+BerVarray
+aci_set_gather (void *cookie, struct berval *name, struct berval *attr)
+{
+ AciSetCookie *cp = cookie;
+ BerVarray bvals = NULL;
+ struct berval ndn;
+
+ /* this routine needs to return the bervals instead of
+ * plain strings, since syntax is not known. It should
+ * also return the syntax or some "comparison cookie".
+ */
+
+ if (dnNormalize2(NULL, name, &ndn) == LDAP_SUCCESS) {
+ const char *text;
+ AttributeDescription *desc = NULL;
+ if (slap_bv2ad(attr, &desc, &text) == LDAP_SUCCESS) {
+ backend_attribute(cp->be, NULL, cp->op,
+ cp->e, &ndn, desc, &bvals);
+ }
+ free(ndn.bv_val);
+ }
+ return(bvals);
+}
+
+static int
+aci_match_set (
+ struct berval *subj,
+ Backend *be,
+ Entry *e,
+ Connection *conn,
+ Operation *op,
+ int setref
+)
+{
+ struct berval set = { 0, NULL };
+ int rc = 0;
+ AciSetCookie cookie;
+
+ if (setref == 0) {
+ ber_dupbv( &set, subj );
+ } else {
+ struct berval subjdn, ndn = { 0, NULL };
+ struct berval setat;
+ BerVarray bvals;
+ const char *text;
+ AttributeDescription *desc = NULL;
+
+ /* format of string is "entry/setAttrName" */
+ if (aci_get_part(subj, 0, '/', &subjdn) < 0) {
+ return(0);
+ }
+
+ if ( aci_get_part(subj, 1, '/', &setat) < 0 ) {
+ setat.bv_val = SLAPD_ACI_SET_ATTR;
+ setat.bv_len = sizeof(SLAPD_ACI_SET_ATTR)-1;
+ }
+
+ if ( setat.bv_val != NULL ) {
+ /*
+ * NOTE: dnNormalize2 honors the ber_len field
+ * as the length of the dn to be normalized
+ */
+ if ( dnNormalize2(NULL, &subjdn, &ndn) == LDAP_SUCCESS
+ && slap_bv2ad(&setat, &desc, &text) == LDAP_SUCCESS )
+ {
+ backend_attribute(be, NULL, op, e,
+ &ndn, desc, &bvals);
+ if ( bvals != NULL ) {
+ if ( bvals[0].bv_val != NULL ) {
+ int i;
+ set = bvals[0];
+ bvals[0].bv_val = NULL;
+ for (i=1;bvals[i].bv_val;i++);
+ bvals[0].bv_val = bvals[i-1].bv_val;
+ bvals[i-1].bv_val = NULL;
+ }
+ ber_bvarray_free(bvals);
+ }
+ }
+ if (ndn.bv_val)
+ free(ndn.bv_val);
+ }
+ }
+
+ if (set.bv_val != NULL) {
+ cookie.be = be;
+ cookie.e = e;
+ cookie.conn = conn;
+ cookie.op = op;
+ rc = (slap_set_filter(aci_set_gather, &cookie, &set,
+ &op->o_ndn, &e->e_nname, NULL) > 0);
+ ch_free(set.bv_val);
+ }
+ return(rc);
+}
+
+#ifdef SLAPD_ACI_ENABLED