2 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
4 * Copyright 1999-2005 The OpenLDAP Foundation.
5 * Portions Copyright 1999 Dmitry Kovalev.
6 * Portions Copyright 2002 Pierangelo Masarati.
7 * Portions Copyright 2004 Mark Adamson.
10 * Redistribution and use in source and binary forms, with or without
11 * modification, are permitted only as authorized by the OpenLDAP
14 * A copy of this license is available in the file LICENSE in the
15 * top-level directory of the distribution or, alternatively, at
16 * <http://www.OpenLDAP.org/license.html>.
19 * This work was initially developed by Dmitry Kovalev for inclusion
20 * by OpenLDAP Software. Additional significant contributors include
21 * Pierangelo Masarati and Mark Adamson.
27 #include <sys/types.h>
28 #include "ac/string.h"
32 #include "proto-sql.h"
34 static int backsql_process_filter( backsql_srch_info *bsi, Filter *f );
35 static int backsql_process_filter_eq( backsql_srch_info *bsi,
36 backsql_at_map_rec *at,
37 int casefold, struct berval *filter_value );
38 static int backsql_process_filter_like( backsql_srch_info *bsi,
39 backsql_at_map_rec *at,
40 int casefold, struct berval *filter_value );
41 static int backsql_process_filter_attr( backsql_srch_info *bsi, Filter *f,
42 backsql_at_map_rec *at );
45 backsql_attrlist_add( backsql_srch_info *bsi, AttributeDescription *ad )
48 AttributeName *an = NULL;
50 if ( bsi->bsi_attrs == NULL ) {
55 * clear the list (retrieve all attrs)
58 ch_free( bsi->bsi_attrs );
59 bsi->bsi_attrs = NULL;
60 bsi->bsi_flags |= BSQL_SF_ALL_ATTRS;
64 for ( ; !BER_BVISNULL( &bsi->bsi_attrs[ n_attrs ].an_name ); n_attrs++ ) {
65 an = &bsi->bsi_attrs[ n_attrs ];
67 Debug( LDAP_DEBUG_TRACE, "==>backsql_attrlist_add(): "
68 "attribute \"%s\" is in list\n",
69 an->an_name.bv_val, 0, 0 );
71 * We can live with strcmp because the attribute
72 * list has been normalized before calling be_search
74 if ( !BACKSQL_NCMP( &an->an_name, &ad->ad_cname ) ) {
79 Debug( LDAP_DEBUG_TRACE, "==>backsql_attrlist_add(): "
80 "adding \"%s\" to list\n", ad->ad_cname.bv_val, 0, 0 );
82 an = (AttributeName *)ch_realloc( bsi->bsi_attrs,
83 sizeof( AttributeName ) * ( n_attrs + 2 ) );
88 an[ n_attrs ].an_name = ad->ad_cname;
89 an[ n_attrs ].an_desc = ad;
90 BER_BVZERO( &an[ n_attrs + 1 ].an_name );
98 * Initializes the search structure.
100 * If get_base_id != 0, the field bsi_base_id is filled
101 * with the entryID of bsi_base_ndn; it must be freed
102 * by backsql_free_entryID() when no longer required.
104 * NOTE: base must be normalized
108 backsql_srch_info *bsi,
109 struct berval *nbase,
118 AttributeName *attrs,
122 int rc = LDAP_SUCCESS;
124 bsi->bsi_base_ndn = nbase;
125 bsi->bsi_use_subtree_shortcut = 0;
126 BER_BVZERO( &bsi->bsi_base_id.eid_dn );
127 BER_BVZERO( &bsi->bsi_base_id.eid_ndn );
128 bsi->bsi_scope = scope;
129 bsi->bsi_slimit = slimit;
130 bsi->bsi_tlimit = tlimit;
131 bsi->bsi_filter = filter;
135 bsi->bsi_flags = BSQL_SF_NONE;
140 if ( attrs == NULL ) {
141 /* also add request for all operational */
142 bsi->bsi_attrs = NULL;
143 bsi->bsi_flags |= BSQL_SF_ALL_USER;
148 bsi->bsi_attrs = (AttributeName *)ch_calloc( 1,
149 sizeof( AttributeName ) );
150 BER_BVZERO( &bsi->bsi_attrs[ 0 ].an_name );
152 for ( p = attrs; !BER_BVISNULL( &p->an_name ); p++ ) {
154 * ignore "1.1"; handle "+"
156 if ( BACKSQL_NCMP( &p->an_name, &AllUser ) == 0 ) {
157 bsi->bsi_flags |= BSQL_SF_ALL_USER;
160 } else if ( BACKSQL_NCMP( &p->an_name, &AllOper ) == 0 ) {
161 bsi->bsi_flags |= BSQL_SF_ALL_OPER;
164 } else if ( BACKSQL_NCMP( &p->an_name, &NoAttrs ) == 0 ) {
167 } else if ( p->an_desc == slap_schema.si_ad_objectClass ) {
171 backsql_attrlist_add( bsi, p->an_desc );
175 /* add objectClass if not present,
176 * because it is required to understand
177 * if an entry is a referral, an alias
179 backsql_attrlist_add( bsi, slap_schema.si_ad_objectClass );
183 bsi->bsi_abandon = 0;
184 bsi->bsi_id_list = NULL;
185 bsi->bsi_id_listtail = &bsi->bsi_id_list;
186 bsi->bsi_n_candidates = 0;
187 bsi->bsi_stoptime = stoptime;
188 BER_BVZERO( &bsi->bsi_sel.bb_val );
189 bsi->bsi_sel.bb_len = 0;
190 BER_BVZERO( &bsi->bsi_from.bb_val );
191 bsi->bsi_from.bb_len = 0;
192 BER_BVZERO( &bsi->bsi_join_where.bb_val );
193 bsi->bsi_join_where.bb_len = 0;
194 BER_BVZERO( &bsi->bsi_flt_where.bb_val );
195 bsi->bsi_flt_where.bb_len = 0;
196 bsi->bsi_filter_oc = NULL;
198 if ( BACKSQL_IS_GET_ID( flags ) ) {
199 assert( op->o_bd->be_private );
201 rc = backsql_dn2id( op, rs, dbh, nbase, &bsi->bsi_base_id,
202 BACKSQL_IS_MATCHED( flags ), 1 );
205 return ( bsi->bsi_status = rc );
209 backsql_process_filter_list( backsql_srch_info *bsi, Filter *f, int op )
217 backsql_strfcat( &bsi->bsi_flt_where, "c", '(' /* ) */ );
220 res = backsql_process_filter( bsi, f );
223 * TimesTen : If the query has no answers,
224 * don't bother to run the query.
235 case LDAP_FILTER_AND:
236 backsql_strfcat( &bsi->bsi_flt_where, "l",
237 (ber_len_t)STRLENOF( " AND " ),
242 backsql_strfcat( &bsi->bsi_flt_where, "l",
243 (ber_len_t)STRLENOF( " OR " ),
249 backsql_strfcat( &bsi->bsi_flt_where, "c", /* ( */ ')' );
255 backsql_process_sub_filter( backsql_srch_info *bsi, Filter *f,
256 backsql_at_map_rec *at )
258 backsql_info *bi = (backsql_info *)bsi->bsi_op->o_bd->be_private;
266 /* always uppercase strings by now */
267 #ifdef BACKSQL_UPPERCASE_FILTER
268 if ( f->f_sub_desc->ad_type->sat_substr &&
269 SLAP_MR_ASSOCIATED( f->f_sub_desc->ad_type->sat_substr,
270 bi->sql_caseIgnoreMatch ) )
271 #endif /* BACKSQL_UPPERCASE_FILTER */
276 if ( f->f_sub_desc->ad_type->sat_substr &&
277 SLAP_MR_ASSOCIATED( f->f_sub_desc->ad_type->sat_substr,
278 bi->sql_telephoneNumberMatch ) )
285 * to check for matching telephone numbers
286 * with intermixed chars, e.g. val='1234'
289 * val LIKE '%1%2%3%4%'
293 if ( f->f_sub_initial.bv_val ) {
294 bv.bv_len += f->f_sub_initial.bv_len;
296 if ( f->f_sub_any != NULL ) {
297 for ( a = 0; f->f_sub_any[ a ].bv_val != NULL; a++ ) {
298 bv.bv_len += f->f_sub_any[ a ].bv_len;
301 if ( f->f_sub_final.bv_val ) {
302 bv.bv_len += f->f_sub_final.bv_len;
304 bv.bv_len = 2 * bv.bv_len - 1;
305 bv.bv_val = ch_malloc( bv.bv_len + 1 );
308 if ( !BER_BVISNULL( &f->f_sub_initial ) ) {
309 bv.bv_val[ s ] = f->f_sub_initial.bv_val[ 0 ];
310 for ( i = 1; i < f->f_sub_initial.bv_len; i++ ) {
311 bv.bv_val[ s + 2 * i - 1 ] = '%';
312 bv.bv_val[ s + 2 * i ] = f->f_sub_initial.bv_val[ i ];
314 bv.bv_val[ s + 2 * i - 1 ] = '%';
318 if ( f->f_sub_any != NULL ) {
319 for ( a = 0; !BER_BVISNULL( &f->f_sub_any[ a ] ); a++ ) {
320 bv.bv_val[ s ] = f->f_sub_any[ a ].bv_val[ 0 ];
321 for ( i = 1; i < f->f_sub_any[ a ].bv_len; i++ ) {
322 bv.bv_val[ s + 2 * i - 1 ] = '%';
323 bv.bv_val[ s + 2 * i ] = f->f_sub_any[ a ].bv_val[ i ];
325 bv.bv_val[ s + 2 * i - 1 ] = '%';
330 if ( !BER_BVISNULL( &f->f_sub_final ) ) {
331 bv.bv_val[ s ] = f->f_sub_final.bv_val[ 0 ];
332 for ( i = 1; i < f->f_sub_final.bv_len; i++ ) {
333 bv.bv_val[ s + 2 * i - 1 ] = '%';
334 bv.bv_val[ s + 2 * i ] = f->f_sub_final.bv_val[ i ];
336 bv.bv_val[ s + 2 * i - 1 ] = '%';
340 bv.bv_val[ s - 1 ] = '\0';
342 (void)backsql_process_filter_like( bsi, at, casefold, &bv );
343 ch_free( bv.bv_val );
349 * When dealing with case-sensitive strings
350 * we may omit normalization; however, normalized
351 * SQL filters are more liberal.
354 backsql_strfcat( &bsi->bsi_flt_where, "c", '(' /* ) */ );
357 Debug( LDAP_DEBUG_TRACE, "backsql_process_sub_filter(%s):\n",
358 at->bam_ad->ad_cname.bv_val, 0, 0 );
359 Debug(LDAP_DEBUG_TRACE, " expr: '%s%s%s'\n", at->bam_sel_expr.bv_val,
360 at->bam_sel_expr_u.bv_val ? "' '" : "",
361 at->bam_sel_expr_u.bv_val ? at->bam_sel_expr_u.bv_val : "" );
362 if ( casefold && BACKSQL_AT_CANUPPERCASE( at ) ) {
364 * If a pre-upper-cased version of the column
365 * or a precompiled upper function exists, use it
367 backsql_strfcat( &bsi->bsi_flt_where,
370 (ber_len_t)STRLENOF( " LIKE '" ),
374 backsql_strfcat( &bsi->bsi_flt_where, "bl",
376 (ber_len_t)STRLENOF( " LIKE '" ), " LIKE '" );
379 if ( !BER_BVISNULL( &f->f_sub_initial ) ) {
383 Debug( LDAP_DEBUG_TRACE,
384 "==>backsql_process_sub_filter(%s): "
385 "sub_initial=\"%s\"\n", at->bam_ad->ad_cname.bv_val,
386 f->f_sub_initial.bv_val, 0 );
387 #endif /* BACKSQL_TRACE */
389 start = bsi->bsi_flt_where.bb_val.bv_len;
390 backsql_strfcat( &bsi->bsi_flt_where, "b",
392 if ( casefold && BACKSQL_AT_CANUPPERCASE( at ) ) {
393 ldap_pvt_str2upper( &bsi->bsi_flt_where.bb_val.bv_val[ start ] );
397 backsql_strfcat( &bsi->bsi_flt_where, "c", '%' );
399 if ( f->f_sub_any != NULL ) {
400 for ( i = 0; !BER_BVISNULL( &f->f_sub_any[ i ] ); i++ ) {
404 Debug( LDAP_DEBUG_TRACE,
405 "==>backsql_process_sub_filter(%s): "
406 "sub_any[%d]=\"%s\"\n", at->bam_ad->ad_cname.bv_val,
407 i, f->f_sub_any[ i ].bv_val );
408 #endif /* BACKSQL_TRACE */
410 start = bsi->bsi_flt_where.bb_val.bv_len;
411 backsql_strfcat( &bsi->bsi_flt_where,
415 if ( casefold && BACKSQL_AT_CANUPPERCASE( at ) ) {
417 * Note: toupper('%') = '%'
419 ldap_pvt_str2upper( &bsi->bsi_flt_where.bb_val.bv_val[ start ] );
424 if ( !BER_BVISNULL( &f->f_sub_final ) ) {
428 Debug( LDAP_DEBUG_TRACE,
429 "==>backsql_process_sub_filter(%s): "
430 "sub_final=\"%s\"\n", at->bam_ad->ad_cname.bv_val,
431 f->f_sub_final.bv_val, 0 );
432 #endif /* BACKSQL_TRACE */
434 start = bsi->bsi_flt_where.bb_val.bv_len;
435 backsql_strfcat( &bsi->bsi_flt_where, "b",
437 if ( casefold && BACKSQL_AT_CANUPPERCASE( at ) ) {
438 ldap_pvt_str2upper( &bsi->bsi_flt_where.bb_val.bv_val[ start ] );
442 backsql_strfcat( &bsi->bsi_flt_where, "l",
443 (ber_len_t)STRLENOF( /* (' */ "')" ), /* (' */ "')" );
449 backsql_merge_from_tbls( backsql_srch_info *bsi, struct berval *from_tbls )
451 if ( BER_BVISNULL( from_tbls ) ) {
455 if ( !BER_BVISNULL( &bsi->bsi_from.bb_val ) ) {
456 char *start, *end, *tmp;
458 tmp = ch_strdup( from_tbls->bv_val );
460 for ( start = tmp, end = strchr( start, ',' ); start; ) {
465 if ( strstr( bsi->bsi_from.bb_val.bv_val, start) == NULL )
467 backsql_strfcat( &bsi->bsi_from, "cs", ',', start );
471 /* in case there are spaces after the comma... */
472 for ( start = &end[1]; isspace( start[0] ); start++ );
474 end = strchr( start, ',' );
486 backsql_strfcat( &bsi->bsi_from, "b", from_tbls );
493 backsql_process_filter( backsql_srch_info *bsi, Filter *f )
495 backsql_at_map_rec **vat = NULL;
496 AttributeDescription *ad = NULL;
501 Debug( LDAP_DEBUG_TRACE, "==>backsql_process_filter()\n", 0, 0, 0 );
502 if ( f->f_choice == SLAPD_FILTER_COMPUTED ) {
503 Debug( LDAP_DEBUG_TRACE, "backsql_process_filter(): "
504 "invalid filter\n", 0, 0, 0 );
509 switch( f->f_choice ) {
511 rc = backsql_process_filter_list( bsi, f->f_or,
516 case LDAP_FILTER_AND:
517 rc = backsql_process_filter_list( bsi, f->f_and,
522 case LDAP_FILTER_NOT:
523 backsql_strfcat( &bsi->bsi_flt_where, "l",
524 (ber_len_t)STRLENOF( "NOT (" /* ) */ ),
526 rc = backsql_process_filter( bsi, f->f_not );
527 backsql_strfcat( &bsi->bsi_flt_where, "c", /* ( */ ')' );
531 case LDAP_FILTER_PRESENT:
535 case LDAP_FILTER_EXT:
536 ad = f->f_mra->ma_desc;
537 if ( f->f_mr_dnattrs ) {
539 * if dn attrs filtering is requested, better return
540 * success and let test_filter() deal with candidate
541 * selection; otherwise we'd need to set conditions
542 * on the contents of the DN, e.g. "SELECT ... FROM
543 * ldap_entries AS attributeName WHERE attributeName.dn
544 * like '%attributeName=value%'"
546 backsql_strfcat( &bsi->bsi_flt_where, "l",
547 (ber_len_t)STRLENOF( "1=1" ), "1=1" );
548 bsi->bsi_status = LDAP_SUCCESS;
569 * Turn structuralObjectClass into objectClass
571 if ( ad == slap_schema.si_ad_objectClass
572 || ad == slap_schema.si_ad_structuralObjectClass )
575 * If the filter is LDAP_FILTER_PRESENT, then it's done;
576 * otherwise, let's see if we are lucky: filtering
577 * for "structural" objectclass or ancestor...
579 switch ( f->f_choice ) {
580 case LDAP_FILTER_EQUALITY:
582 ObjectClass *oc = oc_bvfind( &f->f_av_value );
585 Debug( LDAP_DEBUG_TRACE,
586 "backsql_process_filter(): "
587 "unknown objectClass \"%s\" "
589 f->f_av_value.bv_val, 0, 0 );
590 bsi->bsi_status = LDAP_OTHER;
596 * "structural" objectClass inheritance:
597 * - a search for "person" will also return
599 * - a search for "top" will return everything
601 if ( is_object_subclass( oc, bsi->bsi_oc->bom_oc ) ) {
602 static struct berval ldap_entry_objclasses = BER_BVC( "ldap_entry_objclasses" );
604 backsql_merge_from_tbls( bsi, &ldap_entry_objclasses );
606 backsql_strfcat( &bsi->bsi_flt_where, "lbl",
607 (ber_len_t)STRLENOF( "2=2 OR (ldap_entries.id=ldap_entry_objclasses.entry_id AND ldap_entry_objclasses.oc_name='" /* ') */ ),
608 "2=2 OR (ldap_entries.id=ldap_entry_objclasses.entry_id AND ldap_entry_objclasses.oc_name='" /* ') */,
609 &bsi->bsi_oc->bom_oc->soc_cname,
610 (ber_len_t)STRLENOF( /* (' */ "')" ),
612 bsi->bsi_status = LDAP_SUCCESS;
620 case LDAP_FILTER_PRESENT:
621 backsql_strfcat( &bsi->bsi_flt_where, "l",
622 (ber_len_t)STRLENOF( "3=3" ), "3=3" );
623 bsi->bsi_status = LDAP_SUCCESS;
627 /* FIXME: LDAP_FILTER_EXT? */
630 Debug( LDAP_DEBUG_TRACE,
631 "backsql_process_filter(): "
632 "illegal/unhandled filter "
633 "on objectClass attribute",
635 bsi->bsi_status = LDAP_OTHER;
640 } else if ( ad == slap_schema.si_ad_entryUUID ) {
642 #ifdef BACKSQL_ARBITRARY_KEY
643 struct berval keyval;
644 #else /* ! BACKSQL_ARBITRARY_KEY */
645 unsigned long keyval;
646 char keyvalbuf[] = "18446744073709551615";
647 #endif /* ! BACKSQL_ARBITRARY_KEY */
649 switch ( f->f_choice ) {
650 case LDAP_FILTER_EQUALITY:
651 backsql_entryUUID_decode( &f->f_av_value, &oc_id, &keyval );
653 if ( oc_id != bsi->bsi_oc->bom_id ) {
654 bsi->bsi_status = LDAP_SUCCESS;
659 #ifdef BACKSQL_ARBITRARY_KEY
660 backsql_strfcat( &bsi->bsi_flt_where, "bcblbc",
661 &bsi->bsi_oc->bom_keytbl, '.',
662 &bsi->bsi_oc->bom_keycol,
663 STRLENOF( " LIKE '" ), " LIKE '",
665 #else /* ! BACKSQL_ARBITRARY_KEY */
666 snprintf( keyvalbuf, sizeof( keyvalbuf ), "%lu", keyval );
667 backsql_strfcat( &bsi->bsi_flt_where, "bcbcs",
668 &bsi->bsi_oc->bom_keytbl, '.',
669 &bsi->bsi_oc->bom_keycol, '=', keyvalbuf );
670 #endif /* ! BACKSQL_ARBITRARY_KEY */
673 case LDAP_FILTER_PRESENT:
674 backsql_strfcat( &bsi->bsi_flt_where, "l",
675 (ber_len_t)STRLENOF( "4=4" ), "4=4" );
683 bsi->bsi_flags |= BSQL_SF_FILTER_ENTRYUUID;
687 #ifdef BACKSQL_SYNCPROV
688 } else if ( ad == slap_schema.si_ad_entryCSN ) {
690 * support for syncrepl as producer...
692 if ( !bsi->bsi_op->o_sync ) {
693 /* unsupported at present... */
694 bsi->bsi_status = LDAP_OTHER;
699 bsi->bsi_flags |= ( BSQL_SF_FILTER_ENTRYCSN | BSQL_SF_RETURN_ENTRYUUID);
701 /* if doing a syncrepl, try to return as much as possible,
702 * and always match the filter */
703 backsql_strfcat( &bsi->bsi_flt_where, "l",
704 (ber_len_t)STRLENOF( "5=5" ), "5=5" );
706 /* save for later use in operational attributes */
707 /* FIXME: saves only the first occurrence, because
708 * the filter during updates is written as
709 * "(&(entryCSN<={contextCSN})(entryCSN>={oldContextCSN})({filter}))"
710 * so we want our fake entryCSN to match the greatest
713 if ( bsi->bsi_op->o_private == NULL ) {
714 bsi->bsi_op->o_private = &f->f_av_value;
716 bsi->bsi_status = LDAP_SUCCESS;
720 #endif /* BACKSQL_SYNCPROV */
722 } else if ( ad == slap_schema.si_ad_hasSubordinates || ad == NULL ) {
724 * FIXME: this is not robust; e.g. a filter
725 * '(!(hasSubordinates=TRUE))' fails because
726 * in SQL it would read 'NOT (1=1)' instead
728 * Note however that hasSubordinates is boolean,
729 * so a more appropriate filter would be
730 * '(hasSubordinates=FALSE)'
732 * A more robust search for hasSubordinates
733 * would * require joining the ldap_entries table
734 * selecting if there are descendants of the
737 backsql_strfcat( &bsi->bsi_flt_where, "l",
738 (ber_len_t)STRLENOF( "6=6" ), "6=6" );
739 if ( ad == slap_schema.si_ad_hasSubordinates ) {
741 * instruct candidate selection algorithm
742 * and attribute list to try to detect
743 * if an entry has subordinates
745 bsi->bsi_flags |= BSQL_SF_FILTER_HASSUBORDINATE;
749 * clear attributes to fetch, to require ALL
750 * and try extended match on all attributes
752 backsql_attrlist_add( bsi, NULL );
759 * attribute inheritance:
761 if ( backsql_supad2at( bsi->bsi_oc, ad, &vat ) ) {
762 bsi->bsi_status = LDAP_OTHER;
768 /* search anyway; other parts of the filter
770 backsql_strfcat( &bsi->bsi_flt_where, "l",
771 (ber_len_t)STRLENOF( "7=7" ), "7=7" );
772 bsi->bsi_status = LDAP_SUCCESS;
777 /* if required, open extra level of parens */
779 if ( vat[0]->bam_next || vat[1] ) {
780 backsql_strfcat( &bsi->bsi_flt_where, "c", '(' );
787 if ( backsql_process_filter_attr( bsi, f, vat[i] ) == -1 ) {
791 /* if more definitions of the same attr, apply */
792 if ( vat[i]->bam_next ) {
793 backsql_strfcat( &bsi->bsi_flt_where, "l",
794 STRLENOF( " OR " ), " OR " );
795 vat[i] = vat[i]->bam_next;
799 /* if more descendants of the same attr, apply */
802 backsql_strfcat( &bsi->bsi_flt_where, "l",
803 STRLENOF( " OR " ), " OR " );
807 /* if needed, close extra level of parens */
809 backsql_strfcat( &bsi->bsi_flt_where, "c", ')' );
819 Debug( LDAP_DEBUG_TRACE,
820 "<==backsql_process_filter() %s\n",
821 rc == 1 ? "succeeded" : "failed", 0, 0);
827 backsql_process_filter_eq( backsql_srch_info *bsi, backsql_at_map_rec *at,
828 int casefold, struct berval *filter_value )
831 * maybe we should check type of at->sel_expr here somehow,
832 * to know whether upper_func is applicable, but for now
833 * upper_func stuff is made for Oracle, where UPPER is
834 * safely applicable to NUMBER etc.
836 if ( casefold && BACKSQL_AT_CANUPPERCASE( at ) ) {
839 backsql_strfcat( &bsi->bsi_flt_where, "cbl",
842 (ber_len_t)STRLENOF( "='" ),
845 start = bsi->bsi_flt_where.bb_val.bv_len;
847 backsql_strfcat( &bsi->bsi_flt_where, "bl",
849 (ber_len_t)STRLENOF( /* (' */ "')" ),
852 ldap_pvt_str2upper( &bsi->bsi_flt_where.bb_val.bv_val[ start ] );
855 backsql_strfcat( &bsi->bsi_flt_where, "cblbl",
858 (ber_len_t)STRLENOF( "='" ), "='",
860 (ber_len_t)STRLENOF( /* (' */ "')" ),
868 backsql_process_filter_like( backsql_srch_info *bsi, backsql_at_map_rec *at,
869 int casefold, struct berval *filter_value )
872 * maybe we should check type of at->sel_expr here somehow,
873 * to know whether upper_func is applicable, but for now
874 * upper_func stuff is made for Oracle, where UPPER is
875 * safely applicable to NUMBER etc.
877 if ( casefold && BACKSQL_AT_CANUPPERCASE( at ) ) {
880 backsql_strfcat( &bsi->bsi_flt_where, "cbl",
883 (ber_len_t)STRLENOF( " LIKE '%" ),
886 start = bsi->bsi_flt_where.bb_val.bv_len;
888 backsql_strfcat( &bsi->bsi_flt_where, "bl",
890 (ber_len_t)STRLENOF( /* (' */ "%')" ),
893 ldap_pvt_str2upper( &bsi->bsi_flt_where.bb_val.bv_val[ start ] );
896 backsql_strfcat( &bsi->bsi_flt_where, "cblbl",
899 (ber_len_t)STRLENOF( " LIKE '%" ),
902 (ber_len_t)STRLENOF( /* (' */ "%')" ),
910 backsql_process_filter_attr( backsql_srch_info *bsi, Filter *f, backsql_at_map_rec *at )
912 backsql_info *bi = (backsql_info *)bsi->bsi_op->o_bd->be_private;
914 struct berval *filter_value = NULL;
915 MatchingRule *matching_rule = NULL;
916 struct berval ordering = BER_BVC("<=");
918 Debug( LDAP_DEBUG_TRACE, "==>backsql_process_filter_attr(%s)\n",
919 at->bam_ad->ad_cname.bv_val, 0, 0 );
922 * need to add this attribute to list of attrs to load,
923 * so that we can do test_filter() later
925 backsql_attrlist_add( bsi, at->bam_ad );
927 backsql_merge_from_tbls( bsi, &at->bam_from_tbls );
929 if ( !BER_BVISNULL( &at->bam_join_where )
930 && strstr( bsi->bsi_join_where.bb_val.bv_val,
931 at->bam_join_where.bv_val ) == NULL )
933 backsql_strfcat( &bsi->bsi_join_where, "lb",
934 (ber_len_t)STRLENOF( " AND " ), " AND ",
935 &at->bam_join_where );
938 switch ( f->f_choice ) {
939 case LDAP_FILTER_EQUALITY:
940 filter_value = &f->f_av_value;
941 matching_rule = at->bam_ad->ad_type->sat_equality;
945 /* fail over into next case */
947 case LDAP_FILTER_EXT:
948 filter_value = &f->f_mra->ma_value;
949 matching_rule = f->f_mr_rule;
952 /* always uppercase strings by now */
953 #ifdef BACKSQL_UPPERCASE_FILTER
954 if ( SLAP_MR_ASSOCIATED( matching_rule,
955 bi->sql_caseIgnoreMatch ) )
956 #endif /* BACKSQL_UPPERCASE_FILTER */
961 /* FIXME: directoryString filtering should use a similar
962 * approach to deal with non-prettified values like
963 * " A non prettified value ", by using a LIKE
964 * filter with all whitespaces collapsed to a single '%' */
965 if ( SLAP_MR_ASSOCIATED( matching_rule,
966 bi->sql_telephoneNumberMatch ) )
972 * to check for matching telephone numbers
973 * with intermized chars, e.g. val='1234'
976 * val LIKE '%1%2%3%4%'
979 bv.bv_len = 2 * filter_value->bv_len - 1;
980 bv.bv_val = ch_malloc( bv.bv_len + 1 );
982 bv.bv_val[ 0 ] = filter_value->bv_val[ 0 ];
983 for ( i = 1; i < filter_value->bv_len; i++ ) {
984 bv.bv_val[ 2 * i - 1 ] = '%';
985 bv.bv_val[ 2 * i ] = filter_value->bv_val[ i ];
987 bv.bv_val[ 2 * i - 1 ] = '\0';
989 (void)backsql_process_filter_like( bsi, at, casefold, &bv );
990 ch_free( bv.bv_val );
995 /* NOTE: this is required by objectClass inheritance
996 * and auxiliary objectClass use in filters for slightly
997 * more efficient candidate selection. */
998 /* FIXME: a bit too many specializations to deal with
999 * very specific cases... */
1000 if ( at->bam_ad == slap_schema.si_ad_objectClass
1001 || at->bam_ad == slap_schema.si_ad_structuralObjectClass )
1003 backsql_strfcat( &bsi->bsi_flt_where, "lbl",
1004 (ber_len_t)STRLENOF( "(ldap_entries.id=ldap_entry_objclasses.entry_id AND ldap_entry_objclasses.oc_name='" /* ') */ ),
1005 "(ldap_entries.id=ldap_entry_objclasses.entry_id AND ldap_entry_objclasses.oc_name='" /* ') */,
1007 (ber_len_t)STRLENOF( /* (' */ "')" ),
1013 * maybe we should check type of at->sel_expr here somehow,
1014 * to know whether upper_func is applicable, but for now
1015 * upper_func stuff is made for Oracle, where UPPER is
1016 * safely applicable to NUMBER etc.
1018 (void)backsql_process_filter_eq( bsi, at, casefold, filter_value );
1021 case LDAP_FILTER_GE:
1022 ordering.bv_val = ">=";
1024 /* fall thru to next case */
1026 case LDAP_FILTER_LE:
1027 filter_value = &f->f_av_value;
1029 /* always uppercase strings by now */
1030 #ifdef BACKSQL_UPPERCASE_FILTER
1031 if ( at->bam_ad->ad_type->sat_ordering &&
1032 SLAP_MR_ASSOCIATED( at->bam_ad->ad_type->sat_ordering,
1033 bi->sql_caseIgnoreMatch ) )
1034 #endif /* BACKSQL_UPPERCASE_FILTER */
1040 * FIXME: should we uppercase the operands?
1042 if ( casefold && BACKSQL_AT_CANUPPERCASE( at ) ) {
1045 backsql_strfcat( &bsi->bsi_flt_where, "cbbc",
1047 &at->bam_sel_expr_u,
1051 start = bsi->bsi_flt_where.bb_val.bv_len;
1053 backsql_strfcat( &bsi->bsi_flt_where, "bl",
1055 (ber_len_t)STRLENOF( /* (' */ "')" ),
1058 ldap_pvt_str2upper( &bsi->bsi_flt_where.bb_val.bv_val[ start ] );
1061 backsql_strfcat( &bsi->bsi_flt_where, "cbbcbl",
1067 (ber_len_t)STRLENOF( /* (' */ "')" ),
1072 case LDAP_FILTER_PRESENT:
1073 backsql_strfcat( &bsi->bsi_flt_where, "lbl",
1074 (ber_len_t)STRLENOF( "NOT (" /* ) */),
1077 (ber_len_t)STRLENOF( /* ( */ " IS NULL)" ),
1078 /* ( */ " IS NULL)" );
1081 case LDAP_FILTER_SUBSTRINGS:
1082 backsql_process_sub_filter( bsi, f, at );
1085 case LDAP_FILTER_APPROX:
1086 /* we do our best */
1089 * maybe we should check type of at->sel_expr here somehow,
1090 * to know whether upper_func is applicable, but for now
1091 * upper_func stuff is made for Oracle, where UPPER is
1092 * safely applicable to NUMBER etc.
1094 (void)backsql_process_filter_like( bsi, at, 1, &f->f_av_value );
1098 /* unhandled filter type; should not happen */
1100 backsql_strfcat( &bsi->bsi_flt_where, "l",
1101 (ber_len_t)STRLENOF( "8=8" ), "8=8" );
1106 Debug( LDAP_DEBUG_TRACE, "<==backsql_process_filter_attr(%s)\n",
1107 at->bam_ad->ad_cname.bv_val, 0, 0 );
1113 backsql_srch_query( backsql_srch_info *bsi, struct berval *query )
1115 backsql_info *bi = (backsql_info *)bsi->bsi_op->o_bd->be_private;
1119 BER_BVZERO( query );
1121 bsi->bsi_use_subtree_shortcut = 0;
1123 Debug( LDAP_DEBUG_TRACE, "==>backsql_srch_query()\n", 0, 0, 0 );
1124 BER_BVZERO( &bsi->bsi_sel.bb_val );
1125 BER_BVZERO( &bsi->bsi_sel.bb_val );
1126 bsi->bsi_sel.bb_len = 0;
1127 BER_BVZERO( &bsi->bsi_from.bb_val );
1128 bsi->bsi_from.bb_len = 0;
1129 BER_BVZERO( &bsi->bsi_join_where.bb_val );
1130 bsi->bsi_join_where.bb_len = 0;
1131 BER_BVZERO( &bsi->bsi_flt_where.bb_val );
1132 bsi->bsi_flt_where.bb_len = 0;
1134 backsql_strfcat( &bsi->bsi_sel, "lbcbc",
1135 (ber_len_t)STRLENOF( "SELECT DISTINCT ldap_entries.id," ),
1136 "SELECT DISTINCT ldap_entries.id,",
1137 &bsi->bsi_oc->bom_keytbl,
1139 &bsi->bsi_oc->bom_keycol,
1142 if ( !BER_BVISNULL( &bi->sql_strcast_func ) ) {
1143 backsql_strfcat( &bsi->bsi_sel, "blbl",
1144 &bi->sql_strcast_func,
1145 (ber_len_t)STRLENOF( "('" /* ') */ ),
1147 &bsi->bsi_oc->bom_oc->soc_cname,
1148 (ber_len_t)STRLENOF( /* (' */ "')" ),
1151 backsql_strfcat( &bsi->bsi_sel, "cbc",
1153 &bsi->bsi_oc->bom_oc->soc_cname,
1156 #ifdef BACKSQL_ALIASING_QUOTE
1157 backsql_strfcat( &bsi->bsi_sel, "lclcl",
1158 (ber_len_t)STRLENOF( " " BACKSQL_ALIASING ),
1159 " " BACKSQL_ALIASING,
1160 BACKSQL_ALIASING_QUOTE,
1161 (ber_len_t)STRLENOF( "objectClass" ),
1163 BACKSQL_ALIASING_QUOTE,
1164 (ber_len_t)STRLENOF( ",ldap_entries.dn " BACKSQL_ALIASING "dn" ),
1165 ",ldap_entries.dn " BACKSQL_ALIASING "dn" );
1166 #else /* ! BACKSQL_ALIASING_QUOTE */
1167 backsql_strfcat( &bsi->bsi_sel, "l",
1168 (ber_len_t)STRLENOF( " " BACKSQL_ALIASING "objectClass,ldap_entries.dn " BACKSQL_ALIASING "dn" ),
1169 " " BACKSQL_ALIASING "objectClass,ldap_entries.dn " BACKSQL_ALIASING "dn" );
1170 #endif /* ! BACKSQL_ALIASING_QUOTE */
1172 backsql_strfcat( &bsi->bsi_from, "lb",
1173 (ber_len_t)STRLENOF( " FROM ldap_entries," ),
1174 " FROM ldap_entries,",
1175 &bsi->bsi_oc->bom_keytbl );
1177 backsql_strfcat( &bsi->bsi_join_where, "lbcbl",
1178 (ber_len_t)STRLENOF( " WHERE " ), " WHERE ",
1179 &bsi->bsi_oc->bom_keytbl,
1181 &bsi->bsi_oc->bom_keycol,
1182 (ber_len_t)STRLENOF( "=ldap_entries.keyval AND ldap_entries.oc_map_id=? AND " ),
1183 "=ldap_entries.keyval AND ldap_entries.oc_map_id=? AND " );
1185 switch ( bsi->bsi_scope ) {
1186 case LDAP_SCOPE_BASE:
1187 if ( BACKSQL_CANUPPERCASE( bi ) ) {
1188 backsql_strfcat( &bsi->bsi_join_where, "bl",
1189 &bi->sql_upper_func,
1190 (ber_len_t)STRLENOF( "(ldap_entries.dn)=?" ),
1191 "(ldap_entries.dn)=?" );
1193 backsql_strfcat( &bsi->bsi_join_where, "l",
1194 (ber_len_t)STRLENOF( "ldap_entries.dn=?" ),
1195 "ldap_entries.dn=?" );
1199 case BACKSQL_SCOPE_BASE_LIKE:
1200 if ( BACKSQL_CANUPPERCASE( bi ) ) {
1201 backsql_strfcat( &bsi->bsi_join_where, "bl",
1202 &bi->sql_upper_func,
1203 (ber_len_t)STRLENOF( "(ldap_entries.dn) LIKE ?" ),
1204 "(ldap_entries.dn) LIKE ?" );
1206 backsql_strfcat( &bsi->bsi_join_where, "l",
1207 (ber_len_t)STRLENOF( "ldap_entries.dn LIKE ?" ),
1208 "ldap_entries.dn LIKE ?" );
1212 case LDAP_SCOPE_ONELEVEL:
1213 backsql_strfcat( &bsi->bsi_join_where, "l",
1214 (ber_len_t)STRLENOF( "ldap_entries.parent=?" ),
1215 "ldap_entries.parent=?" );
1218 #ifdef LDAP_SCOPE_SUBORDINATE
1219 case LDAP_SCOPE_SUBORDINATE:
1220 #endif /* LDAP_SCOPE_SUBORDINATE */
1221 case LDAP_SCOPE_SUBTREE:
1222 if ( BACKSQL_USE_SUBTREE_SHORTCUT( bi ) ) {
1224 BackendDB *bd = bsi->bsi_op->o_bd;
1226 assert( bd->be_nsuffix );
1228 for ( i = 0; !BER_BVISNULL( &bd->be_nsuffix[ i ] ); i++ )
1230 if ( dn_match( &bd->be_nsuffix[ i ],
1231 bsi->bsi_base_ndn ) )
1233 /* pass this to the candidate selection
1234 * routine so that the DN is not bound
1235 * to the select statement */
1236 bsi->bsi_use_subtree_shortcut = 1;
1242 if ( bsi->bsi_use_subtree_shortcut ) {
1243 /* Skip the base DN filter, as every entry will match it */
1244 backsql_strfcat( &bsi->bsi_join_where, "l",
1245 (ber_len_t)STRLENOF( "9=9"), "9=9");
1247 } else if ( !BER_BVISNULL( &bi->sql_subtree_cond ) ) {
1248 backsql_strfcat( &bsi->bsi_join_where, "b", &bi->sql_subtree_cond );
1250 } else if ( BACKSQL_CANUPPERCASE( bi ) ) {
1251 backsql_strfcat( &bsi->bsi_join_where, "bl",
1252 &bi->sql_upper_func,
1253 (ber_len_t)STRLENOF( "(ldap_entries.dn) LIKE ?" ),
1254 "(ldap_entries.dn) LIKE ?" );
1257 backsql_strfcat( &bsi->bsi_join_where, "l",
1258 (ber_len_t)STRLENOF( "ldap_entries.dn LIKE ?" ),
1259 "ldap_entries.dn LIKE ?" );
1268 rc = backsql_process_filter( bsi, bsi->bsi_filter );
1270 struct berbuf bb = BB_NULL;
1272 backsql_strfcat( &bb, "bbblb",
1273 &bsi->bsi_sel.bb_val,
1274 &bsi->bsi_from.bb_val,
1275 &bsi->bsi_join_where.bb_val,
1276 (ber_len_t)STRLENOF( " AND " ), " AND ",
1277 &bsi->bsi_flt_where.bb_val );
1281 } else if ( rc < 0 ) {
1283 * Indicates that there's no possible way the filter matches
1284 * anything. No need to issue the query
1286 free( query->bv_val );
1287 BER_BVZERO( query );
1290 free( bsi->bsi_sel.bb_val.bv_val );
1291 BER_BVZERO( &bsi->bsi_sel.bb_val );
1292 bsi->bsi_sel.bb_len = 0;
1293 free( bsi->bsi_from.bb_val.bv_val );
1294 BER_BVZERO( &bsi->bsi_from.bb_val );
1295 bsi->bsi_from.bb_len = 0;
1296 free( bsi->bsi_join_where.bb_val.bv_val );
1297 BER_BVZERO( &bsi->bsi_join_where.bb_val );
1298 bsi->bsi_join_where.bb_len = 0;
1299 free( bsi->bsi_flt_where.bb_val.bv_val );
1300 BER_BVZERO( &bsi->bsi_flt_where.bb_val );
1301 bsi->bsi_flt_where.bb_len = 0;
1303 Debug( LDAP_DEBUG_TRACE, "<==backsql_srch_query() returns %s\n",
1304 query->bv_val ? query->bv_val : "NULL", 0, 0 );
1306 return ( rc <= 0 ? 1 : 0 );
1310 backsql_oc_get_candidates( void *v_oc, void *v_bsi )
1312 backsql_oc_map_rec *oc = v_oc;
1313 backsql_srch_info *bsi = v_bsi;
1314 backsql_info *bi = (backsql_info *)bsi->bsi_op->o_bd->be_private;
1315 struct berval query;
1316 SQLHSTMT sth = SQL_NULL_HSTMT;
1319 BACKSQL_ROW_NTS row;
1322 int n_candidates = bsi->bsi_n_candidates;
1325 * + 1 because we need room for '%';
1326 * + 1 because we need room for ',' for LDAP_SCOPE_SUBORDINATE;
1327 * this makes a subtree
1328 * search for a DN BACKSQL_MAX_DN_LEN long legal
1329 * if it returns that DN only
1331 char tmp_base_ndn[ BACKSQL_MAX_DN_LEN + 1 + 1 ];
1333 bsi->bsi_status = LDAP_SUCCESS;
1335 Debug( LDAP_DEBUG_TRACE, "==>backsql_oc_get_candidates(): oc=\"%s\"\n",
1336 BACKSQL_OC_NAME( oc ), 0, 0 );
1338 if ( bsi->bsi_n_candidates == -1 ) {
1339 Debug( LDAP_DEBUG_TRACE, "backsql_oc_get_candidates(): "
1340 "unchecked limit has been overcome\n", 0, 0, 0 );
1341 /* should never get here */
1343 bsi->bsi_status = LDAP_ADMINLIMIT_EXCEEDED;
1344 return BACKSQL_AVL_STOP;
1348 res = backsql_srch_query( bsi, &query );
1350 Debug( LDAP_DEBUG_TRACE, "backsql_oc_get_candidates(): "
1351 "error while constructing query for objectclass \"%s\"\n",
1352 oc->bom_oc->soc_cname.bv_val, 0, 0 );
1354 * FIXME: need to separate errors from legally
1355 * impossible filters
1357 switch ( bsi->bsi_status ) {
1359 case LDAP_UNDEFINED_TYPE:
1360 case LDAP_NO_SUCH_OBJECT:
1361 /* we are conservative... */
1363 bsi->bsi_status = LDAP_SUCCESS;
1365 return BACKSQL_AVL_CONTINUE;
1367 case LDAP_ADMINLIMIT_EXCEEDED:
1369 /* don't try any more */
1370 return BACKSQL_AVL_STOP;
1374 if ( BER_BVISNULL( &query ) ) {
1375 Debug( LDAP_DEBUG_TRACE, "backsql_oc_get_candidates(): "
1376 "could not construct query for objectclass \"%s\"\n",
1377 oc->bom_oc->soc_cname.bv_val, 0, 0 );
1378 bsi->bsi_status = LDAP_SUCCESS;
1379 return BACKSQL_AVL_CONTINUE;
1382 Debug( LDAP_DEBUG_TRACE, "Constructed query: %s\n",
1383 query.bv_val, 0, 0 );
1385 rc = backsql_Prepare( bsi->bsi_dbh, &sth, query.bv_val, 0 );
1386 free( query.bv_val );
1387 BER_BVZERO( &query );
1388 if ( rc != SQL_SUCCESS ) {
1389 Debug( LDAP_DEBUG_TRACE, "backsql_oc_get_candidates(): "
1390 "error preparing query\n", 0, 0, 0 );
1391 backsql_PrintErrors( bi->sql_db_env, bsi->bsi_dbh, sth, rc );
1392 bsi->bsi_status = LDAP_OTHER;
1393 return BACKSQL_AVL_CONTINUE;
1396 Debug( LDAP_DEBUG_TRACE, "id: '%ld'\n", bsi->bsi_oc->bom_id, 0, 0 );
1398 rc = backsql_BindParamInt( sth, 1, SQL_PARAM_INPUT,
1399 &bsi->bsi_oc->bom_id );
1400 if ( rc != SQL_SUCCESS ) {
1401 Debug( LDAP_DEBUG_TRACE, "backsql_oc_get_candidates(): "
1402 "error binding objectclass id parameter\n", 0, 0, 0 );
1403 bsi->bsi_status = LDAP_OTHER;
1404 return BACKSQL_AVL_CONTINUE;
1407 switch ( bsi->bsi_scope ) {
1408 case LDAP_SCOPE_BASE:
1409 case BACKSQL_SCOPE_BASE_LIKE:
1411 * We do not accept DNs longer than BACKSQL_MAX_DN_LEN;
1412 * however this should be handled earlier
1414 if ( bsi->bsi_base_ndn->bv_len > BACKSQL_MAX_DN_LEN ) {
1415 bsi->bsi_status = LDAP_OTHER;
1416 return BACKSQL_AVL_CONTINUE;
1419 AC_MEMCPY( tmp_base_ndn, bsi->bsi_base_ndn->bv_val,
1420 bsi->bsi_base_ndn->bv_len + 1 );
1422 /* uppercase DN only if the stored DN can be uppercased
1424 if ( BACKSQL_CANUPPERCASE( bi ) ) {
1425 ldap_pvt_str2upper( tmp_base_ndn );
1428 Debug( LDAP_DEBUG_TRACE, "(base)dn: \"%s\"\n",
1429 tmp_base_ndn, 0, 0 );
1431 rc = backsql_BindParamStr( sth, 2, SQL_PARAM_INPUT,
1432 tmp_base_ndn, BACKSQL_MAX_DN_LEN );
1433 if ( rc != SQL_SUCCESS ) {
1434 Debug( LDAP_DEBUG_TRACE, "backsql_oc_get_candidates(): "
1435 "error binding base_ndn parameter\n", 0, 0, 0 );
1436 backsql_PrintErrors( bi->sql_db_env, bsi->bsi_dbh,
1438 bsi->bsi_status = LDAP_OTHER;
1439 return BACKSQL_AVL_CONTINUE;
1443 #ifdef LDAP_SCOPE_SUBORDINATE
1444 case LDAP_SCOPE_SUBORDINATE:
1445 #endif /* LDAP_SCOPE_SUBORDINATE */
1446 case LDAP_SCOPE_SUBTREE:
1448 /* if short-cutting the search base,
1449 * don't bind any parameter */
1450 if ( bsi->bsi_use_subtree_shortcut ) {
1455 * We do not accept DNs longer than BACKSQL_MAX_DN_LEN;
1456 * however this should be handled earlier
1458 if ( bsi->bsi_base_ndn->bv_len > BACKSQL_MAX_DN_LEN ) {
1459 bsi->bsi_status = LDAP_OTHER;
1460 return BACKSQL_AVL_CONTINUE;
1464 * Sets the parameters for the SQL built earlier
1465 * NOTE that all the databases could actually use
1466 * the TimesTen version, which would be cleaner
1467 * and would also eliminate the need for the
1468 * subtree_cond line in the configuration file.
1469 * For now, I'm leaving it the way it is,
1470 * so non-TimesTen databases use the original code.
1471 * But at some point this should get cleaned up.
1473 * If "dn" is being used, do a suffix search.
1474 * If "dn_ru" is being used, do a prefix search.
1476 if ( BACKSQL_HAS_LDAPINFO_DN_RU( bi ) ) {
1477 tmp_base_ndn[ 0 ] = '\0';
1479 for ( i = 0, j = bsi->bsi_base_ndn->bv_len - 1;
1481 tmp_base_ndn[ i ] = bsi->bsi_base_ndn->bv_val[ j ];
1484 #ifdef LDAP_SCOPE_SUBORDINATE
1485 if ( bsi->bsi_scope == LDAP_SCOPE_SUBORDINATE ) {
1486 tmp_base_ndn[ i++ ] = ',';
1488 #endif /* LDAP_SCOPE_SUBORDINATE */
1490 tmp_base_ndn[ i ] = '%';
1491 tmp_base_ndn[ i + 1 ] = '\0';
1496 tmp_base_ndn[ i++ ] = '%';
1498 #ifdef LDAP_SCOPE_SUBORDINATE
1499 if ( bsi->bsi_scope == LDAP_SCOPE_SUBORDINATE ) {
1500 tmp_base_ndn[ i++ ] = ',';
1502 #endif /* LDAP_SCOPE_SUBORDINATE */
1504 AC_MEMCPY( &tmp_base_ndn[ i ], bsi->bsi_base_ndn->bv_val,
1505 bsi->bsi_base_ndn->bv_len + 1 );
1508 /* uppercase DN only if the stored DN can be uppercased
1510 if ( BACKSQL_CANUPPERCASE( bi ) ) {
1511 ldap_pvt_str2upper( tmp_base_ndn );
1514 #ifdef LDAP_SCOPE_SUBORDINATE
1515 if ( bsi->bsi_scope == LDAP_SCOPE_SUBORDINATE ) {
1516 Debug( LDAP_DEBUG_TRACE, "(children)dn: \"%s\"\n",
1517 tmp_base_ndn, 0, 0 );
1519 #endif /* LDAP_SCOPE_SUBORDINATE */
1521 Debug( LDAP_DEBUG_TRACE, "(sub)dn: \"%s\"\n",
1522 tmp_base_ndn, 0, 0 );
1525 rc = backsql_BindParamStr( sth, 2, SQL_PARAM_INPUT,
1526 tmp_base_ndn, BACKSQL_MAX_DN_LEN );
1527 if ( rc != SQL_SUCCESS ) {
1528 Debug( LDAP_DEBUG_TRACE, "backsql_oc_get_candidates(): "
1529 "error binding base_ndn parameter (2)\n",
1531 backsql_PrintErrors( bi->sql_db_env, bsi->bsi_dbh,
1533 bsi->bsi_status = LDAP_OTHER;
1534 return BACKSQL_AVL_CONTINUE;
1539 case LDAP_SCOPE_ONELEVEL:
1540 assert( !BER_BVISNULL( &bsi->bsi_base_id.eid_ndn ) );
1542 #ifdef BACKSQL_ARBITRARY_KEY
1543 Debug( LDAP_DEBUG_TRACE, "(one)id: \"%s\"\n",
1544 bsi->bsi_base_id.eid_id.bv_val, 0, 0 );
1545 #else /* ! BACKSQL_ARBITRARY_KEY */
1546 Debug( LDAP_DEBUG_TRACE, "(one)id: '%lu'\n",
1547 bsi->bsi_base_id.eid_id, 0, 0 );
1548 #endif /* ! BACKSQL_ARBITRARY_KEY */
1549 rc = backsql_BindParamID( sth, 2, SQL_PARAM_INPUT,
1550 &bsi->bsi_base_id.eid_id );
1551 if ( rc != SQL_SUCCESS ) {
1552 Debug( LDAP_DEBUG_TRACE, "backsql_oc_get_candidates(): "
1553 "error binding base id parameter\n", 0, 0, 0 );
1554 bsi->bsi_status = LDAP_OTHER;
1555 return BACKSQL_AVL_CONTINUE;
1560 rc = SQLExecute( sth );
1561 if ( !BACKSQL_SUCCESS( rc ) ) {
1562 Debug( LDAP_DEBUG_TRACE, "backsql_oc_get_candidates(): "
1563 "error executing query\n", 0, 0, 0 );
1564 backsql_PrintErrors( bi->sql_db_env, bsi->bsi_dbh, sth, rc );
1565 SQLFreeStmt( sth, SQL_DROP );
1566 bsi->bsi_status = LDAP_OTHER;
1567 return BACKSQL_AVL_CONTINUE;
1570 backsql_BindRowAsStrings( sth, &row );
1571 rc = SQLFetch( sth );
1572 for ( ; BACKSQL_SUCCESS( rc ); rc = SQLFetch( sth ) ) {
1573 struct berval dn, pdn, ndn;
1574 backsql_entryID *c_id = NULL;
1577 ber_str2bv( row.cols[ 3 ], 0, 0, &dn );
1579 if ( backsql_api_odbc2dn( bsi->bsi_op, bsi->bsi_rs, &dn ) ) {
1583 ret = dnPrettyNormal( NULL, &dn, &pdn, &ndn, NULL );
1584 if ( dn.bv_val != row.cols[ 3 ] ) {
1588 if ( ret != LDAP_SUCCESS ) {
1592 if ( bi->sql_baseObject && dn_match( &ndn, &bi->sql_baseObject->e_nname ) ) {
1598 c_id = (backsql_entryID *)ch_calloc( 1,
1599 sizeof( backsql_entryID ) );
1600 #ifdef BACKSQL_ARBITRARY_KEY
1601 ber_str2bv( row.cols[ 0 ], 0, 1, &c_id->eid_id );
1602 ber_str2bv( row.cols[ 1 ], 0, 1, &c_id->eid_keyval );
1603 #else /* ! BACKSQL_ARBITRARY_KEY */
1604 c_id->eid_id = strtol( row.cols[ 0 ], NULL, 0 );
1605 c_id->eid_keyval = strtol( row.cols[ 1 ], NULL, 0 );
1606 #endif /* ! BACKSQL_ARBITRARY_KEY */
1607 c_id->eid_oc_id = bsi->bsi_oc->bom_id;
1610 c_id->eid_ndn = ndn;
1612 /* append at end of list ... */
1613 c_id->eid_next = NULL;
1614 *bsi->bsi_id_listtail = c_id;
1615 bsi->bsi_id_listtail = &c_id->eid_next;
1617 #ifdef BACKSQL_ARBITRARY_KEY
1618 Debug( LDAP_DEBUG_TRACE, "backsql_oc_get_candidates(): "
1619 "added entry id=%s, keyval=%s dn=\"%s\"\n",
1620 c_id->eid_id.bv_val, c_id->eid_keyval.bv_val,
1622 #else /* ! BACKSQL_ARBITRARY_KEY */
1623 Debug( LDAP_DEBUG_TRACE, "backsql_oc_get_candidates(): "
1624 "added entry id=%ld, keyval=%ld dn=\"%s\"\n",
1625 c_id->eid_id, c_id->eid_keyval, row.cols[ 3 ] );
1626 #endif /* ! BACKSQL_ARBITRARY_KEY */
1628 /* count candidates, for unchecked limit */
1629 bsi->bsi_n_candidates--;
1630 if ( bsi->bsi_n_candidates == -1 ) {
1634 backsql_FreeRow( &row );
1635 SQLFreeStmt( sth, SQL_DROP );
1637 Debug( LDAP_DEBUG_TRACE, "<==backsql_oc_get_candidates(): %d\n",
1638 n_candidates - bsi->bsi_n_candidates, 0, 0 );
1640 return ( bsi->bsi_n_candidates == -1 ? BACKSQL_AVL_STOP : BACKSQL_AVL_CONTINUE );
1644 backsql_search( Operation *op, SlapReply *rs )
1646 backsql_info *bi = (backsql_info *)op->o_bd->be_private;
1647 SQLHDBC dbh = SQL_NULL_HDBC;
1649 Entry user_entry = { 0 };
1651 time_t stoptime = 0;
1652 backsql_srch_info bsi;
1653 backsql_entryID *eid = NULL;
1654 struct berval nbase = BER_BVNULL,
1655 realndn = BER_BVNULL;
1657 manageDSAit = get_manageDSAit( op );
1659 Debug( LDAP_DEBUG_TRACE, "==>backsql_search(): "
1660 "base=\"%s\", filter=\"%s\", scope=%d,",
1661 op->o_req_ndn.bv_val,
1662 op->ors_filterstr.bv_val ? op->ors_filterstr.bv_val : "(no filter)",
1664 Debug( LDAP_DEBUG_TRACE, " deref=%d, attrsonly=%d, "
1665 "attributes to load: %s\n",
1668 op->ors_attrs == NULL ? "all" : "custom list" );
1670 if ( op->o_req_ndn.bv_len > BACKSQL_MAX_DN_LEN ) {
1671 Debug( LDAP_DEBUG_TRACE, "backsql_search(): "
1672 "search base length (%ld) exceeds max length (%d)\n",
1673 op->o_req_ndn.bv_len, BACKSQL_MAX_DN_LEN, 0 );
1675 * FIXME: a LDAP_NO_SUCH_OBJECT could be appropriate
1676 * since it is impossible that such a long DN exists
1679 rs->sr_err = LDAP_ADMINLIMIT_EXCEEDED;
1680 send_ldap_result( op, rs );
1684 sres = backsql_get_db_conn( op, &dbh );
1685 if ( sres != LDAP_SUCCESS ) {
1686 Debug( LDAP_DEBUG_TRACE, "backsql_search(): "
1687 "could not get connection handle - exiting\n",
1690 rs->sr_text = sres == LDAP_OTHER ? "SQL-backend error" : NULL;
1691 send_ldap_result( op, rs );
1695 /* compute it anyway; root does not use it */
1696 stoptime = op->o_time + op->ors_tlimit;
1698 realndn = op->o_req_ndn;
1699 if ( backsql_api_dn2odbc( op, rs, &realndn ) ) {
1700 Debug( LDAP_DEBUG_TRACE, " backsql_search(\"%s\"): "
1701 "backsql_api_dn2odbc(\"%s\") failed\n",
1702 op->o_req_ndn.bv_val, realndn.bv_val, 0 );
1703 rs->sr_err = LDAP_OTHER;
1704 rs->sr_text = "SQL-backend error";
1705 send_ldap_result( op, rs );
1710 rs->sr_err = backsql_init_search( &bsi, &realndn,
1712 op->ors_slimit, op->ors_tlimit,
1713 stoptime, op->ors_filter,
1714 dbh, op, rs, op->ors_attrs,
1715 BACKSQL_ISF_GET_ID );
1716 if ( rs->sr_err != LDAP_SUCCESS ) {
1717 send_ldap_result( op, rs );
1723 e.e_name = bsi.bsi_base_id.eid_dn;
1724 e.e_nname = bsi.bsi_base_id.eid_ndn;
1725 /* FIXME: need the whole entry (ITS#3480) */
1726 if ( ! access_allowed( op, &e, slap_schema.si_ad_entry,
1727 NULL, ACL_DISCLOSE, NULL ) )
1729 rs->sr_err = LDAP_NO_SUCH_OBJECT;
1730 send_ldap_result( op, rs );
1735 bsi.bsi_n_candidates =
1736 ( op->ors_limit == NULL /* isroot == TRUE */ ? -2 :
1737 ( op->ors_limit->lms_s_unchecked == -1 ? -2 :
1738 ( op->ors_limit->lms_s_unchecked ) ) );
1740 switch ( bsi.bsi_scope ) {
1741 case LDAP_SCOPE_BASE:
1742 case BACKSQL_SCOPE_BASE_LIKE:
1744 * probably already found...
1746 bsi.bsi_id_list = &bsi.bsi_base_id;
1747 bsi.bsi_id_listtail = &bsi.bsi_base_id.eid_next;
1750 case LDAP_SCOPE_SUBTREE:
1752 * if baseObject is defined, and if it is the root
1753 * of the search, add it to the candidate list
1755 if ( bi->sql_baseObject && BACKSQL_IS_BASEOBJECT_ID( &bsi.bsi_base_id.eid_id ) )
1757 bsi.bsi_id_list = &bsi.bsi_base_id;
1758 bsi.bsi_id_listtail = &bsi.bsi_base_id.eid_next;
1765 * for each objectclass we try to construct query which gets IDs
1766 * of entries matching LDAP query filter and scope (or at least
1767 * candidates), and get the IDs
1769 avl_apply( bi->sql_oc_by_oc, backsql_oc_get_candidates,
1770 &bsi, BACKSQL_AVL_STOP, AVL_INORDER );
1773 if ( op->ors_limit != NULL /* isroot == FALSE */
1774 && op->ors_limit->lms_s_unchecked != -1
1775 && bsi.bsi_n_candidates == -1 )
1777 rs->sr_err = LDAP_ADMINLIMIT_EXCEEDED;
1778 send_ldap_result( op, rs );
1783 * now we load candidate entries (only those attributes
1784 * mentioned in attrs and filter), test it against full filter
1785 * and then send to client; don't free entry_id if baseObject...
1787 for ( eid = bsi.bsi_id_list;
1789 eid = backsql_free_entryID( eid, eid == &bsi.bsi_base_id ? 0 : 1 ) )
1792 Attribute *a_hasSubordinate = NULL,
1793 *a_entryUUID = NULL,
1798 /* check for abandon */
1799 if ( op->o_abandon ) {
1803 /* check time limit */
1804 if ( op->ors_tlimit != SLAP_NO_LIMIT
1805 && slap_get_time() > stoptime )
1807 rs->sr_err = LDAP_TIMELIMIT_EXCEEDED;
1808 rs->sr_ctrls = NULL;
1809 rs->sr_ref = rs->sr_v2ref;
1810 rs->sr_err = (rs->sr_v2ref == NULL) ? LDAP_SUCCESS
1812 send_ldap_result( op, rs );
1816 #ifdef BACKSQL_ARBITRARY_KEY
1817 Debug(LDAP_DEBUG_TRACE, "backsql_search(): loading data "
1818 "for entry id=%s, oc_id=%ld, keyval=%s\n",
1819 eid->eid_id.bv_val, eid->eid_oc_id,
1820 eid->eid_keyval.bv_val );
1821 #else /* ! BACKSQL_ARBITRARY_KEY */
1822 Debug(LDAP_DEBUG_TRACE, "backsql_search(): loading data "
1823 "for entry id=%ld, oc_id=%ld, keyval=%ld\n",
1824 eid->eid_id, eid->eid_oc_id, eid->eid_keyval );
1825 #endif /* ! BACKSQL_ARBITRARY_KEY */
1828 switch ( op->ors_scope ) {
1829 case LDAP_SCOPE_BASE:
1830 case BACKSQL_SCOPE_BASE_LIKE:
1831 if ( !dn_match( &eid->eid_ndn, &op->o_req_ndn ) ) {
1836 case LDAP_SCOPE_ONE:
1838 struct berval rdn = eid->eid_ndn;
1840 rdn.bv_len -= op->o_req_ndn.bv_len + STRLENOF( "," );
1841 if ( !dnIsOneLevelRDN( &rdn ) ) {
1847 #ifdef LDAP_SCOPE_SUBORDINATE
1848 case LDAP_SCOPE_SUBORDINATE:
1849 /* discard the baseObject entry */
1850 if ( dn_match( &eid->eid_ndn, &op->o_req_ndn ) ) {
1854 #endif /* LDAP_SCOPE_SUBORDINATE */
1856 case LDAP_SCOPE_SUBTREE:
1857 /* FIXME: this should never fail... */
1858 if ( !dnIsSuffix( &eid->eid_ndn, &op->o_req_ndn ) ) {
1864 /* don't recollect baseObject ... */
1865 if ( BACKSQL_IS_BASEOBJECT_ID( &eid->eid_id ) ) {
1866 e = bi->sql_baseObject;
1869 bsi.bsi_e = &user_entry;
1870 rc = backsql_id2entry( &bsi, eid );
1871 if ( rc != LDAP_SUCCESS ) {
1872 Debug( LDAP_DEBUG_TRACE, "backsql_search(): "
1873 "error %d in backsql_id2entry() "
1874 "- skipping\n", rc, 0, 0 );
1881 if ( !manageDSAit &&
1882 op->ors_scope != LDAP_SCOPE_BASE &&
1883 op->ors_scope != BACKSQL_SCOPE_BASE_LIKE &&
1884 is_entry_referral( e ) )
1888 refs = get_entry_referrals( op, e );
1890 backsql_srch_info bsi2 = { 0 };
1891 Entry user_entry2 = { 0 };
1893 /* retry with the full entry... */
1894 (void)backsql_init_search( &bsi2,
1897 SLAP_NO_LIMIT, SLAP_NO_LIMIT,
1899 dbh, op, rs, NULL, 0 );
1900 bsi2.bsi_e = &user_entry2;
1901 rc = backsql_id2entry( &bsi2, eid );
1902 if ( rc == LDAP_SUCCESS ) {
1903 if ( is_entry_referral( &user_entry2 ) )
1905 refs = get_entry_referrals( op,
1907 } /* else: FIXME: inconsistency! */
1908 entry_clean( &user_entry2 );
1913 rs->sr_ref = referral_rewrite( refs,
1917 ber_bvarray_free( refs );
1920 if ( !rs->sr_ref ) {
1921 rs->sr_text = "bad referral object";
1925 rs->sr_err = LDAP_REFERRAL;
1926 rs->sr_matched = user_entry.e_name.bv_val;
1927 send_search_reference( op, rs );
1929 ber_bvarray_free( rs->sr_ref );
1931 rs->sr_matched = NULL;
1932 rs->sr_entry = NULL;
1938 * We use this flag since we need to parse the filter
1939 * anyway; we should have used the frontend API function
1940 * filter_has_subordinates()
1942 if ( bsi.bsi_flags & BSQL_SF_FILTER_HASSUBORDINATE ) {
1943 rc = backsql_has_children( bi, dbh, &e->e_nname );
1946 case LDAP_COMPARE_TRUE:
1947 case LDAP_COMPARE_FALSE:
1948 a_hasSubordinate = slap_operational_hasSubordinate( rc == LDAP_COMPARE_TRUE );
1949 if ( a_hasSubordinate != NULL ) {
1950 for ( ap = &user_entry.e_attrs;
1952 ap = &(*ap)->a_next );
1954 *ap = a_hasSubordinate;
1960 Debug(LDAP_DEBUG_TRACE,
1961 "backsql_search(): "
1962 "has_children failed( %d)\n",
1969 if ( bsi.bsi_flags & BSQL_SF_FILTER_ENTRYUUID ) {
1970 a_entryUUID = backsql_operational_entryUUID( bi, eid );
1971 if ( a_entryUUID != NULL ) {
1973 ap = &user_entry.e_attrs;
1976 for ( ; *ap; ap = &(*ap)->a_next );
1982 #ifdef BACKSQL_SYNCPROV
1983 if ( bsi.bsi_flags & BSQL_SF_FILTER_ENTRYCSN ) {
1984 a_entryCSN = backsql_operational_entryCSN( op );
1985 if ( a_entryCSN != NULL ) {
1987 ap = &user_entry.e_attrs;
1990 for ( ; *ap; ap = &(*ap)->a_next );
1995 #endif /* BACKSQL_SYNCPROV */
1997 if ( test_filter( op, e, op->ors_filter ) == LDAP_COMPARE_TRUE )
1999 rs->sr_attrs = op->ors_attrs;
2000 rs->sr_operational_attrs = NULL;
2002 if ( e == &user_entry ) {
2003 rs->sr_flags = REP_ENTRY_MODIFIABLE;
2005 /* FIXME: need the whole entry (ITS#3480) */
2006 sres = send_search_entry( op, rs );
2007 rs->sr_entry = NULL;
2008 rs->sr_attrs = NULL;
2009 rs->sr_operational_attrs = NULL;
2017 * FIXME: send_search_entry failed;
2021 Debug( LDAP_DEBUG_TRACE, "backsql_search(): "
2022 "connection lost\n", 0, 0, 0 );
2028 entry_clean( &user_entry );
2031 if ( op->ors_slimit != SLAP_NO_LIMIT
2032 && rs->sr_nentries >= op->ors_slimit )
2034 rs->sr_err = LDAP_SIZELIMIT_EXCEEDED;
2035 send_ldap_result( op, rs );
2041 /* in case we got here accidentally */
2042 entry_clean( &user_entry );
2044 if ( rs->sr_nentries > 0 ) {
2045 rs->sr_ref = rs->sr_v2ref;
2046 rs->sr_err = (rs->sr_v2ref == NULL) ? LDAP_SUCCESS
2050 rs->sr_err = bsi.bsi_status;
2052 send_ldap_result( op, rs );
2054 if ( rs->sr_v2ref ) {
2055 ber_bvarray_free( rs->sr_v2ref );
2056 rs->sr_v2ref = NULL;
2059 #ifdef BACKSQL_SYNCPROV
2061 Operation op2 = *op;
2062 SlapReply rs2 = { 0 };
2064 slap_callback cb = { 0 };
2066 op2.o_tag = LDAP_REQ_ADD;
2067 op2.o_bd = select_backend( &op->o_bd->be_nsuffix[0], 0, 0 );
2069 op2.o_callback = &cb;
2071 e.e_name = op->o_bd->be_suffix[0];
2072 e.e_nname = op->o_bd->be_nsuffix[0];
2074 cb.sc_response = slap_null_cb;
2076 op2.o_bd->be_add( &op2, &rs2 );
2078 #endif /* BACKSQL_SYNCPROV */
2081 if ( !BER_BVISNULL( &realndn ) && realndn.bv_val != op->o_req_ndn.bv_val ) {
2082 ch_free( realndn.bv_val );
2085 if ( !BER_BVISNULL( &bsi.bsi_base_id.eid_ndn ) ) {
2086 (void)backsql_free_entryID( &bsi.bsi_base_id, 0 );
2089 if ( bsi.bsi_attrs ) {
2090 ch_free( bsi.bsi_attrs );
2093 if ( !BER_BVISNULL( &nbase )
2094 && nbase.bv_val != op->o_req_ndn.bv_val )
2096 ch_free( nbase.bv_val );
2099 /* restore scope ... FIXME: this should be done before ANY
2100 * frontend call that uses op */
2101 if ( op->ors_scope == BACKSQL_SCOPE_BASE_LIKE ) {
2102 op->ors_scope = LDAP_SCOPE_BASE;
2105 Debug( LDAP_DEBUG_TRACE, "<==backsql_search()\n", 0, 0, 0 );
2109 /* return LDAP_SUCCESS IFF we can retrieve the specified entry.
2116 AttributeDescription *at,
2120 backsql_srch_info bsi;
2121 SQLHDBC dbh = SQL_NULL_HDBC;
2123 SlapReply rs = { 0 };
2124 AttributeName anlist[ 2 ];
2126 rc = backsql_get_db_conn( op, &dbh );
2132 anlist[ 0 ].an_name = at->ad_cname;
2133 anlist[ 0 ].an_desc = at;
2134 BER_BVZERO( &anlist[ 1 ].an_name );
2137 rc = backsql_init_search( &bsi,
2140 SLAP_NO_LIMIT, SLAP_NO_LIMIT,
2142 dbh, op, &rs, at ? anlist : NULL,
2143 BACKSQL_ISF_GET_ID );
2144 if ( rc != LDAP_SUCCESS ) {
2148 bsi.bsi_e = ch_malloc( sizeof( Entry ) );
2149 rc = backsql_id2entry( &bsi, &bsi.bsi_base_id );
2151 if ( !BER_BVISNULL( &bsi.bsi_base_id.eid_ndn ) ) {
2152 (void)backsql_free_entryID( &bsi.bsi_base_id, 0 );
2155 if ( rc == LDAP_SUCCESS ) {
2157 #if 0 /* not supported at present */
2158 /* find attribute values */
2159 if ( is_entry_alias( bsi.bsi_e ) ) {
2160 Debug( LDAP_DEBUG_ACL,
2161 "<= backsql_entry_get: entry is an alias\n",
2163 rc = LDAP_ALIAS_PROBLEM;
2164 goto return_results;
2168 if ( is_entry_referral( bsi.bsi_e ) ) {
2169 Debug( LDAP_DEBUG_ACL,
2170 "<= backsql_entry_get: entry is a referral\n",
2173 goto return_results;
2176 if ( oc && !is_entry_objectclass( bsi.bsi_e, oc, 0 ) ) {
2177 Debug( LDAP_DEBUG_ACL,
2178 "<= backsql_entry_get: "
2179 "failed to find objectClass\n",
2181 rc = LDAP_NO_SUCH_ATTRIBUTE;
2182 goto return_results;
2189 if ( rc != LDAP_SUCCESS ) {
2191 entry_free( bsi.bsi_e );
projects / openldap / blob