git.sur5r.net Git - openldap/blob - servers/slapd/back-bdb/compare.c

   1 /* compare.c - bdb backend compare routine */
   2 /* $OpenLDAP$ */
   3 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
   4  *
   5  * Copyright 2000-2009 The OpenLDAP Foundation.
   6  * All rights reserved.
   7  *
   8  * Redistribution and use in source and binary forms, with or without
   9  * modification, are permitted only as authorized by the OpenLDAP
  10  * Public License.
  11  *
  12  * A copy of this license is available in the file LICENSE in the
  13  * top-level directory of the distribution or, alternatively, at
  14  * <http://www.OpenLDAP.org/license.html>.
  15  */
  16
  17 #include "portable.h"
  18
  19 #include <stdio.h>
  20 #include <ac/string.h>
  21
  22 #include "back-bdb.h"
  23
  24 int
  25 bdb_compare( Operation *op, SlapReply *rs )
  26 {
  27         struct bdb_info *bdb = (struct bdb_info *) op->o_bd->be_private;
  28         Entry           *e = NULL;
  29         EntryInfo       *ei;
  30         Attribute       *a;
  31         int             manageDSAit = get_manageDSAit( op );
  32
  33         DB_TXN          *rtxn;
  34         DB_LOCK         lock;
  35
  36         rs->sr_err = bdb_reader_get(op, bdb->bi_dbenv, &rtxn);
  37         switch(rs->sr_err) {
  38         case 0:
  39                 break;
  40         default:
  41                 send_ldap_error( op, rs, LDAP_OTHER, "internal error" );
  42                 return rs->sr_err;
  43         }
  44
  45 dn2entry_retry:
  46         /* get entry */
  47         rs->sr_err = bdb_dn2entry( op, rtxn, &op->o_req_ndn, &ei, 1,
  48                 &lock );
  49
  50         switch( rs->sr_err ) {
  51         case DB_NOTFOUND:
  52         case 0:
  53                 break;
  54         case LDAP_BUSY:
  55                 rs->sr_text = "ldap server busy";
  56                 goto return_results;
  57         case DB_LOCK_DEADLOCK:
  58         case DB_LOCK_NOTGRANTED:
  59                 goto dn2entry_retry;
  60         default:
  61                 rs->sr_err = LDAP_OTHER;
  62                 rs->sr_text = "internal error";
  63                 goto return_results;
  64         }
  65
  66         e = ei->bei_e;
  67         if ( rs->sr_err == DB_NOTFOUND ) {
  68                 if ( e != NULL ) {
  69                         /* return referral only if "disclose" is granted on the object */
  70                         if ( ! access_allowed( op, e, slap_schema.si_ad_entry,
  71                                 NULL, ACL_DISCLOSE, NULL ) )
  72                         {
  73                                 rs->sr_err = LDAP_NO_SUCH_OBJECT;
  74
  75                         } else {
  76                                 rs->sr_matched = ch_strdup( e->e_dn );
  77                                 rs->sr_ref = is_entry_referral( e )
  78                                         ? get_entry_referrals( op, e )
  79                                         : NULL;
  80                                 rs->sr_err = LDAP_REFERRAL;
  81                         }
  82
  83                         bdb_cache_return_entry_r( bdb, e, &lock );
  84                         e = NULL;
  85
  86                 } else {
  87                         rs->sr_ref = referral_rewrite( default_referral,
  88                                 NULL, &op->o_req_dn, LDAP_SCOPE_DEFAULT );
  89                         rs->sr_err = rs->sr_ref ? LDAP_REFERRAL : LDAP_NO_SUCH_OBJECT;
  90                 }
  91
  92                 send_ldap_result( op, rs );
  93
  94                 ber_bvarray_free( rs->sr_ref );
  95                 free( (char *)rs->sr_matched );
  96                 rs->sr_ref = NULL;
  97                 rs->sr_matched = NULL;
  98
  99                 goto done;
 100         }
 101
 102         if (!manageDSAit && is_entry_referral( e ) ) {
 103                 /* return referral only if "disclose" is granted on the object */
 104                 if ( !access_allowed( op, e, slap_schema.si_ad_entry,
 105                         NULL, ACL_DISCLOSE, NULL ) )
 106                 {
 107                         rs->sr_err = LDAP_NO_SUCH_OBJECT;
 108                 } else {
 109                         /* entry is a referral, don't allow compare */
 110                         rs->sr_ref = get_entry_referrals( op, e );
 111                         rs->sr_err = LDAP_REFERRAL;
 112                         rs->sr_matched = e->e_name.bv_val;
 113                 }
 114
 115                 Debug( LDAP_DEBUG_TRACE, "entry is referral\n", 0, 0, 0 );
 116
 117                 send_ldap_result( op, rs );
 118
 119                 ber_bvarray_free( rs->sr_ref );
 120                 rs->sr_ref = NULL;
 121                 rs->sr_matched = NULL;
 122                 goto done;
 123         }
 124
 125         if ( get_assert( op ) &&
 126                 ( test_filter( op, e, get_assertion( op )) != LDAP_COMPARE_TRUE ))
 127         {
 128                 if ( !access_allowed( op, e, slap_schema.si_ad_entry,
 129                         NULL, ACL_DISCLOSE, NULL ) )
 130                 {
 131                         rs->sr_err = LDAP_NO_SUCH_OBJECT;
 132                 } else {
 133                         rs->sr_err = LDAP_ASSERTION_FAILED;
 134                 }
 135                 goto return_results;
 136         }
 137
 138         if ( !access_allowed( op, e, op->oq_compare.rs_ava->aa_desc,
 139                 &op->oq_compare.rs_ava->aa_value, ACL_COMPARE, NULL ) )
 140         {
 141                 /* return error only if "disclose"
 142                  * is granted on the object */
 143                 if ( !access_allowed( op, e, slap_schema.si_ad_entry,
 144                                         NULL, ACL_DISCLOSE, NULL ) )
 145                 {
 146                         rs->sr_err = LDAP_NO_SUCH_OBJECT;
 147                 } else {
 148                         rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
 149                 }
 150                 goto return_results;
 151         }
 152
 153         rs->sr_err = LDAP_NO_SUCH_ATTRIBUTE;
 154
 155         for ( a = attrs_find( e->e_attrs, op->oq_compare.rs_ava->aa_desc );
 156                 a != NULL;
 157                 a = attrs_find( a->a_next, op->oq_compare.rs_ava->aa_desc ) )
 158         {
 159                 rs->sr_err = LDAP_COMPARE_FALSE;
 160
 161                 if ( attr_valfind( a,
 162                         SLAP_MR_ATTRIBUTE_VALUE_NORMALIZED_MATCH |
 163                                 SLAP_MR_ASSERTED_VALUE_NORMALIZED_MATCH,
 164                         &op->oq_compare.rs_ava->aa_value, NULL,
 165                         op->o_tmpmemctx ) == 0 )
 166                 {
 167                         rs->sr_err = LDAP_COMPARE_TRUE;
 168                         break;
 169                 }
 170         }
 171
 172 return_results:
 173         send_ldap_result( op, rs );
 174
 175         switch ( rs->sr_err ) {
 176         case LDAP_COMPARE_FALSE:
 177         case LDAP_COMPARE_TRUE:
 178                 rs->sr_err = LDAP_SUCCESS;
 179                 break;
 180         }
 181
 182 done:
 183         /* free entry */
 184         if ( e != NULL ) {
 185                 bdb_cache_return_entry_r( bdb, e, &lock );
 186         }
 187
 188         return rs->sr_err;
 189 }