/* compare.c - monitor backend compare routine */
-/*
- * Copyright 1998-2003 The OpenLDAP Foundation, All Rights Reserved.
- * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
+/* $OpenLDAP$ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 2001-2009 The OpenLDAP Foundation.
+ * Portions Copyright 2001-2003 Pierangelo Masarati.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
*/
-/*
- * Copyright 2001, Pierangelo Masarati, All rights reserved. <ando@sys-net.it>
- *
- * This work has beed deveolped for the OpenLDAP Foundation
- * in the hope that it may be useful to the Open Source community,
- * but WITHOUT ANY WARRANTY.
- *
- * Permission is granted to anyone to use this software for any purpose
- * on any computer system, and to alter it and redistribute it, subject
- * to the following restrictions:
- *
- * 1. The author and SysNet s.n.c. are not responsible for the consequences
- * of use of this software, no matter how awful, even if they arise from
- * flaws in it.
- *
- * 2. The origin of this software must not be misrepresented, either by
- * explicit claim or by omission. Since few users ever read sources,
- * credits should appear in the documentation.
- *
- * 3. Altered versions must be plainly marked as such, and must not be
- * misrepresented as being the original software. Since few users
- * ever read sources, credits should appear in the documentation.
- * SysNet s.n.c. cannot be responsible for the consequences of the
- * alterations.
- *
- * 4. This notice may not be removed or altered.
+/* ACKNOWLEDGEMENTS:
+ * This work was initially developed by Pierangelo Masarati for inclusion
+ * in OpenLDAP Software.
*/
#include "portable.h"
#include "back-monitor.h"
int
-monitor_back_compare(
- Backend *be,
- Connection *conn,
- Operation *op,
- struct berval *dn,
- struct berval *ndn,
- AttributeAssertion *ava
-)
+monitor_back_compare( Operation *op, SlapReply *rs )
{
- struct monitorinfo *mi = (struct monitorinfo *) be->be_private; int rc;
+ monitor_info_t *mi = ( monitor_info_t * ) op->o_bd->be_private;
Entry *e, *matched = NULL;
Attribute *a;
+ int rc;
+ AclCheck ak;
+
+ ak.ak_state = NULL;
/* get entry with reader lock */
- monitor_cache_dn2entry( mi, ndn, &e, &matched );
+ monitor_cache_dn2entry( op, rs, &op->o_req_ndn, &e, &matched );
if ( e == NULL ) {
- send_ldap_result( conn, op, LDAP_NO_SUCH_OBJECT,
- matched ? matched->e_dn : NULL,
- NULL, NULL, NULL );
+ rs->sr_err = LDAP_NO_SUCH_OBJECT;
+ if ( matched ) {
+ ak.ak_e = matched;
+ ak.ak_desc = slap_schema.si_ad_entry;
+ ak.ak_val = NULL;
+ ak.ak_access = ACL_DISCLOSE;
+ if ( !access_allowed( op, &ak ))
+ {
+ /* do nothing */ ;
+ } else {
+ rs->sr_matched = matched->e_dn;
+ }
+ }
+ send_ldap_result( op, rs );
if ( matched ) {
monitor_cache_release( mi, matched );
+ rs->sr_matched = NULL;
}
- return( 0 );
+ return rs->sr_err;
}
- rc = access_allowed( be, conn, op, e, ava->aa_desc,
- &ava->aa_value, ACL_COMPARE, NULL );
- if ( !rc ) {
- send_ldap_result( conn, op, LDAP_INSUFFICIENT_ACCESS,
- NULL, NULL, NULL, NULL );
- rc = 1;
+ ak.ak_e = e;
+ ak.ak_desc = op->oq_compare.rs_ava->aa_desc;
+ ak.ak_val = &op->oq_compare.rs_ava->aa_value;
+ ak.ak_access = ACL_COMPARE;
+ rs->sr_err = access_allowed( op, &ak );
+ if ( !rs->sr_err ) {
+ rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
goto return_results;
}
- rc = LDAP_NO_SUCH_ATTRIBUTE;
+ rs->sr_err = LDAP_NO_SUCH_ATTRIBUTE;
- for ( a = attrs_find( e->e_attrs, ava->aa_desc );
+ for ( a = attrs_find( e->e_attrs, op->oq_compare.rs_ava->aa_desc );
a != NULL;
- a = attrs_find( a->a_next, ava->aa_desc )) {
- rc = LDAP_COMPARE_FALSE;
-
-#ifdef SLAP_NVALUES
- if ( value_find_ex( ava->aa_desc,
- SLAP_MR_ATTRIBUTE_VALUE_NORMALIZED_MATCH,
- a->a_nvals, &ava->aa_value ) == 0 )
-#else
- if ( value_find( ava->aa_desc, a->a_vals, &ava->aa_value ) == 0 )
-#endif
+ a = attrs_find( a->a_next, op->oq_compare.rs_ava->aa_desc )) {
+ rs->sr_err = LDAP_COMPARE_FALSE;
+
+ if ( attr_valfind( a,
+ SLAP_MR_ATTRIBUTE_VALUE_NORMALIZED_MATCH |
+ SLAP_MR_ASSERTED_VALUE_NORMALIZED_MATCH,
+ &op->oq_compare.rs_ava->aa_value, NULL,
+ op->o_tmpmemctx ) == 0 )
{
- rc = LDAP_COMPARE_TRUE;
+ rs->sr_err = LDAP_COMPARE_TRUE;
break;
}
}
- send_ldap_result( conn, op, rc, NULL, NULL, NULL, NULL );
+return_results:;
+ rc = rs->sr_err;
+ switch ( rc ) {
+ case LDAP_COMPARE_FALSE:
+ case LDAP_COMPARE_TRUE:
+ rc = LDAP_SUCCESS;
+ break;
+
+ case LDAP_NO_SUCH_ATTRIBUTE:
+ break;
- if( rc != LDAP_NO_SUCH_ATTRIBUTE ) {
- rc = 0;
+ default:
+ ak.ak_desc = slap_schema.si_ad_entry;
+ ak.ak_val = NULL;
+ ak.ak_access = ACL_DISCLOSE;
+ if ( !access_allowed( op, &ak ))
+ {
+ rs->sr_err = LDAP_NO_SUCH_OBJECT;
+ }
+ break;
}
-
-return_results:;
+
+ send_ldap_result( op, rs );
+ rs->sr_err = rc;
+
monitor_cache_release( mi, e );
- return( rc );
+ return rs->sr_err;
}
projects / openldap / blobdiff