int userattrs;
int opattrs;
AccessControlState acl_state = ACL_STATE_INIT;
+#ifdef LDAP_SLAPI
+ /* Support virtual attribute plugins. */
+ Slapi_PBlock *pb = op->o_pb;
+ Slapi_AttrSet *vattrs = NULL;
+#endif
AttributeDescription *ad_entry = slap_schema.si_ad_entry;
}
}
+#if defined( LDAP_SLAPI )
+ /* Add virtual attributes */
+ vattrs = slapi_x_attrset_new();
+ slapi_pblock_set( pb, SLAPI_SEARCH_RESULT_ENTRY, (void *)e );
+ slapi_pblock_set( pb, SLAPI_PLUGIN_OPATTR_COALESCE_DATA, (void *)vattrs );
+ rc = doPluginFNs( be, SLAPI_PLUGIN_OPATTR_COALESCE_FN, pb );
+ if ( rc == 0 ) {
+ /*
+ * Re-fetch this to be safe; plugin could have freed and
+ * changed it, although it shouldn't.
+ */
+ rc = slapi_pblock_get( pb, SLAPI_PLUGIN_OPATTR_COALESCE_DATA, (void **)&vattrs );
+ if ( rc != 0 ) {
+ /* Something bad happened. */
+ vattrs = NULL;
+ }
+ }
+
+ /* Now, send the virtual attributes. */
+ if ( vattrs != NULL ) {
+ for (a = *vattrs, j = 0; a != NULL; a = a->a_next, j++ ) {
+ AttributeDescription *desc = a->a_desc;
+
+ if ( attrs == NULL ) {
+ /* all attrs request, skip operational attributes */
+ if( is_at_operational( desc->ad_type ) ) {
+ continue;
+ }
+
+ } else {
+ /* specific attrs requested */
+ if( is_at_operational( desc->ad_type ) ) {
+ if( !opattrs && !ad_inlist( desc, attrs ) ) {
+ continue;
+ }
+ } else {
+ if (!userattrs && !ad_inlist( desc, attrs ) )
+ {
+ continue;
+ }
+ }
+ }
+
+ if ( ! access_allowed( be, conn, op, e, desc, NULL,
+ ACL_READ, &acl_state ) )
+ {
+#ifdef NEW_LOGGING
+ LDAP_LOG( ACL, INFO,
+ "send_search_entry: conn %lu "
+ "access to attribute %s not allowed\n",
+ op->o_connid, desc->ad_cname.bv_val, 0 );
+#else
+ Debug( LDAP_DEBUG_ACL, "acl: access to attribute %s "
+ "not allowed\n",
+ desc->ad_cname.bv_val, 0, 0 );
+#endif
+
+ continue;
+ }
+
+ rc = ber_printf( ber, "{O[" /*]}*/ , &desc->ad_cname );
+ if ( rc == -1 ) {
+#ifdef NEW_LOGGING
+ LDAP_LOG( OPERATION, ERR,
+ "send_search_entry: conn %lu "
+ "ber_printf failed\n", op->o_connid, 0, 0 );
+#else
+ Debug( LDAP_DEBUG_ANY, "ber_printf failed\n", 0, 0, 0 );
+#endif
+
+ ber_free_buf( ber );
+ send_ldap_result( conn, op, LDAP_OTHER,
+ NULL, "encoding description error", NULL, NULL );
+
+ attrs_free( aa );
+ goto error_return;
+ }
+
+ if ( ! attrsonly ) {
+ for ( i = 0; a->a_vals[i].bv_val != NULL; i++ ) {
+ if ( ! access_allowed( be, conn, op, e,
+ desc, &a->a_vals[i], ACL_READ, &acl_state ) )
+ {
+#ifdef NEW_LOGGING
+ LDAP_LOG( ACL, INFO,
+ "send_search_entry: conn %lu "
+ "access to %s, value %d not allowed\n",
+ op->o_connid, desc->ad_cname.bv_val, i );
+#else
+ Debug( LDAP_DEBUG_ACL,
+ "acl: access to attribute %s, "
+ "value %d not allowed\n",
+ desc->ad_cname.bv_val, i, 0 );
+#endif
+
+ continue;
+ }
+
+ if ( op->vrFilter && e_flags[j][i] == 0 ){
+ continue;
+ }
+
+ if (( rc = ber_printf( ber, "O", &a->a_vals[i] )) == -1 ) {
+#ifdef NEW_LOGGING
+ LDAP_LOG( OPERATION, ERR,
+ "send_search_entry: conn %lu ber_printf failed\n",
+ op->o_connid, 0, 0 );
+#else
+ Debug( LDAP_DEBUG_ANY,
+ "ber_printf failed\n", 0, 0, 0 );
+#endif
+
+ ber_free_buf( ber );
+ send_ldap_result( conn, op, LDAP_OTHER,
+ NULL, "encoding values error",
+ NULL, NULL );
+
+ attrs_free( aa );
+ goto error_return;
+ }
+ }
+ }
+
+ if (( rc = ber_printf( ber, /*{[*/ "]N}" )) == -1 ) {
+#ifdef NEW_LOGGING
+ LDAP_LOG( OPERATION, ERR,
+ "send_search_entry: conn %lu ber_printf failed\n",
+ op->o_connid, 0, 0 );
+#else
+ Debug( LDAP_DEBUG_ANY, "ber_printf failed\n", 0, 0, 0 );
+#endif
+
+ ber_free_buf( ber );
+ send_ldap_result( conn, op, LDAP_OTHER,
+ NULL, "encode end error", NULL, NULL );
+
+ attrs_free( aa );
+ goto error_return;
+ }
+ }
+ slapi_x_attrset_free( &vattrs );
+ }
+#endif /* LDAP_SLAPI */
+
/* free e_flags */
if ( e_flags ) {
free( e_flags );
projects / openldap / commitdiff