return tag;
}
+#ifdef RS_ASSERT
+#elif 0 && defined LDAP_DEVEL /* FIXME: this should not crash. ITS#5340. */
+#define RS_ASSERT assert
+#else
+#define RS_ASSERT(cond) ((void) 0)
+#endif
+
+/* Set rs->sr_entry after obyeing and clearing sr_flags & REP_ENTRY_MASK. */
+void
+rs_replace_entry( Operation *op, SlapReply *rs, slap_overinst *on, Entry *e )
+{
+ slap_mask_t e_flags = rs->sr_flags & REP_ENTRY_MUSTFLUSH;
+
+ if ( e_flags && rs->sr_entry != NULL ) {
+ RS_ASSERT( e_flags != REP_ENTRY_MUSTFLUSH );
+ if ( !(e_flags & REP_ENTRY_MUSTRELEASE) ) {
+ entry_free( rs->sr_entry );
+ } else if ( on != NULL ) {
+ overlay_entry_release_ov( op, rs->sr_entry, 0, on );
+ } else {
+ be_entry_release_rw( op, rs->sr_entry, 0 );
+ }
+ }
+ rs->sr_flags &= ~REP_ENTRY_MASK;
+ rs->sr_entry = e;
+}
+
+/*
+ * Ensure rs->sr_entry is modifiable, by duplicating it if necessary.
+ * Obey sr_flags. Set REP_ENTRY_<MODIFIABLE, and MUSTBEFREED if duplicated>.
+ * Return nonzero if rs->sr_entry was replaced.
+ */
+int
+rs_ensure_entry_modifiable( Operation *op, SlapReply *rs, slap_overinst *on )
+{
+ if ( rs->sr_flags & REP_ENTRY_MODIFIABLE ) {
+ RS_ASSERT((rs->sr_flags & REP_ENTRY_MUSTFLUSH)==REP_ENTRY_MUSTBEFREED);
+ return 0;
+ }
+ rs_replace_entry( op, rs, on, entry_dup( rs->sr_entry ));
+ rs->sr_flags |= REP_ENTRY_MODIFIABLE | REP_ENTRY_MUSTBEFREED;
+ return 1;
+}
+
static long send_ldap_ber(
- Connection *conn,
+ Operation *op,
BerElement *ber )
{
+ Connection *conn = op->o_conn;
ber_len_t bytes;
long ret = 0;
- int closing = 0;
ber_get_option( ber, LBER_OPT_BER_BYTES_TO_WRITE, &bytes );
/* write only one pdu at a time - wait til it's our turn */
ldap_pvt_thread_mutex_lock( &conn->c_write1_mutex );
- if ( connection_state_closing( conn )) {
+ if (( op->o_abandon && !op->o_cancel ) || !connection_valid( conn ) ||
+ conn->c_writers < 0 ) {
ldap_pvt_thread_mutex_unlock( &conn->c_write1_mutex );
return 0;
}
- while ( conn->c_writers > 0 ) {
+
+ conn->c_writers++;
+
+ while ( conn->c_writers > 0 && conn->c_writing ) {
ldap_pvt_thread_cond_wait( &conn->c_write1_cv, &conn->c_write1_mutex );
}
+
/* connection was closed under us */
if ( conn->c_writers < 0 ) {
- closing = 1;
/* we're the last waiter, let the closer continue */
if ( conn->c_writers == -1 )
ldap_pvt_thread_cond_signal( &conn->c_write1_cv );
- }
-
- conn->c_writers++;
-
- if ( closing ) {
+ conn->c_writers++;
ldap_pvt_thread_mutex_unlock( &conn->c_write1_mutex );
return 0;
}
+ /* Our turn */
+ conn->c_writing = 1;
+
/* write the pdu */
while( 1 ) {
int err;
/* lock the connection */
if ( ldap_pvt_thread_mutex_trylock( &conn->c_mutex )) {
+ if ( !connection_valid(conn)) {
+ ret = 0;
+ break;
+ }
ldap_pvt_thread_mutex_unlock( &conn->c_write1_mutex );
ldap_pvt_thread_mutex_lock( &conn->c_write1_mutex );
if ( conn->c_writers < 0 ) {
err, sock_errstr(err), 0 );
if ( err != EWOULDBLOCK && err != EAGAIN ) {
+ conn->c_writers--;
+ conn->c_writing = 0;
ldap_pvt_thread_mutex_unlock( &conn->c_write1_mutex );
connection_closing( conn, "connection lost on write" );
ldap_pvt_thread_mutex_unlock( &conn->c_mutex );
- ldap_pvt_thread_mutex_lock( &conn->c_write1_mutex );
-
- ret = -1;
- break;
+ return -1;
}
/* wait for socket to be write-ready */
ldap_pvt_thread_mutex_lock( &conn->c_write2_mutex );
conn->c_writewaiter = 1;
- slapd_set_write( conn->c_sd, 1 );
+ slapd_set_write( conn->c_sd, 2 );
ldap_pvt_thread_mutex_unlock( &conn->c_write1_mutex );
ldap_pvt_thread_mutex_unlock( &conn->c_mutex );
}
}
+ conn->c_writing = 0;
if ( conn->c_writers < 0 ) {
conn->c_writers++;
if ( !conn->c_writers )
ber_printf( sber, "{e}", LDAP_UNWILLING_TO_PERFORM );
- if( ber_flatten2( ber, &sorted.ldctl_value, 0 ) == -1 ) {
+ if( ber_flatten2( sber, &sorted.ldctl_value, 0 ) == -1 ) {
return -1;
}
- (void) ber_free_buf( ber );
+ (void) ber_free_buf( sber );
rc = send_ldap_control( ber, &sorted );
if( rc == -1 ) return rc;
int rc = LDAP_SUCCESS;
long bytes;
- if ( rs->sr_err == SLAPD_ABANDON || op->o_abandon ) {
+ if (( rs->sr_err == SLAPD_ABANDON || op->o_abandon ) && !op->o_cancel ) {
rc = SLAPD_ABANDON;
goto clean2;
}
ber_set_option( ber, LBER_OPT_BER_MEMCTX, &op->o_tmpmemctx );
}
+ rc = rs->sr_err;
+ if ( rc == SLAPD_ABANDON && op->o_cancel )
+ rc = LDAP_CANCELLED;
+
Debug( LDAP_DEBUG_TRACE,
"send_ldap_response: msgid=%d tag=%lu err=%d\n",
- rs->sr_msgid, rs->sr_tag, rs->sr_err );
+ rs->sr_msgid, rs->sr_tag, rc );
if( rs->sr_ref ) {
Debug( LDAP_DEBUG_ARGS, "send_ldap_response: ref=\"%s\"\n",
op->o_protocol == LDAP_VERSION2 )
{
rc = ber_printf( ber, "t{ess" /*"}"*/,
- rs->sr_tag, rs->sr_err,
+ rs->sr_tag, rc,
rs->sr_matched == NULL ? "" : rs->sr_matched,
rs->sr_text == NULL ? "" : rs->sr_text );
} else
} else {
rc = ber_printf( ber, "{it{ess" /*"}}"*/,
- rs->sr_msgid, rs->sr_tag, rs->sr_err,
+ rs->sr_msgid, rs->sr_tag, rc,
rs->sr_matched == NULL ? "" : rs->sr_matched,
rs->sr_text == NULL ? "" : rs->sr_text );
}
}
/* send BER */
- bytes = send_ldap_ber( op->o_conn, ber );
+ bytes = send_ldap_ber( op, ber );
#ifdef LDAP_CONNECTIONLESS
if (!op->o_conn || op->o_conn->c_is_udp == 0)
#endif
assert( LDAP_UNSOLICITED_ERROR( rs->sr_err ) );
rs->sr_type = REP_EXTENDED;
+ rs->sr_rspdata = NULL;
Debug( LDAP_DEBUG_TRACE,
"send_ldap_disconnect %d:%s\n",
AccessControlState acl_state = ACL_STATE_INIT;
int attrsonly;
AttributeDescription *ad_entry = slap_schema.si_ad_entry;
+ AclCheck ak;
/* a_flags: array of flags telling if the i-th element will be
* returned or filtered out
attrsonly = op->ors_attrsonly;
- if ( !access_allowed( op, rs->sr_entry, ad_entry, NULL, ACL_READ, NULL )) {
+ ak.ak_e = rs->sr_entry;
+ ak.ak_desc = ad_entry;
+ ak.ak_val = NULL;
+ ak.ak_access = ACL_READ;
+ ak.ak_state = NULL;
+ if ( !access_allowed( op, &ak )) {
Debug( LDAP_DEBUG_ACL,
"send_search_entry: conn %lu access to entry (%s) not allowed\n",
op->o_connid, rs->sr_entry->e_name.bv_val, 0 );
if( e_flags == NULL ) {
Debug( LDAP_DEBUG_ANY,
"send_search_entry: conn %lu slap_sl_calloc failed\n",
- op->o_connid ? op->o_connid : 0, 0, 0 );
+ op->o_connid, 0, 0 );
ber_free( ber, 1 );
send_ldap_error( op, rs, LDAP_OTHER, "out of memory" );
if ( rc == -1 ) {
Debug( LDAP_DEBUG_ANY, "send_search_entry: "
"conn %lu matched values filtering failed\n",
- op->o_connid ? op->o_connid : 0, 0, 0 );
+ op->o_connid, 0, 0 );
if ( op->o_res_ber == NULL ) ber_free_buf( ber );
send_ldap_error( op, rs, LDAP_OTHER,
"matched values filtering error" );
}
}
+ ak.ak_state = &acl_state;
for ( a = rs->sr_entry->e_attrs, j = 0; a != NULL; a = a->a_next, j++ ) {
AttributeDescription *desc = a->a_desc;
int finish = 0;
}
}
+ ak.ak_desc = desc;
if ( attrsonly ) {
- if ( ! access_allowed( op, rs->sr_entry, desc, NULL,
- ACL_READ, &acl_state ) )
+ if ( ! access_allowed( op, &ak ))
{
Debug( LDAP_DEBUG_ACL, "send_search_entry: "
"conn %lu access to attribute %s not allowed\n",
} else {
int first = 1;
for ( i = 0; a->a_nvals[i].bv_val != NULL; i++ ) {
- if ( ! access_allowed( op, rs->sr_entry,
- desc, &a->a_nvals[i], ACL_READ, &acl_state ) )
+ ak.ak_val = &a->a_nvals[i];
+ if ( ! access_allowed( op, &ak ))
{
Debug( LDAP_DEBUG_ACL,
"send_search_entry: conn %lu "
Debug( LDAP_DEBUG_ANY,
"send_search_entry: conn %lu "
"matched values filtering failed\n",
- op->o_connid ? op->o_connid : 0, 0, 0);
+ op->o_connid, 0, 0);
if ( op->o_res_ber == NULL ) ber_free_buf( ber );
send_ldap_error( op, rs, LDAP_OTHER,
"matched values filtering error" );
}
}
- if ( ! access_allowed( op, rs->sr_entry, desc, NULL,
- ACL_READ, &acl_state ) )
+ ak.ak_desc = desc;
+ if ( ! access_allowed( op, &ak ))
{
Debug( LDAP_DEBUG_ACL,
"send_search_entry: conn %lu "
if ( ! attrsonly ) {
for ( i = 0; a->a_vals[i].bv_val != NULL; i++ ) {
- if ( ! access_allowed( op, rs->sr_entry,
- desc, &a->a_vals[i], ACL_READ, &acl_state ) )
+ ak.ak_val = &a->a_vals[i];
+ if ( ! access_allowed( op, &ak ))
{
Debug( LDAP_DEBUG_ACL,
"send_search_entry: conn %lu "
}
if ( op->o_res_ber == NULL ) {
- bytes = send_ldap_ber( op->o_conn, ber );
+ bytes = send_ldap_ber( op, ber );
ber_free_buf( ber );
if ( bytes < 0 ) {
"=> send_search_reference: dn=\"%s\"\n",
edn, 0, 0 );
- if ( rs->sr_entry && ! access_allowed( op, rs->sr_entry,
- ad_entry, NULL, ACL_READ, NULL ) )
+ if ( rs->sr_entry )
{
- Debug( LDAP_DEBUG_ACL,
- "send_search_reference: access to entry not allowed\n",
- 0, 0, 0 );
- rc = 1;
- goto rel;
- }
+ AclCheck ak = { rs->sr_entry, ad_entry, NULL, ACL_READ, NULL };
- if ( rs->sr_entry && ! access_allowed( op, rs->sr_entry,
- ad_ref, NULL, ACL_READ, NULL ) )
- {
- Debug( LDAP_DEBUG_ACL,
- "send_search_reference: access "
- "to reference not allowed\n",
- 0, 0, 0 );
- rc = 1;
- goto rel;
+ if ( !access_allowed( op, &ak ))
+ {
+ Debug( LDAP_DEBUG_ACL,
+ "send_search_reference: access to entry not allowed\n",
+ 0, 0, 0 );
+ rc = 1;
+ goto rel;
+ }
+
+ ak.ak_desc = ad_ref;
+ if ( !access_allowed( op, &ak ))
+ {
+ Debug( LDAP_DEBUG_ACL,
+ "send_search_reference: access "
+ "to reference not allowed\n",
+ 0, 0, 0 );
+ rc = 1;
+ goto rel;
+ }
}
if( op->o_domain_scope ) {
#ifdef LDAP_CONNECTIONLESS
if (!op->o_conn || op->o_conn->c_is_udp == 0) {
#endif
- bytes = send_ldap_ber( op->o_conn, ber );
+ bytes = send_ldap_ber( op, ber );
ber_free_buf( ber );
if ( bytes < 0 ) {
flags |= ( SLAP_OPATTRS_NO | SLAP_USERATTRS_YES );
} else {
- flags |= an_find( an, &AllOper )
+ flags |= an_find( an, slap_bv_all_operational_attrs )
? SLAP_OPATTRS_YES : SLAP_OPATTRS_NO;
- flags |= an_find( an, &AllUser )
+ flags |= an_find( an, slap_bv_all_user_attrs )
? SLAP_USERATTRS_YES : SLAP_USERATTRS_NO;
}
return flags;
}
-