X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=servers%2Fslapd%2Fcompare.c;h=230602895a597849c61e6b39106d69634bd71e2e;hb=3cdba151ad18dba10786fde4464442ddaf67b5fe;hp=2dd0b169eb90d7fc91ffa3060a191ec0dbeecbea;hpb=acbb5cf689a4336af05c9f259d909d8141055bac;p=openldap

diff --git a/servers/slapd/compare.c b/servers/slapd/compare.c
index 2dd0b169eb..230602895a 100644
--- a/servers/slapd/compare.c
+++ b/servers/slapd/compare.c
@@ -1,7 +1,7 @@
 /* $OpenLDAP$ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -135,9 +135,10 @@ cleanup:;
 int
 fe_op_compare( Operation *op, SlapReply *rs )
 {
-	Entry *entry = NULL;
-	int manageDSAit;
-	AttributeAssertion ava = *op->orc_ava;
+	Entry			*entry = NULL;
+	int			manageDSAit;
+	AttributeAssertion	ava = *op->orc_ava;
+	BackendDB		*bd = op->o_bd;
 
 	if( strcasecmp( op->o_req_ndn.bv_val, LDAP_ROOT_DSE ) == 0 ) {
 		Debug( LDAP_DEBUG_ARGS,
@@ -214,9 +215,8 @@ fe_op_compare( Operation *op, SlapReply *rs )
 
 		rs->sr_err = LDAP_REFERRAL;
 		if (!rs->sr_ref) rs->sr_ref = default_referral;
-		op->o_bd = frontendDB;
+		op->o_bd = bd;
 		send_ldap_result( op, rs );
-		op->o_bd = NULL;
 
 		if (rs->sr_ref != default_referral) ber_bvarray_free( rs->sr_ref );
 		rs->sr_err = 0;
@@ -243,7 +243,13 @@ fe_op_compare( Operation *op, SlapReply *rs )
 		ava.aa_desc->ad_cname.bv_val, 0, 0 );
 
 	op->orc_ava = &ava;
-	if ( ava.aa_desc == slap_schema.si_ad_entryDN ) {
+
+	if ( SLAP_SHADOW(op->o_bd) && get_dontUseCopy(op) ) {
+		/* don't use shadow copy */
+		send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM,
+			"copy not used" );
+
+	} else if ( ava.aa_desc == slap_schema.si_ad_entryDN ) {
 		send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM,
 			"entryDN compare not supported" );
 
@@ -284,7 +290,6 @@ fe_op_compare( Operation *op, SlapReply *rs )
 			}
 
 		} else {
-#ifdef SLAP_ACL_HONOR_DISCLOSE
 			/* return error only if "disclose"
 			 * is granted on the object */
 			if ( backend_access( op, NULL, &op->o_req_ndn,
@@ -293,7 +298,6 @@ fe_op_compare( Operation *op, SlapReply *rs )
 			{
 				rs->sr_err = LDAP_NO_SUCH_OBJECT;
 			}
-#endif /* SLAP_ACL_HONOR_DISCLOSE */
 		}
 
 		send_ldap_result( op, rs );
@@ -328,7 +332,6 @@ fe_op_compare( Operation *op, SlapReply *rs )
 				ava.aa_desc, &vals, ACL_COMPARE );
 		switch ( rs->sr_err ) {
 		default:
-#ifdef SLAP_ACL_HONOR_DISCLOSE
 			/* return error only if "disclose"
 			 * is granted on the object */
 			if ( backend_access( op, NULL, &op->o_req_ndn,
@@ -338,7 +341,6 @@ fe_op_compare( Operation *op, SlapReply *rs )
 			{
 				rs->sr_err = LDAP_NO_SUCH_OBJECT;
 			}
-#endif /* SLAP_ACL_HONOR_DISCLOSE */
 			break;
 
 		case LDAP_SUCCESS:
@@ -369,6 +371,7 @@ fe_op_compare( Operation *op, SlapReply *rs )
 	}
 
 cleanup:;
+	op->o_bd = bd;
 	return rs->sr_err;
 }
 
@@ -415,7 +418,6 @@ static int compare_entry(
 	}
 
 done:
-#ifdef LDAP_ACL_HONOR_DISCLOSE
 	if( rc != LDAP_COMPARE_TRUE && rc != LDAP_COMPARE_FALSE ) {
 		if ( ! access_allowed( op, e,
 			slap_schema.si_ad_entry, NULL, ACL_DISCLOSE, NULL ) )
@@ -423,7 +425,6 @@ done:
 			rc = LDAP_NO_SUCH_OBJECT;
 		}
 	}
-#endif
 
 	return rc;
 }