/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
#include <ac/socket.h>
#include <ac/string.h>
-#include "ldap_pvt.h"
#include "slap.h"
#ifdef LDAP_SLAPI
#include "slapi/slapi.h"
ava.aa_desc->ad_cname.bv_val, ava.aa_value.bv_val );
Statslog( LDAP_DEBUG_STATS,
- "conn=%lu op=%lu CMP dn=\"%s\" attr=\"%s\"\n",
- op->o_connid, op->o_opid, op->o_req_dn.bv_val,
- ava.aa_desc->ad_cname.bv_val, 0 );
+ "%s CMP dn=\"%s\" attr=\"%s\"\n",
+ op->o_log_prefix, op->o_req_dn.bv_val,
+ ava.aa_desc->ad_cname.bv_val, 0, 0 );
if( backend_check_restrictions( op, rs, NULL ) != LDAP_SUCCESS ) {
send_ldap_result( op, rs );
ava.aa_desc->ad_cname.bv_val, ava.aa_value.bv_val );
Statslog( LDAP_DEBUG_STATS,
- "conn=%lu op=%lu CMP dn=\"%s\" attr=\"%s\"\n",
- op->o_connid, op->o_opid, op->o_req_dn.bv_val,
- ava.aa_desc->ad_cname.bv_val, 0 );
+ "%s CMP dn=\"%s\" attr=\"%s\"\n",
+ op->o_log_prefix, op->o_req_dn.bv_val,
+ ava.aa_desc->ad_cname.bv_val, 0, 0 );
if( backend_check_restrictions( op, rs, NULL ) != LDAP_SUCCESS ) {
send_ldap_result( op, rs );
op->o_req_dn.bv_val,
ava.aa_desc->ad_cname.bv_val, ava.aa_value.bv_val );
- Statslog( LDAP_DEBUG_STATS, "conn=%lu op=%lu CMP dn=\"%s\" attr=\"%s\"\n",
- op->o_connid, op->o_opid, op->o_req_dn.bv_val,
- ava.aa_desc->ad_cname.bv_val, 0 );
+ Statslog( LDAP_DEBUG_STATS, "%s CMP dn=\"%s\" attr=\"%s\"\n",
+ op->o_log_prefix, op->o_req_dn.bv_val,
+ ava.aa_desc->ad_cname.bv_val, 0, 0 );
#if defined( LDAP_SLAPI )
#define pb op->o_pb
}
send_ldap_result( op, rs );
- if ( rs->sr_err == LDAP_COMPARE_TRUE ||
- rs->sr_err == LDAP_COMPARE_FALSE )
- {
- rs->sr_err = LDAP_SUCCESS;
- }
+ if( rc == 0 ) rs->sr_err = LDAP_SUCCESS;
} else if ( op->o_bd->be_compare ) {
op->o_bd->be_compare( op, rs );
Entry *e,
AttributeAssertion *ava )
{
- int rc = LDAP_NO_SUCH_ATTRIBUTE;
+ int rc;
Attribute *a;
if ( ! access_allowed( op, e,
return LDAP_INSUFFICIENT_ACCESS;
}
+ a = attrs_find( e->e_attrs, ava->aa_desc );
+ if( a == NULL ) return LDAP_NO_SUCH_ATTRIBUTE;
+
+ rc = LDAP_COMPARE_FALSE;
for(a = attrs_find( e->e_attrs, ava->aa_desc );
a != NULL;
a = attrs_find( a->a_next, ava->aa_desc ))
{
- rc = LDAP_COMPARE_FALSE;
+ if (( ava->aa_desc != a->a_desc ) && ! access_allowed( op,
+ e, a->a_desc, &ava->aa_value, ACL_COMPARE, NULL ) )
+ {
+ rc = LDAP_INSUFFICIENT_ACCESS;
+ break;
+ }
if ( value_find_ex( ava->aa_desc,
SLAP_MR_ATTRIBUTE_VALUE_NORMALIZED_MATCH |
projects / openldap / blobdiff