diff -r 0a29110b94ec -r d22ff46c171c src/server/safs/ldap.c --- a/src/server/safs/ldap.c Sat Mar 11 17:14:51 2023 +0100 +++ b/src/server/safs/ldap.c Sun Mar 12 11:29:02 2023 +0100 @@ -47,35 +47,35 @@ return -1; } -int ldap_query_saf(pblock *pb, Session *sn, Request *rq) { +int service_ldap_search(pblock *pb, Session *sn, Request *rq) { char *resource_name = pblock_findval("resource", pb); char *basedn = pblock_findval("basedn", pb); char *binddn = pblock_findval("bindnd", pb); char *bindpw = pblock_findval("bindpw", pb); - char *ldap_query = pblock_findval("query", pb); - char *empty_query_error = pblock_findval("empty_query_error", pb); + char *filter = pblock_findval("filter", pb); + char *empty_query_error = pblock_findval("empty_filter_error", pb); char *empty_result_error = pblock_findval("empty_result_error", pb); char *scope_str = pblock_findval("scope", pb); char *timeout_str = pblock_findval("timeout", pb); char *sizelimit_str = pblock_findval("sizelimit", pb); - int status_empty_query = WS_SAFS_LDAP_EMPTY_QUERY_ERROR; + int status_empty_filter = WS_SAFS_LDAP_EMPTY_FILTER_ERROR; int status_empty_result = WS_SAFS_LDAP_EMPTY_RESULT_ERROR; if(empty_query_error) { int64_t status = 0; util_strtoint(empty_query_error, &status); if(status < 200 || status > 999) { - log_ereport(LOG_MISCONFIG, "ldap-query: empty_query_error parameter must be an integer between 200 and 999"); + log_ereport(LOG_MISCONFIG, "ldap-search: empty_query_error parameter must be an integer between 200 and 999"); return REQ_ABORTED; } - status_empty_query = status; + status_empty_filter = status; } if(empty_result_error) { int64_t status = 0; util_strtoint(empty_result_error, &status); if(status < 200 || status > 999) { - log_ereport(LOG_MISCONFIG, "ldap-query: empty_result_error parameter must be an integer between 200 and 999"); + log_ereport(LOG_MISCONFIG, "ldap-search: empty_result_error parameter must be an integer between 200 and 999"); return REQ_ABORTED; } status_empty_result = status; @@ -83,14 +83,14 @@ // should we sent an empty response in case of an empty query/result // or the standard error message? - WSBool empty_query_response = status_empty_query < 300 ? TRUE : FALSE; + WSBool empty_query_response = status_empty_filter < 300 ? TRUE : FALSE; WSBool empty_result_response = status_empty_result < 300 ? TRUE : FALSE; int scope = WS_SAFS_LDAP_DEFAULT_SCOPE; if(scope_str) { scope = get_ldap_scope(scope_str); if(scope < 0) { - log_ereport(LOG_MISCONFIG, "ldap-query: unknown scope %s", scope_str); + log_ereport(LOG_MISCONFIG, "ldap-search: unknown scope %s", scope_str); return REQ_ABORTED; } } @@ -99,47 +99,50 @@ int64_t t; if(util_strtoint(timeout_str, &t)) { if(t < 0 || t > WS_SAFS_LDAP_MAX_TIMEOUT) { - log_ereport(LOG_MISCONFIG, "ldap-query: timeout out of range"); + log_ereport(LOG_MISCONFIG, "ldap-search: timeout out of range"); return REQ_ABORTED; } timeout = t; } else { - log_ereport(LOG_MISCONFIG, "ldap-query: timeout %s is not a number", timeout_str); + log_ereport(LOG_MISCONFIG, "ldap-search: timeout %s is not a number", timeout_str); } } int sizelimit = WS_SAFS_LDAP_DEFAULT_SIZELIMIT; - if(timeout_str) { + if(sizelimit_str) { int64_t v; - if(util_strtoint(timeout_str, &v)) { + if(util_strtoint(sizelimit_str, &v)) { if(v > INT_MAX) { - log_ereport(LOG_MISCONFIG, "ldap-query: sizelimit out of range"); + log_ereport(LOG_MISCONFIG, "ldap-search: sizelimit out of range"); return REQ_ABORTED; } sizelimit = v; } else { - log_ereport(LOG_MISCONFIG, "ldap-query: sizelimit %s is not a number", timeout_str); + log_ereport(LOG_MISCONFIG, "ldap-search: sizelimit %s is not a number", timeout_str); } } if(!resource_name) { - log_ereport(LOG_MISCONFIG, "ldap-query: missing resource parameter"); + log_ereport(LOG_MISCONFIG, "ldap-search: missing resource parameter"); return REQ_ABORTED; } if(!basedn) { - log_ereport(LOG_MISCONFIG, "ldap-query: missing basedn parameter"); + log_ereport(LOG_MISCONFIG, "ldap-search: missing basedn parameter"); return REQ_ABORTED; } - if(!ldap_query) { - // alternatively get query from rq->vars - ldap_query = pblock_findval("ldap_query", rq->vars); - if(!ldap_query) { - // no ldap query - protocol_status(sn, rq, status_empty_query, NULL); + if(!filter) { + // alternatively get filter from rq->vars + filter = pblock_findval("ldap_filter", rq->vars); + log_ereport(LOG_DEBUG, "ldap-search: no filter parameter, rq.vars ldap_filter: %s", filter); + if(!filter) { + // no ldap filter + protocol_status(sn, rq, status_empty_filter, NULL); if(empty_query_response) { pblock_nvinsert("content-length", "0", rq->srvhdrs); http_start_response(sn, rq); + } else { + log_ereport(LOG_FAILURE, "ldap-search: no filter specified"); } return REQ_PROCEED; } @@ -148,7 +151,7 @@ // get the resource ResourceData *resdata = resourcepool_lookup(sn, rq, resource_name, 0); if(!resdata) { - log_ereport(LOG_FAILURE, "ldap-query: cannot get resource %s", resource_name); + log_ereport(LOG_FAILURE, "ldap-search: cannot get resource %s", resource_name); return REQ_ABORTED; } LDAP *ldap = resdata->data; @@ -157,7 +160,7 @@ if(binddn) { struct berval *server_cred; if(ws_ldap_bind(ldap, binddn, bindpw ? bindpw : "", &server_cred) != LDAP_SUCCESS) { - log_ereport(LOG_FAILURE, "ldap-query: resource %s: cannot bind %s", resource_name, binddn); + log_ereport(LOG_FAILURE, "ldap-search: resource %s: cannot bind %s", resource_name, binddn); resourcepool_free(sn, rq, resdata); return REQ_ABORTED; } @@ -173,7 +176,7 @@ ldap, basedn, LDAP_SCOPE_SUBTREE, - ldap_query, + filter, NULL, 0, NULL, // server controls @@ -186,7 +189,7 @@ if(result) { ldap_msgfree(result); } - log_ereport(LOG_FAILURE, "ldap-query: ldap error: %s", ldap_err2string(r)); + log_ereport(LOG_FAILURE, "ldap-search: ldap error: %s", ldap_err2string(r)); return REQ_ABORTED; }