1 /* result.c - routines to send ldap results, errors, and referrals */
10 #include <ac/signal.h>
11 #include <ac/string.h>
14 #include <ac/unistd.h>
18 /* we need LBER internals */
19 #include "../../libraries/liblber/lber-int.h"
21 static char *v2ref( struct berval **ref, const char *text )
23 size_t len = 0, i = 0;
26 if(ref == NULL) return (char *)text;
30 if (text[len-1] != '\n')
33 v2 = ch_malloc( len+i+sizeof("Referral:") );
39 strcpy( v2+len, "Referral:" );
41 for( i=0; ref[i] != NULL; i++ ) {
42 v2 = ch_realloc( v2, len + ref[i]->bv_len + 1 );
44 memcpy(&v2[len], ref[i]->bv_val, ref[i]->bv_len );
45 len += ref[i]->bv_len;
52 static ber_tag_t req2res( ber_tag_t tag )
57 case LDAP_REQ_COMPARE:
58 case LDAP_REQ_EXTENDED:
65 tag = LDAP_RES_DELETE;
68 case LDAP_REQ_ABANDON:
74 tag = LDAP_RES_SEARCH_RESULT;
84 static void trim_refs_urls(
85 struct berval **refs )
89 if( refs == NULL ) return;
91 for( i=0; refs[i] != NULL; i++ ) {
92 if( refs[i]->bv_len > sizeof("ldap://")-1 &&
93 strncasecmp( refs[i]->bv_val, "ldap://",
94 sizeof("ldap://")-1 ) == 0 )
97 for( j=sizeof("ldap://")-1; j<refs[i]->bv_len ; j++ ) {
98 if( refs[i]->bv_val[j] == '/' ) {
99 refs[i]->bv_val[j] = '\0';
108 struct berval **get_entry_referrals(
115 struct berval **refs;
118 attr = attr_find( e->e_attrs, "ref" );
120 if( attr == NULL ) return NULL;
122 for( i=0; attr->a_vals[i] != NULL; i++ ) {
123 /* count references */
126 if( i < 1 ) return NULL;
128 refs = ch_malloc( i + 1 );
130 for( i=0, j=0; attr->a_vals[i] != NULL; i++ ) {
132 struct berval *ref = ber_bvdup( attr->a_vals[i] );
135 for( k=0; k<ref->bv_len; k++ ) {
136 if( isspace(ref->bv_val[k]) ) {
137 ref->bv_val[k] = '\0';
143 if( ref->bv_len > 0 ) {
154 ber_bvecfree( refs );
158 /* we should check that a referral value exists... */
163 static long send_ldap_ber(
167 ber_len_t bytes = ber_pvt_ber_bytes( ber );
169 /* write only one pdu at a time - wait til it's our turn */
170 ldap_pvt_thread_mutex_lock( &conn->c_write_mutex );
172 /* lock the connection */
173 ldap_pvt_thread_mutex_lock( &conn->c_mutex );
179 if ( connection_state_closing( conn ) ) {
180 ldap_pvt_thread_mutex_unlock( &conn->c_mutex );
181 ldap_pvt_thread_mutex_unlock( &conn->c_write_mutex );
186 if ( ber_flush( conn->c_sb, ber, 0 ) == 0 ) {
193 * we got an error. if it's ewouldblock, we need to
194 * wait on the socket being writable. otherwise, figure
195 * it's a hard error and return.
198 Debug( LDAP_DEBUG_CONNS, "ber_flush failed errno=%d reason=\"%s\"\n",
199 err, STRERROR(err), 0 );
201 if ( err != EWOULDBLOCK && err != EAGAIN ) {
202 connection_closing( conn );
204 ldap_pvt_thread_mutex_unlock( &conn->c_mutex );
205 ldap_pvt_thread_mutex_unlock( &conn->c_write_mutex );
210 /* wait for socket to be write-ready */
211 conn->c_writewaiter = 1;
212 slapd_set_write( ber_pvt_sb_get_desc( conn->c_sb ), 1 );
214 ldap_pvt_thread_cond_wait( &conn->c_write_cv, &conn->c_mutex );
215 conn->c_writewaiter = 0;
218 ldap_pvt_thread_mutex_unlock( &conn->c_mutex );
219 ldap_pvt_thread_mutex_unlock( &conn->c_write_mutex );
235 struct berval *resdata,
243 assert( ctrls == NULL ); /* ctrls not implemented */
245 ber = ber_alloc_t( LBER_USE_DER );
247 Debug( LDAP_DEBUG_TRACE, "send_ldap_response: msgid=%ld tag=%ld err=%ld\n",
248 (long) msgid, (long) tag, (long) err );
251 Debug( LDAP_DEBUG_ANY, "ber_alloc failed\n", 0, 0, 0 );
255 #ifdef LDAP_CONNECTIONLESS
257 rc = ber_printf( ber, "{is{t{ess}}}", msgid, "", tag,
258 err, matched ? matched : "", text ? text : "" );
262 rc = ber_printf( ber, "{it{ess",
264 matched == NULL ? "" : matched,
265 text == NULL ? "" : text );
267 if( rc != -1 && ref != NULL ) {
268 rc = ber_printf( ber, "{V}", ref );
271 if( rc != -1 && resoid != NULL ) {
272 rc = ber_printf( ber, "s", resoid );
275 if( rc != -1 && resdata != NULL ) {
276 rc = ber_printf( ber, "O", resdata );
281 rc = ber_printf( ber, "}}" );
286 Debug( LDAP_DEBUG_ANY, "ber_printf failed\n", 0, 0, 0 );
292 bytes = send_ldap_ber( conn, ber );
296 Debug( LDAP_DEBUG_ANY,
297 "send_ldap_response: ber write failed\n",
302 ldap_pvt_thread_mutex_lock( &num_sent_mutex );
303 num_bytes_sent += bytes;
305 ldap_pvt_thread_mutex_unlock( &num_sent_mutex );
311 send_ldap_disconnect(
322 #define LDAP_UNSOLICITED_ERROR(e) \
323 ( (e) == LDAP_PROTOCOL_ERROR \
324 || (e) == LDAP_STRONG_AUTH_REQUIRED \
325 || (e) == LDAP_UNAVAILABLE )
327 assert( LDAP_UNSOLICITED_ERROR( err ) );
329 Debug( LDAP_DEBUG_TRACE,
330 "send_ldap_disconnect %d:%s\n",
331 err, text ? text : "", NULL );
333 if ( op->o_protocol < LDAP_VERSION3 ) {
335 tag = req2res( op->o_tag );
336 msgid = (tag != LBER_SEQUENCE) ? op->o_msgid : 0;
339 reqoid = LDAP_NOTICE_DISCONNECT;
340 tag = LDAP_RES_EXTENDED;
344 #ifdef LDAP_CONNECTIONLESS
346 ber_pvt_sb_udp_set_dst( conn->c_sb, &op->o_clientaddr );
347 Debug( LDAP_DEBUG_TRACE, "UDP response to %s port %d\n",
348 inet_ntoa(((struct sockaddr_in *)
349 &op->o_clientaddr)->sin_addr ),
350 ((struct sockaddr_in *) &op->o_clientaddr)->sin_port,
354 send_ldap_response( conn, op, tag, msgid,
355 err, NULL, text, NULL,
356 reqoid, NULL, NULL );
358 Statslog( LDAP_DEBUG_STATS,
359 "conn=%ld op=%ld DISCONNECT err=%ld tag=%lu text=%s\n",
360 (long) op->o_connid, (long) op->o_opid,
361 (long) tag, (long) err, text ? text : "" );
379 assert( !LDAP_API_ERROR( err ) );
381 Debug( LDAP_DEBUG_TRACE, "send_ldap_result: conn=%ld op=%ld p=%d\n",
382 (long) op->o_connid, (long) op->o_opid, op->o_protocol );
383 Debug( LDAP_DEBUG_ARGS, "send_ldap_result: %d:%s:%s\n",
384 err, matched ? matched : "", text ? text : "" );
386 assert( err != LDAP_PARTIAL_RESULTS );
388 if( op->o_tag != LDAP_REQ_SEARCH ) {
389 trim_refs_urls( ref );
392 if ( err == LDAP_REFERRAL ) {
394 err = LDAP_NO_SUCH_OBJECT;
395 } else if ( op->o_protocol < LDAP_VERSION3 ) {
396 err = LDAP_PARTIAL_RESULTS;
400 if ( op->o_protocol < LDAP_VERSION3 ) {
401 tmp = v2ref( ref, text );
406 tag = req2res( op->o_tag );
407 msgid = (tag != LBER_SEQUENCE) ? op->o_msgid : 0;
409 #ifdef LDAP_CONNECTIONLESS
411 ber_pvt_sb_udp_set_dst( conn->c_sb, &op->o_clientaddr );
412 Debug( LDAP_DEBUG_TRACE, "UDP response to %s port %d\n",
413 inet_ntoa(((struct sockaddr_in *)
414 &op->o_clientaddr)->sin_addr ),
415 ((struct sockaddr_in *) &op->o_clientaddr)->sin_port,
420 send_ldap_response( conn, op, tag, msgid,
421 err, matched, text, ref,
424 Statslog( LDAP_DEBUG_STATS,
425 "conn=%ld op=%ld RESULT tag=%lu err=%ld text=%s\n",
426 (long) op->o_connid, (long) op->o_opid,
427 (long) tag, (long) err, text ? text : "" );
442 struct berval **refs,
450 assert( !LDAP_API_ERROR( err ) );
452 Debug( LDAP_DEBUG_TRACE, "send_ldap_search_result %d:%s:%s\n",
453 err, matched ? matched : "", text ? text : "" );
455 assert( err != LDAP_PARTIAL_RESULTS );
457 trim_refs_urls( refs );
459 if( op->o_protocol < LDAP_VERSION3 ) {
460 /* send references in search results */
461 if( err == LDAP_REFERRAL ) {
462 err = LDAP_PARTIAL_RESULTS;
465 tmp = v2ref( refs, text );
469 /* don't send references in search results */
470 assert( refs == NULL );
473 if( err == LDAP_REFERRAL ) {
478 tag = req2res( op->o_tag );
479 msgid = (tag != LBER_SEQUENCE) ? op->o_msgid : 0;
481 #ifdef LDAP_CONNECTIONLESS
483 ber_pvt_sb_udp_set_dst( conn->c_sb, &op->o_clientaddr );
484 Debug( LDAP_DEBUG_TRACE, "UDP response to %s port %d\n",
485 inet_ntoa(((struct sockaddr_in *)
486 &op->o_clientaddr)->sin_addr ),
487 ((struct sockaddr_in *) &op->o_clientaddr)->sin_port,
492 send_ldap_response( conn, op, tag, msgid,
493 err, matched, text, refs,
496 Statslog( LDAP_DEBUG_STATS,
497 "conn=%ld op=%ld SEARCH RESULT tag=%lu err=%ld text=%s\n",
498 (long) op->o_connid, (long) op->o_opid,
499 (long) tag, (long) err, text ? text : "" );
522 Debug( LDAP_DEBUG_TRACE, "=> send_search_entry: \"%s\"\n", e->e_dn, 0, 0 );
524 if ( ! access_allowed( be, conn, op, e,
525 "entry", NULL, ACL_READ ) )
527 Debug( LDAP_DEBUG_ACL, "acl: access to entry not allowed\n",
534 ber = ber_alloc_t( LBER_USE_DER );
537 Debug( LDAP_DEBUG_ANY, "ber_alloc failed\n", 0, 0, 0 );
538 send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR,
539 NULL, "allocating BER error", NULL, NULL );
543 rc = ber_printf( ber, "{it{s{", op->o_msgid,
544 LDAP_RES_SEARCH_ENTRY, e->e_dn );
547 Debug( LDAP_DEBUG_ANY, "ber_printf failed\n", 0, 0, 0 );
549 send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR,
550 NULL, "encoding dn error", NULL, NULL );
554 /* check for special all user attributes ("*") type */
555 userattrs = ( attrs == NULL ) ? 1
556 : charray_inlist( attrs, LDAP_ALL_USER_ATTRIBUTES );
558 /* check for special all operational attributes ("+") type */
559 opattrs = ( attrs == NULL ) ? 0
560 : charray_inlist( attrs, LDAP_ALL_OPERATIONAL_ATTRIBUTES );
562 for ( a = e->e_attrs; a != NULL; a = a->a_next ) {
563 if ( attrs == NULL ) {
564 /* all addrs request, skip operational attributes */
565 if( !opattrs && oc_check_operational_attr( a->a_type ) ) {
570 /* specific addrs requested */
571 if ( oc_check_operational_attr( a->a_type ) ) {
572 if( !opattrs && !charray_inlist( attrs, a->a_type ) )
577 if (!userattrs && !charray_inlist( attrs, a->a_type ) )
584 if ( ! access_allowed( be, conn, op, e,
585 a->a_type, NULL, ACL_READ ) )
587 Debug( LDAP_DEBUG_ACL, "acl: access to attribute %s not allowed\n",
592 if (( rc = ber_printf( ber, "{s[" /*]}*/ , a->a_type )) == -1 ) {
593 Debug( LDAP_DEBUG_ANY, "ber_printf failed\n", 0, 0, 0 );
595 send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR,
596 NULL, "encoding type error", NULL, NULL );
601 for ( i = 0; a->a_vals[i] != NULL; i++ ) {
602 if ( ! access_allowed( be, conn, op, e,
603 a->a_type, a->a_vals[i], ACL_READ ) )
605 Debug( LDAP_DEBUG_ACL,
606 "acl: access to attribute %s, value %d not allowed\n",
611 if (( rc = ber_printf( ber, "O", a->a_vals[i] )) == -1 ) {
612 Debug( LDAP_DEBUG_ANY,
613 "ber_printf failed\n", 0, 0, 0 );
615 send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR,
616 NULL, "encoding value error", NULL, NULL );
622 if (( rc = ber_printf( ber, /*{[*/ "]}" )) == -1 ) {
623 Debug( LDAP_DEBUG_ANY, "ber_printf failed\n", 0, 0, 0 );
625 send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR,
626 NULL, "encode end error", NULL, NULL );
631 #ifdef SLAPD_SCHEMA_DN
632 /* eventually will loop through generated operational attributes */
633 /* only have subschemaSubentry implemented */
634 a = backend_subschemasubentry( be );
637 if ( attrs == NULL ) {
638 /* all addrs request, skip operational attributes */
639 if( !opattrs && oc_check_operational_attr( a->a_type ) ) {
644 /* specific addrs requested */
645 if ( oc_check_operational_attr( a->a_type ) ) {
646 if( !opattrs && !charray_inlist( attrs, a->a_type ) )
651 if (!userattrs && !charray_inlist( attrs, a->a_type ) )
658 if ( ! access_allowed( be, conn, op, e,
659 a->a_type, NULL, ACL_READ ) )
661 Debug( LDAP_DEBUG_ACL, "acl: access to attribute %s not allowed\n",
666 if (( rc = ber_printf( ber, "{s[" /*]}*/ , a->a_type )) == -1 ) {
667 Debug( LDAP_DEBUG_ANY, "ber_printf failed\n", 0, 0, 0 );
669 send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR,
670 NULL, "encoding type error", NULL, NULL );
675 for ( i = 0; a->a_vals[i] != NULL; i++ ) {
676 if ( ! access_allowed( be, conn, op, e,
677 a->a_type, a->a_vals[i], ACL_READ ) )
679 Debug( LDAP_DEBUG_ACL,
680 "acl: access to attribute %s, value %d not allowed\n",
686 if (( rc = ber_printf( ber, "O", a->a_vals[i] )) == -1 ) {
687 Debug( LDAP_DEBUG_ANY,
688 "ber_printf failed\n", 0, 0, 0 );
690 send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR,
691 NULL, "encoding value error", NULL, NULL );
697 if (( rc = ber_printf( ber, /*{[*/ "]}" )) == -1 ) {
698 Debug( LDAP_DEBUG_ANY, "ber_printf failed\n", 0, 0, 0 );
700 send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR,
701 NULL, "encode end error", NULL, NULL );
707 rc = ber_printf( ber, /*{{{*/ "}}}" );
710 Debug( LDAP_DEBUG_ANY, "ber_printf failed\n", 0, 0, 0 );
712 send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR,
713 NULL, "encode entry end error", NULL, NULL );
717 bytes = send_ldap_ber( conn, ber );
721 Debug( LDAP_DEBUG_ANY,
722 "send_ldap_response: ber write failed\n",
727 ldap_pvt_thread_mutex_lock( &num_sent_mutex );
728 num_bytes_sent += bytes;
731 ldap_pvt_thread_mutex_unlock( &num_sent_mutex );
733 Statslog( LDAP_DEBUG_STATS2, "conn=%ld op=%ld ENTRY dn=\"%s\"\n",
734 (long) conn->c_connid, (long) op->o_opid, e->e_dn, 0, 0 );
736 Debug( LDAP_DEBUG_TRACE, "<= send_search_entry\n", 0, 0, 0 );
745 send_search_reference(
750 struct berval **refs,
753 struct berval ***v2refs
760 Debug( LDAP_DEBUG_TRACE, "=> send_search_reference (%s)\n", e->e_dn, 0, 0 );
762 if ( ! access_allowed( be, conn, op, e,
763 "entry", NULL, ACL_READ ) )
765 Debug( LDAP_DEBUG_ACL,
766 "send_search_reference: access to entry not allowed\n",
771 if ( ! access_allowed( be, conn, op, e,
772 "ref", NULL, ACL_READ ) )
774 Debug( LDAP_DEBUG_ACL,
775 "send_search_reference: access to reference not allowed\n",
781 Debug( LDAP_DEBUG_ANY,
782 "send_search_reference: null ref in (%s)\n",
787 if( op->o_protocol < LDAP_VERSION3 ) {
788 /* save the references for the result */
789 if( *refs == NULL ) {
790 value_add( v2refs, refs );
795 ber = ber_alloc_t( LBER_USE_DER );
798 Debug( LDAP_DEBUG_ANY,
799 "send_search_reference: ber_alloc failed\n", 0, 0, 0 );
800 send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR,
801 NULL, "alloc BER error", NULL, NULL );
805 rc = ber_printf( ber, "{it{V}}", op->o_msgid,
806 LDAP_RES_SEARCH_REFERENCE, refs );
809 Debug( LDAP_DEBUG_ANY,
810 "send_search_reference: ber_printf failed\n", 0, 0, 0 );
812 send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR,
813 NULL, "encode dn error", NULL, NULL );
817 bytes = send_ldap_ber( conn, ber );
820 ldap_pvt_thread_mutex_lock( &num_sent_mutex );
821 num_bytes_sent += bytes;
824 ldap_pvt_thread_mutex_unlock( &num_sent_mutex );
826 Statslog( LDAP_DEBUG_STATS2, "conn=%ld op=%ld ENTRY dn=\"%s\"\n",
827 (long) conn->c_connid, (long) op->o_opid, e->e_dn, 0, 0 );
829 Debug( LDAP_DEBUG_TRACE, "<= send_search_reference\n", 0, 0, 0 );
846 *code = LDAP_SUCCESS;
850 if ( strncasecmp( s, "RESULT", 6 ) != 0 ) {
851 Debug( LDAP_DEBUG_ANY, "str2result (%s) expecting \"RESULT\"\n",
858 while ( (s = strchr( s, '\n' )) != NULL ) {
863 if ( (c = strchr( s, ':' )) != NULL ) {
867 if ( strncasecmp( s, "code", 4 ) == 0 ) {
871 } else if ( strncasecmp( s, "matched", 7 ) == 0 ) {
875 } else if ( strncasecmp( s, "info", 4 ) == 0 ) {
880 Debug( LDAP_DEBUG_ANY, "str2result (%s) unknown\n",
projects / openldap / blob