]> git.sur5r.net Git - openldap/blob - servers/slapd/result.c
b80743871ecdb128621bf0ddddd4ffc27c14a84f
[openldap] / servers / slapd / result.c
1 /* result.c - routines to send ldap results, errors, and referrals */
2 /* $OpenLDAP$ */
3 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
4  *
5  * Copyright 1998-2004 The OpenLDAP Foundation.
6  * All rights reserved.
7  *
8  * Redistribution and use in source and binary forms, with or without
9  * modification, are permitted only as authorized by the OpenLDAP
10  * Public License.
11  *
12  * A copy of this license is available in the file LICENSE in the
13  * top-level directory of the distribution or, alternatively, at
14  * <http://www.OpenLDAP.org/license.html>.
15  */
16 /* Portions Copyright (c) 1995 Regents of the University of Michigan.
17  * All rights reserved.
18  *
19  * Redistribution and use in source and binary forms are permitted
20  * provided that this notice is preserved and that due credit is given
21  * to the University of Michigan at Ann Arbor. The name of the University
22  * may not be used to endorse or promote products derived from this
23  * software without specific prior written permission. This software
24  * is provided ``as is'' without express or implied warranty.
25  */
26
27 #include "portable.h"
28
29 #include <stdio.h>
30
31 #include <ac/socket.h>
32 #include <ac/errno.h>
33 #include <ac/string.h>
34 #include <ac/ctype.h>
35 #include <ac/time.h>
36 #include <ac/unistd.h>
37
38 #include "slap.h"
39
40 #ifdef LDAP_SLAPI
41 #include "slapi/slapi.h"
42 #endif
43
44 const struct berval slap_dummy_bv = BER_BVNULL;
45
46 int slap_null_cb( Operation *op, SlapReply *rs )
47 {
48         return 0;
49 }
50
51 int slap_freeself_cb( Operation *op, SlapReply *rs )
52 {
53         assert( op->o_callback );
54
55         op->o_tmpfree( op->o_callback, op->o_tmpmemctx );
56         op->o_callback = NULL;
57
58         return SLAP_CB_CONTINUE;
59 }
60
61 int slap_replog_cb( Operation *op, SlapReply *rs )
62 {
63         if ( rs->sr_err == LDAP_SUCCESS ) {
64                 replog( op );
65         }
66         return SLAP_CB_CONTINUE;
67 }
68
69 static char *v2ref( BerVarray ref, const char *text )
70 {
71         size_t len = 0, i = 0;
72         char *v2;
73
74         if(ref == NULL) {
75                 if (text) {
76                         return ch_strdup(text);
77                 } else {
78                         return NULL;
79                 }
80         }
81         
82         if ( text != NULL ) {
83                 len = strlen( text );
84                 if (text[len-1] != '\n') {
85                     i = 1;
86                 }
87         }
88
89         v2 = SLAP_MALLOC( len+i+sizeof("Referral:") );
90         if( v2 == NULL ) {
91                 Debug( LDAP_DEBUG_ANY, "v2ref: SLAP_MALLOC failed", 0, 0, 0 );
92                 return NULL;
93         }
94
95         if( text != NULL ) {
96                 strcpy(v2, text);
97                 if( i ) {
98                         v2[len++] = '\n';
99                 }
100         }
101         strcpy( v2+len, "Referral:" );
102         len += sizeof("Referral:");
103
104         for( i=0; ref[i].bv_val != NULL; i++ ) {
105                 v2 = SLAP_REALLOC( v2, len + ref[i].bv_len + 1 );
106                 if( v2 == NULL ) {
107                         Debug( LDAP_DEBUG_ANY, "v2ref: SLAP_MALLOC failed", 0, 0, 0 );
108                         return NULL;
109                 }
110                 v2[len-1] = '\n';
111                 AC_MEMCPY(&v2[len], ref[i].bv_val, ref[i].bv_len );
112                 len += ref[i].bv_len;
113                 if (ref[i].bv_val[ref[i].bv_len-1] != '/') {
114                         ++len;
115                 }
116         }
117
118         v2[len-1] = '\0';
119         return v2;
120 }
121
122 static ber_tag_t req2res( ber_tag_t tag )
123 {
124         switch( tag ) {
125         case LDAP_REQ_ADD:
126         case LDAP_REQ_BIND:
127         case LDAP_REQ_COMPARE:
128         case LDAP_REQ_EXTENDED:
129         case LDAP_REQ_MODIFY:
130         case LDAP_REQ_MODRDN:
131                 tag++;
132                 break;
133
134         case LDAP_REQ_DELETE:
135                 tag = LDAP_RES_DELETE;
136                 break;
137
138         case LDAP_REQ_ABANDON:
139         case LDAP_REQ_UNBIND:
140                 tag = LBER_SEQUENCE;
141                 break;
142
143         case LDAP_REQ_SEARCH:
144                 tag = LDAP_RES_SEARCH_RESULT;
145                 break;
146
147         default:
148                 tag = LBER_SEQUENCE;
149         }
150
151         return tag;
152 }
153
154 static long send_ldap_ber(
155         Connection *conn,
156         BerElement *ber )
157 {
158         ber_len_t bytes;
159
160         ber_get_option( ber, LBER_OPT_BER_BYTES_TO_WRITE, &bytes );
161
162         /* write only one pdu at a time - wait til it's our turn */
163         ldap_pvt_thread_mutex_lock( &conn->c_write_mutex );
164
165         /* lock the connection */ 
166         ldap_pvt_thread_mutex_lock( &conn->c_mutex );
167
168         /* write the pdu */
169         while( 1 ) {
170                 int err;
171                 ber_socket_t    sd;
172
173                 if ( connection_state_closing( conn ) ) {
174                         ldap_pvt_thread_mutex_unlock( &conn->c_mutex );
175                         ldap_pvt_thread_mutex_unlock( &conn->c_write_mutex );
176
177                         return 0;
178                 }
179
180                 if ( ber_flush( conn->c_sb, ber, 0 ) == 0 ) {
181                         break;
182                 }
183
184                 err = errno;
185
186                 /*
187                  * we got an error.  if it's ewouldblock, we need to
188                  * wait on the socket being writable.  otherwise, figure
189                  * it's a hard error and return.
190                  */
191
192                 Debug( LDAP_DEBUG_CONNS, "ber_flush failed errno=%d reason=\"%s\"\n",
193                     err, sock_errstr(err), 0 );
194
195                 if ( err != EWOULDBLOCK && err != EAGAIN ) {
196                         connection_closing( conn );
197
198                         ldap_pvt_thread_mutex_unlock( &conn->c_mutex );
199                         ldap_pvt_thread_mutex_unlock( &conn->c_write_mutex );
200
201                         return( -1 );
202                 }
203
204                 /* wait for socket to be write-ready */
205                 conn->c_writewaiter = 1;
206                 ber_sockbuf_ctrl( conn->c_sb, LBER_SB_OPT_GET_FD, &sd );
207                 slapd_set_write( sd, 1 );
208
209                 ldap_pvt_thread_cond_wait( &conn->c_write_cv, &conn->c_mutex );
210                 conn->c_writewaiter = 0;
211         }
212
213         ldap_pvt_thread_mutex_unlock( &conn->c_mutex );
214         ldap_pvt_thread_mutex_unlock( &conn->c_write_mutex );
215
216         return bytes;
217 }
218
219 static int
220 send_ldap_control( BerElement *ber, LDAPControl *c )
221 {
222         int rc;
223
224         assert( c != NULL );
225
226         rc = ber_printf( ber, "{s" /*}*/, c->ldctl_oid );
227
228         if( c->ldctl_iscritical ) {
229                 rc = ber_printf( ber, "b",
230                         (ber_int_t) c->ldctl_iscritical ) ;
231                 if( rc == -1 ) return rc;
232         }
233
234         if( c->ldctl_value.bv_val != NULL ) {
235                 rc = ber_printf( ber, "O", &c->ldctl_value ); 
236                 if( rc == -1 ) return rc;
237         }
238
239         rc = ber_printf( ber, /*{*/"N}" );
240         if( rc == -1 ) return rc;
241
242         return 0;
243 }
244
245 static int
246 send_ldap_controls( Operation *o, BerElement *ber, LDAPControl **c )
247 {
248         int rc;
249 #ifdef LDAP_SLAPI
250         LDAPControl **sctrls = NULL;
251
252         /*
253          * Retrieve any additional controls that may be set by the
254          * plugin.
255          */
256
257         if ( o->o_pb && slapi_pblock_get( o->o_pb, SLAPI_RESCONTROLS, &sctrls ) != 0 ) {
258                 sctrls = NULL;
259         }
260
261         if ( c == NULL && sctrls == NULL ) return 0;
262 #else
263         if( c == NULL ) return 0;
264 #endif /* LDAP_SLAPI */
265
266         rc = ber_printf( ber, "t{"/*}*/, LDAP_TAG_CONTROLS );
267         if( rc == -1 ) return rc;
268
269 #ifdef LDAP_SLAPI
270         if ( c != NULL )
271 #endif /* LDAP_SLAPI */
272         for( ; *c != NULL; c++) {
273                 rc = send_ldap_control( ber, *c );
274                 if( rc == -1 ) return rc;
275         }
276
277 #ifdef LDAP_SLAPI
278         if ( sctrls != NULL ) {
279                 for ( c = sctrls; *c != NULL; c++ ) {
280                         rc = send_ldap_control( ber, *c );
281                         if( rc == -1 ) return rc;
282                 }
283         }
284 #endif /* LDAP_SLAPI */
285
286         rc = ber_printf( ber, /*{*/"N}" );
287
288         return rc;
289 }
290
291 static int
292 send_ldap_response(
293         Operation *op,
294         SlapReply *rs )
295 {
296         BerElementBuffer berbuf;
297         BerElement      *ber = (BerElement *) &berbuf;
298         int             rc = LDAP_SUCCESS;
299         long    bytes;
300
301         if ( op->o_callback ) {
302                 int             first = 1;
303                 slap_callback   *sc = op->o_callback,
304                                 *sc_next = op->o_callback;
305
306                 rc = SLAP_CB_CONTINUE;
307                 for ( sc_next = op->o_callback; sc_next; op->o_callback = sc_next) {
308                         sc_next = op->o_callback->sc_next;
309                         if ( op->o_callback->sc_response ) {
310                                 rc = op->o_callback->sc_response( op, rs );
311                                 if ( first && op->o_callback == NULL ) {
312                                         sc = NULL;
313                                 }
314                                 if ( rc != SLAP_CB_CONTINUE ) break;
315                         }
316                         first = 0;
317                 }
318
319                 op->o_callback = sc;
320                 if ( rc != SLAP_CB_CONTINUE ) goto clean2;
321         }
322
323 #ifdef LDAP_CONNECTIONLESS
324         if (op->o_conn && op->o_conn->c_is_udp)
325                 ber = op->o_res_ber;
326         else
327 #endif
328         {
329                 ber_init_w_nullc( ber, LBER_USE_DER );
330                 ber_set_option( ber, LBER_OPT_BER_MEMCTX, &op->o_tmpmemctx );
331         }
332
333         Debug( LDAP_DEBUG_TRACE,
334                 "send_ldap_response: msgid=%d tag=%lu err=%d\n",
335                 rs->sr_msgid, rs->sr_tag, rs->sr_err );
336
337         if( rs->sr_ref ) {
338                 Debug( LDAP_DEBUG_ARGS, "send_ldap_response: ref=\"%s\"\n",
339                         rs->sr_ref[0].bv_val ? rs->sr_ref[0].bv_val : "NULL",
340                         NULL, NULL );
341         }
342
343 #ifdef LDAP_CONNECTIONLESS
344         if (op->o_conn && op->o_conn->c_is_udp &&
345                 op->o_protocol == LDAP_VERSION2 )
346         {
347                 rc = ber_printf( ber, "t{ess" /*"}"*/,
348                         rs->sr_tag, rs->sr_err,
349                 rs->sr_matched == NULL ? "" : rs->sr_matched,
350                 rs->sr_text == NULL ? "" : rs->sr_text );
351         } else 
352 #endif
353         if ( rs->sr_type == REP_INTERMEDIATE ) {
354             rc = ber_printf( ber, "{it{" /*"}}"*/,
355                         rs->sr_msgid, rs->sr_tag );
356
357         } else {
358             rc = ber_printf( ber, "{it{ess" /*"}}"*/,
359                 rs->sr_msgid, rs->sr_tag, rs->sr_err,
360                 rs->sr_matched == NULL ? "" : rs->sr_matched,
361                 rs->sr_text == NULL ? "" : rs->sr_text );
362         }
363
364         if( rc != -1 ) {
365                 if ( rs->sr_ref != NULL ) {
366                         assert( rs->sr_err == LDAP_REFERRAL );
367                         rc = ber_printf( ber, "t{W}",
368                                 LDAP_TAG_REFERRAL, rs->sr_ref );
369                 } else {
370                         assert( rs->sr_err != LDAP_REFERRAL );
371                 }
372         }
373
374         if( rc != -1 && rs->sr_type == REP_SASL && rs->sr_sasldata != NULL ) {
375                 rc = ber_printf( ber, "tO",
376                         LDAP_TAG_SASL_RES_CREDS, rs->sr_sasldata );
377         }
378
379         if( rc != -1 &&
380                 ( rs->sr_type == REP_EXTENDED || rs->sr_type == REP_INTERMEDIATE ))
381         {
382                 if ( rs->sr_rspoid != NULL ) {
383                         rc = ber_printf( ber, "ts",
384                                 LDAP_TAG_EXOP_RES_OID, rs->sr_rspoid );
385                 }
386                 if( rc != -1 && rs->sr_rspdata != NULL ) {
387                         rc = ber_printf( ber, "tO",
388                                 LDAP_TAG_EXOP_RES_VALUE, rs->sr_rspdata );
389                 }
390         }
391
392         if( rc != -1 ) {
393                 rc = ber_printf( ber, /*"{"*/ "N}" );
394         }
395
396         if( rc != -1 ) {
397                 rc = send_ldap_controls( op, ber, rs->sr_ctrls );
398         }
399
400         if( rc != -1 ) {
401                 rc = ber_printf( ber, /*"{"*/ "N}" );
402         }
403
404 #ifdef LDAP_CONNECTIONLESS
405         if( op->o_conn && op->o_conn->c_is_udp && op->o_protocol == LDAP_VERSION2
406                 && rc != -1 )
407         {
408                 rc = ber_printf( ber, /*"{"*/ "N}" );
409         }
410 #endif
411                 
412         if ( rc == -1 ) {
413                 Debug( LDAP_DEBUG_ANY, "ber_printf failed\n", 0, 0, 0 );
414
415 #ifdef LDAP_CONNECTIONLESS
416                 if (!op->o_conn || op->o_conn->c_is_udp == 0)
417 #endif
418                 {
419                         ber_free_buf( ber );
420                 }
421                 goto cleanup;
422         }
423
424         /* send BER */
425         bytes = send_ldap_ber( op->o_conn, ber );
426 #ifdef LDAP_CONNECTIONLESS
427         if (!op->o_conn || op->o_conn->c_is_udp == 0)
428 #endif
429         {
430                 ber_free_buf( ber );
431         }
432
433         if ( bytes < 0 ) {
434                 Debug( LDAP_DEBUG_ANY,
435                         "send_ldap_response: ber write failed\n",
436                         0, 0, 0 );
437
438                 goto cleanup;
439         }
440
441 #ifdef LDAP_SLAPI
442         if ( op->o_pb ) {
443                 slapi_pblock_set( op->o_pb, SLAPI_RESULT_CODE, (void *)rs->sr_err );
444                 slapi_pblock_set( op->o_pb, SLAPI_RESULT_MATCHED,
445                         (void *)rs->sr_matched );
446                 slapi_pblock_set( op->o_pb, SLAPI_RESULT_TEXT, (void *)rs->sr_text );
447         }
448 #endif /* LDAP_SLAPI */
449
450         ldap_pvt_thread_mutex_lock( &num_sent_mutex );
451         num_bytes_sent += bytes;
452         num_pdu_sent++;
453         ldap_pvt_thread_mutex_unlock( &num_sent_mutex );
454
455 cleanup:;
456         /* Tell caller that we did this for real, as opposed to being
457          * overridden by a callback
458          */
459         rc = SLAP_CB_CONTINUE;
460
461 clean2:;
462         if ( op->o_callback ) {
463                 int             first = 1;
464                 slap_callback   *sc = op->o_callback,
465                                 *sc_next = op->o_callback;
466
467                 for ( sc_next = op->o_callback; sc_next; op->o_callback = sc_next) {
468                         sc_next = op->o_callback->sc_next;
469                         if ( op->o_callback->sc_cleanup ) {
470                                 (void)op->o_callback->sc_cleanup( op, rs );
471                                 if ( first && op->o_callback == NULL ) {
472                                         sc = NULL;
473                                 }
474                         }
475                         first = 0;
476                 }
477
478                 op->o_callback = sc;
479         }
480
481
482         if ( rs->sr_matched && rs->sr_flags & REP_MATCHED_MUSTBEFREED ) {
483                 free( (char *)rs->sr_matched );
484                 rs->sr_matched = NULL;
485         }
486
487         if ( rs->sr_ref && rs->sr_flags & REP_REF_MUSTBEFREED ) {
488                 ber_bvarray_free( rs->sr_ref );
489                 rs->sr_ref = NULL;
490         }
491
492         return rc;
493 }
494
495
496 void
497 send_ldap_disconnect( Operation *op, SlapReply *rs )
498 {
499 #define LDAP_UNSOLICITED_ERROR(e) \
500         (  (e) == LDAP_PROTOCOL_ERROR \
501         || (e) == LDAP_STRONG_AUTH_REQUIRED \
502         || (e) == LDAP_UNAVAILABLE )
503
504         assert( LDAP_UNSOLICITED_ERROR( rs->sr_err ) );
505
506         rs->sr_type = REP_EXTENDED;
507
508         Debug( LDAP_DEBUG_TRACE,
509                 "send_ldap_disconnect %d:%s\n",
510                 rs->sr_err, rs->sr_text ? rs->sr_text : "", NULL );
511
512         if ( op->o_protocol < LDAP_VERSION3 ) {
513                 rs->sr_rspoid = NULL;
514                 rs->sr_tag = req2res( op->o_tag );
515                 rs->sr_msgid = (rs->sr_tag != LBER_SEQUENCE) ? op->o_msgid : 0;
516
517         } else {
518                 rs->sr_rspoid = LDAP_NOTICE_DISCONNECT;
519                 rs->sr_tag = LDAP_RES_EXTENDED;
520                 rs->sr_msgid = 0;
521         }
522
523         if ( send_ldap_response( op, rs ) == SLAP_CB_CONTINUE ) {
524                 Statslog( LDAP_DEBUG_STATS,
525                         "conn=%lu op=%lu DISCONNECT tag=%lu err=%d text=%s\n",
526                         op->o_connid, op->o_opid, rs->sr_tag, rs->sr_err,
527                         rs->sr_text ? rs->sr_text : "" );
528         }
529 }
530
531 void
532 slap_send_ldap_result( Operation *op, SlapReply *rs )
533 {
534         char *tmp = NULL;
535         const char *otext = rs->sr_text;
536         BerVarray oref = rs->sr_ref;
537
538         rs->sr_type = REP_RESULT;
539
540         assert( !LDAP_API_ERROR( rs->sr_err ));
541
542         Debug( LDAP_DEBUG_TRACE,
543                 "send_ldap_result: conn=%lu op=%lu p=%d\n",
544                 op->o_connid, op->o_opid, op->o_protocol );
545
546         Debug( LDAP_DEBUG_ARGS,
547                 "send_ldap_result: err=%d matched=\"%s\" text=\"%s\"\n",
548                 rs->sr_err, rs->sr_matched ? rs->sr_matched : "",
549                 rs->sr_text ? rs->sr_text : "" );
550
551
552         if( rs->sr_ref ) {
553                 Debug( LDAP_DEBUG_ARGS,
554                         "send_ldap_result: referral=\"%s\"\n",
555                         rs->sr_ref[0].bv_val ? rs->sr_ref[0].bv_val : "NULL",
556                         NULL, NULL );
557         }
558
559         assert( rs->sr_err != LDAP_PARTIAL_RESULTS );
560
561         if ( rs->sr_err == LDAP_REFERRAL ) {
562 #ifdef LDAP_CONTROL_X_DOMAIN_SCOPE
563                 if( op->o_domain_scope ) {
564                         rs->sr_ref = NULL;
565                 }
566 #endif
567                 if( rs->sr_ref == NULL ) {
568                         rs->sr_err = LDAP_NO_SUCH_OBJECT;
569                 } else if ( op->o_protocol < LDAP_VERSION3 ) {
570                         rs->sr_err = LDAP_PARTIAL_RESULTS;
571                 }
572         }
573
574 #ifdef LDAP_SLAPI
575         /*
576          * Call pre-result plugins. To avoid infinite recursion plugins
577          * should just set SLAPI_RESULT_CODE rather than sending a
578          * result if they wish to change the result.
579          */
580         if ( op->o_pb != NULL ) {
581                 slapi_int_pblock_set_operation( op->o_pb, op );
582                 slapi_pblock_set( op->o_pb, SLAPI_RESULT_CODE,
583                         (void *)rs->sr_err );
584                 slapi_pblock_set( op->o_pb, SLAPI_RESULT_TEXT,
585                         (void *)rs->sr_text );
586                 slapi_pblock_set( op->o_pb, SLAPI_RESULT_MATCHED,
587                         (void *)rs->sr_matched );
588
589                 (void) slapi_int_call_plugins( op->o_bd, SLAPI_PLUGIN_PRE_RESULT_FN,
590                         op->o_pb );
591         }
592 #endif /* LDAP_SLAPI */
593
594         if ( op->o_protocol < LDAP_VERSION3 ) {
595                 tmp = v2ref( rs->sr_ref, rs->sr_text );
596                 rs->sr_text = tmp;
597                 rs->sr_ref = NULL;
598         }
599
600         rs->sr_tag = req2res( op->o_tag );
601         rs->sr_msgid = (rs->sr_tag != LBER_SEQUENCE) ? op->o_msgid : 0;
602
603         if ( send_ldap_response( op, rs ) == SLAP_CB_CONTINUE ) {
604                 if ( op->o_tag == LDAP_REQ_SEARCH ) {
605                         char nbuf[64];
606                         snprintf( nbuf, sizeof nbuf, "%d nentries=%d",
607                                 rs->sr_err, rs->sr_nentries );
608
609                         Statslog( LDAP_DEBUG_STATS,
610                         "conn=%lu op=%lu SEARCH RESULT tag=%lu err=%s text=%s\n",
611                                 op->o_connid, op->o_opid, rs->sr_tag, nbuf,
612                                 rs->sr_text ? rs->sr_text : "" );
613                 } else {
614                         Statslog( LDAP_DEBUG_STATS,
615                                 "conn=%lu op=%lu RESULT tag=%lu err=%d text=%s\n",
616                                 op->o_connid, op->o_opid, rs->sr_tag, rs->sr_err,
617                                 rs->sr_text ? rs->sr_text : "" );
618                 }
619         }
620
621         if( tmp != NULL ) ch_free(tmp);
622         rs->sr_text = otext;
623         rs->sr_ref = oref;
624 }
625
626 void
627 send_ldap_sasl( Operation *op, SlapReply *rs )
628 {
629         rs->sr_type = REP_SASL;
630         Debug( LDAP_DEBUG_TRACE, "send_ldap_sasl: err=%d len=%ld\n",
631                 rs->sr_err,
632                 rs->sr_sasldata ? (long) rs->sr_sasldata->bv_len : -1, NULL );
633
634         rs->sr_tag = req2res( op->o_tag );
635         rs->sr_msgid = (rs->sr_tag != LBER_SEQUENCE) ? op->o_msgid : 0;
636
637         send_ldap_response( op, rs );
638 }
639
640 void
641 slap_send_ldap_extended( Operation *op, SlapReply *rs )
642 {
643         rs->sr_type = REP_EXTENDED;
644
645         Debug( LDAP_DEBUG_TRACE,
646                 "send_ldap_extended: err=%d oid=%s len=%ld\n",
647                 rs->sr_err,
648                 rs->sr_rspoid ? rs->sr_rspoid : "",
649                 rs->sr_rspdata != NULL ? rs->sr_rspdata->bv_len : 0 );
650
651         rs->sr_tag = req2res( op->o_tag );
652         rs->sr_msgid = (rs->sr_tag != LBER_SEQUENCE) ? op->o_msgid : 0;
653
654         send_ldap_response( op, rs );
655 }
656
657 void
658 slap_send_ldap_intermediate( Operation *op, SlapReply *rs )
659 {
660         rs->sr_type = REP_INTERMEDIATE;
661         Debug( LDAP_DEBUG_TRACE,
662                 "send_ldap_intermediate: err=%d oid=%s len=%ld\n",
663                 rs->sr_err,
664                 rs->sr_rspoid ? rs->sr_rspoid : "",
665                 rs->sr_rspdata != NULL ? rs->sr_rspdata->bv_len : 0 );
666         rs->sr_tag = LDAP_RES_INTERMEDIATE;
667         rs->sr_msgid = op->o_msgid;
668         send_ldap_response( op, rs );
669 }
670
671 int
672 slap_send_search_entry( Operation *op, SlapReply *rs )
673 {
674         BerElementBuffer berbuf;
675         BerElement      *ber = (BerElement *) &berbuf;
676         Attribute       *a;
677         int             i, j, rc=-1, bytes;
678         char            *edn;
679         int             userattrs;
680         AccessControlState acl_state = ACL_STATE_INIT;
681 #ifdef LDAP_SLAPI
682         /* Support for computed attribute plugins */
683         computed_attr_context    ctx;
684         AttributeName   *anp;
685 #endif
686         AttributeDescription *ad_entry = slap_schema.si_ad_entry;
687
688         /* a_flags: array of flags telling if the i-th element will be
689          *          returned or filtered out
690          * e_flags: array of a_flags
691          */
692         char **e_flags = NULL;
693         
694         rs->sr_type = REP_SEARCH;
695
696         /* eventually will loop through generated operational attribute types
697          * currently implemented types include:
698          *      entryDN, subschemaSubentry, and hasSubordinates */
699         /* NOTE: moved before overlays callback circling because
700          * they may modify entry and other stuff in rs */
701         /* check for special all operational attributes ("+") type */
702         /* FIXME: maybe we could se this flag at the operation level;
703          * however, in principle the caller of send_search_entry() may
704          * change the attribute list at each call */
705         rs->sr_attr_flags = slap_attr_flags( rs->sr_attrs );
706
707         rc = backend_operational( op, rs );
708         if ( rc ) {
709                 goto error_return;
710         }
711
712         if ( op->o_callback ) {
713                 int             first = 1;
714                 slap_callback   *sc = op->o_callback,
715                                 *sc_next = op->o_callback;
716
717                 rc = SLAP_CB_CONTINUE;
718                 for ( sc_next = op->o_callback; sc_next; op->o_callback = sc_next) {
719                         sc_next = op->o_callback->sc_next;
720                         if ( op->o_callback->sc_response ) {
721                                 rc = op->o_callback->sc_response( op, rs );
722                                 if ( first && op->o_callback == NULL ) {
723                                         sc = NULL;
724                                 }
725                                 if ( rc != SLAP_CB_CONTINUE ) break;
726                         }
727                         first = 0;
728                 }
729
730                 op->o_callback = sc;
731                 if ( rc != SLAP_CB_CONTINUE ) goto error_return;
732         }
733
734         Debug( LDAP_DEBUG_TRACE, "=> send_search_entry: conn %lu dn=\"%s\"%s\n",
735                 op->o_connid, rs->sr_entry->e_name.bv_val,
736                 op->ors_attrsonly ? " (attrsOnly)" : "" );
737
738         if ( !access_allowed( op, rs->sr_entry, ad_entry, NULL, ACL_READ, NULL )) {
739                 Debug( LDAP_DEBUG_ACL,
740                         "send_search_entry: conn %lu access to entry (%s) not allowed\n", 
741                         op->o_connid, rs->sr_entry->e_name.bv_val, 0 );
742
743                 rc = 1;
744                 goto error_return;
745         }
746
747         edn = rs->sr_entry->e_nname.bv_val;
748
749         if ( op->o_res_ber ) {
750                 /* read back control or LDAP_CONNECTIONLESS */
751             ber = op->o_res_ber;
752         } else {
753                 ber_len_t       siz, len;
754                 struct berval   bv;
755
756                 entry_flatsize( rs->sr_entry, &siz, &len, 0 );
757                 bv.bv_len = siz + len;
758                 bv.bv_val = op->o_tmpalloc(bv.bv_len, op->o_tmpmemctx );
759
760                 ber_init2( ber, &bv, LBER_USE_DER );
761                 ber_set_option( ber, LBER_OPT_BER_MEMCTX, &op->o_tmpmemctx );
762         }
763
764 #ifdef LDAP_CONNECTIONLESS
765         if ( op->o_conn && op->o_conn->c_is_udp ) {
766                 /* CONNECTIONLESS */
767                 if ( op->o_protocol == LDAP_VERSION2 ) {
768                 rc = ber_printf(ber, "t{O{" /*}}*/,
769                                 LDAP_RES_SEARCH_ENTRY, &rs->sr_entry->e_name );
770                 } else {
771                 rc = ber_printf( ber, "{it{O{" /*}}}*/, op->o_msgid,
772                                 LDAP_RES_SEARCH_ENTRY, &rs->sr_entry->e_name );
773                 }
774         } else
775 #endif
776         if ( op->o_res_ber ) {
777                 /* read back control */
778             rc = ber_printf( ber, "{O{" /*}}*/, &rs->sr_entry->e_name );
779         } else {
780             rc = ber_printf( ber, "{it{O{" /*}}}*/, op->o_msgid,
781                         LDAP_RES_SEARCH_ENTRY, &rs->sr_entry->e_name );
782         }
783
784         if ( rc == -1 ) {
785                 Debug( LDAP_DEBUG_ANY, 
786                         "send_search_entry: conn %lu  ber_printf failed\n", 
787                         op->o_connid, 0, 0 );
788
789                 if ( op->o_res_ber == NULL ) ber_free_buf( ber );
790                 send_ldap_error( op, rs, LDAP_OTHER, "encoding DN error" );
791                 goto error_return;
792         }
793
794         /* check for special all user attributes ("*") type */
795         userattrs = SLAP_USERATTRS( rs->sr_attr_flags );
796
797         /* create an array of arrays of flags. Each flag corresponds
798          * to particular value of attribute and equals 1 if value matches
799          * to ValuesReturnFilter or 0 if not
800          */     
801         if ( op->o_vrFilter != NULL ) {
802                 int     k = 0;
803                 size_t  size;
804
805                 for ( a = rs->sr_entry->e_attrs, i=0; a != NULL; a = a->a_next, i++ ) {
806                         for ( j = 0; a->a_vals[j].bv_val != NULL; j++ ) k++;
807                 }
808
809                 size = i * sizeof(char *) + k;
810                 if ( size > 0 ) {
811                         char    *a_flags;
812                         e_flags = slap_sl_calloc ( 1, i * sizeof(char *) + k, op->o_tmpmemctx );
813                         if( e_flags == NULL ) {
814                         Debug( LDAP_DEBUG_ANY, 
815                                         "send_search_entry: conn %lu slap_sl_calloc failed\n",
816                                         op->o_connid ? op->o_connid : 0, 0, 0 );
817                                 ber_free( ber, 1 );
818         
819                                 send_ldap_error( op, rs, LDAP_OTHER, "out of memory" );
820                                 goto error_return;
821                         }
822                         a_flags = (char *)(e_flags + i);
823                         memset( a_flags, 0, k );
824                         for ( a=rs->sr_entry->e_attrs, i=0; a != NULL; a=a->a_next, i++ ) {
825                                 for ( j = 0; a->a_vals[j].bv_val != NULL; j++ );
826                                 e_flags[i] = a_flags;
827                                 a_flags += j;
828                         }
829         
830                         rc = filter_matched_values(op, rs->sr_entry->e_attrs, &e_flags) ; 
831                         if ( rc == -1 ) {
832                                 Debug( LDAP_DEBUG_ANY, "send_search_entry: "
833                                         "conn %lu matched values filtering failed\n",
834                                         op->o_connid ? op->o_connid : 0, 0, 0 );
835                                 if ( op->o_res_ber == NULL ) ber_free_buf( ber );
836                                 send_ldap_error( op, rs, LDAP_OTHER,
837                                         "matched values filtering error" );
838                                 goto error_return;
839                         }
840                 }
841         }
842
843         for ( a = rs->sr_entry->e_attrs, j = 0; a != NULL; a = a->a_next, j++ ) {
844                 AttributeDescription *desc = a->a_desc;
845                 int finish = 0;
846
847                 if ( rs->sr_attrs == NULL ) {
848                         /* all attrs request, skip operational attributes */
849                         if( is_at_operational( desc->ad_type ) ) {
850                                 continue;
851                         }
852
853                 } else {
854                         /* specific attrs requested */
855                         if ( is_at_operational( desc->ad_type ) ) {
856                                 if ( !SLAP_OPATTRS( rs->sr_attr_flags ) &&
857                                                 !ad_inlist( desc, rs->sr_attrs ) )
858                                 {
859                                         continue;
860                                 }
861
862                         } else {
863                                 if ( !userattrs && !ad_inlist( desc, rs->sr_attrs ) )
864                                 {
865                                         continue;
866                                 }
867                         }
868                 }
869
870                 if ( op->ors_attrsonly ) {
871                         if ( ! access_allowed( op, rs->sr_entry, desc, NULL,
872                                 ACL_READ, &acl_state ) )
873                         {
874                                 Debug( LDAP_DEBUG_ACL, "send_search_entry: "
875                                         "conn %lu access to attribute %s not allowed\n",
876                                         op->o_connid, desc->ad_cname.bv_val, 0 );
877                                 continue;
878                         }
879
880                         if (( rc = ber_printf( ber, "{O[" /*]}*/ , &desc->ad_cname )) == -1 ) {
881                                 Debug( LDAP_DEBUG_ANY, 
882                                         "send_search_entry: conn %lu  ber_printf failed\n", 
883                                         op->o_connid, 0, 0 );
884
885                                 if ( op->o_res_ber == NULL ) ber_free_buf( ber );
886                                 send_ldap_error( op, rs, LDAP_OTHER,
887                                         "encoding description error");
888                                 goto error_return;
889                         }
890                         finish = 1;
891
892                 } else {
893                         int first = 1;
894                         for ( i = 0; a->a_nvals[i].bv_val != NULL; i++ ) {
895                                 if ( ! access_allowed( op, rs->sr_entry,
896                                         desc, &a->a_nvals[i], ACL_READ, &acl_state ) )
897                                 {
898                                         Debug( LDAP_DEBUG_ACL,
899                                                 "send_search_entry: conn %lu "
900                                                 "access to attribute %s, value #%d not allowed\n",
901                                                 op->o_connid, desc->ad_cname.bv_val, i );
902
903                                         continue;
904                                 }
905
906                                 if ( op->o_vrFilter && e_flags[j][i] == 0 ){
907                                         continue;
908                                 }
909
910                                 if ( first ) {
911                                         first = 0;
912                                         finish = 1;
913                                         if (( rc = ber_printf( ber, "{O[" /*]}*/ , &desc->ad_cname )) == -1 ) {
914                                                 Debug( LDAP_DEBUG_ANY,
915                                                         "send_search_entry: conn %lu  ber_printf failed\n", 
916                                                         op->o_connid, 0, 0 );
917
918                                                 if ( op->o_res_ber == NULL ) ber_free_buf( ber );
919                                                 send_ldap_error( op, rs, LDAP_OTHER,
920                                                         "encoding description error");
921                                                 goto error_return;
922                                         }
923                                 }
924                                 if (( rc = ber_printf( ber, "O", &a->a_vals[i] )) == -1 ) {
925                                         Debug( LDAP_DEBUG_ANY,
926                                                 "send_search_entry: conn %lu  "
927                                                 "ber_printf failed.\n", op->o_connid, 0, 0 );
928
929                                         if ( op->o_res_ber == NULL ) ber_free_buf( ber );
930                                         send_ldap_error( op, rs, LDAP_OTHER,
931                                                 "encoding values error" );
932                                         goto error_return;
933                                 }
934                         }
935                 }
936
937                 if ( finish && ( rc = ber_printf( ber, /*{[*/ "]N}" )) == -1 ) {
938                         Debug( LDAP_DEBUG_ANY,
939                                 "send_search_entry: conn %lu ber_printf failed\n", 
940                                 op->o_connid, 0, 0 );
941
942                         if ( op->o_res_ber == NULL ) ber_free_buf( ber );
943                         send_ldap_error( op, rs, LDAP_OTHER, "encode end error" );
944                         goto error_return;
945                 }
946         }
947
948         /* NOTE: moved before overlays callback circling because
949          * they may modify entry and other stuff in rs */
950         if ( rs->sr_operational_attrs != NULL && op->o_vrFilter != NULL ) {
951                 int     k = 0;
952                 size_t  size;
953
954                 for ( a = rs->sr_operational_attrs, i=0; a != NULL; a = a->a_next, i++ ) {
955                         for ( j = 0; a->a_vals[j].bv_val != NULL; j++ ) k++;
956                 }
957
958                 size = i * sizeof(char *) + k;
959                 if ( size > 0 ) {
960                         char    *a_flags, **tmp;
961                 
962                         /*
963                          * Reuse previous memory - we likely need less space
964                          * for operational attributes
965                          */
966                         tmp = slap_sl_realloc( e_flags, i * sizeof(char *) + k,
967                                 op->o_tmpmemctx );
968                         if ( tmp == NULL ) {
969                                 Debug( LDAP_DEBUG_ANY,
970                                         "send_search_entry: conn %lu "
971                                         "not enough memory "
972                                         "for matched values filtering\n",
973                                         op->o_connid, 0, 0 );
974                                 if ( op->o_res_ber == NULL ) ber_free_buf( ber );
975                                 send_ldap_error( op, rs, LDAP_OTHER,
976                                         "not enough memory for matched values filtering" );
977                                 goto error_return;
978                         }
979                         e_flags = tmp;
980                         a_flags = (char *)(e_flags + i);
981                         memset( a_flags, 0, k );
982                         for ( a = rs->sr_operational_attrs, i=0; a != NULL; a = a->a_next, i++ ) {
983                                 for ( j = 0; a->a_vals[j].bv_val != NULL; j++ );
984                                 e_flags[i] = a_flags;
985                                 a_flags += j;
986                         }
987                         rc = filter_matched_values(op, rs->sr_operational_attrs, &e_flags) ; 
988                     
989                         if ( rc == -1 ) {
990                                 Debug( LDAP_DEBUG_ANY,
991                                         "send_search_entry: conn %lu "
992                                         "matched values filtering failed\n", 
993                                         op->o_connid ? op->o_connid : 0, 0, 0);
994                                 if ( op->o_res_ber == NULL ) ber_free_buf( ber );
995                                 send_ldap_error( op, rs, LDAP_OTHER,
996                                         "matched values filtering error" );
997                                 goto error_return;
998                         }
999                 }
1000         }
1001
1002         for (a = rs->sr_operational_attrs, j=0; a != NULL; a = a->a_next, j++ ) {
1003                 AttributeDescription *desc = a->a_desc;
1004
1005                 if ( rs->sr_attrs == NULL ) {
1006                         /* all attrs request, skip operational attributes */
1007                         if( is_at_operational( desc->ad_type ) ) {
1008                                 continue;
1009                         }
1010
1011                 } else {
1012                         /* specific attrs requested */
1013                         if( is_at_operational( desc->ad_type ) ) {
1014                                 if ( !SLAP_OPATTRS( rs->sr_attr_flags ) && 
1015                                                 !ad_inlist( desc, rs->sr_attrs ) )
1016                                 {
1017                                         continue;
1018                                 }
1019                         } else {
1020                                 if ( !userattrs && !ad_inlist( desc, rs->sr_attrs ) ) {
1021                                         continue;
1022                                 }
1023                         }
1024                 }
1025
1026                 if ( ! access_allowed( op, rs->sr_entry, desc, NULL,
1027                         ACL_READ, &acl_state ) )
1028                 {
1029                         Debug( LDAP_DEBUG_ACL,
1030                                 "send_search_entry: conn %lu "
1031                                 "access to attribute %s not allowed\n",
1032                                 op->o_connid, desc->ad_cname.bv_val, 0 );
1033
1034                         continue;
1035                 }
1036
1037                 rc = ber_printf( ber, "{O[" /*]}*/ , &desc->ad_cname );
1038                 if ( rc == -1 ) {
1039                         Debug( LDAP_DEBUG_ANY,
1040                                 "send_search_entry: conn %lu  "
1041                                 "ber_printf failed\n", op->o_connid, 0, 0 );
1042
1043                         if ( op->o_res_ber == NULL ) ber_free_buf( ber );
1044                         send_ldap_error( op, rs, LDAP_OTHER,
1045                                 "encoding description error" );
1046                         goto error_return;
1047                 }
1048
1049                 if ( ! op->ors_attrsonly ) {
1050                         for ( i = 0; a->a_vals[i].bv_val != NULL; i++ ) {
1051                                 if ( ! access_allowed( op, rs->sr_entry,
1052                                         desc, &a->a_vals[i], ACL_READ, &acl_state ) )
1053                                 {
1054                                         Debug( LDAP_DEBUG_ACL,
1055                                                 "send_search_entry: conn %lu "
1056                                                 "access to %s, value %d not allowed\n",
1057                                                 op->o_connid, desc->ad_cname.bv_val, i );
1058
1059                                         continue;
1060                                 }
1061
1062                                 if ( op->o_vrFilter && e_flags[j][i] == 0 ){
1063                                         continue;
1064                                 }
1065
1066                                 if (( rc = ber_printf( ber, "O", &a->a_vals[i] )) == -1 ) {
1067                                         Debug( LDAP_DEBUG_ANY,
1068                                                 "send_search_entry: conn %lu  ber_printf failed\n", 
1069                                                 op->o_connid, 0, 0 );
1070
1071                                         if ( op->o_res_ber == NULL ) ber_free_buf( ber );
1072                                         send_ldap_error( op, rs, LDAP_OTHER,
1073                                                 "encoding values error" );
1074                                         goto error_return;
1075                                 }
1076                         }
1077                 }
1078
1079                 if (( rc = ber_printf( ber, /*{[*/ "]N}" )) == -1 ) {
1080                         Debug( LDAP_DEBUG_ANY,
1081                                 "send_search_entry: conn %lu  ber_printf failed\n",
1082                                 op->o_connid, 0, 0 );
1083
1084                         if ( op->o_res_ber == NULL ) ber_free_buf( ber );
1085                         send_ldap_error( op, rs, LDAP_OTHER, "encode end error" );
1086                         goto error_return;
1087                 }
1088         }
1089
1090 #ifdef LDAP_SLAPI
1091         /*
1092          * First, setup the computed attribute context that is
1093          * passed to all plugins.
1094          */
1095         if ( op->o_pb ) {
1096                 ctx.cac_pb = op->o_pb;
1097                 ctx.cac_attrs = rs->sr_attrs;
1098                 ctx.cac_attrsonly = op->ors_attrsonly;
1099                 ctx.cac_userattrs = userattrs;
1100                 ctx.cac_opattrs = rs->sr_attr_flags;
1101                 ctx.cac_acl_state = acl_state;
1102                 ctx.cac_private = (void *)ber;
1103
1104                 /*
1105                  * For each client requested attribute, call the plugins.
1106                  */
1107                 if ( rs->sr_attrs != NULL ) {
1108                         for ( anp = rs->sr_attrs; anp->an_name.bv_val != NULL; anp++ ) {
1109                                 rc = compute_evaluator( &ctx, anp->an_name.bv_val,
1110                                         rs->sr_entry, slapi_int_compute_output_ber );
1111                                 if ( rc == 1 ) break;
1112                         }
1113                 } else {
1114                         /*
1115                          * Technically we shouldn't be returning operational attributes
1116                          * when the user requested only user attributes. We'll let the
1117                          * plugin decide whether to be naughty or not.
1118                          */
1119                         rc = compute_evaluator( &ctx, "*",
1120                                 rs->sr_entry, slapi_int_compute_output_ber );
1121                 }
1122                 if ( rc == 1 ) {
1123                         if ( op->o_res_ber == NULL ) ber_free_buf( ber );
1124                         send_ldap_error( op, rs, LDAP_OTHER, "computed attribute error" );
1125                         goto error_return;
1126                 }
1127         }
1128 #endif /* LDAP_SLAPI */
1129
1130         /* free e_flags */
1131         if ( e_flags ) {
1132                 slap_sl_free( e_flags, op->o_tmpmemctx );
1133                 e_flags = NULL;
1134         }
1135
1136         rc = ber_printf( ber, /*{{*/ "}N}" );
1137
1138         if( rc != -1 ) {
1139                 rc = send_ldap_controls( op, ber, rs->sr_ctrls );
1140         }
1141
1142         if( rc != -1 ) {
1143 #ifdef LDAP_CONNECTIONLESS
1144                 if( op->o_conn && op->o_conn->c_is_udp ) {
1145                         if ( op->o_protocol != LDAP_VERSION2 ) {
1146                                 rc = ber_printf( ber, /*{*/ "N}" );
1147                         }
1148                 } else
1149 #endif
1150                 if ( op->o_res_ber == NULL ) {
1151                         rc = ber_printf( ber, /*{*/ "N}" );
1152                 }
1153         }
1154
1155         if ( rc == -1 ) {
1156                 Debug( LDAP_DEBUG_ANY, "ber_printf failed\n", 0, 0, 0 );
1157
1158                 if ( op->o_res_ber == NULL ) ber_free_buf( ber );
1159                 send_ldap_error( op, rs, LDAP_OTHER, "encode entry end error" );
1160                 rc = 1;
1161                 goto error_return;
1162         }
1163
1164         if ( op->o_res_ber == NULL ) {
1165                 bytes = send_ldap_ber( op->o_conn, ber );
1166                 ber_free_buf( ber );
1167
1168                 if ( bytes < 0 ) {
1169                         Debug( LDAP_DEBUG_ANY,
1170                                 "send_search_entry: conn %lu  ber write failed.\n", 
1171                                 op->o_connid, 0, 0 );
1172
1173                         rc = -1;
1174                         goto error_return;
1175                 }
1176                 rs->sr_nentries++;
1177
1178                 ldap_pvt_thread_mutex_lock( &num_sent_mutex );
1179                 num_bytes_sent += bytes;
1180                 num_entries_sent++;
1181                 num_pdu_sent++;
1182                 ldap_pvt_thread_mutex_unlock( &num_sent_mutex );
1183         }
1184
1185         Statslog( LDAP_DEBUG_STATS2, "conn=%lu op=%lu ENTRY dn=\"%s\"\n",
1186             op->o_connid, op->o_opid, rs->sr_entry->e_dn, 0, 0 );
1187
1188         Debug( LDAP_DEBUG_TRACE,
1189                 "<= send_search_entry: conn %lu exit.\n", op->o_connid, 0, 0 );
1190
1191         rc = 0;
1192
1193 error_return:;
1194         if ( op->o_callback ) {
1195                 int             first = 1;
1196                 slap_callback   *sc = op->o_callback,
1197                                 *sc_next = op->o_callback;
1198
1199                 for ( sc_next = op->o_callback; sc_next; op->o_callback = sc_next) {
1200                         sc_next = op->o_callback->sc_next;
1201                         if ( op->o_callback->sc_cleanup ) {
1202                                 (void)op->o_callback->sc_cleanup( op, rs );
1203                                 if ( first && op->o_callback == NULL ) {
1204                                         sc = NULL;
1205                                 }
1206                         }
1207                         first = 0;
1208                 }
1209
1210                 op->o_callback = sc;
1211         }
1212
1213         if ( e_flags ) {
1214                 slap_sl_free( e_flags, op->o_tmpmemctx );
1215         }
1216
1217         if ( rs->sr_operational_attrs ) {
1218                 attrs_free( rs->sr_operational_attrs );
1219                 rs->sr_operational_attrs = NULL;
1220         }
1221         rs->sr_attr_flags = SLAP_ATTRS_UNDEFINED;
1222
1223         /* FIXME: I think rs->sr_type should be explicitly set to
1224          * REP_SEARCH here. That's what it was when we entered this
1225          * function. send_ldap_error may have changed it, but we
1226          * should set it back so that the cleanup functions know
1227          * what they're doing.
1228          */
1229         if ( op->o_tag == LDAP_REQ_SEARCH && rs->sr_type == REP_SEARCH 
1230                 && rs->sr_entry 
1231                 && ( rs->sr_flags & REP_ENTRY_MUSTBEFREED ) ) 
1232         {
1233                 entry_free( rs->sr_entry );
1234                 rs->sr_entry = NULL;
1235                 rs->sr_flags &= ~REP_ENTRY_MUSTBEFREED;
1236         }
1237
1238         return( rc );
1239 }
1240
1241 int
1242 slap_send_search_reference( Operation *op, SlapReply *rs )
1243 {
1244         BerElementBuffer berbuf;
1245         BerElement      *ber = (BerElement *) &berbuf;
1246         int rc = 0;
1247         int bytes;
1248
1249         AttributeDescription *ad_ref = slap_schema.si_ad_ref;
1250         AttributeDescription *ad_entry = slap_schema.si_ad_entry;
1251
1252         rs->sr_type = REP_SEARCHREF;
1253         if ( op->o_callback ) {
1254                 int             first = 1;
1255                 slap_callback   *sc = op->o_callback,
1256                                 *sc_next = op->o_callback;
1257
1258                 rc = SLAP_CB_CONTINUE;
1259                 for ( sc_next = op->o_callback; sc_next; op->o_callback = sc_next) {
1260                         sc_next = op->o_callback->sc_next;
1261                         if ( op->o_callback->sc_response ) {
1262                                 rc = op->o_callback->sc_response( op, rs );
1263                                 if ( first && op->o_callback == NULL ) {
1264                                         sc = NULL;
1265                                 }
1266                                 if ( rc != SLAP_CB_CONTINUE ) break;
1267                         }
1268                         first = 0;
1269                 }
1270
1271                 op->o_callback = sc;
1272                 if ( rc != SLAP_CB_CONTINUE ) goto rel;
1273         }
1274
1275         Debug( LDAP_DEBUG_TRACE,
1276                 "=> send_search_reference: dn=\"%s\"\n",
1277                 rs->sr_entry ? rs->sr_entry->e_name.bv_val : "(null)", 0, 0 );
1278
1279         if (  rs->sr_entry && ! access_allowed( op, rs->sr_entry,
1280                 ad_entry, NULL, ACL_READ, NULL ) )
1281         {
1282                 Debug( LDAP_DEBUG_ACL,
1283                         "send_search_reference: access to entry not allowed\n",
1284                     0, 0, 0 );
1285                 rc = 1;
1286                 goto rel;
1287         }
1288
1289         if ( rs->sr_entry && ! access_allowed( op, rs->sr_entry,
1290                 ad_ref, NULL, ACL_READ, NULL ) )
1291         {
1292                 Debug( LDAP_DEBUG_ACL,
1293                         "send_search_reference: access "
1294                         "to reference not allowed\n",
1295                     0, 0, 0 );
1296                 rc = 1;
1297                 goto rel;
1298         }
1299
1300 #ifdef LDAP_CONTROL_X_DOMAIN_SCOPE
1301         if( op->o_domain_scope ) {
1302                 Debug( LDAP_DEBUG_ANY,
1303                         "send_search_reference: domainScope control in (%s)\n", 
1304                         rs->sr_entry->e_dn, 0, 0 );
1305                 rc = 0;
1306                 goto rel;
1307         }
1308 #endif
1309
1310         if( rs->sr_ref == NULL ) {
1311                 Debug( LDAP_DEBUG_ANY,
1312                         "send_search_reference: null ref in (%s)\n", 
1313                         rs->sr_entry ? rs->sr_entry->e_dn : "(null)", 0, 0 );
1314                 rc = 1;
1315                 goto rel;
1316         }
1317
1318         if( op->o_protocol < LDAP_VERSION3 ) {
1319                 rc = 0;
1320                 /* save the references for the result */
1321                 if( rs->sr_ref[0].bv_val != NULL ) {
1322                         if( value_add( &rs->sr_v2ref, rs->sr_ref ) )
1323                                 rc = LDAP_OTHER;
1324                 }
1325                 goto rel;
1326         }
1327
1328 #ifdef LDAP_CONNECTIONLESS
1329         if( op->o_conn && op->o_conn->c_is_udp ) {
1330                 ber = op->o_res_ber;
1331         } else
1332 #endif
1333         {
1334                 ber_init_w_nullc( ber, LBER_USE_DER );
1335                 ber_set_option( ber, LBER_OPT_BER_MEMCTX, &op->o_tmpmemctx );
1336         }
1337
1338         rc = ber_printf( ber, "{it{W}" /*"}"*/ , op->o_msgid,
1339                 LDAP_RES_SEARCH_REFERENCE, rs->sr_ref );
1340
1341         if( rc != -1 ) {
1342                 rc = send_ldap_controls( op, ber, rs->sr_ctrls );
1343         }
1344
1345         if( rc != -1 ) {
1346                 rc = ber_printf( ber, /*"{"*/ "N}" );
1347         }
1348
1349         if ( rc == -1 ) {
1350                 Debug( LDAP_DEBUG_ANY,
1351                         "send_search_reference: ber_printf failed\n", 0, 0, 0 );
1352
1353 #ifdef LDAP_CONNECTIONLESS
1354                 if (!op->o_conn || op->o_conn->c_is_udp == 0)
1355 #endif
1356                 ber_free_buf( ber );
1357                 send_ldap_error( op, rs, LDAP_OTHER, "encode DN error" );
1358                 goto rel;
1359         }
1360
1361 #ifdef LDAP_CONNECTIONLESS
1362         if (!op->o_conn || op->o_conn->c_is_udp == 0) {
1363 #endif
1364         bytes = send_ldap_ber( op->o_conn, ber );
1365         ber_free_buf( ber );
1366
1367         ldap_pvt_thread_mutex_lock( &num_sent_mutex );
1368         num_bytes_sent += bytes;
1369         num_refs_sent++;
1370         num_pdu_sent++;
1371         ldap_pvt_thread_mutex_unlock( &num_sent_mutex );
1372 #ifdef LDAP_CONNECTIONLESS
1373         }
1374 #endif
1375
1376         Statslog( LDAP_DEBUG_STATS2, "conn=%lu op=%lu REF dn=\"%s\"\n",
1377                 op->o_connid, op->o_opid, rs->sr_entry ? rs->sr_entry->e_dn : "(null)", 0, 0 );
1378
1379         Debug( LDAP_DEBUG_TRACE, "<= send_search_reference\n", 0, 0, 0 );
1380
1381 rel:
1382         if ( op->o_callback ) {
1383                 int             first = 1;
1384                 slap_callback   *sc = op->o_callback,
1385                                 *sc_next = op->o_callback;
1386
1387                 for ( sc_next = op->o_callback; sc_next; op->o_callback = sc_next) {
1388                         sc_next = op->o_callback->sc_next;
1389                         if ( op->o_callback->sc_cleanup ) {
1390                                 (void)op->o_callback->sc_cleanup( op, rs );
1391                                 if ( first && op->o_callback == NULL ) {
1392                                         sc = NULL;
1393                                 }
1394                         }
1395                         first = 0;
1396                 }
1397
1398                 op->o_callback = sc;
1399         }
1400
1401         return rc;
1402 }
1403
1404 int
1405 str2result(
1406     char        *s,
1407     int         *code,
1408     char        **matched,
1409     char        **info
1410 )
1411 {
1412         int     rc;
1413         char    *c;
1414
1415         *code = LDAP_SUCCESS;
1416         *matched = NULL;
1417         *info = NULL;
1418
1419         if ( strncasecmp( s, "RESULT", STRLENOF( "RESULT" ) ) != 0 ) {
1420                 Debug( LDAP_DEBUG_ANY, "str2result (%s) expecting \"RESULT\"\n",
1421                     s, 0, 0 );
1422
1423                 return( -1 );
1424         }
1425
1426         rc = 0;
1427         while ( (s = strchr( s, '\n' )) != NULL ) {
1428                 *s++ = '\0';
1429                 if ( *s == '\0' ) {
1430                         break;
1431                 }
1432                 if ( (c = strchr( s, ':' )) != NULL ) {
1433                         c++;
1434                 }
1435
1436                 if ( strncasecmp( s, "code", STRLENOF( "code" ) ) == 0 ) {
1437                         if ( c != NULL ) {
1438                                 *code = atoi( c );
1439                         }
1440                 } else if ( strncasecmp( s, "matched", STRLENOF( "matched" ) ) == 0 ) {
1441                         if ( c != NULL ) {
1442                                 *matched = c;
1443                         }
1444                 } else if ( strncasecmp( s, "info", STRLENOF( "info" ) ) == 0 ) {
1445                         if ( c != NULL ) {
1446                                 *info = c;
1447                         }
1448                 } else {
1449                         Debug( LDAP_DEBUG_ANY, "str2result (%s) unknown\n",
1450                             s, 0, 0 );
1451
1452                         rc = -1;
1453                 }
1454         }
1455
1456         return( rc );
1457 }
1458
1459 int slap_read_controls(
1460         Operation *op,
1461         SlapReply *rs,
1462         Entry *e,
1463         const struct berval *oid,
1464         LDAPControl **ctrl )
1465 {
1466         int rc;
1467         struct berval bv;
1468         BerElementBuffer berbuf;
1469         BerElement *ber = (BerElement *) &berbuf;
1470         LDAPControl c;
1471         ber_len_t       siz, len;
1472         Operation myop;
1473
1474         Debug( LDAP_DEBUG_ANY, "slap_read_controls: (%s) %s\n",
1475                 oid->bv_val, e->e_dn, 0 );
1476
1477         rs->sr_entry = e;
1478         rs->sr_attrs = ( oid == &slap_pre_read_bv ) ?
1479                 op->o_preread_attrs : op->o_postread_attrs; 
1480
1481         entry_flatsize( rs->sr_entry, &siz, &len, 0 );
1482         bv.bv_len = siz + len;
1483         bv.bv_val = op->o_tmpalloc(bv.bv_len, op->o_tmpmemctx );
1484
1485         ber_init2( ber, &bv, LBER_USE_DER );
1486         ber_set_option( ber, LBER_OPT_BER_MEMCTX, &op->o_tmpmemctx );
1487
1488         /* create new operation */
1489         myop = *op;
1490         myop.o_bd = NULL;
1491         myop.o_res_ber = ber;
1492
1493         rc = slap_send_search_entry( &myop, rs );
1494         if( rc ) return rc;
1495
1496         rc = ber_flatten2( ber, &c.ldctl_value, 0 );
1497
1498         if( rc == LBER_ERROR ) return LDAP_OTHER;
1499
1500         c.ldctl_oid = oid->bv_val;
1501         c.ldctl_iscritical = 0;
1502
1503         if ( ctrl == NULL ) {
1504                 /* first try */
1505                 *ctrl = (LDAPControl *) slap_sl_calloc( 1, sizeof(LDAPControl), NULL );
1506         } else {
1507                 /* retry: free previous try */
1508                 slap_sl_free( (*ctrl)->ldctl_value.bv_val, &op->o_tmpmemctx );
1509         }
1510
1511         **ctrl = c;
1512         return LDAP_SUCCESS;
1513 }
1514
1515 /* Map API errors to protocol errors... */
1516 int
1517 slap_map_api2result( SlapReply *rs )
1518 {
1519         switch(rs->sr_err) {
1520         case LDAP_SERVER_DOWN:
1521                 return LDAP_UNAVAILABLE;
1522         case LDAP_LOCAL_ERROR:
1523                 return LDAP_OTHER;
1524         case LDAP_ENCODING_ERROR:
1525         case LDAP_DECODING_ERROR:
1526                 return LDAP_PROTOCOL_ERROR;
1527         case LDAP_TIMEOUT:
1528                 return LDAP_UNAVAILABLE;
1529         case LDAP_AUTH_UNKNOWN:
1530                 return LDAP_AUTH_METHOD_NOT_SUPPORTED;
1531         case LDAP_FILTER_ERROR:
1532                 rs->sr_text = "Filter error";
1533                 return LDAP_OTHER;
1534         case LDAP_USER_CANCELLED:
1535                 rs->sr_text = "User cancelled";
1536                 return LDAP_OTHER;
1537         case LDAP_PARAM_ERROR:
1538                 return LDAP_PROTOCOL_ERROR;
1539         case LDAP_NO_MEMORY:
1540                 return LDAP_OTHER;
1541         case LDAP_CONNECT_ERROR:
1542                 return LDAP_UNAVAILABLE;
1543         case LDAP_NOT_SUPPORTED:
1544                 return LDAP_UNWILLING_TO_PERFORM;
1545         case LDAP_CONTROL_NOT_FOUND:
1546                 return LDAP_PROTOCOL_ERROR;
1547         case LDAP_NO_RESULTS_RETURNED:
1548                 return LDAP_NO_SUCH_OBJECT;
1549         case LDAP_MORE_RESULTS_TO_RETURN:
1550                 rs->sr_text = "More results to return";
1551                 return LDAP_OTHER;
1552         case LDAP_CLIENT_LOOP:
1553         case LDAP_REFERRAL_LIMIT_EXCEEDED:
1554                 return LDAP_LOOP_DETECT;
1555         default:
1556                 if ( LDAP_API_ERROR(rs->sr_err) ) return LDAP_OTHER;
1557                 return rs->sr_err;
1558         }
1559 }
1560
1561
1562 slap_mask_t
1563 slap_attr_flags( AttributeName *an )
1564 {
1565         slap_mask_t     flags = SLAP_ATTRS_UNDEFINED;
1566
1567         if ( an == NULL ) {
1568                 flags |= ( SLAP_OPATTRS_NO | SLAP_USERATTRS_YES );
1569
1570         } else {
1571                 flags |= an_find( an, &AllOper ) ?  SLAP_OPATTRS_YES : SLAP_OPATTRS_NO;
1572                 flags |= an_find( an, &AllUser ) ?  SLAP_USERATTRS_YES : SLAP_USERATTRS_NO;
1573         }
1574
1575         return flags;
1576 }
1577