]> git.sur5r.net Git - openldap/blobdiff - servers/slapd/back-ldbm/search.c
projects / openldap / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
modify be_referral to use struct berval DNs.
[openldap] / servers / slapd / back-ldbm / search.c
diff --git a/servers/slapd/back-ldbm/search.c b/servers/slapd/back-ldbm/search.c
index 8a09394b3b39e6a7c26807b38976f5c35e187bb9..bc5e67989c27158f2550073f9d04359e05a0a6fc 100644 (file)
--- a/servers/slapd/back-ldbm/search.c
+++ b/servers/slapd/back-ldbm/search.c
@@ -37,13 +37,12 @@ ldbm_back_search(
     int                tlimit,
     Filter     *filter,
     const char *filterstr,
-    char       **attrs,
-    int                attrsonly
-)
+    struct berval      **attrs,
+    int                attrsonly )
 {
        struct ldbminfo *li = (struct ldbminfo *) be->be_private;
        int             rc, err;
-       const char *text;
+       const char *text = NULL;
        time_t          stoptime;
        ID_BLOCK                *candidates;
        ID              id, cursor;
@@ -53,14 +52,39 @@ ldbm_back_search(
        char    *realbase = NULL;
        int             nentries = 0;
        int             manageDSAit = get_manageDSAit( op );
-
+       int             cscope = LDAP_SCOPE_DEFAULT;
+
+       struct slap_limits_set *limit = NULL;
+       int isroot = 0;
+               
+#ifdef NEW_LOGGING
+       LDAP_LOG(( "backend", LDAP_LEVEL_ENTRY,
+                  "ldbm_back_search: enter\n" ));
+#else
        Debug(LDAP_DEBUG_TRACE, "=> ldbm_back_search\n", 0, 0, 0);
+#endif
+
+
+       if ( *nbase == '\0' ) {
+               /* DIT root special case */
+               e = (Entry *) &slap_entry_root;
+
+               /* need normalized dn below */
+               realbase = ch_strdup( e->e_ndn );
+
+               candidates = search_candidates( be, e, filter,
+                   scope, deref, manageDSAit );
 
-       /* get entry with reader lock */
-       if ( deref & LDAP_DEREF_FINDING ) {
+               goto searchit;
+               
+       } else if ( deref & LDAP_DEREF_FINDING ) {
+               /* deref dn and get entry with reader lock */
                e = deref_dn_r( be, nbase, &err, &matched, &text );
 
+               if( err == LDAP_NO_SUCH_OBJECT ) err = LDAP_REFERRAL;
+
        } else {
+               /* get entry with reader lock */
                e = dn2entry_r( be, nbase, &matched );
                err = e != NULL ? LDAP_SUCCESS : LDAP_REFERRAL;
                text = NULL;
@@ -71,67 +95,88 @@ ldbm_back_search(
                struct berval **refs = NULL;
 
                if ( matched != NULL ) {
+                       struct berval **erefs;
                        matched_dn = ch_strdup( matched->e_dn );
 
-                       refs = is_entry_referral( matched )
-                               ? get_entry_referrals( be, conn, op, matched )
+                       erefs = is_entry_referral( matched )
+                               ? get_entry_referrals( be, conn, op, matched,
+                                       base, scope )
                                : NULL;
 
                        cache_return_entry_r( &li->li_cache, matched );
+
+                       if( erefs ) {
+                               refs = referral_rewrite( erefs, matched_dn,
+                                       base, scope );
+
+                               ber_bvecfree( erefs );
+                       }
+
                } else {
-                       refs = default_referral;
+                       refs = referral_rewrite( default_referral,
+                               NULL, base, scope );
                }
 
                send_ldap_result( conn, op, err,
                        matched_dn, text, refs, NULL );
 
-               if( matched != NULL ) {
-                       ber_bvecfree( refs );
-                       free( matched_dn );
-               }
-
+               ber_bvecfree( refs );
+               free( matched_dn );
                return 1;
        }
 
        if (!manageDSAit && is_entry_referral( e ) ) {
                /* entry is a referral, don't allow add */
                char *matched_dn = ch_strdup( e->e_dn );
-               struct berval **refs = get_entry_referrals( be,
-                       conn, op, e );
+               struct berval **erefs = get_entry_referrals( be,
+                       conn, op, e, base, scope );
+               struct berval **refs = NULL;
 
                cache_return_entry_r( &li->li_cache, e );
 
-               Debug( LDAP_DEBUG_TRACE, "entry is referral\n", 0,
-                   0, 0 );
+#ifdef NEW_LOGGING
+               LDAP_LOG(( "backend", LDAP_LEVEL_INFO,
+                       "ldbm_search: entry (%s) is a referral.\n",
+                       e->e_dn ));
+#else
+               Debug( LDAP_DEBUG_TRACE,
+                       "ldbm_search: entry is referral\n",
+                       0, 0, 0 );
+#endif
 
-               send_ldap_result( conn, op, LDAP_REFERRAL,
-                   matched_dn, NULL, refs, NULL );
+               if( erefs ) {
+                       refs = referral_rewrite( erefs, matched_dn,
+                               base, scope );
 
-               ber_bvecfree( refs );
-               free( matched_dn );
+                       ber_bvecfree( erefs );
+               }
 
-               return 1;
-       }
+               if( refs ) {
+                       send_ldap_result( conn, op, LDAP_REFERRAL,
+                               matched_dn, NULL, refs, NULL );
+                       ber_bvecfree( refs );
 
-       if ( tlimit == 0 && be_isroot( be, op->o_ndn ) ) {
-               tlimit = -1;    /* allow root to set no limit */
-       } else {
-               tlimit = (tlimit > be->be_timelimit || tlimit < 1) ?
-                   be->be_timelimit : tlimit;
-               stoptime = op->o_time + tlimit;
+               } else {
+                       send_ldap_result( conn, op, LDAP_OTHER, matched_dn,
+                               "bad referral object", NULL, NULL );
+               }
+
+               free( matched_dn );
+               return 1;
        }
 
-       if ( slimit == 0 && be_isroot( be, op->o_ndn ) ) {
-               slimit = -1;    /* allow root to set no limit */
-       } else {
-               slimit = (slimit > be->be_sizelimit || slimit < 1) ?
-                   be->be_sizelimit : slimit;
+       if ( is_entry_alias( e ) ) {
+               /* don't deref */
+               deref = LDAP_DEREF_NEVER;
        }
 
        if ( scope == LDAP_SCOPE_BASE ) {
+               cscope = LDAP_SCOPE_BASE;
                candidates = base_candidate( be, e );
 
        } else {
+               cscope = ( scope != LDAP_SCOPE_SUBTREE )
+                       ? LDAP_SCOPE_BASE : LDAP_SCOPE_SUBTREE;
                candidates = search_candidates( be, e, filter,
                    scope, deref, manageDSAit );
        }
@@ -141,10 +186,16 @@ ldbm_back_search(
 
        cache_return_entry_r( &li->li_cache, e );
 
+searchit:
        if ( candidates == NULL ) {
                /* no candidates */
-               Debug( LDAP_DEBUG_TRACE, "no candidates\n", 0,
-                   0, 0 );
+#ifdef NEW_LOGGING
+               LDAP_LOG(( "backend", LDAP_LEVEL_INFO,
+                       "ldbm_search: no candidates\n" ));
+#else
+               Debug( LDAP_DEBUG_TRACE, "ldbm_search: no candidates\n",
+                       0, 0, 0 );
+#endif
 
                send_search_result( conn, op,
                        LDAP_SUCCESS,
@@ -154,10 +205,86 @@ ldbm_back_search(
                goto done;
        }
 
+       /* if not root, get appropriate limits */
+       if ( be_isroot( be, &op->o_ndn ) ) {
+               isroot = 1;
+       } else {
+               ( void ) get_limits( be, &op->o_ndn, &limit );
+       }
+
+       /* if candidates exceed to-be-checked entries, abort */
+       if ( !isroot && limit->lms_s_unchecked != -1 ) {
+               if ( ID_BLOCK_NIDS( candidates ) > (unsigned) limit->lms_s_unchecked ) {
+                       send_search_result( conn, op, LDAP_UNWILLING_TO_PERFORM,
+                                       NULL, NULL, NULL, NULL, 0 );
+                       rc = 0;
+                       goto done;
+               }
+       }
+       
+       /* if root an no specific limit is required, allow unlimited search */
+       if ( isroot ) {
+               if ( tlimit == 0 ) {
+                       tlimit = -1;
+               }
+
+               if ( slimit == 0 ) {
+                       slimit = -1;
+               }
+
+       } else {
+               /* if no limit is required, use soft limit */
+               if ( tlimit <= 0 ) {
+                       tlimit = limit->lms_t_soft;
+               
+               /* if requested limit higher than hard limit, abort */
+               } else if ( tlimit > limit->lms_t_hard ) {
+                       /* no hard limit means use soft instead */
+                       if ( limit->lms_t_hard == 0 ) {
+                               tlimit = limit->lms_t_soft;
+                       
+                       /* positive hard limit means abort */
+                       } else if ( limit->lms_t_hard > 0 ) {
+                               send_search_result( conn, op, 
+                                               LDAP_UNWILLING_TO_PERFORM,
+                                               NULL, NULL, NULL, NULL, 0 );
+                               rc = 0; 
+                               goto done;
+                       }
+
+                       /* negative hard limit means no limit */
+               }
+
+               /* if no limit is required, use soft limit */
+               if ( slimit <= 0 ) {
+                       slimit = limit->lms_s_soft;
+
+               /* if requested limit higher than hard limit, abort */
+               } else if ( slimit > limit->lms_s_hard ) {
+                       /* no hard limit means use soft instead */
+                       if ( limit->lms_s_hard == 0 ) {
+                               slimit = limit->lms_s_soft;
+
+                       /* positive hard limit means abort */
+                       } else if ( limit->lms_s_hard > 0 ) {
+                               send_search_result( conn, op,
+                                               LDAP_UNWILLING_TO_PERFORM,
+                                               NULL, NULL, NULL, NULL, 0 );
+                               rc = 0;
+                               goto done;
+                       }
+
+                       /* negative hard limit means no limit */
+               }
+       }
+
+       /* compute it anyway; root does not use it */
+       stoptime = op->o_time + tlimit;
+
        for ( id = idl_firstid( candidates, &cursor ); id != NOID;
            id = idl_nextid( candidates, &cursor ) )
        {
-               int             scopeok = 0;
+               int scopeok = 0;
 
                /* check for abandon */
                ldap_pvt_thread_mutex_lock( &op->o_abandonmutex );
@@ -182,8 +309,14 @@ ldbm_back_search(
                e = id2entry_r( be, id );
 
                if ( e == NULL ) {
-                       Debug( LDAP_DEBUG_ARGS, "search: candidate %ld not found\n",
+#ifdef NEW_LOGGING
+                       LDAP_LOG(( "backend", LDAP_LEVEL_INFO,
+                               "ldbm_search: candidate %ld not found.\n", id ));
+#else
+                       Debug( LDAP_DEBUG_TRACE,
+                               "ldbm_search: candidate %ld not found\n",
                                id, 0, 0 );
+#endif
 
                        goto loop_continue;
                }
@@ -213,13 +346,19 @@ ldbm_back_search(
                                                free( pdn );
                                                goto loop_continue;
                                        }
-                                       free(pdn);
                                }
 
                        } else if ( dn_issuffix( e->e_ndn, realbase ) ) {
                                /* alias is within scope */
-                               Debug( LDAP_DEBUG_ARGS, "search: \"%s\" in subtree\n",
+#ifdef NEW_LOGGING
+                               LDAP_LOG(( "backend", LDAP_LEVEL_DETAIL1,
+                                       "ldbm_search: alias \"%s\" in subtree\n", e->e_dn ));
+#else
+                               Debug( LDAP_DEBUG_TRACE,
+                                       "ldbm_search: alias \"%s\" in subtree\n",
                                        e->e_dn, 0, 0 );
+#endif
+
                                goto loop_continue;
                        }
 
@@ -234,13 +373,51 @@ ldbm_back_search(
                if ( !manageDSAit && scope != LDAP_SCOPE_BASE &&
                        is_entry_referral( e ) )
                {
-                       struct berval **refs = get_entry_referrals(
-                               be, conn, op, e );
+                       char    *dn;
 
-                       send_search_reference( be, conn, op,
-                               e, refs, scope, NULL, &v2refs );
+                       /* check scope */
+                       if ( !scopeok && scope == LDAP_SCOPE_ONELEVEL ) {
+                               if ( (dn = dn_parent( be, e->e_ndn )) != NULL ) {
+                                       scopeok = (dn == realbase)
+                                               ? 1
+                                               : (strcmp( dn, realbase ) ? 0 : 1 );
+                               } else {
+                                       scopeok = (realbase == NULL || *realbase == '\0');
+                               }
 
-                       ber_bvecfree( refs );
+                       } else if ( !scopeok && scope == LDAP_SCOPE_SUBTREE ) {
+                               dn = ch_strdup( e->e_ndn );
+                               scopeok = dn_issuffix( dn, realbase );
+                               free( dn );
+
+                       } else {
+                               scopeok = 1;
+                       }
+
+                       if( scopeok ) {
+                               struct berval **erefs = get_entry_referrals(
+                                       be, conn, op, e, NULL, cscope );
+                               struct berval **refs = referral_rewrite( erefs, e->e_dn, NULL,
+                                       scope == LDAP_SCOPE_SUBTREE
+                                               ? LDAP_SCOPE_SUBTREE
+                                               : LDAP_SCOPE_BASE );
+
+                               send_search_reference( be, conn, op,
+                                       e, refs, NULL, &v2refs );
+
+                               ber_bvecfree( refs );
+
+                       } else {
+#ifdef NEW_LOGGING
+                               LDAP_LOG(( "backend", LDAP_LEVEL_DETAIL2,
+                                       "ldbm_search: candidate referral %ld scope not okay\n",
+                                       id ));
+#else
+                               Debug( LDAP_DEBUG_TRACE,
+                                       "ldbm_search: candidate referral %ld scope not okay\n",
+                                       id, 0, 0 );
+#endif
+                       }
 
                        goto loop_continue;
                }
@@ -252,12 +429,9 @@ ldbm_back_search(
                        /* check scope */
                        if ( !scopeok && scope == LDAP_SCOPE_ONELEVEL ) {
                                if ( (dn = dn_parent( be, e->e_ndn )) != NULL ) {
-                                       (void) dn_normalize( dn );
                                        scopeok = (dn == realbase)
                                                ? 1
                                                : (strcmp( dn, realbase ) ? 0 : 1 );
-                                       free( dn );
-
                                } else {
                                        scopeok = (realbase == NULL || *realbase == '\0');
                                }
@@ -283,52 +457,10 @@ ldbm_back_search(
                                }
 
                                if (e) {
-                                       int result;
-#ifdef BROKEN_NUM_SUBORDINATES
-                                       /* Tack on subordinates attr */
-                                       ID_BLOCK *idl = NULL;
-                                       char CATTR_SUBS[] = "numsubordinates";
-
-                                       if (attrs &&
-                                           charray_inlist(attrs,
-                                                          CATTR_SUBS))
-                                       {
-                                           idl = dn2idl(be, e->e_ndn,
-                                                        DN_ONE_PREFIX);
-                                           if (idl)
-                                           {
-                                               char buf[30];
-                                               struct berval val, *vals[2];
-
-                                               vals[0] = &val;
-                                               vals[1] = NULL;
-
-                                               sprintf(buf, "%lu",
-                                                       ID_BLOCK_NIDS(idl));
-
-                                               val.bv_val = buf;
-                                               val.bv_len = strlen(buf);
-
-                                               attr_merge(e, CATTR_SUBS,
-                                                          vals);
-                                           }
-                                       }
-#endif
-
-                                       result = send_search_entry(be, conn, op,
+                                       int result = send_search_entry(be, conn, op,
                                                e, attrs, attrsonly, NULL);
 
-#ifdef BROKEN_NUM_SUBORDINATES
-                                       if (idl)
-                                       {
-                                           idl_free(idl);
-                                           attr_delete(&e->e_attrs,
-                                                       CATTR_SUBS);
-                                       }
-#endif
-
-                                       switch (result)
-                                       {
+                                       switch (result) {
                                        case 0:         /* entry sent ok */
                                                nentries++;
                                                break;
@@ -341,12 +473,25 @@ ldbm_back_search(
                                        }
                                }
                        } else {
-                               Debug( LDAP_DEBUG_TRACE, "candidate %ld scope not okay\n",
+#ifdef NEW_LOGGING
+                               LDAP_LOG(( "backend", LDAP_LEVEL_DETAIL2,
+                                       "ldbm_search: candidate entry %ld scope not okay\n", id ));
+#else
+                               Debug( LDAP_DEBUG_TRACE,
+                                       "ldbm_search: candidate entry %ld scope not okay\n",
                                        id, 0, 0 );
+#endif
                        }
+
                } else {
-                       Debug( LDAP_DEBUG_TRACE, "candidate %ld does match filter\n",
+#ifdef NEW_LOGGING
+                       LDAP_LOG(( "backend", LDAP_LEVEL_DETAIL2,
+                               "ldbm_search: candidate entry %ld does not match filter\n", id ));
+#else
+                       Debug( LDAP_DEBUG_TRACE,
+                               "ldbm_search: candidate entry %ld does not match filter\n",
                                id, 0, 0 );
+#endif
                }
 
 loop_continue:
@@ -357,6 +502,7 @@ loop_continue:
 
                ldap_pvt_thread_yield();
        }
+
        send_search_result( conn, op,
                v2refs == NULL ? LDAP_SUCCESS : LDAP_REFERRAL,
                NULL, NULL, v2refs, NULL, nentries );
@@ -376,13 +522,18 @@ done:
 static ID_BLOCK *
 base_candidate(
     Backend    *be,
-       Entry   *e
-)
+       Entry   *e )
 {
        ID_BLOCK                *idl;
 
+#ifdef NEW_LOGGING
+       LDAP_LOG(( "backend", LDAP_LEVEL_ENTRY,
+                  "base_candidate: base (%s)\n", e->e_dn ));
+#else
        Debug(LDAP_DEBUG_TRACE, "base_candidates: base: \"%s\"\n",
                e->e_dn, 0, 0);
+#endif
+
 
        idl = idl_alloc( 1 );
        idl_insert( &idl, e->e_id, 1 );
@@ -397,104 +548,59 @@ search_candidates(
     Filter     *filter,
     int                scope,
        int             deref,
-       int             manageDSAit
-)
+       int             manageDSAit )
 {
        ID_BLOCK                *candidates;
-#ifdef SLAPD_SCHEMA_NOT_COMPAT
-       candidates = filter_candidates( be, filter );
+       Filter          f, fand, rf, af, xf;
+    AttributeAssertion aa_ref, aa_alias;
+       static struct berval bv_ref = { sizeof("REFERRAL")-1, "REFERRAL" };
+       static struct berval bv_alias = { sizeof("ALIAS")-1, "ALIAS" };
+
+#ifdef NEW_LOGGING
+       LDAP_LOG(( "backend", LDAP_LEVEL_DETAIL1,
+                  "search_candidates: base (%s) scope %d deref %d\n",
+                  e->e_ndn, scope, deref ));
 #else
-
-       Filter          rf, rf_or, af, af_or, lf, lf_and;
-#ifdef SLAPD_SCHEMA_NOT_COMPAT
-       AttributeDescription *ad_objectClass = slap_schema.si_ad_objectClass;
-#endif
-
-       Debug(LDAP_DEBUG_TRACE, "search_candidates: base=\"%s\" s=%d d=%d\n",
+       Debug(LDAP_DEBUG_TRACE,
+               "search_candidates: base=\"%s\" s=%d d=%d\n",
                e->e_ndn, scope, deref );
 #endif
 
-#ifndef SLAPD_SCHEMA_NOT_COMPAT
+
+       xf.f_or = filter;
+       xf.f_choice = LDAP_FILTER_OR;
+       xf.f_next = NULL;
+
        if( !manageDSAit ) {
                /* match referrals */
-               rf.f_next = NULL;
-               rf.f_choice = LDAP_FILTER_OR;
-               rf.f_or = &rf_or;
-               rf.f_or->f_choice = LDAP_FILTER_EQUALITY;
-#ifdef SLAPD_SCHEMA_NOT_COMPAT
-               rf.f_or->f_av_desc = ad_objectClass;
-               rf.f_or->f_av_value = ber_bvstrdup("REFERRAL");
-#else
-               rf.f_or->f_avtype = ch_strdup( "objectclass" );
-               rf.f_or->f_avvalue.bv_val = ch_strdup( "REFERRAL" );
-               rf.f_or->f_avvalue.bv_len = sizeof("REFERRAL")-1;
-#endif
-               rf.f_or->f_next = filter;
-               filter = &rf;
-       } else {
-               rf.f_or = NULL;
+               rf.f_choice = LDAP_FILTER_EQUALITY;
+               rf.f_ava = &aa_ref;
+               rf.f_av_desc = slap_schema.si_ad_objectClass;
+               rf.f_av_value = &bv_ref;
+               rf.f_next = xf.f_or;
+               xf.f_or = &rf;
        }
 
        if( deref & LDAP_DEREF_SEARCHING ) {
                /* match aliases */
-               af.f_next = NULL;
-               af.f_choice = LDAP_FILTER_OR;
-               af.f_or = &af_or;
-               af.f_or->f_choice = LDAP_FILTER_EQUALITY;
-#ifdef SLAPD_SCHEMA_NOT_COMPAT
-               af.f_or->f_av_desc = objectClass;
-               af.f_or->f_av_value = ber_bvstrdup("ALIAS");
-#else
-               af.f_or->f_avtype = ch_strdup( "objectclass" );
-               af.f_or->f_avvalue.bv_val = ch_strdup( "ALIAS" );
-               af.f_or->f_avvalue.bv_len = sizeof("ALIAS")-1;
-#endif
-               af.f_or->f_next = filter;
-               filter = &af;
-       } else {
-               af.f_or = NULL;
-       }
-
-       if ( scope == LDAP_SCOPE_SUBTREE ) {
-               lf.f_next = NULL;
-               lf.f_choice = LDAP_FILTER_AND;
-               lf.f_and = &lf_and;
-               lf.f_and->f_choice = SLAPD_FILTER_DN_SUBTREE;
-               lf.f_and->f_dn = e->e_ndn;
-               lf.f_and->f_next = filter;
-               filter = &lf;
-
-       } else if ( scope == LDAP_SCOPE_ONELEVEL ) {
-               lf.f_next = NULL;
-               lf.f_choice = LDAP_FILTER_AND;
-               lf.f_and = &lf_and;
-               lf.f_and->f_choice = SLAPD_FILTER_DN_ONE;
-               lf.f_and->f_dn = e->e_ndn;
-               lf.f_and->f_next = filter;
-               filter = &lf;
+               af.f_choice = LDAP_FILTER_EQUALITY;
+               af.f_ava = &aa_alias;
+               af.f_av_desc = slap_schema.si_ad_objectClass;
+               af.f_av_value = &bv_alias;
+               af.f_next = xf.f_or;
+               xf.f_or = &af;
        }
 
-       candidates = filter_candidates( be, filter );
+       f.f_next = NULL;
+       f.f_choice = LDAP_FILTER_AND;
+       f.f_and = &fand;
+       fand.f_choice = scope == LDAP_SCOPE_SUBTREE
+               ? SLAPD_FILTER_DN_SUBTREE
+               : SLAPD_FILTER_DN_ONE;
+       fand.f_dn = e->e_ndn;
+       fand.f_next = xf.f_or == filter ? filter : &xf ;
 
-       /* free dynamically allocated bits */
-       if( af.f_or != NULL ) {
-#ifdef SLAPD_SCHEMA_NOT_COMPAT
-               ber_bvfree( af.f_or->f_av_value );
-#else
-               free( af.f_or->f_avtype );
-               free( af.f_or->f_avvalue.bv_val );
-#endif
-       }
-
-       if( rf.f_or != NULL ) {
-#ifdef SLAPD_SCHEMA_NOT_COMPAT
-               ber_bvfree( rf.f_or->f_av_value );
-#else
-               free( rf.f_or->f_avtype );
-               free( rf.f_or->f_avvalue.bv_val );
-#endif
-       }
+       candidates = filter_candidates( be, &f );
 
-#endif
        return( candidates );
 }
Cloned from git://git.openldap.org/openldap.git