X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=libraries%2Flibldap%2Fsearch.c;h=5adb5b8ed2d7aa976264eb91664b6c5df1d1f745;hb=241d6a558e3bfd7a7cfc70a1de65fa527fe40e60;hp=c6be97c4d761cf84037089b301d7c6e29725139f;hpb=c24d932b02e97472a67f7e71e01b3963469e3e77;p=openldap diff --git a/libraries/libldap/search.c b/libraries/libldap/search.c index c6be97c4d7..5adb5b8ed2 100644 --- a/libraries/libldap/search.c +++ b/libraries/libldap/search.c @@ -1,4 +1,9 @@ +/* $OpenLDAP$ */ /* + * Copyright 1998-2000 The OpenLDAP Foundation, All Rights Reserved. + * COPYING RESTRICTIONS APPLY, see COPYRIGHT file + */ +/* Portions * Copyright (c) 1990 Regents of the University of Michigan. * All rights reserved. * @@ -7,30 +12,185 @@ #include "portable.h" -#ifndef lint -static char copyright[] = "@(#) Copyright (c) 1990 Regents of the University of Michigan.\nAll rights reserved.\n"; -#endif - #include -#include -#include +#include + #include #include #include #include "ldap-int.h" -static char *find_right_paren LDAP_P(( char *s )); -static char *put_complex_filter LDAP_P(( BerElement *ber, char *str, - unsigned long tag, int not )); -static int put_filter LDAP_P(( BerElement *ber, char *str )); -static int put_simple_filter LDAP_P(( BerElement *ber, char *str )); -static int put_substring_filter LDAP_P(( BerElement *ber, char *type, char *str )); -static int put_filter_list LDAP_P(( BerElement *ber, char *str )); +static int ldap_is_attr_oid LDAP_P(( + const char *attr )); + +static int ldap_is_attr_desc LDAP_P(( + const char *attr )); + +static int hex2value LDAP_P(( + int c )); + +static char *find_right_paren LDAP_P(( + char *s )); + +static char *put_complex_filter LDAP_P(( + BerElement *ber, + char *str, + ber_tag_t tag, + int not )); + +static int put_filter LDAP_P(( + BerElement *ber, + char *str )); + +static int put_simple_filter LDAP_P(( + BerElement *ber, + char *str )); + +static int put_substring_filter LDAP_P(( + BerElement *ber, + char *type, + char *str )); + +static int put_filter_list LDAP_P(( + BerElement *ber, + char *str )); /* - * ldap_search - initiate an ldap (and X.500) search operation. Parameters: + * ldap_search_ext - initiate an ldap search operation. + * + * Parameters: + * + * ld LDAP descriptor + * base DN of the base object + * scope the search scope - one of LDAP_SCOPE_BASE, + * LDAP_SCOPE_ONELEVEL, LDAP_SCOPE_SUBTREE + * filter a string containing the search filter + * (e.g., "(|(cn=bob)(sn=bob))") + * attrs list of attribute types to return for matches + * attrsonly 1 => attributes only 0 => attributes and values + * + * Example: + * char *attrs[] = { "mail", "title", 0 }; + * ldap_search_ext( ld, "c=us,o=UM", LDAP_SCOPE_SUBTREE, "cn~=bob", + * attrs, attrsonly, sctrls, ctrls, timeout, sizelimit, + * &msgid ); + */ +int +ldap_search_ext( + LDAP *ld, + LDAP_CONST char *base, + int scope, + LDAP_CONST char *filter, + char **attrs, + int attrsonly, + LDAPControl **sctrls, + LDAPControl **cctrls, + struct timeval *timeout, + int sizelimit, + int *msgidp ) +{ + int rc; + BerElement *ber; + int timelimit; + + Debug( LDAP_DEBUG_TRACE, "ldap_search_ext\n", 0, 0, 0 ); + + assert( ld != NULL ); + assert( LDAP_VALID( ld ) ); + + /* check client controls */ + rc = ldap_int_client_controls( ld, cctrls ); + if( rc != LDAP_SUCCESS ) return rc; + + /* + * if timeout is provided, both tv_sec and tv_usec must + * be non-zero + */ + if( timeout != NULL ) { + if( timeout->tv_sec == 0 && timeout->tv_usec == 0 ) { + return LDAP_PARAM_ERROR; + } + + /* timelimit must be non-zero if timeout is provided */ + timelimit = timeout->tv_sec != 0 ? timeout->tv_sec : 1; + + } else { + /* no timeout, no timelimit */ + timelimit = -1; + } + + ber = ldap_build_search_req( ld, base, scope, filter, attrs, + attrsonly, sctrls, cctrls, timelimit, sizelimit ); + + if ( ber == NULL ) { + return ld->ld_errno; + } + +#ifndef LDAP_NOCACHE + if ( ld->ld_cache != NULL ) { + if ( ldap_check_cache( ld, LDAP_REQ_SEARCH, ber ) == 0 ) { + ber_free( ber, 1 ); + ld->ld_errno = LDAP_SUCCESS; + *msgidp = ld->ld_msgid; + return ld->ld_errno; + } + ldap_add_request_to_cache( ld, LDAP_REQ_SEARCH, ber ); + } +#endif /* LDAP_NOCACHE */ + + /* send the message */ + *msgidp = ldap_send_initial_request( ld, LDAP_REQ_SEARCH, base, ber ); + + if( *msgidp < 0 ) + return ld->ld_errno; + + return LDAP_SUCCESS; +} + +int +ldap_search_ext_s( + LDAP *ld, + LDAP_CONST char *base, + int scope, + LDAP_CONST char *filter, + char **attrs, + int attrsonly, + LDAPControl **sctrls, + LDAPControl **cctrls, + struct timeval *timeout, + int sizelimit, + LDAPMessage **res ) +{ + int rc; + int msgid; + + rc = ldap_search_ext( ld, base, scope, filter, attrs, attrsonly, + sctrls, cctrls, timeout, sizelimit, &msgid ); + + if ( rc != LDAP_SUCCESS ) { + return( rc ); + } + + rc = ldap_result( ld, msgid, 1, timeout, res ); + + if( rc <= 0 ) { + /* error(-1) or timeout(0) */ + return( ld->ld_errno ); + } + + if( rc == LDAP_RES_SEARCH_REFERENCE || rc == LDAP_RES_EXTENDED_PARTIAL ) { + return( ld->ld_errno ); + } + + return( ldap_result2error( ld, *res, 0 ) ); +} + +/* + * ldap_search - initiate an ldap search operation. + * + * Parameters: * * ld LDAP descriptor * base DN of the base object @@ -47,15 +207,21 @@ static int put_filter_list LDAP_P(( BerElement *ber, char *str )); * attrs, attrsonly ); */ int -ldap_search( LDAP *ld, char *base, int scope, char *filter, +ldap_search( + LDAP *ld, LDAP_CONST char *base, int scope, LDAP_CONST char *filter, char **attrs, int attrsonly ) { BerElement *ber; Debug( LDAP_DEBUG_TRACE, "ldap_search\n", 0, 0, 0 ); - if (( ber = ldap_build_search_req( ld, base, scope, filter, attrs, - attrsonly )) == NULLBER ) { + assert( ld != NULL ); + assert( LDAP_VALID( ld ) ); + + ber = ldap_build_search_req( ld, base, scope, filter, attrs, + attrsonly, NULL, NULL, -1, -1 ); + + if ( ber == NULL ) { return( -1 ); } @@ -76,11 +242,21 @@ ldap_search( LDAP *ld, char *base, int scope, char *filter, BerElement * -ldap_build_search_req( LDAP *ld, char *base, int scope, char *filter, - char **attrs, int attrsonly ) +ldap_build_search_req( + LDAP *ld, + LDAP_CONST char *base, + ber_int_t scope, + LDAP_CONST char *filter_in, + char **attrs, + ber_int_t attrsonly, + LDAPControl **sctrls, + LDAPControl **cctrls, + ber_int_t timelimit, + ber_int_t sizelimit ) { BerElement *ber; int err; + char *filter; /* * Create the search request. It looks like this: @@ -107,53 +283,110 @@ ldap_build_search_req( LDAP *ld, char *base, int scope, char *filter, */ /* create a message to send */ - if ( (ber = ldap_alloc_ber_with_options( ld )) == NULLBER ) { - return( NULLBER ); + if ( (ber = ldap_alloc_ber_with_options( ld )) == NULL ) { + return( NULL ); } if ( base == NULL ) { - base = ""; - } + /* no base provided, use session default base */ + base = ld->ld_options.ldo_defbase; -#ifdef LDAP_CONNECTIONLESS - if ( ld->ld_sb.sb_naddr > 0 ) { - err = ber_printf( ber, "{ist{seeiib", ++ld->ld_msgid, - ld->ld_cldapdn, LDAP_REQ_SEARCH, base, scope, ld->ld_deref, - ld->ld_sizelimit, ld->ld_timelimit, attrsonly ); - } else { -#endif /* LDAP_CONNECTIONLESS */ - err = ber_printf( ber, "{it{seeiib", ++ld->ld_msgid, - LDAP_REQ_SEARCH, base, scope, ld->ld_deref, - ld->ld_sizelimit, ld->ld_timelimit, attrsonly ); -#ifdef LDAP_CONNECTIONLESS + if ( base == NULL ) { + /* no session default base, use top */ + base = ""; + } } -#endif /* LDAP_CONNECTIONLESS */ + + err = ber_printf( ber, "{it{seeiib", ++ld->ld_msgid, + LDAP_REQ_SEARCH, base, (ber_int_t) scope, ld->ld_deref, + (sizelimit < 0) ? ld->ld_sizelimit : sizelimit, + (timelimit < 0) ? ld->ld_timelimit : timelimit, + attrsonly ); if ( err == -1 ) { ld->ld_errno = LDAP_ENCODING_ERROR; ber_free( ber, 1 ); - return( NULLBER ); + return( NULL ); } - filter = ldap_strdup( filter ); + if( filter_in != NULL ) { + filter = LDAP_STRDUP( filter_in ); + } else { + filter = LDAP_STRDUP( "(objectclass=*)" ); + } err = put_filter( ber, filter ); - free( filter ); + LDAP_FREE( filter ); if ( err == -1 ) { ld->ld_errno = LDAP_FILTER_ERROR; ber_free( ber, 1 ); - return( NULLBER ); + return( NULL ); } - if ( ber_printf( ber, "{v}}}", attrs ) == -1 ) { + if ( ber_printf( ber, /*{*/ "{v}N}", attrs ) == -1 ) { ld->ld_errno = LDAP_ENCODING_ERROR; ber_free( ber, 1 ); - return( NULLBER ); + return( NULL ); + } + + /* Put Server Controls */ + if( ldap_int_put_controls( ld, sctrls, ber ) != LDAP_SUCCESS ) { + ber_free( ber, 1 ); + return( NULL ); + } + + if ( ber_printf( ber, /*{*/ "N}" ) == -1 ) { + ld->ld_errno = LDAP_ENCODING_ERROR; + ber_free( ber, 1 ); + return( NULL ); } return( ber ); } +static int ldap_is_attr_oid ( const char *attr ) +{ + int i, c, digit=0; + + for( i = 0; (c = attr[i]) != 0; i++ ) { + if( c >= '0' && c <= '9' ) { + digit=1; + + } else if ( c != '.' ) { + /* not digit nor '.' */ + return 0; + + } else if ( !digit ) { + /* '.' but prev not digit */ + return 0; + + } else { + /* '.' */ + digit = 0; + } + } + + return digit; +} + +static int ldap_is_attr_desc ( const char *attr ) +{ + /* cheap attribute description check */ + int i, c; + + for( i = 0; (c = attr[i]) != 0; i++ ) { + if (( c >= '0' && c <= '9' ) + || ( c >= 'A' && c <= 'Z' ) + || ( c >= 'a' && c <= 'z' ) + || ( c == '.' || c == '-' ) + || ( c == ';' )) continue; + + return 0; + } + + return i > 0; +} + static char * find_right_paren( char *s ) { @@ -179,8 +412,91 @@ find_right_paren( char *s ) return( *s ? s : NULL ); } +static int hex2value( int c ) +{ + if( c >= '0' && c <= '9' ) { + return c - '0'; + } + + if( c >= 'A' && c <= 'F' ) { + return c + (10 - (int) 'A'); + } + + if( c >= 'a' && c <= 'f' ) { + return c + (10 - (int) 'a'); + } + + return -1; +} + +char * +ldap_pvt_find_wildcard( const char *s ) +{ + for( ; *s != '\0' ; s++ ) { + switch( *s ) { + case '*': /* found wildcard */ + return (char *) s; + + case '\\': + s++; /* skip over escape */ + if ( *s == '\0' ) + return NULL; /* escape at end of string */ + } + } + + return NULL; +} + +/* unescape filter value */ +/* support both LDAP v2 and v3 escapes */ +/* output can include nul characters */ +ber_slen_t +ldap_pvt_filter_value_unescape( char *fval ) +{ + ber_slen_t r, v; + int v1, v2; + + for( r=v=0; fval[v] != '\0'; v++ ) { + switch( fval[v] ) { + case '\\': + /* escape */ + v++; + + if ( fval[v] == '\0' ) { + /* escape at end of string */ + return -1; + + } + + if (( v1 = hex2value( fval[v] )) >= 0 ) { + /* LDAPv3 escape */ + + if (( v2 = hex2value( fval[v+1] )) < 0 ) { + /* must be two digit code */ + return -1; + } + + fval[r++] = v1 * 16 + v2; + v++; + + } else { + /* LDAPv2 escape */ + fval[r++] = fval[v]; + } + + break; + + default: + fval[r++] = fval[v]; + } + } + + fval[r] = '\0'; + return r; +} + static char * -put_complex_filter( BerElement *ber, char *str, unsigned long tag, int not ) +put_complex_filter( BerElement *ber, char *str, ber_tag_t tag, int not ) { char *next; @@ -192,12 +508,8 @@ put_complex_filter( BerElement *ber, char *str, unsigned long tag, int not ) */ /* put explicit tag */ - if ( ber_printf( ber, "t{", tag ) == -1 ) - return( NULL ); -/* - if ( !not && ber_printf( ber, "{" ) == -1 ) + if ( ber_printf( ber, "t{" /*}*/, tag ) == -1 ) return( NULL ); -*/ str++; if ( (next = find_right_paren( str )) == NULL ) @@ -209,12 +521,8 @@ put_complex_filter( BerElement *ber, char *str, unsigned long tag, int not ) *next++ = ')'; /* flush explicit tagged thang */ - if ( ber_printf( ber, "}" ) == -1 ) + if ( ber_printf( ber, /*{*/ "N}" ) == -1 ) return( NULL ); -/* - if ( !not && ber_printf( ber, "}" ) == -1 ) - return( NULL ); -*/ return( next ); } @@ -222,8 +530,8 @@ put_complex_filter( BerElement *ber, char *str, unsigned long tag, int not ) static int put_filter( BerElement *ber, char *str ) { - char *next, *tmp, *s, *d; - int parens, balance, escape, gotescape; + char *next; + int parens, balance, escape; /* * A Filter looks like this: @@ -235,8 +543,9 @@ put_filter( BerElement *ber, char *str ) * substrings [4] SubstringFilter, * greaterOrEqual [5] AttributeValueAssertion, * lessOrEqual [6] AttributeValueAssertion, - * present [7] AttributeType,, - * approxMatch [8] AttributeValueAssertion + * present [7] AttributeType, + * approxMatch [8] AttributeValueAssertion, + * extensibleMatch [9] MatchingRuleAssertion -- LDAPv3 * } * * SubstringFilter ::= SEQUENCE { @@ -247,17 +556,28 @@ put_filter( BerElement *ber, char *str ) * final [2] IA5String * } * } + * + * MatchingRuleAssertion ::= SEQUENCE { -- LDAPv3 + * matchingRule [1] MatchingRuleId OPTIONAL, + * type [2] AttributeDescription OPTIONAL, + * matchValue [3] AssertionValue, + * dnAttributes [4] BOOLEAN DEFAULT FALSE } + * * Note: tags in a choice are always explicit */ Debug( LDAP_DEBUG_TRACE, "put_filter \"%s\"\n", str, 0, 0 ); - gotescape = parens = 0; + parens = 0; while ( *str ) { switch ( *str ) { case '(': str++; parens++; + + /* skip spaces */ + while( LDAP_SPACE( *str ) ) str++; + switch ( *str ) { case '&': Debug( LDAP_DEBUG_TRACE, "put_filter: AND\n", @@ -307,7 +627,7 @@ put_filter( BerElement *ber, char *str ) balance--; } if ( *next == '\\' && ! escape ) - gotescape = escape = 1; + escape = 1; else escape = 0; if ( balance ) @@ -317,24 +637,9 @@ put_filter( BerElement *ber, char *str ) return( -1 ); *next = '\0'; - tmp = ldap_strdup( str ); - if ( gotescape ) { - escape = 0; - for ( s = d = tmp; *s; s++ ) { - if ( *s != '\\' || escape ) { - *d++ = *s; - escape = 0; - } else { - escape = 1; - } - } - *d = '\0'; - } - if ( put_simple_filter( ber, tmp ) == -1 ) { - free( tmp ); + if ( put_simple_filter( ber, str ) == -1 ) { return( -1 ); } - free( tmp ); *next++ = ')'; str = next; parens--; @@ -345,7 +650,7 @@ put_filter( BerElement *ber, char *str ) case ')': Debug( LDAP_DEBUG_TRACE, "put_filter: end\n", 0, 0, 0 ); - if ( ber_printf( ber, "]" ) == -1 ) + if ( ber_printf( ber, /*[*/ "]" ) == -1 ) return( -1 ); str++; parens--; @@ -359,24 +664,9 @@ put_filter( BerElement *ber, char *str ) Debug( LDAP_DEBUG_TRACE, "put_filter: default\n", 0, 0, 0 ); next = strchr( str, '\0' ); - tmp = ldap_strdup( str ); - if ( strchr( tmp, '\\' ) != NULL ) { - escape = 0; - for ( s = d = tmp; *s; s++ ) { - if ( *s != '\\' || escape ) { - *d++ = *s; - escape = 0; - } else { - escape = 1; - } - } - *d = '\0'; - } - if ( put_simple_filter( ber, tmp ) == -1 ) { - free( tmp ); + if ( put_simple_filter( ber, str ) == -1 ) { return( -1 ); } - free( tmp ); str = next; break; } @@ -398,7 +688,7 @@ put_filter_list( BerElement *ber, char *str ) Debug( LDAP_DEBUG_TRACE, "put_filter_list \"%s\"\n", str, 0, 0 ); while ( *str ) { - while ( *str && isspace( *str ) ) + while ( *str && LDAP_SPACE( (unsigned char) *str ) ) str++; if ( *str == '\0' ) break; @@ -420,72 +710,173 @@ put_filter_list( BerElement *ber, char *str ) } static int -put_simple_filter( BerElement *ber, char *str ) +put_simple_filter( + BerElement *ber, + char *str ) { char *s; - char *value, savechar; - unsigned long ftype; - int rc; + char *value; + ber_tag_t ftype; + int rc = -1; Debug( LDAP_DEBUG_TRACE, "put_simple_filter \"%s\"\n", str, 0, 0 ); - if ( (s = strchr( str, '=' )) == NULL ) - return( -1 ); + str = LDAP_STRDUP( str ); + if( str == NULL ) return -1; + + if ( (s = strchr( str, '=' )) == NULL ) { + goto done; + } + value = s + 1; *s-- = '\0'; - savechar = *s; switch ( *s ) { case '<': ftype = LDAP_FILTER_LE; *s = '\0'; + if(! ldap_is_attr_desc( str ) ) goto done; break; + case '>': ftype = LDAP_FILTER_GE; *s = '\0'; + if(! ldap_is_attr_desc( str ) ) goto done; break; + case '~': ftype = LDAP_FILTER_APPROX; *s = '\0'; + if(! ldap_is_attr_desc( str ) ) goto done; break; + + case ':': + /* RFC2254 extensible filters are off the form: + * type [:dn] [:rule] := value + * or [:dn]:rule := value + */ + ftype = LDAP_FILTER_EXT; + *s = '\0'; + + { + char *dn = strchr( str, ':' ); + char *rule = NULL; + + if( dn == NULL ) { + if(! ldap_is_attr_desc( str ) ) goto done; + } else { + + *dn++ = '\0'; + rule = strchr( dn, ':' ); + + if( rule == NULL ) { + /* one colon */ + if ( strcmp(dn, "dn") == 0 ) { + /* must have attribute */ + if( !ldap_is_attr_desc( str ) ) { + goto done; + } + + rule = ""; + + } else { + rule = dn; + dn = NULL; + } + + } else { + /* two colons */ + *rule++ = '\0'; + + if ( strcmp(dn, "dn") != 0 ) { + /* must have "dn" */ + goto done; + } + } + + } + + if ( *str == '\0' && ( !rule || *rule == '\0' ) ) { + /* must have either type or rule */ + goto done; + } + + if ( *str != '\0' && !ldap_is_attr_desc( str ) ) { + goto done; + } + + if ( rule && *rule != '\0' && !ldap_is_attr_oid( rule ) ) { + goto done; + } + + rc = ber_printf( ber, "t{" /*}*/, ftype ); + + if( rc != -1 && rule && *rule != '\0' ) { + rc = ber_printf( ber, "ts", LDAP_FILTER_EXT_OID, rule ); + } + if( rc != -1 && *str != '\0' ) { + rc = ber_printf( ber, "ts", LDAP_FILTER_EXT_TYPE, str ); + } + + if( rc != -1 ) { + ber_slen_t len = ldap_pvt_filter_value_unescape( value ); + + if( len >= 0 ) { + rc = ber_printf( ber, "totbN}", + LDAP_FILTER_EXT_VALUE, value, len, + LDAP_FILTER_EXT_DNATTRS, dn != NULL); + } else { + rc = -1; + } + } + } + goto done; + default: - if ( strchr( value, '*' ) == NULL ) { + if ( ldap_pvt_find_wildcard( value ) == NULL ) { ftype = LDAP_FILTER_EQUALITY; } else if ( strcmp( value, "*" ) == 0 ) { ftype = LDAP_FILTER_PRESENT; } else { rc = put_substring_filter( ber, str, value ); - *(value-1) = '='; - return( rc ); + goto done; } break; } if ( ftype == LDAP_FILTER_PRESENT ) { rc = ber_printf( ber, "ts", ftype, str ); + } else { - rc = ber_printf( ber, "t{ss}", ftype, str, value ); + ber_slen_t len = ldap_pvt_filter_value_unescape( value ); + + if( len >= 0 ) { + rc = ber_printf( ber, "t{soN}", + ftype, str, value, len ); + } } - *s = savechar; - *(value-1) = '='; - return( rc == -1 ? rc : 0 ); + if( rc != -1 ) rc = 0; + +done: + LDAP_FREE( str ); + return rc; } static int put_substring_filter( BerElement *ber, char *type, char *val ) { char *nextstar, gotstar = 0; - unsigned long ftype; + ber_tag_t ftype = LDAP_FILTER_SUBSTRINGS; Debug( LDAP_DEBUG_TRACE, "put_substring_filter \"%s=%s\"\n", type, val, 0 ); - if ( ber_printf( ber, "t{s{", LDAP_FILTER_SUBSTRINGS, type ) == -1 ) + if ( ber_printf( ber, "t{s{", ftype, type ) == -1 ) return( -1 ); - while ( val != NULL ) { - if ( (nextstar = strchr( val, '*' )) != NULL ) + for( ; val != NULL; val=nextstar ) { + if ( (nextstar = ldap_pvt_find_wildcard( val )) != NULL ) *nextstar++ = '\0'; if ( gotstar == 0 ) { @@ -495,25 +886,32 @@ put_substring_filter( BerElement *ber, char *type, char *val ) } else { ftype = LDAP_SUBSTRING_ANY; } + if ( *val != '\0' ) { - if ( ber_printf( ber, "ts", ftype, val ) == -1 ) + ber_slen_t len = ldap_pvt_filter_value_unescape( val ); + + if ( len < 0 ) { + return -1; + } + + if ( ber_printf( ber, "to", ftype, val, len ) == -1 ) { return( -1 ); + } } gotstar = 1; - if ( nextstar != NULL ) - *(nextstar-1) = '*'; - val = nextstar; } - if ( ber_printf( ber, "}}" ) == -1 ) + if ( ber_printf( ber, /* {{ */ "N}N}" ) == -1 ) return( -1 ); return( 0 ); } int -ldap_search_st( LDAP *ld, char *base, int scope, char *filter, char **attrs, +ldap_search_st( + LDAP *ld, LDAP_CONST char *base, int scope, + LDAP_CONST char *filter, char **attrs, int attrsonly, struct timeval *timeout, LDAPMessage **res ) { int msgid; @@ -535,8 +933,14 @@ ldap_search_st( LDAP *ld, char *base, int scope, char *filter, char **attrs, } int -ldap_search_s( LDAP *ld, char *base, int scope, char *filter, char **attrs, - int attrsonly, LDAPMessage **res ) +ldap_search_s( + LDAP *ld, + LDAP_CONST char *base, + int scope, + LDAP_CONST char *filter, + char **attrs, + int attrsonly, + LDAPMessage **res ) { int msgid;