git.sur5r.net Git - openldap/blob - servers/slapd/back-ldbm/search.c

   1 /* search.c - ldbm backend search function */
   2 /* $OpenLDAP$ */
   3 /*
   4  * Copyright 1998-2002 The OpenLDAP Foundation, All Rights Reserved.
   5  * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
   6  */
   7
   8 #include "portable.h"
   9
  10 #include <stdio.h>
  11
  12 #include <ac/string.h>
  13 #include <ac/socket.h>
  14
  15 #include "slap.h"
  16 #include "back-ldbm.h"
  17 #include "proto-back-ldbm.h"
  18
  19 static ID_BLOCK *base_candidate(
  20         Backend *be, Entry *e );
  21
  22 static ID_BLOCK *search_candidates(
  23         Backend *be, Entry *e, Filter *filter,
  24         int scope, int deref, int manageDSAit );
  25
  26
  27 int
  28 ldbm_back_search(
  29     Backend     *be,
  30     Connection  *conn,
  31     Operation   *op,
  32     struct berval       *base,
  33     struct berval       *nbase,
  34     int         scope,
  35     int         deref,
  36     int         slimit,
  37     int         tlimit,
  38     Filter      *filter,
  39     struct berval       *filterstr,
  40     AttributeName       *attrs,
  41     int         attrsonly )
  42 {
  43         struct ldbminfo *li = (struct ldbminfo *) be->be_private;
  44         int             rc, err;
  45         const char *text = NULL;
  46         time_t          stoptime;
  47         ID_BLOCK                *candidates;
  48         ID              id, cursor;
  49         Entry           *e;
  50         BerVarray               v2refs = NULL;
  51         Entry   *matched = NULL;
  52         struct berval   realbase = { 0, NULL };
  53         int             nentries = 0;
  54         int             manageDSAit = get_manageDSAit( op );
  55         int             cscope = LDAP_SCOPE_DEFAULT;
  56
  57         struct slap_limits_set *limit = NULL;
  58         int isroot = 0;
  59
  60 #ifdef NEW_LOGGING
  61         LDAP_LOG( BACK_LDBM, ENTRY, "ldbm_back_search: enter\n", 0, 0, 0 );
  62 #else
  63         Debug(LDAP_DEBUG_TRACE, "=> ldbm_back_search\n", 0, 0, 0);
  64 #endif
  65
  66         /* grab giant lock for reading */
  67         ldap_pvt_thread_rdwr_rlock(&li->li_giant_rwlock);
  68
  69         if ( nbase->bv_len == 0 ) {
  70                 /* DIT root special case */
  71                 e = (Entry *) &slap_entry_root;
  72
  73                 /* need normalized dn below */
  74                 ber_dupbv( &realbase, &e->e_nname );
  75
  76                 candidates = search_candidates( be, e, filter,
  77                     scope, deref, manageDSAit );
  78
  79                 goto searchit;
  80
  81         } else if ( deref & LDAP_DEREF_FINDING ) {
  82                 /* deref dn and get entry with reader lock */
  83                 e = deref_dn_r( be, nbase, &err, &matched, &text );
  84
  85                 if( err == LDAP_NO_SUCH_OBJECT ) err = LDAP_REFERRAL;
  86
  87         } else {
  88                 /* get entry with reader lock */
  89                 e = dn2entry_r( be, nbase, &matched );
  90                 err = e != NULL ? LDAP_SUCCESS : LDAP_REFERRAL;
  91                 text = NULL;
  92         }
  93
  94         if ( e == NULL ) {
  95                 struct berval matched_dn = { 0, NULL };
  96                 BerVarray refs = NULL;
  97
  98                 if ( matched != NULL ) {
  99                         BerVarray erefs;
 100                         ber_dupbv( &matched_dn, &matched->e_name );
 101
 102                         erefs = is_entry_referral( matched )
 103                                 ? get_entry_referrals( be, conn, op, matched )
 104                                 : NULL;
 105
 106                         cache_return_entry_r( &li->li_cache, matched );
 107
 108                         if( erefs ) {
 109                                 refs = referral_rewrite( erefs, &matched_dn,
 110                                         base, scope );
 111
 112                                 ber_bvarray_free( erefs );
 113                         }
 114
 115                 } else {
 116                         refs = referral_rewrite( default_referral,
 117                                 NULL, base, scope );
 118                 }
 119
 120                 ldap_pvt_thread_rdwr_runlock(&li->li_giant_rwlock);
 121
 122                 send_ldap_result( conn, op, err, matched_dn.bv_val,
 123                         text, refs, NULL );
 124
 125                 ber_bvarray_free( refs );
 126                 ber_memfree( matched_dn.bv_val );
 127                 return 1;
 128         }
 129
 130         if (!manageDSAit && is_entry_referral( e ) ) {
 131                 /* entry is a referral, don't allow add */
 132                 struct berval matched_dn;
 133                 BerVarray erefs;
 134                 BerVarray refs;
 135
 136                 ber_dupbv( &matched_dn, &e->e_name );
 137                 erefs = get_entry_referrals( be, conn, op, e );
 138                 refs = NULL;
 139
 140                 cache_return_entry_r( &li->li_cache, e );
 141                 ldap_pvt_thread_rdwr_runlock(&li->li_giant_rwlock);
 142
 143 #ifdef NEW_LOGGING
 144                 LDAP_LOG( BACK_LDBM, INFO,
 145                         "ldbm_search: entry (%s) is a referral.\n",
 146                         e->e_dn, 0, 0 );
 147 #else
 148                 Debug( LDAP_DEBUG_TRACE,
 149                         "ldbm_search: entry is referral\n",
 150                         0, 0, 0 );
 151 #endif
 152
 153                 if( erefs ) {
 154                         refs = referral_rewrite( erefs, &matched_dn,
 155                                 base, scope );
 156
 157                         ber_bvarray_free( erefs );
 158                 }
 159
 160                 if( refs ) {
 161                         send_ldap_result( conn, op, LDAP_REFERRAL,
 162                                 matched_dn.bv_val, NULL, refs, NULL );
 163                         ber_bvarray_free( refs );
 164
 165                 } else {
 166                         send_ldap_result( conn, op, LDAP_OTHER,
 167                                 matched_dn.bv_val,
 168                         "bad referral object", NULL, NULL );
 169                 }
 170
 171                 ber_memfree( matched_dn.bv_val );
 172                 return 1;
 173         }
 174
 175         if ( is_entry_alias( e ) ) {
 176                 /* don't deref */
 177                 deref = LDAP_DEREF_NEVER;
 178         }
 179
 180         if ( scope == LDAP_SCOPE_BASE ) {
 181                 cscope = LDAP_SCOPE_BASE;
 182                 candidates = base_candidate( be, e );
 183
 184         } else {
 185                 cscope = ( scope != LDAP_SCOPE_SUBTREE )
 186                         ? LDAP_SCOPE_BASE : LDAP_SCOPE_SUBTREE;
 187                 candidates = search_candidates( be, e, filter,
 188                     scope, deref, manageDSAit );
 189         }
 190
 191         /* need normalized dn below */
 192         ber_dupbv( &realbase, &e->e_nname );
 193
 194         cache_return_entry_r( &li->li_cache, e );
 195
 196 searchit:
 197         if ( candidates == NULL ) {
 198                 /* no candidates */
 199 #ifdef NEW_LOGGING
 200                 LDAP_LOG( BACK_LDBM, INFO,
 201                         "ldbm_search: no candidates\n" , 0, 0, 0);
 202 #else
 203                 Debug( LDAP_DEBUG_TRACE, "ldbm_search: no candidates\n",
 204                         0, 0, 0 );
 205 #endif
 206
 207                 send_search_result( conn, op,
 208                         LDAP_SUCCESS,
 209                         NULL, NULL, NULL, NULL, 0 );
 210
 211                 rc = 1;
 212                 goto done;
 213         }
 214
 215         /* if not root, get appropriate limits */
 216         if ( be_isroot( be, &op->o_ndn ) ) {
 217                 isroot = 1;
 218         } else {
 219                 ( void ) get_limits( be, &op->o_ndn, &limit );
 220         }
 221
 222         /* if candidates exceed to-be-checked entries, abort */
 223         if ( !isroot && limit->lms_s_unchecked != -1 ) {
 224                 if ( ID_BLOCK_NIDS( candidates ) > (unsigned) limit->lms_s_unchecked ) {
 225                         send_search_result( conn, op, LDAP_ADMINLIMIT_EXCEEDED,
 226                                         NULL, NULL, NULL, NULL, 0 );
 227                         rc = 0;
 228                         goto done;
 229                 }
 230         }
 231
 232         /* if root an no specific limit is required, allow unlimited search */
 233         if ( isroot ) {
 234                 if ( tlimit == 0 ) {
 235                         tlimit = -1;
 236                 }
 237
 238                 if ( slimit == 0 ) {
 239                         slimit = -1;
 240                 }
 241
 242         } else {
 243                 /* if no limit is required, use soft limit */
 244                 if ( tlimit <= 0 ) {
 245                         tlimit = limit->lms_t_soft;
 246
 247                 /* if requested limit higher than hard limit, abort */
 248                 } else if ( tlimit > limit->lms_t_hard ) {
 249                         /* no hard limit means use soft instead */
 250                         if ( limit->lms_t_hard == 0
 251                                         && limit->lms_t_soft > -1
 252                                         && tlimit > limit->lms_t_soft ) {
 253                                 tlimit = limit->lms_t_soft;
 254
 255                         /* positive hard limit means abort */
 256                         } else if ( limit->lms_t_hard > 0 ) {
 257                                 send_search_result( conn, op,
 258                                                 LDAP_ADMINLIMIT_EXCEEDED,
 259                                                 NULL, NULL, NULL, NULL, 0 );
 260                                 rc = 0;
 261                                 goto done;
 262                         }
 263
 264                         /* negative hard limit means no limit */
 265                 }
 266
 267                 /* if no limit is required, use soft limit */
 268                 if ( slimit <= 0 ) {
 269                         slimit = limit->lms_s_soft;
 270
 271                 /* if requested limit higher than hard limit, abort */
 272                 } else if ( slimit > limit->lms_s_hard ) {
 273                         /* no hard limit means use soft instead */
 274                         if ( limit->lms_s_hard == 0
 275                                         && limit->lms_s_soft > -1
 276                                         && slimit > limit->lms_s_soft ) {
 277                                 slimit = limit->lms_s_soft;
 278
 279                         /* positive hard limit means abort */
 280                         } else if ( limit->lms_s_hard > 0 ) {
 281                                 send_search_result( conn, op,
 282                                                 LDAP_ADMINLIMIT_EXCEEDED,
 283                                                 NULL, NULL, NULL, NULL, 0 );
 284                                 rc = 0;
 285                                 goto done;
 286                         }
 287
 288                         /* negative hard limit means no limit */
 289                 }
 290         }
 291
 292         /* compute it anyway; root does not use it */
 293         stoptime = op->o_time + tlimit;
 294
 295         for ( id = idl_firstid( candidates, &cursor ); id != NOID;
 296             id = idl_nextid( candidates, &cursor ) )
 297         {
 298                 int scopeok = 0;
 299                 int result = 0;
 300
 301                 /* check for abandon */
 302                 if ( op->o_abandon ) {
 303                         rc = 0;
 304                         goto done;
 305                 }
 306
 307                 /* check time limit */
 308                 if ( tlimit != -1 && slap_get_time() > stoptime ) {
 309                         send_search_result( conn, op, LDAP_TIMELIMIT_EXCEEDED,
 310                                 NULL, NULL, v2refs, NULL, nentries );
 311                         rc = 0;
 312                         goto done;
 313                 }
 314
 315                 /* get the entry with reader lock */
 316                 e = id2entry_r( be, id );
 317
 318                 if ( e == NULL ) {
 319 #ifdef NEW_LOGGING
 320                         LDAP_LOG( BACK_LDBM, INFO,
 321                                 "ldbm_search: candidate %ld not found.\n", id, 0, 0 );
 322 #else
 323                         Debug( LDAP_DEBUG_TRACE,
 324                                 "ldbm_search: candidate %ld not found\n",
 325                                 id, 0, 0 );
 326 #endif
 327
 328                         goto loop_continue;
 329                 }
 330
 331                 if ( deref & LDAP_DEREF_SEARCHING && is_entry_alias( e ) ) {
 332                         Entry *matched;
 333                         int err;
 334                         const char *text;
 335
 336                         e = deref_entry_r( be, e, &err, &matched, &text );
 337
 338                         if( e == NULL ) {
 339                                 e = matched;
 340                                 goto loop_continue;
 341                         }
 342
 343                         if( e->e_id == id ) {
 344                                 /* circular loop */
 345                                 goto loop_continue;
 346                         }
 347
 348                         /* need to skip alias which deref into scope */
 349                         if( scope & LDAP_SCOPE_ONELEVEL ) {
 350                                 struct berval pdn;
 351                                 dnParent( &e->e_nname, &pdn );
 352                                 if ( ber_bvcmp( &pdn, &realbase ) ) {
 353                                         goto loop_continue;
 354                                 }
 355
 356                         } else if ( dnIsSuffix( &e->e_nname, &realbase ) ) {
 357                                 /* alias is within scope */
 358 #ifdef NEW_LOGGING
 359                                 LDAP_LOG( BACK_LDBM, DETAIL1,
 360                                         "ldbm_search: alias \"%s\" in subtree\n", e->e_dn, 0, 0 );
 361 #else
 362                                 Debug( LDAP_DEBUG_TRACE,
 363                                         "ldbm_search: alias \"%s\" in subtree\n",
 364                                         e->e_dn, 0, 0 );
 365 #endif
 366
 367                                 goto loop_continue;
 368                         }
 369
 370                         scopeok = 1;
 371                 }
 372
 373                 /*
 374                  * if it's a referral, add it to the list of referrals. only do
 375                  * this for non-base searches, and don't check the filter
 376                  * explicitly here since it's only a candidate anyway.
 377                  */
 378                 if ( !manageDSAit && scope != LDAP_SCOPE_BASE &&
 379                         is_entry_referral( e ) )
 380                 {
 381                         struct berval   dn;
 382
 383                         /* check scope */
 384                         if ( !scopeok && scope == LDAP_SCOPE_ONELEVEL ) {
 385                                 if ( !be_issuffix( be, &e->e_nname ) ) {
 386                                         dnParent( &e->e_nname, &dn );
 387                                         scopeok = dn_match( &dn, &realbase );
 388                                 } else {
 389                                         scopeok = (realbase.bv_len == 0);
 390                                 }
 391
 392                         } else if ( !scopeok && scope == LDAP_SCOPE_SUBTREE ) {
 393                                 scopeok = dnIsSuffix( &e->e_nname, &realbase );
 394
 395                         } else {
 396                                 scopeok = 1;
 397                         }
 398
 399                         if( scopeok ) {
 400                                 BerVarray erefs = get_entry_referrals(
 401                                         be, conn, op, e );
 402                                 BerVarray refs = referral_rewrite( erefs,
 403                                         &e->e_name, NULL,
 404                                         scope == LDAP_SCOPE_SUBTREE
 405                                                 ? LDAP_SCOPE_SUBTREE
 406                                                 : LDAP_SCOPE_BASE );
 407
 408                                 send_search_reference( be, conn, op,
 409                                         e, refs, NULL, &v2refs );
 410
 411                                 ber_bvarray_free( refs );
 412
 413                         } else {
 414 #ifdef NEW_LOGGING
 415                                 LDAP_LOG( BACK_LDBM, DETAIL2,
 416                                         "ldbm_search: candidate referral %ld scope not okay\n",
 417                                         id, 0, 0 );
 418 #else
 419                                 Debug( LDAP_DEBUG_TRACE,
 420                                         "ldbm_search: candidate referral %ld scope not okay\n",
 421                                         id, 0, 0 );
 422 #endif
 423                         }
 424
 425                         goto loop_continue;
 426                 }
 427
 428                 /* if it matches the filter and scope, send it */
 429                 result = test_filter( be, conn, op, e, filter );
 430
 431                 if ( result == LDAP_COMPARE_TRUE ) {
 432                         struct berval   dn;
 433
 434                         /* check scope */
 435                         if ( !scopeok && scope == LDAP_SCOPE_ONELEVEL ) {
 436                                 if ( !be_issuffix( be, &e->e_nname ) ) {
 437                                         dnParent( &e->e_nname, &dn );
 438                                         scopeok = dn_match( &dn, &realbase );
 439                                 } else {
 440                                         scopeok = (realbase.bv_len == 0);
 441                                 }
 442
 443                         } else if ( !scopeok && scope == LDAP_SCOPE_SUBTREE ) {
 444                                 scopeok = dnIsSuffix( &e->e_nname, &realbase );
 445
 446                         } else {
 447                                 scopeok = 1;
 448                         }
 449
 450                         if ( scopeok ) {
 451                                 /* check size limit */
 452                                 if ( --slimit == -1 ) {
 453                                         cache_return_entry_r( &li->li_cache, e );
 454                                         send_search_result( conn, op,
 455                                                 LDAP_SIZELIMIT_EXCEEDED, NULL, NULL,
 456                                                 v2refs, NULL, nentries );
 457                                         rc = 0;
 458                                         goto done;
 459                                 }
 460
 461                                 if (e) {
 462                                         result = send_search_entry(be, conn, op,
 463                                                 e, attrs, attrsonly, NULL);
 464
 465                                         switch (result) {
 466                                         case 0:         /* entry sent ok */
 467                                                 nentries++;
 468                                                 break;
 469                                         case 1:         /* entry not sent */
 470                                                 break;
 471                                         case -1:        /* connection closed */
 472                                                 cache_return_entry_r( &li->li_cache, e );
 473                                                 rc = 0;
 474                                                 goto done;
 475                                         }
 476                                 }
 477                         } else {
 478 #ifdef NEW_LOGGING
 479                                 LDAP_LOG( BACK_LDBM, DETAIL2,
 480                                         "ldbm_search: candidate entry %ld scope not okay\n",
 481                                         id, 0, 0 );
 482 #else
 483                                 Debug( LDAP_DEBUG_TRACE,
 484                                         "ldbm_search: candidate entry %ld scope not okay\n",
 485                                         id, 0, 0 );
 486 #endif
 487                         }
 488
 489                 } else {
 490 #ifdef NEW_LOGGING
 491                         LDAP_LOG( BACK_LDBM, DETAIL2,
 492                                 "ldbm_search: candidate entry %ld does not match filter\n",
 493                                 id, 0, 0 );
 494 #else
 495                         Debug( LDAP_DEBUG_TRACE,
 496                                 "ldbm_search: candidate entry %ld does not match filter\n",
 497                                 id, 0, 0 );
 498 #endif
 499                 }
 500
 501 loop_continue:
 502                 if( e != NULL ) {
 503                         /* free reader lock */
 504                         cache_return_entry_r( &li->li_cache, e );
 505                 }
 506
 507                 ldap_pvt_thread_yield();
 508         }
 509
 510         send_search_result( conn, op,
 511                 v2refs == NULL ? LDAP_SUCCESS : LDAP_REFERRAL,
 512                 NULL, NULL, v2refs, NULL, nentries );
 513
 514         rc = 0;
 515
 516 done:
 517         ldap_pvt_thread_rdwr_runlock(&li->li_giant_rwlock);
 518
 519         if( candidates != NULL )
 520                 idl_free( candidates );
 521
 522         if( v2refs ) ber_bvarray_free( v2refs );
 523         if( realbase.bv_val ) free( realbase.bv_val );
 524
 525         return rc;
 526 }
 527
 528 static ID_BLOCK *
 529 base_candidate(
 530     Backend     *be,
 531         Entry   *e )
 532 {
 533         ID_BLOCK                *idl;
 534
 535 #ifdef NEW_LOGGING
 536         LDAP_LOG( BACK_LDBM, ENTRY, "base_candidate: base (%s)\n", e->e_dn, 0, 0 );
 537 #else
 538         Debug(LDAP_DEBUG_TRACE, "base_candidates: base: \"%s\"\n",
 539                 e->e_dn, 0, 0);
 540 #endif
 541
 542
 543         idl = idl_alloc( 1 );
 544         idl_insert( &idl, e->e_id, 1 );
 545
 546         return( idl );
 547 }
 548
 549 static ID_BLOCK *
 550 search_candidates(
 551     Backend     *be,
 552     Entry       *e,
 553     Filter      *filter,
 554     int         scope,
 555         int             deref,
 556         int             manageDSAit )
 557 {
 558         ID_BLOCK                *candidates;
 559         Filter          f, fand, rf, af, xf;
 560     AttributeAssertion aa_ref, aa_alias;
 561         struct berval bv_ref = { sizeof("referral")-1, "referral" };
 562         struct berval bv_alias = { sizeof("alias")-1, "alias" };
 563
 564 #ifdef NEW_LOGGING
 565         LDAP_LOG( BACK_LDBM, DETAIL1,
 566                    "search_candidates: base (%s) scope %d deref %d\n",
 567                    e->e_ndn, scope, deref );
 568 #else
 569         Debug(LDAP_DEBUG_TRACE,
 570                 "search_candidates: base=\"%s\" s=%d d=%d\n",
 571                 e->e_ndn, scope, deref );
 572 #endif
 573
 574
 575         xf.f_or = filter;
 576         xf.f_choice = LDAP_FILTER_OR;
 577         xf.f_next = NULL;
 578
 579         if( !manageDSAit ) {
 580                 /* match referrals */
 581                 rf.f_choice = LDAP_FILTER_EQUALITY;
 582                 rf.f_ava = &aa_ref;
 583                 rf.f_av_desc = slap_schema.si_ad_objectClass;
 584                 rf.f_av_value = bv_ref;
 585                 rf.f_next = xf.f_or;
 586                 xf.f_or = &rf;
 587         }
 588
 589         if( deref & LDAP_DEREF_SEARCHING ) {
 590                 /* match aliases */
 591                 af.f_choice = LDAP_FILTER_EQUALITY;
 592                 af.f_ava = &aa_alias;
 593                 af.f_av_desc = slap_schema.si_ad_objectClass;
 594                 af.f_av_value = bv_alias;
 595                 af.f_next = xf.f_or;
 596                 xf.f_or = &af;
 597         }
 598
 599         f.f_next = NULL;
 600         f.f_choice = LDAP_FILTER_AND;
 601         f.f_and = &fand;
 602         fand.f_choice = scope == LDAP_SCOPE_SUBTREE
 603                 ? SLAPD_FILTER_DN_SUBTREE
 604                 : SLAPD_FILTER_DN_ONE;
 605         fand.f_dn = &e->e_nname;
 606         fand.f_next = xf.f_or == filter ? filter : &xf ;
 607
 608         candidates = filter_candidates( be, &f );
 609
 610         return( candidates );
 611 }