From eec370af5217b6c2458362472ebe5271c8402524 Mon Sep 17 00:00:00 2001
From: Luke Howard <lukeh@openldap.org>
Date: Thu, 23 Jan 2003 15:12:53 +0000
Subject: [PATCH] LDAPv3 over UDP disposition is now compatible with Active
 Directory Stubs for PermitModify/NoReferrals controls; implementation coming
 soon

---
 servers/slapd/connection.c |  33 +++++++++
 servers/slapd/operation.c  |   8 +++
 servers/slapd/result.c     | 143 ++++++++++++++++++++++++-------------
 servers/slapd/slap.h       |   5 ++
 4 files changed, 139 insertions(+), 50 deletions(-)

diff --git a/servers/slapd/connection.c b/servers/slapd/connection.c
index 62328798c8..06abd15472 100644
--- a/servers/slapd/connection.c
+++ b/servers/slapd/connection.c
@@ -1413,7 +1413,40 @@ connection_input(
 	    ber_str2bv( cdn, 0, 1, &op->o_dn );
 	    op->o_protocol = LDAP_VERSION2;
 	}
+	if (conn->c_is_udp) {
+		int rc;
+
+		op->o_res_ber = ber_alloc_t( LBER_USE_DER );
+		if (op->o_res_ber == NULL)
+			return 1;
+
+		rc = ber_write(op->o_res_ber, (char *)&op->o_peeraddr, sizeof(struct sockaddr), 0);
+		if (rc != sizeof(struct sockaddr)) {
+#ifdef NEW_LOGGING
+			LDAP_LOG( CONNECTION, INFO, 
+				"connection_input: conn %lu  ber_write failed\n",
+				conn->c_connid, 0, 0 );
+#else
+			Debug( LDAP_DEBUG_ANY, "ber_write failed\n", 0, 0, 0 );
+#endif
+			return 1;
+		}
+
+		if (conn->c_protocol == LDAP_VERSION2) {
+			rc = ber_printf(op->o_res_ber, "{i{" /*}}*/, op->o_msgid);
+			if (rc == -1) {
+#ifdef NEW_LOGGING
+				LDAP_LOG( CONNECTION, INFO, 
+					"connection_input: conn %lu  put outer sequence failed\n",
+					conn->c_connid, 0, 0 );
+#else
+				Debug( LDAP_DEBUG_ANY, "ber_write failed\n", 0, 0, 0 );
 #endif
+				return rc;
+			}
+		}
+	}
+#endif /* LDAP_CONNECTIONLESS */
 
 	if ( conn->c_conn_state == SLAP_C_BINDING
 		|| conn->c_conn_state == SLAP_C_CLOSING )
diff --git a/servers/slapd/operation.c b/servers/slapd/operation.c
index de6dd65ff4..7f90af431d 100644
--- a/servers/slapd/operation.c
+++ b/servers/slapd/operation.c
@@ -38,6 +38,11 @@ slap_op_free( Operation *op )
 		ldap_controls_free( op->o_ctrls );
 	}
 
+#ifdef LDAP_CONNECTIONLESS
+	if ( op->o_res_ber != NULL ) {
+		ber_free( op->o_res_ber, 1 );
+	}
+#endif
 #ifdef LDAP_CLIENT_UPDATE
 	if ( op->o_clientupdate_state.bv_val != NULL ) {
 		free( op->o_clientupdate_state.bv_val );
@@ -71,6 +76,9 @@ slap_op_alloc(
 
 	op->o_time = slap_get_time();
 	op->o_opid = id;
+#ifdef LDAP_CONNECTIONLESS
+	op->o_res_ber = NULL;
+#endif
 
 #if defined( LDAP_SLAPI )
 	op->o_pb = slapi_pblock_new();
diff --git a/servers/slapd/result.c b/servers/slapd/result.c
index 2f9374e828..1d87d21506 100644
--- a/servers/slapd/result.c
+++ b/servers/slapd/result.c
@@ -241,6 +241,12 @@ send_ldap_response(
 			text, ref, resoid, resdata, sasldata, ctrls );
 		return;
 	}
+		
+#ifdef LDAP_CONNECTIONLESS
+	if (conn->c_is_udp)
+		ber = op->o_res_ber;
+	else
+#endif
 
 	ber_init_w_nullc( ber, LBER_USE_DER );
 
@@ -268,27 +274,12 @@ send_ldap_response(
 	}
 
 #ifdef LDAP_CONNECTIONLESS
-	if( conn->c_is_udp ) {
-	    rc = ber_write(ber,
-			(char *)&op->o_peeraddr, sizeof(struct sockaddr), 0);
-	    if (rc != sizeof(struct sockaddr)) {
-#ifdef NEW_LOGGING
-		LDAP_LOG( OPERATION, ERR, 
-			"send_ldap_response: conn %lu  ber_write failed\n",
-			conn ? conn->c_connid : 0 , 0, 0);
-#else
-		Debug( LDAP_DEBUG_ANY, "ber_write failed\n", 0, 0, 0 );
-#endif
-		ber_free_buf( ber );
-		return;
-	    }
-	}
-	if (conn->c_is_udp && op->o_protocol == LDAP_VERSION2) {
-	    rc = ber_printf( ber, "{is{t{ess" /*"}}}"*/,
-		msgid, "", tag, err,
+	if (conn->c_is_udp && conn->c_protocol == LDAP_VERSION2) {
+		rc = ber_printf( ber, "t{ess" /*"}}"*/,
+			tag, err,
 		matched == NULL ? "" : matched,
 		text == NULL ? "" : text );
-	} else
+	} else 
 #endif
 	{
 	    rc = ber_printf( ber, "{it{ess" /*"}}"*/,
@@ -334,12 +325,6 @@ send_ldap_response(
 		rc = ber_printf( ber, /*"{"*/ "N}" );
 	}
 
-#ifdef LDAP_CONNECTIONLESS
-	if( conn->c_is_udp && op->o_protocol == LDAP_VERSION2 && rc != -1 ) {
-		rc = ber_printf( ber, /*"{"*/ "N}" );
-	}
-#endif
-
 	if ( rc == -1 ) {
 #ifdef NEW_LOGGING
 		LDAP_LOG( OPERATION, ERR, 
@@ -349,12 +334,18 @@ send_ldap_response(
 		Debug( LDAP_DEBUG_ANY, "ber_printf failed\n", 0, 0, 0 );
 #endif
 
+#ifdef LDAP_CONNECTIONLESS
+		if (conn->c_is_udp == 0)
+#endif
 		ber_free_buf( ber );
 		return;
 	}
 
 	/* send BER */
 	bytes = send_ldap_ber( conn, ber );
+#ifdef LDAP_CONNECTIONLESS
+	if (conn->c_is_udp == 0)
+#endif
 	ber_free_buf( ber );
 
 	if ( bytes < 0 ) {
@@ -489,6 +480,9 @@ slap_send_ldap_result(
 	assert( err != LDAP_PARTIAL_RESULTS );
 
 	if ( err == LDAP_REFERRAL ) {
+		if( op->o_noreferrals ) {
+			ref = NULL;
+		}
 		if( ref == NULL ) {
 			err = LDAP_NO_SUCH_OBJECT;
 		} else if ( op->o_protocol < LDAP_VERSION3 ) {
@@ -733,29 +727,19 @@ slap_send_search_entry(
 
 	edn = e->e_ndn;
 
+#ifdef LDAP_CONNECTIONLESS
+	if (conn->c_is_udp)
+	    ber = op->o_res_ber;
+	else
+#endif
 	ber_init_w_nullc( ber, LBER_USE_DER );
 
 #ifdef LDAP_CONNECTIONLESS
-	if (conn->c_is_udp) {
-	    rc = ber_write(ber,
-			(char *)&op->o_peeraddr, sizeof(struct sockaddr), 0);
-	    if (rc != sizeof(struct sockaddr)) {
-#ifdef NEW_LOGGING
-			LDAP_LOG( OPERATION, ERR, 
-				"send_search_entry: conn %lu  ber_write failed\n",
-				conn ? conn->c_connid : 0, 0, 0 );
-#else
-			Debug( LDAP_DEBUG_ANY, "ber_write failed\n", 0, 0, 0 );
-#endif
-			ber_free_buf( ber );
-			return( 1 );
-	    }
-	}
-	if (conn->c_is_udp && op->o_protocol == LDAP_VERSION2) {
-	    rc = ber_printf( ber, "{is{t{O{" /*}}}*/,
-		op->o_msgid, "", LDAP_RES_SEARCH_ENTRY, &e->e_name );
+	if (conn->c_is_udp && conn->c_protocol == LDAP_VERSION2) {
+	    rc = ber_printf(ber, "t{0{" /*}}*/,
+		LDAP_RES_SEARCH_ENTRY, &e->e_name);
 	} else
-#endif /* LDAP_CONNECTIONLESS */
+#endif
 	{
 	    rc = ber_printf( ber, "{it{O{" /*}}}*/, op->o_msgid,
 		LDAP_RES_SEARCH_ENTRY, &e->e_name );
@@ -770,6 +754,9 @@ slap_send_search_entry(
 		Debug( LDAP_DEBUG_ANY, "ber_printf failed\n", 0, 0, 0 );
 #endif
 
+#ifdef LDAP_CONNECTIONLESS
+		if (conn->c_is_udp == 0)
+#endif
 		ber_free_buf( ber );
 		send_ldap_result( conn, op, LDAP_OTHER,
 		    NULL, "encoding DN error", NULL, NULL );
@@ -833,6 +820,9 @@ slap_send_search_entry(
 #else
 		    	Debug( LDAP_DEBUG_ANY,
 					"matched values filtering failed\n", 0, 0, 0 );
+#endif
+#ifdef LDAP_CONNECTIONLESS
+			if (conn->c_is_udp == 0)
 #endif
 				ber_free( ber, 1 );
 	
@@ -891,6 +881,9 @@ slap_send_search_entry(
 			Debug( LDAP_DEBUG_ANY, "ber_printf failed\n", 0, 0, 0 );
 #endif
 
+#ifdef LDAP_CONNECTIONLESS
+			if (conn->c_is_udp == 0)
+#endif
 			ber_free_buf( ber );
 			send_ldap_result( conn, op, LDAP_OTHER,
 			    NULL, "encoding description error", NULL, NULL );
@@ -931,6 +924,9 @@ slap_send_search_entry(
 					    "ber_printf failed\n", 0, 0, 0 );
 #endif
 
+#ifdef LDAP_CONNECTIONLESS
+					if (conn->c_is_udp == 0)
+#endif
 					ber_free_buf( ber );
 					send_ldap_result( conn, op, LDAP_OTHER,
 						NULL, "encoding values error",
@@ -949,6 +945,9 @@ slap_send_search_entry(
 			Debug( LDAP_DEBUG_ANY, "ber_printf failed\n", 0, 0, 0 );
 #endif
 
+#ifdef LDAP_CONNECTIONLESS
+			if (conn->c_is_udp == 0)
+#endif
 			ber_free_buf( ber );
 			send_ldap_result( conn, op, LDAP_OTHER,
 			    NULL, "encode end error", NULL, NULL );
@@ -1016,6 +1015,9 @@ slap_send_search_entry(
 #else
 			    	Debug( LDAP_DEBUG_ANY,
 					"matched values filtering failed\n", 0, 0, 0 );
+#endif
+#ifdef LDAP_CONNECTIONLESS
+			if (conn->c_is_udp == 0)
 #endif
 				ber_free( ber, 1 );
 	
@@ -1077,6 +1079,9 @@ slap_send_search_entry(
 			Debug( LDAP_DEBUG_ANY, "ber_printf failed\n", 0, 0, 0 );
 #endif
 
+#ifdef LDAP_CONNECTIONLESS
+			if (conn->c_is_udp == 0)
+#endif
 			ber_free_buf( ber );
 			send_ldap_result( conn, op, LDAP_OTHER,
 			    NULL, "encoding description error", NULL, NULL );
@@ -1119,6 +1124,9 @@ slap_send_search_entry(
 					    "ber_printf failed\n", 0, 0, 0 );
 #endif
 
+#ifdef LDAP_CONNECTIONLESS
+					if (conn->c_is_udp == 0)
+#endif
 					ber_free_buf( ber );
 					send_ldap_result( conn, op, LDAP_OTHER,
 						NULL, "encoding values error", 
@@ -1139,6 +1147,9 @@ slap_send_search_entry(
 			Debug( LDAP_DEBUG_ANY, "ber_printf failed\n", 0, 0, 0 );
 #endif
 
+#ifdef LDAP_CONNECTIONLESS
+			if (conn->c_is_udp == 0)
+#endif
 			ber_free_buf( ber );
 			send_ldap_result( conn, op, LDAP_OTHER,
 			    NULL, "encode end error", NULL, NULL );
@@ -1204,11 +1215,6 @@ slap_send_search_entry(
 		rc = ber_printf( ber, /*{*/ "N}" );
 	}
 
-#ifdef LDAP_CONNECTIONLESS
-	if (conn->c_is_udp && op->o_protocol == LDAP_VERSION2 && rc != -1) {
-		rc = ber_printf( ber, "}" );
-	}
-#endif
 	if ( rc == -1 ) {
 #ifdef NEW_LOGGING
 		LDAP_LOG( OPERATION, ERR, 
@@ -1218,12 +1224,18 @@ slap_send_search_entry(
 		Debug( LDAP_DEBUG_ANY, "ber_printf failed\n", 0, 0, 0 );
 #endif
 
+#ifdef LDAP_CONNECTIONLESS
+		if (conn->c_is_udp == 0)
+#endif
 		ber_free_buf( ber );
 		send_ldap_result( conn, op, LDAP_OTHER,
 			NULL, "encode entry end error", NULL, NULL );
 		return( 1 );
 	}
 
+#ifdef LDAP_CONNECTIONLESS
+	if (conn->c_is_udp == 0) {
+#endif
 	bytes = op->o_noop ? 0 : send_ldap_ber( conn, ber );
 	ber_free_buf( ber );
 
@@ -1247,6 +1259,10 @@ slap_send_search_entry(
 	num_pdu_sent++;
 	ldap_pvt_thread_mutex_unlock( &num_sent_mutex );
 
+#ifdef LDAP_CONNECTIONLESS
+	}
+#endif
+
 	Statslog( LDAP_DEBUG_STATS2, "conn=%lu op=%lu ENTRY dn=\"%s\"\n",
 	    conn->c_connid, op->o_opid, e->e_dn, 0, 0 );
 
@@ -1293,7 +1309,6 @@ slap_send_search_reference(
 		e ? e->e_dn : "(null)", 0, 0 );
 #endif
 
-
 	if (  e && ! access_allowed( be, conn, op, e,
 		ad_entry, NULL, ACL_READ, NULL ) )
 	{
@@ -1328,6 +1343,20 @@ slap_send_search_reference(
 		return( 1 );
 	}
 
+	if( op->o_noreferrals ) {
+#ifdef NEW_LOGGING
+		LDAP_LOG( OPERATION, ERR, 
+			"send_search_reference: conn %lu noreferrals control in (%s).\n",
+			op->o_connid, e->e_dn, 0 );
+#else
+		Debug( LDAP_DEBUG_ANY,
+			"send_search_reference: noreferrals control in (%s)\n", 
+			e->e_dn, 0, 0 );
+#endif
+
+		return( 0 );
+	}
+
 	if( refs == NULL ) {
 #ifdef NEW_LOGGING
 		LDAP_LOG( OPERATION, ERR, 
@@ -1351,6 +1380,11 @@ slap_send_search_reference(
 		return 0;
 	}
 
+#ifdef LDAP_CONNECTIONLESS
+	if (conn->c_is_udp)
+		ber = op->o_res_ber;
+	else
+#endif
 	ber_init_w_nullc( ber, LBER_USE_DER );
 
 	rc = ber_printf( ber, "{it{W}" /*"}"*/ , op->o_msgid,
@@ -1375,12 +1409,18 @@ slap_send_search_reference(
 			"send_search_reference: ber_printf failed\n", 0, 0, 0 );
 #endif
 
+#ifdef LDAP_CONNECTIONLESS
+		if (conn->c_is_udp == 0)
+#endif
 		ber_free_buf( ber );
 		send_ldap_result( conn, op, LDAP_OTHER,
 			NULL, "encode DN error", NULL, NULL );
 		return -1;
 	}
 
+#ifdef LDAP_CONNECTIONLESS
+	if (conn->c_is_udp == 0) {
+#endif
 	bytes = op->o_noop ? 0 : send_ldap_ber( conn, ber );
 	ber_free_buf( ber );
 
@@ -1389,6 +1429,9 @@ slap_send_search_reference(
 	num_refs_sent++;
 	num_pdu_sent++;
 	ldap_pvt_thread_mutex_unlock( &num_sent_mutex );
+#ifdef LDAP_CONNECTIONLESS
+	}
+#endif
 
 	Statslog( LDAP_DEBUG_STATS2, "conn=%lu op=%lu REF dn=\"%s\"\n",
 		conn->c_connid, op->o_opid, e ? e->e_dn : "(null)", 0, 0 );
diff --git a/servers/slapd/slap.h b/servers/slapd/slap.h
index edabd2292b..9ba350adc0 100644
--- a/servers/slapd/slap.h
+++ b/servers/slapd/slap.h
@@ -1674,6 +1674,8 @@ typedef struct slap_op {
 	char o_subentries_visibility;
 	char o_valuesreturnfilter;
 
+	char o_permitmodify;
+	char o_noreferrals;
 	char o_pagedresults;
 	ber_int_t o_pagedresults_size;
 	PagedResultsState o_pagedresults_state;
@@ -1698,6 +1700,9 @@ typedef struct slap_op {
 	AuthorizationInformation o_authz;
 
 	BerElement	*o_ber;		/* ber of the request		  */
+#ifdef LDAP_CONNECTIONLESS
+	BerElement	*o_res_ber;	/* ber of the reply		  */
+#endif
 	slap_callback	*o_callback;	/* callback pointers */
 	LDAPControl	**o_ctrls;	 /* controls */
 
-- 
2.39.5