]> git.sur5r.net Git - openldap/commitdiff
projects / openldap / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 9c5768c)
ITS#3333 fix for compare
authorKurt Zeilenga <kurt@openldap.org>
Fri, 17 Sep 2004 22:07:29 +0000 (22:07 +0000)
committerKurt Zeilenga <kurt@openldap.org>
Fri, 17 Sep 2004 22:07:29 +0000 (22:07 +0000)
filterentry cleanup

servers/slapd/compare.c patch | blob | history
servers/slapd/filterentry.c patch | blob | history

diff --git a/servers/slapd/compare.c b/servers/slapd/compare.c
index 8524d1aee39e7e26458cc550315f99da7b698b5d..0ade75a500b9678b843558f45f283c329f03f42a 100644 (file)
--- a/servers/slapd/compare.c
+++ b/servers/slapd/compare.c
@@ -326,7 +326,7 @@ static int compare_entry(
        Entry *e,
        AttributeAssertion *ava )
 {
-       int rc = LDAP_NO_SUCH_ATTRIBUTE;
+       int rc;
        Attribute *a;
 
        if ( ! access_allowed( op, e,
@@ -335,11 +335,20 @@ static int compare_entry(
                return LDAP_INSUFFICIENT_ACCESS;
        }
 
+       a = attrs_find( e->e_attrs, ava->aa_desc );
+       if( a == NULL ) return LDAP_NO_SUCH_ATTRIBUTE;
+
+       rc = LDAP_COMPARE_FALSE;
        for(a = attrs_find( e->e_attrs, ava->aa_desc );
                a != NULL;
                a = attrs_find( a->a_next, ava->aa_desc ))
        {
-               rc = LDAP_COMPARE_FALSE;
+               if (( ava->aa_desc != a->a_desc ) && ! access_allowed( op,
+                       e, a->a_desc, &ava->aa_value, ACL_COMPARE, NULL ) )
+               {       
+                       rc = LDAP_INSUFFICIENT_ACCESS;
+                       break;
+               }
 
                if ( value_find_ex( ava->aa_desc,
                        SLAP_MR_ATTRIBUTE_VALUE_NORMALIZED_MATCH |
diff --git a/servers/slapd/filterentry.c b/servers/slapd/filterentry.c
index 4283a818c6a7d88a25ba9ad5517332e56aef7d59..3cce2fb480ba7732ca695531de05c7c0ca4eb55d 100644 (file)
--- a/servers/slapd/filterentry.c
+++ b/servers/slapd/filterentry.c
@@ -433,8 +433,8 @@ test_ava_filter(
                MatchingRule *mr;
                struct berval *bv;
 
-               if (( ava->aa_desc != a->a_desc ) && !access_allowed( op, e,
-                       a->a_desc, &ava->aa_value, ACL_SEARCH, NULL ))
+               if (( ava->aa_desc != a->a_desc ) && !access_allowed( op,
+                       e, a->a_desc, &ava->aa_value, ACL_SEARCH, NULL ))
                {
                        rc = LDAP_INSUFFICIENT_ACCESS;
                        continue;
@@ -512,7 +512,6 @@ test_presence_filter(
        }
 
        if ( desc == slap_schema.si_ad_hasSubordinates ) {
-
                /*
                 * XXX: fairly optimistic: if the function is defined,
                 * then PRESENCE must succeed, because hasSubordinate
Cloned from git://git.openldap.org/openldap.git