1 /* noopsrch.c - LDAP Control that counts entries a search would return */
2 /* $OpenLDAP$ */
3 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
4 *
5 * Copyright 2010-2021 The OpenLDAP Foundation.
6 * All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted only as authorized by the OpenLDAP
10 * Public License.
11 *
12 * A copy of this license is available in the file LICENSE in the
13 * top-level directory of the distribution or, alternatively, at
14 * <http://www.OpenLDAP.org/license.html>.
15 */
16 /* ACKNOWLEDGEMENTS:
17 * This work was initially developed by Pierangelo Masarati for inclusion
18 * in OpenLDAP Software.
19 */
20
21 #include "portable.h"
22
23 /* define SLAPD_OVER_NOOPSRCH=2 to build as run-time loadable module */
24 #ifdef SLAPD_OVER_NOOPSRCH
25
26 /*
27 * Control OID
28 */
29 #define LDAP_CONTROL_X_NOOPSRCH "1.3.6.1.4.1.4203.666.5.18"
30
31 #include "slap.h"
32 #include "ac/string.h"
33
34 #define o_noopsrch o_ctrlflag[noopsrch_cid]
35 #define o_ctrlnoopsrch o_controls[noopsrch_cid]
36
37 static int noopsrch_cid;
38 static slap_overinst noopsrch;
39
40 static int
noopsrch_parseCtrl(Operation * op,SlapReply * rs,LDAPControl * ctrl)41 noopsrch_parseCtrl (
42 Operation *op,
43 SlapReply *rs,
44 LDAPControl *ctrl )
45 {
46 if ( op->o_noopsrch != SLAP_CONTROL_NONE ) {
47 rs->sr_text = "No-op Search control specified multiple times";
48 return LDAP_PROTOCOL_ERROR;
49 }
50
51 if ( !BER_BVISNULL( &ctrl->ldctl_value ) ) {
52 rs->sr_text = "No-op Search control value is present";
53 return LDAP_PROTOCOL_ERROR;
54 }
55
56 op->o_ctrlnoopsrch = (void *)NULL;
57
58 op->o_noopsrch = ctrl->ldctl_iscritical
59 ? SLAP_CONTROL_CRITICAL
60 : SLAP_CONTROL_NONCRITICAL;
61
62 rs->sr_err = LDAP_SUCCESS;
63
64 return rs->sr_err;
65 }
66
67 int dummy;
68
69 typedef struct noopsrch_cb_t {
70 slap_overinst *nc_on;
71 ber_int_t nc_nentries;
72 ber_int_t nc_nsearchref;
73 AttributeName *nc_save_attrs;
74 int *nc_pdummy;
75 int nc_save_slimit;
76 } noopsrch_cb_t;
77
78 static int
noopsrch_response(Operation * op,SlapReply * rs)79 noopsrch_response( Operation *op, SlapReply *rs )
80 {
81 noopsrch_cb_t *nc = (noopsrch_cb_t *)op->o_callback->sc_private;
82
83 /* if the control is global, limits are not computed yet */
84 if ( nc->nc_pdummy == &dummy ) {
85 nc->nc_save_slimit = op->ors_slimit;
86 op->ors_slimit = SLAP_NO_LIMIT;
87 nc->nc_pdummy = NULL;
88 }
89
90 if ( rs->sr_type == REP_SEARCH ) {
91 nc->nc_nentries++;
92 #ifdef NOOPSRCH_DEBUG
93 Debug( LDAP_DEBUG_TRACE, "noopsrch_response(REP_SEARCH): nentries=%d\n", nc->nc_nentries, 0, 0 );
94 #endif
95 return 0;
96
97 } else if ( rs->sr_type == REP_SEARCHREF ) {
98 nc->nc_nsearchref++;
99 return 0;
100
101 } else if ( rs->sr_type == REP_RESULT ) {
102 BerElementBuffer berbuf;
103 BerElement *ber = (BerElement *) &berbuf;
104 struct berval ctrlval;
105 LDAPControl *ctrl, *ctrlsp[2];
106 int rc = rs->sr_err;
107
108 if ( nc->nc_save_slimit >= 0 && nc->nc_nentries >= nc->nc_save_slimit ) {
109 rc = LDAP_SIZELIMIT_EXCEEDED;
110 }
111
112 #ifdef NOOPSRCH_DEBUG
113 Debug( LDAP_DEBUG_TRACE, "noopsrch_response(REP_RESULT): err=%d nentries=%d nref=%d\n", rc, nc->nc_nentries, nc->nc_nsearchref );
114 #endif
115
116 ber_init2( ber, NULL, LBER_USE_DER );
117
118 ber_printf( ber, "{iii}", rc, nc->nc_nentries, nc->nc_nsearchref );
119 if ( ber_flatten2( ber, &ctrlval, 0 ) == -1 ) {
120 ber_free_buf( ber );
121 if ( op->o_noopsrch == SLAP_CONTROL_CRITICAL ) {
122 return LDAP_CONSTRAINT_VIOLATION;
123 }
124 return SLAP_CB_CONTINUE;
125 }
126
127 ctrl = op->o_tmpcalloc( 1,
128 sizeof( LDAPControl ) + ctrlval.bv_len + 1,
129 op->o_tmpmemctx );
130 ctrl->ldctl_value.bv_val = (char *)&ctrl[ 1 ];
131 ctrl->ldctl_oid = LDAP_CONTROL_X_NOOPSRCH;
132 ctrl->ldctl_iscritical = 0;
133 ctrl->ldctl_value.bv_len = ctrlval.bv_len;
134 AC_MEMCPY( ctrl->ldctl_value.bv_val, ctrlval.bv_val, ctrlval.bv_len );
135 ctrl->ldctl_value.bv_val[ ctrl->ldctl_value.bv_len ] = '\0';
136
137 ber_free_buf( ber );
138
139 ctrlsp[0] = ctrl;
140 ctrlsp[1] = NULL;
141 slap_add_ctrls( op, rs, ctrlsp );
142 }
143 return SLAP_CB_CONTINUE;
144 }
145
146 static int
noopsrch_cleanup(Operation * op,SlapReply * rs)147 noopsrch_cleanup( Operation *op, SlapReply *rs )
148 {
149 if ( rs->sr_type == REP_RESULT || rs->sr_err == SLAPD_ABANDON ) {
150 noopsrch_cb_t *nc = (noopsrch_cb_t *)op->o_callback->sc_private;
151 op->ors_attrs = nc->nc_save_attrs;
152 if ( nc->nc_pdummy == NULL ) {
153 op->ors_slimit = nc->nc_save_slimit;
154 }
155
156 op->o_tmpfree( op->o_callback, op->o_tmpmemctx );
157 op->o_callback = NULL;
158 }
159
160 return SLAP_CB_CONTINUE;
161 }
162
163 static int
noopsrch_op_search(Operation * op,SlapReply * rs)164 noopsrch_op_search( Operation *op, SlapReply *rs )
165 {
166 if ( op->o_noopsrch != SLAP_CONTROL_NONE ) {
167 slap_callback *sc;
168 noopsrch_cb_t *nc;
169
170 sc = op->o_tmpcalloc( 1, sizeof( slap_callback ) + sizeof( noopsrch_cb_t ), op->o_tmpmemctx );
171
172 nc = (noopsrch_cb_t *)&sc[ 1 ];
173 nc->nc_on = (slap_overinst *)op->o_bd->bd_info;
174 nc->nc_nentries = 0;
175 nc->nc_nsearchref = 0;
176 nc->nc_save_attrs = op->ors_attrs;
177 nc->nc_pdummy = &dummy;
178
179 sc->sc_response = noopsrch_response;
180 sc->sc_cleanup = noopsrch_cleanup;
181 sc->sc_private = (void *)nc;
182
183 op->ors_attrs = slap_anlist_no_attrs;
184
185 sc->sc_next = op->o_callback->sc_next;
186 op->o_callback->sc_next = sc;
187 }
188
189 return SLAP_CB_CONTINUE;
190 }
191
192 static int noopsrch_cnt;
193
194 static int
noopsrch_db_init(BackendDB * be,ConfigReply * cr)195 noopsrch_db_init( BackendDB *be, ConfigReply *cr)
196 {
197 if ( noopsrch_cnt++ == 0 ) {
198 int rc;
199
200 rc = register_supported_control( LDAP_CONTROL_X_NOOPSRCH,
201 SLAP_CTRL_SEARCH | SLAP_CTRL_GLOBAL_SEARCH, NULL,
202 noopsrch_parseCtrl, &noopsrch_cid );
203 if ( rc != LDAP_SUCCESS ) {
204 Debug( LDAP_DEBUG_ANY,
205 "noopsrch_initialize: Failed to register control '%s' (%d)\n",
206 LDAP_CONTROL_X_NOOPSRCH, rc, 0 );
207 return rc;
208 }
209 }
210
211 return LDAP_SUCCESS;
212 }
213
214 static int
noopsrch_db_destroy(BackendDB * be,ConfigReply * cr)215 noopsrch_db_destroy( BackendDB *be, ConfigReply *cr )
216 {
217 assert( noopsrch_cnt > 0 );
218
219 #ifdef SLAP_CONFIG_DELETE
220 overlay_unregister_control( be, LDAP_CONTROL_X_NOOPSRCH );
221 if ( --noopsrch_cnt == 0 ) {
222 unregister_supported_control( LDAP_CONTROL_X_NOOPSRCH );
223 }
224
225 #endif /* SLAP_CONFIG_DELETE */
226
227 return 0;
228 }
229
230 #if SLAPD_OVER_NOOPSRCH == SLAPD_MOD_DYNAMIC
231 static
232 #endif /* SLAPD_OVER_NOOPSRCH == SLAPD_MOD_DYNAMIC */
233 int
noopsrch_initialize(void)234 noopsrch_initialize( void )
235 {
236
237 noopsrch.on_bi.bi_type = "noopsrch";
238
239 noopsrch.on_bi.bi_db_init = noopsrch_db_init;
240 noopsrch.on_bi.bi_db_destroy = noopsrch_db_destroy;
241 noopsrch.on_bi.bi_op_search = noopsrch_op_search;
242
243 return overlay_register( &noopsrch );
244 }
245
246 #if SLAPD_OVER_NOOPSRCH == SLAPD_MOD_DYNAMIC
247 int
init_module(int argc,char * argv[])248 init_module( int argc, char *argv[] )
249 {
250 return noopsrch_initialize();
251 }
252 #endif /* SLAPD_OVER_NOOPSRCH == SLAPD_MOD_DYNAMIC */
253
254 #endif /* SLAPD_OVER_NOOPSRCH */
255