1 /* result.c - routines to send ldap results, errors, and referrals */
3 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
5 * Copyright 1998-2005 The OpenLDAP Foundation.
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted only as authorized by the OpenLDAP
12 * A copy of this license is available in the file LICENSE in the
13 * top-level directory of the distribution or, alternatively, at
14 * <http://www.OpenLDAP.org/license.html>.
16 /* Portions Copyright (c) 1995 Regents of the University of Michigan.
17 * All rights reserved.
19 * Redistribution and use in source and binary forms are permitted
20 * provided that this notice is preserved and that due credit is given
21 * to the University of Michigan at Ann Arbor. The name of the University
22 * may not be used to endorse or promote products derived from this
23 * software without specific prior written permission. This software
24 * is provided ``as is'' without express or implied warranty.
31 #include <ac/socket.h>
33 #include <ac/string.h>
36 #include <ac/unistd.h>
41 #include "slapi/slapi.h"
43 static int call_pre_result_plugins( Operation *, SlapReply * );
44 static int call_pre_referral_plugins( Operation *, SlapReply * );
45 static int call_pre_entry_plugins( Operation *, SlapReply *, int * );
46 #endif /* LDAP_SLAPI */
48 const struct berval slap_dummy_bv = BER_BVNULL;
50 int slap_null_cb( Operation *op, SlapReply *rs )
55 int slap_freeself_cb( Operation *op, SlapReply *rs )
57 assert( op->o_callback != NULL );
59 op->o_tmpfree( op->o_callback, op->o_tmpmemctx );
60 op->o_callback = NULL;
62 return SLAP_CB_CONTINUE;
65 int slap_replog_cb( Operation *op, SlapReply *rs )
67 if ( rs->sr_err == LDAP_SUCCESS ) {
70 return SLAP_CB_CONTINUE;
73 static char *v2ref( BerVarray ref, const char *text )
75 size_t len = 0, i = 0;
80 return ch_strdup(text);
88 if (text[len-1] != '\n') {
93 v2 = SLAP_MALLOC( len+i+sizeof("Referral:") );
95 Debug( LDAP_DEBUG_ANY, "v2ref: SLAP_MALLOC failed", 0, 0, 0 );
105 strcpy( v2+len, "Referral:" );
106 len += sizeof("Referral:");
108 for( i=0; ref[i].bv_val != NULL; i++ ) {
109 v2 = SLAP_REALLOC( v2, len + ref[i].bv_len + 1 );
111 Debug( LDAP_DEBUG_ANY, "v2ref: SLAP_MALLOC failed", 0, 0, 0 );
115 AC_MEMCPY(&v2[len], ref[i].bv_val, ref[i].bv_len );
116 len += ref[i].bv_len;
117 if (ref[i].bv_val[ref[i].bv_len-1] != '/') {
126 static ber_tag_t req2res( ber_tag_t tag )
131 case LDAP_REQ_COMPARE:
132 case LDAP_REQ_EXTENDED:
133 case LDAP_REQ_MODIFY:
134 case LDAP_REQ_MODRDN:
138 case LDAP_REQ_DELETE:
139 tag = LDAP_RES_DELETE;
142 case LDAP_REQ_ABANDON:
143 case LDAP_REQ_UNBIND:
147 case LDAP_REQ_SEARCH:
148 tag = LDAP_RES_SEARCH_RESULT;
158 static long send_ldap_ber(
164 ber_get_option( ber, LBER_OPT_BER_BYTES_TO_WRITE, &bytes );
166 /* write only one pdu at a time - wait til it's our turn */
167 ldap_pvt_thread_mutex_lock( &conn->c_write_mutex );
169 /* lock the connection */
170 ldap_pvt_thread_mutex_lock( &conn->c_mutex );
177 if ( connection_state_closing( conn ) ) {
178 ldap_pvt_thread_mutex_unlock( &conn->c_mutex );
179 ldap_pvt_thread_mutex_unlock( &conn->c_write_mutex );
184 if ( ber_flush( conn->c_sb, ber, 0 ) == 0 ) {
191 * we got an error. if it's ewouldblock, we need to
192 * wait on the socket being writable. otherwise, figure
193 * it's a hard error and return.
196 Debug( LDAP_DEBUG_CONNS, "ber_flush failed errno=%d reason=\"%s\"\n",
197 err, sock_errstr(err), 0 );
199 if ( err != EWOULDBLOCK && err != EAGAIN ) {
200 connection_closing( conn );
202 ldap_pvt_thread_mutex_unlock( &conn->c_mutex );
203 ldap_pvt_thread_mutex_unlock( &conn->c_write_mutex );
208 /* wait for socket to be write-ready */
209 conn->c_writewaiter = 1;
210 ber_sockbuf_ctrl( conn->c_sb, LBER_SB_OPT_GET_FD, &sd );
211 slapd_set_write( sd, 1 );
213 ldap_pvt_thread_cond_wait( &conn->c_write_cv, &conn->c_mutex );
214 conn->c_writewaiter = 0;
217 ldap_pvt_thread_mutex_unlock( &conn->c_mutex );
218 ldap_pvt_thread_mutex_unlock( &conn->c_write_mutex );
224 send_ldap_control( BerElement *ber, LDAPControl *c )
230 rc = ber_printf( ber, "{s" /*}*/, c->ldctl_oid );
232 if( c->ldctl_iscritical ) {
233 rc = ber_printf( ber, "b",
234 (ber_int_t) c->ldctl_iscritical ) ;
235 if( rc == -1 ) return rc;
238 if( c->ldctl_value.bv_val != NULL ) {
239 rc = ber_printf( ber, "O", &c->ldctl_value );
240 if( rc == -1 ) return rc;
243 rc = ber_printf( ber, /*{*/"N}" );
244 if( rc == -1 ) return rc;
250 send_ldap_controls( Operation *o, BerElement *ber, LDAPControl **c )
254 LDAPControl **sctrls = NULL;
257 * Retrieve any additional controls that may be set by the
262 slapi_pblock_get( o->o_pb, SLAPI_RESCONTROLS, &sctrls ) != 0 )
267 if ( c == NULL && sctrls == NULL ) return 0;
269 if( c == NULL ) return 0;
270 #endif /* LDAP_SLAPI */
272 rc = ber_printf( ber, "t{"/*}*/, LDAP_TAG_CONTROLS );
273 if( rc == -1 ) return rc;
277 #endif /* LDAP_SLAPI */
279 for( ; *c != NULL; c++) {
280 rc = send_ldap_control( ber, *c );
281 if( rc == -1 ) return rc;
286 /* this is a hack to avoid having to modify op->s_ctrls */
287 if( o->o_sortedresults ) {
288 BerElementBuffer berbuf;
289 BerElement *sber = (BerElement *) &berbuf;
291 BER_BVZERO( &sorted.ldctl_value );
292 sorted.ldctl_oid = LDAP_CONTROL_SORTRESPONSE;
293 sorted.ldctl_iscritical = 0;
295 ber_init2( sber, NULL, LBER_USE_DER );
297 ber_printf( sber, "{i}", LDAP_UNWILLING_TO_PERFORM );
299 if( ber_flatten2( ber, &sorted.ldctl_value, 0 ) == -1 ) {
303 (void) ber_free_buf( ber );
305 rc = send_ldap_control( ber, &sorted );
306 if( rc == -1 ) return rc;
311 if ( sctrls != NULL ) {
312 for ( c = sctrls; *c != NULL; c++ ) {
313 rc = send_ldap_control( ber, *c );
314 if( rc == -1 ) return rc;
317 #endif /* LDAP_SLAPI */
319 rc = ber_printf( ber, /*{*/"N}" );
329 BerElementBuffer berbuf;
330 BerElement *ber = (BerElement *) &berbuf;
331 int rc = LDAP_SUCCESS;
334 if ( rs->sr_err == SLAPD_ABANDON ) {
339 if ( op->o_callback ) {
341 slap_callback *sc = op->o_callback,
342 *sc_next = op->o_callback;
344 rc = SLAP_CB_CONTINUE;
345 for ( sc_next = op->o_callback; sc_next; op->o_callback = sc_next) {
346 sc_next = op->o_callback->sc_next;
347 if ( op->o_callback->sc_response ) {
348 rc = op->o_callback->sc_response( op, rs );
349 if ( first && op->o_callback == NULL ) {
352 if ( rc != SLAP_CB_CONTINUE ) break;
358 if ( rc != SLAP_CB_CONTINUE ) goto clean2;
361 #ifdef LDAP_CONNECTIONLESS
362 if (op->o_conn && op->o_conn->c_is_udp)
367 ber_init_w_nullc( ber, LBER_USE_DER );
368 ber_set_option( ber, LBER_OPT_BER_MEMCTX, &op->o_tmpmemctx );
371 Debug( LDAP_DEBUG_TRACE,
372 "send_ldap_response: msgid=%d tag=%lu err=%d\n",
373 rs->sr_msgid, rs->sr_tag, rs->sr_err );
376 Debug( LDAP_DEBUG_ARGS, "send_ldap_response: ref=\"%s\"\n",
377 rs->sr_ref[0].bv_val ? rs->sr_ref[0].bv_val : "NULL",
381 #ifdef LDAP_CONNECTIONLESS
382 if (op->o_conn && op->o_conn->c_is_udp &&
383 op->o_protocol == LDAP_VERSION2 )
385 rc = ber_printf( ber, "t{ess" /*"}"*/,
386 rs->sr_tag, rs->sr_err,
387 rs->sr_matched == NULL ? "" : rs->sr_matched,
388 rs->sr_text == NULL ? "" : rs->sr_text );
391 if ( rs->sr_type == REP_INTERMEDIATE ) {
392 rc = ber_printf( ber, "{it{" /*"}}"*/,
393 rs->sr_msgid, rs->sr_tag );
396 rc = ber_printf( ber, "{it{ess" /*"}}"*/,
397 rs->sr_msgid, rs->sr_tag, rs->sr_err,
398 rs->sr_matched == NULL ? "" : rs->sr_matched,
399 rs->sr_text == NULL ? "" : rs->sr_text );
403 if ( rs->sr_ref != NULL ) {
404 assert( rs->sr_err == LDAP_REFERRAL );
405 rc = ber_printf( ber, "t{W}",
406 LDAP_TAG_REFERRAL, rs->sr_ref );
408 assert( rs->sr_err != LDAP_REFERRAL );
412 if( rc != -1 && rs->sr_type == REP_SASL && rs->sr_sasldata != NULL ) {
413 rc = ber_printf( ber, "tO",
414 LDAP_TAG_SASL_RES_CREDS, rs->sr_sasldata );
418 ( rs->sr_type == REP_EXTENDED || rs->sr_type == REP_INTERMEDIATE ))
420 if ( rs->sr_rspoid != NULL ) {
421 rc = ber_printf( ber, "ts",
422 rs->sr_type == REP_EXTENDED
423 ? LDAP_TAG_EXOP_RES_OID : LDAP_TAG_IM_RES_OID,
426 if( rc != -1 && rs->sr_rspdata != NULL ) {
427 rc = ber_printf( ber, "tO",
428 rs->sr_type == REP_EXTENDED
429 ? LDAP_TAG_EXOP_RES_VALUE : LDAP_TAG_IM_RES_VALUE,
435 rc = ber_printf( ber, /*"{"*/ "N}" );
439 rc = send_ldap_controls( op, ber, rs->sr_ctrls );
443 rc = ber_printf( ber, /*"{"*/ "N}" );
446 #ifdef LDAP_CONNECTIONLESS
447 if( op->o_conn && op->o_conn->c_is_udp && op->o_protocol == LDAP_VERSION2
450 rc = ber_printf( ber, /*"{"*/ "N}" );
455 Debug( LDAP_DEBUG_ANY, "ber_printf failed\n", 0, 0, 0 );
457 #ifdef LDAP_CONNECTIONLESS
458 if (!op->o_conn || op->o_conn->c_is_udp == 0)
467 bytes = send_ldap_ber( op->o_conn, ber );
468 #ifdef LDAP_CONNECTIONLESS
469 if (!op->o_conn || op->o_conn->c_is_udp == 0)
476 Debug( LDAP_DEBUG_ANY,
477 "send_ldap_response: ber write failed\n",
485 slapi_pblock_set( op->o_pb, SLAPI_RESULT_CODE, (void *)rs->sr_err );
486 slapi_pblock_set( op->o_pb, SLAPI_RESULT_MATCHED,
487 (void *)rs->sr_matched );
488 slapi_pblock_set( op->o_pb, SLAPI_RESULT_TEXT, (void *)rs->sr_text );
490 #endif /* LDAP_SLAPI */
492 ldap_pvt_thread_mutex_lock( &slap_counters.sc_sent_mutex );
493 ldap_pvt_mp_add_ulong( slap_counters.sc_pdu, 1 );
494 ldap_pvt_mp_add_ulong( slap_counters.sc_bytes, (unsigned long)bytes );
495 ldap_pvt_thread_mutex_unlock( &slap_counters.sc_sent_mutex );
498 /* Tell caller that we did this for real, as opposed to being
499 * overridden by a callback
501 rc = SLAP_CB_CONTINUE;
504 if ( op->o_callback ) {
506 slap_callback *sc = op->o_callback, *sc_next;
508 for ( sc_next = op->o_callback; sc_next; op->o_callback = sc_next) {
509 sc_next = op->o_callback->sc_next;
510 if ( op->o_callback->sc_cleanup ) {
511 (void)op->o_callback->sc_cleanup( op, rs );
512 if ( first && op->o_callback != sc ) {
522 if ( rs->sr_matched && rs->sr_flags & REP_MATCHED_MUSTBEFREED ) {
523 free( (char *)rs->sr_matched );
524 rs->sr_matched = NULL;
527 if ( rs->sr_ref && rs->sr_flags & REP_REF_MUSTBEFREED ) {
528 ber_bvarray_free( rs->sr_ref );
537 send_ldap_disconnect( Operation *op, SlapReply *rs )
539 #define LDAP_UNSOLICITED_ERROR(e) \
540 ( (e) == LDAP_PROTOCOL_ERROR \
541 || (e) == LDAP_STRONG_AUTH_REQUIRED \
542 || (e) == LDAP_UNAVAILABLE )
544 assert( LDAP_UNSOLICITED_ERROR( rs->sr_err ) );
546 rs->sr_type = REP_EXTENDED;
548 Debug( LDAP_DEBUG_TRACE,
549 "send_ldap_disconnect %d:%s\n",
550 rs->sr_err, rs->sr_text ? rs->sr_text : "", NULL );
552 if ( op->o_protocol < LDAP_VERSION3 ) {
553 rs->sr_rspoid = NULL;
554 rs->sr_tag = req2res( op->o_tag );
555 rs->sr_msgid = (rs->sr_tag != LBER_SEQUENCE) ? op->o_msgid : 0;
558 rs->sr_rspoid = LDAP_NOTICE_DISCONNECT;
559 rs->sr_tag = LDAP_RES_EXTENDED;
563 if ( send_ldap_response( op, rs ) == SLAP_CB_CONTINUE ) {
564 Statslog( LDAP_DEBUG_STATS,
565 "%s DISCONNECT tag=%lu err=%d text=%s\n",
566 op->o_log_prefix, rs->sr_tag, rs->sr_err,
567 rs->sr_text ? rs->sr_text : "", 0 );
572 slap_send_ldap_result( Operation *op, SlapReply *rs )
575 const char *otext = rs->sr_text;
576 BerVarray oref = rs->sr_ref;
578 rs->sr_type = REP_RESULT;
580 /* Propagate Abandons so that cleanup callbacks can be processed */
581 if ( rs->sr_err == SLAPD_ABANDON )
584 assert( !LDAP_API_ERROR( rs->sr_err ) );
586 Debug( LDAP_DEBUG_TRACE,
587 "send_ldap_result: %s p=%d\n",
588 op->o_log_prefix, op->o_protocol, 0 );
590 Debug( LDAP_DEBUG_ARGS,
591 "send_ldap_result: err=%d matched=\"%s\" text=\"%s\"\n",
592 rs->sr_err, rs->sr_matched ? rs->sr_matched : "",
593 rs->sr_text ? rs->sr_text : "" );
597 Debug( LDAP_DEBUG_ARGS,
598 "send_ldap_result: referral=\"%s\"\n",
599 rs->sr_ref[0].bv_val ? rs->sr_ref[0].bv_val : "NULL",
603 assert( rs->sr_err != LDAP_PARTIAL_RESULTS );
605 if ( rs->sr_err == LDAP_REFERRAL ) {
606 #ifdef LDAP_CONTROL_X_DOMAIN_SCOPE
607 if( op->o_domain_scope ) {
611 if( rs->sr_ref == NULL ) {
612 rs->sr_err = LDAP_NO_SUCH_OBJECT;
613 } else if ( op->o_protocol < LDAP_VERSION3 ) {
614 rs->sr_err = LDAP_PARTIAL_RESULTS;
619 (void) call_pre_result_plugins( op, rs );
620 #endif /* LDAP_SLAPI */
622 if ( op->o_protocol < LDAP_VERSION3 ) {
623 tmp = v2ref( rs->sr_ref, rs->sr_text );
628 rs->sr_tag = req2res( op->o_tag );
629 rs->sr_msgid = (rs->sr_tag != LBER_SEQUENCE) ? op->o_msgid : 0;
632 if ( send_ldap_response( op, rs ) == SLAP_CB_CONTINUE ) {
633 if ( op->o_tag == LDAP_REQ_SEARCH ) {
635 snprintf( nbuf, sizeof nbuf, "%d nentries=%d",
636 rs->sr_err, rs->sr_nentries );
638 Statslog( LDAP_DEBUG_STATS,
639 "%s SEARCH RESULT tag=%lu err=%s text=%s\n",
640 op->o_log_prefix, rs->sr_tag, nbuf,
641 rs->sr_text ? rs->sr_text : "", 0 );
643 Statslog( LDAP_DEBUG_STATS,
644 "%s RESULT tag=%lu err=%d text=%s\n",
645 op->o_log_prefix, rs->sr_tag, rs->sr_err,
646 rs->sr_text ? rs->sr_text : "", 0 );
650 if( tmp != NULL ) ch_free(tmp);
656 send_ldap_sasl( Operation *op, SlapReply *rs )
658 rs->sr_type = REP_SASL;
659 Debug( LDAP_DEBUG_TRACE, "send_ldap_sasl: err=%d len=%ld\n",
661 rs->sr_sasldata ? (long) rs->sr_sasldata->bv_len : -1, NULL );
663 rs->sr_tag = req2res( op->o_tag );
664 rs->sr_msgid = (rs->sr_tag != LBER_SEQUENCE) ? op->o_msgid : 0;
666 send_ldap_response( op, rs );
670 slap_send_ldap_extended( Operation *op, SlapReply *rs )
672 rs->sr_type = REP_EXTENDED;
674 Debug( LDAP_DEBUG_TRACE,
675 "send_ldap_extended: err=%d oid=%s len=%ld\n",
677 rs->sr_rspoid ? rs->sr_rspoid : "",
678 rs->sr_rspdata != NULL ? rs->sr_rspdata->bv_len : 0 );
680 rs->sr_tag = req2res( op->o_tag );
681 rs->sr_msgid = (rs->sr_tag != LBER_SEQUENCE) ? op->o_msgid : 0;
683 send_ldap_response( op, rs );
687 slap_send_ldap_intermediate( Operation *op, SlapReply *rs )
689 rs->sr_type = REP_INTERMEDIATE;
690 Debug( LDAP_DEBUG_TRACE,
691 "send_ldap_intermediate: err=%d oid=%s len=%ld\n",
693 rs->sr_rspoid ? rs->sr_rspoid : "",
694 rs->sr_rspdata != NULL ? rs->sr_rspdata->bv_len : 0 );
695 rs->sr_tag = LDAP_RES_INTERMEDIATE;
696 rs->sr_msgid = op->o_msgid;
697 send_ldap_response( op, rs );
701 slap_send_search_entry( Operation *op, SlapReply *rs )
703 BerElementBuffer berbuf;
704 BerElement *ber = (BerElement *) &berbuf;
706 int i, j, rc=-1, bytes;
709 AccessControlState acl_state = ACL_STATE_INIT;
711 /* Support for computed attribute plugins */
712 computed_attr_context ctx;
716 AttributeDescription *ad_entry = slap_schema.si_ad_entry;
718 /* a_flags: array of flags telling if the i-th element will be
719 * returned or filtered out
720 * e_flags: array of a_flags
722 char **e_flags = NULL;
724 rs->sr_type = REP_SEARCH;
726 /* eventually will loop through generated operational attribute types
727 * currently implemented types include:
728 * entryDN, subschemaSubentry, and hasSubordinates */
729 /* NOTE: moved before overlays callback circling because
730 * they may modify entry and other stuff in rs */
731 /* check for special all operational attributes ("+") type */
732 /* FIXME: maybe we could se this flag at the operation level;
733 * however, in principle the caller of send_search_entry() may
734 * change the attribute list at each call */
735 rs->sr_attr_flags = slap_attr_flags( rs->sr_attrs );
737 rc = backend_operational( op, rs );
742 if ( op->o_callback ) {
744 slap_callback *sc = op->o_callback,
745 *sc_next = op->o_callback;
747 rc = SLAP_CB_CONTINUE;
748 for ( sc_next = op->o_callback; sc_next; op->o_callback = sc_next) {
749 sc_next = op->o_callback->sc_next;
750 if ( op->o_callback->sc_response ) {
751 rc = op->o_callback->sc_response( op, rs );
752 if ( first && op->o_callback == NULL ) {
755 if ( rc != SLAP_CB_CONTINUE ) break;
761 if ( rc != SLAP_CB_CONTINUE ) goto error_return;
764 Debug( LDAP_DEBUG_TRACE, "=> send_search_entry: conn %lu dn=\"%s\"%s\n",
765 op->o_connid, rs->sr_entry->e_name.bv_val,
766 op->ors_attrsonly ? " (attrsOnly)" : "" );
768 attrsonly = op->ors_attrsonly;
771 rc = call_pre_entry_plugins( op, rs, &attrsonly );
775 #endif /* LDAP_SLAPI */
777 if ( !access_allowed( op, rs->sr_entry, ad_entry, NULL, ACL_READ, NULL )) {
778 Debug( LDAP_DEBUG_ACL,
779 "send_search_entry: conn %lu access to entry (%s) not allowed\n",
780 op->o_connid, rs->sr_entry->e_name.bv_val, 0 );
786 edn = rs->sr_entry->e_nname.bv_val;
788 if ( op->o_res_ber ) {
789 /* read back control or LDAP_CONNECTIONLESS */
794 bv.bv_len = entry_flatsize( rs->sr_entry, 0 );
795 bv.bv_val = op->o_tmpalloc(bv.bv_len, op->o_tmpmemctx );
797 ber_init2( ber, &bv, LBER_USE_DER );
798 ber_set_option( ber, LBER_OPT_BER_MEMCTX, &op->o_tmpmemctx );
801 #ifdef LDAP_CONNECTIONLESS
802 if ( op->o_conn && op->o_conn->c_is_udp ) {
804 if ( op->o_protocol == LDAP_VERSION2 ) {
805 rc = ber_printf(ber, "t{O{" /*}}*/,
806 LDAP_RES_SEARCH_ENTRY, &rs->sr_entry->e_name );
808 rc = ber_printf( ber, "{it{O{" /*}}}*/, op->o_msgid,
809 LDAP_RES_SEARCH_ENTRY, &rs->sr_entry->e_name );
813 if ( op->o_res_ber ) {
814 /* read back control */
815 rc = ber_printf( ber, "{O{" /*}}*/, &rs->sr_entry->e_name );
817 rc = ber_printf( ber, "{it{O{" /*}}}*/, op->o_msgid,
818 LDAP_RES_SEARCH_ENTRY, &rs->sr_entry->e_name );
822 Debug( LDAP_DEBUG_ANY,
823 "send_search_entry: conn %lu ber_printf failed\n",
824 op->o_connid, 0, 0 );
826 if ( op->o_res_ber == NULL ) ber_free_buf( ber );
827 send_ldap_error( op, rs, LDAP_OTHER, "encoding DN error" );
831 /* check for special all user attributes ("*") type */
832 userattrs = SLAP_USERATTRS( rs->sr_attr_flags );
834 /* create an array of arrays of flags. Each flag corresponds
835 * to particular value of attribute and equals 1 if value matches
836 * to ValuesReturnFilter or 0 if not
838 if ( op->o_vrFilter != NULL ) {
842 for ( a = rs->sr_entry->e_attrs, i=0; a != NULL; a = a->a_next, i++ ) {
843 for ( j = 0; a->a_vals[j].bv_val != NULL; j++ ) k++;
846 size = i * sizeof(char *) + k;
849 e_flags = slap_sl_calloc ( 1, i * sizeof(char *) + k, op->o_tmpmemctx );
850 if( e_flags == NULL ) {
851 Debug( LDAP_DEBUG_ANY,
852 "send_search_entry: conn %lu slap_sl_calloc failed\n",
853 op->o_connid ? op->o_connid : 0, 0, 0 );
856 send_ldap_error( op, rs, LDAP_OTHER, "out of memory" );
859 a_flags = (char *)(e_flags + i);
860 memset( a_flags, 0, k );
861 for ( a=rs->sr_entry->e_attrs, i=0; a != NULL; a=a->a_next, i++ ) {
862 for ( j = 0; a->a_vals[j].bv_val != NULL; j++ );
863 e_flags[i] = a_flags;
867 rc = filter_matched_values(op, rs->sr_entry->e_attrs, &e_flags) ;
869 Debug( LDAP_DEBUG_ANY, "send_search_entry: "
870 "conn %lu matched values filtering failed\n",
871 op->o_connid ? op->o_connid : 0, 0, 0 );
872 if ( op->o_res_ber == NULL ) ber_free_buf( ber );
873 send_ldap_error( op, rs, LDAP_OTHER,
874 "matched values filtering error" );
880 for ( a = rs->sr_entry->e_attrs, j = 0; a != NULL; a = a->a_next, j++ ) {
881 AttributeDescription *desc = a->a_desc;
884 if ( rs->sr_attrs == NULL ) {
885 /* all attrs request, skip operational attributes */
886 if( is_at_operational( desc->ad_type ) ) {
891 /* specific attrs requested */
892 if ( is_at_operational( desc->ad_type ) ) {
893 if ( !SLAP_OPATTRS( rs->sr_attr_flags ) &&
894 !ad_inlist( desc, rs->sr_attrs ) )
900 if ( !userattrs && !ad_inlist( desc, rs->sr_attrs ) )
908 if ( ! access_allowed( op, rs->sr_entry, desc, NULL,
909 ACL_READ, &acl_state ) )
911 Debug( LDAP_DEBUG_ACL, "send_search_entry: "
912 "conn %lu access to attribute %s not allowed\n",
913 op->o_connid, desc->ad_cname.bv_val, 0 );
917 if (( rc = ber_printf( ber, "{O[" /*]}*/ , &desc->ad_cname )) == -1 ) {
918 Debug( LDAP_DEBUG_ANY,
919 "send_search_entry: conn %lu ber_printf failed\n",
920 op->o_connid, 0, 0 );
922 if ( op->o_res_ber == NULL ) ber_free_buf( ber );
923 send_ldap_error( op, rs, LDAP_OTHER,
924 "encoding description error");
931 for ( i = 0; a->a_nvals[i].bv_val != NULL; i++ ) {
932 if ( ! access_allowed( op, rs->sr_entry,
933 desc, &a->a_nvals[i], ACL_READ, &acl_state ) )
935 Debug( LDAP_DEBUG_ACL,
936 "send_search_entry: conn %lu "
937 "access to attribute %s, value #%d not allowed\n",
938 op->o_connid, desc->ad_cname.bv_val, i );
943 if ( op->o_vrFilter && e_flags[j][i] == 0 ){
950 if (( rc = ber_printf( ber, "{O[" /*]}*/ , &desc->ad_cname )) == -1 ) {
951 Debug( LDAP_DEBUG_ANY,
952 "send_search_entry: conn %lu ber_printf failed\n",
953 op->o_connid, 0, 0 );
955 if ( op->o_res_ber == NULL ) ber_free_buf( ber );
956 send_ldap_error( op, rs, LDAP_OTHER,
957 "encoding description error");
961 if (( rc = ber_printf( ber, "O", &a->a_vals[i] )) == -1 ) {
962 Debug( LDAP_DEBUG_ANY,
963 "send_search_entry: conn %lu "
964 "ber_printf failed.\n", op->o_connid, 0, 0 );
966 if ( op->o_res_ber == NULL ) ber_free_buf( ber );
967 send_ldap_error( op, rs, LDAP_OTHER,
968 "encoding values error" );
974 if ( finish && ( rc = ber_printf( ber, /*{[*/ "]N}" )) == -1 ) {
975 Debug( LDAP_DEBUG_ANY,
976 "send_search_entry: conn %lu ber_printf failed\n",
977 op->o_connid, 0, 0 );
979 if ( op->o_res_ber == NULL ) ber_free_buf( ber );
980 send_ldap_error( op, rs, LDAP_OTHER, "encode end error" );
985 /* NOTE: moved before overlays callback circling because
986 * they may modify entry and other stuff in rs */
987 if ( rs->sr_operational_attrs != NULL && op->o_vrFilter != NULL ) {
991 for ( a = rs->sr_operational_attrs, i=0; a != NULL; a = a->a_next, i++ ) {
992 for ( j = 0; a->a_vals[j].bv_val != NULL; j++ ) k++;
995 size = i * sizeof(char *) + k;
997 char *a_flags, **tmp;
1000 * Reuse previous memory - we likely need less space
1001 * for operational attributes
1003 tmp = slap_sl_realloc( e_flags, i * sizeof(char *) + k,
1005 if ( tmp == NULL ) {
1006 Debug( LDAP_DEBUG_ANY,
1007 "send_search_entry: conn %lu "
1008 "not enough memory "
1009 "for matched values filtering\n",
1010 op->o_connid, 0, 0 );
1011 if ( op->o_res_ber == NULL ) ber_free_buf( ber );
1012 send_ldap_error( op, rs, LDAP_OTHER,
1013 "not enough memory for matched values filtering" );
1017 a_flags = (char *)(e_flags + i);
1018 memset( a_flags, 0, k );
1019 for ( a = rs->sr_operational_attrs, i=0; a != NULL; a = a->a_next, i++ ) {
1020 for ( j = 0; a->a_vals[j].bv_val != NULL; j++ );
1021 e_flags[i] = a_flags;
1024 rc = filter_matched_values(op, rs->sr_operational_attrs, &e_flags) ;
1027 Debug( LDAP_DEBUG_ANY,
1028 "send_search_entry: conn %lu "
1029 "matched values filtering failed\n",
1030 op->o_connid ? op->o_connid : 0, 0, 0);
1031 if ( op->o_res_ber == NULL ) ber_free_buf( ber );
1032 send_ldap_error( op, rs, LDAP_OTHER,
1033 "matched values filtering error" );
1039 for (a = rs->sr_operational_attrs, j=0; a != NULL; a = a->a_next, j++ ) {
1040 AttributeDescription *desc = a->a_desc;
1042 if ( rs->sr_attrs == NULL ) {
1043 /* all attrs request, skip operational attributes */
1044 if( is_at_operational( desc->ad_type ) ) {
1049 /* specific attrs requested */
1050 if( is_at_operational( desc->ad_type ) ) {
1051 if ( !SLAP_OPATTRS( rs->sr_attr_flags ) &&
1052 !ad_inlist( desc, rs->sr_attrs ) )
1057 if ( !userattrs && !ad_inlist( desc, rs->sr_attrs ) ) {
1063 if ( ! access_allowed( op, rs->sr_entry, desc, NULL,
1064 ACL_READ, &acl_state ) )
1066 Debug( LDAP_DEBUG_ACL,
1067 "send_search_entry: conn %lu "
1068 "access to attribute %s not allowed\n",
1069 op->o_connid, desc->ad_cname.bv_val, 0 );
1074 rc = ber_printf( ber, "{O[" /*]}*/ , &desc->ad_cname );
1076 Debug( LDAP_DEBUG_ANY,
1077 "send_search_entry: conn %lu "
1078 "ber_printf failed\n", op->o_connid, 0, 0 );
1080 if ( op->o_res_ber == NULL ) ber_free_buf( ber );
1081 send_ldap_error( op, rs, LDAP_OTHER,
1082 "encoding description error" );
1086 if ( ! attrsonly ) {
1087 for ( i = 0; a->a_vals[i].bv_val != NULL; i++ ) {
1088 if ( ! access_allowed( op, rs->sr_entry,
1089 desc, &a->a_vals[i], ACL_READ, &acl_state ) )
1091 Debug( LDAP_DEBUG_ACL,
1092 "send_search_entry: conn %lu "
1093 "access to %s, value %d not allowed\n",
1094 op->o_connid, desc->ad_cname.bv_val, i );
1099 if ( op->o_vrFilter && e_flags[j][i] == 0 ){
1103 if (( rc = ber_printf( ber, "O", &a->a_vals[i] )) == -1 ) {
1104 Debug( LDAP_DEBUG_ANY,
1105 "send_search_entry: conn %lu ber_printf failed\n",
1106 op->o_connid, 0, 0 );
1108 if ( op->o_res_ber == NULL ) ber_free_buf( ber );
1109 send_ldap_error( op, rs, LDAP_OTHER,
1110 "encoding values error" );
1116 if (( rc = ber_printf( ber, /*{[*/ "]N}" )) == -1 ) {
1117 Debug( LDAP_DEBUG_ANY,
1118 "send_search_entry: conn %lu ber_printf failed\n",
1119 op->o_connid, 0, 0 );
1121 if ( op->o_res_ber == NULL ) ber_free_buf( ber );
1122 send_ldap_error( op, rs, LDAP_OTHER, "encode end error" );
1129 * First, setup the computed attribute context that is
1130 * passed to all plugins.
1133 ctx.cac_pb = op->o_pb;
1134 ctx.cac_attrs = rs->sr_attrs;
1135 ctx.cac_attrsonly = attrsonly;
1136 ctx.cac_userattrs = userattrs;
1137 ctx.cac_opattrs = rs->sr_attr_flags;
1138 ctx.cac_acl_state = acl_state;
1139 ctx.cac_private = (void *)ber;
1142 * For each client requested attribute, call the plugins.
1144 if ( rs->sr_attrs != NULL ) {
1145 for ( anp = rs->sr_attrs; anp->an_name.bv_val != NULL; anp++ ) {
1146 rc = compute_evaluator( &ctx, anp->an_name.bv_val,
1147 rs->sr_entry, slapi_int_compute_output_ber );
1148 if ( rc == 1 ) break;
1152 * Technically we shouldn't be returning operational attributes
1153 * when the user requested only user attributes. We'll let the
1154 * plugin decide whether to be naughty or not.
1156 rc = compute_evaluator( &ctx, "*",
1157 rs->sr_entry, slapi_int_compute_output_ber );
1160 if ( op->o_res_ber == NULL ) ber_free_buf( ber );
1161 send_ldap_error( op, rs, LDAP_OTHER, "computed attribute error" );
1165 #endif /* LDAP_SLAPI */
1169 slap_sl_free( e_flags, op->o_tmpmemctx );
1173 rc = ber_printf( ber, /*{{*/ "}N}" );
1176 rc = send_ldap_controls( op, ber, rs->sr_ctrls );
1180 #ifdef LDAP_CONNECTIONLESS
1181 if( op->o_conn && op->o_conn->c_is_udp ) {
1182 if ( op->o_protocol != LDAP_VERSION2 ) {
1183 rc = ber_printf( ber, /*{*/ "N}" );
1187 if ( op->o_res_ber == NULL ) {
1188 rc = ber_printf( ber, /*{*/ "N}" );
1193 Debug( LDAP_DEBUG_ANY, "ber_printf failed\n", 0, 0, 0 );
1195 if ( op->o_res_ber == NULL ) ber_free_buf( ber );
1196 send_ldap_error( op, rs, LDAP_OTHER, "encode entry end error" );
1201 if ( rs->sr_flags & REP_ENTRY_MUSTRELEASE ) {
1202 be_entry_release_rw( op, rs->sr_entry, 0 );
1203 rs->sr_flags ^= REP_ENTRY_MUSTRELEASE;
1204 rs->sr_entry = NULL;
1207 if ( op->o_res_ber == NULL ) {
1208 bytes = send_ldap_ber( op->o_conn, ber );
1209 ber_free_buf( ber );
1212 Debug( LDAP_DEBUG_ANY,
1213 "send_search_entry: conn %lu ber write failed.\n",
1214 op->o_connid, 0, 0 );
1221 ldap_pvt_thread_mutex_lock( &slap_counters.sc_sent_mutex );
1222 ldap_pvt_mp_add_ulong( slap_counters.sc_bytes, (unsigned long)bytes );
1223 ldap_pvt_mp_add_ulong( slap_counters.sc_entries, 1 );
1224 ldap_pvt_mp_add_ulong( slap_counters.sc_pdu, 1 );
1225 ldap_pvt_thread_mutex_unlock( &slap_counters.sc_sent_mutex );
1228 Statslog( LDAP_DEBUG_STATS2, "%s ENTRY dn=\"%s\"\n",
1229 op->o_log_prefix, edn, 0, 0, 0 );
1231 Debug( LDAP_DEBUG_TRACE,
1232 "<= send_search_entry: conn %lu exit.\n", op->o_connid, 0, 0 );
1237 if ( op->o_callback ) {
1239 slap_callback *sc = op->o_callback, *sc_next;
1241 for ( sc_next = op->o_callback; sc_next; op->o_callback = sc_next) {
1242 sc_next = op->o_callback->sc_next;
1243 if ( op->o_callback->sc_cleanup ) {
1244 (void)op->o_callback->sc_cleanup( op, rs );
1245 if ( first && op->o_callback != sc ) {
1246 sc = op->o_callback;
1251 op->o_callback = sc;
1255 slap_sl_free( e_flags, op->o_tmpmemctx );
1258 if ( rs->sr_operational_attrs ) {
1259 attrs_free( rs->sr_operational_attrs );
1260 rs->sr_operational_attrs = NULL;
1262 rs->sr_attr_flags = SLAP_ATTRS_UNDEFINED;
1264 /* FIXME: I think rs->sr_type should be explicitly set to
1265 * REP_SEARCH here. That's what it was when we entered this
1266 * function. send_ldap_error may have changed it, but we
1267 * should set it back so that the cleanup functions know
1268 * what they're doing.
1270 if ( op->o_tag == LDAP_REQ_SEARCH && rs->sr_type == REP_SEARCH
1272 && ( rs->sr_flags & REP_ENTRY_MUSTBEFREED ) )
1274 entry_free( rs->sr_entry );
1275 rs->sr_entry = NULL;
1276 rs->sr_flags &= ~REP_ENTRY_MUSTBEFREED;
1283 slap_send_search_reference( Operation *op, SlapReply *rs )
1285 BerElementBuffer berbuf;
1286 BerElement *ber = (BerElement *) &berbuf;
1290 AttributeDescription *ad_ref = slap_schema.si_ad_ref;
1291 AttributeDescription *ad_entry = slap_schema.si_ad_entry;
1293 rs->sr_type = REP_SEARCHREF;
1294 if ( op->o_callback ) {
1296 slap_callback *sc = op->o_callback,
1297 *sc_next = op->o_callback;
1299 rc = SLAP_CB_CONTINUE;
1300 for ( sc_next = op->o_callback; sc_next; op->o_callback = sc_next) {
1301 sc_next = op->o_callback->sc_next;
1302 if ( op->o_callback->sc_response ) {
1303 rc = op->o_callback->sc_response( op, rs );
1304 if ( first && op->o_callback == NULL ) {
1307 if ( rc != SLAP_CB_CONTINUE ) break;
1312 op->o_callback = sc;
1313 if ( rc != SLAP_CB_CONTINUE ) goto rel;
1316 Debug( LDAP_DEBUG_TRACE,
1317 "=> send_search_reference: dn=\"%s\"\n",
1318 rs->sr_entry ? rs->sr_entry->e_name.bv_val : "(null)", 0, 0 );
1321 rc = call_pre_referral_plugins( op, rs );
1324 #endif /* LDAP_SLAPI */
1326 if ( rs->sr_entry && ! access_allowed( op, rs->sr_entry,
1327 ad_entry, NULL, ACL_READ, NULL ) )
1329 Debug( LDAP_DEBUG_ACL,
1330 "send_search_reference: access to entry not allowed\n",
1336 if ( rs->sr_entry && ! access_allowed( op, rs->sr_entry,
1337 ad_ref, NULL, ACL_READ, NULL ) )
1339 Debug( LDAP_DEBUG_ACL,
1340 "send_search_reference: access "
1341 "to reference not allowed\n",
1347 #ifdef LDAP_CONTROL_X_DOMAIN_SCOPE
1348 if( op->o_domain_scope ) {
1349 Debug( LDAP_DEBUG_ANY,
1350 "send_search_reference: domainScope control in (%s)\n",
1351 rs->sr_entry->e_dn, 0, 0 );
1357 if( rs->sr_ref == NULL ) {
1358 Debug( LDAP_DEBUG_ANY,
1359 "send_search_reference: null ref in (%s)\n",
1360 rs->sr_entry ? rs->sr_entry->e_dn : "(null)", 0, 0 );
1365 if( op->o_protocol < LDAP_VERSION3 ) {
1367 /* save the references for the result */
1368 if( rs->sr_ref[0].bv_val != NULL ) {
1369 if( value_add( &rs->sr_v2ref, rs->sr_ref ) )
1375 #ifdef LDAP_CONNECTIONLESS
1376 if( op->o_conn && op->o_conn->c_is_udp ) {
1377 ber = op->o_res_ber;
1381 ber_init_w_nullc( ber, LBER_USE_DER );
1382 ber_set_option( ber, LBER_OPT_BER_MEMCTX, &op->o_tmpmemctx );
1385 rc = ber_printf( ber, "{it{W}" /*"}"*/ , op->o_msgid,
1386 LDAP_RES_SEARCH_REFERENCE, rs->sr_ref );
1389 rc = send_ldap_controls( op, ber, rs->sr_ctrls );
1393 rc = ber_printf( ber, /*"{"*/ "N}" );
1397 Debug( LDAP_DEBUG_ANY,
1398 "send_search_reference: ber_printf failed\n", 0, 0, 0 );
1400 #ifdef LDAP_CONNECTIONLESS
1401 if (!op->o_conn || op->o_conn->c_is_udp == 0)
1403 ber_free_buf( ber );
1404 send_ldap_error( op, rs, LDAP_OTHER, "encode DN error" );
1409 if ( rs->sr_flags & REP_ENTRY_MUSTRELEASE ) {
1410 be_entry_release_rw( op, rs->sr_entry, 0 );
1411 rs->sr_flags ^= REP_ENTRY_MUSTRELEASE;
1412 rs->sr_entry = NULL;
1415 #ifdef LDAP_CONNECTIONLESS
1416 if (!op->o_conn || op->o_conn->c_is_udp == 0) {
1418 bytes = send_ldap_ber( op->o_conn, ber );
1419 ber_free_buf( ber );
1421 ldap_pvt_thread_mutex_lock( &slap_counters.sc_sent_mutex );
1422 ldap_pvt_mp_add_ulong( slap_counters.sc_bytes, (unsigned long)bytes );
1423 ldap_pvt_mp_add_ulong( slap_counters.sc_refs, 1 );
1424 ldap_pvt_mp_add_ulong( slap_counters.sc_pdu, 1 );
1425 ldap_pvt_thread_mutex_unlock( &slap_counters.sc_sent_mutex );
1426 #ifdef LDAP_CONNECTIONLESS
1430 Statslog( LDAP_DEBUG_STATS2, "%s REF dn=\"%s\"\n",
1431 op->o_log_prefix, rs->sr_entry ? rs->sr_entry->e_dn : "(null)",
1434 Debug( LDAP_DEBUG_TRACE, "<= send_search_reference\n", 0, 0, 0 );
1437 if ( op->o_callback ) {
1439 slap_callback *sc = op->o_callback, *sc_next;
1441 for ( sc_next = op->o_callback; sc_next; op->o_callback = sc_next) {
1442 sc_next = op->o_callback->sc_next;
1443 if ( op->o_callback->sc_cleanup ) {
1444 (void)op->o_callback->sc_cleanup( op, rs );
1445 if ( first && op->o_callback != sc ) {
1446 sc = op->o_callback;
1451 op->o_callback = sc;
1467 *code = LDAP_SUCCESS;
1471 if ( strncasecmp( s, "RESULT", STRLENOF( "RESULT" ) ) != 0 ) {
1472 Debug( LDAP_DEBUG_ANY, "str2result (%s) expecting \"RESULT\"\n",
1479 while ( (s = strchr( s, '\n' )) != NULL ) {
1484 if ( (c = strchr( s, ':' )) != NULL ) {
1488 if ( strncasecmp( s, "code", STRLENOF( "code" ) ) == 0 ) {
1492 } else if ( strncasecmp( s, "matched", STRLENOF( "matched" ) ) == 0 ) {
1496 } else if ( strncasecmp( s, "info", STRLENOF( "info" ) ) == 0 ) {
1501 Debug( LDAP_DEBUG_ANY, "str2result (%s) unknown\n",
1511 int slap_read_controls(
1515 const struct berval *oid,
1516 LDAPControl **ctrl )
1520 BerElementBuffer berbuf;
1521 BerElement *ber = (BerElement *) &berbuf;
1525 Debug( LDAP_DEBUG_ANY, "slap_read_controls: (%s) %s\n",
1526 oid->bv_val, e->e_dn, 0 );
1529 rs->sr_attrs = ( oid == &slap_pre_read_bv ) ?
1530 op->o_preread_attrs : op->o_postread_attrs;
1532 bv.bv_len = entry_flatsize( rs->sr_entry, 0 );
1533 bv.bv_val = op->o_tmpalloc(bv.bv_len, op->o_tmpmemctx );
1535 ber_init2( ber, &bv, LBER_USE_DER );
1536 ber_set_option( ber, LBER_OPT_BER_MEMCTX, &op->o_tmpmemctx );
1538 /* create new operation */
1541 myop.o_res_ber = ber;
1543 rc = slap_send_search_entry( &myop, rs );
1546 rc = ber_flatten2( ber, &c.ldctl_value, 0 );
1548 if( rc == LBER_ERROR ) return LDAP_OTHER;
1550 c.ldctl_oid = oid->bv_val;
1551 c.ldctl_iscritical = 0;
1553 if ( *ctrl == NULL ) {
1555 *ctrl = (LDAPControl *) slap_sl_calloc( 1, sizeof(LDAPControl), NULL );
1557 /* retry: free previous try */
1558 slap_sl_free( (*ctrl)->ldctl_value.bv_val, op->o_tmpmemctx );
1562 return LDAP_SUCCESS;
1565 /* Map API errors to protocol errors... */
1567 slap_map_api2result( SlapReply *rs )
1569 switch(rs->sr_err) {
1570 case LDAP_SERVER_DOWN:
1571 return LDAP_UNAVAILABLE;
1572 case LDAP_LOCAL_ERROR:
1574 case LDAP_ENCODING_ERROR:
1575 case LDAP_DECODING_ERROR:
1576 return LDAP_PROTOCOL_ERROR;
1578 return LDAP_UNAVAILABLE;
1579 case LDAP_AUTH_UNKNOWN:
1580 return LDAP_AUTH_METHOD_NOT_SUPPORTED;
1581 case LDAP_FILTER_ERROR:
1582 rs->sr_text = "Filter error";
1584 case LDAP_USER_CANCELLED:
1585 rs->sr_text = "User cancelled";
1587 case LDAP_PARAM_ERROR:
1588 return LDAP_PROTOCOL_ERROR;
1589 case LDAP_NO_MEMORY:
1591 case LDAP_CONNECT_ERROR:
1592 return LDAP_UNAVAILABLE;
1593 case LDAP_NOT_SUPPORTED:
1594 return LDAP_UNWILLING_TO_PERFORM;
1595 case LDAP_CONTROL_NOT_FOUND:
1596 return LDAP_PROTOCOL_ERROR;
1597 case LDAP_NO_RESULTS_RETURNED:
1598 return LDAP_NO_SUCH_OBJECT;
1599 case LDAP_MORE_RESULTS_TO_RETURN:
1600 rs->sr_text = "More results to return";
1602 case LDAP_CLIENT_LOOP:
1603 case LDAP_REFERRAL_LIMIT_EXCEEDED:
1604 return LDAP_LOOP_DETECT;
1606 if ( LDAP_API_ERROR(rs->sr_err) ) return LDAP_OTHER;
1613 slap_attr_flags( AttributeName *an )
1615 slap_mask_t flags = SLAP_ATTRS_UNDEFINED;
1618 flags |= ( SLAP_OPATTRS_NO | SLAP_USERATTRS_YES );
1621 flags |= an_find( an, &AllOper )
1622 ? SLAP_OPATTRS_YES : SLAP_OPATTRS_NO;
1623 flags |= an_find( an, &AllUser )
1624 ? SLAP_USERATTRS_YES : SLAP_USERATTRS_NO;
1631 static AttributeName *charray2anlist( Operation *op, char **attrs )
1636 if ( attrs != NULL ) {
1637 for ( i = 0; attrs[i] != NULL; i++ )
1639 an = (AttributeName *)op->o_tmpalloc( (i + 1) * sizeof(AttributeName), op->o_tmpmemctx );
1640 for ( i = 0; attrs[i] != NULL; i++ ) {
1643 an[i].an_name.bv_val = attrs[i];
1644 an[i].an_name.bv_len = strlen( attrs[i] );
1646 an[i].an_oc_exclude = 0;
1647 slap_bv2ad( &an[i].an_name, &an[i].an_desc, &dummy );
1657 * Call pre-response plugins. To avoid infinite recursion plugins
1658 * should just set SLAPI_RESULT_CODE rather than sending a
1659 * result if they wish to change the result. Similarly, pre-entry
1660 * plugins can either abort sending the entry or change the list
1661 * of sent attributes, but they can't call send_search_entry().
1664 static int call_pre_entry_plugins( Operation *op, SlapReply *rs, int *pAttributesOnly )
1667 char **attrs = NULL;
1668 char **filteredAttributes = NULL;
1671 if ( op->o_callback != NULL || op->o_pb == NULL ) {
1676 * A new parameter block is allocated to avoid trampling on the
1677 * operation SLAPI state.
1679 pb = slapi_pblock_new();
1681 slapi_int_pblock_set_operation( pb, op );
1682 slapi_pblock_set( pb, SLAPI_RESCONTROLS, (void *)rs->sr_ctrls );
1683 attrs = anlist2charray_x( op->ors_attrs, 0, op->o_tmpmemctx );
1684 slapi_pblock_set( pb, SLAPI_SEARCH_ATTRS, (void *)attrs );
1685 slapi_pblock_set( pb, SLAPI_SEARCH_ATTRSONLY, (void *)*pAttributesOnly );
1686 slapi_pblock_set( pb, SLAPI_SEARCH_RESULT_ENTRY, (void *)rs->sr_entry );
1688 rc = slapi_int_call_plugins( op->o_bd, SLAPI_PLUGIN_PRE_ENTRY_FN, pb );
1690 slapi_pblock_destroy( pb );
1694 slapi_pblock_get( pb, SLAPI_RESCONTROLS, (void **)&rs->sr_ctrls );
1695 slapi_pblock_get( pb, SLAPI_SEARCH_ATTRS, (void **)&filteredAttributes );
1696 slapi_pblock_get( pb, SLAPI_SEARCH_ATTRSONLY, (void **)pAttributesOnly );
1697 slapi_pblock_get( pb, SLAPI_SEARCH_RESULT_ENTRY, (void **)&rs->sr_entry );
1699 if ( filteredAttributes != attrs ) {
1701 * Support for filtering attributes; useful for implementing
1702 * replication providers
1704 rs->sr_attrs = charray2anlist( op, filteredAttributes );
1705 slapi_ch_free( (void **)&filteredAttributes );
1708 slapi_pblock_set( pb, SLAPI_RESCONTROLS, NULL );
1709 slapi_pblock_destroy( pb );
1714 static int call_pre_result_plugins( Operation *op, SlapReply *rs )
1718 if ( op->o_callback != NULL || op->o_pb == NULL ) {
1724 slapi_int_pblock_set_operation( pb, op );
1725 slapi_pblock_set( pb, SLAPI_RESCONTROLS, (void *)rs->sr_ctrls );
1726 slapi_pblock_set( pb, SLAPI_RESULT_CODE, (void *)rs->sr_err );
1727 slapi_pblock_set( pb, SLAPI_RESULT_TEXT, (void *)rs->sr_text );
1728 slapi_pblock_set( pb, SLAPI_RESULT_MATCHED, (void *)rs->sr_matched );
1730 rc = slapi_int_call_plugins( op->o_bd, SLAPI_PLUGIN_PRE_RESULT_FN, pb );
1735 slapi_pblock_get( pb, SLAPI_RESCONTROLS, (void **)&rs->sr_ctrls );
1736 slapi_pblock_get( pb, SLAPI_RESULT_CODE, (void **)&rs->sr_err );
1737 slapi_pblock_get( pb, SLAPI_RESULT_TEXT, (void **)&rs->sr_text );
1738 slapi_pblock_get( pb, SLAPI_RESULT_MATCHED, (void **)&rs->sr_matched );
1740 slapi_pblock_set( pb, SLAPI_RESCONTROLS, NULL );
1747 static int call_pre_referral_plugins( Operation *op, SlapReply *rs )
1752 if ( op->o_callback != NULL || op->o_pb == NULL ) {
1757 * A new parameter block is allocated to avoid trampling on the
1758 * operation SLAPI state.
1760 pb = slapi_pblock_new();
1762 slapi_int_pblock_set_operation( pb, op );
1763 slapi_pblock_set( pb, SLAPI_RESCONTROLS, (void *)rs->sr_ctrls );
1764 slapi_pblock_set( pb, SLAPI_SEARCH_RESULT_ENTRY, (void *)rs->sr_entry );
1766 rc = slapi_int_call_plugins( op->o_bd, SLAPI_PLUGIN_PRE_REFERRAL_FN, pb );
1771 slapi_pblock_get( pb, SLAPI_RESCONTROLS, (void **)&rs->sr_ctrls );
1772 slapi_pblock_get( pb, SLAPI_SEARCH_RESULT_ENTRY, (void **)&rs->sr_entry );
1774 slapi_pblock_set( pb, SLAPI_RESCONTROLS, NULL );
1775 slapi_pblock_destroy( pb );
1779 #endif /* LDAP_SLAPI */