X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=servers%2Fslapd%2Fresult.c;h=1d87d215067144083887ba7c21ac932005ef1c66;hb=7c41666c5e92beb301c10b9a71f45834255dcc21;hp=7a7000d625850a74cfb04581ace1939d5107725e;hpb=49f414738569096eae2c94a4f05f0f3f2636b8b7;p=openldap diff --git a/servers/slapd/result.c b/servers/slapd/result.c index 7a7000d625..1d87d21506 100644 --- a/servers/slapd/result.c +++ b/servers/slapd/result.c @@ -1,7 +1,7 @@ /* result.c - routines to send ldap results, errors, and referrals */ /* $OpenLDAP$ */ /* - * Copyright 1998-2000 The OpenLDAP Foundation, All Rights Reserved. + * Copyright 1998-2003 The OpenLDAP Foundation, All Rights Reserved. * COPYING RESTRICTIONS APPLY, see COPYRIGHT file */ @@ -11,48 +11,69 @@ #include #include -#include #include #include #include #include #include "slap.h" +#include "slapi.h" -static char *v2ref( struct berval **ref, const char *text ) +static char *v2ref( BerVarray ref, const char *text ) { size_t len = 0, i = 0; char *v2; - if(ref == NULL) - { - if (text) - return ch_strdup(text); - else - return NULL; + if(ref == NULL) { + if (text) { + return ch_strdup(text); + } else { + return NULL; + } } - if (text) { + if ( text != NULL ) { len = strlen( text ); - if (text[len-1] != '\n') + if (text[len-1] != '\n') { i = 1; + } } - v2 = ch_malloc( len+i+sizeof("Referral:") ); - if (text) { + + v2 = SLAP_MALLOC( len+i+sizeof("Referral:") ); + if( v2 == NULL ) { +#ifdef NEW_LOGGING + LDAP_LOG( OPERATION, ERR, "v2ref: SLAP_MALLOC failed", 0, 0, 0 ); +#else + Debug( LDAP_DEBUG_ANY, "v2ref: SLAP_MALLOC failed", 0, 0, 0 ); +#endif + return NULL; + } + + if( text != NULL ) { strcpy(v2, text); - if (i) + if( i ) { v2[len++] = '\n'; + } } strcpy( v2+len, "Referral:" ); len += sizeof("Referral:"); - for( i=0; ref[i] != NULL; i++ ) { - v2 = ch_realloc( v2, len + ref[i]->bv_len + 1 ); + for( i=0; ref[i].bv_val != NULL; i++ ) { + v2 = SLAP_REALLOC( v2, len + ref[i].bv_len + 1 ); + if( v2 == NULL ) { +#ifdef NEW_LOGGING + LDAP_LOG( OPERATION, ERR, "v2ref: SLAP_MALLOC failed", 0, 0, 0 ); +#else + Debug( LDAP_DEBUG_ANY, "v2ref: SLAP_MALLOC failed", 0, 0, 0 ); +#endif + return NULL; + } v2[len-1] = '\n'; - memcpy(&v2[len], ref[i]->bv_val, ref[i]->bv_len ); - len += ref[i]->bv_len; - if (ref[i]->bv_val[ref[i]->bv_len-1] != '/') + AC_MEMCPY(&v2[len], ref[i].bv_val, ref[i].bv_len ); + len += ref[i].bv_len; + if (ref[i].bv_val[ref[i].bv_len-1] != '/') { ++len; + } } v2[len-1] = '\0'; @@ -85,91 +106,10 @@ static ber_tag_t req2res( ber_tag_t tag ) break; default: - assert( 0 ); - tag = LBER_ERROR; - } - return tag; -} - -static void trim_refs_urls( - struct berval **refs ) -{ - unsigned i; - - if( refs == NULL ) return; - - for( i=0; refs[i] != NULL; i++ ) { - if( refs[i]->bv_len > sizeof("ldap://")-1 && - strncasecmp( refs[i]->bv_val, "ldap://", - sizeof("ldap://")-1 ) == 0 ) - { - unsigned j; - for( j=sizeof("ldap://")-1; jbv_len ; j++ ) { - if( refs[i]->bv_val[j] == '/' ) { - refs[i]->bv_val[j] = '\0'; - refs[i]->bv_len = j; - break; - } - } - } - } -} - -struct berval **get_entry_referrals( - Backend *be, - Connection *conn, - Operation *op, - Entry *e ) -{ - Attribute *attr; - struct berval **refs; - unsigned i, j; - - AttributeDescription *ad_ref = slap_schema.si_ad_ref; - - attr = attr_find( e->e_attrs, ad_ref ); - - if( attr == NULL ) return NULL; - - for( i=0; attr->a_vals[i] != NULL; i++ ) { - /* count references */ - } - - if( i < 1 ) return NULL; - - refs = ch_malloc( (i + 1) * sizeof(struct berval *)); - - for( i=0, j=0; attr->a_vals[i] != NULL; i++ ) { - unsigned k; - struct berval *ref = ber_bvdup( attr->a_vals[i] ); - - /* trim the label */ - for( k=0; kbv_len; k++ ) { - if( isspace(ref->bv_val[k]) ) { - ref->bv_val[k] = '\0'; - ref->bv_len = k; - break; - } - } - - if( ref->bv_len > 0 ) { - refs[j++] = ref; - - } else { - ber_bvfree( ref ); - } - } - - refs[j] = NULL; - - if( j == 0 ) { - ber_bvecfree( refs ); - refs = NULL; + tag = LBER_SEQUENCE; } - /* we should check that a referral value exists... */ - - return refs; + return tag; } static long send_ldap_ber( @@ -210,8 +150,14 @@ static long send_ldap_ber( * it's a hard error and return. */ +#ifdef NEW_LOGGING + LDAP_LOG( OPERATION, ERR, + "send_ldap_ber: conn %lu ber_flush failed err=%d (%s)\n", + conn ? conn->c_connid : 0, err, sock_errstr(err) ); +#else Debug( LDAP_DEBUG_CONNS, "ber_flush failed errno=%d reason=\"%s\"\n", err, sock_errstr(err), 0 ); +#endif if ( err != EWOULDBLOCK && err != EAGAIN ) { connection_closing( conn ); @@ -237,6 +183,38 @@ static long send_ldap_ber( return bytes; } +static int +send_ldap_controls( BerElement *ber, LDAPControl **c ) +{ + int rc; + if( c == NULL ) return 0; + + rc = ber_printf( ber, "t{"/*}*/, LDAP_TAG_CONTROLS ); + if( rc == -1 ) return rc; + + for( ; *c != NULL; c++) { + rc = ber_printf( ber, "{s" /*}*/, (*c)->ldctl_oid ); + + if( (*c)->ldctl_iscritical ) { + rc = ber_printf( ber, "b", + (ber_int_t) (*c)->ldctl_iscritical ) ; + if( rc == -1 ) return rc; + } + + if( (*c)->ldctl_value.bv_val != NULL ) { + rc = ber_printf( ber, "O", &((*c)->ldctl_value)); + if( rc == -1 ) return rc; + } + + rc = ber_printf( ber, /*{*/"N}" ); + if( rc == -1 ) return rc; + } + + rc = ber_printf( ber, /*{*/"N}" ); + + return rc; +} + static void send_ldap_response( Connection *conn, @@ -246,93 +224,150 @@ send_ldap_response( ber_int_t err, const char *matched, const char *text, - struct berval **ref, + BerVarray ref, const char *resoid, struct berval *resdata, struct berval *sasldata, LDAPControl **ctrls ) { - BerElement *ber; + char berbuf[LBER_ELEMENT_SIZEOF]; + BerElement *ber = (BerElement *)berbuf; int rc; long bytes; - assert( ctrls == NULL ); /* ctrls not implemented */ + if (op->o_callback && op->o_callback->sc_response) { + op->o_callback->sc_response( conn, op, tag, msgid, err, matched, + text, ref, resoid, resdata, sasldata, ctrls ); + return; + } + +#ifdef LDAP_CONNECTIONLESS + if (conn->c_is_udp) + ber = op->o_res_ber; + else +#endif + + ber_init_w_nullc( ber, LBER_USE_DER ); - ber = ber_alloc_t( LBER_USE_DER ); +#ifdef NEW_LOGGING + LDAP_LOG( OPERATION, ENTRY, + "send_ldap_response: msgid=%d tag=%lu err=%d\n", + msgid, tag, err ); +#else + Debug( LDAP_DEBUG_TRACE, + "send_ldap_response: msgid=%d tag=%lu err=%d\n", + msgid, tag, err ); +#endif - Debug( LDAP_DEBUG_TRACE, "send_ldap_response: msgid=%ld tag=%ld err=%ld\n", - (long) msgid, (long) tag, (long) err ); if( ref ) { - Debug( LDAP_DEBUG_ARGS, "send_ldap_response: ref=%s\n", - ref[0] && ref[0]->bv_val ? ref[0]->bv_val : "NULL", +#ifdef NEW_LOGGING + LDAP_LOG( OPERATION, ARGS, + "send_ldap_response: conn %lu ref=\"%s\"\n", + conn ? conn->c_connid : 0, + ref[0].bv_val ? ref[0].bv_val : "NULL" , 0 ); +#else + Debug( LDAP_DEBUG_ARGS, "send_ldap_response: ref=\"%s\"\n", + ref[0].bv_val ? ref[0].bv_val : "NULL", NULL, NULL ); - } - - if ( ber == NULL ) { - Debug( LDAP_DEBUG_ANY, "ber_alloc failed\n", 0, 0, 0 ); - return; +#endif } #ifdef LDAP_CONNECTIONLESS - if ( op->o_cldap ) { - rc = ber_printf( ber, "{is{t{essN}N}N}", msgid, "", tag, - err, matched ? matched : "", text ? text : "" ); - } else + if (conn->c_is_udp && conn->c_protocol == LDAP_VERSION2) { + rc = ber_printf( ber, "t{ess" /*"}}"*/, + tag, err, + matched == NULL ? "" : matched, + text == NULL ? "" : text ); + } else #endif { - rc = ber_printf( ber, "{it{ess", - msgid, tag, err, - matched == NULL ? "" : matched, - text == NULL ? "" : text ); - - if( rc != -1 ) { - if ( ref != NULL ) { - assert( err == LDAP_REFERRAL ); - rc = ber_printf( ber, "t{V}", - LDAP_TAG_REFERRAL, ref ); - } else { - assert( err != LDAP_REFERRAL ); - } - } + rc = ber_printf( ber, "{it{ess" /*"}}"*/, + msgid, tag, err, + matched == NULL ? "" : matched, + text == NULL ? "" : text ); + } - if( rc != -1 && sasldata != NULL ) { - rc = ber_printf( ber, "tO", - LDAP_TAG_SASL_RES_CREDS, sasldata ); + if( rc != -1 ) { + if ( ref != NULL ) { + assert( err == LDAP_REFERRAL ); + rc = ber_printf( ber, "t{W}", + LDAP_TAG_REFERRAL, ref ); + } else { + assert( err != LDAP_REFERRAL ); } + } - if( rc != -1 && resoid != NULL ) { - rc = ber_printf( ber, "ts", - LDAP_TAG_EXOP_RES_OID, resoid ); - } + if( rc != -1 && sasldata != NULL ) { + rc = ber_printf( ber, "tO", + LDAP_TAG_SASL_RES_CREDS, sasldata ); + } - if( rc != -1 && resdata != NULL ) { - rc = ber_printf( ber, "tO", - LDAP_TAG_EXOP_RES_VALUE, resdata ); - } + if( rc != -1 && resoid != NULL ) { + rc = ber_printf( ber, "ts", + LDAP_TAG_EXOP_RES_OID, resoid ); + } - if( rc != -1 ) { - rc = ber_printf( ber, "N}N}" ); - } + if( rc != -1 && resdata != NULL ) { + rc = ber_printf( ber, "tO", + LDAP_TAG_EXOP_RES_VALUE, resdata ); + } + + if( rc != -1 ) { + rc = ber_printf( ber, /*"{"*/ "N}" ); + } + + if( rc != -1 && ctrls != NULL ) { + rc = send_ldap_controls( ber, ctrls ); + } + + if( rc != -1 ) { + rc = ber_printf( ber, /*"{"*/ "N}" ); } if ( rc == -1 ) { +#ifdef NEW_LOGGING + LDAP_LOG( OPERATION, ERR, + "send_ldap_response: conn %lu ber_printf failed\n", + conn ? conn->c_connid : 0, 0, 0 ); +#else Debug( LDAP_DEBUG_ANY, "ber_printf failed\n", 0, 0, 0 ); - ber_free( ber, 1 ); +#endif + +#ifdef LDAP_CONNECTIONLESS + if (conn->c_is_udp == 0) +#endif + ber_free_buf( ber ); return; } /* send BER */ bytes = send_ldap_ber( conn, ber ); - ber_free( ber, 1 ); +#ifdef LDAP_CONNECTIONLESS + if (conn->c_is_udp == 0) +#endif + ber_free_buf( ber ); if ( bytes < 0 ) { +#ifdef NEW_LOGGING + LDAP_LOG( OPERATION, ERR, + "send_ldap_response: conn %lu ber write failed\n", + conn ? conn->c_connid : 0, 0, 0 ); +#else Debug( LDAP_DEBUG_ANY, "send_ldap_response: ber write failed\n", 0, 0, 0 ); +#endif + return; } +#ifdef LDAP_SLAPI + slapi_pblock_set( op->o_pb, SLAPI_RESULT_CODE, (void *)err ); + slapi_pblock_set( op->o_pb, SLAPI_RESULT_MATCHED, ( matched != NULL ) ? (void *)ch_strdup( matched ) : NULL ); + slapi_pblock_set( op->o_pb, SLAPI_RESULT_TEXT, ( text != NULL ) ? (void *)ch_strdup( text ) : NULL ); +#endif /* LDAP_SLAPI */ + ldap_pvt_thread_mutex_lock( &num_sent_mutex ); num_bytes_sent += bytes; num_pdu_sent++; @@ -360,9 +395,16 @@ send_ldap_disconnect( assert( LDAP_UNSOLICITED_ERROR( err ) ); +#ifdef NEW_LOGGING + LDAP_LOG( OPERATION, ENTRY, + "send_ldap_disconnect: conn %lu %d:%s\n", + conn ? conn->c_connid : 0, err, text ? text : "" ); +#else Debug( LDAP_DEBUG_TRACE, "send_ldap_disconnect %d:%s\n", err, text ? text : "", NULL ); +#endif + if ( op->o_protocol < LDAP_VERSION3 ) { reqoid = NULL; @@ -375,36 +417,23 @@ send_ldap_disconnect( msgid = 0; } -#ifdef LDAP_CONNECTIONLESS - if ( op->o_cldap ) { - ber_sockbuf_ctrl( conn->c_sb, LBER_SB_OPT_UDP_SET_DST, - (void *)&op->o_clientaddr ); - Debug( LDAP_DEBUG_TRACE, "UDP response to %s port %d\n", - inet_ntoa(((struct sockaddr_in *) - &op->o_clientaddr)->sin_addr ), - ((struct sockaddr_in *) &op->o_clientaddr)->sin_port, - 0 ); - } -#endif - send_ldap_response( conn, op, tag, msgid, err, NULL, text, NULL, reqoid, NULL, NULL, NULL ); Statslog( LDAP_DEBUG_STATS, - "conn=%ld op=%ld DISCONNECT err=%ld tag=%lu text=%s\n", - (long) op->o_connid, (long) op->o_opid, - (long) tag, (long) err, text ? text : "" ); + "conn=%lu op=%lu DISCONNECT tag=%lu err=%d text=%s\n", + op->o_connid, op->o_opid, tag, err, text ? text : "" ); } void -send_ldap_result( +slap_send_ldap_result( Connection *conn, Operation *op, ber_int_t err, const char *matched, const char *text, - struct berval **ref, + BerVarray ref, LDAPControl **ctrls ) { @@ -414,23 +443,46 @@ send_ldap_result( assert( !LDAP_API_ERROR( err ) ); - Debug( LDAP_DEBUG_TRACE, "send_ldap_result: conn=%ld op=%ld p=%d\n", - (long) op->o_connid, (long) op->o_opid, op->o_protocol ); - Debug( LDAP_DEBUG_ARGS, "send_ldap_result: %d:%s:%s\n", - err, matched ? matched : "", text ? text : "" ); +#ifdef NEW_LOGGING + LDAP_LOG( OPERATION, ENTRY, + "send_ldap_result: conn %lu op=%lu p=%d\n", + op->o_connid, op->o_opid, op->o_protocol ); +#else + Debug( LDAP_DEBUG_TRACE, + "send_ldap_result: conn=%lu op=%lu p=%d\n", + op->o_connid, op->o_opid, op->o_protocol ); +#endif + +#ifdef NEW_LOGGING + LDAP_LOG( OPERATION, ARGS, + "send_ldap_result: err=%d matched=\"%s\" text=\"%s\"\n", + err, matched ? matched : "", text ? text : "" ); +#else + Debug( LDAP_DEBUG_ARGS, + "send_ldap_result: err=%d matched=\"%s\" text=\"%s\"\n", + err, matched ? matched : "", text ? text : "" ); +#endif + + if( ref ) { - Debug( LDAP_DEBUG_ARGS, "send_ldap_result: referral: %s\n", - ref[0] && ref[0]->bv_val ? ref[0]->bv_val : "NULL", - NULL, NULL ); +#ifdef NEW_LOGGING + LDAP_LOG( OPERATION, ARGS, + "send_ldap_result: referral=\"%s\"\n", + ref[0].bv_val ? ref[0].bv_val : "NULL", 0, 0 ); +#else + Debug( LDAP_DEBUG_ARGS, + "send_ldap_result: referral=\"%s\"\n", + ref[0].bv_val ? ref[0].bv_val : "NULL", + NULL, NULL ); +#endif } assert( err != LDAP_PARTIAL_RESULTS ); - if( op->o_tag != LDAP_REQ_SEARCH ) { - trim_refs_urls( ref ); - } - if ( err == LDAP_REFERRAL ) { + if( op->o_noreferrals ) { + ref = NULL; + } if( ref == NULL ) { err = LDAP_NO_SUCH_OBJECT; } else if ( op->o_protocol < LDAP_VERSION3 ) { @@ -447,26 +499,13 @@ send_ldap_result( tag = req2res( op->o_tag ); msgid = (tag != LBER_SEQUENCE) ? op->o_msgid : 0; -#ifdef LDAP_CONNECTIONLESS - if ( op->o_cldap ) { - ber_sockbuf_ctrl( conn->c_sb, LBER_SB_OPT_UDP_SET_DST, - (void *)&op->o_clientaddr ); - Debug( LDAP_DEBUG_TRACE, "UDP response to %s port %d\n", - inet_ntoa(((struct sockaddr_in *) - &op->o_clientaddr)->sin_addr ), - ((struct sockaddr_in *) &op->o_clientaddr)->sin_port, - 0 ); - } -#endif - send_ldap_response( conn, op, tag, msgid, err, matched, text, ref, NULL, NULL, NULL, ctrls ); Statslog( LDAP_DEBUG_STATS, - "conn=%ld op=%ld RESULT tag=%lu err=%ld text=%s\n", - (long) op->o_connid, (long) op->o_opid, - (long) tag, (long) err, text ? text : "" ); + "conn=%lu op=%lu RESULT tag=%lu err=%d text=%s\n", + op->o_connid, op->o_opid, tag, err, text ? text : "" ); if( tmp != NULL ) { ch_free(tmp); @@ -480,7 +519,7 @@ send_ldap_sasl( ber_int_t err, const char *matched, const char *text, - struct berval **ref, + BerVarray ref, LDAPControl **ctrls, struct berval *cred ) @@ -488,37 +527,32 @@ send_ldap_sasl( ber_tag_t tag; ber_int_t msgid; - Debug( LDAP_DEBUG_TRACE, "send_ldap_sasl %ld\n", - (long) err, NULL, NULL ); +#ifdef NEW_LOGGING + LDAP_LOG( OPERATION, ENTRY, + "send_ldap_sasl: conn %lu err=%d len=%lu\n", + op->o_connid, err, cred ? cred->bv_len : -1 ); +#else + Debug( LDAP_DEBUG_TRACE, "send_ldap_sasl: err=%d len=%ld\n", + err, cred ? (long) cred->bv_len : -1, NULL ); +#endif + tag = req2res( op->o_tag ); msgid = (tag != LBER_SEQUENCE) ? op->o_msgid : 0; -#ifdef LDAP_CONNECTIONLESS - if ( op->o_cldap ) { - ber_sockbuf_ctrl( conn->c_sb, LBER_SB_OPT_UDP_SET_DST, - (void *)&op->o_clientaddr ); - Debug( LDAP_DEBUG_TRACE, "UDP response to %s port %d\n", - inet_ntoa(((struct sockaddr_in *) - &op->o_clientaddr)->sin_addr ), - ((struct sockaddr_in *) &op->o_clientaddr)->sin_port, - 0 ); - } -#endif - send_ldap_response( conn, op, tag, msgid, err, matched, text, ref, - NULL, NULL, cred, ctrls ); + NULL, NULL, cred, ctrls ); } void -send_ldap_extended( +slap_send_ldap_extended( Connection *conn, Operation *op, ber_int_t err, const char *matched, const char *text, - struct berval **refs, + BerVarray refs, const char *rspoid, struct berval *rspdata, LDAPControl **ctrls @@ -527,27 +561,22 @@ send_ldap_extended( ber_tag_t tag; ber_int_t msgid; +#ifdef NEW_LOGGING + LDAP_LOG( OPERATION, ENTRY, + "send_ldap_extended: err=%d oid=%s len=%ld\n", + err, rspoid ? rspoid : "", + rspdata != NULL ? rspdata->bv_len : 0 ); +#else Debug( LDAP_DEBUG_TRACE, - "send_ldap_extended %ld:%s (%ld)\n", - (long) err, + "send_ldap_extended: err=%d oid=%s len=%ld\n", + err, rspoid ? rspoid : "", - rspdata != NULL ? (long) rspdata->bv_len : (long) 0 ); + rspdata != NULL ? rspdata->bv_len : 0 ); +#endif tag = req2res( op->o_tag ); msgid = (tag != LBER_SEQUENCE) ? op->o_msgid : 0; -#ifdef LDAP_CONNECTIONLESS - if ( op->o_cldap ) { - ber_sockbuf_ctrl( conn->c_sb, LBER_SB_OPT_UDP_SET_DST, - (void *)&op->o_clientaddr ); - Debug( LDAP_DEBUG_TRACE, "UDP response to %s port %d\n", - inet_ntoa(((struct sockaddr_in *) - &op->o_clientaddr)->sin_addr ), - ((struct sockaddr_in *) &op->o_clientaddr)->sin_port, - 0 ); - } -#endif - send_ldap_response( conn, op, tag, msgid, err, matched, text, refs, rspoid, rspdata, NULL, ctrls ); @@ -555,13 +584,13 @@ send_ldap_extended( void -send_search_result( +slap_send_search_result( Connection *conn, Operation *op, ber_int_t err, const char *matched, const char *text, - struct berval **refs, + BerVarray refs, LDAPControl **ctrls, int nentries ) @@ -569,14 +598,27 @@ send_search_result( ber_tag_t tag; ber_int_t msgid; char *tmp = NULL; + assert( !LDAP_API_ERROR( err ) ); - Debug( LDAP_DEBUG_TRACE, "send_ldap_search_result %d:%s:%s\n", - err, matched ? matched : "", text ? text : "" ); + if (op->o_callback && op->o_callback->sc_sresult) { + op->o_callback->sc_sresult(conn, op, err, matched, text, refs, + ctrls, nentries); + return; + } + +#ifdef NEW_LOGGING + LDAP_LOG( OPERATION, ENTRY, + "send_search_result: err=%d matched=\"%s\" text=\"%s\"\n", + err, matched ? matched : "", text ? text : "" ); +#else + Debug( LDAP_DEBUG_TRACE, + "send_search_result: err=%d matched=\"%s\" text=\"%s\"\n", + err, matched ? matched : "", text ? text : "" ); +#endif - assert( err != LDAP_PARTIAL_RESULTS ); - trim_refs_urls( refs ); + assert( err != LDAP_PARTIAL_RESULTS ); if( op->o_protocol < LDAP_VERSION3 ) { /* send references in search results */ @@ -587,6 +629,7 @@ send_search_result( tmp = v2ref( refs, text ); text = tmp; refs = NULL; + } else { /* don't send references in search results */ assert( refs == NULL ); @@ -600,79 +643,121 @@ send_search_result( tag = req2res( op->o_tag ); msgid = (tag != LBER_SEQUENCE) ? op->o_msgid : 0; -#ifdef LDAP_CONNECTIONLESS - if ( op->o_cldap ) { - ber_sockbuf_ctrl( conn->c_sb, LBER_SB_OPT_UDP_SET_DST, - (void *)&op->o_clientaddr ); - Debug( LDAP_DEBUG_TRACE, "UDP response to %s port %d\n", - inet_ntoa(((struct sockaddr_in *) - &op->o_clientaddr)->sin_addr ), - ((struct sockaddr_in *) &op->o_clientaddr)->sin_port, - 0 ); - } -#endif - send_ldap_response( conn, op, tag, msgid, err, matched, text, refs, NULL, NULL, NULL, ctrls ); + { + char nbuf[64]; + snprintf( nbuf, sizeof nbuf, "%d nentries=%d", err, nentries ); + Statslog( LDAP_DEBUG_STATS, - "conn=%ld op=%ld SEARCH RESULT tag=%lu err=%ld text=%s\n", - (long) op->o_connid, (long) op->o_opid, - (long) tag, (long) err, text ? text : "" ); + "conn=%lu op=%lu SEARCH RESULT tag=%lu err=%s text=%s\n", + op->o_connid, op->o_opid, tag, nbuf, text ? text : "" ); + } - if (tmp != NULL) + if (tmp != NULL) { ch_free(tmp); + } } - int -send_search_entry( +slap_send_search_entry( Backend *be, Connection *conn, Operation *op, Entry *e, - char **attrs, + AttributeName *attrs, int attrsonly, LDAPControl **ctrls ) { - BerElement *ber; + char berbuf[LBER_ELEMENT_SIZEOF]; + BerElement *ber = (BerElement *)berbuf; Attribute *a, *aa; - int i, rc=-1, bytes; - char *edn; + int i, j, rc=-1, bytes; + char *edn; int userattrs; int opattrs; + AccessControlState acl_state = ACL_STATE_INIT; +#ifdef LDAP_SLAPI + /* Support for computed attribute plugins */ + computed_attr_context ctx; + AttributeName *anp; +#endif AttributeDescription *ad_entry = slap_schema.si_ad_entry; - Debug( LDAP_DEBUG_TRACE, "=> send_search_entry: \"%s\"\n", e->e_dn, 0, 0 ); + /* a_flags: array of flags telling if the i-th element will be + * returned or filtered out + * e_flags: array of a_flags + */ + char **e_flags = NULL; + + if (op->o_callback && op->o_callback->sc_sendentry) { + return op->o_callback->sc_sendentry( be, conn, op, e, attrs, + attrsonly, ctrls ); + } + +#ifdef NEW_LOGGING + LDAP_LOG( OPERATION, ENTRY, + "send_search_entry: conn %lu dn=\"%s\"%s\n", + op->o_connid, e->e_dn, attrsonly ? " (attrsOnly)" : "" ); +#else + Debug( LDAP_DEBUG_TRACE, + "=> send_search_entry: dn=\"%s\"%s\n", + e->e_dn, attrsonly ? " (attrsOnly)" : "", 0 ); +#endif if ( ! access_allowed( be, conn, op, e, - ad_entry, NULL, ACL_READ ) ) + ad_entry, NULL, ACL_READ, NULL ) ) { - Debug( LDAP_DEBUG_ACL, "acl: access to entry not allowed\n", +#ifdef NEW_LOGGING + LDAP_LOG( ACL, INFO, + "send_search_entry: conn %lu access to entry (%s) not allowed\n", + op->o_connid, e->e_dn, 0 ); +#else + Debug( LDAP_DEBUG_ACL, + "send_search_entry: access to entry not allowed\n", 0, 0, 0 ); +#endif + return( 1 ); } edn = e->e_ndn; - ber = ber_alloc_t( LBER_USE_DER ); +#ifdef LDAP_CONNECTIONLESS + if (conn->c_is_udp) + ber = op->o_res_ber; + else +#endif + ber_init_w_nullc( ber, LBER_USE_DER ); - if ( ber == NULL ) { - Debug( LDAP_DEBUG_ANY, "ber_alloc failed\n", 0, 0, 0 ); - send_ldap_result( conn, op, LDAP_OTHER, - NULL, "BER allocation error", NULL, NULL ); - goto error_return; +#ifdef LDAP_CONNECTIONLESS + if (conn->c_is_udp && conn->c_protocol == LDAP_VERSION2) { + rc = ber_printf(ber, "t{0{" /*}}*/, + LDAP_RES_SEARCH_ENTRY, &e->e_name); + } else +#endif + { + rc = ber_printf( ber, "{it{O{" /*}}}*/, op->o_msgid, + LDAP_RES_SEARCH_ENTRY, &e->e_name ); } - rc = ber_printf( ber, "{it{s{" /*}}}*/, op->o_msgid, - LDAP_RES_SEARCH_ENTRY, e->e_dn ); - if ( rc == -1 ) { +#ifdef NEW_LOGGING + LDAP_LOG( OPERATION, ERR, + "send_search_entry: conn %lu ber_printf failed\n", + op->o_connid, 0, 0 ); +#else Debug( LDAP_DEBUG_ANY, "ber_printf failed\n", 0, 0, 0 ); - ber_free( ber, 1 ); +#endif + +#ifdef LDAP_CONNECTIONLESS + if (conn->c_is_udp == 0) +#endif + ber_free_buf( ber ); send_ldap_result( conn, op, LDAP_OTHER, NULL, "encoding DN error", NULL, NULL ); goto error_return; @@ -680,30 +765,91 @@ send_search_entry( /* check for special all user attributes ("*") type */ userattrs = ( attrs == NULL ) ? 1 - : charray_inlist( attrs, LDAP_ALL_USER_ATTRIBUTES ); + : an_find( attrs, &AllUser ); /* check for special all operational attributes ("+") type */ opattrs = ( attrs == NULL ) ? 0 - : charray_inlist( attrs, LDAP_ALL_OPERATIONAL_ATTRIBUTES ); + : an_find( attrs, &AllOper ); + + /* create an array of arrays of flags. Each flag corresponds + * to particular value of attribute and equals 1 if value matches + * to ValuesReturnFilter or 0 if not + */ + if ( op->vrFilter != NULL ) { + int k = 0; + size_t size; + + for ( a = e->e_attrs, i=0; a != NULL; a = a->a_next, i++ ) { + for ( j = 0; a->a_vals[j].bv_val != NULL; j++ ) k++; + } - for ( a = e->e_attrs; a != NULL; a = a->a_next ) { + size = i * sizeof(char *) + k; + if ( size > 0 ) { + char *a_flags; + e_flags = SLAP_CALLOC ( 1, i * sizeof(char *) + k ); + if( e_flags == NULL ) { +#ifdef NEW_LOGGING + LDAP_LOG( OPERATION, ERR, + "send_search_entry: conn %lu SLAP_CALLOC failed\n", + conn ? conn->c_connid : 0, 0, 0 ); +#else + Debug( LDAP_DEBUG_ANY, + "send_search_entry: SLAP_CALLOC failed\n", 0, 0, 0 ); +#endif + ber_free( ber, 1 ); + + send_ldap_result( conn, op, LDAP_OTHER, + NULL, "memory error", + NULL, NULL ); + goto error_return; + } + a_flags = (char *)(e_flags + i); + memset( a_flags, 0, k ); + for ( a = e->e_attrs, i=0; a != NULL; a = a->a_next, i++ ) { + for ( j = 0; a->a_vals[j].bv_val != NULL; j++ ); + e_flags[i] = a_flags; + a_flags += j; + } + + rc = filter_matched_values(be, conn, op, e->e_attrs, &e_flags) ; + if ( rc == -1 ) { +#ifdef NEW_LOGGING + LDAP_LOG( OPERATION, ERR, + "send_search_entry: conn %lu matched values filtering failed\n", + conn ? conn->c_connid : 0, 0, 0 ); +#else + Debug( LDAP_DEBUG_ANY, + "matched values filtering failed\n", 0, 0, 0 ); +#endif +#ifdef LDAP_CONNECTIONLESS + if (conn->c_is_udp == 0) +#endif + ber_free( ber, 1 ); + + send_ldap_result( conn, op, LDAP_OTHER, + NULL, "matched values filtering error", + NULL, NULL ); + goto error_return; + } + } + } + + for ( a = e->e_attrs, j = 0; a != NULL; a = a->a_next, j++ ) { AttributeDescription *desc = a->a_desc; - char *type = desc->ad_cname->bv_val; if ( attrs == NULL ) { - /* all addrs request, skip operational attributes */ - if( is_at_operational( desc->ad_type ) ) - { + /* all attrs request, skip operational attributes */ + if( is_at_operational( desc->ad_type ) ) { continue; } } else { - /* specific addrs requested */ - if ( is_at_operational( desc->ad_type ) ) - { + /* specific attrs requested */ + if ( is_at_operational( desc->ad_type ) ) { if( !opattrs && !ad_inlist( desc, attrs ) ) { continue; } + } else { if (!userattrs && !ad_inlist( desc, attrs ) ) { continue; @@ -711,45 +857,98 @@ send_search_entry( } } - if ( ! access_allowed( be, conn, op, e, desc, NULL, ACL_READ ) ) { - Debug( LDAP_DEBUG_ACL, "acl: access to attribute %s not allowed\n", - desc->ad_cname->bv_val, 0, 0 ); + if ( ! access_allowed( be, conn, op, e, desc, NULL, + ACL_READ, &acl_state ) ) + { +#ifdef NEW_LOGGING + LDAP_LOG( ACL, INFO, + "send_search_entry: conn %lu access to attribute %s not " + "allowed\n", op->o_connid, desc->ad_cname.bv_val, 0 ); +#else + Debug( LDAP_DEBUG_ACL, "acl: " + "access to attribute %s not allowed\n", + desc->ad_cname.bv_val, 0, 0 ); +#endif continue; } - if (( rc = ber_printf( ber, "{s[" /*]}*/ , type )) == -1 ) { + if (( rc = ber_printf( ber, "{O[" /*]}*/ , &desc->ad_cname )) == -1 ) { +#ifdef NEW_LOGGING + LDAP_LOG( OPERATION, ERR, + "send_search_entry: conn %lu ber_printf failed\n", + op->o_connid, 0, 0 ); +#else Debug( LDAP_DEBUG_ANY, "ber_printf failed\n", 0, 0, 0 ); - ber_free( ber, 1 ); +#endif + +#ifdef LDAP_CONNECTIONLESS + if (conn->c_is_udp == 0) +#endif + ber_free_buf( ber ); send_ldap_result( conn, op, LDAP_OTHER, NULL, "encoding description error", NULL, NULL ); goto error_return; } if ( ! attrsonly ) { - for ( i = 0; a->a_vals[i] != NULL; i++ ) { + for ( i = 0; a->a_vals[i].bv_val != NULL; i++ ) { if ( ! access_allowed( be, conn, op, e, - desc, a->a_vals[i], ACL_READ ) ) + desc, &a->a_vals[i], ACL_READ, &acl_state ) ) { +#ifdef NEW_LOGGING + LDAP_LOG( ACL, INFO, + "send_search_entry: conn %lu " + "access to attribute %s, value %d not allowed\n", + op->o_connid, desc->ad_cname.bv_val, i ); +#else Debug( LDAP_DEBUG_ACL, - "acl: access to attribute %s, value %d not allowed\n", - desc->ad_cname->bv_val, i, 0 ); + "acl: access to attribute %s, " + "value %d not allowed\n", + desc->ad_cname.bv_val, i, 0 ); +#endif + continue; } - if (( rc = ber_printf( ber, "O", a->a_vals[i] )) == -1 ) { + if ( op->vrFilter && e_flags[j][i] == 0 ){ + continue; + } + + if (( rc = ber_printf( ber, "O", &a->a_vals[i] )) == -1 ) { +#ifdef NEW_LOGGING + LDAP_LOG( OPERATION, ERR, + "send_search_entry: conn %lu " + "ber_printf failed.\n", op->o_connid, 0, 0 ); +#else Debug( LDAP_DEBUG_ANY, "ber_printf failed\n", 0, 0, 0 ); - ber_free( ber, 1 ); +#endif + +#ifdef LDAP_CONNECTIONLESS + if (conn->c_is_udp == 0) +#endif + ber_free_buf( ber ); send_ldap_result( conn, op, LDAP_OTHER, - NULL, "encoding values error", NULL, NULL ); + NULL, "encoding values error", + NULL, NULL ); goto error_return; } } } if (( rc = ber_printf( ber, /*{[*/ "]N}" )) == -1 ) { +#ifdef NEW_LOGGING + LDAP_LOG( OPERATION, ERR, + "send_search_entry: conn %lu ber_printf failed\n", + op->o_connid, 0, 0 ); +#else Debug( LDAP_DEBUG_ANY, "ber_printf failed\n", 0, 0, 0 ); - ber_free( ber, 1 ); +#endif + +#ifdef LDAP_CONNECTIONLESS + if (conn->c_is_udp == 0) +#endif + ber_free_buf( ber ); send_ldap_result( conn, op, LDAP_OTHER, NULL, "encode end error", NULL, NULL ); goto error_return; @@ -758,22 +957,91 @@ send_search_entry( /* eventually will loop through generated operational attributes */ /* only have subschemaSubentry implemented */ - aa = backend_operational( be, e ); + aa = backend_operational( be, conn, op, e, attrs, opattrs ); + + if ( aa != NULL && op->vrFilter != NULL ) { + int k = 0; + size_t size; + + for ( a = aa, i=0; a != NULL; a = a->a_next, i++ ) { + for ( j = 0; a->a_vals[j].bv_val != NULL; j++ ) k++; + } + + size = i * sizeof(char *) + k; + if ( size > 0 ) { + char *a_flags, **tmp; + + /* + * Reuse previous memory - we likely need less space + * for operational attributes + */ + tmp = SLAP_REALLOC ( e_flags, i * sizeof(char *) + k ); + if ( tmp == NULL ) { +#ifdef NEW_LOGGING + LDAP_LOG( OPERATION, ERR, + "send_search_entry: conn %lu " + "not enough memory " + "for matched values filtering\n", + conn ? conn->c_connid : 0, 0, 0); +#else + Debug( LDAP_DEBUG_ANY, + "send_search_entry: conn %lu " + "not enough memory " + "for matched values filtering\n", + conn ? conn->c_connid : 0, 0, 0 ); +#endif + ber_free( ber, 1 ); + + send_ldap_result( conn, op, LDAP_NO_MEMORY, + NULL, NULL, NULL, NULL ); + goto error_return; + } + e_flags = tmp; + a_flags = (char *)(e_flags + i); + memset( a_flags, 0, k ); + for ( a = aa, i=0; a != NULL; a = a->a_next, i++ ) { + for ( j = 0; a->a_vals[j].bv_val != NULL; j++ ); + e_flags[i] = a_flags; + a_flags += j; + } + rc = filter_matched_values(be, conn, op, aa, &e_flags) ; + + if ( rc == -1 ) { +#ifdef NEW_LOGGING + LDAP_LOG( OPERATION, ERR, + "send_search_entry: conn %lu " + "matched values filtering failed\n", + conn ? conn->c_connid : 0, 0, 0); +#else + Debug( LDAP_DEBUG_ANY, + "matched values filtering failed\n", 0, 0, 0 ); +#endif +#ifdef LDAP_CONNECTIONLESS + if (conn->c_is_udp == 0) +#endif + ber_free( ber, 1 ); - for (a = aa ; a != NULL; a = a->a_next ) { + send_ldap_result( conn, op, LDAP_OTHER, + NULL, "matched values filtering error", + NULL, NULL ); + goto error_return; + } + } + } + + for (a = aa, j=0; a != NULL; a = a->a_next, j++ ) { AttributeDescription *desc = a->a_desc; if ( attrs == NULL ) { - /* all addrs request, skip operational attributes */ + /* all attrs request, skip operational attributes */ if( is_at_operational( desc->ad_type ) ) { continue; } } else { - /* specific addrs requested */ + /* specific attrs requested */ if( is_at_operational( desc->ad_type ) ) { - if( !opattrs && !ad_inlist( desc, attrs ) ) - { + if( !opattrs && !ad_inlist( desc, attrs ) ) { continue; } } else { @@ -784,72 +1052,204 @@ send_search_entry( } } - if ( ! access_allowed( be, conn, op, e, desc, NULL, ACL_READ ) ) { - Debug( LDAP_DEBUG_ACL, "acl: access to attribute %s not allowed\n", - desc->ad_cname->bv_val, 0, 0 ); + if ( ! access_allowed( be, conn, op, e, desc, NULL, + ACL_READ, &acl_state ) ) + { +#ifdef NEW_LOGGING + LDAP_LOG( ACL, INFO, + "send_search_entry: conn %lu " + "access to attribute %s not allowed\n", + op->o_connid, desc->ad_cname.bv_val, 0 ); +#else + Debug( LDAP_DEBUG_ACL, "acl: access to attribute %s " + "not allowed\n", + desc->ad_cname.bv_val, 0, 0 ); +#endif + continue; } - rc = ber_printf( ber, "{s[" /*]}*/ , desc->ad_cname->bv_val ); + rc = ber_printf( ber, "{O[" /*]}*/ , &desc->ad_cname ); if ( rc == -1 ) { +#ifdef NEW_LOGGING + LDAP_LOG( OPERATION, ERR, + "send_search_entry: conn %lu " + "ber_printf failed\n", op->o_connid, 0, 0 ); +#else Debug( LDAP_DEBUG_ANY, "ber_printf failed\n", 0, 0, 0 ); - ber_free( ber, 1 ); +#endif + +#ifdef LDAP_CONNECTIONLESS + if (conn->c_is_udp == 0) +#endif + ber_free_buf( ber ); send_ldap_result( conn, op, LDAP_OTHER, NULL, "encoding description error", NULL, NULL ); + + attrs_free( aa ); goto error_return; } if ( ! attrsonly ) { - for ( i = 0; a->a_vals[i] != NULL; i++ ) { + for ( i = 0; a->a_vals[i].bv_val != NULL; i++ ) { if ( ! access_allowed( be, conn, op, e, - desc, a->a_vals[i], ACL_READ ) ) + desc, &a->a_vals[i], ACL_READ, &acl_state ) ) { +#ifdef NEW_LOGGING + LDAP_LOG( ACL, INFO, + "send_search_entry: conn %lu " + "access to %s, value %d not allowed\n", + op->o_connid, desc->ad_cname.bv_val, i ); +#else Debug( LDAP_DEBUG_ACL, - "acl: access to attribute %s, value %d not allowed\n", - desc->ad_cname->bv_val, i, 0 ); + "acl: access to attribute %s, " + "value %d not allowed\n", + desc->ad_cname.bv_val, i, 0 ); +#endif + continue; } + if ( op->vrFilter && e_flags[j][i] == 0 ){ + continue; + } - if (( rc = ber_printf( ber, "O", a->a_vals[i] )) == -1 ) { + if (( rc = ber_printf( ber, "O", &a->a_vals[i] )) == -1 ) { +#ifdef NEW_LOGGING + LDAP_LOG( OPERATION, ERR, + "send_search_entry: conn %lu ber_printf failed\n", + op->o_connid, 0, 0 ); +#else Debug( LDAP_DEBUG_ANY, "ber_printf failed\n", 0, 0, 0 ); - ber_free( ber, 1 ); +#endif + +#ifdef LDAP_CONNECTIONLESS + if (conn->c_is_udp == 0) +#endif + ber_free_buf( ber ); send_ldap_result( conn, op, LDAP_OTHER, - NULL, "encoding values error", NULL, NULL ); + NULL, "encoding values error", + NULL, NULL ); + + attrs_free( aa ); goto error_return; } } } if (( rc = ber_printf( ber, /*{[*/ "]N}" )) == -1 ) { +#ifdef NEW_LOGGING + LDAP_LOG( OPERATION, ERR, + "send_search_entry: conn %lu ber_printf failed\n", + op->o_connid, 0, 0 ); +#else Debug( LDAP_DEBUG_ANY, "ber_printf failed\n", 0, 0, 0 ); - ber_free( ber, 1 ); +#endif + +#ifdef LDAP_CONNECTIONLESS + if (conn->c_is_udp == 0) +#endif + ber_free_buf( ber ); send_ldap_result( conn, op, LDAP_OTHER, NULL, "encode end error", NULL, NULL ); + + attrs_free( aa ); goto error_return; } } +#ifdef LDAP_SLAPI + /* + * First, setup the computed attribute context that is + * passed to all plugins. + */ + ctx.cac_pb = op->o_pb; + ctx.cac_attrs = attrs; + ctx.cac_attrsonly = attrsonly; + ctx.cac_userattrs = userattrs; + ctx.cac_opattrs = opattrs; + ctx.cac_acl_state = acl_state; + ctx.cac_private = (void *)ber; + + /* + * For each client requested attribute, call the plugins. + */ + if ( attrs != NULL ) { + for ( anp = attrs; anp->an_name.bv_val != NULL; anp++ ) { + rc = compute_evaluator( &ctx, anp->an_name.bv_val, e, slapi_x_compute_output_ber ); + if ( rc == 1 ) { + break; + } + } + } else { + /* + * Technically we shouldn't be returning operational attributes + * when the user requested only user attributes. We'll let the + * plugin decide whether to be naughty or not. + */ + rc = compute_evaluator( &ctx, "*", e, slapi_x_compute_output_ber ); + } + if ( rc == 1 ) { + ber_free_buf( ber ); + send_ldap_result( conn, op, LDAP_OTHER, + NULL, "computed attribute error", NULL, NULL ); + goto error_return; + } +#endif /* LDAP_SLAPI */ + + /* free e_flags */ + if ( e_flags ) { + free( e_flags ); + e_flags = NULL; + } + attrs_free( aa ); + rc = ber_printf( ber, /*{{*/ "}N}" ); - rc = ber_printf( ber, /*{{{*/ "}N}N}" ); + if( rc != -1 && ctrls != NULL ) { + rc = send_ldap_controls( ber, ctrls ); + } + + if( rc != -1 ) { + rc = ber_printf( ber, /*{*/ "N}" ); + } if ( rc == -1 ) { +#ifdef NEW_LOGGING + LDAP_LOG( OPERATION, ERR, + "send_search_entry: conn %lu ber_printf failed\n", + op->o_connid, 0, 0 ); +#else Debug( LDAP_DEBUG_ANY, "ber_printf failed\n", 0, 0, 0 ); - ber_free( ber, 1 ); +#endif + +#ifdef LDAP_CONNECTIONLESS + if (conn->c_is_udp == 0) +#endif + ber_free_buf( ber ); send_ldap_result( conn, op, LDAP_OTHER, NULL, "encode entry end error", NULL, NULL ); return( 1 ); } - bytes = send_ldap_ber( conn, ber ); - ber_free( ber, 1 ); +#ifdef LDAP_CONNECTIONLESS + if (conn->c_is_udp == 0) { +#endif + bytes = op->o_noop ? 0 : send_ldap_ber( conn, ber ); + ber_free_buf( ber ); if ( bytes < 0 ) { +#ifdef NEW_LOGGING + LDAP_LOG( OPERATION, ERR, + "send_search_entry: conn %lu ber write failed.\n", + op->o_connid, 0, 0 ); +#else Debug( LDAP_DEBUG_ANY, - "send_ldap_response: ber write failed\n", + "send_search_entry: ber write failed\n", 0, 0, 0 ); +#endif + return -1; } @@ -859,106 +1259,189 @@ send_search_entry( num_pdu_sent++; ldap_pvt_thread_mutex_unlock( &num_sent_mutex ); - Statslog( LDAP_DEBUG_STATS2, "conn=%ld op=%ld ENTRY dn=\"%s\"\n", - (long) conn->c_connid, (long) op->o_opid, e->e_dn, 0, 0 ); +#ifdef LDAP_CONNECTIONLESS + } +#endif + Statslog( LDAP_DEBUG_STATS2, "conn=%lu op=%lu ENTRY dn=\"%s\"\n", + conn->c_connid, op->o_opid, e->e_dn, 0, 0 ); + +#ifdef NEW_LOGGING + LDAP_LOG( OPERATION, ENTRY, + "send_search_entry: conn %lu exit.\n", op->o_connid, 0, 0 ); +#else Debug( LDAP_DEBUG_TRACE, "<= send_search_entry\n", 0, 0, 0 ); +#endif rc = 0; error_return:; + if ( e_flags ) free( e_flags ); return( rc ); } int -send_search_reference( +slap_send_search_reference( Backend *be, Connection *conn, Operation *op, Entry *e, - struct berval **refs, - int scope, + BerVarray refs, LDAPControl **ctrls, - struct berval ***v2refs + BerVarray *v2refs ) { - BerElement *ber; + char berbuf[LBER_ELEMENT_SIZEOF]; + BerElement *ber = (BerElement *)berbuf; int rc; int bytes; AttributeDescription *ad_ref = slap_schema.si_ad_ref; AttributeDescription *ad_entry = slap_schema.si_ad_entry; - Debug( LDAP_DEBUG_TRACE, "=> send_search_reference (%s)\n", e->e_dn, 0, 0 ); +#ifdef NEW_LOGGING + LDAP_LOG( OPERATION, ENTRY, + "send_search_reference: conn %lu dn=\"%s\"\n", + op->o_connid, e ? e->e_dn : "(null)", 0 ); +#else + Debug( LDAP_DEBUG_TRACE, + "=> send_search_reference: dn=\"%s\"\n", + e ? e->e_dn : "(null)", 0, 0 ); +#endif - if ( ! access_allowed( be, conn, op, e, - ad_entry, NULL, ACL_READ ) ) + if ( e && ! access_allowed( be, conn, op, e, + ad_entry, NULL, ACL_READ, NULL ) ) { +#ifdef NEW_LOGGING + LDAP_LOG( ACL, INFO, + "send_search_reference: conn %lu " + "access to entry %s not allowed\n", + op->o_connid, e->e_dn, 0 ); +#else Debug( LDAP_DEBUG_ACL, "send_search_reference: access to entry not allowed\n", 0, 0, 0 ); +#endif + return( 1 ); } - if ( ! access_allowed( be, conn, op, e, - ad_ref, NULL, ACL_READ ) ) + if ( e && ! access_allowed( be, conn, op, e, + ad_ref, NULL, ACL_READ, NULL ) ) { +#ifdef NEW_LOGGING + LDAP_LOG( ACL, INFO, + "send_search_reference: conn %lu access " + "to reference not allowed.\n", op->o_connid, 0, 0 ); +#else Debug( LDAP_DEBUG_ACL, - "send_search_reference: access to reference not allowed\n", + "send_search_reference: access " + "to reference not allowed\n", 0, 0, 0 ); +#endif + return( 1 ); } + if( op->o_noreferrals ) { +#ifdef NEW_LOGGING + LDAP_LOG( OPERATION, ERR, + "send_search_reference: conn %lu noreferrals control in (%s).\n", + op->o_connid, e->e_dn, 0 ); +#else + Debug( LDAP_DEBUG_ANY, + "send_search_reference: noreferrals control in (%s)\n", + e->e_dn, 0, 0 ); +#endif + + return( 0 ); + } + if( refs == NULL ) { +#ifdef NEW_LOGGING + LDAP_LOG( OPERATION, ERR, + "send_search_reference: conn %lu null ref in (%s).\n", + op->o_connid, e ? e->e_dn : "(null)", 0 ); +#else Debug( LDAP_DEBUG_ANY, "send_search_reference: null ref in (%s)\n", - e->e_dn, 0, 0 ); + e ? e->e_dn : "(null)", 0, 0 ); +#endif + return( 1 ); } if( op->o_protocol < LDAP_VERSION3 ) { /* save the references for the result */ - if( *refs != NULL ) { - value_add( v2refs, refs ); + if( refs[0].bv_val != NULL ) { + if( value_add( v2refs, refs ) ) + return LDAP_OTHER; } return 0; } - ber = ber_alloc_t( LBER_USE_DER ); +#ifdef LDAP_CONNECTIONLESS + if (conn->c_is_udp) + ber = op->o_res_ber; + else +#endif + ber_init_w_nullc( ber, LBER_USE_DER ); - if ( ber == NULL ) { - Debug( LDAP_DEBUG_ANY, - "send_search_reference: ber_alloc failed\n", 0, 0, 0 ); - send_ldap_result( conn, op, LDAP_OTHER, - NULL, "alloc BER error", NULL, NULL ); - return -1; + rc = ber_printf( ber, "{it{W}" /*"}"*/ , op->o_msgid, + LDAP_RES_SEARCH_REFERENCE, refs ); + + if( rc != -1 && ctrls != NULL ) { + rc = send_ldap_controls( ber, ctrls ); } - rc = ber_printf( ber, "{it{V}N}", op->o_msgid, - LDAP_RES_SEARCH_REFERENCE, refs ); + if( rc != -1 ) { + rc = ber_printf( ber, /*"{"*/ "N}", op->o_msgid, + LDAP_RES_SEARCH_REFERENCE, refs ); + } if ( rc == -1 ) { +#ifdef NEW_LOGGING + LDAP_LOG( OPERATION, ERR, + "send_search_reference: conn %lu " + "ber_printf failed.\n", op->o_connid, 0, 0 ); +#else Debug( LDAP_DEBUG_ANY, "send_search_reference: ber_printf failed\n", 0, 0, 0 ); - ber_free( ber, 1 ); +#endif + +#ifdef LDAP_CONNECTIONLESS + if (conn->c_is_udp == 0) +#endif + ber_free_buf( ber ); send_ldap_result( conn, op, LDAP_OTHER, NULL, "encode DN error", NULL, NULL ); return -1; } - bytes = send_ldap_ber( conn, ber ); - ber_free( ber, 1 ); +#ifdef LDAP_CONNECTIONLESS + if (conn->c_is_udp == 0) { +#endif + bytes = op->o_noop ? 0 : send_ldap_ber( conn, ber ); + ber_free_buf( ber ); ldap_pvt_thread_mutex_lock( &num_sent_mutex ); num_bytes_sent += bytes; num_refs_sent++; num_pdu_sent++; ldap_pvt_thread_mutex_unlock( &num_sent_mutex ); +#ifdef LDAP_CONNECTIONLESS + } +#endif - Statslog( LDAP_DEBUG_STATS2, "conn=%ld op=%ld ENTRY dn=\"%s\"\n", - (long) conn->c_connid, (long) op->o_opid, e->e_dn, 0, 0 ); + Statslog( LDAP_DEBUG_STATS2, "conn=%lu op=%lu REF dn=\"%s\"\n", + conn->c_connid, op->o_opid, e ? e->e_dn : "(null)", 0, 0 ); +#ifdef NEW_LOGGING + LDAP_LOG( OPERATION, ENTRY, + "send_search_reference: conn %lu exit.\n", op->o_connid, 0, 0 ); +#else Debug( LDAP_DEBUG_TRACE, "<= send_search_reference\n", 0, 0, 0 ); +#endif return 0; } @@ -980,8 +1463,13 @@ str2result( *info = NULL; if ( strncasecmp( s, "RESULT", 6 ) != 0 ) { +#ifdef NEW_LOGGING + LDAP_LOG( OPERATION, INFO, + "str2result: (%s), expecting \"RESULT\"\n", s, 0, 0 ); +#else Debug( LDAP_DEBUG_ANY, "str2result (%s) expecting \"RESULT\"\n", s, 0, 0 ); +#endif return( -1 ); } @@ -1009,8 +1497,13 @@ str2result( *info = c; } } else { +#ifdef NEW_LOGGING + LDAP_LOG( OPERATION, INFO, "str2result: (%s) unknown.\n", s, 0, 0 ); +#else Debug( LDAP_DEBUG_ANY, "str2result (%s) unknown\n", s, 0, 0 ); +#endif + rc = -1; } }