Merge remote branch 'origin/mdb.master' into OPENLDAP_REL_ENG_2_4

[openldap] / servers / slapd / back-monitor / compare.c

diff --git a/servers/slapd/back-monitor/compare.c b/servers/slapd/back-monitor/compare.c
index adc5674484a6e6107da919e0fba9507dddae5e04..39f659a53a588fe8c7ddbf0a9f4aed1af84904d3 100644 (file)
--- a/servers/slapd/back-monitor/compare.c
+++ b/servers/slapd/back-monitor/compare.c
@@ -2,7 +2,7 @@
 /* $OpenLDAP$ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2001-2004 The OpenLDAP Foundation.
+ * Copyright 2001-2012 The OpenLDAP Foundation.
  * Portions Copyright 2001-2003 Pierangelo Masarati.
  * All rights reserved.
  *
@@ -27,18 +27,25 @@
 #include "back-monitor.h"
 
 int
-monitor_back_compare( struct slap_op *op, struct slap_rep *rs)
+monitor_back_compare( Operation *op, SlapReply *rs )
 {
        monitor_info_t  *mi = ( monitor_info_t * ) op->o_bd->be_private;
        Entry           *e, *matched = NULL;
-       Attribute       *a;
+       int             rc;
 
        /* get entry with reader lock */
-       monitor_cache_dn2entry( op, &op->o_req_ndn, &e, &matched );
+       monitor_cache_dn2entry( op, rs, &op->o_req_ndn, &e, &matched );
        if ( e == NULL ) {
                rs->sr_err = LDAP_NO_SUCH_OBJECT;
                if ( matched ) {
-                       rs->sr_matched = matched->e_dn;
+                       if ( !access_allowed_mask( op, matched,
+                                       slap_schema.si_ad_entry,
+                                       NULL, ACL_DISCLOSE, NULL, NULL ) )
+                       {
+                               /* do nothing */ ;
+                       } else {
+                               rs->sr_matched = matched->e_dn;
+                       }
                }
                send_ldap_result( op, rs );
                if ( matched ) {
@@ -46,43 +53,24 @@ monitor_back_compare( struct slap_op *op, struct slap_rep *rs)
                        rs->sr_matched = NULL;
                }
 
-               return( 0 );
+               return rs->sr_err;
        }
 
-       rs->sr_err = access_allowed( op, e, op->oq_compare.rs_ava->aa_desc,
-                       &op->oq_compare.rs_ava->aa_value, ACL_COMPARE, NULL );
-       if ( !rs->sr_err ) {
-               rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
-               goto return_results;
+       monitor_entry_update( op, rs, e );
+       rs->sr_err = slap_compare_entry( op, e, op->orc_ava );
+       rc = rs->sr_err;
+       switch ( rc ) {
+       case LDAP_COMPARE_FALSE:
+       case LDAP_COMPARE_TRUE:
+               rc = LDAP_SUCCESS;
+               break;
        }
-
-       rs->sr_err = LDAP_NO_SUCH_ATTRIBUTE;
-
-       for ( a = attrs_find( e->e_attrs, op->oq_compare.rs_ava->aa_desc );
-                       a != NULL;
-                       a = attrs_find( a->a_next, op->oq_compare.rs_ava->aa_desc )) {
-               rs->sr_err = LDAP_COMPARE_FALSE;
-
-               if ( value_find_ex( op->oq_compare.rs_ava->aa_desc,
-                       SLAP_MR_ATTRIBUTE_VALUE_NORMALIZED_MATCH |
-                               SLAP_MR_ASSERTED_VALUE_NORMALIZED_MATCH,
-                       a->a_nvals, &op->oq_compare.rs_ava->aa_value,
-                       op->o_tmpmemctx ) == 0 )
-               {
-                       rs->sr_err = LDAP_COMPARE_TRUE;
-                       break;
-               }
-       }
-
-return_results:;
+               
        send_ldap_result( op, rs );
-       if ( rs->sr_err == LDAP_COMPARE_FALSE
-                       || rs->sr_err == LDAP_COMPARE_TRUE ) {
-               rs->sr_err = LDAP_SUCCESS;
-       }
+       rs->sr_err = rc;
 
        monitor_cache_release( mi, e );
 
-       return( rs->sr_err );
+       return rs->sr_err;
 }