1 /* result.c - routines to send ldap results, errors, and referrals */
10 #include <ac/string.h>
13 #include <ac/unistd.h>
15 #include "ldap_defaults.h"
18 /* we need LBER internals */
19 #include "../../libraries/liblber/lber-int.h"
21 static char *v2ref( struct berval **ref )
26 if(ref == NULL) return NULL;
28 len = sizeof("Referral:");
29 v2 = ch_strdup("Referral:");
31 for( i=0; ref[i] != NULL; i++ ) {
32 v2 = ch_realloc( v2, len + ref[i]->bv_len + 1 );
34 memcpy(&v2[len], ref[i]->bv_val, ref[i]->bv_len );
35 len += ref[i]->bv_len;
42 static ber_tag_t req2res( ber_tag_t tag )
47 case LDAP_REQ_COMPARE:
48 case LDAP_REQ_EXTENDED:
55 tag = LDAP_RES_DELETE;
58 case LDAP_REQ_ABANDON:
64 tag = LDAP_RES_SEARCH_RESULT;
74 static void trim_refs_urls(
75 struct berval **refs )
79 if( refs == NULL ) return;
81 for( i=0; refs[i] != NULL; i++ ) {
82 if( refs[i]->bv_len > sizeof("ldap://") &&
83 strncasecmp( refs[i]->bv_val, "ldap://",
84 sizeof("ldap://")-1 ) == 0 )
87 for( j=sizeof("ldap://"); j<refs[i]->bv_len ; j++ ) {
88 if( refs[i]->bv_val[j] = '/' ) {
89 refs[i]->bv_val[j] = '\0';
98 struct berval **get_entry_referrals(
105 struct berval **refs;
108 attr = attr_find( e->e_attrs, "ref" );
110 if( attr == NULL ) return NULL;
112 for( i=0; attr->a_vals[i] != NULL; i++ ) {
113 /* count references */
116 if( i < 1 ) return NULL;
118 refs = ch_malloc( i + 1 );
120 for( i=0, j=0; attr->a_vals[i] != NULL; i++ ) {
122 struct berval *ref = ber_bvdup( attr->a_vals[i] );
125 for( k=0; k<ref->bv_len; k++ ) {
126 if( isspace(ref->bv_val[k]) ) {
127 ref->bv_val[k] = '\0';
133 if( ref->bv_len > 0 ) {
144 ber_bvecfree( refs );
148 /* we should check that a referral value exists... */
153 static long send_ldap_ber(
157 ber_len_t bytes = ber_pvt_ber_bytes( ber );
159 /* write only one pdu at a time - wait til it's our turn */
160 ldap_pvt_thread_mutex_lock( &conn->c_write_mutex );
162 /* lock the connection */
163 ldap_pvt_thread_mutex_lock( &conn->c_mutex );
169 if ( connection_state_closing( conn ) ) {
170 ldap_pvt_thread_mutex_unlock( &conn->c_mutex );
171 ldap_pvt_thread_mutex_unlock( &conn->c_write_mutex );
176 if ( ber_flush( conn->c_sb, ber, 0 ) == 0 ) {
183 * we got an error. if it's ewouldblock, we need to
184 * wait on the socket being writable. otherwise, figure
185 * it's a hard error and return.
188 Debug( LDAP_DEBUG_CONNS, "ber_flush failed errno=%d reason=\"%s\"\n",
189 err, err > -1 && err < sys_nerr ? sys_errlist[err]
192 if ( err != EWOULDBLOCK && err != EAGAIN ) {
193 connection_closing( conn );
195 ldap_pvt_thread_mutex_unlock( &conn->c_mutex );
196 ldap_pvt_thread_mutex_unlock( &conn->c_write_mutex );
201 /* wait for socket to be write-ready */
202 conn->c_writewaiter = 1;
203 slapd_set_write( ber_pvt_sb_get_desc( conn->c_sb ), 1 );
205 ldap_pvt_thread_cond_wait( &conn->c_write_cv, &conn->c_mutex );
206 conn->c_writewaiter = 0;
209 ldap_pvt_thread_mutex_unlock( &conn->c_mutex );
210 ldap_pvt_thread_mutex_unlock( &conn->c_write_mutex );
226 struct berval *resdata,
234 assert( ctrls == NULL ); /* ctrls not implemented */
236 ber = ber_alloc_t( LBER_USE_DER );
238 Debug( LDAP_DEBUG_TRACE, "send_ldap_response: msgid=%ld tag=%ld err=%ld\n",
239 (long) msgid, (long) tag, (long) err );
242 Debug( LDAP_DEBUG_ANY, "ber_alloc failed\n", 0, 0, 0 );
246 #ifdef LDAP_CONNECTIONLESS
248 rc = ber_printf( ber, "{is{t{ess}}}", msgid, "", tag,
249 err, matched ? matched : "", text ? text : "" );
253 rc = ber_printf( ber, "{it{ess",
255 matched == NULL ? "" : matched,
256 text == NULL ? "" : text );
258 if( rc != -1 && ref != NULL ) {
259 rc = ber_printf( ber, "{V}", ref );
262 if( rc != -1 && resoid != NULL ) {
263 rc = ber_printf( ber, "s", resoid );
266 if( rc != -1 && resdata != NULL ) {
267 rc = ber_printf( ber, "O", resdata );
272 rc = ber_printf( ber, "}}" );
277 Debug( LDAP_DEBUG_ANY, "ber_printf failed\n", 0, 0, 0 );
283 bytes = send_ldap_ber( conn, ber );
287 Debug( LDAP_DEBUG_ANY,
288 "send_ldap_response: ber write failed\n",
293 ldap_pvt_thread_mutex_lock( &num_sent_mutex );
294 num_bytes_sent += bytes;
296 ldap_pvt_thread_mutex_unlock( &num_sent_mutex );
302 send_ldap_disconnect(
313 #define LDAP_UNSOLICITED_ERROR(e) \
314 ( (e) == LDAP_PROTOCOL_ERROR \
315 || (e) == LDAP_STRONG_AUTH_REQUIRED \
316 || (e) == LDAP_UNAVAILABLE )
318 assert( LDAP_UNSOLICITED_ERROR( err ) );
320 Debug( LDAP_DEBUG_TRACE,
321 "send_ldap_disconnect %d:%s\n",
322 err, text ? text : "", NULL );
324 if ( op->o_protocol < LDAP_VERSION3 ) {
326 tag = req2res( op->o_tag );
327 msgid = (tag != LBER_SEQUENCE) ? op->o_msgid : 0;
330 reqoid = LDAP_NOTICE_DISCONNECT;
331 tag = LDAP_RES_EXTENDED;
335 #ifdef LDAP_CONNECTIONLESS
337 ber_pvt_sb_udp_set_dst( conn->c_sb, &op->o_clientaddr );
338 Debug( LDAP_DEBUG_TRACE, "UDP response to %s port %d\n",
339 inet_ntoa(((struct sockaddr_in *)
340 &op->o_clientaddr)->sin_addr ),
341 ((struct sockaddr_in *) &op->o_clientaddr)->sin_port,
345 send_ldap_response( conn, op, tag, msgid,
346 err, NULL, text, NULL,
347 reqoid, NULL, NULL );
349 Statslog( LDAP_DEBUG_STATS,
350 "conn=%ld op=%ld DISCONNECT err=%ld tag=%lu text=%s\n",
351 (long) op->o_connid, (long) op->o_opid,
352 (long) tag, (long) err, text ? text : "" );
370 assert( !LDAP_API_ERROR( err ) );
372 Debug( LDAP_DEBUG_TRACE, "send_ldap_result: conn=%ld op=%ld p=%d\n",
373 (long) op->o_connid, (long) op->o_opid, op->o_protocol );
374 Debug( LDAP_DEBUG_ARGS, "send_ldap_result: %d:%s:%s\n",
375 err, matched ? matched : "", text ? text : "" );
377 assert( err != LDAP_PARTIAL_RESULTS );
379 if( op->o_tag != LDAP_REQ_SEARCH ) {
380 trim_refs_urls( ref );
383 if ( err == LDAP_REFERRAL ) {
385 err = LDAP_NO_SUCH_OBJECT;
386 } else if ( op->o_protocol < LDAP_VERSION3 ) {
387 err = LDAP_PARTIAL_RESULTS;
394 tag = req2res( op->o_tag );
395 msgid = (tag != LBER_SEQUENCE) ? op->o_msgid : 0;
397 #ifdef LDAP_CONNECTIONLESS
399 ber_pvt_sb_udp_set_dst( conn->c_sb, &op->o_clientaddr );
400 Debug( LDAP_DEBUG_TRACE, "UDP response to %s port %d\n",
401 inet_ntoa(((struct sockaddr_in *)
402 &op->o_clientaddr)->sin_addr ),
403 ((struct sockaddr_in *) &op->o_clientaddr)->sin_port,
408 send_ldap_response( conn, op, tag, msgid,
409 err, matched, text, ref,
412 Statslog( LDAP_DEBUG_STATS,
413 "conn=%ld op=%ld RESULT tag=%lu err=%ld text=%s\n",
414 (long) op->o_connid, (long) op->o_opid,
415 (long) tag, (long) err, text ? text : "" );
430 struct berval **refs,
438 assert( !LDAP_API_ERROR( err ) );
440 Debug( LDAP_DEBUG_TRACE, "send_ldap_search_result %d:%s:%s\n",
441 err, matched ? matched : "", text ? text : "" );
443 assert( err != LDAP_PARTIAL_RESULTS );
445 trim_refs_urls( refs );
447 if( op->o_protocol < LDAP_VERSION3 ) {
448 /* send references in search results */
449 if( err == LDAP_REFERRAL ) {
450 err = LDAP_PARTIAL_RESULTS;
458 /* don't send references in search results */
459 assert( refs == NULL );
462 if( err == LDAP_REFERRAL ) {
467 tag = req2res( op->o_tag );
468 msgid = (tag != LBER_SEQUENCE) ? op->o_msgid : 0;
470 #ifdef LDAP_CONNECTIONLESS
472 ber_pvt_sb_udp_set_dst( &conn->c_sb, &op->o_clientaddr );
473 Debug( LDAP_DEBUG_TRACE, "UDP response to %s port %d\n",
474 inet_ntoa(((struct sockaddr_in *)
475 &op->o_clientaddr)->sin_addr ),
476 ((struct sockaddr_in *) &op->o_clientaddr)->sin_port,
481 send_ldap_response( conn, op, tag, msgid,
482 err, matched, text, refs,
485 Statslog( LDAP_DEBUG_STATS,
486 "conn=%ld op=%ld SEARCH RESULT tag=%lu err=%ld text=%s\n",
487 (long) op->o_connid, (long) op->o_opid,
488 (long) tag, (long) err, text ? text : "" );
512 Debug( LDAP_DEBUG_TRACE, "=> send_search_entry: \"%s\"\n", e->e_dn, 0, 0 );
514 if ( ! access_allowed( be, conn, op, e,
515 "entry", NULL, ACL_READ ) )
517 Debug( LDAP_DEBUG_ACL, "acl: access to entry not allowed\n",
524 ber = ber_alloc_t( LBER_USE_DER );
527 Debug( LDAP_DEBUG_ANY, "ber_alloc failed\n", 0, 0, 0 );
528 send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR,
529 NULL, "allocating BER error", NULL, NULL );
533 rc = ber_printf( ber, "{it{s{", op->o_msgid,
534 LDAP_RES_SEARCH_ENTRY, e->e_dn );
537 Debug( LDAP_DEBUG_ANY, "ber_printf failed\n", 0, 0, 0 );
539 send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR,
540 NULL, "encoding dn error", NULL, NULL );
544 /* check for special all user attributes ("*") type */
545 userattrs = ( attrs == NULL ) ? 1
546 : charray_inlist( attrs, LDAP_ALL_USER_ATTRIBUTES );
548 /* check for special all operational attributes ("+") type */
549 opattrs = ( attrs == NULL ) ? 0
550 : charray_inlist( attrs, LDAP_ALL_OPERATIONAL_ATTRIBUTES );
552 for ( a = e->e_attrs; a != NULL; a = a->a_next ) {
553 regmatch_t matches[MAXREMATCHES];
555 if ( attrs == NULL ) {
556 /* all addrs request, skip operational attributes */
557 if( !opattrs && oc_check_operational_attr( a->a_type ) ) {
562 /* specific addrs requested */
563 if ( oc_check_operational_attr( a->a_type ) ) {
564 if( !opattrs && !charray_inlist( attrs, a->a_type ) )
569 if (!userattrs && !charray_inlist( attrs, a->a_type ) )
576 acl = acl_get_applicable( be, op, e, a->a_type,
577 MAXREMATCHES, matches );
579 if ( ! acl_access_allowed( acl, a->a_type, be, conn, e,
580 NULL, op, ACL_READ, edn, matches ) )
585 if (( rc = ber_printf( ber, "{s[" /*]}*/ , a->a_type )) == -1 ) {
586 Debug( LDAP_DEBUG_ANY, "ber_printf failed\n", 0, 0, 0 );
588 send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR,
589 NULL, "encoding type error", NULL, NULL );
594 for ( i = 0; a->a_vals[i] != NULL; i++ ) {
595 if ( a->a_syntax & SYNTAX_DN &&
596 ! acl_access_allowed( acl, a->a_type, be, conn, e, a->a_vals[i], op,
597 ACL_READ, edn, matches) )
602 if (( rc = ber_printf( ber, "O", a->a_vals[i] )) == -1 ) {
603 Debug( LDAP_DEBUG_ANY,
604 "ber_printf failed\n", 0, 0, 0 );
606 send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR,
607 NULL, "encoding value error", NULL, NULL );
613 if (( rc = ber_printf( ber, /*{[*/ "]}" )) == -1 ) {
614 Debug( LDAP_DEBUG_ANY, "ber_printf failed\n", 0, 0, 0 );
616 send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR,
617 NULL, "encode end error", NULL, NULL );
622 #ifdef SLAPD_SCHEMA_DN
623 /* eventually will loop through generated operational attributes */
624 /* only have subschemaSubentry implemented */
625 a = backend_subschemasubentry( be );
628 regmatch_t matches[MAXREMATCHES];
630 if ( attrs == NULL ) {
631 /* all addrs request, skip operational attributes */
632 if( !opattrs && oc_check_operational_attr( a->a_type ) ) {
637 /* specific addrs requested */
638 if ( oc_check_operational_attr( a->a_type ) ) {
639 if( !opattrs && !charray_inlist( attrs, a->a_type ) )
644 if (!userattrs && !charray_inlist( attrs, a->a_type ) )
651 acl = acl_get_applicable( be, op, e, a->a_type,
652 MAXREMATCHES, matches );
654 if ( ! acl_access_allowed( acl, a->a_type, be, conn, e,
655 NULL, op, ACL_READ, edn, matches ) )
660 if (( rc = ber_printf( ber, "{s[" /*]}*/ , a->a_type )) == -1 ) {
661 Debug( LDAP_DEBUG_ANY, "ber_printf failed\n", 0, 0, 0 );
663 send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR,
664 NULL, "encoding type error", NULL, NULL );
669 for ( i = 0; a->a_vals[i] != NULL; i++ ) {
670 if ( a->a_syntax & SYNTAX_DN &&
671 ! acl_access_allowed( acl, a->a_type, be, conn, e, a->a_vals[i], op,
672 ACL_READ, edn, matches) )
677 if (( rc = ber_printf( ber, "O", a->a_vals[i] )) == -1 ) {
678 Debug( LDAP_DEBUG_ANY,
679 "ber_printf failed\n", 0, 0, 0 );
681 send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR,
682 NULL, "encoding value error", NULL, NULL );
688 if (( rc = ber_printf( ber, /*{[*/ "]}" )) == -1 ) {
689 Debug( LDAP_DEBUG_ANY, "ber_printf failed\n", 0, 0, 0 );
691 send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR,
692 NULL, "encode end error", NULL, NULL );
698 rc = ber_printf( ber, /*{{{*/ "}}}" );
701 Debug( LDAP_DEBUG_ANY, "ber_printf failed\n", 0, 0, 0 );
703 send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR,
704 NULL, "encode entry end error", NULL, NULL );
708 bytes = send_ldap_ber( conn, ber );
712 Debug( LDAP_DEBUG_ANY,
713 "send_ldap_response: ber write failed\n",
718 ldap_pvt_thread_mutex_lock( &num_sent_mutex );
719 num_bytes_sent += bytes;
722 ldap_pvt_thread_mutex_unlock( &num_sent_mutex );
724 Statslog( LDAP_DEBUG_STATS2, "conn=%ld op=%ld ENTRY dn=\"%s\"\n",
725 (long) conn->c_connid, (long) op->o_opid, e->e_dn, 0, 0 );
727 Debug( LDAP_DEBUG_TRACE, "<= send_search_entry\n", 0, 0, 0 );
736 send_search_reference(
741 struct berval **refs,
744 struct berval ***v2refs
751 Debug( LDAP_DEBUG_TRACE, "=> send_search_reference (%s)\n", e->e_dn, 0, 0 );
753 if ( ! access_allowed( be, conn, op, e,
754 "entry", NULL, ACL_READ ) )
756 Debug( LDAP_DEBUG_ACL,
757 "send_search_reference: access to entry not allowed\n",
762 if ( ! access_allowed( be, conn, op, e,
763 "ref", NULL, ACL_READ ) )
765 Debug( LDAP_DEBUG_ACL,
766 "send_search_reference: access to reference not allowed\n",
772 Debug( LDAP_DEBUG_ANY,
773 "send_search_reference: null ref in (%s)\n",
778 if( op->o_protocol < LDAP_VERSION3 ) {
779 /* save the references for the result */
780 if( *refs == NULL ) {
781 value_add( v2refs, refs );
786 ber = ber_alloc_t( LBER_USE_DER );
789 Debug( LDAP_DEBUG_ANY,
790 "send_search_reference: ber_alloc failed\n", 0, 0, 0 );
791 send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR,
792 NULL, "alloc BER error", NULL, NULL );
796 rc = ber_printf( ber, "{it{V}}", op->o_msgid,
797 LDAP_RES_SEARCH_REFERENCE, refs );
800 Debug( LDAP_DEBUG_ANY,
801 "send_search_reference: ber_printf failed\n", 0, 0, 0 );
803 send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR,
804 NULL, "encode dn error", NULL, NULL );
808 bytes = send_ldap_ber( conn, ber );
811 ldap_pvt_thread_mutex_lock( &num_sent_mutex );
812 num_bytes_sent += bytes;
815 ldap_pvt_thread_mutex_unlock( &num_sent_mutex );
817 Statslog( LDAP_DEBUG_STATS2, "conn=%ld op=%ld ENTRY dn=\"%s\"\n",
818 (long) conn->c_connid, (long) op->o_opid, e->e_dn, 0, 0 );
820 Debug( LDAP_DEBUG_TRACE, "<= send_search_reference\n", 0, 0, 0 );
837 *code = LDAP_SUCCESS;
841 if ( strncasecmp( s, "RESULT", 6 ) != 0 ) {
842 Debug( LDAP_DEBUG_ANY, "str2result (%s) expecting \"RESULT\"\n",
849 while ( (s = strchr( s, '\n' )) != NULL ) {
854 if ( (c = strchr( s, ':' )) != NULL ) {
858 if ( strncasecmp( s, "code", 4 ) == 0 ) {
862 } else if ( strncasecmp( s, "matched", 7 ) == 0 ) {
866 } else if ( strncasecmp( s, "info", 4 ) == 0 ) {
871 Debug( LDAP_DEBUG_ANY, "str2result (%s) unknown\n",
projects / openldap / blob