git.sur5r.net Git - openldap/blob - servers/slapd/search.c

   1 /* $OpenLDAP$ */
   2 /*
   3  * Copyright 1998-2002 The OpenLDAP Foundation, All Rights Reserved.
   4  * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
   5  */
   6 /* Portions
   7  * Copyright (c) 1995 Regents of the University of Michigan.
   8  * All rights reserved.
   9  *
  10  * Redistribution and use in source and binary forms are permitted
  11  * provided that this notice is preserved and that due credit is given
  12  * to the University of Michigan at Ann Arbor. The name of the University
  13  * may not be used to endorse or promote products derived from this
  14  * software without specific prior written permission. This software
  15  * is provided ``as is'' without express or implied warranty.
  16  */
  17
  18 #include "portable.h"
  19
  20 #include <stdio.h>
  21
  22 #include <ac/string.h>
  23 #include <ac/socket.h>
  24
  25 #include "ldap_pvt.h"
  26 #include "slap.h"
  27
  28 int
  29 do_search(
  30     Connection  *conn,  /* where to send results */
  31     Operation   *op     /* info about the op to which we're responding */
  32 ) {
  33         ber_int_t       scope, deref, attrsonly;
  34         ber_int_t       sizelimit, timelimit;
  35         struct berval base = { 0, NULL };
  36         struct berval pbase = { 0, NULL };
  37         struct berval nbase = { 0, NULL };
  38         struct berval   fstr = { 0, NULL };
  39         Filter          *filter = NULL;
  40         AttributeName   *an = NULL;
  41         ber_len_t       siz, off, i;
  42         Backend         *be;
  43         int                     rc;
  44         const char      *text;
  45         int                     manageDSAit;
  46
  47 #ifdef NEW_LOGGING
  48         LDAP_LOG( OPERATION, ENTRY, "do_search: conn %d\n", conn->c_connid, 0, 0 );
  49 #else
  50         Debug( LDAP_DEBUG_TRACE, "do_search\n", 0, 0, 0 );
  51 #endif
  52
  53         /*
  54          * Parse the search request.  It looks like this:
  55          *
  56          *      SearchRequest := [APPLICATION 3] SEQUENCE {
  57          *              baseObject      DistinguishedName,
  58          *              scope           ENUMERATED {
  59          *                      baseObject      (0),
  60          *                      singleLevel     (1),
  61          *                      wholeSubtree    (2)
  62          *              },
  63          *              derefAliases    ENUMERATED {
  64          *                      neverDerefaliases       (0),
  65          *                      derefInSearching        (1),
  66          *                      derefFindingBaseObj     (2),
  67          *                      alwaysDerefAliases      (3)
  68          *              },
  69          *              sizelimit       INTEGER (0 .. 65535),
  70          *              timelimit       INTEGER (0 .. 65535),
  71          *              attrsOnly       BOOLEAN,
  72          *              filter          Filter,
  73          *              attributes      SEQUENCE OF AttributeType
  74          *      }
  75          */
  76
  77         /* baseObject, scope, derefAliases, sizelimit, timelimit, attrsOnly */
  78         if ( ber_scanf( op->o_ber, "{miiiib" /*}*/,
  79                 &base, &scope, &deref, &sizelimit,
  80             &timelimit, &attrsonly ) == LBER_ERROR )
  81         {
  82                 send_ldap_disconnect( conn, op,
  83                         LDAP_PROTOCOL_ERROR, "decoding error" );
  84                 rc = SLAPD_DISCONNECT;
  85                 goto return_results;
  86         }
  87
  88         switch( scope ) {
  89         case LDAP_SCOPE_BASE:
  90         case LDAP_SCOPE_ONELEVEL:
  91         case LDAP_SCOPE_SUBTREE:
  92                 break;
  93         default:
  94                 send_ldap_result( conn, op, rc = LDAP_PROTOCOL_ERROR,
  95                         NULL, "invalid scope", NULL, NULL );
  96                 goto return_results;
  97         }
  98
  99         switch( deref ) {
 100         case LDAP_DEREF_NEVER:
 101         case LDAP_DEREF_FINDING:
 102         case LDAP_DEREF_SEARCHING:
 103         case LDAP_DEREF_ALWAYS:
 104                 break;
 105         default:
 106                 send_ldap_result( conn, op, rc = LDAP_PROTOCOL_ERROR,
 107                         NULL, "invalid deref", NULL, NULL );
 108                 goto return_results;
 109         }
 110
 111         rc = dnPrettyNormal( NULL, &base, &pbase, &nbase );
 112         if( rc != LDAP_SUCCESS ) {
 113 #ifdef NEW_LOGGING
 114                 LDAP_LOG( OPERATION, ERR,
 115                         "do_search: conn %d  invalid dn (%s)\n",
 116                         conn->c_connid, base.bv_val, 0 );
 117 #else
 118                 Debug( LDAP_DEBUG_ANY,
 119                         "do_search: invalid dn (%s)\n", base.bv_val, 0, 0 );
 120 #endif
 121                 send_ldap_result( conn, op, rc = LDAP_INVALID_DN_SYNTAX, NULL,
 122                     "invalid DN", NULL, NULL );
 123                 goto return_results;
 124         }
 125
 126 #ifdef NEW_LOGGING
 127         LDAP_LOG( OPERATION, ARGS, "SRCH \"%s\" %d %d",
 128                 base.bv_val, scope, deref );
 129         LDAP_LOG( OPERATION, ARGS, "    %d %d %d\n",
 130                 sizelimit, timelimit, attrsonly);
 131 #else
 132         Debug( LDAP_DEBUG_ARGS, "SRCH \"%s\" %d %d",
 133                 base.bv_val, scope, deref );
 134         Debug( LDAP_DEBUG_ARGS, "    %d %d %d\n",
 135                 sizelimit, timelimit, attrsonly);
 136 #endif
 137
 138         /* filter - returns a "normalized" version */
 139         rc = get_filter( conn, op->o_ber, &filter, &text );
 140         if( rc != LDAP_SUCCESS ) {
 141                 if( rc == SLAPD_DISCONNECT ) {
 142                         send_ldap_disconnect( conn, op,
 143                                 LDAP_PROTOCOL_ERROR, text );
 144                 } else {
 145                         send_ldap_result( conn, op, rc,
 146                                         NULL, text, NULL, NULL );
 147                 }
 148                 goto return_results;
 149         }
 150         filter2bv( filter, &fstr );
 151
 152 #ifdef NEW_LOGGING
 153         LDAP_LOG( OPERATION, ARGS,
 154                 "do_search: conn %d     filter: %s\n",
 155                 conn->c_connid, fstr.bv_len ? fstr.bv_val : "empty", 0 );
 156 #else
 157         Debug( LDAP_DEBUG_ARGS, "    filter: %s\n",
 158                 fstr.bv_len ? fstr.bv_val : "empty", 0, 0 );
 159 #endif
 160
 161         /* attributes */
 162         siz = sizeof(AttributeName);
 163         off = 0;
 164         if ( ber_scanf( op->o_ber, "{M}}", &an, &siz, off ) == LBER_ERROR ) {
 165                 send_ldap_disconnect( conn, op,
 166                         LDAP_PROTOCOL_ERROR, "decoding attrs error" );
 167                 rc = SLAPD_DISCONNECT;
 168                 goto return_results;
 169         }
 170         for ( i=0; i<siz; i++ ) {
 171                 an[i].an_desc = NULL;
 172                 an[i].an_oc = NULL;
 173                 slap_bv2ad(&an[i].an_name, &an[i].an_desc, &text);
 174         }
 175
 176         if( (rc = get_ctrls( conn, op, 1 )) != LDAP_SUCCESS ) {
 177 #ifdef NEW_LOGGING
 178                 LDAP_LOG( OPERATION, INFO,
 179                         "do_search: conn %d  get_ctrls failed (%d)\n",
 180                         conn->c_connid, rc, 0 );
 181 #else
 182                 Debug( LDAP_DEBUG_ANY, "do_search: get_ctrls failed\n", 0, 0, 0 );
 183 #endif
 184
 185                 goto return_results;
 186         }
 187
 188 #ifdef NEW_LOGGING
 189         LDAP_LOG( OPERATION, ARGS,
 190                 "do_search: conn %d     attrs:", conn->c_connid, 0, 0 );
 191 #else
 192         Debug( LDAP_DEBUG_ARGS, "    attrs:", 0, 0, 0 );
 193 #endif
 194
 195         if ( siz != 0 ) {
 196                 for ( i = 0; i<siz; i++ ) {
 197 #ifdef NEW_LOGGING
 198                         LDAP_LOG( OPERATION, ARGS,
 199                                 "do_search: %s", an[i].an_name.bv_val, 0, 0 );
 200 #else
 201                         Debug( LDAP_DEBUG_ARGS, " %s", an[i].an_name.bv_val, 0, 0 );
 202 #endif
 203                 }
 204         }
 205
 206 #ifdef NEW_LOGGING
 207         LDAP_LOG( OPERATION, ARGS, "\n" , 0, 0, 0 );
 208 #else
 209         Debug( LDAP_DEBUG_ARGS, "\n", 0, 0, 0 );
 210 #endif
 211
 212         Statslog( LDAP_DEBUG_STATS,
 213             "conn=%lu op=%lu SRCH base=\"%s\" scope=%d filter=\"%s\"\n",
 214             op->o_connid, op->o_opid, pbase.bv_val, scope, fstr.bv_val );
 215
 216         manageDSAit = get_manageDSAit( op );
 217
 218         if ( scope == LDAP_SCOPE_BASE ) {
 219                 Entry *entry = NULL;
 220
 221                 if ( nbase.bv_len == 0 ) {
 222 #ifdef LDAP_CONNECTIONLESS
 223                         /* Ignore LDAPv2 CLDAP Root DSE queries */
 224                         if (op->o_protocol==LDAP_VERSION2 && conn->c_is_udp) {
 225                                 goto return_results;
 226                         }
 227 #endif
 228                         /* check restrictions */
 229                         rc = backend_check_restrictions( NULL, conn, op, NULL, &text ) ;
 230                         if( rc != LDAP_SUCCESS ) {
 231                                 send_ldap_result( conn, op, rc,
 232                                         NULL, text, NULL, NULL );
 233                                 goto return_results;
 234                         }
 235
 236                         rc = root_dse_info( conn, &entry, &text );
 237                 }
 238
 239 #if defined( SLAPD_SCHEMA_DN )
 240                 else if ( bvmatch( &nbase, &global_schemandn ) ) {
 241                         /* check restrictions */
 242                         rc = backend_check_restrictions( NULL, conn, op, NULL, &text ) ;
 243                         if( rc != LDAP_SUCCESS ) {
 244                                 send_ldap_result( conn, op, rc,
 245                                         NULL, text, NULL, NULL );
 246                                 goto return_results;
 247                         }
 248
 249                         rc = schema_info( &entry, &text );
 250                 }
 251 #endif
 252
 253                 if( rc != LDAP_SUCCESS ) {
 254                         send_ldap_result( conn, op, rc,
 255                                 NULL, text, NULL, NULL );
 256                         goto return_results;
 257
 258                 } else if ( entry != NULL ) {
 259                         rc = test_filter( NULL, conn, op,
 260                                 entry, filter );
 261
 262                         if( rc == LDAP_COMPARE_TRUE ) {
 263                                 send_search_entry( NULL, conn, op,
 264                                         entry, an, attrsonly, NULL );
 265                         }
 266                         entry_free( entry );
 267
 268                         send_ldap_result( conn, op, LDAP_SUCCESS,
 269                                 NULL, NULL, NULL, NULL );
 270
 271                         goto return_results;
 272                 }
 273         }
 274
 275         if( !nbase.bv_len && default_search_nbase.bv_len ) {
 276                 ch_free( pbase.bv_val );
 277                 ch_free( nbase.bv_val );
 278
 279                 ber_dupbv( &pbase, &default_search_base );
 280                 ber_dupbv( &nbase, &default_search_nbase );
 281         }
 282
 283         /*
 284          * We could be serving multiple database backends.  Select the
 285          * appropriate one, or send a referral to our "referral server"
 286          * if we don't hold it.
 287          */
 288         if ( (be = select_backend( &nbase, manageDSAit, 1 )) == NULL ) {
 289                 BerVarray ref = referral_rewrite( default_referral,
 290                         NULL, &pbase, scope );
 291
 292                 send_ldap_result( conn, op, rc = LDAP_REFERRAL,
 293                         NULL, NULL, ref ? ref : default_referral, NULL );
 294
 295                 ber_bvarray_free( ref );
 296                 goto return_results;
 297         }
 298
 299         /* check restrictions */
 300         rc = backend_check_restrictions( be, conn, op, NULL, &text ) ;
 301         if( rc != LDAP_SUCCESS ) {
 302                 send_ldap_result( conn, op, rc,
 303                         NULL, text, NULL, NULL );
 304                 goto return_results;
 305         }
 306
 307         /* check for referrals */
 308         rc = backend_check_referrals( be, conn, op, &pbase, &nbase );
 309         if ( rc != LDAP_SUCCESS ) {
 310                 goto return_results;
 311         }
 312
 313         /* deref the base if needed */
 314         suffix_alias( be, &nbase );
 315
 316         /* actually do the search and send the result(s) */
 317         if ( be->be_search ) {
 318                 (*be->be_search)( be, conn, op, &pbase, &nbase,
 319                         scope, deref, sizelimit,
 320                         timelimit, filter, &fstr, an, attrsonly );
 321         } else {
 322                 send_ldap_result( conn, op, rc = LDAP_UNWILLING_TO_PERFORM,
 323                         NULL, "operation not supported within namingContext",
 324                         NULL, NULL );
 325         }
 326
 327 return_results:;
 328         if( pbase.bv_val != NULL) free( pbase.bv_val );
 329         if( nbase.bv_val != NULL) free( nbase.bv_val );
 330
 331         if( fstr.bv_val != NULL) free( fstr.bv_val );
 332         if( filter != NULL) filter_free( filter );
 333         if( an != NULL ) free( an );
 334
 335         return rc;
 336 }