X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=servers%2Fslapd%2Fcompare.c;h=81e3e9f54e206783b54226bbe957f3b67fe4b4fa;hb=416aeb9347609866126a71de112afdefdff829bf;hp=890c3e019385cebbcd054265afcefe790c476b17;hpb=bc51bd5180fe6c83b92b76578e2b9e4b0492b7af;p=openldap diff --git a/servers/slapd/compare.c b/servers/slapd/compare.c index 890c3e0193..81e3e9f54e 100644 --- a/servers/slapd/compare.c +++ b/servers/slapd/compare.c @@ -1,6 +1,6 @@ /* $OpenLDAP$ */ /* - * Copyright 1998-1999 The OpenLDAP Foundation, All Rights Reserved. + * Copyright 1998-2002 The OpenLDAP Foundation, All Rights Reserved. * COPYING RESTRICTIONS APPLY, see COPYRIGHT file */ /* @@ -18,45 +18,43 @@ #include "portable.h" #include - #include #include "ldap_pvt.h" #include "slap.h" +static int compare_entry( + Connection *conn, + Operation *op, + Entry *e, + AttributeAssertion *ava ); + int do_compare( Connection *conn, Operation *op ) { - char *dn = NULL, *ndn=NULL; - struct berval desc; - struct berval value; + Entry *entry = NULL; + Entry *fentry = NULL; + struct berval dn = { 0, NULL }; + struct berval pdn = { 0, NULL }; + struct berval ndn = { 0, NULL }; + struct berval desc = { 0, NULL }; + struct berval value = { 0, NULL }; + AttributeAssertion ava = { 0 }; Backend *be; int rc = LDAP_SUCCESS; -#ifdef SLAPD_SCHEMA_NOT_COMPAT - char *text = NULL; - AttributeAssertion ava; + const char *text = NULL; + int manageDSAit; ava.aa_desc = NULL; -#else - Ava ava; -#endif - - desc.bv_val = NULL; - value.bv_val = NULL; +#ifdef NEW_LOGGING + LDAP_LOG( OPERATION, ENTRY, "do_compare: conn %d\n", conn->c_connid, 0, 0 ); +#else Debug( LDAP_DEBUG_TRACE, "do_compare\n", 0, 0, 0 ); - - if( op->o_bind_in_progress ) { - Debug( LDAP_DEBUG_ANY, "do_compare: SASL bind in progress.\n", - 0, 0, 0 ); - send_ldap_result( conn, op, LDAP_SASL_BIND_IN_PROGRESS, - NULL, "SASL bind in progress", NULL, NULL ); - return LDAP_SASL_BIND_IN_PROGRESS; - } - +#endif /* * Parse the compare request. It looks like this: * @@ -69,113 +67,248 @@ do_compare( * } */ - if ( ber_scanf( op->o_ber, "{a" /*}*/, &dn ) == LBER_ERROR ) { + if ( ber_scanf( op->o_ber, "{m" /*}*/, &dn ) == LBER_ERROR ) { +#ifdef NEW_LOGGING + LDAP_LOG( OPERATION, ERR, + "do_compare: conn %d ber_scanf failed\n", conn->c_connid, 0, 0 ); +#else Debug( LDAP_DEBUG_ANY, "ber_scanf failed\n", 0, 0, 0 ); +#endif send_ldap_disconnect( conn, op, LDAP_PROTOCOL_ERROR, "decoding error" ); - return -1; + return SLAPD_DISCONNECT; } - ndn = ch_strdup( dn ); - - if( dn_normalize( ndn ) == NULL ) { - Debug( LDAP_DEBUG_ANY, "do_compare: invalid dn (%s)\n", dn, 0, 0 ); - send_ldap_result( conn, op, rc = LDAP_INVALID_DN_SYNTAX, NULL, - "invalid DN", NULL, NULL ); - goto cleanup; - } - - if ( ber_scanf( op->o_ber, "{oo}", &desc, &value ) == LBER_ERROR ) { + if ( ber_scanf( op->o_ber, "{mm}", &desc, &value ) == LBER_ERROR ) { +#ifdef NEW_LOGGING + LDAP_LOG( OPERATION, ERR, + "do_compare: conn %d get ava failed\n", conn->c_connid, 0, 0 ); +#else Debug( LDAP_DEBUG_ANY, "do_compare: get ava failed\n", 0, 0, 0 ); +#endif send_ldap_disconnect( conn, op, LDAP_PROTOCOL_ERROR, "decoding error" ); - rc = -1; + rc = SLAPD_DISCONNECT; goto cleanup; } if ( ber_scanf( op->o_ber, /*{*/ "}" ) == LBER_ERROR ) { +#ifdef NEW_LOGGING + LDAP_LOG( OPERATION, ERR, + "do_compare: conn %d ber_scanf failed\n", conn->c_connid, 0, 0 ); +#else Debug( LDAP_DEBUG_ANY, "ber_scanf failed\n", 0, 0, 0 ); +#endif send_ldap_disconnect( conn, op, LDAP_PROTOCOL_ERROR, "decoding error" ); - rc = -1; + rc = SLAPD_DISCONNECT; goto cleanup; } if( ( rc = get_ctrls( conn, op, 1 )) != LDAP_SUCCESS ) { +#ifdef NEW_LOGGING + LDAP_LOG( OPERATION, INFO, + "do_compare: conn %d get_ctrls failed\n", conn->c_connid, 0, 0 ); +#else Debug( LDAP_DEBUG_ANY, "do_compare: get_ctrls failed\n", 0, 0, 0 ); +#endif goto cleanup; } -#ifdef SLAPD_SCHEMA_NOT_COMPAT - rc = slap_bv2ad( &desc, &ava.aa_desc, &text ); + rc = dnPrettyNormal( NULL, &dn, &pdn, &ndn ); if( rc != LDAP_SUCCESS ) { - send_ldap_result( conn, op, rc, NULL, - text, NULL, NULL ); +#ifdef NEW_LOGGING + LDAP_LOG( OPERATION, INFO, + "do_compare: conn %d invalid dn (%s)\n", + conn->c_connid, dn.bv_val, 0 ); +#else + Debug( LDAP_DEBUG_ANY, + "do_compare: invalid dn (%s)\n", dn.bv_val, 0, 0 ); +#endif + send_ldap_result( conn, op, rc = LDAP_INVALID_DN_SYNTAX, NULL, + "invalid DN", NULL, NULL ); goto cleanup; } - ava.aa_value = &value; - Debug( LDAP_DEBUG_ARGS, "do_compare: dn (%s) attr (%s) value (%s)\n", - dn, ava.aa_desc->ad_cname, ava.aa_value->bv_val ); + rc = slap_bv2ad( &desc, &ava.aa_desc, &text ); + if( rc != LDAP_SUCCESS ) { + send_ldap_result( conn, op, rc, NULL, text, NULL, NULL ); + goto cleanup; + } - Statslog( LDAP_DEBUG_STATS, "conn=%ld op=%d CMP dn=\"%s\" attr=\"%s\"\n", - op->o_connid, op->o_opid, dn, ava.aa_desc->ad_cname, 0 ); + rc = value_validate_normalize( ava.aa_desc, SLAP_MR_EQUALITY, + &value, &ava.aa_value, &text ); + if( rc != LDAP_SUCCESS ) { + send_ldap_result( conn, op, rc, NULL, text, NULL, NULL ); + goto cleanup; + } + if( strcasecmp( ndn.bv_val, LDAP_ROOT_DSE ) == 0 ) { +#ifdef NEW_LOGGING + LDAP_LOG( OPERATION, ARGS, + "do_compare: dn (%s) attr(%s) value (%s)\n", + pdn.bv_val, ava.aa_desc->ad_cname.bv_val, ava.aa_value.bv_val ); #else - ava.ava_type = desc.bv_val; - ava.ava_value = value; - attr_normalize( ava.ava_type ); - value_normalize( ava.ava_value.bv_val, attr_syntax( ava.ava_type ) ); + Debug( LDAP_DEBUG_ARGS, "do_compare: dn (%s) attr (%s) value (%s)\n", + pdn.bv_val, ava.aa_desc->ad_cname.bv_val, ava.aa_value.bv_val ); +#endif - Debug( LDAP_DEBUG_ARGS, "do_compare: dn (%s) attr (%s) value (%s)\n", - dn, ava.ava_type, ava.ava_value.bv_val ); + Statslog( LDAP_DEBUG_STATS, + "conn=%lu op=%lu CMP dn=\"%s\" attr=\"%s\"\n", + op->o_connid, op->o_opid, pdn.bv_val, + ava.aa_desc->ad_cname.bv_val, 0 ); + + rc = backend_check_restrictions( NULL, conn, op, NULL, &text ) ; + if( rc != LDAP_SUCCESS ) { + send_ldap_result( conn, op, rc, NULL, text, NULL, NULL ); + goto cleanup; + } + + rc = root_dse_info( conn, &entry, &text ); + if( rc != LDAP_SUCCESS ) { + send_ldap_result( conn, op, rc, NULL, text, NULL, NULL ); + goto cleanup; + } - Statslog( LDAP_DEBUG_STATS, "conn=%ld op=%d CMP dn=\"%s\" attr=\"%s\"\n", - op->o_connid, op->o_opid, dn, ava.ava_type, 0 ); + fentry = entry; + + } else if ( bvmatch( &ndn, &global_schemandn ) ) { +#ifdef NEW_LOGGING + LDAP_LOG( OPERATION, ARGS, + "do_compare: dn (%s) attr(%s) value (%s)\n", + pdn.bv_val, ava.aa_desc->ad_cname.bv_val, + ava.aa_value.bv_val ); +#else + Debug( LDAP_DEBUG_ARGS, "do_compare: dn (%s) attr (%s) value (%s)\n", + pdn.bv_val, ava.aa_desc->ad_cname.bv_val, ava.aa_value.bv_val ); #endif + Statslog( LDAP_DEBUG_STATS, + "conn=%lu op=%lu CMP dn=\"%s\" attr=\"%s\"\n", + op->o_connid, op->o_opid, pdn.bv_val, + ava.aa_desc->ad_cname.bv_val, 0 ); + + rc = backend_check_restrictions( NULL, conn, op, NULL, &text ) ; + if( rc != LDAP_SUCCESS ) { + send_ldap_result( conn, op, rc, NULL, text, NULL, NULL ); + rc = 0; + goto cleanup; + } + + rc = schema_info( &entry, &text ); + if( rc != LDAP_SUCCESS ) { + send_ldap_result( conn, op, rc, NULL, text, NULL, NULL ); + rc = 0; + goto cleanup; + } + fentry = entry; + } + + if( entry ) { + rc = compare_entry( conn, op, entry, &ava ); + if( fentry) entry_free( fentry ); + + send_ldap_result( conn, op, rc, NULL, text, NULL, NULL ); + + if( rc == LDAP_COMPARE_TRUE || rc == LDAP_COMPARE_FALSE ) { + rc = 0; + } + + goto cleanup; + } + + manageDSAit = get_manageDSAit( op ); /* * We could be serving multiple database backends. Select the * appropriate one, or send a referral to our "referral server" * if we don't hold it. */ - if ( (be = select_backend( ndn )) == NULL ) { + if ( (be = select_backend( &ndn, manageDSAit, 0 )) == NULL ) { + BerVarray ref = referral_rewrite( default_referral, + NULL, &pdn, LDAP_SCOPE_DEFAULT ); + send_ldap_result( conn, op, rc = LDAP_REFERRAL, - NULL, NULL, default_referral, NULL ); - rc = 1; + NULL, NULL, ref ? ref : default_referral, NULL ); + + ber_bvarray_free( ref ); + rc = 0; goto cleanup; } - /* make sure this backend recongizes critical controls */ - rc = backend_check_controls( be, conn, op ) ; - + /* check restrictions */ + rc = backend_check_restrictions( be, conn, op, NULL, &text ) ; if( rc != LDAP_SUCCESS ) { send_ldap_result( conn, op, rc, - NULL, NULL, NULL, NULL ); + NULL, text, NULL, NULL ); goto cleanup; } + /* check for referrals */ + rc = backend_check_referrals( be, conn, op, &pdn, &ndn ); + if ( rc != LDAP_SUCCESS ) { + goto cleanup; + } + +#ifdef NEW_LOGGING + LDAP_LOG( OPERATION, ARGS, + "do_compare: dn (%s) attr(%s) value (%s)\n", + pdn.bv_val, ava.aa_desc->ad_cname.bv_val, ava.aa_value.bv_val ); +#else + Debug( LDAP_DEBUG_ARGS, "do_compare: dn (%s) attr (%s) value (%s)\n", + pdn.bv_val, ava.aa_desc->ad_cname.bv_val, ava.aa_value.bv_val ); +#endif + + Statslog( LDAP_DEBUG_STATS, "conn=%lu op=%lu CMP dn=\"%s\" attr=\"%s\"\n", + op->o_connid, op->o_opid, pdn.bv_val, + ava.aa_desc->ad_cname.bv_val, 0 ); + + /* deref suffix alias if appropriate */ - ndn = suffix_alias( be, ndn ); + suffix_alias( be, &ndn ); if ( be->be_compare ) { - (*be->be_compare)( be, conn, op, dn, ndn, &ava ); + (*be->be_compare)( be, conn, op, &pdn, &ndn, &ava ); } else { send_ldap_result( conn, op, rc = LDAP_UNWILLING_TO_PERFORM, - NULL, "Function not implemented", NULL, NULL ); + NULL, "operation not supported within namingContext", + NULL, NULL ); } cleanup: - free( dn ); - free( ndn ); - free( desc.bv_val ); - free( value.bv_val ); -#ifdef SLAPD_SCHEMA_NOT_COMPAT - if( ava.aa_desc != NULL ) { - ad_free( ava.aa_desc, 1 ); + free( pdn.bv_val ); + free( ndn.bv_val ); + if ( ava.aa_value.bv_val ) free( ava.aa_value.bv_val ); + + return rc; +} + +static int compare_entry( + Connection *conn, + Operation *op, + Entry *e, + AttributeAssertion *ava ) +{ + int rc = LDAP_NO_SUCH_ATTRIBUTE; + Attribute *a; + + if ( ! access_allowed( NULL, conn, op, e, + ava->aa_desc, &ava->aa_value, ACL_COMPARE, NULL ) ) + { + return LDAP_INSUFFICIENT_ACCESS; + } + + for(a = attrs_find( e->e_attrs, ava->aa_desc ); + a != NULL; + a = attrs_find( a->a_next, ava->aa_desc )) + { + rc = LDAP_COMPARE_FALSE; + + if ( value_find( ava->aa_desc, a->a_vals, &ava->aa_value ) == 0 ) { + rc = LDAP_COMPARE_TRUE; + break; + } } -#endif return rc; }