2 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
4 * Copyright 1999-2003 The OpenLDAP Foundation.
5 * Portions Copyright 1999 Dmitry Kovalev.
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted only as authorized by the OpenLDAP
12 * A copy of this license is available in the file LICENSE in the
13 * top-level directory of the distribution or, alternatively, at
14 * <http://www.OpenLDAP.org/license.html>.
17 * This work was initially developed by Dmitry Kovalev for inclusion
18 * by OpenLDAP Software.
26 #include <sys/types.h>
27 #include "ac/string.h"
33 #include "schema-map.h"
37 #define BACKSQL_STOP 0
38 #define BACKSQL_CONTINUE 1
40 static int backsql_process_filter( backsql_srch_info *bsi, Filter *f );
43 backsql_attrlist_add( backsql_srch_info *bsi, AttributeDescription *ad )
46 AttributeName *an = NULL;
48 if ( bsi->attrs == NULL ) {
53 * clear the list (retrieve all attrs)
56 ch_free( bsi->attrs );
61 for ( ; bsi->attrs[ n_attrs ].an_name.bv_val; n_attrs++ ) {
62 an = &bsi->attrs[ n_attrs ];
64 Debug( LDAP_DEBUG_TRACE, "==>backsql_attrlist_add(): "
65 "attribute '%s' is in list\n",
66 an->an_name.bv_val, 0, 0 );
68 * We can live with strcmp because the attribute
69 * list has been normalized before calling be_search
71 if ( !BACKSQL_NCMP( &an->an_name, &ad->ad_cname ) ) {
76 Debug( LDAP_DEBUG_TRACE, "==>backsql_attrlist_add(): "
77 "adding '%s' to list\n", ad->ad_cname.bv_val, 0, 0 );
79 an = (AttributeName *)ch_realloc( bsi->attrs,
80 sizeof( AttributeName ) * ( n_attrs + 2 ) );
85 an[ n_attrs ].an_name = ad->ad_cname;
86 an[ n_attrs ].an_desc = ad;
87 an[ n_attrs + 1 ].an_name.bv_val = NULL;
88 an[ n_attrs + 1 ].an_name.bv_len = 0;
97 backsql_srch_info *bsi,
106 AttributeName *attrs )
112 bsi->slimit = slimit;
113 bsi->tlimit = tlimit;
114 bsi->filter = filter;
122 if ( attrs == NULL || an_find( attrs, &AllUser ) ) {
126 bsi->attrs = (AttributeName *)ch_calloc( 1,
127 sizeof( AttributeName ) );
128 bsi->attrs[ 0 ].an_name.bv_val = NULL;
129 bsi->attrs[ 0 ].an_name.bv_len = 0;
131 for ( p = attrs; p->an_name.bv_val; p++ ) {
133 * ignore "1.1"; handle "+"
135 if ( BACKSQL_NCMP( &p->an_name, &AllOper ) == 0 ) {
136 bsi->bsi_flags |= BSQL_SF_ALL_OPER;
139 } else if ( BACKSQL_NCMP( &p->an_name, &NoAttrs ) == 0 ) {
143 backsql_attrlist_add( bsi, p->an_desc );
149 bsi->n_candidates = 0;
150 bsi->stoptime = stoptime;
151 bsi->sel.bb_val.bv_val = NULL;
152 bsi->sel.bb_val.bv_len = 0;
154 bsi->from.bb_val.bv_val = NULL;
155 bsi->from.bb_val.bv_len = 0;
156 bsi->from.bb_len = 0;
157 bsi->join_where.bb_val.bv_val = NULL;
158 bsi->join_where.bb_val.bv_len = 0;
159 bsi->join_where.bb_len = 0;
160 bsi->flt_where.bb_val.bv_val = NULL;
161 bsi->flt_where.bb_val.bv_len = 0;
162 bsi->flt_where.bb_len = 0;
164 bsi->status = LDAP_SUCCESS;
168 backsql_process_filter_list( backsql_srch_info *bsi, Filter *f, int op )
176 backsql_strfcat( &bsi->flt_where, "c", '(' /* ) */ );
179 res = backsql_process_filter( bsi, f );
182 * TimesTen : If the query has no answers,
183 * don't bother to run the query.
194 case LDAP_FILTER_AND:
195 backsql_strfcat( &bsi->flt_where, "l",
196 (ber_len_t)sizeof( " AND " ) - 1,
201 backsql_strfcat( &bsi->flt_where, "l",
202 (ber_len_t)sizeof( " OR " ) - 1,
208 backsql_strfcat( &bsi->flt_where, "c", /* ( */ ')' );
214 backsql_process_sub_filter( backsql_srch_info *bsi, Filter *f )
217 backsql_at_map_rec *at;
218 backsql_info *bi = (backsql_info *)bsi->op->o_bd->be_private;
225 if ( SLAP_MR_ASSOCIATED( f->f_sub_desc->ad_type->sat_substr,
226 bi->bi_caseIgnoreMatch ) ) {
230 at = backsql_ad2at( bsi->oc, f->f_sub_desc );
235 * When dealing with case-sensitive strings
236 * we may omit normalization; however, normalized
237 * SQL filters are more liberal.
240 backsql_strfcat( &bsi->flt_where, "c", '(' /* ) */ );
243 Debug( LDAP_DEBUG_TRACE, "expr: '%s' '%s'\n", at->sel_expr.bv_val,
244 at->sel_expr_u.bv_val ? at->sel_expr_u.bv_val : "<NULL>", 0 );
245 if ( casefold && bi->upper_func.bv_val ) {
247 * If a pre-upper-cased version of the column exists, use it
249 if ( at->sel_expr_u.bv_val ) {
250 backsql_strfcat( &bsi->flt_where,
253 (ber_len_t)sizeof( " LIKE '" ) - 1,
256 backsql_strfcat( &bsi->flt_where,
262 (ber_len_t)sizeof( " LIKE '" ) - 1,
266 backsql_strfcat( &bsi->flt_where, "bl",
268 (ber_len_t)sizeof( " LIKE '" ) - 1, " LIKE '" );
271 if ( f->f_sub_initial.bv_val != NULL ) {
274 start = bsi->flt_where.bb_val.bv_len;
275 backsql_strfcat( &bsi->flt_where, "b",
277 if ( casefold && bi->upper_func.bv_val ) {
278 ldap_pvt_str2upper( &bsi->flt_where.bb_val.bv_val[ start ] );
282 backsql_strfcat( &bsi->flt_where, "c", '%' );
284 if ( f->f_sub_any != NULL ) {
285 for ( i = 0; f->f_sub_any[ i ].bv_val != NULL; i++ ) {
289 Debug( LDAP_DEBUG_TRACE,
290 "==>backsql_process_sub_filter(): "
291 "sub_any='%s'\n", f->f_sub_any[ i ].bv_val,
293 #endif /* BACKSQL_TRACE */
295 start = bsi->flt_where.bb_val.bv_len;
296 backsql_strfcat( &bsi->flt_where,
300 if ( casefold && bi->upper_func.bv_val ) {
302 * Note: toupper('%') = '%'
304 ldap_pvt_str2upper( &bsi->flt_where.bb_val.bv_val[ start ] );
308 if ( f->f_sub_final.bv_val != NULL ) {
311 start = bsi->flt_where.bb_val.bv_len;
312 backsql_strfcat( &bsi->flt_where, "b",
314 if ( casefold && bi->upper_func.bv_val ) {
315 ldap_pvt_str2upper( &bsi->flt_where.bb_val.bv_val[ start ] );
320 backsql_strfcat( &bsi->flt_where, "l",
321 (ber_len_t)sizeof( /* (' */ "')" ) - 1, /* ( */ "')" );
327 backsql_process_filter( backsql_srch_info *bsi, Filter *f )
329 backsql_info *bi = (backsql_info *)bsi->op->o_bd->be_private;
330 backsql_at_map_rec *at;
331 backsql_at_map_rec oc_attr = {
332 slap_schema.si_ad_objectClass, BER_BVC(""), BER_BVC(""),
333 BER_BVNULL, NULL, NULL, NULL };
334 AttributeDescription *ad = NULL;
338 struct berval *filter_value = NULL;
339 MatchingRule *matching_rule = NULL;
340 struct berval ordering = BER_BVC("<=");
342 Debug( LDAP_DEBUG_TRACE, "==>backsql_process_filter()\n", 0, 0, 0 );
343 if ( f == NULL || f->f_choice == SLAPD_FILTER_COMPUTED ) {
347 switch( f->f_choice ) {
349 rc = backsql_process_filter_list( bsi, f->f_or,
354 case LDAP_FILTER_AND:
355 rc = backsql_process_filter_list( bsi, f->f_and,
360 case LDAP_FILTER_NOT:
361 backsql_strfcat( &bsi->flt_where, "l",
362 (ber_len_t)sizeof( "NOT (" /* ) */ ) - 1,
364 rc = backsql_process_filter( bsi, f->f_not );
365 backsql_strfcat( &bsi->flt_where, "c", /* ( */ ')' );
369 case LDAP_FILTER_PRESENT:
373 case LDAP_FILTER_EXT:
374 ad = f->f_mra->ma_desc;
391 * Turn structuralObjectClass into objectClass
393 if ( ad == slap_schema.si_ad_objectClass
394 || ad == slap_schema.si_ad_structuralObjectClass ) {
395 struct berbuf bb = BB_NULL;
398 backsql_strfcat( &bb, "cbc",
400 &bsi->oc->oc->soc_cname,
402 at->sel_expr = bb.bb_val;
404 } else if ( ad == slap_schema.si_ad_hasSubordinates || ad == NULL ) {
406 * FIXME: this is not robust; e.g. a filter
407 * '(!(hasSubordinates=TRUE))' fails because
408 * in SQL it would read 'NOT (1=1)' instead
410 * Note however that hasSubordinates is boolean,
411 * so a more appropriate filter would be
412 * '(hasSubordinates=FALSE)'
414 * A more robust search for hasSubordinates
415 * would * require joining the ldap_entries table
416 * selecting if there are descendants of the
419 backsql_strfcat( &bsi->flt_where, "l",
420 (ber_len_t)sizeof( "1=1" ) - 1, "1=1" );
421 if ( ad == slap_schema.si_ad_hasSubordinates ) {
423 * instruct candidate selection algorithm
424 * and attribute list to try to detect
425 * if an entry has subordinates
427 bsi->bsi_flags |= BSQL_SF_FILTER_HASSUBORDINATE;
431 * clear attributes to fetch, to require ALL
432 * and try extended match on all attributes
434 backsql_attrlist_add( bsi, NULL );
439 at = backsql_ad2at( bsi->oc, ad );
443 Debug( LDAP_DEBUG_TRACE, "backsql_process_filter(): "
444 "attribute '%s' is not defined for objectclass '%s'\n",
445 ad->ad_cname.bv_val, BACKSQL_OC_NAME( bsi->oc ), 0 );
446 backsql_strfcat( &bsi->flt_where, "l",
447 (ber_len_t)sizeof( "1=0" ) - 1, "1=0" );
451 backsql_merge_from_clause( &bsi->from, &at->from_tbls );
453 * need to add this attribute to list of attrs to load,
454 * so that we could do test_filter() later
456 backsql_attrlist_add( bsi, ad );
458 if ( at->join_where.bv_val != NULL
459 && strstr( bsi->join_where.bb_val.bv_val, at->join_where.bv_val ) == NULL ) {
460 backsql_strfcat( &bsi->join_where, "lb",
461 (ber_len_t)sizeof( " AND " ) - 1, " AND ",
465 switch ( f->f_choice ) {
466 case LDAP_FILTER_EQUALITY:
467 filter_value = &f->f_av_value;
468 matching_rule = ad->ad_type->sat_equality;
472 /* fail over into next case */
474 case LDAP_FILTER_EXT:
475 filter_value = &f->f_mra->ma_value;
476 matching_rule = f->f_mr_rule;
479 if ( SLAP_MR_ASSOCIATED( matching_rule,
480 bi->bi_caseIgnoreMatch ) ) {
485 * maybe we should check type of at->sel_expr here somehow,
486 * to know whether upper_func is applicable, but for now
487 * upper_func stuff is made for Oracle, where UPPER is
488 * safely applicable to NUMBER etc.
490 if ( casefold && bi->upper_func.bv_val ) {
493 if ( at->sel_expr_u.bv_val ) {
494 backsql_strfcat( &bsi->flt_where, "cbl",
497 (ber_len_t)sizeof( "='" ) - 1,
500 backsql_strfcat( &bsi->flt_where, "cbcbl",
505 (ber_len_t)sizeof( /* ( */ ")='" ) - 1,
509 start = bsi->flt_where.bb_val.bv_len;
511 backsql_strfcat( &bsi->flt_where, "bl",
513 (ber_len_t)sizeof( /* (' */ "')" ) - 1,
516 ldap_pvt_str2upper( &bsi->flt_where.bb_val.bv_val[ start ] );
519 backsql_strfcat( &bsi->flt_where, "cblbl",
522 (ber_len_t)sizeof( "='" ) - 1, "='",
524 (ber_len_t)sizeof( /* (' */ "')" ) - 1,
530 ordering.bv_val = ">=";
532 /* fall thru to next case */
535 if ( SLAP_MR_ASSOCIATED( ad->ad_type->sat_ordering,
536 bi->bi_caseIgnoreMatch ) ) {
541 * FIXME: should we uppercase the operands?
543 if ( casefold && bi->upper_func.bv_val ) {
546 if ( at->sel_expr_u.bv_val ) {
547 backsql_strfcat( &bsi->flt_where, "cbbc",
553 backsql_strfcat( &bsi->flt_where, "cbcbcbc",
563 start = bsi->flt_where.bb_val.bv_len;
565 backsql_strfcat( &bsi->flt_where, "bl",
567 (ber_len_t)sizeof( /* (' */ "')" ) - 1,
570 ldap_pvt_str2upper( &bsi->flt_where.bb_val.bv_val[ start ] );
573 backsql_strfcat( &bsi->flt_where, "cbbcbl",
579 (ber_len_t)sizeof( /* (' */ "')" ) - 1,
584 case LDAP_FILTER_PRESENT:
585 backsql_strfcat( &bsi->flt_where, "lbl",
586 (ber_len_t)sizeof( "NOT (" ) - 1, "NOT (",
588 (ber_len_t)sizeof( " IS NULL)" ) - 1, " IS NULL)" );
591 case LDAP_FILTER_SUBSTRINGS:
592 backsql_process_sub_filter( bsi, f );
595 case LDAP_FILTER_APPROX:
599 * maybe we should check type of at->sel_expr here somehow,
600 * to know whether upper_func is applicable, but for now
601 * upper_func stuff is made for Oracle, where UPPER is
602 * safely applicable to NUMBER etc.
604 if ( bi->upper_func.bv_val ) {
607 if ( at->sel_expr_u.bv_val ) {
608 backsql_strfcat( &bsi->flt_where, "cbl",
611 (ber_len_t)sizeof( " LIKE '%" ) - 1,
614 backsql_strfcat( &bsi->flt_where, "cbcbl",
619 (ber_len_t)sizeof( /* ( */ ") LIKE '%" ) - 1,
620 /* ( */ ") LIKE '%" );
623 start = bsi->flt_where.bb_val.bv_len;
625 backsql_strfcat( &bsi->flt_where, "bl",
627 (ber_len_t)sizeof( /* (' */ "%')" ) - 1,
630 ldap_pvt_str2upper( &bsi->flt_where.bb_val.bv_val[ start ] );
633 backsql_strfcat( &bsi->flt_where, "cblbl",
636 (ber_len_t)sizeof( " LIKE '%" ) - 1,
639 (ber_len_t)sizeof( /* (' */ "%')" ) - 1,
645 /* unhandled filter type; should not happen */
647 backsql_strfcat( &bsi->flt_where, "l",
648 (ber_len_t)sizeof( "1=1" ) - 1, "1=1" );
654 if ( oc_attr.sel_expr.bv_val != NULL ) {
655 free( oc_attr.sel_expr.bv_val );
658 Debug( LDAP_DEBUG_TRACE, "<==backsql_process_filter()\n", 0, 0, 0 );
662 if ( oc_attr.sel_expr.bv_val != NULL ) {
663 free( oc_attr.sel_expr.bv_val );
665 Debug( LDAP_DEBUG_TRACE, "<==backsql_process_filter() returns -1\n",
671 backsql_srch_query( backsql_srch_info *bsi, struct berval *query )
673 backsql_info *bi = (backsql_info *)bsi->op->o_bd->be_private;
677 query->bv_val = NULL;
680 Debug( LDAP_DEBUG_TRACE, "==>backsql_srch_query()\n", 0, 0, 0 );
681 bsi->sel.bb_val.bv_val = NULL;
682 bsi->sel.bb_val.bv_len = 0;
684 bsi->from.bb_val.bv_val = NULL;
685 bsi->from.bb_val.bv_len = 0;
686 bsi->from.bb_len = 0;
687 bsi->join_where.bb_val.bv_val = NULL;
688 bsi->join_where.bb_val.bv_len = 0;
689 bsi->join_where.bb_len = 0;
690 bsi->flt_where.bb_val.bv_val = NULL;
691 bsi->flt_where.bb_val.bv_len = 0;
692 bsi->flt_where.bb_len = 0;
694 backsql_strfcat( &bsi->sel, "lbcbc",
695 (ber_len_t)sizeof( "SELECT DISTINCT ldap_entries.id," ) - 1,
696 "SELECT DISTINCT ldap_entries.id,",
702 if ( bi->strcast_func.bv_val ) {
703 backsql_strfcat( &bsi->sel, "blbl",
705 (ber_len_t)sizeof( "('" /* ') */ ) - 1,
707 &bsi->oc->oc->soc_cname,
708 (ber_len_t)sizeof( /* (' */ "')" ) - 1,
711 backsql_strfcat( &bsi->sel, "cbc",
713 &bsi->oc->oc->soc_cname,
716 backsql_strfcat( &bsi->sel, "l",
717 (ber_len_t)sizeof( " AS objectClass,ldap_entries.dn AS dn" ) - 1,
718 " AS objectClass,ldap_entries.dn AS dn" );
720 backsql_strfcat( &bsi->from, "lb",
721 (ber_len_t)sizeof( " FROM ldap_entries," ) - 1,
722 " FROM ldap_entries,",
725 backsql_strfcat( &bsi->join_where, "lbcbl",
726 (ber_len_t)sizeof( " WHERE " ) - 1, " WHERE ",
730 (ber_len_t)sizeof( "=ldap_entries.keyval AND ldap_entries.oc_map_id=? AND " ) - 1,
731 "=ldap_entries.keyval AND ldap_entries.oc_map_id=? AND " );
733 switch ( bsi->scope ) {
734 case LDAP_SCOPE_BASE:
735 if ( bi->upper_func.bv_val ) {
736 backsql_strfcat( &bsi->join_where, "blbcb",
738 (ber_len_t)sizeof( "(ldap_entries.dn)=" ) - 1,
739 "(ldap_entries.dn)=",
740 &bi->upper_func_open,
742 &bi->upper_func_close );
744 backsql_strfcat( &bsi->join_where, "l",
745 (ber_len_t)sizeof( "ldap_entries.dn=?" ) - 1,
746 "ldap_entries.dn=?" );
750 case LDAP_SCOPE_ONELEVEL:
751 backsql_strfcat( &bsi->join_where, "l",
752 (ber_len_t)sizeof( "ldap_entries.parent=?" ) - 1,
753 "ldap_entries.parent=?" );
756 case LDAP_SCOPE_SUBTREE:
757 if ( bi->upper_func.bv_val ) {
758 backsql_strfcat( &bsi->join_where, "blbcb",
760 (ber_len_t)sizeof( "(ldap_entries.dn) LIKE " ) - 1,
761 "(ldap_entries.dn) LIKE ",
762 &bi->upper_func_open,
764 &bi->upper_func_close );
766 backsql_strfcat( &bsi->join_where, "l",
767 (ber_len_t)sizeof( "ldap_entries.dn LIKE ?" ) - 1,
768 "ldap_entries.dn LIKE ?" );
777 rc = backsql_process_filter( bsi, bsi->filter );
779 struct berbuf bb = BB_NULL;
781 backsql_strfcat( &bb, "bbblb",
784 &bsi->join_where.bb_val,
785 (ber_len_t)sizeof( " AND " ) - 1, " AND ",
786 &bsi->flt_where.bb_val );
790 } else if ( rc < 0 ) {
792 * Indicates that there's no possible way the filter matches
793 * anything. No need to issue the query
795 free( query->bv_val );
796 query->bv_val = NULL;
799 free( bsi->sel.bb_val.bv_val );
800 bsi->sel.bb_val.bv_len = 0;
802 free( bsi->from.bb_val.bv_val );
803 bsi->from.bb_val.bv_len = 0;
804 bsi->from.bb_len = 0;
805 free( bsi->join_where.bb_val.bv_val );
806 bsi->join_where.bb_val.bv_len = 0;
807 bsi->join_where.bb_len = 0;
808 free( bsi->flt_where.bb_val.bv_val );
809 bsi->flt_where.bb_val.bv_len = 0;
810 bsi->flt_where.bb_len = 0;
812 Debug( LDAP_DEBUG_TRACE, "<==backsql_srch_query() returns %s\n",
813 query->bv_val ? query->bv_val : "NULL", 0, 0 );
815 return ( rc <= 0 ? 1 : 0 );
819 backsql_oc_get_candidates( void *v_oc, void *v_bsi )
821 backsql_oc_map_rec *oc = v_oc;
822 backsql_srch_info *bsi = v_bsi;
823 backsql_info *bi = (backsql_info *)bsi->op->o_bd->be_private;
827 backsql_entryID base_id, *c_id;
833 int n_candidates = bsi->n_candidates;
835 bsi->status = LDAP_SUCCESS;
837 Debug( LDAP_DEBUG_TRACE, "==>backsql_oc_get_candidates(): oc='%s'\n",
838 BACKSQL_OC_NAME( oc ), 0, 0 );
840 if ( bsi->n_candidates == -1 ) {
841 Debug( LDAP_DEBUG_TRACE, "backsql_oc_get_candidates(): "
842 "unchecked limit has been overcome\n", 0, 0, 0 );
843 /* should never get here */
845 bsi->status = LDAP_ADMINLIMIT_EXCEEDED;
850 res = backsql_srch_query( bsi, &query );
852 Debug( LDAP_DEBUG_TRACE, "backsql_oc_get_candidates(): "
853 "error while constructing query for objectclass '%s'\n",
854 oc->oc->soc_cname.bv_val, 0, 0 );
856 * FIXME: need to separate errors from legally
859 bsi->status = LDAP_SUCCESS;
860 return BACKSQL_CONTINUE;
863 if ( query.bv_val == NULL ) {
864 Debug( LDAP_DEBUG_TRACE, "backsql_oc_get_candidates(): "
865 "could not construct query for objectclass '%s'\n",
866 oc->oc->soc_cname.bv_val, 0, 0 );
867 bsi->status = LDAP_SUCCESS;
868 return BACKSQL_CONTINUE;
871 Debug( LDAP_DEBUG_TRACE, "Constructed query: %s\n",
872 query.bv_val, 0, 0 );
874 rc = backsql_Prepare( bsi->dbh, &sth, query.bv_val, 0 );
875 free( query.bv_val );
876 if ( rc != SQL_SUCCESS ) {
877 Debug( LDAP_DEBUG_TRACE, "backsql_oc_get_candidates(): "
878 "error preparing query\n", 0, 0, 0 );
879 backsql_PrintErrors( bi->db_env, bsi->dbh, sth, rc );
880 bsi->status = LDAP_OTHER;
881 return BACKSQL_CONTINUE;
884 Debug( LDAP_DEBUG_TRACE, "id: '%ld'\n", bsi->oc->id, 0, 0 );
886 if ( backsql_BindParamID( sth, 1, &bsi->oc->id ) != SQL_SUCCESS ) {
887 Debug( LDAP_DEBUG_TRACE, "backsql_oc_get_candidates(): "
888 "error binding objectclass id parameter\n", 0, 0, 0 );
889 bsi->status = LDAP_OTHER;
890 return BACKSQL_CONTINUE;
893 switch ( bsi->scope ) {
894 case LDAP_SCOPE_BASE:
895 Debug( LDAP_DEBUG_TRACE, "(base)dn: '%s'\n",
896 bsi->base_dn->bv_val, 0, 0 );
898 rc = backsql_BindParamStr( sth, 2, bsi->base_dn->bv_val,
899 BACKSQL_MAX_DN_LEN );
900 if ( rc != SQL_SUCCESS ) {
901 Debug( LDAP_DEBUG_TRACE, "backsql_oc_get_candidates(): "
902 "error binding base_dn parameter\n", 0, 0, 0 );
903 backsql_PrintErrors( bi->db_env, bsi->dbh,
905 bsi->status = LDAP_OTHER;
906 return BACKSQL_CONTINUE;
910 case LDAP_SCOPE_SUBTREE: {
913 * + 1 because we need room for '%'; this makes a subtree
914 * search for a DN BACKSQL_MAX_DN_LEN long legal
915 * if it returns that DN only
917 char temp_base_dn[ BACKSQL_MAX_DN_LEN + 1 + 1 ];
920 * We do not accept DNs longer than BACKSQL_MAX_DN_LEN;
921 * however this should be handled earlier
923 assert( bsi->base_dn->bv_len <= BACKSQL_MAX_DN_LEN );
926 * Sets the parameters for the SQL built earlier
927 * NOTE that all the databases could actually use
928 * the TimesTen version, which would be cleaner
929 * and would also eliminate the need for the
930 * subtree_cond line in the configuration file.
931 * For now, I'm leaving it the way it is,
932 * so non-TimesTen databases use the original code.
933 * But at some point this should get cleaned up.
935 * If "dn" is being used, do a suffix search.
936 * If "dn_ru" is being used, do a prefix search.
938 if ( BACKSQL_HAS_LDAPINFO_DN_RU( bi ) ) {
939 temp_base_dn[ 0 ] = '\0';
940 for ( i = 0, j = bsi->base_dn->bv_len - 1;
942 temp_base_dn[ i ] = bsi->base_dn->bv_val[ j ];
944 temp_base_dn[ i ] = '%';
945 temp_base_dn[ i + 1 ] = '\0';
948 temp_base_dn[ 0 ] = '%';
949 AC_MEMCPY( &temp_base_dn[ 1 ], bsi->base_dn->bv_val,
950 bsi->base_dn->bv_len + 1 );
952 ldap_pvt_str2upper( temp_base_dn );
954 Debug( LDAP_DEBUG_TRACE, "(sub)dn: '%s'\n", temp_base_dn,
957 rc = backsql_BindParamStr( sth, 2, temp_base_dn,
958 BACKSQL_MAX_DN_LEN );
959 if ( rc != SQL_SUCCESS ) {
960 Debug( LDAP_DEBUG_TRACE, "backsql_oc_get_candidates(): "
961 "error binding base_dn parameter (2)\n",
963 backsql_PrintErrors( bi->db_env, bsi->dbh,
965 bsi->status = LDAP_OTHER;
966 return BACKSQL_CONTINUE;
971 case LDAP_SCOPE_ONELEVEL:
972 res = backsql_dn2id( bi, &base_id,
973 bsi->dbh, bsi->base_dn );
974 if ( res != LDAP_SUCCESS ) {
975 Debug( LDAP_DEBUG_TRACE, "backsql_oc_get_candidates(): "
976 "could not retrieve base_dn id%s\n",
977 res == LDAP_NO_SUCH_OBJECT ? ": no such entry"
980 return BACKSQL_CONTINUE;
983 Debug( LDAP_DEBUG_TRACE, "(one)id: '%lu'\n", base_id.id,
986 rc = backsql_BindParamID( sth, 2, &base_id.id );
987 backsql_free_entryID( &base_id, 0 );
988 if ( rc != SQL_SUCCESS ) {
989 Debug( LDAP_DEBUG_TRACE, "backsql_oc_get_candidates(): "
990 "error binding base id parameter\n", 0, 0, 0 );
991 bsi->status = LDAP_OTHER;
992 return BACKSQL_CONTINUE;
997 rc = SQLExecute( sth );
998 if ( !BACKSQL_SUCCESS( rc ) ) {
999 Debug( LDAP_DEBUG_TRACE, "backsql_oc_get_candidates(): "
1000 "error executing query\n", 0, 0, 0 );
1001 backsql_PrintErrors( bi->db_env, bsi->dbh, sth, rc );
1002 SQLFreeStmt( sth, SQL_DROP );
1003 bsi->status = LDAP_OTHER;
1004 return BACKSQL_CONTINUE;
1007 backsql_BindRowAsStrings( sth, &row );
1008 rc = SQLFetch( sth );
1009 for ( ; BACKSQL_SUCCESS( rc ); rc = SQLFetch( sth ) ) {
1010 c_id = (backsql_entryID *)ch_calloc( 1,
1011 sizeof( backsql_entryID ) );
1012 c_id->id = strtol( row.cols[ 0 ], NULL, 0 );
1013 c_id->keyval = strtol( row.cols[ 1 ], NULL, 0 );
1014 c_id->oc_id = bsi->oc->id;
1015 ber_str2bv( row.cols[ 3 ], 0, 1, &c_id->dn );
1016 c_id->next = bsi->id_list;
1017 bsi->id_list = c_id;
1018 bsi->n_candidates--;
1020 Debug( LDAP_DEBUG_TRACE, "backsql_oc_get_candidates(): "
1021 "added entry id=%ld, keyval=%ld dn='%s'\n",
1022 c_id->id, c_id->keyval, row.cols[ 3 ] );
1024 if ( bsi->n_candidates == -1 ) {
1028 backsql_FreeRow( &row );
1029 SQLFreeStmt( sth, SQL_DROP );
1031 Debug( LDAP_DEBUG_TRACE, "<==backsql_oc_get_candidates(): %d\n",
1032 n_candidates - bsi->n_candidates, 0, 0 );
1034 return ( bsi->n_candidates == -1 ? BACKSQL_STOP : BACKSQL_CONTINUE );
1038 backsql_search( Operation *op, SlapReply *rs )
1040 backsql_info *bi = (backsql_info *)op->o_bd->be_private;
1045 time_t stoptime = 0;
1046 backsql_srch_info srch_info;
1047 backsql_entryID *eid = NULL;
1048 struct slap_limits_set *limit = NULL;
1051 manageDSAit = get_manageDSAit( op );
1053 Debug( LDAP_DEBUG_TRACE, "==>backsql_search(): "
1054 "base='%s', filter='%s', scope=%d,",
1055 op->o_req_ndn.bv_val,
1056 op->oq_search.rs_filterstr.bv_val,
1057 op->oq_search.rs_scope );
1058 Debug( LDAP_DEBUG_TRACE, " deref=%d, attrsonly=%d, "
1059 "attributes to load: %s\n",
1060 op->oq_search.rs_deref,
1061 op->oq_search.rs_attrsonly,
1062 op->oq_search.rs_attrs == NULL ? "all" : "custom list" );
1064 if ( op->o_req_ndn.bv_len > BACKSQL_MAX_DN_LEN ) {
1065 Debug( LDAP_DEBUG_TRACE, "backsql_search(): "
1066 "search base length (%ld) exceeds max length (%ld)\n",
1067 op->o_req_ndn.bv_len, BACKSQL_MAX_DN_LEN, 0 );
1069 * FIXME: a LDAP_NO_SUCH_OBJECT could be appropriate
1070 * since it is impossible that such a long DN exists
1073 rs->sr_err = LDAP_ADMINLIMIT_EXCEEDED;
1074 send_ldap_result( op, rs );
1078 sres = backsql_get_db_conn( op, &dbh );
1079 if ( sres != LDAP_SUCCESS ) {
1080 Debug( LDAP_DEBUG_TRACE, "backsql_search(): "
1081 "could not get connection handle - exiting\n",
1084 rs->sr_text = sres == LDAP_OTHER ? "SQL-backend error" : NULL;
1085 send_ldap_result( op, rs );
1089 /* if not root, get appropriate limits */
1090 if ( be_isroot( op->o_bd, &op->o_ndn ) ) {
1093 ( void ) get_limits( op->o_bd, &op->o_ndn, &limit );
1096 /* The time/size limits come first because they require very little
1097 * effort, so there's no chance the candidates are selected and then
1098 * the request is not honored only because of time/size constraints */
1100 /* if no time limit requested, use soft limit (unless root!) */
1102 if ( op->oq_search.rs_tlimit == 0 ) {
1103 op->oq_search.rs_tlimit = -1; /* allow root to set no limit */
1106 if ( op->oq_search.rs_slimit == 0 ) {
1107 op->oq_search.rs_slimit = -1;
1111 /* if no limit is required, use soft limit */
1112 if ( op->oq_search.rs_tlimit <= 0 ) {
1113 op->oq_search.rs_tlimit = limit->lms_t_soft;
1115 /* if requested limit higher than hard limit, abort */
1116 } else if ( op->oq_search.rs_tlimit > limit->lms_t_hard ) {
1117 /* no hard limit means use soft instead */
1118 if ( limit->lms_t_hard == 0
1119 && limit->lms_t_soft > -1
1120 && op->oq_search.rs_tlimit > limit->lms_t_soft ) {
1121 op->oq_search.rs_tlimit = limit->lms_t_soft;
1123 /* positive hard limit means abort */
1124 } else if ( limit->lms_t_hard > 0 ) {
1125 rs->sr_err = LDAP_ADMINLIMIT_EXCEEDED;
1126 send_ldap_result( op, rs );
1130 /* negative hard limit means no limit */
1133 /* if no limit is required, use soft limit */
1134 if ( op->oq_search.rs_slimit <= 0 ) {
1135 op->oq_search.rs_slimit = limit->lms_s_soft;
1137 /* if requested limit higher than hard limit, abort */
1138 } else if ( op->oq_search.rs_slimit > limit->lms_s_hard ) {
1139 /* no hard limit means use soft instead */
1140 if ( limit->lms_s_hard == 0
1141 && limit->lms_s_soft > -1
1142 && op->oq_search.rs_slimit > limit->lms_s_soft ) {
1143 op->oq_search.rs_slimit = limit->lms_s_soft;
1145 /* positive hard limit means abort */
1146 } else if ( limit->lms_s_hard > 0 ) {
1147 rs->sr_err = LDAP_ADMINLIMIT_EXCEEDED;
1148 send_ldap_result( op, rs );
1152 /* negative hard limit means no limit */
1156 /* compute it anyway; root does not use it */
1157 stoptime = op->o_time + op->oq_search.rs_tlimit;
1159 backsql_init_search( &srch_info, &op->o_req_dn,
1160 op->oq_search.rs_scope,
1161 op->oq_search.rs_slimit, op->oq_search.rs_tlimit,
1162 stoptime, op->oq_search.rs_filter,
1163 dbh, op, op->oq_search.rs_attrs );
1166 * for each objectclass we try to construct query which gets IDs
1167 * of entries matching LDAP query filter and scope (or at least
1168 * candidates), and get the IDs
1170 srch_info.n_candidates = ( isroot ? -2 : limit->lms_s_unchecked == -1
1171 ? -2 : limit->lms_s_unchecked );
1172 avl_apply( bi->oc_by_oc, backsql_oc_get_candidates,
1173 &srch_info, BACKSQL_STOP, AVL_INORDER );
1174 if ( !isroot && limit->lms_s_unchecked != -1 ) {
1175 if ( srch_info.n_candidates == -1 ) {
1176 rs->sr_err = LDAP_ADMINLIMIT_EXCEEDED;
1177 send_ldap_result( op, rs );
1183 * now we load candidate entries (only those attributes
1184 * mentioned in attrs and filter), test it against full filter
1185 * and then send to client
1187 for ( eid = srch_info.id_list; eid != NULL;
1188 eid = backsql_free_entryID( eid, 1 ) ) {
1189 Attribute *hasSubordinate = NULL,
1192 /* check for abandon */
1193 if ( op->o_abandon ) {
1197 /* check time limit */
1198 if ( op->oq_search.rs_tlimit != -1 && slap_get_time() > stoptime ) {
1199 rs->sr_err = LDAP_TIMELIMIT_EXCEEDED;
1200 rs->sr_ctrls = NULL;
1201 rs->sr_ref = rs->sr_v2ref;
1202 rs->sr_err = (rs->sr_v2ref == NULL) ? LDAP_SUCCESS
1204 send_ldap_result( op, rs );
1208 Debug(LDAP_DEBUG_TRACE, "backsql_search(): loading data "
1209 "for entry id=%ld, oc_id=%ld, keyval=%ld\n",
1210 eid->id, eid->oc_id, eid->keyval );
1212 entry = (Entry *)ch_calloc( sizeof( Entry ), 1 );
1213 res = backsql_id2entry( &srch_info, entry, eid );
1214 if ( res == NULL ) {
1215 Debug( LDAP_DEBUG_TRACE, "backsql_search(): "
1216 "error in backsql_id2entry() "
1217 "- skipping entry\n", 0, 0, 0 );
1221 if ( !manageDSAit &&
1222 op->oq_search.rs_scope != LDAP_SCOPE_BASE &&
1223 is_entry_referral( entry ) ) {
1225 struct berval matched_dn;
1227 ber_dupbv( &matched_dn, &entry->e_name );
1228 refs = get_entry_referrals( op, entry );
1230 rs->sr_ref = referral_rewrite( refs,
1231 &matched_dn, &op->o_req_dn,
1232 op->oq_search.rs_scope );
1233 ber_bvarray_free( refs );
1237 rs->sr_text = "bad_referral object";
1240 rs->sr_err = LDAP_REFERRAL;
1241 rs->sr_matched = matched_dn.bv_val;
1242 send_search_reference( op, rs );
1244 ber_bvarray_free( rs->sr_ref );
1246 ber_memfree( matched_dn.bv_val );
1247 rs->sr_matched = NULL;
1253 * We use this flag since we need to parse the filter
1254 * anyway; we should have used the frontend API function
1255 * filter_has_subordinates()
1257 if ( srch_info.bsi_flags & BSQL_SF_FILTER_HASSUBORDINATE ) {
1260 rc = backsql_has_children( bi, dbh, &entry->e_nname );
1263 case LDAP_COMPARE_TRUE:
1264 case LDAP_COMPARE_FALSE:
1265 hasSubordinate = slap_operational_hasSubordinate( rc == LDAP_COMPARE_TRUE );
1266 if ( hasSubordinate != NULL ) {
1267 for ( a = entry->e_attrs;
1271 a->a_next = hasSubordinate;
1277 Debug(LDAP_DEBUG_TRACE,
1278 "backsql_search(): "
1279 "has_children failed( %d)\n",
1290 if ( test_filter( op, entry, op->oq_search.rs_filter )
1291 == LDAP_COMPARE_TRUE ) {
1292 if ( hasSubordinate && !( srch_info.bsi_flags & BSQL_SF_ALL_OPER )
1293 && !ad_inlist( slap_schema.si_ad_hasSubordinates, op->oq_search.rs_attrs ) ) {
1295 attr_free( hasSubordinate );
1296 hasSubordinate = NULL;
1299 #if 0 /* noop is masked SLAP_CTRL_UPDATE */
1304 rs->sr_attrs = op->oq_search.rs_attrs;
1305 rs->sr_entry = entry;
1306 sres = send_search_entry( op, rs );
1307 rs->sr_entry = NULL;
1308 rs->sr_attrs = NULL;
1318 Debug( LDAP_DEBUG_TRACE, "backsql_search(): "
1319 "connection lost\n", 0, 0, 0 );
1324 * FIXME: send_search_entry failed;
1330 entry_free( entry );
1332 if ( op->oq_search.rs_slimit != -1
1333 && rs->sr_nentries >= op->oq_search.rs_slimit ) {
1334 rs->sr_err = LDAP_SIZELIMIT_EXCEEDED;
1335 send_ldap_result( op, rs );
1342 if ( rs->sr_nentries > 0 ) {
1343 rs->sr_ref = rs->sr_v2ref;
1344 rs->sr_err = (rs->sr_v2ref == NULL) ? LDAP_SUCCESS
1347 rs->sr_err = srch_info.status;
1349 send_ldap_result( op, rs );
1351 if ( rs->sr_v2ref ) {
1352 ber_bvarray_free( rs->sr_v2ref );
1353 rs->sr_v2ref = NULL;
1357 ch_free( srch_info.attrs );
1359 Debug( LDAP_DEBUG_TRACE, "<==backsql_search()\n", 0, 0, 0 );
1363 #endif /* SLAPD_SQL */