X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=servers%2Fslapd%2Fsearch.c;h=720992c58b2e14f3792ffae16b837475651bdb78;hb=7c41666c5e92beb301c10b9a71f45834255dcc21;hp=653fb886fa8e8fb10add232c18f61687de28dc0e;hpb=5fc22599e2e875c9620b63fbf465273fba3c378f;p=openldap diff --git a/servers/slapd/search.c b/servers/slapd/search.c index 653fb886fa..720992c58b 100644 --- a/servers/slapd/search.c +++ b/servers/slapd/search.c @@ -1,6 +1,6 @@ /* $OpenLDAP$ */ /* - * Copyright 1998-2000 The OpenLDAP Foundation, All Rights Reserved. + * Copyright 1998-2003 The OpenLDAP Foundation, All Rights Reserved. * COPYING RESTRICTIONS APPLY, see COPYRIGHT file */ /* Portions @@ -16,6 +16,7 @@ */ #include "portable.h" +#include "slapi_common.h" #include @@ -23,24 +24,49 @@ #include #include "ldap_pvt.h" +#include "lutil.h" #include "slap.h" +#include "slapi.h" + +#ifdef LDAP_SLAPI +static char **anlist2charray( AttributeName *an ); +static Slapi_PBlock *initSearchPlugin( Backend *be, Connection *conn, Operation *op, + struct berval *base, int scope, int deref, int sizelimit, int timelimit, + Filter *filter, struct berval *fstr, char **attrs, + int attrsonly, int managedsait ); +static int doPreSearchPluginFNs( Backend *be, Slapi_PBlock *pb ); +static int doSearchRewriteFNs( Backend *be, Slapi_PBlock *pb, Filter **filter, struct berval *fstr ); +static int doPostSearchPluginFNs( Backend *be, Slapi_PBlock *pb ); +#endif /* LDAPI_SLAPI */ int do_search( - Connection *conn, /* where to send results */ + Connection *conn, /* where to send results */ Operation *op /* info about the op to which we're responding */ ) { - int i; - ber_int_t scope, deref, attrsonly; - ber_int_t sizelimit, timelimit; - char *base = NULL, *nbase = NULL, *fstr = NULL; + ber_int_t scope, deref, attrsonly; + ber_int_t sizelimit, timelimit; + struct berval base = { 0, NULL }; + struct berval pbase = { 0, NULL }; + struct berval nbase = { 0, NULL }; + struct berval fstr = { 0, NULL }; Filter *filter = NULL; - char **attrs = NULL; + AttributeName *an = NULL; + ber_len_t siz, off, i; Backend *be; int rc; - const char *text; + const char *text; + int manageDSAit; +#ifdef LDAP_SLAPI + Slapi_PBlock *pb = NULL; + char **attrs = NULL; +#endif +#ifdef NEW_LOGGING + LDAP_LOG( OPERATION, ENTRY, "do_search: conn %d\n", conn->c_connid, 0, 0 ); +#else Debug( LDAP_DEBUG_TRACE, "do_search\n", 0, 0, 0 ); +#endif /* * Parse the search request. It looks like this: @@ -67,9 +93,10 @@ do_search( */ /* baseObject, scope, derefAliases, sizelimit, timelimit, attrsOnly */ - if ( ber_scanf( op->o_ber, "{aiiiib" /*}*/, + if ( ber_scanf( op->o_ber, "{miiiib" /*}*/, &base, &scope, &deref, &sizelimit, - &timelimit, &attrsonly ) == LBER_ERROR ) { + &timelimit, &attrsonly ) == LBER_ERROR ) + { send_ldap_disconnect( conn, op, LDAP_PROTOCOL_ERROR, "decoding error" ); rc = SLAPD_DISCONNECT; @@ -99,90 +126,199 @@ do_search( goto return_results; } - nbase = ch_strdup( base ); - - if( dn_normalize( nbase ) == NULL ) { - send_ldap_result( conn, op, rc = LDAP_INVALID_DN_SYNTAX, - NULL, "invalid DN", NULL, NULL ); + rc = dnPrettyNormal( NULL, &base, &pbase, &nbase ); + if( rc != LDAP_SUCCESS ) { +#ifdef NEW_LOGGING + LDAP_LOG( OPERATION, ERR, + "do_search: conn %d invalid dn (%s)\n", + conn->c_connid, base.bv_val, 0 ); +#else + Debug( LDAP_DEBUG_ANY, + "do_search: invalid dn (%s)\n", base.bv_val, 0, 0 ); +#endif + send_ldap_result( conn, op, rc = LDAP_INVALID_DN_SYNTAX, NULL, + "invalid DN", NULL, NULL ); goto return_results; } - Debug( LDAP_DEBUG_ARGS, "SRCH \"%s\" %d %d", base, scope, deref ); - Debug( LDAP_DEBUG_ARGS, " %d %d %d\n", sizelimit, timelimit, - attrsonly); +#ifdef NEW_LOGGING + LDAP_LOG( OPERATION, ARGS, "SRCH \"%s\" %d %d", + base.bv_val, scope, deref ); + LDAP_LOG( OPERATION, ARGS, " %d %d %d\n", + sizelimit, timelimit, attrsonly); +#else + Debug( LDAP_DEBUG_ARGS, "SRCH \"%s\" %d %d", + base.bv_val, scope, deref ); + Debug( LDAP_DEBUG_ARGS, " %d %d %d\n", + sizelimit, timelimit, attrsonly); +#endif /* filter - returns a "normalized" version */ - rc = get_filter( conn, op->o_ber, &filter, &fstr, &text ); + rc = get_filter( conn, op->o_ber, &filter, &text ); if( rc != LDAP_SUCCESS ) { if( rc == SLAPD_DISCONNECT ) { send_ldap_disconnect( conn, op, LDAP_PROTOCOL_ERROR, text ); } else { - send_ldap_result( conn, op, rc, - NULL, text, NULL, NULL ); + send_ldap_result( conn, op, rc, + NULL, text, NULL, NULL ); } goto return_results; } - - Debug( LDAP_DEBUG_ARGS, " filter: %s\n", fstr, 0, 0 ); + filter2bv( filter, &fstr ); + +#ifdef NEW_LOGGING + LDAP_LOG( OPERATION, ARGS, + "do_search: conn %d filter: %s\n", + conn->c_connid, fstr.bv_len ? fstr.bv_val : "empty", 0 ); +#else + Debug( LDAP_DEBUG_ARGS, " filter: %s\n", + fstr.bv_len ? fstr.bv_val : "empty", 0, 0 ); +#endif /* attributes */ - if ( ber_scanf( op->o_ber, /*{*/ "{v}}", &attrs ) == LBER_ERROR ) { + siz = sizeof(AttributeName); + off = 0; + if ( ber_scanf( op->o_ber, "{M}}", &an, &siz, off ) == LBER_ERROR ) { send_ldap_disconnect( conn, op, LDAP_PROTOCOL_ERROR, "decoding attrs error" ); rc = SLAPD_DISCONNECT; goto return_results; } + for ( i=0; ic_connid, rc, 0 ); +#else Debug( LDAP_DEBUG_ANY, "do_search: get_ctrls failed\n", 0, 0, 0 ); - goto return_results; - } +#endif - rc = 0; + goto return_results; + } +#ifdef NEW_LOGGING + LDAP_LOG( OPERATION, ARGS, + "do_search: conn %d attrs:", conn->c_connid, 0, 0 ); +#else Debug( LDAP_DEBUG_ARGS, " attrs:", 0, 0, 0 ); +#endif - if ( attrs != NULL ) { - for ( i = 0; attrs[i] != NULL; i++ ) { - Debug( LDAP_DEBUG_ARGS, " %s", attrs[i], 0, 0 ); + if ( siz != 0 ) { + for ( i = 0; io_connid, op->o_opid, base, scope, fstr ); + if ( StatslogTest( LDAP_DEBUG_STATS ) ) { + char abuf[BUFSIZ/2], *ptr = abuf; + int len = 0; - if ( scope == LDAP_SCOPE_BASE ) { - Entry *entry = NULL; + Statslog( LDAP_DEBUG_STATS, + "conn=%lu op=%lu SRCH base=\"%s\" scope=%d filter=\"%s\"\n", + op->o_connid, op->o_opid, pbase.bv_val, scope, fstr.bv_val ); - if ( strcasecmp( nbase, LDAP_ROOT_DSE ) == 0 ) { - rc = root_dse_info( conn, &entry, &text ); + for ( i = 0; i sizeof(abuf)) { + Statslog( LDAP_DEBUG_STATS, "conn=%lu op=%lu SRCH attr=%s\n", + op->o_connid, op->o_opid, abuf, 0, 0 ); + len = 0; + ptr = abuf; + } + if (len) { + *ptr++ = ' '; + len++; + } + ptr = lutil_strcopy(ptr, an[i].an_name.bv_val); + len += an[i].an_name.bv_len; } - -#if defined( SLAPD_MONITOR_DN ) - else if ( strcasecmp( nbase, SLAPD_MONITOR_DN ) == 0 ) { - rc = monitor_info( &entry, &text ); + if (len) { + Statslog( LDAP_DEBUG_STATS, "conn=%lu op=%lu SRCH attr=%s\n", + op->o_connid, op->o_opid, abuf, 0, 0 ); } -#endif + } -#if defined( SLAPD_CONFIG_DN ) - else if ( strcasecmp( nbase, SLAPD_CONFIG_DN ) == 0 ) { - rc = config_info( &entry, &text ); - } + manageDSAit = get_manageDSAit( op ); + + if ( scope == LDAP_SCOPE_BASE ) { + Entry *entry = NULL; + + if ( nbase.bv_len == 0 ) { +#ifdef LDAP_CONNECTIONLESS + /* Ignore LDAPv2 CLDAP Root DSE queries */ + if (op->o_protocol == LDAP_VERSION2 && conn->c_is_udp) { + goto return_results; + } #endif + /* check restrictions */ + rc = backend_check_restrictions( NULL, conn, op, NULL, &text ) ; + if( rc != LDAP_SUCCESS ) { + send_ldap_result( conn, op, rc, + NULL, text, NULL, NULL ); + goto return_results; + } + +#ifdef LDAP_SLAPI + attrs = anlist2charray( an ); + pb = initSearchPlugin( NULL, conn, op, &nbase, scope, + deref, sizelimit, timelimit, filter, &fstr, + attrs, attrsonly, manageDSAit ); + rc = doPreSearchPluginFNs( NULL, pb ); + if ( rc == LDAP_SUCCESS ) { + doSearchRewriteFNs( NULL, pb, &filter, &fstr ); +#endif /* LDAP_SLAPI */ + rc = root_dse_info( conn, &entry, &text ); +#ifdef LDAP_SLAPI + } +#endif /* LDAP_SLAPI */ + + } else if ( bvmatch( &nbase, &global_schemandn ) ) { + /* check restrictions */ + rc = backend_check_restrictions( NULL, conn, op, NULL, &text ) ; + if( rc != LDAP_SUCCESS ) { + send_ldap_result( conn, op, rc, + NULL, text, NULL, NULL ); + goto return_results; + } -#if defined( SLAPD_SCHEMA_DN ) - else if ( strcasecmp( nbase, SLAPD_SCHEMA_DN ) == 0 ) { - rc= schema_info( &entry, &text ); +#ifdef LDAP_SLAPI + attrs = anlist2charray( an ); + pb = initSearchPlugin( NULL, conn, op, &nbase, scope, + deref, sizelimit, timelimit, filter, &fstr, + attrs, attrsonly, manageDSAit ); + rc = doPreSearchPluginFNs( NULL, pb ); + if ( rc == LDAP_SUCCESS ) { + doSearchRewriteFNs( NULL, pb, &filter, &fstr ); +#endif /* LDAP_SLAPI */ + rc = schema_info( &entry, &text ); +#ifdef LDAP_SLAPI + } +#endif /* LDAP_SLAPI */ } -#endif if( rc != LDAP_SUCCESS ) { send_ldap_result( conn, op, rc, NULL, text, NULL, NULL ); +#ifdef LDAP_SLAPI + doPostSearchPluginFNs( NULL, pb ); +#endif /* LDAP_SLAPI */ goto return_results; } else if ( entry != NULL ) { @@ -190,32 +326,46 @@ do_search( entry, filter ); if( rc == LDAP_COMPARE_TRUE ) { - send_search_entry( &backends[0], conn, op, - entry, attrs, attrsonly, NULL ); + send_search_entry( NULL, conn, op, + entry, an, attrsonly, NULL ); } entry_free( entry ); send_ldap_result( conn, op, LDAP_SUCCESS, NULL, NULL, NULL, NULL ); - +#ifdef LDAP_SLAPI + doPostSearchPluginFNs( NULL, pb ); +#endif /* LDAP_SLAPI */ goto return_results; } } + if( !nbase.bv_len && default_search_nbase.bv_len ) { + ch_free( pbase.bv_val ); + ch_free( nbase.bv_val ); + + ber_dupbv( &pbase, &default_search_base ); + ber_dupbv( &nbase, &default_search_nbase ); + } + /* * We could be serving multiple database backends. Select the * appropriate one, or send a referral to our "referral server" * if we don't hold it. */ - if ( (be = select_backend( nbase )) == NULL ) { + if ( (be = select_backend( &nbase, manageDSAit, 1 )) == NULL ) { + BerVarray ref = referral_rewrite( default_referral, + NULL, &pbase, scope ); + send_ldap_result( conn, op, rc = LDAP_REFERRAL, - NULL, NULL, default_referral, NULL ); + NULL, NULL, ref ? ref : default_referral, NULL ); + ber_bvarray_free( ref ); goto return_results; } - /* make sure this backend recongizes critical controls */ - rc = backend_check_controls( be, conn, op, &text ) ; + /* check restrictions */ + rc = backend_check_restrictions( be, conn, op, NULL, &text ) ; if( rc != LDAP_SUCCESS ) { send_ldap_result( conn, op, rc, NULL, text, NULL, NULL ); @@ -223,31 +373,182 @@ do_search( } /* check for referrals */ - rc = backend_check_referrals( be, conn, op, base, nbase ); + rc = backend_check_referrals( be, conn, op, &pbase, &nbase ); if ( rc != LDAP_SUCCESS ) { goto return_results; } /* deref the base if needed */ - nbase = suffix_alias( be, nbase ); + suffix_alias( be, &nbase ); + +#ifdef LDAP_SLAPI + attrs = anlist2charray( an ); + pb = initSearchPlugin( be, conn, op, &pbase, + scope, deref, sizelimit, + timelimit, filter, &fstr, attrs, attrsonly, + manageDSAit ); + rc = doPreSearchPluginFNs( be, pb ); + if ( rc != LDAP_SUCCESS ) { + goto return_results; + } + + doSearchRewriteFNs( be, pb, &filter, &fstr ); +#endif /* LDAP_SLAPI */ /* actually do the search and send the result(s) */ if ( be->be_search ) { - (*be->be_search)( be, conn, op, base, nbase, scope, deref, sizelimit, - timelimit, filter, fstr, attrs, attrsonly ); + (*be->be_search)( be, conn, op, &pbase, &nbase, + scope, deref, sizelimit, + timelimit, filter, &fstr, an, attrsonly ); } else { send_ldap_result( conn, op, rc = LDAP_UNWILLING_TO_PERFORM, - NULL, "operation not supported within namingContext", NULL, NULL ); + NULL, "operation not supported within namingContext", + NULL, NULL ); } +#ifdef LDAP_SLAPI + doPostSearchPluginFNs( be, pb ); +#endif /* LDAP_SLAPI */ + return_results:; - if( base != NULL) free( base ); - if( nbase != NULL) free( nbase ); - if( fstr != NULL) free( fstr ); - if( filter != NULL) filter_free( filter ); - if ( attrs != NULL ) { - charray_free( attrs ); +#ifdef LDAP_CLIENT_UPDATE + if ( !( op->o_clientupdate_type & SLAP_LCUP_PERSIST ) ) +#endif /* LDAP_CLIENT_UPDATE */ + { + if( pbase.bv_val != NULL) free( pbase.bv_val ); + if( nbase.bv_val != NULL) free( nbase.bv_val ); + + if( fstr.bv_val != NULL) free( fstr.bv_val ); + if( filter != NULL) filter_free( filter ); + if( an != NULL ) free( an ); +#ifdef LDAP_SLAPI + if( attrs != NULL) ch_free( attrs ); +#endif /* LDAP_SLAPI */ } return rc; } + +#ifdef LDAP_SLAPI + +static char **anlist2charray( AttributeName *an ) +{ + char **attrs; + int i; + + if ( an != NULL ) { + for ( i = 0; an[i].an_name.bv_val != NULL; i++ ) + ; + attrs = (char **)ch_malloc( (i + 1) * sizeof(char *) ); + for ( i = 0; an[i].an_name.bv_val != NULL; i++ ) { + attrs[i] = an[i].an_name.bv_val; + } + attrs[i] = NULL; + } else { + attrs = NULL; + } + + return attrs; +} + +static Slapi_PBlock *initSearchPlugin( Backend *be, Connection *conn, Operation *op, + struct berval *base, int scope, int deref, int sizelimit, + int timelimit, Filter *filter, struct berval *fstr, + char **attrs, int attrsonly, int managedsait ) +{ + Slapi_PBlock *pb; + + pb = op->o_pb; + + slapi_x_backend_set_pb( pb, be ); + slapi_x_connection_set_pb( pb, conn ); + slapi_x_operation_set_pb( pb, op ); + slapi_pblock_set( pb, SLAPI_SEARCH_TARGET, (void *)base->bv_val ); + slapi_pblock_set( pb, SLAPI_SEARCH_SCOPE, (void *)scope ); + slapi_pblock_set( pb, SLAPI_SEARCH_DEREF, (void *)deref ); + slapi_pblock_set( pb, SLAPI_SEARCH_SIZELIMIT, (void *)sizelimit ); + slapi_pblock_set( pb, SLAPI_SEARCH_TIMELIMIT, (void *)timelimit ); + slapi_pblock_set( pb, SLAPI_SEARCH_FILTER, (void *)filter ); + slapi_pblock_set( pb, SLAPI_SEARCH_STRFILTER, (void *)fstr->bv_val ); + slapi_pblock_set( pb, SLAPI_SEARCH_ATTRS, (void *)attrs ); + slapi_pblock_set( pb, SLAPI_SEARCH_ATTRSONLY, (void *)attrsonly ); + slapi_pblock_set( pb, SLAPI_MANAGEDSAIT, (void *)managedsait ); + + return pb; +} + +static int doPreSearchPluginFNs( Backend *be, Slapi_PBlock *pb ) +{ + int rc; + + rc = doPluginFNs( be, SLAPI_PLUGIN_PRE_SEARCH_FN, pb ); + if ( rc != 0 ) { + /* + * A preoperation plugin failure will abort the + * entire operation. + */ +#ifdef NEW_LOGGING + LDAP_LOG( OPERATION, INFO, "doPreSearchPluginFNs: search preoperation plugin " + "returned %d\n", rc, 0, 0 ); +#else + Debug(LDAP_DEBUG_TRACE, "doPreSearchPluginFNs: search preoperation plugin " + "returned %d.\n", rc, 0, 0); +#endif + if ( slapi_pblock_get( pb, SLAPI_RESULT_CODE, (void *)&rc ) != 0) + rc = LDAP_OTHER; + } else { + rc = LDAP_SUCCESS; + } + + return rc; +} + +static int doSearchRewriteFNs( Backend *be, Slapi_PBlock *pb, Filter **filter, struct berval *fstr ) +{ + if ( doPluginFNs( be, SLAPI_PLUGIN_COMPUTE_SEARCH_REWRITER_FN, pb ) == 0 ) { + /* + * The plugin can set the SLAPI_SEARCH_FILTER. + * SLAPI_SEARCH_STRFILER is not normative. + */ + slapi_pblock_get( pb, SLAPI_SEARCH_FILTER, (void *)filter); + ch_free( fstr->bv_val ); + filter2bv( *filter, fstr ); +#ifdef NEW_LOGGING + LDAP_LOG( OPERATION, ARGS, + "doSearchRewriteFNs: after compute_rewrite_search filter: %s\n", + fstr->bv_len ? fstr->bv_val : "empty", 0, 0 ); +#else + Debug( LDAP_DEBUG_ARGS, " after compute_rewrite_search filter: %s\n", + fstr->bv_len ? fstr->bv_val : "empty", 0, 0 ); +#endif + } + + return LDAP_SUCCESS; +} + +static int doPostSearchPluginFNs( Backend *be, Slapi_PBlock *pb ) +{ + if ( doPluginFNs( be, SLAPI_PLUGIN_POST_SEARCH_FN, pb ) != 0 ) { +#ifdef NEW_LOGGING + LDAP_LOG( OPERATION, INFO, "doPostSearchPluginFNs: search postoperation plugins " + "failed\n", 0, 0, 0 ); +#else + Debug(LDAP_DEBUG_TRACE, "doPostSearchPluginFNs: search postoperation plugins " + "failed.\n", 0, 0, 0); +#endif + } + + return LDAP_SUCCESS; +} + +void dummy(void) +{ + /* + * XXX slapi_search_internal() was no getting pulled + * in; all manner of linker flags failed to link it. + * FIXME + */ + slapi_search_internal( NULL, 0, NULL, NULL, NULL, 0 ); +} +#endif /* LDAP_SLAPI */ +