git.sur5r.net Git - openldap/blob - servers/slapd/back-ldbm/search.c

   1 /* search.c - ldbm backend search function */
   2 /* $OpenLDAP$ */
   3 /*
   4  * Copyright 1998-2002 The OpenLDAP Foundation, All Rights Reserved.
   5  * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
   6  */
   7
   8 #include "portable.h"
   9
  10 #include <stdio.h>
  11
  12 #include <ac/string.h>
  13 #include <ac/socket.h>
  14
  15 #include "slap.h"
  16 #include "back-ldbm.h"
  17 #include "proto-back-ldbm.h"
  18
  19 static ID_BLOCK *base_candidate(
  20         Backend *be, Entry *e );
  21
  22 static ID_BLOCK *search_candidates(
  23         Backend *be, Entry *e, Filter *filter,
  24         int scope, int deref, int manageDSAit );
  25
  26
  27 int
  28 ldbm_back_search(
  29     Backend     *be,
  30     Connection  *conn,
  31     Operation   *op,
  32     struct berval       *base,
  33     struct berval       *nbase,
  34     int         scope,
  35     int         deref,
  36     int         slimit,
  37     int         tlimit,
  38     Filter      *filter,
  39     struct berval       *filterstr,
  40     AttributeName       *attrs,
  41     int         attrsonly )
  42 {
  43         struct ldbminfo *li = (struct ldbminfo *) be->be_private;
  44         int             rc, err;
  45         const char *text = NULL;
  46         time_t          stoptime;
  47         ID_BLOCK                *candidates;
  48         ID              id, cursor;
  49         Entry           *e;
  50         BerVarray               v2refs = NULL;
  51         Entry   *matched = NULL;
  52         struct berval   realbase = { 0, NULL };
  53         int             nentries = 0;
  54         int             manageDSAit = get_manageDSAit( op );
  55         int             cscope = LDAP_SCOPE_DEFAULT;
  56
  57         struct slap_limits_set *limit = NULL;
  58         int isroot = 0;
  59
  60 #ifdef NEW_LOGGING
  61         LDAP_LOG( BACK_LDBM, ENTRY, "ldbm_back_search: enter\n", 0, 0, 0 );
  62 #else
  63         Debug(LDAP_DEBUG_TRACE, "=> ldbm_back_search\n", 0, 0, 0);
  64 #endif
  65
  66         /* grab giant lock for reading */
  67         ldap_pvt_thread_rdwr_rlock(&li->li_giant_rwlock);
  68
  69         if ( nbase->bv_len == 0 ) {
  70                 /* DIT root special case */
  71                 e = (Entry *) &slap_entry_root;
  72
  73                 /* need normalized dn below */
  74                 ber_dupbv( &realbase, &e->e_nname );
  75
  76                 candidates = search_candidates( be, e, filter,
  77                     scope, deref, manageDSAit );
  78
  79                 goto searchit;
  80
  81         } else if ( deref & LDAP_DEREF_FINDING ) {
  82                 /* deref dn and get entry with reader lock */
  83                 e = deref_dn_r( be, nbase, &err, &matched, &text );
  84
  85                 if( err == LDAP_NO_SUCH_OBJECT ) err = LDAP_REFERRAL;
  86
  87         } else {
  88                 /* get entry with reader lock */
  89                 e = dn2entry_r( be, nbase, &matched );
  90                 err = e != NULL ? LDAP_SUCCESS : LDAP_REFERRAL;
  91                 text = NULL;
  92         }
  93
  94         if ( e == NULL ) {
  95                 struct berval matched_dn = { 0, NULL };
  96                 BerVarray refs = NULL;
  97
  98                 if ( matched != NULL ) {
  99                         BerVarray erefs;
 100                         ber_dupbv( &matched_dn, &matched->e_name );
 101
 102                         erefs = is_entry_referral( matched )
 103                                 ? get_entry_referrals( be, conn, op, matched )
 104                                 : NULL;
 105
 106                         cache_return_entry_r( &li->li_cache, matched );
 107
 108                         if( erefs ) {
 109                                 refs = referral_rewrite( erefs, &matched_dn,
 110                                         base, scope );
 111
 112                                 ber_bvarray_free( erefs );
 113                         }
 114
 115                 } else {
 116                         refs = referral_rewrite( default_referral,
 117                                 NULL, base, scope );
 118                 }
 119
 120                 ldap_pvt_thread_rdwr_runlock(&li->li_giant_rwlock);
 121
 122                 send_ldap_result( conn, op, err, matched_dn.bv_val,
 123                         text, refs, NULL );
 124
 125                 ber_bvarray_free( refs );
 126                 ber_memfree( matched_dn.bv_val );
 127                 return 1;
 128         }
 129
 130         if (!manageDSAit && is_entry_referral( e ) ) {
 131                 /* entry is a referral, don't allow add */
 132                 struct berval matched_dn;
 133                 BerVarray erefs;
 134                 BerVarray refs;
 135
 136                 ber_dupbv( &matched_dn, &e->e_name );
 137                 erefs = get_entry_referrals( be, conn, op, e );
 138                 refs = NULL;
 139
 140                 cache_return_entry_r( &li->li_cache, e );
 141                 ldap_pvt_thread_rdwr_runlock(&li->li_giant_rwlock);
 142
 143 #ifdef NEW_LOGGING
 144                 LDAP_LOG( BACK_LDBM, INFO,
 145                         "ldbm_search: entry (%s) is a referral.\n",
 146                         e->e_dn, 0, 0 );
 147 #else
 148                 Debug( LDAP_DEBUG_TRACE,
 149                         "ldbm_search: entry is referral\n",
 150                         0, 0, 0 );
 151 #endif
 152
 153                 if( erefs ) {
 154                         refs = referral_rewrite( erefs, &matched_dn,
 155                                 base, scope );
 156
 157                         ber_bvarray_free( erefs );
 158                 }
 159
 160                 if( refs ) {
 161                         send_ldap_result( conn, op, LDAP_REFERRAL,
 162                                 matched_dn.bv_val, NULL, refs, NULL );
 163                         ber_bvarray_free( refs );
 164
 165                 } else {
 166                         send_ldap_result( conn, op, LDAP_OTHER,
 167                                 matched_dn.bv_val,
 168                         "bad referral object", NULL, NULL );
 169                 }
 170
 171                 ber_memfree( matched_dn.bv_val );
 172                 return 1;
 173         }
 174
 175         if ( is_entry_alias( e ) ) {
 176                 /* don't deref */
 177                 deref = LDAP_DEREF_NEVER;
 178         }
 179
 180         if ( scope == LDAP_SCOPE_BASE ) {
 181                 cscope = LDAP_SCOPE_BASE;
 182                 candidates = base_candidate( be, e );
 183
 184         } else {
 185                 cscope = ( scope != LDAP_SCOPE_SUBTREE )
 186                         ? LDAP_SCOPE_BASE : LDAP_SCOPE_SUBTREE;
 187                 candidates = search_candidates( be, e, filter,
 188                     scope, deref, manageDSAit );
 189         }
 190
 191         /* need normalized dn below */
 192         ber_dupbv( &realbase, &e->e_nname );
 193
 194         cache_return_entry_r( &li->li_cache, e );
 195
 196 searchit:
 197         if ( candidates == NULL ) {
 198                 /* no candidates */
 199 #ifdef NEW_LOGGING
 200                 LDAP_LOG( BACK_LDBM, INFO,
 201                         "ldbm_search: no candidates\n" , 0, 0, 0);
 202 #else
 203                 Debug( LDAP_DEBUG_TRACE, "ldbm_search: no candidates\n",
 204                         0, 0, 0 );
 205 #endif
 206
 207                 send_search_result( conn, op,
 208                         LDAP_SUCCESS,
 209                         NULL, NULL, NULL, NULL, 0 );
 210
 211                 rc = 1;
 212                 goto done;
 213         }
 214
 215         /* if not root, get appropriate limits */
 216         if ( be_isroot( be, &op->o_ndn ) ) {
 217                 isroot = 1;
 218         } else {
 219                 ( void ) get_limits( be, &op->o_ndn, &limit );
 220         }
 221
 222         /* if candidates exceed to-be-checked entries, abort */
 223         if ( !isroot && limit->lms_s_unchecked != -1 ) {
 224                 if ( ID_BLOCK_NIDS( candidates ) > (unsigned) limit->lms_s_unchecked ) {
 225                         send_search_result( conn, op, LDAP_ADMINLIMIT_EXCEEDED,
 226                                         NULL, NULL, NULL, NULL, 0 );
 227                         rc = 0;
 228                         goto done;
 229                 }
 230         }
 231
 232         /* if root an no specific limit is required, allow unlimited search */
 233         if ( isroot ) {
 234                 if ( tlimit == 0 ) {
 235                         tlimit = -1;
 236                 }
 237
 238                 if ( slimit == 0 ) {
 239                         slimit = -1;
 240                 }
 241
 242         } else {
 243                 /* if no limit is required, use soft limit */
 244                 if ( tlimit <= 0 ) {
 245                         tlimit = limit->lms_t_soft;
 246
 247                 /* if requested limit higher than hard limit, abort */
 248                 } else if ( tlimit > limit->lms_t_hard ) {
 249                         /* no hard limit means use soft instead */
 250                         if ( limit->lms_t_hard == 0 && tlimit > limit->lms_t_soft ) {
 251                                 tlimit = limit->lms_t_soft;
 252
 253                         /* positive hard limit means abort */
 254                         } else if ( limit->lms_t_hard > 0 ) {
 255                                 send_search_result( conn, op,
 256                                                 LDAP_UNWILLING_TO_PERFORM,
 257                                                 NULL, NULL, NULL, NULL, 0 );
 258                                 rc = 0;
 259                                 goto done;
 260                         }
 261
 262                         /* negative hard limit means no limit */
 263                 }
 264
 265                 /* if no limit is required, use soft limit */
 266                 if ( slimit <= 0 ) {
 267                         slimit = limit->lms_s_soft;
 268
 269                 /* if requested limit higher than hard limit, abort */
 270                 } else if ( slimit > limit->lms_s_hard ) {
 271                         /* no hard limit means use soft instead */
 272                         if ( limit->lms_s_hard == 0 && slimit > limit->lms_s_soft ) {
 273                                 slimit = limit->lms_s_soft;
 274
 275                         /* positive hard limit means abort */
 276                         } else if ( limit->lms_s_hard > 0 ) {
 277                                 send_search_result( conn, op,
 278                                                 LDAP_UNWILLING_TO_PERFORM,
 279                                                 NULL, NULL, NULL, NULL, 0 );
 280                                 rc = 0;
 281                                 goto done;
 282                         }
 283
 284                         /* negative hard limit means no limit */
 285                 }
 286         }
 287
 288         /* compute it anyway; root does not use it */
 289         stoptime = op->o_time + tlimit;
 290
 291         for ( id = idl_firstid( candidates, &cursor ); id != NOID;
 292             id = idl_nextid( candidates, &cursor ) )
 293         {
 294                 int scopeok = 0;
 295
 296                 /* check for abandon */
 297                 if ( op->o_abandon ) {
 298                         rc = 0;
 299                         goto done;
 300                 }
 301
 302                 /* check time limit */
 303                 if ( tlimit != -1 && slap_get_time() > stoptime ) {
 304                         send_search_result( conn, op, LDAP_TIMELIMIT_EXCEEDED,
 305                                 NULL, NULL, v2refs, NULL, nentries );
 306                         rc = 0;
 307                         goto done;
 308                 }
 309
 310                 /* get the entry with reader lock */
 311                 e = id2entry_r( be, id );
 312
 313                 if ( e == NULL ) {
 314 #ifdef NEW_LOGGING
 315                         LDAP_LOG( BACK_LDBM, INFO,
 316                                 "ldbm_search: candidate %ld not found.\n", id, 0, 0 );
 317 #else
 318                         Debug( LDAP_DEBUG_TRACE,
 319                                 "ldbm_search: candidate %ld not found\n",
 320                                 id, 0, 0 );
 321 #endif
 322
 323                         goto loop_continue;
 324                 }
 325
 326                 if ( deref & LDAP_DEREF_SEARCHING && is_entry_alias( e ) ) {
 327                         Entry *matched;
 328                         int err;
 329                         const char *text;
 330
 331                         e = deref_entry_r( be, e, &err, &matched, &text );
 332
 333                         if( e == NULL ) {
 334                                 e = matched;
 335                                 goto loop_continue;
 336                         }
 337
 338                         if( e->e_id == id ) {
 339                                 /* circular loop */
 340                                 goto loop_continue;
 341                         }
 342
 343                         /* need to skip alias which deref into scope */
 344                         if( scope & LDAP_SCOPE_ONELEVEL ) {
 345                                 struct berval pdn;
 346                                 dnParent( &e->e_nname, &pdn );
 347                                 if ( ber_bvcmp( &pdn, &realbase ) ) {
 348                                         goto loop_continue;
 349                                 }
 350
 351                         } else if ( dnIsSuffix( &e->e_nname, &realbase ) ) {
 352                                 /* alias is within scope */
 353 #ifdef NEW_LOGGING
 354                                 LDAP_LOG( BACK_LDBM, DETAIL1,
 355                                         "ldbm_search: alias \"%s\" in subtree\n", e->e_dn, 0, 0 );
 356 #else
 357                                 Debug( LDAP_DEBUG_TRACE,
 358                                         "ldbm_search: alias \"%s\" in subtree\n",
 359                                         e->e_dn, 0, 0 );
 360 #endif
 361
 362                                 goto loop_continue;
 363                         }
 364
 365                         scopeok = 1;
 366                 }
 367
 368                 /*
 369                  * if it's a referral, add it to the list of referrals. only do
 370                  * this for non-base searches, and don't check the filter
 371                  * explicitly here since it's only a candidate anyway.
 372                  */
 373                 if ( !manageDSAit && scope != LDAP_SCOPE_BASE &&
 374                         is_entry_referral( e ) )
 375                 {
 376                         struct berval   dn;
 377
 378                         /* check scope */
 379                         if ( !scopeok && scope == LDAP_SCOPE_ONELEVEL ) {
 380                                 if ( !be_issuffix( be, &e->e_nname ) ) {
 381                                         dnParent( &e->e_nname, &dn );
 382                                         scopeok = dn_match( &dn, &realbase );
 383                                 } else {
 384                                         scopeok = (realbase.bv_len == 0);
 385                                 }
 386
 387                         } else if ( !scopeok && scope == LDAP_SCOPE_SUBTREE ) {
 388                                 scopeok = dnIsSuffix( &e->e_nname, &realbase );
 389
 390                         } else {
 391                                 scopeok = 1;
 392                         }
 393
 394                         if( scopeok ) {
 395                                 BerVarray erefs = get_entry_referrals(
 396                                         be, conn, op, e );
 397                                 BerVarray refs = referral_rewrite( erefs,
 398                                         &e->e_name, NULL,
 399                                         scope == LDAP_SCOPE_SUBTREE
 400                                                 ? LDAP_SCOPE_SUBTREE
 401                                                 : LDAP_SCOPE_BASE );
 402
 403                                 send_search_reference( be, conn, op,
 404                                         e, refs, NULL, &v2refs );
 405
 406                                 ber_bvarray_free( refs );
 407
 408                         } else {
 409 #ifdef NEW_LOGGING
 410                                 LDAP_LOG( BACK_LDBM, DETAIL2,
 411                                         "ldbm_search: candidate referral %ld scope not okay\n",
 412                                         id, 0, 0 );
 413 #else
 414                                 Debug( LDAP_DEBUG_TRACE,
 415                                         "ldbm_search: candidate referral %ld scope not okay\n",
 416                                         id, 0, 0 );
 417 #endif
 418                         }
 419
 420                         goto loop_continue;
 421                 }
 422
 423                 /* if it matches the filter and scope, send it */
 424                 if ( test_filter( be, conn, op, e, filter ) == LDAP_COMPARE_TRUE ) {
 425                         struct berval   dn;
 426
 427                         /* check scope */
 428                         if ( !scopeok && scope == LDAP_SCOPE_ONELEVEL ) {
 429                                 if ( !be_issuffix( be, &e->e_nname ) ) {
 430                                         dnParent( &e->e_nname, &dn );
 431                                         scopeok = dn_match( &dn, &realbase );
 432                                 } else {
 433                                         scopeok = (realbase.bv_len == 0);
 434                                 }
 435
 436                         } else if ( !scopeok && scope == LDAP_SCOPE_SUBTREE ) {
 437                                 scopeok = dnIsSuffix( &e->e_nname, &realbase );
 438
 439                         } else {
 440                                 scopeok = 1;
 441                         }
 442
 443                         if ( scopeok ) {
 444                                 /* check size limit */
 445                                 if ( --slimit == -1 ) {
 446                                         cache_return_entry_r( &li->li_cache, e );
 447                                         send_search_result( conn, op,
 448                                                 LDAP_SIZELIMIT_EXCEEDED, NULL, NULL,
 449                                                 v2refs, NULL, nentries );
 450                                         rc = 0;
 451                                         goto done;
 452                                 }
 453
 454                                 if (e) {
 455                                         int result = send_search_entry(be, conn, op,
 456                                                 e, attrs, attrsonly, NULL);
 457
 458                                         switch (result) {
 459                                         case 0:         /* entry sent ok */
 460                                                 nentries++;
 461                                                 break;
 462                                         case 1:         /* entry not sent */
 463                                                 break;
 464                                         case -1:        /* connection closed */
 465                                                 cache_return_entry_r( &li->li_cache, e );
 466                                                 rc = 0;
 467                                                 goto done;
 468                                         }
 469                                 }
 470                         } else {
 471 #ifdef NEW_LOGGING
 472                                 LDAP_LOG( BACK_LDBM, DETAIL2,
 473                                         "ldbm_search: candidate entry %ld scope not okay\n",
 474                                         id, 0, 0 );
 475 #else
 476                                 Debug( LDAP_DEBUG_TRACE,
 477                                         "ldbm_search: candidate entry %ld scope not okay\n",
 478                                         id, 0, 0 );
 479 #endif
 480                         }
 481
 482                 } else {
 483 #ifdef NEW_LOGGING
 484                         LDAP_LOG( BACK_LDBM, DETAIL2,
 485                                 "ldbm_search: candidate entry %ld does not match filter\n",
 486                                 id, 0, 0 );
 487 #else
 488                         Debug( LDAP_DEBUG_TRACE,
 489                                 "ldbm_search: candidate entry %ld does not match filter\n",
 490                                 id, 0, 0 );
 491 #endif
 492                 }
 493
 494 loop_continue:
 495                 if( e != NULL ) {
 496                         /* free reader lock */
 497                         cache_return_entry_r( &li->li_cache, e );
 498                 }
 499
 500                 ldap_pvt_thread_yield();
 501         }
 502
 503         send_search_result( conn, op,
 504                 v2refs == NULL ? LDAP_SUCCESS : LDAP_REFERRAL,
 505                 NULL, NULL, v2refs, NULL, nentries );
 506
 507         rc = 0;
 508
 509 done:
 510         ldap_pvt_thread_rdwr_runlock(&li->li_giant_rwlock);
 511
 512         if( candidates != NULL )
 513                 idl_free( candidates );
 514
 515         if( v2refs ) ber_bvarray_free( v2refs );
 516         if( realbase.bv_val ) free( realbase.bv_val );
 517
 518         return rc;
 519 }
 520
 521 static ID_BLOCK *
 522 base_candidate(
 523     Backend     *be,
 524         Entry   *e )
 525 {
 526         ID_BLOCK                *idl;
 527
 528 #ifdef NEW_LOGGING
 529         LDAP_LOG( BACK_LDBM, ENTRY, "base_candidate: base (%s)\n", e->e_dn, 0, 0 );
 530 #else
 531         Debug(LDAP_DEBUG_TRACE, "base_candidates: base: \"%s\"\n",
 532                 e->e_dn, 0, 0);
 533 #endif
 534
 535
 536         idl = idl_alloc( 1 );
 537         idl_insert( &idl, e->e_id, 1 );
 538
 539         return( idl );
 540 }
 541
 542 static ID_BLOCK *
 543 search_candidates(
 544     Backend     *be,
 545     Entry       *e,
 546     Filter      *filter,
 547     int         scope,
 548         int             deref,
 549         int             manageDSAit )
 550 {
 551         ID_BLOCK                *candidates;
 552         Filter          f, fand, rf, af, xf;
 553     AttributeAssertion aa_ref, aa_alias;
 554         struct berval bv_ref = { sizeof("REFERRAL")-1, "REFERRAL" };
 555         struct berval bv_alias = { sizeof("ALIAS")-1, "ALIAS" };
 556
 557 #ifdef NEW_LOGGING
 558         LDAP_LOG( BACK_LDBM, DETAIL1,
 559                    "search_candidates: base (%s) scope %d deref %d\n",
 560                    e->e_ndn, scope, deref );
 561 #else
 562         Debug(LDAP_DEBUG_TRACE,
 563                 "search_candidates: base=\"%s\" s=%d d=%d\n",
 564                 e->e_ndn, scope, deref );
 565 #endif
 566
 567
 568         xf.f_or = filter;
 569         xf.f_choice = LDAP_FILTER_OR;
 570         xf.f_next = NULL;
 571
 572         if( !manageDSAit ) {
 573                 /* match referrals */
 574                 rf.f_choice = LDAP_FILTER_EQUALITY;
 575                 rf.f_ava = &aa_ref;
 576                 rf.f_av_desc = slap_schema.si_ad_objectClass;
 577                 rf.f_av_value = bv_ref;
 578                 rf.f_next = xf.f_or;
 579                 xf.f_or = &rf;
 580         }
 581
 582         if( deref & LDAP_DEREF_SEARCHING ) {
 583                 /* match aliases */
 584                 af.f_choice = LDAP_FILTER_EQUALITY;
 585                 af.f_ava = &aa_alias;
 586                 af.f_av_desc = slap_schema.si_ad_objectClass;
 587                 af.f_av_value = bv_alias;
 588                 af.f_next = xf.f_or;
 589                 xf.f_or = &af;
 590         }
 591
 592         f.f_next = NULL;
 593         f.f_choice = LDAP_FILTER_AND;
 594         f.f_and = &fand;
 595         fand.f_choice = scope == LDAP_SCOPE_SUBTREE
 596                 ? SLAPD_FILTER_DN_SUBTREE
 597                 : SLAPD_FILTER_DN_ONE;
 598         fand.f_dn = &e->e_nname;
 599         fand.f_next = xf.f_or == filter ? filter : &xf ;
 600
 601         candidates = filter_candidates( be, &f );
 602
 603         return( candidates );
 604 }