git.sur5r.net Git - openldap/blob - servers/slapd/back-bdb/attribute.c

   1 /* attribute.c - bdb backend acl attribute routine */
   2 /* $OpenLDAP$ */
   3 /*
   4  * Copyright 1998-2002 The OpenLDAP Foundation, All Rights Reserved.
   5  * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
   6  */
   7
   8 #include "portable.h"
   9
  10 #include <stdio.h>
  11
  12 #include <ac/socket.h>
  13 #include <ac/string.h>
  14
  15 #include "slap.h"
  16 #include "back-bdb.h"
  17 #include "proto-bdb.h"
  18
  19 /* return LDAP_SUCCESS IFF we can retrieve the attributes
  20  * of entry with e_ndn
  21  */
  22 int
  23 bdb_attribute(
  24         Backend *be,
  25         Connection *conn,
  26         Operation *op,
  27         Entry *target,
  28         struct berval *entry_ndn,
  29         AttributeDescription *entry_at,
  30         BerVarray *vals )
  31 {
  32         struct bdb_info *bdb = (struct bdb_info *) be->be_private;
  33         struct bdb_op_info *boi = (struct bdb_op_info *) op->o_private;
  34         DB_TXN *txn = NULL;
  35         Entry *e;
  36         int     i, j, rc;
  37         Attribute *attr;
  38         BerVarray v;
  39         const char *entry_at_name = entry_at->ad_cname.bv_val;
  40
  41 #ifdef NEW_LOGGING
  42         LDAP_LOG(( "backend", LDAP_LEVEL_ARGS,
  43                 "bdb_attribute: gr dn: \"%s\"\n", entry_ndn->bv_val ));
  44         LDAP_LOG(( "backend", LDAP_LEVEL_ARGS,
  45                 "bdb_attribute: at: \"%s\"\n", entry_at_name));
  46         LDAP_LOG(( "backend", LDAP_LEVEL_ARGS,
  47                 "bdb_attribute: tr dn: \"%s\"\n",
  48                 target ? target->e_ndn : "" ));
  49 #else
  50         Debug( LDAP_DEBUG_ARGS,
  51                 "=> bdb_attribute: gr dn: \"%s\"\n",
  52                 entry_ndn->bv_val, 0, 0 );
  53         Debug( LDAP_DEBUG_ARGS,
  54                 "=> bdb_attribute: at: \"%s\"\n",
  55                 entry_at_name, 0, 0 );
  56
  57         Debug( LDAP_DEBUG_ARGS,
  58                 "=> bdb_attribute: tr dn: \"%s\"\n",
  59                 target ? target->e_ndn : "", 0, 0 );
  60 #endif
  61
  62         if( boi != NULL && be == boi->boi_bdb ) {
  63                 txn = boi->boi_txn;
  64         }
  65
  66         if (target != NULL && dn_match(&target->e_nname, entry_ndn)) {
  67                 /* we already have a LOCKED copy of the entry */
  68                 e = target;
  69 #ifdef NEW_LOGGING
  70                 LDAP_LOG(( "backend", LDAP_LEVEL_DETAIL1,
  71                         "bdb_attribute: target is LOCKED (%s)\n",
  72                         entry_ndn->bv_val ));
  73 #else
  74                 Debug( LDAP_DEBUG_ARGS,
  75                         "=> bdb_attribute: target is entry: \"%s\"\n",
  76                         entry_ndn->bv_val, 0, 0 );
  77 #endif
  78
  79
  80         } else {
  81                 /* can we find entry */
  82                 rc = bdb_dn2entry_r( be, NULL, entry_ndn, &e, NULL, 0 );
  83                 switch( rc ) {
  84                 case DB_NOTFOUND:
  85                 case 0:
  86                         break;
  87                 default:
  88                         if( txn != NULL ) {
  89                                 boi->boi_err = rc;
  90                         }
  91                         return LDAP_OTHER;
  92                 }
  93                 if (e == NULL) {
  94 #ifdef NEW_LOGGING
  95                         LDAP_LOG(( "backend", LDAP_LEVEL_INFO,
  96                                 "bdb_attribute: cannot find entry (%s)\n",
  97                                 entry_ndn->bv_val ));
  98 #else
  99                         Debug( LDAP_DEBUG_ACL,
 100                                 "=> bdb_attribute: cannot find entry: \"%s\"\n",
 101                                         entry_ndn->bv_val, 0, 0 );
 102 #endif
 103                         return LDAP_NO_SUCH_OBJECT;
 104                 }
 105
 106 #ifdef NEW_LOGGING
 107                 LDAP_LOG(( "backend", LDAP_LEVEL_DETAIL1,
 108                         "bdb_attribute: found entry (%s)\n",
 109                         entry_ndn->bv_val ));
 110 #else
 111                 Debug( LDAP_DEBUG_ACL,
 112                         "=> bdb_attribute: found entry: \"%s\"\n",
 113                         entry_ndn->bv_val, 0, 0 );
 114 #endif
 115         }
 116
 117 #ifdef BDB_ALIASES
 118         /* find attribute values */
 119         if( is_entry_alias( e ) ) {
 120 #ifdef NEW_LOGGING
 121                 LDAP_LOG(( "backend", LDAP_LEVEL_INFO,
 122                         "bdb_attribute: entry (%s) is an alias\n", e->e_dn ));
 123 #else
 124                 Debug( LDAP_DEBUG_ACL,
 125                         "<= bdb_attribute: entry is an alias\n", 0, 0, 0 );
 126 #endif
 127                 rc = LDAP_ALIAS_PROBLEM;
 128                 goto return_results;
 129         }
 130 #endif
 131
 132         if( is_entry_referral( e ) ) {
 133 #ifdef NEW_LOGGING
 134                 LDAP_LOG(( "backend", LDAP_LEVEL_INFO,
 135                         "bdb_attribute: entry (%s) is a referral.\n", e->e_dn ));
 136 #else
 137                 Debug( LDAP_DEBUG_ACL,
 138                         "<= bdb_attribute: entry is a referral\n", 0, 0, 0 );
 139 #endif
 140                 rc = LDAP_REFERRAL;
 141                 goto return_results;
 142         }
 143
 144         if (conn != NULL && op != NULL
 145                 && access_allowed(be, conn, op, e, slap_schema.si_ad_entry,
 146                         NULL, ACL_READ) == 0)
 147         {
 148                 rc = LDAP_INSUFFICIENT_ACCESS;
 149                 goto return_results;
 150         }
 151
 152         if ((attr = attr_find(e->e_attrs, entry_at)) == NULL) {
 153 #ifdef NEW_LOGGING
 154                 LDAP_LOG(( "backend", LDAP_LEVEL_INFO,
 155                         "bdb_attribute: failed to find %s.\n", entry_at_name ));
 156 #else
 157                 Debug( LDAP_DEBUG_ACL,
 158                         "<= bdb_attribute: failed to find %s\n",
 159                         entry_at_name, 0, 0 );
 160 #endif
 161                 rc = LDAP_NO_SUCH_ATTRIBUTE;
 162                 goto return_results;
 163         }
 164
 165         if (conn != NULL && op != NULL
 166                 && access_allowed(be, conn, op, e, entry_at, NULL, ACL_READ) == 0)
 167         {
 168                 rc = LDAP_INSUFFICIENT_ACCESS;
 169                 goto return_results;
 170         }
 171
 172         for ( i = 0; attr->a_vals[i].bv_val != NULL; i++ ) {
 173                 /* count them */
 174         }
 175
 176         v = (BerVarray) ch_malloc( sizeof(struct berval) * (i+1) );
 177
 178         for ( i=0, j=0; attr->a_vals[i].bv_val != NULL; i++ ) {
 179                 if( conn != NULL
 180                         && op != NULL
 181                         && access_allowed(be, conn, op, e, entry_at,
 182                                 &attr->a_vals[i], ACL_READ) == 0)
 183                 {
 184                         continue;
 185                 }
 186                 ber_dupbv( &v[j], &attr->a_vals[i] );
 187
 188                 if( v[j].bv_val != NULL ) j++;
 189         }
 190
 191         if( j == 0 ) {
 192                 ch_free( v );
 193                 *vals = NULL;
 194                 rc = LDAP_INSUFFICIENT_ACCESS;
 195         } else {
 196                 v[j].bv_val = NULL;
 197                 v[j].bv_len = 0;
 198                 *vals = v;
 199                 rc = LDAP_SUCCESS;
 200         }
 201
 202 return_results:
 203         if( target != e ) {
 204                 /* free entry */
 205                 bdb_cache_return_entry_r(&bdb->bi_cache, e);
 206         }
 207
 208 #ifdef NEW_LOGGING
 209         LDAP_LOG(( "backend", LDAP_LEVEL_ENTRY,
 210                 "bdb_attribute: rc=%d nvals=%d.\n",
 211                 rc, j ));
 212 #else
 213         Debug( LDAP_DEBUG_TRACE,
 214                 "bdb_attribute: rc=%d nvals=%d\n",
 215                 rc, j, 0 );
 216 #endif
 217         return(rc);
 218 }