git.sur5r.net Git - openldap/blob - servers/slapd/back-bdb/compare.c

   1 /* compare.c - bdb backend compare routine */
   2 /* $OpenLDAP$ */
   3 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
   4  *
   5  * Copyright 2000-2005 The OpenLDAP Foundation.
   6  * All rights reserved.
   7  *
   8  * Redistribution and use in source and binary forms, with or without
   9  * modification, are permitted only as authorized by the OpenLDAP
  10  * Public License.
  11  *
  12  * A copy of this license is available in the file LICENSE in the
  13  * top-level directory of the distribution or, alternatively, at
  14  * <http://www.OpenLDAP.org/license.html>.
  15  */
  16
  17 #include "portable.h"
  18
  19 #include <stdio.h>
  20 #include <ac/string.h>
  21
  22 #include "back-bdb.h"
  23
  24 int
  25 bdb_compare( Operation *op, SlapReply *rs )
  26 {
  27         struct bdb_info *bdb = (struct bdb_info *) op->o_bd->be_private;
  28         Entry           *e = NULL;
  29         EntryInfo       *ei;
  30         Attribute       *a;
  31         int             manageDSAit = get_manageDSAit( op );
  32
  33         u_int32_t       locker;
  34         DB_LOCK         lock;
  35
  36         rs->sr_err = LOCK_ID(bdb->bi_dbenv, &locker);
  37         switch(rs->sr_err) {
  38         case 0:
  39                 break;
  40         default:
  41                 send_ldap_error( op, rs, LDAP_OTHER, "internal error" );
  42                 return rs->sr_err;
  43         }
  44
  45 dn2entry_retry:
  46         /* get entry */
  47         rs->sr_err = bdb_dn2entry( op, NULL, &op->o_req_ndn, &ei, 1, locker, &lock );
  48
  49         switch( rs->sr_err ) {
  50         case DB_NOTFOUND:
  51         case 0:
  52                 break;
  53         case LDAP_BUSY:
  54                 rs->sr_text = "ldap server busy";
  55                 goto return_results;
  56         case DB_LOCK_DEADLOCK:
  57         case DB_LOCK_NOTGRANTED:
  58                 goto dn2entry_retry;
  59         default:
  60                 rs->sr_err = LDAP_OTHER;
  61                 rs->sr_text = "internal error";
  62                 goto return_results;
  63         }
  64
  65         e = ei->bei_e;
  66         if ( rs->sr_err == DB_NOTFOUND ) {
  67                 if ( e != NULL ) {
  68 #ifdef SLAP_ACL_HONOR_DISCLOSE
  69                         /* return referral only if "disclose"
  70                          * is granted on the object */
  71                         if ( ! access_allowed( op, e, slap_schema.si_ad_entry,
  72                                                 NULL, ACL_DISCLOSE, NULL ) )
  73                         {
  74                                 rs->sr_err = LDAP_NO_SUCH_OBJECT;
  75
  76                         } else
  77 #endif /* SLAP_ACL_HONOR_DISCLOSE */
  78                         {
  79                                 rs->sr_matched = ch_strdup( e->e_dn );
  80                                 rs->sr_ref = is_entry_referral( e )
  81                                         ? get_entry_referrals( op, e )
  82                                         : NULL;
  83                                 rs->sr_err = LDAP_REFERRAL;
  84                         }
  85
  86                         bdb_cache_return_entry_r( bdb->bi_dbenv, &bdb->bi_cache, e, &lock );
  87                         e = NULL;
  88
  89                 } else {
  90                         rs->sr_ref = referral_rewrite( default_referral,
  91                                 NULL, &op->o_req_dn, LDAP_SCOPE_DEFAULT );
  92                         rs->sr_err = rs->sr_ref ? LDAP_REFERRAL : LDAP_NO_SUCH_OBJECT;
  93                 }
  94
  95                 send_ldap_result( op, rs );
  96
  97                 ber_bvarray_free( rs->sr_ref );
  98                 free( (char *)rs->sr_matched );
  99                 rs->sr_ref = NULL;
 100                 rs->sr_matched = NULL;
 101
 102                 goto done;
 103         }
 104
 105         if (!manageDSAit && is_entry_referral( e ) ) {
 106 #ifdef SLAP_ACL_HONOR_DISCLOSE
 107                 /* return referral only if "disclose"
 108                  * is granted on the object */
 109                 if ( !access_allowed( op, e, slap_schema.si_ad_entry,
 110                                         NULL, ACL_DISCLOSE, NULL ) )
 111                 {
 112                         rs->sr_err = LDAP_NO_SUCH_OBJECT;
 113                 } else
 114 #endif /* SLAP_ACL_HONOR_DISCLOSE */
 115                 {
 116                         /* entry is a referral, don't allow compare */
 117                         rs->sr_ref = get_entry_referrals( op, e );
 118                         rs->sr_err = LDAP_REFERRAL;
 119                         rs->sr_matched = e->e_name.bv_val;
 120                 }
 121
 122                 Debug( LDAP_DEBUG_TRACE, "entry is referral\n", 0,
 123                         0, 0 );
 124
 125                 send_ldap_result( op, rs );
 126
 127                 ber_bvarray_free( rs->sr_ref );
 128                 rs->sr_ref = NULL;
 129                 rs->sr_matched = NULL;
 130                 goto done;
 131         }
 132
 133         if ( get_assert( op ) &&
 134                 ( test_filter( op, e, get_assertion( op )) != LDAP_COMPARE_TRUE ))
 135         {
 136                 rs->sr_err = LDAP_ASSERTION_FAILED;
 137                 goto return_results;
 138         }
 139
 140         if ( !access_allowed( op, e, op->oq_compare.rs_ava->aa_desc,
 141                 &op->oq_compare.rs_ava->aa_value, ACL_COMPARE, NULL ) )
 142         {
 143 #ifdef SLAP_ACL_HONOR_DISCLOSE
 144                 /* return error only if "disclose"
 145                  * is granted on the object */
 146                 if ( !access_allowed( op, e, slap_schema.si_ad_entry,
 147                                         NULL, ACL_DISCLOSE, NULL ) )
 148                 {
 149                         rs->sr_err = LDAP_NO_SUCH_OBJECT;
 150                 } else
 151 #endif /* SLAP_ACL_HONOR_DISCLOSE */
 152                 {
 153                         rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
 154                 }
 155                 goto return_results;
 156         }
 157
 158         rs->sr_err = LDAP_NO_SUCH_ATTRIBUTE;
 159
 160         for ( a = attrs_find( e->e_attrs, op->oq_compare.rs_ava->aa_desc );
 161                 a != NULL;
 162                 a = attrs_find( a->a_next, op->oq_compare.rs_ava->aa_desc ) )
 163         {
 164                 rs->sr_err = LDAP_COMPARE_FALSE;
 165
 166                 if ( value_find_ex( op->oq_compare.rs_ava->aa_desc,
 167                         SLAP_MR_ATTRIBUTE_VALUE_NORMALIZED_MATCH |
 168                                 SLAP_MR_ASSERTED_VALUE_NORMALIZED_MATCH,
 169                         a->a_nvals, &op->oq_compare.rs_ava->aa_value, op->o_tmpmemctx ) == 0 )
 170                 {
 171                         rs->sr_err = LDAP_COMPARE_TRUE;
 172                         break;
 173                 }
 174         }
 175
 176 return_results:
 177         send_ldap_result( op, rs );
 178
 179         switch ( rs->sr_err ) {
 180         case LDAP_COMPARE_FALSE:
 181         case LDAP_COMPARE_TRUE:
 182                 rs->sr_err = LDAP_SUCCESS;
 183                 break;
 184         }
 185
 186 done:
 187         /* free entry */
 188         if ( e != NULL ) {
 189                 bdb_cache_return_entry_r( bdb->bi_dbenv, &bdb->bi_cache,
 190                                 e, &lock );
 191         }
 192
 193         LOCK_ID_FREE ( bdb->bi_dbenv, locker );
 194
 195         return rs->sr_err;
 196 }