1 /* result.c - routines to send ldap results, errors, and referrals */
10 #include <ac/signal.h>
11 #include <ac/string.h>
14 #include <ac/unistd.h>
18 /* we need LBER internals */
19 #include "../../libraries/liblber/lber-int.h"
21 static char *v2ref( struct berval **ref, const char *text )
23 size_t len = 0, i = 0;
26 if(ref == NULL) return (char *)text;
30 if (text[len-1] != '\n')
33 v2 = ch_malloc( len+i+sizeof("Referral:") );
39 strcpy( v2+len, "Referral:" );
40 len += sizeof("Referral:");
42 for( i=0; ref[i] != NULL; i++ ) {
43 v2 = ch_realloc( v2, len + ref[i]->bv_len + 1 );
45 memcpy(&v2[len], ref[i]->bv_val, ref[i]->bv_len );
46 len += ref[i]->bv_len;
53 static ber_tag_t req2res( ber_tag_t tag )
58 case LDAP_REQ_COMPARE:
59 case LDAP_REQ_EXTENDED:
66 tag = LDAP_RES_DELETE;
69 case LDAP_REQ_ABANDON:
75 tag = LDAP_RES_SEARCH_RESULT;
85 static void trim_refs_urls(
86 struct berval **refs )
90 if( refs == NULL ) return;
92 for( i=0; refs[i] != NULL; i++ ) {
93 if( refs[i]->bv_len > sizeof("ldap://")-1 &&
94 strncasecmp( refs[i]->bv_val, "ldap://",
95 sizeof("ldap://")-1 ) == 0 )
98 for( j=sizeof("ldap://")-1; j<refs[i]->bv_len ; j++ ) {
99 if( refs[i]->bv_val[j] == '/' ) {
100 refs[i]->bv_val[j] = '\0';
109 struct berval **get_entry_referrals(
116 struct berval **refs;
119 attr = attr_find( e->e_attrs, "ref" );
121 if( attr == NULL ) return NULL;
123 for( i=0; attr->a_vals[i] != NULL; i++ ) {
124 /* count references */
127 if( i < 1 ) return NULL;
129 refs = ch_malloc( i + 1 );
131 for( i=0, j=0; attr->a_vals[i] != NULL; i++ ) {
133 struct berval *ref = ber_bvdup( attr->a_vals[i] );
136 for( k=0; k<ref->bv_len; k++ ) {
137 if( isspace(ref->bv_val[k]) ) {
138 ref->bv_val[k] = '\0';
144 if( ref->bv_len > 0 ) {
155 ber_bvecfree( refs );
159 /* we should check that a referral value exists... */
164 static long send_ldap_ber(
168 ber_len_t bytes = ber_pvt_ber_bytes( ber );
170 /* write only one pdu at a time - wait til it's our turn */
171 ldap_pvt_thread_mutex_lock( &conn->c_write_mutex );
173 /* lock the connection */
174 ldap_pvt_thread_mutex_lock( &conn->c_mutex );
180 if ( connection_state_closing( conn ) ) {
181 ldap_pvt_thread_mutex_unlock( &conn->c_mutex );
182 ldap_pvt_thread_mutex_unlock( &conn->c_write_mutex );
187 if ( ber_flush( conn->c_sb, ber, 0 ) == 0 ) {
194 * we got an error. if it's ewouldblock, we need to
195 * wait on the socket being writable. otherwise, figure
196 * it's a hard error and return.
199 Debug( LDAP_DEBUG_CONNS, "ber_flush failed errno=%d reason=\"%s\"\n",
200 err, STRERROR(err), 0 );
202 if ( err != EWOULDBLOCK && err != EAGAIN ) {
203 connection_closing( conn );
205 ldap_pvt_thread_mutex_unlock( &conn->c_mutex );
206 ldap_pvt_thread_mutex_unlock( &conn->c_write_mutex );
211 /* wait for socket to be write-ready */
212 conn->c_writewaiter = 1;
213 slapd_set_write( ber_pvt_sb_get_desc( conn->c_sb ), 1 );
215 ldap_pvt_thread_cond_wait( &conn->c_write_cv, &conn->c_mutex );
216 conn->c_writewaiter = 0;
219 ldap_pvt_thread_mutex_unlock( &conn->c_mutex );
220 ldap_pvt_thread_mutex_unlock( &conn->c_write_mutex );
236 struct berval *resdata,
244 assert( ctrls == NULL ); /* ctrls not implemented */
246 ber = ber_alloc_t( LBER_USE_DER );
248 Debug( LDAP_DEBUG_TRACE, "send_ldap_response: msgid=%ld tag=%ld err=%ld\n",
249 (long) msgid, (long) tag, (long) err );
252 Debug( LDAP_DEBUG_ANY, "ber_alloc failed\n", 0, 0, 0 );
256 #ifdef LDAP_CONNECTIONLESS
258 rc = ber_printf( ber, "{is{t{ess}}}", msgid, "", tag,
259 err, matched ? matched : "", text ? text : "" );
263 rc = ber_printf( ber, "{it{ess",
265 matched == NULL ? "" : matched,
266 text == NULL ? "" : text );
268 if( rc != -1 && ref != NULL ) {
269 rc = ber_printf( ber, "{V}", ref );
272 if( rc != -1 && resoid != NULL ) {
273 rc = ber_printf( ber, "s", resoid );
276 if( rc != -1 && resdata != NULL ) {
277 rc = ber_printf( ber, "O", resdata );
282 rc = ber_printf( ber, "}}" );
287 Debug( LDAP_DEBUG_ANY, "ber_printf failed\n", 0, 0, 0 );
293 bytes = send_ldap_ber( conn, ber );
297 Debug( LDAP_DEBUG_ANY,
298 "send_ldap_response: ber write failed\n",
303 ldap_pvt_thread_mutex_lock( &num_sent_mutex );
304 num_bytes_sent += bytes;
306 ldap_pvt_thread_mutex_unlock( &num_sent_mutex );
312 send_ldap_disconnect(
323 #define LDAP_UNSOLICITED_ERROR(e) \
324 ( (e) == LDAP_PROTOCOL_ERROR \
325 || (e) == LDAP_STRONG_AUTH_REQUIRED \
326 || (e) == LDAP_UNAVAILABLE )
328 assert( LDAP_UNSOLICITED_ERROR( err ) );
330 Debug( LDAP_DEBUG_TRACE,
331 "send_ldap_disconnect %d:%s\n",
332 err, text ? text : "", NULL );
334 if ( op->o_protocol < LDAP_VERSION3 ) {
336 tag = req2res( op->o_tag );
337 msgid = (tag != LBER_SEQUENCE) ? op->o_msgid : 0;
340 reqoid = LDAP_NOTICE_DISCONNECT;
341 tag = LDAP_RES_EXTENDED;
345 #ifdef LDAP_CONNECTIONLESS
347 ber_pvt_sb_udp_set_dst( conn->c_sb, &op->o_clientaddr );
348 Debug( LDAP_DEBUG_TRACE, "UDP response to %s port %d\n",
349 inet_ntoa(((struct sockaddr_in *)
350 &op->o_clientaddr)->sin_addr ),
351 ((struct sockaddr_in *) &op->o_clientaddr)->sin_port,
355 send_ldap_response( conn, op, tag, msgid,
356 err, NULL, text, NULL,
357 reqoid, NULL, NULL );
359 Statslog( LDAP_DEBUG_STATS,
360 "conn=%ld op=%ld DISCONNECT err=%ld tag=%lu text=%s\n",
361 (long) op->o_connid, (long) op->o_opid,
362 (long) tag, (long) err, text ? text : "" );
380 assert( !LDAP_API_ERROR( err ) );
382 Debug( LDAP_DEBUG_TRACE, "send_ldap_result: conn=%ld op=%ld p=%d\n",
383 (long) op->o_connid, (long) op->o_opid, op->o_protocol );
384 Debug( LDAP_DEBUG_ARGS, "send_ldap_result: %d:%s:%s\n",
385 err, matched ? matched : "", text ? text : "" );
387 assert( err != LDAP_PARTIAL_RESULTS );
389 if( op->o_tag != LDAP_REQ_SEARCH ) {
390 trim_refs_urls( ref );
393 if ( err == LDAP_REFERRAL ) {
395 err = LDAP_NO_SUCH_OBJECT;
396 } else if ( op->o_protocol < LDAP_VERSION3 ) {
397 err = LDAP_PARTIAL_RESULTS;
401 if ( op->o_protocol < LDAP_VERSION3 ) {
402 tmp = v2ref( ref, text );
407 tag = req2res( op->o_tag );
408 msgid = (tag != LBER_SEQUENCE) ? op->o_msgid : 0;
410 #ifdef LDAP_CONNECTIONLESS
412 ber_pvt_sb_udp_set_dst( conn->c_sb, &op->o_clientaddr );
413 Debug( LDAP_DEBUG_TRACE, "UDP response to %s port %d\n",
414 inet_ntoa(((struct sockaddr_in *)
415 &op->o_clientaddr)->sin_addr ),
416 ((struct sockaddr_in *) &op->o_clientaddr)->sin_port,
421 send_ldap_response( conn, op, tag, msgid,
422 err, matched, text, ref,
425 Statslog( LDAP_DEBUG_STATS,
426 "conn=%ld op=%ld RESULT tag=%lu err=%ld text=%s\n",
427 (long) op->o_connid, (long) op->o_opid,
428 (long) tag, (long) err, text ? text : "" );
443 struct berval **refs,
451 assert( !LDAP_API_ERROR( err ) );
453 Debug( LDAP_DEBUG_TRACE, "send_ldap_search_result %d:%s:%s\n",
454 err, matched ? matched : "", text ? text : "" );
456 assert( err != LDAP_PARTIAL_RESULTS );
458 trim_refs_urls( refs );
460 if( op->o_protocol < LDAP_VERSION3 ) {
461 /* send references in search results */
462 if( err == LDAP_REFERRAL ) {
463 err = LDAP_PARTIAL_RESULTS;
466 tmp = v2ref( refs, text );
470 /* don't send references in search results */
471 assert( refs == NULL );
474 if( err == LDAP_REFERRAL ) {
479 tag = req2res( op->o_tag );
480 msgid = (tag != LBER_SEQUENCE) ? op->o_msgid : 0;
482 #ifdef LDAP_CONNECTIONLESS
484 ber_pvt_sb_udp_set_dst( conn->c_sb, &op->o_clientaddr );
485 Debug( LDAP_DEBUG_TRACE, "UDP response to %s port %d\n",
486 inet_ntoa(((struct sockaddr_in *)
487 &op->o_clientaddr)->sin_addr ),
488 ((struct sockaddr_in *) &op->o_clientaddr)->sin_port,
493 send_ldap_response( conn, op, tag, msgid,
494 err, matched, text, refs,
497 Statslog( LDAP_DEBUG_STATS,
498 "conn=%ld op=%ld SEARCH RESULT tag=%lu err=%ld text=%s\n",
499 (long) op->o_connid, (long) op->o_opid,
500 (long) tag, (long) err, text ? text : "" );
523 Debug( LDAP_DEBUG_TRACE, "=> send_search_entry: \"%s\"\n", e->e_dn, 0, 0 );
525 if ( ! access_allowed( be, conn, op, e,
526 "entry", NULL, ACL_READ ) )
528 Debug( LDAP_DEBUG_ACL, "acl: access to entry not allowed\n",
535 ber = ber_alloc_t( LBER_USE_DER );
538 Debug( LDAP_DEBUG_ANY, "ber_alloc failed\n", 0, 0, 0 );
539 send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR,
540 NULL, "allocating BER error", NULL, NULL );
544 rc = ber_printf( ber, "{it{s{", op->o_msgid,
545 LDAP_RES_SEARCH_ENTRY, e->e_dn );
548 Debug( LDAP_DEBUG_ANY, "ber_printf failed\n", 0, 0, 0 );
550 send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR,
551 NULL, "encoding dn error", NULL, NULL );
555 /* check for special all user attributes ("*") type */
556 userattrs = ( attrs == NULL ) ? 1
557 : charray_inlist( attrs, LDAP_ALL_USER_ATTRIBUTES );
559 /* check for special all operational attributes ("+") type */
560 opattrs = ( attrs == NULL ) ? 0
561 : charray_inlist( attrs, LDAP_ALL_OPERATIONAL_ATTRIBUTES );
563 for ( a = e->e_attrs; a != NULL; a = a->a_next ) {
564 if ( attrs == NULL ) {
565 /* all addrs request, skip operational attributes */
566 if( !opattrs && oc_check_operational_attr( a->a_type ) ) {
571 /* specific addrs requested */
572 if ( oc_check_operational_attr( a->a_type ) ) {
573 if( !opattrs && !charray_inlist( attrs, a->a_type ) )
578 if (!userattrs && !charray_inlist( attrs, a->a_type ) )
585 if ( ! access_allowed( be, conn, op, e,
586 a->a_type, NULL, ACL_READ ) )
588 Debug( LDAP_DEBUG_ACL, "acl: access to attribute %s not allowed\n",
593 if (( rc = ber_printf( ber, "{s[" /*]}*/ , a->a_type )) == -1 ) {
594 Debug( LDAP_DEBUG_ANY, "ber_printf failed\n", 0, 0, 0 );
596 send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR,
597 NULL, "encoding type error", NULL, NULL );
602 for ( i = 0; a->a_vals[i] != NULL; i++ ) {
603 if ( ! access_allowed( be, conn, op, e,
604 a->a_type, a->a_vals[i], ACL_READ ) )
606 Debug( LDAP_DEBUG_ACL,
607 "acl: access to attribute %s, value %d not allowed\n",
612 if (( rc = ber_printf( ber, "O", a->a_vals[i] )) == -1 ) {
613 Debug( LDAP_DEBUG_ANY,
614 "ber_printf failed\n", 0, 0, 0 );
616 send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR,
617 NULL, "encoding value error", NULL, NULL );
623 if (( rc = ber_printf( ber, /*{[*/ "]}" )) == -1 ) {
624 Debug( LDAP_DEBUG_ANY, "ber_printf failed\n", 0, 0, 0 );
626 send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR,
627 NULL, "encode end error", NULL, NULL );
632 #ifdef SLAPD_SCHEMA_DN
633 /* eventually will loop through generated operational attributes */
634 /* only have subschemaSubentry implemented */
635 a = backend_subschemasubentry( be );
638 if ( attrs == NULL ) {
639 /* all addrs request, skip operational attributes */
640 if( !opattrs && oc_check_operational_attr( a->a_type ) ) {
645 /* specific addrs requested */
646 if ( oc_check_operational_attr( a->a_type ) ) {
647 if( !opattrs && !charray_inlist( attrs, a->a_type ) )
652 if (!userattrs && !charray_inlist( attrs, a->a_type ) )
659 if ( ! access_allowed( be, conn, op, e,
660 a->a_type, NULL, ACL_READ ) )
662 Debug( LDAP_DEBUG_ACL, "acl: access to attribute %s not allowed\n",
667 if (( rc = ber_printf( ber, "{s[" /*]}*/ , a->a_type )) == -1 ) {
668 Debug( LDAP_DEBUG_ANY, "ber_printf failed\n", 0, 0, 0 );
670 send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR,
671 NULL, "encoding type error", NULL, NULL );
676 for ( i = 0; a->a_vals[i] != NULL; i++ ) {
677 if ( ! access_allowed( be, conn, op, e,
678 a->a_type, a->a_vals[i], ACL_READ ) )
680 Debug( LDAP_DEBUG_ACL,
681 "acl: access to attribute %s, value %d not allowed\n",
687 if (( rc = ber_printf( ber, "O", a->a_vals[i] )) == -1 ) {
688 Debug( LDAP_DEBUG_ANY,
689 "ber_printf failed\n", 0, 0, 0 );
691 send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR,
692 NULL, "encoding value error", NULL, NULL );
698 if (( rc = ber_printf( ber, /*{[*/ "]}" )) == -1 ) {
699 Debug( LDAP_DEBUG_ANY, "ber_printf failed\n", 0, 0, 0 );
701 send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR,
702 NULL, "encode end error", NULL, NULL );
708 rc = ber_printf( ber, /*{{{*/ "}}}" );
711 Debug( LDAP_DEBUG_ANY, "ber_printf failed\n", 0, 0, 0 );
713 send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR,
714 NULL, "encode entry end error", NULL, NULL );
718 bytes = send_ldap_ber( conn, ber );
722 Debug( LDAP_DEBUG_ANY,
723 "send_ldap_response: ber write failed\n",
728 ldap_pvt_thread_mutex_lock( &num_sent_mutex );
729 num_bytes_sent += bytes;
732 ldap_pvt_thread_mutex_unlock( &num_sent_mutex );
734 Statslog( LDAP_DEBUG_STATS2, "conn=%ld op=%ld ENTRY dn=\"%s\"\n",
735 (long) conn->c_connid, (long) op->o_opid, e->e_dn, 0, 0 );
737 Debug( LDAP_DEBUG_TRACE, "<= send_search_entry\n", 0, 0, 0 );
746 send_search_reference(
751 struct berval **refs,
754 struct berval ***v2refs
761 Debug( LDAP_DEBUG_TRACE, "=> send_search_reference (%s)\n", e->e_dn, 0, 0 );
763 if ( ! access_allowed( be, conn, op, e,
764 "entry", NULL, ACL_READ ) )
766 Debug( LDAP_DEBUG_ACL,
767 "send_search_reference: access to entry not allowed\n",
772 if ( ! access_allowed( be, conn, op, e,
773 "ref", NULL, ACL_READ ) )
775 Debug( LDAP_DEBUG_ACL,
776 "send_search_reference: access to reference not allowed\n",
782 Debug( LDAP_DEBUG_ANY,
783 "send_search_reference: null ref in (%s)\n",
788 if( op->o_protocol < LDAP_VERSION3 ) {
789 /* save the references for the result */
790 if( *refs == NULL ) {
791 value_add( v2refs, refs );
796 ber = ber_alloc_t( LBER_USE_DER );
799 Debug( LDAP_DEBUG_ANY,
800 "send_search_reference: ber_alloc failed\n", 0, 0, 0 );
801 send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR,
802 NULL, "alloc BER error", NULL, NULL );
806 rc = ber_printf( ber, "{it{V}}", op->o_msgid,
807 LDAP_RES_SEARCH_REFERENCE, refs );
810 Debug( LDAP_DEBUG_ANY,
811 "send_search_reference: ber_printf failed\n", 0, 0, 0 );
813 send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR,
814 NULL, "encode dn error", NULL, NULL );
818 bytes = send_ldap_ber( conn, ber );
821 ldap_pvt_thread_mutex_lock( &num_sent_mutex );
822 num_bytes_sent += bytes;
825 ldap_pvt_thread_mutex_unlock( &num_sent_mutex );
827 Statslog( LDAP_DEBUG_STATS2, "conn=%ld op=%ld ENTRY dn=\"%s\"\n",
828 (long) conn->c_connid, (long) op->o_opid, e->e_dn, 0, 0 );
830 Debug( LDAP_DEBUG_TRACE, "<= send_search_reference\n", 0, 0, 0 );
847 *code = LDAP_SUCCESS;
851 if ( strncasecmp( s, "RESULT", 6 ) != 0 ) {
852 Debug( LDAP_DEBUG_ANY, "str2result (%s) expecting \"RESULT\"\n",
859 while ( (s = strchr( s, '\n' )) != NULL ) {
864 if ( (c = strchr( s, ':' )) != NULL ) {
868 if ( strncasecmp( s, "code", 4 ) == 0 ) {
872 } else if ( strncasecmp( s, "matched", 7 ) == 0 ) {
876 } else if ( strncasecmp( s, "info", 4 ) == 0 ) {
881 Debug( LDAP_DEBUG_ANY, "str2result (%s) unknown\n",