+ return ret;
+
+ /*
+ * Ain't it better?
+ return (slap_get_time() - starttime) * 1000000;
+ */
+#else /* _WIN32 */
+ LARGE_INTEGER now;
+
+ if ( first_time ) {
+ first_time = 0;
+ performance_counter_present = QueryPerformanceCounter( &base_time );
+ QueryPerformanceFrequency( &performance_freq );
+ }
+
+ if ( !performance_counter_present )
+ return 0;
+
+ QueryPerformanceCounter( &now );
+ return (1000000*(now.QuadPart-base_time.QuadPart))/performance_freq.QuadPart;
+#endif /* _WIN32 */
+#else /* LDAP_SLAPI */
+ return 0;
+#endif /* LDAP_SLAPI */
+}
+
+/*
+ * FIXME ?
+ */
+unsigned long
+slapi_timer_get_time( char *label )
+{
+#ifdef LDAP_SLAPI
+ unsigned long start = slapi_timer_current_time();
+ printf("%10ld %10ld usec %s\n", start, 0, label);
+ return start;
+#else /* LDAP_SLAPI */
+ return 0;
+#endif /* LDAP_SLAPI */
+}
+
+/*
+ * FIXME ?
+ */
+void
+slapi_timer_elapsed_time(
+ char *label,
+ unsigned long start )
+{
+#ifdef LDAP_SLAPI
+ unsigned long stop = slapi_timer_current_time();
+ printf ("%10ld %10ld usec %s\n", stop, stop - start, label);
+#endif /* LDAP_SLAPI */
+}
+
+void
+slapi_free_search_results_internal( Slapi_PBlock *pb )
+{
+#ifdef LDAP_SLAPI
+ Slapi_Entry **entries;
+ int k = 0, nEnt = 0;
+
+ slapi_pblock_get( pb, SLAPI_NENTRIES, &nEnt );
+ slapi_pblock_get( pb, SLAPI_PLUGIN_INTOP_SEARCH_ENTRIES, &entries );
+ if ( nEnt == 0 ) {
+ return;
+ }
+
+ if ( entries == NULL ) {
+ return;
+ }
+
+ for ( k = 0; k < nEnt; k++ ) {
+ slapi_entry_free( entries[k] );
+ }
+
+ slapi_ch_free( (void **)&entries );
+#endif /* LDAP_SLAPI */
+}
+
+#ifdef LDAP_SLAPI
+/*
+ * Internal API to prime a Slapi_PBlock with a Backend.
+ */
+static int initBackendPB( Slapi_PBlock *pb, Backend *be )
+{
+ int rc;
+
+ rc = slapi_pblock_set( pb, SLAPI_BACKEND, (void *)be );
+ if ( rc != LDAP_SUCCESS )
+ return rc;
+
+ if ( be != NULL ) {
+ rc = slapi_pblock_set( pb, SLAPI_BE_TYPE, (void *)be->bd_info->bi_type );
+ if ( rc != LDAP_SUCCESS )
+ return rc;
+ }
+
+ return LDAP_SUCCESS;
+}
+
+/*
+ * If oldStyle is TRUE, then a value suitable for setting to
+ * the deprecated SLAPI_CONN_AUTHTYPE value is returned
+ * (pointer to static storage).
+ *
+ * If oldStyle is FALSE, then a value suitable for setting to
+ * the new SLAPI_CONN_AUTHMETHOD will be returned, which is
+ * a pointer to allocated memory and will include the SASL
+ * mechanism (if any).
+ */
+static char *Authorization2AuthType( AuthorizationInformation *authz, int is_tls, int oldStyle )
+{
+ size_t len;
+ char *authType;
+
+ switch ( authz->sai_method ) {
+ case LDAP_AUTH_SASL:
+ if ( oldStyle ) {
+ authType = SLAPD_AUTH_SASL;
+ } else {
+ len = sizeof(SLAPD_AUTH_SASL) + authz->sai_mech.bv_len;
+ authType = slapi_ch_malloc( len );
+ snprintf( authType, len, "%s%s", SLAPD_AUTH_SASL, authz->sai_mech.bv_val );
+ }
+ break;
+ case LDAP_AUTH_SIMPLE:
+ authType = oldStyle ? SLAPD_AUTH_SIMPLE : slapi_ch_strdup( SLAPD_AUTH_SIMPLE );
+ break;
+ case LDAP_AUTH_NONE:
+ authType = oldStyle ? SLAPD_AUTH_NONE : slapi_ch_strdup( SLAPD_AUTH_NONE );
+ break;
+ default:
+ authType = NULL;
+ break;
+ }
+ if ( is_tls && authType == NULL ) {
+ authType = oldStyle ? SLAPD_AUTH_SSL : slapi_ch_strdup( SLAPD_AUTH_SSL );
+ }
+
+ return authType;
+}
+
+/*
+ * Internal API to prime a Slapi_PBlock with a Connection.
+ */
+static int initConnectionPB( Slapi_PBlock *pb, Connection *conn )
+{
+ char *connAuthType;
+ int rc;
+
+ rc = slapi_pblock_set( pb, SLAPI_CONNECTION, (void *)conn );
+ if ( rc != LDAP_SUCCESS )
+ return rc;
+
+ if ( strncmp( conn->c_peer_name.bv_val, "IP=", 3 ) == 0 ) {
+ rc = slapi_pblock_set( pb, SLAPI_CONN_CLIENTIP, (void *)&conn->c_peer_name.bv_val[3] );
+ if ( rc != LDAP_SUCCESS )
+ return rc;
+ } else if ( strncmp( conn->c_peer_name.bv_val, "PATH=", 5 ) == 0 ) {
+ rc = slapi_pblock_set( pb, SLAPI_X_CONN_CLIENTPATH, (void *)&conn->c_peer_name.bv_val[5] );
+ if ( rc != LDAP_SUCCESS )
+ return rc;
+ }
+
+ if ( strncmp( conn->c_sock_name.bv_val, "IP=", 3 ) == 0 ) {
+ rc = slapi_pblock_set( pb, SLAPI_CONN_SERVERIP, (void *)&conn->c_sock_name.bv_val[3] );
+ if ( rc != LDAP_SUCCESS )
+ return rc;
+ } else if ( strncmp( conn->c_sock_name.bv_val, "PATH=", 5 ) == 0 ) {
+ rc = slapi_pblock_set( pb, SLAPI_X_CONN_SERVERPATH, (void *)&conn->c_sock_name.bv_val[5] );
+ if ( rc != LDAP_SUCCESS )
+ return rc;
+ }
+
+#ifdef LDAP_CONNECTIONLESS
+ rc = slapi_pblock_set( pb, SLAPI_X_CONN_IS_UDP, (void *)conn->c_is_udp );
+ if ( rc != LDAP_SUCCESS )
+ return rc;
+#endif
+
+ rc = slapi_pblock_set( pb, SLAPI_CONN_ID, (void *)conn->c_connid );
+ if ( rc != LDAP_SUCCESS )
+ return rc;
+
+ /* Returns pointer to static string */
+ connAuthType = Authorization2AuthType( &conn->c_authz,
+#ifdef HAVE_TLS
+ conn->c_is_tls,
+#else
+ 0,
+#endif
+ 1 );
+ if ( connAuthType != NULL ) {
+ rc = slapi_pblock_set(pb, SLAPI_CONN_AUTHTYPE, (void *)connAuthType);
+ if ( rc != LDAP_SUCCESS )
+ return rc;
+ }
+
+ /* Returns pointer to allocated string */
+ connAuthType = Authorization2AuthType( &conn->c_authz,
+#ifdef HAVE_TLS
+ conn->c_is_tls,
+#else
+ 0,
+#endif
+ 0 );
+ if ( connAuthType != NULL ) {
+ rc = slapi_pblock_set(pb, SLAPI_CONN_AUTHMETHOD, (void *)connAuthType);
+ /* slapi_pblock_set dups this itself */
+ slapi_ch_free( (void **)&connAuthType );
+ if ( rc != LDAP_SUCCESS )
+ return rc;
+ }
+
+ if ( conn->c_authz.sai_dn.bv_val != NULL ) {
+ /* slapi_pblock_set dups this itself */
+ rc = slapi_pblock_set(pb, SLAPI_CONN_DN, (void *)conn->c_authz.sai_dn.bv_val);
+ if ( rc != LDAP_SUCCESS )
+ return rc;
+ }
+
+ rc = slapi_pblock_set(pb, SLAPI_X_CONN_SSF, (void *)conn->c_ssf);
+ if ( rc != LDAP_SUCCESS )
+ return rc;
+
+ rc = slapi_pblock_set(pb, SLAPI_X_CONN_SASL_CONTEXT,
+ ( conn->c_sasl_authctx != NULL ? conn->c_sasl_authctx :
+ conn->c_sasl_sockctx ) );
+ if ( rc != LDAP_SUCCESS )
+ return rc;
+
+ return rc;
+}
+#endif /* LDAP_SLAPI */
+
+/*
+ * Internal API to prime a Slapi_PBlock with an Operation.
+ */
+int slapi_x_pblock_set_operation( Slapi_PBlock *pb, Operation *op )
+{
+#ifdef LDAP_SLAPI
+ int isRoot = 0;
+ int isUpdateDn = 0;
+ int rc;
+ char *opAuthType;
+
+ if ( op->o_bd != NULL ) {
+ isRoot = be_isroot( op->o_bd, &op->o_ndn );
+ isUpdateDn = be_isupdate( op->o_bd, &op->o_ndn );
+ }
+
+ rc = initBackendPB( pb, op->o_bd );
+ if ( rc != LDAP_SUCCESS )
+ return rc;
+
+ rc = initConnectionPB( pb, op->o_conn );
+ if ( rc != LDAP_SUCCESS )
+ return rc;
+
+ rc = slapi_pblock_set( pb, SLAPI_OPERATION, (void *)op );
+ if ( rc != LDAP_SUCCESS )
+ return rc;
+
+ rc = slapi_pblock_set( pb, SLAPI_OPINITIATED_TIME, (void *)op->o_time );
+ if ( rc != LDAP_SUCCESS )
+ return rc;
+
+ rc = slapi_pblock_set( pb, SLAPI_OPERATION_ID, (void *)op->o_opid );
+ if ( rc != LDAP_SUCCESS )
+ return rc;
+
+ rc = slapi_pblock_set( pb, SLAPI_OPERATION_TYPE, (void *)op->o_tag );
+ if ( rc != LDAP_SUCCESS )
+ return rc;
+
+ rc = slapi_pblock_set( pb, SLAPI_REQUESTOR_ISROOT, (void *)isRoot );
+ if ( rc != LDAP_SUCCESS )
+ return rc;
+
+ rc = slapi_pblock_set( pb, SLAPI_REQUESTOR_ISUPDATEDN, (void *)isUpdateDn );
+ if ( rc != LDAP_SUCCESS )
+ return rc;
+
+ rc = slapi_pblock_set( pb, SLAPI_REQCONTROLS, (void *)op->o_ctrls );
+ if ( rc != LDAP_SUCCESS)
+ return rc;
+
+ rc = slapi_pblock_set( pb, SLAPI_REQUESTOR_DN, (void *)op->o_ndn.bv_val );
+ if ( rc != LDAP_SUCCESS )
+ return rc;
+
+ rc = slapi_pblock_get( pb, SLAPI_CONN_AUTHMETHOD, (void *)&opAuthType );
+ if ( rc == LDAP_SUCCESS && opAuthType != NULL ) {
+ /* Not quite sure what the point of this is. */
+ rc = slapi_pblock_set( pb, SLAPI_OPERATION_AUTHTYPE, (void *)opAuthType );
+ if ( rc != LDAP_SUCCESS )
+ return rc;
+ }
+
+ return LDAP_SUCCESS;
+#else
+ return -1;
+#endif
+}
+
+int slapi_is_connection_ssl( Slapi_PBlock *pb, int *isSSL )
+{
+#ifdef LDAP_SLAPI
+ Connection *conn;
+
+ slapi_pblock_get( pb, SLAPI_CONNECTION, &conn );
+#ifdef HAVE_TLS
+ *isSSL = conn->c_is_tls;
+#else
+ *isSSL = 0;
+#endif
+
+ return LDAP_SUCCESS;
+#else
+ return -1;
+#endif /* LDAP_SLAPI */
+}
+
+/*
+ * DS 5.x compatability API follow
+ */
+
+int slapi_attr_get_flags( const Slapi_Attr *attr, unsigned long *flags )
+{
+#ifdef LDAP_SLAPI
+ AttributeType *at;
+
+ if ( attr == NULL )
+ return LDAP_PARAM_ERROR;
+
+ at = attr->a_desc->ad_type;
+
+ *flags = SLAPI_ATTR_FLAG_STD_ATTR;
+
+ if ( is_at_single_value( at ) )
+ *flags |= SLAPI_ATTR_FLAG_SINGLE;
+ if ( is_at_operational( at ) )
+ *flags |= SLAPI_ATTR_FLAG_OPATTR;
+ if ( is_at_obsolete( at ) )
+ *flags |= SLAPI_ATTR_FLAG_OBSOLETE;
+ if ( is_at_collective( at ) )
+ *flags |= SLAPI_ATTR_FLAG_COLLECTIVE;
+ if ( is_at_no_user_mod( at ) )
+ *flags |= SLAPI_ATTR_FLAG_NOUSERMOD;
+
+ return LDAP_SUCCESS;
+#else
+ return -1;
+#endif /* LDAP_SLAPI */
+}
+
+int slapi_attr_flag_is_set( const Slapi_Attr *attr, unsigned long flag )
+{
+#ifdef LDAP_SLAPI
+ unsigned long flags;
+
+ if ( slapi_attr_get_flags( attr, &flags ) != 0 )
+ return 0;
+ return (flags & flag) ? 1 : 0;
+#else
+ return 0;
+#endif /* LDAP_SLAPI */
+}
+
+Slapi_Attr *slapi_attr_new( void )
+{
+#ifdef LDAP_SLAPI
+ Attribute *ad;
+
+ ad = (Attribute *)slapi_ch_calloc( 1, sizeof(*ad) );
+
+ return ad;
+#else
+ return NULL;
+#endif
+}
+
+Slapi_Attr *slapi_attr_init( Slapi_Attr *a, const char *type )
+{
+#ifdef LDAP_SLAPI
+ const char *text;
+ AttributeDescription *ad = NULL;
+
+ if( slap_str2ad( type, &ad, &text ) != LDAP_SUCCESS ) {
+ return NULL;
+ }
+
+ a->a_desc = ad;
+ a->a_vals = NULL;
+ a->a_nvals = NULL;
+ a->a_next = NULL;
+ a->a_flags = 0;
+
+ return a;
+#else
+ return NULL;
+#endif
+}
+
+void slapi_attr_free( Slapi_Attr **a )
+{
+#ifdef LDAP_SLAPI
+ attr_free( *a );
+ *a = NULL;
+#endif
+}
+
+Slapi_Attr *slapi_attr_dup( const Slapi_Attr *attr )
+{
+#ifdef LDAP_SLAPI
+ return attr_dup( (Slapi_Attr *)attr );
+#else
+ return NULL;
+#endif
+}
+
+int slapi_attr_add_value( Slapi_Attr *a, const Slapi_Value *v )
+{
+#ifdef LDAP_SLAPI
+ /*
+ * FIXME: here we may lose alignment between a_vals/a_nvals
+ */
+ return value_add_one( &a->a_vals, (Slapi_Value *)v );
+#else
+ return -1;
+#endif
+}
+
+int slapi_attr_type2plugin( const char *type, void **pi )
+{
+ *pi = NULL;
+
+ return LDAP_OTHER;
+}
+
+int slapi_attr_get_type( const Slapi_Attr *attr, char **type )
+{
+#ifdef LDAP_SLAPI
+ if ( attr == NULL ) {
+ return LDAP_PARAM_ERROR;
+ }
+
+ *type = attr->a_desc->ad_cname.bv_val;
+
+ return LDAP_SUCCESS;
+#else
+ return -1;
+#endif
+}
+
+int slapi_attr_get_oid_copy( const Slapi_Attr *attr, char **oidp )
+{
+#ifdef LDAP_SLAPI
+ if ( attr == NULL ) {
+ return LDAP_PARAM_ERROR;
+ }
+ *oidp = attr->a_desc->ad_type->sat_oid;
+
+ return LDAP_SUCCESS;
+#else
+ return -1;
+#endif
+}
+
+int slapi_attr_value_cmp( const Slapi_Attr *a, const struct berval *v1, const struct berval *v2 )
+{
+#ifdef LDAP_SLAPI
+ MatchingRule *mr;
+ int ret;
+ int rc;
+ const char *text;
+
+ mr = a->a_desc->ad_type->sat_equality;
+ rc = value_match( &ret, a->a_desc, mr,
+ SLAP_MR_VALUE_OF_ASSERTION_SYNTAX,
+ (struct berval *)v1, (void *)v2, &text );
+ if ( rc != LDAP_SUCCESS )
+ return -1;
+
+ return ( ret == 0 ) ? 0 : -1;
+#else
+ return -1;
+#endif
+}
+
+int slapi_attr_value_find( const Slapi_Attr *a, struct berval *v )
+{
+#ifdef LDAP_SLAPI
+ MatchingRule *mr;
+ struct berval *bv;
+ int j;
+ const char *text;
+ int rc;
+ int ret;
+
+ if ( a ->a_vals == NULL ) {
+ return -1;
+ }
+ mr = a->a_desc->ad_type->sat_equality;
+ for ( bv = a->a_vals, j = 0; bv->bv_val != NULL; bv++, j++ ) {
+ rc = value_match( &ret, a->a_desc, mr,
+ SLAP_MR_VALUE_OF_ASSERTION_SYNTAX, bv, v, &text );
+ if ( rc != LDAP_SUCCESS ) {
+ return -1;
+ }
+ if ( ret == 0 ) {
+ return 0;
+ }
+ }
+#endif /* LDAP_SLAPI */
+ return -1;
+}
+
+int slapi_attr_type_cmp( const char *t1, const char *t2, int opt )
+{
+#ifdef LDAP_SLAPI
+ AttributeDescription *a1 = NULL;
+ AttributeDescription *a2 = NULL;
+ const char *text;
+ int ret;
+
+ if ( slap_str2ad( t1, &a1, &text ) != LDAP_SUCCESS ) {
+ return -1;
+ }
+
+ if ( slap_str2ad( t2, &a2, &text ) != LDAP_SUCCESS ) {
+ return 1;
+ }
+
+#define ad_base_cmp(l,r) (((l)->ad_type->sat_cname.bv_len < (r)->ad_type->sat_cname.bv_len) \
+ ? -1 : (((l)->ad_type->sat_cname.bv_len > (r)->ad_type->sat_cname.bv_len) \
+ ? 1 : strcasecmp((l)->ad_type->sat_cname.bv_val, (r)->ad_type->sat_cname.bv_val )))
+
+ switch ( opt ) {
+ case SLAPI_TYPE_CMP_EXACT:
+ ret = ad_cmp( a1, a2 );
+ break;
+ case SLAPI_TYPE_CMP_BASE:
+ ret = ad_base_cmp( a1, a2 );
+ break;
+ case SLAPI_TYPE_CMP_SUBTYPE:
+ ret = is_ad_subtype( a2, a2 );
+ break;
+ default:
+ ret = -1;
+ break;
+ }
+
+ return ret;
+#else
+ return -1;
+#endif
+}
+
+int slapi_attr_types_equivalent( const char *t1, const char *t2 )
+{
+#ifdef LDAP_SLAPI
+ return slapi_attr_type_cmp( t1, t2, SLAPI_TYPE_CMP_EXACT );
+#else
+ return -1;
+#endif
+}
+
+int slapi_attr_first_value( Slapi_Attr *a, Slapi_Value **v )
+{
+#ifdef LDAP_SLAPI
+ return slapi_valueset_first_value( &a->a_vals, v );
+#else
+ return -1;
+#endif
+}
+
+int slapi_attr_next_value( Slapi_Attr *a, int hint, Slapi_Value **v )
+{
+#ifdef LDAP_SLAPI
+ return slapi_valueset_next_value( &a->a_vals, hint, v );
+#else
+ return -1;
+#endif
+}
+
+int slapi_attr_get_numvalues( const Slapi_Attr *a, int *numValues )
+{
+#ifdef LDAP_SLAPI
+ *numValues = slapi_valueset_count( &a->a_vals );
+
+ return 0;
+#else
+ return -1;
+#endif
+}
+
+int slapi_attr_get_valueset( const Slapi_Attr *a, Slapi_ValueSet **vs )
+{
+#ifdef LDAP_SLAPI
+ *vs = &((Slapi_Attr *)a)->a_vals;
+
+ return 0;
+#else
+ return -1;
+#endif
+}
+
+int slapi_attr_get_bervals_copy( Slapi_Attr *a, struct berval ***vals )
+{
+#ifdef LDAP_SLAPI
+ return slapi_attr_get_values( a, vals );
+#else
+ return -1;
+#endif
+}
+
+char *slapi_attr_syntax_normalize( const char *s )
+{
+#ifdef LDAP_SLAPI
+ AttributeDescription *ad = NULL;
+ const char *text;
+
+ if ( slap_str2ad( s, &ad, &text ) != LDAP_SUCCESS ) {
+ return NULL;
+ }
+
+ return ad->ad_cname.bv_val;
+#else
+ return -1;
+#endif
+}
+
+Slapi_Value *slapi_value_new( void )
+{
+#ifdef LDAP_SLAPI
+ struct berval *bv;
+
+ bv = (struct berval *)slapi_ch_malloc( sizeof(*bv) );
+
+ return bv;
+#else
+ return NULL;
+#endif
+}
+
+Slapi_Value *slapi_value_new_berval(const struct berval *bval)
+{
+#ifdef LDAP_SLAPI
+ return ber_dupbv( NULL, (struct berval *)bval );
+#else
+ return NULL;
+#endif
+}
+
+Slapi_Value *slapi_value_new_value(const Slapi_Value *v)
+{
+#ifdef LDAP_SLAPI
+ return slapi_value_new_berval( v );
+#else
+ return NULL;
+#endif
+}
+
+Slapi_Value *slapi_value_new_string(const char *s)
+{
+#ifdef LDAP_SLAPI
+ struct berval bv;
+
+ bv.bv_val = (char *)s;
+ bv.bv_len = strlen( s );
+
+ return slapi_value_new_berval( &bv );
+#else
+ return NULL;
+#endif
+}
+
+Slapi_Value *slapi_value_init(Slapi_Value *val)
+{
+#ifdef LDAP_SLAPI
+ val->bv_val = NULL;
+ val->bv_len = 0;
+
+ return val;
+#else
+ return NULL;
+#endif
+}
+
+Slapi_Value *slapi_value_init_berval(Slapi_Value *v, struct berval *bval)
+{
+#ifdef LDAP_SLAPI
+ return ber_dupbv( v, bval );
+#else
+ return NULL;
+#endif
+}
+
+Slapi_Value *slapi_value_init_string(Slapi_Value *v, const char *s)
+{
+#ifdef LDAP_SLAPI
+ v->bv_val = slapi_ch_strdup( (char *)s );
+ v->bv_len = strlen( s );
+
+ return v;
+#else
+ return NULL;
+#endif
+}
+
+Slapi_Value *slapi_value_dup(const Slapi_Value *v)
+{
+#ifdef LDAP_SLAPI
+ return slapi_value_new_value( v );
+#else
+ return NULL;
+#endif
+}
+
+void slapi_value_free(Slapi_Value **value)
+{
+#ifdef LDAP_SLAPI
+ if ( value == NULL ) {
+ return;
+ }
+
+ if ( (*value) != NULL ) {
+ slapi_ch_free( (void **)&(*value)->bv_val );
+ slapi_ch_free( (void **)value );
+ }
+#endif
+}
+
+const struct berval *slapi_value_get_berval( const Slapi_Value *value )
+{
+#ifdef LDAP_SLAPI
+ return value;
+#else
+ return NULL;
+#endif
+}
+
+Slapi_Value *slapi_value_set_berval( Slapi_Value *value, const struct berval *bval )
+{
+#ifdef LDAP_SLAPI
+ if ( value == NULL ) {
+ return NULL;
+ }
+ if ( value->bv_val != NULL ) {
+ slapi_ch_free( (void **)&value->bv_val );
+ }
+ slapi_value_init_berval( value, (struct berval *)bval );
+
+ return value;
+#else
+ return NULL;
+#endif
+}
+
+Slapi_Value *slapi_value_set_value( Slapi_Value *value, const Slapi_Value *vfrom)
+{
+#ifdef LDAP_SLAPI
+ if ( value == NULL ) {
+ return NULL;
+ }
+ return slapi_value_set_berval( value, vfrom );
+#else
+ return NULL;
+#endif
+}
+
+Slapi_Value *slapi_value_set( Slapi_Value *value, void *val, unsigned long len)
+{
+#ifdef LDAP_SLAPI
+ if ( value == NULL ) {
+ return NULL;
+ }
+ if ( value->bv_val != NULL ) {
+ slapi_ch_free( (void **)&value->bv_val );
+ }
+ value->bv_val = slapi_ch_malloc( len );
+ value->bv_len = len;
+ AC_MEMCPY( value->bv_val, val, len );
+
+ return value;
+#else
+ return NULL;
+#endif
+}
+
+int slapi_value_set_string(Slapi_Value *value, const char *strVal)
+{
+#ifdef LDAP_SLAPI
+ if ( value == NULL ) {
+ return -1;
+ }
+ slapi_value_set( value, (void *)strVal, strlen( strVal ) );
+ return 0;
+#else
+ return NULL;
+#endif
+}
+
+int slapi_value_set_int(Slapi_Value *value, int intVal)
+{
+#ifdef LDAP_SLAPI
+ char buf[64];
+
+ snprintf( buf, sizeof( buf ), "%d", intVal );
+
+ return slapi_value_set_string( value, buf );
+#else
+ return -1;
+#endif
+}
+
+const char *slapi_value_get_string(const Slapi_Value *value)
+{
+#ifdef LDAP_SLAPI
+ if ( value == NULL ) {
+ return NULL;
+ }
+ return value->bv_val;
+#else
+ return NULL;
+#endif
+}
+
+#ifdef LDAP_SLAPI
+static int checkBVString(const struct berval *bv)
+{
+ int i;
+
+ for ( i = 0; i < bv->bv_len; i++ ) {
+ if ( bv->bv_val[i] == '\0' )
+ return 0;
+ }
+ if ( bv->bv_val[i] != '\0' )
+ return 0;
+
+ return 1;
+}
+#endif
+
+int slapi_value_get_int(const Slapi_Value *value)
+{
+#ifdef LDAP_SLAPI
+ if ( value == NULL ) return 0;
+ if ( value->bv_val == NULL ) return 0;
+ if ( !checkBVString( value ) ) return 0;
+
+ return (int)strtol( value->bv_val, NULL, 10 );
+#else
+ return NULL;
+#endif
+}
+
+unsigned int slapi_value_get_uint(const Slapi_Value *value)
+{
+#ifdef LDAP_SLAPI
+ if ( value == NULL ) return 0;
+ if ( value->bv_val == NULL ) return 0;
+ if ( !checkBVString( value ) ) return 0;
+
+ return (unsigned int)strtoul( value->bv_val, NULL, 10 );
+#else
+ return NULL;
+#endif
+}
+
+long slapi_value_get_long(const Slapi_Value *value)
+{
+#ifdef LDAP_SLAPI
+ if ( value == NULL ) return 0;
+ if ( value->bv_val == NULL ) return 0;
+ if ( !checkBVString( value ) ) return 0;
+
+ return strtol( value->bv_val, NULL, 10 );
+#else
+ return NULL;
+#endif
+}
+
+unsigned long slapi_value_get_ulong(const Slapi_Value *value)
+{
+#ifdef LDAP_SLAPI
+ if ( value == NULL ) return 0;
+ if ( value->bv_val == NULL ) return 0;
+ if ( !checkBVString( value ) ) return 0;
+
+ return strtoul( value->bv_val, NULL, 10 );
+#else
+ return NULL;
+#endif
+}
+
+size_t slapi_value_get_length(const Slapi_Value *value)
+{
+#ifdef LDAP_SLAPI
+ if ( value == NULL )
+ return 0;
+
+ return (size_t) value->bv_len;
+#else
+ return 0;
+#endif
+}
+
+int slapi_value_compare(const Slapi_Attr *a, const Slapi_Value *v1, const Slapi_Value *v2)
+{
+#ifdef LDAP_SLAPI
+ return slapi_attr_value_cmp( a, v1, v2 );
+#else
+ return -1;
+#endif
+}
+
+/* A ValueSet is a container for a BerVarray. */
+Slapi_ValueSet *slapi_valueset_new( void )
+{
+#ifdef LDAP_SLAPI
+ Slapi_ValueSet *vs;
+
+ vs = (Slapi_ValueSet *)slapi_ch_malloc( sizeof( *vs ) );
+ *vs = NULL;
+
+ return vs;
+#else
+ return NULL;
+#endif
+}
+
+void slapi_valueset_free(Slapi_ValueSet *vs)
+{
+#ifdef LDAP_SLAPI
+ if ( vs != NULL ) {
+ BerVarray vp = *vs;
+
+ ber_bvarray_free( vp );
+ slapi_ch_free( (void **)&vp );
+
+ *vs = NULL;
+ }
+#endif
+}
+
+void slapi_valueset_init(Slapi_ValueSet *vs)
+{
+#ifdef LDAP_SLAPI
+ if ( vs != NULL && *vs == NULL ) {
+ *vs = (Slapi_ValueSet)slapi_ch_calloc( 1, sizeof(struct berval) );
+ (*vs)->bv_val = NULL;
+ (*vs)->bv_len = 0;
+ }
+#endif
+}
+
+void slapi_valueset_done(Slapi_ValueSet *vs)
+{
+#ifdef LDAP_SLAPI
+ BerVarray vp;
+
+ if ( vs == NULL )
+ return;
+
+ for ( vp = *vs; vp->bv_val != NULL; vp++ ) {
+ vp->bv_len = 0;
+ slapi_ch_free( (void **)&vp->bv_val );
+ }
+ /* but don't free *vs or vs */
+#endif
+}
+
+void slapi_valueset_add_value(Slapi_ValueSet *vs, const Slapi_Value *addval)
+{
+#ifdef LDAP_SLAPI
+ struct berval bv;
+
+ ber_dupbv( &bv, (Slapi_Value *)addval );
+ ber_bvarray_add( vs, &bv );
+#endif
+}
+
+int slapi_valueset_first_value( Slapi_ValueSet *vs, Slapi_Value **v )
+{
+#ifdef LDAP_SLAPI
+ return slapi_valueset_next_value( vs, 0, v );
+#else
+ return -1;
+#endif
+}
+
+int slapi_valueset_next_value( Slapi_ValueSet *vs, int index, Slapi_Value **v)
+{
+#ifdef LDAP_SLAPI
+ int i;
+ BerVarray vp;
+
+ if ( vs == NULL )
+ return -1;
+
+ vp = *vs;
+
+ for ( i = 0; vp[i].bv_val != NULL; i++ ) {
+ if ( i == index ) {
+ *v = &vp[i];
+ return index + 1;
+ }
+ }
+#endif
+
+ return -1;
+}
+
+int slapi_valueset_count( const Slapi_ValueSet *vs )
+{
+#ifdef LDAP_SLAPI
+ int i;
+ BerVarray vp;
+
+ if ( vs == NULL )
+ return 0;
+
+ vp = *vs;
+
+ for ( i = 0; vp[i].bv_val != NULL; i++ )
+ ;
+
+ return i;
+#else
+ return 0;
+#endif
+
+}
+
+void slapi_valueset_set_valueset(Slapi_ValueSet *vs1, const Slapi_ValueSet *vs2)
+{
+#ifdef LDAP_SLAPI
+ BerVarray vp;
+
+ for ( vp = *vs2; vp->bv_val != NULL; vp++ ) {
+ slapi_valueset_add_value( vs1, vp );
+ }
+#endif
+}
+
+int slapi_access_allowed( Slapi_PBlock *pb, Slapi_Entry *e, char *attr,
+ struct berval *val, int access )
+{
+#ifdef LDAP_SLAPI
+ Backend *be;
+ Connection *conn;
+ Operation *op;
+ int ret;
+ slap_access_t slap_access;
+ AttributeDescription *ad = NULL;
+ const char *text;
+
+ ret = slap_str2ad( attr, &ad, &text );
+ if ( ret != LDAP_SUCCESS ) {
+ return ret;
+ }
+
+ switch ( access & SLAPI_ACL_ALL ) {
+ case SLAPI_ACL_COMPARE:
+ slap_access = ACL_COMPARE;
+ break;
+ case SLAPI_ACL_SEARCH:
+ slap_access = ACL_SEARCH;
+ break;
+ case SLAPI_ACL_READ:
+ slap_access = ACL_READ;
+ break;
+ case SLAPI_ACL_WRITE:
+ case SLAPI_ACL_DELETE:
+ case SLAPI_ACL_ADD:
+ case SLAPI_ACL_SELF:
+ slap_access = ACL_WRITE;
+ break;
+ default:
+ return LDAP_INSUFFICIENT_ACCESS;
+ break;
+ }
+
+ if ( slapi_pblock_get( pb, SLAPI_BACKEND, (void *)&be ) != 0 ) {
+ return LDAP_PARAM_ERROR;
+ }
+
+ if ( slapi_pblock_get( pb, SLAPI_CONNECTION, (void *)&conn ) != 0 ) {
+ return LDAP_PARAM_ERROR;
+ }
+
+ if ( slapi_pblock_get( pb, SLAPI_OPERATION, (void *)&op ) != 0 ) {
+ return LDAP_PARAM_ERROR;
+ }
+
+ ret = access_allowed( op, e, ad, val, slap_access, NULL );
+
+ return ret ? LDAP_SUCCESS : LDAP_INSUFFICIENT_ACCESS;
+#else
+ return LDAP_UNWILLING_TO_PERFORM;
+#endif
+}
+
+int slapi_acl_check_mods(Slapi_PBlock *pb, Slapi_Entry *e, LDAPMod **mods, char **errbuf)
+{
+#ifdef LDAP_SLAPI
+ Operation *op;
+ int rc = LDAP_SUCCESS;
+ Modifications *ml, *mp;
+
+ if ( slapi_pblock_get( pb, SLAPI_OPERATION, (void *)&op ) != 0 ) {
+ return LDAP_PARAM_ERROR;
+ }
+
+ ml = slapi_x_ldapmods2modifications( mods );
+ if ( ml == NULL ) {
+ return LDAP_OTHER;
+ }
+
+ for ( mp = ml; mp != NULL; mp = mp->sml_next ) {
+ rc = slap_bv2ad( &mp->sml_type, &mp->sml_desc, (const char **)errbuf );
+ if ( rc != LDAP_SUCCESS ) {
+ break;
+ }
+ }
+
+ if ( rc == LDAP_SUCCESS ) {
+ rc = acl_check_modlist( op, e, ml ) ? LDAP_SUCCESS : LDAP_INSUFFICIENT_ACCESS;
+ }
+
+ /* Careful when freeing the modlist because it has pointers into the mods array. */
+ for ( ; ml != NULL; ml = mp ) {
+ mp = ml->sml_next;
+
+ /* just free the containing array */
+ slapi_ch_free( (void **)&ml->sml_bvalues );
+ slapi_ch_free( (void **)&ml );
+ }
+
+ return rc;
+#else
+ return LDAP_UNWILLING_TO_PERFORM;
+#endif
+}
+
+/*
+ * Synthesise an LDAPMod array from a Modifications list to pass
+ * to SLAPI. This synthesis is destructive and as such the
+ * Modifications list may not be used after calling this
+ * function.
+ *
+ * This function must also be called before slap_mods_check().
+ */
+LDAPMod **slapi_x_modifications2ldapmods(Modifications **pmodlist)
+{
+#ifdef LDAP_SLAPI
+ Modifications *ml, *modlist;
+ LDAPMod **mods, *modp;
+ int i, j;
+
+ modlist = *pmodlist;
+
+ for( i = 0, ml = modlist; ml != NULL; i++, ml = ml->sml_next )
+ ;
+
+ mods = (LDAPMod **)ch_malloc( (i + 1) * sizeof(LDAPMod *) );
+
+ for( i = 0, ml = modlist; ml != NULL; ml = ml->sml_next ) {
+ mods[i] = (LDAPMod *)ch_malloc( sizeof(LDAPMod) );
+ modp = mods[i];
+ modp->mod_op = ml->sml_op | LDAP_MOD_BVALUES;
+
+ /* Take ownership of original type. */
+ modp->mod_type = ml->sml_type.bv_val;
+ ml->sml_type.bv_val = NULL;
+
+ if ( ml->sml_bvalues != NULL ) {
+ for( j = 0; ml->sml_bvalues[j].bv_val != NULL; j++ )
+ ;
+ modp->mod_bvalues = (struct berval **)ch_malloc( (j + 1) *
+ sizeof(struct berval *) );
+ for( j = 0; ml->sml_bvalues[j].bv_val != NULL; j++ ) {
+ /* Take ownership of original values. */
+ modp->mod_bvalues[j] = (struct berval *)ch_malloc( sizeof(struct berval) );
+ modp->mod_bvalues[j]->bv_len = ml->sml_bvalues[j].bv_len;
+ modp->mod_bvalues[j]->bv_val = ml->sml_bvalues[j].bv_val;
+ ml->sml_bvalues[j].bv_len = 0;
+ ml->sml_bvalues[j].bv_val = NULL;
+ }
+ modp->mod_bvalues[j] = NULL;
+ } else {
+ modp->mod_bvalues = NULL;
+ }
+ i++;
+ }
+
+ mods[i] = NULL;
+
+ slap_mods_free( modlist );
+ *pmodlist = NULL;
+
+ return mods;
+#else
+ return NULL;
+#endif
+}
+
+/*
+ * Convert a potentially modified array of LDAPMods back to a
+ * Modification list.
+ *
+ * The returned Modification list contains pointers into the
+ * LDAPMods array; the latter MUST be freed with
+ * slapi_x_free_ldapmods() (see below).
+ */
+Modifications *slapi_x_ldapmods2modifications (LDAPMod **mods)
+{
+#ifdef LDAP_SLAPI
+ Modifications *modlist = NULL, **modtail;
+ LDAPMod **modp;
+
+ modtail = &modlist;
+
+ for( modp = mods; *modp != NULL; modp++ ) {
+ Modifications *mod;
+ int i;
+ char **p;
+ struct berval **bvp;
+
+ mod = (Modifications *) ch_malloc( sizeof(Modifications) );
+ mod->sml_op = (*modp)->mod_op & (~LDAP_MOD_BVALUES);
+ mod->sml_type.bv_val = (*modp)->mod_type;
+ mod->sml_type.bv_len = strlen( mod->sml_type.bv_val );
+ mod->sml_desc = NULL;
+ mod->sml_next = NULL;
+
+ if ( (*modp)->mod_op & LDAP_MOD_BVALUES ) {
+ for( i = 0, bvp = (*modp)->mod_bvalues; bvp != NULL && *bvp != NULL; bvp++, i++ )
+ ;
+ } else {
+ for( i = 0, p = (*modp)->mod_values; p != NULL && *p != NULL; p++, i++ )
+ ;
+ }
+
+ if ( i == 0 ) {
+ mod->sml_bvalues = NULL;
+ } else {
+ mod->sml_bvalues = (BerVarray) ch_malloc( (i + 1) * sizeof(struct berval) );
+
+ /* NB: This implicitly trusts a plugin to return valid modifications. */
+ if ( (*modp)->mod_op & LDAP_MOD_BVALUES ) {
+ for( i = 0, bvp = (*modp)->mod_bvalues; bvp != NULL && *bvp != NULL; bvp++, i++ ) {
+ mod->sml_bvalues[i].bv_val = (*bvp)->bv_val;
+ mod->sml_bvalues[i].bv_len = (*bvp)->bv_len;
+ }
+ } else {
+ for( i = 0, p = (*modp)->mod_values; p != NULL && *p != NULL; p++, i++ ) {
+ mod->sml_bvalues[i].bv_val = *p;
+ mod->sml_bvalues[i].bv_len = strlen( *p );
+ }
+ }
+ mod->sml_bvalues[i].bv_val = NULL;
+ }
+ mod->sml_nvalues = NULL;
+
+ *modtail = mod;
+ modtail = &mod->sml_next;
+ }
+
+ return modlist;
+#else
+ return NULL;
+#endif
+}
+
+/*
+ * This function only frees the parts of the mods array that
+ * are not shared with the Modification list that was created
+ * by slapi_x_ldapmods2modifications().
+ *
+ */
+void slapi_x_free_ldapmods (LDAPMod **mods)
+{
+#ifdef LDAP_SLAPI
+ int i, j;
+
+ if (mods == NULL)
+ return;
+
+ for ( i = 0; mods[i] != NULL; i++ ) {
+ /*
+ * Don't free values themselves; they're owned by the
+ * Modification list. Do free the containing array.
+ */
+ if ( mods[i]->mod_op & LDAP_MOD_BVALUES ) {
+ for ( j = 0; mods[i]->mod_bvalues != NULL && mods[i]->mod_bvalues[j] != NULL; j++ ) {
+ ch_free( mods[i]->mod_bvalues[j] );
+ }
+ ch_free( mods[i]->mod_bvalues );
+ } else {
+ ch_free( mods[i]->mod_values );
+ }
+ /* Don't free type, for same reasons. */
+ ch_free( mods[i] );
+ }
+ ch_free( mods );
+#endif /* LDAP_SLAPI */
+}
+
+/*
+ * Sun ONE DS 5.x computed attribute support. Computed attributes
+ * allow for dynamically generated operational attributes, a very
+ * useful thing indeed.
+ */
+
+/*
+ * Write the computed attribute to a BerElement. Complementary
+ * functions need to be defined for anything that replaces
+ * op->o_callback->sc_sendentry, if you wish to make computed
+ * attributes available to it.
+ */
+int slapi_x_compute_output_ber(computed_attr_context *c, Slapi_Attr *a, Slapi_Entry *e)
+{
+#ifdef LDAP_SLAPI
+ Operation *op = NULL;
+ BerElement *ber;
+ AttributeDescription *desc = NULL;
+ int rc;
+ int i;
+
+ if ( c == NULL ) {
+ return 1;
+ }
+
+ if ( a == NULL ) {
+ return 1;
+ }
+
+ if ( e == NULL ) {
+ return 1;
+ }
+
+ rc = slapi_pblock_get( c->cac_pb, SLAPI_OPERATION, (void *)&op );
+ if ( rc != 0 || op == NULL ) {
+ return rc;
+ }
+
+ ber = (BerElement *)c->cac_private;
+ desc = a->a_desc;
+
+ if ( c->cac_attrs == NULL ) {
+ /* All attrs request, skip operational attributes */
+ if ( is_at_operational( desc->ad_type ) ) {
+ return 0;
+ }
+ } else {
+ /* Specific attrs requested */
+ if ( is_at_operational( desc->ad_type ) ) {
+ if ( !c->cac_opattrs && !ad_inlist( desc, c->cac_attrs ) ) {
+ return 0;
+ }
+ } else {
+ if ( !c->cac_userattrs && !ad_inlist( desc, c->cac_attrs ) ) {
+ return 0;
+ }
+ }
+ }
+
+ if ( !access_allowed( op, e, desc, NULL, ACL_READ, &c->cac_acl_state) ) {
+ slapi_log_error( SLAPI_LOG_ACL, "slapi_x_compute_output_ber",
+ "acl: access to attribute %s not allowed\n",
+ desc->ad_cname.bv_val );
+ return 0;
+ }
+
+ rc = ber_printf( ber, "{O[" /*]}*/ , &desc->ad_cname );
+ if (rc == -1 ) {
+ slapi_log_error( SLAPI_LOG_BER, "slapi_x_compute_output_ber",
+ "ber_printf failed\n");
+ return 1;
+ }
+
+ if ( !c->cac_attrsonly ) {
+ for ( i = 0; a->a_vals[i].bv_val != NULL; i++ ) {
+ if ( !access_allowed( op, e,
+ desc, &a->a_vals[i], ACL_READ, &c->cac_acl_state)) {
+ slapi_log_error( SLAPI_LOG_ACL, "slapi_x_compute_output_ber",
+ "conn %lu "
+ "acl: access to %s, value %d not allowed\n",
+ op->o_connid, desc->ad_cname.bv_val, i );
+ continue;
+ }
+
+ if (( rc = ber_printf( ber, "O", &a->a_vals[i] )) == -1 ) {
+ slapi_log_error( SLAPI_LOG_BER, "slapi_x_compute_output_ber",
+ "ber_printf failed\n");
+ return 1;
+ }
+ }
+ }
+
+ if (( rc = ber_printf( ber, /*{[*/ "]N}" )) == -1 ) {
+ slapi_log_error( SLAPI_LOG_BER, "slapi_x_compute_output_ber",
+ "ber_printf failed\n" );
+ return 1;
+ }
+
+ return 0;
+#else
+ return 1;
+#endif
+}
+
+/*
+ * For some reason Sun don't use the normal plugin mechanism
+ * registration path to register an "evaluator" function (an
+ * "evaluator" is responsible for adding computed attributes;
+ * the nomenclature is somewhat confusing).
+ *
+ * As such slapi_compute_add_evaluator() registers the
+ * function directly.
+ */
+int slapi_compute_add_evaluator(slapi_compute_callback_t function)
+{
+#ifdef LDAP_SLAPI
+ Slapi_PBlock *pPlugin = NULL;
+ int rc;
+
+ pPlugin = slapi_pblock_new();
+ if ( pPlugin == NULL ) {
+ rc = LDAP_NO_MEMORY;
+ goto done;
+ }
+
+ rc = slapi_pblock_set( pPlugin, SLAPI_PLUGIN_TYPE, (void *)SLAPI_PLUGIN_OBJECT );
+ if ( rc != LDAP_SUCCESS ) {
+ goto done;
+ }