fix couple of bugs in recent 'disclose' commits; prepare for sending matchedDN when...

diff --git a/servers/slapd/back-sql/add.c b/servers/slapd/back-sql/add.c
index c46dbba0a196e4ba3002da9cbe0c4cbd8b672027..051503848f1f7812b35da47384915f3b111065cf 100644 (file)
--- a/servers/slapd/back-sql/add.c
+++ b/servers/slapd/back-sql/add.c
@@ -1068,7 +1068,7 @@ backsql_add( Operation *op, SlapReply *rs )
                goto done;
        }
 
-       rs->sr_err = backsql_dn2id( op, rs, NULL, dbh, &realdn, 0 );
+       rs->sr_err = backsql_dn2id( op, rs, dbh, &realdn, NULL, 0, 0 );
        if ( rs->sr_err == LDAP_SUCCESS ) {
                Debug( LDAP_DEBUG_TRACE, "   backsql_add(\"%s\"): "
                        "entry exists\n",
@@ -1087,7 +1087,7 @@ backsql_add( Operation *op, SlapReply *rs )
                dnParent( &op->oq_add.rs_e->e_nname, &pdn );
        }
 
-       rs->sr_err = backsql_dn2id( op, rs, &parent_id, dbh, &pdn, 1 );
+       rs->sr_err = backsql_dn2id( op, rs, dbh, &pdn, &parent_id, 0, 1 );
        if ( rs->sr_err != LDAP_SUCCESS ) {
                Debug( LDAP_DEBUG_TRACE, "   backsql_add(\"%s\"): "
                        "could not lookup parent entry for new record \"%s\"\n",
@@ -1121,7 +1121,7 @@ backsql_add( Operation *op, SlapReply *rs )
                                /*
                                 * Empty DN ("") defaults to LDAP_SUCCESS
                                 */
-                               rs->sr_err = backsql_dn2id( op, rs, NULL, dbh, &pdn, 1 );
+                               rs->sr_err = backsql_dn2id( op, rs, dbh, &pdn, NULL, 0, 1 );
                                switch ( rs->sr_err ) {
                                case LDAP_NO_SUCH_OBJECT:
                                        if ( !BER_BVISEMPTY( &pdn ) ) {
@@ -1154,6 +1154,8 @@ backsql_add( Operation *op, SlapReply *rs )
        p.e_attrs = NULL;
        p.e_name = pdn;
        dnParent( &op->oq_add.rs_e->e_nname, &p.e_nname );
+
+       /* FIXME: need the whole entry (ITS#3480) */
        if ( !access_allowed( op, &p, slap_schema.si_ad_children,
                                NULL, ACL_WRITE, NULL ) ) {
                rs->sr_err = LDAP_INSUFFICIENT_ACCESS;

diff --git a/servers/slapd/back-sql/back-sql.h b/servers/slapd/back-sql/back-sql.h
index dd3a35edceae9c488f2436e259b9c18e7735b83f..b44bf0701dfc5c992bfb120989711f551380e269 100644 (file)
--- a/servers/slapd/back-sql/back-sql.h
+++ b/servers/slapd/back-sql/back-sql.h
@@ -498,7 +498,7 @@ typedef struct {
 #define        BACKSQL_IS_BASEOBJECT_ID(id)    (bvmatch((id), &backsql_baseObject_bv))
 #else /* ! BACKSQL_ARBITRARY_KEY */
 #define BACKSQL_BASEOBJECT_ID          0
-#define BACKSQL_BASEOBJECT_IDSTR       "0"
+#define BACKSQL_BASEOBJECT_IDSTR       LDAP_XSTRING(BACKSQL_BASEOBJECT_ID)
 #define BACKSQL_BASEOBJECT_KEYVAL      0
 #define        BACKSQL_IS_BASEOBJECT_ID(id)    (*(id) == BACKSQL_BASEOBJECT_ID)
 #endif /* ! BACKSQL_ARBITRARY_KEY */

diff --git a/servers/slapd/back-sql/compare.c b/servers/slapd/back-sql/compare.c
index d7890156c9aba64c1f63e1515d5ffa0a90c54a63..7381ecc057baff1bef90de0db869211d53bb44a2 100644 (file)
--- a/servers/slapd/back-sql/compare.c
+++ b/servers/slapd/back-sql/compare.c
@@ -36,12 +36,11 @@ backsql_compare( Operation *op, SlapReply *rs )
        Attribute               *a = NULL;
        backsql_srch_info       bsi;
        int                     rc;
-       AttributeName           anlist[2];
+       AttributeName           anlist[2],
+                               *anlistp = NULL;
 
-       user_entry.e_name.bv_val = NULL;
-       user_entry.e_name.bv_len = 0;
-       user_entry.e_nname.bv_val = NULL;
-       user_entry.e_nname.bv_len = 0;
+       BER_BVZERO( &user_entry.e_name );
+       BER_BVZERO( &user_entry.e_nname );
        user_entry.e_attrs = NULL;
  
        Debug( LDAP_DEBUG_TRACE, "==>backsql_compare()\n", 0, 0, 0 );
@@ -64,12 +63,43 @@ backsql_compare( Operation *op, SlapReply *rs )
        /*
         * Try to get attr as dynamic operational
         */
+       if ( !is_at_operational( op->oq_compare.rs_ava->aa_desc->ad_type ) ) {
+               anlistp = anlist;
+       }
+
+
+       rc = backsql_init_search( &bsi, &op->o_req_ndn,
+                       LDAP_SCOPE_BASE, 
+                       SLAP_NO_LIMIT, SLAP_NO_LIMIT,
+                       (time_t)(-1), NULL, dbh, op, rs, anlistp,
+                       BACKSQL_ISF_GET_ID );
+       if ( rc != LDAP_SUCCESS ) {
+               Debug( LDAP_DEBUG_TRACE, "backsql_compare(): "
+                       "could not retrieve compareDN ID - no such entry\n", 
+                       0, 0, 0 );
+               rs->sr_err = LDAP_NO_SUCH_OBJECT;
+               goto return_results;
+
+       } else {
+               Entry   e = { 0 };
+
+               e.e_name = bsi.bsi_base_id.eid_dn;
+               e.e_nname = bsi.bsi_base_id.eid_ndn;
+
+               /* FIXME: need the whole entry (ITS#3480) */
+               if ( ! access_allowed( op, &e, slap_schema.si_ad_entry, NULL,
+                                       ACL_DISCLOSE, NULL ) ) {
+                       rs->sr_err = LDAP_NO_SUCH_OBJECT;
+                       goto return_results;
+               }
+       }
+
        if ( is_at_operational( op->oq_compare.rs_ava->aa_desc->ad_type ) ) {
                SlapReply       nrs = { 0 };
 
                user_entry.e_attrs = NULL;
-               user_entry.e_name = op->o_req_dn;
-               user_entry.e_nname = op->o_req_ndn;
+               user_entry.e_name = bsi.bsi_base_id.eid_dn;
+               user_entry.e_nname = bsi.bsi_base_id.eid_ndn;
 
                nrs.sr_attrs = anlist;
                nrs.sr_entry = &user_entry;
@@ -84,19 +114,6 @@ backsql_compare( Operation *op, SlapReply *rs )
                user_entry.e_attrs = nrs.sr_operational_attrs;
 
        } else {
-               rc = backsql_init_search( &bsi, &op->o_req_ndn,
-                               LDAP_SCOPE_BASE, 
-                               SLAP_NO_LIMIT, SLAP_NO_LIMIT,
-                               (time_t)(-1), NULL, dbh, op, rs, anlist,
-                               BACKSQL_ISF_GET_ID );
-               if ( rc != LDAP_SUCCESS ) {
-                       Debug( LDAP_DEBUG_TRACE, "backsql_compare(): "
-                               "could not retrieve compareDN ID - no such entry\n", 
-                               0, 0, 0 );
-                       rs->sr_err = LDAP_NO_SUCH_OBJECT;
-                       goto return_results;
-               }
-
                bsi.bsi_e = &user_entry;
                rc = backsql_id2entry( &bsi, &bsi.bsi_base_id );
                if ( rc != LDAP_SUCCESS ) {
@@ -109,12 +126,7 @@ backsql_compare( Operation *op, SlapReply *rs )
        }
        e = &user_entry;
 
-       if ( ! access_allowed( op, e, slap_schema.si_ad_entry, NULL,
-                               ACL_DISCLOSE, NULL ) ) {
-               rs->sr_err = LDAP_NO_SUCH_OBJECT;
-               goto return_results;
-       }
-
+       /* FIXME: need the whole entry (ITS#3480) */
        if ( ! access_allowed( op, e, op->oq_compare.rs_ava->aa_desc, 
                                &op->oq_compare.rs_ava->aa_value,
                                ACL_COMPARE, NULL ) ) {
@@ -125,7 +137,7 @@ backsql_compare( Operation *op, SlapReply *rs )
        rs->sr_err = LDAP_NO_SUCH_ATTRIBUTE;
        for ( a = attrs_find( e->e_attrs, op->oq_compare.rs_ava->aa_desc );
                        a != NULL;
-                       a = attrs_find( a->a_next, op->oq_compare.rs_ava->aa_desc ))
+                       a = attrs_find( a->a_next, op->oq_compare.rs_ava->aa_desc ) )
        {
                rs->sr_err = LDAP_COMPARE_FALSE;
                if ( value_find_ex( op->oq_compare.rs_ava->aa_desc,

diff --git a/servers/slapd/back-sql/delete.c b/servers/slapd/back-sql/delete.c
index 366297c7915c2a9edf8a7bf1233d1859f11e09b4..20bab6dcc546a529728ddea0c00b3ee4d5dce1a4 100644 (file)
--- a/servers/slapd/back-sql/delete.c
+++ b/servers/slapd/back-sql/delete.c
@@ -101,6 +101,7 @@ backsql_delete( Operation *op, SlapReply *rs )
        e.e_attrs = NULL;
 
        /* check parent for "children" acl */
+       /* FIXME: need the whole entry (ITS#3480) */
        if ( !access_allowed( op, &e, slap_schema.si_ad_children, 
                        NULL, ACL_WRITE, NULL ) ) {
                Debug( LDAP_DEBUG_TRACE, "   backsql_delete(): "
@@ -121,7 +122,7 @@ backsql_delete( Operation *op, SlapReply *rs )
                goto done;
        }
        
-       rs->sr_err = backsql_dn2id( op, rs, &e_id, dbh, &op->o_req_ndn, 1 );
+       rs->sr_err = backsql_dn2id( op, rs, dbh, &op->o_req_ndn, &e_id, 0, 1 );
        if ( rs->sr_err != LDAP_SUCCESS ) {
                Debug( LDAP_DEBUG_TRACE, "   backsql_delete(): "
                        "could not lookup entry id\n", 0, 0, 0 );

diff --git a/servers/slapd/back-sql/entry-id.c b/servers/slapd/back-sql/entry-id.c
index 6d17e0e19f1ab4b6b30b68513ac0c067a5204e96..03e19aa2951113ee3bf74e9c424d72f71eec4e55 100644 (file)
--- a/servers/slapd/back-sql/entry-id.c
+++ b/servers/slapd/back-sql/entry-id.c
@@ -81,9 +81,10 @@ int
 backsql_dn2id(
        Operation               *op,
        SlapReply               *rs,
-       backsql_entryID         *id,
        SQLHDBC                 dbh,
        struct berval           *ndn,
+       backsql_entryID         *id,
+       int                     matched,
        int                     muck )
 {
        backsql_info            *bi = op->o_bd->be_private;
@@ -105,13 +106,14 @@ backsql_dn2id(
         * positive cases, or the most appropriate error
         */
 
-       Debug( LDAP_DEBUG_TRACE, "==>backsql_dn2id(): dn=\"%s\"%s\n", 
-                       ndn->bv_val, id == NULL ? " (no ID)" : "", 0 );
+       Debug( LDAP_DEBUG_TRACE, "==>backsql_dn2id(\"%s\")%s%s\n", 
+                       ndn->bv_val, id == NULL ? " (no ID expected)" : "",
+                       matched ? " matched expected" : "" );
 
        if ( ndn->bv_len > BACKSQL_MAX_DN_LEN ) {
                Debug( LDAP_DEBUG_TRACE, 
-                       "backsql_dn2id(): DN \"%s\" (%ld bytes) "
-                       "exceeds max DN length (%d):\n",
+                       "   backsql_dn2id(\"%s\"): DN length=%ld "
+                       "exceeds max DN length %d:\n",
                        ndn->bv_val, ndn->bv_len, BACKSQL_MAX_DN_LEN );
                return LDAP_OTHER;
        }
@@ -141,13 +143,15 @@ backsql_dn2id(
        }
        
        /* begin TimesTen */
-       Debug( LDAP_DEBUG_TRACE, "id_query \"%s\"\n", bi->sql_id_query, 0, 0 );
+       Debug( LDAP_DEBUG_TRACE, "   backsql_dn2id(\"%s\"): id_query \"%s\"\n",
+                       ndn->bv_val, bi->sql_id_query, 0 );
        assert( bi->sql_id_query );
        rc = backsql_Prepare( dbh, &sth, bi->sql_id_query, 0 );
        if ( rc != SQL_SUCCESS ) {
                Debug( LDAP_DEBUG_TRACE, 
-                       "backsql_dn2id(): error preparing SQL:\n%s", 
-                       bi->sql_id_query, 0, 0);
+                       "   backsql_dn2id(\"%s\"): "
+                       "error preparing SQL:\n   %s", 
+                       ndn->bv_val, bi->sql_id_query, 0 );
                backsql_PrintErrors( bi->sql_db_env, dbh, sth, rc );
                res = LDAP_OTHER;
                goto done;
@@ -177,8 +181,9 @@ backsql_dn2id(
                upperdn[ i ] = '\0';
                ldap_pvt_str2upper( upperdn );
 
-               Debug( LDAP_DEBUG_TRACE, "==>backsql_dn2id(): upperdn=\"%s\"\n",
-                               upperdn, 0, 0 );
+               Debug( LDAP_DEBUG_TRACE, "   backsql_dn2id(\"%s\"): "
+                               "upperdn=\"%s\"\n",
+                               ndn->bv_val, upperdn, 0 );
                ber_str2bv( upperdn, 0, 0, &tbbDN );
 
        } else {
@@ -186,8 +191,9 @@ backsql_dn2id(
                        AC_MEMCPY( upperdn, realndn.bv_val, realndn.bv_len + 1 );
                        ldap_pvt_str2upper( upperdn );
                        Debug( LDAP_DEBUG_TRACE,
-                               "==>backsql_dn2id(): upperdn=\"%s\"\n",
-                               upperdn, 0, 0 );
+                               "   backsql_dn2id(\"%s\"): "
+                               "upperdn=\"%s\"\n",
+                               ndn->bv_val, upperdn, 0 );
                        ber_str2bv( upperdn, 0, 0, &tbbDN );
 
                } else {
@@ -198,9 +204,9 @@ backsql_dn2id(
        rc = backsql_BindParamBerVal( sth, 1, SQL_PARAM_INPUT, &tbbDN );
        if ( rc != SQL_SUCCESS) {
                /* end TimesTen */ 
-               Debug( LDAP_DEBUG_TRACE, "backsql_dn2id(): "
+               Debug( LDAP_DEBUG_TRACE, "   backsql_dn2id(\"%s\"): "
                        "error binding dn=\"%s\" parameter:\n", 
-                       tbbDN.bv_val, 0, 0 );
+                       ndn->bv_val, tbbDN.bv_val, 0 );
                backsql_PrintErrors( bi->sql_db_env, dbh, sth, rc );
                res = LDAP_OTHER;
                goto done;
@@ -208,9 +214,9 @@ backsql_dn2id(
 
        rc = SQLExecute( sth );
        if ( rc != SQL_SUCCESS ) {
-               Debug( LDAP_DEBUG_TRACE, "backsql_dn2id(): "
+               Debug( LDAP_DEBUG_TRACE, "   backsql_dn2id(\"%s\"): "
                        "error executing query (\"%s\", \"%s\"):\n", 
-                       bi->sql_id_query, tbbDN.bv_val, 0 );
+                       ndn->bv_val, bi->sql_id_query, tbbDN.bv_val );
                backsql_PrintErrors( bi->sql_db_env, dbh, sth, rc );
                res = LDAP_OTHER;
                goto done;
@@ -219,7 +225,7 @@ backsql_dn2id(
        backsql_BindRowAsStrings( sth, &row );
        rc = SQLFetch( sth );
        if ( BACKSQL_SUCCESS( rc ) ) {
-               char    buf[BUFSIZ];
+               char    buf[ SLAP_TEXT_BUFLEN ];
 
 #ifdef LDAP_DEBUG
                snprintf( buf, sizeof(buf),
@@ -227,7 +233,8 @@ backsql_dn2id(
                        row.cols[ 0 ], row.cols[ 1 ],
                        row.cols[ 2 ], row.cols[ 3 ] );
                Debug( LDAP_DEBUG_TRACE,
-                       "<==backsql_dn2id(): %s\n", buf, 0, 0 );
+                       "   backsql_dn2id(\"%s\"): %s\n",
+                       ndn->bv_val, buf, 0 );
 #endif /* LDAP_DEBUG */
 
                res = LDAP_SUCCESS;
@@ -252,7 +259,7 @@ backsql_dn2id(
                                res = dnPrettyNormal( NULL, &dn, &id->eid_dn, &id->eid_ndn, NULL );
                                if ( res != LDAP_SUCCESS ) {
                                        Debug( LDAP_DEBUG_TRACE,
-                                               "<==backsql_dn2id(\"%s\"): "
+                                               "   backsql_dn2id(\"%s\"): "
                                                "dnPrettyNormal failed (%d: %s)\n",
                                                realndn.bv_val, res,
                                                ldap_err2string( res ) );
@@ -271,12 +278,13 @@ backsql_dn2id(
 
        } else {
                res = LDAP_NO_SUCH_OBJECT;
-               Debug( LDAP_DEBUG_TRACE, "<==backsql_dn2id(): no match\n",
-                               0, 0, 0 );
        }
        backsql_FreeRow( &row );
 
 done:;
+       Debug( LDAP_DEBUG_TRACE,
+               "<==backsql_dn2id(\"%s\"): err=%d\n",
+               ndn->bv_val, res, 0 );
        if ( sth != SQL_NULL_HSTMT ) {
                SQLFreeStmt( sth, SQL_DROP );
        }
@@ -626,7 +634,7 @@ next:;
                int rc;
 
                bv[ 0 ] = bsi->bsi_oc->bom_oc->soc_cname;
-               bv[ 1 ].bv_val = NULL;
+               BER_BVZERO( &bv[ 1 ] );
 
                rc = structural_class( bv, &soc, NULL, 
                                &text, textbuf, textlen );

diff --git a/servers/slapd/back-sql/modify.c b/servers/slapd/back-sql/modify.c
index 621899c4ac49a78dc292fc337689dd21a34c859d..29b20f130d63dc96abb9b01b3789707e874a822a 100644 (file)
--- a/servers/slapd/back-sql/modify.c
+++ b/servers/slapd/back-sql/modify.c
@@ -113,6 +113,7 @@ backsql_modify( Operation *op, SlapReply *rs )
                goto done;
        }
 
+       /* FIXME: need the whole entry (ITS#3480) */
        if ( !acl_check_modlist( op, &e, op->oq_modify.rs_modlist ) ) {
                rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
 

diff --git a/servers/slapd/back-sql/modrdn.c b/servers/slapd/back-sql/modrdn.c
index c54d8833c9c9583b4962d26238ef94fb6b81d904..1ffa97915865eb5c9178da522251724652d48cc0 100644 (file)
--- a/servers/slapd/back-sql/modrdn.c
+++ b/servers/slapd/back-sql/modrdn.c
@@ -66,7 +66,7 @@ backsql_modrdn( Operation *op, SlapReply *rs )
                return 1;
        }
 
-       rs->sr_err = backsql_dn2id( op, rs, &e_id, dbh, &op->o_req_ndn, 1 );
+       rs->sr_err = backsql_dn2id( op, rs, dbh, &op->o_req_ndn, &e_id, 0, 1 );
        if ( rs->sr_err != LDAP_SUCCESS ) {
                Debug( LDAP_DEBUG_TRACE, "   backsql_modrdn(): "
                        "could not lookup entry id (%d)\n",
@@ -116,6 +116,7 @@ backsql_modrdn( Operation *op, SlapReply *rs )
        e.e_attrs = NULL;
        e.e_name = p_dn;
        e.e_nname = p_ndn;
+       /* FIXME: need the whole entry (ITS#3480) */
        if ( !access_allowed( op, &e, slap_schema.si_ad_children, 
                                NULL, ACL_WRITE, NULL ) ) {
                Debug( LDAP_DEBUG_TRACE, "   no access to parent\n", 0, 0, 0 );
@@ -145,6 +146,7 @@ backsql_modrdn( Operation *op, SlapReply *rs )
                /*
                 * Check for children access to new parent
                 */
+               /* FIXME: need the whole entry (ITS#3480) */
                if ( !access_allowed( op, &e, slap_schema.si_ad_children, 
                                        NULL, ACL_WRITE, NULL ) ) {
                        Debug( LDAP_DEBUG_TRACE, "   backsql_modrdn(): "
@@ -192,7 +194,7 @@ backsql_modrdn( Operation *op, SlapReply *rs )
        Debug( LDAP_DEBUG_TRACE, "   backsql_modrdn(): new entry dn is \"%s\"\n",
                        new_dn.bv_val, 0, 0 );
 
-       rs->sr_err = backsql_dn2id( op, rs, &pe_id, dbh, &p_ndn, 1 );
+       rs->sr_err = backsql_dn2id( op, rs, dbh, &p_ndn, &pe_id, 0, 1 );
        if ( rs->sr_err != LDAP_SUCCESS ) {
                Debug( LDAP_DEBUG_TRACE, "   backsql_modrdn(): "
                        "could not lookup old parent entry id\n", 0, 0, 0 );
@@ -212,7 +214,7 @@ backsql_modrdn( Operation *op, SlapReply *rs )
 
        (void)backsql_free_entryID( &pe_id, 0 );
 
-       rs->sr_err = backsql_dn2id( op, rs, &new_pe_id, dbh, new_npdn, 1 );
+       rs->sr_err = backsql_dn2id( op, rs, dbh, new_npdn, &new_pe_id, 0, 1 );
        if ( rs->sr_err != LDAP_SUCCESS ) {
                Debug( LDAP_DEBUG_TRACE, "   backsql_modrdn(): "
                        "could not lookup new parent entry id\n", 0, 0, 0 );
@@ -420,6 +422,7 @@ backsql_modrdn( Operation *op, SlapReply *rs )
                goto modrdn_return;
        }
 
+       /* FIXME: need the whole entry (ITS#3480) */
        if ( !acl_check_modlist( op, &e, mod )) {
                rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
                goto modrdn_return;

diff --git a/servers/slapd/back-sql/proto-sql.h b/servers/slapd/back-sql/proto-sql.h
index 1e019b587a10c351a83edd25281061e383a2543c..75b2634941bd40cdd1c533ef264a5ebf8a19402c 100644 (file)
--- a/servers/slapd/back-sql/proto-sql.h
+++ b/servers/slapd/back-sql/proto-sql.h
@@ -111,8 +111,9 @@ extern struct berval        backsql_baseObject_bv;
 #endif /* BACKSQL_ARBITRARY_KEY */
 
 /* stores in *id the ID in table ldap_entries corresponding to DN, if any */
-int backsql_dn2id( Operation *op, SlapReply *rs, backsql_entryID *id,
-               SQLHDBC dbh, struct berval *dn, int muck );
+int backsql_dn2id( Operation *op, SlapReply *rs, SQLHDBC dbh,
+               struct berval *ndn, backsql_entryID *id,
+               int matched, int muck );
 
 /* stores in *nchildren the count of children for an entry */
 int backsql_count_children( backsql_info *bi, SQLHDBC dbh,
@@ -163,6 +164,11 @@ int backsql_destroy_schema_map( backsql_info *si );
 
 /* the function must collect the entry associated to nbase */
 #define BACKSQL_ISF_GET_ID     0x1U
+#define BACKSQL_ISF_MATCHED    0x2U
+#define BACKSQL_IS_GET_ID(f) \
+       ( ( (f) & BACKSQL_ISF_GET_ID ) == BACKSQL_ISF_GET_ID )
+#define BACKSQL_IS_MATCHED(f) \
+       ( ( (f) & BACKSQL_ISF_MATCHED ) == BACKSQL_ISF_MATCHED )
 int backsql_init_search( backsql_srch_info *bsi, 
                struct berval *nbase, int scope, int slimit, int tlimit,
                time_t stoptime, Filter *filter, SQLHDBC dbh,

diff --git a/servers/slapd/back-sql/search.c b/servers/slapd/back-sql/search.c
index ace1fc6d249b7ade6e0662586e9fd0e076a2cef7..879379d03979afdf76065df0a01afbab6c4082d1 100644 (file)
--- a/servers/slapd/back-sql/search.c
+++ b/servers/slapd/back-sql/search.c
@@ -195,10 +195,11 @@ backsql_init_search(
        bsi->bsi_flt_where.bb_len = 0;
        bsi->bsi_filter_oc = NULL;
 
-       if ( flags & BACKSQL_ISF_GET_ID ) {
+       if ( BACKSQL_IS_GET_ID( flags ) ) {
                assert( op->o_bd->be_private );
 
-               rc = backsql_dn2id( op, rs, &bsi->bsi_base_id, dbh, nbase, 1 );
+               rc = backsql_dn2id( op, rs, dbh, nbase, &bsi->bsi_base_id,
+                               BACKSQL_IS_MATCHED( flags ), 1 );
        }
 
        return ( bsi->bsi_status = rc );
@@ -686,8 +687,7 @@ backsql_process_filter( backsql_srch_info *bsi, Filter *f )
 #ifdef BACKSQL_SYNCPROV
        } else if ( ad == slap_schema.si_ad_entryCSN ) {
                /*
-                * TODO: introduce appropriate entryCSN filtering
-                * to support syncrepl as producer...
+                * support for syncrepl as producer...
                 */
                if ( !bsi->bsi_op->o_sync ) {
                        /* unsupported at present... */
@@ -1716,13 +1716,20 @@ backsql_search( Operation *op, SlapReply *rs )
        if ( rs->sr_err != LDAP_SUCCESS ) {
                send_ldap_result( op, rs );
                goto done;
-       }
 
-       if ( ! access_allowed( op, bsi.bsi_e, slap_schema.si_ad_entry, NULL,
-                               ACL_DISCLOSE, NULL ) ) {
-               rs->sr_err = LDAP_NO_SUCH_OBJECT;
-               send_ldap_result( op, rs );
-               goto done;
+       } else {
+               Entry   e = { 0 };
+
+               e.e_name = bsi.bsi_base_id.eid_dn;
+               e.e_nname = bsi.bsi_base_id.eid_ndn;
+               /* FIXME: need the whole entry (ITS#3480) */
+               if ( ! access_allowed( op, &e, slap_schema.si_ad_entry,
+                               NULL, ACL_DISCLOSE, NULL ) )
+               {
+                       rs->sr_err = LDAP_NO_SUCH_OBJECT;
+                       send_ldap_result( op, rs );
+                       goto done;
+               }
        }
 
        bsi.bsi_n_candidates =
@@ -1911,7 +1918,7 @@ backsql_search( Operation *op, SlapReply *rs )
                        }
 
                        if ( !rs->sr_ref ) {
-                               rs->sr_text = "bad_referral object";
+                               rs->sr_text = "bad referral object";
                        }
 
                        rs->sr_entry = e;
@@ -1995,6 +2002,7 @@ backsql_search( Operation *op, SlapReply *rs )
                        if ( e == &user_entry ) {
                                rs->sr_flags = REP_ENTRY_MODIFIABLE;
                        }
+                       /* FIXME: need the whole entry (ITS#3480) */
                        sres = send_search_entry( op, rs );
                        rs->sr_entry = NULL;
                        rs->sr_attrs = NULL;