X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=servers%2Fslapd%2Fsearch.c;h=c3a6acc34d127809fe07deaf85632e8eca55f4d2;hb=e25f6ef0cdd1780577dffeaca8ba8b19b5697880;hp=8304176e7756f810e31bf798c2a42e95b2e06101;hpb=56ebee78fbd0c1050f2fb254a25903fd4ecbb682;p=openldap

diff --git a/servers/slapd/search.c b/servers/slapd/search.c
index 8304176e77..c3a6acc34d 100644
--- a/servers/slapd/search.c
+++ b/servers/slapd/search.c
@@ -1,6 +1,6 @@
 /* $OpenLDAP$ */
 /*
- * Copyright 1998-1999 The OpenLDAP Foundation, All Rights Reserved.
+ * Copyright 1998-2002 The OpenLDAP Foundation, All Rights Reserved.
  * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
  */
 /* Portions
@@ -25,24 +25,31 @@
 #include "ldap_pvt.h"
 #include "slap.h"
 
-
 int
 do_search(
-    Connection	*conn,	/* where to send results 		       */
+    Connection	*conn,	/* where to send results */
     Operation	*op	/* info about the op to which we're responding */
-)
-{
-	int		i;
-	ber_int_t		scope, deref, attrsonly;
-	ber_int_t		sizelimit, timelimit;
-	char		*base = NULL, *nbase = NULL, *fstr = NULL;
+) {
+	ber_int_t	scope, deref, attrsonly;
+	ber_int_t	sizelimit, timelimit;
+	struct berval base = { 0, NULL };
+	struct berval pbase = { 0, NULL };
+	struct berval nbase = { 0, NULL };
+	struct berval	fstr = { 0, NULL };
 	Filter		*filter = NULL;
-	char		**attrs = NULL;
+	AttributeName	*an;
+	ber_len_t	siz, off, i;
 	Backend		*be;
 	int			rc;
-	char		*text;
+	const char	*text;
+	int			manageDSAit;
 
+#ifdef NEW_LOGGING
+	LDAP_LOG(( "operation", LDAP_LEVEL_ENTRY,
+		"do_search: conn %d\n", conn->c_connid ));
+#else
 	Debug( LDAP_DEBUG_TRACE, "do_search\n", 0, 0, 0 );
+#endif
 
 	/*
 	 * Parse the search request.  It looks like this:
@@ -69,9 +76,10 @@ do_search(
 	 */
 
 	/* baseObject, scope, derefAliases, sizelimit, timelimit, attrsOnly */
-	if ( ber_scanf( op->o_ber, "{aiiiib" /*}*/,
+	if ( ber_scanf( op->o_ber, "{miiiib" /*}*/,
 		&base, &scope, &deref, &sizelimit,
-	    &timelimit, &attrsonly ) == LBER_ERROR ) {
+	    &timelimit, &attrsonly ) == LBER_ERROR )
+	{
 		send_ldap_disconnect( conn, op,
 			LDAP_PROTOCOL_ERROR, "decoding error" );
 		rc = SLAPD_DISCONNECT;
@@ -101,20 +109,35 @@ do_search(
 		goto return_results;
 	}
 
-	nbase = ch_strdup( base );
-
-	if( dn_normalize( nbase ) == NULL ) {
-		send_ldap_result( conn, op, rc = LDAP_INVALID_DN_SYNTAX,
-			NULL, "invalid DN", NULL, NULL );
+	rc = dnPrettyNormal( NULL, &base, &pbase, &nbase );
+	if( rc != LDAP_SUCCESS ) {
+#ifdef NEW_LOGGING
+		LDAP_LOG(( "operation", LDAP_LEVEL_INFO,
+			"do_search: conn %d  invalid dn (%s)\n",
+			conn->c_connid, base.bv_val ));
+#else
+		Debug( LDAP_DEBUG_ANY,
+			"do_search: invalid dn (%s)\n", base.bv_val, 0, 0 );
+#endif
+		send_ldap_result( conn, op, rc = LDAP_INVALID_DN_SYNTAX, NULL,
+		    "invalid DN", NULL, NULL );
 		goto return_results;
 	}
 
-	Debug( LDAP_DEBUG_ARGS, "SRCH \"%s\" %d %d", base, scope, deref );
-	Debug( LDAP_DEBUG_ARGS, "    %d %d %d\n", sizelimit, timelimit,
-	    attrsonly);
+#ifdef NEW_LOGGING
+	LDAP_LOG(( "operation", LDAP_LEVEL_ARGS,
+		"do_search \"%s\" %d %d %d %d %d\n", base.bv_val, scope,
+		deref, sizelimit, timelimit, attrsonly ));
+#else
+	Debug( LDAP_DEBUG_ARGS, "SRCH \"%s\" %d %d",
+		base.bv_val, scope, deref );
+	Debug( LDAP_DEBUG_ARGS, "    %d %d %d\n",
+		sizelimit, timelimit, attrsonly);
+#endif
 
 	/* filter - returns a "normalized" version */
-	if ( (rc = get_filter( conn, op->o_ber, &filter, &fstr, &text )) != LDAP_SUCCESS ) {
+	rc = get_filter( conn, op->o_ber, &filter, &fstr, &text );
+	if( rc != LDAP_SUCCESS ) {
 		if( rc == SLAPD_DISCONNECT ) {
 			send_ldap_disconnect( conn, op,
 				LDAP_PROTOCOL_ERROR, text );
@@ -125,109 +148,186 @@ do_search(
 		goto return_results;
 	}
 
-	Debug( LDAP_DEBUG_ARGS, "    filter: %s\n", fstr, 0, 0 );
+#ifdef NEW_LOGGING
+	LDAP_LOG(( "operation", LDAP_LEVEL_ARGS,
+		"do_search: conn %d	filter: %s\n", conn->c_connid, fstr.bv_val ));
+#else
+	Debug( LDAP_DEBUG_ARGS, "    filter: %s\n", fstr.bv_val, 0, 0 );
+#endif
 
 	/* attributes */
-	if ( ber_scanf( op->o_ber, /*{*/ "{v}}", &attrs ) == LBER_ERROR ) {
+	siz = sizeof(AttributeName);
+	off = 0;
+	if ( ber_scanf( op->o_ber, "{M}}", &an, &siz, off ) == LBER_ERROR ) {
 		send_ldap_disconnect( conn, op,
 			LDAP_PROTOCOL_ERROR, "decoding attrs error" );
 		rc = SLAPD_DISCONNECT;
 		goto return_results;
 	}
+	for ( i=0; i<siz; i++ ) {
+		an[i].an_desc = NULL;
+		an[i].an_oc = NULL;
+		slap_bv2ad(&an[i].an_name, &an[i].an_desc, &text);
+	}
 
 	if( (rc = get_ctrls( conn, op, 1 )) != LDAP_SUCCESS ) {
+#ifdef NEW_LOGGING
+		LDAP_LOG(( "operation", LDAP_LEVEL_INFO,
+			"do_search: conn %d  get_ctrls failed (%d)\n",
+			conn->c_connid, rc ));
+#else
 		Debug( LDAP_DEBUG_ANY, "do_search: get_ctrls failed\n", 0, 0, 0 );
-		goto return_results;
-	} 
+#endif
 
-	rc = 0;
+		goto return_results;
+	}
 
+#ifdef NEW_LOGGING
+	LDAP_LOG(( "operation", LDAP_LEVEL_ARGS,
+		"do_search: conn %d	attrs:", conn->c_connid ));
+#else
 	Debug( LDAP_DEBUG_ARGS, "    attrs:", 0, 0, 0 );
+#endif
 
-	if ( attrs != NULL ) {
-		for ( i = 0; attrs[i] != NULL; i++ ) {
-#ifndef SLAPD_SCHEMA_NOT_COMPAT
-			attr_normalize( attrs[i] );
+	if ( siz != 0 ) {
+		for ( i = 0; i<siz; i++ ) {
+#ifdef NEW_LOGGING
+			LDAP_LOG(( "operation", LDAP_LEVEL_ARGS,
+				"do_search:	   %s", an[i].an_name.bv_val ));
+#else
+			Debug( LDAP_DEBUG_ARGS, " %s", an[i].an_name.bv_val, 0, 0 );
 #endif
-			Debug( LDAP_DEBUG_ARGS, " %s", attrs[i], 0, 0 );
 		}
 	}
 
+#ifdef NEW_LOGGING
+	LDAP_LOG(( "operation", LDAP_LEVEL_ARGS, "\n" ));
+#else
 	Debug( LDAP_DEBUG_ARGS, "\n", 0, 0, 0 );
+#endif
 
 	Statslog( LDAP_DEBUG_STATS,
 	    "conn=%ld op=%d SRCH base=\"%s\" scope=%d filter=\"%s\"\n",
-	    op->o_connid, op->o_opid, base, scope, fstr );
+	    op->o_connid, op->o_opid, pbase.bv_val, scope, fstr.bv_val );
+
+	manageDSAit = get_manageDSAit( op );
 
 	if ( scope == LDAP_SCOPE_BASE ) {
-#if defined( SLAPD_MONITOR_DN )
-		if ( strcmp( nbase, SLAPD_MONITOR_DN ) == 0 ) {
-			monitor_info( conn, op, attrs, attrsonly );
-			goto return_results;
-		}
+		Entry *entry = NULL;
+
+		if ( nbase.bv_len == 0 ) {
+#ifdef LDAP_CONNECTIONLESS
+			/* Ignore LDAPv2 CLDAP Root DSE queries */
+			if (op->o_protocol==LDAP_VERSION2 && conn->c_is_udp) {
+				goto return_results;
+			}
 #endif
-
-#if defined( SLAPD_CONFIG_DN )
-		if ( strcmp( nbase, SLAPD_CONFIG_DN ) == 0 ) {
-			config_info( conn, op, attrs, attrsonly );
-			goto return_results;
+			/* check restrictions */
+			rc = backend_check_restrictions( NULL, conn, op, NULL, &text ) ;
+			if( rc != LDAP_SUCCESS ) {
+				send_ldap_result( conn, op, rc,
+					NULL, text, NULL, NULL );
+				goto return_results;
+			}
+
+			rc = root_dse_info( conn, &entry, &text );
 		}
-#endif
 
 #if defined( SLAPD_SCHEMA_DN )
-		if ( strcmp( nbase, SLAPD_SCHEMA_DN ) == 0 ) {
-			schema_info( conn, op, attrs, attrsonly );
-			goto return_results;
+		else if ( strcasecmp( nbase.bv_val, SLAPD_SCHEMA_DN ) == 0 ) {
+			/* check restrictions */
+			rc = backend_check_restrictions( NULL, conn, op, NULL, &text ) ;
+			if( rc != LDAP_SUCCESS ) {
+				send_ldap_result( conn, op, rc,
+					NULL, text, NULL, NULL );
+				goto return_results;
+			}
+
+			rc = schema_info( &entry, &text );
 		}
 #endif
 
-		if ( strcmp( nbase, LDAP_ROOT_DSE ) == 0 ) {
-			root_dse_info( conn, op, attrs, attrsonly );
+		if( rc != LDAP_SUCCESS ) {
+			send_ldap_result( conn, op, rc,
+				NULL, text, NULL, NULL );
+			goto return_results;
+
+		} else if ( entry != NULL ) {
+			rc = test_filter( NULL, conn, op,
+				entry, filter );
+
+			if( rc == LDAP_COMPARE_TRUE ) {
+				send_search_entry( NULL, conn, op,
+					entry, an, attrsonly, NULL );
+			}
+			entry_free( entry );
+
+			send_ldap_result( conn, op, LDAP_SUCCESS,
+				NULL, NULL, NULL, NULL );
+
 			goto return_results;
 		}
 	}
 
+	if( !nbase.bv_len && default_search_nbase.bv_len ) {
+		ch_free( pbase.bv_val );
+		ch_free( nbase.bv_val );
+
+		ber_dupbv( &pbase, &default_search_base );
+		ber_dupbv( &nbase, &default_search_nbase );
+	}
+
 	/*
 	 * We could be serving multiple database backends.  Select the
 	 * appropriate one, or send a referral to our "referral server"
 	 * if we don't hold it.
 	 */
-	if ( (be = select_backend( nbase )) == NULL ) {
+	if ( (be = select_backend( &nbase, manageDSAit, 1 )) == NULL ) {
+		BerVarray ref = referral_rewrite( default_referral,
+			NULL, &pbase, scope );
+
 		send_ldap_result( conn, op, rc = LDAP_REFERRAL,
-			NULL, NULL, default_referral, NULL );
+			NULL, NULL, ref ? ref : default_referral, NULL );
 
+		ber_bvarray_free( ref );
 		goto return_results;
 	}
 
-	/* make sure this backend recongizes critical controls */
-	rc = backend_check_controls( be, conn, op, &text ) ;
-
+	/* check restrictions */
+	rc = backend_check_restrictions( be, conn, op, NULL, &text ) ;
 	if( rc != LDAP_SUCCESS ) {
 		send_ldap_result( conn, op, rc,
 			NULL, text, NULL, NULL );
 		goto return_results;
 	}
 
+	/* check for referrals */
+	rc = backend_check_referrals( be, conn, op, &pbase, &nbase );
+	if ( rc != LDAP_SUCCESS ) {
+		goto return_results;
+	}
+
 	/* deref the base if needed */
-	nbase = suffix_alias( be, nbase );
+	suffix_alias( be, &nbase );
 
 	/* actually do the search and send the result(s) */
 	if ( be->be_search ) {
-		(*be->be_search)( be, conn, op, base, nbase, scope, deref, sizelimit,
-		    timelimit, filter, fstr, attrs, attrsonly );
+		(*be->be_search)( be, conn, op, &pbase, &nbase,
+			scope, deref, sizelimit,
+		    timelimit, filter, &fstr, an, attrsonly );
 	} else {
 		send_ldap_result( conn, op, rc = LDAP_UNWILLING_TO_PERFORM,
-			NULL, "search function not implemented", NULL, NULL );
+			NULL, "operation not supported within namingContext",
+			NULL, NULL );
 	}
 
 return_results:;
-	if( base != NULL) free( base );
-	if( nbase != NULL) free( nbase );
-	if( fstr != NULL) free( fstr );
+	if( pbase.bv_val != NULL) free( pbase.bv_val );
+	if( nbase.bv_val != NULL) free( nbase.bv_val );
+
+	if( fstr.bv_val != NULL) free( fstr.bv_val );
 	if( filter != NULL) filter_free( filter );
-	if ( attrs != NULL ) {
-		charray_free( attrs );
-	}
+	free(an);
 
 	return rc;
 }