git.sur5r.net Git - openldap/blob - servers/slapd/back-bdb/attribute.c

   1 /* attribute.c - bdb backend acl attribute routine */
   2 /* $OpenLDAP$ */
   3 /*
   4  * Copyright 1998-2002 The OpenLDAP Foundation, All Rights Reserved.
   5  * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
   6  */
   7
   8 #include "portable.h"
   9
  10 #include <stdio.h>
  11
  12 #include <ac/socket.h>
  13 #include <ac/string.h>
  14
  15 #include "slap.h"
  16 #include "back-bdb.h"
  17 #include "proto-bdb.h"
  18
  19 /* return LDAP_SUCCESS IFF we can retrieve the attributes
  20  * of entry with e_ndn
  21  */
  22 int
  23 bdb_attribute(
  24         Backend *be,
  25         Connection *conn,
  26         Operation *op,
  27         Entry *target,
  28         struct berval *entry_ndn,
  29         AttributeDescription *entry_at,
  30         BerVarray *vals )
  31 {
  32         struct bdb_info *bdb = (struct bdb_info *) be->be_private;
  33         struct bdb_op_info *boi = NULL;
  34         DB_TXN *txn = NULL;
  35         Entry *e;
  36         int     i, j = 0, rc;
  37         Attribute *attr;
  38         BerVarray v;
  39         const char *entry_at_name = entry_at->ad_cname.bv_val;
  40         AccessControlState acl_state = ACL_STATE_INIT;
  41
  42         u_int32_t       locker;
  43         DB_LOCK         lock;
  44
  45 #ifdef NEW_LOGGING
  46         LDAP_LOG(( "backend", LDAP_LEVEL_ARGS,
  47                 "bdb_attribute: gr dn: \"%s\"\n", entry_ndn->bv_val ));
  48         LDAP_LOG(( "backend", LDAP_LEVEL_ARGS,
  49                 "bdb_attribute: at: \"%s\"\n", entry_at_name));
  50         LDAP_LOG(( "backend", LDAP_LEVEL_ARGS,
  51                 "bdb_attribute: tr dn: \"%s\"\n",
  52                 target ? target->e_ndn : "" ));
  53 #else
  54         Debug( LDAP_DEBUG_ARGS,
  55                 "=> bdb_attribute: gr dn: \"%s\"\n",
  56                 entry_ndn->bv_val, 0, 0 );
  57         Debug( LDAP_DEBUG_ARGS,
  58                 "=> bdb_attribute: at: \"%s\"\n",
  59                 entry_at_name, 0, 0 );
  60
  61         Debug( LDAP_DEBUG_ARGS,
  62                 "=> bdb_attribute: tr dn: \"%s\"\n",
  63                 target ? target->e_ndn : "", 0, 0 );
  64 #endif
  65
  66         if( op ) boi = (struct bdb_op_info *) op->o_private;
  67         if( boi != NULL && be == boi->boi_bdb ) {
  68                 txn = boi->boi_txn;
  69         }
  70
  71         if ( txn != NULL )
  72                 locker = TXN_ID ( txn );
  73         else
  74                 LOCK_ID ( bdb->bi_dbenv, &locker );
  75
  76         if (target != NULL && dn_match(&target->e_nname, entry_ndn)) {
  77                 /* we already have a LOCKED copy of the entry */
  78                 e = target;
  79 #ifdef NEW_LOGGING
  80                 LDAP_LOG(( "backend", LDAP_LEVEL_DETAIL1,
  81                         "bdb_attribute: target is LOCKED (%s)\n",
  82                         entry_ndn->bv_val ));
  83 #else
  84                 Debug( LDAP_DEBUG_ARGS,
  85                         "=> bdb_attribute: target is entry: \"%s\"\n",
  86                         entry_ndn->bv_val, 0, 0 );
  87 #endif
  88
  89
  90         } else {
  91 dn2entry_retry:
  92                 /* can we find entry */
  93                 rc = bdb_dn2entry_r( be, NULL, entry_ndn, &e, NULL, 0, locker, &lock );
  94                 switch( rc ) {
  95                 case DB_NOTFOUND:
  96                 case 0:
  97                         break;
  98                 case DB_LOCK_DEADLOCK:
  99                 case DB_LOCK_NOTGRANTED:
 100                         goto dn2entry_retry;
 101                 default:
 102                         if( txn != NULL ) {
 103                                 boi->boi_err = rc;
 104                         }
 105                         else {
 106                                 LOCK_ID_FREE( bdb->bi_dbenv, locker );
 107                         }
 108                         return (rc != LDAP_BUSY) ? LDAP_OTHER : LDAP_BUSY;
 109                 }
 110                 if (e == NULL) {
 111 #ifdef NEW_LOGGING
 112                         LDAP_LOG(( "backend", LDAP_LEVEL_INFO,
 113                                 "bdb_attribute: cannot find entry (%s)\n",
 114                                 entry_ndn->bv_val ));
 115 #else
 116                         Debug( LDAP_DEBUG_ACL,
 117                                 "=> bdb_attribute: cannot find entry: \"%s\"\n",
 118                                         entry_ndn->bv_val, 0, 0 );
 119 #endif
 120                         if ( txn == NULL ) {
 121                                 LOCK_ID_FREE( bdb->bi_dbenv, locker );
 122                         }
 123                         return LDAP_NO_SUCH_OBJECT;
 124                 }
 125
 126 #ifdef NEW_LOGGING
 127                 LDAP_LOG(( "backend", LDAP_LEVEL_DETAIL1,
 128                         "bdb_attribute: found entry (%s)\n",
 129                         entry_ndn->bv_val ));
 130 #else
 131                 Debug( LDAP_DEBUG_ACL,
 132                         "=> bdb_attribute: found entry: \"%s\"\n",
 133                         entry_ndn->bv_val, 0, 0 );
 134 #endif
 135         }
 136
 137 #ifdef BDB_ALIASES
 138         /* find attribute values */
 139         if( is_entry_alias( e ) ) {
 140 #ifdef NEW_LOGGING
 141                 LDAP_LOG(( "backend", LDAP_LEVEL_INFO,
 142                         "bdb_attribute: entry (%s) is an alias\n", e->e_dn ));
 143 #else
 144                 Debug( LDAP_DEBUG_ACL,
 145                         "<= bdb_attribute: entry is an alias\n", 0, 0, 0 );
 146 #endif
 147                 rc = LDAP_ALIAS_PROBLEM;
 148                 goto return_results;
 149         }
 150 #endif
 151
 152         if( is_entry_referral( e ) ) {
 153 #ifdef NEW_LOGGING
 154                 LDAP_LOG(( "backend", LDAP_LEVEL_INFO,
 155                         "bdb_attribute: entry (%s) is a referral.\n", e->e_dn ));
 156 #else
 157                 Debug( LDAP_DEBUG_ACL,
 158                         "<= bdb_attribute: entry is a referral\n", 0, 0, 0 );
 159 #endif
 160                 rc = LDAP_REFERRAL;
 161                 goto return_results;
 162         }
 163
 164         if (conn != NULL && op != NULL
 165                 && access_allowed( be, conn, op, e, slap_schema.si_ad_entry,
 166                         NULL, ACL_READ, &acl_state ) == 0 )
 167         {
 168                 rc = LDAP_INSUFFICIENT_ACCESS;
 169                 goto return_results;
 170         }
 171
 172         if ((attr = attr_find(e->e_attrs, entry_at)) == NULL) {
 173 #ifdef NEW_LOGGING
 174                 LDAP_LOG(( "backend", LDAP_LEVEL_INFO,
 175                         "bdb_attribute: failed to find %s.\n", entry_at_name ));
 176 #else
 177                 Debug( LDAP_DEBUG_ACL,
 178                         "<= bdb_attribute: failed to find %s\n",
 179                         entry_at_name, 0, 0 );
 180 #endif
 181                 rc = LDAP_NO_SUCH_ATTRIBUTE;
 182                 goto return_results;
 183         }
 184
 185         if (conn != NULL && op != NULL
 186                 && access_allowed( be, conn, op, e, entry_at, NULL, ACL_READ,
 187                            &acl_state ) == 0 )
 188         {
 189                 rc = LDAP_INSUFFICIENT_ACCESS;
 190                 goto return_results;
 191         }
 192
 193         for ( i = 0; attr->a_vals[i].bv_val != NULL; i++ ) {
 194                 /* count them */
 195         }
 196
 197         v = (BerVarray) ch_malloc( sizeof(struct berval) * (i+1) );
 198
 199         for ( i=0, j=0; attr->a_vals[i].bv_val != NULL; i++ ) {
 200                 if( conn != NULL
 201                         && op != NULL
 202                         && access_allowed(be, conn, op, e, entry_at,
 203                                 &attr->a_vals[i], ACL_READ, &acl_state ) == 0)
 204                 {
 205                         continue;
 206                 }
 207                 ber_dupbv( &v[j], &attr->a_vals[i] );
 208
 209                 if( v[j].bv_val != NULL ) j++;
 210         }
 211
 212         if( j == 0 ) {
 213                 ch_free( v );
 214                 *vals = NULL;
 215                 rc = LDAP_INSUFFICIENT_ACCESS;
 216         } else {
 217                 v[j].bv_val = NULL;
 218                 v[j].bv_len = 0;
 219                 *vals = v;
 220                 rc = LDAP_SUCCESS;
 221         }
 222
 223 return_results:
 224         if( target != e ) {
 225                 /* free entry */
 226                 bdb_cache_return_entry_r(bdb->bi_dbenv, &bdb->bi_cache, e, &lock);
 227         }
 228
 229         if ( txn == NULL ) {
 230                 LOCK_ID_FREE( bdb->bi_dbenv, locker );
 231         }
 232
 233 #ifdef NEW_LOGGING
 234         LDAP_LOG(( "backend", LDAP_LEVEL_ENTRY,
 235                 "bdb_attribute: rc=%d nvals=%d.\n",
 236                 rc, j ));
 237 #else
 238         Debug( LDAP_DEBUG_TRACE,
 239                 "bdb_attribute: rc=%d nvals=%d\n",
 240                 rc, j, 0 );
 241 #endif
 242         return(rc);
 243 }