X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=servers%2Fslapd%2Fresult.c;h=061c6899c91158fd53824dc88f27a9738208ac24;hb=04c5711506f17cc7403240c1f335527c6bccaa33;hp=246a00776413aa7e1403ab024b71ff630e1ab054;hpb=73276e84ae32e9e148197971d1d6729739980353;p=openldap

diff --git a/servers/slapd/result.c b/servers/slapd/result.c
index 246a007764..061c6899c9 100644
--- a/servers/slapd/result.c
+++ b/servers/slapd/result.c
@@ -11,6 +11,7 @@
 #include <ac/time.h>
 #include <ac/unistd.h>
 
+#include "ldap_defaults.h"
 #include "slap.h"
 
 /* we need LBER internals */
@@ -342,7 +343,7 @@ send_ldap_disconnect(
 
 	Statslog( LDAP_DEBUG_STATS,
 	    "conn=%ld op=%ld DISCONNECT err=%ld tag=%lu text=%s\n",
-		(long) conn->c_connid, (long) op->o_opid,
+		(long) op->o_connid, (long) op->o_opid,
 		(long) tag, (long) err, text );
 }
 
@@ -363,7 +364,9 @@ send_ldap_result(
 
 	assert( !LDAP_API_ERROR( err ) );
 
-	Debug( LDAP_DEBUG_TRACE, "send_ldap_result %d:%s:%s\n",
+	Debug( LDAP_DEBUG_TRACE, "send_ldap_result: conn=%ld op=%ld p=%d\n",
+		(long) op->o_connid, (long) op->o_opid, op->o_protocol );
+	Debug( LDAP_DEBUG_ARGS, "send_ldap_result: %d:%s:%s\n",
 		err, matched ?  matched : "", text ? text : "" );
 
 	assert( err != LDAP_PARTIAL_RESULTS );
@@ -402,7 +405,7 @@ send_ldap_result(
 
 	Statslog( LDAP_DEBUG_STATS,
 	    "conn=%ld op=%ld RESULT err=%ld tag=%lu text=%s\n",
-		(long) conn->c_connid, (long) op->o_opid,
+		(long) op->o_connid, (long) op->o_opid,
 		(long) err, (long) tag, text );
 
 	if( tmp != NULL ) {
@@ -439,15 +442,18 @@ send_search_result(
 		/* send references in search results */
 		if( err == LDAP_REFERRAL ) {
 			err = LDAP_PARTIAL_RESULTS;
-			tmp = text = v2ref( refs );
-			refs = NULL;
 		}
 
+		tmp = text = v2ref( refs );
+		refs = NULL;
+
 	} else {
 		/* don't send references in search results */
+		assert( refs == NULL );
+		refs = NULL;
+
 		if( err == LDAP_REFERRAL ) {
 			err = LDAP_SUCCESS;
-			refs = NULL;
 		}
 	}
 
@@ -471,7 +477,7 @@ send_search_result(
 
 	Statslog( LDAP_DEBUG_STATS,
 	    "conn=%ld op=%ld SEARCH RESULT err=%ld tag=%lu text=%s\n",
-		(long) conn->c_connid, (long) op->o_opid,
+		(long) op->o_connid, (long) op->o_opid,
 		(long) err, (long) tag, text );
 
 }
@@ -485,29 +491,18 @@ send_search_entry(
     Entry	*e,
     char	**attrs,
     int		attrsonly,
-	int		opattrs,
 	LDAPControl **ctrls
 )
 {
 	BerElement	*ber;
 	Attribute	*a;
 	int		i, rc=-1, bytes;
-	struct acl	*acl;
+	AccessControl	*acl;
 	char            *edn;
-	int		allattrs;
+	int		userattrs;
+	int		opattrs;
 
-	Debug( LDAP_DEBUG_TRACE, "=> send_search_entry (%s)\n", e->e_dn, 0, 0 );
-
-#if defined( SLAPD_SCHEMA_DN )
-	{
-		/* this could be backend specific */
-		struct	berval	val;
-		val.bv_val = SLAPD_SCHEMA_DN;
-		val.bv_len = strlen( val.bv_val );
-		attr_merge( e, "subschemaSubentry", vals );
-		ldap_memfree( val.bv_val );
-	}
-#endif
+	Debug( LDAP_DEBUG_TRACE, "=> send_search_entry: \"%s\"\n", e->e_dn, 0, 0 );
 
 	if ( ! access_allowed( be, conn, op, e,
 		"entry", NULL, ACL_READ ) )
@@ -539,11 +534,14 @@ send_search_entry(
 		goto error_return;
 	}
 
-	/* check for special all user attributes ("*") attribute */
-	allattrs = attrs == NULL
-		? 1
+	/* check for special all user attributes ("*") type */
+	userattrs = ( attrs == NULL ) ? 1
 		: charray_inlist( attrs, LDAP_ALL_USER_ATTRIBUTES );
 
+	/* check for special all operational attributes ("+") type */
+	opattrs = ( attrs == NULL ) ? 0
+		: charray_inlist( attrs, LDAP_ALL_OPERATIONAL_ATTRIBUTES );
+
 	for ( a = e->e_attrs; a != NULL; a = a->a_next ) {
 		regmatch_t       matches[MAXREMATCHES];
 
@@ -555,8 +553,16 @@ send_search_entry(
 
 		} else {
 			/* specific addrs requested */
-			if ( !allattrs && !charray_inlist( attrs, a->a_type ) ) {
-				continue;
+			if (  oc_check_operational_attr( a->a_type ) ) {
+				if( !opattrs && !charray_inlist( attrs, a->a_type ) )
+				{
+					continue;
+				}
+			} else {
+				if (!userattrs && !charray_inlist( attrs, a->a_type ) )
+				{
+					continue;
+				}
 			}
 		}
 
@@ -606,6 +612,82 @@ send_search_entry(
 		}
 	}
 
+#ifdef SLAPD_SCHEMA_DN
+	/* eventually will loop through generated operational attributes */
+	/* only have subschemaSubentry implemented */
+	a = backend_subschemasubentry( be );
+	
+	do {
+		regmatch_t       matches[MAXREMATCHES];
+
+		if ( attrs == NULL ) {
+			/* all addrs request, skip operational attributes */
+			if( !opattrs && oc_check_operational_attr( a->a_type ) ) {
+				continue;
+			}
+
+		} else {
+			/* specific addrs requested */
+			if (  oc_check_operational_attr( a->a_type ) ) {
+				if( !opattrs && !charray_inlist( attrs, a->a_type ) )
+				{
+					continue;
+				}
+			} else {
+				if (!userattrs && !charray_inlist( attrs, a->a_type ) )
+				{
+					continue;
+				}
+			}
+		}
+
+		acl = acl_get_applicable( be, op, e, a->a_type,
+			MAXREMATCHES, matches );
+
+		if ( ! acl_access_allowed( acl, be, conn, e,
+			NULL, op, ACL_READ, edn, matches ) ) 
+		{
+			continue;
+		}
+
+		if (( rc = ber_printf( ber, "{s[" /*]}*/ , a->a_type )) == -1 ) {
+			Debug( LDAP_DEBUG_ANY, "ber_printf failed\n", 0, 0, 0 );
+			ber_free( ber, 1 );
+			send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR,
+			    NULL, "encoding type error", NULL, NULL );
+			goto error_return;
+		}
+
+		if ( ! attrsonly ) {
+			for ( i = 0; a->a_vals[i] != NULL; i++ ) {
+				if ( a->a_syntax & SYNTAX_DN && 
+					! acl_access_allowed( acl, be, conn, e, a->a_vals[i], op,
+						ACL_READ, edn, matches) )
+				{
+					continue;
+				}
+
+				if (( rc = ber_printf( ber, "O", a->a_vals[i] )) == -1 ) {
+					Debug( LDAP_DEBUG_ANY,
+					    "ber_printf failed\n", 0, 0, 0 );
+					ber_free( ber, 1 );
+					send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR,
+						NULL, "encoding value error", NULL, NULL );
+					goto error_return;
+				}
+			}
+		}
+
+		if (( rc = ber_printf( ber, /*{[*/ "]}" )) == -1 ) {
+			Debug( LDAP_DEBUG_ANY, "ber_printf failed\n", 0, 0, 0 );
+			ber_free( ber, 1 );
+			send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR,
+			    NULL, "encode end error", NULL, NULL );
+			goto error_return;
+		}
+	} while (0);
+#endif
+
 	rc = ber_printf( ber, /*{{{*/ "}}}" );
 
 	if ( rc == -1 ) {
@@ -658,7 +740,7 @@ send_search_reference(
 	int rc;
 	int bytes;
 
-	Debug( LDAP_DEBUG_TRACE, "=> send_search_entry (%s)\n", e->e_dn, 0, 0 );
+	Debug( LDAP_DEBUG_TRACE, "=> send_search_reference (%s)\n", e->e_dn, 0, 0 );
 
 	if ( ! access_allowed( be, conn, op, e,
 		"entry", NULL, ACL_READ ) )
@@ -726,7 +808,7 @@ send_search_reference(
 	Statslog( LDAP_DEBUG_STATS2, "conn=%ld op=%ld ENTRY dn=\"%s\"\n",
 	    (long) conn->c_connid, (long) op->o_opid, e->e_dn, 0, 0 );
 
-	Debug( LDAP_DEBUG_TRACE, "<= send_search_entry\n", 0, 0, 0 );
+	Debug( LDAP_DEBUG_TRACE, "<= send_search_reference\n", 0, 0, 0 );
 
 	return 0;
 }