2 * Copyright 1999, Dmitry Kovalev <mit@openldap.org>, All rights reserved.
4 * Redistribution and use in source and binary forms are permitted only
5 * as authorized by the OpenLDAP Public License. A copy of this
6 * license is available at http://www.OpenLDAP.org/license.html or
7 * in file LICENSE in the top-level directory of the distribution.
15 #include <sys/types.h>
16 #include "ac/string.h"
22 #include "schema-map.h"
26 #define BACKSQL_STOP 0
27 #define BACKSQL_CONTINUE 1
29 static int backsql_process_filter( backsql_srch_info *bsi, Filter *f );
32 backsql_attrlist_add( backsql_srch_info *bsi, AttributeDescription *ad )
35 AttributeName *an = NULL;
37 if ( bsi->attrs == NULL ) {
42 * clear the list (retrieve all attrs)
45 ch_free( bsi->attrs );
50 for ( ; bsi->attrs[ n_attrs ].an_name.bv_val; n_attrs++ ) {
51 an = &bsi->attrs[ n_attrs ];
53 Debug( LDAP_DEBUG_TRACE, "==>backsql_attrlist_add(): "
54 "attribute '%s' is in list\n",
55 an->an_name.bv_val, 0, 0 );
57 * We can live with strcmp because the attribute
58 * list has been normalized before calling be_search
60 if ( !BACKSQL_NCMP( &an->an_name, &ad->ad_cname ) ) {
65 Debug( LDAP_DEBUG_TRACE, "==>backsql_attrlist_add(): "
66 "adding '%s' to list\n", ad->ad_cname.bv_val, 0, 0 );
68 an = (AttributeName *)ch_realloc( bsi->attrs,
69 sizeof( AttributeName ) * ( n_attrs + 2 ) );
74 an[ n_attrs ].an_name = ad->ad_cname;
75 an[ n_attrs ].an_desc = ad;
76 an[ n_attrs + 1 ].an_name.bv_val = NULL;
77 an[ n_attrs + 1 ].an_name.bv_len = 0;
86 backsql_srch_info *bsi,
95 AttributeName *attrs )
101 bsi->slimit = slimit;
102 bsi->tlimit = tlimit;
103 bsi->filter = filter;
111 if ( attrs == NULL || an_find( attrs, &AllUser ) ) {
115 bsi->attrs = (AttributeName *)ch_calloc( 1,
116 sizeof( AttributeName ) );
117 bsi->attrs[ 0 ].an_name.bv_val = NULL;
118 bsi->attrs[ 0 ].an_name.bv_len = 0;
120 for ( p = attrs; p->an_name.bv_val; p++ ) {
122 * ignore "1.1"; handle "+"
124 if ( BACKSQL_NCMP( &p->an_name, &AllOper ) == 0 ) {
125 bsi->bsi_flags |= BSQL_SF_ALL_OPER;
128 } else if ( BACKSQL_NCMP( &p->an_name, &NoAttrs ) == 0 ) {
132 backsql_attrlist_add( bsi, p->an_desc );
138 bsi->n_candidates = 0;
139 bsi->stoptime = stoptime;
140 bsi->sel.bb_val.bv_val = NULL;
141 bsi->sel.bb_val.bv_len = 0;
143 bsi->from.bb_val.bv_val = NULL;
144 bsi->from.bb_val.bv_len = 0;
145 bsi->from.bb_len = 0;
146 bsi->join_where.bb_val.bv_val = NULL;
147 bsi->join_where.bb_val.bv_len = 0;
148 bsi->join_where.bb_len = 0;
149 bsi->flt_where.bb_val.bv_val = NULL;
150 bsi->flt_where.bb_val.bv_len = 0;
151 bsi->flt_where.bb_len = 0;
153 bsi->status = LDAP_SUCCESS;
157 backsql_process_filter_list( backsql_srch_info *bsi, Filter *f, int op )
165 backsql_strfcat( &bsi->flt_where, "c", '(' /* ) */ );
168 res = backsql_process_filter( bsi, f );
171 * TimesTen : If the query has no answers,
172 * don't bother to run the query.
183 case LDAP_FILTER_AND:
184 backsql_strfcat( &bsi->flt_where, "l",
185 (ber_len_t)sizeof( " AND " ) - 1,
190 backsql_strfcat( &bsi->flt_where, "l",
191 (ber_len_t)sizeof( " OR " ) - 1,
197 backsql_strfcat( &bsi->flt_where, "c", /* ( */ ')' );
203 backsql_process_sub_filter( backsql_srch_info *bsi, Filter *f )
206 backsql_at_map_rec *at;
207 backsql_info *bi = (backsql_info *)bsi->op->o_bd->be_private;
214 if ( SLAP_MR_ASSOCIATED( f->f_sub_desc->ad_type->sat_substr,
215 bi->bi_caseIgnoreMatch ) ) {
219 at = backsql_ad2at( bsi->oc, f->f_sub_desc );
224 * When dealing with case-sensitive strings
225 * we may omit normalization; however, normalized
226 * SQL filters are more liberal.
229 backsql_strfcat( &bsi->flt_where, "c", '(' /* ) */ );
232 Debug( LDAP_DEBUG_TRACE, "expr: '%s' '%s'\n", at->sel_expr.bv_val,
233 at->sel_expr_u.bv_val ? at->sel_expr_u.bv_val : "<NULL>", 0 );
234 if ( casefold && bi->upper_func.bv_val ) {
236 * If a pre-upper-cased version of the column exists, use it
238 if ( at->sel_expr_u.bv_val ) {
239 backsql_strfcat( &bsi->flt_where,
242 (ber_len_t)sizeof( " LIKE '" ) - 1,
245 backsql_strfcat( &bsi->flt_where,
251 (ber_len_t)sizeof( " LIKE '" ) - 1,
255 backsql_strfcat( &bsi->flt_where, "bl",
257 (ber_len_t)sizeof( " LIKE '" ) - 1, " LIKE '" );
260 if ( f->f_sub_initial.bv_val != NULL ) {
263 start = bsi->flt_where.bb_val.bv_len;
264 backsql_strfcat( &bsi->flt_where, "b",
266 if ( casefold && bi->upper_func.bv_val ) {
267 ldap_pvt_str2upper( &bsi->flt_where.bb_val.bv_val[ start ] );
271 backsql_strfcat( &bsi->flt_where, "c", '%' );
273 if ( f->f_sub_any != NULL ) {
274 for ( i = 0; f->f_sub_any[ i ].bv_val != NULL; i++ ) {
278 Debug( LDAP_DEBUG_TRACE,
279 "==>backsql_process_sub_filter(): "
280 "sub_any='%s'\n", f->f_sub_any[ i ].bv_val,
282 #endif /* BACKSQL_TRACE */
284 start = bsi->flt_where.bb_val.bv_len;
285 backsql_strfcat( &bsi->flt_where,
289 if ( casefold && bi->upper_func.bv_val ) {
291 * Note: toupper('%') = '%'
293 ldap_pvt_str2upper( &bsi->flt_where.bb_val.bv_val[ start ] );
297 if ( f->f_sub_final.bv_val != NULL ) {
300 start = bsi->flt_where.bb_val.bv_len;
301 backsql_strfcat( &bsi->flt_where, "b",
303 if ( casefold && bi->upper_func.bv_val ) {
304 ldap_pvt_str2upper( &bsi->flt_where.bb_val.bv_val[ start ] );
309 backsql_strfcat( &bsi->flt_where, "l",
310 (ber_len_t)sizeof( /* (' */ "')" ) - 1, /* ( */ "')" );
316 backsql_process_filter( backsql_srch_info *bsi, Filter *f )
318 backsql_info *bi = (backsql_info *)bsi->op->o_bd->be_private;
319 backsql_at_map_rec *at;
320 backsql_at_map_rec oc_attr = {
321 slap_schema.si_ad_objectClass, BER_BVC(""), BER_BVC(""),
322 BER_BVNULL, NULL, NULL, NULL };
323 AttributeDescription *ad = NULL;
327 struct berval *filter_value = NULL;
328 MatchingRule *matching_rule = NULL;
329 struct berval ordering = BER_BVC("<=");
331 Debug( LDAP_DEBUG_TRACE, "==>backsql_process_filter()\n", 0, 0, 0 );
332 if ( f == NULL || f->f_choice == SLAPD_FILTER_COMPUTED ) {
336 switch( f->f_choice ) {
338 rc = backsql_process_filter_list( bsi, f->f_or,
343 case LDAP_FILTER_AND:
344 rc = backsql_process_filter_list( bsi, f->f_and,
349 case LDAP_FILTER_NOT:
350 backsql_strfcat( &bsi->flt_where, "l",
351 (ber_len_t)sizeof( "NOT (" /* ) */ ) - 1,
353 rc = backsql_process_filter( bsi, f->f_not );
354 backsql_strfcat( &bsi->flt_where, "c", /* ( */ ')' );
358 case LDAP_FILTER_PRESENT:
362 case LDAP_FILTER_EXT:
363 ad = f->f_mra->ma_desc;
380 * Turn structuralObjectClass into objectClass
382 if ( ad == slap_schema.si_ad_objectClass
383 || ad == slap_schema.si_ad_structuralObjectClass ) {
384 struct berbuf bb = BB_NULL;
387 backsql_strfcat( &bb, "cbc",
389 &bsi->oc->oc->soc_cname,
391 at->sel_expr = bb.bb_val;
393 } else if ( ad == slap_schema.si_ad_hasSubordinates || ad == NULL ) {
395 * FIXME: this is not robust; e.g. a filter
396 * '(!(hasSubordinates=TRUE))' fails because
397 * in SQL it would read 'NOT (1=1)' instead
399 * Note however that hasSubordinates is boolean,
400 * so a more appropriate filter would be
401 * '(hasSubordinates=FALSE)'
403 * A more robust search for hasSubordinates
404 * would * require joining the ldap_entries table
405 * selecting if there are descendants of the
408 backsql_strfcat( &bsi->flt_where, "l",
409 (ber_len_t)sizeof( "1=1" ) - 1, "1=1" );
410 if ( ad == slap_schema.si_ad_hasSubordinates ) {
412 * instruct candidate selection algorithm
413 * and attribute list to try to detect
414 * if an entry has subordinates
416 bsi->bsi_flags |= BSQL_SF_FILTER_HASSUBORDINATE;
420 * clear attributes to fetch, to require ALL
421 * and try extended match on all attributes
423 backsql_attrlist_add( bsi, NULL );
428 at = backsql_ad2at( bsi->oc, ad );
432 Debug( LDAP_DEBUG_TRACE, "backsql_process_filter(): "
433 "attribute '%s' is not defined for objectclass '%s'\n",
434 ad->ad_cname.bv_val, BACKSQL_OC_NAME( bsi->oc ), 0 );
435 backsql_strfcat( &bsi->flt_where, "l",
436 (ber_len_t)sizeof( "1=0" ) - 1, "1=0" );
440 backsql_merge_from_clause( &bsi->from, &at->from_tbls );
442 * need to add this attribute to list of attrs to load,
443 * so that we could do test_filter() later
445 backsql_attrlist_add( bsi, ad );
447 if ( at->join_where.bv_val != NULL
448 && strstr( bsi->join_where.bb_val.bv_val, at->join_where.bv_val ) == NULL ) {
449 backsql_strfcat( &bsi->join_where, "lb",
450 (ber_len_t)sizeof( " AND " ) - 1, " AND ",
454 switch ( f->f_choice ) {
455 case LDAP_FILTER_EQUALITY:
456 filter_value = &f->f_av_value;
457 matching_rule = ad->ad_type->sat_equality;
461 /* fail over into next case */
463 case LDAP_FILTER_EXT:
464 filter_value = &f->f_mra->ma_value;
465 matching_rule = f->f_mr_rule;
468 if ( SLAP_MR_ASSOCIATED( matching_rule,
469 bi->bi_caseIgnoreMatch ) ) {
474 * maybe we should check type of at->sel_expr here somehow,
475 * to know whether upper_func is applicable, but for now
476 * upper_func stuff is made for Oracle, where UPPER is
477 * safely applicable to NUMBER etc.
479 if ( casefold && bi->upper_func.bv_val ) {
482 if ( at->sel_expr_u.bv_val ) {
483 backsql_strfcat( &bsi->flt_where, "cbl",
486 (ber_len_t)sizeof( "='" ) - 1,
489 backsql_strfcat( &bsi->flt_where, "cbcbl",
494 (ber_len_t)sizeof( /* ( */ ")='" ) - 1,
498 start = bsi->flt_where.bb_val.bv_len;
500 backsql_strfcat( &bsi->flt_where, "bl",
502 (ber_len_t)sizeof( /* (' */ "')" ) - 1,
505 ldap_pvt_str2upper( &bsi->flt_where.bb_val.bv_val[ start ] );
508 backsql_strfcat( &bsi->flt_where, "cblbl",
511 (ber_len_t)sizeof( "='" ) - 1, "='",
513 (ber_len_t)sizeof( /* (' */ "')" ) - 1,
519 ordering.bv_val = ">=";
521 /* fall thru to next case */
524 if ( SLAP_MR_ASSOCIATED( ad->ad_type->sat_ordering,
525 bi->bi_caseIgnoreMatch ) ) {
530 * FIXME: should we uppercase the operands?
532 if ( casefold && bi->upper_func.bv_val ) {
535 if ( at->sel_expr_u.bv_val ) {
536 backsql_strfcat( &bsi->flt_where, "cbbc",
542 backsql_strfcat( &bsi->flt_where, "cbcbcbc",
552 start = bsi->flt_where.bb_val.bv_len;
554 backsql_strfcat( &bsi->flt_where, "bl",
556 (ber_len_t)sizeof( /* (' */ "')" ) - 1,
559 ldap_pvt_str2upper( &bsi->flt_where.bb_val.bv_val[ start ] );
562 backsql_strfcat( &bsi->flt_where, "cbbcbl",
568 (ber_len_t)sizeof( /* (' */ "')" ) - 1,
573 case LDAP_FILTER_PRESENT:
574 backsql_strfcat( &bsi->flt_where, "lbl",
575 (ber_len_t)sizeof( "NOT (" ) - 1, "NOT (",
577 (ber_len_t)sizeof( " IS NULL)" ) - 1, " IS NULL)" );
580 case LDAP_FILTER_SUBSTRINGS:
581 backsql_process_sub_filter( bsi, f );
584 case LDAP_FILTER_APPROX:
588 * maybe we should check type of at->sel_expr here somehow,
589 * to know whether upper_func is applicable, but for now
590 * upper_func stuff is made for Oracle, where UPPER is
591 * safely applicable to NUMBER etc.
593 if ( bi->upper_func.bv_val ) {
596 if ( at->sel_expr_u.bv_val ) {
597 backsql_strfcat( &bsi->flt_where, "cbl",
600 (ber_len_t)sizeof( " LIKE '%" ) - 1,
603 backsql_strfcat( &bsi->flt_where, "cbcbl",
608 (ber_len_t)sizeof( /* ( */ ") LIKE '%" ) - 1,
609 /* ( */ ") LIKE '%" );
612 start = bsi->flt_where.bb_val.bv_len;
614 backsql_strfcat( &bsi->flt_where, "bl",
616 (ber_len_t)sizeof( /* (' */ "%')" ) - 1,
619 ldap_pvt_str2upper( &bsi->flt_where.bb_val.bv_val[ start ] );
622 backsql_strfcat( &bsi->flt_where, "cblbl",
625 (ber_len_t)sizeof( " LIKE '%" ) - 1,
628 (ber_len_t)sizeof( /* (' */ "%')" ) - 1,
634 /* unhandled filter type; should not happen */
636 backsql_strfcat( &bsi->flt_where, "l",
637 (ber_len_t)sizeof( "1=1" ) - 1, "1=1" );
643 if ( oc_attr.sel_expr.bv_val != NULL ) {
644 free( oc_attr.sel_expr.bv_val );
647 Debug( LDAP_DEBUG_TRACE, "<==backsql_process_filter()\n", 0, 0, 0 );
651 if ( oc_attr.sel_expr.bv_val != NULL ) {
652 free( oc_attr.sel_expr.bv_val );
654 Debug( LDAP_DEBUG_TRACE, "<==backsql_process_filter() returns -1\n",
660 backsql_srch_query( backsql_srch_info *bsi, struct berval *query )
662 backsql_info *bi = (backsql_info *)bsi->op->o_bd->be_private;
666 query->bv_val = NULL;
669 Debug( LDAP_DEBUG_TRACE, "==>backsql_srch_query()\n", 0, 0, 0 );
670 bsi->sel.bb_val.bv_val = NULL;
671 bsi->sel.bb_val.bv_len = 0;
673 bsi->from.bb_val.bv_val = NULL;
674 bsi->from.bb_val.bv_len = 0;
675 bsi->from.bb_len = 0;
676 bsi->join_where.bb_val.bv_val = NULL;
677 bsi->join_where.bb_val.bv_len = 0;
678 bsi->join_where.bb_len = 0;
679 bsi->flt_where.bb_val.bv_val = NULL;
680 bsi->flt_where.bb_val.bv_len = 0;
681 bsi->flt_where.bb_len = 0;
683 backsql_strfcat( &bsi->sel, "lbcbc",
684 (ber_len_t)sizeof( "SELECT DISTINCT ldap_entries.id," ) - 1,
685 "SELECT DISTINCT ldap_entries.id,",
691 if ( bi->strcast_func.bv_val ) {
692 backsql_strfcat( &bsi->sel, "blbl",
694 (ber_len_t)sizeof( "('" /* ') */ ) - 1,
696 &bsi->oc->oc->soc_cname,
697 (ber_len_t)sizeof( /* (' */ "')" ) - 1,
700 backsql_strfcat( &bsi->sel, "cbc",
702 &bsi->oc->oc->soc_cname,
705 backsql_strfcat( &bsi->sel, "l",
706 (ber_len_t)sizeof( " AS objectClass,ldap_entries.dn AS dn" ) - 1,
707 " AS objectClass,ldap_entries.dn AS dn" );
709 backsql_strfcat( &bsi->from, "lb",
710 (ber_len_t)sizeof( " FROM ldap_entries," ) - 1,
711 " FROM ldap_entries,",
714 backsql_strfcat( &bsi->join_where, "lbcbl",
715 (ber_len_t)sizeof( " WHERE " ) - 1, " WHERE ",
719 (ber_len_t)sizeof( "=ldap_entries.keyval AND ldap_entries.oc_map_id=? AND " ) - 1,
720 "=ldap_entries.keyval AND ldap_entries.oc_map_id=? AND " );
722 switch ( bsi->scope ) {
723 case LDAP_SCOPE_BASE:
724 if ( bi->upper_func.bv_val ) {
725 backsql_strfcat( &bsi->join_where, "blbcb",
727 (ber_len_t)sizeof( "(ldap_entries.dn)=" ) - 1,
728 "(ldap_entries.dn)=",
729 &bi->upper_func_open,
731 &bi->upper_func_close );
733 backsql_strfcat( &bsi->join_where, "l",
734 (ber_len_t)sizeof( "ldap_entries.dn=?" ) - 1,
735 "ldap_entries.dn=?" );
739 case LDAP_SCOPE_ONELEVEL:
740 backsql_strfcat( &bsi->join_where, "l",
741 (ber_len_t)sizeof( "ldap_entries.parent=?" ) - 1,
742 "ldap_entries.parent=?" );
745 case LDAP_SCOPE_SUBTREE:
746 if ( bi->upper_func.bv_val ) {
747 backsql_strfcat( &bsi->join_where, "blbcb",
749 (ber_len_t)sizeof( "(ldap_entries.dn) LIKE " ) - 1,
750 "(ldap_entries.dn) LIKE ",
751 &bi->upper_func_open,
753 &bi->upper_func_close );
755 backsql_strfcat( &bsi->join_where, "l",
756 (ber_len_t)sizeof( "ldap_entries.dn LIKE ?" ) - 1,
757 "ldap_entries.dn LIKE ?" );
766 rc = backsql_process_filter( bsi, bsi->filter );
768 struct berbuf bb = BB_NULL;
770 backsql_strfcat( &bb, "bbblb",
773 &bsi->join_where.bb_val,
774 (ber_len_t)sizeof( " AND " ) - 1, " AND ",
775 &bsi->flt_where.bb_val );
779 } else if ( rc < 0 ) {
781 * Indicates that there's no possible way the filter matches
782 * anything. No need to issue the query
784 free( query->bv_val );
785 query->bv_val = NULL;
788 free( bsi->sel.bb_val.bv_val );
789 bsi->sel.bb_val.bv_len = 0;
791 free( bsi->from.bb_val.bv_val );
792 bsi->from.bb_val.bv_len = 0;
793 bsi->from.bb_len = 0;
794 free( bsi->join_where.bb_val.bv_val );
795 bsi->join_where.bb_val.bv_len = 0;
796 bsi->join_where.bb_len = 0;
797 free( bsi->flt_where.bb_val.bv_val );
798 bsi->flt_where.bb_val.bv_len = 0;
799 bsi->flt_where.bb_len = 0;
801 Debug( LDAP_DEBUG_TRACE, "<==backsql_srch_query() returns %s\n",
802 query->bv_val ? query->bv_val : "NULL", 0, 0 );
804 return ( rc <= 0 ? 1 : 0 );
808 backsql_oc_get_candidates( void *v_oc, void *v_bsi )
810 backsql_oc_map_rec *oc = v_oc;
811 backsql_srch_info *bsi = v_bsi;
812 backsql_info *bi = (backsql_info *)bsi->op->o_bd->be_private;
816 backsql_entryID base_id, *c_id;
822 int n_candidates = bsi->n_candidates;
824 bsi->status = LDAP_SUCCESS;
826 Debug( LDAP_DEBUG_TRACE, "==>backsql_oc_get_candidates(): oc='%s'\n",
827 BACKSQL_OC_NAME( oc ), 0, 0 );
829 if ( bsi->n_candidates == -1 ) {
830 Debug( LDAP_DEBUG_TRACE, "backsql_oc_get_candidates(): "
831 "unchecked limit has been overcome\n", 0, 0, 0 );
832 /* should never get here */
834 bsi->status = LDAP_ADMINLIMIT_EXCEEDED;
839 res = backsql_srch_query( bsi, &query );
841 Debug( LDAP_DEBUG_TRACE, "backsql_oc_get_candidates(): "
842 "error while constructing query for objectclass '%s'\n",
843 oc->oc->soc_cname.bv_val, 0, 0 );
845 * FIXME: need to separate errors from legally
848 bsi->status = LDAP_SUCCESS;
849 return BACKSQL_CONTINUE;
852 if ( query.bv_val == NULL ) {
853 Debug( LDAP_DEBUG_TRACE, "backsql_oc_get_candidates(): "
854 "could not construct query for objectclass '%s'\n",
855 oc->oc->soc_cname.bv_val, 0, 0 );
856 bsi->status = LDAP_SUCCESS;
857 return BACKSQL_CONTINUE;
860 Debug( LDAP_DEBUG_TRACE, "Constructed query: %s\n",
861 query.bv_val, 0, 0 );
863 rc = backsql_Prepare( bsi->dbh, &sth, query.bv_val, 0 );
864 free( query.bv_val );
865 if ( rc != SQL_SUCCESS ) {
866 Debug( LDAP_DEBUG_TRACE, "backsql_oc_get_candidates(): "
867 "error preparing query\n", 0, 0, 0 );
868 backsql_PrintErrors( bi->db_env, bsi->dbh, sth, rc );
869 bsi->status = LDAP_OTHER;
870 return BACKSQL_CONTINUE;
873 Debug( LDAP_DEBUG_TRACE, "id: '%ld'\n", bsi->oc->id, 0, 0 );
875 if ( backsql_BindParamID( sth, 1, &bsi->oc->id ) != SQL_SUCCESS ) {
876 Debug( LDAP_DEBUG_TRACE, "backsql_oc_get_candidates(): "
877 "error binding objectclass id parameter\n", 0, 0, 0 );
878 bsi->status = LDAP_OTHER;
879 return BACKSQL_CONTINUE;
882 switch ( bsi->scope ) {
883 case LDAP_SCOPE_BASE:
884 Debug( LDAP_DEBUG_TRACE, "(base)dn: '%s'\n",
885 bsi->base_dn->bv_val, 0, 0 );
887 rc = backsql_BindParamStr( sth, 2, bsi->base_dn->bv_val,
888 BACKSQL_MAX_DN_LEN );
889 if ( rc != SQL_SUCCESS ) {
890 Debug( LDAP_DEBUG_TRACE, "backsql_oc_get_candidates(): "
891 "error binding base_dn parameter\n", 0, 0, 0 );
892 backsql_PrintErrors( bi->db_env, bsi->dbh,
894 bsi->status = LDAP_OTHER;
895 return BACKSQL_CONTINUE;
899 case LDAP_SCOPE_SUBTREE: {
902 * + 1 because we need room for '%'; this makes a subtree
903 * search for a DN BACKSQL_MAX_DN_LEN long legal
904 * if it returns that DN only
906 char temp_base_dn[ BACKSQL_MAX_DN_LEN + 1 + 1 ];
909 * We do not accept DNs longer than BACKSQL_MAX_DN_LEN;
910 * however this should be handled earlier
912 assert( bsi->base_dn->bv_len <= BACKSQL_MAX_DN_LEN );
915 * Sets the parameters for the SQL built earlier
916 * NOTE that all the databases could actually use
917 * the TimesTen version, which would be cleaner
918 * and would also eliminate the need for the
919 * subtree_cond line in the configuration file.
920 * For now, I'm leaving it the way it is,
921 * so non-TimesTen databases use the original code.
922 * But at some point this should get cleaned up.
924 * If "dn" is being used, do a suffix search.
925 * If "dn_ru" is being used, do a prefix search.
927 if ( BACKSQL_HAS_LDAPINFO_DN_RU( bi ) ) {
928 temp_base_dn[ 0 ] = '\0';
929 for ( i = 0, j = bsi->base_dn->bv_len - 1;
931 temp_base_dn[ i ] = bsi->base_dn->bv_val[ j ];
933 temp_base_dn[ i ] = '%';
934 temp_base_dn[ i + 1 ] = '\0';
937 temp_base_dn[ 0 ] = '%';
938 AC_MEMCPY( &temp_base_dn[ 1 ], bsi->base_dn->bv_val,
939 bsi->base_dn->bv_len + 1 );
941 ldap_pvt_str2upper( temp_base_dn );
943 Debug( LDAP_DEBUG_TRACE, "(sub)dn: '%s'\n", temp_base_dn,
946 rc = backsql_BindParamStr( sth, 2, temp_base_dn,
947 BACKSQL_MAX_DN_LEN );
948 if ( rc != SQL_SUCCESS ) {
949 Debug( LDAP_DEBUG_TRACE, "backsql_oc_get_candidates(): "
950 "error binding base_dn parameter (2)\n",
952 backsql_PrintErrors( bi->db_env, bsi->dbh,
954 bsi->status = LDAP_OTHER;
955 return BACKSQL_CONTINUE;
960 case LDAP_SCOPE_ONELEVEL:
961 res = backsql_dn2id( bi, &base_id,
962 bsi->dbh, bsi->base_dn );
963 if ( res != LDAP_SUCCESS ) {
964 Debug( LDAP_DEBUG_TRACE, "backsql_oc_get_candidates(): "
965 "could not retrieve base_dn id%s\n",
966 res == LDAP_NO_SUCH_OBJECT ? ": no such entry"
969 return BACKSQL_CONTINUE;
972 Debug( LDAP_DEBUG_TRACE, "(one)id: '%lu'\n", base_id.id,
975 rc = backsql_BindParamID( sth, 2, &base_id.id );
976 backsql_free_entryID( &base_id, 0 );
977 if ( rc != SQL_SUCCESS ) {
978 Debug( LDAP_DEBUG_TRACE, "backsql_oc_get_candidates(): "
979 "error binding base id parameter\n", 0, 0, 0 );
980 bsi->status = LDAP_OTHER;
981 return BACKSQL_CONTINUE;
986 rc = SQLExecute( sth );
987 if ( !BACKSQL_SUCCESS( rc ) ) {
988 Debug( LDAP_DEBUG_TRACE, "backsql_oc_get_candidates(): "
989 "error executing query\n", 0, 0, 0 );
990 backsql_PrintErrors( bi->db_env, bsi->dbh, sth, rc );
991 SQLFreeStmt( sth, SQL_DROP );
992 bsi->status = LDAP_OTHER;
993 return BACKSQL_CONTINUE;
996 backsql_BindRowAsStrings( sth, &row );
997 rc = SQLFetch( sth );
998 for ( ; BACKSQL_SUCCESS( rc ); rc = SQLFetch( sth ) ) {
999 c_id = (backsql_entryID *)ch_calloc( 1,
1000 sizeof( backsql_entryID ) );
1001 c_id->id = strtol( row.cols[ 0 ], NULL, 0 );
1002 c_id->keyval = strtol( row.cols[ 1 ], NULL, 0 );
1003 c_id->oc_id = bsi->oc->id;
1004 ber_str2bv( row.cols[ 3 ], 0, 1, &c_id->dn );
1005 c_id->next = bsi->id_list;
1006 bsi->id_list = c_id;
1007 bsi->n_candidates--;
1009 Debug( LDAP_DEBUG_TRACE, "backsql_oc_get_candidates(): "
1010 "added entry id=%ld, keyval=%ld dn='%s'\n",
1011 c_id->id, c_id->keyval, row.cols[ 3 ] );
1013 if ( bsi->n_candidates == -1 ) {
1017 backsql_FreeRow( &row );
1018 SQLFreeStmt( sth, SQL_DROP );
1020 Debug( LDAP_DEBUG_TRACE, "<==backsql_oc_get_candidates(): %d\n",
1021 n_candidates - bsi->n_candidates, 0, 0 );
1023 return ( bsi->n_candidates == -1 ? BACKSQL_STOP : BACKSQL_CONTINUE );
1027 backsql_search( Operation *op, SlapReply *rs )
1029 backsql_info *bi = (backsql_info *)op->o_bd->be_private;
1034 time_t stoptime = 0;
1035 backsql_srch_info srch_info;
1036 backsql_entryID *eid = NULL;
1037 struct slap_limits_set *limit = NULL;
1040 manageDSAit = get_manageDSAit( op );
1042 Debug( LDAP_DEBUG_TRACE, "==>backsql_search(): "
1043 "base='%s', filter='%s', scope=%d,",
1044 op->o_req_ndn.bv_val,
1045 op->oq_search.rs_filterstr.bv_val,
1046 op->oq_search.rs_scope );
1047 Debug( LDAP_DEBUG_TRACE, " deref=%d, attrsonly=%d, "
1048 "attributes to load: %s\n",
1049 op->oq_search.rs_deref,
1050 op->oq_search.rs_attrsonly,
1051 op->oq_search.rs_attrs == NULL ? "all" : "custom list" );
1053 if ( op->o_req_ndn.bv_len > BACKSQL_MAX_DN_LEN ) {
1054 Debug( LDAP_DEBUG_TRACE, "backsql_search(): "
1055 "search base length (%ld) exceeds max length (%ld)\n",
1056 op->o_req_ndn.bv_len, BACKSQL_MAX_DN_LEN, 0 );
1058 * FIXME: a LDAP_NO_SUCH_OBJECT could be appropriate
1059 * since it is impossible that such a long DN exists
1062 rs->sr_err = LDAP_ADMINLIMIT_EXCEEDED;
1063 send_ldap_result( op, rs );
1067 sres = backsql_get_db_conn( op, &dbh );
1068 if ( sres != LDAP_SUCCESS ) {
1069 Debug( LDAP_DEBUG_TRACE, "backsql_search(): "
1070 "could not get connection handle - exiting\n",
1073 rs->sr_text = sres == LDAP_OTHER ? "SQL-backend error" : NULL;
1074 send_ldap_result( op, rs );
1078 /* if not root, get appropriate limits */
1079 if ( be_isroot( op->o_bd, &op->o_ndn ) ) {
1082 ( void ) get_limits( op->o_bd, &op->o_ndn, &limit );
1085 /* The time/size limits come first because they require very little
1086 * effort, so there's no chance the candidates are selected and then
1087 * the request is not honored only because of time/size constraints */
1089 /* if no time limit requested, use soft limit (unless root!) */
1091 if ( op->oq_search.rs_tlimit == 0 ) {
1092 op->oq_search.rs_tlimit = -1; /* allow root to set no limit */
1095 if ( op->oq_search.rs_slimit == 0 ) {
1096 op->oq_search.rs_slimit = -1;
1100 /* if no limit is required, use soft limit */
1101 if ( op->oq_search.rs_tlimit <= 0 ) {
1102 op->oq_search.rs_tlimit = limit->lms_t_soft;
1104 /* if requested limit higher than hard limit, abort */
1105 } else if ( op->oq_search.rs_tlimit > limit->lms_t_hard ) {
1106 /* no hard limit means use soft instead */
1107 if ( limit->lms_t_hard == 0
1108 && limit->lms_t_soft > -1
1109 && op->oq_search.rs_tlimit > limit->lms_t_soft ) {
1110 op->oq_search.rs_tlimit = limit->lms_t_soft;
1112 /* positive hard limit means abort */
1113 } else if ( limit->lms_t_hard > 0 ) {
1114 rs->sr_err = LDAP_ADMINLIMIT_EXCEEDED;
1115 send_ldap_result( op, rs );
1119 /* negative hard limit means no limit */
1122 /* if no limit is required, use soft limit */
1123 if ( op->oq_search.rs_slimit <= 0 ) {
1124 op->oq_search.rs_slimit = limit->lms_s_soft;
1126 /* if requested limit higher than hard limit, abort */
1127 } else if ( op->oq_search.rs_slimit > limit->lms_s_hard ) {
1128 /* no hard limit means use soft instead */
1129 if ( limit->lms_s_hard == 0
1130 && limit->lms_s_soft > -1
1131 && op->oq_search.rs_slimit > limit->lms_s_soft ) {
1132 op->oq_search.rs_slimit = limit->lms_s_soft;
1134 /* positive hard limit means abort */
1135 } else if ( limit->lms_s_hard > 0 ) {
1136 rs->sr_err = LDAP_ADMINLIMIT_EXCEEDED;
1137 send_ldap_result( op, rs );
1141 /* negative hard limit means no limit */
1145 /* compute it anyway; root does not use it */
1146 stoptime = op->o_time + op->oq_search.rs_tlimit;
1148 backsql_init_search( &srch_info, &op->o_req_dn,
1149 op->oq_search.rs_scope,
1150 op->oq_search.rs_slimit, op->oq_search.rs_tlimit,
1151 stoptime, op->oq_search.rs_filter,
1152 dbh, op, op->oq_search.rs_attrs );
1155 * for each objectclass we try to construct query which gets IDs
1156 * of entries matching LDAP query filter and scope (or at least
1157 * candidates), and get the IDs
1159 srch_info.n_candidates = ( isroot ? -2 : limit->lms_s_unchecked == -1
1160 ? -2 : limit->lms_s_unchecked );
1161 avl_apply( bi->oc_by_oc, backsql_oc_get_candidates,
1162 &srch_info, BACKSQL_STOP, AVL_INORDER );
1163 if ( !isroot && limit->lms_s_unchecked != -1 ) {
1164 if ( srch_info.n_candidates == -1 ) {
1165 rs->sr_err = LDAP_ADMINLIMIT_EXCEEDED;
1166 send_ldap_result( op, rs );
1172 * now we load candidate entries (only those attributes
1173 * mentioned in attrs and filter), test it against full filter
1174 * and then send to client
1176 for ( eid = srch_info.id_list; eid != NULL;
1177 eid = backsql_free_entryID( eid, 1 ) ) {
1178 Attribute *hasSubordinate = NULL,
1181 /* check for abandon */
1182 if ( op->o_abandon ) {
1186 /* check time limit */
1187 if ( op->oq_search.rs_tlimit != -1 && slap_get_time() > stoptime ) {
1188 rs->sr_err = LDAP_TIMELIMIT_EXCEEDED;
1189 rs->sr_ctrls = NULL;
1190 rs->sr_ref = rs->sr_v2ref;
1191 rs->sr_err = (rs->sr_v2ref == NULL) ? LDAP_SUCCESS
1193 send_ldap_result( op, rs );
1197 Debug(LDAP_DEBUG_TRACE, "backsql_search(): loading data "
1198 "for entry id=%ld, oc_id=%ld, keyval=%ld\n",
1199 eid->id, eid->oc_id, eid->keyval );
1201 entry = (Entry *)ch_calloc( sizeof( Entry ), 1 );
1202 res = backsql_id2entry( &srch_info, entry, eid );
1203 if ( res == NULL ) {
1204 Debug( LDAP_DEBUG_TRACE, "backsql_search(): "
1205 "error in backsql_id2entry() "
1206 "- skipping entry\n", 0, 0, 0 );
1210 if ( !manageDSAit &&
1211 op->oq_search.rs_scope != LDAP_SCOPE_BASE &&
1212 is_entry_referral( entry ) ) {
1214 struct berval matched_dn;
1216 ber_dupbv( &matched_dn, &entry->e_name );
1217 refs = get_entry_referrals( op, entry );
1219 rs->sr_ref = referral_rewrite( refs,
1220 &matched_dn, &op->o_req_dn,
1221 op->oq_search.rs_scope );
1222 ber_bvarray_free( refs );
1226 rs->sr_text = "bad_referral object";
1229 rs->sr_err = LDAP_REFERRAL;
1230 rs->sr_matched = matched_dn.bv_val;
1231 send_search_reference( op, rs );
1233 ber_bvarray_free( rs->sr_ref );
1235 ber_memfree( matched_dn.bv_val );
1236 rs->sr_matched = NULL;
1242 * We use this flag since we need to parse the filter
1243 * anyway; we should have used the frontend API function
1244 * filter_has_subordinates()
1246 if ( srch_info.bsi_flags & BSQL_SF_FILTER_HASSUBORDINATE ) {
1249 rc = backsql_has_children( bi, dbh, &entry->e_nname );
1252 case LDAP_COMPARE_TRUE:
1253 case LDAP_COMPARE_FALSE:
1254 hasSubordinate = slap_operational_hasSubordinate( rc == LDAP_COMPARE_TRUE );
1255 if ( hasSubordinate != NULL ) {
1256 for ( a = entry->e_attrs;
1260 a->a_next = hasSubordinate;
1266 Debug(LDAP_DEBUG_TRACE,
1267 "backsql_search(): "
1268 "has_children failed( %d)\n",
1279 if ( test_filter( op, entry, op->oq_search.rs_filter )
1280 == LDAP_COMPARE_TRUE ) {
1281 if ( hasSubordinate && !( srch_info.bsi_flags & BSQL_SF_ALL_OPER )
1282 && !ad_inlist( slap_schema.si_ad_hasSubordinates, op->oq_search.rs_attrs ) ) {
1284 attr_free( hasSubordinate );
1285 hasSubordinate = NULL;
1288 #if 0 /* noop is masked SLAP_CTRL_UPDATE */
1293 rs->sr_attrs = op->oq_search.rs_attrs;
1294 rs->sr_entry = entry;
1295 sres = send_search_entry( op, rs );
1296 rs->sr_entry = NULL;
1297 rs->sr_attrs = NULL;
1307 Debug( LDAP_DEBUG_TRACE, "backsql_search(): "
1308 "connection lost\n", 0, 0, 0 );
1313 * FIXME: send_search_entry failed;
1319 entry_free( entry );
1321 if ( op->oq_search.rs_slimit != -1
1322 && rs->sr_nentries >= op->oq_search.rs_slimit ) {
1323 rs->sr_err = LDAP_SIZELIMIT_EXCEEDED;
1324 send_ldap_result( op, rs );
1331 if ( rs->sr_nentries > 0 ) {
1332 rs->sr_ref = rs->sr_v2ref;
1333 rs->sr_err = (rs->sr_v2ref == NULL) ? LDAP_SUCCESS
1336 rs->sr_err = srch_info.status;
1338 send_ldap_result( op, rs );
1340 if ( rs->sr_v2ref ) {
1341 ber_bvarray_free( rs->sr_v2ref );
1342 rs->sr_v2ref = NULL;
1346 ch_free( srch_info.attrs );
1348 Debug( LDAP_DEBUG_TRACE, "<==backsql_search()\n", 0, 0, 0 );
1352 #endif /* SLAPD_SQL */