static int
dynlist_prepare_entry( Operation *op, SlapReply *rs, dynlist_info_t *dli )
{
Attribute *a, *id = NULL;
slap_callback cb = { 0 };
Operation o = *op;
struct berval *url;
Entry *e;
int opattrs,
userattrs;
dynlist_sc_t dlc = { 0 };
dynlist_map_t *dlm;
a = attrs_find( rs->sr_entry->e_attrs, dli->dli_ad );
if ( a == NULL ) {
/* FIXME: error? */
return SLAP_CB_CONTINUE;
}
opattrs = SLAP_OPATTRS( rs->sr_attr_flags );
userattrs = SLAP_USERATTRS( rs->sr_attr_flags );
/* Don't generate member list if it wasn't requested */
for ( dlm = dli->dli_dlm; dlm; dlm = dlm->dlm_next ) {
AttributeDescription *ad = dlm->dlm_mapped_ad ? dlm->dlm_mapped_ad : dlm->dlm_member_ad;
if ( userattrs || ad_inlist( ad, rs->sr_attrs ) )
break;
}
if ( dli->dli_dlm && !dlm )
return SLAP_CB_CONTINUE;
if ( ad_dgIdentity && ( id = attrs_find( rs->sr_entry->e_attrs, ad_dgIdentity ))) {
Attribute *authz = NULL;
/* if not rootdn and dgAuthz is present,
* check if user can be authorized as dgIdentity */
if ( ad_dgAuthz && !BER_BVISEMPTY( &id->a_nvals[0] ) && !be_isroot( op )
&& ( authz = attrs_find( rs->sr_entry->e_attrs, ad_dgAuthz ) ) )
{
if ( slap_sasl_matches( op, authz->a_nvals,
&o.o_ndn, &o.o_ndn ) != LDAP_SUCCESS )
{
return SLAP_CB_CONTINUE;
}
}
o.o_dn = id->a_vals[0];
o.o_ndn = id->a_nvals[0];
o.o_groups = NULL;
}
e = rs->sr_entry;
/* ensure e is modifiable, but do not replace
* sr_entry yet since we have pointers into it */
if ( !( rs->sr_flags & REP_ENTRY_MODIFIABLE ) ) {
e = entry_dup( rs->sr_entry );
}
dlc.dlc_e = e;
dlc.dlc_dli = dli;
cb.sc_private = &dlc;
cb.sc_response = dynlist_sc_update;
o.o_callback = &cb;
o.ors_deref = LDAP_DEREF_NEVER;
o.ors_limit = NULL;
o.ors_tlimit = SLAP_NO_LIMIT;
o.ors_slimit = SLAP_NO_LIMIT;
for ( url = a->a_nvals; !BER_BVISNULL( url ); url++ ) {
LDAPURLDesc *lud = NULL;
int i, j;
struct berval dn;
int rc;
BER_BVZERO( &o.o_req_dn );
BER_BVZERO( &o.o_req_ndn );
o.ors_filter = NULL;
o.ors_attrs = NULL;
BER_BVZERO( &o.ors_filterstr );
if ( ldap_url_parse( url->bv_val, &lud ) != LDAP_URL_SUCCESS ) {
/* FIXME: error? */
continue;
}
if ( lud->lud_host != NULL ) {
/* FIXME: host not allowed; reject as illegal? */
Debug( LDAP_DEBUG_ANY, "dynlist_prepare_entry(\"%s\"): "
"illegal URI \"%s\"\n",
e->e_name.bv_val, url->bv_val, 0 );
goto cleanup;
}
if ( lud->lud_dn == NULL ) {
/* note that an empty base is not honored in terms
* of defaultSearchBase, because select_backend()
* is not aware of the defaultSearchBase option;
* this can be useful in case of a database serving
* the empty suffix */
BER_BVSTR( &dn, "" );
} else {
ber_str2bv( lud->lud_dn, 0, 0, &dn );
}
rc = dnPrettyNormal( NULL, &dn, &o.o_req_dn, &o.o_req_ndn, op->o_tmpmemctx );
if ( rc != LDAP_SUCCESS ) {
/* FIXME: error? */
goto cleanup;
}
o.ors_scope = lud->lud_scope;
for ( dlm = dli->dli_dlm; dlm; dlm = dlm->dlm_next ) {
if ( dlm->dlm_mapped_ad != NULL ) {
break;
}
}
if ( dli->dli_dlm && !dlm ) {
/* if ( lud->lud_attrs != NULL ),
* the URL should be ignored */
o.ors_attrs = slap_anlist_no_attrs;
} else if ( lud->lud_attrs == NULL ) {
o.ors_attrs = rs->sr_attrs;
} else {
for ( i = 0; lud->lud_attrs[i]; i++)
/* just count */ ;
o.ors_attrs = op->o_tmpcalloc( i + 1, sizeof( AttributeName ), op->o_tmpmemctx );
for ( i = 0, j = 0; lud->lud_attrs[i]; i++) {
const char *text = NULL;
ber_str2bv( lud->lud_attrs[i], 0, 0, &o.ors_attrs[j].an_name );
o.ors_attrs[j].an_desc = NULL;
(void)slap_bv2ad( &o.ors_attrs[j].an_name, &o.ors_attrs[j].an_desc, &text );
/* FIXME: ignore errors... */
if ( rs->sr_attrs == NULL ) {
if ( o.ors_attrs[j].an_desc != NULL &&
is_at_operational( o.ors_attrs[j].an_desc->ad_type ) )
{
continue;
}
} else {
if ( o.ors_attrs[j].an_desc != NULL &&
is_at_operational( o.ors_attrs[j].an_desc->ad_type ) )
{
if ( !opattrs ) {
continue;
}
if ( !ad_inlist( o.ors_attrs[j].an_desc, rs->sr_attrs ) ) {
/* lookup if mapped -- linear search,
* not very efficient unless list
* is very short */
for ( dlm = dli->dli_dlm; dlm; dlm = dlm->dlm_next ) {
if ( dlm->dlm_member_ad == o.ors_attrs[j].an_desc ) {
break;
}
}
if ( dlm == NULL ) {
continue;
}
}
} else {
if ( !userattrs &&
o.ors_attrs[j].an_desc != NULL &&
!ad_inlist( o.ors_attrs[j].an_desc, rs->sr_attrs ) )
{
/* lookup if mapped -- linear search,
* not very efficient unless list
* is very short */
for ( dlm = dli->dli_dlm; dlm; dlm = dlm->dlm_next ) {
if ( dlm->dlm_member_ad == o.ors_attrs[j].an_desc ) {
break;
}
}
if ( dlm == NULL ) {
continue;
}
}
}
}
j++;
}
if ( j == 0 ) {
goto cleanup;
}
BER_BVZERO( &o.ors_attrs[j].an_name );
}
if ( lud->lud_filter == NULL ) {
ber_dupbv_x( &o.ors_filterstr,
&dli->dli_default_filter, op->o_tmpmemctx );
} else {
struct berval flt;
ber_str2bv( lud->lud_filter, 0, 0, &flt );
if ( dynlist_make_filter( op, rs->sr_entry, url->bv_val, &flt, &o.ors_filterstr ) ) {
/* error */
goto cleanup;
}
}
o.ors_filter = str2filter_x( op, o.ors_filterstr.bv_val );
if ( o.ors_filter == NULL ) {
goto cleanup;
}
o.o_bd = select_backend( &o.o_req_ndn, 1 );
if ( o.o_bd && o.o_bd->be_search ) {
SlapReply r = { REP_SEARCH };
r.sr_attr_flags = slap_attr_flags( o.ors_attrs );
(void)o.o_bd->be_search( &o, &r );
}
cleanup:;
if ( id ) {
slap_op_groups_free( &o );
}
if ( o.ors_filter ) {
filter_free_x( &o, o.ors_filter, 1 );
}
if ( o.ors_attrs && o.ors_attrs != rs->sr_attrs
&& o.ors_attrs != slap_anlist_no_attrs )
{
op->o_tmpfree( o.ors_attrs, op->o_tmpmemctx );
}
if ( !BER_BVISNULL( &o.o_req_dn ) ) {
op->o_tmpfree( o.o_req_dn.bv_val, op->o_tmpmemctx );
}
if ( !BER_BVISNULL( &o.o_req_ndn ) ) {
op->o_tmpfree( o.o_req_ndn.bv_val, op->o_tmpmemctx );
}
assert( BER_BVISNULL( &o.ors_filterstr )
|| o.ors_filterstr.bv_val != lud->lud_filter );
op->o_tmpfree( o.ors_filterstr.bv_val, op->o_tmpmemctx );
ldap_free_urldesc( lud );
}
if ( e != rs->sr_entry ) {
rs_replace_entry( op, rs, (slap_overinst *)op->o_bd->bd_info, e );
rs->sr_flags |= REP_ENTRY_MODIFIABLE | REP_ENTRY_MUSTBEFREED;
}
return SLAP_CB_CONTINUE;
}
static int translucent_search_cb(Operation *op, SlapReply *rs) {
trans_ctx *tc;
BackendDB *db;
slap_overinst *on;
translucent_info *ov;
Entry *le, *re;
Attribute *a, *ax, *an, *as = NULL;
int rc;
int test_f = 0;
tc = op->o_callback->sc_private;
/* Don't let the op complete while we're gathering data */
if ( rs->sr_type == REP_RESULT && ( tc->step & USE_LIST ))
return 0;
if(rs->sr_type != REP_SEARCH || !rs->sr_entry)
return(SLAP_CB_CONTINUE);
Debug(LDAP_DEBUG_TRACE, "==> translucent_search_cb: %s\n",
rs->sr_entry->e_name.bv_val, 0, 0);
op->ors_slimit = tc->slimit + ( tc->slimit > 0 ? 1 : 0 );
if ( op->ors_attrs == slap_anlist_all_attributes ) {
op->ors_attrs = tc->attrs;
rs->sr_attrs = tc->attrs;
rs->sr_attr_flags = slap_attr_flags( rs->sr_attrs );
}
on = tc->on;
ov = on->on_bi.bi_private;
db = op->o_bd;
re = NULL;
/* If we have local, get remote */
if ( tc->step & LCL_SIDE ) {
le = rs->sr_entry;
/* If entry is already on list, use it */
if ( tc->step & USE_LIST ) {
re = tavl_delete( &tc->list, le, entry_dn_cmp );
if ( re ) {
rs_flush_entry( op, rs, on );
rc = test_filter( op, re, tc->orig );
if ( rc == LDAP_COMPARE_TRUE ) {
rs->sr_flags |= REP_ENTRY_MUSTBEFREED;
rs->sr_entry = re;
if ( tc->slimit >= 0 && rs->sr_nentries >= tc->slimit ) {
return LDAP_SIZELIMIT_EXCEEDED;
}
return SLAP_CB_CONTINUE;
} else {
entry_free( re );
rs->sr_entry = NULL;
return 0;
}
}
}
op->o_bd = &ov->db;
rc = be_entry_get_rw( op, &rs->sr_entry->e_nname, NULL, NULL, 0, &re );
if ( rc == LDAP_SUCCESS && re ) {
Entry *tmp = entry_dup( re );
be_entry_release_r( op, re );
re = tmp;
test_f = 1;
}
} else {
/* Else we have remote, get local */
op->o_bd = tc->db;
le = NULL;
rc = overlay_entry_get_ov(op, &rs->sr_entry->e_nname, NULL, NULL, 0, &le, on);
if ( rc == LDAP_SUCCESS && le ) {
re = entry_dup( rs->sr_entry );
rs_flush_entry( op, rs, on );
} else {
le = NULL;
}
}
/*
** if we got remote and local entry:
** foreach local attr:
** foreach remote attr:
** if match, remote attr with local attr;
** if new local, add to list;
** append new local attrs to remote;
**
*/
if ( re && le ) {
for(ax = le->e_attrs; ax; ax = ax->a_next) {
for(a = re->e_attrs; a; a = a->a_next) {
if(a->a_desc == ax->a_desc) {
test_f = 1;
if(a->a_vals != a->a_nvals)
ber_bvarray_free(a->a_nvals);
ber_bvarray_free(a->a_vals);
ber_bvarray_dup_x( &a->a_vals, ax->a_vals, NULL );
if ( ax->a_vals == ax->a_nvals ) {
a->a_nvals = a->a_vals;
} else {
ber_bvarray_dup_x( &a->a_nvals, ax->a_nvals, NULL );
}
break;
}
}
if(a) continue;
an = attr_dup(ax);
an->a_next = as;
as = an;
}
/* Dispose of local entry */
if ( tc->step & LCL_SIDE ) {
rs_flush_entry(op, rs, on);
} else {
overlay_entry_release_ov(op, le, 0, on);
}
/* literally append, so locals are always last */
if(as) {
if(re->e_attrs) {
for(ax = re->e_attrs; ax->a_next; ax = ax->a_next);
ax->a_next = as;
} else {
re->e_attrs = as;
}
}
/* If both filters, save entry for later */
if ( tc->step == (USE_LIST|RMT_SIDE) ) {
tavl_insert( &tc->list, re, entry_dn_cmp, avl_dup_error );
rs->sr_entry = NULL;
rc = 0;
} else {
/* send it now */
rs->sr_entry = re;
rs->sr_flags |= REP_ENTRY_MUSTBEFREED;
if ( test_f ) {
rc = test_filter( op, rs->sr_entry, tc->orig );
if ( rc == LDAP_COMPARE_TRUE ) {
rc = SLAP_CB_CONTINUE;
} else {
rc = 0;
}
} else {
rc = SLAP_CB_CONTINUE;
}
}
} else if ( le ) {
/* Only a local entry: remote was deleted
* Ought to delete the local too...
*/
rc = 0;
} else if ( tc->step & USE_LIST ) {
/* Only a remote entry, but both filters:
* Test the complete filter
*/
rc = test_filter( op, rs->sr_entry, tc->orig );
if ( rc == LDAP_COMPARE_TRUE ) {
rc = SLAP_CB_CONTINUE;
} else {
rc = 0;
}
} else {
/* Only a remote entry, only remote filter:
* just pass thru
*/
rc = SLAP_CB_CONTINUE;
}
op->o_bd = db;
if ( rc == SLAP_CB_CONTINUE && tc->slimit >= 0 && rs->sr_nentries >= tc->slimit ) {
return LDAP_SIZELIMIT_EXCEEDED;
}
return rc;
}
static int
allop_op_search( Operation *op, SlapReply *rs )
{
slap_overinst *on = (slap_overinst *)op->o_bd->bd_info;
allop_t *ao = (allop_t *)on->on_bi.bi_private;
slap_mask_t mask;
int i,
add_allUser = 0;
if ( ao == NULL ) {
if ( !BER_BVISEMPTY( &op->o_req_ndn )
|| op->ors_scope != LDAP_SCOPE_BASE )
{
return SLAP_CB_CONTINUE;
}
} else {
if ( !dnIsSuffix( &op->o_req_ndn, &ao->ao_ndn ) ) {
return SLAP_CB_CONTINUE;
}
switch ( ao->ao_scope ) {
case LDAP_SCOPE_BASE:
if ( op->o_req_ndn.bv_len != ao->ao_ndn.bv_len ) {
return SLAP_CB_CONTINUE;
}
break;
case LDAP_SCOPE_ONELEVEL:
if ( op->ors_scope == LDAP_SCOPE_BASE ) {
struct berval rdn = op->o_req_ndn;
rdn.bv_len -= ao->ao_ndn.bv_len + STRLENOF( "," );
if ( !dnIsOneLevelRDN( &rdn ) ) {
return SLAP_CB_CONTINUE;
}
break;
}
return SLAP_CB_CONTINUE;
case LDAP_SCOPE_SUBTREE:
break;
}
}
mask = slap_attr_flags( op->ors_attrs );
if ( SLAP_OPATTRS( mask ) ) {
return SLAP_CB_CONTINUE;
}
if ( !SLAP_USERATTRS( mask ) ) {
return SLAP_CB_CONTINUE;
}
i = 0;
if ( op->ors_attrs == NULL ) {
add_allUser = 1;
} else {
for ( ; !BER_BVISNULL( &op->ors_attrs[ i ].an_name ); i++ )
;
}
op->ors_attrs = op->o_tmprealloc( op->ors_attrs,
sizeof( AttributeName ) * ( i + add_allUser + 2 ),
op->o_tmpmemctx );
if ( add_allUser ) {
op->ors_attrs[ i ] = slap_anlist_all_user_attributes[ 0 ];
i++;
}
op->ors_attrs[ i ] = slap_anlist_all_operational_attributes[ 0 ];
BER_BVZERO( &op->ors_attrs[ i + 1 ].an_name );
return SLAP_CB_CONTINUE;
}
static int translucent_search(Operation *op, SlapReply *rs) {
slap_overinst *on = (slap_overinst *) op->o_bd->bd_info;
translucent_info *ov = on->on_bi.bi_private;
slap_callback cb = { NULL, NULL, NULL, NULL };
trans_ctx tc;
Filter *fl, *fr;
struct berval fbv;
int rc = 0;
if ( op->o_managedsait > SLAP_CONTROL_IGNORED )
return SLAP_CB_CONTINUE;
Debug(LDAP_DEBUG_TRACE, "==> translucent_search: <%s> %s\n",
op->o_req_dn.bv_val, op->ors_filterstr.bv_val, 0);
if(ov->defer_db_open) {
send_ldap_error(op, rs, LDAP_UNAVAILABLE,
"remote DB not available");
return(rs->sr_err);
}
fr = ov->remote ? trans_filter_dup( op, op->ors_filter, ov->remote ) : NULL;
fl = ov->local ? trans_filter_dup( op, op->ors_filter, ov->local ) : NULL;
cb.sc_response = (slap_response *) translucent_search_cb;
cb.sc_private = &tc;
cb.sc_next = op->o_callback;
ov->db.be_acl = op->o_bd->be_acl;
tc.db = op->o_bd;
tc.on = on;
tc.orig = op->ors_filter;
tc.list = NULL;
tc.step = 0;
tc.slimit = op->ors_slimit;
tc.attrs = NULL;
fbv = op->ors_filterstr;
op->o_callback = &cb;
if ( fr || !fl ) {
tc.attrs = op->ors_attrs;
op->ors_slimit = SLAP_NO_LIMIT;
op->ors_attrs = slap_anlist_all_attributes;
op->o_bd = &ov->db;
tc.step |= RMT_SIDE;
if ( fl ) {
tc.step |= USE_LIST;
op->ors_filter = fr;
filter2bv_x( op, fr, &op->ors_filterstr );
}
rc = ov->db.bd_info->bi_op_search(op, rs);
if ( op->ors_attrs == slap_anlist_all_attributes )
op->ors_attrs = tc.attrs;
op->o_bd = tc.db;
if ( fl ) {
op->o_tmpfree( op->ors_filterstr.bv_val, op->o_tmpmemctx );
}
}
if ( fl && !rc ) {
tc.step |= LCL_SIDE;
op->ors_filter = fl;
filter2bv_x( op, fl, &op->ors_filterstr );
rc = overlay_op_walk( op, rs, op_search, on->on_info, on->on_next );
op->o_tmpfree( op->ors_filterstr.bv_val, op->o_tmpmemctx );
}
op->ors_filterstr = fbv;
op->ors_filter = tc.orig;
op->o_callback = cb.sc_next;
rs->sr_attrs = op->ors_attrs;
rs->sr_attr_flags = slap_attr_flags( rs->sr_attrs );
/* Send out anything remaining on the list and finish */
if ( tc.step & USE_LIST ) {
if ( tc.list ) {
Avlnode *av;
av = tavl_end( tc.list, TAVL_DIR_LEFT );
while ( av ) {
rs->sr_entry = av->avl_data;
if ( rc == LDAP_SUCCESS && LDAP_COMPARE_TRUE ==
test_filter( op, rs->sr_entry, op->ors_filter ))
{
rs->sr_flags = REP_ENTRY_MUSTBEFREED;
rc = send_search_entry( op, rs );
} else {
entry_free( rs->sr_entry );
}
av = tavl_next( av, TAVL_DIR_RIGHT );
}
tavl_free( tc.list, NULL );
rs->sr_flags = 0;
rs->sr_entry = NULL;
}
send_ldap_result( op, rs );
}
op->ors_slimit = tc.slimit;
/* Free in reverse order */
if ( fl )
trans_filter_free( op, fl );
if ( fr )
trans_filter_free( op, fr );
return rc;
}
int
slap_send_search_entry( Operation *op, SlapReply *rs )
{
BerElementBuffer berbuf;
BerElement *ber = (BerElement *) &berbuf;
Attribute *a;
int i, j, rc = LDAP_UNAVAILABLE, bytes;
int userattrs;
AccessControlState acl_state = ACL_STATE_INIT;
int attrsonly;
AttributeDescription *ad_entry = slap_schema.si_ad_entry;
/* a_flags: array of flags telling if the i-th element will be
* returned or filtered out
* e_flags: array of a_flags
*/
char **e_flags = NULL;
rs->sr_type = REP_SEARCH;
if ( op->ors_slimit >= 0 && rs->sr_nentries >= op->ors_slimit ) {
rc = LDAP_SIZELIMIT_EXCEEDED;
goto error_return;
}
/* Every 64 entries, check for thread pool pause */
if ( ( ( rs->sr_nentries & 0x3f ) == 0x3f ) &&
ldap_pvt_thread_pool_pausing( &connection_pool ) > 0 )
{
rc = LDAP_BUSY;
goto error_return;
}
/* eventually will loop through generated operational attribute types
* currently implemented types include:
* entryDN, subschemaSubentry, and hasSubordinates */
/* NOTE: moved before overlays callback circling because
* they may modify entry and other stuff in rs */
/* check for special all operational attributes ("+") type */
/* FIXME: maybe we could set this flag at the operation level;
* however, in principle the caller of send_search_entry() may
* change the attribute list at each call */
rs->sr_attr_flags = slap_attr_flags( rs->sr_attrs );
rc = backend_operational( op, rs );
if ( rc ) {
goto error_return;
}
if ( op->o_callback ) {
rc = slap_response_play( op, rs );
if ( rc != SLAP_CB_CONTINUE ) {
goto error_return;
}
}
Debug( LDAP_DEBUG_TRACE, "=> send_search_entry: conn %lu dn=\"%s\"%s\n",
op->o_connid, rs->sr_entry->e_name.bv_val,
op->ors_attrsonly ? " (attrsOnly)" : "" );
attrsonly = op->ors_attrsonly;
if ( !access_allowed( op, rs->sr_entry, ad_entry, NULL, ACL_READ, NULL )) {
Debug( LDAP_DEBUG_ACL,
"send_search_entry: conn %lu access to entry (%s) not allowed\n",
op->o_connid, rs->sr_entry->e_name.bv_val );
rc = LDAP_INSUFFICIENT_ACCESS;
goto error_return;
}
if ( op->o_res_ber ) {
/* read back control or LDAP_CONNECTIONLESS */
ber = op->o_res_ber;
} else {
struct berval bv;
bv.bv_len = entry_flatsize( rs->sr_entry, 0 );
bv.bv_val = op->o_tmpalloc( bv.bv_len, op->o_tmpmemctx );
ber_init2( ber, &bv, LBER_USE_DER );
ber_set_option( ber, LBER_OPT_BER_MEMCTX, &op->o_tmpmemctx );
}
#ifdef LDAP_CONNECTIONLESS
if ( op->o_conn && op->o_conn->c_is_udp ) {
/* CONNECTIONLESS */
if ( op->o_protocol == LDAP_VERSION2 ) {
rc = ber_printf(ber, "t{O{" /*}}*/,
LDAP_RES_SEARCH_ENTRY, &rs->sr_entry->e_name );
} else {
rc = ber_printf( ber, "{it{O{" /*}}}*/, op->o_msgid,
LDAP_RES_SEARCH_ENTRY, &rs->sr_entry->e_name );
}
} else
#endif
if ( op->o_res_ber ) {
/* read back control */
rc = ber_printf( ber, "t{O{" /*}}*/,
LDAP_RES_SEARCH_ENTRY, &rs->sr_entry->e_name );
} else {
rc = ber_printf( ber, "{it{O{" /*}}}*/, op->o_msgid,
LDAP_RES_SEARCH_ENTRY, &rs->sr_entry->e_name );
}
if ( rc == -1 ) {
Debug( LDAP_DEBUG_ANY,
"send_search_entry: conn %lu ber_printf failed\n",
op->o_connid );
if ( op->o_res_ber == NULL ) ber_free_buf( ber );
set_ldap_error( rs, LDAP_OTHER, "encoding DN error" );
rc = rs->sr_err;
goto error_return;
}
/* check for special all user attributes ("*") type */
userattrs = SLAP_USERATTRS( rs->sr_attr_flags );
/* create an array of arrays of flags. Each flag corresponds
* to particular value of attribute and equals 1 if value matches
* to ValuesReturnFilter or 0 if not
*/
if ( op->o_vrFilter != NULL ) {
int k = 0;
size_t size;
for ( a = rs->sr_entry->e_attrs, i=0; a != NULL; a = a->a_next, i++ ) {
for ( j = 0; a->a_vals[j].bv_val != NULL; j++ ) k++;
}
size = i * sizeof(char *) + k;
if ( size > 0 ) {
char *a_flags;
e_flags = slap_sl_calloc ( 1, i * sizeof(char *) + k, op->o_tmpmemctx );
if( e_flags == NULL ) {
Debug( LDAP_DEBUG_ANY,
"send_search_entry: conn %lu slap_sl_calloc failed\n",
op->o_connid );
ber_free( ber, 1 );
set_ldap_error( rs, LDAP_OTHER, "out of memory" );
goto error_return;
}
a_flags = (char *)(e_flags + i);
memset( a_flags, 0, k );
for ( a=rs->sr_entry->e_attrs, i=0; a != NULL; a=a->a_next, i++ ) {
for ( j = 0; a->a_vals[j].bv_val != NULL; j++ );
e_flags[i] = a_flags;
a_flags += j;
}
rc = filter_matched_values(op, rs->sr_entry->e_attrs, &e_flags) ;
if ( rc == -1 ) {
Debug( LDAP_DEBUG_ANY, "send_search_entry: "
"conn %lu matched values filtering failed\n",
op->o_connid );
if ( op->o_res_ber == NULL ) ber_free_buf( ber );
set_ldap_error( rs, LDAP_OTHER,
"matched values filtering error" );
rc = rs->sr_err;
goto error_return;
}
}
}
for ( a = rs->sr_entry->e_attrs, j = 0; a != NULL; a = a->a_next, j++ ) {
AttributeDescription *desc = a->a_desc;
int finish = 0;
if ( rs->sr_attrs == NULL ) {
/* all user attrs request, skip operational attributes */
if( is_at_operational( desc->ad_type ) ) {
continue;
}
} else {
/* specific attrs requested */
if ( is_at_operational( desc->ad_type ) ) {
/* if not explicitly requested */
if ( !ad_inlist( desc, rs->sr_attrs )) {
/* if not all op attrs requested, skip */
if ( !SLAP_OPATTRS( rs->sr_attr_flags ))
continue;
/* if DSA-specific and replicating, skip */
if ( op->o_sync != SLAP_CONTROL_NONE &&
desc->ad_type->sat_usage == LDAP_SCHEMA_DSA_OPERATION )
continue;
}
} else {
if ( !userattrs && !ad_inlist( desc, rs->sr_attrs ) ) {
continue;
}
}
}
if ( attrsonly ) {
if ( ! access_allowed( op, rs->sr_entry, desc, NULL,
ACL_READ, &acl_state ) )
{
Debug( LDAP_DEBUG_ACL, "send_search_entry: "
"conn %lu access to attribute %s not allowed\n",
op->o_connid, desc->ad_cname.bv_val );
continue;
}
if (( rc = ber_printf( ber, "{O[" /*]}*/ , &desc->ad_cname )) == -1 ) {
Debug( LDAP_DEBUG_ANY,
"send_search_entry: conn %lu ber_printf failed\n",
op->o_connid );
if ( op->o_res_ber == NULL ) ber_free_buf( ber );
set_ldap_error( rs, LDAP_OTHER,
"encoding description error");
rc = rs->sr_err;
goto error_return;
}
finish = 1;
} else {
int first = 1;
for ( i = 0; a->a_nvals[i].bv_val != NULL; i++ ) {
if ( ! access_allowed( op, rs->sr_entry,
desc, &a->a_nvals[i], ACL_READ, &acl_state ) )
{
Debug( LDAP_DEBUG_ACL,
"send_search_entry: conn %lu "
"access to attribute %s, value #%d not allowed\n",
op->o_connid, desc->ad_cname.bv_val, i );
continue;
}
if ( op->o_vrFilter && e_flags[j][i] == 0 ){
continue;
}
if ( first ) {
first = 0;
finish = 1;
if (( rc = ber_printf( ber, "{O[" /*]}*/ , &desc->ad_cname )) == -1 ) {
Debug( LDAP_DEBUG_ANY,
"send_search_entry: conn %lu ber_printf failed\n",
op->o_connid );
if ( op->o_res_ber == NULL ) ber_free_buf( ber );
set_ldap_error( rs, LDAP_OTHER,
"encoding description error");
rc = rs->sr_err;
goto error_return;
}
}
if (( rc = ber_printf( ber, "O", &a->a_vals[i] )) == -1 ) {
Debug( LDAP_DEBUG_ANY,
"send_search_entry: conn %lu "
"ber_printf failed.\n", op->o_connid );
if ( op->o_res_ber == NULL ) ber_free_buf( ber );
set_ldap_error( rs, LDAP_OTHER,
"encoding values error" );
rc = rs->sr_err;
goto error_return;
}
}
}
if ( finish && ( rc = ber_printf( ber, /*{[*/ "]N}" )) == -1 ) {
Debug( LDAP_DEBUG_ANY,
"send_search_entry: conn %lu ber_printf failed\n",
op->o_connid );
if ( op->o_res_ber == NULL ) ber_free_buf( ber );
set_ldap_error( rs, LDAP_OTHER, "encode end error" );
rc = rs->sr_err;
goto error_return;
}
}
/* NOTE: moved before overlays callback circling because
* they may modify entry and other stuff in rs */
if ( rs->sr_operational_attrs != NULL && op->o_vrFilter != NULL ) {
int k = 0;
size_t size;
for ( a = rs->sr_operational_attrs, i=0; a != NULL; a = a->a_next, i++ ) {
for ( j = 0; a->a_vals[j].bv_val != NULL; j++ ) k++;
}
size = i * sizeof(char *) + k;
if ( size > 0 ) {
char *a_flags, **tmp;
/*
* Reuse previous memory - we likely need less space
* for operational attributes
*/
tmp = slap_sl_realloc( e_flags, i * sizeof(char *) + k,
op->o_tmpmemctx );
if ( tmp == NULL ) {
Debug( LDAP_DEBUG_ANY,
"send_search_entry: conn %lu "
"not enough memory "
"for matched values filtering\n",
op->o_connid );
if ( op->o_res_ber == NULL ) ber_free_buf( ber );
set_ldap_error( rs, LDAP_OTHER,
"not enough memory for matched values filtering" );
goto error_return;
}
e_flags = tmp;
a_flags = (char *)(e_flags + i);
memset( a_flags, 0, k );
for ( a = rs->sr_operational_attrs, i=0; a != NULL; a = a->a_next, i++ ) {
for ( j = 0; a->a_vals[j].bv_val != NULL; j++ );
e_flags[i] = a_flags;
a_flags += j;
}
rc = filter_matched_values(op, rs->sr_operational_attrs, &e_flags) ;
if ( rc == -1 ) {
Debug( LDAP_DEBUG_ANY,
"send_search_entry: conn %lu "
"matched values filtering failed\n",
op->o_connid);
if ( op->o_res_ber == NULL ) ber_free_buf( ber );
set_ldap_error( rs, LDAP_OTHER,
"matched values filtering error" );
rc = rs->sr_err;
goto error_return;
}
}
}
for (a = rs->sr_operational_attrs, j=0; a != NULL; a = a->a_next, j++ ) {
AttributeDescription *desc = a->a_desc;
if ( rs->sr_attrs == NULL ) {
/* all user attrs request, skip operational attributes */
if( is_at_operational( desc->ad_type ) ) {
continue;
}
} else {
/* specific attrs requested */
if( is_at_operational( desc->ad_type ) ) {
if ( !SLAP_OPATTRS( rs->sr_attr_flags ) &&
!ad_inlist( desc, rs->sr_attrs ) )
{
continue;
}
/* if DSA-specific and replicating, skip */
if ( op->o_sync != SLAP_CONTROL_NONE &&
desc->ad_type->sat_usage == LDAP_SCHEMA_DSA_OPERATION )
continue;
} else {
if ( !userattrs && !ad_inlist( desc, rs->sr_attrs ) ) {
continue;
}
}
}
if ( ! access_allowed( op, rs->sr_entry, desc, NULL,
ACL_READ, &acl_state ) )
{
Debug( LDAP_DEBUG_ACL,
"send_search_entry: conn %lu "
"access to attribute %s not allowed\n",
op->o_connid, desc->ad_cname.bv_val );
continue;
}
rc = ber_printf( ber, "{O[" /*]}*/ , &desc->ad_cname );
if ( rc == -1 ) {
Debug( LDAP_DEBUG_ANY,
"send_search_entry: conn %lu "
"ber_printf failed\n", op->o_connid );
if ( op->o_res_ber == NULL ) ber_free_buf( ber );
set_ldap_error( rs, LDAP_OTHER,
"encoding description error" );
rc = rs->sr_err;
goto error_return;
}
if ( ! attrsonly ) {
for ( i = 0; a->a_vals[i].bv_val != NULL; i++ ) {
if ( ! access_allowed( op, rs->sr_entry,
desc, &a->a_vals[i], ACL_READ, &acl_state ) )
{
Debug( LDAP_DEBUG_ACL,
"send_search_entry: conn %lu "
"access to %s, value %d not allowed\n",
op->o_connid, desc->ad_cname.bv_val, i );
continue;
}
if ( op->o_vrFilter && e_flags[j][i] == 0 ){
continue;
}
if (( rc = ber_printf( ber, "O", &a->a_vals[i] )) == -1 ) {
Debug( LDAP_DEBUG_ANY,
"send_search_entry: conn %lu ber_printf failed\n",
op->o_connid );
if ( op->o_res_ber == NULL ) ber_free_buf( ber );
set_ldap_error( rs, LDAP_OTHER,
"encoding values error" );
rc = rs->sr_err;
goto error_return;
}
}
}
if (( rc = ber_printf( ber, /*{[*/ "]N}" )) == -1 ) {
Debug( LDAP_DEBUG_ANY,
"send_search_entry: conn %lu ber_printf failed\n",
op->o_connid );
if ( op->o_res_ber == NULL ) ber_free_buf( ber );
set_ldap_error( rs, LDAP_OTHER, "encode end error" );
rc = rs->sr_err;
goto error_return;
}
}
/* free e_flags */
if ( e_flags ) {
slap_sl_free( e_flags, op->o_tmpmemctx );
e_flags = NULL;
}
rc = ber_printf( ber, /*{{*/ "}N}" );
if( rc != -1 ) {
rc = send_ldap_controls( op, ber, rs->sr_ctrls );
}
if( rc != -1 ) {
#ifdef LDAP_CONNECTIONLESS
if( op->o_conn && op->o_conn->c_is_udp ) {
if ( op->o_protocol != LDAP_VERSION2 ) {
rc = ber_printf( ber, /*{*/ "N}" );
}
} else
#endif
if ( op->o_res_ber == NULL ) {
rc = ber_printf( ber, /*{*/ "N}" );
}
}
if ( rc == -1 ) {
Debug( LDAP_DEBUG_ANY, "ber_printf failed\n" );
if ( op->o_res_ber == NULL ) ber_free_buf( ber );
set_ldap_error( rs, LDAP_OTHER, "encode entry end error" );
rc = rs->sr_err;
goto error_return;
}
Statslog( LDAP_DEBUG_STATS2, "%s ENTRY dn=\"%s\"\n",
op->o_log_prefix, rs->sr_entry->e_nname.bv_val );
rs_flush_entry( op, rs, NULL );
if ( op->o_res_ber == NULL ) {
bytes = send_ldap_ber( op, ber );
ber_free_buf( ber );
if ( bytes < 0 ) {
Debug( LDAP_DEBUG_ANY,
"send_search_entry: conn %lu ber write failed.\n",
op->o_connid );
rc = LDAP_UNAVAILABLE;
goto error_return;
}
rs->sr_nentries++;
ldap_pvt_thread_mutex_lock( &op->o_counters->sc_mutex );
ldap_pvt_mp_add_ulong( op->o_counters->sc_bytes, (unsigned long)bytes );
ldap_pvt_mp_add_ulong( op->o_counters->sc_entries, 1 );
ldap_pvt_mp_add_ulong( op->o_counters->sc_pdu, 1 );
ldap_pvt_thread_mutex_unlock( &op->o_counters->sc_mutex );
}
Debug( LDAP_DEBUG_TRACE,
"<= send_search_entry: conn %lu exit.\n", op->o_connid );
rc = LDAP_SUCCESS;
error_return:;
if ( op->o_callback ) {
(void)slap_cleanup_play( op, rs );
}
if ( e_flags ) {
slap_sl_free( e_flags, op->o_tmpmemctx );
}
/* FIXME: Can break if rs now contains an extended response */
if ( rs->sr_operational_attrs ) {
attrs_free( rs->sr_operational_attrs );
rs->sr_operational_attrs = NULL;
}
rs->sr_attr_flags = SLAP_ATTRS_UNDEFINED;
if ( op->o_tag == LDAP_REQ_SEARCH && rs->sr_type == REP_SEARCH ) {
rs_flush_entry( op, rs, NULL );
} else {
RS_ASSERT( (rs->sr_flags & REP_ENTRY_MASK) == 0 );
}
if ( rs->sr_flags & REP_CTRLS_MUSTBEFREED ) {
rs->sr_flags ^= REP_CTRLS_MUSTBEFREED; /* paranoia */
if ( rs->sr_ctrls ) {
slap_free_ctrls( op, rs->sr_ctrls );
rs->sr_ctrls = NULL;
}
}
return( rc );
}
