X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=servers%2Fslapd%2Fcompare.c;h=4f2b993532f3999d6a5d47f9afca1a46737968f0;hb=a26612bc00bacbc660fa4a26466f609a29a1d072;hp=ae91f7631d89909507e4c55c543b04f4608f6e63;hpb=074be5fb5aa8cbd09cf88e00f5274a431d6ed344;p=openldap

diff --git a/servers/slapd/compare.c b/servers/slapd/compare.c
index ae91f7631d..4f2b993532 100644
--- a/servers/slapd/compare.c
+++ b/servers/slapd/compare.c
@@ -18,7 +18,6 @@
 #include "portable.h"
 
 #include <stdio.h>
-
 #include <ac/socket.h>
 
 #include "ldap_pvt.h"
@@ -33,21 +32,23 @@ do_compare(
 	char	*dn = NULL, *ndn=NULL;
 	struct berval desc;
 	struct berval value;
-#ifdef SLAPD_SCHEMA_NOT_COMPAT
 	struct berval *nvalue;
 	AttributeAssertion ava;
-#else
-	Ava	ava;
-#endif
 	Backend	*be;
 	int rc = LDAP_SUCCESS;
-	char *text = NULL;
+	const char *text = NULL;
+	int manageDSAit;
 
+	ava.aa_desc = NULL;
 	desc.bv_val = NULL;
 	value.bv_val = NULL;
 
+#ifdef NEW_LOGGING
+	LDAP_LOG(( "operation", LDAP_LEVEL_ENTRY,
+		   "do_compare: conn %d\n", conn->c_connid ));
+#else
 	Debug( LDAP_DEBUG_TRACE, "do_compare\n", 0, 0, 0 );
-
+#endif
 	/*
 	 * Parse the compare request.  It looks like this:
 	 *
@@ -61,14 +62,24 @@ do_compare(
 	 */
 
 	if ( ber_scanf( op->o_ber, "{a" /*}*/, &dn ) == LBER_ERROR ) {
+#ifdef NEW_LOGGING
+		LDAP_LOG(( "operation", LDAP_LEVEL_ERR,
+			   "do_compare: conn %d  ber_scanf failed\n", conn->c_connid ));
+#else
 		Debug( LDAP_DEBUG_ANY, "ber_scanf failed\n", 0, 0, 0 );
+#endif
 		send_ldap_disconnect( conn, op,
 			LDAP_PROTOCOL_ERROR, "decoding error" );
 		return SLAPD_DISCONNECT;
 	}
 
 	if ( ber_scanf( op->o_ber, "{oo}", &desc, &value ) == LBER_ERROR ) {
+#ifdef NEW_LOGGING
+		LDAP_LOG(( "operation", LDAP_LEVEL_ERR,
+			   "do_compare: conn %d  get ava failed\n", conn->c_connid ));
+#else
 		Debug( LDAP_DEBUG_ANY, "do_compare: get ava failed\n", 0, 0, 0 );
+#endif
 		send_ldap_disconnect( conn, op,
 			LDAP_PROTOCOL_ERROR, "decoding error" );
 		rc = SLAPD_DISCONNECT;
@@ -76,7 +87,12 @@ do_compare(
 	}
 
 	if ( ber_scanf( op->o_ber, /*{*/ "}" ) == LBER_ERROR ) {
+#ifdef NEW_LOGGING
+		LDAP_LOG(( "operation", LDAP_LEVEL_ERR,
+			   "do_compare: conn %d  ber_scanf failed\n", conn->c_connid ));
+#else
 		Debug( LDAP_DEBUG_ANY, "ber_scanf failed\n", 0, 0, 0 );
+#endif
 		send_ldap_disconnect( conn, op,
 			LDAP_PROTOCOL_ERROR, "decoding error" );
 		rc = SLAPD_DISCONNECT;
@@ -84,21 +100,71 @@ do_compare(
 	}
 
 	if( ( rc = get_ctrls( conn, op, 1 )) != LDAP_SUCCESS ) {
+#ifdef NEW_LOGGING
+		LDAP_LOG(( "operation", LDAP_LEVEL_INFO,
+			   "do_compare: conn %d  get_ctrls failed\n", conn->c_connid ));
+#else
 		Debug( LDAP_DEBUG_ANY, "do_compare: get_ctrls failed\n", 0, 0, 0 );
+#endif
 		goto cleanup;
 	} 
 
 	ndn = ch_strdup( dn );
 
 	if( dn_normalize( ndn ) == NULL ) {
+#ifdef NEW_LOGGING
+		LDAP_LOG(( "operation", LDAP_LEVEL_INFO,
+			   "do_compare: conn %d  invalid dn (%s)\n",
+			   conn->c_connid, dn ));
+#else
 		Debug( LDAP_DEBUG_ANY, "do_compare: invalid dn (%s)\n", dn, 0, 0 );
+#endif
 		send_ldap_result( conn, op, rc = LDAP_INVALID_DN_SYNTAX, NULL,
 		    "invalid DN", NULL, NULL );
 		goto cleanup;
 	}
 
-#ifdef SLAPD_SCHEMA_NOT_COMPAT
-	ava.aa_desc = NULL;
+	if( ndn == '\0' ) {
+#ifdef NEW_LOGGING
+		LDAP_LOG(( "operation", LDAP_LEVEL_DETAIL1,
+			   "do_compare: conn %d  compare to root DSE!\n",
+			   conn->c_connid ));
+#else
+		Debug( LDAP_DEBUG_ANY, "do_compare: root dse!\n", 0, 0, 0 );
+#endif
+		send_ldap_result( conn, op, rc = LDAP_UNWILLING_TO_PERFORM,
+			NULL, "compare upon the root DSE not supported", NULL, NULL );
+		goto cleanup;
+	}
+
+	manageDSAit = get_manageDSAit( op );
+
+	/*
+	 * We could be serving multiple database backends.  Select the
+	 * appropriate one, or send a referral to our "referral server"
+	 * if we don't hold it.
+	 */
+	if ( (be = select_backend( ndn, manageDSAit )) == NULL ) {
+		send_ldap_result( conn, op, rc = LDAP_REFERRAL,
+			NULL, NULL, default_referral, NULL );
+		rc = 1;
+		goto cleanup;
+	}
+
+	/* check restrictions */
+	rc = backend_check_restrictions( be, conn, op, NULL, &text ) ;
+	if( rc != LDAP_SUCCESS ) {
+		send_ldap_result( conn, op, rc,
+			NULL, text, NULL, NULL );
+		goto cleanup;
+	}
+
+	/* check for referrals */
+	rc = backend_check_referrals( be, conn, op, dn, ndn );
+	if ( rc != LDAP_SUCCESS ) {
+		goto cleanup;
+	}
+
 	rc = slap_bv2ad( &desc, &ava.aa_desc, &text );
 	if( rc != LDAP_SUCCESS ) {
 		send_ldap_result( conn, op, rc, NULL,
@@ -106,6 +172,13 @@ do_compare(
 		goto cleanup;
 	}
 
+	if( !ava.aa_desc->ad_type->sat_equality ) {
+		/* no equality matching rule */
+		send_ldap_result( conn, op, rc = LDAP_INAPPROPRIATE_MATCHING, NULL,
+		    "no equality matching rule defined", NULL, NULL );
+		goto cleanup;
+	}
+
 	rc = value_normalize( ava.aa_desc, SLAP_MR_EQUALITY, &value, &nvalue, &text );
 
 	if( rc != LDAP_SUCCESS ) {
@@ -116,46 +189,19 @@ do_compare(
 
 	ava.aa_value = nvalue;
 
-	Debug( LDAP_DEBUG_ARGS, "do_compare: dn (%s) attr (%s) value (%s)\n",
-	    dn, ava.aa_desc->ad_cname, ava.aa_value->bv_val );
-
-	Statslog( LDAP_DEBUG_STATS, "conn=%ld op=%d CMP dn=\"%s\" attr=\"%s\"\n",
-	    op->o_connid, op->o_opid, dn, ava.aa_desc->ad_cname, 0 );
-
+#ifdef NEW_LOGGING
+	LDAP_LOG(( "operation", LDAP_LEVEL_ARGS,
+		   "do_compare: conn %d	 dn (%s) attr(%s) value (%s)\n",
+		   conn->c_connid, dn, ava.aa_desc->ad_cname->bv_val,
+		   ava.aa_value->bv_val ));
 #else
-	ava.ava_type = desc.bv_val;
-	ava.ava_value = value;
-	attr_normalize( ava.ava_type );
-	value_normalize( ava.ava_value.bv_val, attr_syntax( ava.ava_type ) );
-
 	Debug( LDAP_DEBUG_ARGS, "do_compare: dn (%s) attr (%s) value (%s)\n",
-	    dn, ava.ava_type, ava.ava_value.bv_val );
-
-	Statslog( LDAP_DEBUG_STATS, "conn=%ld op=%d CMP dn=\"%s\" attr=\"%s\"\n",
-	    op->o_connid, op->o_opid, dn, ava.ava_type, 0 );
+	    dn, ava.aa_desc->ad_cname->bv_val, ava.aa_value->bv_val );
 #endif
 
+	Statslog( LDAP_DEBUG_STATS, "conn=%ld op=%d CMP dn=\"%s\" attr=\"%s\"\n",
+	    op->o_connid, op->o_opid, dn, ava.aa_desc->ad_cname->bv_val, 0 );
 
-	/*
-	 * We could be serving multiple database backends.  Select the
-	 * appropriate one, or send a referral to our "referral server"
-	 * if we don't hold it.
-	 */
-	if ( (be = select_backend( ndn )) == NULL ) {
-		send_ldap_result( conn, op, rc = LDAP_REFERRAL,
-			NULL, NULL, default_referral, NULL );
-		rc = 1;
-		goto cleanup;
-	}
-
-	/* make sure this backend recongizes critical controls */
-	rc = backend_check_controls( be, conn, op, &text ) ;
-
-	if( rc != LDAP_SUCCESS ) {
-		send_ldap_result( conn, op, rc,
-			NULL, text, NULL, NULL );
-		goto cleanup;
-	}
 
 	/* deref suffix alias if appropriate */
 	ndn = suffix_alias( be, ndn );
@@ -164,7 +210,7 @@ do_compare(
 		(*be->be_compare)( be, conn, op, dn, ndn, &ava );
 	} else {
 		send_ldap_result( conn, op, rc = LDAP_UNWILLING_TO_PERFORM,
-			NULL, "compare function not implemented", NULL, NULL );
+			NULL, "operation not supported within namingContext", NULL, NULL );
 	}
 
 cleanup:
@@ -172,11 +218,9 @@ cleanup:
 	free( ndn );
 	free( desc.bv_val );
 	free( value.bv_val );
-#ifdef SLAPD_SCHEMA_NOT_COMPAT
 	if( ava.aa_desc != NULL ) {
 		ad_free( ava.aa_desc, 1 );
 	}
-#endif
 
 	return rc;
 }