/* $OpenLDAP$ */ /* This work is part of OpenLDAP Software . * * Copyright 1999-2007 The OpenLDAP Foundation. * Portions Copyright 1999 Dmitry Kovalev. * Portions Copyright 2002 Pierangelo Masarati. * Portions Copyright 2004 Mark Adamson. * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted only as authorized by the OpenLDAP * Public License. * * A copy of this license is available in the file LICENSE in the * top-level directory of the distribution or, alternatively, at * . */ /* ACKNOWLEDGEMENTS: * This work was initially developed by Dmitry Kovalev for inclusion * by OpenLDAP Software. Additional significant contributors include * Pierangelo Masarati and Mark Adamson. */ #include "portable.h" #include #include #include "ac/string.h" #include "ac/ctype.h" #include "lutil.h" #include "slap.h" #include "proto-sql.h" static int backsql_process_filter( backsql_srch_info *bsi, Filter *f ); static int backsql_process_filter_eq( backsql_srch_info *bsi, backsql_at_map_rec *at, int casefold, struct berval *filter_value ); static int backsql_process_filter_like( backsql_srch_info *bsi, backsql_at_map_rec *at, int casefold, struct berval *filter_value ); static int backsql_process_filter_attr( backsql_srch_info *bsi, Filter *f, backsql_at_map_rec *at ); /* For LDAP_CONTROL_PAGEDRESULTS, a 32 bit cookie is available to keep track of the state of paged results. The ldap_entries.id and oc_map_id values of the last entry returned are used as the cookie, so 6 bits are used for the OC id and the other 26 for ldap_entries ID number. If your max(oc_map_id) is more than 63, you will need to steal more bits from ldap_entries ID number and put them into the OC ID part of the cookie. */ #define SQL_TO_PAGECOOKIE(id, oc) (((id) << 6 ) | ((oc) & 0x3F)) #define PAGECOOKIE_TO_SQL_ID(pc) ((pc) >> 6) #define PAGECOOKIE_TO_SQL_OC(pc) ((pc) & 0x3F) static int parse_paged_cookie( Operation *op, SlapReply *rs ); static void send_paged_response( Operation *op, SlapReply *rs, ID *lastid ); static int backsql_attrlist_add( backsql_srch_info *bsi, AttributeDescription *ad ) { int n_attrs = 0; AttributeName *an = NULL; if ( bsi->bsi_attrs == NULL ) { return 1; } /* * clear the list (retrieve all attrs) */ if ( ad == NULL ) { bsi->bsi_op->o_tmpfree( bsi->bsi_attrs, bsi->bsi_op->o_tmpmemctx ); bsi->bsi_attrs = NULL; bsi->bsi_flags |= BSQL_SF_ALL_ATTRS; return 1; } /* strip ';binary' */ if ( slap_ad_is_binary( ad ) ) { ad = ad->ad_type->sat_ad; } for ( ; !BER_BVISNULL( &bsi->bsi_attrs[ n_attrs ].an_name ); n_attrs++ ) { an = &bsi->bsi_attrs[ n_attrs ]; Debug( LDAP_DEBUG_TRACE, "==>backsql_attrlist_add(): " "attribute \"%s\" is in list\n", an->an_name.bv_val, 0, 0 ); /* * We can live with strcmp because the attribute * list has been normalized before calling be_search */ if ( !BACKSQL_NCMP( &an->an_name, &ad->ad_cname ) ) { return 1; } } Debug( LDAP_DEBUG_TRACE, "==>backsql_attrlist_add(): " "adding \"%s\" to list\n", ad->ad_cname.bv_val, 0, 0 ); an = (AttributeName *)bsi->bsi_op->o_tmprealloc( bsi->bsi_attrs, sizeof( AttributeName ) * ( n_attrs + 2 ), bsi->bsi_op->o_tmpmemctx ); if ( an == NULL ) { return -1; } an[ n_attrs ].an_name = ad->ad_cname; an[ n_attrs ].an_desc = ad; BER_BVZERO( &an[ n_attrs + 1 ].an_name ); bsi->bsi_attrs = an; return 1; } /* * Initializes the search structure. * * If get_base_id != 0, the field bsi_base_id is filled * with the entryID of bsi_base_ndn; it must be freed * by backsql_free_entryID() when no longer required. * * NOTE: base must be normalized */ int backsql_init_search( backsql_srch_info *bsi, struct berval *nbase, int scope, time_t stoptime, Filter *filter, SQLHDBC dbh, Operation *op, SlapReply *rs, AttributeName *attrs, unsigned flags ) { backsql_info *bi = (backsql_info *)op->o_bd->be_private; int rc = LDAP_SUCCESS; bsi->bsi_base_ndn = nbase; bsi->bsi_use_subtree_shortcut = 0; BER_BVZERO( &bsi->bsi_base_id.eid_dn ); BER_BVZERO( &bsi->bsi_base_id.eid_ndn ); bsi->bsi_scope = scope; bsi->bsi_filter = filter; bsi->bsi_dbh = dbh; bsi->bsi_op = op; bsi->bsi_rs = rs; bsi->bsi_flags = BSQL_SF_NONE; bsi->bsi_attrs = NULL; if ( BACKSQL_FETCH_ALL_ATTRS( bi ) ) { /* * if requested, simply try to fetch all attributes */ bsi->bsi_flags |= BSQL_SF_ALL_ATTRS; } else { if ( BACKSQL_FETCH_ALL_USERATTRS( bi ) ) { bsi->bsi_flags |= BSQL_SF_ALL_USER; } else if ( BACKSQL_FETCH_ALL_OPATTRS( bi ) ) { bsi->bsi_flags |= BSQL_SF_ALL_OPER; } if ( attrs == NULL ) { /* NULL means all user attributes */ bsi->bsi_flags |= BSQL_SF_ALL_USER; } else { AttributeName *p; int got_oc = 0; bsi->bsi_attrs = (AttributeName *)bsi->bsi_op->o_tmpalloc( sizeof( AttributeName ), bsi->bsi_op->o_tmpmemctx ); BER_BVZERO( &bsi->bsi_attrs[ 0 ].an_name ); for ( p = attrs; !BER_BVISNULL( &p->an_name ); p++ ) { if ( BACKSQL_NCMP( &p->an_name, &AllUser ) == 0 ) { /* handle "*" */ bsi->bsi_flags |= BSQL_SF_ALL_USER; /* if all attrs are requested, there's * no need to continue */ if ( BSQL_ISF_ALL_ATTRS( bsi ) ) { bsi->bsi_op->o_tmpfree( bsi->bsi_attrs, bsi->bsi_op->o_tmpmemctx ); bsi->bsi_attrs = NULL; break; } continue; } else if ( BACKSQL_NCMP( &p->an_name, &AllOper ) == 0 ) { /* handle "+" */ bsi->bsi_flags |= BSQL_SF_ALL_OPER; /* if all attrs are requested, there's * no need to continue */ if ( BSQL_ISF_ALL_ATTRS( bsi ) ) { bsi->bsi_op->o_tmpfree( bsi->bsi_attrs, bsi->bsi_op->o_tmpmemctx ); bsi->bsi_attrs = NULL; break; } continue; } else if ( BACKSQL_NCMP( &p->an_name, &NoAttrs ) == 0 ) { /* ignore "1.1" */ continue; } else if ( p->an_desc == slap_schema.si_ad_objectClass ) { got_oc = 1; } backsql_attrlist_add( bsi, p->an_desc ); } if ( got_oc == 0 && !( bsi->bsi_flags & BSQL_SF_ALL_USER ) ) { /* add objectClass if not present, * because it is required to understand * if an entry is a referral, an alias * or so... */ backsql_attrlist_add( bsi, slap_schema.si_ad_objectClass ); } } if ( !BSQL_ISF_ALL_ATTRS( bsi ) && bi->sql_anlist ) { AttributeName *p; /* use hints if available */ for ( p = bi->sql_anlist; !BER_BVISNULL( &p->an_name ); p++ ) { if ( BACKSQL_NCMP( &p->an_name, &AllUser ) == 0 ) { /* handle "*" */ bsi->bsi_flags |= BSQL_SF_ALL_USER; /* if all attrs are requested, there's * no need to continue */ if ( BSQL_ISF_ALL_ATTRS( bsi ) ) { bsi->bsi_op->o_tmpfree( bsi->bsi_attrs, bsi->bsi_op->o_tmpmemctx ); bsi->bsi_attrs = NULL; break; } continue; } else if ( BACKSQL_NCMP( &p->an_name, &AllOper ) == 0 ) { /* handle "+" */ bsi->bsi_flags |= BSQL_SF_ALL_OPER; /* if all attrs are requested, there's * no need to continue */ if ( BSQL_ISF_ALL_ATTRS( bsi ) ) { bsi->bsi_op->o_tmpfree( bsi->bsi_attrs, bsi->bsi_op->o_tmpmemctx ); bsi->bsi_attrs = NULL; break; } continue; } backsql_attrlist_add( bsi, p->an_desc ); } } } bsi->bsi_id_list = NULL; bsi->bsi_id_listtail = &bsi->bsi_id_list; bsi->bsi_n_candidates = 0; bsi->bsi_stoptime = stoptime; BER_BVZERO( &bsi->bsi_sel.bb_val ); bsi->bsi_sel.bb_len = 0; BER_BVZERO( &bsi->bsi_from.bb_val ); bsi->bsi_from.bb_len = 0; BER_BVZERO( &bsi->bsi_join_where.bb_val ); bsi->bsi_join_where.bb_len = 0; BER_BVZERO( &bsi->bsi_flt_where.bb_val ); bsi->bsi_flt_where.bb_len = 0; bsi->bsi_filter_oc = NULL; if ( BACKSQL_IS_GET_ID( flags ) ) { int matched = BACKSQL_IS_MATCHED( flags ); int getentry = BACKSQL_IS_GET_ENTRY( flags ); int gotit = 0; assert( op->o_bd->be_private != NULL ); rc = backsql_dn2id( op, rs, dbh, nbase, &bsi->bsi_base_id, matched, 1 ); /* the entry is collected either if requested for by getentry * or if get noSuchObject and requested to climb the tree, * so that a matchedDN or a referral can be returned */ if ( ( rc == LDAP_NO_SUCH_OBJECT && matched ) || getentry ) { if ( !BER_BVISNULL( &bsi->bsi_base_id.eid_ndn ) ) { assert( bsi->bsi_e != NULL ); if ( dn_match( nbase, &bsi->bsi_base_id.eid_ndn ) ) { gotit = 1; } /* * let's see if it is a referral and, in case, get it */ backsql_attrlist_add( bsi, slap_schema.si_ad_ref ); rc = backsql_id2entry( bsi, &bsi->bsi_base_id ); if ( rc == LDAP_SUCCESS ) { if ( is_entry_referral( bsi->bsi_e ) ) { BerVarray erefs = get_entry_referrals( op, bsi->bsi_e ); if ( erefs ) { rc = rs->sr_err = LDAP_REFERRAL; rs->sr_ref = referral_rewrite( erefs, &bsi->bsi_e->e_nname, &op->o_req_dn, scope ); ber_bvarray_free( erefs ); } else { rc = rs->sr_err = LDAP_OTHER; rs->sr_text = "bad referral object"; } } else if ( !gotit ) { rc = rs->sr_err = LDAP_NO_SUCH_OBJECT; } } } else { rs->sr_err = rc; } } if ( gotit && BACKSQL_IS_GET_OC( flags ) ) { bsi->bsi_base_id.eid_oc = backsql_id2oc( bi, bsi->bsi_base_id.eid_oc_id ); if ( bsi->bsi_base_id.eid_oc == NULL ) { /* error? */ backsql_free_entryID( &bsi->bsi_base_id, 1, op->o_tmpmemctx ); rc = rs->sr_err = LDAP_OTHER; } } } bsi->bsi_status = rc; switch ( rc ) { case LDAP_SUCCESS: case LDAP_REFERRAL: break; default: bsi->bsi_op->o_tmpfree( bsi->bsi_attrs, bsi->bsi_op->o_tmpmemctx ); break; } return rc; } static int backsql_process_filter_list( backsql_srch_info *bsi, Filter *f, int op ) { int res; if ( !f ) { return 0; } backsql_strfcat_x( &bsi->bsi_flt_where, bsi->bsi_op->o_tmpmemctx, "c", '(' /* ) */ ); while ( 1 ) { res = backsql_process_filter( bsi, f ); if ( res < 0 ) { /* * TimesTen : If the query has no answers, * don't bother to run the query. */ return -1; } f = f->f_next; if ( f == NULL ) { break; } switch ( op ) { case LDAP_FILTER_AND: backsql_strfcat_x( &bsi->bsi_flt_where, bsi->bsi_op->o_tmpmemctx, "l", (ber_len_t)STRLENOF( " AND " ), " AND " ); break; case LDAP_FILTER_OR: backsql_strfcat_x( &bsi->bsi_flt_where, bsi->bsi_op->o_tmpmemctx, "l", (ber_len_t)STRLENOF( " OR " ), " OR " ); break; } } backsql_strfcat_x( &bsi->bsi_flt_where, bsi->bsi_op->o_tmpmemctx, "c", /* ( */ ')' ); return 1; } static int backsql_process_sub_filter( backsql_srch_info *bsi, Filter *f, backsql_at_map_rec *at ) { backsql_info *bi = (backsql_info *)bsi->bsi_op->o_bd->be_private; int i; int casefold = 0; if ( !f ) { return 0; } /* always uppercase strings by now */ #ifdef BACKSQL_UPPERCASE_FILTER if ( f->f_sub_desc->ad_type->sat_substr && SLAP_MR_ASSOCIATED( f->f_sub_desc->ad_type->sat_substr, bi->sql_caseIgnoreMatch ) ) #endif /* BACKSQL_UPPERCASE_FILTER */ { casefold = 1; } if ( f->f_sub_desc->ad_type->sat_substr && SLAP_MR_ASSOCIATED( f->f_sub_desc->ad_type->sat_substr, bi->sql_telephoneNumberMatch ) ) { struct berval bv; ber_len_t i, s, a; /* * to check for matching telephone numbers * with intermixed chars, e.g. val='1234' * use * * val LIKE '%1%2%3%4%' */ BER_BVZERO( &bv ); if ( f->f_sub_initial.bv_val ) { bv.bv_len += f->f_sub_initial.bv_len; } if ( f->f_sub_any != NULL ) { for ( a = 0; f->f_sub_any[ a ].bv_val != NULL; a++ ) { bv.bv_len += f->f_sub_any[ a ].bv_len; } } if ( f->f_sub_final.bv_val ) { bv.bv_len += f->f_sub_final.bv_len; } bv.bv_len = 2 * bv.bv_len - 1; bv.bv_val = ch_malloc( bv.bv_len + 1 ); s = 0; if ( !BER_BVISNULL( &f->f_sub_initial ) ) { bv.bv_val[ s ] = f->f_sub_initial.bv_val[ 0 ]; for ( i = 1; i < f->f_sub_initial.bv_len; i++ ) { bv.bv_val[ s + 2 * i - 1 ] = '%'; bv.bv_val[ s + 2 * i ] = f->f_sub_initial.bv_val[ i ]; } bv.bv_val[ s + 2 * i - 1 ] = '%'; s += 2 * i; } if ( f->f_sub_any != NULL ) { for ( a = 0; !BER_BVISNULL( &f->f_sub_any[ a ] ); a++ ) { bv.bv_val[ s ] = f->f_sub_any[ a ].bv_val[ 0 ]; for ( i = 1; i < f->f_sub_any[ a ].bv_len; i++ ) { bv.bv_val[ s + 2 * i - 1 ] = '%'; bv.bv_val[ s + 2 * i ] = f->f_sub_any[ a ].bv_val[ i ]; } bv.bv_val[ s + 2 * i - 1 ] = '%'; s += 2 * i; } } if ( !BER_BVISNULL( &f->f_sub_final ) ) { bv.bv_val[ s ] = f->f_sub_final.bv_val[ 0 ]; for ( i = 1; i < f->f_sub_final.bv_len; i++ ) { bv.bv_val[ s + 2 * i - 1 ] = '%'; bv.bv_val[ s + 2 * i ] = f->f_sub_final.bv_val[ i ]; } bv.bv_val[ s + 2 * i - 1 ] = '%'; s += 2 * i; } bv.bv_val[ s - 1 ] = '\0'; (void)backsql_process_filter_like( bsi, at, casefold, &bv ); ch_free( bv.bv_val ); return 1; } /* * When dealing with case-sensitive strings * we may omit normalization; however, normalized * SQL filters are more liberal. */ backsql_strfcat_x( &bsi->bsi_flt_where, bsi->bsi_op->o_tmpmemctx, "c", '(' /* ) */ ); /* TimesTen */ Debug( LDAP_DEBUG_TRACE, "backsql_process_sub_filter(%s):\n", at->bam_ad->ad_cname.bv_val, 0, 0 ); Debug(LDAP_DEBUG_TRACE, " expr: '%s%s%s'\n", at->bam_sel_expr.bv_val, at->bam_sel_expr_u.bv_val ? "' '" : "", at->bam_sel_expr_u.bv_val ? at->bam_sel_expr_u.bv_val : "" ); if ( casefold && BACKSQL_AT_CANUPPERCASE( at ) ) { /* * If a pre-upper-cased version of the column * or a precompiled upper function exists, use it */ backsql_strfcat_x( &bsi->bsi_flt_where, bsi->bsi_op->o_tmpmemctx, "bl", &at->bam_sel_expr_u, (ber_len_t)STRLENOF( " LIKE '" ), " LIKE '" ); } else { backsql_strfcat_x( &bsi->bsi_flt_where, bsi->bsi_op->o_tmpmemctx, "bl", &at->bam_sel_expr, (ber_len_t)STRLENOF( " LIKE '" ), " LIKE '" ); } if ( !BER_BVISNULL( &f->f_sub_initial ) ) { ber_len_t start; #ifdef BACKSQL_TRACE Debug( LDAP_DEBUG_TRACE, "==>backsql_process_sub_filter(%s): " "sub_initial=\"%s\"\n", at->bam_ad->ad_cname.bv_val, f->f_sub_initial.bv_val, 0 ); #endif /* BACKSQL_TRACE */ start = bsi->bsi_flt_where.bb_val.bv_len; backsql_strfcat_x( &bsi->bsi_flt_where, bsi->bsi_op->o_tmpmemctx, "b", &f->f_sub_initial ); if ( casefold && BACKSQL_AT_CANUPPERCASE( at ) ) { ldap_pvt_str2upper( &bsi->bsi_flt_where.bb_val.bv_val[ start ] ); } } backsql_strfcat_x( &bsi->bsi_flt_where, bsi->bsi_op->o_tmpmemctx, "c", '%' ); if ( f->f_sub_any != NULL ) { for ( i = 0; !BER_BVISNULL( &f->f_sub_any[ i ] ); i++ ) { ber_len_t start; #ifdef BACKSQL_TRACE Debug( LDAP_DEBUG_TRACE, "==>backsql_process_sub_filter(%s): " "sub_any[%d]=\"%s\"\n", at->bam_ad->ad_cname.bv_val, i, f->f_sub_any[ i ].bv_val ); #endif /* BACKSQL_TRACE */ start = bsi->bsi_flt_where.bb_val.bv_len; backsql_strfcat_x( &bsi->bsi_flt_where, bsi->bsi_op->o_tmpmemctx, "bc", &f->f_sub_any[ i ], '%' ); if ( casefold && BACKSQL_AT_CANUPPERCASE( at ) ) { /* * Note: toupper('%') = '%' */ ldap_pvt_str2upper( &bsi->bsi_flt_where.bb_val.bv_val[ start ] ); } } } if ( !BER_BVISNULL( &f->f_sub_final ) ) { ber_len_t start; #ifdef BACKSQL_TRACE Debug( LDAP_DEBUG_TRACE, "==>backsql_process_sub_filter(%s): " "sub_final=\"%s\"\n", at->bam_ad->ad_cname.bv_val, f->f_sub_final.bv_val, 0 ); #endif /* BACKSQL_TRACE */ start = bsi->bsi_flt_where.bb_val.bv_len; backsql_strfcat_x( &bsi->bsi_flt_where, bsi->bsi_op->o_tmpmemctx, "b", &f->f_sub_final ); if ( casefold && BACKSQL_AT_CANUPPERCASE( at ) ) { ldap_pvt_str2upper( &bsi->bsi_flt_where.bb_val.bv_val[ start ] ); } } backsql_strfcat_x( &bsi->bsi_flt_where, bsi->bsi_op->o_tmpmemctx, "l", (ber_len_t)STRLENOF( /* (' */ "')" ), /* (' */ "')" ); return 1; } static int backsql_merge_from_tbls( backsql_srch_info *bsi, struct berval *from_tbls ) { if ( BER_BVISNULL( from_tbls ) ) { return LDAP_SUCCESS; } if ( !BER_BVISNULL( &bsi->bsi_from.bb_val ) ) { char *start, *end; struct berval tmp; ber_dupbv_x( &tmp, from_tbls, bsi->bsi_op->o_tmpmemctx ); for ( start = tmp.bv_val, end = strchr( start, ',' ); start; ) { if ( end ) { end[0] = '\0'; } if ( strstr( bsi->bsi_from.bb_val.bv_val, start) == NULL ) { backsql_strfcat_x( &bsi->bsi_from, bsi->bsi_op->o_tmpmemctx, "cs", ',', start ); } if ( end ) { /* in case there are spaces after the comma... */ for ( start = &end[1]; isspace( start[0] ); start++ ); if ( start[0] ) { end = strchr( start, ',' ); } else { start = NULL; } } else { start = NULL; } } bsi->bsi_op->o_tmpfree( tmp.bv_val, bsi->bsi_op->o_tmpmemctx ); } else { backsql_strfcat_x( &bsi->bsi_from, bsi->bsi_op->o_tmpmemctx, "b", from_tbls ); } return LDAP_SUCCESS; } static int backsql_process_filter( backsql_srch_info *bsi, Filter *f ) { backsql_at_map_rec **vat = NULL; AttributeDescription *ad = NULL; unsigned i; int done = 0; int rc = 0; Debug( LDAP_DEBUG_TRACE, "==>backsql_process_filter()\n", 0, 0, 0 ); if ( f->f_choice == SLAPD_FILTER_COMPUTED ) { struct berval flt; char *msg = NULL; switch ( f->f_result ) { case LDAP_COMPARE_TRUE: BER_BVSTR( &flt, "10=10" ); msg = "TRUE"; break; case LDAP_COMPARE_FALSE: BER_BVSTR( &flt, "11=0" ); msg = "FALSE"; break; case SLAPD_COMPARE_UNDEFINED: BER_BVSTR( &flt, "12=0" ); msg = "UNDEFINED"; break; default: rc = -1; goto done; } Debug( LDAP_DEBUG_TRACE, "backsql_process_filter(): " "filter computed (%s)\n", msg, 0, 0 ); backsql_strfcat_x( &bsi->bsi_flt_where, bsi->bsi_op->o_tmpmemctx, "b", &flt ); rc = 1; goto done; } switch( f->f_choice ) { case LDAP_FILTER_OR: rc = backsql_process_filter_list( bsi, f->f_or, LDAP_FILTER_OR ); done = 1; break; case LDAP_FILTER_AND: rc = backsql_process_filter_list( bsi, f->f_and, LDAP_FILTER_AND ); done = 1; break; case LDAP_FILTER_NOT: backsql_strfcat_x( &bsi->bsi_flt_where, bsi->bsi_op->o_tmpmemctx, "l", (ber_len_t)STRLENOF( "NOT (" /* ) */ ), "NOT (" /* ) */ ); rc = backsql_process_filter( bsi, f->f_not ); backsql_strfcat_x( &bsi->bsi_flt_where, bsi->bsi_op->o_tmpmemctx, "c", /* ( */ ')' ); done = 1; break; case LDAP_FILTER_PRESENT: ad = f->f_desc; break; case LDAP_FILTER_EXT: ad = f->f_mra->ma_desc; if ( f->f_mr_dnattrs ) { /* * if dn attrs filtering is requested, better return * success and let test_filter() deal with candidate * selection; otherwise we'd need to set conditions * on the contents of the DN, e.g. "SELECT ... FROM * ldap_entries AS attributeName WHERE attributeName.dn * like '%attributeName=value%'" */ backsql_strfcat_x( &bsi->bsi_flt_where, bsi->bsi_op->o_tmpmemctx, "l", (ber_len_t)STRLENOF( "1=1" ), "1=1" ); bsi->bsi_status = LDAP_SUCCESS; rc = 1; goto done; } break; default: ad = f->f_av_desc; break; } if ( rc == -1 ) { goto done; } if ( done ) { rc = 1; goto done; } /* * Turn structuralObjectClass into objectClass */ if ( ad == slap_schema.si_ad_objectClass || ad == slap_schema.si_ad_structuralObjectClass ) { /* * If the filter is LDAP_FILTER_PRESENT, then it's done; * otherwise, let's see if we are lucky: filtering * for "structural" objectclass or ancestor... */ switch ( f->f_choice ) { case LDAP_FILTER_EQUALITY: { ObjectClass *oc = oc_bvfind( &f->f_av_value ); if ( oc == NULL ) { Debug( LDAP_DEBUG_TRACE, "backsql_process_filter(): " "unknown objectClass \"%s\" " "in filter\n", f->f_av_value.bv_val, 0, 0 ); bsi->bsi_status = LDAP_OTHER; rc = -1; goto done; } /* * "structural" objectClass inheritance: * - a search for "person" will also return * "inetOrgPerson" * - a search for "top" will return everything */ if ( is_object_subclass( oc, bsi->bsi_oc->bom_oc ) ) { static struct berval ldap_entry_objclasses = BER_BVC( "ldap_entry_objclasses" ); backsql_merge_from_tbls( bsi, &ldap_entry_objclasses ); backsql_strfcat_x( &bsi->bsi_flt_where, bsi->bsi_op->o_tmpmemctx, "lbl", (ber_len_t)STRLENOF( "(2=2 OR (ldap_entries.id=ldap_entry_objclasses.entry_id AND ldap_entry_objclasses.oc_name='" /* ')) */ ), "(2=2 OR (ldap_entries.id=ldap_entry_objclasses.entry_id AND ldap_entry_objclasses.oc_name='" /* ')) */, &bsi->bsi_oc->bom_oc->soc_cname, (ber_len_t)STRLENOF( /* ((' */ "'))" ), /* ((' */ "'))" ); bsi->bsi_status = LDAP_SUCCESS; rc = 1; goto done; } break; } case LDAP_FILTER_PRESENT: backsql_strfcat_x( &bsi->bsi_flt_where, bsi->bsi_op->o_tmpmemctx, "l", (ber_len_t)STRLENOF( "3=3" ), "3=3" ); bsi->bsi_status = LDAP_SUCCESS; rc = 1; goto done; /* FIXME: LDAP_FILTER_EXT? */ default: Debug( LDAP_DEBUG_TRACE, "backsql_process_filter(): " "illegal/unhandled filter " "on objectClass attribute", 0, 0, 0 ); bsi->bsi_status = LDAP_OTHER; rc = -1; goto done; } } else if ( ad == slap_schema.si_ad_entryUUID ) { unsigned long oc_id; #ifdef BACKSQL_ARBITRARY_KEY struct berval keyval; #else /* ! BACKSQL_ARBITRARY_KEY */ unsigned long keyval; char keyvalbuf[] = "18446744073709551615"; #endif /* ! BACKSQL_ARBITRARY_KEY */ switch ( f->f_choice ) { case LDAP_FILTER_EQUALITY: backsql_entryUUID_decode( &f->f_av_value, &oc_id, &keyval ); if ( oc_id != bsi->bsi_oc->bom_id ) { bsi->bsi_status = LDAP_SUCCESS; rc = -1; goto done; } #ifdef BACKSQL_ARBITRARY_KEY backsql_strfcat_x( &bsi->bsi_flt_where, bsi->bsi_op->o_tmpmemctx, "bcblbc", &bsi->bsi_oc->bom_keytbl, '.', &bsi->bsi_oc->bom_keycol, STRLENOF( " LIKE '" ), " LIKE '", &keyval, '\'' ); #else /* ! BACKSQL_ARBITRARY_KEY */ snprintf( keyvalbuf, sizeof( keyvalbuf ), "%lu", keyval ); backsql_strfcat_x( &bsi->bsi_flt_where, bsi->bsi_op->o_tmpmemctx, "bcbcs", &bsi->bsi_oc->bom_keytbl, '.', &bsi->bsi_oc->bom_keycol, '=', keyvalbuf ); #endif /* ! BACKSQL_ARBITRARY_KEY */ break; case LDAP_FILTER_PRESENT: backsql_strfcat_x( &bsi->bsi_flt_where, bsi->bsi_op->o_tmpmemctx, "l", (ber_len_t)STRLENOF( "4=4" ), "4=4" ); break; default: rc = -1; goto done; } bsi->bsi_flags |= BSQL_SF_FILTER_ENTRYUUID; rc = 1; goto done; #ifdef BACKSQL_SYNCPROV } else if ( ad == slap_schema.si_ad_entryCSN ) { /* * support for syncrepl as producer... */ #if 0 if ( !bsi->bsi_op->o_sync ) { /* unsupported at present... */ bsi->bsi_status = LDAP_OTHER; rc = -1; goto done; } #endif bsi->bsi_flags |= ( BSQL_SF_FILTER_ENTRYCSN | BSQL_SF_RETURN_ENTRYUUID); /* if doing a syncrepl, try to return as much as possible, * and always match the filter */ backsql_strfcat_x( &bsi->bsi_flt_where, bsi->bsi_op->o_tmpmemctx, "l", (ber_len_t)STRLENOF( "5=5" ), "5=5" ); /* save for later use in operational attributes */ /* FIXME: saves only the first occurrence, because * the filter during updates is written as * "(&(entryCSN<={contextCSN})(entryCSN>={oldContextCSN})({filter}))" * so we want our fake entryCSN to match the greatest * value */ if ( bsi->bsi_op->o_private == NULL ) { bsi->bsi_op->o_private = &f->f_av_value; } bsi->bsi_status = LDAP_SUCCESS; rc = 1; goto done; #endif /* BACKSQL_SYNCPROV */ } else if ( ad == slap_schema.si_ad_hasSubordinates || ad == NULL ) { /* * FIXME: this is not robust; e.g. a filter * '(!(hasSubordinates=TRUE))' fails because * in SQL it would read 'NOT (1=1)' instead * of no condition. * Note however that hasSubordinates is boolean, * so a more appropriate filter would be * '(hasSubordinates=FALSE)' * * A more robust search for hasSubordinates * would * require joining the ldap_entries table * selecting if there are descendants of the * candidate. */ backsql_strfcat_x( &bsi->bsi_flt_where, bsi->bsi_op->o_tmpmemctx, "l", (ber_len_t)STRLENOF( "6=6" ), "6=6" ); if ( ad == slap_schema.si_ad_hasSubordinates ) { /* * instruct candidate selection algorithm * and attribute list to try to detect * if an entry has subordinates */ bsi->bsi_flags |= BSQL_SF_FILTER_HASSUBORDINATE; } else { /* * clear attributes to fetch, to require ALL * and try extended match on all attributes */ backsql_attrlist_add( bsi, NULL ); } rc = 1; goto done; } /* * attribute inheritance: */ if ( backsql_supad2at( bsi->bsi_oc, ad, &vat ) ) { bsi->bsi_status = LDAP_OTHER; rc = -1; goto done; } if ( vat == NULL ) { /* search anyway; other parts of the filter * may succeeed */ backsql_strfcat_x( &bsi->bsi_flt_where, bsi->bsi_op->o_tmpmemctx, "l", (ber_len_t)STRLENOF( "7=7" ), "7=7" ); bsi->bsi_status = LDAP_SUCCESS; rc = 1; goto done; } /* if required, open extra level of parens */ done = 0; if ( vat[0]->bam_next || vat[1] ) { backsql_strfcat_x( &bsi->bsi_flt_where, bsi->bsi_op->o_tmpmemctx, "c", '(' ); done = 1; } i = 0; next:; /* apply attr */ if ( backsql_process_filter_attr( bsi, f, vat[i] ) == -1 ) { return -1; } /* if more definitions of the same attr, apply */ if ( vat[i]->bam_next ) { backsql_strfcat_x( &bsi->bsi_flt_where, bsi->bsi_op->o_tmpmemctx, "l", STRLENOF( " OR " ), " OR " ); vat[i] = vat[i]->bam_next; goto next; } /* if more descendants of the same attr, apply */ i++; if ( vat[i] ) { backsql_strfcat_x( &bsi->bsi_flt_where, bsi->bsi_op->o_tmpmemctx, "l", STRLENOF( " OR " ), " OR " ); goto next; } /* if needed, close extra level of parens */ if ( done ) { backsql_strfcat_x( &bsi->bsi_flt_where, bsi->bsi_op->o_tmpmemctx, "c", ')' ); } rc = 1; done:; if ( vat ) { ch_free( vat ); } Debug( LDAP_DEBUG_TRACE, "<==backsql_process_filter() %s\n", rc == 1 ? "succeeded" : "failed", 0, 0); return rc; } static int backsql_process_filter_eq( backsql_srch_info *bsi, backsql_at_map_rec *at, int casefold, struct berval *filter_value ) { /* * maybe we should check type of at->sel_expr here somehow, * to know whether upper_func is applicable, but for now * upper_func stuff is made for Oracle, where UPPER is * safely applicable to NUMBER etc. */ if ( casefold && BACKSQL_AT_CANUPPERCASE( at ) ) { ber_len_t start; backsql_strfcat_x( &bsi->bsi_flt_where, bsi->bsi_op->o_tmpmemctx, "cbl", '(', /* ) */ &at->bam_sel_expr_u, (ber_len_t)STRLENOF( "='" ), "='" ); start = bsi->bsi_flt_where.bb_val.bv_len; backsql_strfcat_x( &bsi->bsi_flt_where, bsi->bsi_op->o_tmpmemctx, "bl", filter_value, (ber_len_t)STRLENOF( /* (' */ "')" ), /* (' */ "')" ); ldap_pvt_str2upper( &bsi->bsi_flt_where.bb_val.bv_val[ start ] ); } else { backsql_strfcat_x( &bsi->bsi_flt_where, bsi->bsi_op->o_tmpmemctx, "cblbl", '(', /* ) */ &at->bam_sel_expr, (ber_len_t)STRLENOF( "='" ), "='", filter_value, (ber_len_t)STRLENOF( /* (' */ "')" ), /* (' */ "')" ); } return 1; } static int backsql_process_filter_like( backsql_srch_info *bsi, backsql_at_map_rec *at, int casefold, struct berval *filter_value ) { /* * maybe we should check type of at->sel_expr here somehow, * to know whether upper_func is applicable, but for now * upper_func stuff is made for Oracle, where UPPER is * safely applicable to NUMBER etc. */ if ( casefold && BACKSQL_AT_CANUPPERCASE( at ) ) { ber_len_t start; backsql_strfcat_x( &bsi->bsi_flt_where, bsi->bsi_op->o_tmpmemctx, "cbl", '(', /* ) */ &at->bam_sel_expr_u, (ber_len_t)STRLENOF( " LIKE '%" ), " LIKE '%" ); start = bsi->bsi_flt_where.bb_val.bv_len; backsql_strfcat_x( &bsi->bsi_flt_where, bsi->bsi_op->o_tmpmemctx, "bl", filter_value, (ber_len_t)STRLENOF( /* (' */ "%')" ), /* (' */ "%')" ); ldap_pvt_str2upper( &bsi->bsi_flt_where.bb_val.bv_val[ start ] ); } else { backsql_strfcat_x( &bsi->bsi_flt_where, bsi->bsi_op->o_tmpmemctx, "cblbl", '(', /* ) */ &at->bam_sel_expr, (ber_len_t)STRLENOF( " LIKE '%" ), " LIKE '%", filter_value, (ber_len_t)STRLENOF( /* (' */ "%')" ), /* (' */ "%')" ); } return 1; } static int backsql_process_filter_attr( backsql_srch_info *bsi, Filter *f, backsql_at_map_rec *at ) { backsql_info *bi = (backsql_info *)bsi->bsi_op->o_bd->be_private; int casefold = 0; struct berval *filter_value = NULL; MatchingRule *matching_rule = NULL; struct berval ordering = BER_BVC("<="); Debug( LDAP_DEBUG_TRACE, "==>backsql_process_filter_attr(%s)\n", at->bam_ad->ad_cname.bv_val, 0, 0 ); /* * need to add this attribute to list of attrs to load, * so that we can do test_filter() later */ backsql_attrlist_add( bsi, at->bam_ad ); backsql_merge_from_tbls( bsi, &at->bam_from_tbls ); if ( !BER_BVISNULL( &at->bam_join_where ) && strstr( bsi->bsi_join_where.bb_val.bv_val, at->bam_join_where.bv_val ) == NULL ) { backsql_strfcat_x( &bsi->bsi_join_where, bsi->bsi_op->o_tmpmemctx, "lb", (ber_len_t)STRLENOF( " AND " ), " AND ", &at->bam_join_where ); } switch ( f->f_choice ) { case LDAP_FILTER_EQUALITY: filter_value = &f->f_av_value; matching_rule = at->bam_ad->ad_type->sat_equality; goto equality_match; /* fail over into next case */ case LDAP_FILTER_EXT: filter_value = &f->f_mra->ma_value; matching_rule = f->f_mr_rule; equality_match:; /* always uppercase strings by now */ #ifdef BACKSQL_UPPERCASE_FILTER if ( SLAP_MR_ASSOCIATED( matching_rule, bi->sql_caseIgnoreMatch ) ) #endif /* BACKSQL_UPPERCASE_FILTER */ { casefold = 1; } /* FIXME: directoryString filtering should use a similar * approach to deal with non-prettified values like * " A non prettified value ", by using a LIKE * filter with all whitespaces collapsed to a single '%' */ if ( SLAP_MR_ASSOCIATED( matching_rule, bi->sql_telephoneNumberMatch ) ) { struct berval bv; ber_len_t i; /* * to check for matching telephone numbers * with intermized chars, e.g. val='1234' * use * * val LIKE '%1%2%3%4%' */ bv.bv_len = 2 * filter_value->bv_len - 1; bv.bv_val = ch_malloc( bv.bv_len + 1 ); bv.bv_val[ 0 ] = filter_value->bv_val[ 0 ]; for ( i = 1; i < filter_value->bv_len; i++ ) { bv.bv_val[ 2 * i - 1 ] = '%'; bv.bv_val[ 2 * i ] = filter_value->bv_val[ i ]; } bv.bv_val[ 2 * i - 1 ] = '\0'; (void)backsql_process_filter_like( bsi, at, casefold, &bv ); ch_free( bv.bv_val ); break; } /* NOTE: this is required by objectClass inheritance * and auxiliary objectClass use in filters for slightly * more efficient candidate selection. */ /* FIXME: a bit too many specializations to deal with * very specific cases... */ if ( at->bam_ad == slap_schema.si_ad_objectClass || at->bam_ad == slap_schema.si_ad_structuralObjectClass ) { backsql_strfcat_x( &bsi->bsi_flt_where, bsi->bsi_op->o_tmpmemctx, "lbl", (ber_len_t)STRLENOF( "(ldap_entries.id=ldap_entry_objclasses.entry_id AND ldap_entry_objclasses.oc_name='" /* ') */ ), "(ldap_entries.id=ldap_entry_objclasses.entry_id AND ldap_entry_objclasses.oc_name='" /* ') */, filter_value, (ber_len_t)STRLENOF( /* (' */ "')" ), /* (' */ "')" ); break; } /* * maybe we should check type of at->sel_expr here somehow, * to know whether upper_func is applicable, but for now * upper_func stuff is made for Oracle, where UPPER is * safely applicable to NUMBER etc. */ (void)backsql_process_filter_eq( bsi, at, casefold, filter_value ); break; case LDAP_FILTER_GE: ordering.bv_val = ">="; /* fall thru to next case */ case LDAP_FILTER_LE: filter_value = &f->f_av_value; /* always uppercase strings by now */ #ifdef BACKSQL_UPPERCASE_FILTER if ( at->bam_ad->ad_type->sat_ordering && SLAP_MR_ASSOCIATED( at->bam_ad->ad_type->sat_ordering, bi->sql_caseIgnoreMatch ) ) #endif /* BACKSQL_UPPERCASE_FILTER */ { casefold = 1; } /* * FIXME: should we uppercase the operands? */ if ( casefold && BACKSQL_AT_CANUPPERCASE( at ) ) { ber_len_t start; backsql_strfcat_x( &bsi->bsi_flt_where, bsi->bsi_op->o_tmpmemctx, "cbbc", '(', /* ) */ &at->bam_sel_expr_u, &ordering, '\'' ); start = bsi->bsi_flt_where.bb_val.bv_len; backsql_strfcat_x( &bsi->bsi_flt_where, bsi->bsi_op->o_tmpmemctx, "bl", filter_value, (ber_len_t)STRLENOF( /* (' */ "')" ), /* (' */ "')" ); ldap_pvt_str2upper( &bsi->bsi_flt_where.bb_val.bv_val[ start ] ); } else { backsql_strfcat_x( &bsi->bsi_flt_where, bsi->bsi_op->o_tmpmemctx, "cbbcbl", '(' /* ) */ , &at->bam_sel_expr, &ordering, '\'', &f->f_av_value, (ber_len_t)STRLENOF( /* (' */ "')" ), /* ( */ "')" ); } break; case LDAP_FILTER_PRESENT: backsql_strfcat_x( &bsi->bsi_flt_where, bsi->bsi_op->o_tmpmemctx, "lbl", (ber_len_t)STRLENOF( "NOT (" /* ) */), "NOT (", /* ) */ &at->bam_sel_expr, (ber_len_t)STRLENOF( /* ( */ " IS NULL)" ), /* ( */ " IS NULL)" ); break; case LDAP_FILTER_SUBSTRINGS: backsql_process_sub_filter( bsi, f, at ); break; case LDAP_FILTER_APPROX: /* we do our best */ /* * maybe we should check type of at->sel_expr here somehow, * to know whether upper_func is applicable, but for now * upper_func stuff is made for Oracle, where UPPER is * safely applicable to NUMBER etc. */ (void)backsql_process_filter_like( bsi, at, 1, &f->f_av_value ); break; default: /* unhandled filter type; should not happen */ assert( 0 ); backsql_strfcat_x( &bsi->bsi_flt_where, bsi->bsi_op->o_tmpmemctx, "l", (ber_len_t)STRLENOF( "8=8" ), "8=8" ); break; } Debug( LDAP_DEBUG_TRACE, "<==backsql_process_filter_attr(%s)\n", at->bam_ad->ad_cname.bv_val, 0, 0 ); return 1; } static int backsql_srch_query( backsql_srch_info *bsi, struct berval *query ) { backsql_info *bi = (backsql_info *)bsi->bsi_op->o_bd->be_private; int rc; assert( query != NULL ); BER_BVZERO( query ); bsi->bsi_use_subtree_shortcut = 0; Debug( LDAP_DEBUG_TRACE, "==>backsql_srch_query()\n", 0, 0, 0 ); BER_BVZERO( &bsi->bsi_sel.bb_val ); BER_BVZERO( &bsi->bsi_sel.bb_val ); bsi->bsi_sel.bb_len = 0; BER_BVZERO( &bsi->bsi_from.bb_val ); bsi->bsi_from.bb_len = 0; BER_BVZERO( &bsi->bsi_join_where.bb_val ); bsi->bsi_join_where.bb_len = 0; BER_BVZERO( &bsi->bsi_flt_where.bb_val ); bsi->bsi_flt_where.bb_len = 0; backsql_strfcat_x( &bsi->bsi_sel, bsi->bsi_op->o_tmpmemctx, "lbcbc", (ber_len_t)STRLENOF( "SELECT DISTINCT ldap_entries.id," ), "SELECT DISTINCT ldap_entries.id,", &bsi->bsi_oc->bom_keytbl, '.', &bsi->bsi_oc->bom_keycol, ',' ); if ( !BER_BVISNULL( &bi->sql_strcast_func ) ) { backsql_strfcat_x( &bsi->bsi_sel, bsi->bsi_op->o_tmpmemctx, "blbl", &bi->sql_strcast_func, (ber_len_t)STRLENOF( "('" /* ') */ ), "('" /* ') */ , &bsi->bsi_oc->bom_oc->soc_cname, (ber_len_t)STRLENOF( /* (' */ "')" ), /* (' */ "')" ); } else { backsql_strfcat_x( &bsi->bsi_sel, bsi->bsi_op->o_tmpmemctx, "cbc", '\'', &bsi->bsi_oc->bom_oc->soc_cname, '\'' ); } backsql_strfcat_x( &bsi->bsi_sel, bsi->bsi_op->o_tmpmemctx, "b", &bi->sql_dn_oc_aliasing ); backsql_strfcat_x( &bsi->bsi_from, bsi->bsi_op->o_tmpmemctx, "lb", (ber_len_t)STRLENOF( " FROM ldap_entries," ), " FROM ldap_entries,", &bsi->bsi_oc->bom_keytbl ); backsql_strfcat_x( &bsi->bsi_join_where, bsi->bsi_op->o_tmpmemctx, "lbcbl", (ber_len_t)STRLENOF( " WHERE " ), " WHERE ", &bsi->bsi_oc->bom_keytbl, '.', &bsi->bsi_oc->bom_keycol, (ber_len_t)STRLENOF( "=ldap_entries.keyval AND ldap_entries.oc_map_id=? AND " ), "=ldap_entries.keyval AND ldap_entries.oc_map_id=? AND " ); switch ( bsi->bsi_scope ) { case LDAP_SCOPE_BASE: if ( BACKSQL_CANUPPERCASE( bi ) ) { backsql_strfcat_x( &bsi->bsi_join_where, bsi->bsi_op->o_tmpmemctx, "bl", &bi->sql_upper_func, (ber_len_t)STRLENOF( "(ldap_entries.dn)=?" ), "(ldap_entries.dn)=?" ); } else { backsql_strfcat_x( &bsi->bsi_join_where, bsi->bsi_op->o_tmpmemctx, "l", (ber_len_t)STRLENOF( "ldap_entries.dn=?" ), "ldap_entries.dn=?" ); } break; case BACKSQL_SCOPE_BASE_LIKE: if ( BACKSQL_CANUPPERCASE( bi ) ) { backsql_strfcat_x( &bsi->bsi_join_where, bsi->bsi_op->o_tmpmemctx, "bl", &bi->sql_upper_func, (ber_len_t)STRLENOF( "(ldap_entries.dn) LIKE ?" ), "(ldap_entries.dn) LIKE ?" ); } else { backsql_strfcat_x( &bsi->bsi_join_where, bsi->bsi_op->o_tmpmemctx, "l", (ber_len_t)STRLENOF( "ldap_entries.dn LIKE ?" ), "ldap_entries.dn LIKE ?" ); } break; case LDAP_SCOPE_ONELEVEL: backsql_strfcat_x( &bsi->bsi_join_where, bsi->bsi_op->o_tmpmemctx, "l", (ber_len_t)STRLENOF( "ldap_entries.parent=?" ), "ldap_entries.parent=?" ); break; case LDAP_SCOPE_SUBORDINATE: case LDAP_SCOPE_SUBTREE: if ( BACKSQL_USE_SUBTREE_SHORTCUT( bi ) ) { int i; BackendDB *bd = bsi->bsi_op->o_bd; assert( bd->be_nsuffix != NULL ); for ( i = 0; !BER_BVISNULL( &bd->be_nsuffix[ i ] ); i++ ) { if ( dn_match( &bd->be_nsuffix[ i ], bsi->bsi_base_ndn ) ) { /* pass this to the candidate selection * routine so that the DN is not bound * to the select statement */ bsi->bsi_use_subtree_shortcut = 1; break; } } } if ( bsi->bsi_use_subtree_shortcut ) { /* Skip the base DN filter, as every entry will match it */ backsql_strfcat_x( &bsi->bsi_join_where, bsi->bsi_op->o_tmpmemctx, "l", (ber_len_t)STRLENOF( "9=9"), "9=9"); } else if ( !BER_BVISNULL( &bi->sql_subtree_cond ) ) { /* This should always be true... */ backsql_strfcat_x( &bsi->bsi_join_where, bsi->bsi_op->o_tmpmemctx, "b", &bi->sql_subtree_cond ); } else if ( BACKSQL_CANUPPERCASE( bi ) ) { backsql_strfcat_x( &bsi->bsi_join_where, bsi->bsi_op->o_tmpmemctx, "bl", &bi->sql_upper_func, (ber_len_t)STRLENOF( "(ldap_entries.dn) LIKE ?" ), "(ldap_entries.dn) LIKE ?" ); } else { backsql_strfcat_x( &bsi->bsi_join_where, bsi->bsi_op->o_tmpmemctx, "l", (ber_len_t)STRLENOF( "ldap_entries.dn LIKE ?" ), "ldap_entries.dn LIKE ?" ); } break; default: assert( 0 ); } /* If paged results are in effect, ignore low ldap_entries.id numbers */ if ( get_pagedresults(bsi->bsi_op) > SLAP_CONTROL_IGNORED ) { unsigned long lowid = 0; /* Pick up the previous ldap_entries.id if the previous page ended in this objectClass */ if ( bsi->bsi_oc->bom_id == PAGECOOKIE_TO_SQL_OC( ((PagedResultsState *)bsi->bsi_op->o_pagedresults_state)->ps_cookie ) ) { lowid = PAGECOOKIE_TO_SQL_ID( ((PagedResultsState *)bsi->bsi_op->o_pagedresults_state)->ps_cookie ); } if ( lowid ) { char lowidstring[48]; int lowidlen; lowidlen = snprintf( lowidstring, sizeof( lowidstring ), " AND ldap_entries.id>%lu", lowid ); backsql_strfcat_x( &bsi->bsi_join_where, bsi->bsi_op->o_tmpmemctx, "l", (ber_len_t)lowidlen, lowidstring ); } } rc = backsql_process_filter( bsi, bsi->bsi_filter ); if ( rc > 0 ) { struct berbuf bb = BB_NULL; backsql_strfcat_x( &bb, bsi->bsi_op->o_tmpmemctx, "bbblb", &bsi->bsi_sel.bb_val, &bsi->bsi_from.bb_val, &bsi->bsi_join_where.bb_val, (ber_len_t)STRLENOF( " AND " ), " AND ", &bsi->bsi_flt_where.bb_val ); *query = bb.bb_val; } else if ( rc < 0 ) { /* * Indicates that there's no possible way the filter matches * anything. No need to issue the query */ free( query->bv_val ); BER_BVZERO( query ); } bsi->bsi_op->o_tmpfree( bsi->bsi_sel.bb_val.bv_val, bsi->bsi_op->o_tmpmemctx ); BER_BVZERO( &bsi->bsi_sel.bb_val ); bsi->bsi_sel.bb_len = 0; bsi->bsi_op->o_tmpfree( bsi->bsi_from.bb_val.bv_val, bsi->bsi_op->o_tmpmemctx ); BER_BVZERO( &bsi->bsi_from.bb_val ); bsi->bsi_from.bb_len = 0; bsi->bsi_op->o_tmpfree( bsi->bsi_join_where.bb_val.bv_val, bsi->bsi_op->o_tmpmemctx ); BER_BVZERO( &bsi->bsi_join_where.bb_val ); bsi->bsi_join_where.bb_len = 0; bsi->bsi_op->o_tmpfree( bsi->bsi_flt_where.bb_val.bv_val, bsi->bsi_op->o_tmpmemctx ); BER_BVZERO( &bsi->bsi_flt_where.bb_val ); bsi->bsi_flt_where.bb_len = 0; Debug( LDAP_DEBUG_TRACE, "<==backsql_srch_query() returns %s\n", query->bv_val ? query->bv_val : "NULL", 0, 0 ); return ( rc <= 0 ? 1 : 0 ); } static int backsql_oc_get_candidates( void *v_oc, void *v_bsi ) { backsql_oc_map_rec *oc = v_oc; backsql_srch_info *bsi = v_bsi; Operation *op = bsi->bsi_op; backsql_info *bi = (backsql_info *)bsi->bsi_op->o_bd->be_private; struct berval query; SQLHSTMT sth = SQL_NULL_HSTMT; RETCODE rc; int res; BACKSQL_ROW_NTS row; int i; int j; int n_candidates = bsi->bsi_n_candidates; /* * + 1 because we need room for '%'; * + 1 because we need room for ',' for LDAP_SCOPE_SUBORDINATE; * this makes a subtree * search for a DN BACKSQL_MAX_DN_LEN long legal * if it returns that DN only */ char tmp_base_ndn[ BACKSQL_MAX_DN_LEN + 1 + 1 ]; bsi->bsi_status = LDAP_SUCCESS; Debug( LDAP_DEBUG_TRACE, "==>backsql_oc_get_candidates(): oc=\"%s\"\n", BACKSQL_OC_NAME( oc ), 0, 0 ); /* check for abandon */ if ( op->o_abandon ) { bsi->bsi_status = SLAPD_ABANDON; return BACKSQL_AVL_STOP; } /* If paged results have already completed this objectClass, skip it */ if ( get_pagedresults(op) > SLAP_CONTROL_IGNORED ) { if ( oc->bom_id < PAGECOOKIE_TO_SQL_OC( ((PagedResultsState *)op->o_pagedresults_state)->ps_cookie ) ) { return BACKSQL_AVL_CONTINUE; } } if ( bsi->bsi_n_candidates == -1 ) { Debug( LDAP_DEBUG_TRACE, "backsql_oc_get_candidates(): " "unchecked limit has been overcome\n", 0, 0, 0 ); /* should never get here */ assert( 0 ); bsi->bsi_status = LDAP_ADMINLIMIT_EXCEEDED; return BACKSQL_AVL_STOP; } bsi->bsi_oc = oc; res = backsql_srch_query( bsi, &query ); if ( res ) { Debug( LDAP_DEBUG_TRACE, "backsql_oc_get_candidates(): " "error while constructing query for objectclass \"%s\"\n", oc->bom_oc->soc_cname.bv_val, 0, 0 ); /* * FIXME: need to separate errors from legally * impossible filters */ switch ( bsi->bsi_status ) { case LDAP_SUCCESS: case LDAP_UNDEFINED_TYPE: case LDAP_NO_SUCH_OBJECT: /* we are conservative... */ default: bsi->bsi_status = LDAP_SUCCESS; /* try next */ return BACKSQL_AVL_CONTINUE; case LDAP_ADMINLIMIT_EXCEEDED: case LDAP_OTHER: /* don't try any more */ return BACKSQL_AVL_STOP; } } if ( BER_BVISNULL( &query ) ) { Debug( LDAP_DEBUG_TRACE, "backsql_oc_get_candidates(): " "could not construct query for objectclass \"%s\"\n", oc->bom_oc->soc_cname.bv_val, 0, 0 ); bsi->bsi_status = LDAP_SUCCESS; return BACKSQL_AVL_CONTINUE; } Debug( LDAP_DEBUG_TRACE, "Constructed query: %s\n", query.bv_val, 0, 0 ); rc = backsql_Prepare( bsi->bsi_dbh, &sth, query.bv_val, 0 ); bsi->bsi_op->o_tmpfree( query.bv_val, bsi->bsi_op->o_tmpmemctx ); BER_BVZERO( &query ); if ( rc != SQL_SUCCESS ) { Debug( LDAP_DEBUG_TRACE, "backsql_oc_get_candidates(): " "error preparing query\n", 0, 0, 0 ); backsql_PrintErrors( bi->sql_db_env, bsi->bsi_dbh, sth, rc ); bsi->bsi_status = LDAP_OTHER; return BACKSQL_AVL_CONTINUE; } Debug( LDAP_DEBUG_TRACE, "id: '%ld'\n", bsi->bsi_oc->bom_id, 0, 0 ); rc = backsql_BindParamInt( sth, 1, SQL_PARAM_INPUT, &bsi->bsi_oc->bom_id ); if ( rc != SQL_SUCCESS ) { Debug( LDAP_DEBUG_TRACE, "backsql_oc_get_candidates(): " "error binding objectclass id parameter\n", 0, 0, 0 ); bsi->bsi_status = LDAP_OTHER; return BACKSQL_AVL_CONTINUE; } switch ( bsi->bsi_scope ) { case LDAP_SCOPE_BASE: case BACKSQL_SCOPE_BASE_LIKE: /* * We do not accept DNs longer than BACKSQL_MAX_DN_LEN; * however this should be handled earlier */ if ( bsi->bsi_base_ndn->bv_len > BACKSQL_MAX_DN_LEN ) { bsi->bsi_status = LDAP_OTHER; return BACKSQL_AVL_CONTINUE; } AC_MEMCPY( tmp_base_ndn, bsi->bsi_base_ndn->bv_val, bsi->bsi_base_ndn->bv_len + 1 ); /* uppercase DN only if the stored DN can be uppercased * for comparison */ if ( BACKSQL_CANUPPERCASE( bi ) ) { ldap_pvt_str2upper( tmp_base_ndn ); } Debug( LDAP_DEBUG_TRACE, "(base)dn: \"%s\"\n", tmp_base_ndn, 0, 0 ); rc = backsql_BindParamStr( sth, 2, SQL_PARAM_INPUT, tmp_base_ndn, BACKSQL_MAX_DN_LEN ); if ( rc != SQL_SUCCESS ) { Debug( LDAP_DEBUG_TRACE, "backsql_oc_get_candidates(): " "error binding base_ndn parameter\n", 0, 0, 0 ); backsql_PrintErrors( bi->sql_db_env, bsi->bsi_dbh, sth, rc ); bsi->bsi_status = LDAP_OTHER; return BACKSQL_AVL_CONTINUE; } break; case LDAP_SCOPE_SUBORDINATE: case LDAP_SCOPE_SUBTREE: { /* if short-cutting the search base, * don't bind any parameter */ if ( bsi->bsi_use_subtree_shortcut ) { break; } /* * We do not accept DNs longer than BACKSQL_MAX_DN_LEN; * however this should be handled earlier */ if ( bsi->bsi_base_ndn->bv_len > BACKSQL_MAX_DN_LEN ) { bsi->bsi_status = LDAP_OTHER; return BACKSQL_AVL_CONTINUE; } /* * Sets the parameters for the SQL built earlier * NOTE that all the databases could actually use * the TimesTen version, which would be cleaner * and would also eliminate the need for the * subtree_cond line in the configuration file. * For now, I'm leaving it the way it is, * so non-TimesTen databases use the original code. * But at some point this should get cleaned up. * * If "dn" is being used, do a suffix search. * If "dn_ru" is being used, do a prefix search. */ if ( BACKSQL_HAS_LDAPINFO_DN_RU( bi ) ) { tmp_base_ndn[ 0 ] = '\0'; for ( i = 0, j = bsi->bsi_base_ndn->bv_len - 1; j >= 0; i++, j--) { tmp_base_ndn[ i ] = bsi->bsi_base_ndn->bv_val[ j ]; } if ( bsi->bsi_scope == LDAP_SCOPE_SUBORDINATE ) { tmp_base_ndn[ i++ ] = ','; } tmp_base_ndn[ i ] = '%'; tmp_base_ndn[ i + 1 ] = '\0'; } else { i = 0; tmp_base_ndn[ i++ ] = '%'; if ( bsi->bsi_scope == LDAP_SCOPE_SUBORDINATE ) { tmp_base_ndn[ i++ ] = ','; } AC_MEMCPY( &tmp_base_ndn[ i ], bsi->bsi_base_ndn->bv_val, bsi->bsi_base_ndn->bv_len + 1 ); } /* uppercase DN only if the stored DN can be uppercased * for comparison */ if ( BACKSQL_CANUPPERCASE( bi ) ) { ldap_pvt_str2upper( tmp_base_ndn ); } if ( bsi->bsi_scope == LDAP_SCOPE_SUBORDINATE ) { Debug( LDAP_DEBUG_TRACE, "(children)dn: \"%s\"\n", tmp_base_ndn, 0, 0 ); } else { Debug( LDAP_DEBUG_TRACE, "(sub)dn: \"%s\"\n", tmp_base_ndn, 0, 0 ); } rc = backsql_BindParamStr( sth, 2, SQL_PARAM_INPUT, tmp_base_ndn, BACKSQL_MAX_DN_LEN ); if ( rc != SQL_SUCCESS ) { Debug( LDAP_DEBUG_TRACE, "backsql_oc_get_candidates(): " "error binding base_ndn parameter (2)\n", 0, 0, 0 ); backsql_PrintErrors( bi->sql_db_env, bsi->bsi_dbh, sth, rc ); bsi->bsi_status = LDAP_OTHER; return BACKSQL_AVL_CONTINUE; } break; } case LDAP_SCOPE_ONELEVEL: assert( !BER_BVISNULL( &bsi->bsi_base_id.eid_ndn ) ); #ifdef BACKSQL_ARBITRARY_KEY Debug( LDAP_DEBUG_TRACE, "(one)id: \"%s\"\n", bsi->bsi_base_id.eid_id.bv_val, 0, 0 ); #else /* ! BACKSQL_ARBITRARY_KEY */ Debug( LDAP_DEBUG_TRACE, "(one)id: '%lu'\n", bsi->bsi_base_id.eid_id, 0, 0 ); #endif /* ! BACKSQL_ARBITRARY_KEY */ rc = backsql_BindParamID( sth, 2, SQL_PARAM_INPUT, &bsi->bsi_base_id.eid_id ); if ( rc != SQL_SUCCESS ) { Debug( LDAP_DEBUG_TRACE, "backsql_oc_get_candidates(): " "error binding base id parameter\n", 0, 0, 0 ); bsi->bsi_status = LDAP_OTHER; return BACKSQL_AVL_CONTINUE; } break; } rc = SQLExecute( sth ); if ( !BACKSQL_SUCCESS( rc ) ) { Debug( LDAP_DEBUG_TRACE, "backsql_oc_get_candidates(): " "error executing query\n", 0, 0, 0 ); backsql_PrintErrors( bi->sql_db_env, bsi->bsi_dbh, sth, rc ); SQLFreeStmt( sth, SQL_DROP ); bsi->bsi_status = LDAP_OTHER; return BACKSQL_AVL_CONTINUE; } backsql_BindRowAsStrings_x( sth, &row, bsi->bsi_op->o_tmpmemctx ); rc = SQLFetch( sth ); for ( ; BACKSQL_SUCCESS( rc ); rc = SQLFetch( sth ) ) { struct berval dn, pdn, ndn; backsql_entryID *c_id = NULL; int ret; ber_str2bv( row.cols[ 3 ], 0, 0, &dn ); if ( backsql_api_odbc2dn( bsi->bsi_op, bsi->bsi_rs, &dn ) ) { continue; } ret = dnPrettyNormal( NULL, &dn, &pdn, &ndn, op->o_tmpmemctx ); if ( dn.bv_val != row.cols[ 3 ] ) { free( dn.bv_val ); } if ( ret != LDAP_SUCCESS ) { continue; } if ( bi->sql_baseObject && dn_match( &ndn, &bi->sql_baseObject->e_nname ) ) { goto cleanup; } c_id = (backsql_entryID *)op->o_tmpcalloc( 1, sizeof( backsql_entryID ), op->o_tmpmemctx ); #ifdef BACKSQL_ARBITRARY_KEY ber_str2bv_x( row.cols[ 0 ], 0, 1, &c_id->eid_id, op->o_tmpmemctx ); ber_str2bv_x( row.cols[ 1 ], 0, 1, &c_id->eid_keyval, op->o_tmpmemctx ); #else /* ! BACKSQL_ARBITRARY_KEY */ if ( lutil_atoulx( &c_id->eid_id, row.cols[ 0 ], 0 ) != 0 ) { goto cleanup; } if ( lutil_atoulx( &c_id->eid_keyval, row.cols[ 1 ], 0 ) != 0 ) { goto cleanup; } #endif /* ! BACKSQL_ARBITRARY_KEY */ c_id->eid_oc = bsi->bsi_oc; c_id->eid_oc_id = bsi->bsi_oc->bom_id; c_id->eid_dn = pdn; c_id->eid_ndn = ndn; /* append at end of list ... */ c_id->eid_next = NULL; *bsi->bsi_id_listtail = c_id; bsi->bsi_id_listtail = &c_id->eid_next; #ifdef BACKSQL_ARBITRARY_KEY Debug( LDAP_DEBUG_TRACE, "backsql_oc_get_candidates(): " "added entry id=%s, keyval=%s dn=\"%s\"\n", c_id->eid_id.bv_val, c_id->eid_keyval.bv_val, row.cols[ 3 ] ); #else /* ! BACKSQL_ARBITRARY_KEY */ Debug( LDAP_DEBUG_TRACE, "backsql_oc_get_candidates(): " "added entry id=%ld, keyval=%ld dn=\"%s\"\n", c_id->eid_id, c_id->eid_keyval, row.cols[ 3 ] ); #endif /* ! BACKSQL_ARBITRARY_KEY */ /* count candidates, for unchecked limit */ bsi->bsi_n_candidates--; if ( bsi->bsi_n_candidates == -1 ) { break; } continue; cleanup:; if ( !BER_BVISNULL( &pdn ) ) { op->o_tmpfree( pdn.bv_val, op->o_tmpmemctx ); } if ( !BER_BVISNULL( &ndn ) ) { op->o_tmpfree( ndn.bv_val, op->o_tmpmemctx ); } if ( c_id != NULL ) { ch_free( c_id ); } } backsql_FreeRow_x( &row, bsi->bsi_op->o_tmpmemctx ); SQLFreeStmt( sth, SQL_DROP ); Debug( LDAP_DEBUG_TRACE, "<==backsql_oc_get_candidates(): %d\n", n_candidates - bsi->bsi_n_candidates, 0, 0 ); return ( bsi->bsi_n_candidates == -1 ? BACKSQL_AVL_STOP : BACKSQL_AVL_CONTINUE ); } int backsql_search( Operation *op, SlapReply *rs ) { backsql_info *bi = (backsql_info *)op->o_bd->be_private; SQLHDBC dbh = SQL_NULL_HDBC; int sres; Entry user_entry = { 0 }, base_entry = { 0 }; int manageDSAit = get_manageDSAit( op ); time_t stoptime = 0; backsql_srch_info bsi = { 0 }; backsql_entryID *eid = NULL; struct berval nbase = BER_BVNULL; unsigned long lastid = 0; Debug( LDAP_DEBUG_TRACE, "==>backsql_search(): " "base=\"%s\", filter=\"%s\", scope=%d,", op->o_req_ndn.bv_val, op->ors_filterstr.bv_val, op->ors_scope ); Debug( LDAP_DEBUG_TRACE, " deref=%d, attrsonly=%d, " "attributes to load: %s\n", op->ors_deref, op->ors_attrsonly, op->ors_attrs == NULL ? "all" : "custom list" ); if ( op->o_req_ndn.bv_len > BACKSQL_MAX_DN_LEN ) { Debug( LDAP_DEBUG_TRACE, "backsql_search(): " "search base length (%ld) exceeds max length (%d)\n", op->o_req_ndn.bv_len, BACKSQL_MAX_DN_LEN, 0 ); /* * FIXME: a LDAP_NO_SUCH_OBJECT could be appropriate * since it is impossible that such a long DN exists * in the backend */ rs->sr_err = LDAP_ADMINLIMIT_EXCEEDED; send_ldap_result( op, rs ); return 1; } sres = backsql_get_db_conn( op, &dbh ); if ( sres != LDAP_SUCCESS ) { Debug( LDAP_DEBUG_TRACE, "backsql_search(): " "could not get connection handle - exiting\n", 0, 0, 0 ); rs->sr_err = sres; rs->sr_text = sres == LDAP_OTHER ? "SQL-backend error" : NULL; send_ldap_result( op, rs ); return 1; } /* compute it anyway; root does not use it */ stoptime = op->o_time + op->ors_tlimit; /* init search */ bsi.bsi_e = &base_entry; rs->sr_err = backsql_init_search( &bsi, &op->o_req_ndn, op->ors_scope, stoptime, op->ors_filter, dbh, op, rs, op->ors_attrs, ( BACKSQL_ISF_MATCHED | BACKSQL_ISF_GET_ENTRY ) ); switch ( rs->sr_err ) { case LDAP_SUCCESS: break; case LDAP_REFERRAL: if ( manageDSAit && !BER_BVISNULL( &bsi.bsi_e->e_nname ) && dn_match( &op->o_req_ndn, &bsi.bsi_e->e_nname ) ) { rs->sr_err = LDAP_SUCCESS; rs->sr_text = NULL; rs->sr_matched = NULL; if ( rs->sr_ref ) { ber_bvarray_free( rs->sr_ref ); rs->sr_ref = NULL; } break; } /* an entry was created; free it */ entry_clean( bsi.bsi_e ); /* fall thru */ default: if ( !BER_BVISNULL( &base_entry.e_nname ) && !access_allowed( op, &base_entry, slap_schema.si_ad_entry, NULL, ACL_DISCLOSE, NULL ) ) { rs->sr_err = LDAP_NO_SUCH_OBJECT; if ( rs->sr_ref ) { ber_bvarray_free( rs->sr_ref ); rs->sr_ref = NULL; } rs->sr_matched = NULL; rs->sr_text = NULL; } send_ldap_result( op, rs ); if ( rs->sr_ref ) { ber_bvarray_free( rs->sr_ref ); rs->sr_ref = NULL; } if ( !BER_BVISNULL( &base_entry.e_nname ) ) { entry_clean( &base_entry ); } goto done; } /* NOTE: __NEW__ "search" access is required * on searchBase object */ { slap_mask_t mask; if ( get_assert( op ) && ( test_filter( op, &base_entry, get_assertion( op ) ) != LDAP_COMPARE_TRUE ) ) { rs->sr_err = LDAP_ASSERTION_FAILED; } if ( ! access_allowed_mask( op, &base_entry, slap_schema.si_ad_entry, NULL, ACL_SEARCH, NULL, &mask ) ) { if ( rs->sr_err == LDAP_SUCCESS ) { rs->sr_err = LDAP_INSUFFICIENT_ACCESS; } } if ( rs->sr_err != LDAP_SUCCESS ) { if ( !ACL_GRANT( mask, ACL_DISCLOSE ) ) { rs->sr_err = LDAP_NO_SUCH_OBJECT; rs->sr_text = NULL; } send_ldap_result( op, rs ); goto done; } } bsi.bsi_e = NULL; bsi.bsi_n_candidates = ( op->ors_limit == NULL /* isroot == TRUE */ ? -2 : ( op->ors_limit->lms_s_unchecked == -1 ? -2 : ( op->ors_limit->lms_s_unchecked ) ) ); /* If paged results are in effect, check the paging cookie */ if ( get_pagedresults( op ) > SLAP_CONTROL_IGNORED ) { rs->sr_err = parse_paged_cookie( op, rs ); if ( rs->sr_err != LDAP_SUCCESS ) { send_ldap_result( op, rs ); goto done; } } switch ( bsi.bsi_scope ) { case LDAP_SCOPE_BASE: case BACKSQL_SCOPE_BASE_LIKE: /* * probably already found... */ bsi.bsi_id_list = &bsi.bsi_base_id; bsi.bsi_id_listtail = &bsi.bsi_base_id.eid_next; break; case LDAP_SCOPE_SUBTREE: /* * if baseObject is defined, and if it is the root * of the search, add it to the candidate list */ if ( bi->sql_baseObject && BACKSQL_IS_BASEOBJECT_ID( &bsi.bsi_base_id.eid_id ) ) { bsi.bsi_id_list = &bsi.bsi_base_id; bsi.bsi_id_listtail = &bsi.bsi_base_id.eid_next; } /* FALLTHRU */ default: /* * for each objectclass we try to construct query which gets IDs * of entries matching LDAP query filter and scope (or at least * candidates), and get the IDs. Do this in ID order for paging. */ avl_apply( bi->sql_oc_by_id, backsql_oc_get_candidates, &bsi, BACKSQL_AVL_STOP, AVL_INORDER ); /* check for abandon */ if ( op->o_abandon ) { eid = bsi.bsi_id_list; rs->sr_err = SLAPD_ABANDON; goto send_results; } } if ( op->ors_limit != NULL /* isroot == FALSE */ && op->ors_limit->lms_s_unchecked != -1 && bsi.bsi_n_candidates == -1 ) { rs->sr_err = LDAP_ADMINLIMIT_EXCEEDED; send_ldap_result( op, rs ); goto done; } /* * now we load candidate entries (only those attributes * mentioned in attrs and filter), test it against full filter * and then send to client; don't free entry_id if baseObject... */ for ( eid = bsi.bsi_id_list; eid != NULL; eid = backsql_free_entryID( eid, eid == &bsi.bsi_base_id ? 0 : 1, op->o_tmpmemctx ) ) { int rc; Attribute *a_hasSubordinate = NULL, *a_entryUUID = NULL, *a_entryCSN = NULL, **ap = NULL; Entry *e = NULL; /* check for abandon */ if ( op->o_abandon ) { rs->sr_err = SLAPD_ABANDON; goto send_results; } /* check time limit */ if ( op->ors_tlimit != SLAP_NO_LIMIT && slap_get_time() > stoptime ) { rs->sr_err = LDAP_TIMELIMIT_EXCEEDED; rs->sr_ctrls = NULL; rs->sr_ref = rs->sr_v2ref; goto send_results; } #ifdef BACKSQL_ARBITRARY_KEY Debug(LDAP_DEBUG_TRACE, "backsql_search(): loading data " "for entry id=%s, oc_id=%ld, keyval=%s\n", eid->eid_id.bv_val, eid->eid_oc_id, eid->eid_keyval.bv_val ); #else /* ! BACKSQL_ARBITRARY_KEY */ Debug(LDAP_DEBUG_TRACE, "backsql_search(): loading data " "for entry id=%ld, oc_id=%ld, keyval=%ld\n", eid->eid_id, eid->eid_oc_id, eid->eid_keyval ); #endif /* ! BACKSQL_ARBITRARY_KEY */ /* check scope */ switch ( op->ors_scope ) { case LDAP_SCOPE_BASE: case BACKSQL_SCOPE_BASE_LIKE: if ( !dn_match( &eid->eid_ndn, &op->o_req_ndn ) ) { goto next_entry2; } break; case LDAP_SCOPE_ONE: { struct berval rdn = eid->eid_ndn; rdn.bv_len -= op->o_req_ndn.bv_len + STRLENOF( "," ); if ( !dnIsOneLevelRDN( &rdn ) ) { goto next_entry2; } /* fall thru */ } case LDAP_SCOPE_SUBORDINATE: /* discard the baseObject entry */ if ( dn_match( &eid->eid_ndn, &op->o_req_ndn ) ) { goto next_entry2; } /* FALLTHRU */ case LDAP_SCOPE_SUBTREE: /* FIXME: this should never fail... */ if ( !dnIsSuffix( &eid->eid_ndn, &op->o_req_ndn ) ) { goto next_entry2; } break; } if ( BACKSQL_IS_BASEOBJECT_ID( &eid->eid_id ) ) { /* don't recollect baseObject... */ e = bi->sql_baseObject; } else if ( eid == &bsi.bsi_base_id ) { /* don't recollect searchBase object... */ e = &base_entry; } else { bsi.bsi_e = &user_entry; rc = backsql_id2entry( &bsi, eid ); if ( rc != LDAP_SUCCESS ) { Debug( LDAP_DEBUG_TRACE, "backsql_search(): " "error %d in backsql_id2entry() " "- skipping\n", rc, 0, 0 ); continue; } e = &user_entry; } if ( !manageDSAit && op->ors_scope != LDAP_SCOPE_BASE && op->ors_scope != BACKSQL_SCOPE_BASE_LIKE && is_entry_referral( e ) ) { BerVarray refs; refs = get_entry_referrals( op, e ); if ( !refs ) { backsql_srch_info bsi2 = { 0 }; Entry user_entry2 = { 0 }; /* retry with the full entry... */ bsi2.bsi_e = &user_entry2; rc = backsql_init_search( &bsi2, &e->e_nname, LDAP_SCOPE_BASE, (time_t)(-1), NULL, dbh, op, rs, NULL, BACKSQL_ISF_GET_ENTRY ); if ( rc == LDAP_SUCCESS ) { if ( is_entry_referral( &user_entry2 ) ) { refs = get_entry_referrals( op, &user_entry2 ); } else { rs->sr_err = LDAP_OTHER; } backsql_entry_clean( op, &user_entry2 ); } if ( bsi2.bsi_attrs != NULL ) { op->o_tmpfree( bsi2.bsi_attrs, op->o_tmpmemctx ); } } if ( refs ) { rs->sr_ref = referral_rewrite( refs, &e->e_name, &op->o_req_dn, op->ors_scope ); ber_bvarray_free( refs ); } if ( rs->sr_ref ) { rs->sr_err = LDAP_REFERRAL; } else { rs->sr_text = "bad referral object"; } rs->sr_entry = e; rs->sr_matched = user_entry.e_name.bv_val; send_search_reference( op, rs ); ber_bvarray_free( rs->sr_ref ); rs->sr_ref = NULL; rs->sr_matched = NULL; rs->sr_entry = NULL; if ( rs->sr_err == LDAP_REFERRAL ) { rs->sr_err = LDAP_SUCCESS; } goto next_entry; } /* * We use this flag since we need to parse the filter * anyway; we should have used the frontend API function * filter_has_subordinates() */ if ( bsi.bsi_flags & BSQL_SF_FILTER_HASSUBORDINATE ) { rc = backsql_has_children( op, dbh, &e->e_nname ); switch ( rc ) { case LDAP_COMPARE_TRUE: case LDAP_COMPARE_FALSE: a_hasSubordinate = slap_operational_hasSubordinate( rc == LDAP_COMPARE_TRUE ); if ( a_hasSubordinate != NULL ) { for ( ap = &user_entry.e_attrs; *ap; ap = &(*ap)->a_next ); *ap = a_hasSubordinate; } rc = 0; break; default: Debug(LDAP_DEBUG_TRACE, "backsql_search(): " "has_children failed( %d)\n", rc, 0, 0 ); rc = 1; goto next_entry; } } if ( bsi.bsi_flags & BSQL_SF_FILTER_ENTRYUUID ) { a_entryUUID = backsql_operational_entryUUID( bi, eid ); if ( a_entryUUID != NULL ) { if ( ap == NULL ) { ap = &user_entry.e_attrs; } for ( ; *ap; ap = &(*ap)->a_next ); *ap = a_entryUUID; } } #ifdef BACKSQL_SYNCPROV if ( bsi.bsi_flags & BSQL_SF_FILTER_ENTRYCSN ) { a_entryCSN = backsql_operational_entryCSN( op ); if ( a_entryCSN != NULL ) { if ( ap == NULL ) { ap = &user_entry.e_attrs; } for ( ; *ap; ap = &(*ap)->a_next ); *ap = a_entryCSN; } } #endif /* BACKSQL_SYNCPROV */ if ( test_filter( op, e, op->ors_filter ) == LDAP_COMPARE_TRUE ) { /* If paged results are in effect, see if the page limit was exceeded */ if ( get_pagedresults(op) > SLAP_CONTROL_IGNORED ) { if ( rs->sr_nentries >= ((PagedResultsState *)op->o_pagedresults_state)->ps_size ) { e = NULL; send_paged_response( op, rs, &lastid ); goto done; } lastid = SQL_TO_PAGECOOKIE( eid->eid_id, eid->eid_oc_id ); } rs->sr_attrs = op->ors_attrs; rs->sr_operational_attrs = NULL; rs->sr_entry = e; e->e_private = (void *)eid; rs->sr_flags = ( e == &user_entry ) ? REP_ENTRY_MODIFIABLE : 0; /* FIXME: need the whole entry (ITS#3480) */ rs->sr_err = send_search_entry( op, rs ); e->e_private = NULL; rs->sr_entry = NULL; rs->sr_attrs = NULL; rs->sr_operational_attrs = NULL; switch ( rs->sr_err ) { case LDAP_UNAVAILABLE: /* * FIXME: send_search_entry failed; * better stop */ Debug( LDAP_DEBUG_TRACE, "backsql_search(): " "connection lost\n", 0, 0, 0 ); goto end_of_search; case LDAP_SIZELIMIT_EXCEEDED: goto send_results; } } next_entry:; if ( e == &user_entry ) { backsql_entry_clean( op, &user_entry ); } next_entry2:; } end_of_search:; if ( rs->sr_nentries > 0 ) { rs->sr_ref = rs->sr_v2ref; rs->sr_err = (rs->sr_v2ref == NULL) ? LDAP_SUCCESS : LDAP_REFERRAL; } else { rs->sr_err = bsi.bsi_status; } send_results:; if ( rs->sr_err != SLAPD_ABANDON ) { if ( get_pagedresults(op) > SLAP_CONTROL_IGNORED ) { send_paged_response( op, rs, NULL ); } else { send_ldap_result( op, rs ); } } /* cleanup in case of abandon */ for ( ; eid != NULL; eid = backsql_free_entryID( eid, eid == &bsi.bsi_base_id ? 0 : 1, op->o_tmpmemctx ) ) ; backsql_entry_clean( op, &base_entry ); /* in case we got here accidentally */ backsql_entry_clean( op, &user_entry ); if ( rs->sr_v2ref ) { ber_bvarray_free( rs->sr_v2ref ); rs->sr_v2ref = NULL; } #ifdef BACKSQL_SYNCPROV if ( op->o_sync ) { Operation op2 = *op; SlapReply rs2 = { 0 }; Entry *e = entry_alloc(); slap_callback cb = { 0 }; op2.o_tag = LDAP_REQ_ADD; op2.o_bd = select_backend( &op->o_bd->be_nsuffix[0], 0 ); op2.ora_e = e; op2.o_callback = &cb; ber_dupbv( &e->e_name, op->o_bd->be_suffix ); ber_dupbv( &e->e_nname, op->o_bd->be_nsuffix ); cb.sc_response = slap_null_cb; op2.o_bd->be_add( &op2, &rs2 ); if ( op2.ora_e == e ) entry_free( e ); } #endif /* BACKSQL_SYNCPROV */ done:; (void)backsql_free_entryID( &bsi.bsi_base_id, 0, op->o_tmpmemctx ); if ( bsi.bsi_attrs != NULL ) { op->o_tmpfree( bsi.bsi_attrs, op->o_tmpmemctx ); } if ( !BER_BVISNULL( &nbase ) && nbase.bv_val != op->o_req_ndn.bv_val ) { ch_free( nbase.bv_val ); } /* restore scope ... FIXME: this should be done before ANY * frontend call that uses op */ if ( op->ors_scope == BACKSQL_SCOPE_BASE_LIKE ) { op->ors_scope = LDAP_SCOPE_BASE; } Debug( LDAP_DEBUG_TRACE, "<==backsql_search()\n", 0, 0, 0 ); return rs->sr_err; } /* return LDAP_SUCCESS IFF we can retrieve the specified entry. */ int backsql_entry_get( Operation *op, struct berval *ndn, ObjectClass *oc, AttributeDescription *at, int rw, Entry **ent ) { backsql_srch_info bsi = { 0 }; SQLHDBC dbh = SQL_NULL_HDBC; int rc; SlapReply rs = { 0 }; AttributeName anlist[ 2 ]; *ent = NULL; rc = backsql_get_db_conn( op, &dbh ); if ( rc != LDAP_SUCCESS ) { return rc; } if ( at ) { anlist[ 0 ].an_name = at->ad_cname; anlist[ 0 ].an_desc = at; BER_BVZERO( &anlist[ 1 ].an_name ); } bsi.bsi_e = entry_alloc(); rc = backsql_init_search( &bsi, ndn, LDAP_SCOPE_BASE, (time_t)(-1), NULL, dbh, op, &rs, at ? anlist : NULL, BACKSQL_ISF_GET_ENTRY ); if ( !BER_BVISNULL( &bsi.bsi_base_id.eid_ndn ) ) { (void)backsql_free_entryID( &bsi.bsi_base_id, 0, op->o_tmpmemctx ); } if ( rc == LDAP_SUCCESS ) { #if 0 /* not supported at present */ /* find attribute values */ if ( is_entry_alias( bsi.bsi_e ) ) { Debug( LDAP_DEBUG_ACL, "<= backsql_entry_get: entry is an alias\n", 0, 0, 0 ); rc = LDAP_ALIAS_PROBLEM; goto return_results; } #endif if ( is_entry_referral( bsi.bsi_e ) ) { Debug( LDAP_DEBUG_ACL, "<= backsql_entry_get: entry is a referral\n", 0, 0, 0 ); rc = LDAP_REFERRAL; goto return_results; } if ( oc && !is_entry_objectclass( bsi.bsi_e, oc, 0 ) ) { Debug( LDAP_DEBUG_ACL, "<= backsql_entry_get: " "failed to find objectClass\n", 0, 0, 0 ); rc = LDAP_NO_SUCH_ATTRIBUTE; goto return_results; } *ent = bsi.bsi_e; } return_results:; if ( bsi.bsi_attrs != NULL ) { op->o_tmpfree( bsi.bsi_attrs, op->o_tmpmemctx ); } if ( rc != LDAP_SUCCESS ) { if ( bsi.bsi_e ) { entry_free( bsi.bsi_e ); } } return rc; } void backsql_entry_clean( Operation *op, Entry *e ) { void *ctx; ctx = ldap_pvt_thread_pool_context(); if ( ctx == NULL || ctx != op->o_tmpmemctx ) { if ( !BER_BVISNULL( &e->e_name ) ) { op->o_tmpfree( e->e_name.bv_val, op->o_tmpmemctx ); BER_BVZERO( &e->e_name ); } if ( !BER_BVISNULL( &e->e_nname ) ) { op->o_tmpfree( e->e_nname.bv_val, op->o_tmpmemctx ); BER_BVZERO( &e->e_nname ); } } entry_clean( e ); } int backsql_entry_release( Operation *op, Entry *e, int rw ) { backsql_entry_clean( op, e ); entry_free( e ); return 0; } /* This function is copied verbatim from back-bdb/search.c */ static int parse_paged_cookie( Operation *op, SlapReply *rs ) { LDAPControl **c; int rc = LDAP_SUCCESS; ber_tag_t tag; ber_int_t size; BerElement *ber; struct berval cookie = BER_BVNULL; PagedResultsState *ps = op->o_pagedresults_state; /* this function must be invoked only if the pagedResults * control has been detected, parsed and partially checked * by the frontend */ assert( get_pagedresults( op ) > SLAP_CONTROL_IGNORED ); /* look for the appropriate ctrl structure */ for ( c = op->o_ctrls; c[0] != NULL; c++ ) { if ( strcmp( c[0]->ldctl_oid, LDAP_CONTROL_PAGEDRESULTS ) == 0 ) { break; } } if ( c[0] == NULL ) { rs->sr_text = "missing pagedResults control"; return LDAP_PROTOCOL_ERROR; } /* Tested by frontend */ assert( c[0]->ldctl_value.bv_len > 0 ); /* Parse the control value * realSearchControlValue ::= SEQUENCE { * size INTEGER (0..maxInt), * -- requested page size from client * -- result set size estimate from server * cookie OCTET STRING * } */ ber = ber_init( &c[0]->ldctl_value ); if ( ber == NULL ) { rs->sr_text = "internal error"; return LDAP_OTHER; } tag = ber_scanf( ber, "{im}", &size, &cookie ); /* Tested by frontend */ assert( tag != LBER_ERROR ); assert( size >= 0 ); /* cookie decoding/checks deferred to backend... */ if ( cookie.bv_len ) { PagedResultsCookie reqcookie; if( cookie.bv_len != sizeof( reqcookie ) ) { /* bad cookie */ rs->sr_text = "paged results cookie is invalid"; rc = LDAP_PROTOCOL_ERROR; goto done; } AC_MEMCPY( &reqcookie, cookie.bv_val, sizeof( reqcookie )); if ( reqcookie > ps->ps_cookie ) { /* bad cookie */ rs->sr_text = "paged results cookie is invalid"; rc = LDAP_PROTOCOL_ERROR; goto done; } else if ( reqcookie < ps->ps_cookie ) { rs->sr_text = "paged results cookie is invalid or old"; rc = LDAP_UNWILLING_TO_PERFORM; goto done; } } else { /* Initial request. Initialize state. */ #if 0 if ( op->o_conn->c_pagedresults_state.ps_cookie != 0 ) { /* There's another pagedResults control on the * same connection; reject new pagedResults controls * (allowed by RFC2696) */ rs->sr_text = "paged results cookie unavailable; try later"; rc = LDAP_UNWILLING_TO_PERFORM; goto done; } #endif ps->ps_cookie = 0; ps->ps_count = 0; } done:; (void)ber_free( ber, 1 ); return rc; } /* This function is copied nearly verbatim from back-bdb/search.c */ static void send_paged_response( Operation *op, SlapReply *rs, unsigned long *lastid ) { LDAPControl ctrl, *ctrls[2]; BerElementBuffer berbuf; BerElement *ber = (BerElement *)&berbuf; PagedResultsCookie respcookie; struct berval cookie; Debug(LDAP_DEBUG_ARGS, "send_paged_response: lastid=0x%08lx nentries=%d\n", lastid ? *lastid : 0, rs->sr_nentries, NULL ); BER_BVZERO( &ctrl.ldctl_value ); ctrls[0] = &ctrl; ctrls[1] = NULL; ber_init2( ber, NULL, LBER_USE_DER ); if ( lastid ) { respcookie = ( PagedResultsCookie )(*lastid); cookie.bv_len = sizeof( respcookie ); cookie.bv_val = (char *)&respcookie; } else { respcookie = ( PagedResultsCookie )0; BER_BVSTR( &cookie, "" ); } op->o_conn->c_pagedresults_state.ps_cookie = respcookie; op->o_conn->c_pagedresults_state.ps_count = ((PagedResultsState *)op->o_pagedresults_state)->ps_count + rs->sr_nentries; /* return size of 0 -- no estimate */ ber_printf( ber, "{iO}", 0, &cookie ); if ( ber_flatten2( ber, &ctrls[0]->ldctl_value, 0 ) == -1 ) { goto done; } ctrls[0]->ldctl_oid = LDAP_CONTROL_PAGEDRESULTS; ctrls[0]->ldctl_iscritical = 0; rs->sr_ctrls = ctrls; rs->sr_err = LDAP_SUCCESS; send_ldap_result( op, rs ); rs->sr_ctrls = NULL; done: (void) ber_free_buf( ber ); }