[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Access conttrol as an overlay function

Roland Hedberg wrote:

Kurt D. Zeilenga wrote:

in responses, the information (such as entry data) can be
shared (as managed by the backend).  So, send_entry functions
MUST NOT alter the entry struct referenced by sr_entry.
They however can alter sr_entry to point to a different entry.

If you do provide a replacement entry, then you need to
tell send_entry to free it (REP_ENTRY_MUSTBEFREED)

This is setting rs->sr_flags = REP_ENTRY_MUSTBEFREED ?

Yes. The flags are a bitfield, so you should OR it in, not just assign it.

or not
(and, if not, manage the replacement entry memory by other
means).  And if its to be freed, you cannot copy by reference
from the original entry.

So what if the complete entry should be removed from the response ?

Then just don't send the response. Return LDAP_SUCCESS instead of SLAP_CB_CONTINUE from your response callback, and that response will not be sent to the client.

And what happens with the old entry is it magically freed by the memory system ?

The original entry is the responsibility of the originating backend. In backends that do entry caching (back-{bdb,hdb,ldbm}) they will most likely hang on to the entry anyway. Other backends will call entry_free as appropriate.
-- Howard Chu
Chief Architect, Symas Corp. Director, Highland Sun
http://www.symas.com http://highlandsun.com/hyc
Symas: Premier OpenSource Development and Support