3 * Copyright 1998-2002 The OpenLDAP Foundation, All Rights Reserved.
4 * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
7 * Copyright (c) 1995 Regents of the University of Michigan.
10 * Redistribution and use in source and binary forms are permitted
11 * provided that this notice is preserved and that due credit is given
12 * to the University of Michigan at Ann Arbor. The name of the University
13 * may not be used to endorse or promote products derived from this
14 * software without specific prior written permission. This software
15 * is provided ``as is'' without express or implied warranty.
22 #include <ac/string.h>
23 #include <ac/socket.h>
30 Connection *conn, /* where to send results */
31 Operation *op /* info about the op to which we're responding */
33 ber_int_t scope, deref, attrsonly;
34 ber_int_t sizelimit, timelimit;
35 struct berval base = { 0, NULL };
36 struct berval pbase = { 0, NULL };
37 struct berval nbase = { 0, NULL };
38 struct berval fstr = { 0, NULL };
39 Filter *filter = NULL;
40 AttributeName *an = NULL;
41 ber_len_t siz, off, i;
48 LDAP_LOG( OPERATION, ENTRY, "do_search: conn %d\n", conn->c_connid, 0, 0 );
50 Debug( LDAP_DEBUG_TRACE, "do_search\n", 0, 0, 0 );
54 * Parse the search request. It looks like this:
56 * SearchRequest := [APPLICATION 3] SEQUENCE {
57 * baseObject DistinguishedName,
63 * derefAliases ENUMERATED {
64 * neverDerefaliases (0),
65 * derefInSearching (1),
66 * derefFindingBaseObj (2),
67 * alwaysDerefAliases (3)
69 * sizelimit INTEGER (0 .. 65535),
70 * timelimit INTEGER (0 .. 65535),
73 * attributes SEQUENCE OF AttributeType
77 /* baseObject, scope, derefAliases, sizelimit, timelimit, attrsOnly */
78 if ( ber_scanf( op->o_ber, "{miiiib" /*}*/,
79 &base, &scope, &deref, &sizelimit,
80 &timelimit, &attrsonly ) == LBER_ERROR )
82 send_ldap_disconnect( conn, op,
83 LDAP_PROTOCOL_ERROR, "decoding error" );
84 rc = SLAPD_DISCONNECT;
90 case LDAP_SCOPE_ONELEVEL:
91 case LDAP_SCOPE_SUBTREE:
94 send_ldap_result( conn, op, rc = LDAP_PROTOCOL_ERROR,
95 NULL, "invalid scope", NULL, NULL );
100 case LDAP_DEREF_NEVER:
101 case LDAP_DEREF_FINDING:
102 case LDAP_DEREF_SEARCHING:
103 case LDAP_DEREF_ALWAYS:
106 send_ldap_result( conn, op, rc = LDAP_PROTOCOL_ERROR,
107 NULL, "invalid deref", NULL, NULL );
111 rc = dnPrettyNormal( NULL, &base, &pbase, &nbase );
112 if( rc != LDAP_SUCCESS ) {
114 LDAP_LOG( OPERATION, ERR,
115 "do_search: conn %d invalid dn (%s)\n",
116 conn->c_connid, base.bv_val, 0 );
118 Debug( LDAP_DEBUG_ANY,
119 "do_search: invalid dn (%s)\n", base.bv_val, 0, 0 );
121 send_ldap_result( conn, op, rc = LDAP_INVALID_DN_SYNTAX, NULL,
122 "invalid DN", NULL, NULL );
127 LDAP_LOG( OPERATION, ARGS, "SRCH \"%s\" %d %d",
128 base.bv_val, scope, deref );
129 LDAP_LOG( OPERATION, ARGS, " %d %d %d\n",
130 sizelimit, timelimit, attrsonly);
132 Debug( LDAP_DEBUG_ARGS, "SRCH \"%s\" %d %d",
133 base.bv_val, scope, deref );
134 Debug( LDAP_DEBUG_ARGS, " %d %d %d\n",
135 sizelimit, timelimit, attrsonly);
138 /* filter - returns a "normalized" version */
139 rc = get_filter( conn, op->o_ber, &filter, &text );
140 if( rc != LDAP_SUCCESS ) {
141 if( rc == SLAPD_DISCONNECT ) {
142 send_ldap_disconnect( conn, op,
143 LDAP_PROTOCOL_ERROR, text );
145 send_ldap_result( conn, op, rc,
146 NULL, text, NULL, NULL );
150 filter2bv( filter, &fstr );
153 LDAP_LOG( OPERATION, ARGS,
154 "do_search: conn %d filter: %s\n",
155 conn->c_connid, fstr.bv_len ? fstr.bv_val : "empty", 0 );
157 Debug( LDAP_DEBUG_ARGS, " filter: %s\n",
158 fstr.bv_len ? fstr.bv_val : "empty", 0, 0 );
162 siz = sizeof(AttributeName);
164 if ( ber_scanf( op->o_ber, "{M}}", &an, &siz, off ) == LBER_ERROR ) {
165 send_ldap_disconnect( conn, op,
166 LDAP_PROTOCOL_ERROR, "decoding attrs error" );
167 rc = SLAPD_DISCONNECT;
170 for ( i=0; i<siz; i++ ) {
171 an[i].an_desc = NULL;
173 slap_bv2ad(&an[i].an_name, &an[i].an_desc, &text);
176 if( (rc = get_ctrls( conn, op, 1 )) != LDAP_SUCCESS ) {
178 LDAP_LOG( OPERATION, INFO,
179 "do_search: conn %d get_ctrls failed (%d)\n",
180 conn->c_connid, rc, 0 );
182 Debug( LDAP_DEBUG_ANY, "do_search: get_ctrls failed\n", 0, 0, 0 );
189 LDAP_LOG( OPERATION, ARGS,
190 "do_search: conn %d attrs:", conn->c_connid, 0, 0 );
192 Debug( LDAP_DEBUG_ARGS, " attrs:", 0, 0, 0 );
196 for ( i = 0; i<siz; i++ ) {
198 LDAP_LOG( OPERATION, ARGS,
199 "do_search: %s", an[i].an_name.bv_val, 0, 0 );
201 Debug( LDAP_DEBUG_ARGS, " %s", an[i].an_name.bv_val, 0, 0 );
207 LDAP_LOG( OPERATION, ARGS, "\n" , 0, 0, 0 );
209 Debug( LDAP_DEBUG_ARGS, "\n", 0, 0, 0 );
212 Statslog( LDAP_DEBUG_STATS,
213 "conn=%lu op=%lu SRCH base=\"%s\" scope=%d filter=\"%s\"\n",
214 op->o_connid, op->o_opid, pbase.bv_val, scope, fstr.bv_val );
216 manageDSAit = get_manageDSAit( op );
218 if ( scope == LDAP_SCOPE_BASE ) {
221 if ( nbase.bv_len == 0 ) {
222 #ifdef LDAP_CONNECTIONLESS
223 /* Ignore LDAPv2 CLDAP Root DSE queries */
224 if (op->o_protocol==LDAP_VERSION2 && conn->c_is_udp) {
228 /* check restrictions */
229 rc = backend_check_restrictions( NULL, conn, op, NULL, &text ) ;
230 if( rc != LDAP_SUCCESS ) {
231 send_ldap_result( conn, op, rc,
232 NULL, text, NULL, NULL );
236 rc = root_dse_info( conn, &entry, &text );
239 #if defined( SLAPD_SCHEMA_DN )
240 else if ( bvmatch( &nbase, &global_schemandn ) ) {
241 /* check restrictions */
242 rc = backend_check_restrictions( NULL, conn, op, NULL, &text ) ;
243 if( rc != LDAP_SUCCESS ) {
244 send_ldap_result( conn, op, rc,
245 NULL, text, NULL, NULL );
249 rc = schema_info( &entry, &text );
253 if( rc != LDAP_SUCCESS ) {
254 send_ldap_result( conn, op, rc,
255 NULL, text, NULL, NULL );
258 } else if ( entry != NULL ) {
259 rc = test_filter( NULL, conn, op,
262 if( rc == LDAP_COMPARE_TRUE ) {
263 send_search_entry( NULL, conn, op,
264 entry, an, attrsonly, NULL );
268 send_ldap_result( conn, op, LDAP_SUCCESS,
269 NULL, NULL, NULL, NULL );
275 if( !nbase.bv_len && default_search_nbase.bv_len ) {
276 ch_free( pbase.bv_val );
277 ch_free( nbase.bv_val );
279 ber_dupbv( &pbase, &default_search_base );
280 ber_dupbv( &nbase, &default_search_nbase );
284 * We could be serving multiple database backends. Select the
285 * appropriate one, or send a referral to our "referral server"
286 * if we don't hold it.
288 if ( (be = select_backend( &nbase, manageDSAit, 1 )) == NULL ) {
289 BerVarray ref = referral_rewrite( default_referral,
290 NULL, &pbase, scope );
292 send_ldap_result( conn, op, rc = LDAP_REFERRAL,
293 NULL, NULL, ref ? ref : default_referral, NULL );
295 ber_bvarray_free( ref );
299 /* check restrictions */
300 rc = backend_check_restrictions( be, conn, op, NULL, &text ) ;
301 if( rc != LDAP_SUCCESS ) {
302 send_ldap_result( conn, op, rc,
303 NULL, text, NULL, NULL );
307 /* check for referrals */
308 rc = backend_check_referrals( be, conn, op, &pbase, &nbase );
309 if ( rc != LDAP_SUCCESS ) {
313 /* deref the base if needed */
314 suffix_alias( be, &nbase );
316 /* actually do the search and send the result(s) */
317 if ( be->be_search ) {
318 (*be->be_search)( be, conn, op, &pbase, &nbase,
319 scope, deref, sizelimit,
320 timelimit, filter, &fstr, an, attrsonly );
322 send_ldap_result( conn, op, rc = LDAP_UNWILLING_TO_PERFORM,
323 NULL, "operation not supported within namingContext",
328 if( pbase.bv_val != NULL) free( pbase.bv_val );
329 if( nbase.bv_val != NULL) free( nbase.bv_val );
331 if( fstr.bv_val != NULL) free( fstr.bv_val );
332 if( filter != NULL) filter_free( filter );
333 if( an != NULL ) free( an );