1 /* search.c - ldbm backend search function */
4 * Copyright 1998-2003 The OpenLDAP Foundation, All Rights Reserved.
5 * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
12 #include <ac/string.h>
13 #include <ac/socket.h>
16 #include "back-ldbm.h"
17 #include "proto-back-ldbm.h"
19 static ID_BLOCK *base_candidate(
20 Backend *be, Entry *e );
22 static ID_BLOCK *search_candidates(
23 Operation *op, Entry *e, Filter *filter,
24 int scope, int deref, int manageDSAit );
32 struct ldbminfo *li = (struct ldbminfo *) op->o_bd->be_private;
34 const char *text = NULL;
39 Entry *matched = NULL;
40 struct berval realbase = { 0, NULL };
41 int manageDSAit = get_manageDSAit( op );
42 int cscope = LDAP_SCOPE_DEFAULT;
45 Entry cache_base_entry;
46 #endif /* LDAP_CACHING */
48 struct slap_limits_set *limit = NULL;
52 LDAP_LOG( BACK_LDBM, ENTRY, "ldbm_back_search: enter\n", 0, 0, 0 );
54 Debug(LDAP_DEBUG_TRACE, "=> ldbm_back_search\n", 0, 0, 0);
57 /* grab giant lock for reading */
58 ldap_pvt_thread_rdwr_rlock(&li->li_giant_rwlock);
61 if ( op->o_req_ndn.bv_len == 0 ) {
62 /* DIT root special case */
63 e = (Entry *) &slap_entry_root;
65 /* need normalized dn below */
66 ber_dupbv( &realbase, &e->e_nname );
68 #else /* LDAP_CACHING */
69 if ( op->o_caching_on || op->o_req_ndn.bv_len == 0 ) {
70 if (op->o_req_ndn.bv_len == 0) {
71 e = (Entry *) &slap_entry_root;
72 /* need normalized dn below */
73 ber_dupbv( &realbase, &e->e_nname );
75 if ((op->oq_search.rs_scope == LDAP_SCOPE_BASE)
76 && (e = dn2entry_r( op->o_bd, &op->o_req_ndn, &matched )))
78 candidates = base_candidate(op->o_bd, e);
79 cache_return_entry_r( &li->li_cache, e );
82 cache_base_entry.e_nname = op->o_req_ndn;
83 e = &cache_base_entry;
85 #endif /* LDAP_CACHING */
87 candidates = search_candidates( op, e, op->oq_search.rs_filter,
88 op->oq_search.rs_scope, op->oq_search.rs_deref,
89 manageDSAit || get_domainScope(op) );
93 } else if ( op->oq_search.rs_deref & LDAP_DEREF_FINDING ) {
94 /* deref dn and get entry with reader lock */
95 e = deref_dn_r( op->o_bd, &op->o_req_ndn, &rs->sr_err, &matched, &rs->sr_text );
97 if( rs->sr_err == LDAP_NO_SUCH_OBJECT ) rs->sr_err = LDAP_REFERRAL;
100 /* get entry with reader lock */
101 e = dn2entry_r( op->o_bd, &op->o_req_ndn, &matched );
102 rs->sr_err = e != NULL ? LDAP_SUCCESS : LDAP_REFERRAL;
107 struct berval matched_dn = { 0, NULL };
109 if ( matched != NULL ) {
111 ber_dupbv( &matched_dn, &matched->e_name );
113 erefs = is_entry_referral( matched )
114 ? get_entry_referrals( op, matched )
117 cache_return_entry_r( &li->li_cache, matched );
120 rs->sr_ref = referral_rewrite( erefs, &matched_dn,
121 &op->o_req_dn, op->oq_search.rs_scope );
123 ber_bvarray_free( erefs );
127 rs->sr_ref = referral_rewrite( default_referral,
128 NULL, &op->o_req_dn, op->oq_search.rs_scope );
131 ldap_pvt_thread_rdwr_runlock(&li->li_giant_rwlock);
133 rs->sr_matched = matched_dn.bv_val;
134 send_ldap_result( op, rs );
136 ber_bvarray_free( rs->sr_ref );
137 ber_memfree( matched_dn.bv_val );
139 return LDAP_REFERRAL;
145 if (!manageDSAit && is_entry_referral( e ) ) {
146 /* entry is a referral, don't allow add */
147 struct berval matched_dn;
150 ber_dupbv( &matched_dn, &e->e_name );
151 erefs = get_entry_referrals( op, e );
154 cache_return_entry_r( &li->li_cache, e );
155 ldap_pvt_thread_rdwr_runlock(&li->li_giant_rwlock);
158 LDAP_LOG( BACK_LDBM, INFO,
159 "ldbm_search: entry (%s) is a referral.\n",
162 Debug( LDAP_DEBUG_TRACE,
163 "ldbm_search: entry is referral\n",
168 rs->sr_ref = referral_rewrite( erefs, &matched_dn,
169 &op->o_req_dn, op->oq_search.rs_scope );
171 ber_bvarray_free( erefs );
174 rs->sr_matched = matched_dn.bv_val;
176 rs->sr_err = LDAP_REFERRAL;
177 send_ldap_result( op, rs );
178 ber_bvarray_free( rs->sr_ref );
181 send_ldap_error( op, rs, LDAP_OTHER,
182 "bad referral object" );
185 ber_memfree( matched_dn.bv_val );
193 if ( is_entry_alias( e ) ) {
195 op->oq_search.rs_deref = LDAP_DEREF_NEVER;
198 if ( op->oq_search.rs_scope == LDAP_SCOPE_BASE ) {
199 cscope = LDAP_SCOPE_BASE;
200 candidates = base_candidate( op->o_bd, e );
203 cscope = ( op->oq_search.rs_scope != LDAP_SCOPE_SUBTREE )
204 ? LDAP_SCOPE_BASE : LDAP_SCOPE_SUBTREE;
205 candidates = search_candidates( op, e, op->oq_search.rs_filter,
206 op->oq_search.rs_scope, op->oq_search.rs_deref, manageDSAit );
209 /* need normalized dn below */
210 ber_dupbv( &realbase, &e->e_nname );
212 cache_return_entry_r( &li->li_cache, e );
215 if ( candidates == NULL ) {
218 LDAP_LOG( BACK_LDBM, INFO,
219 "ldbm_search: no candidates\n" , 0, 0, 0);
221 Debug( LDAP_DEBUG_TRACE, "ldbm_search: no candidates\n",
225 if ( op->o_caching_on ) {
226 ldap_pvt_thread_rdwr_runlock(&li->li_giant_rwlock);
228 #endif /* LDAP_CACHING */
230 rs->sr_err = LDAP_SUCCESS;
231 send_ldap_result( op, rs );
234 if ( op->o_caching_on ) {
235 ldap_pvt_thread_rdwr_rlock(&li->li_giant_rwlock);
237 #endif /* LDAP_CACHING */
247 /* if not root, get appropriate limits */
249 if ( be_isroot( op->o_bd, &op->o_ndn ) )
250 #else /* LDAP_CACHING */
251 if ( op->o_caching_on || be_isroot( op->o_bd, &op->o_ndn ) )
252 #endif /* LDAP_CACHING */
255 * FIXME: I'd consider this dangerous if someone
256 * uses isroot for anything but handling limits
260 ( void ) get_limits( op->o_bd, &op->o_ndn, &limit );
263 /* if candidates exceed to-be-checked entries, abort */
264 if ( !isroot && limit->lms_s_unchecked != -1 ) {
265 if ( ID_BLOCK_NIDS( candidates ) > (unsigned) limit->lms_s_unchecked ) {
266 send_ldap_error( op, rs, LDAP_ADMINLIMIT_EXCEEDED,
273 /* if root an no specific limit is required, allow unlimited search */
275 if ( op->oq_search.rs_tlimit == 0 ) {
276 op->oq_search.rs_tlimit = -1;
279 if ( op->oq_search.rs_slimit == 0 ) {
280 op->oq_search.rs_slimit = -1;
284 /* if no limit is required, use soft limit */
285 if ( op->oq_search.rs_tlimit <= 0 ) {
286 op->oq_search.rs_tlimit = limit->lms_t_soft;
288 /* if requested limit higher than hard limit, abort */
289 } else if ( op->oq_search.rs_tlimit > limit->lms_t_hard ) {
290 /* no hard limit means use soft instead */
291 if ( limit->lms_t_hard == 0
292 && limit->lms_t_soft > -1
293 && op->oq_search.rs_tlimit > limit->lms_t_soft ) {
294 op->oq_search.rs_tlimit = limit->lms_t_soft;
296 /* positive hard limit means abort */
297 } else if ( limit->lms_t_hard > 0 ) {
298 send_ldap_error( op, rs,
299 LDAP_ADMINLIMIT_EXCEEDED,
305 /* negative hard limit means no limit */
308 /* if no limit is required, use soft limit */
309 if ( op->oq_search.rs_slimit <= 0 ) {
310 op->oq_search.rs_slimit = limit->lms_s_soft;
312 /* if requested limit higher than hard limit, abort */
313 } else if ( op->oq_search.rs_slimit > limit->lms_s_hard ) {
314 /* no hard limit means use soft instead */
315 if ( limit->lms_s_hard == 0
316 && limit->lms_s_soft > -1
317 && op->oq_search.rs_slimit > limit->lms_s_soft ) {
318 op->oq_search.rs_slimit = limit->lms_s_soft;
320 /* positive hard limit means abort */
321 } else if ( limit->lms_s_hard > 0 ) {
322 send_ldap_error( op, rs,
323 LDAP_ADMINLIMIT_EXCEEDED,
329 /* negative hard limit means no limit */
333 /* compute it anyway; root does not use it */
334 stoptime = op->o_time + op->oq_search.rs_tlimit;
335 rs->sr_attrs = op->oq_search.rs_attrs;
337 for ( id = idl_firstid( candidates, &cursor ); id != NOID;
338 id = idl_nextid( candidates, &cursor ) )
343 /* check for abandon */
344 if ( op->o_abandon ) {
349 /* check time limit */
350 if ( op->oq_search.rs_tlimit != -1 && slap_get_time() > stoptime ) {
351 rs->sr_err = LDAP_TIMELIMIT_EXCEEDED;
352 send_ldap_result( op, rs );
357 /* get the entry with reader lock */
358 e = id2entry_r( op->o_bd, id );
362 LDAP_LOG( BACK_LDBM, INFO,
363 "ldbm_search: candidate %ld not found.\n", id, 0, 0 );
365 Debug( LDAP_DEBUG_TRACE,
366 "ldbm_search: candidate %ld not found\n",
375 #ifdef LDBM_SUBENTRIES
376 if ( is_entry_subentry( e ) ) {
377 if( op->oq_search.rs_scope != LDAP_SCOPE_BASE ) {
378 if(!get_subentries_visibility( op )) {
379 /* only subentries are visible */
382 } else if ( get_subentries( op ) &&
383 !get_subentries_visibility( op ))
385 /* only subentries are visible */
388 } else if ( get_subentries_visibility( op )) {
389 /* only subentries are visible */
395 if ( !op->o_caching_on ) {
396 #endif /* LDAP_CACHING */
398 if ( op->oq_search.rs_deref & LDAP_DEREF_SEARCHING && is_entry_alias( e ) ) {
403 e = deref_entry_r( op->o_bd, e, &err, &matched, &text );
410 if( e->e_id == id ) {
415 /* need to skip alias which deref into scope */
416 if( op->oq_search.rs_scope & LDAP_SCOPE_ONELEVEL ) {
418 dnParent( &e->e_nname, &pdn );
419 if ( ber_bvcmp( &pdn, &realbase ) ) {
423 } else if ( dnIsSuffix( &e->e_nname, &realbase ) ) {
424 /* alias is within scope */
426 LDAP_LOG( BACK_LDBM, DETAIL1,
427 "ldbm_search: alias \"%s\" in subtree\n", e->e_dn, 0, 0 );
429 Debug( LDAP_DEBUG_TRACE,
430 "ldbm_search: alias \"%s\" in subtree\n",
443 * if it's a referral, add it to the list of referrals. only do
444 * this for non-base searches, and don't check the filter
445 * explicitly here since it's only a candidate anyway.
447 if ( !manageDSAit && op->oq_search.rs_scope != LDAP_SCOPE_BASE &&
448 is_entry_referral( e ) )
453 if ( !scopeok && op->oq_search.rs_scope == LDAP_SCOPE_ONELEVEL ) {
454 if ( !be_issuffix( op->o_bd, &e->e_nname ) ) {
455 dnParent( &e->e_nname, &dn );
456 scopeok = dn_match( &dn, &realbase );
458 scopeok = (realbase.bv_len == 0);
461 } else if ( !scopeok && op->oq_search.rs_scope == LDAP_SCOPE_SUBTREE ) {
462 scopeok = dnIsSuffix( &e->e_nname, &realbase );
469 BerVarray erefs = get_entry_referrals( op, e );
470 rs->sr_ref = referral_rewrite( erefs,
472 op->oq_search.rs_scope == LDAP_SCOPE_SUBTREE
476 send_search_reference( op, rs );
478 ber_bvarray_free( rs->sr_ref );
483 LDAP_LOG( BACK_LDBM, DETAIL2,
484 "ldbm_search: candidate referral %ld scope not okay\n",
487 Debug( LDAP_DEBUG_TRACE,
488 "ldbm_search: candidate referral %ld scope not okay\n",
498 #endif /* LDAP_CACHING */
501 if ( !manageDSAit && is_entry_glue( e )) {
506 /* if it matches the filter and scope, send it */
507 result = test_filter( op, e, op->oq_search.rs_filter );
509 if ( result == LDAP_COMPARE_TRUE ) {
513 if ( !scopeok && op->oq_search.rs_scope == LDAP_SCOPE_ONELEVEL ) {
514 if ( !be_issuffix( op->o_bd, &e->e_nname ) ) {
515 dnParent( &e->e_nname, &dn );
516 scopeok = dn_match( &dn, &realbase );
518 scopeok = (realbase.bv_len == 0);
521 } else if ( !scopeok && op->oq_search.rs_scope == LDAP_SCOPE_SUBTREE ) {
522 scopeok = dnIsSuffix( &e->e_nname, &realbase );
529 /* check size limit */
530 if ( --op->oq_search.rs_slimit == -1 ) {
531 cache_return_entry_r( &li->li_cache, e );
532 rs->sr_err = LDAP_SIZELIMIT_EXCEEDED;
533 send_ldap_result( op, rs );
541 if ( op->o_caching_on ) {
542 ldap_pvt_thread_rdwr_runlock(&li->li_giant_rwlock);
543 cache_return_entry_r( &li->li_cache, e );
545 #endif /* LDAP_CACHING */
547 result = send_search_entry( op, rs );
550 if ( op->o_caching_on ) {
551 ldap_pvt_thread_rdwr_rlock( &li->li_giant_rwlock );
553 #endif /* LDAP_CACHING */
557 case 0: /* entry sent ok */
559 case 1: /* entry not sent */
561 case -1: /* connection closed */
562 cache_return_entry_r( &li->li_cache, e );
569 LDAP_LOG( BACK_LDBM, DETAIL2,
570 "ldbm_search: candidate entry %ld scope not okay\n",
573 Debug( LDAP_DEBUG_TRACE,
574 "ldbm_search: candidate entry %ld scope not okay\n",
581 LDAP_LOG( BACK_LDBM, DETAIL2,
582 "ldbm_search: candidate entry %ld does not match filter\n",
585 Debug( LDAP_DEBUG_TRACE,
586 "ldbm_search: candidate entry %ld does not match filter\n",
593 /* free reader lock */
595 cache_return_entry_r( &li->li_cache, e );
596 #else /* LDAP_CACHING */
597 if ( !op->o_caching_on ) {
598 cache_return_entry_r( &li->li_cache, e );
600 #endif /* LDAP_CACHING */
603 ldap_pvt_thread_yield();
606 rs->sr_err = rs->sr_v2ref ? LDAP_REFERRAL : LDAP_SUCCESS;
607 rs->sr_ref = rs->sr_v2ref;
608 send_ldap_result( op, rs );
613 ldap_pvt_thread_rdwr_runlock(&li->li_giant_rwlock);
615 if( candidates != NULL )
616 idl_free( candidates );
618 if( rs->sr_v2ref ) ber_bvarray_free( rs->sr_v2ref );
619 if( realbase.bv_val ) free( realbase.bv_val );
632 LDAP_LOG( BACK_LDBM, ENTRY, "base_candidate: base (%s)\n", e->e_dn, 0, 0 );
634 Debug(LDAP_DEBUG_TRACE, "base_candidates: base: \"%s\"\n",
639 idl = idl_alloc( 1 );
640 idl_insert( &idl, e->e_id, 1 );
654 ID_BLOCK *candidates;
655 Filter f, fand, rf, af, xf;
656 AttributeAssertion aa_ref, aa_alias;
657 struct berval bv_ref = { sizeof("referral")-1, "referral" };
658 struct berval bv_alias = { sizeof("alias")-1, "alias" };
659 #ifdef LDBM_SUBENTRIES
661 AttributeAssertion aa_subentry;
665 LDAP_LOG( BACK_LDBM, DETAIL1,
666 "search_candidates: base (%s) scope %d deref %d\n",
667 e->e_ndn, scope, deref );
669 Debug(LDAP_DEBUG_TRACE,
670 "search_candidates: base=\"%s\" s=%d d=%d\n",
671 e->e_ndn, scope, deref );
676 xf.f_choice = LDAP_FILTER_OR;
680 /* match referrals */
681 rf.f_choice = LDAP_FILTER_EQUALITY;
683 rf.f_av_desc = slap_schema.si_ad_objectClass;
684 rf.f_av_value = bv_ref;
689 if( deref & LDAP_DEREF_SEARCHING ) {
691 af.f_choice = LDAP_FILTER_EQUALITY;
692 af.f_ava = &aa_alias;
693 af.f_av_desc = slap_schema.si_ad_objectClass;
694 af.f_av_value = bv_alias;
700 f.f_choice = LDAP_FILTER_AND;
702 fand.f_choice = scope == LDAP_SCOPE_SUBTREE
703 ? SLAPD_FILTER_DN_SUBTREE
704 : SLAPD_FILTER_DN_ONE;
705 fand.f_dn = &e->e_nname;
706 fand.f_next = xf.f_or == filter ? filter : &xf ;
708 #ifdef LDBM_SUBENTRIES
709 if ( get_subentries_visibility( op )) {
710 struct berval bv_subentry = { sizeof("SUBENTRY")-1, "SUBENTRY" };
711 sf.f_choice = LDAP_FILTER_EQUALITY;
712 sf.f_ava = &aa_subentry;
713 sf.f_av_desc = slap_schema.si_ad_objectClass;
714 sf.f_av_value = bv_subentry;
715 sf.f_next = fand.f_next;
720 candidates = filter_candidates( op, &f );
722 return( candidates );