xref: /netbsd-src/external/bsd/openldap/dist/servers/slapd/back-monitor/compare.c (revision 6a493d6bc668897c91594964a732d38505b70cbb) 
1 /*	$NetBSD: compare.c,v 1.1.1.3 2010/12/12 15:23:13 adam Exp $	*/
2 
3 /* compare.c - monitor backend compare routine */
4 /* OpenLDAP: pkg/ldap/servers/slapd/back-monitor/compare.c,v 1.24.2.7 2010/04/13 20:23:32 kurt Exp */
5 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
6  *
7  * Copyright 2001-2010 The OpenLDAP Foundation.
8  * Portions Copyright 2001-2003 Pierangelo Masarati.
9  * All rights reserved.
10  *
11  * Redistribution and use in source and binary forms, with or without
12  * modification, are permitted only as authorized by the OpenLDAP
13  * Public License.
14  *
15  * A copy of this license is available in file LICENSE in the
16  * top-level directory of the distribution or, alternatively, at
17  * <http://www.OpenLDAP.org/license.html>.
18  */
19 /* ACKNOWLEDGEMENTS:
20  * This work was initially developed by Pierangelo Masarati for inclusion
21  * in OpenLDAP Software.
22  */
23 
24 #include "portable.h"
25 
26 #include <stdio.h>
27 
28 #include <slap.h>
29 #include "back-monitor.h"
30 
31 int
32 monitor_back_compare( Operation *op, SlapReply *rs )
33 {
34 	monitor_info_t	*mi = ( monitor_info_t * ) op->o_bd->be_private;
35 	Entry           *e, *matched = NULL;
36 	Attribute	*a;
37 	int		rc;
38 
39 	/* get entry with reader lock */
40 	monitor_cache_dn2entry( op, rs, &op->o_req_ndn, &e, &matched );
41 	if ( e == NULL ) {
42 		rs->sr_err = LDAP_NO_SUCH_OBJECT;
43 		if ( matched ) {
44 			if ( !access_allowed_mask( op, matched,
45 					slap_schema.si_ad_entry,
46 					NULL, ACL_DISCLOSE, NULL, NULL ) )
47 			{
48 				/* do nothing */ ;
49 			} else {
50 				rs->sr_matched = matched->e_dn;
51 			}
52 		}
53 		send_ldap_result( op, rs );
54 		if ( matched ) {
55 			monitor_cache_release( mi, matched );
56 			rs->sr_matched = NULL;
57 		}
58 
59 		return rs->sr_err;
60 	}
61 
62 	rs->sr_err = access_allowed( op, e, op->oq_compare.rs_ava->aa_desc,
63 			&op->oq_compare.rs_ava->aa_value, ACL_COMPARE, NULL );
64 	if ( !rs->sr_err ) {
65 		rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
66 		goto return_results;
67 	}
68 
69 	rs->sr_err = LDAP_NO_SUCH_ATTRIBUTE;
70 
71 	for ( a = attrs_find( e->e_attrs, op->oq_compare.rs_ava->aa_desc );
72 			a != NULL;
73 			a = attrs_find( a->a_next, op->oq_compare.rs_ava->aa_desc )) {
74 		rs->sr_err = LDAP_COMPARE_FALSE;
75 
76 		if ( attr_valfind( a,
77 			SLAP_MR_ATTRIBUTE_VALUE_NORMALIZED_MATCH |
78 				SLAP_MR_ASSERTED_VALUE_NORMALIZED_MATCH,
79 			&op->oq_compare.rs_ava->aa_value, NULL,
80 			op->o_tmpmemctx ) == 0 )
81 		{
82 			rs->sr_err = LDAP_COMPARE_TRUE;
83 			break;
84 		}
85 	}
86 
87 return_results:;
88 	rc = rs->sr_err;
89 	switch ( rc ) {
90 	case LDAP_COMPARE_FALSE:
91 	case LDAP_COMPARE_TRUE:
92 		rc = LDAP_SUCCESS;
93 		break;
94 
95 	case LDAP_NO_SUCH_ATTRIBUTE:
96 		break;
97 
98 	default:
99 		if ( !access_allowed_mask( op, e, slap_schema.si_ad_entry,
100 				NULL, ACL_DISCLOSE, NULL, NULL ) )
101 		{
102 			rs->sr_err = LDAP_NO_SUCH_OBJECT;
103 		}
104 		break;
105 	}
106 
107 	send_ldap_result( op, rs );
108 	rs->sr_err = rc;
109 
110 	monitor_cache_release( mi, e );
111 
112 	return rs->sr_err;
113 }
114 
115