Commit 9fd0ad6f authored by Quanah Gibson-Mount's avatar Quanah Gibson-Mount
Browse files

ITS#6753

parent d6f89872
......@@ -28,6 +28,7 @@ OpenLDAP 2.4.24 Engineering
Fixed slapd config leak with olcDbDirectory (ITS#6634)
Fixed slapd connectionless warnings (ITS#6747)
Fixed slapd to free controls if needed (ITS#6629)
Fixed slapd entry comparisons (ITS#6753)
Fixed slapd filter leak (ITS#6635)
Fixed slapd matching rules for strict ordering (ITS#6722)
Fixed slapd extensible match for ordering rules (ITS#6532)
......
......@@ -122,52 +122,7 @@ dn2entry_retry:
goto done;
}
if ( get_assert( op ) &&
( test_filter( op, e, get_assertion( op )) != LDAP_COMPARE_TRUE ))
{
if ( !access_allowed( op, e, slap_schema.si_ad_entry,
NULL, ACL_DISCLOSE, NULL ) )
{
rs->sr_err = LDAP_NO_SUCH_OBJECT;
} else {
rs->sr_err = LDAP_ASSERTION_FAILED;
}
goto return_results;
}
if ( !access_allowed( op, e, op->oq_compare.rs_ava->aa_desc,
&op->oq_compare.rs_ava->aa_value, ACL_COMPARE, NULL ) )
{
/* return error only if "disclose"
* is granted on the object */
if ( !access_allowed( op, e, slap_schema.si_ad_entry,
NULL, ACL_DISCLOSE, NULL ) )
{
rs->sr_err = LDAP_NO_SUCH_OBJECT;
} else {
rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
}
goto return_results;
}
rs->sr_err = LDAP_NO_SUCH_ATTRIBUTE;
for ( a = attrs_find( e->e_attrs, op->oq_compare.rs_ava->aa_desc );
a != NULL;
a = attrs_find( a->a_next, op->oq_compare.rs_ava->aa_desc ) )
{
rs->sr_err = LDAP_COMPARE_FALSE;
if ( attr_valfind( a,
SLAP_MR_ATTRIBUTE_VALUE_NORMALIZED_MATCH |
SLAP_MR_ASSERTED_VALUE_NORMALIZED_MATCH,
&op->oq_compare.rs_ava->aa_value, NULL,
op->o_tmpmemctx ) == 0 )
{
rs->sr_err = LDAP_COMPARE_TRUE;
break;
}
}
rs->sr_err = slap_compare_entry( op, e, op->orc_ava );
return_results:
send_ldap_result( op, rs );
......
......@@ -57,30 +57,7 @@ monitor_back_compare( Operation *op, SlapReply *rs )
return rs->sr_err;
}
rs->sr_err = access_allowed( op, e, op->oq_compare.rs_ava->aa_desc,
&op->oq_compare.rs_ava->aa_value, ACL_COMPARE, NULL );
if ( !rs->sr_err ) {
rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
goto return_results;
}
rs->sr_err = LDAP_NO_SUCH_ATTRIBUTE;
for ( a = attrs_find( e->e_attrs, op->oq_compare.rs_ava->aa_desc );
a != NULL;
a = attrs_find( a->a_next, op->oq_compare.rs_ava->aa_desc )) {
rs->sr_err = LDAP_COMPARE_FALSE;
if ( attr_valfind( a,
SLAP_MR_ATTRIBUTE_VALUE_NORMALIZED_MATCH |
SLAP_MR_ASSERTED_VALUE_NORMALIZED_MATCH,
&op->oq_compare.rs_ava->aa_value, NULL,
op->o_tmpmemctx ) == 0 )
{
rs->sr_err = LDAP_COMPARE_TRUE;
break;
}
}
rs->sr_err = slap_compare_entry( op, e, op->orc_ava );
return_results:;
rc = rs->sr_err;
......@@ -90,15 +67,7 @@ return_results:;
rc = LDAP_SUCCESS;
break;
case LDAP_NO_SUCH_ATTRIBUTE:
break;
default:
if ( !access_allowed_mask( op, e, slap_schema.si_ad_entry,
NULL, ACL_DISCLOSE, NULL, NULL ) )
{
rs->sr_err = LDAP_NO_SUCH_OBJECT;
}
break;
}
......
......@@ -31,11 +31,6 @@
#include "slap.h"
static int compare_entry(
Operation *op,
Entry *e,
AttributeAssertion *ava );
int
do_compare(
Operation *op,
......@@ -176,7 +171,7 @@ fe_op_compare( Operation *op, SlapReply *rs )
}
if( entry ) {
rs->sr_err = compare_entry( op, entry, ava );
rs->sr_err = slap_compare_entry( op, entry, ava );
entry_free( entry );
send_ldap_result( op, rs );
......@@ -352,7 +347,7 @@ cleanup:;
return rs->sr_err;
}
static int compare_entry(
int slap_compare_entry(
Operation *op,
Entry *e,
AttributeAssertion *ava )
......@@ -367,13 +362,20 @@ static int compare_entry(
goto done;
}
if ( get_assert( op ) &&
( test_filter( op, e, get_assertion( op )) != LDAP_COMPARE_TRUE ))
{
rc = LDAP_ASSERTION_FAILED;
goto done;
}
a = attrs_find( e->e_attrs, ava->aa_desc );
if( a == NULL ) {
rc = LDAP_NO_SUCH_ATTRIBUTE;
goto done;
}
for(a = attrs_find( e->e_attrs, ava->aa_desc );
for(;
a != NULL;
a = attrs_find( a->a_next, ava->aa_desc ))
{
......
......@@ -515,6 +515,15 @@ LDAP_SLAPD_F (void) ch_free LDAP_P(( void * ));
#define free ch_free
#endif
/*
* compare.c
*/
LDAP_SLAPD_F (int) slap_compare_entry LDAP_P((
Operation *op,
Entry *e,
AttributeAssertion *ava ));
/*
* component.c
*/
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment