2 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
4 * Copyright 1998-2004 The OpenLDAP Foundation.
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted only as authorized by the OpenLDAP
11 * A copy of this license is available in the file LICENSE in the
12 * top-level directory of the distribution or, alternatively, at
13 * <http://www.OpenLDAP.org/license.html>.
15 /* Portions Copyright (c) 1995 Regents of the University of Michigan.
16 * All rights reserved.
18 * Redistribution and use in source and binary forms are permitted
19 * provided that this notice is preserved and that due credit is given
20 * to the University of Michigan at Ann Arbor. The name of the University
21 * may not be used to endorse or promote products derived from this
22 * software without specific prior written permission. This software
23 * is provided ``as is'' without express or implied warranty.
30 #include <ac/string.h>
31 #include <ac/socket.h>
38 #include "slapi/slapi.h"
40 static char **anlist2charray( Operation *op, AttributeName *an );
41 static void init_search_pblock( Operation *op, char **attrs, int managedsait );
42 static int call_search_preop_plugins( Operation *op );
43 static int call_search_rewrite_plugins( Operation *op );
44 static void call_search_postop_plugins( Operation *op );
45 #endif /* LDAPI_SLAPI */
49 Operation *op, /* info about the op to which we're responding */
50 SlapReply *rs /* all the response data we'll send */
52 struct berval base = { 0, NULL };
53 ber_len_t siz, off, i;
61 LDAP_LOG( OPERATION, ENTRY, "do_search: conn %d\n", op->o_connid, 0, 0 );
63 Debug( LDAP_DEBUG_TRACE, "do_search\n", 0, 0, 0 );
67 * Parse the search request. It looks like this:
69 * SearchRequest := [APPLICATION 3] SEQUENCE {
70 * baseObject DistinguishedName,
75 * subordinate (3) -- OpenLDAP extension
77 * derefAliases ENUMERATED {
78 * neverDerefaliases (0),
79 * derefInSearching (1),
80 * derefFindingBaseObj (2),
81 * alwaysDerefAliases (3)
83 * sizelimit INTEGER (0 .. 65535),
84 * timelimit INTEGER (0 .. 65535),
87 * attributes SEQUENCE OF AttributeType
91 /* baseObject, scope, derefAliases, sizelimit, timelimit, attrsOnly */
92 if ( ber_scanf( op->o_ber, "{miiiib" /*}*/,
93 &base, &op->ors_scope, &op->ors_deref, &op->ors_slimit,
94 &op->ors_tlimit, &op->ors_attrsonly ) == LBER_ERROR )
96 send_ldap_discon( op, rs, LDAP_PROTOCOL_ERROR, "decoding error" );
97 rs->sr_err = SLAPD_DISCONNECT;
101 switch( op->ors_scope ) {
102 case LDAP_SCOPE_BASE:
103 case LDAP_SCOPE_ONELEVEL:
104 case LDAP_SCOPE_SUBTREE:
105 case LDAP_SCOPE_SUBORDINATE:
108 send_ldap_error( op, rs, LDAP_PROTOCOL_ERROR, "invalid scope" );
112 switch( op->ors_deref ) {
113 case LDAP_DEREF_NEVER:
114 case LDAP_DEREF_FINDING:
115 case LDAP_DEREF_SEARCHING:
116 case LDAP_DEREF_ALWAYS:
119 send_ldap_error( op, rs, LDAP_PROTOCOL_ERROR, "invalid deref" );
123 rs->sr_err = dnPrettyNormal( NULL, &base, &op->o_req_dn, &op->o_req_ndn, op->o_tmpmemctx );
124 if( rs->sr_err != LDAP_SUCCESS ) {
126 LDAP_LOG( OPERATION, ERR,
127 "do_search: conn %d invalid dn (%s)\n",
128 op->o_connid, base.bv_val, 0 );
130 Debug( LDAP_DEBUG_ANY,
131 "do_search: invalid dn (%s)\n", base.bv_val, 0, 0 );
133 send_ldap_error( op, rs, LDAP_INVALID_DN_SYNTAX, "invalid DN" );
138 LDAP_LOG( OPERATION, ARGS, "SRCH \"%s\" %d %d",
139 base.bv_val, op->ors_scope, op->ors_deref );
140 LDAP_LOG( OPERATION, ARGS, " %d %d %d\n",
141 op->ors_slimit, op->ors_tlimit, op->ors_attrsonly);
143 Debug( LDAP_DEBUG_ARGS, "SRCH \"%s\" %d %d",
144 base.bv_val, op->ors_scope, op->ors_deref );
145 Debug( LDAP_DEBUG_ARGS, " %d %d %d\n",
146 op->ors_slimit, op->ors_tlimit, op->ors_attrsonly);
149 /* filter - returns a "normalized" version */
150 rs->sr_err = get_filter( op, op->o_ber, &op->ors_filter, &rs->sr_text );
151 if( rs->sr_err != LDAP_SUCCESS ) {
152 if( rs->sr_err == SLAPD_DISCONNECT ) {
153 rs->sr_err = LDAP_PROTOCOL_ERROR;
154 send_ldap_disconnect( op, rs );
156 send_ldap_result( op, rs );
160 filter2bv_x( op, op->ors_filter, &op->ors_filterstr );
163 LDAP_LOG( OPERATION, ARGS,
164 "do_search: conn %d filter: %s\n",
165 op->o_connid, op->ors_filterstr.bv_len ? op->ors_filterstr.bv_val : "empty", 0 );
167 Debug( LDAP_DEBUG_ARGS, " filter: %s\n",
168 op->ors_filterstr.bv_len ? op->ors_filterstr.bv_val : "empty", 0, 0 );
172 siz = sizeof(AttributeName);
173 off = offsetof(AttributeName,an_name);
174 if ( ber_scanf( op->o_ber, "{M}}", &op->ors_attrs, &siz, off ) == LBER_ERROR ) {
175 send_ldap_discon( op, rs, LDAP_PROTOCOL_ERROR, "decoding attrs error" );
176 rs->sr_err = SLAPD_DISCONNECT;
179 for ( i=0; i<siz; i++ ) {
180 const char *dummy; /* ignore msgs from bv2ad */
181 op->ors_attrs[i].an_desc = NULL;
182 op->ors_attrs[i].an_oc = NULL;
183 op->ors_attrs[i].an_oc_exclude = 0;
184 slap_bv2ad(&op->ors_attrs[i].an_name, &op->ors_attrs[i].an_desc, &dummy);
187 if( get_ctrls( op, rs, 1 ) != LDAP_SUCCESS ) {
189 LDAP_LOG( OPERATION, INFO,
190 "do_search: conn %d get_ctrls failed (%d)\n",
191 op->o_connid, rs->sr_err, 0 );
193 Debug( LDAP_DEBUG_ANY, "do_search: get_ctrls failed\n", 0, 0, 0 );
200 LDAP_LOG( OPERATION, ARGS,
201 "do_search: conn %d attrs:", op->o_connid, 0, 0 );
203 Debug( LDAP_DEBUG_ARGS, " attrs:", 0, 0, 0 );
207 for ( i = 0; i<siz; i++ ) {
209 LDAP_LOG( OPERATION, ARGS,
210 "do_search: %s", op->ors_attrs[i].an_name.bv_val, 0, 0 );
212 Debug( LDAP_DEBUG_ARGS, " %s", op->ors_attrs[i].an_name.bv_val, 0, 0 );
218 LDAP_LOG( OPERATION, ARGS, "\n" , 0, 0, 0 );
220 Debug( LDAP_DEBUG_ARGS, "\n", 0, 0, 0 );
223 if ( StatslogTest( LDAP_DEBUG_STATS ) ) {
224 char abuf[BUFSIZ/2], *ptr = abuf;
227 sprintf(abuf, "scope=%d deref=%d", op->ors_scope, op->ors_deref);
228 Statslog( LDAP_DEBUG_STATS,
229 "conn=%lu op=%lu SRCH base=\"%s\" %s filter=\"%s\"\n",
230 op->o_connid, op->o_opid, op->o_req_dn.bv_val, abuf,
231 op->ors_filterstr.bv_val );
233 for ( i = 0; i<siz; i++ ) {
234 alen = op->ors_attrs[i].an_name.bv_len;
235 if (alen >= sizeof(abuf)) {
236 alen = sizeof(abuf)-1;
238 if (len && (len + 1 + alen >= sizeof(abuf))) {
239 Statslog( LDAP_DEBUG_STATS, "conn=%lu op=%lu SRCH attr=%s\n",
240 op->o_connid, op->o_opid, abuf, 0, 0 );
248 ptr = lutil_strncopy(ptr, op->ors_attrs[i].an_name.bv_val, alen);
253 Statslog( LDAP_DEBUG_STATS, "conn=%lu op=%lu SRCH attr=%s\n",
254 op->o_connid, op->o_opid, abuf, 0, 0 );
258 manageDSAit = get_manageDSAit( op );
260 /* fake while loop to allow breaking out */
261 while ( op->ors_scope == LDAP_SCOPE_BASE ) {
264 if ( op->o_req_ndn.bv_len == 0 ) {
265 #ifdef LDAP_CONNECTIONLESS
266 /* Ignore LDAPv2 CLDAP Root DSE queries */
267 if (op->o_protocol == LDAP_VERSION2 && op->o_conn->c_is_udp) {
271 /* check restrictions */
272 if( backend_check_restrictions( op, rs, NULL ) != LDAP_SUCCESS ) {
273 send_ldap_result( op, rs );
279 attrs = anlist2charray( op, op->ors_attrs );
280 init_search_pblock( op, attrs, manageDSAit );
281 rs->sr_err = call_search_preop_plugins( op );
282 if ( rs->sr_err ) break;
283 call_search_rewrite_plugins( op );
285 #endif /* LDAP_SLAPI */
286 rs->sr_err = root_dse_info( op->o_conn, &entry, &rs->sr_text );
288 } else if ( bvmatch( &op->o_req_ndn, &global_schemandn ) ) {
289 /* check restrictions */
290 if( backend_check_restrictions( op, rs, NULL ) != LDAP_SUCCESS ) {
291 send_ldap_result( op, rs );
297 attrs = anlist2charray( op, op->ors_attrs );
298 init_search_pblock( op, attrs, manageDSAit );
299 rs->sr_err = call_search_preop_plugins( op );
300 if ( rs->sr_err ) break;
301 call_search_rewrite_plugins( op );
303 #endif /* LDAP_SLAPI */
304 rs->sr_err = schema_info( &entry, &rs->sr_text );
307 if( rs->sr_err != LDAP_SUCCESS ) {
308 send_ldap_result( op, rs );
310 if ( op->o_pb ) call_search_postop_plugins( op );
311 #endif /* LDAP_SLAPI */
314 } else if ( entry != NULL ) {
315 rs->sr_err = test_filter( op, entry, op->ors_filter );
317 if( rs->sr_err == LDAP_COMPARE_TRUE ) {
318 rs->sr_entry = entry;
319 rs->sr_attrs = op->ors_attrs;
320 send_search_entry( op, rs );
325 rs->sr_err = LDAP_SUCCESS;
326 send_ldap_result( op, rs );
328 if ( op->o_pb ) call_search_postop_plugins( op );
329 #endif /* LDAP_SLAPI */
335 if( !op->o_req_ndn.bv_len && default_search_nbase.bv_len ) {
336 sl_free( op->o_req_dn.bv_val, op->o_tmpmemctx );
337 sl_free( op->o_req_ndn.bv_val, op->o_tmpmemctx );
339 ber_dupbv_x( &op->o_req_dn, &default_search_base, op->o_tmpmemctx );
340 ber_dupbv_x( &op->o_req_ndn, &default_search_nbase, op->o_tmpmemctx );
344 * We could be serving multiple database backends. Select the
345 * appropriate one, or send a referral to our "referral server"
346 * if we don't hold it.
349 /* Sync control overrides manageDSAit */
351 if ( manageDSAit != SLAP_NO_CONTROL ) {
352 if ( op->o_sync_mode & SLAP_SYNC_REFRESH ) {
353 be_manageDSAit = SLAP_NO_CONTROL;
355 be_manageDSAit = manageDSAit;
358 be_manageDSAit = manageDSAit;
361 op->o_bd = select_backend( &op->o_req_ndn, be_manageDSAit, 1 );
362 if ( op->o_bd == NULL ) {
363 rs->sr_ref = referral_rewrite( default_referral,
364 NULL, &op->o_req_dn, op->ors_scope );
366 if (!rs->sr_ref) rs->sr_ref = default_referral;
367 rs->sr_err = LDAP_REFERRAL;
368 send_ldap_result( op, rs );
370 if (rs->sr_ref != default_referral)
371 ber_bvarray_free( rs->sr_ref );
376 /* check restrictions */
377 if( backend_check_restrictions( op, rs, NULL ) != LDAP_SUCCESS ) {
378 send_ldap_result( op, rs );
382 /* check for referrals */
383 if( backend_check_referrals( op, rs ) != LDAP_SUCCESS ) {
389 attrs = anlist2charray( op, op->ors_attrs );
390 init_search_pblock( op, attrs, manageDSAit );
391 rs->sr_err = call_search_preop_plugins( op );
392 if ( rs->sr_err != LDAP_SUCCESS ) {
396 call_search_rewrite_plugins( op );
398 #endif /* LDAP_SLAPI */
400 /* allow root to set no limit */
401 if ( be_isroot( op->o_bd, &op->o_ndn ) ) {
402 op->ors_limit = NULL;
404 if ( op->ors_tlimit == 0 ) {
408 if ( op->ors_slimit == 0 ) {
412 /* if not root, get appropriate limits */
414 ( void ) get_limits( op, &op->o_ndn, &op->ors_limit );
416 assert( op->ors_limit != NULL );
418 /* if no limit is required, use soft limit */
419 if ( op->ors_tlimit <= 0 ) {
420 op->ors_tlimit = op->ors_limit->lms_t_soft;
422 /* if requested limit higher than hard limit, abort */
423 } else if ( op->ors_tlimit > op->ors_limit->lms_t_hard ) {
424 /* no hard limit means use soft instead */
425 if ( op->ors_limit->lms_t_hard == 0
426 && op->ors_limit->lms_t_soft > -1
427 && op->ors_tlimit > op->ors_limit->lms_t_soft ) {
428 op->ors_tlimit = op->ors_limit->lms_t_soft;
430 /* positive hard limit means abort */
431 } else if ( op->ors_limit->lms_t_hard > 0 ) {
432 rs->sr_err = LDAP_ADMINLIMIT_EXCEEDED;
433 send_ldap_result( op, rs );
434 rs->sr_err = LDAP_SUCCESS;
438 /* negative hard limit means no limit */
441 /* if no limit is required, use soft limit */
442 if ( op->ors_slimit <= 0 ) {
443 if ( get_pagedresults( op ) && op->ors_limit->lms_s_pr != 0 ) {
444 op->ors_slimit = op->ors_limit->lms_s_pr;
446 op->ors_slimit = op->ors_limit->lms_s_soft;
449 /* if requested limit higher than hard limit, abort */
450 } else if ( op->ors_slimit > op->ors_limit->lms_s_hard ) {
451 /* no hard limit means use soft instead */
452 if ( op->ors_limit->lms_s_hard == 0
453 && op->ors_limit->lms_s_soft > -1
454 && op->ors_slimit > op->ors_limit->lms_s_soft ) {
455 op->ors_slimit = op->ors_limit->lms_s_soft;
457 /* positive hard limit means abort */
458 } else if ( op->ors_limit->lms_s_hard > 0 ) {
459 rs->sr_err = LDAP_ADMINLIMIT_EXCEEDED;
460 send_ldap_result( op, rs );
461 rs->sr_err = LDAP_SUCCESS;
465 /* negative hard limit means no limit */
469 /* actually do the search and send the result(s) */
470 if ( op->o_bd->be_search ) {
471 (op->o_bd->be_search)( op, rs );
473 send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM,
474 "operation not supported within namingContext" );
478 if ( op->o_pb ) call_search_postop_plugins( op );
479 #endif /* LDAP_SLAPI */
483 if ( ( op->o_sync_mode & SLAP_SYNC_PERSIST ) )
486 if ( ( op->o_sync_slog_size != -1 ) )
489 if( op->o_req_dn.bv_val != NULL) sl_free( op->o_req_dn.bv_val, op->o_tmpmemctx );
490 if( op->o_req_ndn.bv_val != NULL) sl_free( op->o_req_ndn.bv_val, op->o_tmpmemctx );
492 if( op->ors_filterstr.bv_val != NULL) op->o_tmpfree( op->ors_filterstr.bv_val, op->o_tmpmemctx );
493 if( op->ors_filter != NULL) filter_free_x( op, op->ors_filter );
494 if( op->ors_attrs != NULL ) op->o_tmpfree( op->ors_attrs, op->o_tmpmemctx );
496 if( attrs != NULL) op->o_tmpfree( attrs, op->o_tmpmemctx );
497 #endif /* LDAP_SLAPI */
504 static char **anlist2charray( Operation *op, AttributeName *an )
510 for ( i = 0; an[i].an_name.bv_val != NULL; i++ )
512 attrs = (char **)op->o_tmpalloc( (i + 1) * sizeof(char *), op->o_tmpmemctx );
513 for ( i = 0; an[i].an_name.bv_val != NULL; i++ ) {
514 attrs[i] = an[i].an_name.bv_val;
524 static void init_search_pblock( Operation *op,
525 char **attrs, int managedsait )
527 slapi_int_pblock_set_operation( op->o_pb, op );
528 slapi_pblock_set( op->o_pb, SLAPI_SEARCH_TARGET, (void *)op->o_req_dn.bv_val );
529 slapi_pblock_set( op->o_pb, SLAPI_SEARCH_SCOPE, (void *)op->ors_scope );
530 slapi_pblock_set( op->o_pb, SLAPI_SEARCH_DEREF, (void *)op->ors_deref );
531 slapi_pblock_set( op->o_pb, SLAPI_SEARCH_SIZELIMIT, (void *)op->ors_slimit );
532 slapi_pblock_set( op->o_pb, SLAPI_SEARCH_TIMELIMIT, (void *)op->ors_tlimit );
533 slapi_pblock_set( op->o_pb, SLAPI_SEARCH_FILTER, (void *)op->ors_filter );
534 slapi_pblock_set( op->o_pb, SLAPI_SEARCH_STRFILTER, (void *)op->ors_filterstr.bv_val );
535 slapi_pblock_set( op->o_pb, SLAPI_SEARCH_ATTRS, (void *)attrs );
536 slapi_pblock_set( op->o_pb, SLAPI_SEARCH_ATTRSONLY, (void *)op->ors_attrsonly );
537 slapi_pblock_set( op->o_pb, SLAPI_MANAGEDSAIT, (void *)managedsait );
540 static int call_search_preop_plugins( Operation *op )
544 rc = slapi_int_call_plugins( op->o_bd, SLAPI_PLUGIN_PRE_SEARCH_FN, op->o_pb );
547 * A preoperation plugin failure will abort the
551 LDAP_LOG( OPERATION, INFO, "call_search_preop_plugins: search preoperation plugin "
552 "returned %d\n", rc, 0, 0 );
554 Debug(LDAP_DEBUG_TRACE, "call_search_preop_plugins: search preoperation plugin "
555 "returned %d.\n", rc, 0, 0);
557 if ( ( slapi_pblock_get( op->o_pb, SLAPI_RESULT_CODE, (void *)&rc ) != 0 ) ||
558 rc == LDAP_SUCCESS ) {
568 static int call_search_rewrite_plugins( Operation *op )
570 if ( slapi_int_call_plugins( op->o_bd, SLAPI_PLUGIN_COMPUTE_SEARCH_REWRITER_FN, op->o_pb ) == 0 ) {
574 * The plugin can set the SLAPI_SEARCH_FILTER.
575 * SLAPI_SEARCH_STRFILER is not normative.
577 slapi_pblock_get( op->o_pb, SLAPI_SEARCH_FILTER, (void *)&op->ors_filter );
578 op->o_tmpfree( op->ors_filterstr.bv_val, op->o_tmpmemctx );
579 filter2bv_x( op, op->ors_filter, &op->ors_filterstr );
582 * Also permit other search parameters to be reset. One thing
583 * this doesn't (yet) deal with is plugins that change a root
584 * DSE search to a non-root DSE search...
586 slapi_pblock_get( op->o_pb, SLAPI_SEARCH_TARGET, (void **)&op->o_req_dn.bv_val );
587 op->o_req_dn.bv_len = strlen( op->o_req_dn.bv_val );
589 if( op->o_req_ndn.bv_val != NULL) {
590 sl_free( op->o_req_ndn.bv_val, op->o_tmpmemctx );
592 rc = dnNormalize( 0, NULL, NULL, &op->o_req_dn, &op->o_req_ndn,
594 if ( rc != LDAP_SUCCESS ) {
598 slapi_pblock_get( op->o_pb, SLAPI_SEARCH_SCOPE, (void **)&op->ors_scope );
599 slapi_pblock_get( op->o_pb, SLAPI_SEARCH_DEREF, (void **)&op->ors_deref );
602 LDAP_LOG( OPERATION, ARGS,
603 "call_search_rewrite_plugins: after compute_rewrite_search filter: %s\n",
604 op->ors_filterstr.bv_len ? op->ors_filterstr.bv_val : "empty", 0, 0 );
606 Debug( LDAP_DEBUG_ARGS, " after compute_rewrite_search filter: %s\n",
607 op->ors_filterstr.bv_len ? op->ors_filterstr.bv_val : "empty", 0, 0 );
614 static void call_search_postop_plugins( Operation *op )
616 if ( slapi_int_call_plugins( op->o_bd, SLAPI_PLUGIN_POST_SEARCH_FN, op->o_pb ) < 0 ) {
618 LDAP_LOG( OPERATION, INFO, "call_search_postop_plugins: search postoperation plugins "
619 "failed\n", 0, 0, 0 );
621 Debug(LDAP_DEBUG_TRACE, "call_search_postop_plugins: search postoperation plugins "
622 "failed.\n", 0, 0, 0);
627 void slapi_int_dummy(void)
630 * XXX slapi_search_internal() was no getting pulled
631 * in; all manner of linker flags failed to link it.
634 slapi_search_internal( NULL, 0, NULL, NULL, NULL, 0 );
636 #endif /* LDAP_SLAPI */
projects / openldap / blob