1 /* result.c - routines to send ldap results, errors, and referrals */
4 * Copyright 1998-2000 The OpenLDAP Foundation, All Rights Reserved.
5 * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
12 #include <ac/socket.h>
14 #include <ac/signal.h>
15 #include <ac/string.h>
18 #include <ac/unistd.h>
22 /* we need LBER internals */
23 #include "../../libraries/liblber/lber-int.h"
25 static char *v2ref( struct berval **ref, const char *text )
27 size_t len = 0, i = 0;
33 return ch_strdup(text);
40 if (text[len-1] != '\n')
43 v2 = ch_malloc( len+i+sizeof("Referral:") );
49 strcpy( v2+len, "Referral:" );
50 len += sizeof("Referral:");
52 for( i=0; ref[i] != NULL; i++ ) {
53 v2 = ch_realloc( v2, len + ref[i]->bv_len + 1 );
55 memcpy(&v2[len], ref[i]->bv_val, ref[i]->bv_len );
56 len += ref[i]->bv_len;
57 if (ref[i]->bv_val[ref[i]->bv_len-1] != '/')
65 static ber_tag_t req2res( ber_tag_t tag )
70 case LDAP_REQ_COMPARE:
71 case LDAP_REQ_EXTENDED:
78 tag = LDAP_RES_DELETE;
81 case LDAP_REQ_ABANDON:
87 tag = LDAP_RES_SEARCH_RESULT;
97 static void trim_refs_urls(
98 struct berval **refs )
102 if( refs == NULL ) return;
104 for( i=0; refs[i] != NULL; i++ ) {
105 if( refs[i]->bv_len > sizeof("ldap://")-1 &&
106 strncasecmp( refs[i]->bv_val, "ldap://",
107 sizeof("ldap://")-1 ) == 0 )
110 for( j=sizeof("ldap://")-1; j<refs[i]->bv_len ; j++ ) {
111 if( refs[i]->bv_val[j] == '/' ) {
112 refs[i]->bv_val[j] = '\0';
121 struct berval **get_entry_referrals(
128 struct berval **refs;
131 #ifdef SLAPD_SCHEMA_NOT_COMPAT
132 AttributeDescription *ad_ref = slap_schema.si_ad_ref;
134 static const char *ad_ref = "ref";
137 attr = attr_find( e->e_attrs, ad_ref );
139 if( attr == NULL ) return NULL;
141 for( i=0; attr->a_vals[i] != NULL; i++ ) {
142 /* count references */
145 if( i < 1 ) return NULL;
147 refs = ch_malloc( (i + 1) * sizeof(struct berval *));
149 for( i=0, j=0; attr->a_vals[i] != NULL; i++ ) {
151 struct berval *ref = ber_bvdup( attr->a_vals[i] );
154 for( k=0; k<ref->bv_len; k++ ) {
155 if( isspace(ref->bv_val[k]) ) {
156 ref->bv_val[k] = '\0';
162 if( ref->bv_len > 0 ) {
173 ber_bvecfree( refs );
177 /* we should check that a referral value exists... */
182 static long send_ldap_ber(
188 ber_get_option( ber, LBER_OPT_BER_BYTES_TO_WRITE, &bytes );
190 /* write only one pdu at a time - wait til it's our turn */
191 ldap_pvt_thread_mutex_lock( &conn->c_write_mutex );
193 /* lock the connection */
194 ldap_pvt_thread_mutex_lock( &conn->c_mutex );
200 if ( connection_state_closing( conn ) ) {
201 ldap_pvt_thread_mutex_unlock( &conn->c_mutex );
202 ldap_pvt_thread_mutex_unlock( &conn->c_write_mutex );
207 if ( ber_flush( conn->c_sb, ber, 0 ) == 0 ) {
214 * we got an error. if it's ewouldblock, we need to
215 * wait on the socket being writable. otherwise, figure
216 * it's a hard error and return.
219 Debug( LDAP_DEBUG_CONNS, "ber_flush failed errno=%d reason=\"%s\"\n",
220 err, sock_errstr(err), 0 );
222 if ( err != EWOULDBLOCK && err != EAGAIN ) {
223 connection_closing( conn );
225 ldap_pvt_thread_mutex_unlock( &conn->c_mutex );
226 ldap_pvt_thread_mutex_unlock( &conn->c_write_mutex );
231 /* wait for socket to be write-ready */
232 conn->c_writewaiter = 1;
233 slapd_set_write( ber_pvt_sb_get_desc( conn->c_sb ), 1 );
235 ldap_pvt_thread_cond_wait( &conn->c_write_cv, &conn->c_mutex );
236 conn->c_writewaiter = 0;
239 ldap_pvt_thread_mutex_unlock( &conn->c_mutex );
240 ldap_pvt_thread_mutex_unlock( &conn->c_write_mutex );
256 struct berval *resdata,
257 struct berval *sasldata,
265 assert( ctrls == NULL ); /* ctrls not implemented */
267 ber = ber_alloc_t( LBER_USE_DER );
269 Debug( LDAP_DEBUG_TRACE, "send_ldap_response: msgid=%ld tag=%ld err=%ld\n",
270 (long) msgid, (long) tag, (long) err );
272 Debug( LDAP_DEBUG_ARGS, "send_ldap_response: ref=%s\n",
273 ref[0] && ref[0]->bv_val ? ref[0]->bv_val : "NULL",
278 Debug( LDAP_DEBUG_ANY, "ber_alloc failed\n", 0, 0, 0 );
282 #ifdef LDAP_CONNECTIONLESS
284 rc = ber_printf( ber, "{is{t{ess}}}", msgid, "", tag,
285 err, matched ? matched : "", text ? text : "" );
289 rc = ber_printf( ber, "{it{ess",
291 matched == NULL ? "" : matched,
292 text == NULL ? "" : text );
296 assert( err == LDAP_REFERRAL );
297 rc = ber_printf( ber, "t{V}",
298 LDAP_TAG_REFERRAL, ref );
300 assert( err != LDAP_REFERRAL );
304 if( rc != -1 && sasldata != NULL ) {
305 rc = ber_printf( ber, "tO",
306 LDAP_TAG_SASL_RES_CREDS, sasldata );
309 if( rc != -1 && resoid != NULL ) {
310 rc = ber_printf( ber, "ts",
311 LDAP_TAG_EXOP_RES_OID, resoid );
314 if( rc != -1 && resdata != NULL ) {
315 rc = ber_printf( ber, "tO",
316 LDAP_TAG_EXOP_RES_VALUE, resdata );
320 rc = ber_printf( ber, "}}" );
325 Debug( LDAP_DEBUG_ANY, "ber_printf failed\n", 0, 0, 0 );
331 bytes = send_ldap_ber( conn, ber );
335 Debug( LDAP_DEBUG_ANY,
336 "send_ldap_response: ber write failed\n",
341 ldap_pvt_thread_mutex_lock( &num_sent_mutex );
342 num_bytes_sent += bytes;
344 ldap_pvt_thread_mutex_unlock( &num_sent_mutex );
350 send_ldap_disconnect(
361 #define LDAP_UNSOLICITED_ERROR(e) \
362 ( (e) == LDAP_PROTOCOL_ERROR \
363 || (e) == LDAP_STRONG_AUTH_REQUIRED \
364 || (e) == LDAP_UNAVAILABLE )
366 assert( LDAP_UNSOLICITED_ERROR( err ) );
368 Debug( LDAP_DEBUG_TRACE,
369 "send_ldap_disconnect %d:%s\n",
370 err, text ? text : "", NULL );
372 if ( op->o_protocol < LDAP_VERSION3 ) {
374 tag = req2res( op->o_tag );
375 msgid = (tag != LBER_SEQUENCE) ? op->o_msgid : 0;
378 reqoid = LDAP_NOTICE_DISCONNECT;
379 tag = LDAP_RES_EXTENDED;
383 #ifdef LDAP_CONNECTIONLESS
385 ber_pvt_sb_udp_set_dst( conn->c_sb, &op->o_clientaddr );
386 Debug( LDAP_DEBUG_TRACE, "UDP response to %s port %d\n",
387 inet_ntoa(((struct sockaddr_in *)
388 &op->o_clientaddr)->sin_addr ),
389 ((struct sockaddr_in *) &op->o_clientaddr)->sin_port,
394 send_ldap_response( conn, op, tag, msgid,
395 err, NULL, text, NULL,
396 reqoid, NULL, NULL, NULL );
398 Statslog( LDAP_DEBUG_STATS,
399 "conn=%ld op=%ld DISCONNECT err=%ld tag=%lu text=%s\n",
400 (long) op->o_connid, (long) op->o_opid,
401 (long) tag, (long) err, text ? text : "" );
419 assert( !LDAP_API_ERROR( err ) );
421 Debug( LDAP_DEBUG_TRACE, "send_ldap_result: conn=%ld op=%ld p=%d\n",
422 (long) op->o_connid, (long) op->o_opid, op->o_protocol );
423 Debug( LDAP_DEBUG_ARGS, "send_ldap_result: %d:%s:%s\n",
424 err, matched ? matched : "", text ? text : "" );
426 Debug( LDAP_DEBUG_ARGS, "send_ldap_result: referral: %s\n",
427 ref[0] && ref[0]->bv_val ? ref[0]->bv_val : "NULL",
431 assert( err != LDAP_PARTIAL_RESULTS );
433 if( op->o_tag != LDAP_REQ_SEARCH ) {
434 trim_refs_urls( ref );
437 if ( err == LDAP_REFERRAL ) {
439 err = LDAP_NO_SUCH_OBJECT;
440 } else if ( op->o_protocol < LDAP_VERSION3 ) {
441 err = LDAP_PARTIAL_RESULTS;
445 if ( op->o_protocol < LDAP_VERSION3 ) {
446 tmp = v2ref( ref, text );
451 tag = req2res( op->o_tag );
452 msgid = (tag != LBER_SEQUENCE) ? op->o_msgid : 0;
454 #ifdef LDAP_CONNECTIONLESS
456 ber_pvt_sb_udp_set_dst( conn->c_sb, &op->o_clientaddr );
457 Debug( LDAP_DEBUG_TRACE, "UDP response to %s port %d\n",
458 inet_ntoa(((struct sockaddr_in *)
459 &op->o_clientaddr)->sin_addr ),
460 ((struct sockaddr_in *) &op->o_clientaddr)->sin_port,
465 send_ldap_response( conn, op, tag, msgid,
466 err, matched, text, ref,
467 NULL, NULL, NULL, ctrls );
469 Statslog( LDAP_DEBUG_STATS,
470 "conn=%ld op=%ld RESULT tag=%lu err=%ld text=%s\n",
471 (long) op->o_connid, (long) op->o_opid,
472 (long) tag, (long) err, text ? text : "" );
494 Debug( LDAP_DEBUG_TRACE, "send_ldap_sasl %ld\n",
495 (long) err, NULL, NULL );
497 tag = req2res( op->o_tag );
498 msgid = (tag != LBER_SEQUENCE) ? op->o_msgid : 0;
500 #ifdef LDAP_CONNECTIONLESS
502 ber_pvt_sb_udp_set_dst( conn->c_sb, &op->o_clientaddr );
503 Debug( LDAP_DEBUG_TRACE, "UDP response to %s port %d\n",
504 inet_ntoa(((struct sockaddr_in *)
505 &op->o_clientaddr)->sin_addr ),
506 ((struct sockaddr_in *) &op->o_clientaddr)->sin_port,
511 send_ldap_response( conn, op, tag, msgid,
512 err, matched, text, ref,
513 NULL, NULL, cred, ctrls );
523 struct berval **refs,
525 struct berval *rspdata,
532 Debug( LDAP_DEBUG_TRACE,
533 "send_ldap_extended %ld:%s (%ld)\n",
535 rspoid ? rspoid : "",
536 rspdata != NULL ? (long) rspdata->bv_len : (long) 0 );
538 tag = req2res( op->o_tag );
539 msgid = (tag != LBER_SEQUENCE) ? op->o_msgid : 0;
541 #ifdef LDAP_CONNECTIONLESS
543 ber_pvt_sb_udp_set_dst( conn->c_sb, &op->o_clientaddr );
544 Debug( LDAP_DEBUG_TRACE, "UDP response to %s port %d\n",
545 inet_ntoa(((struct sockaddr_in *)
546 &op->o_clientaddr)->sin_addr ),
547 ((struct sockaddr_in *) &op->o_clientaddr)->sin_port,
552 send_ldap_response( conn, op, tag, msgid,
553 err, matched, text, refs,
554 rspoid, rspdata, NULL, ctrls );
565 struct berval **refs,
573 assert( !LDAP_API_ERROR( err ) );
575 Debug( LDAP_DEBUG_TRACE, "send_ldap_search_result %d:%s:%s\n",
576 err, matched ? matched : "", text ? text : "" );
578 assert( err != LDAP_PARTIAL_RESULTS );
580 trim_refs_urls( refs );
582 if( op->o_protocol < LDAP_VERSION3 ) {
583 /* send references in search results */
584 if( err == LDAP_REFERRAL ) {
585 err = LDAP_PARTIAL_RESULTS;
588 tmp = v2ref( refs, text );
592 /* don't send references in search results */
593 assert( refs == NULL );
596 if( err == LDAP_REFERRAL ) {
601 tag = req2res( op->o_tag );
602 msgid = (tag != LBER_SEQUENCE) ? op->o_msgid : 0;
604 #ifdef LDAP_CONNECTIONLESS
606 ber_pvt_sb_udp_set_dst( conn->c_sb, &op->o_clientaddr );
607 Debug( LDAP_DEBUG_TRACE, "UDP response to %s port %d\n",
608 inet_ntoa(((struct sockaddr_in *)
609 &op->o_clientaddr)->sin_addr ),
610 ((struct sockaddr_in *) &op->o_clientaddr)->sin_port,
615 send_ldap_response( conn, op, tag, msgid,
616 err, matched, text, refs,
617 NULL, NULL, NULL, ctrls );
619 Statslog( LDAP_DEBUG_STATS,
620 "conn=%ld op=%ld SEARCH RESULT tag=%lu err=%ld text=%s\n",
621 (long) op->o_connid, (long) op->o_opid,
622 (long) tag, (long) err, text ? text : "" );
647 #ifdef SLAPD_SCHEMA_NOT_COMPAT
648 AttributeDescription *ad_entry = slap_schema.si_ad_entry;
650 static const char *ad_entry = "entry";
653 Debug( LDAP_DEBUG_TRACE, "=> send_search_entry: \"%s\"\n", e->e_dn, 0, 0 );
655 if ( ! access_allowed( be, conn, op, e,
656 ad_entry, NULL, ACL_READ ) )
658 Debug( LDAP_DEBUG_ACL, "acl: access to entry not allowed\n",
665 ber = ber_alloc_t( LBER_USE_DER );
668 Debug( LDAP_DEBUG_ANY, "ber_alloc failed\n", 0, 0, 0 );
669 send_ldap_result( conn, op, LDAP_OTHER,
670 NULL, "BER allocation error", NULL, NULL );
674 rc = ber_printf( ber, "{it{s{" /*}}}*/, op->o_msgid,
675 LDAP_RES_SEARCH_ENTRY, e->e_dn );
678 Debug( LDAP_DEBUG_ANY, "ber_printf failed\n", 0, 0, 0 );
680 send_ldap_result( conn, op, LDAP_OTHER,
681 NULL, "encoding DN error", NULL, NULL );
685 /* check for special all user attributes ("*") type */
686 userattrs = ( attrs == NULL ) ? 1
687 : charray_inlist( attrs, LDAP_ALL_USER_ATTRIBUTES );
689 /* check for special all operational attributes ("+") type */
690 opattrs = ( attrs == NULL ) ? 0
691 : charray_inlist( attrs, LDAP_ALL_OPERATIONAL_ATTRIBUTES );
693 for ( a = e->e_attrs; a != NULL; a = a->a_next ) {
694 #ifdef SLAPD_SCHEMA_NOT_COMPAT
695 AttributeDescription *desc = a->a_desc;
696 char *type = desc->ad_cname->bv_val;
698 char *desc = a->a_type;
699 char *type = a->a_type;
702 if ( attrs == NULL ) {
703 /* all addrs request, skip operational attributes */
704 #ifdef SLAPD_SCHEMA_NOT_COMPAT
705 if( is_at_operational( desc->ad_type ) )
707 if( oc_check_op_attr( desc ) )
714 /* specific addrs requested */
715 #ifdef SLAPD_SCHEMA_NOT_COMPAT
716 if ( is_at_operational( desc->ad_type ) )
718 if ( oc_check_op_attr( desc ) )
721 if( !opattrs && !ad_inlist( desc, attrs ) ) {
725 if (!userattrs && !ad_inlist( desc, attrs ) ) {
731 if ( ! access_allowed( be, conn, op, e, desc, NULL, ACL_READ ) ) {
732 Debug( LDAP_DEBUG_ACL, "acl: access to attribute %s not allowed\n",
737 if (( rc = ber_printf( ber, "{s[" /*]}*/ , type )) == -1 ) {
738 Debug( LDAP_DEBUG_ANY, "ber_printf failed\n", 0, 0, 0 );
740 send_ldap_result( conn, op, LDAP_OTHER,
741 NULL, "encoding description error", NULL, NULL );
746 for ( i = 0; a->a_vals[i] != NULL; i++ ) {
747 if ( ! access_allowed( be, conn, op, e,
748 desc, a->a_vals[i], ACL_READ ) )
750 Debug( LDAP_DEBUG_ACL,
751 "acl: access to attribute %s, value %d not allowed\n",
756 if (( rc = ber_printf( ber, "O", a->a_vals[i] )) == -1 ) {
757 Debug( LDAP_DEBUG_ANY,
758 "ber_printf failed\n", 0, 0, 0 );
760 send_ldap_result( conn, op, LDAP_OTHER,
761 NULL, "encoding values error", NULL, NULL );
767 if (( rc = ber_printf( ber, /*{[*/ "]}" )) == -1 ) {
768 Debug( LDAP_DEBUG_ANY, "ber_printf failed\n", 0, 0, 0 );
770 send_ldap_result( conn, op, LDAP_OTHER,
771 NULL, "encode end error", NULL, NULL );
776 /* eventually will loop through generated operational attributes */
777 /* only have subschemaSubentry implemented */
778 aa = backend_operational( be, e );
780 for (a = aa ; a == NULL; a = a->a_next ) {
781 #ifdef SLAPD_SCHEMA_NOT_COMPAT
782 AttributeDescription *desc = a->a_desc;
784 char *desc = a->a_type;
787 if ( attrs == NULL ) {
788 /* all addrs request, skip operational attributes */
789 #ifdef SLAPD_SCHEMA_NOT_COMPAT
790 if( is_at_operational( desc->ad_type ) )
792 if( oc_check_op_attr( desc ) )
799 /* specific addrs requested */
800 #ifdef SLAPD_SCHEMA_NOT_COMPAT
801 if( is_at_operational( desc->ad_type ) )
803 if( oc_check_op_attr( desc ) )
806 if( !opattrs && !ad_inlist( desc, attrs ) )
811 if (!userattrs && !ad_inlist( desc, attrs ) )
818 if ( ! access_allowed( be, conn, op, e, desc, NULL, ACL_READ ) ) {
819 Debug( LDAP_DEBUG_ACL, "acl: access to attribute %s not allowed\n",
824 if (( rc = ber_printf( ber, "{s[" /*]}*/ , desc )) == -1 ) {
825 Debug( LDAP_DEBUG_ANY, "ber_printf failed\n", 0, 0, 0 );
827 send_ldap_result( conn, op, LDAP_OTHER,
828 NULL, "encoding description error", NULL, NULL );
833 for ( i = 0; a->a_vals[i] != NULL; i++ ) {
834 if ( ! access_allowed( be, conn, op, e,
835 desc, a->a_vals[i], ACL_READ ) )
837 Debug( LDAP_DEBUG_ACL,
838 "acl: access to attribute %s, value %d not allowed\n",
844 if (( rc = ber_printf( ber, "O", a->a_vals[i] )) == -1 ) {
845 Debug( LDAP_DEBUG_ANY,
846 "ber_printf failed\n", 0, 0, 0 );
848 send_ldap_result( conn, op, LDAP_OTHER,
849 NULL, "encoding values error", NULL, NULL );
855 if (( rc = ber_printf( ber, /*{[*/ "]}" )) == -1 ) {
856 Debug( LDAP_DEBUG_ANY, "ber_printf failed\n", 0, 0, 0 );
858 send_ldap_result( conn, op, LDAP_OTHER,
859 NULL, "encode end error", NULL, NULL );
866 rc = ber_printf( ber, /*{{{*/ "}}}" );
869 Debug( LDAP_DEBUG_ANY, "ber_printf failed\n", 0, 0, 0 );
871 send_ldap_result( conn, op, LDAP_OTHER,
872 NULL, "encode entry end error", NULL, NULL );
876 bytes = send_ldap_ber( conn, ber );
880 Debug( LDAP_DEBUG_ANY,
881 "send_ldap_response: ber write failed\n",
886 ldap_pvt_thread_mutex_lock( &num_sent_mutex );
887 num_bytes_sent += bytes;
890 ldap_pvt_thread_mutex_unlock( &num_sent_mutex );
892 Statslog( LDAP_DEBUG_STATS2, "conn=%ld op=%ld ENTRY dn=\"%s\"\n",
893 (long) conn->c_connid, (long) op->o_opid, e->e_dn, 0, 0 );
895 Debug( LDAP_DEBUG_TRACE, "<= send_search_entry\n", 0, 0, 0 );
904 send_search_reference(
909 struct berval **refs,
912 struct berval ***v2refs
919 #ifdef SLAPD_SCHEMA_NOT_COMPAT
920 AttributeDescription *ad_ref = slap_schema.si_ad_ref;
921 AttributeDescription *ad_entry = slap_schema.si_ad_entry;
923 static const char *ad_ref = "ref";
924 static const char *ad_entry = "entry";
927 Debug( LDAP_DEBUG_TRACE, "=> send_search_reference (%s)\n", e->e_dn, 0, 0 );
929 if ( ! access_allowed( be, conn, op, e,
930 ad_entry, NULL, ACL_READ ) )
932 Debug( LDAP_DEBUG_ACL,
933 "send_search_reference: access to entry not allowed\n",
938 if ( ! access_allowed( be, conn, op, e,
939 ad_ref, NULL, ACL_READ ) )
941 Debug( LDAP_DEBUG_ACL,
942 "send_search_reference: access to reference not allowed\n",
948 Debug( LDAP_DEBUG_ANY,
949 "send_search_reference: null ref in (%s)\n",
954 if( op->o_protocol < LDAP_VERSION3 ) {
955 /* save the references for the result */
956 if( *refs != NULL ) {
957 value_add( v2refs, refs );
962 ber = ber_alloc_t( LBER_USE_DER );
965 Debug( LDAP_DEBUG_ANY,
966 "send_search_reference: ber_alloc failed\n", 0, 0, 0 );
967 send_ldap_result( conn, op, LDAP_OTHER,
968 NULL, "alloc BER error", NULL, NULL );
972 rc = ber_printf( ber, "{it{V}}", op->o_msgid,
973 LDAP_RES_SEARCH_REFERENCE, refs );
976 Debug( LDAP_DEBUG_ANY,
977 "send_search_reference: ber_printf failed\n", 0, 0, 0 );
979 send_ldap_result( conn, op, LDAP_OTHER,
980 NULL, "encode DN error", NULL, NULL );
984 bytes = send_ldap_ber( conn, ber );
987 ldap_pvt_thread_mutex_lock( &num_sent_mutex );
988 num_bytes_sent += bytes;
991 ldap_pvt_thread_mutex_unlock( &num_sent_mutex );
993 Statslog( LDAP_DEBUG_STATS2, "conn=%ld op=%ld ENTRY dn=\"%s\"\n",
994 (long) conn->c_connid, (long) op->o_opid, e->e_dn, 0, 0 );
996 Debug( LDAP_DEBUG_TRACE, "<= send_search_reference\n", 0, 0, 0 );
1013 *code = LDAP_SUCCESS;
1017 if ( strncasecmp( s, "RESULT", 6 ) != 0 ) {
1018 Debug( LDAP_DEBUG_ANY, "str2result (%s) expecting \"RESULT\"\n",
1025 while ( (s = strchr( s, '\n' )) != NULL ) {
1030 if ( (c = strchr( s, ':' )) != NULL ) {
1034 if ( strncasecmp( s, "code", 4 ) == 0 ) {
1038 } else if ( strncasecmp( s, "matched", 7 ) == 0 ) {
1042 } else if ( strncasecmp( s, "info", 4 ) == 0 ) {
1047 Debug( LDAP_DEBUG_ANY, "str2result (%s) unknown\n",
projects / openldap / blob