Really fix subschemasubentry...

diff --git a/servers/slapd/backend.c b/servers/slapd/backend.c
index 3b5b51fe77898d4efd32be601ed969918dfba6cf..c8d30afd066efce744304c112c6d58a149fb9c74 100644 (file)
--- a/servers/slapd/backend.c
+++ b/servers/slapd/backend.c
@@ -13,6 +13,8 @@
 #include "slap.h"
 #include "lutil.h"
 
+#include "ldap_defaults.h"
+
 #ifdef SLAPD_LDAP
 #include "back-ldap/external.h"
 #endif
@@ -595,3 +597,22 @@ backend_group(
        else
                return(1);
 }
+
+#ifdef SLAPD_SCHEMA_DN
+Attribute *backend_subschemasubentry( Backend *be )
+{
+       /* should be backend specific */
+       static struct berval ss_val = {
+               sizeof(SLAPD_SCHEMA_DN)-1,
+               SLAPD_SCHEMA_DN };
+       static struct berval *ss_vals[2] = { &ss_val, NULL };
+       static Attribute ss_attr = {
+               "subschemasubentry",
+               ss_vals,
+               SYNTAX_DN | SYNTAX_CIS,
+               NULL
+       };
+
+       return &ss_attr;
+}
+#endif

diff --git a/servers/slapd/proto-slap.h b/servers/slapd/proto-slap.h
index 1abab8b82a0fd9799fe7271145d5fea757ab7f9f..78d0c8594d6f5c0c87d134570ebca6cce81a63ce 100644 (file)
--- a/servers/slapd/proto-slap.h
+++ b/servers/slapd/proto-slap.h
@@ -99,6 +99,12 @@ extern int   backend_group LDAP_P((Backend *be,
        char *gr_ndn, char *op_ndn,
        char *objectclassValue, char *groupattrName));
 
+#ifdef SLAPD_SCHEMA_DN
+/* temporary extern for temporary routine*/
+extern Attribute *backend_subschemasubentry( Backend * );
+#endif
+
+
 /*
  * ch_malloc.c
  */

diff --git a/servers/slapd/result.c b/servers/slapd/result.c
index 0ca25a0dc0bad9ea441a15af815f38e1f89dc9c3..4f2848e8dee7ef9a2f45f0944869a7c259f41367 100644 (file)
--- a/servers/slapd/result.c
+++ b/servers/slapd/result.c
@@ -504,22 +504,6 @@ send_search_entry(
 
        Debug( LDAP_DEBUG_TRACE, "=> send_search_entry: \"%s\"\n", e->e_dn, 0, 0 );
 
-#if defined( SLAPD_SCHEMA_DN )
-       {
-               /* this could be backend specific */
-               struct berval val;
-               struct berval *vals[2];
-
-               vals[0] = &val;
-               vals[1] = NULL;
-
-               val.bv_val = SLAPD_SCHEMA_DN;
-               val.bv_len = strlen( val.bv_val );
-
-               attr_merge( e, "subschemaSubentry", vals );
-       }
-#endif
-
        if ( ! access_allowed( be, conn, op, e,
                "entry", NULL, ACL_READ ) )
        {
@@ -626,6 +610,82 @@ send_search_entry(
                }
        }
 
+#ifdef SLAPD_SCHEMA_DN
+       a = backend_subschemasubentry( be );
+       
+       do {
+               regmatch_t       matches[MAXREMATCHES];
+
+               if ( attrs == NULL ) {
+                       /* all addrs request, skip operational attributes */
+                       if( !opattrs && oc_check_operational_attr( a->a_type ) ) {
+                               continue;
+                       }
+
+               } else {
+                       /* specific addrs requested */
+                       if ( allattrs ) {
+                               /* user requested all user attributes */
+                               /* if operational, make sure it's in list */
+
+                               if( oc_check_operational_attr( a->a_type )
+                                       && !charray_inlist( attrs, a->a_type ) )
+                               {
+                                       continue;
+                               }
+
+                       } else if ( !charray_inlist( attrs, a->a_type ) ) {
+                               continue;
+                       }
+               }
+
+               acl = acl_get_applicable( be, op, e, a->a_type,
+                       MAXREMATCHES, matches );
+
+               if ( ! acl_access_allowed( acl, be, conn, e,
+                       NULL, op, ACL_READ, edn, matches ) ) 
+               {
+                       continue;
+               }
+
+               if (( rc = ber_printf( ber, "{s[" /*]}*/ , a->a_type )) == -1 ) {
+                       Debug( LDAP_DEBUG_ANY, "ber_printf failed\n", 0, 0, 0 );
+                       ber_free( ber, 1 );
+                       send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR,
+                           NULL, "encoding type error", NULL, NULL );
+                       goto error_return;
+               }
+
+               if ( ! attrsonly ) {
+                       for ( i = 0; a->a_vals[i] != NULL; i++ ) {
+                               if ( a->a_syntax & SYNTAX_DN && 
+                                       ! acl_access_allowed( acl, be, conn, e, a->a_vals[i], op,
+                                               ACL_READ, edn, matches) )
+                               {
+                                       continue;
+                               }
+
+                               if (( rc = ber_printf( ber, "O", a->a_vals[i] )) == -1 ) {
+                                       Debug( LDAP_DEBUG_ANY,
+                                           "ber_printf failed\n", 0, 0, 0 );
+                                       ber_free( ber, 1 );
+                                       send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR,
+                                               NULL, "encoding value error", NULL, NULL );
+                                       goto error_return;
+                               }
+                       }
+               }
+
+               if (( rc = ber_printf( ber, /*{[*/ "]}" )) == -1 ) {
+                       Debug( LDAP_DEBUG_ANY, "ber_printf failed\n", 0, 0, 0 );
+                       ber_free( ber, 1 );
+                       send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR,
+                           NULL, "encode end error", NULL, NULL );
+                       goto error_return;
+               }
+       } while (0);
+#endif
+
        rc = ber_printf( ber, /*{{{*/ "}}}" );
 
        if ( rc == -1 ) {

diff --git a/servers/slapd/schema.c b/servers/slapd/schema.c
index ec67cc3905811be854637179f45500ce08ffe155..ea8ce6aa175f81653bb16358cf4b7b34bf22b6e1 100644 (file)
--- a/servers/slapd/schema.c
+++ b/servers/slapd/schema.c
@@ -14,6 +14,7 @@
 static char *  oc_check_required(Entry *e, char *ocname);
 static int             oc_check_allowed(char *type, struct berval **ocl);
 
+
 /*
  * oc_check - check that entry e conforms to the schema required by
  * its object class(es). returns 0 if so, non-zero otherwise.
@@ -1213,4 +1214,4 @@ int is_entry_objectclass(
        }
 
        return 1;
-}
\ No newline at end of file
+}