/* search.c - monitor backend search function */
-/*
- * Copyright 1998-2003 The OpenLDAP Foundation, All Rights Reserved.
- * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
+/* $OpenLDAP$ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 2001-2005 The OpenLDAP Foundation.
+ * Portions Copyright 2001-2003 Pierangelo Masarati.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
*/
-/*
- * Copyright 2001, Pierangelo Masarati, All rights reserved. <ando@sys-net.it>
- *
- * This work has beed deveolped for the OpenLDAP Foundation
- * in the hope that it may be useful to the Open Source community,
- * but WITHOUT ANY WARRANTY.
- *
- * Permission is granted to anyone to use this software for any purpose
- * on any computer system, and to alter it and redistribute it, subject
- * to the following restrictions:
- *
- * 1. The author and SysNet s.n.c. are not responsible for the consequences
- * of use of this software, no matter how awful, even if they arise from
- * flaws in it.
- *
- * 2. The origin of this software must not be misrepresented, either by
- * explicit claim or by omission. Since few users ever read sources,
- * credits should appear in the documentation.
- *
- * 3. Altered versions must be plainly marked as such, and must not be
- * misrepresented as being the original software. Since few users
- * ever read sources, credits should appear in the documentation.
- * SysNet s.n.c. cannot be responsible for the consequences of the
- * alterations.
- *
- * 4. This notice may not be removed or altered.
+/* ACKNOWLEDGEMENTS:
+ * This work was initially developed by Pierangelo Masarati for inclusion
+ * in OpenLDAP Software.
*/
#include "portable.h"
int sub
)
{
- struct monitorinfo *mi =
- (struct monitorinfo *) op->o_bd->be_private;
+ monitor_info_t *mi = ( monitor_info_t * )op->o_bd->be_private;
Entry *e, *e_tmp, *e_ch;
- struct monitorentrypriv *mp;
+ monitor_entry_t *mp;
int rc;
- mp = ( struct monitorentrypriv * )e_parent->e_private;
+ mp = ( monitor_entry_t * )e_parent->e_private;
e = mp->mp_children;
e_ch = NULL;
if ( e_ch == NULL ) {
/* no persistent entries? return */
if ( e == NULL ) {
- return( 0 );
+ return LDAP_SUCCESS;
}
/* volatile entries */
} else {
e_tmp = e_ch;
do {
- mp = ( struct monitorentrypriv * )e_tmp->e_private;
+ mp = ( monitor_entry_t * )e_tmp->e_private;
e_tmp = mp->mp_next;
if ( e_tmp == NULL ) {
/* return entries */
for ( ; e != NULL; ) {
- mp = ( struct monitorentrypriv * )e->e_private;
+ mp = ( monitor_entry_t * )e->e_private;
monitor_entry_update( op, e );
+
+ if ( op->o_abandon ) {
+ monitor_cache_release( mi, e );
+ return SLAPD_ABANDON;
+ }
rc = test_filter( op, e, op->oq_search.rs_filter );
if ( rc == LDAP_COMPARE_TRUE ) {
rs->sr_entry = e;
+ rs->sr_flags = 0;
send_search_entry( op, rs );
rs->sr_entry = NULL;
}
if ( ( mp->mp_children || MONITOR_HAS_VOLATILE_CH( mp ) )
- && sub ) {
+ && sub )
+ {
rc = monitor_send_children( op, rs, e, sub );
if ( rc ) {
+ monitor_cache_release( mi, e );
return( rc );
}
}
e = e_tmp;
}
- return( 0 );
+ return LDAP_SUCCESS;
}
int
monitor_back_search( Operation *op, SlapReply *rs )
{
- struct monitorinfo *mi
- = (struct monitorinfo *) op->o_bd->be_private;
+ monitor_info_t *mi = ( monitor_info_t * )op->o_bd->be_private;
int rc = LDAP_SUCCESS;
- Entry *e, *matched = NULL;
+ Entry *e = NULL, *matched = NULL;
+ slap_mask_t mask;
-#ifdef NEW_LOGGING
- LDAP_LOG( BACK_MON, ENTRY,
- "monitor_back_search: enter\n", 0, 0, 0 );
-#else
- Debug(LDAP_DEBUG_TRACE, "=> monitor_back_search\n%s%s%s", "", "", "");
-#endif
+ Debug( LDAP_DEBUG_TRACE, "=> monitor_back_search\n", 0, 0, 0 );
/* get entry with reader lock */
if ( e == NULL ) {
rs->sr_err = LDAP_NO_SUCH_OBJECT;
if ( matched ) {
- rs->sr_matched = matched->e_dn;
+#ifdef SLAP_ACL_HONOR_DISCLOSE
+ if ( !access_allowed_mask( op, matched,
+ slap_schema.si_ad_entry,
+ NULL, ACL_DISCLOSE, NULL, NULL ) )
+ {
+ /* do nothing */ ;
+ } else
+#endif /* SLAP_ACL_HONOR_DISCLOSE */
+ {
+ rs->sr_matched = matched->e_dn;
+ }
}
send_ldap_result( op, rs );
rs->sr_matched = NULL;
}
- return( 0 );
+ return rs->sr_err;
+ }
+
+ /* NOTE: __NEW__ "search" access is required
+ * on searchBase object */
+ if ( !access_allowed_mask( op, e, slap_schema.si_ad_entry,
+ NULL, ACL_SEARCH, NULL, &mask ) )
+ {
+ monitor_cache_release( mi, e );
+
+#ifdef SLAP_ACL_HONOR_DISCLOSE
+ if ( !ACL_GRANT( mask, ACL_DISCLOSE ) ) {
+ rs->sr_err = LDAP_NO_SUCH_OBJECT;
+ } else
+#endif /* SLAP_ACL_HONOR_DISCLOSE */
+ {
+ rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
+ }
+
+ send_ldap_result( op, rs );
+
+ return rs->sr_err;
}
rs->sr_attrs = op->oq_search.rs_attrs;
rc = test_filter( op, e, op->oq_search.rs_filter );
if ( rc == LDAP_COMPARE_TRUE ) {
rs->sr_entry = e;
+ rs->sr_flags = 0;
send_search_entry( op, rs );
rs->sr_entry = NULL;
}
case LDAP_SCOPE_ONELEVEL:
rc = monitor_send_children( op, rs, e, 0 );
- if ( rc ) {
- rc = LDAP_OTHER;
- }
-
break;
case LDAP_SCOPE_SUBTREE:
rc = test_filter( op, e, op->oq_search.rs_filter );
if ( rc == LDAP_COMPARE_TRUE ) {
rs->sr_entry = e;
+ rs->sr_flags = 0;
send_search_entry( op, rs );
rs->sr_entry = NULL;
}
rc = monitor_send_children( op, rs, e, 1 );
- if ( rc ) {
- rc = LDAP_OTHER;
- }
-
break;
}
-
+
rs->sr_attrs = NULL;
rs->sr_err = rc;
- send_ldap_result( op, rs );
+ if ( rs->sr_err != SLAPD_ABANDON ) {
+ send_ldap_result( op, rs );
+ }
- return( rc == LDAP_SUCCESS ? 0 : 1 );
+ return rs->sr_err;
}
projects / openldap / blobdiff