1 /* search.c - search operation */
4 * Copyright 1998-2002 The OpenLDAP Foundation, All Rights Reserved.
5 * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
11 #include <ac/string.h>
17 static int base_candidate(
21 static int search_candidates(
42 struct berval *filterstr,
46 struct bdb_info *bdb = (struct bdb_info *) be->be_private;
48 const char *text = NULL;
51 ID candidates[BDB_IDL_UM_SIZE];
53 BerVarray v2refs = NULL;
54 Entry *matched = NULL;
55 struct berval realbase = { 0, NULL };
59 struct slap_limits_set *limit = NULL;
66 LDAP_LOG (( "search", LDAP_LEVEL_ENTRY,"bdb_back_search\n"));
68 Debug( LDAP_DEBUG_TRACE, "=> bdb_back_search\n",
72 manageDSAit = get_manageDSAit( op );
74 LOCK_ID (bdb->bi_dbenv, &locker );
76 if ( nbase->bv_len == 0 ) {
77 /* DIT root special case */
78 e = (Entry *) &slap_entry_root;
82 /* get entry with reader lock */
83 if ( deref & LDAP_DEREF_FINDING ) {
84 e = deref_dn_r( be, nbase-, &err, &matched, &text );
90 rc = bdb_dn2entry_r( be, NULL, nbase, &e, &matched, 0, locker, &lock );
99 bdb_cache_return_entry_r(bdb->bi_dbenv, &bdb->bi_cache, e, &lock);
101 if (matched != NULL) {
102 bdb_cache_return_entry_r(bdb->bi_dbenv, &bdb->bi_cache, matched, &lock);
104 send_ldap_result( conn, op, LDAP_BUSY,
105 NULL, "ldap server busy", NULL, NULL );
106 LOCK_ID_FREE (bdb->bi_dbenv, locker );
108 case DB_LOCK_DEADLOCK:
109 case DB_LOCK_NOTGRANTED:
113 bdb_cache_return_entry_r(bdb->bi_dbenv, &bdb->bi_cache, e, &lock);
115 if (matched != NULL) {
116 bdb_cache_return_entry_r(bdb->bi_dbenv, &bdb->bi_cache, matched, &lock);
118 send_ldap_result( conn, op, rc=LDAP_OTHER,
119 NULL, "internal error", NULL, NULL );
120 LOCK_ID_FREE (bdb->bi_dbenv, locker );
125 struct berval matched_dn = { 0, NULL };
126 BerVarray refs = NULL;
128 if ( matched != NULL ) {
130 ber_dupbv( &matched_dn, &matched->e_name );
132 erefs = is_entry_referral( matched )
133 ? get_entry_referrals( be, conn, op, matched )
136 bdb_cache_return_entry_r (bdb->bi_dbenv, &bdb->bi_cache, matched, &lock);
140 refs = referral_rewrite( erefs, &matched_dn,
142 ber_bvarray_free( erefs );
146 refs = referral_rewrite( default_referral,
150 send_ldap_result( conn, op, rc=LDAP_REFERRAL ,
151 matched_dn.bv_val, text, refs, NULL );
153 LOCK_ID_FREE (bdb->bi_dbenv, locker );
154 if ( refs ) ber_bvarray_free( refs );
155 if ( matched_dn.bv_val ) ber_memfree( matched_dn.bv_val );
159 if (!manageDSAit && e != &slap_entry_root && is_entry_referral( e ) ) {
160 /* entry is a referral, don't allow add */
161 struct berval matched_dn;
162 BerVarray erefs, refs;
164 ber_dupbv( &matched_dn, &e->e_name );
165 erefs = get_entry_referrals( be, conn, op, e );
168 bdb_cache_return_entry_r( bdb->bi_dbenv, &bdb->bi_cache, e, &lock );
172 refs = referral_rewrite( erefs, &matched_dn,
174 ber_bvarray_free( erefs );
178 LDAP_LOG (( "search", LDAP_LEVEL_RESULTS,"bdb_search: entry is referral\n"));
180 Debug( LDAP_DEBUG_TRACE, "bdb_search: entry is referral\n",
184 send_ldap_result( conn, op, LDAP_REFERRAL,
186 refs ? NULL : "bad referral object",
189 LOCK_ID_FREE (bdb->bi_dbenv, locker );
190 ber_bvarray_free( refs );
191 ber_memfree( matched_dn.bv_val );
195 /* if not root, get appropriate limits */
196 if ( be_isroot( be, &op->o_ndn ) ) {
199 ( void ) get_limits( be, &op->o_ndn, &limit );
202 /* The time/size limits come first because they require very little
203 * effort, so there's no chance the candidates are selected and then
204 * the request is not honored only because of time/size constraints */
206 /* if no time limit requested, use soft limit (unless root!) */
209 tlimit = -1; /* allow root to set no limit */
217 /* if no limit is required, use soft limit */
219 tlimit = limit->lms_t_soft;
221 /* if requested limit higher than hard limit, abort */
222 } else if ( tlimit > limit->lms_t_hard ) {
223 /* no hard limit means use soft instead */
224 if ( limit->lms_t_hard == 0 && tlimit > limit->lms_t_soft ) {
225 tlimit = limit->lms_t_soft;
227 /* positive hard limit means abort */
228 } else if ( limit->lms_t_hard > 0 ) {
229 send_search_result( conn, op,
230 LDAP_UNWILLING_TO_PERFORM,
231 NULL, NULL, NULL, NULL, 0 );
236 /* negative hard limit means no limit */
239 /* if no limit is required, use soft limit */
241 slimit = limit->lms_s_soft;
243 /* if requested limit higher than hard limit, abort */
244 } else if ( slimit > limit->lms_s_hard ) {
245 /* no hard limit means use soft instead */
246 if ( limit->lms_s_hard == 0 && slimit > limit->lms_s_soft ) {
247 slimit = limit->lms_s_soft;
249 /* positive hard limit means abort */
250 } else if ( limit->lms_s_hard > 0 ) {
251 send_search_result( conn, op,
252 LDAP_UNWILLING_TO_PERFORM,
253 NULL, NULL, NULL, NULL, 0 );
258 /* negative hard limit means no limit */
262 /* compute it anyway; root does not use it */
263 stoptime = op->o_time + tlimit;
265 /* select candidates */
266 if ( scope == LDAP_SCOPE_BASE ) {
267 rc = base_candidate( be, e, candidates );
270 BDB_IDL_ALL( bdb, candidates );
271 rc = search_candidates( be, op, e, filter,
272 scope, deref, candidates );
275 /* need normalized dn below */
276 ber_dupbv( &realbase, &e->e_nname );
278 /* start cursor at base entry's id
279 * FIXME: hack to make "" base work
280 * FIXME: moddn needs to assign new ID for this to work
282 cursor = e->e_id == NOID ? 1 : e->e_id;
284 if ( e != &slap_entry_root ) {
285 bdb_cache_return_entry_r(bdb->bi_dbenv, &bdb->bi_cache, e, &lock);
289 if ( candidates[0] == 0 ) {
291 LDAP_LOG (( "search", LDAP_LEVEL_RESULTS,"bdb_search: no candidates\n"));
293 Debug( LDAP_DEBUG_TRACE, "bdb_search: no candidates\n",
297 send_search_result( conn, op,
299 NULL, NULL, NULL, NULL, 0 );
305 /* if not root and candidates exceed to-be-checked entries, abort */
306 if ( !isroot && limit->lms_s_unchecked != -1 ) {
307 if ( BDB_IDL_N(candidates) > (unsigned) limit->lms_s_unchecked ) {
308 send_search_result( conn, op,
309 LDAP_ADMINLIMIT_EXCEEDED,
310 NULL, NULL, NULL, NULL, 0 );
316 for ( id = bdb_idl_first( candidates, &cursor );
318 id = bdb_idl_next( candidates, &cursor ) )
322 /* check for abandon */
323 if ( op->o_abandon ) {
328 /* check time limit */
329 if ( tlimit != -1 && slap_get_time() > stoptime ) {
330 send_search_result( conn, op, rc = LDAP_TIMELIMIT_EXCEEDED,
331 NULL, NULL, v2refs, NULL, nentries );
336 /* get the entry with reader lock */
337 rc = bdb_id2entry_r( be, NULL, id, &e, locker, &lock );
339 if (rc == LDAP_BUSY) {
340 send_ldap_result( conn, op, rc=LDAP_BUSY,
341 NULL, "ldap server busy", NULL, NULL );
344 } else if ( rc == DB_LOCK_DEADLOCK || rc == DB_LOCK_NOTGRANTED ) {
349 if( !BDB_IDL_IS_RANGE(candidates) ) {
350 /* only complain for non-range IDLs */
352 LDAP_LOG (( "search", LDAP_LEVEL_RESULTS,"bdb_search: candidate %ld not found\n", (long) id));
354 Debug( LDAP_DEBUG_TRACE,
355 "bdb_search: candidate %ld not found\n",
363 #ifdef BDB_SUBENTRIES
364 if ( is_entry_subentry( e ) ) {
365 if( scope != LDAP_SCOPE_BASE ) {
366 if(!get_subentries_visibility( op )) {
367 /* only subentries are visible */
371 } else if ( get_subentries( op ) &&
372 !get_subentries_visibility( op ))
374 /* only subentries are visible */
378 } else if ( get_subentries_visibility( op )) {
379 /* only subentries are visible */
385 if ( deref & LDAP_DEREF_SEARCHING && is_entry_alias( e ) ) {
390 e = deref_entry_r( be, e, &err, &matched, &text );
397 if( e->e_id == id ) {
402 /* need to skip alias which deref into scope */
403 if( scope & LDAP_SCOPE_ONELEVEL ) {
406 dnParent( &e->e_nname, &pdn ):
407 if ( ber_bvcmp( pdn, &realbase ) ) {
411 } else if ( dnIsSuffix( &e->e_nname, &realbase ) ) {
412 /* alias is within scope */
414 LDAP_LOG (( "search", LDAP_LEVEL_RESULTS,"bdb_search: \"%s\" in subtree\n", e->edn));
416 Debug( LDAP_DEBUG_TRACE,
417 "bdb_search: \"%s\" in subtree\n",
428 * if it's a referral, add it to the list of referrals. only do
429 * this for non-base searches, and don't check the filter
430 * explicitly here since it's only a candidate anyway.
432 if ( !manageDSAit && scope != LDAP_SCOPE_BASE &&
433 is_entry_referral( e ) )
438 if ( !scopeok && scope == LDAP_SCOPE_ONELEVEL ) {
439 if ( !be_issuffix( be, &e->e_nname ) ) {
440 dnParent( &e->e_nname, &dn );
441 scopeok = dn_match( &dn, &realbase );
443 scopeok = (realbase.bv_len == 0);
446 } else if ( !scopeok && scope == LDAP_SCOPE_SUBTREE ) {
447 scopeok = dnIsSuffix( &e->e_nname, &realbase );
454 BerVarray erefs = get_entry_referrals(
456 BerVarray refs = referral_rewrite( erefs,
458 scope == LDAP_SCOPE_SUBTREE
462 send_search_reference( be, conn, op,
463 e, refs, NULL, &v2refs );
465 ber_bvarray_free( refs );
469 LDAP_LOG(( "backend", LDAP_LEVEL_DETAIL2,
470 "bdb_search: candidate referral %ld scope not okay\n",
473 Debug( LDAP_DEBUG_TRACE,
474 "bdb_search: candidate referral %ld scope not okay\n",
482 /* if it matches the filter and scope, send it */
483 rc = test_filter( be, conn, op, e, filter );
484 if ( rc == LDAP_COMPARE_TRUE ) {
488 if ( !scopeok && scope == LDAP_SCOPE_ONELEVEL ) {
489 if ( be_issuffix( be, &e->e_nname ) ) {
490 scopeok = (realbase.bv_len == 0);
492 dnParent( &e->e_nname, &dn );
493 scopeok = dn_match( &dn, &realbase );
496 } else if ( !scopeok && scope == LDAP_SCOPE_SUBTREE ) {
497 scopeok = dnIsSuffix( &e->e_nname, &realbase );
504 /* check size limit */
505 if ( --slimit == -1 ) {
506 bdb_cache_return_entry_r (bdb->bi_dbenv, &bdb->bi_cache, e, &lock);
508 send_search_result( conn, op,
509 rc = LDAP_SIZELIMIT_EXCEEDED, NULL, NULL,
510 v2refs, NULL, nentries );
520 result = send_search_entry( be, conn, op,
521 e, attrs, attrsonly, NULL);
525 case 0: /* entry sent ok */
528 case 1: /* entry not sent */
530 case -1: /* connection closed */
531 bdb_cache_return_entry_r(bdb->bi_dbenv, &bdb->bi_cache, e, &lock);
539 LDAP_LOG (( "search", LDAP_LEVEL_RESULTS,"bdb_search: %ld scope not okay\n", (long) id));
541 Debug( LDAP_DEBUG_TRACE,
542 "bdb_search: %ld scope not okay\n",
548 LDAP_LOG (( "search", LDAP_LEVEL_RESULTS,"bdb_search: %ld does match filter\n", (long) id));
550 Debug( LDAP_DEBUG_TRACE,
551 "bdb_search: %ld does match filter\n",
558 /* free reader lock */
559 bdb_cache_return_entry_r ( bdb->bi_dbenv, &bdb->bi_cache, e , &lock);
563 ldap_pvt_thread_yield();
565 send_search_result( conn, op,
566 v2refs == NULL ? LDAP_SUCCESS : LDAP_REFERRAL,
567 NULL, NULL, v2refs, NULL, nentries );
573 /* free reader lock */
574 bdb_cache_return_entry_r ( bdb->bi_dbenv, &bdb->bi_cache, e, &lock );
577 LOCK_ID_FREE (bdb->bi_dbenv, locker );
579 if( v2refs ) ber_bvarray_free( v2refs );
580 if( realbase.bv_val ) ch_free( realbase.bv_val );
586 static int base_candidate(
592 LDAP_LOG (( "search", LDAP_LEVEL_ENTRY,"base_candidate: base: \"%s\" (0x%08lx)\n", e->e_dn, (long) e->e_id));
594 Debug(LDAP_DEBUG_ARGS, "base_candidates: base: \"%s\" (0x%08lx)\n",
595 e->e_dn, (long) e->e_id, 0);
603 /* Is "objectClass=xx" mentioned anywhere in this filter? Presence
604 * doesn't count, we're looking for explicit values. Also count depth
605 * of filter tree while we're at it.
607 static int oc_filter(
615 if( cur > *max ) *max = cur;
617 switch(f->f_choice) {
618 case LDAP_FILTER_EQUALITY:
619 case LDAP_FILTER_APPROX:
620 if (f->f_av_desc == slap_schema.si_ad_objectClass)
624 case LDAP_FILTER_SUBSTRINGS:
625 if (f->f_sub_desc == slap_schema.si_ad_objectClass)
629 case LDAP_FILTER_AND:
632 for (f=f->f_and; f; f=f->f_next)
633 if ((rc = oc_filter(f, cur, max)))
642 static int search_candidates(
652 Filter f, scopef, rf, xf;
654 AttributeAssertion aa_ref;
655 #ifdef BDB_SUBENTRIES
657 AttributeAssertion aa_subentry;
661 AttributeAssertion aa_alias;
665 * This routine takes as input a filter (user-filter)
666 * and rewrites it as follows:
667 * (&(scope=DN)[(objectClass=subentry)]
668 * (|[(objectClass=referral)(objectClass=alias)](user-filter))
672 LDAP_LOG (( "search", LDAP_LEVEL_ENTRY,"search_candidates: base=\"%s\" (0x%08lx) scope=%d\n", e->e_dn, (long) e->e_id, scope));
674 Debug(LDAP_DEBUG_TRACE,
675 "search_candidates: base=\"%s\" (0x%08lx) scope=%d\n",
676 e->e_dn, (long) e->e_id, scope );
680 xf.f_choice = LDAP_FILTER_OR;
683 /* If the user's filter doesn't mention objectClass, or if
684 * it just uses objectClass=*, these clauses are redundant.
686 if (oc_filter(filter, 1, &depth) && !get_subentries_visibility(op) ) {
687 if( !get_manageDSAit(op) ) { /* match referrals */
688 struct berval bv_ref = { sizeof("REFERRAL")-1, "REFERRAL" };
689 rf.f_choice = LDAP_FILTER_EQUALITY;
691 rf.f_av_desc = slap_schema.si_ad_objectClass;
692 rf.f_av_value = bv_ref;
698 if( deref & LDAP_DEREF_SEARCHING ) { /* match aliases */
699 struct berval bv_alias = { sizeof("ALIAS")-1, "ALIAS" };
700 af.f_choice = LDAP_FILTER_EQUALITY;
701 af.f_ava = &aa_alias;
702 af.f_av_desc = slap_schema.si_ad_objectClass;
703 af.f_av_value = bv_alias;
708 /* We added one of these clauses, filter depth increased */
709 if( xf.f_or != filter ) depth++;
713 f.f_choice = LDAP_FILTER_AND;
715 scopef.f_choice = scope == LDAP_SCOPE_SUBTREE
716 ? SLAPD_FILTER_DN_SUBTREE
717 : SLAPD_FILTER_DN_ONE;
718 scopef.f_dn = &e->e_nname;
719 scopef.f_next = xf.f_or == filter ? filter : &xf ;
720 /* Filter depth increased again, adding scope clause */
723 #ifdef BDB_SUBENTRIES
724 if( get_subentries_visibility( op ) ) {
725 struct berval bv_subentry = { sizeof("SUBENTRY")-1, "SUBENTRY" };
726 sf.f_choice = LDAP_FILTER_EQUALITY;
727 sf.f_ava = &aa_subentry;
728 sf.f_av_desc = slap_schema.si_ad_objectClass;
729 sf.f_av_value = bv_subentry;
730 sf.f_next = scopef.f_next;
735 /* Allocate IDL stack, plus 1 more for former tmp */
736 stack = malloc( (depth + 1) * BDB_IDL_UM_SIZE * sizeof( ID ) );
738 rc = bdb_filter_candidates( be, &f, ids, stack, stack+BDB_IDL_UM_SIZE );
744 LDAP_LOG (( "search", LDAP_LEVEL_DETAIL1,"bdb_search_candidates: failed (rc=%d)\n", rc));
746 Debug(LDAP_DEBUG_TRACE,
747 "bdb_search_candidates: failed (rc=%d)\n",
753 LDAP_LOG (( "search", LDAP_LEVEL_DETAIL1,"bdb_search_candidates: id=%ld first=%ld last=%ld\n", (long) ids[0], (long) BDB_IDL_FIRST(ids), (long) BDB_IDL_LAST(ids)));
755 Debug(LDAP_DEBUG_TRACE,
756 "bdb_search_candidates: id=%ld first=%ld last=%ld\n",
758 (long) BDB_IDL_FIRST(ids),
759 (long) BDB_IDL_LAST(ids) );