git.sur5r.net Git - openldap/blob - servers/slapd/back-ldbm/search.c

   1 /* search.c - ldbm backend search function */
   2 /* $OpenLDAP$ */
   3 /*
   4  * Copyright 1998-2000 The OpenLDAP Foundation, All Rights Reserved.
   5  * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
   6  */
   7
   8 #include "portable.h"
   9
  10 #include <stdio.h>
  11
  12 #include <ac/string.h>
  13 #include <ac/socket.h>
  14
  15 #include "slap.h"
  16 #include "back-ldbm.h"
  17 #include "proto-back-ldbm.h"
  18
  19 static ID_BLOCK *base_candidate(
  20         Backend *be, Entry *e );
  21
  22 static ID_BLOCK *search_candidates(
  23         Backend *be, Entry *e, Filter *filter,
  24         int scope, int deref, int manageDSAit );
  25
  26
  27 int
  28 ldbm_back_search(
  29     Backend     *be,
  30     Connection  *conn,
  31     Operation   *op,
  32     const char  *base,
  33     const char  *nbase,
  34     int         scope,
  35     int         deref,
  36     int         slimit,
  37     int         tlimit,
  38     Filter      *filter,
  39     const char  *filterstr,
  40     char        **attrs,
  41     int         attrsonly )
  42 {
  43         struct ldbminfo *li = (struct ldbminfo *) be->be_private;
  44         int             rc, err;
  45         const char *text = NULL;
  46         time_t          stoptime;
  47         ID_BLOCK                *candidates;
  48         ID              id, cursor;
  49         Entry           *e;
  50         struct berval **v2refs = NULL;
  51         Entry   *matched = NULL;
  52         char    *realbase = NULL;
  53         int             nentries = 0;
  54         int             manageDSAit = get_manageDSAit( op );
  55
  56         struct slap_limits_set *limit = NULL;
  57         int isroot = 0;
  58
  59 #ifdef NEW_LOGGING
  60         LDAP_LOG(( "backend", LDAP_LEVEL_ENTRY,
  61                    "ldbm_back_search: enter\n" ));
  62 #else
  63         Debug(LDAP_DEBUG_TRACE, "=> ldbm_back_search\n", 0, 0, 0);
  64 #endif
  65
  66
  67         if ( *nbase == '\0' ) {
  68                 /* DIT root special case */
  69                 static const Entry root = { NOID, "", "", NULL, NULL };
  70                 e = (Entry *) &root;
  71
  72                 /* need normalized dn below */
  73                 realbase = ch_strdup( e->e_ndn );
  74
  75                 candidates = search_candidates( be, e, filter,
  76                     scope, deref, manageDSAit );
  77
  78                 goto searchit;
  79
  80         } else if ( deref & LDAP_DEREF_FINDING ) {
  81                 /* deref dn and get entry with reader lock */
  82                 e = deref_dn_r( be, nbase, &err, &matched, &text );
  83
  84                 if( err == LDAP_NO_SUCH_OBJECT ) err = LDAP_REFERRAL;
  85
  86         } else {
  87                 /* get entry with reader lock */
  88                 e = dn2entry_r( be, nbase, &matched );
  89                 err = e != NULL ? LDAP_SUCCESS : LDAP_REFERRAL;
  90                 text = NULL;
  91         }
  92
  93         if ( e == NULL ) {
  94                 char *matched_dn = NULL;
  95                 struct berval **refs = NULL;
  96
  97                 if ( matched != NULL ) {
  98                         matched_dn = ch_strdup( matched->e_dn );
  99
 100                         refs = is_entry_referral( matched )
 101                                 ? get_entry_referrals( be, conn, op, matched )
 102                                 : NULL;
 103
 104                         cache_return_entry_r( &li->li_cache, matched );
 105
 106                 } else {
 107                         refs = default_referral;
 108                 }
 109
 110                 send_ldap_result( conn, op, err,
 111                         matched_dn, text, refs, NULL );
 112
 113                 if( matched != NULL ) {
 114                         ber_bvecfree( refs );
 115                         free( matched_dn );
 116                 }
 117
 118                 return 1;
 119         }
 120
 121         if (!manageDSAit && is_entry_referral( e ) ) {
 122                 /* entry is a referral, don't allow add */
 123                 char *matched_dn = ch_strdup( e->e_dn );
 124                 struct berval **refs = get_entry_referrals( be,
 125                         conn, op, e );
 126
 127                 cache_return_entry_r( &li->li_cache, e );
 128
 129 #ifdef NEW_LOGGING
 130                 LDAP_LOG(( "backend", LDAP_LEVEL_INFO,
 131                            "ldbm_search: entry (%s) is a referral.\n",
 132                            e->e_dn ));
 133 #else
 134                 Debug( LDAP_DEBUG_TRACE,
 135                         "ldbm_search: entry is referral\n",
 136                         0, 0, 0 );
 137 #endif
 138
 139
 140                 send_ldap_result( conn, op, LDAP_REFERRAL,
 141                     matched_dn, NULL, refs, NULL );
 142
 143                 ber_bvecfree( refs );
 144                 free( matched_dn );
 145
 146                 return 1;
 147         }
 148
 149         if ( is_entry_alias( e ) ) {
 150                 /* don't deref */
 151                 deref = LDAP_DEREF_NEVER;
 152         }
 153
 154         if ( scope == LDAP_SCOPE_BASE ) {
 155                 candidates = base_candidate( be, e );
 156
 157         } else {
 158                 candidates = search_candidates( be, e, filter,
 159                     scope, deref, manageDSAit );
 160         }
 161
 162         /* need normalized dn below */
 163         realbase = ch_strdup( e->e_ndn );
 164
 165         cache_return_entry_r( &li->li_cache, e );
 166
 167 searchit:
 168         if ( candidates == NULL ) {
 169                 /* no candidates */
 170 #ifdef NEW_LOGGING
 171                 LDAP_LOG(( "backend", LDAP_LEVEL_INFO,
 172                            "ldbm_search: no candidates\n" ));
 173 #else
 174                 Debug( LDAP_DEBUG_TRACE, "ldbm_search: no candidates\n",
 175                         0, 0, 0 );
 176 #endif
 177
 178
 179                 send_search_result( conn, op,
 180                         LDAP_SUCCESS,
 181                         NULL, NULL, NULL, NULL, 0 );
 182
 183                 rc = 1;
 184                 goto done;
 185         }
 186
 187         /* if not root, get appropriate limits */
 188         if ( be_isroot( be, op->o_ndn ) ) {
 189                 isroot = 1;
 190         } else {
 191                 ( void ) get_limits( be, op->o_ndn, &limit );
 192         }
 193
 194         /* if candidates exceed to-be-checked entries, abort */
 195         if ( !isroot && limit->lms_s_unchecked != -1 ) {
 196                 if ( ID_BLOCK_NIDS( candidates ) > limit->lms_s_unchecked ) {
 197                         send_search_result( conn, op, LDAP_UNWILLING_TO_PERFORM,
 198                                         NULL, NULL, NULL, NULL, 0 );
 199                         rc = 0;
 200                         goto done;
 201                 }
 202         }
 203
 204         /* if no time limit requested, use soft limit (unless root!) */
 205         if ( tlimit <= 0 ) {
 206                 if ( isroot ) {
 207                         tlimit = -1;    /* allow root to set no limit */
 208                 } else {
 209                         tlimit = limit->lms_t_soft;
 210                 }
 211
 212         /* if requested limit higher than hard limit, abort */
 213         } else if ( tlimit > limit->lms_t_hard ) {
 214                 /* no hard limit means use soft instead */
 215                 if ( limit->lms_t_hard == 0 ) {
 216                         tlimit = limit->lms_t_soft;
 217
 218                 /* positive hard limit means abort */
 219                 } else if ( limit->lms_t_hard > 0 ) {
 220                         send_search_result( conn, op, LDAP_UNWILLING_TO_PERFORM,
 221                                         NULL, NULL, NULL, NULL, 0 );
 222                         rc = 0;
 223                         goto done;
 224                 }
 225
 226                 /* negative hard limit means no limit */
 227         }
 228
 229         /* compute it anyway; root does not use it */
 230         stoptime = op->o_time + tlimit;
 231
 232         /* if no size limit requested, use soft limit (unless root!) */
 233         if ( slimit == 0 ) {
 234                 if ( isroot ) {
 235                         slimit = -1;    /* allow root to set no limit */
 236                 } else {
 237                         slimit = limit->lms_s_soft;
 238                 }
 239
 240         /* if requested limit higher than hard limit, abort */
 241         } else if ( slimit > limit->lms_s_hard ) {
 242                 /* no hard limit means use soft instead */
 243                 if ( limit->lms_s_hard == 0 ) {
 244                         slimit = limit->lms_s_soft;
 245
 246                 /* positive hard limit means abort */
 247                 } else if ( limit->lms_s_hard > 0 ) {
 248                         send_search_result( conn, op, LDAP_UNWILLING_TO_PERFORM,
 249                                         NULL, NULL, NULL, NULL, 0 );
 250                         rc = 0;
 251                         goto done;
 252                 }
 253
 254                 /* negative hard limit means no limit */
 255         }
 256
 257         for ( id = idl_firstid( candidates, &cursor ); id != NOID;
 258             id = idl_nextid( candidates, &cursor ) )
 259         {
 260                 int             scopeok = 0;
 261
 262                 /* check for abandon */
 263                 ldap_pvt_thread_mutex_lock( &op->o_abandonmutex );
 264
 265                 if ( op->o_abandon ) {
 266                         ldap_pvt_thread_mutex_unlock( &op->o_abandonmutex );
 267                         rc = 0;
 268                         goto done;
 269                 }
 270
 271                 ldap_pvt_thread_mutex_unlock( &op->o_abandonmutex );
 272
 273                 /* check time limit */
 274                 if ( tlimit != -1 && slap_get_time() > stoptime ) {
 275                         send_search_result( conn, op, LDAP_TIMELIMIT_EXCEEDED,
 276                                 NULL, NULL, v2refs, NULL, nentries );
 277                         rc = 0;
 278                         goto done;
 279                 }
 280
 281                 /* get the entry with reader lock */
 282                 e = id2entry_r( be, id );
 283
 284                 if ( e == NULL ) {
 285 #ifdef NEW_LOGGING
 286                         LDAP_LOG(( "backend", LDAP_LEVEL_INFO,
 287                                    "ldbm_search: candidate %ld not found.\n", id ));
 288 #else
 289                         Debug( LDAP_DEBUG_TRACE,
 290                                 "ldbm_search: candidate %ld not found\n",
 291                                 id, 0, 0 );
 292 #endif
 293
 294
 295                         goto loop_continue;
 296                 }
 297
 298                 if ( deref & LDAP_DEREF_SEARCHING && is_entry_alias( e ) ) {
 299                         Entry *matched;
 300                         int err;
 301                         const char *text;
 302
 303                         e = deref_entry_r( be, e, &err, &matched, &text );
 304
 305                         if( e == NULL ) {
 306                                 e = matched;
 307                                 goto loop_continue;
 308                         }
 309
 310                         if( e->e_id == id ) {
 311                                 /* circular loop */
 312                                 goto loop_continue;
 313                         }
 314
 315                         /* need to skip alias which deref into scope */
 316                         if( scope & LDAP_SCOPE_ONELEVEL ) {
 317                                 char *pdn = dn_parent( NULL, e->e_ndn );
 318                                 if ( pdn != NULL ) {
 319                                         if( strcmp( pdn, realbase ) ) {
 320                                                 free( pdn );
 321                                                 goto loop_continue;
 322                                         }
 323                                         free(pdn);
 324                                 }
 325
 326                         } else if ( dn_issuffix( e->e_ndn, realbase ) ) {
 327                                 /* alias is within scope */
 328 #ifdef NEW_LOGGING
 329                                 LDAP_LOG(( "backend", LDAP_LEVEL_DETAIL1,
 330                                            "ldbm_search: \"%s\" in subtree\n", e->e_dn ));
 331 #else
 332                                 Debug( LDAP_DEBUG_TRACE,
 333                                         "ldbm_search: \"%s\" in subtree\n",
 334                                         e->e_dn, 0, 0 );
 335 #endif
 336
 337                                 goto loop_continue;
 338                         }
 339
 340                         scopeok = 1;
 341                 }
 342
 343                 /*
 344                  * if it's a referral, add it to the list of referrals. only do
 345                  * this for non-base searches, and don't check the filter
 346                  * explicitly here since it's only a candidate anyway.
 347                  */
 348                 if ( !manageDSAit && scope != LDAP_SCOPE_BASE &&
 349                         is_entry_referral( e ) )
 350                 {
 351                         char    *dn;
 352
 353                         /* check scope */
 354                         if ( !scopeok && scope == LDAP_SCOPE_ONELEVEL ) {
 355                                 if ( (dn = dn_parent( be, e->e_ndn )) != NULL ) {
 356                                         (void) dn_normalize( dn );
 357                                         scopeok = (dn == realbase)
 358                                                 ? 1
 359                                                 : (strcmp( dn, realbase ) ? 0 : 1 );
 360                                         free( dn );
 361
 362                                 } else {
 363                                         scopeok = (realbase == NULL || *realbase == '\0');
 364                                 }
 365
 366                         } else if ( !scopeok && scope == LDAP_SCOPE_SUBTREE ) {
 367                                 dn = ch_strdup( e->e_ndn );
 368                                 scopeok = dn_issuffix( dn, realbase );
 369                                 free( dn );
 370
 371                         } else {
 372                                 scopeok = 1;
 373                         }
 374
 375                         if( scopeok ) {
 376                                 struct berval **refs = get_entry_referrals(
 377                                         be, conn, op, e );
 378
 379                                 send_search_reference( be, conn, op,
 380                                         e, refs, scope, NULL, &v2refs );
 381
 382                                 ber_bvecfree( refs );
 383
 384                         } else {
 385 #ifdef NEW_LOGGING
 386                                 LDAP_LOG(( "backend", LDAP_LEVEL_DETAIL2,
 387                                         "ldbm_search: candidate referral %ld scope not okay\n",
 388                                         id ));
 389 #else
 390                                 Debug( LDAP_DEBUG_TRACE,
 391                                         "ldbm_search: candidate referral %ld scope not okay\n",
 392                                         id, 0, 0 );
 393 #endif
 394                         }
 395
 396                         goto loop_continue;
 397                 }
 398
 399                 /* if it matches the filter and scope, send it */
 400                 if ( test_filter( be, conn, op, e, filter ) == LDAP_COMPARE_TRUE ) {
 401                         char    *dn;
 402
 403                         /* check scope */
 404                         if ( !scopeok && scope == LDAP_SCOPE_ONELEVEL ) {
 405                                 if ( (dn = dn_parent( be, e->e_ndn )) != NULL ) {
 406                                         (void) dn_normalize( dn );
 407                                         scopeok = (dn == realbase)
 408                                                 ? 1
 409                                                 : (strcmp( dn, realbase ) ? 0 : 1 );
 410                                         free( dn );
 411
 412                                 } else {
 413                                         scopeok = (realbase == NULL || *realbase == '\0');
 414                                 }
 415
 416                         } else if ( !scopeok && scope == LDAP_SCOPE_SUBTREE ) {
 417                                 dn = ch_strdup( e->e_ndn );
 418                                 scopeok = dn_issuffix( dn, realbase );
 419                                 free( dn );
 420
 421                         } else {
 422                                 scopeok = 1;
 423                         }
 424
 425                         if ( scopeok ) {
 426                                 /* check size limit */
 427                                 if ( --slimit == -1 ) {
 428                                         cache_return_entry_r( &li->li_cache, e );
 429                                         send_search_result( conn, op,
 430                                                 LDAP_SIZELIMIT_EXCEEDED, NULL, NULL,
 431                                                 v2refs, NULL, nentries );
 432                                         rc = 0;
 433                                         goto done;
 434                                 }
 435
 436                                 if (e) {
 437                                         int result = send_search_entry(be, conn, op,
 438                                                 e, attrs, attrsonly, NULL);
 439
 440                                         switch (result) {
 441                                         case 0:         /* entry sent ok */
 442                                                 nentries++;
 443                                                 break;
 444                                         case 1:         /* entry not sent */
 445                                                 break;
 446                                         case -1:        /* connection closed */
 447                                                 cache_return_entry_r( &li->li_cache, e );
 448                                                 rc = 0;
 449                                                 goto done;
 450                                         }
 451                                 }
 452                         } else {
 453 #ifdef NEW_LOGGING
 454                                 LDAP_LOG(( "backend", LDAP_LEVEL_DETAIL2,
 455                                            "ldbm_search: candidate %ld scope not okay\n", id ));
 456 #else
 457                                 Debug( LDAP_DEBUG_TRACE,
 458                                         "ldbm_search: candidate %ld scope not okay\n",
 459                                         id, 0, 0 );
 460 #endif
 461
 462                         }
 463                 } else {
 464 #ifdef NEW_LOGGING
 465                         LDAP_LOG(( "backend", LDAP_LEVEL_DETAIL2,
 466                                    "ldbm_search: candidate %ld does not match filter\n", id ));
 467 #else
 468                         Debug( LDAP_DEBUG_TRACE,
 469                                 "ldbm_search: candidate %ld does not match filter\n",
 470                                 id, 0, 0 );
 471 #endif
 472
 473                 }
 474
 475 loop_continue:
 476                 if( e != NULL ) {
 477                         /* free reader lock */
 478                         cache_return_entry_r( &li->li_cache, e );
 479                 }
 480
 481                 ldap_pvt_thread_yield();
 482         }
 483         send_search_result( conn, op,
 484                 v2refs == NULL ? LDAP_SUCCESS : LDAP_REFERRAL,
 485                 NULL, NULL, v2refs, NULL, nentries );
 486
 487         rc = 0;
 488
 489 done:
 490         if( candidates != NULL )
 491                 idl_free( candidates );
 492
 493         ber_bvecfree( v2refs );
 494         if( realbase ) free( realbase );
 495
 496         return rc;
 497 }
 498
 499 static ID_BLOCK *
 500 base_candidate(
 501     Backend     *be,
 502         Entry   *e )
 503 {
 504         ID_BLOCK                *idl;
 505
 506 #ifdef NEW_LOGGING
 507         LDAP_LOG(( "backend", LDAP_LEVEL_ENTRY,
 508                    "base_candidate: base (%s)\n", e->e_dn ));
 509 #else
 510         Debug(LDAP_DEBUG_TRACE, "base_candidates: base: \"%s\"\n",
 511                 e->e_dn, 0, 0);
 512 #endif
 513
 514
 515         idl = idl_alloc( 1 );
 516         idl_insert( &idl, e->e_id, 1 );
 517
 518         return( idl );
 519 }
 520
 521 static ID_BLOCK *
 522 search_candidates(
 523     Backend     *be,
 524     Entry       *e,
 525     Filter      *filter,
 526     int         scope,
 527         int             deref,
 528         int             manageDSAit )
 529 {
 530         ID_BLOCK                *candidates;
 531         Filter          f, fand, rf, af, xf;
 532     AttributeAssertion aa_ref, aa_alias;
 533         static struct berval bv_ref = { sizeof("REFERRAL")-1, "REFERRAL" };
 534         static struct berval bv_alias = { sizeof("ALIAS")-1, "ALIAS" };
 535
 536 #ifdef NEW_LOGGING
 537         LDAP_LOG(( "backend", LDAP_LEVEL_DETAIL1,
 538                    "search_candidates: base (%s) scope %d deref %d\n",
 539                    e->e_ndn, scope, deref ));
 540 #else
 541         Debug(LDAP_DEBUG_TRACE,
 542                 "search_candidates: base=\"%s\" s=%d d=%d\n",
 543                 e->e_ndn, scope, deref );
 544 #endif
 545
 546
 547         xf.f_or = filter;
 548         xf.f_choice = LDAP_FILTER_OR;
 549         xf.f_next = NULL;
 550
 551         if( !manageDSAit ) {
 552                 /* match referrals */
 553                 rf.f_choice = LDAP_FILTER_EQUALITY;
 554                 rf.f_ava = &aa_ref;
 555                 rf.f_av_desc = slap_schema.si_ad_objectClass;
 556                 rf.f_av_value = &bv_ref;
 557                 rf.f_next = xf.f_or;
 558                 xf.f_or = &rf;
 559         }
 560
 561         if( deref & LDAP_DEREF_SEARCHING ) {
 562                 /* match aliases */
 563                 af.f_choice = LDAP_FILTER_EQUALITY;
 564                 af.f_ava = &aa_alias;
 565                 af.f_av_desc = slap_schema.si_ad_objectClass;
 566                 af.f_av_value = &bv_alias;
 567                 af.f_next = xf.f_or;
 568                 xf.f_or = &af;
 569         }
 570
 571         f.f_next = NULL;
 572         f.f_choice = LDAP_FILTER_AND;
 573         f.f_and = &fand;
 574         fand.f_choice = scope == LDAP_SCOPE_SUBTREE
 575                 ? SLAPD_FILTER_DN_SUBTREE
 576                 : SLAPD_FILTER_DN_ONE;
 577         fand.f_dn = e->e_ndn;
 578         fand.f_next = xf.f_or == filter ? filter : &xf ;
 579
 580         candidates = filter_candidates( be, &f );
 581
 582         return( candidates );
 583 }