1 /* result.c - routines to send ldap results, errors, and referrals */
4 * Copyright 1998-2000 The OpenLDAP Foundation, All Rights Reserved.
5 * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
12 #include <ac/socket.h>
14 #include <ac/signal.h>
15 #include <ac/string.h>
18 #include <ac/unistd.h>
22 static char *v2ref( struct berval **ref, const char *text )
24 size_t len = 0, i = 0;
29 return ch_strdup(text);
37 if (text[len-1] != '\n') {
42 v2 = ch_malloc( len+i+sizeof("Referral:") );
49 strcpy( v2+len, "Referral:" );
50 len += sizeof("Referral:");
52 for( i=0; ref[i] != NULL; i++ ) {
53 v2 = ch_realloc( v2, len + ref[i]->bv_len + 1 );
55 AC_MEMCPY(&v2[len], ref[i]->bv_val, ref[i]->bv_len );
56 len += ref[i]->bv_len;
57 if (ref[i]->bv_val[ref[i]->bv_len-1] != '/') {
66 static ber_tag_t req2res( ber_tag_t tag )
71 case LDAP_REQ_COMPARE:
72 case LDAP_REQ_EXTENDED:
79 tag = LDAP_RES_DELETE;
82 case LDAP_REQ_ABANDON:
88 tag = LDAP_RES_SEARCH_RESULT;
98 static void trim_refs_urls(
99 struct berval **refs )
103 if( refs == NULL ) return;
105 for( i=0; refs[i] != NULL; i++ ) {
106 if( refs[i]->bv_len > sizeof("ldap://")-1 &&
107 strncasecmp( refs[i]->bv_val, "ldap://",
108 sizeof("ldap://")-1 ) == 0 )
111 for( j=sizeof("ldap://")-1; j<refs[i]->bv_len ; j++ ) {
112 if( refs[i]->bv_val[j] == '/' ) {
113 refs[i]->bv_val[j] = '\0';
122 struct berval **get_entry_referrals(
129 struct berval **refs;
132 AttributeDescription *ad_ref = slap_schema.si_ad_ref;
134 attr = attr_find( e->e_attrs, ad_ref );
136 if( attr == NULL ) return NULL;
138 for( i=0; attr->a_vals[i] != NULL; i++ ) {
139 /* count references */
142 if( i < 1 ) return NULL;
144 refs = ch_malloc( (i + 1) * sizeof(struct berval *));
146 for( i=0, j=0; attr->a_vals[i] != NULL; i++ ) {
148 struct berval *ref = ber_bvdup( attr->a_vals[i] );
151 for( k=0; k<ref->bv_len; k++ ) {
152 if( isspace(ref->bv_val[k]) ) {
153 ref->bv_val[k] = '\0';
159 if( ref->bv_len > 0 ) {
170 ber_bvecfree( refs );
174 /* we should check that a referral value exists... */
179 static long send_ldap_ber(
185 ber_get_option( ber, LBER_OPT_BER_BYTES_TO_WRITE, &bytes );
187 /* write only one pdu at a time - wait til it's our turn */
188 ldap_pvt_thread_mutex_lock( &conn->c_write_mutex );
190 /* lock the connection */
191 ldap_pvt_thread_mutex_lock( &conn->c_mutex );
198 if ( connection_state_closing( conn ) ) {
199 ldap_pvt_thread_mutex_unlock( &conn->c_mutex );
200 ldap_pvt_thread_mutex_unlock( &conn->c_write_mutex );
205 if ( ber_flush( conn->c_sb, ber, 0 ) == 0 ) {
212 * we got an error. if it's ewouldblock, we need to
213 * wait on the socket being writable. otherwise, figure
214 * it's a hard error and return.
217 Debug( LDAP_DEBUG_CONNS, "ber_flush failed errno=%d reason=\"%s\"\n",
218 err, sock_errstr(err), 0 );
220 if ( err != EWOULDBLOCK && err != EAGAIN ) {
221 connection_closing( conn );
223 ldap_pvt_thread_mutex_unlock( &conn->c_mutex );
224 ldap_pvt_thread_mutex_unlock( &conn->c_write_mutex );
229 /* wait for socket to be write-ready */
230 conn->c_writewaiter = 1;
231 ber_sockbuf_ctrl( conn->c_sb, LBER_SB_OPT_GET_FD, &sd );
232 slapd_set_write( sd, 1 );
234 ldap_pvt_thread_cond_wait( &conn->c_write_cv, &conn->c_mutex );
235 conn->c_writewaiter = 0;
238 ldap_pvt_thread_mutex_unlock( &conn->c_mutex );
239 ldap_pvt_thread_mutex_unlock( &conn->c_write_mutex );
255 struct berval *resdata,
256 struct berval *sasldata,
264 assert( ctrls == NULL ); /* ctrls not implemented */
266 ber = ber_alloc_t( LBER_USE_DER );
268 Debug( LDAP_DEBUG_TRACE,
269 "send_ldap_response: msgid=%ld tag=%ld err=%ld\n",
270 (long) msgid, (long) tag, (long) err );
273 Debug( LDAP_DEBUG_ARGS, "send_ldap_response: ref=\"%s\"\n",
274 ref[0] && ref[0]->bv_val ? ref[0]->bv_val : "NULL",
279 Debug( LDAP_DEBUG_ANY, "ber_alloc failed\n", 0, 0, 0 );
283 rc = ber_printf( ber, "{it{ess",
285 matched == NULL ? "" : matched,
286 text == NULL ? "" : text );
290 assert( err == LDAP_REFERRAL );
291 rc = ber_printf( ber, "t{V}",
292 LDAP_TAG_REFERRAL, ref );
294 assert( err != LDAP_REFERRAL );
298 if( rc != -1 && sasldata != NULL ) {
299 rc = ber_printf( ber, "tO",
300 LDAP_TAG_SASL_RES_CREDS, sasldata );
303 if( rc != -1 && resoid != NULL ) {
304 rc = ber_printf( ber, "ts",
305 LDAP_TAG_EXOP_RES_OID, resoid );
308 if( rc != -1 && resdata != NULL ) {
309 rc = ber_printf( ber, "tO",
310 LDAP_TAG_EXOP_RES_VALUE, resdata );
314 rc = ber_printf( ber, "N}N}" );
318 Debug( LDAP_DEBUG_ANY, "ber_printf failed\n", 0, 0, 0 );
324 bytes = send_ldap_ber( conn, ber );
328 Debug( LDAP_DEBUG_ANY,
329 "send_ldap_response: ber write failed\n",
334 ldap_pvt_thread_mutex_lock( &num_sent_mutex );
335 num_bytes_sent += bytes;
337 ldap_pvt_thread_mutex_unlock( &num_sent_mutex );
343 send_ldap_disconnect(
354 #define LDAP_UNSOLICITED_ERROR(e) \
355 ( (e) == LDAP_PROTOCOL_ERROR \
356 || (e) == LDAP_STRONG_AUTH_REQUIRED \
357 || (e) == LDAP_UNAVAILABLE )
359 assert( LDAP_UNSOLICITED_ERROR( err ) );
361 Debug( LDAP_DEBUG_TRACE,
362 "send_ldap_disconnect %d:%s\n",
363 err, text ? text : "", NULL );
365 if ( op->o_protocol < LDAP_VERSION3 ) {
367 tag = req2res( op->o_tag );
368 msgid = (tag != LBER_SEQUENCE) ? op->o_msgid : 0;
371 reqoid = LDAP_NOTICE_DISCONNECT;
372 tag = LDAP_RES_EXTENDED;
376 send_ldap_response( conn, op, tag, msgid,
377 err, NULL, text, NULL,
378 reqoid, NULL, NULL, NULL );
380 Statslog( LDAP_DEBUG_STATS,
381 "conn=%ld op=%ld DISCONNECT err=%ld tag=%lu text=%s\n",
382 (long) op->o_connid, (long) op->o_opid,
383 (long) tag, (long) err, text ? text : "" );
401 assert( !LDAP_API_ERROR( err ) );
403 Debug( LDAP_DEBUG_TRACE,
404 "send_ldap_result: conn=%ld op=%ld p=%d\n",
405 (long) op->o_connid, (long) op->o_opid, op->o_protocol );
406 Debug( LDAP_DEBUG_ARGS,
407 "send_ldap_result: err=%d matched=\"%s\" text=\"%s\"\n",
408 err, matched ? matched : "", text ? text : "" );
411 Debug( LDAP_DEBUG_ARGS,
412 "send_ldap_result: referral=\"%s\"\n",
413 ref[0] && ref[0]->bv_val ? ref[0]->bv_val : "NULL",
417 assert( err != LDAP_PARTIAL_RESULTS );
419 if( op->o_tag != LDAP_REQ_SEARCH ) {
420 trim_refs_urls( ref );
423 if ( err == LDAP_REFERRAL ) {
425 err = LDAP_NO_SUCH_OBJECT;
426 } else if ( op->o_protocol < LDAP_VERSION3 ) {
427 err = LDAP_PARTIAL_RESULTS;
431 if ( op->o_protocol < LDAP_VERSION3 ) {
432 tmp = v2ref( ref, text );
437 tag = req2res( op->o_tag );
438 msgid = (tag != LBER_SEQUENCE) ? op->o_msgid : 0;
440 send_ldap_response( conn, op, tag, msgid,
441 err, matched, text, ref,
442 NULL, NULL, NULL, ctrls );
444 Statslog( LDAP_DEBUG_STATS,
445 "conn=%ld op=%ld RESULT tag=%lu err=%ld text=%s\n",
446 (long) op->o_connid, (long) op->o_opid,
447 (long) tag, (long) err, text ? text : "" );
469 Debug( LDAP_DEBUG_TRACE, "send_ldap_sasl: err=%ld len=%ld\n",
470 (long) err, cred ? cred->bv_len : -1, NULL );
472 tag = req2res( op->o_tag );
473 msgid = (tag != LBER_SEQUENCE) ? op->o_msgid : 0;
475 send_ldap_response( conn, op, tag, msgid,
476 err, matched, text, ref,
477 NULL, NULL, cred, ctrls );
487 struct berval **refs,
489 struct berval *rspdata,
496 Debug( LDAP_DEBUG_TRACE,
497 "send_ldap_extended err=%ld oid=%s len=%ld\n",
499 rspoid ? rspoid : "",
500 rspdata != NULL ? (long) rspdata->bv_len : (long) 0 );
502 tag = req2res( op->o_tag );
503 msgid = (tag != LBER_SEQUENCE) ? op->o_msgid : 0;
505 send_ldap_response( conn, op, tag, msgid,
506 err, matched, text, refs,
507 rspoid, rspdata, NULL, ctrls );
518 struct berval **refs,
526 assert( !LDAP_API_ERROR( err ) );
528 Debug( LDAP_DEBUG_TRACE,
529 "send_search_result: err=%d matched=\"%s\" text=\"%s\"\n",
530 err, matched ? matched : "", text ? text : "" );
532 assert( err != LDAP_PARTIAL_RESULTS );
534 trim_refs_urls( refs );
536 if( op->o_protocol < LDAP_VERSION3 ) {
537 /* send references in search results */
538 if( err == LDAP_REFERRAL ) {
539 err = LDAP_PARTIAL_RESULTS;
542 tmp = v2ref( refs, text );
547 /* don't send references in search results */
548 assert( refs == NULL );
551 if( err == LDAP_REFERRAL ) {
556 tag = req2res( op->o_tag );
557 msgid = (tag != LBER_SEQUENCE) ? op->o_msgid : 0;
559 send_ldap_response( conn, op, tag, msgid,
560 err, matched, text, refs,
561 NULL, NULL, NULL, ctrls );
563 Statslog( LDAP_DEBUG_STATS,
564 "conn=%ld op=%ld SEARCH RESULT tag=%lu err=%ld text=%s\n",
565 (long) op->o_connid, (long) op->o_opid,
566 (long) tag, (long) err, text ? text : "" );
592 AttributeDescription *ad_entry = slap_schema.si_ad_entry;
594 Debug( LDAP_DEBUG_TRACE,
595 "=> send_search_entry: dn=\"%s\"%s\n",
596 e->e_dn, attrsonly ? " (attrsOnly)" : "", 0 );
598 if ( ! access_allowed( be, conn, op, e,
599 ad_entry, NULL, ACL_READ ) )
601 Debug( LDAP_DEBUG_ACL,
602 "send_search_entry: access to entry not allowed\n",
609 ber = ber_alloc_t( LBER_USE_DER );
612 Debug( LDAP_DEBUG_ANY, "ber_alloc failed\n", 0, 0, 0 );
613 send_ldap_result( conn, op, LDAP_OTHER,
614 NULL, "BER allocation error", NULL, NULL );
618 rc = ber_printf( ber, "{it{s{" /*}}}*/, op->o_msgid,
619 LDAP_RES_SEARCH_ENTRY, e->e_dn );
622 Debug( LDAP_DEBUG_ANY, "ber_printf failed\n", 0, 0, 0 );
624 send_ldap_result( conn, op, LDAP_OTHER,
625 NULL, "encoding DN error", NULL, NULL );
629 /* check for special all user attributes ("*") type */
630 userattrs = ( attrs == NULL ) ? 1
631 : charray_inlist( attrs, LDAP_ALL_USER_ATTRIBUTES );
633 /* check for special all operational attributes ("+") type */
634 opattrs = ( attrs == NULL ) ? 0
635 : charray_inlist( attrs, LDAP_ALL_OPERATIONAL_ATTRIBUTES );
637 for ( a = e->e_attrs; a != NULL; a = a->a_next ) {
638 AttributeDescription *desc = a->a_desc;
639 char *type = desc->ad_cname->bv_val;
641 if ( attrs == NULL ) {
642 /* all addrs request, skip operational attributes */
643 if( is_at_operational( desc->ad_type ) ) {
648 /* specific addrs requested */
649 if ( is_at_operational( desc->ad_type ) ) {
650 if( !opattrs && !ad_inlist( desc, attrs ) ) {
655 if (!userattrs && !ad_inlist( desc, attrs ) ) {
661 if ( ! access_allowed( be, conn, op, e, desc, NULL, ACL_READ ) ) {
662 Debug( LDAP_DEBUG_ACL, "acl: access to attribute %s not allowed\n",
663 desc->ad_cname->bv_val, 0, 0 );
667 if (( rc = ber_printf( ber, "{s[" /*]}*/ , type )) == -1 ) {
668 Debug( LDAP_DEBUG_ANY, "ber_printf failed\n", 0, 0, 0 );
670 send_ldap_result( conn, op, LDAP_OTHER,
671 NULL, "encoding description error", NULL, NULL );
676 for ( i = 0; a->a_vals[i] != NULL; i++ ) {
677 if ( ! access_allowed( be, conn, op, e,
678 desc, a->a_vals[i], ACL_READ ) )
680 Debug( LDAP_DEBUG_ACL,
681 "acl: access to attribute %s, value %d not allowed\n",
682 desc->ad_cname->bv_val, i, 0 );
686 if (( rc = ber_printf( ber, "O", a->a_vals[i] )) == -1 ) {
687 Debug( LDAP_DEBUG_ANY,
688 "ber_printf failed\n", 0, 0, 0 );
690 send_ldap_result( conn, op, LDAP_OTHER,
691 NULL, "encoding values error", NULL, NULL );
697 if (( rc = ber_printf( ber, /*{[*/ "]N}" )) == -1 ) {
698 Debug( LDAP_DEBUG_ANY, "ber_printf failed\n", 0, 0, 0 );
700 send_ldap_result( conn, op, LDAP_OTHER,
701 NULL, "encode end error", NULL, NULL );
706 /* eventually will loop through generated operational attributes */
707 /* only have subschemaSubentry implemented */
708 aa = backend_operational( be, conn, op, e );
710 for (a = aa ; a != NULL; a = a->a_next ) {
711 AttributeDescription *desc = a->a_desc;
713 if ( attrs == NULL ) {
714 /* all addrs request, skip operational attributes */
715 if( is_at_operational( desc->ad_type ) ) {
720 /* specific addrs requested */
721 if( is_at_operational( desc->ad_type ) ) {
722 if( !opattrs && !ad_inlist( desc, attrs ) ) {
726 if (!userattrs && !ad_inlist( desc, attrs ) )
733 if ( ! access_allowed( be, conn, op, e, desc, NULL, ACL_READ ) ) {
734 Debug( LDAP_DEBUG_ACL, "acl: access to attribute %s not allowed\n",
735 desc->ad_cname->bv_val, 0, 0 );
739 rc = ber_printf( ber, "{s[" /*]}*/ , desc->ad_cname->bv_val );
741 Debug( LDAP_DEBUG_ANY, "ber_printf failed\n", 0, 0, 0 );
743 send_ldap_result( conn, op, LDAP_OTHER,
744 NULL, "encoding description error", NULL, NULL );
749 for ( i = 0; a->a_vals[i] != NULL; i++ ) {
750 if ( ! access_allowed( be, conn, op, e,
751 desc, a->a_vals[i], ACL_READ ) )
753 Debug( LDAP_DEBUG_ACL,
754 "acl: access to attribute %s, value %d not allowed\n",
755 desc->ad_cname->bv_val, i, 0 );
760 if (( rc = ber_printf( ber, "O", a->a_vals[i] )) == -1 ) {
761 Debug( LDAP_DEBUG_ANY,
762 "ber_printf failed\n", 0, 0, 0 );
764 send_ldap_result( conn, op, LDAP_OTHER,
765 NULL, "encoding values error", NULL, NULL );
771 if (( rc = ber_printf( ber, /*{[*/ "]N}" )) == -1 ) {
772 Debug( LDAP_DEBUG_ANY, "ber_printf failed\n", 0, 0, 0 );
774 send_ldap_result( conn, op, LDAP_OTHER,
775 NULL, "encode end error", NULL, NULL );
782 rc = ber_printf( ber, /*{{{*/ "}N}N}" );
785 Debug( LDAP_DEBUG_ANY, "ber_printf failed\n", 0, 0, 0 );
787 send_ldap_result( conn, op, LDAP_OTHER,
788 NULL, "encode entry end error", NULL, NULL );
792 bytes = send_ldap_ber( conn, ber );
796 Debug( LDAP_DEBUG_ANY,
797 "send_ldap_response: ber write failed\n",
802 ldap_pvt_thread_mutex_lock( &num_sent_mutex );
803 num_bytes_sent += bytes;
806 ldap_pvt_thread_mutex_unlock( &num_sent_mutex );
808 Statslog( LDAP_DEBUG_STATS2, "conn=%ld op=%ld ENTRY dn=\"%s\"\n",
809 (long) conn->c_connid, (long) op->o_opid, e->e_dn, 0, 0 );
811 Debug( LDAP_DEBUG_TRACE, "<= send_search_entry\n", 0, 0, 0 );
820 send_search_reference(
825 struct berval **refs,
828 struct berval ***v2refs
835 AttributeDescription *ad_ref = slap_schema.si_ad_ref;
836 AttributeDescription *ad_entry = slap_schema.si_ad_entry;
838 Debug( LDAP_DEBUG_TRACE,
839 "=> send_search_reference: dn=\"%s\"\n",
842 if ( ! access_allowed( be, conn, op, e,
843 ad_entry, NULL, ACL_READ ) )
845 Debug( LDAP_DEBUG_ACL,
846 "send_search_reference: access to entry not allowed\n",
851 if ( ! access_allowed( be, conn, op, e,
852 ad_ref, NULL, ACL_READ ) )
854 Debug( LDAP_DEBUG_ACL,
855 "send_search_reference: access to reference not allowed\n",
861 Debug( LDAP_DEBUG_ANY,
862 "send_search_reference: null ref in (%s)\n",
867 if( op->o_protocol < LDAP_VERSION3 ) {
868 /* save the references for the result */
869 if( *refs != NULL ) {
870 value_add( v2refs, refs );
875 ber = ber_alloc_t( LBER_USE_DER );
878 Debug( LDAP_DEBUG_ANY,
879 "send_search_reference: ber_alloc failed\n", 0, 0, 0 );
880 send_ldap_result( conn, op, LDAP_OTHER,
881 NULL, "alloc BER error", NULL, NULL );
885 rc = ber_printf( ber, "{it{V}N}", op->o_msgid,
886 LDAP_RES_SEARCH_REFERENCE, refs );
889 Debug( LDAP_DEBUG_ANY,
890 "send_search_reference: ber_printf failed\n", 0, 0, 0 );
892 send_ldap_result( conn, op, LDAP_OTHER,
893 NULL, "encode DN error", NULL, NULL );
897 bytes = send_ldap_ber( conn, ber );
900 ldap_pvt_thread_mutex_lock( &num_sent_mutex );
901 num_bytes_sent += bytes;
904 ldap_pvt_thread_mutex_unlock( &num_sent_mutex );
906 Statslog( LDAP_DEBUG_STATS2, "conn=%ld op=%ld ENTRY dn=\"%s\"\n",
907 (long) conn->c_connid, (long) op->o_opid, e->e_dn, 0, 0 );
909 Debug( LDAP_DEBUG_TRACE, "<= send_search_reference\n", 0, 0, 0 );
926 *code = LDAP_SUCCESS;
930 if ( strncasecmp( s, "RESULT", 6 ) != 0 ) {
931 Debug( LDAP_DEBUG_ANY, "str2result (%s) expecting \"RESULT\"\n",
938 while ( (s = strchr( s, '\n' )) != NULL ) {
943 if ( (c = strchr( s, ':' )) != NULL ) {
947 if ( strncasecmp( s, "code", 4 ) == 0 ) {
951 } else if ( strncasecmp( s, "matched", 7 ) == 0 ) {
955 } else if ( strncasecmp( s, "info", 4 ) == 0 ) {
960 Debug( LDAP_DEBUG_ANY, "str2result (%s) unknown\n",
projects / openldap / blob