1 /* result.c - routines to send ldap results, errors, and referrals */
4 * Copyright 1998-2000 The OpenLDAP Foundation, All Rights Reserved.
5 * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
12 #include <ac/socket.h>
14 #include <ac/signal.h>
15 #include <ac/string.h>
18 #include <ac/unistd.h>
22 static char *v2ref( struct berval **ref, const char *text )
24 size_t len = 0, i = 0;
30 return ch_strdup(text);
37 if (text[len-1] != '\n')
40 v2 = ch_malloc( len+i+sizeof("Referral:") );
46 strcpy( v2+len, "Referral:" );
47 len += sizeof("Referral:");
49 for( i=0; ref[i] != NULL; i++ ) {
50 v2 = ch_realloc( v2, len + ref[i]->bv_len + 1 );
52 memcpy(&v2[len], ref[i]->bv_val, ref[i]->bv_len );
53 len += ref[i]->bv_len;
54 if (ref[i]->bv_val[ref[i]->bv_len-1] != '/')
62 static ber_tag_t req2res( ber_tag_t tag )
67 case LDAP_REQ_COMPARE:
68 case LDAP_REQ_EXTENDED:
75 tag = LDAP_RES_DELETE;
78 case LDAP_REQ_ABANDON:
84 tag = LDAP_RES_SEARCH_RESULT;
94 static void trim_refs_urls(
95 struct berval **refs )
99 if( refs == NULL ) return;
101 for( i=0; refs[i] != NULL; i++ ) {
102 if( refs[i]->bv_len > sizeof("ldap://")-1 &&
103 strncasecmp( refs[i]->bv_val, "ldap://",
104 sizeof("ldap://")-1 ) == 0 )
107 for( j=sizeof("ldap://")-1; j<refs[i]->bv_len ; j++ ) {
108 if( refs[i]->bv_val[j] == '/' ) {
109 refs[i]->bv_val[j] = '\0';
118 struct berval **get_entry_referrals(
125 struct berval **refs;
128 AttributeDescription *ad_ref = slap_schema.si_ad_ref;
130 attr = attr_find( e->e_attrs, ad_ref );
132 if( attr == NULL ) return NULL;
134 for( i=0; attr->a_vals[i] != NULL; i++ ) {
135 /* count references */
138 if( i < 1 ) return NULL;
140 refs = ch_malloc( (i + 1) * sizeof(struct berval *));
142 for( i=0, j=0; attr->a_vals[i] != NULL; i++ ) {
144 struct berval *ref = ber_bvdup( attr->a_vals[i] );
147 for( k=0; k<ref->bv_len; k++ ) {
148 if( isspace(ref->bv_val[k]) ) {
149 ref->bv_val[k] = '\0';
155 if( ref->bv_len > 0 ) {
166 ber_bvecfree( refs );
170 /* we should check that a referral value exists... */
175 static long send_ldap_ber(
181 ber_get_option( ber, LBER_OPT_BER_BYTES_TO_WRITE, &bytes );
183 /* write only one pdu at a time - wait til it's our turn */
184 ldap_pvt_thread_mutex_lock( &conn->c_write_mutex );
186 /* lock the connection */
187 ldap_pvt_thread_mutex_lock( &conn->c_mutex );
194 if ( connection_state_closing( conn ) ) {
195 ldap_pvt_thread_mutex_unlock( &conn->c_mutex );
196 ldap_pvt_thread_mutex_unlock( &conn->c_write_mutex );
201 if ( ber_flush( conn->c_sb, ber, 0 ) == 0 ) {
208 * we got an error. if it's ewouldblock, we need to
209 * wait on the socket being writable. otherwise, figure
210 * it's a hard error and return.
213 Debug( LDAP_DEBUG_CONNS, "ber_flush failed errno=%d reason=\"%s\"\n",
214 err, sock_errstr(err), 0 );
216 if ( err != EWOULDBLOCK && err != EAGAIN ) {
217 connection_closing( conn );
219 ldap_pvt_thread_mutex_unlock( &conn->c_mutex );
220 ldap_pvt_thread_mutex_unlock( &conn->c_write_mutex );
225 /* wait for socket to be write-ready */
226 conn->c_writewaiter = 1;
227 ber_sockbuf_ctrl( conn->c_sb, LBER_SB_OPT_GET_FD, &sd );
228 slapd_set_write( sd, 1 );
230 ldap_pvt_thread_cond_wait( &conn->c_write_cv, &conn->c_mutex );
231 conn->c_writewaiter = 0;
234 ldap_pvt_thread_mutex_unlock( &conn->c_mutex );
235 ldap_pvt_thread_mutex_unlock( &conn->c_write_mutex );
251 struct berval *resdata,
252 struct berval *sasldata,
260 assert( ctrls == NULL ); /* ctrls not implemented */
262 ber = ber_alloc_t( LBER_USE_DER );
264 Debug( LDAP_DEBUG_TRACE, "send_ldap_response: msgid=%ld tag=%ld err=%ld\n",
265 (long) msgid, (long) tag, (long) err );
267 Debug( LDAP_DEBUG_ARGS, "send_ldap_response: ref=%s\n",
268 ref[0] && ref[0]->bv_val ? ref[0]->bv_val : "NULL",
273 Debug( LDAP_DEBUG_ANY, "ber_alloc failed\n", 0, 0, 0 );
277 #ifdef LDAP_CONNECTIONLESS
279 rc = ber_printf( ber, "{is{t{essN}N}N}", msgid, "", tag,
280 err, matched ? matched : "", text ? text : "" );
284 rc = ber_printf( ber, "{it{ess",
286 matched == NULL ? "" : matched,
287 text == NULL ? "" : text );
291 assert( err == LDAP_REFERRAL );
292 rc = ber_printf( ber, "t{V}",
293 LDAP_TAG_REFERRAL, ref );
295 assert( err != LDAP_REFERRAL );
299 if( rc != -1 && sasldata != NULL ) {
300 rc = ber_printf( ber, "tO",
301 LDAP_TAG_SASL_RES_CREDS, sasldata );
304 if( rc != -1 && resoid != NULL ) {
305 rc = ber_printf( ber, "ts",
306 LDAP_TAG_EXOP_RES_OID, resoid );
309 if( rc != -1 && resdata != NULL ) {
310 rc = ber_printf( ber, "tO",
311 LDAP_TAG_EXOP_RES_VALUE, resdata );
315 rc = ber_printf( ber, "N}N}" );
320 Debug( LDAP_DEBUG_ANY, "ber_printf failed\n", 0, 0, 0 );
326 bytes = send_ldap_ber( conn, ber );
330 Debug( LDAP_DEBUG_ANY,
331 "send_ldap_response: ber write failed\n",
336 ldap_pvt_thread_mutex_lock( &num_sent_mutex );
337 num_bytes_sent += bytes;
339 ldap_pvt_thread_mutex_unlock( &num_sent_mutex );
345 send_ldap_disconnect(
356 #define LDAP_UNSOLICITED_ERROR(e) \
357 ( (e) == LDAP_PROTOCOL_ERROR \
358 || (e) == LDAP_STRONG_AUTH_REQUIRED \
359 || (e) == LDAP_UNAVAILABLE )
361 assert( LDAP_UNSOLICITED_ERROR( err ) );
363 Debug( LDAP_DEBUG_TRACE,
364 "send_ldap_disconnect %d:%s\n",
365 err, text ? text : "", NULL );
367 if ( op->o_protocol < LDAP_VERSION3 ) {
369 tag = req2res( op->o_tag );
370 msgid = (tag != LBER_SEQUENCE) ? op->o_msgid : 0;
373 reqoid = LDAP_NOTICE_DISCONNECT;
374 tag = LDAP_RES_EXTENDED;
378 #ifdef LDAP_CONNECTIONLESS
380 ber_sockbuf_ctrl( conn->c_sb, LBER_SB_OPT_UDP_SET_DST,
381 (void *)&op->o_clientaddr );
382 Debug( LDAP_DEBUG_TRACE, "UDP response to %s port %d\n",
383 inet_ntoa(((struct sockaddr_in *)
384 &op->o_clientaddr)->sin_addr ),
385 ((struct sockaddr_in *) &op->o_clientaddr)->sin_port,
390 send_ldap_response( conn, op, tag, msgid,
391 err, NULL, text, NULL,
392 reqoid, NULL, NULL, NULL );
394 Statslog( LDAP_DEBUG_STATS,
395 "conn=%ld op=%ld DISCONNECT err=%ld tag=%lu text=%s\n",
396 (long) op->o_connid, (long) op->o_opid,
397 (long) tag, (long) err, text ? text : "" );
415 assert( !LDAP_API_ERROR( err ) );
417 Debug( LDAP_DEBUG_TRACE, "send_ldap_result: conn=%ld op=%ld p=%d\n",
418 (long) op->o_connid, (long) op->o_opid, op->o_protocol );
419 Debug( LDAP_DEBUG_ARGS, "send_ldap_result: %d:%s:%s\n",
420 err, matched ? matched : "", text ? text : "" );
422 Debug( LDAP_DEBUG_ARGS, "send_ldap_result: referral: %s\n",
423 ref[0] && ref[0]->bv_val ? ref[0]->bv_val : "NULL",
427 assert( err != LDAP_PARTIAL_RESULTS );
429 if( op->o_tag != LDAP_REQ_SEARCH ) {
430 trim_refs_urls( ref );
433 if ( err == LDAP_REFERRAL ) {
435 err = LDAP_NO_SUCH_OBJECT;
436 } else if ( op->o_protocol < LDAP_VERSION3 ) {
437 err = LDAP_PARTIAL_RESULTS;
441 if ( op->o_protocol < LDAP_VERSION3 ) {
442 tmp = v2ref( ref, text );
447 tag = req2res( op->o_tag );
448 msgid = (tag != LBER_SEQUENCE) ? op->o_msgid : 0;
450 #ifdef LDAP_CONNECTIONLESS
452 ber_sockbuf_ctrl( conn->c_sb, LBER_SB_OPT_UDP_SET_DST,
453 (void *)&op->o_clientaddr );
454 Debug( LDAP_DEBUG_TRACE, "UDP response to %s port %d\n",
455 inet_ntoa(((struct sockaddr_in *)
456 &op->o_clientaddr)->sin_addr ),
457 ((struct sockaddr_in *) &op->o_clientaddr)->sin_port,
462 send_ldap_response( conn, op, tag, msgid,
463 err, matched, text, ref,
464 NULL, NULL, NULL, ctrls );
466 Statslog( LDAP_DEBUG_STATS,
467 "conn=%ld op=%ld RESULT tag=%lu err=%ld text=%s\n",
468 (long) op->o_connid, (long) op->o_opid,
469 (long) tag, (long) err, text ? text : "" );
491 Debug( LDAP_DEBUG_TRACE, "send_ldap_sasl %ld\n",
492 (long) err, NULL, NULL );
494 tag = req2res( op->o_tag );
495 msgid = (tag != LBER_SEQUENCE) ? op->o_msgid : 0;
497 #ifdef LDAP_CONNECTIONLESS
499 ber_sockbuf_ctrl( conn->c_sb, LBER_SB_OPT_UDP_SET_DST,
500 (void *)&op->o_clientaddr );
501 Debug( LDAP_DEBUG_TRACE, "UDP response to %s port %d\n",
502 inet_ntoa(((struct sockaddr_in *)
503 &op->o_clientaddr)->sin_addr ),
504 ((struct sockaddr_in *) &op->o_clientaddr)->sin_port,
509 send_ldap_response( conn, op, tag, msgid,
510 err, matched, text, ref,
511 NULL, NULL, cred, ctrls );
521 struct berval **refs,
523 struct berval *rspdata,
530 Debug( LDAP_DEBUG_TRACE,
531 "send_ldap_extended %ld:%s (%ld)\n",
533 rspoid ? rspoid : "",
534 rspdata != NULL ? (long) rspdata->bv_len : (long) 0 );
536 tag = req2res( op->o_tag );
537 msgid = (tag != LBER_SEQUENCE) ? op->o_msgid : 0;
539 #ifdef LDAP_CONNECTIONLESS
541 ber_sockbuf_ctrl( conn->c_sb, LBER_SB_OPT_UDP_SET_DST,
542 (void *)&op->o_clientaddr );
543 Debug( LDAP_DEBUG_TRACE, "UDP response to %s port %d\n",
544 inet_ntoa(((struct sockaddr_in *)
545 &op->o_clientaddr)->sin_addr ),
546 ((struct sockaddr_in *) &op->o_clientaddr)->sin_port,
551 send_ldap_response( conn, op, tag, msgid,
552 err, matched, text, refs,
553 rspoid, rspdata, NULL, ctrls );
564 struct berval **refs,
572 assert( !LDAP_API_ERROR( err ) );
574 Debug( LDAP_DEBUG_TRACE, "send_ldap_search_result %d:%s:%s\n",
575 err, matched ? matched : "", text ? text : "" );
577 assert( err != LDAP_PARTIAL_RESULTS );
579 trim_refs_urls( refs );
581 if( op->o_protocol < LDAP_VERSION3 ) {
582 /* send references in search results */
583 if( err == LDAP_REFERRAL ) {
584 err = LDAP_PARTIAL_RESULTS;
587 tmp = v2ref( refs, text );
591 /* don't send references in search results */
592 assert( refs == NULL );
595 if( err == LDAP_REFERRAL ) {
600 tag = req2res( op->o_tag );
601 msgid = (tag != LBER_SEQUENCE) ? op->o_msgid : 0;
603 #ifdef LDAP_CONNECTIONLESS
605 ber_sockbuf_ctrl( conn->c_sb, LBER_SB_OPT_UDP_SET_DST,
606 (void *)&op->o_clientaddr );
607 Debug( LDAP_DEBUG_TRACE, "UDP response to %s port %d\n",
608 inet_ntoa(((struct sockaddr_in *)
609 &op->o_clientaddr)->sin_addr ),
610 ((struct sockaddr_in *) &op->o_clientaddr)->sin_port,
615 send_ldap_response( conn, op, tag, msgid,
616 err, matched, text, refs,
617 NULL, NULL, NULL, ctrls );
619 Statslog( LDAP_DEBUG_STATS,
620 "conn=%ld op=%ld SEARCH RESULT tag=%lu err=%ld text=%s\n",
621 (long) op->o_connid, (long) op->o_opid,
622 (long) tag, (long) err, text ? text : "" );
647 AttributeDescription *ad_entry = slap_schema.si_ad_entry;
649 Debug( LDAP_DEBUG_TRACE, "=> send_search_entry: \"%s\"\n", e->e_dn, 0, 0 );
651 if ( ! access_allowed( be, conn, op, e,
652 ad_entry, NULL, ACL_READ ) )
654 Debug( LDAP_DEBUG_ACL, "acl: access to entry not allowed\n",
661 ber = ber_alloc_t( LBER_USE_DER );
664 Debug( LDAP_DEBUG_ANY, "ber_alloc failed\n", 0, 0, 0 );
665 send_ldap_result( conn, op, LDAP_OTHER,
666 NULL, "BER allocation error", NULL, NULL );
670 rc = ber_printf( ber, "{it{s{" /*}}}*/, op->o_msgid,
671 LDAP_RES_SEARCH_ENTRY, e->e_dn );
674 Debug( LDAP_DEBUG_ANY, "ber_printf failed\n", 0, 0, 0 );
676 send_ldap_result( conn, op, LDAP_OTHER,
677 NULL, "encoding DN error", NULL, NULL );
681 /* check for special all user attributes ("*") type */
682 userattrs = ( attrs == NULL ) ? 1
683 : charray_inlist( attrs, LDAP_ALL_USER_ATTRIBUTES );
685 /* check for special all operational attributes ("+") type */
686 opattrs = ( attrs == NULL ) ? 0
687 : charray_inlist( attrs, LDAP_ALL_OPERATIONAL_ATTRIBUTES );
689 for ( a = e->e_attrs; a != NULL; a = a->a_next ) {
690 AttributeDescription *desc = a->a_desc;
691 char *type = desc->ad_cname->bv_val;
693 if ( attrs == NULL ) {
694 /* all addrs request, skip operational attributes */
695 if( is_at_operational( desc->ad_type ) )
701 /* specific addrs requested */
702 if ( is_at_operational( desc->ad_type ) )
704 if( !opattrs && !ad_inlist( desc, attrs ) ) {
708 if (!userattrs && !ad_inlist( desc, attrs ) ) {
714 if ( ! access_allowed( be, conn, op, e, desc, NULL, ACL_READ ) ) {
715 Debug( LDAP_DEBUG_ACL, "acl: access to attribute %s not allowed\n",
716 desc->ad_cname->bv_val, 0, 0 );
720 if (( rc = ber_printf( ber, "{s[" /*]}*/ , type )) == -1 ) {
721 Debug( LDAP_DEBUG_ANY, "ber_printf failed\n", 0, 0, 0 );
723 send_ldap_result( conn, op, LDAP_OTHER,
724 NULL, "encoding description error", NULL, NULL );
729 for ( i = 0; a->a_vals[i] != NULL; i++ ) {
730 if ( ! access_allowed( be, conn, op, e,
731 desc, a->a_vals[i], ACL_READ ) )
733 Debug( LDAP_DEBUG_ACL,
734 "acl: access to attribute %s, value %d not allowed\n",
735 desc->ad_cname->bv_val, i, 0 );
739 if (( rc = ber_printf( ber, "O", a->a_vals[i] )) == -1 ) {
740 Debug( LDAP_DEBUG_ANY,
741 "ber_printf failed\n", 0, 0, 0 );
743 send_ldap_result( conn, op, LDAP_OTHER,
744 NULL, "encoding values error", NULL, NULL );
750 if (( rc = ber_printf( ber, /*{[*/ "]N}" )) == -1 ) {
751 Debug( LDAP_DEBUG_ANY, "ber_printf failed\n", 0, 0, 0 );
753 send_ldap_result( conn, op, LDAP_OTHER,
754 NULL, "encode end error", NULL, NULL );
759 /* eventually will loop through generated operational attributes */
760 /* only have subschemaSubentry implemented */
761 aa = backend_operational( be, e );
763 for (a = aa ; a != NULL; a = a->a_next ) {
764 AttributeDescription *desc = a->a_desc;
766 if ( attrs == NULL ) {
767 /* all addrs request, skip operational attributes */
768 if( is_at_operational( desc->ad_type ) ) {
773 /* specific addrs requested */
774 if( is_at_operational( desc->ad_type ) ) {
775 if( !opattrs && !ad_inlist( desc, attrs ) )
780 if (!userattrs && !ad_inlist( desc, attrs ) )
787 if ( ! access_allowed( be, conn, op, e, desc, NULL, ACL_READ ) ) {
788 Debug( LDAP_DEBUG_ACL, "acl: access to attribute %s not allowed\n",
789 desc->ad_cname->bv_val, 0, 0 );
793 rc = ber_printf( ber, "{s[" /*]}*/ , desc->ad_cname->bv_val );
795 Debug( LDAP_DEBUG_ANY, "ber_printf failed\n", 0, 0, 0 );
797 send_ldap_result( conn, op, LDAP_OTHER,
798 NULL, "encoding description error", NULL, NULL );
803 for ( i = 0; a->a_vals[i] != NULL; i++ ) {
804 if ( ! access_allowed( be, conn, op, e,
805 desc, a->a_vals[i], ACL_READ ) )
807 Debug( LDAP_DEBUG_ACL,
808 "acl: access to attribute %s, value %d not allowed\n",
809 desc->ad_cname->bv_val, i, 0 );
814 if (( rc = ber_printf( ber, "O", a->a_vals[i] )) == -1 ) {
815 Debug( LDAP_DEBUG_ANY,
816 "ber_printf failed\n", 0, 0, 0 );
818 send_ldap_result( conn, op, LDAP_OTHER,
819 NULL, "encoding values error", NULL, NULL );
825 if (( rc = ber_printf( ber, /*{[*/ "]N}" )) == -1 ) {
826 Debug( LDAP_DEBUG_ANY, "ber_printf failed\n", 0, 0, 0 );
828 send_ldap_result( conn, op, LDAP_OTHER,
829 NULL, "encode end error", NULL, NULL );
836 rc = ber_printf( ber, /*{{{*/ "}N}N}" );
839 Debug( LDAP_DEBUG_ANY, "ber_printf failed\n", 0, 0, 0 );
841 send_ldap_result( conn, op, LDAP_OTHER,
842 NULL, "encode entry end error", NULL, NULL );
846 bytes = send_ldap_ber( conn, ber );
850 Debug( LDAP_DEBUG_ANY,
851 "send_ldap_response: ber write failed\n",
856 ldap_pvt_thread_mutex_lock( &num_sent_mutex );
857 num_bytes_sent += bytes;
860 ldap_pvt_thread_mutex_unlock( &num_sent_mutex );
862 Statslog( LDAP_DEBUG_STATS2, "conn=%ld op=%ld ENTRY dn=\"%s\"\n",
863 (long) conn->c_connid, (long) op->o_opid, e->e_dn, 0, 0 );
865 Debug( LDAP_DEBUG_TRACE, "<= send_search_entry\n", 0, 0, 0 );
874 send_search_reference(
879 struct berval **refs,
882 struct berval ***v2refs
889 AttributeDescription *ad_ref = slap_schema.si_ad_ref;
890 AttributeDescription *ad_entry = slap_schema.si_ad_entry;
892 Debug( LDAP_DEBUG_TRACE, "=> send_search_reference (%s)\n", e->e_dn, 0, 0 );
894 if ( ! access_allowed( be, conn, op, e,
895 ad_entry, NULL, ACL_READ ) )
897 Debug( LDAP_DEBUG_ACL,
898 "send_search_reference: access to entry not allowed\n",
903 if ( ! access_allowed( be, conn, op, e,
904 ad_ref, NULL, ACL_READ ) )
906 Debug( LDAP_DEBUG_ACL,
907 "send_search_reference: access to reference not allowed\n",
913 Debug( LDAP_DEBUG_ANY,
914 "send_search_reference: null ref in (%s)\n",
919 if( op->o_protocol < LDAP_VERSION3 ) {
920 /* save the references for the result */
921 if( *refs != NULL ) {
922 value_add( v2refs, refs );
927 ber = ber_alloc_t( LBER_USE_DER );
930 Debug( LDAP_DEBUG_ANY,
931 "send_search_reference: ber_alloc failed\n", 0, 0, 0 );
932 send_ldap_result( conn, op, LDAP_OTHER,
933 NULL, "alloc BER error", NULL, NULL );
937 rc = ber_printf( ber, "{it{V}N}", op->o_msgid,
938 LDAP_RES_SEARCH_REFERENCE, refs );
941 Debug( LDAP_DEBUG_ANY,
942 "send_search_reference: ber_printf failed\n", 0, 0, 0 );
944 send_ldap_result( conn, op, LDAP_OTHER,
945 NULL, "encode DN error", NULL, NULL );
949 bytes = send_ldap_ber( conn, ber );
952 ldap_pvt_thread_mutex_lock( &num_sent_mutex );
953 num_bytes_sent += bytes;
956 ldap_pvt_thread_mutex_unlock( &num_sent_mutex );
958 Statslog( LDAP_DEBUG_STATS2, "conn=%ld op=%ld ENTRY dn=\"%s\"\n",
959 (long) conn->c_connid, (long) op->o_opid, e->e_dn, 0, 0 );
961 Debug( LDAP_DEBUG_TRACE, "<= send_search_reference\n", 0, 0, 0 );
978 *code = LDAP_SUCCESS;
982 if ( strncasecmp( s, "RESULT", 6 ) != 0 ) {
983 Debug( LDAP_DEBUG_ANY, "str2result (%s) expecting \"RESULT\"\n",
990 while ( (s = strchr( s, '\n' )) != NULL ) {
995 if ( (c = strchr( s, ':' )) != NULL ) {
999 if ( strncasecmp( s, "code", 4 ) == 0 ) {
1003 } else if ( strncasecmp( s, "matched", 7 ) == 0 ) {
1007 } else if ( strncasecmp( s, "info", 4 ) == 0 ) {
1012 Debug( LDAP_DEBUG_ANY, "str2result (%s) unknown\n",
projects / openldap / blob