X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=servers%2Fslapd%2Fresult.c;h=2e412aeb5f52eb1f6e14629d3ca1187446f98f2b;hb=e3b1020e7558dff26d8c87ebb2746f197775c24f;hp=ad3c065ddf33803a12151dd725cc0dcafc93b8c6;hpb=a76c9f18a991ee1aade6e42f3ea77d8f84cfe969;p=openldap diff --git a/servers/slapd/result.c b/servers/slapd/result.c index ad3c065ddf..2e412aeb5f 100644 --- a/servers/slapd/result.c +++ b/servers/slapd/result.c @@ -1,5 +1,9 @@ /* result.c - routines to send ldap results, errors, and referrals */ /* $OpenLDAP$ */ +/* + * Copyright 1998-2003 The OpenLDAP Foundation, All Rights Reserved. + * COPYING RESTRICTIONS APPLY, see COPYRIGHT file + */ #include "portable.h" @@ -7,7 +11,6 @@ #include #include -#include #include #include #include @@ -15,43 +18,65 @@ #include "slap.h" -/* we need LBER internals */ -#include "../../libraries/liblber/lber-int.h" +#ifdef LDAP_SLAPI +#include "slapi.h" +#endif -static char *v2ref( struct berval **ref, const char *text ) +static char *v2ref( BerVarray ref, const char *text ) { size_t len = 0, i = 0; char *v2; - if(ref == NULL) - { - if (text) - return ch_strdup(text); - else - return NULL; + if(ref == NULL) { + if (text) { + return ch_strdup(text); + } else { + return NULL; + } } - if (text) { + if ( text != NULL ) { len = strlen( text ); - if (text[len-1] != '\n') + if (text[len-1] != '\n') { i = 1; + } } - v2 = ch_malloc( len+i+sizeof("Referral:") ); - if (text) { + + v2 = SLAP_MALLOC( len+i+sizeof("Referral:") ); + if( v2 == NULL ) { +#ifdef NEW_LOGGING + LDAP_LOG( OPERATION, ERR, "v2ref: SLAP_MALLOC failed", 0, 0, 0 ); +#else + Debug( LDAP_DEBUG_ANY, "v2ref: SLAP_MALLOC failed", 0, 0, 0 ); +#endif + return NULL; + } + + if( text != NULL ) { strcpy(v2, text); - if (i) + if( i ) { v2[len++] = '\n'; + } } strcpy( v2+len, "Referral:" ); len += sizeof("Referral:"); - for( i=0; ref[i] != NULL; i++ ) { - v2 = ch_realloc( v2, len + ref[i]->bv_len + 1 ); + for( i=0; ref[i].bv_val != NULL; i++ ) { + v2 = SLAP_REALLOC( v2, len + ref[i].bv_len + 1 ); + if( v2 == NULL ) { +#ifdef NEW_LOGGING + LDAP_LOG( OPERATION, ERR, "v2ref: SLAP_MALLOC failed", 0, 0, 0 ); +#else + Debug( LDAP_DEBUG_ANY, "v2ref: SLAP_MALLOC failed", 0, 0, 0 ); +#endif + return NULL; + } v2[len-1] = '\n'; - memcpy(&v2[len], ref[i]->bv_val, ref[i]->bv_len ); - len += ref[i]->bv_len; - if (ref[i]->bv_val[ref[i]->bv_len-1] != '/') + AC_MEMCPY(&v2[len], ref[i].bv_val, ref[i].bv_len ); + len += ref[i].bv_len; + if (ref[i].bv_val[ref[i].bv_len-1] != '/') { ++len; + } } v2[len-1] = '\0'; @@ -84,89 +109,10 @@ static ber_tag_t req2res( ber_tag_t tag ) break; default: - assert( 0 ); - tag = LBER_ERROR; - } - return tag; -} - -static void trim_refs_urls( - struct berval **refs ) -{ - unsigned i; - - if( refs == NULL ) return; - - for( i=0; refs[i] != NULL; i++ ) { - if( refs[i]->bv_len > sizeof("ldap://")-1 && - strncasecmp( refs[i]->bv_val, "ldap://", - sizeof("ldap://")-1 ) == 0 ) - { - unsigned j; - for( j=sizeof("ldap://")-1; jbv_len ; j++ ) { - if( refs[i]->bv_val[j] == '/' ) { - refs[i]->bv_val[j] = '\0'; - refs[i]->bv_len = j; - break; - } - } - } - } -} - -struct berval **get_entry_referrals( - Backend *be, - Connection *conn, - Operation *op, - Entry *e ) -{ - Attribute *attr; - struct berval **refs; - unsigned i, j; - - attr = attr_find( e->e_attrs, "ref" ); - - if( attr == NULL ) return NULL; - - for( i=0; attr->a_vals[i] != NULL; i++ ) { - /* count references */ - } - - if( i < 1 ) return NULL; - - refs = ch_malloc( i + 1 ); - - for( i=0, j=0; attr->a_vals[i] != NULL; i++ ) { - unsigned k; - struct berval *ref = ber_bvdup( attr->a_vals[i] ); - - /* trim the label */ - for( k=0; kbv_len; k++ ) { - if( isspace(ref->bv_val[k]) ) { - ref->bv_val[k] = '\0'; - ref->bv_len = k; - break; - } - } - - if( ref->bv_len > 0 ) { - refs[j++] = ref; - - } else { - ber_bvfree( ref ); - } - } - - refs[j] = NULL; - - if( j == 0 ) { - ber_bvecfree( refs ); - refs = NULL; + tag = LBER_SEQUENCE; } - /* we should check that a referral value exists... */ - - return refs; + return tag; } static long send_ldap_ber( @@ -186,6 +132,7 @@ static long send_ldap_ber( /* write the pdu */ while( 1 ) { int err; + ber_socket_t sd; if ( connection_state_closing( conn ) ) { ldap_pvt_thread_mutex_unlock( &conn->c_mutex ); @@ -206,8 +153,14 @@ static long send_ldap_ber( * it's a hard error and return. */ +#ifdef NEW_LOGGING + LDAP_LOG( OPERATION, ERR, + "send_ldap_ber: conn %lu ber_flush failed err=%d (%s)\n", + conn ? conn->c_connid : 0, err, sock_errstr(err) ); +#else Debug( LDAP_DEBUG_CONNS, "ber_flush failed errno=%d reason=\"%s\"\n", - err, STRERROR(err), 0 ); + err, sock_errstr(err), 0 ); +#endif if ( err != EWOULDBLOCK && err != EAGAIN ) { connection_closing( conn ); @@ -220,7 +173,8 @@ static long send_ldap_ber( /* wait for socket to be write-ready */ conn->c_writewaiter = 1; - slapd_set_write( ber_pvt_sb_get_desc( conn->c_sb ), 1 ); + ber_sockbuf_ctrl( conn->c_sb, LBER_SB_OPT_GET_FD, &sd ); + slapd_set_write( sd, 1 ); ldap_pvt_thread_cond_wait( &conn->c_write_cv, &conn->c_mutex ); conn->c_writewaiter = 0; @@ -232,6 +186,38 @@ static long send_ldap_ber( return bytes; } +static int +send_ldap_controls( BerElement *ber, LDAPControl **c ) +{ + int rc; + if( c == NULL ) return 0; + + rc = ber_printf( ber, "t{"/*}*/, LDAP_TAG_CONTROLS ); + if( rc == -1 ) return rc; + + for( ; *c != NULL; c++) { + rc = ber_printf( ber, "{s" /*}*/, (*c)->ldctl_oid ); + + if( (*c)->ldctl_iscritical ) { + rc = ber_printf( ber, "b", + (ber_int_t) (*c)->ldctl_iscritical ) ; + if( rc == -1 ) return rc; + } + + if( (*c)->ldctl_value.bv_val != NULL ) { + rc = ber_printf( ber, "O", &((*c)->ldctl_value)); + if( rc == -1 ) return rc; + } + + rc = ber_printf( ber, /*{*/"N}" ); + if( rc == -1 ) return rc; + } + + rc = ber_printf( ber, /*{*/"N}" ); + + return rc; +} + static void send_ldap_response( Connection *conn, @@ -241,82 +227,156 @@ send_ldap_response( ber_int_t err, const char *matched, const char *text, - struct berval **ref, + BerVarray ref, const char *resoid, struct berval *resdata, struct berval *sasldata, LDAPControl **ctrls ) { - BerElement *ber; + char berbuf[LBER_ELEMENT_SIZEOF]; + BerElement *ber = (BerElement *)berbuf; int rc; long bytes; - assert( ctrls == NULL ); /* ctrls not implemented */ + if (op->o_callback && op->o_callback->sc_response) { + op->o_callback->sc_response( conn, op, tag, msgid, err, matched, + text, ref, resoid, resdata, sasldata, ctrls ); + return; + } + +#ifdef LDAP_CONNECTIONLESS + if (conn->c_is_udp) + ber = op->o_res_ber; + else +#endif - ber = ber_alloc_t( LBER_USE_DER ); + ber_init_w_nullc( ber, LBER_USE_DER ); - Debug( LDAP_DEBUG_TRACE, "send_ldap_response: msgid=%ld tag=%ld err=%ld\n", - (long) msgid, (long) tag, (long) err ); +#ifdef NEW_LOGGING + LDAP_LOG( OPERATION, ENTRY, + "send_ldap_response: msgid=%d tag=%lu err=%d\n", + msgid, tag, err ); +#else + Debug( LDAP_DEBUG_TRACE, + "send_ldap_response: msgid=%d tag=%lu err=%d\n", + msgid, tag, err ); +#endif - if ( ber == NULL ) { - Debug( LDAP_DEBUG_ANY, "ber_alloc failed\n", 0, 0, 0 ); - return; + if( ref ) { +#ifdef NEW_LOGGING + LDAP_LOG( OPERATION, ARGS, + "send_ldap_response: conn %lu ref=\"%s\"\n", + conn ? conn->c_connid : 0, + ref[0].bv_val ? ref[0].bv_val : "NULL" , 0 ); +#else + Debug( LDAP_DEBUG_ARGS, "send_ldap_response: ref=\"%s\"\n", + ref[0].bv_val ? ref[0].bv_val : "NULL", + NULL, NULL ); +#endif } #ifdef LDAP_CONNECTIONLESS - if ( op->o_cldap ) { - rc = ber_printf( ber, "{is{t{ess}}}", msgid, "", tag, - err, matched ? matched : "", text ? text : "" ); - } else + if (conn->c_is_udp && op->o_protocol == LDAP_VERSION2) { + rc = ber_printf( ber, "t{ess" /*"}}"*/, + tag, err, + matched == NULL ? "" : matched, + text == NULL ? "" : text ); + } else #endif { - rc = ber_printf( ber, "{it{ess", - msgid, tag, err, - matched == NULL ? "" : matched, - text == NULL ? "" : text ); + rc = ber_printf( ber, "{it{ess" /*"}}"*/, + msgid, tag, err, + matched == NULL ? "" : matched, + text == NULL ? "" : text ); + } - if( rc != -1 && ref != NULL ) { - rc = ber_printf( ber, "{V}", ref ); + if( rc != -1 ) { + if ( ref != NULL ) { + assert( err == LDAP_REFERRAL ); + rc = ber_printf( ber, "t{W}", + LDAP_TAG_REFERRAL, ref ); + } else { + assert( err != LDAP_REFERRAL ); } + } - if( rc != -1 && sasldata != NULL ) { - rc = ber_printf( ber, "tO", - LDAP_TAG_SASL_RES_CREDS, sasldata ); - } + if( rc != -1 && sasldata != NULL ) { + rc = ber_printf( ber, "tO", + LDAP_TAG_SASL_RES_CREDS, sasldata ); + } - if( rc != -1 && resoid != NULL ) { - rc = ber_printf( ber, "ts", - LDAP_TAG_EXOP_RES_OID, resoid ); - } + if( rc != -1 && resoid != NULL ) { + rc = ber_printf( ber, "ts", + LDAP_TAG_EXOP_RES_OID, resoid ); + } - if( rc != -1 && resdata != NULL ) { - rc = ber_printf( ber, "tO", - LDAP_TAG_EXOP_RES_VALUE, resdata ); - } + if( rc != -1 && resdata != NULL ) { + rc = ber_printf( ber, "tO", + LDAP_TAG_EXOP_RES_VALUE, resdata ); + } - if( rc != -1 ) { - rc = ber_printf( ber, "}}" ); - } + if( rc != -1 ) { + rc = ber_printf( ber, /*"{"*/ "N}" ); + } + + if( rc != -1 && ctrls != NULL ) { + rc = send_ldap_controls( ber, ctrls ); } + if( rc != -1 ) { + rc = ber_printf( ber, /*"{"*/ "N}" ); + } + +#ifdef LDAP_CONNECTIONLESS + if( conn->c_is_udp && op->o_protocol == LDAP_VERSION2 && rc != -1 ) { + rc = ber_printf( ber, /*"{"*/ "N}" ); + } +#endif + if ( rc == -1 ) { +#ifdef NEW_LOGGING + LDAP_LOG( OPERATION, ERR, + "send_ldap_response: conn %lu ber_printf failed\n", + conn ? conn->c_connid : 0, 0, 0 ); +#else Debug( LDAP_DEBUG_ANY, "ber_printf failed\n", 0, 0, 0 ); - ber_free( ber, 1 ); +#endif + +#ifdef LDAP_CONNECTIONLESS + if (conn->c_is_udp == 0) +#endif + ber_free_buf( ber ); return; } /* send BER */ bytes = send_ldap_ber( conn, ber ); - ber_free( ber, 1 ); +#ifdef LDAP_CONNECTIONLESS + if (conn->c_is_udp == 0) +#endif + ber_free_buf( ber ); if ( bytes < 0 ) { +#ifdef NEW_LOGGING + LDAP_LOG( OPERATION, ERR, + "send_ldap_response: conn %lu ber write failed\n", + conn ? conn->c_connid : 0, 0, 0 ); +#else Debug( LDAP_DEBUG_ANY, "send_ldap_response: ber write failed\n", 0, 0, 0 ); +#endif + return; } +#ifdef LDAP_SLAPI + slapi_pblock_set( op->o_pb, SLAPI_RESULT_CODE, (void *)err ); + slapi_pblock_set( op->o_pb, SLAPI_RESULT_MATCHED, ( matched != NULL ) ? (void *)ch_strdup( matched ) : NULL ); + slapi_pblock_set( op->o_pb, SLAPI_RESULT_TEXT, ( text != NULL ) ? (void *)ch_strdup( text ) : NULL ); +#endif /* LDAP_SLAPI */ + ldap_pvt_thread_mutex_lock( &num_sent_mutex ); num_bytes_sent += bytes; num_pdu_sent++; @@ -344,9 +404,16 @@ send_ldap_disconnect( assert( LDAP_UNSOLICITED_ERROR( err ) ); +#ifdef NEW_LOGGING + LDAP_LOG( OPERATION, ENTRY, + "send_ldap_disconnect: conn %lu %d:%s\n", + conn ? conn->c_connid : 0, err, text ? text : "" ); +#else Debug( LDAP_DEBUG_TRACE, "send_ldap_disconnect %d:%s\n", err, text ? text : "", NULL ); +#endif + if ( op->o_protocol < LDAP_VERSION3 ) { reqoid = NULL; @@ -359,35 +426,23 @@ send_ldap_disconnect( msgid = 0; } -#ifdef LDAP_CONNECTIONLESS - if ( op->o_cldap ) { - ber_pvt_sb_udp_set_dst( conn->c_sb, &op->o_clientaddr ); - Debug( LDAP_DEBUG_TRACE, "UDP response to %s port %d\n", - inet_ntoa(((struct sockaddr_in *) - &op->o_clientaddr)->sin_addr ), - ((struct sockaddr_in *) &op->o_clientaddr)->sin_port, - 0 ); - } -#endif - send_ldap_response( conn, op, tag, msgid, err, NULL, text, NULL, reqoid, NULL, NULL, NULL ); Statslog( LDAP_DEBUG_STATS, - "conn=%ld op=%ld DISCONNECT err=%ld tag=%lu text=%s\n", - (long) op->o_connid, (long) op->o_opid, - (long) tag, (long) err, text ? text : "" ); + "conn=%lu op=%lu DISCONNECT tag=%lu err=%d text=%s\n", + op->o_connid, op->o_opid, tag, err, text ? text : "" ); } void -send_ldap_result( +slap_send_ldap_result( Connection *conn, Operation *op, ber_int_t err, const char *matched, const char *text, - struct berval **ref, + BerVarray ref, LDAPControl **ctrls ) { @@ -397,18 +452,48 @@ send_ldap_result( assert( !LDAP_API_ERROR( err ) ); - Debug( LDAP_DEBUG_TRACE, "send_ldap_result: conn=%ld op=%ld p=%d\n", - (long) op->o_connid, (long) op->o_opid, op->o_protocol ); - Debug( LDAP_DEBUG_ARGS, "send_ldap_result: %d:%s:%s\n", - err, matched ? matched : "", text ? text : "" ); +#ifdef NEW_LOGGING + LDAP_LOG( OPERATION, ENTRY, + "send_ldap_result: conn %lu op=%lu p=%d\n", + op->o_connid, op->o_opid, op->o_protocol ); +#else + Debug( LDAP_DEBUG_TRACE, + "send_ldap_result: conn=%lu op=%lu p=%d\n", + op->o_connid, op->o_opid, op->o_protocol ); +#endif + +#ifdef NEW_LOGGING + LDAP_LOG( OPERATION, ARGS, + "send_ldap_result: err=%d matched=\"%s\" text=\"%s\"\n", + err, matched ? matched : "", text ? text : "" ); +#else + Debug( LDAP_DEBUG_ARGS, + "send_ldap_result: err=%d matched=\"%s\" text=\"%s\"\n", + err, matched ? matched : "", text ? text : "" ); +#endif - assert( err != LDAP_PARTIAL_RESULTS ); - if( op->o_tag != LDAP_REQ_SEARCH ) { - trim_refs_urls( ref ); + if( ref ) { +#ifdef NEW_LOGGING + LDAP_LOG( OPERATION, ARGS, + "send_ldap_result: referral=\"%s\"\n", + ref[0].bv_val ? ref[0].bv_val : "NULL", 0, 0 ); +#else + Debug( LDAP_DEBUG_ARGS, + "send_ldap_result: referral=\"%s\"\n", + ref[0].bv_val ? ref[0].bv_val : "NULL", + NULL, NULL ); +#endif } + assert( err != LDAP_PARTIAL_RESULTS ); + if ( err == LDAP_REFERRAL ) { +#ifdef LDAP_CONTROL_X_DOMAIN_SCOPE + if( op->o_domain_scope ) { + ref = NULL; + } +#endif if( ref == NULL ) { err = LDAP_NO_SUCH_OBJECT; } else if ( op->o_protocol < LDAP_VERSION3 ) { @@ -425,25 +510,13 @@ send_ldap_result( tag = req2res( op->o_tag ); msgid = (tag != LBER_SEQUENCE) ? op->o_msgid : 0; -#ifdef LDAP_CONNECTIONLESS - if ( op->o_cldap ) { - ber_pvt_sb_udp_set_dst( conn->c_sb, &op->o_clientaddr ); - Debug( LDAP_DEBUG_TRACE, "UDP response to %s port %d\n", - inet_ntoa(((struct sockaddr_in *) - &op->o_clientaddr)->sin_addr ), - ((struct sockaddr_in *) &op->o_clientaddr)->sin_port, - 0 ); - } -#endif - send_ldap_response( conn, op, tag, msgid, err, matched, text, ref, NULL, NULL, NULL, ctrls ); Statslog( LDAP_DEBUG_STATS, - "conn=%ld op=%ld RESULT tag=%lu err=%ld text=%s\n", - (long) op->o_connid, (long) op->o_opid, - (long) tag, (long) err, text ? text : "" ); + "conn=%lu op=%lu RESULT tag=%lu err=%d text=%s\n", + op->o_connid, op->o_opid, tag, err, text ? text : "" ); if( tmp != NULL ) { ch_free(tmp); @@ -457,6 +530,7 @@ send_ldap_sasl( ber_int_t err, const char *matched, const char *text, + BerVarray ref, LDAPControl **ctrls, struct berval *cred ) @@ -464,37 +538,33 @@ send_ldap_sasl( ber_tag_t tag; ber_int_t msgid; - Debug( LDAP_DEBUG_TRACE, "send_ldap_sasl %ld\n", - (long) err, NULL, NULL ); +#ifdef NEW_LOGGING + LDAP_LOG( OPERATION, ENTRY, + "send_ldap_sasl: conn %lu err=%d len=%lu\n", + op->o_connid, err, cred ? cred->bv_len : -1 ); +#else + Debug( LDAP_DEBUG_TRACE, "send_ldap_sasl: err=%d len=%ld\n", + err, cred ? (long) cred->bv_len : -1, NULL ); +#endif + tag = req2res( op->o_tag ); msgid = (tag != LBER_SEQUENCE) ? op->o_msgid : 0; -#ifdef LDAP_CONNECTIONLESS - if ( op->o_cldap ) { - ber_pvt_sb_udp_set_dst( conn->c_sb, &op->o_clientaddr ); - Debug( LDAP_DEBUG_TRACE, "UDP response to %s port %d\n", - inet_ntoa(((struct sockaddr_in *) - &op->o_clientaddr)->sin_addr ), - ((struct sockaddr_in *) &op->o_clientaddr)->sin_port, - 0 ); - } -#endif - send_ldap_response( conn, op, tag, msgid, - err, matched, text, NULL, - NULL, NULL, cred, ctrls ); + err, matched, text, ref, + NULL, NULL, cred, ctrls ); } void -send_ldap_extended( +slap_send_ldap_extended( Connection *conn, Operation *op, ber_int_t err, const char *matched, const char *text, - struct berval **refs, - char *rspoid, + BerVarray refs, + const char *rspoid, struct berval *rspdata, LDAPControl **ctrls ) @@ -502,40 +572,70 @@ send_ldap_extended( ber_tag_t tag; ber_int_t msgid; +#ifdef NEW_LOGGING + LDAP_LOG( OPERATION, ENTRY, + "send_ldap_extended: err=%d oid=%s len=%ld\n", + err, rspoid ? rspoid : "", + rspdata != NULL ? rspdata->bv_len : 0 ); +#else Debug( LDAP_DEBUG_TRACE, - "send_ldap_extended %ld:%s (%ld)\n", - (long) err, + "send_ldap_extended: err=%d oid=%s len=%ld\n", + err, rspoid ? rspoid : "", - rspdata != NULL ? (long) rspdata->bv_len : (long) 0 ); + rspdata != NULL ? rspdata->bv_len : 0 ); +#endif tag = req2res( op->o_tag ); msgid = (tag != LBER_SEQUENCE) ? op->o_msgid : 0; -#ifdef LDAP_CONNECTIONLESS - if ( op->o_cldap ) { - ber_pvt_sb_udp_set_dst( conn->c_sb, &op->o_clientaddr ); - Debug( LDAP_DEBUG_TRACE, "UDP response to %s port %d\n", - inet_ntoa(((struct sockaddr_in *) - &op->o_clientaddr)->sin_addr ), - ((struct sockaddr_in *) &op->o_clientaddr)->sin_port, - 0 ); - } -#endif - send_ldap_response( conn, op, tag, msgid, err, matched, text, refs, rspoid, rspdata, NULL, ctrls ); } +#ifdef LDAP_RES_INTERMEDIATE_RESP +void +slap_send_ldap_intermediate_resp( + Connection *conn, + Operation *op, + ber_int_t err, + const char *matched, + const char *text, + BerVarray refs, + const char *rspoid, + struct berval *rspdata, + LDAPControl **ctrls ) +{ + ber_tag_t tag; + ber_int_t msgid; +#ifdef NEW_LOGGING + LDAP_LOG( OPERATION, ENTRY, + "send_ldap_intermediate: err=%d oid=%s len=%ld\n", + err, rspoid ? rspoid : "", + rspdata != NULL ? rspdata->bv_len : 0 ); +#else + Debug( LDAP_DEBUG_TRACE, + "send_ldap_intermediate: err=%d oid=%s len=%ld\n", + err, + rspoid ? rspoid : "", + rspdata != NULL ? rspdata->bv_len : 0 ); +#endif + tag = LDAP_RES_INTERMEDIATE_RESP; + msgid = (tag != LBER_SEQUENCE) ? op->o_msgid : 0; + send_ldap_response( conn, op, tag, msgid, + err, matched, text, refs, + rspoid, rspdata, NULL, ctrls ); +} +#endif void -send_search_result( +slap_send_search_result( Connection *conn, Operation *op, ber_int_t err, const char *matched, const char *text, - struct berval **refs, + BerVarray refs, LDAPControl **ctrls, int nentries ) @@ -543,14 +643,27 @@ send_search_result( ber_tag_t tag; ber_int_t msgid; char *tmp = NULL; + assert( !LDAP_API_ERROR( err ) ); - Debug( LDAP_DEBUG_TRACE, "send_ldap_search_result %d:%s:%s\n", - err, matched ? matched : "", text ? text : "" ); + if (op->o_callback && op->o_callback->sc_sresult) { + op->o_callback->sc_sresult(conn, op, err, matched, text, refs, + ctrls, nentries); + return; + } - assert( err != LDAP_PARTIAL_RESULTS ); +#ifdef NEW_LOGGING + LDAP_LOG( OPERATION, ENTRY, + "send_search_result: err=%d matched=\"%s\" text=\"%s\"\n", + err, matched ? matched : "", text ? text : "" ); +#else + Debug( LDAP_DEBUG_TRACE, + "send_search_result: err=%d matched=\"%s\" text=\"%s\"\n", + err, matched ? matched : "", text ? text : "" ); +#endif - trim_refs_urls( refs ); + + assert( err != LDAP_PARTIAL_RESULTS ); if( op->o_protocol < LDAP_VERSION3 ) { /* send references in search results */ @@ -561,6 +674,7 @@ send_search_result( tmp = v2ref( refs, text ); text = tmp; refs = NULL; + } else { /* don't send references in search results */ assert( refs == NULL ); @@ -574,251 +688,618 @@ send_search_result( tag = req2res( op->o_tag ); msgid = (tag != LBER_SEQUENCE) ? op->o_msgid : 0; -#ifdef LDAP_CONNECTIONLESS - if ( op->o_cldap ) { - ber_pvt_sb_udp_set_dst( conn->c_sb, &op->o_clientaddr ); - Debug( LDAP_DEBUG_TRACE, "UDP response to %s port %d\n", - inet_ntoa(((struct sockaddr_in *) - &op->o_clientaddr)->sin_addr ), - ((struct sockaddr_in *) &op->o_clientaddr)->sin_port, - 0 ); - } -#endif - send_ldap_response( conn, op, tag, msgid, err, matched, text, refs, NULL, NULL, NULL, ctrls ); + { + char nbuf[64]; + snprintf( nbuf, sizeof nbuf, "%d nentries=%d", err, nentries ); + Statslog( LDAP_DEBUG_STATS, - "conn=%ld op=%ld SEARCH RESULT tag=%lu err=%ld text=%s\n", - (long) op->o_connid, (long) op->o_opid, - (long) tag, (long) err, text ? text : "" ); + "conn=%lu op=%lu SEARCH RESULT tag=%lu err=%s text=%s\n", + op->o_connid, op->o_opid, tag, nbuf, text ? text : "" ); + } - if (tmp != NULL) + if (tmp != NULL) { ch_free(tmp); + } } - int -send_search_entry( +slap_send_search_entry( Backend *be, Connection *conn, Operation *op, Entry *e, - char **attrs, + AttributeName *attrs, int attrsonly, LDAPControl **ctrls ) { - BerElement *ber; - Attribute *a; - int i, rc=-1, bytes; - char *edn; + char berbuf[LBER_ELEMENT_SIZEOF]; + BerElement *ber = (BerElement *)berbuf; + Attribute *a, *aa; + int i, j, rc=-1, bytes; + char *edn; int userattrs; int opattrs; + AccessControlState acl_state = ACL_STATE_INIT; +#ifdef LDAP_SLAPI + /* Support for computed attribute plugins */ + computed_attr_context ctx; + AttributeName *anp; +#endif + + AttributeDescription *ad_entry = slap_schema.si_ad_entry; + + /* a_flags: array of flags telling if the i-th element will be + * returned or filtered out + * e_flags: array of a_flags + */ + char **e_flags = NULL; + + if (op->o_callback && op->o_callback->sc_sendentry) { + return op->o_callback->sc_sendentry( be, conn, op, e, attrs, + attrsonly, ctrls ); + } - Debug( LDAP_DEBUG_TRACE, "=> send_search_entry: \"%s\"\n", e->e_dn, 0, 0 ); +#ifdef NEW_LOGGING + LDAP_LOG( OPERATION, ENTRY, + "send_search_entry: conn %lu dn=\"%s\"%s\n", + op->o_connid, e->e_dn, attrsonly ? " (attrsOnly)" : "" ); +#else + Debug( LDAP_DEBUG_TRACE, + "=> send_search_entry: dn=\"%s\"%s\n", + e->e_dn, attrsonly ? " (attrsOnly)" : "", 0 ); +#endif if ( ! access_allowed( be, conn, op, e, - "entry", NULL, ACL_READ ) ) + ad_entry, NULL, ACL_READ, NULL ) ) { - Debug( LDAP_DEBUG_ACL, "acl: access to entry not allowed\n", +#ifdef NEW_LOGGING + LDAP_LOG( ACL, INFO, + "send_search_entry: conn %lu access to entry (%s) not allowed\n", + op->o_connid, e->e_dn, 0 ); +#else + Debug( LDAP_DEBUG_ACL, + "send_search_entry: access to entry not allowed\n", 0, 0, 0 ); +#endif + return( 1 ); } edn = e->e_ndn; - ber = ber_alloc_t( LBER_USE_DER ); +#ifdef LDAP_CONNECTIONLESS + if (conn->c_is_udp) + ber = op->o_res_ber; + else +#endif + ber_init_w_nullc( ber, LBER_USE_DER ); - if ( ber == NULL ) { - Debug( LDAP_DEBUG_ANY, "ber_alloc failed\n", 0, 0, 0 ); - send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR, - NULL, "allocating BER error", NULL, NULL ); - goto error_return; +#ifdef LDAP_CONNECTIONLESS + if (conn->c_is_udp && op->o_protocol == LDAP_VERSION2) { + rc = ber_printf(ber, "t{O{" /*}}*/, + LDAP_RES_SEARCH_ENTRY, &e->e_name); + } else +#endif + { + rc = ber_printf( ber, "{it{O{" /*}}}*/, op->o_msgid, + LDAP_RES_SEARCH_ENTRY, &e->e_name ); } - rc = ber_printf( ber, "{it{s{", op->o_msgid, - LDAP_RES_SEARCH_ENTRY, e->e_dn ); - if ( rc == -1 ) { +#ifdef NEW_LOGGING + LDAP_LOG( OPERATION, ERR, + "send_search_entry: conn %lu ber_printf failed\n", + op->o_connid, 0, 0 ); +#else Debug( LDAP_DEBUG_ANY, "ber_printf failed\n", 0, 0, 0 ); - ber_free( ber, 1 ); - send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR, - NULL, "encoding dn error", NULL, NULL ); +#endif + +#ifdef LDAP_CONNECTIONLESS + if (conn->c_is_udp == 0) +#endif + ber_free_buf( ber ); + send_ldap_result( conn, op, LDAP_OTHER, + NULL, "encoding DN error", NULL, NULL ); goto error_return; } /* check for special all user attributes ("*") type */ userattrs = ( attrs == NULL ) ? 1 - : charray_inlist( attrs, LDAP_ALL_USER_ATTRIBUTES ); + : an_find( attrs, &AllUser ); /* check for special all operational attributes ("+") type */ opattrs = ( attrs == NULL ) ? 0 - : charray_inlist( attrs, LDAP_ALL_OPERATIONAL_ATTRIBUTES ); + : an_find( attrs, &AllOper ); + + /* create an array of arrays of flags. Each flag corresponds + * to particular value of attribute and equals 1 if value matches + * to ValuesReturnFilter or 0 if not + */ + if ( op->vrFilter != NULL ) { + int k = 0; + size_t size; + + for ( a = e->e_attrs, i=0; a != NULL; a = a->a_next, i++ ) { + for ( j = 0; a->a_vals[j].bv_val != NULL; j++ ) k++; + } + + size = i * sizeof(char *) + k; + if ( size > 0 ) { + char *a_flags; + e_flags = SLAP_CALLOC ( 1, i * sizeof(char *) + k ); + if( e_flags == NULL ) { +#ifdef NEW_LOGGING + LDAP_LOG( OPERATION, ERR, + "send_search_entry: conn %lu SLAP_CALLOC failed\n", + conn ? conn->c_connid : 0, 0, 0 ); +#else + Debug( LDAP_DEBUG_ANY, + "send_search_entry: SLAP_CALLOC failed\n", 0, 0, 0 ); +#endif + ber_free( ber, 1 ); + + send_ldap_result( conn, op, LDAP_OTHER, + NULL, "memory error", + NULL, NULL ); + goto error_return; + } + a_flags = (char *)(e_flags + i); + memset( a_flags, 0, k ); + for ( a = e->e_attrs, i=0; a != NULL; a = a->a_next, i++ ) { + for ( j = 0; a->a_vals[j].bv_val != NULL; j++ ); + e_flags[i] = a_flags; + a_flags += j; + } + + rc = filter_matched_values(be, conn, op, e->e_attrs, &e_flags) ; + if ( rc == -1 ) { +#ifdef NEW_LOGGING + LDAP_LOG( OPERATION, ERR, + "send_search_entry: conn %lu matched values filtering failed\n", + conn ? conn->c_connid : 0, 0, 0 ); +#else + Debug( LDAP_DEBUG_ANY, + "matched values filtering failed\n", 0, 0, 0 ); +#endif +#ifdef LDAP_CONNECTIONLESS + if (conn->c_is_udp == 0) +#endif + ber_free( ber, 1 ); + + send_ldap_result( conn, op, LDAP_OTHER, + NULL, "matched values filtering error", + NULL, NULL ); + goto error_return; + } + } + } + + for ( a = e->e_attrs, j = 0; a != NULL; a = a->a_next, j++ ) { + AttributeDescription *desc = a->a_desc; - for ( a = e->e_attrs; a != NULL; a = a->a_next ) { if ( attrs == NULL ) { - /* all addrs request, skip operational attributes */ - if( !opattrs && oc_check_operational_attr( a->a_type ) ) { + /* all attrs request, skip operational attributes */ + if( is_at_operational( desc->ad_type ) ) { continue; } } else { - /* specific addrs requested */ - if ( oc_check_operational_attr( a->a_type ) ) { - if( !opattrs && !charray_inlist( attrs, a->a_type ) ) - { + /* specific attrs requested */ + if ( is_at_operational( desc->ad_type ) ) { + if( !opattrs && !ad_inlist( desc, attrs ) ) { continue; } + } else { - if (!userattrs && !charray_inlist( attrs, a->a_type ) ) - { + if (!userattrs && !ad_inlist( desc, attrs ) ) { continue; } } } - if ( ! access_allowed( be, conn, op, e, - a->a_type, NULL, ACL_READ ) ) + if ( ! access_allowed( be, conn, op, e, desc, NULL, + ACL_READ, &acl_state ) ) { - Debug( LDAP_DEBUG_ACL, "acl: access to attribute %s not allowed\n", - a->a_type, 0, 0 ); +#ifdef NEW_LOGGING + LDAP_LOG( ACL, INFO, + "send_search_entry: conn %lu access to attribute %s not " + "allowed\n", op->o_connid, desc->ad_cname.bv_val, 0 ); +#else + Debug( LDAP_DEBUG_ACL, "acl: " + "access to attribute %s not allowed\n", + desc->ad_cname.bv_val, 0, 0 ); +#endif continue; } - if (( rc = ber_printf( ber, "{s[" /*]}*/ , a->a_type )) == -1 ) { + if (( rc = ber_printf( ber, "{O[" /*]}*/ , &desc->ad_cname )) == -1 ) { +#ifdef NEW_LOGGING + LDAP_LOG( OPERATION, ERR, + "send_search_entry: conn %lu ber_printf failed\n", + op->o_connid, 0, 0 ); +#else Debug( LDAP_DEBUG_ANY, "ber_printf failed\n", 0, 0, 0 ); - ber_free( ber, 1 ); - send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR, - NULL, "encoding type error", NULL, NULL ); +#endif + +#ifdef LDAP_CONNECTIONLESS + if (conn->c_is_udp == 0) +#endif + ber_free_buf( ber ); + send_ldap_result( conn, op, LDAP_OTHER, + NULL, "encoding description error", NULL, NULL ); goto error_return; } if ( ! attrsonly ) { - for ( i = 0; a->a_vals[i] != NULL; i++ ) { + for ( i = 0; a->a_vals[i].bv_val != NULL; i++ ) { if ( ! access_allowed( be, conn, op, e, - a->a_type, a->a_vals[i], ACL_READ ) ) + desc, &a->a_vals[i], ACL_READ, &acl_state ) ) { +#ifdef NEW_LOGGING + LDAP_LOG( ACL, INFO, + "send_search_entry: conn %lu " + "access to attribute %s, value %d not allowed\n", + op->o_connid, desc->ad_cname.bv_val, i ); +#else Debug( LDAP_DEBUG_ACL, - "acl: access to attribute %s, value %d not allowed\n", - a->a_type, i, 0 ); + "acl: access to attribute %s, " + "value %d not allowed\n", + desc->ad_cname.bv_val, i, 0 ); +#endif + continue; } - if (( rc = ber_printf( ber, "O", a->a_vals[i] )) == -1 ) { + if ( op->vrFilter && e_flags[j][i] == 0 ){ + continue; + } + + if (( rc = ber_printf( ber, "O", &a->a_vals[i] )) == -1 ) { +#ifdef NEW_LOGGING + LDAP_LOG( OPERATION, ERR, + "send_search_entry: conn %lu " + "ber_printf failed.\n", op->o_connid, 0, 0 ); +#else Debug( LDAP_DEBUG_ANY, "ber_printf failed\n", 0, 0, 0 ); - ber_free( ber, 1 ); - send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR, - NULL, "encoding value error", NULL, NULL ); +#endif + +#ifdef LDAP_CONNECTIONLESS + if (conn->c_is_udp == 0) +#endif + ber_free_buf( ber ); + send_ldap_result( conn, op, LDAP_OTHER, + NULL, "encoding values error", + NULL, NULL ); goto error_return; } } } - if (( rc = ber_printf( ber, /*{[*/ "]}" )) == -1 ) { + if (( rc = ber_printf( ber, /*{[*/ "]N}" )) == -1 ) { +#ifdef NEW_LOGGING + LDAP_LOG( OPERATION, ERR, + "send_search_entry: conn %lu ber_printf failed\n", + op->o_connid, 0, 0 ); +#else Debug( LDAP_DEBUG_ANY, "ber_printf failed\n", 0, 0, 0 ); - ber_free( ber, 1 ); - send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR, +#endif + +#ifdef LDAP_CONNECTIONLESS + if (conn->c_is_udp == 0) +#endif + ber_free_buf( ber ); + send_ldap_result( conn, op, LDAP_OTHER, NULL, "encode end error", NULL, NULL ); goto error_return; } } -#ifdef SLAPD_SCHEMA_DN /* eventually will loop through generated operational attributes */ /* only have subschemaSubentry implemented */ - a = backend_subschemasubentry( be ); + aa = backend_operational( be, conn, op, e, attrs, opattrs ); + + if ( aa != NULL && op->vrFilter != NULL ) { + int k = 0; + size_t size; + + for ( a = aa, i=0; a != NULL; a = a->a_next, i++ ) { + for ( j = 0; a->a_vals[j].bv_val != NULL; j++ ) k++; + } + + size = i * sizeof(char *) + k; + if ( size > 0 ) { + char *a_flags, **tmp; + + /* + * Reuse previous memory - we likely need less space + * for operational attributes + */ + tmp = SLAP_REALLOC ( e_flags, i * sizeof(char *) + k ); + if ( tmp == NULL ) { +#ifdef NEW_LOGGING + LDAP_LOG( OPERATION, ERR, + "send_search_entry: conn %lu " + "not enough memory " + "for matched values filtering\n", + conn ? conn->c_connid : 0, 0, 0); +#else + Debug( LDAP_DEBUG_ANY, + "send_search_entry: conn %lu " + "not enough memory " + "for matched values filtering\n", + conn ? conn->c_connid : 0, 0, 0 ); +#endif + ber_free( ber, 1 ); + + send_ldap_result( conn, op, LDAP_NO_MEMORY, + NULL, NULL, NULL, NULL ); + goto error_return; + } + e_flags = tmp; + a_flags = (char *)(e_flags + i); + memset( a_flags, 0, k ); + for ( a = aa, i=0; a != NULL; a = a->a_next, i++ ) { + for ( j = 0; a->a_vals[j].bv_val != NULL; j++ ); + e_flags[i] = a_flags; + a_flags += j; + } + rc = filter_matched_values(be, conn, op, aa, &e_flags) ; + + if ( rc == -1 ) { +#ifdef NEW_LOGGING + LDAP_LOG( OPERATION, ERR, + "send_search_entry: conn %lu " + "matched values filtering failed\n", + conn ? conn->c_connid : 0, 0, 0); +#else + Debug( LDAP_DEBUG_ANY, + "matched values filtering failed\n", 0, 0, 0 ); +#endif +#ifdef LDAP_CONNECTIONLESS + if (conn->c_is_udp == 0) +#endif + ber_free( ber, 1 ); - do { + send_ldap_result( conn, op, LDAP_OTHER, + NULL, "matched values filtering error", + NULL, NULL ); + goto error_return; + } + } + } + + for (a = aa, j=0; a != NULL; a = a->a_next, j++ ) { + AttributeDescription *desc = a->a_desc; + if ( attrs == NULL ) { - /* all addrs request, skip operational attributes */ - if( !opattrs && oc_check_operational_attr( a->a_type ) ) { + /* all attrs request, skip operational attributes */ + if( is_at_operational( desc->ad_type ) ) { continue; } } else { - /* specific addrs requested */ - if ( oc_check_operational_attr( a->a_type ) ) { - if( !opattrs && !charray_inlist( attrs, a->a_type ) ) - { + /* specific attrs requested */ + if( is_at_operational( desc->ad_type ) ) { + if( !opattrs && !ad_inlist( desc, attrs ) ) { continue; } } else { - if (!userattrs && !charray_inlist( attrs, a->a_type ) ) + if (!userattrs && !ad_inlist( desc, attrs ) ) { continue; } } } - if ( ! access_allowed( be, conn, op, e, - a->a_type, NULL, ACL_READ ) ) + if ( ! access_allowed( be, conn, op, e, desc, NULL, + ACL_READ, &acl_state ) ) { - Debug( LDAP_DEBUG_ACL, "acl: access to attribute %s not allowed\n", - a->a_type, 0, 0 ); +#ifdef NEW_LOGGING + LDAP_LOG( ACL, INFO, + "send_search_entry: conn %lu " + "access to attribute %s not allowed\n", + op->o_connid, desc->ad_cname.bv_val, 0 ); +#else + Debug( LDAP_DEBUG_ACL, "acl: access to attribute %s " + "not allowed\n", + desc->ad_cname.bv_val, 0, 0 ); +#endif + continue; } - if (( rc = ber_printf( ber, "{s[" /*]}*/ , a->a_type )) == -1 ) { + rc = ber_printf( ber, "{O[" /*]}*/ , &desc->ad_cname ); + if ( rc == -1 ) { +#ifdef NEW_LOGGING + LDAP_LOG( OPERATION, ERR, + "send_search_entry: conn %lu " + "ber_printf failed\n", op->o_connid, 0, 0 ); +#else Debug( LDAP_DEBUG_ANY, "ber_printf failed\n", 0, 0, 0 ); - ber_free( ber, 1 ); - send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR, - NULL, "encoding type error", NULL, NULL ); +#endif + +#ifdef LDAP_CONNECTIONLESS + if (conn->c_is_udp == 0) +#endif + ber_free_buf( ber ); + send_ldap_result( conn, op, LDAP_OTHER, + NULL, "encoding description error", NULL, NULL ); + + attrs_free( aa ); goto error_return; } if ( ! attrsonly ) { - for ( i = 0; a->a_vals[i] != NULL; i++ ) { + for ( i = 0; a->a_vals[i].bv_val != NULL; i++ ) { if ( ! access_allowed( be, conn, op, e, - a->a_type, a->a_vals[i], ACL_READ ) ) + desc, &a->a_vals[i], ACL_READ, &acl_state ) ) { +#ifdef NEW_LOGGING + LDAP_LOG( ACL, INFO, + "send_search_entry: conn %lu " + "access to %s, value %d not allowed\n", + op->o_connid, desc->ad_cname.bv_val, i ); +#else Debug( LDAP_DEBUG_ACL, - "acl: access to attribute %s, value %d not allowed\n", - a->a_type, i, 0 ); + "acl: access to attribute %s, " + "value %d not allowed\n", + desc->ad_cname.bv_val, i, 0 ); +#endif + continue; } + if ( op->vrFilter && e_flags[j][i] == 0 ){ + continue; + } - if (( rc = ber_printf( ber, "O", a->a_vals[i] )) == -1 ) { + if (( rc = ber_printf( ber, "O", &a->a_vals[i] )) == -1 ) { +#ifdef NEW_LOGGING + LDAP_LOG( OPERATION, ERR, + "send_search_entry: conn %lu ber_printf failed\n", + op->o_connid, 0, 0 ); +#else Debug( LDAP_DEBUG_ANY, "ber_printf failed\n", 0, 0, 0 ); - ber_free( ber, 1 ); - send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR, - NULL, "encoding value error", NULL, NULL ); +#endif + +#ifdef LDAP_CONNECTIONLESS + if (conn->c_is_udp == 0) +#endif + ber_free_buf( ber ); + send_ldap_result( conn, op, LDAP_OTHER, + NULL, "encoding values error", + NULL, NULL ); + + attrs_free( aa ); goto error_return; } } } - if (( rc = ber_printf( ber, /*{[*/ "]}" )) == -1 ) { + if (( rc = ber_printf( ber, /*{[*/ "]N}" )) == -1 ) { +#ifdef NEW_LOGGING + LDAP_LOG( OPERATION, ERR, + "send_search_entry: conn %lu ber_printf failed\n", + op->o_connid, 0, 0 ); +#else Debug( LDAP_DEBUG_ANY, "ber_printf failed\n", 0, 0, 0 ); - ber_free( ber, 1 ); - send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR, +#endif + +#ifdef LDAP_CONNECTIONLESS + if (conn->c_is_udp == 0) +#endif + ber_free_buf( ber ); + send_ldap_result( conn, op, LDAP_OTHER, NULL, "encode end error", NULL, NULL ); + + attrs_free( aa ); goto error_return; } - } while (0); -#endif + } + +#ifdef LDAP_SLAPI + /* + * First, setup the computed attribute context that is + * passed to all plugins. + */ + ctx.cac_pb = op->o_pb; + ctx.cac_attrs = attrs; + ctx.cac_attrsonly = attrsonly; + ctx.cac_userattrs = userattrs; + ctx.cac_opattrs = opattrs; + ctx.cac_acl_state = acl_state; + ctx.cac_private = (void *)ber; + + /* + * For each client requested attribute, call the plugins. + */ + if ( attrs != NULL ) { + for ( anp = attrs; anp->an_name.bv_val != NULL; anp++ ) { + rc = compute_evaluator( &ctx, anp->an_name.bv_val, e, slapi_x_compute_output_ber ); + if ( rc == 1 ) { + break; + } + } + } else { + /* + * Technically we shouldn't be returning operational attributes + * when the user requested only user attributes. We'll let the + * plugin decide whether to be naughty or not. + */ + rc = compute_evaluator( &ctx, "*", e, slapi_x_compute_output_ber ); + } + if ( rc == 1 ) { + ber_free_buf( ber ); + send_ldap_result( conn, op, LDAP_OTHER, + NULL, "computed attribute error", NULL, NULL ); + goto error_return; + } +#endif /* LDAP_SLAPI */ + + /* free e_flags */ + if ( e_flags ) { + free( e_flags ); + e_flags = NULL; + } - rc = ber_printf( ber, /*{{{*/ "}}}" ); + attrs_free( aa ); + rc = ber_printf( ber, /*{{*/ "}N}" ); + + if( rc != -1 && ctrls != NULL ) { + rc = send_ldap_controls( ber, ctrls ); + } + +#ifdef LDAP_CONNECTIONLESS + if( conn->c_is_udp && op->o_protocol == LDAP_VERSION2 ) { + ; /* empty, skip following if */ + } else +#endif + if( rc != -1 ) { + rc = ber_printf( ber, /*{*/ "N}" ); + } if ( rc == -1 ) { +#ifdef NEW_LOGGING + LDAP_LOG( OPERATION, ERR, + "send_search_entry: conn %lu ber_printf failed\n", + op->o_connid, 0, 0 ); +#else Debug( LDAP_DEBUG_ANY, "ber_printf failed\n", 0, 0, 0 ); - ber_free( ber, 1 ); - send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR, +#endif + +#ifdef LDAP_CONNECTIONLESS + if (conn->c_is_udp == 0) +#endif + ber_free_buf( ber ); + send_ldap_result( conn, op, LDAP_OTHER, NULL, "encode entry end error", NULL, NULL ); return( 1 ); } - bytes = send_ldap_ber( conn, ber ); - ber_free( ber, 1 ); +#ifdef LDAP_CONNECTIONLESS + if (conn->c_is_udp == 0) { +#endif + bytes = op->o_noop ? 0 : send_ldap_ber( conn, ber ); + ber_free_buf( ber ); if ( bytes < 0 ) { +#ifdef NEW_LOGGING + LDAP_LOG( OPERATION, ERR, + "send_search_entry: conn %lu ber write failed.\n", + op->o_connid, 0, 0 ); +#else Debug( LDAP_DEBUG_ANY, - "send_ldap_response: ber write failed\n", + "send_search_entry: ber write failed\n", 0, 0, 0 ); +#endif + return -1; } @@ -828,103 +1309,195 @@ send_search_entry( num_pdu_sent++; ldap_pvt_thread_mutex_unlock( &num_sent_mutex ); - Statslog( LDAP_DEBUG_STATS2, "conn=%ld op=%ld ENTRY dn=\"%s\"\n", - (long) conn->c_connid, (long) op->o_opid, e->e_dn, 0, 0 ); +#ifdef LDAP_CONNECTIONLESS + } +#endif + + Statslog( LDAP_DEBUG_STATS2, "conn=%lu op=%lu ENTRY dn=\"%s\"\n", + conn->c_connid, op->o_opid, e->e_dn, 0, 0 ); +#ifdef NEW_LOGGING + LDAP_LOG( OPERATION, ENTRY, + "send_search_entry: conn %lu exit.\n", op->o_connid, 0, 0 ); +#else Debug( LDAP_DEBUG_TRACE, "<= send_search_entry\n", 0, 0, 0 ); +#endif rc = 0; error_return:; + if ( e_flags ) free( e_flags ); return( rc ); } int -send_search_reference( +slap_send_search_reference( Backend *be, Connection *conn, Operation *op, Entry *e, - struct berval **refs, - int scope, + BerVarray refs, LDAPControl **ctrls, - struct berval ***v2refs + BerVarray *v2refs ) { - BerElement *ber; + char berbuf[LBER_ELEMENT_SIZEOF]; + BerElement *ber = (BerElement *)berbuf; int rc; int bytes; - Debug( LDAP_DEBUG_TRACE, "=> send_search_reference (%s)\n", e->e_dn, 0, 0 ); + AttributeDescription *ad_ref = slap_schema.si_ad_ref; + AttributeDescription *ad_entry = slap_schema.si_ad_entry; - if ( ! access_allowed( be, conn, op, e, - "entry", NULL, ACL_READ ) ) + if (op->o_callback && op->o_callback->sc_sendreference) { + return op->o_callback->sc_sendreference( be, conn, op, e, refs, ctrls, v2refs ); + } + +#ifdef NEW_LOGGING + LDAP_LOG( OPERATION, ENTRY, + "send_search_reference: conn %lu dn=\"%s\"\n", + op->o_connid, e ? e->e_dn : "(null)", 0 ); +#else + Debug( LDAP_DEBUG_TRACE, + "=> send_search_reference: dn=\"%s\"\n", + e ? e->e_dn : "(null)", 0, 0 ); +#endif + + if ( e && ! access_allowed( be, conn, op, e, + ad_entry, NULL, ACL_READ, NULL ) ) { +#ifdef NEW_LOGGING + LDAP_LOG( ACL, INFO, + "send_search_reference: conn %lu " + "access to entry %s not allowed\n", + op->o_connid, e->e_dn, 0 ); +#else Debug( LDAP_DEBUG_ACL, "send_search_reference: access to entry not allowed\n", 0, 0, 0 ); +#endif + return( 1 ); } - if ( ! access_allowed( be, conn, op, e, - "ref", NULL, ACL_READ ) ) + if ( e && ! access_allowed( be, conn, op, e, + ad_ref, NULL, ACL_READ, NULL ) ) { +#ifdef NEW_LOGGING + LDAP_LOG( ACL, INFO, + "send_search_reference: conn %lu access " + "to reference not allowed.\n", op->o_connid, 0, 0 ); +#else Debug( LDAP_DEBUG_ACL, - "send_search_reference: access to reference not allowed\n", + "send_search_reference: access " + "to reference not allowed\n", 0, 0, 0 ); +#endif + return( 1 ); } +#ifdef LDAP_CONTROL_X_DOMAIN_SCOPE + if( op->o_domain_scope ) { +#ifdef NEW_LOGGING + LDAP_LOG( OPERATION, ERR, + "send_search_reference: conn %lu domainScope control in (%s).\n", + op->o_connid, e->e_dn, 0 ); +#else + Debug( LDAP_DEBUG_ANY, + "send_search_reference: domainScope control in (%s)\n", + e->e_dn, 0, 0 ); +#endif + + return( 0 ); + } +#endif + if( refs == NULL ) { +#ifdef NEW_LOGGING + LDAP_LOG( OPERATION, ERR, + "send_search_reference: conn %lu null ref in (%s).\n", + op->o_connid, e ? e->e_dn : "(null)", 0 ); +#else Debug( LDAP_DEBUG_ANY, "send_search_reference: null ref in (%s)\n", - e->e_dn, 0, 0 ); + e ? e->e_dn : "(null)", 0, 0 ); +#endif + return( 1 ); } if( op->o_protocol < LDAP_VERSION3 ) { /* save the references for the result */ - if( *refs != NULL ) { - value_add( v2refs, refs ); + if( refs[0].bv_val != NULL ) { + if( value_add( v2refs, refs ) ) + return LDAP_OTHER; } return 0; } - ber = ber_alloc_t( LBER_USE_DER ); +#ifdef LDAP_CONNECTIONLESS + if (conn->c_is_udp) + ber = op->o_res_ber; + else +#endif + ber_init_w_nullc( ber, LBER_USE_DER ); + + rc = ber_printf( ber, "{it{W}" /*"}"*/ , op->o_msgid, + LDAP_RES_SEARCH_REFERENCE, refs ); - if ( ber == NULL ) { - Debug( LDAP_DEBUG_ANY, - "send_search_reference: ber_alloc failed\n", 0, 0, 0 ); - send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR, - NULL, "alloc BER error", NULL, NULL ); - return -1; + if( rc != -1 && ctrls != NULL ) { + rc = send_ldap_controls( ber, ctrls ); } - rc = ber_printf( ber, "{it{V}}", op->o_msgid, - LDAP_RES_SEARCH_REFERENCE, refs ); + if( rc != -1 ) { + rc = ber_printf( ber, /*"{"*/ "N}", op->o_msgid, + LDAP_RES_SEARCH_REFERENCE, refs ); + } if ( rc == -1 ) { +#ifdef NEW_LOGGING + LDAP_LOG( OPERATION, ERR, + "send_search_reference: conn %lu " + "ber_printf failed.\n", op->o_connid, 0, 0 ); +#else Debug( LDAP_DEBUG_ANY, "send_search_reference: ber_printf failed\n", 0, 0, 0 ); - ber_free( ber, 1 ); - send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR, - NULL, "encode dn error", NULL, NULL ); +#endif + +#ifdef LDAP_CONNECTIONLESS + if (conn->c_is_udp == 0) +#endif + ber_free_buf( ber ); + send_ldap_result( conn, op, LDAP_OTHER, + NULL, "encode DN error", NULL, NULL ); return -1; } - bytes = send_ldap_ber( conn, ber ); - ber_free( ber, 1 ); +#ifdef LDAP_CONNECTIONLESS + if (conn->c_is_udp == 0) { +#endif + bytes = op->o_noop ? 0 : send_ldap_ber( conn, ber ); + ber_free_buf( ber ); ldap_pvt_thread_mutex_lock( &num_sent_mutex ); num_bytes_sent += bytes; num_refs_sent++; num_pdu_sent++; ldap_pvt_thread_mutex_unlock( &num_sent_mutex ); +#ifdef LDAP_CONNECTIONLESS + } +#endif - Statslog( LDAP_DEBUG_STATS2, "conn=%ld op=%ld ENTRY dn=\"%s\"\n", - (long) conn->c_connid, (long) op->o_opid, e->e_dn, 0, 0 ); + Statslog( LDAP_DEBUG_STATS2, "conn=%lu op=%lu REF dn=\"%s\"\n", + conn->c_connid, op->o_opid, e ? e->e_dn : "(null)", 0, 0 ); +#ifdef NEW_LOGGING + LDAP_LOG( OPERATION, ENTRY, + "send_search_reference: conn %lu exit.\n", op->o_connid, 0, 0 ); +#else Debug( LDAP_DEBUG_TRACE, "<= send_search_reference\n", 0, 0, 0 ); +#endif return 0; } @@ -946,8 +1519,13 @@ str2result( *info = NULL; if ( strncasecmp( s, "RESULT", 6 ) != 0 ) { +#ifdef NEW_LOGGING + LDAP_LOG( OPERATION, INFO, + "str2result: (%s), expecting \"RESULT\"\n", s, 0, 0 ); +#else Debug( LDAP_DEBUG_ANY, "str2result (%s) expecting \"RESULT\"\n", s, 0, 0 ); +#endif return( -1 ); } @@ -975,8 +1553,13 @@ str2result( *info = c; } } else { +#ifdef NEW_LOGGING + LDAP_LOG( OPERATION, INFO, "str2result: (%s) unknown.\n", s, 0, 0 ); +#else Debug( LDAP_DEBUG_ANY, "str2result (%s) unknown\n", s, 0, 0 ); +#endif + rc = -1; } }