X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=servers%2Fslapd%2Fsearch.c;h=c65923cfb546de53d461229250ff2a0143e30032;hb=914253c5635165f60f6bf510b7f1b90f73a4033a;hp=0c1d525f8b91c9e253a00c13b533ed4f11ea3bbb;hpb=4e32148ac59ba6b4f3acc79a3b782cd3556f941a;p=openldap diff --git a/servers/slapd/search.c b/servers/slapd/search.c index 0c1d525f8b..c65923cfb5 100644 --- a/servers/slapd/search.c +++ b/servers/slapd/search.c @@ -1,7 +1,7 @@ /* $OpenLDAP$ */ /* This work is part of OpenLDAP Software . * - * Copyright 1998-2007 The OpenLDAP Foundation. + * Copyright 1998-2013 The OpenLDAP Foundation. * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -112,7 +112,7 @@ do_search( rs->sr_err = dnPrettyNormal( NULL, &base, &op->o_req_dn, &op->o_req_ndn, op->o_tmpmemctx ); if( rs->sr_err != LDAP_SUCCESS ) { - Debug( LDAP_DEBUG_ANY, "%s do_search: invalid dn (%s)\n", + Debug( LDAP_DEBUG_ANY, "%s do_search: invalid dn: \"%s\"\n", op->o_log_prefix, base.bv_val, 0 ); send_ldap_error( op, rs, LDAP_INVALID_DN_SYNTAX, "invalid DN" ); goto return_results; @@ -152,14 +152,44 @@ do_search( const char *dummy; /* ignore msgs from bv2ad */ op->ors_attrs[i].an_desc = NULL; op->ors_attrs[i].an_oc = NULL; - op->ors_attrs[i].an_oc_exclude = 0; + op->ors_attrs[i].an_flags = 0; if ( slap_bv2ad( &op->ors_attrs[i].an_name, &op->ors_attrs[i].an_desc, &dummy ) != LDAP_SUCCESS ) { - slap_bv2undef_ad( &op->ors_attrs[i].an_name, + if ( slap_bv2undef_ad( &op->ors_attrs[i].an_name, &op->ors_attrs[i].an_desc, &dummy, - SLAP_AD_PROXIED|SLAP_AD_NOINSERT ); - }; + SLAP_AD_PROXIED|SLAP_AD_NOINSERT ) ) + { + struct berval *bv = &op->ors_attrs[i].an_name; + + /* RFC 4511 LDAPv3: All User Attributes */ + if ( bvmatch( bv, slap_bv_all_user_attrs ) ) { + continue; + } + + /* RFC 3673 LDAPv3: All Operational Attributes */ + if ( bvmatch( bv, slap_bv_all_operational_attrs ) ) { + continue; + } + + /* RFC 4529 LDAP: Requesting Attributes by Object Class */ + if ( bv->bv_len > 1 && bv->bv_val[0] == '@' ) { + /* FIXME: check if remaining is valid oc name? */ + continue; + } + + /* add more "exceptions" to RFC 4511 4.5.1.8. */ + + /* invalid attribute description? remove */ + if ( ad_keystring( bv ) ) { + /* NOTE: parsed in-place, don't modify; + * rather add "1.1", which must be ignored */ + BER_BVSTR( &op->ors_attrs[i].an_name, LDAP_NO_ATTRS ); + } + + /* otherwise leave in place... */ + } + } } if( get_ctrls( op, rs, 1 ) != LDAP_SUCCESS ) { @@ -180,7 +210,7 @@ do_search( if ( StatslogTest( LDAP_DEBUG_STATS ) ) { char abuf[BUFSIZ/2], *ptr = abuf; - int len = 0, alen; + unsigned len = 0, alen; sprintf(abuf, "scope=%d deref=%d", op->ors_scope, op->ors_deref); Statslog( LDAP_DEBUG_STATS, @@ -227,7 +257,7 @@ return_results:; op->o_tmpfree( op->ors_filterstr.bv_val, op->o_tmpmemctx ); } if ( op->ors_filter != NULL) { - filter_free_x( op, op->ors_filter ); + filter_free_x( op, op->ors_filter, 1 ); } if ( op->ors_attrs != NULL ) { op->o_tmpfree( op->ors_attrs, op->o_tmpmemctx ); @@ -241,8 +271,7 @@ fe_op_search( Operation *op, SlapReply *rs ) { BackendDB *bd = op->o_bd; - /* fake while loop to allow breaking out */ - while ( op->ors_scope == LDAP_SCOPE_BASE ) { + if ( op->ors_scope == LDAP_SCOPE_BASE ) { Entry *entry = NULL; if ( BER_BVISEMPTY( &op->o_req_ndn ) ) { @@ -275,6 +304,12 @@ fe_op_search( Operation *op, SlapReply *rs ) goto return_results; } else if ( entry != NULL ) { + if ( get_assert( op ) && + ( test_filter( op, entry, get_assertion( op )) != LDAP_COMPARE_TRUE )) { + rs->sr_err = LDAP_ASSERTION_FAILED; + goto fail1; + } + rs->sr_err = test_filter( op, entry, op->ors_filter ); if( rs->sr_err == LDAP_COMPARE_TRUE ) { @@ -293,13 +328,12 @@ fe_op_search( Operation *op, SlapReply *rs ) rs->sr_entry = NULL; rs->sr_operational_attrs = NULL; } - entry_free( entry ); - rs->sr_err = LDAP_SUCCESS; +fail1: + entry_free( entry ); send_ldap_result( op, rs ); goto return_results; } - break; } if( BER_BVISEMPTY( &op->o_req_ndn ) && !BER_BVISEMPTY( &default_search_nbase ) ) {