![[BACK]](/cvsweb/icons/back.gif){kind=icon}
Return to ds_compare.c CVS log ![[TXT]](/cvsweb/icons/text.gif){kind=icon}
![[DIR]](/cvsweb/icons/dir.gif){kind=icon}
Up to [CSRG BSD Unix] / 43BSDReno / contrib / isode-beta / quipu|
Return to ds_compare.c CVS log | Up to [CSRG BSD Unix] / 43BSDReno / contrib / isode-beta / quipu |
1.1 ! root 1: /* ds_compare.c - */ ! 2: ! 3: #ifndef lint ! 4: static char *rcsid = "$Header: /f/osi/quipu/RCS/ds_compare.c,v 7.1 90/07/09 14:45:40 mrose Exp $"; ! 5: #endif ! 6: ! 7: /* ! 8: * $Header: /f/osi/quipu/RCS/ds_compare.c,v 7.1 90/07/09 14:45:40 mrose Exp $ ! 9: * ! 10: * ! 11: * $Log: ds_compare.c,v $ ! 12: * Revision 7.1 90/07/09 14:45:40 mrose ! 13: * sync ! 14: * ! 15: * Revision 7.0 89/11/23 22:17:06 mrose ! 16: * Release 6.0 ! 17: * ! 18: */ ! 19: ! 20: /* ! 21: * NOTICE ! 22: * ! 23: * Acquisition, use, and distribution of this module and related ! 24: * materials are subject to the restrictions of a license agreement. ! 25: * Consult the Preface in the User's Manual for the full terms of ! 26: * this agreement. ! 27: * ! 28: */ ! 29: ! 30: ! 31: #include "quipu/util.h" ! 32: #include "quipu/entry.h" ! 33: #include "quipu/compare.h" ! 34: ! 35: extern LLog * log_dsap; ! 36: extern int encode_DAS_CompareArgumentData(); ! 37: static attribute_not_cached (); ! 38: ! 39: do_ds_compare (arg, error, result, binddn, target, di_p, dsp) ! 40: struct ds_compare_arg *arg; ! 41: struct ds_compare_result *result; ! 42: struct DSError *error; ! 43: DN binddn; ! 44: DN target; ! 45: struct di_block **di_p; ! 46: char dsp; ! 47: { ! 48: Entry entryptr; ! 49: register Attr_Sequence as; ! 50: register AV_Sequence tmp; ! 51: struct acl_info * acl; ! 52: register int i; ! 53: int retval; ! 54: DN realtarget; ! 55: ! 56: DLOG (log_dsap,LLOG_TRACE,("ds_compare")); ! 57: ! 58: if (!dsp) ! 59: target = arg->cma_object; ! 60: ! 61: if (target == NULLDN) { ! 62: error->dse_type = DSE_NAMEERROR; ! 63: error->ERR_NAME.DSE_na_problem = DSE_NA_NOSUCHOBJECT; ! 64: error->ERR_NAME.DSE_na_matched = NULLDN; ! 65: return (DS_ERROR_REMOTE); ! 66: } ! 67: ! 68: switch(find_entry(target, &(arg->cma_common), binddn, NULLDNSEQ, FALSE, &(entryptr), error, di_p)) ! 69: { ! 70: case DS_OK: ! 71: /* Filled out entryptr - carry on */ ! 72: break; ! 73: case DS_CONTINUE: ! 74: /* Filled out di_p - what do we do with it ?? */ ! 75: return(DS_CONTINUE); ! 76: ! 77: case DS_X500_ERROR: ! 78: /* Filled out error - what do we do with it ?? */ ! 79: return(DS_X500_ERROR); ! 80: default: ! 81: /* SCREAM */ ! 82: LLOG(log_dsap, LLOG_EXCEPTIONS, ("do_ds_compare() - find_entry failed")); ! 83: return(DS_ERROR_LOCAL); ! 84: } ! 85: ! 86: /* Strong authentication */ ! 87: if ((retval = check_security_parms((caddr_t) arg, ! 88: encode_DAS_CompareArgumentData, ! 89: arg->cma_common.ca_security, ! 90: arg->cma_common.ca_sig, &binddn)) != 0) ! 91: { ! 92: error->dse_type = DSE_SECURITYERROR; ! 93: error->ERR_SECURITY.DSE_sc_problem = retval; ! 94: return (DS_ERROR_REMOTE); ! 95: } ! 96: ! 97: realtarget = get_copy_dn(entryptr); ! 98: ! 99: if (arg->cma_purported.ava_type == NULLTABLE_ATTR) { ! 100: int res = invalid_matching (arg->cma_purported.ava_type,error,realtarget); ! 101: dn_free (realtarget); ! 102: return res; ! 103: } ! 104: ! 105: if (check_acl (dsp ? NULLDN : binddn,ACL_COMPARE,entryptr->e_acl->ac_entry, realtarget) == NOTOK) { ! 106: if (dsp && (check_acl (binddn,ACL_COMPARE,entryptr->e_acl->ac_entry, realtarget) == OK)) { ! 107: error->dse_type = DSE_SECURITYERROR; ! 108: error->ERR_SECURITY.DSE_sc_problem = DSE_SC_AUTHENTICATION; ! 109: dn_free (realtarget); ! 110: return (DS_ERROR_REMOTE); ! 111: } else { ! 112: error->dse_type = DSE_SECURITYERROR; ! 113: error->ERR_SECURITY.DSE_sc_problem = DSE_SC_ACCESSRIGHTS; ! 114: dn_free (realtarget); ! 115: return (DS_ERROR_REMOTE); ! 116: } ! 117: } ! 118: ! 119: if ((as = as_find_type (entryptr->e_attributes, arg->cma_purported.ava_type)) == NULLATTR) { ! 120: if (attribute_not_cached (entryptr,binddn,grab_oid(arg->cma_purported.ava_type),realtarget,ACL_COMPARE)) { ! 121: int res = referral_dsa_info(realtarget,NULLDNSEQ,FALSE,entryptr,error,di_p, ! 122: arg->cma_common.ca_servicecontrol.svc_options & SVC_OPT_PREFERCHAIN); ! 123: dn_free (realtarget); ! 124: return res; ! 125: } ! 126: ! 127: dn_free (realtarget); ! 128: error->dse_type = DSE_ATTRIBUTEERROR; ! 129: error->ERR_ATTRIBUTE.DSE_at_name = get_copy_dn(entryptr); ! 130: error->ERR_ATTRIBUTE.DSE_at_plist.DSE_at_what = DSE_AT_NOSUCHATTRIBUTE; ! 131: error->ERR_ATTRIBUTE.DSE_at_plist.DSE_at_type = AttrT_cpy(arg->cma_purported.ava_type); ! 132: error->ERR_ATTRIBUTE.DSE_at_plist.DSE_at_value = NULLAttrV; ! 133: error->ERR_ATTRIBUTE.DSE_at_plist.dse_at_next = DSE_AT_NOPROBLEM; ! 134: return (DS_ERROR_REMOTE); ! 135: } ! 136: ! 137: acl = as->attr_acl; ! 138: ! 139: if (check_acl (dsp ? NULLDN : binddn,ACL_COMPARE, acl,realtarget) == NOTOK) { ! 140: if (dsp && (check_acl (binddn,ACL_COMPARE, acl, realtarget) == OK)) { ! 141: error->dse_type = DSE_SECURITYERROR; ! 142: error->ERR_SECURITY.DSE_sc_problem = DSE_SC_AUTHENTICATION; ! 143: dn_free (realtarget); ! 144: return (DS_ERROR_REMOTE); ! 145: } else { ! 146: error->dse_type = DSE_SECURITYERROR; ! 147: error->ERR_SECURITY.DSE_sc_problem = DSE_SC_ACCESSRIGHTS; ! 148: dn_free (realtarget); ! 149: return (DS_ERROR_REMOTE); ! 150: } ! 151: } ! 152: ! 153: dn_free (realtarget); ! 154: ! 155: result->cmr_iscopy = entryptr->e_data; ! 156: result->cmr_common.cr_requestor = NULLDN; ! 157: ! 158: /* if no error and NOT SVC_OPT_DONTDEREFERENCEALIASES then */ ! 159: /* the alias will have been derefeferenced -signified by */ ! 160: /* NO_ERROR !!! */ ! 161: if (error->dse_type == DSE_NOERROR) { ! 162: result->cmr_common.cr_aliasdereferenced = FALSE; ! 163: result->cmr_object = NULLDN; ! 164: } else { ! 165: result->cmr_common.cr_aliasdereferenced = TRUE; ! 166: result->cmr_object = get_copy_dn (entryptr); ! 167: } ! 168: ! 169: for (tmp = as->attr_value; tmp != NULLAV; tmp = tmp->avseq_next) { ! 170: i = AttrV_cmp (&tmp->avseq_av, arg->cma_purported.ava_value); ! 171: switch (i) { ! 172: case 0 : ! 173: result->cmr_matched= TRUE; ! 174: return (DS_OK); ! 175: case 1: ! 176: case -1: ! 177: case 2: ! 178: break; ! 179: default: ! 180: error->dse_type = DSE_ATTRIBUTEERROR; ! 181: error->ERR_ATTRIBUTE.DSE_at_name = get_copy_dn (entryptr); ! 182: error->ERR_ATTRIBUTE.DSE_at_plist.DSE_at_what = DSE_AT_INAPPROPRIATEMATCHING; ! 183: error->ERR_ATTRIBUTE.DSE_at_plist.DSE_at_type = AttrT_cpy(as->attr_type); ! 184: error->ERR_ATTRIBUTE.DSE_at_plist.DSE_at_value = AttrV_cpy(arg->cma_purported.ava_value); ! 185: error->ERR_ATTRIBUTE.DSE_at_plist.dse_at_next = DSE_AT_NOPROBLEM; ! 186: return (NOTOK); ! 187: } ! 188: } ! 189: result->cmr_matched= FALSE; ! 190: return (DS_OK); ! 191: ! 192: } ! 193: ! 194: invalid_matching (at,error,dn) ! 195: AttributeType at; ! 196: struct DSError *error; ! 197: DN dn; ! 198: { ! 199: error->dse_type = DSE_ATTRIBUTEERROR; ! 200: error->ERR_ATTRIBUTE.DSE_at_name = dn_cpy (dn); ! 201: error->ERR_ATTRIBUTE.DSE_at_plist.DSE_at_what = DSE_AT_INAPPROPRIATEMATCHING; ! 202: error->ERR_ATTRIBUTE.DSE_at_plist.DSE_at_type = AttrT_cpy (at); ! 203: error->ERR_ATTRIBUTE.DSE_at_plist.DSE_at_value = NULLAttrV; ! 204: error->ERR_ATTRIBUTE.DSE_at_plist.dse_at_next = DSE_AT_NOPROBLEM; ! 205: return (DS_ERROR_REMOTE); ! 206: } ! 207: ! 208: ! 209: static attribute_not_cached (ptr,dn,at,target,level) ! 210: Entry ptr; ! 211: DN dn; ! 212: OID at; ! 213: DN target; ! 214: int level; ! 215: { ! 216: register struct acl_attr * aa; ! 217: register struct oid_seq * oidptr; ! 218: ! 219: /* FACT: the attribute is not present in the entry. ! 220: * PROBLEM: should it be ? ! 221: * Return TRUE if yes. ! 222: */ ! 223: ! 224: if (dn == NULLDN) ! 225: return FALSE; /* Not in cache implies not publicly readable... */ ! 226: ! 227: if ((ptr->e_data == E_DATA_MASTER) || (ptr->e_data == E_TYPE_SLAVE)) ! 228: return FALSE; ! 229: ! 230: /* see if more than cached data is required */ ! 231: if (ptr->e_acl->ac_attributes == NULLACL_ATTR) ! 232: return FALSE; ! 233: ! 234: for ( aa = ptr->e_acl->ac_attributes; aa!=NULLACL_ATTR; aa=aa->aa_next) ! 235: for ( oidptr=aa->aa_types;oidptr != NULLOIDSEQ; oidptr=oidptr->oid_next) ! 236: if (oid_cmp (oidptr->oid_oid,at) == 0) { ! 237: /* The attribute is in the attribute ACL list */ ! 238: /* Would a referral help the DUA ? */ ! 239: if (check_acl (dn,level,aa->aa_acl,target) == NOTOK) ! 240: return FALSE; ! 241: else ! 242: return TRUE; ! 243: } ! 244: ! 245: if (check_acl (NULLDN,ACL_READ,ptr->e_acl->ac_default,target) == NOTOK) ! 246: if (check_acl (dn,ACL_READ,ptr->e_acl->ac_default,target) == NOTOK) ! 247: return TRUE; ! 248: ! 249: return FALSE; ! 250: ! 251: }
This archive runs on limited infrastructure. Preserving old code on modern bandwidth. Automated agents are requested to crawl responsibly.