]> git.sur5r.net Git - openldap/blobdiff - servers/slapd/back-meta/search.c
projects / openldap / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Fix prev commit, return generated passwd
[openldap] / servers / slapd / back-meta / search.c
diff --git a/servers/slapd/back-meta/search.c b/servers/slapd/back-meta/search.c
index 25d2a1ef796a63837f8e3252860aea71bc1b07be..2fe1b3bad5ac93d6ea30f1b10450fac7e669ca25 100644 (file)
--- a/servers/slapd/back-meta/search.c
+++ b/servers/slapd/back-meta/search.c
@@ -1,7 +1,24 @@
-/*
- * Copyright 1998-2003 The OpenLDAP Foundation, All Rights Reserved.
- * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
+/* $OpenLDAP$ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1999-2003 The OpenLDAP Foundation.
+ * All rights reserved.
  *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was initially developed by the Howard Chu for inclusion
+ * in OpenLDAP Software and subsequently enhanced by Pierangelo
+ * Masarati.
+ */
+/* This is an altered version */
+/*
  * Copyright 2001, Pierangelo Masarati, All rights reserved. <ando@sys-net.it>
  *
  * This work has been developed to fulfill the requirements
@@ -82,13 +99,11 @@
 
 static int
 meta_send_entry(
-               Backend         *be,
                Operation       *op,
+               SlapReply       *rs,
                struct metaconn *lc,
                int             i,
-               LDAPMessage     *e,
-               AttributeName   *attrs,
-               int             attrsonly
+               LDAPMessage     *e
 );
 
 static int
@@ -98,41 +113,28 @@ is_one_level_rdn(
 );
 
 int
-meta_back_search(
-               Backend         *be,
-               Connection      *conn,
-               Operation       *op,
-               struct berval   *base,
-               struct berval   *nbase,
-               int             scope,
-               int             deref,
-               int             slimit,
-               int             tlimit,
-               Filter          *filter,
-               struct berval   *filterstr,
-               AttributeName   *attrs,
-               int             attrsonly
-)
+meta_back_search( Operation *op, SlapReply *rs )
 {
-       struct metainfo *li = ( struct metainfo * )be->be_private;
+       struct metainfo *li = ( struct metainfo * )op->o_bd->be_private;
        struct metaconn *lc;
        struct metasingleconn *lsc;
        struct timeval  tv = { 0, 0 };
        LDAPMessage     *res, *e;
-       int     count, rc = 0, *msgid, sres = LDAP_NO_SUCH_OBJECT;
-       char *match = NULL, *err = NULL;
-       char *mbase = NULL, *mmatch = NULL;
-       struct berval mfilter;
+       int     rc = 0, *msgid, sres = LDAP_NO_SUCH_OBJECT;
+       char *err = NULL;
+       struct berval match = { 0, NULL }, mmatch = { 0, NULL };
        BerVarray v2refs = NULL;
                
-       int i, last = 0, candidates = 0, op_type;
+       int i, last = 0, candidates = 0, initial_candidates = 0,
+                       candidate_match = 0;
        struct slap_limits_set *limit = NULL;
        int isroot = 0;
+       dncookie dc;
 
-       if ( scope == LDAP_SCOPE_BASE ) {
-               op_type = META_OP_REQUIRE_SINGLE;
-       } else {
-               op_type = META_OP_ALLOW_MULTIPLE;
+       cache_manager*  cm = li->cm;
+
+       if (cm->caching) {
+               return meta_back_cache_search(op, rs);
        }
        
        /*
@@ -141,8 +143,16 @@ meta_back_search(
         * FIXME: in case of values return filter, we might want
         * to map attrs and maybe rewrite value
         */
-       lc = meta_back_getconn( li, conn, op, op_type, nbase, NULL );
-       if ( !lc || !meta_back_dobind( lc, op ) ) {
+       lc = meta_back_getconn( op, rs, META_OP_ALLOW_MULTIPLE, 
+                       &op->o_req_ndn, NULL );
+       if ( !lc ) {
+               send_ldap_result( op, rs );
+               return -1;
+       }
+
+       if ( !meta_back_dobind( lc, op ) ) {
+               rs->sr_err = LDAP_OTHER;
+               send_ldap_result( op, rs );
                return -1;
        }
 
@@ -151,31 +161,31 @@ meta_back_search(
         */
        msgid = ch_calloc( sizeof( int ), li->ntargets );
        if ( msgid == NULL ) {
-               send_ldap_result( conn, op, LDAP_OTHER,
-                               NULL, NULL, NULL, NULL );
+               rs->sr_err = LDAP_OTHER;
+               send_ldap_result( op, rs );
                return -1;
        }
        
        /* if not root, get appropriate limits */
-       if ( be_isroot( be, &op->o_ndn ) ) {
+       if ( be_isroot( op->o_bd, &op->o_ndn ) ) {
                isroot = 1;
        } else {
-               ( void ) get_limits( be, &op->o_ndn, &limit );
+               ( void ) get_limits( op->o_bd, &op->o_ndn, &limit );
        }
 
        /* if no time limit requested, rely on remote server limits */
        /* if requested limit higher than hard limit, abort */
-       if ( !isroot && tlimit > limit->lms_t_hard ) {
+       if ( !isroot && op->oq_search.rs_tlimit > limit->lms_t_hard ) {
                /* no hard limit means use soft instead */
                if ( limit->lms_t_hard == 0
                                && limit->lms_t_soft > -1
-                               && tlimit > limit->lms_t_soft ) {
-                       tlimit = limit->lms_t_soft;
+                               && op->oq_search.rs_tlimit > limit->lms_t_soft ) {
+                       op->oq_search.rs_tlimit = limit->lms_t_soft;
                        
                /* positive hard limit means abort */
                } else if ( limit->lms_t_hard > 0 ) {
-                       send_ldap_result( conn, op, LDAP_ADMINLIMIT_EXCEEDED,
-                                       NULL, NULL, NULL, NULL );
+                       rs->sr_err = LDAP_ADMINLIMIT_EXCEEDED;
+                       send_ldap_result( op, rs );
                        rc = 0;
                        goto finish;
                }
@@ -185,17 +195,17 @@ meta_back_search(
        
        /* if no size limit requested, rely on remote server limits */
        /* if requested limit higher than hard limit, abort */
-       if ( !isroot && slimit > limit->lms_s_hard ) {
+       if ( !isroot && op->oq_search.rs_slimit > limit->lms_s_hard ) {
                /* no hard limit means use soft instead */
                if ( limit->lms_s_hard == 0
                                && limit->lms_s_soft > -1
-                               && slimit > limit->lms_s_soft ) {
-                       slimit = limit->lms_s_soft;
+                               && op->oq_search.rs_slimit > limit->lms_s_soft ) {
+                       op->oq_search.rs_slimit = limit->lms_s_soft;
                        
                /* positive hard limit means abort */
                } else if ( limit->lms_s_hard > 0 ) {
-                       send_ldap_result( conn, op, LDAP_ADMINLIMIT_EXCEEDED,
-                                       NULL, NULL, NULL, NULL );
+                       rs->sr_err = LDAP_ADMINLIMIT_EXCEEDED;
+                       send_ldap_result( op, rs );
                        rc = 0;
                        goto finish;
                }
@@ -203,39 +213,48 @@ meta_back_search(
                /* negative hard limit means no limit */
        }
 
+
+       dc.conn = op->o_conn;
+       dc.rs = rs;
+
        /*
         * Inits searches
         */
        for ( i = 0, lsc = lc->conns; !META_LAST(lsc); ++i, ++lsc ) {
-               char    *realbase = ( char * )base->bv_val;
-               int     realscope = scope;
-               ber_len_t suffixlen;
-               char    *mapped_filter, **mapped_attrs;
-               
+               struct berval   realbase = op->o_req_dn;
+               int             realscope = op->oq_search.rs_scope;
+               ber_len_t       suffixlen = 0;
+               struct berval   mbase = { 0, NULL }; 
+               struct berval   mfilter = { 0, NULL };
+               char            **mapped_attrs = NULL;
+
                if ( lsc->candidate != META_CANDIDATE ) {
+                       msgid[ i ] = -1;
                        continue;
                }
 
                /* should we check return values? */
-               if ( deref != -1 ) {
+               if ( op->oq_search.rs_deref != -1 ) {
                        ldap_set_option( lsc->ld, LDAP_OPT_DEREF,
-                                       ( void * )&deref);
+                                       ( void * )&op->oq_search.rs_deref);
                }
-               if ( tlimit != -1 ) {
+               if ( op->oq_search.rs_tlimit != -1 ) {
                        ldap_set_option( lsc->ld, LDAP_OPT_TIMELIMIT,
-                                       ( void * )&tlimit);
+                                       ( void * )&op->oq_search.rs_tlimit);
                }
-               if ( slimit != -1 ) {
+               if ( op->oq_search.rs_slimit != -1 ) {
                        ldap_set_option( lsc->ld, LDAP_OPT_SIZELIMIT,
-                                       ( void * )&slimit);
+                                       ( void * )&op->oq_search.rs_slimit);
                }
 
+               dc.rwmap = &li->targets[ i ]->rwmap;
+
                /*
                 * modifies the base according to the scope, if required
                 */
                suffixlen = li->targets[ i ]->suffix.bv_len;
-               if ( suffixlen > nbase->bv_len ) {
-                       switch ( scope ) {
+               if ( suffixlen > op->o_req_ndn.bv_len ) {
+                       switch ( op->oq_search.rs_scope ) {
                        case LDAP_SCOPE_SUBTREE:
                                /*
                                 * make the target suffix the new base
@@ -244,27 +263,27 @@ meta_back_search(
                                 * the suffix of the target.
                                 */
                                if ( dnIsSuffix( &li->targets[ i ]->suffix,
-                                               nbase ) ) {
-                                       realbase = li->targets[ i ]->suffix.bv_val;
+                                               &op->o_req_ndn ) ) {
+                                       realbase = li->targets[ i ]->suffix;
                                } else {
                                        /*
                                         * this target is no longer candidate
                                         */
-                                       lsc->candidate = META_NOT_CANDIDATE;
-                                       continue;
+                                       msgid[ i ] = -1;
+                                       goto new_candidate;
                                }
                                break;
 
                        case LDAP_SCOPE_ONELEVEL:
                                if ( is_one_level_rdn( li->targets[ i ]->suffix.bv_val,
-                                               suffixlen - nbase->bv_len - 1 ) 
-                       && dnIsSuffix( &li->targets[ i ]->suffix, nbase ) ) {
+                                               suffixlen - op->o_req_ndn.bv_len - 1 ) 
+                       && dnIsSuffix( &li->targets[ i ]->suffix, &op->o_req_ndn ) ) {
                                        /*
                                         * if there is exactly one level,
                                         * make the target suffix the new
                                         * base, and make scope "base"
                                         */
-                                       realbase = li->targets[ i ]->suffix.bv_val;
+                                       realbase = li->targets[ i ]->suffix;
                                        realscope = LDAP_SCOPE_BASE;
                                        break;
                                } /* else continue with the next case */
@@ -273,8 +292,8 @@ meta_back_search(
                                /*
                                 * this target is no longer candidate
                                 */
-                               lsc->candidate = META_NOT_CANDIDATE;
-                               continue;
+                               msgid[ i ] = -1;
+                               goto new_candidate;
                        }
 
                }
@@ -282,131 +301,92 @@ meta_back_search(
                /*
                 * Rewrite the search base, if required
                 */
-               switch ( rewrite_session( li->targets[ i ]->rwinfo,
-                                       "searchBase",
-                                       realbase, conn, &mbase ) ) {
-               case REWRITE_REGEXEC_OK:
-               if ( mbase == NULL ) {
-                       mbase = realbase;
-               }
-#ifdef NEW_LOGGING
-               LDAP_LOG( BACK_META, DETAIL1,
-                       "[rw] searchBase: \"%s\" -> \"%s\"\n", base->bv_val, mbase, 0 );
-#else /* !NEW_LOGGING */
-               Debug( LDAP_DEBUG_ARGS, "rw> searchBase: \"%s\" -> \"%s\"\n%s",
-                               base->bv_val, mbase, "" );
-#endif /* !NEW_LOGGING */
-               break;
-               
-               case REWRITE_REGEXEC_UNWILLING:
-                       send_ldap_result( conn, op, LDAP_UNWILLING_TO_PERFORM,
-                                       NULL, "Operation not allowed",
-                                       NULL, NULL );
-                       rc = -1;
-                       goto finish;
-
-               case REWRITE_REGEXEC_ERR:
-                       send_ldap_result( conn, op, LDAP_OTHER,
-                                       NULL, "rewrite error", NULL, NULL );
-                       rc = -1;
-                       goto finish;
-               }
-       
-               /*
-                * Rewrite the search filter, if required
-                */
-               switch ( rewrite_session( li->targets[ i ]->rwinfo,
-                                       "searchFilter",
-                                       filterstr->bv_val, conn, &mfilter.bv_val ) ) {
-               case REWRITE_REGEXEC_OK:
-                       if ( mfilter.bv_val != NULL && mfilter.bv_val[ 0 ] != '\0') {
-                               mfilter.bv_len = strlen( mfilter.bv_val );
-                       } else {
-                               if ( mfilter.bv_val != NULL ) {
-                                       free( mfilter.bv_val );
-                               }
-                               mfilter = *filterstr;
-                       }
-#ifdef NEW_LOGGING
-                       LDAP_LOG( BACK_META, DETAIL1,
-                               "[rw] searchFilter: \"%s\" -> \"%s\"\n",
-                               filterstr->bv_val, mfilter.bv_val, 0 );
-#else /* !NEW_LOGGING */
-                       Debug( LDAP_DEBUG_ARGS,
-                               "rw> searchFilter: \"%s\" -> \"%s\"\n%s",
-                               filterstr->bv_val, mfilter.bv_val, "" );
-#endif /* !NEW_LOGGING */
+               dc.ctx = "searchBase";
+               switch ( ldap_back_dn_massage( &dc, &realbase, &mbase ) ) {
+               default:
                        break;
-               
+
                case REWRITE_REGEXEC_UNWILLING:
-                       send_ldap_result( conn, op, LDAP_UNWILLING_TO_PERFORM,
-                                       NULL, "Operation not allowed",
-                                       NULL, NULL );
+                       rs->sr_err = LDAP_UNWILLING_TO_PERFORM;
+                       rs->sr_text = "Operation not allowed";
+                       send_ldap_result( op, rs );
                        rc = -1;
                        goto finish;
 
                case REWRITE_REGEXEC_ERR:
-                       send_ldap_result( conn, op, LDAP_OTHER,
-                                       NULL, "Rewrite error", NULL, NULL );
+#if 0
+                       rs->sr_err = LDAP_OTHER;
+                       rs->sr_text = "Rewrite error";
+                       send_ldap_result( op, rs );
                        rc = -1;
                        goto finish;
+#endif 
+
+                       /*
+                        * this target is no longer candidate
+                        */
+                       msgid[ i ] = -1;
+                       goto new_candidate;
                }
 
                /*
-                * Maps attributes in filter
+                * Maps filter
                 */
-               mapped_filter = ldap_back_map_filter( &li->targets[ i ]->at_map,
-                               &li->targets[ i ]->oc_map, &mfilter, 0 );
-               if ( mapped_filter == NULL ) {
-                       mapped_filter = ( char * )mfilter.bv_val;
-               } else {
-                       if ( mfilter.bv_val != filterstr->bv_val ) {
-                               free( mfilter.bv_val );
-                       }
+               rc = ldap_back_filter_map_rewrite( &dc,
+                               op->oq_search.rs_filter,
+                               &mfilter, BACKLDAP_MAP );
+               if ( rc != 0 ) {
+                       /*
+                        * this target is no longer candidate
+                        */
+                       msgid[ i ] = -1;
+                       goto new_candidate;
                }
-               mfilter.bv_val = NULL;
-               mfilter.bv_len = 0;
-       
+
                /*
                 * Maps required attributes
                 */
-               mapped_attrs = ldap_back_map_attrs( &li->targets[ i ]->at_map,
-                               attrs, 0 );
-               if ( mapped_attrs == NULL && attrs) {
-                       for ( count=0; attrs[ count ].an_name.bv_val; count++ );
-                       mapped_attrs = ch_malloc( ( count + 1 ) * sizeof(char *));
-                       for ( count=0; attrs[ count ].an_name.bv_val; count++ ) {
-                               mapped_attrs[ count ] = attrs[ count ].an_name.bv_val;
-                       }
-                       mapped_attrs[ count ] = NULL;
+               rc = ldap_back_map_attrs( &li->targets[ i ]->rwmap.rwm_at,
+                               op->oq_search.rs_attrs, BACKLDAP_MAP,
+                               &mapped_attrs );
+               if ( rc != LDAP_SUCCESS ) {
+                       /*
+                        * this target is no longer candidate
+                        */
+                       msgid[ i ] = -1;
+                       goto new_candidate;
                }
 
                /*
                 * Starts the search
                 */
-               msgid[ i ] = ldap_search( lsc->ld, mbase, realscope,
-                               mapped_filter, mapped_attrs, attrsonly ); 
-               if ( msgid[ i ] == -1 ) {
-                       lsc->candidate = META_NOT_CANDIDATE;
-                       continue;
-               }
-
+               msgid[ i ] = ldap_search( lsc->ld, mbase.bv_val, realscope,
+                               mfilter.bv_val, mapped_attrs,
+                               op->oq_search.rs_attrsonly ); 
                if ( mapped_attrs ) {
                        free( mapped_attrs );
                        mapped_attrs = NULL;
                }
-               if ( mapped_filter != filterstr->bv_val ) {
-                       free( mapped_filter );
-                       mapped_filter = NULL;
+               if ( mfilter.bv_val != op->oq_search.rs_filterstr.bv_val ) {
+                       free( mfilter.bv_val );
+                       mfilter.bv_val = NULL;
+               }
+               if ( mbase.bv_val != realbase.bv_val ) {
+                       free( mbase.bv_val );
+                       mbase.bv_val = NULL;
                }
-               if ( mbase != realbase ) {
-                       free( mbase );
-                       mbase = NULL;
+
+               if ( msgid[ i ] == -1 ) {
+                       continue;
                }
 
                ++candidates;
+
+new_candidate:;
        }
 
+       initial_candidates = candidates;
+
        /* We pull apart the ber result, stuff it into a slapd entry, and
         * let send_search_entry stuff it back into ber format. Slow & ugly,
         * but this is necessary for version matching, and for ACL processing.
@@ -419,14 +399,14 @@ meta_back_search(
         * FIXME: we might use a queue, to balance the load 
         * among the candidates
         */
-       for ( count = 0, rc = 0; candidates > 0; ) {
+       for ( rc = 0; candidates > 0; ) {
                int ab, gotit = 0;
 
                /* check for abandon */
                ab = op->o_abandon;
 
                for ( i = 0, lsc = lc->conns; !META_LAST(lsc); lsc++, i++ ) {
-                       if ( lsc->candidate != META_CANDIDATE ) {
+                       if ( msgid[ i ] == -1 ) {
                                continue;
                        }
                        
@@ -436,11 +416,11 @@ meta_back_search(
                                break;
                        }
 
-                       if ( slimit > 0 && count == slimit ) {
-                               send_search_result( conn, op,
-                                               LDAP_SIZELIMIT_EXCEEDED,
-                                               NULL, NULL, v2refs, NULL, 
-                                               count );
+                       if ( op->oq_search.rs_slimit > 0
+                                       && rs->sr_nentries == op->oq_search.rs_slimit ) {
+                               rs->sr_err = LDAP_SIZELIMIT_EXCEEDED;
+                               rs->sr_v2ref = v2refs;
+                               send_ldap_result( op, rs );
                                goto finish;
                        }
 
@@ -461,26 +441,35 @@ meta_back_search(
                                /* something REALLY bad happened! */
                                ( void )meta_clear_unused_candidates( li,
                                                lc, -1, 0 );
-                               send_search_result( conn, op, LDAP_OTHER,
-                                               NULL, NULL, v2refs, NULL, 
-                                               count );
+                               rs->sr_err = LDAP_OTHER;
+                               rs->sr_v2ref = v2refs;
+                               send_ldap_result( op, rs );
                                
                                /* anything else needs be done? */
                                goto finish;
 
                        } else if ( rc == LDAP_RES_SEARCH_ENTRY ) {
                                e = ldap_first_entry( lsc->ld, res );
-                               if ( meta_send_entry( be, op, lc, i, e, attrs,
-                                               attrsonly ) == LDAP_SUCCESS ) {
-                                       count++;
+                               meta_send_entry( op, rs, lc, i, e );
+
+                               /*
+                                * If scope is BASE, we need to jump out
+                                * as soon as one entry is found; if
+                                * the target pool is properly crafted,
+                                * this should correspond to the sole
+                                * entry that has the base DN
+                                */
+                               if ( op->oq_search.rs_scope == LDAP_SCOPE_BASE
+                                               && rs->sr_nentries > 0 ) {
+                                       candidates = 0;
+                                       sres = LDAP_SUCCESS;
+                                       break;
                                }
                                ldap_msgfree( res );
                                gotit = 1;
 
                        } else if ( rc == LDAP_RES_SEARCH_REFERENCE ) {
                                char            **references = NULL;
-                               LDAPControl     **ctrls = NULL;
-                               BerVarray       refs;
                                int             cnt;
 
                                /*
@@ -489,7 +478,7 @@ meta_back_search(
                                 */
 
                                rc = ldap_parse_reference( lsc->ld, res,
-                                               &references, &ctrls, 1 );
+                                               &references, &rs->sr_ctrls, 1 );
 
                                if ( rc != LDAP_SUCCESS ) {
                                        continue;
@@ -502,54 +491,55 @@ meta_back_search(
                                for ( cnt = 0; references[ cnt ]; cnt++ )
                                        /* NO OP */ ;
                                
-                               refs = ch_calloc( cnt + 1, sizeof( struct berval ) );
+                               rs->sr_ref = ch_calloc( cnt + 1, sizeof( struct berval ) );
 
                                for ( cnt = 0; references[ cnt ]; cnt++ ) {
-                                       refs[ cnt ].bv_val = references[ cnt ];
-                                       refs[ cnt ].bv_len = strlen( references[ cnt ] );
+                                       rs->sr_ref[ cnt ].bv_val = references[ cnt ];
+                                       rs->sr_ref[ cnt ].bv_len = strlen( references[ cnt ] );
                                }
 
                                /* ignore return value by now */
-                               ( void )send_search_reference( be, conn, op, 
-                                               NULL, refs, ctrls, &v2refs );
+                               ( void )send_search_reference( op, rs );
 
                                /* cleanup */
                                if ( references ) {
                                        ldap_value_free( references );
-                                       ch_free( refs );
+                                       ch_free( rs->sr_ref );
+                                       rs->sr_ref = NULL;
                                }
 
-                               if ( ctrls ) {
-                                       ldap_controls_free( ctrls );
+                               if ( rs->sr_ctrls ) {
+                                       ldap_controls_free( rs->sr_ctrls );
+                                       rs->sr_ctrls = NULL;
                                }
 
                        } else {
-                               sres = ldap_result2error( lsc->ld,
+                               rs->sr_err = ldap_result2error( lsc->ld,
                                                res, 1 );
-                               sres = ldap_back_map_result( sres );
+                               sres = ldap_back_map_result( rs );
                                if ( err != NULL ) {
                                        free( err );
                                }
                                ldap_get_option( lsc->ld,
                                                LDAP_OPT_ERROR_STRING, &err );
-                               if ( match != NULL ) {
-                                       free( match );
+                               if ( match.bv_val != NULL ) {
+                                       free( match.bv_val );
                                }
                                ldap_get_option( lsc->ld,
-                                               LDAP_OPT_MATCHED_DN, &match );
+                                               LDAP_OPT_MATCHED_DN, &match.bv_val );
 
 #ifdef NEW_LOGGING
                                LDAP_LOG( BACK_META, ERR,
                                        "meta_back_search [%d] "
                                        "match=\"%s\" err=\"%s\"\n",
-                                       i, match, err );
+                                       i, match.bv_val, err );
 #else /* !NEW_LOGGING */
                                Debug( LDAP_DEBUG_ANY,
                                        "=>meta_back_search [%d] "
                                        "match=\"%s\" err=\"%s\"\n",
-                                       i, match, err );        
+                                       i, match.bv_val, err ); 
 #endif /* !NEW_LOGGING */
-                               
+                               candidate_match++;
                                last = i;
                                rc = 0;
 
@@ -557,7 +547,7 @@ meta_back_search(
                                 * When no candidates are left,
                                 * the outer cycle finishes
                                 */
-                               lsc->candidate = META_NOT_CANDIDATE;
+                               msgid[ i ] = -1;
                                --candidates;
                        }
                }
@@ -580,7 +570,7 @@ meta_back_search(
                /*
                 * FIXME: need a strategy to handle errors
                 */
-               rc = meta_back_op_result( lc, op );
+               rc = meta_back_op_result( lc, op, rs );
                goto finish;
        }
 
@@ -589,29 +579,13 @@ meta_back_search(
         * 
         * FIXME: only the last one gets caught!
         */
-       if ( match != NULL ) {
-               switch ( rewrite_session( li->targets[ last ]->rwinfo,
-                                       "matchedDn", match, conn, &mmatch ) ) {
-               case REWRITE_REGEXEC_OK:
-                       if ( mmatch == NULL ) {
-                               mmatch = ( char * )match;
-                       }
-#ifdef NEW_LOGGING
-                       LDAP_LOG( BACK_META, DETAIL1,
-                               "[rw] matchedDn: \"%s\" -> \"%s\"\n", match, mmatch, 0 );
-#else /* !NEW_LOGGING */
-                       Debug( LDAP_DEBUG_ARGS, "rw> matchedDn:"
-                                      " \"%s\" -> \"%s\"\n%s",
-                                      match, mmatch, "" );
-#endif /* !NEW_LOGGING */
-                       break;
-                       
-               case REWRITE_REGEXEC_UNWILLING:
-                       
-               case REWRITE_REGEXEC_ERR:
-                       /* FIXME: no error, but no matched ... */
-                       mmatch = NULL;
-                       break;
+       if ( candidate_match == initial_candidates
+                       && match.bv_val != NULL && *match.bv_val ) {
+               dc.ctx = "matchedDn";
+               dc.rwmap = &li->targets[ last ]->rwmap;
+
+               if ( ldap_back_dn_massage( &dc, &match, &mmatch ) ) {
+                       mmatch.bv_val = NULL;
                }
        }
 
@@ -625,14 +599,20 @@ meta_back_search(
        if ( sres == LDAP_SUCCESS && v2refs ) {
                sres = LDAP_REFERRAL;
        }
-       send_search_result( conn, op, sres, mmatch, err, v2refs, NULL, count );
+       rs->sr_err = sres;
+       rs->sr_matched = mmatch.bv_val;
+       rs->sr_v2ref = v2refs;
+       send_ldap_result( op, rs );
+       rs->sr_matched = NULL;
+       rs->sr_v2ref = NULL;
+
 
 finish:;
-       if ( match ) {
-               if ( mmatch != match ) {
-                       free( mmatch );
+       if ( match.bv_val ) {
+               if ( mmatch.bv_val != match.bv_val ) {
+                       free( mmatch.bv_val );
                }
-               free(match);
+               free( match.bv_val );
        }
        
        if ( err ) {
@@ -648,16 +628,14 @@ finish:;
 
 static int
 meta_send_entry(
-               Backend         *be,
                Operation       *op,
+               SlapReply       *rs,
                struct metaconn *lc,
                int             target,
-               LDAPMessage     *e,
-               AttributeName   *attrs,
-               int             attrsonly
+               LDAPMessage     *e
 )
 {
-       struct metainfo         *li = ( struct metainfo * )be->be_private;
+       struct metainfo         *li = ( struct metainfo * )op->o_bd->be_private;
        struct berval           a, mapped;
        Entry                   ent;
        BerElement              ber = *e->lm_ber;
@@ -665,6 +643,7 @@ meta_send_entry(
        struct berval           dummy = { 0, NULL };
        struct berval           *bv, bdn;
        const char              *text;
+       dncookie                dc;
 
        if ( ber_scanf( &ber, "{m{", &bdn ) == LBER_ERROR ) {
                return LDAP_DECODING_ERROR;
@@ -673,30 +652,14 @@ meta_send_entry(
        /*
         * Rewrite the dn of the result, if needed
         */
-       switch ( rewrite_session( li->targets[ target ]->rwinfo,
-                               "searchResult", bdn.bv_val, lc->conn, &ent.e_name.bv_val ) ) {
-       case REWRITE_REGEXEC_OK:
-               if ( ent.e_name.bv_val == NULL ) {
-                       ent.e_name = bdn;
-
-               } else {
-#ifdef NEW_LOGGING
-                       LDAP_LOG( BACK_META, DETAIL1,
-                               "[rw] searchResult[%d]: \"%s\" -> \"%s\"\n",
-                               target, bdn.bv_val, ent.e_name.bv_val );
-#else /* !NEW_LOGGING */
-                       Debug( LDAP_DEBUG_ARGS, "rw> searchResult[%d]: \"%s\""
-                                       " -> \"%s\"\n", target, bdn.bv_val, ent.e_name.bv_val );
-#endif /* !NEW_LOGGING */
-                       ent.e_name.bv_len = strlen( ent.e_name.bv_val );
-               }
-               break;
-               
-       case REWRITE_REGEXEC_UNWILLING:
-               return LDAP_UNWILLING_TO_PERFORM;
-
-       case REWRITE_REGEXEC_ERR:
-               return LDAP_OTHER;
+       dc.rwmap = &li->targets[ target ]->rwmap;
+       dc.conn = op->o_conn;
+       dc.rs = rs;
+       dc.ctx = "searchResult";
+
+       rs->sr_err = ldap_back_dn_massage( &dc, &bdn, &ent.e_name );
+       if ( rs->sr_err != LDAP_SUCCESS) {
+               return rs->sr_err;
        }
 
        /*
@@ -704,9 +667,11 @@ meta_send_entry(
         * from the one known to the meta, and a DN with unknown
         * attributes is returned.
         * 
-        * FIXME: should we log anything, or delegate to dnNormalize2?
+        * FIXME: should we log anything, or delegate to dnNormalize?
         */
-       if ( dnNormalize2( NULL, &ent.e_name, &ent.e_nname ) != LDAP_SUCCESS ) {
+       if ( dnNormalize( 0, NULL, NULL, &ent.e_name, &ent.e_nname,
+               &op->o_tmpmemctx ) != LDAP_SUCCESS )
+       {
                return LDAP_INVALID_DN_SYNTAX;
        }
 
@@ -715,8 +680,7 @@ meta_send_entry(
         */
        if ( li->cache.ttl != META_DNCACHE_DISABLED ) {
                ( void )meta_dncache_update_entry( &li->cache,
-                                                  &ent.e_nname,
-                                                  target );
+                               &ent.e_nname, target );
        }
 
        ent.e_id = 0;
@@ -724,10 +688,13 @@ meta_send_entry(
        ent.e_private = 0;
        attrp = &ent.e_attrs;
 
+       dc.ctx = "searchAttrDN";
        while ( ber_scanf( &ber, "{m", &a ) != LBER_ERROR ) {
-               ldap_back_map( &li->targets[ target ]->at_map, 
-                               &a, &mapped, 1 );
-               if ( mapped.bv_val == NULL ) {
+               int             last = 0;
+
+               ldap_back_map( &li->targets[ target ]->rwmap.rwm_at, 
+                               &a, &mapped, BACKLDAP_REMAP );
+               if ( mapped.bv_val == NULL || mapped.bv_val[0] == '\0' ) {
                        continue;
                }
                attr = ( Attribute * )ch_malloc( sizeof( Attribute ) );
@@ -756,6 +723,16 @@ meta_send_entry(
 
                /* no subschemaSubentry */
                if ( attr->a_desc == slap_schema.si_ad_subschemaSubentry ) {
+
+                       /* 
+                        * We eat target's subschemaSubentry because
+                        * a search for this value is likely not
+                        * to resolve to the appropriate backend;
+                        * later, the local subschemaSubentry is
+                        * added.
+                        */
+                       ( void )ber_scanf( &ber, "x" /* [W] */ );
+
                        ch_free(attr);
                        continue;
                }
@@ -766,12 +743,13 @@ meta_send_entry(
 
                } else if ( attr->a_desc == slap_schema.si_ad_objectClass
                                || attr->a_desc == slap_schema.si_ad_structuralObjectClass ) {
-                       int i, last;
+
                        for ( last = 0; attr->a_vals[ last ].bv_val; ++last );
-                       for ( i = 0, bv = attr->a_vals; bv->bv_val; bv++, i++ ) {
-                               ldap_back_map( &li->targets[ target]->oc_map,
-                                               bv, &mapped, 1 );
-                               if ( mapped.bv_val == NULL ) {
+
+                       for ( bv = attr->a_vals; bv->bv_val; bv++ ) {
+                               ldap_back_map( &li->targets[ target ]->rwmap.rwm_oc,
+                                               bv, &mapped, BACKLDAP_REMAP );
+                               if ( mapped.bv_val == NULL || mapped.bv_val[0] == '\0') {
                                        free( bv->bv_val );
                                        bv->bv_val = NULL;
                                        if ( --last < 0 ) {
@@ -779,7 +757,7 @@ meta_send_entry(
                                        }
                                        *bv = attr->a_vals[ last ];
                                        attr->a_vals[ last ].bv_val = NULL;
-                                       i--;
+                                       bv--;
 
                                } else if ( mapped.bv_val != bv->bv_val ) {
                                        free( bv->bv_val );
@@ -797,55 +775,38 @@ meta_send_entry(
                 * ACLs to the target directory server, and letting
                 * everything pass thru the ldap backend.
                 */
-               } else if ( strcmp( attr->a_desc->ad_type->sat_syntax->ssyn_oid,
-                                       SLAPD_DN_SYNTAX ) == 0 ) {
-                       int i;
-                       for ( i = 0, bv = attr->a_vals; bv->bv_val; bv++, i++ ) {
-                               char *newval;
-
-                               switch ( rewrite_session( li->targets[ target ]->rwinfo,
-                                                       "searchResult",
-                                                       bv->bv_val,
-                                                       lc->conn, &newval )) {
-                               case REWRITE_REGEXEC_OK:
-                                       /* left as is */
-                                       if ( newval == NULL ) {
-                                               break;
-                                       }
-#ifdef NEW_LOGGING
-                                       LDAP_LOG( BACK_META, DETAIL1,
-                                               "[rw] searchResult on attr=%s: \"%s\" -> \"%s\"\n",
-                                               attr->a_desc->ad_type->sat_cname.bv_val,
-                                               bv->bv_val, newval );
-#else /* !NEW_LOGGING */
-                                       Debug( LDAP_DEBUG_ARGS,
-                                               "rw> searchResult on attr=%s:"
-                                               " \"%s\" -> \"%s\"\n",
-                                       attr->a_desc->ad_type->sat_cname.bv_val,
-                                               bv->bv_val, newval );
-#endif /* !NEW_LOGGING */
-                                       free( bv->bv_val );
-                                       bv->bv_val = newval;
-                                       bv->bv_len = strlen( newval );
+               } else if ( attr->a_desc->ad_type->sat_syntax ==
+                               slap_schema.si_syn_distinguishedName ) {
+                       ldap_dnattr_result_rewrite( &dc, attr->a_vals );
+               }
 
-                                       break;
+               if ( last && attr->a_desc->ad_type->sat_equality &&
+                       attr->a_desc->ad_type->sat_equality->smr_normalize ) {
+                       int i;
 
-                               case REWRITE_REGEXEC_UNWILLING:
-                                       
-                               case REWRITE_REGEXEC_ERR:
-                                       /*
-                                        * FIXME: better give up,
-                                        * skip the attribute
-                                        * or leave it untouched?
-                                        */
-                                       break;
-                               }
+                       attr->a_nvals = ch_malloc((last + 1)*sizeof(struct berval));
+                       for ( i = 0; i<last; i++ ) {
+                               attr->a_desc->ad_type->sat_equality->smr_normalize(
+                                       SLAP_MR_VALUE_OF_ATTRIBUTE_SYNTAX,
+                                       attr->a_desc->ad_type->sat_syntax,
+                                       attr->a_desc->ad_type->sat_equality,
+                                       &attr->a_vals[i], &attr->a_nvals[i],
+                                       op->o_tmpmemctx );
                        }
+                       attr->a_nvals[i].bv_val = NULL;
+                       attr->a_nvals[i].bv_len = 0;
+               } else {
+                       attr->a_nvals = attr->a_vals;
                }
+
                *attrp = attr;
                attrp = &attr->a_next;
        }
-       send_search_entry( be, lc->conn, op, &ent, attrs, attrsonly, NULL );
+       rs->sr_entry = &ent;
+       rs->sr_attrs = op->oq_search.rs_attrs;
+       send_search_entry( op, rs );
+       rs->sr_entry = NULL;
+       rs->sr_attrs = NULL;
        while ( ent.e_attrs ) {
                attr = ent.e_attrs;
                ent.e_attrs = attr->a_next;
Cloned from git://git.openldap.org/openldap.git