/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2005 The OpenLDAP Foundation.
+ * Copyright 1998-2006 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
SlapReply *rs )
{
struct ldbminfo *li = (struct ldbminfo *) op->o_bd->be_private;
- int rc, err;
- const char *text = NULL;
+ int rc;
time_t stoptime;
ID_BLOCK *candidates;
ID id, cursor;
Entry *matched = NULL;
struct berval realbase = BER_BVNULL;
int manageDSAit = get_manageDSAit( op );
+#ifdef SLAP_ACL_HONOR_DISCLOSE
+ slap_mask_t mask;
+#endif
Debug(LDAP_DEBUG_TRACE, "=> ldbm_back_search\n", 0, 0, 0);
if ( matched != NULL ) {
BerVarray erefs = NULL;
-
+
+#ifdef SLAP_ACL_HONOR_DISCLOSE
if ( ! access_allowed( op, matched,
slap_schema.si_ad_entry,
NULL, ACL_DISCLOSE, NULL ) )
{
rs->sr_err = LDAP_NO_SUCH_OBJECT;
- } else {
+ } else
+#endif /* SLAP_ACL_HONOR_DISCLOSE */
+ {
ber_dupbv( &matched_dn, &matched->e_name );
erefs = is_entry_referral( matched )
return rs->sr_err;
}
- if ( ! access_allowed( op, e, slap_schema.si_ad_entry,
- NULL, ACL_DISCLOSE, NULL ) )
+#ifdef SLAP_ACL_HONOR_DISCLOSE
+ /* NOTE: __NEW__ "search" access is required
+ * on searchBase object */
+ if ( ! access_allowed_mask( op, e, slap_schema.si_ad_entry,
+ NULL, ACL_SEARCH, NULL, &mask ) )
{
- rs->sr_err = LDAP_NO_SUCH_OBJECT;
+ if ( !ACL_GRANT( mask, ACL_DISCLOSE ) ) {
+ rs->sr_err = LDAP_NO_SUCH_OBJECT;
+ } else {
+ rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
+ }
cache_return_entry_r( &li->li_cache, e );
ldap_pvt_thread_rdwr_runlock(&li->li_giant_rwlock);
send_ldap_result( op, rs );
return rs->sr_err;
}
+#endif /* SLAP_ACL_HONOR_DISCLOSE */
if ( !manageDSAit && is_entry_referral( e ) ) {
/* entry is a referral, don't allow add */
rs->sr_entry = e;
-#ifdef LDBM_SUBENTRIES
if ( is_entry_subentry( e ) ) {
if( op->ors_scope != LDAP_SCOPE_BASE ) {
if(!get_subentries_visibility( op )) {
/* only subentries are visible */
goto loop_continue;
}
-#endif
if ( op->ors_deref & LDAP_DEREF_SEARCHING &&
is_entry_alias( e ) )
? LDAP_SCOPE_BASE
: LDAP_SCOPE_SUBTREE );
+ ber_bvarray_free( erefs );
+
send_search_reference( op, rs );
ber_bvarray_free( rs->sr_ref );
{
scopeok = dnIsSuffix( &e->e_nname, &realbase );
-#ifdef LDAP_SCOPE_SUBORDINATE
} else if ( !scopeok &&
op->ors_scope == LDAP_SCOPE_SUBORDINATE )
{
scopeok = !dn_match( &e->e_nname, &realbase )
&& dnIsSuffix( &e->e_nname, &realbase );
-#endif
} else {
scopeok = 1;
}
if ( scopeok ) {
- /* check size limit */
- if ( --op->ors_slimit == -1 ) {
- cache_return_entry_r( &li->li_cache, e );
- rs->sr_err = LDAP_SIZELIMIT_EXCEEDED;
- rs->sr_entry = NULL;
- send_ldap_result( op, rs );
- rc = LDAP_SUCCESS;
- goto done;
- }
-
if (e) {
rs->sr_flags = 0;
- result = send_search_entry( op, rs );
-
- switch (result) {
- case 0: /* entry sent ok */
- break;
- case 1: /* entry not sent */
- break;
- case -1: /* connection closed */
+ rs->sr_err = send_search_entry( op, rs );
+
+ switch ( rs->sr_err ) {
+ case LDAP_UNAVAILABLE: /* connection closed */
cache_return_entry_r( &li->li_cache, e );
rc = LDAP_SUCCESS;
goto done;
+ case LDAP_SIZELIMIT_EXCEEDED:
+ cache_return_entry_r( &li->li_cache, e );
+ rc = rs->sr_err;
+ rs->sr_entry = NULL;
+ send_ldap_result( op, rs );
+ rc = LDAP_SUCCESS;
+ goto done;
}
}
AttributeAssertion aa_ref, aa_alias;
struct berval bv_ref = { sizeof("referral")-1, "referral" };
struct berval bv_alias = { sizeof("alias")-1, "alias" };
-#ifdef LDBM_SUBENTRIES
Filter sf;
AttributeAssertion aa_subentry;
-#endif
Debug(LDAP_DEBUG_TRACE,
"search_candidates: base=\"%s\" s=%d d=%d\n",
fand.f_dn = &e->e_nname;
fand.f_next = xf.f_or == filter ? filter : &xf ;
-#ifdef LDBM_SUBENTRIES
if ( get_subentries_visibility( op )) {
struct berval bv_subentry = { sizeof("SUBENTRY")-1, "SUBENTRY" };
sf.f_choice = LDAP_FILTER_EQUALITY;
sf.f_next = fand.f_next;
fand.f_next = &sf;
}
-#endif
candidates = filter_candidates( op, &f );
return( candidates );