#include "back-ldbm.h"
#include "proto-back-ldbm.h"
-extern Attribute *attr_find();
-
#ifdef SLAPD_ACLGROUPS
-/* return 0 IFF edn is a value in uniqueMember attribute
+/* return 0 IFF edn is a value in member attribute
* of entry with bdn AND that entry has an objectClass
* value of groupOfNames
*/
int
ldbm_back_group(
Backend *be,
+ Entry *target,
char *bdn,
- char *edn
+ char *edn,
+ char *objectclassValue,
+ char *groupattrName
)
{
struct ldbminfo *li = (struct ldbminfo *) be->be_private;
Entry *e;
+ char *tdn, *xdn;
char *matched;
Attribute *objectClass;
Attribute *member;
Debug( LDAP_DEBUG_TRACE, "=> ldbm_back_group: bdn: %s\n", bdn, 0, 0 );
Debug( LDAP_DEBUG_TRACE, "=> ldbm_back_group: edn: %s\n", edn, 0, 0 );
-
- /* can we find bdn entry with reader lock */
- if ((e = dn2entry_r(be, bdn, &matched )) == NULL) {
- Debug( LDAP_DEBUG_TRACE, "=> ldbm_back_group: cannot find bdn: %s matched: %x\n", bdn, matched, 0 );
- if (matched != NULL)
- free(matched);
- return( 1 );
+ Debug( LDAP_DEBUG_TRACE, "=> ldbm_back_group: objectClass: %s attrName: %s\n",
+ objectclassValue, groupattrName, 0 );
+
+ tdn = dn_normalize_case( ch_strdup( target->e_dn ) );
+ xdn = dn_normalize_case( ch_strdup( bdn ) );
+ Debug( LDAP_DEBUG_TRACE, "=> ldbm_back_group: tdn: %s\n", tdn, 0, 0 );
+ if (strcmp(tdn, xdn) == 0) {
+ /* we already have a LOCKED copy of the entry */
+ e = target;
+ Debug( LDAP_DEBUG_ARGS,
+ "=> ldbm_back_group: target is bdn: %s\n",
+ bdn, 0, 0 );
+ } else {
+ /* can we find bdn entry with reader lock */
+ if ((e = dn2entry_r(be, bdn, &matched )) == NULL) {
+ Debug( LDAP_DEBUG_TRACE,
+ "=> ldbm_back_group: cannot find bdn: %s matched: %s\n",
+ bdn, (matched ? matched : ""), 0 );
+ if (matched != NULL)
+ free(matched);
+ free(tdn);
+ free(xdn);
+ return( 1 );
+ }
+ Debug( LDAP_DEBUG_ARGS,
+ "=> ldbm_back_group: found bdn: %s\n",
+ bdn, 0, 0 );
}
- Debug( LDAP_DEBUG_ARGS, "=> ldbm_back_group: found bdn: %s matched: %x\n", bdn, matched, 0 );
+ free(tdn);
+ free(xdn);
+
/* check for deleted */
if ((objectClass = attr_find(e->e_attrs, "objectclass")) == NULL) {
Debug( LDAP_DEBUG_TRACE, "<= ldbm_back_group: failed to find objectClass\n", 0, 0, 0 );
}
- else if ((member = attr_find(e->e_attrs, "member")) == NULL) {
- Debug( LDAP_DEBUG_TRACE, "<= ldbm_back_group: failed to find member\n", 0, 0, 0 );
+ else if ((member = attr_find(e->e_attrs, groupattrName)) == NULL) {
+ Debug( LDAP_DEBUG_TRACE, "<= ldbm_back_group: failed to find %s\n", groupattrName, 0, 0 );
}
else {
struct berval bvObjectClass;
struct berval bvMembers;
- Debug( LDAP_DEBUG_ARGS, "<= ldbm_back_group: found objectClass and members\n", 0, 0, 0 );
+ Debug( LDAP_DEBUG_ARGS, "<= ldbm_back_group: found objectClass and %s\n", groupattrName, 0, 0 );
- bvObjectClass.bv_val = "groupofnames";
+ bvObjectClass.bv_val = objectclassValue;
bvObjectClass.bv_len = strlen( bvObjectClass.bv_val );
+
bvMembers.bv_val = edn;
bvMembers.bv_len = strlen( edn );
if (value_find(objectClass->a_vals, &bvObjectClass, SYNTAX_CIS, 1) != 0) {
Debug( LDAP_DEBUG_TRACE,
- "<= ldbm_back_group: failed to find objectClass in groupOfNames\n",
- 0, 0, 0 );
+ "<= ldbm_back_group: failed to find %s in objectClass\n",
+ objectclassValue, 0, 0 );
}
else if (value_find(member->a_vals, &bvMembers, SYNTAX_CIS, 1) != 0) {
- Debug( LDAP_DEBUG_ACL, "<= ldbm_back_group: %s not in %s: groupOfNames\n",
- edn, bdn, 0 );
+ Debug( LDAP_DEBUG_ACL, "<= ldbm_back_group: %s not in %s: %s\n",
+ edn, bdn, groupattrName );
}
else {
- Debug( LDAP_DEBUG_ACL, "<= ldbm_back_group: %s is in %s: groupOfNames\n",
- edn, bdn, 0 );
+ Debug( LDAP_DEBUG_ACL, "<= ldbm_back_group: %s is in %s: %s\n",
+ edn, bdn, groupattrName );
rc = 0;
}
}
- /* free entry and reader lock */
- cache_return_entry_r( &li->li_cache, e );
+ if( target != e ) {
+ /* free entry and reader lock */
+ cache_return_entry_r( &li->li_cache, e );
+ }
Debug( LDAP_DEBUG_ARGS, "ldbm_back_group: rc: %d\n", rc, 0, 0 );
return(rc);
}
-#endif
+#endif /* SLAPD_ACLGROUPS */
projects / openldap / blobdiff