git.sur5r.net Git - openldap/blob - servers/slapd/back-ldbm/search.c

   1 /* search.c - ldbm backend search function */
   2 /* $OpenLDAP$ */
   3 /*
   4  * Copyright 1998-2000 The OpenLDAP Foundation, All Rights Reserved.
   5  * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
   6  */
   7
   8 #include "portable.h"
   9
  10 #include <stdio.h>
  11
  12 #include <ac/string.h>
  13 #include <ac/socket.h>
  14
  15 #include "slap.h"
  16 #include "back-ldbm.h"
  17 #include "proto-back-ldbm.h"
  18
  19 static ID_BLOCK *base_candidate(
  20         Backend *be, Entry *e );
  21
  22 static ID_BLOCK *search_candidates(
  23         Backend *be, Entry *e, Filter *filter,
  24         int scope, int deref, int manageDSAit );
  25
  26
  27 int
  28 ldbm_back_search(
  29     Backend     *be,
  30     Connection  *conn,
  31     Operation   *op,
  32     const char  *base,
  33     const char  *nbase,
  34     int         scope,
  35     int         deref,
  36     int         slimit,
  37     int         tlimit,
  38     Filter      *filter,
  39     const char  *filterstr,
  40     char        **attrs,
  41     int         attrsonly )
  42 {
  43         struct ldbminfo *li = (struct ldbminfo *) be->be_private;
  44         int             rc, err;
  45         const char *text = NULL;
  46         time_t          stoptime;
  47         ID_BLOCK                *candidates;
  48         ID              id, cursor;
  49         Entry           *e;
  50         struct berval **v2refs = NULL;
  51         Entry   *matched = NULL;
  52         char    *realbase = NULL;
  53         int             nentries = 0;
  54         int             manageDSAit = get_manageDSAit( op );
  55         int             cscope = LDAP_SCOPE_DEFAULT;
  56
  57         struct slap_limits_set *limit = NULL;
  58         int isroot = 0;
  59
  60 #ifdef NEW_LOGGING
  61         LDAP_LOG(( "backend", LDAP_LEVEL_ENTRY,
  62                    "ldbm_back_search: enter\n" ));
  63 #else
  64         Debug(LDAP_DEBUG_TRACE, "=> ldbm_back_search\n", 0, 0, 0);
  65 #endif
  66
  67
  68         if ( *nbase == '\0' ) {
  69                 /* DIT root special case */
  70                 static const Entry root = { NOID, "", "", NULL, NULL };
  71                 e = (Entry *) &root;
  72
  73                 /* need normalized dn below */
  74                 realbase = ch_strdup( e->e_ndn );
  75
  76                 candidates = search_candidates( be, e, filter,
  77                     scope, deref, manageDSAit );
  78
  79                 goto searchit;
  80
  81         } else if ( deref & LDAP_DEREF_FINDING ) {
  82                 /* deref dn and get entry with reader lock */
  83                 e = deref_dn_r( be, nbase, &err, &matched, &text );
  84
  85                 if( err == LDAP_NO_SUCH_OBJECT ) err = LDAP_REFERRAL;
  86
  87         } else {
  88                 /* get entry with reader lock */
  89                 e = dn2entry_r( be, nbase, &matched );
  90                 err = e != NULL ? LDAP_SUCCESS : LDAP_REFERRAL;
  91                 text = NULL;
  92         }
  93
  94         if ( e == NULL ) {
  95                 char *matched_dn = NULL;
  96                 struct berval **refs = NULL;
  97
  98                 if ( matched != NULL ) {
  99                         struct berval **erefs;
 100                         matched_dn = ch_strdup( matched->e_dn );
 101
 102                         erefs = is_entry_referral( matched )
 103                                 ? get_entry_referrals( be, conn, op, matched,
 104                                         base, scope )
 105                                 : NULL;
 106
 107                         cache_return_entry_r( &li->li_cache, matched );
 108
 109                         if( erefs ) {
 110                                 refs = referral_rewrite( erefs, matched_dn,
 111                                         base, scope );
 112
 113                                 ber_bvecfree( erefs );
 114                         }
 115
 116                 } else {
 117                         refs = referral_rewrite( default_referral,
 118                                 NULL, base, scope );
 119                 }
 120
 121                 send_ldap_result( conn, op, err,
 122                         matched_dn, text, refs, NULL );
 123
 124                 ber_bvecfree( refs );
 125                 free( matched_dn );
 126                 return 1;
 127         }
 128
 129         if (!manageDSAit && is_entry_referral( e ) ) {
 130                 /* entry is a referral, don't allow add */
 131                 char *matched_dn = ch_strdup( e->e_dn );
 132                 struct berval **erefs = get_entry_referrals( be,
 133                         conn, op, e, base, scope );
 134                 struct berval **refs = NULL;
 135
 136                 cache_return_entry_r( &li->li_cache, e );
 137
 138 #ifdef NEW_LOGGING
 139                 LDAP_LOG(( "backend", LDAP_LEVEL_INFO,
 140                         "ldbm_search: entry (%s) is a referral.\n",
 141                         e->e_dn ));
 142 #else
 143                 Debug( LDAP_DEBUG_TRACE,
 144                         "ldbm_search: entry is referral\n",
 145                         0, 0, 0 );
 146 #endif
 147
 148                 if( erefs ) {
 149                         refs = referral_rewrite( erefs, matched_dn,
 150                                 base, scope );
 151
 152                         ber_bvecfree( erefs );
 153                 }
 154
 155                 if( refs ) {
 156                         send_ldap_result( conn, op, LDAP_REFERRAL,
 157                                 matched_dn, NULL, refs, NULL );
 158                         ber_bvecfree( refs );
 159
 160                 } else {
 161                         send_ldap_result( conn, op, LDAP_OTHER, matched_dn,
 162                                 "bad referral object", NULL, NULL );
 163                 }
 164
 165                 free( matched_dn );
 166                 return 1;
 167         }
 168
 169         if ( is_entry_alias( e ) ) {
 170                 /* don't deref */
 171                 deref = LDAP_DEREF_NEVER;
 172         }
 173
 174         if ( scope == LDAP_SCOPE_BASE ) {
 175                 cscope = LDAP_SCOPE_BASE;
 176                 candidates = base_candidate( be, e );
 177
 178         } else {
 179                 cscope = ( scope != LDAP_SCOPE_SUBTREE )
 180                         ? LDAP_SCOPE_BASE : LDAP_SCOPE_SUBTREE;
 181                 candidates = search_candidates( be, e, filter,
 182                     scope, deref, manageDSAit );
 183         }
 184
 185         /* need normalized dn below */
 186         realbase = ch_strdup( e->e_ndn );
 187
 188         cache_return_entry_r( &li->li_cache, e );
 189
 190 searchit:
 191         if ( candidates == NULL ) {
 192                 /* no candidates */
 193 #ifdef NEW_LOGGING
 194                 LDAP_LOG(( "backend", LDAP_LEVEL_INFO,
 195                         "ldbm_search: no candidates\n" ));
 196 #else
 197                 Debug( LDAP_DEBUG_TRACE, "ldbm_search: no candidates\n",
 198                         0, 0, 0 );
 199 #endif
 200
 201                 send_search_result( conn, op,
 202                         LDAP_SUCCESS,
 203                         NULL, NULL, NULL, NULL, 0 );
 204
 205                 rc = 1;
 206                 goto done;
 207         }
 208
 209         /* if not root, get appropriate limits */
 210         if ( be_isroot( be, op->o_ndn ) ) {
 211                 isroot = 1;
 212         } else {
 213                 ( void ) get_limits( be, op->o_ndn, &limit );
 214         }
 215
 216         /* if candidates exceed to-be-checked entries, abort */
 217         if ( !isroot && limit->lms_s_unchecked != -1 ) {
 218                 if ( ID_BLOCK_NIDS( candidates ) > limit->lms_s_unchecked ) {
 219                         send_search_result( conn, op, LDAP_UNWILLING_TO_PERFORM,
 220                                         NULL, NULL, NULL, NULL, 0 );
 221                         rc = 0;
 222                         goto done;
 223                 }
 224         }
 225
 226         /* if root an no specific limit is required, allow unlimited search */
 227         if ( isroot ) {
 228                 if ( tlimit == 0 ) {
 229                         tlimit = -1;
 230                 }
 231
 232                 if ( slimit == 0 ) {
 233                         slimit = -1;
 234                 }
 235
 236         } else {
 237                 /* if no limit is required, use soft limit */
 238                 if ( tlimit <= 0 ) {
 239                         tlimit = limit->lms_t_soft;
 240
 241                 /* if requested limit higher than hard limit, abort */
 242                 } else if ( tlimit > limit->lms_t_hard ) {
 243                         /* no hard limit means use soft instead */
 244                         if ( limit->lms_t_hard == 0 ) {
 245                                 tlimit = limit->lms_t_soft;
 246
 247                         /* positive hard limit means abort */
 248                         } else if ( limit->lms_t_hard > 0 ) {
 249                                 send_search_result( conn, op,
 250                                                 LDAP_UNWILLING_TO_PERFORM,
 251                                                 NULL, NULL, NULL, NULL, 0 );
 252                                 rc = 0;
 253                                 goto done;
 254                         }
 255
 256                         /* negative hard limit means no limit */
 257                 }
 258
 259                 /* if no limit is required, use soft limit */
 260                 if ( slimit <= 0 ) {
 261                         slimit = limit->lms_s_soft;
 262
 263                 /* if requested limit higher than hard limit, abort */
 264                 } else if ( slimit > limit->lms_s_hard ) {
 265                         /* no hard limit means use soft instead */
 266                         if ( limit->lms_s_hard == 0 ) {
 267                                 slimit = limit->lms_s_soft;
 268
 269                         /* positive hard limit means abort */
 270                         } else if ( limit->lms_s_hard > 0 ) {
 271                                 send_search_result( conn, op,
 272                                                 LDAP_UNWILLING_TO_PERFORM,
 273                                                 NULL, NULL, NULL, NULL, 0 );
 274                                 rc = 0;
 275                                 goto done;
 276                         }
 277
 278                         /* negative hard limit means no limit */
 279                 }
 280         }
 281
 282         /* compute it anyway; root does not use it */
 283         stoptime = op->o_time + tlimit;
 284
 285         for ( id = idl_firstid( candidates, &cursor ); id != NOID;
 286             id = idl_nextid( candidates, &cursor ) )
 287         {
 288                 int scopeok = 0;
 289
 290                 /* check for abandon */
 291                 ldap_pvt_thread_mutex_lock( &op->o_abandonmutex );
 292
 293                 if ( op->o_abandon ) {
 294                         ldap_pvt_thread_mutex_unlock( &op->o_abandonmutex );
 295                         rc = 0;
 296                         goto done;
 297                 }
 298
 299                 ldap_pvt_thread_mutex_unlock( &op->o_abandonmutex );
 300
 301                 /* check time limit */
 302                 if ( tlimit != -1 && slap_get_time() > stoptime ) {
 303                         send_search_result( conn, op, LDAP_TIMELIMIT_EXCEEDED,
 304                                 NULL, NULL, v2refs, NULL, nentries );
 305                         rc = 0;
 306                         goto done;
 307                 }
 308
 309                 /* get the entry with reader lock */
 310                 e = id2entry_r( be, id );
 311
 312                 if ( e == NULL ) {
 313 #ifdef NEW_LOGGING
 314                         LDAP_LOG(( "backend", LDAP_LEVEL_INFO,
 315                                 "ldbm_search: candidate %ld not found.\n", id ));
 316 #else
 317                         Debug( LDAP_DEBUG_TRACE,
 318                                 "ldbm_search: candidate %ld not found\n",
 319                                 id, 0, 0 );
 320 #endif
 321
 322                         goto loop_continue;
 323                 }
 324
 325                 if ( deref & LDAP_DEREF_SEARCHING && is_entry_alias( e ) ) {
 326                         Entry *matched;
 327                         int err;
 328                         const char *text;
 329
 330                         e = deref_entry_r( be, e, &err, &matched, &text );
 331
 332                         if( e == NULL ) {
 333                                 e = matched;
 334                                 goto loop_continue;
 335                         }
 336
 337                         if( e->e_id == id ) {
 338                                 /* circular loop */
 339                                 goto loop_continue;
 340                         }
 341
 342                         /* need to skip alias which deref into scope */
 343                         if( scope & LDAP_SCOPE_ONELEVEL ) {
 344                                 char *pdn = dn_parent( NULL, e->e_ndn );
 345                                 if ( pdn != NULL ) {
 346                                         if( strcmp( pdn, realbase ) ) {
 347                                                 free( pdn );
 348                                                 goto loop_continue;
 349                                         }
 350                                         free(pdn);
 351                                 }
 352
 353                         } else if ( dn_issuffix( e->e_ndn, realbase ) ) {
 354                                 /* alias is within scope */
 355 #ifdef NEW_LOGGING
 356                                 LDAP_LOG(( "backend", LDAP_LEVEL_DETAIL1,
 357                                         "ldbm_search: alias \"%s\" in subtree\n", e->e_dn ));
 358 #else
 359                                 Debug( LDAP_DEBUG_TRACE,
 360                                         "ldbm_search: alias \"%s\" in subtree\n",
 361                                         e->e_dn, 0, 0 );
 362 #endif
 363
 364                                 goto loop_continue;
 365                         }
 366
 367                         scopeok = 1;
 368                 }
 369
 370                 /*
 371                  * if it's a referral, add it to the list of referrals. only do
 372                  * this for non-base searches, and don't check the filter
 373                  * explicitly here since it's only a candidate anyway.
 374                  */
 375                 if ( !manageDSAit && scope != LDAP_SCOPE_BASE &&
 376                         is_entry_referral( e ) )
 377                 {
 378                         char    *dn;
 379
 380                         /* check scope */
 381                         if ( !scopeok && scope == LDAP_SCOPE_ONELEVEL ) {
 382                                 if ( (dn = dn_parent( be, e->e_ndn )) != NULL ) {
 383                                         (void) dn_normalize( dn );
 384                                         scopeok = (dn == realbase)
 385                                                 ? 1
 386                                                 : (strcmp( dn, realbase ) ? 0 : 1 );
 387                                         free( dn );
 388
 389                                 } else {
 390                                         scopeok = (realbase == NULL || *realbase == '\0');
 391                                 }
 392
 393                         } else if ( !scopeok && scope == LDAP_SCOPE_SUBTREE ) {
 394                                 dn = ch_strdup( e->e_ndn );
 395                                 scopeok = dn_issuffix( dn, realbase );
 396                                 free( dn );
 397
 398                         } else {
 399                                 scopeok = 1;
 400                         }
 401
 402                         if( scopeok ) {
 403                                 struct berval **erefs = get_entry_referrals(
 404                                         be, conn, op, e, NULL, cscope );
 405                                 struct berval **refs = referral_rewrite( erefs, e->e_dn,
 406                                         NULL, scope );
 407
 408                                 send_search_reference( be, conn, op,
 409                                         e, refs, NULL, &v2refs );
 410
 411                                 ber_bvecfree( refs );
 412
 413                         } else {
 414 #ifdef NEW_LOGGING
 415                                 LDAP_LOG(( "backend", LDAP_LEVEL_DETAIL2,
 416                                         "ldbm_search: candidate referral %ld scope not okay\n",
 417                                         id ));
 418 #else
 419                                 Debug( LDAP_DEBUG_TRACE,
 420                                         "ldbm_search: candidate referral %ld scope not okay\n",
 421                                         id, 0, 0 );
 422 #endif
 423                         }
 424
 425                         goto loop_continue;
 426                 }
 427
 428                 /* if it matches the filter and scope, send it */
 429                 if ( test_filter( be, conn, op, e, filter ) == LDAP_COMPARE_TRUE ) {
 430                         char    *dn;
 431
 432                         /* check scope */
 433                         if ( !scopeok && scope == LDAP_SCOPE_ONELEVEL ) {
 434                                 if ( (dn = dn_parent( be, e->e_ndn )) != NULL ) {
 435                                         (void) dn_normalize( dn );
 436                                         scopeok = (dn == realbase)
 437                                                 ? 1
 438                                                 : (strcmp( dn, realbase ) ? 0 : 1 );
 439                                         free( dn );
 440
 441                                 } else {
 442                                         scopeok = (realbase == NULL || *realbase == '\0');
 443                                 }
 444
 445                         } else if ( !scopeok && scope == LDAP_SCOPE_SUBTREE ) {
 446                                 dn = ch_strdup( e->e_ndn );
 447                                 scopeok = dn_issuffix( dn, realbase );
 448                                 free( dn );
 449
 450                         } else {
 451                                 scopeok = 1;
 452                         }
 453
 454                         if ( scopeok ) {
 455                                 /* check size limit */
 456                                 if ( --slimit == -1 ) {
 457                                         cache_return_entry_r( &li->li_cache, e );
 458                                         send_search_result( conn, op,
 459                                                 LDAP_SIZELIMIT_EXCEEDED, NULL, NULL,
 460                                                 v2refs, NULL, nentries );
 461                                         rc = 0;
 462                                         goto done;
 463                                 }
 464
 465                                 if (e) {
 466                                         int result = send_search_entry(be, conn, op,
 467                                                 e, attrs, attrsonly, NULL);
 468
 469                                         switch (result) {
 470                                         case 0:         /* entry sent ok */
 471                                                 nentries++;
 472                                                 break;
 473                                         case 1:         /* entry not sent */
 474                                                 break;
 475                                         case -1:        /* connection closed */
 476                                                 cache_return_entry_r( &li->li_cache, e );
 477                                                 rc = 0;
 478                                                 goto done;
 479                                         }
 480                                 }
 481                         } else {
 482 #ifdef NEW_LOGGING
 483                                 LDAP_LOG(( "backend", LDAP_LEVEL_DETAIL2,
 484                                         "ldbm_search: candidate entry %ld scope not okay\n", id ));
 485 #else
 486                                 Debug( LDAP_DEBUG_TRACE,
 487                                         "ldbm_search: candidate entry %ld scope not okay\n",
 488                                         id, 0, 0 );
 489 #endif
 490                         }
 491
 492                 } else {
 493 #ifdef NEW_LOGGING
 494                         LDAP_LOG(( "backend", LDAP_LEVEL_DETAIL2,
 495                                 "ldbm_search: candidate entry %ld does not match filter\n", id ));
 496 #else
 497                         Debug( LDAP_DEBUG_TRACE,
 498                                 "ldbm_search: candidate entry %ld does not match filter\n",
 499                                 id, 0, 0 );
 500 #endif
 501                 }
 502
 503 loop_continue:
 504                 if( e != NULL ) {
 505                         /* free reader lock */
 506                         cache_return_entry_r( &li->li_cache, e );
 507                 }
 508
 509                 ldap_pvt_thread_yield();
 510         }
 511
 512         send_search_result( conn, op,
 513                 v2refs == NULL ? LDAP_SUCCESS : LDAP_REFERRAL,
 514                 NULL, NULL, v2refs, NULL, nentries );
 515
 516         rc = 0;
 517
 518 done:
 519         if( candidates != NULL )
 520                 idl_free( candidates );
 521
 522         ber_bvecfree( v2refs );
 523         if( realbase ) free( realbase );
 524
 525         return rc;
 526 }
 527
 528 static ID_BLOCK *
 529 base_candidate(
 530     Backend     *be,
 531         Entry   *e )
 532 {
 533         ID_BLOCK                *idl;
 534
 535 #ifdef NEW_LOGGING
 536         LDAP_LOG(( "backend", LDAP_LEVEL_ENTRY,
 537                    "base_candidate: base (%s)\n", e->e_dn ));
 538 #else
 539         Debug(LDAP_DEBUG_TRACE, "base_candidates: base: \"%s\"\n",
 540                 e->e_dn, 0, 0);
 541 #endif
 542
 543
 544         idl = idl_alloc( 1 );
 545         idl_insert( &idl, e->e_id, 1 );
 546
 547         return( idl );
 548 }
 549
 550 static ID_BLOCK *
 551 search_candidates(
 552     Backend     *be,
 553     Entry       *e,
 554     Filter      *filter,
 555     int         scope,
 556         int             deref,
 557         int             manageDSAit )
 558 {
 559         ID_BLOCK                *candidates;
 560         Filter          f, fand, rf, af, xf;
 561     AttributeAssertion aa_ref, aa_alias;
 562         static struct berval bv_ref = { sizeof("REFERRAL")-1, "REFERRAL" };
 563         static struct berval bv_alias = { sizeof("ALIAS")-1, "ALIAS" };
 564
 565 #ifdef NEW_LOGGING
 566         LDAP_LOG(( "backend", LDAP_LEVEL_DETAIL1,
 567                    "search_candidates: base (%s) scope %d deref %d\n",
 568                    e->e_ndn, scope, deref ));
 569 #else
 570         Debug(LDAP_DEBUG_TRACE,
 571                 "search_candidates: base=\"%s\" s=%d d=%d\n",
 572                 e->e_ndn, scope, deref );
 573 #endif
 574
 575
 576         xf.f_or = filter;
 577         xf.f_choice = LDAP_FILTER_OR;
 578         xf.f_next = NULL;
 579
 580         if( !manageDSAit ) {
 581                 /* match referrals */
 582                 rf.f_choice = LDAP_FILTER_EQUALITY;
 583                 rf.f_ava = &aa_ref;
 584                 rf.f_av_desc = slap_schema.si_ad_objectClass;
 585                 rf.f_av_value = &bv_ref;
 586                 rf.f_next = xf.f_or;
 587                 xf.f_or = &rf;
 588         }
 589
 590         if( deref & LDAP_DEREF_SEARCHING ) {
 591                 /* match aliases */
 592                 af.f_choice = LDAP_FILTER_EQUALITY;
 593                 af.f_ava = &aa_alias;
 594                 af.f_av_desc = slap_schema.si_ad_objectClass;
 595                 af.f_av_value = &bv_alias;
 596                 af.f_next = xf.f_or;
 597                 xf.f_or = &af;
 598         }
 599
 600         f.f_next = NULL;
 601         f.f_choice = LDAP_FILTER_AND;
 602         f.f_and = &fand;
 603         fand.f_choice = scope == LDAP_SCOPE_SUBTREE
 604                 ? SLAPD_FILTER_DN_SUBTREE
 605                 : SLAPD_FILTER_DN_ONE;
 606         fand.f_dn = e->e_ndn;
 607         fand.f_next = xf.f_or == filter ? filter : &xf ;
 608
 609         candidates = filter_candidates( be, &f );
 610
 611         return( candidates );
 612 }