/***********************************************************************
* ldap_compare_extW (WLDAP32.@)
*
* Check if an attribute has a certain value (asynchronous operation).
*
* PARAMS
* ld [I] Pointer to an LDAP context.
* dn [I] DN of entry to compare value for.
* attr [I] Attribute to compare value for.
* value [I] string encoded value to compare.
* data [I] berval encoded value to compare.
* serverctrls [I] Array of LDAP server controls.
* clientctrls [I] Array of LDAP client controls.
* message [O] Message ID of the compare operation.
*
* RETURNS
* Success: LDAP_SUCCESS
* Failure: An LDAP error code.
*
* NOTES
* Set value to compare strings or data to compare binary values. If
* both are non-NULL, data will be used. The serverctrls and clientctrls
* parameters are optional and should be set to NULL if not used.
*/
ULONG CDECL ldap_compare_extW( WLDAP32_LDAP *ld, PWCHAR dn, PWCHAR attr, PWCHAR value,
struct WLDAP32_berval *data, PLDAPControlW *serverctrls, PLDAPControlW *clientctrls,
ULONG *message )
{
ULONG ret = WLDAP32_LDAP_NOT_SUPPORTED;
#ifdef HAVE_LDAP
char *dnU = NULL, *attrU = NULL, *valueU = NULL;
LDAPControl **serverctrlsU = NULL, **clientctrlsU = NULL;
struct berval val = { 0, NULL };
ret = WLDAP32_LDAP_NO_MEMORY;
TRACE( "(%p, %s, %s, %s, %p, %p, %p, %p)\n", ld, debugstr_w(dn),
debugstr_w(attr), debugstr_w(value), data, serverctrls,
clientctrls, message );
if (!ld || !message) return WLDAP32_LDAP_PARAM_ERROR;
if (!attr) return WLDAP32_LDAP_NO_MEMORY;
if (dn) {
dnU = strWtoU( dn );
if (!dnU) goto exit;
}
attrU = strWtoU( attr );
if (!attrU) goto exit;
if (!data) {
if (value) {
valueU = strWtoU( value );
if (!valueU) goto exit;
val.bv_len = strlen( valueU );
val.bv_val = valueU;
}
}
if (serverctrls) {
serverctrlsU = controlarrayWtoU( serverctrls );
if (!serverctrlsU) goto exit;
}
if (clientctrls) {
clientctrlsU = controlarrayWtoU( clientctrls );
if (!clientctrlsU) goto exit;
}
ret = ldap_compare_ext( ld, dn ? dnU : "", attrU, data ? (struct berval *)data : &val,
serverctrlsU, clientctrlsU, (int *)message );
exit:
strfreeU( dnU );
strfreeU( attrU );
strfreeU( valueU );
controlarrayfreeU( serverctrlsU );
controlarrayfreeU( clientctrlsU );
#endif
return ret;
}
/* ARGSUSED */
int _ns_ldap_compare_ext(char *service, int flags,
char *dn, char *attr, struct berval *bvalue,
LDAPControl ** serverctrls, LDAPControl **clientctrls, int *msgidp)
{
LDAP *ld = __s_api_getLDAPconn(flags);
return (ldap_compare_ext(ld, dn, attr, bvalue,
serverctrls, clientctrls, msgidp));
}
int
ldap_back_compare(
Operation *op,
SlapReply *rs )
{
ldapinfo_t *li = (ldapinfo_t *)op->o_bd->be_private;
ldapconn_t *lc = NULL;
ber_int_t msgid;
ldap_back_send_t retrying = LDAP_BACK_RETRYING;
LDAPControl **ctrls = NULL;
int rc = LDAP_SUCCESS;
if ( !ldap_back_dobind( &lc, op, rs, LDAP_BACK_SENDERR ) ) {
lc = NULL;
goto cleanup;
}
retry:
ctrls = op->o_ctrls;
rc = ldap_back_controls_add( op, rs, lc, &ctrls );
if ( rc != LDAP_SUCCESS ) {
send_ldap_result( op, rs );
goto cleanup;
}
rs->sr_err = ldap_compare_ext( lc->lc_ld, op->o_req_dn.bv_val,
op->orc_ava->aa_desc->ad_cname.bv_val,
&op->orc_ava->aa_value,
ctrls, NULL, &msgid );
rc = ldap_back_op_result( lc, op, rs, msgid,
li->li_timeout[ SLAP_OP_COMPARE ],
( LDAP_BACK_SENDRESULT | retrying ) );
if ( rc == LDAP_UNAVAILABLE && retrying ) {
retrying &= ~LDAP_BACK_RETRYING;
if ( ldap_back_retry( &lc, op, rs, LDAP_BACK_SENDERR ) ) {
/* if the identity changed, there might be need to re-authz */
(void)ldap_back_controls_free( op, rs, &ctrls );
goto retry;
}
}
ldap_pvt_thread_mutex_lock( &li->li_counter_mutex );
ldap_pvt_mp_add( li->li_ops_completed[ SLAP_OP_COMPARE ], 1 );
ldap_pvt_thread_mutex_unlock( &li->li_counter_mutex );
cleanup:
(void)ldap_back_controls_free( op, rs, &ctrls );
if ( lc != NULL ) {
ldap_back_release_conn( li, lc );
}
return rs->sr_err;
}
/*
** Compare a value against an entry.
** @param #1 LDAP connection.
** @param #2 String with entry's DN.
** @param #3 String with attribute's name.
** @param #4 String with attribute's value.
** @return Function to process the LDAP result.
*/
static int lualdap_compare (lua_State *L) {
conn_data *conn = getconnection (L);
ldap_pchar_t dn = (ldap_pchar_t) luaL_checkstring (L, 2);
ldap_pchar_t attr = (ldap_pchar_t) luaL_checkstring (L, 3);
BerValue bvalue;
ldap_int_t rc, msgid;
bvalue.bv_val = (char *)luaL_checkstring (L, 4);
bvalue.bv_len = lua_strlen (L, 4);
rc = ldap_compare_ext (conn->ld, dn, attr, &bvalue, NULL, NULL, &msgid);
return create_future (L, rc, 1, msgid, LDAP_RES_COMPARE);
}
static int lua_apr_ldap_compare(lua_State *L)
{
lua_apr_ldap_object *object;
ldap_pchar_t dn, attr;
BerValue bvalue;
ldap_int_t rc, msgid;
object = check_ldap_connection(L, 1);
dn = (ldap_pchar_t) luaL_checkstring(L, 2);
attr = (ldap_pchar_t) luaL_checkstring(L, 3);
bvalue.bv_val = (char *)luaL_checkstring(L, 4);
bvalue.bv_len = lua_strlen(L, 4);
rc = ldap_compare_ext(object->ldap, dn, attr, &bvalue, NULL, NULL, &msgid);
return create_future(L, rc, 1, msgid, LDAP_RES_COMPARE);
}
/***********************************************************************
* ldap_compareW (WLDAP32.@)
*
* Check if an attribute has a certain value (asynchronous operation).
*
* PARAMS
* ld [I] Pointer to an LDAP context.
* dn [I] DN of entry to compare value for.
* attr [I] Attribute to compare value for.
* value [I] Value to compare.
*
* RETURNS
* Success: Message ID of the compare operation.
* Failure: An LDAP error code.
*/
ULONG CDECL ldap_compareW( WLDAP32_LDAP *ld, PWCHAR dn, PWCHAR attr, PWCHAR value )
{
ULONG ret = WLDAP32_LDAP_NOT_SUPPORTED;
#ifdef HAVE_LDAP
char *dnU = NULL, *attrU = NULL, *valueU = NULL;
struct berval val = { 0, NULL };
int msg;
ret = ~0UL;
TRACE( "(%p, %s, %s, %s)\n", ld, debugstr_w(dn), debugstr_w(attr),
debugstr_w(value) );
if (!ld || !attr) return ~0UL;
if (dn) {
dnU = strWtoU( dn );
if (!dnU) goto exit;
}
attrU = strWtoU( attr );
if (!attrU) goto exit;
if (value) {
valueU = strWtoU( value );
if (!valueU) goto exit;
val.bv_len = strlen( valueU );
val.bv_val = valueU;
}
ret = ldap_compare_ext( ld, dn ? dnU : "", attrU, &val, NULL, NULL, &msg );
if (ret == LDAP_SUCCESS)
ret = msg;
else
ret = ~0UL;
exit:
strfreeU( dnU );
strfreeU( attrU );
strfreeU( valueU );
#endif
return ret;
}
/*
* ldap_compare_ext - perform an ldap extended compare operation. The dn
* of the entry to compare to and the attribute and value to compare (in
* attr and value) are supplied. The msgid of the response is returned.
*
* Example:
* msgid = ldap_compare( ld, "c=us@cn=bob", "userPassword", "secret" )
*/
int
ldap_compare(
LDAP *ld,
LDAP_CONST char *dn,
LDAP_CONST char *attr,
LDAP_CONST char *value )
{
int msgid;
struct berval bvalue;
assert( value != NULL );
bvalue.bv_val = (char *) value;
bvalue.bv_len = (value == NULL) ? 0 : strlen( value );
return ldap_compare_ext( ld, dn, attr, &bvalue, NULL, NULL, &msgid ) == LDAP_SUCCESS
? msgid : -1;
}
int
ldap_compare_ext_s(
LDAP *ld,
LDAP_CONST char *dn,
LDAP_CONST char *attr,
struct berval *bvalue,
LDAPControl **sctrl,
LDAPControl **cctrl )
{
int rc;
int msgid;
LDAPMessage *res;
rc = ldap_compare_ext( ld, dn, attr, bvalue, sctrl, cctrl, &msgid );
if ( rc != LDAP_SUCCESS )
return( rc );
if ( ldap_result( ld, msgid, LDAP_MSG_ALL, (struct timeval *) NULL, &res ) == -1 || !res )
return( ld->ld_errno );
return( ldap_result2error( ld, res, 1 ) );
}
int ldap_compare_ext_s(LDAP *ld, char *dn, char *attr, struct berval *bvalue,
LDAPControl ** serverctrls, LDAPControl **clientctrls)
{
int msgid, retcode = LDAP_SUCCESS;
LDAPMessage *res;
if ( (retcode = ldap_compare_ext( ld, dn, attr, bvalue, serverctrls, clientctrls, &msgid )) != LDAP_SUCCESS )
return( retcode );
if ( ldap_result( ld, msgid, 1, (struct timeval *) NULL, &res ) == -1 )
return( ld->ld_errno );
#ifdef _REENTRANT
LOCK_LDAP(ld);
#endif
retcode = ldap_parse_result( ld, res, &ld->ld_errno, &ld->ld_matched, &ld->ld_error,
&ld->ld_referrals, &ld->ld_ret_ctrls, 1);
if (retcode == LDAP_SUCCESS)
retcode = ld->ld_errno;
#ifdef _REENTRANT
UNLOCK_LDAP(ld);
#endif
return (retcode);
}
static int docompare(
LDAP *ld,
char *dn,
char *attr,
struct berval *bvalue,
int quiet,
LDAPControl **sctrls,
LDAPControl **cctrls )
{
int rc, msgid, code;
LDAPMessage *res;
char *matcheddn;
char *text;
char **refs;
LDAPControl **ctrls = NULL;
if ( dont ) {
return LDAP_SUCCESS;
}
rc = ldap_compare_ext( ld, dn, attr, bvalue,
sctrls, cctrls, &msgid );
if ( rc == -1 ) {
return( rc );
}
for ( ; ; ) {
struct timeval tv;
tv.tv_sec = 0;
tv.tv_usec = 100000;
if ( tool_check_abandon( ld, msgid ) ) {
return LDAP_CANCELLED;
}
rc = ldap_result( ld, LDAP_RES_ANY, LDAP_MSG_ALL, &tv, &res );
if ( rc < 0 ) {
tool_perror( "ldap_result", rc, NULL, NULL, NULL, NULL );
return rc;
}
if ( rc != 0 ) {
break;
}
}
rc = ldap_parse_result( ld, res, &code, &matcheddn, &text, &refs, &ctrls, 1 );
if( rc != LDAP_SUCCESS ) {
fprintf( stderr, "%s: ldap_parse_result: %s (%d)\n",
prog, ldap_err2string( rc ), rc );
return rc;
}
if ( !quiet && ( verbose || ( code != LDAP_SUCCESS && code != LDAP_COMPARE_TRUE && code != LDAP_COMPARE_FALSE )||
(matcheddn && *matcheddn) || (text && *text) || (refs && *refs) ) )
{
printf( _("Compare Result: %s (%d)\n"),
ldap_err2string( code ), code );
if( text && *text ) {
printf( _("Additional info: %s\n"), text );
}
if( matcheddn && *matcheddn ) {
printf( _("Matched DN: %s\n"), matcheddn );
}
if( refs ) {
int i;
for( i=0; refs[i]; i++ ) {
printf(_("Referral: %s\n"), refs[i] );
}
}
}
/* if we were told to be quiet, use the return value. */
if ( !quiet ) {
if ( code == LDAP_COMPARE_TRUE ) {
printf(_("TRUE\n"));
} else if ( code == LDAP_COMPARE_FALSE ) {
printf(_("FALSE\n"));
} else {
printf(_("UNDEFINED\n"));
}
}
if ( ctrls ) {
tool_print_ctrls( ld, ctrls );
ldap_controls_free( ctrls );
}
ber_memfree( text );
ber_memfree( matcheddn );
ber_memvfree( (void **) refs );
return( code );
}
int
meta_back_compare( Operation *op, SlapReply *rs )
{
metainfo_t *mi = ( metainfo_t * )op->o_bd->be_private;
metatarget_t *mt;
metaconn_t *mc;
int rc = 0;
int candidate = -1;
struct berval mdn = BER_BVNULL;
dncookie dc;
struct berval mapped_attr = op->orc_ava->aa_desc->ad_cname;
struct berval mapped_value = op->orc_ava->aa_value;
int msgid;
ldap_back_send_t retrying = LDAP_BACK_RETRYING;
LDAPControl **ctrls = NULL;
mc = meta_back_getconn( op, rs, &candidate, LDAP_BACK_SENDERR );
if ( !mc || !meta_back_dobind( op, rs, mc, LDAP_BACK_SENDERR ) ) {
return rs->sr_err;
}
assert( mc->mc_conns[ candidate ].msc_ld != NULL );
/*
* Rewrite the modify dn, if needed
*/
mt = mi->mi_targets[ candidate ];
dc.target = mt;
dc.conn = op->o_conn;
dc.rs = rs;
dc.ctx = "compareDN";
switch ( ldap_back_dn_massage( &dc, &op->o_req_dn, &mdn ) ) {
case LDAP_UNWILLING_TO_PERFORM:
rc = 1;
goto cleanup;
default:
break;
}
/*
* if attr is objectClass, try to remap the value
*/
if ( op->orc_ava->aa_desc == slap_schema.si_ad_objectClass ) {
ldap_back_map( &mt->mt_rwmap.rwm_oc,
&op->orc_ava->aa_value,
&mapped_value, BACKLDAP_MAP );
if ( BER_BVISNULL( &mapped_value ) || BER_BVISEMPTY( &mapped_value ) ) {
goto cleanup;
}
/*
* else try to remap the attribute
*/
} else {
ldap_back_map( &mt->mt_rwmap.rwm_at,
&op->orc_ava->aa_desc->ad_cname,
&mapped_attr, BACKLDAP_MAP );
if ( BER_BVISNULL( &mapped_attr ) || BER_BVISEMPTY( &mapped_attr ) ) {
goto cleanup;
}
if ( op->orc_ava->aa_desc->ad_type->sat_syntax == slap_schema.si_syn_distinguishedName )
{
dc.ctx = "compareAttrDN";
switch ( ldap_back_dn_massage( &dc, &op->orc_ava->aa_value, &mapped_value ) )
{
case LDAP_UNWILLING_TO_PERFORM:
rc = 1;
goto cleanup;
default:
break;
}
}
}
retry:;
ctrls = op->o_ctrls;
rc = meta_back_controls_add( op, rs, mc, candidate, &ctrls );
if ( rc != LDAP_SUCCESS ) {
send_ldap_result( op, rs );
goto cleanup;
}
rs->sr_err = ldap_compare_ext( mc->mc_conns[ candidate ].msc_ld, mdn.bv_val,
mapped_attr.bv_val, &mapped_value,
ctrls, NULL, &msgid );
rs->sr_err = meta_back_op_result( mc, op, rs, candidate, msgid,
mt->mt_timeout[ SLAP_OP_COMPARE ], ( LDAP_BACK_SENDRESULT | retrying ) );
if ( rs->sr_err == LDAP_UNAVAILABLE && retrying ) {
retrying &= ~LDAP_BACK_RETRYING;
if ( meta_back_retry( op, rs, &mc, candidate, LDAP_BACK_SENDERR ) ) {
/* if the identity changed, there might be need to re-authz */
(void)mi->mi_ldap_extra->controls_free( op, rs, &ctrls );
goto retry;
}
}
cleanup:;
(void)mi->mi_ldap_extra->controls_free( op, rs, &ctrls );
if ( mdn.bv_val != op->o_req_dn.bv_val ) {
free( mdn.bv_val );
}
if ( op->orc_ava->aa_value.bv_val != mapped_value.bv_val ) {
free( mapped_value.bv_val );
}
if ( mc ) {
meta_back_release_conn( mi, mc );
}
return rs->sr_err;
}
