search.c revision 1.1.1.4
1 /* $NetBSD: search.c,v 1.1.1.4 2019/08/08 13:31:44 christos Exp $ */ 2 3 /* search.c - search operation */ 4 /* $OpenLDAP$ */ 5 /* This work is part of OpenLDAP Software <http://www.openldap.org/>. 6 * 7 * Copyright 2000-2019 The OpenLDAP Foundation. 8 * All rights reserved. 9 * 10 * Redistribution and use in source and binary forms, with or without 11 * modification, are permitted only as authorized by the OpenLDAP 12 * Public License. 13 * 14 * A copy of this license is available in the file LICENSE in the 15 * top-level directory of the distribution or, alternatively, at 16 * <http://www.OpenLDAP.org/license.html>. 17 */ 18 19 #include <sys/cdefs.h> 20 __RCSID("$NetBSD: search.c,v 1.1.1.4 2019/08/08 13:31:44 christos Exp $"); 21 22 #include "portable.h" 23 24 #include <stdio.h> 25 #include <ac/string.h> 26 27 #include "back-mdb.h" 28 #include "idl.h" 29 30 static int base_candidate( 31 BackendDB *be, 32 Entry *e, 33 ID *ids ); 34 35 static int search_candidates( 36 Operation *op, 37 SlapReply *rs, 38 Entry *e, 39 IdScopes *isc, 40 MDB_cursor *mci, 41 ID *ids, 42 ID *stack ); 43 44 static int parse_paged_cookie( Operation *op, SlapReply *rs ); 45 46 static void send_paged_response( 47 Operation *op, 48 SlapReply *rs, 49 ID *lastid, 50 int tentries ); 51 52 /* Dereference aliases for a single alias entry. Return the final 53 * dereferenced entry on success, NULL on any failure. 54 */ 55 static Entry * deref_base ( 56 Operation *op, 57 SlapReply *rs, 58 Entry *e, 59 Entry **matched, 60 MDB_txn *txn, 61 ID *tmp, 62 ID *visited ) 63 { 64 struct berval ndn; 65 66 rs->sr_err = LDAP_ALIAS_DEREF_PROBLEM; 67 rs->sr_text = "maximum deref depth exceeded"; 68 69 for (;;) { 70 /* Remember the last entry we looked at, so we can 71 * report broken links 72 */ 73 *matched = e; 74 75 if (MDB_IDL_N(tmp) >= op->o_bd->be_max_deref_depth) { 76 e = NULL; 77 break; 78 } 79 80 /* If this is part of a subtree or onelevel search, 81 * have we seen this ID before? If so, quit. 82 */ 83 if ( visited && mdb_idl_insert( visited, e->e_id ) ) { 84 e = NULL; 85 break; 86 } 87 88 /* If we've seen this ID during this deref iteration, 89 * we've hit a loop. 90 */ 91 if ( mdb_idl_insert( tmp, e->e_id ) ) { 92 rs->sr_err = LDAP_ALIAS_PROBLEM; 93 rs->sr_text = "circular alias"; 94 e = NULL; 95 break; 96 } 97 98 /* If there was a problem getting the aliasedObjectName, 99 * get_alias_dn will have set the error status. 100 */ 101 if ( get_alias_dn(e, &ndn, &rs->sr_err, &rs->sr_text) ) { 102 e = NULL; 103 break; 104 } 105 106 rs->sr_err = mdb_dn2entry( op, txn, NULL, &ndn, &e, NULL, 0 ); 107 if (rs->sr_err) { 108 rs->sr_err = LDAP_ALIAS_PROBLEM; 109 rs->sr_text = "aliasedObject not found"; 110 break; 111 } 112 113 /* Free the previous entry, continue to work with the 114 * one we just retrieved. 115 */ 116 mdb_entry_return( op, *matched ); 117 118 /* We found a regular entry. Return this to the caller. 119 */ 120 if (!is_entry_alias(e)) { 121 rs->sr_err = LDAP_SUCCESS; 122 rs->sr_text = NULL; 123 break; 124 } 125 } 126 return e; 127 } 128 129 /* Look for and dereference all aliases within the search scope. 130 * Requires "stack" to be able to hold 6 levels of DB_SIZE IDLs. 131 * Of course we're hardcoded to require a minimum of 8 UM_SIZE 132 * IDLs so this is never a problem. 133 */ 134 static int search_aliases( 135 Operation *op, 136 SlapReply *rs, 137 ID e_id, 138 IdScopes *isc, 139 MDB_cursor *mci, 140 ID *stack ) 141 { 142 ID *aliases, *curscop, *visited, *newsubs, *oldsubs, *tmp; 143 ID cursora, ida, cursoro, ido; 144 Entry *matched, *a; 145 struct berval bv_alias = BER_BVC( "alias" ); 146 AttributeAssertion aa_alias = ATTRIBUTEASSERTION_INIT; 147 Filter af; 148 149 aliases = stack; /* IDL of all aliases in the database */ 150 curscop = aliases + MDB_IDL_DB_SIZE; /* Aliases in the current scope */ 151 visited = curscop + MDB_IDL_DB_SIZE; /* IDs we've seen in this search */ 152 newsubs = visited + MDB_IDL_DB_SIZE; /* New subtrees we've added */ 153 oldsubs = newsubs + MDB_IDL_DB_SIZE; /* Subtrees added previously */ 154 tmp = oldsubs + MDB_IDL_DB_SIZE; /* Scratch space for deref_base() */ 155 156 af.f_choice = LDAP_FILTER_EQUALITY; 157 af.f_ava = &aa_alias; 158 af.f_av_desc = slap_schema.si_ad_objectClass; 159 af.f_av_value = bv_alias; 160 af.f_next = NULL; 161 162 /* Find all aliases in database */ 163 MDB_IDL_ZERO( aliases ); 164 rs->sr_err = mdb_filter_candidates( op, isc->mt, &af, aliases, 165 curscop, visited ); 166 if (rs->sr_err != LDAP_SUCCESS || MDB_IDL_IS_ZERO( aliases )) { 167 return rs->sr_err; 168 } 169 oldsubs[0] = 1; 170 oldsubs[1] = e_id; 171 172 MDB_IDL_ZERO( visited ); 173 MDB_IDL_ZERO( newsubs ); 174 175 cursoro = 0; 176 ido = mdb_idl_first( oldsubs, &cursoro ); 177 178 for (;;) { 179 /* Set curscop to only the aliases in the current scope. Start with 180 * all the aliases, then get the intersection with the scope. 181 */ 182 rs->sr_err = mdb_idscope( op, isc->mt, e_id, aliases, curscop ); 183 184 /* Dereference all of the aliases in the current scope. */ 185 cursora = 0; 186 for (ida = mdb_idl_first(curscop, &cursora); ida != NOID; 187 ida = mdb_idl_next(curscop, &cursora)) 188 { 189 rs->sr_err = mdb_id2entry(op, mci, ida, &a); 190 if (rs->sr_err != LDAP_SUCCESS) { 191 continue; 192 } 193 194 /* This should only happen if the curscop IDL has maxed out and 195 * turned into a range that spans IDs indiscriminately 196 */ 197 if (!is_entry_alias(a)) { 198 mdb_entry_return(op, a); 199 continue; 200 } 201 202 /* Actually dereference the alias */ 203 MDB_IDL_ZERO(tmp); 204 a = deref_base( op, rs, a, &matched, isc->mt, 205 tmp, visited ); 206 if (a) { 207 /* If the target was not already in our current scopes, 208 * make note of it in the newsubs list. 209 */ 210 ID2 mid; 211 mid.mid = a->e_id; 212 mid.mval.mv_data = NULL; 213 if (op->ors_scope == LDAP_SCOPE_SUBTREE) { 214 isc->id = a->e_id; 215 /* if ID is a child of any of our current scopes, 216 * ignore it, it's already included. 217 */ 218 if (mdb_idscopechk(op, isc)) 219 goto skip; 220 } 221 if (mdb_id2l_insert(isc->scopes, &mid) == 0) { 222 mdb_idl_insert(newsubs, a->e_id); 223 } 224 skip: mdb_entry_return( op, a ); 225 226 } else if (matched) { 227 /* Alias could not be dereferenced, or it deref'd to 228 * an ID we've already seen. Ignore it. 229 */ 230 mdb_entry_return( op, matched ); 231 rs->sr_text = NULL; 232 rs->sr_err = 0; 233 } 234 } 235 /* If this is a OneLevel search, we're done; oldsubs only had one 236 * ID in it. For a Subtree search, oldsubs may be a list of scope IDs. 237 */ 238 if ( op->ors_scope == LDAP_SCOPE_ONELEVEL ) break; 239 nextido: 240 ido = mdb_idl_next( oldsubs, &cursoro ); 241 242 /* If we're done processing the old scopes, did we add any new 243 * scopes in this iteration? If so, go back and do those now. 244 */ 245 if (ido == NOID) { 246 if (MDB_IDL_IS_ZERO(newsubs)) break; 247 MDB_IDL_CPY(oldsubs, newsubs); 248 MDB_IDL_ZERO(newsubs); 249 cursoro = 0; 250 ido = mdb_idl_first( oldsubs, &cursoro ); 251 } 252 253 /* Find the entry corresponding to the next scope. If it can't 254 * be found, ignore it and move on. This should never happen; 255 * we should never see the ID of an entry that doesn't exist. 256 */ 257 { 258 MDB_val edata; 259 rs->sr_err = mdb_id2edata(op, mci, ido, &edata); 260 if ( rs->sr_err != MDB_SUCCESS ) { 261 goto nextido; 262 } 263 e_id = ido; 264 } 265 } 266 return rs->sr_err; 267 } 268 269 /* Get the next ID from the DB. Used if the candidate list is 270 * a range and simple iteration hits missing entryIDs 271 */ 272 static int 273 mdb_get_nextid(MDB_cursor *mci, ID *cursor) 274 { 275 MDB_val key; 276 ID id; 277 int rc; 278 279 id = *cursor + 1; 280 key.mv_data = &id; 281 key.mv_size = sizeof(ID); 282 rc = mdb_cursor_get( mci, &key, NULL, MDB_SET_RANGE ); 283 if ( rc ) 284 return rc; 285 memcpy( cursor, key.mv_data, sizeof(ID)); 286 return 0; 287 } 288 289 static void scope_chunk_free( void *key, void *data ) 290 { 291 ID2 *p1, *p2; 292 for (p1 = data; p1; p1 = p2) { 293 p2 = p1[0].mval.mv_data; 294 ber_memfree_x(p1, NULL); 295 } 296 } 297 298 static ID2 *scope_chunk_get( Operation *op ) 299 { 300 ID2 *ret = NULL; 301 302 ldap_pvt_thread_pool_getkey( op->o_threadctx, (void *)scope_chunk_get, 303 (void *)&ret, NULL ); 304 if ( !ret ) { 305 ret = ch_malloc( MDB_IDL_UM_SIZE * sizeof( ID2 )); 306 } else { 307 void *r2 = ret[0].mval.mv_data; 308 ldap_pvt_thread_pool_setkey( op->o_threadctx, (void *)scope_chunk_get, 309 r2, scope_chunk_free, NULL, NULL ); 310 } 311 return ret; 312 } 313 314 static void scope_chunk_ret( Operation *op, ID2 *scopes ) 315 { 316 void *ret = NULL; 317 318 ldap_pvt_thread_pool_getkey( op->o_threadctx, (void *)scope_chunk_get, 319 &ret, NULL ); 320 scopes[0].mval.mv_data = ret; 321 ldap_pvt_thread_pool_setkey( op->o_threadctx, (void *)scope_chunk_get, 322 (void *)scopes, scope_chunk_free, NULL, NULL ); 323 } 324 325 static void *search_stack( Operation *op ); 326 327 typedef struct ww_ctx { 328 MDB_txn *txn; 329 MDB_cursor *mcd; /* if set, save cursor context */ 330 ID key; 331 MDB_val data; 332 int flag; 333 int nentries; 334 } ww_ctx; 335 336 /* ITS#7904 if we get blocked while writing results to client, 337 * release the current reader txn and reacquire it after we 338 * unblock. 339 * Slight problem - if we're doing a scope-based walk (mdb_dn2id_walk) 340 * to return results, we need to remember the state of the mcd cursor. 341 * If the node that cursor was pointing to gets deleted while we're 342 * blocked, we may be unable to restore the cursor position. In that 343 * case return an LDAP_BUSY error - let the client know this search 344 * couldn't succeed, but might succeed on a retry. 345 */ 346 static void 347 mdb_rtxn_snap( Operation *op, ww_ctx *ww ) 348 { 349 /* save cursor position and release read txn */ 350 if ( ww->mcd ) { 351 MDB_val key, data; 352 mdb_cursor_get( ww->mcd, &key, &data, MDB_GET_CURRENT ); 353 memcpy( &ww->key, key.mv_data, sizeof(ID) ); 354 ww->data.mv_size = data.mv_size; 355 ww->data.mv_data = op->o_tmpalloc( data.mv_size, op->o_tmpmemctx ); 356 memcpy(ww->data.mv_data, data.mv_data, data.mv_size); 357 } 358 mdb_txn_reset( ww->txn ); 359 ww->flag = 1; 360 } 361 362 static void 363 mdb_writewait( Operation *op, slap_callback *sc ) 364 { 365 ww_ctx *ww = sc->sc_private; 366 if ( !ww->flag ) { 367 mdb_rtxn_snap( op, ww ); 368 } 369 } 370 371 static int 372 mdb_waitfixup( Operation *op, ww_ctx *ww, MDB_cursor *mci, MDB_cursor *mcd, IdScopes *isc ) 373 { 374 MDB_val key; 375 int rc = 0; 376 ww->flag = 0; 377 mdb_txn_renew( ww->txn ); 378 mdb_cursor_renew( ww->txn, mci ); 379 mdb_cursor_renew( ww->txn, mcd ); 380 381 key.mv_size = sizeof(ID); 382 if ( ww->mcd ) { /* scope-based search using dn2id_walk */ 383 MDB_val data; 384 385 if ( isc->numrdns ) 386 mdb_dn2id_wrestore( op, isc ); 387 388 key.mv_data = &ww->key; 389 data = ww->data; 390 rc = mdb_cursor_get( mcd, &key, &data, MDB_GET_BOTH ); 391 if ( rc == MDB_NOTFOUND ) { 392 data = ww->data; 393 rc = mdb_cursor_get( mcd, &key, &data, MDB_GET_BOTH_RANGE ); 394 /* the loop will skip this node using NEXT_DUP but we want it 395 * sent, so go back one space first 396 */ 397 if ( rc == MDB_SUCCESS ) 398 mdb_cursor_get( mcd, &key, &data, MDB_PREV_DUP ); 399 else 400 rc = LDAP_BUSY; 401 } else if ( rc ) { 402 rc = LDAP_OTHER; 403 } 404 op->o_tmpfree( ww->data.mv_data, op->o_tmpmemctx ); 405 ww->data.mv_data = NULL; 406 } else if ( isc->scopes[0].mid > 1 ) { /* candidate-based search */ 407 int i; 408 for ( i=1; i<isc->scopes[0].mid; i++ ) { 409 if ( !isc->scopes[i].mval.mv_data ) 410 continue; 411 key.mv_data = &isc->scopes[i].mid; 412 mdb_cursor_get( mcd, &key, &isc->scopes[i].mval, MDB_SET ); 413 } 414 } 415 return rc; 416 } 417 418 int 419 mdb_search( Operation *op, SlapReply *rs ) 420 { 421 struct mdb_info *mdb = (struct mdb_info *) op->o_bd->be_private; 422 ID id, cursor, nsubs, ncand, cscope; 423 ID lastid = NOID; 424 ID candidates[MDB_IDL_UM_SIZE]; 425 ID iscopes[MDB_IDL_DB_SIZE]; 426 ID2 *scopes; 427 void *stack; 428 Entry *e = NULL, *base = NULL; 429 Entry *matched = NULL; 430 AttributeName *attrs; 431 slap_mask_t mask; 432 time_t stoptime; 433 int manageDSAit; 434 int tentries = 0; 435 IdScopes isc; 436 MDB_cursor *mci, *mcd; 437 ww_ctx wwctx; 438 slap_callback cb = { 0 }; 439 440 mdb_op_info opinfo = {{{0}}}, *moi = &opinfo; 441 MDB_txn *ltid = NULL; 442 443 Debug( LDAP_DEBUG_TRACE, "=> " LDAP_XSTRING(mdb_search) "\n", 0, 0, 0); 444 attrs = op->oq_search.rs_attrs; 445 446 manageDSAit = get_manageDSAit( op ); 447 448 rs->sr_err = mdb_opinfo_get( op, mdb, 1, &moi ); 449 switch(rs->sr_err) { 450 case 0: 451 break; 452 default: 453 send_ldap_error( op, rs, LDAP_OTHER, "internal error" ); 454 return rs->sr_err; 455 } 456 457 ltid = moi->moi_txn; 458 459 rs->sr_err = mdb_cursor_open( ltid, mdb->mi_id2entry, &mci ); 460 if ( rs->sr_err ) { 461 send_ldap_error( op, rs, LDAP_OTHER, "internal error" ); 462 return rs->sr_err; 463 } 464 465 rs->sr_err = mdb_cursor_open( ltid, mdb->mi_dn2id, &mcd ); 466 if ( rs->sr_err ) { 467 mdb_cursor_close( mci ); 468 send_ldap_error( op, rs, LDAP_OTHER, "internal error" ); 469 return rs->sr_err; 470 } 471 472 scopes = scope_chunk_get( op ); 473 stack = search_stack( op ); 474 isc.mt = ltid; 475 isc.mc = mcd; 476 isc.scopes = scopes; 477 isc.oscope = op->ors_scope; 478 isc.sctmp = stack; 479 480 if ( op->ors_deref & LDAP_DEREF_FINDING ) { 481 MDB_IDL_ZERO(candidates); 482 } 483 dn2entry_retry: 484 /* get entry with reader lock */ 485 rs->sr_err = mdb_dn2entry( op, ltid, mcd, &op->o_req_ndn, &e, &nsubs, 1 ); 486 487 switch(rs->sr_err) { 488 case MDB_NOTFOUND: 489 matched = e; 490 e = NULL; 491 break; 492 case 0: 493 break; 494 case LDAP_BUSY: 495 send_ldap_error( op, rs, LDAP_BUSY, "ldap server busy" ); 496 goto done; 497 default: 498 send_ldap_error( op, rs, LDAP_OTHER, "internal error" ); 499 goto done; 500 } 501 502 if ( op->ors_deref & LDAP_DEREF_FINDING ) { 503 if ( matched && is_entry_alias( matched )) { 504 struct berval stub; 505 506 stub.bv_val = op->o_req_ndn.bv_val; 507 stub.bv_len = op->o_req_ndn.bv_len - matched->e_nname.bv_len - 1; 508 e = deref_base( op, rs, matched, &matched, ltid, 509 candidates, NULL ); 510 if ( e ) { 511 build_new_dn( &op->o_req_ndn, &e->e_nname, &stub, 512 op->o_tmpmemctx ); 513 mdb_entry_return(op, e); 514 matched = NULL; 515 goto dn2entry_retry; 516 } 517 } else if ( e && is_entry_alias( e )) { 518 e = deref_base( op, rs, e, &matched, ltid, 519 candidates, NULL ); 520 } 521 } 522 523 if ( e == NULL ) { 524 struct berval matched_dn = BER_BVNULL; 525 526 if ( matched != NULL ) { 527 BerVarray erefs = NULL; 528 529 /* return referral only if "disclose" 530 * is granted on the object */ 531 if ( ! access_allowed( op, matched, 532 slap_schema.si_ad_entry, 533 NULL, ACL_DISCLOSE, NULL ) ) 534 { 535 rs->sr_err = LDAP_NO_SUCH_OBJECT; 536 537 } else { 538 ber_dupbv( &matched_dn, &matched->e_name ); 539 540 erefs = is_entry_referral( matched ) 541 ? get_entry_referrals( op, matched ) 542 : NULL; 543 if ( rs->sr_err == MDB_NOTFOUND ) 544 rs->sr_err = LDAP_REFERRAL; 545 rs->sr_matched = matched_dn.bv_val; 546 } 547 548 mdb_entry_return(op, matched); 549 matched = NULL; 550 551 if ( erefs ) { 552 rs->sr_ref = referral_rewrite( erefs, &matched_dn, 553 &op->o_req_dn, op->oq_search.rs_scope ); 554 ber_bvarray_free( erefs ); 555 } 556 557 } else { 558 rs->sr_ref = referral_rewrite( default_referral, 559 NULL, &op->o_req_dn, op->oq_search.rs_scope ); 560 rs->sr_err = rs->sr_ref != NULL ? LDAP_REFERRAL : LDAP_NO_SUCH_OBJECT; 561 } 562 563 send_ldap_result( op, rs ); 564 565 if ( rs->sr_ref ) { 566 ber_bvarray_free( rs->sr_ref ); 567 rs->sr_ref = NULL; 568 } 569 if ( !BER_BVISNULL( &matched_dn ) ) { 570 ber_memfree( matched_dn.bv_val ); 571 rs->sr_matched = NULL; 572 } 573 goto done; 574 } 575 576 /* NOTE: __NEW__ "search" access is required 577 * on searchBase object */ 578 if ( ! access_allowed_mask( op, e, slap_schema.si_ad_entry, 579 NULL, ACL_SEARCH, NULL, &mask ) ) 580 { 581 if ( !ACL_GRANT( mask, ACL_DISCLOSE ) ) { 582 rs->sr_err = LDAP_NO_SUCH_OBJECT; 583 } else { 584 rs->sr_err = LDAP_INSUFFICIENT_ACCESS; 585 } 586 587 mdb_entry_return( op,e); 588 send_ldap_result( op, rs ); 589 goto done; 590 } 591 592 if ( !manageDSAit && is_entry_referral( e ) ) { 593 /* entry is a referral */ 594 struct berval matched_dn = BER_BVNULL; 595 BerVarray erefs = NULL; 596 597 ber_dupbv( &matched_dn, &e->e_name ); 598 erefs = get_entry_referrals( op, e ); 599 600 rs->sr_err = LDAP_REFERRAL; 601 602 mdb_entry_return( op, e ); 603 e = NULL; 604 605 if ( erefs ) { 606 rs->sr_ref = referral_rewrite( erefs, &matched_dn, 607 &op->o_req_dn, op->oq_search.rs_scope ); 608 ber_bvarray_free( erefs ); 609 610 if ( !rs->sr_ref ) { 611 rs->sr_text = "bad_referral object"; 612 } 613 } 614 615 Debug( LDAP_DEBUG_TRACE, 616 LDAP_XSTRING(mdb_search) ": entry is referral\n", 617 0, 0, 0 ); 618 619 rs->sr_matched = matched_dn.bv_val; 620 send_ldap_result( op, rs ); 621 622 ber_bvarray_free( rs->sr_ref ); 623 rs->sr_ref = NULL; 624 ber_memfree( matched_dn.bv_val ); 625 rs->sr_matched = NULL; 626 goto done; 627 } 628 629 if ( get_assert( op ) && 630 ( test_filter( op, e, get_assertion( op )) != LDAP_COMPARE_TRUE )) 631 { 632 rs->sr_err = LDAP_ASSERTION_FAILED; 633 mdb_entry_return( op,e); 634 send_ldap_result( op, rs ); 635 goto done; 636 } 637 638 /* compute it anyway; root does not use it */ 639 stoptime = op->o_time + op->ors_tlimit; 640 641 base = e; 642 643 e = NULL; 644 645 /* select candidates */ 646 if ( op->oq_search.rs_scope == LDAP_SCOPE_BASE ) { 647 rs->sr_err = base_candidate( op->o_bd, base, candidates ); 648 scopes[0].mid = 0; 649 ncand = 1; 650 } else { 651 if ( op->ors_scope == LDAP_SCOPE_ONELEVEL ) { 652 size_t nkids; 653 MDB_val key, data; 654 key.mv_data = &base->e_id; 655 key.mv_size = sizeof( ID ); 656 mdb_cursor_get( mcd, &key, &data, MDB_SET ); 657 mdb_cursor_count( mcd, &nkids ); 658 nsubs = nkids - 1; 659 } else if ( !base->e_id ) { 660 /* we don't maintain nsubs for entryID 0. 661 * just grab entry count from id2entry stat 662 */ 663 MDB_stat ms; 664 mdb_stat( ltid, mdb->mi_id2entry, &ms ); 665 nsubs = ms.ms_entries; 666 } 667 MDB_IDL_ZERO( candidates ); 668 scopes[0].mid = 1; 669 scopes[1].mid = base->e_id; 670 scopes[1].mval.mv_data = NULL; 671 rs->sr_err = search_candidates( op, rs, base, 672 &isc, mci, candidates, stack ); 673 ncand = MDB_IDL_N( candidates ); 674 if ( !base->e_id || ncand == NOID ) { 675 /* grab entry count from id2entry stat 676 */ 677 MDB_stat ms; 678 mdb_stat( ltid, mdb->mi_id2entry, &ms ); 679 if ( !base->e_id ) 680 nsubs = ms.ms_entries; 681 if ( ncand == NOID ) 682 ncand = ms.ms_entries; 683 } 684 } 685 686 /* start cursor at beginning of candidates. 687 */ 688 cursor = 0; 689 690 if ( candidates[0] == 0 ) { 691 Debug( LDAP_DEBUG_TRACE, 692 LDAP_XSTRING(mdb_search) ": no candidates\n", 693 0, 0, 0 ); 694 695 goto nochange; 696 } 697 698 /* if not root and candidates exceed to-be-checked entries, abort */ 699 if ( op->ors_limit /* isroot == FALSE */ && 700 op->ors_limit->lms_s_unchecked != -1 && 701 ncand > (unsigned) op->ors_limit->lms_s_unchecked ) 702 { 703 rs->sr_err = LDAP_ADMINLIMIT_EXCEEDED; 704 send_ldap_result( op, rs ); 705 rs->sr_err = LDAP_SUCCESS; 706 goto done; 707 } 708 709 if ( op->ors_limit == NULL /* isroot == TRUE */ || 710 !op->ors_limit->lms_s_pr_hide ) 711 { 712 tentries = ncand; 713 } 714 715 wwctx.flag = 0; 716 /* If we're running in our own read txn */ 717 if ( moi == &opinfo ) { 718 cb.sc_writewait = mdb_writewait; 719 cb.sc_private = &wwctx; 720 wwctx.txn = ltid; 721 wwctx.mcd = NULL; 722 cb.sc_next = op->o_callback; 723 op->o_callback = &cb; 724 } 725 726 if ( get_pagedresults( op ) > SLAP_CONTROL_IGNORED ) { 727 PagedResultsState *ps = op->o_pagedresults_state; 728 /* deferred cookie parsing */ 729 rs->sr_err = parse_paged_cookie( op, rs ); 730 if ( rs->sr_err != LDAP_SUCCESS ) { 731 send_ldap_result( op, rs ); 732 goto done; 733 } 734 735 cursor = (ID) ps->ps_cookie; 736 if ( cursor && ps->ps_size == 0 ) { 737 rs->sr_err = LDAP_SUCCESS; 738 rs->sr_text = "search abandoned by pagedResult size=0"; 739 send_ldap_result( op, rs ); 740 goto done; 741 } 742 id = mdb_idl_first( candidates, &cursor ); 743 if ( id == NOID ) { 744 Debug( LDAP_DEBUG_TRACE, 745 LDAP_XSTRING(mdb_search) 746 ": no paged results candidates\n", 747 0, 0, 0 ); 748 send_paged_response( op, rs, &lastid, 0 ); 749 750 rs->sr_err = LDAP_OTHER; 751 goto done; 752 } 753 if ( id == (ID)ps->ps_cookie ) 754 id = mdb_idl_next( candidates, &cursor ); 755 nsubs = ncand; /* always bypass scope'd search */ 756 goto loop_begin; 757 } 758 if ( nsubs < ncand ) { 759 int rc; 760 /* Do scope-based search */ 761 762 /* if any alias scopes were set, save them */ 763 if (scopes[0].mid > 1) { 764 cursor = 1; 765 for (cscope = 1; cscope <= scopes[0].mid; cscope++) { 766 /* Ignore the original base */ 767 if (scopes[cscope].mid == base->e_id) 768 continue; 769 iscopes[cursor++] = scopes[cscope].mid; 770 } 771 iscopes[0] = scopes[0].mid - 1; 772 } else { 773 iscopes[0] = 0; 774 } 775 776 wwctx.mcd = mcd; 777 isc.id = base->e_id; 778 isc.numrdns = 0; 779 rc = mdb_dn2id_walk( op, &isc ); 780 if ( rc ) 781 id = NOID; 782 else 783 id = isc.id; 784 cscope = 0; 785 } else { 786 id = mdb_idl_first( candidates, &cursor ); 787 } 788 789 while (id != NOID) 790 { 791 int scopeok; 792 MDB_val edata; 793 794 loop_begin: 795 796 /* check for abandon */ 797 if ( op->o_abandon ) { 798 rs->sr_err = SLAPD_ABANDON; 799 send_ldap_result( op, rs ); 800 goto done; 801 } 802 803 /* mostly needed by internal searches, 804 * e.g. related to syncrepl, for whom 805 * abandon does not get set... */ 806 if ( slapd_shutdown ) { 807 rs->sr_err = LDAP_UNAVAILABLE; 808 send_ldap_disconnect( op, rs ); 809 goto done; 810 } 811 812 /* check time limit */ 813 if ( op->ors_tlimit != SLAP_NO_LIMIT 814 && slap_get_time() > stoptime ) 815 { 816 rs->sr_err = LDAP_TIMELIMIT_EXCEEDED; 817 rs->sr_ref = rs->sr_v2ref; 818 send_ldap_result( op, rs ); 819 rs->sr_err = LDAP_SUCCESS; 820 goto done; 821 } 822 823 824 if ( nsubs < ncand ) { 825 unsigned i; 826 /* Is this entry in the candidate list? */ 827 scopeok = 0; 828 if (MDB_IDL_IS_RANGE( candidates )) { 829 if ( id >= MDB_IDL_RANGE_FIRST( candidates ) && 830 id <= MDB_IDL_RANGE_LAST( candidates )) 831 scopeok = 1; 832 } else { 833 i = mdb_idl_search( candidates, id ); 834 if (i <= candidates[0] && candidates[i] == id ) 835 scopeok = 1; 836 } 837 if ( scopeok ) 838 goto scopeok; 839 goto loop_continue; 840 } 841 842 /* Does this candidate actually satisfy the search scope? 843 */ 844 scopeok = 0; 845 isc.numrdns = 0; 846 switch( op->ors_scope ) { 847 case LDAP_SCOPE_BASE: 848 /* This is always true, yes? */ 849 if ( id == base->e_id ) scopeok = 1; 850 break; 851 852 #ifdef LDAP_SCOPE_CHILDREN 853 case LDAP_SCOPE_CHILDREN: 854 if ( id == base->e_id ) break; 855 /* Fall-thru */ 856 #endif 857 case LDAP_SCOPE_SUBTREE: 858 if ( id == base->e_id ) { 859 scopeok = 1; 860 break; 861 } 862 /* Fall-thru */ 863 case LDAP_SCOPE_ONELEVEL: 864 if ( id == base->e_id ) break; 865 isc.id = id; 866 isc.nscope = 0; 867 rs->sr_err = mdb_idscopes( op, &isc ); 868 if ( rs->sr_err == MDB_SUCCESS ) { 869 if ( isc.nscope ) 870 scopeok = 1; 871 } else { 872 if ( rs->sr_err == MDB_NOTFOUND ) 873 goto notfound; 874 } 875 break; 876 } 877 878 /* Not in scope, ignore it */ 879 if ( !scopeok ) 880 { 881 Debug( LDAP_DEBUG_TRACE, 882 LDAP_XSTRING(mdb_search) 883 ": %ld scope not okay\n", 884 (long) id, 0, 0 ); 885 goto loop_continue; 886 } 887 888 scopeok: 889 if ( id == base->e_id ) { 890 e = base; 891 } else { 892 893 /* get the entry */ 894 rs->sr_err = mdb_id2edata( op, mci, id, &edata ); 895 if ( rs->sr_err == MDB_NOTFOUND ) { 896 notfound: 897 if( nsubs < ncand ) 898 goto loop_continue; 899 900 if( !MDB_IDL_IS_RANGE(candidates) ) { 901 /* only complain for non-range IDLs */ 902 Debug( LDAP_DEBUG_TRACE, 903 LDAP_XSTRING(mdb_search) 904 ": candidate %ld not found\n", 905 (long) id, 0, 0 ); 906 } else { 907 /* get the next ID from the DB */ 908 rs->sr_err = mdb_get_nextid( mci, &cursor ); 909 if ( rs->sr_err == MDB_NOTFOUND ) { 910 break; 911 } 912 if ( rs->sr_err ) { 913 rs->sr_err = LDAP_OTHER; 914 rs->sr_text = "internal error in get_nextid"; 915 send_ldap_result( op, rs ); 916 goto done; 917 } 918 cursor--; 919 } 920 921 goto loop_continue; 922 } else if ( rs->sr_err ) { 923 rs->sr_err = LDAP_OTHER; 924 rs->sr_text = "internal error in mdb_id2edata"; 925 send_ldap_result( op, rs ); 926 goto done; 927 } 928 929 rs->sr_err = mdb_entry_decode( op, ltid, &edata, &e ); 930 if ( rs->sr_err ) { 931 rs->sr_err = LDAP_OTHER; 932 rs->sr_text = "internal error in mdb_entry_decode"; 933 send_ldap_result( op, rs ); 934 goto done; 935 } 936 e->e_id = id; 937 e->e_name.bv_val = NULL; 938 e->e_nname.bv_val = NULL; 939 } 940 941 if ( is_entry_subentry( e ) ) { 942 if( op->oq_search.rs_scope != LDAP_SCOPE_BASE ) { 943 if(!get_subentries_visibility( op )) { 944 /* only subentries are visible */ 945 goto loop_continue; 946 } 947 948 } else if ( get_subentries( op ) && 949 !get_subentries_visibility( op )) 950 { 951 /* only subentries are visible */ 952 goto loop_continue; 953 } 954 955 } else if ( get_subentries_visibility( op )) { 956 /* only subentries are visible */ 957 goto loop_continue; 958 } 959 960 /* aliases were already dereferenced in candidate list */ 961 if ( op->ors_deref & LDAP_DEREF_SEARCHING ) { 962 /* but if the search base is an alias, and we didn't 963 * deref it when finding, return it. 964 */ 965 if ( is_entry_alias(e) && 966 ((op->ors_deref & LDAP_DEREF_FINDING) || e != base )) 967 { 968 goto loop_continue; 969 } 970 } 971 972 if ( !manageDSAit && is_entry_glue( e )) { 973 goto loop_continue; 974 } 975 976 if (e != base) { 977 struct berval pdn, pndn; 978 char *d, *n; 979 int i; 980 981 /* child of base, just append RDNs to base->e_name */ 982 if ( nsubs < ncand || isc.scopes[isc.nscope].mid == base->e_id ) { 983 pdn = base->e_name; 984 pndn = base->e_nname; 985 } else { 986 mdb_id2name( op, ltid, &isc.mc, scopes[isc.nscope].mid, &pdn, &pndn ); 987 } 988 e->e_name.bv_len = pdn.bv_len; 989 e->e_nname.bv_len = pndn.bv_len; 990 for (i=0; i<isc.numrdns; i++) { 991 e->e_name.bv_len += isc.rdns[i].bv_len + 1; 992 e->e_nname.bv_len += isc.nrdns[i].bv_len + 1; 993 } 994 e->e_name.bv_val = op->o_tmpalloc(e->e_name.bv_len + 1, op->o_tmpmemctx); 995 e->e_nname.bv_val = op->o_tmpalloc(e->e_nname.bv_len + 1, op->o_tmpmemctx); 996 d = e->e_name.bv_val; 997 n = e->e_nname.bv_val; 998 if (nsubs < ncand) { 999 /* RDNs are in top-down order */ 1000 for (i=isc.numrdns-1; i>=0; i--) { 1001 memcpy(d, isc.rdns[i].bv_val, isc.rdns[i].bv_len); 1002 d += isc.rdns[i].bv_len; 1003 *d++ = ','; 1004 memcpy(n, isc.nrdns[i].bv_val, isc.nrdns[i].bv_len); 1005 n += isc.nrdns[i].bv_len; 1006 *n++ = ','; 1007 } 1008 } else { 1009 /* RDNs are in bottom-up order */ 1010 for (i=0; i<isc.numrdns; i++) { 1011 memcpy(d, isc.rdns[i].bv_val, isc.rdns[i].bv_len); 1012 d += isc.rdns[i].bv_len; 1013 *d++ = ','; 1014 memcpy(n, isc.nrdns[i].bv_val, isc.nrdns[i].bv_len); 1015 n += isc.nrdns[i].bv_len; 1016 *n++ = ','; 1017 } 1018 } 1019 1020 if (pdn.bv_len) { 1021 memcpy(d, pdn.bv_val, pdn.bv_len+1); 1022 memcpy(n, pndn.bv_val, pndn.bv_len+1); 1023 } else { 1024 *--d = '\0'; 1025 *--n = '\0'; 1026 e->e_name.bv_len--; 1027 e->e_nname.bv_len--; 1028 } 1029 if (pndn.bv_val != base->e_nname.bv_val) { 1030 op->o_tmpfree(pndn.bv_val, op->o_tmpmemctx); 1031 op->o_tmpfree(pdn.bv_val, op->o_tmpmemctx); 1032 } 1033 } 1034 1035 /* 1036 * if it's a referral, add it to the list of referrals. only do 1037 * this for non-base searches, and don't check the filter 1038 * explicitly here since it's only a candidate anyway. 1039 */ 1040 if ( !manageDSAit && op->oq_search.rs_scope != LDAP_SCOPE_BASE 1041 && is_entry_referral( e ) ) 1042 { 1043 BerVarray erefs = get_entry_referrals( op, e ); 1044 rs->sr_ref = referral_rewrite( erefs, &e->e_name, NULL, 1045 op->oq_search.rs_scope == LDAP_SCOPE_ONELEVEL 1046 ? LDAP_SCOPE_BASE : LDAP_SCOPE_SUBTREE ); 1047 1048 rs->sr_entry = e; 1049 rs->sr_flags = 0; 1050 1051 send_search_reference( op, rs ); 1052 1053 if (e != base) 1054 mdb_entry_return( op, e ); 1055 rs->sr_entry = NULL; 1056 e = NULL; 1057 1058 ber_bvarray_free( rs->sr_ref ); 1059 ber_bvarray_free( erefs ); 1060 rs->sr_ref = NULL; 1061 1062 goto loop_continue; 1063 } 1064 1065 /* if it matches the filter and scope, send it */ 1066 rs->sr_err = test_filter( op, e, op->oq_search.rs_filter ); 1067 1068 if ( rs->sr_err == LDAP_COMPARE_TRUE ) { 1069 /* check size limit */ 1070 if ( get_pagedresults(op) > SLAP_CONTROL_IGNORED ) { 1071 if ( rs->sr_nentries >= ((PagedResultsState *)op->o_pagedresults_state)->ps_size ) { 1072 if (e != base) 1073 mdb_entry_return( op, e ); 1074 e = NULL; 1075 send_paged_response( op, rs, &lastid, tentries ); 1076 goto done; 1077 } 1078 lastid = id; 1079 } 1080 1081 if (e) { 1082 /* safe default */ 1083 rs->sr_attrs = op->oq_search.rs_attrs; 1084 rs->sr_operational_attrs = NULL; 1085 rs->sr_ctrls = NULL; 1086 rs->sr_entry = e; 1087 RS_ASSERT( e->e_private != NULL ); 1088 rs->sr_flags = 0; 1089 rs->sr_err = LDAP_SUCCESS; 1090 rs->sr_err = send_search_entry( op, rs ); 1091 rs->sr_attrs = NULL; 1092 rs->sr_entry = NULL; 1093 if (e != base) 1094 mdb_entry_return( op, e ); 1095 e = NULL; 1096 1097 switch ( rs->sr_err ) { 1098 case LDAP_SUCCESS: /* entry sent ok */ 1099 break; 1100 default: /* entry not sent */ 1101 break; 1102 case LDAP_BUSY: 1103 send_ldap_result( op, rs ); 1104 goto done; 1105 case LDAP_UNAVAILABLE: 1106 case LDAP_SIZELIMIT_EXCEEDED: 1107 if ( rs->sr_err == LDAP_SIZELIMIT_EXCEEDED ) { 1108 rs->sr_ref = rs->sr_v2ref; 1109 send_ldap_result( op, rs ); 1110 rs->sr_err = LDAP_SUCCESS; 1111 1112 } else { 1113 rs->sr_err = LDAP_OTHER; 1114 } 1115 goto done; 1116 } 1117 } 1118 1119 } else { 1120 Debug( LDAP_DEBUG_TRACE, 1121 LDAP_XSTRING(mdb_search) 1122 ": %ld does not match filter\n", 1123 (long) id, 0, 0 ); 1124 } 1125 1126 loop_continue: 1127 if ( moi == &opinfo && !wwctx.flag && mdb->mi_rtxn_size ) { 1128 wwctx.nentries++; 1129 if ( wwctx.nentries >= mdb->mi_rtxn_size ) { 1130 MDB_envinfo ei; 1131 wwctx.nentries = 0; 1132 mdb_env_info(mdb->mi_dbenv, &ei); 1133 if ( ei.me_last_txnid > mdb_txn_id( ltid )) 1134 mdb_rtxn_snap( op, &wwctx ); 1135 } 1136 } 1137 if ( wwctx.flag ) { 1138 rs->sr_err = mdb_waitfixup( op, &wwctx, mci, mcd, &isc ); 1139 if ( rs->sr_err ) { 1140 send_ldap_result( op, rs ); 1141 goto done; 1142 } 1143 } 1144 1145 if( e != NULL ) { 1146 if ( e != base ) 1147 mdb_entry_return( op, e ); 1148 RS_ASSERT( rs->sr_entry == NULL ); 1149 e = NULL; 1150 rs->sr_entry = NULL; 1151 } 1152 1153 if ( nsubs < ncand ) { 1154 int rc = mdb_dn2id_walk( op, &isc ); 1155 if (rc) { 1156 id = NOID; 1157 /* We got to the end of a subtree. If there are any 1158 * alias scopes left, search them too. 1159 */ 1160 while (iscopes[0] && cscope < iscopes[0]) { 1161 cscope++; 1162 isc.id = iscopes[cscope]; 1163 if ( base ) 1164 mdb_entry_return( op, base ); 1165 rs->sr_err = mdb_id2entry(op, mci, isc.id, &base); 1166 if ( !rs->sr_err ) { 1167 mdb_id2name( op, ltid, &isc.mc, isc.id, &base->e_name, &base->e_nname ); 1168 isc.numrdns = 0; 1169 if (isc.oscope == LDAP_SCOPE_ONELEVEL) 1170 isc.oscope = LDAP_SCOPE_BASE; 1171 rc = mdb_dn2id_walk( op, &isc ); 1172 if ( !rc ) { 1173 id = isc.id; 1174 break; 1175 } 1176 } 1177 } 1178 } else 1179 id = isc.id; 1180 } else { 1181 id = mdb_idl_next( candidates, &cursor ); 1182 } 1183 } 1184 1185 nochange: 1186 rs->sr_ctrls = NULL; 1187 rs->sr_ref = rs->sr_v2ref; 1188 rs->sr_err = (rs->sr_v2ref == NULL) ? LDAP_SUCCESS : LDAP_REFERRAL; 1189 rs->sr_rspoid = NULL; 1190 if ( get_pagedresults(op) > SLAP_CONTROL_IGNORED ) { 1191 send_paged_response( op, rs, NULL, 0 ); 1192 } else { 1193 send_ldap_result( op, rs ); 1194 } 1195 1196 rs->sr_err = LDAP_SUCCESS; 1197 1198 done: 1199 if ( cb.sc_private ) { 1200 /* remove our writewait callback */ 1201 slap_callback **scp = &op->o_callback; 1202 while ( *scp ) { 1203 if ( *scp == &cb ) { 1204 *scp = cb.sc_next; 1205 cb.sc_private = NULL; 1206 break; 1207 } 1208 } 1209 } 1210 mdb_cursor_close( mcd ); 1211 mdb_cursor_close( mci ); 1212 if ( moi == &opinfo ) { 1213 mdb_txn_reset( moi->moi_txn ); 1214 LDAP_SLIST_REMOVE( &op->o_extra, &moi->moi_oe, OpExtra, oe_next ); 1215 } else { 1216 moi->moi_ref--; 1217 } 1218 if( rs->sr_v2ref ) { 1219 ber_bvarray_free( rs->sr_v2ref ); 1220 rs->sr_v2ref = NULL; 1221 } 1222 if (base) 1223 mdb_entry_return( op, base ); 1224 scope_chunk_ret( op, scopes ); 1225 1226 return rs->sr_err; 1227 } 1228 1229 1230 static int base_candidate( 1231 BackendDB *be, 1232 Entry *e, 1233 ID *ids ) 1234 { 1235 Debug(LDAP_DEBUG_ARGS, "base_candidates: base: \"%s\" (0x%08lx)\n", 1236 e->e_nname.bv_val, (long) e->e_id, 0); 1237 1238 ids[0] = 1; 1239 ids[1] = e->e_id; 1240 return 0; 1241 } 1242 1243 /* Look for "objectClass Present" in this filter. 1244 * Also count depth of filter tree while we're at it. 1245 */ 1246 static int oc_filter( 1247 Filter *f, 1248 int cur, 1249 int *max ) 1250 { 1251 int rc = 0; 1252 1253 assert( f != NULL ); 1254 1255 if( cur > *max ) *max = cur; 1256 1257 switch( f->f_choice ) { 1258 case LDAP_FILTER_PRESENT: 1259 if (f->f_desc == slap_schema.si_ad_objectClass) { 1260 rc = 1; 1261 } 1262 break; 1263 1264 case LDAP_FILTER_AND: 1265 case LDAP_FILTER_OR: 1266 cur++; 1267 for ( f=f->f_and; f; f=f->f_next ) { 1268 (void) oc_filter(f, cur, max); 1269 } 1270 break; 1271 1272 default: 1273 break; 1274 } 1275 return rc; 1276 } 1277 1278 static void search_stack_free( void *key, void *data ) 1279 { 1280 ber_memfree_x(data, NULL); 1281 } 1282 1283 static void *search_stack( Operation *op ) 1284 { 1285 struct mdb_info *mdb = (struct mdb_info *) op->o_bd->be_private; 1286 void *ret = NULL; 1287 1288 if ( op->o_threadctx ) { 1289 ldap_pvt_thread_pool_getkey( op->o_threadctx, (void *)search_stack, 1290 &ret, NULL ); 1291 } else { 1292 ret = mdb->mi_search_stack; 1293 } 1294 1295 if ( !ret ) { 1296 ret = ch_malloc( mdb->mi_search_stack_depth * MDB_IDL_UM_SIZE 1297 * sizeof( ID ) ); 1298 if ( op->o_threadctx ) { 1299 ldap_pvt_thread_pool_setkey( op->o_threadctx, (void *)search_stack, 1300 ret, search_stack_free, NULL, NULL ); 1301 } else { 1302 mdb->mi_search_stack = ret; 1303 } 1304 } 1305 return ret; 1306 } 1307 1308 static int search_candidates( 1309 Operation *op, 1310 SlapReply *rs, 1311 Entry *e, 1312 IdScopes *isc, 1313 MDB_cursor *mci, 1314 ID *ids, 1315 ID *stack ) 1316 { 1317 struct mdb_info *mdb = (struct mdb_info *) op->o_bd->be_private; 1318 int rc, depth = 1; 1319 Filter *f, rf, xf, nf, sf; 1320 AttributeAssertion aa_ref = ATTRIBUTEASSERTION_INIT; 1321 AttributeAssertion aa_subentry = ATTRIBUTEASSERTION_INIT; 1322 1323 /* 1324 * This routine takes as input a filter (user-filter) 1325 * and rewrites it as follows: 1326 * (&(scope=DN)[(objectClass=subentry)] 1327 * (|[(objectClass=referral)](user-filter)) 1328 */ 1329 1330 Debug(LDAP_DEBUG_TRACE, 1331 "search_candidates: base=\"%s\" (0x%08lx) scope=%d\n", 1332 e->e_nname.bv_val, (long) e->e_id, op->oq_search.rs_scope ); 1333 1334 f = op->oq_search.rs_filter; 1335 1336 /* If the user's filter uses objectClass=*, 1337 * these clauses are redundant. 1338 */ 1339 if (!oc_filter(op->oq_search.rs_filter, 1, &depth) 1340 && !get_subentries_visibility(op)) { 1341 if( !get_manageDSAit(op) && !get_domainScope(op) ) { 1342 /* match referral objects */ 1343 struct berval bv_ref = BER_BVC( "referral" ); 1344 rf.f_choice = LDAP_FILTER_EQUALITY; 1345 rf.f_ava = &aa_ref; 1346 rf.f_av_desc = slap_schema.si_ad_objectClass; 1347 rf.f_av_value = bv_ref; 1348 rf.f_next = f; 1349 xf.f_or = &rf; 1350 xf.f_choice = LDAP_FILTER_OR; 1351 xf.f_next = NULL; 1352 f = &xf; 1353 depth++; 1354 } 1355 } 1356 1357 if( get_subentries_visibility( op ) ) { 1358 struct berval bv_subentry = BER_BVC( "subentry" ); 1359 sf.f_choice = LDAP_FILTER_EQUALITY; 1360 sf.f_ava = &aa_subentry; 1361 sf.f_av_desc = slap_schema.si_ad_objectClass; 1362 sf.f_av_value = bv_subentry; 1363 sf.f_next = f; 1364 nf.f_choice = LDAP_FILTER_AND; 1365 nf.f_and = &sf; 1366 nf.f_next = NULL; 1367 f = &nf; 1368 depth++; 1369 } 1370 1371 /* Allocate IDL stack, plus 1 more for former tmp */ 1372 if ( depth+1 > mdb->mi_search_stack_depth ) { 1373 stack = ch_malloc( (depth + 1) * MDB_IDL_UM_SIZE * sizeof( ID ) ); 1374 } 1375 1376 if( op->ors_deref & LDAP_DEREF_SEARCHING ) { 1377 rc = search_aliases( op, rs, e->e_id, isc, mci, stack ); 1378 } else { 1379 rc = LDAP_SUCCESS; 1380 } 1381 1382 if ( rc == LDAP_SUCCESS ) { 1383 rc = mdb_filter_candidates( op, isc->mt, f, ids, 1384 stack, stack+MDB_IDL_UM_SIZE ); 1385 } 1386 1387 if ( depth+1 > mdb->mi_search_stack_depth ) { 1388 ch_free( stack ); 1389 } 1390 1391 if( rc ) { 1392 Debug(LDAP_DEBUG_TRACE, 1393 "mdb_search_candidates: failed (rc=%d)\n", 1394 rc, NULL, NULL ); 1395 1396 } else { 1397 Debug(LDAP_DEBUG_TRACE, 1398 "mdb_search_candidates: id=%ld first=%ld last=%ld\n", 1399 (long) ids[0], 1400 (long) MDB_IDL_FIRST(ids), 1401 (long) MDB_IDL_LAST(ids) ); 1402 } 1403 1404 return rc; 1405 } 1406 1407 static int 1408 parse_paged_cookie( Operation *op, SlapReply *rs ) 1409 { 1410 int rc = LDAP_SUCCESS; 1411 PagedResultsState *ps = op->o_pagedresults_state; 1412 1413 /* this function must be invoked only if the pagedResults 1414 * control has been detected, parsed and partially checked 1415 * by the frontend */ 1416 assert( get_pagedresults( op ) > SLAP_CONTROL_IGNORED ); 1417 1418 /* cookie decoding/checks deferred to backend... */ 1419 if ( ps->ps_cookieval.bv_len ) { 1420 PagedResultsCookie reqcookie; 1421 if( ps->ps_cookieval.bv_len != sizeof( reqcookie ) ) { 1422 /* bad cookie */ 1423 rs->sr_text = "paged results cookie is invalid"; 1424 rc = LDAP_PROTOCOL_ERROR; 1425 goto done; 1426 } 1427 1428 AC_MEMCPY( &reqcookie, ps->ps_cookieval.bv_val, sizeof( reqcookie )); 1429 1430 if ( reqcookie > ps->ps_cookie ) { 1431 /* bad cookie */ 1432 rs->sr_text = "paged results cookie is invalid"; 1433 rc = LDAP_PROTOCOL_ERROR; 1434 goto done; 1435 1436 } else if ( reqcookie < ps->ps_cookie ) { 1437 rs->sr_text = "paged results cookie is invalid or old"; 1438 rc = LDAP_UNWILLING_TO_PERFORM; 1439 goto done; 1440 } 1441 1442 } else { 1443 /* we're going to use ps_cookie */ 1444 op->o_conn->c_pagedresults_state.ps_cookie = 0; 1445 } 1446 1447 done:; 1448 1449 return rc; 1450 } 1451 1452 static void 1453 send_paged_response( 1454 Operation *op, 1455 SlapReply *rs, 1456 ID *lastid, 1457 int tentries ) 1458 { 1459 LDAPControl *ctrls[2]; 1460 BerElementBuffer berbuf; 1461 BerElement *ber = (BerElement *)&berbuf; 1462 PagedResultsCookie respcookie; 1463 struct berval cookie; 1464 1465 Debug(LDAP_DEBUG_ARGS, 1466 "send_paged_response: lastid=0x%08lx nentries=%d\n", 1467 lastid ? *lastid : 0, rs->sr_nentries, NULL ); 1468 1469 ctrls[1] = NULL; 1470 1471 ber_init2( ber, NULL, LBER_USE_DER ); 1472 1473 if ( lastid ) { 1474 respcookie = ( PagedResultsCookie )(*lastid); 1475 cookie.bv_len = sizeof( respcookie ); 1476 cookie.bv_val = (char *)&respcookie; 1477 1478 } else { 1479 respcookie = ( PagedResultsCookie )0; 1480 BER_BVSTR( &cookie, "" ); 1481 } 1482 1483 op->o_conn->c_pagedresults_state.ps_cookie = respcookie; 1484 op->o_conn->c_pagedresults_state.ps_count = 1485 ((PagedResultsState *)op->o_pagedresults_state)->ps_count + 1486 rs->sr_nentries; 1487 1488 /* return size of 0 -- no estimate */ 1489 ber_printf( ber, "{iO}", 0, &cookie ); 1490 1491 ctrls[0] = op->o_tmpalloc( sizeof(LDAPControl), op->o_tmpmemctx ); 1492 if ( ber_flatten2( ber, &ctrls[0]->ldctl_value, 0 ) == -1 ) { 1493 goto done; 1494 } 1495 1496 ctrls[0]->ldctl_oid = LDAP_CONTROL_PAGEDRESULTS; 1497 ctrls[0]->ldctl_iscritical = 0; 1498 1499 slap_add_ctrls( op, rs, ctrls ); 1500 rs->sr_err = LDAP_SUCCESS; 1501 send_ldap_result( op, rs ); 1502 1503 done: 1504 (void) ber_free_buf( ber ); 1505 } 1506
Indexes created Tue Mar 24 00:24:13 UTC 2026