/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2001-2004 The OpenLDAP Foundation.
+ * Copyright 2001-2009 The OpenLDAP Foundation.
* Portions Copyright 2001-2003 Pierangelo Masarati.
* All rights reserved.
*
#include "back-monitor.h"
int
-monitor_back_compare( struct slap_op *op, struct slap_rep *rs)
+monitor_back_compare( Operation *op, SlapReply *rs )
{
monitor_info_t *mi = ( monitor_info_t * ) op->o_bd->be_private;
Entry *e, *matched = NULL;
Attribute *a;
+ int rc;
+ AclCheck ak;
+
+ ak.ak_state = NULL;
/* get entry with reader lock */
- monitor_cache_dn2entry( op, &op->o_req_ndn, &e, &matched );
+ monitor_cache_dn2entry( op, rs, &op->o_req_ndn, &e, &matched );
if ( e == NULL ) {
rs->sr_err = LDAP_NO_SUCH_OBJECT;
if ( matched ) {
- rs->sr_matched = matched->e_dn;
+ ak.ak_e = matched;
+ ak.ak_desc = slap_schema.si_ad_entry;
+ ak.ak_val = NULL;
+ ak.ak_access = ACL_DISCLOSE;
+ if ( !access_allowed( op, &ak ))
+ {
+ /* do nothing */ ;
+ } else {
+ rs->sr_matched = matched->e_dn;
+ }
}
send_ldap_result( op, rs );
if ( matched ) {
rs->sr_matched = NULL;
}
- return( 0 );
+ return rs->sr_err;
}
- rs->sr_err = access_allowed( op, e, op->oq_compare.rs_ava->aa_desc,
- &op->oq_compare.rs_ava->aa_value, ACL_COMPARE, NULL );
+ ak.ak_e = e;
+ ak.ak_desc = op->oq_compare.rs_ava->aa_desc;
+ ak.ak_val = &op->oq_compare.rs_ava->aa_value;
+ ak.ak_access = ACL_COMPARE;
+ rs->sr_err = access_allowed( op, &ak );
if ( !rs->sr_err ) {
rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
goto return_results;
a = attrs_find( a->a_next, op->oq_compare.rs_ava->aa_desc )) {
rs->sr_err = LDAP_COMPARE_FALSE;
- if ( value_find_ex( op->oq_compare.rs_ava->aa_desc,
+ if ( attr_valfind( a,
SLAP_MR_ATTRIBUTE_VALUE_NORMALIZED_MATCH |
SLAP_MR_ASSERTED_VALUE_NORMALIZED_MATCH,
- a->a_nvals, &op->oq_compare.rs_ava->aa_value,
+ &op->oq_compare.rs_ava->aa_value, NULL,
op->o_tmpmemctx ) == 0 )
{
rs->sr_err = LDAP_COMPARE_TRUE;
}
return_results:;
- send_ldap_result( op, rs );
- if ( rs->sr_err == LDAP_COMPARE_FALSE
- || rs->sr_err == LDAP_COMPARE_TRUE ) {
- rs->sr_err = LDAP_SUCCESS;
+ rc = rs->sr_err;
+ switch ( rc ) {
+ case LDAP_COMPARE_FALSE:
+ case LDAP_COMPARE_TRUE:
+ rc = LDAP_SUCCESS;
+ break;
+
+ case LDAP_NO_SUCH_ATTRIBUTE:
+ break;
+
+ default:
+ ak.ak_desc = slap_schema.si_ad_entry;
+ ak.ak_val = NULL;
+ ak.ak_access = ACL_DISCLOSE;
+ if ( !access_allowed( op, &ak ))
+ {
+ rs->sr_err = LDAP_NO_SUCH_OBJECT;
+ }
+ break;
}
+
+ send_ldap_result( op, rs );
+ rs->sr_err = rc;
monitor_cache_release( mi, e );
- return( rs->sr_err );
+ return rs->sr_err;
}
projects / openldap / blobdiff