3 * Copyright 1998-2003 The OpenLDAP Foundation, All Rights Reserved.
4 * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
7 * Copyright (c) 1995 Regents of the University of Michigan.
10 * Redistribution and use in source and binary forms are permitted
11 * provided that this notice is preserved and that due credit is given
12 * to the University of Michigan at Ann Arbor. The name of the University
13 * may not be used to endorse or promote products derived from this
14 * software without specific prior written permission. This software
15 * is provided ``as is'' without express or implied warranty.
22 #include <ac/string.h>
23 #include <ac/socket.h>
31 static char **anlist2charray( AttributeName *an );
32 static Slapi_PBlock *initSearchPlugin( Backend *be, Connection *conn, Operation *op,
33 struct berval *base, int scope, int deref, int sizelimit, int timelimit,
34 Filter *filter, struct berval *fstr, char **attrs,
35 int attrsonly, int managedsait );
36 static int doPreSearchPluginFNs( Backend *be, Slapi_PBlock *pb );
37 static int doSearchRewriteFNs( Backend *be, Slapi_PBlock *pb, Filter **filter, struct berval *fstr );
38 static void doPostSearchPluginFNs( Backend *be, Slapi_PBlock *pb );
39 #endif /* LDAPI_SLAPI */
43 Connection *conn, /* where to send results */
44 Operation *op /* info about the op to which we're responding */
46 ber_int_t scope, deref, attrsonly;
47 ber_int_t sizelimit, timelimit;
48 struct berval base = { 0, NULL };
49 struct berval pbase = { 0, NULL };
50 struct berval nbase = { 0, NULL };
51 struct berval fstr = { 0, NULL };
52 Filter *filter = NULL;
53 AttributeName *an = NULL;
54 ber_len_t siz, off, i;
60 Slapi_PBlock *pb = NULL;
65 LDAP_LOG( OPERATION, ENTRY, "do_search: conn %d\n", conn->c_connid, 0, 0 );
67 Debug( LDAP_DEBUG_TRACE, "do_search\n", 0, 0, 0 );
71 * Parse the search request. It looks like this:
73 * SearchRequest := [APPLICATION 3] SEQUENCE {
74 * baseObject DistinguishedName,
80 * derefAliases ENUMERATED {
81 * neverDerefaliases (0),
82 * derefInSearching (1),
83 * derefFindingBaseObj (2),
84 * alwaysDerefAliases (3)
86 * sizelimit INTEGER (0 .. 65535),
87 * timelimit INTEGER (0 .. 65535),
90 * attributes SEQUENCE OF AttributeType
94 /* baseObject, scope, derefAliases, sizelimit, timelimit, attrsOnly */
95 if ( ber_scanf( op->o_ber, "{miiiib" /*}*/,
96 &base, &scope, &deref, &sizelimit,
97 &timelimit, &attrsonly ) == LBER_ERROR )
99 send_ldap_disconnect( conn, op,
100 LDAP_PROTOCOL_ERROR, "decoding error" );
101 rc = SLAPD_DISCONNECT;
106 case LDAP_SCOPE_BASE:
107 case LDAP_SCOPE_ONELEVEL:
108 case LDAP_SCOPE_SUBTREE:
111 send_ldap_result( conn, op, rc = LDAP_PROTOCOL_ERROR,
112 NULL, "invalid scope", NULL, NULL );
117 case LDAP_DEREF_NEVER:
118 case LDAP_DEREF_FINDING:
119 case LDAP_DEREF_SEARCHING:
120 case LDAP_DEREF_ALWAYS:
123 send_ldap_result( conn, op, rc = LDAP_PROTOCOL_ERROR,
124 NULL, "invalid deref", NULL, NULL );
128 rc = dnPrettyNormal( NULL, &base, &pbase, &nbase );
129 if( rc != LDAP_SUCCESS ) {
131 LDAP_LOG( OPERATION, ERR,
132 "do_search: conn %d invalid dn (%s)\n",
133 conn->c_connid, base.bv_val, 0 );
135 Debug( LDAP_DEBUG_ANY,
136 "do_search: invalid dn (%s)\n", base.bv_val, 0, 0 );
138 send_ldap_result( conn, op, rc = LDAP_INVALID_DN_SYNTAX, NULL,
139 "invalid DN", NULL, NULL );
144 LDAP_LOG( OPERATION, ARGS, "SRCH \"%s\" %d %d",
145 base.bv_val, scope, deref );
146 LDAP_LOG( OPERATION, ARGS, " %d %d %d\n",
147 sizelimit, timelimit, attrsonly);
149 Debug( LDAP_DEBUG_ARGS, "SRCH \"%s\" %d %d",
150 base.bv_val, scope, deref );
151 Debug( LDAP_DEBUG_ARGS, " %d %d %d\n",
152 sizelimit, timelimit, attrsonly);
155 /* filter - returns a "normalized" version */
156 rc = get_filter( conn, op->o_ber, &filter, &text );
157 if( rc != LDAP_SUCCESS ) {
158 if( rc == SLAPD_DISCONNECT ) {
159 send_ldap_disconnect( conn, op,
160 LDAP_PROTOCOL_ERROR, text );
162 send_ldap_result( conn, op, rc,
163 NULL, text, NULL, NULL );
167 filter2bv( filter, &fstr );
170 LDAP_LOG( OPERATION, ARGS,
171 "do_search: conn %d filter: %s\n",
172 conn->c_connid, fstr.bv_len ? fstr.bv_val : "empty", 0 );
174 Debug( LDAP_DEBUG_ARGS, " filter: %s\n",
175 fstr.bv_len ? fstr.bv_val : "empty", 0, 0 );
179 siz = sizeof(AttributeName);
181 if ( ber_scanf( op->o_ber, "{M}}", &an, &siz, off ) == LBER_ERROR ) {
182 send_ldap_disconnect( conn, op,
183 LDAP_PROTOCOL_ERROR, "decoding attrs error" );
184 rc = SLAPD_DISCONNECT;
187 for ( i=0; i<siz; i++ ) {
188 an[i].an_desc = NULL;
190 slap_bv2ad(&an[i].an_name, &an[i].an_desc, &text);
193 if( (rc = get_ctrls( conn, op, 1 )) != LDAP_SUCCESS ) {
195 LDAP_LOG( OPERATION, INFO,
196 "do_search: conn %d get_ctrls failed (%d)\n",
197 conn->c_connid, rc, 0 );
199 Debug( LDAP_DEBUG_ANY, "do_search: get_ctrls failed\n", 0, 0, 0 );
206 LDAP_LOG( OPERATION, ARGS,
207 "do_search: conn %d attrs:", conn->c_connid, 0, 0 );
209 Debug( LDAP_DEBUG_ARGS, " attrs:", 0, 0, 0 );
213 for ( i = 0; i<siz; i++ ) {
215 LDAP_LOG( OPERATION, ARGS,
216 "do_search: %s", an[i].an_name.bv_val, 0, 0 );
218 Debug( LDAP_DEBUG_ARGS, " %s", an[i].an_name.bv_val, 0, 0 );
224 LDAP_LOG( OPERATION, ARGS, "\n" , 0, 0, 0 );
226 Debug( LDAP_DEBUG_ARGS, "\n", 0, 0, 0 );
229 if ( StatslogTest( LDAP_DEBUG_STATS ) ) {
230 char abuf[BUFSIZ/2], *ptr = abuf;
233 Statslog( LDAP_DEBUG_STATS,
234 "conn=%lu op=%lu SRCH base=\"%s\" scope=%d filter=\"%s\"\n",
235 op->o_connid, op->o_opid, pbase.bv_val, scope, fstr.bv_val );
237 for ( i = 0; i<siz; i++ ) {
238 if (len + 1 + an[i].an_name.bv_len > sizeof(abuf)) {
239 Statslog( LDAP_DEBUG_STATS, "conn=%lu op=%lu SRCH attr=%s\n",
240 op->o_connid, op->o_opid, abuf, 0, 0 );
248 ptr = lutil_strcopy(ptr, an[i].an_name.bv_val);
249 len += an[i].an_name.bv_len;
252 Statslog( LDAP_DEBUG_STATS, "conn=%lu op=%lu SRCH attr=%s\n",
253 op->o_connid, op->o_opid, abuf, 0, 0 );
257 manageDSAit = get_manageDSAit( op );
259 if ( scope == LDAP_SCOPE_BASE ) {
262 if ( nbase.bv_len == 0 ) {
263 #ifdef LDAP_CONNECTIONLESS
264 /* Ignore LDAPv2 CLDAP Root DSE queries */
265 if (op->o_protocol == LDAP_VERSION2 && conn->c_is_udp) {
269 /* check restrictions */
270 rc = backend_check_restrictions( NULL, conn, op, NULL, &text ) ;
271 if( rc != LDAP_SUCCESS ) {
272 send_ldap_result( conn, op, rc,
273 NULL, text, NULL, NULL );
278 attrs = anlist2charray( an );
279 pb = initSearchPlugin( NULL, conn, op, &nbase, scope,
280 deref, sizelimit, timelimit, filter, &fstr,
281 attrs, attrsonly, manageDSAit );
282 rc = doPreSearchPluginFNs( NULL, pb );
283 if ( rc == LDAP_SUCCESS ) {
284 doSearchRewriteFNs( NULL, pb, &filter, &fstr );
285 #endif /* LDAP_SLAPI */
286 rc = root_dse_info( conn, &entry, &text );
289 #endif /* LDAP_SLAPI */
291 } else if ( bvmatch( &nbase, &global_schemandn ) ) {
292 /* check restrictions */
293 rc = backend_check_restrictions( NULL, conn, op, NULL, &text ) ;
294 if( rc != LDAP_SUCCESS ) {
295 send_ldap_result( conn, op, rc,
296 NULL, text, NULL, NULL );
301 attrs = anlist2charray( an );
302 pb = initSearchPlugin( NULL, conn, op, &nbase, scope,
303 deref, sizelimit, timelimit, filter, &fstr,
304 attrs, attrsonly, manageDSAit );
305 rc = doPreSearchPluginFNs( NULL, pb );
306 if ( rc == LDAP_SUCCESS ) {
307 doSearchRewriteFNs( NULL, pb, &filter, &fstr );
308 #endif /* LDAP_SLAPI */
309 rc = schema_info( &entry, &text );
312 #endif /* LDAP_SLAPI */
315 if( rc != LDAP_SUCCESS ) {
316 send_ldap_result( conn, op, rc,
317 NULL, text, NULL, NULL );
319 doPostSearchPluginFNs( NULL, pb );
320 #endif /* LDAP_SLAPI */
323 } else if ( entry != NULL ) {
324 rc = test_filter( NULL, conn, op,
327 if( rc == LDAP_COMPARE_TRUE ) {
328 send_search_entry( NULL, conn, op,
329 entry, an, attrsonly, NULL );
333 send_ldap_result( conn, op, LDAP_SUCCESS,
334 NULL, NULL, NULL, NULL );
336 doPostSearchPluginFNs( NULL, pb );
337 #endif /* LDAP_SLAPI */
342 if( !nbase.bv_len && default_search_nbase.bv_len ) {
343 ch_free( pbase.bv_val );
344 ch_free( nbase.bv_val );
346 ber_dupbv( &pbase, &default_search_base );
347 ber_dupbv( &nbase, &default_search_nbase );
351 * We could be serving multiple database backends. Select the
352 * appropriate one, or send a referral to our "referral server"
353 * if we don't hold it.
355 if ( (be = select_backend( &nbase, manageDSAit, 1 )) == NULL ) {
356 BerVarray ref = referral_rewrite( default_referral,
357 NULL, &pbase, scope );
359 send_ldap_result( conn, op, rc = LDAP_REFERRAL,
360 NULL, NULL, ref ? ref : default_referral, NULL );
362 ber_bvarray_free( ref );
366 /* check restrictions */
367 rc = backend_check_restrictions( be, conn, op, NULL, &text ) ;
368 if( rc != LDAP_SUCCESS ) {
369 send_ldap_result( conn, op, rc,
370 NULL, text, NULL, NULL );
374 /* check for referrals */
375 rc = backend_check_referrals( be, conn, op, &pbase, &nbase );
376 if ( rc != LDAP_SUCCESS ) {
380 /* deref the base if needed */
381 suffix_alias( be, &nbase );
384 attrs = anlist2charray( an );
385 pb = initSearchPlugin( be, conn, op, &pbase,
386 scope, deref, sizelimit,
387 timelimit, filter, &fstr, attrs, attrsonly,
389 rc = doPreSearchPluginFNs( be, pb );
390 if ( rc != LDAP_SUCCESS ) {
394 doSearchRewriteFNs( be, pb, &filter, &fstr );
395 #endif /* LDAP_SLAPI */
397 /* actually do the search and send the result(s) */
398 if ( be->be_search ) {
399 (*be->be_search)( be, conn, op, &pbase, &nbase,
400 scope, deref, sizelimit,
401 timelimit, filter, &fstr, an, attrsonly );
403 send_ldap_result( conn, op, rc = LDAP_UNWILLING_TO_PERFORM,
404 NULL, "operation not supported within namingContext",
409 doPostSearchPluginFNs( be, pb );
410 #endif /* LDAP_SLAPI */
413 #ifdef LDAP_CLIENT_UPDATE
414 if ( !( op->o_clientupdate_type & SLAP_LCUP_PERSIST ) )
415 #endif /* LDAP_CLIENT_UPDATE */
417 if( pbase.bv_val != NULL) free( pbase.bv_val );
418 if( nbase.bv_val != NULL) free( nbase.bv_val );
420 if( fstr.bv_val != NULL) free( fstr.bv_val );
421 if( filter != NULL) filter_free( filter );
422 if( an != NULL ) free( an );
424 if( attrs != NULL) ch_free( attrs );
425 #endif /* LDAP_SLAPI */
433 static char **anlist2charray( AttributeName *an )
439 for ( i = 0; an[i].an_name.bv_val != NULL; i++ )
441 attrs = (char **)ch_malloc( (i + 1) * sizeof(char *) );
442 for ( i = 0; an[i].an_name.bv_val != NULL; i++ ) {
443 attrs[i] = an[i].an_name.bv_val;
453 static Slapi_PBlock *initSearchPlugin( Backend *be, Connection *conn, Operation *op,
454 struct berval *base, int scope, int deref, int sizelimit,
455 int timelimit, Filter *filter, struct berval *fstr,
456 char **attrs, int attrsonly, int managedsait )
462 slapi_x_backend_set_pb( pb, be );
463 slapi_x_connection_set_pb( pb, conn );
464 slapi_x_operation_set_pb( pb, op );
465 slapi_pblock_set( pb, SLAPI_SEARCH_TARGET, (void *)base->bv_val );
466 slapi_pblock_set( pb, SLAPI_SEARCH_SCOPE, (void *)scope );
467 slapi_pblock_set( pb, SLAPI_SEARCH_DEREF, (void *)deref );
468 slapi_pblock_set( pb, SLAPI_SEARCH_SIZELIMIT, (void *)sizelimit );
469 slapi_pblock_set( pb, SLAPI_SEARCH_TIMELIMIT, (void *)timelimit );
470 slapi_pblock_set( pb, SLAPI_SEARCH_FILTER, (void *)filter );
471 slapi_pblock_set( pb, SLAPI_SEARCH_STRFILTER, (void *)fstr->bv_val );
472 slapi_pblock_set( pb, SLAPI_SEARCH_ATTRS, (void *)attrs );
473 slapi_pblock_set( pb, SLAPI_SEARCH_ATTRSONLY, (void *)attrsonly );
474 slapi_pblock_set( pb, SLAPI_MANAGEDSAIT, (void *)managedsait );
479 static int doPreSearchPluginFNs( Backend *be, Slapi_PBlock *pb )
483 rc = doPluginFNs( be, SLAPI_PLUGIN_PRE_SEARCH_FN, pb );
486 * A preoperation plugin failure will abort the
490 LDAP_LOG( OPERATION, INFO, "doPreSearchPluginFNs: search preoperation plugin "
491 "returned %d\n", rc, 0, 0 );
493 Debug(LDAP_DEBUG_TRACE, "doPreSearchPluginFNs: search preoperation plugin "
494 "returned %d.\n", rc, 0, 0);
496 if ( slapi_pblock_get( pb, SLAPI_RESULT_CODE, (void *)&rc ) != 0)
505 static int doSearchRewriteFNs( Backend *be, Slapi_PBlock *pb, Filter **filter, struct berval *fstr )
507 if ( doPluginFNs( be, SLAPI_PLUGIN_COMPUTE_SEARCH_REWRITER_FN, pb ) == 0 ) {
509 * The plugin can set the SLAPI_SEARCH_FILTER.
510 * SLAPI_SEARCH_STRFILER is not normative.
512 slapi_pblock_get( pb, SLAPI_SEARCH_FILTER, (void *)filter);
513 ch_free( fstr->bv_val );
514 filter2bv( *filter, fstr );
516 LDAP_LOG( OPERATION, ARGS,
517 "doSearchRewriteFNs: after compute_rewrite_search filter: %s\n",
518 fstr->bv_len ? fstr->bv_val : "empty", 0, 0 );
520 Debug( LDAP_DEBUG_ARGS, " after compute_rewrite_search filter: %s\n",
521 fstr->bv_len ? fstr->bv_val : "empty", 0, 0 );
528 static void doPostSearchPluginFNs( Backend *be, Slapi_PBlock *pb )
530 if ( doPluginFNs( be, SLAPI_PLUGIN_POST_SEARCH_FN, pb ) != 0 ) {
532 LDAP_LOG( OPERATION, INFO, "doPostSearchPluginFNs: search postoperation plugins "
533 "failed\n", 0, 0, 0 );
535 Debug(LDAP_DEBUG_TRACE, "doPostSearchPluginFNs: search postoperation plugins "
536 "failed.\n", 0, 0, 0);
544 * XXX slapi_search_internal() was no getting pulled
545 * in; all manner of linker flags failed to link it.
548 slapi_search_internal( NULL, 0, NULL, NULL, NULL, 0 );
550 #endif /* LDAP_SLAPI */
projects / openldap / blob