/* $OpenLDAP$ */
/*
- * Copyright 1998-1999 The OpenLDAP Foundation, All Rights Reserved.
+ * Copyright 1998-2000 The OpenLDAP Foundation, All Rights Reserved.
* COPYING RESTRICTIONS APPLY, see COPYRIGHT file
*/
/*
#include "portable.h"
#include <stdio.h>
-
#include <ac/socket.h>
#include "ldap_pvt.h"
#include "slap.h"
+static int compare_entry(
+ Connection *conn,
+ Operation *op,
+ Entry *e,
+ AttributeAssertion *ava );
+
int
do_compare(
Connection *conn,
Operation *op
)
{
- char *dn = NULL, *ndn=NULL;
- Ava ava;
+ Entry *entry = NULL;
+ struct berval dn = { 0, NULL };
+ struct berval *pdn = NULL;
+ struct berval *ndn = NULL;
+ struct berval desc = { 0, NULL };
+ struct berval value = { 0, NULL };
+ struct berval *nvalue;
+ AttributeAssertion ava;
Backend *be;
int rc = LDAP_SUCCESS;
+ const char *text = NULL;
+ int manageDSAit;
- Debug( LDAP_DEBUG_TRACE, "do_compare\n", 0, 0, 0 );
-
- if( op->o_bind_in_progress ) {
- Debug( LDAP_DEBUG_ANY, "do_compare: SASL bind in progress.\n",
- 0, 0, 0 );
- send_ldap_result( conn, op, LDAP_SASL_BIND_IN_PROGRESS,
- NULL, "SASL bind in progress", NULL, NULL );
- return LDAP_SASL_BIND_IN_PROGRESS;
- }
+ ava.aa_desc = NULL;
+#ifdef NEW_LOGGING
+ LDAP_LOG(( "operation", LDAP_LEVEL_ENTRY,
+ "do_compare: conn %d\n", conn->c_connid ));
+#else
+ Debug( LDAP_DEBUG_TRACE, "do_compare\n", 0, 0, 0 );
+#endif
/*
* Parse the compare request. It looks like this:
*
* }
*/
- if ( ber_scanf( op->o_ber, "{a" /*}*/, &dn ) == LBER_ERROR ) {
+ if ( ber_scanf( op->o_ber, "{o" /*}*/, &dn ) == LBER_ERROR ) {
+#ifdef NEW_LOGGING
+ LDAP_LOG(( "operation", LDAP_LEVEL_ERR,
+ "do_compare: conn %d ber_scanf failed\n", conn->c_connid ));
+#else
Debug( LDAP_DEBUG_ANY, "ber_scanf failed\n", 0, 0, 0 );
+#endif
send_ldap_disconnect( conn, op,
LDAP_PROTOCOL_ERROR, "decoding error" );
- return -1;
- }
-
- ndn = ch_strdup( dn );
-
- if( dn_normalize( ndn ) == NULL ) {
- Debug( LDAP_DEBUG_ANY, "do_compare: invalid dn (%s)\n", dn, 0, 0 );
- send_ldap_result( conn, op, rc = LDAP_INVALID_DN_SYNTAX, NULL,
- "invalid DN", NULL, NULL );
- goto cleanup;
+ return SLAPD_DISCONNECT;
}
- if ( get_ava( op->o_ber, &ava ) != LDAP_SUCCESS ) {
+ if ( ber_scanf( op->o_ber, "{oo}", &desc, &value ) == LBER_ERROR ) {
+#ifdef NEW_LOGGING
+ LDAP_LOG(( "operation", LDAP_LEVEL_ERR,
+ "do_compare: conn %d get ava failed\n", conn->c_connid ));
+#else
Debug( LDAP_DEBUG_ANY, "do_compare: get ava failed\n", 0, 0, 0 );
+#endif
send_ldap_disconnect( conn, op,
LDAP_PROTOCOL_ERROR, "decoding error" );
- return -1;
+ rc = SLAPD_DISCONNECT;
+ goto cleanup;
}
if ( ber_scanf( op->o_ber, /*{*/ "}" ) == LBER_ERROR ) {
+#ifdef NEW_LOGGING
+ LDAP_LOG(( "operation", LDAP_LEVEL_ERR,
+ "do_compare: conn %d ber_scanf failed\n", conn->c_connid ));
+#else
Debug( LDAP_DEBUG_ANY, "ber_scanf failed\n", 0, 0, 0 );
+#endif
send_ldap_disconnect( conn, op,
LDAP_PROTOCOL_ERROR, "decoding error" );
- return -1;
+ rc = SLAPD_DISCONNECT;
+ goto cleanup;
}
if( ( rc = get_ctrls( conn, op, 1 )) != LDAP_SUCCESS ) {
+#ifdef NEW_LOGGING
+ LDAP_LOG(( "operation", LDAP_LEVEL_INFO,
+ "do_compare: conn %d get_ctrls failed\n", conn->c_connid ));
+#else
Debug( LDAP_DEBUG_ANY, "do_compare: get_ctrls failed\n", 0, 0, 0 );
+#endif
goto cleanup;
}
- Debug( LDAP_DEBUG_ARGS, "do_compare: dn (%s) attr (%s) value (%s)\n",
- dn, ava.ava_type, ava.ava_value.bv_val );
+ rc = dnPretty( NULL, &dn, &pdn );
+ if( rc != LDAP_SUCCESS ) {
+#ifdef NEW_LOGGING
+ LDAP_LOG(( "operation", LDAP_LEVEL_INFO,
+ "do_compare: conn %d invalid dn (%s)\n",
+ conn->c_connid, dn.bv_val ));
+#else
+ Debug( LDAP_DEBUG_ANY,
+ "do_compare: invalid dn (%s)\n", dn.bv_val, 0, 0 );
+#endif
+ send_ldap_result( conn, op, rc = LDAP_INVALID_DN_SYNTAX, NULL,
+ "invalid DN", NULL, NULL );
+ goto cleanup;
+ }
- Statslog( LDAP_DEBUG_STATS, "conn=%ld op=%d CMP dn=\"%s\" attr=\"%s\"\n",
- op->o_connid, op->o_opid, dn, ava.ava_type, 0 );
+ rc = dnNormalize( NULL, &dn, &ndn );
+ if( rc != LDAP_SUCCESS ) {
+#ifdef NEW_LOGGING
+ LDAP_LOG(( "operation", LDAP_LEVEL_INFO,
+ "do_compare: conn %d invalid dn (%s)\n",
+ conn->c_connid, dn.bv_val ));
+#else
+ Debug( LDAP_DEBUG_ANY,
+ "do_compare: invalid dn (%s)\n", dn.bv_val, 0, 0 );
+#endif
+ send_ldap_result( conn, op, rc = LDAP_INVALID_DN_SYNTAX, NULL,
+ "invalid DN", NULL, NULL );
+ goto cleanup;
+ }
+
+ rc = slap_bv2ad( &desc, &ava.aa_desc, &text );
+ if( rc != LDAP_SUCCESS ) {
+ send_ldap_result( conn, op, rc, NULL, text, NULL, NULL );
+ goto cleanup;
+ }
+
+ rc = value_normalize( ava.aa_desc, SLAP_MR_EQUALITY, &value, &nvalue, &text );
+ if( rc != LDAP_SUCCESS ) {
+ send_ldap_result( conn, op, rc, NULL, text, NULL, NULL );
+ goto cleanup;
+ }
+
+ ava.aa_value = nvalue;
+
+ if( strcasecmp( ndn->bv_val, LDAP_ROOT_DSE ) == 0 ) {
+#ifdef NEW_LOGGING
+ LDAP_LOG(( "operation", LDAP_LEVEL_ARGS,
+ "do_compare: conn %d dn (%s) attr(%s) value (%s)\n",
+ conn->c_connid, pdn->bv_val,
+ ava.aa_desc->ad_cname.bv_val, ava.aa_value->bv_val ));
+#else
+ Debug( LDAP_DEBUG_ARGS, "do_compare: dn (%s) attr (%s) value (%s)\n",
+ pdn->bv_val, ava.aa_desc->ad_cname.bv_val, ava.aa_value->bv_val );
+#endif
+
+ Statslog( LDAP_DEBUG_STATS,
+ "conn=%ld op=%d CMP dn=\"%s\" attr=\"%s\"\n",
+ op->o_connid, op->o_opid, pdn->bv_val,
+ ava.aa_desc->ad_cname.bv_val, 0 );
+
+ rc = backend_check_restrictions( NULL, conn, op, NULL, &text ) ;
+ if( rc != LDAP_SUCCESS ) {
+ send_ldap_result( conn, op, rc, NULL, text, NULL, NULL );
+ goto cleanup;
+ }
+
+ rc = root_dse_info( conn, &entry, &text );
+ if( rc != LDAP_SUCCESS ) {
+ send_ldap_result( conn, op, rc, NULL, text, NULL, NULL );
+ goto cleanup;
+ }
+
+ } else if ( strcasecmp( ndn->bv_val, SLAPD_SCHEMA_DN ) == 0 ) {
+#ifdef NEW_LOGGING
+ LDAP_LOG(( "operation", LDAP_LEVEL_ARGS,
+ "do_compare: conn %d dn (%s) attr(%s) value (%s)\n",
+ conn->c_connid, pdn->bv_val, ava.aa_desc->ad_cname.bv_val,
+ ava.aa_value->bv_val ));
+#else
+ Debug( LDAP_DEBUG_ARGS, "do_compare: dn (%s) attr (%s) value (%s)\n",
+ pdn->bv_val, ava.aa_desc->ad_cname.bv_val, ava.aa_value->bv_val );
+#endif
+
+ Statslog( LDAP_DEBUG_STATS,
+ "conn=%ld op=%d CMP dn=\"%s\" attr=\"%s\"\n",
+ op->o_connid, op->o_opid, pdn->bv_val,
+ ava.aa_desc->ad_cname.bv_val, 0 );
+
+ rc = backend_check_restrictions( NULL, conn, op, NULL, &text ) ;
+ if( rc != LDAP_SUCCESS ) {
+ send_ldap_result( conn, op, rc, NULL, text, NULL, NULL );
+ rc = 0;
+ goto cleanup;
+ }
+
+ rc = schema_info( &entry, &text );
+ if( rc != LDAP_SUCCESS ) {
+ send_ldap_result( conn, op, rc, NULL, text, NULL, NULL );
+ rc = 0;
+ goto cleanup;
+ }
+ }
+
+ if( entry ) {
+ rc = compare_entry( conn, op, entry, &ava );
+ entry_free( entry );
+
+ send_ldap_result( conn, op, rc, NULL, text, NULL, NULL );
+
+ if( rc == LDAP_COMPARE_TRUE || rc == LDAP_COMPARE_FALSE ) {
+ rc = 0;
+ }
+
+ goto cleanup;
+ }
+
+ manageDSAit = get_manageDSAit( op );
/*
* We could be serving multiple database backends. Select the
* appropriate one, or send a referral to our "referral server"
* if we don't hold it.
*/
- if ( (be = select_backend( ndn )) == NULL ) {
+ if ( (be = select_backend( ndn, manageDSAit, 0 )) == NULL ) {
+ struct berval **ref = referral_rewrite( default_referral,
+ NULL, pdn->bv_val, LDAP_SCOPE_DEFAULT );
+
send_ldap_result( conn, op, rc = LDAP_REFERRAL,
- NULL, NULL, default_referral, NULL );
- rc = 1;
+ NULL, NULL, ref ? ref : default_referral, NULL );
+
+ ber_bvecfree( ref );
+ rc = 0;
goto cleanup;
}
- /* make sure this backend recongizes critical controls */
- rc = backend_check_controls( be, conn, op ) ;
-
+ /* check restrictions */
+ rc = backend_check_restrictions( be, conn, op, NULL, &text ) ;
if( rc != LDAP_SUCCESS ) {
send_ldap_result( conn, op, rc,
- NULL, NULL, NULL, NULL );
+ NULL, text, NULL, NULL );
goto cleanup;
}
+ /* check for referrals */
+ rc = backend_check_referrals( be, conn, op, pdn, ndn );
+ if ( rc != LDAP_SUCCESS ) {
+ goto cleanup;
+ }
+
+#ifdef NEW_LOGGING
+ LDAP_LOG(( "operation", LDAP_LEVEL_ARGS,
+ "do_compare: conn %d dn (%s) attr(%s) value (%s)\n",
+ conn->c_connid, pdn->bv_val, ava.aa_desc->ad_cname.bv_val,
+ ava.aa_value->bv_val ));
+#else
+ Debug( LDAP_DEBUG_ARGS, "do_compare: dn (%s) attr (%s) value (%s)\n",
+ pdn->bv_val, ava.aa_desc->ad_cname.bv_val, ava.aa_value->bv_val );
+#endif
+
+ Statslog( LDAP_DEBUG_STATS, "conn=%ld op=%d CMP dn=\"%s\" attr=\"%s\"\n",
+ op->o_connid, op->o_opid, pdn->bv_val,
+ ava.aa_desc->ad_cname.bv_val, 0 );
+
+
/* deref suffix alias if appropriate */
- ndn = suffix_alias( be, ndn );
+ suffix_alias( be, ndn );
if ( be->be_compare ) {
- (*be->be_compare)( be, conn, op, dn, ndn, &ava );
+ (*be->be_compare)( be, conn, op, pdn->bv_val, ndn->bv_val, &ava );
} else {
send_ldap_result( conn, op, rc = LDAP_UNWILLING_TO_PERFORM,
- NULL, "Function not implemented", NULL, NULL );
+ NULL, "operation not supported within namingContext",
+ NULL, NULL );
}
cleanup:
- free( dn );
- free( ndn );
- ava_free( &ava, 0 );
+ free( dn.bv_val );
+ ber_bvfree( pdn );
+ ber_bvfree( ndn );
+ free( desc.bv_val );
+ free( value.bv_val );
+
+ return rc;
+}
+
+static int compare_entry(
+ Connection *conn,
+ Operation *op,
+ Entry *e,
+ AttributeAssertion *ava )
+{
+ int rc = LDAP_NO_SUCH_ATTRIBUTE;
+ Attribute *a;
+
+ if ( ! access_allowed( NULL, conn, op, e,
+ ava->aa_desc, ava->aa_value, ACL_COMPARE ) )
+ {
+ return LDAP_INSUFFICIENT_ACCESS;
+ }
+
+ for(a = attrs_find( e->e_attrs, ava->aa_desc );
+ a != NULL;
+ a = attrs_find( a->a_next, ava->aa_desc ))
+ {
+ rc = LDAP_COMPARE_FALSE;
+
+ if ( value_find( ava->aa_desc, a->a_vals, ava->aa_value ) == 0 ) {
+ rc = LDAP_COMPARE_TRUE;
+ break;
+ }
+ }
return rc;
}
projects / openldap / blobdiff