X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=servers%2Fslapd%2Fback-bdb%2Fsearch.c;h=34197d090b9f921cd8b33dfae5cb49bbc909fe27;hb=0006ec0a46790567d3d49fcafce5ffaae08cdbf4;hp=9ae8746ec996a3169cecbe5f98a3e53ee697b7d8;hpb=ddb1124e42df2f5a71d93d986c806f4ee4783964;p=openldap diff --git a/servers/slapd/back-bdb/search.c b/servers/slapd/back-bdb/search.c index 9ae8746ec9..34197d090b 100644 --- a/servers/slapd/back-bdb/search.c +++ b/servers/slapd/back-bdb/search.c @@ -1,7 +1,7 @@ /* search.c - search operation */ /* $OpenLDAP$ */ /* - * Copyright 1998-2000 The OpenLDAP Foundation, All Rights Reserved. + * Copyright 1998-2002 The OpenLDAP Foundation, All Rights Reserved. * COPYING RESTRICTIONS APPLY, see COPYRIGHT file */ @@ -11,6 +11,7 @@ #include #include "back-bdb.h" +#include "idl.h" #include "external.h" static int base_candidate( @@ -19,30 +20,27 @@ static int base_candidate( ID *ids ); static int search_candidates( BackendDB *be, + Operation *op, Entry *e, Filter *filter, int scope, int deref, - int manageDSAit, ID *ids ); -static ID idl_first( ID *ids, ID *cursor ); -static ID idl_next( ID *ids, ID *cursor ); - int bdb_search( BackendDB *be, Connection *conn, Operation *op, - const char *base, - const char *nbase, + struct berval *base, + struct berval *nbase, int scope, int deref, int slimit, int tlimit, Filter *filter, - const char *filterstr, - char **attrs, + struct berval *filterstr, + AttributeName *attrs, int attrsonly ) { struct bdb_info *bdb = (struct bdb_info *) be->be_private; @@ -51,28 +49,36 @@ bdb_search( const char *text = NULL; time_t stoptime; ID id, cursor; - ID candidates[BDB_IDL_SIZE]; + ID candidates[BDB_IDL_UM_SIZE]; Entry *e = NULL; - struct berval **v2refs = NULL; + BerVarray v2refs = NULL; Entry *matched = NULL; - char *realbase = NULL; + struct berval realbase = { 0, NULL }; int nentries = 0; int manageDSAit; + struct slap_limits_set *limit = NULL; + int isroot = 0; + Debug( LDAP_DEBUG_TRACE, "=> bdb_back_search\n", 0, 0, 0); manageDSAit = get_manageDSAit( op ); + if ( nbase->bv_len == 0 ) { + /* DIT root special case */ + e = (Entry *) &slap_entry_root; + rc = 0; + } else #ifdef BDB_ALIASES /* get entry with reader lock */ if ( deref & LDAP_DEREF_FINDING ) { - e = deref_dn_r( be, nbase, &err, &matched, &text ); + e = deref_dn_r( be, nbase-, &err, &matched, &text ); } else #endif { - rc = bdb_dn2entry( be, NULL, nbase, &e, &matched, 0 ); + rc = bdb_dn2entry_r( be, NULL, nbase, &e, &matched, 0 ); } switch(rc) { @@ -80,88 +86,174 @@ bdb_search( case 0: break; default: + if (e != NULL) { + bdb_cache_return_entry_w(&bdb->bi_cache, e); + } + if (matched != NULL) { + bdb_cache_return_entry_r(&bdb->bi_cache, matched); + } send_ldap_result( conn, op, rc=LDAP_OTHER, NULL, "internal error", NULL, NULL ); return rc; } if ( e == NULL ) { - char *matched_dn = NULL; - struct berval **refs = NULL; + struct berval matched_dn = { 0, NULL }; + BerVarray refs = NULL; if ( matched != NULL ) { - matched_dn = ch_strdup( matched->e_dn ); + BerVarray erefs; + + ber_dupbv( &matched_dn, &matched->e_name ); - refs = is_entry_referral( matched ) + erefs = is_entry_referral( matched ) ? get_entry_referrals( be, conn, op, matched ) : NULL; + bdb_cache_return_entry_r (&bdb->bi_cache, matched); + matched = NULL; + + if( erefs ) { + refs = referral_rewrite( erefs, &matched_dn, + base, scope ); + ber_bvarray_free( erefs ); + } + } else { - refs = default_referral; + refs = referral_rewrite( default_referral, + NULL, base, scope ); } send_ldap_result( conn, op, rc=LDAP_REFERRAL , - matched_dn, text, refs, NULL ); - - if( matched != NULL ) { - ber_bvecfree( refs ); - free( matched_dn ); - bdb_entry_return( be, matched ); - } + matched_dn.bv_val, text, refs, NULL ); + if ( refs ) ber_bvarray_free( refs ); + if ( matched_dn.bv_val ) ber_memfree( matched_dn.bv_val ); return rc; } - if (!manageDSAit && is_entry_referral( e ) ) { + if (!manageDSAit && e != &slap_entry_root && is_entry_referral( e ) ) { /* entry is a referral, don't allow add */ - char *matched_dn = ch_strdup( e->e_dn ); - struct berval **refs = get_entry_referrals( be, - conn, op, e ); - - bdb_entry_return( be, e ); + struct berval matched_dn; + BerVarray erefs, refs; + + ber_dupbv( &matched_dn, &e->e_name ); + erefs = get_entry_referrals( be, conn, op, e ); + refs = NULL; + + bdb_cache_return_entry_r( &bdb->bi_cache, e ); + e = NULL; + + if( erefs ) { + refs = referral_rewrite( erefs, &matched_dn, + base, scope ); + ber_bvarray_free( erefs ); + } Debug( LDAP_DEBUG_TRACE, "bdb_search: entry is referral\n", 0, 0, 0 ); send_ldap_result( conn, op, LDAP_REFERRAL, - matched_dn, NULL, refs, NULL ); - - ber_bvecfree( refs ); - free( matched_dn ); + matched_dn.bv_val, + refs ? NULL : "bad referral object", + refs, NULL ); + ber_bvarray_free( refs ); + ber_memfree( matched_dn.bv_val ); return 1; } - if ( tlimit == 0 && be_isroot( be, op->o_ndn ) ) { - tlimit = -1; /* allow root to set no limit */ + /* if not root, get appropriate limits */ + if ( be_isroot( be, &op->o_ndn ) ) { + isroot = 1; } else { - tlimit = (tlimit > be->be_timelimit || tlimit < 1) ? - be->be_timelimit : tlimit; - stoptime = op->o_time + tlimit; + ( void ) get_limits( be, &op->o_ndn, &limit ); } - if ( slimit == 0 && be_isroot( be, op->o_ndn ) ) { - slimit = -1; /* allow root to set no limit */ + /* The time/size limits come first because they require very little + * effort, so there's no chance the candidates are selected and then + * the request is not honored only because of time/size constraints */ + + /* if no time limit requested, use soft limit (unless root!) */ + if ( isroot ) { + if ( tlimit == 0 ) { + tlimit = -1; /* allow root to set no limit */ + } + + if ( slimit == 0 ) { + slimit = -1; + } + } else { - slimit = (slimit > be->be_sizelimit || slimit < 1) ? - be->be_sizelimit : slimit; + /* if no limit is required, use soft limit */ + if ( tlimit <= 0 ) { + tlimit = limit->lms_t_soft; + + /* if requested limit higher than hard limit, abort */ + } else if ( tlimit > limit->lms_t_hard ) { + /* no hard limit means use soft instead */ + if ( limit->lms_t_hard == 0 ) { + tlimit = limit->lms_t_soft; + + /* positive hard limit means abort */ + } else if ( limit->lms_t_hard > 0 ) { + send_search_result( conn, op, + LDAP_UNWILLING_TO_PERFORM, + NULL, NULL, NULL, NULL, 0 ); + rc = 0; + goto done; + } + + /* negative hard limit means no limit */ + } + + /* if no limit is required, use soft limit */ + if ( slimit <= 0 ) { + slimit = limit->lms_s_soft; + + /* if requested limit higher than hard limit, abort */ + } else if ( slimit > limit->lms_s_hard ) { + /* no hard limit means use soft instead */ + if ( limit->lms_s_hard == 0 ) { + slimit = limit->lms_s_soft; + + /* positive hard limit means abort */ + } else if ( limit->lms_s_hard > 0 ) { + send_search_result( conn, op, + LDAP_UNWILLING_TO_PERFORM, + NULL, NULL, NULL, NULL, 0 ); + rc = 0; + goto done; + } + + /* negative hard limit means no limit */ + } } + /* compute it anyway; root does not use it */ + stoptime = op->o_time + tlimit; + + /* select candidates */ if ( scope == LDAP_SCOPE_BASE ) { rc = base_candidate( be, e, candidates ); } else { - rc = search_candidates( be, e, filter, - scope, deref, manageDSAit, candidates ); + BDB_IDL_ALL( bdb, candidates ); + rc = search_candidates( be, op, e, filter, + scope, deref, candidates ); } /* need normalized dn below */ - realbase = ch_strdup( e->e_ndn ); + ber_dupbv( &realbase, &e->e_nname ); - /* start cursor at base entry's id */ - cursor = e->e_id; + /* start cursor at base entry's id + * FIXME: hack to make "" base work */ + cursor = e->e_id == NOID ? 1 : e->e_id; - bdb_entry_return( be, e ); + if ( e != &slap_entry_root ) { + bdb_cache_return_entry_r(&bdb->bi_cache, e); + } + e = NULL; if ( candidates[0] == 0 ) { Debug( LDAP_DEBUG_TRACE, "bdb_search: no candidates\n", @@ -175,9 +267,20 @@ bdb_search( goto done; } - for ( id = idl_first( candidates, &cursor ); + /* if not root and candidates exceed to-be-checked entries, abort */ + if ( !isroot && limit->lms_s_unchecked != -1 ) { + if ( BDB_IDL_N(candidates) > (unsigned) limit->lms_s_unchecked ) { + send_search_result( conn, op, + LDAP_UNWILLING_TO_PERFORM, + NULL, NULL, NULL, NULL, 0 ); + rc = 1; + goto done; + } + } + + for ( id = bdb_idl_first( candidates, &cursor ); id != NOID; - id = idl_next( candidates, &cursor ) ) + id = bdb_idl_next( candidates, &cursor ) ) { int scopeok = 0; @@ -199,15 +302,39 @@ bdb_search( } /* get the entry with reader lock */ - rc = bdb_id2entry( be, NULL, id, &e ); + rc = bdb_id2entry_r( be, NULL, id, &e ); if ( e == NULL ) { - Debug( LDAP_DEBUG_TRACE, - "bdb_search: candidate %ld not found\n", - id, 0, 0 ); + if( !BDB_IDL_IS_RANGE(candidates) ) { + /* only complain for non-range IDLs */ + Debug( LDAP_DEBUG_TRACE, + "bdb_search: candidate %ld not found\n", + (long) id, 0, 0 ); + } + + goto loop_continue; + } + +#ifdef BDB_SUBENTRIES + if ( is_entry_subentry( e ) ) { + if( scope != LDAP_SCOPE_BASE ) { + if(!get_subentries_visibility( op )) { + /* only subentries are visible */ + goto loop_continue; + } + + } else if ( get_subentries( op ) && + !get_subentries_visibility( op )) + { + /* only subentries are visible */ + goto loop_continue; + } + } else if ( get_subentries_visibility( op )) { + /* only subentries are visible */ goto loop_continue; } +#endif #ifdef BDB_ALIASES if ( deref & LDAP_DEREF_SEARCHING && is_entry_alias( e ) ) { @@ -229,16 +356,14 @@ bdb_search( /* need to skip alias which deref into scope */ if( scope & LDAP_SCOPE_ONELEVEL ) { - char *pdn = dn_parent( NULL, e->e_ndn ); - if ( pdn != NULL ) { - if( strcmp( pdn, realbase ) ) { - free( pdn ); - goto loop_continue; - } - free(pdn); + struct berval pdn; + + dnParent( &e->e_nname, &pdn ): + if ( ber_bvcmp( pdn, &realbase ) ) { + goto loop_continue; } - } else if ( dn_issuffix( e->e_ndn, realbase ) ) { + } else if ( dnIsSuffix( &e->e_nname, &realbase ) ) { /* alias is within scope */ Debug( LDAP_DEBUG_TRACE, "bdb_search: \"%s\" in subtree\n", @@ -258,13 +383,18 @@ bdb_search( if ( !manageDSAit && scope != LDAP_SCOPE_BASE && is_entry_referral( e ) ) { - struct berval **refs = get_entry_referrals( + BerVarray erefs = get_entry_referrals( be, conn, op, e ); + BerVarray refs = referral_rewrite( erefs, + &e->e_name, NULL, + scope == LDAP_SCOPE_SUBTREE + ? LDAP_SCOPE_SUBTREE + : LDAP_SCOPE_BASE ); send_search_reference( be, conn, op, - e, refs, scope, NULL, &v2refs ); + e, refs, NULL, &v2refs ); - ber_bvecfree( refs ); + ber_bvarray_free( refs ); goto loop_continue; } @@ -272,25 +402,19 @@ bdb_search( /* if it matches the filter and scope, send it */ rc = test_filter( be, conn, op, e, filter ); if ( rc == LDAP_COMPARE_TRUE ) { - char *dn; + struct berval dn; /* check scope */ if ( !scopeok && scope == LDAP_SCOPE_ONELEVEL ) { - if ( (dn = dn_parent( be, e->e_ndn )) != NULL ) { - (void) dn_normalize( dn ); - scopeok = (dn == realbase) - ? 1 - : (strcmp( dn, realbase ) ? 0 : 1 ); - free( dn ); - + if ( be_issuffix( be, &e->e_nname ) ) { + scopeok = (realbase.bv_len == 0); } else { - scopeok = (realbase == NULL || *realbase == '\0'); + dnParent( &e->e_nname, &dn ); + scopeok = dn_match( &dn, &realbase ); } } else if ( !scopeok && scope == LDAP_SCOPE_SUBTREE ) { - dn = ch_strdup( e->e_ndn ); - scopeok = dn_issuffix( dn, realbase ); - free( dn ); + scopeok = dnIsSuffix( &e->e_nname, &realbase ); } else { scopeok = 1; @@ -299,7 +423,8 @@ bdb_search( if ( scopeok ) { /* check size limit */ if ( --slimit == -1 ) { - bdb_entry_return( be, e ); + bdb_cache_return_entry_r (&bdb->bi_cache, e); + e = NULL; send_search_result( conn, op, rc = LDAP_SIZELIMIT_EXCEEDED, NULL, NULL, v2refs, NULL, nentries ); @@ -307,8 +432,14 @@ bdb_search( } if (e) { - int result = send_search_entry( be, conn, op, - e, attrs, attrsonly, NULL); + int result; + + if( op->o_noop ) { + result = 0; + } else { + result = send_search_entry( be, conn, op, + e, attrs, attrsonly, NULL); + } switch (result) { case 0: /* entry sent ok */ @@ -317,7 +448,8 @@ bdb_search( case 1: /* entry not sent */ break; case -1: /* connection closed */ - bdb_entry_return( be, e ); + bdb_cache_return_entry_r(&bdb->bi_cache, e); + e = NULL; rc = LDAP_OTHER; goto done; } @@ -325,18 +457,19 @@ bdb_search( } else { Debug( LDAP_DEBUG_TRACE, "bdb_search: %ld scope not okay\n", - id, 0, 0 ); + (long) id, 0, 0 ); } } else { Debug( LDAP_DEBUG_TRACE, "bdb_search: %ld does match filter\n", - id, 0, 0 ); + (long) id, 0, 0 ); } loop_continue: if( e != NULL ) { /* free reader lock */ - bdb_entry_return( be, e ); + bdb_cache_return_entry_r ( &bdb->bi_cache, e ); + e = NULL; } ldap_pvt_thread_yield(); @@ -348,8 +481,13 @@ loop_continue: rc = 0; done: - ber_bvecfree( v2refs ); - if( realbase ) ch_free( realbase ); + if( e != NULL ) { + /* free reader lock */ + bdb_cache_return_entry_r ( &bdb->bi_cache, e ); + } + + if( v2refs ) ber_bvarray_free( v2refs ); + if( realbase.bv_val ) ch_free( realbase.bv_val ); return rc; } @@ -368,18 +506,68 @@ static int base_candidate( return 0; } +/* Is "objectClass=xx" mentioned anywhere in this filter? Presence + * doesn't count, we're looking for explicit values. + */ +static int oc_filter( + Filter *f +) +{ + int rc = 0; + + switch(f->f_choice) { + case LDAP_FILTER_EQUALITY: + case LDAP_FILTER_APPROX: + if (f->f_av_desc == slap_schema.si_ad_objectClass) + rc = 1; + break; + + case LDAP_FILTER_SUBSTRINGS: + if (f->f_sub_desc == slap_schema.si_ad_objectClass) + rc = 1; + break; + + case LDAP_FILTER_AND: + case LDAP_FILTER_OR: + for (f=f->f_and; f; f=f->f_next) + if ((rc = oc_filter(f))) + break; + break; + default: + break; + } + return rc; +} + static int search_candidates( BackendDB *be, + Operation *op, Entry *e, Filter *filter, int scope, int deref, - int manageDSAit, ID *ids ) { int rc; - Filter f, fand, rf, af, xf; - AttributeAssertion aa_ref, aa_alias; + Filter f, scopef, rf, xf; + ID tmp[BDB_IDL_UM_SIZE]; + AttributeAssertion aa_ref; +#ifdef BDB_SUBENTRIES + Filter sf; + AttributeAssertion aa_subentry; +#endif +#ifdef BDB_ALIASES + Filter af; + AttributeAssertion aa_alias; +#endif + struct bdb_info *bdb = (struct bdb_info *) be->be_private; + + /* + * This routine takes as input a filter (user-filter) + * and rewrites it as follows: + * (&(scope=DN)[(objectClass=subentry)] + * (|[(objectClass=referral)(objectClass=alias)](user-filter)) + */ Debug(LDAP_DEBUG_TRACE, "search_candidates: base=\"%s\" (0x%08lx) scope=%d\n", @@ -389,96 +577,61 @@ static int search_candidates( xf.f_choice = LDAP_FILTER_OR; xf.f_next = NULL; - if( !manageDSAit ) { - /* match referrals */ - static struct berval bv_ref = { sizeof("REFERRAL")-1, "REFERRAL" }; - rf.f_choice = LDAP_FILTER_EQUALITY; - rf.f_ava = &aa_ref; - rf.f_av_desc = slap_schema.si_ad_objectClass; - rf.f_av_value = &bv_ref; - rf.f_next = xf.f_or; - xf.f_or = &rf; - } + /* If the user's filter doesn't mention objectClass, or if + * it just uses objectClass=*, these clauses are redundant. + */ + if (oc_filter(filter) && !get_subentries_visibility(op) ) { + if( !get_manageDSAit(op) ) { /* match referrals */ + struct berval bv_ref = { sizeof("REFERRAL")-1, "REFERRAL" }; + rf.f_choice = LDAP_FILTER_EQUALITY; + rf.f_ava = &aa_ref; + rf.f_av_desc = slap_schema.si_ad_objectClass; + rf.f_av_value = bv_ref; + rf.f_next = xf.f_or; + xf.f_or = &rf; + } #ifdef BDB_ALIASES - if( deref & LDAP_DEREF_SEARCHING ) { - /* match aliases */ - static struct berval bv_alias = { sizeof("ALIAS")-1, "ALIAS" }; - af.f_choice = LDAP_FILTER_EQUALITY; - af.f_ava = &aa_alias; - af.f_av_desc = slap_schema.si_ad_objectClass; - af.f_av_value = &bv_alias; - af.f_next = xf.f_or; - xf.f_or = ⁡ - } + if( deref & LDAP_DEREF_SEARCHING ) { /* match aliases */ + struct berval bv_alias = { sizeof("ALIAS")-1, "ALIAS" }; + af.f_choice = LDAP_FILTER_EQUALITY; + af.f_ava = &aa_alias; + af.f_av_desc = slap_schema.si_ad_objectClass; + af.f_av_value = bv_alias; + af.f_next = xf.f_or; + xf.f_or = ⁡ + } #endif + } f.f_next = NULL; f.f_choice = LDAP_FILTER_AND; - f.f_and = &fand; - fand.f_choice = scope == LDAP_SCOPE_SUBTREE + f.f_and = &scopef; + scopef.f_choice = scope == LDAP_SCOPE_SUBTREE ? SLAPD_FILTER_DN_SUBTREE : SLAPD_FILTER_DN_ONE; - fand.f_dn = e->e_ndn; - fand.f_next = xf.f_or == filter ? filter : &xf ; - -#if 0 - rc = bdb_filter_candidates( be, &f, ids ); -#else - /* a quick hack */ - ids[0] = NOID; - ids[1] = e->e_id; - ids[2] = e->e_id+128; - rc = 0; + scopef.f_dn = &e->e_nname; + scopef.f_next = xf.f_or == filter ? filter : &xf ; + +#ifdef BDB_SUBENTRIES + if( get_subentries_visibility( op ) ) { + struct berval bv_subentry = { sizeof("SUBENTRY")-1, "SUBENTRY" }; + sf.f_choice = LDAP_FILTER_EQUALITY; + sf.f_ava = &aa_subentry; + sf.f_av_desc = slap_schema.si_ad_objectClass; + sf.f_av_value = bv_subentry; + sf.f_next = scopef.f_next; + scopef.f_next = &sf; + } #endif + rc = bdb_filter_candidates( be, &f, ids, tmp ); + Debug(LDAP_DEBUG_TRACE, - "search_candidates: id=%ld first=%ld last=%ld\n", - ids[0], ids[1], - BDB_IDL_IS_RANGE( ids ) ? ids[2] : ids[ids[0]] ); + "bdb_search_candidates: id=%ld first=%ld last=%ld\n", + (long) ids[0], + (long) BDB_IDL_FIRST(ids), + (long) BDB_IDL_LAST(ids) ); return rc; } - -static ID idl_first( ID *ids, ID *cursor ) -{ - ID pos; - - if ( ids[0] == 0 ) { - *cursor = NOID; - return NOID; - } - - if ( BDB_IDL_IS_RANGE( ids ) ) { - if( *cursor < ids[1] ) { - *cursor = ids[1]; - } - return *cursor; - } - - pos = bdb_idl_search( ids, *cursor ); - - if( pos > ids[0] ) { - return NOID; - } - - *cursor = pos; - return ids[pos]; -} - -static ID idl_next( ID *ids, ID *cursor ) -{ - if ( BDB_IDL_IS_RANGE( ids ) ) { - if( ids[2] < ++(*cursor) ) { - return NOID; - } - return *cursor; - } - - if ( *cursor < ids[0] ) { - return ids[(*cursor)++]; - } - - return NOID; -} -