From: Quanah Gibson-Mount <quanah@openldap.org>
Date: Mon, 2 Feb 2009 23:53:14 +0000 (+0000)
Subject: ITS#5916
X-Git-Tag: OPENLDAP_REL_ENG_2_4_14~38
X-Git-Url: https://git.sur5r.net/?a=commitdiff_plain;h=f32c8b4d258e4445b795ba3ccfb01d689a4f171c;p=openldap

ITS#5916
---

diff --git a/CHANGES b/CHANGES
index e993b591c2..bf0a1ed6f8 100644
--- a/CHANGES
+++ b/CHANGES
@@ -5,6 +5,7 @@ OpenLDAP 2.4.14 Engineering
 	Added libldap TLS_PROTOCOL_MIN (ITS#5655)
 	Added libldap GnuTLS support for TLS_CIPHER_SUITE (ITS#5887)
 	Added libldap GnuTLS setting random file (ITS#5462)
+	Added libldap alias dereferencing in C API (ITS#5916)
 	Fixed libldap avl to macroize constants (ITS#5909)
 	Fixed libldap deref handling (ITS#5768)
 	Fixed libldap peer cert memory leak (ITS#5849)
@@ -34,6 +35,7 @@ OpenLDAP 2.4.14 Engineering
 	Fixed slapd-hdb idlcache with empty suffix (ITS#5859)
 	Fixed slapd-ldap idassert-bind validity checking (ITS#5863)
 	Fixed slapd-ldap/meta RFC4525 increment support (ITS#5912)
+	Fixed slapd-ldap/meta search dereferencing (ITS#5916)
 	Fixed slapd-ldif numerous bugs (ITS#5408)
 	Fixed slapd-ldif rename on same DN (ITS#5319)
 	Fixed slapd-ldif deadlock (ITS#5329)
diff --git a/include/ldap_pvt.h b/include/ldap_pvt.h
index 8760591023..a75bc3edd5 100644
--- a/include/ldap_pvt.h
+++ b/include/ldap_pvt.h
@@ -304,6 +304,34 @@ LDAP_F( int )
 ldap_bv2escaped_filter_value_x LDAP_P(( struct berval *in, struct berval *out,
 	int inplace, void *ctx ));
 
+LDAP_F (int) ldap_pvt_search LDAP_P((
+	struct ldap *ld,
+	LDAP_CONST char *base,
+	int scope,
+	LDAP_CONST char *filter,
+	char **attrs,
+	int attrsonly,
+	struct ldapcontrol **sctrls,
+	struct ldapcontrol **cctrls,
+	struct timeval *timeout,
+	int sizelimit,
+	int deref,
+	int *msgidp ));
+
+LDAP_F(int) ldap_pvt_search_s LDAP_P((
+	struct ldap *ld,
+	LDAP_CONST char *base,
+	int scope,
+	LDAP_CONST char *filter,
+	char **attrs,
+	int attrsonly,
+	struct ldapcontrol **sctrls,
+	struct ldapcontrol **cctrls,
+	struct timeval *timeout,
+	int sizelimit,
+	int deref,
+	struct ldapmsg **res ));
+
 /* string.c */
 LDAP_F( char * )
 ldap_pvt_str2upper LDAP_P(( char *str ));
diff --git a/libraries/libldap/ldap-int.h b/libraries/libldap/ldap-int.h
index 6b6cf08af4..81c4e6e1d1 100644
--- a/libraries/libldap/ldap-int.h
+++ b/libraries/libldap/ldap-int.h
@@ -602,6 +602,7 @@ LDAP_F (BerElement *) ldap_build_search_req LDAP_P((
 	LDAPControl **cctrls,
 	ber_int_t timelimit,
 	ber_int_t sizelimit,
+	ber_int_t deref,
 	ber_int_t *msgidp));
 
 
diff --git a/libraries/libldap/search.c b/libraries/libldap/search.c
index 5ae25a366c..7dfdbd16c3 100644
--- a/libraries/libldap/search.c
+++ b/libraries/libldap/search.c
@@ -65,6 +65,25 @@ ldap_search_ext(
 	struct timeval *timeout,
 	int sizelimit,
 	int *msgidp )
+{
+	return ldap_pvt_search( ld, base, scope, filter, attrs,
+		attrsonly, sctrls, cctrls, timeout, sizelimit, -1, msgidp );
+}
+
+int
+ldap_pvt_search(
+	LDAP *ld,
+	LDAP_CONST char *base,
+	int scope,
+	LDAP_CONST char *filter,
+	char **attrs,
+	int attrsonly,
+	LDAPControl **sctrls,
+	LDAPControl **cctrls,
+	struct timeval *timeout,
+	int sizelimit,
+	int deref,
+	int *msgidp )
 {
 	int rc;
 	BerElement	*ber;
@@ -98,7 +117,7 @@ ldap_search_ext(
 	}
 
 	ber = ldap_build_search_req( ld, base, scope, filter, attrs,
-	    attrsonly, sctrls, cctrls, timelimit, sizelimit, &id ); 
+	    attrsonly, sctrls, cctrls, timelimit, sizelimit, deref, &id ); 
 
 	if ( ber == NULL ) {
 		return ld->ld_errno;
@@ -127,12 +146,31 @@ ldap_search_ext_s(
 	struct timeval *timeout,
 	int sizelimit,
 	LDAPMessage **res )
+{
+	return ldap_pvt_search_s( ld, base, scope, filter, attrs,
+		attrsonly, sctrls, cctrls, timeout, sizelimit, -1, res );
+}
+
+int
+ldap_pvt_search_s(
+	LDAP *ld,
+	LDAP_CONST char *base,
+	int scope,
+	LDAP_CONST char *filter,
+	char **attrs,
+	int attrsonly,
+	LDAPControl **sctrls,
+	LDAPControl **cctrls,
+	struct timeval *timeout,
+	int sizelimit,
+	int deref,
+	LDAPMessage **res )
 {
 	int rc;
 	int	msgid;
 
-	rc = ldap_search_ext( ld, base, scope, filter, attrs, attrsonly,
-		sctrls, cctrls, timeout, sizelimit, &msgid );
+	rc = ldap_pvt_search( ld, base, scope, filter, attrs, attrsonly,
+		sctrls, cctrls, timeout, sizelimit, deref, &msgid );
 
 	if ( rc != LDAP_SUCCESS ) {
 		return( rc );
@@ -188,7 +226,7 @@ ldap_search(
 	assert( LDAP_VALID( ld ) );
 
 	ber = ldap_build_search_req( ld, base, scope, filter, attrs,
-	    attrsonly, NULL, NULL, -1, -1, &id ); 
+	    attrsonly, NULL, NULL, -1, -1, -1, &id ); 
 
 	if ( ber == NULL ) {
 		return( -1 );
@@ -212,6 +250,7 @@ ldap_build_search_req(
 	LDAPControl **cctrls,
 	ber_int_t timelimit,
 	ber_int_t sizelimit,
+	ber_int_t deref,
 	ber_int_t *idp)
 {
 	BerElement	*ber;
@@ -267,7 +306,8 @@ ldap_build_search_req(
 	    char *dn = ld->ld_options.ldo_cldapdn;
 	    if (!dn) dn = "";
 	    err = ber_printf( ber, "{ist{seeiib", *idp, dn,
-		LDAP_REQ_SEARCH, base, (ber_int_t) scope, ld->ld_deref,
+		LDAP_REQ_SEARCH, base, (ber_int_t) scope,
+		(deref < 0) ? ld->ld_deref : deref,
 		(sizelimit < 0) ? ld->ld_sizelimit : sizelimit,
 		(timelimit < 0) ? ld->ld_timelimit : timelimit,
 		attrsonly );
diff --git a/servers/slapd/back-ldap/search.c b/servers/slapd/back-ldap/search.c
index f4cf73233a..a3718aca4c 100644
--- a/servers/slapd/back-ldap/search.c
+++ b/servers/slapd/back-ldap/search.c
@@ -180,12 +180,6 @@ ldap_back_search(
 	 * to map attrs and maybe rewrite value
 	 */
 
-	/* should we check return values? */
-	if ( op->ors_deref != -1 ) {
-		ldap_set_option( lc->lc_ld, LDAP_OPT_DEREF,
-				(void *)&op->ors_deref );
-	}
-
 	if ( op->ors_tlimit != SLAP_NO_LIMIT ) {
 		tv.tv_sec = op->ors_tlimit;
 		tv.tv_usec = 0;
@@ -221,11 +215,11 @@ ldap_back_search(
 	/* deal with <draft-zeilenga-ldap-t-f> filters */
 	filter = op->ors_filterstr;
 retry:
-	rs->sr_err = ldap_search_ext( lc->lc_ld, op->o_req_dn.bv_val,
+	rs->sr_err = ldap_pvt_search( lc->lc_ld, op->o_req_dn.bv_val,
 			op->ors_scope, filter.bv_val,
 			attrs, op->ors_attrsonly, ctrls, NULL,
 			tv.tv_sec ? &tv : NULL,
-			op->ors_slimit, &msgid );
+			op->ors_slimit, op->ors_deref, &msgid );
 
 	if ( rs->sr_err != LDAP_SUCCESS ) {
 		switch ( rs->sr_err ) {
@@ -853,9 +847,9 @@ retry:
 	}
 
 	/* TODO: timeout? */
-	rc = ldap_search_ext_s( lc->lc_ld, ndn->bv_val, LDAP_SCOPE_BASE, filter,
+	rc = ldap_pvt_search_s( lc->lc_ld, ndn->bv_val, LDAP_SCOPE_BASE, filter,
 				attrp, 0, ctrls, NULL,
-				NULL, LDAP_NO_LIMIT, &result );
+				NULL, LDAP_NO_LIMIT, op->ors_deref, &result );
 	if ( rc != LDAP_SUCCESS ) {
 		if ( rc == LDAP_SERVER_DOWN && do_retry ) {
 			do_retry = 0;
diff --git a/servers/slapd/back-meta/search.c b/servers/slapd/back-meta/search.c
index efde921bce..6f237ea08e 100644
--- a/servers/slapd/back-meta/search.c
+++ b/servers/slapd/back-meta/search.c
@@ -590,13 +590,6 @@ meta_back_search_start(
 	}
 
 retry:;
-	/* should we check return values? */
-	if ( op->ors_deref != -1 ) {
-		assert( msc->msc_ld != NULL );
-		(void)ldap_set_option( msc->msc_ld, LDAP_OPT_DEREF,
-				( void * )&op->ors_deref );
-	}
-
 	ctrls = op->o_ctrls;
 	if ( meta_back_controls_add( op, rs, *mcp, candidate, &ctrls )
 		!= LDAP_SUCCESS )
@@ -610,10 +603,10 @@ retry:;
 	 * Starts the search
 	 */
 	assert( msc->msc_ld != NULL );
-	rc = ldap_search_ext( msc->msc_ld,
+	rc = ldap_pvt_search( msc->msc_ld,
 			mbase.bv_val, realscope, mfilter.bv_val,
 			mapped_attrs, op->ors_attrsonly,
-			ctrls, NULL, tvp, op->ors_slimit,
+			ctrls, NULL, tvp, op->ors_slimit, op->ors_deref,
 			&candidates[ candidate ].sr_msgid ); 
 	switch ( rc ) {
 	case LDAP_SUCCESS: