1 /* result.c - routines to send ldap results, errors, and referrals */
10 #include <ac/string.h>
12 #include <ac/unistd.h>
14 #include "ldap_defaults.h"
17 /* we need LBER internals */
18 #include "../../libraries/liblber/lber-int.h"
20 static char *v2ref( struct berval **ref )
25 if(ref == NULL) return NULL;
27 len = sizeof("Referral:");
28 v2 = ch_strdup("Referral:");
30 for( i=0; ref[i] != NULL; i++ ) {
31 v2 = ch_realloc( v2, len + ref[i]->bv_len + 1 );
33 memcpy(&v2[len], ref[i]->bv_val, ref[i]->bv_len );
34 len += ref[i]->bv_len;
41 static ber_tag_t req2res( ber_tag_t tag )
46 case LDAP_REQ_COMPARE:
47 case LDAP_REQ_EXTENDED:
54 tag = LDAP_RES_DELETE;
57 case LDAP_REQ_ABANDON:
63 tag = LDAP_RES_SEARCH_RESULT;
73 static void trim_refs_urls(
74 struct berval **refs )
78 if( refs == NULL ) return;
80 for( i=0; refs[i] != NULL; i++ ) {
81 if( refs[i]->bv_len > sizeof("ldap://") &&
82 strncasecmp( refs[i]->bv_val, "ldap://",
83 sizeof("ldap://")-1 ) == 0 )
86 for( j=sizeof("ldap://"); j<refs[i]->bv_len ; j++ ) {
87 if( refs[i]->bv_val[j] = '/' ) {
88 refs[i]->bv_val[j] = '\0';
97 struct berval **get_entry_referrals(
104 struct berval **refs;
107 attr = attr_find( e->e_attrs, "ref" );
109 if( attr == NULL ) return NULL;
111 for( i=0; attr->a_vals[i] != NULL; i++ ) {
112 /* count references */
115 if( i < 1 ) return NULL;
117 refs = ch_malloc( i + 1 );
119 for( i=0, j=0; attr->a_vals[i] != NULL; i++ ) {
121 struct berval *ref = ber_bvdup( attr->a_vals[i] );
124 for( k=0; k<ref->bv_len; k++ ) {
125 if( isspace(ref->bv_val[k]) ) {
126 ref->bv_val[k] = '\0';
132 if( ref->bv_len > 0 ) {
143 ber_bvecfree( refs );
147 /* we should check that a referral value exists... */
152 static long send_ldap_ber(
156 ber_len_t bytes = ber_pvt_ber_bytes( ber );
158 /* write only one pdu at a time - wait til it's our turn */
159 ldap_pvt_thread_mutex_lock( &conn->c_write_mutex );
161 /* lock the connection */
162 ldap_pvt_thread_mutex_lock( &conn->c_mutex );
168 if ( connection_state_closing( conn ) ) {
169 ldap_pvt_thread_mutex_unlock( &conn->c_mutex );
170 ldap_pvt_thread_mutex_unlock( &conn->c_write_mutex );
174 if ( ber_flush( conn->c_sb, ber, 1 ) == 0 ) {
181 * we got an error. if it's ewouldblock, we need to
182 * wait on the socket being writable. otherwise, figure
183 * it's a hard error and return.
186 Debug( LDAP_DEBUG_CONNS, "ber_flush failed errno %d msg (%s)\n",
187 err, err > -1 && err < sys_nerr ? sys_errlist[err]
190 if ( err != EWOULDBLOCK && err != EAGAIN ) {
191 connection_closing( conn );
193 ldap_pvt_thread_mutex_unlock( &conn->c_mutex );
194 ldap_pvt_thread_mutex_unlock( &conn->c_write_mutex );
198 /* wait for socket to be write-ready */
199 conn->c_writewaiter = 1;
200 slapd_set_write( ber_pvt_sb_get_desc( conn->c_sb ), 1 );
202 ldap_pvt_thread_cond_wait( &conn->c_write_cv, &conn->c_mutex );
203 conn->c_writewaiter = 0;
206 ldap_pvt_thread_mutex_unlock( &conn->c_mutex );
207 ldap_pvt_thread_mutex_unlock( &conn->c_write_mutex );
223 struct berval *resdata,
231 assert( ctrls == NULL ); /* ctrls not implemented */
233 ber = ber_alloc_t( LBER_USE_DER );
235 Debug( LDAP_DEBUG_TRACE, "send_ldap_response: tag=%ld msgid=%ld err=%ld\n",
236 (long) tag, (long) msgid, (long) err );
239 Debug( LDAP_DEBUG_ANY, "ber_alloc failed\n", 0, 0, 0 );
243 #ifdef LDAP_CONNECTIONLESS
245 rc = ber_printf( ber, "{is{t{ess}}}", msgid, "", tag,
246 err, matched ? matched : "", text ? text : "" );
250 rc = ber_printf( ber, "{it{ess",
252 matched == NULL ? "" : matched,
253 text == NULL ? "" : text );
255 if( rc != -1 && ref != NULL ) {
256 rc = ber_printf( ber, "{V}", ref );
259 if( rc != -1 && resoid != NULL ) {
260 rc = ber_printf( ber, "s", resoid );
263 if( rc != -1 && resdata != NULL ) {
264 rc = ber_printf( ber, "O", resdata );
269 rc = ber_printf( ber, "}}" );
274 Debug( LDAP_DEBUG_ANY, "ber_printf failed\n", 0, 0, 0 );
279 bytes = send_ldap_ber( conn, ber );
282 Debug( LDAP_DEBUG_ANY,
283 "send_ldap_response: ber write failed\n",
288 ldap_pvt_thread_mutex_lock( &num_sent_mutex );
289 num_bytes_sent += bytes;
291 ldap_pvt_thread_mutex_unlock( &num_sent_mutex );
297 send_ldap_disconnect(
308 #define LDAP_UNSOLICITED_ERROR(e) \
309 ( (e) == LDAP_PROTOCOL_ERROR \
310 || (e) == LDAP_STRONG_AUTH_REQUIRED \
311 || (e) == LDAP_UNAVAILABLE )
313 assert( LDAP_UNSOLICITED_ERROR( err ) );
315 Debug( LDAP_DEBUG_TRACE,
316 "send_ldap_disconnect %d:%s\n",
317 err, text ? text : "", NULL );
319 if ( op->o_protocol < LDAP_VERSION3 ) {
321 tag = req2res( op->o_tag );
322 msgid = (tag != LBER_SEQUENCE) ? op->o_msgid : 0;
325 reqoid = LDAP_NOTICE_DISCONNECT;
326 tag = LDAP_RES_EXTENDED;
330 #ifdef LDAP_CONNECTIONLESS
332 ber_pvt_sb_udp_set_dst( conn->c_sb, &op->o_clientaddr );
333 Debug( LDAP_DEBUG_TRACE, "UDP response to %s port %d\n",
334 inet_ntoa(((struct sockaddr_in *)
335 &op->o_clientaddr)->sin_addr ),
336 ((struct sockaddr_in *) &op->o_clientaddr)->sin_port,
340 send_ldap_response( conn, op, tag, msgid,
341 err, NULL, text, NULL,
342 reqoid, NULL, NULL );
344 Statslog( LDAP_DEBUG_STATS,
345 "conn=%ld op=%ld DISCONNECT err=%ld tag=%lu text=%s\n",
346 (long) op->o_connid, (long) op->o_opid,
347 (long) tag, (long) err, text );
365 assert( !LDAP_API_ERROR( err ) );
367 Debug( LDAP_DEBUG_TRACE, "send_ldap_result: conn=%ld op=%ld p=%d\n",
368 (long) op->o_connid, (long) op->o_opid, op->o_protocol );
369 Debug( LDAP_DEBUG_ARGS, "send_ldap_result: %d:%s:%s\n",
370 err, matched ? matched : "", text ? text : "" );
372 assert( err != LDAP_PARTIAL_RESULTS );
374 if( op->o_tag != LDAP_REQ_SEARCH ) {
375 trim_refs_urls( ref );
378 if ( err == LDAP_REFERRAL ) {
380 err = LDAP_NO_SUCH_OBJECT;
381 } else if ( op->o_protocol < LDAP_VERSION3 ) {
382 err = LDAP_PARTIAL_RESULTS;
383 tmp = text = v2ref( ref );
388 tag = req2res( op->o_tag );
389 msgid = (tag != LBER_SEQUENCE) ? op->o_msgid : 0;
391 #ifdef LDAP_CONNECTIONLESS
393 ber_pvt_sb_udp_set_dst( conn->c_sb, &op->o_clientaddr );
394 Debug( LDAP_DEBUG_TRACE, "UDP response to %s port %d\n",
395 inet_ntoa(((struct sockaddr_in *)
396 &op->o_clientaddr)->sin_addr ),
397 ((struct sockaddr_in *) &op->o_clientaddr)->sin_port,
402 send_ldap_response( conn, op, tag, msgid,
403 err, matched, text, ref,
406 Statslog( LDAP_DEBUG_STATS,
407 "conn=%ld op=%ld RESULT err=%ld tag=%lu text=%s\n",
408 (long) op->o_connid, (long) op->o_opid,
409 (long) err, (long) tag, text );
424 struct berval **refs,
432 assert( !LDAP_API_ERROR( err ) );
434 Debug( LDAP_DEBUG_TRACE, "send_ldap_search_result %d:%s:%s\n",
435 err, matched ? matched : "", text ? text : "" );
437 assert( err != LDAP_PARTIAL_RESULTS );
439 trim_refs_urls( refs );
441 if( op->o_protocol < LDAP_VERSION3 ) {
442 /* send references in search results */
443 if( err == LDAP_REFERRAL ) {
444 err = LDAP_PARTIAL_RESULTS;
447 tmp = text = v2ref( refs );
451 /* don't send references in search results */
452 assert( refs == NULL );
455 if( err == LDAP_REFERRAL ) {
460 tag = req2res( op->o_tag );
461 msgid = (tag != LBER_SEQUENCE) ? op->o_msgid : 0;
463 #ifdef LDAP_CONNECTIONLESS
465 ber_pvt_sb_udp_set_dst( &conn->c_sb, &op->o_clientaddr );
466 Debug( LDAP_DEBUG_TRACE, "UDP response to %s port %d\n",
467 inet_ntoa(((struct sockaddr_in *)
468 &op->o_clientaddr)->sin_addr ),
469 ((struct sockaddr_in *) &op->o_clientaddr)->sin_port,
474 send_ldap_response( conn, op, tag, msgid,
475 err, matched, text, refs,
478 Statslog( LDAP_DEBUG_STATS,
479 "conn=%ld op=%ld SEARCH RESULT err=%ld tag=%lu text=%s\n",
480 (long) op->o_connid, (long) op->o_opid,
481 (long) err, (long) tag, text );
505 Debug( LDAP_DEBUG_TRACE, "=> send_search_entry: \"%s\"\n", e->e_dn, 0, 0 );
507 if ( ! access_allowed( be, conn, op, e,
508 "entry", NULL, ACL_READ ) )
510 Debug( LDAP_DEBUG_ACL, "acl: access to entry not allowed\n",
517 ber = ber_alloc_t( LBER_USE_DER );
520 Debug( LDAP_DEBUG_ANY, "ber_alloc failed\n", 0, 0, 0 );
521 send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR,
522 NULL, "allocating BER error", NULL, NULL );
526 rc = ber_printf( ber, "{it{s{", op->o_msgid,
527 LDAP_RES_SEARCH_ENTRY, e->e_dn );
530 Debug( LDAP_DEBUG_ANY, "ber_printf failed\n", 0, 0, 0 );
532 send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR,
533 NULL, "encoding dn error", NULL, NULL );
537 /* check for special all user attributes ("*") type */
538 userattrs = ( attrs == NULL ) ? 1
539 : charray_inlist( attrs, LDAP_ALL_USER_ATTRIBUTES );
541 /* check for special all operational attributes ("+") type */
542 opattrs = ( attrs == NULL ) ? 0
543 : charray_inlist( attrs, LDAP_ALL_OPERATIONAL_ATTRIBUTES );
545 for ( a = e->e_attrs; a != NULL; a = a->a_next ) {
546 regmatch_t matches[MAXREMATCHES];
548 if ( attrs == NULL ) {
549 /* all addrs request, skip operational attributes */
550 if( !opattrs && oc_check_operational_attr( a->a_type ) ) {
555 /* specific addrs requested */
556 if ( oc_check_operational_attr( a->a_type ) ) {
557 if( !opattrs && !charray_inlist( attrs, a->a_type ) )
562 if (!userattrs && !charray_inlist( attrs, a->a_type ) )
569 acl = acl_get_applicable( be, op, e, a->a_type,
570 MAXREMATCHES, matches );
572 if ( ! acl_access_allowed( acl, be, conn, e,
573 NULL, op, ACL_READ, edn, matches ) )
578 if (( rc = ber_printf( ber, "{s[" /*]}*/ , a->a_type )) == -1 ) {
579 Debug( LDAP_DEBUG_ANY, "ber_printf failed\n", 0, 0, 0 );
581 send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR,
582 NULL, "encoding type error", NULL, NULL );
587 for ( i = 0; a->a_vals[i] != NULL; i++ ) {
588 if ( a->a_syntax & SYNTAX_DN &&
589 ! acl_access_allowed( acl, be, conn, e, a->a_vals[i], op,
590 ACL_READ, edn, matches) )
595 if (( rc = ber_printf( ber, "O", a->a_vals[i] )) == -1 ) {
596 Debug( LDAP_DEBUG_ANY,
597 "ber_printf failed\n", 0, 0, 0 );
599 send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR,
600 NULL, "encoding value error", NULL, NULL );
606 if (( rc = ber_printf( ber, /*{[*/ "]}" )) == -1 ) {
607 Debug( LDAP_DEBUG_ANY, "ber_printf failed\n", 0, 0, 0 );
609 send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR,
610 NULL, "encode end error", NULL, NULL );
615 #ifdef SLAPD_SCHEMA_DN
616 /* eventually will loop through generated operational attributes */
617 /* only have subschemaSubentry implemented */
618 a = backend_subschemasubentry( be );
621 regmatch_t matches[MAXREMATCHES];
623 if ( attrs == NULL ) {
624 /* all addrs request, skip operational attributes */
625 if( !opattrs && oc_check_operational_attr( a->a_type ) ) {
630 /* specific addrs requested */
631 if ( oc_check_operational_attr( a->a_type ) ) {
632 if( !opattrs && !charray_inlist( attrs, a->a_type ) )
637 if (!userattrs && !charray_inlist( attrs, a->a_type ) )
644 acl = acl_get_applicable( be, op, e, a->a_type,
645 MAXREMATCHES, matches );
647 if ( ! acl_access_allowed( acl, be, conn, e,
648 NULL, op, ACL_READ, edn, matches ) )
653 if (( rc = ber_printf( ber, "{s[" /*]}*/ , a->a_type )) == -1 ) {
654 Debug( LDAP_DEBUG_ANY, "ber_printf failed\n", 0, 0, 0 );
656 send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR,
657 NULL, "encoding type error", NULL, NULL );
662 for ( i = 0; a->a_vals[i] != NULL; i++ ) {
663 if ( a->a_syntax & SYNTAX_DN &&
664 ! acl_access_allowed( acl, be, conn, e, a->a_vals[i], op,
665 ACL_READ, edn, matches) )
670 if (( rc = ber_printf( ber, "O", a->a_vals[i] )) == -1 ) {
671 Debug( LDAP_DEBUG_ANY,
672 "ber_printf failed\n", 0, 0, 0 );
674 send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR,
675 NULL, "encoding value error", NULL, NULL );
681 if (( rc = ber_printf( ber, /*{[*/ "]}" )) == -1 ) {
682 Debug( LDAP_DEBUG_ANY, "ber_printf failed\n", 0, 0, 0 );
684 send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR,
685 NULL, "encode end error", NULL, NULL );
691 rc = ber_printf( ber, /*{{{*/ "}}}" );
694 Debug( LDAP_DEBUG_ANY, "ber_printf failed\n", 0, 0, 0 );
696 send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR,
697 NULL, "encode entry end error", NULL, NULL );
701 bytes = send_ldap_ber( conn, ber );
704 Debug( LDAP_DEBUG_ANY,
705 "send_ldap_response: ber write failed\n",
710 ldap_pvt_thread_mutex_lock( &num_sent_mutex );
711 num_bytes_sent += bytes;
714 ldap_pvt_thread_mutex_unlock( &num_sent_mutex );
716 Statslog( LDAP_DEBUG_STATS2, "conn=%ld op=%ld ENTRY dn=\"%s\"\n",
717 (long) conn->c_connid, (long) op->o_opid, e->e_dn, 0, 0 );
719 Debug( LDAP_DEBUG_TRACE, "<= send_search_entry\n", 0, 0, 0 );
728 send_search_reference(
733 struct berval **refs,
736 struct berval ***v2refs
743 Debug( LDAP_DEBUG_TRACE, "=> send_search_reference (%s)\n", e->e_dn, 0, 0 );
745 if ( ! access_allowed( be, conn, op, e,
746 "entry", NULL, ACL_READ ) )
748 Debug( LDAP_DEBUG_ACL,
749 "send_search_reference: access to entry not allowed\n",
754 if ( ! access_allowed( be, conn, op, e,
755 "ref", NULL, ACL_READ ) )
757 Debug( LDAP_DEBUG_ACL,
758 "send_search_reference: access to reference not allowed\n",
764 Debug( LDAP_DEBUG_ANY,
765 "send_search_reference: null ref in (%s)\n",
770 if( op->o_protocol < LDAP_VERSION3 ) {
771 /* save the references for the result */
772 if( *refs == NULL ) {
773 value_add( v2refs, refs );
778 ber = ber_alloc_t( LBER_USE_DER );
781 Debug( LDAP_DEBUG_ANY,
782 "send_search_reference: ber_alloc failed\n", 0, 0, 0 );
783 send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR,
784 NULL, "alloc BER error", NULL, NULL );
788 rc = ber_printf( ber, "{it{V}}", op->o_msgid,
789 LDAP_RES_SEARCH_REFERENCE, refs );
792 Debug( LDAP_DEBUG_ANY,
793 "send_search_reference: ber_printf failed\n", 0, 0, 0 );
795 send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR,
796 NULL, "encode dn error", NULL, NULL );
800 bytes = send_ldap_ber( conn, ber );
802 ldap_pvt_thread_mutex_lock( &num_sent_mutex );
803 num_bytes_sent += bytes;
806 ldap_pvt_thread_mutex_unlock( &num_sent_mutex );
808 Statslog( LDAP_DEBUG_STATS2, "conn=%ld op=%ld ENTRY dn=\"%s\"\n",
809 (long) conn->c_connid, (long) op->o_opid, e->e_dn, 0, 0 );
811 Debug( LDAP_DEBUG_TRACE, "<= send_search_reference\n", 0, 0, 0 );
828 *code = LDAP_SUCCESS;
832 if ( strncasecmp( s, "RESULT", 6 ) != 0 ) {
833 Debug( LDAP_DEBUG_ANY, "str2result (%s) expecting \"RESULT\"\n",
840 while ( (s = strchr( s, '\n' )) != NULL ) {
845 if ( (c = strchr( s, ':' )) != NULL ) {
849 if ( strncasecmp( s, "code", 4 ) == 0 ) {
853 } else if ( strncasecmp( s, "matched", 7 ) == 0 ) {
857 } else if ( strncasecmp( s, "info", 4 ) == 0 ) {
862 Debug( LDAP_DEBUG_ANY, "str2result (%s) unknown\n",
projects / openldap / blob