X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=servers%2Fslapd%2Fsearch.c;h=9912d1799fc156596e35e84f933fd52fc8e72c5a;hb=b3c3d89140dadff2de0bf987d48b1dfe77035811;hp=6b555b4bf3e9af7cd93ce10fb12f76f6cc93d35d;hpb=47dd8d87327fd5ba219b3fe698b86780a14de697;p=openldap diff --git a/servers/slapd/search.c b/servers/slapd/search.c index 6b555b4bf3..9912d1799f 100644 --- a/servers/slapd/search.c +++ b/servers/slapd/search.c @@ -1,7 +1,7 @@ /* $OpenLDAP$ */ /* This work is part of OpenLDAP Software . * - * Copyright 1998-2004 The OpenLDAP Foundation. + * Copyright 1998-2012 The OpenLDAP Foundation. * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -33,15 +33,6 @@ #include "lutil.h" #include "slap.h" -#ifdef LDAP_SLAPI -#include "slapi/slapi.h" - -static void init_search_pblock( Operation *op, char **attrs, int managedsait ); -static int call_search_preop_plugins( Operation *op ); -static int call_search_rewrite_plugins( Operation *op ); -static void call_search_postop_plugins( Operation *op ); -#endif /* LDAPI_SLAPI */ - int do_search( Operation *op, /* info about the op to which we're responding */ @@ -50,8 +41,8 @@ do_search( struct berval base = BER_BVNULL; ber_len_t siz, off, i; - Debug( LDAP_DEBUG_TRACE, "do_search\n", 0, 0, 0 ); - + Debug( LDAP_DEBUG_TRACE, "%s do_search\n", + op->o_log_prefix, 0, 0 ); /* * Parse the search request. It looks like this: * @@ -101,9 +92,7 @@ do_search( case LDAP_SCOPE_BASE: case LDAP_SCOPE_ONELEVEL: case LDAP_SCOPE_SUBTREE: -#ifdef LDAP_SCOPE_SUBORDINATE case LDAP_SCOPE_SUBORDINATE: -#endif break; default: send_ldap_error( op, rs, LDAP_PROTOCOL_ERROR, "invalid scope" ); @@ -123,8 +112,8 @@ do_search( rs->sr_err = dnPrettyNormal( NULL, &base, &op->o_req_dn, &op->o_req_ndn, op->o_tmpmemctx ); if( rs->sr_err != LDAP_SUCCESS ) { - Debug( LDAP_DEBUG_ANY, - "do_search: invalid dn (%s)\n", base.bv_val, 0, 0 ); + Debug( LDAP_DEBUG_ANY, "%s do_search: invalid dn: \"%s\"\n", + op->o_log_prefix, base.bv_val, 0 ); send_ldap_error( op, rs, LDAP_INVALID_DN_SYNTAX, "invalid DN" ); goto return_results; } @@ -163,13 +152,49 @@ do_search( const char *dummy; /* ignore msgs from bv2ad */ op->ors_attrs[i].an_desc = NULL; op->ors_attrs[i].an_oc = NULL; - op->ors_attrs[i].an_oc_exclude = 0; - slap_bv2ad(&op->ors_attrs[i].an_name, &op->ors_attrs[i].an_desc, &dummy); + op->ors_attrs[i].an_flags = 0; + if ( slap_bv2ad( &op->ors_attrs[i].an_name, + &op->ors_attrs[i].an_desc, &dummy ) != LDAP_SUCCESS ) + { + if ( slap_bv2undef_ad( &op->ors_attrs[i].an_name, + &op->ors_attrs[i].an_desc, &dummy, + SLAP_AD_PROXIED|SLAP_AD_NOINSERT ) ) + { + struct berval *bv = &op->ors_attrs[i].an_name; + + /* RFC 4511 LDAPv3: All User Attributes */ + if ( bvmatch( bv, slap_bv_all_user_attrs ) ) { + continue; + } + + /* RFC 3673 LDAPv3: All Operational Attributes */ + if ( bvmatch( bv, slap_bv_all_operational_attrs ) ) { + continue; + } + + /* RFC 4529 LDAP: Requesting Attributes by Object Class */ + if ( bv->bv_len > 1 && bv->bv_val[0] == '@' ) { + /* FIXME: check if remaining is valid oc name? */ + continue; + } + + /* add more "exceptions" to RFC 4511 4.5.1.8. */ + + /* invalid attribute description? remove */ + if ( ad_keystring( bv ) ) { + /* NOTE: parsed in-place, don't modify; + * rather add "1.1", which must be ignored */ + BER_BVSTR( &op->ors_attrs[i].an_name, LDAP_NO_ATTRS ); + } + + /* otherwise leave in place... */ + } + } } if( get_ctrls( op, rs, 1 ) != LDAP_SUCCESS ) { - Debug( LDAP_DEBUG_ANY, "do_search: get_ctrls failed\n", 0, 0, 0 ); - + Debug( LDAP_DEBUG_ANY, "%s do_search: get_ctrls failed\n", + op->o_log_prefix, 0, 0 ); goto return_results; } @@ -185,7 +210,7 @@ do_search( if ( StatslogTest( LDAP_DEBUG_STATS ) ) { char abuf[BUFSIZ/2], *ptr = abuf; - int len = 0, alen; + unsigned len = 0, alen; sprintf(abuf, "scope=%d deref=%d", op->ors_scope, op->ors_deref); Statslog( LDAP_DEBUG_STATS, @@ -222,12 +247,6 @@ do_search( rs->sr_err = frontendDB->be_search( op, rs ); return_results:; - if ( ( op->o_sync_mode & SLAP_SYNC_PERSIST ) ) { - return rs->sr_err; - } - if ( ( op->o_sync_slog_size != -1 ) ) { - return rs->sr_err; - } if ( !BER_BVISNULL( &op->o_req_dn ) ) { slap_sl_free( op->o_req_dn.bv_val, op->o_tmpmemctx ); } @@ -238,7 +257,7 @@ return_results:; op->o_tmpfree( op->ors_filterstr.bv_val, op->o_tmpmemctx ); } if ( op->ors_filter != NULL) { - filter_free_x( op, op->ors_filter ); + filter_free_x( op, op->ors_filter, 1 ); } if ( op->ors_attrs != NULL ) { op->o_tmpfree( op->ors_attrs, op->o_tmpmemctx ); @@ -250,16 +269,9 @@ return_results:; int fe_op_search( Operation *op, SlapReply *rs ) { - int manageDSAit; - int be_manageDSAit; -#ifdef LDAP_SLAPI - char **attrs = NULL; -#endif - - manageDSAit = get_manageDSAit( op ); + BackendDB *bd = op->o_bd; - /* fake while loop to allow breaking out */ - while ( op->ors_scope == LDAP_SCOPE_BASE ) { + if ( op->ors_scope == LDAP_SCOPE_BASE ) { Entry *entry = NULL; if ( BER_BVISEMPTY( &op->o_req_ndn ) ) { @@ -275,15 +287,6 @@ fe_op_search( Operation *op, SlapReply *rs ) goto return_results; } -#ifdef LDAP_SLAPI - if ( op->o_pb ) { - attrs = anlist2charray_x( op->ors_attrs, 0, op->o_tmpmemctx ); - init_search_pblock( op, attrs, manageDSAit ); - rs->sr_err = call_search_preop_plugins( op ); - if ( rs->sr_err ) break; - call_search_rewrite_plugins( op ); - } -#endif /* LDAP_SLAPI */ rs->sr_err = root_dse_info( op->o_conn, &entry, &rs->sr_text ); } else if ( bvmatch( &op->o_req_ndn, &frontendDB->be_schemandn ) ) { @@ -293,46 +296,44 @@ fe_op_search( Operation *op, SlapReply *rs ) goto return_results; } -#ifdef LDAP_SLAPI - if ( op->o_pb ) { - attrs = anlist2charray_x( op->ors_attrs, 0, op->o_tmpmemctx ); - init_search_pblock( op, attrs, manageDSAit ); - rs->sr_err = call_search_preop_plugins( op ); - if ( rs->sr_err ) break; - call_search_rewrite_plugins( op ); - } -#endif /* LDAP_SLAPI */ rs->sr_err = schema_info( &entry, &rs->sr_text ); } if( rs->sr_err != LDAP_SUCCESS ) { send_ldap_result( op, rs ); -#ifdef LDAP_SLAPI - if ( op->o_pb ) call_search_postop_plugins( op ); -#endif /* LDAP_SLAPI */ goto return_results; } else if ( entry != NULL ) { + if ( get_assert( op ) && + ( test_filter( op, entry, get_assertion( op )) != LDAP_COMPARE_TRUE )) { + rs->sr_err = LDAP_ASSERTION_FAILED; + goto fail1; + } + rs->sr_err = test_filter( op, entry, op->ors_filter ); if( rs->sr_err == LDAP_COMPARE_TRUE ) { + /* note: we set no limits because either + * no limit is specified, or at least 1 + * is specified, and we're going to return + * at most one entry */ + op->ors_slimit = SLAP_NO_LIMIT; + op->ors_tlimit = SLAP_NO_LIMIT; + rs->sr_entry = entry; rs->sr_attrs = op->ors_attrs; rs->sr_operational_attrs = NULL; + rs->sr_flags = 0; send_search_entry( op, rs ); rs->sr_entry = NULL; rs->sr_operational_attrs = NULL; } - entry_free( entry ); - rs->sr_err = LDAP_SUCCESS; +fail1: + entry_free( entry ); send_ldap_result( op, rs ); -#ifdef LDAP_SLAPI - if ( op->o_pb ) call_search_postop_plugins( op ); -#endif /* LDAP_SLAPI */ goto return_results; } - break; } if( BER_BVISEMPTY( &op->o_req_ndn ) && !BER_BVISEMPTY( &default_search_nbase ) ) { @@ -349,25 +350,14 @@ fe_op_search( Operation *op, SlapReply *rs ) * if we don't hold it. */ - /* Sync control overrides manageDSAit */ - - if ( manageDSAit != SLAP_CONTROL_NONE ) { - if ( op->o_sync_mode & SLAP_SYNC_REFRESH ) { - be_manageDSAit = SLAP_CONTROL_NONE; - } else { - be_manageDSAit = manageDSAit; - } - } else { - be_manageDSAit = manageDSAit; - } - - op->o_bd = select_backend( &op->o_req_ndn, be_manageDSAit, 1 ); + op->o_bd = select_backend( &op->o_req_ndn, 1 ); if ( op->o_bd == NULL ) { rs->sr_ref = referral_rewrite( default_referral, NULL, &op->o_req_dn, op->ors_scope ); if (!rs->sr_ref) rs->sr_ref = default_referral; rs->sr_err = LDAP_REFERRAL; + op->o_bd = bd; send_ldap_result( op, rs ); if (rs->sr_ref != default_referral) @@ -387,22 +377,28 @@ fe_op_search( Operation *op, SlapReply *rs ) goto return_results; } -#ifdef LDAP_SLAPI - if ( op->o_pb ) { - attrs = anlist2charray_x( op->ors_attrs, 0, op->o_tmpmemctx ); - init_search_pblock( op, attrs, manageDSAit ); - rs->sr_err = call_search_preop_plugins( op ); - if ( rs->sr_err != LDAP_SUCCESS ) { - goto return_results; - } + if ( SLAP_SHADOW(op->o_bd) && get_dontUseCopy(op) ) { + /* don't use shadow copy */ + BerVarray defref = op->o_bd->be_update_refs + ? op->o_bd->be_update_refs : default_referral; - call_search_rewrite_plugins( op ); - } -#endif /* LDAP_SLAPI */ + if( defref != NULL ) { + rs->sr_ref = referral_rewrite( defref, + NULL, &op->o_req_dn, op->ors_scope ); + if( !rs->sr_ref) rs->sr_ref = defref; + rs->sr_err = LDAP_REFERRAL; + send_ldap_result( op, rs ); + + if (rs->sr_ref != defref) ber_bvarray_free( rs->sr_ref ); + + } else { + send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM, + "copy not used; no referral information available" ); + } - /* actually do the search and send the result(s) */ - if ( op->o_bd->be_search ) { + } else if ( op->o_bd->be_search ) { if ( limits_check( op, rs ) == 0 ) { + /* actually do the search and send the result(s) */ (op->o_bd->be_search)( op, rs ); } /* else limits_check() sends error */ @@ -412,115 +408,8 @@ fe_op_search( Operation *op, SlapReply *rs ) "operation not supported within namingContext" ); } -#ifdef LDAP_SLAPI - if ( op->o_pb ) call_search_postop_plugins( op ); -#endif /* LDAP_SLAPI */ - -#ifdef LDAP_SLAPI - if( attrs != NULL) op->o_tmpfree( attrs, op->o_tmpmemctx ); -#endif /* LDAP_SLAPI */ - return_results:; + op->o_bd = bd; return rs->sr_err; } -#ifdef LDAP_SLAPI - -static void init_search_pblock( Operation *op, - char **attrs, int managedsait ) -{ - slapi_int_pblock_set_operation( op->o_pb, op ); - slapi_pblock_set( op->o_pb, SLAPI_SEARCH_TARGET, (void *)op->o_req_dn.bv_val ); - slapi_pblock_set( op->o_pb, SLAPI_SEARCH_SCOPE, (void *)op->ors_scope ); - slapi_pblock_set( op->o_pb, SLAPI_SEARCH_DEREF, (void *)op->ors_deref ); - slapi_pblock_set( op->o_pb, SLAPI_SEARCH_SIZELIMIT, (void *)op->ors_slimit ); - slapi_pblock_set( op->o_pb, SLAPI_SEARCH_TIMELIMIT, (void *)op->ors_tlimit ); - slapi_pblock_set( op->o_pb, SLAPI_SEARCH_FILTER, (void *)op->ors_filter ); - slapi_pblock_set( op->o_pb, SLAPI_SEARCH_STRFILTER, (void *)op->ors_filterstr.bv_val ); - slapi_pblock_set( op->o_pb, SLAPI_SEARCH_ATTRS, (void *)attrs ); - slapi_pblock_set( op->o_pb, SLAPI_SEARCH_ATTRSONLY, (void *)op->ors_attrsonly ); - slapi_pblock_set( op->o_pb, SLAPI_MANAGEDSAIT, (void *)managedsait ); -} - -static int call_search_preop_plugins( Operation *op ) -{ - int rc; - - rc = slapi_int_call_plugins( op->o_bd, SLAPI_PLUGIN_PRE_SEARCH_FN, op->o_pb ); - if ( rc < 0 ) { - /* - * A preoperation plugin failure will abort the - * entire operation. - */ - Debug(LDAP_DEBUG_TRACE, "call_search_preop_plugins: search preoperation plugin " - "returned %d.\n", rc, 0, 0); - if ( ( slapi_pblock_get( op->o_pb, SLAPI_RESULT_CODE, (void *)&rc ) != 0 ) || - rc == LDAP_SUCCESS ) { - rc = LDAP_OTHER; - } - } else { - rc = LDAP_SUCCESS; - } - - return rc; -} - -static int call_search_rewrite_plugins( Operation *op ) -{ - if ( slapi_int_call_plugins( op->o_bd, SLAPI_PLUGIN_COMPUTE_SEARCH_REWRITER_FN, op->o_pb ) == 0 ) { - int rc; - - /* - * The plugin can set the SLAPI_SEARCH_FILTER. - * SLAPI_SEARCH_STRFILER is not normative. - */ - slapi_pblock_get( op->o_pb, SLAPI_SEARCH_FILTER, (void *)&op->ors_filter ); - op->o_tmpfree( op->ors_filterstr.bv_val, op->o_tmpmemctx ); - filter2bv_x( op, op->ors_filter, &op->ors_filterstr ); - - /* - * Also permit other search parameters to be reset. One thing - * this doesn't (yet) deal with is plugins that change a root - * DSE search to a non-root DSE search... - */ - slapi_pblock_get( op->o_pb, SLAPI_SEARCH_TARGET, (void **)&op->o_req_dn.bv_val ); - op->o_req_dn.bv_len = strlen( op->o_req_dn.bv_val ); - - if( !BER_BVISNULL( &op->o_req_ndn ) ) { - slap_sl_free( op->o_req_ndn.bv_val, op->o_tmpmemctx ); - } - rc = dnNormalize( 0, NULL, NULL, &op->o_req_dn, &op->o_req_ndn, - op->o_tmpmemctx ); - if ( rc != LDAP_SUCCESS ) { - return rc; - } - - slapi_pblock_get( op->o_pb, SLAPI_SEARCH_SCOPE, (void **)&op->ors_scope ); - slapi_pblock_get( op->o_pb, SLAPI_SEARCH_DEREF, (void **)&op->ors_deref ); - - Debug( LDAP_DEBUG_ARGS, " after compute_rewrite_search filter: %s\n", - !BER_BVISEMPTY( &op->ors_filterstr ) ? op->ors_filterstr.bv_val : "empty", 0, 0 ); - } - - return LDAP_SUCCESS; -} - -static void call_search_postop_plugins( Operation *op ) -{ - if ( slapi_int_call_plugins( op->o_bd, SLAPI_PLUGIN_POST_SEARCH_FN, op->o_pb ) < 0 ) { - Debug(LDAP_DEBUG_TRACE, "call_search_postop_plugins: search postoperation plugins " - "failed.\n", 0, 0, 0); - } -} - -void slapi_int_dummy(void) -{ - /* - * XXX slapi_search_internal() was no getting pulled - * in; all manner of linker flags failed to link it. - * FIXME - */ - slapi_search_internal( NULL, 0, NULL, NULL, NULL, 0 ); -} -#endif /* LDAP_SLAPI */ -