![[BACK]](/cvsweb/icons/back.gif){kind=icon}
Return to ds_compare.c CVS log ![[TXT]](/cvsweb/icons/text.gif){kind=icon}
![[DIR]](/cvsweb/icons/dir.gif){kind=icon}
Up to [CSRG BSD Unix] / 43BSDReno / contrib / isode-beta / quipu|
Return to ds_compare.c CVS log | Up to [CSRG BSD Unix] / 43BSDReno / contrib / isode-beta / quipu |
1.1 root 1: /* ds_compare.c - */
2:
3: #ifndef lint
4: static char *rcsid = "$Header: /f/osi/quipu/RCS/ds_compare.c,v 7.1 90/07/09 14:45:40 mrose Exp $";
5: #endif
6:
7: /*
8: * $Header: /f/osi/quipu/RCS/ds_compare.c,v 7.1 90/07/09 14:45:40 mrose Exp $
9: *
10: *
11: * $Log: ds_compare.c,v $
12: * Revision 7.1 90/07/09 14:45:40 mrose
13: * sync
14: *
15: * Revision 7.0 89/11/23 22:17:06 mrose
16: * Release 6.0
17: *
18: */
19:
20: /*
21: * NOTICE
22: *
23: * Acquisition, use, and distribution of this module and related
24: * materials are subject to the restrictions of a license agreement.
25: * Consult the Preface in the User's Manual for the full terms of
26: * this agreement.
27: *
28: */
29:
30:
31: #include "quipu/util.h"
32: #include "quipu/entry.h"
33: #include "quipu/compare.h"
34:
35: extern LLog * log_dsap;
36: extern int encode_DAS_CompareArgumentData();
37: static attribute_not_cached ();
38:
39: do_ds_compare (arg, error, result, binddn, target, di_p, dsp)
40: struct ds_compare_arg *arg;
41: struct ds_compare_result *result;
42: struct DSError *error;
43: DN binddn;
44: DN target;
45: struct di_block **di_p;
46: char dsp;
47: {
48: Entry entryptr;
49: register Attr_Sequence as;
50: register AV_Sequence tmp;
51: struct acl_info * acl;
52: register int i;
53: int retval;
54: DN realtarget;
55:
56: DLOG (log_dsap,LLOG_TRACE,("ds_compare"));
57:
58: if (!dsp)
59: target = arg->cma_object;
60:
61: if (target == NULLDN) {
62: error->dse_type = DSE_NAMEERROR;
63: error->ERR_NAME.DSE_na_problem = DSE_NA_NOSUCHOBJECT;
64: error->ERR_NAME.DSE_na_matched = NULLDN;
65: return (DS_ERROR_REMOTE);
66: }
67:
68: switch(find_entry(target, &(arg->cma_common), binddn, NULLDNSEQ, FALSE, &(entryptr), error, di_p))
69: {
70: case DS_OK:
71: /* Filled out entryptr - carry on */
72: break;
73: case DS_CONTINUE:
74: /* Filled out di_p - what do we do with it ?? */
75: return(DS_CONTINUE);
76:
77: case DS_X500_ERROR:
78: /* Filled out error - what do we do with it ?? */
79: return(DS_X500_ERROR);
80: default:
81: /* SCREAM */
82: LLOG(log_dsap, LLOG_EXCEPTIONS, ("do_ds_compare() - find_entry failed"));
83: return(DS_ERROR_LOCAL);
84: }
85:
86: /* Strong authentication */
87: if ((retval = check_security_parms((caddr_t) arg,
88: encode_DAS_CompareArgumentData,
89: arg->cma_common.ca_security,
90: arg->cma_common.ca_sig, &binddn)) != 0)
91: {
92: error->dse_type = DSE_SECURITYERROR;
93: error->ERR_SECURITY.DSE_sc_problem = retval;
94: return (DS_ERROR_REMOTE);
95: }
96:
97: realtarget = get_copy_dn(entryptr);
98:
99: if (arg->cma_purported.ava_type == NULLTABLE_ATTR) {
100: int res = invalid_matching (arg->cma_purported.ava_type,error,realtarget);
101: dn_free (realtarget);
102: return res;
103: }
104:
105: if (check_acl (dsp ? NULLDN : binddn,ACL_COMPARE,entryptr->e_acl->ac_entry, realtarget) == NOTOK) {
106: if (dsp && (check_acl (binddn,ACL_COMPARE,entryptr->e_acl->ac_entry, realtarget) == OK)) {
107: error->dse_type = DSE_SECURITYERROR;
108: error->ERR_SECURITY.DSE_sc_problem = DSE_SC_AUTHENTICATION;
109: dn_free (realtarget);
110: return (DS_ERROR_REMOTE);
111: } else {
112: error->dse_type = DSE_SECURITYERROR;
113: error->ERR_SECURITY.DSE_sc_problem = DSE_SC_ACCESSRIGHTS;
114: dn_free (realtarget);
115: return (DS_ERROR_REMOTE);
116: }
117: }
118:
119: if ((as = as_find_type (entryptr->e_attributes, arg->cma_purported.ava_type)) == NULLATTR) {
120: if (attribute_not_cached (entryptr,binddn,grab_oid(arg->cma_purported.ava_type),realtarget,ACL_COMPARE)) {
121: int res = referral_dsa_info(realtarget,NULLDNSEQ,FALSE,entryptr,error,di_p,
122: arg->cma_common.ca_servicecontrol.svc_options & SVC_OPT_PREFERCHAIN);
123: dn_free (realtarget);
124: return res;
125: }
126:
127: dn_free (realtarget);
128: error->dse_type = DSE_ATTRIBUTEERROR;
129: error->ERR_ATTRIBUTE.DSE_at_name = get_copy_dn(entryptr);
130: error->ERR_ATTRIBUTE.DSE_at_plist.DSE_at_what = DSE_AT_NOSUCHATTRIBUTE;
131: error->ERR_ATTRIBUTE.DSE_at_plist.DSE_at_type = AttrT_cpy(arg->cma_purported.ava_type);
132: error->ERR_ATTRIBUTE.DSE_at_plist.DSE_at_value = NULLAttrV;
133: error->ERR_ATTRIBUTE.DSE_at_plist.dse_at_next = DSE_AT_NOPROBLEM;
134: return (DS_ERROR_REMOTE);
135: }
136:
137: acl = as->attr_acl;
138:
139: if (check_acl (dsp ? NULLDN : binddn,ACL_COMPARE, acl,realtarget) == NOTOK) {
140: if (dsp && (check_acl (binddn,ACL_COMPARE, acl, realtarget) == OK)) {
141: error->dse_type = DSE_SECURITYERROR;
142: error->ERR_SECURITY.DSE_sc_problem = DSE_SC_AUTHENTICATION;
143: dn_free (realtarget);
144: return (DS_ERROR_REMOTE);
145: } else {
146: error->dse_type = DSE_SECURITYERROR;
147: error->ERR_SECURITY.DSE_sc_problem = DSE_SC_ACCESSRIGHTS;
148: dn_free (realtarget);
149: return (DS_ERROR_REMOTE);
150: }
151: }
152:
153: dn_free (realtarget);
154:
155: result->cmr_iscopy = entryptr->e_data;
156: result->cmr_common.cr_requestor = NULLDN;
157:
158: /* if no error and NOT SVC_OPT_DONTDEREFERENCEALIASES then */
159: /* the alias will have been derefeferenced -signified by */
160: /* NO_ERROR !!! */
161: if (error->dse_type == DSE_NOERROR) {
162: result->cmr_common.cr_aliasdereferenced = FALSE;
163: result->cmr_object = NULLDN;
164: } else {
165: result->cmr_common.cr_aliasdereferenced = TRUE;
166: result->cmr_object = get_copy_dn (entryptr);
167: }
168:
169: for (tmp = as->attr_value; tmp != NULLAV; tmp = tmp->avseq_next) {
170: i = AttrV_cmp (&tmp->avseq_av, arg->cma_purported.ava_value);
171: switch (i) {
172: case 0 :
173: result->cmr_matched= TRUE;
174: return (DS_OK);
175: case 1:
176: case -1:
177: case 2:
178: break;
179: default:
180: error->dse_type = DSE_ATTRIBUTEERROR;
181: error->ERR_ATTRIBUTE.DSE_at_name = get_copy_dn (entryptr);
182: error->ERR_ATTRIBUTE.DSE_at_plist.DSE_at_what = DSE_AT_INAPPROPRIATEMATCHING;
183: error->ERR_ATTRIBUTE.DSE_at_plist.DSE_at_type = AttrT_cpy(as->attr_type);
184: error->ERR_ATTRIBUTE.DSE_at_plist.DSE_at_value = AttrV_cpy(arg->cma_purported.ava_value);
185: error->ERR_ATTRIBUTE.DSE_at_plist.dse_at_next = DSE_AT_NOPROBLEM;
186: return (NOTOK);
187: }
188: }
189: result->cmr_matched= FALSE;
190: return (DS_OK);
191:
192: }
193:
194: invalid_matching (at,error,dn)
195: AttributeType at;
196: struct DSError *error;
197: DN dn;
198: {
199: error->dse_type = DSE_ATTRIBUTEERROR;
200: error->ERR_ATTRIBUTE.DSE_at_name = dn_cpy (dn);
201: error->ERR_ATTRIBUTE.DSE_at_plist.DSE_at_what = DSE_AT_INAPPROPRIATEMATCHING;
202: error->ERR_ATTRIBUTE.DSE_at_plist.DSE_at_type = AttrT_cpy (at);
203: error->ERR_ATTRIBUTE.DSE_at_plist.DSE_at_value = NULLAttrV;
204: error->ERR_ATTRIBUTE.DSE_at_plist.dse_at_next = DSE_AT_NOPROBLEM;
205: return (DS_ERROR_REMOTE);
206: }
207:
208:
209: static attribute_not_cached (ptr,dn,at,target,level)
210: Entry ptr;
211: DN dn;
212: OID at;
213: DN target;
214: int level;
215: {
216: register struct acl_attr * aa;
217: register struct oid_seq * oidptr;
218:
219: /* FACT: the attribute is not present in the entry.
220: * PROBLEM: should it be ?
221: * Return TRUE if yes.
222: */
223:
224: if (dn == NULLDN)
225: return FALSE; /* Not in cache implies not publicly readable... */
226:
227: if ((ptr->e_data == E_DATA_MASTER) || (ptr->e_data == E_TYPE_SLAVE))
228: return FALSE;
229:
230: /* see if more than cached data is required */
231: if (ptr->e_acl->ac_attributes == NULLACL_ATTR)
232: return FALSE;
233:
234: for ( aa = ptr->e_acl->ac_attributes; aa!=NULLACL_ATTR; aa=aa->aa_next)
235: for ( oidptr=aa->aa_types;oidptr != NULLOIDSEQ; oidptr=oidptr->oid_next)
236: if (oid_cmp (oidptr->oid_oid,at) == 0) {
237: /* The attribute is in the attribute ACL list */
238: /* Would a referral help the DUA ? */
239: if (check_acl (dn,level,aa->aa_acl,target) == NOTOK)
240: return FALSE;
241: else
242: return TRUE;
243: }
244:
245: if (check_acl (NULLDN,ACL_READ,ptr->e_acl->ac_default,target) == NOTOK)
246: if (check_acl (dn,ACL_READ,ptr->e_acl->ac_default,target) == NOTOK)
247: return TRUE;
248:
249: return FALSE;
250:
251: }
This archive runs on limited infrastructure. Preserving old code on modern bandwidth. Automated agents are requested to crawl responsibly.