]> git.sur5r.net Git - openldap/blob - servers/slapd/back-ldap/search.c
#ifdef -DSLAP_NVALUES
[openldap] / servers / slapd / back-ldap / search.c
1 /* search.c - ldap backend search function */
2 /* $OpenLDAP$ */
3 /*
4  * Copyright 1998-2003 The OpenLDAP Foundation, All Rights Reserved.
5  * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
6  */
7 /* This is an altered version */
8 /*
9  * Copyright 1999, Howard Chu, All rights reserved. <hyc@highlandsun.com>
10  * 
11  * Permission is granted to anyone to use this software for any purpose
12  * on any computer system, and to alter it and redistribute it, subject
13  * to the following restrictions:
14  * 
15  * 1. The author is not responsible for the consequences of use of this
16  *    software, no matter how awful, even if they arise from flaws in it.
17  * 
18  * 2. The origin of this software must not be misrepresented, either by
19  *    explicit claim or by omission.  Since few users ever read sources,
20  *    credits should appear in the documentation.
21  * 
22  * 3. Altered versions must be plainly marked as such, and must not be
23  *    misrepresented as being the original software.  Since few users
24  *    ever read sources, credits should appear in the documentation.
25  * 
26  * 4. This notice may not be removed or altered.
27  *
28  *
29  *
30  * Copyright 2000, Pierangelo Masarati, All rights reserved. <ando@sys-net.it>
31  * 
32  * This software is being modified by Pierangelo Masarati.
33  * The previously reported conditions apply to the modified code as well.
34  * Changes in the original code are highlighted where required.
35  * Credits for the original code go to the author, Howard Chu.
36  */
37
38 #include "portable.h"
39
40 #include <stdio.h>
41
42 #include <ac/socket.h>
43 #include <ac/string.h>
44 #include <ac/time.h>
45
46 #include "slap.h"
47 #include "back-ldap.h"
48 #undef ldap_debug       /* silence a warning in ldap-int.h */
49 #include "../../../libraries/libldap/ldap-int.h"
50
51 #include "lutil.h"
52
53 static int
54 ldap_build_entry( Operation *op, LDAPMessage *e, Entry *ent,
55          struct berval *bdn, int flags );
56 #define LDAP_BUILD_ENTRY_PRIVATE        0x01
57 #define LDAP_BUILD_ENTRY_NORMALIZE      0x02
58
59 static struct berval dummy = { 0, NULL };
60
61 int
62 ldap_back_search(
63     Operation   *op,
64     SlapReply *rs )
65 {
66         struct ldapinfo *li = (struct ldapinfo *) op->o_bd->be_private;
67         struct ldapconn *lc;
68         struct timeval  tv;
69         LDAPMessage             *res, *e;
70         int     count, rc = 0, msgid; 
71         char *match = NULL;
72         char **mapped_attrs = NULL;
73         struct berval mbase;
74         struct berval mfilter = { 0, NULL };
75         struct slap_limits_set *limit = NULL;
76         int isroot = 0;
77
78         lc = ldap_back_getconn(op, rs);
79         if ( !lc ) {
80                 return( -1 );
81         }
82
83         /*
84          * FIXME: in case of values return filter, we might want
85          * to map attrs and maybe rewrite value
86          */
87         if ( !ldap_back_dobind( lc, op, rs ) ) {
88                 return( -1 );
89         }
90
91         /* if not root, get appropriate limits */
92         if ( be_isroot( op->o_bd, &op->o_ndn ) ) {
93                 isroot = 1;
94         } else {
95                 ( void ) get_limits( op->o_bd, &op->o_ndn, &limit );
96         }
97         
98         /* if no time limit requested, rely on remote server limits */
99         /* if requested limit higher than hard limit, abort */
100         if ( !isroot && op->oq_search.rs_tlimit > limit->lms_t_hard ) {
101                 /* no hard limit means use soft instead */
102                 if ( limit->lms_t_hard == 0
103                                 && limit->lms_t_soft > -1
104                                 && op->oq_search.rs_tlimit > limit->lms_t_soft ) {
105                         op->oq_search.rs_tlimit = limit->lms_t_soft;
106                         
107                 /* positive hard limit means abort */
108                 } else if ( limit->lms_t_hard > 0 ) {
109                         rs->sr_err = LDAP_ADMINLIMIT_EXCEEDED;
110                         send_ldap_result( op, rs );
111                         rc = 0;
112                         goto finish;
113                 }
114                 
115                 /* negative hard limit means no limit */
116         }
117         
118         /* if no size limit requested, rely on remote server limits */
119         /* if requested limit higher than hard limit, abort */
120         if ( !isroot && op->oq_search.rs_slimit > limit->lms_s_hard ) {
121                 /* no hard limit means use soft instead */
122                 if ( limit->lms_s_hard == 0
123                                 && limit->lms_s_soft > -1
124                                 && op->oq_search.rs_slimit > limit->lms_s_soft ) {
125                         op->oq_search.rs_slimit = limit->lms_s_soft;
126                         
127                 /* positive hard limit means abort */
128                 } else if ( limit->lms_s_hard > 0 ) {
129                         rs->sr_err = LDAP_ADMINLIMIT_EXCEEDED;
130                         send_ldap_result( op, rs );
131                         rc = 0;
132                         goto finish;
133                 }
134                 
135                 /* negative hard limit means no limit */
136         }
137
138         /* should we check return values? */
139         if (op->oq_search.rs_deref != -1)
140                 ldap_set_option( lc->ld, LDAP_OPT_DEREF, (void *)&op->oq_search.rs_deref);
141         if (op->oq_search.rs_tlimit != -1) {
142                 tv.tv_sec = op->oq_search.rs_tlimit;
143                 tv.tv_usec = 0;
144         } else {
145                 tv.tv_sec = 0;
146         }
147
148         /*
149          * Rewrite the search base, if required
150          */
151 #ifdef ENABLE_REWRITE
152         switch ( rewrite_session( li->rwinfo, "searchBase",
153                                 op->o_req_dn.bv_val, op->o_conn, &mbase.bv_val ) ) {
154         case REWRITE_REGEXEC_OK:
155                 if ( mbase.bv_val == NULL ) {
156                         mbase = op->o_req_dn;
157                 } else {
158                         mbase.bv_len = strlen( mbase.bv_val );
159                 }
160 #ifdef NEW_LOGGING
161                 LDAP_LOG( BACK_LDAP, DETAIL1, 
162                         "[rw] searchBase: \"%s\" -> \"%s\"\n", 
163                         op->o_req_dn.bv_val, mbase.bv_val, 0 );
164 #else /* !NEW_LOGGING */
165                 Debug( LDAP_DEBUG_ARGS, "rw> searchBase: \"%s\" -> \"%s\"\n%s",
166                                 op->o_req_dn.bv_val, mbase.bv_val, "" );
167 #endif /* !NEW_LOGGING */
168                 break;
169                 
170         case REWRITE_REGEXEC_UNWILLING:
171                 send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM,
172                                 "Operation not allowed" );
173                 rc = -1;
174                 goto finish;
175
176         case REWRITE_REGEXEC_ERR:
177                 send_ldap_error( op, rs, LDAP_OTHER,
178                                 "Rewrite error" );
179                 rc = -1;
180                 goto finish;
181         }
182
183 #else /* !ENABLE_REWRITE */
184         ldap_back_dn_massage( li, &op->o_req_dn, &mbase, 0, 1 );
185 #endif /* !ENABLE_REWRITE */
186
187 #ifdef ENABLE_REWRITE
188         rc = ldap_back_filter_map_rewrite_( li->rwinfo, op->o_conn,
189                         &li->at_map, &li->oc_map, op->oq_search.rs_filter, &mfilter, 
190                         BACKLDAP_MAP );
191 #else /* ! ENABLE_REWRITE */
192         rc = ldap_back_filter_map_rewrite_( &li->at_map, &li->oc_map, 
193                         op->oq_search.rs_filter, &mfilter, BACKLDAP_MAP );
194 #endif /* ! ENABLE_REWRITE */
195
196         if ( rc ) {
197                 rc = -1;
198                 goto finish;
199         }
200
201         mapped_attrs = ldap_back_map_attrs(&li->at_map, op->oq_search.rs_attrs, BACKLDAP_MAP);
202         if ( mapped_attrs == NULL && op->oq_search.rs_attrs) {
203                 for (count=0; op->oq_search.rs_attrs[count].an_name.bv_val; count++);
204                 mapped_attrs = ch_malloc( (count+1) * sizeof(char *));
205                 for (count=0; op->oq_search.rs_attrs[count].an_name.bv_val; count++) {
206                         mapped_attrs[count] = op->oq_search.rs_attrs[count].an_name.bv_val;
207                 }
208                 mapped_attrs[count] = NULL;
209         }
210
211         rs->sr_err = ldap_search_ext(lc->ld, mbase.bv_val, op->oq_search.rs_scope, mfilter.bv_val,
212                         mapped_attrs, op->oq_search.rs_attrsonly, op->o_ctrls, NULL, tv.tv_sec ? &tv
213                         : NULL, op->oq_search.rs_slimit, &msgid);
214         if ( rs->sr_err != LDAP_SUCCESS ) {
215 fail:;
216                 rc = ldap_back_op_result(lc, op, rs, msgid, 0);
217                 goto finish;
218         }
219
220         /* We pull apart the ber result, stuff it into a slapd entry, and
221          * let send_search_entry stuff it back into ber format. Slow & ugly,
222          * but this is necessary for version matching, and for ACL processing.
223          */
224
225         for ( rc=0; rc != -1; rc = ldap_result(lc->ld, msgid, 0, &tv, &res))
226         {
227                 /* check for abandon */
228                 if (op->o_abandon) {
229                         ldap_abandon(lc->ld, msgid);
230                         rc = 0;
231                         goto finish;
232                 }
233
234                 if (rc == 0) {
235                         tv.tv_sec = 0;
236                         tv.tv_usec = 100000;
237                         ldap_pvt_thread_yield();
238
239                 } else if (rc == LDAP_RES_SEARCH_ENTRY) {
240                         Entry ent;
241                         struct berval bdn;
242                         e = ldap_first_entry(lc->ld,res);
243                         if ( ldap_build_entry(op, e, &ent, &bdn,
244                                                 LDAP_BUILD_ENTRY_PRIVATE) == LDAP_SUCCESS ) {
245                                 rs->sr_entry = &ent;
246                                 rs->sr_attrs = op->oq_search.rs_attrs;
247                                 send_search_entry( op, rs );
248                                 while (ent.e_attrs) {
249                                         Attribute *a;
250                                         BerVarray v;
251
252                                         a = ent.e_attrs;
253                                         ent.e_attrs = a->a_next;
254
255                                         v = a->a_vals;
256                                         if (a->a_vals != &dummy)
257                                                 ber_bvarray_free(a->a_vals);
258                                         if (a->a_nvals != v)
259                                                 ber_bvarray_free(a->a_nvals);
260                                         ch_free(a);
261                                 }
262                                 
263                                 if ( ent.e_dn && ( ent.e_dn != bdn.bv_val ) )
264                                         free( ent.e_dn );
265                                 if ( ent.e_ndn )
266                                         free( ent.e_ndn );
267                         }
268                         ldap_msgfree(res);
269
270                 } else if ( rc == LDAP_RES_SEARCH_REFERENCE ) {
271                         char            **references = NULL;
272                         int             cnt;
273
274                         rc = ldap_parse_reference( lc->ld, res,
275                                         &references, &rs->sr_ctrls, 1 );
276
277                         if ( rc != LDAP_SUCCESS ) {
278                                 continue;
279                         }
280
281                         if ( references == NULL ) {
282                                 continue;
283                         }
284
285                         for ( cnt = 0; references[ cnt ]; cnt++ )
286                                 /* NO OP */ ;
287                                 
288                         rs->sr_ref = ch_calloc( cnt + 1, sizeof( struct berval ) );
289
290                         for ( cnt = 0; references[ cnt ]; cnt++ ) {
291                                 rs->sr_ref[ cnt ].bv_val = references[ cnt ];
292                                 rs->sr_ref[ cnt ].bv_len = strlen( references[ cnt ] );
293                         }
294
295                         /* ignore return value by now */
296                         ( void )send_search_reference( op, rs );
297
298                         /* cleanup */
299                         if ( references ) {
300                                 ldap_value_free( references );
301                                 ch_free( rs->sr_ref );
302                                 rs->sr_ref = NULL;
303                         }
304
305                         if ( rs->sr_ctrls ) {
306                                 ldap_controls_free( rs->sr_ctrls );
307                                 rs->sr_ctrls = NULL;
308                         }
309
310                 } else {
311                         rc = ldap_parse_result(lc->ld, res, &rs->sr_err, &match,
312                                 (char **)&rs->sr_text, NULL, NULL, 1);
313                         if (rc != LDAP_SUCCESS ) rs->sr_err = rc;
314                         rs->sr_err = ldap_back_map_result(rs);
315                         rc = 0;
316                         break;
317                 }
318         }
319
320         if (rc == -1)
321                 goto fail;
322
323 #ifdef ENABLE_REWRITE
324         /*
325          * Rewrite the matched portion of the search base, if required
326          */
327         if ( match != NULL ) {
328                 switch ( rewrite_session( li->rwinfo, "matchedDn",
329                                 match, op->o_conn, (char **)&rs->sr_matched ) ) {
330                 case REWRITE_REGEXEC_OK:
331                         if ( rs->sr_matched == NULL ) {
332                                 rs->sr_matched = ( char * )match;
333                         }
334 #ifdef NEW_LOGGING
335                         LDAP_LOG( BACK_LDAP, DETAIL1, 
336                                 "[rw]  matchedDn:" " \"%s\" -> \"%s\"\n", match, rs->sr_matched, 0 );
337 #else /* !NEW_LOGGING */
338                         Debug( LDAP_DEBUG_ARGS, "rw> matchedDn:"
339                                         " \"%s\" -> \"%s\"\n%s",
340                                         match, rs->sr_matched, "" );
341 #endif /* !NEW_LOGGING */
342                         break;
343                         
344                 case REWRITE_REGEXEC_UNWILLING:
345                         
346                 case REWRITE_REGEXEC_ERR:
347                         /* FIXME: no error, but no matched ... */
348                         rs->sr_matched = NULL;
349                         break;
350                 }
351         }
352 #else /* !ENABLE_REWRITE */
353         if ( match != NULL ) {
354                 struct berval dn, mdn;
355
356                 ber_str2bv(match, 0, 0, &dn);
357                 ldap_back_dn_massage(li, &dn, &mdn, 0, 0);
358                 rs->sr_matched = mdn.bv_val;
359         }
360 #endif /* !ENABLE_REWRITE */
361         if ( rs->sr_v2ref ) {
362                 rs->sr_err = LDAP_REFERRAL;
363         }
364         send_ldap_result( op, rs );
365
366 finish:;
367         if ( match ) {
368                 if ( rs->sr_matched != match ) {
369                         free( (char *)rs->sr_matched );
370                 }
371                 rs->sr_matched = NULL;
372                 LDAP_FREE(match);
373         }
374         if ( rs->sr_text ) {
375                 LDAP_FREE( (char *)rs->sr_text );
376                 rs->sr_text = NULL;
377         }
378         if ( mapped_attrs ) {
379                 ch_free( mapped_attrs );
380         }
381         if ( mfilter.bv_val != op->oq_search.rs_filterstr.bv_val ) {
382                 ch_free( mfilter.bv_val );
383         }
384         if ( mbase.bv_val != op->o_req_dn.bv_val ) {
385                 free( mbase.bv_val );
386         }
387         
388         return rc;
389 }
390
391 static int
392 ldap_build_entry(
393         Operation *op,
394         LDAPMessage *e,
395         Entry *ent,
396         struct berval *bdn,
397         int flags
398 )
399 {
400         struct ldapinfo *li = (struct ldapinfo *) op->o_bd->be_private;
401         struct berval a, mapped;
402         BerElement ber = *e->lm_ber;
403         Attribute *attr, **attrp;
404         struct berval *bv;
405         const char *text;
406         int last;
407         int private = flags & LDAP_BUILD_ENTRY_PRIVATE;
408         int normalize = flags & LDAP_BUILD_ENTRY_NORMALIZE;
409
410         /* safe assumptions ... */
411         assert( ent );
412         ent->e_bv.bv_val = NULL;
413
414         if ( ber_scanf( &ber, "{m{", bdn ) == LBER_ERROR ) {
415                 return LDAP_DECODING_ERROR;
416         }
417 #ifdef ENABLE_REWRITE
418
419         /*
420          * Rewrite the dn of the result, if needed
421          */
422         switch ( rewrite_session( li->rwinfo, "searchResult",
423                                 bdn->bv_val, op->o_conn,
424                                 &ent->e_name.bv_val ) ) {
425         case REWRITE_REGEXEC_OK:
426                 if ( ent->e_name.bv_val == NULL ) {
427                         ent->e_name = *bdn;
428                 } else {
429 #ifdef NEW_LOGGING
430                         LDAP_LOG( BACK_LDAP, DETAIL1, 
431                                 "[rw] searchResult: \"%s\"" " -> \"%s\"\n", 
432                                 bdn->bv_val, ent->e_dn, 0 );
433 #else /* !NEW_LOGGING */
434                         Debug( LDAP_DEBUG_ARGS, "rw> searchResult: \"%s\""
435                                         " -> \"%s\"\n%s", bdn->bv_val, ent->e_dn, "" );
436 #endif /* !NEW_LOGGING */
437                         ent->e_name.bv_len = strlen( ent->e_name.bv_val );
438                 }
439                 break;
440                 
441         case REWRITE_REGEXEC_ERR:
442         case REWRITE_REGEXEC_UNWILLING:
443                 return LDAP_OTHER;
444         }
445 #else /* !ENABLE_REWRITE */
446         ldap_back_dn_massage( li, bdn, &ent->e_name, 0, 0 );
447 #endif /* !ENABLE_REWRITE */
448
449         /*
450          * Note: this may fail if the target host(s) schema differs
451          * from the one known to the meta, and a DN with unknown
452          * attributes is returned.
453          * 
454          * FIXME: should we log anything, or delegate to dnNormalize2?
455          */
456         if ( dnNormalize2( NULL, &ent->e_name, &ent->e_nname ) != LDAP_SUCCESS ) {
457                 return LDAP_INVALID_DN_SYNTAX;
458         }
459         
460         ent->e_id = 0;
461         ent->e_attrs = 0;
462         ent->e_private = 0;
463         attrp = &ent->e_attrs;
464
465         while ( ber_scanf( &ber, "{m", &a ) != LBER_ERROR ) {
466                 ldap_back_map(&li->at_map, &a, &mapped, BACKLDAP_REMAP);
467                 if (mapped.bv_val == NULL || mapped.bv_val[0] == '\0')
468                         continue;
469                 attr = (Attribute *)ch_malloc( sizeof(Attribute) );
470                 if (attr == NULL)
471                         continue;
472                 attr->a_flags = 0;
473                 attr->a_next = 0;
474                 attr->a_desc = NULL;
475                 if (slap_bv2ad(&mapped, &attr->a_desc, &text) != LDAP_SUCCESS) {
476                         if (slap_bv2undef_ad(&mapped, &attr->a_desc, &text) 
477                                         != LDAP_SUCCESS) {
478 #ifdef NEW_LOGGING
479                                 LDAP_LOG( BACK_LDAP, DETAIL1, 
480                                         "slap_bv2undef_ad(%s):  %s\n", mapped.bv_val, text, 0 );
481 #else /* !NEW_LOGGING */
482                                 Debug( LDAP_DEBUG_ANY, 
483                                                 "slap_bv2undef_ad(%s):  "
484                                                 "%s\n%s", mapped.bv_val, text, "" );
485 #endif /* !NEW_LOGGING */
486                                 ch_free(attr);
487                                 continue;
488                         }
489                 }
490
491                 /* no subschemaSubentry */
492                 if ( attr->a_desc == slap_schema.si_ad_subschemaSubentry ) {
493
494                         /* 
495                          * We eat target's subschemaSubentry because
496                          * a search for this value is likely not
497                          * to resolve to the appropriate backend;
498                          * later, the local subschemaSubentry is
499                          * added.
500                          */
501                         ( void )ber_scanf( &ber, "x" /* [W] */ );
502
503                         ch_free(attr);
504                         continue;
505                 }
506                 
507                 if ( ber_scanf( &ber, "[W]", &attr->a_vals ) == LBER_ERROR
508                                 || attr->a_vals == NULL ) {
509                         /*
510                          * Note: attr->a_vals can be null when using
511                          * values result filter
512                          */
513                         if (private) {
514                                 attr->a_vals = &dummy;
515                         } else {
516                                 attr->a_vals = ch_malloc(sizeof(struct berval));
517                                 attr->a_vals->bv_val = NULL;
518                                 attr->a_vals->bv_len = 0;
519                         }
520                         last = 0;
521                 } else {
522                         for ( last = 0; attr->a_vals[last].bv_val; last++ );
523                 }
524                 if ( last == 0 ) {
525                         /* empty */
526                 } else if ( attr->a_desc == slap_schema.si_ad_objectClass
527                                 || attr->a_desc == slap_schema.si_ad_structuralObjectClass ) {
528                         for ( bv = attr->a_vals; bv->bv_val; bv++ ) {
529                                 ldap_back_map(&li->oc_map, bv, &mapped,
530                                                 BACKLDAP_REMAP);
531                                 if (mapped.bv_val == NULL || mapped.bv_val[0] == '\0') {
532                                         LBER_FREE(bv->bv_val);
533                                         bv->bv_val = NULL;
534                                         if (--last < 0)
535                                                 break;
536                                         *bv = attr->a_vals[last];
537                                         attr->a_vals[last].bv_val = NULL;
538                                         bv--;
539
540                                 } else if ( mapped.bv_val != bv->bv_val ) {
541                                         /*
542                                          * FIXME: after LBER_FREEing
543                                          * the value is replaced by
544                                          * ch_alloc'ed memory
545                                          */
546                                         LBER_FREE(bv->bv_val);
547                                         ber_dupbv( bv, &mapped );
548                                 }
549                         }
550
551                 /*
552                  * It is necessary to try to rewrite attributes with
553                  * dn syntax because they might be used in ACLs as
554                  * members of groups; since ACLs are applied to the
555                  * rewritten stuff, no dn-based subject clause could
556                  * be used at the ldap backend side (see
557                  * http://www.OpenLDAP.org/faq/data/cache/452.html)
558                  * The problem can be overcome by moving the dn-based
559                  * ACLs to the target directory server, and letting
560                  * everything pass thru the ldap backend.
561                  */
562                 } else if ( strcmp( attr->a_desc->ad_type->sat_syntax->ssyn_oid,
563                                         SLAPD_DN_SYNTAX ) == 0 ) {
564                         for ( bv = attr->a_vals; bv->bv_val; bv++ ) {
565                                 struct berval   newval;
566                                 
567 #ifdef ENABLE_REWRITE
568                                 switch ( rewrite_session( li->rwinfo,
569                                                         "searchResult",
570                                                         bv->bv_val,
571                                                         op->o_conn, 
572                                                         &newval.bv_val )) {
573                                 case REWRITE_REGEXEC_OK:
574                                         /* left as is */
575                                         if ( newval.bv_val == NULL ) {
576                                                 break;
577                                         }
578                                         newval.bv_len = strlen( newval.bv_val );
579 #ifdef NEW_LOGGING
580                                         LDAP_LOG( BACK_LDAP, DETAIL1, 
581                                                 "[rw] searchResult on attr=%s: \"%s\" -> \"%s\"\n",
582                                                 attr->a_desc->ad_type->sat_cname.bv_val,
583                                                 bv->bv_val, newval.bv_val );
584 #else /* !NEW_LOGGING */
585                                         Debug( LDAP_DEBUG_ARGS,
586                 "rw> searchResult on attr=%s: \"%s\" -> \"%s\"\n",
587                                                 attr->a_desc->ad_type->sat_cname.bv_val,
588                                                 bv->bv_val, newval.bv_val );
589 #endif /* !NEW_LOGGING */
590                                         free( bv->bv_val );
591                                         *bv = newval;
592                                         break;
593                                         
594                                 case REWRITE_REGEXEC_UNWILLING:
595                                         LBER_FREE(bv->bv_val);
596                                         bv->bv_val = NULL;
597                                         if (--last < 0)
598                                                 goto next_attr;
599                                         *bv = attr->a_vals[last];
600                                         attr->a_vals[last].bv_val = NULL;
601                                         bv--;
602                                         break;
603
604                                 case REWRITE_REGEXEC_ERR:
605                                         /*
606                                          * FIXME: better give up,
607                                          * skip the attribute
608                                          * or leave it untouched?
609                                          */
610                                         break;
611                                 }
612 #else /* !ENABLE_REWRITE */
613                                 ldap_back_dn_massage( li, bv, &newval, 0, 0 );
614                                 if ( bv->bv_val != newval.bv_val ) {
615                                         LBER_FREE( bv->bv_val );
616                                 }
617                                 *bv = newval;
618 #endif /* !ENABLE_REWRITE */
619                         }
620                 }
621
622 next_attr:;
623
624                 if ( normalize ) {
625                         if ( last && attr->a_desc->ad_type->sat_equality &&
626                                 attr->a_desc->ad_type->sat_equality->smr_normalize ) {
627                                 int i;
628
629                                 attr->a_nvals = ch_malloc((last+1)*sizeof(struct berval));
630                                 for (i=0; i<last; i++) {
631                                         attr->a_desc->ad_type->sat_equality->smr_normalize(
632                                                 SLAP_MR_VALUE_OF_ATTRIBUTE_SYNTAX,
633                                                 attr->a_desc->ad_type->sat_syntax,
634                                                 attr->a_desc->ad_type->sat_equality,
635                                                 &attr->a_vals[i], &attr->a_nvals[i] );
636                                 }
637                                 attr->a_nvals[i].bv_val = NULL;
638                                 attr->a_nvals[i].bv_len = 0;
639                         } else {
640                                 attr->a_nvals = attr->a_vals;
641                         }
642                 } else {
643                         attr->a_nvals = NULL;
644                 }
645                 *attrp = attr;
646                 attrp = &attr->a_next;
647         }
648         /* make sure it's free'able */
649         if (!private && ent->e_name.bv_val == bdn->bv_val)
650                 ber_dupbv( &ent->e_name, bdn );
651         return LDAP_SUCCESS;
652 }
653
654 /* return 0 IFF we can retrieve the entry with ndn
655  */
656 int
657 ldap_back_entry_get(
658         Operation *op,
659         struct berval   *ndn,
660         ObjectClass *oc,
661         AttributeDescription *at,
662         int rw,
663         Entry **ent
664 )
665 {
666         struct ldapinfo *li = (struct ldapinfo *) op->o_bd->be_private;    
667         struct ldapconn *lc;
668         int rc = 1, is_oc;
669         struct berval mapped = { 0, NULL }, bdn, mdn;
670         LDAPMessage     *result = NULL, *e = NULL;
671         char *gattr[3];
672         char *filter = NULL;
673         Connection *oconn;
674         SlapReply rs;
675
676         /* Tell getconn this is a privileged op */
677         is_oc = op->o_do_not_cache;
678         op->o_do_not_cache = 1;
679         lc = ldap_back_getconn(op, &rs);
680         oconn = op->o_conn;
681         op->o_conn = NULL;
682         if ( !lc || !ldap_back_dobind(lc, op, &rs) ) {
683                 op->o_do_not_cache = is_oc;
684                 op->o_conn = oconn;
685                 return 1;
686         }
687         op->o_do_not_cache = is_oc;
688         op->o_conn = oconn;
689
690         /*
691          * Rewrite the search base, if required
692          */
693 #ifdef ENABLE_REWRITE
694         switch ( rewrite_session( li->rwinfo, "searchBase",
695                                 ndn->bv_val, op->o_conn, &mdn.bv_val ) ) {
696         case REWRITE_REGEXEC_OK:
697                 if ( mdn.bv_val == NULL ) {
698                         mdn = *ndn;
699                 } else {
700                         mdn.bv_len = strlen( mdn.bv_val );
701                 }
702                         
703 #ifdef NEW_LOGGING
704                 LDAP_LOG( BACK_LDAP, DETAIL1, 
705                         "[rw] searchBase: \"%s\" -> \"%s\"\n", 
706                         ndn->bv_val, mdn.bv_val, 0 );
707 #else /* !NEW_LOGGING */
708                 Debug( LDAP_DEBUG_ARGS, "rw> searchBase: \"%s\" -> \"%s\"\n",
709                                 ndn->bv_val, mdn.bv_val, 0 );
710 #endif /* !NEW_LOGGING */
711                 break;
712                 
713         case REWRITE_REGEXEC_UNWILLING:
714         case REWRITE_REGEXEC_ERR:
715                 return 1;
716         }
717
718 #else /* !ENABLE_REWRITE */
719         ldap_back_dn_massage( li, ndn, &mdn, 0, 1 );
720 #endif /* !ENABLE_REWRITE */
721
722         ldap_back_map(&li->at_map, &at->ad_cname, &mapped, BACKLDAP_MAP);
723         if (mapped.bv_val == NULL || mapped.bv_val[0] == '\0') {
724                 rc = 1;
725                 goto cleanup;
726         }
727
728         is_oc = (strcasecmp("objectclass", mapped.bv_val) == 0);
729         if (oc && !is_oc) {
730                 gattr[0] = "objectclass";
731                 gattr[1] = mapped.bv_val;
732                 gattr[2] = NULL;
733         } else {
734                 gattr[0] = mapped.bv_val;
735                 gattr[1] = NULL;
736         }
737         if (oc) {
738                 char *ptr;
739                 ldap_back_map(&li->oc_map, &oc->soc_cname, &mapped,
740                                                 BACKLDAP_MAP);
741                 filter = ch_malloc(sizeof("(objectclass=)") + mapped.bv_len);
742                 ptr = lutil_strcopy(filter, "(objectclass=");
743                 ptr = lutil_strcopy(ptr, mapped.bv_val);
744                 *ptr++ = ')';
745                 *ptr++ = '\0';
746         }
747                 
748         if (ldap_search_ext_s(lc->ld, mdn.bv_val, LDAP_SCOPE_BASE, filter,
749                                 gattr, 0, NULL, NULL, LDAP_NO_LIMIT,
750                                 LDAP_NO_LIMIT, &result) != LDAP_SUCCESS)
751         {
752                 goto cleanup;
753         }
754
755         if ((e = ldap_first_entry(lc->ld, result)) == NULL) {
756                 goto cleanup;
757         }
758
759         *ent = ch_calloc(1,sizeof(Entry));
760
761         rc = ldap_build_entry(op, e, *ent, &bdn, LDAP_BUILD_ENTRY_NORMALIZE);
762
763         if (rc != LDAP_SUCCESS) {
764                 ch_free(*ent);
765                 *ent = NULL;
766         }
767
768 cleanup:
769         if (result) {
770                 ldap_msgfree(result);
771         }
772
773         if ( filter ) {
774                 ch_free( filter );
775         }
776
777         if ( mdn.bv_val != ndn->bv_val ) {
778                 ch_free( mdn.bv_val );
779         }
780
781         return(rc);
782 }
783