( LDAP_DEBUG_STATS,
235 "conn=%lu op=%lu SRCH base=\"%s\" scope=%d filter=\"%s\"\n",
236 op->o_connid, op->o_opid, pbase.bv_val, scope, fstr.bv_val );
238 for ( i = 0; i<siz; i++ ) {
239 if (len + 1 + an[i].an_name.bv_len > sizeof(abuf)) {
240 Statslog( LDAP_DEBUG_STATS, "conn=%lu op=%lu SRCH attr=%s\n",
241 op->o_connid, op->o_opid, abuf, 0, 0 );
249 ptr = lutil_strcopy(ptr, an[i].an_name.bv_val);
250 len += an[i].an_name.bv_len;
253 Statslog( LDAP_DEBUG_STATS, "conn=%lu op=%lu SRCH attr=%s\n",
254 op->o_connid, op->o_opid, abuf, 0, 0 );
258 manageDSAit = get_manageDSAit( op );
260 if ( scope == LDAP_SCOPE_BASE ) {
263 if ( nbase.bv_len == 0 ) {
264 #ifdef LDAP_CONNECTIONLESS
265 /* Ignore LDAPv2 CLDAP Root DSE queries */
266 if (op->o_protocol == LDAP_VERSION2 && conn->c_is_udp) {
270 /* check restrictions */
271 rc = backend_check_restrictions( NULL, conn, op, NULL, &text ) ;
272 if( rc != LDAP_SUCCESS ) {
273 send_ldap_result( conn, op, rc,
274 NULL, text, NULL, NULL );
279 attrs = anlist2charray( an );
280 pb = initSearchPlugin( NULL, conn, op, &nbase, scope,
281 deref, sizelimit, timelimit, filter, &fstr,
282 attrs, attrsonly, manageDSAit );
283 rc = doPreSearchPluginFNs( NULL, pb );
284 if ( rc == LDAP_SUCCESS ) {
285 doSearchRewriteFNs( NULL, pb, &filter, &fstr );
286 #endif /* LDAP_SLAPI */
287 rc = root_dse_info( conn, &entry, &text );
290 #endif /* LDAP_SLAPI */
292 } else if ( bvmatch( &nbase, &global_schemandn ) ) {
293 /* check restrictions */
294 rc = backend_check_restrictions( NULL, conn, op, NULL, &text ) ;
295 if( rc != LDAP_SUCCESS ) {
296 send_ldap_result( conn, op, rc,
297 NULL, text, NULL, NULL );
302 attrs = anlist2charray( an );
303 pb = initSearchPlugin( NULL, conn, op, &nbase, scope,
304 deref, sizelimit, timelimit, filter, &fstr,
305 attrs, attrsonly, manageDSAit );
306 rc = doPreSearchPluginFNs( NULL, pb );
307 if ( rc == LDAP_SUCCESS ) {
308 doSearchRewriteFNs( NULL, pb, &filter, &fstr );
309 #endif /* LDAP_SLAPI */
310 rc = schema_info( &entry, &text );
313 #endif /* LDAP_SLAPI */
316 if( rc != LDAP_SUCCESS ) {
317 send_ldap_result( conn, op, rc,
318 NULL, text, NULL, NULL );
320 doPostSearchPluginFNs( NULL, pb );
321 #endif /* LDAP_SLAPI */
324 } else if ( entry != NULL ) {
325 rc = test_filter( NULL, conn, op,
328 if( rc == LDAP_COMPARE_TRUE ) {
329 send_search_entry( NULL, conn, op,
330 entry, an, attrsonly, NULL );
334 send_ldap_result( conn, op, LDAP_SUCCESS,
335 NULL, NULL, NULL, NULL );
337 doPostSearchPluginFNs( NULL, pb );
338 #endif /* LDAP_SLAPI */
343 if( !nbase.bv_len && default_search_nbase.bv_len ) {
344 ch_free( pbase.bv_val );
345 ch_free( nbase.bv_val );
347 ber_dupbv( &pbase, &default_search_base );
348 ber_dupbv( &nbase, &default_search_nbase );
352 * We could be serving multiple database backends. Select the
353 * appropriate one, or send a referral to our "referral server"
354 * if we don't hold it.
356 if ( (be = select_backend( &nbase, manageDSAit, 1 )) == NULL ) {
357 BerVarray ref = referral_rewrite( default_referral,
358 NULL, &pbase, scope );
360 send_ldap_result( conn, op, rc = LDAP_REFERRAL,
361 NULL, NULL, ref ? ref : default_referral, NULL );
363 ber_bvarray_free( ref );
367 /* check restrictions */
368 rc = backend_check_restrictions( be, conn, op, NULL, &text ) ;
369 if( rc != LDAP_SUCCESS ) {
370 send_ldap_result( conn, op, rc,
371 NULL, text, NULL, NULL );
375 /* check for referrals */
376 rc = backend_check_referrals( be, conn, op, &pbase, &nbase );
377 if ( rc != LDAP_SUCCESS ) {
381 /* deref the base if needed */
382 suffix_alias( be, &nbase );
385 attrs = anlist2charray( an );
386 pb = initSearchPlugin( be, conn, op, &pbase,
387 scope, deref, sizelimit,
388 timelimit, filter, &fstr, attrs, attrsonly,
390 rc = doPreSearchPluginFNs( be, pb );
391 if ( rc != LDAP_SUCCESS ) {
395 doSearchRewriteFNs( be, pb, &filter, &fstr );
396 #endif /* LDAP_SLAPI */
398 /* actually do the search and send the result(s) */
399 if ( be->be_search ) {
400 (*be->be_search)( be, conn, op, &pbase, &nbase,
401 scope, deref, sizelimit,
402 timelimit, filter, &fstr, an, attrsonly );
404 send_ldap_result( conn, op, rc = LDAP_UNWILLING_TO_PERFORM,
405 NULL, "operation not supported within namingContext",
410 doPostSearchPluginFNs( be, pb );
411 #endif /* LDAP_SLAPI */
414 #ifdef LDAP_CLIENT_UPDATE
415 if ( !( op->o_clientupdate_type & SLAP_LCUP_PERSIST ) )
416 #endif /* LDAP_CLIENT_UPDATE */
418 if( pbase.bv_val != NULL) free( pbase.bv_val );
419 if( nbase.bv_val != NULL) free( nbase.bv_val );
421 if( fstr.bv_val != NULL) free( fstr.bv_val );
422 if( filter != NULL) filter_free( filter );
423 if( an != NULL ) free( an );
425 if( attrs != NULL) ch_free( attrs );
426 #endif /* LDAP_SLAPI */
434 static char **anlist2charray( AttributeName *an )
440 for ( i = 0; an[i].an_name.bv_val != NULL; i++ )
442 attrs = (char **)ch_malloc( (i + 1) * sizeof(char *) );
443 for ( i = 0; an[i].an_name.bv_val != NULL; i++ ) {
444 attrs[i] = an[i].an_name.bv_val;
454 static Slapi_PBlock *initSearchPlugin( Backend *be, Connection *conn, Operation *op,
455 struct berval *base, int scope, int deref, int sizelimit,
456 int timelimit, Filter *filter, struct berval *fstr,
457 char **attrs, int attrsonly, int managedsait )
463 slapi_x_backend_set_pb( pb, be );
464 slapi_x_connection_set_pb( pb, conn );
465 slapi_x_operation_set_pb( pb, op );
466 slapi_pblock_set( pb, SLAPI_SEARCH_TARGET, (void *)base->bv_val );
467 slapi_pblock_set( pb, SLAPI_SEARCH_SCOPE, (void *)scope );
468 slapi_pblock_set( pb, SLAPI_SEARCH_DEREF, (void *)deref );
469 slapi_pblock_set( pb, SLAPI_SEARCH_SIZELIMIT, (void *)sizelimit );
470 slapi_pblock_set( pb, SLAPI_SEARCH_TIMELIMIT, (void *)timelimit );
471 slapi_pblock_set( pb, SLAPI_SEARCH_FILTER, (void *)filter );
472 slapi_pblock_set( pb, SLAPI_SEARCH_STRFILTER, (void *)fstr->bv_val );
473 slapi_pblock_set( pb, SLAPI_SEARCH_ATTRS, (void *)attrs );
474 slapi_pblock_set( pb, SLAPI_SEARCH_ATTRSONLY, (void *)attrsonly );
475 slapi_pblock_set( pb, SLAPI_MANAGEDSAIT, (void *)managedsait );
480 static int doPreSearchPluginFNs( Backend *be, Slapi_PBlock *pb )
484 rc = doPluginFNs( be, SLAPI_PLUGIN_PRE_SEARCH_FN, pb );
487 * A preoperation plugin failure will abort the
491 LDAP_LOG( OPERATION, INFO, "doPreSearchPluginFNs: search preoperation plugin "
492 "returned %d\n", rc, 0, 0 );
494 Debug(LDAP_DEBUG_TRACE, "doPreSearchPluginFNs: search preoperation plugin "
495 "returned %d.\n", rc, 0, 0);
497 if ( slapi_pblock_get( pb, SLAPI_RESULT_CODE, (void *)&rc ) != 0)
506 static int doSearchRewriteFNs( Backend *be, Slapi_PBlock *pb, Filter **filter, struct berval *fstr )
508 if ( doPluginFNs( be, SLAPI_PLUGIN_COMPUTE_SEARCH_REWRITER_FN, pb ) == 0 ) {
510 * The plugin can set the SLAPI_SEARCH_FILTER.
511 * SLAPI_SEARCH_STRFILER is not normative.
513 slapi_pblock_get( pb, SLAPI_SEARCH_FILTER, (void *)filter);
514 ch_free( fstr->bv_val );
515 filter2bv( *filter, fstr );
517 LDAP_LOG( OPERATION, ARGS,
518 "doSearchRewriteFNs: after compute_rewrite_search filter: %s\n",
519 fstr->bv_len ? fstr->bv_val : "empty", 0 );
521 Debug( LDAP_DEBUG_ARGS, " after compute_rewrite_search filter: %s\n",
522 fstr->bv_len ? fstr->bv_val : "empty", 0, 0 );
529 static int doPostSearchPluginFNs( Backend *be, Slapi_PBlock *pb )
531 if ( doPluginFNs( be, SLAPI_PLUGIN_POST_SEARCH_FN, pb ) != 0 ) {
533 LDAP_LOG( OPERATION, INFO, "doPostSearchPluginFNs: search postoperation plugins "
534 "failed\n", 0, 0, 0 );
536 Debug(LDAP_DEBUG_TRACE, "doPostSearchPluginFNs: search postoperation plugins "
537 "failed.\n", 0, 0, 0);
547 * XXX slapi_search_internal() was no getting pulled
548 * in; all manner of linker flags failed to link it.
551 slapi_search_internal( NULL, 0, NULL, NULL, NULL, 0 );
553 #endif /* LDAP_SLAPI */
projects / openldap / blob