From a997b94f1ffbb6dc60f0a8c3dbe22d817cfd5cf4 Mon Sep 17 00:00:00 2001 From: Kurt Zeilenga Date: Fri, 17 Sep 2004 22:07:29 +0000 Subject: [PATCH] ITS#3333 fix for compare filterentry cleanup --- servers/slapd/compare.c | 13 +++++++++++-- servers/slapd/filterentry.c | 5 ++--- 2 files changed, 13 insertions(+), 5 deletions(-) diff --git a/servers/slapd/compare.c b/servers/slapd/compare.c index 8524d1aee3..0ade75a500 100644 --- a/servers/slapd/compare.c +++ b/servers/slapd/compare.c @@ -326,7 +326,7 @@ static int compare_entry( Entry *e, AttributeAssertion *ava ) { - int rc = LDAP_NO_SUCH_ATTRIBUTE; + int rc; Attribute *a; if ( ! access_allowed( op, e, @@ -335,11 +335,20 @@ static int compare_entry( return LDAP_INSUFFICIENT_ACCESS; } + a = attrs_find( e->e_attrs, ava->aa_desc ); + if( a == NULL ) return LDAP_NO_SUCH_ATTRIBUTE; + + rc = LDAP_COMPARE_FALSE; for(a = attrs_find( e->e_attrs, ava->aa_desc ); a != NULL; a = attrs_find( a->a_next, ava->aa_desc )) { - rc = LDAP_COMPARE_FALSE; + if (( ava->aa_desc != a->a_desc ) && ! access_allowed( op, + e, a->a_desc, &ava->aa_value, ACL_COMPARE, NULL ) ) + { + rc = LDAP_INSUFFICIENT_ACCESS; + break; + } if ( value_find_ex( ava->aa_desc, SLAP_MR_ATTRIBUTE_VALUE_NORMALIZED_MATCH | diff --git a/servers/slapd/filterentry.c b/servers/slapd/filterentry.c index 4283a818c6..3cce2fb480 100644 --- a/servers/slapd/filterentry.c +++ b/servers/slapd/filterentry.c @@ -433,8 +433,8 @@ test_ava_filter( MatchingRule *mr; struct berval *bv; - if (( ava->aa_desc != a->a_desc ) && !access_allowed( op, e, - a->a_desc, &ava->aa_value, ACL_SEARCH, NULL )) + if (( ava->aa_desc != a->a_desc ) && !access_allowed( op, + e, a->a_desc, &ava->aa_value, ACL_SEARCH, NULL )) { rc = LDAP_INSUFFICIENT_ACCESS; continue; @@ -512,7 +512,6 @@ test_presence_filter( } if ( desc == slap_schema.si_ad_hasSubordinates ) { - /* * XXX: fairly optimistic: if the function is defined, * then PRESENCE must succeed, because hasSubordinate -- 2.39.5