1 /* result.c - routines to send ldap results, errors, and referrals */
4 * Copyright 1998-1999 The OpenLDAP Foundation, All Rights Reserved.
5 * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
12 #include <ac/socket.h>
14 #include <ac/signal.h>
15 #include <ac/string.h>
18 #include <ac/unistd.h>
22 /* we need LBER internals */
23 #include "../../libraries/liblber/lber-int.h"
25 static char *v2ref( struct berval **ref, const char *text )
27 size_t len = 0, i = 0;
33 return ch_strdup(text);
40 if (text[len-1] != '\n')
43 v2 = ch_malloc( len+i+sizeof("Referral:") );
49 strcpy( v2+len, "Referral:" );
50 len += sizeof("Referral:");
52 for( i=0; ref[i] != NULL; i++ ) {
53 v2 = ch_realloc( v2, len + ref[i]->bv_len + 1 );
55 memcpy(&v2[len], ref[i]->bv_val, ref[i]->bv_len );
56 len += ref[i]->bv_len;
57 if (ref[i]->bv_val[ref[i]->bv_len-1] != '/')
65 static ber_tag_t req2res( ber_tag_t tag )
70 case LDAP_REQ_COMPARE:
71 case LDAP_REQ_EXTENDED:
78 tag = LDAP_RES_DELETE;
81 case LDAP_REQ_ABANDON:
87 tag = LDAP_RES_SEARCH_RESULT;
97 static void trim_refs_urls(
98 struct berval **refs )
102 if( refs == NULL ) return;
104 for( i=0; refs[i] != NULL; i++ ) {
105 if( refs[i]->bv_len > sizeof("ldap://")-1 &&
106 strncasecmp( refs[i]->bv_val, "ldap://",
107 sizeof("ldap://")-1 ) == 0 )
110 for( j=sizeof("ldap://")-1; j<refs[i]->bv_len ; j++ ) {
111 if( refs[i]->bv_val[j] == '/' ) {
112 refs[i]->bv_val[j] = '\0';
121 struct berval **get_entry_referrals(
128 struct berval **refs;
131 attr = attr_find( e->e_attrs, "ref" );
133 if( attr == NULL ) return NULL;
135 for( i=0; attr->a_vals[i] != NULL; i++ ) {
136 /* count references */
139 if( i < 1 ) return NULL;
141 refs = ch_malloc( i + 1 );
143 for( i=0, j=0; attr->a_vals[i] != NULL; i++ ) {
145 struct berval *ref = ber_bvdup( attr->a_vals[i] );
148 for( k=0; k<ref->bv_len; k++ ) {
149 if( isspace(ref->bv_val[k]) ) {
150 ref->bv_val[k] = '\0';
156 if( ref->bv_len > 0 ) {
167 ber_bvecfree( refs );
171 /* we should check that a referral value exists... */
176 static long send_ldap_ber(
182 ber_get_option( ber, LBER_OPT_BER_BYTES_TO_WRITE, &bytes );
184 /* write only one pdu at a time - wait til it's our turn */
185 ldap_pvt_thread_mutex_lock( &conn->c_write_mutex );
187 /* lock the connection */
188 ldap_pvt_thread_mutex_lock( &conn->c_mutex );
194 if ( connection_state_closing( conn ) ) {
195 ldap_pvt_thread_mutex_unlock( &conn->c_mutex );
196 ldap_pvt_thread_mutex_unlock( &conn->c_write_mutex );
201 if ( ber_flush( conn->c_sb, ber, 0 ) == 0 ) {
208 * we got an error. if it's ewouldblock, we need to
209 * wait on the socket being writable. otherwise, figure
210 * it's a hard error and return.
213 Debug( LDAP_DEBUG_CONNS, "ber_flush failed errno=%d reason=\"%s\"\n",
214 err, STRERROR(err), 0 );
216 if ( err != EWOULDBLOCK && err != EAGAIN ) {
217 connection_closing( conn );
219 ldap_pvt_thread_mutex_unlock( &conn->c_mutex );
220 ldap_pvt_thread_mutex_unlock( &conn->c_write_mutex );
225 /* wait for socket to be write-ready */
226 conn->c_writewaiter = 1;
227 slapd_set_write( ber_pvt_sb_get_desc( conn->c_sb ), 1 );
229 ldap_pvt_thread_cond_wait( &conn->c_write_cv, &conn->c_mutex );
230 conn->c_writewaiter = 0;
233 ldap_pvt_thread_mutex_unlock( &conn->c_mutex );
234 ldap_pvt_thread_mutex_unlock( &conn->c_write_mutex );
250 struct berval *resdata,
251 struct berval *sasldata,
259 assert( ctrls == NULL ); /* ctrls not implemented */
261 ber = ber_alloc_t( LBER_USE_DER );
263 Debug( LDAP_DEBUG_TRACE, "send_ldap_response: msgid=%ld tag=%ld err=%ld\n",
264 (long) msgid, (long) tag, (long) err );
267 Debug( LDAP_DEBUG_ANY, "ber_alloc failed\n", 0, 0, 0 );
271 #ifdef LDAP_CONNECTIONLESS
273 rc = ber_printf( ber, "{is{t{ess}}}", msgid, "", tag,
274 err, matched ? matched : "", text ? text : "" );
278 rc = ber_printf( ber, "{it{ess",
280 matched == NULL ? "" : matched,
281 text == NULL ? "" : text );
283 if( rc != -1 && ref != NULL ) {
284 rc = ber_printf( ber, "{V}", ref );
287 if( rc != -1 && sasldata != NULL ) {
288 rc = ber_printf( ber, "tO",
289 LDAP_TAG_SASL_RES_CREDS, sasldata );
292 if( rc != -1 && resoid != NULL ) {
293 rc = ber_printf( ber, "ts",
294 LDAP_TAG_EXOP_RES_OID, resoid );
297 if( rc != -1 && resdata != NULL ) {
298 rc = ber_printf( ber, "tO",
299 LDAP_TAG_EXOP_RES_VALUE, resdata );
303 rc = ber_printf( ber, "}}" );
308 Debug( LDAP_DEBUG_ANY, "ber_printf failed\n", 0, 0, 0 );
314 bytes = send_ldap_ber( conn, ber );
318 Debug( LDAP_DEBUG_ANY,
319 "send_ldap_response: ber write failed\n",
324 ldap_pvt_thread_mutex_lock( &num_sent_mutex );
325 num_bytes_sent += bytes;
327 ldap_pvt_thread_mutex_unlock( &num_sent_mutex );
333 send_ldap_disconnect(
344 #define LDAP_UNSOLICITED_ERROR(e) \
345 ( (e) == LDAP_PROTOCOL_ERROR \
346 || (e) == LDAP_STRONG_AUTH_REQUIRED \
347 || (e) == LDAP_UNAVAILABLE )
349 assert( LDAP_UNSOLICITED_ERROR( err ) );
351 Debug( LDAP_DEBUG_TRACE,
352 "send_ldap_disconnect %d:%s\n",
353 err, text ? text : "", NULL );
355 if ( op->o_protocol < LDAP_VERSION3 ) {
357 tag = req2res( op->o_tag );
358 msgid = (tag != LBER_SEQUENCE) ? op->o_msgid : 0;
361 reqoid = LDAP_NOTICE_DISCONNECT;
362 tag = LDAP_RES_EXTENDED;
366 #ifdef LDAP_CONNECTIONLESS
368 ber_pvt_sb_udp_set_dst( conn->c_sb, &op->o_clientaddr );
369 Debug( LDAP_DEBUG_TRACE, "UDP response to %s port %d\n",
370 inet_ntoa(((struct sockaddr_in *)
371 &op->o_clientaddr)->sin_addr ),
372 ((struct sockaddr_in *) &op->o_clientaddr)->sin_port,
377 send_ldap_response( conn, op, tag, msgid,
378 err, NULL, text, NULL,
379 reqoid, NULL, NULL, NULL );
381 Statslog( LDAP_DEBUG_STATS,
382 "conn=%ld op=%ld DISCONNECT err=%ld tag=%lu text=%s\n",
383 (long) op->o_connid, (long) op->o_opid,
384 (long) tag, (long) err, text ? text : "" );
402 assert( !LDAP_API_ERROR( err ) );
404 Debug( LDAP_DEBUG_TRACE, "send_ldap_result: conn=%ld op=%ld p=%d\n",
405 (long) op->o_connid, (long) op->o_opid, op->o_protocol );
406 Debug( LDAP_DEBUG_ARGS, "send_ldap_result: %d:%s:%s\n",
407 err, matched ? matched : "", text ? text : "" );
409 assert( err != LDAP_PARTIAL_RESULTS );
411 if( op->o_tag != LDAP_REQ_SEARCH ) {
412 trim_refs_urls( ref );
415 if ( err == LDAP_REFERRAL ) {
417 err = LDAP_NO_SUCH_OBJECT;
418 } else if ( op->o_protocol < LDAP_VERSION3 ) {
419 err = LDAP_PARTIAL_RESULTS;
423 if ( op->o_protocol < LDAP_VERSION3 ) {
424 tmp = v2ref( ref, text );
429 tag = req2res( op->o_tag );
430 msgid = (tag != LBER_SEQUENCE) ? op->o_msgid : 0;
432 #ifdef LDAP_CONNECTIONLESS
434 ber_pvt_sb_udp_set_dst( conn->c_sb, &op->o_clientaddr );
435 Debug( LDAP_DEBUG_TRACE, "UDP response to %s port %d\n",
436 inet_ntoa(((struct sockaddr_in *)
437 &op->o_clientaddr)->sin_addr ),
438 ((struct sockaddr_in *) &op->o_clientaddr)->sin_port,
443 send_ldap_response( conn, op, tag, msgid,
444 err, matched, text, ref,
445 NULL, NULL, NULL, ctrls );
447 Statslog( LDAP_DEBUG_STATS,
448 "conn=%ld op=%ld RESULT tag=%lu err=%ld text=%s\n",
449 (long) op->o_connid, (long) op->o_opid,
450 (long) tag, (long) err, text ? text : "" );
472 Debug( LDAP_DEBUG_TRACE, "send_ldap_sasl %ld\n",
473 (long) err, NULL, NULL );
475 tag = req2res( op->o_tag );
476 msgid = (tag != LBER_SEQUENCE) ? op->o_msgid : 0;
478 #ifdef LDAP_CONNECTIONLESS
480 ber_pvt_sb_udp_set_dst( conn->c_sb, &op->o_clientaddr );
481 Debug( LDAP_DEBUG_TRACE, "UDP response to %s port %d\n",
482 inet_ntoa(((struct sockaddr_in *)
483 &op->o_clientaddr)->sin_addr ),
484 ((struct sockaddr_in *) &op->o_clientaddr)->sin_port,
489 send_ldap_response( conn, op, tag, msgid,
490 err, matched, text, ref,
491 NULL, NULL, cred, ctrls );
501 struct berval **refs,
503 struct berval *rspdata,
510 Debug( LDAP_DEBUG_TRACE,
511 "send_ldap_extended %ld:%s (%ld)\n",
513 rspoid ? rspoid : "",
514 rspdata != NULL ? (long) rspdata->bv_len : (long) 0 );
516 tag = req2res( op->o_tag );
517 msgid = (tag != LBER_SEQUENCE) ? op->o_msgid : 0;
519 #ifdef LDAP_CONNECTIONLESS
521 ber_pvt_sb_udp_set_dst( conn->c_sb, &op->o_clientaddr );
522 Debug( LDAP_DEBUG_TRACE, "UDP response to %s port %d\n",
523 inet_ntoa(((struct sockaddr_in *)
524 &op->o_clientaddr)->sin_addr ),
525 ((struct sockaddr_in *) &op->o_clientaddr)->sin_port,
530 send_ldap_response( conn, op, tag, msgid,
531 err, matched, text, refs,
532 rspoid, rspdata, NULL, ctrls );
543 struct berval **refs,
551 assert( !LDAP_API_ERROR( err ) );
553 Debug( LDAP_DEBUG_TRACE, "send_ldap_search_result %d:%s:%s\n",
554 err, matched ? matched : "", text ? text : "" );
556 assert( err != LDAP_PARTIAL_RESULTS );
558 trim_refs_urls( refs );
560 if( op->o_protocol < LDAP_VERSION3 ) {
561 /* send references in search results */
562 if( err == LDAP_REFERRAL ) {
563 err = LDAP_PARTIAL_RESULTS;
566 tmp = v2ref( refs, text );
570 /* don't send references in search results */
571 assert( refs == NULL );
574 if( err == LDAP_REFERRAL ) {
579 tag = req2res( op->o_tag );
580 msgid = (tag != LBER_SEQUENCE) ? op->o_msgid : 0;
582 #ifdef LDAP_CONNECTIONLESS
584 ber_pvt_sb_udp_set_dst( conn->c_sb, &op->o_clientaddr );
585 Debug( LDAP_DEBUG_TRACE, "UDP response to %s port %d\n",
586 inet_ntoa(((struct sockaddr_in *)
587 &op->o_clientaddr)->sin_addr ),
588 ((struct sockaddr_in *) &op->o_clientaddr)->sin_port,
593 send_ldap_response( conn, op, tag, msgid,
594 err, matched, text, refs,
595 NULL, NULL, NULL, ctrls );
597 Statslog( LDAP_DEBUG_STATS,
598 "conn=%ld op=%ld SEARCH RESULT tag=%lu err=%ld text=%s\n",
599 (long) op->o_connid, (long) op->o_opid,
600 (long) tag, (long) err, text ? text : "" );
625 Debug( LDAP_DEBUG_TRACE, "=> send_search_entry: \"%s\"\n", e->e_dn, 0, 0 );
627 if ( ! access_allowed( be, conn, op, e,
628 "entry", NULL, ACL_READ ) )
630 Debug( LDAP_DEBUG_ACL, "acl: access to entry not allowed\n",
637 ber = ber_alloc_t( LBER_USE_DER );
640 Debug( LDAP_DEBUG_ANY, "ber_alloc failed\n", 0, 0, 0 );
641 send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR,
642 NULL, "allocating BER error", NULL, NULL );
646 rc = ber_printf( ber, "{it{s{", op->o_msgid,
647 LDAP_RES_SEARCH_ENTRY, e->e_dn );
650 Debug( LDAP_DEBUG_ANY, "ber_printf failed\n", 0, 0, 0 );
652 send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR,
653 NULL, "encoding dn error", NULL, NULL );
657 /* check for special all user attributes ("*") type */
658 userattrs = ( attrs == NULL ) ? 1
659 : charray_inlist( attrs, LDAP_ALL_USER_ATTRIBUTES );
661 /* check for special all operational attributes ("+") type */
662 opattrs = ( attrs == NULL ) ? 0
663 : charray_inlist( attrs, LDAP_ALL_OPERATIONAL_ATTRIBUTES );
665 for ( a = e->e_attrs; a != NULL; a = a->a_next ) {
667 #ifdef SLAPD_SCHEMA_NOT_COMPAT
668 desc = a->a_desc.ad_type->sat_cname;
673 if ( attrs == NULL ) {
674 /* all addrs request, skip operational attributes */
675 if( !opattrs && oc_check_op_attr( desc ) ) {
680 /* specific addrs requested */
681 if ( oc_check_op_attr( desc ) )
683 if( !opattrs && !charray_inlist( attrs, desc ) ) {
687 if (!userattrs && !charray_inlist( attrs, desc ) ) {
693 if ( ! access_allowed( be, conn, op, e, desc, NULL, ACL_READ ) ) {
694 Debug( LDAP_DEBUG_ACL, "acl: access to attribute %s not allowed\n",
699 if (( rc = ber_printf( ber, "{s[" /*]}*/ , desc )) == -1 ) {
700 Debug( LDAP_DEBUG_ANY, "ber_printf failed\n", 0, 0, 0 );
702 send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR,
703 NULL, "encoding type error", NULL, NULL );
708 for ( i = 0; a->a_vals[i] != NULL; i++ ) {
709 if ( ! access_allowed( be, conn, op, e,
710 desc, a->a_vals[i], ACL_READ ) )
712 Debug( LDAP_DEBUG_ACL,
713 "acl: access to attribute %s, value %d not allowed\n",
718 if (( rc = ber_printf( ber, "O", a->a_vals[i] )) == -1 ) {
719 Debug( LDAP_DEBUG_ANY,
720 "ber_printf failed\n", 0, 0, 0 );
722 send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR,
723 NULL, "encoding value error", NULL, NULL );
729 if (( rc = ber_printf( ber, /*{[*/ "]}" )) == -1 ) {
730 Debug( LDAP_DEBUG_ANY, "ber_printf failed\n", 0, 0, 0 );
732 send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR,
733 NULL, "encode end error", NULL, NULL );
738 /* eventually will loop through generated operational attributes */
739 /* only have subschemaSubentry implemented */
740 aa = backend_operational( be, e );
742 for (a = aa ; a == NULL; a = a->a_next ) {
744 #ifdef SLAPD_SCHEMA_NOT_COMPAT
745 desc = a->a_desc.ad_type->sat_cname;
750 if ( attrs == NULL ) {
751 /* all addrs request, skip operational attributes */
752 if( !opattrs && oc_check_op_attr( desc ) ) {
757 /* specific addrs requested */
758 if ( oc_check_op_attr( desc ) ) {
759 if( !opattrs && !charray_inlist( attrs, desc ) )
764 if (!userattrs && !charray_inlist( attrs, desc ) )
771 if ( ! access_allowed( be, conn, op, e, desc, NULL, ACL_READ ) ) {
772 Debug( LDAP_DEBUG_ACL, "acl: access to attribute %s not allowed\n",
777 if (( rc = ber_printf( ber, "{s[" /*]}*/ , desc )) == -1 ) {
778 Debug( LDAP_DEBUG_ANY, "ber_printf failed\n", 0, 0, 0 );
780 send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR,
781 NULL, "encoding type error", NULL, NULL );
786 for ( i = 0; a->a_vals[i] != NULL; i++ ) {
787 if ( ! access_allowed( be, conn, op, e,
788 desc, a->a_vals[i], ACL_READ ) )
790 Debug( LDAP_DEBUG_ACL,
791 "acl: access to attribute %s, value %d not allowed\n",
797 if (( rc = ber_printf( ber, "O", a->a_vals[i] )) == -1 ) {
798 Debug( LDAP_DEBUG_ANY,
799 "ber_printf failed\n", 0, 0, 0 );
801 send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR,
802 NULL, "encoding value error", NULL, NULL );
808 if (( rc = ber_printf( ber, /*{[*/ "]}" )) == -1 ) {
809 Debug( LDAP_DEBUG_ANY, "ber_printf failed\n", 0, 0, 0 );
811 send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR,
812 NULL, "encode end error", NULL, NULL );
819 rc = ber_printf( ber, /*{{{*/ "}}}" );
822 Debug( LDAP_DEBUG_ANY, "ber_printf failed\n", 0, 0, 0 );
824 send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR,
825 NULL, "encode entry end error", NULL, NULL );
829 bytes = send_ldap_ber( conn, ber );
833 Debug( LDAP_DEBUG_ANY,
834 "send_ldap_response: ber write failed\n",
839 ldap_pvt_thread_mutex_lock( &num_sent_mutex );
840 num_bytes_sent += bytes;
843 ldap_pvt_thread_mutex_unlock( &num_sent_mutex );
845 Statslog( LDAP_DEBUG_STATS2, "conn=%ld op=%ld ENTRY dn=\"%s\"\n",
846 (long) conn->c_connid, (long) op->o_opid, e->e_dn, 0, 0 );
848 Debug( LDAP_DEBUG_TRACE, "<= send_search_entry\n", 0, 0, 0 );
857 send_search_reference(
862 struct berval **refs,
865 struct berval ***v2refs
872 Debug( LDAP_DEBUG_TRACE, "=> send_search_reference (%s)\n", e->e_dn, 0, 0 );
874 if ( ! access_allowed( be, conn, op, e,
875 "entry", NULL, ACL_READ ) )
877 Debug( LDAP_DEBUG_ACL,
878 "send_search_reference: access to entry not allowed\n",
883 if ( ! access_allowed( be, conn, op, e,
884 "ref", NULL, ACL_READ ) )
886 Debug( LDAP_DEBUG_ACL,
887 "send_search_reference: access to reference not allowed\n",
893 Debug( LDAP_DEBUG_ANY,
894 "send_search_reference: null ref in (%s)\n",
899 if( op->o_protocol < LDAP_VERSION3 ) {
900 /* save the references for the result */
901 if( *refs != NULL ) {
902 value_add( v2refs, refs );
907 ber = ber_alloc_t( LBER_USE_DER );
910 Debug( LDAP_DEBUG_ANY,
911 "send_search_reference: ber_alloc failed\n", 0, 0, 0 );
912 send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR,
913 NULL, "alloc BER error", NULL, NULL );
917 rc = ber_printf( ber, "{it{V}}", op->o_msgid,
918 LDAP_RES_SEARCH_REFERENCE, refs );
921 Debug( LDAP_DEBUG_ANY,
922 "send_search_reference: ber_printf failed\n", 0, 0, 0 );
924 send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR,
925 NULL, "encode dn error", NULL, NULL );
929 bytes = send_ldap_ber( conn, ber );
932 ldap_pvt_thread_mutex_lock( &num_sent_mutex );
933 num_bytes_sent += bytes;
936 ldap_pvt_thread_mutex_unlock( &num_sent_mutex );
938 Statslog( LDAP_DEBUG_STATS2, "conn=%ld op=%ld ENTRY dn=\"%s\"\n",
939 (long) conn->c_connid, (long) op->o_opid, e->e_dn, 0, 0 );
941 Debug( LDAP_DEBUG_TRACE, "<= send_search_reference\n", 0, 0, 0 );
958 *code = LDAP_SUCCESS;
962 if ( strncasecmp( s, "RESULT", 6 ) != 0 ) {
963 Debug( LDAP_DEBUG_ANY, "str2result (%s) expecting \"RESULT\"\n",
970 while ( (s = strchr( s, '\n' )) != NULL ) {
975 if ( (c = strchr( s, ':' )) != NULL ) {
979 if ( strncasecmp( s, "code", 4 ) == 0 ) {
983 } else if ( strncasecmp( s, "matched", 7 ) == 0 ) {
987 } else if ( strncasecmp( s, "info", 4 ) == 0 ) {
992 Debug( LDAP_DEBUG_ANY, "str2result (%s) unknown\n",
projects / openldap / blob