自学教程：C++ BER_BVISNULL函数代码示例

static intnssov_db_open(	BackendDB *be,	ConfigReply *cr ){	slap_overinst *on = (slap_overinst *)be->bd_info;	nssov_info *ni = on->on_bi.bi_private;	nssov_mapinfo *mi;	int i, sock;	struct sockaddr_un addr;	/* Set default bases */	for (i=0; i<NM_NONE; i++) {		if ( BER_BVISNULL( &ni->ni_maps[i].mi_base )) {			ber_dupbv( &ni->ni_maps[i].mi_base, &be->be_nsuffix[0] );		}		if ( ni->ni_maps[i].mi_scope == LDAP_SCOPE_DEFAULT )			ni->ni_maps[i].mi_scope = LDAP_SCOPE_SUBTREE;	}	/* validate attribute maps */	mi = ni->ni_maps;	for ( i=0; i<NM_NONE; i++,mi++) {		const char *text;		int j;		for (j=0; !BER_BVISNULL(&mi->mi_attrkeys[j]); j++) {			/* skip attrs we already validated */			if ( mi->mi_attrs[j].an_desc ) continue;			if ( slap_bv2ad( &mi->mi_attrs[j].an_name,				&mi->mi_attrs[j].an_desc, &text )) {				Debug(LDAP_DEBUG_ANY,"nssov: invalid attr /"%s/": %s/n",					mi->mi_attrs[j].an_name.bv_val, text, 0 );				return -1;			}		}		BER_BVZERO(&mi->mi_attrs[j].an_name);		mi->mi_attrs[j].an_desc = NULL;	}	/* Find host and authorizedService definitions */	if ((ni->ni_pam_opts & NI_PAM_USERHOST) && !nssov_pam_host_ad)	{		const char *text;		i = slap_str2ad("host", &nssov_pam_host_ad, &text);		if (i != LDAP_SUCCESS) {			Debug(LDAP_DEBUG_ANY,"nssov: host attr unknown: %s/n",				text, 0, 0 );			return -1;		}	}	if ((ni->ni_pam_opts & (NI_PAM_USERSVC|NI_PAM_HOSTSVC)) &&		!nssov_pam_svc_ad)	{		const char *text;		i = slap_str2ad("authorizedService", &nssov_pam_svc_ad, &text);		if (i != LDAP_SUCCESS) {			Debug(LDAP_DEBUG_ANY,"nssov: authorizedService attr unknown: %s/n",				text, 0, 0 );			return -1;		}	}	if ( slapMode & SLAP_SERVER_MODE ) {		/* make sure /var/run/nslcd exists */		if (mkdir(NSLCD_PATH, (mode_t) 0555)) {			Debug(LDAP_DEBUG_TRACE,"nssov: mkdir(%s) failed (ignored): %s/n",					NSLCD_PATH,strerror(errno),0);		} else {			Debug(LDAP_DEBUG_TRACE,"nssov: created %s/n",NSLCD_PATH,0,0);		}		/* create a socket */		if ( (sock=socket(PF_UNIX,SOCK_STREAM,0))<0 )		{			Debug(LDAP_DEBUG_ANY,"nssov: cannot create socket: %s/n",strerror(errno),0,0);			return -1;		}		/* remove existing named socket */		if (unlink(NSLCD_SOCKET)<0)		{			Debug( LDAP_DEBUG_TRACE,"nssov: unlink() of "NSLCD_SOCKET" failed (ignored): %s/n",							strerror(errno),0,0);		}		/* create socket address structure */		memset(&addr,0,sizeof(struct sockaddr_un));		addr.sun_family=AF_UNIX;		strncpy(addr.sun_path,NSLCD_SOCKET,sizeof(addr.sun_path));		addr.sun_path[sizeof(addr.sun_path)-1]='/0';		/* bind to the named socket */		if (bind(sock,(struct sockaddr *)&addr,sizeof(struct sockaddr_un)))		{			Debug( LDAP_DEBUG_ANY,"nssov: bind() to "NSLCD_SOCKET" failed: %s",							strerror(errno),0,0);			if (close(sock))				Debug( LDAP_DEBUG_ANY,"nssov: problem closing socket: %s",strerror(errno),0,0);			return -1;		}		/* close the file descriptor on exit */		if (fcntl(sock,F_SETFD,FD_CLOEXEC)<0)		{			Debug( LDAP_DEBUG_ANY,"nssov: fcntl(F_SETFL,O_NONBLOCK) failed: %s",strerror(errno),0,0);//.........这里部分代码省略.........

intldap_back_search(		Operation	*op,		SlapReply	*rs ){	ldapinfo_t	*li = (ldapinfo_t *) op->o_bd->be_private;	ldapconn_t	*lc = NULL;	struct timeval	tv;	time_t		stoptime = (time_t)(-1);	LDAPMessage	*res,			*e;	int		rc = 0,			msgid; 	struct berval	match = BER_BVNULL,			filter = BER_BVNULL;	int		i, x;	char		**attrs = NULL;	int		freetext = 0, filter_undef = 0;	int		do_retry = 1, dont_retry = 0;	LDAPControl	**ctrls = NULL;	char		**references = NULL;	rs_assert_ready( rs );	rs->sr_flags &= ~REP_ENTRY_MASK; /* paranoia, we can set rs = non-entry */	if ( !ldap_back_dobind( &lc, op, rs, LDAP_BACK_SENDERR ) ) {		return rs->sr_err;	}	/*	 * FIXME: in case of values return filter, we might want	 * to map attrs and maybe rewrite value	 */	if ( op->ors_tlimit != SLAP_NO_LIMIT ) {		tv.tv_sec = op->ors_tlimit;		tv.tv_usec = 0;		stoptime = op->o_time + op->ors_tlimit;	} else {		LDAP_BACK_TV_SET( &tv );	}	i = 0;	if ( op->ors_attrs ) {		for ( ; !BER_BVISNULL( &op->ors_attrs[i].an_name ); i++ )			/* just count attrs */ ;	}	x = 0;	if ( op->o_bd->be_extra_anlist ) {		for ( ; !BER_BVISNULL( &op->o_bd->be_extra_anlist[x].an_name ); x++ )			/* just count attrs */ ;	}	if ( i > 0 || x > 0 ) {		int j = 0;		attrs = op->o_tmpalloc( ( i + x + 1 )*sizeof( char * ),			op->o_tmpmemctx );		if ( attrs == NULL ) {			rs->sr_err = LDAP_NO_MEMORY;			rc = -1;			goto finish;		}		if ( i > 0 ) {				for ( i = 0; !BER_BVISNULL( &op->ors_attrs[i].an_name ); i++, j++ ) {				attrs[ j ] = op->ors_attrs[i].an_name.bv_val;			}		}		if ( x > 0 ) {			for ( x = 0; !BER_BVISNULL( &op->o_bd->be_extra_anlist[x].an_name ); x++, j++ ) {				if ( op->o_bd->be_extra_anlist[x].an_desc &&					ad_inlist( op->o_bd->be_extra_anlist[x].an_desc, op->ors_attrs ) )				{					continue;				}				attrs[ j ] = op->o_bd->be_extra_anlist[x].an_name.bv_val;			}		}		attrs[ j ] = NULL;	}	ctrls = op->o_ctrls;	rc = ldap_back_controls_add( op, rs, lc, &ctrls );	if ( rc != LDAP_SUCCESS ) {		goto finish;	}	/* deal with <draft-zeilenga-ldap-t-f> filters */	filter = op->ors_filterstr;retry:	/* this goes after retry because ldap_back_munge_filter()	 * optionally replaces RFC 4526 T-F filters (&) (|)	 * if already computed, they will be re-installed//.........这里部分代码省略.........

//.........这里部分代码省略.........		freeval[i] = freev;		if ( err ) {			Debug( LDAP_DEBUG_TRACE,				"<= str2entry NULL (parse_line)/n" );			*rc = LDAP_OTHER;			continue;		}		if ( bvcasematch( &type[i], &dn_bv ) ) {			if ( e->e_dn != NULL ) {				Debug( LDAP_DEBUG_ANY, "str2entry: "					"entry %ld has multiple DNs /"%s/" and /"%s/"/n",					(long) e->e_id, e->e_dn, vals[i].bv_val );				*rc = LDAP_INVALID_SYNTAX;				goto fail;			}			*rc = dnPrettyNormal( NULL, &vals[i], &e->e_name, &e->e_nname, NULL );			if( *rc != LDAP_SUCCESS ) {				Debug( LDAP_DEBUG_ANY, "str2entry: "					"entry %ld has invalid DN /"%s/"/n",					(long) e->e_id, vals[i].bv_val );				goto fail;			}			if ( freeval[i] ) free( vals[i].bv_val );			vals[i].bv_val = NULL;			i--;			continue;		}	}	lines = i+1;	/* check to make sure there was a dn: line */	if ( BER_BVISNULL( &e->e_name )) {		Debug( LDAP_DEBUG_ANY, "str2entry: entry %ld has no dn/n",			(long) e->e_id );		*rc = LDAP_INVALID_SYNTAX;		goto fail;	}	/* Make sure all attributes with multiple values are contiguous */	if ( checkvals ) {		int j, k;		struct berval bv;		int fv;		for (i=0; i<lines; i++) {			for ( j=i+1; j<lines; j++ ) {				if ( bvcasematch( type+i, type+j )) {					/* out of order, move intervening attributes down */					if ( j != i+1 ) {						bv = vals[j];						fv = freeval[j];						for ( k=j; k>i; k-- ) {							type[k] = type[k-1];							vals[k] = vals[k-1];							freeval[k] = freeval[k-1];						}						k++;						type[k] = type[i];						vals[k] = bv;						freeval[k] = fv;					}					i++;				}			}

intload_extop2(	const struct berval *ext_oid,	slap_mask_t ext_flags,	SLAP_EXTOP_MAIN_FN *ext_main,	unsigned flags ){	struct berval		oidm = BER_BVNULL;	struct extop_list	*ext;	int			insertme = 0;	if ( !ext_main ) {		return -1; 	}	if ( ext_oid == NULL || BER_BVISNULL( ext_oid ) ||		BER_BVISEMPTY( ext_oid ) )	{		return -1; 	}	if ( numericoidValidate( NULL, (struct berval *)ext_oid ) !=		LDAP_SUCCESS )	{		oidm.bv_val = oidm_find( ext_oid->bv_val );		if ( oidm.bv_val == NULL ) {			return -1;		}		oidm.bv_len = strlen( oidm.bv_val );		ext_oid = &oidm;	}	for ( ext = supp_ext_list; ext; ext = ext->next ) {		if ( bvmatch( ext_oid, &ext->oid ) ) {			if ( flags == 1 ) {				break;			}			return -1;		}	}	if ( flags == 0 || ext == NULL ) {		ext = ch_calloc( 1, sizeof(struct extop_list) + ext_oid->bv_len + 1 );		if ( ext == NULL ) {			return(-1);		}		ext->oid.bv_val = (char *)(ext + 1);		AC_MEMCPY( ext->oid.bv_val, ext_oid->bv_val, ext_oid->bv_len );		ext->oid.bv_len = ext_oid->bv_len;		ext->oid.bv_val[ext->oid.bv_len] = '/0';		insertme = 1;	}	ext->flags = ext_flags;	ext->ext_main = ext_main;	if ( insertme ) {		ext->next = supp_ext_list;		supp_ext_list = ext;	}	return(0);}

//.........这里部分代码省略.........			}			/* Get Entry with dn=newSuperior. Does newSuperior exist? */			e2.e_name = *np_dn;			e2.e_nname = *np_ndn;			rs->sr_err = ndb_entry_get_info( op, &NA2, 1, NULL );			switch( rs->sr_err ) {			case 0:				break;			case LDAP_NO_SUCH_OBJECT:				Debug( LDAP_DEBUG_TRACE,					LDAP_XSTRING(ndb_back_modrdn)					": newSup(ndn=%s) not here!/n",					np_ndn->bv_val, 0, 0);				rs->sr_text = "new superior not found";				goto return_results;#if 0			case DB_LOCK_DEADLOCK:			case DB_LOCK_NOTGRANTED:				goto retry;#endif			case LDAP_BUSY:				rs->sr_text = "ldap server busy";				goto return_results;			default:				rs->sr_err = LDAP_OTHER;				rs->sr_text = "internal error";				goto return_results;			}			if ( NA2.ocs ) {				Attribute a;				int i;				for ( i=0; !BER_BVISNULL( &NA2.ocs[i] ); i++);				a.a_numvals = i;				a.a_desc = slap_schema.si_ad_objectClass;				a.a_vals = NA2.ocs;				a.a_nvals = NA2.ocs;				a.a_next = NULL;				e2.e_attrs = &a;				if ( is_entry_alias( &e2 )) {					/* parent is an alias, don't allow move */					Debug( LDAP_DEBUG_TRACE,						LDAP_XSTRING(ndb_back_modrdn)						": entry is alias/n",						0, 0, 0 );					rs->sr_text = "new superior is an alias";					rs->sr_err = LDAP_ALIAS_PROBLEM;					goto return_results;				}				if ( is_entry_referral( &e2 ) ) {					/* parent is a referral, don't allow move */					Debug( LDAP_DEBUG_TRACE,						LDAP_XSTRING(ndb_back_modrdn)						": entry is referral/n",						0, 0, 0 );					rs->sr_text = "new superior is a referral";					rs->sr_err = LDAP_OTHER;					goto return_results;				}			}		}		/* check newSuperior for "children" acl */

//.........这里部分代码省略.........			 * attribute values must be INTEGER or REAL			 */			snprintf( textbuf, textlen,				"%s: attribute syntax inappropriate for increment",				ml->sml_type.bv_val );			*text = textbuf;			return LDAP_CONSTRAINT_VIOLATION;		}		/*		 * check values		 */		if( ml->sml_values != NULL ) {			ber_len_t nvals;			slap_syntax_validate_func *validate =				ad->ad_type->sat_syntax->ssyn_validate;			slap_syntax_transform_func *pretty =				ad->ad_type->sat_syntax->ssyn_pretty; 			if( !pretty && !validate ) {				*text = "no validator for syntax";				snprintf( textbuf, textlen,					"%s: no validator for syntax %s",					ml->sml_type.bv_val,					ad->ad_type->sat_syntax->ssyn_oid );				*text = textbuf;				return LDAP_INVALID_SYNTAX;			}			/*			 * check that each value is valid per syntax			 *	and pretty if appropriate			 */			for ( nvals = 0; !BER_BVISNULL( &ml->sml_values[nvals] ); nvals++ ) {				struct berval pval;				if ( pretty ) {					rc = ordered_value_pretty( ad,						&ml->sml_values[nvals], &pval, ctx );				} else {					rc = ordered_value_validate( ad,						&ml->sml_values[nvals], ml->sml_op );				}				if( rc != 0 ) {					snprintf( textbuf, textlen,						"%s: value #%ld invalid per syntax",						ml->sml_type.bv_val, (long) nvals );					*text = textbuf;					return LDAP_INVALID_SYNTAX;				}				if( pretty ) {					ber_memfree_x( ml->sml_values[nvals].bv_val, ctx );					ml->sml_values[nvals] = pval;				}			}			ml->sml_values[nvals].bv_len = 0;			ml->sml_numvals = nvals;			/*			 * a rough single value check... an additional check is needed			 * to catch add of single value to existing single valued attribute			 */			if ((ml->sml_op == LDAP_MOD_ADD || ml->sml_op == LDAP_MOD_REPLACE)				&& nvals > 1 && is_at_single_value( ad->ad_type ))

//.........这里部分代码省略.........	filter2bv_x( op, op->ors_filter, &op->ors_filterstr );		Debug( LDAP_DEBUG_ARGS, "    filter: %s/n",		!BER_BVISEMPTY( &op->ors_filterstr ) ? op->ors_filterstr.bv_val : "empty", 0, 0 );	/* attributes */	siz = sizeof(AttributeName);	off = offsetof(AttributeName,an_name);	if ( ber_scanf( op->o_ber, "{M}}", &op->ors_attrs, &siz, off ) == LBER_ERROR ) {		send_ldap_discon( op, rs, LDAP_PROTOCOL_ERROR, "decoding attrs error" );		rs->sr_err = SLAPD_DISCONNECT;		goto return_results;	}	for ( i=0; i<siz; i++ ) {		const char *dummy;	/* ignore msgs from bv2ad */		op->ors_attrs[i].an_desc = NULL;		op->ors_attrs[i].an_oc = NULL;		op->ors_attrs[i].an_flags = 0;		if ( slap_bv2ad( &op->ors_attrs[i].an_name,			&op->ors_attrs[i].an_desc, &dummy ) != LDAP_SUCCESS )		{			slap_bv2undef_ad( &op->ors_attrs[i].an_name,				&op->ors_attrs[i].an_desc, &dummy,				SLAP_AD_PROXIED|SLAP_AD_NOINSERT );		};	}	if( get_ctrls( op, rs, 1 ) != LDAP_SUCCESS ) {		Debug( LDAP_DEBUG_ANY, "%s do_search: get_ctrls failed/n",			op->o_log_prefix, 0, 0 );		goto return_results;	}	Debug( LDAP_DEBUG_ARGS, "    attrs:", 0, 0, 0 );	if ( siz != 0 ) {		for ( i = 0; i<siz; i++ ) {			Debug( LDAP_DEBUG_ARGS, " %s", op->ors_attrs[i].an_name.bv_val, 0, 0 );		}	}	Debug( LDAP_DEBUG_ARGS, "/n", 0, 0, 0 );	if ( StatslogTest( LDAP_DEBUG_STATS ) ) {		char abuf[BUFSIZ/2], *ptr = abuf;		unsigned len = 0, alen;		sprintf(abuf, "scope=%d deref=%d", op->ors_scope, op->ors_deref);		Statslog( LDAP_DEBUG_STATS,		        "%s SRCH base=/"%s/" %s filter=/"%s/"/n",		        op->o_log_prefix, op->o_req_dn.bv_val, abuf,		        op->ors_filterstr.bv_val, 0 );		for ( i = 0; i<siz; i++ ) {			alen = op->ors_attrs[i].an_name.bv_len;			if (alen >= sizeof(abuf)) {				alen = sizeof(abuf)-1;			}			if (len && (len + 1 + alen >= sizeof(abuf))) {				Statslog( LDAP_DEBUG_STATS, "%s SRCH attr=%s/n",				    op->o_log_prefix, abuf, 0, 0, 0 );				len = 0;				ptr = abuf;			}			if (len) {				*ptr++ = ' ';				len++;			}			ptr = lutil_strncopy(ptr, op->ors_attrs[i].an_name.bv_val, alen);			len += alen;			*ptr = '/0';		}		if (len) {			Statslog( LDAP_DEBUG_STATS, "%s SRCH attr=%s/n",	    			op->o_log_prefix, abuf, 0, 0, 0 );		}	}	op->o_bd = frontendDB;	rs->sr_err = frontendDB->be_search( op, rs );return_results:;	if ( !BER_BVISNULL( &op->o_req_dn ) ) {		slap_sl_free( op->o_req_dn.bv_val, op->o_tmpmemctx );	}	if ( !BER_BVISNULL( &op->o_req_ndn ) ) {		slap_sl_free( op->o_req_ndn.bv_val, op->o_tmpmemctx );	}	if ( !BER_BVISNULL( &op->ors_filterstr ) ) {		op->o_tmpfree( op->ors_filterstr.bv_val, op->o_tmpmemctx );	}	if ( op->ors_filter != NULL) {		filter_free_x( op, op->ors_filter, 1 );	}	if ( op->ors_attrs != NULL ) {		op->o_tmpfree( op->ors_attrs, op->o_tmpmemctx );	}	return rs->sr_err;}

static int vlv_parseCtrl(	Operation		*op,	SlapReply		*rs,	LDAPControl		*ctrl ){	BerElementBuffer	berbuf;	BerElement			*ber;	ber_tag_t		tag;	ber_len_t		len;	vlv_ctrl	*vc, vc2;	rs->sr_err = LDAP_PROTOCOL_ERROR;	rs->sr_text = NULL;	if ( op->o_ctrlflag[vlv_cid] > SLAP_CONTROL_IGNORED ) {		rs->sr_text = "vlv control specified multiple times";	} else if ( BER_BVISNULL( &ctrl->ldctl_value ) ) {		rs->sr_text = "vlv control value is absent";	} else if ( BER_BVISEMPTY( &ctrl->ldctl_value ) ) {		rs->sr_text = "vlv control value is empty";	}	if ( rs->sr_text != NULL )		return rs->sr_err;	op->o_ctrlflag[vlv_cid] = ctrl->ldctl_iscritical ?		SLAP_CONTROL_CRITICAL : SLAP_CONTROL_NONCRITICAL;	ber = (BerElement *)&berbuf;	ber_init2( ber, &ctrl->ldctl_value, 0 );	rs->sr_err = LDAP_PROTOCOL_ERROR;	tag = ber_scanf( ber, "{ii", &vc2.vc_before, &vc2.vc_after );	if ( tag == LBER_ERROR ) {		return rs->sr_err;	}	tag = ber_peek_tag( ber, &len );	if ( tag == LDAP_VLVBYINDEX_IDENTIFIER ) {		tag = ber_scanf( ber, "{ii}", &vc2.vc_offset, &vc2.vc_count );		if ( tag == LBER_ERROR )			return rs->sr_err;		BER_BVZERO( &vc2.vc_value );	} else if ( tag == LDAP_VLVBYVALUE_IDENTIFIER ) {		tag = ber_scanf( ber, "m", &vc2.vc_value );		if ( tag == LBER_ERROR || BER_BVISNULL( &vc2.vc_value ))			return rs->sr_err;	} else {		return rs->sr_err;	}	tag = ber_peek_tag( ber, &len );	if ( tag == LDAP_VLVCONTEXT_IDENTIFIER ) {		struct berval bv;		tag = ber_scanf( ber, "m", &bv );		if ( tag == LBER_ERROR || bv.bv_len != sizeof(vc2.vc_context))			return rs->sr_err;		memcpy( &vc2.vc_context, bv.bv_val, bv.bv_len );	} else {		vc2.vc_context = 0;	}	vc = op->o_tmpalloc( sizeof(vlv_ctrl), op->o_tmpmemctx );	*vc = vc2;	op->o_controls[vlv_cid] = vc;	rs->sr_err = LDAP_SUCCESS;	return rs->sr_err;}

static void send_list(	Operation		*op,	SlapReply		*rs,	sort_op			*so){	Avlnode	*cur_node, *tmp_node;	vlv_ctrl *vc = op->o_controls[vlv_cid];	int i, j, dir, rc;	BackendDB *be;	Entry *e;	LDAPControl *ctrls[2];	rs->sr_attrs = op->ors_attrs;	/* FIXME: it may be better to just flatten the tree into	 * an array before doing all of this...	 */	/* Are we just counting an offset? */	if ( BER_BVISNULL( &vc->vc_value )) {		if ( vc->vc_offset == vc->vc_count ) {			/* wants the last entry in the list */			cur_node = tavl_end(so->so_tree, TAVL_DIR_RIGHT);			so->so_vlv_target = so->so_nentries;		} else if ( vc->vc_offset == 1 ) {			/* wants the first entry in the list */			cur_node = tavl_end(so->so_tree, TAVL_DIR_LEFT);			so->so_vlv_target = 1;		} else {			int target;			/* Just iterate to the right spot */			if ( vc->vc_count && vc->vc_count != so->so_nentries ) {				if ( vc->vc_offset > vc->vc_count )					goto range_err;				target = so->so_nentries * vc->vc_offset / vc->vc_count;			} else {				if ( vc->vc_offset > so->so_nentries ) {range_err:					so->so_vlv_rc = LDAP_VLV_RANGE_ERROR;					pack_vlv_response_control( op, rs, so, ctrls );					ctrls[1] = NULL;					slap_add_ctrls( op, rs, ctrls );					rs->sr_err = LDAP_VLV_ERROR;					return;				}				target = vc->vc_offset;			}			so->so_vlv_target = target;			/* Start at left and go right, or start at right and go left? */			if ( target < so->so_nentries / 2 ) {				cur_node = tavl_end(so->so_tree, TAVL_DIR_LEFT);				dir = TAVL_DIR_RIGHT;			} else {				cur_node = tavl_end(so->so_tree, TAVL_DIR_RIGHT);				dir = TAVL_DIR_LEFT;				target = so->so_nentries - target + 1;			}			for ( i=1; i<target; i++ )				cur_node = tavl_next( cur_node, dir );		}	} else {	/* we're looking for a specific value */		sort_ctrl *sc = so->so_ctrl;		MatchingRule *mr = sc->sc_keys[0].sk_ordering;		sort_node *sn;		struct berval bv;		if ( mr->smr_normalize ) {			rc = mr->smr_normalize( SLAP_MR_VALUE_OF_SYNTAX,				mr->smr_syntax, mr, &vc->vc_value, &bv, op->o_tmpmemctx );			if ( rc ) {				so->so_vlv_rc = LDAP_INAPPROPRIATE_MATCHING;				pack_vlv_response_control( op, rs, so, ctrls );				ctrls[1] = NULL;				slap_add_ctrls( op, rs, ctrls );				rs->sr_err = LDAP_VLV_ERROR;				return;			}		} else {			bv = vc->vc_value;		}		sn = op->o_tmpalloc( sizeof(sort_node) +			sc->sc_nkeys * sizeof(struct berval), op->o_tmpmemctx );		sn->sn_vals = (struct berval *)(sn+1);		sn->sn_conn = op->o_conn->c_conn_idx;		sn->sn_session = find_session_by_so( so->so_info->svi_max_percon, op->o_conn->c_conn_idx, so );		sn->sn_vals[0] = bv;		for (i=1; i<sc->sc_nkeys; i++) {			BER_BVZERO( &sn->sn_vals[i] );		}		cur_node = tavl_find3( so->so_tree, sn, node_cmp, &j );		/* didn't find >= match */		if ( j > 0 ) {			if ( cur_node )				cur_node = tavl_next( cur_node, TAVL_DIR_RIGHT );		}		op->o_tmpfree( sn, op->o_tmpmemctx );		if ( !cur_node ) {//.........这里部分代码省略.........

intbacksql_id2entry( backsql_srch_info *bsi, backsql_entryID *eid ){	Operation		*op = bsi->bsi_op;	backsql_info		*bi = (backsql_info *)op->o_bd->be_private;	int			i;	int			rc;	Debug( LDAP_DEBUG_TRACE, "==>backsql_id2entry()/n", 0, 0, 0 );	assert( bsi->bsi_e != NULL );	memset( bsi->bsi_e, 0, sizeof( Entry ) );	if ( bi->sql_baseObject && BACKSQL_IS_BASEOBJECT_ID( &eid->eid_id ) ) {		(void)entry_dup2( bsi->bsi_e, bi->sql_baseObject );		goto done;	}	bsi->bsi_e->e_attrs = NULL;	bsi->bsi_e->e_private = NULL;	if ( eid->eid_oc == NULL ) {		eid->eid_oc = backsql_id2oc( bsi->bsi_op->o_bd->be_private,			eid->eid_oc_id );		if ( eid->eid_oc == NULL ) {			Debug( LDAP_DEBUG_TRACE,				"backsql_id2entry(): unable to fetch objectClass with id=" BACKSQL_IDNUMFMT " for entry id=" BACKSQL_IDFMT " dn=/"%s/"/n",				eid->eid_oc_id, BACKSQL_IDARG(eid->eid_id),				eid->eid_dn.bv_val );			return LDAP_OTHER;		}	}	bsi->bsi_oc = eid->eid_oc;	bsi->bsi_c_eid = eid;	ber_dupbv_x( &bsi->bsi_e->e_name, &eid->eid_dn, op->o_tmpmemctx );	ber_dupbv_x( &bsi->bsi_e->e_nname, &eid->eid_ndn, op->o_tmpmemctx );#ifndef BACKSQL_ARBITRARY_KEY		/* FIXME: unused */	bsi->bsi_e->e_id = eid->eid_id;#endif /* ! BACKSQL_ARBITRARY_KEY */ 	rc = attr_merge_normalize_one( bsi->bsi_e,			slap_schema.si_ad_objectClass,			&bsi->bsi_oc->bom_oc->soc_cname,			bsi->bsi_op->o_tmpmemctx );	if ( rc != LDAP_SUCCESS ) {		backsql_entry_clean( op, bsi->bsi_e );		return rc;	}	if ( bsi->bsi_attrs == NULL || ( bsi->bsi_flags & BSQL_SF_ALL_USER ) )	{		Debug( LDAP_DEBUG_TRACE, "backsql_id2entry(): "			"retrieving all attributes/n", 0, 0, 0 );		avl_apply( bsi->bsi_oc->bom_attrs, backsql_get_attr_vals,				bsi, 0, AVL_INORDER );	} else {		Debug( LDAP_DEBUG_TRACE, "backsql_id2entry(): "			"custom attribute list/n", 0, 0, 0 );		for ( i = 0; !BER_BVISNULL( &bsi->bsi_attrs[ i ].an_name ); i++ ) {			backsql_at_map_rec	**vat;			AttributeName		*an = &bsi->bsi_attrs[ i ];			int			j;			/* if one of the attributes listed here is			 * a subtype of another, it must be ignored,			 * because subtypes are already dealt with			 * by backsql_supad2at()			 */			for ( j = 0; !BER_BVISNULL( &bsi->bsi_attrs[ j ].an_name ); j++ ) {				/* skip self */				if ( j == i ) {					continue;				}				/* skip subtypes */				if ( is_at_subtype( an->an_desc->ad_type,							bsi->bsi_attrs[ j ].an_desc->ad_type ) )				{					goto next;				}			}			rc = backsql_supad2at( bsi->bsi_oc, an->an_desc, &vat );			if ( rc != 0 || vat == NULL ) {				Debug( LDAP_DEBUG_TRACE, "backsql_id2entry(): "						"attribute /"%s/" is not defined "						"for objectlass /"%s/"/n",						an->an_name.bv_val, 						BACKSQL_OC_NAME( bsi->bsi_oc ), 0 );				continue;			}			for ( j = 0; vat[j]; j++ ) {    				backsql_get_attr_vals( vat[j], bsi );			}//.........这里部分代码省略.........

intldap_back_modify(		Operation	*op,		SlapReply	*rs ){	ldapinfo_t		*li = (ldapinfo_t *)op->o_bd->be_private;	ldapconn_t		*lc = NULL;	LDAPMod			**modv = NULL,				*mods = NULL;	Modifications		*ml;	int			i, j, rc;	ber_int_t		msgid;	int			isupdate;	ldap_back_send_t	retrying = LDAP_BACK_RETRYING;	LDAPControl		**ctrls = NULL;	if ( !ldap_back_dobind( &lc, op, rs, LDAP_BACK_SENDERR ) ) {		return rs->sr_err;	}	for ( i = 0, ml = op->orm_modlist; ml; i++, ml = ml->sml_next )		/* just count mods */ ;	modv = (LDAPMod **)ch_malloc( ( i + 1 )*sizeof( LDAPMod * )			+ i*sizeof( LDAPMod ) );	if ( modv == NULL ) {		rc = LDAP_NO_MEMORY;		goto cleanup;	}	mods = (LDAPMod *)&modv[ i + 1 ];	isupdate = be_shadow_update( op );	for ( i = 0, ml = op->orm_modlist; ml; ml = ml->sml_next ) {		if ( !isupdate && !get_relax( op ) && ml->sml_desc->ad_type->sat_no_user_mod  )		{			continue;		}		modv[ i ] = &mods[ i ];		mods[ i ].mod_op = ( ml->sml_op | LDAP_MOD_BVALUES );		mods[ i ].mod_type = ml->sml_desc->ad_cname.bv_val;		if ( ml->sml_values != NULL ) {			if ( ml->sml_values == NULL ) {					continue;			}			for ( j = 0; !BER_BVISNULL( &ml->sml_values[ j ] ); j++ )				/* just count mods */ ;			mods[ i ].mod_bvalues =				(struct berval **)ch_malloc( ( j + 1 )*sizeof( struct berval * ) );			for ( j = 0; !BER_BVISNULL( &ml->sml_values[ j ] ); j++ )			{				mods[ i ].mod_bvalues[ j ] = &ml->sml_values[ j ];			}			mods[ i ].mod_bvalues[ j ] = NULL;		} else {			mods[ i ].mod_bvalues = NULL;		}		i++;	}	modv[ i ] = 0;retry:;	ctrls = op->o_ctrls;	rc = ldap_back_controls_add( op, rs, lc, &ctrls );	if ( rc != LDAP_SUCCESS ) {		send_ldap_result( op, rs );		rc = -1;		goto cleanup;	}	rs->sr_err = ldap_modify_ext( lc->lc_ld, op->o_req_dn.bv_val, modv,			ctrls, NULL, &msgid );	rc = ldap_back_op_result( lc, op, rs, msgid,		li->li_timeout[ SLAP_OP_MODIFY ],		( LDAP_BACK_SENDRESULT | retrying ) );	if ( rs->sr_err == LDAP_UNAVAILABLE && retrying ) {		retrying &= ~LDAP_BACK_RETRYING;		if ( ldap_back_retry( &lc, op, rs, LDAP_BACK_SENDERR ) ) {			/* if the identity changed, there might be need to re-authz */			(void)ldap_back_controls_free( op, rs, &ctrls );			goto retry;		}	}	ldap_pvt_thread_mutex_lock( &li->li_counter_mutex );	ldap_pvt_mp_add( li->li_ops_completed[ SLAP_OP_MODIFY ], 1 );	ldap_pvt_thread_mutex_unlock( &li->li_counter_mutex );cleanup:;	(void)ldap_back_controls_free( op, rs, &ctrls );	for ( i = 0; modv[ i ]; i++ ) {		ch_free( modv[ i ]->mod_bvalues );	}	ch_free( modv );//.........这里部分代码省略.........

//.........这里部分代码省略.........				(void)backsql_entry_addattr( bsi->bsi_e, 						at->bam_true_ad, &bv,						bsi->bsi_op->o_tmpmemctx );#else /* BACKSQL_COUNTQUERY */				if ( normfunc ) {					struct berval	nbv;					retval = (*normfunc)( SLAP_MR_VALUE_OF_ATTRIBUTE_SYNTAX,						at->bam_true_ad->ad_type->sat_syntax,						at->bam_true_ad->ad_type->sat_equality,						&bv, &nbv,						bsi->bsi_op->o_tmpmemctx );					if ( retval != LDAP_SUCCESS ) {						char	buf[ SLAP_TEXT_BUFLEN ];						/* FIXME: we're ignoring invalid values,						 * but we're accepting the attributes;						 * should we fail at all? */						snprintf( buf, sizeof( buf ),							"unable to normalize value #%lu "							"of AttributeDescription %s",							k - oldcount,							at->bam_ad->ad_cname.bv_val );						Debug( LDAP_DEBUG_TRACE,							"==>backsql_get_attr_vals(/"%s/"): "							"%s (%d)/n",							bsi->bsi_e->e_name.bv_val, buf, retval );#ifdef BACKSQL_PRETTY_VALIDATE						if ( pretty ) {							bsi->bsi_op->o_tmpfree( bv.bv_val,									bsi->bsi_op->o_tmpmemctx );						}#endif /* BACKSQL_PRETTY_VALIDATE */						continue;					}					ber_dupbv( &attr->a_nvals[ j ], &nbv );					bsi->bsi_op->o_tmpfree( nbv.bv_val,							bsi->bsi_op->o_tmpmemctx );				}				ber_dupbv( &attr->a_vals[ j ], &bv );				assert( j < oldcount + count );				j++;#endif /* BACKSQL_COUNTQUERY */#ifdef BACKSQL_PRETTY_VALIDATE				if ( pretty ) {					bsi->bsi_op->o_tmpfree( bv.bv_val,							bsi->bsi_op->o_tmpmemctx );				}#endif /* BACKSQL_PRETTY_VALIDATE */#ifdef BACKSQL_TRACE				Debug( LDAP_DEBUG_TRACE, "prec=%d/n",					(int)row.col_prec[ i ], 0, 0 );			} else {      				Debug( LDAP_DEBUG_TRACE, "NULL value "					"in this row for attribute /"%s/"/n",					row.col_names[ i ].bv_val, 0, 0 );#endif /* BACKSQL_TRACE */			}		}	}#ifdef BACKSQL_COUNTQUERY	if ( BER_BVISNULL( &attr->a_vals[ 0 ] ) ) {		/* don't leave around attributes with no values */		attr_free( attr );	} else if ( append ) {		Attribute	**ap;		for ( ap = &bsi->bsi_e->e_attrs; (*ap) != NULL; ap = &(*ap)->a_next )			/* goto last */ ;		*ap =  attr;	}#endif /* BACKSQL_COUNTQUERY */	SQLFreeStmt( sth, SQL_DROP );	Debug( LDAP_DEBUG_TRACE, "<==backsql_get_attr_vals()/n", 0, 0, 0 );	if ( at->bam_next ) {		res = backsql_get_attr_vals( at->bam_next, v_bsi );	} else {		res = 1;	}#ifdef BACKSQL_TRACEdone:;#endif /* BACKSQL_TRACE */	backsql_FreeRow_x( &row, bsi->bsi_op->o_tmpmemctx );	return res;}

/* * NOTE: the dn must be normalized */intbacksql_dn2id(	Operation		*op,	SlapReply		*rs,	SQLHDBC			dbh,	struct berval		*ndn,	backsql_entryID		*id,	int			matched,	int			muck ){	backsql_info		*bi = op->o_bd->be_private;	SQLHSTMT		sth = SQL_NULL_HSTMT; 	BACKSQL_ROW_NTS		row = { 0 };	RETCODE 		rc;	int			res;	struct berval		realndn = BER_BVNULL;	/* TimesTen */	char			upperdn[ BACKSQL_MAX_DN_LEN + 1 ];	struct berval		tbbDN;	int			i, j;	/*	 * NOTE: id can be NULL; in this case, the function	 * simply checks whether the DN can be successfully 	 * turned into an ID, returning LDAP_SUCCESS for	 * positive cases, or the most appropriate error	 */	Debug( LDAP_DEBUG_TRACE, "==>backsql_dn2id(/"%s/")%s%s/n", 			ndn->bv_val, id == NULL ? " (no ID expected)" : "",			matched ? " matched expected" : "" );	if ( id ) {		/* NOTE: trap inconsistencies */		assert( BER_BVISNULL( &id->eid_ndn ) );	}	if ( ndn->bv_len > BACKSQL_MAX_DN_LEN ) {		Debug( LDAP_DEBUG_TRACE, 			"   backsql_dn2id(/"%s/"): DN length=%ld "			"exceeds max DN length %d:/n",			ndn->bv_val, ndn->bv_len, BACKSQL_MAX_DN_LEN );		return LDAP_OTHER;	}	/* return baseObject if available and matches */	/* FIXME: if ndn is already mucked, we cannot check this */	if ( bi->sql_baseObject != NULL &&			dn_match( ndn, &bi->sql_baseObject->e_nname ) )	{		if ( id != NULL ) {#ifdef BACKSQL_ARBITRARY_KEY			ber_dupbv_x( &id->eid_id, &backsql_baseObject_bv,					op->o_tmpmemctx );			ber_dupbv_x( &id->eid_keyval, &backsql_baseObject_bv,					op->o_tmpmemctx );#else /* ! BACKSQL_ARBITRARY_KEY */			id->eid_id = BACKSQL_BASEOBJECT_ID;			id->eid_keyval = BACKSQL_BASEOBJECT_KEYVAL;#endif /* ! BACKSQL_ARBITRARY_KEY */			id->eid_oc_id = BACKSQL_BASEOBJECT_OC;			ber_dupbv_x( &id->eid_ndn, &bi->sql_baseObject->e_nname,					op->o_tmpmemctx );			ber_dupbv_x( &id->eid_dn, &bi->sql_baseObject->e_name,					op->o_tmpmemctx );			id->eid_next = NULL;		}		return LDAP_SUCCESS;	}		/* begin TimesTen */	assert( bi->sql_id_query != NULL );	Debug( LDAP_DEBUG_TRACE, "   backsql_dn2id(/"%s/"): id_query /"%s/"/n",			ndn->bv_val, bi->sql_id_query, 0 ); 	rc = backsql_Prepare( dbh, &sth, bi->sql_id_query, 0 );	if ( rc != SQL_SUCCESS ) {		Debug( LDAP_DEBUG_TRACE, 			"   backsql_dn2id(/"%s/"): "			"error preparing SQL:/n   %s", 			ndn->bv_val, bi->sql_id_query, 0 );		backsql_PrintErrors( bi->sql_db_env, dbh, sth, rc );		res = LDAP_OTHER;		goto done;	}	realndn = *ndn;	if ( muck ) {		if ( backsql_api_dn2odbc( op, rs, &realndn ) ) {			Debug( LDAP_DEBUG_TRACE, "   backsql_dn2id(/"%s/"): "				"backsql_api_dn2odbc(/"%s/") failed/n", 				ndn->bv_val, realndn.bv_val, 0 );			res = LDAP_OTHER;			goto done;//.........这里部分代码省略.........

intbacksql_modrdn( Operation *op, SlapReply *rs ){	backsql_info		*bi = (backsql_info*)op->o_bd->be_private;	SQLHDBC			dbh = SQL_NULL_HDBC;	SQLHSTMT		sth = SQL_NULL_HSTMT;	RETCODE			rc;	backsql_entryID		e_id = BACKSQL_ENTRYID_INIT,				n_id = BACKSQL_ENTRYID_INIT;	backsql_srch_info	bsi = { 0 };	backsql_oc_map_rec	*oc = NULL;	struct berval		pdn = BER_BVNULL, pndn = BER_BVNULL,				*new_pdn = NULL, *new_npdn = NULL,				new_dn = BER_BVNULL, new_ndn = BER_BVNULL,				realnew_dn = BER_BVNULL;	Entry			r = { 0 },				p = { 0 },				n = { 0 },				*e = NULL;	int			manageDSAit = get_manageDSAit( op );	struct berval		*newSuperior = op->oq_modrdn.rs_newSup; 	Debug( LDAP_DEBUG_TRACE, "==>backsql_modrdn() renaming entry /"%s/", "			"newrdn=/"%s/", newSuperior=/"%s/"/n",			op->o_req_dn.bv_val, op->oq_modrdn.rs_newrdn.bv_val, 			newSuperior ? newSuperior->bv_val : "(NULL)" );	rs->sr_err = backsql_get_db_conn( op, &dbh );	if ( rs->sr_err != LDAP_SUCCESS ) {		Debug( LDAP_DEBUG_TRACE, "   backsql_modrdn(): "			"could not get connection handle - exiting/n", 			0, 0, 0 );		rs->sr_text = ( rs->sr_err == LDAP_OTHER )			?  "SQL-backend error" : NULL;		e = NULL;		goto done;	}	bsi.bsi_e = &r;	rs->sr_err = backsql_init_search( &bsi, &op->o_req_ndn,			LDAP_SCOPE_BASE, 			(time_t)(-1), NULL, dbh, op, rs,			slap_anlist_all_attributes,			( BACKSQL_ISF_MATCHED | BACKSQL_ISF_GET_ENTRY | BACKSQL_ISF_GET_OC ) );	switch ( rs->sr_err ) {	case LDAP_SUCCESS:		break;	case LDAP_REFERRAL:		if ( manageDSAit && !BER_BVISNULL( &bsi.bsi_e->e_nname ) &&				dn_match( &op->o_req_ndn, &bsi.bsi_e->e_nname ) )		{			rs->sr_err = LDAP_SUCCESS;			rs->sr_text = NULL;			rs->sr_matched = NULL;			if ( rs->sr_ref ) {				ber_bvarray_free( rs->sr_ref );				rs->sr_ref = NULL;			}			break;		}		e = &r;		/* fallthru */	default:		Debug( LDAP_DEBUG_TRACE, "backsql_modrdn(): "			"could not retrieve modrdnDN ID - no such entry/n", 			0, 0, 0 );		if ( !BER_BVISNULL( &r.e_nname ) ) {			/* FIXME: should always be true! */			e = &r;		} else {			e = NULL;		}		goto done;	}#ifdef BACKSQL_ARBITRARY_KEY	Debug( LDAP_DEBUG_TRACE, "   backsql_modrdn(): entry id=%s/n",		e_id.eid_id.bv_val, 0, 0 );#else /* ! BACKSQL_ARBITRARY_KEY */	Debug( LDAP_DEBUG_TRACE, "   backsql_modrdn(): entry id=%ld/n",		e_id.eid_id, 0, 0 );#endif /* ! BACKSQL_ARBITRARY_KEY */	if ( get_assert( op ) &&			( test_filter( op, &r, get_assertion( op ) )			  != LDAP_COMPARE_TRUE ) )	{		rs->sr_err = LDAP_ASSERTION_FAILED;		e = &r;		goto done;	}	if ( backsql_has_children( op, dbh, &op->o_req_ndn ) == LDAP_COMPARE_TRUE ) {		Debug( LDAP_DEBUG_TRACE, "   backsql_modrdn(): "			"entry /"%s/" has children/n",			op->o_req_dn.bv_val, 0, 0 );		rs->sr_err = LDAP_NOT_ALLOWED_ON_NONLEAF;//.........这里部分代码省略.........

intslap_parse_modlist(	Operation *op,	SlapReply *rs,	BerElement *ber,	req_modify_s *ms ){	ber_tag_t	tag;	ber_len_t	len;	char		*last;	Modifications	**modtail = &ms->rs_mods.rs_modlist;	ms->rs_mods.rs_modlist = NULL;	ms->rs_increment = 0;	rs->sr_err = LDAP_SUCCESS;	/* collect modifications & save for later */	for ( tag = ber_first_element( ber, &len, &last );		tag != LBER_DEFAULT;		tag = ber_next_element( ber, &len, last ) )	{		ber_int_t mop;		Modifications tmp, *mod;		tmp.sml_nvalues = NULL;		if ( ber_scanf( ber, "{e{m[W]}}", &mop,		    &tmp.sml_type, &tmp.sml_values ) == LBER_ERROR )		{			rs->sr_text = "decoding modlist error";			rs->sr_err = LDAP_PROTOCOL_ERROR;			goto done;		}		mod = (Modifications *) ch_malloc( sizeof(Modifications) );		mod->sml_op = mop;		mod->sml_flags = 0;		mod->sml_type = tmp.sml_type;		mod->sml_values = tmp.sml_values;		mod->sml_nvalues = NULL;		mod->sml_desc = NULL;		mod->sml_next = NULL;		*modtail = mod;		switch( mop ) {		case LDAP_MOD_ADD:			if ( mod->sml_values == NULL ) {				rs->sr_text = "modify/add operation requires values";				rs->sr_err = LDAP_PROTOCOL_ERROR;				goto done;			}			/* fall through */		case LDAP_MOD_DELETE:		case LDAP_MOD_REPLACE:			break;		case LDAP_MOD_INCREMENT:			if( op->o_protocol >= LDAP_VERSION3 ) {				ms->rs_increment++;				if ( mod->sml_values == NULL ) {					rs->sr_text = "modify/increment operation requires value";					rs->sr_err = LDAP_PROTOCOL_ERROR;					goto done;				}				if ( !BER_BVISNULL( &mod->sml_values[ 1 ] ) ) {					rs->sr_text = "modify/increment operation requires single value";					rs->sr_err = LDAP_PROTOCOL_ERROR;					goto done;				}				break;			}			/* fall thru */		default:			rs->sr_text = "unrecognized modify operation";			rs->sr_err = LDAP_PROTOCOL_ERROR;			goto done;		}		modtail = &mod->sml_next;	}	*modtail = NULL;done:	if ( rs->sr_err != LDAP_SUCCESS ) {		slap_mods_free( ms->rs_mods.rs_modlist, 1 );		ms->rs_mods.rs_modlist = NULL;		ms->rs_increment = 0;	}	return rs->sr_err;}

static int sssvlv_op_response(	Operation	*op,	SlapReply	*rs ){	sort_ctrl *sc = op->o_controls[sss_cid];	sort_op *so = op->o_callback->sc_private;	if ( rs->sr_type == REP_SEARCH ) {		int i;		size_t len;		sort_node *sn, *sn2;		struct berval *bv;		char *ptr;		len = sizeof(sort_node) + sc->sc_nkeys * sizeof(struct berval) +			rs->sr_entry->e_nname.bv_len + 1;		sn = op->o_tmpalloc( len, op->o_tmpmemctx );		sn->sn_vals = (struct berval *)(sn+1);		/* Build tmp list of key values */		for ( i=0; i<sc->sc_nkeys; i++ ) {			Attribute *a = attr_find( rs->sr_entry->e_attrs,				sc->sc_keys[i].sk_ad );			if ( a ) {				if ( a->a_numvals > 1 ) {					bv = select_value( a, &sc->sc_keys[i] );				} else {					bv = a->a_nvals;				}				sn->sn_vals[i] = *bv;				len += bv->bv_len + 1;			} else {				BER_BVZERO( &sn->sn_vals[i] );			}		}		/* Now dup into regular memory */		sn2 = ch_malloc( len );		sn2->sn_vals = (struct berval *)(sn2+1);		memcpy( sn2->sn_vals, sn->sn_vals,				sc->sc_nkeys * sizeof(struct berval));		ptr = (char *)(sn2->sn_vals + sc->sc_nkeys);		sn2->sn_dn.bv_val = ptr;		sn2->sn_dn.bv_len = rs->sr_entry->e_nname.bv_len;		memcpy( ptr, rs->sr_entry->e_nname.bv_val,			rs->sr_entry->e_nname.bv_len );		ptr += rs->sr_entry->e_nname.bv_len;		*ptr++ = '/0';		for ( i=0; i<sc->sc_nkeys; i++ ) {			if ( !BER_BVISNULL( &sn2->sn_vals[i] )) {				memcpy(ptr, sn2->sn_vals[i].bv_val, sn2->sn_vals[i].bv_len);				sn2->sn_vals[i].bv_val = ptr;				ptr += sn2->sn_vals[i].bv_len;				*ptr++ = '/0';			}		}		op->o_tmpfree( sn, op->o_tmpmemctx );		sn = sn2;		sn->sn_conn = op->o_conn->c_conn_idx;		sn->sn_session = find_session_by_so( so->so_info->svi_max_percon, op->o_conn->c_conn_idx, so );		/* Insert into the AVL tree */		tavl_insert(&(so->so_tree), sn, node_insert, avl_dup_error);		so->so_nentries++;		/* Collected the keys so that they can be sorted.  Thus, stop		 * the entry from propagating.		 */		rs->sr_err = LDAP_SUCCESS;	}	else if ( rs->sr_type == REP_RESULT ) {		/* Remove serversort response callback.		 * We don't want the entries that we are about to send to be		 * processed by serversort response again.		 */		if ( op->o_callback->sc_response == sssvlv_op_response ) {			op->o_callback = op->o_callback->sc_next;		}		send_entry( op, rs, so );		send_result( op, rs, so );	}	return rs->sr_err;}

intdo_modify(    Operation	*op,    SlapReply	*rs ){	struct berval dn = BER_BVNULL;	char		textbuf[ SLAP_TEXT_BUFLEN ];	size_t		textlen = sizeof( textbuf );#ifdef LDAP_DEBUG	Modifications	*tmp;#endif	Debug( LDAP_DEBUG_TRACE, "%s do_modify/n",		op->o_log_prefix, 0, 0 );	/*	 * Parse the modify request.  It looks like this:	 *	 *	ModifyRequest := [APPLICATION 6] SEQUENCE {	 *		name	DistinguishedName,	 *		mods	SEQUENCE OF SEQUENCE {	 *			operation	ENUMERATED {	 *				add	(0),	 *				delete	(1),	 *				replace	(2)	 *			},	 *			modification	SEQUENCE {	 *				type	AttributeType,	 *				values	SET OF AttributeValue	 *			}	 *		}	 *	}	 */	if ( ber_scanf( op->o_ber, "{m" /*}*/, &dn ) == LBER_ERROR ) {		Debug( LDAP_DEBUG_ANY, "%s do_modify: ber_scanf failed/n",			op->o_log_prefix, 0, 0 );		send_ldap_discon( op, rs, LDAP_PROTOCOL_ERROR, "decoding error" );		return SLAPD_DISCONNECT;	}	Debug( LDAP_DEBUG_ARGS, "%s do_modify: dn (%s)/n",		op->o_log_prefix, dn.bv_val, 0 );	rs->sr_err = slap_parse_modlist( op, rs, op->o_ber, &op->oq_modify );	if ( rs->sr_err != LDAP_SUCCESS ) {		Debug( LDAP_DEBUG_ANY, "%s do_modify: slap_parse_modlist failed err=%d msg=%s/n",			op->o_log_prefix, rs->sr_err, rs->sr_text );		goto cleanup;	}	if( get_ctrls( op, rs, 1 ) != LDAP_SUCCESS ) {		Debug( LDAP_DEBUG_ANY, "%s do_modify: get_ctrls failed/n",			op->o_log_prefix, 0, 0 );		goto cleanup;	}	rs->sr_err = dnPrettyNormal( NULL, &dn, &op->o_req_dn, &op->o_req_ndn,		op->o_tmpmemctx );	if( rs->sr_err != LDAP_SUCCESS ) {		Debug( LDAP_DEBUG_ANY, "%s do_modify: invalid dn (%s)/n",			op->o_log_prefix, dn.bv_val, 0 );		send_ldap_error( op, rs, LDAP_INVALID_DN_SYNTAX, "invalid DN" );		goto cleanup;	}	op->orm_no_opattrs = 0;#ifdef LDAP_DEBUG	Debug( LDAP_DEBUG_ARGS, "%s modifications:/n",			op->o_log_prefix, 0, 0 );	for ( tmp = op->orm_modlist; tmp != NULL; tmp = tmp->sml_next ) {		Debug( LDAP_DEBUG_ARGS, "/t%s: %s/n",			tmp->sml_op == LDAP_MOD_ADD ? "add" :				(tmp->sml_op == LDAP_MOD_INCREMENT ? "increment" :				(tmp->sml_op == LDAP_MOD_DELETE ? "delete" :					"replace")), tmp->sml_type.bv_val, 0 );		if ( tmp->sml_values == NULL ) {			Debug( LDAP_DEBUG_ARGS, "%s/n",			   "/t/tno values", NULL, NULL );		} else if ( BER_BVISNULL( &tmp->sml_values[ 0 ] ) ) {			Debug( LDAP_DEBUG_ARGS, "%s/n",			   "/t/tzero values", NULL, NULL );		} else if ( BER_BVISNULL( &tmp->sml_values[ 1 ] ) ) {			Debug( LDAP_DEBUG_ARGS, "%s, length %ld/n",			   "/t/tone value", (long) tmp->sml_values[0].bv_len, NULL );		} else {			Debug( LDAP_DEBUG_ARGS, "%s/n",			   "/t/tmultiple values", NULL, NULL );		}	}	if ( StatslogTest( LDAP_DEBUG_STATS ) ) {		char abuf[BUFSIZ/2], *ptr = abuf;		int len = 0;		Statslog( LDAP_DEBUG_STATS, "%s MOD dn=/"%s/"/n",			op->o_log_prefix, op->o_req_dn.bv_val, 0, 0, 0 );//.........这里部分代码省略.........

voidslapi_int_connection_done_pb( Slapi_PBlock *pb ){	Connection		*conn;	Operation		*op;	PBLOCK_ASSERT_INTOP( pb, 0 );	conn = pb->pb_conn;	op = pb->pb_op;	/* free allocated DNs */	if ( !BER_BVISNULL( &op->o_dn ) )		op->o_tmpfree( op->o_dn.bv_val, op->o_tmpmemctx );	if ( !BER_BVISNULL( &op->o_ndn ) )		op->o_tmpfree( op->o_ndn.bv_val, op->o_tmpmemctx );	if ( !BER_BVISNULL( &op->o_req_dn ) )		op->o_tmpfree( op->o_req_dn.bv_val, op->o_tmpmemctx );	if ( !BER_BVISNULL( &op->o_req_ndn ) )		op->o_tmpfree( op->o_req_ndn.bv_val, op->o_tmpmemctx );	switch ( op->o_tag ) {	case LDAP_REQ_MODRDN:		if ( !BER_BVISNULL( &op->orr_newrdn ))			op->o_tmpfree( op->orr_newrdn.bv_val, op->o_tmpmemctx );		if ( !BER_BVISNULL( &op->orr_nnewrdn ))			op->o_tmpfree( op->orr_nnewrdn.bv_val, op->o_tmpmemctx );		if ( op->orr_newSup != NULL ) {			assert( !BER_BVISNULL( op->orr_newSup ) );			op->o_tmpfree( op->orr_newSup->bv_val, op->o_tmpmemctx );			op->o_tmpfree( op->orr_newSup, op->o_tmpmemctx );		}		if ( op->orr_nnewSup != NULL ) {			assert( !BER_BVISNULL( op->orr_nnewSup ) );			op->o_tmpfree( op->orr_nnewSup->bv_val, op->o_tmpmemctx );			op->o_tmpfree( op->orr_nnewSup, op->o_tmpmemctx );		}		slap_mods_free( op->orr_modlist, 1 );		break;	case LDAP_REQ_ADD:		slap_mods_free( op->ora_modlist, 0 );		break;	case LDAP_REQ_MODIFY:		slap_mods_free( op->orm_modlist, 1 );		break;	case LDAP_REQ_SEARCH:		if ( op->ors_attrs != NULL ) {			op->o_tmpfree( op->ors_attrs, op->o_tmpmemctx );			op->ors_attrs = NULL;		}		break;	default:		break;	}	slapi_ch_free_string( &conn->c_authmech.bv_val );	slapi_ch_free_string( &conn->c_dn.bv_val );	slapi_ch_free_string( &conn->c_ndn.bv_val );	slapi_ch_free_string( &conn->c_peer_domain.bv_val );	slapi_ch_free_string( &conn->c_peer_name.bv_val );	if ( conn->c_sb != NULL ) {		ber_sockbuf_free( conn->c_sb );	}	slapi_int_free_object_extensions( SLAPI_X_EXT_OPERATION, op );	slapi_int_free_object_extensions( SLAPI_X_EXT_CONNECTION, conn );	slapi_ch_free( (void **)&pb->pb_op->o_callback );	slapi_ch_free( (void **)&pb->pb_op );	slapi_ch_free( (void **)&pb->pb_conn );	slapi_ch_free( (void **)&pb->pb_rs );}

/* Called for all modify and modrdn ops. If the current op was replicated * from elsewhere, all of the attrs should already be present. */void slap_mods_opattrs(	Operation *op,	Modifications **modsp,	int manage_ctxcsn ){	struct berval name, timestamp, csn = BER_BVNULL;	struct berval nname;	char timebuf[ LDAP_LUTIL_GENTIME_BUFSIZE ];	char csnbuf[ LDAP_LUTIL_CSNSTR_BUFSIZE ];	Modifications *mod, **modtail, *modlast;	int gotcsn = 0, gotmname = 0, gotmtime = 0;	if ( SLAP_LASTMOD( op->o_bd ) && !op->orm_no_opattrs ) {		char *ptr;		timestamp.bv_val = timebuf;		for ( modtail = modsp; *modtail; modtail = &(*modtail)->sml_next ) {			if ( (*modtail)->sml_op != LDAP_MOD_ADD &&				(*modtail)->sml_op != SLAP_MOD_SOFTADD &&				(*modtail)->sml_op != LDAP_MOD_REPLACE )			{				continue;			}			if ( (*modtail)->sml_desc == slap_schema.si_ad_entryCSN )			{				csn = (*modtail)->sml_values[0];				gotcsn = 1;			} else if ( (*modtail)->sml_desc == slap_schema.si_ad_modifiersName )			{				gotmname = 1;			} else if ( (*modtail)->sml_desc == slap_schema.si_ad_modifyTimestamp )			{				gotmtime = 1;			}		}		if ( BER_BVISEMPTY( &op->o_csn )) {			if ( !gotcsn ) {				csn.bv_val = csnbuf;				csn.bv_len = sizeof( csnbuf );				slap_get_csn( op, &csn, manage_ctxcsn );			} else {				if ( manage_ctxcsn ) {					slap_queue_csn( op, &csn );				}			}		} else {			csn = op->o_csn;		}		ptr = ber_bvchr( &csn, '#' );		if ( ptr ) {			timestamp.bv_len = STRLENOF("YYYYMMDDHHMMSSZ");			AC_MEMCPY( timebuf, csn.bv_val, timestamp.bv_len );			timebuf[timestamp.bv_len-1] = 'Z';			timebuf[timestamp.bv_len] = '/0';		} else {			time_t now = slap_get_time();			timestamp.bv_len = sizeof(timebuf);			slap_timestamp( &now, &timestamp );		}		if ( BER_BVISEMPTY( &op->o_dn ) ) {			BER_BVSTR( &name, SLAPD_ANONYMOUS );			nname = name;		} else {			name = op->o_dn;			nname = op->o_ndn;		}		if ( !gotcsn ) {			mod = (Modifications *) ch_malloc( sizeof( Modifications ) );			mod->sml_op = LDAP_MOD_REPLACE;			mod->sml_flags = SLAP_MOD_INTERNAL;			mod->sml_next = NULL;			BER_BVZERO( &mod->sml_type );			mod->sml_desc = slap_schema.si_ad_entryCSN;			mod->sml_numvals = 1;			mod->sml_values = (BerVarray) ch_malloc( 2 * sizeof( struct berval ) );			ber_dupbv( &mod->sml_values[0], &csn );			BER_BVZERO( &mod->sml_values[1] );			assert( !BER_BVISNULL( &mod->sml_values[0] ) );			mod->sml_nvalues = NULL;			*modtail = mod;			modlast = mod;			modtail = &mod->sml_next;		}		if ( !gotmname ) {//.........这里部分代码省略.........

intslapi_add_internal_pb( Slapi_PBlock *pb ){	SlapReply		*rs;	Slapi_Entry		*entry_orig = NULL;	OpExtraDB oex;	int rc;	if ( pb == NULL ) {		return -1;	}	PBLOCK_ASSERT_INTOP( pb, LDAP_REQ_ADD );	rs = pb->pb_rs;	entry_orig = pb->pb_op->ora_e;	pb->pb_op->ora_e = NULL;	/*	 * The caller can specify a new entry, or a target DN and set	 * of modifications, but not both.	 */	if ( entry_orig != NULL ) {		if ( pb->pb_op->ora_modlist != NULL || !BER_BVISNULL( &pb->pb_op->o_req_ndn )) {			rs->sr_err = LDAP_PARAM_ERROR;			goto cleanup;		}		assert( BER_BVISNULL( &pb->pb_op->o_req_dn ) ); /* shouldn't get set */		ber_dupbv( &pb->pb_op->o_req_dn, &entry_orig->e_name );		ber_dupbv( &pb->pb_op->o_req_ndn, &entry_orig->e_nname );	} else if ( pb->pb_op->ora_modlist == NULL || BER_BVISNULL( &pb->pb_op->o_req_ndn )) {		rs->sr_err = LDAP_PARAM_ERROR;		goto cleanup;	}	pb->pb_op->ora_e = (Entry *)slapi_ch_calloc( 1, sizeof(Entry) );	ber_dupbv( &pb->pb_op->ora_e->e_name,  &pb->pb_op->o_req_dn );	ber_dupbv( &pb->pb_op->ora_e->e_nname, &pb->pb_op->o_req_ndn );	if ( entry_orig != NULL ) {		assert( pb->pb_op->ora_modlist == NULL );		rs->sr_err = slap_entry2mods( entry_orig, &pb->pb_op->ora_modlist,			&rs->sr_text, pb->pb_textbuf, sizeof( pb->pb_textbuf ) );		if ( rs->sr_err != LDAP_SUCCESS ) {			goto cleanup;		}	} else {		assert( pb->pb_op->ora_modlist != NULL );	}	rs->sr_err = slap_mods_check( pb->pb_op, pb->pb_op->ora_modlist, &rs->sr_text,		pb->pb_textbuf, sizeof( pb->pb_textbuf ), NULL );	if ( rs->sr_err != LDAP_SUCCESS ) {                goto cleanup;        }	/* Duplicate the values, because we may call slapi_entry_free() */	rs->sr_err = slap_mods2entry( pb->pb_op->ora_modlist, &pb->pb_op->ora_e,		1, 0, &rs->sr_text, pb->pb_textbuf, sizeof( pb->pb_textbuf ) );	if ( rs->sr_err != LDAP_SUCCESS ) {		goto cleanup;	}	oex.oe.oe_key = (void *)do_add;	oex.oe_db = NULL;	LDAP_SLIST_INSERT_HEAD(&pb->pb_op->o_extra, &oex.oe, oe_next);	rc = slapi_int_func_internal_pb( pb, op_add );	LDAP_SLIST_REMOVE(&pb->pb_op->o_extra, &oex.oe, OpExtra, oe_next);	if ( !rc ) {		if ( pb->pb_op->ora_e != NULL && oex.oe_db != NULL ) {			BackendDB	*bd = pb->pb_op->o_bd;			pb->pb_op->o_bd = oex.oe_db;			be_entry_release_w( pb->pb_op, pb->pb_op->ora_e );			pb->pb_op->ora_e = NULL;			pb->pb_op->o_bd = bd;		}	}cleanup:	if ( pb->pb_op->ora_e != NULL ) {		slapi_entry_free( pb->pb_op->ora_e );		pb->pb_op->ora_e = NULL;	}	if ( entry_orig != NULL ) {		pb->pb_op->ora_e = entry_orig;		slap_mods_free( pb->pb_op->ora_modlist, 1 );		pb->pb_op->ora_modlist = NULL;	}	return 0;}

intdo_extended(    Operation	*op,    SlapReply	*rs){	struct berval reqdata = {0, NULL};	ber_len_t len;	Debug( LDAP_DEBUG_TRACE, "%s do_extended/n",		op->o_log_prefix, 0, 0 );	if( op->o_protocol < LDAP_VERSION3 ) {		Debug( LDAP_DEBUG_ANY, "%s do_extended: protocol version (%d) too low/n",			op->o_log_prefix, op->o_protocol, 0 );		send_ldap_discon( op, rs, LDAP_PROTOCOL_ERROR, "requires LDAPv3" );		rs->sr_err = SLAPD_DISCONNECT;		goto done;	}	if ( ber_scanf( op->o_ber, "{m" /*}*/, &op->ore_reqoid ) == LBER_ERROR ) {		Debug( LDAP_DEBUG_ANY, "%s do_extended: ber_scanf failed/n",			op->o_log_prefix, 0, 0 );		send_ldap_discon( op, rs, LDAP_PROTOCOL_ERROR, "decoding error" );		rs->sr_err = SLAPD_DISCONNECT;		goto done;	}	if( ber_peek_tag( op->o_ber, &len ) == LDAP_TAG_EXOP_REQ_VALUE ) {		if( ber_scanf( op->o_ber, "m", &reqdata ) == LBER_ERROR ) {			Debug( LDAP_DEBUG_ANY, "%s do_extended: ber_scanf failed/n",				op->o_log_prefix, 0, 0 );			send_ldap_discon( op, rs, LDAP_PROTOCOL_ERROR, "decoding error" );			rs->sr_err = SLAPD_DISCONNECT;			goto done;		}	}	if( get_ctrls( op, rs, 1 ) != LDAP_SUCCESS ) {		Debug( LDAP_DEBUG_ANY, "%s do_extended: get_ctrls failed/n",			op->o_log_prefix, 0, 0 );		return rs->sr_err;	} 	Statslog( LDAP_DEBUG_STATS, "%s EXT oid=%s/n",	    op->o_log_prefix, op->ore_reqoid.bv_val, 0, 0, 0 );	/* check for controls inappropriate for all extended operations */	if( get_manageDSAit( op ) == SLAP_CONTROL_CRITICAL ) {		send_ldap_error( op, rs,			LDAP_UNAVAILABLE_CRITICAL_EXTENSION,			"manageDSAit control inappropriate" );		goto done;	}	/* FIXME: temporary? */	if ( reqdata.bv_val ) {		op->ore_reqdata = &reqdata;	}	op->o_bd = frontendDB;	rs->sr_err = frontendDB->be_extended( op, rs );	/* clean up in case some overlay set them? */	if ( !BER_BVISNULL( &op->o_req_ndn ) ) {		if ( !BER_BVISNULL( &op->o_req_dn )			&& op->o_req_ndn.bv_val != op->o_req_dn.bv_val )		{			op->o_tmpfree( op->o_req_dn.bv_val, op->o_tmpmemctx );		}		op->o_tmpfree( op->o_req_ndn.bv_val, op->o_tmpmemctx );		BER_BVZERO( &op->o_req_dn );		BER_BVZERO( &op->o_req_ndn );	}done:	return rs->sr_err;}

static inttest_ava_vrFilter(	Operation	*op,	Attribute	*a,	AttributeAssertion *ava,	int		type,	char 		***e_flags ){	int 		i, j;	for ( i=0; a != NULL; a = a->a_next, i++ ) {		MatchingRule *mr;		struct berval *bv;			if ( !is_ad_subtype( a->a_desc, ava->aa_desc ) ) {			continue;		}		switch ( type ) {		case LDAP_FILTER_APPROX:			mr = a->a_desc->ad_type->sat_approx;			if( mr != NULL ) break;			/* use EQUALITY matching rule if no APPROX rule */		case LDAP_FILTER_EQUALITY:			mr = a->a_desc->ad_type->sat_equality;			break;				case LDAP_FILTER_GE:		case LDAP_FILTER_LE:			mr = a->a_desc->ad_type->sat_ordering;			break;		default:			mr = NULL;		}		if( mr == NULL ) continue;		bv = a->a_nvals;		for ( j=0; !BER_BVISNULL( bv ); bv++, j++ ) {			int rc, match;			const char *text;			rc = value_match( &match, a->a_desc, mr, 0,				bv, &ava->aa_value, &text );			if( rc != LDAP_SUCCESS ) return rc;			switch ( type ) {			case LDAP_FILTER_EQUALITY:			case LDAP_FILTER_APPROX:				if ( match == 0 ) {					(*e_flags)[i][j] = 1;				}				break;				case LDAP_FILTER_GE:				if ( match >= 0 ) {					(*e_flags)[i][j] = 1;				}				break;				case LDAP_FILTER_LE:				if ( match <= 0 ) {					(*e_flags)[i][j] = 1;				}				break;			}		}	}	return LDAP_SUCCESS;}

static intdupent_parseCtrl (	Operation *op,	SlapReply *rs,	LDAPControl *ctrl ){	ber_tag_t tag;	BerElementBuffer berbuf;	BerElement *ber = (BerElement *)&berbuf;	ber_len_t len;	BerVarray AttributeDescriptionList = NULL;	ber_len_t cnt = sizeof(struct berval);	ber_len_t off = 0;	ber_int_t PartialApplicationAllowed = 1;	dupent_t *ds = NULL;	int i;	if ( op->o_dupent != SLAP_CONTROL_NONE ) {		rs->sr_text = "Dupent control specified multiple times";		return LDAP_PROTOCOL_ERROR;	}	if ( BER_BVISNULL( &ctrl->ldctl_value ) ) {		rs->sr_text = "Dupent control value is absent";		return LDAP_PROTOCOL_ERROR;	}	if ( BER_BVISEMPTY( &ctrl->ldctl_value ) ) {		rs->sr_text = "Dupent control value is empty";		return LDAP_PROTOCOL_ERROR;	}	ber_init2( ber, &ctrl->ldctl_value, 0 );	/*   DuplicateEntryRequest ::= SEQUENCE {         AttributeDescriptionList, -- from [RFC2251]         PartialApplicationAllowed BOOLEAN DEFAULT TRUE }         AttributeDescriptionList ::= SEQUENCE OF                 AttributeDescription             AttributeDescription ::= LDAPString             attributeDescription = AttributeType [ ";" <options> ] 	 */	tag = ber_skip_tag( ber, &len );	if ( tag != LBER_SEQUENCE ) return LDAP_INVALID_SYNTAX;	if ( ber_scanf( ber, "{M}", &AttributeDescriptionList, &cnt, off )		== LBER_ERROR )	{		rs->sr_text = "Dupent control: dupentSpec decoding error";		rs->sr_err = LDAP_PROTOCOL_ERROR;		goto done;	}	tag = ber_skip_tag( ber, &len );	if ( tag == LBER_BOOLEAN ) {		/* NOTE: PartialApplicationAllowed is ignored, since the control		 * can always be honored		 */		if ( ber_scanf( ber, "b", &PartialApplicationAllowed ) == LBER_ERROR )		{			rs->sr_text = "Dupent control: dupentSpec decoding error";			rs->sr_err = LDAP_PROTOCOL_ERROR;			goto done;		}		tag = ber_skip_tag( ber, &len );	}	if ( len || tag != LBER_DEFAULT ) {		rs->sr_text = "Dupent control: dupentSpec decoding error";		rs->sr_err = LDAP_PROTOCOL_ERROR;		goto done;	}	ds = (dupent_t *)op->o_tmpcalloc( 1,		sizeof(dupent_t) + sizeof(AttributeName)*cnt,		op->o_tmpmemctx );	ds->ds_paa = PartialApplicationAllowed;	if ( cnt == 0 ) {		ds->ds_flags |= SLAP_USERATTRS_YES;	} else {		int c;		ds->ds_an = (AttributeName *)&ds[ 1 ];		for ( i = 0, c = 0; i < cnt; i++ ) {			const char *text;			int j;			int rc;			AttributeDescription *ad = NULL;			if ( bvmatch( &AttributeDescriptionList[i],				slap_bv_all_user_attrs ) )			{//.........这里部分代码省略.........

static inttest_mra_vrFilter(	Operation	*op,	Attribute	*a,	MatchingRuleAssertion *mra,	char 		***e_flags ){	int	i, j;	for ( i = 0; a != NULL; a = a->a_next, i++ ) {		struct berval	*bv, assertedValue;		int		normalize_attribute = 0;		if ( mra->ma_desc ) {			if ( !is_ad_subtype( a->a_desc, mra->ma_desc ) ) {				continue;			}			assertedValue = mra->ma_value;		} else {			int rc;			const char	*text = NULL;			/* check if matching is appropriate */			if ( !mr_usable_with_at( mra->ma_rule, a->a_desc->ad_type ) ) {				continue;			}			rc = asserted_value_validate_normalize( a->a_desc, mra->ma_rule,				SLAP_MR_EXT|SLAP_MR_VALUE_OF_ASSERTION_SYNTAX,				&mra->ma_value, &assertedValue, &text, op->o_tmpmemctx );			if ( rc != LDAP_SUCCESS ) continue;		}		/* check match */		if ( mra->ma_rule == a->a_desc->ad_type->sat_equality ) {			bv = a->a_nvals;		} else {			bv = a->a_vals;			normalize_attribute = 1;		}							for ( j = 0; !BER_BVISNULL( bv ); bv++, j++ ) {			int		rc, match;			const char	*text;			struct berval	nbv = BER_BVNULL;			if ( normalize_attribute && mra->ma_rule->smr_normalize ) {				/* see comment in filterentry.c */				if ( mra->ma_rule->smr_normalize(						SLAP_MR_VALUE_OF_ATTRIBUTE_SYNTAX,						mra->ma_rule->smr_syntax,						mra->ma_rule,						bv, &nbv, op->o_tmpmemctx ) != LDAP_SUCCESS )				{					/* FIXME: stop processing? */					continue;				}			} else {				nbv = *bv;			}			rc = value_match( &match, a->a_desc, mra->ma_rule, 0,				&nbv, &assertedValue, &text );			if ( nbv.bv_val != bv->bv_val ) {				op->o_tmpfree( nbv.bv_val, op->o_tmpmemctx );			}			if ( rc != LDAP_SUCCESS ) return rc;			if ( match == 0 ) {				(*e_flags)[i][j] = 1;			}		}	}	return LDAP_SUCCESS;}

//.........这里部分代码省略.........							}							ldap_memvfree((void *)ap.restrict_lud->lud_attrs);							ap.restrict_lud->lud_attrs = NULL;						}						if (ap.restrict_lud->lud_dn != NULL) {							if (ap.restrict_lud->lud_dn[0] == '/0') {								ldap_memfree(ap.restrict_lud->lud_dn);								ap.restrict_lud->lud_dn = NULL;							} else {								struct berval dn, ndn;								int j;								ber_str2bv(ap.restrict_lud->lud_dn, 0, 0, &dn);								if (dnNormalize(0, NULL, NULL, &dn, &ndn, NULL)) {									/* cleanup */									snprintf( c->cr_msg, sizeof( c->cr_msg ),										"%s %s: restrict URI %s DN normalization failed",										c->argv[0], c->argv[1], arg );									rc = ARG_BAD_CONF;									goto done;								}								assert(c->be != NULL);								if (c->be->be_nsuffix == NULL) {									snprintf( c->cr_msg, sizeof( c->cr_msg ),										"%s %s: restrict URI requires suffix",										c->argv[0], c->argv[1] );									rc = ARG_BAD_CONF;									goto done;								}								for ( j = 0; !BER_BVISNULL(&c->be->be_nsuffix[j]); j++) {									if (dnIsSuffix(&ndn, &c->be->be_nsuffix[j])) break;								}								if (BER_BVISNULL(&c->be->be_nsuffix[j])) {									/* error */									snprintf( c->cr_msg, sizeof( c->cr_msg ),										"%s %s: restrict URI DN %s not within database naming context(s)",										c->argv[0], c->argv[1], dn.bv_val );									rc = ARG_BAD_CONF;									goto done;								}								ap.restrict_ndn = ndn;							}						}						if (ap.restrict_lud->lud_filter != NULL) {							ap.restrict_filter = str2filter(ap.restrict_lud->lud_filter);							if (ap.restrict_filter == NULL) {								/* error */								snprintf( c->cr_msg, sizeof( c->cr_msg ),									"%s %s: restrict URI filter %s invalid",									c->argv[0], c->argv[1], ap.restrict_lud->lud_filter );								rc = ARG_BAD_CONF;								goto done;							}						}						ber_str2bv(c->argv[argidx] + STRLENOF("restrict="), 0, 1, &ap.restrict_val);					} else {						/* cleanup */

//.........这里部分代码省略.........			 * a search for this value is likely not			 * to resolve to the appropriate backend;			 * later, the local subschemaSubentry is			 * added.			 *			 * We also eat entryDN because the frontend			 * will reattach it without checking if already			 * present...			 */			( void )ber_scanf( &ber, "x" /* [W] */ );			attr_free( attr );			continue;		}				if ( ber_scanf( &ber, "[W]", &attr->a_vals ) == LBER_ERROR				|| attr->a_vals == NULL )		{			/*			 * Note: attr->a_vals can be null when using			 * values result filter			 */			attr->a_vals = (struct berval *)&slap_dummy_bv;		}		validate = attr->a_desc->ad_type->sat_syntax->ssyn_validate;		pretty = attr->a_desc->ad_type->sat_syntax->ssyn_pretty;		if ( !validate && !pretty ) {			attr->a_nvals = NULL;			attr_free( attr );			goto next_attr;		}		for ( i = 0; !BER_BVISNULL( &attr->a_vals[i] ); i++ ) ;		last = i;		/*		 * check that each value is valid per syntax		 * and pretty if appropriate		 */		for ( i = 0; i<last; i++ ) {			struct berval	pval;			int		rc;			if ( pretty ) {				rc = ordered_value_pretty( attr->a_desc,					&attr->a_vals[i], &pval, NULL );			} else {				rc = ordered_value_validate( attr->a_desc,					&attr->a_vals[i], 0 );			}			if ( rc != LDAP_SUCCESS ) {				ObjectClass *oc;				/* check if, by chance, it's an undefined objectClass */				if ( attr->a_desc == slap_schema.si_ad_objectClass &&						( oc = oc_bvfind_undef( &attr->a_vals[i] ) ) != NULL )				{					ber_dupbv( &pval, &oc->soc_cname );					rc = LDAP_SUCCESS;				} else {					ber_memfree( attr->a_vals[i].bv_val );					if ( --last == i ) {

intbacksql_delete( Operation *op, SlapReply *rs ){    SQLHDBC 		dbh = SQL_NULL_HDBC;    SQLHSTMT		sth = SQL_NULL_HSTMT;    backsql_oc_map_rec	*oc = NULL;    backsql_srch_info	bsi = { 0 };    backsql_entryID		e_id = { 0 };    Entry			d = { 0 }, p = { 0 }, *e = NULL;    struct berval		pdn = BER_BVNULL;    int			manageDSAit = get_manageDSAit( op );    Debug( LDAP_DEBUG_TRACE, "==>backsql_delete(): deleting entry /"%s/"/n",           op->o_req_ndn.bv_val, 0, 0 );    rs->sr_err = backsql_get_db_conn( op, &dbh );    if ( rs->sr_err != LDAP_SUCCESS ) {        Debug( LDAP_DEBUG_TRACE, "   backsql_delete(): "               "could not get connection handle - exiting/n",               0, 0, 0 );        rs->sr_text = ( rs->sr_err == LDAP_OTHER )                      ? "SQL-backend error" : NULL;        e = NULL;        goto done;    }    /*     * Get the entry     */    bsi.bsi_e = &d;    rs->sr_err = backsql_init_search( &bsi, &op->o_req_ndn,                                      LDAP_SCOPE_BASE,                                      (time_t)(-1), NULL, dbh, op, rs, slap_anlist_no_attrs,                                      ( BACKSQL_ISF_MATCHED | BACKSQL_ISF_GET_ENTRY | BACKSQL_ISF_GET_OC ) );    switch ( rs->sr_err ) {    case LDAP_SUCCESS:        break;    case LDAP_REFERRAL:        if ( manageDSAit && !BER_BVISNULL( &bsi.bsi_e->e_nname ) &&                dn_match( &op->o_req_ndn, &bsi.bsi_e->e_nname ) )        {            rs->sr_err = LDAP_SUCCESS;            rs->sr_text = NULL;            rs->sr_matched = NULL;            if ( rs->sr_ref ) {                ber_bvarray_free( rs->sr_ref );                rs->sr_ref = NULL;            }            break;        }        e = &d;    /* fallthru */    default:        Debug( LDAP_DEBUG_TRACE, "backsql_delete(): "               "could not retrieve deleteDN ID - no such entry/n",               0, 0, 0 );        if ( !BER_BVISNULL( &d.e_nname ) ) {            /* FIXME: should always be true! */            e = &d;        } else {            e = NULL;        }        goto done;    }    if ( get_assert( op ) &&            ( test_filter( op, &d, get_assertion( op ) )              != LDAP_COMPARE_TRUE ) )    {        rs->sr_err = LDAP_ASSERTION_FAILED;        e = &d;        goto done;    }    if ( !access_allowed( op, &d, slap_schema.si_ad_entry,                          NULL, ACL_WDEL, NULL ) )    {        Debug( LDAP_DEBUG_TRACE, "   backsql_delete(): "               "no write access to entry/n",               0, 0, 0 );        rs->sr_err = LDAP_INSUFFICIENT_ACCESS;        e = &d;        goto done;    }    rs->sr_err = backsql_has_children( op, dbh, &op->o_req_ndn );    switch ( rs->sr_err ) {    case LDAP_COMPARE_FALSE:        rs->sr_err = LDAP_SUCCESS;        break;    case LDAP_COMPARE_TRUE:#ifdef SLAP_CONTROL_X_TREE_DELETE        if ( get_treeDelete( op ) ) {            rs->sr_err = LDAP_SUCCESS;            break;        }//.........这里部分代码省略.........

static intnss_cf_gen(ConfigArgs *c){	slap_overinst *on = (slap_overinst *)c->bi;	nssov_info *ni = on->on_bi.bi_private;	nssov_mapinfo *mi;	int i, j, rc = 0;	slap_mask_t m;	if ( c->op == SLAP_CONFIG_EMIT ) {		switch(c->type) {		case NSS_SSD:			rc = 1;			for (i=NM_alias;i<NM_NONE;i++) {				struct berval scope;				struct berval ssd;				struct berval base;				mi = &ni->ni_maps[i];				/* ignore all-default services */				if ( mi->mi_scope == LDAP_SCOPE_DEFAULT &&					bvmatch( &mi->mi_filter, &mi->mi_filter0 ) &&					BER_BVISNULL( &mi->mi_base ))					continue;				if ( BER_BVISNULL( &mi->mi_base ))					base = ni->ni_db->be_nsuffix[0];				else					base = mi->mi_base;				ldap_pvt_scope2bv(mi->mi_scope == LDAP_SCOPE_DEFAULT ?					LDAP_SCOPE_SUBTREE : mi->mi_scope, &scope);				ssd.bv_len = STRLENOF(" ldap:///???") + nss_svcs[i].word.bv_len +					base.bv_len + scope.bv_len + mi->mi_filter.bv_len;				ssd.bv_val = ch_malloc( ssd.bv_len + 1 );				sprintf(ssd.bv_val, "%s ldap:///%s??%s?%s", nss_svcs[i].word.bv_val,					base.bv_val, scope.bv_val, mi->mi_filter.bv_val );				ber_bvarray_add( &c->rvalue_vals, &ssd );				rc = 0;			}			break;		case NSS_MAP:			rc = 1;			for (i=NM_alias;i<NM_NONE;i++) {				mi = &ni->ni_maps[i];				for (j=0;!BER_BVISNULL(&mi->mi_attrkeys[j]);j++) {					if ( ber_bvstrcasecmp(&mi->mi_attrkeys[j],						&mi->mi_attrs[j].an_name)) {						struct berval map;						map.bv_len = nss_svcs[i].word.bv_len +							mi->mi_attrkeys[j].bv_len +							mi->mi_attrs[j].an_desc->ad_cname.bv_len + 2;						map.bv_val = ch_malloc(map.bv_len + 1);						sprintf(map.bv_val, "%s %s %s", nss_svcs[i].word.bv_val,							mi->mi_attrkeys[j].bv_val, mi->mi_attrs[j].an_desc->ad_cname.bv_val );						ber_bvarray_add( &c->rvalue_vals, &map );						rc = 0;					}				}			}			break;		case NSS_PAM:			rc = mask_to_verbs( pam_opts, ni->ni_pam_opts, &c->rvalue_vals );			break;		case NSS_PAMGROUP:			if (!BER_BVISEMPTY( &ni->ni_pam_group_dn )) {				value_add_one( &c->rvalue_vals, &ni->ni_pam_group_dn );				value_add_one( &c->rvalue_nvals, &ni->ni_pam_group_dn );			} else {				rc = 1;			}			break;		case NSS_PAMSESS:			if (ni->ni_pam_sessions) {				ber_bvarray_dup_x( &c->rvalue_vals, ni->ni_pam_sessions, NULL );			} else {				rc = 1;			}			break;		}		return rc;	} else if ( c->op == LDAP_MOD_DELETE ) {		/* FIXME */		return 1;	}	switch( c->type ) {	case NSS_SSD: {		LDAPURLDesc *lud;		i = verb_to_mask(c->argv[1], nss_svcs);		if ( i == NM_NONE )			return 1;		mi = &ni->ni_maps[i];		rc = ldap_url_parse(c->argv[2], &lud);		if ( rc )			return 1;		do {//.........这里部分代码省略.........