Root DSE and subschema subentry compare.

Developed by Steve Omrani/IBM
Copyright IBM Corp. 2001
Use of this source code is subject to the terms of The OpenLDAP
Public License Version 2.7, 7 September 2001.  No trademarks of the
IBM Corporation are to be used to identify, endorse or promote any
products derived from this code without the prior written consent
of IBM.

diff --git a/servers/slapd/compare.c b/servers/slapd/compare.c
index 8196988daf7214ca0265932b1635e48001f929ff..1823ec18bab3fb4affa914ebf042928da5ceed90 100644 (file)
--- a/servers/slapd/compare.c
+++ b/servers/slapd/compare.c
@@ -23,12 +23,20 @@
 #include "ldap_pvt.h"
 #include "slap.h"
 
+static int compare_entry(
+       Connection *conn,
+       Operation *op,
+       Entry *e,
+       AttributeAssertion *ava );
+
 int
 do_compare(
     Connection *conn,
     Operation  *op
 )
 {
+       Entry *entry = NULL;
+       Attribute       *a = NULL;
        char    *dn = NULL, *ndn=NULL;
        struct berval desc;
        struct berval value;
@@ -124,16 +132,87 @@ do_compare(
                goto cleanup;
        }
 
-       if( *ndn == '\0' ) {
+       rc = slap_bv2ad( &desc, &ava.aa_desc, &text );
+       if( rc != LDAP_SUCCESS ) {
+               send_ldap_result( conn, op, rc, NULL, text, NULL, NULL );
+               return rc;
+       }
+
+       rc = value_normalize( ava.aa_desc, SLAP_MR_EQUALITY, &value, &nvalue, &text );
+       if( rc != LDAP_SUCCESS ) {
+               send_ldap_result( conn, op, rc, NULL, text, NULL, NULL );
+               return rc;
+       }
+
+       ava.aa_value = nvalue;
+
+       if( strcasecmp( ndn, LDAP_ROOT_DSE ) == 0 ) {
 #ifdef NEW_LOGGING
-               LDAP_LOG(( "operation", LDAP_LEVEL_DETAIL1,
-                          "do_compare: conn %d  compare to root DSE!\n",
-                          conn->c_connid ));
+               LDAP_LOG(( "operation", LDAP_LEVEL_ARGS,
+                       "do_compare: conn %d  dn (%s) attr(%s) value (%s)\n",
+                       conn->c_connid, dn, ava.aa_desc->ad_cname.bv_val,
+                       ava.aa_value->bv_val ));
 #else
-               Debug( LDAP_DEBUG_ANY, "do_compare: root dse!\n", 0, 0, 0 );
+               Debug( LDAP_DEBUG_ARGS, "do_compare: dn (%s) attr (%s) value (%s)\n",
+                       dn, ava.aa_desc->ad_cname.bv_val, ava.aa_value->bv_val );
 #endif
-               send_ldap_result( conn, op, rc = LDAP_UNWILLING_TO_PERFORM,
-                       NULL, "compare upon the root DSE not supported", NULL, NULL );
+
+               Statslog( LDAP_DEBUG_STATS,
+                       "conn=%ld op=%d CMP dn=\"%s\" attr=\"%s\"\n",
+                       op->o_connid, op->o_opid, dn, ava.aa_desc->ad_cname.bv_val, 0 );
+
+               rc = backend_check_restrictions( NULL, conn, op, NULL, &text ) ;
+               if( rc != LDAP_SUCCESS ) {
+                       send_ldap_result( conn, op, rc, NULL, text, NULL, NULL );
+                       goto cleanup;
+               }
+
+               rc = root_dse_info( conn, &entry, &text );
+               if( rc != LDAP_SUCCESS ) {
+                       send_ldap_result( conn, op, rc, NULL, text, NULL, NULL );
+                       goto cleanup;
+               }
+
+       } else if ( strcasecmp( ndn, SLAPD_SCHEMA_DN ) == 0 ) {
+#ifdef NEW_LOGGING
+               LDAP_LOG(( "operation", LDAP_LEVEL_ARGS,
+                       "do_compare: conn %d  dn (%s) attr(%s) value (%s)\n",
+                       conn->c_connid, dn, ava.aa_desc->ad_cname->bv_val,
+                       ava.aa_value->bv_val ));
+#else
+               Debug( LDAP_DEBUG_ARGS, "do_compare: dn (%s) attr (%s) value (%s)\n",
+                       dn, ava.aa_desc->ad_cname.bv_val, ava.aa_value->bv_val );
+#endif
+
+               Statslog( LDAP_DEBUG_STATS,
+                       "conn=%ld op=%d CMP dn=\"%s\" attr=\"%s\"\n",
+                       op->o_connid, op->o_opid, dn, ava.aa_desc->ad_cname.bv_val, 0 );
+
+               rc = backend_check_restrictions( NULL, conn, op, NULL, &text ) ;
+               if( rc != LDAP_SUCCESS ) {
+                       send_ldap_result( conn, op, rc, NULL, text, NULL, NULL );
+                       rc = 0;
+                       goto cleanup;
+               }
+
+               rc = schema_info( &entry, &text );
+               if( rc != LDAP_SUCCESS ) {
+                       send_ldap_result( conn, op, rc, NULL, text, NULL, NULL );
+                       rc = 0;
+                       goto cleanup;
+               }
+       }
+
+       if( entry ) {
+               rc = compare_entry( conn, op, entry, &ava );
+               entry_free( entry );
+
+               send_ldap_result( conn, op, rc, NULL, text, NULL, NULL );
+
+               if( rc == LDAP_COMPARE_TRUE || rc == LDAP_COMPARE_FALSE ) {
+                       rc = 0;
+               }
+
                goto cleanup;
        }
 
@@ -147,7 +226,7 @@ do_compare(
        if ( (be = select_backend( ndn, manageDSAit )) == NULL ) {
                send_ldap_result( conn, op, rc = LDAP_REFERRAL,
                        NULL, NULL, default_referral, NULL );
-               rc = 1;
+               rc = 0;
                goto cleanup;
        }
 
@@ -165,30 +244,6 @@ do_compare(
                goto cleanup;
        }
 
-       rc = slap_bv2ad( &desc, &ava.aa_desc, &text );
-       if( rc != LDAP_SUCCESS ) {
-               send_ldap_result( conn, op, rc, NULL,
-                   text, NULL, NULL );
-               goto cleanup;
-       }
-
-       if( !ava.aa_desc->ad_type->sat_equality ) {
-               /* no equality matching rule */
-               send_ldap_result( conn, op, rc = LDAP_INAPPROPRIATE_MATCHING, NULL,
-                   "no equality matching rule defined", NULL, NULL );
-               goto cleanup;
-       }
-
-       rc = value_normalize( ava.aa_desc, SLAP_MR_EQUALITY, &value, &nvalue, &text );
-
-       if( rc != LDAP_SUCCESS ) {
-               send_ldap_result( conn, op, rc, NULL,
-                   text, NULL, NULL );
-               goto cleanup;
-       }
-
-       ava.aa_value = nvalue;
-
 #ifdef NEW_LOGGING
        LDAP_LOG(( "operation", LDAP_LEVEL_ARGS,
                   "do_compare: conn %d  dn (%s) attr(%s) value (%s)\n",
@@ -221,3 +276,36 @@ cleanup:
 
        return rc;
 }
+
+static int compare_entry(
+       Connection *conn,
+       Operation *op,
+       Entry *e,
+       AttributeAssertion *ava )
+{
+       int rc = LDAP_NO_SUCH_ATTRIBUTE;
+       Attribute *a;
+
+       if ( ! access_allowed( NULL, conn, op, e,
+               ava->aa_desc, ava->aa_value, ACL_COMPARE ) )
+       {       
+               return LDAP_INSUFFICIENT_ACCESS;
+       }
+
+       for(a = attrs_find( e->e_attrs, ava->aa_desc );
+               a != NULL;
+               a = attrs_find( a->a_next, ava->aa_desc ))
+       {
+               rc = LDAP_COMPARE_FALSE;
+
+               if ( value_find_ex( ava->aa_desc,
+                       SLAP_MR_VALUE_IS_IN_MR_SYNTAX,
+                       a->a_vals, ava->aa_value ) == 0 )
+               {
+                       rc = LDAP_COMPARE_TRUE;
+                       break;
+               }
+       }
+
+       return rc;
+}