git.sur5r.net Git - openldap/blob - servers/slapd/back-ldbm/search.c

   1 /* search.c - ldbm backend search function */
   2 /* $OpenLDAP$ */
   3 /*
   4  * Copyright 1998-2002 The OpenLDAP Foundation, All Rights Reserved.
   5  * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
   6  */
   7
   8 #include "portable.h"
   9
  10 #include <stdio.h>
  11
  12 #include <ac/string.h>
  13 #include <ac/socket.h>
  14
  15 #include "slap.h"
  16 #include "back-ldbm.h"
  17 #include "proto-back-ldbm.h"
  18
  19 static ID_BLOCK *base_candidate(
  20         Backend *be, Entry *e );
  21
  22 static ID_BLOCK *search_candidates(
  23         Backend *be, Entry *e, Filter *filter,
  24         int scope, int deref, int manageDSAit );
  25
  26
  27 int
  28 ldbm_back_search(
  29     Backend     *be,
  30     Connection  *conn,
  31     Operation   *op,
  32     struct berval       *base,
  33     struct berval       *nbase,
  34     int         scope,
  35     int         deref,
  36     int         slimit,
  37     int         tlimit,
  38     Filter      *filter,
  39     struct berval       *filterstr,
  40     AttributeName       *attrs,
  41     int         attrsonly )
  42 {
  43         struct ldbminfo *li = (struct ldbminfo *) be->be_private;
  44         int             rc, err;
  45         const char *text = NULL;
  46         time_t          stoptime;
  47         ID_BLOCK                *candidates;
  48         ID              id, cursor;
  49         Entry           *e;
  50         BVarray         v2refs = NULL;
  51         Entry   *matched = NULL;
  52         struct berval   realbase = { 0, NULL };
  53         int             nentries = 0;
  54         int             manageDSAit = get_manageDSAit( op );
  55         int             cscope = LDAP_SCOPE_DEFAULT;
  56
  57         struct slap_limits_set *limit = NULL;
  58         int isroot = 0;
  59
  60 #ifdef NEW_LOGGING
  61         LDAP_LOG(( "backend", LDAP_LEVEL_ENTRY,
  62                 "ldbm_back_search: enter\n" ));
  63 #else
  64         Debug(LDAP_DEBUG_TRACE, "=> ldbm_back_search\n", 0, 0, 0);
  65 #endif
  66
  67
  68         if ( nbase->bv_len == 0 ) {
  69                 /* DIT root special case */
  70                 e = (Entry *) &slap_entry_root;
  71
  72                 /* need normalized dn below */
  73                 ber_dupbv( &realbase, &e->e_nname );
  74
  75                 candidates = search_candidates( be, e, filter,
  76                     scope, deref, manageDSAit );
  77
  78                 goto searchit;
  79
  80         } else if ( deref & LDAP_DEREF_FINDING ) {
  81                 /* deref dn and get entry with reader lock */
  82                 e = deref_dn_r( be, nbase, &err, &matched, &text );
  83
  84                 if( err == LDAP_NO_SUCH_OBJECT ) err = LDAP_REFERRAL;
  85
  86         } else {
  87                 /* get entry with reader lock */
  88                 e = dn2entry_r( be, nbase, &matched );
  89                 err = e != NULL ? LDAP_SUCCESS : LDAP_REFERRAL;
  90                 text = NULL;
  91         }
  92
  93         if ( e == NULL ) {
  94                 struct berval *matched_dn = NULL;
  95                 BVarray refs = NULL;
  96
  97                 if ( matched != NULL ) {
  98                         BVarray erefs;
  99                         matched_dn = ber_bvdup( &matched->e_name );
 100
 101                         erefs = is_entry_referral( matched )
 102                                 ? get_entry_referrals( be, conn, op, matched )
 103                                 : NULL;
 104
 105                         cache_return_entry_r( &li->li_cache, matched );
 106
 107                         if( erefs ) {
 108                                 refs = referral_rewrite( erefs, matched_dn,
 109                                         base, scope );
 110
 111                                 bvarray_free( erefs );
 112                         }
 113
 114                 } else {
 115                         refs = referral_rewrite( default_referral,
 116                                 NULL, base, scope );
 117                 }
 118
 119                 send_ldap_result( conn, op, err,
 120                         matched_dn ? matched_dn->bv_val : NULL,
 121                         text, refs, NULL );
 122
 123                 bvarray_free( refs );
 124                 ber_bvfree( matched_dn );
 125                 return 1;
 126         }
 127
 128         if (!manageDSAit && is_entry_referral( e ) ) {
 129                 /* entry is a referral, don't allow add */
 130                 struct berval *matched_dn = ber_bvdup( &e->e_name );
 131                 BVarray erefs = get_entry_referrals( be, conn, op, e );
 132                 BVarray refs = NULL;
 133
 134                 cache_return_entry_r( &li->li_cache, e );
 135
 136 #ifdef NEW_LOGGING
 137                 LDAP_LOG(( "backend", LDAP_LEVEL_INFO,
 138                         "ldbm_search: entry (%s) is a referral.\n",
 139                         e->e_dn ));
 140 #else
 141                 Debug( LDAP_DEBUG_TRACE,
 142                         "ldbm_search: entry is referral\n",
 143                         0, 0, 0 );
 144 #endif
 145
 146                 if( erefs ) {
 147                         refs = referral_rewrite( erefs, matched_dn,
 148                                 base, scope );
 149
 150                         bvarray_free( erefs );
 151                 }
 152
 153                 if( refs ) {
 154                         send_ldap_result( conn, op, LDAP_REFERRAL,
 155                                 matched_dn->bv_val, NULL, refs, NULL );
 156                         bvarray_free( refs );
 157
 158                 } else {
 159                         send_ldap_result( conn, op, LDAP_OTHER,
 160                                 matched_dn->bv_val,
 161                         "bad referral object", NULL, NULL );
 162                 }
 163
 164                 ber_bvfree( matched_dn );
 165                 return 1;
 166         }
 167
 168         if ( is_entry_alias( e ) ) {
 169                 /* don't deref */
 170                 deref = LDAP_DEREF_NEVER;
 171         }
 172
 173         if ( scope == LDAP_SCOPE_BASE ) {
 174                 cscope = LDAP_SCOPE_BASE;
 175                 candidates = base_candidate( be, e );
 176
 177         } else {
 178                 cscope = ( scope != LDAP_SCOPE_SUBTREE )
 179                         ? LDAP_SCOPE_BASE : LDAP_SCOPE_SUBTREE;
 180                 candidates = search_candidates( be, e, filter,
 181                     scope, deref, manageDSAit );
 182         }
 183
 184         /* need normalized dn below */
 185         ber_dupbv( &realbase, &e->e_nname );
 186
 187         cache_return_entry_r( &li->li_cache, e );
 188
 189 searchit:
 190         if ( candidates == NULL ) {
 191                 /* no candidates */
 192 #ifdef NEW_LOGGING
 193                 LDAP_LOG(( "backend", LDAP_LEVEL_INFO,
 194                         "ldbm_search: no candidates\n" ));
 195 #else
 196                 Debug( LDAP_DEBUG_TRACE, "ldbm_search: no candidates\n",
 197                         0, 0, 0 );
 198 #endif
 199
 200                 send_search_result( conn, op,
 201                         LDAP_SUCCESS,
 202                         NULL, NULL, NULL, NULL, 0 );
 203
 204                 rc = 1;
 205                 goto done;
 206         }
 207
 208         /* if not root, get appropriate limits */
 209         if ( be_isroot( be, &op->o_ndn ) ) {
 210                 isroot = 1;
 211         } else {
 212                 ( void ) get_limits( be, &op->o_ndn, &limit );
 213         }
 214
 215         /* if candidates exceed to-be-checked entries, abort */
 216         if ( !isroot && limit->lms_s_unchecked != -1 ) {
 217                 if ( ID_BLOCK_NIDS( candidates ) > (unsigned) limit->lms_s_unchecked ) {
 218                         send_search_result( conn, op, LDAP_UNWILLING_TO_PERFORM,
 219                                         NULL, NULL, NULL, NULL, 0 );
 220                         rc = 0;
 221                         goto done;
 222                 }
 223         }
 224
 225         /* if root an no specific limit is required, allow unlimited search */
 226         if ( isroot ) {
 227                 if ( tlimit == 0 ) {
 228                         tlimit = -1;
 229                 }
 230
 231                 if ( slimit == 0 ) {
 232                         slimit = -1;
 233                 }
 234
 235         } else {
 236                 /* if no limit is required, use soft limit */
 237                 if ( tlimit <= 0 ) {
 238                         tlimit = limit->lms_t_soft;
 239
 240                 /* if requested limit higher than hard limit, abort */
 241                 } else if ( tlimit > limit->lms_t_hard ) {
 242                         /* no hard limit means use soft instead */
 243                         if ( limit->lms_t_hard == 0 ) {
 244                                 tlimit = limit->lms_t_soft;
 245
 246                         /* positive hard limit means abort */
 247                         } else if ( limit->lms_t_hard > 0 ) {
 248                                 send_search_result( conn, op,
 249                                                 LDAP_UNWILLING_TO_PERFORM,
 250                                                 NULL, NULL, NULL, NULL, 0 );
 251                                 rc = 0;
 252                                 goto done;
 253                         }
 254
 255                         /* negative hard limit means no limit */
 256                 }
 257
 258                 /* if no limit is required, use soft limit */
 259                 if ( slimit <= 0 ) {
 260                         slimit = limit->lms_s_soft;
 261
 262                 /* if requested limit higher than hard limit, abort */
 263                 } else if ( slimit > limit->lms_s_hard ) {
 264                         /* no hard limit means use soft instead */
 265                         if ( limit->lms_s_hard == 0 ) {
 266                                 slimit = limit->lms_s_soft;
 267
 268                         /* positive hard limit means abort */
 269                         } else if ( limit->lms_s_hard > 0 ) {
 270                                 send_search_result( conn, op,
 271                                                 LDAP_UNWILLING_TO_PERFORM,
 272                                                 NULL, NULL, NULL, NULL, 0 );
 273                                 rc = 0;
 274                                 goto done;
 275                         }
 276
 277                         /* negative hard limit means no limit */
 278                 }
 279         }
 280
 281         /* compute it anyway; root does not use it */
 282         stoptime = op->o_time + tlimit;
 283
 284         for ( id = idl_firstid( candidates, &cursor ); id != NOID;
 285             id = idl_nextid( candidates, &cursor ) )
 286         {
 287                 int scopeok = 0;
 288
 289                 /* check for abandon */
 290                 ldap_pvt_thread_mutex_lock( &op->o_abandonmutex );
 291
 292                 if ( op->o_abandon ) {
 293                         ldap_pvt_thread_mutex_unlock( &op->o_abandonmutex );
 294                         rc = 0;
 295                         goto done;
 296                 }
 297
 298                 ldap_pvt_thread_mutex_unlock( &op->o_abandonmutex );
 299
 300                 /* check time limit */
 301                 if ( tlimit != -1 && slap_get_time() > stoptime ) {
 302                         send_search_result( conn, op, LDAP_TIMELIMIT_EXCEEDED,
 303                                 NULL, NULL, v2refs, NULL, nentries );
 304                         rc = 0;
 305                         goto done;
 306                 }
 307
 308                 /* get the entry with reader lock */
 309                 e = id2entry_r( be, id );
 310
 311                 if ( e == NULL ) {
 312 #ifdef NEW_LOGGING
 313                         LDAP_LOG(( "backend", LDAP_LEVEL_INFO,
 314                                 "ldbm_search: candidate %ld not found.\n", id ));
 315 #else
 316                         Debug( LDAP_DEBUG_TRACE,
 317                                 "ldbm_search: candidate %ld not found\n",
 318                                 id, 0, 0 );
 319 #endif
 320
 321                         goto loop_continue;
 322                 }
 323
 324                 if ( deref & LDAP_DEREF_SEARCHING && is_entry_alias( e ) ) {
 325                         Entry *matched;
 326                         int err;
 327                         const char *text;
 328
 329                         e = deref_entry_r( be, e, &err, &matched, &text );
 330
 331                         if( e == NULL ) {
 332                                 e = matched;
 333                                 goto loop_continue;
 334                         }
 335
 336                         if( e->e_id == id ) {
 337                                 /* circular loop */
 338                                 goto loop_continue;
 339                         }
 340
 341                         /* need to skip alias which deref into scope */
 342                         if( scope & LDAP_SCOPE_ONELEVEL ) {
 343                                 char *pdn = dn_parent( NULL, e->e_ndn );
 344                                 if ( pdn != NULL ) {
 345                                         if( strcmp( pdn, realbase.bv_val ) ) {
 346                                                 goto loop_continue;
 347                                         }
 348                                 }
 349
 350                         } else if ( dnIsSuffix( &e->e_nname, &realbase ) ) {
 351                                 /* alias is within scope */
 352 #ifdef NEW_LOGGING
 353                                 LDAP_LOG(( "backend", LDAP_LEVEL_DETAIL1,
 354                                         "ldbm_search: alias \"%s\" in subtree\n", e->e_dn ));
 355 #else
 356                                 Debug( LDAP_DEBUG_TRACE,
 357                                         "ldbm_search: alias \"%s\" in subtree\n",
 358                                         e->e_dn, 0, 0 );
 359 #endif
 360
 361                                 goto loop_continue;
 362                         }
 363
 364                         scopeok = 1;
 365                 }
 366
 367                 /*
 368                  * if it's a referral, add it to the list of referrals. only do
 369                  * this for non-base searches, and don't check the filter
 370                  * explicitly here since it's only a candidate anyway.
 371                  */
 372                 if ( !manageDSAit && scope != LDAP_SCOPE_BASE &&
 373                         is_entry_referral( e ) )
 374                 {
 375                         char    *dn;
 376
 377                         /* check scope */
 378                         if ( !scopeok && scope == LDAP_SCOPE_ONELEVEL ) {
 379                                 if ( (dn = dn_parent( be, e->e_ndn )) != NULL ) {
 380                                         scopeok = (dn == realbase.bv_val)
 381                                                 ? 1
 382                                                 : (strcmp( dn, realbase.bv_val ) ? 0 : 1 );
 383                                 } else {
 384                                         scopeok = (realbase.bv_len == 0);
 385                                 }
 386
 387                         } else if ( !scopeok && scope == LDAP_SCOPE_SUBTREE ) {
 388                                 scopeok = dnIsSuffix( &e->e_nname, &realbase );
 389
 390                         } else {
 391                                 scopeok = 1;
 392                         }
 393
 394                         if( scopeok ) {
 395                                 BVarray erefs = get_entry_referrals(
 396                                         be, conn, op, e );
 397                                 BVarray refs = referral_rewrite( erefs,
 398                                         &e->e_name, NULL,
 399                                         scope == LDAP_SCOPE_SUBTREE
 400                                                 ? LDAP_SCOPE_SUBTREE
 401                                                 : LDAP_SCOPE_BASE );
 402
 403                                 send_search_reference( be, conn, op,
 404                                         e, refs, NULL, &v2refs );
 405
 406                                 bvarray_free( refs );
 407
 408                         } else {
 409 #ifdef NEW_LOGGING
 410                                 LDAP_LOG(( "backend", LDAP_LEVEL_DETAIL2,
 411                                         "ldbm_search: candidate referral %ld scope not okay\n",
 412                                         id ));
 413 #else
 414                                 Debug( LDAP_DEBUG_TRACE,
 415                                         "ldbm_search: candidate referral %ld scope not okay\n",
 416                                         id, 0, 0 );
 417 #endif
 418                         }
 419
 420                         goto loop_continue;
 421                 }
 422
 423                 /* if it matches the filter and scope, send it */
 424                 if ( test_filter( be, conn, op, e, filter ) == LDAP_COMPARE_TRUE ) {
 425                         char    *dn;
 426
 427                         /* check scope */
 428                         if ( !scopeok && scope == LDAP_SCOPE_ONELEVEL ) {
 429                                 if ( (dn = dn_parent( be, e->e_ndn )) != NULL ) {
 430                                         scopeok = (dn == realbase.bv_val)
 431                                                 ? 1
 432                                                 : (strcmp( dn, realbase.bv_val ) ? 0 : 1 );
 433                                 } else {
 434                                         scopeok = (realbase.bv_len == 0);
 435                                 }
 436
 437                         } else if ( !scopeok && scope == LDAP_SCOPE_SUBTREE ) {
 438                                 scopeok = dnIsSuffix( &e->e_nname, &realbase );
 439
 440                         } else {
 441                                 scopeok = 1;
 442                         }
 443
 444                         if ( scopeok ) {
 445                                 /* check size limit */
 446                                 if ( --slimit == -1 ) {
 447                                         cache_return_entry_r( &li->li_cache, e );
 448                                         send_search_result( conn, op,
 449                                                 LDAP_SIZELIMIT_EXCEEDED, NULL, NULL,
 450                                                 v2refs, NULL, nentries );
 451                                         rc = 0;
 452                                         goto done;
 453                                 }
 454
 455                                 if (e) {
 456                                         int result = send_search_entry(be, conn, op,
 457                                                 e, attrs, attrsonly, NULL);
 458
 459                                         switch (result) {
 460                                         case 0:         /* entry sent ok */
 461                                                 nentries++;
 462                                                 break;
 463                                         case 1:         /* entry not sent */
 464                                                 break;
 465                                         case -1:        /* connection closed */
 466                                                 cache_return_entry_r( &li->li_cache, e );
 467                                                 rc = 0;
 468                                                 goto done;
 469                                         }
 470                                 }
 471                         } else {
 472 #ifdef NEW_LOGGING
 473                                 LDAP_LOG(( "backend", LDAP_LEVEL_DETAIL2,
 474                                         "ldbm_search: candidate entry %ld scope not okay\n", id ));
 475 #else
 476                                 Debug( LDAP_DEBUG_TRACE,
 477                                         "ldbm_search: candidate entry %ld scope not okay\n",
 478                                         id, 0, 0 );
 479 #endif
 480                         }
 481
 482                 } else {
 483 #ifdef NEW_LOGGING
 484                         LDAP_LOG(( "backend", LDAP_LEVEL_DETAIL2,
 485                                 "ldbm_search: candidate entry %ld does not match filter\n", id ));
 486 #else
 487                         Debug( LDAP_DEBUG_TRACE,
 488                                 "ldbm_search: candidate entry %ld does not match filter\n",
 489                                 id, 0, 0 );
 490 #endif
 491                 }
 492
 493 loop_continue:
 494                 if( e != NULL ) {
 495                         /* free reader lock */
 496                         cache_return_entry_r( &li->li_cache, e );
 497                 }
 498
 499                 ldap_pvt_thread_yield();
 500         }
 501
 502         send_search_result( conn, op,
 503                 v2refs == NULL ? LDAP_SUCCESS : LDAP_REFERRAL,
 504                 NULL, NULL, v2refs, NULL, nentries );
 505
 506         rc = 0;
 507
 508 done:
 509         if( candidates != NULL )
 510                 idl_free( candidates );
 511
 512         if( v2refs ) bvarray_free( v2refs );
 513         if( realbase.bv_val ) free( realbase.bv_val );
 514
 515         return rc;
 516 }
 517
 518 static ID_BLOCK *
 519 base_candidate(
 520     Backend     *be,
 521         Entry   *e )
 522 {
 523         ID_BLOCK                *idl;
 524
 525 #ifdef NEW_LOGGING
 526         LDAP_LOG(( "backend", LDAP_LEVEL_ENTRY,
 527                    "base_candidate: base (%s)\n", e->e_dn ));
 528 #else
 529         Debug(LDAP_DEBUG_TRACE, "base_candidates: base: \"%s\"\n",
 530                 e->e_dn, 0, 0);
 531 #endif
 532
 533
 534         idl = idl_alloc( 1 );
 535         idl_insert( &idl, e->e_id, 1 );
 536
 537         return( idl );
 538 }
 539
 540 static ID_BLOCK *
 541 search_candidates(
 542     Backend     *be,
 543     Entry       *e,
 544     Filter      *filter,
 545     int         scope,
 546         int             deref,
 547         int             manageDSAit )
 548 {
 549         ID_BLOCK                *candidates;
 550         Filter          f, fand, rf, af, xf;
 551     AttributeAssertion aa_ref, aa_alias;
 552         struct berval bv_ref = { sizeof("REFERRAL")-1, "REFERRAL" };
 553         struct berval bv_alias = { sizeof("ALIAS")-1, "ALIAS" };
 554
 555 #ifdef NEW_LOGGING
 556         LDAP_LOG(( "backend", LDAP_LEVEL_DETAIL1,
 557                    "search_candidates: base (%s) scope %d deref %d\n",
 558                    e->e_ndn, scope, deref ));
 559 #else
 560         Debug(LDAP_DEBUG_TRACE,
 561                 "search_candidates: base=\"%s\" s=%d d=%d\n",
 562                 e->e_ndn, scope, deref );
 563 #endif
 564
 565
 566         xf.f_or = filter;
 567         xf.f_choice = LDAP_FILTER_OR;
 568         xf.f_next = NULL;
 569
 570         if( !manageDSAit ) {
 571                 /* match referrals */
 572                 rf.f_choice = LDAP_FILTER_EQUALITY;
 573                 rf.f_ava = &aa_ref;
 574                 rf.f_av_desc = slap_schema.si_ad_objectClass;
 575                 rf.f_av_value = bv_ref;
 576                 rf.f_next = xf.f_or;
 577                 xf.f_or = &rf;
 578         }
 579
 580         if( deref & LDAP_DEREF_SEARCHING ) {
 581                 /* match aliases */
 582                 af.f_choice = LDAP_FILTER_EQUALITY;
 583                 af.f_ava = &aa_alias;
 584                 af.f_av_desc = slap_schema.si_ad_objectClass;
 585                 af.f_av_value = bv_alias;
 586                 af.f_next = xf.f_or;
 587                 xf.f_or = &af;
 588         }
 589
 590         f.f_next = NULL;
 591         f.f_choice = LDAP_FILTER_AND;
 592         f.f_and = &fand;
 593         fand.f_choice = scope == LDAP_SCOPE_SUBTREE
 594                 ? SLAPD_FILTER_DN_SUBTREE
 595                 : SLAPD_FILTER_DN_ONE;
 596         fand.f_dn = &e->e_nname;
 597         fand.f_next = xf.f_or == filter ? filter : &xf ;
 598
 599         candidates = filter_candidates( be, &f );
 600
 601         return( candidates );
 602 }