]> git.sur5r.net Git - openldap/blobdiff - servers/slapd/controls.c
ACIs almost entirely factored out of slapd
[openldap] / servers / slapd / controls.c
index 76e470efe63a388c122593fdc3266596b609ae4b..3bfbdf179e22a8fb4fc3fda508cff74ddb34bf84 100644 (file)
@@ -1,7 +1,7 @@
 /* $OpenLDAP$ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -28,19 +28,23 @@ static SLAP_CTRL_PARSE_FN parseAssert;
 static SLAP_CTRL_PARSE_FN parsePreRead;
 static SLAP_CTRL_PARSE_FN parsePostRead;
 static SLAP_CTRL_PARSE_FN parseProxyAuthz;
+#ifdef LDAP_DEVEL
+static SLAP_CTRL_PARSE_FN parseManageDIT;
+#endif
 static SLAP_CTRL_PARSE_FN parseManageDSAit;
-static SLAP_CTRL_PARSE_FN parseModifyIncrement;
 static SLAP_CTRL_PARSE_FN parseNoOp;
 static SLAP_CTRL_PARSE_FN parsePagedResults;
+#ifdef LDAP_DEVEL
+static SLAP_CTRL_PARSE_FN parseSortedResults;
+#endif
 static SLAP_CTRL_PARSE_FN parseValuesReturnFilter;
 static SLAP_CTRL_PARSE_FN parsePermissiveModify;
 static SLAP_CTRL_PARSE_FN parseDomainScope;
+#ifdef SLAP_CONTROL_X_TREE_DELETE
 static SLAP_CTRL_PARSE_FN parseTreeDelete;
+#endif
 static SLAP_CTRL_PARSE_FN parseSearchOptions;
-
-#ifdef LDAP_CONTROL_SUBENTRIES
 static SLAP_CTRL_PARSE_FN parseSubentries;
-#endif
 
 #undef sc_mask /* avoid conflict with Irix 6.5 <sys/signal.h> */
 
@@ -97,28 +101,34 @@ static char *proxy_authz_extops[] = {
 static struct slap_control control_defs[] = {
        {  LDAP_CONTROL_ASSERT,
                (int)offsetof(struct slap_control_ids, sc_assert),
-               SLAP_CTRL_HIDE|SLAP_CTRL_ACCESS, NULL,
+               SLAP_CTRL_ACCESS, NULL,
                parseAssert, LDAP_SLIST_ENTRY_INITIALIZER(next) },
        { LDAP_CONTROL_PRE_READ,
                (int)offsetof(struct slap_control_ids, sc_preRead),
-               SLAP_CTRL_HIDE|SLAP_CTRL_DELETE|SLAP_CTRL_MODIFY|SLAP_CTRL_RENAME, NULL,
+               SLAP_CTRL_DELETE|SLAP_CTRL_MODIFY|SLAP_CTRL_RENAME, NULL,
                parsePreRead, LDAP_SLIST_ENTRY_INITIALIZER(next) },
        { LDAP_CONTROL_POST_READ,
                (int)offsetof(struct slap_control_ids, sc_postRead),
-               SLAP_CTRL_HIDE|SLAP_CTRL_ADD|SLAP_CTRL_MODIFY|SLAP_CTRL_RENAME, NULL,
+               SLAP_CTRL_ADD|SLAP_CTRL_MODIFY|SLAP_CTRL_RENAME, NULL,
                parsePostRead, LDAP_SLIST_ENTRY_INITIALIZER(next) },
        { LDAP_CONTROL_VALUESRETURNFILTER,
                (int)offsetof(struct slap_control_ids, sc_valuesReturnFilter),
-               SLAP_CTRL_SEARCH, NULL,
+               SLAP_CTRL_GLOBAL|SLAP_CTRL_SEARCH, NULL,
                parseValuesReturnFilter, LDAP_SLIST_ENTRY_INITIALIZER(next) },
        { LDAP_CONTROL_PAGEDRESULTS,
                (int)offsetof(struct slap_control_ids, sc_pagedResults),
                SLAP_CTRL_SEARCH, NULL,
                parsePagedResults, LDAP_SLIST_ENTRY_INITIALIZER(next) },
+#ifdef LDAP_DEVEL
+       { LDAP_CONTROL_SORTREQUEST,
+               (int)offsetof(struct slap_control_ids, sc_sortedResults),
+               SLAP_CTRL_GLOBAL|SLAP_CTRL_SEARCH|SLAP_CTRL_HIDE, NULL,
+               parseSortedResults, LDAP_SLIST_ENTRY_INITIALIZER(next) },
+#endif
 #ifdef LDAP_CONTROL_X_DOMAIN_SCOPE
        { LDAP_CONTROL_X_DOMAIN_SCOPE,
                (int)offsetof(struct slap_control_ids, sc_domainScope),
-               SLAP_CTRL_FRONTEND|SLAP_CTRL_SEARCH, NULL,
+               SLAP_CTRL_GLOBAL|SLAP_CTRL_SEARCH, NULL,
                parseDomainScope, LDAP_SLIST_ENTRY_INITIALIZER(next) },
 #endif
 #ifdef LDAP_CONTROL_X_PERMISSIVE_MODIFY
@@ -127,16 +137,16 @@ static struct slap_control control_defs[] = {
                SLAP_CTRL_MODIFY, NULL,
                parsePermissiveModify, LDAP_SLIST_ENTRY_INITIALIZER(next) },
 #endif
-#ifdef LDAP_CONTROL_X_TREE_DELETE
+#ifdef SLAP_CONTROL_X_TREE_DELETE
        { LDAP_CONTROL_X_TREE_DELETE,
                (int)offsetof(struct slap_control_ids, sc_treeDelete),
-               SLAP_CTRL_DELETE, NULL,
+               SLAP_CTRL_HIDE|SLAP_CTRL_DELETE, NULL,
                parseTreeDelete, LDAP_SLIST_ENTRY_INITIALIZER(next) },
 #endif
-#ifdef LDAP_CONTORL_X_SEARCH_OPTIONS
-       { LDAP_CONTORL_X_SEARCH_OPTIONS,
+#ifdef LDAP_CONTROL_X_SEARCH_OPTIONS
+       { LDAP_CONTROL_X_SEARCH_OPTIONS,
                (int)offsetof(struct slap_control_ids, sc_searchOptions),
-               SLAP_CTRL_FRONTEND|SLAP_CTRL_SEARCH, NULL,
+               SLAP_CTRL_GLOBAL|SLAP_CTRL_SEARCH, NULL,
                parseSearchOptions, LDAP_SLIST_ENTRY_INITIALIZER(next) },
 #endif
 #ifdef LDAP_CONTROL_SUBENTRIES
@@ -149,11 +159,11 @@ static struct slap_control control_defs[] = {
                (int)offsetof(struct slap_control_ids, sc_noOp),
                SLAP_CTRL_HIDE|SLAP_CTRL_ACCESS, NULL,
                parseNoOp, LDAP_SLIST_ENTRY_INITIALIZER(next) },
-#ifdef LDAP_CONTROL_MODIFY_INCREMENT
-       { LDAP_CONTROL_MODIFY_INCREMENT,
-               (int)offsetof(struct slap_control_ids, sc_modifyIncrement),
-               SLAP_CTRL_HIDE|SLAP_CTRL_MODIFY, NULL,
-               parseModifyIncrement, LDAP_SLIST_ENTRY_INITIALIZER(next) },
+#ifdef LDAP_DEVEL
+       { LDAP_CONTROL_MANAGEDIT,
+               (int)offsetof(struct slap_control_ids, sc_manageDIT),
+               SLAP_CTRL_GLOBAL|SLAP_CTRL_UPDATE, NULL,
+               parseManageDIT, LDAP_SLIST_ENTRY_INITIALIZER(next) },
 #endif
        { LDAP_CONTROL_MANAGEDSAIT,
                (int)offsetof(struct slap_control_ids, sc_manageDSAit),
@@ -161,7 +171,7 @@ static struct slap_control control_defs[] = {
                parseManageDSAit, LDAP_SLIST_ENTRY_INITIALIZER(next) },
        { LDAP_CONTROL_PROXY_AUTHZ,
                (int)offsetof(struct slap_control_ids, sc_proxyAuthz),
-               SLAP_CTRL_FRONTEND|SLAP_CTRL_ACCESS, proxy_authz_extops,
+               SLAP_CTRL_GLOBAL|SLAP_CTRL_ACCESS, proxy_authz_extops,
                parseProxyAuthz, LDAP_SLIST_ENTRY_INITIALIZER(next) },
        { NULL, 0, 0, NULL, 0, LDAP_SLIST_ENTRY_INITIALIZER(next) }
 };
@@ -236,7 +246,6 @@ int
 slap_controls_init( void )
 {
        int i, rc;
-       struct slap_control *sc;
 
        rc = LDAP_SUCCESS;
 
@@ -309,10 +318,9 @@ int
 get_supported_controls(char ***ctrloidsp,
        slap_mask_t **ctrlmasks)
 {
-       int i, n;
+       int n;
        char **oids;
        slap_mask_t *masks;
-       int rc;
        struct slap_control *sc;
 
        n = 0;
@@ -383,6 +391,35 @@ slap_find_control_id(
        return LDAP_CONTROL_NOT_FOUND;
 }
 
+int
+slap_global_control( Operation *op, const char *oid, int *cid )
+{
+       struct slap_control *ctrl = find_ctrl( oid );
+
+       if ( ctrl == NULL ) {
+               /* should not be reachable */
+               Debug( LDAP_DEBUG_ANY,
+                       "slap_global_control: unrecognized control: %s\n",      
+                       oid, 0, 0 );
+               return LDAP_CONTROL_NOT_FOUND;
+       }
+
+       if ( cid ) *cid = ctrl->sc_cid;
+
+       if ( ( ctrl->sc_mask & SLAP_CTRL_GLOBAL ) ||
+               ( ( op->o_tag & LDAP_REQ_SEARCH ) &&
+               ( ctrl->sc_mask & SLAP_CTRL_GLOBAL_SEARCH ) ) )
+       {
+               return LDAP_COMPARE_TRUE;
+       }
+
+       Debug( LDAP_DEBUG_TRACE,
+               "slap_global_control: unavailable control: %s\n",      
+               oid, 0, 0 );
+
+       return LDAP_COMPARE_FALSE;
+}
+
 void slap_free_ctrls(
        Operation *op,
        LDAPControl **ctrls )
@@ -395,6 +432,95 @@ void slap_free_ctrls(
        op->o_tmpfree( ctrls, op->o_tmpmemctx );
 }
 
+int slap_parse_ctrl(
+       Operation *op,
+       SlapReply *rs,
+       LDAPControl *control,
+       const char **text )
+{
+       struct slap_control *sc;
+
+       sc = find_ctrl( control->ldctl_oid );
+       if( sc != NULL ) {
+               /* recognized control */
+               slap_mask_t tagmask;
+               switch( op->o_tag ) {
+               case LDAP_REQ_ADD:
+                       tagmask = SLAP_CTRL_ADD;
+                       break;
+               case LDAP_REQ_BIND:
+                       tagmask = SLAP_CTRL_BIND;
+                       break;
+               case LDAP_REQ_COMPARE:
+                       tagmask = SLAP_CTRL_COMPARE;
+                       break;
+               case LDAP_REQ_DELETE:
+                       tagmask = SLAP_CTRL_DELETE;
+                       break;
+               case LDAP_REQ_MODIFY:
+                       tagmask = SLAP_CTRL_MODIFY;
+                       break;
+               case LDAP_REQ_RENAME:
+                       tagmask = SLAP_CTRL_RENAME;
+                       break;
+               case LDAP_REQ_SEARCH:
+                       tagmask = SLAP_CTRL_SEARCH;
+                       break;
+               case LDAP_REQ_UNBIND:
+                       tagmask = SLAP_CTRL_UNBIND;
+                       break;
+               case LDAP_REQ_ABANDON:
+                       tagmask = SLAP_CTRL_ABANDON;
+                       break;
+               case LDAP_REQ_EXTENDED:
+                       tagmask=~0L;
+                       assert( op->ore_reqoid.bv_val != NULL );
+                       if( sc->sc_extendedops != NULL ) {
+                               int i;
+                               for( i=0; sc->sc_extendedops[i] != NULL; i++ ) {
+                                       if( strcmp( op->ore_reqoid.bv_val,
+                                               sc->sc_extendedops[i] ) == 0 )
+                                       {
+                                               tagmask=0L;
+                                               break;
+                                       }
+                               }
+                       }
+                       break;
+               default:
+                       *text = "controls internal error";
+                       return LDAP_OTHER;
+               }
+
+               if (( sc->sc_mask & tagmask ) == tagmask ) {
+                       /* available extension */
+                       int     rc;
+
+                       if( !sc->sc_parse ) {
+                               *text = "not yet implemented";
+                               return LDAP_OTHER;
+                       }
+
+                       rc = sc->sc_parse( op, rs, control );
+                       if ( rc ) {
+                               assert( rc != LDAP_UNAVAILABLE_CRITICAL_EXTENSION );
+                               return rc;
+                       }
+
+               } else if( control->ldctl_iscritical ) {
+                       /* unavailable CRITICAL control */
+                       *text = "critical extension is unavailable";
+                       return LDAP_UNAVAILABLE_CRITICAL_EXTENSION;
+               }
+       } else if( control->ldctl_iscritical ) {
+               /* unrecognized CRITICAL control */
+               *text = "critical extension is not recognized";
+               return LDAP_UNAVAILABLE_CRITICAL_EXTENSION;
+       }
+
+       return LDAP_SUCCESS;
+}
+
 int get_ctrls(
        Operation *op,
        SlapReply *rs,
@@ -405,7 +531,6 @@ int get_ctrls(
        ber_len_t len;
        char *opaque;
        BerElement *ber = op->o_ber;
-       struct slap_control *sc;
        struct berval bv;
 
        len = ber_pvt_ber_remaining(ber);
@@ -545,101 +670,10 @@ int get_ctrls(
                        "=> get_ctrls: oid=\"%s\" (%scritical)\n",
                        c->ldctl_oid, c->ldctl_iscritical ? "" : "non", 0 );
 
-               sc = find_ctrl( c->ldctl_oid );
-               if( sc != NULL ) {
-                       /* recognized control */
-                       slap_mask_t tagmask;
-                       switch( op->o_tag ) {
-                       case LDAP_REQ_ADD:
-                               tagmask = SLAP_CTRL_ADD;
-                               break;
-                       case LDAP_REQ_BIND:
-                               tagmask = SLAP_CTRL_BIND;
-                               break;
-                       case LDAP_REQ_COMPARE:
-                               tagmask = SLAP_CTRL_COMPARE;
-                               break;
-                       case LDAP_REQ_DELETE:
-                               tagmask = SLAP_CTRL_DELETE;
-                               break;
-                       case LDAP_REQ_MODIFY:
-                               tagmask = SLAP_CTRL_MODIFY;
-                               break;
-                       case LDAP_REQ_RENAME:
-                               tagmask = SLAP_CTRL_RENAME;
-                               break;
-                       case LDAP_REQ_SEARCH:
-                               tagmask = SLAP_CTRL_SEARCH;
-                               break;
-                       case LDAP_REQ_UNBIND:
-                               tagmask = SLAP_CTRL_UNBIND;
-                               break;
-                       case LDAP_REQ_ABANDON:
-                               tagmask = SLAP_CTRL_ABANDON;
-                               break;
-                       case LDAP_REQ_EXTENDED:
-                               tagmask=~0L;
-                               assert( op->ore_reqoid.bv_val != NULL );
-                               if( sc->sc_extendedops != NULL ) {
-                                       int i;
-                                       for( i=0; sc->sc_extendedops[i] != NULL; i++ ) {
-                                               if( strcmp( op->ore_reqoid.bv_val,
-                                                       sc->sc_extendedops[i] ) == 0 )
-                                               {
-                                                       tagmask=0L;
-                                                       break;
-                                               }
-                                       }
-                               }
-                               break;
-                       default:
-                               rs->sr_err = LDAP_OTHER;
-                               rs->sr_text = "controls internal error";
-                               goto return_results;
-                       }
-
-                       if (( sc->sc_mask & tagmask ) == tagmask ) {
-                               /* available extension */
-                               int     rc;
-
-                               if( !sc->sc_parse ) {
-                                       rs->sr_err = LDAP_OTHER;
-                                       rs->sr_text = "not yet implemented";
-                                       goto return_results;
-                               }
-
-                               rc = sc->sc_parse( op, rs, c );
-                               if ( rc ) {
-                                       assert( rc != LDAP_UNAVAILABLE_CRITICAL_EXTENSION );
-                                       rs->sr_err = rc;
-                                       goto return_results;
-                               }
-
-                               if ( sc->sc_mask & SLAP_CTRL_FRONTEND ) {
-                                       /* kludge to disable backend_control() check */
-                                       c->ldctl_iscritical = 0;
-
-                               } else if ( tagmask == SLAP_CTRL_SEARCH &&
-                                       sc->sc_mask & SLAP_CTRL_FRONTEND_SEARCH )
-                               {
-                                       /* kludge to disable backend_control() check */
-                                       c->ldctl_iscritical = 0;
-                               }
-
-                       } else if( c->ldctl_iscritical ) {
-                               /* unavailable CRITICAL control */
-                               rs->sr_err = LDAP_UNAVAILABLE_CRITICAL_EXTENSION;
-                               rs->sr_text = "critical extension is unavailable";
-                               goto return_results;
-                       }
-
-               } else if( c->ldctl_iscritical ) {
-                       /* unrecognized CRITICAL control */
-                       rs->sr_err = LDAP_UNAVAILABLE_CRITICAL_EXTENSION;
-                       rs->sr_text = "critical extension is not recognized";
+               rs->sr_err = slap_parse_ctrl( op, rs, c, &rs->sr_text );
+               if ( rs->sr_err != LDAP_SUCCESS ) {
                        goto return_results;
                }
-next_ctrl:;
        }
 
 return_results:
@@ -660,31 +694,29 @@ return_results:
        return rs->sr_err;
 }
 
-static int parseModifyIncrement (
+#ifdef LDAP_DEVEL
+static int parseManageDIT (
        Operation *op,
        SlapReply *rs,
        LDAPControl *ctrl )
 {
-#if 0
-       if ( op->o_modifyIncrement != SLAP_CONTROL_NONE ) {
-               rs->sr_text = "modifyIncrement control specified multiple times";
+       if ( op->o_managedit != SLAP_CONTROL_NONE ) {
+               rs->sr_text = "manageDIT control specified multiple times";
                return LDAP_PROTOCOL_ERROR;
        }
-#endif
 
        if ( ctrl->ldctl_value.bv_len ) {
-               rs->sr_text = "modifyIncrement control value not empty";
+               rs->sr_text = "manageDIT control value not empty";
                return LDAP_PROTOCOL_ERROR;
        }
 
-#if 0
-       op->o_modifyIncrement = ctrl->ldctl_iscritical
+       op->o_managedit = ctrl->ldctl_iscritical
                ? SLAP_CONTROL_CRITICAL
                : SLAP_CONTROL_NONCRITICAL;
-#endif
 
        return LDAP_SUCCESS;
 }
+#endif
 
 static int parseManageDSAit (
        Operation *op,
@@ -731,19 +763,17 @@ static int parseProxyAuthz (
                ctrl->ldctl_value.bv_len ?  ctrl->ldctl_value.bv_val : "anonymous",
                0 );
 
-       if( ctrl->ldctl_value.bv_len == 0 ) {
+       if ( ctrl->ldctl_value.bv_len == 0 ) {
                Debug( LDAP_DEBUG_TRACE,
                        "parseProxyAuthz: conn=%lu anonymous\n", 
                        op->o_connid, 0, 0 );
 
                /* anonymous */
-               free( op->o_dn.bv_val );
-               op->o_dn.bv_len = 0;
-               op->o_dn.bv_val = ch_strdup( "" );
-
-               free( op->o_ndn.bv_val );
+               op->o_ndn.bv_val[ 0 ] = '\0';
                op->o_ndn.bv_len = 0;
-               op->o_ndn.bv_val = ch_strdup( "" );
+
+               op->o_dn.bv_val[ 0 ] = '\0';
+               op->o_dn.bv_len = 0;
 
                return LDAP_SUCCESS;
        }
@@ -767,27 +797,26 @@ static int parseProxyAuthz (
 
        rc = slap_sasl_authorized( op, &op->o_ndn, &dn );
 
-       if( rc ) {
+       if ( rc ) {
                ch_free( dn.bv_val );
                rs->sr_text = "not authorized to assume identity";
                return LDAP_PROXY_AUTHZ_FAILURE;
        }
 
-       ch_free( op->o_dn.bv_val );
        ch_free( op->o_ndn.bv_val );
-
-       op->o_dn.bv_val = NULL;
-       op->o_ndn = dn;
-
-       Statslog( LDAP_DEBUG_STATS, "%s PROXYAUTHZ dn=\"%s\"\n",
-           op->o_log_prefix, dn.bv_val, 0, 0, 0 );
+       ch_free( op->o_dn.bv_val );
 
        /*
         * NOTE: since slap_sasl_getdn() returns a normalized dn,
         * from now on op->o_dn is normalized
         */
+       op->o_ndn = dn;
        ber_dupbv( &op->o_dn, &dn );
 
+
+       Statslog( LDAP_DEBUG_STATS, "%s PROXYAUTHZ dn=\"%s\"\n",
+           op->o_log_prefix, dn.bv_val, 0, 0, 0 );
+
        return LDAP_SUCCESS;
 }
 
@@ -830,13 +859,6 @@ static int parsePagedResults (
                return LDAP_PROTOCOL_ERROR;
        }
 
-#if 0  /* DELETE ME */
-       if ( op->o_sync != SLAP_CONTROL_NONE ) {
-               rs->sr_text = "paged results control specified with sync control";
-               return LDAP_PROTOCOL_ERROR;
-       }
-#endif
-
        if ( BER_BVISEMPTY( &ctrl->ldctl_value ) ) {
                rs->sr_text = "paged results control value is empty (or absent)";
                return LDAP_PROTOCOL_ERROR;
@@ -942,6 +964,34 @@ done:;
        return rc;
 }
 
+#ifdef LDAP_DEVEL
+static int parseSortedResults (
+       Operation *op,
+       SlapReply *rs,
+       LDAPControl *ctrl )
+{
+       int             rc = LDAP_SUCCESS;
+
+       if ( op->o_sortedresults != SLAP_CONTROL_NONE ) {
+               rs->sr_text = "sorted results control specified multiple times";
+               return LDAP_PROTOCOL_ERROR;
+       }
+
+       if ( BER_BVISEMPTY( &ctrl->ldctl_value ) ) {
+               rs->sr_text = "sorted results control value is empty (or absent)";
+               return LDAP_PROTOCOL_ERROR;
+       }
+
+       /* blow off parsing the value */
+
+       op->o_sortedresults = ctrl->ldctl_iscritical
+               ? SLAP_CONTROL_CRITICAL
+               : SLAP_CONTROL_NONCRITICAL;
+
+       return rc;
+}
+#endif
+
 static int parseAssert (
        Operation *op,
        SlapReply *rs,
@@ -949,7 +999,6 @@ static int parseAssert (
 {
        BerElement      *ber;
        struct berval   fstr = BER_BVNULL;
-       const char *err_msg = "";
 
        if ( op->o_assert != SLAP_CONTROL_NONE ) {
                rs->sr_text = "assert control specified multiple times";
@@ -1040,7 +1089,9 @@ static int parsePreRead (
                an[i].an_oc_exclude = 0;
                rc = slap_bv2ad( &an[i].an_name, &an[i].an_desc, &dummy );
                if ( rc != LDAP_SUCCESS && ctrl->ldctl_iscritical ) {
-                       rs->sr_text = dummy ? dummy : "postread control: unknown attributeType";
+                       rs->sr_text = dummy
+                               ? dummy
+                               : "postread control: unknown attributeType";
                        return rc;
                }
        }
@@ -1096,7 +1147,9 @@ static int parsePostRead (
                an[i].an_oc_exclude = 0;
                rc = slap_bv2ad( &an[i].an_name, &an[i].an_desc, &dummy );
                if ( rc != LDAP_SUCCESS && ctrl->ldctl_iscritical ) {
-                       rs->sr_text = dummy ? dummy : "postread control: unknown attributeType";
+                       rs->sr_text = dummy
+                               ? dummy
+                               : "postread control: unknown attributeType";
                        return rc;
                }
        }
@@ -1111,14 +1164,13 @@ static int parsePostRead (
        return LDAP_SUCCESS;
 }
 
-int parseValuesReturnFilter (
+static int parseValuesReturnFilter (
        Operation *op,
        SlapReply *rs,
        LDAPControl *ctrl )
 {
        BerElement      *ber;
        struct berval   fstr = BER_BVNULL;
-       const char *err_msg = "";
 
        if ( op->o_valuesreturnfilter != SLAP_CONTROL_NONE ) {
                rs->sr_text = "valuesReturnFilter control specified multiple times";
@@ -1179,8 +1231,8 @@ static int parseSubentries (
 
        /* FIXME: should use BER library */
        if( ( ctrl->ldctl_value.bv_len != 3 )
-               && ( ctrl->ldctl_value.bv_val[0] != 0x01 )
-               && ( ctrl->ldctl_value.bv_val[1] != 0x01 ))
+               || ( ctrl->ldctl_value.bv_val[0] != 0x01 )
+               || ( ctrl->ldctl_value.bv_val[1] != 0x01 ))
        {
                rs->sr_text = "subentries control value encoding is bogus";
                return LDAP_PROTOCOL_ERROR;
@@ -1190,8 +1242,9 @@ static int parseSubentries (
                ? SLAP_CONTROL_CRITICAL
                : SLAP_CONTROL_NONCRITICAL;
 
-       if ( (void *)(ctrl->ldctl_value.bv_val[2] != 0x00))
+       if (ctrl->ldctl_value.bv_val[2]) {
                set_subentries_visibility( op );
+       }
 
        return LDAP_SUCCESS;
 }
@@ -1245,7 +1298,7 @@ static int parseDomainScope (
 }
 #endif
 
-#ifdef LDAP_CONTROL_X_TREE_DELETE
+#ifdef SLAP_CONTROL_X_TREE_DELETE
 static int parseTreeDelete (
        Operation *op,
        SlapReply *rs,
@@ -1269,7 +1322,7 @@ static int parseTreeDelete (
 }
 #endif
 
-#ifdef LDAP_CONTORL_X_SEARCH_OPTIONS
+#ifdef LDAP_CONTROL_X_SEARCH_OPTIONS
 static int parseSearchOptions (
        Operation *op,
        SlapReply *rs,
@@ -1277,6 +1330,7 @@ static int parseSearchOptions (
 {
        BerElement *ber;
        ber_int_t search_flags;
+       ber_tag_t tag;
 
        if ( ctrl->ldctl_value.bv_len == 0 ) {
                rs->sr_text = "searchOptions control value not empty";
@@ -1309,7 +1363,10 @@ static int parseSearchOptions (
        }
 
        if ( search_flags & ~(LDAP_SEARCH_FLAG_DOMAIN_SCOPE) ) {
-               /* Other search flags not recognised so far */
+               /* Other search flags not recognised so far,
+                * including:
+                *              LDAP_SEARCH_FLAG_PHANTOM_ROOM
+                */
                rs->sr_text = "searchOptions contained unrecongized flag";
                return LDAP_UNWILLING_TO_PERFORM;
        }