DataMuseum.dk

Presents historical artifacts from the history of:

DKUUG/EUUG Conference tapes

This is an automatic "excavation" of a thematic subset of
artifacts from Datamuseum.dk's BitArchive.

See our Wiki for more about DKUUG/EUUG Conference tapes

Excavated with: AutoArchaeologist - Free & Open Source Software. 

top - metrics - download
Index: T d

⟦1e0f20e6e⟧ TextFile

    Length: 7533 (0x1d6d)
    Types: TextFile
    Names: »ds_compare.c«

Derivation

└─⟦2d1937cfd⟧ Bits:30007241 EUUGD22: P.P 5.0
    └─⟦35176feda⟧ »EurOpenD22/isode/isode-6.tar.Z« 
        └─⟦de7628f85⟧ 
            └─⟦this⟧ »isode-6.0/quipu/ds_compare.c«

TextFile

/* ds_compare.c - */

#ifndef lint
static char *rcsid = "$Header: /f/osi/quipu/RCS/ds_compare.c,v 7.0 89/11/23 22:17:06 mrose Rel $";
#endif

/*
 * $Header: /f/osi/quipu/RCS/ds_compare.c,v 7.0 89/11/23 22:17:06 mrose Rel $
 *
 *
 * $Log:	ds_compare.c,v $
 * Revision 7.0  89/11/23  22:17:06  mrose
 * Release 6.0
 * 
 */

/*
 *                                NOTICE
 *
 *    Acquisition, use, and distribution of this module and related
 *    materials are subject to the restrictions of a license agreement.
 *    Consult the Preface in the User's Manual for the full terms of
 *    this agreement.
 *
 */


#include "quipu/util.h"
#include "quipu/entry.h"
#include "quipu/compare.h"

extern LLog * log_dsap;
extern int encode_DAS_CompareArgumentData();
static attribute_not_cached ();

do_ds_compare (arg, error, result, binddn, target, di_p, dsp)
    struct ds_compare_arg       *arg;
    struct ds_compare_result    *result;
    struct DSError              *error;
    DN                          binddn;
    DN                          target;
    struct di_block		**di_p;	
    char			dsp;
{
Entry  entryptr;
register Attr_Sequence  as;
register AV_Sequence tmp;
struct acl_info  * acl;
register int i;
int retval;

	DLOG (log_dsap,LLOG_TRACE,("ds_compare"));

	if (!dsp)
		target = arg->cma_object;

	(void) dn_decode (target);

	if (target == NULLDN) {
		error->dse_type = DSE_NAMEERROR;
		error->ERR_NAME.DSE_na_problem = DSE_NA_NOSUCHOBJECT;
		error->ERR_NAME.DSE_na_matched = NULLDN;
		return (DS_ERROR_REMOTE);
	}

	if (ava_decode (&arg->cma_purported) == NOTOK) {
		error->dse_type = DSE_ATTRIBUTEERROR;
		error->ERR_ATTRIBUTE.DSE_at_name = dn_cpy (target);
		error->ERR_ATTRIBUTE.DSE_at_plist.DSE_at_what = DSE_AT_INVALIDATTRIBUTESYNTAX;
		error->ERR_ATTRIBUTE.DSE_at_plist.DSE_at_type = AttrT_cpy(arg->cma_purported.ava_type);
		error->ERR_ATTRIBUTE.DSE_at_plist.DSE_at_value = AttrV_cpy(arg->cma_purported.ava_value);
		error->ERR_ATTRIBUTE.DSE_at_plist.dse_at_next = DSE_AT_NOPROBLEM;
		return (NOTOK);
	}

	switch(find_entry(target, &(arg->cma_common), binddn, NULLDNSEQ, FALSE, &(entryptr), error, di_p))
	{
	case DS_OK:
	    /* Filled out entryptr - carry on */
	    break;
	case DS_CONTINUE:
	    /* Filled out di_p - what do we do with it ?? */
	    return(DS_CONTINUE);

	case DS_X500_ERROR:
	    /* Filled out error - what do we do with it ?? */
	    return(DS_X500_ERROR);
	default:
	    /* SCREAM */
	    LLOG(log_dsap, LLOG_EXCEPTIONS, ("do_ds_compare() - find_entry failed"));
	    return(DS_ERROR_LOCAL);
	}

	/* Strong authentication  */
	if ((retval = check_security_parms((caddr_t) arg,
			encode_DAS_CompareArgumentData,
			arg->cma_common.ca_security,
			arg->cma_common.ca_sig, &binddn)) != 0)
	{
		error->dse_type = DSE_SECURITYERROR;
		error->ERR_SECURITY.DSE_sc_problem = retval;
		return (DS_ERROR_REMOTE);
	}

	if (arg->cma_purported.ava_type->at_table == NULLTABLE_ATTR)
		return (invalid_matching (arg->cma_purported.ava_type,error,target));

	if (check_acl (dsp ? NULLDN : binddn,ACL_COMPARE,entryptr->e_acl->ac_entry, target) == NOTOK) {
		if (dsp && (check_acl (binddn,ACL_COMPARE,entryptr->e_acl->ac_entry, target) == OK)) {
			error->dse_type = DSE_SECURITYERROR;
			error->ERR_SECURITY.DSE_sc_problem = DSE_SC_AUTHENTICATION;
			return (DS_ERROR_REMOTE);
		} else {
			error->dse_type = DSE_SECURITYERROR;
			error->ERR_SECURITY.DSE_sc_problem = DSE_SC_ACCESSRIGHTS;
			return (DS_ERROR_REMOTE);
		}
	}

	if ((as = as_find_type (entryptr->e_attributes, arg->cma_purported.ava_type)) == NULLATTR) {
		if (attribute_not_cached (entryptr,binddn,grab_oid(arg->cma_purported.ava_type),target,ACL_COMPARE)) 
			return (referral_dsa_info(target,NULLDNSEQ,FALSE,entryptr,error,di_p,
					arg->cma_common.ca_servicecontrol.svc_options & SVC_OPT_PREFERCHAIN));

		error->dse_type = DSE_ATTRIBUTEERROR;
		error->ERR_ATTRIBUTE.DSE_at_name = get_copy_dn(entryptr);
		error->ERR_ATTRIBUTE.DSE_at_plist.DSE_at_what = DSE_AT_NOSUCHATTRIBUTE;
		error->ERR_ATTRIBUTE.DSE_at_plist.DSE_at_type = AttrT_cpy(arg->cma_purported.ava_type);
		error->ERR_ATTRIBUTE.DSE_at_plist.DSE_at_value = NULLAttrV;
		error->ERR_ATTRIBUTE.DSE_at_plist.dse_at_next = DSE_AT_NOPROBLEM;
		return (DS_ERROR_REMOTE);
	}

	acl =  as->attr_acl;

	if (check_acl (dsp ? NULLDN : binddn,ACL_COMPARE, acl,target) == NOTOK) {
		if (dsp && (check_acl (binddn,ACL_COMPARE, acl, target) == OK)) {
			error->dse_type = DSE_SECURITYERROR;
			error->ERR_SECURITY.DSE_sc_problem = DSE_SC_AUTHENTICATION;
			return (DS_ERROR_REMOTE);
		} else {
			error->dse_type = DSE_SECURITYERROR;
			error->ERR_SECURITY.DSE_sc_problem = DSE_SC_ACCESSRIGHTS;
			return (DS_ERROR_REMOTE);
		}
	}

	result->cmr_iscopy = entryptr->e_data;
	result->cmr_common.cr_requestor = NULLDN;

	/* if no error and NOT SVC_OPT_DONTDEREFERENCEALIASES then */
	/* the alias will have been derefeferenced -signified by   */
	/* NO_ERROR !!! */
	if (error->dse_type == DSE_NOERROR) {
		result->cmr_common.cr_aliasdereferenced =  FALSE;
		result->cmr_object = NULLDN;
	} else {
		result->cmr_common.cr_aliasdereferenced =  TRUE;
		result->cmr_object = get_copy_dn (entryptr);
	}
		
	for (tmp = as->attr_value; tmp != NULLAV; tmp = tmp->avseq_next) {
	  i = AttrV_cmp (&tmp->avseq_av, arg->cma_purported.ava_value);
	  switch (i) {
	    case 0 :
		result->cmr_matched= TRUE;
		return (DS_OK);
	    case 1:
	    case -1:
	    case 2:
		break;
	    default:
		error->dse_type = DSE_ATTRIBUTEERROR;
		error->ERR_ATTRIBUTE.DSE_at_name = get_copy_dn (entryptr);
		error->ERR_ATTRIBUTE.DSE_at_plist.DSE_at_what = DSE_AT_INAPPROPRIATEMATCHING;
		error->ERR_ATTRIBUTE.DSE_at_plist.DSE_at_type = AttrT_cpy(&as->attr_type);
		error->ERR_ATTRIBUTE.DSE_at_plist.DSE_at_value = AttrV_cpy(arg->cma_purported.ava_value);
		error->ERR_ATTRIBUTE.DSE_at_plist.dse_at_next = DSE_AT_NOPROBLEM;
		return (NOTOK);
	  }
	}
	result->cmr_matched= FALSE;
	return (DS_OK);

}

invalid_matching (at,error,dn)
AttributeType at;
struct DSError *error;
DN dn;
{
	error->dse_type = DSE_ATTRIBUTEERROR;
	error->ERR_ATTRIBUTE.DSE_at_name = dn_cpy (dn);
	error->ERR_ATTRIBUTE.DSE_at_plist.DSE_at_what = DSE_AT_INAPPROPRIATEMATCHING;
	error->ERR_ATTRIBUTE.DSE_at_plist.DSE_at_type = AttrT_cpy (at);
	error->ERR_ATTRIBUTE.DSE_at_plist.DSE_at_value = NULLAttrV;
	error->ERR_ATTRIBUTE.DSE_at_plist.dse_at_next = DSE_AT_NOPROBLEM;
	return (DS_ERROR_REMOTE);
}


static attribute_not_cached (ptr,dn,at,target,level)
Entry ptr;
DN dn;
OID at;
DN target;
int level;
{
register struct acl_attr * aa;
register struct oid_seq * oidptr;

	/* FACT: the attribute is not present in the entry.
	 * PROBLEM: should it be ?
	 * 	Return TRUE if yes.
         */

	if (dn == NULLDN)
		return FALSE;	/* Not in cache implies not publicly readable... */

	if ((ptr->e_data == E_DATA_MASTER) || (ptr->e_data == E_TYPE_SLAVE))
		return FALSE;

	/* see if more than cached data is required */	
	if (ptr->e_acl->ac_attributes == NULLACL_ATTR)
		return FALSE;

	for ( aa = ptr->e_acl->ac_attributes; aa!=NULLACL_ATTR; aa=aa->aa_next)
		for ( oidptr=aa->aa_types;oidptr != NULLOIDSEQ; oidptr=oidptr->oid_next)
			if (oid_cmp (oidptr->oid_oid,at) == 0) {
				/* The attribute is in the attribute ACL list */
				/* Would a referral help the DUA ? */
				if (check_acl (dn,level,aa->aa_acl,target) == NOTOK) 
					return FALSE;
				else 
					return TRUE;
			}	

	if (check_acl (NULLDN,ACL_READ,ptr->e_acl->ac_default,target) == NOTOK) 
		if (check_acl (dn,ACL_READ,ptr->e_acl->ac_default,target) == NOTOK) 
			return TRUE;

	return FALSE;

}