自学教程：C++ BER_BVZERO函数代码示例

int pam_pwmod(nssov_info *ni,TFILE *fp,Operation *op){	struct berval npw;	int32_t tmpint32;	char dnc[1024];	char uidc[32];	char opwc[256];	char npwc[256];	char svcc[256];	struct paminfo pi;	int rc;	READ_STRING(fp,uidc);	pi.uid.bv_val = uidc;	pi.uid.bv_len = tmpint32;	READ_STRING(fp,dnc);	pi.dn.bv_val = dnc;	pi.dn.bv_len = tmpint32;	READ_STRING(fp,svcc);	pi.svc.bv_val = svcc;	pi.svc.bv_len = tmpint32;	READ_STRING(fp,opwc);	pi.pwd.bv_val = opwc;	pi.pwd.bv_len = tmpint32;	READ_STRING(fp,npwc);	npw.bv_val = npwc;	npw.bv_len = tmpint32;	Debug(LDAP_DEBUG_TRACE,"nssov_pam_pwmod(%s), %s/n",		pi.dn.bv_val,pi.uid.bv_val,0);	BER_BVZERO(&pi.msg);	/* This is a prelim check */	if (BER_BVISEMPTY(&pi.dn)) {		rc = pam_do_bind(ni,fp,op,&pi);		if (rc == NSLCD_PAM_IGNORE)			rc = NSLCD_PAM_SUCCESS;	} else {		BerElementBuffer berbuf;		BerElement *ber = (BerElement *)&berbuf;		struct berval bv;		SlapReply rs = {REP_RESULT};		slap_callback cb = {0};		ber_init_w_nullc(ber, LBER_USE_DER);		ber_printf(ber, "{");		if (!BER_BVISEMPTY(&pi.pwd))			ber_printf(ber, "tO", LDAP_TAG_EXOP_MODIFY_PASSWD_OLD,				&pi.pwd);		if (!BER_BVISEMPTY(&npw))			ber_printf(ber, "tO", LDAP_TAG_EXOP_MODIFY_PASSWD_NEW,				&npw);		ber_printf(ber, "N}");		ber_flatten2(ber, &bv, 0);		op->o_tag = LDAP_REQ_EXTENDED;		op->ore_reqoid = slap_EXOP_MODIFY_PASSWD;		op->ore_reqdata = &bv;		op->o_dn = pi.dn;		op->o_ndn = pi.dn;		op->o_callback = &cb;		op->o_conn->c_authz_backend = op->o_bd;		cb.sc_response = slap_null_cb;		op->o_bd = frontendDB;		rc = op->o_bd->be_extended(op, &rs);		if (rs.sr_text)			ber_str2bv(rs.sr_text, 0, 0, &pi.msg);		if (rc == LDAP_SUCCESS)			rc = NSLCD_PAM_SUCCESS;		else			rc = NSLCD_PAM_PERM_DENIED;	}	WRITE_INT32(fp,NSLCD_VERSION);	WRITE_INT32(fp,NSLCD_ACTION_PAM_PWMOD);	WRITE_INT32(fp,NSLCD_RESULT_BEGIN);	WRITE_BERVAL(fp,&pi.uid);	WRITE_BERVAL(fp,&pi.dn);	WRITE_INT32(fp,rc);	WRITE_BERVAL(fp,&pi.msg);	return 0;}

static void *slapd_rw_config( const char *fname, int lineno, int argc, char **argv ){	slapd_map_data *ret = NULL;	LDAPURLDesc *lud = NULL;	char *uri;	AttributeDescription *ad = NULL;	int rc, flen = 0;	struct berval dn, ndn;	if ( argc != 1 ) {		Debug( LDAP_DEBUG_ANY,			"[%s:%d] slapd map needs URI/n",			fname, lineno );        return NULL;	}	uri = argv[0];	if ( strncasecmp( uri, "uri=", STRLENOF( "uri=" ) ) == 0 ) {		uri += STRLENOF( "uri=" );	}	if ( ldap_url_parse( uri, &lud ) != LDAP_URL_SUCCESS ) {		Debug( LDAP_DEBUG_ANY,			"[%s:%d] illegal URI '%s'/n",			fname, lineno, uri );        return NULL;	}	if ( strcasecmp( lud->lud_scheme, "ldap" )) {		Debug( LDAP_DEBUG_ANY,			"[%s:%d] illegal URI scheme '%s'/n",			fname, lineno, lud->lud_scheme );		goto done;	}	if (( lud->lud_host && lud->lud_host[0] ) || lud->lud_exts		|| !lud->lud_dn ) {		Debug( LDAP_DEBUG_ANY,			"[%s:%d] illegal URI '%s'/n",			fname, lineno, uri );		goto done;	}	if ( lud->lud_attrs ) {		if ( lud->lud_attrs[1] ) {			Debug( LDAP_DEBUG_ANY,				"[%s:%d] only one attribute allowed in URI/n",				fname, lineno );			goto done;		}		if ( strcasecmp( lud->lud_attrs[0], "dn" ) &&			strcasecmp( lud->lud_attrs[0], "entryDN" )) {			const char *text;			rc = slap_str2ad( lud->lud_attrs[0], &ad, &text );			if ( rc )				goto done;		}	}	ber_str2bv( lud->lud_dn, 0, 0, &dn );	if ( dnNormalize( 0, NULL, NULL, &dn, &ndn, NULL ))		goto done;	if ( lud->lud_filter ) {		flen = strlen( lud->lud_filter ) + 1;	}	ret = ch_malloc( sizeof( slapd_map_data ) + flen );	ret->base = ndn;	if ( flen ) {		ret->filter.bv_val = (char *)(ret+1);		ret->filter.bv_len = flen - 1;		strcpy( ret->filter.bv_val, lud->lud_filter );	} else {		BER_BVZERO( &ret->filter );	}	ret->scope = lud->lud_scope;	if ( ad ) {		ret->attrs[0].an_name = ad->ad_cname;	} else {		BER_BVZERO( &ret->attrs[0].an_name );	}	ret->attrs[0].an_desc = ad;	BER_BVZERO( &ret->attrs[1].an_name );done:	ldap_free_urldesc( lud );	return ret;}

//.........这里部分代码省略.........					if ( mt->mt_rwmap.rwm_oc.drop_missing ) {						continue;					}					attrs[ i ]->mod_bvalues[ j ] = &a->a_vals[ j ];				} else {					attrs[ i ]->mod_bvalues[ j ] = &mapping->dst;				}				j++;			}			attrs[ i ]->mod_bvalues[ j ] = NULL;		} else {			/*			 * FIXME: dn-valued attrs should be rewritten			 * to allow their use in ACLs at the back-ldap			 * level.			 */			if ( a->a_desc->ad_type->sat_syntax ==				slap_schema.si_syn_distinguishedName )			{				(void)asyncmeta_dnattr_rewrite( &dc, a->a_vals );				if ( a->a_vals == NULL ) {					continue;				}			}			for ( j = 0; !BER_BVISNULL( &a->a_vals[ j ] ); j++ )				;			attrs[ i ]->mod_bvalues = ch_malloc( ( j + 1 ) * sizeof( struct berval * ) );			for ( j = 0; !BER_BVISNULL( &a->a_vals[ j ] ); j++ ) {				attrs[ i ]->mod_bvalues[ j ] = &a->a_vals[ j ];			}			attrs[ i ]->mod_bvalues[ j ] = NULL;		}		i++;	}	attrs[ i ] = NULL;retry:;	ctrls = op->o_ctrls;	if ( asyncmeta_controls_add( op, rs, mc, candidate, &ctrls ) != LDAP_SUCCESS )	{		candidates[ candidate ].sr_msgid = META_MSGID_IGNORE;		retcode = META_SEARCH_ERR;		goto done;	}	ber = ldap_build_add_req( msc->msc_ld, mdn.bv_val, attrs, ctrls, NULL, &msgid);	if (ber) {		candidates[ candidate ].sr_msgid = msgid;		rc = ldap_send_initial_request( msc->msc_ld, LDAP_REQ_ADD,						mdn.bv_val, ber, msgid );		if (rc == msgid)			rc = LDAP_SUCCESS;		else			rc = LDAP_SERVER_DOWN;		switch ( rc ) {		case LDAP_SUCCESS:			retcode = META_SEARCH_CANDIDATE;			asyncmeta_set_msc_time(msc);			break;		case LDAP_SERVER_DOWN:			ldap_pvt_thread_mutex_lock( &mc->mc_om_mutex);			asyncmeta_clear_one_msc(NULL, mc, candidate);			ldap_pvt_thread_mutex_unlock( &mc->mc_om_mutex);			if ( nretries && asyncmeta_retry( op, rs, &mc, candidate, LDAP_BACK_DONTSEND ) ) {				nretries = 0;				/* if the identity changed, there might be need to re-authz */				(void)mi->mi_ldap_extra->controls_free( op, rs, &ctrls );				goto retry;			}		default:			candidates[ candidate ].sr_msgid = META_MSGID_IGNORE;			retcode = META_SEARCH_ERR;		}	}done:	(void)mi->mi_ldap_extra->controls_free( op, rs, &ctrls );	for ( --i; i >= 0; --i ) {		free( attrs[ i ]->mod_bvalues );		free( attrs[ i ] );	}	free( attrs );	if ( mdn.bv_val != op->ora_e->e_dn ) {		free( mdn.bv_val );		BER_BVZERO( &mdn );	}doreturn:;	Debug( LDAP_DEBUG_TRACE, "%s <<< asyncmeta_back_add_start[%p]=%d/n", op->o_log_prefix, msc, candidates[candidate].sr_msgid );	return retcode;}

static int objectSubClassIndexer( 	slap_mask_t use,	slap_mask_t mask,	Syntax *syntax,	MatchingRule *mr,	struct berval *prefix,	BerVarray values,	BerVarray *keysp,	void *ctx ){	int rc, noc, i;	BerVarray ocvalues;	ObjectClass **socs;		for( noc=0; values[noc].bv_val != NULL; noc++ ) {		/* just count em */;	}	/* over allocate */	socs = slap_sl_malloc( (noc+16) * sizeof( ObjectClass * ), ctx );	/* initialize */	for( i=0; i<noc; i++ ) {		socs[i] = oc_bvfind( &values[i] );	}	/* expand values */	for( i=0; i<noc; i++ ) {		int j;		ObjectClass *oc = socs[i];		if( oc == NULL || oc->soc_sups == NULL ) continue;				for( j=0; oc->soc_sups[j] != NULL; j++ ) {			int found = 0;			ObjectClass *sup = oc->soc_sups[j];			int k;			for( k=0; k<noc; k++ ) {				if( sup == socs[k] ) {					found++;					break;				}			}			if( !found ) {				socs = slap_sl_realloc( socs,					sizeof( ObjectClass * ) * (noc+2), ctx );				assert( k == noc );				socs[noc++] = sup;			}		}	}	ocvalues = slap_sl_malloc( sizeof( struct berval ) * (noc+1), ctx );	/* copy values */	for( i=0; i<noc; i++ ) {		if ( socs[i] )			ocvalues[i] = socs[i]->soc_cname;		else			ocvalues[i] = values[i];	}	BER_BVZERO( &ocvalues[i] );	rc = octetStringIndexer( use, mask, syntax, mr,		prefix, ocvalues, keysp, ctx );	slap_sl_free( ocvalues, ctx );	slap_sl_free( socs, ctx );	return rc;}

static intslap_auxprop_store(	void *glob_context,	sasl_server_params_t *sparams,	struct propctx *prctx,	const char *user,	unsigned ulen){	Operation op = {0};	Opheader oph;	SlapReply rs = {REP_RESULT};	int rc, i;	unsigned j;	Connection *conn = NULL;	const struct propval *pr;	Modifications *modlist = NULL, **modtail = &modlist, *mod;	slap_callback cb = { NULL, slap_null_cb, NULL, NULL };	char textbuf[SLAP_TEXT_BUFLEN];	const char *text;	size_t textlen = sizeof(textbuf);	/* just checking if we are enabled */	if (!prctx) return SASL_OK;	if (!sparams || !user) return SASL_BADPARAM;	pr = sparams->utils->prop_get( sparams->propctx );	/* Find our DN and conn first */	for( i = 0; pr[i].name; i++ ) {		if ( pr[i].name[0] == '*' ) {			if ( !strcmp( pr[i].name, slap_propnames[SLAP_SASL_PROP_CONN] ) ) {				if ( pr[i].values && pr[i].values[0] )					AC_MEMCPY( &conn, pr[i].values[0], sizeof( conn ) );				continue;			}			if ( !strcmp( pr[i].name, slap_propnames[SLAP_SASL_PROP_AUTHCLEN] )) {				if ( pr[i].values && pr[i].values[0] )					AC_MEMCPY( &op.o_req_ndn.bv_len, pr[i].values[0],						sizeof( op.o_req_ndn.bv_len ) );			} else if ( !strcmp( pr[i].name, slap_propnames[SLAP_SASL_PROP_AUTHC] ) ) {				if ( pr[i].values )					op.o_req_ndn.bv_val = (char *)pr[i].values[0];			}		}	}	if (!conn || !op.o_req_ndn.bv_val) return SASL_BADPARAM;	op.o_bd = select_backend( &op.o_req_ndn, 1 );	if ( !op.o_bd || !op.o_bd->bd_info->bi_op_modify ) return SASL_FAIL;	pr = sparams->utils->prop_get( prctx );	if (!pr) return SASL_BADPARAM;	for (i=0; pr[i].name; i++);	if (!i) return SASL_BADPARAM;	for (i=0; pr[i].name; i++) {		mod = (Modifications *)ch_malloc( sizeof(Modifications) );		mod->sml_op = LDAP_MOD_REPLACE;		mod->sml_flags = 0;		ber_str2bv( pr[i].name, 0, 0, &mod->sml_type );		mod->sml_numvals = pr[i].nvalues;		mod->sml_values = (struct berval *)ch_malloc( (pr[i].nvalues + 1) *			sizeof(struct berval));		for (j=0; j<pr[i].nvalues; j++) {			ber_str2bv( pr[i].values[j], 0, 1, &mod->sml_values[j]);		}		BER_BVZERO( &mod->sml_values[j] );		mod->sml_nvalues = NULL;		mod->sml_desc = NULL;		*modtail = mod;		modtail = &mod->sml_next;	}	*modtail = NULL;	rc = slap_mods_check( &op, modlist, &text, textbuf, textlen, NULL );	if ( rc == LDAP_SUCCESS ) {		rc = slap_mods_no_user_mod_check( &op, modlist,			&text, textbuf, textlen );		if ( rc == LDAP_SUCCESS ) {			if ( conn->c_sasl_bindop ) {				op.o_hdr = conn->c_sasl_bindop->o_hdr;			} else {				op.o_hdr = &oph;				memset( &oph, 0, sizeof(oph) );				operation_fake_init( conn, &op, ldap_pvt_thread_pool_context(), 0 );			}			op.o_tag = LDAP_REQ_MODIFY;			op.o_ndn = op.o_req_ndn;			op.o_callback = &cb;			slap_op_time( &op.o_time, &op.o_tincr );			op.o_do_not_cache = 1;			op.o_is_auth_check = 1;			op.o_req_dn = op.o_req_ndn;			op.orm_modlist = modlist;//.........这里部分代码省略.........

//.........这里部分代码省略.........				rc = ldap_parse_result( msc->msc_ld, res, &rs->sr_err,						&matched, &text, &refs, &ctrls, 1 );				res = NULL;				if ( rc == LDAP_SUCCESS ) {					rs->sr_text = text;				} else {					rs->sr_err = rc;				}				rs->sr_err = slap_map_api2result( rs );				/* RFC 4511: referrals can only appear				 * if result code is LDAP_REFERRAL */				if ( refs != NULL					&& refs[ 0 ] != NULL					&& refs[ 0 ][ 0 ] != '/0' )				{					if ( rs->sr_err != LDAP_REFERRAL ) {						Debug( LDAP_DEBUG_ANY,							"%s asyncmeta_back_op_result[%d]: "							"got referrals with err=%d/n",							op->o_log_prefix,							candidate, rs->sr_err );					} else {						int	i;						for ( i = 0; refs[ i ] != NULL; i++ )							/* count */ ;						rs->sr_ref = op->o_tmpalloc( sizeof( struct berval ) * ( i + 1 ),							op->o_tmpmemctx );						for ( i = 0; refs[ i ] != NULL; i++ ) {							ber_str2bv( refs[ i ], 0, 0, &rs->sr_ref[ i ] );						}						BER_BVZERO( &rs->sr_ref[ i ] );					}				} else if ( rs->sr_err == LDAP_REFERRAL ) {					Debug( LDAP_DEBUG_ANY,						"%s asyncmeta_back_op_result[%d]: "						"got err=%d with null "						"or empty referrals/n",						op->o_log_prefix,						candidate, rs->sr_err );					rs->sr_err = LDAP_NO_SUCH_OBJECT;				}				if ( ctrls != NULL ) {					rs->sr_ctrls = ctrls;				}			}			assert( res == NULL );		}		/* if the error in the reply structure is not		 * LDAP_SUCCESS, try to map it from client		 * to server error */		if ( !LDAP_ERR_OK( rs->sr_err ) ) {			rs->sr_err = slap_map_api2result( rs );			/* internal ops ( op->o_conn == NULL )			 * must not reply to client */			if ( op->o_conn && !op->o_do_not_cache && matched ) {				/* record the (massaged) matched

//.........这里部分代码省略.........	if ( ber_bvcmp( &aci_bv[ ACI_BV_PUBLIC ], &type ) == 0 ) {		return 1;	}		/* otherwise require an identity */	if ( BER_BVISNULL( &op->o_ndn ) || BER_BVISEMPTY( &op->o_ndn ) ) {		return 0;	}	/* see if we have a users access */	if ( ber_bvcmp( &aci_bv[ ACI_BV_USERS ], &type ) == 0 ) {		return 1;	}		/* NOTE: this may fail if a DN contains a valid '#' (unescaped);	 * just grab all the berval up to its end (ITS#3303).	 * NOTE: the problem could be solved by providing the DN with	 * the embedded '#' encoded as hexpairs: "cn=Foo#Bar" would 	 * become "cn=Foo/23Bar" and be safely used by aci_mask(). */#if 0	if ( acl_get_part( aci, 4, '#', &sdn ) < 0 ) {		return 0;	}#endif	sdn.bv_val = type.bv_val + type.bv_len + STRLENOF( "#" );	sdn.bv_len = aci->bv_len - ( sdn.bv_val - aci->bv_val );	/* get the type options, if any */	if ( acl_get_part( &type, 1, '/', &opts ) > 0 ) {		opts.bv_len = type.bv_len - ( opts.bv_val - type.bv_val );		type.bv_len = opts.bv_val - type.bv_val - 1;	} else {		BER_BVZERO( &opts );	}	if ( ber_bvcmp( &aci_bv[ ACI_BV_ACCESS_ID ], &type ) == 0 ) {		return dn_match( &op->o_ndn, &sdn );	} else if ( ber_bvcmp( &aci_bv[ ACI_BV_SUBTREE ], &type ) == 0 ) {		return dnIsSuffix( &op->o_ndn, &sdn );	} else if ( ber_bvcmp( &aci_bv[ ACI_BV_ONELEVEL ], &type ) == 0 ) {		struct berval pdn;				dnParent( &sdn, &pdn );		return dn_match( &op->o_ndn, &pdn );	} else if ( ber_bvcmp( &aci_bv[ ACI_BV_CHILDREN ], &type ) == 0 ) {		return ( !dn_match( &op->o_ndn, &sdn ) && dnIsSuffix( &op->o_ndn, &sdn ) );	} else if ( ber_bvcmp( &aci_bv[ ACI_BV_SELF ], &type ) == 0 ) {		return dn_match( &op->o_ndn, &e->e_nname );	} else if ( ber_bvcmp( &aci_bv[ ACI_BV_DNATTR ], &type ) == 0 ) {		Attribute		*at;		AttributeDescription	*ad = NULL;		const char		*text;		rc = slap_bv2ad( &sdn, &ad, &text );		assert( rc == LDAP_SUCCESS );		rc = 0;		for ( at = attrs_find( e->e_attrs, ad );				at != NULL;

//.........这里部分代码省略.........			SF_PUSH( '/' );			break;		default:			if ( !AD_LEADCHAR( c ) ) {				SF_ERROR( syntax );			}			filter--;			for ( len = 1;				( c = filter[ len ] ) && AD_CHAR( c );				len++ )			{				/* count */				if ( c == '-' && !AD_CHAR( filter[ len + 1 ] ) ) {					break;				}			}			if ( len == 4				&& memcmp( "this", filter, len ) == 0 )			{				assert( !BER_BVISNULL( target ) );				if ( ( SF_TOP() == (void *)'/' ) || IS_SET( SF_TOP() ) ) {					SF_ERROR( syntax );				}				set = cp->set_op->o_tmpcalloc( 2, sizeof( struct berval ),						cp->set_op->o_tmpmemctx );				if ( set == NULL ) {					SF_ERROR( memory );				}				ber_dupbv_x( set, target, cp->set_op->o_tmpmemctx );				if ( BER_BVISNULL( set ) ) {					SF_ERROR( memory );				}				BER_BVZERO( &set[ 1 ] );							} else if ( len == 4				&& memcmp( "user", filter, len ) == 0 ) 			{				if ( ( SF_TOP() == (void *)'/' ) || IS_SET( SF_TOP() ) ) {					SF_ERROR( syntax );				}				if ( BER_BVISNULL( user ) ) {					SF_ERROR( memory );				}				set = cp->set_op->o_tmpcalloc( 2, sizeof( struct berval ),						cp->set_op->o_tmpmemctx );				if ( set == NULL ) {					SF_ERROR( memory );				}				ber_dupbv_x( set, user, cp->set_op->o_tmpmemctx );				BER_BVZERO( &set[ 1 ] );							} else if ( SF_TOP() != (void *)'/' ) {				SF_ERROR( syntax );			} else {				struct berval		fb2;				AttributeDescription	*ad = NULL;				const char		*text = NULL;				SF_POP();				fb2.bv_val = filter;				fb2.bv_len = len;				if ( slap_bv2ad( &fb2, &ad, &text ) != LDAP_SUCCESS ) {					SF_ERROR( syntax );

//.........这里部分代码省略.........				ldap_pvt_thread_mutex_lock( &slapd_rq.rq_mutex );				if ( ldap_pvt_runqueue_isrunning( &slapd_rq, re ) )					ldap_pvt_runqueue_stoptask( &slapd_rq, re );				ldap_pvt_runqueue_remove( &slapd_rq, re );				ldap_pvt_thread_mutex_unlock( &slapd_rq.rq_mutex );			}			bdb->bi_txn_cp = 0;			break;		case BDB_CONFIG:			if ( c->valx < 0 ) {				ber_bvarray_free( bdb->bi_db_config );				bdb->bi_db_config = NULL;			} else {				int i = c->valx;				ch_free( bdb->bi_db_config[i].bv_val );				for (; bdb->bi_db_config[i].bv_val; i++)					bdb->bi_db_config[i] = bdb->bi_db_config[i+1];			}			bdb->bi_flags |= BDB_UPD_CONFIG|BDB_RE_OPEN;			c->cleanup = bdb_cf_cleanup;			break;		/* Doesn't really make sense to change these on the fly;		 * the entire DB must be dumped and reloaded		 */		case BDB_CRYPTFILE:			if ( bdb->bi_db_crypt_file ) {				ch_free( bdb->bi_db_crypt_file );				bdb->bi_db_crypt_file = NULL;			}			/* FALLTHRU */		case BDB_CRYPTKEY:			if ( !BER_BVISNULL( &bdb->bi_db_crypt_key )) {				ch_free( bdb->bi_db_crypt_key.bv_val );				BER_BVZERO( &bdb->bi_db_crypt_key );			}			break;		case BDB_DIRECTORY:			bdb->bi_flags |= BDB_RE_OPEN;			bdb->bi_flags ^= BDB_HAS_CONFIG;			ch_free( bdb->bi_dbenv_home );			bdb->bi_dbenv_home = NULL;			ch_free( bdb->bi_db_config_path );			bdb->bi_db_config_path = NULL;			c->cleanup = bdb_cf_cleanup;			ldap_pvt_thread_pool_purgekey( bdb->bi_dbenv );			break;		case BDB_NOSYNC:			bdb->bi_dbenv->set_flags( bdb->bi_dbenv, DB_TXN_NOSYNC, 0 );			break;		case BDB_CHECKSUM:			bdb->bi_flags &= ~BDB_CHKSUM;			break;		case BDB_INDEX:			if ( c->valx == -1 ) {				int i;				/* delete all (FIXME) */				for ( i = 0; i < bdb->bi_nattrs; i++ ) {					bdb->bi_attrs[i]->ai_indexmask |= BDB_INDEX_DELETING;				}				bdb->bi_flags |= BDB_DEL_INDEX;				c->cleanup = bdb_cf_cleanup;			} else {				struct berval bv, def = BER_BVC("default");				char *ptr;

/* Join two sets according to operator op and flags op_flags. * op can be: *	'|' (or):	the union between the two sets is returned, *		 	eliminating duplicates *	'&' (and):	the intersection between the two sets *			is returned *	'+' (add):	the inner product of the two sets is returned, *			namely a set containing the concatenation of *			all combinations of the two sets members, *			except for duplicates. * The two sets are disposed of according to the flags as described * for slap_set_dispose(). */BerVarrayslap_set_join(	SetCookie	*cp,	BerVarray	lset,	unsigned	op_flags,	BerVarray	rset ){	BerVarray	set;	long		i, j, last, rlast;	unsigned	op = ( op_flags & SLAP_SET_OPMASK );	set = NULL;	switch ( op ) {	case '|':	/* union */		if ( lset == NULL || BER_BVISNULL( &lset[ 0 ] ) ) {			if ( rset == NULL ) {				if ( lset == NULL ) {					set = cp->set_op->o_tmpcalloc( 1,							sizeof( struct berval ),							cp->set_op->o_tmpmemctx );					BER_BVZERO( &set[ 0 ] );					goto done2;				}				set = set_dup( cp, lset, SLAP_SET_LREF2REF( op_flags ) );				goto done2;			}			slap_set_dispose( cp, lset, SLAP_SET_LREF2REF( op_flags ) );			set = set_dup( cp, rset, SLAP_SET_RREF2REF( op_flags ) );			goto done2;		}		if ( rset == NULL || BER_BVISNULL( &rset[ 0 ] ) ) {			slap_set_dispose( cp, rset, SLAP_SET_RREF2REF( op_flags ) );			set = set_dup( cp, lset, SLAP_SET_LREF2REF( op_flags ) );			goto done2;		}		/* worst scenario: no duplicates */		rlast = slap_set_size( rset );		i = slap_set_size( lset ) + rlast + 1;		set = cp->set_op->o_tmpcalloc( i, sizeof( struct berval ), cp->set_op->o_tmpmemctx );		if ( set != NULL ) {			/* set_chase() depends on this routine to			 * keep the first elements of the result			 * set the same (and in the same order)			 * as the left-set.			 */			for ( i = 0; !BER_BVISNULL( &lset[ i ] ); i++ ) {				if ( op_flags & SLAP_SET_LREFVAL ) {					ber_dupbv_x( &set[ i ], &lset[ i ], cp->set_op->o_tmpmemctx );				} else {					set[ i ] = lset[ i ];				}			}			/* pointers to values have been used in set - don't free twice */			op_flags |= SLAP_SET_LREFVAL;			last = i;			for ( i = 0; !BER_BVISNULL( &rset[ i ] ); i++ ) {				int	exists = 0;				for ( j = 0; !BER_BVISNULL( &set[ j ] ); j++ ) {					if ( bvmatch( &rset[ i ], &set[ j ] ) )					{						if ( !( op_flags & SLAP_SET_RREFVAL ) ) {							cp->set_op->o_tmpfree( rset[ i ].bv_val, cp->set_op->o_tmpmemctx );							rset[ i ] = rset[ --rlast ];							BER_BVZERO( &rset[ rlast ] );							i--;						}						exists = 1;						break;					}				}				if ( !exists ) {					if ( op_flags & SLAP_SET_RREFVAL ) {						ber_dupbv_x( &set[ last ], &rset[ i ], cp->set_op->o_tmpmemctx );					} else {						set[ last ] = rset[ i ];					}					last++;				}			}//.........这里部分代码省略.........

static BerVarrayset_parents( SetCookie *cp, BerVarray set ){	int		i, j, last;	struct berval	bv, pbv;	BerVarray	nset, vals;	if ( set == NULL ) {		set = cp->set_op->o_tmpcalloc( 1, sizeof( struct berval ),				cp->set_op->o_tmpmemctx );		if ( set != NULL ) {			BER_BVZERO( &set[ 0 ] );		}		return set;	}	if ( BER_BVISNULL( &set[ 0 ] ) ) {		return set;	}	nset = cp->set_op->o_tmpcalloc( 1, sizeof( struct berval ), cp->set_op->o_tmpmemctx );	if ( nset == NULL ) {		ber_bvarray_free_x( set, cp->set_op->o_tmpmemctx );		return NULL;	}	BER_BVZERO( &nset[ 0 ] );	for ( i = 0; !BER_BVISNULL( &set[ i ] ); i++ ) {		int	level = 1;		pbv = bv = set[ i ];		for ( ; !BER_BVISEMPTY( &pbv ); dnParent( &bv, &pbv ) ) {			level++;			bv = pbv;		}		vals = cp->set_op->o_tmpcalloc( level + 1, sizeof( struct berval ), cp->set_op->o_tmpmemctx );		if ( vals == NULL ) {			ber_bvarray_free_x( set, cp->set_op->o_tmpmemctx );			ber_bvarray_free_x( nset, cp->set_op->o_tmpmemctx );			return NULL;		}		BER_BVZERO( &vals[ 0 ] );		last = 0;		bv = set[ i ];		for ( j = 0 ; j < level ; j++ ) {			ber_dupbv_x( &vals[ last ], &bv, cp->set_op->o_tmpmemctx );			last++;			dnParent( &bv, &bv );		}		BER_BVZERO( &vals[ last ] );		nset = slap_set_join( cp, nset, '|', vals );	}	ber_bvarray_free_x( set, cp->set_op->o_tmpmemctx );	return nset;}

//.........这里部分代码省略.........			"%s (%d)/n", db_strerror(rs->sr_err), rs->sr_err );		switch( rs->sr_err ) {		case DB_LOCK_DEADLOCK:		case DB_LOCK_NOTGRANTED:			goto retry;		}		rs->sr_text = "DN index delete failed";		rs->sr_err = LDAP_OTHER;		goto return_results;	}	/* delete indices for old attributes */	rs->sr_err = bdb_index_entry_del( op, lt2, e );	if ( rs->sr_err != LDAP_SUCCESS ) {		Debug(LDAP_DEBUG_TRACE,			"<=- " LDAP_XSTRING(bdb_delete) ": index failed: "			"%s (%d)/n", db_strerror(rs->sr_err), rs->sr_err );		switch( rs->sr_err ) {		case DB_LOCK_DEADLOCK:		case DB_LOCK_NOTGRANTED:			goto retry;		}		rs->sr_text = "entry index delete failed";		rs->sr_err = LDAP_OTHER;		goto return_results;	}	/* fixup delete CSN */	if ( !SLAP_SHADOW( op->o_bd )) {		struct berval vals[2];		assert( !BER_BVISEMPTY( &op->o_csn ) );		vals[0] = op->o_csn;		BER_BVZERO( &vals[1] );		rs->sr_err = bdb_index_values( op, lt2, slap_schema.si_ad_entryCSN,			vals, 0, SLAP_INDEX_ADD_OP );		if ( rs->sr_err != LDAP_SUCCESS ) {			switch( rs->sr_err ) {			case DB_LOCK_DEADLOCK:			case DB_LOCK_NOTGRANTED:				goto retry;			}			rs->sr_text = "entryCSN index update failed";			rs->sr_err = LDAP_OTHER;			goto return_results;		}	}	/* delete from id2entry */	rs->sr_err = bdb_id2entry_delete( op->o_bd, lt2, e );	if ( rs->sr_err != 0 ) {		Debug( LDAP_DEBUG_TRACE,			"<=- " LDAP_XSTRING(bdb_delete) ": id2entry failed: "			"%s (%d)/n", db_strerror(rs->sr_err), rs->sr_err );		switch( rs->sr_err ) {		case DB_LOCK_DEADLOCK:		case DB_LOCK_NOTGRANTED:			goto retry;		}		rs->sr_text = "entry delete failed";		rs->sr_err = LDAP_OTHER;		goto return_results;	}	if ( pdn.bv_len != 0 ) {		parent_is_glue = is_entry_glue(p);

//.........这里部分代码省略.........		} else if ( pb->pb_op->o_tag == LDAP_REQ_ADD ) {			mlp = &pb->pb_op->ora_modlist;		} else if ( pb->pb_op->o_tag == LDAP_REQ_MODRDN ) {			mlp = &pb->pb_op->orr_modlist;		} else {			break;		}		newmods = slapi_int_ldapmods2modifications( pb->pb_op, (LDAPMod **)value );		if ( newmods != NULL ) {			slap_mods_free( *mlp, 1 );			*mlp = newmods;		}		break;	}	case SLAPI_MODRDN_NEWRDN:		PBLOCK_ASSERT_OP( pb, 0 );		PBLOCK_VALIDATE_IS_INTOP( pb );		if ( pb->pb_op->o_tag == LDAP_REQ_MODRDN ) {			rc = pblock_set_dn( value, &pb->pb_op->orr_newrdn, &pb->pb_op->orr_nnewrdn, pb->pb_op->o_tmpmemctx );			if ( rc == LDAP_SUCCESS )				rc = rdn_validate( &pb->pb_op->orr_nnewrdn );		} else {			rc = PBLOCK_ERROR;		}		break;	case SLAPI_MODRDN_NEWSUPERIOR:		PBLOCK_ASSERT_OP( pb, 0 );		PBLOCK_VALIDATE_IS_INTOP( pb );		if ( pb->pb_op->o_tag == LDAP_REQ_MODRDN ) {			if ( value == NULL ) {				if ( pb->pb_op->orr_newSup != NULL ) {					pb->pb_op->o_tmpfree( pb->pb_op->orr_newSup, pb->pb_op->o_tmpmemctx );					BER_BVZERO( pb->pb_op->orr_newSup );					pb->pb_op->orr_newSup = NULL;				}				if ( pb->pb_op->orr_newSup != NULL ) {					pb->pb_op->o_tmpfree( pb->pb_op->orr_nnewSup, pb->pb_op->o_tmpmemctx );					BER_BVZERO( pb->pb_op->orr_nnewSup );					pb->pb_op->orr_nnewSup = NULL;				}			} else {				if ( pb->pb_op->orr_newSup == NULL ) {					pb->pb_op->orr_newSup = (struct berval *)pb->pb_op->o_tmpalloc(						sizeof(struct berval), pb->pb_op->o_tmpmemctx );					BER_BVZERO( pb->pb_op->orr_newSup );				}				if ( pb->pb_op->orr_nnewSup == NULL ) {					pb->pb_op->orr_nnewSup = (struct berval *)pb->pb_op->o_tmpalloc(						sizeof(struct berval), pb->pb_op->o_tmpmemctx );					BER_BVZERO( pb->pb_op->orr_nnewSup );				}				rc = pblock_set_dn( value, pb->pb_op->orr_newSup, pb->pb_op->orr_nnewSup, pb->pb_op->o_tmpmemctx );			}		} else {			rc = PBLOCK_ERROR;		}		break;	case SLAPI_MODRDN_DELOLDRDN:		PBLOCK_ASSERT_OP( pb, 0 );		PBLOCK_VALIDATE_IS_INTOP( pb );		if ( pb->pb_op->o_tag == LDAP_REQ_MODRDN )			pb->pb_op->orr_deleteoldrdn = *((int *)value);		else			rc = PBLOCK_ERROR;		break;

voidslap_op_free( Operation *op, void *ctx ){	OperationBuffer *opbuf;	assert( LDAP_STAILQ_NEXT(op, o_next) == NULL );	if ( op->o_ber != NULL ) {		ber_free( op->o_ber, 1 );	}	if ( !BER_BVISNULL( &op->o_dn ) ) {		ch_free( op->o_dn.bv_val );	}	if ( !BER_BVISNULL( &op->o_ndn ) ) {		ch_free( op->o_ndn.bv_val );	}	if ( !BER_BVISNULL( &op->o_authmech ) ) {		ch_free( op->o_authmech.bv_val );	}	if ( op->o_ctrls != NULL ) {		slap_free_ctrls( op, op->o_ctrls );	}#ifdef LDAP_CONNECTIONLESS	if ( op->o_res_ber != NULL ) {		ber_free( op->o_res_ber, 1 );	}#endif	if ( op->o_groups ) {		slap_op_groups_free( op );	}#if defined( LDAP_SLAPI )	if ( slapi_plugins_used ) {		slapi_int_free_object_extensions( SLAPI_X_EXT_OPERATION, op );	}#endif /* defined( LDAP_SLAPI ) */	if ( !BER_BVISNULL( &op->o_csn ) ) {		op->o_tmpfree( op->o_csn.bv_val, op->o_tmpmemctx );		BER_BVZERO( &op->o_csn );	}	if ( op->o_pagedresults_state != NULL ) {		op->o_tmpfree( op->o_pagedresults_state, op->o_tmpmemctx );		op->o_pagedresults_state = NULL;	}	opbuf = (OperationBuffer *) op;	memset( opbuf, 0, sizeof(*opbuf) );	op->o_hdr = &opbuf->ob_hdr;	op->o_controls = opbuf->ob_controls;	if ( ctx ) {		void *op2 = NULL;		ldap_pvt_thread_pool_setkey( ctx, (void *)slap_op_free,			op, slap_op_q_destroy, &op2, NULL );		LDAP_STAILQ_NEXT( op, o_next ) = op2;	} else {		ber_memfree_x( op, NULL );	}}

/* * asyncmeta_back_single_dobind */intasyncmeta_back_single_dobind(	Operation		*op,	SlapReply		*rs,	a_metaconn_t		**mcp,	int			candidate,	ldap_back_send_t	sendok,	int			nretries,	int			dolock ){	a_metaconn_t		*mc = *mcp;	a_metainfo_t		*mi = mc->mc_info;	a_metatarget_t		*mt = mi->mi_targets[ candidate ];	a_metasingleconn_t	*msc = &mc->mc_conns[ candidate ];	int			msgid;	assert( !LDAP_BACK_CONN_ISBOUND( msc ) );	if ( op->o_conn != NULL &&		!op->o_do_not_cache &&		( BER_BVISNULL( &msc->msc_bound_ndn ) ||			BER_BVISEMPTY( &msc->msc_bound_ndn ) ||			( LDAP_BACK_CONN_ISPRIV( mc ) && dn_match( &msc->msc_bound_ndn, &mt->mt_idassert_authcDN ) ) ||			( mt->mt_idassert_flags & LDAP_BACK_AUTH_OVERRIDE ) ) )	{		(void)asyncmeta_proxy_authz_bind( mc, candidate, op, rs, sendok, dolock );	} else {		char *binddn = "";		struct berval cred = BER_BVC( "" );		/* use credentials if available */		if ( !BER_BVISNULL( &msc->msc_bound_ndn )			&& !BER_BVISNULL( &msc->msc_cred ) )		{			binddn = msc->msc_bound_ndn.bv_val;			cred = msc->msc_cred;		}		for (;;) {			rs->sr_err = ldap_sasl_bind( msc->msc_ld,				binddn, LDAP_SASL_SIMPLE, &cred,				NULL, NULL, &msgid );			if ( rs->sr_err != LDAP_X_CONNECTING ) {				break;			}			ldap_pvt_thread_yield();		}		rs->sr_err = asyncmeta_bind_op_result( op, rs, mc, candidate, msgid, sendok, dolock );		/* if bind succeeded, but anonymous, clear msc_bound_ndn */		if ( rs->sr_err != LDAP_SUCCESS || binddn[0] == '/0' ) {			if ( !BER_BVISNULL( &msc->msc_bound_ndn ) ) {				ber_memfree( msc->msc_bound_ndn.bv_val );				BER_BVZERO( &msc->msc_bound_ndn );			}			if ( !BER_BVISNULL( &msc->msc_cred ) ) {				memset( msc->msc_cred.bv_val, 0, msc->msc_cred.bv_len );				ber_memfree( msc->msc_cred.bv_val );				BER_BVZERO( &msc->msc_cred );			}		}	}	if ( META_BACK_TGT_QUARANTINE( mt ) ) {		asyncmeta_quarantine( op, mi, rs, candidate );	}	return rs->sr_err;}

int slap_bv2ad(    struct berval *bv,    AttributeDescription **ad,    const char **text ){    int rtn = LDAP_UNDEFINED_TYPE;    AttributeDescription desc, *d2;    char *name, *options, *optn;    char *opt, *next;    int ntags;    int tagslen;    /* hardcoded limits for speed */#define MAX_TAGGING_OPTIONS 128    struct berval tags[MAX_TAGGING_OPTIONS+1];#define MAX_TAGS_LEN 1024    char tagbuf[MAX_TAGS_LEN];    assert( ad != NULL );    assert( *ad == NULL ); /* temporary */    if( bv == NULL || BER_BVISNULL( bv ) || BER_BVISEMPTY( bv ) ) {        *text = "empty AttributeDescription";        return rtn;    }    /* make sure description is IA5 */    if( ad_keystring( bv ) ) {        *text = "AttributeDescription contains inappropriate characters";        return rtn;    }    /* find valid base attribute type; parse in place */    desc.ad_cname = *bv;    desc.ad_flags = 0;    BER_BVZERO( &desc.ad_tags );    name = bv->bv_val;    options = ber_bvchr( bv, ';' );    if ( options != NULL && (unsigned) ( options - name ) < bv->bv_len ) {        /* don't go past the end of the berval! */        desc.ad_cname.bv_len = options - name;    } else {        options = NULL;    }    desc.ad_type = at_bvfind( &desc.ad_cname );    if( desc.ad_type == NULL ) {        *text = "attribute type undefined";        return rtn;    }    if( is_at_operational( desc.ad_type ) && options != NULL ) {        *text = "operational attribute with options undefined";        return rtn;    }    /*     * parse options in place     */    ntags = 0;    tagslen = 0;    optn = bv->bv_val + bv->bv_len;    for( opt=options; opt != NULL; opt=next ) {        int optlen;        opt++;        next = strchrlen( opt, optn, ';', &optlen );        if( optlen == 0 ) {            *text = "zero length option is invalid";            return rtn;        } else if ( optlen == STRLENOF("binary") &&                    strncasecmp( opt, "binary", STRLENOF("binary") ) == 0 )        {            /* binary option */            if( slap_ad_is_binary( &desc ) ) {                *text = "option /"binary/" specified multiple times";                return rtn;            }            if( !slap_syntax_is_binary( desc.ad_type->sat_syntax )) {                /* not stored in binary, disallow option */                *text = "option /"binary/" not supported with type";                return rtn;            }            desc.ad_flags |= SLAP_DESC_BINARY;            continue;        } else if ( ad_find_option_definition( opt, optlen ) ) {            int i;            if( opt[optlen-1] == '-' ||                    ( opt[optlen-1] == '=' && msad_range_hack )) {                desc.ad_flags |= SLAP_DESC_TAG_RANGE;            }            if( ntags >= MAX_TAGGING_OPTIONS ) {                *text = "too many tagging options";                return rtn;//.........这里部分代码省略.........

//.........这里部分代码省略.........		/*		 * Skip non-candidates		 */		if ( !META_IS_CANDIDATE( &candidates[ i ] ) ) {			continue;		}		if ( gotit == 0 ) {			/* set rc to LDAP_SUCCESS only if at least			 * one candidate has been tried */			rc = LDAP_SUCCESS;			gotit = 1;		} else if ( !isroot ) {			/*			 * A bind operation is expected to have			 * ONE CANDIDATE ONLY!			 */			Debug( LDAP_DEBUG_ANY,				"### %s asyncmeta_back_bind: more than one"				" candidate selected.../n",				op->o_log_prefix, 0, 0 );		}		if ( isroot ) {			if ( mt->mt_idassert_authmethod == LDAP_AUTH_NONE				|| BER_BVISNULL( &mt->mt_idassert_authcDN ) )			{				a_metasingleconn_t	*msc = &mc->mc_conns[ i ];				if ( !BER_BVISNULL( &msc->msc_bound_ndn ) ) {					ch_free( msc->msc_bound_ndn.bv_val );					BER_BVZERO( &msc->msc_bound_ndn );				}				if ( !BER_BVISNULL( &msc->msc_cred ) ) {					/* destroy sensitive data */					memset( msc->msc_cred.bv_val, 0,						msc->msc_cred.bv_len );					ch_free( msc->msc_cred.bv_val );					BER_BVZERO( &msc->msc_cred );				}				continue;			}			(void)asyncmeta_proxy_authz_bind( mc, i, op, rs, LDAP_BACK_DONTSEND, 1 );			lerr = rs->sr_err;		} else {			lerr = asyncmeta_single_bind( op, rs, mc, i );		}		if ( lerr != LDAP_SUCCESS ) {			rc = rs->sr_err = lerr;			/* FIXME: in some cases (e.g. unavailable)			 * do not assume it's not candidate; rather			 * mark this as an error to be eventually			 * reported to client */			META_CANDIDATE_CLEAR( &candidates[ i ] );			break;		}	}

int slap_bv2undef_ad(    struct berval *bv,    AttributeDescription **ad,    const char **text,    unsigned flags ){    AttributeDescription *desc;    AttributeType *at;    assert( ad != NULL );    if( bv == NULL || bv->bv_len == 0 ) {        *text = "empty AttributeDescription";        return LDAP_UNDEFINED_TYPE;    }    /* make sure description is IA5 */    if( ad_keystring( bv ) ) {        *text = "AttributeDescription contains inappropriate characters";        return LDAP_UNDEFINED_TYPE;    }    /* use the appropriate type */    if ( flags & SLAP_AD_PROXIED ) {        at = slap_schema.si_at_proxied;    } else {        at = slap_schema.si_at_undefined;    }    for( desc = at->sat_ad; desc; desc=desc->ad_next ) {        if( desc->ad_cname.bv_len == bv->bv_len &&                !strcasecmp( desc->ad_cname.bv_val, bv->bv_val ) )        {            break;        }    }    if( !desc ) {        if ( flags & SLAP_AD_NOINSERT ) {            *text = NULL;            return LDAP_UNDEFINED_TYPE;        }        desc = ch_malloc(sizeof(AttributeDescription) + 1 +                         bv->bv_len);        desc->ad_flags = SLAP_DESC_NONE;        BER_BVZERO( &desc->ad_tags );        desc->ad_cname.bv_len = bv->bv_len;        desc->ad_cname.bv_val = (char *)(desc+1);        strncpy(desc->ad_cname.bv_val, bv->bv_val, bv->bv_len);        desc->ad_cname.bv_val[bv->bv_len] = '/0';        /* canonical to upper case */        ldap_pvt_str2upper( desc->ad_cname.bv_val );        /* shouldn't we protect this for concurrency? */        desc->ad_type = at;        desc->ad_index = 0;        ldap_pvt_thread_mutex_lock( &ad_undef_mutex );        desc->ad_next = desc->ad_type->sat_ad;        desc->ad_type->sat_ad = desc;        ldap_pvt_thread_mutex_unlock( &ad_undef_mutex );        Debug( LDAP_DEBUG_ANY,               "%s attributeDescription /"%s/" inserted./n",               ( flags & SLAP_AD_PROXIED ) ? "PROXIED" : "UNKNOWN",               desc->ad_cname.bv_val, 0 );    }    if( !*ad ) {        *ad = desc;    } else {        **ad = *desc;    }    return LDAP_SUCCESS;}

static intOpenLDAPaciPrettyNormal(	struct berval	*val,	struct berval	*out,	void		*ctx,	int		normalize ){	struct berval	oid = BER_BVNULL,			scope = BER_BVNULL,			rights = BER_BVNULL,			nrights = BER_BVNULL,			type = BER_BVNULL,			ntype = BER_BVNULL,			subject = BER_BVNULL,			nsubject = BER_BVNULL;	int		idx,			rc = LDAP_SUCCESS,			freesubject = 0,			freetype = 0;	char		*ptr;	BER_BVZERO( out );	if ( BER_BVISEMPTY( val ) ) {		Debug( LDAP_DEBUG_ACL, "aciPrettyNormal: value is empty/n", 0, 0, 0 );		return LDAP_INVALID_SYNTAX;	}	/* oid: if valid, it's already normalized */	if ( acl_get_part( val, 0, '#', &oid ) < 0 || 		numericoidValidate( NULL, &oid ) != LDAP_SUCCESS )	{		Debug( LDAP_DEBUG_ACL, "aciPrettyNormal: invalid oid '%s'/n", oid.bv_val, 0, 0 );		return LDAP_INVALID_SYNTAX;	}	/* scope: normalize by replacing with OpenLDAPaciscopes */	if ( acl_get_part( val, 1, '#', &scope ) < 0 ) {		Debug( LDAP_DEBUG_ACL, "aciPrettyNormal: missing scope in '%s'/n", val->bv_val, 0, 0 );		return LDAP_INVALID_SYNTAX;	}	idx = bv_getcaseidx( &scope, OpenLDAPaciscopes );	if ( idx == -1 ) {		Debug( LDAP_DEBUG_ACL, "aciPrettyNormal: invalid scope '%s'/n", scope.bv_val, 0, 0 );		return LDAP_INVALID_SYNTAX;	}	scope = *OpenLDAPaciscopes[ idx ];	/* rights */	if ( acl_get_part( val, 2, '#', &rights ) < 0 ) {		Debug( LDAP_DEBUG_ACL, "aciPrettyNormal: missing rights in '%s'/n", val->bv_val, 0, 0 );		return LDAP_INVALID_SYNTAX;	}	if ( OpenLDAPaciNormalizeRights( &rights, &nrights, ctx )		!= LDAP_SUCCESS ) 	{		return LDAP_INVALID_SYNTAX;	}	/* type */	if ( acl_get_part( val, 3, '#', &type ) < 0 ) {		Debug( LDAP_DEBUG_ACL, "aciPrettyNormal: missing type in '%s'/n", val->bv_val, 0, 0 );		rc = LDAP_INVALID_SYNTAX;		goto cleanup;	}	idx = bv_getcaseidx( &type, OpenLDAPacitypes );	if ( idx == -1 ) {		struct berval	isgr;		if ( acl_get_part( &type, 0, '/', &isgr ) < 0 ) {		        Debug( LDAP_DEBUG_ACL, "aciPrettyNormal: invalid type '%s'/n", type.bv_val, 0, 0 );			rc = LDAP_INVALID_SYNTAX;			goto cleanup;		}		idx = bv_getcaseidx( &isgr, OpenLDAPacitypes );		if ( idx == -1 || idx >= LAST_OPTIONAL ) {		        Debug( LDAP_DEBUG_ACL, "aciPrettyNormal: invalid type '%s'/n", isgr.bv_val, 0, 0 );			rc = LDAP_INVALID_SYNTAX;			goto cleanup;		}	}	ntype = *OpenLDAPacitypes[ idx ];	/* subject */	bv_get_tail( val, &type, &subject );	if ( BER_BVISEMPTY( &subject ) || subject.bv_val[ 0 ] != '#' ) {	        Debug( LDAP_DEBUG_ACL, "aciPrettyNormal: missing subject in '%s'/n", val->bv_val, 0, 0 );		rc = LDAP_INVALID_SYNTAX;		goto cleanup;	}	subject.bv_val++;	subject.bv_len--;	if ( idx < LAST_DNVALUED ) {		/* FIXME: pass DN syntax? */		if ( normalize ) {			rc = dnNormalize( 0, NULL, NULL,//.........这里部分代码省略.........

/* * Convert a delimited string into a list of AttributeNames; add * on to an existing list if it was given.  If the string is not * a valid attribute name, if a '-' is prepended it is skipped * and the remaining name is tried again; if a '@' (or '+') is * prepended, an objectclass name is searched instead; if a '!' * is prepended, the objectclass name is negated. * * NOTE: currently, if a valid attribute name is not found, the * same string is also checked as valid objectclass name; however, * this behavior is deprecated. */AttributeName *str2anlist( AttributeName *an, char *in, const char *brkstr ){    char	*str;    char	*s;    char	*lasts;    int	i, j;    const char *text;    AttributeName *anew;    /* find last element in list */    i = 0;    if ( an != NULL ) {        for ( i = 0; !BER_BVISNULL( &an[ i ].an_name ) ; i++)            ;    }    /* protect the input string from strtok */    str = ch_strdup( in );    /* Count words in string */    j = 1;    for ( s = str; *s; s++ ) {        if ( strchr( brkstr, *s ) != NULL ) {            j++;        }    }    an = ch_realloc( an, ( i + j + 1 ) * sizeof( AttributeName ) );    anew = an + i;    for ( s = ldap_pvt_strtok( str, brkstr, &lasts );            s != NULL;            s = ldap_pvt_strtok( NULL, brkstr, &lasts ) )    {        /* put a stop mark */        BER_BVZERO( &anew[1].an_name );        anew->an_desc = NULL;        anew->an_oc = NULL;        anew->an_flags = 0;        ber_str2bv(s, 0, 1, &anew->an_name);        slap_bv2ad(&anew->an_name, &anew->an_desc, &text);        if ( !anew->an_desc ) {            switch( anew->an_name.bv_val[0] ) {            case '-': {                struct berval adname;                adname.bv_len = anew->an_name.bv_len - 1;                adname.bv_val = &anew->an_name.bv_val[1];                slap_bv2ad(&adname, &anew->an_desc, &text);                if ( !anew->an_desc ) {                    goto reterr;                }            }            break;            case '@':            case '+': /* (deprecated) */            case '!': {                struct berval ocname;                ocname.bv_len = anew->an_name.bv_len - 1;                ocname.bv_val = &anew->an_name.bv_val[1];                anew->an_oc = oc_bvfind( &ocname );                if ( !anew->an_oc ) {                    goto reterr;                }                if ( anew->an_name.bv_val[0] == '!' ) {                    anew->an_flags |= SLAP_AN_OCEXCLUDE;                }            }            break;            default:                /* old (deprecated) way */                anew->an_oc = oc_bvfind( &anew->an_name );                if ( !anew->an_oc ) {                    goto reterr;                }            }        }        anew->an_flags |= SLAP_AN_OCINITED;        anew++;    }    BER_BVZERO( &anew->an_name );    free( str );    return( an );//.........这里部分代码省略.........

intdo_extended(    Operation	*op,    SlapReply	*rs){	struct berval reqdata = {0, NULL};	ber_len_t len;	Debug( LDAP_DEBUG_TRACE, "%s do_extended/n",		op->o_log_prefix );	if( op->o_protocol < LDAP_VERSION3 ) {		Debug( LDAP_DEBUG_ANY, "%s do_extended: protocol version (%d) too low/n",			op->o_log_prefix, op->o_protocol );		send_ldap_discon( op, rs, LDAP_PROTOCOL_ERROR, "requires LDAPv3" );		rs->sr_err = SLAPD_DISCONNECT;		goto done;	}	if ( ber_scanf( op->o_ber, "{m" /*}*/, &op->ore_reqoid ) == LBER_ERROR ) {		Debug( LDAP_DEBUG_ANY, "%s do_extended: ber_scanf failed/n",			op->o_log_prefix );		send_ldap_discon( op, rs, LDAP_PROTOCOL_ERROR, "decoding error" );		rs->sr_err = SLAPD_DISCONNECT;		goto done;	}	if( ber_peek_tag( op->o_ber, &len ) == LDAP_TAG_EXOP_REQ_VALUE ) {		if( ber_scanf( op->o_ber, "m", &reqdata ) == LBER_ERROR ) {			Debug( LDAP_DEBUG_ANY, "%s do_extended: ber_scanf failed/n",				op->o_log_prefix );			send_ldap_discon( op, rs, LDAP_PROTOCOL_ERROR, "decoding error" );			rs->sr_err = SLAPD_DISCONNECT;			goto done;		}	}	if( get_ctrls( op, rs, 1 ) != LDAP_SUCCESS ) {		Debug( LDAP_DEBUG_ANY, "%s do_extended: get_ctrls failed/n",			op->o_log_prefix );		return rs->sr_err;	} 	Debug( LDAP_DEBUG_STATS, "%s EXT oid=%s/n",	    op->o_log_prefix, op->ore_reqoid.bv_val );	/* check for controls inappropriate for all extended operations */	if( get_manageDSAit( op ) == SLAP_CONTROL_CRITICAL ) {		send_ldap_error( op, rs,			LDAP_UNAVAILABLE_CRITICAL_EXTENSION,			"manageDSAit control inappropriate" );		goto done;	}	/* FIXME: temporary? */	if ( reqdata.bv_val ) {		op->ore_reqdata = &reqdata;	}	op->o_bd = frontendDB;	rs->sr_err = frontendDB->be_extended( op, rs );	/* clean up in case some overlay set them? */	if ( !BER_BVISNULL( &op->o_req_ndn ) ) {		if ( !BER_BVISNULL( &op->o_req_dn )			&& op->o_req_ndn.bv_val != op->o_req_dn.bv_val )		{			op->o_tmpfree( op->o_req_dn.bv_val, op->o_tmpmemctx );		}		op->o_tmpfree( op->o_req_ndn.bv_val, op->o_tmpmemctx );		BER_BVZERO( &op->o_req_dn );		BER_BVZERO( &op->o_req_ndn );	}done:	return rs->sr_err;}

//.........这里部分代码省略.........			backsql_def_delobjclasses_stmt, 0, 0 );		bi->sql_delobjclasses_stmt = ch_strdup( backsql_def_delobjclasses_stmt );	}	/* This should just be to force schema loading */	connection_fake_init2( &conn, &opbuf, thrctx, 0 );	op = &opbuf.ob_op;	op->o_bd = bd;	if ( backsql_get_db_conn( op, &dbh ) != LDAP_SUCCESS ) {		Debug( LDAP_DEBUG_TRACE, "backsql_db_open(): "			"connection failed, exiting/n", 0, 0, 0 );		return 1;	}	if ( backsql_load_schema_map( bi, dbh ) != LDAP_SUCCESS ) {		Debug( LDAP_DEBUG_TRACE, "backsql_db_open(): "			"schema mapping failed, exiting/n", 0, 0, 0 );		return 1;	}	if ( backsql_free_db_conn( op, dbh ) != SQL_SUCCESS ) {		Debug( LDAP_DEBUG_TRACE, "backsql_db_open(): "			"connection free failed/n", 0, 0, 0 );	}	if ( !BACKSQL_SCHEMA_LOADED( bi ) ) {		Debug( LDAP_DEBUG_TRACE, "backsql_db_open(): "			"test failed, schema map not loaded - exiting/n",			0, 0, 0 );		return 1;	}	/*	 * Prepare ID selection query	 */	if ( bi->sql_id_query == NULL ) {		/* no custom id_query provided */		if ( bi->sql_upper_func.bv_val == NULL ) {			backsql_strcat_x( &bb, NULL, backsql_id_query, "dn=?", NULL );		} else {			if ( BACKSQL_HAS_LDAPINFO_DN_RU( bi ) ) {				backsql_strcat_x( &bb, NULL, backsql_id_query,						"dn_ru=?", NULL );			} else {				if ( BACKSQL_USE_REVERSE_DN( bi ) ) {					backsql_strfcat_x( &bb, NULL, "sbl",							backsql_id_query,							&bi->sql_upper_func, 							(ber_len_t)STRLENOF( "(dn)=?" ), "(dn)=?" );				} else {					backsql_strfcat_x( &bb, NULL, "sblbcb",							backsql_id_query,							&bi->sql_upper_func, 							(ber_len_t)STRLENOF( "(dn)=" ), "(dn)=",							&bi->sql_upper_func_open, 							'?', 							&bi->sql_upper_func_close );				}			}		}		bi->sql_id_query = bb.bb_val.bv_val;	}	/*	 * Prepare children count query	 */	BER_BVZERO( &bb.bb_val );	bb.bb_len = 0;	backsql_strfcat_x( &bb, NULL, "sbsb",			"SELECT COUNT(distinct subordinates.id) "			"FROM ldap_entries,ldap_entries ",			&bi->sql_aliasing, "subordinates "			"WHERE subordinates.parent=ldap_entries.id AND ",			&bi->sql_dn_match_cond );	bi->sql_has_children_query = bb.bb_val.bv_val; 	/*	 * Prepare DN and objectClass aliasing bit of query	 */	BER_BVZERO( &bb.bb_val );	bb.bb_len = 0;	backsql_strfcat_x( &bb, NULL, "sbbsbsbbsb",			" ", &bi->sql_aliasing, &bi->sql_aliasing_quote,			"objectClass", &bi->sql_aliasing_quote,			",ldap_entries.dn ", &bi->sql_aliasing,			&bi->sql_aliasing_quote, "dn", &bi->sql_aliasing_quote );	bi->sql_dn_oc_aliasing = bb.bb_val; 	/* should never happen! */	assert( bd->be_nsuffix != NULL );		if ( BER_BVISNULL( &bd->be_nsuffix[ 1 ] ) ) {		/* enable if only one suffix is defined */		bi->sql_flags |= BSQLF_USE_SUBTREE_SHORTCUT;	}	bi->sql_flags |= BSQLF_CHECK_SCHEMA;		Debug( LDAP_DEBUG_TRACE, "<==backsql_db_open(): "		"test succeeded, schema map loaded/n", 0, 0, 0 );	return 0;}

static intslap_sasl_authorize(	sasl_conn_t *sconn,	void *context,	char *requested_user,	unsigned rlen,	char *auth_identity,	unsigned alen,	const char *def_realm,	unsigned urlen,	struct propctx *props){	Connection *conn = (Connection *)context;	/* actually:	 *	(SLAP_SASL_PROP_COUNT - 1)	because we skip "conn",	 *	+ 1				for NULL termination?	 */	struct propval auxvals[ SLAP_SASL_PROP_COUNT ] = { { 0 } };	struct berval authcDN, authzDN = BER_BVNULL;	int rc;	/* Simple Binds don't support proxy authorization, ignore it */	if ( !conn->c_sasl_bindop ||		conn->c_sasl_bindop->orb_method != LDAP_AUTH_SASL ) return SASL_OK;	Debug( LDAP_DEBUG_ARGS, "SASL proxy authorize [conn=%ld]: "		"authcid=/"%s/" authzid=/"%s/"/n",		conn ? (long) conn->c_connid : -1L, auth_identity, requested_user );	if ( conn->c_sasl_dn.bv_val ) {		BER_BVZERO( &conn->c_sasl_dn );	}	/* Skip SLAP_SASL_PROP_CONN */	prop_getnames( props, slap_propnames+1, auxvals );	/* Should not happen */	if ( !auxvals[0].values ) {		sasl_seterror( sconn, 0, "invalid authcid" );		return SASL_NOAUTHZ;	}	AC_MEMCPY( &authcDN.bv_len, auxvals[0].values[0], sizeof(authcDN.bv_len) );	authcDN.bv_val = auxvals[1].values ? (char *)auxvals[1].values[0] : NULL;	conn->c_sasl_dn = authcDN;	/* Nothing to do if no authzID was given */	if ( !auxvals[2].name || !auxvals[2].values ) {		goto ok;	}	AC_MEMCPY( &authzDN.bv_len, auxvals[2].values[0], sizeof(authzDN.bv_len) );	authzDN.bv_val = auxvals[3].values ? (char *)auxvals[3].values[0] : NULL;	rc = slap_sasl_authorized( conn->c_sasl_bindop, &authcDN, &authzDN );	if ( rc != LDAP_SUCCESS ) {		Debug( LDAP_DEBUG_TRACE, "SASL Proxy Authorize [conn=%ld]: "			"proxy authorization disallowed (%d)/n",			conn ? (long) conn->c_connid : -1L, rc );		sasl_seterror( sconn, 0, "not authorized" );		return SASL_NOAUTHZ;	}	/* FIXME: we need yet another dup because slap_sasl_getdn()	 * is using the bind operation slab */	ber_dupbv( &conn->c_sasl_authz_dn, &authzDN );ok:	if (conn->c_sasl_bindop) {		Statslog( LDAP_DEBUG_STATS,			"%s BIND authcid=/"%s/" authzid=/"%s/"/n",			conn->c_sasl_bindop->o_log_prefix,			auth_identity, requested_user );	}	Debug( LDAP_DEBUG_TRACE, "SASL Authorize [conn=%ld]: "		" proxy authorization allowed authzDN=/"%s/"/n",		conn ? (long) conn->c_connid : -1L,		authzDN.bv_val ? authzDN.bv_val : "" );	return SASL_OK;}

intschema_info( Entry **entry, const char **text ){	AttributeDescription *ad_structuralObjectClass		= slap_schema.si_ad_structuralObjectClass;	AttributeDescription *ad_objectClass		= slap_schema.si_ad_objectClass;	AttributeDescription *ad_createTimestamp		= slap_schema.si_ad_createTimestamp;	AttributeDescription *ad_modifyTimestamp		= slap_schema.si_ad_modifyTimestamp;	Entry		*e;	struct berval	vals[5];	struct berval	nvals[5];	e = entry_alloc();	if( e == NULL ) {		/* Out of memory, do something about it */		Debug( LDAP_DEBUG_ANY,			"schema_info: entry_alloc failed - out of memory./n" );		*text = "out of memory";		return LDAP_OTHER;	}	e->e_attrs = NULL;	/* backend-specific schema info should be created by the	 * backend itself	 */	ber_dupbv( &e->e_name, &frontendDB->be_schemadn );	ber_dupbv( &e->e_nname, &frontendDB->be_schemandn );	e->e_private = NULL;	BER_BVSTR( &vals[0], "subentry" );	if( attr_merge_one( e, ad_structuralObjectClass, vals, NULL ) ) {		/* Out of memory, do something about it */		entry_free( e );		*text = "out of memory";		return LDAP_OTHER;	}	BER_BVSTR( &vals[0], "top" );	BER_BVSTR( &vals[1], "subentry" );	BER_BVSTR( &vals[2], "subschema" );	BER_BVSTR( &vals[3], "extensibleObject" );	BER_BVZERO( &vals[4] );	if ( attr_merge( e, ad_objectClass, vals, NULL ) ) {		/* Out of memory, do something about it */		entry_free( e );		*text = "out of memory";		return LDAP_OTHER;	}	{		int rc;		AttributeDescription *desc = NULL;		struct berval rdn = frontendDB->be_schemadn;		vals[0].bv_val = ber_bvchr( &rdn, '=' );		if( vals[0].bv_val == NULL ) {			*text = "improperly configured subschema subentry";			return LDAP_OTHER;		}		vals[0].bv_val++;		vals[0].bv_len = rdn.bv_len - (vals[0].bv_val - rdn.bv_val);		rdn.bv_len -= vals[0].bv_len + 1;		rc = slap_bv2ad( &rdn, &desc, text );		if( rc != LDAP_SUCCESS ) {			entry_free( e );			*text = "improperly configured subschema subentry";			return LDAP_OTHER;		}		nvals[0].bv_val = ber_bvchr( &frontendDB->be_schemandn, '=' );		assert( nvals[0].bv_val != NULL );		nvals[0].bv_val++;		nvals[0].bv_len = frontendDB->be_schemandn.bv_len -			(nvals[0].bv_val - frontendDB->be_schemandn.bv_val);		if ( attr_merge_one( e, desc, vals, nvals ) ) {			/* Out of memory, do something about it */			entry_free( e );			*text = "out of memory";			return LDAP_OTHER;		}	}	{		char		timebuf[ LDAP_LUTIL_GENTIME_BUFSIZE ];		/*		 * According to RFC 4512:   Servers SHOULD maintain the 'creatorsName', 'createTimestamp',   'modifiersName', and 'modifyTimestamp' attributes for all entries of   the DIT.//.........这里部分代码省略.........

static intlimits_add(	Backend 	        *be,	unsigned		flags,	const char		*pattern,	ObjectClass		*group_oc,	AttributeDescription	*group_ad,	struct slap_limits_set	*limit){	int 			i;	struct slap_limits	*lm;	unsigned		type, style;		assert( be != NULL );	assert( limit != NULL );	type = flags & SLAP_LIMITS_TYPE_MASK;	style = flags & SLAP_LIMITS_MASK;	switch ( style ) {	case SLAP_LIMITS_ANONYMOUS:	case SLAP_LIMITS_USERS:	case SLAP_LIMITS_ANY:		/* For these styles, type == 0 (SLAP_LIMITS_TYPE_SELF). */		for ( i = 0; be->be_limits && be->be_limits[ i ]; i++ ) {			if ( be->be_limits[ i ]->lm_flags == style ) {				return( -1 );			}		}		break;	}	lm = ( struct slap_limits * )ch_calloc( sizeof( struct slap_limits ), 1 );	switch ( style ) {	case SLAP_LIMITS_UNDEFINED:		style = SLAP_LIMITS_EXACT;		/* continue to next cases */	case SLAP_LIMITS_EXACT:	case SLAP_LIMITS_ONE:	case SLAP_LIMITS_SUBTREE:	case SLAP_LIMITS_CHILDREN:		{			int rc;			struct berval bv;			ber_str2bv( pattern, 0, 0, &bv );			rc = dnNormalize( 0, NULL, NULL, &bv, &lm->lm_pat, NULL );			if ( rc != LDAP_SUCCESS ) {				ch_free( lm );				return( -1 );			}		}		break;			case SLAP_LIMITS_REGEX:		ber_str2bv( pattern, 0, 1, &lm->lm_pat );		if ( regcomp( &lm->lm_regex, lm->lm_pat.bv_val, 					REG_EXTENDED | REG_ICASE ) ) {			free( lm->lm_pat.bv_val );			ch_free( lm );			return( -1 );		}		break;	case SLAP_LIMITS_ANONYMOUS:	case SLAP_LIMITS_USERS:	case SLAP_LIMITS_ANY:		BER_BVZERO( &lm->lm_pat );		break;	}	switch ( type ) {	case SLAP_LIMITS_TYPE_GROUP:		assert( group_oc != NULL );		assert( group_ad != NULL );		lm->lm_group_oc = group_oc;		lm->lm_group_ad = group_ad;		break;	}	lm->lm_flags = style | type;	lm->lm_limits = *limit;	i = 0;	if ( be->be_limits != NULL ) {		for ( ; be->be_limits[i]; i++ );	}	be->be_limits = ( struct slap_limits ** )ch_realloc( be->be_limits,			sizeof( struct slap_limits * ) * ( i + 2 ) );	be->be_limits[i] = lm;	be->be_limits[i+1] = NULL;		return( 0 );}

/* * asyncmeta_single_bind * * attempts to perform a bind with creds */static intasyncmeta_single_bind(	Operation		*op,	SlapReply		*rs,	a_metaconn_t		*mc,	int			candidate ){	a_metainfo_t		*mi = mc->mc_info;	a_metatarget_t		*mt = mi->mi_targets[ candidate ];	struct berval		mdn = BER_BVNULL;	a_metasingleconn_t	*msc = &mc->mc_conns[ candidate ];	int			msgid;	a_dncookie		dc;	struct berval		save_o_dn;	int			save_o_do_not_cache;	LDAPControl		**ctrls = NULL;	if ( !BER_BVISNULL( &msc->msc_bound_ndn ) ) {		ch_free( msc->msc_bound_ndn.bv_val );		BER_BVZERO( &msc->msc_bound_ndn );	}	if ( !BER_BVISNULL( &msc->msc_cred ) ) {		/* destroy sensitive data */		memset( msc->msc_cred.bv_val, 0, msc->msc_cred.bv_len );		ch_free( msc->msc_cred.bv_val );		BER_BVZERO( &msc->msc_cred );	}	/*	 * Rewrite the bind dn if needed	 */	dc.target = mt;	dc.conn = op->o_conn;	dc.rs = rs;	dc.ctx = "bindDN";	if ( asyncmeta_dn_massage( &dc, &op->o_req_dn, &mdn ) ) {		rs->sr_text = "DN rewrite error";		rs->sr_err = LDAP_OTHER;		return rs->sr_err;	}	/* don't add proxyAuthz; set the bindDN */	save_o_dn = op->o_dn;	save_o_do_not_cache = op->o_do_not_cache;	op->o_do_not_cache = 1;	op->o_dn = op->o_req_dn;	ctrls = op->o_ctrls;	rs->sr_err = asyncmeta_controls_add( op, rs, mc, candidate, &ctrls );	op->o_dn = save_o_dn;	op->o_do_not_cache = save_o_do_not_cache;	if ( rs->sr_err != LDAP_SUCCESS ) {		goto return_results;	}	/* FIXME: this fixes the bind problem right now; we need	 * to use the asynchronous version to get the "matched"	 * and more in case of failure ... */	/* FIXME: should we check if at least some of the op->o_ctrls	 * can/should be passed? */	for (;;) {		rs->sr_err = ldap_sasl_bind( msc->msc_ld, mdn.bv_val,			LDAP_SASL_SIMPLE, &op->orb_cred,			ctrls, NULL, &msgid );		if ( rs->sr_err != LDAP_X_CONNECTING ) {			break;		}		ldap_pvt_thread_yield();	}	mi->mi_ldap_extra->controls_free( op, rs, &ctrls );	asyncmeta_bind_op_result( op, rs, mc, candidate, msgid, LDAP_BACK_DONTSEND, 1 );	if ( rs->sr_err != LDAP_SUCCESS ) {		goto return_results;	}	/* If defined, proxyAuthz will be used also when	 * back-ldap is the authorizing backend; for this	 * purpose, a successful bind is followed by a	 * bind with the configured identity assertion */	/* NOTE: use with care */	if ( mt->mt_idassert_flags & LDAP_BACK_AUTH_OVERRIDE ) {		asyncmeta_proxy_authz_bind( mc, candidate, op, rs, LDAP_BACK_SENDERR, 1 );		if ( !LDAP_BACK_CONN_ISBOUND( msc ) ) {			goto return_results;		}		goto cache_refresh;	}	ber_bvreplace( &msc->msc_bound_ndn, &op->o_req_ndn );	LDAP_BACK_CONN_ISBOUND_SET( msc );	mc->mc_authz_target = candidate;//.........这里部分代码省略.........

/* * I don't like this much, but we need two different * functions because different heap managers may be * in use in back-ldap/meta to reduce the amount of * calls to malloc routines, and some of the free() * routines may be macros with args */intrwm_dnattr_rewrite(	Operation		*op,	SlapReply		*rs,	void			*cookie,	BerVarray		a_vals,	BerVarray		*pa_nvals ){	slap_overinst		*on = (slap_overinst *) op->o_bd->bd_info;	struct ldaprwmap	*rwmap = 			(struct ldaprwmap *)on->on_bi.bi_private;	int			i, last;	dncookie		dc;	struct berval		dn = BER_BVNULL,				ndn = BER_BVNULL;	BerVarray		in;	if ( a_vals ) {		in = a_vals;	} else {		if ( pa_nvals == NULL || *pa_nvals == NULL ) {			return LDAP_OTHER;		}		in = *pa_nvals;	}	/*	 * Rewrite the dn if needed	 */	dc.rwmap = rwmap;	dc.conn = op->o_conn;	dc.rs = rs;	dc.ctx = (char *)cookie;	for ( last = 0; !BER_BVISNULL( &in[last] ); last++ );	last--;	if ( pa_nvals != NULL ) {		if ( *pa_nvals == NULL ) {			*pa_nvals = ch_malloc( ( last + 2 ) * sizeof(struct berval) );			memset( *pa_nvals, 0, ( last + 2 ) * sizeof(struct berval) );		}	}	for ( i = 0; !BER_BVISNULL( &in[i] ); i++ ) {		int		rc;		if ( a_vals ) {			dn = in[i];			if ( pa_nvals ) {				ndn = (*pa_nvals)[i];				rc = rwm_dn_massage_pretty_normalize( &dc, &in[i], &dn, &ndn );			} else {				rc = rwm_dn_massage_pretty( &dc, &in[i], &dn );			}		} else {			ndn = in[i];			rc = rwm_dn_massage_normalize( &dc, &in[i], &ndn );		}		switch ( rc ) {		case LDAP_UNWILLING_TO_PERFORM:			/*			 * FIXME: need to check if it may be considered 			 * legal to trim values when adding/modifying;			 * it should be when searching (e.g. ACLs).			 */			ch_free( in[i].bv_val );			if (last > i ) {				in[i] = in[last];				if ( a_vals && pa_nvals ) {					(*pa_nvals)[i] = (*pa_nvals)[last];				}			}			BER_BVZERO( &in[last] );			if ( a_vals && pa_nvals ) {				BER_BVZERO( &(*pa_nvals)[last] );			}			last--;			break;				case LDAP_SUCCESS:			if ( a_vals ) {				if ( !BER_BVISNULL( &dn ) && dn.bv_val != a_vals[i].bv_val ) {					ch_free( a_vals[i].bv_val );					a_vals[i] = dn;					if ( pa_nvals ) {						if ( !BER_BVISNULL( &(*pa_nvals)[i] ) ) {							ch_free( (*pa_nvals)[i].bv_val );						}//.........这里部分代码省略.........

static int pam_sess(nssov_info *ni,TFILE *fp,Operation *op,int action){	struct berval dn, uid, svc, tty, rhost, ruser;	int32_t tmpint32;	char dnc[1024];	char svcc[256];	char uidc[32];	char ttyc[32];	char rhostc[256];	char ruserc[32];	slap_callback cb = {0};	SlapReply rs = {REP_RESULT};	char timebuf[LDAP_LUTIL_GENTIME_BUFSIZE];	struct berval timestamp, bv[2], *nbv;	time_t stamp;	Modifications mod;	READ_STRING(fp,uidc);	uid.bv_val = uidc;	uid.bv_len = tmpint32;	READ_STRING(fp,dnc);	dn.bv_val = dnc;	dn.bv_len = tmpint32;	READ_STRING(fp,svcc);	svc.bv_val = svcc;	svc.bv_len = tmpint32;	READ_STRING(fp,ttyc);	tty.bv_val = ttyc;	tty.bv_len = tmpint32;	READ_STRING(fp,rhostc);	rhost.bv_val = rhostc;	rhost.bv_len = tmpint32;	READ_STRING(fp,ruserc);	ruser.bv_val = ruserc;	ruser.bv_len = tmpint32;	READ_INT32(fp,stamp);	Debug(LDAP_DEBUG_TRACE,"nssov_pam_sess_%c(%s)/n",		action==NSLCD_ACTION_PAM_SESS_O ? 'o' : 'c', dn.bv_val,0);	if (!dn.bv_len || !ni->ni_pam_sessions) return 0;	{		int i, found=0;		for (i=0; !BER_BVISNULL(&ni->ni_pam_sessions[i]); i++) {			if (ni->ni_pam_sessions[i].bv_len != svc.bv_len)				continue;			if (!strcasecmp(ni->ni_pam_sessions[i].bv_val, svc.bv_val)) {				found = 1;				break;			}		}		if (!found) return 0;	}	slap_op_time( &op->o_time, &op->o_tincr );	timestamp.bv_len = sizeof(timebuf);	timestamp.bv_val = timebuf;	if (action == NSLCD_ACTION_PAM_SESS_O )		stamp = op->o_time;	slap_timestamp( &stamp, &timestamp );	bv[0].bv_len = timestamp.bv_len + global_host_bv.bv_len + svc.bv_len +		tty.bv_len + ruser.bv_len + rhost.bv_len + STRLENOF("    (@)");	bv[0].bv_val = op->o_tmpalloc( bv[0].bv_len+1, op->o_tmpmemctx );	sprintf(bv[0].bv_val, "%s %s %s %s (%[email
C++ BEV_UNLOCK函数代码示例
C++ BER_BVISNULL函数代码示例