From: Kurt Zeilenga <kurt@openldap.org>
Date: Fri, 17 Sep 2004 22:07:29 +0000 (+0000)
Subject: ITS#3333 fix for compare
X-Git-Tag: OPENLDAP_REL_ENG_2_3_0ALPHA~528
X-Git-Url: https://git.sur5r.net/?a=commitdiff_plain;h=a997b94f1ffbb6dc60f0a8c3dbe22d817cfd5cf4;p=openldap

ITS#3333 fix for compare
filterentry cleanup
---

diff --git a/servers/slapd/compare.c b/servers/slapd/compare.c
index 8524d1aee3..0ade75a500 100644
--- a/servers/slapd/compare.c
+++ b/servers/slapd/compare.c
@@ -326,7 +326,7 @@ static int compare_entry(
 	Entry *e,
 	AttributeAssertion *ava )
 {
-	int rc = LDAP_NO_SUCH_ATTRIBUTE;
+	int rc;
 	Attribute *a;
 
 	if ( ! access_allowed( op, e,
@@ -335,11 +335,20 @@ static int compare_entry(
 		return LDAP_INSUFFICIENT_ACCESS;
 	}
 
+	a = attrs_find( e->e_attrs, ava->aa_desc );
+	if( a == NULL ) return LDAP_NO_SUCH_ATTRIBUTE;
+
+	rc = LDAP_COMPARE_FALSE;
 	for(a = attrs_find( e->e_attrs, ava->aa_desc );
 		a != NULL;
 		a = attrs_find( a->a_next, ava->aa_desc ))
 	{
-		rc = LDAP_COMPARE_FALSE;
+		if (( ava->aa_desc != a->a_desc ) && ! access_allowed( op,
+			e, a->a_desc, &ava->aa_value, ACL_COMPARE, NULL ) )
+		{	
+			rc = LDAP_INSUFFICIENT_ACCESS;
+			break;
+		}
 
 		if ( value_find_ex( ava->aa_desc,
 			SLAP_MR_ATTRIBUTE_VALUE_NORMALIZED_MATCH |
diff --git a/servers/slapd/filterentry.c b/servers/slapd/filterentry.c
index 4283a818c6..3cce2fb480 100644
--- a/servers/slapd/filterentry.c
+++ b/servers/slapd/filterentry.c
@@ -433,8 +433,8 @@ test_ava_filter(
 		MatchingRule *mr;
 		struct berval *bv;
 
-		if (( ava->aa_desc != a->a_desc ) && !access_allowed( op, e,
-			a->a_desc, &ava->aa_value, ACL_SEARCH, NULL ))
+		if (( ava->aa_desc != a->a_desc ) && !access_allowed( op,
+			e, a->a_desc, &ava->aa_value, ACL_SEARCH, NULL ))
 		{
 			rc = LDAP_INSUFFICIENT_ACCESS;
 			continue;
@@ -512,7 +512,6 @@ test_presence_filter(
 	}
 
 	if ( desc == slap_schema.si_ad_hasSubordinates ) {
-
 		/*
 		 * XXX: fairly optimistic: if the function is defined,
 		 * then PRESENCE must succeed, because hasSubordinate