X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=servers%2Fslapd%2Fsearch.c;h=c3a6acc34d127809fe07deaf85632e8eca55f4d2;hb=e25f6ef0cdd1780577dffeaca8ba8b19b5697880;hp=b9906a12c9111a69bc617ac4c4c24559c530977f;hpb=73276e84ae32e9e148197971d1d6729739980353;p=openldap diff --git a/servers/slapd/search.c b/servers/slapd/search.c index b9906a12c9..c3a6acc34d 100644 --- a/servers/slapd/search.c +++ b/servers/slapd/search.c @@ -1,4 +1,9 @@ +/* $OpenLDAP$ */ /* + * Copyright 1998-2002 The OpenLDAP Foundation, All Rights Reserved. + * COPYING RESTRICTIONS APPLY, see COPYRIGHT file + */ +/* Portions * Copyright (c) 1995 Regents of the University of Michigan. * All rights reserved. * @@ -17,34 +22,34 @@ #include #include -#include "ldap_defaults.h" +#include "ldap_pvt.h" #include "slap.h" - int do_search( - Connection *conn, /* where to send results */ + Connection *conn, /* where to send results */ Operation *op /* info about the op to which we're responding */ -) -{ - int i, err; - ber_int_t scope, deref, attrsonly; - ber_int_t sizelimit, timelimit; - char *base = NULL, *fstr = NULL; +) { + ber_int_t scope, deref, attrsonly; + ber_int_t sizelimit, timelimit; + struct berval base = { 0, NULL }; + struct berval pbase = { 0, NULL }; + struct berval nbase = { 0, NULL }; + struct berval fstr = { 0, NULL }; Filter *filter = NULL; - char **attrs = NULL; + AttributeName *an; + ber_len_t siz, off, i; Backend *be; int rc; + const char *text; + int manageDSAit; +#ifdef NEW_LOGGING + LDAP_LOG(( "operation", LDAP_LEVEL_ENTRY, + "do_search: conn %d\n", conn->c_connid )); +#else Debug( LDAP_DEBUG_TRACE, "do_search\n", 0, 0, 0 ); - - if( op->o_bind_in_progress ) { - Debug( LDAP_DEBUG_ANY, "do_search: SASL bind in progress.\n", - 0, 0, 0 ); - send_ldap_result( conn, op, LDAP_SASL_BIND_IN_PROGRESS, - NULL, "SASL bind in progress", NULL, NULL ); - return LDAP_SASL_BIND_IN_PROGRESS; - } +#endif /* * Parse the search request. It looks like this: @@ -71,12 +76,13 @@ do_search( */ /* baseObject, scope, derefAliases, sizelimit, timelimit, attrsOnly */ - if ( ber_scanf( op->o_ber, "{aiiiib", + if ( ber_scanf( op->o_ber, "{miiiib" /*}*/, &base, &scope, &deref, &sizelimit, - &timelimit, &attrsonly ) == LBER_ERROR ) { + &timelimit, &attrsonly ) == LBER_ERROR ) + { send_ldap_disconnect( conn, op, LDAP_PROTOCOL_ERROR, "decoding error" ); - rc = -1; + rc = SLAPD_DISCONNECT; goto return_results; } @@ -86,9 +92,8 @@ do_search( case LDAP_SCOPE_SUBTREE: break; default: - send_ldap_result( conn, op, LDAP_PROTOCOL_ERROR, + send_ldap_result( conn, op, rc = LDAP_PROTOCOL_ERROR, NULL, "invalid scope", NULL, NULL ); - rc = -1; goto return_results; } @@ -99,118 +104,230 @@ do_search( case LDAP_DEREF_ALWAYS: break; default: - send_ldap_result( conn, op, LDAP_PROTOCOL_ERROR, + send_ldap_result( conn, op, rc = LDAP_PROTOCOL_ERROR, NULL, "invalid deref", NULL, NULL ); - rc = -1; goto return_results; } - (void) dn_normalize_case( base ); + rc = dnPrettyNormal( NULL, &base, &pbase, &nbase ); + if( rc != LDAP_SUCCESS ) { +#ifdef NEW_LOGGING + LDAP_LOG(( "operation", LDAP_LEVEL_INFO, + "do_search: conn %d invalid dn (%s)\n", + conn->c_connid, base.bv_val )); +#else + Debug( LDAP_DEBUG_ANY, + "do_search: invalid dn (%s)\n", base.bv_val, 0, 0 ); +#endif + send_ldap_result( conn, op, rc = LDAP_INVALID_DN_SYNTAX, NULL, + "invalid DN", NULL, NULL ); + goto return_results; + } - Debug( LDAP_DEBUG_ARGS, "SRCH \"%s\" %d %d", base, scope, deref ); - Debug( LDAP_DEBUG_ARGS, " %d %d %d\n", sizelimit, timelimit, - attrsonly); +#ifdef NEW_LOGGING + LDAP_LOG(( "operation", LDAP_LEVEL_ARGS, + "do_search \"%s\" %d %d %d %d %d\n", base.bv_val, scope, + deref, sizelimit, timelimit, attrsonly )); +#else + Debug( LDAP_DEBUG_ARGS, "SRCH \"%s\" %d %d", + base.bv_val, scope, deref ); + Debug( LDAP_DEBUG_ARGS, " %d %d %d\n", + sizelimit, timelimit, attrsonly); +#endif /* filter - returns a "normalized" version */ - if ( (err = get_filter( conn, op->o_ber, &filter, &fstr )) != 0 ) { - if( err == -1 ) { + rc = get_filter( conn, op->o_ber, &filter, &fstr, &text ); + if( rc != LDAP_SUCCESS ) { + if( rc == SLAPD_DISCONNECT ) { send_ldap_disconnect( conn, op, - LDAP_PROTOCOL_ERROR, "decode error" ); + LDAP_PROTOCOL_ERROR, text ); } else { - send_ldap_result( conn, op, err, - NULL, "Bad search filter", NULL, NULL ); + send_ldap_result( conn, op, rc, + NULL, text, NULL, NULL ); } goto return_results; } - Debug( LDAP_DEBUG_ARGS, " filter: %s\n", fstr, 0, 0 ); +#ifdef NEW_LOGGING + LDAP_LOG(( "operation", LDAP_LEVEL_ARGS, + "do_search: conn %d filter: %s\n", conn->c_connid, fstr.bv_val )); +#else + Debug( LDAP_DEBUG_ARGS, " filter: %s\n", fstr.bv_val, 0, 0 ); +#endif /* attributes */ - if ( ber_scanf( op->o_ber, /*{*/ "{v}}", &attrs ) == LBER_ERROR ) { + siz = sizeof(AttributeName); + off = 0; + if ( ber_scanf( op->o_ber, "{M}}", &an, &siz, off ) == LBER_ERROR ) { send_ldap_disconnect( conn, op, - LDAP_PROTOCOL_ERROR, "decoding error" ); - rc = -1; + LDAP_PROTOCOL_ERROR, "decoding attrs error" ); + rc = SLAPD_DISCONNECT; goto return_results; } + for ( i=0; ic_connid, rc )); +#else Debug( LDAP_DEBUG_ANY, "do_search: get_ctrls failed\n", 0, 0, 0 ); - goto return_results; - } +#endif - rc = 0; + goto return_results; + } +#ifdef NEW_LOGGING + LDAP_LOG(( "operation", LDAP_LEVEL_ARGS, + "do_search: conn %d attrs:", conn->c_connid )); +#else Debug( LDAP_DEBUG_ARGS, " attrs:", 0, 0, 0 ); +#endif - if ( attrs != NULL ) { - for ( i = 0; attrs[i] != NULL; i++ ) { - attr_normalize( attrs[i] ); - Debug( LDAP_DEBUG_ARGS, " %s", attrs[i], 0, 0 ); + if ( siz != 0 ) { + for ( i = 0; ic_connid, op->o_opid, base, scope, fstr ); + "conn=%ld op=%d SRCH base=\"%s\" scope=%d filter=\"%s\"\n", + op->o_connid, op->o_opid, pbase.bv_val, scope, fstr.bv_val ); + + manageDSAit = get_manageDSAit( op ); if ( scope == LDAP_SCOPE_BASE ) { -#if defined( SLAPD_MONITOR_DN ) - if ( strcmp( base, SLAPD_MONITOR_DN ) == 0 ) { - monitor_info( conn, op ); - goto return_results; - } + Entry *entry = NULL; + + if ( nbase.bv_len == 0 ) { +#ifdef LDAP_CONNECTIONLESS + /* Ignore LDAPv2 CLDAP Root DSE queries */ + if (op->o_protocol==LDAP_VERSION2 && conn->c_is_udp) { + goto return_results; + } #endif - -#if defined( SLAPD_CONFIG_DN ) - if ( strcmp( base, SLAPD_CONFIG_DN ) == 0 ) { - config_info( conn, op ); - goto return_results; + /* check restrictions */ + rc = backend_check_restrictions( NULL, conn, op, NULL, &text ) ; + if( rc != LDAP_SUCCESS ) { + send_ldap_result( conn, op, rc, + NULL, text, NULL, NULL ); + goto return_results; + } + + rc = root_dse_info( conn, &entry, &text ); } -#endif #if defined( SLAPD_SCHEMA_DN ) - if ( strcmp( base, SLAPD_SCHEMA_DN ) == 0 ) { - schema_info( conn, op, attrs, attrsonly ); - goto return_results; + else if ( strcasecmp( nbase.bv_val, SLAPD_SCHEMA_DN ) == 0 ) { + /* check restrictions */ + rc = backend_check_restrictions( NULL, conn, op, NULL, &text ) ; + if( rc != LDAP_SUCCESS ) { + send_ldap_result( conn, op, rc, + NULL, text, NULL, NULL ); + goto return_results; + } + + rc = schema_info( &entry, &text ); } #endif - if ( strcmp( base, LDAP_ROOT_DSE ) == 0 ) { - root_dse_info( conn, op, attrs, attrsonly ); + if( rc != LDAP_SUCCESS ) { + send_ldap_result( conn, op, rc, + NULL, text, NULL, NULL ); + goto return_results; + + } else if ( entry != NULL ) { + rc = test_filter( NULL, conn, op, + entry, filter ); + + if( rc == LDAP_COMPARE_TRUE ) { + send_search_entry( NULL, conn, op, + entry, an, attrsonly, NULL ); + } + entry_free( entry ); + + send_ldap_result( conn, op, LDAP_SUCCESS, + NULL, NULL, NULL, NULL ); + goto return_results; } } + if( !nbase.bv_len && default_search_nbase.bv_len ) { + ch_free( pbase.bv_val ); + ch_free( nbase.bv_val ); + + ber_dupbv( &pbase, &default_search_base ); + ber_dupbv( &nbase, &default_search_nbase ); + } + /* * We could be serving multiple database backends. Select the * appropriate one, or send a referral to our "referral server" * if we don't hold it. */ - if ( (be = select_backend( base )) == NULL ) { + if ( (be = select_backend( &nbase, manageDSAit, 1 )) == NULL ) { + BerVarray ref = referral_rewrite( default_referral, + NULL, &pbase, scope ); + send_ldap_result( conn, op, rc = LDAP_REFERRAL, - NULL, NULL, default_referral, NULL ); + NULL, NULL, ref ? ref : default_referral, NULL ); + + ber_bvarray_free( ref ); + goto return_results; + } + /* check restrictions */ + rc = backend_check_restrictions( be, conn, op, NULL, &text ) ; + if( rc != LDAP_SUCCESS ) { + send_ldap_result( conn, op, rc, + NULL, text, NULL, NULL ); goto return_results; } + /* check for referrals */ + rc = backend_check_referrals( be, conn, op, &pbase, &nbase ); + if ( rc != LDAP_SUCCESS ) { + goto return_results; + } + + /* deref the base if needed */ + suffix_alias( be, &nbase ); + /* actually do the search and send the result(s) */ if ( be->be_search ) { - (*be->be_search)( be, conn, op, base, scope, deref, sizelimit, - timelimit, filter, fstr, attrs, attrsonly ); + (*be->be_search)( be, conn, op, &pbase, &nbase, + scope, deref, sizelimit, + timelimit, filter, &fstr, an, attrsonly ); } else { send_ldap_result( conn, op, rc = LDAP_UNWILLING_TO_PERFORM, - NULL, "Function not implemented", NULL, NULL ); + NULL, "operation not supported within namingContext", + NULL, NULL ); } return_results:; - if( base != NULL) free( base ); - if( fstr != NULL) free( fstr ); + if( pbase.bv_val != NULL) free( pbase.bv_val ); + if( nbase.bv_val != NULL) free( nbase.bv_val ); + + if( fstr.bv_val != NULL) free( fstr.bv_val ); if( filter != NULL) filter_free( filter ); - if ( attrs != NULL ) { - charray_free( attrs ); - } + free(an); return rc; }