git.sur5r.net Git - openldap/blob - servers/slapd/back-bdb/search.c

   1 /* search.c - search operation */
   2 /* $OpenLDAP$ */
   3 /*
   4  * Copyright 1998-2002 The OpenLDAP Foundation, All Rights Reserved.
   5  * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
   6  */
   7
   8 #include "portable.h"
   9
  10 #include <stdio.h>
  11 #include <ac/string.h>
  12
  13 #include "back-bdb.h"
  14 #include "idl.h"
  15 #include "external.h"
  16
  17 static int base_candidate(
  18         BackendDB       *be,
  19         Entry   *e,
  20         ID              *ids );
  21 static int search_candidates(
  22         BackendDB *be,
  23         Operation *op,
  24         Entry *e,
  25         Filter *filter,
  26         int scope,
  27         int deref,
  28         ID      *ids );
  29
  30 int
  31 bdb_search(
  32         BackendDB       *be,
  33         Connection      *conn,
  34         Operation       *op,
  35         struct berval   *base,
  36         struct berval   *nbase,
  37         int             scope,
  38         int             deref,
  39         int             slimit,
  40         int             tlimit,
  41         Filter  *filter,
  42         struct berval   *filterstr,
  43         AttributeName   *attrs,
  44         int             attrsonly )
  45 {
  46         struct bdb_info *bdb = (struct bdb_info *) be->be_private;
  47         int             rc;
  48         const char *text = NULL;
  49         time_t          stoptime;
  50         ID              id, cursor;
  51         ID              candidates[BDB_IDL_UM_SIZE];
  52         Entry           *e = NULL;
  53         BerVarray v2refs = NULL;
  54         Entry   *matched = NULL;
  55         struct berval   realbase = { 0, NULL };
  56         int             nentries = 0;
  57         int             manageDSAit;
  58
  59         struct slap_limits_set *limit = NULL;
  60         int isroot = 0;
  61
  62         u_int32_t       locker;
  63         DB_LOCK         lock;
  64
  65 #ifdef NEW_LOGGING
  66         LDAP_LOG (( "search", LDAP_LEVEL_ENTRY,"bdb_back_search\n"));
  67 #else
  68         Debug( LDAP_DEBUG_TRACE, "=> bdb_back_search\n",
  69                 0, 0, 0);
  70 #endif
  71
  72         manageDSAit = get_manageDSAit( op );
  73
  74         LOCK_ID (bdb->bi_dbenv, &locker );
  75
  76         if ( nbase->bv_len == 0 ) {
  77                 /* DIT root special case */
  78                 e = (Entry *) &slap_entry_root;
  79                 rc = 0;
  80         } else
  81 #ifdef BDB_ALIASES
  82         /* get entry with reader lock */
  83         if ( deref & LDAP_DEREF_FINDING ) {
  84                 e = deref_dn_r( be, nbase-, &err, &matched, &text );
  85
  86         } else
  87 #endif
  88         {
  89 dn2entry_retry:
  90                 rc = bdb_dn2entry_r( be, NULL, nbase, &e, &matched, 0, locker, &lock );
  91         }
  92
  93         switch(rc) {
  94         case DB_NOTFOUND:
  95         case 0:
  96                 break;
  97         case LDAP_BUSY:
  98                 if (e != NULL) {
  99                         bdb_cache_return_entry_r(bdb->bi_dbenv, &bdb->bi_cache, e, &lock);
 100                 }
 101                 if (matched != NULL) {
 102                         bdb_cache_return_entry_r(bdb->bi_dbenv, &bdb->bi_cache, matched, &lock);
 103                 }
 104                 send_ldap_result( conn, op, LDAP_BUSY,
 105                         NULL, "ldap server busy", NULL, NULL );
 106                 LOCK_ID_FREE (bdb->bi_dbenv, locker );
 107                 return LDAP_BUSY;
 108         case DB_LOCK_DEADLOCK:
 109         case DB_LOCK_NOTGRANTED:
 110                 goto dn2entry_retry;
 111         default:
 112                 if (e != NULL) {
 113                         bdb_cache_return_entry_r(bdb->bi_dbenv, &bdb->bi_cache, e, &lock);
 114                 }
 115                 if (matched != NULL) {
 116                         bdb_cache_return_entry_r(bdb->bi_dbenv, &bdb->bi_cache, matched, &lock);
 117                 }
 118                 send_ldap_result( conn, op, rc=LDAP_OTHER,
 119                         NULL, "internal error", NULL, NULL );
 120                 LOCK_ID_FREE (bdb->bi_dbenv, locker );
 121                 return rc;
 122         }
 123
 124         if ( e == NULL ) {
 125                 struct berval matched_dn = { 0, NULL };
 126                 BerVarray refs = NULL;
 127
 128                 if ( matched != NULL ) {
 129                         BerVarray erefs;
 130                         ber_dupbv( &matched_dn, &matched->e_name );
 131
 132                         erefs = is_entry_referral( matched )
 133                                 ? get_entry_referrals( be, conn, op, matched )
 134                                 : NULL;
 135
 136                         bdb_cache_return_entry_r (bdb->bi_dbenv, &bdb->bi_cache, matched, &lock);
 137                         matched = NULL;
 138
 139                         if( erefs ) {
 140                                 refs = referral_rewrite( erefs, &matched_dn,
 141                                         base, scope );
 142                                 ber_bvarray_free( erefs );
 143                         }
 144
 145                 } else {
 146                         refs = referral_rewrite( default_referral,
 147                                 NULL, base, scope );
 148                 }
 149
 150                 send_ldap_result( conn, op,     rc=LDAP_REFERRAL ,
 151                         matched_dn.bv_val, text, refs, NULL );
 152
 153                 LOCK_ID_FREE (bdb->bi_dbenv, locker );
 154                 if ( refs ) ber_bvarray_free( refs );
 155                 if ( matched_dn.bv_val ) ber_memfree( matched_dn.bv_val );
 156                 return rc;
 157         }
 158
 159         if (!manageDSAit && e != &slap_entry_root && is_entry_referral( e ) ) {
 160                 /* entry is a referral, don't allow add */
 161                 struct berval matched_dn;
 162                 BerVarray erefs, refs;
 163
 164                 ber_dupbv( &matched_dn, &e->e_name );
 165                 erefs = get_entry_referrals( be, conn, op, e );
 166                 refs = NULL;
 167
 168                 bdb_cache_return_entry_r( bdb->bi_dbenv, &bdb->bi_cache, e, &lock );
 169                 e = NULL;
 170
 171                 if( erefs ) {
 172                         refs = referral_rewrite( erefs, &matched_dn,
 173                                 base, scope );
 174                         ber_bvarray_free( erefs );
 175                 }
 176
 177 #ifdef NEW_LOGGING
 178                 LDAP_LOG (( "search", LDAP_LEVEL_RESULTS,"bdb_search: entry is referral\n"));
 179 #else
 180                 Debug( LDAP_DEBUG_TRACE, "bdb_search: entry is referral\n",
 181                         0, 0, 0 );
 182 #endif
 183
 184                 send_ldap_result( conn, op, LDAP_REFERRAL,
 185                         matched_dn.bv_val,
 186                         refs ? NULL : "bad referral object",
 187                         refs, NULL );
 188
 189                 LOCK_ID_FREE (bdb->bi_dbenv, locker );
 190                 ber_bvarray_free( refs );
 191                 ber_memfree( matched_dn.bv_val );
 192                 return 1;
 193         }
 194
 195         /* if not root, get appropriate limits */
 196         if ( be_isroot( be, &op->o_ndn ) ) {
 197                 isroot = 1;
 198         } else {
 199                 ( void ) get_limits( be, &op->o_ndn, &limit );
 200         }
 201
 202         /* The time/size limits come first because they require very little
 203          * effort, so there's no chance the candidates are selected and then
 204          * the request is not honored only because of time/size constraints */
 205
 206         /* if no time limit requested, use soft limit (unless root!) */
 207         if ( isroot ) {
 208                 if ( tlimit == 0 ) {
 209                         tlimit = -1;    /* allow root to set no limit */
 210                 }
 211
 212                 if ( slimit == 0 ) {
 213                         slimit = -1;
 214                 }
 215
 216         } else {
 217                 /* if no limit is required, use soft limit */
 218                 if ( tlimit <= 0 ) {
 219                         tlimit = limit->lms_t_soft;
 220
 221                 /* if requested limit higher than hard limit, abort */
 222                 } else if ( tlimit > limit->lms_t_hard ) {
 223                         /* no hard limit means use soft instead */
 224                         if ( limit->lms_t_hard == 0 && tlimit > limit->lms_t_soft ) {
 225                                 tlimit = limit->lms_t_soft;
 226
 227                         /* positive hard limit means abort */
 228                         } else if ( limit->lms_t_hard > 0 ) {
 229                                 send_search_result( conn, op,
 230                                                 LDAP_UNWILLING_TO_PERFORM,
 231                                                 NULL, NULL, NULL, NULL, 0 );
 232                                 rc = 0;
 233                                 goto done;
 234                         }
 235
 236                         /* negative hard limit means no limit */
 237                 }
 238
 239                 /* if no limit is required, use soft limit */
 240                 if ( slimit <= 0 ) {
 241                         slimit = limit->lms_s_soft;
 242
 243                 /* if requested limit higher than hard limit, abort */
 244                 } else if ( slimit > limit->lms_s_hard ) {
 245                         /* no hard limit means use soft instead */
 246                         if ( limit->lms_s_hard == 0 && slimit > limit->lms_s_soft ) {
 247                                 slimit = limit->lms_s_soft;
 248
 249                         /* positive hard limit means abort */
 250                         } else if ( limit->lms_s_hard > 0 ) {
 251                                 send_search_result( conn, op,
 252                                                 LDAP_UNWILLING_TO_PERFORM,
 253                                                 NULL, NULL, NULL, NULL, 0 );
 254                                 rc = 0;
 255                                 goto done;
 256                         }
 257
 258                         /* negative hard limit means no limit */
 259                 }
 260         }
 261
 262         /* compute it anyway; root does not use it */
 263         stoptime = op->o_time + tlimit;
 264
 265         /* select candidates */
 266         if ( scope == LDAP_SCOPE_BASE ) {
 267                 rc = base_candidate( be, e, candidates );
 268
 269         } else {
 270                 BDB_IDL_ALL( bdb, candidates );
 271                 rc = search_candidates( be, op, e, filter,
 272                         scope, deref, candidates );
 273         }
 274
 275         /* need normalized dn below */
 276         ber_dupbv( &realbase, &e->e_nname );
 277
 278         /* start cursor at base entry's id
 279          * FIXME: hack to make "" base work
 280          * FIXME: moddn needs to assign new ID for this to work
 281          */
 282         cursor = e->e_id == NOID ? 1 : e->e_id;
 283
 284         if ( e != &slap_entry_root ) {
 285                 bdb_cache_return_entry_r(bdb->bi_dbenv, &bdb->bi_cache, e, &lock);
 286         }
 287         e = NULL;
 288
 289         if ( candidates[0] == 0 ) {
 290 #ifdef NEW_LOGGING
 291         LDAP_LOG (( "search", LDAP_LEVEL_RESULTS,"bdb_search: no candidates\n"));
 292 #else
 293                 Debug( LDAP_DEBUG_TRACE, "bdb_search: no candidates\n",
 294                         0, 0, 0 );
 295 #endif
 296
 297                 send_search_result( conn, op,
 298                         LDAP_SUCCESS,
 299                         NULL, NULL, NULL, NULL, 0 );
 300
 301                 rc = 1;
 302                 goto done;
 303         }
 304
 305         /* if not root and candidates exceed to-be-checked entries, abort */
 306         if ( !isroot && limit->lms_s_unchecked != -1 ) {
 307                 if ( BDB_IDL_N(candidates) > (unsigned) limit->lms_s_unchecked ) {
 308                         send_search_result( conn, op,
 309                                         LDAP_ADMINLIMIT_EXCEEDED,
 310                                         NULL, NULL, NULL, NULL, 0 );
 311                         rc = 1;
 312                         goto done;
 313                 }
 314         }
 315
 316         for ( id = bdb_idl_first( candidates, &cursor );
 317                 id != NOID;
 318                 id = bdb_idl_next( candidates, &cursor ) )
 319         {
 320                 int             scopeok = 0;
 321
 322                 /* check for abandon */
 323                 if ( op->o_abandon ) {
 324                         rc = 0;
 325                         goto done;
 326                 }
 327
 328                 /* check time limit */
 329                 if ( tlimit != -1 && slap_get_time() > stoptime ) {
 330                         send_search_result( conn, op, rc = LDAP_TIMELIMIT_EXCEEDED,
 331                                 NULL, NULL, v2refs, NULL, nentries );
 332                         goto done;
 333                 }
 334
 335 id2entry_retry:
 336                 /* get the entry with reader lock */
 337                 rc = bdb_id2entry_r( be, NULL, id, &e, locker, &lock );
 338
 339                 if (rc == LDAP_BUSY) {
 340                         send_ldap_result( conn, op, rc=LDAP_BUSY,
 341                                 NULL, "ldap server busy", NULL, NULL );
 342                         goto done;
 343
 344                 } else if ( rc == DB_LOCK_DEADLOCK || rc == DB_LOCK_NOTGRANTED ) {
 345                         goto id2entry_retry;
 346                 }
 347
 348                 if ( e == NULL ) {
 349                         if( !BDB_IDL_IS_RANGE(candidates) ) {
 350                                 /* only complain for non-range IDLs */
 351 #ifdef NEW_LOGGING
 352                                 LDAP_LOG (( "search", LDAP_LEVEL_RESULTS,"bdb_search: candidate %ld not found\n", (long) id));
 353 #else
 354                                 Debug( LDAP_DEBUG_TRACE,
 355                                         "bdb_search: candidate %ld not found\n",
 356                                         (long) id, 0, 0 );
 357 #endif
 358                         }
 359
 360                         goto loop_continue;
 361                 }
 362
 363 #ifdef BDB_SUBENTRIES
 364                 if ( is_entry_subentry( e ) ) {
 365                         if( scope != LDAP_SCOPE_BASE ) {
 366                                 if(!get_subentries_visibility( op )) {
 367                                         /* only subentries are visible */
 368                                         goto loop_continue;
 369                                 }
 370
 371                         } else if ( get_subentries( op ) &&
 372                                 !get_subentries_visibility( op ))
 373                         {
 374                                 /* only subentries are visible */
 375                                 goto loop_continue;
 376                         }
 377
 378                 } else if ( get_subentries_visibility( op )) {
 379                         /* only subentries are visible */
 380                         goto loop_continue;
 381                 }
 382 #endif
 383
 384 #ifdef BDB_ALIASES
 385                 if ( deref & LDAP_DEREF_SEARCHING && is_entry_alias( e ) ) {
 386                         Entry *matched;
 387                         int err;
 388                         const char *text;
 389
 390                         e = deref_entry_r( be, e, &err, &matched, &text );
 391
 392                         if( e == NULL ) {
 393                                 e = matched;
 394                                 goto loop_continue;
 395                         }
 396
 397                         if( e->e_id == id ) {
 398                                 /* circular loop */
 399                                 goto loop_continue;
 400                         }
 401
 402                         /* need to skip alias which deref into scope */
 403                         if( scope & LDAP_SCOPE_ONELEVEL ) {
 404                                 struct berval   pdn;
 405
 406                                 dnParent( &e->e_nname, &pdn ):
 407                                 if ( ber_bvcmp( pdn, &realbase ) ) {
 408                                         goto loop_continue;
 409                                 }
 410
 411                         } else if ( dnIsSuffix( &e->e_nname, &realbase ) ) {
 412                                 /* alias is within scope */
 413 #ifdef NEW_LOGGING
 414                                 LDAP_LOG (( "search", LDAP_LEVEL_RESULTS,"bdb_search: \"%s\" in subtree\n", e->edn));
 415 #else
 416                                 Debug( LDAP_DEBUG_TRACE,
 417                                         "bdb_search: \"%s\" in subtree\n",
 418                                         e->e_dn, 0, 0 );
 419 #endif
 420                                 goto loop_continue;
 421                         }
 422
 423                         scopeok = 1;
 424                 }
 425 #endif
 426
 427                 /*
 428                  * if it's a referral, add it to the list of referrals. only do
 429                  * this for non-base searches, and don't check the filter
 430                  * explicitly here since it's only a candidate anyway.
 431                  */
 432                 if ( !manageDSAit && scope != LDAP_SCOPE_BASE &&
 433                         is_entry_referral( e ) )
 434                 {
 435                         struct berval   dn;
 436
 437                         /* check scope */
 438                         if ( !scopeok && scope == LDAP_SCOPE_ONELEVEL ) {
 439                                 if ( !be_issuffix( be, &e->e_nname ) ) {
 440                                         dnParent( &e->e_nname, &dn );
 441                                         scopeok = dn_match( &dn, &realbase );
 442                                 } else {
 443                                         scopeok = (realbase.bv_len == 0);
 444                                 }
 445
 446                         } else if ( !scopeok && scope == LDAP_SCOPE_SUBTREE ) {
 447                                 scopeok = dnIsSuffix( &e->e_nname, &realbase );
 448
 449                         } else {
 450                                 scopeok = 1;
 451                         }
 452
 453                         if( scopeok ) {
 454                                 BerVarray erefs = get_entry_referrals(
 455                                         be, conn, op, e );
 456                                 BerVarray refs = referral_rewrite( erefs,
 457                                         &e->e_name, NULL,
 458                                         scope == LDAP_SCOPE_SUBTREE
 459                                                 ? LDAP_SCOPE_SUBTREE
 460                                                 : LDAP_SCOPE_BASE );
 461
 462                                 send_search_reference( be, conn, op,
 463                                         e, refs, NULL, &v2refs );
 464
 465                                 ber_bvarray_free( refs );
 466
 467                         } else {
 468 #ifdef NEW_LOGGING
 469                                 LDAP_LOG(( "backend", LDAP_LEVEL_DETAIL2,
 470                                         "bdb_search: candidate referral %ld scope not okay\n",
 471                                         id ));
 472 #else
 473                                 Debug( LDAP_DEBUG_TRACE,
 474                                         "bdb_search: candidate referral %ld scope not okay\n",
 475                                         id, 0, 0 );
 476 #endif
 477                         }
 478
 479                         goto loop_continue;
 480                 }
 481
 482                 /* if it matches the filter and scope, send it */
 483                 rc = test_filter( be, conn, op, e, filter );
 484                 if ( rc == LDAP_COMPARE_TRUE ) {
 485                         struct berval   dn;
 486
 487                         /* check scope */
 488                         if ( !scopeok && scope == LDAP_SCOPE_ONELEVEL ) {
 489                                 if ( be_issuffix( be, &e->e_nname ) ) {
 490                                         scopeok = (realbase.bv_len == 0);
 491                                 } else {
 492                                         dnParent( &e->e_nname, &dn );
 493                                         scopeok = dn_match( &dn, &realbase );
 494                                 }
 495
 496                         } else if ( !scopeok && scope == LDAP_SCOPE_SUBTREE ) {
 497                                 scopeok = dnIsSuffix( &e->e_nname, &realbase );
 498
 499                         } else {
 500                                 scopeok = 1;
 501                         }
 502
 503                         if ( scopeok ) {
 504                                 /* check size limit */
 505                                 if ( --slimit == -1 ) {
 506                                         bdb_cache_return_entry_r (bdb->bi_dbenv, &bdb->bi_cache, e, &lock);
 507                                         e = NULL;
 508                                         send_search_result( conn, op,
 509                                                 rc = LDAP_SIZELIMIT_EXCEEDED, NULL, NULL,
 510                                                 v2refs, NULL, nentries );
 511                                         goto done;
 512                                 }
 513
 514                                 if (e) {
 515                                         int result;
 516
 517                                         if( op->o_noop ) {
 518                                                 result = 0;
 519                                         } else {
 520                                                 result = send_search_entry( be, conn, op,
 521                                                         e, attrs, attrsonly, NULL);
 522                                         }
 523
 524                                         switch (result) {
 525                                         case 0:         /* entry sent ok */
 526                                                 nentries++;
 527                                                 break;
 528                                         case 1:         /* entry not sent */
 529                                                 break;
 530                                         case -1:        /* connection closed */
 531                                                 bdb_cache_return_entry_r(bdb->bi_dbenv, &bdb->bi_cache, e, &lock);
 532                                                 e = NULL;
 533                                                 rc = LDAP_OTHER;
 534                                                 goto done;
 535                                         }
 536                                 }
 537                         } else {
 538 #ifdef NEW_LOGGING
 539                                 LDAP_LOG (( "search", LDAP_LEVEL_RESULTS,"bdb_search: %ld scope not okay\n", (long) id));
 540 #else
 541                                 Debug( LDAP_DEBUG_TRACE,
 542                                         "bdb_search: %ld scope not okay\n",
 543                                         (long) id, 0, 0 );
 544 #endif
 545                         }
 546                 } else {
 547 #ifdef NEW_LOGGING
 548                                 LDAP_LOG (( "search", LDAP_LEVEL_RESULTS,"bdb_search: %ld does match filter\n", (long) id));
 549 #else
 550                         Debug( LDAP_DEBUG_TRACE,
 551                                 "bdb_search: %ld does match filter\n",
 552                                 (long) id, 0, 0 );
 553 #endif
 554                 }
 555
 556 loop_continue:
 557                 if( e != NULL ) {
 558                         /* free reader lock */
 559                         bdb_cache_return_entry_r ( bdb->bi_dbenv, &bdb->bi_cache, e , &lock);
 560                         e = NULL;
 561                 }
 562
 563                 ldap_pvt_thread_yield();
 564         }
 565         send_search_result( conn, op,
 566                 v2refs == NULL ? LDAP_SUCCESS : LDAP_REFERRAL,
 567                 NULL, NULL, v2refs, NULL, nentries );
 568
 569         rc = 0;
 570
 571 done:
 572         if( e != NULL ) {
 573                 /* free reader lock */
 574                 bdb_cache_return_entry_r ( bdb->bi_dbenv, &bdb->bi_cache, e, &lock );
 575         }
 576
 577         LOCK_ID_FREE (bdb->bi_dbenv, locker );
 578
 579         if( v2refs ) ber_bvarray_free( v2refs );
 580         if( realbase.bv_val ) ch_free( realbase.bv_val );
 581
 582         return rc;
 583 }
 584
 585
 586 static int base_candidate(
 587         BackendDB       *be,
 588         Entry   *e,
 589         ID              *ids )
 590 {
 591 #ifdef NEW_LOGGING
 592         LDAP_LOG (( "search", LDAP_LEVEL_ENTRY,"base_candidate: base: \"%s\" (0x%08lx)\n", e->e_dn, (long) e->e_id));
 593 #else
 594         Debug(LDAP_DEBUG_ARGS, "base_candidates: base: \"%s\" (0x%08lx)\n",
 595                 e->e_dn, (long) e->e_id, 0);
 596 #endif
 597
 598         ids[0] = 1;
 599         ids[1] = e->e_id;
 600         return 0;
 601 }
 602
 603 /* Is "objectClass=xx" mentioned anywhere in this filter? Presence
 604  * doesn't count, we're looking for explicit values. Also count depth
 605  * of filter tree while we're at it.
 606  */
 607 static int oc_filter(
 608         Filter *f,
 609         int cur,
 610         int *max
 611 )
 612 {
 613         int rc = 0;
 614
 615         if( cur > *max ) *max = cur;
 616
 617         switch(f->f_choice) {
 618         case LDAP_FILTER_EQUALITY:
 619         case LDAP_FILTER_APPROX:
 620                 if (f->f_av_desc == slap_schema.si_ad_objectClass)
 621                         rc = 1;
 622                 break;
 623
 624         case LDAP_FILTER_SUBSTRINGS:
 625                 if (f->f_sub_desc == slap_schema.si_ad_objectClass)
 626                         rc = 1;
 627                 break;
 628
 629         case LDAP_FILTER_AND:
 630         case LDAP_FILTER_OR:
 631                 cur++;
 632                 for (f=f->f_and; f; f=f->f_next)
 633                         if ((rc = oc_filter(f, cur, max)))
 634                                 break;
 635                 break;
 636         default:
 637                 break;
 638         }
 639         return rc;
 640 }
 641
 642 static int search_candidates(
 643         BackendDB *be,
 644         Operation *op,
 645         Entry *e,
 646         Filter *filter,
 647         int scope,
 648         int deref,
 649         ID      *ids )
 650 {
 651         int rc, depth = 1;
 652         Filter          f, scopef, rf, xf;
 653         ID              *stack;
 654         AttributeAssertion aa_ref;
 655 #ifdef BDB_SUBENTRIES
 656         Filter  sf;
 657         AttributeAssertion aa_subentry;
 658 #endif
 659 #ifdef BDB_ALIASES
 660         Filter  af;
 661         AttributeAssertion aa_alias;
 662 #endif
 663
 664         /*
 665          * This routine takes as input a filter (user-filter)
 666          * and rewrites it as follows:
 667          *      (&(scope=DN)[(objectClass=subentry)]
 668          *              (|[(objectClass=referral)(objectClass=alias)](user-filter))
 669          */
 670
 671 #ifdef NEW_LOGGING
 672         LDAP_LOG (( "search", LDAP_LEVEL_ENTRY,"search_candidates: base=\"%s\" (0x%08lx) scope=%d\n", e->e_dn, (long) e->e_id, scope));
 673 #else
 674         Debug(LDAP_DEBUG_TRACE,
 675                 "search_candidates: base=\"%s\" (0x%08lx) scope=%d\n",
 676                 e->e_dn, (long) e->e_id, scope );
 677 #endif
 678
 679         xf.f_or = filter;
 680         xf.f_choice = LDAP_FILTER_OR;
 681         xf.f_next = NULL;
 682
 683         /* If the user's filter doesn't mention objectClass, or if
 684          * it just uses objectClass=*, these clauses are redundant.
 685          */
 686         if (oc_filter(filter, 1, &depth) && !get_subentries_visibility(op) ) {
 687                 if( !get_manageDSAit(op) ) { /* match referrals */
 688                         struct berval bv_ref = { sizeof("REFERRAL")-1, "REFERRAL" };
 689                         rf.f_choice = LDAP_FILTER_EQUALITY;
 690                         rf.f_ava = &aa_ref;
 691                         rf.f_av_desc = slap_schema.si_ad_objectClass;
 692                         rf.f_av_value = bv_ref;
 693                         rf.f_next = xf.f_or;
 694                         xf.f_or = &rf;
 695                 }
 696
 697 #ifdef BDB_ALIASES
 698                 if( deref & LDAP_DEREF_SEARCHING ) { /* match aliases */
 699                         struct berval bv_alias = { sizeof("ALIAS")-1, "ALIAS" };
 700                         af.f_choice = LDAP_FILTER_EQUALITY;
 701                         af.f_ava = &aa_alias;
 702                         af.f_av_desc = slap_schema.si_ad_objectClass;
 703                         af.f_av_value = bv_alias;
 704                         af.f_next = xf.f_or;
 705                         xf.f_or = &af;
 706                 }
 707 #endif
 708                 /* We added one of these clauses, filter depth increased */
 709                 if( xf.f_or != filter ) depth++;
 710         }
 711
 712         f.f_next = NULL;
 713         f.f_choice = LDAP_FILTER_AND;
 714         f.f_and = &scopef;
 715         scopef.f_choice = scope == LDAP_SCOPE_SUBTREE
 716                 ? SLAPD_FILTER_DN_SUBTREE
 717                 : SLAPD_FILTER_DN_ONE;
 718         scopef.f_dn = &e->e_nname;
 719         scopef.f_next = xf.f_or == filter ? filter : &xf ;
 720         /* Filter depth increased again, adding scope clause */
 721         depth++;
 722
 723 #ifdef BDB_SUBENTRIES
 724         if( get_subentries_visibility( op ) ) {
 725                 struct berval bv_subentry = { sizeof("SUBENTRY")-1, "SUBENTRY" };
 726                 sf.f_choice = LDAP_FILTER_EQUALITY;
 727                 sf.f_ava = &aa_subentry;
 728                 sf.f_av_desc = slap_schema.si_ad_objectClass;
 729                 sf.f_av_value = bv_subentry;
 730                 sf.f_next = scopef.f_next;
 731                 scopef.f_next = &sf;
 732         }
 733 #endif
 734
 735         /* Allocate IDL stack, plus 1 more for former tmp */
 736         stack = malloc( (depth + 1) * BDB_IDL_UM_SIZE * sizeof( ID ) );
 737
 738         rc = bdb_filter_candidates( be, &f, ids, stack, stack+BDB_IDL_UM_SIZE );
 739
 740         free( stack );
 741
 742         if( rc ) {
 743 #ifdef NEW_LOGGING
 744         LDAP_LOG (( "search", LDAP_LEVEL_DETAIL1,"bdb_search_candidates: failed (rc=%d)\n", rc));
 745 #else
 746                 Debug(LDAP_DEBUG_TRACE,
 747                         "bdb_search_candidates: failed (rc=%d)\n",
 748                         rc, NULL, NULL );
 749 #endif
 750
 751         } else {
 752 #ifdef NEW_LOGGING
 753                 LDAP_LOG (( "search", LDAP_LEVEL_DETAIL1,"bdb_search_candidates: id=%ld first=%ld last=%ld\n", (long) ids[0], (long) BDB_IDL_FIRST(ids), (long) BDB_IDL_LAST(ids)));
 754 #else
 755                 Debug(LDAP_DEBUG_TRACE,
 756                         "bdb_search_candidates: id=%ld first=%ld last=%ld\n",
 757                         (long) ids[0],
 758                         (long) BDB_IDL_FIRST(ids),
 759                         (long) BDB_IDL_LAST(ids) );
 760 #endif
 761         }
 762
 763         return rc;
 764 }