/* search.c - ldbm backend search function */
+/* $OpenLDAP$ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2006 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
#include "portable.h"
#include "back-ldbm.h"
#include "proto-back-ldbm.h"
-static IDList *base_candidates(Backend *be, Connection *conn, Operation *op, char *base, Filter *filter, char **attrs, int attrsonly, char **matched, int *err);
-static IDList *onelevel_candidates(Backend *be, Connection *conn, Operation *op, char *base, Filter *filter, char **attrs, int attrsonly, char **matched, int *err);
-static IDList *subtree_candidates(Backend *be, Connection *conn, Operation *op, char *base, Filter *filter, char **attrs, int attrsonly, char **matched, Entry *e, int *err, int lookupbase);
+static ID_BLOCK *base_candidate(
+ Backend *be, Entry *e );
-#define GRABSIZE BUFSIZ
+static ID_BLOCK *search_candidates(
+ Operation *op, Entry *e, Filter *filter,
+ int scope, int deref, int manageDSAit );
-#define MAKE_SPACE( n ) { \
- if ( rcur + n > rbuf + rmaxsize ) { \
- int offset = rcur - rbuf; \
- rbuf = ch_realloc( rbuf, rmaxsize + GRABSIZE ); \
- rmaxsize += GRABSIZE; \
- rcur = rbuf + offset; \
- } \
-}
int
ldbm_back_search(
- Backend *be,
- Connection *conn,
Operation *op,
- char *base,
- int scope,
- int deref,
- int slimit,
- int tlimit,
- Filter *filter,
- char *filterstr,
- char **attrs,
- int attrsonly
-)
+ SlapReply *rs )
{
- struct ldbminfo *li = (struct ldbminfo *) be->be_private;
- int err;
+ struct ldbminfo *li = (struct ldbminfo *) op->o_bd->be_private;
+ int rc;
time_t stoptime;
- IDList *candidates;
- ID id;
+ ID_BLOCK *candidates;
+ ID id, cursor;
Entry *e;
- Attribute *ref;
- char *matched = NULL;
- int rmaxsize, nrefs;
- char *rbuf, *rcur, *r;
- int nentries = 0;
- char *realBase;
+ Entry *matched = NULL;
+ struct berval realbase = BER_BVNULL;
+ int manageDSAit = get_manageDSAit( op );
+#ifdef SLAP_ACL_HONOR_DISCLOSE
+ slap_mask_t mask;
+#endif
+
+ Debug(LDAP_DEBUG_TRACE, "=> ldbm_back_search\n", 0, 0, 0);
+
+ /* grab giant lock for reading */
+ ldap_pvt_thread_rdwr_rlock(&li->li_giant_rwlock);
+
+ if ( op->o_req_ndn.bv_len == 0 ) {
+ /* DIT root special case */
+ e = (Entry *) &slap_entry_root;
+
+ /* need normalized dn below */
+ ber_dupbv( &realbase, &e->e_nname );
+
+ candidates = search_candidates( op, e, op->ors_filter,
+ op->ors_scope, op->ors_deref,
+ manageDSAit || get_domainScope(op) );
- Debug(LDAP_DEBUG_ARGS, "=> ldbm_back_search\n", 0, 0, 0);
+ goto searchit;
+
+ } else if ( op->ors_deref & LDAP_DEREF_FINDING ) {
+ /* deref dn and get entry with reader lock */
+ e = deref_dn_r( op->o_bd, &op->o_req_ndn,
+ &rs->sr_err, &matched, &rs->sr_text );
+
+ if( rs->sr_err == LDAP_NO_SUCH_OBJECT ) rs->sr_err = LDAP_REFERRAL;
- if ( tlimit == 0 && be_isroot( be, op->o_ndn ) ) {
- tlimit = -1; /* allow root to set no limit */
} else {
- tlimit = (tlimit > be->be_timelimit || tlimit < 1) ?
- be->be_timelimit : tlimit;
- stoptime = op->o_time + tlimit;
+ /* get entry with reader lock */
+ e = dn2entry_r( op->o_bd, &op->o_req_ndn, &matched );
+ rs->sr_err = e != NULL ? LDAP_SUCCESS : LDAP_REFERRAL;
+ rs->sr_text = NULL;
}
- if ( slimit == 0 && be_isroot( be, op->o_ndn ) ) {
- slimit = -1; /* allow root to set no limit */
- } else {
- slimit = (slimit > be->be_sizelimit || slimit < 1) ?
- be->be_sizelimit : slimit;
+
+ if ( e == NULL ) {
+ struct berval matched_dn = BER_BVNULL;
+
+ if ( matched != NULL ) {
+ BerVarray erefs = NULL;
+
+#ifdef SLAP_ACL_HONOR_DISCLOSE
+ if ( ! access_allowed( op, matched,
+ slap_schema.si_ad_entry,
+ NULL, ACL_DISCLOSE, NULL ) )
+ {
+ rs->sr_err = LDAP_NO_SUCH_OBJECT;
+
+ } else
+#endif /* SLAP_ACL_HONOR_DISCLOSE */
+ {
+ ber_dupbv( &matched_dn, &matched->e_name );
+
+ erefs = is_entry_referral( matched )
+ ? get_entry_referrals( op, matched )
+ : NULL;
+ }
+
+ cache_return_entry_r( &li->li_cache, matched );
+
+ if ( erefs ) {
+ rs->sr_ref = referral_rewrite( erefs, &matched_dn,
+ &op->o_req_dn, op->ors_scope );
+
+ ber_bvarray_free( erefs );
+ }
+
+ } else {
+ rs->sr_ref = referral_rewrite( default_referral,
+ NULL, &op->o_req_dn, op->ors_scope );
+ }
+
+ ldap_pvt_thread_rdwr_runlock(&li->li_giant_rwlock);
+
+ rs->sr_matched = matched_dn.bv_val;
+ send_ldap_result( op, rs );
+
+ ber_bvarray_free( rs->sr_ref );
+ ber_memfree( matched_dn.bv_val );
+ rs->sr_ref = NULL;
+ rs->sr_matched = NULL;
+ return rs->sr_err;
}
- /*
- * check and apply aliasing where the dereferencing applies to
- * the subordinates of the base
- */
-
- switch ( deref ) {
- case LDAP_DEREF_FINDING:
- case LDAP_DEREF_ALWAYS:
- realBase = derefDN ( be, conn, op, base );
- break;
- default:
- realBase = ch_strdup(base);
+#ifdef SLAP_ACL_HONOR_DISCLOSE
+ /* NOTE: __NEW__ "search" access is required
+ * on searchBase object */
+ if ( ! access_allowed_mask( op, e, slap_schema.si_ad_entry,
+ NULL, ACL_SEARCH, NULL, &mask ) )
+ {
+ if ( !ACL_GRANT( mask, ACL_DISCLOSE ) ) {
+ rs->sr_err = LDAP_NO_SUCH_OBJECT;
+ } else {
+ rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
+ }
+
+ cache_return_entry_r( &li->li_cache, e );
+ ldap_pvt_thread_rdwr_runlock(&li->li_giant_rwlock);
+
+ send_ldap_result( op, rs );
+ return rs->sr_err;
}
+#endif /* SLAP_ACL_HONOR_DISCLOSE */
- (void) dn_normalize_case( realBase );
+ if ( !manageDSAit && is_entry_referral( e ) ) {
+ /* entry is a referral, don't allow add */
+ struct berval matched_dn = BER_BVNULL;
+ BerVarray erefs = NULL;
- Debug( LDAP_DEBUG_TRACE, "using base \"%s\"\n",
- realBase, 0, 0 );
+ rs->sr_ref = NULL;
+ rs->sr_err = LDAP_OTHER;
+ rs->sr_text = "bad referral object";
- switch ( scope ) {
- case LDAP_SCOPE_BASE:
- candidates = base_candidates( be, conn, op, realBase, filter,
- attrs, attrsonly, &matched, &err );
- break;
+ ber_dupbv( &matched_dn, &e->e_name );
+ erefs = get_entry_referrals( op, e );
- case LDAP_SCOPE_ONELEVEL:
- candidates = onelevel_candidates( be, conn, op, realBase, filter,
- attrs, attrsonly, &matched, &err );
- break;
+ cache_return_entry_r( &li->li_cache, e );
+ ldap_pvt_thread_rdwr_runlock(&li->li_giant_rwlock);
- case LDAP_SCOPE_SUBTREE:
- candidates = subtree_candidates( be, conn, op, realBase, filter,
- attrs, attrsonly, &matched, NULL, &err, 1 );
- break;
+ Debug( LDAP_DEBUG_TRACE,
+ "ldbm_search: entry is referral\n",
+ 0, 0, 0 );
- default:
- send_ldap_result( conn, op, LDAP_PROTOCOL_ERROR, "",
- "Bad scope" );
- if( realBase != NULL) {
- free( realBase );
+ if ( erefs ) {
+ rs->sr_ref = referral_rewrite( erefs, &matched_dn,
+ &op->o_req_dn, op->ors_scope );
+
+ ber_bvarray_free( erefs );
+
+ if ( rs->sr_ref ) {
+ rs->sr_err = LDAP_REFERRAL;
+ rs->sr_text = NULL;
+ }
}
- return( -1 );
+
+ rs->sr_matched = matched_dn.bv_val;
+ send_ldap_result( op, rs );
+ ber_bvarray_free( rs->sr_ref );
+ ber_memfree( matched_dn.bv_val );
+ rs->sr_ref = NULL;
+ rs->sr_matched = NULL;
+ return rs->sr_err;
+ }
+
+ if ( is_entry_alias( e ) ) {
+ /* don't deref */
+ op->ors_deref = LDAP_DEREF_NEVER;
}
- /* null candidates means we could not find the base object */
+ if ( op->ors_scope == LDAP_SCOPE_BASE ) {
+ candidates = base_candidate( op->o_bd, e );
+
+ } else {
+ candidates = search_candidates( op, e, op->ors_filter,
+ op->ors_scope, op->ors_deref, manageDSAit );
+ }
+
+ /* need normalized dn below */
+ ber_dupbv( &realbase, &e->e_nname );
+
+ cache_return_entry_r( &li->li_cache, e );
+
+searchit:
if ( candidates == NULL ) {
- send_ldap_result( conn, op, err, matched, "" );
- if ( matched != NULL ) {
- free( matched );
- }
- if( realBase != NULL) {
- free( realBase );
- }
- return( -1 );
+ /* no candidates */
+ Debug( LDAP_DEBUG_TRACE, "ldbm_search: no candidates\n",
+ 0, 0, 0 );
+
+ rs->sr_err = LDAP_SUCCESS;
+ send_ldap_result( op, rs );
+
+ rc = LDAP_SUCCESS;
+ goto done;
}
- if ( matched != NULL ) {
- free( matched );
+ /* if candidates exceed to-be-checked entries, abort */
+ if ( op->ors_limit /* isroot == FALSE */
+ && op->ors_limit->lms_s_unchecked != -1
+ && ID_BLOCK_NIDS( candidates ) > (unsigned) op->ors_limit->lms_s_unchecked )
+ {
+ send_ldap_error( op, rs, LDAP_ADMINLIMIT_EXCEEDED, NULL );
+ rc = LDAP_SUCCESS;
+ goto done;
}
+
+ /* compute it anyway; root does not use it */
+ stoptime = op->o_time + op->ors_tlimit;
+ rs->sr_attrs = op->ors_attrs;
+
+ for ( id = idl_firstid( candidates, &cursor ); id != NOID;
+ id = idl_nextid( candidates, &cursor ) )
+ {
+ int scopeok = 0;
+ int result = 0;
- rmaxsize = 0;
- nrefs = 0;
- rbuf = rcur = NULL;
- MAKE_SPACE( sizeof("Referral:") + 1 );
- strcpy( rbuf, "Referral:" );
- rcur = strchr( rbuf, '\0' );
- for ( id = idl_firstid( candidates ); id != NOID;
- id = idl_nextid( candidates, id ) ) {
/* check for abandon */
- pthread_mutex_lock( &op->o_abandonmutex );
if ( op->o_abandon ) {
- pthread_mutex_unlock( &op->o_abandonmutex );
- idl_free( candidates );
- free( rbuf );
- if( realBase != NULL) {
- free( realBase );
- }
- return( 0 );
+ rc = SLAPD_ABANDON;
+ goto done;
}
- pthread_mutex_unlock( &op->o_abandonmutex );
/* check time limit */
- pthread_mutex_lock( ¤ttime_mutex );
- time( ¤ttime );
- if ( tlimit != -1 && currenttime > stoptime ) {
- pthread_mutex_unlock( ¤ttime_mutex );
- send_ldap_search_result( conn, op,
- LDAP_TIMELIMIT_EXCEEDED, NULL, nrefs > 0 ? rbuf :
- NULL, nentries );
- idl_free( candidates );
- free( rbuf );
- if( realBase != NULL) {
- free( realBase );
- }
- return( 0 );
+ if ( op->ors_tlimit != SLAP_NO_LIMIT
+ && slap_get_time() > stoptime )
+ {
+ rs->sr_err = LDAP_TIMELIMIT_EXCEEDED;
+ send_ldap_result( op, rs );
+ rc = LDAP_SUCCESS;
+ goto done;
}
- pthread_mutex_unlock( ¤ttime_mutex );
/* get the entry with reader lock */
- if ( (e = id2entry_r( be, id )) == NULL ) {
- Debug( LDAP_DEBUG_ARGS, "candidate %lu not found\n",
- id, 0, 0 );
- continue;
+ e = id2entry_r( op->o_bd, id );
+
+ if ( e == NULL ) {
+ Debug( LDAP_DEBUG_TRACE,
+ "ldbm_search: candidate %ld not found\n",
+ id, 0, 0 );
+
+ goto loop_continue;
+ }
+
+ rs->sr_entry = e;
+
+ if ( is_entry_subentry( e ) ) {
+ if( op->ors_scope != LDAP_SCOPE_BASE ) {
+ if(!get_subentries_visibility( op )) {
+ /* only subentries are visible */
+ goto loop_continue;
+ }
+ } else if ( get_subentries( op ) &&
+ !get_subentries_visibility( op ))
+ {
+ /* only subentries are visible */
+ goto loop_continue;
+ }
+ } else if ( get_subentries_visibility( op )) {
+ /* only subentries are visible */
+ goto loop_continue;
+ }
+
+ if ( op->ors_deref & LDAP_DEREF_SEARCHING &&
+ is_entry_alias( e ) )
+ {
+ Entry *matched;
+ int err;
+ const char *text;
+
+ e = deref_entry_r( op->o_bd, e, &err, &matched, &text );
+
+ if( e == NULL ) {
+ e = matched;
+ goto loop_continue;
+ }
+
+ if( e->e_id == id ) {
+ /* circular loop */
+ goto loop_continue;
+ }
+
+ /* need to skip alias which deref into scope */
+ if( op->ors_scope == LDAP_SCOPE_ONELEVEL ) {
+ struct berval pdn;
+ dnParent( &e->e_nname, &pdn );
+ if ( ber_bvcmp( &pdn, &realbase ) ) {
+ goto loop_continue;
+ }
+
+ } else if ( dnIsSuffix( &e->e_nname, &realbase ) ) {
+ /* alias is within scope */
+ Debug( LDAP_DEBUG_TRACE,
+ "ldbm_search: alias \"%s\" in subtree\n",
+ e->e_dn, 0, 0 );
+
+ goto loop_continue;
+ }
+
+ rs->sr_entry = e;
+
+ scopeok = 1;
}
/*
- * if it's a referral, add it to the list of referrals. only do
- * this for subtree searches, and don't check the filter explicitly
- * here since it's only a candidate anyway.
+ * If it's a referral, add it to the list of referrals.
+ * Only do this for non-base searches, and don't check
+ * the filter explicitly here since it's only a candidate
+ * anyway.
*/
- if ( scope == LDAP_SCOPE_SUBTREE &&
- e->e_ndn != NULL &&
- strncmp( e->e_ndn, "REF=", 4 ) == 0 &&
- (ref = attr_find( e->e_attrs, "ref" )) != NULL )
+ if ( !manageDSAit && op->ors_scope != LDAP_SCOPE_BASE &&
+ is_entry_referral( e ) )
{
- int i, len;
+ struct berval dn;
+
+ /* check scope */
+ if ( !scopeok && op->ors_scope == LDAP_SCOPE_ONELEVEL ) {
+ if ( !be_issuffix( op->o_bd, &e->e_nname ) ) {
+ dnParent( &e->e_nname, &dn );
+ scopeok = dn_match( &dn, &realbase );
+ } else {
+ scopeok = (realbase.bv_len == 0);
+ }
+
+ } else if ( !scopeok
+ && op->ors_scope == LDAP_SCOPE_SUBTREE )
+ {
+ scopeok = dnIsSuffix( &e->e_nname, &realbase );
+
+#ifdef LDAP_SCOPE_SUBORDINATE
+ } else if ( !scopeok
+ && op->ors_scope == LDAP_SCOPE_SUBORDINATE )
+ {
+ scopeok = !dn_match( &e->e_nname, &realbase )
+ && dnIsSuffix( &e->e_nname, &realbase );
+#endif
- if ( ref->a_vals == NULL ) {
- Debug( LDAP_DEBUG_ANY, "null ref in (%s)\n",
- e->e_dn, 0, 0 );
} else {
- for ( i = 0; ref->a_vals[i] != NULL; i++ ) {
- /* referral + newline + null */
- MAKE_SPACE( ref->a_vals[i]->bv_len + 2 );
- *rcur++ = '\n';
- strncpy( rcur, ref->a_vals[i]->bv_val,
- ref->a_vals[i]->bv_len );
- rcur = rcur + ref->a_vals[i]->bv_len;
- *rcur = '\0';
- nrefs++;
- }
+ scopeok = 1;
}
- /* otherwise it's an entry - see if it matches the filter */
- } else {
- /* if it matches the filter and scope, send it */
- if ( test_filter( be, conn, op, e, filter ) == 0 ) {
- int scopeok;
- char *dn;
+ if( scopeok ) {
+ BerVarray erefs = get_entry_referrals( op, e );
+ rs->sr_ref = referral_rewrite( erefs,
+ &e->e_name, NULL,
+ op->ors_scope == LDAP_SCOPE_ONELEVEL
+ ? LDAP_SCOPE_BASE
+ : LDAP_SCOPE_SUBTREE );
- /* check scope */
- scopeok = 1;
- if ( scope == LDAP_SCOPE_ONELEVEL ) {
- if ( (dn = dn_parent( be, e->e_dn )) != NULL ) {
- (void) dn_normalize_case( dn );
- scopeok = (dn == realBase)
- ? 1
- : (strcmp( dn, realBase ) ? 0 : 1 );
- free( dn );
- } else {
- scopeok = (realBase == NULL || *realBase == '\0');
- }
- } else if ( scope == LDAP_SCOPE_SUBTREE ) {
- dn = ch_strdup( e->e_ndn );
- scopeok = dn_issuffix( dn, realBase );
- free( dn );
+ ber_bvarray_free( erefs );
+
+ send_search_reference( op, rs );
+
+ ber_bvarray_free( rs->sr_ref );
+ rs->sr_ref = NULL;
+
+ } else {
+ Debug( LDAP_DEBUG_TRACE,
+ "ldbm_search: candidate referral %ld scope not okay\n",
+ id, 0, 0 );
+ }
+
+ goto loop_continue;
+ }
+
+ if ( !manageDSAit && is_entry_glue( e )) {
+ goto loop_continue;
+ }
+
+ /* if it matches the filter and scope, send it */
+ result = test_filter( op, e, op->ors_filter );
+
+ if ( result == LDAP_COMPARE_TRUE ) {
+ struct berval dn;
+
+ /* check scope */
+ if ( !scopeok && op->ors_scope == LDAP_SCOPE_ONELEVEL ) {
+ if ( !be_issuffix( op->o_bd, &e->e_nname ) ) {
+ dnParent( &e->e_nname, &dn );
+ scopeok = dn_match( &dn, &realbase );
+ } else {
+ scopeok = (realbase.bv_len == 0);
}
- if ( scopeok ) {
- /* check size limit */
- if ( --slimit == -1 ) {
- cache_return_entry_r( &li->li_cache, e );
- send_ldap_search_result( conn, op,
- LDAP_SIZELIMIT_EXCEEDED, NULL,
- nrefs > 0 ? rbuf : NULL, nentries );
- idl_free( candidates );
- free( rbuf );
-
- if( realBase != NULL) {
- free( realBase );
- }
- return( 0 );
- }
+ } else if ( !scopeok &&
+ op->ors_scope == LDAP_SCOPE_SUBTREE )
+ {
+ scopeok = dnIsSuffix( &e->e_nname, &realbase );
- /*
- * check and apply aliasing where the dereferencing applies to
- * the subordinates of the base
- */
- switch ( deref ) {
- case LDAP_DEREF_SEARCHING:
- case LDAP_DEREF_ALWAYS:
- {
- Entry *newe = derefAlias_r( be, conn, op, e );
- cache_return_entry_r( &li->li_cache, e );
- e = newe;
- }
- break;
- }
+ } else if ( !scopeok &&
+ op->ors_scope == LDAP_SCOPE_SUBORDINATE )
+ {
+ scopeok = !dn_match( &e->e_nname, &realbase )
+ && dnIsSuffix( &e->e_nname, &realbase );
- switch ( send_search_entry( be, conn, op, e,
- attrs, attrsonly ) ) {
- case 0: /* entry sent ok */
- nentries++;
- break;
- case 1: /* entry not sent */
- break;
- case -1: /* connection closed */
- cache_return_entry_r( &li->li_cache, e );
- idl_free( candidates );
- free( rbuf );
+ } else {
+ scopeok = 1;
+ }
+
+ if ( scopeok ) {
+ if (e) {
+ rs->sr_flags = 0;
+ rs->sr_err = send_search_entry( op, rs );
- if( realBase != NULL) {
- free( realBase );
- }
- return( 0 );
+ switch ( rs->sr_err ) {
+ case LDAP_UNAVAILABLE: /* connection closed */
+ cache_return_entry_r( &li->li_cache, e );
+ rc = LDAP_SUCCESS;
+ goto done;
+ case LDAP_SIZELIMIT_EXCEEDED:
+ cache_return_entry_r( &li->li_cache, e );
+ rc = rs->sr_err;
+ rs->sr_entry = NULL;
+ send_ldap_result( op, rs );
+ rc = LDAP_SUCCESS;
+ goto done;
}
}
+
+ } else {
+ Debug( LDAP_DEBUG_TRACE,
+ "ldbm_search: candidate entry %ld scope not okay\n",
+ id, 0, 0 );
}
+
+ } else {
+ Debug( LDAP_DEBUG_TRACE,
+ "ldbm_search: candidate entry %ld does not match filter\n",
+ id, 0, 0 );
}
+loop_continue:
if( e != NULL ) {
/* free reader lock */
cache_return_entry_r( &li->li_cache, e );
}
- pthread_yield();
- }
- idl_free( candidates );
- if ( nrefs > 0 ) {
- send_ldap_search_result( conn, op, LDAP_PARTIAL_RESULTS, NULL,
- rbuf, nentries );
- } else {
- send_ldap_search_result( conn, op, LDAP_SUCCESS, NULL, NULL,
- nentries );
- }
- free( rbuf );
-
- if( realBase != NULL) {
- free( realBase );
+ ldap_pvt_thread_yield();
}
- return( 0 );
-}
-
-static IDList *
-base_candidates(
- Backend *be,
- Connection *conn,
- Operation *op,
- char *base,
- Filter *filter,
- char **attrs,
- int attrsonly,
- char **matched,
- int *err
-)
-{
- struct ldbminfo *li = (struct ldbminfo *) be->be_private;
- int rc;
- ID id;
- IDList *idl;
- Entry *e;
+ rs->sr_err = rs->sr_v2ref ? LDAP_REFERRAL : LDAP_SUCCESS;
+ rs->sr_ref = rs->sr_v2ref;
+ send_ldap_result( op, rs );
- Debug(LDAP_DEBUG_TRACE, "base_candidates: base: \"%s\"\n", base, 0, 0);
+ rc = LDAP_SUCCESS;
- *err = LDAP_SUCCESS;
+done:
+ ldap_pvt_thread_rdwr_runlock(&li->li_giant_rwlock);
- /* get entry with reader lock */
- if ( (e = dn2entry_r( be, base, matched )) == NULL ) {
- *err = LDAP_NO_SUCH_OBJECT;
- return( NULL );
- }
+ if( candidates != NULL )
+ idl_free( candidates );
- /* check for deleted */
+ if( rs->sr_v2ref ) ber_bvarray_free( rs->sr_v2ref );
+ if( realbase.bv_val ) free( realbase.bv_val );
- idl = idl_alloc( 1 );
- idl_insert( &idl, e->e_id, 1 );
-
-
- /* free reader lock */
- cache_return_entry_r( &li->li_cache, e );
-
- return( idl );
+ return rc;
}
-static IDList *
-onelevel_candidates(
+static ID_BLOCK *
+base_candidate(
Backend *be,
- Connection *conn,
- Operation *op,
- char *base,
- Filter *filter,
- char **attrs,
- int attrsonly,
- char **matched,
- int *err
-)
+ Entry *e )
{
- struct ldbminfo *li = (struct ldbminfo *) be->be_private;
- Entry *e = NULL;
- Filter *f;
- char buf[20];
- IDList *candidates;
+ ID_BLOCK *idl;
- Debug(LDAP_DEBUG_TRACE, "onelevel_candidates: base: \"%s\"\n", base, 0, 0);
+ Debug(LDAP_DEBUG_TRACE, "base_candidates: base: \"%s\"\n",
+ e->e_dn, 0, 0);
- *err = LDAP_SUCCESS;
- /* get the base object with reader lock */
- if ( base != NULL && *base != '\0' &&
- (e = dn2entry_r( be, base, matched )) == NULL )
- {
- *err = LDAP_NO_SUCH_OBJECT;
- return( NULL );
- }
+ idl = idl_alloc( 1 );
+ idl_insert( &idl, e->e_id, 1 );
- /*
- * modify the filter to be something like this:
- *
- * parent=baseobject & originalfilter
- */
-
- f = (Filter *) ch_malloc( sizeof(Filter) );
- f->f_next = NULL;
- f->f_choice = LDAP_FILTER_AND;
- f->f_and = (Filter *) ch_malloc( sizeof(Filter) );
- f->f_and->f_choice = LDAP_FILTER_EQUALITY;
- f->f_and->f_ava.ava_type = ch_strdup( "id2children" );
- sprintf( buf, "%ld", e != NULL ? e->e_id : 0 );
- f->f_and->f_ava.ava_value.bv_val = ch_strdup( buf );
- f->f_and->f_ava.ava_value.bv_len = strlen( buf );
- f->f_and->f_next = filter;
-
- /* from here, it's just like subtree_candidates */
- candidates = subtree_candidates( be, conn, op, base, f, attrs,
- attrsonly, matched, e, err, 0 );
-
- /* free up just the filter stuff we allocated above */
- f->f_and->f_next = NULL;
- filter_free( f );
-
- /* free entry and reader lock */
- if( e != NULL ) {
- cache_return_entry_r( &li->li_cache, e );
- }
- return( candidates );
+ return( idl );
}
-static IDList *
-subtree_candidates(
- Backend *be,
- Connection *conn,
+static ID_BLOCK *
+search_candidates(
Operation *op,
- char *base,
- Filter *filter,
- char **attrs,
- int attrsonly,
- char **matched,
Entry *e,
- int *err,
- int lookupbase
-)
+ Filter *filter,
+ int scope,
+ int deref,
+ int manageDSAit )
{
- struct ldbminfo *li = (struct ldbminfo *) be->be_private;
- Filter *f, **filterarg_ptr;
- IDList *candidates;
-
- Debug(LDAP_DEBUG_TRACE, "subtree_candidates: base: \"%s\" %s\n",
- base ? base : "NULL", lookupbase ? "lookupbase" : "", 0);
-
- /*
- * get the base object - unless we already have it (from one-level).
- * also, unless this is a one-level search or a subtree search
- * starting at the very top of our subtree, we need to modify the
- * filter to be something like this:
- *
- * dn=*baseobjectdn & (originalfilter | ref=*)
- *
- * the "objectclass=referral" part is used to select referrals to return
- */
-
- *err = LDAP_SUCCESS;
- f = NULL;
- if ( lookupbase ) {
- e = NULL;
-
- if ( base != NULL && *base != '\0' &&
- (e = dn2entry_r( be, base, matched )) == NULL )
- {
- *err = LDAP_NO_SUCH_OBJECT;
- return( NULL );
- }
-
- if (e) {
- cache_return_entry_r( &li->li_cache, e );
- }
-
- f = (Filter *) ch_malloc( sizeof(Filter) );
- f->f_next = NULL;
- f->f_choice = LDAP_FILTER_OR;
- f->f_or = (Filter *) ch_malloc( sizeof(Filter) );
- f->f_or->f_choice = LDAP_FILTER_EQUALITY;
- f->f_or->f_avtype = ch_strdup( "objectclass" );
- /* Patch to use normalized uppercase */
- f->f_or->f_avvalue.bv_val = ch_strdup( "REFERRAL" );
- f->f_or->f_avvalue.bv_len = strlen( "REFERRAL" );
- filterarg_ptr = &f->f_or->f_next;
- *filterarg_ptr = filter;
- filter = f;
-
- if ( ! be_issuffix( be, base ) ) {
- f = (Filter *) ch_malloc( sizeof(Filter) );
- f->f_next = NULL;
- f->f_choice = LDAP_FILTER_AND;
- f->f_and = (Filter *) ch_malloc( sizeof(Filter) );
- f->f_and->f_choice = LDAP_FILTER_SUBSTRINGS;
- f->f_and->f_sub_type = ch_strdup( "dn" );
- f->f_and->f_sub_initial = NULL;
- f->f_and->f_sub_any = NULL;
- f->f_and->f_sub_final = ch_strdup( base );
- value_normalize( f->f_and->f_sub_final, SYNTAX_CIS );
- f->f_and->f_next = filter;
- filter = f;
- }
+ ID_BLOCK *candidates;
+ Filter f, fand, rf, af, xf;
+ AttributeAssertion aa_ref, aa_alias;
+ struct berval bv_ref = { sizeof("referral")-1, "referral" };
+ struct berval bv_alias = { sizeof("alias")-1, "alias" };
+ Filter sf;
+ AttributeAssertion aa_subentry;
+
+ Debug(LDAP_DEBUG_TRACE,
+ "search_candidates: base=\"%s\" s=%d d=%d\n",
+ e->e_ndn, scope, deref );
+
+
+ xf.f_or = filter;
+ xf.f_choice = LDAP_FILTER_OR;
+ xf.f_next = NULL;
+
+ if( !manageDSAit ) {
+ /* match referrals */
+ rf.f_choice = LDAP_FILTER_EQUALITY;
+ rf.f_ava = &aa_ref;
+ rf.f_av_desc = slap_schema.si_ad_objectClass;
+ rf.f_av_value = bv_ref;
+ rf.f_next = xf.f_or;
+ xf.f_or = &rf;
}
- candidates = filter_candidates( be, filter );
+ if( deref & LDAP_DEREF_SEARCHING ) {
+ /* match aliases */
+ af.f_choice = LDAP_FILTER_EQUALITY;
+ af.f_ava = &aa_alias;
+ af.f_av_desc = slap_schema.si_ad_objectClass;
+ af.f_av_value = bv_alias;
+ af.f_next = xf.f_or;
+ xf.f_or = ⁡
+ }
- /* free up just the parts we allocated above */
- if ( f != NULL ) {
- *filterarg_ptr = NULL;
- filter_free( f );
+ f.f_next = NULL;
+ f.f_choice = LDAP_FILTER_AND;
+ f.f_and = &fand;
+ fand.f_choice = scope == LDAP_SCOPE_ONELEVEL
+ ? SLAPD_FILTER_DN_ONE
+ : SLAPD_FILTER_DN_SUBTREE;
+ fand.f_dn = &e->e_nname;
+ fand.f_next = xf.f_or == filter ? filter : &xf ;
+
+ if ( get_subentries_visibility( op )) {
+ struct berval bv_subentry = { sizeof("SUBENTRY")-1, "SUBENTRY" };
+ sf.f_choice = LDAP_FILTER_EQUALITY;
+ sf.f_ava = &aa_subentry;
+ sf.f_av_desc = slap_schema.si_ad_objectClass;
+ sf.f_av_value = bv_subentry;
+ sf.f_next = fand.f_next;
+ fand.f_next = &sf;
}
+ candidates = filter_candidates( op, &f );
return( candidates );
}
projects / openldap / blobdiff