3 * Copyright 1998-2003 The OpenLDAP Foundation, All Rights Reserved.
4 * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
7 * Copyright (c) 1995 Regents of the University of Michigan.
10 * Redistribution and use in source and binary forms are permitted
11 * provided that this notice is preserved and that due credit is given
12 * to the University of Michigan at Ann Arbor. The name of the University
13 * may not be used to endorse or promote products derived from this
14 * software without specific prior written permission. This software
15 * is provided ``as is'' without express or implied warranty.
21 #include <ac/socket.h>
29 static int compare_entry(
32 AttributeAssertion *ava );
42 struct berval dn = { 0, NULL };
43 struct berval desc = { 0, NULL };
44 struct berval value = { 0, NULL };
45 AttributeAssertion ava = { NULL, { 0, NULL } };
50 Slapi_PBlock *pb = op->o_pb;
56 LDAP_LOG( OPERATION, ENTRY, "do_compare: conn %d\n", op->o_connid, 0, 0 );
58 Debug( LDAP_DEBUG_TRACE, "do_compare\n", 0, 0, 0 );
61 * Parse the compare request. It looks like this:
63 * CompareRequest := [APPLICATION 14] SEQUENCE {
64 * entry DistinguishedName,
67 * value AttributeValue
72 if ( ber_scanf( op->o_ber, "{m" /*}*/, &dn ) == LBER_ERROR ) {
74 LDAP_LOG( OPERATION, ERR,
75 "do_compare: conn %d ber_scanf failed\n", op->o_connid, 0, 0 );
77 Debug( LDAP_DEBUG_ANY, "ber_scanf failed\n", 0, 0, 0 );
79 send_ldap_discon( op, rs, LDAP_PROTOCOL_ERROR, "decoding error" );
80 return SLAPD_DISCONNECT;
83 if ( ber_scanf( op->o_ber, "{mm}", &desc, &value ) == LBER_ERROR ) {
85 LDAP_LOG( OPERATION, ERR,
86 "do_compare: conn %d get ava failed\n", op->o_connid, 0, 0 );
88 Debug( LDAP_DEBUG_ANY, "do_compare: get ava failed\n", 0, 0, 0 );
90 send_ldap_discon( op, rs, LDAP_PROTOCOL_ERROR, "decoding error" );
91 return SLAPD_DISCONNECT;
94 if ( ber_scanf( op->o_ber, /*{*/ "}" ) == LBER_ERROR ) {
96 LDAP_LOG( OPERATION, ERR,
97 "do_compare: conn %d ber_scanf failed\n", op->o_connid, 0, 0 );
99 Debug( LDAP_DEBUG_ANY, "ber_scanf failed\n", 0, 0, 0 );
101 send_ldap_discon( op, rs, LDAP_PROTOCOL_ERROR, "decoding error" );
102 return SLAPD_DISCONNECT;
105 if( get_ctrls( op, rs, 1 ) != LDAP_SUCCESS ) {
107 LDAP_LOG( OPERATION, INFO,
108 "do_compare: conn %d get_ctrls failed\n", op->o_connid, 0, 0 );
110 Debug( LDAP_DEBUG_ANY, "do_compare: get_ctrls failed\n", 0, 0, 0 );
115 rs->sr_err = dnPrettyNormal( NULL, &dn, &op->o_req_dn, &op->o_req_ndn );
116 if( rs->sr_err != LDAP_SUCCESS ) {
118 LDAP_LOG( OPERATION, INFO,
119 "do_compare: conn %d invalid dn (%s)\n",
120 op->o_connid, dn.bv_val, 0 );
122 Debug( LDAP_DEBUG_ANY,
123 "do_compare: invalid dn (%s)\n", dn.bv_val, 0, 0 );
125 send_ldap_error( op, rs, LDAP_INVALID_DN_SYNTAX, "invalid DN" );
129 rs->sr_err = slap_bv2ad( &desc, &ava.aa_desc, &rs->sr_text );
130 if( rs->sr_err != LDAP_SUCCESS ) {
131 send_ldap_result( op, rs );
136 rs->sr_err = asserted_value_validate_normalize( ava.aa_desc,
137 ava.aa_desc->ad_type->sat_equality,
138 SLAP_MR_EQUALITY|SLAP_MR_VALUE_OF_ASSERTION_SYNTAX,
139 &value, &ava.aa_value, &rs->sr_text );
141 rs->sr_err = value_validate_normalize( ava.aa_desc, SLAP_MR_EQUALITY,
142 &value, &ava.aa_value, &rs->sr_text );
144 if( rs->sr_err != LDAP_SUCCESS ) {
145 send_ldap_result( op, rs );
149 if( strcasecmp( op->o_req_ndn.bv_val, LDAP_ROOT_DSE ) == 0 ) {
151 LDAP_LOG( OPERATION, ARGS,
152 "do_compare: dn (%s) attr(%s) value (%s)\n",
153 op->o_req_dn.bv_val, ava.aa_desc->ad_cname.bv_val, ava.aa_value.bv_val );
155 Debug( LDAP_DEBUG_ARGS, "do_compare: dn (%s) attr (%s) value (%s)\n",
156 op->o_req_dn.bv_val, ava.aa_desc->ad_cname.bv_val, ava.aa_value.bv_val );
159 Statslog( LDAP_DEBUG_STATS,
160 "conn=%lu op=%lu CMP dn=\"%s\" attr=\"%s\"\n",
161 op->o_connid, op->o_opid, op->o_req_dn.bv_val,
162 ava.aa_desc->ad_cname.bv_val, 0 );
164 if( backend_check_restrictions( op, rs, NULL ) != LDAP_SUCCESS ) {
165 send_ldap_result( op, rs );
169 rs->sr_err = root_dse_info( op->o_conn, &entry, &rs->sr_text );
170 if( rs->sr_err != LDAP_SUCCESS ) {
171 send_ldap_result( op, rs );
177 } else if ( bvmatch( &op->o_req_ndn, &global_schemandn ) ) {
179 LDAP_LOG( OPERATION, ARGS,
180 "do_compare: dn (%s) attr(%s) value (%s)\n",
181 op->o_req_dn.bv_val, ava.aa_desc->ad_cname.bv_val,
182 ava.aa_value.bv_val );
184 Debug( LDAP_DEBUG_ARGS, "do_compare: dn (%s) attr (%s) value (%s)\n",
185 op->o_req_dn.bv_val, ava.aa_desc->ad_cname.bv_val, ava.aa_value.bv_val );
188 Statslog( LDAP_DEBUG_STATS,
189 "conn=%lu op=%lu CMP dn=\"%s\" attr=\"%s\"\n",
190 op->o_connid, op->o_opid, op->o_req_dn.bv_val,
191 ava.aa_desc->ad_cname.bv_val, 0 );
193 if( backend_check_restrictions( op, rs, NULL ) != LDAP_SUCCESS ) {
194 send_ldap_result( op, rs );
199 rs->sr_err = schema_info( &entry, &rs->sr_text );
200 if( rs->sr_err != LDAP_SUCCESS ) {
201 send_ldap_result( op, rs );
209 rs->sr_err = compare_entry( op, entry, &ava );
210 if( fentry) entry_free( fentry );
212 send_ldap_result( op, rs );
214 if( rs->sr_err == LDAP_COMPARE_TRUE || rs->sr_err == LDAP_COMPARE_FALSE ) {
221 manageDSAit = get_manageDSAit( op );
224 * We could be serving multiple database backends. Select the
225 * appropriate one, or send a referral to our "referral server"
226 * if we don't hold it.
228 if ( (op->o_bd = select_backend( &op->o_req_ndn, manageDSAit, 0 )) == NULL ) {
229 rs->sr_ref = referral_rewrite( default_referral,
230 NULL, &op->o_req_dn, LDAP_SCOPE_DEFAULT );
232 rs->sr_err = LDAP_REFERRAL;
233 if (!rs->sr_ref) rs->sr_ref = default_referral;
234 send_ldap_result( op, rs );
236 if (rs->sr_ref != default_referral) ber_bvarray_free( rs->sr_ref );
241 /* check restrictions */
242 if( backend_check_restrictions( op, rs, NULL ) != LDAP_SUCCESS ) {
243 send_ldap_result( op, rs );
247 /* check for referrals */
248 if( backend_check_referrals( op, rs ) != LDAP_SUCCESS ) {
253 LDAP_LOG( OPERATION, ARGS,
254 "do_compare: dn (%s) attr(%s) value (%s)\n",
255 op->o_req_dn.bv_val, ava.aa_desc->ad_cname.bv_val, ava.aa_value.bv_val );
257 Debug( LDAP_DEBUG_ARGS, "do_compare: dn (%s) attr (%s) value (%s)\n",
258 op->o_req_dn.bv_val, ava.aa_desc->ad_cname.bv_val, ava.aa_value.bv_val );
261 Statslog( LDAP_DEBUG_STATS, "conn=%lu op=%lu CMP dn=\"%s\" attr=\"%s\"\n",
262 op->o_connid, op->o_opid, op->o_req_dn.bv_val,
263 ava.aa_desc->ad_cname.bv_val, 0 );
265 #if defined( LDAP_SLAPI )
266 slapi_x_pblock_set_operation( pb, op );
267 slapi_pblock_set( pb, SLAPI_COMPARE_TARGET, (void *)dn.bv_val );
268 slapi_pblock_set( pb, SLAPI_MANAGEDSAIT, (void *)manageDSAit );
269 slapi_pblock_set( pb, SLAPI_COMPARE_TYPE, (void *)desc.bv_val );
270 slapi_pblock_set( pb, SLAPI_COMPARE_VALUE, (void *)&value );
272 rs->sr_err = doPluginFNs( op->o_bd, SLAPI_PLUGIN_PRE_COMPARE_FN, pb );
273 if ( rs->sr_err != 0 ) {
275 * A preoperation plugin failure will abort the
279 LDAP_LOG( OPERATION, INFO, "do_compare: compare preoperation plugin "
280 "failed\n", 0, 0, 0);
282 Debug(LDAP_DEBUG_TRACE, "do_compare: compare preoperation plugin "
283 "failed.\n", 0, 0, 0);
285 if ( slapi_pblock_get( pb, SLAPI_RESULT_CODE, (void *)&rs->sr_err ) != 0)
286 rs->sr_err = LDAP_OTHER;
289 #endif /* defined( LDAP_SLAPI ) */
291 if ( op->o_bd->be_compare ) {
292 op->oq_compare.rs_ava = &ava;
293 op->o_bd->be_compare( op, rs );
295 send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM,
296 "operation not supported within namingContext" );
299 #if defined( LDAP_SLAPI )
300 if ( doPluginFNs( op->o_bd, SLAPI_PLUGIN_POST_COMPARE_FN, pb ) != 0 ) {
302 LDAP_LOG( OPERATION, INFO, "do_compare: compare postoperation plugins "
303 "failed\n", 0, 0, 0 );
305 Debug(LDAP_DEBUG_TRACE, "do_compare: compare postoperation plugins "
306 "failed.\n", 0, 0, 0);
309 #endif /* defined( LDAP_SLAPI ) */
312 free( op->o_req_dn.bv_val );
313 free( op->o_req_ndn.bv_val );
314 if ( ava.aa_value.bv_val ) free( ava.aa_value.bv_val );
319 static int compare_entry(
322 AttributeAssertion *ava )
324 int rc = LDAP_NO_SUCH_ATTRIBUTE;
327 if ( ! access_allowed( op, e,
328 ava->aa_desc, &ava->aa_value, ACL_COMPARE, NULL ) )
330 return LDAP_INSUFFICIENT_ACCESS;
333 for(a = attrs_find( e->e_attrs, ava->aa_desc );
335 a = attrs_find( a->a_next, ava->aa_desc ))
337 rc = LDAP_COMPARE_FALSE;
340 if ( value_find_ex( ava->aa_desc,
341 SLAP_MR_ATTRIBUTE_VALUE_NORMALIZED_MATCH |
342 SLAP_MR_ASSERTED_VALUE_NORMALIZED_MATCH,
344 &ava->aa_value ) == 0 )
346 if ( value_find( ava->aa_desc, a->a_vals, &ava->aa_value ) == 0 )
349 rc = LDAP_COMPARE_TRUE;