1 /* result.c - routines to send ldap results, errors, and referrals */
4 * Copyright 1998-2003 The OpenLDAP Foundation, All Rights Reserved.
5 * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
12 #include <ac/socket.h>
14 #include <ac/string.h>
17 #include <ac/unistd.h>
21 static char *v2ref( BerVarray ref, const char *text )
23 size_t len = 0, i = 0;
28 return ch_strdup(text);
36 if (text[len-1] != '\n') {
41 v2 = SLAP_MALLOC( len+i+sizeof("Referral:") );
44 LDAP_LOG( OPERATION, ERR, "v2ref: SLAP_MALLOC failed", 0, 0, 0 );
46 Debug( LDAP_DEBUG_ANY, "v2ref: SLAP_MALLOC failed", 0, 0, 0 );
57 strcpy( v2+len, "Referral:" );
58 len += sizeof("Referral:");
60 for( i=0; ref[i].bv_val != NULL; i++ ) {
61 v2 = SLAP_REALLOC( v2, len + ref[i].bv_len + 1 );
64 LDAP_LOG( OPERATION, ERR, "v2ref: SLAP_MALLOC failed", 0, 0, 0 );
66 Debug( LDAP_DEBUG_ANY, "v2ref: SLAP_MALLOC failed", 0, 0, 0 );
71 AC_MEMCPY(&v2[len], ref[i].bv_val, ref[i].bv_len );
73 if (ref[i].bv_val[ref[i].bv_len-1] != '/') {
82 static ber_tag_t req2res( ber_tag_t tag )
87 case LDAP_REQ_COMPARE:
88 case LDAP_REQ_EXTENDED:
95 tag = LDAP_RES_DELETE;
98 case LDAP_REQ_ABANDON:
103 case LDAP_REQ_SEARCH:
104 tag = LDAP_RES_SEARCH_RESULT;
114 static long send_ldap_ber(
120 ber_get_option( ber, LBER_OPT_BER_BYTES_TO_WRITE, &bytes );
122 /* write only one pdu at a time - wait til it's our turn */
123 ldap_pvt_thread_mutex_lock( &conn->c_write_mutex );
125 /* lock the connection */
126 ldap_pvt_thread_mutex_lock( &conn->c_mutex );
133 if ( connection_state_closing( conn ) ) {
134 ldap_pvt_thread_mutex_unlock( &conn->c_mutex );
135 ldap_pvt_thread_mutex_unlock( &conn->c_write_mutex );
140 if ( ber_flush( conn->c_sb, ber, 0 ) == 0 ) {
147 * we got an error. if it's ewouldblock, we need to
148 * wait on the socket being writable. otherwise, figure
149 * it's a hard error and return.
153 LDAP_LOG( OPERATION, ERR,
154 "send_ldap_ber: conn %lu ber_flush failed err=%d (%s)\n",
155 conn ? conn->c_connid : 0, err, sock_errstr(err) );
157 Debug( LDAP_DEBUG_CONNS, "ber_flush failed errno=%d reason=\"%s\"\n",
158 err, sock_errstr(err), 0 );
161 if ( err != EWOULDBLOCK && err != EAGAIN ) {
162 connection_closing( conn );
164 ldap_pvt_thread_mutex_unlock( &conn->c_mutex );
165 ldap_pvt_thread_mutex_unlock( &conn->c_write_mutex );
170 /* wait for socket to be write-ready */
171 conn->c_writewaiter = 1;
172 ber_sockbuf_ctrl( conn->c_sb, LBER_SB_OPT_GET_FD, &sd );
173 slapd_set_write( sd, 1 );
175 ldap_pvt_thread_cond_wait( &conn->c_write_cv, &conn->c_mutex );
176 conn->c_writewaiter = 0;
179 ldap_pvt_thread_mutex_unlock( &conn->c_mutex );
180 ldap_pvt_thread_mutex_unlock( &conn->c_write_mutex );
186 send_ldap_controls( BerElement *ber, LDAPControl **c )
189 if( c == NULL ) return 0;
191 rc = ber_printf( ber, "t{"/*}*/, LDAP_TAG_CONTROLS );
192 if( rc == -1 ) return rc;
194 for( ; *c != NULL; c++) {
195 rc = ber_printf( ber, "{s" /*}*/, (*c)->ldctl_oid );
197 if( (*c)->ldctl_iscritical ) {
198 rc = ber_printf( ber, "b",
199 (ber_int_t) (*c)->ldctl_iscritical ) ;
200 if( rc == -1 ) return rc;
203 if( (*c)->ldctl_value.bv_val != NULL ) {
204 rc = ber_printf( ber, "O", &((*c)->ldctl_value));
205 if( rc == -1 ) return rc;
208 rc = ber_printf( ber, /*{*/"N}" );
209 if( rc == -1 ) return rc;
212 rc = ber_printf( ber, /*{*/"N}" );
228 struct berval *resdata,
229 struct berval *sasldata,
233 char berbuf[LBER_ELEMENT_SIZEOF];
234 BerElement *ber = (BerElement *)berbuf;
238 if (op->o_callback && op->o_callback->sc_response) {
239 op->o_callback->sc_response( conn, op, tag, msgid, err, matched,
240 text, ref, resoid, resdata, sasldata, ctrls );
244 ber_init_w_nullc( ber, LBER_USE_DER );
247 LDAP_LOG( OPERATION, ENTRY,
248 "send_ldap_response: msgid=%d tag=%lu err=%d\n",
251 Debug( LDAP_DEBUG_TRACE,
252 "send_ldap_response: msgid=%d tag=%lu err=%d\n",
258 LDAP_LOG( OPERATION, ARGS,
259 "send_ldap_response: conn %lu ref=\"%s\"\n",
260 conn ? conn->c_connid : 0,
261 ref[0].bv_val ? ref[0].bv_val : "NULL" , 0 );
263 Debug( LDAP_DEBUG_ARGS, "send_ldap_response: ref=\"%s\"\n",
264 ref[0].bv_val ? ref[0].bv_val : "NULL",
269 #ifdef LDAP_CONNECTIONLESS
270 if( conn->c_is_udp ) {
272 (char *)&op->o_peeraddr, sizeof(struct sockaddr), 0);
273 if (rc != sizeof(struct sockaddr)) {
275 LDAP_LOG( OPERATION, ERR,
276 "send_ldap_response: conn %lu ber_write failed\n",
277 conn ? conn->c_connid : 0 , 0, 0);
279 Debug( LDAP_DEBUG_ANY, "ber_write failed\n", 0, 0, 0 );
285 if (conn->c_is_udp && op->o_protocol == LDAP_VERSION2) {
286 rc = ber_printf( ber, "{is{t{ess" /*"}}}"*/,
288 matched == NULL ? "" : matched,
289 text == NULL ? "" : text );
293 rc = ber_printf( ber, "{it{ess" /*"}}"*/,
295 matched == NULL ? "" : matched,
296 text == NULL ? "" : text );
301 assert( err == LDAP_REFERRAL );
302 rc = ber_printf( ber, "t{W}",
303 LDAP_TAG_REFERRAL, ref );
305 assert( err != LDAP_REFERRAL );
309 if( rc != -1 && sasldata != NULL ) {
310 rc = ber_printf( ber, "tO",
311 LDAP_TAG_SASL_RES_CREDS, sasldata );
314 if( rc != -1 && resoid != NULL ) {
315 rc = ber_printf( ber, "ts",
316 LDAP_TAG_EXOP_RES_OID, resoid );
319 if( rc != -1 && resdata != NULL ) {
320 rc = ber_printf( ber, "tO",
321 LDAP_TAG_EXOP_RES_VALUE, resdata );
325 rc = ber_printf( ber, /*"{"*/ "N}" );
328 if( rc != -1 && ctrls != NULL ) {
329 rc = send_ldap_controls( ber, ctrls );
333 rc = ber_printf( ber, /*"{"*/ "N}" );
336 #ifdef LDAP_CONNECTIONLESS
337 if( conn->c_is_udp && op->o_protocol == LDAP_VERSION2 && rc != -1 ) {
338 rc = ber_printf( ber, /*"{"*/ "N}" );
344 LDAP_LOG( OPERATION, ERR,
345 "send_ldap_response: conn %lu ber_printf failed\n",
346 conn ? conn->c_connid : 0, 0, 0 );
348 Debug( LDAP_DEBUG_ANY, "ber_printf failed\n", 0, 0, 0 );
356 bytes = send_ldap_ber( conn, ber );
361 LDAP_LOG( OPERATION, ERR,
362 "send_ldap_response: conn %lu ber write failed\n",
363 conn ? conn->c_connid : 0, 0, 0 );
365 Debug( LDAP_DEBUG_ANY,
366 "send_ldap_response: ber write failed\n",
373 ldap_pvt_thread_mutex_lock( &num_sent_mutex );
374 num_bytes_sent += bytes;
376 ldap_pvt_thread_mutex_unlock( &num_sent_mutex );
382 send_ldap_disconnect(
393 #define LDAP_UNSOLICITED_ERROR(e) \
394 ( (e) == LDAP_PROTOCOL_ERROR \
395 || (e) == LDAP_STRONG_AUTH_REQUIRED \
396 || (e) == LDAP_UNAVAILABLE )
398 assert( LDAP_UNSOLICITED_ERROR( err ) );
401 LDAP_LOG( OPERATION, ENTRY,
402 "send_ldap_disconnect: conn %lu %d:%s\n",
403 conn ? conn->c_connid : 0, err, text ? text : "" );
405 Debug( LDAP_DEBUG_TRACE,
406 "send_ldap_disconnect %d:%s\n",
407 err, text ? text : "", NULL );
411 if ( op->o_protocol < LDAP_VERSION3 ) {
413 tag = req2res( op->o_tag );
414 msgid = (tag != LBER_SEQUENCE) ? op->o_msgid : 0;
417 reqoid = LDAP_NOTICE_DISCONNECT;
418 tag = LDAP_RES_EXTENDED;
422 send_ldap_response( conn, op, tag, msgid,
423 err, NULL, text, NULL,
424 reqoid, NULL, NULL, NULL );
426 Statslog( LDAP_DEBUG_STATS,
427 "conn=%lu op=%lu DISCONNECT tag=%lu err=%d text=%s\n",
428 op->o_connid, op->o_opid, tag, err, text ? text : "" );
432 slap_send_ldap_result(
446 assert( !LDAP_API_ERROR( err ) );
449 LDAP_LOG( OPERATION, ENTRY,
450 "send_ldap_result: conn %lu op=%lu p=%d\n",
451 op->o_connid, op->o_opid, op->o_protocol );
453 Debug( LDAP_DEBUG_TRACE,
454 "send_ldap_result: conn=%lu op=%lu p=%d\n",
455 op->o_connid, op->o_opid, op->o_protocol );
459 LDAP_LOG( OPERATION, ARGS,
460 "send_ldap_result: err=%d matched=\"%s\" text=\"%s\"\n",
461 err, matched ? matched : "", text ? text : "" );
463 Debug( LDAP_DEBUG_ARGS,
464 "send_ldap_result: err=%d matched=\"%s\" text=\"%s\"\n",
465 err, matched ? matched : "", text ? text : "" );
471 LDAP_LOG( OPERATION, ARGS,
472 "send_ldap_result: referral=\"%s\"\n",
473 ref[0].bv_val ? ref[0].bv_val : "NULL", 0, 0 );
475 Debug( LDAP_DEBUG_ARGS,
476 "send_ldap_result: referral=\"%s\"\n",
477 ref[0].bv_val ? ref[0].bv_val : "NULL",
482 assert( err != LDAP_PARTIAL_RESULTS );
484 if ( err == LDAP_REFERRAL ) {
486 err = LDAP_NO_SUCH_OBJECT;
487 } else if ( op->o_protocol < LDAP_VERSION3 ) {
488 err = LDAP_PARTIAL_RESULTS;
492 if ( op->o_protocol < LDAP_VERSION3 ) {
493 tmp = v2ref( ref, text );
498 tag = req2res( op->o_tag );
499 msgid = (tag != LBER_SEQUENCE) ? op->o_msgid : 0;
501 send_ldap_response( conn, op, tag, msgid,
502 err, matched, text, ref,
503 NULL, NULL, NULL, ctrls );
505 Statslog( LDAP_DEBUG_STATS,
506 "conn=%lu op=%lu RESULT tag=%lu err=%d text=%s\n",
507 op->o_connid, op->o_opid, tag, err, text ? text : "" );
530 LDAP_LOG( OPERATION, ENTRY,
531 "send_ldap_sasl: conn %lu err=%d len=%lu\n",
532 op->o_connid, err, cred ? cred->bv_len : -1 );
534 Debug( LDAP_DEBUG_TRACE, "send_ldap_sasl: err=%d len=%ld\n",
535 err, cred ? (long) cred->bv_len : -1, NULL );
539 tag = req2res( op->o_tag );
540 msgid = (tag != LBER_SEQUENCE) ? op->o_msgid : 0;
542 send_ldap_response( conn, op, tag, msgid,
543 err, matched, text, ref,
544 NULL, NULL, cred, ctrls );
548 slap_send_ldap_extended(
556 struct berval *rspdata,
564 LDAP_LOG( OPERATION, ENTRY,
565 "send_ldap_extended: err=%d oid=%s len=%ld\n",
566 err, rspoid ? rspoid : "",
567 rspdata != NULL ? rspdata->bv_len : 0 );
569 Debug( LDAP_DEBUG_TRACE,
570 "send_ldap_extended: err=%d oid=%s len=%ld\n",
572 rspoid ? rspoid : "",
573 rspdata != NULL ? rspdata->bv_len : 0 );
576 tag = req2res( op->o_tag );
577 msgid = (tag != LBER_SEQUENCE) ? op->o_msgid : 0;
579 send_ldap_response( conn, op, tag, msgid,
580 err, matched, text, refs,
581 rspoid, rspdata, NULL, ctrls );
586 slap_send_search_result(
601 assert( !LDAP_API_ERROR( err ) );
603 if (op->o_callback && op->o_callback->sc_sresult) {
604 op->o_callback->sc_sresult(conn, op, err, matched, text, refs,
610 LDAP_LOG( OPERATION, ENTRY,
611 "send_search_result: err=%d matched=\"%s\" text=\"%s\"\n",
612 err, matched ? matched : "", text ? text : "" );
614 Debug( LDAP_DEBUG_TRACE,
615 "send_search_result: err=%d matched=\"%s\" text=\"%s\"\n",
616 err, matched ? matched : "", text ? text : "" );
620 assert( err != LDAP_PARTIAL_RESULTS );
622 if( op->o_protocol < LDAP_VERSION3 ) {
623 /* send references in search results */
624 if( err == LDAP_REFERRAL ) {
625 err = LDAP_PARTIAL_RESULTS;
628 tmp = v2ref( refs, text );
633 /* don't send references in search results */
634 assert( refs == NULL );
637 if( err == LDAP_REFERRAL ) {
642 tag = req2res( op->o_tag );
643 msgid = (tag != LBER_SEQUENCE) ? op->o_msgid : 0;
645 send_ldap_response( conn, op, tag, msgid,
646 err, matched, text, refs,
647 NULL, NULL, NULL, ctrls );
651 snprintf( nbuf, sizeof nbuf, "%d nentries=%d", err, nentries );
653 Statslog( LDAP_DEBUG_STATS,
654 "conn=%lu op=%lu SEARCH RESULT tag=%lu err=%s text=%s\n",
655 op->o_connid, op->o_opid, tag, nbuf, text ? text : "" );
664 slap_send_search_entry(
669 AttributeName *attrs,
674 char berbuf[LBER_ELEMENT_SIZEOF];
675 BerElement *ber = (BerElement *)berbuf;
677 int i, j, rc=-1, bytes;
681 AccessControlState acl_state = ACL_STATE_INIT;
683 AttributeDescription *ad_entry = slap_schema.si_ad_entry;
685 /* a_flags: array of flags telling if the i-th element will be
686 * returned or filtered out
687 * e_flags: array of a_flags
689 char **e_flags = NULL;
691 if (op->o_callback && op->o_callback->sc_sendentry) {
692 return op->o_callback->sc_sendentry( be, conn, op, e, attrs,
697 LDAP_LOG( OPERATION, ENTRY,
698 "send_search_entry: conn %lu dn=\"%s\"%s\n",
699 op->o_connid, e->e_dn, attrsonly ? " (attrsOnly)" : "" );
701 Debug( LDAP_DEBUG_TRACE,
702 "=> send_search_entry: dn=\"%s\"%s\n",
703 e->e_dn, attrsonly ? " (attrsOnly)" : "", 0 );
706 if ( ! access_allowed( be, conn, op, e,
707 ad_entry, NULL, ACL_READ, NULL ) )
711 "send_search_entry: conn %lu access to entry (%s) not allowed\n",
712 op->o_connid, e->e_dn, 0 );
714 Debug( LDAP_DEBUG_ACL,
715 "send_search_entry: access to entry not allowed\n",
724 ber_init_w_nullc( ber, LBER_USE_DER );
726 #ifdef LDAP_CONNECTIONLESS
727 if (conn->c_is_udp) {
729 (char *)&op->o_peeraddr, sizeof(struct sockaddr), 0);
730 if (rc != sizeof(struct sockaddr)) {
732 LDAP_LOG( OPERATION, ERR,
733 "send_search_entry: conn %lu ber_write failed\n",
734 conn ? conn->c_connid : 0, 0, 0 );
736 Debug( LDAP_DEBUG_ANY, "ber_write failed\n", 0, 0, 0 );
742 if (conn->c_is_udp && op->o_protocol == LDAP_VERSION2) {
743 rc = ber_printf( ber, "{is{t{O{" /*}}}*/,
744 op->o_msgid, "", LDAP_RES_SEARCH_ENTRY, &e->e_name );
746 #endif /* LDAP_CONNECTIONLESS */
748 rc = ber_printf( ber, "{it{O{" /*}}}*/, op->o_msgid,
749 LDAP_RES_SEARCH_ENTRY, &e->e_name );
754 LDAP_LOG( OPERATION, ERR,
755 "send_search_entry: conn %lu ber_printf failed\n",
756 op->o_connid, 0, 0 );
758 Debug( LDAP_DEBUG_ANY, "ber_printf failed\n", 0, 0, 0 );
762 send_ldap_result( conn, op, LDAP_OTHER,
763 NULL, "encoding DN error", NULL, NULL );
767 /* check for special all user attributes ("*") type */
768 userattrs = ( attrs == NULL ) ? 1
769 : an_find( attrs, &AllUser );
771 /* check for special all operational attributes ("+") type */
772 opattrs = ( attrs == NULL ) ? 0
773 : an_find( attrs, &AllOper );
775 /* create an array of arrays of flags. Each flag corresponds
776 * to particular value of attribute and equals 1 if value matches
777 * to ValuesReturnFilter or 0 if not
779 if ( op->vrFilter != NULL ) {
783 for ( a = e->e_attrs, i=0; a != NULL; a = a->a_next, i++ ) {
784 for ( j = 0; a->a_vals[j].bv_val != NULL; j++ ) k++;
787 size = i * sizeof(char *) + k;
790 e_flags = SLAP_CALLOC ( 1, i * sizeof(char *) + k );
791 if( e_flags == NULL ) {
793 LDAP_LOG( OPERATION, ERR,
794 "send_search_entry: conn %lu SLAP_CALLOC failed\n",
795 conn ? conn->c_connid : 0, 0, 0 );
797 Debug( LDAP_DEBUG_ANY,
798 "send_search_entry: SLAP_CALLOC failed\n", 0, 0, 0 );
802 send_ldap_result( conn, op, LDAP_OTHER,
803 NULL, "memory error",
807 a_flags = (char *)(e_flags + i);
808 memset( a_flags, 0, k );
809 for ( a = e->e_attrs, i=0; a != NULL; a = a->a_next, i++ ) {
810 for ( j = 0; a->a_vals[j].bv_val != NULL; j++ );
811 e_flags[i] = a_flags;
815 rc = filter_matched_values(be, conn, op, e->e_attrs, &e_flags) ;
818 LDAP_LOG( OPERATION, ERR,
819 "send_search_entry: conn %lu matched values filtering failed\n",
820 conn ? conn->c_connid : 0, 0, 0 );
822 Debug( LDAP_DEBUG_ANY,
823 "matched values filtering failed\n", 0, 0, 0 );
827 send_ldap_result( conn, op, LDAP_OTHER,
828 NULL, "matched values filtering error",
835 for ( a = e->e_attrs, j = 0; a != NULL; a = a->a_next, j++ ) {
836 AttributeDescription *desc = a->a_desc;
838 if ( attrs == NULL ) {
839 /* all attrs request, skip operational attributes */
840 if( is_at_operational( desc->ad_type ) ) {
845 /* specific attrs requested */
846 if ( is_at_operational( desc->ad_type ) ) {
847 if( !opattrs && !ad_inlist( desc, attrs ) ) {
852 if (!userattrs && !ad_inlist( desc, attrs ) ) {
858 if ( ! access_allowed( be, conn, op, e, desc, NULL,
859 ACL_READ, &acl_state ) )
863 "send_search_entry: conn %lu access to attribute %s not "
864 "allowed\n", op->o_connid, desc->ad_cname.bv_val, 0 );
866 Debug( LDAP_DEBUG_ACL, "acl: "
867 "access to attribute %s not allowed\n",
868 desc->ad_cname.bv_val, 0, 0 );
873 if (( rc = ber_printf( ber, "{O[" /*]}*/ , &desc->ad_cname )) == -1 ) {
875 LDAP_LOG( OPERATION, ERR,
876 "send_search_entry: conn %lu ber_printf failed\n",
877 op->o_connid, 0, 0 );
879 Debug( LDAP_DEBUG_ANY, "ber_printf failed\n", 0, 0, 0 );
883 send_ldap_result( conn, op, LDAP_OTHER,
884 NULL, "encoding description error", NULL, NULL );
889 for ( i = 0; a->a_vals[i].bv_val != NULL; i++ ) {
890 if ( ! access_allowed( be, conn, op, e,
891 desc, &a->a_vals[i], ACL_READ, &acl_state ) )
895 "send_search_entry: conn %lu "
896 "access to attribute %s, value %d not allowed\n",
897 op->o_connid, desc->ad_cname.bv_val, i );
899 Debug( LDAP_DEBUG_ACL,
900 "acl: access to attribute %s, "
901 "value %d not allowed\n",
902 desc->ad_cname.bv_val, i, 0 );
908 if ( op->vrFilter && e_flags[j][i] == 0 ){
912 if (( rc = ber_printf( ber, "O", &a->a_vals[i] )) == -1 ) {
914 LDAP_LOG( OPERATION, ERR,
915 "send_search_entry: conn %lu "
916 "ber_printf failed.\n", op->o_connid, 0, 0 );
918 Debug( LDAP_DEBUG_ANY,
919 "ber_printf failed\n", 0, 0, 0 );
923 send_ldap_result( conn, op, LDAP_OTHER,
924 NULL, "encoding values error",
931 if (( rc = ber_printf( ber, /*{[*/ "]N}" )) == -1 ) {
933 LDAP_LOG( OPERATION, ERR,
934 "send_search_entry: conn %lu ber_printf failed\n",
935 op->o_connid, 0, 0 );
937 Debug( LDAP_DEBUG_ANY, "ber_printf failed\n", 0, 0, 0 );
941 send_ldap_result( conn, op, LDAP_OTHER,
942 NULL, "encode end error", NULL, NULL );
947 /* eventually will loop through generated operational attributes */
948 /* only have subschemaSubentry implemented */
949 aa = backend_operational( be, conn, op, e, attrs, opattrs );
951 if ( aa != NULL && op->vrFilter != NULL ) {
955 for ( a = aa, i=0; a != NULL; a = a->a_next, i++ ) {
956 for ( j = 0; a->a_vals[j].bv_val != NULL; j++ ) k++;
959 size = i * sizeof(char *) + k;
961 char *a_flags, **tmp;
964 * Reuse previous memory - we likely need less space
965 * for operational attributes
967 tmp = SLAP_REALLOC ( e_flags, i * sizeof(char *) + k );
970 LDAP_LOG( OPERATION, ERR,
971 "send_search_entry: conn %lu "
973 "for matched values filtering\n",
974 conn ? conn->c_connid : 0, 0, 0);
976 Debug( LDAP_DEBUG_ANY,
977 "send_search_entry: conn %lu "
979 "for matched values filtering\n",
980 conn ? conn->c_connid : 0, 0, 0 );
984 send_ldap_result( conn, op, LDAP_NO_MEMORY,
985 NULL, NULL, NULL, NULL );
989 a_flags = (char *)(e_flags + i);
990 memset( a_flags, 0, k );
991 for ( a = aa, i=0; a != NULL; a = a->a_next, i++ ) {
992 for ( j = 0; a->a_vals[j].bv_val != NULL; j++ );
993 e_flags[i] = a_flags;
996 rc = filter_matched_values(be, conn, op, aa, &e_flags) ;
1000 LDAP_LOG( OPERATION, ERR,
1001 "send_search_entry: conn %lu "
1002 "matched values filtering failed\n",
1003 conn ? conn->c_connid : 0, 0, 0);
1005 Debug( LDAP_DEBUG_ANY,
1006 "matched values filtering failed\n", 0, 0, 0 );
1010 send_ldap_result( conn, op, LDAP_OTHER,
1011 NULL, "matched values filtering error",
1018 for (a = aa, j=0; a != NULL; a = a->a_next, j++ ) {
1019 AttributeDescription *desc = a->a_desc;
1021 if ( attrs == NULL ) {
1022 /* all attrs request, skip operational attributes */
1023 if( is_at_operational( desc->ad_type ) ) {
1028 /* specific attrs requested */
1029 if( is_at_operational( desc->ad_type ) ) {
1030 if( !opattrs && !ad_inlist( desc, attrs ) ) {
1034 if (!userattrs && !ad_inlist( desc, attrs ) )
1041 if ( ! access_allowed( be, conn, op, e, desc, NULL,
1042 ACL_READ, &acl_state ) )
1045 LDAP_LOG( ACL, INFO,
1046 "send_search_entry: conn %lu "
1047 "access to attribute %s not allowed\n",
1048 op->o_connid, desc->ad_cname.bv_val, 0 );
1050 Debug( LDAP_DEBUG_ACL, "acl: access to attribute %s "
1052 desc->ad_cname.bv_val, 0, 0 );
1058 rc = ber_printf( ber, "{O[" /*]}*/ , &desc->ad_cname );
1061 LDAP_LOG( OPERATION, ERR,
1062 "send_search_entry: conn %lu "
1063 "ber_printf failed\n", op->o_connid, 0, 0 );
1065 Debug( LDAP_DEBUG_ANY, "ber_printf failed\n", 0, 0, 0 );
1068 ber_free_buf( ber );
1069 send_ldap_result( conn, op, LDAP_OTHER,
1070 NULL, "encoding description error", NULL, NULL );
1076 if ( ! attrsonly ) {
1077 for ( i = 0; a->a_vals[i].bv_val != NULL; i++ ) {
1078 if ( ! access_allowed( be, conn, op, e,
1079 desc, &a->a_vals[i], ACL_READ, &acl_state ) )
1082 LDAP_LOG( ACL, INFO,
1083 "send_search_entry: conn %lu "
1084 "access to %s, value %d not allowed\n",
1085 op->o_connid, desc->ad_cname.bv_val, i );
1087 Debug( LDAP_DEBUG_ACL,
1088 "acl: access to attribute %s, "
1089 "value %d not allowed\n",
1090 desc->ad_cname.bv_val, i, 0 );
1096 if ( op->vrFilter && e_flags[j][i] == 0 ){
1100 if (( rc = ber_printf( ber, "O", &a->a_vals[i] )) == -1 ) {
1102 LDAP_LOG( OPERATION, ERR,
1103 "send_search_entry: conn %lu ber_printf failed\n",
1104 op->o_connid, 0, 0 );
1106 Debug( LDAP_DEBUG_ANY,
1107 "ber_printf failed\n", 0, 0, 0 );
1110 ber_free_buf( ber );
1111 send_ldap_result( conn, op, LDAP_OTHER,
1112 NULL, "encoding values error",
1121 if (( rc = ber_printf( ber, /*{[*/ "]N}" )) == -1 ) {
1123 LDAP_LOG( OPERATION, ERR,
1124 "send_search_entry: conn %lu ber_printf failed\n",
1125 op->o_connid, 0, 0 );
1127 Debug( LDAP_DEBUG_ANY, "ber_printf failed\n", 0, 0, 0 );
1130 ber_free_buf( ber );
1131 send_ldap_result( conn, op, LDAP_OTHER,
1132 NULL, "encode end error", NULL, NULL );
1146 rc = ber_printf( ber, /*{{*/ "}N}" );
1148 if( rc != -1 && ctrls != NULL ) {
1149 rc = send_ldap_controls( ber, ctrls );
1153 rc = ber_printf( ber, /*{*/ "N}" );
1156 #ifdef LDAP_CONNECTIONLESS
1157 if (conn->c_is_udp && op->o_protocol == LDAP_VERSION2 && rc != -1) {
1158 rc = ber_printf( ber, "}" );
1163 LDAP_LOG( OPERATION, ERR,
1164 "send_search_entry: conn %lu ber_printf failed\n",
1165 op->o_connid, 0, 0 );
1167 Debug( LDAP_DEBUG_ANY, "ber_printf failed\n", 0, 0, 0 );
1170 ber_free_buf( ber );
1171 send_ldap_result( conn, op, LDAP_OTHER,
1172 NULL, "encode entry end error", NULL, NULL );
1176 bytes = op->o_noop ? 0 : send_ldap_ber( conn, ber );
1177 ber_free_buf( ber );
1181 LDAP_LOG( OPERATION, ERR,
1182 "send_search_entry: conn %lu ber write failed.\n",
1183 op->o_connid, 0, 0 );
1185 Debug( LDAP_DEBUG_ANY,
1186 "send_search_entry: ber write failed\n",
1193 ldap_pvt_thread_mutex_lock( &num_sent_mutex );
1194 num_bytes_sent += bytes;
1197 ldap_pvt_thread_mutex_unlock( &num_sent_mutex );
1199 Statslog( LDAP_DEBUG_STATS2, "conn=%lu op=%lu ENTRY dn=\"%s\"\n",
1200 conn->c_connid, op->o_opid, e->e_dn, 0, 0 );
1203 LDAP_LOG( OPERATION, ENTRY,
1204 "send_search_entry: conn %lu exit.\n", op->o_connid, 0, 0 );
1206 Debug( LDAP_DEBUG_TRACE, "<= send_search_entry\n", 0, 0, 0 );
1212 if ( e_flags ) free( e_flags );
1217 slap_send_search_reference(
1223 LDAPControl **ctrls,
1227 char berbuf[LBER_ELEMENT_SIZEOF];
1228 BerElement *ber = (BerElement *)berbuf;
1232 AttributeDescription *ad_ref = slap_schema.si_ad_ref;
1233 AttributeDescription *ad_entry = slap_schema.si_ad_entry;
1236 LDAP_LOG( OPERATION, ENTRY,
1237 "send_search_reference: conn %lu dn=\"%s\"\n",
1238 op->o_connid, e ? e->e_dn : "(null)", 0 );
1240 Debug( LDAP_DEBUG_TRACE,
1241 "=> send_search_reference: dn=\"%s\"\n",
1242 e ? e->e_dn : "(null)", 0, 0 );
1246 if ( e && ! access_allowed( be, conn, op, e,
1247 ad_entry, NULL, ACL_READ, NULL ) )
1250 LDAP_LOG( ACL, INFO,
1251 "send_search_reference: conn %lu "
1252 "access to entry %s not allowed\n",
1253 op->o_connid, e->e_dn, 0 );
1255 Debug( LDAP_DEBUG_ACL,
1256 "send_search_reference: access to entry not allowed\n",
1263 if ( e && ! access_allowed( be, conn, op, e,
1264 ad_ref, NULL, ACL_READ, NULL ) )
1267 LDAP_LOG( ACL, INFO,
1268 "send_search_reference: conn %lu access "
1269 "to reference not allowed.\n", op->o_connid, 0, 0 );
1271 Debug( LDAP_DEBUG_ACL,
1272 "send_search_reference: access "
1273 "to reference not allowed\n",
1280 if( refs == NULL ) {
1282 LDAP_LOG( OPERATION, ERR,
1283 "send_search_reference: conn %lu null ref in (%s).\n",
1284 op->o_connid, e ? e->e_dn : "(null)", 0 );
1286 Debug( LDAP_DEBUG_ANY,
1287 "send_search_reference: null ref in (%s)\n",
1288 e ? e->e_dn : "(null)", 0, 0 );
1294 if( op->o_protocol < LDAP_VERSION3 ) {
1295 /* save the references for the result */
1296 if( refs[0].bv_val != NULL ) {
1297 if( value_add( v2refs, refs ) )
1303 ber_init_w_nullc( ber, LBER_USE_DER );
1305 rc = ber_printf( ber, "{it{W}" /*"}"*/ , op->o_msgid,
1306 LDAP_RES_SEARCH_REFERENCE, refs );
1308 if( rc != -1 && ctrls != NULL ) {
1309 rc = send_ldap_controls( ber, ctrls );
1313 rc = ber_printf( ber, /*"{"*/ "N}", op->o_msgid,
1314 LDAP_RES_SEARCH_REFERENCE, refs );
1319 LDAP_LOG( OPERATION, ERR,
1320 "send_search_reference: conn %lu "
1321 "ber_printf failed.\n", op->o_connid, 0, 0 );
1323 Debug( LDAP_DEBUG_ANY,
1324 "send_search_reference: ber_printf failed\n", 0, 0, 0 );
1327 ber_free_buf( ber );
1328 send_ldap_result( conn, op, LDAP_OTHER,
1329 NULL, "encode DN error", NULL, NULL );
1333 bytes = op->o_noop ? 0 : send_ldap_ber( conn, ber );
1334 ber_free_buf( ber );
1336 ldap_pvt_thread_mutex_lock( &num_sent_mutex );
1337 num_bytes_sent += bytes;
1340 ldap_pvt_thread_mutex_unlock( &num_sent_mutex );
1342 Statslog( LDAP_DEBUG_STATS2, "conn=%lu op=%lu REF dn=\"%s\"\n",
1343 conn->c_connid, op->o_opid, e ? e->e_dn : "(null)", 0, 0 );
1346 LDAP_LOG( OPERATION, ENTRY,
1347 "send_search_reference: conn %lu exit.\n", op->o_connid, 0, 0 );
1349 Debug( LDAP_DEBUG_TRACE, "<= send_search_reference\n", 0, 0, 0 );
1367 *code = LDAP_SUCCESS;
1371 if ( strncasecmp( s, "RESULT", 6 ) != 0 ) {
1373 LDAP_LOG( OPERATION, INFO,
1374 "str2result: (%s), expecting \"RESULT\"\n", s, 0, 0 );
1376 Debug( LDAP_DEBUG_ANY, "str2result (%s) expecting \"RESULT\"\n",
1384 while ( (s = strchr( s, '\n' )) != NULL ) {
1389 if ( (c = strchr( s, ':' )) != NULL ) {
1393 if ( strncasecmp( s, "code", 4 ) == 0 ) {
1397 } else if ( strncasecmp( s, "matched", 7 ) == 0 ) {
1401 } else if ( strncasecmp( s, "info", 4 ) == 0 ) {
1407 LDAP_LOG( OPERATION, INFO, "str2result: (%s) unknown.\n", s, 0, 0 );
1409 Debug( LDAP_DEBUG_ANY, "str2result (%s) unknown\n",