3 * Copyright 1998-2002 The OpenLDAP Foundation, All Rights Reserved.
4 * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
7 * Copyright (c) 1995 Regents of the University of Michigan.
10 * Redistribution and use in source and binary forms are permitted
11 * provided that this notice is preserved and that due credit is given
12 * to the University of Michigan at Ann Arbor. The name of the University
13 * may not be used to endorse or promote products derived from this
14 * software without specific prior written permission. This software
15 * is provided ``as is'' without express or implied warranty.
19 #include "slapi_common.h"
23 #include <ac/string.h>
24 #include <ac/socket.h>
33 Connection *conn, /* where to send results */
34 Operation *op /* info about the op to which we're responding */
36 ber_int_t scope, deref, attrsonly;
37 ber_int_t sizelimit, timelimit;
38 struct berval base = { 0, NULL };
39 struct berval pbase = { 0, NULL };
40 struct berval nbase = { 0, NULL };
41 struct berval fstr = { 0, NULL };
42 Filter *filter = NULL;
43 AttributeName *an = NULL;
44 ber_len_t siz, off, i;
50 Slapi_PBlock *pb = op->o_pb;
53 LDAP_LOG( OPERATION, ENTRY, "do_search: conn %d\n", conn->c_connid, 0, 0 );
55 Debug( LDAP_DEBUG_TRACE, "do_search\n", 0, 0, 0 );
59 * Parse the search request. It looks like this:
61 * SearchRequest := [APPLICATION 3] SEQUENCE {
62 * baseObject DistinguishedName,
68 * derefAliases ENUMERATED {
69 * neverDerefaliases (0),
70 * derefInSearching (1),
71 * derefFindingBaseObj (2),
72 * alwaysDerefAliases (3)
74 * sizelimit INTEGER (0 .. 65535),
75 * timelimit INTEGER (0 .. 65535),
78 * attributes SEQUENCE OF AttributeType
82 /* baseObject, scope, derefAliases, sizelimit, timelimit, attrsOnly */
83 if ( ber_scanf( op->o_ber, "{miiiib" /*}*/,
84 &base, &scope, &deref, &sizelimit,
85 &timelimit, &attrsonly ) == LBER_ERROR )
87 send_ldap_disconnect( conn, op,
88 LDAP_PROTOCOL_ERROR, "decoding error" );
89 rc = SLAPD_DISCONNECT;
95 case LDAP_SCOPE_ONELEVEL:
96 case LDAP_SCOPE_SUBTREE:
99 send_ldap_result( conn, op, rc = LDAP_PROTOCOL_ERROR,
100 NULL, "invalid scope", NULL, NULL );
105 case LDAP_DEREF_NEVER:
106 case LDAP_DEREF_FINDING:
107 case LDAP_DEREF_SEARCHING:
108 case LDAP_DEREF_ALWAYS:
111 send_ldap_result( conn, op, rc = LDAP_PROTOCOL_ERROR,
112 NULL, "invalid deref", NULL, NULL );
116 rc = dnPrettyNormal( NULL, &base, &pbase, &nbase );
117 if( rc != LDAP_SUCCESS ) {
119 LDAP_LOG( OPERATION, ERR,
120 "do_search: conn %d invalid dn (%s)\n",
121 conn->c_connid, base.bv_val, 0 );
123 Debug( LDAP_DEBUG_ANY,
124 "do_search: invalid dn (%s)\n", base.bv_val, 0, 0 );
126 send_ldap_result( conn, op, rc = LDAP_INVALID_DN_SYNTAX, NULL,
127 "invalid DN", NULL, NULL );
132 LDAP_LOG( OPERATION, ARGS, "SRCH \"%s\" %d %d",
133 base.bv_val, scope, deref );
134 LDAP_LOG( OPERATION, ARGS, " %d %d %d\n",
135 sizelimit, timelimit, attrsonly);
137 Debug( LDAP_DEBUG_ARGS, "SRCH \"%s\" %d %d",
138 base.bv_val, scope, deref );
139 Debug( LDAP_DEBUG_ARGS, " %d %d %d\n",
140 sizelimit, timelimit, attrsonly);
143 /* filter - returns a "normalized" version */
144 rc = get_filter( conn, op->o_ber, &filter, &text );
145 if( rc != LDAP_SUCCESS ) {
146 if( rc == SLAPD_DISCONNECT ) {
147 send_ldap_disconnect( conn, op,
148 LDAP_PROTOCOL_ERROR, text );
150 send_ldap_result( conn, op, rc,
151 NULL, text, NULL, NULL );
155 filter2bv( filter, &fstr );
158 LDAP_LOG( OPERATION, ARGS,
159 "do_search: conn %d filter: %s\n",
160 conn->c_connid, fstr.bv_len ? fstr.bv_val : "empty", 0 );
162 Debug( LDAP_DEBUG_ARGS, " filter: %s\n",
163 fstr.bv_len ? fstr.bv_val : "empty", 0, 0 );
167 siz = sizeof(AttributeName);
169 if ( ber_scanf( op->o_ber, "{M}}", &an, &siz, off ) == LBER_ERROR ) {
170 send_ldap_disconnect( conn, op,
171 LDAP_PROTOCOL_ERROR, "decoding attrs error" );
172 rc = SLAPD_DISCONNECT;
175 for ( i=0; i<siz; i++ ) {
176 an[i].an_desc = NULL;
178 slap_bv2ad(&an[i].an_name, &an[i].an_desc, &text);
181 if( (rc = get_ctrls( conn, op, 1 )) != LDAP_SUCCESS ) {
183 LDAP_LOG( OPERATION, INFO,
184 "do_search: conn %d get_ctrls failed (%d)\n",
185 conn->c_connid, rc, 0 );
187 Debug( LDAP_DEBUG_ANY, "do_search: get_ctrls failed\n", 0, 0, 0 );
194 LDAP_LOG( OPERATION, ARGS,
195 "do_search: conn %d attrs:", conn->c_connid, 0, 0 );
197 Debug( LDAP_DEBUG_ARGS, " attrs:", 0, 0, 0 );
201 for ( i = 0; i<siz; i++ ) {
203 LDAP_LOG( OPERATION, ARGS,
204 "do_search: %s", an[i].an_name.bv_val, 0, 0 );
206 Debug( LDAP_DEBUG_ARGS, " %s", an[i].an_name.bv_val, 0, 0 );
212 LDAP_LOG( OPERATION, ARGS, "\n" , 0, 0, 0 );
214 Debug( LDAP_DEBUG_ARGS, "\n", 0, 0, 0 );
217 if ( StatslogTest( LDAP_DEBUG_STATS ) ) {
218 char abuf[BUFSIZ/2], *ptr = abuf;
221 Statslog( LDAP_DEBUG_STATS,
222 "conn=%lu op=%lu SRCH base=\"%s\" scope=%d filter=\"%s\"\n",
223 op->o_connid, op->o_opid, pbase.bv_val, scope, fstr.bv_val );
225 for ( i = 0; i<siz; i++ ) {
226 if (len + 1 + an[i].an_name.bv_len > sizeof(abuf)) {
227 Statslog( LDAP_DEBUG_STATS, "conn=%lu op=%lu SRCH attr=%s\n",
228 op->o_connid, op->o_opid, abuf, 0, 0 );
236 ptr = lutil_strcopy(ptr, an[i].an_name.bv_val);
237 len += an[i].an_name.bv_len;
240 Statslog( LDAP_DEBUG_STATS, "conn=%lu op=%lu SRCH attr=%s\n",
241 op->o_connid, op->o_opid, abuf, 0, 0 );
245 manageDSAit = get_manageDSAit( op );
247 if ( scope == LDAP_SCOPE_BASE ) {
250 if ( nbase.bv_len == 0 ) {
251 #ifdef LDAP_CONNECTIONLESS
252 /* Ignore LDAPv2 CLDAP Root DSE queries */
253 if (op->o_protocol==LDAP_VERSION2 && conn->c_is_udp) {
257 /* check restrictions */
258 rc = backend_check_restrictions( NULL, conn, op, NULL, &text ) ;
259 if( rc != LDAP_SUCCESS ) {
260 send_ldap_result( conn, op, rc,
261 NULL, text, NULL, NULL );
265 rc = root_dse_info( conn, &entry, &text );
267 } else if ( bvmatch( &nbase, &global_schemandn ) ) {
268 /* check restrictions */
269 rc = backend_check_restrictions( NULL, conn, op, NULL, &text ) ;
270 if( rc != LDAP_SUCCESS ) {
271 send_ldap_result( conn, op, rc,
272 NULL, text, NULL, NULL );
276 rc = schema_info( &entry, &text );
279 if( rc != LDAP_SUCCESS ) {
280 send_ldap_result( conn, op, rc,
281 NULL, text, NULL, NULL );
284 } else if ( entry != NULL ) {
285 rc = test_filter( NULL, conn, op,
288 if( rc == LDAP_COMPARE_TRUE ) {
289 send_search_entry( NULL, conn, op,
290 entry, an, attrsonly, NULL );
294 send_ldap_result( conn, op, LDAP_SUCCESS,
295 NULL, NULL, NULL, NULL );
301 if( !nbase.bv_len && default_search_nbase.bv_len ) {
302 ch_free( pbase.bv_val );
303 ch_free( nbase.bv_val );
305 ber_dupbv( &pbase, &default_search_base );
306 ber_dupbv( &nbase, &default_search_nbase );
310 * We could be serving multiple database backends. Select the
311 * appropriate one, or send a referral to our "referral server"
312 * if we don't hold it.
314 if ( (be = select_backend( &nbase, manageDSAit, 1 )) == NULL ) {
315 BerVarray ref = referral_rewrite( default_referral,
316 NULL, &pbase, scope );
318 send_ldap_result( conn, op, rc = LDAP_REFERRAL,
319 NULL, NULL, ref ? ref : default_referral, NULL );
321 ber_bvarray_free( ref );
325 /* check restrictions */
326 rc = backend_check_restrictions( be, conn, op, NULL, &text ) ;
327 if( rc != LDAP_SUCCESS ) {
328 send_ldap_result( conn, op, rc,
329 NULL, text, NULL, NULL );
333 /* check for referrals */
334 rc = backend_check_referrals( be, conn, op, &pbase, &nbase );
335 if ( rc != LDAP_SUCCESS ) {
339 /* deref the base if needed */
340 suffix_alias( be, &nbase );
342 #if defined( LDAP_SLAPI )
343 slapi_pblock_set( pb, SLAPI_BACKEND, (void *)be );
344 slapi_pblock_set( pb, SLAPI_CONNECTION, (void *)conn );
345 slapi_pblock_set( pb, SLAPI_OPERATION, (void *)op );
346 slapi_pblock_set( pb, SLAPI_BIND_TARGET, (void *)base.bv_val );
347 slapi_pblock_set( pb, SLAPI_SEARCH_SCOPE, (void *)scope );
348 slapi_pblock_set( pb, SLAPI_SEARCH_DEREF, (void *)deref );
349 slapi_pblock_set( pb, SLAPI_SEARCH_SIZELIMIT, (void *)sizelimit );
350 slapi_pblock_set( pb, SLAPI_SEARCH_TIMELIMIT, (void *)timelimit );
351 slapi_pblock_set( pb, SLAPI_SEARCH_FILTER, (void *)filter );
352 slapi_pblock_set( pb, SLAPI_SEARCH_STRFILTER, (void *)fstr.bv_val );
353 slapi_pblock_set( pb, SLAPI_SEARCH_ATTRSONLY, (void *)attrsonly );
354 slapi_pblock_set( pb, SLAPI_REQCONTROLS, (void *)op->o_ctrls );
355 slapi_pblock_set( pb, SLAPI_MANAGEDSAIT, (void *)(1) );
357 rc = doPluginFNs( be, SLAPI_PLUGIN_PRE_SEARCH_FN, pb );
358 if ( rc != 0 && rc != LDAP_OTHER ) {
360 * either there is no preOp (search) plugins
361 * or a plugin failed. Just log it
363 * FIXME: is this correct?
366 LDAP_LOG(( "operation", LDAP_LEVEL_INFO, "do_search: search preOps failed\n"));
368 Debug(LDAP_DEBUG_TRACE, "search preOps failed.\n", 0, 0, 0);
371 #endif /* defined( LDAP_SLAPI ) */
373 /* actually do the search and send the result(s) */
374 if ( be->be_search ) {
375 (*be->be_search)( be, conn, op, &pbase, &nbase,
376 scope, deref, sizelimit,
377 timelimit, filter, &fstr, an, attrsonly );
379 send_ldap_result( conn, op, rc = LDAP_UNWILLING_TO_PERFORM,
380 NULL, "operation not supported within namingContext",
384 #if defined( LDAP_SLAPI )
385 rc = doPluginFNs( be, SLAPI_PLUGIN_POST_SEARCH_FN, pb );
386 if ( rc != 0 && rc != LDAP_OTHER ) {
388 * either there is no postOp (search) plugins
389 * or a plugin failed. Just log it
391 * FIXME: is this correct?
394 LDAP_LOG(( "operation", LDAP_LEVEL_INFO, "do_search: search postOps failed\n"));
396 Debug (LDAP_DEBUG_TRACE, " search postOps failed.\n", 0, 0, 0);
399 #endif /* defined( LDAP_SLAPI ) */
402 #ifdef LDAP_CLIENT_UPDATE
403 if ( !( op->o_clientupdate_type & SLAP_LCUP_PERSIST ) )
404 #endif /* LDAP_CLIENT_UPDATE */
406 if( pbase.bv_val != NULL) free( pbase.bv_val );
407 if( nbase.bv_val != NULL) free( nbase.bv_val );
409 if( fstr.bv_val != NULL) free( fstr.bv_val );
410 if( filter != NULL) filter_free( filter );
411 if( an != NULL ) free( an );
projects / openldap / blob