From: Pierangelo Masarati <ando@openldap.org>
Date: Fri, 14 Jan 2005 12:01:03 +0000 (+0000)
Subject: condition compilation of DISCLOSE checking (there's more to do)
X-Git-Tag: OPENLDAP_REL_ENG_2_3_BP~370
X-Git-Url: https://git.sur5r.net/?a=commitdiff_plain;h=0079b3ce45e7dc93063cd9b13e797d0654010383;p=openldap

condition compilation of DISCLOSE checking (there's more to do)
---

diff --git a/servers/slapd/back-sql/compare.c b/servers/slapd/back-sql/compare.c
index 0f58137466..ac23f9e6c1 100644
--- a/servers/slapd/back-sql/compare.c
+++ b/servers/slapd/back-sql/compare.c
@@ -67,7 +67,9 @@ backsql_compare( Operation *op, SlapReply *rs )
 		anlistp = anlist;
 	}
 
-
+	/*
+	 * FIXME: deal with matchedDN/referral?
+	 */
 	rc = backsql_init_search( &bsi, &op->o_req_ndn,
 			LDAP_SCOPE_BASE, 
 			SLAP_NO_LIMIT, SLAP_NO_LIMIT,
@@ -79,19 +81,6 @@ backsql_compare( Operation *op, SlapReply *rs )
 			0, 0, 0 );
 		rs->sr_err = LDAP_NO_SUCH_OBJECT;
 		goto return_results;
-
-	} else {
-		Entry	e = { 0 };
-
-		e.e_name = bsi.bsi_base_id.eid_dn;
-		e.e_nname = bsi.bsi_base_id.eid_ndn;
-
-		/* FIXME: need the whole entry (ITS#3480) */
-		if ( ! access_allowed( op, &e, slap_schema.si_ad_entry, NULL,
-					ACL_DISCLOSE, NULL ) ) {
-			rs->sr_err = LDAP_NO_SUCH_OBJECT;
-			goto return_results;
-		}
 	}
 
 	if ( is_at_operational( op->oq_compare.rs_ava->aa_desc->ad_type ) ) {
@@ -126,11 +115,18 @@ backsql_compare( Operation *op, SlapReply *rs )
 	}
 	e = &user_entry;
 
-	/* FIXME: need the whole entry (ITS#3480) */
 	if ( ! access_allowed( op, e, op->oq_compare.rs_ava->aa_desc, 
 				&op->oq_compare.rs_ava->aa_value,
 				ACL_COMPARE, NULL ) ) {
-		rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
+#ifdef SLAP_ACL_HONOR_DISCLOSE
+		if ( ! access_allowed( op, &e, slap_schema.si_ad_entry, NULL,
+					ACL_DISCLOSE, NULL ) ) {
+			rs->sr_err = LDAP_NO_SUCH_OBJECT;
+		} else
+#endif /* SLAP_ACL_HONOR_DISCLOSE */
+		{
+			rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
+		}
 		goto return_results;
 	}
 
diff --git a/servers/slapd/back-sql/search.c b/servers/slapd/back-sql/search.c
index d74d896c9e..0f8ac3fa19 100644
--- a/servers/slapd/back-sql/search.c
+++ b/servers/slapd/back-sql/search.c
@@ -277,9 +277,15 @@ backsql_init_search(
 
 	bsi->bsi_status = rc;
 
-	if ( rc != LDAP_SUCCESS ) {
+	switch ( rc ) {
+	case LDAP_SUCCESS:
+	case LDAP_REFERRAL:
+		break;
+
+	default:
 		bsi->bsi_op->o_tmpfree( bsi->bsi_attrs,
 				bsi->bsi_op->o_tmpmemctx );
+		break;
 	}
 
 	return rc;