1 /* search.c - ldbm backend search function */
4 * Copyright 1998-2003 The OpenLDAP Foundation, All Rights Reserved.
5 * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
12 #include <ac/string.h>
13 #include <ac/socket.h>
16 #include "back-ldbm.h"
17 #include "proto-back-ldbm.h"
19 static ID_BLOCK *base_candidate(
20 Backend *be, Entry *e );
22 static ID_BLOCK *search_candidates(
23 Operation *op, Entry *e, Filter *filter,
24 int scope, int deref, int manageDSAit );
32 struct ldbminfo *li = (struct ldbminfo *) op->o_bd->be_private;
34 const char *text = NULL;
39 Entry *matched = NULL;
40 struct berval realbase = { 0, NULL };
41 int manageDSAit = get_manageDSAit( op );
42 int cscope = LDAP_SCOPE_DEFAULT;
44 struct slap_limits_set *limit = NULL;
48 LDAP_LOG( BACK_LDBM, ENTRY, "ldbm_back_search: enter\n", 0, 0, 0 );
50 Debug(LDAP_DEBUG_TRACE, "=> ldbm_back_search\n", 0, 0, 0);
53 /* grab giant lock for reading */
54 ldap_pvt_thread_rdwr_rlock(&li->li_giant_rwlock);
56 if ( op->o_req_ndn.bv_len == 0 ) {
57 /* DIT root special case */
58 e = (Entry *) &slap_entry_root;
60 /* need normalized dn below */
61 ber_dupbv( &realbase, &e->e_nname );
63 candidates = search_candidates( op, e, op->oq_search.rs_filter,
64 op->oq_search.rs_scope, op->oq_search.rs_deref,
65 manageDSAit || get_domainScope(op) );
69 } else if ( op->oq_search.rs_deref & LDAP_DEREF_FINDING ) {
70 /* deref dn and get entry with reader lock */
71 e = deref_dn_r( op->o_bd, &op->o_req_ndn, &rs->sr_err, &matched, &rs->sr_text );
73 if( rs->sr_err == LDAP_NO_SUCH_OBJECT ) rs->sr_err = LDAP_REFERRAL;
76 /* get entry with reader lock */
77 e = dn2entry_r( op->o_bd, &op->o_req_ndn, &matched );
78 rs->sr_err = e != NULL ? LDAP_SUCCESS : LDAP_REFERRAL;
83 struct berval matched_dn = { 0, NULL };
85 if ( matched != NULL ) {
87 ber_dupbv( &matched_dn, &matched->e_name );
89 erefs = is_entry_referral( matched )
90 ? get_entry_referrals( op, matched )
93 cache_return_entry_r( &li->li_cache, matched );
96 rs->sr_ref = referral_rewrite( erefs, &matched_dn,
97 &op->o_req_dn, op->oq_search.rs_scope );
99 ber_bvarray_free( erefs );
103 rs->sr_ref = referral_rewrite( default_referral,
104 NULL, &op->o_req_dn, op->oq_search.rs_scope );
107 ldap_pvt_thread_rdwr_runlock(&li->li_giant_rwlock);
109 rs->sr_matched = matched_dn.bv_val;
110 send_ldap_result( op, rs );
112 ber_bvarray_free( rs->sr_ref );
113 ber_memfree( matched_dn.bv_val );
115 rs->sr_matched = NULL;
116 return LDAP_REFERRAL;
119 if (!manageDSAit && is_entry_referral( e ) ) {
120 /* entry is a referral, don't allow add */
121 struct berval matched_dn;
124 ber_dupbv( &matched_dn, &e->e_name );
125 erefs = get_entry_referrals( op, e );
128 cache_return_entry_r( &li->li_cache, e );
129 ldap_pvt_thread_rdwr_runlock(&li->li_giant_rwlock);
132 LDAP_LOG( BACK_LDBM, INFO,
133 "ldbm_search: entry (%s) is a referral.\n",
136 Debug( LDAP_DEBUG_TRACE,
137 "ldbm_search: entry is referral\n",
142 rs->sr_ref = referral_rewrite( erefs, &matched_dn,
143 &op->o_req_dn, op->oq_search.rs_scope );
145 ber_bvarray_free( erefs );
148 rs->sr_matched = matched_dn.bv_val;
150 rs->sr_err = LDAP_REFERRAL;
151 send_ldap_result( op, rs );
152 ber_bvarray_free( rs->sr_ref );
155 send_ldap_error( op, rs, LDAP_OTHER,
156 "bad referral object" );
159 ber_memfree( matched_dn.bv_val );
161 rs->sr_matched = NULL;
165 if ( is_entry_alias( e ) ) {
167 op->oq_search.rs_deref = LDAP_DEREF_NEVER;
170 if ( op->oq_search.rs_scope == LDAP_SCOPE_BASE ) {
171 cscope = LDAP_SCOPE_BASE;
172 candidates = base_candidate( op->o_bd, e );
175 cscope = ( op->oq_search.rs_scope != LDAP_SCOPE_SUBTREE )
176 ? LDAP_SCOPE_BASE : LDAP_SCOPE_SUBTREE;
177 candidates = search_candidates( op, e, op->oq_search.rs_filter,
178 op->oq_search.rs_scope, op->oq_search.rs_deref, manageDSAit );
181 /* need normalized dn below */
182 ber_dupbv( &realbase, &e->e_nname );
184 cache_return_entry_r( &li->li_cache, e );
187 if ( candidates == NULL ) {
190 LDAP_LOG( BACK_LDBM, INFO,
191 "ldbm_search: no candidates\n" , 0, 0, 0);
193 Debug( LDAP_DEBUG_TRACE, "ldbm_search: no candidates\n",
197 rs->sr_err = LDAP_SUCCESS;
198 send_ldap_result( op, rs );
204 /* if not root, get appropriate limits */
205 if ( be_isroot( op->o_bd, &op->o_ndn ) )
208 * FIXME: I'd consider this dangerous if someone
209 * uses isroot for anything but handling limits
213 ( void ) get_limits( op->o_bd, &op->o_ndn, &limit );
216 /* if candidates exceed to-be-checked entries, abort */
217 if ( !isroot && limit->lms_s_unchecked != -1 ) {
218 if ( ID_BLOCK_NIDS( candidates ) > (unsigned) limit->lms_s_unchecked ) {
219 send_ldap_error( op, rs, LDAP_ADMINLIMIT_EXCEEDED,
226 /* if root an no specific limit is required, allow unlimited search */
228 if ( op->oq_search.rs_tlimit == 0 ) {
229 op->oq_search.rs_tlimit = -1;
232 if ( op->oq_search.rs_slimit == 0 ) {
233 op->oq_search.rs_slimit = -1;
237 /* if no limit is required, use soft limit */
238 if ( op->oq_search.rs_tlimit <= 0 ) {
239 op->oq_search.rs_tlimit = limit->lms_t_soft;
241 /* if requested limit higher than hard limit, abort */
242 } else if ( op->oq_search.rs_tlimit > limit->lms_t_hard ) {
243 /* no hard limit means use soft instead */
244 if ( limit->lms_t_hard == 0
245 && limit->lms_t_soft > -1
246 && op->oq_search.rs_tlimit > limit->lms_t_soft ) {
247 op->oq_search.rs_tlimit = limit->lms_t_soft;
249 /* positive hard limit means abort */
250 } else if ( limit->lms_t_hard > 0 ) {
251 send_ldap_error( op, rs,
252 LDAP_ADMINLIMIT_EXCEEDED,
258 /* negative hard limit means no limit */
261 /* if no limit is required, use soft limit */
262 if ( op->oq_search.rs_slimit <= 0 ) {
263 op->oq_search.rs_slimit = limit->lms_s_soft;
265 /* if requested limit higher than hard limit, abort */
266 } else if ( op->oq_search.rs_slimit > limit->lms_s_hard ) {
267 /* no hard limit means use soft instead */
268 if ( limit->lms_s_hard == 0
269 && limit->lms_s_soft > -1
270 && op->oq_search.rs_slimit > limit->lms_s_soft ) {
271 op->oq_search.rs_slimit = limit->lms_s_soft;
273 /* positive hard limit means abort */
274 } else if ( limit->lms_s_hard > 0 ) {
275 send_ldap_error( op, rs,
276 LDAP_ADMINLIMIT_EXCEEDED,
282 /* negative hard limit means no limit */
286 /* compute it anyway; root does not use it */
287 stoptime = op->o_time + op->oq_search.rs_tlimit;
288 rs->sr_attrs = op->oq_search.rs_attrs;
290 for ( id = idl_firstid( candidates, &cursor ); id != NOID;
291 id = idl_nextid( candidates, &cursor ) )
296 /* check for abandon */
297 if ( op->o_abandon ) {
302 /* check time limit */
303 if ( op->oq_search.rs_tlimit != -1 && slap_get_time() > stoptime ) {
304 rs->sr_err = LDAP_TIMELIMIT_EXCEEDED;
305 send_ldap_result( op, rs );
310 /* get the entry with reader lock */
311 e = id2entry_r( op->o_bd, id );
315 LDAP_LOG( BACK_LDBM, INFO,
316 "ldbm_search: candidate %ld not found.\n", id, 0, 0 );
318 Debug( LDAP_DEBUG_TRACE,
319 "ldbm_search: candidate %ld not found\n",
328 #ifdef LDBM_SUBENTRIES
329 if ( is_entry_subentry( e ) ) {
330 if( op->oq_search.rs_scope != LDAP_SCOPE_BASE ) {
331 if(!get_subentries_visibility( op )) {
332 /* only subentries are visible */
335 } else if ( get_subentries( op ) &&
336 !get_subentries_visibility( op ))
338 /* only subentries are visible */
341 } else if ( get_subentries_visibility( op )) {
342 /* only subentries are visible */
347 if ( op->oq_search.rs_deref & LDAP_DEREF_SEARCHING && is_entry_alias( e ) ) {
352 e = deref_entry_r( op->o_bd, e, &err, &matched, &text );
359 if( e->e_id == id ) {
364 /* need to skip alias which deref into scope */
365 if( op->oq_search.rs_scope & LDAP_SCOPE_ONELEVEL ) {
367 dnParent( &e->e_nname, &pdn );
368 if ( ber_bvcmp( &pdn, &realbase ) ) {
372 } else if ( dnIsSuffix( &e->e_nname, &realbase ) ) {
373 /* alias is within scope */
375 LDAP_LOG( BACK_LDBM, DETAIL1,
376 "ldbm_search: alias \"%s\" in subtree\n", e->e_dn, 0, 0 );
378 Debug( LDAP_DEBUG_TRACE,
379 "ldbm_search: alias \"%s\" in subtree\n",
392 * if it's a referral, add it to the list of referrals. only do
393 * this for non-base searches, and don't check the filter
394 * explicitly here since it's only a candidate anyway.
396 if ( !manageDSAit && op->oq_search.rs_scope != LDAP_SCOPE_BASE &&
397 is_entry_referral( e ) )
402 if ( !scopeok && op->oq_search.rs_scope == LDAP_SCOPE_ONELEVEL ) {
403 if ( !be_issuffix( op->o_bd, &e->e_nname ) ) {
404 dnParent( &e->e_nname, &dn );
405 scopeok = dn_match( &dn, &realbase );
407 scopeok = (realbase.bv_len == 0);
410 } else if ( !scopeok && op->oq_search.rs_scope == LDAP_SCOPE_SUBTREE ) {
411 scopeok = dnIsSuffix( &e->e_nname, &realbase );
418 BerVarray erefs = get_entry_referrals( op, e );
419 rs->sr_ref = referral_rewrite( erefs,
421 op->oq_search.rs_scope == LDAP_SCOPE_SUBTREE
425 send_search_reference( op, rs );
427 ber_bvarray_free( rs->sr_ref );
432 LDAP_LOG( BACK_LDBM, DETAIL2,
433 "ldbm_search: candidate referral %ld scope not okay\n",
436 Debug( LDAP_DEBUG_TRACE,
437 "ldbm_search: candidate referral %ld scope not okay\n",
445 if ( !manageDSAit && is_entry_glue( e )) {
449 /* if it matches the filter and scope, send it */
450 result = test_filter( op, e, op->oq_search.rs_filter );
452 if ( result == LDAP_COMPARE_TRUE ) {
456 if ( !scopeok && op->oq_search.rs_scope == LDAP_SCOPE_ONELEVEL ) {
457 if ( !be_issuffix( op->o_bd, &e->e_nname ) ) {
458 dnParent( &e->e_nname, &dn );
459 scopeok = dn_match( &dn, &realbase );
461 scopeok = (realbase.bv_len == 0);
464 } else if ( !scopeok && op->oq_search.rs_scope == LDAP_SCOPE_SUBTREE ) {
465 scopeok = dnIsSuffix( &e->e_nname, &realbase );
472 /* check size limit */
473 if ( --op->oq_search.rs_slimit == -1 ) {
474 cache_return_entry_r( &li->li_cache, e );
475 rs->sr_err = LDAP_SIZELIMIT_EXCEEDED;
476 send_ldap_result( op, rs );
483 result = send_search_entry( op, rs );
486 case 0: /* entry sent ok */
488 case 1: /* entry not sent */
490 case -1: /* connection closed */
491 cache_return_entry_r( &li->li_cache, e );
498 LDAP_LOG( BACK_LDBM, DETAIL2,
499 "ldbm_search: candidate entry %ld scope not okay\n",
502 Debug( LDAP_DEBUG_TRACE,
503 "ldbm_search: candidate entry %ld scope not okay\n",
510 LDAP_LOG( BACK_LDBM, DETAIL2,
511 "ldbm_search: candidate entry %ld does not match filter\n",
514 Debug( LDAP_DEBUG_TRACE,
515 "ldbm_search: candidate entry %ld does not match filter\n",
522 /* free reader lock */
523 cache_return_entry_r( &li->li_cache, e );
526 ldap_pvt_thread_yield();
529 rs->sr_err = rs->sr_v2ref ? LDAP_REFERRAL : LDAP_SUCCESS;
530 rs->sr_ref = rs->sr_v2ref;
531 send_ldap_result( op, rs );
536 ldap_pvt_thread_rdwr_runlock(&li->li_giant_rwlock);
538 if( candidates != NULL )
539 idl_free( candidates );
541 if( rs->sr_v2ref ) ber_bvarray_free( rs->sr_v2ref );
542 if( realbase.bv_val ) free( realbase.bv_val );
555 LDAP_LOG( BACK_LDBM, ENTRY, "base_candidate: base (%s)\n", e->e_dn, 0, 0 );
557 Debug(LDAP_DEBUG_TRACE, "base_candidates: base: \"%s\"\n",
562 idl = idl_alloc( 1 );
563 idl_insert( &idl, e->e_id, 1 );
577 ID_BLOCK *candidates;
578 Filter f, fand, rf, af, xf;
579 AttributeAssertion aa_ref, aa_alias;
580 struct berval bv_ref = { sizeof("referral")-1, "referral" };
581 struct berval bv_alias = { sizeof("alias")-1, "alias" };
582 #ifdef LDBM_SUBENTRIES
584 AttributeAssertion aa_subentry;
588 LDAP_LOG( BACK_LDBM, DETAIL1,
589 "search_candidates: base (%s) scope %d deref %d\n",
590 e->e_ndn, scope, deref );
592 Debug(LDAP_DEBUG_TRACE,
593 "search_candidates: base=\"%s\" s=%d d=%d\n",
594 e->e_ndn, scope, deref );
599 xf.f_choice = LDAP_FILTER_OR;
603 /* match referrals */
604 rf.f_choice = LDAP_FILTER_EQUALITY;
606 rf.f_av_desc = slap_schema.si_ad_objectClass;
607 rf.f_av_value = bv_ref;
612 if( deref & LDAP_DEREF_SEARCHING ) {
614 af.f_choice = LDAP_FILTER_EQUALITY;
615 af.f_ava = &aa_alias;
616 af.f_av_desc = slap_schema.si_ad_objectClass;
617 af.f_av_value = bv_alias;
623 f.f_choice = LDAP_FILTER_AND;
625 fand.f_choice = scope == LDAP_SCOPE_SUBTREE
626 ? SLAPD_FILTER_DN_SUBTREE
627 : SLAPD_FILTER_DN_ONE;
628 fand.f_dn = &e->e_nname;
629 fand.f_next = xf.f_or == filter ? filter : &xf ;
631 #ifdef LDBM_SUBENTRIES
632 if ( get_subentries_visibility( op )) {
633 struct berval bv_subentry = { sizeof("SUBENTRY")-1, "SUBENTRY" };
634 sf.f_choice = LDAP_FILTER_EQUALITY;
635 sf.f_ava = &aa_subentry;
636 sf.f_av_desc = slap_schema.si_ad_objectClass;
637 sf.f_av_value = bv_subentry;
638 sf.f_next = fand.f_next;
643 candidates = filter_candidates( op, &f );
645 return( candidates );