2 * Copyright 1999, Dmitry Kovalev <mit@openldap.org>, All rights reserved.
4 * Redistribution and use in source and binary forms are permitted only
5 * as authorized by the OpenLDAP Public License. A copy of this
6 * license is available at http://www.OpenLDAP.org/license.html or
7 * in file LICENSE in the top-level directory of the distribution.
15 #include <sys/types.h>
16 #include "ac/string.h"
22 #include "schema-map.h"
26 #define BACKSQL_STOP 0
27 #define BACKSQL_CONTINUE 1
29 static int backsql_process_filter( backsql_srch_info *bsi, Filter *f );
32 backsql_attrlist_add( backsql_srch_info *bsi, AttributeDescription *ad )
35 AttributeName *an = NULL;
37 if ( bsi->attrs == NULL ) {
42 * clear the list (retrieve all attrs)
45 ch_free( bsi->attrs );
50 for ( ; bsi->attrs[ n_attrs ].an_name.bv_val; n_attrs++ ) {
51 an = &bsi->attrs[ n_attrs ];
53 Debug( LDAP_DEBUG_TRACE, "==>backsql_attrlist_add(): "
54 "attribute '%s' is in list\n",
55 an->an_name.bv_val, 0, 0 );
57 * We can live with strcmp because the attribute
58 * list has been normalized before calling be_search
60 if ( !BACKSQL_NCMP( &an->an_name, &ad->ad_cname ) ) {
65 Debug( LDAP_DEBUG_TRACE, "==>backsql_attrlist_add(): "
66 "adding '%s' to list\n", ad->ad_cname.bv_val, 0, 0 );
68 an = (AttributeName *)ch_realloc( bsi->attrs,
69 sizeof( AttributeName ) * ( n_attrs + 2 ) );
74 an[ n_attrs ].an_name = ad->ad_cname;
75 an[ n_attrs ].an_desc = ad;
76 an[ n_attrs + 1 ].an_name.bv_val = NULL;
77 an[ n_attrs + 1 ].an_name.bv_len = 0;
86 backsql_srch_info *bsi,
98 AttributeName *attrs )
102 bsi->base_dn = nbase;
104 bsi->slimit = slimit;
105 bsi->tlimit = tlimit;
106 bsi->filter = filter;
116 if ( attrs == NULL || an_find( attrs, &AllUser ) ) {
120 bsi->attrs = (AttributeName *)ch_calloc( 1,
121 sizeof( AttributeName ) );
122 bsi->attrs[ 0 ].an_name.bv_val = NULL;
123 bsi->attrs[ 0 ].an_name.bv_len = 0;
125 for ( p = attrs; p->an_name.bv_val; p++ ) {
127 * ignore "1.1"; handle "+"
129 if ( BACKSQL_NCMP( &p->an_name, &AllOper ) == 0 ) {
130 bsi->bsi_flags |= BSQL_SF_ALL_OPER;
133 } else if ( BACKSQL_NCMP( &p->an_name, &NoAttrs ) == 0 ) {
137 backsql_attrlist_add( bsi, p->an_desc );
143 bsi->n_candidates = 0;
144 bsi->stoptime = stoptime;
146 bsi->sel.bv_val = NULL;
149 bsi->from.bv_val = NULL;
150 bsi->from.bv_len = 0;
152 bsi->join_where.bv_val = NULL;
153 bsi->join_where.bv_len = 0;
155 bsi->flt_where.bv_val = NULL;
156 bsi->flt_where.bv_len = 0;
159 bsi->status = LDAP_SUCCESS;
163 backsql_process_filter_list( backsql_srch_info *bsi, Filter *f, int op )
171 backsql_strfcat( &bsi->flt_where, &bsi->fwhere_len, "c", '(' /* ) */ );
174 res = backsql_process_filter( bsi, f );
177 * TimesTen : If the query has no answers,
178 * don't bother to run the query.
189 case LDAP_FILTER_AND:
190 backsql_strfcat( &bsi->flt_where, &bsi->fwhere_len, "l",
191 (ber_len_t)sizeof( " AND " ) - 1,
196 backsql_strfcat( &bsi->flt_where, &bsi->fwhere_len, "l",
197 (ber_len_t)sizeof( " OR " ) - 1,
203 backsql_strfcat( &bsi->flt_where, &bsi->fwhere_len, "c", /* ( */ ')' );
209 backsql_process_sub_filter( backsql_srch_info *bsi, Filter *f )
212 backsql_at_map_rec *at;
218 at = backsql_ad2at( bsi->oc, f->f_sub_desc );
223 * When dealing with case-sensitive strings
224 * we may omit normalization; however, normalized
225 * SQL filters are more liberal.
228 backsql_strfcat( &bsi->flt_where, &bsi->fwhere_len, "c", '(' /* ) */ );
231 Debug( LDAP_DEBUG_TRACE, "expr: '%s' '%s'\n", at->sel_expr.bv_val,
232 at->sel_expr_u.bv_val ? at->sel_expr_u.bv_val : "<NULL>", 0 );
233 if ( bsi->bi->upper_func.bv_val ) {
235 * If a pre-upper-cased version of the column exists, use it
237 if ( at->sel_expr_u.bv_val ) {
238 backsql_strfcat( &bsi->flt_where, &bsi->fwhere_len,
241 (ber_len_t)sizeof( " LIKE '" ) - 1,
244 backsql_strfcat( &bsi->flt_where, &bsi->fwhere_len,
246 &bsi->bi->upper_func,
250 (ber_len_t)sizeof( " LIKE '" ) - 1,
254 backsql_strfcat( &bsi->flt_where, &bsi->fwhere_len, "bl",
256 (ber_len_t)sizeof( " LIKE '" ) - 1, " LIKE '" );
259 if ( f->f_sub_initial.bv_val != NULL ) {
262 start = bsi->flt_where.bv_len;
263 backsql_strfcat( &bsi->flt_where, &bsi->fwhere_len, "b",
265 if ( bsi->bi->upper_func.bv_val ) {
266 ldap_pvt_str2upper( &bsi->flt_where.bv_val[ start ] );
270 backsql_strfcat( &bsi->flt_where, &bsi->fwhere_len, "c", '%' );
272 if ( f->f_sub_any != NULL ) {
273 for ( i = 0; f->f_sub_any[ i ].bv_val != NULL; i++ ) {
277 Debug( LDAP_DEBUG_TRACE,
278 "==>backsql_process_sub_filter(): "
279 "sub_any='%s'\n", f->f_sub_any[ i ].bv_val,
281 #endif /* BACKSQL_TRACE */
283 start = bsi->flt_where.bv_len;
284 backsql_strfcat( &bsi->flt_where, &bsi->fwhere_len,
288 if ( bsi->bi->upper_func.bv_val ) {
290 * Note: toupper('%') = '%'
292 ldap_pvt_str2upper( &bsi->flt_where.bv_val[ start ] );
296 if ( f->f_sub_final.bv_val != NULL ) {
299 start = bsi->flt_where.bv_len;
300 backsql_strfcat( &bsi->flt_where, &bsi->fwhere_len, "b",
302 if ( bsi->bi->upper_func.bv_val ) {
303 ldap_pvt_str2upper( &bsi->flt_where.bv_val[ start ] );
308 backsql_strfcat( &bsi->flt_where, &bsi->fwhere_len, "l",
309 (ber_len_t)sizeof( /* (' */ "')" ) - 1, /* ( */ "')" );
315 backsql_process_filter( backsql_srch_info *bsi, Filter *f )
317 backsql_at_map_rec *at;
318 backsql_at_map_rec oc_attr = {
319 slap_schema.si_ad_objectClass, BER_BVC(""), BER_BVC(""),
320 BER_BVNULL, NULL, NULL, NULL };
321 AttributeDescription *ad = NULL;
326 struct berval *filter_value = NULL;
328 Debug( LDAP_DEBUG_TRACE, "==>backsql_process_filter()\n", 0, 0, 0 );
329 if ( f == NULL || f->f_choice == SLAPD_FILTER_COMPUTED ) {
333 switch( f->f_choice ) {
335 rc = backsql_process_filter_list( bsi, f->f_or,
340 case LDAP_FILTER_AND:
341 rc = backsql_process_filter_list( bsi, f->f_and,
346 case LDAP_FILTER_NOT:
347 backsql_strfcat( &bsi->flt_where, &bsi->fwhere_len, "l",
348 (ber_len_t)sizeof( "NOT (" /* ) */ ) - 1,
350 rc = backsql_process_filter( bsi, f->f_not );
351 backsql_strfcat( &bsi->flt_where, &bsi->fwhere_len, "c",
356 case LDAP_FILTER_PRESENT:
360 case LDAP_FILTER_EXT:
361 ad = f->f_mra->ma_desc;
370 /* TimesTen : Don't run the query */
379 * Turn structuralObjectClass into objectClass
381 if ( ad == slap_schema.si_ad_objectClass
382 || ad == slap_schema.si_ad_structuralObjectClass ) {
384 backsql_strfcat( &at->sel_expr, &len, "cbc",
386 &bsi->oc->oc->soc_cname,
389 } else if ( ad == slap_schema.si_ad_hasSubordinates || ad == NULL ) {
391 * FIXME: this is not robust; e.g. a filter
392 * '(!(hasSubordinates=TRUE))' fails because
393 * in SQL it would read 'NOT (1=1)' instead
395 * Note however that hasSubordinates is boolean,
396 * so a more appropriate filter would be
397 * '(hasSubordinates=FALSE)'
399 backsql_strfcat( &bsi->flt_where, &bsi->fwhere_len, "l",
400 (ber_len_t)sizeof( "1=1" ) - 1, "1=1" );
401 if ( ad == slap_schema.si_ad_hasSubordinates ) {
403 * We use this flag since we need to parse
404 * the filter anyway; we should have used
405 * the frontend API function
406 * filter_has_subordinates()
408 bsi->bsi_flags |= BSQL_SF_FILTER_HASSUBORDINATE;
412 * clear attributes to fetch, to require ALL
413 * and try extended match on all attributes
415 backsql_attrlist_add( bsi, NULL );
420 at = backsql_ad2at( bsi->oc, ad );
424 Debug( LDAP_DEBUG_TRACE, "backsql_process_filter(): "
425 "attribute '%s' is not defined for objectclass '%s'\n",
426 ad->ad_cname.bv_val, BACKSQL_OC_NAME( bsi->oc ), 0 );
427 backsql_strfcat( &bsi->flt_where, &bsi->fwhere_len, "l",
428 (ber_len_t)sizeof( "1=0" ) - 1, "1=0" );
432 backsql_merge_from_clause( &bsi->from, &bsi->from_len,
435 * need to add this attribute to list of attrs to load,
436 * so that we could do test_filter() later
438 backsql_attrlist_add( bsi, ad );
440 if ( at->join_where.bv_val != NULL
441 && strstr( bsi->join_where.bv_val, at->join_where.bv_val ) == NULL ) {
442 backsql_strfcat( &bsi->join_where, &bsi->jwhere_len, "lb",
443 (ber_len_t)sizeof( " AND " ) - 1, " AND ",
449 * FIXME: this is not required any more; however, note that
450 * attribute name syntax might collide with SQL legal aliases
452 if ( at != &oc_attr ) {
453 backsql_strfcat( &bsi->sel, &bsi->sel_len, "cblb",
456 (ber_len_t)sizeof( " AS " ) - 1, " AS ",
461 switch ( f->f_choice ) {
462 case LDAP_FILTER_EQUALITY:
463 filter_value = &f->f_av_value;
466 /* fail over next case */
468 case LDAP_FILTER_EXT:
469 filter_value = &f->f_mra->ma_value;
473 * maybe we should check type of at->sel_expr here somehow,
474 * to know whether upper_func is applicable, but for now
475 * upper_func stuff is made for Oracle, where UPPER is
476 * safely applicable to NUMBER etc.
478 if ( bsi->bi->upper_func.bv_val ) {
481 if ( at->sel_expr_u.bv_val ) {
482 backsql_strfcat( &bsi->flt_where,
483 &bsi->fwhere_len, "cbl",
486 (ber_len_t)sizeof( "='" ) - 1,
489 backsql_strfcat( &bsi->flt_where,
490 &bsi->fwhere_len, "cbcbl",
492 &bsi->bi->upper_func,
495 (ber_len_t)sizeof( /* ( */ ")='" ) - 1,
499 start = bsi->flt_where.bv_len;
501 backsql_strfcat( &bsi->flt_where, &bsi->fwhere_len,
504 (ber_len_t)sizeof( /* (' */ "')" ) - 1,
507 ldap_pvt_str2upper( &bsi->flt_where.bv_val[ start ] );
510 backsql_strfcat( &bsi->flt_where, &bsi->fwhere_len,
514 (ber_len_t)sizeof( "='" ) - 1, "='",
516 (ber_len_t)sizeof( /* (' */ "')" ) - 1,
523 * FIXME: should we uppercase the operands?
525 backsql_strfcat( &bsi->flt_where, &bsi->fwhere_len, "cblbc",
528 (ber_len_t)sizeof( ">=" ) - 1, ">=",
535 * FIXME: should we uppercase the operands?
537 backsql_strfcat( &bsi->flt_where, &bsi->fwhere_len, "cblbc",
540 (ber_len_t)sizeof( "<=" ) - 1, "<=",
545 case LDAP_FILTER_PRESENT:
546 backsql_strfcat( &bsi->flt_where, &bsi->fwhere_len, "lbl",
547 (ber_len_t)sizeof( "NOT (" ) - 1, "NOT (",
549 (ber_len_t)sizeof( " IS NULL)" ) - 1, " IS NULL)" );
552 case LDAP_FILTER_SUBSTRINGS:
553 backsql_process_sub_filter( bsi, f );
556 case LDAP_FILTER_APPROX:
560 * maybe we should check type of at->sel_expr here somehow,
561 * to know whether upper_func is applicable, but for now
562 * upper_func stuff is made for Oracle, where UPPER is
563 * safely applicable to NUMBER etc.
565 if ( bsi->bi->upper_func.bv_val ) {
568 if ( at->sel_expr_u.bv_val ) {
569 backsql_strfcat( &bsi->flt_where,
570 &bsi->fwhere_len, "cbl",
573 (ber_len_t)sizeof( " LIKE '%" ) - 1,
576 backsql_strfcat( &bsi->flt_where,
577 &bsi->fwhere_len, "cbcbl",
579 &bsi->bi->upper_func,
582 (ber_len_t)sizeof( /* ( */ ") LIKE '%" ) - 1,
583 /* ( */ ") LIKE '%" );
586 start = bsi->flt_where.bv_len;
588 backsql_strfcat( &bsi->flt_where, &bsi->fwhere_len,
591 (ber_len_t)sizeof( /* (' */ "%')" ) - 1,
594 ldap_pvt_str2upper( &bsi->flt_where.bv_val[ start ] );
597 backsql_strfcat( &bsi->flt_where, &bsi->fwhere_len,
601 (ber_len_t)sizeof( " LIKE '%" ) - 1,
604 (ber_len_t)sizeof( /* (' */ "%')" ) - 1,
610 /* unhandled filter type; should not happen */
612 backsql_strfcat( &bsi->flt_where, &bsi->fwhere_len, "l",
613 (ber_len_t)sizeof( "1=1" ) - 1, "1=1" );
619 if ( oc_attr.sel_expr.bv_val != NULL ) {
620 free( oc_attr.sel_expr.bv_val );
623 Debug( LDAP_DEBUG_TRACE, "<==backsql_process_filter()\n", 0, 0, 0 );
627 if ( oc_attr.sel_expr.bv_val != NULL ) {
628 free( oc_attr.sel_expr.bv_val );
630 Debug( LDAP_DEBUG_TRACE, "<==backsql_process_filter() returns -1\n",
636 backsql_srch_query( backsql_srch_info *bsi, struct berval *query )
638 backsql_info *bi = (backsql_info *)bsi->be->be_private;
643 query->bv_val = NULL;
646 Debug( LDAP_DEBUG_TRACE, "==>backsql_srch_query()\n", 0, 0, 0 );
647 bsi->sel.bv_val = NULL;
650 bsi->from.bv_val = NULL;
651 bsi->from.bv_len = 0;
653 bsi->join_where.bv_val = NULL;
654 bsi->join_where.bv_len = 0;
656 bsi->flt_where.bv_val = NULL;
657 bsi->flt_where.bv_len = 0;
662 * FIXME: this query has been split in case a string cast function
663 * is defined; more sophisticated (pattern based) function should
666 backsql_strcat( &bsi->sel, &bsi->sel_len,
667 "SELECT DISTINCT ldap_entries.id,",
668 bsi->oc->keytbl.bv_val, ".", bsi->oc->keycol.bv_val,
669 ",'", bsi->oc->name.bv_val, "' AS objectClass",
670 ",ldap_entries.dn AS dn", NULL );
673 backsql_strfcat( &bsi->sel, &bsi->sel_len, "lbcbc",
674 (ber_len_t)sizeof( "SELECT DISTINCT ldap_entries.id," ) - 1,
675 "SELECT DISTINCT ldap_entries.id,",
681 if ( bi->strcast_func.bv_val ) {
682 backsql_strfcat( &bsi->sel, &bsi->sel_len, "blbl",
684 (ber_len_t)sizeof( "('" /* ') */ ) - 1,
686 &bsi->oc->oc->soc_cname,
687 (ber_len_t)sizeof( /* (' */ "')" ) - 1,
690 backsql_strfcat( &bsi->sel, &bsi->sel_len, "cbc",
692 &bsi->oc->oc->soc_cname,
695 backsql_strfcat( &bsi->sel, &bsi->sel_len, "l",
696 (ber_len_t)sizeof( " AS objectClass,ldap_entries.dn AS dn" ) - 1,
697 " AS objectClass,ldap_entries.dn AS dn" );
699 backsql_strfcat( &bsi->from, &bsi->from_len, "lb",
700 (ber_len_t)sizeof( " FROM ldap_entries," ) - 1,
701 " FROM ldap_entries,",
704 backsql_strfcat( &bsi->join_where, &bsi->jwhere_len, "lbcbl",
705 (ber_len_t)sizeof( " WHERE " ) - 1, " WHERE ",
709 (ber_len_t)sizeof( "=ldap_entries.keyval AND ldap_entries.oc_map_id=? AND " ) - 1,
710 "=ldap_entries.keyval AND ldap_entries.oc_map_id=? AND " );
712 switch ( bsi->scope ) {
713 case LDAP_SCOPE_BASE:
714 if ( bsi->bi->upper_func.bv_val ) {
715 backsql_strfcat( &bsi->join_where, &bsi->jwhere_len,
717 &bsi->bi->upper_func,
718 (ber_len_t)sizeof( "(ldap_entries.dn)=" ) - 1,
719 "(ldap_entries.dn)=",
720 &bsi->bi->upper_func_open,
722 &bsi->bi->upper_func_close );
724 backsql_strfcat( &bsi->join_where, &bsi->jwhere_len,
726 (ber_len_t)sizeof( "ldap_entries.dn=?" ) - 1,
727 "ldap_entries.dn=?" );
731 case LDAP_SCOPE_ONELEVEL:
732 backsql_strfcat( &bsi->join_where, &bsi->jwhere_len, "l",
733 (ber_len_t)sizeof( "ldap_entries.parent=?" ) - 1,
734 "ldap_entries.parent=?" );
737 case LDAP_SCOPE_SUBTREE:
738 if ( bsi->bi->upper_func.bv_val ) {
739 backsql_strfcat( &bsi->join_where, &bsi->jwhere_len,
741 &bsi->bi->upper_func,
742 (ber_len_t)sizeof( "(ldap_entries.dn) LIKE " ) - 1,
743 "(ldap_entries.dn) LIKE ",
744 &bsi->bi->upper_func_open,
746 &bsi->bi->upper_func_close );
748 backsql_strfcat( &bsi->join_where, &bsi->jwhere_len,
750 (ber_len_t)sizeof( "ldap_entries.dn LIKE ?" ) - 1,
751 "ldap_entries.dn LIKE ?" );
755 backsql_strfcat( &bsi->join_where, &bsi->jwhere_len, "b",
756 &bsi->bi->subtree_cond );
764 rc = backsql_process_filter( bsi, bsi->filter );
766 backsql_strfcat( query, &q_len, "bbblb",
770 (ber_len_t)sizeof( " AND " ) - 1, " AND ",
773 } else if ( rc < 0 ) {
775 * Indicates that there's no possible way the filter matches
776 * anything. No need to issue the query
778 Debug( LDAP_DEBUG_TRACE,
779 "<==backsql_srch_query() returns NULL\n", 0, 0, 0 );
780 free( query->bv_val );
781 query->bv_val = NULL;
784 free( bsi->sel.bv_val );
787 free( bsi->from.bv_val );
788 bsi->from.bv_len = 0;
790 free( bsi->join_where.bv_val );
791 bsi->join_where.bv_len = 0;
793 free( bsi->flt_where.bv_val );
794 bsi->flt_where.bv_len = 0;
797 Debug( LDAP_DEBUG_TRACE, "<==backsql_srch_query()\n", 0, 0, 0 );
799 return ( query->bv_val == NULL ? 1 : 0 );
803 backsql_oc_get_candidates( void *v_oc, void *v_bsi )
805 backsql_oc_map_rec *oc = v_oc;
806 backsql_srch_info *bsi = v_bsi;
810 backsql_entryID base_id, *c_id;
816 Debug( LDAP_DEBUG_TRACE, "==>backsql_oc_get_candidates(): oc='%s'\n",
817 BACKSQL_OC_NAME( oc ), 0, 0 );
819 if ( bsi->n_candidates == -1 ) {
820 Debug( LDAP_DEBUG_TRACE, "backsql_oc_get_candidates(): "
821 "unchecked limit has been overcome\n", 0, 0, 0 );
822 /* should never get here */
828 if ( backsql_srch_query( bsi, &query ) ) {
829 Debug( LDAP_DEBUG_TRACE, "backsql_oc_get_candidates(): "
830 "could not construct query for objectclass\n",
832 return BACKSQL_CONTINUE;
835 Debug( LDAP_DEBUG_TRACE, "Constructed query: %s\n",
836 query.bv_val, 0, 0 );
838 rc = backsql_Prepare( bsi->dbh, &sth, query.bv_val, 0 );
839 free( query.bv_val );
840 if ( rc != SQL_SUCCESS ) {
841 Debug( LDAP_DEBUG_TRACE, "backsql_oc_get_candidates(): "
842 "error preparing query\n", 0, 0, 0 );
843 backsql_PrintErrors( bsi->bi->db_env, bsi->dbh, sth, rc );
844 return BACKSQL_CONTINUE;
847 if ( backsql_BindParamID( sth, 1, &bsi->oc->id ) != SQL_SUCCESS ) {
848 Debug( LDAP_DEBUG_TRACE, "backsql_oc_get_candidates(): "
849 "error binding objectclass id parameter\n", 0, 0, 0 );
850 return BACKSQL_CONTINUE;
853 switch ( bsi->scope ) {
854 case LDAP_SCOPE_BASE:
855 rc = backsql_BindParamStr( sth, 2, bsi->base_dn->bv_val,
856 BACKSQL_MAX_DN_LEN );
857 if ( rc != SQL_SUCCESS ) {
858 Debug( LDAP_DEBUG_TRACE, "backsql_oc_get_candidates(): "
859 "error binding base_dn parameter\n", 0, 0, 0 );
860 backsql_PrintErrors( bsi->bi->db_env, bsi->dbh,
862 return BACKSQL_CONTINUE;
866 case LDAP_SCOPE_SUBTREE: {
869 * + 1 because we need room for '%'; this makes a subtree
870 * search for a DN BACKSQL_MAX_DN_LEN long legal
871 * if it returns that DN only
873 char temp_base_dn[ BACKSQL_MAX_DN_LEN + 1 + 1 ];
876 * We do not accept DNs longer than BACKSQL_MAX_DN_LEN;
877 * however this should be handled earlier
879 assert( bsi->base_dn->bv_len <= BACKSQL_MAX_DN_LEN );
882 * Sets the parameters for the SQL built earlier
883 * NOTE that all the databases could actually use
884 * the TimesTen version, which would be cleaner
885 * and would also eliminate the need for the
886 * subtree_cond line in the configuration file.
887 * For now, I'm leaving it the way it is,
888 * so non-TimesTen databases use the original code.
889 * But at some point this should get cleaned up.
891 * If "dn" is being used, do a suffix search.
892 * If "dn_ru" is being used, do a prefix search.
894 if ( BACKSQL_HAS_LDAPINFO_DN_RU( bsi->bi ) ) {
895 temp_base_dn[ 0 ] = '\0';
896 for ( i = 0, j = bsi->base_dn->bv_len - 1;
898 temp_base_dn[ i ] = bsi->base_dn->bv_val[ j ];
900 temp_base_dn[ i ] = '%';
901 temp_base_dn[ i + 1 ] = '\0';
902 ldap_pvt_str2upper( temp_base_dn );
905 temp_base_dn[ 0 ] = '%';
906 AC_MEMCPY( &temp_base_dn[ 1 ], bsi->base_dn->bv_val,
907 bsi->base_dn->bv_len + 1 );
908 ldap_pvt_str2upper( &temp_base_dn[ 1 ] );
911 Debug( LDAP_DEBUG_TRACE, "dn '%s'\n", temp_base_dn, 0, 0 );
913 rc = backsql_BindParamStr( sth, 2, temp_base_dn,
914 BACKSQL_MAX_DN_LEN );
915 if ( rc != SQL_SUCCESS ) {
916 Debug( LDAP_DEBUG_TRACE, "backsql_oc_get_candidates(): "
917 "error binding base_dn parameter (2)\n",
919 backsql_PrintErrors( bsi->bi->db_env, bsi->dbh,
921 return BACKSQL_CONTINUE;
926 case LDAP_SCOPE_ONELEVEL:
927 res = backsql_dn2id( bsi->bi, &base_id,
928 bsi->dbh, bsi->base_dn );
929 if ( res != LDAP_SUCCESS ) {
930 Debug( LDAP_DEBUG_TRACE, "backsql_oc_get_candidates(): "
931 "could not retrieve base_dn id%s\n",
932 res == LDAP_NO_SUCH_OBJECT ? ": no such entry"
935 return BACKSQL_CONTINUE;
938 rc = backsql_BindParamID( sth, 2, &base_id.id );
939 backsql_free_entryID( &base_id, 0 );
940 if ( rc != SQL_SUCCESS ) {
941 Debug( LDAP_DEBUG_TRACE, "backsql_oc_get_candidates(): "
942 "error binding base id parameter\n", 0, 0, 0 );
943 return BACKSQL_CONTINUE;
948 rc = SQLExecute( sth );
949 if ( !BACKSQL_SUCCESS( rc ) ) {
950 Debug( LDAP_DEBUG_TRACE, "backsql_oc_get_candidates(): "
951 "error executing query\n", 0, 0, 0 );
952 backsql_PrintErrors( bsi->bi->db_env, bsi->dbh, sth, rc );
953 SQLFreeStmt( sth, SQL_DROP );
954 return BACKSQL_CONTINUE;
957 backsql_BindRowAsStrings( sth, &row );
958 rc = SQLFetch( sth );
959 for ( ; BACKSQL_SUCCESS( rc ); rc = SQLFetch( sth ) ) {
960 c_id = (backsql_entryID *)ch_calloc( 1,
961 sizeof( backsql_entryID ) );
962 c_id->id = strtol( row.cols[ 0 ], NULL, 0 );
963 c_id->keyval = strtol( row.cols[ 1 ], NULL, 0 );
964 c_id->oc_id = bsi->oc->id;
965 ber_str2bv( row.cols[ 3 ], 0, 1, &c_id->dn );
966 c_id->next = bsi->id_list;
970 Debug( LDAP_DEBUG_TRACE, "backsql_oc_get_candidates(): "
971 "added entry id=%ld, keyval=%ld dn='%s'\n",
972 c_id->id, c_id->keyval, row.cols[ 3 ] );
974 if ( bsi->n_candidates == -1 ) {
978 backsql_FreeRow( &row );
979 SQLFreeStmt( sth, SQL_DROP );
981 Debug( LDAP_DEBUG_TRACE, "<==backsql_oc_get_candidates()\n", 0, 0, 0 );
983 return ( bsi->n_candidates == -1 ? BACKSQL_STOP : BACKSQL_CONTINUE );
987 backsql_search( Operation *op, SlapReply *rs )
993 struct berval *nbase,
999 struct berval *filterstr,
1000 AttributeName *attrs,
1003 backsql_info *bi = (backsql_info *)op->o_bd->be_private;
1008 time_t stoptime = 0;
1009 backsql_srch_info srch_info;
1010 backsql_entryID *eid = NULL;
1011 struct slap_limits_set *limit = NULL;
1014 manageDSAit = get_manageDSAit( op );
1016 Debug( LDAP_DEBUG_TRACE, "==>backsql_search(): "
1017 "base='%s', filter='%s', scope=%d,",
1018 op->o_req_ndn.bv_val,
1019 op->oq_search.rs_filterstr.bv_val,
1020 op->oq_search.rs_scope );
1021 Debug( LDAP_DEBUG_TRACE, " deref=%d, attrsonly=%d, "
1022 "attributes to load: %s\n",
1023 op->oq_search.rs_deref,
1024 op->oq_search.rs_attrsonly,
1025 op->oq_search.rs_attrs == NULL ? "all" : "custom list" );
1027 if ( op->o_req_ndn.bv_len > BACKSQL_MAX_DN_LEN ) {
1028 Debug( LDAP_DEBUG_TRACE, "backsql_search(): "
1029 "search base length (%ld) exceeds max length (%ld)\n",
1030 op->o_req_ndn.bv_len, BACKSQL_MAX_DN_LEN, 0 );
1032 * FIXME: a LDAP_NO_SUCH_OBJECT could be appropriate
1033 * since it is impossible that such a long DN exists
1036 rs->sr_err = LDAP_ADMINLIMIT_EXCEEDED;
1037 send_ldap_result( op, rs );
1041 sres = backsql_get_db_conn( op, &dbh );
1042 if ( sres != LDAP_SUCCESS ) {
1043 Debug( LDAP_DEBUG_TRACE, "backsql_search(): "
1044 "could not get connection handle - exiting\n",
1047 rs->sr_text = sres == LDAP_OTHER ? "SQL-backend error" : NULL;
1048 send_ldap_result( op, rs );
1052 /* TimesTen : Pass it along to the lower level routines */
1053 srch_info.use_reverse_dn = BACKSQL_USE_REVERSE_DN( bi );
1055 /* if not root, get appropriate limits */
1056 if ( be_isroot( op->o_bd, &op->o_ndn ) ) {
1059 ( void ) get_limits( op->o_bd, &op->o_ndn, &limit );
1062 /* The time/size limits come first because they require very little
1063 * effort, so there's no chance the candidates are selected and then
1064 * the request is not honored only because of time/size constraints */
1066 /* if no time limit requested, use soft limit (unless root!) */
1068 if ( op->oq_search.rs_tlimit == 0 ) {
1069 op->oq_search.rs_tlimit = -1; /* allow root to set no limit */
1072 if ( op->oq_search.rs_slimit == 0 ) {
1073 op->oq_search.rs_slimit = -1;
1077 /* if no limit is required, use soft limit */
1078 if ( op->oq_search.rs_tlimit <= 0 ) {
1079 op->oq_search.rs_tlimit = limit->lms_t_soft;
1081 /* if requested limit higher than hard limit, abort */
1082 } else if ( op->oq_search.rs_tlimit > limit->lms_t_hard ) {
1083 /* no hard limit means use soft instead */
1084 if ( limit->lms_t_hard == 0
1085 && limit->lms_t_soft > -1
1086 && op->oq_search.rs_tlimit > limit->lms_t_soft ) {
1087 op->oq_search.rs_tlimit = limit->lms_t_soft;
1089 /* positive hard limit means abort */
1090 } else if ( limit->lms_t_hard > 0 ) {
1091 rs->sr_err = LDAP_ADMINLIMIT_EXCEEDED;
1092 send_ldap_result( op, rs );
1096 /* negative hard limit means no limit */
1099 /* if no limit is required, use soft limit */
1100 if ( op->oq_search.rs_slimit <= 0 ) {
1101 op->oq_search.rs_slimit = limit->lms_s_soft;
1103 /* if requested limit higher than hard limit, abort */
1104 } else if ( op->oq_search.rs_slimit > limit->lms_s_hard ) {
1105 /* no hard limit means use soft instead */
1106 if ( limit->lms_s_hard == 0
1107 && limit->lms_s_soft > -1
1108 && op->oq_search.rs_slimit > limit->lms_s_soft ) {
1109 op->oq_search.rs_slimit = limit->lms_s_soft;
1111 /* positive hard limit means abort */
1112 } else if ( limit->lms_s_hard > 0 ) {
1113 rs->sr_err = LDAP_ADMINLIMIT_EXCEEDED;
1114 send_ldap_result( op, rs );
1118 /* negative hard limit means no limit */
1122 /* compute it anyway; root does not use it */
1123 stoptime = op->o_time + op->oq_search.rs_tlimit;
1125 backsql_init_search( &srch_info, bi, &op->o_req_dn,
1126 op->oq_search.rs_scope,
1127 op->oq_search.rs_slimit, op->oq_search.rs_tlimit,
1128 stoptime, op->oq_search.rs_filter,
1129 dbh, op->o_bd, op->o_conn, op,
1130 op->oq_search.rs_attrs );
1133 * for each objectclass we try to construct query which gets IDs
1134 * of entries matching LDAP query filter and scope (or at least
1135 * candidates), and get the IDs
1137 srch_info.n_candidates = ( isroot ? -2 : limit->lms_s_unchecked == -1
1138 ? -2 : limit->lms_s_unchecked );
1139 avl_apply( bi->oc_by_oc, backsql_oc_get_candidates,
1140 &srch_info, BACKSQL_STOP, AVL_INORDER );
1141 if ( !isroot && limit->lms_s_unchecked != -1 ) {
1142 if ( srch_info.n_candidates == -1 ) {
1143 rs->sr_err = LDAP_ADMINLIMIT_EXCEEDED;
1144 send_ldap_result( op, rs );
1150 * now we load candidate entries (only those attributes
1151 * mentioned in attrs and filter), test it against full filter
1152 * and then send to client
1154 for ( eid = srch_info.id_list; eid != NULL;
1155 eid = backsql_free_entryID( eid, 1 ) ) {
1156 Attribute *hasSubordinate = NULL,
1159 /* check for abandon */
1160 if ( op->o_abandon ) {
1164 /* check time limit */
1165 if ( op->oq_search.rs_tlimit != -1 && slap_get_time() > stoptime ) {
1166 rs->sr_err = LDAP_TIMELIMIT_EXCEEDED;
1167 rs->sr_ctrls = NULL;
1168 rs->sr_ref = rs->sr_v2ref;
1169 rs->sr_err = (rs->sr_v2ref == NULL) ? LDAP_SUCCESS
1171 send_ldap_result( op, rs );
1175 Debug(LDAP_DEBUG_TRACE, "backsql_search(): loading data "
1176 "for entry id=%ld, oc_id=%ld, keyval=%ld\n",
1177 eid->id, eid->oc_id, eid->keyval );
1179 entry = (Entry *)ch_calloc( sizeof( Entry ), 1 );
1180 res = backsql_id2entry( &srch_info, entry, eid );
1181 if ( res == NULL ) {
1182 Debug( LDAP_DEBUG_TRACE, "backsql_search(): "
1183 "error in backsql_id2entry() "
1184 "- skipping entry\n", 0, 0, 0 );
1188 if ( !manageDSAit &&
1189 op->oq_search.rs_scope != LDAP_SCOPE_BASE &&
1190 is_entry_referral( entry ) ) {
1192 struct berval matched_dn;
1194 ber_dupbv( &matched_dn, &entry->e_name );
1195 refs = get_entry_referrals( op, entry );
1197 rs->sr_ref = referral_rewrite( refs,
1198 &matched_dn, &op->o_req_dn,
1199 op->oq_search.rs_scope );
1200 ber_bvarray_free( refs );
1204 rs->sr_text = "bad_referral object";
1207 rs->sr_err = LDAP_REFERRAL;
1208 rs->sr_matched = matched_dn.bv_val;
1209 send_ldap_result( op, rs );
1211 ber_bvarray_free( rs->sr_ref );
1213 ber_memfree( matched_dn.bv_val );
1214 rs->sr_matched = NULL;
1220 * We use this flag since we need to parse the filter
1221 * anyway; we should have used the frontend API function
1222 * filter_has_subordinates()
1224 if ( srch_info.bsi_flags & BSQL_SF_FILTER_HASSUBORDINATE ) {
1227 rc = backsql_has_children( bi, dbh, &entry->e_nname );
1230 case LDAP_COMPARE_TRUE:
1231 case LDAP_COMPARE_FALSE:
1232 hasSubordinate = slap_operational_hasSubordinate( rc == LDAP_COMPARE_TRUE );
1233 if ( hasSubordinate != NULL ) {
1234 for ( a = entry->e_attrs;
1238 a->a_next = hasSubordinate;
1244 Debug(LDAP_DEBUG_TRACE,
1245 "backsql_search(): "
1246 "has_children failed( %d)\n",
1257 if ( test_filter( op, entry, op->oq_search.rs_filter )
1258 == LDAP_COMPARE_TRUE ) {
1259 if ( hasSubordinate && !( srch_info.bsi_flags & BSQL_SF_ALL_OPER )
1260 && !ad_inlist( slap_schema.si_ad_hasSubordinates, op->oq_search.rs_attrs ) ) {
1262 attr_free( hasSubordinate );
1263 hasSubordinate = NULL;
1266 #if 0 /* noop is masked SLAP_CTRL_UPDATE */
1271 rs->sr_entry = entry;
1272 sres = send_search_entry( op, rs );
1282 Debug( LDAP_DEBUG_TRACE, "backsql_search(): "
1283 "connection lost\n", 0, 0, 0 );
1288 * FIXME: send_search_entry failed;
1294 entry_free( entry );
1296 if ( op->oq_search.rs_slimit != -1
1297 && rs->sr_nentries >= op->oq_search.rs_slimit ) {
1298 rs->sr_err = LDAP_SIZELIMIT_EXCEEDED;
1299 send_ldap_result( op, rs );
1306 if ( rs->sr_nentries > 0 ) {
1307 rs->sr_ref = rs->sr_v2ref;
1308 rs->sr_err = (rs->sr_v2ref == NULL) ? LDAP_SUCCESS
1311 rs->sr_err = srch_info.status;
1313 send_ldap_result( op, rs );
1315 if ( rs->sr_v2ref ) {
1316 ber_bvarray_free( rs->sr_v2ref );
1317 rs->sr_v2ref = NULL;
1321 ch_free( srch_info.attrs );
1323 Debug( LDAP_DEBUG_TRACE, "<==backsql_search()\n", 0, 0, 0 );
1327 #endif /* SLAPD_SQL */