group.c 3.53 KB
Newer Older
1
/* group.c - ldbm backend acl group routine */
2
/* $OpenLDAP$ */
Kurt Zeilenga's avatar
Kurt Zeilenga committed
3
/*
Kurt Zeilenga's avatar
Kurt Zeilenga committed
4
 * Copyright 1998-2000 The OpenLDAP Foundation, All Rights Reserved.
Kurt Zeilenga's avatar
Kurt Zeilenga committed
5
6
 * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
 */
7

Kurt Zeilenga's avatar
Kurt Zeilenga committed
8
9
#include "portable.h"

10
#include <stdio.h>
Kurt Zeilenga's avatar
Kurt Zeilenga committed
11
12
13
14

#include <ac/socket.h>
#include <ac/string.h>

15
16
#include "slap.h"
#include "back-ldbm.h"
17
#include "proto-back-ldbm.h"
18
19


20
21
/* return 0 IFF op_dn is a value in member attribute
 * of entry with gr_dn AND that entry has an objectClass
22
 * value of groupOfNames
23
24
25
 */
int
ldbm_back_group(
26
	Backend	*be,
27
	Entry	*target,
Kurt Zeilenga's avatar
Kurt Zeilenga committed
28
29
	const char	*gr_ndn,
	const char	*op_ndn,
30
	ObjectClass *group_oc,
31
	AttributeDescription *group_at
32
33
)
{
34
35
36
37
	struct ldbminfo *li = (struct ldbminfo *) be->be_private;    
	Entry        *e;
	int          rc = 1;
	Attribute   *attr;
38
	struct berval bv;
39

40
41
42
43
44
45
46
47
48
	AttributeDescription *ad_objectClass = slap_schema.si_ad_objectClass;
	const char *group_oc_name = NULL;
	const char *group_at_name = group_at->ad_cname->bv_val;

	if( group_oc->soc_names && group_oc->soc_names[0] ) {
		group_oc_name = group_oc->soc_names[0];
	} else {
		group_oc_name = group_oc->soc_oid;
	}
49

50
	Debug( LDAP_DEBUG_ARGS,
51
52
		"=> ldbm_back_group: gr dn: \"%s\"\n",
		gr_ndn, 0, 0 ); 
53
	Debug( LDAP_DEBUG_ARGS,
54
55
		"=> ldbm_back_group: op dn: \"%s\"\n",
		op_ndn, 0, 0 ); 
56
	Debug( LDAP_DEBUG_ARGS,
57
58
		"=> ldbm_back_group: oc: \"%s\" at: \"%s\"\n", 
		group_oc_name, group_at_name, 0 ); 
59

60
	Debug( LDAP_DEBUG_ARGS,
61
62
63
64
		"=> ldbm_back_group: tr dn: \"%s\"\n",
		target->e_ndn, 0, 0 ); 

	if (strcmp(target->e_ndn, gr_ndn) == 0) {
65
66
67
		/* we already have a LOCKED copy of the entry */
		e = target;
        	Debug( LDAP_DEBUG_ARGS,
68
			"=> ldbm_back_group: target is group: \"%s\"\n",
69
70
			gr_ndn, 0, 0 );

71
	} else {
72
		/* can we find group entry with reader lock */
73
74
75
76
		if ((e = dn2entry_r(be, gr_ndn, NULL )) == NULL) {
			Debug( LDAP_DEBUG_ACL,
				"=> ldbm_back_group: cannot find group: \"%s\"\n",
					gr_ndn, 0, 0 ); 
77
78
			return( 1 );
		}
79
80
		
		Debug( LDAP_DEBUG_ACL,
81
82
			"=> ldbm_back_group: found group: \"%s\"\n",
			gr_ndn, 0, 0 ); 
83
    }
84

85
86
87
88
89
90
91
	/* find it's objectClass and member attribute values
	 * make sure this is a group entry
	 * finally test if we can find op_dn in the member attribute value list *
	 */
        
	rc = 1;
        
92
93
94
95
96
97
98
99
100
101
102
103
104
	
	if( is_entry_alias( e ) ) {
		Debug( LDAP_DEBUG_ACL,
			"<= ldbm_back_group: group is an alias\n", 0, 0, 0 );
		goto return_results;
	}

	if( is_entry_referral( e ) ) {
		Debug( LDAP_DEBUG_ACL,
			"<= ldbm_back_group: group is an referral\n", 0, 0, 0 );
		goto return_results;
	}

Mark Valence's avatar
Mark Valence committed
105
	if( !is_entry_objectclass( e, group_oc ) ) {
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
		Debug( LDAP_DEBUG_ACL,
			"<= ldbm_back_group: failed to find %s in objectClass\n", 
				group_oc_name, 0, 0 ); 
		goto return_results;
	}

	if ((attr = attr_find(e->e_attrs, group_at)) == NULL) {
		Debug( LDAP_DEBUG_ACL,
			"<= ldbm_back_group: failed to find %s\n",
			group_at_name, 0, 0 ); 
		goto return_results;
	}

	Debug( LDAP_DEBUG_ACL,
		"<= ldbm_back_group: found objectClass %s and %s\n",
		group_oc_name, group_at_name, 0 ); 

	bv.bv_val = (char *) op_ndn;
	bv.bv_len = strlen( op_ndn );         

	if( value_find( group_at, attr->a_vals, &bv ) == 0 ) {
		Debug( LDAP_DEBUG_ACL,
			"<= ldbm_back_group: \"%s\" not in \"%s\": %s\n", 
			op_ndn, gr_ndn, group_at_name ); 
		goto return_results;
	}

133

134

135
136
	Debug( LDAP_DEBUG_ACL,
		"<= ldbm_back_group: \"%s\" is in \"%s\": %s\n", 
137
		op_ndn, gr_ndn, group_at_name ); 
138
139

	rc = 0;
140

141
return_results:
142
143
144
145
	if( target != e ) {
		/* free entry and reader lock */
		cache_return_entry_r( &li->li_cache, e );                 
	}
146

147
	Debug( LDAP_DEBUG_TRACE, "ldbm_back_group: rc=%d\n", rc, 0, 0 ); 
148
	return(rc);
149
150
}