git.sur5r.net Git - openldap/blob - servers/slapd/back-ldbm/search.c

   1 /* search.c - ldbm backend search function */
   2 /* $OpenLDAP$ */
   3 /*
   4  * Copyright 1998-2000 The OpenLDAP Foundation, All Rights Reserved.
   5  * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
   6  */
   7
   8 #include "portable.h"
   9
  10 #include <stdio.h>
  11
  12 #include <ac/string.h>
  13 #include <ac/socket.h>
  14
  15 #include "slap.h"
  16 #include "back-ldbm.h"
  17 #include "proto-back-ldbm.h"
  18
  19 static ID_BLOCK *base_candidate(
  20         Backend *be, Entry *e );
  21
  22 static ID_BLOCK *search_candidates(
  23         Backend *be, Entry *e, Filter *filter,
  24         int scope, int deref, int manageDSAit );
  25
  26
  27 int
  28 ldbm_back_search(
  29     Backend     *be,
  30     Connection  *conn,
  31     Operation   *op,
  32     const char  *base,
  33     const char  *nbase,
  34     int         scope,
  35     int         deref,
  36     int         slimit,
  37     int         tlimit,
  38     Filter      *filter,
  39     const char  *filterstr,
  40     char        **attrs,
  41     int         attrsonly )
  42 {
  43         struct ldbminfo *li = (struct ldbminfo *) be->be_private;
  44         int             rc, err;
  45         const char *text = NULL;
  46         time_t          stoptime;
  47         ID_BLOCK                *candidates;
  48         ID              id, cursor;
  49         Entry           *e;
  50         struct berval **v2refs = NULL;
  51         Entry   *matched = NULL;
  52         char    *realbase = NULL;
  53         int             nentries = 0;
  54         int             manageDSAit = get_manageDSAit( op );
  55         int             cscope = LDAP_SCOPE_DEFAULT;
  56
  57         struct slap_limits_set *limit = NULL;
  58         int isroot = 0;
  59
  60 #ifdef NEW_LOGGING
  61         LDAP_LOG(( "backend", LDAP_LEVEL_ENTRY,
  62                    "ldbm_back_search: enter\n" ));
  63 #else
  64         Debug(LDAP_DEBUG_TRACE, "=> ldbm_back_search\n", 0, 0, 0);
  65 #endif
  66
  67
  68         if ( *nbase == '\0' ) {
  69                 /* DIT root special case */
  70                 e = (Entry *) &slap_entry_root;
  71
  72                 /* need normalized dn below */
  73                 realbase = ch_strdup( e->e_ndn );
  74
  75                 candidates = search_candidates( be, e, filter,
  76                     scope, deref, manageDSAit );
  77
  78                 goto searchit;
  79
  80         } else if ( deref & LDAP_DEREF_FINDING ) {
  81                 /* deref dn and get entry with reader lock */
  82                 e = deref_dn_r( be, nbase, &err, &matched, &text );
  83
  84                 if( err == LDAP_NO_SUCH_OBJECT ) err = LDAP_REFERRAL;
  85
  86         } else {
  87                 /* get entry with reader lock */
  88                 e = dn2entry_r( be, nbase, &matched );
  89                 err = e != NULL ? LDAP_SUCCESS : LDAP_REFERRAL;
  90                 text = NULL;
  91         }
  92
  93         if ( e == NULL ) {
  94                 char *matched_dn = NULL;
  95                 struct berval **refs = NULL;
  96
  97                 if ( matched != NULL ) {
  98                         struct berval **erefs;
  99                         matched_dn = ch_strdup( matched->e_dn );
 100
 101                         erefs = is_entry_referral( matched )
 102                                 ? get_entry_referrals( be, conn, op, matched,
 103                                         base, scope )
 104                                 : NULL;
 105
 106                         cache_return_entry_r( &li->li_cache, matched );
 107
 108                         if( erefs ) {
 109                                 refs = referral_rewrite( erefs, matched_dn,
 110                                         base, scope );
 111
 112                                 ber_bvecfree( erefs );
 113                         }
 114
 115                 } else {
 116                         refs = referral_rewrite( default_referral,
 117                                 NULL, base, scope );
 118                 }
 119
 120                 send_ldap_result( conn, op, err,
 121                         matched_dn, text, refs, NULL );
 122
 123                 ber_bvecfree( refs );
 124                 free( matched_dn );
 125                 return 1;
 126         }
 127
 128         if (!manageDSAit && is_entry_referral( e ) ) {
 129                 /* entry is a referral, don't allow add */
 130                 char *matched_dn = ch_strdup( e->e_dn );
 131                 struct berval **erefs = get_entry_referrals( be,
 132                         conn, op, e, base, scope );
 133                 struct berval **refs = NULL;
 134
 135                 cache_return_entry_r( &li->li_cache, e );
 136
 137 #ifdef NEW_LOGGING
 138                 LDAP_LOG(( "backend", LDAP_LEVEL_INFO,
 139                         "ldbm_search: entry (%s) is a referral.\n",
 140                         e->e_dn ));
 141 #else
 142                 Debug( LDAP_DEBUG_TRACE,
 143                         "ldbm_search: entry is referral\n",
 144                         0, 0, 0 );
 145 #endif
 146
 147                 if( erefs ) {
 148                         refs = referral_rewrite( erefs, matched_dn,
 149                                 base, scope );
 150
 151                         ber_bvecfree( erefs );
 152                 }
 153
 154                 if( refs ) {
 155                         send_ldap_result( conn, op, LDAP_REFERRAL,
 156                                 matched_dn, NULL, refs, NULL );
 157                         ber_bvecfree( refs );
 158
 159                 } else {
 160                         send_ldap_result( conn, op, LDAP_OTHER, matched_dn,
 161                                 "bad referral object", NULL, NULL );
 162                 }
 163
 164                 free( matched_dn );
 165                 return 1;
 166         }
 167
 168         if ( is_entry_alias( e ) ) {
 169                 /* don't deref */
 170                 deref = LDAP_DEREF_NEVER;
 171         }
 172
 173         if ( scope == LDAP_SCOPE_BASE ) {
 174                 cscope = LDAP_SCOPE_BASE;
 175                 candidates = base_candidate( be, e );
 176
 177         } else {
 178                 cscope = ( scope != LDAP_SCOPE_SUBTREE )
 179                         ? LDAP_SCOPE_BASE : LDAP_SCOPE_SUBTREE;
 180                 candidates = search_candidates( be, e, filter,
 181                     scope, deref, manageDSAit );
 182         }
 183
 184         /* need normalized dn below */
 185         realbase = ch_strdup( e->e_ndn );
 186
 187         cache_return_entry_r( &li->li_cache, e );
 188
 189 searchit:
 190         if ( candidates == NULL ) {
 191                 /* no candidates */
 192 #ifdef NEW_LOGGING
 193                 LDAP_LOG(( "backend", LDAP_LEVEL_INFO,
 194                         "ldbm_search: no candidates\n" ));
 195 #else
 196                 Debug( LDAP_DEBUG_TRACE, "ldbm_search: no candidates\n",
 197                         0, 0, 0 );
 198 #endif
 199
 200                 send_search_result( conn, op,
 201                         LDAP_SUCCESS,
 202                         NULL, NULL, NULL, NULL, 0 );
 203
 204                 rc = 1;
 205                 goto done;
 206         }
 207
 208         /* if not root, get appropriate limits */
 209         if ( be_isroot( be, op->o_ndn ) ) {
 210                 isroot = 1;
 211         } else {
 212                 ( void ) get_limits( be, op->o_ndn, &limit );
 213         }
 214
 215         /* if candidates exceed to-be-checked entries, abort */
 216         if ( !isroot && limit->lms_s_unchecked != -1 ) {
 217                 if ( ID_BLOCK_NIDS( candidates ) > limit->lms_s_unchecked ) {
 218                         send_search_result( conn, op, LDAP_UNWILLING_TO_PERFORM,
 219                                         NULL, NULL, NULL, NULL, 0 );
 220                         rc = 0;
 221                         goto done;
 222                 }
 223         }
 224
 225         /* if root an no specific limit is required, allow unlimited search */
 226         if ( isroot ) {
 227                 if ( tlimit == 0 ) {
 228                         tlimit = -1;
 229                 }
 230
 231                 if ( slimit == 0 ) {
 232                         slimit = -1;
 233                 }
 234
 235         } else {
 236                 /* if no limit is required, use soft limit */
 237                 if ( tlimit <= 0 ) {
 238                         tlimit = limit->lms_t_soft;
 239
 240                 /* if requested limit higher than hard limit, abort */
 241                 } else if ( tlimit > limit->lms_t_hard ) {
 242                         /* no hard limit means use soft instead */
 243                         if ( limit->lms_t_hard == 0 ) {
 244                                 tlimit = limit->lms_t_soft;
 245
 246                         /* positive hard limit means abort */
 247                         } else if ( limit->lms_t_hard > 0 ) {
 248                                 send_search_result( conn, op,
 249                                                 LDAP_UNWILLING_TO_PERFORM,
 250                                                 NULL, NULL, NULL, NULL, 0 );
 251                                 rc = 0;
 252                                 goto done;
 253                         }
 254
 255                         /* negative hard limit means no limit */
 256                 }
 257
 258                 /* if no limit is required, use soft limit */
 259                 if ( slimit <= 0 ) {
 260                         slimit = limit->lms_s_soft;
 261
 262                 /* if requested limit higher than hard limit, abort */
 263                 } else if ( slimit > limit->lms_s_hard ) {
 264                         /* no hard limit means use soft instead */
 265                         if ( limit->lms_s_hard == 0 ) {
 266                                 slimit = limit->lms_s_soft;
 267
 268                         /* positive hard limit means abort */
 269                         } else if ( limit->lms_s_hard > 0 ) {
 270                                 send_search_result( conn, op,
 271                                                 LDAP_UNWILLING_TO_PERFORM,
 272                                                 NULL, NULL, NULL, NULL, 0 );
 273                                 rc = 0;
 274                                 goto done;
 275                         }
 276
 277                         /* negative hard limit means no limit */
 278                 }
 279         }
 280
 281         /* compute it anyway; root does not use it */
 282         stoptime = op->o_time + tlimit;
 283
 284         for ( id = idl_firstid( candidates, &cursor ); id != NOID;
 285             id = idl_nextid( candidates, &cursor ) )
 286         {
 287                 int scopeok = 0;
 288
 289                 /* check for abandon */
 290                 ldap_pvt_thread_mutex_lock( &op->o_abandonmutex );
 291
 292                 if ( op->o_abandon ) {
 293                         ldap_pvt_thread_mutex_unlock( &op->o_abandonmutex );
 294                         rc = 0;
 295                         goto done;
 296                 }
 297
 298                 ldap_pvt_thread_mutex_unlock( &op->o_abandonmutex );
 299
 300                 /* check time limit */
 301                 if ( tlimit != -1 && slap_get_time() > stoptime ) {
 302                         send_search_result( conn, op, LDAP_TIMELIMIT_EXCEEDED,
 303                                 NULL, NULL, v2refs, NULL, nentries );
 304                         rc = 0;
 305                         goto done;
 306                 }
 307
 308                 /* get the entry with reader lock */
 309                 e = id2entry_r( be, id );
 310
 311                 if ( e == NULL ) {
 312 #ifdef NEW_LOGGING
 313                         LDAP_LOG(( "backend", LDAP_LEVEL_INFO,
 314                                 "ldbm_search: candidate %ld not found.\n", id ));
 315 #else
 316                         Debug( LDAP_DEBUG_TRACE,
 317                                 "ldbm_search: candidate %ld not found\n",
 318                                 id, 0, 0 );
 319 #endif
 320
 321                         goto loop_continue;
 322                 }
 323
 324                 if ( deref & LDAP_DEREF_SEARCHING && is_entry_alias( e ) ) {
 325                         Entry *matched;
 326                         int err;
 327                         const char *text;
 328
 329                         e = deref_entry_r( be, e, &err, &matched, &text );
 330
 331                         if( e == NULL ) {
 332                                 e = matched;
 333                                 goto loop_continue;
 334                         }
 335
 336                         if( e->e_id == id ) {
 337                                 /* circular loop */
 338                                 goto loop_continue;
 339                         }
 340
 341                         /* need to skip alias which deref into scope */
 342                         if( scope & LDAP_SCOPE_ONELEVEL ) {
 343                                 char *pdn = dn_parent( NULL, e->e_ndn );
 344                                 if ( pdn != NULL ) {
 345                                         if( strcmp( pdn, realbase ) ) {
 346                                                 free( pdn );
 347                                                 goto loop_continue;
 348                                         }
 349                                         free(pdn);
 350                                 }
 351
 352                         } else if ( dn_issuffix( e->e_ndn, realbase ) ) {
 353                                 /* alias is within scope */
 354 #ifdef NEW_LOGGING
 355                                 LDAP_LOG(( "backend", LDAP_LEVEL_DETAIL1,
 356                                         "ldbm_search: alias \"%s\" in subtree\n", e->e_dn ));
 357 #else
 358                                 Debug( LDAP_DEBUG_TRACE,
 359                                         "ldbm_search: alias \"%s\" in subtree\n",
 360                                         e->e_dn, 0, 0 );
 361 #endif
 362
 363                                 goto loop_continue;
 364                         }
 365
 366                         scopeok = 1;
 367                 }
 368
 369                 /*
 370                  * if it's a referral, add it to the list of referrals. only do
 371                  * this for non-base searches, and don't check the filter
 372                  * explicitly here since it's only a candidate anyway.
 373                  */
 374                 if ( !manageDSAit && scope != LDAP_SCOPE_BASE &&
 375                         is_entry_referral( e ) )
 376                 {
 377                         char    *dn;
 378
 379                         /* check scope */
 380                         if ( !scopeok && scope == LDAP_SCOPE_ONELEVEL ) {
 381                                 if ( (dn = dn_parent( be, e->e_ndn )) != NULL ) {
 382                                         (void) dn_normalize( dn );
 383                                         scopeok = (dn == realbase)
 384                                                 ? 1
 385                                                 : (strcmp( dn, realbase ) ? 0 : 1 );
 386                                         free( dn );
 387
 388                                 } else {
 389                                         scopeok = (realbase == NULL || *realbase == '\0');
 390                                 }
 391
 392                         } else if ( !scopeok && scope == LDAP_SCOPE_SUBTREE ) {
 393                                 dn = ch_strdup( e->e_ndn );
 394                                 scopeok = dn_issuffix( dn, realbase );
 395                                 free( dn );
 396
 397                         } else {
 398                                 scopeok = 1;
 399                         }
 400
 401                         if( scopeok ) {
 402                                 struct berval **erefs = get_entry_referrals(
 403                                         be, conn, op, e, NULL, cscope );
 404                                 struct berval **refs = referral_rewrite( erefs, e->e_dn,
 405                                         NULL, scope );
 406
 407                                 send_search_reference( be, conn, op,
 408                                         e, refs, NULL, &v2refs );
 409
 410                                 ber_bvecfree( refs );
 411
 412                         } else {
 413 #ifdef NEW_LOGGING
 414                                 LDAP_LOG(( "backend", LDAP_LEVEL_DETAIL2,
 415                                         "ldbm_search: candidate referral %ld scope not okay\n",
 416                                         id ));
 417 #else
 418                                 Debug( LDAP_DEBUG_TRACE,
 419                                         "ldbm_search: candidate referral %ld scope not okay\n",
 420                                         id, 0, 0 );
 421 #endif
 422                         }
 423
 424                         goto loop_continue;
 425                 }
 426
 427                 /* if it matches the filter and scope, send it */
 428                 if ( test_filter( be, conn, op, e, filter ) == LDAP_COMPARE_TRUE ) {
 429                         char    *dn;
 430
 431                         /* check scope */
 432                         if ( !scopeok && scope == LDAP_SCOPE_ONELEVEL ) {
 433                                 if ( (dn = dn_parent( be, e->e_ndn )) != NULL ) {
 434                                         (void) dn_normalize( dn );
 435                                         scopeok = (dn == realbase)
 436                                                 ? 1
 437                                                 : (strcmp( dn, realbase ) ? 0 : 1 );
 438                                         free( dn );
 439
 440                                 } else {
 441                                         scopeok = (realbase == NULL || *realbase == '\0');
 442                                 }
 443
 444                         } else if ( !scopeok && scope == LDAP_SCOPE_SUBTREE ) {
 445                                 dn = ch_strdup( e->e_ndn );
 446                                 scopeok = dn_issuffix( dn, realbase );
 447                                 free( dn );
 448
 449                         } else {
 450                                 scopeok = 1;
 451                         }
 452
 453                         if ( scopeok ) {
 454                                 /* check size limit */
 455                                 if ( --slimit == -1 ) {
 456                                         cache_return_entry_r( &li->li_cache, e );
 457                                         send_search_result( conn, op,
 458                                                 LDAP_SIZELIMIT_EXCEEDED, NULL, NULL,
 459                                                 v2refs, NULL, nentries );
 460                                         rc = 0;
 461                                         goto done;
 462                                 }
 463
 464                                 if (e) {
 465                                         int result = send_search_entry(be, conn, op,
 466                                                 e, attrs, attrsonly, NULL);
 467
 468                                         switch (result) {
 469                                         case 0:         /* entry sent ok */
 470                                                 nentries++;
 471                                                 break;
 472                                         case 1:         /* entry not sent */
 473                                                 break;
 474                                         case -1:        /* connection closed */
 475                                                 cache_return_entry_r( &li->li_cache, e );
 476                                                 rc = 0;
 477                                                 goto done;
 478                                         }
 479                                 }
 480                         } else {
 481 #ifdef NEW_LOGGING
 482                                 LDAP_LOG(( "backend", LDAP_LEVEL_DETAIL2,
 483                                         "ldbm_search: candidate entry %ld scope not okay\n", id ));
 484 #else
 485                                 Debug( LDAP_DEBUG_TRACE,
 486                                         "ldbm_search: candidate entry %ld scope not okay\n",
 487                                         id, 0, 0 );
 488 #endif
 489                         }
 490
 491                 } else {
 492 #ifdef NEW_LOGGING
 493                         LDAP_LOG(( "backend", LDAP_LEVEL_DETAIL2,
 494                                 "ldbm_search: candidate entry %ld does not match filter\n", id ));
 495 #else
 496                         Debug( LDAP_DEBUG_TRACE,
 497                                 "ldbm_search: candidate entry %ld does not match filter\n",
 498                                 id, 0, 0 );
 499 #endif
 500                 }
 501
 502 loop_continue:
 503                 if( e != NULL ) {
 504                         /* free reader lock */
 505                         cache_return_entry_r( &li->li_cache, e );
 506                 }
 507
 508                 ldap_pvt_thread_yield();
 509         }
 510
 511         send_search_result( conn, op,
 512                 v2refs == NULL ? LDAP_SUCCESS : LDAP_REFERRAL,
 513                 NULL, NULL, v2refs, NULL, nentries );
 514
 515         rc = 0;
 516
 517 done:
 518         if( candidates != NULL )
 519                 idl_free( candidates );
 520
 521         ber_bvecfree( v2refs );
 522         if( realbase ) free( realbase );
 523
 524         return rc;
 525 }
 526
 527 static ID_BLOCK *
 528 base_candidate(
 529     Backend     *be,
 530         Entry   *e )
 531 {
 532         ID_BLOCK                *idl;
 533
 534 #ifdef NEW_LOGGING
 535         LDAP_LOG(( "backend", LDAP_LEVEL_ENTRY,
 536                    "base_candidate: base (%s)\n", e->e_dn ));
 537 #else
 538         Debug(LDAP_DEBUG_TRACE, "base_candidates: base: \"%s\"\n",
 539                 e->e_dn, 0, 0);
 540 #endif
 541
 542
 543         idl = idl_alloc( 1 );
 544         idl_insert( &idl, e->e_id, 1 );
 545
 546         return( idl );
 547 }
 548
 549 static ID_BLOCK *
 550 search_candidates(
 551     Backend     *be,
 552     Entry       *e,
 553     Filter      *filter,
 554     int         scope,
 555         int             deref,
 556         int             manageDSAit )
 557 {
 558         ID_BLOCK                *candidates;
 559         Filter          f, fand, rf, af, xf;
 560     AttributeAssertion aa_ref, aa_alias;
 561         static struct berval bv_ref = { sizeof("REFERRAL")-1, "REFERRAL" };
 562         static struct berval bv_alias = { sizeof("ALIAS")-1, "ALIAS" };
 563
 564 #ifdef NEW_LOGGING
 565         LDAP_LOG(( "backend", LDAP_LEVEL_DETAIL1,
 566                    "search_candidates: base (%s) scope %d deref %d\n",
 567                    e->e_ndn, scope, deref ));
 568 #else
 569         Debug(LDAP_DEBUG_TRACE,
 570                 "search_candidates: base=\"%s\" s=%d d=%d\n",
 571                 e->e_ndn, scope, deref );
 572 #endif
 573
 574
 575         xf.f_or = filter;
 576         xf.f_choice = LDAP_FILTER_OR;
 577         xf.f_next = NULL;
 578
 579         if( !manageDSAit ) {
 580                 /* match referrals */
 581                 rf.f_choice = LDAP_FILTER_EQUALITY;
 582                 rf.f_ava = &aa_ref;
 583                 rf.f_av_desc = slap_schema.si_ad_objectClass;
 584                 rf.f_av_value = &bv_ref;
 585                 rf.f_next = xf.f_or;
 586                 xf.f_or = &rf;
 587         }
 588
 589         if( deref & LDAP_DEREF_SEARCHING ) {
 590                 /* match aliases */
 591                 af.f_choice = LDAP_FILTER_EQUALITY;
 592                 af.f_ava = &aa_alias;
 593                 af.f_av_desc = slap_schema.si_ad_objectClass;
 594                 af.f_av_value = &bv_alias;
 595                 af.f_next = xf.f_or;
 596                 xf.f_or = &af;
 597         }
 598
 599         f.f_next = NULL;
 600         f.f_choice = LDAP_FILTER_AND;
 601         f.f_and = &fand;
 602         fand.f_choice = scope == LDAP_SCOPE_SUBTREE
 603                 ? SLAPD_FILTER_DN_SUBTREE
 604                 : SLAPD_FILTER_DN_ONE;
 605         fand.f_dn = e->e_ndn;
 606         fand.f_next = xf.f_or == filter ? filter : &xf ;
 607
 608         candidates = filter_candidates( be, &f );
 609
 610         return( candidates );
 611 }