1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
|
/* compare.c - ldap backend compare function */
/* $OpenLDAP: pkg/ldap/servers/slapd/back-ldap/compare.c,v 1.18.2.6 2003/12/22 23:37:28 hyc Exp $ */
/*
* Copyright 1998-2003 The OpenLDAP Foundation, All Rights Reserved.
* COPYING RESTRICTIONS APPLY, see COPYRIGHT file
*/
/* This is an altered version */
/*
* Copyright 1999, Howard Chu, All rights reserved. <hyc@highlandsun.com>
*
* Permission is granted to anyone to use this software for any purpose
* on any computer system, and to alter it and redistribute it, subject
* to the following restrictions:
*
* 1. The author is not responsible for the consequences of use of this
* software, no matter how awful, even if they arise from flaws in it.
*
* 2. The origin of this software must not be misrepresented, either by
* explicit claim or by omission. Since few users ever read sources,
* credits should appear in the documentation.
*
* 3. Altered versions must be plainly marked as such, and must not be
* misrepresented as being the original software. Since few users
* ever read sources, credits should appear in the documentation.
*
* 4. This notice may not be removed or altered.
*
*
*
* Copyright 2000, Pierangelo Masarati, All rights reserved. <ando@sys-net.it>
*
* This software is being modified by Pierangelo Masarati.
* The previously reported conditions apply to the modified code as well.
* Changes in the original code are highlighted where required.
* Credits for the original code go to the author, Howard Chu.
*/
#include "portable.h"
#include <stdio.h>
#include <ac/string.h>
#include <ac/socket.h>
#include "slap.h"
#include "back-ldap.h"
int
ldap_back_compare(
Backend *be,
Connection *conn,
Operation *op,
struct berval *dn,
struct berval *ndn,
AttributeAssertion *ava
)
{
struct ldapinfo *li = (struct ldapinfo *) be->be_private;
struct ldapconn *lc;
struct berval mapped_at, mapped_val;
struct berval mdn = { 0, NULL };
int freeval = 0;
lc = ldap_back_getconn(li, conn, op);
if (!lc || !ldap_back_dobind( lc, op ) ) {
return( -1 );
}
/*
* Rewrite the compare dn, if needed
*/
#ifdef ENABLE_REWRITE
switch ( rewrite_session( li->rwinfo, "compareDn", dn->bv_val, conn, &mdn.bv_val ) ) {
case REWRITE_REGEXEC_OK:
if ( mdn.bv_val == NULL ) {
mdn.bv_val = ( char * )dn->bv_val;
}
#ifdef NEW_LOGGING
LDAP_LOG( BACK_LDAP, DETAIL1,
"[rw] compareDn: \"%s\" -> \"%s\"\n", dn->bv_val, mdn.bv_val, 0 );
#else /* !NEW_LOGGING */
Debug( LDAP_DEBUG_ARGS, "rw> compareDn: \"%s\" -> \"%s\"\n%s",
dn->bv_val, mdn.bv_val, "" );
#endif /* !NEW_LOGGING */
break;
case REWRITE_REGEXEC_UNWILLING:
send_ldap_result( conn, op, LDAP_UNWILLING_TO_PERFORM,
NULL, "Operation not allowed", NULL, NULL );
return( -1 );
case REWRITE_REGEXEC_ERR:
send_ldap_result( conn, op, LDAP_OTHER,
NULL, "Rewrite error", NULL, NULL );
return( -1 );
}
#else /* !ENABLE_REWRITE */
ldap_back_dn_massage( li, dn, &mdn, 0, 1 );
if ( mdn.bv_val == NULL ) {
return -1;
}
#endif /* !ENABLE_REWRITE */
if ( ava->aa_desc == slap_schema.si_ad_objectClass ) {
ldap_back_map(&li->oc_map, &ava->aa_value, &mapped_val,
BACKLDAP_MAP);
if (mapped_val.bv_val == NULL || mapped_val.bv_val[0] == '\0') {
return( -1 );
}
mapped_at = ava->aa_desc->ad_cname;
} else {
ldap_back_map(&li->at_map, &ava->aa_desc->ad_cname, &mapped_at,
BACKLDAP_MAP);
if (mapped_at.bv_val == NULL || mapped_at.bv_val[0] == '\0') {
return( -1 );
}
if (ava->aa_desc->ad_type->sat_syntax ==
slap_schema.si_syn_distinguishedName) {
#ifdef ENABLE_REWRITE
switch ( rewrite_session( li->rwinfo, "bindDn", ava->aa_value.bv_val, conn, &mapped_val.bv_val ) ) {
case REWRITE_REGEXEC_OK:
if ( mapped_val.bv_val == NULL ) {
mapped_val.bv_val = ( char * )ava->aa_value.bv_val;
} else {
freeval = 1;
}
#ifdef NEW_LOGGING
LDAP_LOG( BACK_LDAP, DETAIL1,
"[rw] bindDn (dnAttr): \"%s\" -> \"%s\"\n", ava->aa_value.bv_val, mapped_val.bv_val, 0 );
#else /* !NEW_LOGGING */
Debug( LDAP_DEBUG_ARGS,
"[rw] bindDn (dnAttr): \"%s\" -> \"%s\"\n", ava->aa_value.bv_val, mapped_val.bv_val, 0 );
#endif /* !NEW_LOGGING */
break;
case REWRITE_REGEXEC_UNWILLING:
send_ldap_result( conn, op, LDAP_UNWILLING_TO_PERFORM,
NULL, "Operation not allowed", NULL, NULL );
return( -1 );
case REWRITE_REGEXEC_ERR:
send_ldap_result( conn, op, LDAP_OTHER,
NULL, "Rewrite error", NULL, NULL );
return( -1 );
}
#else /* !ENABLE_REWRITE */
ldap_back_dn_massage( li, &ava->aa_value, &mapped_val, 0, 1 );
if ( mapped_val.bv_val == NULL ) {
mapped_val = ava->aa_value;
} else {
freeval = 1;
}
#endif /* !ENABLE_REWRITE */
} else {
mapped_val = ava->aa_value;
}
}
ldap_compare_s( lc->ld, mdn.bv_val, mapped_at.bv_val, mapped_val.bv_val );
if ( mdn.bv_val != dn->bv_val ) {
free( mdn.bv_val );
}
if ( freeval ) {
free( mapped_val.bv_val );
}
return( ldap_back_op_result( lc, op ) );
}
|
