Re: Access conttrol as an overlay function

[Howard Chu <hyc@symas.com>]

Roland Hedberg wrote:

> Kurt D. Zeilenga wrote:
>
> > However,
> > in responses, the information (such as entry data) can be
> > shared (as managed by the backend).  So, send_entry functions
> > MUST NOT alter the entry struct referenced by sr_entry.
> > They however can alter sr_entry to point to a different entry.
> >
> > If you do provide a replacement entry, then you need to
> > tell send_entry to free it (REP_ENTRY_MUSTBEFREED) 

> This is setting rs->sr_flags = REP_ENTRY_MUSTBEFREED ?

Yes. The flags are a bitfield, so you should OR it in, not just assign it.

> > or not
> > (and, if not, manage the replacement entry memory by other
> > means).  And if its to be freed, you cannot copy by reference
> > from the original entry.

> So what if the complete entry should be removed from the response ?

Then just don't send the response. Return LDAP_SUCCESS instead of 
SLAP_CB_CONTINUE from your response callback, and that response will not 
be sent to the client.

> And what happens with the old entry is it magically freed by the memory 
> system ?

The original entry is the responsibility of the originating backend. In 
backends that do entry caching (back-{bdb,hdb,ldbm}) they will most 
likely hang on to the entry anyway. Other backends will call entry_free 
as appropriate.
--
  -- Howard Chu
  Chief Architect, Symas Corp.       Director, Highland Sun
  http://www.symas.com               http://highlandsun.com/hyc
  Symas: Premier OpenSource Development and Support