]> git.sur5r.net Git - openldap/blobdiff - servers/slapd/back-ldbm/search.c
projects / openldap / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
ITS#2864 don't use sl_mark/release.
[openldap] / servers / slapd / back-ldbm / search.c
diff --git a/servers/slapd/back-ldbm/search.c b/servers/slapd/back-ldbm/search.c
index 49bd4b2777dcdd87dfc99b8bcc3d6cd86207a1bf..e2e5b113c9bbf82dc9031ab4de6ed2164026e5a3 100644 (file)
--- a/servers/slapd/back-ldbm/search.c
+++ b/servers/slapd/back-ldbm/search.c
@@ -1,8 +1,17 @@
 /* search.c - ldbm backend search function */
 /* $OpenLDAP$ */
-/*
- * Copyright 1998-2000 The OpenLDAP Foundation, All Rights Reserved.
- * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2003 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
  */
 
 #include "portable.h"
@@ -20,144 +29,166 @@ static ID_BLOCK   *base_candidate(
        Backend *be, Entry *e );
 
 static ID_BLOCK        *search_candidates(
-       Backend *be, Entry *e, Filter *filter,
+       Operation *op, Entry *e, Filter *filter,
        int scope, int deref, int manageDSAit );
 
 
 int
 ldbm_back_search(
-    Backend    *be,
-    Connection *conn,
     Operation  *op,
-    const char *base,
-    const char *nbase,
-    int                scope,
-    int                deref,
-    int                slimit,
-    int                tlimit,
-    Filter     *filter,
-    const char *filterstr,
-    char       **attrs,
-    int                attrsonly )
+    SlapReply  *rs )
 {
-       struct ldbminfo *li = (struct ldbminfo *) be->be_private;
+       struct ldbminfo *li = (struct ldbminfo *) op->o_bd->be_private;
        int             rc, err;
        const char *text = NULL;
        time_t          stoptime;
        ID_BLOCK                *candidates;
        ID              id, cursor;
        Entry           *e;
-       struct berval **v2refs = NULL;
        Entry   *matched = NULL;
-       char    *realbase = NULL;
-       int             nentries = 0;
+       struct berval   realbase = { 0, NULL };
        int             manageDSAit = get_manageDSAit( op );
+       int             cscope = LDAP_SCOPE_DEFAULT;
 
+       struct slap_limits_set *limit = NULL;
+       int isroot = 0;
+               
 #ifdef NEW_LOGGING
-       LDAP_LOG(( "backend", LDAP_LEVEL_ENTRY,
-                  "ldbm_back_search: enter\n" ));
+       LDAP_LOG( BACK_LDBM, ENTRY, "ldbm_back_search: enter\n", 0, 0, 0 );
 #else
        Debug(LDAP_DEBUG_TRACE, "=> ldbm_back_search\n", 0, 0, 0);
 #endif
 
+       /* grab giant lock for reading */
+       ldap_pvt_thread_rdwr_rlock(&li->li_giant_rwlock);
 
-       if ( *nbase == '\0' ) {
+       if ( op->o_req_ndn.bv_len == 0 ) {
                /* DIT root special case */
-               static const Entry root = { NOID, "", "", NULL, NULL };
-               e = (Entry *) &root;
+               e = (Entry *) &slap_entry_root;
 
                /* need normalized dn below */
-               realbase = ch_strdup( e->e_ndn );
+               ber_dupbv( &realbase, &e->e_nname );
 
-               candidates = search_candidates( be, e, filter,
-                   scope, deref, manageDSAit );
+               candidates = search_candidates( op, e, op->oq_search.rs_filter,
+                               op->oq_search.rs_scope, op->oq_search.rs_deref,
+                               manageDSAit || get_domainScope(op) );
 
                goto searchit;
                
-       } else if ( deref & LDAP_DEREF_FINDING ) {
+       } else if ( op->oq_search.rs_deref & LDAP_DEREF_FINDING ) {
                /* deref dn and get entry with reader lock */
-               e = deref_dn_r( be, nbase, &err, &matched, &text );
+               e = deref_dn_r( op->o_bd, &op->o_req_ndn, &rs->sr_err, &matched, &rs->sr_text );
 
-               if( err == LDAP_NO_SUCH_OBJECT ) err = LDAP_REFERRAL;
+               if( rs->sr_err == LDAP_NO_SUCH_OBJECT ) rs->sr_err = LDAP_REFERRAL;
 
        } else {
                /* get entry with reader lock */
-               e = dn2entry_r( be, nbase, &matched );
-               err = e != NULL ? LDAP_SUCCESS : LDAP_REFERRAL;
-               text = NULL;
+               e = dn2entry_r( op->o_bd, &op->o_req_ndn, &matched );
+               rs->sr_err = e != NULL ? LDAP_SUCCESS : LDAP_REFERRAL;
+               rs->sr_text = NULL;
        }
 
        if ( e == NULL ) {
-               char *matched_dn = NULL;
-               struct berval **refs = NULL;
+               struct berval matched_dn = { 0, NULL };
 
                if ( matched != NULL ) {
-                       matched_dn = ch_strdup( matched->e_dn );
+                       BerVarray erefs;
+                       ber_dupbv( &matched_dn, &matched->e_name );
 
-                       refs = is_entry_referral( matched )
-                               ? get_entry_referrals( be, conn, op, matched )
+                       erefs = is_entry_referral( matched )
+                               ? get_entry_referrals( op, matched )
                                : NULL;
 
                        cache_return_entry_r( &li->li_cache, matched );
 
+                       if( erefs ) {
+                               rs->sr_ref = referral_rewrite( erefs, &matched_dn,
+                                       &op->o_req_dn, op->oq_search.rs_scope );
+
+                               ber_bvarray_free( erefs );
+                       }
+
                } else {
-                       refs = default_referral;
+                       rs->sr_ref = referral_rewrite( default_referral,
+                               NULL, &op->o_req_dn, op->oq_search.rs_scope );
                }
 
-               send_ldap_result( conn, op, err,
-                       matched_dn, text, refs, NULL );
+               ldap_pvt_thread_rdwr_runlock(&li->li_giant_rwlock);
 
-               if( matched != NULL ) {
-                       ber_bvecfree( refs );
-                       free( matched_dn );
-               }
+               rs->sr_matched = matched_dn.bv_val;
+               send_ldap_result( op, rs );
 
-               return 1;
+               ber_bvarray_free( rs->sr_ref );
+               ber_memfree( matched_dn.bv_val );
+               rs->sr_ref = NULL;
+               rs->sr_matched = NULL;
+               return LDAP_REFERRAL;
        }
 
        if (!manageDSAit && is_entry_referral( e ) ) {
                /* entry is a referral, don't allow add */
-               char *matched_dn = ch_strdup( e->e_dn );
-               struct berval **refs = get_entry_referrals( be,
-                       conn, op, e );
+               struct berval matched_dn;
+               BerVarray erefs;
+
+               ber_dupbv( &matched_dn, &e->e_name );
+               erefs = get_entry_referrals( op, e );
+               rs->sr_ref = NULL;
 
                cache_return_entry_r( &li->li_cache, e );
+               ldap_pvt_thread_rdwr_runlock(&li->li_giant_rwlock);
 
 #ifdef NEW_LOGGING
-               LDAP_LOG(( "backend", LDAP_LEVEL_INFO,
-                          "ldbm_search: entry (%s) is a referral.\n",
-                          e->e_dn ));
+               LDAP_LOG( BACK_LDBM, INFO,
+                       "ldbm_search: entry (%s) is a referral.\n",
+                       e->e_dn, 0, 0 );
 #else
                Debug( LDAP_DEBUG_TRACE,
                        "ldbm_search: entry is referral\n",
                        0, 0, 0 );
 #endif
 
+               if( erefs ) {
+                       rs->sr_ref = referral_rewrite( erefs, &matched_dn,
+                               &op->o_req_dn, op->oq_search.rs_scope );
 
-               send_ldap_result( conn, op, LDAP_REFERRAL,
-                   matched_dn, NULL, refs, NULL );
+                       ber_bvarray_free( erefs );
+               }
 
-               ber_bvecfree( refs );
-               free( matched_dn );
+               rs->sr_matched = matched_dn.bv_val;
+               if( rs->sr_ref ) {
+                       rs->sr_err = LDAP_REFERRAL;
+                       send_ldap_result( op, rs );
+                       ber_bvarray_free( rs->sr_ref );
 
-               return 1;
+               } else {
+                       send_ldap_error( op, rs, LDAP_OTHER,
+                       "bad referral object" );
+               }
+
+               ber_memfree( matched_dn.bv_val );
+               rs->sr_ref = NULL;
+               rs->sr_matched = NULL;
+               return LDAP_OTHER;
        }
 
        if ( is_entry_alias( e ) ) {
                /* don't deref */
-               deref = LDAP_DEREF_NEVER;
+               op->oq_search.rs_deref = LDAP_DEREF_NEVER;
        }
 
-       if ( scope == LDAP_SCOPE_BASE ) {
-               candidates = base_candidate( be, e );
+       if ( op->oq_search.rs_scope == LDAP_SCOPE_BASE ) {
+               cscope = LDAP_SCOPE_BASE;
+               candidates = base_candidate( op->o_bd, e );
 
        } else {
-               candidates = search_candidates( be, e, filter,
-                   scope, deref, manageDSAit );
+               cscope = ( op->oq_search.rs_scope != LDAP_SCOPE_SUBTREE )
+                       ? LDAP_SCOPE_BASE : LDAP_SCOPE_SUBTREE;
+               candidates = search_candidates( op, e, op->oq_search.rs_filter,
+                   op->oq_search.rs_scope, op->oq_search.rs_deref, manageDSAit );
        }
 
        /* need normalized dn below */
-       realbase = ch_strdup( e->e_ndn );
+       ber_dupbv( &realbase, &e->e_nname );
 
        cache_return_entry_r( &li->li_cache, e );
 
@@ -165,84 +196,169 @@ searchit:
        if ( candidates == NULL ) {
                /* no candidates */
 #ifdef NEW_LOGGING
-               LDAP_LOG(( "backend", LDAP_LEVEL_INFO,
-                          "ldbm_search: no candidates\n" ));
+               LDAP_LOG( BACK_LDBM, INFO,
+                       "ldbm_search: no candidates\n" , 0, 0, 0);
 #else
                Debug( LDAP_DEBUG_TRACE, "ldbm_search: no candidates\n",
                        0, 0, 0 );
 #endif
 
+               rs->sr_err = LDAP_SUCCESS;
+               send_ldap_result( op, rs );
 
-               send_search_result( conn, op,
-                       LDAP_SUCCESS,
-                       NULL, NULL, NULL, NULL, 0 );
-
-               rc = 1;
+               rc = LDAP_SUCCESS;
                goto done;
        }
 
-       if ( tlimit == 0 && be_isroot( be, op->o_ndn ) ) {
-               tlimit = -1;    /* allow root to set no limit */
+       /* if not root, get appropriate limits */
+       if ( be_isroot( op->o_bd, &op->o_ndn ) )
+       {
+               /*
+                * FIXME: I'd consider this dangerous if someone
+                * uses isroot for anything but handling limits
+                */
+               isroot = 1;
        } else {
-               tlimit = (tlimit > be->be_timelimit || tlimit < 1) ?
-                   be->be_timelimit : tlimit;
-               stoptime = op->o_time + tlimit;
+               ( void ) get_limits( op->o_bd, &op->o_ndn, &limit );
+       }
+
+       /* if candidates exceed to-be-checked entries, abort */
+       if ( !isroot && limit->lms_s_unchecked != -1 ) {
+               if ( ID_BLOCK_NIDS( candidates ) > (unsigned) limit->lms_s_unchecked ) {
+                       send_ldap_error( op, rs, LDAP_ADMINLIMIT_EXCEEDED,
+                                       NULL );
+                       rc = LDAP_SUCCESS;
+                       goto done;
+               }
        }
+       
+       /* if root an no specific limit is required, allow unlimited search */
+       if ( isroot ) {
+               if ( op->oq_search.rs_tlimit == 0 ) {
+                       op->oq_search.rs_tlimit = -1;
+               }
+
+               if ( op->oq_search.rs_slimit == 0 ) {
+                       op->oq_search.rs_slimit = -1;
+               }
 
-       if ( slimit == 0 && be_isroot( be, op->o_ndn ) ) {
-               slimit = -1;    /* allow root to set no limit */
        } else {
-               slimit = (slimit > be->be_sizelimit || slimit < 1) ?
-                   be->be_sizelimit : slimit;
+               /* if no limit is required, use soft limit */
+               if ( op->oq_search.rs_tlimit <= 0 ) {
+                       op->oq_search.rs_tlimit = limit->lms_t_soft;
+               
+               /* if requested limit higher than hard limit, abort */
+               } else if ( op->oq_search.rs_tlimit > limit->lms_t_hard ) {
+                       /* no hard limit means use soft instead */
+                       if ( limit->lms_t_hard == 0
+                                       && limit->lms_t_soft > -1
+                                       && op->oq_search.rs_tlimit > limit->lms_t_soft ) {
+                               op->oq_search.rs_tlimit = limit->lms_t_soft;
+                       
+                       /* positive hard limit means abort */
+                       } else if ( limit->lms_t_hard > 0 ) {
+                               send_ldap_error( op, rs,
+                                               LDAP_ADMINLIMIT_EXCEEDED,
+                                               NULL );
+                               rc = LDAP_SUCCESS; 
+                               goto done;
+                       }
+
+                       /* negative hard limit means no limit */
+               }
+
+               /* if no limit is required, use soft limit */
+               if ( op->oq_search.rs_slimit <= 0 ) {
+                       op->oq_search.rs_slimit = limit->lms_s_soft;
+
+               /* if requested limit higher than hard limit, abort */
+               } else if ( op->oq_search.rs_slimit > limit->lms_s_hard ) {
+                       /* no hard limit means use soft instead */
+                       if ( limit->lms_s_hard == 0
+                                       && limit->lms_s_soft > -1
+                                       && op->oq_search.rs_slimit > limit->lms_s_soft ) {
+                               op->oq_search.rs_slimit = limit->lms_s_soft;
+
+                       /* positive hard limit means abort */
+                       } else if ( limit->lms_s_hard > 0 ) {
+                               send_ldap_error( op, rs,
+                                               LDAP_ADMINLIMIT_EXCEEDED,
+                                               NULL );
+                               rc = LDAP_SUCCESS;
+                               goto done;
+                       }
+
+                       /* negative hard limit means no limit */
+               }
        }
 
+       /* compute it anyway; root does not use it */
+       stoptime = op->o_time + op->oq_search.rs_tlimit;
+       rs->sr_attrs = op->oq_search.rs_attrs;
+
        for ( id = idl_firstid( candidates, &cursor ); id != NOID;
            id = idl_nextid( candidates, &cursor ) )
        {
-               int             scopeok = 0;
+               int scopeok = 0;
+               int result = 0;
 
                /* check for abandon */
-               ldap_pvt_thread_mutex_lock( &op->o_abandonmutex );
-
                if ( op->o_abandon ) {
-                       ldap_pvt_thread_mutex_unlock( &op->o_abandonmutex );
-                       rc = 0;
+                       rc = LDAP_SUCCESS;
                        goto done;
                }
 
-               ldap_pvt_thread_mutex_unlock( &op->o_abandonmutex );
-
                /* check time limit */
-               if ( tlimit != -1 && slap_get_time() > stoptime ) {
-                       send_search_result( conn, op, LDAP_TIMELIMIT_EXCEEDED,
-                               NULL, NULL, v2refs, NULL, nentries );
-                       rc = 0;
+               if ( op->oq_search.rs_tlimit != -1 && slap_get_time() > stoptime ) {
+                       rs->sr_err = LDAP_TIMELIMIT_EXCEEDED;
+                       send_ldap_result( op, rs );
+                       rc = LDAP_SUCCESS;
                        goto done;
                }
 
                /* get the entry with reader lock */
-               e = id2entry_r( be, id );
+               e = id2entry_r( op->o_bd, id );
 
                if ( e == NULL ) {
 #ifdef NEW_LOGGING
-                       LDAP_LOG(( "backend", LDAP_LEVEL_INFO,
-                                  "ldbm_search: candidate %ld not found.\n", id ));
+                       LDAP_LOG( BACK_LDBM, INFO,
+                               "ldbm_search: candidate %ld not found.\n", id, 0, 0 );
 #else
                        Debug( LDAP_DEBUG_TRACE,
                                "ldbm_search: candidate %ld not found\n",
                                id, 0, 0 );
 #endif
 
+                       goto loop_continue;
+               }
+
+               rs->sr_entry = e;
 
+#ifdef LDBM_SUBENTRIES
+       if ( is_entry_subentry( e ) ) {
+               if( op->oq_search.rs_scope != LDAP_SCOPE_BASE ) {
+                       if(!get_subentries_visibility( op )) {
+                               /* only subentries are visible */
+                               goto loop_continue;
+                       }
+               } else if ( get_subentries( op ) &&
+                       !get_subentries_visibility( op ))
+               {
+                       /* only subentries are visible */
                        goto loop_continue;
                }
+       } else if ( get_subentries_visibility( op )) {
+               /* only subentries are visible */
+               goto loop_continue;
+       }
+#endif
 
-               if ( deref & LDAP_DEREF_SEARCHING && is_entry_alias( e ) ) {
+               if ( op->oq_search.rs_deref & LDAP_DEREF_SEARCHING && is_entry_alias( e ) ) {
                        Entry *matched;
                        int err;
                        const char *text;
                        
-                       e = deref_entry_r( be, e, &err, &matched, &text );
+                       e = deref_entry_r( op->o_bd, e, &err, &matched, &text );
 
                        if( e == NULL ) {
                                e = matched;
@@ -255,30 +371,29 @@ searchit:
                        }
 
                        /* need to skip alias which deref into scope */
-                       if( scope & LDAP_SCOPE_ONELEVEL ) {
-                               char *pdn = dn_parent( NULL, e->e_ndn );
-                               if ( pdn != NULL ) {
-                                       if( strcmp( pdn, realbase ) ) {
-                                               free( pdn );
-                                               goto loop_continue;
-                                       }
-                                       free(pdn);
+                       if( op->oq_search.rs_scope & LDAP_SCOPE_ONELEVEL ) {
+                               struct berval pdn;
+                               dnParent( &e->e_nname, &pdn );
+                               if ( ber_bvcmp( &pdn, &realbase ) ) {
+                                       goto loop_continue;
                                }
 
-                       } else if ( dn_issuffix( e->e_ndn, realbase ) ) {
+                       } else if ( dnIsSuffix( &e->e_nname, &realbase ) ) {
                                /* alias is within scope */
 #ifdef NEW_LOGGING
-                               LDAP_LOG(( "backend", LDAP_LEVEL_DETAIL1,
-                                          "ldbm_search: \"%s\" in subtree\n", e->e_dn ));
+                               LDAP_LOG( BACK_LDBM, DETAIL1,
+                                       "ldbm_search: alias \"%s\" in subtree\n", e->e_dn, 0, 0 );
 #else
                                Debug( LDAP_DEBUG_TRACE,
-                                       "ldbm_search: \"%s\" in subtree\n",
+                                       "ldbm_search: alias \"%s\" in subtree\n",
                                        e->e_dn, 0, 0 );
 #endif
 
                                goto loop_continue;
                        }
 
+                       rs->sr_entry = e;
+
                        scopeok = 1;
                }
 
@@ -287,41 +402,76 @@ searchit:
                 * this for non-base searches, and don't check the filter
                 * explicitly here since it's only a candidate anyway.
                 */
-               if ( !manageDSAit && scope != LDAP_SCOPE_BASE &&
+               if ( !manageDSAit && op->oq_search.rs_scope != LDAP_SCOPE_BASE &&
                        is_entry_referral( e ) )
                {
-                       struct berval **refs = get_entry_referrals(
-                               be, conn, op, e );
+                       struct berval   dn;
 
-                       send_search_reference( be, conn, op,
-                               e, refs, scope, NULL, &v2refs );
+                       /* check scope */
+                       if ( !scopeok && op->oq_search.rs_scope == LDAP_SCOPE_ONELEVEL ) {
+                               if ( !be_issuffix( op->o_bd, &e->e_nname ) ) {
+                                       dnParent( &e->e_nname, &dn );
+                                       scopeok = dn_match( &dn, &realbase );
+                               } else {
+                                       scopeok = (realbase.bv_len == 0);
+                               }
+
+                       } else if ( !scopeok && op->oq_search.rs_scope == LDAP_SCOPE_SUBTREE ) {
+                               scopeok = dnIsSuffix( &e->e_nname, &realbase );
+
+                       } else {
+                               scopeok = 1;
+                       }
+
+                       if( scopeok ) {
+                               BerVarray erefs = get_entry_referrals( op, e );
+                               rs->sr_ref = referral_rewrite( erefs,
+                                       &e->e_name, NULL,
+                                       op->oq_search.rs_scope == LDAP_SCOPE_SUBTREE
+                                               ? LDAP_SCOPE_SUBTREE
+                                               : LDAP_SCOPE_BASE );
+
+                               send_search_reference( op, rs );
+
+                               ber_bvarray_free( rs->sr_ref );
+                               rs->sr_ref = NULL;
+
+                       } else {
+#ifdef NEW_LOGGING
+                               LDAP_LOG( BACK_LDBM, DETAIL2,
+                                       "ldbm_search: candidate referral %ld scope not okay\n",
+                                       id, 0, 0 );
+#else
+                               Debug( LDAP_DEBUG_TRACE,
+                                       "ldbm_search: candidate referral %ld scope not okay\n",
+                                       id, 0, 0 );
+#endif
+                       }
 
-                       ber_bvecfree( refs );
+                       goto loop_continue;
+               }
 
+               if ( !manageDSAit && is_entry_glue( e )) {
                        goto loop_continue;
                }
 
                /* if it matches the filter and scope, send it */
-               if ( test_filter( be, conn, op, e, filter ) == LDAP_COMPARE_TRUE ) {
-                       char    *dn;
+               result = test_filter( op, e, op->oq_search.rs_filter );
 
-                       /* check scope */
-                       if ( !scopeok && scope == LDAP_SCOPE_ONELEVEL ) {
-                               if ( (dn = dn_parent( be, e->e_ndn )) != NULL ) {
-                                       (void) dn_normalize( dn );
-                                       scopeok = (dn == realbase)
-                                               ? 1
-                                               : (strcmp( dn, realbase ) ? 0 : 1 );
-                                       free( dn );
+               if ( result == LDAP_COMPARE_TRUE ) {
+                       struct berval   dn;
 
+                       /* check scope */
+                       if ( !scopeok && op->oq_search.rs_scope == LDAP_SCOPE_ONELEVEL ) {
+                               if ( !be_issuffix( op->o_bd, &e->e_nname ) ) {
+                                       dnParent( &e->e_nname, &dn );
+                                       scopeok = dn_match( &dn, &realbase );
                                } else {
-                                       scopeok = (realbase == NULL || *realbase == '\0');
+                                       scopeok = (realbase.bv_len == 0);
                                }
 
-                       } else if ( !scopeok && scope == LDAP_SCOPE_SUBTREE ) {
-                               dn = ch_strdup( e->e_ndn );
-                               scopeok = dn_issuffix( dn, realbase );
-                               free( dn );
+                       } else if ( !scopeok && op->oq_search.rs_scope == LDAP_SCOPE_SUBTREE ) {
+                               scopeok = dnIsSuffix( &e->e_nname, &realbase );
 
                        } else {
                                scopeok = 1;
@@ -329,52 +479,51 @@ searchit:
 
                        if ( scopeok ) {
                                /* check size limit */
-                               if ( --slimit == -1 ) {
+                               if ( --op->oq_search.rs_slimit == -1 ) {
                                        cache_return_entry_r( &li->li_cache, e );
-                                       send_search_result( conn, op,
-                                               LDAP_SIZELIMIT_EXCEEDED, NULL, NULL,
-                                               v2refs, NULL, nentries );
-                                       rc = 0;
+                                       rs->sr_err = LDAP_SIZELIMIT_EXCEEDED;
+                                       send_ldap_result( op, rs );
+                                       rc = LDAP_SUCCESS;
                                        goto done;
                                }
 
                                if (e) {
-                                       int result = send_search_entry(be, conn, op,
-                                               e, attrs, attrsonly, NULL);
+
+                                       result = send_search_entry( op, rs );
 
                                        switch (result) {
                                        case 0:         /* entry sent ok */
-                                               nentries++;
                                                break;
                                        case 1:         /* entry not sent */
                                                break;
                                        case -1:        /* connection closed */
                                                cache_return_entry_r( &li->li_cache, e );
-                                               rc = 0;
+                                               rc = LDAP_SUCCESS;
                                                goto done;
                                        }
                                }
                        } else {
 #ifdef NEW_LOGGING
-                               LDAP_LOG(( "backend", LDAP_LEVEL_DETAIL2,
-                                          "ldbm_search: candidate %ld scope not okay\n", id ));
+                               LDAP_LOG( BACK_LDBM, DETAIL2,
+                                       "ldbm_search: candidate entry %ld scope not okay\n", 
+                                       id, 0, 0 );
 #else
                                Debug( LDAP_DEBUG_TRACE,
-                                       "ldbm_search: candidate %ld scope not okay\n",
+                                       "ldbm_search: candidate entry %ld scope not okay\n",
                                        id, 0, 0 );
 #endif
-
                        }
+
                } else {
 #ifdef NEW_LOGGING
-                       LDAP_LOG(( "backend", LDAP_LEVEL_DETAIL2,
-                                  "ldbm_search: candidate %ld does not match filter\n", id ));
+                       LDAP_LOG( BACK_LDBM, DETAIL2,
+                               "ldbm_search: candidate entry %ld does not match filter\n", 
+                               id, 0, 0 );
 #else
                        Debug( LDAP_DEBUG_TRACE,
-                               "ldbm_search: candidate %ld does not match filter\n",
+                               "ldbm_search: candidate entry %ld does not match filter\n",
                                id, 0, 0 );
 #endif
-
                }
 
 loop_continue:
@@ -385,18 +534,21 @@ loop_continue:
 
                ldap_pvt_thread_yield();
        }
-       send_search_result( conn, op,
-               v2refs == NULL ? LDAP_SUCCESS : LDAP_REFERRAL,
-               NULL, NULL, v2refs, NULL, nentries );
 
-       rc = 0;
+       rs->sr_err = rs->sr_v2ref ? LDAP_REFERRAL : LDAP_SUCCESS;
+       rs->sr_ref = rs->sr_v2ref;
+       send_ldap_result( op, rs );
+
+       rc = LDAP_SUCCESS;
 
 done:
+       ldap_pvt_thread_rdwr_runlock(&li->li_giant_rwlock);
+
        if( candidates != NULL )
                idl_free( candidates );
 
-       ber_bvecfree( v2refs );
-       if( realbase ) free( realbase );
+       if( rs->sr_v2ref ) ber_bvarray_free( rs->sr_v2ref );
+       if( realbase.bv_val ) free( realbase.bv_val );
 
        return rc;
 }
@@ -409,8 +561,7 @@ base_candidate(
        ID_BLOCK                *idl;
 
 #ifdef NEW_LOGGING
-       LDAP_LOG(( "backend", LDAP_LEVEL_ENTRY,
-                  "base_candidate: base (%s)\n", e->e_dn ));
+       LDAP_LOG( BACK_LDBM, ENTRY, "base_candidate: base (%s)\n", e->e_dn, 0, 0 );
 #else
        Debug(LDAP_DEBUG_TRACE, "base_candidates: base: \"%s\"\n",
                e->e_dn, 0, 0);
@@ -425,7 +576,7 @@ base_candidate(
 
 static ID_BLOCK *
 search_candidates(
-    Backend    *be,
+    Operation  *op,
     Entry      *e,
     Filter     *filter,
     int                scope,
@@ -435,13 +586,17 @@ search_candidates(
        ID_BLOCK                *candidates;
        Filter          f, fand, rf, af, xf;
     AttributeAssertion aa_ref, aa_alias;
-       static struct berval bv_ref = { sizeof("REFERRAL")-1, "REFERRAL" };
-       static struct berval bv_alias = { sizeof("ALIAS")-1, "ALIAS" };
+       struct berval bv_ref = { sizeof("referral")-1, "referral" };
+       struct berval bv_alias = { sizeof("alias")-1, "alias" };
+#ifdef LDBM_SUBENTRIES
+       Filter  sf;
+       AttributeAssertion aa_subentry;
+#endif
 
 #ifdef NEW_LOGGING
-       LDAP_LOG(( "backend", LDAP_LEVEL_DETAIL1,
+       LDAP_LOG( BACK_LDBM, DETAIL1,
                   "search_candidates: base (%s) scope %d deref %d\n",
-                  e->e_ndn, scope, deref ));
+                  e->e_ndn, scope, deref );
 #else
        Debug(LDAP_DEBUG_TRACE,
                "search_candidates: base=\"%s\" s=%d d=%d\n",
@@ -458,7 +613,7 @@ search_candidates(
                rf.f_choice = LDAP_FILTER_EQUALITY;
                rf.f_ava = &aa_ref;
                rf.f_av_desc = slap_schema.si_ad_objectClass;
-               rf.f_av_value = &bv_ref;
+               rf.f_av_value = bv_ref;
                rf.f_next = xf.f_or;
                xf.f_or = &rf;
        }
@@ -468,7 +623,7 @@ search_candidates(
                af.f_choice = LDAP_FILTER_EQUALITY;
                af.f_ava = &aa_alias;
                af.f_av_desc = slap_schema.si_ad_objectClass;
-               af.f_av_value = &bv_alias;
+               af.f_av_value = bv_alias;
                af.f_next = xf.f_or;
                xf.f_or = &af;
        }
@@ -479,10 +634,22 @@ search_candidates(
        fand.f_choice = scope == LDAP_SCOPE_SUBTREE
                ? SLAPD_FILTER_DN_SUBTREE
                : SLAPD_FILTER_DN_ONE;
-       fand.f_dn = e->e_ndn;
+       fand.f_dn = &e->e_nname;
        fand.f_next = xf.f_or == filter ? filter : &xf ;
 
-       candidates = filter_candidates( be, &f );
+#ifdef LDBM_SUBENTRIES
+       if ( get_subentries_visibility( op )) {
+               struct berval bv_subentry = { sizeof("SUBENTRY")-1, "SUBENTRY" };
+               sf.f_choice = LDAP_FILTER_EQUALITY;
+               sf.f_ava = &aa_subentry;
+               sf.f_av_desc = slap_schema.si_ad_objectClass;
+               sf.f_av_value = bv_subentry;
+               sf.f_next = fand.f_next;
+               fand.f_next = &sf;
+       }
+#endif
+
+       candidates = filter_candidates( op, &f );
 
        return( candidates );
 }
Cloned from git://git.openldap.org/openldap.git