X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=servers%2Fslapd%2Fback-ldbm%2Fattribute.c;h=0dc5daf03a20fb31a7e4f2f50743b0f0b0145520;hb=82540c5cc1be5bf17b22f3a41d12d1bc56180654;hp=b17092d130f75f88d321610370327f4f9a4daa4b;hpb=51bd73ce7dac183a81e8d848b9b9a60132a1fec1;p=openldap

diff --git a/servers/slapd/back-ldbm/attribute.c b/servers/slapd/back-ldbm/attribute.c
index b17092d130..0dc5daf03a 100644
--- a/servers/slapd/back-ldbm/attribute.c
+++ b/servers/slapd/back-ldbm/attribute.c
@@ -1,7 +1,7 @@
 /* attribute.c - ldbm backend acl attribute routine */
 /* $OpenLDAP$ */
 /*
- * Copyright 1998-2000 The OpenLDAP Foundation, All Rights Reserved.
+ * Copyright 1998-2002 The OpenLDAP Foundation, All Rights Reserved.
  * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
  */
 
@@ -16,8 +16,7 @@
 #include "back-ldbm.h"
 #include "proto-back-ldbm.h"
 
-
-/* return 0 IFF we can retrieve the attributes
+/* return LDAP_SUCCESS IFF we can retrieve the attributes
  * of entry with e_ndn
  */
 int
@@ -26,22 +25,31 @@ ldbm_back_attribute(
 	Connection *conn,
 	Operation *op,
 	Entry	*target,
-	const char	*e_ndn,
+	struct berval	*entry_ndn,
 	AttributeDescription *entry_at,
-	const char ***vals
-)
+	BerVarray *vals )
 {
 	struct ldbminfo *li = (struct ldbminfo *) be->be_private;    
-	Entry        *e;
-	int          i, j, rc = 1;
+	Entry	     *e;
+	int	     rc;
 	Attribute   *attr;
-	struct berval **abv;
-	char *s, **v;
-	const char *entry_at_name = entry_at->ad_cname->bv_val;
-
+	BerVarray v;
+	const char *entry_at_name = entry_at->ad_cname.bv_val;
+	struct berval *iv, *jv;
+	AccessControlState acl_state = ACL_STATE_INIT;
+	int nvals = 0;
+
+#ifdef NEW_LOGGING
+	LDAP_LOG( BACK_LDBM, ARGS,
+		"ldbm_back_attribute: gr dn: \"%s\"\n", entry_ndn->bv_val, 0, 0 );
+	LDAP_LOG( BACK_LDBM, ARGS, 
+		"ldbm_back_attribute: at: \"%s\"\n", entry_at_name, 0, 0);
+	LDAP_LOG( BACK_LDBM, ARGS, "ldbm_back_attribute: tr dn: \"%s\"\n",
+		target ? target->e_ndn : "", 0, 0 );
+#else
 	Debug( LDAP_DEBUG_ARGS,
 		"=> ldbm_back_attribute: gr dn: \"%s\"\n",
-		e_ndn, 0, 0 ); 
+		entry_ndn->bv_val, 0, 0 ); 
 	Debug( LDAP_DEBUG_ARGS,
 		"=> ldbm_back_attribute: at: \"%s\"\n", 
 		entry_at_name, 0, 0 ); 
@@ -49,90 +57,153 @@ ldbm_back_attribute(
 	Debug( LDAP_DEBUG_ARGS,
 		"=> ldbm_back_attribute: tr dn: \"%s\"\n",
 		target ? target->e_ndn : "", 0, 0 ); 
+#endif
 
-	if (target != NULL && strcmp(target->e_ndn, e_ndn) == 0) {
+	if (target != NULL && dn_match( &target->e_nname, entry_ndn) ) {
 		/* we already have a LOCKED copy of the entry */
 		e = target;
-        	Debug( LDAP_DEBUG_ARGS,
+#ifdef NEW_LOGGING
+		LDAP_LOG( BACK_LDBM, DETAIL1, 
+			"ldbm_back_attribute: target is LOCKED (%s)\n", 
+			entry_ndn->bv_val, 0, 0);
+#else
+		Debug( LDAP_DEBUG_ARGS,
 			"=> ldbm_back_attribute: target is entry: \"%s\"\n",
-			e_ndn, 0, 0 );
+			entry_ndn->bv_val, 0, 0 );
+#endif
+
 
 	} else {
 		/* can we find entry with reader lock */
-		if ((e = dn2entry_r(be, e_ndn, NULL )) == NULL) {
+		if ((e = dn2entry_r(be, entry_ndn, NULL )) == NULL) {
+#ifdef NEW_LOGGING
+			LDAP_LOG( BACK_LDBM, INFO, 
+				"ldbm_back_attribute: cannot find entry (%s)\n",
+				entry_ndn->bv_val, 0, 0 );
+#else
 			Debug( LDAP_DEBUG_ACL,
 				"=> ldbm_back_attribute: cannot find entry: \"%s\"\n",
-					e_ndn, 0, 0 ); 
-			return( 1 );
+					entry_ndn->bv_val, 0, 0 ); 
+#endif
+
+			return LDAP_NO_SUCH_OBJECT; 
 		}
 		
+#ifdef NEW_LOGGING
+		LDAP_LOG( BACK_LDBM, DETAIL1, 
+			"ldbm_back_attribute: found entry (%s)\n", entry_ndn->bv_val, 0, 0);
+#else
 		Debug( LDAP_DEBUG_ACL,
 			"=> ldbm_back_attribute: found entry: \"%s\"\n",
-			e_ndn, 0, 0 ); 
+			entry_ndn->bv_val, 0, 0 ); 
+#endif
+
     }
 
-	rc = 1;
+	/* find attribute values */
 
-	/* find attribute values
-	 */
-        
 	if( is_entry_alias( e ) ) {
+#ifdef NEW_LOGGING
+		LDAP_LOG( BACK_LDBM, INFO, 
+			"ldbm_back_attribute: entry (%s) is an alias\n", e->e_dn, 0, 0 );
+#else
 		Debug( LDAP_DEBUG_ACL,
 			"<= ldbm_back_attribute: entry is an alias\n", 0, 0, 0 );
+#endif
+
+		rc = LDAP_ALIAS_PROBLEM;
 		goto return_results;
 	}
 
 	if( is_entry_referral( e ) ) {
+#ifdef NEW_LOGGING
+		LDAP_LOG( BACK_LDBM, INFO, 
+			"ldbm_back_attribute: entry (%s) is a referral.\n", e->e_dn, 0, 0 );
+#else
 		Debug( LDAP_DEBUG_ACL,
 			"<= ldbm_back_attribute: entry is an referral\n", 0, 0, 0 );
+#endif
+
+		rc = LDAP_REFERRAL;
 		goto return_results;
 	}
 
 	if (conn != NULL && op != NULL
-		&& access_allowed(be, conn, op, e, slap_schema.si_ad_entry, NULL, ACL_SEARCH) == 0)
+		&& access_allowed( be, conn, op, e, slap_schema.si_ad_entry,
+			NULL, ACL_READ, NULL ) == 0)
 	{
+		rc = LDAP_INSUFFICIENT_ACCESS;
 		goto return_results;
 	}
 
 	if ((attr = attr_find(e->e_attrs, entry_at)) == NULL) {
+#ifdef NEW_LOGGING
+		LDAP_LOG( BACK_LDBM, INFO, 
+			"ldbm_back_attribute: failed to find %s.\n", entry_at_name, 0, 0 );
+#else
 		Debug( LDAP_DEBUG_ACL,
 			"<= ldbm_back_attribute: failed to find %s\n",
 			entry_at_name, 0, 0 ); 
+#endif
+
+		rc = LDAP_NO_SUCH_ATTRIBUTE;
 		goto return_results;
 	}
 
 	if (conn != NULL && op != NULL
-		&& access_allowed(be, conn, op, e, entry_at, NULL, ACL_SEARCH) == 0)
+		&& access_allowed( be, conn, op, e, entry_at, NULL,
+			ACL_READ, &acl_state ) == 0)
 	{
+		rc = LDAP_INSUFFICIENT_ACCESS;
 		goto return_results;
 	}
 
-	for ( i = 0; attr->a_vals[i] != NULL; i++ ) { }
-	v = (char **) ch_calloc( (i + 1), sizeof(char *) );
-	if (v != NULL) {
-		for ( j = 0, abv = attr->a_vals; --i >= 0; abv++ ) {
-			if ( (*abv)->bv_len > 0 ) {
-				s = ch_malloc( (*abv)->bv_len + 1 );
-				if( s == NULL )
-					break;
-				memcpy(s, (*abv)->bv_val, (*abv)->bv_len);
-				s[(*abv)->bv_len] = 0;
-				v[j++] = s;
-			}
+	for ( iv = attr->a_vals; iv->bv_val != NULL; iv++ ) {
+		/* count them */
+	}
+
+	v = (BerVarray) ch_malloc( sizeof(struct berval) * ((iv - attr->a_vals)+1) );
+
+	for ( iv=attr->a_vals, jv=v; iv->bv_val; iv++ ) {
+		if( conn != NULL
+			&& op != NULL
+			&& access_allowed( be, conn, op, e, entry_at,
+				iv, ACL_READ, &acl_state ) == 0)
+		{
+			continue;
 		}
-		v[j] = NULL;
-		*vals = v;
+		ber_dupbv( jv, iv );
+
+		if( jv->bv_val != NULL ) jv++;
 	}
 
-	rc = 0;
+	nvals = jv - v;
+
+	if( jv == v ) {
+		ch_free( v );
+		*vals = NULL;
+		rc = LDAP_INSUFFICIENT_ACCESS;
+	} else {
+		jv->bv_val = NULL;
+		*vals = v;
+		rc = LDAP_SUCCESS;
+	}
 
 return_results:
 	if( target != e ) {
 		/* free entry and reader lock */
-		cache_return_entry_r( &li->li_cache, e );                 
+		cache_return_entry_r( &li->li_cache, e );		  
 	}
 
-	Debug( LDAP_DEBUG_TRACE, "ldbm_back_attribute: rc=%d\n", rc, 0, 0 ); 
+#ifdef NEW_LOGGING
+	LDAP_LOG( BACK_LDBM, ENTRY, 
+		"ldbm_back_attribute: rc=%d nvals=%d.\n", rc, nvals, 0 );
+#else
+	Debug( LDAP_DEBUG_TRACE,
+		"ldbm_back_attribute: rc=%d nvals=%d\n",
+		rc, nvals, 0 ); 
+#endif
+
 	return(rc);
 }