X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=servers%2Fslapd%2Fresult.c;h=2e772774cd8c9823033fad5d6279b66d26fced0a;hb=919274432b0603c7726ca398ad9e11bb08c1a0e2;hp=8d0c5636848f070c5d3cb7fc7f35e75dd4124cb2;hpb=13d13baedaa55de8659551b585f03a344e87b415;p=openldap diff --git a/servers/slapd/result.c b/servers/slapd/result.c index 8d0c563684..2e772774cd 100644 --- a/servers/slapd/result.c +++ b/servers/slapd/result.c @@ -165,6 +165,38 @@ static long send_ldap_ber( return bytes; } +static int +send_ldap_controls( BerElement *ber, LDAPControl **c ) +{ + int rc; + if( c == NULL ) return 0; + + rc = ber_printf( ber, "t{"/*}*/, LDAP_TAG_CONTROLS ); + if( rc == -1 ) return rc; + + for( ; *c != NULL; c++) { + rc = ber_printf( ber, "{s" /*}*/, (*c)->ldctl_oid ); + + if( (*c)->ldctl_iscritical ) { + rc = ber_printf( ber, "b", + (ber_int_t) (*c)->ldctl_iscritical ) ; + if( rc == -1 ) return rc; + } + + if( (*c)->ldctl_value.bv_val != NULL ) { + rc = ber_printf( ber, "O", &((*c)->ldctl_value)); + if( rc == -1 ) return rc; + } + + rc = ber_printf( ber, /*{*/"N}" ); + if( rc == -1 ) return rc; + } + + rc = ber_printf( ber, /*{*/"N}" ); + + return rc; +} + static void send_ldap_response( Connection *conn, @@ -192,8 +224,6 @@ send_ldap_response( return; } - assert( ctrls == NULL ); /* ctrls not implemented */ - ber_init_w_nullc( ber, LBER_USE_DER ); #ifdef NEW_LOGGING @@ -217,12 +247,12 @@ send_ldap_response( ref[0].bv_val ? ref[0].bv_val : "NULL", NULL, NULL ); #endif - } #ifdef LDAP_CONNECTIONLESS - if (conn->c_is_udp) { - rc = ber_write(ber, (char *)&op->o_peeraddr, sizeof(struct sockaddr), 0); + if( conn->c_is_udp ) { + rc = ber_write(ber, + (char *)&op->o_peeraddr, sizeof(struct sockaddr), 0); if (rc != sizeof(struct sockaddr)) { #ifdef NEW_LOGGING LDAP_LOG( OPERATION, ERR, @@ -275,8 +305,17 @@ send_ldap_response( } if( rc != -1 ) { - rc = ber_printf( ber, /*"{{"*/ "N}N}" ); + rc = ber_printf( ber, /*"{"*/ "N}" ); } + + if( rc != -1 && ctrls != NULL ) { + rc = send_ldap_controls( ber, ctrls ); + } + + if( rc != -1 ) { + rc = ber_printf( ber, /*"{"*/ "N}" ); + } + #ifdef LDAP_CONNECTIONLESS if( conn->c_is_udp && op->o_protocol == LDAP_VERSION2 && rc != -1 ) { rc = ber_printf( ber, /*"{"*/ "N}" ); @@ -605,11 +644,6 @@ send_search_result( } } -static struct berval AllUser = { sizeof(LDAP_ALL_USER_ATTRIBUTES)-1, - LDAP_ALL_USER_ATTRIBUTES }; -static struct berval AllOper = { sizeof(LDAP_ALL_OPERATIONAL_ATTRIBUTES)-1, - LDAP_ALL_OPERATIONAL_ATTRIBUTES }; - int send_search_entry( Backend *be, @@ -676,17 +710,18 @@ send_search_entry( #ifdef LDAP_CONNECTIONLESS if (conn->c_is_udp) { - rc = ber_write(ber, (char *)&op->o_peeraddr, sizeof(struct sockaddr), 0); + rc = ber_write(ber, + (char *)&op->o_peeraddr, sizeof(struct sockaddr), 0); if (rc != sizeof(struct sockaddr)) { #ifdef NEW_LOGGING - LDAP_LOG( OPERATION, ERR, - "send_search_entry: conn %lu ber_printf failed\n", - conn ? conn->c_connid : 0, 0, 0 ); + LDAP_LOG( OPERATION, ERR, + "send_search_entry: conn %lu ber_printf failed\n", + conn ? conn->c_connid : 0, 0, 0 ); #else - Debug( LDAP_DEBUG_ANY, "ber_printf failed\n", 0, 0, 0 ); + Debug( LDAP_DEBUG_ANY, "ber_printf failed\n", 0, 0, 0 ); #endif - ber_free_buf( ber ); - return; + ber_free_buf( ber ); + return( 1 ); } } if (conn->c_is_udp && op->o_protocol == LDAP_VERSION2) { @@ -727,36 +762,42 @@ send_search_entry( * to ValuesReturnFilter or 0 if not */ if ( op->vrFilter != NULL ) { - int k = 0; - char *a_flags; + int k = 0; + size_t size; for ( a = e->e_attrs, i=0; a != NULL; a = a->a_next, i++ ) { for ( j = 0; a->a_vals[j].bv_val != NULL; j++ ) k++; } - e_flags = ch_calloc ( 1, i * sizeof(char *) + k ); - a_flags = (char *)(e_flags + i); - for ( a = e->e_attrs, i=0; a != NULL; a = a->a_next, i++ ) { - for ( j = 0; a->a_vals[j].bv_val != NULL; j++ ); - e_flags[i] = a_flags; - a_flags += j; - } - rc = filter_matched_values(be, conn, op, e->e_attrs, &e_flags) ; - if ( rc == -1 ) { + size = i * sizeof(char *) + k; + if ( size > 0 ) { + char *a_flags; + e_flags = ch_calloc ( 1, i * sizeof(char *) + k ); + a_flags = (char *)(e_flags + i); + memset( a_flags, 0, k ); + for ( a = e->e_attrs, i=0; a != NULL; a = a->a_next, i++ ) { + for ( j = 0; a->a_vals[j].bv_val != NULL; j++ ); + e_flags[i] = a_flags; + a_flags += j; + } + + rc = filter_matched_values(be, conn, op, e->e_attrs, &e_flags) ; + if ( rc == -1 ) { #ifdef NEW_LOGGING - LDAP_LOG( OPERATION, ERR, - "send_search_entry: conn %lu matched values filtering failed\n", - conn ? conn->c_connid : 0, 0, 0 ); + LDAP_LOG( OPERATION, ERR, + "send_search_entry: conn %lu matched values filtering failed\n", + conn ? conn->c_connid : 0, 0, 0 ); #else - Debug( LDAP_DEBUG_ANY, - "matched values filtering failed\n", 0, 0, 0 ); + Debug( LDAP_DEBUG_ANY, + "matched values filtering failed\n", 0, 0, 0 ); #endif - ber_free( ber, 1 ); - - send_ldap_result( conn, op, LDAP_OTHER, - NULL, "matched values filtering error", - NULL, NULL ); - goto error_return; + ber_free( ber, 1 ); + + send_ldap_result( conn, op, LDAP_OTHER, + NULL, "matched values filtering error", + NULL, NULL ); + goto error_return; + } } } @@ -874,48 +915,74 @@ send_search_entry( } } - /* free e_flags */ - if ( e_flags ) { - free( e_flags ); - e_flags = NULL; - } - /* eventually will loop through generated operational attributes */ /* only have subschemaSubentry implemented */ aa = backend_operational( be, conn, op, e, attrs, opattrs ); if ( aa != NULL && op->vrFilter != NULL ) { - int k = 0; - char *a_flags; + int k = 0; + size_t size; for ( a = aa, i=0; a != NULL; a = a->a_next, i++ ) { for ( j = 0; a->a_vals[j].bv_val != NULL; j++ ) k++; } - e_flags = ch_calloc ( 1, i * sizeof(char *) + k ); - a_flags = (char *)(e_flags + i); - for ( a = e->e_attrs, i=0; a != NULL; a = a->a_next, i++ ) { - for ( j = 0; a->a_vals[j].bv_val != NULL; j++ ); - e_flags[i] = a_flags; - a_flags += j; - } - rc = filter_matched_values(be, conn, op, aa, &e_flags) ; - - if ( rc == -1 ) { + + size = i * sizeof(char *) + k; + if ( size > 0 ) { + char *a_flags, **tmp; + + /* + * Reuse previous memory - we likely need less space + * for operational attributes + */ + tmp = ch_realloc ( e_flags, i * sizeof(char *) + k ); + if ( tmp == NULL ) { #ifdef NEW_LOGGING - LDAP_LOG( OPERATION, ERR, - "send_search_entry: conn %lu " - "matched values filtering failed\n", - conn ? conn->c_connid : 0, 0, 0); + LDAP_LOG( OPERATION, ERR, + "send_search_entry: conn %lu " + "not enough memory " + "for matched values filtering\n", + conn ? conn->c_connid : 0, 0, 0); #else - Debug( LDAP_DEBUG_ANY, - "matched values filtering failed\n", 0, 0, 0 ); + Debug( LDAP_DEBUG_ANY, + "send_search_entry: conn %lu " + "not enough memory " + "for matched values filtering\n", + conn ? conn->c_connid : 0, 0, 0 ); #endif - ber_free( ber, 1 ); - - send_ldap_result( conn, op, LDAP_OTHER, - NULL, "matched values filtering error", - NULL, NULL ); - goto error_return; + ber_free( ber, 1 ); + + send_ldap_result( conn, op, LDAP_NO_MEMORY, + NULL, NULL, NULL, NULL ); + goto error_return; + } + e_flags = tmp; + a_flags = (char *)(e_flags + i); + memset( a_flags, 0, k ); + for ( a = aa, i=0; a != NULL; a = a->a_next, i++ ) { + for ( j = 0; a->a_vals[j].bv_val != NULL; j++ ); + e_flags[i] = a_flags; + a_flags += j; + } + rc = filter_matched_values(be, conn, op, aa, &e_flags) ; + + if ( rc == -1 ) { +#ifdef NEW_LOGGING + LDAP_LOG( OPERATION, ERR, + "send_search_entry: conn %lu " + "matched values filtering failed\n", + conn ? conn->c_connid : 0, 0, 0); +#else + Debug( LDAP_DEBUG_ANY, + "matched values filtering failed\n", 0, 0, 0 ); +#endif + ber_free( ber, 1 ); + + send_ldap_result( conn, op, LDAP_OTHER, + NULL, "matched values filtering error", + NULL, NULL ); + goto error_return; + } } } @@ -1049,11 +1116,20 @@ send_search_entry( } attrs_free( aa ); - rc = ber_printf( ber, /*{{{*/ "}N}N}" ); + rc = ber_printf( ber, /*{{*/ "}N}" ); + + if( rc != -1 && ctrls != NULL ) { + rc = send_ldap_controls( ber, ctrls ); + } + + if( rc != -1 ) { + rc = ber_printf( ber, /*{*/ "N}" ); + } #ifdef LDAP_CONNECTIONLESS - if (conn->c_is_udp && op->o_protocol == LDAP_VERSION2 && rc != -1) + if (conn->c_is_udp && op->o_protocol == LDAP_VERSION2 && rc != -1) { rc = ber_printf( ber, "}" ); + } #endif if ( rc == -1 ) { #ifdef NEW_LOGGING @@ -1070,7 +1146,7 @@ send_search_entry( return( 1 ); } - bytes = send_ldap_ber( conn, ber ); + bytes = op->o_noop ? 0 : send_ldap_ber( conn, ber ); ber_free_buf( ber ); if ( bytes < 0 ) { @@ -1132,21 +1208,22 @@ send_search_reference( #ifdef NEW_LOGGING LDAP_LOG( OPERATION, ENTRY, "send_search_reference: conn %lu dn=\"%s\"\n", - op->o_connid, e->e_dn, 0 ); + op->o_connid, e ? e->e_dn : "(null)", 0 ); #else Debug( LDAP_DEBUG_TRACE, "=> send_search_reference: dn=\"%s\"\n", - e->e_dn, 0, 0 ); + e ? e->e_dn : "(null)", 0, 0 ); #endif - if ( ! access_allowed( be, conn, op, e, + if ( e && ! access_allowed( be, conn, op, e, ad_entry, NULL, ACL_READ, NULL ) ) { #ifdef NEW_LOGGING LDAP_LOG( ACL, INFO, "send_search_reference: conn %lu " - "access to entry %s not allowed\n", op->o_connid, e->e_dn, 0 ); + "access to entry %s not allowed\n", + op->o_connid, e->e_dn, 0 ); #else Debug( LDAP_DEBUG_ACL, "send_search_reference: access to entry not allowed\n", @@ -1156,7 +1233,7 @@ send_search_reference( return( 1 ); } - if ( ! access_allowed( be, conn, op, e, + if ( e && ! access_allowed( be, conn, op, e, ad_ref, NULL, ACL_READ, NULL ) ) { #ifdef NEW_LOGGING @@ -1177,11 +1254,11 @@ send_search_reference( #ifdef NEW_LOGGING LDAP_LOG( OPERATION, ERR, "send_search_reference: conn %lu null ref in (%s).\n", - op->o_connid, e->e_dn, 0 ); + op->o_connid, e ? e->e_dn : "(null)", 0 ); #else Debug( LDAP_DEBUG_ANY, "send_search_reference: null ref in (%s)\n", - e->e_dn, 0, 0 ); + e ? e->e_dn : "(null)", 0, 0 ); #endif return( 1 ); @@ -1197,9 +1274,18 @@ send_search_reference( ber_init_w_nullc( ber, LBER_USE_DER ); - rc = ber_printf( ber, "{it{W}N}", op->o_msgid, + rc = ber_printf( ber, "{it{W}" /*"}"*/ , op->o_msgid, LDAP_RES_SEARCH_REFERENCE, refs ); + if( rc != -1 && ctrls != NULL ) { + rc = send_ldap_controls( ber, ctrls ); + } + + if( rc != -1 ) { + rc = ber_printf( ber, /*"{"*/ "N}", op->o_msgid, + LDAP_RES_SEARCH_REFERENCE, refs ); + } + if ( rc == -1 ) { #ifdef NEW_LOGGING LDAP_LOG( OPERATION, ERR, @@ -1216,7 +1302,7 @@ send_search_reference( return -1; } - bytes = send_ldap_ber( conn, ber ); + bytes = op->o_noop ? 0 : send_ldap_ber( conn, ber ); ber_free_buf( ber ); ldap_pvt_thread_mutex_lock( &num_sent_mutex ); @@ -1226,7 +1312,7 @@ send_search_reference( ldap_pvt_thread_mutex_unlock( &num_sent_mutex ); Statslog( LDAP_DEBUG_STATS2, "conn=%lu op=%lu REF dn=\"%s\"\n", - conn->c_connid, op->o_opid, e->e_dn, 0, 0 ); + conn->c_connid, op->o_opid, e ? e->e_dn : "(null)", 0, 0 ); #ifdef NEW_LOGGING LDAP_LOG( OPERATION, ENTRY,