X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;ds=sidebyside;f=servers%2Fslapd%2Fsearch.c;h=0e15409a1e6b031b245585af25618c5c3b7f6963;hb=d9edc7d5afd2860fac2fa0121044db28d94c9f7f;hp=bd4cf149afaaf17b7cb42b09ad3619596ff20d7d;hpb=dda8ccd8d58bd9df4d92853613022e46502b1974;p=openldap

diff --git a/servers/slapd/search.c b/servers/slapd/search.c
index bd4cf149af..0e15409a1e 100644
--- a/servers/slapd/search.c
+++ b/servers/slapd/search.c
@@ -1,7 +1,7 @@
 /* $OpenLDAP$ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2009 The OpenLDAP Foundation.
+ * Copyright 1998-2011 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -156,10 +156,40 @@ do_search(
 		if ( slap_bv2ad( &op->ors_attrs[i].an_name,
 			&op->ors_attrs[i].an_desc, &dummy ) != LDAP_SUCCESS )
 		{
-			slap_bv2undef_ad( &op->ors_attrs[i].an_name,
+			if ( slap_bv2undef_ad( &op->ors_attrs[i].an_name,
 				&op->ors_attrs[i].an_desc, &dummy,
-				SLAP_AD_PROXIED|SLAP_AD_NOINSERT );
-		};
+				SLAP_AD_PROXIED|SLAP_AD_NOINSERT ) )
+			{
+				struct berval *bv = &op->ors_attrs[i].an_name;
+
+				/* RFC 4511 LDAPv3: All User Attributes */
+				if ( bvmatch( bv, slap_bv_all_user_attrs ) ) {
+					continue;
+				}
+
+				/* RFC 3673 LDAPv3: All Operational Attributes */
+				if ( bvmatch( bv, slap_bv_all_operational_attrs ) ) {
+					continue;
+				}
+
+				/* RFC 4529 LDAP: Requesting Attributes by Object Class */
+				if ( bv->bv_len > 1 && bv->bv_val[0] == '@' ) {
+					/* FIXME: check if remaining is valid oc name? */
+					continue;
+				}
+
+				/* add more "exceptions" to RFC 4511 4.5.1.8. */
+
+				/* invalid attribute description? remove */
+				if ( ad_keystring( bv ) ) {
+					/* NOTE: parsed in-place, don't modify;
+					 * rather add "1.1", which must be ignored */
+					BER_BVSTR( &op->ors_attrs[i].an_name, LDAP_NO_ATTRS );
+				}
+
+				/* otherwise leave in place... */
+			}
+		}
 	}
 
 	if( get_ctrls( op, rs, 1 ) != LDAP_SUCCESS ) {
@@ -274,6 +304,12 @@ fe_op_search( Operation *op, SlapReply *rs )
 			goto return_results;
 
 		} else if ( entry != NULL ) {
+			if ( get_assert( op ) &&
+				( test_filter( op, entry, get_assertion( op )) != LDAP_COMPARE_TRUE )) {
+				rs->sr_err = LDAP_ASSERTION_FAILED;
+				goto fail1;
+			}
+
 			rs->sr_err = test_filter( op, entry, op->ors_filter );
 
 			if( rs->sr_err == LDAP_COMPARE_TRUE ) {
@@ -292,9 +328,9 @@ fe_op_search( Operation *op, SlapReply *rs )
 				rs->sr_entry = NULL;
 				rs->sr_operational_attrs = NULL;
 			}
-			entry_free( entry );
-
 			rs->sr_err = LDAP_SUCCESS;
+fail1:
+			entry_free( entry );
 			send_ldap_result( op, rs );
 			goto return_results;
 		}