Initial ITS#3333 fix

author Kurt Zeilenga <kurt@openldap.org>

Fri, 17 Sep 2004 21:43:28 +0000 (21:43 +0000)

committer Kurt Zeilenga <kurt@openldap.org>

Fri, 17 Sep 2004 21:43:28 +0000 (21:43 +0000)
author Kurt Zeilenga <kurt@openldap.org>
Fri, 17 Sep 2004 21:43:28 +0000 (21:43 +0000)
committer Kurt Zeilenga <kurt@openldap.org>
Fri, 17 Sep 2004 21:43:28 +0000 (21:43 +0000)
diff --git a/servers/slapd/filterentry.c b/servers/slapd/filterentry.c

index 6380d45297446a98004a057f90f5e8e031871a87..4283a818c6a7d88a25ba9ad5517332e56aef7d59 100644 (file)
--- a/servers/slapd/filterentry.c
+++ b/servers/slapd/filterentry.c
@@ -359,6 +359,7 @@ test_ava_filter(
         AttributeAssertion *ava,
         int             type )
  {
+       int rc;
         Attribute       *a;
  
         if ( !access_allowed( op, e,
@@ -423,6 +424,8 @@ test_ava_filter(
                 return LDAP_COMPARE_FALSE;
         }
  
+       rc = LDAP_COMPARE_FALSE;
+
         for(a = attrs_find( e->e_attrs, ava->aa_desc );
                 a != NULL;
                 a = attrs_find( a->a_next, ava->aa_desc ) )
@@ -430,6 +433,13 @@ test_ava_filter(
                 MatchingRule *mr;
                 struct berval *bv;
  
+               if (( ava->aa_desc != a->a_desc ) && !access_allowed( op, e,
+                       a->a_desc, &ava->aa_value, ACL_SEARCH, NULL ))
+               {
+                       rc = LDAP_INSUFFICIENT_ACCESS;
+                       continue;
+               }
+
                 switch ( type ) {
                 case LDAP_FILTER_APPROX:
                         mr = a->a_desc->ad_type->sat_approx;
@@ -450,17 +460,23 @@ test_ava_filter(
                         mr = NULL;
                 }
  
-               if( mr == NULL ) continue;
+               if( mr == NULL ) {
+                       rc = LDAP_OTHER;
+                       continue;
+               }
  
                 for ( bv = a->a_nvals; bv->bv_val != NULL; bv++ ) {
                         int ret;
-                       int rc;
+                       int tmprc;
                         const char *text;
  
-                       rc = value_match( &ret, a->a_desc, mr, 0,
+                       tmprc = value_match( &ret, a->a_desc, mr, 0,
                                 bv, &ava->aa_value, &text );
  
-                       if( rc != LDAP_SUCCESS ) return rc;
+                       if( tmprc != LDAP_SUCCESS ) {
+                               rc = tmprc;
+                               continue;
+                       }
  
                         switch ( type ) {
                         case LDAP_FILTER_EQUALITY:
@@ -479,7 +495,7 @@ test_ava_filter(
                 }
         }
  
-       return LDAP_COMPARE_FALSE;
+       return rc;
  }
author	Kurt Zeilenga <kurt@openldap.org>
	Fri, 17 Sep 2004 21:43:28 +0000 (21:43 +0000)
committer	Kurt Zeilenga <kurt@openldap.org>
	Fri, 17 Sep 2004 21:43:28 +0000 (21:43 +0000)