1 /* search.c - ldbm backend search function */
4 * Copyright 1998-2003 The OpenLDAP Foundation, All Rights Reserved.
5 * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
12 #include <ac/string.h>
13 #include <ac/socket.h>
16 #include "back-ldbm.h"
17 #include "proto-back-ldbm.h"
19 static ID_BLOCK *base_candidate(
20 Backend *be, Entry *e );
22 static ID_BLOCK *search_candidates(
23 Operation *op, Entry *e, Filter *filter,
24 int scope, int deref, int manageDSAit );
32 struct ldbminfo *li = (struct ldbminfo *) op->o_bd->be_private;
34 const char *text = NULL;
39 Entry *matched = NULL;
40 struct berval realbase = { 0, NULL };
41 int manageDSAit = get_manageDSAit( op );
42 int cscope = LDAP_SCOPE_DEFAULT;
45 Entry cache_base_entry;
46 #endif /* LDAP_CACHING */
48 struct slap_limits_set *limit = NULL;
52 LDAP_LOG( BACK_LDBM, ENTRY, "ldbm_back_search: enter\n", 0, 0, 0 );
54 Debug(LDAP_DEBUG_TRACE, "=> ldbm_back_search\n", 0, 0, 0);
57 /* grab giant lock for reading */
58 ldap_pvt_thread_rdwr_rlock(&li->li_giant_rwlock);
60 if ( op->o_req_ndn.bv_len == 0 ) {
61 /* DIT root special case */
62 e = (Entry *) &slap_entry_root;
64 /* need normalized dn below */
65 ber_dupbv( &realbase, &e->e_nname );
67 candidates = search_candidates( op, e, op->oq_search.rs_filter,
68 op->oq_search.rs_scope, op->oq_search.rs_deref,
69 manageDSAit || get_domainScope(op) );
73 } else if ( op->oq_search.rs_deref & LDAP_DEREF_FINDING ) {
74 /* deref dn and get entry with reader lock */
75 e = deref_dn_r( op->o_bd, &op->o_req_ndn, &rs->sr_err, &matched, &rs->sr_text );
77 if( rs->sr_err == LDAP_NO_SUCH_OBJECT ) rs->sr_err = LDAP_REFERRAL;
80 /* get entry with reader lock */
81 e = dn2entry_r( op->o_bd, &op->o_req_ndn, &matched );
82 rs->sr_err = e != NULL ? LDAP_SUCCESS : LDAP_REFERRAL;
87 struct berval matched_dn = { 0, NULL };
89 if ( matched != NULL ) {
91 ber_dupbv( &matched_dn, &matched->e_name );
93 erefs = is_entry_referral( matched )
94 ? get_entry_referrals( op, matched )
97 cache_return_entry_r( &li->li_cache, matched );
100 rs->sr_ref = referral_rewrite( erefs, &matched_dn,
101 &op->o_req_dn, op->oq_search.rs_scope );
103 ber_bvarray_free( erefs );
107 rs->sr_ref = referral_rewrite( default_referral,
108 NULL, &op->o_req_dn, op->oq_search.rs_scope );
111 ldap_pvt_thread_rdwr_runlock(&li->li_giant_rwlock);
113 rs->sr_matched = matched_dn.bv_val;
114 send_ldap_result( op, rs );
116 ber_bvarray_free( rs->sr_ref );
117 ber_memfree( matched_dn.bv_val );
119 return LDAP_REFERRAL;
125 if (!manageDSAit && is_entry_referral( e ) ) {
126 /* entry is a referral, don't allow add */
127 struct berval matched_dn;
130 ber_dupbv( &matched_dn, &e->e_name );
131 erefs = get_entry_referrals( op, e );
134 cache_return_entry_r( &li->li_cache, e );
135 ldap_pvt_thread_rdwr_runlock(&li->li_giant_rwlock);
138 LDAP_LOG( BACK_LDBM, INFO,
139 "ldbm_search: entry (%s) is a referral.\n",
142 Debug( LDAP_DEBUG_TRACE,
143 "ldbm_search: entry is referral\n",
148 rs->sr_ref = referral_rewrite( erefs, &matched_dn,
149 &op->o_req_dn, op->oq_search.rs_scope );
151 ber_bvarray_free( erefs );
154 rs->sr_matched = matched_dn.bv_val;
156 rs->sr_err = LDAP_REFERRAL;
157 send_ldap_result( op, rs );
158 ber_bvarray_free( rs->sr_ref );
161 send_ldap_error( op, rs, LDAP_OTHER,
162 "bad referral object" );
165 ber_memfree( matched_dn.bv_val );
173 if ( is_entry_alias( e ) ) {
175 op->oq_search.rs_deref = LDAP_DEREF_NEVER;
178 if ( op->oq_search.rs_scope == LDAP_SCOPE_BASE ) {
179 cscope = LDAP_SCOPE_BASE;
180 candidates = base_candidate( op->o_bd, e );
183 cscope = ( op->oq_search.rs_scope != LDAP_SCOPE_SUBTREE )
184 ? LDAP_SCOPE_BASE : LDAP_SCOPE_SUBTREE;
185 candidates = search_candidates( op, e, op->oq_search.rs_filter,
186 op->oq_search.rs_scope, op->oq_search.rs_deref, manageDSAit );
189 /* need normalized dn below */
190 ber_dupbv( &realbase, &e->e_nname );
192 cache_return_entry_r( &li->li_cache, e );
195 if ( candidates == NULL ) {
198 LDAP_LOG( BACK_LDBM, INFO,
199 "ldbm_search: no candidates\n" , 0, 0, 0);
201 Debug( LDAP_DEBUG_TRACE, "ldbm_search: no candidates\n",
205 rs->sr_err = LDAP_SUCCESS;
206 send_ldap_result( op, rs );
216 /* if not root, get appropriate limits */
217 if ( be_isroot( op->o_bd, &op->o_ndn ) )
220 * FIXME: I'd consider this dangerous if someone
221 * uses isroot for anything but handling limits
225 ( void ) get_limits( op->o_bd, &op->o_ndn, &limit );
228 /* if candidates exceed to-be-checked entries, abort */
229 if ( !isroot && limit->lms_s_unchecked != -1 ) {
230 if ( ID_BLOCK_NIDS( candidates ) > (unsigned) limit->lms_s_unchecked ) {
231 send_ldap_error( op, rs, LDAP_ADMINLIMIT_EXCEEDED,
238 /* if root an no specific limit is required, allow unlimited search */
240 if ( op->oq_search.rs_tlimit == 0 ) {
241 op->oq_search.rs_tlimit = -1;
244 if ( op->oq_search.rs_slimit == 0 ) {
245 op->oq_search.rs_slimit = -1;
249 /* if no limit is required, use soft limit */
250 if ( op->oq_search.rs_tlimit <= 0 ) {
251 op->oq_search.rs_tlimit = limit->lms_t_soft;
253 /* if requested limit higher than hard limit, abort */
254 } else if ( op->oq_search.rs_tlimit > limit->lms_t_hard ) {
255 /* no hard limit means use soft instead */
256 if ( limit->lms_t_hard == 0
257 && limit->lms_t_soft > -1
258 && op->oq_search.rs_tlimit > limit->lms_t_soft ) {
259 op->oq_search.rs_tlimit = limit->lms_t_soft;
261 /* positive hard limit means abort */
262 } else if ( limit->lms_t_hard > 0 ) {
263 send_ldap_error( op, rs,
264 LDAP_ADMINLIMIT_EXCEEDED,
270 /* negative hard limit means no limit */
273 /* if no limit is required, use soft limit */
274 if ( op->oq_search.rs_slimit <= 0 ) {
275 op->oq_search.rs_slimit = limit->lms_s_soft;
277 /* if requested limit higher than hard limit, abort */
278 } else if ( op->oq_search.rs_slimit > limit->lms_s_hard ) {
279 /* no hard limit means use soft instead */
280 if ( limit->lms_s_hard == 0
281 && limit->lms_s_soft > -1
282 && op->oq_search.rs_slimit > limit->lms_s_soft ) {
283 op->oq_search.rs_slimit = limit->lms_s_soft;
285 /* positive hard limit means abort */
286 } else if ( limit->lms_s_hard > 0 ) {
287 send_ldap_error( op, rs,
288 LDAP_ADMINLIMIT_EXCEEDED,
294 /* negative hard limit means no limit */
298 /* compute it anyway; root does not use it */
299 stoptime = op->o_time + op->oq_search.rs_tlimit;
300 rs->sr_attrs = op->oq_search.rs_attrs;
302 for ( id = idl_firstid( candidates, &cursor ); id != NOID;
303 id = idl_nextid( candidates, &cursor ) )
308 /* check for abandon */
309 if ( op->o_abandon ) {
314 /* check time limit */
315 if ( op->oq_search.rs_tlimit != -1 && slap_get_time() > stoptime ) {
316 rs->sr_err = LDAP_TIMELIMIT_EXCEEDED;
317 send_ldap_result( op, rs );
322 /* get the entry with reader lock */
323 e = id2entry_r( op->o_bd, id );
327 LDAP_LOG( BACK_LDBM, INFO,
328 "ldbm_search: candidate %ld not found.\n", id, 0, 0 );
330 Debug( LDAP_DEBUG_TRACE,
331 "ldbm_search: candidate %ld not found\n",
340 #ifdef LDBM_SUBENTRIES
341 if ( is_entry_subentry( e ) ) {
342 if( op->oq_search.rs_scope != LDAP_SCOPE_BASE ) {
343 if(!get_subentries_visibility( op )) {
344 /* only subentries are visible */
347 } else if ( get_subentries( op ) &&
348 !get_subentries_visibility( op ))
350 /* only subentries are visible */
353 } else if ( get_subentries_visibility( op )) {
354 /* only subentries are visible */
359 if ( op->oq_search.rs_deref & LDAP_DEREF_SEARCHING && is_entry_alias( e ) ) {
364 e = deref_entry_r( op->o_bd, e, &err, &matched, &text );
371 if( e->e_id == id ) {
376 /* need to skip alias which deref into scope */
377 if( op->oq_search.rs_scope & LDAP_SCOPE_ONELEVEL ) {
379 dnParent( &e->e_nname, &pdn );
380 if ( ber_bvcmp( &pdn, &realbase ) ) {
384 } else if ( dnIsSuffix( &e->e_nname, &realbase ) ) {
385 /* alias is within scope */
387 LDAP_LOG( BACK_LDBM, DETAIL1,
388 "ldbm_search: alias \"%s\" in subtree\n", e->e_dn, 0, 0 );
390 Debug( LDAP_DEBUG_TRACE,
391 "ldbm_search: alias \"%s\" in subtree\n",
404 * if it's a referral, add it to the list of referrals. only do
405 * this for non-base searches, and don't check the filter
406 * explicitly here since it's only a candidate anyway.
408 if ( !manageDSAit && op->oq_search.rs_scope != LDAP_SCOPE_BASE &&
409 is_entry_referral( e ) )
414 if ( !scopeok && op->oq_search.rs_scope == LDAP_SCOPE_ONELEVEL ) {
415 if ( !be_issuffix( op->o_bd, &e->e_nname ) ) {
416 dnParent( &e->e_nname, &dn );
417 scopeok = dn_match( &dn, &realbase );
419 scopeok = (realbase.bv_len == 0);
422 } else if ( !scopeok && op->oq_search.rs_scope == LDAP_SCOPE_SUBTREE ) {
423 scopeok = dnIsSuffix( &e->e_nname, &realbase );
430 BerVarray erefs = get_entry_referrals( op, e );
431 rs->sr_ref = referral_rewrite( erefs,
433 op->oq_search.rs_scope == LDAP_SCOPE_SUBTREE
437 send_search_reference( op, rs );
439 ber_bvarray_free( rs->sr_ref );
444 LDAP_LOG( BACK_LDBM, DETAIL2,
445 "ldbm_search: candidate referral %ld scope not okay\n",
448 Debug( LDAP_DEBUG_TRACE,
449 "ldbm_search: candidate referral %ld scope not okay\n",
458 if ( !manageDSAit && is_entry_glue( e )) {
463 /* if it matches the filter and scope, send it */
464 result = test_filter( op, e, op->oq_search.rs_filter );
466 if ( result == LDAP_COMPARE_TRUE ) {
470 if ( !scopeok && op->oq_search.rs_scope == LDAP_SCOPE_ONELEVEL ) {
471 if ( !be_issuffix( op->o_bd, &e->e_nname ) ) {
472 dnParent( &e->e_nname, &dn );
473 scopeok = dn_match( &dn, &realbase );
475 scopeok = (realbase.bv_len == 0);
478 } else if ( !scopeok && op->oq_search.rs_scope == LDAP_SCOPE_SUBTREE ) {
479 scopeok = dnIsSuffix( &e->e_nname, &realbase );
486 /* check size limit */
487 if ( --op->oq_search.rs_slimit == -1 ) {
488 cache_return_entry_r( &li->li_cache, e );
489 rs->sr_err = LDAP_SIZELIMIT_EXCEEDED;
490 send_ldap_result( op, rs );
497 result = send_search_entry( op, rs );
500 case 0: /* entry sent ok */
502 case 1: /* entry not sent */
504 case -1: /* connection closed */
505 cache_return_entry_r( &li->li_cache, e );
512 LDAP_LOG( BACK_LDBM, DETAIL2,
513 "ldbm_search: candidate entry %ld scope not okay\n",
516 Debug( LDAP_DEBUG_TRACE,
517 "ldbm_search: candidate entry %ld scope not okay\n",
524 LDAP_LOG( BACK_LDBM, DETAIL2,
525 "ldbm_search: candidate entry %ld does not match filter\n",
528 Debug( LDAP_DEBUG_TRACE,
529 "ldbm_search: candidate entry %ld does not match filter\n",
536 /* free reader lock */
537 cache_return_entry_r( &li->li_cache, e );
540 ldap_pvt_thread_yield();
543 rs->sr_err = rs->sr_v2ref ? LDAP_REFERRAL : LDAP_SUCCESS;
544 rs->sr_ref = rs->sr_v2ref;
545 send_ldap_result( op, rs );
550 ldap_pvt_thread_rdwr_runlock(&li->li_giant_rwlock);
552 if( candidates != NULL )
553 idl_free( candidates );
555 if( rs->sr_v2ref ) ber_bvarray_free( rs->sr_v2ref );
556 if( realbase.bv_val ) free( realbase.bv_val );
569 LDAP_LOG( BACK_LDBM, ENTRY, "base_candidate: base (%s)\n", e->e_dn, 0, 0 );
571 Debug(LDAP_DEBUG_TRACE, "base_candidates: base: \"%s\"\n",
576 idl = idl_alloc( 1 );
577 idl_insert( &idl, e->e_id, 1 );
591 ID_BLOCK *candidates;
592 Filter f, fand, rf, af, xf;
593 AttributeAssertion aa_ref, aa_alias;
594 struct berval bv_ref = { sizeof("referral")-1, "referral" };
595 struct berval bv_alias = { sizeof("alias")-1, "alias" };
596 #ifdef LDBM_SUBENTRIES
598 AttributeAssertion aa_subentry;
602 LDAP_LOG( BACK_LDBM, DETAIL1,
603 "search_candidates: base (%s) scope %d deref %d\n",
604 e->e_ndn, scope, deref );
606 Debug(LDAP_DEBUG_TRACE,
607 "search_candidates: base=\"%s\" s=%d d=%d\n",
608 e->e_ndn, scope, deref );
613 xf.f_choice = LDAP_FILTER_OR;
617 /* match referrals */
618 rf.f_choice = LDAP_FILTER_EQUALITY;
620 rf.f_av_desc = slap_schema.si_ad_objectClass;
621 rf.f_av_value = bv_ref;
626 if( deref & LDAP_DEREF_SEARCHING ) {
628 af.f_choice = LDAP_FILTER_EQUALITY;
629 af.f_ava = &aa_alias;
630 af.f_av_desc = slap_schema.si_ad_objectClass;
631 af.f_av_value = bv_alias;
637 f.f_choice = LDAP_FILTER_AND;
639 fand.f_choice = scope == LDAP_SCOPE_SUBTREE
640 ? SLAPD_FILTER_DN_SUBTREE
641 : SLAPD_FILTER_DN_ONE;
642 fand.f_dn = &e->e_nname;
643 fand.f_next = xf.f_or == filter ? filter : &xf ;
645 #ifdef LDBM_SUBENTRIES
646 if ( get_subentries_visibility( op )) {
647 struct berval bv_subentry = { sizeof("SUBENTRY")-1, "SUBENTRY" };
648 sf.f_choice = LDAP_FILTER_EQUALITY;
649 sf.f_ava = &aa_subentry;
650 sf.f_av_desc = slap_schema.si_ad_objectClass;
651 sf.f_av_value = bv_subentry;
652 sf.f_next = fand.f_next;
657 candidates = filter_candidates( op, &f );
659 return( candidates );
projects / openldap / blob