From: Pierangelo Masarati <ando@openldap.org>
Date: Tue, 11 Jan 2005 19:37:55 +0000 (+0000)
Subject: honor 'disclose' ACL on searchBase/compare/referral/matched (ITS#3472 and comments... 
X-Git-Tag: OPENLDAP_REL_ENG_2_3_BP~429
X-Git-Url: https://git.sur5r.net/?a=commitdiff_plain;h=0e04985332268e193339c3a3b8f5f6ad6d20577e;p=openldap

honor 'disclose' ACL on searchBase/compare/referral/matched (ITS#3472 and comments on -devel)
---

diff --git a/servers/slapd/back-sql/compare.c b/servers/slapd/back-sql/compare.c
index 08f4c7f356..d7890156c9 100644
--- a/servers/slapd/back-sql/compare.c
+++ b/servers/slapd/back-sql/compare.c
@@ -109,6 +109,12 @@ backsql_compare( Operation *op, SlapReply *rs )
 	}
 	e = &user_entry;
 
+	if ( ! access_allowed( op, e, slap_schema.si_ad_entry, NULL,
+				ACL_DISCLOSE, NULL ) ) {
+		rs->sr_err = LDAP_NO_SUCH_OBJECT;
+		goto return_results;
+	}
+
 	if ( ! access_allowed( op, e, op->oq_compare.rs_ava->aa_desc, 
 				&op->oq_compare.rs_ava->aa_value,
 				ACL_COMPARE, NULL ) ) {
diff --git a/servers/slapd/back-sql/search.c b/servers/slapd/back-sql/search.c
index cb4089b192..ace1fc6d24 100644
--- a/servers/slapd/back-sql/search.c
+++ b/servers/slapd/back-sql/search.c
@@ -1718,6 +1718,13 @@ backsql_search( Operation *op, SlapReply *rs )
 		goto done;
 	}
 
+	if ( ! access_allowed( op, bsi.bsi_e, slap_schema.si_ad_entry, NULL,
+				ACL_DISCLOSE, NULL ) ) {
+		rs->sr_err = LDAP_NO_SUCH_OBJECT;
+		send_ldap_result( op, rs );
+		goto done;
+	}
+
 	bsi.bsi_n_candidates =
 		( op->ors_limit == NULL	/* isroot == TRUE */ ? -2 : 
 		( op->ors_limit->lms_s_unchecked == -1 ? -2 :