1 /* result.c - routines to send ldap results, errors, and referrals */
4 * Copyright 1998-2000 The OpenLDAP Foundation, All Rights Reserved.
5 * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
12 #include <ac/socket.h>
14 #include <ac/signal.h>
15 #include <ac/string.h>
18 #include <ac/unistd.h>
22 static char *v2ref( struct berval **ref, const char *text )
24 size_t len = 0, i = 0;
29 return ch_strdup(text);
36 if (text[len-1] != '\n') {
40 v2 = ch_malloc( len+i+sizeof("Referral:") );
47 strcpy( v2+len, "Referral:" );
48 len += sizeof("Referral:");
50 for( i=0; ref[i] != NULL; i++ ) {
51 v2 = ch_realloc( v2, len + ref[i]->bv_len + 1 );
53 AC_MEMCPY(&v2[len], ref[i]->bv_val, ref[i]->bv_len );
54 len += ref[i]->bv_len;
55 if (ref[i]->bv_val[ref[i]->bv_len-1] != '/') {
64 static ber_tag_t req2res( ber_tag_t tag )
69 case LDAP_REQ_COMPARE:
70 case LDAP_REQ_EXTENDED:
77 tag = LDAP_RES_DELETE;
80 case LDAP_REQ_ABANDON:
86 tag = LDAP_RES_SEARCH_RESULT;
96 static void trim_refs_urls(
97 struct berval **refs )
101 if( refs == NULL ) return;
103 for( i=0; refs[i] != NULL; i++ ) {
104 if( refs[i]->bv_len > sizeof("ldap://")-1 &&
105 strncasecmp( refs[i]->bv_val, "ldap://",
106 sizeof("ldap://")-1 ) == 0 )
109 for( j=sizeof("ldap://")-1; j<refs[i]->bv_len ; j++ ) {
110 if( refs[i]->bv_val[j] == '/' ) {
111 refs[i]->bv_val[j] = '\0';
120 struct berval **get_entry_referrals(
127 struct berval **refs;
130 AttributeDescription *ad_ref = slap_schema.si_ad_ref;
132 attr = attr_find( e->e_attrs, ad_ref );
134 if( attr == NULL ) return NULL;
136 for( i=0; attr->a_vals[i] != NULL; i++ ) {
137 /* count references */
140 if( i < 1 ) return NULL;
142 refs = ch_malloc( (i + 1) * sizeof(struct berval *));
144 for( i=0, j=0; attr->a_vals[i] != NULL; i++ ) {
146 struct berval *ref = ber_bvdup( attr->a_vals[i] );
149 for( k=0; k<ref->bv_len; k++ ) {
150 if( isspace(ref->bv_val[k]) ) {
151 ref->bv_val[k] = '\0';
157 if( ref->bv_len > 0 ) {
168 ber_bvecfree( refs );
172 /* we should check that a referral value exists... */
177 static long send_ldap_ber(
183 ber_get_option( ber, LBER_OPT_BER_BYTES_TO_WRITE, &bytes );
185 /* write only one pdu at a time - wait til it's our turn */
186 ldap_pvt_thread_mutex_lock( &conn->c_write_mutex );
188 /* lock the connection */
189 ldap_pvt_thread_mutex_lock( &conn->c_mutex );
196 if ( connection_state_closing( conn ) ) {
197 ldap_pvt_thread_mutex_unlock( &conn->c_mutex );
198 ldap_pvt_thread_mutex_unlock( &conn->c_write_mutex );
203 if ( ber_flush( conn->c_sb, ber, 0 ) == 0 ) {
210 * we got an error. if it's ewouldblock, we need to
211 * wait on the socket being writable. otherwise, figure
212 * it's a hard error and return.
215 Debug( LDAP_DEBUG_CONNS, "ber_flush failed errno=%d reason=\"%s\"\n",
216 err, sock_errstr(err), 0 );
218 if ( err != EWOULDBLOCK && err != EAGAIN ) {
219 connection_closing( conn );
221 ldap_pvt_thread_mutex_unlock( &conn->c_mutex );
222 ldap_pvt_thread_mutex_unlock( &conn->c_write_mutex );
227 /* wait for socket to be write-ready */
228 conn->c_writewaiter = 1;
229 ber_sockbuf_ctrl( conn->c_sb, LBER_SB_OPT_GET_FD, &sd );
230 slapd_set_write( sd, 1 );
232 ldap_pvt_thread_cond_wait( &conn->c_write_cv, &conn->c_mutex );
233 conn->c_writewaiter = 0;
236 ldap_pvt_thread_mutex_unlock( &conn->c_mutex );
237 ldap_pvt_thread_mutex_unlock( &conn->c_write_mutex );
253 struct berval *resdata,
254 struct berval *sasldata,
262 assert( ctrls == NULL ); /* ctrls not implemented */
264 ber = ber_alloc_t( LBER_USE_DER );
266 Debug( LDAP_DEBUG_TRACE, "send_ldap_response: msgid=%ld tag=%ld err=%ld\n",
267 (long) msgid, (long) tag, (long) err );
269 Debug( LDAP_DEBUG_ARGS, "send_ldap_response: ref=%s\n",
270 ref[0] && ref[0]->bv_val ? ref[0]->bv_val : "NULL",
275 Debug( LDAP_DEBUG_ANY, "ber_alloc failed\n", 0, 0, 0 );
279 rc = ber_printf( ber, "{it{ess",
281 matched == NULL ? "" : matched,
282 text == NULL ? "" : text );
286 assert( err == LDAP_REFERRAL );
287 rc = ber_printf( ber, "t{V}",
288 LDAP_TAG_REFERRAL, ref );
290 assert( err != LDAP_REFERRAL );
294 if( rc != -1 && sasldata != NULL ) {
295 rc = ber_printf( ber, "tO",
296 LDAP_TAG_SASL_RES_CREDS, sasldata );
299 if( rc != -1 && resoid != NULL ) {
300 rc = ber_printf( ber, "ts",
301 LDAP_TAG_EXOP_RES_OID, resoid );
304 if( rc != -1 && resdata != NULL ) {
305 rc = ber_printf( ber, "tO",
306 LDAP_TAG_EXOP_RES_VALUE, resdata );
310 rc = ber_printf( ber, "N}N}" );
314 Debug( LDAP_DEBUG_ANY, "ber_printf failed\n", 0, 0, 0 );
320 bytes = send_ldap_ber( conn, ber );
324 Debug( LDAP_DEBUG_ANY,
325 "send_ldap_response: ber write failed\n",
330 ldap_pvt_thread_mutex_lock( &num_sent_mutex );
331 num_bytes_sent += bytes;
333 ldap_pvt_thread_mutex_unlock( &num_sent_mutex );
339 send_ldap_disconnect(
350 #define LDAP_UNSOLICITED_ERROR(e) \
351 ( (e) == LDAP_PROTOCOL_ERROR \
352 || (e) == LDAP_STRONG_AUTH_REQUIRED \
353 || (e) == LDAP_UNAVAILABLE )
355 assert( LDAP_UNSOLICITED_ERROR( err ) );
357 Debug( LDAP_DEBUG_TRACE,
358 "send_ldap_disconnect %d:%s\n",
359 err, text ? text : "", NULL );
361 if ( op->o_protocol < LDAP_VERSION3 ) {
363 tag = req2res( op->o_tag );
364 msgid = (tag != LBER_SEQUENCE) ? op->o_msgid : 0;
367 reqoid = LDAP_NOTICE_DISCONNECT;
368 tag = LDAP_RES_EXTENDED;
372 send_ldap_response( conn, op, tag, msgid,
373 err, NULL, text, NULL,
374 reqoid, NULL, NULL, NULL );
376 Statslog( LDAP_DEBUG_STATS,
377 "conn=%ld op=%ld DISCONNECT err=%ld tag=%lu text=%s\n",
378 (long) op->o_connid, (long) op->o_opid,
379 (long) tag, (long) err, text ? text : "" );
397 assert( !LDAP_API_ERROR( err ) );
399 Debug( LDAP_DEBUG_TRACE, "send_ldap_result: conn=%ld op=%ld p=%d\n",
400 (long) op->o_connid, (long) op->o_opid, op->o_protocol );
401 Debug( LDAP_DEBUG_ARGS, "send_ldap_result: %d:%s:%s\n",
402 err, matched ? matched : "", text ? text : "" );
405 Debug( LDAP_DEBUG_ARGS, "send_ldap_result: referral: %s\n",
406 ref[0] && ref[0]->bv_val ? ref[0]->bv_val : "NULL",
410 assert( err != LDAP_PARTIAL_RESULTS );
412 if( op->o_tag != LDAP_REQ_SEARCH ) {
413 trim_refs_urls( ref );
416 if ( err == LDAP_REFERRAL ) {
418 err = LDAP_NO_SUCH_OBJECT;
419 } else if ( op->o_protocol < LDAP_VERSION3 ) {
420 err = LDAP_PARTIAL_RESULTS;
424 if ( op->o_protocol < LDAP_VERSION3 ) {
425 tmp = v2ref( ref, text );
430 tag = req2res( op->o_tag );
431 msgid = (tag != LBER_SEQUENCE) ? op->o_msgid : 0;
433 send_ldap_response( conn, op, tag, msgid,
434 err, matched, text, ref,
435 NULL, NULL, NULL, ctrls );
437 Statslog( LDAP_DEBUG_STATS,
438 "conn=%ld op=%ld RESULT tag=%lu err=%ld text=%s\n",
439 (long) op->o_connid, (long) op->o_opid,
440 (long) tag, (long) err, text ? text : "" );
462 Debug( LDAP_DEBUG_TRACE, "send_ldap_sasl: err=%ld len=%ld\n",
463 (long) err, cred ? cred->bv_len : -1, NULL );
465 tag = req2res( op->o_tag );
466 msgid = (tag != LBER_SEQUENCE) ? op->o_msgid : 0;
468 send_ldap_response( conn, op, tag, msgid,
469 err, matched, text, ref,
470 NULL, NULL, cred, ctrls );
480 struct berval **refs,
482 struct berval *rspdata,
489 Debug( LDAP_DEBUG_TRACE,
490 "send_ldap_extended %ld:%s (%ld)\n",
492 rspoid ? rspoid : "",
493 rspdata != NULL ? (long) rspdata->bv_len : (long) 0 );
495 tag = req2res( op->o_tag );
496 msgid = (tag != LBER_SEQUENCE) ? op->o_msgid : 0;
498 send_ldap_response( conn, op, tag, msgid,
499 err, matched, text, refs,
500 rspoid, rspdata, NULL, ctrls );
511 struct berval **refs,
519 assert( !LDAP_API_ERROR( err ) );
521 Debug( LDAP_DEBUG_TRACE, "send_ldap_search_result %d:%s:%s\n",
522 err, matched ? matched : "", text ? text : "" );
524 assert( err != LDAP_PARTIAL_RESULTS );
526 trim_refs_urls( refs );
528 if( op->o_protocol < LDAP_VERSION3 ) {
529 /* send references in search results */
530 if( err == LDAP_REFERRAL ) {
531 err = LDAP_PARTIAL_RESULTS;
534 tmp = v2ref( refs, text );
539 /* don't send references in search results */
540 assert( refs == NULL );
543 if( err == LDAP_REFERRAL ) {
548 tag = req2res( op->o_tag );
549 msgid = (tag != LBER_SEQUENCE) ? op->o_msgid : 0;
551 send_ldap_response( conn, op, tag, msgid,
552 err, matched, text, refs,
553 NULL, NULL, NULL, ctrls );
555 Statslog( LDAP_DEBUG_STATS,
556 "conn=%ld op=%ld SEARCH RESULT tag=%lu err=%ld text=%s\n",
557 (long) op->o_connid, (long) op->o_opid,
558 (long) tag, (long) err, text ? text : "" );
584 AttributeDescription *ad_entry = slap_schema.si_ad_entry;
586 Debug( LDAP_DEBUG_TRACE, "=> send_search_entry: \"%s\"\n", e->e_dn, 0, 0 );
588 if ( ! access_allowed( be, conn, op, e,
589 ad_entry, NULL, ACL_READ ) )
591 Debug( LDAP_DEBUG_ACL, "acl: access to entry not allowed\n",
598 ber = ber_alloc_t( LBER_USE_DER );
601 Debug( LDAP_DEBUG_ANY, "ber_alloc failed\n", 0, 0, 0 );
602 send_ldap_result( conn, op, LDAP_OTHER,
603 NULL, "BER allocation error", NULL, NULL );
607 rc = ber_printf( ber, "{it{s{" /*}}}*/, op->o_msgid,
608 LDAP_RES_SEARCH_ENTRY, e->e_dn );
611 Debug( LDAP_DEBUG_ANY, "ber_printf failed\n", 0, 0, 0 );
613 send_ldap_result( conn, op, LDAP_OTHER,
614 NULL, "encoding DN error", NULL, NULL );
618 /* check for special all user attributes ("*") type */
619 userattrs = ( attrs == NULL ) ? 1
620 : charray_inlist( attrs, LDAP_ALL_USER_ATTRIBUTES );
622 /* check for special all operational attributes ("+") type */
623 opattrs = ( attrs == NULL ) ? 0
624 : charray_inlist( attrs, LDAP_ALL_OPERATIONAL_ATTRIBUTES );
626 for ( a = e->e_attrs; a != NULL; a = a->a_next ) {
627 AttributeDescription *desc = a->a_desc;
628 char *type = desc->ad_cname->bv_val;
630 if ( attrs == NULL ) {
631 /* all addrs request, skip operational attributes */
632 if( is_at_operational( desc->ad_type ) ) {
637 /* specific addrs requested */
638 if ( is_at_operational( desc->ad_type ) ) {
639 if( !opattrs && !ad_inlist( desc, attrs ) ) {
644 if (!userattrs && !ad_inlist( desc, attrs ) ) {
650 if ( ! access_allowed( be, conn, op, e, desc, NULL, ACL_READ ) ) {
651 Debug( LDAP_DEBUG_ACL, "acl: access to attribute %s not allowed\n",
652 desc->ad_cname->bv_val, 0, 0 );
656 if (( rc = ber_printf( ber, "{s[" /*]}*/ , type )) == -1 ) {
657 Debug( LDAP_DEBUG_ANY, "ber_printf failed\n", 0, 0, 0 );
659 send_ldap_result( conn, op, LDAP_OTHER,
660 NULL, "encoding description error", NULL, NULL );
665 for ( i = 0; a->a_vals[i] != NULL; i++ ) {
666 if ( ! access_allowed( be, conn, op, e,
667 desc, a->a_vals[i], ACL_READ ) )
669 Debug( LDAP_DEBUG_ACL,
670 "acl: access to attribute %s, value %d not allowed\n",
671 desc->ad_cname->bv_val, i, 0 );
675 if (( rc = ber_printf( ber, "O", a->a_vals[i] )) == -1 ) {
676 Debug( LDAP_DEBUG_ANY,
677 "ber_printf failed\n", 0, 0, 0 );
679 send_ldap_result( conn, op, LDAP_OTHER,
680 NULL, "encoding values error", NULL, NULL );
686 if (( rc = ber_printf( ber, /*{[*/ "]N}" )) == -1 ) {
687 Debug( LDAP_DEBUG_ANY, "ber_printf failed\n", 0, 0, 0 );
689 send_ldap_result( conn, op, LDAP_OTHER,
690 NULL, "encode end error", NULL, NULL );
695 /* eventually will loop through generated operational attributes */
696 /* only have subschemaSubentry implemented */
697 aa = backend_operational( be, conn, op, e );
699 for (a = aa ; a != NULL; a = a->a_next ) {
700 AttributeDescription *desc = a->a_desc;
702 if ( attrs == NULL ) {
703 /* all addrs request, skip operational attributes */
704 if( is_at_operational( desc->ad_type ) ) {
709 /* specific addrs requested */
710 if( is_at_operational( desc->ad_type ) ) {
711 if( !opattrs && !ad_inlist( desc, attrs ) ) {
715 if (!userattrs && !ad_inlist( desc, attrs ) )
722 if ( ! access_allowed( be, conn, op, e, desc, NULL, ACL_READ ) ) {
723 Debug( LDAP_DEBUG_ACL, "acl: access to attribute %s not allowed\n",
724 desc->ad_cname->bv_val, 0, 0 );
728 rc = ber_printf( ber, "{s[" /*]}*/ , desc->ad_cname->bv_val );
730 Debug( LDAP_DEBUG_ANY, "ber_printf failed\n", 0, 0, 0 );
732 send_ldap_result( conn, op, LDAP_OTHER,
733 NULL, "encoding description error", NULL, NULL );
738 for ( i = 0; a->a_vals[i] != NULL; i++ ) {
739 if ( ! access_allowed( be, conn, op, e,
740 desc, a->a_vals[i], ACL_READ ) )
742 Debug( LDAP_DEBUG_ACL,
743 "acl: access to attribute %s, value %d not allowed\n",
744 desc->ad_cname->bv_val, i, 0 );
749 if (( rc = ber_printf( ber, "O", a->a_vals[i] )) == -1 ) {
750 Debug( LDAP_DEBUG_ANY,
751 "ber_printf failed\n", 0, 0, 0 );
753 send_ldap_result( conn, op, LDAP_OTHER,
754 NULL, "encoding values error", NULL, NULL );
760 if (( rc = ber_printf( ber, /*{[*/ "]N}" )) == -1 ) {
761 Debug( LDAP_DEBUG_ANY, "ber_printf failed\n", 0, 0, 0 );
763 send_ldap_result( conn, op, LDAP_OTHER,
764 NULL, "encode end error", NULL, NULL );
771 rc = ber_printf( ber, /*{{{*/ "}N}N}" );
774 Debug( LDAP_DEBUG_ANY, "ber_printf failed\n", 0, 0, 0 );
776 send_ldap_result( conn, op, LDAP_OTHER,
777 NULL, "encode entry end error", NULL, NULL );
781 bytes = send_ldap_ber( conn, ber );
785 Debug( LDAP_DEBUG_ANY,
786 "send_ldap_response: ber write failed\n",
791 ldap_pvt_thread_mutex_lock( &num_sent_mutex );
792 num_bytes_sent += bytes;
795 ldap_pvt_thread_mutex_unlock( &num_sent_mutex );
797 Statslog( LDAP_DEBUG_STATS2, "conn=%ld op=%ld ENTRY dn=\"%s\"\n",
798 (long) conn->c_connid, (long) op->o_opid, e->e_dn, 0, 0 );
800 Debug( LDAP_DEBUG_TRACE, "<= send_search_entry\n", 0, 0, 0 );
809 send_search_reference(
814 struct berval **refs,
817 struct berval ***v2refs
824 AttributeDescription *ad_ref = slap_schema.si_ad_ref;
825 AttributeDescription *ad_entry = slap_schema.si_ad_entry;
827 Debug( LDAP_DEBUG_TRACE, "=> send_search_reference (%s)\n", e->e_dn, 0, 0 );
829 if ( ! access_allowed( be, conn, op, e,
830 ad_entry, NULL, ACL_READ ) )
832 Debug( LDAP_DEBUG_ACL,
833 "send_search_reference: access to entry not allowed\n",
838 if ( ! access_allowed( be, conn, op, e,
839 ad_ref, NULL, ACL_READ ) )
841 Debug( LDAP_DEBUG_ACL,
842 "send_search_reference: access to reference not allowed\n",
848 Debug( LDAP_DEBUG_ANY,
849 "send_search_reference: null ref in (%s)\n",
854 if( op->o_protocol < LDAP_VERSION3 ) {
855 /* save the references for the result */
856 if( *refs != NULL ) {
857 value_add( v2refs, refs );
862 ber = ber_alloc_t( LBER_USE_DER );
865 Debug( LDAP_DEBUG_ANY,
866 "send_search_reference: ber_alloc failed\n", 0, 0, 0 );
867 send_ldap_result( conn, op, LDAP_OTHER,
868 NULL, "alloc BER error", NULL, NULL );
872 rc = ber_printf( ber, "{it{V}N}", op->o_msgid,
873 LDAP_RES_SEARCH_REFERENCE, refs );
876 Debug( LDAP_DEBUG_ANY,
877 "send_search_reference: ber_printf failed\n", 0, 0, 0 );
879 send_ldap_result( conn, op, LDAP_OTHER,
880 NULL, "encode DN error", NULL, NULL );
884 bytes = send_ldap_ber( conn, ber );
887 ldap_pvt_thread_mutex_lock( &num_sent_mutex );
888 num_bytes_sent += bytes;
891 ldap_pvt_thread_mutex_unlock( &num_sent_mutex );
893 Statslog( LDAP_DEBUG_STATS2, "conn=%ld op=%ld ENTRY dn=\"%s\"\n",
894 (long) conn->c_connid, (long) op->o_opid, e->e_dn, 0, 0 );
896 Debug( LDAP_DEBUG_TRACE, "<= send_search_reference\n", 0, 0, 0 );
913 *code = LDAP_SUCCESS;
917 if ( strncasecmp( s, "RESULT", 6 ) != 0 ) {
918 Debug( LDAP_DEBUG_ANY, "str2result (%s) expecting \"RESULT\"\n",
925 while ( (s = strchr( s, '\n' )) != NULL ) {
930 if ( (c = strchr( s, ':' )) != NULL ) {
934 if ( strncasecmp( s, "code", 4 ) == 0 ) {
938 } else if ( strncasecmp( s, "matched", 7 ) == 0 ) {
942 } else if ( strncasecmp( s, "info", 4 ) == 0 ) {
947 Debug( LDAP_DEBUG_ANY, "str2result (%s) unknown\n",
projects / openldap / blob