1 /* attribute.c - ldbm backend acl attribute routine */
4 * Copyright 1998-2000 The OpenLDAP Foundation, All Rights Reserved.
5 * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
12 #include <ac/socket.h>
13 #include <ac/string.h>
16 #include "back-ldbm.h"
17 #include "proto-back-ldbm.h"
20 /* return LDAP_SUCCESS IFF we can retrieve the attributes
30 AttributeDescription *entry_at,
31 struct berval ***vals )
33 struct ldbminfo *li = (struct ldbminfo *) be->be_private;
38 const char *entry_at_name = entry_at->ad_cname->bv_val;
40 Debug( LDAP_DEBUG_ARGS,
41 "=> ldbm_back_attribute: gr dn: \"%s\"\n",
43 Debug( LDAP_DEBUG_ARGS,
44 "=> ldbm_back_attribute: at: \"%s\"\n",
45 entry_at_name, 0, 0 );
47 Debug( LDAP_DEBUG_ARGS,
48 "=> ldbm_back_attribute: tr dn: \"%s\"\n",
49 target ? target->e_ndn : "", 0, 0 );
51 if (target != NULL && strcmp(target->e_ndn, e_ndn) == 0) {
52 /* we already have a LOCKED copy of the entry */
54 Debug( LDAP_DEBUG_ARGS,
55 "=> ldbm_back_attribute: target is entry: \"%s\"\n",
59 /* can we find entry with reader lock */
60 if ((e = dn2entry_r(be, e_ndn, NULL )) == NULL) {
61 Debug( LDAP_DEBUG_ACL,
62 "=> ldbm_back_attribute: cannot find entry: \"%s\"\n",
64 return LDAP_NO_SUCH_OBJECT;
67 Debug( LDAP_DEBUG_ACL,
68 "=> ldbm_back_attribute: found entry: \"%s\"\n",
72 /* find attribute values */
74 if( is_entry_alias( e ) ) {
75 Debug( LDAP_DEBUG_ACL,
76 "<= ldbm_back_attribute: entry is an alias\n", 0, 0, 0 );
77 rc = LDAP_ALIAS_PROBLEM;
81 if( is_entry_referral( e ) ) {
82 Debug( LDAP_DEBUG_ACL,
83 "<= ldbm_back_attribute: entry is an referral\n", 0, 0, 0 );
88 if (conn != NULL && op != NULL
89 && access_allowed(be, conn, op, e, slap_schema.si_ad_entry,
92 rc = LDAP_INSUFFICIENT_ACCESS;
96 if ((attr = attr_find(e->e_attrs, entry_at)) == NULL) {
97 Debug( LDAP_DEBUG_ACL,
98 "<= ldbm_back_attribute: failed to find %s\n",
99 entry_at_name, 0, 0 );
100 rc = LDAP_NO_SUCH_ATTRIBUTE;
104 if (conn != NULL && op != NULL
105 && access_allowed(be, conn, op, e, entry_at, NULL, ACL_READ) == 0)
107 rc = LDAP_INSUFFICIENT_ACCESS;
111 for ( i = 0; attr->a_vals[i] != NULL; i++ ) {
115 v = (struct berval **) ch_malloc( sizeof(struct berval *) * (i+1) );
117 for ( i=0, j=0; attr->a_vals[i] != NULL; i++ ) {
120 && access_allowed(be, conn, op, e, entry_at,
121 attr->a_vals[i], ACL_READ) == 0)
125 v[j] = ber_bvdup( attr->a_vals[i] );
127 if( v[j] != NULL ) j++;
133 rc = LDAP_INSUFFICIENT_ACCESS;
142 /* free entry and reader lock */
143 cache_return_entry_r( &li->li_cache, e );
146 Debug( LDAP_DEBUG_TRACE,
147 "ldbm_back_attribute: rc=%d nvals=%d\n",