X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=servers%2Fslapd%2Fresult.c;h=4cfd8f1e2b7faffb8ff12a81f8666c2779030699;hb=6e9c21cff8fc740dc6ed21c6f64d9a8899a33401;hp=f5038ac540e566dadd5b1c01e9fdf8c002325d36;hpb=b660f54bb4c1e17be14e57e2e4811362986e0a10;p=openldap diff --git a/servers/slapd/result.c b/servers/slapd/result.c index f5038ac540..4cfd8f1e2b 100644 --- a/servers/slapd/result.c +++ b/servers/slapd/result.c @@ -1,4 +1,9 @@ /* result.c - routines to send ldap results, errors, and referrals */ +/* $OpenLDAP$ */ +/* + * Copyright 1998-2002 The OpenLDAP Foundation, All Rights Reserved. + * COPYING RESTRICTIONS APPLY, see COPYRIGHT file + */ #include "portable.h" @@ -6,7 +11,6 @@ #include #include -#include #include #include #include @@ -14,24 +18,61 @@ #include "slap.h" -/* we need LBER internals */ -#include "../../libraries/liblber/lber-int.h" - -static char *v2ref( struct berval **ref ) +static char *v2ref( BerVarray ref, const char *text ) { - size_t len, i; + size_t len = 0, i = 0; char *v2; - if(ref == NULL) return NULL; + if(ref == NULL) { + if (text) { + return ch_strdup(text); + } else { + return NULL; + } + } + + if ( text != NULL ) { + len = strlen( text ); + if (text[len-1] != '\n') { + i = 1; + } + } - len = sizeof("Referral:"); - v2 = ch_strdup("Referral:"); + v2 = SLAP_MALLOC( len+i+sizeof("Referral:") ); + if( v2 == NULL ) { +#ifdef NEW_LOGGING + LDAP_LOG( OPERATION, ERR, "v2ref: SLAP_MALLOC failed", 0, 0, 0 ); +#else + Debug( LDAP_DEBUG_ANY, "v2ref: SLAP_MALLOC failed", 0, 0, 0 ); +#endif + return NULL; + } - for( i=0; ref[i] != NULL; i++ ) { - v2 = ch_realloc( v2, len + ref[i]->bv_len + 1 ); + if( text != NULL ) { + strcpy(v2, text); + if( i ) { + v2[len++] = '\n'; + } + } + strcpy( v2+len, "Referral:" ); + len += sizeof("Referral:"); + + for( i=0; ref[i].bv_val != NULL; i++ ) { + v2 = SLAP_REALLOC( v2, len + ref[i].bv_len + 1 ); + if( v2 == NULL ) { +#ifdef NEW_LOGGING + LDAP_LOG( OPERATION, ERR, "v2ref: SLAP_MALLOC failed", 0, 0, 0 ); +#else + Debug( LDAP_DEBUG_ANY, "v2ref: SLAP_MALLOC failed", 0, 0, 0 ); +#endif + return NULL; + } v2[len-1] = '\n'; - memcpy(&v2[len], ref[i]->bv_val, ref[i]->bv_len ); - len += ref[i]->bv_len; + AC_MEMCPY(&v2[len], ref[i].bv_val, ref[i].bv_len ); + len += ref[i].bv_len; + if (ref[i].bv_val[ref[i].bv_len-1] != '/') { + ++len; + } } v2[len-1] = '\0'; @@ -64,96 +105,19 @@ static ber_tag_t req2res( ber_tag_t tag ) break; default: - assert( 0 ); - tag = LBER_ERROR; - } - return tag; -} - -static void trim_refs_urls( - struct berval **refs ) -{ - unsigned i; - - if( refs == NULL ) return; - - for( i=0; refs[i] != NULL; i++ ) { - if( refs[i]->bv_len > sizeof("ldap://")-1 && - strncasecmp( refs[i]->bv_val, "ldap://", - sizeof("ldap://")-1 ) == 0 ) - { - unsigned j; - for( j=sizeof("ldap://")-1; jbv_len ; j++ ) { - if( refs[i]->bv_val[j] == '/' ) { - refs[i]->bv_val[j] = '\0'; - refs[i]->bv_len = j; - break; - } - } - } - } -} - -struct berval **get_entry_referrals( - Backend *be, - Connection *conn, - Operation *op, - Entry *e ) -{ - Attribute *attr; - struct berval **refs; - unsigned i, j; - - attr = attr_find( e->e_attrs, "ref" ); - - if( attr == NULL ) return NULL; - - for( i=0; attr->a_vals[i] != NULL; i++ ) { - /* count references */ - } - - if( i < 1 ) return NULL; - - refs = ch_malloc( i + 1 ); - - for( i=0, j=0; attr->a_vals[i] != NULL; i++ ) { - unsigned k; - struct berval *ref = ber_bvdup( attr->a_vals[i] ); - - /* trim the label */ - for( k=0; kbv_len; k++ ) { - if( isspace(ref->bv_val[k]) ) { - ref->bv_val[k] = '\0'; - ref->bv_len = k; - break; - } - } - - if( ref->bv_len > 0 ) { - refs[j++] = ref; - - } else { - ber_bvfree( ref ); - } - } - - refs[j] = NULL; - - if( j == 0 ) { - ber_bvecfree( refs ); - refs = NULL; + tag = LBER_SEQUENCE; } - /* we should check that a referral value exists... */ - - return refs; + return tag; } static long send_ldap_ber( Connection *conn, BerElement *ber ) { - ber_len_t bytes = ber_pvt_ber_bytes( ber ); + ber_len_t bytes; + + ber_get_option( ber, LBER_OPT_BER_BYTES_TO_WRITE, &bytes ); /* write only one pdu at a time - wait til it's our turn */ ldap_pvt_thread_mutex_lock( &conn->c_write_mutex ); @@ -164,6 +128,7 @@ static long send_ldap_ber( /* write the pdu */ while( 1 ) { int err; + ber_socket_t sd; if ( connection_state_closing( conn ) ) { ldap_pvt_thread_mutex_unlock( &conn->c_mutex ); @@ -184,8 +149,14 @@ static long send_ldap_ber( * it's a hard error and return. */ +#ifdef NEW_LOGGING + LDAP_LOG( OPERATION, ERR, + "send_ldap_ber: conn %lu ber_flush failed err=%d (%s)\n", + conn ? conn->c_connid : 0, err, sock_errstr(err) ); +#else Debug( LDAP_DEBUG_CONNS, "ber_flush failed errno=%d reason=\"%s\"\n", - err, STRERROR(err), 0 ); + err, sock_errstr(err), 0 ); +#endif if ( err != EWOULDBLOCK && err != EAGAIN ) { connection_closing( conn ); @@ -198,7 +169,8 @@ static long send_ldap_ber( /* wait for socket to be write-ready */ conn->c_writewaiter = 1; - slapd_set_write( ber_pvt_sb_get_desc( conn->c_sb ), 1 ); + ber_sockbuf_ctrl( conn->c_sb, LBER_SB_OPT_GET_FD, &sd ); + slapd_set_write( sd, 1 ); ldap_pvt_thread_cond_wait( &conn->c_write_cv, &conn->c_mutex ); conn->c_writewaiter = 0; @@ -210,6 +182,38 @@ static long send_ldap_ber( return bytes; } +static int +send_ldap_controls( BerElement *ber, LDAPControl **c ) +{ + int rc; + if( c == NULL ) return 0; + + rc = ber_printf( ber, "t{"/*}*/, LDAP_TAG_CONTROLS ); + if( rc == -1 ) return rc; + + for( ; *c != NULL; c++) { + rc = ber_printf( ber, "{s" /*}*/, (*c)->ldctl_oid ); + + if( (*c)->ldctl_iscritical ) { + rc = ber_printf( ber, "b", + (ber_int_t) (*c)->ldctl_iscritical ) ; + if( rc == -1 ) return rc; + } + + if( (*c)->ldctl_value.bv_val != NULL ) { + rc = ber_printf( ber, "O", &((*c)->ldctl_value)); + if( rc == -1 ) return rc; + } + + rc = ber_printf( ber, /*{*/"N}" ); + if( rc == -1 ) return rc; + } + + rc = ber_printf( ber, /*{*/"N}" ); + + return rc; +} + static void send_ldap_response( Connection *conn, @@ -219,72 +223,150 @@ send_ldap_response( ber_int_t err, const char *matched, const char *text, - struct berval **ref, + BerVarray ref, const char *resoid, struct berval *resdata, + struct berval *sasldata, LDAPControl **ctrls ) { - BerElement *ber; + char berbuf[LBER_ELEMENT_SIZEOF]; + BerElement *ber = (BerElement *)berbuf; int rc; long bytes; - assert( ctrls == NULL ); /* ctrls not implemented */ - - ber = ber_alloc_t( LBER_USE_DER ); - - Debug( LDAP_DEBUG_TRACE, "send_ldap_response: msgid=%ld tag=%ld err=%ld\n", - (long) msgid, (long) tag, (long) err ); - - if ( ber == NULL ) { - Debug( LDAP_DEBUG_ANY, "ber_alloc failed\n", 0, 0, 0 ); + if (op->o_callback && op->o_callback->sc_response) { + op->o_callback->sc_response( conn, op, tag, msgid, err, matched, + text, ref, resoid, resdata, sasldata, ctrls ); return; } + + ber_init_w_nullc( ber, LBER_USE_DER ); + +#ifdef NEW_LOGGING + LDAP_LOG( OPERATION, ENTRY, + "send_ldap_response: msgid=%d tag=%lu err=%d\n", + msgid, tag, err ); +#else + Debug( LDAP_DEBUG_TRACE, + "send_ldap_response: msgid=%d tag=%lu err=%d\n", + msgid, tag, err ); +#endif + + if( ref ) { +#ifdef NEW_LOGGING + LDAP_LOG( OPERATION, ARGS, + "send_ldap_response: conn %lu ref=\"%s\"\n", + conn ? conn->c_connid : 0, + ref[0].bv_val ? ref[0].bv_val : "NULL" , 0 ); +#else + Debug( LDAP_DEBUG_ARGS, "send_ldap_response: ref=\"%s\"\n", + ref[0].bv_val ? ref[0].bv_val : "NULL", + NULL, NULL ); +#endif + } #ifdef LDAP_CONNECTIONLESS - if ( op->o_cldap ) { - rc = ber_printf( ber, "{is{t{ess}}}", msgid, "", tag, - err, matched ? matched : "", text ? text : "" ); + if( conn->c_is_udp ) { + rc = ber_write(ber, + (char *)&op->o_peeraddr, sizeof(struct sockaddr), 0); + if (rc != sizeof(struct sockaddr)) { +#ifdef NEW_LOGGING + LDAP_LOG( OPERATION, ERR, + "send_ldap_response: conn %lu ber_write failed\n", + conn ? conn->c_connid : 0 , 0, 0); +#else + Debug( LDAP_DEBUG_ANY, "ber_write failed\n", 0, 0, 0 ); +#endif + ber_free_buf( ber ); + return; + } + } + if (conn->c_is_udp && op->o_protocol == LDAP_VERSION2) { + rc = ber_printf( ber, "{is{t{ess" /*"}}}"*/, + msgid, "", tag, err, + matched == NULL ? "" : matched, + text == NULL ? "" : text ); } else #endif { - rc = ber_printf( ber, "{it{ess", - msgid, tag, err, - matched == NULL ? "" : matched, - text == NULL ? "" : text ); + rc = ber_printf( ber, "{it{ess" /*"}}"*/, + msgid, tag, err, + matched == NULL ? "" : matched, + text == NULL ? "" : text ); + } - if( rc != -1 && ref != NULL ) { - rc = ber_printf( ber, "{V}", ref ); + if( rc != -1 ) { + if ( ref != NULL ) { + assert( err == LDAP_REFERRAL ); + rc = ber_printf( ber, "t{W}", + LDAP_TAG_REFERRAL, ref ); + } else { + assert( err != LDAP_REFERRAL ); } + } - if( rc != -1 && resoid != NULL ) { - rc = ber_printf( ber, "s", resoid ); - } + if( rc != -1 && sasldata != NULL ) { + rc = ber_printf( ber, "tO", + LDAP_TAG_SASL_RES_CREDS, sasldata ); + } - if( rc != -1 && resdata != NULL ) { - rc = ber_printf( ber, "O", resdata ); + if( rc != -1 && resoid != NULL ) { + rc = ber_printf( ber, "ts", + LDAP_TAG_EXOP_RES_OID, resoid ); + } - } + if( rc != -1 && resdata != NULL ) { + rc = ber_printf( ber, "tO", + LDAP_TAG_EXOP_RES_VALUE, resdata ); + } - if( rc != -1 ) { - rc = ber_printf( ber, "}}" ); - } + if( rc != -1 ) { + rc = ber_printf( ber, /*"{"*/ "N}" ); + } + + if( rc != -1 && ctrls != NULL ) { + rc = send_ldap_controls( ber, ctrls ); + } + + if( rc != -1 ) { + rc = ber_printf( ber, /*"{"*/ "N}" ); + } + +#ifdef LDAP_CONNECTIONLESS + if( conn->c_is_udp && op->o_protocol == LDAP_VERSION2 && rc != -1 ) { + rc = ber_printf( ber, /*"{"*/ "N}" ); } +#endif if ( rc == -1 ) { +#ifdef NEW_LOGGING + LDAP_LOG( OPERATION, ERR, + "send_ldap_response: conn %lu ber_printf failed\n", + conn ? conn->c_connid : 0, 0, 0 ); +#else Debug( LDAP_DEBUG_ANY, "ber_printf failed\n", 0, 0, 0 ); - ber_free( ber, 1 ); +#endif + + ber_free_buf( ber ); return; } /* send BER */ bytes = send_ldap_ber( conn, ber ); - ber_free( ber, 1 ); + ber_free_buf( ber ); if ( bytes < 0 ) { +#ifdef NEW_LOGGING + LDAP_LOG( OPERATION, ERR, + "send_ldap_response: conn %lu ber write failed\n", + conn ? conn->c_connid : 0, 0, 0 ); +#else Debug( LDAP_DEBUG_ANY, "send_ldap_response: ber write failed\n", 0, 0, 0 ); +#endif + return; } @@ -315,9 +397,16 @@ send_ldap_disconnect( assert( LDAP_UNSOLICITED_ERROR( err ) ); +#ifdef NEW_LOGGING + LDAP_LOG( OPERATION, ENTRY, + "send_ldap_disconnect: conn %lu %d:%s\n", + conn ? conn->c_connid : 0, err, text ? text : "" ); +#else Debug( LDAP_DEBUG_TRACE, "send_ldap_disconnect %d:%s\n", err, text ? text : "", NULL ); +#endif + if ( op->o_protocol < LDAP_VERSION3 ) { reqoid = NULL; @@ -330,24 +419,13 @@ send_ldap_disconnect( msgid = 0; } -#ifdef LDAP_CONNECTIONLESS - if ( op->o_cldap ) { - ber_pvt_sb_udp_set_dst( conn->c_sb, &op->o_clientaddr ); - Debug( LDAP_DEBUG_TRACE, "UDP response to %s port %d\n", - inet_ntoa(((struct sockaddr_in *) - &op->o_clientaddr)->sin_addr ), - ((struct sockaddr_in *) &op->o_clientaddr)->sin_port, - 0 ); - } -#endif send_ldap_response( conn, op, tag, msgid, err, NULL, text, NULL, - reqoid, NULL, NULL ); + reqoid, NULL, NULL, NULL ); Statslog( LDAP_DEBUG_STATS, - "conn=%ld op=%ld DISCONNECT err=%ld tag=%lu text=%s\n", - (long) op->o_connid, (long) op->o_opid, - (long) tag, (long) err, text ? text : "" ); + "conn=%lu op=%lu DISCONNECT tag=%lu err=%d text=%s\n", + op->o_connid, op->o_opid, tag, err, text ? text : "" ); } void @@ -357,7 +435,7 @@ send_ldap_result( ber_int_t err, const char *matched, const char *text, - struct berval **ref, + BerVarray ref, LDAPControl **ctrls ) { @@ -367,56 +445,143 @@ send_ldap_result( assert( !LDAP_API_ERROR( err ) ); - Debug( LDAP_DEBUG_TRACE, "send_ldap_result: conn=%ld op=%ld p=%d\n", - (long) op->o_connid, (long) op->o_opid, op->o_protocol ); - Debug( LDAP_DEBUG_ARGS, "send_ldap_result: %d:%s:%s\n", - err, matched ? matched : "", text ? text : "" ); +#ifdef NEW_LOGGING + LDAP_LOG( OPERATION, ENTRY, + "send_ldap_result : conn %lu op=%lu p=%d\n", + op->o_connid, op->o_opid, op->o_protocol ); +#else + Debug( LDAP_DEBUG_TRACE, + "send_ldap_result: conn=%lu op=%lu p=%d\n", + op->o_connid, op->o_opid, op->o_protocol ); +#endif + +#ifdef NEW_LOGGING + LDAP_LOG( OPERATION, ARGS, + "send_ldap_result: err=%d matched=\"%s\" text=\"%s\"\n", + err, matched ? matched : "", text ? text : "" ); +#else + Debug( LDAP_DEBUG_ARGS, + "send_ldap_result: err=%d matched=\"%s\" text=\"%s\"\n", + err, matched ? matched : "", text ? text : "" ); +#endif - assert( err != LDAP_PARTIAL_RESULTS ); - if( op->o_tag != LDAP_REQ_SEARCH ) { - trim_refs_urls( ref ); + if( ref ) { +#ifdef NEW_LOGGING + LDAP_LOG( OPERATION, ARGS, + "send_ldap_result: referral=\"%s\"\n", + ref[0].bv_val ? ref[0].bv_val : "NULL", 0, 0 ); +#else + Debug( LDAP_DEBUG_ARGS, + "send_ldap_result: referral=\"%s\"\n", + ref[0].bv_val ? ref[0].bv_val : "NULL", + NULL, NULL ); +#endif } + assert( err != LDAP_PARTIAL_RESULTS ); + if ( err == LDAP_REFERRAL ) { if( ref == NULL ) { err = LDAP_NO_SUCH_OBJECT; } else if ( op->o_protocol < LDAP_VERSION3 ) { err = LDAP_PARTIAL_RESULTS; - tmp = v2ref( ref ); - text = tmp; - ref = NULL; } } + if ( op->o_protocol < LDAP_VERSION3 ) { + tmp = v2ref( ref, text ); + text = tmp; + ref = NULL; + } + tag = req2res( op->o_tag ); msgid = (tag != LBER_SEQUENCE) ? op->o_msgid : 0; -#ifdef LDAP_CONNECTIONLESS - if ( op->o_cldap ) { - ber_pvt_sb_udp_set_dst( conn->c_sb, &op->o_clientaddr ); - Debug( LDAP_DEBUG_TRACE, "UDP response to %s port %d\n", - inet_ntoa(((struct sockaddr_in *) - &op->o_clientaddr)->sin_addr ), - ((struct sockaddr_in *) &op->o_clientaddr)->sin_port, - 0 ); - } -#endif - send_ldap_response( conn, op, tag, msgid, err, matched, text, ref, - NULL, NULL, ctrls ); + NULL, NULL, NULL, ctrls ); Statslog( LDAP_DEBUG_STATS, - "conn=%ld op=%ld RESULT tag=%lu err=%ld text=%s\n", - (long) op->o_connid, (long) op->o_opid, - (long) tag, (long) err, text ? text : "" ); + "conn=%lu op=%lu RESULT tag=%lu err=%d text=%s\n", + op->o_connid, op->o_opid, tag, err, text ? text : "" ); if( tmp != NULL ) { - free(tmp); + ch_free(tmp); } } +void +send_ldap_sasl( + Connection *conn, + Operation *op, + ber_int_t err, + const char *matched, + const char *text, + BerVarray ref, + LDAPControl **ctrls, + struct berval *cred +) +{ + ber_tag_t tag; + ber_int_t msgid; + +#ifdef NEW_LOGGING + LDAP_LOG( OPERATION, ENTRY, + "send_ldap_sasl: conn %lu err=%d len=%lu\n", + op->o_connid, err, cred ? cred->bv_len : -1 ); +#else + Debug( LDAP_DEBUG_TRACE, "send_ldap_sasl: err=%d len=%ld\n", + err, cred ? (long) cred->bv_len : -1, NULL ); +#endif + + + tag = req2res( op->o_tag ); + msgid = (tag != LBER_SEQUENCE) ? op->o_msgid : 0; + + send_ldap_response( conn, op, tag, msgid, + err, matched, text, ref, + NULL, NULL, cred, ctrls ); +} + +void +send_ldap_extended( + Connection *conn, + Operation *op, + ber_int_t err, + const char *matched, + const char *text, + BerVarray refs, + const char *rspoid, + struct berval *rspdata, + LDAPControl **ctrls +) +{ + ber_tag_t tag; + ber_int_t msgid; + +#ifdef NEW_LOGGING + LDAP_LOG( OPERATION, ENTRY, + "send_ldap_extended: err=%d oid=%s len=%ld\n", + err, rspoid ? rspoid : "", + rspdata != NULL ? rspdata->bv_len : 0 ); +#else + Debug( LDAP_DEBUG_TRACE, + "send_ldap_extended err=%d oid=%s len=%ld\n", + err, + rspoid ? rspoid : "", + rspdata != NULL ? rspdata->bv_len : 0 ); +#endif + + + tag = req2res( op->o_tag ); + msgid = (tag != LBER_SEQUENCE) ? op->o_msgid : 0; + + send_ldap_response( conn, op, tag, msgid, + err, matched, text, refs, + rspoid, rspdata, NULL, ctrls ); +} + void send_search_result( @@ -425,7 +590,7 @@ send_search_result( ber_int_t err, const char *matched, const char *text, - struct berval **refs, + BerVarray refs, LDAPControl **ctrls, int nentries ) @@ -433,14 +598,27 @@ send_search_result( ber_tag_t tag; ber_int_t msgid; char *tmp = NULL; + assert( !LDAP_API_ERROR( err ) ); - Debug( LDAP_DEBUG_TRACE, "send_ldap_search_result %d:%s:%s\n", - err, matched ? matched : "", text ? text : "" ); + if (op->o_callback && op->o_callback->sc_sresult) { + op->o_callback->sc_sresult(conn, op, err, matched, text, refs, + ctrls, nentries); + return; + } - assert( err != LDAP_PARTIAL_RESULTS ); +#ifdef NEW_LOGGING + LDAP_LOG( OPERATION, ENTRY, + "send_search_result: err=%d matched=\"%s\" text=\"%s\"\n", + err, matched ? matched : "", text ? text : "" ); +#else + Debug( LDAP_DEBUG_TRACE, + "send_search_result: err=%d matched=\"%s\" text=\"%s\"\n", + err, matched ? matched : "", text ? text : "" ); +#endif - trim_refs_urls( refs ); + + assert( err != LDAP_PARTIAL_RESULTS ); if( op->o_protocol < LDAP_VERSION3 ) { /* send references in search results */ @@ -448,7 +626,7 @@ send_search_result( err = LDAP_PARTIAL_RESULTS; } - tmp = v2ref( refs ); + tmp = v2ref( refs, text ); text = tmp; refs = NULL; @@ -465,251 +643,556 @@ send_search_result( tag = req2res( op->o_tag ); msgid = (tag != LBER_SEQUENCE) ? op->o_msgid : 0; -#ifdef LDAP_CONNECTIONLESS - if ( op->o_cldap ) { - ber_pvt_sb_udp_set_dst( conn->c_sb, &op->o_clientaddr ); - Debug( LDAP_DEBUG_TRACE, "UDP response to %s port %d\n", - inet_ntoa(((struct sockaddr_in *) - &op->o_clientaddr)->sin_addr ), - ((struct sockaddr_in *) &op->o_clientaddr)->sin_port, - 0 ); - } -#endif - send_ldap_response( conn, op, tag, msgid, err, matched, text, refs, - NULL, NULL, ctrls ); + NULL, NULL, NULL, ctrls ); + + { + char nbuf[64]; + snprintf( nbuf, sizeof nbuf, "%d nentries=%d", err, nentries ); Statslog( LDAP_DEBUG_STATS, - "conn=%ld op=%ld SEARCH RESULT tag=%lu err=%ld text=%s\n", - (long) op->o_connid, (long) op->o_opid, - (long) tag, (long) err, text ? text : "" ); + "conn=%lu op=%lu SEARCH RESULT tag=%lu err=%s text=%s\n", + op->o_connid, op->o_opid, tag, nbuf, text ? text : "" ); + } + if (tmp != NULL) { + ch_free(tmp); + } } - int send_search_entry( Backend *be, Connection *conn, Operation *op, Entry *e, - char **attrs, + AttributeName *attrs, int attrsonly, LDAPControl **ctrls ) { - BerElement *ber; - Attribute *a; - int i, rc=-1, bytes; - AccessControl *acl; - char *edn; + char berbuf[LBER_ELEMENT_SIZEOF]; + BerElement *ber = (BerElement *)berbuf; + Attribute *a, *aa; + int i, j, rc=-1, bytes; + char *edn; int userattrs; int opattrs; + static AccessControlState acl_state_init = ACL_STATE_INIT; + AccessControlState acl_state; + + AttributeDescription *ad_entry = slap_schema.si_ad_entry; + + /* a_flags: array of flags telling if the i-th element will be + * returned or filtered out + * e_flags: array of a_flags + */ + char **e_flags = NULL; - Debug( LDAP_DEBUG_TRACE, "=> send_search_entry: \"%s\"\n", e->e_dn, 0, 0 ); + if (op->o_callback && op->o_callback->sc_sendentry) { + return op->o_callback->sc_sendentry( be, conn, op, e, attrs, + attrsonly, ctrls ); + } + +#ifdef NEW_LOGGING + LDAP_LOG( OPERATION, ENTRY, + "send_search_entry: conn %lu dn=\"%s\"%s\n", + op->o_connid, e->e_dn, attrsonly ? " (attrsOnly)" : "" ); +#else + Debug( LDAP_DEBUG_TRACE, + "=> send_search_entry: dn=\"%s\"%s\n", + e->e_dn, attrsonly ? " (attrsOnly)" : "", 0 ); +#endif if ( ! access_allowed( be, conn, op, e, - "entry", NULL, ACL_READ ) ) + ad_entry, NULL, ACL_READ, NULL ) ) { - Debug( LDAP_DEBUG_ACL, "acl: access to entry not allowed\n", +#ifdef NEW_LOGGING + LDAP_LOG( ACL, INFO, + "send_search_entry: conn %lu access to entry (%s) not allowed\n", + op->o_connid, e->e_dn, 0 ); +#else + Debug( LDAP_DEBUG_ACL, + "send_search_entry: access to entry not allowed\n", 0, 0, 0 ); +#endif + return( 1 ); } edn = e->e_ndn; - ber = ber_alloc_t( LBER_USE_DER ); + ber_init_w_nullc( ber, LBER_USE_DER ); - if ( ber == NULL ) { - Debug( LDAP_DEBUG_ANY, "ber_alloc failed\n", 0, 0, 0 ); - send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR, - NULL, "allocating BER error", NULL, NULL ); - goto error_return; +#ifdef LDAP_CONNECTIONLESS + if (conn->c_is_udp) { + rc = ber_write(ber, + (char *)&op->o_peeraddr, sizeof(struct sockaddr), 0); + if (rc != sizeof(struct sockaddr)) { +#ifdef NEW_LOGGING + LDAP_LOG( OPERATION, ERR, + "send_search_entry: conn %lu ber_write failed\n", + conn ? conn->c_connid : 0, 0, 0 ); +#else + Debug( LDAP_DEBUG_ANY, "ber_write failed\n", 0, 0, 0 ); +#endif + ber_free_buf( ber ); + return( 1 ); + } + } + if (conn->c_is_udp && op->o_protocol == LDAP_VERSION2) { + rc = ber_printf( ber, "{is{t{O{" /*}}}*/, + op->o_msgid, "", LDAP_RES_SEARCH_ENTRY, &e->e_name ); + } else +#endif /* LDAP_CONNECTIONLESS */ + { + rc = ber_printf( ber, "{it{O{" /*}}}*/, op->o_msgid, + LDAP_RES_SEARCH_ENTRY, &e->e_name ); } - - rc = ber_printf( ber, "{it{s{", op->o_msgid, - LDAP_RES_SEARCH_ENTRY, e->e_dn ); if ( rc == -1 ) { +#ifdef NEW_LOGGING + LDAP_LOG( OPERATION, ERR, + "send_search_entry: conn %lu ber_printf failed\n", + op->o_connid, 0, 0 ); +#else Debug( LDAP_DEBUG_ANY, "ber_printf failed\n", 0, 0, 0 ); - ber_free( ber, 1 ); - send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR, - NULL, "encoding dn error", NULL, NULL ); +#endif + + ber_free_buf( ber ); + send_ldap_result( conn, op, LDAP_OTHER, + NULL, "encoding DN error", NULL, NULL ); goto error_return; } /* check for special all user attributes ("*") type */ userattrs = ( attrs == NULL ) ? 1 - : charray_inlist( attrs, LDAP_ALL_USER_ATTRIBUTES ); + : an_find( attrs, &AllUser ); /* check for special all operational attributes ("+") type */ opattrs = ( attrs == NULL ) ? 0 - : charray_inlist( attrs, LDAP_ALL_OPERATIONAL_ATTRIBUTES ); + : an_find( attrs, &AllOper ); + + /* create an array of arrays of flags. Each flag corresponds + * to particular value of attribute and equals 1 if value matches + * to ValuesReturnFilter or 0 if not + */ + if ( op->vrFilter != NULL ) { + int k = 0; + size_t size; + + for ( a = e->e_attrs, i=0; a != NULL; a = a->a_next, i++ ) { + for ( j = 0; a->a_vals[j].bv_val != NULL; j++ ) k++; + } - for ( a = e->e_attrs; a != NULL; a = a->a_next ) { - regmatch_t matches[MAXREMATCHES]; + size = i * sizeof(char *) + k; + if ( size > 0 ) { + char *a_flags; + e_flags = SLAP_CALLOC ( 1, i * sizeof(char *) + k ); + if( e_flags == NULL ) { +#ifdef NEW_LOGGING + LDAP_LOG( OPERATION, ERR, + "send_search_entry: conn %lu SLAP_CALLOC failed\n", + conn ? conn->c_connid : 0, 0, 0 ); +#else + Debug( LDAP_DEBUG_ANY, + "send_search_entry: SLAP_CALLOC failed\n", 0, 0, 0 ); +#endif + ber_free( ber, 1 ); + + send_ldap_result( conn, op, LDAP_OTHER, + NULL, "memory error", + NULL, NULL ); + goto error_return; + } + a_flags = (char *)(e_flags + i); + memset( a_flags, 0, k ); + for ( a = e->e_attrs, i=0; a != NULL; a = a->a_next, i++ ) { + for ( j = 0; a->a_vals[j].bv_val != NULL; j++ ); + e_flags[i] = a_flags; + a_flags += j; + } + + rc = filter_matched_values(be, conn, op, e->e_attrs, &e_flags) ; + if ( rc == -1 ) { +#ifdef NEW_LOGGING + LDAP_LOG( OPERATION, ERR, + "send_search_entry: conn %lu matched values filtering failed\n", + conn ? conn->c_connid : 0, 0, 0 ); +#else + Debug( LDAP_DEBUG_ANY, + "matched values filtering failed\n", 0, 0, 0 ); +#endif + ber_free( ber, 1 ); + + send_ldap_result( conn, op, LDAP_OTHER, + NULL, "matched values filtering error", + NULL, NULL ); + goto error_return; + } + } + } + + for ( a = e->e_attrs, j = 0; a != NULL; a = a->a_next, j++ ) { + AttributeDescription *desc = a->a_desc; if ( attrs == NULL ) { - /* all addrs request, skip operational attributes */ - if( !opattrs && oc_check_operational_attr( a->a_type ) ) { + /* all attrs request, skip operational attributes */ + if( is_at_operational( desc->ad_type ) ) { continue; } } else { - /* specific addrs requested */ - if ( oc_check_operational_attr( a->a_type ) ) { - if( !opattrs && !charray_inlist( attrs, a->a_type ) ) - { + /* specific attrs requested */ + if ( is_at_operational( desc->ad_type ) ) { + if( !opattrs && !ad_inlist( desc, attrs ) ) { continue; } + } else { - if (!userattrs && !charray_inlist( attrs, a->a_type ) ) - { + if (!userattrs && !ad_inlist( desc, attrs ) ) { continue; } } } - acl = acl_get_applicable( be, op, e, a->a_type, - MAXREMATCHES, matches ); + acl_state = acl_state_init; - if ( ! acl_access_allowed( acl, a->a_type, be, conn, e, - NULL, op, ACL_READ, edn, matches ) ) + if ( ! access_allowed( be, conn, op, e, desc, NULL, + ACL_READ, &acl_state ) ) { +#ifdef NEW_LOGGING + LDAP_LOG( ACL, INFO, + "send_search_entry: conn %lu access to attribute %s not " + "allowed\n", op->o_connid, desc->ad_cname.bv_val, 0 ); +#else + Debug( LDAP_DEBUG_ACL, "acl: " + "access to attribute %s not allowed\n", + desc->ad_cname.bv_val, 0, 0 ); +#endif continue; } - if (( rc = ber_printf( ber, "{s[" /*]}*/ , a->a_type )) == -1 ) { + if (( rc = ber_printf( ber, "{O[" /*]}*/ , &desc->ad_cname )) == -1 ) { +#ifdef NEW_LOGGING + LDAP_LOG( OPERATION, ERR, + "send_search_entry: conn %lu ber_printf failed\n", + op->o_connid, 0, 0 ); +#else Debug( LDAP_DEBUG_ANY, "ber_printf failed\n", 0, 0, 0 ); - ber_free( ber, 1 ); - send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR, - NULL, "encoding type error", NULL, NULL ); +#endif + + ber_free_buf( ber ); + send_ldap_result( conn, op, LDAP_OTHER, + NULL, "encoding description error", NULL, NULL ); goto error_return; } if ( ! attrsonly ) { - for ( i = 0; a->a_vals[i] != NULL; i++ ) { - if ( a->a_syntax & SYNTAX_DN && - ! acl_access_allowed( acl, a->a_type, be, conn, e, a->a_vals[i], op, - ACL_READ, edn, matches) ) + for ( i = 0; a->a_vals[i].bv_val != NULL; i++ ) { + if ( ! access_allowed( be, conn, op, e, + desc, &a->a_vals[i], ACL_READ, &acl_state ) ) { +#ifdef NEW_LOGGING + LDAP_LOG( ACL, INFO, + "send_search_entry: conn %lu " + "access to attribute %s, value %d not allowed\n", + op->o_connid, desc->ad_cname.bv_val, i ); +#else + Debug( LDAP_DEBUG_ACL, + "acl: access to attribute %s, " + "value %d not allowed\n", + desc->ad_cname.bv_val, i, 0 ); +#endif + continue; } - if (( rc = ber_printf( ber, "O", a->a_vals[i] )) == -1 ) { + if ( op->vrFilter && e_flags[j][i] == 0 ){ + continue; + } + + if (( rc = ber_printf( ber, "O", &a->a_vals[i] )) == -1 ) { +#ifdef NEW_LOGGING + LDAP_LOG( OPERATION, ERR, + "send_search_entry: conn %lu " + "ber_printf failed.\n", op->o_connid, 0, 0 ); +#else Debug( LDAP_DEBUG_ANY, "ber_printf failed\n", 0, 0, 0 ); - ber_free( ber, 1 ); - send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR, - NULL, "encoding value error", NULL, NULL ); +#endif + + ber_free_buf( ber ); + send_ldap_result( conn, op, LDAP_OTHER, + NULL, "encoding values error", + NULL, NULL ); goto error_return; } } } - if (( rc = ber_printf( ber, /*{[*/ "]}" )) == -1 ) { + if (( rc = ber_printf( ber, /*{[*/ "]N}" )) == -1 ) { +#ifdef NEW_LOGGING + LDAP_LOG( OPERATION, ERR, + "send_search_entry: conn %lu ber_printf failed\n", + op->o_connid, 0, 0 ); +#else Debug( LDAP_DEBUG_ANY, "ber_printf failed\n", 0, 0, 0 ); - ber_free( ber, 1 ); - send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR, +#endif + + ber_free_buf( ber ); + send_ldap_result( conn, op, LDAP_OTHER, NULL, "encode end error", NULL, NULL ); goto error_return; } } -#ifdef SLAPD_SCHEMA_DN /* eventually will loop through generated operational attributes */ /* only have subschemaSubentry implemented */ - a = backend_subschemasubentry( be ); + aa = backend_operational( be, conn, op, e, attrs, opattrs ); + + if ( aa != NULL && op->vrFilter != NULL ) { + int k = 0; + size_t size; + + for ( a = aa, i=0; a != NULL; a = a->a_next, i++ ) { + for ( j = 0; a->a_vals[j].bv_val != NULL; j++ ) k++; + } + + size = i * sizeof(char *) + k; + if ( size > 0 ) { + char *a_flags, **tmp; + + /* + * Reuse previous memory - we likely need less space + * for operational attributes + */ + tmp = SLAP_REALLOC ( e_flags, i * sizeof(char *) + k ); + if ( tmp == NULL ) { +#ifdef NEW_LOGGING + LDAP_LOG( OPERATION, ERR, + "send_search_entry: conn %lu " + "not enough memory " + "for matched values filtering\n", + conn ? conn->c_connid : 0, 0, 0); +#else + Debug( LDAP_DEBUG_ANY, + "send_search_entry: conn %lu " + "not enough memory " + "for matched values filtering\n", + conn ? conn->c_connid : 0, 0, 0 ); +#endif + ber_free( ber, 1 ); - do { - regmatch_t matches[MAXREMATCHES]; + send_ldap_result( conn, op, LDAP_NO_MEMORY, + NULL, NULL, NULL, NULL ); + goto error_return; + } + e_flags = tmp; + a_flags = (char *)(e_flags + i); + memset( a_flags, 0, k ); + for ( a = aa, i=0; a != NULL; a = a->a_next, i++ ) { + for ( j = 0; a->a_vals[j].bv_val != NULL; j++ ); + e_flags[i] = a_flags; + a_flags += j; + } + rc = filter_matched_values(be, conn, op, aa, &e_flags) ; + + if ( rc == -1 ) { +#ifdef NEW_LOGGING + LDAP_LOG( OPERATION, ERR, + "send_search_entry: conn %lu " + "matched values filtering failed\n", + conn ? conn->c_connid : 0, 0, 0); +#else + Debug( LDAP_DEBUG_ANY, + "matched values filtering failed\n", 0, 0, 0 ); +#endif + ber_free( ber, 1 ); + + send_ldap_result( conn, op, LDAP_OTHER, + NULL, "matched values filtering error", + NULL, NULL ); + goto error_return; + } + } + } + + for (a = aa, j=0; a != NULL; a = a->a_next, j++ ) { + AttributeDescription *desc = a->a_desc; if ( attrs == NULL ) { - /* all addrs request, skip operational attributes */ - if( !opattrs && oc_check_operational_attr( a->a_type ) ) { + /* all attrs request, skip operational attributes */ + if( is_at_operational( desc->ad_type ) ) { continue; } } else { - /* specific addrs requested */ - if ( oc_check_operational_attr( a->a_type ) ) { - if( !opattrs && !charray_inlist( attrs, a->a_type ) ) - { + /* specific attrs requested */ + if( is_at_operational( desc->ad_type ) ) { + if( !opattrs && !ad_inlist( desc, attrs ) ) { continue; } } else { - if (!userattrs && !charray_inlist( attrs, a->a_type ) ) + if (!userattrs && !ad_inlist( desc, attrs ) ) { continue; } } } - acl = acl_get_applicable( be, op, e, a->a_type, - MAXREMATCHES, matches ); + acl_state = acl_state_init; - if ( ! acl_access_allowed( acl, a->a_type, be, conn, e, - NULL, op, ACL_READ, edn, matches ) ) + if ( ! access_allowed( be, conn, op, e, desc, NULL, + ACL_READ, &acl_state ) ) { +#ifdef NEW_LOGGING + LDAP_LOG( ACL, INFO, + "send_search_entry: conn %lu " + "access to attribute %s not allowed\n", + op->o_connid, desc->ad_cname.bv_val, 0 ); +#else + Debug( LDAP_DEBUG_ACL, "acl: access to attribute %s " + "not allowed\n", + desc->ad_cname.bv_val, 0, 0 ); +#endif + continue; } - if (( rc = ber_printf( ber, "{s[" /*]}*/ , a->a_type )) == -1 ) { + rc = ber_printf( ber, "{O[" /*]}*/ , &desc->ad_cname ); + if ( rc == -1 ) { +#ifdef NEW_LOGGING + LDAP_LOG( OPERATION, ERR, + "send_search_entry: conn %lu " + "ber_printf failed\n", op->o_connid, 0, 0 ); +#else Debug( LDAP_DEBUG_ANY, "ber_printf failed\n", 0, 0, 0 ); - ber_free( ber, 1 ); - send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR, - NULL, "encoding type error", NULL, NULL ); +#endif + + ber_free_buf( ber ); + send_ldap_result( conn, op, LDAP_OTHER, + NULL, "encoding description error", NULL, NULL ); + + attrs_free( aa ); goto error_return; } if ( ! attrsonly ) { - for ( i = 0; a->a_vals[i] != NULL; i++ ) { - if ( a->a_syntax & SYNTAX_DN && - ! acl_access_allowed( acl, a->a_type, be, conn, e, a->a_vals[i], op, - ACL_READ, edn, matches) ) + for ( i = 0; a->a_vals[i].bv_val != NULL; i++ ) { + if ( ! access_allowed( be, conn, op, e, + desc, &a->a_vals[i], ACL_READ, &acl_state ) ) { +#ifdef NEW_LOGGING + LDAP_LOG( ACL, INFO, + "send_search_entry: conn %lu " + "access to %s, value %d not allowed\n", + op->o_connid, desc->ad_cname.bv_val, i ); +#else + Debug( LDAP_DEBUG_ACL, + "acl: access to attribute %s, " + "value %d not allowed\n", + desc->ad_cname.bv_val, i, 0 ); +#endif + + continue; + } + + if ( op->vrFilter && e_flags[j][i] == 0 ){ continue; } - if (( rc = ber_printf( ber, "O", a->a_vals[i] )) == -1 ) { + if (( rc = ber_printf( ber, "O", &a->a_vals[i] )) == -1 ) { +#ifdef NEW_LOGGING + LDAP_LOG( OPERATION, ERR, + "send_search_entry: conn %lu ber_printf failed\n", + op->o_connid, 0, 0 ); +#else Debug( LDAP_DEBUG_ANY, "ber_printf failed\n", 0, 0, 0 ); - ber_free( ber, 1 ); - send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR, - NULL, "encoding value error", NULL, NULL ); +#endif + + ber_free_buf( ber ); + send_ldap_result( conn, op, LDAP_OTHER, + NULL, "encoding values error", + NULL, NULL ); + + attrs_free( aa ); goto error_return; } } } - if (( rc = ber_printf( ber, /*{[*/ "]}" )) == -1 ) { + if (( rc = ber_printf( ber, /*{[*/ "]N}" )) == -1 ) { +#ifdef NEW_LOGGING + LDAP_LOG( OPERATION, ERR, + "send_search_entry: conn %lu ber_printf failed\n", + op->o_connid, 0, 0 ); +#else Debug( LDAP_DEBUG_ANY, "ber_printf failed\n", 0, 0, 0 ); - ber_free( ber, 1 ); - send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR, +#endif + + ber_free_buf( ber ); + send_ldap_result( conn, op, LDAP_OTHER, NULL, "encode end error", NULL, NULL ); + + attrs_free( aa ); goto error_return; } - } while (0); -#endif + } - rc = ber_printf( ber, /*{{{*/ "}}}" ); + /* free e_flags */ + if ( e_flags ) { + free( e_flags ); + e_flags = NULL; + } + + attrs_free( aa ); + rc = ber_printf( ber, /*{{*/ "}N}" ); + + if( rc != -1 && ctrls != NULL ) { + rc = send_ldap_controls( ber, ctrls ); + } + if( rc != -1 ) { + rc = ber_printf( ber, /*{*/ "N}" ); + } + +#ifdef LDAP_CONNECTIONLESS + if (conn->c_is_udp && op->o_protocol == LDAP_VERSION2 && rc != -1) { + rc = ber_printf( ber, "}" ); + } +#endif if ( rc == -1 ) { +#ifdef NEW_LOGGING + LDAP_LOG( OPERATION, ERR, + "send_search_entry: conn %lu ber_printf failed\n", + op->o_connid, 0, 0 ); +#else Debug( LDAP_DEBUG_ANY, "ber_printf failed\n", 0, 0, 0 ); - ber_free( ber, 1 ); - send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR, +#endif + + ber_free_buf( ber ); + send_ldap_result( conn, op, LDAP_OTHER, NULL, "encode entry end error", NULL, NULL ); return( 1 ); } - bytes = send_ldap_ber( conn, ber ); - ber_free( ber, 1 ); + bytes = op->o_noop ? 0 : send_ldap_ber( conn, ber ); + ber_free_buf( ber ); if ( bytes < 0 ) { +#ifdef NEW_LOGGING + LDAP_LOG( OPERATION, ERR, + "send_search_entry: conn %lu ber write failed.\n", + op->o_connid, 0, 0 ); +#else Debug( LDAP_DEBUG_ANY, - "send_ldap_response: ber write failed\n", + "send_search_entry: ber write failed\n", 0, 0, 0 ); +#endif + return -1; } @@ -719,14 +1202,20 @@ send_search_entry( num_pdu_sent++; ldap_pvt_thread_mutex_unlock( &num_sent_mutex ); - Statslog( LDAP_DEBUG_STATS2, "conn=%ld op=%ld ENTRY dn=\"%s\"\n", - (long) conn->c_connid, (long) op->o_opid, e->e_dn, 0, 0 ); + Statslog( LDAP_DEBUG_STATS2, "conn=%lu op=%lu ENTRY dn=\"%s\"\n", + conn->c_connid, op->o_opid, e->e_dn, 0, 0 ); +#ifdef NEW_LOGGING + LDAP_LOG( OPERATION, ENTRY, + "send_search_entry: conn %lu exit.\n", op->o_connid, 0, 0 ); +#else Debug( LDAP_DEBUG_TRACE, "<= send_search_entry\n", 0, 0, 0 ); +#endif rc = 0; error_return:; + if ( e_flags ) free( e_flags ); return( rc ); } @@ -736,75 +1225,119 @@ send_search_reference( Connection *conn, Operation *op, Entry *e, - struct berval **refs, - int scope, + BerVarray refs, LDAPControl **ctrls, - struct berval ***v2refs + BerVarray *v2refs ) { - BerElement *ber; + char berbuf[LBER_ELEMENT_SIZEOF]; + BerElement *ber = (BerElement *)berbuf; int rc; int bytes; - Debug( LDAP_DEBUG_TRACE, "=> send_search_reference (%s)\n", e->e_dn, 0, 0 ); + AttributeDescription *ad_ref = slap_schema.si_ad_ref; + AttributeDescription *ad_entry = slap_schema.si_ad_entry; - if ( ! access_allowed( be, conn, op, e, - "entry", NULL, ACL_READ ) ) +#ifdef NEW_LOGGING + LDAP_LOG( OPERATION, ENTRY, + "send_search_reference: conn %lu dn=\"%s\"\n", + op->o_connid, e ? e->e_dn : "(null)", 0 ); +#else + Debug( LDAP_DEBUG_TRACE, + "=> send_search_reference: dn=\"%s\"\n", + e ? e->e_dn : "(null)", 0, 0 ); +#endif + + + if ( e && ! access_allowed( be, conn, op, e, + ad_entry, NULL, ACL_READ, NULL ) ) { +#ifdef NEW_LOGGING + LDAP_LOG( ACL, INFO, + "send_search_reference: conn %lu " + "access to entry %s not allowed\n", + op->o_connid, e->e_dn, 0 ); +#else Debug( LDAP_DEBUG_ACL, "send_search_reference: access to entry not allowed\n", 0, 0, 0 ); +#endif + return( 1 ); } - if ( ! access_allowed( be, conn, op, e, - "ref", NULL, ACL_READ ) ) + if ( e && ! access_allowed( be, conn, op, e, + ad_ref, NULL, ACL_READ, NULL ) ) { +#ifdef NEW_LOGGING + LDAP_LOG( ACL, INFO, + "send_search_reference: conn %lu access " + "to reference not allowed.\n", op->o_connid, 0, 0 ); +#else Debug( LDAP_DEBUG_ACL, - "send_search_reference: access to reference not allowed\n", + "send_search_reference: access " + "to reference not allowed\n", 0, 0, 0 ); +#endif + return( 1 ); } if( refs == NULL ) { +#ifdef NEW_LOGGING + LDAP_LOG( OPERATION, ERR, + "send_search_reference: conn %lu null ref in (%s).\n", + op->o_connid, e ? e->e_dn : "(null)", 0 ); +#else Debug( LDAP_DEBUG_ANY, "send_search_reference: null ref in (%s)\n", - e->e_dn, 0, 0 ); + e ? e->e_dn : "(null)", 0, 0 ); +#endif + return( 1 ); } if( op->o_protocol < LDAP_VERSION3 ) { /* save the references for the result */ - if( *refs == NULL ) { - value_add( v2refs, refs ); + if( refs[0].bv_val != NULL ) { + if( value_add( v2refs, refs ) ) + return LDAP_OTHER; } return 0; } - ber = ber_alloc_t( LBER_USE_DER ); + ber_init_w_nullc( ber, LBER_USE_DER ); - if ( ber == NULL ) { - Debug( LDAP_DEBUG_ANY, - "send_search_reference: ber_alloc failed\n", 0, 0, 0 ); - send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR, - NULL, "alloc BER error", NULL, NULL ); - return -1; + rc = ber_printf( ber, "{it{W}" /*"}"*/ , op->o_msgid, + LDAP_RES_SEARCH_REFERENCE, refs ); + + if( rc != -1 && ctrls != NULL ) { + rc = send_ldap_controls( ber, ctrls ); } - rc = ber_printf( ber, "{it{V}}", op->o_msgid, - LDAP_RES_SEARCH_REFERENCE, refs ); + if( rc != -1 ) { + rc = ber_printf( ber, /*"{"*/ "N}", op->o_msgid, + LDAP_RES_SEARCH_REFERENCE, refs ); + } if ( rc == -1 ) { +#ifdef NEW_LOGGING + LDAP_LOG( OPERATION, ERR, + "send_search_reference: conn %lu " + "ber_printf failed.\n", op->o_connid, 0, 0 ); +#else Debug( LDAP_DEBUG_ANY, "send_search_reference: ber_printf failed\n", 0, 0, 0 ); - ber_free( ber, 1 ); - send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR, - NULL, "encode dn error", NULL, NULL ); +#endif + + ber_free_buf( ber ); + send_ldap_result( conn, op, LDAP_OTHER, + NULL, "encode DN error", NULL, NULL ); return -1; } - bytes = send_ldap_ber( conn, ber ); - ber_free( ber, 1 ); + bytes = op->o_noop ? 0 : send_ldap_ber( conn, ber ); + ber_free_buf( ber ); ldap_pvt_thread_mutex_lock( &num_sent_mutex ); num_bytes_sent += bytes; @@ -812,10 +1345,15 @@ send_search_reference( num_pdu_sent++; ldap_pvt_thread_mutex_unlock( &num_sent_mutex ); - Statslog( LDAP_DEBUG_STATS2, "conn=%ld op=%ld ENTRY dn=\"%s\"\n", - (long) conn->c_connid, (long) op->o_opid, e->e_dn, 0, 0 ); + Statslog( LDAP_DEBUG_STATS2, "conn=%lu op=%lu REF dn=\"%s\"\n", + conn->c_connid, op->o_opid, e ? e->e_dn : "(null)", 0, 0 ); +#ifdef NEW_LOGGING + LDAP_LOG( OPERATION, ENTRY, + "send_search_reference: conn %lu exit.\n", op->o_connid, 0, 0 ); +#else Debug( LDAP_DEBUG_TRACE, "<= send_search_reference\n", 0, 0, 0 ); +#endif return 0; } @@ -837,8 +1375,13 @@ str2result( *info = NULL; if ( strncasecmp( s, "RESULT", 6 ) != 0 ) { +#ifdef NEW_LOGGING + LDAP_LOG( OPERATION, INFO, + "str2result: (%s), expecting \"RESULT\"\n", s, 0, 0 ); +#else Debug( LDAP_DEBUG_ANY, "str2result (%s) expecting \"RESULT\"\n", s, 0, 0 ); +#endif return( -1 ); } @@ -866,8 +1409,13 @@ str2result( *info = c; } } else { +#ifdef NEW_LOGGING + LDAP_LOG( OPERATION, INFO, "str2result: (%s) unknown.\n", s, 0, 0 ); +#else Debug( LDAP_DEBUG_ANY, "str2result (%s) unknown\n", s, 0, 0 ); +#endif + rc = -1; } }