606
606
Slapi_Entry **entries = NULL;
609
if (deref_check_access(pb, NULL, derefdn, attrs, &retattrs,
610
(SLAPI_ACL_SEARCH|SLAPI_ACL_READ))) {
611
slapi_log_error(SLAPI_LOG_PLUGIN, DEREF_PLUGIN_SUBSYSTEM,
612
"The client does not have permission to read the requested "
613
"attributes in entry %s\n", derefdn);
609
/* If the access check on the attributes is done without retrieveing the entry
610
* it cannot handle acis which need teh entry, eg to apply a targetfilter rule
611
* So the determination of attrs which can be dereferenced is delayed
617
613
derefpb = slapi_pblock_new();
618
614
slapi_search_internal_set_pb(derefpb, derefdn, LDAP_SCOPE_BASE,
619
615
"(objectclass=*)", retattrs, 0,
634
630
int needattrvals = 1; /* need attrvals sequence? */
635
for (ii = 0; retattrs[ii]; ++ii) {
638
Slapi_ValueSet* results = NULL;
639
int type_name_disposition = 0;
640
char* actual_type_name = NULL;
642
int buffer_flags = 0;
643
int needpartialattr = 1; /* need PartialAttribute sequence? */
631
if (deref_check_access(pb, entries[0], derefdn, attrs, &retattrs,
632
(SLAPI_ACL_SEARCH|SLAPI_ACL_READ))) {
633
slapi_log_error(SLAPI_LOG_PLUGIN, DEREF_PLUGIN_SUBSYSTEM,
634
"The client does not have permission to read the requested "
635
"attributes in entry %s\n", derefdn);
637
for (ii = 0; retattrs[ii]; ++ii) {
640
Slapi_ValueSet* results = NULL;
641
int type_name_disposition = 0;
642
char* actual_type_name = NULL;
644
int buffer_flags = 0;
645
int needpartialattr = 1; /* need PartialAttribute sequence? */
646
648
#if defined(USE_OLD_UNHASHED)
647
if (is_type_forbidden(retattrs[ii])) {
648
slapi_log_error(SLAPI_LOG_PLUGIN, DEREF_PLUGIN_SUBSYSTEM,
649
"skip forbidden attribute [%s]\n", derefdn);
649
if (is_type_forbidden(retattrs[ii])) {
650
slapi_log_error(SLAPI_LOG_PLUGIN, DEREF_PLUGIN_SUBSYSTEM,
651
"skip forbidden attribute [%s]\n", derefdn);
653
deref_get_values(entries[0], retattrs[ii], &results, &type_name_disposition,
654
&actual_type_name, flags, &buffer_flags);
655
deref_get_values(entries[0], retattrs[ii], &results, &type_name_disposition,
656
&actual_type_name, flags, &buffer_flags);
657
idx = slapi_valueset_first_value(results, &sv);
659
for (; results && sv; idx = slapi_valueset_next_value(results, idx, &sv)) {
660
const struct berval *bv = slapi_value_get_berval(sv);
662
/* we have at least one attribute with values in
664
/* attrVals is OPTIONAL - only added if there are
665
any values to send */
666
ber_printf(ctrlber, "t{", (LBER_CLASS_CONTEXT|LBER_CONSTRUCTED));
669
if (needpartialattr) {
670
/* This attribute in attrVals has values */
671
ber_printf(ctrlber, "{s", retattrs[ii]);
675
/* begin the vals SET of values for this attribute */
676
ber_printf(ctrlber, "[");
679
ber_printf(ctrlber, "O", bv);
680
} /* for each value in retattrs[ii] */
681
deref_values_free(&results, &actual_type_name, buffer_flags);
682
if (needvalsset == 0) {
683
ber_printf(ctrlber, "]");
685
if (needpartialattr == 0) {
659
idx = slapi_valueset_first_value(results, &sv);
661
for (; results && sv; idx = slapi_valueset_next_value(results, idx, &sv)) {
662
const struct berval *bv = slapi_value_get_berval(sv);
664
/* we have at least one attribute with values in
666
/* attrVals is OPTIONAL - only added if there are
667
any values to send */
668
ber_printf(ctrlber, "t{", (LBER_CLASS_CONTEXT|LBER_CONSTRUCTED));
671
if (needpartialattr) {
672
/* This attribute in attrVals has values */
673
ber_printf(ctrlber, "{s", retattrs[ii]);
677
/* begin the vals SET of values for this attribute */
678
ber_printf(ctrlber, "[");
681
ber_printf(ctrlber, "O", bv);
682
} /* for each value in retattrs[ii] */
683
deref_values_free(&results, &actual_type_name, buffer_flags);
684
if (needvalsset == 0) {
685
ber_printf(ctrlber, "]");
687
if (needpartialattr == 0) {
688
ber_printf(ctrlber, "}");
690
} /* for each attr in retattrs */
691
if (needattrvals == 0) {
686
692
ber_printf(ctrlber, "}");
688
} /* for each attr in retattrs */
689
if (needattrvals == 0) {
690
ber_printf(ctrlber, "}");
693
696
} else { /* nothing */
added
removed
ldap/servers/plugins/deref/deref.c
