]> git.sur5r.net Git - openldap/commitdiff
projects / openldap / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 3b42e19)
don't rely on attribute values in the returned entry: the control may act on attribut...
authorPierangelo Masarati <ando@openldap.org>
Sat, 25 Oct 2008 11:06:29 +0000 (11:06 +0000)
committerPierangelo Masarati <ando@openldap.org>
Sat, 25 Oct 2008 11:06:29 +0000 (11:06 +0000)
servers/slapd/overlays/deref.c patch | blob | history

diff --git a/servers/slapd/overlays/deref.c b/servers/slapd/overlays/deref.c
index 0ac82b5cbe417805954b5699d8396835996ebe38..8c42170299fe5adeeef3a7d7ddb9c21a8235b81b 100644 (file)
--- a/servers/slapd/overlays/deref.c
+++ b/servers/slapd/overlays/deref.c
@@ -280,16 +280,29 @@ deref_response( Operation *op, SlapReply *rs )
                LDAPControl *ctrl, **ctrlsp;
                AccessControlState acl_state = ACL_STATE_INIT;
                static char dummy = '\0';
+               Entry *ebase;
                int i;
 
                op->o_bd->bd_info = (BackendInfo *)dc->dc_on->on_info;
+               rc = overlay_entry_get_ov( op, &rs->sr_entry->e_nname, NULL, NULL, 0, &ebase, dc->dc_on );
+               if ( rc != LDAP_SUCCESS || ebase == NULL ) {
+                       op->o_bd->bd_info = bi;
+                       return SLAP_CB_CONTINUE;
+               }
+
                for ( ds = dc->dc_ds; ds; ds = ds->ds_next ) {
-                       Attribute *a = attr_find( rs->sr_entry->e_attrs, ds->ds_derefAttr );
+                       Attribute *a = attr_find( ebase->e_attrs, ds->ds_derefAttr );
 
                        if ( a != NULL ) {
                                DerefVal *dv;
                                BerVarray *bva;
 
+                               if ( !access_allowed( op, rs->sr_entry, a->a_desc,
+                                               NULL, ACL_READ, &acl_state ) )
+                               {
+                                       continue;
+                               }
+
                                dr = op->o_tmpcalloc( 1,
                                        sizeof( DerefRes ) + ( sizeof( DerefVal ) + sizeof( BerVarray * ) * ds->ds_nattrs ) * ( a->a_numvals + 1 ),
                                        op->o_tmpmemctx );
@@ -374,6 +387,7 @@ deref_response( Operation *op, SlapReply *rs )
                                drp = &dr->dr_next;
                        }
                }
+               overlay_entry_release_ov( op, ebase, 0, dc->dc_on );
                op->o_bd->bd_info = bi;
 
                if ( drhead == NULL ) {
Cloned from git://git.openldap.org/openldap.git