1 /* result.c - routines to send ldap results, errors, and referrals */
4 * Copyright 1998-2002 The OpenLDAP Foundation, All Rights Reserved.
5 * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
12 #include <ac/socket.h>
14 #include <ac/string.h>
17 #include <ac/unistd.h>
21 static char *v2ref( BerVarray ref, const char *text )
23 size_t len = 0, i = 0;
28 return ch_strdup(text);
36 if (text[len-1] != '\n') {
41 v2 = SLAP_MALLOC( len+i+sizeof("Referral:") );
44 LDAP_LOG( OPERATION, ERR, "v2ref: SLAP_MALLOC failed", 0, 0, 0 );
46 Debug( LDAP_DEBUG_ANY, "v2ref: SLAP_MALLOC failed", 0, 0, 0 );
57 strcpy( v2+len, "Referral:" );
58 len += sizeof("Referral:");
60 for( i=0; ref[i].bv_val != NULL; i++ ) {
61 v2 = SLAP_REALLOC( v2, len + ref[i].bv_len + 1 );
64 LDAP_LOG( OPERATION, ERR, "v2ref: SLAP_MALLOC failed", 0, 0, 0 );
66 Debug( LDAP_DEBUG_ANY, "v2ref: SLAP_MALLOC failed", 0, 0, 0 );
71 AC_MEMCPY(&v2[len], ref[i].bv_val, ref[i].bv_len );
73 if (ref[i].bv_val[ref[i].bv_len-1] != '/') {
82 static ber_tag_t req2res( ber_tag_t tag )
87 case LDAP_REQ_COMPARE:
88 case LDAP_REQ_EXTENDED:
95 tag = LDAP_RES_DELETE;
98 case LDAP_REQ_ABANDON:
103 case LDAP_REQ_SEARCH:
104 tag = LDAP_RES_SEARCH_RESULT;
114 static long send_ldap_ber(
120 ber_get_option( ber, LBER_OPT_BER_BYTES_TO_WRITE, &bytes );
122 /* write only one pdu at a time - wait til it's our turn */
123 ldap_pvt_thread_mutex_lock( &conn->c_write_mutex );
125 /* lock the connection */
126 ldap_pvt_thread_mutex_lock( &conn->c_mutex );
133 if ( connection_state_closing( conn ) ) {
134 ldap_pvt_thread_mutex_unlock( &conn->c_mutex );
135 ldap_pvt_thread_mutex_unlock( &conn->c_write_mutex );
140 if ( ber_flush( conn->c_sb, ber, 0 ) == 0 ) {
147 * we got an error. if it's ewouldblock, we need to
148 * wait on the socket being writable. otherwise, figure
149 * it's a hard error and return.
153 LDAP_LOG( OPERATION, ERR,
154 "send_ldap_ber: conn %lu ber_flush failed err=%d (%s)\n",
155 conn ? conn->c_connid : 0, err, sock_errstr(err) );
157 Debug( LDAP_DEBUG_CONNS, "ber_flush failed errno=%d reason=\"%s\"\n",
158 err, sock_errstr(err), 0 );
161 if ( err != EWOULDBLOCK && err != EAGAIN ) {
162 connection_closing( conn );
164 ldap_pvt_thread_mutex_unlock( &conn->c_mutex );
165 ldap_pvt_thread_mutex_unlock( &conn->c_write_mutex );
170 /* wait for socket to be write-ready */
171 conn->c_writewaiter = 1;
172 ber_sockbuf_ctrl( conn->c_sb, LBER_SB_OPT_GET_FD, &sd );
173 slapd_set_write( sd, 1 );
175 ldap_pvt_thread_cond_wait( &conn->c_write_cv, &conn->c_mutex );
176 conn->c_writewaiter = 0;
179 ldap_pvt_thread_mutex_unlock( &conn->c_mutex );
180 ldap_pvt_thread_mutex_unlock( &conn->c_write_mutex );
186 send_ldap_controls( BerElement *ber, LDAPControl **c )
189 if( c == NULL ) return 0;
191 rc = ber_printf( ber, "t{"/*}*/, LDAP_TAG_CONTROLS );
192 if( rc == -1 ) return rc;
194 for( ; *c != NULL; c++) {
195 rc = ber_printf( ber, "{s" /*}*/, (*c)->ldctl_oid );
197 if( (*c)->ldctl_iscritical ) {
198 rc = ber_printf( ber, "b",
199 (ber_int_t) (*c)->ldctl_iscritical ) ;
200 if( rc == -1 ) return rc;
203 if( (*c)->ldctl_value.bv_val != NULL ) {
204 rc = ber_printf( ber, "O", &((*c)->ldctl_value));
205 if( rc == -1 ) return rc;
208 rc = ber_printf( ber, /*{*/"N}" );
209 if( rc == -1 ) return rc;
212 rc = ber_printf( ber, /*{*/"N}" );
228 struct berval *resdata,
229 struct berval *sasldata,
233 char berbuf[LBER_ELEMENT_SIZEOF];
234 BerElement *ber = (BerElement *)berbuf;
238 if (op->o_callback && op->o_callback->sc_response) {
239 op->o_callback->sc_response( conn, op, tag, msgid, err, matched,
240 text, ref, resoid, resdata, sasldata, ctrls );
244 ber_init_w_nullc( ber, LBER_USE_DER );
247 LDAP_LOG( OPERATION, ENTRY,
248 "send_ldap_response: msgid=%d tag=%lu err=%d\n",
251 Debug( LDAP_DEBUG_TRACE,
252 "send_ldap_response: msgid=%d tag=%lu err=%d\n",
258 LDAP_LOG( OPERATION, ARGS,
259 "send_ldap_response: conn %lu ref=\"%s\"\n",
260 conn ? conn->c_connid : 0,
261 ref[0].bv_val ? ref[0].bv_val : "NULL" , 0 );
263 Debug( LDAP_DEBUG_ARGS, "send_ldap_response: ref=\"%s\"\n",
264 ref[0].bv_val ? ref[0].bv_val : "NULL",
269 #ifdef LDAP_CONNECTIONLESS
270 if( conn->c_is_udp ) {
272 (char *)&op->o_peeraddr, sizeof(struct sockaddr), 0);
273 if (rc != sizeof(struct sockaddr)) {
275 LDAP_LOG( OPERATION, ERR,
276 "send_ldap_response: conn %lu ber_write failed\n",
277 conn ? conn->c_connid : 0 , 0, 0);
279 Debug( LDAP_DEBUG_ANY, "ber_write failed\n", 0, 0, 0 );
285 if (conn->c_is_udp && op->o_protocol == LDAP_VERSION2) {
286 rc = ber_printf( ber, "{is{t{ess" /*"}}}"*/,
288 matched == NULL ? "" : matched,
289 text == NULL ? "" : text );
293 rc = ber_printf( ber, "{it{ess" /*"}}"*/,
295 matched == NULL ? "" : matched,
296 text == NULL ? "" : text );
301 assert( err == LDAP_REFERRAL );
302 rc = ber_printf( ber, "t{W}",
303 LDAP_TAG_REFERRAL, ref );
305 assert( err != LDAP_REFERRAL );
309 if( rc != -1 && sasldata != NULL ) {
310 rc = ber_printf( ber, "tO",
311 LDAP_TAG_SASL_RES_CREDS, sasldata );
314 if( rc != -1 && resoid != NULL ) {
315 rc = ber_printf( ber, "ts",
316 LDAP_TAG_EXOP_RES_OID, resoid );
319 if( rc != -1 && resdata != NULL ) {
320 rc = ber_printf( ber, "tO",
321 LDAP_TAG_EXOP_RES_VALUE, resdata );
325 rc = ber_printf( ber, /*"{"*/ "N}" );
328 if( rc != -1 && ctrls != NULL ) {
329 rc = send_ldap_controls( ber, ctrls );
333 rc = ber_printf( ber, /*"{"*/ "N}" );
336 #ifdef LDAP_CONNECTIONLESS
337 if( conn->c_is_udp && op->o_protocol == LDAP_VERSION2 && rc != -1 ) {
338 rc = ber_printf( ber, /*"{"*/ "N}" );
344 LDAP_LOG( OPERATION, ERR,
345 "send_ldap_response: conn %lu ber_printf failed\n",
346 conn ? conn->c_connid : 0, 0, 0 );
348 Debug( LDAP_DEBUG_ANY, "ber_printf failed\n", 0, 0, 0 );
356 bytes = send_ldap_ber( conn, ber );
361 LDAP_LOG( OPERATION, ERR,
362 "send_ldap_response: conn %lu ber write failed\n",
363 conn ? conn->c_connid : 0, 0, 0 );
365 Debug( LDAP_DEBUG_ANY,
366 "send_ldap_response: ber write failed\n",
373 ldap_pvt_thread_mutex_lock( &num_sent_mutex );
374 num_bytes_sent += bytes;
376 ldap_pvt_thread_mutex_unlock( &num_sent_mutex );
382 send_ldap_disconnect(
393 #define LDAP_UNSOLICITED_ERROR(e) \
394 ( (e) == LDAP_PROTOCOL_ERROR \
395 || (e) == LDAP_STRONG_AUTH_REQUIRED \
396 || (e) == LDAP_UNAVAILABLE )
398 assert( LDAP_UNSOLICITED_ERROR( err ) );
401 LDAP_LOG( OPERATION, ENTRY,
402 "send_ldap_disconnect: conn %lu %d:%s\n",
403 conn ? conn->c_connid : 0, err, text ? text : "" );
405 Debug( LDAP_DEBUG_TRACE,
406 "send_ldap_disconnect %d:%s\n",
407 err, text ? text : "", NULL );
411 if ( op->o_protocol < LDAP_VERSION3 ) {
413 tag = req2res( op->o_tag );
414 msgid = (tag != LBER_SEQUENCE) ? op->o_msgid : 0;
417 reqoid = LDAP_NOTICE_DISCONNECT;
418 tag = LDAP_RES_EXTENDED;
422 send_ldap_response( conn, op, tag, msgid,
423 err, NULL, text, NULL,
424 reqoid, NULL, NULL, NULL );
426 Statslog( LDAP_DEBUG_STATS,
427 "conn=%lu op=%lu DISCONNECT tag=%lu err=%d text=%s\n",
428 op->o_connid, op->o_opid, tag, err, text ? text : "" );
446 assert( !LDAP_API_ERROR( err ) );
449 LDAP_LOG( OPERATION, ENTRY,
450 "send_ldap_result : conn %lu op=%lu p=%d\n",
451 op->o_connid, op->o_opid, op->o_protocol );
453 Debug( LDAP_DEBUG_TRACE,
454 "send_ldap_result: conn=%lu op=%lu p=%d\n",
455 op->o_connid, op->o_opid, op->o_protocol );
459 LDAP_LOG( OPERATION, ARGS,
460 "send_ldap_result: err=%d matched=\"%s\" text=\"%s\"\n",
461 err, matched ? matched : "", text ? text : "" );
463 Debug( LDAP_DEBUG_ARGS,
464 "send_ldap_result: err=%d matched=\"%s\" text=\"%s\"\n",
465 err, matched ? matched : "", text ? text : "" );
471 LDAP_LOG( OPERATION, ARGS,
472 "send_ldap_result: referral=\"%s\"\n",
473 ref[0].bv_val ? ref[0].bv_val : "NULL", 0, 0 );
475 Debug( LDAP_DEBUG_ARGS,
476 "send_ldap_result: referral=\"%s\"\n",
477 ref[0].bv_val ? ref[0].bv_val : "NULL",
482 assert( err != LDAP_PARTIAL_RESULTS );
484 if ( err == LDAP_REFERRAL ) {
486 err = LDAP_NO_SUCH_OBJECT;
487 } else if ( op->o_protocol < LDAP_VERSION3 ) {
488 err = LDAP_PARTIAL_RESULTS;
492 if ( op->o_protocol < LDAP_VERSION3 ) {
493 tmp = v2ref( ref, text );
498 tag = req2res( op->o_tag );
499 msgid = (tag != LBER_SEQUENCE) ? op->o_msgid : 0;
501 send_ldap_response( conn, op, tag, msgid,
502 err, matched, text, ref,
503 NULL, NULL, NULL, ctrls );
505 Statslog( LDAP_DEBUG_STATS,
506 "conn=%lu op=%lu RESULT tag=%lu err=%d text=%s\n",
507 op->o_connid, op->o_opid, tag, err, text ? text : "" );
530 LDAP_LOG( OPERATION, ENTRY,
531 "send_ldap_sasl: conn %lu err=%d len=%lu\n",
532 op->o_connid, err, cred ? cred->bv_len : -1 );
534 Debug( LDAP_DEBUG_TRACE, "send_ldap_sasl: err=%d len=%ld\n",
535 err, cred ? (long) cred->bv_len : -1, NULL );
539 tag = req2res( op->o_tag );
540 msgid = (tag != LBER_SEQUENCE) ? op->o_msgid : 0;
542 send_ldap_response( conn, op, tag, msgid,
543 err, matched, text, ref,
544 NULL, NULL, cred, ctrls );
556 struct berval *rspdata,
564 LDAP_LOG( OPERATION, ENTRY,
565 "send_ldap_extended: err=%d oid=%s len=%ld\n",
566 err, rspoid ? rspoid : "",
567 rspdata != NULL ? rspdata->bv_len : 0 );
569 Debug( LDAP_DEBUG_TRACE,
570 "send_ldap_extended err=%d oid=%s len=%ld\n",
572 rspoid ? rspoid : "",
573 rspdata != NULL ? rspdata->bv_len : 0 );
577 tag = req2res( op->o_tag );
578 msgid = (tag != LBER_SEQUENCE) ? op->o_msgid : 0;
580 send_ldap_response( conn, op, tag, msgid,
581 err, matched, text, refs,
582 rspoid, rspdata, NULL, ctrls );
602 assert( !LDAP_API_ERROR( err ) );
604 if (op->o_callback && op->o_callback->sc_sresult) {
605 op->o_callback->sc_sresult(conn, op, err, matched, text, refs,
611 LDAP_LOG( OPERATION, ENTRY,
612 "send_search_result: err=%d matched=\"%s\" text=\"%s\"\n",
613 err, matched ? matched : "", text ? text : "" );
615 Debug( LDAP_DEBUG_TRACE,
616 "send_search_result: err=%d matched=\"%s\" text=\"%s\"\n",
617 err, matched ? matched : "", text ? text : "" );
621 assert( err != LDAP_PARTIAL_RESULTS );
623 if( op->o_protocol < LDAP_VERSION3 ) {
624 /* send references in search results */
625 if( err == LDAP_REFERRAL ) {
626 err = LDAP_PARTIAL_RESULTS;
629 tmp = v2ref( refs, text );
634 /* don't send references in search results */
635 assert( refs == NULL );
638 if( err == LDAP_REFERRAL ) {
643 tag = req2res( op->o_tag );
644 msgid = (tag != LBER_SEQUENCE) ? op->o_msgid : 0;
646 send_ldap_response( conn, op, tag, msgid,
647 err, matched, text, refs,
648 NULL, NULL, NULL, ctrls );
652 snprintf( nbuf, sizeof nbuf, "%d nentries=%d", err, nentries );
654 Statslog( LDAP_DEBUG_STATS,
655 "conn=%lu op=%lu SEARCH RESULT tag=%lu err=%s text=%s\n",
656 op->o_connid, op->o_opid, tag, nbuf, text ? text : "" );
670 AttributeName *attrs,
675 char berbuf[LBER_ELEMENT_SIZEOF];
676 BerElement *ber = (BerElement *)berbuf;
678 int i, j, rc=-1, bytes;
682 static AccessControlState acl_state_init = ACL_STATE_INIT;
683 AccessControlState acl_state;
685 AttributeDescription *ad_entry = slap_schema.si_ad_entry;
687 /* a_flags: array of flags telling if the i-th element will be
688 * returned or filtered out
689 * e_flags: array of a_flags
691 char **e_flags = NULL;
693 if (op->o_callback && op->o_callback->sc_sendentry) {
694 return op->o_callback->sc_sendentry( be, conn, op, e, attrs,
699 LDAP_LOG( OPERATION, ENTRY,
700 "send_search_entry: conn %lu dn=\"%s\"%s\n",
701 op->o_connid, e->e_dn, attrsonly ? " (attrsOnly)" : "" );
703 Debug( LDAP_DEBUG_TRACE,
704 "=> send_search_entry: dn=\"%s\"%s\n",
705 e->e_dn, attrsonly ? " (attrsOnly)" : "", 0 );
708 if ( ! access_allowed( be, conn, op, e,
709 ad_entry, NULL, ACL_READ, NULL ) )
713 "send_search_entry: conn %lu access to entry (%s) not allowed\n",
714 op->o_connid, e->e_dn, 0 );
716 Debug( LDAP_DEBUG_ACL,
717 "send_search_entry: access to entry not allowed\n",
726 ber_init_w_nullc( ber, LBER_USE_DER );
728 #ifdef LDAP_CONNECTIONLESS
729 if (conn->c_is_udp) {
731 (char *)&op->o_peeraddr, sizeof(struct sockaddr), 0);
732 if (rc != sizeof(struct sockaddr)) {
734 LDAP_LOG( OPERATION, ERR,
735 "send_search_entry: conn %lu ber_write failed\n",
736 conn ? conn->c_connid : 0, 0, 0 );
738 Debug( LDAP_DEBUG_ANY, "ber_write failed\n", 0, 0, 0 );
744 if (conn->c_is_udp && op->o_protocol == LDAP_VERSION2) {
745 rc = ber_printf( ber, "{is{t{O{" /*}}}*/,
746 op->o_msgid, "", LDAP_RES_SEARCH_ENTRY, &e->e_name );
748 #endif /* LDAP_CONNECTIONLESS */
750 rc = ber_printf( ber, "{it{O{" /*}}}*/, op->o_msgid,
751 LDAP_RES_SEARCH_ENTRY, &e->e_name );
756 LDAP_LOG( OPERATION, ERR,
757 "send_search_entry: conn %lu ber_printf failed\n",
758 op->o_connid, 0, 0 );
760 Debug( LDAP_DEBUG_ANY, "ber_printf failed\n", 0, 0, 0 );
764 send_ldap_result( conn, op, LDAP_OTHER,
765 NULL, "encoding DN error", NULL, NULL );
769 /* check for special all user attributes ("*") type */
770 userattrs = ( attrs == NULL ) ? 1
771 : an_find( attrs, &AllUser );
773 /* check for special all operational attributes ("+") type */
774 opattrs = ( attrs == NULL ) ? 0
775 : an_find( attrs, &AllOper );
777 /* create an array of arrays of flags. Each flag corresponds
778 * to particular value of attribute and equals 1 if value matches
779 * to ValuesReturnFilter or 0 if not
781 if ( op->vrFilter != NULL ) {
785 for ( a = e->e_attrs, i=0; a != NULL; a = a->a_next, i++ ) {
786 for ( j = 0; a->a_vals[j].bv_val != NULL; j++ ) k++;
789 size = i * sizeof(char *) + k;
792 e_flags = SLAP_CALLOC ( 1, i * sizeof(char *) + k );
793 if( e_flags == NULL ) {
795 LDAP_LOG( OPERATION, ERR,
796 "send_search_entry: conn %lu SLAP_CALLOC failed\n",
797 conn ? conn->c_connid : 0, 0, 0 );
799 Debug( LDAP_DEBUG_ANY,
800 "send_search_entry: SLAP_CALLOC failed\n", 0, 0, 0 );
804 send_ldap_result( conn, op, LDAP_OTHER,
805 NULL, "memory error",
809 a_flags = (char *)(e_flags + i);
810 memset( a_flags, 0, k );
811 for ( a = e->e_attrs, i=0; a != NULL; a = a->a_next, i++ ) {
812 for ( j = 0; a->a_vals[j].bv_val != NULL; j++ );
813 e_flags[i] = a_flags;
817 rc = filter_matched_values(be, conn, op, e->e_attrs, &e_flags) ;
820 LDAP_LOG( OPERATION, ERR,
821 "send_search_entry: conn %lu matched values filtering failed\n",
822 conn ? conn->c_connid : 0, 0, 0 );
824 Debug( LDAP_DEBUG_ANY,
825 "matched values filtering failed\n", 0, 0, 0 );
829 send_ldap_result( conn, op, LDAP_OTHER,
830 NULL, "matched values filtering error",
837 for ( a = e->e_attrs, j = 0; a != NULL; a = a->a_next, j++ ) {
838 AttributeDescription *desc = a->a_desc;
840 if ( attrs == NULL ) {
841 /* all attrs request, skip operational attributes */
842 if( is_at_operational( desc->ad_type ) ) {
847 /* specific attrs requested */
848 if ( is_at_operational( desc->ad_type ) ) {
849 if( !opattrs && !ad_inlist( desc, attrs ) ) {
854 if (!userattrs && !ad_inlist( desc, attrs ) ) {
860 acl_state = acl_state_init;
862 if ( ! access_allowed( be, conn, op, e, desc, NULL,
863 ACL_READ, &acl_state ) )
867 "send_search_entry: conn %lu access to attribute %s not "
868 "allowed\n", op->o_connid, desc->ad_cname.bv_val, 0 );
870 Debug( LDAP_DEBUG_ACL, "acl: "
871 "access to attribute %s not allowed\n",
872 desc->ad_cname.bv_val, 0, 0 );
877 if (( rc = ber_printf( ber, "{O[" /*]}*/ , &desc->ad_cname )) == -1 ) {
879 LDAP_LOG( OPERATION, ERR,
880 "send_search_entry: conn %lu ber_printf failed\n",
881 op->o_connid, 0, 0 );
883 Debug( LDAP_DEBUG_ANY, "ber_printf failed\n", 0, 0, 0 );
887 send_ldap_result( conn, op, LDAP_OTHER,
888 NULL, "encoding description error", NULL, NULL );
893 for ( i = 0; a->a_vals[i].bv_val != NULL; i++ ) {
894 if ( ! access_allowed( be, conn, op, e,
895 desc, &a->a_vals[i], ACL_READ, &acl_state ) )
899 "send_search_entry: conn %lu "
900 "access to attribute %s, value %d not allowed\n",
901 op->o_connid, desc->ad_cname.bv_val, i );
903 Debug( LDAP_DEBUG_ACL,
904 "acl: access to attribute %s, "
905 "value %d not allowed\n",
906 desc->ad_cname.bv_val, i, 0 );
912 if ( op->vrFilter && e_flags[j][i] == 0 ){
916 if (( rc = ber_printf( ber, "O", &a->a_vals[i] )) == -1 ) {
918 LDAP_LOG( OPERATION, ERR,
919 "send_search_entry: conn %lu "
920 "ber_printf failed.\n", op->o_connid, 0, 0 );
922 Debug( LDAP_DEBUG_ANY,
923 "ber_printf failed\n", 0, 0, 0 );
927 send_ldap_result( conn, op, LDAP_OTHER,
928 NULL, "encoding values error",
935 if (( rc = ber_printf( ber, /*{[*/ "]N}" )) == -1 ) {
937 LDAP_LOG( OPERATION, ERR,
938 "send_search_entry: conn %lu ber_printf failed\n",
939 op->o_connid, 0, 0 );
941 Debug( LDAP_DEBUG_ANY, "ber_printf failed\n", 0, 0, 0 );
945 send_ldap_result( conn, op, LDAP_OTHER,
946 NULL, "encode end error", NULL, NULL );
951 /* eventually will loop through generated operational attributes */
952 /* only have subschemaSubentry implemented */
953 aa = backend_operational( be, conn, op, e, attrs, opattrs );
955 if ( aa != NULL && op->vrFilter != NULL ) {
959 for ( a = aa, i=0; a != NULL; a = a->a_next, i++ ) {
960 for ( j = 0; a->a_vals[j].bv_val != NULL; j++ ) k++;
963 size = i * sizeof(char *) + k;
965 char *a_flags, **tmp;
968 * Reuse previous memory - we likely need less space
969 * for operational attributes
971 tmp = SLAP_REALLOC ( e_flags, i * sizeof(char *) + k );
974 LDAP_LOG( OPERATION, ERR,
975 "send_search_entry: conn %lu "
977 "for matched values filtering\n",
978 conn ? conn->c_connid : 0, 0, 0);
980 Debug( LDAP_DEBUG_ANY,
981 "send_search_entry: conn %lu "
983 "for matched values filtering\n",
984 conn ? conn->c_connid : 0, 0, 0 );
988 send_ldap_result( conn, op, LDAP_NO_MEMORY,
989 NULL, NULL, NULL, NULL );
993 a_flags = (char *)(e_flags + i);
994 memset( a_flags, 0, k );
995 for ( a = aa, i=0; a != NULL; a = a->a_next, i++ ) {
996 for ( j = 0; a->a_vals[j].bv_val != NULL; j++ );
997 e_flags[i] = a_flags;
1000 rc = filter_matched_values(be, conn, op, aa, &e_flags) ;
1004 LDAP_LOG( OPERATION, ERR,
1005 "send_search_entry: conn %lu "
1006 "matched values filtering failed\n",
1007 conn ? conn->c_connid : 0, 0, 0);
1009 Debug( LDAP_DEBUG_ANY,
1010 "matched values filtering failed\n", 0, 0, 0 );
1014 send_ldap_result( conn, op, LDAP_OTHER,
1015 NULL, "matched values filtering error",
1022 for (a = aa, j=0; a != NULL; a = a->a_next, j++ ) {
1023 AttributeDescription *desc = a->a_desc;
1025 if ( attrs == NULL ) {
1026 /* all attrs request, skip operational attributes */
1027 if( is_at_operational( desc->ad_type ) ) {
1032 /* specific attrs requested */
1033 if( is_at_operational( desc->ad_type ) ) {
1034 if( !opattrs && !ad_inlist( desc, attrs ) ) {
1038 if (!userattrs && !ad_inlist( desc, attrs ) )
1045 acl_state = acl_state_init;
1047 if ( ! access_allowed( be, conn, op, e, desc, NULL,
1048 ACL_READ, &acl_state ) )
1051 LDAP_LOG( ACL, INFO,
1052 "send_search_entry: conn %lu "
1053 "access to attribute %s not allowed\n",
1054 op->o_connid, desc->ad_cname.bv_val, 0 );
1056 Debug( LDAP_DEBUG_ACL, "acl: access to attribute %s "
1058 desc->ad_cname.bv_val, 0, 0 );
1064 rc = ber_printf( ber, "{O[" /*]}*/ , &desc->ad_cname );
1067 LDAP_LOG( OPERATION, ERR,
1068 "send_search_entry: conn %lu "
1069 "ber_printf failed\n", op->o_connid, 0, 0 );
1071 Debug( LDAP_DEBUG_ANY, "ber_printf failed\n", 0, 0, 0 );
1074 ber_free_buf( ber );
1075 send_ldap_result( conn, op, LDAP_OTHER,
1076 NULL, "encoding description error", NULL, NULL );
1082 if ( ! attrsonly ) {
1083 for ( i = 0; a->a_vals[i].bv_val != NULL; i++ ) {
1084 if ( ! access_allowed( be, conn, op, e,
1085 desc, &a->a_vals[i], ACL_READ, &acl_state ) )
1088 LDAP_LOG( ACL, INFO,
1089 "send_search_entry: conn %lu "
1090 "access to %s, value %d not allowed\n",
1091 op->o_connid, desc->ad_cname.bv_val, i );
1093 Debug( LDAP_DEBUG_ACL,
1094 "acl: access to attribute %s, "
1095 "value %d not allowed\n",
1096 desc->ad_cname.bv_val, i, 0 );
1102 if ( op->vrFilter && e_flags[j][i] == 0 ){
1106 if (( rc = ber_printf( ber, "O", &a->a_vals[i] )) == -1 ) {
1108 LDAP_LOG( OPERATION, ERR,
1109 "send_search_entry: conn %lu ber_printf failed\n",
1110 op->o_connid, 0, 0 );
1112 Debug( LDAP_DEBUG_ANY,
1113 "ber_printf failed\n", 0, 0, 0 );
1116 ber_free_buf( ber );
1117 send_ldap_result( conn, op, LDAP_OTHER,
1118 NULL, "encoding values error",
1127 if (( rc = ber_printf( ber, /*{[*/ "]N}" )) == -1 ) {
1129 LDAP_LOG( OPERATION, ERR,
1130 "send_search_entry: conn %lu ber_printf failed\n",
1131 op->o_connid, 0, 0 );
1133 Debug( LDAP_DEBUG_ANY, "ber_printf failed\n", 0, 0, 0 );
1136 ber_free_buf( ber );
1137 send_ldap_result( conn, op, LDAP_OTHER,
1138 NULL, "encode end error", NULL, NULL );
1152 rc = ber_printf( ber, /*{{*/ "}N}" );
1154 if( rc != -1 && ctrls != NULL ) {
1155 rc = send_ldap_controls( ber, ctrls );
1159 rc = ber_printf( ber, /*{*/ "N}" );
1162 #ifdef LDAP_CONNECTIONLESS
1163 if (conn->c_is_udp && op->o_protocol == LDAP_VERSION2 && rc != -1) {
1164 rc = ber_printf( ber, "}" );
1169 LDAP_LOG( OPERATION, ERR,
1170 "send_search_entry: conn %lu ber_printf failed\n",
1171 op->o_connid, 0, 0 );
1173 Debug( LDAP_DEBUG_ANY, "ber_printf failed\n", 0, 0, 0 );
1176 ber_free_buf( ber );
1177 send_ldap_result( conn, op, LDAP_OTHER,
1178 NULL, "encode entry end error", NULL, NULL );
1182 bytes = op->o_noop ? 0 : send_ldap_ber( conn, ber );
1183 ber_free_buf( ber );
1187 LDAP_LOG( OPERATION, ERR,
1188 "send_search_entry: conn %lu ber write failed.\n",
1189 op->o_connid, 0, 0 );
1191 Debug( LDAP_DEBUG_ANY,
1192 "send_search_entry: ber write failed\n",
1199 ldap_pvt_thread_mutex_lock( &num_sent_mutex );
1200 num_bytes_sent += bytes;
1203 ldap_pvt_thread_mutex_unlock( &num_sent_mutex );
1205 Statslog( LDAP_DEBUG_STATS2, "conn=%lu op=%lu ENTRY dn=\"%s\"\n",
1206 conn->c_connid, op->o_opid, e->e_dn, 0, 0 );
1209 LDAP_LOG( OPERATION, ENTRY,
1210 "send_search_entry: conn %lu exit.\n", op->o_connid, 0, 0 );
1212 Debug( LDAP_DEBUG_TRACE, "<= send_search_entry\n", 0, 0, 0 );
1218 if ( e_flags ) free( e_flags );
1223 send_search_reference(
1229 LDAPControl **ctrls,
1233 char berbuf[LBER_ELEMENT_SIZEOF];
1234 BerElement *ber = (BerElement *)berbuf;
1238 AttributeDescription *ad_ref = slap_schema.si_ad_ref;
1239 AttributeDescription *ad_entry = slap_schema.si_ad_entry;
1242 LDAP_LOG( OPERATION, ENTRY,
1243 "send_search_reference: conn %lu dn=\"%s\"\n",
1244 op->o_connid, e ? e->e_dn : "(null)", 0 );
1246 Debug( LDAP_DEBUG_TRACE,
1247 "=> send_search_reference: dn=\"%s\"\n",
1248 e ? e->e_dn : "(null)", 0, 0 );
1252 if ( e && ! access_allowed( be, conn, op, e,
1253 ad_entry, NULL, ACL_READ, NULL ) )
1256 LDAP_LOG( ACL, INFO,
1257 "send_search_reference: conn %lu "
1258 "access to entry %s not allowed\n",
1259 op->o_connid, e->e_dn, 0 );
1261 Debug( LDAP_DEBUG_ACL,
1262 "send_search_reference: access to entry not allowed\n",
1269 if ( e && ! access_allowed( be, conn, op, e,
1270 ad_ref, NULL, ACL_READ, NULL ) )
1273 LDAP_LOG( ACL, INFO,
1274 "send_search_reference: conn %lu access "
1275 "to reference not allowed.\n", op->o_connid, 0, 0 );
1277 Debug( LDAP_DEBUG_ACL,
1278 "send_search_reference: access "
1279 "to reference not allowed\n",
1286 if( refs == NULL ) {
1288 LDAP_LOG( OPERATION, ERR,
1289 "send_search_reference: conn %lu null ref in (%s).\n",
1290 op->o_connid, e ? e->e_dn : "(null)", 0 );
1292 Debug( LDAP_DEBUG_ANY,
1293 "send_search_reference: null ref in (%s)\n",
1294 e ? e->e_dn : "(null)", 0, 0 );
1300 if( op->o_protocol < LDAP_VERSION3 ) {
1301 /* save the references for the result */
1302 if( refs[0].bv_val != NULL ) {
1303 if( value_add( v2refs, refs ) )
1309 ber_init_w_nullc( ber, LBER_USE_DER );
1311 rc = ber_printf( ber, "{it{W}" /*"}"*/ , op->o_msgid,
1312 LDAP_RES_SEARCH_REFERENCE, refs );
1314 if( rc != -1 && ctrls != NULL ) {
1315 rc = send_ldap_controls( ber, ctrls );
1319 rc = ber_printf( ber, /*"{"*/ "N}", op->o_msgid,
1320 LDAP_RES_SEARCH_REFERENCE, refs );
1325 LDAP_LOG( OPERATION, ERR,
1326 "send_search_reference: conn %lu "
1327 "ber_printf failed.\n", op->o_connid, 0, 0 );
1329 Debug( LDAP_DEBUG_ANY,
1330 "send_search_reference: ber_printf failed\n", 0, 0, 0 );
1333 ber_free_buf( ber );
1334 send_ldap_result( conn, op, LDAP_OTHER,
1335 NULL, "encode DN error", NULL, NULL );
1339 bytes = op->o_noop ? 0 : send_ldap_ber( conn, ber );
1340 ber_free_buf( ber );
1342 ldap_pvt_thread_mutex_lock( &num_sent_mutex );
1343 num_bytes_sent += bytes;
1346 ldap_pvt_thread_mutex_unlock( &num_sent_mutex );
1348 Statslog( LDAP_DEBUG_STATS2, "conn=%lu op=%lu REF dn=\"%s\"\n",
1349 conn->c_connid, op->o_opid, e ? e->e_dn : "(null)", 0, 0 );
1352 LDAP_LOG( OPERATION, ENTRY,
1353 "send_search_reference: conn %lu exit.\n", op->o_connid, 0, 0 );
1355 Debug( LDAP_DEBUG_TRACE, "<= send_search_reference\n", 0, 0, 0 );
1373 *code = LDAP_SUCCESS;
1377 if ( strncasecmp( s, "RESULT", 6 ) != 0 ) {
1379 LDAP_LOG( OPERATION, INFO,
1380 "str2result: (%s), expecting \"RESULT\"\n", s, 0, 0 );
1382 Debug( LDAP_DEBUG_ANY, "str2result (%s) expecting \"RESULT\"\n",
1390 while ( (s = strchr( s, '\n' )) != NULL ) {
1395 if ( (c = strchr( s, ':' )) != NULL ) {
1399 if ( strncasecmp( s, "code", 4 ) == 0 ) {
1403 } else if ( strncasecmp( s, "matched", 7 ) == 0 ) {
1407 } else if ( strncasecmp( s, "info", 4 ) == 0 ) {
1413 LDAP_LOG( OPERATION, INFO, "str2result: (%s) unknown.\n", s, 0, 0 );
1415 Debug( LDAP_DEBUG_ANY, "str2result (%s) unknown\n",