git.sur5r.net Git - openldap/blob - servers/slapd/back-bdb/search.c

   1 /* search.c - search operation */
   2 /* $OpenLDAP$ */
   3 /*
   4  * Copyright 1998-2002 The OpenLDAP Foundation, All Rights Reserved.
   5  * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
   6  */
   7
   8 #include "portable.h"
   9
  10 #include <stdio.h>
  11 #include <ac/string.h>
  12
  13 #include "back-bdb.h"
  14 #include "idl.h"
  15 #include "external.h"
  16
  17 static int base_candidate(
  18         BackendDB       *be,
  19         Entry   *e,
  20         ID              *ids );
  21 static int search_candidates(
  22         BackendDB *be,
  23         Operation *op,
  24         Entry *e,
  25         Filter *filter,
  26         int scope,
  27         int deref,
  28         ID      *ids );
  29
  30 int
  31 bdb_search(
  32         BackendDB       *be,
  33         Connection      *conn,
  34         Operation       *op,
  35         struct berval   *base,
  36         struct berval   *nbase,
  37         int             scope,
  38         int             deref,
  39         int             slimit,
  40         int             tlimit,
  41         Filter  *filter,
  42         struct berval   *filterstr,
  43         AttributeName   *attrs,
  44         int             attrsonly )
  45 {
  46         struct bdb_info *bdb = (struct bdb_info *) be->be_private;
  47         int             rc;
  48         const char *text = NULL;
  49         time_t          stoptime;
  50         ID              id, cursor;
  51         ID              candidates[BDB_IDL_UM_SIZE];
  52         Entry           *e = NULL;
  53         BerVarray v2refs = NULL;
  54         Entry   *matched = NULL;
  55         struct berval   realbase = { 0, NULL };
  56         int             nentries = 0;
  57         int             manageDSAit;
  58
  59         struct slap_limits_set *limit = NULL;
  60         int isroot = 0;
  61
  62         u_int32_t       locker;
  63         DB_LOCK         lock;
  64
  65 #ifdef NEW_LOGGING
  66         LDAP_LOG (( "search", LDAP_LEVEL_ENTRY,"bdb_back_search\n"));
  67 #else
  68         Debug( LDAP_DEBUG_TRACE, "=> bdb_back_search\n",
  69                 0, 0, 0);
  70 #endif
  71
  72         manageDSAit = get_manageDSAit( op );
  73
  74         LOCK_ID (bdb->bi_dbenv, &locker );
  75
  76         if ( nbase->bv_len == 0 ) {
  77                 /* DIT root special case */
  78                 e = (Entry *) &slap_entry_root;
  79                 rc = 0;
  80         } else
  81 #ifdef BDB_ALIASES
  82         /* get entry with reader lock */
  83         if ( deref & LDAP_DEREF_FINDING ) {
  84                 e = deref_dn_r( be, nbase-, &err, &matched, &text );
  85
  86         } else
  87 #endif
  88         {
  89 dn2entry_retry:
  90                 rc = bdb_dn2entry_r( be, NULL, nbase, &e, &matched, 0, locker, &lock );
  91         }
  92
  93         switch(rc) {
  94         case DB_NOTFOUND:
  95         case 0:
  96                 break;
  97         case LDAP_BUSY:
  98                 if (e != NULL) {
  99                         bdb_cache_return_entry_r(bdb->bi_dbenv, &bdb->bi_cache, e, &lock);
 100                 }
 101                 if (matched != NULL) {
 102                         bdb_cache_return_entry_r(bdb->bi_dbenv, &bdb->bi_cache, matched, &lock);
 103                 }
 104                 send_ldap_result( conn, op, LDAP_BUSY,
 105                         NULL, "ldap server busy", NULL, NULL );
 106                 LOCK_ID_FREE (bdb->bi_dbenv, locker );
 107                 return LDAP_BUSY;
 108         case DB_LOCK_DEADLOCK:
 109         case DB_LOCK_NOTGRANTED:
 110                 goto dn2entry_retry;
 111         default:
 112                 if (e != NULL) {
 113                         bdb_cache_return_entry_r(bdb->bi_dbenv, &bdb->bi_cache, e, &lock);
 114                 }
 115                 if (matched != NULL) {
 116                         bdb_cache_return_entry_r(bdb->bi_dbenv, &bdb->bi_cache, matched, &lock);
 117                 }
 118                 send_ldap_result( conn, op, rc=LDAP_OTHER,
 119                         NULL, "internal error", NULL, NULL );
 120                 LOCK_ID_FREE (bdb->bi_dbenv, locker );
 121                 return rc;
 122         }
 123
 124         if ( e == NULL ) {
 125                 struct berval matched_dn = { 0, NULL };
 126                 BerVarray refs = NULL;
 127
 128                 if ( matched != NULL ) {
 129                         BerVarray erefs;
 130
 131                         ber_dupbv( &matched_dn, &matched->e_name );
 132
 133                         erefs = is_entry_referral( matched )
 134                                 ? get_entry_referrals( be, conn, op, matched )
 135                                 : NULL;
 136
 137                         bdb_cache_return_entry_r (bdb->bi_dbenv, &bdb->bi_cache, matched, &lock);
 138                         matched = NULL;
 139
 140                         if( erefs ) {
 141                                 refs = referral_rewrite( erefs, &matched_dn,
 142                                         base, scope );
 143                                 ber_bvarray_free( erefs );
 144                         }
 145
 146                 } else {
 147                         refs = referral_rewrite( default_referral,
 148                                 NULL, base, scope );
 149                 }
 150
 151                 send_ldap_result( conn, op,     rc=LDAP_REFERRAL ,
 152                         matched_dn.bv_val, text, refs, NULL );
 153
 154                 LOCK_ID_FREE (bdb->bi_dbenv, locker );
 155                 if ( refs ) ber_bvarray_free( refs );
 156                 if ( matched_dn.bv_val ) ber_memfree( matched_dn.bv_val );
 157                 return rc;
 158         }
 159
 160         if (!manageDSAit && e != &slap_entry_root && is_entry_referral( e ) ) {
 161                 /* entry is a referral, don't allow add */
 162                 struct berval matched_dn;
 163                 BerVarray erefs, refs;
 164
 165                 ber_dupbv( &matched_dn, &e->e_name );
 166                 erefs = get_entry_referrals( be, conn, op, e );
 167                 refs = NULL;
 168
 169                 bdb_cache_return_entry_r( bdb->bi_dbenv, &bdb->bi_cache, e, &lock );
 170                 e = NULL;
 171
 172                 if( erefs ) {
 173                         refs = referral_rewrite( erefs, &matched_dn,
 174                                 base, scope );
 175                         ber_bvarray_free( erefs );
 176                 }
 177
 178 #ifdef NEW_LOGGING
 179                 LDAP_LOG (( "search", LDAP_LEVEL_RESULTS,"bdb_search: entry is referral\n"));
 180 #else
 181                 Debug( LDAP_DEBUG_TRACE, "bdb_search: entry is referral\n",
 182                         0, 0, 0 );
 183 #endif
 184
 185                 send_ldap_result( conn, op, LDAP_REFERRAL,
 186                         matched_dn.bv_val,
 187                         refs ? NULL : "bad referral object",
 188                         refs, NULL );
 189
 190                 LOCK_ID_FREE (bdb->bi_dbenv, locker );
 191                 ber_bvarray_free( refs );
 192                 ber_memfree( matched_dn.bv_val );
 193                 return 1;
 194         }
 195
 196         /* if not root, get appropriate limits */
 197         if ( be_isroot( be, &op->o_ndn ) ) {
 198                 isroot = 1;
 199         } else {
 200                 ( void ) get_limits( be, &op->o_ndn, &limit );
 201         }
 202
 203         /* The time/size limits come first because they require very little
 204          * effort, so there's no chance the candidates are selected and then
 205          * the request is not honored only because of time/size constraints */
 206
 207         /* if no time limit requested, use soft limit (unless root!) */
 208         if ( isroot ) {
 209                 if ( tlimit == 0 ) {
 210                         tlimit = -1;    /* allow root to set no limit */
 211                 }
 212
 213                 if ( slimit == 0 ) {
 214                         slimit = -1;
 215                 }
 216
 217         } else {
 218                 /* if no limit is required, use soft limit */
 219                 if ( tlimit <= 0 ) {
 220                         tlimit = limit->lms_t_soft;
 221
 222                 /* if requested limit higher than hard limit, abort */
 223                 } else if ( tlimit > limit->lms_t_hard ) {
 224                         /* no hard limit means use soft instead */
 225                         if ( limit->lms_t_hard == 0 && tlimit > limit->lms_t_soft ) {
 226                                 tlimit = limit->lms_t_soft;
 227
 228                         /* positive hard limit means abort */
 229                         } else if ( limit->lms_t_hard > 0 ) {
 230                                 send_search_result( conn, op,
 231                                                 LDAP_UNWILLING_TO_PERFORM,
 232                                                 NULL, NULL, NULL, NULL, 0 );
 233                                 rc = 0;
 234                                 goto done;
 235                         }
 236
 237                         /* negative hard limit means no limit */
 238                 }
 239
 240                 /* if no limit is required, use soft limit */
 241                 if ( slimit <= 0 ) {
 242                         slimit = limit->lms_s_soft;
 243
 244                 /* if requested limit higher than hard limit, abort */
 245                 } else if ( slimit > limit->lms_s_hard ) {
 246                         /* no hard limit means use soft instead */
 247                         if ( limit->lms_s_hard == 0 && slimit > limit->lms_s_soft ) {
 248                                 slimit = limit->lms_s_soft;
 249
 250                         /* positive hard limit means abort */
 251                         } else if ( limit->lms_s_hard > 0 ) {
 252                                 send_search_result( conn, op,
 253                                                 LDAP_UNWILLING_TO_PERFORM,
 254                                                 NULL, NULL, NULL, NULL, 0 );
 255                                 rc = 0;
 256                                 goto done;
 257                         }
 258
 259                         /* negative hard limit means no limit */
 260                 }
 261         }
 262
 263         /* compute it anyway; root does not use it */
 264         stoptime = op->o_time + tlimit;
 265
 266         /* select candidates */
 267         if ( scope == LDAP_SCOPE_BASE ) {
 268                 rc = base_candidate( be, e, candidates );
 269
 270         } else {
 271                 BDB_IDL_ALL( bdb, candidates );
 272                 rc = search_candidates( be, op, e, filter,
 273                         scope, deref, candidates );
 274         }
 275
 276         /* need normalized dn below */
 277         ber_dupbv( &realbase, &e->e_nname );
 278
 279         /* start cursor at base entry's id
 280          * FIXME: hack to make "" base work
 281          * FIXME: moddn needs to assign new ID for this to work
 282          */
 283         cursor = e->e_id == NOID ? 1 : e->e_id;
 284
 285         if ( e != &slap_entry_root ) {
 286                 bdb_cache_return_entry_r(bdb->bi_dbenv, &bdb->bi_cache, e, &lock);
 287         }
 288         e = NULL;
 289
 290         if ( candidates[0] == 0 ) {
 291 #ifdef NEW_LOGGING
 292         LDAP_LOG (( "search", LDAP_LEVEL_RESULTS,"bdb_search: no candidates\n"));
 293 #else
 294                 Debug( LDAP_DEBUG_TRACE, "bdb_search: no candidates\n",
 295                         0, 0, 0 );
 296 #endif
 297
 298                 send_search_result( conn, op,
 299                         LDAP_SUCCESS,
 300                         NULL, NULL, NULL, NULL, 0 );
 301
 302                 rc = 1;
 303                 goto done;
 304         }
 305
 306         /* if not root and candidates exceed to-be-checked entries, abort */
 307         if ( !isroot && limit->lms_s_unchecked != -1 ) {
 308                 if ( BDB_IDL_N(candidates) > (unsigned) limit->lms_s_unchecked ) {
 309                         send_search_result( conn, op,
 310                                         LDAP_ADMINLIMIT_EXCEEDED,
 311                                         NULL, NULL, NULL, NULL, 0 );
 312                         rc = 1;
 313                         goto done;
 314                 }
 315         }
 316
 317         for ( id = bdb_idl_first( candidates, &cursor );
 318                 id != NOID;
 319                 id = bdb_idl_next( candidates, &cursor ) )
 320         {
 321                 int             scopeok = 0;
 322
 323                 /* check for abandon */
 324                 if ( op->o_abandon ) {
 325                         rc = 0;
 326                         goto done;
 327                 }
 328
 329                 /* check time limit */
 330                 if ( tlimit != -1 && slap_get_time() > stoptime ) {
 331                         send_search_result( conn, op, rc = LDAP_TIMELIMIT_EXCEEDED,
 332                                 NULL, NULL, v2refs, NULL, nentries );
 333                         goto done;
 334                 }
 335
 336 id2entry_retry:
 337                 /* get the entry with reader lock */
 338                 rc = bdb_id2entry_r( be, NULL, id, &e, locker, &lock );
 339
 340                 if (rc == LDAP_BUSY) {
 341                         send_ldap_result( conn, op, rc=LDAP_BUSY,
 342                                 NULL, "ldap server busy", NULL, NULL );
 343                         goto done;
 344                 }
 345                 else if ( rc == DB_LOCK_DEADLOCK || rc == DB_LOCK_NOTGRANTED ) {
 346                         goto id2entry_retry;
 347                 }
 348
 349                 if ( e == NULL ) {
 350                         if( !BDB_IDL_IS_RANGE(candidates) ) {
 351                                 /* only complain for non-range IDLs */
 352 #ifdef NEW_LOGGING
 353                                 LDAP_LOG (( "search", LDAP_LEVEL_RESULTS,"bdb_search: candidate %ld not found\n", (long) id));
 354 #else
 355                                 Debug( LDAP_DEBUG_TRACE,
 356                                         "bdb_search: candidate %ld not found\n",
 357                                         (long) id, 0, 0 );
 358 #endif
 359                         }
 360
 361                         goto loop_continue;
 362                 }
 363
 364 #ifdef BDB_SUBENTRIES
 365                 if ( is_entry_subentry( e ) ) {
 366                         if( scope != LDAP_SCOPE_BASE ) {
 367                                 if(!get_subentries_visibility( op )) {
 368                                         /* only subentries are visible */
 369                                         goto loop_continue;
 370                                 }
 371
 372                         } else if ( get_subentries( op ) &&
 373                                 !get_subentries_visibility( op ))
 374                         {
 375                                 /* only subentries are visible */
 376                                 goto loop_continue;
 377                         }
 378
 379                 } else if ( get_subentries_visibility( op )) {
 380                         /* only subentries are visible */
 381                         goto loop_continue;
 382                 }
 383 #endif
 384
 385 #ifdef BDB_ALIASES
 386                 if ( deref & LDAP_DEREF_SEARCHING && is_entry_alias( e ) ) {
 387                         Entry *matched;
 388                         int err;
 389                         const char *text;
 390
 391                         e = deref_entry_r( be, e, &err, &matched, &text );
 392
 393                         if( e == NULL ) {
 394                                 e = matched;
 395                                 goto loop_continue;
 396                         }
 397
 398                         if( e->e_id == id ) {
 399                                 /* circular loop */
 400                                 goto loop_continue;
 401                         }
 402
 403                         /* need to skip alias which deref into scope */
 404                         if( scope & LDAP_SCOPE_ONELEVEL ) {
 405                                 struct berval   pdn;
 406
 407                                 dnParent( &e->e_nname, &pdn ):
 408                                 if ( ber_bvcmp( pdn, &realbase ) ) {
 409                                         goto loop_continue;
 410                                 }
 411
 412                         } else if ( dnIsSuffix( &e->e_nname, &realbase ) ) {
 413                                 /* alias is within scope */
 414 #ifdef NEW_LOGGING
 415                                 LDAP_LOG (( "search", LDAP_LEVEL_RESULTS,"bdb_search: \"%s\" in subtree\n", e->edn));
 416 #else
 417                                 Debug( LDAP_DEBUG_TRACE,
 418                                         "bdb_search: \"%s\" in subtree\n",
 419                                         e->e_dn, 0, 0 );
 420 #endif
 421                                 goto loop_continue;
 422                         }
 423
 424                         scopeok = 1;
 425                 }
 426 #endif
 427
 428                 /*
 429                  * if it's a referral, add it to the list of referrals. only do
 430                  * this for non-base searches, and don't check the filter
 431                  * explicitly here since it's only a candidate anyway.
 432                  */
 433                 if ( !manageDSAit && scope != LDAP_SCOPE_BASE &&
 434                         is_entry_referral( e ) )
 435                 {
 436                         struct berval   dn;
 437
 438                         /* check scope */
 439                         if ( !scopeok && scope == LDAP_SCOPE_ONELEVEL ) {
 440                                 if ( !be_issuffix( be, &e->e_nname ) ) {
 441                                         dnParent( &e->e_nname, &dn );
 442                                         scopeok = dn_match( &dn, &realbase );
 443                                 } else {
 444                                         scopeok = (realbase.bv_len == 0);
 445                                 }
 446
 447                         } else if ( !scopeok && scope == LDAP_SCOPE_SUBTREE ) {
 448                                 scopeok = dnIsSuffix( &e->e_nname, &realbase );
 449
 450                         } else {
 451                                 scopeok = 1;
 452                         }
 453
 454                         if( scopeok ) {
 455                                 BerVarray erefs = get_entry_referrals(
 456                                         be, conn, op, e );
 457                                 BerVarray refs = referral_rewrite( erefs,
 458                                         &e->e_name, NULL,
 459                                         scope == LDAP_SCOPE_SUBTREE
 460                                                 ? LDAP_SCOPE_SUBTREE
 461                                                 : LDAP_SCOPE_BASE );
 462
 463                                 send_search_reference( be, conn, op,
 464                                         e, refs, NULL, &v2refs );
 465
 466                                 ber_bvarray_free( refs );
 467
 468                         } else {
 469 #ifdef NEW_LOGGING
 470                                 LDAP_LOG(( "backend", LDAP_LEVEL_DETAIL2,
 471                                         "bdb_search: candidate referral %ld scope not okay\n",
 472                                         id ));
 473 #else
 474                                 Debug( LDAP_DEBUG_TRACE,
 475                                         "bdb_search: candidate referral %ld scope not okay\n",
 476                                         id, 0, 0 );
 477 #endif
 478                         }
 479
 480                         goto loop_continue;
 481                 }
 482
 483                 /* if it matches the filter and scope, send it */
 484                 rc = test_filter( be, conn, op, e, filter );
 485                 if ( rc == LDAP_COMPARE_TRUE ) {
 486                         struct berval   dn;
 487
 488                         /* check scope */
 489                         if ( !scopeok && scope == LDAP_SCOPE_ONELEVEL ) {
 490                                 if ( be_issuffix( be, &e->e_nname ) ) {
 491                                         scopeok = (realbase.bv_len == 0);
 492                                 } else {
 493                                         dnParent( &e->e_nname, &dn );
 494                                         scopeok = dn_match( &dn, &realbase );
 495                                 }
 496
 497                         } else if ( !scopeok && scope == LDAP_SCOPE_SUBTREE ) {
 498                                 scopeok = dnIsSuffix( &e->e_nname, &realbase );
 499
 500                         } else {
 501                                 scopeok = 1;
 502                         }
 503
 504                         if ( scopeok ) {
 505                                 /* check size limit */
 506                                 if ( --slimit == -1 ) {
 507                                         bdb_cache_return_entry_r (bdb->bi_dbenv, &bdb->bi_cache, e, &lock);
 508                                         e = NULL;
 509                                         send_search_result( conn, op,
 510                                                 rc = LDAP_SIZELIMIT_EXCEEDED, NULL, NULL,
 511                                                 v2refs, NULL, nentries );
 512                                         goto done;
 513                                 }
 514
 515                                 if (e) {
 516                                         int result;
 517
 518                                         if( op->o_noop ) {
 519                                                 result = 0;
 520                                         } else {
 521                                                 result = send_search_entry( be, conn, op,
 522                                                         e, attrs, attrsonly, NULL);
 523                                         }
 524
 525                                         switch (result) {
 526                                         case 0:         /* entry sent ok */
 527                                                 nentries++;
 528                                                 break;
 529                                         case 1:         /* entry not sent */
 530                                                 break;
 531                                         case -1:        /* connection closed */
 532                                                 bdb_cache_return_entry_r(bdb->bi_dbenv, &bdb->bi_cache, e, &lock);
 533                                                 e = NULL;
 534                                                 rc = LDAP_OTHER;
 535                                                 goto done;
 536                                         }
 537                                 }
 538                         } else {
 539 #ifdef NEW_LOGGING
 540                                 LDAP_LOG (( "search", LDAP_LEVEL_RESULTS,"bdb_search: %ld scope not okay\n", (long) id));
 541 #else
 542                                 Debug( LDAP_DEBUG_TRACE,
 543                                         "bdb_search: %ld scope not okay\n",
 544                                         (long) id, 0, 0 );
 545 #endif
 546                         }
 547                 } else {
 548 #ifdef NEW_LOGGING
 549                                 LDAP_LOG (( "search", LDAP_LEVEL_RESULTS,"bdb_search: %ld does match filter\n", (long) id));
 550 #else
 551                         Debug( LDAP_DEBUG_TRACE,
 552                                 "bdb_search: %ld does match filter\n",
 553                                 (long) id, 0, 0 );
 554 #endif
 555                 }
 556
 557 loop_continue:
 558                 if( e != NULL ) {
 559                         /* free reader lock */
 560                         bdb_cache_return_entry_r ( bdb->bi_dbenv, &bdb->bi_cache, e , &lock);
 561                         e = NULL;
 562                 }
 563
 564                 ldap_pvt_thread_yield();
 565         }
 566         send_search_result( conn, op,
 567                 v2refs == NULL ? LDAP_SUCCESS : LDAP_REFERRAL,
 568                 NULL, NULL, v2refs, NULL, nentries );
 569
 570         rc = 0;
 571
 572 done:
 573         if( e != NULL ) {
 574                 /* free reader lock */
 575                 bdb_cache_return_entry_r ( bdb->bi_dbenv, &bdb->bi_cache, e, &lock );
 576         }
 577
 578         LOCK_ID_FREE (bdb->bi_dbenv, locker );
 579
 580         if( v2refs ) ber_bvarray_free( v2refs );
 581         if( realbase.bv_val ) ch_free( realbase.bv_val );
 582
 583         return rc;
 584 }
 585
 586
 587 static int base_candidate(
 588         BackendDB       *be,
 589         Entry   *e,
 590         ID              *ids )
 591 {
 592 #ifdef NEW_LOGGING
 593         LDAP_LOG (( "search", LDAP_LEVEL_ENTRY,"base_candidate: base: \"%s\" (0x%08lx)\n", e->e_dn, (long) e->e_id));
 594 #else
 595         Debug(LDAP_DEBUG_ARGS, "base_candidates: base: \"%s\" (0x%08lx)\n",
 596                 e->e_dn, (long) e->e_id, 0);
 597 #endif
 598
 599         ids[0] = 1;
 600         ids[1] = e->e_id;
 601         return 0;
 602 }
 603
 604 /* Is "objectClass=xx" mentioned anywhere in this filter? Presence
 605  * doesn't count, we're looking for explicit values. Also count depth
 606  * of filter tree while we're at it.
 607  */
 608 static int oc_filter(
 609         Filter *f,
 610         int cur,
 611         int *max
 612 )
 613 {
 614         int rc = 0;
 615
 616         if( cur > *max ) *max = cur;
 617
 618         switch(f->f_choice) {
 619         case LDAP_FILTER_EQUALITY:
 620         case LDAP_FILTER_APPROX:
 621                 if (f->f_av_desc == slap_schema.si_ad_objectClass)
 622                         rc = 1;
 623                 break;
 624
 625         case LDAP_FILTER_SUBSTRINGS:
 626                 if (f->f_sub_desc == slap_schema.si_ad_objectClass)
 627                         rc = 1;
 628                 break;
 629
 630         case LDAP_FILTER_AND:
 631         case LDAP_FILTER_OR:
 632                 cur++;
 633                 for (f=f->f_and; f; f=f->f_next)
 634                         if ((rc = oc_filter(f, cur, max)))
 635                                 break;
 636                 break;
 637         default:
 638                 break;
 639         }
 640         return rc;
 641 }
 642
 643 static int search_candidates(
 644         BackendDB *be,
 645         Operation *op,
 646         Entry *e,
 647         Filter *filter,
 648         int scope,
 649         int deref,
 650         ID      *ids )
 651 {
 652         int rc, depth = 1;
 653         Filter          f, scopef, rf, xf;
 654         ID              *stack;
 655         AttributeAssertion aa_ref;
 656 #ifdef BDB_SUBENTRIES
 657         Filter  sf;
 658         AttributeAssertion aa_subentry;
 659 #endif
 660 #ifdef BDB_ALIASES
 661         Filter  af;
 662         AttributeAssertion aa_alias;
 663 #endif
 664
 665         /*
 666          * This routine takes as input a filter (user-filter)
 667          * and rewrites it as follows:
 668          *      (&(scope=DN)[(objectClass=subentry)]
 669          *              (|[(objectClass=referral)(objectClass=alias)](user-filter))
 670          */
 671
 672 #ifdef NEW_LOGGING
 673         LDAP_LOG (( "search", LDAP_LEVEL_ENTRY,"search_candidates: base=\"%s\" (0x%08lx) scope=%d\n", e->e_dn, (long) e->e_id, scope));
 674 #else
 675         Debug(LDAP_DEBUG_TRACE,
 676                 "search_candidates: base=\"%s\" (0x%08lx) scope=%d\n",
 677                 e->e_dn, (long) e->e_id, scope );
 678 #endif
 679
 680         xf.f_or = filter;
 681         xf.f_choice = LDAP_FILTER_OR;
 682         xf.f_next = NULL;
 683
 684         /* If the user's filter doesn't mention objectClass, or if
 685          * it just uses objectClass=*, these clauses are redundant.
 686          */
 687         if (oc_filter(filter, 1, &depth) && !get_subentries_visibility(op) ) {
 688                 if( !get_manageDSAit(op) ) { /* match referrals */
 689                         struct berval bv_ref = { sizeof("REFERRAL")-1, "REFERRAL" };
 690                         rf.f_choice = LDAP_FILTER_EQUALITY;
 691                         rf.f_ava = &aa_ref;
 692                         rf.f_av_desc = slap_schema.si_ad_objectClass;
 693                         rf.f_av_value = bv_ref;
 694                         rf.f_next = xf.f_or;
 695                         xf.f_or = &rf;
 696                 }
 697
 698 #ifdef BDB_ALIASES
 699                 if( deref & LDAP_DEREF_SEARCHING ) { /* match aliases */
 700                         struct berval bv_alias = { sizeof("ALIAS")-1, "ALIAS" };
 701                         af.f_choice = LDAP_FILTER_EQUALITY;
 702                         af.f_ava = &aa_alias;
 703                         af.f_av_desc = slap_schema.si_ad_objectClass;
 704                         af.f_av_value = bv_alias;
 705                         af.f_next = xf.f_or;
 706                         xf.f_or = &af;
 707                 }
 708 #endif
 709                 /* We added one of these clauses, filter depth increased */
 710                 if( xf.f_or != filter ) depth++;
 711         }
 712
 713         f.f_next = NULL;
 714         f.f_choice = LDAP_FILTER_AND;
 715         f.f_and = &scopef;
 716         scopef.f_choice = scope == LDAP_SCOPE_SUBTREE
 717                 ? SLAPD_FILTER_DN_SUBTREE
 718                 : SLAPD_FILTER_DN_ONE;
 719         scopef.f_dn = &e->e_nname;
 720         scopef.f_next = xf.f_or == filter ? filter : &xf ;
 721         /* Filter depth increased again, adding scope clause */
 722         depth++;
 723
 724 #ifdef BDB_SUBENTRIES
 725         if( get_subentries_visibility( op ) ) {
 726                 struct berval bv_subentry = { sizeof("SUBENTRY")-1, "SUBENTRY" };
 727                 sf.f_choice = LDAP_FILTER_EQUALITY;
 728                 sf.f_ava = &aa_subentry;
 729                 sf.f_av_desc = slap_schema.si_ad_objectClass;
 730                 sf.f_av_value = bv_subentry;
 731                 sf.f_next = scopef.f_next;
 732                 scopef.f_next = &sf;
 733         }
 734 #endif
 735
 736         /* Allocate IDL stack, plus 1 more for former tmp */
 737         stack = malloc( (depth + 1) * BDB_IDL_UM_SIZE * sizeof( ID ) );
 738
 739         rc = bdb_filter_candidates( be, &f, ids, stack, stack+BDB_IDL_UM_SIZE );
 740
 741         free( stack );
 742
 743         if( rc ) {
 744 #ifdef NEW_LOGGING
 745         LDAP_LOG (( "search", LDAP_LEVEL_DETAIL1,"bdb_search_candidates: failed (rc=%d)\n", rc));
 746 #else
 747                 Debug(LDAP_DEBUG_TRACE,
 748                         "bdb_search_candidates: failed (rc=%d)\n",
 749                         rc, NULL, NULL );
 750 #endif
 751
 752         } else {
 753 #ifdef NEW_LOGGING
 754                 LDAP_LOG (( "search", LDAP_LEVEL_DETAIL1,"bdb_search_candidates: id=%ld first=%ld last=%ld\n", (long) ids[0], (long) BDB_IDL_FIRST(ids), (long) BDB_IDL_LAST(ids)));
 755 #else
 756                 Debug(LDAP_DEBUG_TRACE,
 757                         "bdb_search_candidates: id=%ld first=%ld last=%ld\n",
 758                         (long) ids[0],
 759                         (long) BDB_IDL_FIRST(ids),
 760                         (long) BDB_IDL_LAST(ids) );
 761 #endif
 762         }
 763
 764         return rc;
 765 }