Allow alias dereferencing in search C API; use new API in proxy backends (ITS#5916)

2025-12-24 00:29:35 -05:00 · 2009-01-31 10:27:07 +00:00 · 2009-01-31 10:27:07 +00:00 · 0ded1f16d5
commit 0ded1f16d5
parent 4fa19d927d
4 changed files with 80 additions and 24 deletions
--- a/libraries/libldap/ldap-int.h
+++ b/libraries/libldap/ldap-int.h
@ -591,6 +591,34 @@ LDAP_F (const char *) ldap_int_msgtype2str( ber_tag_t tag );
 /*
 * in search.c
 */
+LDAP_F (int) ldap_int_search LDAP_P((
+	LDAP *ld,
+	LDAP_CONST char *base,
+	int scope,
+	LDAP_CONST char *filter,
+	char **attrs,
+	int attrsonly,
+	LDAPControl **sctrls,
+	LDAPControl **cctrls,
+	struct timeval *timeout,
+	int sizelimit,
+	int deref,
+	int *msgidp ));
+
+LDAP_F(int) ldap_int_search_s LDAP_P((
+	LDAP *ld,
+	LDAP_CONST char *base,
+	int scope,
+	LDAP_CONST char *filter,
+	char **attrs,
+	int attrsonly,
+	LDAPControl **sctrls,
+	LDAPControl **cctrls,
+	struct timeval *timeout,
+	int sizelimit,
+	int deref,
+	LDAPMessage **res ));
+
 LDAP_F (BerElement *) ldap_build_search_req LDAP_P((
 	LDAP *ld,
 	const char *base,
@ -602,6 +630,7 @@ LDAP_F (BerElement *) ldap_build_search_req LDAP_P((
 	LDAPControl **cctrls,
 	ber_int_t timelimit,
 	ber_int_t sizelimit,
+	ber_int_t deref,
 	ber_int_t *msgidp));


--- a/libraries/libldap/search.c
+++ b/libraries/libldap/search.c
@ -65,6 +65,25 @@ ldap_search_ext(
 	struct timeval *timeout,
 	int sizelimit,
 	int *msgidp )
+{
+	return ldap_int_search( ld, base, scope, filter, attrs,
+		attrsonly, sctrls, cctrls, timeout, sizelimit, -1, msgidp );
+}
+
+int
+ldap_int_search(
+	LDAP *ld,
+	LDAP_CONST char *base,
+	int scope,
+	LDAP_CONST char *filter,
+	char **attrs,
+	int attrsonly,
+	LDAPControl **sctrls,
+	LDAPControl **cctrls,
+	struct timeval *timeout,
+	int sizelimit,
+	int deref,
+	int *msgidp )
 {
 	int rc;
 	BerElement	*ber;
@ -98,7 +117,7 @@ ldap_search_ext(
 	}

 	ber = ldap_build_search_req( ld, base, scope, filter, attrs,
-	    attrsonly, sctrls, cctrls, timelimit, sizelimit, &id ); 
+	    attrsonly, sctrls, cctrls, timelimit, sizelimit, deref, &id ); 

 	if ( ber == NULL ) {
 		return ld->ld_errno;
@ -127,12 +146,31 @@ ldap_search_ext_s(
 	struct timeval *timeout,
 	int sizelimit,
 	LDAPMessage **res )
+{
+	return ldap_int_search_s( ld, base, scope, filter, attrs,
+		attrsonly, sctrls, cctrls, timeout, sizelimit, -1, res );
+}
+
+int
+ldap_int_search_s(
+	LDAP *ld,
+	LDAP_CONST char *base,
+	int scope,
+	LDAP_CONST char *filter,
+	char **attrs,
+	int attrsonly,
+	LDAPControl **sctrls,
+	LDAPControl **cctrls,
+	struct timeval *timeout,
+	int sizelimit,
+	int deref,
+	LDAPMessage **res )
 {
 	int rc;
 	int	msgid;

-	rc = ldap_search_ext( ld, base, scope, filter, attrs, attrsonly,
-		sctrls, cctrls, timeout, sizelimit, &msgid );
+	rc = ldap_int_search( ld, base, scope, filter, attrs, attrsonly,
+		sctrls, cctrls, timeout, sizelimit, deref, &msgid );

 	if ( rc != LDAP_SUCCESS ) {
 		return( rc );
@ -188,7 +226,7 @@ ldap_search(
 	assert( LDAP_VALID( ld ) );

 	ber = ldap_build_search_req( ld, base, scope, filter, attrs,
-	    attrsonly, NULL, NULL, -1, -1, &id ); 
+	    attrsonly, NULL, NULL, -1, -1, -1, &id ); 

 	if ( ber == NULL ) {
 		return( -1 );
@ -212,6 +250,7 @@ ldap_build_search_req(
 	LDAPControl **cctrls,
 	ber_int_t timelimit,
 	ber_int_t sizelimit,
+	ber_int_t deref,
 	ber_int_t *idp)
 {
 	BerElement	*ber;
@ -267,7 +306,8 @@ ldap_build_search_req(
 	    char *dn = ld->ld_options.ldo_cldapdn;
 	    if (!dn) dn = "";
 	    err = ber_printf( ber, "{ist{seeiib", *idp, dn,
-		LDAP_REQ_SEARCH, base, (ber_int_t) scope, ld->ld_deref,
+		LDAP_REQ_SEARCH, base, (ber_int_t) scope,
+		(deref < 0) ? ld->ld_deref : deref,
 		(sizelimit < 0) ? ld->ld_sizelimit : sizelimit,
 		(timelimit < 0) ? ld->ld_timelimit : timelimit,
 		attrsonly );
--- a/servers/slapd/back-ldap/search.c
+++ b/servers/slapd/back-ldap/search.c
@ -180,12 +180,6 @@ ldap_back_search(
 	 * to map attrs and maybe rewrite value
 	 */

-	/* should we check return values? */
-	if ( op->ors_deref != -1 ) {
-		ldap_set_option( lc->lc_ld, LDAP_OPT_DEREF,
-				(void *)&op->ors_deref );
-	}
-
 	if ( op->ors_tlimit != SLAP_NO_LIMIT ) {
 		tv.tv_sec = op->ors_tlimit;
 		tv.tv_usec = 0;
@ -221,11 +215,11 @@ ldap_back_search(
 	/* deal with <draft-zeilenga-ldap-t-f> filters */
 	filter = op->ors_filterstr;
 retry:
-	rs->sr_err = ldap_search_ext( lc->lc_ld, op->o_req_dn.bv_val,
+	rs->sr_err = ldap_int_search( lc->lc_ld, op->o_req_dn.bv_val,
 			op->ors_scope, filter.bv_val,
 			attrs, op->ors_attrsonly, ctrls, NULL,
 			tv.tv_sec ? &tv : NULL,
-			op->ors_slimit, &msgid );
+			op->ors_slimit, op->ors_deref, &msgid );

 	if ( rs->sr_err != LDAP_SUCCESS ) {
 		switch ( rs->sr_err ) {
@ -853,9 +847,9 @@ retry:
 	}

 	/* TODO: timeout? */
-	rc = ldap_search_ext_s( lc->lc_ld, ndn->bv_val, LDAP_SCOPE_BASE, filter,
+	rc = ldap_int_search_s( lc->lc_ld, ndn->bv_val, LDAP_SCOPE_BASE, filter,
 				attrp, 0, ctrls, NULL,
-				NULL, LDAP_NO_LIMIT, &result );
+				NULL, LDAP_NO_LIMIT, op->ors_deref, &result );
 	if ( rc != LDAP_SUCCESS ) {
 		if ( rc == LDAP_SERVER_DOWN && do_retry ) {
 			do_retry = 0;
--- a/servers/slapd/back-meta/search.c
+++ b/servers/slapd/back-meta/search.c
@ -590,13 +590,6 @@ meta_back_search_start(
 	}

 retry:;
-	/* should we check return values? */
-	if ( op->ors_deref != -1 ) {
-		assert( msc->msc_ld != NULL );
-		(void)ldap_set_option( msc->msc_ld, LDAP_OPT_DEREF,
-				( void * )&op->ors_deref );
-	}
-
 	ctrls = op->o_ctrls;
 	if ( meta_back_controls_add( op, rs, *mcp, candidate, &ctrls )
 		!= LDAP_SUCCESS )
@ -610,10 +603,10 @@ retry:;
 	 * Starts the search
 	 */
 	assert( msc->msc_ld != NULL );
-	rc = ldap_search_ext( msc->msc_ld,
+	rc = ldap_int_search( msc->msc_ld,
 			mbase.bv_val, realscope, mfilter.bv_val,
 			mapped_attrs, op->ors_attrsonly,
-			ctrls, NULL, tvp, op->ors_slimit,
+			ctrls, NULL, tvp, op->ors_slimit, op->ors_deref,
 			&candidates[ candidate ].sr_msgid ); 
 	switch ( rc ) {
 	case LDAP_SUCCESS: