1/* noopsrch.c - LDAP Control that counts entries a search would return */
2/* $OpenLDAP$ */
3/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
4 *
5 * Copyright 2010-2011 The OpenLDAP Foundation.
6 * All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted only as authorized by the OpenLDAP
10 * Public License.
11 *
12 * A copy of this license is available in the file LICENSE in the
13 * top-level directory of the distribution or, alternatively, at
14 * <http://www.OpenLDAP.org/license.html>.
15 */
16/* ACKNOWLEDGEMENTS:
17 * This work was initially developed by Pierangelo Masarati for inclusion
18 * in OpenLDAP Software.
19 */
20
21#include "portable.h"
22
23/* define SLAPD_OVER_NOOPSRCH=2 to build as run-time loadable module */
24#ifdef SLAPD_OVER_NOOPSRCH
25
26/*
27 * Control OID
28 */
29#define	LDAP_CONTROL_X_NOOPSRCH		"1.3.6.1.4.1.4203.666.5.18"
30
31#include "slap.h"
32#include "ac/string.h"
33
34#define o_noopsrch			o_ctrlflag[noopsrch_cid]
35#define o_ctrlnoopsrch		o_controls[noopsrch_cid]
36
37static int noopsrch_cid;
38static slap_overinst noopsrch;
39
40static int
41noopsrch_parseCtrl (
42	Operation *op,
43	SlapReply *rs,
44	LDAPControl *ctrl )
45{
46	if ( op->o_noopsrch != SLAP_CONTROL_NONE ) {
47		rs->sr_text = "No-op Search control specified multiple times";
48		return LDAP_PROTOCOL_ERROR;
49	}
50
51	if ( !BER_BVISNULL( &ctrl->ldctl_value ) ) {
52		rs->sr_text = "No-op Search control value is present";
53		return LDAP_PROTOCOL_ERROR;
54	}
55
56	op->o_ctrlnoopsrch = (void *)NULL;
57
58	op->o_noopsrch = ctrl->ldctl_iscritical
59		? SLAP_CONTROL_CRITICAL
60		: SLAP_CONTROL_NONCRITICAL;
61
62	rs->sr_err = LDAP_SUCCESS;
63
64	return rs->sr_err;
65}
66
67int dummy;
68
69typedef struct noopsrch_cb_t {
70	slap_overinst	*nc_on;
71	ber_int_t		nc_nentries;
72	ber_int_t		nc_nsearchref;
73	AttributeName	*nc_save_attrs;
74	int				*nc_pdummy;
75	int				nc_save_slimit;
76} noopsrch_cb_t;
77
78static int
79noopsrch_response( Operation *op, SlapReply *rs )
80{
81	noopsrch_cb_t		*nc = (noopsrch_cb_t *)op->o_callback->sc_private;
82
83	/* if the control is global, limits are not computed yet  */
84	if ( nc->nc_pdummy == &dummy ) {
85		nc->nc_save_slimit = op->ors_slimit;
86		op->ors_slimit = SLAP_NO_LIMIT;
87		nc->nc_pdummy = NULL;
88	}
89
90	if ( rs->sr_type == REP_SEARCH ) {
91		nc->nc_nentries++;
92#ifdef NOOPSRCH_DEBUG
93		Debug( LDAP_DEBUG_TRACE, "noopsrch_response(REP_SEARCH): nentries=%d\n", nc->nc_nentries, 0, 0 );
94#endif
95		return 0;
96
97	} else if ( rs->sr_type == REP_SEARCHREF ) {
98		nc->nc_nsearchref++;
99		return 0;
100
101	} else if ( rs->sr_type == REP_RESULT ) {
102		BerElementBuffer	berbuf;
103		BerElement			*ber = (BerElement *) &berbuf;
104		struct berval		ctrlval;
105		LDAPControl			*ctrl, *ctrlsp[2];
106		int					rc = rs->sr_err;
107
108		if ( nc->nc_save_slimit >= 0 && nc->nc_nentries >= nc->nc_save_slimit ) {
109			rc = LDAP_SIZELIMIT_EXCEEDED;
110		}
111
112#ifdef NOOPSRCH_DEBUG
113		Debug( LDAP_DEBUG_TRACE, "noopsrch_response(REP_RESULT): err=%d nentries=%d nref=%d\n", rc, nc->nc_nentries, nc->nc_nsearchref );
114#endif
115
116		ber_init2( ber, NULL, LBER_USE_DER );
117
118		ber_printf( ber, "{iii}", rc, nc->nc_nentries, nc->nc_nsearchref );
119		if ( ber_flatten2( ber, &ctrlval, 0 ) == -1 ) {
120			ber_free_buf( ber );
121			if ( op->o_noopsrch == SLAP_CONTROL_CRITICAL ) {
122				return LDAP_CONSTRAINT_VIOLATION;
123			}
124			return SLAP_CB_CONTINUE;
125		}
126
127		ctrl = op->o_tmpcalloc( 1,
128			sizeof( LDAPControl ) + ctrlval.bv_len + 1,
129			op->o_tmpmemctx );
130		ctrl->ldctl_value.bv_val = (char *)&ctrl[ 1 ];
131		ctrl->ldctl_oid = LDAP_CONTROL_X_NOOPSRCH;
132		ctrl->ldctl_iscritical = 0;
133		ctrl->ldctl_value.bv_len = ctrlval.bv_len;
134		AC_MEMCPY( ctrl->ldctl_value.bv_val, ctrlval.bv_val, ctrlval.bv_len );
135		ctrl->ldctl_value.bv_val[ ctrl->ldctl_value.bv_len ] = '\0';
136
137		ber_free_buf( ber );
138
139		ctrlsp[0] = ctrl;
140		ctrlsp[1] = NULL;
141		slap_add_ctrls( op, rs, ctrlsp );
142
143		return SLAP_CB_CONTINUE;
144	}
145}
146
147static int
148noopsrch_cleanup( Operation *op, SlapReply *rs )
149{
150	if ( rs->sr_type == REP_RESULT || rs->sr_err == SLAPD_ABANDON ) {
151		noopsrch_cb_t		*nc = (noopsrch_cb_t *)op->o_callback->sc_private;
152		op->ors_attrs = nc->nc_save_attrs;
153		if ( nc->nc_pdummy == NULL ) {
154			op->ors_slimit = nc->nc_save_slimit;
155		}
156
157		op->o_tmpfree( op->o_callback, op->o_tmpmemctx );
158		op->o_callback = NULL;
159	}
160
161	return SLAP_CB_CONTINUE;
162}
163
164static int
165noopsrch_op_search( Operation *op, SlapReply *rs )
166{
167	if ( op->o_noopsrch != SLAP_CONTROL_NONE ) {
168		slap_callback *sc;
169		noopsrch_cb_t *nc;
170
171		sc = op->o_tmpcalloc( 1, sizeof( slap_callback ) + sizeof( noopsrch_cb_t ), op->o_tmpmemctx );
172
173		nc = (noopsrch_cb_t *)&sc[ 1 ];
174		nc->nc_on = (slap_overinst *)op->o_bd->bd_info;
175		nc->nc_nentries = 0;
176		nc->nc_nsearchref = 0;
177		nc->nc_save_attrs = op->ors_attrs;
178		nc->nc_pdummy = &dummy;
179
180		sc->sc_response = noopsrch_response;
181		sc->sc_cleanup = noopsrch_cleanup;
182		sc->sc_private = (void *)nc;
183
184		op->ors_attrs = slap_anlist_no_attrs;
185
186		sc->sc_next = op->o_callback->sc_next;
187                op->o_callback->sc_next = sc;
188	}
189
190	return SLAP_CB_CONTINUE;
191}
192
193static int noopsrch_cnt;
194
195static int
196noopsrch_db_init( BackendDB *be, ConfigReply *cr)
197{
198	if ( noopsrch_cnt++ == 0 ) {
199		int rc;
200
201		rc = register_supported_control( LDAP_CONTROL_X_NOOPSRCH,
202			SLAP_CTRL_SEARCH, NULL,
203			noopsrch_parseCtrl, &noopsrch_cid );
204		if ( rc != LDAP_SUCCESS ) {
205			Debug( LDAP_DEBUG_ANY,
206				"noopsrch_initialize: Failed to register control '%s' (%d)\n",
207				LDAP_CONTROL_X_NOOPSRCH, rc, 0 );
208			return rc;
209		}
210	}
211
212	return LDAP_SUCCESS;
213}
214
215static int
216noopsrch_db_destroy( BackendDB *be, ConfigReply *cr )
217{
218	assert( noopsrch_cnt > 0 );
219
220#ifdef SLAP_CONFIG_DELETE
221	overlay_unregister_control( be, LDAP_CONTROL_X_NOOPSRCH );
222	if ( --noopsrch_cnt == 0 ) {
223		unregister_supported_control( LDAP_CONTROL_X_NOOPSRCH );
224	}
225
226#endif /* SLAP_CONFIG_DELETE */
227
228	return 0;
229}
230
231#if SLAPD_OVER_NOOPSRCH == SLAPD_MOD_DYNAMIC
232static
233#endif /* SLAPD_OVER_NOOPSRCH == SLAPD_MOD_DYNAMIC */
234int
235noopsrch_initialize( void )
236{
237
238	noopsrch.on_bi.bi_type = "noopsrch";
239
240	noopsrch.on_bi.bi_db_init = noopsrch_db_init;
241	noopsrch.on_bi.bi_db_destroy = noopsrch_db_destroy;
242	noopsrch.on_bi.bi_op_search = noopsrch_op_search;
243
244	return overlay_register( &noopsrch );
245}
246
247#if SLAPD_OVER_NOOPSRCH == SLAPD_MOD_DYNAMIC
248int
249init_module( int argc, char *argv[] )
250{
251	return noopsrch_initialize();
252}
253#endif /* SLAPD_OVER_NOOPSRCH == SLAPD_MOD_DYNAMIC */
254
255#endif /* SLAPD_OVER_NOOPSRCH */
256