1 /* result.c - routines to send ldap results, errors, and referrals */
10 #include <ac/string.h>
13 #include <ac/unistd.h>
17 /* we need LBER internals */
18 #include "../../libraries/liblber/lber-int.h"
20 static char *v2ref( struct berval **ref )
25 if(ref == NULL) return NULL;
27 len = sizeof("Referral:");
28 v2 = ch_strdup("Referral:");
30 for( i=0; ref[i] != NULL; i++ ) {
31 v2 = ch_realloc( v2, len + ref[i]->bv_len + 1 );
33 memcpy(&v2[len], ref[i]->bv_val, ref[i]->bv_len );
34 len += ref[i]->bv_len;
41 static ber_tag_t req2res( ber_tag_t tag )
46 case LDAP_REQ_COMPARE:
47 case LDAP_REQ_EXTENDED:
54 tag = LDAP_RES_DELETE;
57 case LDAP_REQ_ABANDON:
63 tag = LDAP_RES_SEARCH_RESULT;
73 static void trim_refs_urls(
74 struct berval **refs )
78 if( refs == NULL ) return;
80 for( i=0; refs[i] != NULL; i++ ) {
81 if( refs[i]->bv_len > sizeof("ldap://") &&
82 strncasecmp( refs[i]->bv_val, "ldap://",
83 sizeof("ldap://")-1 ) == 0 )
86 for( j=sizeof("ldap://"); j<refs[i]->bv_len ; j++ ) {
87 if( refs[i]->bv_val[j] == '/' ) {
88 refs[i]->bv_val[j] = '\0';
97 struct berval **get_entry_referrals(
104 struct berval **refs;
107 attr = attr_find( e->e_attrs, "ref" );
109 if( attr == NULL ) return NULL;
111 for( i=0; attr->a_vals[i] != NULL; i++ ) {
112 /* count references */
115 if( i < 1 ) return NULL;
117 refs = ch_malloc( i + 1 );
119 for( i=0, j=0; attr->a_vals[i] != NULL; i++ ) {
121 struct berval *ref = ber_bvdup( attr->a_vals[i] );
124 for( k=0; k<ref->bv_len; k++ ) {
125 if( isspace(ref->bv_val[k]) ) {
126 ref->bv_val[k] = '\0';
132 if( ref->bv_len > 0 ) {
143 ber_bvecfree( refs );
147 /* we should check that a referral value exists... */
152 static long send_ldap_ber(
156 ber_len_t bytes = ber_pvt_ber_bytes( ber );
158 /* write only one pdu at a time - wait til it's our turn */
159 ldap_pvt_thread_mutex_lock( &conn->c_write_mutex );
161 /* lock the connection */
162 ldap_pvt_thread_mutex_lock( &conn->c_mutex );
168 if ( connection_state_closing( conn ) ) {
169 ldap_pvt_thread_mutex_unlock( &conn->c_mutex );
170 ldap_pvt_thread_mutex_unlock( &conn->c_write_mutex );
175 if ( ber_flush( conn->c_sb, ber, 0 ) == 0 ) {
182 * we got an error. if it's ewouldblock, we need to
183 * wait on the socket being writable. otherwise, figure
184 * it's a hard error and return.
187 Debug( LDAP_DEBUG_CONNS, "ber_flush failed errno=%d reason=\"%s\"\n",
188 err, STRERROR(err), 0 );
190 if ( err != EWOULDBLOCK && err != EAGAIN ) {
191 connection_closing( conn );
193 ldap_pvt_thread_mutex_unlock( &conn->c_mutex );
194 ldap_pvt_thread_mutex_unlock( &conn->c_write_mutex );
199 /* wait for socket to be write-ready */
200 conn->c_writewaiter = 1;
201 slapd_set_write( ber_pvt_sb_get_desc( conn->c_sb ), 1 );
203 ldap_pvt_thread_cond_wait( &conn->c_write_cv, &conn->c_mutex );
204 conn->c_writewaiter = 0;
207 ldap_pvt_thread_mutex_unlock( &conn->c_mutex );
208 ldap_pvt_thread_mutex_unlock( &conn->c_write_mutex );
224 struct berval *resdata,
232 assert( ctrls == NULL ); /* ctrls not implemented */
234 ber = ber_alloc_t( LBER_USE_DER );
236 Debug( LDAP_DEBUG_TRACE, "send_ldap_response: msgid=%ld tag=%ld err=%ld\n",
237 (long) msgid, (long) tag, (long) err );
240 Debug( LDAP_DEBUG_ANY, "ber_alloc failed\n", 0, 0, 0 );
244 #ifdef LDAP_CONNECTIONLESS
246 rc = ber_printf( ber, "{is{t{ess}}}", msgid, "", tag,
247 err, matched ? matched : "", text ? text : "" );
251 rc = ber_printf( ber, "{it{ess",
253 matched == NULL ? "" : matched,
254 text == NULL ? "" : text );
256 if( rc != -1 && ref != NULL ) {
257 rc = ber_printf( ber, "{V}", ref );
260 if( rc != -1 && resoid != NULL ) {
261 rc = ber_printf( ber, "s", resoid );
264 if( rc != -1 && resdata != NULL ) {
265 rc = ber_printf( ber, "O", resdata );
270 rc = ber_printf( ber, "}}" );
275 Debug( LDAP_DEBUG_ANY, "ber_printf failed\n", 0, 0, 0 );
281 bytes = send_ldap_ber( conn, ber );
285 Debug( LDAP_DEBUG_ANY,
286 "send_ldap_response: ber write failed\n",
291 ldap_pvt_thread_mutex_lock( &num_sent_mutex );
292 num_bytes_sent += bytes;
294 ldap_pvt_thread_mutex_unlock( &num_sent_mutex );
300 send_ldap_disconnect(
311 #define LDAP_UNSOLICITED_ERROR(e) \
312 ( (e) == LDAP_PROTOCOL_ERROR \
313 || (e) == LDAP_STRONG_AUTH_REQUIRED \
314 || (e) == LDAP_UNAVAILABLE )
316 assert( LDAP_UNSOLICITED_ERROR( err ) );
318 Debug( LDAP_DEBUG_TRACE,
319 "send_ldap_disconnect %d:%s\n",
320 err, text ? text : "", NULL );
322 if ( op->o_protocol < LDAP_VERSION3 ) {
324 tag = req2res( op->o_tag );
325 msgid = (tag != LBER_SEQUENCE) ? op->o_msgid : 0;
328 reqoid = LDAP_NOTICE_DISCONNECT;
329 tag = LDAP_RES_EXTENDED;
333 #ifdef LDAP_CONNECTIONLESS
335 ber_pvt_sb_udp_set_dst( conn->c_sb, &op->o_clientaddr );
336 Debug( LDAP_DEBUG_TRACE, "UDP response to %s port %d\n",
337 inet_ntoa(((struct sockaddr_in *)
338 &op->o_clientaddr)->sin_addr ),
339 ((struct sockaddr_in *) &op->o_clientaddr)->sin_port,
343 send_ldap_response( conn, op, tag, msgid,
344 err, NULL, text, NULL,
345 reqoid, NULL, NULL );
347 Statslog( LDAP_DEBUG_STATS,
348 "conn=%ld op=%ld DISCONNECT err=%ld tag=%lu text=%s\n",
349 (long) op->o_connid, (long) op->o_opid,
350 (long) tag, (long) err, text ? text : "" );
368 assert( !LDAP_API_ERROR( err ) );
370 Debug( LDAP_DEBUG_TRACE, "send_ldap_result: conn=%ld op=%ld p=%d\n",
371 (long) op->o_connid, (long) op->o_opid, op->o_protocol );
372 Debug( LDAP_DEBUG_ARGS, "send_ldap_result: %d:%s:%s\n",
373 err, matched ? matched : "", text ? text : "" );
375 assert( err != LDAP_PARTIAL_RESULTS );
377 if( op->o_tag != LDAP_REQ_SEARCH ) {
378 trim_refs_urls( ref );
381 if ( err == LDAP_REFERRAL ) {
383 err = LDAP_NO_SUCH_OBJECT;
384 } else if ( op->o_protocol < LDAP_VERSION3 ) {
385 err = LDAP_PARTIAL_RESULTS;
392 tag = req2res( op->o_tag );
393 msgid = (tag != LBER_SEQUENCE) ? op->o_msgid : 0;
395 #ifdef LDAP_CONNECTIONLESS
397 ber_pvt_sb_udp_set_dst( conn->c_sb, &op->o_clientaddr );
398 Debug( LDAP_DEBUG_TRACE, "UDP response to %s port %d\n",
399 inet_ntoa(((struct sockaddr_in *)
400 &op->o_clientaddr)->sin_addr ),
401 ((struct sockaddr_in *) &op->o_clientaddr)->sin_port,
406 send_ldap_response( conn, op, tag, msgid,
407 err, matched, text, ref,
410 Statslog( LDAP_DEBUG_STATS,
411 "conn=%ld op=%ld RESULT tag=%lu err=%ld text=%s\n",
412 (long) op->o_connid, (long) op->o_opid,
413 (long) tag, (long) err, text ? text : "" );
428 struct berval **refs,
436 assert( !LDAP_API_ERROR( err ) );
438 Debug( LDAP_DEBUG_TRACE, "send_ldap_search_result %d:%s:%s\n",
439 err, matched ? matched : "", text ? text : "" );
441 assert( err != LDAP_PARTIAL_RESULTS );
443 trim_refs_urls( refs );
445 if( op->o_protocol < LDAP_VERSION3 ) {
446 /* send references in search results */
447 if( err == LDAP_REFERRAL ) {
448 err = LDAP_PARTIAL_RESULTS;
456 /* don't send references in search results */
457 assert( refs == NULL );
460 if( err == LDAP_REFERRAL ) {
465 tag = req2res( op->o_tag );
466 msgid = (tag != LBER_SEQUENCE) ? op->o_msgid : 0;
468 #ifdef LDAP_CONNECTIONLESS
470 ber_pvt_sb_udp_set_dst( conn->c_sb, &op->o_clientaddr );
471 Debug( LDAP_DEBUG_TRACE, "UDP response to %s port %d\n",
472 inet_ntoa(((struct sockaddr_in *)
473 &op->o_clientaddr)->sin_addr ),
474 ((struct sockaddr_in *) &op->o_clientaddr)->sin_port,
479 send_ldap_response( conn, op, tag, msgid,
480 err, matched, text, refs,
483 Statslog( LDAP_DEBUG_STATS,
484 "conn=%ld op=%ld SEARCH RESULT tag=%lu err=%ld text=%s\n",
485 (long) op->o_connid, (long) op->o_opid,
486 (long) tag, (long) err, text ? text : "" );
510 Debug( LDAP_DEBUG_TRACE, "=> send_search_entry: \"%s\"\n", e->e_dn, 0, 0 );
512 if ( ! access_allowed( be, conn, op, e,
513 "entry", NULL, ACL_READ ) )
515 Debug( LDAP_DEBUG_ACL, "acl: access to entry not allowed\n",
522 ber = ber_alloc_t( LBER_USE_DER );
525 Debug( LDAP_DEBUG_ANY, "ber_alloc failed\n", 0, 0, 0 );
526 send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR,
527 NULL, "allocating BER error", NULL, NULL );
531 rc = ber_printf( ber, "{it{s{", op->o_msgid,
532 LDAP_RES_SEARCH_ENTRY, e->e_dn );
535 Debug( LDAP_DEBUG_ANY, "ber_printf failed\n", 0, 0, 0 );
537 send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR,
538 NULL, "encoding dn error", NULL, NULL );
542 /* check for special all user attributes ("*") type */
543 userattrs = ( attrs == NULL ) ? 1
544 : charray_inlist( attrs, LDAP_ALL_USER_ATTRIBUTES );
546 /* check for special all operational attributes ("+") type */
547 opattrs = ( attrs == NULL ) ? 0
548 : charray_inlist( attrs, LDAP_ALL_OPERATIONAL_ATTRIBUTES );
550 for ( a = e->e_attrs; a != NULL; a = a->a_next ) {
551 regmatch_t matches[MAXREMATCHES];
553 if ( attrs == NULL ) {
554 /* all addrs request, skip operational attributes */
555 if( !opattrs && oc_check_operational_attr( a->a_type ) ) {
560 /* specific addrs requested */
561 if ( oc_check_operational_attr( a->a_type ) ) {
562 if( !opattrs && !charray_inlist( attrs, a->a_type ) )
567 if (!userattrs && !charray_inlist( attrs, a->a_type ) )
574 acl = acl_get_applicable( be, op, e, a->a_type,
575 MAXREMATCHES, matches );
577 if ( ! acl_access_allowed( acl, a->a_type, be, conn, e,
578 NULL, op, ACL_READ, edn, matches ) )
583 if (( rc = ber_printf( ber, "{s[" /*]}*/ , a->a_type )) == -1 ) {
584 Debug( LDAP_DEBUG_ANY, "ber_printf failed\n", 0, 0, 0 );
586 send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR,
587 NULL, "encoding type error", NULL, NULL );
592 for ( i = 0; a->a_vals[i] != NULL; i++ ) {
593 if ( a->a_syntax & SYNTAX_DN &&
594 ! acl_access_allowed( acl, a->a_type, be, conn, e, a->a_vals[i], op,
595 ACL_READ, edn, matches) )
600 if (( rc = ber_printf( ber, "O", a->a_vals[i] )) == -1 ) {
601 Debug( LDAP_DEBUG_ANY,
602 "ber_printf failed\n", 0, 0, 0 );
604 send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR,
605 NULL, "encoding value error", NULL, NULL );
611 if (( rc = ber_printf( ber, /*{[*/ "]}" )) == -1 ) {
612 Debug( LDAP_DEBUG_ANY, "ber_printf failed\n", 0, 0, 0 );
614 send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR,
615 NULL, "encode end error", NULL, NULL );
620 #ifdef SLAPD_SCHEMA_DN
621 /* eventually will loop through generated operational attributes */
622 /* only have subschemaSubentry implemented */
623 a = backend_subschemasubentry( be );
626 regmatch_t matches[MAXREMATCHES];
628 if ( attrs == NULL ) {
629 /* all addrs request, skip operational attributes */
630 if( !opattrs && oc_check_operational_attr( a->a_type ) ) {
635 /* specific addrs requested */
636 if ( oc_check_operational_attr( a->a_type ) ) {
637 if( !opattrs && !charray_inlist( attrs, a->a_type ) )
642 if (!userattrs && !charray_inlist( attrs, a->a_type ) )
649 acl = acl_get_applicable( be, op, e, a->a_type,
650 MAXREMATCHES, matches );
652 if ( ! acl_access_allowed( acl, a->a_type, be, conn, e,
653 NULL, op, ACL_READ, edn, matches ) )
658 if (( rc = ber_printf( ber, "{s[" /*]}*/ , a->a_type )) == -1 ) {
659 Debug( LDAP_DEBUG_ANY, "ber_printf failed\n", 0, 0, 0 );
661 send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR,
662 NULL, "encoding type error", NULL, NULL );
667 for ( i = 0; a->a_vals[i] != NULL; i++ ) {
668 if ( a->a_syntax & SYNTAX_DN &&
669 ! acl_access_allowed( acl, a->a_type, be, conn, e, a->a_vals[i], op,
670 ACL_READ, edn, matches) )
675 if (( rc = ber_printf( ber, "O", a->a_vals[i] )) == -1 ) {
676 Debug( LDAP_DEBUG_ANY,
677 "ber_printf failed\n", 0, 0, 0 );
679 send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR,
680 NULL, "encoding value error", NULL, NULL );
686 if (( rc = ber_printf( ber, /*{[*/ "]}" )) == -1 ) {
687 Debug( LDAP_DEBUG_ANY, "ber_printf failed\n", 0, 0, 0 );
689 send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR,
690 NULL, "encode end error", NULL, NULL );
696 rc = ber_printf( ber, /*{{{*/ "}}}" );
699 Debug( LDAP_DEBUG_ANY, "ber_printf failed\n", 0, 0, 0 );
701 send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR,
702 NULL, "encode entry end error", NULL, NULL );
706 bytes = send_ldap_ber( conn, ber );
710 Debug( LDAP_DEBUG_ANY,
711 "send_ldap_response: ber write failed\n",
716 ldap_pvt_thread_mutex_lock( &num_sent_mutex );
717 num_bytes_sent += bytes;
720 ldap_pvt_thread_mutex_unlock( &num_sent_mutex );
722 Statslog( LDAP_DEBUG_STATS2, "conn=%ld op=%ld ENTRY dn=\"%s\"\n",
723 (long) conn->c_connid, (long) op->o_opid, e->e_dn, 0, 0 );
725 Debug( LDAP_DEBUG_TRACE, "<= send_search_entry\n", 0, 0, 0 );
734 send_search_reference(
739 struct berval **refs,
742 struct berval ***v2refs
749 Debug( LDAP_DEBUG_TRACE, "=> send_search_reference (%s)\n", e->e_dn, 0, 0 );
751 if ( ! access_allowed( be, conn, op, e,
752 "entry", NULL, ACL_READ ) )
754 Debug( LDAP_DEBUG_ACL,
755 "send_search_reference: access to entry not allowed\n",
760 if ( ! access_allowed( be, conn, op, e,
761 "ref", NULL, ACL_READ ) )
763 Debug( LDAP_DEBUG_ACL,
764 "send_search_reference: access to reference not allowed\n",
770 Debug( LDAP_DEBUG_ANY,
771 "send_search_reference: null ref in (%s)\n",
776 if( op->o_protocol < LDAP_VERSION3 ) {
777 /* save the references for the result */
778 if( *refs == NULL ) {
779 value_add( v2refs, refs );
784 ber = ber_alloc_t( LBER_USE_DER );
787 Debug( LDAP_DEBUG_ANY,
788 "send_search_reference: ber_alloc failed\n", 0, 0, 0 );
789 send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR,
790 NULL, "alloc BER error", NULL, NULL );
794 rc = ber_printf( ber, "{it{V}}", op->o_msgid,
795 LDAP_RES_SEARCH_REFERENCE, refs );
798 Debug( LDAP_DEBUG_ANY,
799 "send_search_reference: ber_printf failed\n", 0, 0, 0 );
801 send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR,
802 NULL, "encode dn error", NULL, NULL );
806 bytes = send_ldap_ber( conn, ber );
809 ldap_pvt_thread_mutex_lock( &num_sent_mutex );
810 num_bytes_sent += bytes;
813 ldap_pvt_thread_mutex_unlock( &num_sent_mutex );
815 Statslog( LDAP_DEBUG_STATS2, "conn=%ld op=%ld ENTRY dn=\"%s\"\n",
816 (long) conn->c_connid, (long) op->o_opid, e->e_dn, 0, 0 );
818 Debug( LDAP_DEBUG_TRACE, "<= send_search_reference\n", 0, 0, 0 );
835 *code = LDAP_SUCCESS;
839 if ( strncasecmp( s, "RESULT", 6 ) != 0 ) {
840 Debug( LDAP_DEBUG_ANY, "str2result (%s) expecting \"RESULT\"\n",
847 while ( (s = strchr( s, '\n' )) != NULL ) {
852 if ( (c = strchr( s, ':' )) != NULL ) {
856 if ( strncasecmp( s, "code", 4 ) == 0 ) {
860 } else if ( strncasecmp( s, "matched", 7 ) == 0 ) {
864 } else if ( strncasecmp( s, "info", 4 ) == 0 ) {
869 Debug( LDAP_DEBUG_ANY, "str2result (%s) unknown\n",
projects / openldap / blob