1 /* result.c - routines to send ldap results, errors, and referrals */
10 #include <ac/signal.h>
11 #include <ac/string.h>
14 #include <ac/unistd.h>
18 /* we need LBER internals */
19 #include "../../libraries/liblber/lber-int.h"
21 static char *v2ref( struct berval **ref, const char *text )
23 size_t len = 0, i = 0;
29 return ch_strdup(text);
36 if (text[len-1] != '\n')
39 v2 = ch_malloc( len+i+sizeof("Referral:") );
45 strcpy( v2+len, "Referral:" );
46 len += sizeof("Referral:");
48 for( i=0; ref[i] != NULL; i++ ) {
49 v2 = ch_realloc( v2, len + ref[i]->bv_len + 1 );
51 memcpy(&v2[len], ref[i]->bv_val, ref[i]->bv_len );
52 len += ref[i]->bv_len;
53 if (ref[i]->bv_val[ref[i]->bv_len-1] != '/')
61 static ber_tag_t req2res( ber_tag_t tag )
66 case LDAP_REQ_COMPARE:
67 case LDAP_REQ_EXTENDED:
74 tag = LDAP_RES_DELETE;
77 case LDAP_REQ_ABANDON:
83 tag = LDAP_RES_SEARCH_RESULT;
93 static void trim_refs_urls(
94 struct berval **refs )
98 if( refs == NULL ) return;
100 for( i=0; refs[i] != NULL; i++ ) {
101 if( refs[i]->bv_len > sizeof("ldap://")-1 &&
102 strncasecmp( refs[i]->bv_val, "ldap://",
103 sizeof("ldap://")-1 ) == 0 )
106 for( j=sizeof("ldap://")-1; j<refs[i]->bv_len ; j++ ) {
107 if( refs[i]->bv_val[j] == '/' ) {
108 refs[i]->bv_val[j] = '\0';
117 struct berval **get_entry_referrals(
124 struct berval **refs;
127 attr = attr_find( e->e_attrs, "ref" );
129 if( attr == NULL ) return NULL;
131 for( i=0; attr->a_vals[i] != NULL; i++ ) {
132 /* count references */
135 if( i < 1 ) return NULL;
137 refs = ch_malloc( i + 1 );
139 for( i=0, j=0; attr->a_vals[i] != NULL; i++ ) {
141 struct berval *ref = ber_bvdup( attr->a_vals[i] );
144 for( k=0; k<ref->bv_len; k++ ) {
145 if( isspace(ref->bv_val[k]) ) {
146 ref->bv_val[k] = '\0';
152 if( ref->bv_len > 0 ) {
163 ber_bvecfree( refs );
167 /* we should check that a referral value exists... */
172 static long send_ldap_ber(
178 ber_get_option( ber, LBER_OPT_BER_BYTES_TO_WRITE, &bytes );
180 /* write only one pdu at a time - wait til it's our turn */
181 ldap_pvt_thread_mutex_lock( &conn->c_write_mutex );
183 /* lock the connection */
184 ldap_pvt_thread_mutex_lock( &conn->c_mutex );
190 if ( connection_state_closing( conn ) ) {
191 ldap_pvt_thread_mutex_unlock( &conn->c_mutex );
192 ldap_pvt_thread_mutex_unlock( &conn->c_write_mutex );
197 if ( ber_flush( conn->c_sb, ber, 0 ) == 0 ) {
204 * we got an error. if it's ewouldblock, we need to
205 * wait on the socket being writable. otherwise, figure
206 * it's a hard error and return.
209 Debug( LDAP_DEBUG_CONNS, "ber_flush failed errno=%d reason=\"%s\"\n",
210 err, STRERROR(err), 0 );
212 if ( err != EWOULDBLOCK && err != EAGAIN ) {
213 connection_closing( conn );
215 ldap_pvt_thread_mutex_unlock( &conn->c_mutex );
216 ldap_pvt_thread_mutex_unlock( &conn->c_write_mutex );
221 /* wait for socket to be write-ready */
222 conn->c_writewaiter = 1;
223 slapd_set_write( ber_pvt_sb_get_desc( conn->c_sb ), 1 );
225 ldap_pvt_thread_cond_wait( &conn->c_write_cv, &conn->c_mutex );
226 conn->c_writewaiter = 0;
229 ldap_pvt_thread_mutex_unlock( &conn->c_mutex );
230 ldap_pvt_thread_mutex_unlock( &conn->c_write_mutex );
246 struct berval *resdata,
247 struct berval *sasldata,
255 assert( ctrls == NULL ); /* ctrls not implemented */
257 ber = ber_alloc_t( LBER_USE_DER );
259 Debug( LDAP_DEBUG_TRACE, "send_ldap_response: msgid=%ld tag=%ld err=%ld\n",
260 (long) msgid, (long) tag, (long) err );
263 Debug( LDAP_DEBUG_ANY, "ber_alloc failed\n", 0, 0, 0 );
267 #ifdef LDAP_CONNECTIONLESS
269 rc = ber_printf( ber, "{is{t{ess}}}", msgid, "", tag,
270 err, matched ? matched : "", text ? text : "" );
274 rc = ber_printf( ber, "{it{ess",
276 matched == NULL ? "" : matched,
277 text == NULL ? "" : text );
279 if( rc != -1 && ref != NULL ) {
280 rc = ber_printf( ber, "{V}", ref );
283 if( rc != -1 && sasldata != NULL ) {
284 rc = ber_printf( ber, "tO",
285 LDAP_TAG_SASL_RES_CREDS, sasldata );
288 if( rc != -1 && resoid != NULL ) {
289 rc = ber_printf( ber, "ts",
290 LDAP_TAG_EXOP_RES_OID, resoid );
293 if( rc != -1 && resdata != NULL ) {
294 rc = ber_printf( ber, "tO",
295 LDAP_TAG_EXOP_RES_VALUE, resdata );
299 rc = ber_printf( ber, "}}" );
304 Debug( LDAP_DEBUG_ANY, "ber_printf failed\n", 0, 0, 0 );
310 bytes = send_ldap_ber( conn, ber );
314 Debug( LDAP_DEBUG_ANY,
315 "send_ldap_response: ber write failed\n",
320 ldap_pvt_thread_mutex_lock( &num_sent_mutex );
321 num_bytes_sent += bytes;
323 ldap_pvt_thread_mutex_unlock( &num_sent_mutex );
329 send_ldap_disconnect(
340 #define LDAP_UNSOLICITED_ERROR(e) \
341 ( (e) == LDAP_PROTOCOL_ERROR \
342 || (e) == LDAP_STRONG_AUTH_REQUIRED \
343 || (e) == LDAP_UNAVAILABLE )
345 assert( LDAP_UNSOLICITED_ERROR( err ) );
347 Debug( LDAP_DEBUG_TRACE,
348 "send_ldap_disconnect %d:%s\n",
349 err, text ? text : "", NULL );
351 if ( op->o_protocol < LDAP_VERSION3 ) {
353 tag = req2res( op->o_tag );
354 msgid = (tag != LBER_SEQUENCE) ? op->o_msgid : 0;
357 reqoid = LDAP_NOTICE_DISCONNECT;
358 tag = LDAP_RES_EXTENDED;
362 #ifdef LDAP_CONNECTIONLESS
364 ber_pvt_sb_udp_set_dst( conn->c_sb, &op->o_clientaddr );
365 Debug( LDAP_DEBUG_TRACE, "UDP response to %s port %d\n",
366 inet_ntoa(((struct sockaddr_in *)
367 &op->o_clientaddr)->sin_addr ),
368 ((struct sockaddr_in *) &op->o_clientaddr)->sin_port,
373 send_ldap_response( conn, op, tag, msgid,
374 err, NULL, text, NULL,
375 reqoid, NULL, NULL, NULL );
377 Statslog( LDAP_DEBUG_STATS,
378 "conn=%ld op=%ld DISCONNECT err=%ld tag=%lu text=%s\n",
379 (long) op->o_connid, (long) op->o_opid,
380 (long) tag, (long) err, text ? text : "" );
398 assert( !LDAP_API_ERROR( err ) );
400 Debug( LDAP_DEBUG_TRACE, "send_ldap_result: conn=%ld op=%ld p=%d\n",
401 (long) op->o_connid, (long) op->o_opid, op->o_protocol );
402 Debug( LDAP_DEBUG_ARGS, "send_ldap_result: %d:%s:%s\n",
403 err, matched ? matched : "", text ? text : "" );
405 assert( err != LDAP_PARTIAL_RESULTS );
407 if( op->o_tag != LDAP_REQ_SEARCH ) {
408 trim_refs_urls( ref );
411 if ( err == LDAP_REFERRAL ) {
413 err = LDAP_NO_SUCH_OBJECT;
414 } else if ( op->o_protocol < LDAP_VERSION3 ) {
415 err = LDAP_PARTIAL_RESULTS;
419 if ( op->o_protocol < LDAP_VERSION3 ) {
420 tmp = v2ref( ref, text );
425 tag = req2res( op->o_tag );
426 msgid = (tag != LBER_SEQUENCE) ? op->o_msgid : 0;
428 #ifdef LDAP_CONNECTIONLESS
430 ber_pvt_sb_udp_set_dst( conn->c_sb, &op->o_clientaddr );
431 Debug( LDAP_DEBUG_TRACE, "UDP response to %s port %d\n",
432 inet_ntoa(((struct sockaddr_in *)
433 &op->o_clientaddr)->sin_addr ),
434 ((struct sockaddr_in *) &op->o_clientaddr)->sin_port,
439 send_ldap_response( conn, op, tag, msgid,
440 err, matched, text, ref,
441 NULL, NULL, NULL, ctrls );
443 Statslog( LDAP_DEBUG_STATS,
444 "conn=%ld op=%ld RESULT tag=%lu err=%ld text=%s\n",
445 (long) op->o_connid, (long) op->o_opid,
446 (long) tag, (long) err, text ? text : "" );
468 Debug( LDAP_DEBUG_TRACE, "send_ldap_sasl %ld\n",
469 (long) err, NULL, NULL );
471 tag = req2res( op->o_tag );
472 msgid = (tag != LBER_SEQUENCE) ? op->o_msgid : 0;
474 #ifdef LDAP_CONNECTIONLESS
476 ber_pvt_sb_udp_set_dst( conn->c_sb, &op->o_clientaddr );
477 Debug( LDAP_DEBUG_TRACE, "UDP response to %s port %d\n",
478 inet_ntoa(((struct sockaddr_in *)
479 &op->o_clientaddr)->sin_addr ),
480 ((struct sockaddr_in *) &op->o_clientaddr)->sin_port,
485 send_ldap_response( conn, op, tag, msgid,
486 err, matched, text, ref,
487 NULL, NULL, cred, ctrls );
497 struct berval **refs,
499 struct berval *rspdata,
506 Debug( LDAP_DEBUG_TRACE,
507 "send_ldap_extended %ld:%s (%ld)\n",
509 rspoid ? rspoid : "",
510 rspdata != NULL ? (long) rspdata->bv_len : (long) 0 );
512 tag = req2res( op->o_tag );
513 msgid = (tag != LBER_SEQUENCE) ? op->o_msgid : 0;
515 #ifdef LDAP_CONNECTIONLESS
517 ber_pvt_sb_udp_set_dst( conn->c_sb, &op->o_clientaddr );
518 Debug( LDAP_DEBUG_TRACE, "UDP response to %s port %d\n",
519 inet_ntoa(((struct sockaddr_in *)
520 &op->o_clientaddr)->sin_addr ),
521 ((struct sockaddr_in *) &op->o_clientaddr)->sin_port,
526 send_ldap_response( conn, op, tag, msgid,
527 err, matched, text, refs,
528 rspoid, rspdata, NULL, ctrls );
539 struct berval **refs,
547 assert( !LDAP_API_ERROR( err ) );
549 Debug( LDAP_DEBUG_TRACE, "send_ldap_search_result %d:%s:%s\n",
550 err, matched ? matched : "", text ? text : "" );
552 assert( err != LDAP_PARTIAL_RESULTS );
554 trim_refs_urls( refs );
556 if( op->o_protocol < LDAP_VERSION3 ) {
557 /* send references in search results */
558 if( err == LDAP_REFERRAL ) {
559 err = LDAP_PARTIAL_RESULTS;
562 tmp = v2ref( refs, text );
566 /* don't send references in search results */
567 assert( refs == NULL );
570 if( err == LDAP_REFERRAL ) {
575 tag = req2res( op->o_tag );
576 msgid = (tag != LBER_SEQUENCE) ? op->o_msgid : 0;
578 #ifdef LDAP_CONNECTIONLESS
580 ber_pvt_sb_udp_set_dst( conn->c_sb, &op->o_clientaddr );
581 Debug( LDAP_DEBUG_TRACE, "UDP response to %s port %d\n",
582 inet_ntoa(((struct sockaddr_in *)
583 &op->o_clientaddr)->sin_addr ),
584 ((struct sockaddr_in *) &op->o_clientaddr)->sin_port,
589 send_ldap_response( conn, op, tag, msgid,
590 err, matched, text, refs,
591 NULL, NULL, NULL, ctrls );
593 Statslog( LDAP_DEBUG_STATS,
594 "conn=%ld op=%ld SEARCH RESULT tag=%lu err=%ld text=%s\n",
595 (long) op->o_connid, (long) op->o_opid,
596 (long) tag, (long) err, text ? text : "" );
621 Debug( LDAP_DEBUG_TRACE, "=> send_search_entry: \"%s\"\n", e->e_dn, 0, 0 );
623 if ( ! access_allowed( be, conn, op, e,
624 "entry", NULL, ACL_READ ) )
626 Debug( LDAP_DEBUG_ACL, "acl: access to entry not allowed\n",
633 ber = ber_alloc_t( LBER_USE_DER );
636 Debug( LDAP_DEBUG_ANY, "ber_alloc failed\n", 0, 0, 0 );
637 send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR,
638 NULL, "allocating BER error", NULL, NULL );
642 rc = ber_printf( ber, "{it{s{", op->o_msgid,
643 LDAP_RES_SEARCH_ENTRY, e->e_dn );
646 Debug( LDAP_DEBUG_ANY, "ber_printf failed\n", 0, 0, 0 );
648 send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR,
649 NULL, "encoding dn error", NULL, NULL );
653 /* check for special all user attributes ("*") type */
654 userattrs = ( attrs == NULL ) ? 1
655 : charray_inlist( attrs, LDAP_ALL_USER_ATTRIBUTES );
657 /* check for special all operational attributes ("+") type */
658 opattrs = ( attrs == NULL ) ? 0
659 : charray_inlist( attrs, LDAP_ALL_OPERATIONAL_ATTRIBUTES );
661 for ( a = e->e_attrs; a != NULL; a = a->a_next ) {
663 #ifdef SLAPD_SCHEMA_NOT_COMPAT
664 desc = a->a_desc.ad_type->sat_cname;
669 if ( attrs == NULL ) {
670 /* all addrs request, skip operational attributes */
671 if( !opattrs && oc_check_op_attr( desc ) ) {
676 /* specific addrs requested */
677 if ( oc_check_op_attr( desc ) )
679 if( !opattrs && !charray_inlist( attrs, desc ) ) {
683 if (!userattrs && !charray_inlist( attrs, desc ) ) {
689 if ( ! access_allowed( be, conn, op, e, desc, NULL, ACL_READ ) ) {
690 Debug( LDAP_DEBUG_ACL, "acl: access to attribute %s not allowed\n",
695 if (( rc = ber_printf( ber, "{s[" /*]}*/ , desc )) == -1 ) {
696 Debug( LDAP_DEBUG_ANY, "ber_printf failed\n", 0, 0, 0 );
698 send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR,
699 NULL, "encoding type error", NULL, NULL );
704 for ( i = 0; a->a_vals[i] != NULL; i++ ) {
705 if ( ! access_allowed( be, conn, op, e,
706 desc, a->a_vals[i], ACL_READ ) )
708 Debug( LDAP_DEBUG_ACL,
709 "acl: access to attribute %s, value %d not allowed\n",
714 if (( rc = ber_printf( ber, "O", a->a_vals[i] )) == -1 ) {
715 Debug( LDAP_DEBUG_ANY,
716 "ber_printf failed\n", 0, 0, 0 );
718 send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR,
719 NULL, "encoding value error", NULL, NULL );
725 if (( rc = ber_printf( ber, /*{[*/ "]}" )) == -1 ) {
726 Debug( LDAP_DEBUG_ANY, "ber_printf failed\n", 0, 0, 0 );
728 send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR,
729 NULL, "encode end error", NULL, NULL );
734 /* eventually will loop through generated operational attributes */
735 /* only have subschemaSubentry implemented */
736 aa = backend_operational( be, e );
738 for (a = aa ; a == NULL; a = a->a_next ) {
740 #ifdef SLAPD_SCHEMA_NOT_COMPAT
741 desc = a->a_desc.ad_type->sat_cname;
746 if ( attrs == NULL ) {
747 /* all addrs request, skip operational attributes */
748 if( !opattrs && oc_check_op_attr( desc ) ) {
753 /* specific addrs requested */
754 if ( oc_check_op_attr( desc ) ) {
755 if( !opattrs && !charray_inlist( attrs, desc ) )
760 if (!userattrs && !charray_inlist( attrs, desc ) )
767 if ( ! access_allowed( be, conn, op, e, desc, NULL, ACL_READ ) ) {
768 Debug( LDAP_DEBUG_ACL, "acl: access to attribute %s not allowed\n",
773 if (( rc = ber_printf( ber, "{s[" /*]}*/ , desc )) == -1 ) {
774 Debug( LDAP_DEBUG_ANY, "ber_printf failed\n", 0, 0, 0 );
776 send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR,
777 NULL, "encoding type error", NULL, NULL );
782 for ( i = 0; a->a_vals[i] != NULL; i++ ) {
783 if ( ! access_allowed( be, conn, op, e,
784 desc, a->a_vals[i], ACL_READ ) )
786 Debug( LDAP_DEBUG_ACL,
787 "acl: access to attribute %s, value %d not allowed\n",
793 if (( rc = ber_printf( ber, "O", a->a_vals[i] )) == -1 ) {
794 Debug( LDAP_DEBUG_ANY,
795 "ber_printf failed\n", 0, 0, 0 );
797 send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR,
798 NULL, "encoding value error", NULL, NULL );
804 if (( rc = ber_printf( ber, /*{[*/ "]}" )) == -1 ) {
805 Debug( LDAP_DEBUG_ANY, "ber_printf failed\n", 0, 0, 0 );
807 send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR,
808 NULL, "encode end error", NULL, NULL );
815 rc = ber_printf( ber, /*{{{*/ "}}}" );
818 Debug( LDAP_DEBUG_ANY, "ber_printf failed\n", 0, 0, 0 );
820 send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR,
821 NULL, "encode entry end error", NULL, NULL );
825 bytes = send_ldap_ber( conn, ber );
829 Debug( LDAP_DEBUG_ANY,
830 "send_ldap_response: ber write failed\n",
835 ldap_pvt_thread_mutex_lock( &num_sent_mutex );
836 num_bytes_sent += bytes;
839 ldap_pvt_thread_mutex_unlock( &num_sent_mutex );
841 Statslog( LDAP_DEBUG_STATS2, "conn=%ld op=%ld ENTRY dn=\"%s\"\n",
842 (long) conn->c_connid, (long) op->o_opid, e->e_dn, 0, 0 );
844 Debug( LDAP_DEBUG_TRACE, "<= send_search_entry\n", 0, 0, 0 );
853 send_search_reference(
858 struct berval **refs,
861 struct berval ***v2refs
868 Debug( LDAP_DEBUG_TRACE, "=> send_search_reference (%s)\n", e->e_dn, 0, 0 );
870 if ( ! access_allowed( be, conn, op, e,
871 "entry", NULL, ACL_READ ) )
873 Debug( LDAP_DEBUG_ACL,
874 "send_search_reference: access to entry not allowed\n",
879 if ( ! access_allowed( be, conn, op, e,
880 "ref", NULL, ACL_READ ) )
882 Debug( LDAP_DEBUG_ACL,
883 "send_search_reference: access to reference not allowed\n",
889 Debug( LDAP_DEBUG_ANY,
890 "send_search_reference: null ref in (%s)\n",
895 if( op->o_protocol < LDAP_VERSION3 ) {
896 /* save the references for the result */
897 if( *refs != NULL ) {
898 value_add( v2refs, refs );
903 ber = ber_alloc_t( LBER_USE_DER );
906 Debug( LDAP_DEBUG_ANY,
907 "send_search_reference: ber_alloc failed\n", 0, 0, 0 );
908 send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR,
909 NULL, "alloc BER error", NULL, NULL );
913 rc = ber_printf( ber, "{it{V}}", op->o_msgid,
914 LDAP_RES_SEARCH_REFERENCE, refs );
917 Debug( LDAP_DEBUG_ANY,
918 "send_search_reference: ber_printf failed\n", 0, 0, 0 );
920 send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR,
921 NULL, "encode dn error", NULL, NULL );
925 bytes = send_ldap_ber( conn, ber );
928 ldap_pvt_thread_mutex_lock( &num_sent_mutex );
929 num_bytes_sent += bytes;
932 ldap_pvt_thread_mutex_unlock( &num_sent_mutex );
934 Statslog( LDAP_DEBUG_STATS2, "conn=%ld op=%ld ENTRY dn=\"%s\"\n",
935 (long) conn->c_connid, (long) op->o_opid, e->e_dn, 0, 0 );
937 Debug( LDAP_DEBUG_TRACE, "<= send_search_reference\n", 0, 0, 0 );
954 *code = LDAP_SUCCESS;
958 if ( strncasecmp( s, "RESULT", 6 ) != 0 ) {
959 Debug( LDAP_DEBUG_ANY, "str2result (%s) expecting \"RESULT\"\n",
966 while ( (s = strchr( s, '\n' )) != NULL ) {
971 if ( (c = strchr( s, ':' )) != NULL ) {
975 if ( strncasecmp( s, "code", 4 ) == 0 ) {
979 } else if ( strncasecmp( s, "matched", 7 ) == 0 ) {
983 } else if ( strncasecmp( s, "info", 4 ) == 0 ) {
988 Debug( LDAP_DEBUG_ANY, "str2result (%s) unknown\n",