From 5852f7188b8016e9adda452b30e914058a55c80d Mon Sep 17 00:00:00 2001
From: Kurt Zeilenga <kurt@openldap.org>
Date: Mon, 11 Sep 2000 21:57:14 +0000
Subject: [PATCH] Add 'defaultSearchBase' configuration directive to help
 support brain-damaged LDAPv2 clients.

---
 doc/man/man5/slapd.conf.5  |  4 +++
 servers/slapd/config.c     | 56 +++++++++++++++++++++++++++++++++++++-
 servers/slapd/proto-slap.h |  2 ++
 servers/slapd/search.c     |  7 +++++
 4 files changed, 68 insertions(+), 1 deletion(-)

diff --git a/doc/man/man5/slapd.conf.5 b/doc/man/man5/slapd.conf.5
index bae64808f0..699b0696d7 100644
--- a/doc/man/man5/slapd.conf.5
+++ b/doc/man/man5/slapd.conf.5
@@ -133,6 +133,10 @@ recommended that
 directives be used instead.
 .RE
 .TP
+.B defaultsearchbase <dn>
+Specify a default search base to use when client submits a
+non-base search request with an empty base DN.
+.TP
 .B disallow <features>
 Specify a set of features (separated by white space) to
 disallow (default none).
diff --git a/servers/slapd/config.c b/servers/slapd/config.c
index b364a3066e..ef8fe5e0f2 100644
--- a/servers/slapd/config.c
+++ b/servers/slapd/config.c
@@ -38,6 +38,8 @@ char	*global_realm = NULL;
 char	*global_ucdata_path = NULL;
 char		*ldap_srvtab = "";
 char		*default_passwd_hash;
+char		*default_search_base = NULL;
+char		*default_search_nbase = NULL;
 
 char   *slapd_pid_file  = NULL;
 char   *slapd_args_file = NULL;
@@ -167,6 +169,47 @@ read_config( const char *fname )
 
 			ldap_pvt_thread_set_concurrency( c );
 
+		/* default search base */
+		} else if ( strcasecmp( cargv[0], "defaultSearchBase" ) == 0 ) {
+			if ( cargc < 2 ) {
+				Debug( LDAP_DEBUG_ANY, "%s: line %d: "
+					"missing dn in \"defaultSearchBase <dn>\" line\n",
+					fname, lineno, 0 );
+				return 1;
+
+			} else if ( cargc > 2 ) {
+				Debug( LDAP_DEBUG_ANY, "%s: line %d: "
+					"extra cruft after <dn> in \"defaultSearchBase %s\", "
+					"line (ignored)\n",
+					fname, lineno, cargv[1] );
+			}
+
+			if ( bi != NULL || be != NULL ) {
+				Debug( LDAP_DEBUG_ANY, "%s: line %d: "
+					"defaultSearchBaase line must appear prior to "
+					"any backend or database definition\n",
+				    fname, lineno, 0 );
+				return 1;
+			}
+
+			if ( default_search_base != NULL ) {
+				Debug( LDAP_DEBUG_ANY, "%s: line %d: "
+					"default search base \"%s\" already defined "
+					"(discarding old)\n",
+					fname, lineno, default_search_base );
+				free( default_search_base );
+			}
+
+			default_search_base = ch_strdup( cargv[1] );
+			default_search_nbase = ch_strdup( cargv[1] );
+
+			if( dn_normalize( default_search_nbase ) == NULL ) {
+				Debug( LDAP_DEBUG_ANY, "%s: line %d: "
+					"invalid default search base \"%s\""
+					"(discarding old)\n",
+					fname, lineno, default_search_base );
+			}
+	       
 		/* set maximum threads in thread pool */
 		} else if ( strcasecmp( cargv[0], "threads" ) == 0 ) {
 			int c;
@@ -359,7 +402,18 @@ read_config( const char *fname )
 				    fname, lineno, tmp_be->be_suffix[0] );
 			} else {
 				char *dn = ch_strdup( cargv[1] );
-				(void) dn_validate( dn );
+				if( dn_validate( dn ) == NULL ) {
+					Debug( LDAP_DEBUG_ANY, "%s: line %d: "
+						"suffix DN invalid \"%s\"\n",
+				    	fname, lineno, cargv[1] );
+					return 1;
+
+				} else if( *dn == '\0' && default_search_nbase != NULL ) {
+					Debug( LDAP_DEBUG_ANY, "%s: line %d: "
+						"suffix DN empty and default "
+						"search base provided \"%s\" (assuming okay)\n",
+			    		fname, lineno, default_search_base );
+				}
 				charray_add( &be->be_suffix, dn );
 				(void) ldap_pvt_str2upper( dn );
 				charray_add( &be->be_nsuffix, dn );
diff --git a/servers/slapd/proto-slap.h b/servers/slapd/proto-slap.h
index 1172140607..fbcb5e2510 100644
--- a/servers/slapd/proto-slap.h
+++ b/servers/slapd/proto-slap.h
@@ -776,6 +776,8 @@ LDAP_SLAPD_F (char)		*global_ucdata_path;
 LDAP_SLAPD_F (char)		*default_passwd_hash;
 LDAP_SLAPD_F (int)		lber_debug;
 LDAP_SLAPD_F (int)		ldap_syslog;
+LDAP_SLAPD_F (char *)	default_search_base;
+LDAP_SLAPD_F (char *)	default_search_nbase;
 
 LDAP_SLAPD_F (ldap_pvt_thread_mutex_t)	num_sent_mutex;
 LDAP_SLAPD_F (long)		num_bytes_sent;
diff --git a/servers/slapd/search.c b/servers/slapd/search.c
index 92e36b0ab8..1749dede27 100644
--- a/servers/slapd/search.c
+++ b/servers/slapd/search.c
@@ -202,6 +202,13 @@ do_search(
 		}
 	}
 
+	if( nbase[0] == '\0' && default_search_nbase != NULL ) {
+		ch_free( base );
+		ch_free( nbase );
+		base = ch_strdup( default_search_base );
+		nbase = ch_strdup( default_search_nbase );
+	}
+
 	/*
 	 * We could be serving multiple database backends.  Select the
 	 * appropriate one, or send a referral to our "referral server"
-- 
GitLab