1 /* result.c - routines to send ldap results, errors, and referrals */
10 #include <ac/signal.h>
11 #include <ac/string.h>
14 #include <ac/unistd.h>
18 /* we need LBER internals */
19 #include "../../libraries/liblber/lber-int.h"
21 static char *v2ref( struct berval **ref, const char *text )
23 size_t len = 0, i = 0;
29 return ch_strdup(text);
36 if (text[len-1] != '\n')
39 v2 = ch_malloc( len+i+sizeof("Referral:") );
45 strcpy( v2+len, "Referral:" );
46 len += sizeof("Referral:");
48 for( i=0; ref[i] != NULL; i++ ) {
49 v2 = ch_realloc( v2, len + ref[i]->bv_len + 1 );
51 memcpy(&v2[len], ref[i]->bv_val, ref[i]->bv_len );
52 len += ref[i]->bv_len + 1;
59 static ber_tag_t req2res( ber_tag_t tag )
64 case LDAP_REQ_COMPARE:
65 case LDAP_REQ_EXTENDED:
72 tag = LDAP_RES_DELETE;
75 case LDAP_REQ_ABANDON:
81 tag = LDAP_RES_SEARCH_RESULT;
91 static void trim_refs_urls(
92 struct berval **refs )
96 if( refs == NULL ) return;
98 for( i=0; refs[i] != NULL; i++ ) {
99 if( refs[i]->bv_len > sizeof("ldap://")-1 &&
100 strncasecmp( refs[i]->bv_val, "ldap://",
101 sizeof("ldap://")-1 ) == 0 )
104 for( j=sizeof("ldap://")-1; j<refs[i]->bv_len ; j++ ) {
105 if( refs[i]->bv_val[j] == '/' ) {
106 refs[i]->bv_val[j] = '\0';
115 struct berval **get_entry_referrals(
122 struct berval **refs;
125 attr = attr_find( e->e_attrs, "ref" );
127 if( attr == NULL ) return NULL;
129 for( i=0; attr->a_vals[i] != NULL; i++ ) {
130 /* count references */
133 if( i < 1 ) return NULL;
135 refs = ch_malloc( i + 1 );
137 for( i=0, j=0; attr->a_vals[i] != NULL; i++ ) {
139 struct berval *ref = ber_bvdup( attr->a_vals[i] );
142 for( k=0; k<ref->bv_len; k++ ) {
143 if( isspace(ref->bv_val[k]) ) {
144 ref->bv_val[k] = '\0';
150 if( ref->bv_len > 0 ) {
161 ber_bvecfree( refs );
165 /* we should check that a referral value exists... */
170 static long send_ldap_ber(
176 ber_get_option( ber, LBER_OPT_BER_BYTES_TO_WRITE, &bytes );
178 /* write only one pdu at a time - wait til it's our turn */
179 ldap_pvt_thread_mutex_lock( &conn->c_write_mutex );
181 /* lock the connection */
182 ldap_pvt_thread_mutex_lock( &conn->c_mutex );
188 if ( connection_state_closing( conn ) ) {
189 ldap_pvt_thread_mutex_unlock( &conn->c_mutex );
190 ldap_pvt_thread_mutex_unlock( &conn->c_write_mutex );
195 if ( ber_flush( conn->c_sb, ber, 0 ) == 0 ) {
202 * we got an error. if it's ewouldblock, we need to
203 * wait on the socket being writable. otherwise, figure
204 * it's a hard error and return.
207 Debug( LDAP_DEBUG_CONNS, "ber_flush failed errno=%d reason=\"%s\"\n",
208 err, STRERROR(err), 0 );
210 if ( err != EWOULDBLOCK && err != EAGAIN ) {
211 connection_closing( conn );
213 ldap_pvt_thread_mutex_unlock( &conn->c_mutex );
214 ldap_pvt_thread_mutex_unlock( &conn->c_write_mutex );
219 /* wait for socket to be write-ready */
220 conn->c_writewaiter = 1;
221 slapd_set_write( ber_pvt_sb_get_desc( conn->c_sb ), 1 );
223 ldap_pvt_thread_cond_wait( &conn->c_write_cv, &conn->c_mutex );
224 conn->c_writewaiter = 0;
227 ldap_pvt_thread_mutex_unlock( &conn->c_mutex );
228 ldap_pvt_thread_mutex_unlock( &conn->c_write_mutex );
244 struct berval *resdata,
252 assert( ctrls == NULL ); /* ctrls not implemented */
254 ber = ber_alloc_t( LBER_USE_DER );
256 Debug( LDAP_DEBUG_TRACE, "send_ldap_response: msgid=%ld tag=%ld err=%ld\n",
257 (long) msgid, (long) tag, (long) err );
260 Debug( LDAP_DEBUG_ANY, "ber_alloc failed\n", 0, 0, 0 );
264 #ifdef LDAP_CONNECTIONLESS
266 rc = ber_printf( ber, "{is{t{ess}}}", msgid, "", tag,
267 err, matched ? matched : "", text ? text : "" );
271 rc = ber_printf( ber, "{it{ess",
273 matched == NULL ? "" : matched,
274 text == NULL ? "" : text );
276 if( rc != -1 && ref != NULL ) {
277 rc = ber_printf( ber, "{V}", ref );
280 if( rc != -1 && resoid != NULL ) {
281 rc = ber_printf( ber, "s", resoid );
284 if( rc != -1 && resdata != NULL ) {
285 rc = ber_printf( ber, "O", resdata );
290 rc = ber_printf( ber, "}}" );
295 Debug( LDAP_DEBUG_ANY, "ber_printf failed\n", 0, 0, 0 );
301 bytes = send_ldap_ber( conn, ber );
305 Debug( LDAP_DEBUG_ANY,
306 "send_ldap_response: ber write failed\n",
311 ldap_pvt_thread_mutex_lock( &num_sent_mutex );
312 num_bytes_sent += bytes;
314 ldap_pvt_thread_mutex_unlock( &num_sent_mutex );
320 send_ldap_disconnect(
331 #define LDAP_UNSOLICITED_ERROR(e) \
332 ( (e) == LDAP_PROTOCOL_ERROR \
333 || (e) == LDAP_STRONG_AUTH_REQUIRED \
334 || (e) == LDAP_UNAVAILABLE )
336 assert( LDAP_UNSOLICITED_ERROR( err ) );
338 Debug( LDAP_DEBUG_TRACE,
339 "send_ldap_disconnect %d:%s\n",
340 err, text ? text : "", NULL );
342 if ( op->o_protocol < LDAP_VERSION3 ) {
344 tag = req2res( op->o_tag );
345 msgid = (tag != LBER_SEQUENCE) ? op->o_msgid : 0;
348 reqoid = LDAP_NOTICE_DISCONNECT;
349 tag = LDAP_RES_EXTENDED;
353 #ifdef LDAP_CONNECTIONLESS
355 ber_pvt_sb_udp_set_dst( conn->c_sb, &op->o_clientaddr );
356 Debug( LDAP_DEBUG_TRACE, "UDP response to %s port %d\n",
357 inet_ntoa(((struct sockaddr_in *)
358 &op->o_clientaddr)->sin_addr ),
359 ((struct sockaddr_in *) &op->o_clientaddr)->sin_port,
363 send_ldap_response( conn, op, tag, msgid,
364 err, NULL, text, NULL,
365 reqoid, NULL, NULL );
367 Statslog( LDAP_DEBUG_STATS,
368 "conn=%ld op=%ld DISCONNECT err=%ld tag=%lu text=%s\n",
369 (long) op->o_connid, (long) op->o_opid,
370 (long) tag, (long) err, text ? text : "" );
388 assert( !LDAP_API_ERROR( err ) );
390 Debug( LDAP_DEBUG_TRACE, "send_ldap_result: conn=%ld op=%ld p=%d\n",
391 (long) op->o_connid, (long) op->o_opid, op->o_protocol );
392 Debug( LDAP_DEBUG_ARGS, "send_ldap_result: %d:%s:%s\n",
393 err, matched ? matched : "", text ? text : "" );
395 assert( err != LDAP_PARTIAL_RESULTS );
397 if( op->o_tag != LDAP_REQ_SEARCH ) {
398 trim_refs_urls( ref );
401 if ( err == LDAP_REFERRAL ) {
403 err = LDAP_NO_SUCH_OBJECT;
404 } else if ( op->o_protocol < LDAP_VERSION3 ) {
405 err = LDAP_PARTIAL_RESULTS;
409 if ( op->o_protocol < LDAP_VERSION3 ) {
410 tmp = v2ref( ref, text );
415 tag = req2res( op->o_tag );
416 msgid = (tag != LBER_SEQUENCE) ? op->o_msgid : 0;
418 #ifdef LDAP_CONNECTIONLESS
420 ber_pvt_sb_udp_set_dst( conn->c_sb, &op->o_clientaddr );
421 Debug( LDAP_DEBUG_TRACE, "UDP response to %s port %d\n",
422 inet_ntoa(((struct sockaddr_in *)
423 &op->o_clientaddr)->sin_addr ),
424 ((struct sockaddr_in *) &op->o_clientaddr)->sin_port,
429 send_ldap_response( conn, op, tag, msgid,
430 err, matched, text, ref,
433 Statslog( LDAP_DEBUG_STATS,
434 "conn=%ld op=%ld RESULT tag=%lu err=%ld text=%s\n",
435 (long) op->o_connid, (long) op->o_opid,
436 (long) tag, (long) err, text ? text : "" );
456 Debug( LDAP_DEBUG_TRACE, "send_ldap_sasl %ld\n",
457 (long) err, NULL, NULL );
459 tag = req2res( op->o_tag );
460 msgid = (tag != LBER_SEQUENCE) ? op->o_msgid : 0;
462 #ifdef LDAP_CONNECTIONLESS
464 ber_pvt_sb_udp_set_dst( conn->c_sb, &op->o_clientaddr );
465 Debug( LDAP_DEBUG_TRACE, "UDP response to %s port %d\n",
466 inet_ntoa(((struct sockaddr_in *)
467 &op->o_clientaddr)->sin_addr ),
468 ((struct sockaddr_in *) &op->o_clientaddr)->sin_port,
473 send_ldap_response( conn, op, tag, msgid,
474 err, matched, text, NULL,
486 struct berval *rspdata
492 Debug( LDAP_DEBUG_TRACE,
493 "send_ldap_extended %ld:%s\n",
494 (long) err, rspoid ? rspoid : "", NULL );
496 tag = req2res( op->o_tag );
497 msgid = (tag != LBER_SEQUENCE) ? op->o_msgid : 0;
499 #ifdef LDAP_CONNECTIONLESS
501 ber_pvt_sb_udp_set_dst( conn->c_sb, &op->o_clientaddr );
502 Debug( LDAP_DEBUG_TRACE, "UDP response to %s port %d\n",
503 inet_ntoa(((struct sockaddr_in *)
504 &op->o_clientaddr)->sin_addr ),
505 ((struct sockaddr_in *) &op->o_clientaddr)->sin_port,
509 send_ldap_response( conn, op, tag, msgid,
510 err, matched, text, NULL,
511 rspoid, rspdata, NULL );
522 struct berval **refs,
530 assert( !LDAP_API_ERROR( err ) );
532 Debug( LDAP_DEBUG_TRACE, "send_ldap_search_result %d:%s:%s\n",
533 err, matched ? matched : "", text ? text : "" );
535 assert( err != LDAP_PARTIAL_RESULTS );
537 trim_refs_urls( refs );
539 if( op->o_protocol < LDAP_VERSION3 ) {
540 /* send references in search results */
541 if( err == LDAP_REFERRAL ) {
542 err = LDAP_PARTIAL_RESULTS;
545 tmp = v2ref( refs, text );
549 /* don't send references in search results */
550 assert( refs == NULL );
553 if( err == LDAP_REFERRAL ) {
558 tag = req2res( op->o_tag );
559 msgid = (tag != LBER_SEQUENCE) ? op->o_msgid : 0;
561 #ifdef LDAP_CONNECTIONLESS
563 ber_pvt_sb_udp_set_dst( conn->c_sb, &op->o_clientaddr );
564 Debug( LDAP_DEBUG_TRACE, "UDP response to %s port %d\n",
565 inet_ntoa(((struct sockaddr_in *)
566 &op->o_clientaddr)->sin_addr ),
567 ((struct sockaddr_in *) &op->o_clientaddr)->sin_port,
572 send_ldap_response( conn, op, tag, msgid,
573 err, matched, text, refs,
576 Statslog( LDAP_DEBUG_STATS,
577 "conn=%ld op=%ld SEARCH RESULT tag=%lu err=%ld text=%s\n",
578 (long) op->o_connid, (long) op->o_opid,
579 (long) tag, (long) err, text ? text : "" );
604 Debug( LDAP_DEBUG_TRACE, "=> send_search_entry: \"%s\"\n", e->e_dn, 0, 0 );
606 if ( ! access_allowed( be, conn, op, e,
607 "entry", NULL, ACL_READ ) )
609 Debug( LDAP_DEBUG_ACL, "acl: access to entry not allowed\n",
616 ber = ber_alloc_t( LBER_USE_DER );
619 Debug( LDAP_DEBUG_ANY, "ber_alloc failed\n", 0, 0, 0 );
620 send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR,
621 NULL, "allocating BER error", NULL, NULL );
625 rc = ber_printf( ber, "{it{s{", op->o_msgid,
626 LDAP_RES_SEARCH_ENTRY, e->e_dn );
629 Debug( LDAP_DEBUG_ANY, "ber_printf failed\n", 0, 0, 0 );
631 send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR,
632 NULL, "encoding dn error", NULL, NULL );
636 /* check for special all user attributes ("*") type */
637 userattrs = ( attrs == NULL ) ? 1
638 : charray_inlist( attrs, LDAP_ALL_USER_ATTRIBUTES );
640 /* check for special all operational attributes ("+") type */
641 opattrs = ( attrs == NULL ) ? 0
642 : charray_inlist( attrs, LDAP_ALL_OPERATIONAL_ATTRIBUTES );
644 for ( a = e->e_attrs; a != NULL; a = a->a_next ) {
645 if ( attrs == NULL ) {
646 /* all addrs request, skip operational attributes */
647 if( !opattrs && oc_check_operational_attr( a->a_type ) ) {
652 /* specific addrs requested */
653 if ( oc_check_operational_attr( a->a_type ) ) {
654 if( !opattrs && !charray_inlist( attrs, a->a_type ) )
659 if (!userattrs && !charray_inlist( attrs, a->a_type ) )
666 if ( ! access_allowed( be, conn, op, e,
667 a->a_type, NULL, ACL_READ ) )
669 Debug( LDAP_DEBUG_ACL, "acl: access to attribute %s not allowed\n",
674 if (( rc = ber_printf( ber, "{s[" /*]}*/ , a->a_type )) == -1 ) {
675 Debug( LDAP_DEBUG_ANY, "ber_printf failed\n", 0, 0, 0 );
677 send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR,
678 NULL, "encoding type error", NULL, NULL );
683 for ( i = 0; a->a_vals[i] != NULL; i++ ) {
684 if ( ! access_allowed( be, conn, op, e,
685 a->a_type, a->a_vals[i], ACL_READ ) )
687 Debug( LDAP_DEBUG_ACL,
688 "acl: access to attribute %s, value %d not allowed\n",
693 if (( rc = ber_printf( ber, "O", a->a_vals[i] )) == -1 ) {
694 Debug( LDAP_DEBUG_ANY,
695 "ber_printf failed\n", 0, 0, 0 );
697 send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR,
698 NULL, "encoding value error", NULL, NULL );
704 if (( rc = ber_printf( ber, /*{[*/ "]}" )) == -1 ) {
705 Debug( LDAP_DEBUG_ANY, "ber_printf failed\n", 0, 0, 0 );
707 send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR,
708 NULL, "encode end error", NULL, NULL );
713 #ifdef SLAPD_SCHEMA_DN
714 /* eventually will loop through generated operational attributes */
715 /* only have subschemaSubentry implemented */
716 a = backend_subschemasubentry( be );
719 if ( attrs == NULL ) {
720 /* all addrs request, skip operational attributes */
721 if( !opattrs && oc_check_operational_attr( a->a_type ) ) {
726 /* specific addrs requested */
727 if ( oc_check_operational_attr( a->a_type ) ) {
728 if( !opattrs && !charray_inlist( attrs, a->a_type ) )
733 if (!userattrs && !charray_inlist( attrs, a->a_type ) )
740 if ( ! access_allowed( be, conn, op, e,
741 a->a_type, NULL, ACL_READ ) )
743 Debug( LDAP_DEBUG_ACL, "acl: access to attribute %s not allowed\n",
748 if (( rc = ber_printf( ber, "{s[" /*]}*/ , a->a_type )) == -1 ) {
749 Debug( LDAP_DEBUG_ANY, "ber_printf failed\n", 0, 0, 0 );
751 send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR,
752 NULL, "encoding type error", NULL, NULL );
757 for ( i = 0; a->a_vals[i] != NULL; i++ ) {
758 if ( ! access_allowed( be, conn, op, e,
759 a->a_type, a->a_vals[i], ACL_READ ) )
761 Debug( LDAP_DEBUG_ACL,
762 "acl: access to attribute %s, value %d not allowed\n",
768 if (( rc = ber_printf( ber, "O", a->a_vals[i] )) == -1 ) {
769 Debug( LDAP_DEBUG_ANY,
770 "ber_printf failed\n", 0, 0, 0 );
772 send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR,
773 NULL, "encoding value error", NULL, NULL );
779 if (( rc = ber_printf( ber, /*{[*/ "]}" )) == -1 ) {
780 Debug( LDAP_DEBUG_ANY, "ber_printf failed\n", 0, 0, 0 );
782 send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR,
783 NULL, "encode end error", NULL, NULL );
789 rc = ber_printf( ber, /*{{{*/ "}}}" );
792 Debug( LDAP_DEBUG_ANY, "ber_printf failed\n", 0, 0, 0 );
794 send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR,
795 NULL, "encode entry end error", NULL, NULL );
799 bytes = send_ldap_ber( conn, ber );
803 Debug( LDAP_DEBUG_ANY,
804 "send_ldap_response: ber write failed\n",
809 ldap_pvt_thread_mutex_lock( &num_sent_mutex );
810 num_bytes_sent += bytes;
813 ldap_pvt_thread_mutex_unlock( &num_sent_mutex );
815 Statslog( LDAP_DEBUG_STATS2, "conn=%ld op=%ld ENTRY dn=\"%s\"\n",
816 (long) conn->c_connid, (long) op->o_opid, e->e_dn, 0, 0 );
818 Debug( LDAP_DEBUG_TRACE, "<= send_search_entry\n", 0, 0, 0 );
827 send_search_reference(
832 struct berval **refs,
835 struct berval ***v2refs
842 Debug( LDAP_DEBUG_TRACE, "=> send_search_reference (%s)\n", e->e_dn, 0, 0 );
844 if ( ! access_allowed( be, conn, op, e,
845 "entry", NULL, ACL_READ ) )
847 Debug( LDAP_DEBUG_ACL,
848 "send_search_reference: access to entry not allowed\n",
853 if ( ! access_allowed( be, conn, op, e,
854 "ref", NULL, ACL_READ ) )
856 Debug( LDAP_DEBUG_ACL,
857 "send_search_reference: access to reference not allowed\n",
863 Debug( LDAP_DEBUG_ANY,
864 "send_search_reference: null ref in (%s)\n",
869 if( op->o_protocol < LDAP_VERSION3 ) {
870 /* save the references for the result */
871 if( *refs == NULL ) {
872 value_add( v2refs, refs );
877 ber = ber_alloc_t( LBER_USE_DER );
880 Debug( LDAP_DEBUG_ANY,
881 "send_search_reference: ber_alloc failed\n", 0, 0, 0 );
882 send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR,
883 NULL, "alloc BER error", NULL, NULL );
887 rc = ber_printf( ber, "{it{V}}", op->o_msgid,
888 LDAP_RES_SEARCH_REFERENCE, refs );
891 Debug( LDAP_DEBUG_ANY,
892 "send_search_reference: ber_printf failed\n", 0, 0, 0 );
894 send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR,
895 NULL, "encode dn error", NULL, NULL );
899 bytes = send_ldap_ber( conn, ber );
902 ldap_pvt_thread_mutex_lock( &num_sent_mutex );
903 num_bytes_sent += bytes;
906 ldap_pvt_thread_mutex_unlock( &num_sent_mutex );
908 Statslog( LDAP_DEBUG_STATS2, "conn=%ld op=%ld ENTRY dn=\"%s\"\n",
909 (long) conn->c_connid, (long) op->o_opid, e->e_dn, 0, 0 );
911 Debug( LDAP_DEBUG_TRACE, "<= send_search_reference\n", 0, 0, 0 );
928 *code = LDAP_SUCCESS;
932 if ( strncasecmp( s, "RESULT", 6 ) != 0 ) {
933 Debug( LDAP_DEBUG_ANY, "str2result (%s) expecting \"RESULT\"\n",
940 while ( (s = strchr( s, '\n' )) != NULL ) {
945 if ( (c = strchr( s, ':' )) != NULL ) {
949 if ( strncasecmp( s, "code", 4 ) == 0 ) {
953 } else if ( strncasecmp( s, "matched", 7 ) == 0 ) {
957 } else if ( strncasecmp( s, "info", 4 ) == 0 ) {
962 Debug( LDAP_DEBUG_ANY, "str2result (%s) unknown\n",
projects / openldap / blob