1 /* search.c - ldbm backend search function */
4 * Copyright 1998-2003 The OpenLDAP Foundation, All Rights Reserved.
5 * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
12 #include <ac/string.h>
13 #include <ac/socket.h>
16 #include "back-ldbm.h"
17 #include "proto-back-ldbm.h"
19 static ID_BLOCK *base_candidate(
20 Backend *be, Entry *e );
22 static ID_BLOCK *search_candidates(
23 Backend *be, Entry *e, Filter *filter,
24 int scope, int deref, int manageDSAit );
32 struct ldbminfo *li = (struct ldbminfo *) op->o_bd->be_private;
34 const char *text = NULL;
39 Entry *matched = NULL;
40 struct berval realbase = { 0, NULL };
41 int manageDSAit = get_manageDSAit( op );
42 int cscope = LDAP_SCOPE_DEFAULT;
45 Entry cache_base_entry;
46 #endif /* LDAP_CACHING */
48 struct slap_limits_set *limit = NULL;
52 LDAP_LOG( BACK_LDBM, ENTRY, "ldbm_back_search: enter\n", 0, 0, 0 );
54 Debug(LDAP_DEBUG_TRACE, "=> ldbm_back_search\n", 0, 0, 0);
57 /* grab giant lock for reading */
58 ldap_pvt_thread_rdwr_rlock(&li->li_giant_rwlock);
61 if ( op->o_req_ndn.bv_len == 0 ) {
62 /* DIT root special case */
63 e = (Entry *) &slap_entry_root;
65 /* need normalized dn below */
66 ber_dupbv( &realbase, &e->e_nname );
68 #else /* LDAP_CACHING */
69 if ( op->o_caching_on || op->o_req_ndn.bv_len == 0 ) {
70 if (op->o_req_ndn.bv_len == 0) {
71 e = (Entry *) &slap_entry_root;
72 /* need normalized dn below */
73 ber_dupbv( &realbase, &e->e_nname );
75 if ((op->oq_search.rs_scope == LDAP_SCOPE_BASE)
76 && (e = dn2entry_r( op->o_bd, &op->o_req_ndn, &matched )))
78 candidates = base_candidate(op->o_bd, e);
79 cache_return_entry_r( &li->li_cache, e );
82 cache_base_entry.e_nname = op->o_req_ndn;
83 e = &cache_base_entry;
85 #endif /* LDAP_CACHING */
87 candidates = search_candidates( op->o_bd, e, op->oq_search.rs_filter,
88 op->oq_search.rs_scope, op->oq_search.rs_deref,
89 manageDSAit || get_domainScope(op) );
93 } else if ( op->oq_search.rs_deref & LDAP_DEREF_FINDING ) {
94 /* deref dn and get entry with reader lock */
95 e = deref_dn_r( op->o_bd, &op->o_req_ndn, &rs->sr_err, &matched, &rs->sr_text );
97 if( rs->sr_err == LDAP_NO_SUCH_OBJECT ) rs->sr_err = LDAP_REFERRAL;
100 /* get entry with reader lock */
101 e = dn2entry_r( op->o_bd, &op->o_req_ndn, &matched );
102 rs->sr_err = e != NULL ? LDAP_SUCCESS : LDAP_REFERRAL;
107 struct berval matched_dn = { 0, NULL };
109 if ( matched != NULL ) {
111 ber_dupbv( &matched_dn, &matched->e_name );
113 erefs = is_entry_referral( matched )
114 ? get_entry_referrals( op, matched )
117 cache_return_entry_r( &li->li_cache, matched );
120 rs->sr_ref = referral_rewrite( erefs, &matched_dn,
121 &op->o_req_dn, op->oq_search.rs_scope );
123 ber_bvarray_free( erefs );
127 rs->sr_ref = referral_rewrite( default_referral,
128 NULL, &op->o_req_dn, op->oq_search.rs_scope );
131 ldap_pvt_thread_rdwr_runlock(&li->li_giant_rwlock);
133 rs->sr_matched = matched_dn.bv_val;
134 send_ldap_result( op, rs );
136 ber_bvarray_free( rs->sr_ref );
137 ber_memfree( matched_dn.bv_val );
141 if (!manageDSAit && is_entry_referral( e ) ) {
142 /* entry is a referral, don't allow add */
143 struct berval matched_dn;
146 ber_dupbv( &matched_dn, &e->e_name );
147 erefs = get_entry_referrals( op, e );
150 cache_return_entry_r( &li->li_cache, e );
151 ldap_pvt_thread_rdwr_runlock(&li->li_giant_rwlock);
154 LDAP_LOG( BACK_LDBM, INFO,
155 "ldbm_search: entry (%s) is a referral.\n",
158 Debug( LDAP_DEBUG_TRACE,
159 "ldbm_search: entry is referral\n",
164 rs->sr_ref = referral_rewrite( erefs, &matched_dn,
165 &op->o_req_dn, op->oq_search.rs_scope );
167 ber_bvarray_free( erefs );
170 rs->sr_matched = matched_dn.bv_val;
172 rs->sr_err = LDAP_REFERRAL;
173 send_ldap_result( op, rs );
174 ber_bvarray_free( rs->sr_ref );
177 send_ldap_error( op, rs, LDAP_OTHER,
178 "bad referral object" );
181 ber_memfree( matched_dn.bv_val );
185 if ( is_entry_alias( e ) ) {
187 op->oq_search.rs_deref = LDAP_DEREF_NEVER;
190 if ( op->oq_search.rs_scope == LDAP_SCOPE_BASE ) {
191 cscope = LDAP_SCOPE_BASE;
192 candidates = base_candidate( op->o_bd, e );
195 cscope = ( op->oq_search.rs_scope != LDAP_SCOPE_SUBTREE )
196 ? LDAP_SCOPE_BASE : LDAP_SCOPE_SUBTREE;
197 candidates = search_candidates( op->o_bd, e, op->oq_search.rs_filter,
198 op->oq_search.rs_scope, op->oq_search.rs_deref, manageDSAit );
201 /* need normalized dn below */
202 ber_dupbv( &realbase, &e->e_nname );
204 cache_return_entry_r( &li->li_cache, e );
207 if ( candidates == NULL ) {
210 LDAP_LOG( BACK_LDBM, INFO,
211 "ldbm_search: no candidates\n" , 0, 0, 0);
213 Debug( LDAP_DEBUG_TRACE, "ldbm_search: no candidates\n",
217 if ( op->o_caching_on ) {
218 ldap_pvt_thread_rdwr_runlock(&li->li_giant_rwlock);
220 #endif /* LDAP_CACHING */
222 rs->sr_err = LDAP_SUCCESS;
223 send_ldap_result( op, rs );
226 if ( op->o_caching_on ) {
227 ldap_pvt_thread_rdwr_rlock(&li->li_giant_rwlock);
229 #endif /* LDAP_CACHING */
235 /* if not root, get appropriate limits */
237 if ( be_isroot( op->o_bd, &op->o_ndn ) )
238 #else /* LDAP_CACHING */
239 if ( op->o_caching_on || be_isroot( op->o_bd, &op->o_ndn ) )
240 #endif /* LDAP_CACHING */
243 * FIXME: I'd consider this dangerous if someone
244 * uses isroot for anything but handling limits
248 ( void ) get_limits( op->o_bd, &op->o_ndn, &limit );
251 /* if candidates exceed to-be-checked entries, abort */
252 if ( !isroot && limit->lms_s_unchecked != -1 ) {
253 if ( ID_BLOCK_NIDS( candidates ) > (unsigned) limit->lms_s_unchecked ) {
254 send_ldap_error( op, rs, LDAP_ADMINLIMIT_EXCEEDED,
261 /* if root an no specific limit is required, allow unlimited search */
263 if ( op->oq_search.rs_tlimit == 0 ) {
264 op->oq_search.rs_tlimit = -1;
267 if ( op->oq_search.rs_slimit == 0 ) {
268 op->oq_search.rs_slimit = -1;
272 /* if no limit is required, use soft limit */
273 if ( op->oq_search.rs_tlimit <= 0 ) {
274 op->oq_search.rs_tlimit = limit->lms_t_soft;
276 /* if requested limit higher than hard limit, abort */
277 } else if ( op->oq_search.rs_tlimit > limit->lms_t_hard ) {
278 /* no hard limit means use soft instead */
279 if ( limit->lms_t_hard == 0
280 && limit->lms_t_soft > -1
281 && op->oq_search.rs_tlimit > limit->lms_t_soft ) {
282 op->oq_search.rs_tlimit = limit->lms_t_soft;
284 /* positive hard limit means abort */
285 } else if ( limit->lms_t_hard > 0 ) {
286 send_ldap_error( op, rs,
287 LDAP_ADMINLIMIT_EXCEEDED,
293 /* negative hard limit means no limit */
296 /* if no limit is required, use soft limit */
297 if ( op->oq_search.rs_slimit <= 0 ) {
298 op->oq_search.rs_slimit = limit->lms_s_soft;
300 /* if requested limit higher than hard limit, abort */
301 } else if ( op->oq_search.rs_slimit > limit->lms_s_hard ) {
302 /* no hard limit means use soft instead */
303 if ( limit->lms_s_hard == 0
304 && limit->lms_s_soft > -1
305 && op->oq_search.rs_slimit > limit->lms_s_soft ) {
306 op->oq_search.rs_slimit = limit->lms_s_soft;
308 /* positive hard limit means abort */
309 } else if ( limit->lms_s_hard > 0 ) {
310 send_ldap_error( op, rs,
311 LDAP_ADMINLIMIT_EXCEEDED,
317 /* negative hard limit means no limit */
321 /* compute it anyway; root does not use it */
322 stoptime = op->o_time + op->oq_search.rs_tlimit;
323 rs->sr_attrs = op->oq_search.rs_attrs;
325 for ( id = idl_firstid( candidates, &cursor ); id != NOID;
326 id = idl_nextid( candidates, &cursor ) )
331 /* check for abandon */
332 if ( op->o_abandon ) {
337 /* check time limit */
338 if ( op->oq_search.rs_tlimit != -1 && slap_get_time() > stoptime ) {
339 rs->sr_err = LDAP_TIMELIMIT_EXCEEDED;
340 send_ldap_result( op, rs );
345 /* get the entry with reader lock */
346 e = id2entry_r( op->o_bd, id );
350 LDAP_LOG( BACK_LDBM, INFO,
351 "ldbm_search: candidate %ld not found.\n", id, 0, 0 );
353 Debug( LDAP_DEBUG_TRACE,
354 "ldbm_search: candidate %ld not found\n",
363 if ( !op->o_caching_on ) {
364 #endif /* LDAP_CACHING */
366 if ( op->oq_search.rs_deref & LDAP_DEREF_SEARCHING && is_entry_alias( e ) ) {
371 e = deref_entry_r( op->o_bd, e, &err, &matched, &text );
378 if( e->e_id == id ) {
383 /* need to skip alias which deref into scope */
384 if( op->oq_search.rs_scope & LDAP_SCOPE_ONELEVEL ) {
386 dnParent( &e->e_nname, &pdn );
387 if ( ber_bvcmp( &pdn, &realbase ) ) {
391 } else if ( dnIsSuffix( &e->e_nname, &realbase ) ) {
392 /* alias is within scope */
394 LDAP_LOG( BACK_LDBM, DETAIL1,
395 "ldbm_search: alias \"%s\" in subtree\n", e->e_dn, 0, 0 );
397 Debug( LDAP_DEBUG_TRACE,
398 "ldbm_search: alias \"%s\" in subtree\n",
411 * if it's a referral, add it to the list of referrals. only do
412 * this for non-base searches, and don't check the filter
413 * explicitly here since it's only a candidate anyway.
415 if ( !manageDSAit && op->oq_search.rs_scope != LDAP_SCOPE_BASE &&
416 is_entry_referral( e ) )
421 if ( !scopeok && op->oq_search.rs_scope == LDAP_SCOPE_ONELEVEL ) {
422 if ( !be_issuffix( op->o_bd, &e->e_nname ) ) {
423 dnParent( &e->e_nname, &dn );
424 scopeok = dn_match( &dn, &realbase );
426 scopeok = (realbase.bv_len == 0);
429 } else if ( !scopeok && op->oq_search.rs_scope == LDAP_SCOPE_SUBTREE ) {
430 scopeok = dnIsSuffix( &e->e_nname, &realbase );
437 BerVarray erefs = get_entry_referrals( op, e );
438 rs->sr_ref = referral_rewrite( erefs,
440 op->oq_search.rs_scope == LDAP_SCOPE_SUBTREE
444 send_search_reference( op, rs );
446 ber_bvarray_free( rs->sr_ref );
451 LDAP_LOG( BACK_LDBM, DETAIL2,
452 "ldbm_search: candidate referral %ld scope not okay\n",
455 Debug( LDAP_DEBUG_TRACE,
456 "ldbm_search: candidate referral %ld scope not okay\n",
466 #endif /* LDAP_CACHING */
468 /* if it matches the filter and scope, send it */
469 result = test_filter( op, e, op->oq_search.rs_filter );
471 if ( result == LDAP_COMPARE_TRUE ) {
475 if ( !scopeok && op->oq_search.rs_scope == LDAP_SCOPE_ONELEVEL ) {
476 if ( !be_issuffix( op->o_bd, &e->e_nname ) ) {
477 dnParent( &e->e_nname, &dn );
478 scopeok = dn_match( &dn, &realbase );
480 scopeok = (realbase.bv_len == 0);
483 } else if ( !scopeok && op->oq_search.rs_scope == LDAP_SCOPE_SUBTREE ) {
484 scopeok = dnIsSuffix( &e->e_nname, &realbase );
491 /* check size limit */
492 if ( --op->oq_search.rs_slimit == -1 ) {
493 cache_return_entry_r( &li->li_cache, e );
494 rs->sr_err = LDAP_SIZELIMIT_EXCEEDED;
495 send_ldap_result( op, rs );
503 if ( op->o_caching_on ) {
504 ldap_pvt_thread_rdwr_runlock(&li->li_giant_rwlock);
505 cache_return_entry_r( &li->li_cache, e );
507 #endif /* LDAP_CACHING */
509 result = send_search_entry( op, rs );
512 if ( op->o_caching_on ) {
513 ldap_pvt_thread_rdwr_rlock( &li->li_giant_rwlock );
515 #endif /* LDAP_CACHING */
519 case 0: /* entry sent ok */
521 case 1: /* entry not sent */
523 case -1: /* connection closed */
524 cache_return_entry_r( &li->li_cache, e );
531 LDAP_LOG( BACK_LDBM, DETAIL2,
532 "ldbm_search: candidate entry %ld scope not okay\n",
535 Debug( LDAP_DEBUG_TRACE,
536 "ldbm_search: candidate entry %ld scope not okay\n",
543 LDAP_LOG( BACK_LDBM, DETAIL2,
544 "ldbm_search: candidate entry %ld does not match filter\n",
547 Debug( LDAP_DEBUG_TRACE,
548 "ldbm_search: candidate entry %ld does not match filter\n",
555 /* free reader lock */
557 cache_return_entry_r( &li->li_cache, e );
558 #else /* LDAP_CACHING */
559 if ( !op->o_caching_on ) {
560 cache_return_entry_r( &li->li_cache, e );
562 #endif /* LDAP_CACHING */
565 ldap_pvt_thread_yield();
568 rs->sr_err = rs->sr_v2ref ? LDAP_REFERRAL : LDAP_SUCCESS;
569 rs->sr_ref = rs->sr_v2ref;
570 send_ldap_result( op, rs );
575 ldap_pvt_thread_rdwr_runlock(&li->li_giant_rwlock);
577 if( candidates != NULL )
578 idl_free( candidates );
580 if( rs->sr_v2ref ) ber_bvarray_free( rs->sr_v2ref );
581 if( realbase.bv_val ) free( realbase.bv_val );
594 LDAP_LOG( BACK_LDBM, ENTRY, "base_candidate: base (%s)\n", e->e_dn, 0, 0 );
596 Debug(LDAP_DEBUG_TRACE, "base_candidates: base: \"%s\"\n",
601 idl = idl_alloc( 1 );
602 idl_insert( &idl, e->e_id, 1 );
616 ID_BLOCK *candidates;
617 Filter f, fand, rf, af, xf;
618 AttributeAssertion aa_ref, aa_alias;
619 struct berval bv_ref = { sizeof("referral")-1, "referral" };
620 struct berval bv_alias = { sizeof("alias")-1, "alias" };
623 LDAP_LOG( BACK_LDBM, DETAIL1,
624 "search_candidates: base (%s) scope %d deref %d\n",
625 e->e_ndn, scope, deref );
627 Debug(LDAP_DEBUG_TRACE,
628 "search_candidates: base=\"%s\" s=%d d=%d\n",
629 e->e_ndn, scope, deref );
634 xf.f_choice = LDAP_FILTER_OR;
638 /* match referrals */
639 rf.f_choice = LDAP_FILTER_EQUALITY;
641 rf.f_av_desc = slap_schema.si_ad_objectClass;
642 rf.f_av_value = bv_ref;
647 if( deref & LDAP_DEREF_SEARCHING ) {
649 af.f_choice = LDAP_FILTER_EQUALITY;
650 af.f_ava = &aa_alias;
651 af.f_av_desc = slap_schema.si_ad_objectClass;
652 af.f_av_value = bv_alias;
658 f.f_choice = LDAP_FILTER_AND;
660 fand.f_choice = scope == LDAP_SCOPE_SUBTREE
661 ? SLAPD_FILTER_DN_SUBTREE
662 : SLAPD_FILTER_DN_ONE;
663 fand.f_dn = &e->e_nname;
664 fand.f_next = xf.f_or == filter ? filter : &xf ;
666 candidates = filter_candidates( be, &f );
668 return( candidates );