2 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
4 * Copyright 1999-2004 The OpenLDAP Foundation.
5 * Portions Copyright 1999 Dmitry Kovalev.
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted only as authorized by the OpenLDAP
12 * A copy of this license is available in the file LICENSE in the
13 * top-level directory of the distribution or, alternatively, at
14 * <http://www.OpenLDAP.org/license.html>.
17 * This work was initially developed by Dmitry Kovalev for inclusion
18 * by OpenLDAP Software.
26 #include <sys/types.h>
27 #include "ac/string.h"
32 #include "proto-sql.h"
34 #define BACKSQL_STOP 0
35 #define BACKSQL_CONTINUE 1
37 static int backsql_process_filter( backsql_srch_info *bsi, Filter *f );
39 static int backsql_process_filter_attr( backsql_srch_info *bsi, Filter *f,
40 backsql_at_map_rec *at );
43 backsql_attrlist_add( backsql_srch_info *bsi, AttributeDescription *ad )
46 AttributeName *an = NULL;
48 if ( bsi->bsi_attrs == NULL ) {
53 * clear the list (retrieve all attrs)
56 ch_free( bsi->bsi_attrs );
57 bsi->bsi_attrs = NULL;
61 for ( ; bsi->bsi_attrs[ n_attrs ].an_name.bv_val; n_attrs++ ) {
62 an = &bsi->bsi_attrs[ n_attrs ];
64 Debug( LDAP_DEBUG_TRACE, "==>backsql_attrlist_add(): "
65 "attribute '%s' is in list\n",
66 an->an_name.bv_val, 0, 0 );
68 * We can live with strcmp because the attribute
69 * list has been normalized before calling be_search
71 if ( !BACKSQL_NCMP( &an->an_name, &ad->ad_cname ) ) {
76 Debug( LDAP_DEBUG_TRACE, "==>backsql_attrlist_add(): "
77 "adding '%s' to list\n", ad->ad_cname.bv_val, 0, 0 );
79 an = (AttributeName *)ch_realloc( bsi->bsi_attrs,
80 sizeof( AttributeName ) * ( n_attrs + 2 ) );
85 an[ n_attrs ].an_name = ad->ad_cname;
86 an[ n_attrs ].an_desc = ad;
87 an[ n_attrs + 1 ].an_name.bv_val = NULL;
88 an[ n_attrs + 1 ].an_name.bv_len = 0;
97 backsql_srch_info *bsi,
106 AttributeName *attrs )
110 bsi->bsi_base_dn = base;
111 bsi->bsi_scope = scope;
112 bsi->bsi_slimit = slimit;
113 bsi->bsi_tlimit = tlimit;
114 bsi->bsi_filter = filter;
122 if ( attrs == NULL || an_find( attrs, &AllUser ) ) {
123 bsi->bsi_attrs = NULL;
126 bsi->bsi_attrs = (AttributeName *)ch_calloc( 1,
127 sizeof( AttributeName ) );
128 bsi->bsi_attrs[ 0 ].an_name.bv_val = NULL;
129 bsi->bsi_attrs[ 0 ].an_name.bv_len = 0;
131 for ( p = attrs; p->an_name.bv_val; p++ ) {
133 * ignore "1.1"; handle "+"
135 if ( BACKSQL_NCMP( &p->an_name, &AllOper ) == 0 ) {
136 bsi->bsi_flags |= BSQL_SF_ALL_OPER;
139 } else if ( BACKSQL_NCMP( &p->an_name, &NoAttrs ) == 0 ) {
143 backsql_attrlist_add( bsi, p->an_desc );
147 bsi->bsi_abandon = 0;
148 bsi->bsi_id_list = NULL;
149 bsi->bsi_n_candidates = 0;
150 bsi->bsi_stoptime = stoptime;
151 bsi->bsi_sel.bb_val.bv_val = NULL;
152 bsi->bsi_sel.bb_val.bv_len = 0;
153 bsi->bsi_sel.bb_len = 0;
154 bsi->bsi_from.bb_val.bv_val = NULL;
155 bsi->bsi_from.bb_val.bv_len = 0;
156 bsi->bsi_from.bb_len = 0;
157 bsi->bsi_join_where.bb_val.bv_val = NULL;
158 bsi->bsi_join_where.bb_val.bv_len = 0;
159 bsi->bsi_join_where.bb_len = 0;
160 bsi->bsi_flt_where.bb_val.bv_val = NULL;
161 bsi->bsi_flt_where.bb_val.bv_len = 0;
162 bsi->bsi_flt_where.bb_len = 0;
163 bsi->bsi_filter_oc = NULL;
165 bsi->bsi_status = LDAP_SUCCESS;
169 backsql_process_filter_list( backsql_srch_info *bsi, Filter *f, int op )
177 backsql_strfcat( &bsi->bsi_flt_where, "c", '(' /* ) */ );
180 res = backsql_process_filter( bsi, f );
183 * TimesTen : If the query has no answers,
184 * don't bother to run the query.
195 case LDAP_FILTER_AND:
196 backsql_strfcat( &bsi->bsi_flt_where, "l",
197 (ber_len_t)sizeof( " AND " ) - 1,
202 backsql_strfcat( &bsi->bsi_flt_where, "l",
203 (ber_len_t)sizeof( " OR " ) - 1,
209 backsql_strfcat( &bsi->bsi_flt_where, "c", /* ( */ ')' );
215 backsql_process_sub_filter( backsql_srch_info *bsi, Filter *f,
216 backsql_at_map_rec *at )
218 #ifdef BACKSQL_UPPERCASE_FILTER
219 backsql_info *bi = (backsql_info *)bsi->bsi_op->o_bd->be_private;
220 #endif /* BACKSQL_UPPERCASE_FILTER */
228 /* always uppercase strings by now */
229 #ifdef BACKSQL_UPPERCASE_FILTER
230 if ( SLAP_MR_ASSOCIATED( f->f_sub_desc->ad_type->sat_substr,
231 bi->bi_caseIgnoreMatch ) )
232 #endif /* BACKSQL_UPPERCASE_FILTER */
238 * When dealing with case-sensitive strings
239 * we may omit normalization; however, normalized
240 * SQL filters are more liberal.
243 backsql_strfcat( &bsi->bsi_flt_where, "c", '(' /* ) */ );
246 Debug( LDAP_DEBUG_TRACE, "expr: '%s%s%s'\n", at->bam_sel_expr.bv_val,
247 at->bam_sel_expr_u.bv_val ? "' '" : "",
248 at->bam_sel_expr_u.bv_val ? at->bam_sel_expr_u.bv_val : "" );
249 if ( casefold && BACKSQL_AT_CANUPPERCASE( at ) ) {
251 * If a pre-upper-cased version of the column
252 * or a precompiled upper function exists, use it
254 backsql_strfcat( &bsi->bsi_flt_where,
257 (ber_len_t)sizeof( " LIKE '" ) - 1,
261 backsql_strfcat( &bsi->bsi_flt_where, "bl",
263 (ber_len_t)sizeof( " LIKE '" ) - 1, " LIKE '" );
266 if ( f->f_sub_initial.bv_val != NULL ) {
269 start = bsi->bsi_flt_where.bb_val.bv_len;
270 backsql_strfcat( &bsi->bsi_flt_where, "b",
272 if ( casefold && BACKSQL_AT_CANUPPERCASE( at ) ) {
273 ldap_pvt_str2upper( &bsi->bsi_flt_where.bb_val.bv_val[ start ] );
277 backsql_strfcat( &bsi->bsi_flt_where, "c", '%' );
279 if ( f->f_sub_any != NULL ) {
280 for ( i = 0; f->f_sub_any[ i ].bv_val != NULL; i++ ) {
284 Debug( LDAP_DEBUG_TRACE,
285 "==>backsql_process_sub_filter(%s): "
286 "sub_any='%s'\n", at->bam_ad->ad_cname.bv_val,
287 f->f_sub_any[ i ].bv_val, 0 );
288 #endif /* BACKSQL_TRACE */
290 start = bsi->bsi_flt_where.bb_val.bv_len;
291 backsql_strfcat( &bsi->bsi_flt_where,
295 if ( casefold && BACKSQL_AT_CANUPPERCASE( at ) ) {
297 * Note: toupper('%') = '%'
299 ldap_pvt_str2upper( &bsi->bsi_flt_where.bb_val.bv_val[ start ] );
303 if ( f->f_sub_final.bv_val != NULL ) {
306 start = bsi->bsi_flt_where.bb_val.bv_len;
307 backsql_strfcat( &bsi->bsi_flt_where, "b",
309 if ( casefold && BACKSQL_AT_CANUPPERCASE( at ) ) {
310 ldap_pvt_str2upper( &bsi->bsi_flt_where.bb_val.bv_val[ start ] );
315 backsql_strfcat( &bsi->bsi_flt_where, "l",
316 (ber_len_t)sizeof( /* (' */ "')" ) - 1, /* ( */ "')" );
322 backsql_process_filter( backsql_srch_info *bsi, Filter *f )
324 backsql_at_map_rec **vat = NULL;
325 AttributeDescription *ad = NULL;
330 Debug( LDAP_DEBUG_TRACE, "==>backsql_process_filter()\n", 0, 0, 0 );
331 if ( f->f_choice == SLAPD_FILTER_COMPUTED ) {
332 Debug( LDAP_DEBUG_TRACE, "backsql_process_filter(): "
333 "invalid filter\n", 0, 0, 0 );
338 switch( f->f_choice ) {
340 rc = backsql_process_filter_list( bsi, f->f_or,
345 case LDAP_FILTER_AND:
346 rc = backsql_process_filter_list( bsi, f->f_and,
351 case LDAP_FILTER_NOT:
352 backsql_strfcat( &bsi->bsi_flt_where, "l",
353 (ber_len_t)sizeof( "NOT (" /* ) */ ) - 1,
355 rc = backsql_process_filter( bsi, f->f_not );
356 backsql_strfcat( &bsi->bsi_flt_where, "c", /* ( */ ')' );
360 case LDAP_FILTER_PRESENT:
364 case LDAP_FILTER_EXT:
365 ad = f->f_mra->ma_desc;
366 if ( f->f_mr_dnattrs ) {
368 * if dn attrs filtering is requested, better return
369 * success and let test_filter() deal with candidate
370 * selection; otherwise we'd need to set conditions
371 * on the contents of the DN, e.g. "SELECT ... FROM
372 * ldap_entries AS attributeName WHERE attributeName.dn
373 * like '%attributeName=value%'"
375 backsql_strfcat( &bsi->bsi_flt_where, "l",
376 (ber_len_t)sizeof( "1=1" ) - 1, "1=1" );
377 bsi->bsi_status = LDAP_SUCCESS;
398 * Turn structuralObjectClass into objectClass
400 if ( ad == slap_schema.si_ad_objectClass
401 || ad == slap_schema.si_ad_structuralObjectClass ) {
403 * If the filter is LDAP_FILTER_PRESENT, then it's done;
404 * otherwise, let's see if we are lucky: filtering
405 * for "structural" objectclass or ancestor...
407 switch ( f->f_choice ) {
408 case LDAP_FILTER_EQUALITY:
410 ObjectClass *oc = oc_bvfind( &f->f_av_value );
413 Debug( LDAP_DEBUG_TRACE,
414 "backsql_process_filter(): "
415 "unknown objectClass \"%s\" "
417 f->f_av_value.bv_val, 0, 0 );
418 bsi->bsi_status = LDAP_OTHER;
424 * "structural" objectClass inheritance:
425 * - a search for "person" will also return
427 * - a search for "top" will return everything
429 if ( is_object_subclass( oc, bsi->bsi_oc->bom_oc ) ) {
430 goto filter_oc_success;
436 case LDAP_FILTER_PRESENT:
438 backsql_strfcat( &bsi->bsi_flt_where, "l",
439 (ber_len_t)sizeof( "1=1" ) - 1, "1=1" );
440 bsi->bsi_status = LDAP_SUCCESS;
445 Debug( LDAP_DEBUG_TRACE,
446 "backsql_process_filter(): "
447 "illegal/unhandled filter "
448 "on objectClass attribute",
450 bsi->bsi_status = LDAP_OTHER;
455 } else if ( ad == slap_schema.si_ad_hasSubordinates || ad == NULL ) {
457 * FIXME: this is not robust; e.g. a filter
458 * '(!(hasSubordinates=TRUE))' fails because
459 * in SQL it would read 'NOT (1=1)' instead
461 * Note however that hasSubordinates is boolean,
462 * so a more appropriate filter would be
463 * '(hasSubordinates=FALSE)'
465 * A more robust search for hasSubordinates
466 * would * require joining the ldap_entries table
467 * selecting if there are descendants of the
470 backsql_strfcat( &bsi->bsi_flt_where, "l",
471 (ber_len_t)sizeof( "1=1" ) - 1, "1=1" );
472 if ( ad == slap_schema.si_ad_hasSubordinates ) {
474 * instruct candidate selection algorithm
475 * and attribute list to try to detect
476 * if an entry has subordinates
478 bsi->bsi_flags |= BSQL_SF_FILTER_HASSUBORDINATE;
482 * clear attributes to fetch, to require ALL
483 * and try extended match on all attributes
485 backsql_attrlist_add( bsi, NULL );
492 * attribute inheritance:
494 if ( backsql_supad2at( bsi->bsi_oc, ad, &vat ) ) {
495 bsi->bsi_status = LDAP_OTHER;
501 /* search anyway; other parts of the filter
503 backsql_strfcat( &bsi->bsi_flt_where, "l",
504 (ber_len_t)sizeof( "1=1" ) - 1, "1=1" );
505 bsi->bsi_status = LDAP_SUCCESS;
510 /* if required, open extra level of parens */
512 if ( vat[0]->bam_next || vat[1] ) {
513 backsql_strfcat( &bsi->bsi_flt_where, "c", '(' );
520 if ( backsql_process_filter_attr( bsi, f, vat[i] ) == -1 ) {
524 /* if more definitions of the same attr, apply */
525 if ( vat[i]->bam_next ) {
526 backsql_strfcat( &bsi->bsi_flt_where, "l",
527 sizeof( " OR " ) - 1, " OR " );
528 vat[i] = vat[i]->bam_next;
532 /* if more descendants of the same attr, apply */
535 backsql_strfcat( &bsi->bsi_flt_where, "l",
536 sizeof( " OR " ) - 1, " OR " );
540 /* if needed, close extra level of parens */
542 backsql_strfcat( &bsi->bsi_flt_where, "c", ')' );
552 Debug( LDAP_DEBUG_TRACE,
553 "<==backsql_process_filter() %s\n",
554 rc == 1 ? "succeeded" : "failed", 0, 0);
560 backsql_process_filter_attr( backsql_srch_info *bsi, Filter *f, backsql_at_map_rec *at )
563 struct berval *filter_value = NULL;
564 MatchingRule *matching_rule = NULL;
565 struct berval ordering = BER_BVC("<=");
567 Debug( LDAP_DEBUG_TRACE, "==>backsql_process_filter_attr(%s)\n",
568 at->bam_ad->ad_cname.bv_val, 0, 0 );
570 backsql_merge_from_clause( &bsi->bsi_from, &at->bam_from_tbls );
573 * need to add this attribute to list of attrs to load,
574 * so that we can do test_filter() later
576 backsql_attrlist_add( bsi, at->bam_ad );
578 if ( at->bam_join_where.bv_val != NULL
579 && strstr( bsi->bsi_join_where.bb_val.bv_val, at->bam_join_where.bv_val ) == NULL ) {
580 backsql_strfcat( &bsi->bsi_join_where, "lb",
581 (ber_len_t)sizeof( " AND " ) - 1, " AND ",
582 &at->bam_join_where );
585 switch ( f->f_choice ) {
586 case LDAP_FILTER_EQUALITY:
587 filter_value = &f->f_av_value;
588 matching_rule = at->bam_ad->ad_type->sat_equality;
592 /* fail over into next case */
594 case LDAP_FILTER_EXT:
595 filter_value = &f->f_mra->ma_value;
596 matching_rule = f->f_mr_rule;
599 /* always uppercase strings by now */
600 #ifdef BACKSQL_UPPERCASE_FILTER
601 if ( SLAP_MR_ASSOCIATED( matching_rule,
602 bi->bi_caseIgnoreMatch ) )
603 #endif /* BACKSQL_UPPERCASE_FILTER */
609 * maybe we should check type of at->sel_expr here somehow,
610 * to know whether upper_func is applicable, but for now
611 * upper_func stuff is made for Oracle, where UPPER is
612 * safely applicable to NUMBER etc.
614 if ( casefold && BACKSQL_AT_CANUPPERCASE( at ) ) {
617 backsql_strfcat( &bsi->bsi_flt_where, "cbl",
620 (ber_len_t)sizeof( "='" ) - 1,
623 start = bsi->bsi_flt_where.bb_val.bv_len;
625 backsql_strfcat( &bsi->bsi_flt_where, "bl",
627 (ber_len_t)sizeof( /* (' */ "')" ) - 1,
630 ldap_pvt_str2upper( &bsi->bsi_flt_where.bb_val.bv_val[ start ] );
633 backsql_strfcat( &bsi->bsi_flt_where, "cblbl",
636 (ber_len_t)sizeof( "='" ) - 1, "='",
638 (ber_len_t)sizeof( /* (' */ "')" ) - 1,
644 ordering.bv_val = ">=";
646 /* fall thru to next case */
649 /* always uppercase strings by now */
650 #ifdef BACKSQL_UPPERCASE_FILTER
651 if ( SLAP_MR_ASSOCIATED( at->bam_ad->ad_type->sat_ordering,
652 bi->bi_caseIgnoreMatch ) )
653 #endif /* BACKSQL_UPPERCASE_FILTER */
659 * FIXME: should we uppercase the operands?
661 if ( casefold && BACKSQL_AT_CANUPPERCASE( at ) ) {
664 backsql_strfcat( &bsi->bsi_flt_where, "cbbc",
670 start = bsi->bsi_flt_where.bb_val.bv_len;
672 backsql_strfcat( &bsi->bsi_flt_where, "bl",
674 (ber_len_t)sizeof( /* (' */ "')" ) - 1,
677 ldap_pvt_str2upper( &bsi->bsi_flt_where.bb_val.bv_val[ start ] );
680 backsql_strfcat( &bsi->bsi_flt_where, "cbbcbl",
686 (ber_len_t)sizeof( /* (' */ "')" ) - 1,
691 case LDAP_FILTER_PRESENT:
692 backsql_strfcat( &bsi->bsi_flt_where, "lbl",
693 (ber_len_t)sizeof( "NOT (" /* ) */) - 1,
696 (ber_len_t)sizeof( /* ( */ " IS NULL)" ) - 1,
697 /* ( */ " IS NULL)" );
700 case LDAP_FILTER_SUBSTRINGS:
701 backsql_process_sub_filter( bsi, f, at );
704 case LDAP_FILTER_APPROX:
708 * maybe we should check type of at->sel_expr here somehow,
709 * to know whether upper_func is applicable, but for now
710 * upper_func stuff is made for Oracle, where UPPER is
711 * safely applicable to NUMBER etc.
713 if ( at->bam_sel_expr_u.bv_val ) {
716 backsql_strfcat( &bsi->bsi_flt_where, "cbl",
719 (ber_len_t)sizeof( " LIKE '%" ) - 1,
722 start = bsi->bsi_flt_where.bb_val.bv_len;
724 backsql_strfcat( &bsi->bsi_flt_where, "bl",
726 (ber_len_t)sizeof( /* (' */ "%')" ) - 1,
729 ldap_pvt_str2upper( &bsi->bsi_flt_where.bb_val.bv_val[ start ] );
732 backsql_strfcat( &bsi->bsi_flt_where, "cblbl",
735 (ber_len_t)sizeof( " LIKE '%" ) - 1,
738 (ber_len_t)sizeof( /* (' */ "%')" ) - 1,
744 /* unhandled filter type; should not happen */
746 backsql_strfcat( &bsi->bsi_flt_where, "l",
747 (ber_len_t)sizeof( "1=1" ) - 1, "1=1" );
752 Debug( LDAP_DEBUG_TRACE, "<==backsql_process_filter_attr(%s)\n",
753 at->bam_ad->ad_cname.bv_val, 0, 0 );
759 backsql_srch_query( backsql_srch_info *bsi, struct berval *query )
761 backsql_info *bi = (backsql_info *)bsi->bsi_op->o_bd->be_private;
765 query->bv_val = NULL;
768 Debug( LDAP_DEBUG_TRACE, "==>backsql_srch_query()\n", 0, 0, 0 );
769 bsi->bsi_sel.bb_val.bv_val = NULL;
770 bsi->bsi_sel.bb_val.bv_len = 0;
771 bsi->bsi_sel.bb_len = 0;
772 bsi->bsi_from.bb_val.bv_val = NULL;
773 bsi->bsi_from.bb_val.bv_len = 0;
774 bsi->bsi_from.bb_len = 0;
775 bsi->bsi_join_where.bb_val.bv_val = NULL;
776 bsi->bsi_join_where.bb_val.bv_len = 0;
777 bsi->bsi_join_where.bb_len = 0;
778 bsi->bsi_flt_where.bb_val.bv_val = NULL;
779 bsi->bsi_flt_where.bb_val.bv_len = 0;
780 bsi->bsi_flt_where.bb_len = 0;
782 backsql_strfcat( &bsi->bsi_sel, "lbcbc",
783 (ber_len_t)sizeof( "SELECT DISTINCT ldap_entries.id," ) - 1,
784 "SELECT DISTINCT ldap_entries.id,",
785 &bsi->bsi_oc->bom_keytbl,
787 &bsi->bsi_oc->bom_keycol,
790 if ( bi->strcast_func.bv_val ) {
791 backsql_strfcat( &bsi->bsi_sel, "blbl",
793 (ber_len_t)sizeof( "('" /* ') */ ) - 1,
795 &bsi->bsi_oc->bom_oc->soc_cname,
796 (ber_len_t)sizeof( /* (' */ "')" ) - 1,
799 backsql_strfcat( &bsi->bsi_sel, "cbc",
801 &bsi->bsi_oc->bom_oc->soc_cname,
804 backsql_strfcat( &bsi->bsi_sel, "l",
805 (ber_len_t)sizeof( " AS objectClass,ldap_entries.dn AS dn" ) - 1,
806 " AS objectClass,ldap_entries.dn AS dn" );
808 backsql_strfcat( &bsi->bsi_from, "lb",
809 (ber_len_t)sizeof( " FROM ldap_entries," ) - 1,
810 " FROM ldap_entries,",
811 &bsi->bsi_oc->bom_keytbl );
813 backsql_strfcat( &bsi->bsi_join_where, "lbcbl",
814 (ber_len_t)sizeof( " WHERE " ) - 1, " WHERE ",
815 &bsi->bsi_oc->bom_keytbl,
817 &bsi->bsi_oc->bom_keycol,
818 (ber_len_t)sizeof( "=ldap_entries.keyval AND ldap_entries.oc_map_id=? AND " ) - 1,
819 "=ldap_entries.keyval AND ldap_entries.oc_map_id=? AND " );
821 switch ( bsi->bsi_scope ) {
822 case LDAP_SCOPE_BASE:
823 if ( bi->upper_func.bv_val ) {
824 backsql_strfcat( &bsi->bsi_join_where, "blbcb",
826 (ber_len_t)sizeof( "(ldap_entries.dn)=" ) - 1,
827 "(ldap_entries.dn)=",
828 &bi->upper_func_open,
830 &bi->upper_func_close );
832 backsql_strfcat( &bsi->bsi_join_where, "l",
833 (ber_len_t)sizeof( "ldap_entries.dn=?" ) - 1,
834 "ldap_entries.dn=?" );
838 case LDAP_SCOPE_ONELEVEL:
839 backsql_strfcat( &bsi->bsi_join_where, "l",
840 (ber_len_t)sizeof( "ldap_entries.parent=?" ) - 1,
841 "ldap_entries.parent=?" );
844 case LDAP_SCOPE_SUBTREE:
845 if ( bi->upper_func.bv_val ) {
846 backsql_strfcat( &bsi->bsi_join_where, "blbcb",
848 (ber_len_t)sizeof( "(ldap_entries.dn) LIKE " ) - 1,
849 "(ldap_entries.dn) LIKE ",
850 &bi->upper_func_open,
852 &bi->upper_func_close );
854 backsql_strfcat( &bsi->bsi_join_where, "l",
855 (ber_len_t)sizeof( "ldap_entries.dn LIKE ?" ) - 1,
856 "ldap_entries.dn LIKE ?" );
865 rc = backsql_process_filter( bsi, bsi->bsi_filter );
867 struct berbuf bb = BB_NULL;
869 backsql_strfcat( &bb, "bbblb",
870 &bsi->bsi_sel.bb_val,
871 &bsi->bsi_from.bb_val,
872 &bsi->bsi_join_where.bb_val,
873 (ber_len_t)sizeof( " AND " ) - 1, " AND ",
874 &bsi->bsi_flt_where.bb_val );
878 } else if ( rc < 0 ) {
880 * Indicates that there's no possible way the filter matches
881 * anything. No need to issue the query
883 free( query->bv_val );
884 query->bv_val = NULL;
887 free( bsi->bsi_sel.bb_val.bv_val );
888 bsi->bsi_sel.bb_val.bv_len = 0;
889 bsi->bsi_sel.bb_len = 0;
890 free( bsi->bsi_from.bb_val.bv_val );
891 bsi->bsi_from.bb_val.bv_len = 0;
892 bsi->bsi_from.bb_len = 0;
893 free( bsi->bsi_join_where.bb_val.bv_val );
894 bsi->bsi_join_where.bb_val.bv_len = 0;
895 bsi->bsi_join_where.bb_len = 0;
896 free( bsi->bsi_flt_where.bb_val.bv_val );
897 bsi->bsi_flt_where.bb_val.bv_len = 0;
898 bsi->bsi_flt_where.bb_len = 0;
900 Debug( LDAP_DEBUG_TRACE, "<==backsql_srch_query() returns %s\n",
901 query->bv_val ? query->bv_val : "NULL", 0, 0 );
903 return ( rc <= 0 ? 1 : 0 );
907 backsql_oc_get_candidates( void *v_oc, void *v_bsi )
909 backsql_oc_map_rec *oc = v_oc;
910 backsql_srch_info *bsi = v_bsi;
911 backsql_info *bi = (backsql_info *)bsi->bsi_op->o_bd->be_private;
915 backsql_entryID base_id, *c_id;
921 int n_candidates = bsi->bsi_n_candidates;
923 bsi->bsi_status = LDAP_SUCCESS;
925 Debug( LDAP_DEBUG_TRACE, "==>backsql_oc_get_candidates(): oc='%s'\n",
926 BACKSQL_OC_NAME( oc ), 0, 0 );
928 if ( bsi->bsi_n_candidates == -1 ) {
929 Debug( LDAP_DEBUG_TRACE, "backsql_oc_get_candidates(): "
930 "unchecked limit has been overcome\n", 0, 0, 0 );
931 /* should never get here */
933 bsi->bsi_status = LDAP_ADMINLIMIT_EXCEEDED;
938 res = backsql_srch_query( bsi, &query );
940 Debug( LDAP_DEBUG_TRACE, "backsql_oc_get_candidates(): "
941 "error while constructing query for objectclass '%s'\n",
942 oc->bom_oc->soc_cname.bv_val, 0, 0 );
944 * FIXME: need to separate errors from legally
947 switch ( bsi->bsi_status ) {
949 case LDAP_UNDEFINED_TYPE:
950 case LDAP_NO_SUCH_OBJECT:
951 /* we are conservative... */
953 bsi->bsi_status = LDAP_SUCCESS;
955 return BACKSQL_CONTINUE;
957 case LDAP_ADMINLIMIT_EXCEEDED:
959 /* don't try any more */
964 if ( query.bv_val == NULL ) {
965 Debug( LDAP_DEBUG_TRACE, "backsql_oc_get_candidates(): "
966 "could not construct query for objectclass '%s'\n",
967 oc->bom_oc->soc_cname.bv_val, 0, 0 );
968 bsi->bsi_status = LDAP_SUCCESS;
969 return BACKSQL_CONTINUE;
972 Debug( LDAP_DEBUG_TRACE, "Constructed query: %s\n",
973 query.bv_val, 0, 0 );
975 rc = backsql_Prepare( bsi->bsi_dbh, &sth, query.bv_val, 0 );
976 free( query.bv_val );
977 if ( rc != SQL_SUCCESS ) {
978 Debug( LDAP_DEBUG_TRACE, "backsql_oc_get_candidates(): "
979 "error preparing query\n", 0, 0, 0 );
980 backsql_PrintErrors( bi->db_env, bsi->bsi_dbh, sth, rc );
981 bsi->bsi_status = LDAP_OTHER;
982 return BACKSQL_CONTINUE;
985 Debug( LDAP_DEBUG_TRACE, "id: '%ld'\n", bsi->bsi_oc->bom_id, 0, 0 );
987 if ( backsql_BindParamID( sth, 1, &bsi->bsi_oc->bom_id ) != SQL_SUCCESS ) {
988 Debug( LDAP_DEBUG_TRACE, "backsql_oc_get_candidates(): "
989 "error binding objectclass id parameter\n", 0, 0, 0 );
990 bsi->bsi_status = LDAP_OTHER;
991 return BACKSQL_CONTINUE;
994 switch ( bsi->bsi_scope ) {
995 case LDAP_SCOPE_BASE:
996 Debug( LDAP_DEBUG_TRACE, "(base)dn: '%s'\n",
997 bsi->bsi_base_dn->bv_val, 0, 0 );
999 rc = backsql_BindParamStr( sth, 2, bsi->bsi_base_dn->bv_val,
1000 BACKSQL_MAX_DN_LEN );
1001 if ( rc != SQL_SUCCESS ) {
1002 Debug( LDAP_DEBUG_TRACE, "backsql_oc_get_candidates(): "
1003 "error binding base_dn parameter\n", 0, 0, 0 );
1004 backsql_PrintErrors( bi->db_env, bsi->bsi_dbh,
1006 bsi->bsi_status = LDAP_OTHER;
1007 return BACKSQL_CONTINUE;
1011 case LDAP_SCOPE_SUBTREE: {
1014 * + 1 because we need room for '%'; this makes a subtree
1015 * search for a DN BACKSQL_MAX_DN_LEN long legal
1016 * if it returns that DN only
1018 char temp_base_dn[ BACKSQL_MAX_DN_LEN + 1 + 1 ];
1021 * We do not accept DNs longer than BACKSQL_MAX_DN_LEN;
1022 * however this should be handled earlier
1024 assert( bsi->bsi_base_dn->bv_len <= BACKSQL_MAX_DN_LEN );
1027 * Sets the parameters for the SQL built earlier
1028 * NOTE that all the databases could actually use
1029 * the TimesTen version, which would be cleaner
1030 * and would also eliminate the need for the
1031 * subtree_cond line in the configuration file.
1032 * For now, I'm leaving it the way it is,
1033 * so non-TimesTen databases use the original code.
1034 * But at some point this should get cleaned up.
1036 * If "dn" is being used, do a suffix search.
1037 * If "dn_ru" is being used, do a prefix search.
1039 if ( BACKSQL_HAS_LDAPINFO_DN_RU( bi ) ) {
1040 temp_base_dn[ 0 ] = '\0';
1041 for ( i = 0, j = bsi->bsi_base_dn->bv_len - 1;
1043 temp_base_dn[ i ] = bsi->bsi_base_dn->bv_val[ j ];
1045 temp_base_dn[ i ] = '%';
1046 temp_base_dn[ i + 1 ] = '\0';
1049 temp_base_dn[ 0 ] = '%';
1050 AC_MEMCPY( &temp_base_dn[ 1 ], bsi->bsi_base_dn->bv_val,
1051 bsi->bsi_base_dn->bv_len + 1 );
1053 ldap_pvt_str2upper( temp_base_dn );
1055 Debug( LDAP_DEBUG_TRACE, "(sub)dn: '%s'\n", temp_base_dn,
1058 rc = backsql_BindParamStr( sth, 2, temp_base_dn,
1059 BACKSQL_MAX_DN_LEN );
1060 if ( rc != SQL_SUCCESS ) {
1061 Debug( LDAP_DEBUG_TRACE, "backsql_oc_get_candidates(): "
1062 "error binding base_dn parameter (2)\n",
1064 backsql_PrintErrors( bi->db_env, bsi->bsi_dbh,
1066 bsi->bsi_status = LDAP_OTHER;
1067 return BACKSQL_CONTINUE;
1072 case LDAP_SCOPE_ONELEVEL:
1073 res = backsql_dn2id( bi, &base_id,
1074 bsi->bsi_dbh, bsi->bsi_base_dn );
1075 if ( res != LDAP_SUCCESS ) {
1076 Debug( LDAP_DEBUG_TRACE, "backsql_oc_get_candidates(): "
1077 "could not retrieve base_dn id%s\n",
1078 res == LDAP_NO_SUCH_OBJECT ? ": no such entry"
1080 bsi->bsi_status = res;
1081 return BACKSQL_CONTINUE;
1084 Debug( LDAP_DEBUG_TRACE, "(one)id: '%lu'\n", base_id.id,
1087 rc = backsql_BindParamID( sth, 2, &base_id.id );
1088 backsql_free_entryID( &base_id, 0 );
1089 if ( rc != SQL_SUCCESS ) {
1090 Debug( LDAP_DEBUG_TRACE, "backsql_oc_get_candidates(): "
1091 "error binding base id parameter\n", 0, 0, 0 );
1092 bsi->bsi_status = LDAP_OTHER;
1093 return BACKSQL_CONTINUE;
1098 rc = SQLExecute( sth );
1099 if ( !BACKSQL_SUCCESS( rc ) ) {
1100 Debug( LDAP_DEBUG_TRACE, "backsql_oc_get_candidates(): "
1101 "error executing query\n", 0, 0, 0 );
1102 backsql_PrintErrors( bi->db_env, bsi->bsi_dbh, sth, rc );
1103 SQLFreeStmt( sth, SQL_DROP );
1104 bsi->bsi_status = LDAP_OTHER;
1105 return BACKSQL_CONTINUE;
1108 backsql_BindRowAsStrings( sth, &row );
1109 rc = SQLFetch( sth );
1110 for ( ; BACKSQL_SUCCESS( rc ); rc = SQLFetch( sth ) ) {
1111 c_id = (backsql_entryID *)ch_calloc( 1,
1112 sizeof( backsql_entryID ) );
1113 c_id->id = strtol( row.cols[ 0 ], NULL, 0 );
1114 c_id->keyval = strtol( row.cols[ 1 ], NULL, 0 );
1115 c_id->oc_id = bsi->bsi_oc->bom_id;
1116 ber_str2bv( row.cols[ 3 ], 0, 1, &c_id->dn );
1117 c_id->next = bsi->bsi_id_list;
1118 bsi->bsi_id_list = c_id;
1119 bsi->bsi_n_candidates--;
1121 Debug( LDAP_DEBUG_TRACE, "backsql_oc_get_candidates(): "
1122 "added entry id=%ld, keyval=%ld dn='%s'\n",
1123 c_id->id, c_id->keyval, row.cols[ 3 ] );
1125 if ( bsi->bsi_n_candidates == -1 ) {
1129 backsql_FreeRow( &row );
1130 SQLFreeStmt( sth, SQL_DROP );
1132 Debug( LDAP_DEBUG_TRACE, "<==backsql_oc_get_candidates(): %d\n",
1133 n_candidates - bsi->bsi_n_candidates, 0, 0 );
1135 return ( bsi->bsi_n_candidates == -1 ? BACKSQL_STOP : BACKSQL_CONTINUE );
1139 backsql_search( Operation *op, SlapReply *rs )
1141 backsql_info *bi = (backsql_info *)op->o_bd->be_private;
1146 time_t stoptime = 0;
1147 backsql_srch_info srch_info;
1148 backsql_entryID *eid = NULL;
1149 struct slap_limits_set *limit = NULL;
1152 manageDSAit = get_manageDSAit( op );
1154 Debug( LDAP_DEBUG_TRACE, "==>backsql_search(): "
1155 "base='%s', filter='%s', scope=%d,",
1156 op->o_req_ndn.bv_val,
1157 op->oq_search.rs_filterstr.bv_val,
1158 op->oq_search.rs_scope );
1159 Debug( LDAP_DEBUG_TRACE, " deref=%d, attrsonly=%d, "
1160 "attributes to load: %s\n",
1161 op->oq_search.rs_deref,
1162 op->oq_search.rs_attrsonly,
1163 op->oq_search.rs_attrs == NULL ? "all" : "custom list" );
1165 if ( op->o_req_ndn.bv_len > BACKSQL_MAX_DN_LEN ) {
1166 Debug( LDAP_DEBUG_TRACE, "backsql_search(): "
1167 "search base length (%ld) exceeds max length (%ld)\n",
1168 op->o_req_ndn.bv_len, BACKSQL_MAX_DN_LEN, 0 );
1170 * FIXME: a LDAP_NO_SUCH_OBJECT could be appropriate
1171 * since it is impossible that such a long DN exists
1174 rs->sr_err = LDAP_ADMINLIMIT_EXCEEDED;
1175 send_ldap_result( op, rs );
1179 sres = backsql_get_db_conn( op, &dbh );
1180 if ( sres != LDAP_SUCCESS ) {
1181 Debug( LDAP_DEBUG_TRACE, "backsql_search(): "
1182 "could not get connection handle - exiting\n",
1185 rs->sr_text = sres == LDAP_OTHER ? "SQL-backend error" : NULL;
1186 send_ldap_result( op, rs );
1190 /* if not root, get appropriate limits */
1191 if ( be_isroot( op->o_bd, &op->o_ndn ) ) {
1194 ( void ) get_limits( op, &op->o_ndn, &limit );
1197 /* The time/size limits come first because they require very little
1198 * effort, so there's no chance the candidates are selected and then
1199 * the request is not honored only because of time/size constraints */
1201 /* if no time limit requested, use soft limit (unless root!) */
1203 if ( op->oq_search.rs_tlimit == 0 ) {
1204 op->oq_search.rs_tlimit = -1; /* allow root to set no limit */
1207 if ( op->oq_search.rs_slimit == 0 ) {
1208 op->oq_search.rs_slimit = -1;
1212 /* if no limit is required, use soft limit */
1213 if ( op->oq_search.rs_tlimit <= 0 ) {
1214 op->oq_search.rs_tlimit = limit->lms_t_soft;
1216 /* if requested limit higher than hard limit, abort */
1217 } else if ( op->oq_search.rs_tlimit > limit->lms_t_hard ) {
1218 /* no hard limit means use soft instead */
1219 if ( limit->lms_t_hard == 0
1220 && limit->lms_t_soft > -1
1221 && op->oq_search.rs_tlimit > limit->lms_t_soft ) {
1222 op->oq_search.rs_tlimit = limit->lms_t_soft;
1224 /* positive hard limit means abort */
1225 } else if ( limit->lms_t_hard > 0 ) {
1226 rs->sr_err = LDAP_ADMINLIMIT_EXCEEDED;
1227 send_ldap_result( op, rs );
1231 /* negative hard limit means no limit */
1234 /* if no limit is required, use soft limit */
1235 if ( op->oq_search.rs_slimit <= 0 ) {
1236 op->oq_search.rs_slimit = limit->lms_s_soft;
1238 /* if requested limit higher than hard limit, abort */
1239 } else if ( op->oq_search.rs_slimit > limit->lms_s_hard ) {
1240 /* no hard limit means use soft instead */
1241 if ( limit->lms_s_hard == 0
1242 && limit->lms_s_soft > -1
1243 && op->oq_search.rs_slimit > limit->lms_s_soft ) {
1244 op->oq_search.rs_slimit = limit->lms_s_soft;
1246 /* positive hard limit means abort */
1247 } else if ( limit->lms_s_hard > 0 ) {
1248 rs->sr_err = LDAP_ADMINLIMIT_EXCEEDED;
1249 send_ldap_result( op, rs );
1253 /* negative hard limit means no limit */
1257 /* compute it anyway; root does not use it */
1258 stoptime = op->o_time + op->oq_search.rs_tlimit;
1260 backsql_init_search( &srch_info, &op->o_req_dn,
1261 op->oq_search.rs_scope,
1262 op->oq_search.rs_slimit, op->oq_search.rs_tlimit,
1263 stoptime, op->oq_search.rs_filter,
1264 dbh, op, op->oq_search.rs_attrs );
1267 * for each objectclass we try to construct query which gets IDs
1268 * of entries matching LDAP query filter and scope (or at least
1269 * candidates), and get the IDs
1271 srch_info.bsi_n_candidates = ( isroot ? -2 : limit->lms_s_unchecked == -1
1272 ? -2 : limit->lms_s_unchecked );
1273 avl_apply( bi->oc_by_oc, backsql_oc_get_candidates,
1274 &srch_info, BACKSQL_STOP, AVL_INORDER );
1275 if ( !isroot && limit->lms_s_unchecked != -1 ) {
1276 if ( srch_info.bsi_n_candidates == -1 ) {
1277 rs->sr_err = LDAP_ADMINLIMIT_EXCEEDED;
1278 send_ldap_result( op, rs );
1284 * now we load candidate entries (only those attributes
1285 * mentioned in attrs and filter), test it against full filter
1286 * and then send to client
1288 for ( eid = srch_info.bsi_id_list; eid != NULL;
1289 eid = backsql_free_entryID( eid, 1 ) ) {
1290 Attribute *hasSubordinate = NULL,
1293 /* check for abandon */
1294 if ( op->o_abandon ) {
1298 /* check time limit */
1299 if ( op->oq_search.rs_tlimit != -1 && slap_get_time() > stoptime ) {
1300 rs->sr_err = LDAP_TIMELIMIT_EXCEEDED;
1301 rs->sr_ctrls = NULL;
1302 rs->sr_ref = rs->sr_v2ref;
1303 rs->sr_err = (rs->sr_v2ref == NULL) ? LDAP_SUCCESS
1305 send_ldap_result( op, rs );
1309 Debug(LDAP_DEBUG_TRACE, "backsql_search(): loading data "
1310 "for entry id=%ld, oc_id=%ld, keyval=%ld\n",
1311 eid->id, eid->oc_id, eid->keyval );
1313 entry = (Entry *)ch_calloc( sizeof( Entry ), 1 );
1314 res = backsql_id2entry( &srch_info, entry, eid );
1315 if ( res == NULL ) {
1316 Debug( LDAP_DEBUG_TRACE, "backsql_search(): "
1317 "error in backsql_id2entry() "
1318 "- skipping entry\n", 0, 0, 0 );
1322 if ( !manageDSAit &&
1323 op->oq_search.rs_scope != LDAP_SCOPE_BASE &&
1324 is_entry_referral( entry ) ) {
1326 struct berval matched_dn;
1328 ber_dupbv( &matched_dn, &entry->e_name );
1329 refs = get_entry_referrals( op, entry );
1331 rs->sr_ref = referral_rewrite( refs,
1332 &matched_dn, &op->o_req_dn,
1333 op->oq_search.rs_scope );
1334 ber_bvarray_free( refs );
1337 if ( !rs->sr_ref ) {
1338 rs->sr_text = "bad_referral object";
1341 rs->sr_err = LDAP_REFERRAL;
1342 rs->sr_matched = matched_dn.bv_val;
1343 send_search_reference( op, rs );
1345 ber_bvarray_free( rs->sr_ref );
1347 ber_memfree( matched_dn.bv_val );
1348 rs->sr_matched = NULL;
1354 * We use this flag since we need to parse the filter
1355 * anyway; we should have used the frontend API function
1356 * filter_has_subordinates()
1358 if ( srch_info.bsi_flags & BSQL_SF_FILTER_HASSUBORDINATE ) {
1361 rc = backsql_has_children( bi, dbh, &entry->e_nname );
1364 case LDAP_COMPARE_TRUE:
1365 case LDAP_COMPARE_FALSE:
1366 hasSubordinate = slap_operational_hasSubordinate( rc == LDAP_COMPARE_TRUE );
1367 if ( hasSubordinate != NULL ) {
1368 for ( a = entry->e_attrs;
1372 a->a_next = hasSubordinate;
1378 Debug(LDAP_DEBUG_TRACE,
1379 "backsql_search(): "
1380 "has_children failed( %d)\n",
1391 if ( test_filter( op, entry, op->oq_search.rs_filter )
1392 == LDAP_COMPARE_TRUE ) {
1393 if ( hasSubordinate && !( srch_info.bsi_flags & BSQL_SF_ALL_OPER )
1394 && !ad_inlist( slap_schema.si_ad_hasSubordinates, op->oq_search.rs_attrs ) ) {
1396 attr_free( hasSubordinate );
1397 hasSubordinate = NULL;
1400 #if 0 /* noop is masked SLAP_CTRL_UPDATE */
1406 rs->sr_attrs = op->oq_search.rs_attrs;
1407 rs->sr_entry = entry;
1408 sres = send_search_entry( op, rs );
1409 rs->sr_entry = NULL;
1410 rs->sr_attrs = NULL;
1418 Debug( LDAP_DEBUG_TRACE, "backsql_search(): "
1419 "connection lost\n", 0, 0, 0 );
1424 * FIXME: send_search_entry failed;
1430 entry_free( entry );
1432 if ( op->oq_search.rs_slimit != -1
1433 && rs->sr_nentries >= op->oq_search.rs_slimit ) {
1434 rs->sr_err = LDAP_SIZELIMIT_EXCEEDED;
1435 send_ldap_result( op, rs );
1442 if ( rs->sr_nentries > 0 ) {
1443 rs->sr_ref = rs->sr_v2ref;
1444 rs->sr_err = (rs->sr_v2ref == NULL) ? LDAP_SUCCESS
1447 rs->sr_err = srch_info.bsi_status;
1449 send_ldap_result( op, rs );
1451 if ( rs->sr_v2ref ) {
1452 ber_bvarray_free( rs->sr_v2ref );
1453 rs->sr_v2ref = NULL;
1457 ch_free( srch_info.bsi_attrs );
1459 Debug( LDAP_DEBUG_TRACE, "<==backsql_search()\n", 0, 0, 0 );
1463 #endif /* SLAPD_SQL */