#include <ac/time.h>
#include <ac/unistd.h>
+#include "ldap_defaults.h"
#include "slap.h"
/* we need LBER internals */
ber = ber_alloc_t( LBER_USE_DER );
- Debug( LDAP_DEBUG_TRACE, "send_ldap_response: tag=%ld msgid=%ld err=%ld\n",
- (long) tag, (long) msgid, (long) err );
+ Debug( LDAP_DEBUG_TRACE, "send_ldap_response: msgid=%ld tag=%ld err=%ld\n",
+ (long) msgid, (long) tag, (long) err );
if ( ber == NULL ) {
Debug( LDAP_DEBUG_ANY, "ber_alloc failed\n", 0, 0, 0 );
NULL, NULL, ctrls );
Statslog( LDAP_DEBUG_STATS,
- "conn=%ld op=%ld RESULT err=%ld tag=%lu text=%s\n",
+ "conn=%ld op=%ld RESULT tag=%lu err=%ld text=%s\n",
(long) op->o_connid, (long) op->o_opid,
- (long) err, (long) tag, text );
+ (long) tag, (long) err, text );
if( tmp != NULL ) {
free(tmp);
NULL, NULL, ctrls );
Statslog( LDAP_DEBUG_STATS,
- "conn=%ld op=%ld SEARCH RESULT err=%ld tag=%lu text=%s\n",
+ "conn=%ld op=%ld SEARCH RESULT tag=%lu err=%ld text=%s\n",
(long) op->o_connid, (long) op->o_opid,
- (long) err, (long) tag, text );
+ (long) tag, (long) err, text );
}
Entry *e,
char **attrs,
int attrsonly,
- int opattrs,
LDAPControl **ctrls
)
{
int i, rc=-1, bytes;
AccessControl *acl;
char *edn;
- int allattrs;
-
- Debug( LDAP_DEBUG_TRACE, "=> send_search_entry (%s)\n", e->e_dn, 0, 0 );
+ int userattrs;
+ int opattrs;
-#if defined( SLAPD_SCHEMA_DN )
- {
- /* this could be backend specific */
- struct berval val;
- val.bv_val = SLAPD_SCHEMA_DN;
- val.bv_len = strlen( val.bv_val );
- attr_merge( e, "subschemaSubentry", vals );
- ldap_memfree( val.bv_val );
- }
-#endif
+ Debug( LDAP_DEBUG_TRACE, "=> send_search_entry: \"%s\"\n", e->e_dn, 0, 0 );
if ( ! access_allowed( be, conn, op, e,
"entry", NULL, ACL_READ ) )
goto error_return;
}
- /* check for special all user attributes ("*") attribute */
- allattrs = ( attrs == NULL ) ? 1
+ /* check for special all user attributes ("*") type */
+ userattrs = ( attrs == NULL ) ? 1
: charray_inlist( attrs, LDAP_ALL_USER_ATTRIBUTES );
+ /* check for special all operational attributes ("+") type */
+ opattrs = ( attrs == NULL ) ? 0
+ : charray_inlist( attrs, LDAP_ALL_OPERATIONAL_ATTRIBUTES );
+
for ( a = e->e_attrs; a != NULL; a = a->a_next ) {
regmatch_t matches[MAXREMATCHES];
} else {
/* specific addrs requested */
- if ( allattrs ) {
- /* user requested all user attributes */
- /* if operational, make sure it's in list */
+ if ( oc_check_operational_attr( a->a_type ) ) {
+ if( !opattrs && !charray_inlist( attrs, a->a_type ) )
+ {
+ continue;
+ }
+ } else {
+ if (!userattrs && !charray_inlist( attrs, a->a_type ) )
+ {
+ continue;
+ }
+ }
+ }
+
+ acl = acl_get_applicable( be, op, e, a->a_type,
+ MAXREMATCHES, matches );
+
+ if ( ! acl_access_allowed( acl, be, conn, e,
+ NULL, op, ACL_READ, edn, matches ) )
+ {
+ continue;
+ }
- if( oc_check_operational_attr( a->a_type )
- && !charray_inlist( attrs, a->a_type ) )
+ if (( rc = ber_printf( ber, "{s[" /*]}*/ , a->a_type )) == -1 ) {
+ Debug( LDAP_DEBUG_ANY, "ber_printf failed\n", 0, 0, 0 );
+ ber_free( ber, 1 );
+ send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR,
+ NULL, "encoding type error", NULL, NULL );
+ goto error_return;
+ }
+
+ if ( ! attrsonly ) {
+ for ( i = 0; a->a_vals[i] != NULL; i++ ) {
+ if ( a->a_syntax & SYNTAX_DN &&
+ ! acl_access_allowed( acl, be, conn, e, a->a_vals[i], op,
+ ACL_READ, edn, matches) )
{
continue;
}
- } else if ( !charray_inlist( attrs, a->a_type ) ) {
+ if (( rc = ber_printf( ber, "O", a->a_vals[i] )) == -1 ) {
+ Debug( LDAP_DEBUG_ANY,
+ "ber_printf failed\n", 0, 0, 0 );
+ ber_free( ber, 1 );
+ send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR,
+ NULL, "encoding value error", NULL, NULL );
+ goto error_return;
+ }
+ }
+ }
+
+ if (( rc = ber_printf( ber, /*{[*/ "]}" )) == -1 ) {
+ Debug( LDAP_DEBUG_ANY, "ber_printf failed\n", 0, 0, 0 );
+ ber_free( ber, 1 );
+ send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR,
+ NULL, "encode end error", NULL, NULL );
+ goto error_return;
+ }
+ }
+
+#ifdef SLAPD_SCHEMA_DN
+ /* eventually will loop through generated operational attributes */
+ /* only have subschemaSubentry implemented */
+ a = backend_subschemasubentry( be );
+
+ do {
+ regmatch_t matches[MAXREMATCHES];
+
+ if ( attrs == NULL ) {
+ /* all addrs request, skip operational attributes */
+ if( !opattrs && oc_check_operational_attr( a->a_type ) ) {
continue;
}
+
+ } else {
+ /* specific addrs requested */
+ if ( oc_check_operational_attr( a->a_type ) ) {
+ if( !opattrs && !charray_inlist( attrs, a->a_type ) )
+ {
+ continue;
+ }
+ } else {
+ if (!userattrs && !charray_inlist( attrs, a->a_type ) )
+ {
+ continue;
+ }
+ }
}
acl = acl_get_applicable( be, op, e, a->a_type,
NULL, "encode end error", NULL, NULL );
goto error_return;
}
- }
+ } while (0);
+#endif
rc = ber_printf( ber, /*{{{*/ "}}}" );
int rc;
int bytes;
- Debug( LDAP_DEBUG_TRACE, "=> send_search_entry (%s)\n", e->e_dn, 0, 0 );
+ Debug( LDAP_DEBUG_TRACE, "=> send_search_reference (%s)\n", e->e_dn, 0, 0 );
if ( ! access_allowed( be, conn, op, e,
"entry", NULL, ACL_READ ) )
Statslog( LDAP_DEBUG_STATS2, "conn=%ld op=%ld ENTRY dn=\"%s\"\n",
(long) conn->c_connid, (long) op->o_opid, e->e_dn, 0, 0 );
- Debug( LDAP_DEBUG_TRACE, "<= send_search_entry\n", 0, 0, 0 );
+ Debug( LDAP_DEBUG_TRACE, "<= send_search_reference\n", 0, 0, 0 );
return 0;
}
projects / openldap / blobdiff