ITS#3818 fix index_substr_any_step keyword

[openldap] / servers / slapd / compare.c

diff --git a/servers/slapd/compare.c b/servers/slapd/compare.c
index 3541118d033c86cd8da46b0b8ddfd0d0267a2db2..d43af1c0164130907484859a7659e3c39a5e40a7 100644 (file)
--- a/servers/slapd/compare.c
+++ b/servers/slapd/compare.c
@@ -47,7 +47,11 @@ do_compare(
        struct berval dn = BER_BVNULL;
        struct berval desc = BER_BVNULL;
        struct berval value = BER_BVNULL;
+#ifdef LDAP_COMP_MATCH
+       AttributeAssertion ava = { NULL, BER_BVNULL, NULL };
+#else
        AttributeAssertion ava = { NULL, BER_BVNULL };
+#endif
 
        ava.aa_desc = NULL;
 
@@ -409,19 +413,22 @@ static int compare_entry(
        Entry *e,
        AttributeAssertion *ava )
 {
-       int rc;
+       int rc = LDAP_COMPARE_FALSE;
        Attribute *a;
 
        if ( ! access_allowed( op, e,
                ava->aa_desc, &ava->aa_value, ACL_COMPARE, NULL ) )
        {       
-               return LDAP_INSUFFICIENT_ACCESS;
+               rc = LDAP_INSUFFICIENT_ACCESS;
+               goto done;
        }
 
        a = attrs_find( e->e_attrs, ava->aa_desc );
-       if( a == NULL ) return LDAP_NO_SUCH_ATTRIBUTE;
+       if( a == NULL ) {
+               rc = LDAP_NO_SUCH_ATTRIBUTE;
+               goto done;
+       }
 
-       rc = LDAP_COMPARE_FALSE;
        for(a = attrs_find( e->e_attrs, ava->aa_desc );
                a != NULL;
                a = attrs_find( a->a_next, ava->aa_desc ))
@@ -436,13 +443,23 @@ static int compare_entry(
                if ( value_find_ex( ava->aa_desc,
                        SLAP_MR_ATTRIBUTE_VALUE_NORMALIZED_MATCH |
                                SLAP_MR_ASSERTED_VALUE_NORMALIZED_MATCH,
-                       a->a_nvals,
-                       &ava->aa_value, op->o_tmpmemctx ) == 0 )
+                       a->a_nvals, &ava->aa_value, op->o_tmpmemctx ) == 0 )
                {
                        rc = LDAP_COMPARE_TRUE;
                        break;
                }
        }
 
+done:
+#ifdef LDAP_ACL_HONOR_DISCLOSE
+       if( rc != LDAP_COMPARE_TRUE && rc != LDAP_COMPARE_FALSE ) {
+               if ( ! access_allowed( op, e,
+                       slap_schema.si_ad_entry, NULL, ACL_DISCLOSE, NULL ) )
+               {
+                       rc = LDAP_NO_SUCH_OBJECT;
+               }
+       }
+#endif
+
        return rc;
 }