git.sur5r.net Git - openldap/blob - servers/slapd/back-ldbm/attribute.c

   1 /* attribute.c - ldbm backend acl attribute routine */
   2 /* $OpenLDAP$ */
   3 /*
   4  * Copyright 1998-2002 The OpenLDAP Foundation, All Rights Reserved.
   5  * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
   6  */
   7
   8 #include "portable.h"
   9
  10 #include <stdio.h>
  11
  12 #include <ac/socket.h>
  13 #include <ac/string.h>
  14
  15 #include "slap.h"
  16 #include "back-ldbm.h"
  17 #include "proto-back-ldbm.h"
  18
  19
  20 /* return LDAP_SUCCESS IFF we can retrieve the attributes
  21  * of entry with e_ndn
  22  */
  23 int
  24 ldbm_back_attribute(
  25         Backend *be,
  26         Connection *conn,
  27         Operation *op,
  28         Entry   *target,
  29         struct berval   *entry_ndn,
  30         AttributeDescription *entry_at,
  31         BerVarray *vals )
  32 {
  33         struct ldbminfo *li = (struct ldbminfo *) be->be_private;
  34         Entry        *e;
  35         int          rc;
  36         Attribute   *attr;
  37         BerVarray v;
  38         const char *entry_at_name = entry_at->ad_cname.bv_val;
  39         struct berval *iv, *jv;
  40         AccessControlState acl_state = ACL_STATE_INIT;
  41         int nvals = 0;
  42
  43 #ifdef NEW_LOGGING
  44         LDAP_LOG(( "backend", LDAP_LEVEL_ARGS,
  45                 "ldbm_back_attribute: gr dn: \"%s\"\n", entry_ndn->bv_val ));
  46         LDAP_LOG(( "backend", LDAP_LEVEL_ARGS,
  47                 "ldbm_back_attribute: at: \"%s\"\n", entry_at_name));
  48         LDAP_LOG(( "backend", LDAP_LEVEL_ARGS,
  49                 "ldbm_back_attribute: tr dn: \"%s\"\n",
  50                 target ? target->e_ndn : "" ));
  51 #else
  52         Debug( LDAP_DEBUG_ARGS,
  53                 "=> ldbm_back_attribute: gr dn: \"%s\"\n",
  54                 entry_ndn->bv_val, 0, 0 );
  55         Debug( LDAP_DEBUG_ARGS,
  56                 "=> ldbm_back_attribute: at: \"%s\"\n",
  57                 entry_at_name, 0, 0 );
  58
  59         Debug( LDAP_DEBUG_ARGS,
  60                 "=> ldbm_back_attribute: tr dn: \"%s\"\n",
  61                 target ? target->e_ndn : "", 0, 0 );
  62 #endif
  63
  64         if (target != NULL && dn_match( &target->e_nname, entry_ndn) ) {
  65                 /* we already have a LOCKED copy of the entry */
  66                 e = target;
  67 #ifdef NEW_LOGGING
  68                 LDAP_LOG(( "backend", LDAP_LEVEL_DETAIL1,
  69                         "ldbm_back_attribute: target is LOCKED (%s)\n",
  70                         entry_ndn->bv_val ));
  71 #else
  72                 Debug( LDAP_DEBUG_ARGS,
  73                         "=> ldbm_back_attribute: target is entry: \"%s\"\n",
  74                         entry_ndn->bv_val, 0, 0 );
  75 #endif
  76
  77
  78         } else {
  79                 /* can we find entry with reader lock */
  80                 if ((e = dn2entry_r(be, entry_ndn, NULL )) == NULL) {
  81 #ifdef NEW_LOGGING
  82                         LDAP_LOG(( "backend", LDAP_LEVEL_INFO,
  83                                 "ldbm_back_attribute: cannot find entry (%s)\n",
  84                                 entry_ndn->bv_val ));
  85 #else
  86                         Debug( LDAP_DEBUG_ACL,
  87                                 "=> ldbm_back_attribute: cannot find entry: \"%s\"\n",
  88                                         entry_ndn->bv_val, 0, 0 );
  89 #endif
  90
  91                         return LDAP_NO_SUCH_OBJECT;
  92                 }
  93
  94 #ifdef NEW_LOGGING
  95                 LDAP_LOG(( "backend", LDAP_LEVEL_DETAIL1,
  96                         "ldbm_back_attribute: found entry (%s)\n",
  97                         entry_ndn->bv_val ));
  98 #else
  99                 Debug( LDAP_DEBUG_ACL,
 100                         "=> ldbm_back_attribute: found entry: \"%s\"\n",
 101                         entry_ndn->bv_val, 0, 0 );
 102 #endif
 103
 104     }
 105
 106         /* find attribute values */
 107
 108         if( is_entry_alias( e ) ) {
 109 #ifdef NEW_LOGGING
 110                 LDAP_LOG(( "backend", LDAP_LEVEL_INFO,
 111                         "ldbm_back_attribute: entry (%s) is an alias\n", e->e_dn ));
 112 #else
 113                 Debug( LDAP_DEBUG_ACL,
 114                         "<= ldbm_back_attribute: entry is an alias\n", 0, 0, 0 );
 115 #endif
 116
 117                 rc = LDAP_ALIAS_PROBLEM;
 118                 goto return_results;
 119         }
 120
 121         if( is_entry_referral( e ) ) {
 122 #ifdef NEW_LOGGING
 123                 LDAP_LOG(( "backend", LDAP_LEVEL_INFO,
 124                         "ldbm_back_attribute: entry (%s) is a referral.\n", e->e_dn ));
 125 #else
 126                 Debug( LDAP_DEBUG_ACL,
 127                         "<= ldbm_back_attribute: entry is an referral\n", 0, 0, 0 );
 128 #endif
 129
 130                 rc = LDAP_REFERRAL;
 131                 goto return_results;
 132         }
 133
 134         if (conn != NULL && op != NULL
 135                 && access_allowed( be, conn, op, e, slap_schema.si_ad_entry,
 136                         NULL, ACL_READ, NULL ) == 0)
 137         {
 138                 rc = LDAP_INSUFFICIENT_ACCESS;
 139                 goto return_results;
 140         }
 141
 142         if ((attr = attr_find(e->e_attrs, entry_at)) == NULL) {
 143 #ifdef NEW_LOGGING
 144                 LDAP_LOG(( "backend", LDAP_LEVEL_INFO,
 145                         "ldbm_back_attribute: failed to find %s.\n", entry_at_name ));
 146 #else
 147                 Debug( LDAP_DEBUG_ACL,
 148                         "<= ldbm_back_attribute: failed to find %s\n",
 149                         entry_at_name, 0, 0 );
 150 #endif
 151
 152                 rc = LDAP_NO_SUCH_ATTRIBUTE;
 153                 goto return_results;
 154         }
 155
 156         if (conn != NULL && op != NULL
 157                 && access_allowed( be, conn, op, e, entry_at, NULL,
 158                         ACL_READ, &acl_state ) == 0)
 159         {
 160                 rc = LDAP_INSUFFICIENT_ACCESS;
 161                 goto return_results;
 162         }
 163
 164         for ( iv = attr->a_vals; iv->bv_val != NULL; iv++ ) {
 165                 /* count them */
 166         }
 167
 168         v = (BerVarray) ch_malloc( sizeof(struct berval) * ((iv - attr->a_vals)+1) );
 169
 170         for ( iv=attr->a_vals, jv=v; iv->bv_val; iv++ ) {
 171                 if( conn != NULL
 172                         && op != NULL
 173                         && access_allowed( be, conn, op, e, entry_at,
 174                                 iv, ACL_READ, &acl_state ) == 0)
 175                 {
 176                         continue;
 177                 }
 178                 ber_dupbv( jv, iv );
 179
 180                 if( jv->bv_val != NULL ) jv++;
 181         }
 182
 183         nvals = jv - v;
 184
 185         if( jv == v ) {
 186                 ch_free( v );
 187                 *vals = NULL;
 188                 rc = LDAP_INSUFFICIENT_ACCESS;
 189         } else {
 190                 jv->bv_val = NULL;
 191                 *vals = v;
 192                 rc = LDAP_SUCCESS;
 193         }
 194
 195 return_results:
 196         if( target != e ) {
 197                 /* free entry and reader lock */
 198                 cache_return_entry_r( &li->li_cache, e );
 199         }
 200
 201 #ifdef NEW_LOGGING
 202         LDAP_LOG(( "backend", LDAP_LEVEL_ENTRY,
 203                    "ldbm_back_attribute: rc=%d nvals=%d.\n",
 204                    rc, nvals ));
 205 #else
 206         Debug( LDAP_DEBUG_TRACE,
 207                 "ldbm_back_attribute: rc=%d nvals=%d\n",
 208                 rc, nvals, 0 );
 209 #endif
 210
 211         return(rc);
 212 }
 213