1 /* search.c - ldbm backend search function */
4 * Copyright 1998-2003 The OpenLDAP Foundation, All Rights Reserved.
5 * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
12 #include <ac/string.h>
13 #include <ac/socket.h>
16 #include "back-ldbm.h"
17 #include "proto-back-ldbm.h"
19 static ID_BLOCK *base_candidate(
20 Backend *be, Entry *e );
22 static ID_BLOCK *search_candidates(
23 Backend *be, Entry *e, Filter *filter,
24 int scope, int deref, int manageDSAit );
32 struct ldbminfo *li = (struct ldbminfo *) op->o_bd->be_private;
34 const char *text = NULL;
39 Entry *matched = NULL;
40 struct berval realbase = { 0, NULL };
41 int manageDSAit = get_manageDSAit( op );
42 int cscope = LDAP_SCOPE_DEFAULT;
46 Entry cache_base_entry;
47 #endif /* LDAP_CACHING */
49 struct slap_limits_set *limit = NULL;
53 LDAP_LOG( BACK_LDBM, ENTRY, "ldbm_back_search: enter\n", 0, 0, 0 );
55 Debug(LDAP_DEBUG_TRACE, "=> ldbm_back_search\n", 0, 0, 0);
58 /* grab giant lock for reading */
59 ldap_pvt_thread_rdwr_rlock(&li->li_giant_rwlock);
62 if ( op->o_req_ndn.bv_len == 0 ) {
63 /* DIT root special case */
64 e = (Entry *) &slap_entry_root;
66 /* need normalized dn below */
67 ber_dupbv( &realbase, &e->e_nname );
69 #else /* LDAP_CACHING */
70 if ( op->o_caching_on || op->o_req_ndn.bv_len == 0 ) {
71 if (op->o_req_ndn.bv_len == 0) {
72 e = (Entry *) &slap_entry_root;
73 /* need normalized dn below */
74 ber_dupbv( &realbase, &e->e_nname );
76 if ((scope == LDAP_SCOPE_BASE)
77 && (e = dn2entry_r( op->o_bd, &op->o_req_ndn &matched )))
79 candidates = base_candidate(op->o_bd,e);
80 cache_return_entry_r( &li->li_cache, e );
83 cache_base_entry.e_nname = *nbase;
84 e = &cache_base_entry;
86 #endif /* LDAP_CACHING */
88 candidates = search_candidates( op->o_bd, e, op->oq_search.rs_filter,
89 op->oq_search.rs_scope, op->oq_search.rs_deref,
90 manageDSAit || get_domainScope(op) );
94 } else if ( op->oq_search.rs_deref & LDAP_DEREF_FINDING ) {
95 /* deref dn and get entry with reader lock */
96 e = deref_dn_r( op->o_bd, &op->o_req_ndn, &rs->sr_err, &matched, &rs->sr_text );
98 if( rs->sr_err == LDAP_NO_SUCH_OBJECT ) rs->sr_err = LDAP_REFERRAL;
101 /* get entry with reader lock */
102 e = dn2entry_r( op->o_bd, &op->o_req_ndn, &matched );
103 rs->sr_err = e != NULL ? LDAP_SUCCESS : LDAP_REFERRAL;
108 struct berval matched_dn = { 0, NULL };
110 if ( matched != NULL ) {
112 ber_dupbv( &matched_dn, &matched->e_name );
114 erefs = is_entry_referral( matched )
115 ? get_entry_referrals( op, matched )
118 cache_return_entry_r( &li->li_cache, matched );
121 rs->sr_ref = referral_rewrite( erefs, &matched_dn,
122 &op->o_req_dn, op->oq_search.rs_scope );
124 ber_bvarray_free( erefs );
128 rs->sr_ref = referral_rewrite( default_referral,
129 NULL, &op->o_req_dn, op->oq_search.rs_scope );
132 ldap_pvt_thread_rdwr_runlock(&li->li_giant_rwlock);
134 rs->sr_matched = matched_dn.bv_val;
135 send_ldap_result( op, rs );
137 ber_bvarray_free( rs->sr_ref );
138 ber_memfree( matched_dn.bv_val );
142 if (!manageDSAit && is_entry_referral( e ) ) {
143 /* entry is a referral, don't allow add */
144 struct berval matched_dn;
147 ber_dupbv( &matched_dn, &e->e_name );
148 erefs = get_entry_referrals( op, e );
151 cache_return_entry_r( &li->li_cache, e );
152 ldap_pvt_thread_rdwr_runlock(&li->li_giant_rwlock);
155 LDAP_LOG( BACK_LDBM, INFO,
156 "ldbm_search: entry (%s) is a referral.\n",
159 Debug( LDAP_DEBUG_TRACE,
160 "ldbm_search: entry is referral\n",
165 rs->sr_ref = referral_rewrite( erefs, &matched_dn,
166 &op->o_req_dn, op->oq_search.rs_scope );
168 ber_bvarray_free( erefs );
171 rs->sr_matched = matched_dn.bv_val;
173 rs->sr_err = LDAP_REFERRAL;
174 send_ldap_result( op, rs );
175 ber_bvarray_free( rs->sr_ref );
178 send_ldap_error( op, rs, LDAP_OTHER,
179 "bad referral object" );
182 ber_memfree( matched_dn.bv_val );
186 if ( is_entry_alias( e ) ) {
188 op->oq_search.rs_deref = LDAP_DEREF_NEVER;
191 if ( op->oq_search.rs_scope == LDAP_SCOPE_BASE ) {
192 cscope = LDAP_SCOPE_BASE;
193 candidates = base_candidate( op->o_bd, e );
196 cscope = ( op->oq_search.rs_scope != LDAP_SCOPE_SUBTREE )
197 ? LDAP_SCOPE_BASE : LDAP_SCOPE_SUBTREE;
198 candidates = search_candidates( op->o_bd, e, op->oq_search.rs_filter,
199 op->oq_search.rs_scope, op->oq_search.rs_deref, manageDSAit );
202 /* need normalized dn below */
203 ber_dupbv( &realbase, &e->e_nname );
205 cache_return_entry_r( &li->li_cache, e );
208 if ( candidates == NULL ) {
211 LDAP_LOG( BACK_LDBM, INFO,
212 "ldbm_search: no candidates\n" , 0, 0, 0);
214 Debug( LDAP_DEBUG_TRACE, "ldbm_search: no candidates\n",
218 if ( op->o_caching_on ) {
219 ldap_pvt_thread_rdwr_runlock(&li->li_giant_rwlock);
221 #endif /* LDAP_CACHING */
223 rs->sr_err = LDAP_SUCCESS;
224 send_search_result( op, rs );
227 if ( op->o_caching_on ) {
228 ldap_pvt_thread_rdwr_rlock(&li->li_giant_rwlock);
230 #endif /* LDAP_CACHING */
236 /* if not root, get appropriate limits */
238 if ( be_isroot( op->o_bd, &op->o_ndn ) )
239 #else /* LDAP_CACHING */
240 if ( op->o_caching_on || be_isroot( op->o_bd, &op->o_ndn ) )
241 #endif /* LDAP_CACHING */
244 * FIXME: I'd consider this dangerous if someone
245 * uses isroot for anything but handling limits
249 ( void ) get_limits( op->o_bd, &op->o_ndn, &limit );
252 /* if candidates exceed to-be-checked entries, abort */
253 if ( !isroot && limit->lms_s_unchecked != -1 ) {
254 if ( ID_BLOCK_NIDS( candidates ) > (unsigned) limit->lms_s_unchecked ) {
255 send_ldap_error( op, rs, LDAP_ADMINLIMIT_EXCEEDED,
262 /* if root an no specific limit is required, allow unlimited search */
264 if ( op->oq_search.rs_tlimit == 0 ) {
265 op->oq_search.rs_tlimit = -1;
268 if ( op->oq_search.rs_slimit == 0 ) {
269 op->oq_search.rs_slimit = -1;
273 /* if no limit is required, use soft limit */
274 if ( op->oq_search.rs_tlimit <= 0 ) {
275 op->oq_search.rs_tlimit = limit->lms_t_soft;
277 /* if requested limit higher than hard limit, abort */
278 } else if ( op->oq_search.rs_tlimit > limit->lms_t_hard ) {
279 /* no hard limit means use soft instead */
280 if ( limit->lms_t_hard == 0
281 && limit->lms_t_soft > -1
282 && op->oq_search.rs_tlimit > limit->lms_t_soft ) {
283 op->oq_search.rs_tlimit = limit->lms_t_soft;
285 /* positive hard limit means abort */
286 } else if ( limit->lms_t_hard > 0 ) {
287 send_ldap_error( op, rs,
288 LDAP_ADMINLIMIT_EXCEEDED,
294 /* negative hard limit means no limit */
297 /* if no limit is required, use soft limit */
298 if ( op->oq_search.rs_slimit <= 0 ) {
299 op->oq_search.rs_slimit = limit->lms_s_soft;
301 /* if requested limit higher than hard limit, abort */
302 } else if ( op->oq_search.rs_slimit > limit->lms_s_hard ) {
303 /* no hard limit means use soft instead */
304 if ( limit->lms_s_hard == 0
305 && limit->lms_s_soft > -1
306 && op->oq_search.rs_slimit > limit->lms_s_soft ) {
307 op->oq_search.rs_slimit = limit->lms_s_soft;
309 /* positive hard limit means abort */
310 } else if ( limit->lms_s_hard > 0 ) {
311 send_ldap_error( op, rs,
312 LDAP_ADMINLIMIT_EXCEEDED,
318 /* negative hard limit means no limit */
322 /* compute it anyway; root does not use it */
323 stoptime = op->o_time + op->oq_search.rs_tlimit;
324 rs->sr_attrs = op->oq_search.rs_attrs;
326 for ( id = idl_firstid( candidates, &cursor ); id != NOID;
327 id = idl_nextid( candidates, &cursor ) )
332 /* check for abandon */
333 if ( op->o_abandon ) {
338 /* check time limit */
339 if ( op->oq_search.rs_tlimit != -1 && slap_get_time() > stoptime ) {
340 rs->sr_err = LDAP_TIMELIMIT_EXCEEDED;
341 rs->sr_nentries = nentries;
342 send_search_result( op, rs );
347 /* get the entry with reader lock */
348 e = id2entry_r( op->o_bd, id );
352 LDAP_LOG( BACK_LDBM, INFO,
353 "ldbm_search: candidate %ld not found.\n", id, 0, 0 );
355 Debug( LDAP_DEBUG_TRACE,
356 "ldbm_search: candidate %ld not found\n",
365 if ( !op->o_caching_on ) {
366 #endif /* LDAP_CACHING */
368 if ( op->oq_search.rs_deref & LDAP_DEREF_SEARCHING && is_entry_alias( e ) ) {
373 e = deref_entry_r( op->o_bd, e, &err, &matched, &text );
380 if( e->e_id == id ) {
385 /* need to skip alias which deref into scope */
386 if( op->oq_search.rs_scope & LDAP_SCOPE_ONELEVEL ) {
388 dnParent( &e->e_nname, &pdn );
389 if ( ber_bvcmp( &pdn, &realbase ) ) {
393 } else if ( dnIsSuffix( &e->e_nname, &realbase ) ) {
394 /* alias is within scope */
396 LDAP_LOG( BACK_LDBM, DETAIL1,
397 "ldbm_search: alias \"%s\" in subtree\n", e->e_dn, 0, 0 );
399 Debug( LDAP_DEBUG_TRACE,
400 "ldbm_search: alias \"%s\" in subtree\n",
413 * if it's a referral, add it to the list of referrals. only do
414 * this for non-base searches, and don't check the filter
415 * explicitly here since it's only a candidate anyway.
417 if ( !manageDSAit && op->oq_search.rs_scope != LDAP_SCOPE_BASE &&
418 is_entry_referral( e ) )
423 if ( !scopeok && op->oq_search.rs_scope == LDAP_SCOPE_ONELEVEL ) {
424 if ( !be_issuffix( op->o_bd, &e->e_nname ) ) {
425 dnParent( &e->e_nname, &dn );
426 scopeok = dn_match( &dn, &realbase );
428 scopeok = (realbase.bv_len == 0);
431 } else if ( !scopeok && op->oq_search.rs_scope == LDAP_SCOPE_SUBTREE ) {
432 scopeok = dnIsSuffix( &e->e_nname, &realbase );
439 BerVarray erefs = get_entry_referrals( op, e );
440 rs->sr_ref = referral_rewrite( erefs,
442 op->oq_search.rs_scope == LDAP_SCOPE_SUBTREE
446 send_search_reference( op, rs );
448 ber_bvarray_free( rs->sr_ref );
453 LDAP_LOG( BACK_LDBM, DETAIL2,
454 "ldbm_search: candidate referral %ld scope not okay\n",
457 Debug( LDAP_DEBUG_TRACE,
458 "ldbm_search: candidate referral %ld scope not okay\n",
468 #endif /* LDAP_CACHING */
470 /* if it matches the filter and scope, send it */
471 result = test_filter( op, e, op->oq_search.rs_filter );
473 if ( result == LDAP_COMPARE_TRUE ) {
477 if ( !scopeok && op->oq_search.rs_scope == LDAP_SCOPE_ONELEVEL ) {
478 if ( !be_issuffix( op->o_bd, &e->e_nname ) ) {
479 dnParent( &e->e_nname, &dn );
480 scopeok = dn_match( &dn, &realbase );
482 scopeok = (realbase.bv_len == 0);
485 } else if ( !scopeok && op->oq_search.rs_scope == LDAP_SCOPE_SUBTREE ) {
486 scopeok = dnIsSuffix( &e->e_nname, &realbase );
493 /* check size limit */
494 if ( --op->oq_search.rs_slimit == -1 ) {
495 cache_return_entry_r( &li->li_cache, e );
496 rs->sr_err = LDAP_SIZELIMIT_EXCEEDED;
497 rs->sr_nentries = nentries;
498 send_search_result( op, rs );
506 if ( op->o_caching_on ) {
507 ldap_pvt_thread_rdwr_runlock(&li->li_giant_rwlock);
508 cache_return_entry_r( &li->li_cache, e );
510 #endif /* LDAP_CACHING */
512 result = send_search_entry( op, rs );
515 if ( op->o_caching_on ) {
516 ldap_pvt_thread_rdwr_rlock( &li->li_giant_rwlock );
518 #endif /* LDAP_CACHING */
522 case 0: /* entry sent ok */
525 case 1: /* entry not sent */
527 case -1: /* connection closed */
528 cache_return_entry_r( &li->li_cache, e );
535 LDAP_LOG( BACK_LDBM, DETAIL2,
536 "ldbm_search: candidate entry %ld scope not okay\n",
539 Debug( LDAP_DEBUG_TRACE,
540 "ldbm_search: candidate entry %ld scope not okay\n",
547 LDAP_LOG( BACK_LDBM, DETAIL2,
548 "ldbm_search: candidate entry %ld does not match filter\n",
551 Debug( LDAP_DEBUG_TRACE,
552 "ldbm_search: candidate entry %ld does not match filter\n",
559 /* free reader lock */
561 cache_return_entry_r( &li->li_cache, e );
562 #else /* LDAP_CACHING */
563 if ( !op->o_caching_on ) {
564 cache_return_entry_r( &li->li_cache, e );
566 #endif /* LDAP_CACHING */
569 ldap_pvt_thread_yield();
572 rs->sr_err = rs->sr_v2ref ? LDAP_REFERRAL : LDAP_SUCCESS;
573 rs->sr_ref = rs->sr_v2ref;
574 rs->sr_nentries = nentries;
575 send_search_result( op, rs );
580 ldap_pvt_thread_rdwr_runlock(&li->li_giant_rwlock);
582 if( candidates != NULL )
583 idl_free( candidates );
585 if( rs->sr_v2ref ) ber_bvarray_free( rs->sr_v2ref );
586 if( realbase.bv_val ) free( realbase.bv_val );
599 LDAP_LOG( BACK_LDBM, ENTRY, "base_candidate: base (%s)\n", e->e_dn, 0, 0 );
601 Debug(LDAP_DEBUG_TRACE, "base_candidates: base: \"%s\"\n",
606 idl = idl_alloc( 1 );
607 idl_insert( &idl, e->e_id, 1 );
621 ID_BLOCK *candidates;
622 Filter f, fand, rf, af, xf;
623 AttributeAssertion aa_ref, aa_alias;
624 struct berval bv_ref = { sizeof("referral")-1, "referral" };
625 struct berval bv_alias = { sizeof("alias")-1, "alias" };
628 LDAP_LOG( BACK_LDBM, DETAIL1,
629 "search_candidates: base (%s) scope %d deref %d\n",
630 e->e_ndn, scope, deref );
632 Debug(LDAP_DEBUG_TRACE,
633 "search_candidates: base=\"%s\" s=%d d=%d\n",
634 e->e_ndn, scope, deref );
639 xf.f_choice = LDAP_FILTER_OR;
643 /* match referrals */
644 rf.f_choice = LDAP_FILTER_EQUALITY;
646 rf.f_av_desc = slap_schema.si_ad_objectClass;
647 rf.f_av_value = bv_ref;
652 if( deref & LDAP_DEREF_SEARCHING ) {
654 af.f_choice = LDAP_FILTER_EQUALITY;
655 af.f_ava = &aa_alias;
656 af.f_av_desc = slap_schema.si_ad_objectClass;
657 af.f_av_value = bv_alias;
663 f.f_choice = LDAP_FILTER_AND;
665 fand.f_choice = scope == LDAP_SCOPE_SUBTREE
666 ? SLAPD_FILTER_DN_SUBTREE
667 : SLAPD_FILTER_DN_ONE;
668 fand.f_dn = &e->e_nname;
669 fand.f_next = xf.f_or == filter ? filter : &xf ;
671 candidates = filter_candidates( be, &f );
673 return( candidates );