More unifdef SLAPD_MULTIMASTER cleanup

[openldap] / servers / slapd / back-ldbm / search.c

diff --git a/servers/slapd/back-ldbm/search.c b/servers/slapd/back-ldbm/search.c
index 2ff93defff4c4ee198f16c4a069591fc9ba3bf8f..0f949ca5b00aa35d7d33dc4634259ad9a910ebd1 100644 (file)
--- a/servers/slapd/back-ldbm/search.c
+++ b/servers/slapd/back-ldbm/search.c
@@ -2,7 +2,7 @@
 /* $OpenLDAP$ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2006 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -39,21 +39,19 @@ ldbm_back_search(
     SlapReply  *rs )
 {
        struct ldbminfo *li = (struct ldbminfo *) op->o_bd->be_private;
-       int             rc, err;
-       const char *text = NULL;
+       int             rc;
        time_t          stoptime;
        ID_BLOCK                *candidates;
        ID              id, cursor;
        Entry           *e;
        Entry   *matched = NULL;
-       struct berval   realbase = { 0, NULL };
+       struct berval   realbase = BER_BVNULL;
        int             manageDSAit = get_manageDSAit( op );
+#ifdef SLAP_ACL_HONOR_DISCLOSE
+       slap_mask_t     mask;
+#endif
 
-#ifdef NEW_LOGGING
-       LDAP_LOG( BACK_LDBM, ENTRY, "ldbm_back_search: enter\n", 0, 0, 0 );
-#else
        Debug(LDAP_DEBUG_TRACE, "=> ldbm_back_search\n", 0, 0, 0);
-#endif
 
        /* grab giant lock for reading */
        ldap_pvt_thread_rdwr_rlock(&li->li_giant_rwlock);
@@ -86,19 +84,31 @@ ldbm_back_search(
        }
 
        if ( e == NULL ) {
-               struct berval matched_dn = { 0, NULL };
+               struct berval matched_dn = BER_BVNULL;
 
                if ( matched != NULL ) {
-                       BerVarray erefs;
-                       ber_dupbv( &matched_dn, &matched->e_name );
+                       BerVarray erefs = NULL;
+
+#ifdef SLAP_ACL_HONOR_DISCLOSE
+                       if ( ! access_allowed( op, matched,
+                                               slap_schema.si_ad_entry,
+                                               NULL, ACL_DISCLOSE, NULL ) )
+                       {
+                               rs->sr_err = LDAP_NO_SUCH_OBJECT;
 
-                       erefs = is_entry_referral( matched )
-                               ? get_entry_referrals( op, matched )
-                               : NULL;
+                       } else
+#endif /* SLAP_ACL_HONOR_DISCLOSE */
+                       {
+                               ber_dupbv( &matched_dn, &matched->e_name );
+
+                               erefs = is_entry_referral( matched )
+                                       ? get_entry_referrals( op, matched )
+                                       : NULL;
+                       }
 
                        cache_return_entry_r( &li->li_cache, matched );
 
-                       if( erefs ) {
+                       if ( erefs ) {
                                rs->sr_ref = referral_rewrite( erefs, &matched_dn,
                                        &op->o_req_dn, op->ors_scope );
 
@@ -119,53 +129,67 @@ ldbm_back_search(
                ber_memfree( matched_dn.bv_val );
                rs->sr_ref = NULL;
                rs->sr_matched = NULL;
-               return LDAP_REFERRAL;
+               return rs->sr_err;
+       }
+
+#ifdef SLAP_ACL_HONOR_DISCLOSE
+       /* NOTE: __NEW__ "search" access is required
+        * on searchBase object */
+       if ( ! access_allowed_mask( op, e, slap_schema.si_ad_entry,
+                               NULL, ACL_SEARCH, NULL, &mask ) )
+       {
+               if ( !ACL_GRANT( mask, ACL_DISCLOSE ) ) {
+                       rs->sr_err = LDAP_NO_SUCH_OBJECT;
+               } else {
+                       rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
+               }
+
+               cache_return_entry_r( &li->li_cache, e );
+               ldap_pvt_thread_rdwr_runlock(&li->li_giant_rwlock);
+
+               send_ldap_result( op, rs );
+               return rs->sr_err;
        }
+#endif /* SLAP_ACL_HONOR_DISCLOSE */
 
-       if (!manageDSAit && is_entry_referral( e ) ) {
+       if ( !manageDSAit && is_entry_referral( e ) ) {
                /* entry is a referral, don't allow add */
-               struct berval matched_dn;
-               BerVarray erefs;
+               struct berval   matched_dn = BER_BVNULL;
+               BerVarray       erefs = NULL;
+
+               rs->sr_ref = NULL;
+               rs->sr_err = LDAP_OTHER;
+               rs->sr_text = "bad referral object";
 
                ber_dupbv( &matched_dn, &e->e_name );
                erefs = get_entry_referrals( op, e );
-               rs->sr_ref = NULL;
 
                cache_return_entry_r( &li->li_cache, e );
                ldap_pvt_thread_rdwr_runlock(&li->li_giant_rwlock);
 
-#ifdef NEW_LOGGING
-               LDAP_LOG( BACK_LDBM, INFO,
-                       "ldbm_search: entry (%s) is a referral.\n",
-                       e->e_dn, 0, 0 );
-#else
                Debug( LDAP_DEBUG_TRACE,
                        "ldbm_search: entry is referral\n",
                        0, 0, 0 );
-#endif
 
-               if( erefs ) {
+               if ( erefs ) {
                        rs->sr_ref = referral_rewrite( erefs, &matched_dn,
                                &op->o_req_dn, op->ors_scope );
 
                        ber_bvarray_free( erefs );
+                       
+                       if ( rs->sr_ref ) {
+                               rs->sr_err = LDAP_REFERRAL;
+                               rs->sr_text = NULL;
+                       }
                }
 
                rs->sr_matched = matched_dn.bv_val;
-               if( rs->sr_ref ) {
-                       rs->sr_err = LDAP_REFERRAL;
-                       send_ldap_result( op, rs );
-                       ber_bvarray_free( rs->sr_ref );
-
-               } else {
-                       send_ldap_error( op, rs, LDAP_OTHER,
-                       "bad referral object" );
-               }
-
+               send_ldap_result( op, rs );
+               ber_bvarray_free( rs->sr_ref );
                ber_memfree( matched_dn.bv_val );
                rs->sr_ref = NULL;
                rs->sr_matched = NULL;
-               return LDAP_OTHER;
+               return rs->sr_err;
        }
 
        if ( is_entry_alias( e ) ) {
@@ -189,13 +213,8 @@ ldbm_back_search(
 searchit:
        if ( candidates == NULL ) {
                /* no candidates */
-#ifdef NEW_LOGGING
-               LDAP_LOG( BACK_LDBM, INFO,
-                       "ldbm_search: no candidates\n" , 0, 0, 0);
-#else
                Debug( LDAP_DEBUG_TRACE, "ldbm_search: no candidates\n",
                        0, 0, 0 );
-#endif
 
                rs->sr_err = LDAP_SUCCESS;
                send_ldap_result( op, rs );
@@ -205,7 +224,7 @@ searchit:
        }
 
        /* if candidates exceed to-be-checked entries, abort */
-       if ( op->ors_limit      /* isroot == TRUE */
+       if ( op->ors_limit      /* isroot == FALSE */
                        && op->ors_limit->lms_s_unchecked != -1
                        && ID_BLOCK_NIDS( candidates ) > (unsigned) op->ors_limit->lms_s_unchecked )
        {
@@ -226,12 +245,14 @@ searchit:
 
                /* check for abandon */
                if ( op->o_abandon ) {
-                       rc = LDAP_SUCCESS;
+                       rc = SLAPD_ABANDON;
                        goto done;
                }
 
                /* check time limit */
-               if ( op->ors_tlimit != -1 && slap_get_time() > stoptime ) {
+               if ( op->ors_tlimit != SLAP_NO_LIMIT
+                               && slap_get_time() > stoptime )
+               {
                        rs->sr_err = LDAP_TIMELIMIT_EXCEEDED;
                        send_ldap_result( op, rs );
                        rc = LDAP_SUCCESS;
@@ -242,21 +263,15 @@ searchit:
                e = id2entry_r( op->o_bd, id );
 
                if ( e == NULL ) {
-#ifdef NEW_LOGGING
-                       LDAP_LOG( BACK_LDBM, INFO,
-                               "ldbm_search: candidate %ld not found.\n", id, 0, 0 );
-#else
                        Debug( LDAP_DEBUG_TRACE,
                                "ldbm_search: candidate %ld not found\n",
                                id, 0, 0 );
-#endif
 
                        goto loop_continue;
                }
 
                rs->sr_entry = e;
 
-#ifdef LDBM_SUBENTRIES
                if ( is_entry_subentry( e ) ) {
                        if( op->ors_scope != LDAP_SCOPE_BASE ) {
                                if(!get_subentries_visibility( op )) {
@@ -273,7 +288,6 @@ searchit:
                        /* only subentries are visible */
                        goto loop_continue;
                }
-#endif
 
                if ( op->ors_deref & LDAP_DEREF_SEARCHING &&
                        is_entry_alias( e ) )
@@ -304,15 +318,9 @@ searchit:
 
                        } else if ( dnIsSuffix( &e->e_nname, &realbase ) ) {
                                /* alias is within scope */
-#ifdef NEW_LOGGING
-                               LDAP_LOG( BACK_LDBM, DETAIL1,
-                                       "ldbm_search: alias \"%s\" in subtree\n",
-                                       e->e_dn, 0, 0 );
-#else
                                Debug( LDAP_DEBUG_TRACE,
                                        "ldbm_search: alias \"%s\" in subtree\n",
                                        e->e_dn, 0, 0 );
-#endif
 
                                goto loop_continue;
                        }
@@ -347,11 +355,13 @@ searchit:
                        {
                                scopeok = dnIsSuffix( &e->e_nname, &realbase );
 
+#ifdef LDAP_SCOPE_SUBORDINATE
                        } else if ( !scopeok
                                && op->ors_scope == LDAP_SCOPE_SUBORDINATE )
                        {
                                scopeok = !dn_match( &e->e_nname, &realbase )
                                        && dnIsSuffix( &e->e_nname, &realbase );
+#endif
 
                        } else {
                                scopeok = 1;
@@ -365,21 +375,17 @@ searchit:
                                                ? LDAP_SCOPE_BASE
                                                : LDAP_SCOPE_SUBTREE );
 
+                               ber_bvarray_free( erefs );
+
                                send_search_reference( op, rs );
 
                                ber_bvarray_free( rs->sr_ref );
                                rs->sr_ref = NULL;
 
                        } else {
-#ifdef NEW_LOGGING
-                               LDAP_LOG( BACK_LDBM, DETAIL2,
-                                       "ldbm_search: candidate referral %ld scope not okay\n",
-                                       id, 0, 0 );
-#else
                                Debug( LDAP_DEBUG_TRACE,
                                        "ldbm_search: candidate referral %ld scope not okay\n",
                                        id, 0, 0 );
-#endif
                        }
 
                        goto loop_continue;
@@ -420,52 +426,35 @@ searchit:
                        }
 
                        if ( scopeok ) {
-                               /* check size limit */
-                               if ( --op->ors_slimit == -1 ) {
-                                       cache_return_entry_r( &li->li_cache, e );
-                                       rs->sr_err = LDAP_SIZELIMIT_EXCEEDED;
-                                       send_ldap_result( op, rs );
-                                       rc = LDAP_SUCCESS;
-                                       goto done;
-                               }
-
                                if (e) {
-                                       result = send_search_entry( op, rs );
-
-                                       switch (result) {
-                                       case 0:         /* entry sent ok */
-                                               break;
-                                       case 1:         /* entry not sent */
-                                               break;
-                                       case -1:        /* connection closed */
+                                       rs->sr_flags = 0;
+                                       rs->sr_err = send_search_entry( op, rs );
+
+                                       switch ( rs->sr_err ) {
+                                       case LDAP_UNAVAILABLE:  /* connection closed */
                                                cache_return_entry_r( &li->li_cache, e );
                                                rc = LDAP_SUCCESS;
                                                goto done;
+                                       case LDAP_SIZELIMIT_EXCEEDED:
+                                               cache_return_entry_r( &li->li_cache, e );
+                                               rc = rs->sr_err;
+                                               rs->sr_entry = NULL;
+                                               send_ldap_result( op, rs );
+                                               rc = LDAP_SUCCESS;
+                                               goto done;
                                        }
                                }
 
                        } else {
-#ifdef NEW_LOGGING
-                               LDAP_LOG( BACK_LDBM, DETAIL2,
-                                       "ldbm_search: candidate entry %ld scope not okay\n", 
-                                       id, 0, 0 );
-#else
                                Debug( LDAP_DEBUG_TRACE,
                                        "ldbm_search: candidate entry %ld scope not okay\n",
                                        id, 0, 0 );
-#endif
                        }
 
                } else {
-#ifdef NEW_LOGGING
-                       LDAP_LOG( BACK_LDBM, DETAIL2,
-                               "ldbm_search: candidate entry %ld does not match filter\n", 
-                               id, 0, 0 );
-#else
                        Debug( LDAP_DEBUG_TRACE,
                                "ldbm_search: candidate entry %ld does not match filter\n",
                                id, 0, 0 );
-#endif
                }
 
 loop_continue:
@@ -502,12 +491,8 @@ base_candidate(
 {
        ID_BLOCK                *idl;
 
-#ifdef NEW_LOGGING
-       LDAP_LOG( BACK_LDBM, ENTRY, "base_candidate: base (%s)\n", e->e_dn, 0, 0 );
-#else
        Debug(LDAP_DEBUG_TRACE, "base_candidates: base: \"%s\"\n",
                e->e_dn, 0, 0);
-#endif
 
 
        idl = idl_alloc( 1 );
@@ -530,20 +515,12 @@ search_candidates(
     AttributeAssertion aa_ref, aa_alias;
        struct berval bv_ref = { sizeof("referral")-1, "referral" };
        struct berval bv_alias = { sizeof("alias")-1, "alias" };
-#ifdef LDBM_SUBENTRIES
        Filter  sf;
        AttributeAssertion aa_subentry;
-#endif
 
-#ifdef NEW_LOGGING
-       LDAP_LOG( BACK_LDBM, DETAIL1,
-               "search_candidates: base (%s) scope %d deref %d\n",
-               e->e_ndn, scope, deref );
-#else
        Debug(LDAP_DEBUG_TRACE,
                "search_candidates: base=\"%s\" s=%d d=%d\n",
                e->e_ndn, scope, deref );
-#endif
 
 
        xf.f_or = filter;
@@ -579,7 +556,6 @@ search_candidates(
        fand.f_dn = &e->e_nname;
        fand.f_next = xf.f_or == filter ? filter : &xf ;
 
-#ifdef LDBM_SUBENTRIES
        if ( get_subentries_visibility( op )) {
                struct berval bv_subentry = { sizeof("SUBENTRY")-1, "SUBENTRY" };
                sf.f_choice = LDAP_FILTER_EQUALITY;
@@ -589,7 +565,6 @@ search_candidates(
                sf.f_next = fand.f_next;
                fand.f_next = &sf;
        }
-#endif
 
        candidates = filter_candidates( op, &f );
        return( candidates );