1 /* search.c - search operation */
4 * Copyright 1998-2002 The OpenLDAP Foundation, All Rights Reserved.
5 * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
11 #include <ac/string.h>
17 static int base_candidate(
21 static int search_candidates(
42 struct berval *filterstr,
46 struct bdb_info *bdb = (struct bdb_info *) be->be_private;
48 const char *text = NULL;
51 ID candidates[BDB_IDL_UM_SIZE];
53 BerVarray v2refs = NULL;
54 Entry *matched = NULL;
55 struct berval realbase = { 0, NULL };
59 struct slap_limits_set *limit = NULL;
66 LDAP_LOG (( "search", LDAP_LEVEL_ENTRY,"bdb_back_search\n"));
68 Debug( LDAP_DEBUG_TRACE, "=> bdb_back_search\n",
72 manageDSAit = get_manageDSAit( op );
74 LOCK_ID (bdb->bi_dbenv, &locker );
76 if ( nbase->bv_len == 0 ) {
77 /* DIT root special case */
78 e = (Entry *) &slap_entry_root;
82 /* get entry with reader lock */
83 if ( deref & LDAP_DEREF_FINDING ) {
84 e = deref_dn_r( be, nbase-, &err, &matched, &text );
90 rc = bdb_dn2entry_r( be, NULL, nbase, &e, &matched, 0, locker, &lock );
99 bdb_cache_return_entry_r(bdb->bi_dbenv, &bdb->bi_cache, e, &lock);
101 if (matched != NULL) {
102 bdb_cache_return_entry_r(bdb->bi_dbenv, &bdb->bi_cache, matched, &lock);
104 send_ldap_result( conn, op, LDAP_BUSY,
105 NULL, "ldap server busy", NULL, NULL );
106 LOCK_ID_FREE (bdb->bi_dbenv, locker );
108 case DB_LOCK_DEADLOCK:
109 case DB_LOCK_NOTGRANTED:
113 bdb_cache_return_entry_r(bdb->bi_dbenv, &bdb->bi_cache, e, &lock);
115 if (matched != NULL) {
116 bdb_cache_return_entry_r(bdb->bi_dbenv, &bdb->bi_cache, matched, &lock);
118 send_ldap_result( conn, op, rc=LDAP_OTHER,
119 NULL, "internal error", NULL, NULL );
120 LOCK_ID_FREE (bdb->bi_dbenv, locker );
125 struct berval matched_dn = { 0, NULL };
126 BerVarray refs = NULL;
128 if ( matched != NULL ) {
131 ber_dupbv( &matched_dn, &matched->e_name );
133 erefs = is_entry_referral( matched )
134 ? get_entry_referrals( be, conn, op, matched )
137 bdb_cache_return_entry_r (bdb->bi_dbenv, &bdb->bi_cache, matched, &lock);
141 refs = referral_rewrite( erefs, &matched_dn,
143 ber_bvarray_free( erefs );
147 refs = referral_rewrite( default_referral,
151 send_ldap_result( conn, op, rc=LDAP_REFERRAL ,
152 matched_dn.bv_val, text, refs, NULL );
154 LOCK_ID_FREE (bdb->bi_dbenv, locker );
155 if ( refs ) ber_bvarray_free( refs );
156 if ( matched_dn.bv_val ) ber_memfree( matched_dn.bv_val );
160 if (!manageDSAit && e != &slap_entry_root && is_entry_referral( e ) ) {
161 /* entry is a referral, don't allow add */
162 struct berval matched_dn;
163 BerVarray erefs, refs;
165 ber_dupbv( &matched_dn, &e->e_name );
166 erefs = get_entry_referrals( be, conn, op, e );
169 bdb_cache_return_entry_r( bdb->bi_dbenv, &bdb->bi_cache, e, &lock );
173 refs = referral_rewrite( erefs, &matched_dn,
175 ber_bvarray_free( erefs );
179 LDAP_LOG (( "search", LDAP_LEVEL_RESULTS,"bdb_search: entry is referral\n"));
181 Debug( LDAP_DEBUG_TRACE, "bdb_search: entry is referral\n",
185 send_ldap_result( conn, op, LDAP_REFERRAL,
187 refs ? NULL : "bad referral object",
190 LOCK_ID_FREE (bdb->bi_dbenv, locker );
191 ber_bvarray_free( refs );
192 ber_memfree( matched_dn.bv_val );
196 /* if not root, get appropriate limits */
197 if ( be_isroot( be, &op->o_ndn ) ) {
200 ( void ) get_limits( be, &op->o_ndn, &limit );
203 /* The time/size limits come first because they require very little
204 * effort, so there's no chance the candidates are selected and then
205 * the request is not honored only because of time/size constraints */
207 /* if no time limit requested, use soft limit (unless root!) */
210 tlimit = -1; /* allow root to set no limit */
218 /* if no limit is required, use soft limit */
220 tlimit = limit->lms_t_soft;
222 /* if requested limit higher than hard limit, abort */
223 } else if ( tlimit > limit->lms_t_hard ) {
224 /* no hard limit means use soft instead */
225 if ( limit->lms_t_hard == 0 && tlimit > limit->lms_t_soft ) {
226 tlimit = limit->lms_t_soft;
228 /* positive hard limit means abort */
229 } else if ( limit->lms_t_hard > 0 ) {
230 send_search_result( conn, op,
231 LDAP_UNWILLING_TO_PERFORM,
232 NULL, NULL, NULL, NULL, 0 );
237 /* negative hard limit means no limit */
240 /* if no limit is required, use soft limit */
242 slimit = limit->lms_s_soft;
244 /* if requested limit higher than hard limit, abort */
245 } else if ( slimit > limit->lms_s_hard ) {
246 /* no hard limit means use soft instead */
247 if ( limit->lms_s_hard == 0 && slimit > limit->lms_s_soft ) {
248 slimit = limit->lms_s_soft;
250 /* positive hard limit means abort */
251 } else if ( limit->lms_s_hard > 0 ) {
252 send_search_result( conn, op,
253 LDAP_UNWILLING_TO_PERFORM,
254 NULL, NULL, NULL, NULL, 0 );
259 /* negative hard limit means no limit */
263 /* compute it anyway; root does not use it */
264 stoptime = op->o_time + tlimit;
266 /* select candidates */
267 if ( scope == LDAP_SCOPE_BASE ) {
268 rc = base_candidate( be, e, candidates );
271 BDB_IDL_ALL( bdb, candidates );
272 rc = search_candidates( be, op, e, filter,
273 scope, deref, candidates );
276 /* need normalized dn below */
277 ber_dupbv( &realbase, &e->e_nname );
279 /* start cursor at base entry's id
280 * FIXME: hack to make "" base work
281 * FIXME: moddn needs to assign new ID for this to work
283 cursor = e->e_id == NOID ? 1 : e->e_id;
285 if ( e != &slap_entry_root ) {
286 bdb_cache_return_entry_r(bdb->bi_dbenv, &bdb->bi_cache, e, &lock);
290 if ( candidates[0] == 0 ) {
292 LDAP_LOG (( "search", LDAP_LEVEL_RESULTS,"bdb_search: no candidates\n"));
294 Debug( LDAP_DEBUG_TRACE, "bdb_search: no candidates\n",
298 send_search_result( conn, op,
300 NULL, NULL, NULL, NULL, 0 );
306 /* if not root and candidates exceed to-be-checked entries, abort */
307 if ( !isroot && limit->lms_s_unchecked != -1 ) {
308 if ( BDB_IDL_N(candidates) > (unsigned) limit->lms_s_unchecked ) {
309 send_search_result( conn, op,
310 LDAP_ADMINLIMIT_EXCEEDED,
311 NULL, NULL, NULL, NULL, 0 );
317 for ( id = bdb_idl_first( candidates, &cursor );
319 id = bdb_idl_next( candidates, &cursor ) )
323 /* check for abandon */
324 if ( op->o_abandon ) {
329 /* check time limit */
330 if ( tlimit != -1 && slap_get_time() > stoptime ) {
331 send_search_result( conn, op, rc = LDAP_TIMELIMIT_EXCEEDED,
332 NULL, NULL, v2refs, NULL, nentries );
337 /* get the entry with reader lock */
338 rc = bdb_id2entry_r( be, NULL, id, &e, locker, &lock );
340 if (rc == LDAP_BUSY) {
341 send_ldap_result( conn, op, rc=LDAP_BUSY,
342 NULL, "ldap server busy", NULL, NULL );
345 else if ( rc == DB_LOCK_DEADLOCK || rc == DB_LOCK_NOTGRANTED ) {
350 if( !BDB_IDL_IS_RANGE(candidates) ) {
351 /* only complain for non-range IDLs */
353 LDAP_LOG (( "search", LDAP_LEVEL_RESULTS,"bdb_search: candidate %ld not found\n", (long) id));
355 Debug( LDAP_DEBUG_TRACE,
356 "bdb_search: candidate %ld not found\n",
364 #ifdef BDB_SUBENTRIES
365 if ( is_entry_subentry( e ) ) {
366 if( scope != LDAP_SCOPE_BASE ) {
367 if(!get_subentries_visibility( op )) {
368 /* only subentries are visible */
372 } else if ( get_subentries( op ) &&
373 !get_subentries_visibility( op ))
375 /* only subentries are visible */
379 } else if ( get_subentries_visibility( op )) {
380 /* only subentries are visible */
386 if ( deref & LDAP_DEREF_SEARCHING && is_entry_alias( e ) ) {
391 e = deref_entry_r( be, e, &err, &matched, &text );
398 if( e->e_id == id ) {
403 /* need to skip alias which deref into scope */
404 if( scope & LDAP_SCOPE_ONELEVEL ) {
407 dnParent( &e->e_nname, &pdn ):
408 if ( ber_bvcmp( pdn, &realbase ) ) {
412 } else if ( dnIsSuffix( &e->e_nname, &realbase ) ) {
413 /* alias is within scope */
415 LDAP_LOG (( "search", LDAP_LEVEL_RESULTS,"bdb_search: \"%s\" in subtree\n", e->edn));
417 Debug( LDAP_DEBUG_TRACE,
418 "bdb_search: \"%s\" in subtree\n",
429 * if it's a referral, add it to the list of referrals. only do
430 * this for non-base searches, and don't check the filter
431 * explicitly here since it's only a candidate anyway.
433 if ( !manageDSAit && scope != LDAP_SCOPE_BASE &&
434 is_entry_referral( e ) )
439 if ( !scopeok && scope == LDAP_SCOPE_ONELEVEL ) {
440 if ( !be_issuffix( be, &e->e_nname ) ) {
441 dnParent( &e->e_nname, &dn );
442 scopeok = dn_match( &dn, &realbase );
444 scopeok = (realbase.bv_len == 0);
447 } else if ( !scopeok && scope == LDAP_SCOPE_SUBTREE ) {
448 scopeok = dnIsSuffix( &e->e_nname, &realbase );
455 BerVarray erefs = get_entry_referrals(
457 BerVarray refs = referral_rewrite( erefs,
459 scope == LDAP_SCOPE_SUBTREE
463 send_search_reference( be, conn, op,
464 e, refs, NULL, &v2refs );
466 ber_bvarray_free( refs );
470 LDAP_LOG(( "backend", LDAP_LEVEL_DETAIL2,
471 "bdb_search: candidate referral %ld scope not okay\n",
474 Debug( LDAP_DEBUG_TRACE,
475 "bdb_search: candidate referral %ld scope not okay\n",
483 /* if it matches the filter and scope, send it */
484 rc = test_filter( be, conn, op, e, filter );
485 if ( rc == LDAP_COMPARE_TRUE ) {
489 if ( !scopeok && scope == LDAP_SCOPE_ONELEVEL ) {
490 if ( be_issuffix( be, &e->e_nname ) ) {
491 scopeok = (realbase.bv_len == 0);
493 dnParent( &e->e_nname, &dn );
494 scopeok = dn_match( &dn, &realbase );
497 } else if ( !scopeok && scope == LDAP_SCOPE_SUBTREE ) {
498 scopeok = dnIsSuffix( &e->e_nname, &realbase );
505 /* check size limit */
506 if ( --slimit == -1 ) {
507 bdb_cache_return_entry_r (bdb->bi_dbenv, &bdb->bi_cache, e, &lock);
509 send_search_result( conn, op,
510 rc = LDAP_SIZELIMIT_EXCEEDED, NULL, NULL,
511 v2refs, NULL, nentries );
521 result = send_search_entry( be, conn, op,
522 e, attrs, attrsonly, NULL);
526 case 0: /* entry sent ok */
529 case 1: /* entry not sent */
531 case -1: /* connection closed */
532 bdb_cache_return_entry_r(bdb->bi_dbenv, &bdb->bi_cache, e, &lock);
540 LDAP_LOG (( "search", LDAP_LEVEL_RESULTS,"bdb_search: %ld scope not okay\n", (long) id));
542 Debug( LDAP_DEBUG_TRACE,
543 "bdb_search: %ld scope not okay\n",
549 LDAP_LOG (( "search", LDAP_LEVEL_RESULTS,"bdb_search: %ld does match filter\n", (long) id));
551 Debug( LDAP_DEBUG_TRACE,
552 "bdb_search: %ld does match filter\n",
559 /* free reader lock */
560 bdb_cache_return_entry_r ( bdb->bi_dbenv, &bdb->bi_cache, e , &lock);
564 ldap_pvt_thread_yield();
566 send_search_result( conn, op,
567 v2refs == NULL ? LDAP_SUCCESS : LDAP_REFERRAL,
568 NULL, NULL, v2refs, NULL, nentries );
574 /* free reader lock */
575 bdb_cache_return_entry_r ( bdb->bi_dbenv, &bdb->bi_cache, e, &lock );
578 LOCK_ID_FREE (bdb->bi_dbenv, locker );
580 if( v2refs ) ber_bvarray_free( v2refs );
581 if( realbase.bv_val ) ch_free( realbase.bv_val );
587 static int base_candidate(
593 LDAP_LOG (( "search", LDAP_LEVEL_ENTRY,"base_candidate: base: \"%s\" (0x%08lx)\n", e->e_dn, (long) e->e_id));
595 Debug(LDAP_DEBUG_ARGS, "base_candidates: base: \"%s\" (0x%08lx)\n",
596 e->e_dn, (long) e->e_id, 0);
604 /* Is "objectClass=xx" mentioned anywhere in this filter? Presence
605 * doesn't count, we're looking for explicit values. Also count depth
606 * of filter tree while we're at it.
608 static int oc_filter(
616 if( cur > *max ) *max = cur;
618 switch(f->f_choice) {
619 case LDAP_FILTER_EQUALITY:
620 case LDAP_FILTER_APPROX:
621 if (f->f_av_desc == slap_schema.si_ad_objectClass)
625 case LDAP_FILTER_SUBSTRINGS:
626 if (f->f_sub_desc == slap_schema.si_ad_objectClass)
630 case LDAP_FILTER_AND:
633 for (f=f->f_and; f; f=f->f_next)
634 if ((rc = oc_filter(f, cur, max)))
643 static int search_candidates(
653 Filter f, scopef, rf, xf;
655 AttributeAssertion aa_ref;
656 #ifdef BDB_SUBENTRIES
658 AttributeAssertion aa_subentry;
662 AttributeAssertion aa_alias;
666 * This routine takes as input a filter (user-filter)
667 * and rewrites it as follows:
668 * (&(scope=DN)[(objectClass=subentry)]
669 * (|[(objectClass=referral)(objectClass=alias)](user-filter))
673 LDAP_LOG (( "search", LDAP_LEVEL_ENTRY,"search_candidates: base=\"%s\" (0x%08lx) scope=%d\n", e->e_dn, (long) e->e_id, scope));
675 Debug(LDAP_DEBUG_TRACE,
676 "search_candidates: base=\"%s\" (0x%08lx) scope=%d\n",
677 e->e_dn, (long) e->e_id, scope );
681 xf.f_choice = LDAP_FILTER_OR;
684 /* If the user's filter doesn't mention objectClass, or if
685 * it just uses objectClass=*, these clauses are redundant.
687 if (oc_filter(filter, 1, &depth) && !get_subentries_visibility(op) ) {
688 if( !get_manageDSAit(op) ) { /* match referrals */
689 struct berval bv_ref = { sizeof("REFERRAL")-1, "REFERRAL" };
690 rf.f_choice = LDAP_FILTER_EQUALITY;
692 rf.f_av_desc = slap_schema.si_ad_objectClass;
693 rf.f_av_value = bv_ref;
699 if( deref & LDAP_DEREF_SEARCHING ) { /* match aliases */
700 struct berval bv_alias = { sizeof("ALIAS")-1, "ALIAS" };
701 af.f_choice = LDAP_FILTER_EQUALITY;
702 af.f_ava = &aa_alias;
703 af.f_av_desc = slap_schema.si_ad_objectClass;
704 af.f_av_value = bv_alias;
709 /* We added one of these clauses, filter depth increased */
710 if( xf.f_or != filter ) depth++;
714 f.f_choice = LDAP_FILTER_AND;
716 scopef.f_choice = scope == LDAP_SCOPE_SUBTREE
717 ? SLAPD_FILTER_DN_SUBTREE
718 : SLAPD_FILTER_DN_ONE;
719 scopef.f_dn = &e->e_nname;
720 scopef.f_next = xf.f_or == filter ? filter : &xf ;
721 /* Filter depth increased again, adding scope clause */
724 #ifdef BDB_SUBENTRIES
725 if( get_subentries_visibility( op ) ) {
726 struct berval bv_subentry = { sizeof("SUBENTRY")-1, "SUBENTRY" };
727 sf.f_choice = LDAP_FILTER_EQUALITY;
728 sf.f_ava = &aa_subentry;
729 sf.f_av_desc = slap_schema.si_ad_objectClass;
730 sf.f_av_value = bv_subentry;
731 sf.f_next = scopef.f_next;
736 /* Allocate IDL stack, plus 1 more for former tmp */
737 stack = malloc( (depth + 1) * BDB_IDL_UM_SIZE * sizeof( ID ) );
739 rc = bdb_filter_candidates( be, &f, ids, stack, stack+BDB_IDL_UM_SIZE );
745 LDAP_LOG (( "search", LDAP_LEVEL_DETAIL1,"bdb_search_candidates: failed (rc=%d)\n", rc));
747 Debug(LDAP_DEBUG_TRACE,
748 "bdb_search_candidates: failed (rc=%d)\n",
754 LDAP_LOG (( "search", LDAP_LEVEL_DETAIL1,"bdb_search_candidates: id=%ld first=%ld last=%ld\n", (long) ids[0], (long) BDB_IDL_FIRST(ids), (long) BDB_IDL_LAST(ids)));
756 Debug(LDAP_DEBUG_TRACE,
757 "bdb_search_candidates: id=%ld first=%ld last=%ld\n",
759 (long) BDB_IDL_FIRST(ids),
760 (long) BDB_IDL_LAST(ids) );