#include "proto-back-ldbm.h"
-/* return 0 IFF we can retrieve the attributes
+/* return LDAP_SUCCESS IFF we can retrieve the attributes
* of entry with e_ndn
*/
int
Entry *target,
const char *e_ndn,
AttributeDescription *entry_at,
- const char ***vals
+ struct berval ***vals
)
{
struct ldbminfo *li = (struct ldbminfo *) be->be_private;
Entry *e;
- int i, j, rc = 1;
+ int i, j, rc;
Attribute *attr;
- struct berval **abv;
- char *s, **v;
+ struct berval **v;
+ char *s;
const char *entry_at_name = entry_at->ad_cname->bv_val;
Debug( LDAP_DEBUG_ARGS,
Debug( LDAP_DEBUG_ACL,
"=> ldbm_back_attribute: cannot find entry: \"%s\"\n",
e_ndn, 0, 0 );
- return( 1 );
+ return LDAP_NO_SUCH_OBJECT;
}
Debug( LDAP_DEBUG_ACL,
e_ndn, 0, 0 );
}
- rc = 1;
-
- /* find attribute values
- */
+ /* find attribute values */
if( is_entry_alias( e ) ) {
Debug( LDAP_DEBUG_ACL,
"<= ldbm_back_attribute: entry is an alias\n", 0, 0, 0 );
+ rc = LDAP_ALIAS_PROBLEM;
goto return_results;
}
if( is_entry_referral( e ) ) {
Debug( LDAP_DEBUG_ACL,
"<= ldbm_back_attribute: entry is an referral\n", 0, 0, 0 );
+ rc = LDAP_REFERRAL;
goto return_results;
}
if (conn != NULL && op != NULL
- && access_allowed(be, conn, op, e, slap_schema.si_ad_entry, NULL, ACL_SEARCH) == 0)
+ && access_allowed(be, conn, op, e, slap_schema.si_ad_entry,
+ NULL, ACL_READ) == 0)
{
+ rc = LDAP_INSUFFICIENT_ACCESS;
goto return_results;
}
Debug( LDAP_DEBUG_ACL,
"<= ldbm_back_attribute: failed to find %s\n",
entry_at_name, 0, 0 );
+ rc = LDAP_NO_SUCH_ATTRIBUTE;
goto return_results;
}
if (conn != NULL && op != NULL
- && access_allowed(be, conn, op, e, entry_at, NULL, ACL_SEARCH) == 0)
+ && access_allowed(be, conn, op, e, entry_at, NULL, ACL_READ) == 0)
{
+ rc = LDAP_INSUFFICIENT_ACCESS;
goto return_results;
}
- for ( i = 0; attr->a_vals[i] != NULL; i++ ) { }
- v = (char **) ch_calloc( (i + 1), sizeof(char *) );
- if (v != NULL) {
- for ( j = 0, abv = attr->a_vals; --i >= 0; abv++ ) {
- if ( (*abv)->bv_len > 0 ) {
- s = ch_malloc( (*abv)->bv_len + 1 );
- if( s == NULL )
- break;
- memcpy(s, (*abv)->bv_val, (*abv)->bv_len);
- s[(*abv)->bv_len] = 0;
- v[j++] = s;
- }
+ for ( i = 0; attr->a_vals[i] != NULL; i++ ) {
+ /* count them */
+ }
+
+ v = (struct berval **) ch_malloc( sizeof(struct berval *) * (i+1) );
+
+ for ( i=0, j=0; attr->a_vals[i] != NULL; i++ ) {
+ if( access_allowed(be, conn, op, e, entry_at,
+ attr->a_vals[i], ACL_READ) == 0)
+ {
+ continue;
}
+ v[j] = ber_bvdup( attr->a_vals[i] );
+
+ if( v[j] != NULL ) j++;
+ }
+
+ if( j == 0 ) {
+ ch_free( v );
+ *vals = NULL;
+ rc = LDAP_INSUFFICIENT_ACCESS;
+ } else {
v[j] = NULL;
*vals = v;
+ rc = LDAP_SUCCESS;
}
- rc = 0;
-
return_results:
if( target != e ) {
/* free entry and reader lock */
cache_return_entry_r( &li->li_cache, e );
}
- Debug( LDAP_DEBUG_TRACE, "ldbm_back_attribute: rc=%d\n", rc, 0, 0 );
+ Debug( LDAP_DEBUG_TRACE,
+ "ldbm_back_attribute: rc=%d nvals=%d\n",
+ rc, j, 0 );
return(rc);
}
/*
* represents a search filter
*/
-
typedef struct slap_filter {
ber_tag_t f_choice; /* values taken from ldap.h, plus: */
#define SLAPD_FILTER_COMPUTED ((ber_tag_t) -1)
/*
* represents an access control list
*/
-
typedef enum slap_access_e {
ACL_INVALID_ACCESS = -1,
ACL_NONE = 0,
} slap_control_t;
typedef enum slap_style_e {
- ACL_STYLE_REGEX,
+ ACL_STYLE_REGEX = 0,
ACL_STYLE_BASE,
ACL_STYLE_ONE,
ACL_STYLE_SUBTREE,
struct slap_conn *c, struct slap_op *o,
Entry *e, const char *edn,
AttributeDescription *entry_at,
- const char ***vals ));
+ struct berval ***vals ));
int (*bi_connection_init) LDAP_P((BackendDB *bd,
struct slap_conn *c));
/*
* represents an operation pending from an ldap client
*/
-
typedef struct slap_op {
ber_int_t o_opid; /* id of this operation */
ber_int_t o_msgid; /* msgid of the request */
/*
* represents a connection from an ldap client
*/
-
typedef struct slap_conn {
int c_struct_state; /* structure management state */
int c_conn_state; /* connection state */
projects / openldap / commitdiff