/* search.c - bdb2 backend search function */ #include "portable.h" #include #include #include #include #include "slap.h" #include "back-bdb2.h" #include "proto-back-bdb2.h" static ID_BLOCK *base_candidates(BackendDB *be, Connection *conn, Operation *op, char *base, Filter *filter, char **attrs, int attrsonly, char **matched, int *err); static ID_BLOCK *onelevel_candidates(BackendDB *be, Connection *conn, Operation *op, char *base, Filter *filter, char **attrs, int attrsonly, char **matched, int *err); static ID_BLOCK *subtree_candidates(BackendDB *be, Connection *conn, Operation *op, char *base, Filter *filter, char **attrs, int attrsonly, char **matched, Entry *e, int *err, int lookupbase); #define GRABSIZE BUFSIZ #define MAKE_SPACE( n ) { \ if ( rcur + (n) > rbuf + rmaxsize ) { \ int offset = rcur - rbuf; \ rbuf = ch_realloc( rbuf, rmaxsize + GRABSIZE ); \ rmaxsize += GRABSIZE; \ rcur = rbuf + offset; \ } \ } static int bdb2i_back_search_internal( BackendDB *be, Connection *conn, Operation *op, char *base, int scope, int deref, int slimit, int tlimit, Filter *filter, char *filterstr, char **attrs, int attrsonly ) { struct ldbminfo *li = (struct ldbminfo *) be->be_private; int err; time_t stoptime; ID_BLOCK *candidates; ID id; Entry *e; Attribute *ref; char *matched = NULL; int rmaxsize, nrefs; char *rbuf, *rcur; int nentries = 0; char *realBase; Debug(LDAP_DEBUG_ARGS, "=> bdb2i_back_search\n", 0, 0, 0); if ( tlimit == 0 && be_isroot( be, op->o_ndn ) ) { tlimit = -1; /* allow root to set no limit */ } else { tlimit = (tlimit > be->be_timelimit || tlimit < 1) ? be->be_timelimit : tlimit; stoptime = op->o_time + tlimit; } if ( slimit == 0 && be_isroot( be, op->o_ndn ) ) { slimit = -1; /* allow root to set no limit */ } else { slimit = (slimit > be->be_sizelimit || slimit < 1) ? be->be_sizelimit : slimit; } /* * check and apply aliasing where the dereferencing applies to * the subordinates of the base */ switch ( deref ) { case LDAP_DEREF_FINDING: case LDAP_DEREF_ALWAYS: realBase = bdb2i_derefDN ( be, conn, op, base ); break; default: realBase = ch_strdup(base); } (void) dn_normalize_case( realBase ); Debug( LDAP_DEBUG_TRACE, "using base \"%s\"\n", realBase, 0, 0 ); switch ( scope ) { case LDAP_SCOPE_BASE: candidates = base_candidates( be, conn, op, realBase, filter, attrs, attrsonly, &matched, &err ); break; case LDAP_SCOPE_ONELEVEL: candidates = onelevel_candidates( be, conn, op, realBase, filter, attrs, attrsonly, &matched, &err ); break; case LDAP_SCOPE_SUBTREE: candidates = subtree_candidates( be, conn, op, realBase, filter, attrs, attrsonly, &matched, NULL, &err, 1 ); break; default: send_ldap_result( conn, op, LDAP_PROTOCOL_ERROR, "", "Bad scope" ); if( realBase != NULL) { free( realBase ); } return( -1 ); } /* null candidates means we could not find the base object */ if ( candidates == NULL ) { send_ldap_result( conn, op, err, matched, "" ); if ( matched != NULL ) { free( matched ); } if( realBase != NULL) { free( realBase ); } return( -1 ); } if ( matched != NULL ) { free( matched ); } rmaxsize = 0; nrefs = 0; rbuf = rcur = NULL; MAKE_SPACE( sizeof("Referral:") + 1 ); strcpy( rbuf, "Referral:" ); rcur = strchr( rbuf, '\0' ); for ( id = bdb2i_idl_firstid( candidates ); id != NOID; id = bdb2i_idl_nextid( candidates, id ) ) { /* check for abandon */ ldap_pvt_thread_mutex_lock( &op->o_abandonmutex ); if ( op->o_abandon ) { ldap_pvt_thread_mutex_unlock( &op->o_abandonmutex ); bdb2i_idl_free( candidates ); free( rbuf ); if( realBase != NULL) { free( realBase ); } return( 0 ); } ldap_pvt_thread_mutex_unlock( &op->o_abandonmutex ); /* check time limit */ if ( tlimit != -1 && slap_get_time() > stoptime ) { send_ldap_search_result( conn, op, LDAP_TIMELIMIT_EXCEEDED, NULL, nrefs > 0 ? rbuf : NULL, nentries ); bdb2i_idl_free( candidates ); free( rbuf ); if( realBase != NULL) { free( realBase ); } return( 0 ); } /* get the entry with reader lock */ if ( (e = bdb2i_id2entry_r( be, id )) == NULL ) { Debug( LDAP_DEBUG_ARGS, "candidate %ld not found\n", id, 0, 0 ); continue; } /* * if it's a referral, add it to the list of referrals. only do * this for subtree searches, and don't check the filter explicitly * here since it's only a candidate anyway. */ if ( scope == LDAP_SCOPE_SUBTREE && e->e_ndn != NULL && strncmp( e->e_ndn, "REF=", 4 ) == 0 && (ref = attr_find( e->e_attrs, "ref" )) != NULL ) { int i; if ( ref->a_vals == NULL ) { Debug( LDAP_DEBUG_ANY, "null ref in (%s)\n", e->e_dn, 0, 0 ); } else { for ( i = 0; ref->a_vals[i] != NULL; i++ ) { /* referral + newline + null */ MAKE_SPACE( ref->a_vals[i]->bv_len + 2 ); *rcur++ = '\n'; strncpy( rcur, ref->a_vals[i]->bv_val, ref->a_vals[i]->bv_len ); rcur = rcur + ref->a_vals[i]->bv_len; *rcur = '\0'; nrefs++; } } /* otherwise it's an entry - see if it matches the filter */ } else { /* if it matches the filter and scope, send it */ if ( test_filter( be, conn, op, e, filter ) == 0 ) { int scopeok; char *dn; /* check scope */ scopeok = 1; if ( scope == LDAP_SCOPE_ONELEVEL ) { if ( (dn = dn_parent( be, e->e_dn )) != NULL ) { (void) dn_normalize_case( dn ); scopeok = (dn == realBase) ? 1 : (strcmp( dn, realBase ) ? 0 : 1 ); free( dn ); } else { scopeok = (realBase == NULL || *realBase == '\0'); } } else if ( scope == LDAP_SCOPE_SUBTREE ) { dn = ch_strdup( e->e_ndn ); scopeok = dn_issuffix( dn, realBase ); free( dn ); } if ( scopeok ) { /* check size limit */ if ( --slimit == -1 ) { bdb2i_cache_return_entry_r( &li->li_cache, e ); send_ldap_search_result( conn, op, LDAP_SIZELIMIT_EXCEEDED, NULL, nrefs > 0 ? rbuf : NULL, nentries ); bdb2i_idl_free( candidates ); free( rbuf ); if( realBase != NULL) { free( realBase ); } return( 0 ); } /* * check and apply aliasing where the dereferencing applies to * the subordinates of the base */ switch ( deref ) { case LDAP_DEREF_SEARCHING: case LDAP_DEREF_ALWAYS: { Entry *newe = bdb2i_derefAlias_r( be, conn, op, e ); if ( newe == NULL ) { /* problem with the alias */ bdb2i_cache_return_entry_r( &li->li_cache, e ); e = NULL; } else if ( newe != e ) { /* reassign e */ bdb2i_cache_return_entry_r( &li->li_cache, e ); e = newe; } } break; } if (e) { switch ( send_search_entry( be, conn, op, e, attrs, attrsonly ) ) { case 0: /* entry sent ok */ nentries++; break; case 1: /* entry not sent */ break; case -1: /* connection closed */ bdb2i_cache_return_entry_r( &li->li_cache, e ); bdb2i_idl_free( candidates ); free( rbuf ); if( realBase != NULL) { free( realBase ); } return( 0 ); } } } } } if( e != NULL ) { /* free reader lock */ bdb2i_cache_return_entry_r( &li->li_cache, e ); } ldap_pvt_thread_yield(); } bdb2i_idl_free( candidates ); if ( nrefs > 0 ) { send_ldap_search_result( conn, op, LDAP_PARTIAL_RESULTS, NULL, rbuf, nentries ); } else { send_ldap_search_result( conn, op, LDAP_SUCCESS, NULL, NULL, nentries ); } free( rbuf ); if( realBase != NULL) { free( realBase ); } return( 0 ); } int bdb2_back_search( BackendDB *be, Connection *conn, Operation *op, char *base, int scope, int deref, int slimit, int tlimit, Filter *filter, char *filterstr, char **attrs, int attrsonly ) { DB_LOCK lock; struct ldbminfo *li = (struct ldbminfo *) be->be_private; struct timeval time1; int ret; bdb2i_start_timing( be->bd_info, &time1 ); if ( bdb2i_enter_backend_r( &lock ) != 0 ) { send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR, "", "" ); return( -1 ); } ret = bdb2i_back_search_internal( be, conn, op, base, scope, deref, slimit, tlimit, filter, filterstr, attrs, attrsonly ); (void) bdb2i_leave_backend_r( lock ); bdb2i_stop_timing( be->bd_info, time1, "SRCH", conn, op ); return( ret ); } static ID_BLOCK * base_candidates( BackendDB *be, Connection *conn, Operation *op, char *base, Filter *filter, char **attrs, int attrsonly, char **matched, int *err ) { struct ldbminfo *li = (struct ldbminfo *) be->be_private; ID_BLOCK *idl; Entry *e; Debug(LDAP_DEBUG_TRACE, "base_candidates: base: \"%s\"\n", base, 0, 0); *err = LDAP_SUCCESS; /* get entry with reader lock */ if ( (e = bdb2i_dn2entry_r( be, base, matched )) == NULL ) { *err = LDAP_NO_SUCH_OBJECT; return( NULL ); } /* check for deleted */ idl = bdb2i_idl_alloc( 1 ); bdb2i_idl_insert( &idl, e->e_id, 1 ); /* free reader lock */ bdb2i_cache_return_entry_r( &li->li_cache, e ); return( idl ); } static ID_BLOCK * onelevel_candidates( BackendDB *be, Connection *conn, Operation *op, char *base, Filter *filter, char **attrs, int attrsonly, char **matched, int *err ) { struct ldbminfo *li = (struct ldbminfo *) be->be_private; Entry *e = NULL; Filter *f; char buf[20]; ID_BLOCK *candidates; Debug(LDAP_DEBUG_TRACE, "onelevel_candidates: base: \"%s\"\n", base, 0, 0); *err = LDAP_SUCCESS; /* get the base object with reader lock */ if ( base != NULL && *base != '\0' && (e = bdb2i_dn2entry_r( be, base, matched )) == NULL ) { *err = LDAP_NO_SUCH_OBJECT; return( NULL ); } /* * modify the filter to be something like this: * * parent=baseobject & originalfilter */ f = (Filter *) ch_malloc( sizeof(Filter) ); f->f_next = NULL; f->f_choice = LDAP_FILTER_AND; f->f_and = (Filter *) ch_malloc( sizeof(Filter) ); f->f_and->f_choice = LDAP_FILTER_EQUALITY; f->f_and->f_ava.ava_type = ch_strdup( "id2children" ); sprintf( buf, "%ld", e != NULL ? e->e_id : 0 ); f->f_and->f_ava.ava_value.bv_val = ch_strdup( buf ); f->f_and->f_ava.ava_value.bv_len = strlen( buf ); f->f_and->f_next = filter; /* from here, it's just like subtree_candidates */ candidates = subtree_candidates( be, conn, op, base, f, attrs, attrsonly, matched, e, err, 0 ); /* free up just the filter stuff we allocated above */ f->f_and->f_next = NULL; filter_free( f ); /* free entry and reader lock */ if( e != NULL ) { bdb2i_cache_return_entry_r( &li->li_cache, e ); } return( candidates ); } static ID_BLOCK * subtree_candidates( BackendDB *be, Connection *conn, Operation *op, char *base, Filter *filter, char **attrs, int attrsonly, char **matched, Entry *e, int *err, int lookupbase ) { struct ldbminfo *li = (struct ldbminfo *) be->be_private; Filter *f, **filterarg_ptr; ID_BLOCK *candidates; Debug(LDAP_DEBUG_TRACE, "subtree_candidates: base: \"%s\" %s\n", base ? base : "NULL", lookupbase ? "lookupbase" : "", 0); /* * get the base object - unless we already have it (from one-level). * also, unless this is a one-level search or a subtree search * starting at the very top of our subtree, we need to modify the * filter to be something like this: * * dn=*baseobjectdn & (originalfilter | ref=*) * * the "objectclass=referral" part is used to select referrals to return */ *err = LDAP_SUCCESS; f = NULL; if ( lookupbase ) { e = NULL; if ( base != NULL && *base != '\0' && (e = bdb2i_dn2entry_r( be, base, matched )) == NULL ) { *err = LDAP_NO_SUCH_OBJECT; return( NULL ); } if (e) { bdb2i_cache_return_entry_r( &li->li_cache, e ); } f = (Filter *) ch_malloc( sizeof(Filter) ); f->f_next = NULL; f->f_choice = LDAP_FILTER_OR; f->f_or = (Filter *) ch_malloc( sizeof(Filter) ); f->f_or->f_choice = LDAP_FILTER_EQUALITY; f->f_or->f_avtype = ch_strdup( "objectclass" ); /* Patch to use normalized uppercase */ f->f_or->f_avvalue.bv_val = ch_strdup( "REFERRAL" ); f->f_or->f_avvalue.bv_len = strlen( "REFERRAL" ); filterarg_ptr = &f->f_or->f_next; *filterarg_ptr = filter; filter = f; if ( ! be_issuffix( be, base ) ) { f = (Filter *) ch_malloc( sizeof(Filter) ); f->f_next = NULL; f->f_choice = LDAP_FILTER_AND; f->f_and = (Filter *) ch_malloc( sizeof(Filter) ); f->f_and->f_choice = LDAP_FILTER_SUBSTRINGS; f->f_and->f_sub_type = ch_strdup( "dn" ); f->f_and->f_sub_initial = NULL; f->f_and->f_sub_any = NULL; f->f_and->f_sub_final = ch_strdup( base ); value_normalize( f->f_and->f_sub_final, SYNTAX_CIS ); f->f_and->f_next = filter; filter = f; } } candidates = bdb2i_filter_candidates( be, filter ); /* free up just the parts we allocated above */ if ( f != NULL ) { *filterarg_ptr = NULL; filter_free( f ); } return( candidates ); }