openldap/servers/slapd/result.c

996 lines
21 KiB
C
Raw Normal View History

1998-08-09 08:43:13 +08:00
/* result.c - routines to send ldap results, errors, and referrals */
/* $OpenLDAP$ */
1998-08-09 08:43:13 +08:00
#include "portable.h"
1998-10-25 09:41:42 +08:00
#include <stdio.h>
#include <ac/socket.h>
1998-10-25 09:41:42 +08:00
#include <ac/errno.h>
#include <ac/signal.h>
#include <ac/string.h>
#include <ac/ctype.h>
1998-10-25 09:41:42 +08:00
#include <ac/time.h>
#include <ac/unistd.h>
1998-10-25 09:41:42 +08:00
1998-08-09 08:43:13 +08:00
#include "slap.h"
Vienna Bulk Commit This commit includes many changes. All changes compile under NT but have not been tested under UNIX. A Summary of changes (likely incomplete): NT changes: Removed lint. Clean up configuration support for "Debug", "Release", "SDebug", and "SRelease" configurations. Share output directories for clients, libraries, and slapd. (maybe they should be combined further and moved to build/{,S}{Debug,Release}). Enable threading when _MT is defined. Enable debuging when _DEBUG is defined. Disable setting of NDEBUG under Release/SRelease. Asserts are disabled in <ac/assert.h> when LDAP_DEBUG is not defined. Added 'build/main.dsp' Master project. Removed non-slapd projects from slapd.dsp (see main.dsp). Removed replaced many uses of _WIN32 macro with feature based macros. ldap_cdefs.h changes #define LDAP_CONST const (see below) #define LDAP_F(type) LDAP_F_PRE type LDAP_F_POST To allow specifiers to be added before and after the type declaration. (For DLL handling) LBER/LDAP changes Namespace changes: s/lber_/ber_/ for here and there. s/NAME_ERROR/LDAP_NAME_ERROR/g Deleted NULLMSG and other NULL* macros for namespace reasons. "const" libraries. Installed headers (ie: lber.h, ldap.h) use LDAP_CONST macro. Normally set to 'const' when __STDC__. Can be set externally to enable/disable 'constification' of external interface. Internal interface always uses 'const'. Did not fix warnings in -lldif (in lieu of new LDIF parser). Added _ext API implementations (excepting search and bind). Need to implement ldap_int_get_controls() for reponses with controls. Added numberous assert() checks. LDAP_R _MT defines HAVE_NT_THREADS Added numberous assert() checks. Changed ldap_pthread_t back to unsigned long. Used cast to HANDLE in _join(). LDBM Replaced _WIN32 with HAVE_SYSLOG ud Added version string if MKVERSION is not defined. (MKVERSION needs to be set under UNIX). slapd Made connection sockbuf field a pointer to a sockbuf. This removed slap.h dependency on lber-int.h. lber-int.h now only included by those files needing to mess with the sockbuf. Used ber_* functions/macros to access sockbuf internals whenever possible. Added version string if MKVERSION is not defined. (MKVERSION needs to be set under UNIX). Removed FD_SET unsigned lint slapd/tools Used EXEEXT to added ".exe" to routines. Need to define EXEEXT under UNIX. ldappasswd Added ldappasswd.dsp. Ported to NT. Used getpid() to seed rand(). nt_debug Minor cleanup. Added "portable.h" include and used <ac/*.h> where appropriate. Added const to char* format argument.
1999-05-19 09:12:33 +08:00
/* we need LBER internals */
#include "../../libraries/liblber/lber-int.h"
static char *v2ref( struct berval **ref, const char *text )
1998-08-09 08:43:13 +08:00
{
size_t len = 0, i = 0;
char *v2;
1998-08-09 08:43:13 +08:00
if(ref == NULL)
{
if (text)
return ch_strdup(text);
else
return NULL;
}
if (text) {
len = strlen( text );
if (text[len-1] != '\n')
i = 1;
}
v2 = ch_malloc( len+i+sizeof("Referral:") );
if (text) {
strcpy(v2, text);
if (i)
v2[len++] = '\n';
}
strcpy( v2+len, "Referral:" );
1999-11-02 07:23:41 +08:00
len += sizeof("Referral:");
for( i=0; ref[i] != NULL; i++ ) {
v2 = ch_realloc( v2, len + ref[i]->bv_len + 1 );
v2[len-1] = '\n';
memcpy(&v2[len], ref[i]->bv_val, ref[i]->bv_len );
len += ref[i]->bv_len;
if (ref[i]->bv_val[ref[i]->bv_len-1] != '/')
++len;
}
v2[len-1] = '\0';
return v2;
}
1998-08-09 08:43:13 +08:00
static ber_tag_t req2res( ber_tag_t tag )
{
switch( tag ) {
case LDAP_REQ_ADD:
case LDAP_REQ_BIND:
case LDAP_REQ_COMPARE:
case LDAP_REQ_EXTENDED:
case LDAP_REQ_MODIFY:
case LDAP_REQ_MODRDN:
tag++;
break;
case LDAP_REQ_DELETE:
tag = LDAP_RES_DELETE;
break;
case LDAP_REQ_ABANDON:
case LDAP_REQ_UNBIND:
tag = LBER_SEQUENCE;
break;
case LDAP_REQ_SEARCH:
tag = LDAP_RES_SEARCH_RESULT;
break;
default:
assert( 0 );
tag = LBER_ERROR;
}
return tag;
}
1998-08-09 08:43:13 +08:00
static void trim_refs_urls(
struct berval **refs )
{
unsigned i;
1998-08-09 08:43:13 +08:00
if( refs == NULL ) return;
1998-08-09 08:43:13 +08:00
for( i=0; refs[i] != NULL; i++ ) {
if( refs[i]->bv_len > sizeof("ldap://")-1 &&
strncasecmp( refs[i]->bv_val, "ldap://",
sizeof("ldap://")-1 ) == 0 )
{
unsigned j;
for( j=sizeof("ldap://")-1; j<refs[i]->bv_len ; j++ ) {
1999-09-06 06:13:22 +08:00
if( refs[i]->bv_val[j] == '/' ) {
refs[i]->bv_val[j] = '\0';
refs[i]->bv_len = j;
break;
}
}
}
1998-08-09 08:43:13 +08:00
}
}
1998-08-09 08:43:13 +08:00
struct berval **get_entry_referrals(
Backend *be,
Connection *conn,
Operation *op,
Entry *e )
{
Attribute *attr;
struct berval **refs;
unsigned i, j;
attr = attr_find( e->e_attrs, "ref" );
if( attr == NULL ) return NULL;
for( i=0; attr->a_vals[i] != NULL; i++ ) {
/* count references */
1998-08-09 08:43:13 +08:00
}
if( i < 1 ) return NULL;
refs = ch_malloc( i + 1 );
for( i=0, j=0; attr->a_vals[i] != NULL; i++ ) {
unsigned k;
struct berval *ref = ber_bvdup( attr->a_vals[i] );
/* trim the label */
for( k=0; k<ref->bv_len; k++ ) {
if( isspace(ref->bv_val[k]) ) {
ref->bv_val[k] = '\0';
ref->bv_len = k;
break;
}
}
if( ref->bv_len > 0 ) {
refs[j++] = ref;
} else {
ber_bvfree( ref );
}
}
1998-08-09 08:43:13 +08:00
refs[j] = NULL;
if( j == 0 ) {
ber_bvecfree( refs );
refs = NULL;
1998-08-09 08:43:13 +08:00
}
/* we should check that a referral value exists... */
return refs;
}
static long send_ldap_ber(
Connection *conn,
BerElement *ber )
{
1999-11-08 23:38:59 +08:00
ber_len_t bytes;
ber_get_option( ber, LBER_OPT_BER_BYTES_TO_WRITE, &bytes );
1998-08-09 08:43:13 +08:00
/* write only one pdu at a time - wait til it's our turn */
ldap_pvt_thread_mutex_lock( &conn->c_write_mutex );
/* lock the connection */
ldap_pvt_thread_mutex_lock( &conn->c_mutex );
1998-08-09 08:43:13 +08:00
/* write the pdu */
while( 1 ) {
int err;
if ( connection_state_closing( conn ) ) {
ldap_pvt_thread_mutex_unlock( &conn->c_mutex );
ldap_pvt_thread_mutex_unlock( &conn->c_write_mutex );
return 0;
}
if ( ber_flush( conn->c_sb, ber, 0 ) == 0 ) {
break;
}
err = errno;
1998-08-09 08:43:13 +08:00
/*
* we got an error. if it's ewouldblock, we need to
* wait on the socket being writable. otherwise, figure
* it's a hard error and return.
*/
1999-08-19 08:40:18 +08:00
Debug( LDAP_DEBUG_CONNS, "ber_flush failed errno=%d reason=\"%s\"\n",
1999-08-30 04:13:33 +08:00
err, STRERROR(err), 0 );
1998-08-09 08:43:13 +08:00
if ( err != EWOULDBLOCK && err != EAGAIN ) {
connection_closing( conn );
1998-08-09 08:43:13 +08:00
ldap_pvt_thread_mutex_unlock( &conn->c_mutex );
ldap_pvt_thread_mutex_unlock( &conn->c_write_mutex );
return( -1 );
1998-08-09 08:43:13 +08:00
}
/* wait for socket to be write-ready */
conn->c_writewaiter = 1;
Vienna Bulk Commit This commit includes many changes. All changes compile under NT but have not been tested under UNIX. A Summary of changes (likely incomplete): NT changes: Removed lint. Clean up configuration support for "Debug", "Release", "SDebug", and "SRelease" configurations. Share output directories for clients, libraries, and slapd. (maybe they should be combined further and moved to build/{,S}{Debug,Release}). Enable threading when _MT is defined. Enable debuging when _DEBUG is defined. Disable setting of NDEBUG under Release/SRelease. Asserts are disabled in <ac/assert.h> when LDAP_DEBUG is not defined. Added 'build/main.dsp' Master project. Removed non-slapd projects from slapd.dsp (see main.dsp). Removed replaced many uses of _WIN32 macro with feature based macros. ldap_cdefs.h changes #define LDAP_CONST const (see below) #define LDAP_F(type) LDAP_F_PRE type LDAP_F_POST To allow specifiers to be added before and after the type declaration. (For DLL handling) LBER/LDAP changes Namespace changes: s/lber_/ber_/ for here and there. s/NAME_ERROR/LDAP_NAME_ERROR/g Deleted NULLMSG and other NULL* macros for namespace reasons. "const" libraries. Installed headers (ie: lber.h, ldap.h) use LDAP_CONST macro. Normally set to 'const' when __STDC__. Can be set externally to enable/disable 'constification' of external interface. Internal interface always uses 'const'. Did not fix warnings in -lldif (in lieu of new LDIF parser). Added _ext API implementations (excepting search and bind). Need to implement ldap_int_get_controls() for reponses with controls. Added numberous assert() checks. LDAP_R _MT defines HAVE_NT_THREADS Added numberous assert() checks. Changed ldap_pthread_t back to unsigned long. Used cast to HANDLE in _join(). LDBM Replaced _WIN32 with HAVE_SYSLOG ud Added version string if MKVERSION is not defined. (MKVERSION needs to be set under UNIX). slapd Made connection sockbuf field a pointer to a sockbuf. This removed slap.h dependency on lber-int.h. lber-int.h now only included by those files needing to mess with the sockbuf. Used ber_* functions/macros to access sockbuf internals whenever possible. Added version string if MKVERSION is not defined. (MKVERSION needs to be set under UNIX). Removed FD_SET unsigned lint slapd/tools Used EXEEXT to added ".exe" to routines. Need to define EXEEXT under UNIX. ldappasswd Added ldappasswd.dsp. Ported to NT. Used getpid() to seed rand(). nt_debug Minor cleanup. Added "portable.h" include and used <ac/*.h> where appropriate. Added const to char* format argument.
1999-05-19 09:12:33 +08:00
slapd_set_write( ber_pvt_sb_get_desc( conn->c_sb ), 1 );
ldap_pvt_thread_cond_wait( &conn->c_write_cv, &conn->c_mutex );
conn->c_writewaiter = 0;
1998-08-09 08:43:13 +08:00
}
1999-03-23 03:46:44 +08:00
ldap_pvt_thread_mutex_unlock( &conn->c_mutex );
ldap_pvt_thread_mutex_unlock( &conn->c_write_mutex );
return bytes;
}
static void
send_ldap_response(
Connection *conn,
Operation *op,
ber_tag_t tag,
ber_int_t msgid,
ber_int_t err,
1999-08-21 03:50:11 +08:00
const char *matched,
const char *text,
struct berval **ref,
1999-08-21 03:50:11 +08:00
const char *resoid,
struct berval *resdata,
struct berval *sasldata,
LDAPControl **ctrls
)
{
BerElement *ber;
int rc;
long bytes;
assert( ctrls == NULL ); /* ctrls not implemented */
ber = ber_alloc_t( LBER_USE_DER );
Debug( LDAP_DEBUG_TRACE, "send_ldap_response: msgid=%ld tag=%ld err=%ld\n",
(long) msgid, (long) tag, (long) err );
if ( ber == NULL ) {
Debug( LDAP_DEBUG_ANY, "ber_alloc failed\n", 0, 0, 0 );
return;
}
#ifdef LDAP_CONNECTIONLESS
if ( op->o_cldap ) {
rc = ber_printf( ber, "{is{t{ess}}}", msgid, "", tag,
err, matched ? matched : "", text ? text : "" );
} else
#endif
{
rc = ber_printf( ber, "{it{ess",
msgid, tag, err,
matched == NULL ? "" : matched,
text == NULL ? "" : text );
if( rc != -1 && ref != NULL ) {
rc = ber_printf( ber, "{V}", ref );
}
if( rc != -1 && sasldata != NULL ) {
rc = ber_printf( ber, "tO",
LDAP_TAG_SASL_RES_CREDS, sasldata );
}
if( rc != -1 && resoid != NULL ) {
rc = ber_printf( ber, "ts",
LDAP_TAG_EXOP_RES_OID, resoid );
}
if( rc != -1 && resdata != NULL ) {
rc = ber_printf( ber, "tO",
LDAP_TAG_EXOP_RES_VALUE, resdata );
}
if( rc != -1 ) {
rc = ber_printf( ber, "}}" );
}
}
if ( rc == -1 ) {
Debug( LDAP_DEBUG_ANY, "ber_printf failed\n", 0, 0, 0 );
ber_free( ber, 1 );
return;
}
/* send BER */
bytes = send_ldap_ber( conn, ber );
ber_free( ber, 1 );
if ( bytes < 0 ) {
Debug( LDAP_DEBUG_ANY,
"send_ldap_response: ber write failed\n",
0, 0, 0 );
return;
}
ldap_pvt_thread_mutex_lock( &num_sent_mutex );
1998-08-09 08:43:13 +08:00
num_bytes_sent += bytes;
num_pdu_sent++;
ldap_pvt_thread_mutex_unlock( &num_sent_mutex );
1998-08-09 08:43:13 +08:00
return;
}
1998-08-09 08:43:13 +08:00
void
send_ldap_disconnect(
1998-08-09 08:43:13 +08:00
Connection *conn,
Operation *op,
ber_int_t err,
1999-08-21 03:00:44 +08:00
const char *text
1998-08-09 08:43:13 +08:00
)
{
ber_tag_t tag;
ber_int_t msgid;
char *reqoid;
#define LDAP_UNSOLICITED_ERROR(e) \
( (e) == LDAP_PROTOCOL_ERROR \
|| (e) == LDAP_STRONG_AUTH_REQUIRED \
|| (e) == LDAP_UNAVAILABLE )
assert( LDAP_UNSOLICITED_ERROR( err ) );
Debug( LDAP_DEBUG_TRACE,
"send_ldap_disconnect %d:%s\n",
err, text ? text : "", NULL );
if ( op->o_protocol < LDAP_VERSION3 ) {
reqoid = NULL;
tag = req2res( op->o_tag );
msgid = (tag != LBER_SEQUENCE) ? op->o_msgid : 0;
} else {
reqoid = LDAP_NOTICE_DISCONNECT;
tag = LDAP_RES_EXTENDED;
msgid = 0;
}
1998-10-25 09:41:42 +08:00
#ifdef LDAP_CONNECTIONLESS
1998-08-09 08:43:13 +08:00
if ( op->o_cldap ) {
1999-07-13 14:39:55 +08:00
ber_pvt_sb_udp_set_dst( conn->c_sb, &op->o_clientaddr );
1998-08-09 08:43:13 +08:00
Debug( LDAP_DEBUG_TRACE, "UDP response to %s port %d\n",
inet_ntoa(((struct sockaddr_in *)
&op->o_clientaddr)->sin_addr ),
((struct sockaddr_in *) &op->o_clientaddr)->sin_port,
1998-08-09 08:43:13 +08:00
0 );
}
#endif
send_ldap_response( conn, op, tag, msgid,
err, NULL, text, NULL,
reqoid, NULL, NULL, NULL );
Statslog( LDAP_DEBUG_STATS,
"conn=%ld op=%ld DISCONNECT err=%ld tag=%lu text=%s\n",
(long) op->o_connid, (long) op->o_opid,
1999-08-16 14:28:33 +08:00
(long) tag, (long) err, text ? text : "" );
}
void
send_ldap_result(
Connection *conn,
Operation *op,
ber_int_t err,
1999-08-21 03:00:44 +08:00
const char *matched,
const char *text,
struct berval **ref,
LDAPControl **ctrls
)
{
ber_tag_t tag;
ber_int_t msgid;
char *tmp = NULL;
assert( !LDAP_API_ERROR( err ) );
Debug( LDAP_DEBUG_TRACE, "send_ldap_result: conn=%ld op=%ld p=%d\n",
(long) op->o_connid, (long) op->o_opid, op->o_protocol );
Debug( LDAP_DEBUG_ARGS, "send_ldap_result: %d:%s:%s\n",
err, matched ? matched : "", text ? text : "" );
assert( err != LDAP_PARTIAL_RESULTS );
if( op->o_tag != LDAP_REQ_SEARCH ) {
trim_refs_urls( ref );
}
if ( err == LDAP_REFERRAL ) {
if( ref == NULL ) {
err = LDAP_NO_SUCH_OBJECT;
} else if ( op->o_protocol < LDAP_VERSION3 ) {
err = LDAP_PARTIAL_RESULTS;
}
}
if ( op->o_protocol < LDAP_VERSION3 ) {
tmp = v2ref( ref, text );
text = tmp;
ref = NULL;
}
tag = req2res( op->o_tag );
msgid = (tag != LBER_SEQUENCE) ? op->o_msgid : 0;
#ifdef LDAP_CONNECTIONLESS
if ( op->o_cldap ) {
1999-07-13 14:39:55 +08:00
ber_pvt_sb_udp_set_dst( conn->c_sb, &op->o_clientaddr );
Debug( LDAP_DEBUG_TRACE, "UDP response to %s port %d\n",
inet_ntoa(((struct sockaddr_in *)
&op->o_clientaddr)->sin_addr ),
((struct sockaddr_in *) &op->o_clientaddr)->sin_port,
0 );
}
#endif
send_ldap_response( conn, op, tag, msgid,
err, matched, text, ref,
NULL, NULL, NULL, ctrls );
Statslog( LDAP_DEBUG_STATS,
"conn=%ld op=%ld RESULT tag=%lu err=%ld text=%s\n",
(long) op->o_connid, (long) op->o_opid,
1999-08-16 14:28:33 +08:00
(long) tag, (long) err, text ? text : "" );
if( tmp != NULL ) {
ch_free(tmp);
}
1998-08-09 08:43:13 +08:00
}
void
send_ldap_sasl(
Connection *conn,
Operation *op,
ber_int_t err,
const char *matched,
const char *text,
struct berval **ref,
LDAPControl **ctrls,
struct berval *cred
)
{
ber_tag_t tag;
ber_int_t msgid;
Debug( LDAP_DEBUG_TRACE, "send_ldap_sasl %ld\n",
(long) err, NULL, NULL );
tag = req2res( op->o_tag );
msgid = (tag != LBER_SEQUENCE) ? op->o_msgid : 0;
#ifdef LDAP_CONNECTIONLESS
if ( op->o_cldap ) {
ber_pvt_sb_udp_set_dst( conn->c_sb, &op->o_clientaddr );
Debug( LDAP_DEBUG_TRACE, "UDP response to %s port %d\n",
inet_ntoa(((struct sockaddr_in *)
&op->o_clientaddr)->sin_addr ),
((struct sockaddr_in *) &op->o_clientaddr)->sin_port,
0 );
}
#endif
send_ldap_response( conn, op, tag, msgid,
err, matched, text, ref,
NULL, NULL, cred, ctrls );
}
void
send_ldap_extended(
Connection *conn,
Operation *op,
ber_int_t err,
const char *matched,
const char *text,
struct berval **refs,
char *rspoid,
struct berval *rspdata,
LDAPControl **ctrls
)
{
ber_tag_t tag;
ber_int_t msgid;
Debug( LDAP_DEBUG_TRACE,
"send_ldap_extended %ld:%s (%ld)\n",
(long) err,
rspoid ? rspoid : "",
rspdata != NULL ? (long) rspdata->bv_len : (long) 0 );
tag = req2res( op->o_tag );
msgid = (tag != LBER_SEQUENCE) ? op->o_msgid : 0;
#ifdef LDAP_CONNECTIONLESS
if ( op->o_cldap ) {
ber_pvt_sb_udp_set_dst( conn->c_sb, &op->o_clientaddr );
Debug( LDAP_DEBUG_TRACE, "UDP response to %s port %d\n",
inet_ntoa(((struct sockaddr_in *)
&op->o_clientaddr)->sin_addr ),
((struct sockaddr_in *) &op->o_clientaddr)->sin_port,
0 );
}
#endif
send_ldap_response( conn, op, tag, msgid,
err, matched, text, refs,
rspoid, rspdata, NULL, ctrls );
}
1998-08-09 08:43:13 +08:00
void
send_search_result(
1998-08-09 08:43:13 +08:00
Connection *conn,
Operation *op,
ber_int_t err,
1999-08-21 03:00:44 +08:00
const char *matched,
const char *text,
struct berval **refs,
LDAPControl **ctrls,
1998-08-09 08:43:13 +08:00
int nentries
)
{
ber_tag_t tag;
ber_int_t msgid;
char *tmp = NULL;
assert( !LDAP_API_ERROR( err ) );
Debug( LDAP_DEBUG_TRACE, "send_ldap_search_result %d:%s:%s\n",
err, matched ? matched : "", text ? text : "" );
assert( err != LDAP_PARTIAL_RESULTS );
trim_refs_urls( refs );
if( op->o_protocol < LDAP_VERSION3 ) {
/* send references in search results */
if( err == LDAP_REFERRAL ) {
err = LDAP_PARTIAL_RESULTS;
}
tmp = v2ref( refs, text );
text = tmp;
refs = NULL;
} else {
/* don't send references in search results */
assert( refs == NULL );
refs = NULL;
if( err == LDAP_REFERRAL ) {
err = LDAP_SUCCESS;
}
}
tag = req2res( op->o_tag );
msgid = (tag != LBER_SEQUENCE) ? op->o_msgid : 0;
#ifdef LDAP_CONNECTIONLESS
if ( op->o_cldap ) {
1999-09-02 15:41:58 +08:00
ber_pvt_sb_udp_set_dst( conn->c_sb, &op->o_clientaddr );
Debug( LDAP_DEBUG_TRACE, "UDP response to %s port %d\n",
inet_ntoa(((struct sockaddr_in *)
&op->o_clientaddr)->sin_addr ),
((struct sockaddr_in *) &op->o_clientaddr)->sin_port,
0 );
}
#endif
send_ldap_response( conn, op, tag, msgid,
err, matched, text, refs,
NULL, NULL, NULL, ctrls );
Statslog( LDAP_DEBUG_STATS,
"conn=%ld op=%ld SEARCH RESULT tag=%lu err=%ld text=%s\n",
(long) op->o_connid, (long) op->o_opid,
1999-08-16 14:28:33 +08:00
(long) tag, (long) err, text ? text : "" );
if (tmp != NULL)
ch_free(tmp);
1998-08-09 08:43:13 +08:00
}
1998-08-09 08:43:13 +08:00
int
send_search_entry(
Backend *be,
Connection *conn,
Operation *op,
Entry *e,
char **attrs,
int attrsonly,
LDAPControl **ctrls
1998-08-09 08:43:13 +08:00
)
{
BerElement *ber;
Attribute *a, *aa;
int i, rc=-1, bytes;
char *edn;
int userattrs;
int opattrs;
1998-08-09 08:43:13 +08:00
Debug( LDAP_DEBUG_TRACE, "=> send_search_entry: \"%s\"\n", e->e_dn, 0, 0 );
1998-08-09 08:43:13 +08:00
if ( ! access_allowed( be, conn, op, e,
"entry", NULL, ACL_READ ) )
{
1998-08-09 08:43:13 +08:00
Debug( LDAP_DEBUG_ACL, "acl: access to entry not allowed\n",
0, 0, 0 );
return( 1 );
}
edn = e->e_ndn;
ber = ber_alloc_t( LBER_USE_DER );
if ( ber == NULL ) {
1998-08-09 08:43:13 +08:00
Debug( LDAP_DEBUG_ANY, "ber_alloc failed\n", 0, 0, 0 );
send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR,
NULL, "allocating BER error", NULL, NULL );
goto error_return;
1998-08-09 08:43:13 +08:00
}
rc = ber_printf( ber, "{it{s{", op->o_msgid,
LDAP_RES_SEARCH_ENTRY, e->e_dn );
1998-08-09 08:43:13 +08:00
if ( rc == -1 ) {
Debug( LDAP_DEBUG_ANY, "ber_printf failed\n", 0, 0, 0 );
ber_free( ber, 1 );
send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR,
NULL, "encoding dn error", NULL, NULL );
goto error_return;
1998-08-09 08:43:13 +08:00
}
/* check for special all user attributes ("*") type */
userattrs = ( attrs == NULL ) ? 1
: charray_inlist( attrs, LDAP_ALL_USER_ATTRIBUTES );
/* check for special all operational attributes ("+") type */
opattrs = ( attrs == NULL ) ? 0
: charray_inlist( attrs, LDAP_ALL_OPERATIONAL_ATTRIBUTES );
1998-08-09 08:43:13 +08:00
for ( a = e->e_attrs; a != NULL; a = a->a_next ) {
char *desc;
#ifdef SLAPD_SCHEMA_NOT_COMPAT
desc = a->a_desc.ad_type->sat_cname;
#else
desc = a->a_type;
#endif
if ( attrs == NULL ) {
/* all addrs request, skip operational attributes */
if( !opattrs && oc_check_op_attr( desc ) ) {
continue;
}
} else {
/* specific addrs requested */
if ( oc_check_op_attr( desc ) )
{
if( !opattrs && !charray_inlist( attrs, desc ) ) {
continue;
}
} else {
if (!userattrs && !charray_inlist( attrs, desc ) ) {
1999-07-23 04:19:18 +08:00
continue;
}
}
}
1998-08-09 08:43:13 +08:00
if ( ! access_allowed( be, conn, op, e, desc, NULL, ACL_READ ) ) {
Debug( LDAP_DEBUG_ACL, "acl: access to attribute %s not allowed\n",
desc, 0, 0 );
1998-08-09 08:43:13 +08:00
continue;
}
if (( rc = ber_printf( ber, "{s[" /*]}*/ , desc )) == -1 ) {
1998-08-09 08:43:13 +08:00
Debug( LDAP_DEBUG_ANY, "ber_printf failed\n", 0, 0, 0 );
ber_free( ber, 1 );
send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR,
NULL, "encoding type error", NULL, NULL );
goto error_return;
1998-08-09 08:43:13 +08:00
}
if ( ! attrsonly ) {
for ( i = 0; a->a_vals[i] != NULL; i++ ) {
if ( ! access_allowed( be, conn, op, e,
desc, a->a_vals[i], ACL_READ ) )
1998-08-09 08:43:13 +08:00
{
Debug( LDAP_DEBUG_ACL,
"acl: access to attribute %s, value %d not allowed\n",
desc, i, 0 );
1998-08-09 08:43:13 +08:00
continue;
}
if (( rc = ber_printf( ber, "O", a->a_vals[i] )) == -1 ) {
1998-08-09 08:43:13 +08:00
Debug( LDAP_DEBUG_ANY,
"ber_printf failed\n", 0, 0, 0 );
ber_free( ber, 1 );
send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR,
NULL, "encoding value error", NULL, NULL );
goto error_return;
1998-08-09 08:43:13 +08:00
}
}
}
if (( rc = ber_printf( ber, /*{[*/ "]}" )) == -1 ) {
1998-08-09 08:43:13 +08:00
Debug( LDAP_DEBUG_ANY, "ber_printf failed\n", 0, 0, 0 );
ber_free( ber, 1 );
send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR,
NULL, "encode end error", NULL, NULL );
goto error_return;
1998-08-09 08:43:13 +08:00
}
}
/* eventually will loop through generated operational attributes */
/* only have subschemaSubentry implemented */
aa = backend_operational( be, e );
1999-07-24 09:27:32 +08:00
for (a = aa ; a == NULL; a = a->a_next ) {
char *desc;
#ifdef SLAPD_SCHEMA_NOT_COMPAT
desc = a->a_desc.ad_type->sat_cname;
#else
desc = a->a_type;
#endif
1999-07-24 09:27:32 +08:00
if ( attrs == NULL ) {
/* all addrs request, skip operational attributes */
if( !opattrs && oc_check_op_attr( desc ) ) {
1999-07-24 09:27:32 +08:00
continue;
}
} else {
/* specific addrs requested */
if ( oc_check_op_attr( desc ) ) {
if( !opattrs && !charray_inlist( attrs, desc ) )
{
continue;
}
} else {
if (!userattrs && !charray_inlist( attrs, desc ) )
1999-07-24 09:27:32 +08:00
{
continue;
}
}
}
if ( ! access_allowed( be, conn, op, e, desc, NULL, ACL_READ ) ) {
Debug( LDAP_DEBUG_ACL, "acl: access to attribute %s not allowed\n",
desc, 0, 0 );
1999-07-24 09:27:32 +08:00
continue;
}
if (( rc = ber_printf( ber, "{s[" /*]}*/ , desc )) == -1 ) {
1999-07-24 09:27:32 +08:00
Debug( LDAP_DEBUG_ANY, "ber_printf failed\n", 0, 0, 0 );
ber_free( ber, 1 );
send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR,
NULL, "encoding type error", NULL, NULL );
goto error_return;
}
if ( ! attrsonly ) {
for ( i = 0; a->a_vals[i] != NULL; i++ ) {
if ( ! access_allowed( be, conn, op, e,
desc, a->a_vals[i], ACL_READ ) )
1999-07-24 09:27:32 +08:00
{
Debug( LDAP_DEBUG_ACL,
"acl: access to attribute %s, value %d not allowed\n",
desc, i, 0 );
1999-07-24 09:27:32 +08:00
continue;
}
1999-07-24 09:27:32 +08:00
if (( rc = ber_printf( ber, "O", a->a_vals[i] )) == -1 ) {
Debug( LDAP_DEBUG_ANY,
"ber_printf failed\n", 0, 0, 0 );
ber_free( ber, 1 );
send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR,
NULL, "encoding value error", NULL, NULL );
goto error_return;
}
}
}
if (( rc = ber_printf( ber, /*{[*/ "]}" )) == -1 ) {
Debug( LDAP_DEBUG_ANY, "ber_printf failed\n", 0, 0, 0 );
ber_free( ber, 1 );
send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR,
NULL, "encode end error", NULL, NULL );
goto error_return;
}
}
attrs_free( aa );
1999-07-24 09:27:32 +08:00
rc = ber_printf( ber, /*{{{*/ "}}}" );
1998-08-09 08:43:13 +08:00
if ( rc == -1 ) {
Debug( LDAP_DEBUG_ANY, "ber_printf failed\n", 0, 0, 0 );
ber_free( ber, 1 );
send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR,
NULL, "encode entry end error", NULL, NULL );
1998-08-09 08:43:13 +08:00
return( 1 );
}
bytes = send_ldap_ber( conn, ber );
ber_free( ber, 1 );
if ( bytes < 0 ) {
Debug( LDAP_DEBUG_ANY,
"send_ldap_response: ber write failed\n",
0, 0, 0 );
return -1;
}
1998-08-09 08:43:13 +08:00
ldap_pvt_thread_mutex_lock( &num_sent_mutex );
num_bytes_sent += bytes;
num_entries_sent++;
num_pdu_sent++;
ldap_pvt_thread_mutex_unlock( &num_sent_mutex );
Statslog( LDAP_DEBUG_STATS2, "conn=%ld op=%ld ENTRY dn=\"%s\"\n",
(long) conn->c_connid, (long) op->o_opid, e->e_dn, 0, 0 );
Debug( LDAP_DEBUG_TRACE, "<= send_search_entry\n", 0, 0, 0 );
rc = 0;
error_return:;
return( rc );
}
int
send_search_reference(
Backend *be,
Connection *conn,
Operation *op,
Entry *e,
struct berval **refs,
int scope,
LDAPControl **ctrls,
struct berval ***v2refs
)
{
BerElement *ber;
int rc;
int bytes;
1998-08-09 08:43:13 +08:00
Debug( LDAP_DEBUG_TRACE, "=> send_search_reference (%s)\n", e->e_dn, 0, 0 );
1998-08-09 08:43:13 +08:00
if ( ! access_allowed( be, conn, op, e,
"entry", NULL, ACL_READ ) )
{
Debug( LDAP_DEBUG_ACL,
"send_search_reference: access to entry not allowed\n",
0, 0, 0 );
return( 1 );
}
1998-08-09 08:43:13 +08:00
if ( ! access_allowed( be, conn, op, e,
"ref", NULL, ACL_READ ) )
{
Debug( LDAP_DEBUG_ACL,
"send_search_reference: access to reference not allowed\n",
0, 0, 0 );
return( 1 );
}
if( refs == NULL ) {
Debug( LDAP_DEBUG_ANY,
"send_search_reference: null ref in (%s)\n",
e->e_dn, 0, 0 );
return( 1 );
}
if( op->o_protocol < LDAP_VERSION3 ) {
/* save the references for the result */
if( *refs != NULL ) {
value_add( v2refs, refs );
1998-08-09 08:43:13 +08:00
}
return 0;
}
1998-08-09 08:43:13 +08:00
ber = ber_alloc_t( LBER_USE_DER );
1998-08-09 08:43:13 +08:00
if ( ber == NULL ) {
Debug( LDAP_DEBUG_ANY,
"send_search_reference: ber_alloc failed\n", 0, 0, 0 );
send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR,
NULL, "alloc BER error", NULL, NULL );
return -1;
1998-08-09 08:43:13 +08:00
}
rc = ber_printf( ber, "{it{V}}", op->o_msgid,
LDAP_RES_SEARCH_REFERENCE, refs );
if ( rc == -1 ) {
Debug( LDAP_DEBUG_ANY,
"send_search_reference: ber_printf failed\n", 0, 0, 0 );
ber_free( ber, 1 );
send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR,
NULL, "encode dn error", NULL, NULL );
return -1;
}
bytes = send_ldap_ber( conn, ber );
ber_free( ber, 1 );
ldap_pvt_thread_mutex_lock( &num_sent_mutex );
1998-08-09 08:43:13 +08:00
num_bytes_sent += bytes;
num_refs_sent++;
num_pdu_sent++;
ldap_pvt_thread_mutex_unlock( &num_sent_mutex );
1998-08-09 08:43:13 +08:00
Statslog( LDAP_DEBUG_STATS2, "conn=%ld op=%ld ENTRY dn=\"%s\"\n",
(long) conn->c_connid, (long) op->o_opid, e->e_dn, 0, 0 );
1998-08-09 08:43:13 +08:00
Debug( LDAP_DEBUG_TRACE, "<= send_search_reference\n", 0, 0, 0 );
1998-08-09 08:43:13 +08:00
return 0;
1998-08-09 08:43:13 +08:00
}
1998-08-09 08:43:13 +08:00
int
str2result(
char *s,
int *code,
char **matched,
char **info
)
{
int rc;
char *c;
*code = LDAP_SUCCESS;
*matched = NULL;
*info = NULL;
if ( strncasecmp( s, "RESULT", 6 ) != 0 ) {
Debug( LDAP_DEBUG_ANY, "str2result (%s) expecting \"RESULT\"\n",
s, 0, 0 );
return( -1 );
}
rc = 0;
while ( (s = strchr( s, '\n' )) != NULL ) {
*s++ = '\0';
if ( *s == '\0' ) {
break;
}
if ( (c = strchr( s, ':' )) != NULL ) {
c++;
}
if ( strncasecmp( s, "code", 4 ) == 0 ) {
if ( c != NULL ) {
*code = atoi( c );
}
} else if ( strncasecmp( s, "matched", 7 ) == 0 ) {
if ( c != NULL ) {
*matched = c;
}
} else if ( strncasecmp( s, "info", 4 ) == 0 ) {
if ( c != NULL ) {
*info = c;
}
} else {
Debug( LDAP_DEBUG_ANY, "str2result (%s) unknown\n",
s, 0, 0 );
rc = -1;
}
}
return( rc );
}