Really fix subschemasubentry...

servers/slapd/backend.c

@@ -13,6 +13,8 @@
 #include "slap.h"
 #include "lutil.h"
 
+#include "ldap_defaults.h"
+
 #ifdef SLAPD_LDAP
 #include "back-ldap/external.h"
 #endif
@@ -595,3 +597,22 @@ backend_group(
 	else
 		return(1);
 }
+
+#ifdef SLAPD_SCHEMA_DN
+Attribute *backend_subschemasubentry( Backend *be )
+{
+	/* should be backend specific */
+	static struct berval ss_val = {
+		sizeof(SLAPD_SCHEMA_DN)-1,
+		SLAPD_SCHEMA_DN };
+	static struct berval *ss_vals[2] = { &ss_val, NULL };
+	static Attribute ss_attr = {
+		"subschemasubentry",
+		ss_vals,
+		SYNTAX_DN | SYNTAX_CIS,
+		NULL
+	};
+
+	return &ss_attr;
+}
+#endif

servers/slapd/proto-slap.h

@@ -99,6 +99,12 @@ extern int	backend_group LDAP_P((Backend *be,
 	char *gr_ndn, char *op_ndn,
 	char *objectclassValue, char *groupattrName));
 
+#ifdef SLAPD_SCHEMA_DN
+/* temporary extern for temporary routine*/
+extern Attribute *backend_subschemasubentry( Backend * );
+#endif
+
+
 /*
  * ch_malloc.c
  */

servers/slapd/result.c

@@ -504,22 +504,6 @@ send_search_entry(
 
 	Debug( LDAP_DEBUG_TRACE, "=> send_search_entry: \"%s\"\n", e->e_dn, 0, 0 );
 
-#if defined( SLAPD_SCHEMA_DN )
-	{
-		/* this could be backend specific */
-		struct berval val;
-		struct berval *vals[2];
-
-		vals[0] = &val;
-		vals[1] = NULL;
-
-		val.bv_val = SLAPD_SCHEMA_DN;
-		val.bv_len = strlen( val.bv_val );
-
-		attr_merge( e, "subschemaSubentry", vals );
-	}
-#endif
-
 	if ( ! access_allowed( be, conn, op, e,
 		"entry", NULL, ACL_READ ) )
 	{
@@ -626,6 +610,82 @@ send_search_entry(
 		}
 	}
 
+#ifdef SLAPD_SCHEMA_DN
+	a = backend_subschemasubentry( be );
+	
+	do {
+		regmatch_t       matches[MAXREMATCHES];
+
+		if ( attrs == NULL ) {
+			/* all addrs request, skip operational attributes */
+			if( !opattrs && oc_check_operational_attr( a->a_type ) ) {
+				continue;
+			}
+
+		} else {
+			/* specific addrs requested */
+			if ( allattrs ) {
+				/* user requested all user attributes */
+				/* if operational, make sure it's in list */
+
+				if( oc_check_operational_attr( a->a_type )
+					&& !charray_inlist( attrs, a->a_type ) )
+				{
+					continue;
+				}
+
+			} else if ( !charray_inlist( attrs, a->a_type ) ) {
+				continue;
+			}
+		}
+
+		acl = acl_get_applicable( be, op, e, a->a_type,
+			MAXREMATCHES, matches );
+
+		if ( ! acl_access_allowed( acl, be, conn, e,
+			NULL, op, ACL_READ, edn, matches ) ) 
+		{
+			continue;
+		}
+
+		if (( rc = ber_printf( ber, "{s[" /*]}*/ , a->a_type )) == -1 ) {
+			Debug( LDAP_DEBUG_ANY, "ber_printf failed\n", 0, 0, 0 );
+			ber_free( ber, 1 );
+			send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR,
+			    NULL, "encoding type error", NULL, NULL );
+			goto error_return;
+		}
+
+		if ( ! attrsonly ) {
+			for ( i = 0; a->a_vals[i] != NULL; i++ ) {
+				if ( a->a_syntax & SYNTAX_DN && 
+					! acl_access_allowed( acl, be, conn, e, a->a_vals[i], op,
+						ACL_READ, edn, matches) )
+				{
+					continue;
+				}
+
+				if (( rc = ber_printf( ber, "O", a->a_vals[i] )) == -1 ) {
+					Debug( LDAP_DEBUG_ANY,
+					    "ber_printf failed\n", 0, 0, 0 );
+					ber_free( ber, 1 );
+					send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR,
+						NULL, "encoding value error", NULL, NULL );
+					goto error_return;
+				}
+			}
+		}
+
+		if (( rc = ber_printf( ber, /*{[*/ "]}" )) == -1 ) {
+			Debug( LDAP_DEBUG_ANY, "ber_printf failed\n", 0, 0, 0 );
+			ber_free( ber, 1 );
+			send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR,
+			    NULL, "encode end error", NULL, NULL );
+			goto error_return;
+		}
+	} while (0);
+#endif
+
 	rc = ber_printf( ber, /*{{{*/ "}}}" );
 
 	if ( rc == -1 ) {

servers/slapd/schema.c

@@ -14,6 +14,7 @@
 static char *	oc_check_required(Entry *e, char *ocname);
 static int		oc_check_allowed(char *type, struct berval **ocl);
 
+
 /*
  * oc_check - check that entry e conforms to the schema required by
  * its object class(es). returns 0 if so, non-zero otherwise.
@@ -1213,4 +1214,4 @@ int is_entry_objectclass(
 	}
 
 	return 1;
-}
\ No newline at end of file
+}