+ /*create a new message to return*/
+ ret_msg = ldb_msg_new(req);
+ ret_msg->dn = msg->dn;
+ ret_msg->num_elements = num_of_attrs;
+ if (num_of_attrs > 0) {
+ ret_msg->elements = talloc_array(ret_msg,
+ struct ldb_message_element,
+ num_of_attrs);
+ if (ret_msg->elements == NULL) {
+ return ldb_oom(ldb);
+ }
+ for (i=0; i < msg->num_elements; i++) {
+ bool to_remove = aclread_is_inaccessible(&msg->elements[i]);
+ if (!to_remove) {
+ ret_msg->elements[k] = msg->elements[i];
+ if (!talloc_reference(ret_msg->elements,
+ msg->elements[i].values)) {
+ talloc_free(tmp_ctx);
+ return ldb_operr(ldb);
+ }
+ k++;
+ }
+ }
+ } else {
+ ret_msg->elements = NULL;