int
ldap_open_internal_connection( LDAP **ldp, ber_socket_t *fdp )
{
int rc;
LDAPConn *c;
LDAPRequest *lr;
LDAP *ld;
rc = ldap_create( &ld );
if( rc != LDAP_SUCCESS ) {
*ldp = NULL;
return( rc );
}
/* Make it appear that a search request, msgid 0, was sent */
lr = (LDAPRequest *)LDAP_CALLOC( 1, sizeof( LDAPRequest ));
if( lr == NULL ) {
ldap_unbind_ext( ld, NULL, NULL );
*ldp = NULL;
return( LDAP_NO_MEMORY );
}
memset(lr, 0, sizeof( LDAPRequest ));
lr->lr_msgid = 0;
lr->lr_status = LDAP_REQST_INPROGRESS;
lr->lr_res_errno = LDAP_SUCCESS;
/* no mutex lock needed, we just created this ld here */
ld->ld_requests = lr;
LDAP_MUTEX_LOCK( &ld->ld_conn_mutex );
/* Attach the passed socket as the *LDAP's connection */
c = ldap_new_connection( ld, NULL, 1, 0, NULL, 0, 0 );
if( c == NULL ) {
ldap_unbind_ext( ld, NULL, NULL );
*ldp = NULL;
LDAP_MUTEX_UNLOCK( &ld->ld_conn_mutex );
return( LDAP_NO_MEMORY );
}
ber_sockbuf_ctrl( c->lconn_sb, LBER_SB_OPT_SET_FD, fdp );
#ifdef LDAP_DEBUG
ber_sockbuf_add_io( c->lconn_sb, &ber_sockbuf_io_debug,
LBER_SBIOD_LEVEL_PROVIDER, (void *)"int_" );
#endif
ber_sockbuf_add_io( c->lconn_sb, &ber_sockbuf_io_tcp,
LBER_SBIOD_LEVEL_PROVIDER, NULL );
ld->ld_defconn = c;
LDAP_MUTEX_UNLOCK( &ld->ld_conn_mutex );
/* Add the connection to the *LDAP's select pool */
ldap_mark_select_read( ld, c->lconn_sb );
ldap_mark_select_write( ld, c->lconn_sb );
/* Make this connection an LDAP V3 protocol connection */
rc = LDAP_VERSION3;
ldap_set_option( ld, LDAP_OPT_PROTOCOL_VERSION, &rc );
*ldp = ld;
++ld->ld_defconn->lconn_refcnt; /* so it never gets closed/freed */
return( LDAP_SUCCESS );
}
void *
ldap_pvt_tls_sb_ctx( Sockbuf *sb )
{
void *p = NULL;
ber_sockbuf_ctrl( sb, LBER_SB_OPT_GET_SSL, (void *)&p );
return p;
}
/* sets needed mutexes - no mutexes set to this point */
ber_int_t
ldap_send_initial_request(
LDAP *ld,
ber_tag_t msgtype,
const char *dn,
BerElement *ber,
ber_int_t msgid)
{
int rc = 1;
ber_socket_t sd = AC_SOCKET_INVALID;
Debug( LDAP_DEBUG_TRACE, "ldap_send_initial_request\n", 0, 0, 0 );
LDAP_MUTEX_LOCK( &ld->ld_conn_mutex );
if ( ber_sockbuf_ctrl( ld->ld_sb, LBER_SB_OPT_GET_FD, &sd ) == -1 ) {
/* not connected yet */
rc = ldap_open_defconn( ld );
}
if ( ld->ld_defconn && ld->ld_defconn->lconn_status == LDAP_CONNST_CONNECTING )
rc = ldap_int_check_async_open( ld, sd );
if( rc < 0 ) {
ber_free( ber, 1 );
LDAP_MUTEX_UNLOCK( &ld->ld_conn_mutex );
return( -1 );
} else if ( rc == 0 ) {
Debug( LDAP_DEBUG_TRACE,
"ldap_open_defconn: successful\n",
0, 0, 0 );
}
#ifdef LDAP_CONNECTIONLESS
if (LDAP_IS_UDP(ld)) {
if (msgtype == LDAP_REQ_BIND) {
LDAP_MUTEX_LOCK( &ld->ld_options.ldo_mutex );
if (ld->ld_options.ldo_cldapdn)
ldap_memfree(ld->ld_options.ldo_cldapdn);
ld->ld_options.ldo_cldapdn = ldap_strdup(dn);
ber_free( ber, 1 );
LDAP_MUTEX_UNLOCK( &ld->ld_options.ldo_mutex );
LDAP_MUTEX_UNLOCK( &ld->ld_conn_mutex );
return 0;
}
if (msgtype != LDAP_REQ_ABANDON && msgtype != LDAP_REQ_SEARCH)
{
ber_free( ber, 1 );
LDAP_MUTEX_UNLOCK( &ld->ld_conn_mutex );
return LDAP_PARAM_ERROR;
}
}
#endif
LDAP_MUTEX_LOCK( &ld->ld_req_mutex );
rc = ldap_send_server_request( ld, ber, msgid, NULL,
NULL, NULL, NULL, 0, 0 );
LDAP_MUTEX_UNLOCK( &ld->ld_req_mutex );
LDAP_MUTEX_UNLOCK( &ld->ld_conn_mutex );
return(rc);
}
char *
ldap_get_kerberosv4_credentials(
LDAP *ld,
LDAP_CONST char *who,
LDAP_CONST char *service,
ber_len_t *len )
{
KTEXT_ST ktxt;
int err;
char realm[REALM_SZ], *cred, *krbinstance;
Debug( LDAP_DEBUG_TRACE, "ldap_get_kerberosv4_credentials\n", 0, 0, 0 );
if ( (err = krb_get_tf_realm( tkt_string(), realm )) != KSUCCESS ) {
Debug( LDAP_DEBUG_ANY, "ldap_get_kerberosv4_credentials: "
"krb_get_tf_realm failed: %s\n", krb_err_txt[err], 0, 0 );
ld->ld_errno = LDAP_AUTH_UNKNOWN;
return( NULL );
}
err = 0;
#ifdef LDAP_R_COMPILE
ldap_pvt_thread_mutex_lock( &ld->ld_req_mutex );
#endif
if ( ber_sockbuf_ctrl( ld->ld_sb, LBER_SB_OPT_GET_FD, NULL ) == -1 ) {
/* not connected yet */
err = ldap_open_defconn( ld );
}
#ifdef LDAP_R_COMPILE
ldap_pvt_thread_mutex_unlock( &ld->ld_req_mutex );
#endif
if ( err < 0 ) return NULL;
krbinstance = ld->ld_defconn->lconn_krbinstance;
if ( (err = krb_mk_req( &ktxt, service, krbinstance, realm, 0 ))
!= KSUCCESS )
{
Debug( LDAP_DEBUG_ANY, "ldap_get_kerberosv4_credentials: "
"krb_mk_req failed (%s)\n", krb_err_txt[err], 0, 0 );
ld->ld_errno = LDAP_AUTH_UNKNOWN;
return( NULL );
}
if ( ( cred = LDAP_MALLOC( ktxt.length )) == NULL ) {
ld->ld_errno = LDAP_NO_MEMORY;
return( NULL );
}
*len = ktxt.length;
AC_MEMCPY( cred, ktxt.dat, ktxt.length );
return( cred );
}
ber_int_t
ldap_send_initial_request(
LDAP *ld,
ber_tag_t msgtype,
const char *dn,
BerElement *ber,
ber_int_t msgid)
{
int rc = 1;
Debug( LDAP_DEBUG_TRACE, "ldap_send_initial_request\n", 0, 0, 0 );
#ifdef LDAP_R_COMPILE
ldap_pvt_thread_mutex_lock( &ld->ld_req_mutex );
#endif
if ( ber_sockbuf_ctrl( ld->ld_sb, LBER_SB_OPT_GET_FD, NULL ) == -1 ) {
/* not connected yet */
rc = ldap_open_defconn( ld );
}
#ifdef LDAP_R_COMPILE
ldap_pvt_thread_mutex_unlock( &ld->ld_req_mutex );
#endif
if( rc < 0 ) {
ber_free( ber, 1 );
return( -1 );
} else if ( rc == 0 ) {
Debug( LDAP_DEBUG_TRACE,
"ldap_open_defconn: successful\n",
0, 0, 0 );
}
#ifdef LDAP_CONNECTIONLESS
if (LDAP_IS_UDP(ld)) {
if (msgtype == LDAP_REQ_BIND) {
if (ld->ld_options.ldo_cldapdn)
ldap_memfree(ld->ld_options.ldo_cldapdn);
ld->ld_options.ldo_cldapdn = ldap_strdup(dn);
return 0;
}
if (msgtype != LDAP_REQ_ABANDON && msgtype != LDAP_REQ_SEARCH)
return LDAP_PARAM_ERROR;
}
#endif
#ifdef LDAP_R_COMPILE
ldap_pvt_thread_mutex_lock( &ld->ld_req_mutex );
#endif
rc = ldap_send_server_request( ld, ber, msgid, NULL,
NULL, NULL, NULL );
#ifdef LDAP_R_COMPILE
ldap_pvt_thread_mutex_unlock( &ld->ld_req_mutex );
#endif
return(rc);
}
static int
slapi_op_bind_callback( Operation *op, SlapReply *rs, int prc )
{
switch ( prc ) {
case SLAPI_BIND_SUCCESS:
/* Continue with backend processing */
break;
case SLAPI_BIND_FAIL:
/* Failure, frontend (that's us) sends result */
rs->sr_err = LDAP_INVALID_CREDENTIALS;
send_ldap_result( op, rs );
return rs->sr_err;
break;
case SLAPI_BIND_ANONYMOUS: /* undocumented */
default: /* plugin sent result or no plugins called */
BER_BVZERO( &op->orb_edn );
if ( rs->sr_err == LDAP_SUCCESS ) {
/*
* Plugin will have called slapi_pblock_set(LDAP_CONN_DN) which
* will have set conn->c_dn and conn->c_ndn
*/
if ( BER_BVISNULL( &op->o_conn->c_ndn ) && prc == 1 ) {
/* No plugins were called; continue processing */
return LDAP_SUCCESS;
}
ldap_pvt_thread_mutex_lock( &op->o_conn->c_mutex );
if ( !BER_BVISEMPTY( &op->o_conn->c_ndn ) ) {
ber_len_t max = sockbuf_max_incoming_auth;
ber_sockbuf_ctrl( op->o_conn->c_sb,
LBER_SB_OPT_SET_MAX_INCOMING, &max );
}
ldap_pvt_thread_mutex_unlock( &op->o_conn->c_mutex );
/* log authorization identity */
Statslog( LDAP_DEBUG_STATS,
"%s BIND dn=\"%s\" mech=%s (SLAPI) ssf=0\n",
op->o_log_prefix,
BER_BVISNULL( &op->o_conn->c_dn )
? "<empty>" : op->o_conn->c_dn.bv_val,
BER_BVISNULL( &op->orb_mech )
? "<empty>" : op->orb_mech.bv_val, 0, 0 );
return -1;
}
break;
}
return rs->sr_err;
}
/*
* ldap_connect - Connect to an ldap server.
*
* Example:
* LDAP *ld;
* ldap_initialize( &ld, url );
* ldap_connect( ld );
*/
int
ldap_connect( LDAP *ld )
{
ber_socket_t sd = AC_SOCKET_INVALID;
int rc = LDAP_SUCCESS;
LDAP_MUTEX_LOCK( &ld->ld_conn_mutex );
if ( ber_sockbuf_ctrl( ld->ld_sb, LBER_SB_OPT_GET_FD, &sd ) == -1 ) {
rc = ldap_open_defconn( ld );
}
LDAP_MUTEX_UNLOCK( &ld->ld_conn_mutex );
return rc;
}
/*
* Call this to do a TLS accept on a sockbuf.
* Everything else is the same as with tls_connect.
*/
int
ldap_pvt_tls_accept( Sockbuf *sb, void *ctx_arg )
{
int err;
tls_session *ssl = NULL;
if ( HAS_TLS( sb )) {
ber_sockbuf_ctrl( sb, LBER_SB_OPT_GET_SSL, (void *)&ssl );
} else {
ssl = alloc_handle( ctx_arg, 1 );
if ( ssl == NULL ) return -1;
#ifdef LDAP_DEBUG
ber_sockbuf_add_io( sb, &ber_sockbuf_io_debug,
LBER_SBIOD_LEVEL_TRANSPORT, (void *)"tls_" );
#endif
ber_sockbuf_add_io( sb, tls_imp->ti_sbio,
LBER_SBIOD_LEVEL_TRANSPORT, (void *)ssl );
}
err = tls_imp->ti_session_accept( ssl );
#ifdef HAVE_WINSOCK
errno = WSAGetLastError();
#endif
if ( err < 0 )
{
if ( update_flags( sb, ssl, err )) return 1;
if ( DebugTest( LDAP_DEBUG_ANY ) ) {
char buf[256], *msg;
msg = tls_imp->ti_session_errmsg( ssl, err, buf, sizeof(buf) );
Debug( LDAP_DEBUG_ANY,"TLS: can't accept: %s.\n",
msg ? msg : "(unknown)", 0, 0 );
}
ber_sockbuf_remove_io( sb, tls_imp->ti_sbio,
LBER_SBIOD_LEVEL_TRANSPORT );
#ifdef LDAP_DEBUG
ber_sockbuf_remove_io( sb, &ber_sockbuf_io_debug,
LBER_SBIOD_LEVEL_TRANSPORT );
#endif
return -1;
}
return 0;
}
int
fe_op_bind_success( Operation *op, SlapReply *rs )
{
ldap_pvt_thread_mutex_lock( &op->o_conn->c_mutex );
if( op->o_conn->c_authz_backend == NULL ) {
op->o_conn->c_authz_backend = op->o_bd;
}
/* be_bind returns regular/global edn */
if( !BER_BVISEMPTY( &op->orb_edn ) ) {
op->o_conn->c_dn = op->orb_edn;
} else {
ber_dupbv(&op->o_conn->c_dn, &op->o_req_dn);
}
ber_dupbv( &op->o_conn->c_ndn, &op->o_req_ndn );
/* op->o_conn->c_sb may be 0 for internal operations */
if( !BER_BVISEMPTY( &op->o_conn->c_dn ) && op->o_conn->c_sb != 0 ) {
ber_len_t max = sockbuf_max_incoming_auth;
ber_sockbuf_ctrl( op->o_conn->c_sb,
LBER_SB_OPT_SET_MAX_INCOMING, &max );
}
/* log authorization identity */
Statslog( LDAP_DEBUG_STATS,
"%s BIND dn=\"%s\" mech=%s ssf=0\n",
op->o_log_prefix,
op->o_conn->c_dn.bv_val, op->orb_mech.bv_val );
Debug( LDAP_DEBUG_TRACE,
"do_bind: v%d bind: \"%s\" to \"%s\"\n",
op->o_protocol, op->o_req_dn.bv_val, op->o_conn->c_dn.bv_val );
ldap_pvt_thread_mutex_unlock( &op->o_conn->c_mutex );
/* send this here to avoid a race condition */
send_ldap_result( op, rs );
return LDAP_SUCCESS;
}
int ldap_pvt_sasl_generic_install(
Sockbuf *sb,
struct sb_sasl_generic_install *install_arg )
{
Debug0( LDAP_DEBUG_TRACE, "ldap_pvt_sasl_generic_install\n" );
/* don't install the stuff unless security has been negotiated */
if ( !ber_sockbuf_ctrl( sb, LBER_SB_OPT_HAS_IO,
&ldap_pvt_sockbuf_io_sasl_generic ) )
{
#ifdef LDAP_DEBUG
ber_sockbuf_add_io( sb, &ber_sockbuf_io_debug,
LBER_SBIOD_LEVEL_APPLICATION, (void *)"sasl_generic_" );
#endif
ber_sockbuf_add_io( sb, &ldap_pvt_sockbuf_io_sasl_generic,
LBER_SBIOD_LEVEL_APPLICATION, install_arg );
}
return LDAP_SUCCESS;
}
static
int ldap_connection_connect(struct ldap_connection *conn)
{
const char *error;
int fd;
Sockbuf *sb;
bool finished;
if (conn->conn == NULL) {
/* try to reconnect after disconnection */
if (ldap_connection_setup(conn, &error) < 0)
i_error("%s", error);
}
pool_t pool = pool_alloconly_create(MEMPOOL_GROWING "ldap bind", 128);
struct ldap_op_queue_entry *req = p_new(pool, struct ldap_op_queue_entry, 1);
req->pool = pool;
req->internal_response_cb = ldap_connection_connect_parse;
req->timeout_secs = conn->set.timeout_secs;
if (ldap_connect_next_message(conn, req, &finished) != LDAP_SUCCESS ||
conn->conn == NULL) {
pool_unref(&pool);
return -1;
}
conn->pending++;
aqueue_append(conn->request_queue, &req);
/* start timeout */
if (req->timeout_secs > 0)
req->to_abort = timeout_add(req->timeout_secs * 1000, ldap_connection_abort_request, req);
ldap_get_option(conn->conn, LDAP_OPT_SOCKBUF, &sb);
ber_sockbuf_ctrl(sb, LBER_SB_OPT_GET_FD, &fd);
conn->io = io_add(fd, IO_READ, ldap_connection_read_more, conn);
if (conn->set.max_idle_time_secs > 0)
conn->to_disconnect = timeout_add(conn->set.max_idle_time_secs * 1000, ldap_connection_kill, conn);
return 0;
}
int
ldap_connect_to_path(LDAP *ld, Sockbuf *sb, const char *path, int async)
{
struct sockaddr_un server;
ber_socket_t s;
int rc;
oslocal_debug(ld, "ldap_connect_to_path\n",0,0,0);
s = ldap_pvt_socket( ld );
if ( s == AC_SOCKET_INVALID ) {
return -1;
}
if ( path == NULL || path[0] == '\0' ) {
path = LDAPI_SOCK;
} else {
if ( strlen(path) > (sizeof( server.sun_path ) - 1) ) {
ldap_pvt_set_errno( ENAMETOOLONG );
return -1;
}
}
oslocal_debug(ld, "ldap_connect_to_path: Trying %s\n", path, 0, 0);
memset( &server, '\0', sizeof(server) );
server.sun_family = AF_LOCAL;
strcpy( server.sun_path, path );
rc = ldap_pvt_connect(ld, s, &server, async);
if (rc == 0) {
ber_sockbuf_ctrl( sb, LBER_SB_OPT_SET_FD, (void *)&s );
} else {
ldap_pvt_close_socket(ld, s);
}
return rc;
}
int
ldap_send_server_request(
LDAP *ld,
BerElement *ber,
ber_int_t msgid,
LDAPRequest *parentreq,
LDAPURLDesc **srvlist,
LDAPConn *lc,
LDAPreqinfo *bind,
int m_noconn,
int m_res )
{
LDAPRequest *lr;
int incparent, rc;
LDAP_ASSERT_MUTEX_OWNER( &ld->ld_req_mutex );
Debug( LDAP_DEBUG_TRACE, "ldap_send_server_request\n", 0, 0, 0 );
incparent = 0;
ld->ld_errno = LDAP_SUCCESS; /* optimistic */
LDAP_CONN_LOCK_IF(m_noconn);
if ( lc == NULL ) {
if ( srvlist == NULL ) {
lc = ld->ld_defconn;
} else {
lc = find_connection( ld, *srvlist, 1 );
if ( lc == NULL ) {
if ( (bind != NULL) && (parentreq != NULL) ) {
/* Remember the bind in the parent */
incparent = 1;
++parentreq->lr_outrefcnt;
}
lc = ldap_new_connection( ld, srvlist, 0,
1, bind, 1, m_res );
}
}
}
/* async connect... */
if ( lc != NULL && lc->lconn_status == LDAP_CONNST_CONNECTING ) {
ber_socket_t sd = AC_SOCKET_ERROR;
struct timeval tv = { 0 };
ber_sockbuf_ctrl( lc->lconn_sb, LBER_SB_OPT_GET_FD, &sd );
/* poll ... */
switch ( ldap_int_poll( ld, sd, &tv, 1 ) ) {
case 0:
/* go on! */
lc->lconn_status = LDAP_CONNST_CONNECTED;
break;
case -2:
/* async only occurs if a network timeout is set */
/* honor network timeout */
LDAP_MUTEX_LOCK( &ld->ld_options.ldo_mutex );
if ( time( NULL ) - lc->lconn_created <= ld->ld_options.ldo_tm_net.tv_sec )
{
/* caller will have to call again */
ld->ld_errno = LDAP_X_CONNECTING;
}
LDAP_MUTEX_UNLOCK( &ld->ld_options.ldo_mutex );
/* fallthru */
default:
/* error */
break;
}
}
if ( lc == NULL || lc->lconn_status != LDAP_CONNST_CONNECTED ) {
if ( ld->ld_errno == LDAP_SUCCESS ) {
ld->ld_errno = LDAP_SERVER_DOWN;
}
ber_free( ber, 1 );
if ( incparent ) {
/* Forget about the bind */
--parentreq->lr_outrefcnt;
}
LDAP_CONN_UNLOCK_IF(m_noconn);
return( -1 );
}
use_connection( ld, lc );
#ifdef LDAP_CONNECTIONLESS
if ( LDAP_IS_UDP( ld )) {
BerElement tmpber = *ber;
ber_rewind( &tmpber );
LDAP_MUTEX_LOCK( &ld->ld_options.ldo_mutex );
rc = ber_write( &tmpber, ld->ld_options.ldo_peer,
sizeof( struct sockaddr_storage ), 0 );
LDAP_MUTEX_UNLOCK( &ld->ld_options.ldo_mutex );
if ( rc == -1 ) {
ld->ld_errno = LDAP_ENCODING_ERROR;
LDAP_CONN_UNLOCK_IF(m_noconn);
return rc;
}
}
#endif
/* If we still have an incomplete write, try to finish it before
* dealing with the new request. If we don't finish here, return
* LDAP_BUSY and let the caller retry later. We only allow a single
* request to be in WRITING state.
*/
rc = 0;
if ( ld->ld_requests &&
ld->ld_requests->lr_status == LDAP_REQST_WRITING &&
ldap_int_flush_request( ld, ld->ld_requests ) < 0 )
{
rc = -1;
}
if ( rc ) {
LDAP_CONN_UNLOCK_IF(m_noconn);
return rc;
}
lr = (LDAPRequest *)LDAP_CALLOC( 1, sizeof( LDAPRequest ) );
if ( lr == NULL ) {
ld->ld_errno = LDAP_NO_MEMORY;
ldap_free_connection( ld, lc, 0, 0 );
ber_free( ber, 1 );
if ( incparent ) {
/* Forget about the bind */
--parentreq->lr_outrefcnt;
}
LDAP_CONN_UNLOCK_IF(m_noconn);
return( -1 );
}
lr->lr_msgid = msgid;
lr->lr_status = LDAP_REQST_INPROGRESS;
lr->lr_res_errno = LDAP_SUCCESS; /* optimistic */
lr->lr_ber = ber;
lr->lr_conn = lc;
if ( parentreq != NULL ) { /* sub-request */
if ( !incparent ) {
/* Increment if we didn't do it before the bind */
++parentreq->lr_outrefcnt;
}
lr->lr_origid = parentreq->lr_origid;
lr->lr_parentcnt = ++parentreq->lr_parentcnt;
lr->lr_parent = parentreq;
lr->lr_refnext = parentreq->lr_child;
parentreq->lr_child = lr;
} else { /* original request */
lr->lr_origid = lr->lr_msgid;
}
/* Extract requestDN for future reference */
#ifdef LDAP_CONNECTIONLESS
if ( !LDAP_IS_UDP(ld) )
#endif
{
BerElement tmpber = *ber;
ber_int_t bint;
ber_tag_t tag, rtag;
ber_reset( &tmpber, 1 );
rtag = ber_scanf( &tmpber, "{it", /*}*/ &bint, &tag );
switch ( tag ) {
case LDAP_REQ_BIND:
rtag = ber_scanf( &tmpber, "{i" /*}*/, &bint );
break;
case LDAP_REQ_DELETE:
break;
default:
rtag = ber_scanf( &tmpber, "{" /*}*/ );
case LDAP_REQ_ABANDON:
break;
}
if ( tag != LDAP_REQ_ABANDON ) {
ber_skip_tag( &tmpber, &lr->lr_dn.bv_len );
lr->lr_dn.bv_val = tmpber.ber_ptr;
}
}
lr->lr_prev = NULL;
lr->lr_next = ld->ld_requests;
if ( lr->lr_next != NULL ) {
lr->lr_next->lr_prev = lr;
}
ld->ld_requests = lr;
ld->ld_errno = LDAP_SUCCESS;
if ( ldap_int_flush_request( ld, lr ) == -1 ) {
msgid = -1;
}
LDAP_CONN_UNLOCK_IF(m_noconn);
return( msgid );
}
/* protected by res_mutex */
static int
wait4msg(
LDAP *ld,
ber_int_t msgid,
int all,
struct timeval *timeout,
LDAPMessage **result )
{
int rc;
struct timeval tv = { 0 },
tv0 = { 0 },
start_time_tv = { 0 },
*tvp = NULL;
LDAPConn *lc;
assert( ld != NULL );
assert( result != NULL );
LDAP_ASSERT_MUTEX_OWNER( &ld->ld_res_mutex );
if ( timeout == NULL && ld->ld_options.ldo_tm_api.tv_sec >= 0 ) {
tv = ld->ld_options.ldo_tm_api;
timeout = &tv;
}
#ifdef LDAP_DEBUG
if ( timeout == NULL ) {
Debug( LDAP_DEBUG_TRACE, "wait4msg ld %p msgid %d (infinite timeout)\n",
(void *)ld, msgid, 0 );
} else {
Debug( LDAP_DEBUG_TRACE, "wait4msg ld %p msgid %d (timeout %ld usec)\n",
(void *)ld, msgid, (long)timeout->tv_sec * 1000000 + timeout->tv_usec );
}
#endif /* LDAP_DEBUG */
if ( timeout != NULL && timeout->tv_sec != -1 ) {
tv0 = *timeout;
tv = *timeout;
tvp = &tv;
#ifdef HAVE_GETTIMEOFDAY
gettimeofday( &start_time_tv, NULL );
#else /* ! HAVE_GETTIMEOFDAY */
start_time_tv.tv_sec = time( NULL );
start_time_tv.tv_usec = 0;
#endif /* ! HAVE_GETTIMEOFDAY */
}
rc = LDAP_MSG_X_KEEP_LOOKING;
while ( rc == LDAP_MSG_X_KEEP_LOOKING ) {
#ifdef LDAP_DEBUG
if ( ldap_debug & LDAP_DEBUG_TRACE ) {
Debug( LDAP_DEBUG_TRACE, "wait4msg continue ld %p msgid %d all %d\n",
(void *)ld, msgid, all );
ldap_dump_connection( ld, ld->ld_conns, 1 );
LDAP_MUTEX_LOCK( &ld->ld_req_mutex );
ldap_dump_requests_and_responses( ld );
LDAP_MUTEX_UNLOCK( &ld->ld_req_mutex );
}
#endif /* LDAP_DEBUG */
if ( ( *result = chkResponseList( ld, msgid, all ) ) != NULL ) {
rc = (*result)->lm_msgtype;
} else {
int lc_ready = 0;
LDAP_MUTEX_LOCK( &ld->ld_conn_mutex );
for ( lc = ld->ld_conns; lc != NULL; lc = lc->lconn_next ) {
if ( ber_sockbuf_ctrl( lc->lconn_sb,
LBER_SB_OPT_DATA_READY, NULL ) )
{
lc_ready = 2; /* ready at ber level, not socket level */
break;
}
}
if ( !lc_ready ) {
int err;
rc = ldap_int_select( ld, tvp );
if ( rc == -1 ) {
err = sock_errno();
#ifdef LDAP_DEBUG
Debug( LDAP_DEBUG_TRACE,
"ldap_int_select returned -1: errno %d\n",
err, 0, 0 );
#endif
}
if ( rc == 0 || ( rc == -1 && (
!LDAP_BOOL_GET(&ld->ld_options, LDAP_BOOL_RESTART)
|| err != EINTR ) ) )
{
ld->ld_errno = (rc == -1 ? LDAP_SERVER_DOWN :
LDAP_TIMEOUT);
LDAP_MUTEX_UNLOCK( &ld->ld_conn_mutex );
return( rc );
}
if ( rc == -1 ) {
rc = LDAP_MSG_X_KEEP_LOOKING; /* select interrupted: loop */
} else {
lc_ready = 1;
}
}
if ( lc_ready ) {
LDAPConn *lnext;
int serviced = 0;
rc = LDAP_MSG_X_KEEP_LOOKING;
LDAP_MUTEX_LOCK( &ld->ld_req_mutex );
if ( ld->ld_requests &&
ld->ld_requests->lr_status == LDAP_REQST_WRITING &&
ldap_is_write_ready( ld,
ld->ld_requests->lr_conn->lconn_sb ) )
{
serviced = 1;
ldap_int_flush_request( ld, ld->ld_requests );
}
for ( lc = ld->ld_conns;
rc == LDAP_MSG_X_KEEP_LOOKING && lc != NULL;
lc = lnext )
{
if ( lc->lconn_status == LDAP_CONNST_CONNECTED &&
ldap_is_read_ready( ld, lc->lconn_sb ) )
{
serviced = 1;
/* Don't let it get freed out from under us */
++lc->lconn_refcnt;
rc = try_read1msg( ld, msgid, all, lc, result );
lnext = lc->lconn_next;
/* Only take locks if we're really freeing */
if ( lc->lconn_refcnt <= 1 ) {
ldap_free_connection( ld, lc, 0, 1 );
} else {
--lc->lconn_refcnt;
}
} else {
lnext = lc->lconn_next;
}
}
LDAP_MUTEX_UNLOCK( &ld->ld_req_mutex );
/* Quit looping if no one handled any socket events */
if (!serviced && lc_ready == 1)
rc = -1;
}
LDAP_MUTEX_UNLOCK( &ld->ld_conn_mutex );
}
if ( rc == LDAP_MSG_X_KEEP_LOOKING && tvp != NULL ) {
struct timeval curr_time_tv = { 0 },
delta_time_tv = { 0 };
#ifdef HAVE_GETTIMEOFDAY
gettimeofday( &curr_time_tv, NULL );
#else /* ! HAVE_GETTIMEOFDAY */
curr_time_tv.tv_sec = time( NULL );
curr_time_tv.tv_usec = 0;
#endif /* ! HAVE_GETTIMEOFDAY */
/* delta_time = tmp_time - start_time */
delta_time_tv.tv_sec = curr_time_tv.tv_sec - start_time_tv.tv_sec;
delta_time_tv.tv_usec = curr_time_tv.tv_usec - start_time_tv.tv_usec;
if ( delta_time_tv.tv_usec < 0 ) {
delta_time_tv.tv_sec--;
delta_time_tv.tv_usec += 1000000;
}
/* tv0 < delta_time ? */
if ( ( tv0.tv_sec < delta_time_tv.tv_sec ) ||
( ( tv0.tv_sec == delta_time_tv.tv_sec ) && ( tv0.tv_usec < delta_time_tv.tv_usec ) ) )
{
rc = 0; /* timed out */
ld->ld_errno = LDAP_TIMEOUT;
break;
}
/* tv0 -= delta_time */
tv0.tv_sec -= delta_time_tv.tv_sec;
tv0.tv_usec -= delta_time_tv.tv_usec;
if ( tv0.tv_usec < 0 ) {
tv0.tv_sec--;
tv0.tv_usec += 1000000;
}
tv.tv_sec = tv0.tv_sec;
tv.tv_usec = tv0.tv_usec;
Debug( LDAP_DEBUG_TRACE, "wait4msg ld %p %ld s %ld us to go\n",
(void *)ld, (long) tv.tv_sec, (long) tv.tv_usec );
start_time_tv.tv_sec = curr_time_tv.tv_sec;
start_time_tv.tv_usec = curr_time_tv.tv_usec;
}
}
return( rc );
}
int
ldap_get_option(
LDAP *ld,
int option,
void *outvalue)
{
struct ldapoptions *lo;
int rc = LDAP_OPT_ERROR;
/* Get pointer to global option structure */
lo = LDAP_INT_GLOBAL_OPT();
if (NULL == lo) {
return LDAP_NO_MEMORY;
}
if( lo->ldo_valid != LDAP_INITIALIZED ) {
ldap_int_initialize(lo, NULL);
if ( lo->ldo_valid != LDAP_INITIALIZED )
return LDAP_LOCAL_ERROR;
}
if(ld != NULL) {
assert( LDAP_VALID( ld ) );
if( !LDAP_VALID( ld ) ) {
return LDAP_OPT_ERROR;
}
lo = &ld->ld_options;
}
if(outvalue == NULL) {
/* no place to get to */
return LDAP_OPT_ERROR;
}
LDAP_MUTEX_LOCK( &lo->ldo_mutex );
switch(option) {
case LDAP_OPT_API_INFO: {
struct ldapapiinfo *info = (struct ldapapiinfo *) outvalue;
if(info == NULL) {
/* outvalue must point to an apiinfo structure */
break; /* LDAP_OPT_ERROR */
}
if(info->ldapai_info_version != LDAP_API_INFO_VERSION) {
/* api info version mismatch */
info->ldapai_info_version = LDAP_API_INFO_VERSION;
break; /* LDAP_OPT_ERROR */
}
info->ldapai_api_version = LDAP_API_VERSION;
info->ldapai_protocol_version = LDAP_VERSION_MAX;
if(features[0].ldapaif_name == NULL) {
info->ldapai_extensions = NULL;
} else {
int i;
info->ldapai_extensions = LDAP_MALLOC(sizeof(char *) *
sizeof(features)/sizeof(LDAPAPIFeatureInfo));
for(i=0; features[i].ldapaif_name != NULL; i++) {
info->ldapai_extensions[i] =
LDAP_STRDUP(features[i].ldapaif_name);
}
info->ldapai_extensions[i] = NULL;
}
info->ldapai_vendor_name = LDAP_STRDUP(LDAP_VENDOR_NAME);
info->ldapai_vendor_version = LDAP_VENDOR_VERSION;
rc = LDAP_OPT_SUCCESS;
break;
} break;
case LDAP_OPT_DESC:
if( ld == NULL || ld->ld_sb == NULL ) {
/* bad param */
break;
}
ber_sockbuf_ctrl( ld->ld_sb, LBER_SB_OPT_GET_FD, outvalue );
rc = LDAP_OPT_SUCCESS;
break;
case LDAP_OPT_SOCKBUF:
if( ld == NULL ) break;
*(Sockbuf **)outvalue = ld->ld_sb;
rc = LDAP_OPT_SUCCESS;
break;
case LDAP_OPT_TIMEOUT:
/* the caller has to free outvalue ! */
if ( lo->ldo_tm_api.tv_sec < 0 ) {
*(void **)outvalue = NULL;
} else if ( ldap_int_timeval_dup( outvalue, &lo->ldo_tm_api ) != 0 ) {
break; /* LDAP_OPT_ERROR */
}
rc = LDAP_OPT_SUCCESS;
break;
case LDAP_OPT_NETWORK_TIMEOUT:
/* the caller has to free outvalue ! */
if ( lo->ldo_tm_net.tv_sec < 0 ) {
*(void **)outvalue = NULL;
} else if ( ldap_int_timeval_dup( outvalue, &lo->ldo_tm_net ) != 0 ) {
break; /* LDAP_OPT_ERROR */
}
rc = LDAP_OPT_SUCCESS;
break;
case LDAP_OPT_DEREF:
* (int *) outvalue = lo->ldo_deref;
rc = LDAP_OPT_SUCCESS;
break;
case LDAP_OPT_SIZELIMIT:
* (int *) outvalue = lo->ldo_sizelimit;
rc = LDAP_OPT_SUCCESS;
break;
case LDAP_OPT_TIMELIMIT:
* (int *) outvalue = lo->ldo_timelimit;
rc = LDAP_OPT_SUCCESS;
break;
case LDAP_OPT_REFERRALS:
* (int *) outvalue = (int) LDAP_BOOL_GET(lo, LDAP_BOOL_REFERRALS);
rc = LDAP_OPT_SUCCESS;
break;
case LDAP_OPT_RESTART:
* (int *) outvalue = (int) LDAP_BOOL_GET(lo, LDAP_BOOL_RESTART);
rc = LDAP_OPT_SUCCESS;
break;
case LDAP_OPT_PROTOCOL_VERSION:
* (int *) outvalue = lo->ldo_version;
rc = LDAP_OPT_SUCCESS;
break;
case LDAP_OPT_SERVER_CONTROLS:
* (LDAPControl ***) outvalue =
ldap_controls_dup( lo->ldo_sctrls );
rc = LDAP_OPT_SUCCESS;
break;
case LDAP_OPT_CLIENT_CONTROLS:
* (LDAPControl ***) outvalue =
ldap_controls_dup( lo->ldo_cctrls );
rc = LDAP_OPT_SUCCESS;
break;
case LDAP_OPT_HOST_NAME:
* (char **) outvalue = ldap_url_list2hosts(lo->ldo_defludp);
rc = LDAP_OPT_SUCCESS;
break;
case LDAP_OPT_URI:
* (char **) outvalue = ldap_url_list2urls(lo->ldo_defludp);
rc = LDAP_OPT_SUCCESS;
break;
case LDAP_OPT_DEFBASE:
if( lo->ldo_defbase == NULL ) {
* (char **) outvalue = NULL;
} else {
* (char **) outvalue = LDAP_STRDUP(lo->ldo_defbase);
}
rc = LDAP_OPT_SUCCESS;
break;
case LDAP_OPT_CONNECT_ASYNC:
* (int *) outvalue = (int) LDAP_BOOL_GET(lo, LDAP_BOOL_CONNECT_ASYNC);
rc = LDAP_OPT_SUCCESS;
break;
case LDAP_OPT_CONNECT_CB:
{
/* Getting deletes the specified callback */
ldaplist **ll = &lo->ldo_conn_cbs;
for (;*ll;ll = &(*ll)->ll_next) {
if ((*ll)->ll_data == outvalue) {
ldaplist *lc = *ll;
*ll = lc->ll_next;
LDAP_FREE(lc);
break;
}
}
}
rc = LDAP_OPT_SUCCESS;
break;
case LDAP_OPT_RESULT_CODE:
if(ld == NULL) {
/* bad param */
break;
}
* (int *) outvalue = ld->ld_errno;
rc = LDAP_OPT_SUCCESS;
break;
case LDAP_OPT_DIAGNOSTIC_MESSAGE:
if(ld == NULL) {
/* bad param */
break;
}
if( ld->ld_error == NULL ) {
* (char **) outvalue = NULL;
} else {
* (char **) outvalue = LDAP_STRDUP(ld->ld_error);
}
rc = LDAP_OPT_SUCCESS;
break;
case LDAP_OPT_MATCHED_DN:
if(ld == NULL) {
/* bad param */
break;
}
if( ld->ld_matched == NULL ) {
* (char **) outvalue = NULL;
} else {
* (char **) outvalue = LDAP_STRDUP( ld->ld_matched );
}
rc = LDAP_OPT_SUCCESS;
break;
case LDAP_OPT_REFERRAL_URLS:
if(ld == NULL) {
/* bad param */
break;
}
if( ld->ld_referrals == NULL ) {
* (char ***) outvalue = NULL;
} else {
* (char ***) outvalue = ldap_value_dup(ld->ld_referrals);
}
rc = LDAP_OPT_SUCCESS;
break;
case LDAP_OPT_API_FEATURE_INFO: {
LDAPAPIFeatureInfo *info = (LDAPAPIFeatureInfo *) outvalue;
int i;
if(info == NULL)
break; /* LDAP_OPT_ERROR */
if(info->ldapaif_info_version != LDAP_FEATURE_INFO_VERSION) {
/* api info version mismatch */
info->ldapaif_info_version = LDAP_FEATURE_INFO_VERSION;
break; /* LDAP_OPT_ERROR */
}
if(info->ldapaif_name == NULL)
break; /* LDAP_OPT_ERROR */
for(i=0; features[i].ldapaif_name != NULL; i++) {
if(!strcmp(info->ldapaif_name, features[i].ldapaif_name)) {
info->ldapaif_version =
features[i].ldapaif_version;
rc = LDAP_OPT_SUCCESS;
break;
}
}
}
break;
case LDAP_OPT_DEBUG_LEVEL:
* (int *) outvalue = lo->ldo_debug;
rc = LDAP_OPT_SUCCESS;
break;
case LDAP_OPT_SESSION_REFCNT:
if(ld == NULL) {
/* bad param */
break;
}
LDAP_MUTEX_LOCK( &ld->ld_ldcmutex );
* (int *) outvalue = ld->ld_ldcrefcnt;
LDAP_MUTEX_UNLOCK( &ld->ld_ldcmutex );
rc = LDAP_OPT_SUCCESS;
break;
case LDAP_OPT_X_KEEPALIVE_IDLE:
* (int *) outvalue = lo->ldo_keepalive_idle;
rc = LDAP_OPT_SUCCESS;
break;
case LDAP_OPT_X_KEEPALIVE_PROBES:
* (int *) outvalue = lo->ldo_keepalive_probes;
rc = LDAP_OPT_SUCCESS;
break;
case LDAP_OPT_X_KEEPALIVE_INTERVAL:
* (int *) outvalue = lo->ldo_keepalive_interval;
rc = LDAP_OPT_SUCCESS;
break;
default:
#ifdef HAVE_TLS
if ( ldap_pvt_tls_get_option( ld, option, outvalue ) == 0 ) {
rc = LDAP_OPT_SUCCESS;
break;
}
#endif
#ifdef HAVE_CYRUS_SASL
if ( ldap_int_sasl_get_option( ld, option, outvalue ) == 0 ) {
rc = LDAP_OPT_SUCCESS;
break;
}
#endif
#ifdef HAVE_GSSAPI
if ( ldap_int_gssapi_get_option( ld, option, outvalue ) == 0 ) {
rc = LDAP_OPT_SUCCESS;
break;
}
#endif
/* bad param */
break;
}
LDAP_MUTEX_UNLOCK( &lo->ldo_mutex );
return ( rc );
}
static int
do_abandon(
LDAP *ld,
ber_int_t origid,
ber_int_t msgid,
LDAPControl **sctrls,
LDAPControl **cctrls)
{
BerElement *ber;
int i, err, sendabandon;
ber_int_t *old_abandon;
Sockbuf *sb;
LDAPRequest *lr;
#ifdef NEW_LOGGING
LDAP_LOG ( OPERATION, ARGS, "do_abandon %d, msgid %d\n", origid, msgid, 0 );
#else
Debug( LDAP_DEBUG_TRACE, "do_abandon origid %d, msgid %d\n",
origid, msgid, 0 );
#endif
sendabandon = 1;
/* find the request that we are abandoning */
for ( lr = ld->ld_requests; lr != NULL; lr = lr->lr_next ) {
if ( lr->lr_msgid == msgid ) { /* this message */
break;
}
if ( lr->lr_origid == msgid ) {/* child: abandon it */
(void) do_abandon( ld,
msgid, lr->lr_msgid, sctrls, cctrls );
}
}
if ( lr != NULL ) {
if ( origid == msgid && lr->lr_parent != NULL ) {
/* don't let caller abandon child requests! */
ld->ld_errno = LDAP_PARAM_ERROR;
return( LDAP_PARAM_ERROR );
}
if ( lr->lr_status != LDAP_REQST_INPROGRESS ) {
/* no need to send abandon message */
sendabandon = 0;
}
}
if ( ldap_msgdelete( ld, msgid ) == 0 ) {
ld->ld_errno = LDAP_SUCCESS;
return LDAP_SUCCESS;
}
err = 0;
if ( sendabandon ) {
if( ber_sockbuf_ctrl( ld->ld_sb, LBER_SB_OPT_GET_FD, NULL ) == -1 ) {
/* not connected */
err = -1;
ld->ld_errno = LDAP_SERVER_DOWN;
} else if ( (ber = ldap_alloc_ber_with_options( ld )) == NULL ) {
/* BER element alocation failed */
err = -1;
ld->ld_errno = LDAP_NO_MEMORY;
} else {
#ifdef LDAP_CONNECTIONLESS
if ( LDAP_IS_UDP(ld) ) {
err = ber_write( ber, ld->ld_options.ldo_peer,
sizeof(struct sockaddr), 0);
}
if ( LDAP_IS_UDP(ld) && ld->ld_options.ldo_version ==
LDAP_VERSION2) {
char *dn = ld->ld_options.ldo_cldapdn;
if (!dn) dn = "";
err = ber_printf( ber, "{isti", /* '}' */
++ld->ld_msgid, dn,
LDAP_REQ_ABANDON, msgid );
} else
#endif
{
/* create a message to send */
err = ber_printf( ber, "{iti", /* '}' */
++ld->ld_msgid,
LDAP_REQ_ABANDON, msgid );
}
if( err == -1 ) {
/* encoding error */
ld->ld_errno = LDAP_ENCODING_ERROR;
} else {
/* Put Server Controls */
if ( ldap_int_put_controls( ld, sctrls, ber )
!= LDAP_SUCCESS )
{
err = -1;
} else {
/* close '{' */
err = ber_printf( ber, /*{*/ "N}" );
if( err == -1 ) {
/* encoding error */
ld->ld_errno = LDAP_ENCODING_ERROR;
}
}
}
if ( err == -1 ) {
ber_free( ber, 1 );
} else {
/* send the message */
if ( lr != NULL ) {
sb = lr->lr_conn->lconn_sb;
} else {
sb = ld->ld_sb;
}
if ( ber_flush( sb, ber, 1 ) != 0 ) {
ld->ld_errno = LDAP_SERVER_DOWN;
err = -1;
} else {
err = 0;
}
}
}
}
if ( lr != NULL ) {
if ( sendabandon || lr->lr_status == LDAP_REQST_WRITING ) {
ldap_free_connection( ld, lr->lr_conn, 0, 1 );
}
if ( origid == msgid ) {
ldap_free_request( ld, lr );
}
}
i = 0;
if ( ld->ld_abandoned != NULL ) {
for ( ; ld->ld_abandoned[i] != -1; i++ )
; /* NULL */
}
old_abandon = ld->ld_abandoned;
ld->ld_abandoned = (ber_int_t *) LDAP_REALLOC( (char *)
ld->ld_abandoned, (i + 2) * sizeof(ber_int_t) );
if ( ld->ld_abandoned == NULL ) {
ld->ld_abandoned = old_abandon;
ld->ld_errno = LDAP_NO_MEMORY;
return( ld->ld_errno );
}
ld->ld_abandoned[i] = msgid;
ld->ld_abandoned[i + 1] = -1;
if ( err != -1 ) {
ld->ld_errno = LDAP_SUCCESS;
}
return( ld->ld_errno );
}
int
ldap_init_fd(
ber_socket_t fd,
int proto,
LDAP_CONST char *url,
LDAP **ldp
)
{
int rc;
LDAP *ld;
LDAPConn *conn;
*ldp = NULL;
rc = ldap_create( &ld );
if( rc != LDAP_SUCCESS )
return( rc );
if (url != NULL) {
rc = ldap_set_option(ld, LDAP_OPT_URI, url);
if ( rc != LDAP_SUCCESS ) {
ldap_ld_free(ld, 1, NULL, NULL);
return rc;
}
}
/* Attach the passed socket as the LDAP's connection */
conn = ldap_new_connection( ld, NULL, 1, 0, NULL);
if( conn == NULL ) {
ldap_unbind_ext( ld, NULL, NULL );
return( LDAP_NO_MEMORY );
}
ber_sockbuf_ctrl( conn->lconn_sb, LBER_SB_OPT_SET_FD, &fd );
ld->ld_defconn = conn;
++ld->ld_defconn->lconn_refcnt; /* so it never gets closed/freed */
switch( proto ) {
case LDAP_PROTO_TCP:
#ifdef LDAP_DEBUG
ber_sockbuf_add_io( conn->lconn_sb, &ber_sockbuf_io_debug,
LBER_SBIOD_LEVEL_PROVIDER, (void *)"tcp_" );
#endif
ber_sockbuf_add_io( conn->lconn_sb, &ber_sockbuf_io_tcp,
LBER_SBIOD_LEVEL_PROVIDER, NULL );
break;
#ifdef LDAP_CONNECTIONLESS
case LDAP_PROTO_UDP:
#ifdef LDAP_DEBUG
ber_sockbuf_add_io( conn->lconn_sb, &ber_sockbuf_io_debug,
LBER_SBIOD_LEVEL_PROVIDER, (void *)"udp_" );
#endif
ber_sockbuf_add_io( conn->lconn_sb, &ber_sockbuf_io_udp,
LBER_SBIOD_LEVEL_PROVIDER, NULL );
ber_sockbuf_add_io( conn->lconn_sb, &ber_sockbuf_io_readahead,
LBER_SBIOD_LEVEL_PROVIDER, NULL );
break;
#endif /* LDAP_CONNECTIONLESS */
case LDAP_PROTO_IPC:
#ifdef LDAP_DEBUG
ber_sockbuf_add_io( conn->lconn_sb, &ber_sockbuf_io_debug,
LBER_SBIOD_LEVEL_PROVIDER, (void *)"ipc_" );
#endif
ber_sockbuf_add_io( conn->lconn_sb, &ber_sockbuf_io_fd,
LBER_SBIOD_LEVEL_PROVIDER, NULL );
break;
case LDAP_PROTO_EXT:
/* caller must supply sockbuf handlers */
break;
default:
ldap_unbind_ext( ld, NULL, NULL );
return LDAP_PARAM_ERROR;
}
#ifdef LDAP_DEBUG
ber_sockbuf_add_io( conn->lconn_sb, &ber_sockbuf_io_debug,
INT_MAX, (void *)"ldap_" );
#endif
/* Add the connection to the *LDAP's select pool */
ldap_mark_select_read( ld, conn->lconn_sb );
ldap_mark_select_write( ld, conn->lconn_sb );
*ldp = ld;
return LDAP_SUCCESS;
}
void
slapi_int_connection_init_pb( Slapi_PBlock *pb, ber_tag_t tag )
{
Connection *conn;
Operation *op;
ber_len_t max = sockbuf_max_incoming;
conn = (Connection *) slapi_ch_calloc( 1, sizeof(Connection) );
LDAP_STAILQ_INIT( &conn->c_pending_ops );
op = (Operation *) slapi_ch_calloc( 1, sizeof(OperationBuffer) );
op->o_hdr = &((OperationBuffer *) op)->ob_hdr;
op->o_controls = ((OperationBuffer *) op)->ob_controls;
op->o_callback = (slap_callback *) slapi_ch_calloc( 1, sizeof(slap_callback) );
op->o_callback->sc_response = slapi_int_response;
op->o_callback->sc_cleanup = NULL;
op->o_callback->sc_private = pb;
op->o_callback->sc_next = NULL;
conn->c_pending_ops.stqh_first = op;
/* connection object authorization information */
conn->c_authtype = LDAP_AUTH_NONE;
BER_BVZERO( &conn->c_authmech );
BER_BVZERO( &conn->c_dn );
BER_BVZERO( &conn->c_ndn );
conn->c_listener = &slapi_listener;
ber_dupbv( &conn->c_peer_domain, (struct berval *)&slap_unknown_bv );
ber_dupbv( &conn->c_peer_name, (struct berval *)&slap_unknown_bv );
LDAP_STAILQ_INIT( &conn->c_ops );
BER_BVZERO( &conn->c_sasl_bind_mech );
conn->c_sasl_authctx = NULL;
conn->c_sasl_sockctx = NULL;
conn->c_sasl_extra = NULL;
conn->c_sb = ber_sockbuf_alloc();
ber_sockbuf_ctrl( conn->c_sb, LBER_SB_OPT_SET_MAX_INCOMING, &max );
conn->c_currentber = NULL;
/* should check status of thread calls */
ldap_pvt_thread_mutex_init( &conn->c_mutex );
ldap_pvt_thread_mutex_init( &conn->c_write1_mutex );
ldap_pvt_thread_mutex_init( &conn->c_write2_mutex );
ldap_pvt_thread_cond_init( &conn->c_write1_cv );
ldap_pvt_thread_cond_init( &conn->c_write2_cv );
ldap_pvt_thread_mutex_lock( &conn->c_mutex );
conn->c_n_ops_received = 0;
conn->c_n_ops_executing = 0;
conn->c_n_ops_pending = 0;
conn->c_n_ops_completed = 0;
conn->c_n_get = 0;
conn->c_n_read = 0;
conn->c_n_write = 0;
conn->c_protocol = LDAP_VERSION3;
conn->c_activitytime = conn->c_starttime = slap_get_time();
/*
* A real connection ID is required, because syncrepl associates
* pending CSNs with unique ( connection, operation ) tuples.
* Setting a fake connection ID will cause slap_get_commit_csn()
* to return a stale value.
*/
connection_assign_nextid( conn );
conn->c_conn_state = 0x01; /* SLAP_C_ACTIVE */
conn->c_struct_state = 0x02; /* SLAP_C_USED */
conn->c_ssf = conn->c_transport_ssf = local_ssf;
conn->c_tls_ssf = 0;
backend_connection_init( conn );
conn->c_send_ldap_result = slap_send_ldap_result;
conn->c_send_search_entry = slap_send_search_entry;
conn->c_send_ldap_extended = slap_send_ldap_extended;
conn->c_send_search_reference = slap_send_search_reference;
/* operation object */
op->o_tag = tag;
op->o_protocol = LDAP_VERSION3;
BER_BVZERO( &op->o_authmech );
op->o_time = slap_get_time();
op->o_do_not_cache = 1;
op->o_threadctx = ldap_pvt_thread_pool_context();
op->o_tmpmemctx = NULL;
op->o_tmpmfuncs = &ch_mfuncs;
op->o_conn = conn;
op->o_connid = conn->c_connid;
op->o_bd = frontendDB;
/* extensions */
slapi_int_create_object_extensions( SLAPI_X_EXT_OPERATION, op );
slapi_int_create_object_extensions( SLAPI_X_EXT_CONNECTION, conn );
pb->pb_rs = (SlapReply *)slapi_ch_calloc( 1, sizeof(SlapReply) );
pb->pb_op = op;
pb->pb_conn = conn;
pb->pb_intop = 1;
ldap_pvt_thread_mutex_unlock( &conn->c_mutex );
}
static int
do_abandon(
LDAP *ld,
ber_int_t origid,
ber_int_t msgid,
LDAPControl **sctrls,
int sendabandon )
{
BerElement *ber;
int i, err;
Sockbuf *sb;
LDAPRequest *lr;
Debug( LDAP_DEBUG_TRACE, "do_abandon origid %d, msgid %d\n",
origid, msgid, 0 );
/* find the request that we are abandoning */
start_again:;
lr = ld->ld_requests;
while ( lr != NULL ) {
/* this message */
if ( lr->lr_msgid == msgid ) {
break;
}
/* child: abandon it */
if ( lr->lr_origid == msgid && !lr->lr_abandoned ) {
(void)do_abandon( ld, lr->lr_origid, lr->lr_msgid,
sctrls, sendabandon );
/* restart, as lr may now be dangling... */
goto start_again;
}
lr = lr->lr_next;
}
if ( lr != NULL ) {
if ( origid == msgid && lr->lr_parent != NULL ) {
/* don't let caller abandon child requests! */
ld->ld_errno = LDAP_PARAM_ERROR;
return( LDAP_PARAM_ERROR );
}
if ( lr->lr_status != LDAP_REQST_INPROGRESS ) {
/* no need to send abandon message */
sendabandon = 0;
}
}
/* ldap_msgdelete locks the res_mutex. Give up the req_mutex
* while we're in there.
*/
#ifdef LDAP_R_COMPILE
ldap_pvt_thread_mutex_unlock( &ld->ld_req_mutex );
#endif
err = ldap_msgdelete( ld, msgid );
#ifdef LDAP_R_COMPILE
ldap_pvt_thread_mutex_lock( &ld->ld_req_mutex );
#endif
if ( err == 0 ) {
ld->ld_errno = LDAP_SUCCESS;
return LDAP_SUCCESS;
}
/* fetch again the request that we are abandoning */
if ( lr != NULL ) {
for ( lr = ld->ld_requests; lr != NULL; lr = lr->lr_next ) {
/* this message */
if ( lr->lr_msgid == msgid ) {
break;
}
}
}
err = 0;
if ( sendabandon ) {
if ( ber_sockbuf_ctrl( ld->ld_sb, LBER_SB_OPT_GET_FD, NULL ) == -1 ) {
/* not connected */
err = -1;
ld->ld_errno = LDAP_SERVER_DOWN;
} else if ( ( ber = ldap_alloc_ber_with_options( ld ) ) == NULL ) {
/* BER element allocation failed */
err = -1;
ld->ld_errno = LDAP_NO_MEMORY;
} else {
/*
* We already have the mutex in LDAP_R_COMPILE, so
* don't try to get it again.
* LDAP_NEXT_MSGID(ld, i);
*/
i = ++(ld)->ld_msgid;
#ifdef LDAP_CONNECTIONLESS
if ( LDAP_IS_UDP(ld) ) {
struct sockaddr sa = {0};
/* dummy, filled with ldo_peer in request.c */
err = ber_write( ber, &sa, sizeof(sa), 0 );
}
if ( LDAP_IS_UDP(ld) && ld->ld_options.ldo_version ==
LDAP_VERSION2 )
{
char *dn = ld->ld_options.ldo_cldapdn;
if (!dn) dn = "";
err = ber_printf( ber, "{isti", /* '}' */
i, dn,
LDAP_REQ_ABANDON, msgid );
} else
#endif
{
/* create a message to send */
err = ber_printf( ber, "{iti", /* '}' */
i,
LDAP_REQ_ABANDON, msgid );
}
if ( err == -1 ) {
/* encoding error */
ld->ld_errno = LDAP_ENCODING_ERROR;
} else {
/* Put Server Controls */
if ( ldap_int_put_controls( ld, sctrls, ber )
!= LDAP_SUCCESS )
{
err = -1;
} else {
/* close '{' */
err = ber_printf( ber, /*{*/ "N}" );
if ( err == -1 ) {
/* encoding error */
ld->ld_errno = LDAP_ENCODING_ERROR;
}
}
}
if ( err == -1 ) {
ber_free( ber, 1 );
} else {
/* send the message */
if ( lr != NULL ) {
assert( lr->lr_conn != NULL );
sb = lr->lr_conn->lconn_sb;
} else {
sb = ld->ld_sb;
}
if ( ber_flush2( sb, ber, LBER_FLUSH_FREE_ALWAYS ) != 0 ) {
ld->ld_errno = LDAP_SERVER_DOWN;
err = -1;
} else {
err = 0;
}
}
}
}
if ( lr != NULL ) {
if ( sendabandon || lr->lr_status == LDAP_REQST_WRITING ) {
ldap_free_connection( ld, lr->lr_conn, 0, 1 );
}
if ( origid == msgid ) {
ldap_free_request( ld, lr );
} else {
lr->lr_abandoned = 1;
}
}
#ifdef LDAP_R_COMPILE
/* ld_abandoned is actually protected by the ld_res_mutex;
* give up the ld_req_mutex and get the other */
ldap_pvt_thread_mutex_unlock( &ld->ld_req_mutex );
ldap_pvt_thread_mutex_lock( &ld->ld_res_mutex );
#endif
/* use bisection */
i = 0;
if ( ld->ld_nabandoned == 0 ||
ldap_int_bisect_find( ld->ld_abandoned, ld->ld_nabandoned, msgid, &i ) == 0 )
{
ldap_int_bisect_insert( &ld->ld_abandoned, &ld->ld_nabandoned, msgid, i );
}
if ( err != -1 ) {
ld->ld_errno = LDAP_SUCCESS;
}
#ifdef LDAP_R_COMPILE
ldap_pvt_thread_mutex_unlock( &ld->ld_res_mutex );
ldap_pvt_thread_mutex_lock( &ld->ld_req_mutex );
#endif
return( ld->ld_errno );
}
static
int
NewConnection(
ber_socket_t sfd,
VDIR_CONNECTION **ppConnection,
Sockbuf_IO *pSockbuf_IO
)
{
int retVal = LDAP_SUCCESS;
ber_len_t max = SOCK_BUF_MAX_INCOMING;
PVDIR_CONNECTION pConn;
PSTR pszLocalErrMsg = NULL;
if (VmDirAllocateMemory(sizeof(VDIR_CONNECTION), (PVOID *)&pConn) != 0)
{
retVal = LDAP_OPERATIONS_ERROR;
BAIL_ON_VMDIR_ERROR_WITH_MSG(retVal, pszLocalErrMsg, "NewConnection: VmDirAllocateMemory call failed");
}
pConn->bIsAnonymousBind = TRUE; // default to anonymous bind
pConn->sd = sfd;
retVal = VmDirGetNetworkInfoFromSocket(pConn->sd, pConn->szClientIP, sizeof(pConn->szClientIP), &pConn->dwClientPort, true);
BAIL_ON_VMDIR_ERROR(retVal);
retVal = VmDirGetNetworkInfoFromSocket(pConn->sd, pConn->szServerIP, sizeof(pConn->szServerIP), &pConn->dwServerPort, false);
BAIL_ON_VMDIR_ERROR(retVal);
VMDIR_LOG_DEBUG(VMDIR_LOG_MASK_ALL, "New connection (%s)", pConn->szClientIP);
if ((pConn->sb = ber_sockbuf_alloc()) == NULL)
{
retVal = LDAP_OPERATIONS_ERROR;
BAIL_ON_VMDIR_ERROR_WITH_MSG(retVal, pszLocalErrMsg, "New Connection (%s): ber_sockbuf_alloc() call failed with errno: %d", pConn->szClientIP, errno);
}
if (ber_sockbuf_ctrl(pConn->sb, LBER_SB_OPT_SET_MAX_INCOMING, &max) < 0)
{
retVal = LDAP_OPERATIONS_ERROR;
BAIL_ON_VMDIR_ERROR_WITH_MSG(retVal, pszLocalErrMsg, "NewConnection (%s): ber_sockbuf_ctrl() failed while setting MAX_INCOMING", pConn->szClientIP);
}
if (ber_sockbuf_add_io(pConn->sb, pSockbuf_IO, LBER_SBIOD_LEVEL_PROVIDER, (void *)&sfd) != 0)
{
retVal = LDAP_OPERATIONS_ERROR;
BAIL_ON_VMDIR_ERROR_WITH_MSG(retVal, pszLocalErrMsg, "NewConnection (%s): ber_sockbuf_addd_io() failed while setting LEVEL_PROVIDER", pConn->szClientIP);
}
//This is to disable NONBLOCK mode (when NULL passed in)
if (ber_sockbuf_ctrl(pConn->sb, LBER_SB_OPT_SET_NONBLOCK, NULL) < 0)
{
retVal = LDAP_OPERATIONS_ERROR;
BAIL_ON_VMDIR_ERROR_WITH_MSG(retVal, pszLocalErrMsg, "NewConnection (%s): ber_sockbuf_ctrl failed while setting NONBLOCK", pConn->szClientIP);
}
*ppConnection = pConn;
cleanup:
VMDIR_SAFE_FREE_MEMORY(pszLocalErrMsg);
return retVal;
error:
VMDIR_LOG_ERROR(VMDIR_LOG_MASK_ALL, "NewConnection failing with error %d", retVal);
goto cleanup;
}
int newthread_start(PeerClient *client_info)
{
ber_tag_t tag;
ber_int_t msgid;
ber_int_t msgid_before;
ber_len_t len;
BerElement *ber;
Sockbuf *sb;
ber_len_t max = 409600;
ber_tag_t LdapOpt;
int rc;
TcpHeadInfo socketTcpHead;
int client_conn = client_info->client_conn;
int loop=0;
PrintCap capInfor;
capInfor.peer = *client_info;
#ifdef DEBUG
/* enable debugging */
int ival = -1;
ber_set_option( NULL, LBER_OPT_DEBUG_LEVEL, &ival );
#endif
sb = ber_sockbuf_alloc();
ber_sockbuf_ctrl( sb, LBER_SB_OPT_SET_MAX_INCOMING, &max );
while(1){
loop ++;
//printf(">>>>>>>>>>>>>>>>>While Loop the %d Packet<<<<<<<<<<<<<<<<<<<<<<\n", loop);
/*---------------------------------------------------------------------
Recieve the data from Socket, Function of "recv" is a standard func of
getting data from socket, the purpose of "recv" is getting the TCP head
related infor that sent from client, and put into a struct.
This struct must be exactly aligned with client side,otherwis the data
may not readable
----------------------------------------------------------------------*/
//printf("\n\nDebug:-------Recv Data of TCP head\n");
rc = recv(client_conn, (char *)&socketTcpHead, sizeof(socketTcpHead),0);
if(rc < 0){
printf("TCP Head Recv failed!\n");
exit (0);
}
capInfor.PackageHead = socketTcpHead;
#ifdef DEBUGA
printf("TCP Head info len: %d\n", rc);
printf("Time tag: %u:%u\n", PCAP.TimeStmap.tv_sec,PCAP.TimeStmap.tv_usec );
printf("Pkt number: %d\n", capInfor.PackageHead.GetPackageNumber);
printf("IP layer len: %d\n", capInfor.PackageHead.size_ip);
printf("TCP layer len: %d\n", capInfor.PackageHead.size_tcp);
printf("Protocol: %d\n", capInfor.PackageHead.Prctl);
printf("Src IP: %s\n", capInfor.PackageHead.ipSrc);
printf("Dst IP: %s\n", capInfor.PackageHead.ipDst);
printf("Payload len %d\n", capInfor.PackageHead.Payload_size);
#endif
/*----------------------------------------------------------------------
"ber_sockbuf_add_io" is a function that supplied by "liblber" , it can
get the socket information like "recv", that means here no need to call
recv agian.
Why here use the "ber_sockbuf_add_io" instead of recv?
this time the payload, actually there is ldap protocol data streams are
sent by client, and LDAP protocol use BER(ASN.1) encode method,if use
this function, handy for decode the ldap information.
Like recv, it also is stuck before any data coming.
sb : socket buff, storing the data gather from socket.
-------------------------------------------------------------------------*/
//printf("Debug:-------Recv Data of Payload infor\n");
ber_sockbuf_add_io( sb, &ber_sockbuf_io_tcp, LBER_SBIOD_LEVEL_PROVIDER, (void *)&client_conn );
//printf("Debug:-------Decode BER starting\n");
//Create and allocate memory for BER struct, BER struct can store the infor which was parsed by above function
ber = ber_alloc_t(LBER_USE_DER);
if( ber == NULL ) {
perror( "ber_alloc_t" );
return( EXIT_FAILURE );
}
/*----------------------------------------------------------------------
"ber_get_next", it links the socket buff and BER struct. now all ldap data
has been transfer to the struct of ber. lib of lber and ldap can use it for
ldap layer decoding.
-------------------------------------------------------------------------*/
for (;;) {
tag = ber_get_next( sb, &len, ber);
if( tag != LBER_ERROR ) break;
if( errno == EWOULDBLOCK ) continue;
if( errno == EAGAIN ) continue;
//perror( "ber_get_next" );
return( EXIT_FAILURE );
}
//determine the Ldap option kind
LdapOpt=checkLDAPoption(ber, &msgid);
if(LdapOpt==LBER_ERROR){
printf("|-Error:LDAP option decode failed.\n");
}
/* -1 Sem: Sync the displaying in STDOUT. Only 1 thread is able to
throw the information to screen in same time, othre thread is waiting
for the bin_sem become a non-zero(1) value to take the charge in output
*/
//printf("Debug:------Sem Wait!\n");
/*-----------------Sync-Area--BEGIN---Semaphore-Control-------------------------------*/
/*---Below function displays decoded information of PDU to screen inside each thread--*/
/*---Screen resource would be used by different threads, in order to make a complete--*/
/*---LDAP packet output,I use semaphore to sync each thread. the below command lines--*/
/*---realize a packet decode and display.---------------------------------------------*/
/*-*/ sem_wait(&bin_sem);
/*-*/ //printf("Debug:------Sem OK go ahead!\n");
/*-*/ msgid_before = msgid;
/*-*/
/*-*/ //printf("Debug:------Format output infor\n");
/*-*/ FormatPrintLdap(LdapOpt, msgid, ber, capInfor);
/*-*/
/*-*/ /* +1 Sem: After this time the LDAP PDU Decoding&Outputing completed,
/*-*/ // plus 1 to set the bin_sem, then other thread will be able to use the
/*-*/ // STDOUT.
/*-*/
/*-*/ sem_post(&bin_sem);// +1 Sem
/*-----------------Sync-Area---END----Semaphore-Control--------------------------------*/
}
//close(client_conn);
}
int
ldap_int_tls_start ( LDAP *ld, LDAPConn *conn, LDAPURLDesc *srv )
{
Sockbuf *sb;
char *host;
void *ssl;
int ret;
#ifdef LDAP_USE_NON_BLOCKING_TLS
struct timeval start_time_tv, tv, tv0;
ber_socket_t sd = AC_SOCKET_ERROR;
#endif /* LDAP_USE_NON_BLOCKING_TLS */
if ( !conn )
return LDAP_PARAM_ERROR;
sb = conn->lconn_sb;
if( srv ) {
host = srv->lud_host;
} else {
host = conn->lconn_server->lud_host;
}
/* avoid NULL host */
if( host == NULL ) {
host = "localhost";
}
(void) tls_init( tls_imp );
#ifdef LDAP_USE_NON_BLOCKING_TLS
/*
* Use non-blocking io during SSL Handshake when a timeout is configured
*/
if ( ld->ld_options.ldo_tm_net.tv_sec >= 0 ) {
ber_sockbuf_ctrl( ld->ld_sb, LBER_SB_OPT_SET_NONBLOCK, sb );
ber_sockbuf_ctrl( sb, LBER_SB_OPT_GET_FD, &sd );
tv = ld->ld_options.ldo_tm_net;
tv0 = tv;
#ifdef HAVE_GETTIMEOFDAY
gettimeofday( &start_time_tv, NULL );
#else /* ! HAVE_GETTIMEOFDAY */
time( &start_time_tv.tv_sec );
start_time_tv.tv_usec = 0;
#endif /* ! HAVE_GETTIMEOFDAY */
}
#endif /* LDAP_USE_NON_BLOCKING_TLS */
ld->ld_errno = LDAP_SUCCESS;
ret = ldap_int_tls_connect( ld, conn );
#ifdef LDAP_USE_NON_BLOCKING_TLS
while ( ret > 0 ) { /* this should only happen for non-blocking io */
int wr=0;
if ( sb->sb_trans_needs_read ) {
wr=0;
} else if ( sb->sb_trans_needs_write ) {
wr=1;
}
Debug( LDAP_DEBUG_TRACE, "ldap_int_tls_start: ldap_int_tls_connect needs %s\n",
wr ? "write": "read", 0, 0);
ret = ldap_int_poll( ld, sd, &tv, wr);
if ( ret < 0 ) {
ld->ld_errno = LDAP_TIMEOUT;
break;
} else {
/* ldap_int_poll called ldap_pvt_ndelay_off */
ber_sockbuf_ctrl( ld->ld_sb, LBER_SB_OPT_SET_NONBLOCK, sb );
ret = ldap_int_tls_connect( ld, conn );
if ( ret > 0 ) { /* need to call tls_connect once more */
struct timeval curr_time_tv, delta_tv;
/* This is mostly copied from result.c:wait4msg(), should
* probably be moved into a separate function */
#ifdef HAVE_GETTIMEOFDAY
gettimeofday( &curr_time_tv, NULL );
#else /* ! HAVE_GETTIMEOFDAY */
time( &curr_time_tv.tv_sec );
curr_time_tv.tv_usec = 0;
#endif /* ! HAVE_GETTIMEOFDAY */
/* delta = curr - start */
delta_tv.tv_sec = curr_time_tv.tv_sec - start_time_tv.tv_sec;
delta_tv.tv_usec = curr_time_tv.tv_usec - start_time_tv.tv_usec;
if ( delta_tv.tv_usec < 0 ) {
delta_tv.tv_sec--;
delta_tv.tv_usec += 1000000;
}
/* tv0 < delta ? */
if ( ( tv0.tv_sec < delta_tv.tv_sec ) ||
( ( tv0.tv_sec == delta_tv.tv_sec ) &&
( tv0.tv_usec < delta_tv.tv_usec ) ) )
{
ret = -1;
ld->ld_errno = LDAP_TIMEOUT;
break;
} else {
/* timeout -= delta_time */
tv0.tv_sec -= delta_tv.tv_sec;
tv0.tv_usec -= delta_tv.tv_usec;
if ( tv0.tv_usec < 0 ) {
tv0.tv_sec--;
tv0.tv_usec += 1000000;
}
start_time_tv.tv_sec = curr_time_tv.tv_sec;
start_time_tv.tv_usec = curr_time_tv.tv_usec;
}
tv = tv0;
Debug( LDAP_DEBUG_TRACE, "ldap_int_tls_start: ld %p %ld s %ld us to go\n",
(void *)ld, (long) tv.tv_sec, (long) tv.tv_usec );
}
}
}
if ( ld->ld_options.ldo_tm_net.tv_sec >= 0 ) {
ber_sockbuf_ctrl( ld->ld_sb, LBER_SB_OPT_SET_NONBLOCK, NULL );
}
#endif /* LDAP_USE_NON_BLOCKING_TLS */
if ( ret < 0 ) {
if ( ld->ld_errno == LDAP_SUCCESS )
ld->ld_errno = LDAP_CONNECT_ERROR;
return (ld->ld_errno);
}
ssl = ldap_pvt_tls_sb_ctx( sb );
assert( ssl != NULL );
/*
* compare host with name(s) in certificate
*/
if (ld->ld_options.ldo_tls_require_cert != LDAP_OPT_X_TLS_NEVER &&
ld->ld_options.ldo_tls_require_cert != LDAP_OPT_X_TLS_ALLOW) {
ld->ld_errno = ldap_pvt_tls_check_hostname( ld, ssl, host );
if (ld->ld_errno != LDAP_SUCCESS) {
return ld->ld_errno;
}
}
return LDAP_SUCCESS;
}
static int
wait4msg(
LDAP *ld,
ber_int_t msgid,
int all,
struct timeval *timeout,
LDAPMessage **result )
{
int rc;
struct timeval tv = { 0 },
tv0 = { 0 },
start_time_tv = { 0 },
*tvp = NULL;
LDAPConn *lc;
assert( ld != NULL );
assert( result != NULL );
#ifdef LDAP_R_COMPILE
LDAP_PVT_THREAD_ASSERT_MUTEX_OWNER( &ld->ld_res_mutex );
#endif
if ( timeout == NULL && ld->ld_options.ldo_tm_api.tv_sec >= 0 ) {
tv = ld->ld_options.ldo_tm_api;
timeout = &tv;
}
#ifdef LDAP_DEBUG
if ( timeout == NULL ) {
Debug( LDAP_DEBUG_TRACE, "wait4msg ld %p msgid %d (infinite timeout)\n",
(void *)ld, msgid, 0 );
} else {
Debug( LDAP_DEBUG_TRACE, "wait4msg ld %p msgid %d (timeout %ld usec)\n",
(void *)ld, msgid, (long)timeout->tv_sec * 1000000 + timeout->tv_usec );
}
#endif /* LDAP_DEBUG */
if ( timeout != NULL ) {
tv0 = *timeout;
tv = *timeout;
tvp = &tv;
#ifdef HAVE_GETTIMEOFDAY
gettimeofday( &start_time_tv, NULL );
#else /* ! HAVE_GETTIMEOFDAY */
time( &start_time_tv.tv_sec );
start_time_tv.tv_usec = 0;
#endif /* ! HAVE_GETTIMEOFDAY */
}
rc = LDAP_MSG_X_KEEP_LOOKING;
while ( rc == LDAP_MSG_X_KEEP_LOOKING ) {
#ifdef LDAP_DEBUG
if ( ldap_debug & LDAP_DEBUG_TRACE ) {
Debug( LDAP_DEBUG_TRACE, "wait4msg continue ld %p msgid %d all %d\n",
(void *)ld, msgid, all );
#ifdef LDAP_R_COMPILE
ldap_pvt_thread_mutex_lock( &ld->ld_conn_mutex );
#endif
ldap_dump_connection( ld, ld->ld_conns, 1 );
#ifdef LDAP_R_COMPILE
ldap_pvt_thread_mutex_unlock( &ld->ld_conn_mutex );
ldap_pvt_thread_mutex_lock( &ld->ld_req_mutex );
#endif
ldap_dump_requests_and_responses( ld );
#ifdef LDAP_R_COMPILE
ldap_pvt_thread_mutex_unlock( &ld->ld_req_mutex );
#endif
}
#endif /* LDAP_DEBUG */
if ( ( *result = chkResponseList( ld, msgid, all ) ) != NULL ) {
rc = (*result)->lm_msgtype;
} else {
int lc_ready = 0;
#ifdef LDAP_R_COMPILE
ldap_pvt_thread_mutex_lock( &ld->ld_conn_mutex );
#endif
for ( lc = ld->ld_conns; lc != NULL; lc = lc->lconn_next ) {
if ( ber_sockbuf_ctrl( lc->lconn_sb,
LBER_SB_OPT_DATA_READY, NULL ) )
{
#ifdef LDAP_R_COMPILE
ldap_pvt_thread_mutex_unlock( &ld->ld_conn_mutex );
#endif
rc = try_read1msg( ld, msgid, all, &lc, result );
#ifdef LDAP_R_COMPILE
ldap_pvt_thread_mutex_lock( &ld->ld_conn_mutex );
#endif
lc_ready = 1;
break;
}
}
#ifdef LDAP_R_COMPILE
ldap_pvt_thread_mutex_unlock( &ld->ld_conn_mutex );
#endif
if ( !lc_ready ) {
rc = ldap_int_select( ld, tvp );
#ifdef LDAP_DEBUG
if ( rc == -1 ) {
Debug( LDAP_DEBUG_TRACE,
"ldap_int_select returned -1: errno %d\n",
sock_errno(), 0, 0 );
}
#endif
if ( rc == 0 || ( rc == -1 && (
!LDAP_BOOL_GET(&ld->ld_options, LDAP_BOOL_RESTART)
|| sock_errno() != EINTR ) ) )
{
ld->ld_errno = (rc == -1 ? LDAP_SERVER_DOWN :
LDAP_TIMEOUT);
return( rc );
}
if ( rc == -1 ) {
rc = LDAP_MSG_X_KEEP_LOOKING; /* select interrupted: loop */
} else {
rc = LDAP_MSG_X_KEEP_LOOKING;
#ifdef LDAP_R_COMPILE
ldap_pvt_thread_mutex_lock( &ld->ld_req_mutex );
#endif
if ( ld->ld_requests &&
ld->ld_requests->lr_status == LDAP_REQST_WRITING &&
ldap_is_write_ready( ld,
ld->ld_requests->lr_conn->lconn_sb ) )
{
ldap_int_flush_request( ld, ld->ld_requests );
}
#ifdef LDAP_R_COMPILE
ldap_pvt_thread_mutex_unlock( &ld->ld_req_mutex );
ldap_pvt_thread_mutex_lock( &ld->ld_conn_mutex );
#endif
for ( lc = ld->ld_conns;
rc == LDAP_MSG_X_KEEP_LOOKING && lc != NULL; )
{
if ( lc->lconn_status == LDAP_CONNST_CONNECTED &&
ldap_is_read_ready( ld, lc->lconn_sb ) )
{
#ifdef LDAP_R_COMPILE
ldap_pvt_thread_mutex_unlock( &ld->ld_conn_mutex );
#endif
rc = try_read1msg( ld, msgid, all, &lc, result );
#ifdef LDAP_R_COMPILE
ldap_pvt_thread_mutex_lock( &ld->ld_conn_mutex );
#endif
if ( lc == NULL ) {
/* if lc gets free()'d,
* there's no guarantee
* lc->lconn_next is still
* sane; better restart
* (ITS#4405) */
lc = ld->ld_conns;
/* don't get to next conn! */
break;
}
}
/* next conn */
lc = lc->lconn_next;
}
#ifdef LDAP_R_COMPILE
ldap_pvt_thread_mutex_unlock( &ld->ld_conn_mutex );
#endif
}
}
}
if ( rc == LDAP_MSG_X_KEEP_LOOKING && tvp != NULL ) {
struct timeval curr_time_tv = { 0 },
delta_time_tv = { 0 };
#ifdef HAVE_GETTIMEOFDAY
gettimeofday( &curr_time_tv, NULL );
#else /* ! HAVE_GETTIMEOFDAY */
time( &curr_time_tv.tv_sec );
curr_time_tv.tv_usec = 0;
#endif /* ! HAVE_GETTIMEOFDAY */
/* delta_time = tmp_time - start_time */
delta_time_tv.tv_sec = curr_time_tv.tv_sec - start_time_tv.tv_sec;
delta_time_tv.tv_usec = curr_time_tv.tv_usec - start_time_tv.tv_usec;
if ( delta_time_tv.tv_usec < 0 ) {
delta_time_tv.tv_sec--;
delta_time_tv.tv_usec += 1000000;
}
/* tv0 < delta_time ? */
if ( ( tv0.tv_sec < delta_time_tv.tv_sec ) ||
( ( tv0.tv_sec == delta_time_tv.tv_sec ) && ( tv0.tv_usec < delta_time_tv.tv_usec ) ) )
{
rc = 0; /* timed out */
ld->ld_errno = LDAP_TIMEOUT;
break;
}
/* tv0 -= delta_time */
tv0.tv_sec -= delta_time_tv.tv_sec;
tv0.tv_usec -= delta_time_tv.tv_usec;
if ( tv0.tv_usec < 0 ) {
tv0.tv_sec--;
tv0.tv_usec += 1000000;
}
tv.tv_sec = tv0.tv_sec;
tv.tv_usec = tv0.tv_usec;
Debug( LDAP_DEBUG_TRACE, "wait4msg ld %p %ld s %ld us to go\n",
(void *)ld, (long) tv.tv_sec, (long) tv.tv_usec );
start_time_tv.tv_sec = curr_time_tv.tv_sec;
start_time_tv.tv_usec = curr_time_tv.tv_usec;
}
}
return( rc );
}
static int
ldap_int_tls_connect( LDAP *ld, LDAPConn *conn )
{
Sockbuf *sb = conn->lconn_sb;
int err;
tls_session *ssl = NULL;
if ( HAS_TLS( sb )) {
ber_sockbuf_ctrl( sb, LBER_SB_OPT_GET_SSL, (void *)&ssl );
} else {
struct ldapoptions *lo;
tls_ctx *ctx;
ctx = ld->ld_options.ldo_tls_ctx;
ssl = alloc_handle( ctx, 0 );
if ( ssl == NULL ) return -1;
#ifdef LDAP_DEBUG
ber_sockbuf_add_io( sb, &ber_sockbuf_io_debug,
LBER_SBIOD_LEVEL_TRANSPORT, (void *)"tls_" );
#endif
ber_sockbuf_add_io( sb, tls_imp->ti_sbio,
LBER_SBIOD_LEVEL_TRANSPORT, (void *)ssl );
lo = LDAP_INT_GLOBAL_OPT();
if( ctx == NULL ) {
ctx = lo->ldo_tls_ctx;
ld->ld_options.ldo_tls_ctx = ctx;
tls_ctx_ref( ctx );
}
if ( ld->ld_options.ldo_tls_connect_cb )
ld->ld_options.ldo_tls_connect_cb( ld, ssl, ctx,
ld->ld_options.ldo_tls_connect_arg );
if ( lo && lo->ldo_tls_connect_cb && lo->ldo_tls_connect_cb !=
ld->ld_options.ldo_tls_connect_cb )
lo->ldo_tls_connect_cb( ld, ssl, ctx, lo->ldo_tls_connect_arg );
}
err = tls_imp->ti_session_connect( ld, ssl );
#ifdef HAVE_WINSOCK
errno = WSAGetLastError();
#endif
if ( err < 0 )
{
char buf[256], *msg;
if ( update_flags( sb, ssl, err )) {
return 1;
}
msg = tls_imp->ti_session_errmsg( ssl, err, buf, sizeof(buf) );
if ( msg ) {
if ( ld->ld_error ) {
LDAP_FREE( ld->ld_error );
}
ld->ld_error = LDAP_STRDUP( msg );
#ifdef HAVE_EBCDIC
if ( ld->ld_error ) __etoa(ld->ld_error);
#endif
}
Debug( LDAP_DEBUG_ANY,"TLS: can't connect: %s.\n",
ld->ld_error ? ld->ld_error : "" ,0,0);
ber_sockbuf_remove_io( sb, tls_imp->ti_sbio,
LBER_SBIOD_LEVEL_TRANSPORT );
#ifdef LDAP_DEBUG
ber_sockbuf_remove_io( sb, &ber_sockbuf_io_debug,
LBER_SBIOD_LEVEL_TRANSPORT );
#endif
return -1;
}
return 0;
}
static ber_tag_t
try_read1msg(
LDAP *ld,
ber_int_t msgid,
int all,
LDAPConn **lcp,
LDAPMessage **result )
{
BerElement *ber;
LDAPMessage *newmsg, *l, *prev;
ber_int_t id;
int idx;
ber_tag_t tag;
ber_len_t len;
int foundit = 0;
LDAPRequest *lr, *tmplr, dummy_lr = { 0 };
LDAPConn *lc;
BerElement tmpber;
int rc, refer_cnt, hadref, simple_request;
ber_int_t lderr;
#ifdef LDAP_CONNECTIONLESS
LDAPMessage *tmp = NULL, *chain_head = NULL;
int moremsgs = 0, isv2 = 0;
#endif
assert( ld != NULL );
assert( lcp != NULL );
assert( *lcp != NULL );
#ifdef LDAP_R_COMPILE
LDAP_PVT_THREAD_ASSERT_MUTEX_OWNER( &ld->ld_res_mutex );
#endif
Debug( LDAP_DEBUG_TRACE, "read1msg: ld %p msgid %d all %d\n",
(void *)ld, msgid, all );
lc = *lcp;
retry:
if ( lc->lconn_ber == NULL ) {
lc->lconn_ber = ldap_alloc_ber_with_options( ld );
if ( lc->lconn_ber == NULL ) {
return -1;
}
}
ber = lc->lconn_ber;
assert( LBER_VALID (ber) );
/* get the next message */
sock_errset(0);
#ifdef LDAP_CONNECTIONLESS
if ( LDAP_IS_UDP(ld) ) {
struct sockaddr from;
ber_int_sb_read( lc->lconn_sb, &from, sizeof(struct sockaddr) );
if ( ld->ld_options.ldo_version == LDAP_VERSION2 ) isv2 = 1;
}
nextresp3:
#endif
tag = ber_get_next( lc->lconn_sb, &len, ber );
switch ( tag ) {
case LDAP_TAG_MESSAGE:
/*
* We read a complete message.
* The connection should no longer need this ber.
*/
lc->lconn_ber = NULL;
break;
case LBER_DEFAULT:
#ifdef LDAP_DEBUG
Debug( LDAP_DEBUG_CONNS,
"ber_get_next failed.\n", 0, 0, 0 );
#endif
#ifdef EWOULDBLOCK
if ( sock_errno() == EWOULDBLOCK ) return LDAP_MSG_X_KEEP_LOOKING;
#endif
#ifdef EAGAIN
if ( sock_errno() == EAGAIN ) return LDAP_MSG_X_KEEP_LOOKING;
#endif
ld->ld_errno = LDAP_SERVER_DOWN;
#ifdef LDAP_R_COMPILE
ldap_pvt_thread_mutex_lock( &ld->ld_req_mutex );
#endif
ldap_free_connection( ld, lc, 1, 0 );
#ifdef LDAP_R_COMPILE
ldap_pvt_thread_mutex_unlock( &ld->ld_req_mutex );
#endif
lc = *lcp = NULL;
return -1;
default:
ld->ld_errno = LDAP_LOCAL_ERROR;
return -1;
}
/* message id */
if ( ber_get_int( ber, &id ) == LBER_ERROR ) {
ber_free( ber, 1 );
ld->ld_errno = LDAP_DECODING_ERROR;
return( -1 );
}
/* id == 0 iff unsolicited notification message (RFC 4511) */
/* if it's been abandoned, toss it */
if ( id > 0 ) {
if ( ldap_abandoned( ld, id, &idx ) ) {
/* the message type */
tag = ber_peek_tag( ber, &len );
switch ( tag ) {
case LDAP_RES_SEARCH_ENTRY:
case LDAP_RES_SEARCH_REFERENCE:
case LDAP_RES_INTERMEDIATE:
case LBER_ERROR:
break;
default:
/* there's no need to keep the id
* in the abandoned list any longer */
ldap_mark_abandoned( ld, id, idx );
break;
}
Debug( LDAP_DEBUG_ANY,
"abandoned/discarded ld %p msgid %ld message type %s\n",
(void *)ld, (long)id, ldap_int_msgtype2str( tag ) );
retry_ber:
ber_free( ber, 1 );
if ( ber_sockbuf_ctrl( lc->lconn_sb, LBER_SB_OPT_DATA_READY, NULL ) ) {
goto retry;
}
return( LDAP_MSG_X_KEEP_LOOKING ); /* continue looking */
}
lr = ldap_find_request_by_msgid( ld, id );
if ( lr == NULL ) {
const char *msg = "unknown";
/* the message type */
tag = ber_peek_tag( ber, &len );
switch ( tag ) {
case LBER_ERROR:
break;
default:
msg = ldap_int_msgtype2str( tag );
break;
}
Debug( LDAP_DEBUG_ANY,
"no request for response on ld %p msgid %ld message type %s (tossing)\n",
(void *)ld, (long)id, msg );
goto retry_ber;
}
#ifdef LDAP_CONNECTIONLESS
if ( LDAP_IS_UDP(ld) && isv2 ) {
ber_scanf(ber, "x{");
}
nextresp2:
#endif
}
/* the message type */
tag = ber_peek_tag( ber, &len );
if ( tag == LBER_ERROR ) {
ld->ld_errno = LDAP_DECODING_ERROR;
ber_free( ber, 1 );
return( -1 );
}
Debug( LDAP_DEBUG_TRACE,
"read1msg: ld %p msgid %ld message type %s\n",
(void *)ld, (long)lr->lr_msgid, ldap_int_msgtype2str( tag ) );
if ( id == 0 ) {
/* unsolicited notification message (RFC 4511) */
if ( tag != LDAP_RES_EXTENDED ) {
/* toss it */
goto retry_ber;
/* strictly speaking, it's an error; from RFC 4511:
4.4. Unsolicited Notification
An unsolicited notification is an LDAPMessage sent from the server to
the client that is not in response to any LDAPMessage received by the
server. It is used to signal an extraordinary condition in the
server or in the LDAP session between the client and the server. The
notification is of an advisory nature, and the server will not expect
any response to be returned from the client.
The unsolicited notification is structured as an LDAPMessage in which
the messageID is zero and protocolOp is set to the extendedResp
choice using the ExtendedResponse type (See Section 4.12). The
responseName field of the ExtendedResponse always contains an LDAPOID
that is unique for this notification.
* however, since unsolicited responses
* are of advisory nature, better
* toss it, right now
*/
#if 0
ld->ld_errno = LDAP_DECODING_ERROR;
ber_free( ber, 1 );
return( -1 );
#endif
}
lr = &dummy_lr;
}
id = lr->lr_origid;
refer_cnt = 0;
hadref = simple_request = 0;
rc = LDAP_MSG_X_KEEP_LOOKING; /* default is to keep looking (no response found) */
lr->lr_res_msgtype = tag;
/*
* Check for V3 search reference
*/
if ( tag == LDAP_RES_SEARCH_REFERENCE ) {
if ( ld->ld_version > LDAP_VERSION2 ) {
/* This is a V3 search reference */
if ( LDAP_BOOL_GET(&ld->ld_options, LDAP_BOOL_REFERRALS) ||
lr->lr_parent != NULL )
{
char **refs = NULL;
tmpber = *ber;
/* Get the referral list */
if ( ber_scanf( &tmpber, "{v}", &refs ) == LBER_ERROR ) {
rc = LDAP_DECODING_ERROR;
} else {
/* Note: refs array is freed by ldap_chase_v3referrals */
refer_cnt = ldap_chase_v3referrals( ld, lr, refs,
1, &lr->lr_res_error, &hadref );
if ( refer_cnt > 0 ) {
/* successfully chased reference */
/* If haven't got end search, set chasing referrals */
if ( lr->lr_status != LDAP_REQST_COMPLETED ) {
lr->lr_status = LDAP_REQST_CHASINGREFS;
Debug( LDAP_DEBUG_TRACE,
"read1msg: search ref chased, "
"mark request chasing refs, "
"id = %d\n",
lr->lr_msgid, 0, 0 );
}
}
}
}
}
} else if ( tag != LDAP_RES_SEARCH_ENTRY && tag != LDAP_RES_INTERMEDIATE ) {
/* All results that just return a status, i.e. don't return data
* go through the following code. This code also chases V2 referrals
* and checks if all referrals have been chased.
*/
char *lr_res_error = NULL;
tmpber = *ber; /* struct copy */
if ( ber_scanf( &tmpber, "{eAA", &lderr,
&lr->lr_res_matched, &lr_res_error )
!= LBER_ERROR )
{
if ( lr_res_error != NULL ) {
if ( lr->lr_res_error != NULL ) {
(void)ldap_append_referral( ld, &lr->lr_res_error, lr_res_error );
LDAP_FREE( (char *)lr_res_error );
} else {
lr->lr_res_error = lr_res_error;
}
lr_res_error = NULL;
}
/* Do we need to check for referrals? */
if ( LDAP_BOOL_GET(&ld->ld_options, LDAP_BOOL_REFERRALS) ||
lr->lr_parent != NULL )
{
char **refs = NULL;
ber_len_t len;
/* Check if V3 referral */
if ( ber_peek_tag( &tmpber, &len ) == LDAP_TAG_REFERRAL ) {
if ( ld->ld_version > LDAP_VERSION2 ) {
/* Get the referral list */
if ( ber_scanf( &tmpber, "{v}", &refs) == LBER_ERROR) {
rc = LDAP_DECODING_ERROR;
lr->lr_status = LDAP_REQST_COMPLETED;
Debug( LDAP_DEBUG_TRACE,
"read1msg: referral decode error, "
"mark request completed, ld %p msgid %d\n",
(void *)ld, lr->lr_msgid, 0 );
} else {
/* Chase the referral
* refs array is freed by ldap_chase_v3referrals
*/
refer_cnt = ldap_chase_v3referrals( ld, lr, refs,
0, &lr->lr_res_error, &hadref );
lr->lr_status = LDAP_REQST_COMPLETED;
Debug( LDAP_DEBUG_TRACE,
"read1msg: referral %s chased, "
"mark request completed, ld %p msgid %d\n",
refer_cnt > 0 ? "" : "not",
(void *)ld, lr->lr_msgid);
if ( refer_cnt < 0 ) {
refer_cnt = 0;
}
}
}
} else {
switch ( lderr ) {
case LDAP_SUCCESS:
case LDAP_COMPARE_TRUE:
case LDAP_COMPARE_FALSE:
break;
default:
if ( lr->lr_res_error == NULL ) {
break;
}
/* pedantic, should never happen */
if ( lr->lr_res_error[ 0 ] == '\0' ) {
LDAP_FREE( lr->lr_res_error );
lr->lr_res_error = NULL;
break;
}
/* V2 referrals are in error string */
refer_cnt = ldap_chase_referrals( ld, lr,
&lr->lr_res_error, -1, &hadref );
lr->lr_status = LDAP_REQST_COMPLETED;
Debug( LDAP_DEBUG_TRACE,
"read1msg: V2 referral chased, "
"mark request completed, id = %d\n",
lr->lr_msgid, 0, 0 );
break;
}
}
}
/* save errno, message, and matched string */
if ( !hadref || lr->lr_res_error == NULL ) {
lr->lr_res_errno =
lderr == LDAP_PARTIAL_RESULTS
? LDAP_SUCCESS : lderr;
} else if ( ld->ld_errno != LDAP_SUCCESS ) {
lr->lr_res_errno = ld->ld_errno;
} else {
lr->lr_res_errno = LDAP_PARTIAL_RESULTS;
}
}
/* in any case, don't leave any lr_res_error 'round */
if ( lr_res_error ) {
LDAP_FREE( lr_res_error );
}
Debug( LDAP_DEBUG_TRACE,
"read1msg: ld %p %d new referrals\n",
(void *)ld, refer_cnt, 0 );
if ( refer_cnt != 0 ) { /* chasing referrals */
ber_free( ber, 1 );
ber = NULL;
if ( refer_cnt < 0 ) {
ldap_return_request( ld, lr, 0 );
return( -1 ); /* fatal error */
}
lr->lr_res_errno = LDAP_SUCCESS; /* sucessfully chased referral */
} else {
if ( lr->lr_outrefcnt <= 0 && lr->lr_parent == NULL ) {
/* request without any referrals */
simple_request = ( hadref ? 0 : 1 );
} else {
/* request with referrals or child request */
ber_free( ber, 1 );
ber = NULL;
}
lr->lr_status = LDAP_REQST_COMPLETED; /* declare this request done */
Debug( LDAP_DEBUG_TRACE,
"read1msg: mark request completed, ld %p msgid %d\n",
(void *)ld, lr->lr_msgid, 0);
while ( lr->lr_parent != NULL ) {
merge_error_info( ld, lr->lr_parent, lr );
lr = lr->lr_parent;
if ( --lr->lr_outrefcnt > 0 ) {
break; /* not completely done yet */
}
}
/* Check if all requests are finished, lr is now parent */
tmplr = lr;
if ( tmplr->lr_status == LDAP_REQST_COMPLETED ) {
for ( tmplr = lr->lr_child;
tmplr != NULL;
tmplr = tmplr->lr_refnext )
{
if ( tmplr->lr_status != LDAP_REQST_COMPLETED ) break;
}
}
/* This is the parent request if the request has referrals */
if ( lr->lr_outrefcnt <= 0 &&
lr->lr_parent == NULL &&
tmplr == NULL )
{
id = lr->lr_msgid;
tag = lr->lr_res_msgtype;
Debug( LDAP_DEBUG_TRACE, "request done: ld %p msgid %ld\n",
(void *)ld, (long) id, 0 );
Debug( LDAP_DEBUG_TRACE,
"res_errno: %d, res_error: <%s>, "
"res_matched: <%s>\n",
lr->lr_res_errno,
lr->lr_res_error ? lr->lr_res_error : "",
lr->lr_res_matched ? lr->lr_res_matched : "" );
if ( !simple_request ) {
ber_free( ber, 1 );
ber = NULL;
if ( build_result_ber( ld, &ber, lr )
== LBER_ERROR )
{
rc = -1; /* fatal error */
}
}
if ( lr != &dummy_lr ) {
ldap_return_request( ld, lr, 1 );
}
lr = NULL;
}
/*
* RF 4511 unsolicited (id == 0) responses
* shouldn't necessarily end the connection
*/
if ( lc != NULL && id != 0 ) {
#ifdef LDAP_R_COMPILE
ldap_pvt_thread_mutex_lock( &ld->ld_req_mutex );
#endif
ldap_free_connection( ld, lc, 0, 1 );
#ifdef LDAP_R_COMPILE
ldap_pvt_thread_mutex_unlock( &ld->ld_req_mutex );
#endif
lc = *lcp = NULL;
}
}
}
if ( lr != NULL ) {
if ( lr != &dummy_lr ) {
ldap_return_request( ld, lr, 0 );
}
lr = NULL;
}
if ( ber == NULL ) {
return( rc );
}
/* try to handle unsolicited responses as appropriate */
if ( id == 0 && msgid > LDAP_RES_UNSOLICITED ) {
int is_nod = 0;
tag = ber_peek_tag( &tmpber, &len );
/* we have a res oid */
if ( tag == LDAP_TAG_EXOP_RES_OID ) {
static struct berval bv_nod = BER_BVC( LDAP_NOTICE_OF_DISCONNECTION );
struct berval resoid = BER_BVNULL;
if ( ber_scanf( &tmpber, "m", &resoid ) == LBER_ERROR ) {
ld->ld_errno = LDAP_DECODING_ERROR;
ber_free( ber, 1 );
return -1;
}
assert( !BER_BVISEMPTY( &resoid ) );
is_nod = ber_bvcmp( &resoid, &bv_nod ) == 0;
tag = ber_peek_tag( &tmpber, &len );
}
#if 0 /* don't need right now */
/* we have res data */
if ( tag == LDAP_TAG_EXOP_RES_VALUE ) {
struct berval resdata;
if ( ber_scanf( &tmpber, "m", &resdata ) == LBER_ERROR ) {
ld->ld_errno = LDAP_DECODING_ERROR;
ber_free( ber, 0 );
return ld->ld_errno;
}
/* use it... */
}
#endif
/* handle RFC 4511 "Notice of Disconnection" locally */
if ( is_nod ) {
if ( tag == LDAP_TAG_EXOP_RES_VALUE ) {
ld->ld_errno = LDAP_DECODING_ERROR;
ber_free( ber, 1 );
return -1;
}
/* get rid of the connection... */
if ( lc != NULL ) {
#ifdef LDAP_R_COMPILE
ldap_pvt_thread_mutex_lock( &ld->ld_req_mutex );
#endif
ldap_free_connection( ld, lc, 0, 1 );
#ifdef LDAP_R_COMPILE
ldap_pvt_thread_mutex_unlock( &ld->ld_req_mutex );
#endif
lc = *lcp = NULL;
}
/* need to return -1, because otherwise
* a valid result is expected */
return -1;
}
}
/* make a new ldap message */
newmsg = (LDAPMessage *) LDAP_CALLOC( 1, sizeof(LDAPMessage) );
if ( newmsg == NULL ) {
ld->ld_errno = LDAP_NO_MEMORY;
return( -1 );
}
newmsg->lm_msgid = (int)id;
newmsg->lm_msgtype = tag;
newmsg->lm_ber = ber;
newmsg->lm_chain_tail = newmsg;
#ifdef LDAP_CONNECTIONLESS
/* CLDAP replies all fit in a single datagram. In LDAPv2 RFC1798
* the responses are all a sequence wrapped in one message. In
* LDAPv3 each response is in its own message. The datagram must
* end with a SearchResult. We can't just parse each response in
* separate calls to try_read1msg because the header info is only
* present at the beginning of the datagram, not at the beginning
* of each response. So parse all the responses at once and queue
* them up, then pull off the first response to return to the
* caller when all parsing is complete.
*/
if ( LDAP_IS_UDP(ld) ) {
/* If not a result, look for more */
if ( tag != LDAP_RES_SEARCH_RESULT ) {
int ok = 0;
moremsgs = 1;
if (isv2) {
/* LDAPv2: dup the current ber, skip past the current
* response, and see if there are any more after it.
*/
ber = ber_dup( ber );
ber_scanf( ber, "x" );
if ( ber_peek_tag( ber, &len ) != LBER_DEFAULT ) {
/* There's more - dup the ber buffer so they can all be
* individually freed by ldap_msgfree.
*/
struct berval bv;
ber_get_option( ber, LBER_OPT_BER_REMAINING_BYTES, &len );
bv.bv_val = LDAP_MALLOC( len );
if ( bv.bv_val ) {
ok = 1;
ber_read( ber, bv.bv_val, len );
bv.bv_len = len;
ber_init2( ber, &bv, ld->ld_lberoptions );
}
}
} else {
/* LDAPv3: Just allocate a new ber. Since this is a buffered
* datagram, if the sockbuf is readable we still have data
* to parse.
*/
ber = ldap_alloc_ber_with_options( ld );
if ( ber_sockbuf_ctrl( lc->lconn_sb, LBER_SB_OPT_DATA_READY, NULL ) ) ok = 1;
}
/* set up response chain */
if ( tmp == NULL ) {
newmsg->lm_next = ld->ld_responses;
ld->ld_responses = newmsg;
chain_head = newmsg;
} else {
tmp->lm_chain = newmsg;
}
chain_head->lm_chain_tail = newmsg;
tmp = newmsg;
/* "ok" means there's more to parse */
if ( ok ) {
if ( isv2 ) {
goto nextresp2;
} else {
goto nextresp3;
}
} else {
/* got to end of datagram without a SearchResult. Free
* our dup'd ber, but leave any buffer alone. For v2 case,
* the previous response is still using this buffer. For v3,
* the new ber has no buffer to free yet.
*/
ber_free( ber, 0 );
return -1;
}
} else if ( moremsgs ) {
/* got search result, and we had multiple responses in 1 datagram.
* stick the result onto the end of the chain, and then pull the
* first response off the head of the chain.
*/
tmp->lm_chain = newmsg;
chain_head->lm_chain_tail = newmsg;
*result = chkResponseList( ld, msgid, all );
ld->ld_errno = LDAP_SUCCESS;
return( (*result)->lm_msgtype );
}
}
#endif /* LDAP_CONNECTIONLESS */
/* is this the one we're looking for? */
if ( msgid == LDAP_RES_ANY || id == msgid ) {
if ( all == LDAP_MSG_ONE
|| ( newmsg->lm_msgtype != LDAP_RES_SEARCH_RESULT
&& newmsg->lm_msgtype != LDAP_RES_SEARCH_ENTRY
&& newmsg->lm_msgtype != LDAP_RES_SEARCH_REFERENCE ) )
{
*result = newmsg;
ld->ld_errno = LDAP_SUCCESS;
return( tag );
} else if ( newmsg->lm_msgtype == LDAP_RES_SEARCH_RESULT) {
foundit = 1; /* return the chain later */
}
}
/*
* if not, we must add it to the list of responses. if
* the msgid is already there, it must be part of an existing
* search response.
*/
prev = NULL;
for ( l = ld->ld_responses; l != NULL; l = l->lm_next ) {
if ( l->lm_msgid == newmsg->lm_msgid ) {
break;
}
prev = l;
}
/* not part of an existing search response */
if ( l == NULL ) {
if ( foundit ) {
*result = newmsg;
goto exit;
}
newmsg->lm_next = ld->ld_responses;
ld->ld_responses = newmsg;
goto exit;
}
Debug( LDAP_DEBUG_TRACE, "adding response ld %p msgid %ld type %ld:\n",
(void *)ld, (long) newmsg->lm_msgid, (long) newmsg->lm_msgtype );
/* part of a search response - add to end of list of entries */
l->lm_chain_tail->lm_chain = newmsg;
l->lm_chain_tail = newmsg;
/* return the whole chain if that's what we were looking for */
if ( foundit ) {
if ( prev == NULL ) {
ld->ld_responses = l->lm_next;
} else {
prev->lm_next = l->lm_next;
}
*result = l;
}
exit:
if ( foundit ) {
ld->ld_errno = LDAP_SUCCESS;
return( tag );
}
if ( lc && ber_sockbuf_ctrl( lc->lconn_sb, LBER_SB_OPT_DATA_READY, NULL ) ) {
goto retry;
}
return( LDAP_MSG_X_KEEP_LOOKING ); /* continue looking */
}
static ber_tag_t
build_result_ber( LDAP *ld, BerElement **bp, LDAPRequest *lr )
{
ber_len_t len;
ber_tag_t tag;
ber_int_t along;
BerElement *ber;
*bp = NULL;
ber = ldap_alloc_ber_with_options( ld );
if( ber == NULL ) {
ld->ld_errno = LDAP_NO_MEMORY;
return LBER_ERROR;
}
if ( ber_printf( ber, "{it{ess}}", lr->lr_msgid,
lr->lr_res_msgtype, lr->lr_res_errno,
lr->lr_res_matched ? lr->lr_res_matched : "",
lr->lr_res_error ? lr->lr_res_error : "" ) == -1 )
{
ld->ld_errno = LDAP_ENCODING_ERROR;
ber_free( ber, 1 );
return( LBER_ERROR );
}
ber_reset( ber, 1 );
if ( ber_skip_tag( ber, &len ) == LBER_ERROR ) {
ld->ld_errno = LDAP_DECODING_ERROR;
ber_free( ber, 1 );
return( LBER_ERROR );
}
if ( ber_get_enum( ber, &along ) == LBER_ERROR ) {
ld->ld_errno = LDAP_DECODING_ERROR;
ber_free( ber, 1 );
return( LBER_ERROR );
}
tag = ber_peek_tag( ber, &len );
if ( tag == LBER_ERROR ) {
ld->ld_errno = LDAP_DECODING_ERROR;
ber_free( ber, 1 );
return( LBER_ERROR );
}
*bp = ber;
return tag;
}