X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=servers%2Fslapd%2Fback-ldbm%2Fsearch.c;h=0f949ca5b00aa35d7d33dc4634259ad9a910ebd1;hb=a4d161cff64c74e03e5898eae104d5d52cc54a91;hp=5e0d46fd738ecdb9f080845a8b30fb47b71b03bd;hpb=a8b7e93ef46cd9ca3e95f8c7ad86cfd5a109c80e;p=openldap diff --git a/servers/slapd/back-ldbm/search.c b/servers/slapd/back-ldbm/search.c index 5e0d46fd73..0f949ca5b0 100644 --- a/servers/slapd/back-ldbm/search.c +++ b/servers/slapd/back-ldbm/search.c @@ -1,8 +1,17 @@ /* search.c - ldbm backend search function */ /* $OpenLDAP$ */ -/* - * Copyright 1998-2000 The OpenLDAP Foundation, All Rights Reserved. - * COPYING RESTRICTIONS APPLY, see COPYRIGHT file +/* This work is part of OpenLDAP Software . + * + * Copyright 1998-2006 The OpenLDAP Foundation. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted only as authorized by the OpenLDAP + * Public License. + * + * A copy of this license is available in the file LICENSE in the + * top-level directory of the distribution or, alternatively, at + * . */ #include "portable.h" @@ -20,287 +29,274 @@ static ID_BLOCK *base_candidate( Backend *be, Entry *e ); static ID_BLOCK *search_candidates( - Backend *be, Entry *e, Filter *filter, + Operation *op, Entry *e, Filter *filter, int scope, int deref, int manageDSAit ); int ldbm_back_search( - Backend *be, - Connection *conn, Operation *op, - const char *base, - const char *nbase, - int scope, - int deref, - int slimit, - int tlimit, - Filter *filter, - const char *filterstr, - char **attrs, - int attrsonly ) + SlapReply *rs ) { - struct ldbminfo *li = (struct ldbminfo *) be->be_private; - int rc, err; - const char *text = NULL; + struct ldbminfo *li = (struct ldbminfo *) op->o_bd->be_private; + int rc; time_t stoptime; ID_BLOCK *candidates; ID id, cursor; Entry *e; - struct berval **v2refs = NULL; Entry *matched = NULL; - char *realbase = NULL; - int nentries = 0; + struct berval realbase = BER_BVNULL; int manageDSAit = get_manageDSAit( op ); +#ifdef SLAP_ACL_HONOR_DISCLOSE + slap_mask_t mask; +#endif - struct slap_limits_set *limit = NULL; - int isroot = 0; - -#ifdef NEW_LOGGING - LDAP_LOG(( "backend", LDAP_LEVEL_ENTRY, - "ldbm_back_search: enter\n" )); -#else Debug(LDAP_DEBUG_TRACE, "=> ldbm_back_search\n", 0, 0, 0); -#endif + /* grab giant lock for reading */ + ldap_pvt_thread_rdwr_rlock(&li->li_giant_rwlock); - if ( *nbase == '\0' ) { + if ( op->o_req_ndn.bv_len == 0 ) { /* DIT root special case */ - static const Entry root = { NOID, "", "", NULL, NULL }; - e = (Entry *) &root; + e = (Entry *) &slap_entry_root; /* need normalized dn below */ - realbase = ch_strdup( e->e_ndn ); + ber_dupbv( &realbase, &e->e_nname ); - candidates = search_candidates( be, e, filter, - scope, deref, manageDSAit ); + candidates = search_candidates( op, e, op->ors_filter, + op->ors_scope, op->ors_deref, + manageDSAit || get_domainScope(op) ); goto searchit; - } else if ( deref & LDAP_DEREF_FINDING ) { + } else if ( op->ors_deref & LDAP_DEREF_FINDING ) { /* deref dn and get entry with reader lock */ - e = deref_dn_r( be, nbase, &err, &matched, &text ); + e = deref_dn_r( op->o_bd, &op->o_req_ndn, + &rs->sr_err, &matched, &rs->sr_text ); - if( err == LDAP_NO_SUCH_OBJECT ) err = LDAP_REFERRAL; + if( rs->sr_err == LDAP_NO_SUCH_OBJECT ) rs->sr_err = LDAP_REFERRAL; } else { /* get entry with reader lock */ - e = dn2entry_r( be, nbase, &matched ); - err = e != NULL ? LDAP_SUCCESS : LDAP_REFERRAL; - text = NULL; + e = dn2entry_r( op->o_bd, &op->o_req_ndn, &matched ); + rs->sr_err = e != NULL ? LDAP_SUCCESS : LDAP_REFERRAL; + rs->sr_text = NULL; } if ( e == NULL ) { - char *matched_dn = NULL; - struct berval **refs = NULL; + struct berval matched_dn = BER_BVNULL; if ( matched != NULL ) { - matched_dn = ch_strdup( matched->e_dn ); - - refs = is_entry_referral( matched ) - ? get_entry_referrals( be, conn, op, matched ) - : NULL; + BerVarray erefs = NULL; + +#ifdef SLAP_ACL_HONOR_DISCLOSE + if ( ! access_allowed( op, matched, + slap_schema.si_ad_entry, + NULL, ACL_DISCLOSE, NULL ) ) + { + rs->sr_err = LDAP_NO_SUCH_OBJECT; + + } else +#endif /* SLAP_ACL_HONOR_DISCLOSE */ + { + ber_dupbv( &matched_dn, &matched->e_name ); + + erefs = is_entry_referral( matched ) + ? get_entry_referrals( op, matched ) + : NULL; + } cache_return_entry_r( &li->li_cache, matched ); + if ( erefs ) { + rs->sr_ref = referral_rewrite( erefs, &matched_dn, + &op->o_req_dn, op->ors_scope ); + + ber_bvarray_free( erefs ); + } + } else { - refs = default_referral; + rs->sr_ref = referral_rewrite( default_referral, + NULL, &op->o_req_dn, op->ors_scope ); } - send_ldap_result( conn, op, err, - matched_dn, text, refs, NULL ); + ldap_pvt_thread_rdwr_runlock(&li->li_giant_rwlock); + + rs->sr_matched = matched_dn.bv_val; + send_ldap_result( op, rs ); - if( matched != NULL ) { - ber_bvecfree( refs ); - free( matched_dn ); + ber_bvarray_free( rs->sr_ref ); + ber_memfree( matched_dn.bv_val ); + rs->sr_ref = NULL; + rs->sr_matched = NULL; + return rs->sr_err; + } + +#ifdef SLAP_ACL_HONOR_DISCLOSE + /* NOTE: __NEW__ "search" access is required + * on searchBase object */ + if ( ! access_allowed_mask( op, e, slap_schema.si_ad_entry, + NULL, ACL_SEARCH, NULL, &mask ) ) + { + if ( !ACL_GRANT( mask, ACL_DISCLOSE ) ) { + rs->sr_err = LDAP_NO_SUCH_OBJECT; + } else { + rs->sr_err = LDAP_INSUFFICIENT_ACCESS; } - return 1; + cache_return_entry_r( &li->li_cache, e ); + ldap_pvt_thread_rdwr_runlock(&li->li_giant_rwlock); + + send_ldap_result( op, rs ); + return rs->sr_err; } +#endif /* SLAP_ACL_HONOR_DISCLOSE */ - if (!manageDSAit && is_entry_referral( e ) ) { + if ( !manageDSAit && is_entry_referral( e ) ) { /* entry is a referral, don't allow add */ - char *matched_dn = ch_strdup( e->e_dn ); - struct berval **refs = get_entry_referrals( be, - conn, op, e ); + struct berval matched_dn = BER_BVNULL; + BerVarray erefs = NULL; + + rs->sr_ref = NULL; + rs->sr_err = LDAP_OTHER; + rs->sr_text = "bad referral object"; + + ber_dupbv( &matched_dn, &e->e_name ); + erefs = get_entry_referrals( op, e ); cache_return_entry_r( &li->li_cache, e ); + ldap_pvt_thread_rdwr_runlock(&li->li_giant_rwlock); -#ifdef NEW_LOGGING - LDAP_LOG(( "backend", LDAP_LEVEL_INFO, - "ldbm_search: entry (%s) is a referral.\n", - e->e_dn )); -#else Debug( LDAP_DEBUG_TRACE, "ldbm_search: entry is referral\n", 0, 0, 0 ); -#endif + if ( erefs ) { + rs->sr_ref = referral_rewrite( erefs, &matched_dn, + &op->o_req_dn, op->ors_scope ); - send_ldap_result( conn, op, LDAP_REFERRAL, - matched_dn, NULL, refs, NULL ); - - ber_bvecfree( refs ); - free( matched_dn ); + ber_bvarray_free( erefs ); + + if ( rs->sr_ref ) { + rs->sr_err = LDAP_REFERRAL; + rs->sr_text = NULL; + } + } - return 1; + rs->sr_matched = matched_dn.bv_val; + send_ldap_result( op, rs ); + ber_bvarray_free( rs->sr_ref ); + ber_memfree( matched_dn.bv_val ); + rs->sr_ref = NULL; + rs->sr_matched = NULL; + return rs->sr_err; } if ( is_entry_alias( e ) ) { /* don't deref */ - deref = LDAP_DEREF_NEVER; + op->ors_deref = LDAP_DEREF_NEVER; } - if ( scope == LDAP_SCOPE_BASE ) { - candidates = base_candidate( be, e ); + if ( op->ors_scope == LDAP_SCOPE_BASE ) { + candidates = base_candidate( op->o_bd, e ); } else { - candidates = search_candidates( be, e, filter, - scope, deref, manageDSAit ); + candidates = search_candidates( op, e, op->ors_filter, + op->ors_scope, op->ors_deref, manageDSAit ); } /* need normalized dn below */ - realbase = ch_strdup( e->e_ndn ); + ber_dupbv( &realbase, &e->e_nname ); cache_return_entry_r( &li->li_cache, e ); searchit: if ( candidates == NULL ) { /* no candidates */ -#ifdef NEW_LOGGING - LDAP_LOG(( "backend", LDAP_LEVEL_INFO, - "ldbm_search: no candidates\n" )); -#else Debug( LDAP_DEBUG_TRACE, "ldbm_search: no candidates\n", 0, 0, 0 ); -#endif - - send_search_result( conn, op, - LDAP_SUCCESS, - NULL, NULL, NULL, NULL, 0 ); + rs->sr_err = LDAP_SUCCESS; + send_ldap_result( op, rs ); - rc = 1; + rc = LDAP_SUCCESS; goto done; } - /* if not root, get appropriate limits */ - if ( be_isroot( be, op->o_ndn ) ) { - isroot = 1; - } else { - ( void ) get_limits( be, op->o_ndn, &limit ); - } - /* if candidates exceed to-be-checked entries, abort */ - if ( !isroot && limit->lms_s_unchecked != -1 ) { - if ( ID_BLOCK_NIDS( candidates ) > limit->lms_s_unchecked ) { - send_search_result( conn, op, LDAP_UNWILLING_TO_PERFORM, - NULL, NULL, NULL, NULL, 0 ); - rc = 0; - goto done; - } + if ( op->ors_limit /* isroot == FALSE */ + && op->ors_limit->lms_s_unchecked != -1 + && ID_BLOCK_NIDS( candidates ) > (unsigned) op->ors_limit->lms_s_unchecked ) + { + send_ldap_error( op, rs, LDAP_ADMINLIMIT_EXCEEDED, NULL ); + rc = LDAP_SUCCESS; + goto done; } - /* if no time limit requested, use soft limit (unless root!) */ - if ( tlimit <= 0 ) { - if ( isroot ) { - tlimit = -1; /* allow root to set no limit */ - } else { - tlimit = limit->lms_t_soft; - } - - /* if requested limit higher than hard limit, abort */ - } else if ( tlimit > limit->lms_t_hard ) { - /* no hard limit means use soft instead */ - if ( limit->lms_t_hard == 0 ) { - tlimit = limit->lms_t_soft; - - /* positive hard limit means abort */ - } else if ( limit->lms_t_hard > 0 ) { - send_search_result( conn, op, LDAP_UNWILLING_TO_PERFORM, - NULL, NULL, NULL, NULL, 0 ); - rc = 0; - goto done; - } - - /* negative hard limit means no limit */ - } - /* compute it anyway; root does not use it */ - stoptime = op->o_time + tlimit; - - /* if no size limit requested, use soft limit (unless root!) */ - if ( slimit == 0 ) { - if ( isroot ) { - slimit = -1; /* allow root to set no limit */ - } else { - slimit = limit->lms_s_soft; - } - - /* if requested limit higher than hard limit, abort */ - } else if ( slimit > limit->lms_s_hard ) { - /* no hard limit means use soft instead */ - if ( limit->lms_s_hard == 0 ) { - slimit = limit->lms_s_soft; - - /* positive hard limit means abort */ - } else if ( limit->lms_s_hard > 0 ) { - send_search_result( conn, op, LDAP_UNWILLING_TO_PERFORM, - NULL, NULL, NULL, NULL, 0 ); - rc = 0; - goto done; - } - - /* negative hard limit means no limit */ - } + stoptime = op->o_time + op->ors_tlimit; + rs->sr_attrs = op->ors_attrs; for ( id = idl_firstid( candidates, &cursor ); id != NOID; id = idl_nextid( candidates, &cursor ) ) { - int scopeok = 0; + int scopeok = 0; + int result = 0; /* check for abandon */ - ldap_pvt_thread_mutex_lock( &op->o_abandonmutex ); - if ( op->o_abandon ) { - ldap_pvt_thread_mutex_unlock( &op->o_abandonmutex ); - rc = 0; + rc = SLAPD_ABANDON; goto done; } - ldap_pvt_thread_mutex_unlock( &op->o_abandonmutex ); - /* check time limit */ - if ( tlimit != -1 && slap_get_time() > stoptime ) { - send_search_result( conn, op, LDAP_TIMELIMIT_EXCEEDED, - NULL, NULL, v2refs, NULL, nentries ); - rc = 0; + if ( op->ors_tlimit != SLAP_NO_LIMIT + && slap_get_time() > stoptime ) + { + rs->sr_err = LDAP_TIMELIMIT_EXCEEDED; + send_ldap_result( op, rs ); + rc = LDAP_SUCCESS; goto done; } /* get the entry with reader lock */ - e = id2entry_r( be, id ); + e = id2entry_r( op->o_bd, id ); if ( e == NULL ) { -#ifdef NEW_LOGGING - LDAP_LOG(( "backend", LDAP_LEVEL_INFO, - "ldbm_search: candidate %ld not found.\n", id )); -#else Debug( LDAP_DEBUG_TRACE, "ldbm_search: candidate %ld not found\n", id, 0, 0 ); -#endif + goto loop_continue; + } + + rs->sr_entry = e; + if ( is_entry_subentry( e ) ) { + if( op->ors_scope != LDAP_SCOPE_BASE ) { + if(!get_subentries_visibility( op )) { + /* only subentries are visible */ + goto loop_continue; + } + } else if ( get_subentries( op ) && + !get_subentries_visibility( op )) + { + /* only subentries are visible */ + goto loop_continue; + } + } else if ( get_subentries_visibility( op )) { + /* only subentries are visible */ goto loop_continue; } - if ( deref & LDAP_DEREF_SEARCHING && is_entry_alias( e ) ) { + if ( op->ors_deref & LDAP_DEREF_SEARCHING && + is_entry_alias( e ) ) + { Entry *matched; int err; const char *text; - e = deref_entry_r( be, e, &err, &matched, &text ); + e = deref_entry_r( op->o_bd, e, &err, &matched, &text ); if( e == NULL ) { e = matched; @@ -313,163 +309,152 @@ searchit: } /* need to skip alias which deref into scope */ - if( scope & LDAP_SCOPE_ONELEVEL ) { - char *pdn = dn_parent( NULL, e->e_ndn ); - if ( pdn != NULL ) { - if( strcmp( pdn, realbase ) ) { - free( pdn ); - goto loop_continue; - } - free(pdn); + if( op->ors_scope == LDAP_SCOPE_ONELEVEL ) { + struct berval pdn; + dnParent( &e->e_nname, &pdn ); + if ( ber_bvcmp( &pdn, &realbase ) ) { + goto loop_continue; } - } else if ( dn_issuffix( e->e_ndn, realbase ) ) { + } else if ( dnIsSuffix( &e->e_nname, &realbase ) ) { /* alias is within scope */ -#ifdef NEW_LOGGING - LDAP_LOG(( "backend", LDAP_LEVEL_DETAIL1, - "ldbm_search: \"%s\" in subtree\n", e->e_dn )); -#else Debug( LDAP_DEBUG_TRACE, - "ldbm_search: \"%s\" in subtree\n", + "ldbm_search: alias \"%s\" in subtree\n", e->e_dn, 0, 0 ); -#endif goto loop_continue; } + rs->sr_entry = e; + scopeok = 1; } /* - * if it's a referral, add it to the list of referrals. only do - * this for non-base searches, and don't check the filter - * explicitly here since it's only a candidate anyway. + * If it's a referral, add it to the list of referrals. + * Only do this for non-base searches, and don't check + * the filter explicitly here since it's only a candidate + * anyway. */ - if ( !manageDSAit && scope != LDAP_SCOPE_BASE && + if ( !manageDSAit && op->ors_scope != LDAP_SCOPE_BASE && is_entry_referral( e ) ) { - char *dn; + struct berval dn; /* check scope */ - if ( !scopeok && scope == LDAP_SCOPE_ONELEVEL ) { - if ( (dn = dn_parent( be, e->e_ndn )) != NULL ) { - (void) dn_normalize( dn ); - scopeok = (dn == realbase) - ? 1 - : (strcmp( dn, realbase ) ? 0 : 1 ); - free( dn ); - + if ( !scopeok && op->ors_scope == LDAP_SCOPE_ONELEVEL ) { + if ( !be_issuffix( op->o_bd, &e->e_nname ) ) { + dnParent( &e->e_nname, &dn ); + scopeok = dn_match( &dn, &realbase ); } else { - scopeok = (realbase == NULL || *realbase == '\0'); + scopeok = (realbase.bv_len == 0); } - } else if ( !scopeok && scope == LDAP_SCOPE_SUBTREE ) { - dn = ch_strdup( e->e_ndn ); - scopeok = dn_issuffix( dn, realbase ); - free( dn ); + } else if ( !scopeok + && op->ors_scope == LDAP_SCOPE_SUBTREE ) + { + scopeok = dnIsSuffix( &e->e_nname, &realbase ); + +#ifdef LDAP_SCOPE_SUBORDINATE + } else if ( !scopeok + && op->ors_scope == LDAP_SCOPE_SUBORDINATE ) + { + scopeok = !dn_match( &e->e_nname, &realbase ) + && dnIsSuffix( &e->e_nname, &realbase ); +#endif } else { scopeok = 1; } if( scopeok ) { - struct berval **refs = get_entry_referrals( - be, conn, op, e ); + BerVarray erefs = get_entry_referrals( op, e ); + rs->sr_ref = referral_rewrite( erefs, + &e->e_name, NULL, + op->ors_scope == LDAP_SCOPE_ONELEVEL + ? LDAP_SCOPE_BASE + : LDAP_SCOPE_SUBTREE ); + + ber_bvarray_free( erefs ); - send_search_reference( be, conn, op, - e, refs, scope, NULL, &v2refs ); + send_search_reference( op, rs ); - ber_bvecfree( refs ); + ber_bvarray_free( rs->sr_ref ); + rs->sr_ref = NULL; } else { -#ifdef NEW_LOGGING - LDAP_LOG(( "backend", LDAP_LEVEL_DETAIL2, - "ldbm_search: candidate referral %ld scope not okay\n", - id )); -#else Debug( LDAP_DEBUG_TRACE, "ldbm_search: candidate referral %ld scope not okay\n", id, 0, 0 ); -#endif } goto loop_continue; } + if ( !manageDSAit && is_entry_glue( e )) { + goto loop_continue; + } + /* if it matches the filter and scope, send it */ - if ( test_filter( be, conn, op, e, filter ) == LDAP_COMPARE_TRUE ) { - char *dn; + result = test_filter( op, e, op->ors_filter ); - /* check scope */ - if ( !scopeok && scope == LDAP_SCOPE_ONELEVEL ) { - if ( (dn = dn_parent( be, e->e_ndn )) != NULL ) { - (void) dn_normalize( dn ); - scopeok = (dn == realbase) - ? 1 - : (strcmp( dn, realbase ) ? 0 : 1 ); - free( dn ); + if ( result == LDAP_COMPARE_TRUE ) { + struct berval dn; + /* check scope */ + if ( !scopeok && op->ors_scope == LDAP_SCOPE_ONELEVEL ) { + if ( !be_issuffix( op->o_bd, &e->e_nname ) ) { + dnParent( &e->e_nname, &dn ); + scopeok = dn_match( &dn, &realbase ); } else { - scopeok = (realbase == NULL || *realbase == '\0'); + scopeok = (realbase.bv_len == 0); } - } else if ( !scopeok && scope == LDAP_SCOPE_SUBTREE ) { - dn = ch_strdup( e->e_ndn ); - scopeok = dn_issuffix( dn, realbase ); - free( dn ); + } else if ( !scopeok && + op->ors_scope == LDAP_SCOPE_SUBTREE ) + { + scopeok = dnIsSuffix( &e->e_nname, &realbase ); + + } else if ( !scopeok && + op->ors_scope == LDAP_SCOPE_SUBORDINATE ) + { + scopeok = !dn_match( &e->e_nname, &realbase ) + && dnIsSuffix( &e->e_nname, &realbase ); } else { scopeok = 1; } if ( scopeok ) { - /* check size limit */ - if ( --slimit == -1 ) { - cache_return_entry_r( &li->li_cache, e ); - send_search_result( conn, op, - LDAP_SIZELIMIT_EXCEEDED, NULL, NULL, - v2refs, NULL, nentries ); - rc = 0; - goto done; - } - if (e) { - int result = send_search_entry(be, conn, op, - e, attrs, attrsonly, NULL); - - switch (result) { - case 0: /* entry sent ok */ - nentries++; - break; - case 1: /* entry not sent */ - break; - case -1: /* connection closed */ + rs->sr_flags = 0; + rs->sr_err = send_search_entry( op, rs ); + + switch ( rs->sr_err ) { + case LDAP_UNAVAILABLE: /* connection closed */ + cache_return_entry_r( &li->li_cache, e ); + rc = LDAP_SUCCESS; + goto done; + case LDAP_SIZELIMIT_EXCEEDED: cache_return_entry_r( &li->li_cache, e ); - rc = 0; + rc = rs->sr_err; + rs->sr_entry = NULL; + send_ldap_result( op, rs ); + rc = LDAP_SUCCESS; goto done; } } + } else { -#ifdef NEW_LOGGING - LDAP_LOG(( "backend", LDAP_LEVEL_DETAIL2, - "ldbm_search: candidate %ld scope not okay\n", id )); -#else Debug( LDAP_DEBUG_TRACE, - "ldbm_search: candidate %ld scope not okay\n", + "ldbm_search: candidate entry %ld scope not okay\n", id, 0, 0 ); -#endif - } + } else { -#ifdef NEW_LOGGING - LDAP_LOG(( "backend", LDAP_LEVEL_DETAIL2, - "ldbm_search: candidate %ld does not match filter\n", id )); -#else Debug( LDAP_DEBUG_TRACE, - "ldbm_search: candidate %ld does not match filter\n", + "ldbm_search: candidate entry %ld does not match filter\n", id, 0, 0 ); -#endif - } loop_continue: @@ -480,18 +465,21 @@ loop_continue: ldap_pvt_thread_yield(); } - send_search_result( conn, op, - v2refs == NULL ? LDAP_SUCCESS : LDAP_REFERRAL, - NULL, NULL, v2refs, NULL, nentries ); - rc = 0; + rs->sr_err = rs->sr_v2ref ? LDAP_REFERRAL : LDAP_SUCCESS; + rs->sr_ref = rs->sr_v2ref; + send_ldap_result( op, rs ); + + rc = LDAP_SUCCESS; done: + ldap_pvt_thread_rdwr_runlock(&li->li_giant_rwlock); + if( candidates != NULL ) idl_free( candidates ); - ber_bvecfree( v2refs ); - if( realbase ) free( realbase ); + if( rs->sr_v2ref ) ber_bvarray_free( rs->sr_v2ref ); + if( realbase.bv_val ) free( realbase.bv_val ); return rc; } @@ -503,13 +491,8 @@ base_candidate( { ID_BLOCK *idl; -#ifdef NEW_LOGGING - LDAP_LOG(( "backend", LDAP_LEVEL_ENTRY, - "base_candidate: base (%s)\n", e->e_dn )); -#else Debug(LDAP_DEBUG_TRACE, "base_candidates: base: \"%s\"\n", e->e_dn, 0, 0); -#endif idl = idl_alloc( 1 ); @@ -520,7 +503,7 @@ base_candidate( static ID_BLOCK * search_candidates( - Backend *be, + Operation *op, Entry *e, Filter *filter, int scope, @@ -530,18 +513,14 @@ search_candidates( ID_BLOCK *candidates; Filter f, fand, rf, af, xf; AttributeAssertion aa_ref, aa_alias; - static struct berval bv_ref = { sizeof("REFERRAL")-1, "REFERRAL" }; - static struct berval bv_alias = { sizeof("ALIAS")-1, "ALIAS" }; - -#ifdef NEW_LOGGING - LDAP_LOG(( "backend", LDAP_LEVEL_DETAIL1, - "search_candidates: base (%s) scope %d deref %d\n", - e->e_ndn, scope, deref )); -#else + struct berval bv_ref = { sizeof("referral")-1, "referral" }; + struct berval bv_alias = { sizeof("alias")-1, "alias" }; + Filter sf; + AttributeAssertion aa_subentry; + Debug(LDAP_DEBUG_TRACE, "search_candidates: base=\"%s\" s=%d d=%d\n", e->e_ndn, scope, deref ); -#endif xf.f_or = filter; @@ -553,7 +532,7 @@ search_candidates( rf.f_choice = LDAP_FILTER_EQUALITY; rf.f_ava = &aa_ref; rf.f_av_desc = slap_schema.si_ad_objectClass; - rf.f_av_value = &bv_ref; + rf.f_av_value = bv_ref; rf.f_next = xf.f_or; xf.f_or = &rf; } @@ -563,7 +542,7 @@ search_candidates( af.f_choice = LDAP_FILTER_EQUALITY; af.f_ava = &aa_alias; af.f_av_desc = slap_schema.si_ad_objectClass; - af.f_av_value = &bv_alias; + af.f_av_value = bv_alias; af.f_next = xf.f_or; xf.f_or = ⁡ } @@ -571,13 +550,22 @@ search_candidates( f.f_next = NULL; f.f_choice = LDAP_FILTER_AND; f.f_and = &fand; - fand.f_choice = scope == LDAP_SCOPE_SUBTREE - ? SLAPD_FILTER_DN_SUBTREE - : SLAPD_FILTER_DN_ONE; - fand.f_dn = e->e_ndn; + fand.f_choice = scope == LDAP_SCOPE_ONELEVEL + ? SLAPD_FILTER_DN_ONE + : SLAPD_FILTER_DN_SUBTREE; + fand.f_dn = &e->e_nname; fand.f_next = xf.f_or == filter ? filter : &xf ; - candidates = filter_candidates( be, &f ); + if ( get_subentries_visibility( op )) { + struct berval bv_subentry = { sizeof("SUBENTRY")-1, "SUBENTRY" }; + sf.f_choice = LDAP_FILTER_EQUALITY; + sf.f_ava = &aa_subentry; + sf.f_av_desc = slap_schema.si_ad_objectClass; + sf.f_av_value = bv_subentry; + sf.f_next = fand.f_next; + fand.f_next = &sf; + } + candidates = filter_candidates( op, &f ); return( candidates ); }