1 /* result.c - routines to send ldap results, errors, and referrals */
3 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
5 * Copyright 1998-2009 The OpenLDAP Foundation.
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted only as authorized by the OpenLDAP
12 * A copy of this license is available in the file LICENSE in the
13 * top-level directory of the distribution or, alternatively, at
14 * <http://www.OpenLDAP.org/license.html>.
16 /* Portions Copyright (c) 1995 Regents of the University of Michigan.
17 * All rights reserved.
19 * Redistribution and use in source and binary forms are permitted
20 * provided that this notice is preserved and that due credit is given
21 * to the University of Michigan at Ann Arbor. The name of the University
22 * may not be used to endorse or promote products derived from this
23 * software without specific prior written permission. This software
24 * is provided ``as is'' without express or implied warranty.
31 #include <ac/socket.h>
33 #include <ac/string.h>
36 #include <ac/unistd.h>
40 const struct berval slap_dummy_bv = BER_BVNULL;
42 int slap_null_cb( Operation *op, SlapReply *rs )
47 int slap_freeself_cb( Operation *op, SlapReply *rs )
49 assert( op->o_callback != NULL );
51 op->o_tmpfree( op->o_callback, op->o_tmpmemctx );
52 op->o_callback = NULL;
54 return SLAP_CB_CONTINUE;
57 static char *v2ref( BerVarray ref, const char *text )
59 size_t len = 0, i = 0;
64 return ch_strdup(text);
72 if (text[len-1] != '\n') {
77 v2 = ch_malloc( len+i+sizeof("Referral:") );
85 strcpy( v2+len, "Referral:" );
86 len += sizeof("Referral:");
88 for( i=0; ref[i].bv_val != NULL; i++ ) {
89 v2 = ch_realloc( v2, len + ref[i].bv_len + 1 );
91 AC_MEMCPY(&v2[len], ref[i].bv_val, ref[i].bv_len );
93 if (ref[i].bv_val[ref[i].bv_len-1] != '/') {
103 slap_req2res( ber_tag_t tag )
108 case LDAP_REQ_COMPARE:
109 case LDAP_REQ_EXTENDED:
110 case LDAP_REQ_MODIFY:
111 case LDAP_REQ_MODRDN:
115 case LDAP_REQ_DELETE:
116 tag = LDAP_RES_DELETE;
119 case LDAP_REQ_ABANDON:
120 case LDAP_REQ_UNBIND:
124 case LDAP_REQ_SEARCH:
125 tag = LDAP_RES_SEARCH_RESULT;
135 static long send_ldap_ber(
143 ber_get_option( ber, LBER_OPT_BER_BYTES_TO_WRITE, &bytes );
145 /* write only one pdu at a time - wait til it's our turn */
146 ldap_pvt_thread_mutex_lock( &conn->c_write1_mutex );
147 if ( connection_state_closing( conn )) {
148 ldap_pvt_thread_mutex_unlock( &conn->c_write1_mutex );
151 while ( conn->c_writers > 0 ) {
152 ldap_pvt_thread_cond_wait( &conn->c_write1_cv, &conn->c_write1_mutex );
154 /* connection was closed under us */
155 if ( conn->c_writers < 0 ) {
157 /* we're the last waiter, let the closer continue */
158 if ( conn->c_writers == -1 )
159 ldap_pvt_thread_cond_signal( &conn->c_write1_cv );
165 ldap_pvt_thread_mutex_unlock( &conn->c_write1_mutex );
173 /* lock the connection */
174 if ( ldap_pvt_thread_mutex_trylock( &conn->c_mutex )) {
175 ldap_pvt_thread_mutex_unlock( &conn->c_write1_mutex );
176 ldap_pvt_thread_mutex_lock( &conn->c_write1_mutex );
177 if ( conn->c_writers < 0 ) {
184 if ( ber_flush2( conn->c_sb, ber, LBER_FLUSH_FREE_NEVER ) == 0 ) {
185 ldap_pvt_thread_mutex_unlock( &conn->c_mutex );
193 * we got an error. if it's ewouldblock, we need to
194 * wait on the socket being writable. otherwise, figure
195 * it's a hard error and return.
198 Debug( LDAP_DEBUG_CONNS, "ber_flush2 failed errno=%d reason=\"%s\"\n",
199 err, sock_errstr(err), 0 );
201 if ( err != EWOULDBLOCK && err != EAGAIN ) {
202 ldap_pvt_thread_mutex_unlock( &conn->c_write1_mutex );
203 connection_closing( conn, "connection lost on write" );
205 ldap_pvt_thread_mutex_unlock( &conn->c_mutex );
206 ldap_pvt_thread_mutex_lock( &conn->c_write1_mutex );
212 /* wait for socket to be write-ready */
213 ldap_pvt_thread_mutex_lock( &conn->c_write2_mutex );
214 conn->c_writewaiter = 1;
215 slapd_set_write( conn->c_sd, 1 );
217 ldap_pvt_thread_mutex_unlock( &conn->c_write1_mutex );
218 ldap_pvt_thread_mutex_unlock( &conn->c_mutex );
219 ldap_pvt_thread_cond_wait( &conn->c_write2_cv, &conn->c_write2_mutex );
220 conn->c_writewaiter = 0;
221 ldap_pvt_thread_mutex_unlock( &conn->c_write2_mutex );
222 ldap_pvt_thread_mutex_lock( &conn->c_write1_mutex );
223 if ( conn->c_writers < 0 ) {
229 if ( conn->c_writers < 0 ) {
231 if ( !conn->c_writers )
232 ldap_pvt_thread_cond_signal( &conn->c_write1_cv );
235 ldap_pvt_thread_cond_signal( &conn->c_write1_cv );
237 ldap_pvt_thread_mutex_unlock( &conn->c_write1_mutex );
243 send_ldap_control( BerElement *ber, LDAPControl *c )
249 rc = ber_printf( ber, "{s" /*}*/, c->ldctl_oid );
251 if( c->ldctl_iscritical ) {
252 rc = ber_printf( ber, "b",
253 (ber_int_t) c->ldctl_iscritical ) ;
254 if( rc == -1 ) return rc;
257 if( c->ldctl_value.bv_val != NULL ) {
258 rc = ber_printf( ber, "O", &c->ldctl_value );
259 if( rc == -1 ) return rc;
262 rc = ber_printf( ber, /*{*/"N}" );
263 if( rc == -1 ) return rc;
269 send_ldap_controls( Operation *o, BerElement *ber, LDAPControl **c )
276 rc = ber_printf( ber, "t{"/*}*/, LDAP_TAG_CONTROLS );
277 if( rc == -1 ) return rc;
279 for( ; *c != NULL; c++) {
280 rc = send_ldap_control( ber, *c );
281 if( rc == -1 ) return rc;
284 #ifdef SLAP_CONTROL_X_SORTEDRESULTS
285 /* this is a hack to avoid having to modify op->s_ctrls */
286 if( o->o_sortedresults ) {
287 BerElementBuffer berbuf;
288 BerElement *sber = (BerElement *) &berbuf;
290 BER_BVZERO( &sorted.ldctl_value );
291 sorted.ldctl_oid = LDAP_CONTROL_SORTRESPONSE;
292 sorted.ldctl_iscritical = 0;
294 ber_init2( sber, NULL, LBER_USE_DER );
296 ber_printf( sber, "{e}", LDAP_UNWILLING_TO_PERFORM );
298 if( ber_flatten2( ber, &sorted.ldctl_value, 0 ) == -1 ) {
302 (void) ber_free_buf( ber );
304 rc = send_ldap_control( ber, &sorted );
305 if( rc == -1 ) return rc;
309 rc = ber_printf( ber, /*{*/"N}" );
315 * slap_response_play()
317 * plays the callback list; rationale: a callback can
318 * - remove itself from the list, by setting op->o_callback = NULL;
319 * malloc()'ed callbacks should free themselves from inside the
320 * sc_response() function.
321 * - replace itself with another (list of) callback(s), by setting
322 * op->o_callback = a new (list of) callback(s); in this case, it
323 * is the callback's responsibility to to append existing subsequent
324 * callbacks to the end of the list that is passed to the sc_response()
326 * - modify the list of subsequent callbacks by modifying the value
327 * of the sc_next field from inside the sc_response() function; this
328 * case does not require any handling from inside slap_response_play()
330 * To stop execution of the playlist, the sc_response() function must return
331 * a value different from SLAP_SC_CONTINUE.
333 * The same applies to slap_cleanup_play(); only, there is no means to stop
334 * execution of the playlist, since all cleanup functions must be called.
343 slap_callback *sc = op->o_callback, **scp;
345 rc = SLAP_CB_CONTINUE;
346 for ( scp = ≻ *scp; ) {
347 slap_callback *sc_next = (*scp)->sc_next, **sc_nextp = &(*scp)->sc_next;
349 op->o_callback = *scp;
350 if ( op->o_callback->sc_response ) {
351 rc = op->o_callback->sc_response( op, rs );
352 if ( op->o_callback == NULL ) {
353 /* the callback has been removed;
358 } else if ( op->o_callback != *scp ) {
359 /* a new callback has been inserted
360 * in place of the existing one; repair the list */
361 *scp = op->o_callback;
364 if ( rc != SLAP_CB_CONTINUE ) break;
378 slap_callback *sc = op->o_callback, **scp;
380 for ( scp = ≻ *scp; ) {
381 slap_callback *sc_next = (*scp)->sc_next, **sc_nextp = &(*scp)->sc_next;
383 op->o_callback = *scp;
384 if ( op->o_callback->sc_cleanup ) {
385 (void)op->o_callback->sc_cleanup( op, rs );
386 if ( op->o_callback == NULL ) {
387 /* the callback has been removed;
392 } else if ( op->o_callback != *scp ) {
393 /* a new callback has been inserted
394 * after the existing one; repair the list */
395 /* a new callback has been inserted
396 * in place of the existing one; repair the list */
397 *scp = op->o_callback;
400 /* don't care about the result; do all cleanup */
414 BerElementBuffer berbuf;
415 BerElement *ber = (BerElement *) &berbuf;
416 int rc = LDAP_SUCCESS;
419 if ( rs->sr_err == SLAPD_ABANDON || op->o_abandon ) {
424 if ( op->o_callback ) {
425 rc = slap_response_play( op, rs );
426 if ( rc != SLAP_CB_CONTINUE ) {
431 #ifdef LDAP_CONNECTIONLESS
432 if (op->o_conn && op->o_conn->c_is_udp)
437 ber_init_w_nullc( ber, LBER_USE_DER );
438 ber_set_option( ber, LBER_OPT_BER_MEMCTX, &op->o_tmpmemctx );
441 Debug( LDAP_DEBUG_TRACE,
442 "send_ldap_response: msgid=%d tag=%lu err=%d\n",
443 rs->sr_msgid, rs->sr_tag, rs->sr_err );
446 Debug( LDAP_DEBUG_ARGS, "send_ldap_response: ref=\"%s\"\n",
447 rs->sr_ref[0].bv_val ? rs->sr_ref[0].bv_val : "NULL",
451 #ifdef LDAP_CONNECTIONLESS
452 if (op->o_conn && op->o_conn->c_is_udp &&
453 op->o_protocol == LDAP_VERSION2 )
455 rc = ber_printf( ber, "t{ess" /*"}"*/,
456 rs->sr_tag, rs->sr_err,
457 rs->sr_matched == NULL ? "" : rs->sr_matched,
458 rs->sr_text == NULL ? "" : rs->sr_text );
461 if ( rs->sr_type == REP_INTERMEDIATE ) {
462 rc = ber_printf( ber, "{it{" /*"}}"*/,
463 rs->sr_msgid, rs->sr_tag );
466 rc = ber_printf( ber, "{it{ess" /*"}}"*/,
467 rs->sr_msgid, rs->sr_tag, rs->sr_err,
468 rs->sr_matched == NULL ? "" : rs->sr_matched,
469 rs->sr_text == NULL ? "" : rs->sr_text );
473 if ( rs->sr_ref != NULL ) {
474 assert( rs->sr_err == LDAP_REFERRAL );
475 rc = ber_printf( ber, "t{W}",
476 LDAP_TAG_REFERRAL, rs->sr_ref );
478 assert( rs->sr_err != LDAP_REFERRAL );
482 if( rc != -1 && rs->sr_type == REP_SASL && rs->sr_sasldata != NULL ) {
483 rc = ber_printf( ber, "tO",
484 LDAP_TAG_SASL_RES_CREDS, rs->sr_sasldata );
488 ( rs->sr_type == REP_EXTENDED || rs->sr_type == REP_INTERMEDIATE ))
490 if ( rs->sr_rspoid != NULL ) {
491 rc = ber_printf( ber, "ts",
492 rs->sr_type == REP_EXTENDED
493 ? LDAP_TAG_EXOP_RES_OID : LDAP_TAG_IM_RES_OID,
496 if( rc != -1 && rs->sr_rspdata != NULL ) {
497 rc = ber_printf( ber, "tO",
498 rs->sr_type == REP_EXTENDED
499 ? LDAP_TAG_EXOP_RES_VALUE : LDAP_TAG_IM_RES_VALUE,
505 rc = ber_printf( ber, /*"{"*/ "N}" );
509 rc = send_ldap_controls( op, ber, rs->sr_ctrls );
513 rc = ber_printf( ber, /*"{"*/ "N}" );
516 #ifdef LDAP_CONNECTIONLESS
517 if( op->o_conn && op->o_conn->c_is_udp && op->o_protocol == LDAP_VERSION2
520 rc = ber_printf( ber, /*"{"*/ "N}" );
525 Debug( LDAP_DEBUG_ANY, "ber_printf failed\n", 0, 0, 0 );
527 #ifdef LDAP_CONNECTIONLESS
528 if (!op->o_conn || op->o_conn->c_is_udp == 0)
537 bytes = send_ldap_ber( op->o_conn, ber );
538 #ifdef LDAP_CONNECTIONLESS
539 if (!op->o_conn || op->o_conn->c_is_udp == 0)
546 Debug( LDAP_DEBUG_ANY,
547 "send_ldap_response: ber write failed\n",
553 ldap_pvt_thread_mutex_lock( &op->o_counters->sc_mutex );
554 ldap_pvt_mp_add_ulong( op->o_counters->sc_pdu, 1 );
555 ldap_pvt_mp_add_ulong( op->o_counters->sc_bytes, (unsigned long)bytes );
556 ldap_pvt_thread_mutex_unlock( &op->o_counters->sc_mutex );
559 /* Tell caller that we did this for real, as opposed to being
560 * overridden by a callback
562 rc = SLAP_CB_CONTINUE;
565 if ( op->o_callback ) {
566 (void)slap_cleanup_play( op, rs );
569 if ( rs->sr_flags & REP_MATCHED_MUSTBEFREED ) {
570 rs->sr_flags ^= REP_MATCHED_MUSTBEFREED; /* paranoia */
571 if ( rs->sr_matched ) {
572 free( (char *)rs->sr_matched );
573 rs->sr_matched = NULL;
577 if ( rs->sr_flags & REP_REF_MUSTBEFREED ) {
578 rs->sr_flags ^= REP_REF_MUSTBEFREED; /* paranoia */
580 ber_bvarray_free( rs->sr_ref );
585 if ( rs->sr_flags & REP_CTRLS_MUSTBEFREED ) {
586 rs->sr_flags ^= REP_CTRLS_MUSTBEFREED; /* paranoia */
587 if ( rs->sr_ctrls ) {
588 slap_free_ctrls( op, rs->sr_ctrls );
598 send_ldap_disconnect( Operation *op, SlapReply *rs )
600 #define LDAP_UNSOLICITED_ERROR(e) \
601 ( (e) == LDAP_PROTOCOL_ERROR \
602 || (e) == LDAP_STRONG_AUTH_REQUIRED \
603 || (e) == LDAP_UNAVAILABLE )
605 assert( LDAP_UNSOLICITED_ERROR( rs->sr_err ) );
607 rs->sr_type = REP_EXTENDED;
609 Debug( LDAP_DEBUG_TRACE,
610 "send_ldap_disconnect %d:%s\n",
611 rs->sr_err, rs->sr_text ? rs->sr_text : "", NULL );
613 if ( op->o_protocol < LDAP_VERSION3 ) {
614 rs->sr_rspoid = NULL;
615 rs->sr_tag = slap_req2res( op->o_tag );
616 rs->sr_msgid = (rs->sr_tag != LBER_SEQUENCE) ? op->o_msgid : 0;
619 rs->sr_rspoid = LDAP_NOTICE_DISCONNECT;
620 rs->sr_tag = LDAP_RES_EXTENDED;
621 rs->sr_msgid = LDAP_RES_UNSOLICITED;
624 if ( send_ldap_response( op, rs ) == SLAP_CB_CONTINUE ) {
625 Statslog( LDAP_DEBUG_STATS,
626 "%s DISCONNECT tag=%lu err=%d text=%s\n",
627 op->o_log_prefix, rs->sr_tag, rs->sr_err,
628 rs->sr_text ? rs->sr_text : "", 0 );
633 slap_send_ldap_result( Operation *op, SlapReply *rs )
636 const char *otext = rs->sr_text;
637 BerVarray oref = rs->sr_ref;
639 rs->sr_type = REP_RESULT;
641 /* Propagate Abandons so that cleanup callbacks can be processed */
642 if ( rs->sr_err == SLAPD_ABANDON || op->o_abandon )
645 assert( !LDAP_API_ERROR( rs->sr_err ) );
647 Debug( LDAP_DEBUG_TRACE,
648 "send_ldap_result: %s p=%d\n",
649 op->o_log_prefix, op->o_protocol, 0 );
651 Debug( LDAP_DEBUG_ARGS,
652 "send_ldap_result: err=%d matched=\"%s\" text=\"%s\"\n",
653 rs->sr_err, rs->sr_matched ? rs->sr_matched : "",
654 rs->sr_text ? rs->sr_text : "" );
658 Debug( LDAP_DEBUG_ARGS,
659 "send_ldap_result: referral=\"%s\"\n",
660 rs->sr_ref[0].bv_val ? rs->sr_ref[0].bv_val : "NULL",
664 assert( rs->sr_err != LDAP_PARTIAL_RESULTS );
666 if ( rs->sr_err == LDAP_REFERRAL ) {
667 if( op->o_domain_scope ) rs->sr_ref = NULL;
669 if( rs->sr_ref == NULL ) {
670 rs->sr_err = LDAP_NO_SUCH_OBJECT;
671 } else if ( op->o_protocol < LDAP_VERSION3 ) {
672 rs->sr_err = LDAP_PARTIAL_RESULTS;
676 if ( op->o_protocol < LDAP_VERSION3 ) {
677 tmp = v2ref( rs->sr_ref, rs->sr_text );
683 rs->sr_tag = slap_req2res( op->o_tag );
684 rs->sr_msgid = (rs->sr_tag != LBER_SEQUENCE) ? op->o_msgid : 0;
686 if ( rs->sr_flags & REP_REF_MUSTBEFREED ) {
687 if ( rs->sr_ref == NULL ) {
688 rs->sr_flags ^= REP_REF_MUSTBEFREED;
689 ber_bvarray_free( oref );
691 oref = NULL; /* send_ldap_response() will free rs->sr_ref if != NULL */
694 if ( send_ldap_response( op, rs ) == SLAP_CB_CONTINUE ) {
695 if ( op->o_tag == LDAP_REQ_SEARCH ) {
696 Statslog( LDAP_DEBUG_STATS,
697 "%s SEARCH RESULT tag=%lu err=%d nentries=%d text=%s\n",
698 op->o_log_prefix, rs->sr_tag, rs->sr_err,
699 rs->sr_nentries, rs->sr_text ? rs->sr_text : "" );
701 Statslog( LDAP_DEBUG_STATS,
702 "%s RESULT tag=%lu err=%d text=%s\n",
703 op->o_log_prefix, rs->sr_tag, rs->sr_err,
704 rs->sr_text ? rs->sr_text : "", 0 );
708 if( tmp != NULL ) ch_free(tmp);
714 send_ldap_sasl( Operation *op, SlapReply *rs )
716 rs->sr_type = REP_SASL;
717 Debug( LDAP_DEBUG_TRACE, "send_ldap_sasl: err=%d len=%ld\n",
719 rs->sr_sasldata ? (long) rs->sr_sasldata->bv_len : -1, NULL );
721 rs->sr_tag = slap_req2res( op->o_tag );
722 rs->sr_msgid = (rs->sr_tag != LBER_SEQUENCE) ? op->o_msgid : 0;
724 if ( send_ldap_response( op, rs ) == SLAP_CB_CONTINUE ) {
725 Statslog( LDAP_DEBUG_STATS,
726 "%s RESULT tag=%lu err=%d text=%s\n",
727 op->o_log_prefix, rs->sr_tag, rs->sr_err,
728 rs->sr_text ? rs->sr_text : "", 0 );
733 slap_send_ldap_extended( Operation *op, SlapReply *rs )
735 rs->sr_type = REP_EXTENDED;
737 Debug( LDAP_DEBUG_TRACE,
738 "send_ldap_extended: err=%d oid=%s len=%ld\n",
740 rs->sr_rspoid ? rs->sr_rspoid : "",
741 rs->sr_rspdata != NULL ? rs->sr_rspdata->bv_len : 0 );
743 rs->sr_tag = slap_req2res( op->o_tag );
744 rs->sr_msgid = (rs->sr_tag != LBER_SEQUENCE) ? op->o_msgid : 0;
746 if ( send_ldap_response( op, rs ) == SLAP_CB_CONTINUE ) {
747 Statslog( LDAP_DEBUG_STATS,
748 "%s RESULT oid=%s err=%d text=%s\n",
749 op->o_log_prefix, rs->sr_rspoid ? rs->sr_rspoid : "",
750 rs->sr_err, rs->sr_text ? rs->sr_text : "", 0 );
755 slap_send_ldap_intermediate( Operation *op, SlapReply *rs )
757 rs->sr_type = REP_INTERMEDIATE;
758 Debug( LDAP_DEBUG_TRACE,
759 "send_ldap_intermediate: err=%d oid=%s len=%ld\n",
761 rs->sr_rspoid ? rs->sr_rspoid : "",
762 rs->sr_rspdata != NULL ? rs->sr_rspdata->bv_len : 0 );
763 rs->sr_tag = LDAP_RES_INTERMEDIATE;
764 rs->sr_msgid = op->o_msgid;
765 if ( send_ldap_response( op, rs ) == SLAP_CB_CONTINUE ) {
766 Statslog( LDAP_DEBUG_STATS2,
767 "%s INTERM oid=%s\n",
769 rs->sr_rspoid ? rs->sr_rspoid : "", 0, 0, 0 );
776 * LDAP_SUCCESS entry sent
777 * LDAP_OTHER entry not sent (other)
778 * LDAP_INSUFFICIENT_ACCESS entry not sent (ACL)
779 * LDAP_UNAVAILABLE entry not sent (connection closed)
780 * LDAP_SIZELIMIT_EXCEEDED entry not sent (caller must send sizelimitExceeded)
784 slap_send_search_entry( Operation *op, SlapReply *rs )
786 BerElementBuffer berbuf;
787 BerElement *ber = (BerElement *) &berbuf;
789 int i, j, rc = LDAP_UNAVAILABLE, bytes;
791 AccessControlState acl_state = ACL_STATE_INIT;
793 AttributeDescription *ad_entry = slap_schema.si_ad_entry;
795 /* a_flags: array of flags telling if the i-th element will be
796 * returned or filtered out
797 * e_flags: array of a_flags
799 char **e_flags = NULL;
801 if ( op->ors_slimit >= 0 && rs->sr_nentries >= op->ors_slimit ) {
802 return LDAP_SIZELIMIT_EXCEEDED;
805 /* Every 64 entries, check for thread pool pause */
806 if ( ( ( rs->sr_nentries & 0x3f ) == 0x3f ) &&
807 ldap_pvt_thread_pool_pausing( &connection_pool ) > 0 )
812 rs->sr_type = REP_SEARCH;
814 /* eventually will loop through generated operational attribute types
815 * currently implemented types include:
816 * entryDN, subschemaSubentry, and hasSubordinates */
817 /* NOTE: moved before overlays callback circling because
818 * they may modify entry and other stuff in rs */
819 /* check for special all operational attributes ("+") type */
820 /* FIXME: maybe we could set this flag at the operation level;
821 * however, in principle the caller of send_search_entry() may
822 * change the attribute list at each call */
823 rs->sr_attr_flags = slap_attr_flags( rs->sr_attrs );
825 rc = backend_operational( op, rs );
830 if ( op->o_callback ) {
831 rc = slap_response_play( op, rs );
832 if ( rc != SLAP_CB_CONTINUE ) {
837 Debug( LDAP_DEBUG_TRACE, "=> send_search_entry: conn %lu dn=\"%s\"%s\n",
838 op->o_connid, rs->sr_entry->e_name.bv_val,
839 op->ors_attrsonly ? " (attrsOnly)" : "" );
841 attrsonly = op->ors_attrsonly;
843 if ( !access_allowed( op, rs->sr_entry, ad_entry, NULL, ACL_READ, NULL )) {
844 Debug( LDAP_DEBUG_ACL,
845 "send_search_entry: conn %lu access to entry (%s) not allowed\n",
846 op->o_connid, rs->sr_entry->e_name.bv_val, 0 );
848 rc = LDAP_INSUFFICIENT_ACCESS;
852 if ( op->o_res_ber ) {
853 /* read back control or LDAP_CONNECTIONLESS */
858 bv.bv_len = entry_flatsize( rs->sr_entry, 0 );
859 bv.bv_val = op->o_tmpalloc( bv.bv_len, op->o_tmpmemctx );
861 ber_init2( ber, &bv, LBER_USE_DER );
862 ber_set_option( ber, LBER_OPT_BER_MEMCTX, &op->o_tmpmemctx );
865 #ifdef LDAP_CONNECTIONLESS
866 if ( op->o_conn && op->o_conn->c_is_udp ) {
868 if ( op->o_protocol == LDAP_VERSION2 ) {
869 rc = ber_printf(ber, "t{O{" /*}}*/,
870 LDAP_RES_SEARCH_ENTRY, &rs->sr_entry->e_name );
872 rc = ber_printf( ber, "{it{O{" /*}}}*/, op->o_msgid,
873 LDAP_RES_SEARCH_ENTRY, &rs->sr_entry->e_name );
877 if ( op->o_res_ber ) {
878 /* read back control */
879 rc = ber_printf( ber, "{O{" /*}}*/, &rs->sr_entry->e_name );
881 rc = ber_printf( ber, "{it{O{" /*}}}*/, op->o_msgid,
882 LDAP_RES_SEARCH_ENTRY, &rs->sr_entry->e_name );
886 Debug( LDAP_DEBUG_ANY,
887 "send_search_entry: conn %lu ber_printf failed\n",
888 op->o_connid, 0, 0 );
890 if ( op->o_res_ber == NULL ) ber_free_buf( ber );
891 send_ldap_error( op, rs, LDAP_OTHER, "encoding DN error" );
896 /* check for special all user attributes ("*") type */
897 userattrs = SLAP_USERATTRS( rs->sr_attr_flags );
899 /* create an array of arrays of flags. Each flag corresponds
900 * to particular value of attribute and equals 1 if value matches
901 * to ValuesReturnFilter or 0 if not
903 if ( op->o_vrFilter != NULL ) {
907 for ( a = rs->sr_entry->e_attrs, i=0; a != NULL; a = a->a_next, i++ ) {
908 for ( j = 0; a->a_vals[j].bv_val != NULL; j++ ) k++;
911 size = i * sizeof(char *) + k;
914 e_flags = slap_sl_calloc ( 1, i * sizeof(char *) + k, op->o_tmpmemctx );
915 if( e_flags == NULL ) {
916 Debug( LDAP_DEBUG_ANY,
917 "send_search_entry: conn %lu slap_sl_calloc failed\n",
918 op->o_connid ? op->o_connid : 0, 0, 0 );
921 send_ldap_error( op, rs, LDAP_OTHER, "out of memory" );
924 a_flags = (char *)(e_flags + i);
925 memset( a_flags, 0, k );
926 for ( a=rs->sr_entry->e_attrs, i=0; a != NULL; a=a->a_next, i++ ) {
927 for ( j = 0; a->a_vals[j].bv_val != NULL; j++ );
928 e_flags[i] = a_flags;
932 rc = filter_matched_values(op, rs->sr_entry->e_attrs, &e_flags) ;
934 Debug( LDAP_DEBUG_ANY, "send_search_entry: "
935 "conn %lu matched values filtering failed\n",
936 op->o_connid ? op->o_connid : 0, 0, 0 );
937 if ( op->o_res_ber == NULL ) ber_free_buf( ber );
938 send_ldap_error( op, rs, LDAP_OTHER,
939 "matched values filtering error" );
946 for ( a = rs->sr_entry->e_attrs, j = 0; a != NULL; a = a->a_next, j++ ) {
947 AttributeDescription *desc = a->a_desc;
950 if ( rs->sr_attrs == NULL ) {
951 /* all user attrs request, skip operational attributes */
952 if( is_at_operational( desc->ad_type ) ) {
957 /* specific attrs requested */
958 if ( is_at_operational( desc->ad_type ) ) {
959 /* if not explicitly requested */
960 if ( !ad_inlist( desc, rs->sr_attrs )) {
961 /* if not all op attrs requested, skip */
962 if ( !SLAP_OPATTRS( rs->sr_attr_flags ))
964 /* if DSA-specific and replicating, skip */
965 if ( op->o_sync != SLAP_CONTROL_NONE &&
966 desc->ad_type->sat_usage == LDAP_SCHEMA_DSA_OPERATION )
970 if ( !userattrs && !ad_inlist( desc, rs->sr_attrs ) ) {
977 if ( ! access_allowed( op, rs->sr_entry, desc, NULL,
978 ACL_READ, &acl_state ) )
980 Debug( LDAP_DEBUG_ACL, "send_search_entry: "
981 "conn %lu access to attribute %s not allowed\n",
982 op->o_connid, desc->ad_cname.bv_val, 0 );
986 if (( rc = ber_printf( ber, "{O[" /*]}*/ , &desc->ad_cname )) == -1 ) {
987 Debug( LDAP_DEBUG_ANY,
988 "send_search_entry: conn %lu ber_printf failed\n",
989 op->o_connid, 0, 0 );
991 if ( op->o_res_ber == NULL ) ber_free_buf( ber );
992 send_ldap_error( op, rs, LDAP_OTHER,
993 "encoding description error");
1001 for ( i = 0; a->a_nvals[i].bv_val != NULL; i++ ) {
1002 if ( ! access_allowed( op, rs->sr_entry,
1003 desc, &a->a_nvals[i], ACL_READ, &acl_state ) )
1005 Debug( LDAP_DEBUG_ACL,
1006 "send_search_entry: conn %lu "
1007 "access to attribute %s, value #%d not allowed\n",
1008 op->o_connid, desc->ad_cname.bv_val, i );
1013 if ( op->o_vrFilter && e_flags[j][i] == 0 ){
1020 if (( rc = ber_printf( ber, "{O[" /*]}*/ , &desc->ad_cname )) == -1 ) {
1021 Debug( LDAP_DEBUG_ANY,
1022 "send_search_entry: conn %lu ber_printf failed\n",
1023 op->o_connid, 0, 0 );
1025 if ( op->o_res_ber == NULL ) ber_free_buf( ber );
1026 send_ldap_error( op, rs, LDAP_OTHER,
1027 "encoding description error");
1032 if (( rc = ber_printf( ber, "O", &a->a_vals[i] )) == -1 ) {
1033 Debug( LDAP_DEBUG_ANY,
1034 "send_search_entry: conn %lu "
1035 "ber_printf failed.\n", op->o_connid, 0, 0 );
1037 if ( op->o_res_ber == NULL ) ber_free_buf( ber );
1038 send_ldap_error( op, rs, LDAP_OTHER,
1039 "encoding values error" );
1046 if ( finish && ( rc = ber_printf( ber, /*{[*/ "]N}" )) == -1 ) {
1047 Debug( LDAP_DEBUG_ANY,
1048 "send_search_entry: conn %lu ber_printf failed\n",
1049 op->o_connid, 0, 0 );
1051 if ( op->o_res_ber == NULL ) ber_free_buf( ber );
1052 send_ldap_error( op, rs, LDAP_OTHER, "encode end error" );
1058 /* NOTE: moved before overlays callback circling because
1059 * they may modify entry and other stuff in rs */
1060 if ( rs->sr_operational_attrs != NULL && op->o_vrFilter != NULL ) {
1064 for ( a = rs->sr_operational_attrs, i=0; a != NULL; a = a->a_next, i++ ) {
1065 for ( j = 0; a->a_vals[j].bv_val != NULL; j++ ) k++;
1068 size = i * sizeof(char *) + k;
1070 char *a_flags, **tmp;
1073 * Reuse previous memory - we likely need less space
1074 * for operational attributes
1076 tmp = slap_sl_realloc( e_flags, i * sizeof(char *) + k,
1078 if ( tmp == NULL ) {
1079 Debug( LDAP_DEBUG_ANY,
1080 "send_search_entry: conn %lu "
1081 "not enough memory "
1082 "for matched values filtering\n",
1083 op->o_connid, 0, 0 );
1084 if ( op->o_res_ber == NULL ) ber_free_buf( ber );
1085 send_ldap_error( op, rs, LDAP_OTHER,
1086 "not enough memory for matched values filtering" );
1090 a_flags = (char *)(e_flags + i);
1091 memset( a_flags, 0, k );
1092 for ( a = rs->sr_operational_attrs, i=0; a != NULL; a = a->a_next, i++ ) {
1093 for ( j = 0; a->a_vals[j].bv_val != NULL; j++ );
1094 e_flags[i] = a_flags;
1097 rc = filter_matched_values(op, rs->sr_operational_attrs, &e_flags) ;
1100 Debug( LDAP_DEBUG_ANY,
1101 "send_search_entry: conn %lu "
1102 "matched values filtering failed\n",
1103 op->o_connid ? op->o_connid : 0, 0, 0);
1104 if ( op->o_res_ber == NULL ) ber_free_buf( ber );
1105 send_ldap_error( op, rs, LDAP_OTHER,
1106 "matched values filtering error" );
1113 for (a = rs->sr_operational_attrs, j=0; a != NULL; a = a->a_next, j++ ) {
1114 AttributeDescription *desc = a->a_desc;
1116 if ( rs->sr_attrs == NULL ) {
1117 /* all user attrs request, skip operational attributes */
1118 if( is_at_operational( desc->ad_type ) ) {
1123 /* specific attrs requested */
1124 if( is_at_operational( desc->ad_type ) ) {
1125 if ( !SLAP_OPATTRS( rs->sr_attr_flags ) &&
1126 !ad_inlist( desc, rs->sr_attrs ) )
1131 if ( !userattrs && !ad_inlist( desc, rs->sr_attrs ) ) {
1137 if ( ! access_allowed( op, rs->sr_entry, desc, NULL,
1138 ACL_READ, &acl_state ) )
1140 Debug( LDAP_DEBUG_ACL,
1141 "send_search_entry: conn %lu "
1142 "access to attribute %s not allowed\n",
1143 op->o_connid, desc->ad_cname.bv_val, 0 );
1148 rc = ber_printf( ber, "{O[" /*]}*/ , &desc->ad_cname );
1150 Debug( LDAP_DEBUG_ANY,
1151 "send_search_entry: conn %lu "
1152 "ber_printf failed\n", op->o_connid, 0, 0 );
1154 if ( op->o_res_ber == NULL ) ber_free_buf( ber );
1155 send_ldap_error( op, rs, LDAP_OTHER,
1156 "encoding description error" );
1161 if ( ! attrsonly ) {
1162 for ( i = 0; a->a_vals[i].bv_val != NULL; i++ ) {
1163 if ( ! access_allowed( op, rs->sr_entry,
1164 desc, &a->a_vals[i], ACL_READ, &acl_state ) )
1166 Debug( LDAP_DEBUG_ACL,
1167 "send_search_entry: conn %lu "
1168 "access to %s, value %d not allowed\n",
1169 op->o_connid, desc->ad_cname.bv_val, i );
1174 if ( op->o_vrFilter && e_flags[j][i] == 0 ){
1178 if (( rc = ber_printf( ber, "O", &a->a_vals[i] )) == -1 ) {
1179 Debug( LDAP_DEBUG_ANY,
1180 "send_search_entry: conn %lu ber_printf failed\n",
1181 op->o_connid, 0, 0 );
1183 if ( op->o_res_ber == NULL ) ber_free_buf( ber );
1184 send_ldap_error( op, rs, LDAP_OTHER,
1185 "encoding values error" );
1192 if (( rc = ber_printf( ber, /*{[*/ "]N}" )) == -1 ) {
1193 Debug( LDAP_DEBUG_ANY,
1194 "send_search_entry: conn %lu ber_printf failed\n",
1195 op->o_connid, 0, 0 );
1197 if ( op->o_res_ber == NULL ) ber_free_buf( ber );
1198 send_ldap_error( op, rs, LDAP_OTHER, "encode end error" );
1206 slap_sl_free( e_flags, op->o_tmpmemctx );
1210 rc = ber_printf( ber, /*{{*/ "}N}" );
1213 rc = send_ldap_controls( op, ber, rs->sr_ctrls );
1217 #ifdef LDAP_CONNECTIONLESS
1218 if( op->o_conn && op->o_conn->c_is_udp ) {
1219 if ( op->o_protocol != LDAP_VERSION2 ) {
1220 rc = ber_printf( ber, /*{*/ "N}" );
1224 if ( op->o_res_ber == NULL ) {
1225 rc = ber_printf( ber, /*{*/ "N}" );
1230 Debug( LDAP_DEBUG_ANY, "ber_printf failed\n", 0, 0, 0 );
1232 if ( op->o_res_ber == NULL ) ber_free_buf( ber );
1233 send_ldap_error( op, rs, LDAP_OTHER, "encode entry end error" );
1238 Statslog( LDAP_DEBUG_STATS2, "%s ENTRY dn=\"%s\"\n",
1239 op->o_log_prefix, rs->sr_entry->e_nname.bv_val, 0, 0, 0 );
1241 if ( rs->sr_flags & REP_ENTRY_MUSTRELEASE ) {
1242 be_entry_release_rw( op, rs->sr_entry, 0 );
1243 rs->sr_flags ^= REP_ENTRY_MUSTRELEASE;
1244 rs->sr_entry = NULL;
1247 if ( op->o_res_ber == NULL ) {
1248 bytes = send_ldap_ber( op->o_conn, ber );
1249 ber_free_buf( ber );
1252 Debug( LDAP_DEBUG_ANY,
1253 "send_search_entry: conn %lu ber write failed.\n",
1254 op->o_connid, 0, 0 );
1256 rc = LDAP_UNAVAILABLE;
1261 ldap_pvt_thread_mutex_lock( &op->o_counters->sc_mutex );
1262 ldap_pvt_mp_add_ulong( op->o_counters->sc_bytes, (unsigned long)bytes );
1263 ldap_pvt_mp_add_ulong( op->o_counters->sc_entries, 1 );
1264 ldap_pvt_mp_add_ulong( op->o_counters->sc_pdu, 1 );
1265 ldap_pvt_thread_mutex_unlock( &op->o_counters->sc_mutex );
1268 Debug( LDAP_DEBUG_TRACE,
1269 "<= send_search_entry: conn %lu exit.\n", op->o_connid, 0, 0 );
1274 if ( op->o_callback ) {
1275 (void)slap_cleanup_play( op, rs );
1279 slap_sl_free( e_flags, op->o_tmpmemctx );
1282 if ( rs->sr_operational_attrs ) {
1283 attrs_free( rs->sr_operational_attrs );
1284 rs->sr_operational_attrs = NULL;
1286 rs->sr_attr_flags = SLAP_ATTRS_UNDEFINED;
1288 /* FIXME: I think rs->sr_type should be explicitly set to
1289 * REP_SEARCH here. That's what it was when we entered this
1290 * function. send_ldap_error may have changed it, but we
1291 * should set it back so that the cleanup functions know
1292 * what they're doing.
1294 if ( op->o_tag == LDAP_REQ_SEARCH && rs->sr_type == REP_SEARCH
1296 && ( rs->sr_flags & REP_ENTRY_MUSTBEFREED ) )
1298 entry_free( rs->sr_entry );
1299 rs->sr_entry = NULL;
1300 rs->sr_flags &= ~REP_ENTRY_MUSTBEFREED;
1307 slap_send_search_reference( Operation *op, SlapReply *rs )
1309 BerElementBuffer berbuf;
1310 BerElement *ber = (BerElement *) &berbuf;
1313 char *edn = rs->sr_entry ? rs->sr_entry->e_name.bv_val : "(null)";
1315 AttributeDescription *ad_ref = slap_schema.si_ad_ref;
1316 AttributeDescription *ad_entry = slap_schema.si_ad_entry;
1318 rs->sr_type = REP_SEARCHREF;
1319 if ( op->o_callback ) {
1320 rc = slap_response_play( op, rs );
1321 if ( rc != SLAP_CB_CONTINUE ) {
1326 Debug( LDAP_DEBUG_TRACE,
1327 "=> send_search_reference: dn=\"%s\"\n",
1330 if ( rs->sr_entry && ! access_allowed( op, rs->sr_entry,
1331 ad_entry, NULL, ACL_READ, NULL ) )
1333 Debug( LDAP_DEBUG_ACL,
1334 "send_search_reference: access to entry not allowed\n",
1340 if ( rs->sr_entry && ! access_allowed( op, rs->sr_entry,
1341 ad_ref, NULL, ACL_READ, NULL ) )
1343 Debug( LDAP_DEBUG_ACL,
1344 "send_search_reference: access "
1345 "to reference not allowed\n",
1351 if( op->o_domain_scope ) {
1352 Debug( LDAP_DEBUG_ANY,
1353 "send_search_reference: domainScope control in (%s)\n",
1359 if( rs->sr_ref == NULL ) {
1360 Debug( LDAP_DEBUG_ANY,
1361 "send_search_reference: null ref in (%s)\n",
1367 if( op->o_protocol < LDAP_VERSION3 ) {
1369 /* save the references for the result */
1370 if( rs->sr_ref[0].bv_val != NULL ) {
1371 if( value_add( &rs->sr_v2ref, rs->sr_ref ) )
1377 #ifdef LDAP_CONNECTIONLESS
1378 if( op->o_conn && op->o_conn->c_is_udp ) {
1379 ber = op->o_res_ber;
1383 ber_init_w_nullc( ber, LBER_USE_DER );
1384 ber_set_option( ber, LBER_OPT_BER_MEMCTX, &op->o_tmpmemctx );
1387 rc = ber_printf( ber, "{it{W}" /*"}"*/ , op->o_msgid,
1388 LDAP_RES_SEARCH_REFERENCE, rs->sr_ref );
1391 rc = send_ldap_controls( op, ber, rs->sr_ctrls );
1395 rc = ber_printf( ber, /*"{"*/ "N}" );
1399 Debug( LDAP_DEBUG_ANY,
1400 "send_search_reference: ber_printf failed\n", 0, 0, 0 );
1402 #ifdef LDAP_CONNECTIONLESS
1403 if (!op->o_conn || op->o_conn->c_is_udp == 0)
1405 ber_free_buf( ber );
1406 send_ldap_error( op, rs, LDAP_OTHER, "encode DN error" );
1411 if ( rs->sr_flags & REP_ENTRY_MUSTRELEASE ) {
1412 assert( rs->sr_entry != NULL );
1413 be_entry_release_rw( op, rs->sr_entry, 0 );
1414 rs->sr_flags ^= REP_ENTRY_MUSTRELEASE;
1415 rs->sr_entry = NULL;
1418 #ifdef LDAP_CONNECTIONLESS
1419 if (!op->o_conn || op->o_conn->c_is_udp == 0) {
1421 bytes = send_ldap_ber( op->o_conn, ber );
1422 ber_free_buf( ber );
1425 rc = LDAP_UNAVAILABLE;
1427 ldap_pvt_thread_mutex_lock( &op->o_counters->sc_mutex );
1428 ldap_pvt_mp_add_ulong( op->o_counters->sc_bytes, (unsigned long)bytes );
1429 ldap_pvt_mp_add_ulong( op->o_counters->sc_refs, 1 );
1430 ldap_pvt_mp_add_ulong( op->o_counters->sc_pdu, 1 );
1431 ldap_pvt_thread_mutex_unlock( &op->o_counters->sc_mutex );
1433 #ifdef LDAP_CONNECTIONLESS
1436 if ( rs->sr_ref != NULL ) {
1439 for ( r = 0; !BER_BVISNULL( &rs->sr_ref[ r ] ); r++ ) {
1440 Statslog( LDAP_DEBUG_STATS2, "%s REF #%d \"%s\"\n",
1441 op->o_log_prefix, r, rs->sr_ref[0].bv_val,
1446 Statslog( LDAP_DEBUG_STATS2, "%s REF \"(null)\"\n",
1447 op->o_log_prefix, 0, 0, 0, 0 );
1450 Debug( LDAP_DEBUG_TRACE, "<= send_search_reference\n", 0, 0, 0 );
1453 if ( op->o_callback ) {
1454 (void)slap_cleanup_play( op, rs );
1470 *code = LDAP_SUCCESS;
1474 if ( strncasecmp( s, "RESULT", STRLENOF( "RESULT" ) ) != 0 ) {
1475 Debug( LDAP_DEBUG_ANY, "str2result (%s) expecting \"RESULT\"\n",
1482 while ( (s = strchr( s, '\n' )) != NULL ) {
1487 if ( (c = strchr( s, ':' )) != NULL ) {
1491 if ( strncasecmp( s, "code", STRLENOF( "code" ) ) == 0 ) {
1496 Debug( LDAP_DEBUG_ANY, "str2result (%s) missing value\n",
1502 while ( isspace( (unsigned char) c[ 0 ] ) ) c++;
1503 if ( c[ 0 ] == '\0' ) {
1504 Debug( LDAP_DEBUG_ANY, "str2result (%s) missing or empty value\n",
1510 retcode = strtol( c, &next, 10 );
1511 if ( next == NULL || next == c ) {
1512 Debug( LDAP_DEBUG_ANY, "str2result (%s) unable to parse value\n",
1518 while ( isspace( (unsigned char) next[ 0 ] ) ) next++;
1519 if ( next[ 0 ] != '\0' ) {
1520 Debug( LDAP_DEBUG_ANY, "str2result (%s) extra cruft after value\n",
1526 /* FIXME: what if it's larger that max int? */
1527 *code = (int)retcode;
1529 } else if ( strncasecmp( s, "matched", STRLENOF( "matched" ) ) == 0 ) {
1533 } else if ( strncasecmp( s, "info", STRLENOF( "info" ) ) == 0 ) {
1538 Debug( LDAP_DEBUG_ANY, "str2result (%s) unknown\n",
1548 int slap_read_controls(
1552 const struct berval *oid,
1553 LDAPControl **ctrl )
1557 BerElementBuffer berbuf;
1558 BerElement *ber = (BerElement *) &berbuf;
1562 Debug( LDAP_DEBUG_ANY, "%s slap_read_controls: (%s) %s\n",
1563 op->o_log_prefix, oid->bv_val, e->e_dn );
1566 rs->sr_attrs = ( oid == &slap_pre_read_bv ) ?
1567 op->o_preread_attrs : op->o_postread_attrs;
1569 bv.bv_len = entry_flatsize( rs->sr_entry, 0 );
1570 bv.bv_val = op->o_tmpalloc( bv.bv_len, op->o_tmpmemctx );
1572 ber_init2( ber, &bv, LBER_USE_DER );
1573 ber_set_option( ber, LBER_OPT_BER_MEMCTX, &op->o_tmpmemctx );
1575 /* create new operation */
1577 /* FIXME: o_bd needed for ACL */
1578 myop.o_bd = op->o_bd;
1579 myop.o_res_ber = ber;
1580 myop.o_callback = NULL;
1581 myop.ors_slimit = 1;
1583 rc = slap_send_search_entry( &myop, rs );
1586 rc = ber_flatten2( ber, &c.ldctl_value, 0 );
1588 if( rc == -1 ) return LDAP_OTHER;
1590 c.ldctl_oid = oid->bv_val;
1591 c.ldctl_iscritical = 0;
1593 if ( *ctrl == NULL ) {
1595 *ctrl = (LDAPControl *) slap_sl_calloc( 1, sizeof(LDAPControl), NULL );
1597 /* retry: free previous try */
1598 slap_sl_free( (*ctrl)->ldctl_value.bv_val, op->o_tmpmemctx );
1602 return LDAP_SUCCESS;
1605 /* Map API errors to protocol errors... */
1607 slap_map_api2result( SlapReply *rs )
1609 switch(rs->sr_err) {
1610 case LDAP_SERVER_DOWN:
1611 return LDAP_UNAVAILABLE;
1612 case LDAP_LOCAL_ERROR:
1614 case LDAP_ENCODING_ERROR:
1615 case LDAP_DECODING_ERROR:
1616 return LDAP_PROTOCOL_ERROR;
1618 return LDAP_UNAVAILABLE;
1619 case LDAP_AUTH_UNKNOWN:
1620 return LDAP_AUTH_METHOD_NOT_SUPPORTED;
1621 case LDAP_FILTER_ERROR:
1622 rs->sr_text = "Filter error";
1624 case LDAP_USER_CANCELLED:
1625 rs->sr_text = "User cancelled";
1627 case LDAP_PARAM_ERROR:
1628 return LDAP_PROTOCOL_ERROR;
1629 case LDAP_NO_MEMORY:
1631 case LDAP_CONNECT_ERROR:
1632 return LDAP_UNAVAILABLE;
1633 case LDAP_NOT_SUPPORTED:
1634 return LDAP_UNWILLING_TO_PERFORM;
1635 case LDAP_CONTROL_NOT_FOUND:
1636 return LDAP_PROTOCOL_ERROR;
1637 case LDAP_NO_RESULTS_RETURNED:
1638 return LDAP_NO_SUCH_OBJECT;
1639 case LDAP_MORE_RESULTS_TO_RETURN:
1640 rs->sr_text = "More results to return";
1642 case LDAP_CLIENT_LOOP:
1643 case LDAP_REFERRAL_LIMIT_EXCEEDED:
1644 return LDAP_LOOP_DETECT;
1646 if ( LDAP_API_ERROR(rs->sr_err) ) return LDAP_OTHER;
1653 slap_attr_flags( AttributeName *an )
1655 slap_mask_t flags = SLAP_ATTRS_UNDEFINED;
1658 flags |= ( SLAP_OPATTRS_NO | SLAP_USERATTRS_YES );
1661 flags |= an_find( an, &AllOper )
1662 ? SLAP_OPATTRS_YES : SLAP_OPATTRS_NO;
1663 flags |= an_find( an, &AllUser )
1664 ? SLAP_USERATTRS_YES : SLAP_USERATTRS_NO;