git.sur5r.net Git - openldap/blob - servers/slapd/back-ldbm/attribute.c

   1 /* attribute.c - ldbm backend acl attribute routine */
   2 /* $OpenLDAP$ */
   3 /*
   4  * Copyright 1998-2002 The OpenLDAP Foundation, All Rights Reserved.
   5  * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
   6  */
   7
   8 #include "portable.h"
   9
  10 #include <stdio.h>
  11
  12 #include <ac/socket.h>
  13 #include <ac/string.h>
  14
  15 #include "slap.h"
  16 #include "back-ldbm.h"
  17 #include "proto-back-ldbm.h"
  18
  19 /* return LDAP_SUCCESS IFF we can retrieve the attributes
  20  * of entry with e_ndn
  21  */
  22 int
  23 ldbm_back_attribute(
  24         Backend *be,
  25         Connection *conn,
  26         Operation *op,
  27         Entry   *target,
  28         struct berval   *entry_ndn,
  29         AttributeDescription *entry_at,
  30         BerVarray *vals )
  31 {
  32         struct ldbminfo *li = (struct ldbminfo *) be->be_private;
  33         Entry        *e;
  34         int          rc;
  35         Attribute   *attr;
  36         BerVarray v;
  37         const char *entry_at_name = entry_at->ad_cname.bv_val;
  38         struct berval *iv, *jv;
  39         AccessControlState acl_state = ACL_STATE_INIT;
  40         int nvals = 0;
  41
  42 #ifdef NEW_LOGGING
  43         LDAP_LOG( BACK_LDBM, ARGS,
  44                 "ldbm_back_attribute: gr dn: \"%s\"\n", entry_ndn->bv_val, 0, 0 );
  45         LDAP_LOG( BACK_LDBM, ARGS,
  46                 "ldbm_back_attribute: at: \"%s\"\n", entry_at_name, 0, 0);
  47         LDAP_LOG( BACK_LDBM, ARGS, "ldbm_back_attribute: tr dn: \"%s\"\n",
  48                 target ? target->e_ndn : "", 0, 0 );
  49 #else
  50         Debug( LDAP_DEBUG_ARGS,
  51                 "=> ldbm_back_attribute: gr dn: \"%s\"\n",
  52                 entry_ndn->bv_val, 0, 0 );
  53         Debug( LDAP_DEBUG_ARGS,
  54                 "=> ldbm_back_attribute: at: \"%s\"\n",
  55                 entry_at_name, 0, 0 );
  56
  57         Debug( LDAP_DEBUG_ARGS,
  58                 "=> ldbm_back_attribute: tr dn: \"%s\"\n",
  59                 target ? target->e_ndn : "", 0, 0 );
  60 #endif
  61
  62         if (target != NULL && dn_match( &target->e_nname, entry_ndn) ) {
  63                 /* we already have a LOCKED copy of the entry */
  64                 e = target;
  65 #ifdef NEW_LOGGING
  66                 LDAP_LOG( BACK_LDBM, DETAIL1,
  67                         "ldbm_back_attribute: target is LOCKED (%s)\n",
  68                         entry_ndn->bv_val, 0, 0);
  69 #else
  70                 Debug( LDAP_DEBUG_ARGS,
  71                         "=> ldbm_back_attribute: target is entry: \"%s\"\n",
  72                         entry_ndn->bv_val, 0, 0 );
  73 #endif
  74
  75
  76         } else {
  77                 /* can we find entry with reader lock */
  78                 if ((e = dn2entry_r(be, entry_ndn, NULL )) == NULL) {
  79 #ifdef NEW_LOGGING
  80                         LDAP_LOG( BACK_LDBM, INFO,
  81                                 "ldbm_back_attribute: cannot find entry (%s)\n",
  82                                 entry_ndn->bv_val, 0, 0 );
  83 #else
  84                         Debug( LDAP_DEBUG_ACL,
  85                                 "=> ldbm_back_attribute: cannot find entry: \"%s\"\n",
  86                                         entry_ndn->bv_val, 0, 0 );
  87 #endif
  88
  89                         return LDAP_NO_SUCH_OBJECT;
  90                 }
  91
  92 #ifdef NEW_LOGGING
  93                 LDAP_LOG( BACK_LDBM, DETAIL1,
  94                         "ldbm_back_attribute: found entry (%s)\n", entry_ndn->bv_val, 0, 0);
  95 #else
  96                 Debug( LDAP_DEBUG_ACL,
  97                         "=> ldbm_back_attribute: found entry: \"%s\"\n",
  98                         entry_ndn->bv_val, 0, 0 );
  99 #endif
 100
 101     }
 102
 103         /* find attribute values */
 104
 105         if( is_entry_alias( e ) ) {
 106 #ifdef NEW_LOGGING
 107                 LDAP_LOG( BACK_LDBM, INFO,
 108                         "ldbm_back_attribute: entry (%s) is an alias\n", e->e_dn, 0, 0 );
 109 #else
 110                 Debug( LDAP_DEBUG_ACL,
 111                         "<= ldbm_back_attribute: entry is an alias\n", 0, 0, 0 );
 112 #endif
 113
 114                 rc = LDAP_ALIAS_PROBLEM;
 115                 goto return_results;
 116         }
 117
 118         if( is_entry_referral( e ) ) {
 119 #ifdef NEW_LOGGING
 120                 LDAP_LOG( BACK_LDBM, INFO,
 121                         "ldbm_back_attribute: entry (%s) is a referral.\n", e->e_dn, 0, 0 );
 122 #else
 123                 Debug( LDAP_DEBUG_ACL,
 124                         "<= ldbm_back_attribute: entry is an referral\n", 0, 0, 0 );
 125 #endif
 126
 127                 rc = LDAP_REFERRAL;
 128                 goto return_results;
 129         }
 130
 131         if (conn != NULL && op != NULL
 132                 && access_allowed( be, conn, op, e, slap_schema.si_ad_entry,
 133                         NULL, ACL_READ, NULL ) == 0)
 134         {
 135                 rc = LDAP_INSUFFICIENT_ACCESS;
 136                 goto return_results;
 137         }
 138
 139         if ((attr = attr_find(e->e_attrs, entry_at)) == NULL) {
 140 #ifdef NEW_LOGGING
 141                 LDAP_LOG( BACK_LDBM, INFO,
 142                         "ldbm_back_attribute: failed to find %s.\n", entry_at_name, 0, 0 );
 143 #else
 144                 Debug( LDAP_DEBUG_ACL,
 145                         "<= ldbm_back_attribute: failed to find %s\n",
 146                         entry_at_name, 0, 0 );
 147 #endif
 148
 149                 rc = LDAP_NO_SUCH_ATTRIBUTE;
 150                 goto return_results;
 151         }
 152
 153         if (conn != NULL && op != NULL
 154                 && access_allowed( be, conn, op, e, entry_at, NULL,
 155                         ACL_READ, &acl_state ) == 0)
 156         {
 157                 rc = LDAP_INSUFFICIENT_ACCESS;
 158                 goto return_results;
 159         }
 160
 161         for ( iv = attr->a_vals; iv->bv_val != NULL; iv++ ) {
 162                 /* count them */
 163         }
 164
 165         v = (BerVarray) ch_malloc( sizeof(struct berval) * ((iv - attr->a_vals)+1) );
 166
 167         for ( iv=attr->a_vals, jv=v; iv->bv_val; iv++ ) {
 168                 if( conn != NULL
 169                         && op != NULL
 170                         && access_allowed( be, conn, op, e, entry_at,
 171                                 iv, ACL_READ, &acl_state ) == 0)
 172                 {
 173                         continue;
 174                 }
 175                 ber_dupbv( jv, iv );
 176
 177                 if( jv->bv_val != NULL ) jv++;
 178         }
 179
 180         nvals = jv - v;
 181
 182         if( jv == v ) {
 183                 ch_free( v );
 184                 *vals = NULL;
 185                 rc = LDAP_INSUFFICIENT_ACCESS;
 186         } else {
 187                 jv->bv_val = NULL;
 188                 *vals = v;
 189                 rc = LDAP_SUCCESS;
 190         }
 191
 192 return_results:
 193         if( target != e ) {
 194                 /* free entry and reader lock */
 195                 cache_return_entry_r( &li->li_cache, e );
 196         }
 197
 198 #ifdef NEW_LOGGING
 199         LDAP_LOG( BACK_LDBM, ENTRY,
 200                 "ldbm_back_attribute: rc=%d nvals=%d.\n", rc, nvals, 0 );
 201 #else
 202         Debug( LDAP_DEBUG_TRACE,
 203                 "ldbm_back_attribute: rc=%d nvals=%d\n",
 204                 rc, nvals, 0 );
 205 #endif
 206
 207         return(rc);
 208 }
 209