git.sur5r.net Git - openldap/blob - servers/slapd/back-ldbm/attribute.c

   1 /* attribute.c - ldbm backend acl attribute routine */
   2 /* $OpenLDAP$ */
   3 /*
   4  * Copyright 1998-2000 The OpenLDAP Foundation, All Rights Reserved.
   5  * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
   6  */
   7
   8 #include "portable.h"
   9
  10 #include <stdio.h>
  11
  12 #include <ac/socket.h>
  13 #include <ac/string.h>
  14
  15 #include "slap.h"
  16 #include "back-ldbm.h"
  17 #include "proto-back-ldbm.h"
  18
  19
  20 /* return LDAP_SUCCESS IFF we can retrieve the attributes
  21  * of entry with e_ndn
  22  */
  23 int
  24 ldbm_back_attribute(
  25         Backend *be,
  26         Connection *conn,
  27         Operation *op,
  28         Entry   *target,
  29         const char      *e_ndn,
  30         AttributeDescription *entry_at,
  31         struct berval ***vals
  32 )
  33 {
  34         struct ldbminfo *li = (struct ldbminfo *) be->be_private;
  35         Entry        *e;
  36         int          i, j, rc;
  37         Attribute   *attr;
  38         struct berval **v;
  39         const char *entry_at_name = entry_at->ad_cname->bv_val;
  40
  41         Debug( LDAP_DEBUG_ARGS,
  42                 "=> ldbm_back_attribute: gr dn: \"%s\"\n",
  43                 e_ndn, 0, 0 );
  44         Debug( LDAP_DEBUG_ARGS,
  45                 "=> ldbm_back_attribute: at: \"%s\"\n",
  46                 entry_at_name, 0, 0 );
  47
  48         Debug( LDAP_DEBUG_ARGS,
  49                 "=> ldbm_back_attribute: tr dn: \"%s\"\n",
  50                 target ? target->e_ndn : "", 0, 0 );
  51
  52         if (target != NULL && strcmp(target->e_ndn, e_ndn) == 0) {
  53                 /* we already have a LOCKED copy of the entry */
  54                 e = target;
  55                 Debug( LDAP_DEBUG_ARGS,
  56                         "=> ldbm_back_attribute: target is entry: \"%s\"\n",
  57                         e_ndn, 0, 0 );
  58
  59         } else {
  60                 /* can we find entry with reader lock */
  61                 if ((e = dn2entry_r(be, e_ndn, NULL )) == NULL) {
  62                         Debug( LDAP_DEBUG_ACL,
  63                                 "=> ldbm_back_attribute: cannot find entry: \"%s\"\n",
  64                                         e_ndn, 0, 0 );
  65                         return LDAP_NO_SUCH_OBJECT;
  66                 }
  67
  68                 Debug( LDAP_DEBUG_ACL,
  69                         "=> ldbm_back_attribute: found entry: \"%s\"\n",
  70                         e_ndn, 0, 0 );
  71     }
  72
  73         /* find attribute values */
  74
  75         if( is_entry_alias( e ) ) {
  76                 Debug( LDAP_DEBUG_ACL,
  77                         "<= ldbm_back_attribute: entry is an alias\n", 0, 0, 0 );
  78                 rc = LDAP_ALIAS_PROBLEM;
  79                 goto return_results;
  80         }
  81
  82         if( is_entry_referral( e ) ) {
  83                 Debug( LDAP_DEBUG_ACL,
  84                         "<= ldbm_back_attribute: entry is an referral\n", 0, 0, 0 );
  85                 rc = LDAP_REFERRAL;
  86                 goto return_results;
  87         }
  88
  89         if (conn != NULL && op != NULL
  90                 && access_allowed(be, conn, op, e, slap_schema.si_ad_entry,
  91                         NULL, ACL_READ) == 0)
  92         {
  93                 rc = LDAP_INSUFFICIENT_ACCESS;
  94                 goto return_results;
  95         }
  96
  97         if ((attr = attr_find(e->e_attrs, entry_at)) == NULL) {
  98                 Debug( LDAP_DEBUG_ACL,
  99                         "<= ldbm_back_attribute: failed to find %s\n",
 100                         entry_at_name, 0, 0 );
 101                 rc = LDAP_NO_SUCH_ATTRIBUTE;
 102                 goto return_results;
 103         }
 104
 105         if (conn != NULL && op != NULL
 106                 && access_allowed(be, conn, op, e, entry_at, NULL, ACL_READ) == 0)
 107         {
 108                 rc = LDAP_INSUFFICIENT_ACCESS;
 109                 goto return_results;
 110         }
 111
 112         for ( i = 0; attr->a_vals[i] != NULL; i++ ) {
 113                 /* count them */
 114         }
 115
 116         v = (struct berval **) ch_malloc( sizeof(struct berval *) * (i+1) );
 117
 118         for ( i=0, j=0; attr->a_vals[i] != NULL; i++ ) {
 119                 if( conn != NULL
 120                         && op != NULL
 121                         && access_allowed(be, conn, op, e, entry_at,
 122                                 attr->a_vals[i], ACL_READ) == 0)
 123                 {
 124                         continue;
 125                 }
 126                 v[j] = ber_bvdup( attr->a_vals[i] );
 127
 128                 if( v[j] != NULL ) j++;
 129         }
 130
 131         if( j == 0 ) {
 132                 ch_free( v );
 133                 *vals = NULL;
 134                 rc = LDAP_INSUFFICIENT_ACCESS;
 135         } else {
 136                 v[j] = NULL;
 137                 *vals = v;
 138                 rc = LDAP_SUCCESS;
 139         }
 140
 141 return_results:
 142         if( target != e ) {
 143                 /* free entry and reader lock */
 144                 cache_return_entry_r( &li->li_cache, e );
 145         }
 146
 147         Debug( LDAP_DEBUG_TRACE,
 148                 "ldbm_back_attribute: rc=%d nvals=%d\n",
 149                 rc, j, 0 );
 150         return(rc);
 151 }
 152