1/* $NetBSD$ */ 2 3/* compare.c - monitor backend compare routine */ 4/* OpenLDAP: pkg/ldap/servers/slapd/back-monitor/compare.c,v 1.24.2.7 2010/04/13 20:23:32 kurt Exp */ 5/* This work is part of OpenLDAP Software <http://www.openldap.org/>. 6 * 7 * Copyright 2001-2010 The OpenLDAP Foundation. 8 * Portions Copyright 2001-2003 Pierangelo Masarati. 9 * All rights reserved. 10 * 11 * Redistribution and use in source and binary forms, with or without 12 * modification, are permitted only as authorized by the OpenLDAP 13 * Public License. 14 * 15 * A copy of this license is available in file LICENSE in the 16 * top-level directory of the distribution or, alternatively, at 17 * <http://www.OpenLDAP.org/license.html>. 18 */ 19/* ACKNOWLEDGEMENTS: 20 * This work was initially developed by Pierangelo Masarati for inclusion 21 * in OpenLDAP Software. 22 */ 23 24#include "portable.h" 25 26#include <stdio.h> 27 28#include <slap.h> 29#include "back-monitor.h" 30 31int 32monitor_back_compare( Operation *op, SlapReply *rs ) 33{ 34 monitor_info_t *mi = ( monitor_info_t * ) op->o_bd->be_private; 35 Entry *e, *matched = NULL; 36 Attribute *a; 37 int rc; 38 39 /* get entry with reader lock */ 40 monitor_cache_dn2entry( op, rs, &op->o_req_ndn, &e, &matched ); 41 if ( e == NULL ) { 42 rs->sr_err = LDAP_NO_SUCH_OBJECT; 43 if ( matched ) { 44 if ( !access_allowed_mask( op, matched, 45 slap_schema.si_ad_entry, 46 NULL, ACL_DISCLOSE, NULL, NULL ) ) 47 { 48 /* do nothing */ ; 49 } else { 50 rs->sr_matched = matched->e_dn; 51 } 52 } 53 send_ldap_result( op, rs ); 54 if ( matched ) { 55 monitor_cache_release( mi, matched ); 56 rs->sr_matched = NULL; 57 } 58 59 return rs->sr_err; 60 } 61 62 rs->sr_err = access_allowed( op, e, op->oq_compare.rs_ava->aa_desc, 63 &op->oq_compare.rs_ava->aa_value, ACL_COMPARE, NULL ); 64 if ( !rs->sr_err ) { 65 rs->sr_err = LDAP_INSUFFICIENT_ACCESS; 66 goto return_results; 67 } 68 69 rs->sr_err = LDAP_NO_SUCH_ATTRIBUTE; 70 71 for ( a = attrs_find( e->e_attrs, op->oq_compare.rs_ava->aa_desc ); 72 a != NULL; 73 a = attrs_find( a->a_next, op->oq_compare.rs_ava->aa_desc )) { 74 rs->sr_err = LDAP_COMPARE_FALSE; 75 76 if ( attr_valfind( a, 77 SLAP_MR_ATTRIBUTE_VALUE_NORMALIZED_MATCH | 78 SLAP_MR_ASSERTED_VALUE_NORMALIZED_MATCH, 79 &op->oq_compare.rs_ava->aa_value, NULL, 80 op->o_tmpmemctx ) == 0 ) 81 { 82 rs->sr_err = LDAP_COMPARE_TRUE; 83 break; 84 } 85 } 86 87return_results:; 88 rc = rs->sr_err; 89 switch ( rc ) { 90 case LDAP_COMPARE_FALSE: 91 case LDAP_COMPARE_TRUE: 92 rc = LDAP_SUCCESS; 93 break; 94 95 case LDAP_NO_SUCH_ATTRIBUTE: 96 break; 97 98 default: 99 if ( !access_allowed_mask( op, e, slap_schema.si_ad_entry, 100 NULL, ACL_DISCLOSE, NULL, NULL ) ) 101 { 102 rs->sr_err = LDAP_NO_SUCH_OBJECT; 103 } 104 break; 105 } 106 107 send_ldap_result( op, rs ); 108 rs->sr_err = rc; 109 110 monitor_cache_release( mi, e ); 111 112 return rs->sr_err; 113} 114 115