xref: /netbsd-src/external/bsd/openldap/dist/servers/slapd/back-monitor/compare.c (revision 274254cdae52594c1aa480a736aef78313d15c9c) 
1 /* compare.c - monitor backend compare routine */
2 /* $OpenLDAP: pkg/ldap/servers/slapd/back-monitor/compare.c,v 1.24.2.5 2008/02/11 23:26:47 kurt Exp $ */
3 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
4  *
5  * Copyright 2001-2008 The OpenLDAP Foundation.
6  * Portions Copyright 2001-2003 Pierangelo Masarati.
7  * All rights reserved.
8  *
9  * Redistribution and use in source and binary forms, with or without
10  * modification, are permitted only as authorized by the OpenLDAP
11  * Public License.
12  *
13  * A copy of this license is available in file LICENSE in the
14  * top-level directory of the distribution or, alternatively, at
15  * <http://www.OpenLDAP.org/license.html>.
16  */
17 /* ACKNOWLEDGEMENTS:
18  * This work was initially developed by Pierangelo Masarati for inclusion
19  * in OpenLDAP Software.
20  */
21 
22 #include "portable.h"
23 
24 #include <stdio.h>
25 
26 #include <slap.h>
27 #include "back-monitor.h"
28 
29 int
30 monitor_back_compare( Operation *op, SlapReply *rs )
31 {
32 	monitor_info_t	*mi = ( monitor_info_t * ) op->o_bd->be_private;
33 	Entry           *e, *matched = NULL;
34 	Attribute	*a;
35 	int		rc;
36 
37 	/* get entry with reader lock */
38 	monitor_cache_dn2entry( op, rs, &op->o_req_ndn, &e, &matched );
39 	if ( e == NULL ) {
40 		rs->sr_err = LDAP_NO_SUCH_OBJECT;
41 		if ( matched ) {
42 			if ( !access_allowed_mask( op, matched,
43 					slap_schema.si_ad_entry,
44 					NULL, ACL_DISCLOSE, NULL, NULL ) )
45 			{
46 				/* do nothing */ ;
47 			} else {
48 				rs->sr_matched = matched->e_dn;
49 			}
50 		}
51 		send_ldap_result( op, rs );
52 		if ( matched ) {
53 			monitor_cache_release( mi, matched );
54 			rs->sr_matched = NULL;
55 		}
56 
57 		return rs->sr_err;
58 	}
59 
60 	rs->sr_err = access_allowed( op, e, op->oq_compare.rs_ava->aa_desc,
61 			&op->oq_compare.rs_ava->aa_value, ACL_COMPARE, NULL );
62 	if ( !rs->sr_err ) {
63 		rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
64 		goto return_results;
65 	}
66 
67 	rs->sr_err = LDAP_NO_SUCH_ATTRIBUTE;
68 
69 	for ( a = attrs_find( e->e_attrs, op->oq_compare.rs_ava->aa_desc );
70 			a != NULL;
71 			a = attrs_find( a->a_next, op->oq_compare.rs_ava->aa_desc )) {
72 		rs->sr_err = LDAP_COMPARE_FALSE;
73 
74 		if ( attr_valfind( a,
75 			SLAP_MR_ATTRIBUTE_VALUE_NORMALIZED_MATCH |
76 				SLAP_MR_ASSERTED_VALUE_NORMALIZED_MATCH,
77 			&op->oq_compare.rs_ava->aa_value, NULL,
78 			op->o_tmpmemctx ) == 0 )
79 		{
80 			rs->sr_err = LDAP_COMPARE_TRUE;
81 			break;
82 		}
83 	}
84 
85 return_results:;
86 	rc = rs->sr_err;
87 	switch ( rc ) {
88 	case LDAP_COMPARE_FALSE:
89 	case LDAP_COMPARE_TRUE:
90 		rc = LDAP_SUCCESS;
91 		break;
92 
93 	case LDAP_NO_SUCH_ATTRIBUTE:
94 		break;
95 
96 	default:
97 		if ( !access_allowed_mask( op, e, slap_schema.si_ad_entry,
98 				NULL, ACL_DISCLOSE, NULL, NULL ) )
99 		{
100 			rs->sr_err = LDAP_NO_SUCH_OBJECT;
101 		}
102 		break;
103 	}
104 
105 	send_ldap_result( op, rs );
106 	rs->sr_err = rc;
107 
108 	monitor_cache_release( mi, e );
109 
110 	return rs->sr_err;
111 }
112 
113