1 /* search.c - ldbm backend search function */
4 * Copyright 1998-2003 The OpenLDAP Foundation, All Rights Reserved.
5 * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
12 #include <ac/string.h>
13 #include <ac/socket.h>
16 #include "back-ldbm.h"
17 #include "proto-back-ldbm.h"
19 static ID_BLOCK *base_candidate(
20 Backend *be, Entry *e );
22 static ID_BLOCK *search_candidates(
23 Operation *op, Entry *e, Filter *filter,
24 int scope, int deref, int manageDSAit );
32 struct ldbminfo *li = (struct ldbminfo *) op->o_bd->be_private;
34 const char *text = NULL;
39 Entry *matched = NULL;
40 struct berval realbase = { 0, NULL };
41 int manageDSAit = get_manageDSAit( op );
42 int cscope = LDAP_SCOPE_DEFAULT;
44 struct slap_limits_set *limit = NULL;
48 LDAP_LOG( BACK_LDBM, ENTRY, "ldbm_back_search: enter\n", 0, 0, 0 );
50 Debug(LDAP_DEBUG_TRACE, "=> ldbm_back_search\n", 0, 0, 0);
53 /* grab giant lock for reading */
54 ldap_pvt_thread_rdwr_rlock(&li->li_giant_rwlock);
56 if ( op->o_req_ndn.bv_len == 0 ) {
57 /* DIT root special case */
58 e = (Entry *) &slap_entry_root;
60 /* need normalized dn below */
61 ber_dupbv( &realbase, &e->e_nname );
63 candidates = search_candidates( op, e, op->oq_search.rs_filter,
64 op->oq_search.rs_scope, op->oq_search.rs_deref,
65 manageDSAit || get_domainScope(op) );
69 } else if ( op->oq_search.rs_deref & LDAP_DEREF_FINDING ) {
70 /* deref dn and get entry with reader lock */
71 e = deref_dn_r( op->o_bd, &op->o_req_ndn, &rs->sr_err, &matched, &rs->sr_text );
73 if( rs->sr_err == LDAP_NO_SUCH_OBJECT ) rs->sr_err = LDAP_REFERRAL;
76 /* get entry with reader lock */
77 e = dn2entry_r( op->o_bd, &op->o_req_ndn, &matched );
78 rs->sr_err = e != NULL ? LDAP_SUCCESS : LDAP_REFERRAL;
83 struct berval matched_dn = { 0, NULL };
85 if ( matched != NULL ) {
87 ber_dupbv( &matched_dn, &matched->e_name );
89 erefs = is_entry_referral( matched )
90 ? get_entry_referrals( op, matched )
93 cache_return_entry_r( &li->li_cache, matched );
96 rs->sr_ref = referral_rewrite( erefs, &matched_dn,
97 &op->o_req_dn, op->oq_search.rs_scope );
99 ber_bvarray_free( erefs );
103 rs->sr_ref = referral_rewrite( default_referral,
104 NULL, &op->o_req_dn, op->oq_search.rs_scope );
107 ldap_pvt_thread_rdwr_runlock(&li->li_giant_rwlock);
109 rs->sr_matched = matched_dn.bv_val;
110 send_ldap_result( op, rs );
112 ber_bvarray_free( rs->sr_ref );
113 ber_memfree( matched_dn.bv_val );
114 return LDAP_REFERRAL;
117 if (!manageDSAit && is_entry_referral( e ) ) {
118 /* entry is a referral, don't allow add */
119 struct berval matched_dn;
122 ber_dupbv( &matched_dn, &e->e_name );
123 erefs = get_entry_referrals( op, e );
126 cache_return_entry_r( &li->li_cache, e );
127 ldap_pvt_thread_rdwr_runlock(&li->li_giant_rwlock);
130 LDAP_LOG( BACK_LDBM, INFO,
131 "ldbm_search: entry (%s) is a referral.\n",
134 Debug( LDAP_DEBUG_TRACE,
135 "ldbm_search: entry is referral\n",
140 rs->sr_ref = referral_rewrite( erefs, &matched_dn,
141 &op->o_req_dn, op->oq_search.rs_scope );
143 ber_bvarray_free( erefs );
146 rs->sr_matched = matched_dn.bv_val;
148 rs->sr_err = LDAP_REFERRAL;
149 send_ldap_result( op, rs );
150 ber_bvarray_free( rs->sr_ref );
153 send_ldap_error( op, rs, LDAP_OTHER,
154 "bad referral object" );
157 ber_memfree( matched_dn.bv_val );
161 if ( is_entry_alias( e ) ) {
163 op->oq_search.rs_deref = LDAP_DEREF_NEVER;
166 if ( op->oq_search.rs_scope == LDAP_SCOPE_BASE ) {
167 cscope = LDAP_SCOPE_BASE;
168 candidates = base_candidate( op->o_bd, e );
171 cscope = ( op->oq_search.rs_scope != LDAP_SCOPE_SUBTREE )
172 ? LDAP_SCOPE_BASE : LDAP_SCOPE_SUBTREE;
173 candidates = search_candidates( op, e, op->oq_search.rs_filter,
174 op->oq_search.rs_scope, op->oq_search.rs_deref, manageDSAit );
177 /* need normalized dn below */
178 ber_dupbv( &realbase, &e->e_nname );
180 cache_return_entry_r( &li->li_cache, e );
183 if ( candidates == NULL ) {
186 LDAP_LOG( BACK_LDBM, INFO,
187 "ldbm_search: no candidates\n" , 0, 0, 0);
189 Debug( LDAP_DEBUG_TRACE, "ldbm_search: no candidates\n",
193 rs->sr_err = LDAP_SUCCESS;
194 send_ldap_result( op, rs );
200 /* if not root, get appropriate limits */
201 if ( be_isroot( op->o_bd, &op->o_ndn ) )
204 * FIXME: I'd consider this dangerous if someone
205 * uses isroot for anything but handling limits
209 ( void ) get_limits( op->o_bd, &op->o_ndn, &limit );
212 /* if candidates exceed to-be-checked entries, abort */
213 if ( !isroot && limit->lms_s_unchecked != -1 ) {
214 if ( ID_BLOCK_NIDS( candidates ) > (unsigned) limit->lms_s_unchecked ) {
215 send_ldap_error( op, rs, LDAP_ADMINLIMIT_EXCEEDED,
222 /* if root an no specific limit is required, allow unlimited search */
224 if ( op->oq_search.rs_tlimit == 0 ) {
225 op->oq_search.rs_tlimit = -1;
228 if ( op->oq_search.rs_slimit == 0 ) {
229 op->oq_search.rs_slimit = -1;
233 /* if no limit is required, use soft limit */
234 if ( op->oq_search.rs_tlimit <= 0 ) {
235 op->oq_search.rs_tlimit = limit->lms_t_soft;
237 /* if requested limit higher than hard limit, abort */
238 } else if ( op->oq_search.rs_tlimit > limit->lms_t_hard ) {
239 /* no hard limit means use soft instead */
240 if ( limit->lms_t_hard == 0
241 && limit->lms_t_soft > -1
242 && op->oq_search.rs_tlimit > limit->lms_t_soft ) {
243 op->oq_search.rs_tlimit = limit->lms_t_soft;
245 /* positive hard limit means abort */
246 } else if ( limit->lms_t_hard > 0 ) {
247 send_ldap_error( op, rs,
248 LDAP_ADMINLIMIT_EXCEEDED,
254 /* negative hard limit means no limit */
257 /* if no limit is required, use soft limit */
258 if ( op->oq_search.rs_slimit <= 0 ) {
259 op->oq_search.rs_slimit = limit->lms_s_soft;
261 /* if requested limit higher than hard limit, abort */
262 } else if ( op->oq_search.rs_slimit > limit->lms_s_hard ) {
263 /* no hard limit means use soft instead */
264 if ( limit->lms_s_hard == 0
265 && limit->lms_s_soft > -1
266 && op->oq_search.rs_slimit > limit->lms_s_soft ) {
267 op->oq_search.rs_slimit = limit->lms_s_soft;
269 /* positive hard limit means abort */
270 } else if ( limit->lms_s_hard > 0 ) {
271 send_ldap_error( op, rs,
272 LDAP_ADMINLIMIT_EXCEEDED,
278 /* negative hard limit means no limit */
282 /* compute it anyway; root does not use it */
283 stoptime = op->o_time + op->oq_search.rs_tlimit;
284 rs->sr_attrs = op->oq_search.rs_attrs;
286 for ( id = idl_firstid( candidates, &cursor ); id != NOID;
287 id = idl_nextid( candidates, &cursor ) )
292 /* check for abandon */
293 if ( op->o_abandon ) {
298 /* check time limit */
299 if ( op->oq_search.rs_tlimit != -1 && slap_get_time() > stoptime ) {
300 rs->sr_err = LDAP_TIMELIMIT_EXCEEDED;
301 send_ldap_result( op, rs );
306 /* get the entry with reader lock */
307 e = id2entry_r( op->o_bd, id );
311 LDAP_LOG( BACK_LDBM, INFO,
312 "ldbm_search: candidate %ld not found.\n", id, 0, 0 );
314 Debug( LDAP_DEBUG_TRACE,
315 "ldbm_search: candidate %ld not found\n",
324 #ifdef LDBM_SUBENTRIES
325 if ( is_entry_subentry( e ) ) {
326 if( op->oq_search.rs_scope != LDAP_SCOPE_BASE ) {
327 if(!get_subentries_visibility( op )) {
328 /* only subentries are visible */
331 } else if ( get_subentries( op ) &&
332 !get_subentries_visibility( op ))
334 /* only subentries are visible */
337 } else if ( get_subentries_visibility( op )) {
338 /* only subentries are visible */
343 if ( op->oq_search.rs_deref & LDAP_DEREF_SEARCHING && is_entry_alias( e ) ) {
348 e = deref_entry_r( op->o_bd, e, &err, &matched, &text );
355 if( e->e_id == id ) {
360 /* need to skip alias which deref into scope */
361 if( op->oq_search.rs_scope & LDAP_SCOPE_ONELEVEL ) {
363 dnParent( &e->e_nname, &pdn );
364 if ( ber_bvcmp( &pdn, &realbase ) ) {
368 } else if ( dnIsSuffix( &e->e_nname, &realbase ) ) {
369 /* alias is within scope */
371 LDAP_LOG( BACK_LDBM, DETAIL1,
372 "ldbm_search: alias \"%s\" in subtree\n", e->e_dn, 0, 0 );
374 Debug( LDAP_DEBUG_TRACE,
375 "ldbm_search: alias \"%s\" in subtree\n",
388 * if it's a referral, add it to the list of referrals. only do
389 * this for non-base searches, and don't check the filter
390 * explicitly here since it's only a candidate anyway.
392 if ( !manageDSAit && op->oq_search.rs_scope != LDAP_SCOPE_BASE &&
393 is_entry_referral( e ) )
398 if ( !scopeok && op->oq_search.rs_scope == LDAP_SCOPE_ONELEVEL ) {
399 if ( !be_issuffix( op->o_bd, &e->e_nname ) ) {
400 dnParent( &e->e_nname, &dn );
401 scopeok = dn_match( &dn, &realbase );
403 scopeok = (realbase.bv_len == 0);
406 } else if ( !scopeok && op->oq_search.rs_scope == LDAP_SCOPE_SUBTREE ) {
407 scopeok = dnIsSuffix( &e->e_nname, &realbase );
414 BerVarray erefs = get_entry_referrals( op, e );
415 rs->sr_ref = referral_rewrite( erefs,
417 op->oq_search.rs_scope == LDAP_SCOPE_SUBTREE
421 send_search_reference( op, rs );
423 ber_bvarray_free( rs->sr_ref );
428 LDAP_LOG( BACK_LDBM, DETAIL2,
429 "ldbm_search: candidate referral %ld scope not okay\n",
432 Debug( LDAP_DEBUG_TRACE,
433 "ldbm_search: candidate referral %ld scope not okay\n",
441 if ( !manageDSAit && is_entry_glue( e )) {
445 /* if it matches the filter and scope, send it */
446 result = test_filter( op, e, op->oq_search.rs_filter );
448 if ( result == LDAP_COMPARE_TRUE ) {
452 if ( !scopeok && op->oq_search.rs_scope == LDAP_SCOPE_ONELEVEL ) {
453 if ( !be_issuffix( op->o_bd, &e->e_nname ) ) {
454 dnParent( &e->e_nname, &dn );
455 scopeok = dn_match( &dn, &realbase );
457 scopeok = (realbase.bv_len == 0);
460 } else if ( !scopeok && op->oq_search.rs_scope == LDAP_SCOPE_SUBTREE ) {
461 scopeok = dnIsSuffix( &e->e_nname, &realbase );
468 /* check size limit */
469 if ( --op->oq_search.rs_slimit == -1 ) {
470 cache_return_entry_r( &li->li_cache, e );
471 rs->sr_err = LDAP_SIZELIMIT_EXCEEDED;
472 send_ldap_result( op, rs );
479 result = send_search_entry( op, rs );
482 case 0: /* entry sent ok */
484 case 1: /* entry not sent */
486 case -1: /* connection closed */
487 cache_return_entry_r( &li->li_cache, e );
494 LDAP_LOG( BACK_LDBM, DETAIL2,
495 "ldbm_search: candidate entry %ld scope not okay\n",
498 Debug( LDAP_DEBUG_TRACE,
499 "ldbm_search: candidate entry %ld scope not okay\n",
506 LDAP_LOG( BACK_LDBM, DETAIL2,
507 "ldbm_search: candidate entry %ld does not match filter\n",
510 Debug( LDAP_DEBUG_TRACE,
511 "ldbm_search: candidate entry %ld does not match filter\n",
518 /* free reader lock */
519 cache_return_entry_r( &li->li_cache, e );
522 ldap_pvt_thread_yield();
525 rs->sr_err = rs->sr_v2ref ? LDAP_REFERRAL : LDAP_SUCCESS;
526 rs->sr_ref = rs->sr_v2ref;
527 send_ldap_result( op, rs );
532 ldap_pvt_thread_rdwr_runlock(&li->li_giant_rwlock);
534 if( candidates != NULL )
535 idl_free( candidates );
537 if( rs->sr_v2ref ) ber_bvarray_free( rs->sr_v2ref );
538 if( realbase.bv_val ) free( realbase.bv_val );
551 LDAP_LOG( BACK_LDBM, ENTRY, "base_candidate: base (%s)\n", e->e_dn, 0, 0 );
553 Debug(LDAP_DEBUG_TRACE, "base_candidates: base: \"%s\"\n",
558 idl = idl_alloc( 1 );
559 idl_insert( &idl, e->e_id, 1 );
573 ID_BLOCK *candidates;
574 Filter f, fand, rf, af, xf;
575 AttributeAssertion aa_ref, aa_alias;
576 struct berval bv_ref = { sizeof("referral")-1, "referral" };
577 struct berval bv_alias = { sizeof("alias")-1, "alias" };
578 #ifdef LDBM_SUBENTRIES
580 AttributeAssertion aa_subentry;
584 LDAP_LOG( BACK_LDBM, DETAIL1,
585 "search_candidates: base (%s) scope %d deref %d\n",
586 e->e_ndn, scope, deref );
588 Debug(LDAP_DEBUG_TRACE,
589 "search_candidates: base=\"%s\" s=%d d=%d\n",
590 e->e_ndn, scope, deref );
595 xf.f_choice = LDAP_FILTER_OR;
599 /* match referrals */
600 rf.f_choice = LDAP_FILTER_EQUALITY;
602 rf.f_av_desc = slap_schema.si_ad_objectClass;
603 rf.f_av_value = bv_ref;
608 if( deref & LDAP_DEREF_SEARCHING ) {
610 af.f_choice = LDAP_FILTER_EQUALITY;
611 af.f_ava = &aa_alias;
612 af.f_av_desc = slap_schema.si_ad_objectClass;
613 af.f_av_value = bv_alias;
619 f.f_choice = LDAP_FILTER_AND;
621 fand.f_choice = scope == LDAP_SCOPE_SUBTREE
622 ? SLAPD_FILTER_DN_SUBTREE
623 : SLAPD_FILTER_DN_ONE;
624 fand.f_dn = &e->e_nname;
625 fand.f_next = xf.f_or == filter ? filter : &xf ;
627 #ifdef LDBM_SUBENTRIES
628 if ( get_subentries_visibility( op )) {
629 struct berval bv_subentry = { sizeof("SUBENTRY")-1, "SUBENTRY" };
630 sf.f_choice = LDAP_FILTER_EQUALITY;
631 sf.f_ava = &aa_subentry;
632 sf.f_av_desc = slap_schema.si_ad_objectClass;
633 sf.f_av_value = bv_subentry;
634 sf.f_next = fand.f_next;
639 candidates = filter_candidates( op, &f );
641 return( candidates );