int
bind_compare_error_wakeup (struct oper_act *on)
{
int errmsg = DSE_SV_DITERROR;
int errtype = DBE_TYPE_SERVICE;
DLOG(log_dsap, LLOG_TRACE, ("bind_compare_error_wakeup()"));
/*
* Check for referral and rechain if appropriate;
* Otherwise check if error requires propagation
* or another of the original di_blocks to be chained to.
*/
if(on->on_bind_compare == NULLCONN) {
LLOG(log_dsap, LLOG_EXCEPTIONS, ("bind_compare_error_wakeup - connection initiating compare already failed"));
} else {
struct ds_bind_error * error = &(on->on_bind_compare->cn_start.cs_err);
switch(on->on_resp.di_error.de_err.dse_type) {
case DSE_NOERROR:
LLOG(log_dsap, LLOG_EXCEPTIONS, ("bind_compare_error_wakeup() - no error!"));
break;
case DSE_REFERRAL:
LLOG(log_dsap, LLOG_EXCEPTIONS, ("bind_compare_error_wakeup() - DAP referral received!"));
case DSE_DSAREFERRAL:
/* Follow referral */
if(oper_rechain(on) == OK)
return;
break;
case DSE_NAMEERROR:
case DSE_SECURITYERROR:
case DSE_ATTRIBUTEERROR:
errtype = DBE_TYPE_SECURITY;
errmsg = DSE_SC_INVALIDCREDENTIALS;
break;
case DSE_SERVICEERROR:
errmsg = on->on_resp.di_error.de_err.ERR_SERVICE.DSE_sv_problem;
break;
default:
log_ds_error(&on->on_resp.di_error.de_err);
DLOG(log_dsap, LLOG_DEBUG, ("bind_compare_error_wakeup() - assuming all errors finish operation!"));
break;
}
error->dbe_version = DBA_VERSION_V1988;
error->dbe_type = errtype;
error->dbe_value = errmsg;
conn_init_err(on->on_bind_compare);
}
oper_conn_extract(on);
oper_free(on);
}
dsEnqError list_start()
{
struct ds_search_arg search_arg;
struct ds_search_result result;
struct DSError error;
dsEnqError return_error;
return_error = Okay;
if (get_default_service (&search_arg.sra_common) != 0) {
return localdsaerror;
}
search_arg.sra_common.ca_servicecontrol.svc_options = SVC_OPT_PREFERCHAIN;
search_arg.sra_baseobject = (*base_path != 'T'?
str2dn (base_path):
NULLDN);
search_arg.sra_eis.eis_allattributes = FALSE;
search_arg.sra_eis.eis_infotypes = EIS_ATTRIBUTETYPESONLY;
search_arg.sra_eis.eis_select = 0;
search_arg.sra_searchaliases = TRUE;
search_arg.sra_subset = SRA_ONELEVEL;
search_arg.sra_filter = filter_alloc();
search_arg.sra_filter->flt_type = FILTER_NOT;
search_arg.sra_filter->flt_next = NULLFILTER;
search_arg.sra_filter->flt_un.flt_un_filter = filter_alloc();
search_arg.sra_filter->flt_un.flt_un_filter->flt_type = FILTER_ITEM;
search_arg.sra_filter->flt_un.flt_un_filter->flt_next = NULLFILTER;
search_arg.sra_filter->flt_un.flt_un_filter->flt_un.flt_un_item.fi_type
= FILTERITEM_EQUALITY;
search_arg.sra_filter->flt_un.flt_un_filter->flt_un.flt_un_item.fi_un.
fi_un_ava.ava_type = AttrT_new("2.5.4.0");
search_arg.sra_filter->flt_un.flt_un_filter->flt_un.flt_un_item.fi_un.
fi_un_ava.ava_value =
str2AttrV("dsa", search_arg.sra_filter->flt_un.flt_un_filter->
flt_un.flt_un_item.fi_un.fi_un_ava.ava_type->
oa_syntax);
#ifndef NO_STATS
LLOG (log_stat,LLOG_NOTICE,("search +%s,extent %d, val objectClass != dsa",
base_path,search_arg.sra_subset));
#endif
if (search_arg.sra_filter->flt_un.flt_un_filter->flt_un.flt_un_item.
fi_un.fi_un_ava.ava_value == NULLAttrV) {
return_error = localdsaerror;
} else if (ds_search (&search_arg, &error, &result) != DS_OK) {
free_seq(dnseq);
dnseq = NULLDS;
dn_number = 0;
log_ds_error(&error);
ds_error_free(&error);
switch (error.dse_type) {
case DSE_LOCALERROR:
return_error = duaerror;
break;
case DSE_REMOTEERROR:
return_error = localdsaerror;
break;
case DSE_ATTRIBUTEERROR:
return_error = attributerror;
break;
case DSE_REFERRAL:
case DSE_DSAREFERRAL:
return_error = remotedsaerror;
break;
case DSE_SECURITYERROR:
return_error = security;
break;
case DSE_NAMEERROR:
return_error = namerror;
break;
case DSE_SERVICEERROR:
return_error = serviceerror;
break;
default:
return_error = localdsaerror;
break;
}
} else {
dn_number = 0;
if (result.CSR_entries != NULLENTRYINFO) {
register EntryInfo *ptr;
free_seq(dnseq);
dnseq = NULLDS;
dn_number = 0;
for (ptr = result.CSR_entries; ptr != NULLENTRYINFO;
ptr = ptr->ent_next) {
dn_number++;
dn2buf ((caddr_t)ptr->ent_dn, goto_path);
add_seq (&dnseq, goto_path);
}
if (dn_number) dnseq = SortList(dnseq);
} else if (result.CSR_limitproblem == LSR_NOLIMITPROBLEM) {
free_seq(dnseq);
dnseq = NULLDS;
dn_number = 0;
return_error = nothingfound;
}
if (result.CSR_limitproblem != LSR_NOLIMITPROBLEM) {
switch (result.CSR_limitproblem) {
case LSR_TIMELIMITEXCEEDED:
if (dn_number > 0) return_error = timelimit_w_partial;
else {
free_seq(dnseq);
dnseq = NULLDS;
return_error = timelimit;
}
break;
case LSR_SIZELIMITEXCEEDED:
return_error = listsizelimit;
break;
case LSR_ADMINSIZEEXCEEDED:
if (dn_number > 0) return_error = adminlimit_w_partial;
else {
free_seq(dnseq);
dnseq = NULLDS;
return_error = adminlimit;
}
break;
}
}
if (result.CSR_entries) entryinfo_free(result.CSR_entries, 0);
}
entry_number = dn_number;
filter_free(search_arg.sra_filter);
dn_free(search_arg.sra_baseobject);
ds_error_free(&error);
return return_error;
}
int
ds_bind_init (struct connection *cn)
{
struct ds_bind_arg * arg = &(cn->cn_start.cs_ds.ds_bind_arg);
struct ds_bind_arg * result = &(cn->cn_start.cs_res);
struct ds_bind_error * error = &(cn->cn_start.cs_err);
Attr_Sequence as;
Entry entryptr;
extern AttributeType at_password;
extern AttributeType at_p_password;
struct di_block * dsas = NULL_DI_BLOCK;
struct di_block * di_tmp;
struct oper_act * on;
struct ds_compare_arg * cma;
struct DSError err;
static struct common_args ca_def = default_common_args;
int res;
int retval;
struct protected_password * pp;
#ifndef NO_STATS
char buff[LINESIZE];
#endif
extern struct SecurityServices *dsap_security;
DLOG (log_dsap,LLOG_TRACE,("ds_bind_init"));
if ( (arg->dba_version != DBA_VERSION_V1988) || quipu_shutdown) {
error->dbe_version = DBA_VERSION_V1988;
error->dbe_type = DBE_TYPE_SERVICE;
error->dbe_value = DSE_SV_UNAVAILABLE;
return(DS_ERROR_CONNECT);
}
/* We don't support any bilaterally-defined authentication procedures.
* Hence, if we get EXTERNAL credentials in the bind, reject them.
*/
if (arg->dba_auth_type == DBA_AUTH_EXTERNAL) {
DLOG(log_dsap, LLOG_EXCEPTIONS, ("EXTERNAL found in credentials"));
error->dbe_version = DBA_VERSION_V1988;
error->dbe_type = DBE_TYPE_SERVICE;
error->dbe_value = DSE_SV_UNAVAILABLE;
return (DS_ERROR_CONNECT);
}
/* If password is present, but zero length, treat as though absent */
if ((arg->dba_auth_type == DBA_AUTH_SIMPLE) && (arg->dba_passwd_len == 0))
arg->dba_auth_type = DBA_AUTH_NONE;
switch (arg->dba_auth_type) {
case DBA_AUTH_NONE:
if (((arg->dba_dn == NULLDN) && auth_bind == 1) ||
(auth_bind > 1)) {
out:
;
#ifndef NO_STATS
if (arg->dba_dn == NULLDN)
LLOG(log_stat, LLOG_TRACE, ("Bind (%d) (rejected)", cn->cn_ad));
else {
sprintf (buff,"Bind (%d) (rejected)",cn->cn_ad);
pslog (log_stat,LLOG_TRACE,buff,(IFP)dn_print,
(caddr_t)arg->dba_dn);
}
#endif
error->dbe_version = DBA_VERSION_V1988;
error->dbe_type = DBE_TYPE_SECURITY;
error->dbe_value = DSE_SC_AUTHENTICATION;
return (DS_ERROR_CONNECT);
}
break;
case DBA_AUTH_SIMPLE:
if (auth_bind > 2) goto out;
break;
case DBA_AUTH_PROTECTED:
if (auth_bind > 3) goto out;
break;
case DBA_AUTH_STRONG:
break;
case DBA_AUTH_EXTERNAL:
goto out;
}
if (arg->dba_dn == NULLDN) {
#ifndef NO_STATS
LLOG(log_stat, LLOG_NOTICE, ("Bind (%d) (anonymous)", cn->cn_ad));
#endif
cn->cn_authen = DBA_AUTH_NONE;
make_dsa_bind_arg(result);
return(DS_OK);
}
/* Now we're sure dba_dn contains a valid pointer, can decode it */
if ( ! check_prefix_list (arg->dba_dn)) {
#ifndef NO_STATS
sprintf (buff,"Bind (%d) (reject - prefix)",cn->cn_ad);
pslog (log_stat,LLOG_TRACE,buff,(IFP)dn_print,
(caddr_t)arg->dba_dn);
#endif
error->dbe_version = DBA_VERSION_V1988;
error->dbe_type = DBE_TYPE_SECURITY;
error->dbe_value = DSE_SC_ACCESSRIGHTS;
return (DS_ERROR_CONNECT);
}
if ((cn->cn_ctx == DS_CTX_X500_DAP) && !(check_dn_length(arg->dba_dn))) {
#ifndef NO_STATS
sprintf (buff,"Bind (%d) (reject - DAP length)",cn->cn_ad);
pslog (log_stat,LLOG_TRACE,buff,(IFP)dn_print,
(caddr_t)arg->dba_dn);
#endif
error->dbe_version = DBA_VERSION_V1988;
error->dbe_type = DBE_TYPE_SECURITY;
error->dbe_value = DSE_SC_ACCESSRIGHTS;
return (DS_ERROR_CONNECT);
}
switch (arg->dba_auth_type) {
case DBA_AUTH_NONE:
/* partially check DN - i.e see if we can say if DEFINATELY does */
/* not exist. If it possibly exists - allow bind, checking it */
/* runs the risk of livelock */
switch (res = really_find_entry(arg->dba_dn, TRUE, NULLDNSEQ,
FALSE, &(entryptr), &(err), &(dsas))) {
case DS_X500_ERROR:
if ((err.dse_type == DSE_NAMEERROR) &&
(err.ERR_NAME.DSE_na_problem == DSE_NA_NOSUCHOBJECT)) {
ds_error_free(&(err));
#ifndef NO_STATS
sprintf (buff,"Bind (%d) (no auth - rejected)",cn->cn_ad);
pslog (log_stat,LLOG_TRACE,buff,(IFP)dn_print,(caddr_t)arg->dba_dn);
#endif
error->dbe_version = DBA_VERSION_V1988;
error->dbe_type = DBE_TYPE_SECURITY;
error->dbe_value = DSE_SC_INVALIDCREDENTIALS;
return (DS_ERROR_CONNECT);
}
/* fall */
default:
#ifndef NO_STATS
sprintf (buff,"Bind (%d) (no auth)",cn->cn_ad);
pslog (log_stat,LLOG_NOTICE,buff,(IFP)dn_print,(caddr_t)arg->dba_dn);
#endif
if (dsas != NULL_DI_BLOCK)
di_desist (dsas);
cn->cn_authen = DBA_AUTH_NONE;
make_dsa_bind_arg(result);
return (DS_OK);
}
case DBA_AUTH_SIMPLE:
#ifndef NO_STATS
sprintf (buff,"Bind (%d) (simple)",cn->cn_ad);
pslog (log_stat,LLOG_NOTICE,buff,(IFP)dn_print,(caddr_t)arg->dba_dn);
#endif
/* Can't check simple credentials from DSP (livelock risk).
* Hence treat DSP accesses as unauthenticated.
*/
if (cn->cn_ctx != DS_CTX_X500_DAP) {
cn->cn_authen = DBA_AUTH_NONE;
make_dsa_bind_arg(result);
return(DS_OK);
}
break;
case DBA_AUTH_PROTECTED:
#ifndef NO_STATS
sprintf (buff,"Bind (%d) (protected)",cn->cn_ad);
pslog (log_stat,LLOG_NOTICE,buff,(IFP)dn_print,(caddr_t)arg->dba_dn);
#endif
if (cn->cn_ctx != DS_CTX_X500_DAP) {
cn->cn_authen = DBA_AUTH_NONE;
make_dsa_bind_arg(result);
return(DS_OK);
} else {
UTC ut;
long c_time, s_time, delta;
time(&s_time);
ut = str2utct(arg->dba_time1, strlen(arg->dba_time1));
if (ut == NULLUTC)
c_time = 0L; /* 1970 is a convenient out-of-date timestamp */
else
c_time = gtime(ut2tm(ut));
delta = s_time - c_time;
if ((delta < 0) || (delta > bind_window)) {
DLOG(log_dsap, LLOG_EXCEPTIONS,
("Time = %s, Delay = %D s : Association rejected",
arg->dba_time1, delta));
error->dbe_version = DBA_VERSION_V1988;
error->dbe_type = DBE_TYPE_SECURITY;
error->dbe_value = DSE_SC_INVALIDCREDENTIALS;
return (DS_ERROR_CONNECT);
}
pp = (struct protected_password *) calloc(1, sizeof(*pp));
/* Ought to check for null pointer ... */
pp->passwd = malloc((unsigned)arg->dba_passwd_len);
bcopy(arg->dba_passwd, pp->passwd, arg->dba_passwd_len);
pp->n_octets = arg->dba_passwd_len;
pp->time1 = strdup(arg->dba_time1);
pp->is_protected[0] = (char) 1;
}
break;
case DBA_AUTH_STRONG:
#ifndef NO_STATS
sprintf (buff,"Bind (%d) (strong)",cn->cn_ad);
pslog (log_stat,LLOG_NOTICE,buff,(IFP)dn_print,(caddr_t)arg->dba_dn);
#endif
/* Strong authentication is not yet supported.
* It will eventually be possible to check strong credentials over DSP.
* For the moment, accept them and treat as NONE over DSP, but reject
* over DAP.
*/
if (dsap_security && dsap_security->serv_ckpath &&
dsap_security->serv_cknonce) {
int rc;
DN real_name;
struct Nonce nonce;
nonce.non_time1 = arg->dba_time1;
nonce.non_time2 = arg->dba_time2;
nonce.non_r1.n_bits = arg->dba_r1.n_bits;
nonce.non_r1.value = arg->dba_r1.value;
nonce.non_r2.n_bits = arg->dba_r2.n_bits;
nonce.non_r2.value = arg->dba_r2.value;
rc = (dsap_security->serv_cknonce)(&nonce);
if (rc != OK) {
error->dbe_version = DBA_VERSION_V1988;
error->dbe_type = DBE_TYPE_SECURITY;
error->dbe_value = rc;
return (DS_ERROR_CONNECT);
}
rc = (dsap_security->serv_ckpath)((caddr_t) arg,
_ZTokenToSignDAS, &_ZDAS_mod,
arg->dba_cpath, arg->dba_sig, &real_name);
if (rc != OK) {
error->dbe_version = DBA_VERSION_V1988;
error->dbe_type = DBE_TYPE_SECURITY;
error->dbe_value = rc;
return (DS_ERROR_CONNECT);
} else {
if(dn_cmp(real_name, arg->dba_dn) == OK) {
make_dsa_bind_arg(result);
return (DS_OK);
} else {
sprintf (buff,"User != Authenticated User, ie %s != ", dn2str(arg->dba_dn));
pslog (log_dsap,LLOG_NOTICE,buff,(IFP)dn_print,(caddr_t)real_name);
error->dbe_version = DBA_VERSION_V1988;
error->dbe_type = DBE_TYPE_SECURITY;
error->dbe_value = DSE_SC_AUTHENTICATION;
return (DS_ERROR_CONNECT);
}
}
} else {
if (cn->cn_ctx != DS_CTX_X500_DAP) {
cn->cn_authen = DBA_AUTH_NONE;
make_dsa_bind_arg(result);
return (DS_OK);
} else {
error->dbe_version = DBA_VERSION_V1988;
error->dbe_type = DBE_TYPE_SERVICE;
error->dbe_value = DSE_SV_UNAVAILABLE;
return (DS_ERROR_CONNECT);
}
}
}
/* If we fall through to here, credentials are simple or protected simple */
if ((res = really_find_entry(arg->dba_dn, TRUE, NULLDNSEQ, FALSE, &(entryptr), &(err), &(dsas))) == DS_OK) {
/* is it really OK ??? */
if ((entryptr->e_data == E_TYPE_CONSTRUCTOR)
|| (entryptr->e_data == E_TYPE_CACHE_FROM_MASTER)) {
DN dn_found;
DLOG(log_dsap, LLOG_TRACE, ("rfe (bind) returned a constructor"));
dn_found = get_copy_dn(entryptr);
res = constructor_dsa_info(dn_found,NULLDNSEQ,FALSE,entryptr,&err,&dsas);
dn_free (dn_found);
}
}
switch(res) {
case DS_OK:
/* entryptr filled out - break through to deal with it */
break;
case DS_CONTINUE:
/*
* At this point a remote operation is required to compare
* the password given with the password of the entry, so
* fire up the remote operation and return without completing.
* Mark the operation as a BIND_COMPARE_OP and set the connection
* which will need to be restarted.
* Generate a compare argument.
* Chain the compare operation using the di_blocks.
*/
cn->cn_start.cs_bind_compare = on = oper_alloc();/* cn knows about on */
on->on_type = ON_TYPE_BIND_COMPARE;
on->on_bind_compare = cn; /* on knows about cn */
set_my_chain_args(&(on->on_req.dca_charg), arg->dba_dn);
on->on_req.dca_dsarg.arg_type = OP_COMPARE;
cma = &(on->on_req.dca_dsarg.arg_cm);
cma->cma_common = ca_def; /* struct copy */
/* Set originator/requestor */
if (on->on_req.dca_charg.cha_originator) /* set my set_my_chain_arg */
dn_free(on->on_req.dca_charg.cha_originator);
on->on_req.dca_charg.cha_originator = dn_cpy(arg->dba_dn);
cma->cma_common.ca_requestor = dn_cpy(arg->dba_dn);
cma->cma_common.ca_servicecontrol.svc_prio = SVC_PRIO_HIGH;
cma->cma_object = dn_cpy(arg->dba_dn);
if (arg->dba_auth_type == DBA_AUTH_SIMPLE) {
cma->cma_purported.ava_type = AttrT_cpy (at_password);
cma->cma_purported.ava_value =
str2AttrV (arg->dba_passwd,str2syntax("octetstring"));
} else {
cma->cma_purported.ava_type = AttrT_cpy (at_p_password);
cma->cma_purported.ava_value =
(AttributeValue) calloc(1, sizeof(attrVal));
cma->cma_purported.ava_value->av_syntax =
str2syntax("protectedPassword");
cma->cma_purported.ava_value->av_struct = (caddr_t) pp;
}
on->on_dsas = dsas;
for(di_tmp=on->on_dsas; di_tmp!=NULL_DI_BLOCK; di_tmp=di_tmp->di_next) {
di_tmp->di_type = DI_OPERATION;
di_tmp->di_oper = on;
}
if(oper_chain(on) == OK)
return(DS_CONTINUE);
oper_extract(on);
cn->cn_start.cs_bind_compare = NULLOPER;
error->dbe_version = DBA_VERSION_V1988;
error->dbe_type = DBE_TYPE_SERVICE;
error->dbe_value = DSE_SV_UNAVAILABLE;
return(DS_ERROR_CONNECT);
case DS_X500_ERROR:
/* User's entry doesn't exist, for example */
LLOG(log_dsap, LLOG_TRACE, ("ds_bind - really_find_entry erred:"));
log_ds_error(&(err));
ds_error_free(&(err));
error->dbe_version = DBA_VERSION_V1988;
error->dbe_type = DBE_TYPE_SECURITY;
error->dbe_value = DSE_SC_INVALIDCREDENTIALS;
return(DS_ERROR_CONNECT);
default:
error->dbe_version = DBA_VERSION_V1988;
error->dbe_type = DBE_TYPE_SERVICE;
error->dbe_value = DSE_SV_DITERROR;
return(DS_ERROR_CONNECT);
}
if ((as = as_find_type (entryptr->e_attributes,
(arg->dba_auth_type == DBA_AUTH_SIMPLE) ?
at_password : at_p_password)) == NULLATTR) {
/* No password in entry.
* Simple authentication is not possible for entities without passwords.
* Hence, give the `inappropriate authentication' message.
*/
error->dbe_version = DBA_VERSION_V1988;
error->dbe_type = DBE_TYPE_SECURITY;
error->dbe_value = DSE_SC_AUTHENTICATION;
return (DS_ERROR_CONNECT);
}
if (arg->dba_auth_type == DBA_AUTH_SIMPLE) {
if (strlen ((char *)as->attr_value->avseq_av.av_struct) != arg->dba_passwd_len)
retval = -1;
else
retval = strncmp ((char *)as->attr_value->avseq_av.av_struct,
arg->dba_passwd, arg->dba_passwd_len);
} else
retval = check_guard(
((struct protected_password *)
as->attr_value->avseq_av.av_struct)->passwd,
((struct protected_password *)
as->attr_value->avseq_av.av_struct)->n_octets,
arg->dba_time1,
arg->dba_passwd,
arg->dba_passwd_len);
if (retval == 0) {
/* Password OK! */
cn->cn_authen = arg->dba_auth_type;
make_dsa_bind_arg(result);
return (DS_OK);
} else {
/* password wrong ! */
error->dbe_version = DBA_VERSION_V1988;
error->dbe_type = DBE_TYPE_SECURITY;
error->dbe_value = DSE_SC_INVALIDCREDENTIALS;
return (DS_ERROR_CONNECT);
}
}
dsEnqError srch_start()
{
struct ds_search_arg search_arg;
struct ds_search_result result;
struct DSError error;
dsEnqError return_error;
extern Filter make_filter();
DN curr_rdn;
if (*mvalue == '\0') {
return list_start();
}
if (get_default_service (&search_arg.sra_common) != 0) {
return nothingfound;
}
search_arg.sra_common.ca_servicecontrol.svc_options = SVC_OPT_PREFERCHAIN;
curr_rdn = search_arg.sra_baseobject = (*base_path != 'T'?
str2dn (base_path):
NULLDN);
search_arg.sra_eis.eis_allattributes = FALSE;
search_arg.sra_eis.eis_infotypes = EIS_ATTRIBUTETYPESONLY;
search_arg.sra_eis.eis_select = 0;
search_arg.sra_searchaliases = TRUE;
search_arg.sra_subset = SRA_ONELEVEL;
while (curr_rdn != NULLDN) {
if (!strcmp(curr_rdn->dn_rdn->rdn_at->oa_ot.ot_stroid,
"2.5.4.10")) {
search_arg.sra_subset = SRA_WHOLESUBTREE;
break;
}
curr_rdn = curr_rdn->dn_parent;
}
if ((search_arg.sra_filter = make_filter(filt_arr[typeindx])) == NULLFILTER)
return duaerror;
#ifndef NO_STATS
LLOG (log_stat, LLOG_NOTICE, ("search +%s, extent %d, val %s",
base_path,search_arg.sra_subset, mvalue));
#endif
if(ds_search (&search_arg, &error, &result) != DS_OK) {
/* deal with error */
free_seq(dnseq);
dnseq = NULLDS;
dn_number = 0;
log_ds_error(&error);
ds_error_free(&error);
switch (error.dse_type) {
case DSE_LOCALERROR:
return_error = duaerror;
break;
case DSE_REMOTEERROR:
return_error = localdsaerror;
break;
case DSE_ATTRIBUTEERROR:
return_error = attributerror;
break;
case DSE_REFERRAL:
case DSE_DSAREFERRAL:
return_error = remotedsaerror;
break;
case DSE_SECURITYERROR:
return_error = security;
break;
case DSE_NAMEERROR:
return_error = namerror;
break;
case DSE_SERVICEERROR:
return_error = serviceerror;
break;
default:
return_error = localdsaerror;
break;
}
} else {
correlate_search_results (&result);
dn_number = 0;
if (result.CSR_entries != NULLENTRYINFO) {
register EntryInfo *ptr;
return_error = Okay;
free_seq(dnseq);
dnseq = NULLDS;
dn_number = 0;
for (ptr = result.CSR_entries;
ptr != NULLENTRYINFO;
ptr = ptr->ent_next){
dn_number++;
dn2buf((caddr_t) ptr->ent_dn, goto_path);
add_seq(&dnseq, goto_path);
}
if (dn_number) dnseq = SortList(dnseq);
} else if (result.CSR_limitproblem == LSR_NOLIMITPROBLEM) {
free_seq(dnseq);
dnseq = NULLDS;
dn_number = 0;
return_error = nothingfound;
}
if(result.CSR_limitproblem != LSR_NOLIMITPROBLEM) {
switch (result.CSR_limitproblem) {
case LSR_TIMELIMITEXCEEDED:
if (dn_number > 0) return_error = timelimit_w_partial;
else {
free_seq(dnseq);
dnseq = NULLDS;
return_error = timelimit;
}
break;
case LSR_SIZELIMITEXCEEDED:
return_error = listsizelimit;
break;
case LSR_ADMINSIZEEXCEEDED:
if (dn_number > 0) return_error = adminlimit_w_partial;
else {
free_seq(dnseq);
dnseq = NULLDS;
return_error = adminlimit;
}
break;
}
entryinfo_free(result.CSR_entries, 0);
}
}
entry_number = dn_number;
filter_free(search_arg.sra_filter);
dn_free(search_arg.sra_baseobject);
ds_error_free(&error);
return return_error;
}
