git.sur5r.net Git - openldap/blob - servers/slapd/back-bdb/compare.c

   1 /* compare.c - bdb backend compare routine */
   2 /* $OpenLDAP$ */
   3 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
   4  *
   5  * Copyright 2000-2007 The OpenLDAP Foundation.
   6  * All rights reserved.
   7  *
   8  * Redistribution and use in source and binary forms, with or without
   9  * modification, are permitted only as authorized by the OpenLDAP
  10  * Public License.
  11  *
  12  * A copy of this license is available in the file LICENSE in the
  13  * top-level directory of the distribution or, alternatively, at
  14  * <http://www.OpenLDAP.org/license.html>.
  15  */
  16
  17 #include "portable.h"
  18
  19 #include <stdio.h>
  20 #include <ac/string.h>
  21
  22 #include "back-bdb.h"
  23
  24 int
  25 bdb_compare( Operation *op, SlapReply *rs )
  26 {
  27         struct bdb_info *bdb = (struct bdb_info *) op->o_bd->be_private;
  28         Entry           *e = NULL;
  29         EntryInfo       *ei;
  30         Attribute       *a;
  31         int             manageDSAit = get_manageDSAit( op );
  32
  33         u_int32_t       locker;
  34         DB_LOCK         lock;
  35
  36         rs->sr_err = LOCK_ID(bdb->bi_dbenv, &locker);
  37         switch(rs->sr_err) {
  38         case 0:
  39                 break;
  40         default:
  41                 send_ldap_error( op, rs, LDAP_OTHER, "internal error" );
  42                 return rs->sr_err;
  43         }
  44
  45 dn2entry_retry:
  46         /* get entry */
  47         rs->sr_err = bdb_dn2entry( op, NULL, &op->o_req_ndn, &ei, 1,
  48                 locker, &lock );
  49
  50         switch( rs->sr_err ) {
  51         case DB_NOTFOUND:
  52         case 0:
  53                 break;
  54         case LDAP_BUSY:
  55                 rs->sr_text = "ldap server busy";
  56                 goto return_results;
  57         case DB_LOCK_DEADLOCK:
  58         case DB_LOCK_NOTGRANTED:
  59                 goto dn2entry_retry;
  60         default:
  61                 rs->sr_err = LDAP_OTHER;
  62                 rs->sr_text = "internal error";
  63                 goto return_results;
  64         }
  65
  66         e = ei->bei_e;
  67         if ( rs->sr_err == DB_NOTFOUND ) {
  68                 if ( e != NULL ) {
  69 #ifdef SLAP_ACL_HONOR_DISCLOSE
  70                         /* return referral only if "disclose" is granted on the object */
  71                         if ( ! access_allowed( op, e, slap_schema.si_ad_entry,
  72                                 NULL, ACL_DISCLOSE, NULL ) )
  73                         {
  74                                 rs->sr_err = LDAP_NO_SUCH_OBJECT;
  75
  76                         } else
  77 #endif /* SLAP_ACL_HONOR_DISCLOSE */
  78                         {
  79                                 rs->sr_matched = ch_strdup( e->e_dn );
  80                                 rs->sr_ref = is_entry_referral( e )
  81                                         ? get_entry_referrals( op, e )
  82                                         : NULL;
  83                                 rs->sr_err = LDAP_REFERRAL;
  84                         }
  85
  86                         bdb_cache_return_entry_r( bdb->bi_dbenv, &bdb->bi_cache, e, &lock );
  87                         e = NULL;
  88
  89                 } else {
  90                         rs->sr_ref = referral_rewrite( default_referral,
  91                                 NULL, &op->o_req_dn, LDAP_SCOPE_DEFAULT );
  92                         rs->sr_err = rs->sr_ref ? LDAP_REFERRAL : LDAP_NO_SUCH_OBJECT;
  93                 }
  94
  95                 send_ldap_result( op, rs );
  96
  97                 ber_bvarray_free( rs->sr_ref );
  98                 free( (char *)rs->sr_matched );
  99                 rs->sr_ref = NULL;
 100                 rs->sr_matched = NULL;
 101
 102                 goto done;
 103         }
 104
 105         if (!manageDSAit && is_entry_referral( e ) ) {
 106 #ifdef SLAP_ACL_HONOR_DISCLOSE
 107                 /* return referral only if "disclose" is granted on the object */
 108                 if ( !access_allowed( op, e, slap_schema.si_ad_entry,
 109                         NULL, ACL_DISCLOSE, NULL ) )
 110                 {
 111                         rs->sr_err = LDAP_NO_SUCH_OBJECT;
 112                 } else
 113 #endif /* SLAP_ACL_HONOR_DISCLOSE */
 114                 {
 115                         /* entry is a referral, don't allow compare */
 116                         rs->sr_ref = get_entry_referrals( op, e );
 117                         rs->sr_err = LDAP_REFERRAL;
 118                         rs->sr_matched = e->e_name.bv_val;
 119                 }
 120
 121                 Debug( LDAP_DEBUG_TRACE, "entry is referral\n", 0, 0, 0 );
 122
 123                 send_ldap_result( op, rs );
 124
 125                 ber_bvarray_free( rs->sr_ref );
 126                 rs->sr_ref = NULL;
 127                 rs->sr_matched = NULL;
 128                 goto done;
 129         }
 130
 131         if ( get_assert( op ) &&
 132                 ( test_filter( op, e, get_assertion( op )) != LDAP_COMPARE_TRUE ))
 133         {
 134 #ifdef SLAP_ACL_HONOR_DISCLOSE
 135                 if ( !access_allowed( op, e, slap_schema.si_ad_entry,
 136                         NULL, ACL_DISCLOSE, NULL ) )
 137                 {
 138                         rs->sr_err = LDAP_NO_SUCH_OBJECT;
 139                 } else
 140 #endif /* SLAP_ACL_HONOR_DISCLOSE */
 141                 {
 142                         rs->sr_err = LDAP_ASSERTION_FAILED;
 143                 }
 144                 goto return_results;
 145         }
 146
 147         if ( !access_allowed( op, e, op->oq_compare.rs_ava->aa_desc,
 148                 &op->oq_compare.rs_ava->aa_value, ACL_COMPARE, NULL ) )
 149         {
 150 #ifdef SLAP_ACL_HONOR_DISCLOSE
 151                 /* return error only if "disclose"
 152                  * is granted on the object */
 153                 if ( !access_allowed( op, e, slap_schema.si_ad_entry,
 154                                         NULL, ACL_DISCLOSE, NULL ) )
 155                 {
 156                         rs->sr_err = LDAP_NO_SUCH_OBJECT;
 157                 } else
 158 #endif /* SLAP_ACL_HONOR_DISCLOSE */
 159                 {
 160                         rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
 161                 }
 162                 goto return_results;
 163         }
 164
 165         rs->sr_err = LDAP_NO_SUCH_ATTRIBUTE;
 166
 167         for ( a = attrs_find( e->e_attrs, op->oq_compare.rs_ava->aa_desc );
 168                 a != NULL;
 169                 a = attrs_find( a->a_next, op->oq_compare.rs_ava->aa_desc ) )
 170         {
 171                 rs->sr_err = LDAP_COMPARE_FALSE;
 172
 173                 if ( value_find_ex( op->oq_compare.rs_ava->aa_desc,
 174                         SLAP_MR_ATTRIBUTE_VALUE_NORMALIZED_MATCH |
 175                                 SLAP_MR_ASSERTED_VALUE_NORMALIZED_MATCH,
 176                         a->a_nvals, &op->oq_compare.rs_ava->aa_value,
 177                         op->o_tmpmemctx ) == 0 )
 178                 {
 179                         rs->sr_err = LDAP_COMPARE_TRUE;
 180                         break;
 181                 }
 182         }
 183
 184 return_results:
 185         send_ldap_result( op, rs );
 186
 187         switch ( rs->sr_err ) {
 188         case LDAP_COMPARE_FALSE:
 189         case LDAP_COMPARE_TRUE:
 190                 rs->sr_err = LDAP_SUCCESS;
 191                 break;
 192         }
 193
 194 done:
 195         /* free entry */
 196         if ( e != NULL ) {
 197                 bdb_cache_return_entry_r( bdb->bi_dbenv, &bdb->bi_cache,
 198                                 e, &lock );
 199         }
 200
 201         LOCK_ID_FREE ( bdb->bi_dbenv, locker );
 202         return rs->sr_err;
 203 }