2 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
4 * Copyright 1998-2005 The OpenLDAP Foundation.
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted only as authorized by the OpenLDAP
11 * A copy of this license is available in the file LICENSE in the
12 * top-level directory of the distribution or, alternatively, at
13 * <http://www.OpenLDAP.org/license.html>.
15 /* Portions Copyright (c) 1995 Regents of the University of Michigan.
16 * All rights reserved.
18 * Redistribution and use in source and binary forms are permitted
19 * provided that this notice is preserved and that due credit is given
20 * to the University of Michigan at Ann Arbor. The name of the University
21 * may not be used to endorse or promote products derived from this
22 * software without specific prior written permission. This software
23 * is provided ``as is'' without express or implied warranty.
30 #include <ac/string.h>
31 #include <ac/socket.h>
37 #include "slapi/slapi.h"
39 static void init_search_pblock( Operation *op, char **attrs, int managedsait );
40 static int call_search_preop_plugins( Operation *op );
41 static int call_search_rewrite_plugins( Operation *op );
42 static void call_search_postop_plugins( Operation *op );
43 #endif /* LDAPI_SLAPI */
47 Operation *op, /* info about the op to which we're responding */
48 SlapReply *rs /* all the response data we'll send */ )
50 struct berval base = BER_BVNULL;
51 ber_len_t siz, off, i;
53 Debug( LDAP_DEBUG_TRACE, "do_search\n", 0, 0, 0 );
56 * Parse the search request. It looks like this:
58 * SearchRequest := [APPLICATION 3] SEQUENCE {
59 * baseObject DistinguishedName,
64 * subordinate (3) -- OpenLDAP extension
66 * derefAliases ENUMERATED {
67 * neverDerefaliases (0),
68 * derefInSearching (1),
69 * derefFindingBaseObj (2),
70 * alwaysDerefAliases (3)
72 * sizelimit INTEGER (0 .. 65535),
73 * timelimit INTEGER (0 .. 65535),
76 * attributes SEQUENCE OF AttributeType
80 /* baseObject, scope, derefAliases, sizelimit, timelimit, attrsOnly */
81 if ( ber_scanf( op->o_ber, "{miiiib" /*}*/,
82 &base, &op->ors_scope, &op->ors_deref, &op->ors_slimit,
83 &op->ors_tlimit, &op->ors_attrsonly ) == LBER_ERROR )
85 send_ldap_discon( op, rs, LDAP_PROTOCOL_ERROR, "decoding error" );
86 rs->sr_err = SLAPD_DISCONNECT;
90 if ( op->ors_tlimit < 0 || op->ors_tlimit > SLAP_MAX_LIMIT ) {
91 send_ldap_error( op, rs, LDAP_PROTOCOL_ERROR, "invalid time limit" );
95 if ( op->ors_slimit < 0 || op->ors_slimit > SLAP_MAX_LIMIT ) {
96 send_ldap_error( op, rs, LDAP_PROTOCOL_ERROR, "invalid size limit" );
100 switch( op->ors_scope ) {
101 case LDAP_SCOPE_BASE:
102 case LDAP_SCOPE_ONELEVEL:
103 case LDAP_SCOPE_SUBTREE:
104 #ifdef LDAP_SCOPE_SUBORDINATE
105 case LDAP_SCOPE_SUBORDINATE:
109 send_ldap_error( op, rs, LDAP_PROTOCOL_ERROR, "invalid scope" );
113 switch( op->ors_deref ) {
114 case LDAP_DEREF_NEVER:
115 case LDAP_DEREF_FINDING:
116 case LDAP_DEREF_SEARCHING:
117 case LDAP_DEREF_ALWAYS:
120 send_ldap_error( op, rs, LDAP_PROTOCOL_ERROR, "invalid deref" );
124 rs->sr_err = dnPrettyNormal( NULL, &base, &op->o_req_dn, &op->o_req_ndn, op->o_tmpmemctx );
125 if( rs->sr_err != LDAP_SUCCESS ) {
126 Debug( LDAP_DEBUG_ANY,
127 "do_search: invalid dn (%s)\n", base.bv_val, 0, 0 );
128 send_ldap_error( op, rs, LDAP_INVALID_DN_SYNTAX, "invalid DN" );
132 Debug( LDAP_DEBUG_ARGS, "SRCH \"%s\" %d %d",
133 base.bv_val, op->ors_scope, op->ors_deref );
134 Debug( LDAP_DEBUG_ARGS, " %d %d %d\n",
135 op->ors_slimit, op->ors_tlimit, op->ors_attrsonly);
137 /* filter - returns a "normalized" version */
138 rs->sr_err = get_filter( op, op->o_ber, &op->ors_filter, &rs->sr_text );
139 if( rs->sr_err != LDAP_SUCCESS ) {
140 if( rs->sr_err == SLAPD_DISCONNECT ) {
141 rs->sr_err = LDAP_PROTOCOL_ERROR;
142 send_ldap_disconnect( op, rs );
143 rs->sr_err = SLAPD_DISCONNECT;
145 send_ldap_result( op, rs );
149 filter2bv_x( op, op->ors_filter, &op->ors_filterstr );
151 Debug( LDAP_DEBUG_ARGS, " filter: %s\n",
152 !BER_BVISEMPTY( &op->ors_filterstr ) ? op->ors_filterstr.bv_val : "empty", 0, 0 );
155 siz = sizeof(AttributeName);
156 off = offsetof(AttributeName,an_name);
157 if ( ber_scanf( op->o_ber, "{M}}", &op->ors_attrs, &siz, off ) == LBER_ERROR ) {
158 send_ldap_discon( op, rs, LDAP_PROTOCOL_ERROR, "decoding attrs error" );
159 rs->sr_err = SLAPD_DISCONNECT;
162 for ( i=0; i<siz; i++ ) {
163 const char *dummy; /* ignore msgs from bv2ad */
164 op->ors_attrs[i].an_desc = NULL;
165 op->ors_attrs[i].an_oc = NULL;
166 op->ors_attrs[i].an_oc_exclude = 0;
167 slap_bv2ad(&op->ors_attrs[i].an_name,
168 &op->ors_attrs[i].an_desc, &dummy);
171 if( get_ctrls( op, rs, 1 ) != LDAP_SUCCESS ) {
172 Debug( LDAP_DEBUG_ANY, "do_search: get_ctrls failed\n", 0, 0, 0 );
177 Debug( LDAP_DEBUG_ARGS, " attrs:", 0, 0, 0 );
180 for ( i = 0; i<siz; i++ ) {
181 Debug( LDAP_DEBUG_ARGS, " %s", op->ors_attrs[i].an_name.bv_val, 0, 0 );
185 Debug( LDAP_DEBUG_ARGS, "\n", 0, 0, 0 );
187 if ( StatslogTest( LDAP_DEBUG_STATS ) ) {
188 char abuf[BUFSIZ/2], *ptr = abuf;
191 sprintf(abuf, "scope=%d deref=%d", op->ors_scope, op->ors_deref);
192 Statslog( LDAP_DEBUG_STATS,
193 "%s SRCH base=\"%s\" %s filter=\"%s\"\n",
194 op->o_log_prefix, op->o_req_dn.bv_val, abuf,
195 op->ors_filterstr.bv_val, 0 );
197 for ( i = 0; i<siz; i++ ) {
198 alen = op->ors_attrs[i].an_name.bv_len;
199 if (alen >= sizeof(abuf)) {
200 alen = sizeof(abuf)-1;
202 if (len && (len + 1 + alen >= sizeof(abuf))) {
203 Statslog( LDAP_DEBUG_STATS, "%s SRCH attr=%s\n",
204 op->o_log_prefix, abuf, 0, 0, 0 );
212 ptr = lutil_strncopy(ptr, op->ors_attrs[i].an_name.bv_val, alen);
217 Statslog( LDAP_DEBUG_STATS, "%s SRCH attr=%s\n",
218 op->o_log_prefix, abuf, 0, 0, 0 );
222 op->o_bd = frontendDB;
223 rs->sr_err = frontendDB->be_search( op, rs );
226 if ( !BER_BVISNULL( &op->o_req_dn ) ) {
227 slap_sl_free( op->o_req_dn.bv_val, op->o_tmpmemctx );
229 if ( !BER_BVISNULL( &op->o_req_ndn ) ) {
230 slap_sl_free( op->o_req_ndn.bv_val, op->o_tmpmemctx );
232 if ( !BER_BVISNULL( &op->ors_filterstr ) ) {
233 op->o_tmpfree( op->ors_filterstr.bv_val, op->o_tmpmemctx );
235 if ( op->ors_filter != NULL) {
236 filter_free_x( op, op->ors_filter );
238 if ( op->ors_attrs != NULL ) {
239 op->o_tmpfree( op->ors_attrs, op->o_tmpmemctx );
246 fe_op_search( Operation *op, SlapReply *rs )
254 manageDSAit = get_manageDSAit( op );
256 /* fake while loop to allow breaking out */
257 while ( op->ors_scope == LDAP_SCOPE_BASE ) {
260 if ( BER_BVISEMPTY( &op->o_req_ndn ) ) {
261 #ifdef LDAP_CONNECTIONLESS
262 /* Ignore LDAPv2 CLDAP Root DSE queries */
263 if (op->o_protocol == LDAP_VERSION2 && op->o_conn->c_is_udp) {
267 /* check restrictions */
268 if( backend_check_restrictions( op, rs, NULL ) != LDAP_SUCCESS ) {
269 send_ldap_result( op, rs );
275 attrs = anlist2charray_x( op->ors_attrs, 0, op->o_tmpmemctx );
276 init_search_pblock( op, attrs, manageDSAit );
277 rs->sr_err = call_search_preop_plugins( op );
278 if ( rs->sr_err ) break;
279 call_search_rewrite_plugins( op );
281 #endif /* LDAP_SLAPI */
282 rs->sr_err = root_dse_info( op->o_conn, &entry, &rs->sr_text );
284 } else if ( bvmatch( &op->o_req_ndn, &frontendDB->be_schemandn ) ) {
285 /* check restrictions */
286 if( backend_check_restrictions( op, rs, NULL ) != LDAP_SUCCESS ) {
287 send_ldap_result( op, rs );
293 attrs = anlist2charray_x( op->ors_attrs, 0, op->o_tmpmemctx );
294 init_search_pblock( op, attrs, manageDSAit );
295 rs->sr_err = call_search_preop_plugins( op );
296 if ( rs->sr_err ) break;
297 call_search_rewrite_plugins( op );
299 #endif /* LDAP_SLAPI */
300 rs->sr_err = schema_info( &entry, &rs->sr_text );
303 if( rs->sr_err != LDAP_SUCCESS ) {
304 send_ldap_result( op, rs );
306 if ( op->o_pb ) call_search_postop_plugins( op );
307 #endif /* LDAP_SLAPI */
310 } else if ( entry != NULL ) {
311 rs->sr_err = test_filter( op, entry, op->ors_filter );
313 if( rs->sr_err == LDAP_COMPARE_TRUE ) {
314 rs->sr_entry = entry;
315 rs->sr_attrs = op->ors_attrs;
316 rs->sr_operational_attrs = NULL;
317 send_search_entry( op, rs );
319 rs->sr_operational_attrs = NULL;
323 rs->sr_err = LDAP_SUCCESS;
324 send_ldap_result( op, rs );
326 if ( op->o_pb ) call_search_postop_plugins( op );
327 #endif /* LDAP_SLAPI */
333 if( BER_BVISEMPTY( &op->o_req_ndn ) && !BER_BVISEMPTY( &default_search_nbase ) ) {
334 slap_sl_free( op->o_req_dn.bv_val, op->o_tmpmemctx );
335 slap_sl_free( op->o_req_ndn.bv_val, op->o_tmpmemctx );
337 ber_dupbv_x( &op->o_req_dn, &default_search_base, op->o_tmpmemctx );
338 ber_dupbv_x( &op->o_req_ndn, &default_search_nbase, op->o_tmpmemctx );
342 * We could be serving multiple database backends. Select the
343 * appropriate one, or send a referral to our "referral server"
344 * if we don't hold it.
347 be_manageDSAit = manageDSAit;
349 op->o_bd = select_backend( &op->o_req_ndn, be_manageDSAit, 1 );
350 if ( op->o_bd == NULL ) {
351 rs->sr_ref = referral_rewrite( default_referral,
352 NULL, &op->o_req_dn, op->ors_scope );
354 if (!rs->sr_ref) rs->sr_ref = default_referral;
355 rs->sr_err = LDAP_REFERRAL;
356 op->o_bd = frontendDB;
357 send_ldap_result( op, rs );
360 if (rs->sr_ref != default_referral)
361 ber_bvarray_free( rs->sr_ref );
366 /* check restrictions */
367 if( backend_check_restrictions( op, rs, NULL ) != LDAP_SUCCESS ) {
368 send_ldap_result( op, rs );
372 /* check for referrals */
373 if( backend_check_referrals( op, rs ) != LDAP_SUCCESS ) {
379 attrs = anlist2charray_x( op->ors_attrs, 0, op->o_tmpmemctx );
380 init_search_pblock( op, attrs, manageDSAit );
381 rs->sr_err = call_search_preop_plugins( op );
382 if ( rs->sr_err != LDAP_SUCCESS ) {
386 call_search_rewrite_plugins( op );
388 #endif /* LDAP_SLAPI */
390 /* actually do the search and send the result(s) */
391 if ( op->o_bd->be_search ) {
392 if ( limits_check( op, rs ) == 0 ) {
393 (op->o_bd->be_search)( op, rs );
395 /* else limits_check() sends error */
398 send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM,
399 "operation not supported within namingContext" );
403 if ( op->o_pb ) call_search_postop_plugins( op );
404 #endif /* LDAP_SLAPI */
407 if( attrs != NULL) op->o_tmpfree( attrs, op->o_tmpmemctx );
408 #endif /* LDAP_SLAPI */
416 static void init_search_pblock( Operation *op,
417 char **attrs, int managedsait )
419 slapi_int_pblock_set_operation( op->o_pb, op );
420 slapi_pblock_set( op->o_pb, SLAPI_SEARCH_TARGET, (void *)op->o_req_dn.bv_val );
421 slapi_pblock_set( op->o_pb, SLAPI_SEARCH_SCOPE, (void *)op->ors_scope );
422 slapi_pblock_set( op->o_pb, SLAPI_SEARCH_DEREF, (void *)op->ors_deref );
423 slapi_pblock_set( op->o_pb, SLAPI_SEARCH_SIZELIMIT, (void *)op->ors_slimit );
424 slapi_pblock_set( op->o_pb, SLAPI_SEARCH_TIMELIMIT, (void *)op->ors_tlimit );
425 slapi_pblock_set( op->o_pb, SLAPI_SEARCH_FILTER, (void *)op->ors_filter );
426 slapi_pblock_set( op->o_pb, SLAPI_SEARCH_STRFILTER, (void *)op->ors_filterstr.bv_val );
427 slapi_pblock_set( op->o_pb, SLAPI_SEARCH_ATTRS, (void *)attrs );
428 slapi_pblock_set( op->o_pb, SLAPI_SEARCH_ATTRSONLY, (void *)op->ors_attrsonly );
429 slapi_pblock_set( op->o_pb, SLAPI_MANAGEDSAIT, (void *)managedsait );
432 static int call_search_preop_plugins( Operation *op )
436 rc = slapi_int_call_plugins( op->o_bd, SLAPI_PLUGIN_PRE_SEARCH_FN, op->o_pb );
439 * A preoperation plugin failure will abort the
442 Debug(LDAP_DEBUG_TRACE, "call_search_preop_plugins: search preoperation plugin "
443 "returned %d.\n", rc, 0, 0);
444 if ( ( slapi_pblock_get( op->o_pb, SLAPI_RESULT_CODE, (void *)&rc ) != 0 ) ||
445 rc == LDAP_SUCCESS ) {
455 static int call_search_rewrite_plugins( Operation *op )
457 if ( slapi_int_call_plugins( op->o_bd, SLAPI_PLUGIN_COMPUTE_SEARCH_REWRITER_FN, op->o_pb ) == 0 ) {
461 * The plugin can set the SLAPI_SEARCH_FILTER.
462 * SLAPI_SEARCH_STRFILER is not normative.
464 slapi_pblock_get( op->o_pb, SLAPI_SEARCH_FILTER, (void *)&op->ors_filter );
465 op->o_tmpfree( op->ors_filterstr.bv_val, op->o_tmpmemctx );
466 filter2bv_x( op, op->ors_filter, &op->ors_filterstr );
469 * Also permit other search parameters to be reset. One thing
470 * this doesn't (yet) deal with is plugins that change a root
471 * DSE search to a non-root DSE search...
473 slapi_pblock_get( op->o_pb, SLAPI_SEARCH_TARGET, (void **)&op->o_req_dn.bv_val );
474 op->o_req_dn.bv_len = strlen( op->o_req_dn.bv_val );
476 if( !BER_BVISNULL( &op->o_req_ndn ) ) {
477 slap_sl_free( op->o_req_ndn.bv_val, op->o_tmpmemctx );
479 rc = dnNormalize( 0, NULL, NULL, &op->o_req_dn, &op->o_req_ndn,
481 if ( rc != LDAP_SUCCESS ) {
485 slapi_pblock_get( op->o_pb, SLAPI_SEARCH_SCOPE, (void **)&op->ors_scope );
486 slapi_pblock_get( op->o_pb, SLAPI_SEARCH_DEREF, (void **)&op->ors_deref );
488 Debug( LDAP_DEBUG_ARGS, " after compute_rewrite_search filter: %s\n",
489 !BER_BVISEMPTY( &op->ors_filterstr ) ? op->ors_filterstr.bv_val : "empty", 0, 0 );
495 static void call_search_postop_plugins( Operation *op )
497 if ( slapi_int_call_plugins( op->o_bd, SLAPI_PLUGIN_POST_SEARCH_FN, op->o_pb ) < 0 ) {
498 Debug(LDAP_DEBUG_TRACE, "call_search_postop_plugins: search postoperation plugins "
499 "failed.\n", 0, 0, 0);
503 void slapi_int_dummy(void)
506 * XXX slapi_search_internal() was no getting pulled
507 * in; all manner of linker flags failed to link it.
510 slapi_search_internal( NULL, 0, NULL, NULL, NULL, 0 );
512 #endif /* LDAP_SLAPI */
projects / openldap / blob