/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1999-2006 The OpenLDAP Foundation.
+ * Copyright 1999-2007 The OpenLDAP Foundation.
* Portions Copyright 1999-2003 Howard Chu.
* Portions Copyright 2000-2003 Pierangelo Masarati.
* All rights reserved.
{
ldapinfo_t *li = (ldapinfo_t *) op->o_bd->be_private;
- ldapconn_t *lc;
+ ldapconn_t *lc = NULL;
struct timeval tv;
- time_t stoptime = (time_t)-1;
+ time_t stoptime = (time_t)(-1);
LDAPMessage *res,
*e;
int rc = 0,
msgid;
struct berval match = BER_BVNULL,
filter = BER_BVNULL;
+ int free_filter = 0;
int i;
char **attrs = NULL;
int freetext = 0;
int do_retry = 1, dont_retry = 0;
LDAPControl **ctrls = NULL;
+ char **references = NULL;
+
/* FIXME: shouldn't this be null? */
const char *save_matched = rs->sr_matched;
- lc = ldap_back_getconn( op, rs, LDAP_BACK_SENDERR );
- if ( !lc || !ldap_back_dobind( lc, op, rs, LDAP_BACK_SENDERR ) ) {
+ if ( !ldap_back_dobind( &lc, op, rs, LDAP_BACK_SENDERR ) ) {
return rs->sr_err;
}
}
ctrls = op->o_ctrls;
- rc = ldap_back_proxy_authz_ctrl( &lc->lc_bound_ndn,
- li->li_version, &li->li_idassert, op, rs, &ctrls );
+ rc = ldap_back_controls_add( op, rs, lc, &ctrls );
if ( rc != LDAP_SUCCESS ) {
goto finish;
}
case LDAP_FILTER_ERROR:
if ( ldap_back_munge_filter( op, &filter ) ) {
+ free_filter = 1;
goto retry;
}
}
}
+ /* if needed, initialize timeout */
+ if ( li->li_timeout[ SLAP_OP_SEARCH ] ) {
+ if ( tv.tv_sec == 0 || tv.tv_sec > li->li_timeout[ SLAP_OP_SEARCH ] ) {
+ tv.tv_sec = li->li_timeout[ SLAP_OP_SEARCH ];
+ tv.tv_usec = 0;
+ }
+ }
+
/* We pull apart the ber result, stuff it into a slapd entry, and
* let send_search_entry stuff it back into ber format. Slow & ugly,
* but this is necessary for version matching, and for ACL processing.
*/
- for ( rc = 0; rc != -1; rc = ldap_result( lc->lc_ld, msgid, LDAP_MSG_ONE, &tv, &res ) )
+ for ( rc = -2; rc != -1; rc = ldap_result( lc->lc_ld, msgid, LDAP_MSG_ONE, &tv, &res ) )
{
/* check for abandon */
- if ( op->o_abandon ) {
+ if ( op->o_abandon || LDAP_BACK_CONN_ABANDON( lc ) ) {
if ( rc > 0 ) {
ldap_msgfree( res );
}
goto finish;
}
- if ( rc == 0 ) {
- LDAP_BACK_TV_SET( &tv );
+ if ( rc == 0 || rc == -2 ) {
ldap_pvt_thread_yield();
+ /* check timeout */
+ if ( li->li_timeout[ SLAP_OP_SEARCH ] ) {
+ if ( rc == 0 ) {
+ (void)ldap_back_cancel( lc, op, rs, msgid, LDAP_BACK_DONTSEND );
+ rs->sr_text = "Operation timed out";
+ rc = rs->sr_err = op->o_protocol >= LDAP_VERSION3 ?
+ LDAP_ADMINLIMIT_EXCEEDED : LDAP_OTHER;
+ goto finish;
+ }
+
+ } else {
+ LDAP_BACK_TV_SET( &tv );
+ }
+
/* check time limit */
if ( op->ors_tlimit != SLAP_NO_LIMIT
&& slap_get_time() > stoptime )
continue;
} else {
+ /* only touch when activity actually took place... */
+ if ( li->li_idle_timeout && lc ) {
+ lc->lc_time = op->o_time;
+ }
+
/* don't retry any more */
dont_retry = 1;
}
e = ldap_first_entry( lc->lc_ld, res );
rc = ldap_build_entry( op, e, &ent, &bdn );
if ( rc == LDAP_SUCCESS ) {
+ ldap_get_entry_controls( lc->lc_ld, res, &rs->sr_ctrls );
rs->sr_entry = &ent;
rs->sr_attrs = op->ors_attrs;
rs->sr_operational_attrs = NULL;
rs->sr_flags = 0;
rs->sr_err = LDAP_SUCCESS;
rc = rs->sr_err = send_search_entry( op, rs );
+ if ( rs->sr_ctrls ) {
+ ldap_controls_free( rs->sr_ctrls );
+ rs->sr_ctrls = NULL;
+ }
+ rs->sr_entry = NULL;
if ( !BER_BVISNULL( &ent.e_name ) ) {
assert( ent.e_name.bv_val != bdn.bv_val );
op->o_tmpfree( ent.e_name.bv_val, op->o_tmpmemctx );
}
} else if ( rc == LDAP_RES_SEARCH_REFERENCE ) {
- char **references = NULL;
-
do_retry = 0;
rc = ldap_parse_reference( lc->lc_ld, res,
&references, &rs->sr_ctrls, 1 );
BER_BVZERO( &rs->sr_ref[ cnt ] );
/* ignore return value by now */
+ rs->sr_entry = NULL;
( void )send_search_reference( op, rs );
} else {
ber_memvfree( (void **)references );
op->o_tmpfree( rs->sr_ref, op->o_tmpmemctx );
rs->sr_ref = NULL;
+ references = NULL;
}
if ( rs->sr_ctrls ) {
}
} else {
- char **references = NULL, *err = NULL;
+ char *err = NULL;
rc = ldap_parse_result( lc->lc_ld, res, &rs->sr_err,
&match.bv_val, &err,
freetext = 1;
}
- if ( references && references[ 0 ] && references[ 0 ][ 0 ] ) {
- int cnt;
-
+ /* RFC 4511: referrals can only appear
+ * if result code is LDAP_REFERRAL */
+ if ( references
+ && references[ 0 ]
+ && references[ 0 ][ 0 ] )
+ {
if ( rs->sr_err != LDAP_REFERRAL ) {
- /* FIXME: error */
Debug( LDAP_DEBUG_ANY,
"%s ldap_back_search: "
- "got referrals with %d\n",
+ "got referrals with err=%d\n",
op->o_log_prefix,
rs->sr_err, 0 );
- rs->sr_err = LDAP_REFERRAL;
- }
- for ( cnt = 0; references[ cnt ]; cnt++ )
- /* NO OP */ ;
+ } else {
+ int cnt;
+
+ for ( cnt = 0; references[ cnt ]; cnt++ )
+ /* NO OP */ ;
- rs->sr_ref = op->o_tmpalloc( ( cnt + 1 ) * sizeof( struct berval ),
- op->o_tmpmemctx );
+ rs->sr_ref = op->o_tmpalloc( ( cnt + 1 ) * sizeof( struct berval ),
+ op->o_tmpmemctx );
- for ( cnt = 0; references[ cnt ]; cnt++ ) {
- /* duplicating ...*/
- ber_str2bv( references[ cnt ], 0, 1, &rs->sr_ref[ cnt ] );
+ for ( cnt = 0; references[ cnt ]; cnt++ ) {
+ /* duplicating ...*/
+ ber_str2bv( references[ cnt ], 0, 0, &rs->sr_ref[ cnt ] );
+ }
+ BER_BVZERO( &rs->sr_ref[ cnt ] );
}
- BER_BVZERO( &rs->sr_ref[ cnt ] );
+
+ } else if ( rs->sr_err == LDAP_REFERRAL ) {
+ Debug( LDAP_DEBUG_ANY,
+ "%s ldap_back_search: "
+ "got err=%d with null "
+ "or empty referrals\n",
+ op->o_log_prefix,
+ rs->sr_err, 0 );
+
+ rs->sr_err = LDAP_NO_SUCH_OBJECT;
}
if ( match.bv_val != NULL ) {
match.bv_len = strlen( match.bv_val );
}
- /* cleanup */
- if ( references ) {
- ber_memvfree( (void **)references );
- }
-
rc = 0;
break;
}
+
+ /* if needed, restore timeout */
+ if ( li->li_timeout[ SLAP_OP_SEARCH ] ) {
+ if ( tv.tv_sec == 0 || tv.tv_sec > li->li_timeout[ SLAP_OP_SEARCH ] ) {
+ tv.tv_sec = li->li_timeout[ SLAP_OP_SEARCH ];
+ tv.tv_usec = 0;
+ }
+ }
}
if ( rc == -1 && dont_retry == 0 ) {
ldap_back_quarantine( op, rs );
}
- if ( rc != SLAPD_ABANDON ) {
+#if 0
+ /* let send_ldap_result play cleanup handlers (ITS#4645) */
+ if ( rc != SLAPD_ABANDON )
+#endif
+ {
send_ldap_result( op, rs );
}
- (void)ldap_back_proxy_authz_ctrl_free( op, &ctrls );
+ (void)ldap_back_controls_free( op, rs, &ctrls );
if ( rs->sr_ctrls ) {
ldap_controls_free( rs->sr_ctrls );
rs->sr_matched = save_matched;
}
- if ( !BER_BVISNULL( &filter ) && filter.bv_val != op->ors_filterstr.bv_val ) {
+ if ( free_filter ) {
op->o_tmpfree( filter.bv_val, op->o_tmpmemctx );
}
}
if ( rs->sr_ref ) {
- ber_bvarray_free_x( rs->sr_ref, op->o_tmpmemctx );
+ op->o_tmpfree( rs->sr_ref, op->o_tmpmemctx );
rs->sr_ref = NULL;
}
+ if ( references ) {
+ ber_memvfree( (void **)references );
+ }
+
if ( attrs ) {
ch_free( attrs );
}
if ( lc != NULL ) {
- ldap_back_release_conn( op, rs, lc );
+ ldap_back_release_conn( li, lc );
}
return rs->sr_err;
slap_syntax_validate_func *validate;
slap_syntax_transform_func *pretty;
- attr = (Attribute *)ch_malloc( sizeof( Attribute ) );
+ attr = attr_alloc( NULL );
if ( attr == NULL ) {
continue;
}
- attr->a_flags = 0;
- attr->a_next = 0;
- attr->a_desc = NULL;
if ( slap_bv2ad( &a, &attr->a_desc, &text )
!= LDAP_SUCCESS )
{
"%s ldap_build_entry: "
"slap_bv2undef_ad(%s): %s\n",
op->o_log_prefix, a.bv_val, text );
- ch_free( attr );
+ attr_free( attr );
continue;
}
}
*/
( void )ber_scanf( &ber, "x" /* [W] */ );
- ch_free( attr );
+ attr_free( attr );
continue;
}
if ( rc != LDAP_SUCCESS ) {
BER_BVZERO( &attr->a_nvals[i] );
- ch_free( attr );
+ attr_free( attr );
goto next_attr;
}
}
{
ldapinfo_t *li = (ldapinfo_t *) op->o_bd->be_private;
- ldapconn_t *lc;
+ ldapconn_t *lc = NULL;
int rc = 1,
do_not_cache;
struct berval bdn;
/* Tell getconn this is a privileged op */
do_not_cache = op->o_do_not_cache;
op->o_do_not_cache = 1;
- lc = ldap_back_getconn( op, &rs, LDAP_BACK_DONTSEND );
- if ( !lc || !ldap_back_dobind( lc, op, &rs, LDAP_BACK_DONTSEND ) ) {
+ if ( !ldap_back_dobind( &lc, op, &rs, LDAP_BACK_DONTSEND ) ) {
op->o_do_not_cache = do_not_cache;
return rs.sr_err;
}
*ptr++ = '\0';
}
+retry:
ctrls = op->o_ctrls;
- rc = ldap_back_proxy_authz_ctrl( &lc->lc_bound_ndn,
- li->li_version, &li->li_idassert, op, &rs, &ctrls );
+ rc = ldap_back_controls_add( op, &rs, lc, &ctrls );
if ( rc != LDAP_SUCCESS ) {
goto cleanup;
}
-retry:
rc = ldap_search_ext_s( lc->lc_ld, ndn->bv_val, LDAP_SCOPE_BASE, filter,
attrp, 0, ctrls, NULL,
NULL, LDAP_NO_LIMIT, &result );
if ( rc == LDAP_SERVER_DOWN && do_retry ) {
do_retry = 0;
if ( ldap_back_retry( &lc, op, &rs, LDAP_BACK_DONTSEND ) ) {
+ /* if the identity changed, there might be need to re-authz */
+ (void)ldap_back_controls_free( op, &rs, &ctrls );
goto retry;
}
}
goto cleanup;
}
- *ent = ch_calloc( 1, sizeof( Entry ) );
+ *ent = entry_alloc();
if ( *ent == NULL ) {
rc = LDAP_NO_MEMORY;
goto cleanup;
rc = ldap_build_entry( op, e, *ent, &bdn );
if ( rc != LDAP_SUCCESS ) {
- ch_free( *ent );
+ entry_free( *ent );
*ent = NULL;
}
cleanup:
- (void)ldap_back_proxy_authz_ctrl_free( op, &ctrls );
+ (void)ldap_back_controls_free( op, &rs, &ctrls );
if ( result ) {
ldap_msgfree( result );
}
if ( lc != NULL ) {
- ldap_back_release_conn( op, &rs, lc );
+ ldap_back_release_conn( li, lc );
}
return rc;
projects / openldap / blobdiff