From 2d6669c5c6b9e43178c6046f2cc85ed954b120c4 Mon Sep 17 00:00:00 2001
From: Quanah Gibson-Mount <quanah@openldap.org>
Date: Wed, 21 Jan 2009 02:03:03 +0000
Subject: [PATCH] ITS#5861

---
 CHANGES                      |  1 +
 servers/slapd/back-bdb/add.c |  7 +++++++
 servers/slapd/back-sql/add.c | 11 +++++++++++
 servers/slapd/controls.c     |  3 +--
 4 files changed, 20 insertions(+), 2 deletions(-)

diff --git a/CHANGES b/CHANGES
index a38e8b0c1b..9413524571 100644
--- a/CHANGES
+++ b/CHANGES
@@ -12,6 +12,7 @@ OpenLDAP 2.4.14 Engineering
 	Fixed slapd bconfig to return error codes (ITS#5867)
 	Fixed slapd syncrepl rename handling (ITS#5809)
 	Fixed slapd syncrepl MMR when adding new server (ITS#5850)
+	Fixed slapd-bdb/hdb RFC4528 control support (ITS#5861)
 	Fixed slapd-ldap idassert-bind validity checking (ITS#5863)
 	Fixed slapd-ldif numerous bugs (ITS#5408)
 	Fixed slapd-ldif rename on same DN (ITS#5319)
diff --git a/servers/slapd/back-bdb/add.c b/servers/slapd/back-bdb/add.c
index 402c837b9c..1c73bf6366 100644
--- a/servers/slapd/back-bdb/add.c
+++ b/servers/slapd/back-bdb/add.c
@@ -112,6 +112,13 @@ txnReturn:
 		goto return_results;
 	}
 
+	if ( get_assert( op ) &&
+		( test_filter( op, op->ora_e, get_assertion( op )) != LDAP_COMPARE_TRUE ))
+	{
+		rs->sr_err = LDAP_ASSERTION_FAILED;
+		goto return_results;
+	}
+
 	subentry = is_entry_subentry( op->oq_add.rs_e );
 
 	/* Get our reader TXN */
diff --git a/servers/slapd/back-sql/add.c b/servers/slapd/back-sql/add.c
index 8b8100fbc0..a18e18e827 100644
--- a/servers/slapd/back-sql/add.c
+++ b/servers/slapd/back-sql/add.c
@@ -975,6 +975,17 @@ backsql_add( Operation *op, SlapReply *rs )
 
 	slap_add_opattrs( op, &rs->sr_text, textbuf, textlen, 1 );
 
+	if ( get_assert( op ) &&
+		( test_filter( op, op->ora_e, get_assertion( op )) != LDAP_COMPARE_TRUE ))
+	{
+		Debug( LDAP_DEBUG_TRACE, "   backsql_add(\"%s\"): "
+			"assertion control failed -- aborting\n",
+			op->ora_e->e_name.bv_val, 0, 0 );
+		e = NULL;
+		rs->sr_err = LDAP_ASSERTION_FAILED;
+		goto done;
+	}
+
 	/* search structuralObjectClass */
 	for ( at = op->ora_e->e_attrs; at != NULL; at = at->a_next ) {
 		if ( at->a_desc == slap_schema.si_ad_structuralObjectClass ) {
diff --git a/servers/slapd/controls.c b/servers/slapd/controls.c
index f952b1dd94..1a0e42b82d 100644
--- a/servers/slapd/controls.c
+++ b/servers/slapd/controls.c
@@ -123,8 +123,7 @@ static char *session_tracking_extops[] = {
 static struct slap_control control_defs[] = {
 	{  LDAP_CONTROL_ASSERT,
  		(int)offsetof(struct slap_control_ids, sc_assert),
-		SLAP_CTRL_DELETE|SLAP_CTRL_MODIFY|SLAP_CTRL_RENAME|
-			SLAP_CTRL_COMPARE|SLAP_CTRL_SEARCH,
+		SLAP_CTRL_UPDATE|SLAP_CTRL_COMPARE|SLAP_CTRL_SEARCH,
 		NULL, NULL,
 		parseAssert, LDAP_SLIST_ENTRY_INITIALIZER(next) },
 	{ LDAP_CONTROL_PRE_READ,
-- 
GitLab