3 * Copyright 1998-2000 The OpenLDAP Foundation, All Rights Reserved.
4 * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
7 * Copyright (c) 1995 Regents of the University of Michigan.
10 * Redistribution and use in source and binary forms are permitted
11 * provided that this notice is preserved and that due credit is given
12 * to the University of Michigan at Ann Arbor. The name of the University
13 * may not be used to endorse or promote products derived from this
14 * software without specific prior written permission. This software
15 * is provided ``as is'' without express or implied warranty.
22 #include <ac/string.h>
23 #include <ac/socket.h>
30 Connection *conn, /* where to send results */
31 Operation *op /* info about the op to which we're responding */
34 ber_int_t scope, deref, attrsonly;
35 ber_int_t sizelimit, timelimit;
36 char *base = NULL, *nbase = NULL, *fstr = NULL;
37 Filter *filter = NULL;
44 Debug( LDAP_DEBUG_TRACE, "do_search\n", 0, 0, 0 );
45 LDAP_LOG(( "operation", LDAP_LEVEL_ENTRY, "conn: %d do_search\n",
48 * Parse the search request. It looks like this:
50 * SearchRequest := [APPLICATION 3] SEQUENCE {
51 * baseObject DistinguishedName,
57 * derefAliases ENUMERATED {
58 * neverDerefaliases (0),
59 * derefInSearching (1),
60 * derefFindingBaseObj (2),
61 * alwaysDerefAliases (3)
63 * sizelimit INTEGER (0 .. 65535),
64 * timelimit INTEGER (0 .. 65535),
67 * attributes SEQUENCE OF AttributeType
71 /* baseObject, scope, derefAliases, sizelimit, timelimit, attrsOnly */
72 if ( ber_scanf( op->o_ber, "{aiiiib" /*}*/,
73 &base, &scope, &deref, &sizelimit,
74 &timelimit, &attrsonly ) == LBER_ERROR ) {
75 send_ldap_disconnect( conn, op,
76 LDAP_PROTOCOL_ERROR, "decoding error" );
77 rc = SLAPD_DISCONNECT;
83 case LDAP_SCOPE_ONELEVEL:
84 case LDAP_SCOPE_SUBTREE:
87 send_ldap_result( conn, op, rc = LDAP_PROTOCOL_ERROR,
88 NULL, "invalid scope", NULL, NULL );
93 case LDAP_DEREF_NEVER:
94 case LDAP_DEREF_FINDING:
95 case LDAP_DEREF_SEARCHING:
96 case LDAP_DEREF_ALWAYS:
99 send_ldap_result( conn, op, rc = LDAP_PROTOCOL_ERROR,
100 NULL, "invalid deref", NULL, NULL );
104 nbase = ch_strdup( base );
106 if( dn_normalize( nbase ) == NULL ) {
107 send_ldap_result( conn, op, rc = LDAP_INVALID_DN_SYNTAX,
108 NULL, "invalid DN", NULL, NULL );
112 Debug( LDAP_DEBUG_ARGS, "SRCH \"%s\" %d %d", base, scope, deref );
113 Debug( LDAP_DEBUG_ARGS, " %d %d %d\n", sizelimit, timelimit,
116 /* filter - returns a "normalized" version */
117 rc = get_filter( conn, op->o_ber, &filter, &fstr, &text );
118 if( rc != LDAP_SUCCESS ) {
119 if( rc == SLAPD_DISCONNECT ) {
120 send_ldap_disconnect( conn, op,
121 LDAP_PROTOCOL_ERROR, text );
123 send_ldap_result( conn, op, rc,
124 NULL, text, NULL, NULL );
129 Debug( LDAP_DEBUG_ARGS, " filter: %s\n", fstr, 0, 0 );
132 if ( ber_scanf( op->o_ber, /*{*/ "{v}}", &attrs ) == LBER_ERROR ) {
133 send_ldap_disconnect( conn, op,
134 LDAP_PROTOCOL_ERROR, "decoding attrs error" );
135 rc = SLAPD_DISCONNECT;
139 if( (rc = get_ctrls( conn, op, 1 )) != LDAP_SUCCESS ) {
140 Debug( LDAP_DEBUG_ANY, "do_search: get_ctrls failed\n", 0, 0, 0 );
146 Debug( LDAP_DEBUG_ARGS, " attrs:", 0, 0, 0 );
148 if ( attrs != NULL ) {
149 for ( i = 0; attrs[i] != NULL; i++ ) {
150 Debug( LDAP_DEBUG_ARGS, " %s", attrs[i], 0, 0 );
154 Debug( LDAP_DEBUG_ARGS, "\n", 0, 0, 0 );
156 Statslog( LDAP_DEBUG_STATS,
157 "conn=%ld op=%d SRCH base=\"%s\" scope=%d filter=\"%s\"\n",
158 op->o_connid, op->o_opid, base, scope, fstr );
160 if ( scope == LDAP_SCOPE_BASE ) {
163 if ( strcasecmp( nbase, LDAP_ROOT_DSE ) == 0 ) {
164 rc = root_dse_info( conn, &entry, &text );
167 #if defined( SLAPD_MONITOR_DN )
168 else if ( strcasecmp( nbase, SLAPD_MONITOR_DN ) == 0 ) {
169 rc = monitor_info( &entry, &text );
173 #if defined( SLAPD_CONFIG_DN )
174 else if ( strcasecmp( nbase, SLAPD_CONFIG_DN ) == 0 ) {
175 rc = config_info( &entry, &text );
179 #if defined( SLAPD_SCHEMA_DN )
180 else if ( strcasecmp( nbase, SLAPD_SCHEMA_DN ) == 0 ) {
181 rc= schema_info( &entry, &text );
185 if( rc != LDAP_SUCCESS ) {
186 send_ldap_result( conn, op, rc,
187 NULL, text, NULL, NULL );
190 } else if ( entry != NULL ) {
191 rc = test_filter( NULL, conn, op,
194 if( rc == LDAP_COMPARE_TRUE ) {
195 send_search_entry( &backends[0], conn, op,
196 entry, attrs, attrsonly, NULL );
200 send_ldap_result( conn, op, LDAP_SUCCESS,
201 NULL, NULL, NULL, NULL );
207 if( nbase[0] == '\0' && default_search_nbase != NULL ) {
210 base = ch_strdup( default_search_base );
211 nbase = ch_strdup( default_search_nbase );
214 manageDSAit = get_manageDSAit( op );
217 * We could be serving multiple database backends. Select the
218 * appropriate one, or send a referral to our "referral server"
219 * if we don't hold it.
221 if ( (be = select_backend( nbase, manageDSAit )) == NULL ) {
222 send_ldap_result( conn, op, rc = LDAP_REFERRAL,
223 NULL, NULL, default_referral, NULL );
228 /* check restrictions */
229 rc = backend_check_restrictions( be, conn, op, NULL, &text ) ;
230 if( rc != LDAP_SUCCESS ) {
231 send_ldap_result( conn, op, rc,
232 NULL, text, NULL, NULL );
236 /* check for referrals */
237 rc = backend_check_referrals( be, conn, op, base, nbase );
238 if ( rc != LDAP_SUCCESS ) {
242 /* deref the base if needed */
243 nbase = suffix_alias( be, nbase );
245 /* actually do the search and send the result(s) */
246 if ( be->be_search ) {
247 (*be->be_search)( be, conn, op, base, nbase, scope, deref, sizelimit,
248 timelimit, filter, fstr, attrs, attrsonly );
250 send_ldap_result( conn, op, rc = LDAP_UNWILLING_TO_PERFORM,
251 NULL, "operation not supported within namingContext", NULL, NULL );
255 if( base != NULL) free( base );
256 if( nbase != NULL) free( nbase );
257 if( fstr != NULL) free( fstr );
258 if( filter != NULL) filter_free( filter );
259 if ( attrs != NULL ) {
260 charray_free( attrs );