X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=servers%2Fslapd%2Fback-ldbm%2Fsearch.c;h=0f949ca5b00aa35d7d33dc4634259ad9a910ebd1;hb=a4d161cff64c74e03e5898eae104d5d52cc54a91;hp=0352720f13655e85384e9de5e1a84251baf31c77;hpb=5d2ba11ad924cfe9be57d7d6a1e6a37e108bbe10;p=openldap diff --git a/servers/slapd/back-ldbm/search.c b/servers/slapd/back-ldbm/search.c index 0352720f13..0f949ca5b0 100644 --- a/servers/slapd/back-ldbm/search.c +++ b/servers/slapd/back-ldbm/search.c @@ -2,7 +2,7 @@ /* $OpenLDAP$ */ /* This work is part of OpenLDAP Software . * - * Copyright 1998-2005 The OpenLDAP Foundation. + * Copyright 1998-2006 The OpenLDAP Foundation. * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -47,6 +47,9 @@ ldbm_back_search( Entry *matched = NULL; struct berval realbase = BER_BVNULL; int manageDSAit = get_manageDSAit( op ); +#ifdef SLAP_ACL_HONOR_DISCLOSE + slap_mask_t mask; +#endif Debug(LDAP_DEBUG_TRACE, "=> ldbm_back_search\n", 0, 0, 0); @@ -130,10 +133,16 @@ ldbm_back_search( } #ifdef SLAP_ACL_HONOR_DISCLOSE - if ( ! access_allowed( op, e, slap_schema.si_ad_entry, - NULL, ACL_DISCLOSE, NULL ) ) + /* NOTE: __NEW__ "search" access is required + * on searchBase object */ + if ( ! access_allowed_mask( op, e, slap_schema.si_ad_entry, + NULL, ACL_SEARCH, NULL, &mask ) ) { - rs->sr_err = LDAP_NO_SUCH_OBJECT; + if ( !ACL_GRANT( mask, ACL_DISCLOSE ) ) { + rs->sr_err = LDAP_NO_SUCH_OBJECT; + } else { + rs->sr_err = LDAP_INSUFFICIENT_ACCESS; + } cache_return_entry_r( &li->li_cache, e ); ldap_pvt_thread_rdwr_runlock(&li->li_giant_rwlock); @@ -263,7 +272,6 @@ searchit: rs->sr_entry = e; -#ifdef LDBM_SUBENTRIES if ( is_entry_subentry( e ) ) { if( op->ors_scope != LDAP_SCOPE_BASE ) { if(!get_subentries_visibility( op )) { @@ -280,7 +288,6 @@ searchit: /* only subentries are visible */ goto loop_continue; } -#endif if ( op->ors_deref & LDAP_DEREF_SEARCHING && is_entry_alias( e ) ) @@ -368,6 +375,8 @@ searchit: ? LDAP_SCOPE_BASE : LDAP_SCOPE_SUBTREE ); + ber_bvarray_free( erefs ); + send_search_reference( op, rs ); ber_bvarray_free( rs->sr_ref ); @@ -406,40 +415,31 @@ searchit: { scopeok = dnIsSuffix( &e->e_nname, &realbase ); -#ifdef LDAP_SCOPE_SUBORDINATE } else if ( !scopeok && op->ors_scope == LDAP_SCOPE_SUBORDINATE ) { scopeok = !dn_match( &e->e_nname, &realbase ) && dnIsSuffix( &e->e_nname, &realbase ); -#endif } else { scopeok = 1; } if ( scopeok ) { - /* check size limit */ - if ( --op->ors_slimit == -1 ) { - cache_return_entry_r( &li->li_cache, e ); - rs->sr_err = LDAP_SIZELIMIT_EXCEEDED; - rs->sr_entry = NULL; - send_ldap_result( op, rs ); - rc = LDAP_SUCCESS; - goto done; - } - if (e) { rs->sr_flags = 0; - result = send_search_entry( op, rs ); - - switch (result) { - case 0: /* entry sent ok */ - break; - case 1: /* entry not sent */ - break; - case -1: /* connection closed */ + rs->sr_err = send_search_entry( op, rs ); + + switch ( rs->sr_err ) { + case LDAP_UNAVAILABLE: /* connection closed */ + cache_return_entry_r( &li->li_cache, e ); + rc = LDAP_SUCCESS; + goto done; + case LDAP_SIZELIMIT_EXCEEDED: cache_return_entry_r( &li->li_cache, e ); + rc = rs->sr_err; + rs->sr_entry = NULL; + send_ldap_result( op, rs ); rc = LDAP_SUCCESS; goto done; } @@ -515,10 +515,8 @@ search_candidates( AttributeAssertion aa_ref, aa_alias; struct berval bv_ref = { sizeof("referral")-1, "referral" }; struct berval bv_alias = { sizeof("alias")-1, "alias" }; -#ifdef LDBM_SUBENTRIES Filter sf; AttributeAssertion aa_subentry; -#endif Debug(LDAP_DEBUG_TRACE, "search_candidates: base=\"%s\" s=%d d=%d\n", @@ -558,7 +556,6 @@ search_candidates( fand.f_dn = &e->e_nname; fand.f_next = xf.f_or == filter ? filter : &xf ; -#ifdef LDBM_SUBENTRIES if ( get_subentries_visibility( op )) { struct berval bv_subentry = { sizeof("SUBENTRY")-1, "SUBENTRY" }; sf.f_choice = LDAP_FILTER_EQUALITY; @@ -568,7 +565,6 @@ search_candidates( sf.f_next = fand.f_next; fand.f_next = &sf; } -#endif candidates = filter_candidates( op, &f ); return( candidates );